Commit Graph

4724 Commits (master)

Author SHA1 Message Date
Douglas Viroel 9fca209d49 Pin nettle-3.8-3 on ubi9 only
This patch fixes the workaround proposed in [1] to install
nettle-3.8-3 only on ubi9 containers.
Since we are backporting this fix to stable/wallaby, we need
to guarantee that doesn't break ubi8 containers.


Change-Id: I039ca97773699f6f744e83172dd6664ace0d8d60
2023-03-08 18:31:27 -03:00
Zuul 255a6c00da Merge "[FIPS] Install nettle-3.8-3.el9 in tcib base container" 2023-03-02 15:55:54 +00:00
Douglas Viroel bd6900efa3 [FIPS] Install nettle-3.8-3.el9 in tcib base container
This patch adds installation of nettle-3.8-3.el9 to replace the rhel-9.0
version of the package, since 'dnf udpate' doesn't replace it.
The rhel-9.0 version of this package fails when running under FIPS.
When we get a new version o nettle in centos mirrors, the 'dnf update'
shall install a new version of the package and the workaround can be
We can't add a condition to install only when fips is enabled, since
build containers job doesn't run under fips enabled mode.

Change-Id: Iedc128120fd6925800c7e95664ce4e13ee8868a8
2023-03-01 13:08:33 +00:00
Sean Mooney 64aaa5cef1 remove unused tripleo-common dep form nova-scheduler.
Previously tripleo-common was installed in nova-scheduler container so
that the additional scheduler filter for baremetal porisioning can be
used. However nova was already removed from undercloud and the library
is no longer used since wallaby.

Also the package pulls the transitive deps and removing it reduces
the container size significantly.

Change-Id: Icae34a6d3f6e9b2c5a02b3bf52eabba1712ec922
2023-02-20 14:39:33 +09:00
Alan Bishop b6cf34a953 TCIB: Add cinder-backup script
Add a kolla_extend_start script to the cinder-backup service that
ensures /var/lib/cinder is owned by the 'cinder' user. See
I2d82c1ca86735d2a8d69b3e28e8cea7acd637f0b for details on what was
done for the cinder-volume service. cinder-backup also needs to run
the script because there's no guarantee the cinder-volume service
is running on every cinder-backup node.

Resolves: rhbz#2167954
Related-Bug: #1908750
Change-Id: I7fcca9fbfea87ac4b245856a3aecae9ffd211938
2023-02-07 13:19:16 -08:00
Nozomi Kawamoto f15417d662 Support IPv6 for HTTP request
This http-healthcheck always fails in the case the request is against to
IPv6 address.

Usually, the socket in IPv6 return a tuple that contains four values but
only two values in IPv4.

Currently, only two variables are defined to store return values.
Therefore when extract the return value of socket.getpeername() in IPv6,
an ValueError exception is raised and then healthcheck fails.

This change restrict the return value of the socket.getpeername() to
return only first two elements regardless of IPv4/IPv6.

Closes-Bug: #2004268
Change-Id: I57ae54518a86f93ec92f0e74efadf1fa4da29f0f
2023-02-01 00:13:58 +09:00
Takashi Kajinami 2b51904a35 Fix still missing become to get deployment result
This is follow-up of I1bf6987f2feab13ee22ffd240e7a5b0c19346c58 and
fixes the missing become to read the deployment result. The previous
change fixed only the task to check whether the result file exists.

Change-Id: I742891ca11d77ef4b280d1a1518667992563a16a
2023-01-26 18:26:27 +09:00
Zuul 19b2a2a548 Merge "FFWD3: Resolve deployment error with become" 2023-01-19 21:57:28 +00:00
Lukas Bezdicka c9e8b25bd1 FFWD3: Resolve deployment error with become
Check if deployed file exists for CADeployment | controller-0 | error={"changed": false, "msg": "Permission denied"}

Upgrade returns this error which is simply caused by missing become.

Change-Id: I1bf6987f2feab13ee22ffd240e7a5b0c19346c58
2023-01-19 12:31:23 +01:00
Takashi Kajinami 6fb51df5f1 Fix invalid job dependency
The latest python3 job template does not contain python 3.9 job but
only 3.8 and 3.10 jobs. This updates the dependency to avoid the error.

