Grub is first removed and then installed during RHEL image building. The
grub2 package typically requires the same version of grub2-tools, so if
we just remove and install the grub2 package, the installation can
potentially fail on being out of sync with grub2-tools version. Removing
and reinstalling both packages fixes this issue. Those packages are
already in package map for RHEL as "grub-pc", so we can use this alias.
Change-Id: Iefd9c17fffd43de3fea260510ad218b1322eecb3
Closes-Bug: #1627000
We are currently wasting about 10 minutes per deploy waiting for
DHCP on interfaces that will never get it. By default, the timeout
seems to be 5 minutes (the 10 minutes is because we boot both the
IPA ramdisk and the deployed image, and each waits for 5 minutes),
which is excessively long to get a DHCP response. This change
shortens the time to 30 seconds. If an interface hasn't gotten a
response in 30 seconds, chances are it's not going to. A 30
second wait should reduce our wasted time to 1 minute, which is
more reasonable.
This is being done in the systemd unit file because the -timeout
option to dhclient doesn't seem to override what is configured in
dhclient.conf, and doing it in the systemd file means that this
change will be limited to only the interfaces configured by
dhcp-all-interfaces.
Change-Id: Ia8610e3def39c937eb0c861fdc9bc571ec39f9f4
Closes-Bug: 1626673
Because we are using the building platform's "yum" to do the initial
install into the chroot, it is affected by the base-system's
/etc/yum.conf.
pip-and-virtaulenv in I82acb865378a0fa5903a6267bfcee0e2962eced0 added
"exclude=python-pip..." in /etc/yum.conf to stop the package manager
overwriting the installed pip. Now our CI images have built with
this, we are now picking up this exclude on centos. Since on F24
dnf->python->python-pip we end up failing to build the the chroot
because python-pip can not be satisifed. In a general sense, however,
this could be caused by any configuration put into /etc/yum.conf that
is incompatible with installing into the chroot.
yum has the option to disable all excludes which is used here. This
seems to be the best way to isolate the chroot install from any
excludes that may have been done on the base system for various
reasons. I did consider using a completely separate yum.conf we ship
with dib ... but let's start simple.
This should fix the current gate failures on centos
Change-Id: I4e4cc8ed09a29c4057ade34ea93025139e191bf5
yum-minimal installs selinux but not libselinux-python, which makes
interacting with the node from ansible hard fail. Add it.
Change-Id: I403e7806ae10d5dd96d0727832f4da20e34b94c7
Add support for new openSUSE Leap releases. Moreover, document
common environment variables and remove old note.
Change-Id: I8cf0b215cb4d9231e5658d49e3fd598dfbb5fd37
The previous commit removes dkms from the base element, which
means the centos elements should no longer have a dependency on
EPEL. Therefore, we should not hardcode the epel dependency. It
can still be included in image builds as desired by using the epel
element explicitly.
Co-Authored-By: Ben Nemec <bnemec@redhat.com>
Change-Id: Iceff0d5bedd9816adfd2990970e7c216b67b6bd0
The use of dkms in base was actually removed long ago in
Ic2c345bf9f0738dadae611194e263d3a5d424a3e and it is creating an
unnecessary dependency on EPEL for the centos elements.
Change-Id: Iae3100471e50a9c39f40b450f087192918ae54b3
This fix add need kernel module for Infiniband and ConnectX-4+ network
cards.
Also install by default required user space packages.
Change-Id: Ia2e7b1820f197778138a23fafaccb5a4fb44369a
On systemd-based operating systems that don't
use /etc/sysconfig/network-scripts
dhcp-all-interfaces configures 'lo' for dhcp.
This causes errors and fails networking.target
causing system-wide issues. This change excludes
'lo' at dhcp-all-interfaces udev rules level.
Closes-bug: #1621501
Change-Id: I7563b766827bedbea7ae1de35e5bdfcbf1fc0d1e
Co-Authored-By: Jeremy Stanley <fungi@yuggoth.org>
Dependency to start network-pre (which
depends on network.target) before
dhcp-interface@.service collides with
Ubuntu's own network.target that suupose
to start after network-pre.
Change-Id: I9e59c970bfb1ebdaa15b4ec6b545761ede3ca056
Closes-bug: #1619816
It is possible and often desired to install glean from a source
repository when using the simple-init element. Document the process for
doing this.
Change-Id: Ie7c690406b14aae07d73261879b7ce8a2ed9dd8d
IPv6 privacy extensions can cause issues by preferring a temporary
network over a public one. This preference may limit connectivity
in certain situations. An example of a connectivity issue can be
seen where the command ``traceroute6`` fails or misses all hops
while other traffic to a given domain with a "AAAA" record may
succeed. To resolve this issue the IPv6 privacy extensions have
been disabled.
