Patch PyYAML (via the pylibyaml library) to automatically enable the
LibYAML parser and emitter, which are faster than the Python versions.
https://pypi.org/project/pylibyaml/
Change-Id: Iaddc0f30ed99b1f9a999f5365e9e8bf43349b82f
Since we introduced chart version check in gates, requirements are not
satisfied with strict check of 0.1.0
Change-Id: Ic115755eff68f419116b79102661e9fe1a7b1764
When pip is upgraded to 20.3, the pip dependency resolver is much more
strict and will no longer install a combination of packages that is mutually
inconsistent[0].
These changes account for the fact that Shipyard imports Armada, Drydock,
Promenade, and Deckhand. Having said that, with pip 20.3, the pip
packages amongst those projects cannot conflict. A follow-up change may
be needed if more conflicts are found.
[0] https://pip.pypa.io/en/latest/user_guide/#changes-to-the-pip-dependency-resolver-in-20-2-2020
Change-Id: I89c6dc728824f00f964c794142766012c407c4ed
During drydock node deployments, sometimes MaaS node deployment for
some nodes fails when the node tries to pull the node bootaction
files, using drydock api.
Drydock api call fails with `500 Internal Server Error`, when
drydock tries to create the booaction files for the node. The logs,
however do no provide any additional clues on what caused drydock to
fail. This issue does not happen always, and subsequent site updates
will most of the deploy the failed nodes.
The additional checks and logs are added to help pinpoint the root cause
of the 500 return code, if/when this issue heppens again.
This ps also, uplifted `MarkupSafe` pip library from 1.0 to 1.1.1 to
address the issue with MarkupSafe and latest version of setuptools
described here: https://github.com/pallets/markupsafe/issues/116
Change-Id: I08a088d9690d8d9dd1f771dc5e84d1eb02fbd39f
This updates the drydock chart to include the pod
security context on the pod template.
This also adds the container security context to set
readOnlyRootFilesystem flag to true
Change-Id: Ibeb60d0b88f3519730b5b76996ab137c5af4f4f5
Use apt to install python3-pip, and use pip3 in event system has
both pip2 and pip3 installed. Use apt to install setuptools for
Ansible's consumption.
Change-Id: Id80c809c636abe41a1cbb4d465f82ed1e8e0e9d7
Signed-off-by: Alexander Hughes <Alexander.Hughes@pm.me>
Corrects a recently introduced rendering error in the chart that
resulted in missing metadata labels for the drydock-db-init and
drydock-db-sync jobs.
https://review.opendev.org/#/c/724768
Change-Id: Ifa01bbc369a33ca3d5482c760a342d873736272e
This change allows node storage sizes to be specified using binary
prefixes (MiB, GiB, TiB) in addition to the existing supported formats
(MB, GB, TB).
Change-Id: Idef88b648a75bad87625acf1d73af011480cc0b9
A recent change[0] to address PEP8 issues resulted in an unintended
behavior modification, in some cases resulting in MAAS allocation of
multiple IP addresses to the same NIC.
This reverts to the original code logic.
[0] 1755930331
Change-Id: I6dccd1b60c414e3aa966085e81dc0b61244e9814
The Airship vulnerability documentation has moved [0]. This change
updates SECURITY.md to point to the correct location.
[0] https://docs.airshipit.org/learn/vulnerabilities.html
Change-Id: Iea843a3399bc7836f5645c3ca81603e2e9ca7356
Signed-off-by: Drew Walters <andrew.walters@att.com>
Flake8 version recently updated to include new PEP8 rules. Some of
the codebase is not compliant with the new rules.
Change-Id: I0f5b3d41ee54ff0d9ffa05f733f98c7e34f0f258
Signed-off-by: Alexander Hughes <Alexander.Hughes@pm.me>
Automatic security alerts were created for pyyaml==3.12 and
requests==2.19.1 suggesting these packages be upgraded to 2.20.0 and
5.1 respectively.
Vulnerabilities addressed:
CVE-2018-18074 on requests package
CVE-2017-18342 on PyYAML package
Change-Id: Iff5bc11d60c2724fef0bb8b2552e17573c79dc9f
Signed-off-by: Alexander Hughes <Alexander.Hughes@pm.me>
With Ubuntu bionic base image for drydock docker image, uwsig crashes
with segmentation fault when it tries to load/import the psycopg2 package.
