Commit graph

1938 commits

Author SHA1 Message Date
Jenkins
24628b135b Merge "Move Ubuntu specific use_tempaddr setting to ubuntu-common element" 2017-02-07 23:25:38 +00:00
Andreas Florath
23ac49bf83 Move Ubuntu specific use_tempaddr setting to ubuntu-common element
By default (during boot) the use_tempaddr is set to <=0 for all
up-to date kernels.  Only Ubuntu installes a sysctl setting which
sets the use_tempaddr to 2 (/etc/sysctl.d/10-ipv6-privacy.conf) [1].
The 80-disable-rfc3041 overwrites this setting and sets
use_tempaddr back to 0.

Because this only affects Ubuntu it makes sense to move the script
to the ubuntu-common element. The other motivation for the move is,
to clear the base element that it can be removed.

[1] https://bugs.launchpad.net/ubuntu/+source/procps/+bug/1068756

Change-Id: Ibf261818ca8243874fde9eb3650bb65188fa228d
Signed-off-by: Andreas Florath <andreas@florath.net>
2017-02-07 20:41:13 +00:00
Jenkins
740c0a85df Merge "Move generation of dib_[environment|args] to manifest element" 2017-02-07 20:23:06 +00:00
Jenkins
15969b9c21 Merge "Preinstall pyOpenSSL" 2017-02-07 08:53:23 +00:00
Jenkins
0713387588 Merge "Turn down some low-value tracing output" 2017-02-07 08:20:02 +00:00
Jenkins
cac1471cc8 Merge "yum/install-packages output cleanup" 2017-02-07 06:34:26 +00:00
Jenkins
ab478545b1 Merge "Target map-packages deprecation message" 2017-02-07 06:24:41 +00:00
Jenkins
6372de09fe Merge "Use strings in package-installs follow output" 2017-02-07 05:50:40 +00:00
Nam Nguyen Hoai
e3b67a3d45 Fix typo in README.rst
There is a wrong word, it should be updated.

Change-Id: Iff70cc9154ef3b3121207df627e83271fd3159a9
2017-02-07 13:58:24 +07:00
Ian Wienand
cc177cc215 yum/install-packages output cleanup
Rather than echo the package list separately, turn on tracing around
the yum/dnf call so that we get more complete output.  No loss of
info, as this effecitvely shows the packgae list; plus it has the
bonus that it makes more sense in the logs, because otherwise you get
all the yum/dnf output without knowing what the call was.

Change-Id: I44df6e944af602e6b03f669c15a521056de1ad79
2017-02-07 15:49:47 +11:00
Ian Wienand
124cec0bba Preinstall pyOpenSSL
With the warnings added in Ibfe69dc84246662ed8caa0d4c3e2edf68314c87e
we can see that this element is relying on map-packages to translate
the debian package name python-pyopenssl -> pyOpenSSL.

This makes no sense because this is not a generic element; it should
just use the fedora/redhat names directly.

Change-Id: Id6ecb6f978b60d6a527692692a408d1d35828de2
2017-02-07 15:47:37 +11:00
Ian Wienand
5bd8158862 Target map-packages deprecation message
Currently every run of install-packages puts out a warning that
map-packages is obsolete.  This happens even if map-package does no
mapping.  The caller can't prevent the call (it's part of
install-packages) and it gives no actionable help if there is
something wrong.

Keep track of any mappings we are doing in the obsolete map-packages
run and only output a warning if we actually translate anything.  If
we do output, tell the caller what packages were translated so they
can make appropriate pkg-map entries.

Change-Id: Ibfe69dc84246662ed8caa0d4c3e2edf68314c87e
2017-02-07 15:44:51 +11:00
Ian Wienand
3c6972a5c0 Turn down some low-value tracing output
There are a couple of loops identified here that output a lot of
tracing each iteration for little value.  Make them only trace at
higher levels (-x -x and above).

Points of actual interest within the loops are replaced with an
explicit "echo" statement.

Additionally, export DIB_DEBUG_TRACE explicitly and in all cases, not
just when tracing is turned on.