Change-Id: I62b9d6301b9e8b8e93b49cecbc96334ceea92fa5
Related-Bug: #1068756
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Currently, ironic-python-agent is installed without using an
upper-constraints.txt file.
This commits ensures ironic-python-agent is installed using
upper-constraints.
Change-Id: I6be6cfc012941e2cc9996717cba39b5415b85e14
Closes-Bug: #1616554
Explain difference between 'DIB_OFFLINE' and
'DIB_DEBIAN_USE_DEBOOTSTRAP_CACHE'
Those variables are not redundant,they hava different effective ranges.
However,some people may be confused about this and reported a bug.
So,this difference should be writen in the README file.
Closes-Bug: #1506275
Change-Id: Ie5316de41d129bf98781708954f09ef0b2592b53
Currently we update portage whenever we could need it. Instead we
should update portage only if we actually need to. This update adds a
check to do so.
Change-Id: Ifdb27fd844b0b3a169ced945ac7ee0ddc235e9ec
Gentoo has updated it's grub ebuild to default to the upstream
recommended installation parameter of grub-mkconfig instead of our
default multislot installation of grub2-mkconfig. Update the command
line parameter so that it works with both.
Change-Id: I359b44338a4f76af7c026f5cad212e6dc3dbf2b3
It's possible this is run form an environment where $USER isn't set,
properly fallback to whoami in this case.
Change-Id: I1181f714c3c456ee264b34d282bac5c0adb67a0e
Even though this file ends up in the /tmp directory, for readability
it's good to point out that server.pem is not necessarily the
certificate for a server, but can be a CA certificate which is
trusted if this option is used.
Change-Id: Iea27a702a844456e4472957438f75ed3819d62ca
For some use cases, it can be useful to keep all the kernels
and not just keep the latest one. Add a parameter that allows
it, and continue cleaning up kernels by default.
Change-Id: Ia6e6c1fa18e3724c1eb89226151d81e9e748b793
Kernels are built with auditing support, and without the audit deamon
logs bubble up to spam the console and /var/log/messages. This
package contains the audit daemon that catches these messages.
Change-Id: Ie3e216bab33b27f2d67a9379ddc3e89d66449251
Sometimes the secure_path option value in /etc/sudoers is surrounded by
quotes, in this case the current command creates an invalid entry and
it's not possible to sudo anymore.
This fix adjust the sed command to deal with possible quotes
Change-Id: Ifd6f9e29b3c0d04d6f65d3f55524ad202fb3294e
Optionally remove portage files, so that we can cache package and
keep the portage directory around, specifically for nodepool.
This also adds a section to the Gentoo readme about the variable
and renames the 00-gentoo-distro-name environment file to a more
appropriate name of 00-gentoo-envars.
Also brought up was the location of the gentoo-releng.gpg file,
this has been moved and the refrencing paths updated.
Change-Id: I20c91b36082828faa1ca481585acc5f9933211e1
Since the ironic-agent element builds the ramdisk and extracts the
kernel itself, there's no need to actually generate an image at the
end of the process. Previously the unnecessary image was being
deleted, but this wastes a bunch of time compressing and converting
the image. It's better to just not create the image at all.
This change adds a noop element called no-final-image that
disk-image-create looks for in the element list and, if found, will
cause it to skip the final image generation. This is more flexible
than the previous ironic-agent-specific method that would have
required changes to disk-image-create for every element that wanted
to behave similarly.
Note that this cannot be done using an environment variable, because
element environments.d entries do not propagate out to
disk-image-create. It also doesn't make sense as a user option
because it should be set by the element author, not the user.
Change-Id: I168feb18f0d578b3babbe4784d3ef75e755e1ebd
Most of the time,no useing no_proxy is ok,but sometime this will cause problem.
Add no_proxy here will increase the robustness of the program .
Change-Id: I976e689760d2e6de9e2081fcdee4f71299e8470e
The proliant-tools element was missing a few
dependencies which were stopping it from
building correctly.
Change-Id: Ib7159a0baa7932d1571272cefffaf01d60e9debc
Closes-Bug: #1590176
This patch solves three issues with Debian packaging / apt:
o When building 'testing' only default apt sources is
included - backports, updates and security are skipped because they
do not exists.
o The default release for Debian was `unstable`: this is now fixed to
`stable`.
o Starting a Debian Stretch VM that was build with diskimage-builder
does not work, because some mandatory packages are missing.
This patch fixes this problem: it adds the mandatory packages and
the test case.
