# 20200521 notes for fedora 32 test day NOTE: Fedora CoreOS has automated testing that covers many of the test cases mentioned below. The value in the test day is to promote awareness of FCOS, catch issues with documentation, catch issues with user experience, and catch bugs not covered in automation/CI. #### Advantages: - see how many people attended and it worked for them (and not just failed and they filed bugs) - find UX issues (people not understanding instructions, confusing command output) - identify poor documentation - reach more audience, let people know that FCOS exists - convince people to try FCOS for the first time with some simple test cases #### Notes: - it might be a good idea to target the `next` stream in **all** testcases, in order to focus this test day fully on testing F32 stream ## Possible test cases (brainstorming): #### Basics/newcomer: - do a libvirt install - https://docs.fedoraproject.org/en-US/fedora-coreos/getting-started/#_launching_with_qemu_or_libvirt - do a bare metal install - https://docs.fedoraproject.org/en-US/fedora-coreos/bare-metal/ #### Advanced/existing FCOS user: - run your existing deployment on `next` stream, see what happens - exploratory testing - do whathever is possible in the system, play with it, try to break it or just explore unknown commands/features - static networking config test case - https://docs.fedoraproject.org/en-US/fedora-coreos/static-ip-config/ - complex partitioning test case: - something like the examples in this section: https://docs.fedoraproject.org/en-US/fedora-coreos/fcct-config/#_file_systems - convert [devconf lab guide](https://dustymabe.com/2020/01/23/devconf.cz-2020-fedora-coreos-lab/) into a test case(s)? - more advanced install scenario - https://dustymabe.com/2020/04/04/automating-a-custom-install-of-fedora-coreos/ - migrate your existing Container Linux deployment to FCOS next ## Standard YAML / Igninition file for testing The best way to test all the scenarios would be to use a standard Ignition file. This file will need to include even a sample user key for user `core`. Below is such a YAML file that can be used by converting it into Iginition format. This is also a great place to add more things and make it comprehensive. Note: This uses explicitly symlinks to certain systemd unit files. You can add additional ones that need to be run as particular user directly under User `core` home directory. But the included service unit files need to run as `root`. This model provides the user to update revisions of say, nginix without having to go into root directory and will hopefully be saved across automatic updates to FCOS. ```yaml # author: # - Shivaram Mysore^[Switchnomix Inc, shivaram.mysore@gmail.com] variant: fcos version: 1.0.0 passwd: users: - name: core ssh_authorized_keys: - ssh-rsa AAAAB3N...1LR7 mykey storage: files: # allow the specified user to run `docker` as `root`, without a password. # https://www.projectatomic.io/blog/2015/08/why-we-dont-let-non-root-users-run-docker-in-centos-fedora-or-rhel/ - path: /etc/sudoers overwrite: false append: - inline: | core ALL=(ALL) NOPASSWD: /usr/bin/docker mode: 0420 - path: /home/core/.bashrc overwrite: false append: - inline: | alias docker="sudo /usr/bin/docker" alias podman="sudo /usr/bin/podman" user: name: core group: name: core - path: /home/core/hello.service overwrite: false mode: 0644 contents: source: data:text/plain;charset=iso-8859-7,%23%20Go%20Program%20%0A%23%20https%3A%2F%2Fgithub.com%2Fgolang%2Fexample%2Ftree%2Fmaster%2Fhello%0A%5BUnit%5D%0ADescription%3DMy%20Golang%20Hello%20Service%0A%0A%5BInstall%5D%0AWantedBy%3Dmulti-user.target%0A%0A%5BService%5D%0ATimeoutStartSec%3D0%0ARestart%3Dalways%0AExecStartPre%3D%2Fbin%2Fpkill%20gohello%0AExecStart%3D%2Fhome%2Fcore%2Fgohello%20%0AExecStop%3D%2Fbin%2Fpkill%20gohello user: name: core group: name: core - path: /home/core/coredns.service overwrite: false mode: 0644 contents: source: data:text/plain;charset=iso-8859-7,%23%20CoreDNS%20container%20image%20from%20DockerHub.