Do not use Vagrant for CentOS 7/8

As Cirrus CI does not provide a real terminal this uses the same
'ssh -tt' workaround as the Vagrant setup. This sets up the
CentOS 7 and 8 to allow SSH as root to localhost so that we can run
all the tests via 'ssh -tt'.

Not going through vagrant reduces CI times for CentOS 7 and 8 from 6
minutes to 4 minutes.

Signed-off-by: Adrian Reber <areber@redhat.com>

.cirrus.yml

@@ -1,29 +1,33 @@
 ---
-# We use Cirrus for Vagrant tests, because macOS instances of GHA
-# are too slow and flaky, and Linux instances of GHA do not support KVM.
+# We use Cirrus for Vagrant tests and native CentOS 7 and 8, because macOS
+# instances of GHA are too slow and flaky, and Linux instances of GHA do not
+# support KVM.
 
 # NOTE Cirrus execution environments lack a terminal, needed for
 # some integration tests. So we use `ssh -tt` command to fake a terminal.
 
-compute_engine_instance:
-  image_project: cirrus-images
-  image: family/docker-kvm
-  platform: linux
-  nested_virtualization: true
-  # CPU limit: `16 / NTASK`: see https://cirrus-ci.org/faq/#are-there-any-limits
-  cpu: 8
-  # Memory limit: `4GB * NCPU`
-  memory: 32G
-
-vagrant_task:
+task:
   timeout_in: 30m
+
   env:
     DEBIAN_FRONTEND: noninteractive
     HOME: /root
     # yamllint disable rule:key-duplicates
     matrix:
       DISTRO: fedora34
-      DISTRO: centos7
+
+  name: vagrant DISTRO:$DISTRO
+
+  compute_engine_instance:
+    image_project: cirrus-images
+    image: family/docker-kvm
+    platform: linux
+    nested_virtualization: true
+    # CPU limit: `16 / NTASK`: see https://cirrus-ci.org/faq/#are-there-any-limits
+    cpu: 8
+    # Memory limit: `4GB * NCPU`
+    memory: 32G
+
   host_info_script: |
     uname -a
     echo "-----"
@@ -65,3 +69,89 @@ vagrant_task:
     else
       ssh -tt default "sudo -i make -C /vagrant localrootlessintegration"
     fi
+
+task:
+  timeout_in: 30m
+
+  env:
+    HOME: /root
+    CIRRUS_WORKING_DIR: /home/runc
+    GO_VERSION: "1.16.6"
+    BATS_VERSION: "v1.3.0"
+    # yamllint disable rule:key-duplicates
+    matrix:
+      DISTRO: centos-7
+      DISTRO: centos-stream-8
+
+  name: ci / $DISTRO
+
+  compute_engine_instance:
+    image_project: centos-cloud
+    image: family/$DISTRO
+    platform: linux
+    cpu: 4
+    memory: 8G
+
+  install_dependencies_script: |
+    yum install -y -q epel-release
+    case $DISTRO in
+    centos-7)
+      (cd /etc/yum.repos.d && curl -O https://copr.fedorainfracloud.org/coprs/adrian/criu-el7/repo/epel-7/adrian-criu-el7-epel-7.repo)
+      # sysctl
+      echo "user.max_user_namespaces=15076" > /etc/sysctl.d/userns.conf
+      sysctl --system
+      ;;
+    centos-stream-8)
+      yum install -y -q dnf-plugins-core
+      yum config-manager --set-enabled powertools
+      ;;
+    esac
+    yum install -y -q gcc git iptables jq glibc-static libseccomp-devel make criu
+    # install Go
+    curl -fsSL "https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz" | tar Cxz /usr/local
+    # install bats
+    cd /tmp
+    git clone https://github.com/bats-core/bats-core
+    cd bats-core
+    git checkout $BATS_VERSION
+    ./install.sh /usr/local
+    cd -
+    # Add a user for rootless tests
+    useradd -u2000 -m -d/home/rootless -s/bin/bash rootless
+    # set PATH
+    echo 'export PATH=/usr/local/go/bin:/usr/local/bin:$PATH' >> /root/.bashrc
+    # Setup ssh localhost for terminal emulation (script -e did not work)
+    ssh-keygen -t ed25519 -f /root/.ssh/id_ed25519 -N ""
+    cat /root/.ssh/id_ed25519.pub >> /root/.ssh/authorized_keys
+    chmod 400 /root/.ssh/authorized_keys
+    ssh-keyscan localhost >> /root/.ssh/known_hosts
+    echo -e "Host localhost\n\tStrictHostKeyChecking no\t\nIdentityFile /root/.ssh/id_ed25519\n" >> /root/.ssh/config
+    sed -e "s,PermitRootLogin.*,PermitRootLogin prohibit-password,g" -i /etc/ssh/sshd_config
+    systemctl restart sshd
+  host_info_script: |
+    uname -a
+    echo "-----"
+    cat /etc/os-release
+    echo "-----"
+    cat /proc/cpuinfo
+    echo "-----"
+    df -T
+    echo "-----"
+    systemctl --version
+  unit_tests_script: |
+    ssh -tt localhost "make -C /home/runc localunittest"
+  integration_systemd_script: |
+    ssh -tt localhost "make -C /home/runc localintegration RUNC_USE_SYSTEMD=yes"
+  integration_fs_script: |
+    ssh -tt localhost "make -C /home/runc localintegration"
+  integration_systemd_rootless_script: |
+    echo "SKIP: integration_systemd_rootless_script requires cgroup v2"
+  integration_fs_rootless_script: |
+    case $DISTRO in
+    centos-7)
+      echo "SKIP: FIXME: integration_fs_rootless_script is skipped because of EPERM on writing cgroup.procs"
+        ;;
+    centos-stream-8)
+      ssh -tt localhost "make -C /home/runc localrootlessintegration"
+      ;;
+    esac

