semaphore-runner: disable cgroup setup in lxc

lxc tries to mount /sys/fs/cgroup/ following host hierarchy by default,
which is problematic for us since we want to unconditionally use
cgroup v2 in cgns. Disable it hence and let pid1 figure it out.

diff --git a/.semaphore/semaphore-runner.sh b/.semaphore/semaphore-runner.sh
index 6b4aedbd09fb33b7c364b7917010af12ec3bacbe..8c99b68156a30316ee049d2ad6a47a2f3eae12e1 100755 (executable)
--- a/.semaphore/semaphore-runner.sh
+++ b/.semaphore/semaphore-runner.sh
@@ -23,9 +23,19 @@ create_container() {
     sudo lxc-create -n "$CONTAINER" -t download -- -d "$DISTRO" -r "$RELEASE" -a "$ARCH"
 
     # unconfine the container, otherwise some tests fail
-    echo 'lxc.apparmor.profile = unconfined' | sudo tee -a "/var/lib/lxc/$CONTAINER/config"
+    #
+    # disable automatic cgroup setup, instead let pid1 figure it out in mount_setup().
+    # This is especially important to ensure we get unified cgroup hierarchy
+    #
+    # FIXME: remove cgroup workarounds once the host runs on unified hierarchy
+    sudo tee "/var/lib/lxc/$CONTAINER/config.systemd_upstream" <<EOF
+lxc.apparmor.profile = unconfined
+lxc.mount.auto =
+lxc.mount.auto = proc:mixed sys:mixed
+lxc.init.cmd = /sbin/init systemd.unified_cgroup_hierarchy=1
+EOF
 
-    sudo lxc-start -n "$CONTAINER"
+    sudo lxc-start -n "$CONTAINER" --define "lxc.include=/var/lib/lxc/$CONTAINER/config.systemd_upstream"
 
     # enable source repositories so that apt-get build-dep works
     sudo lxc-attach -n "$CONTAINER" -- sh -ex <<EOF
@@ -111,6 +121,7 @@ EOF
                                                        ../systemd_*.dsc \
                                                        -o "$ARTIFACTS_DIR" \
                                                        -- lxc -s "$CONTAINER" \
+                                                           --define "lxc.include=/var/lib/lxc/$CONTAINER/config.systemd_upstream" \
                 || [ $? -eq 2 ]
         ;;
         *)