%20%0A%23%20https%3A%2F%2Fdev.to%2Frobbmanes%2Frunning-coredns-as-a-dns-server-in-a-container-1d0%0A%5BUnit%5D%0ADescription%3DCoreDNS%0A%0A%5BInstall%5D%0AWantedBy%3Dmulti-user.target%0A%0A%5BService%5D%0ATimeoutStartSec%3D0%0ARestart%3Dalways%0AExecStartPre%3D-%2Fusr%2Fbin%2Fpodman%20kill%20dns-cntr%0AExecStartPre%3D-%2Fusr%2Fbin%2Fpodman%20rm%20dns-cntnr%0AExecStart%3D%2Fusr%2Fbin%2Fpodman%20run%20%5C%0A%20%20%20%20%20%20%20%20%20%20--name%3Ddns-cntnr%20%5C%0A%20%20%20%20%20%20%20%20%20%20--network%3D%22host%22%20%5C%0A%20%20%20%20%20%20%20%20%20%20--volume%3D%2Fhome%2Fcore%2Fcoredns-conf%3A%2Froot%20%5C%0A%20%20%20%20%20%20%20%20%20%20coredns%2Fcoredns%3A1.6.9%20%5C%0A%20%20%20%20%20%20%20%20%20%20-conf%20%2Froot%2FCorefile%0AExecStop%3D%2Fusr%2Fbin%2Fpodman%20stop%20dns-cntnr user: name: core group: name: core - path: /home/core/lb.service overwrite: false mode: 0644 contents: source: data:text/plain;charset=iso-8859-7,%23%20nginx%3Aalpine%20container%20image%20from%20DockerHub.%20%0A%23%0A%5BUnit%5D%0ADescription%3DNginX%20Reverse%20Proxy%0A%0A%5BInstall%5D%0AWantedBy%3Dmulti-user.target%0A%0A%5BService%5D%0ATimeoutStartSec%3D0%0ARestart%3Dalways%0AExecStartPre%3D-%2Fusr%2Fbin%2Fpodman%20kill%20lb-cntnr%0AExecStartPre%3D-%2Fusr%2Fbin%2Fpodman%20rm%20lb-cntnr%0AExecStart%3D%2Fusr%2Fbin%2Fpodman%20run%20%5C%0A%20%20%20%20%20%20%20%20%20%20--name%3Dlb-cntnr%20%5C%0A%20%20%20%20%20%20%20%20%20%20--network%3D%22host%22%20%5C%0A%20%20%20%20%20%20%20%20%20%20--volume%3D%2Fhome%2Fcore%2Flb-conf%3A%2Fetc%2Fnginx%2Fconf%20%5C%0A%20%20%20%20%20%20%20%20%20%20nginx%3A1.17.9-alpine%20%5C%0A%20%20%20%20%20%20%20%20%20%20nginx%20%5C%0A%20%20%20%20%20%20%20%20%20%20-c%20%2Fetc%2Fnginx%2Fconf%2Fnginx.conf%20%5C%0A%20%20%20%20%20%20%20%20%20%20-g%20%22daemon%20off%3B%22%0AExecStop%3D%2Fusr%2Fbin%2Fpodman%20stop%20lb-cntnr user: name: core group: name: core # Disable SELinux - path: /etc/selinux/config overwrite: true contents: source: data:text/plain;charset=iso-8859-7,%23%20This%20file%20controls%20the%20state%20of%20SELinux%20on%20the%20system.%0A%23%20SELINUX%3D%20can%20take%20one%20of%20these%20three%20values%3A%0A%23%20%20%20%20%20enforcing%20-%20SELinux%20security%20policy%20is%20enforced.%0A%23%20%20%20%20%20permissive%20-%20SELinux%20prints%20warnings%20instead%20of%20enforcing.%0A%23%20%20%20%20%20disabled%20-%20No%20SELinux%20policy%20is%20loaded.%0ASELINUX%3Ddisabled%0A%23%20SELINUXTYPE%3D%20can%20take%20one%20of%20these%20three%20values%3A%0A%23%20%20%20%20%20targeted%20-%20Targeted%20processes%20are%20protected%2C%0A%23%20%20%20%20%20minimum%20-%20Modification%20of%20targeted%20policy.%20Only%20selected%20processes%20are%0A%23%20%20%20%20%20protected.%0A%23%20%20%20%20%20mls%20-%20Multi%20Level%20Security%20protection.%0ASELINUXTYPE%3Dtargeted%0A mode: 0644 # Configure time.nist.gov time server as the first one - path: /etc/chrony.conf overwrite: true contents: source: data:text/plain;charset=iso-8859-7,%23%20Add%20AWS%20NTP%20Server%20to%20the%20top%20of%20the%20list%0Aserver%20time.nist.gov%20iburst%20prefer%0A%0A%23%20Use%20public%20servers%20from%20the%20pool.ntp.org%20project.%0A%23%20Please%20consider%20joining%20the%20pool%20(http%3A%2F%2Fwww.pool.ntp.org%2Fjoin.html).%0Apool%202.fedora.pool.ntp.org%20iburst%0A%0A%23%20Record%20the%20rate%20at%20which%20the%20system%20clock%20gains%2Flosses%20time.%0Adriftfile%20%2Fvar%2Flib%2Fchrony%2Fdrift%0A%0A%23%20Allow%20the%20system%20clock%20to%20be%20stepped%20in%20the%20first%20three%20updates%0A%23%20if%20its%20offset%20is%20larger%20than%201%20second.%0Amakestep%201.0%203%0A%0A%23%20Enable%20kernel%20synchronization%20of%20the%20real-time%20clock%20(RTC).