714 Commits

Author SHA1 Message Date
Marcin Juszkiewicz
0bc7fe7b1a Debian: use libvirt 8 and qemu 6.2
Libvirt 8 got recently backported to bullseye so we can make use of it.
QEMU 6.2 was already available but conflicted with libvirt/bullseye.

Also started listing which packages we want from backports.

Change-Id: I335e5748e9624fe470adbaf6a6f080a3ae468f04
2022-02-21 10:34:35 +01:00
Zuul
a1211c639e Merge "Add Prometheus libvirt exporter image" 2022-02-18 09:32:01 +00:00
Doug Szumski
afce8598ac Add Prometheus libvirt exporter image
This adds a libvirt exporter image for use with Prometheus.

Partially-Implements: blueprint libvirt-exporter
Change-Id: Ice2af99a323496d3821762851b663899d15f569a
2022-02-17 10:17:09 +01:00
Zuul
cabfd43f49 Merge "Add LetsEncrypt images for cert request/renewal" 2022-02-15 18:31:45 +00:00
Zuul
333fb35c79 Merge "rabbitmq: update to 3.9" 2022-02-11 11:03:15 +00:00
Mark Goddard
909710d739 ironic: Fix UEFI & iPXE bootloader filenames
When using Ironic with UEFI boot mode and iPXE booting, nodes will
attempt to chainload iPXE using a Network Boot Program (NBP). This is
configured in Ironic via [pxe] uefi_ipxe_bootfile_name, and the default
since Xena is snponly.efi. In Wallaby and earlier releases, the default
was ipxe.efi. These files need to be available in the /tftpboot
directory of the ironic-pxe image.

The current default of snponly.efi was not present for any supported
distros. ipxe.efi was present for Debian/Ubuntu but not CentOS, which
appends the architecture to the filename (e.g. ipxe-x86_64.efi).

This change ensures that both ipxe.efi and snponly.efi exist in
/tftpboot for all supported distributions, ensuring that both the
current and previous Ironic defaults should work. Where these files have
different names, we use symlinks to allow for any deployers overriding
the filenames in configuration.

Closes-Bug: #1959203

Change-Id: I79e78dca550262fc86b092a036f9ea96b214ab48
2022-02-10 12:44:14 +00:00
Michal Nasiadka
732860302c rabbitmq: update to 3.9
Also update Erlang to 24

Change-Id: Ifbaccc54896bab096a6d16dc7733941dd600cf39
Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/828594
2022-02-09 17:26:39 +00:00
Jason Anderson
68f5856728 Add LetsEncrypt images for cert request/renewal
Adds container images for LetsEncrypt.

Implements: blueprint letsencrypt-https
Change-Id: I36d1a367fd8f40bb93ebc49122c8ee4fdcc151b2
Co-Authored-By: Jason Anderson <jasonanderson@uchicago.edu>
2022-02-04 22:55:00 +00:00
Zuul
d84cd121ca Merge "Ensure set_configs sets execute bit on directories" 2022-01-31 13:40:20 +00:00
Jakub Darmach
1fe983df4f Ensure set_configs sets execute bit on directories
While handling permissions for directories, set_configs.py configures them
same as for files - i.e. 0640 set in config.json which works fine for file
will cause any potential subdirectories to lack traverse permission.

Check and permission change was added to handle_permissions function
to add +x if +r is present for user, group, others.

Change-Id: Ic6e3ae4ff40c6ce5a5c0646ed309a2938903f6c0
2022-01-28 09:52:16 +00:00
Dr. Jens Harbott
a8e6924bea Unpin td-agent and cap elasticsearch gem
With [0] the version of td-agent being installed was pinned, which isn't
sustainable in the long run, so we drop the pin.

Latest version of the elasticsearch gem no longer works with older
(OSS) versions of Elasticsearch. This is fixed by downgrading the version
of the elasticsearch gems.

[0] Iefcdd3100b7e3c5320bc5f1286a18251bdeab885
Related-Bug: 1930867
Closes-Bug: 1954759
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/823155
Change-Id: I3045786e863b098d7339d1066aef6c857aa5f97f
2022-01-27 09:49:32 +00:00
Xinliang Liu
b6e057d694 Use distro provided GRUB efi
Use distro provided GRUB efi instead of creating it like ironic GRUB
setup doc[1]. This avoids below ubuntu ironic-python-agent images PXE
booting failure.
----------
error: invalid magic number.
error: you need to load the kernel first.

Press any key to continue...
----------

This also fixes x86_64 uefi pxe booting issue by setting up GRUB efi
for x86_64.

Besides, GRUB setup only needs to do once at bootstrap stage.

