Commit graph

1946 commits

Author SHA1 Message Date
Ben Nemec
bf5af6155c Don't set the executable bit on dhcp-interface@.service
systemd doesn't like it when service files have the executable bit
so this causes it to spam the journal with messages like:

Configuration file /usr/lib/systemd/system/dhcp-interface@.service is
marked executable. Please remove executable permission bits.
Proceeding anyway.

Removing the executable bit from the install permissions should
eliminate those messages.

Change-Id: Ie1bc39465b3fcb55dcda5cee9e46a128a6ccffcb
2016-12-12 10:55:03 -06:00
Gregory Haynes
6278371eaa Make dib-python use the default python for distro
Right now dib-python works by trying to find any python on a system in
an order of precedence. A much better way is if we are explicit about
the python we intend to be there which will allow us to make better
decisions in other elements (such as allowing for package-installs to
take into account DIB_PYTHON_VERSION) as well as allow for users to
specify a preferred python version.

Co-Authored-By: Adam Harwell <flux.adam@gmail.com>
Change-Id: Ie609de51cc5fcde701296c9474e315981d9778a2
2016-12-09 09:25:37 -08:00
Gregory Haynes
cd1965f7b7 Allow disto-specific mirror settings
Most of our distros support DIB_DISTRIBUTION_MIRROR for setting the
mirror to be used when building. This has a major downside where if
someone would like to create a static configuration for building various
distro images it cannot set DIB_DISTRIBUTION_MIRROR (think of the case
where we want to run our tests).

By adding support for DIB_$DISTRO_DISTRIBUTION_MIRROR this problem is
resolved.

Change-Id: I92964b17ec3e47cf97e3a3091f054b2a205ac768
2016-12-08 16:02:15 -08:00
Aparna
cb3e1076e3 Update hpssacli to ssacli in proliant-tools element
This commit updates the CLI utility name hpssacli to
ssacli  as part of company name change from HP to HPE.
ssacli will work seamlessly for all the cases where
hpssacli is used.

It also updates the custom URL location for ssacli
utility with new location.

Change-Id: I2de4d3430e7308d25e36dc6960783699aa17dfae
2016-12-07 15:56:41 +00:00
Michael Johnson
2e82d7f214 Update sysctl-write-value to do conflict checking
Adds conflict checking to the sysctl-write-value script
to detect settings from multiple elements conflicting.

Change-Id: If312d199388036d6f4103e94dca99249cb3bcbaf
2016-12-06 22:58:20 +00:00
Jenkins
b25044fe11 Merge "elements: Drop executable bits from environment files" 2016-12-06 03:18:33 +00:00
Jenkins
e19a3d823a Merge "add option to configure cloud-init to allow password authentication" 2016-12-05 06:54:50 +00:00
Jenkins
753ac91ec8 Merge "Replace six.iteritems() with .items()" 2016-12-02 16:38:22 +00:00
Markos Chandras
e22faa0f77 elements: Drop executable bits from environment files
Files in $element/environment.d are meant to be sourced, so drop
the executable bit. Moreover, drop the executable bit from a couple
of other scripts that are either meant to be sourced or simply because
they are configuration files.

Change-Id: I7f724dd9d409f4a835a136f12f48a84aa9acc41e
2016-12-01 23:06:56 +00:00
Jenkins
ef1effd202 Merge "elements: Drop unneeded DIB_INIT_SYSTEM usage" 2016-12-01 19:44:47 +00:00
Jenkins
f7e095e880 Merge "elements: pip-and-virtualenv: Add python-xml dependency" 2016-12-01 07:34:55 +00:00
Jenkins
ff688c67c5 Merge "elements: zypper-minimal: Add ca-certificates-mozilla package" 2016-12-01 05:28:32 +00:00
Jenkins
c867c8cdb5 Merge "Trace package install in package-installs-v2" 2016-12-01 01:52:03 +00:00
Anshul Jain
34bdc7df90 DIB element to support cinder local attach/detach functionality
This element adds python-brick-cinderclient-ext to the make customized image
to support cinder local attach/detach functionality. Currently it has the
dependency on known bug<https://launchpad.net/bugs/1623549>, which would be
resolved with next release of python-brick-cinderclient-ext.

Change-Id: Idfe83bafa2843c781c18b83f1a3aece3ae852f78
2016-11-30 08:46:13 +00:00
Jenkins
fffe15e763 Merge "Perform package install outside of debootstrap" 2016-11-30 05:32:09 +00:00
Jenkins
3e68c5aaa5 Merge "Fix a typo" 2016-11-30 04:20:56 +00:00
Gregory Haynes
45df304d48 Perform package install outside of debootstrap
Debootstrap only supports one apt repository to install packages from.
As a result, we do not consider the updates repo during debootstrap
causing us install a second kernel when we do an apt-get dist-upgrade
during build.

Lets use debootstrap to get us a minimal chroot, then add our repos and
install the correct packages from the start.

We also have to reorder the dpkg root.d scripts which configure apt so
they run before we perform our package installs.

Change-Id: I6a592db6f0a01d3b19d8e0786e63f1315a1ef647
Closes-Bug: #1637516
2016-11-30 15:16:46 +11:00
Markos Chandras
35e878b6d9 elements: zypper-minimal: Add ca-certificates-mozilla package
It's important to have the CA certificates on the target for ssl
crypto apps to work. Plus it's also important during bootstrapping
with diskimage-builder as tools like 'pip' etc need the certificates
in place in order to work properly. This fixes opensuse-minimal
image generation with the 'simple-init' element which was causing the
following error:

Download error on https://pypi.python.org/simple/: [SSL:
CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)

Change-Id: Ie94cd3556f8ae523f60ce0155ba18ed752e6fbb6
2016-11-29 16:14:53 +00:00
Jenkins
7644681815 Merge "elements: Add new openssh-server element" 2016-11-28 17:09:15 +00:00
Jenkins
0a453febc6 Merge "Fedora AArch64 (64-bit ARM) support in diskimage-builder" 2016-11-25 12:09:21 +00:00
Jenkins
73a9591632 Merge "yum-minimal: add systemd to initial install" 2016-11-25 11:19:09 +00:00
Ian Wienand
08d6a9f93d yum-minimal: add systemd to initial install
It seems in the grub cleanup in
Iafe3611f4eec3c6357587a6cae6a30a261686ead I managed to unintentionally
drop systemd from the yum-minimal builds.  By not pre-installing grub
we dropped some dependencies; the path is tortured ... grub2 ->
os-prober -> udev -> systemd-udev -> systemd (we don't even want
os-prober!  So this whole thing was working by accident).