Change-Id: If49b5b162c4da1e074e9b19324839bc59d87dc57
Signed-off-by: Andreas Florath <andreas@florath.net>
We should be doing more to ensure initial configuration during
configuration. Taken from the steps done by [1], here we set
locale.conf and a general timezone.
The only reliable UTF8 locale is en_US.UTF-8; we don't want to use C
locale as it causes havoc with things like python3 and unicode. We
set locale.conf to this.
For Fedora 24 ensure we install the en_* locales too (this is really a
bug separate to this -- when you log in, by default ssh tries to copy
over your locale env variables, so logging into a F24 system would
result in using invalid locales for the most common en_* cases).
While we are here, setup a timezone link. It turns out infra puppet
overwrites this later, but at least we have a sane default.
[1] https://www.freedesktop.org/software/systemd/man/systemd-firstboot.html#
Change-Id: Ib8951a97f1772bc5228c682e88628ff53400a923
This reverts commit a645fa4ffb.
It is really devstack causing problems here; it was removing the
python-virtualenv package & re-installing using pip (see depends-on).
This failed because the pip-install we did here removed the egg-file
that rpm expected to be there, so rpm bailed out on the removal.
But even if it worked, this just leads you back down the path of the
original problem; that the system packaged version can be re-installed
and overwrites the pip installed version. Thus I still believe this
is the correct thing to do in the dib element.
Note it is not a common problem (devstack aside); most jobs don't
touch python-virtualenv & related packages (the one we did notice this
on was being brought over from travisci where it was required for some
reason).
Change-Id: I82acb865378a0fa5903a6267bfcee0e2962eced0
Depends-On: Ib0edf6c4ee8a510e9d671213de35d787f56acfed
"visudo -c" should be run after the sudoers file has been edited. This
will ensure that the file is still syntactically correct, and exit 1 if
it isn't. Otherwise, obscure errors can occur later on, and it is
difficult to track them back to this script as the source of the error.
Change-Id: Id0e5114d72c0779952a0c2c2c06696929c6c8b17
Icf8a075224833fcfbbe2128e8802ff41c39f3c09 looked rather ugly, and it's
easy for us to expand the processing done in the arch list.
Change "arch" to a comma-separated list of architectures that should
match for install.
Add a "not-arch" list which will exclude the package from installation
on those architectures. (An aside -- I considered making it just he
one list with foo,!bar,moo but ! has special meaning in YAML, so it's
easier to have two lists).
$ ARCH=ppc64 package-installs-squash --elements ironic-agent --path=./elements/ /dev/stdout | grep dmidecode
$ ARCH=ppc64 package-installs-squash --elements ironic-agent --path=./elements/ /dev/stdout | grep lshw
"lshw",
$ ARCH=amd64 package-installs-squash --elements ironic-agent --path=./elements/ /dev/stdout | grep lshw
$ ARCH=amd64 package-installs-squash --elements ironic-agent --path=./elements/ /dev/stdout | grep dmidecode
"dmidecode",
Change-Id: Ic69dd02a09e6f3ba9078a2377d8df29871a20db2
Other fedora/centos elements can use the YUM variable, already set in
some base elements (fedora, centos-minimal). This commit also exports it
for centos/centos7.
Set a fallback value in pip-and-virtualenv element.
Change-Id: I681d77b924be035c81043bb34c72ec5f859e7108
Closes-Bug: 1598087
While we already clean a number of things off the ironic-agent
ramdisk, there are a few more significant ones that we should add
to the list.
First is the kernel source. If you're rebuilding your kernel on
the agent ramdisk after the initial image build, then you need to
re-examine your life choices. ;-)
Second is /var/cache. On yum-based distros, this contains a large
number of yum cache files that take up significant space. We don't
really want to be copying around caches when booting a ramdisk
anyway, so cleaning this is the right thing to do regardless.
Third is all *.pyc or *.pyo files. There are a lot of these, so
they eat up significant space and bloat the number of files in the
ramdisk, which makes it take longer to build. the only purpose for
the files is to slightly speed up Python app startup, and we
probably lose more time transferring the files over the network
than we would gain in quicker start times. Note that we were
already trying to remove these, but for some reason I was still
seeing them show up in my final images. It makes more sense to
put them in the same pruning command as all the others anyway.
Fourth is /usr/include. These are files only needed for
compilation. See above for my thoughts on compiling in a ramdisk.
These changes have reduced the agent ramdisk from 391 MB to 333 MB
in my local centos 7 builds, and have reduced the number of files
in the ramdisk by over 18000.
Change-Id: I550f9904b9afd12d48da9ba24559acb23133d076
Fedora 24 has split locales into separate packages. Testing revealed
what is possibly a bug in the choosing of default packages, so add a
small work-around to ensure the minimal locale pack is installed.
