This patch fixes the workaround proposed in [1] to install
nettle-3.8-3 only on ubi9 containers.
Since we are backporting this fix to stable/wallaby, we need
to guarantee that doesn't break ubi8 containers.
[1] https://review.opendev.org/c/openstack/tripleo-common/+/869104
Change-Id: I039ca97773699f6f744e83172dd6664ace0d8d60
This patch adds installation of nettle-3.8-3.el9 to replace the rhel-9.0
version of the package, since 'dnf udpate' doesn't replace it.
The rhel-9.0 version of this package fails when running under FIPS.
When we get a new version o nettle in centos mirrors, the 'dnf update'
shall install a new version of the package and the workaround can be
remove.
We can't add a condition to install only when fips is enabled, since
build containers job doesn't run under fips enabled mode.
Related-Bug: https://bugzilla.redhat.com/show_bug.cgi?id=2154924
Related-Bug: https://bugs.launchpad.net/tripleo/+bug/1984237
Change-Id: Iedc128120fd6925800c7e95664ce4e13ee8868a8
Previously tripleo-common was installed in nova-scheduler container so
that the additional scheduler filter for baremetal porisioning can be
used. However nova was already removed from undercloud and the library
is no longer used since wallaby.
Also the package pulls the transitive deps and removing it reduces
the container size significantly.
Change-Id: Icae34a6d3f6e9b2c5a02b3bf52eabba1712ec922
Add a kolla_extend_start script to the cinder-backup service that
ensures /var/lib/cinder is owned by the 'cinder' user. See
I2d82c1ca86735d2a8d69b3e28e8cea7acd637f0b for details on what was
done for the cinder-volume service. cinder-backup also needs to run
the script because there's no guarantee the cinder-volume service
is running on every cinder-backup node.
Resolves: rhbz#2167954
Related-Bug: #1908750
Change-Id: I7fcca9fbfea87ac4b245856a3aecae9ffd211938
This http-healthcheck always fails in the case the request is against to
IPv6 address.
Usually, the socket in IPv6 return a tuple that contains four values but
only two values in IPv4.
Currently, only two variables are defined to store return values.
Therefore when extract the return value of socket.getpeername() in IPv6,
an ValueError exception is raised and then healthcheck fails.
This change restrict the return value of the socket.getpeername() to
return only first two elements regardless of IPv4/IPv6.
Closes-Bug: #2004268
Change-Id: I57ae54518a86f93ec92f0e74efadf1fa4da29f0f
This is follow-up of I1bf6987f2feab13ee22ffd240e7a5b0c19346c58 and
fixes the missing become to read the deployment result. The previous
change fixed only the task to check whether the result file exists.
Change-Id: I742891ca11d77ef4b280d1a1518667992563a16a
Check if deployed file exists for CADeployment | controller-0 | error={"changed": false, "msg": "Permission denied"}
Upgrade returns this error which is simply caused by missing become.
Change-Id: I1bf6987f2feab13ee22ffd240e7a5b0c19346c58
The latest python3 job template does not contain python 3.9 job but
only 3.8 and 3.10 jobs. This updates the dependency to avoid the error.
Change-Id: I733856564c552843df3e02045ead634e7e8bfb0d
Follow-up Ieaacb67d16e82e9c34fcfb31398da5a95cdc3d43
Add missing tests for /usr/share/qemu/firmware/50-edk2-ovmf-*.json
Note: it also comment out the upgrades jobs in order to not fail on Zed
line which is also affected.
Related: rhbz#2090752
Related: rhbz#2109644
Closes-bug: #2001626
Change-Id: I540c681687f5502aaa2e0b9d8b81b5fef83b2bc2
Co-Authored-By: Cedric Jeanneret <cjeanner@redhat.com>
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
skipdist=True does not work with latest tox 4.x.
Also, skip_install=True without any deps causes the following task
failure in CI, because the log directory is no longer created. This
change ensures we use the individual environment instead of using
a different environment.
TASK [tox : Install any sibling python packages]
...
ubuntu-jammy | FileNotFoundError: [Errno 2] No such file or directory:
'/home/zuul/src/opendev.org/openstack/tripleo-common/.tox/pep8/log/
pep8-siblings.txt'
Closes-Bug: #2000357
Co-Authored-By: Rabi Mishra <ramishra@redhat.com>
Change-Id: I638649e0722011ad39cc94f0cc0bfcf65cf1518b
This reverts commit 140fc48e73.
Reason for revert:
The original change breaks authentication without authfile.
Closes-Bug: #1999749
Change-Id: Ifbfba09c8ac552cc3c18adb482540541a282488b
This change adds the -E flag to the buildah_cmd
to preserve environment variables like the authfile.
Resolves: rhbz#2151943
Change-Id: Ib7beb1341bbbff3c15b191cf34102c3f7e252034
This patch remove trunk.registry.rdoproject.org
and replace with quay.rdoproject.org.
trunk.registry.rdoproject.org going to decomission
soon.
Signed-off-by: Amol Kahat <amolkahat@gmail.com>
Change-Id: I133cd5e889de02246daa3d9647010986085c5025
In order to fix swtpm logs access permissions and to use the same
approach among Compute specific users (qemu, tss, libvirt, nova):
* Add nova to tss group for swtpm tool to function in virtqemud
when running w/o root access.
* Change tss user uid/gid/home dir config in TCIB similarly to qemu,
for consistency reasons.
There is no upgrade impact as vTPM had never been technically released
in the layered downstream product.
Related: rhbz#1782128
Change-Id: Id242a20b7f1193ca2d9a0d7508e12f0f68cfc018
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
We use the default networking (netavark) with RUN instructions.
We can simplify this by just using host network.
Change-Id: I99bdc55445313f823a761b913407398f98650c5f
tripleo_inventory files mean nothing in the context of running standalone
roles, and the configuration that is included in the set of inventory
files is tampering with the configuration needed to run standalone roles
on external dataplane. It seems better to not mount them by default on the
/runner directory, but let the user mount them if they are useful to his
case.
Change-Id: I5f99a2fad3ddd5b00d4a7363565545d08f8523fe
Downstream deploys ceph either out-of-band or with a
downstream-defined overcloud-minimal image, so these images are likely
unused and untested.
This will need some confirmation from ceph folk though, I'll add them
to this review.
Change-Id: Ia4f3ca5b9838ab93ed1f20dc9a26168f030821b7
Downstream the realtime kernel images are created by documenting a
recipe to use virt-customize on overcloud-hardened-uefi-full. So these
image definitions has likely not been used for a very long time.
Change-Id: I6fbfdca7efcd84317b3085b58273edbb4da60029
Douglas Viroel