This manifests in *very* confusing ways.

Currently centos-minimal builds are failing late in the build with
services unable to enabled.  dib-init-system was actually trying to
tell us that it didn't know what init was installed (because systemd
wasn't actually installed), but unfortunately it was not really
failing.  This meant the service files were not copied correctly from
other elements, and thus fail to be enabled.  I have corrected this
with I076c08190d40c315ad6a6d96a3823e9fc52630be which would at least
alert us earlier.

For Fedora 24, due to a bug in dracut dependencies [1], missing the
systemd-udev package fails the build of the initrd during the kernel
install.  This then results in an initrd-less, unbootable system (see
also Ibaaa81124098f3c6febe48e455d3e1cd0a5f1761).

Add these dependencies explicitly.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1398505

Change-Id: I24ce648485c3d6f3c27ab8f87a638516b3727017
2016-11-25 21:09:11 +11:00
Ian Wienand
ff79dc9793 Catch errors in DIB_INIT_SYSTEM export
When you source a file that just does

 export FOO=$(bar)

you miss any invalid return codes from "bar" (even under -e) because
bash returns the value of the "export", which is 0

On centos-minimal, we stopped bringing in systemd early and this was
causing dib-init-system to not know what init was available.  Since it
did not fail correctly, it lead to confusing errors much later in the
build when service files were not copied correctly.  See also
I24ce648485c3d6f3c27ab8f87a638516b3727017

A dib-lint check is added.  One minor fixup is in 00-set-apt-sources
(this one is less likely to cause problems).  I have run dib-lint over
project-config elements and none use this pattern.

Change-Id: I076c08190d40c315ad6a6d96a3823e9fc52630be
2016-11-23 23:03:50 +00:00
Luong Anh Tuan
29d50bc69b Replace six.iteritems() with .items()
We should avoid using six.iteritems/keys achieve iterators. We can use
dict.items/keys instead, as it will return iterators in PY3 as well.
And dict.items/keys will more readable.

In py2, the performance about list should be negligible, see
https://wiki.openstack.org/wiki/Python3 and
http://lists.openstack.org/pipermail/openstack-dev/2015-June/066391.html

Change-Id: I6353f0a1b423c6dbd0c71343f7919fd0de440e34
2016-11-23 12:03:05 +00:00
Ian Wienand
bc6be85424 Trace package install in package-installs-v2
When running the package install, trace the output so we can see what
packages were installed.

Change-Id: I5442f544ff0ef3ddffdbe6b898d178548d699a41
2016-11-23 19:58:45 +11:00
Ian Wienand
f15550f9fe Special case dib-python in dib-lint
It seems that on Xenial, it does not take much to confuse "file" and
it's mime guessing such that it thinks some files are not python.

"package-installs-v2" is a good example, since it has an interpreter
"dib-python" that "file" doesn't know about, and no extension.  While
looking at this, I've added emacs vars here so it opens in python
mode.

Change-Id: I01994b08c5ad8987925f1eec4062f5b6ee72eb8f
2016-11-23 19:58:43 +11:00
Markos Chandras
e4868d9ad6 elements: Drop unneeded DIB_INIT_SYSTEM usage
DIB_INIT_SYSTEM is exported by the dib-init-system element and contains
the output of the dib-init-system script so there is no need to
re-initialize it during various phases.

Change-Id: I09d6d10742689efe3d8eb9d64b539d6599b46227
2016-11-22 10:47:43 +00:00
Markos Chandras
bbcc22751f elements: Add new openssh-server element
Add new 'openssh-server' element to ensure that openssh server
is installed and enabled during boot. This is mostly useful for
*-minimal images which do not come with openssh installed and/or
enabled in order to keep a small dependency footprint.

Change-Id: Ide15ee04f5de123dbc8ce4bb56d638d8a167c341
2016-11-22 10:07:14 +00:00
Noam Angel
55b6101e1b add option to configure cloud-init to allow password authentication
This patch will configure cloud-init to allow password authentication.
This is usefull in case you use "devuser" element and want to ssh guest
image.

Change-Id: I00e38aa2753f26b4cdd34d0fd85fc8e0de78171f
2016-11-22 09:33:58 +00:00
Markos Chandras
d84df60345 elements: pip-and-virtualenv: Add python-xml dependency
SUSE packages the 'xml' python module as a separate package so make
sure it's pulled in before we attempt to install the pip module
since the latter depends on it. Fixes the following problem when
building with the opensuse-minimal and pip-and-virtualenv elements:

Traceback (most recent call last):
  File "/tmp/get-pip.py", line 19177, in <module>
    main()
  File "/tmp/get-pip.py", line 194, in main
    bootstrap(tmpdir=tmpdir)
  File "/tmp/get-pip.py", line 82, in bootstrap
    import pip
  File "/tmp/tmpOiESjX/pip.zip/pip/__init__.py", line 16, in <module>
  File "/tmp/tmpOiESjX/pip.zip/pip/vcs/subversion.py", line 9, in <module>
  File "/tmp/tmpOiESjX/pip.zip/pip/index.py", line 32, in <module>
  File "/tmp/tmpOiESjX/pip.zip/pip/_vendor/html5lib/__init__.py", line 16, in <module>
  File "/tmp/tmpOiESjX/pip.zip/pip/_vendor/html5lib/html5parser.py", line 6, in <module>
  File "/tmp/tmpOiESjX/pip.zip/pip/_vendor/html5lib/inputstream.py", line 10, in <module>
  File "/tmp/tmpOiESjX/pip.zip/pip/_vendor/html5lib/utils.py", line 10, in <module>
ImportError: No module named xml.etree.ElementTree

Change-Id: I1bec12dfcde05fb07f41bcec994148c3eacbb287
2016-11-21 15:54:18 +00:00
Clark Boylan
c5ec1348c3 Fix runtime ssh host keys script
The script is set -e and set -o pipefail, unfortauntely this intersects
with `yes n`'s non zero exit code behavior when it receives an interrupt
like sigpipe. As a result stop setting pipefail so that we treat those
errors as "normal" and only fail if ssh-keygen fails.