Change-Id: I733856564c552843df3e02045ead634e7e8bfb0d
2023-01-11 18:23:53 +09:00
Zuul e99678a597 Merge "Switch to 2023.1 Python3 unit tests and generic template name" 2023-01-10 11:45:17 +00:00
Zuul 5252b9172e Merge "Re-enable upgrades jobs following content-provider fix" 2023-01-05 16:30:20 +00:00
Zuul 5ee709890a Merge "Fix syntax error in file" 2023-01-05 14:16:36 +00:00
Zuul 273e89d17e Merge "Update master for stable/zed" 2023-01-05 09:52:25 +00:00
Amol Kahat d2dc6e4cda
Fix syntax error in file
Related-Bug: #2001626

Signed-off-by: Amol Kahat <>
Change-Id: I53fa23723db0a334b2afb58e0a381439ac535a74
2023-01-05 12:37:23 +05:30
Cédric Jeanneret a33fdd44d0 Re-enable upgrades jobs following content-provider fix
Following I540c681687f5502aaa2e0b9d8b81b5fef83b2bc2 merge in stable/Zed,
we can now re-add the upgrades jobs.

Related-Bug: #2001626
Change-Id: Ia78c7be40a7bc9ff392a1286b3d6de7a82c47bb9
2023-01-04 17:15:51 +00:00
Bogdan Dobrelya 6c8fccb888 Fix missing 50-edk2-ovmf-*.json files handling
Follow-up Ieaacb67d16e82e9c34fcfb31398da5a95cdc3d43
Add missing tests for /usr/share/qemu/firmware/50-edk2-ovmf-*.json

Note: it also comment out the upgrades jobs in order to not fail on Zed
line which is also affected.

Related: rhbz#2090752
Related: rhbz#2109644
Closes-bug: #2001626

Change-Id: I540c681687f5502aaa2e0b9d8b81b5fef83b2bc2
Co-Authored-By: Cedric Jeanneret <>
Signed-off-by: Bogdan Dobrelya <>
2023-01-04 18:05:07 +01:00
Zuul 533a0c7ee9 Merge "Delete overcloud-ceph images" 2022-12-27 10:04:29 +00:00
Zuul 9a9389dc22 Merge "Delete fedora based images" 2022-12-26 06:59:11 +00:00
Zuul a7aaaca629 Merge "Adapt to tox 4.x" 2022-12-23 10:31:16 +00:00
Takashi Kajinami 93c2183382 Adapt to tox 4.x
skipdist=True does not work with latest tox 4.x.

Also, skip_install=True without any deps causes the following task
failure in CI, because the log directory is no longer created. This
change ensures we use the individual environment instead of using
a different environment.

TASK [tox : Install any sibling python packages]
ubuntu-jammy | FileNotFoundError: [Errno 2] No such file or directory:

Closes-Bug: #2000357
Co-Authored-By: Rabi Mishra <>
Change-Id: I638649e0722011ad39cc94f0cc0bfcf65cf1518b
2022-12-23 18:50:59 +09:00
Zuul 2eff2ca025 Merge "Revert "Preserve environment variables with buildah"" 2022-12-19 11:56:02 +00:00
chandan kumar 8d2f7e7a42 Revert "Preserve environment variables with buildah"
This reverts commit 140fc48e73.

Reason for revert:
The original change breaks authentication without authfile.

Closes-Bug: #1999749
Change-Id: Ifbfba09c8ac552cc3c18adb482540541a282488b
2022-12-19 05:10:16 +00:00
Zuul 9e9da9ee03 Merge "Remove trunk.registry from tripleo-common repo" 2022-12-14 11:43:05 +00:00
Zuul 8157cbef7d Merge "Preserve environment variables with buildah" 2022-12-13 21:09:37 +00:00
Zuul ce29713e0c Merge "New constant for THT system path and THT roles directory" 2022-12-13 20:28:32 +00:00
Brendan Shephard 140fc48e73 Preserve environment variables with buildah
This change adds the -E flag to the buildah_cmd
to preserve environment variables like the authfile.

Resolves: rhbz#2151943
Change-Id: Ib7beb1341bbbff3c15b191cf34102c3f7e252034
2022-12-09 18:17:20 +10:00
Jiri Podivin 5154a6f437 New constant for THT system path and THT roles directory
Signed-off-by: Jiri Podivin <>
Change-Id: I676fea139791f808f9976b041692a360984d4ba2
2022-12-01 11:54:54 +01:00
jlarriba 0253c356d9 Fix
There was an error and the last if block was not being closed.
This patch fixes that error.