Change-Id: Id710c0b111fc1f5e1ae87fc35f6db28b24867bad
2017-02-07 15:26:11 +11:00
Andreas Florath
870374c8da Move generation of dib_[environment|args] to manifest element
dib_[environment|args] manifest files are currently generated by the
base element and then moved by the manifest element.

This creates too many corner cases -- if you don't include the base
element (we are trying to empty it ATM) you don't get the env/args
saved at all; if you include base but don't include the manifest
element they're saved to /etc, but if you do have the manifest element
they're moved to the manifest dir.

Move generation of these into the manifest element directly and update
the documentation to reflect this.  In practice this doesn't change
things, because the "manifests" element gets pulled in via deps for
most builds.

Change-Id: I3f23037058137d166b29f0b70fd1a02c22c07fc8
Signed-off-by: Andreas Florath <andreas@florath.net>
2017-02-07 11:33:16 +11:00
Jenkins
111cb51055 Merge "Unify tidy up logs in lib/img-functions" 2017-02-03 00:29:48 +00:00
Jenkins
47e1ab5c9e Merge "Create ubuntu/fedora test for pip-and-virtualenv" 2017-01-31 17:45:14 +00:00
Jenkins
f054e5f24a Merge "debootstrap: avoid duplicate network configuration" 2017-01-31 17:39:28 +00:00
Jenkins
cb7173609d Merge "Remove hardcoded components" 2017-01-31 00:10:38 +00:00
Jenkins
7421f61366 Merge "move post-install.d to finalize.d" 2017-01-27 16:40:15 +00:00
Jenkins
7f218fe10e Merge "Use %i instead of %I in dhcp-interface@.service" 2017-01-26 23:02:15 +00:00
Jenkins
7b8b673d15 Merge "Update hpssacli to ssacli in proliant-tools element" 2017-01-25 07:48:35 +00:00
Jenkins
29ac096e49 Merge "Bump fedora release to 25" 2017-01-24 16:36:19 +00:00
Jenkins
1a94a72965 Merge "Set grub device in /etc/default/grub" 2017-01-24 06:16:21 +00:00
Jenkins
fbe5f5a11a Merge "ironic-agent: use /sbin for modprobe" 2017-01-23 23:19:55 +00:00
Andrey Shestakov
11d384e2fa Add DIB_IPA_COMPRESS_CMD option
This option allows to specifiy command for compress built initramfs image
for ironic-agent element. This command can be specified with arguments and
should read raw data from stdin and write compressed data to stdout.
Default if "gzip".

Change-Id: I0fdd2ab91d7bf7aaaa6cdd5278e3902d44c5b883
2017-01-23 13:28:32 +00:00
Ian Wienand
ca60b2cf7d ironic-agent: use /sbin for modprobe
On redhat/fedora /sbin is a symlink to /usr/sbin, but not on all
platforms.  This was put in with
Ibf74dd1b2678ea76e0676711a7aa5ba6b88d5421

Change-Id: I7847b29503c3c07503430a7d85a5364911894c6c
Closes-bug: #1658297
2017-01-23 14:35:25 +11:00
Matthew Thode
dc8449bf02
move post-install.d to finalize.d
It looks like I installed the cleanup file in the wrong location.  Moving it
to the correct location and cleaning some more stuff up should allow for a
much smaller image, currently tested at 300M vs 490M.

Change-Id: I9d0a24b0fe59d4f2d38aa88ba47e4400e0476b46
2017-01-22 15:53:02 -06:00
Paul Belanger
90a347707c Bump fedora release to 25
Now that fedora-25 is released, bump fedora-minimal / fedora elements
to use it.

Change-Id: Ifdb05255e7a138b99099252fe17041fe4621b6f4
Depends-On: I3cc467a2d08486458b3f625f94ba969532f6cd04
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2017-01-21 16:00:54 -05:00
Jenkins
75e5ab5393 Merge "Fix dhcp-all-interfaces for ubuntu-minimal xenial" 2017-01-19 21:11:40 +00:00
Jenkins
074a10fd74 Merge "Allow disto-specific mirror settings" 2017-01-19 21:00:56 +00:00
Andrey Shestakov
a45ad8eaf5 Fix dhcp-all-interfaces for ubuntu-minimal xenial
The start script of dhcp-all-interfaces currently requires ifup command.
ifup command provided by package ifupdown, which is not installed in
ubuntu-minimal Xenial.

