Commit graph

3717 commits

Author SHA1 Message Date
Harald Jensås
1ac31afd62 Use rpm -e instead of dnf for cleaning old kernels
If the running kernel of the system building the image
matches the kernel that is to be removed dnf will fail.

Repalce use use of dnf with rpm -e.

Closes-Bug: #1623409
Change-Id: Ie2481ea8a02b7b0720e46fa179f24badf4aa25c5
2020-03-19 22:35:23 +01:00
Monty Taylor
c113703050 Add support for build-only packages
Sometimes an element needs packages installed so that it can
perform tasks but those package are not appropriate for the
final image content. Add a "build-only" flag to package-install-squash
which will cause package to be installed at the beginning of the
phase and then uninstalled at the end of the phase.

Change-Id: Ie01b795991710c93f6b669c8f14b57eb4412c1d5
2020-03-18 14:40:44 -05:00
Ian Wienand
64d2ea26e7 bindep: remove lsb-release
This came in with edc06a20e5 although
it's not totally clear why.

We found that we were sourcing devstack scripts during build in infra,
and inadvertently relying on this package being around on the host.
This was incorrect but can this type of problem is hidden if the
package is installed unnecessarily.

I do not think this actually required now; remove from bindep to
minimise chance for such false or hidden dependencies.

Change-Id: I7895d4c5019511eb2169915cd8092e707e8ee732
Story: #2007407
Task: #39068
2020-03-16 10:33:40 +11:00
Monty Taylor
1038f9c8ba Remove hacking from requirements
putting it in requirements means it's installed for anything that
installs diskimage-builder. Not just for tests, but in actual prod
installations. Because of the way flake8 plugins work, this means
then that hacking is injected into all flake8 invocations in that
environment.

This is currently causing issues in nodepool where we do not
actually use hacking but it's still spewing spurious messages to
the screen because it is incorrect finding our apache header to be
incorrect.

Just depend on flake8, since that's what dib-lint depends on.

Change-Id: I8d2b2076b604d596906a3b12a5518e2a56c0fe88
2020-03-12 16:20:37 -05:00
Zuul
61b72ca2c2 Merge "Add ensure-venv element, install glean with it" 2020-03-10 05:08:54 +00:00
Zuul
08e9ffba0c Merge "Remove Fedora 29 job" 2020-03-10 02:50:37 +00:00
Zuul
991586c20a Merge "Uncap hacking" 2020-03-10 01:16:02 +00:00
Ian Wienand
82cfcfe551 Add ensure-venv element, install glean with it
All the platforms we care about now have python3 with venv (even
centos7 now) packaged somehow.  Add an ensure-venv element to make
sure that "python3 -m venv" works.  Any other elements that wish to
install non-distribution-packaged Python utilities can use this to
keep them separate from the main system installs.

Port glean to use this, and drop its dependency on pip-and-virtualenv.

Change-Id: Ic16f134fe34293bb68e7c632dd320f523366320d
2020-03-10 11:57:43 +11:00
Andreas Jaeger
9a6e111b8c Remove Fedora 29 job
Fedora 29 is EOL, remove the job.

Depends-On: https://review.opendev.org/#/c/711970
Change-Id: Ic3ad24a0268ac8421218b944d15f130a13ee9cdc
2020-03-09 20:20:28 +01:00
Zuul
18f46bde30 Merge "fix iscsi-boot element exiting build even if dracut-regenerate used" 2020-02-26 04:05:57 +00:00
Zuul
8deca122f9 Merge "Change tgt pkg-map to target-restore CentOS/RHEL-8" 2020-02-26 04:05:56 +00:00
Zuul
8ad2956911 Merge "Do not include efibootmgr and efivars for ppc architectures" 2020-02-26 04:02:42 +00:00
Bob Fournier
14a3776885 Do not include efibootmgr and efivars for ppc architectures
These don't exist and are not needed for ppc.

Change-Id: I9ba53e22583b148b43f74cd9b8ec79402796d09b
2020-02-25 13:27:13 -05:00
Chandan Kumar (raukadah)
31a32ff6ee Change tgt pkg-map to target-restore CentOS/RHEL-8
In ironic-agent tgt pkg-map, scsi-target-utils was used for
redhat family which is not used in CentOS/RHEL-8.

As per https://opendev.org/openstack/ironic-python-agent-builder/src/branch/master/dib/ironic-python-agent-ramdisk/pkg-map#L5
targetcli got removed and switch to target-restore. It syncs
the same element for RHEL-8 and adds the same for CentOS-8.