Change-Id: I5447df97c9888cae3007e235e2fea44df61af28e
2016-11-19 18:02:33 -05:00
gecong1973
f9244a8fce Fix a typo
TrivialFix

Change-Id: Iebe82e616eed2d9b9a99a9714230d480adbd055b
2016-11-18 10:48:05 +08:00
Jenkins
eeb9e0e4a6 Merge "Disable all repos in os-refresh-config too" 2016-11-18 00:23:04 +00:00
Jenkins
0fbf131550 Merge "Cleanup yumdownloader repos" 2016-11-18 00:23:00 +00:00
Jenkins
27bd4741bf Merge "debian: install dialog package" 2016-11-18 00:21:23 +00:00
Jenkins
f5d23c975a Merge "Change path for dnf arch override so basearch is not overwritten." 2016-11-18 00:20:50 +00:00
Jenkins
0ea4ea5bed Merge "Don't use ssh-keygen -A for init scripts" 2016-11-17 19:54:25 +00:00
d.marlin
8d7362aa9b Change path for dnf arch override so basearch is not overwritten.
After writing the basearch value to /etc/dnf/vars/basearch the
arch value was overwriting the same file.  This appears to be
incorrect, so changing it to write /etc/dnf/vars/arch, which
matches the subsequent 'yum' code paths.

Change-Id: I5da54f03224c11f9e286f16b68533936c4174c2a
2016-11-17 03:36:54 -05:00
d.marlin
9b4d2a22e4 Fedora AArch64 (64-bit ARM) support in diskimage-builder
Add some checks for AArch64 to avoid the "Unknown architecture" or
"architecture not supported" messages, and allow builds to complete.

Change-Id: I89ba609abaeeb7019eb317cf13473929b2065230
2016-11-16 21:47:26 -05:00
Ben Nemec
fb8cf95b6f Disable all repos in os-refresh-config too
This change was made for pre-install so it applies during the
image build, but wasn't applied to the os-refresh-config script
that would run after deployment.  The same problems apply there,
so we should do the same thing.

Change-Id: I4b8534cc9586eeb588b5c358550e76e27d40556a
Closes-Bug: 1629922
2016-11-16 16:27:24 -06:00
Jenkins
be1e563524 Merge "simplify ARCH param for rhel/centos param can be x86_64 and amd64" 2016-11-15 00:44:00 +00:00
Noam Angel
e88d6b37df add support for SUSE in dhcp-all-interfaces
This patch will add support for SUSE network scripts,
network script in SUSE saved under "/etc/sysconfig/network/ifcfg-*"
see: https://www.suse.com/documentation/sled11/book_sle_admin/data/sec_basicnet_manconf.html

Change-Id: I87ac2e327cee4945c15da9f2e4adc0a8b7650712
2016-11-15 10:20:09 +11:00
Noam Angel
d07d7ed15d simplify ARCH param for rhel/centos param can be x86_64 and amd64
for fedora/rhel/centos the main supported ARCH is x86_64. This patch allow
to call diskimage-builder with the above distro's with param ARCH=x86_64,
And also retain same behaiver when call with ARCH=amd64 as it translate
anyway to x86_64. Doing so wil simplify user expirience.

Change-Id: I229e0912434109b1b48a030bd35ad8dc1096a629
2016-11-15 10:18:14 +11:00
Jenkins
80976d9d44 Merge "Add element for setting sysctl values" 2016-11-14 17:19:04 +00:00
Saverio Proto
5d9d3d5cf0 debian: install dialog package
Without the dialog package is not possible
to properly use an interactive frontend.

debconf will print the following errors:

debconf: unable to initialize frontend: Dialog
debconf: (No usable dialog-like program is installed,
so the dialog based frontend cannot be used. at
/usr/share/perl5/Debconf/FrontEnd/Dialog.pm line 76, <> line 1.)

Change-Id: I0c7142f717cacf7437dbac1e1696f39b00cb4c49
2016-11-14 15:37:39 +01:00
Jenkins
77e14e9313 Merge "elements: runtime-ssh-host-keys: Add openssh-client mapping for SUSE" 2016-11-14 10:01:11 +00:00
Jenkins
a0a19cbbfa Merge "elements: opensuse-minimal: Add support for building Tumbleweed images" 2016-11-14 10:01:05 +00:00
Jenkins
6224824bde Merge "Fix ironic-python-agent image not loading vfat mod" 2016-11-14 09:41:35 +00:00
Jenkins
cc8ab5f4b6 Merge "Avoid disabling rhel-7-server-rh-common-rpms" 2016-11-14 09:32:28 +00:00
Jenkins
5c546ed565 Merge "Install lsb package by map name instead of package name" 2016-11-14 07:13:52 +00:00
Jenkins
3bfff8f905 Merge "elements: zypper-minimal: Mount common pseudo filesystems" 2016-11-14 07:08:23 +00:00
Jenkins
aec2128b38 Merge "elements: zypper-minimal: Refresh repositories after adding the cache" 2016-11-14 07:01:13 +00:00
Ben Nemec
79c27199f2 Install lsb package by map name instead of package name
We have a pkg-map entry for lsb_release, but in package-installs.yaml
we refer to the actual package name instead.  This will happen to
work on Red Hat platforms, but it's actually wrong.