This change adds ifupdown package for debian family, as it required for
dhcp-all-interfaces.

Closes-bug: #1647853

Change-Id: I6dfc0108ec067f350b22e9fb933b9e8d47b09fde
2017-01-19 17:29:43 +00:00
Ian Wienand
fb942b752d Use strings in package-installs follow output
I noticed in debugging that with python3 all the pkg-installs output
is preceeded by a b'foo', which suggests coding issues lurking.

The universal_newlines argument makes subprocess readline() returns a
decoded str (via locale) instead of a byte-string.  This clears up a
couple of points where we explicitly decode and cleans up the print
output.

Minor formatting cleanup of command and exit display.  Don't strip the
leading spaces so indents retain in the output

Change-Id: I2894f10a0c2fc618563641b9d106b716f4a544aa
2017-01-18 19:26:40 +11:00
Jenkins
f735864b78 Merge "Replace yaml.load() with yaml.safe_load()" 2017-01-18 04:08:12 +00:00
Ben Nemec
d20754f6ed Use %i instead of %I in dhcp-interface@.service
Per the bug report, %I results in -'s in the interface name being
replaced with /'s, which means when we try to look up the interface
by path in dhcp-all-interfaces.sh we end up at an invalid path.
Using %i instead should fix the problem.

See https://www.freedesktop.org/software/systemd/man/systemd.unit.html

Essentially what is happening is that we start with a name like
br-ex that wasn't escaped in the first place.  However, because of
the - it looks like it could have been escaped to systemd.  When
we use %I, which tries to unescape escaped values, it unescapes a
value that was already not escaped.

Change-Id: I434ed2e084d4477dc7a2b7827164586f8ea0c1e3
Closes-Bug: 1649409
2017-01-17 17:24:07 -06:00
Jenkins
359892aa4b Merge "update pkg-map entries for python3" 2017-01-17 02:33:00 +00:00
Jenkins
f3d0d6e8ec Merge "Remove yum chroot caching" 2017-01-17 01:10:41 +00:00
Paul Belanger
1f43432313 Remove hardcoded components
We can use ${DIB_DEBIAN_COMPONENTS} to get this information. We also
already set the mirror.

Change-Id: Idd11c2b7df1d247c6d32a5f936b8601b4741b519
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2017-01-16 18:03:00 -05:00
Jenkins
084937617f Merge "dib-lint: python3 compatibility fixes" 2017-01-16 19:36:32 +00:00
Ian Wienand
6c8d7432a6 Set grub device in /etc/default/grub
Currently we run grub-mkconfig then go and edit the generated output
in /boot/grub/grub.cfg to override the "root=" arguments to our label.

If another element like project-config's
finalise.d/99-fix-grub-timeout then goes and re-runs grub2-install, it
overwrites these changes.

Grub has GRUB_DEVICE which should override the root device.  Let's try
using this.  Maybe it wasn't around at the time, this code is
more-or-less unchanged from I7d83bb2b359e7a8c3858eca04c96e35cf4e1fe9e

Change-Id: Ibaaa81124098f3c6febe48e455d3e1cd0a5f1761
2017-01-16 09:53:56 +00:00
Luong Anh Tuan
ff8ae43265 Replace yaml.load() with yaml.safe_load()
Avoid dangerous file parsing and object serialization libraries.
yaml.load is the obvious function to use but it is dangerous[1]
Because yaml.load return Python object may be dangerous if you
receive a YAML document from an untrusted source such as the
Internet. The function yaml.safe_load limits this ability to
simple Python objects like integers or lists.