Closes-Bug: #1864427

Change-Id: I95a0c09a6739af23cd1e8c88dded198bd69cc53e
Signed-off-by: Chandan Kumar (raukadah) <chkumar@redhat.com>
2020-02-24 14:17:24 +05:30
Ian Wienand
28ebd24844 Uncap hacking
This causes problems for other projects incorporating dib; we don't
have a specific need for a cap.

Fix a few issues, mostly spacing or regex matches.  No functional
changes.

W503 and W504 relate to leaving artithmetic operators at the start or
end of lines, and are mutually exclusive and, due to "ignore"
overriding the defaults both get enabled.  It seems everyone gets this
wrong (https://gitlab.com/pycqa/flake8/issues/466).  Don't take a
position on this and ignore both.

Use double # around comments including YAML snippets using "# type: "
which now gets detected as PEP484/mypy type hints.

Change-Id: I8b7ce6dee02dcce31c82427a2441c931d136ef57
2020-02-24 10:34:46 +11:00
Carlos Goncalves
8226384cf0 Add CentOS 8 support
* Add "centos" element, a CentOS version-independent element. This is in
  line with the same work done for RHEL in Stein cycle.
* Deprecate the centos7 element. CentOS 7 support itself it not
  deprecated though. The new "centos" element provides the same support
  level as the "centos7" element.
* Add functional testing

The default CentOS version is 8. You can adjust it using the DIB_RELEASE
environment variable.

Change-Id: I373ba2296c4613765676e59aabd9c651345298d1
2020-02-19 10:44:56 +01:00
Zuul
9d08848f25 Merge "Fix cache-url -f" 2020-02-18 22:55:23 +00:00
Zuul
0ec74b948c Merge "Allow python3 to be used in Debian" 2020-02-17 18:18:07 +00:00
Noam Angel
48eac8b899 fix iscsi-boot element exiting build even if dracut-regenerate used
in CentOS build case building an image with "iscsi-boot" and "dracut-regenerate" will exit building because of statement "[ "$found" = 0 ]"

Change-Id: I1a6d60e9ec5f5cb508866c8376465c3e73551a30
2020-02-12 09:09:20 +00:00
Iury Gregory Melo Ferreira
6986441e2c Add efi packages for ironic-agent
On IPA we are using efivar and efibootmgr, we already added the
packages on ipa-builder.
Adding the pacakges on diskimage-builder, so that people who use
it to build the images won't get into trouble.

Change-Id: I9ab6588f20302b4808b09dc060aced5fd267a3d2
2020-02-11 17:26:59 +01:00
Riccardo Pittau
cf7d39e4cd Allow python3 to be used in Debian
Debian default Python interpreter version is 2.7, but it's
possible to install a Python 3 interpreter from the base
repository.
With this change, if we set DIB_PYTHON_VERSION to 3, we install
the python3 package from base, with python3-libs, python3-pip and
python3-setuptools, and redefine python_path, effectively allowing
Python 3 interpreter to be used in Debian.
See a result of the job for building the ipa image here:
https://review.opendev.org/705773

Change-Id: Idabfa94c2bff6e0de6daa0866084d5db14d7dcb0
2020-02-07 18:10:19 +01:00
Tobias Henkel
bad433fa92
Fix cache-url -f
When there is a hashsum mismatch diskimage-builder forces downloads
with the -f switch of cache-url. This is currently broken because bash
escapes the quotes in curl_opts. This tricks curl trying to download
'no-cache' instead of the url. This can be fixed by using an array for
curl_opts which does the correct thing here.

Change-Id: Id9f1579dda9a3e0a2b08dd5faaeef0e2e580d419
2020-02-05 10:19:12 +01:00
Zuul
500e60dbf4 Merge "Enable possibility to select HWE kernel for Ubuntu minimal" 2020-02-04 09:00:47 +00:00
Zuul
0668cd37fe Merge "Add ironic jobs to the CI" 2020-02-04 06:23:52 +00:00
Dmitry Tantsur
3b27ae1578 Add ironic jobs to the CI
Ironic is now using diskimage-builder for producing and publishing
official production-ready IPA ramdisks. These jobs test ironic
against changes in diskimage-builder to ensure they still work:
* Two check-image jobs merely build an IPA image with DIB:
  * The CentOS 8 job is our primary now and should eventually
    become voting.
  * The CentOS 7 one is used on stable/train and will be removed
    once DIB stops supporting this version.
* The two other jobs build and use the IPA image to deploy a node
  in two different ways (pushed via iSCSI and pulled via HTTP).
  Since they're likely to be affected by factors outside of DIB
  control, they're added non-voting.