The reason for this is that uwsgi and psycopg2 packages are built with
incopatible ssl libraries.
Upgrading uwsgi and psycopg2 to address this issue for bionic based
images.
Change-Id: I3d0bfb96c19849f5c2925366f8712bf47985df67
All Airship projects are moving to GitHub issues. This change adds a
GitHub security policy that links to the official Airship vulnerability
management process [0]. When users on GitHub click "New Issue" on this
GitHub repository, they will see an option to report a security
vulnerability, which will direct them to our official policy.
[0] https://airship-docs.readthedocs.io/en/latest/security/vulnerabilities.html
Change-Id: Iaf060dd0085c21f0c4f18f100e3e053b5ceedbed
Signed-off-by: Drew Walters <andrew.walters@att.com>
Adds support to build drydock image using either a xenial or a bionic base
image. Currently only xenial base is supported.
The default base image is set to ubuntu bionic.
Change-Id: I93672cf35879d8525d28e870ea83e5512c1043f9
Updated Makefile to run the build baclient package for go on the
host instead of as a docker container, to allow the Makefile be
called from another container. Reason being, in a docker-in-docker,
volume mapping requires knowledge of host filesystem path instead
of the docker daemon filesystem path.
Corrected proxy configuration in the scripts to use the USE_PROXY,
PROXY and NO_PROXY environment variables.
Updated Dockerfile to add multi-stage build, to avoid including the
golang-go package in the docker image. Stage one creates the
baclient Go library, and stage two creates the drydock image, and
copies the baclient from stage one image.
Change-Id: I29a30e870da8f44279dcd62bb1173165fa939d43
This change updates the location of the kubernetes-entrypoint image to
point to its new home in the airshipit namespace on quay.io [0]. The
stackanetes image is no longer maintained.
[0] https://quay.io/repository/airshipit/kubernetes-entrypoint
Depends-On: 8314c53030
Change-Id: I08db87c2f97c687bd87162e2f7eaf81abe882c31
Signed-off-by: Drew Walters <andrew.walters@att.com>
This change updates the helm-toolkit version used to build the Drydock
chart in order to introduce a change that removes use of the echo binary
from the Kubernetes entrypoint init container [0]. This is required in
order to use the new Kubernetes entrypoint image, which does not include
the binary.
[0] https://review.opendev.org/688435
Change-Id: I3c291367541aca9d2d8f2a7c3c0600d9d9efb84f
Signed-off-by: Drew Walters <andrew.walters@att.com>
Update apiversion for deployment to apps/v1
Add selector match labels to deployment
This patch is similar to https://review.opendev.org/#/c/638276/
These changes are required to install drydock helm chart on k8s 1.16.0
Change-Id: Ie9b7344fc94058a6212d09a9b96fe1b2b9d07b4e
- Currently several failure paths won't log any messages
when doing a site validation. Add these messages
- Also, for validation steps that are dependent on external resources
make the resource inaccessibility a warning rather than a failure.
Change-Id: I431ed188e2f6cd3fc3fa41ae2729f3a099fdfbf5
The patch introduces network policy configuration similar
to openstack-helm services. It allows users to configure
policies depending on the environment.
* Network policies are disabled by default.
* When enabled default policies allow all ingress and
egress traffic (i.e. policy set to {}), this may be
changed in future patch-sets.
Change-Id: I2705fcf1d322ed06b124811b4ab91bfdfbdeacf3
Readthedocs failed to render Drydock exceptions with error:
> WARNING: autodoc: failed to import exception xxx from module
> 'drydock_provisioner'; the following exception was raised: No module
> named 'drydock_provisioner'
Trying to add Drydock requirements to the installed requirements list,
so that Readthedocs has all modules, including those needed for the
Drydock itself.
Unify docs building by utilizing Zuul docs-on-readthedocs template job.
Cosmetic readability changes:
1. combined all Makefile .PHONY targets into one
2. merged multiple LABEL instructions in Dockerfile into one
Change-Id: I6a9b47cffc66d739968fa886c51e25b1e09ef124