Change-Id: Idb248f96e75fa1090422fa08e5fbb2385cc1f517
2016-11-11 14:30:21 -06:00
Ian Wienand
7e60540c0d Cleanup yumdownloader repos
yumdownloader has to have all the repo XML files, etc, which adds up
to a not totally insignificant 150MiB or so.  Currently we're leaking
this directory for every build, which adds up on regualar builders
like nodepool.

Isolate the call with a separate TMPDIR so we can clean it up after
the initial download.

Change-Id: Ic65e8ca837cc76b7a1bb9f83027b4a5bdd270f75
2016-11-10 17:02:53 +11:00
Jenkins
587d14feed Merge "dhcp-all-interfaces: support Centos/RHEL 6" 2016-11-08 11:21:51 +00:00
Luca Lorenzetto
c7219a5a60 Avoid disabling rhel-7-server-rh-common-rpms
while using disk-image-builder for building overcloud images for TripleO
using RDO, this repository is (in my opinion) wrongly disabled because
contains certain dependencies needed by RDO packages.
Example: python-cheetah is required for python-nova, but is not
available through RDO repository but only from
rhel-7-server-rh-common-rpms

Closes-Bug: #1638938
Change-Id: I76824c8ec02590397f1ff1d4f177ad061c7bf441
Signed-off-by: Luca Lorenzetto <lorenzetto.luca@gmail.com>
2016-11-03 15:15:42 +01:00
Markos Chandras
435f52a7d1 elements: zypper-minimal: Mount common pseudo filesystems
Mount all the usual /dev /sys /proc pseudo filesystems during the
root.d phase in order to make sure they are available for the rpm
post-installation phases.

Change-Id: I28221debf1036d9eb5137161757eb30811eafab1
2016-11-02 22:08:35 +00:00
Jenkins
85e97a18bf Merge "Make xenial the ubuntu default" 2016-11-02 16:05:10 +00:00
Derek Higgins
d5225055ef dhcp-all-interfaces: support Centos/RHEL 6
On Centos and RHEL 6 the init system is upsart but but networking is using
sysv compatabiliy and a code path the handle this situation.

We can't use DISTRO_NAME because the centos-minimal element sets it to
centos for CentOS 7 but the centos element sets it to centos for CentOS 6.

Change-Id: Ib8e33ed78b3d6a5737eb7449bccef2d33f72b131
Closes-Bug: #1638527
2016-11-02 11:13:58 +00:00
Jenkins
db4a88642e Merge "elements: simple-init: Remove SUSE interfaces" 2016-11-01 22:20:33 +00:00
Jenkins
1532053c5f Merge "Remove RedHat grub workaround install" 2016-11-01 12:49:43 +00:00
Jenkins
cc1b37e731 Merge "Don't set tracing in environment files" 2016-11-01 01:42:59 +00:00
Markos Chandras
290925bd5e elements: zypper-minimal: Refresh repositories after adding the cache
The refresh operation must happen after the cache has been added in
order to ensure that whatever is in the cache is still relevant to
the current build and we are not using stale packages.

Change-Id: Iafd718e9738f85b8c235806c027665730f44d89b
2016-10-31 23:34:39 +00:00
Markos Chandras
348a6b337a elements: opensuse-minimal: Add support for building Tumbleweed images
Add DIB_RELEASE=Tumbleweed option in order to build openSUSE Tumbleweed
images

Change-Id: I44cc04ef5a993c1a7f0078e4161888b52995f247
2016-10-31 23:33:16 +00:00
Bruno Cornec
2854f4063b Fix ironic-python-agent image not loading vfat mod
Closes-Bug: 1589450
Load the vfat driver as a Pre Exec action for systemd before starting
ironic-python-agent in order to allow reading of parameters.txt file
required for the ironic-python-agent to find its configuration.

Change-Id: Ibf74dd1b2678ea76e0676711a7aa5ba6b88d5421
2016-10-28 19:47:17 +02:00
Jenkins
8abc90b22d Merge "Turn down yum install-packages" 2016-10-28 01:26:26 +00:00
Jenkins
5d2e7bade5 Merge "elements: source-repositories: Add git package mapping for SUSE" 2016-10-25 05:33:36 +00:00
Jenkins
c00777e761 Merge "elements: growroot: Add SUSE package mappings" 2016-10-25 05:27:38 +00:00
Ian Wienand
e531980a14 Remove RedHat grub workaround install
AFAICT this is no longer necessary.  I've tested minimal and image
builds and they seem to work.

The original problem seems to be with installing the package in the
chroot, although it was never quite clear it ever affected the Red Hat
path.

This code is currently broken (see
I884cb1e78ad8c31d985f3fc94a58091b993edd7d).  This is proposed as an
alternative to I74eed074494134334d5e49042bb5214bd0dd7339.

Related-Bug: #1627000

Change-Id: Iafe3611f4eec3c6357587a6cae6a30a261686ead
2016-10-25 15:52:27 +11:00
Markos Chandras
7f1494a433 elements: zypper: Do not pull recommended packages
Recommended packages are usually useful but we normally don't need
them in order to have a working system. As a result, avoid pulling
them in when doing a regular package installation or a distribution
update. Extra packages can be pulled in using the usual '-p' parameter
or from within the elements that actually need them. The results of
this change are quite significant, resulting to gains from a few dozen
of MBs up to a few hundred depending on the selected elements.

Change-Id: I5838829c631990c7a1f3b67548accd9a603fe20c
2016-10-20 19:24:22 +01:00
Ian Wienand
a44b55ccaa Turn down yum install-packages
When debugging, this is very noisy for very little value.  If we need
to specifically debug this script we can turn up the level.

Change-Id: Ie15f16397c37e718aa919853697cbf2c5c08503c
2016-10-20 15:19:31 +11:00
Ian Wienand
9e392f56b0 Don't set tracing in environment files
Because environment files are sourced into the current environment,
they shouldn't be setting global settings like tracing else they
affect every preceeding import.  This is quite confusing when only
half your imports are traced in the logs, because it was either turned
on, or off, by a preceeding environment import.