[1]:
https://docs.openstack.org/ironic/train/install/configure-pxe.html#uefi-pxe-GRUB-setup

Closes-Bug: #1879265
Change-Id: I8be5bdf5f1a62751aefe6bd0959e8f558fcfe591
2022-01-26 19:48:34 +00:00
Zuul
d7dde02653 Merge "Mitigate two Log4j vulnerabilities in Apache Storm" 2022-01-21 16:22:26 +00:00
Pierre Riteau
448e4f56aa Mitigate two Log4j vulnerabilities in Apache Storm
The Log4j version was bumped on GitHub [1] but it is still pending
inclusion in a release of Apache Storm.

Apply the alternative mitigation recommended by Log4j [2] of removing
the JndiLookup class from the classpath.

[1] https://github.com/apache/storm/pull/3427
[2] https://logging.apache.org/log4j/2.x/security.html

Change-Id: Ib3ecd73f9e39e320acb2c5f0962b8af9b1a817e9
2022-01-13 22:35:27 +01:00
Michal Nasiadka
0a536f47a8 magnum: fix issue with keystone auth default policy
Closes-Bug: #1957159
Change-Id: I042da2234d0a06f1b7ddcac9eb6db8b86f13d205
2022-01-12 12:01:52 +00:00
Radosław Piliszek
d3cb86a837 Add fluentd grok-parser plugin on CentOS on aarch64
This conditional was missed in the original patch moving aarch64
to td-agent. [1]

After this change, other plugins will have newer versions
installed as well, as it happens in other image flavours.

[1] I86ecdc1ac45dfd76b94a34d1b837f7c0bc975dcd

Closes-Bug: #1955889
Change-Id: I10ff098b3356eb02ad4a1006b988812356768fec
2021-12-28 13:38:19 +00:00
Zuul
aacde4a0de Merge "Drop vmtp" 2021-12-21 12:16:04 +00:00
Zuul
5fc3949b92 Merge "Bump up Alertmanager version" 2021-12-21 10:29:43 +00:00
Radosław Piliszek
36a1286bba Drop vmtp
Details in the attached reno.

Change-Id: I1a8363da02d98255fce31749f4c9838088443a67
2021-12-20 18:30:24 +00:00
Piotr Parczewski
ad87c84375 Bump up Alertmanager version
Yoga deserves a newer version than one from 2019.

Change-Id: Ib7b45ea6ca0a465ce075ac2f2a0e7b8006ee6190
2021-12-16 10:59:07 +00:00
Zuul
8e8daa3565 Merge "Ensure nvme-cli is present in nova-compute images" 2021-12-08 18:44:23 +00:00
Zuul
077f13681c Merge "qdrouterd: add release note with deprecation notice" 2021-12-08 12:01:10 +00:00
Pierre Riteau
30eddf72f6 Ensure nvme-cli is present in nova-compute images
The nvme-cli package is required to get the nvme command executed by
os-brick, which is used by nova-compute.

We don't need to explicitely install it for centos binary images, as it
is required by os-brick which is required by openstack-nova-common, but
all other types of images were missing it.

Change-Id: I754939da7636c57d2a8d5b83debb5d8a58e38432
Closes-Bug: #1953509
2021-12-07 16:02:03 +01:00
Zuul
f44d6ce85a Merge "Upgrade pip and friends in source images" 2021-12-07 14:07:18 +00:00
Marcin Juszkiewicz
dd59290bf7 qdrouterd: add release note with deprecation notice
Change-Id: I86461c65902e15e39b787fea86d6dc367de26f57
2021-12-07 13:28:32 +01:00
Zuul
f371e9b6eb Merge "nova: drop pypowervm dependency" 2021-12-04 21:06:41 +00:00
Zuul
e3e9a8bea5 Merge "nova-compute: trim image a bit on CentOS" 2021-12-04 21:06:27 +00:00
Marcin Juszkiewicz
7de91fd603 nova: drop pypowervm dependency
Nova depends on pypowervm for POWER architecture support. But it is
unmaintained upstream and breaks CentOS builds (wants to install Py2
only 'futures' package).

Change-Id: Ife9385c93239e910db2e4405ec4661f667357bc0
2021-12-01 16:52:08 +01:00
Marcin Juszkiewicz
dc683fa1cc document that binary images are now deprecated
Support for binary images gets removed in Z cycle.

Change-Id: I9cd93a2022d6b9d17f326d55d57f86cb5e141e7d
2021-11-28 11:06:14 +01:00
Radosław Piliszek
a41001f714 Upgrade pip and friends in source images
New pip has nice features for detection of conflicting
requirements.

When installing from PyPI, as we do in source images, running
the latest pip+setuptools+wheel is recommended.

