This reverts *parts* of commit 9519fafd102017e54f4d543f25ca4398f1ec67b8.
Specifically, this reverts the main fix regarding DOCKER_MIN_API_VERSION.
Reason for revert: Docker 26.0.0 is out, which drops the old API
This patch additionally modifies the Zuul config in two ways:
* disables buildset-registry jobs because they are children of
opendev-buildset-registry (a base-job in opendev) and thus
do not pick up new changes - they are reenabled in a followup
* disables crio jobs because they have their repo seemingly broken
Change-Id: I4d05f9b187f9e40c3dcb2597e08c5bb50c261b17
Co-Authored-By: Radosław Piliszek <radek@piliszek.it>
The systemd_service module is known as "systemd" in Ansible 6. Use
the backwards compat format until Ansible 6 is removed from Zuul.
Change-Id: Ifff1cdfdf4d03426f289355673ee1472f0d37dd6
This is no longer present in Ansible 9.
Removing these upsets ansible-lint, so those errors are ignored.
The base roles job has bitrotted on centos-7 and bionic due to
a bad voluptuous release used in an stestr test. That is fixed in
this change as well.
Change-Id: I67886d5ad82ab590979f82bd102d6f974b9d4421
Skopeo hardcoded the docker api version for image manipulation to
version 1.22 of the api until very recently. Docker 25 sets 1.24 as a
minimum version by default introducing an incompatibility between the
tools. It isn't straightforward to install an updated skopeo everywhere
we need it (due to golang requirements). As a workaround we override
the min version to 1.22 when installing the docker daemon. This should
work until Docker 26 is released and removed the override option.
Note we also pin microk8s from latest/stable (which is currently
1.29/stable) to 1.28/stable to workaround
https://github.com/canonical/microk8s/issues/4361. This is necessary to
get the CI jobs for docker/registry/k8s testing working in order to land
this fixup.
Change-Id: I377ac84d532749eba578c4b32eb2ed6a5ce7a0c9
Upstream docker-ce recently released version 23.0.0. This version
appears to depend on apparmor but does not explicitly pull it in.
Not having apparmor results in these errors:
error: exec: "apparmor_parser": executable file not found in $PATH.
Fix this by adding the apparmor package to the list of packages we
install from the distro for docker. Opensuse also uses apparmor but we
don't support installing docker from upstream on opensuse so we don't
need to make changes to opensuse just Debuntu.
Additionally, buildx appears to have been split out into its own package
now and we need to install it explicitly in order for multiarch CI
builds to be successful.
Change-Id: I7b6fd895f58de9e052af8efca27b9ed4bfac7036
Latest ansible-lint is finding this. It seems reasonable enough to
ensure the task is named; it's always nice to have context about what
is happening as you read the file.
Change-Id: Ia7e490aaba99da9694a6f3fdb1bca9838221b30a
On Centos8, during the docker-ce installation, the docker.socket service
is start with a bogus state:
docker.socket: Socket unit configuration has changed while unit has been running, no open socket file descriptor left. The socket unit is not functional until restarted.
Later, when the `Assure docker service is running` task tries to start
the service, it fails with the following error:
dockerd[29743]: failed to load listeners: no sockets found via socket activation: make sure the service was started by systemd
Example:
https://0c7366f2ce9149f2de0c-399b55a396b5093070500a70ecbf09b9.ssl.cf1.rackcdn.com/410/c233496b96c70cfc6204e75d10116a96b08d4663/check/ansible-test-sanity-docker/787388f/ara-report/index.html
Another example: https://github.com/kata-containers/tests/issues/3103
Also: Remove use of kubectl --generator=run-pod/v1
This has been deprecated since 1.17 and removed since 1.20. run-pod wound
up being the only generator that did anything, so this parameter became a
no-op. This has to be squashed into this commit to unbreak the gate.
Change-Id: I666046fe2a3aa079643092c71573803851a67be2
Docker just released official packages for centos-8 so
we need to remove the temporary workaround that installs the
previous release version.
Change-Id: I787ce82b895069f4846fcdb35f55f0c9ad53652c
As described inline, we should lower the MTU in the docker
configuration when we see the interface has a MTU lower than 1500 so
things "just work". This particularly affects the Linaro ARM64 cloud
in OpenDev, but it is a generic issue.
Change-Id: I338616c41a65b007d56648fdab6da2a6a6b909f4
Story: https://storyboard.openstack.org/#!/story/2008230
Ansible doens't really have a great built-in way to modify a json file
(unlike ini files). The extant docker role does what seems to be the
usual standard, which is slurp in the file, parse it and then write it
back out.
In a follow-on change (I338616c41a65b007d56648fdab6da2a6a6b909f4) we
need to set some more values in the docker configuration .json file,
which made me think it's generic enough that we can have a role to
basically run read the file, |combine and write it back out.
This adds such a role with various options, and converts the existing
json configuration update in ensure-docker to use it.
Change-Id: I155a409945e0175249cf2dc630b839c7a97fb452
This error occurs when variables are null and
DEFAULT_JINJA2_NATIVE is enabled:
object of type 'NoneType' has no len()
Change-Id: I7c69be60b846c03e30a0a6e8893bf2f3a3d5e5b8
- assured configured repository is based on original repository definition
- workaround for bypassing rpm installation conflicts
on CentOS/RHEL-8.
- we no longer need special dnf command for installation.
Change-Id: I0b2ccd788f8010b864c45140189dcb215e7c82fb
This patch refactors ensure-docker to use the new ensure-package-repostories
role which cleans up the codebase for it a lot. It also converges the
Debian and Ubuntu configuration as they were pretty much the same.
Also, it updates the Docker to the proper GPG key as while refactoring,
it was exposed that it was using the wrong key. Docker uses a different
key for Debian and RHEL based packaging.
Change-Id: Iad430c6a31be0750c1a0f50e12a26df230de9f4e
There are over 490 .yaml files but only a few .yml, let's rename to be
consistent.
Add a test to block .yml files.
Change-Id: I2f1354de82f231154d926b51d9812b1e9c1a6202
