move to Debian 'bullseye'
Bullseye is now in hard freeze cycle and goes for release. https://release.debian.org/bullseye/freeze_policy.html Co-Authored-By: Michal Nasiadka <mnasiadka@gmail.com> Change-Id: I543965a2741cebfa759576a4c75669a7bacd4208
This commit is contained in:
parent
af17cc180e
commit
e0f8cbc50c
@ -4,11 +4,15 @@
|
||||
jobs:
|
||||
- kolla-build-debian-source
|
||||
- kolla-build-debian-binary
|
||||
- kolla-ansible-debian-source
|
||||
- kolla-ansible-debian-source:
|
||||
vars:
|
||||
kolla_python_version: 3.9
|
||||
check-arm64:
|
||||
jobs:
|
||||
- kolla-build-debian-source-aarch64
|
||||
- kolla-ansible-debian-source-aarch64
|
||||
- kolla-ansible-debian-source-aarch64:
|
||||
vars:
|
||||
kolla_python_version: 3.9
|
||||
periodic:
|
||||
jobs:
|
||||
- kolla-publish-debian-source-quay
|
||||
|
@ -32,14 +32,14 @@ iscsid,C,C,C,C,N,C
|
||||
kafka,C,C,C,C,N,C
|
||||
keepalived,C,C,C,C,N,C
|
||||
keystone,C,C,C,C,N,C
|
||||
kibana,N,N,N,N,C,C
|
||||
kibana,N,N,N,N,N,C
|
||||
kolla-toolbox,C,C,C,C,N,C
|
||||
kuryr,N,C,N,C,N,C
|
||||
logstash,C,C,C,C,N,C
|
||||
magnum,C,C,C,C,N,C
|
||||
manila,C,C,C,C,N,C
|
||||
mariadb,C,C,C,C,N,C
|
||||
masakari,N,C,C,C,C,C
|
||||
masakari,N,C,C,C,N,C
|
||||
memcached,C,C,C,C,N,C
|
||||
mistral,C,C,C,C,N,C
|
||||
monasca,N,N,N,N,N,N
|
||||
@ -51,8 +51,8 @@ nova,C,C,C,C,N,C
|
||||
nova-spicehtml5proxy,N,N,C,C,N,C
|
||||
octavia,C,C,N,C,N,C
|
||||
openvswitch,C,C,C,C,N,C
|
||||
ovn,C,C,C,C,N,C
|
||||
ovsdpdk,N,N,C,C,N,N
|
||||
ovn,C,C,C,C,N,N
|
||||
ovsdpdk,N,N,C,C,N,C
|
||||
panko,C,C,C,C,N,C
|
||||
placement,C,C,N,C,N,C
|
||||
prometheus,C,C,C,C,N,C
|
||||
|
|
@ -47,13 +47,13 @@ monasca,N,C,N,C,N,N
|
||||
multipathd,C,C,C,C,C,C
|
||||
murano,C,C,C,C,C,C
|
||||
neutron,T,T,T,T,C,T
|
||||
neutron-mlnx-agent,C,C,N,C,N,C
|
||||
neutron-mlnx-agent,C,C,N,C,C,C
|
||||
nova,T,T,T,T,C,T
|
||||
nova-spicehtml5proxy,N,N,T,T,C,T
|
||||
octavia,C,C,N,C,C,C
|
||||
openvswitch,T,T,T,T,C,T
|
||||
ovn,C,C,C,C,C,C
|
||||
ovsdpdk,N,N,C,C,N,N
|
||||
ovn,C,C,C,C,N,N
|
||||
ovsdpdk,N,N,C,C,C,C
|
||||
panko,C,C,C,C,C,C
|
||||
placement,T,T,T,T,C,T
|
||||
prometheus,C,C,C,C,C,C
|
||||
|
|
@ -328,6 +328,18 @@ COPY sources.list /etc/apt/sources.list.d/kolla-custom.list
|
||||
|
||||
{% block base_debian_after_sources_list %}{% endblock %}
|
||||
|
||||
{# install Debian Openstack repos - they are not mirrored on CI #}
|
||||
{% if base_distro == 'debian' %}
|
||||
|
||||
RUN apt update \
|
||||
&& apt install -y --no-install-recommends extrepo \
|
||||
&& extrepo enable openstack_wallaby \
|
||||
&& apt purge -y extrepo \
|
||||
&& apt --purge autoremove -y \
|
||||
&& apt clean
|
||||
|
||||
{% endif %}
|
||||
|
||||
{% block base_ubuntu_package_apt_preferences %}
|
||||
COPY apt_preferences.{{ base_distro }} /etc/apt/preferences
|
||||
COPY apt_preferences /etc/apt/preferences.d/kolla-custom
|
||||
@ -383,10 +395,8 @@ COPY apt_preferences /etc/apt/preferences.d/kolla-custom
