From 51865aea02be5589b6f83c6906a5a03a7ddba499 Mon Sep 17 00:00:00 2001 From: Julia Kreger Date: Thu, 18 Nov 2021 06:47:49 -0800 Subject: [PATCH] CI: Work around tinyipa build issues The qemu git server has updated it's ssl certificate, and can no longer be verified by the software libraries and embedded tinycore data for the 10.x release. Unfortunately, we have CI hard coded to an older release and we cannot release a newer, older version of the tinycore 10.x supporting packages. So, for our CI purposes, we just need a working build, so that is all this patch attempts to do, get our CI in a working state for the older branches. It is an awful change. None of us like it, but we're stuck and this is the only path forward short of completely abandoning the use of the software builds on these branches. Change-Id: I44f2a05c3f37a6dad0b9c88e2a7f6c66be8a1b78 (cherry picked from commit 6478d03d2973928a63163d931173d79acfcf849e) --- devstack/lib/ironic | 6 ++++++ ...inycore-10-x-is-no-longer-viable-3673a0615ff207e6.yaml | 8 ++++++++ 2 files changed, 14 insertions(+) create mode 100644 releasenotes/notes/tinycore-10-x-is-no-longer-viable-3673a0615ff207e6.yaml diff --git a/devstack/lib/ironic b/devstack/lib/ironic index b2db95f7d3..531c40e84b 100644 --- a/devstack/lib/ironic +++ b/devstack/lib/ironic @@ -2473,6 +2473,12 @@ function build_tinyipa_ramdisk { export AUTHORIZE_SSH=true export SSH_PUBLIC_KEY=$IRONIC_ANSIBLE_SSH_KEY.pub fi + # NOTE(TheJulia): This is awful, but we need it to continue to keep CI working + # on the train and ussuri branches. Essentially, Tinycore 10.x can't be used + # in the field, and we're unable to fix it due to a confluence of issues. + sed -i 's/git\ clone\ --branch/\ \ \ \git config --global http.sslVerify false\n\ \ \ \ git\ clone\ --branch/' build-tinyipa.sh + # NOTE(TheJulia): qemu pulls in submodules and fails if you disable them. So we need to update it's perception of git. + sed -i "s/qemu\ \&\&\ .\/configure\ --disable-system/qemu\ \&\&\ .\/configure\ --with-git='env\ GIT_SSL_NO_VERIFY=true\ git'\ --disable-system/" build-tinyipa.sh make cp tinyipa.gz $ramdisk_path cp tinyipa.vmlinuz $kernel_path diff --git a/releasenotes/notes/tinycore-10-x-is-no-longer-viable-3673a0615ff207e6.yaml b/releasenotes/notes/tinycore-10-x-is-no-longer-viable-3673a0615ff207e6.yaml new file mode 100644 index 0000000000..0fa74f72ce --- /dev/null +++ b/releasenotes/notes/tinycore-10-x-is-no-longer-viable-3673a0615ff207e6.yaml @@ -0,0 +1,8 @@ +--- +issues: + - | + TinyCore Linux 10.x, which powers the TinyIPA ramdisk in the Ussuri and + Train releases of OpenStack, is no longer able to be built due to + certificate verification issues as time moves forward. We have embedded + a fix for use by Ironic's CI only. As a general reminder, TinyIPA + should not be used in production deployments.