Zuul switched to a new base image, and it seems the new socat puts out
a warning (something like
... socat[489590] W ioctl(5, IOCTL_VM_SOCKETS_GET_LOCAL_CID, ...): Inappropriate ioctl for device
for reference).
Grep the output so we only get the line about what port it is
listening on.
Change-Id: I74fb86a9158b45e6601ee1fbc199ba80cd4991fe
The below error is coming on mol-centos7 jobs while
installing sibling for python2 packeges on centos7
Error: TypeError: initial_value must be unicode or None, not str
This patch handled the TypeError while installing sibling
for python packeges for centos7.
Closes-Bug: #1946641
Change-Id: Ie8058cca92d099e50af19b95b4c417c5a665da0d
build-container-image may ends up pushing large files. Network is not
always as reliable as we want. This commit ensures we retry several
times in case of failure.
Change-Id: Ieaf92a8c3531e24ab5e41783b540de1df806c02f
I think the secondary "rustup default" was intended to make sure the
Zuul user sets up to use the installed rust toolchain
(I32f9b285904a7036f9a80ada8a49fa9cf31b5163) but actually results in a
re-download of components and another local installation. This isn't
really the intention, and also doubles the time spent installing.
From the linked comment, it seems like we're not doing our global
install correctly; even putting it in /usr doesn't avoid the need for
RUST_HOME to be set. Take it's suggestion and install out-of-the-way
in /opt, use a small /usr/local/bin wrapper to call with correct env
vars set and then setup the installed global binary names to be called
via that.
Change-Id: I28ef747b809a17664305bfd9754022251390647b
With the original verbose output support in change
Iafeb88eaf9a596603ad4d2134a4574345d5189ab we looked for lines from
tox --showconfig output starting with an opening '[' but verbosity
also causes output from pip install activity to be included if a
tox.requires entry causes it to install packages before continuing
and these lines are prefixed by a process ID number wrapped in
brackets with the command string after that, which prematurely
triggered our search for the start of the INI content. Add a
stipulation that the first INI output line also end in ']' in order
to skip over those additional prepended lines.
Change-Id: If29e5a9abe3b92a145d87f5efc1b93350ea3908a
This reverts commit 8b1cc73ee30428517f9524624b9eb309e9b14c1f.
Apparently tox.requires adds lines like this to verbose showconfig
output:
using tox-3.24.4 from /.../tox/__init__.py (pid 2919)
Which is confusing the current parser in the siblings module. Roll
this back while we work on a fix and regression test.
Change-Id: If3b1d48b36a5d32fddfdabd9c0ec1b81dd6453f2
When the tox role was introduced, a tox_extra_args rolevar was
included allowing the tox command line to be extended with arbitrary
options. When siblings functionality was added, tox_extra_args did
not get included in its separate tox invocations. If a project has a
particular situation where some aspect of tox's functionality must
be overridden in order to work, doing so through tox_extra_args
needs to apply to every tox invocation, including siblings installs.
Change-Id: Ibfe77f67e43135ae5af7588d6859b8b3dbd4c3ca
Unfortunately, when tox combines --showconfig with verbosity options
like -vv, some non-config output gets streamed to stdout before the
configuration is emitted. Filter this preamble in
tox_install_sibling_packages by discarding any initial lines of
output before the first section heading.
Also extend get_envlist() to deal with the fact that additional
verbosity adds a [tox] section in the --showconfig output, which it
was previously relying on to determine whether the config had been
filtered to a subset of env sections. Instead also check the
tox.args string to determine whether a -e option was passed on the
command line.
Change-Id: Iafeb88eaf9a596603ad4d2134a4574345d5189ab
In some situations, projects may not keep a tox.ini in the root
directory of their repository, or may even have multiple tox
configuration files. Allow the location and name of the config to be
overridden explicitly through the use of a new rolevar.
Change-Id: I1927142e6d9fa75e96902ae001c8ca98d69c7443
Avoid false-positive CI testing with tox where misconfigured tox
projects end-up skipping tests or running with different python
version than the required one.
While use of this option on development machine may be ok, when
executed in CI context, we never want to be relaxed about what
we test and which versions of python we use.
I seen projects running with wrong version of python for months
before someone discovered that a different version of python
was used on CI.
Change-Id: I5be9bce86833db11afd7072e477ccaf42658bf99
It seems like BuildKit is the next generation, but not likely to be
enabled by default soon (https://github.com/moby/moby/issues/40379).
Add a flag so people who want to use its features can easily opt-in.
Change-Id: I862819959c77a557199f64b4d42109bc7915959c
We have seen instances where type -p (s)testr seems to return with a
leading blank line which confuses ansible later when trying to use the
first line of output as the path to (s)testr. Address this by chomping
with grep -v ^$. Additionally use type -P instead of -p to ensure we
always get a path even when the command may be an alias or builtin.
Change-Id: Ibffe1e1499eca18ef5dc3904fe222a55242b827d
The official podman ubuntu install guide[1] tells to install podman from
Kubic project repo for ubuntu Bionic and Focal. And project atomic PPA
repo[2] is deprecated.
But Kubic repo only provides x86_64 deb packages for Bionic. For non x86_64
platforms use project atomic PPA repo on Bionic.
Also add a job zuul-jobs-test-ensure-podman-ubuntu-focal.
[1] https://podman.io/getting-started/installation
[2] https://launchpad.net/~projectatomic/+archive/ubuntu/ppa
Change-Id: I402adf1866e4bb8f3b388216bc48b9927e1388b1
We've seen a case where we can still push and pull tags from dockerhub,
but the web UI and API seem out of sync with the actual registry. In
this case, we would like to continue, even though it will leave some
unused tags in the repo (they can be cleaned up later if they ever
show up).
