Now that we've cleaned up the old unused images we can look forward to
new Python. Add Python 3.10 base images based on Bullseye.
As part of this process we update the default var values in our
Dockerfiles to set Bullseye and Python3.10 as our defaults as these
should be valid for some time. We also tidy up some yaml anchor names to
make future copy and paste for new versions of images easier to perform
text replacement on.
Change-Id: I4943a9178334c4bdf10ee5601e39004d6783b34c
There's some more work before our consumers can switch to bullseye.
To make this process more tractable, revert the recent backport
addition, and specify that we want bullseye images from upstream.
That gets us back to where we were at the start of this. Next,
we can start building 2x images of python-base/builder and tag
them with bullseye or buster. Then the consumers can specify
which tags, then start switching.
Revert "Add backports repos to base and builder images"
This reverts commit b217e38904da3ccab6eb96251376f1635ee55d21.
Revert "Update matrix-eavesdrop for bullseye"
This reverts commit fc38c6975367c09d003474ebd7bfefc465459a06.
Change-Id: Id21681342fe5268296128c1b09436a80c46e3169
These don't install anything by default, but allow people
to easily opt-in to a backport package if they need to without
lots of extra lines of boilerplate.
The base python image is on bullseye now instead of buster. That
means the libffi version is 7 not 6.
Change-Id: I0e0c2669d838fb622422f696f73e96e409157270
We had an image promote failure for python-base:3.8. Due to docker
hub making it very difficult to know if old tags have been cleaned up we
are not sure that reenqueing the previous chagne to zuul will do the
right thing. It may downgrade the latest tag on some of our images. To
avoid any confusion over what is latest we just have zuul build new
images and promote them again.
Change-Id: Iaa859396030f1110b43788e73e9644a97e2ada9b
We are looking ahead to rebuilding a number of our images for services
like Zuul, Gerrit, and Gitea to do things like check zuul v5 efforts,
fix gerrit bugs, and upgrade gitea to a new version. Ensuring that we
have an up to date base platform seems like a good idea as a result.
Change-Id: I4262b8aa1759eaae85e5429c5a5097397152afa5
Because Id68080575a30e4a08c99df0af603fbb65a0983bd didn't touch any of
the docker files (but just added new 3.9 builds) they didn't get
promoted. Update timestamp to trigger this.
Change-Id: I6bf33936d4da773329900a2a52d09654087313d4
This change adds comments to the python-base and python-builder
dockerfiles to force a rebuild of these images. We do this periodically
to pull in updates.
Change-Id: I109a46603a74a376cc36fdfbd35734f6dc835abe
The current base image contains a few CVE's which are fixed:
- CVE-2020-12723
- CVE-2020-10878
- CVE-2020-10543
This rebuild should allow us to get them in, as they are included by
perl 5.28.1-6+deb10u1.
Change-Id: I34cdc1147b0fa74083517478db26e9fb0d4d16cd
We want these to rebuild to push up multiarch images. I couldn't come up
with a good actual change so I added a . to a comment instead.
Change-Id: I287fee62075bc124ea7d9cc51baaeecdc0e73c6c
Initial testing seems to show that jemalloc is a probable source of our
memory leaks with zuul-scheduler and zuul-web under python3.7 and
python3.8. While this was desireable under python3.5 with zuul-executor
it doesn't seem like we want to enable this universally. For this reason
remove jemalloc from the base image. It can be added into images in
specific places if desireable but isn't a good default.
Change-Id: I671eef4ef27fdde161b52cf0a4187fac10ac8c4e
base and builder are currently pinned to 3.7, which makes it hard
to consider upgrading to python-3.8. To help with that, make
python-3.7 and python-3.8 images, but point latest as 3.7 for the
time being. Then add version-specific provides and FROM lines
so that we can start being deliberate and clear about our version
choice.
Change-Id: Ibf1d846d5c4a005547785124567ce2900e272a7a
We disable these on our VM images, so might as well make our
container images follow suit. Could make them a smidge smaller.
Also do it in the gerrit-base image.
Change-Id: Iba60cf5c7009d57c4910f9e4464aff9231598ad6
There was an issue in pip that prevented correctly caching locally
built wheels [1]. This has been fixed in recent pip versions so
upgrade pip in both images so image caching works correctly. This is
needed to unbreak nodepool images that fail to install the locally
built netifaces package.
[1] https://github.com/pypa/pip/issues/6852
Change-Id: Ibbe12bcc53253a80d0bafa3d09a20c49a3a2b784
To make it clear that docker hub is but one of many possible registries,
update our usage of FROM and image: lines to include docker.io in the
path.
There are a few other FROM lines for the gitea images which are handled
in a separate stack.
Change-Id: I6fafd5f659ad19de6951574afc9a6b6a4cf184df
A few things have changed and we need to fix them in one go.
Use mirror for installing docker for buildset-registry
While, we need to make this more systemic, that's hanging off of the
mirror rework. For now, since we know all of these jobs are debian
based, just set the mirror location.
Replace use of zuul cloner with git clones
You can never be a prophet in your own hometown. This is now broken
because of the git cache rework, so just replace it.
Update libjemalloc library
python:slim is based on buster now, which has libjemalloc2 not
libjemalloc1.
Remove gerrit repo remote for submodules
A recent change to the base jobs to use prepare-workspace-git
broke the gerrit image builds by actually having the origin
remote by /dev/null as intended. This breaks submodules because
for a few of them where we don't have matching stable branches
the submodule relative path behavior is actually exactly what
we want.
Since we don't care about the remote otherwise, remove the
origin remote before doing the submodule update --init so that
the submodule will clone the refs from the zuul prepared repo.
Change-Id: Ieb5b6bc8711fe971ed3445c7c267306ac4616464
jemalloc is apparently good with python memory according to
https://zapier.com/engineering/celery-python-jemalloc/
Also, according to these graphs from Tobias:
https://paste.pics/581cc286226407ab0be400b94951a7d9
it helps with the apparent memory leak seen in python3.6
and python3.7 with zuul.
There doesn't seem to be any downside to it, so install it
and enable it.
Change-Id: I354bc35e5fa1aee90e1c8b6918c5a70dafd4f990
There's no real need to tie these together into a multi-stage
Dockerfile as they don't really share anything. Split them.
Change-Id: Ifd7ccadcd8048eeb57797d60356aec2f9f0d2c80
Depends-On: https://review.openstack.org/641805
