Commit Graph

3470 Commits

Author SHA1 Message Date
Jenkins
7c6f91fe37 Merge "Fix OpenSUSE support" 2016-05-12 00:36:23 +00:00
Ian Wienand
672705831f Add a best-effort sudo safety check
As motivation for this; we have had two breakouts of dib in recent
memory.  One was a failure to unmount through symlinks in the core
code (I335316019ef948758392b03e91f9869102a472b9) and the other was
removing host keys on the build-system
(Ib01d71ff9415a0ae04d963f6e380aab9ac2260ce).

For the most part, dib runs unprivileged.  Bits of the core code are
hopefully well tested (modulo bugs like the first one!).  We give free
reign inside the chroot (although there is still some potential there
for adverse external affects via bind mounts).  Where we could be a
bit safer (and could have prevented at least the second of these
breakouts) is with some better checking that the "sudo" calls
*outside* the chroot at least looked sane.

This adds a basic check that we're using chroot or image paths when
calling sudo in those parts of elements that run *outside* the chroot.
Various files are updated to accomodate this check; mostly by just
ignoring it for existing code (I have not audited these calls).

Nobody is pretending this type of checking makes dib magically safe,
or removes the issues with it needing to do things as root during the
build.  But this can help find egregious errors like the key removal.

Change-Id: I161a5aea1d29dcdc7236f70d372c53246ec73749
2016-05-09 15:41:38 +10:00
Jenkins
6c57795056 Merge "Add documentation for dib-lint" 2016-05-05 06:43:21 +00:00
Colleen Murphy
b5f51322a3 Fix OpenSUSE support
The dhcp-all-interfaces and simple-init elements did not have the ISC
DHCP Client package mapped for OpenSUSE, which caused DIB to fail with
"'isc-dhcp-client' not found in package names. Trying capabilities."

Similarly, the bootloader element did not have the grub-pc package
properly mapped for OpenSuse, which caused DIB to fail with "Package
'grub-pc' not found.".

This patch adds the package mappings for these elements so that the
opensuse element can be created and booted successfully.

Change-Id: Ife478158fec3a95de73a9206b38dcc6511d56cc8
2016-05-03 22:23:51 -07:00
Jenkins
83b607557e Merge "Remove cloud-initramfs-growroot package" 2016-05-03 13:24:53 +00:00
Nisha Agarwal
9d397d2568 Install proliantutils in IPA's virtualenv
The proliant-tools element helps to do RAID
configuration in ironic for HPE servers.
This fix proposes to install the proliantutils
in ironic-python-agent's virtualenv created
using ironic-agent element.

Closes-Bug: 1563648
Change-Id: If63c725a42740ab244a2b4004797cba09d0f154e
2016-05-02 01:56:26 -07:00
Ben Nemec
c6b6f269cc Add documentation for dib-lint
Prior to this, no user documentation of dib-lint existed, which
meant users had to read the dib-lint code itself to figure out
how it worked.  This changes adds documentation on using dib-lint
and the checks it currently supports.

Change-Id: I285c5cc680dd9fbd9bd3f667ef102be14e248114
2016-05-02 01:29:17 -05:00
Matthew Thode
d1b0fc16aa
Add test dependency installation on Gentoo
Here I add test deps for Gentoo, the main ones to call out are as follows.

* pyyaml: not installed by default and needed for the package element
* parted: not installed by default and needed for the VM element
* multipath-tools: not installed by default and provides kpartx

Change-Id: I07ce871fb3e684bfd9d06268d5c5bd118314f321
2016-04-30 20:56:01 -05:00
Ian Wienand
11128b0673 Use generic "dhcp-client" name
Every platform has a different name for their DHCP client, so use a
generic name "dhcp-client" in the package name and let everyone choose
their sub-name.  This also brings some consistency across simple-init
& dhcp-all-interfaces

Change-Id: I797aa7aacb13dfb7f35700463dc11d55552eb108
2016-04-22 11:31:54 +10:00
Ian Wienand
8b4a5e9919 Split YAML & JSON parsing
It turns out that invalid JSON can be valid YAML ... thus if you mess
up a pkg-map file that still works as a YAML file dib-lint will let it
pass, but when pkg-map later tries to open it as a JSON file, it
fails.

Parse each type separately to catch these problems.

Change-Id: Ib3985e7d1599ed6bf3b7a73b786a53177b71fae0
2016-04-22 11:20:57 +10:00
Ian Wienand
b388b20f99 Add some output to dib-lint
It's hard to tell if dib-lint is working as it outputs nothing.  Add
some minimal output strings at some key points.

Change-Id: Id11cc9ecb8d5215d6fc8d8ef3584bfeeba53ff13
2016-04-22 11:20:10 +10:00
Gregory Haynes
a078e780ca dhcp-all-interfaces depends on dib-init-system
This element uses the dib-init-system command and therefore depends on
the element.

