airship/promenade
Code Issues Proposed changes
5bb58863b6
promenade/tools/zuul/playbooks/deploy-promenade-containerd.yaml
anthony.bellino 0e8b5cfe59 Uplift Promenade image to address CVEs 
The current Promenade image is vulnerable to several CVEs:
CVE-2019-3462
CVE-2018-16865
CVE-2018-16864

Which Ubuntu 16.04/18.04 addresses.
This patchset makes the following changes:
1. Adds new distro specific dockerfiles for xenial/bionic.
2. Updates gates to be specific about the ubuntu image being
   checked.
3. Updates .zuul.yaml checks/gates/post jobs for xenial/bionic.
4. Updates build-image.sh docker build for specific dockerfile
   specified in config.sh (IMAGE_PROMENADE_DISTRO).

Change-Id: I89e5297a3baa8c2d2c142e5e29932476fc628398
2020-05-28 16:09:40 +00:00

83 lines
2.4 KiB
YAML
Raw Blame History

# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- hosts: primary
vars:
env:
HTTP_PROXY: ""
HTTPS_PROXY: ""
NO_PROXY: ""
PROMENADE_TMP_LOCAL: "cache"
DISTRO: "{{ distro }}"
become: true
tasks:
- name: Install docker
command: apt-get install docker.io resolvconf -y
- name: Setup Apparmor
shell: |
set -xe;
./tools/deployment/apparmor/001-setup-apparmor-profiles.sh
args:
chdir: "{{ zuul.projects['opendev.org/openstack/openstack-helm-infra'].src_dir }}"
executable: /bin/bash
- name: Generate configuration files
shell: |
set -xe;
./tools/dev-build.sh examples/containerd generate-certs replace {{ ansible_default_ipv4.interface }}
args:
chdir: "{{ zuul.project.src_dir }}"
executable: /bin/bash
environment: "{{env}}"
- name: Generate certificate files
shell: |
set -xe;
./tools/dev-build.sh generate-certs
args:
chdir: "{{ zuul.project.src_dir }}"
executable: /bin/bash
environment: "{{env}}"
- name: Copy build files and generated certificates to build-all
command: "mv {{ zuul.project.src_dir }}/build {{ zuul.project.src_dir }}/build-all"
- name: Build genesis script
shell: |
set -xe;
./tools/dev-build.sh build-all
args:
chdir: "{{ zuul.project.src_dir }}"
executable: /bin/bash
environment: "{{env}}"
- name: Deploying genesis
shell: |
set -xe;
./build/genesis.sh
args:
chdir: "{{ zuul.project.src_dir }}"
executable: /bin/bash
- name: Validating genesis
shell: |
set -xe;
./build/validate-genesis.sh
args:
chdir: "{{ zuul.project.src_dir }}"
executable: /bin/bash
register: result
retries: 3
delay: 10
until: result.rc == 0
View Git Blame Copy Permalink