There is a corresponding dib-run-parts change in
I29f7df1514aeb988222d1094e8269eddb485c2a0 that will greatly increase
debugability for environment files by deliberately logging what files
are sourced and consistently turning on tracing around their import.

This isn't strictly necessary (since dib-run-parts with the prior
change will just turn tracing off after import anyway) but it's a
decent cleanup for consistency.  A bare-minimum dib-lint check is
added.  Documentation is updated.

Change-Id: I10f68be0642835a04af7e5a2bc101502f61e5357
2016-10-20 13:58:00 +11:00
Markos Chandras
cfcbd4ffbe elements: source-repositories: Add git package mapping for SUSE
The 'git' command line tool is in the git-core SUSE package

Change-Id: Ib2c5dc5ab9bbde2520f43682c654a9c3270bac09
2016-10-19 17:53:01 +01:00
Markos Chandras
1fe1e3f606 elements: growroot: Add SUSE package mappings
Add growpart and e2fsprogs package mappings for SUSE.

Change-Id: I4544c3b5bd561f7483cd10f65e2d6366b52d57cd
2016-10-19 16:16:35 +01:00
Markos Chandras
3d44a08c53 elements: runtime-ssh-host-keys: Add openssh-client mapping for SUSE
The SUSE 'openssh' package contains the openssh client.

Change-Id: Ic1da63b6c62158b128d44ac48a0657d5d7c53f67
2016-10-18 23:26:01 +01:00
Paul Belanger
18a664dd32 Don't use ssh-keygen -A for init scripts
We are running into race conditions with glean, which ssh-keygen -A is
not handling properly.  So, create a new script to first check if the
file exists, then use 'yes' to disable overwriting of existing files.

Change-Id: Ie82e1e3f832fcc8f32c7e1335c5f0ee16d36f9a8
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2016-10-18 14:25:28 -04:00
Markos Chandras
89c708ce61 elements: simple-init: Remove SUSE interfaces
Make sure SUSE interfaces are removed as well.

Change-Id: If993dc606217f2ec243392ac2fa588ebae1cce86
2016-10-18 19:02:41 +01:00
Jenkins
85354e5cd8 Merge "Add opensuse-minimal element" 2016-10-18 16:27:03 +00:00
Jenkins
e0f7b6c6d6 Merge "Add zypper-minimal element" 2016-10-18 16:24:07 +00:00
Jenkins
96ce53fa16 Merge "Fix grub installation for RHEL" 2016-10-12 14:22:49 +00:00
Jenkins
066b448d7c Merge "start cloud-init-local in the boot runlevel" 2016-10-12 02:37:04 +00:00
Gregory Haynes
fdffa56ff2 Add element for setting sysctl values
Theres a pretty standard workflow for setting a sysctl value which will
be applied on image boot which was written by tripleo. Lets move this in
tree as other folks (like Octavia) would like to depend on it.

Change-Id: I3c266870d417cdba3196f5fa65c4cd634ab13173
2016-10-10 15:33:48 +00:00
Jenkins
22bdaad684 Merge "Move the opensuse mkinitrd script to the zypper element" 2016-10-10 14:36:12 +00:00
Jenkins
a56daaeaf2 Merge "Add pkg-map for gentoo to runtime-ssh-host-keys" 2016-10-07 17:28:35 +00:00
Matthew Thode
82b299bbdf
start cloud-init-local in the boot runlevel
cloud-init-local needs to be run in the boot runlevel because it
modifies services in the default runlevel. When a runlevel is started
it is cached, so modifications that happen to the current runlevel while
you are in it are not acted upon.

Change-Id: Ifeae0071fc9e738ec223ec0df271559ad6e0196b
2016-10-07 11:16:28 -05:00
Jenkins
5897e4975d Merge "Disabling all previous repos registered in the system" 2016-10-07 11:05:46 +00:00
Gregory Haynes
c67e7ed15e Generate ssh-hostkeys on boot for ironic agent
Ironic agent images should have ssh hostkeys in image on boot.

Change-Id: If8d42bb8b8bff417d5b1d4d8bc371425697edde5
Closes-Bug: #1556145
2016-10-06 14:29:23 -07:00
Matthew Thode
3571647692
Add pkg-map for gentoo to runtime-ssh-host-keys
Openssh is provided by default so it is not needed to be installed here.

Change-Id: Id86f9a1d214c775570f0c9e2df4ea81367bb5b7e
2016-10-06 11:57:34 -05:00
Jenkins
12a73cf204 Merge "Default to http://ftp.us.debian.org/debian for debian-minimal" 2016-10-05 12:56:07 +00:00
Markos Chandras
90536dbab3 Add opensuse-minimal element
Add a new opensuse-minimal element to build small and highly
configurable openSUSE based images using the zypper-minimal element
as the main building mechanism

Change-Id: Iebfc4ad4aff763e511b093f1607b55851ccbddcb
2016-10-05 09:39:29 +01:00
Markos Chandras
c69c6c5a84 Add zypper-minimal element
Add a new zypper-minimal element to bootstrap SUSE-based distributions

Change-Id: Id63397e412a929d61247cfd3d9f8d4e758c1248a
2016-10-05 09:27:17 +01:00
Markos Chandras
8dde310cf3 Move the opensuse mkinitrd script to the zypper element
All SUSE-based elements can benefit from the mkinitrd phase to move it
to a more generic location.

Change-Id: Ife171d462a393b6ac0bf2c5eaa48ea25eaf4d1cc
2016-10-05 09:11:00 +01:00
Jenkins
80153520ac Merge "Move opensuse utils to zypper so they can be shared by SUSE-based distros" 2016-10-05 05:10:15 +00:00
Jenkins
04b05f261e Merge "Fix typo in extracting root partition" 2016-10-05 04:00:39 +00:00
Paul Belanger
7dc9465ed1
Default to http://ftp.us.debian.org/debian for debian-minimal
Since http://httpredir.debian.org is unreliable is selecting a mirror
to use, we'll now default to http://ftp.us.debian.org/debian.  In
fact, in openstack-infra we have been overriding httpredir.debian.org
for a while, now make this default in diskimage-builder.

