@stevenhorsman @bpradipt I did this PR just to test one thing for Fabiano but, hey, it worked out. Maybe we should update k8s version used in our tests? At least the version in libvirt and aws. I can try to bump docker too.

@stevenhorsman @bpradipt I did this PR just to test one thing for Fabiano but, hey, it worked out. Maybe we should update k8s version used in our tests? At least the version in libvirt and aws. I can try to bump docker too.

Yeah, I'm all for this

Hi @BbolroC ,

This PR updates the worker image to ubuntu 2404 of kcli's created cluster. kcli needs to cache the new image on the runner, and it's getting permission denied in the s390x node:

Download ubuntu2404 s390x image
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100   367  100   367    0     0   1106      0 --:--:-- --:--:-- --:--:--  1108
Warning: Failed to open the file /var/lib/libvirt/images/ubuntu2404: 
Warning: Permission denied

  0  562M    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (23) Failure writing output to destination
Image ubuntu2404 not Added because Permission issues
Grabbing image ubuntu2404 from url https://cloud-images.ubuntu.com/releases/24.04/release/ubuntu-24.04-server-cloudimg-s390x.img
Consider running the following command on the hypervisor:
sudo setfacl -m u:ansible:rwx /var/lib/libvirt/images

Could you change the permission? or maybe safer, download the image manually with kcli download ?

Could you change the permission? or maybe safer, download the image manually with kcli download ?

@wainersm here is an ACL output:

$ getfacl /var/lib/libvirt/images
getfacl: Removing leading '/' from absolute path names
# file: var/lib/libvirt/images
# owner: root
# group: root
user::rwx
user:ansible:rwx                #effective:--x
group::--x
mask::--x
other::--x

So the mask::--x was a cause. I ran the following:

sudo setfacl -m m:rwx /var/lib/libvirt/images

Now the CI job should pass, I believe. 😉

Could you change the permission? or maybe safer, download the image manually with kcli download ?

@wainersm here is an ACL output:

$ getfacl /var/lib/libvirt/images
getfacl: Removing leading '/' from absolute path names
# file: var/lib/libvirt/images
# owner: root
# group: root
user::rwx
user:ansible:rwx                #effective:--x
group::--x
mask::--x
other::--x

So the mask::--x was a cause. I ran the following:

sudo setfacl -m m:rwx /var/lib/libvirt/images

Now the CI job should pass, I believe. 😉

It worked out @BbolroC ! thank you so much!

Removed the tags that triggers for aws and libvirt because I'm going to push a commit to update docker (let's only tests on that provider now).

I had to build a new kindnode image with cri-o, as kindest/node is containerd. Used the guide in https://github.com/cri-o/cri-o/blob/main/tutorials/crio-in-kind.md#build-node-image . Pushed the image to my area in quay.io; if tests pass then I will push it to confidential-container's repository.

I've seen some cni related errors in the logs, let's try the newest calico

The error in docker is about the new image I created for cri-o. I followed https://github.com/cri-o/cri-o/blob/main/tutorials/crio-in-kind.md#build-node-image , except that i could not build the base kind image so I leveraged kindest/node:v1.34.0.

CoCo operator pre-install pod fails at very last instruction, when it tries to sleep infinity but sleep is not found in PATH. The sleep command exists in the image.

If I use kindest/node:v1.34.0 then coco operator installs correctly. It is indeed something wrong with my image.