diff --git a/.zuul.yaml b/.zuul.yaml index 60155a6b..f1bc554b 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -25,34 +25,42 @@ - deckhand-tox-py35-postgresql - deckhand-functional-uwsgi-py35: voting: false - - deckhand-functional-docker-py35-ubuntu + - deckhand-functional-docker-py35-ubuntu_xenial + - deckhand-functional-docker-py35-ubuntu_bionic - deckhand-functional-docker-py35-opensuse - deckhand-integration-uwsgi-py35: voting: false - - deckhand-integration-docker-py35-ubuntu + - deckhand-integration-docker-py35-ubuntu_xenial + - deckhand-integration-docker-py35-ubuntu_bionic - deckhand-integration-docker-py35-opensuse - deckhand-chart-build-gate - deckhand-chart-build-latest-htk - - deckhand-docker-build-gate-ubuntu + - deckhand-docker-build-gate-ubuntu_xenial + - deckhand-docker-build-gate-ubuntu_bionic - deckhand-docker-build-gate-opensuse - deckhand-airskiff-deployment gate: jobs: - deckhand-tox-py35-postgresql - - deckhand-functional-docker-py35-ubuntu + - deckhand-functional-docker-py35-ubuntu_xenial + - deckhand-functional-docker-py35-ubuntu_bionic - deckhand-functional-docker-py35-opensuse - - deckhand-integration-docker-py35-ubuntu + - deckhand-integration-docker-py35-ubuntu_xenial + - deckhand-integration-docker-py35-ubuntu_bionic - deckhand-integration-docker-py35-opensuse - deckhand-chart-build-gate - - deckhand-docker-build-gate-ubuntu + - deckhand-docker-build-gate-ubuntu_xenial + - deckhand-docker-build-gate-ubuntu_bionic - deckhand-docker-build-gate-opensuse - openstack-tox-pep8 post: jobs: - deckhand-upload-git-mirror - - deckhand-docker-publish-ubuntu + - deckhand-docker-publish-ubuntu_xenial + - deckhand-docker-publish-ubuntu_bionic - deckhand-docker-publish-opensuse - - deckhand-docker-tag-ubuntu + - deckhand-docker-tag-ubuntu_xenial + - deckhand-docker-tag-ubuntu_bionic - deckhand-docker-tag-opensuse - nodeset: @@ -65,7 +73,7 @@ name: deckhand-single-node-airskiff nodes: - name: primary - label: ubuntu-xenial + label: ubuntu-bionic - job: name: deckhand-tox-py35-postgresql @@ -109,7 +117,7 @@ - openstack/openstack-helm-infra - job: - name: deckhand-functional-docker-py35-ubuntu + name: deckhand-functional-docker-py35-ubuntu_xenial description: | Run tox-based functional tests for the Airship Deckhand project under cPython version 3.5. Uses tox with the ``functional-py35`` environment. @@ -128,6 +136,26 @@ - ^setup.cfg$ - ^deckhand/tests/unit/.*$ +- job: + name: deckhand-functional-docker-py35-ubuntu_bionic + description: | + Run tox-based functional tests for the Airship Deckhand project under + cPython version 3.5. Uses tox with the ``functional-py35`` environment. + Ubuntu (default) image is built and used. + parent: deckhand-functional-docker-base + nodeset: deckhand-single-node + vars: + tox_envlist: functional + disable_keystone: true + distro: ubuntu_bionic + irrelevant-files: + - ^.*\.rst$ + - ^doc/.*$ + - ^etc/.*$ + - ^releasenotes/.*$ + - ^setup.cfg$ + - ^deckhand/tests/unit/.*$ + - job: name: deckhand-functional-docker-py35-opensuse description: | @@ -211,7 +239,7 @@ - ^releasenotes/.