AFAICS, use of this was removed with
I7f98a13091056809fedae8a5c8ee10b0ef8bbb2a and I can't see any other
references to it. Correct the comment to describe how it works.
Change-Id: I5123729b7457dcbd4f4a51cff49904f7bd071e9b
Introduce new container image for Rocky Linux, a downstream clone of Red
Hat Enterprise Linux.
Keep non-voting in Check for a while before adding to any gate checks
Signed-off-by: Neil Hanlon <neil@shrug.pw>
Change-Id: Ib383f60bc23b434b400f85c376840a000cafc697
Related-Bug: https://review.opendev.org/805800/
For centos stream, the $releasever is just the major version. Several
of our .repo files are using $releasever in their path, and I think
that 8-stream installs are actually using 8 repos to install from.
For 9-stream, which doesn't have a corresponding 9, we're getting
errors enabling some of the aarch64 tests.
Replace all the $releasever expansions in the .repo files with the
exact version they are being installed for. They don't need to be
generic; we are installing these specific repos for each DIB_RELEASE,
so they don't mix-and-match.
Change-Id: I48d438d8f51280cd060433fc8a67358d8345287f
SUSE dropped OpenStack Cloud in 2019 [1], and as a result, some
OpenStack-related repositories were removed from openSUSE Download and
root filesystem images stopped being provided. This change deprecates
Leap releases before 15.3 and employs the extract-image script. It also
moves the extract-image script to the sysprep element, since now it's
also used by openSUSE-related elements.
Additionally, revert the "Remove opensuse related funtests" change [2]
so that the opensuse element is tested again and set the default Leap
release to 15.3.
[1] https://www.zdnet.com/article/suse-drops-openstacks/
[2] https://review.opendev.org/c/openstack/diskimage-builder/+/824002
Change-Id: I73d6323aa65cee69a55e54bc53ed682f096dfc89
We've moved away from building "stable"/"testing" targets, as they
move over time so you never know what you're building.
These testing targets are unused, remove them to remove confusion.
Change-Id: I2a53f70ed07873b9a408972d2162b6c10b050db5
This does a basic vm build test of bullseye-arm64, which currently is
missing from the ARM64 testing.
To keep runtimes a bit more reasonable, split the job into two parts,
one for deb distros and one for rpm.
Change-Id: I0f28ff92e1b8d08d56b82b392e2cc355d567d007
NetworkManager is quite capable to do automatic
interface configuration. NetworkManager will by default
try to auto-configure any interface with no configuration.
It will use DHCP for IPv4 and Router Advertisements to
decide how to initialize IPv6.
It will most likely do it just as good, or better than the
dhcp-all-interfaces.sh script.
Since dhcp-all-interfaces clean out all ifcfg files in
60-remove-cloud-image-interfaces it means NetworkManager will
by default attempt auto configuration for all interfaces.
This change add's and environment variable:
DIB_DHCP_NETWORK_MANAGER_AUTO (default: false)
When DIB_DHCP_NETWORK_MANAGER_AUTO is set to `true` only the
NetworkManager config will be written. The dhcp-all-interfaces
service will not be installed. Hence dhcp-all-interfaces will
not write any config files, allowing NetworkManager to just do
it's thing.
Change-Id: Id6f8d6aaaf52a78175bb6c065ec88274c364834e
This change:
- adds a note regarding an error when building focal ubuntu-minimal
images on operating systems with older versions of debootstrap
- adds a reference to where the DIB_RELEASE variable definition can be
found
Closes-Bug: #1941831
Change-Id: Ibc1e04dba0562c4f4909a8cb8af041d9b8ac45c4
This change replaces the call to grub2-switch-to-blscfg with a file
rename to update it to the actual machine-id.
grub2-switch-to-blscfg has issues in some build environments:
- When the build host is EFI boot, it assumes the image is, and
fails when config file /etc/grub2-efi.cfg is missing
- With recent cento9 images and a fedora build host it fails with:
grub2-probe: error: cannot find a device for / (is /dev mounted?)
Change-Id: I74ad800b702f2b491d958555cef8d7c7f63d74ac
In the grub2 element the grub2-efi-x64-modules package
is missing in the centos 9 section, this cause a failure
because grub2 cannot find the neccecary files when
installing the bootloader on EFI systems.
It seems grub2-efi-x64-modules was not included in release
9, this is likely why the block was added initially without
this package. Since it is now there, the Centos 9 specific
block is no longer needed.
Removing the rhel 8 block as well, as it is identical to the
family "redhat" block i.e it is redundant.
Closes-Bug: #1957169
Change-Id: Ia6b0ecf0cd15fb23c6740543940ee513a8602afe
This change removes the uninstall grub2-efi which was required for
prerelease rhel-9 images but now breaks current centos-9-stream
images. A different approach may be required for rhel-9 if the base
image remains different to centos-9-stream (such as populating the
empty /boot/efi partition from the base image)
This change also fixes the detection of whether this is an efi build
to check the block device instead of checking for whether a grub efi
package is installed. This fixes building a centos-9-stream whole-disk
image when package grub2-efi-x64 is installed but a legacy fallback
grub also needs to be installed.
Change-Id: I24baf553e1acd15a66737fc0b2a79d5335e28aa5
Partial-Bug: #1957789
This was introduced in [0] but we can include it in the existing elif
series instead.
[0] I2b75afd310f009ae8614f6ca75bb984b56d25c45
Change-Id: Ibe05f367be997efbd8c5ebec77503ebd9cda1c8b
Per the bug mentioned upstream, grub2-mkconfig will currently not set
the kernel options for BLS entries prefixed with a machine-id
different to the running system.