%0Artcsync%0A%0A%23%20Enable%20hardware%20timestamping%20on%20all%20interfaces%20that%20support%20it.%0A%23hwtimestamp%20*%0A%0A%23%20Increase%20the%20minimum%20number%20of%20selectable%20sources%20required%20to%20adjust%0A%23%20the%20system%20clock.%0A%23minsources%202%0A%0A%23%20Allow%20NTP%20client%20access%20from%20local%20network.%0A%23allow%20192.168.0.0%2F16%0A%0A%23%20Serve%20time%20even%20if%20not%20synchronized%20to%20a%20time%20source.%0A%23local%20stratum%2010%0A%0A%23%20Specify%20file%20containing%20keys%20for%20NTP%20authentication.%0Akeyfile%20%2Fetc%2Fchrony.keys%0A%0A%23%20Get%20TAI-UTC%20offset%20and%20leap%20seconds%20from%20the%20system%20tz%20database.%0Aleapsectz%20right%2FUTC%0A%0A%23%20Specify%20directory%20for%20log%20files.%0Alogdir%20%2Fvar%2Flog%2Fchrony%0A%0A%23%20Select%20which%20information%20is%20logged.%0A%23log%20measurements%20statistics%20tracking%0A mode: 0644 # Disable FCOS pinger to report or collect information # https://github.com/coreos/zincati/blob/master/docs/usage/configuration.md - path: /etc/fedora-coreos-pinger/config.d/99-disable-reporting.toml overwrite: false contents: source: data:text/plain;charset=iso-8859-7,%5Breporting%5D%0Aenabled%20%3D%20false mode: 0644 # Configure Autoupdate # Default settings are located in /usr/lib/zincati/config.d/ directory - path: /etc/zincati/config.d/10-enable-feature.toml overwrite: false contents: source: data:text/plain;charset=iso-8859-7,%5Bfeature%5D%0Aenabled%20%3D%20true mode: 0644 # Add symlinks for systemd services residing in /home/core/*service links: - path: /etc/systemd/system/hello.service overwrite: false target: /home/core/hello.service hard: false - path: /etc/systemd/system/coredns.service overwrite: false target: /home/core/coredns.service hard: false - path: /etc/systemd/system/lb.service overwrite: false target: /home/core/lb.service hard: false systemd: units: - name: extrapkgs.service enabled: true contents: | [Unit] Description=Install extra packages only once [Service] Type=oneshot ExecStart=rpm-ostree install unzip whois tree [Install] WantedBy=multi-user.target - name: hello.service enabled: true - name: lb.service enabled: true - name: ccoredns.service enabled: true ``` ## Testcase drafts See the proposed Test Day Result page here: http://testdays.fedorainfracloud.org/events/84 See the Test Day wiki page here: https://fedoraproject.org/wiki/Test_Day:Fedora_32_CoreOS #### Virtual install See (and edit): https://fedoraproject.org/wiki/User:Sumantrom/Draft/Testcase_CoreOS_virtual_install #### Bare Metal install See (and edit): https://fedoraproject.org/wiki/User:Sumantrom/Draft/Testcase_CoreOS_baremetal_install #### Static networking See (and edit): https://fedoraproject.org/wiki/User:Sumantrom/Draft/Testcase_CoreOS_static_networking ### Complex partitioning See (and edit): https://fedoraproject.org/wiki/User:Sumantrom/Draft/Testcase_CoreOS_complex_partitioning #### Upgrades & Downgrades 1. Upgrade from previous {Stable, Testing} to new release {Stable} - Bare metal, AWS, Digital ocean 2. Downgrade new release {Stable} to previous release {Stable} - Bare metal, AWS 3. Create a standard igition file with systemd unit files, overlayed packages such as unzip, whois, login keys, a few common containers such as Nginx and fcct with some systemd enabled, some started and some disabled, some oneshot. This way, most of the Day0 problems are tested. 4. Use PXE/TFTP, ISO {CD, USB Flash} methods to install and upgrade testing See (and edit): https://fedoraproject.org/wiki/User:Sumantrom/Draft/Testcase_CoreOS_switch_stream (needs more separate test cases to accomodate use cases listed above) #### Documentation See (and edit): https://fedoraproject.org/wiki/User:Sumantrom/Draft/Testcase_CoreOS_Documentation #### Container Linux migration See (and edit): https://fedoraproject.org/wiki/User:Sumantrom/Draft/Testcase_CoreOS_ContainerLinux_migration