If you specify a CUSTOM_PROJECTS_LIST_URL that doesn't exist you get a
message but the script continues. Since you clearly meant to specify
something we should bail so the user can correct the problem.
Additionally, add some documentation to the build-image.sh script to
describe how to use this to cut down build times considerably for
initial testing purposes.
Change-Id: I02d1cd341f793471b1ad4374e98031ea53db7f49
stackviz: In general newer openSUSE distributions switched to nodejs6 LTS,
but Leap 42.2 is still on 4.x.
zuul-worker: No need for libselinux enablement in openSUSE
puppet: cleanup the puppet repo that got added in the install_puppet.sh
code part
Change-Id: If7bf3c799ebb74aeb36c4b1b607b0454993f0ed6
We have had some job runs overrun the journald ring buffer which is used
by default resulting in losing older logs during the job runs. Update
the journald configuration to persistently store the journal so that we
can reliably retrieve those logs when jobs complete.
Change-Id: I5626ce76878287be220a8803f9dfe9a9da950d5b
We currently re-run all the grub setup in 99-fix-grub-timeout which
shouldn't really be necessary (actually a little problematic; although
this is dib's fault, see Ibaaa81124098f3c6febe48e455d3e1cd0a5f1761)
Use the new timeout flag to set this in the bootloader element
directly.
I think it is also an advantage that if you build a testing image with
./tools/build_image.sh this is configurable now ... having to fiddle
the bootloader for debugging is something that happens more than you'd
like.
This is supported since dib 1.26.0
Change-Id: Iafc660a9a8c072af6bf1fd5e51c419abccef4d54
After talking with clarkb, we decided it might be time to also stop
caching packages for devstack. Like the cache-bindep patch before, we
have a robust mirror infra in place right now, and believe we are
ready to start using it more.
Change-Id: I249f21a98fea3b963b7ffb8e3d0fce02cc540d46
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Today each mirror region has an AFS mirror cache of packaging, as a
result lets try having jobs use it over caching bindep.txt
dependencies on our images.
This should save us about 27mins in diskimage build times for
ubuntu-trusty and ubuntu-xenial.
Change-Id: I74ad0fdbd939948d9285dcd7ef839bdbe299319f
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
node-devstack element is not referenced anymore.
It was planned to remove this element when prepare-node was moved
out of node-devstack
See: https://review.openstack.org/#/c/319030/
Change-Id: Ife1c6849d0d1430215e7dc5e1f8a774b3af8d113
Adding the ability to selectively cache only some git repos in
nodepool slave.
This is useful in some environments where it is needless to cache
all the git repos that appear in gerrit.
For example, in a 3rd party CI environment, each nodepool slave
needs only few openstack projects in order to check commits to
a specific project. So it is needless to cache > 1500 projects
currently in gerrit
Change-Id: Ie7302594b24d2bdcc157d3cf64b1f219e7ef0205
Use the openssh-server element to install the SSH server.
Depends-On: Ide15ee04f5de123dbc8ce4bb56d638d8a167c341
Change-Id: Ie8d81f488f8421d4b2ed227c6f7c6779cca96a9d
This seems to have been here since the beginning of time (with time
being the project-config split).
However, since then, Openstack_project::Slave_common as acquired the
ability to install this same environment
(I290a695c697fb456bee6f8212ba50b6c1b4533fc).
The difference was that this file installed zuul from git, while
puppet was installing from pip. However, that changed in
If07b31f3a735cf7bcf6bfb8591ed37577f5ae201 and puppet is now installing
zuul from git. Thus since this now duplicates what's happening in
puppet, I do not believe want or need this.
This element is now breaking the Fedora 24 build when it tries to
overwrite the existing virtualenv already created by puppet.
python::virtualenv creates the virtualenv with a "-p python" argument,
while the second call doesn't, which creates issues with the symlink
layout (see [1] for details).
[1] https://github.com/pypa/virtualenv/issues/976
Change-Id: I7963630c699eaa4984adc6a155bea8f74280cd80
No need to override /etc/resolv.conf if "NODEPOOL_STATIC_NAMESERVER_V4"
enviroment variable is not set.