This affects the centos element, as the upstream .qcow2 comes with a
pre-existing BLS entry but a blank machine-id. This only affects
9-stream -- prior releases either don't use BLS or have entries
configured to use a common variable from grubenv which is updated
correctly.
We currently can not end-to-end test this in OpenDev because we run
our functional tests on Ubuntu Focal (they use devstack), whose kernel
can not read the XFS format on the 9-stream .qcow2. This expands the
functional tests (that run on Debian Buster, with a later kernel) to
add the vm element, so the bootloader path is exercised (this requires
a block-device too). This at least runs the bootloader install, we
can confirm the kernel options look right from the dumping provided
the logs.
Change-Id: I327f5e7a95e47905c01138c8c4483f3f03e8efff
The pip_args variable is not initialized when installing pip for
bullseye resulting in an unbound variable error when running
install_python3_pip on that debian version.
This patch fixes the issue moving pip_args inizialization to a common
place.
Change-Id: I1603c97871449b4f73e3062a705d655e9454bf33
A lack of space between package names was causing apt to fail.
[0] I2b75afd310f009ae8614f6ca75bb984b56d25c45
Change-Id: Ia7e005c2f583037ee44a3c364e3b8d79d51e03a2
Debian bullseye has removed python-pip and python-virtualenv
from its repos, let's install only pip and virtualenv python3 modules.
Also split pip installation based on python2 and python3 for
debian-based distributions.
Change-Id: I2b75afd310f009ae8614f6ca75bb984b56d25c45
This reverts I2701260d54cf6bc79f1ac765b512d99d799e8c43,
Idf2a471453c5490d927979fb97aa916418172153 and part of
Iecf7f7e4c992bb23437b6461cdd04cdca96aafa6 which added special flags to
update kernels via grubby.
These changes actually ended up reverting the behaviour on Fedora 35,
which is what led me to investigate what was going on more fully.
All distros still support setting GRUB_DEVICE in /etc/default/grub;
even the BLS based ones (i.e. everything !centos7).
The implementation *is* confusing -- in earlier distros each BLS entry
would refer to the variable $kernelopts; which grub2-mkconfig would
write into /boot/grub2/grubenv. After commit [1] this was reverted,
and the kernel options are directly written into the BLS entry.
But the real problem is this bit from [2]
get_sorted_bls()
{
if ! [ -d "${blsdir}" ] || ! [ -e /etc/machine-id ]; then
return
fi
...
files=($(for bls in ${blsdir}/${machine_id}-*.conf; do
...
}
i.e., to avoid overwriting BLS entries for other OS-boots (?),
grub2-mkconfig will only update those BLS entries that match the
current machine-id.
The problem for DIB is that we are clearing the machine-id early in
finalise.d/01-clear-machine-id, but then running the bootloader update
later in finalise.d/50-bootloader.
The result is that the bootloader entry generated when we installed
the kernel (which guessed at the root= device, etc.) is *not* updated.
Even more annoyingly, the gate doesn't pick this up -- because the
gate tests run on a DIB image that was booted with
"root=LABEL=cloudimg-rootfs" the kernel initially installed with
"install-kernel" (that we never updated) is actually correct. But
this fails when built on a production host.
Thus we don't need any of the explicit grubby updates; these are
reverted here. This moves the machine-id clearing to after the
bootloader setup, which allows grub2-mkconfig to setup the BLS entries
correctly.
[1] 4a742183a3
[2] https://src.fedoraproject.org/rpms/grub2/blob/rawhide/f/0062-Add-BLS-support-to-grub-mkconfig.patch
Depends-On: https://review.opendev.org/c/zuul/nodepool/+/818705
Change-Id: Ia0e49980eb50eae29a5377d24ef0b31e4d78d346
Patch allow to set path for local image source,
instead download latest or use the cached image.
This permit to build image also in environment without internet access.
re-propose of patch: https://review.opendev.org/c/openstack/diskimage-builder/+/809009
Change-Id: I54395b09af339caee040326b809e8fbf8b0e7d6a
A recent(-ish) change in git [1] has exposed a bug in caching that
appears in one very specific circumstance -- updating the
openstack/openstack super-repo [2].
This repo gets a submodule update every time something is pushed. By
using "--git-dir" while the cwd is one-level above the actual repo we
are confusing [1] which is not finding the submodule directories
correctly and giving us an error:
Could not access submodule 'foo'
for every submodule that has updated between now and the last time we
updated the cache. [3]
The git manual does warn about this
If you just want to run git as if it was started in <path> then use
git -C <path>.
Indeed, that is what we want to do in this path. Modify the calls to
use -C.
[1] 505a276596
[2] https://opendev.org/openstack/openstack/
[3] The result for opendev production is that image builds fail every
time an openstack/* project is checked in; we then race to retry
the build before another commit lands and updates the submodules
again.
Change-Id: Iadb23454e29d8869e11407e1592007b0f0963e17
Refactor things to use explicit names, and put in a trap to cleanup
after any errors.
Currently, if the build/run/export steps fail, it leaves behind images
which eventually clog things to the point podman won't run any more
(see also https://github.com/containers/podman/pull/12233 about errors
seen due to this)
Change-Id: Ib328a07ad67e3f71f379fbf34ae7ef74e212ef1c
Ic68e8c5b839cbc2852326747c68ef89f630f26a3 removed the sudo from the
tar extraction here, meaning that production is failing to create the
chroot. This is hidden in testing because
DIB_CONTAINERFILE_PODMAN_ROOT is set. Make the sudo here
unconditional.
Change-Id: I6e36e3fc65981f85fad12ea2cd10780fde9c37da
CentOS Stream 9 is close to be released, and official mirrors are
already poplated. This patch is adding support to centos-minimal in CS9.
Also enable centos-minimal/[8,9]-stream-build-succeeds tests.
