Rather then explicitly forcing a security context for unbound, we
should restore the default selinux contexts defined by the OS.
Change-Id: I4bb21dcbbcbcff6a5458ebf9478f58d95ad7240a
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This commit creates a venv for installing os-testr which will enable
all test jobs to have access to the subunit2html utility which has
been moved to live inside the os-testr package instead of as a slave
script.
Change-Id: I2050b54eb2def10438764f3eeb55ecf9caa874dc
This help when reading log files from nodepool. Otherwise we see the
following in the log files:
[1;31mWarning: Config file /etc/puppet/hiera.yaml not found, using
Hiera defaults[0m
Change-Id: I3a865e5107e2749ed44c144539af49e311e0125f
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
The nodepool base element really needs the puppet element, but we didn't
express that in the element deps. That makes a later reorg of elements
more difficult than it needs to be, because our consumption element list
is expressing internal dependency chains.
Change-Id: Ib2296bed1d7f289e7aa2720a38555275de1b6402
This reverts commit 71d10ea626f5a62d6b48133e19f469b19c9a7f14.
It was unnecessary once the offending wheel got removed from PyPI,
and this never worked anyway. It was preventing the ability to boot
new nodes, erroring thusly:
./configure_mirror.sh: line 25: /tmp/pip.conf: Permission denied
Deleting the images to which the change was applied returned
nodepool to being able to boot new nodes again.
Change-Id: I0841c6a5a26cf5be22e2d8fea861bdceb0393842
The nodepool-base element relies on a couple environement variables.
Describe NODEPOOL_SCRIPTDIR and NODEPOOL_STATIC_NAMESERVER in the
README.rst file.
Change-Id: I56f2aab095a0504e19598d7296d072e7a51b07c2
Invoke bindep from the bindir for its virtualenv in /usr/bindep-env,
and guard its exit code with true since its normal behavior is to
return zero only when all needed packages are already present.
While here, replace calls to tempfile with mktemp since the former
is not readily available on CentOS 6.x.
Change-Id: I926e73f305b1b54f6855cc4acf3407e91b88213a
While git show is being used to build up a list of candidate
packages to cache, it can cause the cache hook to abort if it
returns nonzero because of a nonexistent bindep list file. Guard
that with a fallback to true so that the loop can continue
normally.
Change-Id: Ic3b773ad2e8efa2c450d37a0115355c0e95da853
The version of git on CentOS 6.x is too ancient to support git
branch --list which is necessary to disambiguate -r with a name
pattern. Instead just list all remote branches and filter with grep
like a good Neanderthal.
Change-Id: I4e673e86acb70c205d159e22b5864cf60ae831df
A quirk of diskimage-builder is that no two elements you compose are
allowed to have parts with the same filename. Rename cache-bindep's
install.d/50-download-pkgs so that it doesn't conflict with the one
of the same name in the cache-devstack element.
Change-Id: I5709147fc5bd4c06fb1bba8ea0e068c0eda7d010
Remove jobs which test stable/icehouse branches of repos tagged
release:managed as the branch has reached end-of-life and is being
removed from those repos.
Change-Id: I88a44cfa84597012af7da0bd22de02dc2349b1fa
Passing a source-repositories ref of "*" signals fetching all heads
and tags rather than just a specific refname. This is desirable for
the warm cache on our job workers, since jobs may run against
arbitrary branches (or possibly even tags). The point is to have a
reasonably complete mirror of each repo, rather than a fairly
minimal clone.
Change-Id: I624ed1e259e007d4246afb45c3a0560598bfbe3f
Depends-On: I4562c9689a8d235ebe09b2f7178aa5890dbc85f1
We intend to use bindep to tell us what distro packages should be
installed at job run-time, so need to similarly identify those in
such a way that they can be cached on our worker images.
Install the latest bindep release from PyPI into /usr/bindep-env
(consistent with the way we provide virtualenvs for access to
zuul-cloner and libraries used by our log uploads to swift).
Concatenate bindep lists from all branches of every hosted Git repo
along with our fallback list in project-config. Run bindep to render
them into a platform-specific manifest of package names and feed
that to the relevant package management tool for the platform to
download this set into the package cache.
Note that similar tooling is not applied to snapshot nodes, since we
only intend to run jobs which use bindep on diskimage-builder
created nodes.
Change-Id: I0c408fee35dfe9b4f700c51565bfaae0a3d03beb
If we have booted with cloud-init, then this status directory is
populated. Remove it so when we boot snapshot images, they behave as
if on a fresh system.
Change-Id: Idc9ce01290b659e3239d30be847221447a8e5e84
hpcloud has started sending metadata to cloud-init to mount ephemeral
disks. This ends up writing a fstab entry for /dev/vdb.
---
$ curl http://169.254.169.254/2009-04-04/meta-data/block-device-mapping/ephemeral0
/dev/vdb
---
It's unclear why this just started happening, but it did.
devstack-gate later attempts to repartition this into swap & disk
space and mount it elsewhere. So remove this mount from fstab -- it
shouldn't come back because the next thing we do here is tell
cloud-init to not use the metadata source.