|
||||
{% set remote_apt_keys = [
|
||||
'https://download.docker.com/linux/debian/gpg',
|
||||
'https://packages.grafana.com/gpg.key',
|
||||
'http://buster-ussuri.debian.net/debian/dists/pubkey.gpg',
|
||||
'https://packages.treasuredata.com/GPG-KEY-td-agent',
|
||||
'https://repos.influxdata.com/influxdb.key',
|
||||
'https://obs.linaro.org/repos/home:/marcin.juszkiewicz/debian-buster/Release.key',
|
||||
] %}
|
||||
{% endif %}
|
||||
|
||||
|
@ -1,53 +1,8 @@
|
||||
# We want Ceph/nautilus
|
||||
Package: ceph* libceph* librados* librbd* librgw* python3-ceph* python3-rados python3-rbd python3-rgw radosgw
|
||||
Pin: version 14.*
|
||||
Pin-Priority: 1000
|
||||
|
||||
# ceph-osd requires smartmontools from backports
|
||||
Package: smartmontools
|
||||
Pin: version 7.*
|
||||
Pin-Priority: 1000
|
||||
|
||||
Package: rabbitmq-server
|
||||
Pin: version 3.8.*
|
||||
Pin-Priority: 1000
|
||||
|
||||
# We need erlang 22+ for rabbitmq (aarch64 has v23, x86-64 has v22 and v23 so we use v23)
|
||||
# RabbitMQ wants 23+ and we want to stay on 23 if possible
|
||||
Package: erlang*
|
||||
Pin: version 1:23.*
|
||||
Pin-Priority: 1000
|
||||
|
||||
# We do not want packages from this repo
|
||||
Package: *
|
||||
Pin: release o=obs://private/home:marcin.juszkiewicz/debian-buster
|
||||
Pin-Priority: 100
|
||||
|
||||
# We need libvirt 7.0.0 for nova
|
||||
Package: *libvirt*
|
||||
Pin: release o=obs://private/home:marcin.juszkiewicz/debian-buster
|
||||
Pin-Priority: 600
|
||||
|
||||
# on ppc64le we lack libvirt 7.0.0 so let fail with Debian one
|
||||
Package: *libvirt*
|
||||
Pin: release o=Debian,b=ppc64le
|
||||
Pin-Priority: 700
|
||||
|
||||
# ovn-host depends on openvswitch from buster
|
||||
Package: openvswitch*
|
||||
Pin: release n=buster
|
||||
Pin-Priority: 700
|
||||
|
||||
# we want newer QEMU
|
||||
Package: qemu*
|
||||
Pin: version 1:5.*
|
||||
Pin-Priority: 700
|
||||
|
||||
# QEMU depends on those
|
||||
Package: libpmem1 libndctl6 libdaxctl1 pmdk-tools libpmemblk1 libpmemlog1 libpmemobj1 libpmempool1 liburing1 libfdt1
|
||||
Pin: release n=buster-backports
|
||||
Pin-Priority: 700
|
||||
|
||||
# nova wants data in /usr/share/qemu/firmware
|
||||
Package: qemu-efi-aarch64
|
||||
Pin: release n=buster-backports
|
||||
Pin-Priority: 700
|
||||
|
@ -1,33 +1,8 @@
|
||||
# Default repos
|
||||
deb http://deb.debian.org/debian buster main
|
||||
deb http://deb.debian.org/debian bullseye main
|
||||
|
||||
# debian security updates
|
||||
deb http://security.debian.org/debian-security buster/updates main
|
||||
deb http://deb.debian.org/debian-security bullseye-security main
|
||||
|
||||
# debian backports
|
||||
deb http://deb.debian.org/debian buster-backports main
|
||||
|
||||
# Buster - Victoria repos
|
||||
deb http://buster-victoria.debian.net/debian buster-victoria-backports main
|
||||
deb http://buster-victoria.debian.net/debian buster-victoria-backports-nochange main
