We want to have all uses of curl behave the same so we ship config file
for it in all images.
So do it at start of image so 'base' makes use of config too.
Change-Id: I95aa64f0b292cd020574dbedd320ef90529cc7a4
healthcheck_socket script requires lsof to check pids of processes
using that socket - that's needed for octavia-driver-agent healthchecks
in Kolla-Ansible.
Change-Id: I0f14c0f67fd81f13c58f231f800829ad759cc54c
Current rabbitmq requires erlang v22.3+ while we had v22.1 on aarch64.
On x86-64 we use upstream repo so have both v22 and v23.
On AArch64 we use Linaro backports repo so have v23.2
Change-Id: I21c3a0e423235301269d0a5b212d0ce6970ab88f
Nova looks into /usr/share/qemu/firmware/ directory. We need 2020.05
version of firmware package for it.
ERROR: nova.exception.InternalError: Failed to locate firmware descriptor files
Change-Id: I546bcf910e886eb75ece62f6be382fe1187efb32
We use official CentOS 8 Stream image as a base.
So far Stream does not have own SIG repos
RDO Wallaby packages will be built against Stream
Kolla CI jobs are renamed to centos8s. Kolla-Ansible ones will follow
in later patch.
Change-Id: Ibb23c9d0caf115fcbba7bd322ecebe8d80b6821a
Upgrade to the latest ELK OSS release. Due to the licensing change, this
effectively pins us to 7.10.x which is supported until 2022-05-11 [1].
This patch also takes advantage of the ARM artifacts which have
been kindly provided since the 7.8.0 release [2].
[1] https://www.elastic.co/support/eol
[2] https://www.elastic.co/blog/elasticsearch-on-arm
Change-Id: Icfa3db5788b25f70ee75411dbaf20d8d4a6a734b
User may provide own base image but it needs to be supported one. If it
is not then we print info and error out.
So provide user with info which release is present in their image.
Change-Id: I0d8417fdeb2f02138d03cc57bd3b7b95bc43fc8f
This fixes comparisons when files are not Unicode-encoded.
A relevant unit test is included.
It can be used as a base for other _cmp_file method unit tests
if the need arises.
Change-Id: Ic638516eb92d24ad247a7866fd1b5e2ac0400388
Closes-Bug: #1913952
Nova requires libvirt 6.0.0 or newer in Wallaby. So I backported 7.0.0
from Debian 'testing'.
AArch64 and x86-64 are covered.
Change-Id: Ia678cd43b5ce53aee528674280f674c596a278ff
nova-compute uses daxio to cleanup vpmem backend device on instance
delete. If the daxio binary is missing in the nova-compute container
instance delete fails. daxio is provided in centos via daxio, in
ubuntu via the pmdk-tools package.
Change-Id: Ifb5948653565e2ae902783762e20e33527020efe
Closes-Bug: 1907124
Currently we use couple of curl options throughout Dockerfiles, this change
adds all common options to curlrc (-sSLf) and removes usage of those in
Dockerfiles.
Change-Id: I46b77978926fc2b578a68d1aaa944b2198af0685
Make start.sh run with pipefail and nounset to avoid common errors
in the start scripts and detect them early.
Httpd code had to be patched to allow it to pass on Debuntu.
Also fix the two missed applications of httpd to make sure all
its path are covered.
And also fix Horizon's ENABLE_ZAQAR - K-A does not use Zaqar.
Yet another - Horizon's settings_bundle. :-)
Finally, fix Neutron for Debuntu (KOLLA_LEGACY_IPTABLES).
Change-Id: I39b8d78f6758df1f92b8b0d2c06ea99b038b843b
Depends-On: https://review.opendev.org/711923
There is small subset of images where we need to know which install_type
or install_metatype is used. So add them only there (and their
children).
Change-Id: Ib7d5e36b958d6c8daf2989df32e29fa24b46c62a
Implements: blueprint infra-images
There are several issues with kolla_set_configs --check:
1. We calculate the destination path incorrectly when comparing a file
in a directory, due to passing arguments to os.path.relpath in the
wrong order
2. For directories that have not changed, we also attempt to compare
them as files, which fails when they are open()ed.
3. If the config JSON does not have a config_files key, it fails with a
KeyError.
