From 41aa936fa226ff6bca66715f6e0edea287fa9dc1 Mon Sep 17 00:00:00 2001 From: Ian Wienand Date: Wed, 14 Dec 2022 10:57:18 +1100 Subject: [PATCH] tox jobs: pin to correct nodesets; use host networking for containerfile These must have broken when we switched the base nodes to Jammy. Update to use compatible versions of distros. We need to squish another gate-breaking change in here to update the containerfile "podman build" calls to use "--network host". We added this with Ia885237406bf4c7b9d49b349f374558ae746401f and the only external user I can find is kayobe, which is setting this anyway. I honestly haven't 100% root-caused what changed to require this; the last time our containerfile jobs ran and worked has unfortunately been purged so I can't compare versions to try and pinpoint something; i.e. this may be a podman bug or feature. At first I thought it related to the networking plugin package from the Depends-On (which is still useful for the right packages) but that didn't help get the bridge networking working. Depends-On: https://review.opendev.org/c/zuul/nodepool/+/867590 Change-Id: I23f091654cb212e8bdd908664b262de9bfe98cef --- .zuul.d/project.yaml | 24 +++++++++++++++---- .../containerfile/root.d/08-containerfile | 7 +++++- ...file-host-networking-0691f3be5c6b11b6.yaml | 6 +++++ 3 files changed, 32 insertions(+), 5 deletions(-) create mode 100644 releasenotes/notes/containerfile-host-networking-0691f3be5c6b11b6.yaml diff --git a/.zuul.d/project.yaml b/.zuul.d/project.yaml index 274cca1d..c1f4c153 100644 --- a/.zuul.d/project.yaml +++ b/.zuul.d/project.yaml @@ -15,8 +15,16 @@ nodes: - name: ubuntu-bionic label: ubuntu-bionic - - tox-py38 - - tox-py39 + - tox-py38: + nodeset: + nodes: + - name: ubuntu-focal + label: ubuntu-focal + - tox-py39: + nodeset: + nodes: + - name: ubuntu-focal + label: ubuntu-focal - tox-py310: nodeset: nodes: @@ -61,8 +69,16 @@ nodes: - name: ubuntu-bionic label: ubuntu-bionic - - tox-py38 - - tox-py39 + - tox-py38: + nodeset: + nodes: + - name: ubuntu-focal + label: ubuntu-focal + - tox-py39: + nodeset: + nodes: + - name: ubuntu-focal + label: ubuntu-focal - tox-py310: nodeset: nodes: diff --git a/diskimage_builder/elements/containerfile/root.d/08-containerfile b/diskimage_builder/elements/containerfile/root.d/08-containerfile index 7a852ad9..d8ac8287 100755 --- a/diskimage_builder/elements/containerfile/root.d/08-containerfile +++ b/diskimage_builder/elements/containerfile/root.d/08-containerfile @@ -28,8 +28,13 @@ if [[ "${DIB_CONTAINERFILE_PODMAN_ROOT:-0}" != '0' ]]; then DIB_CONTAINERFILE_RUNTIME_ROOT=1 fi +# NOTE(ianw) 2022-12-15 : this used to be left blank, but we've found +# with current podman this is the only reliable way to get networking +# in the container we're building (needed for yum update, package +# install, etc.). It's less secure, but we're already running in a +# priviledged container ... if [[ -z "${DIB_CONTAINERFILE_NETWORK_DRIVER:-}" ]]; then - DIB_CONTAINERFILE_RUNTIME_NETWORK="" + DIB_CONTAINERFILE_RUNTIME_NETWORK="--network host" else DIB_CONTAINERFILE_RUNTIME_NETWORK="--network ${DIB_CONTAINERFILE_NETWORK_DRIVER:-}" fi diff --git a/releasenotes/notes/containerfile-host-networking-0691f3be5c6b11b6.yaml b/releasenotes/notes/containerfile-host-networking-0691f3be5c6b11b6.yaml new file mode 100644 index 00000000..876e0bd2 --- /dev/null +++ b/releasenotes/notes/containerfile-host-networking-0691f3be5c6b11b6.yaml @@ -0,0 +1,6 @@ +--- +upgrade: + - | + The default networking in the ``containerfile`` element is + switched to ``host`` as we have found that more reliable in + generating the initial chroot images.