In addition, Bandit flags yaml.load() as security risk so replace
all occurrences with yaml.safe_load(). Thus I replace yaml.load()
with yaml.safe_load()

[1]https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html

Change-Id: I84640973fd9f45a69d2b21f6d594cd5bf10660a6
Closes-Bug: #1634265
2017-01-16 15:07:05 +07:00
Jenkins
50941b13bc Merge "Update documented default Ubuntu version" 2017-01-15 23:31:57 +00:00
Andreas Florath
022d93ee82 Unify tidy up logs in lib/img-functions
Cleaning logs was split, some was done in the
img-functions.finalise_base, some was done in the base element.
The version unifies tidy up logs in the lib/img-functions.
Especially when building docker container images the base element
cannot be used. This patch removes about some hundreds KB of
useless logs in cases when the base element is not used.

Change-Id: I165bafb73daf9144c2f3a83930e85e8d8cf5fae3
Signed-off-by: Andreas Florath <andreas@florath.net>
2017-01-14 09:40:44 +00:00
Jenkins
1f75aea634 Merge "Handle failure of carrier check in dhcp-all-interfaces.sh" 2017-01-13 20:11:20 +00:00
Jenkins
753ab9a019 Merge "Make DHCP timeout configurable" 2017-01-13 06:19:54 +00:00
Jenkins
14957664d4 Merge "Fix Gentoo builds on Ubuntu 16.04 Xenial hosts" 2017-01-12 23:07:27 +00:00
Jenkins
b8a985fc02 Merge "Run dhcp-interface@.service after network.target" 2017-01-12 15:47:03 +00:00
Bob Fournier
f8eba14d99 Handle failure of carrier check in dhcp-all-interfaces.sh
As described in the bug, there are conditions with certain switches
in which the interface is 'admin down'ed during initialization.
Doing a 'cat' on /sys/class/net/<interface>/carrier when it is
'admin down'ed produces an 'Invalid Argument' error and the script
terminates.  What this fix does is ignore failures of the 'cat'
operation (by '|| echo 0') and place the link up inside the retry
loop.

Change-Id: I4f098aa5078b8482681394a3e9a6b17ed4bd4451
Closes-Bug: 1654046
2017-01-12 10:36:43 -05:00
Matthew Thode
6c5234e162
Fix Gentoo builds on Ubuntu 16.04 Xenial hosts
Xenial's bind of /dev into the chroot includes /dev/shm which is in
use by the host.  An alternitive fix for this would be to use rbind
to recursivly bind mount /dev instead of just the base bind of /dev

Change-Id: I2c0f70afd1e82dd52a522f0dd2b3ea618b30b6c6
2017-01-10 10:34:12 -06:00
Ben Nemec
ccd00b10b2 Make DHCP timeout configurable
As noted in the bug, there may be circumstances where a longer
timeout than the current default is needed.  This patch allows users
to tune this timeout for their environment if need be.

Change-Id: I173f3dad684894fbc3c27dece5ae15b5f63bae5a
Closes-Bug: 1654027
2017-01-04 15:41:04 -06:00
Ben Nemec
5bed4a6d5e Run dhcp-interface@.service after network.target
When we configure dhcp interfaces before network.target has run,
network.target will try to bring up those interfaces a second time
after our service does so.  This causes two issues - first, the
network target will always fail because it can't bring up an
interface that is already up, and second, when configuring interfaces
that don't actually have an available DHCP server it will result in
a five minute delay waiting for DHCP on those interfaces.  This will
also cause the network target to fail and is an unnecessary delay.

By moving the dhcp-interface service to run after the network
target we avoid both of these problems.  network.target will still
bring up the interfaces on subsequent boots.  This could result in
the five minute delay happening on reboots, but the expected use
case for interfaces without DHCP is that they would be configured
statically on initial deployment so this should be a minor issue.

The dhcp-interface service is also configured to run before the
network-online target so that services which depend on the network
actually being available will not race the DHCP process.

A snippet from /var/log/messages on a node with this patch applied
is included in the bug to demonstrate the behavior described above.

Change-Id: I5cfabf20f920beea52abf4c42362b6f6ac0b37c4
Closes-Bug: 1653812
2017-01-04 10:49:59 -06:00