Vagrantfile.centos7

@@ -1,52 +0,0 @@
-# -*- mode: ruby -*-
-# vi: set ft=ruby :
-
-Vagrant.configure("2") do |config|
-  config.vm.box = "centos/7"
-  config.vm.provider :virtualbox do |v|
-    v.memory = 2048
-    v.cpus = 2
-  end
-  config.vm.provider :libvirt do |v|
-    v.memory = 2048
-    v.cpus = 2
-  end
-  config.vm.provision "shell", inline: <<-SHELL
-    set -e -u -o pipefail
-
-    # configuration
-    GO_VERSION="1.16.4"
-    BATS_VERSION="v1.3.0"
-
-    # install yum packages
-    yum install -y -q epel-release
-    (cd /etc/yum.repos.d && curl -O https://copr.fedorainfracloud.org/coprs/adrian/criu-el7/repo/epel-7/adrian-criu-el7-epel-7.repo)
-    yum install -y -q gcc git iptables jq glibc-static libseccomp-devel make criu
-    yum clean all
-
-    # install Go
-    curl -fsSL "https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz" | tar Cxz /usr/local
-
-    # install bats
-    git clone https://github.com/bats-core/bats-core
-    cd bats-core
-    git checkout $BATS_VERSION
-    ./install.sh /usr/local
-    cd ..
-    rm -rf bats-core
-
-    # set PATH (NOTE: sudo without -i ignores this PATH)
-    cat >> /etc/profile.d/sh.local <<EOF
-PATH=/usr/local/go/bin:/usr/local/bin:$PATH
-export PATH
-EOF
-    source /etc/profile.d/sh.local
-
-    # sysctl
-    echo "user.max_user_namespaces=15076" > /etc/sysctl.d/userns.conf
-    sysctl --system
-
-    # Add a user for rootless tests
-    useradd -u2000 -m -d/home/rootless -s/bin/bash rootless
-  SHELL
-end

tests/rootless.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/bash -x
 # Copyright (C) 2017 SUSE LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");