The first two issues affect the fluentd container, which specifies
directories as the source, without using a glob. The third affects OVN
containers.
This patch fixes these issues.
Closes-Bug: #1890567
Change-Id: I8921befe51da4282121443849177a7ca5ebe8822
There is a time once every 2 years when ubuntu team releases new LTS
release. And then UCA joins with binary packages for current OpenStack
development cycle.
It is this time for Ubuntu 20.04 'focal'.
Depends-On: https://review.opendev.org/745156
Change-Id: I045aa6b4b4fd83fbe7d1fda89549f0ef1e88ec12
td-agent 4 got released for all distributions we support. For both
x86-64 and aarch64 architectures.
Change-Id: I86ecdc1ac45dfd76b94a34d1b837f7c0bc975dcd
Elasticsearch and Kibana 6 are used on all distros, but Logstash
is still pinned at 2 which is not compatible. See the product
compatibility matrix [1].
[1] https://www.elastic.co/support/matrix#matrix_compatibility
Partial-Bug: #1884090
Change-Id: I1579e762bcfb07f0baa73507eb9955ae2f83c4ec
A bit like we did for I3e0e86026f5a4a78473bed824cd1682d3a020cd5 we
should remove the nss-systemd lookup from containers. The reasons for
this are as follows:
1) Just like for I3e0e86026f5a4a78473bed824cd1682d3a020cd5
when this nss module is triggered it tries to talk to dbus.
It triggers a bunch of selinux denials and it makes little sense
to open all containers to talk to dbus.
In particular, if a container is run as non-privileged and bind-mounts
/run from the host, we will hit selinux denials like the following:
type=USER_AVC msg=audit(1592337775.860:74119): pid=1284 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.DBus member=Hello dest=org.freedesktop.DBus spid=406228 scontext=system_u:system_r:container_t:s0:c162,c886 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=dbus permissive=0 exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'UID="dbus" AUID="unset" SAUID="dbus"
2) It just makes little sense in a kolla-world to have containers
talk to dbus/systemd and it saves us some time when a lookup triggers
the systemd module for whatever reason. Especially because the
nss-systemd module does a few things which are not useful in a container
(ensures that the root and nobody users and groups remain resolvable,
SystemD's DynamicUser= feature, provide Lookup API via Varlink)
The sed regex gives us the wanted results:
$ diff -u /etc/nsswitch.conf.orig /etc/nsswitch.conf
--- /etc/nsswitch.conf.orig 2020-06-19 07:18:10.974580755 +0000
+++ /etc/nsswitch.conf 2020-06-19 07:20:12.260230103 +0000
@@ -53,9 +53,9 @@
# group: db files
# In order of likelihood of use to accelerate lookup.
-passwd: sss files systemd
+passwd: sss files
shadow: files sss
-group: sss files systemd
+group: sss files
hosts: files dns myhostname
services: files sss
netgroup: sss
Related-Bug: #1883849
Change-Id: I81e5b7abf4571fece13a029e25911e9e4dece673
CentOS 8.2 has Erlang and RabbitMQ available in 'messaging/rabbitmq-38'
repository. We use it to grab Erlang while RabbitMQ comes from upstream
(like on x86-64).
Change-Id: I2559267d120081f2e5eabc9d966b019517a5ad5d
It's still using temporary mirror in RDO infra, but now that packages
are properly synced to CentOS mirrors, let's switch to use it.
Change-Id: I913efffe6a1d8a0210b1158261c77d0d45ac3147
'messaging-rabbitmq' and 'opstools' are enabled by RDO
delorean-deps.repo file
'influxdb' was also enabled
Depends-On: https://review.opendev.org/728687
Change-Id: Ibb0a7edc9e5632c1b89a7d52601f55a223b49dfb
There is a repo with binary packages for Ussuri. Let us use them instead
of Train ones.
amd64 only
Change-Id: I071eebc4f60094d881a68e201e8c3bb6e6742ff5
Upstream kibana package ships x86_64 binaries of NodeJS. I usually
repacked package without them to have something for other architectures.
Instead let us install upstream. Then on non-x86 archs we add nodejs
from distribution and remove x86-64 binaries.
Change-Id: Ia9feac726a60250215b1bc78bf90dc68ac6f956a
