tox jobs: pin to correct nodesets; use host networking for containerfile

These must have broken when we switched the base nodes to Jammy.
Update to use compatible versions of distros.

We need to squish another gate-breaking change in here to update the
containerfile "podman build" calls to use "--network host".  We added
this with Ia885237406bf4c7b9d49b349f374558ae746401f and the only
external user I can find is kayobe, which is setting this anyway.

I honestly haven't 100% root-caused what changed to require this; the
last time our containerfile jobs ran and worked has unfortunately been
purged so I can't compare versions to try and pinpoint something;
i.e. this may be a podman bug or feature.  At first I thought it
related to the networking plugin package from the Depends-On (which is
still useful for the right packages) but that didn't help get the
bridge networking working.

Depends-On: https://review.opendev.org/c/zuul/nodepool/+/867590
Change-Id: I23f091654cb212e8bdd908664b262de9bfe98cef

.zuul.d/project.yaml

@@ -15,8 +15,16 @@
               nodes:
                 - name: ubuntu-bionic
                   label: ubuntu-bionic
-        - tox-py38
-        - tox-py39
+        - tox-py38:
+            nodeset:
+              nodes:
+                - name: ubuntu-focal
+                  label: ubuntu-focal
+        - tox-py39:
+            nodeset:
+              nodes:
+                - name: ubuntu-focal
+                  label: ubuntu-focal
         - tox-py310:
             nodeset:
               nodes:
@@ -61,8 +69,16 @@
               nodes:
                 - name: ubuntu-bionic
                   label: ubuntu-bionic
-        - tox-py38
-        - tox-py39
+        - tox-py38:
+            nodeset:
+              nodes:
+                - name: ubuntu-focal
+                  label: ubuntu-focal
+        - tox-py39:
+            nodeset:
+              nodes:
+                - name: ubuntu-focal
+                  label: ubuntu-focal
         - tox-py310:
             nodeset:
               nodes:

diskimage_builder/elements/containerfile/root.d/08-containerfile

@@ -28,8 +28,13 @@ if [[ "${DIB_CONTAINERFILE_PODMAN_ROOT:-0}" != '0' ]]; then
     DIB_CONTAINERFILE_RUNTIME_ROOT=1
 fi
 
+# NOTE(ianw) 2022-12-15 : this used to be left blank, but we've found
+# with current podman this is the only reliable way to get networking
+# in the container we're building (needed for yum update, package
+# install, etc.).  It's less secure, but we're already running in a
+# priviledged container ...
 if [[ -z "${DIB_CONTAINERFILE_NETWORK_DRIVER:-}"  ]]; then
-    DIB_CONTAINERFILE_RUNTIME_NETWORK=""
+    DIB_CONTAINERFILE_RUNTIME_NETWORK="--network host"
 else
     DIB_CONTAINERFILE_RUNTIME_NETWORK="--network ${DIB_CONTAINERFILE_NETWORK_DRIVER:-}"
 fi

releasenotes/notes/containerfile-host-networking-0691f3be5c6b11b6.yaml

@@ -0,0 +1,6 @@
+---
+upgrade:
+  - |
+    The default networking in the ``containerfile`` element is
+    switched to ``host`` as we have found that more reliable in
+    generating the initial chroot images.