Change-Id: Idf74d394f5a025b885b830d3afdcbad12655101a
There's two things going on with rc.local setup that break Centos
and Fedora
On Centos, /etc/rc.local is provided as a symlink to
/etc/rc.d/rc.local, which is the actual file systemd's rc-local
service is looking to run at startup. Thus the rc.local contents get
written correctly.
However, centos's rc.local is a dummy file that file needs to have +x
permissions put on it before it will run (this is to prevent it being
part of normal startup, as it depends on the network and holds up
boot). Note Ubuntu/Debian ship a dummy /etc/rc.local with permissions
and just "exit 0". Adding +x therefore doesn't hurt globally so we do
that at the end.
Fedora doesn't have this symlink OR dummy file; thus the existing code
writes out /etc/rc.local which effecitvely does nothing. Thus we
modify things to add the file & symlink if it is not seen. I have
filed an upstream bug to at least bring it inline with centos [1]
which would avoid this work-around.
Copious comments added to help explain this very confusing situation
for the next sucker^W developer. Using rc.local like this is fairly
dangerous (something else might just overwrite it), but if it ain't
(too) broke...
This should fix the odd issues we see for centos & fedora on OSIC's
ipv6 only nodes. These nodes end up using google's ipv4 DNS servers
via their defualt setup, which breaks after neutron runs in devstack.
From that point on, you can't resolve names, but devstack doesn't
actually bail out till quite a bit later when it's installing tempest
from pip.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1386052
Change-Id: Ibe9dc34dd9bf3c8586f64e24b923d462a8c701c8
This commit adds Gentoo support to elements needed to build a Gentoo
nodepool image. The previous version of this commit had the default
section of the pkg-map in the wrong area, specifically in the following
file.
nodepool/elements/infra-package-needs/pkg-map
Change-Id: Ic686c325bc06564585a2e3ac50cadd7556612333
Our images have failed to build for the last 3 days, reverting until we can debug.
This reverts commit 4c515e20732a64d3be1768d776f69506cd36dd29.
Change-Id: I2e653bcd8a30a85ea46a9861bdf9f95413a76f64
Update the doc, that explains how to use disk-image-builder to create an
image, to have an additional dependency on 'debootstrap'
Also remove DISTRO= line from example as it was confusing and would make
people not build the ubuntu-minimal image.
Add a little info on the -minimal build types.
Change-Id: I8a7393a9c71ef503a730e4442941996eab43da6b
Having non-shebang first line (empty one) leads to error on Xenial,
because systemd can't execute scripts without shebang, and rc.local
is not run (`status=203/EXEC`).
Change-Id: Icc2f01b89e6d582ad015009f6916379bee8af7b9
This commit adds Gentoo support to elements needed to build a Gentoo
nodepool image.
Change-Id: I2ceeb915748a11d8e729069566e722a3fe30ba99
Signed-off-by: Matthew Thode <mthode@mthode.org>
This actually breaks a dependency cycle we had with glean. And now
initialize-urandom is run before networking is started.
Change-Id: I891ae11435d279de505d7552129d60efc84de46b
Depends-On: Ifa98cc45f6bbdec722bc9452f17c29a8bddc6a0e
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
The workaround in my custom kernel (from
Iafe6d88e3ac7a2ea23553a5011df920a2ee3317d and
I0769f005da1931658a5fb9e627983ed30c11d212) are incorporated in the
latest upstream release.
Change-Id: Ibb2e2045ce813b4e69447fb5c896a2e0dfd4b1ec
We want to be able to set the time in big steps at the beginning of test
runs and one option for doing so is with ntpdate. Ensure ntpdate is
installed on all our images by putting it into the infra package needs
element.
Note that the package name appears to be the same across ubuntu, centos,
and fedora.
Change-Id: Ib3fd4afe5a89d8a799cc15c57254aaf11b6aa3e5
By making initialize-urandom.service work the same way glean.service
does, we can ensure both services run. Today, glean will report a
dependency error, which breaks networking on ubuntu-xenial.
Change-Id: Ia7e26166323bd398edd000e70368928e758f22d3
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
We overlooked setting up the proper permission on both our
initialize-urandom python and systemd scripts.