This patch is being tested together with [1] to apply following list of elements:
vm centos-minimal simple-init growroot nodepool-base openstack-repos infra-package-needs
[1] https://review.opendev.org/c/openstack/project-config/+/811442
Change-Id: Iecf7f7e4c992bb23437b6461cdd04cdca96aafa6
The if/elif block added in [0] doesn't work for gentoo, let's hope
that we can get along with an easy fix.
[0] https://review.opendev.org/c/openstack/diskimage-builder/+/804000
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I543e04d2d7efea3e718bae31aa1cc4767bd359f8
This adds 9-stream support to the centos element.
See https://review.opendev.org/q/topic:cs9 for related patches.
Change-Id: Ib80fbd21edb77c25764eff2c0d66e55bde7a90af
We need to update the base reference platform we perform the
functional tests on. Debian bullseye seems like the best choice -- it
is recent enough to last for a while, and will match the
nodepool-builder container environment.
Depends-On: https://review.opendev.org/c/zuul/zuul-jobs/+/814088
Change-Id: Ic68e8c5b839cbc2852326747c68ef89f630f26a3
I'm not aware this element is used/was ever used. It hasn't ever been
updated to Focal. To reduce our testing footprint remove this test,
and note in the element its probably broken.
Change-Id: I17cd3b13948287fe78990cfbe16a22919a329ba9
This reverts commit 1f4fb1d7a5.
This unfortunately wasn't actually tested. Because the image-based
tests run sequentially, a prior failure in the centos-8 job meant the
ubuntu job never ran.
This is failing with
10-cache-ubuntu-tarball: line 28: DIB_LOCAL_IMAGE: unbound variable
There is also a seemingly unused variable DIB_IMAGE_LOCAL_FILE; I'm
not sure what this is doing.
For now revert, and it can be re-proposed with appropriate testing.
Change-Id: I0f3897c90dc863ee04c3295b9cb094f02d8658e3
It looks like upstream have changed this line to "download.example",
breaking our subsitution. Let's do a generic match.
Change-Id: I8e443022a5f239b98ccefe73a9abf8cf259dc8e9
Patch allow to set path for local image source,
instead download latest or use the cached image.
This permit to build image also in environment without internet access.
Change-Id: I9422e21c5d0445e31d5a7258aa7310b20e39b929
A custom yum repository can now be configured by defining
`DIB_YUM_REPO_PACKAGE` as a yum available package or a URL to an rpm file.
This package can install repo files with any associated keys and
certificates.
A good example of such a package upstream is rdo-release[1] which
includes multiple repo files, the repo keys, and a root certificate.
This makes these repos impractical to install via DIB_YUM_REPO_CONF.
Downstream, repo packages like this a frequently used to bootstrap
development builds of RHEL with development repos.
[1] https://www.rdoproject.org/repos/rdo-release.rpm
Change-Id: I2832e723998c9bd7635cdf7541a4c20eff6294d2
Fedora 30 and RHEL-8.2 onwards support the Bootloader Spec and use grubby
to manage kernel menu entries and kernel arguments.
https://fedoraproject.org/wiki/Changes/BootLoaderSpecByDefault
This change detects if this is a BLS enabled environment, and uses
grubby to set kernel arguments on all kernel entries if it is.
Change-Id: I2701260d54cf6bc79f1ac765b512d99d799e8c43
If the grubenv is regenerated, its changes won't be available to UEFI
boot systems unless the changed grubenv is copied to the EFI
directory.
This change copies the grubenv to the EFI directory when the grub.cfg
is copied.
Change-Id: I512502117a6bf1e6122fdfd8965ca488b4a5bae4
Debian stable security repos is now stable-security, as well as other
versions.
Move the Debian bullseye job from experimental to non-voting check.
Change-Id: I451cacda6573727de9448b5857bed5181850b4ad
The latest Debian bullseye release doesn't provide yum any more, only
DNF. This breaks the minimal builds that are using on-host yum tools
to start the chroot. Probe for yumdownloader, and if it's not there,
use DNF.
Note this requires "dnf download" which may not be packaged. See
I21cfbd3935e48be4b92591ea36c7eed301230753 for a sample work-around
that installs this plugin in the nodepool-builder container.
Change-Id: Ia7f1e4d115cc67c378d865d91af94a07b8cdc6cc
Add openeuler-minimal element and add CI functional tests for both
x86_64 and arm64.
OpenEuler is an open source community driven YUM/DNF distro like
Fedora. It references Fedora and CentOS a lot for the rpm packages
building. So somewhat it can be treated as a redhat family distro
and reuse the YUM/DNF related elements to help build openEuler images.
For more info about openEuler, see: https://openeuler.org/en
Depends-On: https://review.opendev.org/c/zuul/zuul-jobs/+/803413
Change-Id: I3e06e49b524364c3a4edeba8bce7a8c06b9c7b76
This change permits the yum-minimal element to be used in downstream
custom distributions, which may have additional packages containing repo
config or GPG keys needed.
This could also be utilized at a later time to move the
distribution-specific logic in this method to each distribution element
separately.
Change-Id: Ic1434bb2fe7301086cf11ba6bd7f2ee187c5e6c8
The following two channels were migrated to OFTC.
#tripleo
#openstack-dib
Also, the following channel was migrated to Libera Chat[1].
#opensuse-cloud
[1] https://en.opensuse.org/openSUSE:IRC_list
Change-Id: Ia4c729a8d284bbfcbdb3b8621ae29d9be57886f5
ABCs in collections should be imported from collections.abc and direct
import from collections is deprecated since Python 3.3.
Change-Id: Idacff95cbb276eda0bc55de771ce6c701363c2e1
Add dnf-plugins-core to the package-installs; this lets things like
"dnf copr" work automatically and is in-line with fedora-minimal base
packages. While we're here, clean up some unneeded packages, and
remove the pkg-map that isn't relevant for Fedora builds.
