Since the security update we are not able to modify
zuul.executor.log_root variable in the role testing.
Replace this with explicit log folder creation on the test node.
Change-Id: Ie6cff6f9e9c5594167ddda6cd345f9c3d9f2f470
Fedora supports FIPS. There is no version check because the feature is
available on all the supported Fedora releases.
Change-Id: I924fb565a4d70e7c93a215e9e0a5b2b80bced52a
Zuul's use of this role has exceeded the 500M cap. Let's go ahead
and remove it since it's arbitrary anyway, and Zuul is likely the
primary user of the role.
Change-Id: Ib0bc72f6c909e44bc04af7a8fbe40ef8415addcf
This updated branch fixes a few issues and should ensure display with
pcp-dstat (I9234b226242f145db9c235797649202aa530ec74)
Add an override so we pull it
Change-Id: I0d5e1b567c364a9e6c7aa0b95de17abffaef0434
Dstat is dead, but pcp supplies a compatible interface.
Installation can be unreliable, so let's ignore failures since
this isn't generally critical.
Change-Id: I9234b226242f145db9c235797649202aa530ec74
With this patch, Adding repos to install openvswitch
in Centos9 stream.
For Centos9 stream nodes we need to enable 2 repos:-
* nfv repo - Ussuri+ openvswitch is shipped as part of NFV SIG
* rdo xena repo - rdo-openvswitch(which provides openvswitch wrapper)
is available in OpenStack repo
Closes-Bug: #1947665
Change-Id: If5a32b30637296a070f2e75ba8feb6aa45d8ecac
Zuul switched to a new base image, and it seems the new socat puts out
a warning (something like
... socat[489590] W ioctl(5, IOCTL_VM_SOCKETS_GET_LOCAL_CID, ...): Inappropriate ioctl for device
for reference).
Grep the output so we only get the line about what port it is
listening on.
Change-Id: I74fb86a9158b45e6601ee1fbc199ba80cd4991fe
The below error is coming on mol-centos7 jobs while
installing sibling for python2 packeges on centos7
Error: TypeError: initial_value must be unicode or None, not str
This patch handled the TypeError while installing sibling
for python packeges for centos7.
Closes-Bug: #1946641
Change-Id: Ie8058cca92d099e50af19b95b4c417c5a665da0d
build-container-image may ends up pushing large files. Network is not
always as reliable as we want. This commit ensures we retry several
times in case of failure.
Change-Id: Ieaf92a8c3531e24ab5e41783b540de1df806c02f
I think the secondary "rustup default" was intended to make sure the
Zuul user sets up to use the installed rust toolchain
(I32f9b285904a7036f9a80ada8a49fa9cf31b5163) but actually results in a
re-download of components and another local installation. This isn't
really the intention, and also doubles the time spent installing.
From the linked comment, it seems like we're not doing our global
install correctly; even putting it in /usr doesn't avoid the need for
RUST_HOME to be set. Take it's suggestion and install out-of-the-way
in /opt, use a small /usr/local/bin wrapper to call with correct env
vars set and then setup the installed global binary names to be called
via that.
Change-Id: I28ef747b809a17664305bfd9754022251390647b
With the original verbose output support in change
Iafeb88eaf9a596603ad4d2134a4574345d5189ab we looked for lines from
tox --showconfig output starting with an opening '[' but verbosity
also causes output from pip install activity to be included if a
tox.requires entry causes it to install packages before continuing
and these lines are prefixed by a process ID number wrapped in
brackets with the command string after that, which prematurely
triggered our search for the start of the INI content. Add a
stipulation that the first INI output line also end in ']' in order
to skip over those additional prepended lines.
Change-Id: If29e5a9abe3b92a145d87f5efc1b93350ea3908a
This reverts commit 8b1cc73ee30428517f9524624b9eb309e9b14c1f.
Apparently tox.requires adds lines like this to verbose showconfig
output:
using tox-3.24.4 from /.../tox/__init__.py (pid 2919)
Which is confusing the current parser in the siblings module. Roll
this back while we work on a fix and regression test.
Change-Id: If3b1d48b36a5d32fddfdabd9c0ec1b81dd6453f2
When the tox role was introduced, a tox_extra_args rolevar was
included allowing the tox command line to be extended with arbitrary
options. When siblings functionality was added, tox_extra_args did
not get included in its separate tox invocations. If a project has a
particular situation where some aspect of tox's functionality must
be overridden in order to work, doing so through tox_extra_args
needs to apply to every tox invocation, including siblings installs.
Change-Id: Ibfe77f67e43135ae5af7588d6859b8b3dbd4c3ca
Unfortunately, when tox combines --showconfig with verbosity options
like -vv, some non-config output gets streamed to stdout before the
configuration is emitted. Filter this preamble in
tox_install_sibling_packages by discarding any initial lines of
output before the first section heading.