|
||||
|
||||
# NOTE(hrw): repositories below are added into image when they are needed as
|
||||
# separate files in /etc/apt/sources.list.d/ directory. For that purpose they
|
||||
# are defined in kolla/repos.yaml file.
|
||||
#
|
||||
# Here they stay in case someone needs them.
|
||||
|
||||
# elasticsearch (arch:all), logstash (arch:all), kibana (arch:amd64)
|
||||
#deb [arch=amd64] https://artifacts.elastic.co/packages/5.x/apt stable main
|
||||
|
||||
# Grafana repo
|
||||
#deb https://packages.grafana.com/oss/deb stable main
|
||||
|
||||
# td-agent for fluentd
|
||||
#deb http://packages.treasuredata.com/3/debian/buster buster contrib
|
||||
|
||||
# rabbitmq repo
|
||||
#deb https://dl.bintray.com/rabbitmq/debian/ buster main
|
||||
|
||||
# erlang repo
|
||||
#deb https://dl.bintray.com/rabbitmq-erlang/debian/ buster erlang
|
||||
deb http://deb.debian.org/debian bullseye-backports main
|
||||
|
@ -37,7 +37,11 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
|
||||
|
||||
COPY mariadb_sudoers /etc/sudoers.d/kolla_mariadb_sudoers
|
||||
COPY extend_start.sh /usr/local/bin/kolla_extend_start
|
||||
{% if base_distro == 'debian' %}
|
||||
COPY security_reset.expect.debian /usr/local/bin/kolla_security_reset
|
||||
{% else %}
|
||||
COPY security_reset.expect /usr/local/bin/kolla_security_reset
|
||||
{% endif %}
|
||||
RUN chmod 755 /usr/local/bin/kolla_extend_start \
|
||||
&& chmod 755 /usr/local/bin/kolla_security_reset \
|
||||
&& chmod 750 /etc/sudoers.d \
|
||||
|
67
docker/mariadb/mariadb-server/security_reset.expect.debian
Normal file
67
docker/mariadb/mariadb-server/security_reset.expect.debian
Normal file
@ -0,0 +1,67 @@
|
||||
#!/usr/bin/expect -f
|
||||
|
||||
if [catch {set timeout $env(DB_MAX_TIMEOUT)}] {set timeout 10}
|
||||
spawn mysql_secure_installation
|
||||
expect {
|
||||
timeout { send_user "\nFailed to get 'Enter current password for root (enter for none):' prompt\n"; exit 1 }
|
||||
eof { send_user "\nFailed to get 'Enter current password for root (enter for none):' prompt\n"; exit 1 }
|
||||
"Enter current password for root (enter for none):"
|
||||
}
|
||||
send "\r"
|
||||
|
||||
expect {
|
||||
timeout { send_user "\nFailed to get 'Switch to unix_socket authentication [Y/n] ' prompt\n"; exit 1 }
|
||||
eof { send_user "\nFailed to get 'Switch to unix_socket authentication' prompt\n"; exit 1 }
|
||||
"Switch to unix_socket authentication \\\[Y/n\\\] "
|
||||
}
|
||||
send "n\r"
|
||||
|
||||
expect {
|
||||
timeout { send_user "\nFailed to get 'Change the root password? [Y/n]' prompt\n"; exit 1 }
|
||||
eof { send_user "\nFailed to get 'Change the root password?' prompt\n"; exit 1 }
|
||||
"Change the root password? \\\[Y/n\\\] "
|
||||
}
|
||||
send "y\r"
|
||||
|
||||
expect {
|
||||
timeout { send_user "\nFailed to get 'New password:' prompt\n"; exit 1 }
|
||||
eof { send_user "\nFailed to get 'New password:' prompt\n"; exit 1 }
|
||||
"New password:"
|
||||
}
|
||||
send "$env(DB_ROOT_PASSWORD)\r"
|
||||
|
||||
expect {
|
||||
timeout { send_user "\nFailed to get 'Re-enter new password:' prompt\n"; exit 1 }
|
||||
eof { send_user "\nFailed to get 'Re-enter new password:' prompt\n"; exit 1 }
|
||||
"Re-enter new password:"
|
||||
}
|
||||
send "$env(DB_ROOT_PASSWORD)\r"
|
||||
|
||||
expect {
|
||||
timeout { send_user "\nFailed to get 'Remove anonymous users?' prompt\n"; exit 1 }
|
||||
eof { send_user "\nFailed to get 'Remove anonymous users?' prompt\n"; exit 1 }
|
||||
"Remove anonymous users?"