Change-Id: Iad5a4717bcb55928377cc159b3360b0a70c5c5ac
As noted inline, this works around potential issues by being a strong
indication you are in a container (e.g. [1]). Since nothing should be
changing anything on the host/build system, this is a generically
safer way to operate.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1975588
Change-Id: Ic6802c4ffc2e825f129af10717860a2d1770fe80
There is currently no automated way of growing LVM volumes on boot
like single partition images do with their growroot mechanism. This
lack likely contributes to LVM not being widely used on VM and
baremetal workloads, since growing to the full disk requires workload
knowledge to determine which volumes to grow and by what amount.
The growvols element contributes a growvols python script which can be
run on firstboot (via systemd or cloud-init) or manually via
automation such as ansible. It is also an interactive script which
displays the full list of modifying commands before prompting for
confirmation to run them all.
By default the script will grow the root volume, but arguments allow
any volume to grow by a specified amount, or a percentage of the
available disk space.
Blueprint: whole-disk-default
Change-Id: Idcf774384e56cce03e56c0e19c7d08a768606399
curl's "-v" is a bit too verbose for "-x", especially when what you're
downloading bounces through a few redirects as is common. Turn this
down and put it behind "-xx" or greater.
Change-Id: I6d91166bb237f2a1818cae7532e794ef0f01288b
Element block-device-efi-lvm has been added which is like
block-device-efi but defines an LVM logical group in the root
partition. Three logical volumes are defined in that group, mounted to
/, /var, and /home.
This volume layout will not meet all requirements, but this is more of
an example demonstrating the capability to encourage more usage of
this existing feature.
This is based on the overcloud-partition-uefi element in
tripleo-image-elements, and I believe this capability is too useful to
have the only working example buried in a related project repo.
This change also fixes the element string matching in
_arg_defaults_hack, the 'vm' test was also matching against 'lvm' and
'block-device-efi-lvm' elements. Also the 'block-device-' test now
properly tests for this being the prefix of the block-device element.
This change also makes block-device-efi fsck-passno compliant with the
documentation[1] so that / has value 1 and all other mounts are set to
2.
[1] https://www.man7.org/linux/man-pages/man5/fstab.5.html
Change-Id: If86a0e49186ce5a65cc0084101d31ce59a97b854
Blueprint: whole-disk-default
The bootloader element uses the grub-efi-$arch package to remove already
installed packages (for redhat). The uninstall of a non-installed
package fails with a non-zero exit code on gentoo. The gentoo base
tarball does not include a bootloader and the grub-efi-$arch package is
only used for uninstalls, so zero out the variable to allow bootable
images to be generated.
Change-Id: If8572abd6e19a02f2f63b33d4f83a7054774d7e6
Signed-off-by: Matthew Thode <mthode@mthode.org>
This is a first pass through the bootloader, that removes the extlinux
and syslinux install/cleanup path.
Change-Id: Ifb107796cdb6748430a124bf13ced93db9689bff
As noted inline, the switch to "boot loader spec" grub entries breaks
our setting of the root device. This happened some time ago, and it's
not 100% clear to me why our existing Fedora builds haven't broken on
this. However, the new containerfile based builds do seem to be
hitting this.
Disable it for now.
Change-Id: Ia3472947799bb35ffccfa92937cdd0d68b12a25c
Fedora cloud images have sub-releases in their filename. It is not
exacly clear how this is generated but we do know how we can determine
the greatest programatically.
Change-Id: I7fc56897c681fe037db211c290edcdd23cdd5d5b
This makes the container file element search the active element list
for `containerfiles/${DIB_RELEASE}` for building. This makes it easy
to write wrappers for ubuntu/fedora/etc. containerfile elements.
Change-Id: I68f1d928e54a70bad76985ddd3e156bb5f978b0d
This is a base element which uses a containerfile (Dockerfile) to
build a container image, then the filesystem is extracted from that
image and forms the root of the dib image.
You can add as little or as much to the dockerfile as desired.
Change-Id: I4e821aa2ce7feb8841ef31da56de1a31aa9218b5
With the release of Debian bullseye and later, security updates are
provided in the bullseye-security suite instead of bullseye/updates.
Change-Id: I63580ec96a53e5e8ef8d105e766d838029727917
Currently Debian sets /etc/debian_version to "bullseye/sid" and, due
to a series of issues explained in [1] more fully "lsb_release -c" in
the OpenDev environment doesn't return the distribution code name.
Overriding this to the final release version fixes this.
[1] http://lists.opendev.org/pipermail/service-discuss/2021-April/000222.html
Change-Id: I00c1741dac6ad5f2c4bf855a207f17d8985bc763
Some older distros (like centos8 and xenial) don't support SNI in their
easy_install implementations which are used to install setup_requires
for python packages. PBR is a setup_requires for glean. We work around
this problem when installing glean by preinstalling PBR with pip.
Change-Id: Ie9f5c9ed06954cbe51f23fe8cca0655a931a5201
When a build fails, we can exit and leave ${PROFILE_DIR} behind. Make
sure this is cleaned up with an exit trap.
While we're adding a function, update the syntax of the others for
consistency.
Change-Id: I14499b5ebaaa30126aaa6b3d1bd86ed64f110fda
The rhel-8.4 qcow2 base image already has the grub2-efi-x64 package
installed on its single partition which has files installed to
/boot/efi..., however a partitioned image will have an empty /boot/efi
partition when running 50-bootloader. This means dnf will not install
grub2-efi-x64 when requested and /boot/efi will remain empty.