*$ - job: - name: deckhand-integration-docker-py35-ubuntu + name: deckhand-integration-docker-py35-ubuntu_xenial description: | Run tox-based integration tests for the Airship Deckhand project under cPython version 3.5. Builds ubuntu (default) deckhand image. @@ -221,6 +249,17 @@ disable_keystone: false distro: ubuntu_xenial +- job: + name: deckhand-integration-docker-py35-ubuntu_bionic + description: | + Run tox-based integration tests for the Airship Deckhand project under + cPython version 3.5. Builds ubuntu (default) deckhand image. + parent: deckhand-integration-docker-base + nodeset: openstack-helm-single-node + vars: + disable_keystone: false + distro: ubuntu_bionic + - job: name: deckhand-airskiff-deployment nodeset: deckhand-single-node-airskiff @@ -254,7 +293,7 @@ distro: opensuse_15 - job: - name: deckhand-docker-build-gate-ubuntu + name: deckhand-docker-build-gate-ubuntu_xenial timeout: 1800 run: tools/gate/playbooks/docker-image-build.yaml nodeset: deckhand-single-node @@ -272,6 +311,19 @@ dynamic: patch_set: true +- job: + name: deckhand-docker-build-gate-ubuntu_bionic + timeout: 1800 + run: tools/gate/playbooks/docker-image-build.yaml + nodeset: deckhand-single-node + irrelevant-files: *non-code-files-template + vars: + publish: false + distro: ubuntu_bionic + tags: + dynamic: + patch_set: true + - job: name: deckhand-docker-build-gate-opensuse timeout: 1800 @@ -286,7 +338,7 @@ patch_set: true - job: - name: deckhand-docker-publish-ubuntu + name: deckhand-docker-publish-ubuntu_xenial description: | Runs on every merge, unless files in a dictionary below are changed. Builds and publishes container ubuntu images on quay.io with a set of tags @@ -307,6 +359,28 @@ static: - latest +- job: + name: deckhand-docker-publish-ubuntu_bionic + description: | + Runs on every merge, unless files in a dictionary below are changed. + Builds and publishes container ubuntu images on quay.io with a set of tags + listed in vars section. Waits in Zuul queue for a node (VM) assignment. + timeout: 1800 + run: tools/gate/playbooks/docker-image-build.yaml + nodeset: deckhand-single-node + secrets: + - airship_deckhand_quay_creds + irrelevant-files: *non-code-files-template + vars: + publish: true + distro: ubuntu_bionic + tags: + dynamic: + branch: true + commit: true + static: + - latest + - job: name: deckhand-docker-publish-opensuse description: | @@ -330,7 +404,7 @@ - latest - job: - name: deckhand-docker-tag-ubuntu + name: deckhand-docker-tag-ubuntu_xenial description: | Runs on every merge when files in a dictionalry below are changed, and adds git commit id tag onto the ubuntu container image published on quay.io, @@ -345,6 +419,22 @@ vars: distro: ubuntu_xenial +- job: + name: deckhand-docker-tag-ubuntu_bionic + description: | + Runs on every merge when files in a dictionalry below are changed, and + adds git commit id tag onto the ubuntu container image published on quay.io, + which has `latest` tag set. Does not wait in queue for a node (VM) + assignment, runs almost immediately. + timeout: 1800 + run: tools/gate/playbooks/docker-image-tag.yaml + nodeset: + nodes: [] + secrets: + - airship_deckhand_quay_creds + vars: + distro: ubuntu_bionic + - job: name: deckhand-docker-tag-opensuse description: | diff --git a/Makefile b/Makefile index aae560a5..498bb281 100644 --- a/Makefile +++ b/Makefile @@ -25,7 +25,7 @@ USE_PROXY ?