Change-Id: I3787d0f7e5139e891686ffbb2970e65d09f112b1
The build for node-devstack will fail because of missing scripts unless
nodepool-base is executed before, so add this as dependency.
Change-Id: Iabc06a542529500ad248ae067beed9639d24e506
Cleanup every use of `` for subshells in the nodepool and tools
directory , replacing them with $(), and finally making the scripts
consistent.
Change-Id: I2b05cd20f9c9a30ab88f8db235aa81da93b1fad3
Some packages may depend on python-setuptools, which is not
installed and cannot be reinstalled on CentOS 6.x once yum has
erased them, so use --skip-broken to avoid aborting. Also on this
platform --downloadonly causes yum to return nonzero even when it
succeeds, so ignore its exit code.
Change-Id: Iaada39ae81e1e47fe9d0bedba80fd19e4e0e6f38
During scripted snapshot image builds we remove python-setuptools on
rhel/centos 6. This uninstalls cloud-init on hpcloud centos6 builds
because cloud-init depends on setuptools. We don't actually need
cloud-init in hpcloud because they use dhcp and we have hard coded ssh
keys so just don't bother setting cloud-init config if the config dir in
/etc does not exist.
One could argue that we would possibly want cloud-init to regen host
keys for us, but centos' sshd service should do that for us if the host
keys do not exist.
Change-Id: I96621b0ab1574eb8db0f4394877d3c1fc8208576
When we're building nodepool images on top of minimal elements, there
will be no cloud-init, and therefore no need to disable cloud-init
datasources. In fact, trying to do so will be an error.
Change-Id: I98887c43566e07f2be9d2dc5fae6538078c7348e
If someone is building an image locally and don't want to do anything
special with nodepool scripts, they should not need to set an env var.
The env var obviously still needs to be honored for nodepool operation
and for override.
Change-Id: I08076a8eafe7019e715b1b46633e8f603031a1ea
The --downloadonly option to yum is provided by the
yum-plugin-downloadonly package. This is merely a virtual package
satisfied by yum itself in newer releases, but an optional package
in older ones such as CentOS/RHEL 6.x. Install it just to be sure it
will work, since we use this to pre-cache RPMs on nodepool images.
Change-Id: I9e2e1605f3721c410180aa46a81b7b731d08503a
On CentOS 6.x the rpm executable is in /bin instead of /usr/bin, but
the cache-devstack element ends up running yum if it wants to
download RPM packages anyway. Look for yum instead of rpm as an
indication of which packages to install.
Commit fa18656 fixed this in cache_devstack.py for snapshot images,
but missed that it was affecting diskimage-builder elements as well.
Change-Id: I4b76a48564cd5d703d79cfda88bbbfe97216a70a
Since DIB creates a chroot but doesn't actually chroot in an
extra-data script, look for /etc/redhat-release relative to the
temporary chroot base path. Also given that the centos element
leaves DIB_RELEASE exported as am empty string in the calling
environment rather than unset, place it first in the conditional
list.
Change-Id: I0a51f88ff5ea71b6aa6e6406b656cefb0e135e88
Change fd9c80208c00021a49df6907973bbbb3fa242069 inadvertently
removed the subprocess import from 55-cache-devstack-repos even
though it was used in a function defined within that element, unlike
in its snapshot prep script counterpart. Readd it so that this
element works again.
Change-Id: I954a1e7e99af96b08e0a59e99e513902731fd773
On CentOS 6.x the rpm executable is in /bin instead of /usr/bin, but
cache_devstack.py ends up running yum if it wants to download RPM
packages anyway. Look for yum instead of rpm as an indication of
which packages to install.
Change-Id: Iad79c0fcf66d2bd457195f007009c76f6e6aa2d2
We don't need it for anything other than detecting whether or not we
should update the sources.list file. Except that's obviously not
something we should do on systems with yum
Remove the call and defer it to install_puppet where it's also
installed.
Change-Id: Ie22aeac1e4c731e7ab61514cb4982c8c35c482e6
In the DevStack caching script/element for Nodepool images, use
run_local instead of subprocess.check_output in the _find_images
function. The latter wasn't introduced until Python 2.7 and so won't
work on CentOS 6. The script called from this function returns
quickly and doesn't benefit from non-blocking I/O anyway.
Change-Id: I3129f1f5b3fece321ae132ea1a52b0e156e58365
The centos element (which is CentOS 6.x specific) doesn't provide
DIB_RELEASE so we have to identify it another way.
Change-Id: Ibf3b25b99f03c6077538dec6c3770dc0f690e3f5
Some CentOS 6 images do not come with redhat-lsb-core preinstalled,
so the lsb_release command is not available when prepare_node.sh
wants it. Make sure we install it first if it's not already there.
Change-Id: Ieeae21538c237e069acbc4df051474071b81ba4a
technical_debt = technical_debt - 1
This function is now available from the subunit2sql 0.4.2 API,
so lets use it and clean up this TODO.
Change-Id: I5acf279b2e78dddaeb59489d01d92c00ee996f8d
Rather than deleting cloud-init, which is going to take longer, just
disable ec2 metadata service. This will be a no-op on rackspace, which
already does this.
Change-Id: I5e8baee50800f7aae474288a914333c21466855a