Also extend get_envlist() to deal with the fact that additional
verbosity adds a [tox] section in the --showconfig output, which it
was previously relying on to determine whether the config had been
filtered to a subset of env sections. Instead also check the
tox.args string to determine whether a -e option was passed on the
command line.
Change-Id: Iafeb88eaf9a596603ad4d2134a4574345d5189ab
In some situations, projects may not keep a tox.ini in the root
directory of their repository, or may even have multiple tox
configuration files. Allow the location and name of the config to be
overridden explicitly through the use of a new rolevar.
Change-Id: I1927142e6d9fa75e96902ae001c8ca98d69c7443
Avoid false-positive CI testing with tox where misconfigured tox
projects end-up skipping tests or running with different python
version than the required one.
While use of this option on development machine may be ok, when
executed in CI context, we never want to be relaxed about what
we test and which versions of python we use.
I seen projects running with wrong version of python for months
before someone discovered that a different version of python
was used on CI.
Change-Id: I5be9bce86833db11afd7072e477ccaf42658bf99
It seems like BuildKit is the next generation, but not likely to be
enabled by default soon (https://github.com/moby/moby/issues/40379).
Add a flag so people who want to use its features can easily opt-in.
Change-Id: I862819959c77a557199f64b4d42109bc7915959c
We have seen instances where type -p (s)testr seems to return with a
leading blank line which confuses ansible later when trying to use the
first line of output as the path to (s)testr. Address this by chomping
with grep -v ^$. Additionally use type -P instead of -p to ensure we
always get a path even when the command may be an alias or builtin.
Change-Id: Ibffe1e1499eca18ef5dc3904fe222a55242b827d
The official podman ubuntu install guide[1] tells to install podman from
Kubic project repo for ubuntu Bionic and Focal. And project atomic PPA
repo[2] is deprecated.
But Kubic repo only provides x86_64 deb packages for Bionic. For non x86_64
platforms use project atomic PPA repo on Bionic.
Also add a job zuul-jobs-test-ensure-podman-ubuntu-focal.
[1] https://podman.io/getting-started/installation
[2] https://launchpad.net/~projectatomic/+archive/ubuntu/ppa
Change-Id: I402adf1866e4bb8f3b388216bc48b9927e1388b1
We've seen a case where we can still push and pull tags from dockerhub,
but the web UI and API seem out of sync with the actual registry. In
this case, we would like to continue, even though it will leave some
unused tags in the repo (they can be cleaned up later if they ever
show up).
Change-Id: If000163a321c869c46cfed4233c2ea42c3e8471b
So that tests which use ZooKeeper can issue the 4-letter-word
debug commands, make sure they are enabled in the zoo.cfg file.
Change-Id: Ib614e918e02306564c2ed6adb4ec350e40df9043
The case where this isn't set isn't exercised by the tests, so we missed
this. We need to supply an empty list of artifacts to iterate over if
there are no zuul artifacts.
Change-Id: I082e3546ddc0ff57386063a4f697ae6584db9f90
Because buildset registries may be used by jobs that finish before other
jobs are finished using the buildset registry we must be careful not to
expose the registry credentials in the jobs that finish sooner.
Otherwise logs for the earlier job runs could potentially be used to
poison the registry for later jobs.
This is likely currently incomplete. Other Zuulians should look over it
carefully to ensure we're covering all the bases here.
The cases I've identified so far are:
* Setting facts that include passwords
* Reading and writing to files that include passwords (as content may be
logged)
* Calling modules with passwords passed as arguments (the module
invocation is logged)
I've also set no_log on zuul_return that passes up credentials because
while the logging for zuul_return is minimal today, I don't want to
count on it remaining that way.
We also use the yet to be merged secret_data attribute on zuul_return to
ensure that zuul_return itself does not expose anything unwanted.
Finally it would be great if others could check over the use of
buildset_registry variables to make sure there aren't any that got
missed. One thing I'm not sure of is whether or not when conditionals
get logged and if we need to be careful about their use too.
Temporarily remove some buildset-regitry jobs which are in a catch-22.
Change-Id: I2dea683e27f00b99a7766bf830981bf91b925265
This adds new lines between tasks, to make it a little easier to read.
Change-Id: I78ac55027fec58eabd95f097ff9946fa6b2cff9d
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Technically dnf doesn't require dnf-plugins-core so it's possible "dnf
copr" may not work. Our Fedora 34 images aren't pre-installing it
(something we should probably fix) but this should be fine as a
generic saftey bootstrap anyway.
Change-Id: I8a645f582f5955c93b4e115ad8bed7c46def5c82
This change enables using fetch-translation role along with
the fetch-output role. By default the role still synchronizes
artifacts back to the executor.
Change-Id: I85c021706c1fa20f8d28b3a1f56c9435ac3836d5