Change-Id: I48658bc076e13a0913821197e4120c73618fef8f
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2016-10-01 21:10:08 -04:00
Markos Chandras
b9e9e2091e Move opensuse utils to zypper so they can be shared by SUSE-based distros
Move the opensuse utilities to the zypper element so they can be used by
SUSE or zypper based elements. This brings the zypper element somewhat
in line with the rest of the package manager elements.

Change-Id: I8aa2849231454216cdd47629a5e2d6e45769dbbe
2016-09-29 22:56:17 +01:00
Jenkins
b0d72a3161 Merge "Create runtime-ssh-host-keys element" 2016-09-27 23:10:05 +00:00
Yolanda Robla Mota
c6b4e639b0 Disabling all previous repos registered in the system
Depending on the pool id used, so many repos are brought,
including not valid ones that cause image to crash, or repos
that include conflicting packages.
Before enabling repos, disable all previous ones, so we
can be sure that we only bring the repos specified in the
parameters.

Change-Id: Ifd4d8d1d4fa954cd2593669e516e3201f2d6f6c1
2016-09-27 11:47:05 +02:00
Yolanda Robla Mota
f6e11c91c3 Fix typo in extracting root partition
Change-Id: Ie8dfd958d57ef92988647166f2031adb8406b0d7
2016-09-27 09:41:32 +02:00
Paul Belanger
45467e4229
Create runtime-ssh-host-keys element
Move managing of SSH host keys into a dedicated element.

Because glean doesn't generate SSH host keys anymore, we need to do it
with a systemd script. This is already handled by CentOS / Fedora so
we don't want to add it there.

This was done to address the upstream bug in debian:

  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500192

Change-Id: I31ad667672e08350872db21a83445fe0aa7a4a39
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2016-09-26 12:32:38 -04:00
Jenkins
d6794ba673 Merge "Shorten DHCP timeout in dhcp-all-interfaces" 2016-09-23 14:20:09 +00:00
Jiri Stransky
93425d14ce Fix grub installation for RHEL
Grub is first removed and then installed during RHEL image building. The
grub2 package typically requires the same version of grub2-tools, so if
we just remove and install the grub2 package, the installation can
potentially fail on being out of sync with grub2-tools version. Removing
and reinstalling both packages fixes this issue. Those packages are
already in package map for RHEL as "grub-pc", so we can use this alias.

Change-Id: Iefd9c17fffd43de3fea260510ad218b1322eecb3
Closes-Bug: #1627000
2016-09-23 14:14:49 +02:00
Jenkins
3a0f46282f Merge "elements: opensuse: Add support for openSUSE Leap" 2016-09-23 08:48:46 +00:00
Jenkins
e84488cad1 Merge "Allow ramdisk-create to run without $USER set" 2016-09-23 06:46:31 +00:00
Ben Nemec
2747613ca2 Shorten DHCP timeout in dhcp-all-interfaces
We are currently wasting about 10 minutes per deploy waiting for
DHCP on interfaces that will never get it.  By default, the timeout
seems to be 5 minutes (the 10 minutes is because we boot both the
IPA ramdisk and the deployed image, and each waits for 5 minutes),
which is excessively long to get a DHCP response.  This change
shortens the time to 30 seconds.  If an interface hasn't gotten a
response in 30 seconds, chances are it's not going to.  A 30
second wait should reduce our wasted time to 1 minute, which is
more reasonable.

This is being done in the systemd unit file because the -timeout
option to dhclient doesn't seem to override what is configured in
dhclient.conf, and doing it in the systemd file means that this
change will be limited to only the interfaces configured by
dhcp-all-interfaces.

Change-Id: Ia8610e3def39c937eb0c861fdc9bc571ec39f9f4
Closes-Bug: 1626673
2016-09-22 17:01:06 -05:00
Jenkins
0559818e04 Merge "don't configure 'lo' for dhcp" 2016-09-20 23:37:42 +00:00
Jenkins
4d79e5f519 Merge "Document source glean installs in simple-init" 2016-09-20 23:05:53 +00:00
Jenkins
d8a800c638 Merge "Add libselinux-python to yum-minimal" 2016-09-20 06:23:34 +00:00
Ian Wienand
ce410de834 yum-minimal: Disable excludes when installing pkg manager
Because we are using the building platform's "yum" to do the initial
install into the chroot, it is affected by the base-system's
/etc/yum.conf.

pip-and-virtaulenv in I82acb865378a0fa5903a6267bfcee0e2962eced0 added
"exclude=python-pip..." in /etc/yum.conf to stop the package manager
overwriting the installed pip.  Now our CI images have built with
this, we are now picking up this exclude on centos.  Since on F24
dnf->python->python-pip we end up failing to build the the chroot
because python-pip can not be satisifed.  In a general sense, however,
this could be caused by any configuration put into /etc/yum.conf that
is incompatible with installing into the chroot.

yum has the option to disable all excludes which is used here.  This
seems to be the best way to isolate the chroot install from any
excludes that may have been done on the base system for various
reasons.  I did consider using a completely separate yum.conf we ship
with dib ... but let's start simple.

This should fix the current gate failures on centos

Change-Id: I4e4cc8ed09a29c4057ade34ea93025139e191bf5
2016-09-20 09:31:44 +10:00
Monty Taylor
fd18cb74b2
Add libselinux-python to yum-minimal
yum-minimal installs selinux but not libselinux-python, which makes
interacting with the node from ansible hard fail. Add it.

Change-Id: I403e7806ae10d5dd96d0727832f4da20e34b94c7
2016-09-17 01:25:31 +02:00
Markos Chandras
0ddea940ad elements: opensuse: Add support for openSUSE Leap
Add support for new openSUSE Leap releases. Moreover, document
common environment variables and remove old note.