This commit makes the following changes:
- Refactors redhat bootloader pkg-map for the following:
- Make x86_64/amd64, arm64/aarch64 adjancent so they don't diverge
- Map grub-efi to packages installed to /usr
- Map grub-efi-{arch} to packages installed to /boot/efi
- Removes packages grub-efi-{arch} before installing grub-efi and
grub-efi-{arch}
Change-Id: Ia197feea34f43bd870fed30829b740596e6b2f48
https://review.opendev.org/c/openstack/diskimage-builder/+/785138
adds the support for DIB_DNF_MODULE_STREAMS which is now available
for all Yum based distros.
This patch enhances the docs for using it for all Yum
based distributions.
Signed-off-by: Chandan Kumar (raukadah) <chkumar@redhat.com>
Change-Id: I29e726679c2b675b3c0cd95a3ff48fdad7cd5431
We've noticed that centos8 arm64 images have a root devices of
/dev/mapper/loop7p3 which make sense within a dib image build context
but not at boot time. Dib intends to use labels to set the root device
but when efi is used we end up running grub2-mkconfig against the efi
grub config path before we configure grub to use labels.
Fix this by running grub2-mkconfig after its configuration is set.
This should avoid confusion and complicated paths through the scripts
that configure this for us. We then copy the resulting config to the efi
specific grub.cfg location for platforms that have it.
There is also a small refactoring that is done to try and make the ~3
boot variants more clear:
1) Booting with legacy bios
2) Booting with uefi without a signed shim that directly calls grub
3) Booting with uefi and a signed shim that calls grub
Options 1 and 2 share the /boot/grub*/grub.cfg file. Option 3 needs its
grub.cfg to live alongside distro specific efi target.
Change-Id: Ie9790da9d1bbea58197b37b15a48e77f8a93c1ac
While building cloud images, it is common to set modules
for CentOS and RHEL images. Earlier it was part of rhel-common
which was specific to RHEL OS not for CentOS. Moving it
under yum element as module/stream can be enabled or disabled
via dnf itself.
Signed-off-by: Chandan Kumar (raukadah) <chkumar@redhat.com>
Change-Id: Idc0f277f97e92e4d003f059f01b59f1b5513da34
At this moment the IPA image building with OpenSuse is broken and here, it was failing during the release check for Opensue because etc/SuSE-release is not valid anymore and deprecated for openSuse. Its renamed to /etc/os-release for openSuse rlease 15. This PR will solve the issue to build IPA image with OpenSuse base image. There is another PR opened in ironic-python-agent-builder, which adds all the missing packages, setuptools upgrade and svc mapping to do the build successful.
https://review.opendev.org/c/openstack/ironic-python-agent-builder/+/778726
Bug-Report: https://bugs.launchpad.net/diskimage-builder/+bug/1921510
Change-Id: Id2759be29bfcbf2ecf1ce67e171686924b506b1a
open-iscsi and open-isns need keywording to support gcc-10, move it out
of being keyworded only for musl profiles.
remove unneeded keywords for python-exec and python-exec-conf (marked
stable)
use the full package name for the dev-lang/python-exec-conf package
Change-Id: I44eaf8c2230e9e2089a72fce46954f4336626843
Signed-off-by: Matthew Thode <mthode@mthode.org>
As of grub2 >= 2.02-95 on redhat family distros, calling grub2-install
on an EFI partition will fail with: "this utility cannot be used for
EFI platforms because it does not support UEFI Secure Boot."
This version of grub is now in centos8-stream and non-eus repos of
RHEL-8. It is not currently possible to build whole-disk UEFI images
on these distros, and when this package is promoted this will also
affect centos8 and RHEL-8 eus. The grub maintainers made this change
because the grub2-install generated /boot/efi/EFI/BOOT/BOOTX64.EFI
will never be capable of booting with Secure Boot.
This change defines a $EFI_BOOT_DIR for every distro element. When
directory /boot/efi/$EFI_BOOT_DIR exists a grub.cfg file in will be
generated there. This change also installs the shim package on redhat
family distros, which installs a copy of the shim bootloader to
/boot/efi/EFI/BOOT/BOOTX64.EFI. Using centos as an example, this
allows UEFI to boot the shim /boot/efi/EFI/BOOT/BOOTX64.EFI which
then chains to /boot/efi/EFI/centos/grubx64.efi.
If /boot/efi/$EFI_BOOT_DIR doesn't exist (such as for Ubuntu,
/boot/efi/EFI/ubuntu) the current behaviour of running grub-install to
generate /boot/efi/EFI/BOOT/BOOTX64.EFI will continue. For distros
such as Ubutnu where packaging does not populate /boot/efi/EFI/ubuntu
with .efi files, secure boot can be added in the future by copying
.efi files to /boot/efi/EFI/ubuntu and copying the shim file to
/boot/efi/EFI/BOOT/BOOTX64.EFI.
Change-Id: I90925218ff2aa4c4daffcf86e686b6d98d6b0f21
The path for get-pip.py script in version 3.5 has been changed
with this commit [1].
[1] 2360f025eb
Change-Id: Ifde16e40b4e241c6c4c93df44330c403ee903e6f
As of grub2 >= 2.02-95 calling grub2-install on an EFI partition will
fail with: "this utility cannot be used for EFI platforms because it
does not support UEFI Secure Boot." In the case of ironic deployments,
ironic-python-agent will call efibootmgr to set the local boot for
subsequent boots.
This change adds efibootmgr to the image as well so any other UEFI
menu changes can be made manually.
Change-Id: I765ded15da07d6227d1e337960e54ad0e0d6ca39
The python3/python3-pyyaml packages both are never installed and dnf
itself never updated when $DIB_DISTRIBUTION_MIRROR set and used.
This change fix the order of the operations:
1. yum/dnf configure.
2. *.repo patching.
3. yum/dnf update/install execution.