Change-Id: I1374500fb5b79e0f0c9c41346b5b7baf3f7755aa
2016-04-22 09:23:11 +10:00
Gregory Haynes
e096337a21 dhcp-all-interfaces depends on dhcp
Add package dependency for dhcp client

Change-Id: I63683485a5c5dbe65bfc38c8d64a88ee5549fda8
2016-04-22 09:23:09 +10:00
Jenkins
33d7e8b25e Merge "Add Gentoo to the dhcp-all-interfaces element" 2016-04-21 23:03:24 +00:00
Matthew Thode
de0cddc390
Add Gentoo to the dhcp-all-interfaces element
This makes use of the dhcpcd package and it's ability to run on all
interfaces by default.  We disable the privacy extensions and dhcp
overriding the hostname (both are enabled by default).  Other than
that it 'just works' and was the method used to bring up interfaces
on Gentoo Openstack images before we switched to building with DIB.

Change-Id: I02c14927d70b22f560c6fc149fefca0f93933f56
2016-04-21 16:40:06 -05:00
OpenStack Proposal Bot
f8755d9f3f Updated from global requirements
Change-Id: I0f97f1d0032cba81da62a80b9669aa2ea38e1335
2016-04-21 18:11:09 +00:00
Jenkins
45afd99012 Merge "Handle unconfigured interfaces for dhcp-all-ifaces" 2016-04-21 05:23:37 +00:00
Jenkins
874fef9fe9 Merge "Really remove all interfaces in dhcp-all-ifaces" 2016-04-21 05:23:31 +00:00
Jenkins
cc13bb304b Merge "Add releasenotes" 2016-04-21 05:04:27 +00:00
Ian Wienand
7aa9157c33 yum-minimal: strip locale archive
Rather than removing all locale related stuff in cleanup, strip the
locale archive and rebuild it.

Building just en_US (along with POSIX/C) brings things inline with
debootstrap.  As discussed in the bug referenced, this is about the
best we can do for Centos7.

Fedora 24 has split languages out into packages so we don't have to do
this, but I have not dealt with that yet.  A guard is put in place so
we make sure we revisit this when we try to build F24.

Change-Id: I3f384d23e52effd6a09f47134746caa4a5c586be
2016-04-21 15:00:13 +10:00
Jenkins
a6754a5c3a Merge "Move selinux restore to end of finalise" 2016-04-21 04:30:08 +00:00
Ian Wienand
634391185c Add releasenotes
Use reno to start at keeping release notes.  Add an initial log.

Change-Id: Iba3ebd3b01c15030ac2585dda82e43657e511310
2016-04-21 13:19:53 +10:00
Jenkins
a7fd0aebd9 Merge "Change to latest CentOS-6 image" 2016-04-20 21:52:24 +00:00
Jenkins
7e34c2d97d Merge "Allow skipping the md docs check" 2016-04-20 20:56:19 +00:00
Jenkins
bef58a0880 Merge "Don't stop dib-lint on first flake8 failure" 2016-04-20 18:00:20 +00:00
Abel Lopez
b2a2368844 Change to latest CentOS-6 image
cloud.centos.org appears to have changed their naming for images.
This latest iteration drops the YYYYMMDD in favor for YYMM, but
also has a 'latest' available without the date stamp.

This change will mean we no longer have to submit new code reviews
whenever centos changes.

Change-Id: I5a6a0de822561c1d0681abb9487993acf55918f1
2016-04-20 10:44:09 -07:00
Jenkins
1ecb6c20e4 Merge "Document upstream executable numbering convention" 2016-04-20 09:30:29 +00:00
Gregory Haynes
9a3f31df98 Document upstream executable numbering convention
Add documentation to our developer guide about not creating executables
before or after 10/90 in the upstream element's phase directories.

Change-Id: I93ab70f37da0d81f8683a76fd3b341b761ea04e9
2016-04-20 04:09:39 +00:00
Ian Wienand
6a1eb2457c Move selinux restore to end of finalise
After a bit of spelunking, I90d0c96d5659326ba67d6119b96d9a4113adf7fe
was the original change that introduced the setfiles here rather than
autorelabel at boot time.

Touching the autorelabel file probably makes sense somewhere low, but
when we start relabling the file system we really should be doing that
as late as possible so we fix up everything that has come before.
Move this to 90 to capture this.

Change-Id: Iae0afe850f52ec3b59c49507fa9bbcc1c8f8cfa1
2016-04-20 13:52:37 +10:00
Ian Wienand
e2c0d16f84 yum-minimal : better cleanup of initial yum failure
If the initial yum install into the chroot fails, we can leave behind
a lockfile and an incorrectly modified rpmmacros.

Change this so we run the cleanup unconditionally.

