Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Smoke test binaries for EL7/glibc-2.17 compatiblity #17706

Merged
merged 1 commit into from
Jul 12, 2023
Merged

Smoke test binaries for EL7/glibc-2.17 compatiblity #17706

merged 1 commit into from
Jul 12, 2023

Conversation

dekimsey
Copy link
Contributor

Summary

This adds a quick smoke test of our binaries to verify we haven't exceeded the maximum glibc (2.17) version supported on older OSes (EL7). Which would break our ability to execute on older OSes.

Why

This is related to our recent efforts to upgrade our GH build environment. When CGO enabled builds are built on Ubuntu-22 they include symbols to glibc versions (2.32+) that exceed our desired minimum OS version (EL7). To mitigate we are instead building on Ubuntu-20. However, Ubuntu-20 itself also includes a newer glibc version. So we need to make sure we check the binaries to prevent us from unintentionally dropping support by adding explicit smoke testing of the binary.

For clarity, here's a breakdown of distribution and glibc versions to provide a bit more context to why we should test on EL7:

Distro glibc version EOL
Debian Jessie 2.19 June 2025
Debian Stretch 2.24 June 2027
CentOS 7 2.17 June 2024
CentOS 8 2.28 December 2021
CentOS 8 Stream 2.28 May 2024
CentOS 9 Stream 2.34 May 2027
RedHat 7 2.17 June 2024
RedHat 8 2.28 May 2031
RedHat 9 2.34 June 2034
Ubuntu 20.04 2.31 May 2030
Ubuntu 22.04 2.35 May 2033

Notes

This only affects CGO_ENABLED=1 binaries (like nomad).

This smoke test is only verifying amd64 binaries because RH doesn't have an arm64 container image for EL7 even though it ships the OS (this is fixed as of ubi8). However, no version releases an arm image.

Related

(cross-liking for HC reference)

@dekimsey dekimsey requested review from a team as code owners June 23, 2023 19:36
@dekimsey dekimsey requested a review from tgross June 23, 2023 19:37
@dekimsey dekimsey force-pushed the releng/glibc-minimum-os-test branch from bc86b86 to b2721a7 Compare June 23, 2023 19:38
@dekimsey dekimsey added theme/ci backport/1.3.x backport to 1.3.x release line backport/1.4.x backport to 1.4.x release line backport/1.5.x backport to 1.5.x release line labels Jun 23, 2023
tgross
tgross approved these changes Jun 23, 2023
View reviewed changes
Copy link
Member

@tgross tgross left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks @dekimsey!

Verified in https://github.com/hashicorp/nomad-enterprise/actions/runs/5359393093
and in this PR in https://github.com/hashicorp/nomad/actions/runs/5359921287/jobs/9724253179?pr=17706

I'll merge this in once CI is done.

@tgross
Copy link
Member

tgross commented Jun 23, 2023

@dekimsey it looks like #17017 got merged before I managed to get this merged and now there's a merge conflict.

@dekimsey dekimsey force-pushed the releng/glibc-minimum-os-test branch from b2721a7 to 63915a6 Compare June 23, 2023 20:22
@dekimsey dekimsey force-pushed the releng/glibc-minimum-os-test branch from 63915a6 to 3f7e5fb Compare June 23, 2023 20:35
@dekimsey
Copy link
Contributor Author

Looks like everything is clean, so one last push to drop the on.push override used for testing.

image

@dekimsey dekimsey force-pushed the releng/glibc-minimum-os-test branch from 3f7e5fb to 0822c83 Compare June 23, 2023 20:54
@tgross
Copy link
Member

tgross commented Jun 23, 2023

Looks like this failure https://github.com/hashicorp/nomad/actions/runs/5360327078/jobs/9725065223?pr=17706 was introduced by #17705. And that UI test is a known flake.) Don't worry about that for this PR. Let's get this merged in and I'll fix the other one.

@tgross
Copy link
Member

tgross commented Jun 23, 2023

Fixed that command test in #17715

@dekimsey
Smoke test binaries for EL7 compatiblity
0cb728e 
This adds a quick smoke test of our binaries to verify we haven't exceeeded the
maximum GLIBC (2.17) version during linking which would break our ability to
execute on EL7 machines.
@dekimsey dekimsey force-pushed the releng/glibc-minimum-os-test branch from 0822c83 to 0cb728e Compare June 27, 2023 16:09
@gulducat gulducat mentioned this pull request Jul 5, 2023
Merged
This was referenced Jul 6, 2023
Merged
Merged
Merged
@tgross tgross added backport/1.6.x backport to 1.6.x release line and removed backport/1.3.x backport to 1.3.x release line labels Jul 12, 2023
@tgross
Copy link
Member

tgross commented Jul 12, 2023

@gulducat does this PR need to get updated in order to work with the changes we made for permissions/secrets/ENT runners?

@tgross tgross added this to the 1.6.0 milestone Jul 12, 2023
@gulducat
Copy link
Member

@tgross doesn't look to me like it needs anything extra since there are no secrets being used 👍

@tgross tgross merged commit 995b936 into main Jul 12, 2023
22 of 23 checks passed
@tgross tgross deleted the releng/glibc-minimum-os-test branch July 12, 2023 14:51
This was referenced Jul 12, 2023
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shoenig shoenig shoenig approved these changes

@tgross tgross tgross approved these changes

Assignees
No one assigned
Labels
backport/1.4.x backport to 1.4.x release line backport/1.5.x backport to 1.5.x release line backport/1.6.x backport to 1.6.x release line theme/build-infrastructure theme/ci
Projects
None yet
Milestone
1.6.0
Development

Successfully merging this pull request may close these issues.
4 participants
@dekimsey @tgross @gulducat @shoenig