|
||||
}
|
||||
send "y\r"
|
||||
|
||||
expect {
|
||||
timeout { send_user "\nFailed to get 'Disallow root login remotely?' prompt\n"; exit 1 }
|
||||
eof { send_user "\nFailed to get 'Disallow root login remotely?' prompt\n"; exit 1 }
|
||||
"Disallow root login remotely?"
|
||||
}
|
||||
send "n\r"
|
||||
|
||||
expect {
|
||||
timeout { send_user "\nFailed to get 'Remove test database and access to it?' prompt\n"; exit 1 }
|
||||
eof { send_user "\nFailed to get 'Remove test database and access to it?' prompt\n"; exit 1 }
|
||||
"Remove test database and access to it?"
|
||||
}
|
||||
send "y\r"
|
||||
|
||||
expect {
|
||||
timeout { send_user "\nFailed to get 'Reload privilege tables now?' prompt\n"; exit 1 }
|
||||
eof { send_user "\nFailed to get 'Reload privilege tables now?' prompt\n"; exit 1 }
|
||||
"Reload privilege tables now?"
|
||||
}
|
||||
send "y\r"
|
||||
expect eof
|
@ -34,7 +34,8 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
|
||||
|
||||
COPY extend_start.sh /usr/local/bin/kolla_extend_start
|
||||
|
||||
RUN mv /usr/sbin/tcpdump /usr/bin/tcpdump \
|
||||
# NOTE(hrw): Upstream moved tcpdump to /usr/bin/ in 4.99 version (used in Debian)
|
||||
RUN if [ -e /usr/sbin/tcpdump ]; then mv /usr/sbin/tcpdump /usr/bin/tcpdump; fi \
|
||||
&& touch /usr/local/bin/kolla_openvswitch_extend_start \
|
||||
&& chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_openvswitch_extend_start
|
||||
|
||||
|
@ -24,13 +24,13 @@ BASE_ARCH = ['x86_64', 'ppc64le', 'aarch64']
|
||||
DEFAULT_BASE_TAGS = {
|
||||
'centos': {'name': 'quay.io/centos/centos', 'tag': 'stream8'},
|
||||
'rhel': {'name': 'registry.access.redhat.com/ubi8', 'tag': 'latest'},
|
||||
'debian': {'name': 'debian', 'tag': '10'},
|
||||
'debian': {'name': 'debian', 'tag': 'bullseye'},
|
||||
'ubuntu': {'name': 'ubuntu', 'tag': '20.04'},
|
||||
}
|
||||
DISTRO_RELEASE = {
|
||||
'centos': '8',
|
||||
'rhel': '8',
|
||||
'debian': '10',
|
||||
'debian': 'testing/unstable',
|
||||
'ubuntu': '20.04',
|
||||
}
|
||||
OPENSTACK_RELEASE = 'wallaby'
|
||||
|
@ -132,7 +132,7 @@ UNBUILDABLE_IMAGES = {
|
||||
"bifrost-base", # tries to install 'mysql-server' which is not in
|
||||
# Debian 'buster'
|
||||
"monasca-grafana", # FIXME(hrw): some ssl issues to fix
|
||||
"ovsdpdk",
|
||||
"ovn-base", # needs more checking
|
||||
"qdrouterd",
|
||||
},
|
||||
|
||||
@ -162,14 +162,10 @@ UNBUILDABLE_IMAGES = {
|
||||
},
|
||||
|
||||
'debian+binary': {
|
||||
"cloudkitty-base",
|
||||
"ironic-neutron-agent",
|
||||
"nova-serialproxy",
|
||||
"senlin-conductor", # no binary package
|
||||
"senlin-health-manager", # no binary package
|
||||
"tacker-base",
|
||||
"trove-base", # package is not installable
|
||||
"neutron-mlnx-agent",
|
||||
"cloudkitty-base", # no support in Dockerfile
|
||||
