The goal of the swtpm project is to provide a TPM emulator (TPM 1.2 &
TPM 2) that can be integrated into virtualized environments, such as
virtual machines and containers.
Nova supports it for quite a while:
https://review.opendev.org/c/openstack/nova/+/631363
Change-Id: Ifb7e0f1632805807851720873a70179218bdf372
OpenStack 'zed' requires Python 3.8+ so RHEL 8 family has to go.
This changeset moves to CentOS Stream 9 while move to RockyLinux 9 is
planned as final solution.
CI moved to CentOS Stream 9 nodes.
Depends-on: https://review.opendev.org/c/openstack/kolla-ansible/+/839715
Change-Id: I113b9984294cf8663d3fc0c8840320e1d40ea731
Tim Shearer started it in 1d96a2bbe1b536b7d7f4cdbf55c6dabae6d058ae.
Since all extend_start files are sourced rather than executed, the executable
bits are now cleared throughout the project.
Change-Id: Ia1797c32fc6a35f9f077c673abf4d8e16e51a760
As we have one type of images now some RUN calls could be merged so we
will have less layers in resulting images.
Change-Id: I5178c58fbd8c65efe825dc249c0f1368ef0fe8e0
Explicitly set the permissions on the kolla-toolbox kolla_extend_start
file. Also, since all extend_start files are sourced rather than
executed, the executable bits are now cleared throughout the project.
Change-Id: I5c2deb4a2e33575d57c852089f856a9acc6818d0
Big patch drops all mentions of binary images support. Suggestions are
welcome how to split it into parts or handle better.
Change-Id: I5d5a46c6ce7734ceb8b844e17b43e359d7cac6e3
Adds Cyrus SASL packages necessary for the DIGEST-MD5 and SCRAM-SHA-256
mechanisms. These can be used for libvirt SASL authentication.
Change-Id: I13e19ca29eeab40cd08fa3afe2cdf7531867f81b
Partial-Bug: #1964013
We should use the same Python OVS bindings package
version as running OpenvSwitch. See related bug.
Closes-Bug: #1961874
Change-Id: Id6968e3ec1093f26f25f3045e2a6d8cc4f41adaa
This is noop on CentOS (it was installed as a dep already - better
be explicit) but installs qemu-img (and other qemu utils) on
Debian and Ubuntu.
qemu-img may be used by libvirtd to create non-raw images as it
happens, e.g., when Kolla's libvirtd is used by tenks.
Change-Id: Ib79b8486f4d5064e4f249201d28cf5d6541c69ef
This reverts commit 7de91fd60355104cbd650e0fe6f680b2eb0f2ffa.
Reason for revert: Nova dropped pypowervm dependency so we do not need to handle it anymore.
Change-Id: I8bb6c4c07c30f108e77fbb8cdc38d634b42b900f
The EPEL8 repository doesn't provide the necessary spice-html5 package,
and the image is marked unbuildable for CentOS. Let's not make EPEL look
more useful than it is.
TrivialFix
Change-Id: Ia37792ca6e5b40156ebd57b6c290d1ee9d4ff87a
The nvme-cli package is required to get the nvme command executed by
os-brick, which is used by nova-compute.
We don't need to explicitely install it for centos binary images, as it
is required by os-brick which is required by openstack-nova-common, but
all other types of images were missing it.
Change-Id: I754939da7636c57d2a8d5b83debb5d8a58e38432
Closes-Bug: #1953509
Nova depends on pypowervm for POWER architecture support. But it is
unmaintained upstream and breaks CentOS builds (wants to install Py2
only 'futures' package).
Change-Id: Ife9385c93239e910db2e4405ec4661f667357bc0
libguestfs package fetched kernel-core one which fetched linux-firmware.
We remove the last one and save ~500MB of space:
before/centos-binary-nova-compute: 3.3GB
after1/centos-binary-nova-compute: 2.71GB
Closes-Bug: #1946801
Change-Id: I98cc19c95fcec07dd4e494c14c09938d754f1de0
edk2-ovmf introduced a bug [1] and results libvirt/qemu errors
It's going to be fixed in next rebase to libvirt 7.4.0 - but let's pin for now.
[1]: https://bugzilla.redhat.com/show_bug.cgi?id=1961558#c10
Change-Id: I0cb0512ef40c48353d582b1c37a446f251b79ac7
We do not test support for ppc64le on CI or other systems.
In previous cycles it was used by TripleO and now they have own way.
Change-Id: Ibd955869a6f9485dfa4d08a8ad2f4b28b7d59c15
With RDO use we did not disabled some repositories. This patch disable
them and enable where needed.
