kernel: Add support for livepatching on SL Micro 6.0+

This change introduces support for SLE Micro 6.0 and newer. There is a difference in the live patching setup compared to previous versions. Unlike SLE or SLE Micro 5.x, there is no additional live patching product. Live patches are now part of the main repository. The testing logic has also changed. There are no maintenance incidents, as updates are tested in stagings. The staging repository is represented by the variable `OS_TEST_REPOS`, which is the same for other staging tests and is not specific to live patching. Kernel and live patches tested in staging repositories contain `stage` in their names and have a `99999` version.
os-autoinst · Oct 9, 2024 · 550a75f · 550a75f
1 parent 19df79f
commit 550a75f
Show file tree

Hide file tree

Showing 4 changed files with 38 additions and 18 deletions.
diff --git a/lib/klp.pm b/lib/klp.pm
@@ -12,7 +12,8 @@ use Exporter 'import';
 
 use testapi;
 use utils;
-use version_utils 'is_sle';
+use version_utils qw(is_sle is_sle_micro);
+use transactional;
 
 our @EXPORT = qw(
   install_klp_product is_klp_pkg find_installed_klp_pkg klp_pkg_eq
@@ -45,32 +46,39 @@ sub install_klp_product {
     if ($livepatch_repo) {
         zypper_ar("$utils::OPENQA_FTP_URL/$livepatch_repo", name => "repo-live-patching");
     }
-    else {
+    elsif (is_sle) {
         zypper_ar("http://download.suse.de/ibs/SUSE/Products/$lp_module/$version/$arch/product/", name => "kgraft-pool");
         zypper_ar("$release_override http://download.suse.de/ibs/SUSE/Updates/$lp_module/$version/$arch/update/", name => "kgraft-update");
     }
 
-    # install kgraft product
-    zypper_call("in -l -t product $lp_product", exitcode => [0, 102, 103]);
-    zypper_call("mr -e kgraft-update") unless $livepatch_repo;
+    # Enable live patching
+    if (is_sle_micro) {
+        assert_script_run 'cp /etc/zypp/zypp.conf /etc/zypp/zypp.conf.orig';
+        assert_script_run 'sed -i "/^multiversion =.*/c\\multiversion = provides:multiversion(kernel)" /etc/zypp/zypp.conf';
+        assert_script_run 'sed -i "/^multiversion\.kernels =.*/c\\multiversion.kernels = latest" /etc/zypp/zypp.conf';
+        assert_script_run 'echo "LIVEPATCH_KERNEL=\'always\'" >> /etc/sysconfig/livepatching';
+        reboot_on_changes;
+    } else {
+        zypper_call("in -l -t product $lp_product", exitcode => [0, 102, 103]);
+        zypper_call("mr -e kgraft-update") unless $livepatch_repo;
+    }
 }
 
 sub is_klp_pkg {
     my $pkg = shift;
     my $base = qr/(?:kgraft-|kernel-live)patch/;
 
     if ($$pkg{name} =~ m/^${base}-\d+/) {
-        if ($$pkg{name} =~ m/^${base}-(\d+_\d+_\d+-\d+_*\d*_*\d*)-([a-z][a-z0-9]*)$/) {
+        if ($$pkg{name} =~ m/^${base}-(\d+_\d+_\d+-\d+(?:_stage|_*\d*)_\d*)-([a-z][a-z0-9]*)$/) {
             my $kver = $1;
             my $kflavor = $2;
-            $kver =~ s/_/./g;
+            $kver =~ s/_(?!stage)/./g;
             return {
                 name => $$pkg{name},
                 version => $$pkg{version},
                 kver => $kver,
                 kflavor => $kflavor,
             };
-
         } else {
             die "Unexpected kernel livepatch package name format: \"$$pkg{name}\"";
         }

diff --git a/lib/transactional.pm b/lib/transactional.pm
@@ -388,10 +388,10 @@ Install SUSE cerificate for internal repositories.
 
 =cut
 
-sub install_internal_certificate {
-    script_retry('curl -k https://ca.suse.de/certificates/ca/SUSE_Trust_Root.crt -o /etc/pki/trust/anchors/SUSE_Trust_Root.crt', timeout => 100, delay => 30, retry => 5);
-    script_retry('pgrep update-ca-certificates', retry => 5, delay => 2, die => 0);
-    assert_script_run 'update-ca-certificates -v';
+    sub install_internal_certificate {
+        script_retry('curl -k https://ca.suse.de/certificates/ca/SUSE_Trust_Root.crt -o /etc/pki/trust/anchors/SUSE_Trust_Root.crt', timeout => 100, delay => 30, retry => 5);
+        script_retry('pgrep update-ca-certificates', retry => 5, delay => 2, die => 0);
+        assert_script_run 'update-ca-certificates -v';
     }
 }
 

diff --git a/tests/kernel/install_ltp.pm b/tests/kernel/install_ltp.pm
@@ -328,7 +328,7 @@ sub run {
 