Change-Id: I8cf0b215cb4d9231e5658d49e3fd598dfbb5fd37
2016-09-16 16:13:19 +01:00
Jenkins
63a27bd0c4 Merge "Fix mellanox element required kernel modules and user space packages" 2016-09-13 06:07:27 +00:00
John Trowbridge
49baaa4114 Remove EPEL as hardcoded dependency of centos elements
The previous commit removes dkms from the base element, which
means the centos elements should no longer have a dependency on
EPEL.  Therefore, we should not hardcode the epel dependency.  It
can still be included in image builds as desired by using the epel
element explicitly.

Co-Authored-By: Ben Nemec <bnemec@redhat.com>
Change-Id: Iceff0d5bedd9816adfd2990970e7c216b67b6bd0
2016-09-12 11:42:55 -05:00
Ben Nemec
01a0dbf7c0 Remove unnecessary dkms install from base
The use of dkms in base was actually removed long ago in
Ic2c345bf9f0738dadae611194e263d3a5d424a3e and it is creating an
unnecessary dependency on EPEL for the centos elements.

Change-Id: Iae3100471e50a9c39f40b450f087192918ae54b3
2016-09-12 11:42:51 -05:00
Noam Angel
07e34f90e7 Fix mellanox element required kernel modules and user space packages
This fix add need kernel module for Infiniband and ConnectX-4+ network
cards.
Also install by default required user space packages.
Change-Id: Ia2e7b1820f197778138a23fafaccb5a4fb44369a
2016-09-11 11:40:20 +00:00
Waldemar Znoinski
bc80572061 don't configure 'lo' for dhcp
On systemd-based operating systems that don't
use /etc/sysconfig/network-scripts
dhcp-all-interfaces configures 'lo' for dhcp.
This causes errors and fails networking.target
causing system-wide issues. This change excludes
'lo' at dhcp-all-interfaces udev rules level.

Closes-bug: #1621501
Change-Id: I7563b766827bedbea7ae1de35e5bdfcbf1fc0d1e
Co-Authored-By: Jeremy Stanley <fungi@yuggoth.org>
2016-09-09 09:01:59 +00:00
Jenkins
ca53af1184 Merge "fix systemd resource deadlock" 2016-09-06 23:33:03 +00:00
Jenkins
1041b5c9d5 Merge "Revert "Revert "Pre-install pip/virtualenv packages""" 2016-09-06 21:21:11 +00:00
Waldemar Znoinski
4b222b8263 fix systemd resource deadlock
Dependency to start network-pre (which
depends on network.target) before
dhcp-interface@.service collides with
Ubuntu's own network.target that suupose
to start after network-pre.

Change-Id: I9e59c970bfb1ebdaa15b4ec6b545761ede3ca056
Closes-bug: #1619816
2016-09-06 04:47:29 +00:00
Clark Boylan
07f22a3388 Document source glean installs in simple-init
It is possible and often desired to install glean from a source
repository when using the simple-init element. Document the process for
doing this.

Change-Id: Ie7c690406b14aae07d73261879b7ce8a2ed9dd8d
2016-09-01 15:03:38 -07:00
Jenkins
a2d3d340d3 Merge "Update portage only if needed" 2016-09-01 06:29:16 +00:00
Jenkins
c526220c6f Merge "Generate and use upper-constraints for ironic-agent" 2016-09-01 06:29:09 +00:00
Jenkins
02e3b4d5c0 Merge "Disabled IPv6 privacy extensions" 2016-09-01 06:11:08 +00:00
Jenkins
41c7dd2e56 Merge "Add tests for building *-minimal images" 2016-09-01 05:44:03 +00:00
Jenkins
b10752ca71 Merge "Update GRUB_MKCONFIG for detecting what's installed" 2016-09-01 05:14:53 +00:00
Jenkins
36c3d1ff50 Merge "add no_proxy when debootstrap trying to use proxy" 2016-09-01 05:14:47 +00:00
Kevin Carter
4b1a875e56 Disabled IPv6 privacy extensions
IPv6 privacy extensions can cause issues by preferring a temporary
network over a public one. This preference may limit connectivity
in certain situations. An example of a connectivity issue can be
seen where the command ``traceroute6`` fails or misses all hops
while other traffic to a given domain with a "AAAA" record may
succeed. To resolve this issue the IPv6 privacy extensions have
been disabled.

Change-Id: I62b9d6301b9e8b8e93b49cecbc96334ceea92fa5
Related-Bug: #1068756
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2016-09-01 14:41:26 +10:00
Jenkins
7e0e13106d Merge "Explain difference between two envvars" 2016-09-01 04:38:38 +00:00
Mathieu Mitchell
796dcd043b Generate and use upper-constraints for ironic-agent
Currently, ironic-python-agent is installed without using an
upper-constraints.txt file.

This commits ensures ironic-python-agent is installed using
upper-constraints.

Change-Id: I6be6cfc012941e2cc9996717cba39b5415b85e14
Closes-Bug: #1616554
2016-08-29 21:05:04 +00:00
Xiang Chen
ff234b65ea Explain difference between two envvars
Explain difference between 'DIB_OFFLINE' and
 'DIB_DEBIAN_USE_DEBOOTSTRAP_CACHE'

Those variables are not redundant,they hava different effective ranges.
However,some people may be confused about this and reported a bug.
So,this difference should be writen in the README file.

Closes-Bug: #1506275

Change-Id: Ie5316de41d129bf98781708954f09ef0b2592b53
2016-08-25 10:07:29 +08:00
Jenkins
0ca20753ce Merge "Add "audit"package to yum-minimal" 2016-08-22 17:00:27 +00:00
Gregory Haynes
a1bfca6022 Add tests for building *-minimal images
Lets make sure these images can be built.

Change-Id: Idbd07b98c0181738d002a53373425e056390beea
2016-08-22 16:53:32 +00:00
Matthew Thode
c3a036e54f
Update portage only if needed
Currently we update portage whenever we could need it.  Instead we
should update portage only if we actually need to.  This update adds a
check to do so.