Change-Id: Ia9d537fe9c1ad54789d2bfb4027254fbb3defe7e
There are several images installing 'python3-libvirt' package. Which for
Debian reside in 'libvirt' repo. So let's enable it where needed.
Change-Id: I1c91d27f2578f5ca7c83c4747725b1d9371880b0
nova-compute uses daxio to cleanup vpmem backend device on instance
delete. If the daxio binary is missing in the nova-compute container
instance delete fails. daxio is provided in centos via daxio, in
ubuntu via the pmdk-tools package.
Change-Id: Ifb5948653565e2ae902783762e20e33527020efe
Closes-Bug: 1907124
Refactor installing and initial setup of httpd and mod wsgi from
individual services to base image.
Change-Id: I651a55a9ebe258ef403d33de010a4dfb368a4021
This is no longer required when Kolla-Ansible is patched.
Note this is *not* safe to backport as it requires the user to
have Kolla-Ansible patched, i.e. would normally break most.
Change-Id: Ic5b9a58d212711a4d6c13822548c92013a6bae50
Related-Bug: #1681461
Depends-On: https://review.opendev.org/735441
This patch modifies the Dockerfile for the Nova API so that
the 'root' user executes the container setup scripts.
This enables the container httpd configuration script to execute.
Change-Id: I374af00a374346840c12777a530d39768b28c908
Partially-Implements: blueprint add-ssl-internal-network
Depends-On: https://review.opendev.org/725962
With the move to RHEL/CentOS 8 we no longer have Python 2 in our images
so there is no need for checking which Python version (2.x or 3.x) is
used inside of containers.
We also no longer have to support yum as a value for
distro_package_manager.
Partially-Implements: blueprint centos-rhel-8
Change-Id: Ie45cf3465fedddbde7856961527421883ba3d5c9
Upstream kibana package contains NodeJS x86-64 binaries so can not be
used directly on non-x86 architectures. I took upstream packages,
removed NodeJS binary from it and added 'nodejs' dependency.
Package is present in my Linaro OBS repository where I keep other
packages needed for aarch64 kolla run. Via APT pinning I mark them as
not wanted so they are not used on any architecture with two exceptions:
1. libvirt - we need fixed version to be able to use ThunderX servers
2. kibana - to be able to run it at all
For x86-64 upstream kibana package is used.
Closes-bug: #1867365
Change-Id: I456402849022100bde1fffdfbf6292b35690f0f2
Instead of listing architectures which do not have those packages we
should list those which have. Makes adding s390x easier.
Change-Id: I68aa6f4b7fb1c8d63c84f3436a34399cc9644060
Storage SIG has built Ceph Nautilus and Ganesha for CentOS8 in CentOS
Build System.
Let's switch to use them in kolla.
Change-Id: Id37dca84c4eb918aaf2d3c036ef5387fe75988dd
The disable_extra_repos macro accepts a list as its only argument. We
were calling it like this to disable EPEL:
disable_extra_repos('epel')
The macro interpreted this as a request to disable three repos, e, p, l.
Thanks Python! Type validation to be improved separately.
Additionally, on CentOS 8 the EPEL repository was not included in the
repository mapping file, repos.yaml. There is also another EPEL
repository on CentOS 8, epel-modular, which is enabled by default after
installing epel-release.
This change adds mappings for epel and epel-modular repos to repos.yaml,
and fixes the disabling of epel in the base image, as well as disabling
epel-modular.
There are some cases where EPEL is still used (it seemed a bit too
easy...), and the repository has been enabled for these images:
* bifrost-base (nginx)
* ironic-conductor (C7 only, shellinabox)
* freezer-base (C7 only, trickle)
* gnocchi-base (C8 binary only, python3-boto3)
* mariadb (pv)
* mongodb (C7 only, mongodb)
* nova-spicehtml5proxy (C7 only, spice-html5)
* telegraf (C7 only, python2-pip)
A few other things were changed:
* ironic-conductor does not require the ceph repo
* python3-pika is no longer installed in the openstack-base image
Related: blueprint remove-epel
Change-Id: I3761825239dfc462072383cde6276c4fb3e1bf12
Fix inability to run UEFI-based images/instances by installing UEFI
packages also in nova-libvirt image which is not based on nova-base.
Includes support for C8.
Backport below Train w/o C8.
Closes-Bug: #1814552
Co-authored-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Co-authored-by: Radosław Piliszek <radoslaw.piliszek@gmail.com>
Change-Id: I1d5cd3d9af98444acac5bedd7daeaa6c6673dcd6