Change-Id: I0d3bdb4ed4f1bc40c52289965364043c54e1f9fc
2022-12-01 10:00:52 +01:00
Zuul d2249b70e2 Merge "Generic inventory and playbook" 2022-11-30 19:38:05 +00:00
jlarriba 7f8a19eb15 Generic inventory and playbook
This patch introduces the capacity for the
script to generate an inventory and/or a playbook from env
variables passed to the runner container by the operator itself

The ansibleee-operator will take care of filling the contents of the
env variables in [1] and [2]


Change-Id: I030518bb8807aad9fb0d480a130d327522de707d
2022-11-29 18:22:48 +01:00
Zuul 23672cffc1 Merge "Align tss user config with qemu and nova use cases" 2022-11-29 14:32:03 +00:00
Zuul 2b407e0cdc Merge "MariaDB: Remove logic for xinetd" 2022-11-25 10:07:44 +00:00
Zuul fd317fa530 Merge "Remove networking-ansible package" 2022-11-24 20:31:16 +00:00
Zuul 8c9bfea590 Merge "tripleo_inventory is not needed for standalone roles" 2022-11-24 12:53:55 +00:00
Zuul a25d6551f8 Merge "Delete realtime kernel images" 2022-11-23 22:43:33 +00:00
Zuul 4fc1c813e1 Merge "Use net=host with buildah bud" 2022-11-23 09:34:39 +00:00
Zuul a184695636 Merge "By default, unset everything proxy related for healthcheck" 2022-11-22 19:09:25 +00:00
Amol Kahat e9360d55ad Remove trunk.registry from tripleo-common repo
This patch remove
and replace with going to decomission

Signed-off-by: Amol Kahat <>
Change-Id: I133cd5e889de02246daa3d9647010986085c5025
2022-11-22 13:56:05 +05:30
Zuul f0e7da7b0a Merge "Support ansible inventory merging" 2022-11-21 22:17:39 +00:00
Bogdan Dobrelya 7981fdd68a Align tss user config with qemu and nova use cases
In order to fix swtpm logs access permissions and to use the same
approach among Compute specific users (qemu, tss, libvirt, nova):

* Add nova to tss group for swtpm tool to function in virtqemud
  when running w/o root access.
* Change tss user uid/gid/home dir config in TCIB similarly to qemu,
  for consistency reasons.

There is no upgrade impact as vTPM had never been technically released
in the layered downstream product.

Related: rhbz#1782128

Change-Id: Id242a20b7f1193ca2d9a0d7508e12f0f68cfc018
Signed-off-by: Bogdan Dobrelya <>
2022-11-21 16:12:55 +01:00
Zuul 3c3316abbd Merge "Drop healthcheck script for removed services" 2022-11-21 13:14:44 +00:00
rabi b3a3571258 Use net=host with buildah bud
We use the default networking (netavark) with RUN instructions.
We can simplify this by just using host network.

Change-Id: I99bdc55445313f823a761b913407398f98650c5f
2022-11-21 16:28:30 +05:30
jlarriba 41c0af15f8 tripleo_inventory is not needed for standalone roles
tripleo_inventory files mean nothing in the context of running standalone
roles, and the configuration that is included in the set of inventory
files is tampering with the configuration needed to run standalone roles
on external dataplane. It seems better to not mount them by default on the
/runner directory, but let the user mount them if they are useful to his

Change-Id: I5f99a2fad3ddd5b00d4a7363565545d08f8523fe
2022-11-21 11:10:28 +01:00
Zuul daafb1bfee Merge "Remove image yamls for CentOS 8/RHEL 8" 2022-11-21 07:50:04 +00:00
Takashi Kajinami f7c797c7e9 Remove networking-ansible package
... because the plugin is no longer supported.

Change-Id: Iaac54a416edb578a5d800e0553a2357b575d976f
2022-11-21 15:25:58 +09:00
Takashi Kajinami 003e514561 MariaDB: Remove logic for xinetd
... because xinetd is no longer available in CentOS Stream 9 and
the logic is not used.

Change-Id: I8a350ab5ac9b72465b22c19cfeb0e7b544fd3b39
2022-11-21 15:23:39 +09:00
Steve Baker 696da32ad2 Delete overcloud-ceph images
Downstream deploys ceph either out-of-band or with a
downstream-defined overcloud-minimal image, so these images are likely
unused and untested.

This will need some confirmation from ceph folk though, I'll add them
to this review.

Change-Id: Ia4f3ca5b9838ab93ed1f20dc9a26168f030821b7
2022-11-21 09:02:38 +13:00
Steve Baker 58fdd2972a Delete fedora based images
This is definitely unused and untested.

Change-Id: If06f7c28735f8b11815b988b073450e4fe44e44b
2022-11-21 09:02:38 +13:00
Steve Baker dd5ebed200 Delete realtime kernel images
Downstream the realtime kernel images are created by documenting a
recipe to use virt-customize on overcloud-hardened-uefi-full. So these
image definitions has likely not been used for a very long time.

Change-Id: I6fbfdca7efcd84317b3085b58273edbb4da60029
2022-11-21 09:02:38 +13:00