"ironic-neutron-agent", # no support in Dockerfile
|
||||
"nova-serialproxy", # no binary package
|
||||
"tacker-base", # no binary package
|
||||
},
|
||||
|
||||
'ubuntu+binary': {
|
||||
@ -697,7 +693,7 @@ class KollaWorker(object):
|
||||
if self.base in rh_base:
|
||||
self.conf.distro_python_version = "3.6"
|
||||
elif self.base in ['debian']:
|
||||
self.conf.distro_python_version = "3.7"
|
||||
self.conf.distro_python_version = "3.9"
|
||||
elif self.base in ['ubuntu']:
|
||||
self.conf.distro_python_version = "3.8"
|
||||
else:
|
||||
|
@ -63,7 +63,6 @@ debian:
|
||||
erlang: "deb http://ppa.launchpad.net/rabbitmq/rabbitmq-erlang/ubuntu bionic main"
|
||||
grafana: "deb https://packages.grafana.com/oss/deb stable main"
|
||||
influxdb: "deb https://repos.influxdata.com/debian buster stable"
|
||||
libvirt: "deb https://obs.linaro.org/repos/home:/marcin.juszkiewicz:/kolla-wallaby/debian-buster ./"
|
||||
logstash: "deb https://artifacts.elastic.co/packages/oss-7.x/apt stable main"
|
||||
kibana: "deb https://artifacts.elastic.co/packages/oss-7.x/apt stable main"
|
||||
rabbitmq: "deb https://packagecloud.io/rabbitmq/rabbitmq-server/debian/ buster main"
|
||||
@ -76,7 +75,6 @@ debian-aarch64:
|
||||
influxdb: "deb https://repos.influxdata.com/debian buster stable"
|
||||
logstash: "deb https://artifacts.elastic.co/packages/oss-7.x/apt stable main"
|
||||
kibana: "deb [arch=amd64] https://artifacts.elastic.co/packages/oss-7.x/apt stable main"
|
||||
libvirt: "deb https://obs.linaro.org/repos/home:/marcin.juszkiewicz:/kolla-wallaby/debian-buster ./"
|
||||
rabbitmq: "deb https://packagecloud.io/rabbitmq/rabbitmq-server/debian/ buster main"
|
||||
td-agent: "deb http://packages.treasuredata.com/4/debian/buster buster contrib"
|
||||
|
||||
|
@ -529,7 +529,7 @@ class KollaWorkerTest(base.TestCase):
|
||||
"""check distro_python_version for Debian"""
|
||||
self.conf.set_override('base', 'debian')
|
||||
kolla = build.KollaWorker(self.conf)
|
||||
self.assertEqual('3.7', kolla.distro_python_version)
|
||||
self.assertEqual('3.9', kolla.distro_python_version)
|
||||
|
||||
def test_build_distro_python_version_rhel80(self):
|
||||
"""check distro_python_version for RHEL8.0"""
|
||||
|
@ -18,7 +18,7 @@ RUN echo registry={{ nodepool_npmjs_proxy }} > /etc/npmrc \
|
||||
{% if base_distro in ['debian', 'ubuntu'] %}
|
||||
{% endraw %}
|
||||
|
||||
# NOTE(hrw): Debian 'buster' and Ubuntu 18.04 refuse to use unsigned repos
|
||||
# NOTE(hrw): Debian since 'buster' and Ubuntu since 18.04 refuse to use unsigned repos
|
||||
RUN echo 'APT::Get::AllowUnauthenticated "true";' > /etc/apt/apt.conf.d/99allow-unauthenticated \
|
||||
&& echo 'Acquire::AllowInsecureRepositories "true";' > /etc/apt/apt.conf.d/99allow-insecure-repos
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user