     # check kGraft if KGRAFT=1
     if (check_var("KGRAFT", '1') && !check_var('REMOVE_KGRAFT', '1')) {
-        my $lp_tag = is_sle('>=15-sp4') ? 'lp' : 'lp-';
+        my $lp_tag = (is_sle('>=15-sp4') || is_sle_micro) ? 'lp' : 'lp-';
         assert_script_run("uname -v | grep -E '(/kGraft-|/${lp_tag})'");
     }
 

diff --git a/tests/kernel/update_kernel.pm b/tests/kernel/update_kernel.pm
@@ -97,7 +97,7 @@ sub update_kernel {
 
     my @repos = split(",", $repo);
     while (my ($i, $val) = each(@repos)) {
-        zypper_call("ar $val kernel-update-$i");
+        zypper_call("ar -G $val kernel-update-$i");
     }
     zypper_call("ref");
 
@@ -258,7 +258,7 @@ sub prepare_kgraft {
     my @repos = split(",", $repo);
     while (my ($i, $val) = each(@repos)) {
         my $cur_repo = "kgraft-test-repo-$i";
-        zypper_call("ar $val $cur_repo");
+        zypper_call("ar -G $val $cur_repo");
         my $pkgs = zypper_search("-s -t package -r $cur_repo");
         #disable kgraf-test-repo for while
         zypper_call("mr -d $cur_repo");
@@ -290,9 +290,11 @@ sub prepare_kgraft {
     $src_name .= '-' . $$incident_klp_pkg{kflavor}
       unless $$incident_klp_pkg{kflavor} eq 'default';
 
+    zypper_call("mr -e kgraft-test-repo-0") if get_var('FLAVOR') =~ /-Updates-Staging/;
     my $kernel_version = find_version($kernel_name, $$incident_klp_pkg{kver});
     my $src_version = find_version($src_name, $$incident_klp_pkg{kver});
     install_lock_kernel($kernel_version, $src_version);
+    zypper_call("mr -d kgraft-test-repo-0") if get_var('FLAVOR') =~ /-Updates-Staging/;
 
     install_klp_product;
 
@@ -378,14 +380,17 @@ sub update_kgraft {
         # warm up system
         sleep 15;
 
-        zypper_call("in -l -t patch $patches", exitcode => [0, 102, 103], log => 'zypper.log', timeout => 2100);
+        zypper_call("in -l -t patch $patches", exitcode => [0, 102, 103], log => 'zypper.log', timeout => 2100) if is_sle;
+        trup_call('pkg in kernel-livepatch-$(uname -r | sed s/\\\./_/g)') if is_sle_micro;
 
         #kill HEAVY-LOAD scripts
         script_run("kill -s INT -- " . join(' ', map { "-$_" } @$pids));
 
         script_run(qq{rpm -qa --qf "%{NAME}-%{VERSION}-%{RELEASE} (%{INSTALLTIME:date})\\n" | sort -t '-' > /tmp/rpmlist.after});
         upload_logs('/tmp/rpmlist.after');
 
+        reboot_on_changes if is_sle_micro;
+
         my $installed_klp_pkg =
           find_installed_klp_pkg($$incident_klp_pkg{kver},
             $$incident_klp_pkg{kflavor});
@@ -455,28 +460,35 @@ sub run {
         return;
     }
 
-    my $repo = get_var('KOTD_REPO');
+    my $repo = is_sle_micro('>=6.0') ? get_var('OS_TEST_REPOS') : get_var('KOTD_REPO');
     my $incident_id = undef;
 
     unless ($repo) {
         $repo = get_required_var('INCIDENT_REPO');
         $incident_id = get_required_var('INCIDENT_ID');
     }
 
+    # Normalize repo url to replace any https link by http to avoid potential issues with internal certificates
+    $repo =~ s/https:/http:/g;
+    record_info('REPO', $repo);
+    #install_internal_certificate if (is_sle_micro('>=6.0'));
+
     if (get_var('KGRAFT')) {
         my $incident_klp_pkg = prepare_kgraft($repo, $incident_id);
         boot_to_console($self);
 
         if (!check_var('REMOVE_KGRAFT', '1')) {
             # dependencies for heavy load script
             add_qa_head_repo;
-            zypper_call("in ltp-stable");
+            install_package("ltp-stable", trup_reboot => 1);
 
             # update kgraft patch under heavy load
             update_kgraft($incident_klp_pkg, $repo, $incident_id);
 
+            enter_trup_shell if is_transactional;
             zypper_call("rr qa-head");
             zypper_call("rm ltp-stable");
+            exit_trup_shell if is_transactional;
 
             verify_klp_pkg_patch_is_active($incident_klp_pkg);
         }