Change-Id: Ia9f9c4c845e5f34d33ff9a4ab7226c9175283757
2016-04-20 09:42:42 +10:00
Jenkins
1fabb01a4f Merge "Prioritize venv python on host" 2016-04-18 23:17:28 +00:00
Jenkins
146be596f6 Merge "simple-init: Fix path for /etc/ssh test" 2016-04-18 19:37:35 +00:00
Jenkins
20def6a0cb Merge "dib-run-parts: make cp to target root more robust" 2016-04-18 19:37:29 +00:00
Jenkins
05382d10b9 Merge "Fix disk usage report" 2016-04-18 19:36:40 +00:00
Jenkins
1ea71d348c Merge "Add qcow2 generation for better test coverage" 2016-04-18 19:32:06 +00:00
Jenkins
7d0a27b1a8 Merge "Skip gentoo test" 2016-04-18 19:31:53 +00:00
Jenkins
4dced6e90d Merge "Fix add-apt-repository package for precise" 2016-04-18 19:17:09 +00:00
Ian Wienand
a8d8724e3c Add EPEL as requirement of centos-minimal
I guess I hadn't tried centos-minimal without the puppet elements that
install this for us.  But the "base" element wants dkms, which is only
in EPEL for centos.  But it's a helpful convenience so is globally
useful.

Change-Id: Ia9af97efdbd855fb8202353196ad649093788cb8
2016-04-16 07:03:39 +10:00
Ben Nemec
c3ee0acdd8 Allow skipping the md docs check
Not every project that uses dib elements will necessarily want this
check enabled.

Change-Id: Id4b167ed220dd55852b6587b884fabe7bc8554eb
2016-04-15 10:38:32 -05:00
Ben Nemec
bdf3aab53a Don't stop dib-lint on first flake8 failure
It's better to report all of the failures in one shot, so we should
make sure a flake8 failure doesn't immediately end the dib-lint
run, and instead just sets the error flag like the other checks.

Change-Id: Ib13fc71bb12a6565888bdd89f33fc6ada89f8d8c
2016-04-15 10:29:48 -05:00
Ian Wienand
2dc4154724 Fix up EPEL element
For whatever reason, RHEL identifies itself with DISTRO "rhel" for 6
and "rhel7" for 7, but centos just uses "centos" and DIB_RELEASE.  So
this was wrong and installing EPEL6 on centos7.

But we can simplify it completely for centos because that comes with
the epel-release package already included.

Change-Id: I2b8f5d30b850fef46b4a5ba32a917abcbf25932c
2016-04-15 12:37:22 +10:00
OpenStack Proposal Bot
e3f92e4a52 Updated from global requirements
Change-Id: Ia75dfa7c0ef9cbbbe5b7dba51d13c50c91c52922
2016-04-15 01:52:46 +00:00
Jenkins
4f6ce09385 Merge "Support to add certificate in ironic-agent" 2016-04-14 18:30:04 +00:00
Aparna
cd66aebf40 Support to add certificate in ironic-agent
This commits provides support to add certificate while
building the image using ironic-agent element. The
certificate can be CA certificate or self-signed certificate.

The certificate is set to the environment variable
'DIB_IPA_CERT' which in turn is used by the ironic-agent
element while building the image.

Change-Id: I648f7934d4787dcc3030885cfca771b642a9595e
2016-04-14 13:42:36 +00:00
Clint Byrum
4ceb40e13d simple-init: Fix path for /etc/ssh test
The cleanup path was fixed, but not the actual test.

Change-Id: If9ff4ee55604fa317a9a5bda0eee0b2783ef079a
2016-04-13 14:53:21 -07:00
Jenkins
67bef7ed16 Merge "Debian: dont set always the hostname to debian" 2016-04-11 08:31:55 +00:00
Jenkins
a6dd8d6b5a Merge "Turn down tracing for source-repo cache" 2016-04-11 06:12:49 +00:00
Ian Wienand
a7afe652d6 Fix disk usage report
This was not well tested.  Build the argument into a variable which
can be eval()ed to produce the final output.

Add the flag so we test this during functional tests.  Add "-x" to dib
invocations so we can more easily debug failures.

Change-Id: Ifdc82627c520379b4124ccb9a4c2fe806c52c75c
2016-04-08 07:07:00 +10:00
Ian Wienand
43e1e36cc6 Add qcow2 generation for better test coverage
Add qcow2 generation for better test coverage.  Add "-x" to the dib
invocations so we can better debug failure cases.

Change-Id: Idd0e33c70fcd7737e6dc43e26b054fbc2982c022
2016-04-07 15:25:34 +10:00
Ian Wienand
2764f2a659 Skip gentoo test
The idea was to put this in non-voting, but we never added it to the
skip list so it has been running by default.

Change-Id: I67f3453607077146ceb9430d12b4b9bfcd34437f
2016-04-07 15:13:40 +10:00