= false PUSH_IMAGE ?= false # use this variable for image labels added in internal build process LABEL ?= org.airshipit.build=community -DISTRO ?= ubuntu_xenial +DISTRO ?= ubuntu_bionic COMMIT ?= $(shell git rev-parse HEAD) IMAGE := ${DOCKER_REGISTRY}/${IMAGE_PREFIX}/${IMAGE_NAME}:${IMAGE_TAG}-${DISTRO} diff --git a/doc/requirements.txt b/doc/requirements.txt index 5785e40e..f245bdac 100644 --- a/doc/requirements.txt +++ b/doc/requirements.txt @@ -26,4 +26,4 @@ PasteDeploy==1.5.2 python-barbicanclient==4.7.0 oslo.db==4.41.1 oslo.log==3.40.1 -Werkzeug>=0.15.0 +Werkzeug==0.16.1 diff --git a/doc/source/contributor/testing.rst b/doc/source/contributor/testing.rst index bab4f5cf..a925f99d 100644 --- a/doc/source/contributor/testing.rst +++ b/doc/source/contributor/testing.rst @@ -141,7 +141,7 @@ testing. To test Deckhand against a containerized image, run, for example: :: - export DECKHAND_IMAGE=quay.io/airshipit/deckhand:latest-ubuntu_xenial + export DECKHAND_IMAGE=quay.io/airshipit/deckhand:latest-ubuntu_bionic tox -e functional-dev Which will result in the following script output: @@ -150,7 +150,7 @@ Which will result in the following script output: Running Deckhand via Docker + sleep 5 - + sudo docker run --rm --net=host -p 9000:9000 -v /opt/stack/deckhand/tmp.oBJ6XScFgC:/etc/deckhand quay.io/airshipit/deckhand:latest-ubuntu_xenial + + sudo docker run --rm --net=host -p 9000:9000 -v /opt/stack/deckhand/tmp.oBJ6XScFgC:/etc/deckhand quay.io/airshipit/deckhand:latest-ubuntu_bionic .. warning:: diff --git a/doc/source/users/getting-started.rst b/doc/source/users/getting-started.rst index cc9c8c93..882db82b 100644 --- a/doc/source/users/getting-started.rst +++ b/doc/source/users/getting-started.rst @@ -57,7 +57,7 @@ Finally, run Deckhand via Docker:: --net=host \ -p 9000:9000 \ -v $CONF_DIR:/etc/deckhand \ - quay.io/airshipit/deckhand:latest-ubuntu_xenial + quay.io/airshipit/deckhand:latest-ubuntu_bionic PostgreSQL ^^^^^^^^^^ @@ -101,7 +101,7 @@ Run an update to the Database to bring it to the current code level:: $ [sudo] docker run --rm \ --net=host \ -v $CONF_DIR:/etc/deckhand \ - quay.io/airshipit/deckhand:latest-ubuntu_xenial\ + quay.io/airshipit/deckhand:latest-ubuntu_bionic\ alembic upgrade head Finally, run Deckhand via Docker:: @@ -110,7 +110,7 @@ Finally, run Deckhand via Docker:: --net=host \ -p 9000:9000 \ -v $CONF_DIR:/etc/deckhand \ - quay.io/airshipit/deckhand:latest-ubuntu_xenial + quay.io/airshipit/deckhand:latest-ubuntu_bionic To kill the ephemeral DB afterward:: @@ -206,7 +206,7 @@ After, from the command line, execute: --net=host \ -p 9000:9000 \ -v $CONF_DIR:/etc/deckhand \ - quay.io/airshipit/deckhand:latest-ubuntu_xenial server + quay.io/airshipit/deckhand:latest-ubuntu_bionic server .. _development-utilities: diff --git a/images/deckhand/Dockerfile.ubuntu_bionic b/images/deckhand/Dockerfile.ubuntu_bionic new file mode 100644 index 00000000..e470a1c1 --- /dev/null +++ b/images/deckhand/Dockerfile.ubuntu_bionic @@ -0,0 +1,83 @@ +# Copyright 2018 AT&T Intellectual Property. All other rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG FROM=ubuntu:18.04 +FROM ${FROM} + +LABEL org.opencontainers.image.authors='airship-discuss@lists.airshipit.org, irc://#airshipit@freenode' +LABEL org.opencontainers.image.url='https://airshipit.org' +LABEL org.opencontainers.image.documentation='https://airship-deckhand.readthedocs.org' +LABEL org.opencontainers.image.source='https://opendev.org/airship/deckhand' +LABEL org.opencontainers.image.vendor='The Airship Authors' +LABEL org.opencontainers.image.licenses='Apache-2.0' + +ENV DEBIAN_FRONTEND noninteractive +ENV container docker +ENV PORT 9000 + +# Expose port 9000 for application +EXPOSE $PORT + +RUN set -x && \ + apt-get -qq update && \ + apt-get -y install \ + git \ + curl \ + netcat \ + netbase \ + python3 \ + python3-setuptools \ + python3-pip \ + python3-dev \ + python3-dateutil \ + ca-certificates \ + gcc \ + g++ \ + make \ + libffi-dev \ + libssl-dev \ + libpq-dev \ + --no-install-recommends \ + && python3 -m pip install -U pip \ + && apt-get clean \ + && rm -rf \ + /var/lib/apt/lists/* \ + /tmp/* \ + /var/tmp/* \ + /usr/share/man \ + /usr/share/doc \ + /usr/share/doc-base + +# Create deckhand user +RUN useradd -ms /bin/bash deckhand + +# Clone the deckhand repository +COPY . /home/deckhand/ + +# Change permissions +RUN chown -R deckhand: /home/deckhand \ + && chmod +x /home/deckhand/entrypoint.sh + +# Set work directory and install dependencies +WORKDIR /home/deckhand +RUN pip3 install -r requirements.txt +RUN python3 setup.py install + +# Set user to deckhand +USER deckhand + +# Execute entrypoint +ENTRYPOINT ["/home/deckhand/entrypoint.sh"] + +CMD ["server"] diff --git a/requirements.txt b/requirements.txt index 5063b899..084bcaca 100644 --- a/requirements.txt +++ b/requirements.txt @@ -45,4 +45,4 @@ stevedore==1.30.0 urllib3==1.24.3 uwsgi==2.0.17.1 # To support profiling in non-prod -Werkzeug>=0.15.0 +Werkzeug==0.16.1 diff --git a/tools/gate/playbooks/airskiff-deploy.yaml b/tools/gate/playbooks/airskiff-deploy.yaml index 9606cf29..a9f35056 100644 --- a/tools/gate/playbooks/airskiff-deploy.yaml +++ b/tools/gate/playbooks/airskiff-deploy.yaml @@ -14,6 +14,15 @@ - hosts: primary tasks: + - name: stop systemd-resolved service + systemd: + state: stopped + enabled: no + masked: yes + daemon_reload: yes + name: systemd-resolved + become: yes + - name: Clone Required Repositories shell: | export CLONE_DECKHAND={{ CLONE_DECKHAND }} @@ -27,6 +36,12 @@ args: chdir: "{{ zuul.projects['opendev.org/airship/treasuremap'].src_dir }}" + - name: Setup AppArmor + shell: | + ./tools/deployment/airskiff/developer/015-setup-apparmor.sh + args: + chdir: "{{ zuul.projects['opendev.org/airship/treasuremap'].src_dir }}" + - name: Setup OpenStack Client shell: | ./tools/deployment/airskiff/developer/020-setup-client.sh diff --git a/tools/gate/roles/build-images/defaults/main.yaml b/tools/gate/roles/build-images/defaults/main.yaml index fa51aefb..7a7ad7a6 100644 --- a/tools/gate/roles/build-images/defaults/main.yaml +++ b/tools/gate/roles/build-images/defaults/main.yaml @@ -17,4 +17,4 @@ proxy: https: null noproxy: null -distro: ubuntu_xenial +distro: ubuntu_bionic