Change-Id: I6da27a049954961c9333ebeb48382f8b175dc2d9
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Here we are installing our python app, and setting up systemd. Our
server should run after haveged and before unbound.
Change-Id: I4f9b24f217f271b64f324c922948c54c46cb1110
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
In our Xenial images, we see unbound take a while to start because
it uses openssl which uses the getrandom call which can block during
early boot if the nonblocking random number generator is not yet
initialized.
This script uses haveged to quickly initialize the generator.
This commit only includes the script, a later commit will add the
rest of the necessary install steps to the element.
Change-Id: I09d18a0bad6c380fd149660ebfdaf6c12730dc74
IPv6 privacy extensions can cause issues by preferring a temporary
network over a public one. This preference may limit connectivity
in certain situations. An example of a connectivity issue can be
seen where the command ``traceroute6`` fails or misses all hops
while other traffic to a given domain with a "AAAA" record may
succeed. To resolve this issue the IPv6 privacy extensions have
been disabled.
Related-Bug: #1068756
Change-Id: If3bb0fd690673a6d93114e6aebddb5985344b437
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
As described, I missed that we only keep *one* kernel during dib
build, so as soon as the upstream package updates, it suddenly becomes
the latest kernel and kicks our custom version out.
Guess what happened in the hours between me committing
I0769f005da1931658a5fb9e627983ed30c11d212 and the next dib build.
This will install the current latest kernel with the required patch.
As described in the comment, I have the fix committed upstream so we
can remove this whole thing when fedora rebuilds for the next stable
release (even if the patch isn't in the official stable tree yet).
Change-Id: Iafe6d88e3ac7a2ea23553a5011df920a2ee3317d
Now that osic-cloud1 is only using IPv6 public IPs, we can also add
IPv6 support for unbound.
Change-Id: I9da5a06fdbea04b322cddf6c7e6e829e47492d4c
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
We were missing the * ref which will cache all branches and tags when
building the source repo cache in our images. Add it in so those things
are included.
Change-Id: I1ce6dd0f737a4bb6e6a0a73bf8c010d9ab11c581
It seems npm is broken on fedora-24 currently[1]. As a results,
we'll disable it for stackviz on fedora24.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1351007
Change-Id: Ib83f6eaaf4948a13f065425d2f6eb6a6caa25a7c
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This removes the 'set -e' bash option to make sure 89-prepare-stackviz
doesn't cause DIB builds to fail if npm encounters an error. Instead,
errors are caught and either logged or ignored outright and the script
always returns successfully.
Additionally, this adds a 15 minute timeout for the npm install to
prevent any image build failures that would take excessively long.
Change-Id: I5272eac323069a8df8ab64e1cc5d7c0bad9bd879
The devuser element is designed to add a single development user and
manage their keys. Any local use of devuser by a developer thus
silently conflicts with zuul-worker.
Additionally, this is currently tacitly taking the public-key from
~/.ssh/id_rsa.pub -- i.e. the public key of the currently building
user. Mixing permissions from the builder into the final-image makes
sense for a development-user case, but not for deploying worker
accounts.
This simply creates the worker account by hand, which is easy enough.
To maintain the status-quo we still source ~/.ssh/id_rsa.pub by
default, but provide a documented flag to override this.
Change-Id: Ic9c9e415c158ad1f057b8d2aa2776dbe2bbd1e47
dib 1.17.0 includes fixes for debian-minimal to work with the
apt-sources element in I69dbaa34be3db3d667e6bd8450ef4ce04a751c70
This moved to having the base repos split out from the usual
/etc/apt/sources.list into separate files in /etc/apt/sources.list.d
Unfortunately, this puppet module does the cleanup by glob removal of
everything in that directory, which is a bit unsafe.
I've refactored this slightly so that, like the RedHat path, we only
remove the puppetlabs repos files.
Change-Id: I5bcd8880a90d238b77aaacfd1eaf0a720552c7ee
In [1] some new safe_sudo checks were added, which lead to errors
in the project-config elements. We add tags to ignore these errors
for now.
[1] I161a5aea1d29dcdc7236f70d372c53246ec73749
Change-Id: If3ff10b8fbf20a8327895f439b955f9941818668