Change-Id: Ifbbf1f0190fe8c8a77fb3be820e8056447e755f6
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>
The trvial fix allow override to work in air-gapped envirments where
the command 'curl -s https://cloud.centos.org/...' would fail.
Change-Id: I84296d8816042e4cd4cb02f15746b86d600d13d6
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>
Use the actual virtualenv to install proliant tools, and make sure the
dependencies needed for sum firmware upgrade are included.
Change-Id: Ie1dbb868450918567b2903cdeccda35af1904417
Closes-Bug: #1916346
This PR updates locations for files used by the bootloader depending on
the target operating system built. The current logic does not take into
account latest versions of operating systems and makes it impossible to
build ISOs against those.
With this change it is possible to correctly build CentOS 8, Ubuntu
18.04 and Ubuntu 20.04 images.
Closes-Bug: #1916913
Change-Id: I3ed0041640f539e82805d03ba26fe46217f3ac3c
The only difference between the rhel and redhat entries is rhel has
the extra grub-efi-x86_64 mapping. All redhat family releases would
benefit from having this too, so this change removes the whole rhel
entry and adds grub-efi-x86_64 to the redhat family.
The assumption is that anything which applies to rhel also applies to
centos-stream, and in this case doesn't harm centos or fedora either.
Change-Id: I0dc44c1f2b57516742f4c3e43cfc8874d6b90fa2
This package doesn't exist in the stream base repo, and neither does
centos-linux-repos.
These are presumably replaced by centos-stream-release and
centos-stream-repos. This change adds an else block to handle the
non-stream base packages.
Change-Id: I32249199c3dfa44fc24fba28d24f314112c2e200
This change will remove any existing interface configurations in the image. They are not necessary
and could interrupt with deployments. In any case they should not exist if we use
dhcp-all-interfaces element.
Change-Id: I35a4b5ea6e2315de3b0d9f8353ac2b6f4b995697
Set eus repositories if REG_RELEASE is set instead of the base repos
as the current behavior is to use the non-EUS repositories for RHEL
8.2 deployment which breaks image building for customers.
Change-Id: I8e687b27922c3f6fc3d69794866795ab89ecc346
The get-pip script does not work well with Python 2 and
it raise error during the installation [1].
[1] https://github.com/pypa/get-pip/issues/83
Change-Id: I3755c34da313ef647547c6ae18b59cc04c2cdd60
portage now generates /etc/python-exec/python-exec.conf based on the
order of PYTHON_TARGETS in /etc/portage/make.conf
fixes an issue where ARCH was being detected as amd64 not x86_64
fixes kernel installs (virtual/dist-kernel)
standardizes simple if statements (note, the 'shorthand' method will
pass the exit code back to shell but the 'longhand' does not).
Change-Id: I74041c232bc6ab4d6e67a4ecfaa759aa4a5feb6c
Signed-off-by: Matthew Thode <mthode@mthode.org>
* Add "DIB_UBUNTU_MIRROR_DISTS":
Default: ``updates,security,backports``
Notes: For some deployment, is may be required
to disable backport|update|etc packages
integration.
Change-Id: Ic7dcd29ea658a66763b4422915149e4d3fe663cc
Despite having several issues (like missing firmware), it is still
used by people. It seems that the only way to stop that is to remove it.
Change-Id: I4baed8e8ab663c624dcc8d06ff0293d57b082abb
This use the same workaround as element bootloader's[1] to fix CentOS
8.3 partition image building error with iscsi-boot:
...
2021-01-12 07:11:02.439 | + grub2-mkconfig -o /boot/grub2/grub.cfg
2021-01-12 07:11:02.654 | /usr/bin/grub2-editenv: error: cannot rename the file /boot/grub2/grubenv.new to /boot/grub2/grubenv: No such file or directory.
2021-01-12 07:11:02.665 | Generating grub configuration file ...
2021-01-12 07:11:03.112 | /usr/bin/grub2-editenv: error: cannot rename the file /boot/grub2/grubenv.new to /boot/grub2/grubenv: No such file or directory.
...
[1]: https://review.opendev.org/c/openstack/diskimage-builder/+/750279
Closes-Bug: 1911120
Change-Id: I2de5444f7e1a145df9abb03fa4c367e8bb914e03
This fixes below building error When build centos with element
dracut-regenerate on ubuntu by specifying the initrd and kernel version.
...
2021-01-12 03:44:15.758 | dracut: Cannot find module directory /lib/modules/5.4.0-58-generic/
2021-01-12 03:44:15.759 | dracut: and --no-kernel was not specified
2021-01-12 03:44:15.765 | Traceback (most recent call last):
2021-01-12 03:44:15.766 | File "/tmp/in_target.d/finalise.d/50-dracut-regenerate", line 102, in <module>
2021-01-12 03:44:15.766 | main()
2021-01-12 03:44:15.766 | File "/tmp/in_target.d/finalise.d/50-dracut-regenerate", line 82, in main
2021-01-12 03:44:15.766 | raise e
2021-01-12 03:44:15.766 | subprocess.CalledProcessError: Command '['dracut', '--list-modules']' returned non-zero exit status 1.
...
Change-Id: I87ae20b3fa2f291bb107e607137fcd7b1c0a4996
While looking at DIB logs, it is very hard to debug dracut
issues due to missing modules, listing dracut modules will
give an insight.
Related-Bug: #1907457
Signed-off-by: Chandan Kumar (raukadah) <chkumar@redhat.com>
Change-Id: I4d277bdfd648adba5a749d22d905c66b807e249a
With Centos 8.3, centos-repos package has been replaced by
other packages [1].
[1] https://lists.centos.org/pipermail/centos-devel/2020-September/056069.html
Also Increase flake8 and pyflakes version in lower-constraints.txt as
this was already broken.