Depends-On: https://review.opendev.org/703585
Change-Id: Ibce594657bb90db1bac63fa9f965ee88586f8246
2020-01-21 12:48:32 +01:00
Antoine Musso
168127b60a dib-lint: test elements have README.rst file
Add a basic test to ensure that all elements have a README.rst file.
This way they will be exhaustively listed in the Sphinx documentation.

Add dummy README.rst for 'disable-selinux' and 'rpm-distro' elements.

Change-Id: Ia5252ddd89b5ae5c6e9a12a66ef10f912fd54da5
2020-01-20 11:43:43 +01:00
Fatih Degirmenci
e2af38e3a5 Enable possibility to select HWE kernel for Ubuntu minimal
Change-Id: I206a77590f575e472e31b4f867fd5fd35475542d
2020-01-17 10:47:37 +00:00
Andreas Jaeger
71ef0a8b3c Remove trusty jobs
OpenDev is removing trusty from the infrastructure, remove the jobs
using ubuntu-trusty.

Depends-On: https://review.opendev.org/702817
Change-Id: I0d328f4d1125be7e3801a9dd2c9374086024b903
2020-01-17 09:23:05 +01:00
Carlos Goncalves
ae2be0b464 Fix Yum repositories and GPG keys for CentOS 8.1
CentOS 8.1 split repositories and GPG keys out into subpackages. This
broke DIB support for CentOS 8.

7e41cef418
26a0d73ced

Change-Id: If3de6efa6074e059dc9fdd47c7bdc19d26d4d7f2
2020-01-15 19:39:00 +01:00
Matthew Thode
87e7f7b869
allow building of Gentoo images for non-systemd profiles
Change-Id: I61e3ba391eaaf9b300f88b082c03116388401ba3
2019-12-20 17:51:55 -06:00
Mohammed Naser
6f1b51627f modprobe.d: use $TMP_MOUNT_PATH
The hook inside extra-data.d runs outside the chroot when
building the image which means that we need to prefix paths
inside the hook to avoid running things on the host.

We also run it with sudo because if we're running DIB not
as root, /etc is uid 0 and we'll get a permission denied.

Change-Id: I1838890fe124c84c879285a471bcc78fe47d6c23
2019-12-18 11:42:02 -05:00
Zuul
71e1bcbdb8 Merge "Install rng-tools in Red Hat family distro images" 2019-12-17 06:25:32 +00:00
Zuul
f6d32a684f Merge "Add arm64 based functional test" 2019-12-16 21:31:51 +00:00
Ian Wienand
082397a86a Add arm64 based functional test
An initial functional test for bionic/arm64 builds, put it in the new
arm64 check queue.

Change-Id: I5f8a047f41c6555da7211b758c55f7a87b3aa5d1
2019-12-16 10:51:01 +11:00
Zuul
db9501cab2 Merge "Fix wrong URL in ironic-agent element" 2019-12-15 23:43:33 +00:00
Carlos Goncalves
3ff7365ee8 Install rng-tools in Red Hat family distro images
Make sure rngd, a hardware RNG entropy gatherer daemon, is installed on
all DIB-built Red Hat family distro images. rngd comes installed by
default in a typical base installation as it's proven to help speed
things up.

Nova attaches the virtio-rng-pci device to VMs. virtio-rng-pci is a
device that provides feed random data. However, it is of little to no
use if the virtual machine is not configured to make use of given
device. That is where rngd can help by facilitating entropy to the pool
from virtio-rng-pci.

$ openstack image set --property hw_rng_model=virtio [...]
$ openstack flavor set --property hw_rng:allowed=True [...]

DIB-built minimal images do not come with rngd installed. This patch
makes sure the daemon is installed. Its systemd service comes already
enabled.

Change-Id: I34a989dbfc57d4c98113ac25c81dfb500945ff0a
2019-12-12 20:26:06 +00:00
Carlos Goncalves
45d9917c00 Update bindep for RHEL/CentOS 8
Install policycoreutils-python in RHEL/CentOS 7.
Install policycoreutils-python-utils in Fedora and RHEL/CentOS 8.

This patch also drops python3-setuptools from bindep as Fedora 28 is
EOL and RPM dependency is fixed in >= Fedora 29.

Change-Id: I0ecd29e0f113005d7e993add84d2c4fb90fd16e3
2019-12-12 18:28:56 +01:00
Zuul
74dff74907 Merge "Set correct python version for non-chroot scripts" 2019-12-12 16:48:17 +00:00
Madhuri Kumari
46491eb1b5 Fix wrong URL in ironic-agent element
Change-Id: Iaa107094b1409f93b101b23cea2e874c60ea26f5
2019-12-12 16:39:48 +05:30
Michael Johnson
9c7b8d1714 Set correct python version for non-chroot scripts
Some phases of diskimage-builder run outside the chroot environment,
such as the extra-data.d scripts, and don't have access to dib-python.
This means these scripts may choose the wrong python version by using
"#!/usr/bin/env python" to execute. The svc-map element is an example.