Co-authored-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Change-Id: I4ae3a82cc796a60450c2a35beba32972964bc5d0
2021-11-26 12:11:12 +00:00
Marcin Juszkiewicz
bbef9846c3 nova-compute: trim image a bit on CentOS
libguestfs package fetched kernel-core one which fetched linux-firmware.
We remove the last one and save ~500MB of space:

before/centos-binary-nova-compute: 3.3GB
after1/centos-binary-nova-compute: 2.71GB

Closes-Bug: #1946801
Change-Id: I98cc19c95fcec07dd4e494c14c09938d754f1de0
2021-11-26 12:10:32 +00:00
Zuul
1a9d5a1a42 Merge "Add Swift lock path in Swift containers" 2021-11-23 12:52:28 +00:00
Zuul
bc4c654e9b Merge "Use MariaDB 10.6" 2021-11-22 09:57:07 +00:00
Stanislav Dmitriev
ff25b500d2 Add Swift lock path in Swift containers
Swift-recon-cron requires rw access to the lock path
specified in in object-server.conf file. Currently it
doesn't exist in Swift containers

Closes-Bug: #1926203
Change-Id: Id3f824b741a5aa98efc7162fb7d49657e86a2bee
2021-11-18 20:20:26 -05:00
Marcin Juszkiewicz
88e6bcf38a reno: polish release notes for Xena
Change-Id: I748fb3fa259303a89ef2615a37299360bcf11545
2021-11-18 14:21:33 +00:00
Radosław Piliszek
b8b181a060 Use MariaDB 10.6
As planned for Yoga.

Change-Id: Ibcfbaa1903c7059e437bb2118bc4c9de4a9b854e
2021-11-04 12:47:56 +00:00
Zuul
ecb88c5d0c Merge "Remove InfluxDB data source Grafana plugin" 2021-11-03 11:55:02 +00:00
Michal Nasiadka
2d1bbe7257 neutron: Use update-alternatives --display instead of --query
--query is not supported before update-alternatives 1.15
and CentOS uses 1.13

Closes-Bug: #1936947
Change-Id: I78da7eb2b6b5eae2b04fd95b24615bd4a572a1d6
2021-10-29 09:59:51 +00:00
Zuul
1766ce8314 Merge "cinder-volume/ubuntu: add lsscsi and nvme" 2021-10-26 10:03:56 +00:00
Michal Nasiadka
3df1a1dde9 ovn: Add Debian x86 images
aarch64 still has no installation candidate

Change-Id: I645f5d04ff2be3a5857765e901eccfe0b56ff199
2021-10-22 13:17:07 +00:00
e95083dcdd Update master for stable/xena
Add file to the reno documentation build to show release notes for
stable/xena.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/xena.

Sem-Ver: feature
Change-Id: If65ad4864aee3e5d86db7ec3cd0119e043fb4f1e
2021-10-14 12:22:16 +00:00
Michal Nasiadka
dfb65af884 cinder-volume/ubuntu: add lsscsi and nvme
Closes-Bug: #1942038
Change-Id: Id488635110c6158dd23466250c9d57c4f0bc03ff
2021-10-13 07:32:26 +00:00
Zuul
65766120d5 Merge "Revert "Add missing reno"" 2021-10-12 16:27:12 +00:00
Radosław Piliszek
4de83a464d Revert "Add missing reno"
This reverts commit 1b6d1bf16215f7a166b6b6578ddd9ca242751d3e.

Reason for revert: This is for a change that merged a year ago.
Advertising this as a new bugfix only introduces confusion.

Change-Id: I487f0f5e795b27faf39530d459df13d816082fa2
2021-10-12 13:55:44 +00:00
Michal Nasiadka
2008b386d5 gnocchi: update to 4.4.1
Change-Id: I2bf11d9c8d0e8e76bc79fab698decb4f6efc6096
2021-10-12 14:19:28 +02:00
Zuul
529e7add03 Merge "Add missing reno" 2021-10-12 09:12:33 +00:00
Maksim Malchuk
1b6d1bf162 Add missing reno
Add missing reno for I151420d3036410dd5ce6d90907d72dd3c20643b5

Change-Id: I5ec4e8cfc6048954aaf731808afb70ceb67b6ee5
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>
2021-10-11 16:13:08 +03:00
Michal Nasiadka
0194ac5972 Tidy up renos before Xena release
Change-Id: I6981506aa5315485fe9875d1c2f878547e0de956
2021-10-11 09:24:34 +00:00
Piotr Parczewski
8c092ac5c6 Remove InfluxDB data source Grafana plugin
Grafana has now native support for configuring Influxdb data sources.
Plugin has been defunct anyway since Grafana requires it to be signed.

Change-Id: I461f598bca6606f1d2939e385bb7befe2b792aa6
2021-10-05 19:58:38 +02:00
Zuul
1255eec797 Merge "Remove neutron api-paste.ini from old location" 2021-10-04 17:08:47 +00:00