Change-Id: Ife139fcaff0c2d944098ea353259971d2d3f18b8
The git package pulls in heavy dependencies for just a few rarely
used commands. git-core should be enough (and already uses for Suse).
Change-Id: I96b71072c22c26b3b651466053b9e9561527cbe5
Modern distros use more creative interface naming, e.g. CentOS 8
adds both eth0 and ens3 (!). Remove everything.
Change-Id: Ibdebdb09ea790787840cf9b817d4eb549ef18249
Grub2 messes up arguments with double quotes in them, changing from
key="value" to "key=value" [1]. Support this format as well.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=950760
Change-Id: Icf4c9f86009d29a342d6e0e21644af680066b0b2
Autoremove can touch packages, that are assumed to be present
for post-install step.
A good example is dkms, which is dropped in
install.d, but dkms element try to use it in post-install step.
This results in the following log [1]
[1] http://paste.openstack.org/show/797809/
Change-Id: I635af230c6b250fee273039935cf19506e83b3d1
This is never called externally to dib, so doesn't need to be an
entrypoint. Call it from within dib using the running python
executable and from the lib/ directory; this means we do not need to
have the virtualenv activated to run disk-image-create.
Change-Id: Ie9b551824792864402b0c63ccc350dc5c92dcc3f
This is really an internal dib tool. Move it to the lib directory,
and call it with the python we are running under.
This is one less reason to require the virtualenv to be activated when
you run 'disk-image-create'.
Change-Id: Id689683a0b1fdcb446b04ba967284a216133d743
Provide ability to run dhcp client on VLAN interfaces created on
top of an Ethernet interface. See also
<https://storyboard.openstack.org/#!/story/2008298>`__ for further details.
Change-Id: Ic3ffd7b8e23b1e996cfe6c79ce0ff47e521f30be
centos-repos package is not available on centos-8-stream:
2020-11-02 15:35:20.962 | No Match for argument centos-repos
2020-11-02 15:35:20.992 | No Match for argument centos-release-stream
The build fails later on install_pkg_manager sed command:
2020-11-02 15:35:22.903 | sed: can't read
/var/cache/nodepool/dib_tmp/dib_build.iPSHptNW/mnt/etc/yum.repos.d/*repo: No
such file or directory
This change ensure centos-stream-repos package is installed to provide
/etc/yum.repos.d/*repo files
This change replace 'centos-release-stream' package with the new
'centos-stream-release' package [1]
[1] https://lists.centos.org/pipermail/centos-devel/2020-September/056069.html
Change-Id: I6c397bf7b5797a02e5f006c18ee63c9cdf66b38c
We are running yum-config-manager/dnf config-manager in the epel
element. Even though the yum-utils package is declared in the
package-installs.yaml file, the package-installs pre-install.d
script is executed after the one in the epel element, so image
build fails.
This commit ensures yum-utils or dnf-plugins-core are installed
before running the command.
Change-Id: Ib292b0b2b31bd966e0c5e8f2b2ce560bba89c45c
Initial patch for I78d7bcf214a45245e2073428120fcbdd968e1acd
works without the envvar set, however, 'set -eu' causes it to break
if unset.
This makes the module configuration variable not required to be
set, consistent with other DIB scripts.
Change-Id: I5ca80f518d0371a18c107c061dc923876463af57
Signed-off-by: Lon Hohberger <lhh@redhat.com>
This disables growpart module in cloud-init, not resizing / partition
to maximum disk free size by default.
Change-Id: I69984a9141fa8abb12dc5d51bd334f9280deca67
Originally it was added for missing python-cheetah dep
for openstack-nova. Nova has removed usage of it long
ago with [1]. rhel-7-server-rh-common-rpms should be
disabled once it's usage is over as it packages from
it can conflict with other openstack repos.
If some package which is needed by OpenStack Packages
is missing then instead of adding rhel-7-server-rh-common-rpms
repo consideration should be to add it in RDO.
[1] https://review.opendev.org/#/c/40205
This reverts commit c7219a5a60.
Change-Id: Iad3a1c353c10bb35f9c9ef4076b65f5c84b803b2
This file is present in both dpkg and debian-minimal element,
causing a failure to build anything with debian.
Change-Id: I8213d581a79bb432281f31955a44418e4047d9e1
Some OpenStack releases on RHEL require specific modules
in order to function correctly. This adds the ability
to set DIB_DNF_MODULE_STREAMS which then are selected
prior to package installation.
Change-Id: I78d7bcf214a45245e2073428120fcbdd968e1acd
Signed-off-by: Lon Hohberger <lhh@redhat.com>
e2fsprogs pulls in info which needs gzip. But that conflicts with the
preexisting busybox-gzip. Install normal gzip to ensure that things can
proceed without conflict.
Change-Id: I3bed5bc141eaa0f3a15bfbf9da3e2d6e7c964a76
busybox-grep is pulled in by the base image and it conflicts with rsync
package installs because rsync needs grep proper. Install grep proper
prior to installing the base distro to avoid this issue later when
trying to install rsync.
Change-Id: I2ec2bf39a2af214443a93776231657b25035e54f
The rhel8.2 .qcow2 images have moved from a single xfs partition into
an EFI style layout with separate /boot/efi partition.
This means the root partition has /boot/grub2/grubenv as a symlink to
../efi/EFI/redhat/grubenv, which is dangling when we are running the
bootloader element as /boot/efi is blank. grub-install tries to call
rename() in the process of re-writing this file, which fails and bails
out dib.
Remove this symlink if it exists
Change-Id: I5591144a3617dbae148b0c5d2a6a404942ffcd4e
Parital-Bug: #1893029
Redhat-Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1871669
I088fc4284e889147ca9a375d4a159264cff53484 tried to slot the python3
install between the 00-dnf-update and before 01-package-installs;
however it also needs to run *after* the RHEL subscription
00-rhel-registration.
