From d0a7d42715806309a38d1c6f8820448ef6f90cf8 Mon Sep 17 00:00:00 2001 From: Michal Nasiadka Date: Wed, 21 Feb 2024 11:10:30 +0100 Subject: [PATCH] opensearch: set OPENSEARCH_INITIAL_ADMIN_PASSWORD Since 2.12 OpenSearch requires setting initial admin password, that is not trivial/weak. Change [1] has been bundled with this commit, since it's an ancestor in newer branches, but it won't build without this one. Mark bifrost as unbuildable for now, see [2]. [1]: https://review.opendev.org/c/openstack/kolla/+/909823 [2]: https://review.opendev.org/c/openstack/bifrost/+/909844 Closes-Bug: #2054586 Change-Id: I6b6ef656bc2009a2dc3cdfcb01956d50fba4b7b9 (cherry picked from commit 756ee984c3c761514115c342e7cba9a3cb533d02) --- .../opensearch/opensearch-dashboards/Dockerfile.j2 | 12 ------------ docker/opensearch/opensearch/Dockerfile.j2 | 11 ++--------- kolla/image/build.py | 1 + 3 files changed, 3 insertions(+), 21 deletions(-) diff --git a/docker/opensearch/opensearch-dashboards/Dockerfile.j2 b/docker/opensearch/opensearch-dashboards/Dockerfile.j2 index 8433260101..525511c127 100644 --- a/docker/opensearch/opensearch-dashboards/Dockerfile.j2 +++ b/docker/opensearch/opensearch-dashboards/Dockerfile.j2 @@ -12,18 +12,6 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% set opensearch_dashboards_packages = ['opensearch-dashboards'] %} -{% if base_distro_tag.startswith('stream9') or base_distro == 'rocky' %} -{# TODO: OpenSearch will move from SHA1 in 2.8 release, remove this once 2.8 is out #} -RUN update-crypto-policies --set DEFAULT:SHA1 -{% endif %} - -{# TODO: ugly hack to get past opensearch postinst, remove once #} -{# https://github.com/opensearch-project/opensearch-build/pull/3435 gets merged #} -{# and packages get rebuilt #} -RUN touch /usr/bin/systemd-tmpfiles && chmod a+rx /usr/bin/systemd-tmpfiles \ - && {{ macros.install_packages(opensearch_dashboards_packages | customizable("packages"), chain=True) }} \ - && rm -f /usr/bin/systemd-tmpfiles - COPY extend_start.sh /usr/local/bin/kolla_extend_start RUN chmod 755 /usr/local/bin/kolla_extend_start diff --git a/docker/opensearch/opensearch/Dockerfile.j2 b/docker/opensearch/opensearch/Dockerfile.j2 index b7c0d52ca1..e30dcd74b7 100644 --- a/docker/opensearch/opensearch/Dockerfile.j2 +++ b/docker/opensearch/opensearch/Dockerfile.j2 @@ -14,16 +14,9 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build 'opensearch' ] %} -{% if base_distro_tag.startswith('stream9') or base_distro == 'rocky' %} -{# TODO: OpenSearch will move from SHA1 in 2.8 release, remove this when 2.8 is out #} -RUN update-crypto-policies --set DEFAULT:SHA1 -{% endif %} +ENV OPENSEARCH_INITIAL_ADMIN_PASSWORD="Kolla24OpenSearch" -{# TODO: ugly hack to get past opensearch postinst, remove once #} -{# https://github.com/opensearch-project/opensearch-build/pull/3435 gets merged #} -{# and packages get rebuilt #} -RUN touch /usr/bin/systemd-tmpfiles && chmod a+rx /usr/bin/systemd-tmpfiles \ - && {{ macros.install_packages(opensearch_packages | customizable("packages"), chain=True) }} +{{ macros.install_packages(opensearch_packages | customizable("packages")) }} COPY extend_start.sh /usr/local/bin/kolla_extend_start RUN chmod 755 /usr/local/bin/kolla_extend_start diff --git a/kolla/image/build.py b/kolla/image/build.py index 8a8e2d0b02..2edc64f002 100755 --- a/kolla/image/build.py +++ b/kolla/image/build.py @@ -99,6 +99,7 @@ UNBUILDABLE_IMAGES = { }, 'source': { + "bifrost-base", # Broken on unmaintained/yoga }, 'centos': {