Change-Id: Ifdb27fd844b0b3a169ced945ac7ee0ddc235e9ec
2016-08-22 07:14:25 -05:00
Matthew Thode
c1c2f7147b
Update GRUB_MKCONFIG for detecting what's installed
Gentoo has updated it's grub ebuild to default to the upstream
recommended installation parameter of grub-mkconfig instead of our
default multislot installation of grub2-mkconfig.  Update the command
line parameter so that it works with both.

Change-Id: I359b44338a4f76af7c026f5cad212e6dc3dbf2b3
2016-08-22 07:12:15 -05:00
Gregory Haynes
6180d82f14 Allow ramdisk-create to run without $USER set
It's possible this is run form an environment where $USER isn't set,
properly fallback to whoami in this case.

Change-Id: I1181f714c3c456ee264b34d282bac5c0adb67a0e
2016-08-19 16:04:32 +00:00
Jenkins
c20a42051a Merge "Change DIB_IPA_CERT resulting file name" 2016-08-18 13:35:12 +00:00
Juan Antonio Osorio Robles
1787754d57 Change DIB_IPA_CERT resulting file name
Even though this file ends up in the /tmp directory, for readability
it's good to point out that server.pem is not necessarily the
certificate for a server, but can be a CA certificate which is
trusted if this option is used.

Change-Id: Iea27a702a844456e4472957438f75ed3819d62ca
2016-08-15 15:19:04 +03:00
Yolanda Robla Mota
c1bac651cb Allow to skip kernel cleanup
For some use cases, it can be useful to keep all the kernels
and not just keep the latest one. Add a parameter that allows
it, and continue cleaning up kernels by default.

Change-Id: Ia6e6c1fa18e3724c1eb89226151d81e9e748b793
2016-08-12 12:49:19 +02:00
Jenkins
cf2030c2f6 Merge "secure_path in sudoers: deal with possible quotes" 2016-08-11 00:21:14 +00:00
Ian Wienand
944b4fea0f Add "audit"package to yum-minimal
Kernels are built with auditing support, and without the audit deamon
logs bubble up to spam the console and /var/log/messages.  This
package contains the audit daemon that catches these messages.

Change-Id: Ie3e216bab33b27f2d67a9379ddc3e89d66449251
2016-08-08 17:54:20 +10:00
Jenkins
46ce2ac527 Merge "Optionally remove portage files" 2016-08-04 05:20:54 +00:00
Gabriele Cerami
5e957f6350 secure_path in sudoers: deal with possible quotes
Sometimes the secure_path option value in /etc/sudoers is surrounded by
quotes, in this case the current command creates an invalid entry and
it's not possible to sudo anymore.
This fix adjust the sed command to deal with possible quotes

Change-Id: Ifd6f9e29b3c0d04d6f65d3f55524ad202fb3294e
2016-08-03 15:24:07 +02:00
Matthew Thode
ffb8efda74
Optionally remove portage files
Optionally remove portage files, so that we can cache package and
keep the portage directory around, specifically for nodepool.

This also adds a section to the Gentoo readme about the variable
and renames the 00-gentoo-distro-name environment file to a more
appropriate name of 00-gentoo-envars.

Also brought up was the location of the gentoo-releng.gpg file,
this has been moved and the refrencing paths updated.

Change-Id: I20c91b36082828faa1ca481585acc5f9933211e1
2016-08-02 16:42:29 -05:00
Ben Nemec
e49d347ba9 Generalize logic for skipping final image generation
Since the ironic-agent element builds the ramdisk and extracts the
kernel itself, there's no need to actually generate an image at the
end of the process.  Previously the unnecessary image was being
deleted, but this wastes a bunch of time compressing and converting
the image.  It's better to just not create the image at all.

This change adds a noop element called no-final-image that
disk-image-create looks for in the element list and, if found, will
cause it to skip the final image generation.  This is more flexible
than the previous ironic-agent-specific method that would have
required changes to disk-image-create for every element that wanted
to behave similarly.

Note that this cannot be done using an environment variable, because
element environments.d entries do not propagate out to
disk-image-create.  It also doesn't make sense as a user option
because it should be set by the element author, not the user.

Change-Id: I168feb18f0d578b3babbe4784d3ef75e755e1ebd
2016-07-28 13:14:36 -05:00
Jenkins
ed116d60a9 Merge "Fix proliant-tools dependencies" 2016-07-27 21:19:32 +00:00
Jenkins
e884309272 Merge "yum-minimal: set locale.conf and tz in chroot" 2016-07-27 08:52:39 +00:00
Xiang Chen
6ae60b2e8f add no_proxy when debootstrap trying to use proxy
Most of the time,no useing no_proxy is ok,but sometime this will cause problem.
Add no_proxy here will increase the robustness of the program .

Change-Id: I976e689760d2e6de9e2081fcdee4f71299e8470e
2016-07-22 14:56:22 +08:00
stephane
b7d391f25d Fix proliant-tools dependencies
The proliant-tools element was missing a few
dependencies which were stopping it from
building correctly.

Change-Id: Ib7159a0baa7932d1571272cefffaf01d60e9debc
Closes-Bug: #1590176
2016-07-20 14:50:21 -07:00
Jenkins
71c68bf18d Merge "Fix packaging problems for Debian" 2016-07-20 21:21:08 +00:00
Andreas Florath
a8c8c61711 Fix packaging problems for Debian
This patch solves three issues with Debian packaging / apt:

o When building 'testing' only default apt sources is
  included - backports, updates and security are skipped because they
  do not exists.

o The default release for Debian was `unstable`: this is now fixed to
  `stable`.

o Starting a Debian Stretch VM that was build with diskimage-builder
  does not work, because some mandatory packages are missing.
  This patch fixes this problem: it adds the mandatory packages and
  the test case.

Change-Id: If49b5b162c4da1e074e9b19324839bc59d87dc57
Signed-off-by: Andreas Florath <andreas@florath.net>
2016-07-19 07:11:57 +02:00