Thus a better place for it is 01-00-centos-python3, which will order
it after subscription and package updates, but before any use of
package-installs.
To avoid confusion over naming, move 00-0-dnf-update back to just
00-dnf-update.
Change-Id: Ib7c82895769e4889d47e10c4b37e06a42c053903
This avoids having to have gnupg2/apt-key dependencies in the base,
and is now well supported by modern Debuntu.
Signed-off-by: Matthew Thode <mthode@mthode.org>
Change-Id: I7065b2fab6125d9635ef99ff65d374b8b6b4c3a2
This patch makes iscsi-boot element support not only just
DISTRO_NAME centos7 but also centos and centos-minimal.
Change-Id: I8db8b01f35b2e572666badd8d2316d24a5e4287a
Update an rc-update call to only be made if running openrc instead of
all gentoo profiles (systemd does not have rc-update).
Add python3-pyyaml package mappings.
Update serial console to support multiple arches.
Update open-iscsi and open-isns keywords (looks like upstream merged
some musl fixes).
Update the kernel and initramfs file name globs for the
gentoo-kernel-bin usage.
Change-Id: I259bffed3a3e3f92be2210ead6bdfa383917d457
Signed-off-by: Matthew Thode <mthode@mthode.org>
This breaks having git as a package-install in other elements. And results in diskimage-builder always erasing git on the image.
This reverts commit 3c65025559.
Change-Id: Ifb18c4243aa08055d98602aa4fdb30b16dae061d
Adds:
1. grub-efi package mappings
2. efi-64 support
3. default (openrc) arm64 profile
4. systemd arm64 profile
Cleans up the keywords and use flags in 02-gentoo-02-flags. Most stuff
was stablized. Also cleaned up some formatting for the if statements.
Enables less trusted overlays (up to the end user to verify).
in 10-gentoo-image I cleaned up some bash lint things as well.
using && instead of -a and avoiding $?
Change-Id: I3dffe1aab4bbdc4946a9bf2269bf0cde49529a4e
For Bios and EFI compatibility, grub must be installed twice.
This patch adds the bios version when EFI is selected. The GPT EFI block partitioning
already adds the bios partition, but the bootloader only called grub once.
Change-Id: Iee6c8b3b97b3cfff4562bcb30a50800f5ade894a
Closes-Bug: #1889089
NetworkManager takes a distinctly differnet network management
approach and the bulk of the dhcp-all-interfaces code is largely
targetted at distribution specific configuration. Some which may
or may not override settings, or only partially assert desirable
settings.
As such, we need to set appropriate configuration, such as the
correct client to be used, and timeouts based upon user supplied
settings.
By default this change sets the client to be dhclient on redhat
styled machines, as the packaging default, while it works for
ramdisk usage, it does not reset the interface between retries,
which can be critical if the infrastucture operator is attempting
to configure LACP trunks to the end node.
Change-Id: I0e0cfbdbf7ef2b2861b934ccd7dab9d83a35c8f0
Story: 2008001
Task: 40648
Git is a build-time dependency that should not end up in the final
image should source-repositories be the only element requiring it at
image build time.
Change-Id: Id0798c0a753f893d02c2d13fddea0c04b28cb7ca
This patch adds support for CentOS 8 Stream [1] to the centos element
(cloud image). Users should set DIB_RELEASE=8-stream.
[1] https://www.centos.org/stream/
Change-Id: Ib8f542031c46326ffed812fa60cbc9e56db9d6fd
glance-registry service was deprecated in Queens release and has been
removed in Victoria [1].
[1] https://review.opendev.org/#/c/738671/
Change-Id: Id2dfc3455b377b885521556f37f4b0f2da197655
We are at the point that all distributions we are building have Python
3, so any tools running in the chroot can assume Python 3 exists.
This makes dib-python redundant; mark it as deprecated and start to
remove it from elements where it is no longer required.
Change-Id: I5d852843ec65d3b04444b77c54c5b82424455cd8
CentOS 7 is the only distro we support currently that doesn't have
Python 3 installed in some form in the base images. For centos 7 add
an early install of it in the yum element so we can have all the
in-chroot scripts assume Python 3. There is only one package that
causes issues; yaml which comes from EPEL. Everywhere else it is a
base package, but we don't have a way to say "enable epel to install
this". Just hack it in, we don't want to go reworking the world for
CentOS 7 at this point.
Also add python3 and it's yaml library to the centos 8 path. This
brings in the "user" python3 in /urs/bin/python3 (the "system" python3
is already installed). Again, this just lets us assume
/usr/bin/python3 in scripts for all platforms.
package-installs is one of these things running python in the chroot,
and unfortunately we have elements that use it at 01- level in
pre-installd. Thus to make sure python3 is there nice and early, run
it at 0 level, but make sure it comes after yum/dnf update.
Change-Id: I088fc4284e889147ca9a375d4a159264cff53484
Other architectures are stored under "altarch" for CentOS 7, update
the match.
Convert the delimiters to "," to avoid a subtle problem with "|" --
POSIX states
Within the BRE and the replacement, the BRE delimiter itself can be
used as a literal character if it is preceded by a backslash.
So "s|\(foo\|bar\)|moo|" doesn't do what you might think; the inner
pipe becomes a literal | and this will *not* match "foo" or "bar".
Change-Id: Ic1642325e3a59a10453c356d8d839ce649812af8
Simplify gpg checking by caching a keyring instead of keys to import.
Change-Id: I5ed74ec0e12732aec40ef31377e72d7ddc347f95
Signed-off-by: Matthew Thode <mthode@mthode.org>