This patch creates a temporary directory and symbolic link for the
correct version of python, then manipulates the environment PATH
to preference the symbolic link "python" command.
This will allow elements with these scripts to work correctly with
the version of python diskimage-builder is running under.

Change-Id: I289d621e1bfbba0eb174dff977d1a5c92c04e4fa
Co-Authored-By: Ian Wienand <iwienand@redhat.com>
2019-12-11 22:52:28 +00:00
Ian Wienand
801fa77a16 Work around Trusty ext4 metadata_csum errors on Bionic
As described inline, Bionic hosts will build invalid Trusty images.
Hack around this by disabling metadata_csum in the ext4 mkfs.

Change-Id: Ibd67d58ca830a9e60605d0700ee2b17906c804e6
2019-12-11 16:02:13 +11:00
Ian Wienand
4ca306cc0e Drop Xenial from functional test
Devstack dropped Xenial support with
Iefcca99904dde76b34efbbfc0e04515dfa5a09e5.

I have ported the required debootstrap in the openstackci PPA to
Bionic, so these builds should work there now.

Unfortunatley, there's no current solution for Suse builds as there is
no zypper for the minimal builds on bionic.  These will either have to
fix that, or figure out how to pin devstack to Train branch for the
jobs.  Since it causes retries in the gate as non-voting, put it in
experimental for now until we figure something out.

Trusty also fails due to issues with ext4 versions using bionic hosts.
This is fixed in a follow-on
Ibd67d58ca830a9e60605d0700ee2b17906c804e6; the job is disabled for now.

Change-Id: I71823236731583e28fddcceb71f44d09b58664a4
2019-12-11 16:01:52 +11:00
Zuul
361a751d36 Merge "Allow zypper repos to be overrideable" 2019-12-04 06:14:55 +00:00
Zuul
68b41854b2 Merge "Install ndisc6 package in element script" 2019-12-03 22:41:09 +00:00
Zuul
9b00377f31 Merge "Fix regex for mirror URL substitution" 2019-12-03 21:56:19 +00:00
Zuul
0b1eba25d5 Merge "Break retry loop on success in dhcp-all-interfaces" 2019-12-03 21:56:18 +00:00
Zuul
e3a904d4a6 Merge "Fix login.defs config for tumbleweed" 2019-12-03 21:56:16 +00:00
Carlos Goncalves
670df3326d Fix regex for mirror URL substitution
The base URL of EPEL repository installed by the epel-release package in
CentOS 8 at least now defaults to https.

The error seen when building an CentOS 8 image was:
"Error: Cannot find a valid baseurl for repo: epel"

This patch fixes it so that it will always match regardless of being
http or https.

Change-Id: I9ec5536ee72047c929a1ef6950ff4e9092842a4c
2019-12-03 19:13:18 +01:00
Harald Jensås
7948fee7e2 Install ndisc6 package in element script
The ndisc6 package is not yet available in EPEL 8.
See: https://bugzilla.redhat.com/show_bug.cgi?id=1779134

Until the package is available set the pkg-map to "" for
the ndisc6 package when distro is redhat and install the
package using || true in the element script instead so
that CentOS 8 build's do not fail because of the missing
package.

Once the package is in EPEL 8 this change can be reverted.

Related-Bug: #1754219
Change-Id: Icd4bad8852ce5ba40fb0e7b0d335191efbe88c67
2019-12-03 14:57:33 +01:00
Michele Baldessari
f9dcbd30cc Make sure DIB_DEBUG_TRACE has a default value
After the introduction of 'Add output for mis-configured element
scripts' we started seeing CI failures in tripleo where
instack-undercloud is being used (rocky/queens):

  /usr/lib/python2.7/site-packages/diskimage_builder/lib/dib-run-parts: line 108: DIB_DEBUG_TRACE: unbound variable
  INFO: 2019-12-02 16:24:33,423 -- ############### End stdout/stderr logging ###############
  ERROR: 2019-12-02 16:24:33,423 -- Hook FAILED.

Let's make sure that by default the env variable is set
to 0.

Change-Id: I38c76c0edee436f1e7dd0c9a868cea1e6ee3271d
Closes-Bug: #1854904
2019-12-03 08:26:12 +01:00