Change-Id: If000163a321c869c46cfed4233c2ea42c3e8471b
So that tests which use ZooKeeper can issue the 4-letter-word
debug commands, make sure they are enabled in the zoo.cfg file.
Change-Id: Ib614e918e02306564c2ed6adb4ec350e40df9043
The case where this isn't set isn't exercised by the tests, so we missed
this. We need to supply an empty list of artifacts to iterate over if
there are no zuul artifacts.
Change-Id: I082e3546ddc0ff57386063a4f697ae6584db9f90
Because buildset registries may be used by jobs that finish before other
jobs are finished using the buildset registry we must be careful not to
expose the registry credentials in the jobs that finish sooner.
Otherwise logs for the earlier job runs could potentially be used to
poison the registry for later jobs.
This is likely currently incomplete. Other Zuulians should look over it
carefully to ensure we're covering all the bases here.
The cases I've identified so far are:
* Setting facts that include passwords
* Reading and writing to files that include passwords (as content may be
logged)
* Calling modules with passwords passed as arguments (the module
invocation is logged)
I've also set no_log on zuul_return that passes up credentials because
while the logging for zuul_return is minimal today, I don't want to
count on it remaining that way.
We also use the yet to be merged secret_data attribute on zuul_return to
ensure that zuul_return itself does not expose anything unwanted.
Finally it would be great if others could check over the use of
buildset_registry variables to make sure there aren't any that got
missed. One thing I'm not sure of is whether or not when conditionals
get logged and if we need to be careful about their use too.
Temporarily remove some buildset-regitry jobs which are in a catch-22.
Change-Id: I2dea683e27f00b99a7766bf830981bf91b925265
This adds new lines between tasks, to make it a little easier to read.
Change-Id: I78ac55027fec58eabd95f097ff9946fa6b2cff9d
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Technically dnf doesn't require dnf-plugins-core so it's possible "dnf
copr" may not work. Our Fedora 34 images aren't pre-installing it
(something we should probably fix) but this should be fine as a
generic saftey bootstrap anyway.
Change-Id: I8a645f582f5955c93b4e115ad8bed7c46def5c82
This change enables using fetch-translation role along with
the fetch-output role. By default the role still synchronizes
artifacts back to the executor.
Change-Id: I85c021706c1fa20f8d28b3a1f56c9435ac3836d5
The `helm init` command fails under releases of Helm prior to 2.17.0
due to the fact that the stable charts have been moved[1].
Helm 2 is EOL and ideally this should be bumped to Helm 3 at some point,
but that is a bigger exercise that will require notifying all users
so this minor bump should improve overall UX without affecting users.
[1]: https://helm.sh/blog/new-location-stable-incubator-charts/
Change-Id: Ica60f3225bd7bb3f9cce0af27b486604bfb9b2d5
Properties can be used to tag files.
When another system is using a property filter, being able to set
the properties for zuul artifacts is very convenient.
Change-Id: Ib16ca0f6b532649daa77aa26a8ffa29b78429b71
The stage-output role had two assumptions:
1) The zuul_copy_output variable would always be defined
2) The role would be able to sudo on the remote node
To make it easier for users who want to use this in a base job,
remove both of those assumptions.
1) We now supply a default empty dict if the variable is not defined
so that the role does not fail with an error.
2) We check to see if we can sudo on the remote node, and if we can,
we do when copying files; otherwise we don't, and assume that the
user will only specify files they have access to (if they don't then
the copy will fail).
Change-Id: I5428c44adfafac4872342b59a92de311f41687b6
Every time I open up the Zuul console for certain jobs it unrolls the
pre-playbook section in the console because it looks like this task
has a "FAILED" status.
pkill man page says that 0/1 are "process killed" and "no match"
respectively; set failed_when to >1 so these return codes don't cause
spurious failures.
Change-Id: I23112b1101c991c1714d69f7568f83c2dcd605dd
Role copied and modified from ensure-podman
As focal doesn't exist for project atomic ppa [1]
Install is performed from opensuse repository only
[1] http://ppa.launchpad.net/projectatomic/ppa/ubuntu/dists/
Change-Id: I72fc2e68768664b80c39bd47295330131337d8b5
Starting with Debian 11 (bullseye), security packages are in
bullseye-security as opposed to older releases like buster/updates.
List the last several stable releases in hopes nobody is trying to
use this role to configure platforms older than Debian 8 (jessie,
the current "oldoldstable").
A followup change demonstrates this works in the test-base-roles
job, but because the job matrices have to be updated in one fell
swoop, and many of those jobs won't work without this change already
merged (due to protected use in our base job), it's not tested
directly within this change.
Change-Id: I2d7712cbfd037a65b9025980a6c0cccd917f8947
On Centos8, during the docker-ce installation, the docker.socket service
is start with a bogus state:
docker.socket: Socket unit configuration has changed while unit has been running, no open socket file descriptor left. The socket unit is not functional until restarted.
Later, when the `Assure docker service is running` task tries to start
the service, it fails with the following error:
dockerd[29743]: failed to load listeners: no sockets found via socket activation: make sure the service was started by systemd
Example:
https://0c7366f2ce9149f2de0c-399b55a396b5093070500a70ecbf09b9.ssl.cf1.rackcdn.com/410/c233496b96c70cfc6204e75d10116a96b08d4663/check/ansible-test-sanity-docker/787388f/ara-report/index.html
Another example: https://github.com/kata-containers/tests/issues/3103
Also: Remove use of kubectl --generator=run-pod/v1
This has been deprecated since 1.17 and removed since 1.20. run-pod wound
up being the only generator that did anything, so this parameter became a
no-op. This has to be squashed into this commit to unbreak the gate.
Change-Id: I666046fe2a3aa079643092c71573803851a67be2