This appears to be the only change required for fedora-minimal with
Fedora 24; at least to build with the project-config infra elements.
Change-Id: I64438c34c572ed96211384ae1bfb45b2949e4318
This does not need to be the last finalise step, and some late finalise
steps can disable the network (for example, Octavia amphora DIB cleans
resolv.conf at 99) Moving it to 60 also aligns it with rhsm-unregister
rhel6 element, and still allows to run subscription-manager steps
before.
Also fix an unbound variable error that appeared when both
BASE_IMAGE_FILE and DIB_CLOUD_IMAGES are unset.
Change-Id: Icb0e20b01479fea345e01309fc4bf3f7f639900c
If we're installing pip/virtualenv from source, we need to make sure
we pre-install the packaged versions before the upstream
versions. Otherwise, CI jobs later on that depend on packaged versions
of pip/virtualenv can bring them in and overwrite the upstream
versions we have installed, which leads to a heck of a mess and
usually very confusing failures.
I have also moved in a small hack from system-config:install_puppet.sh
that we found was necessary when using pip versions from upstream.
Note this is not as much of an issue on Debian/Ubuntu, as they keep
their pip packages in a separate place to the system packages, so you
don't have these overwite conflicts as much.
Change-Id: Ib40708c07b939b84661c44df88a5a308fd0c7216
The initramfs file created by the ironic-agent element is
owned by the user running disk-image-create; ensure that
the other files created by the element are also owned by
the user.
Change-Id: I829db5b8e8bf1fc68face9cd2bda52d2a5ccdd4f
Closes-Bug: 1593010
The latest Fedora/Ubuntu images don't ship python2 by default, so we
need to use our dib-python wrapper for this so we work in python3 only
environments.
Closes-bug: 1577105
Change-Id: I1048ceef35f269960216066924986eec6117ca00
This element takes up a *huge* part of the logs of openstack-infra
builds as we go and cache every git tree.
This silences most of the noise which will reduce the mess
in the logs considerably.
Note that we've had logging on this turned down since
I91c5e55814ba9840769357261d203f4850e2eba6 but it has been
ineffective in stopping the log-spew output, see the
dependency change.
Change-Id: I60f06f84d57087c82b3907575bff125015d35171
Depends-On: I1e39822f218dc0322e2490a770f3dc867a55802c
It turns out our manual locale cleanup is causing issues (see
I54490b17a7f8b2f977369044fcc6bb49cc13768e). Upon further
investigation, I think this is a better approach than manually
deleting repos.
glibc on Fedora obeys the %_install_langs macro for reducing the
installed locales (as mentioned in the comments, F24 has moved to
having different packages, but worry about that later).
So our existing clear-out is really only required for CentOS, whose
glibc does not have any way to indicate to build less locales.
However, %_install_langs is still correct there, as it restricts some
of the translation files and other things installed with the %lang
macro in spec files.
This is complicated by us having to set this at glibc-common install
time, which happens with the "yum" from outside the chroot (i.e. on
trusty). Since this is too old to have flags to pass this, we need to
fiddle with rpmmacros.
I've tested this with fedora-minimal builds and the locales file is
about 2MiB, which is what it was after the cleanups, and the listed
locales are only those we expect (i.e. it appears to be working).
Change-Id: I528a68beeb7b2ceec25ccbec1900670501608158
Because Fedora 21 is EOL, the appropriate cloud images were
removed from the mirrors during the last days.
Because of the removal, currently all CI tests are failing.
This patch removes the Fedora 21 CI tests.
(Adding and supporting Fedora 23 is done with another patch -
because some additional changes are needed here.)
Change-Id: Ib85bb6fafd4f56ecc55dd420048f4d9e6e6969f3
Signed-off-by: Andreas Florath <andreas@florath.net>
I realised I'd been using die() in a few places assuming it was
available, but it wasn't exported. I guess it didn't matter because
whatever was wrong, we were failing anyway :)
This exports the function to make it available to sub-processes, which
should remove the need to source it as done in several places.
Change-Id: I7b9a5a6db406e160099b6ed9fde80455ae227327
If REPOREF="*", HAS_REF will be used without initialization. As -u is set
the script will terminate with error.
Change-Id: Ic1d88415adfef66dfc6c1d92610a45a9eb6359f3
Signed-off-by: Liu Qing <liuqing@chinac.com>
The "set to localhost by default" behavior for manage_etc_hosts has been
deprecated for more than a year now by change
Ia8582883f737548e2911d3f36a1943e5b236281b.
Setting that value to "localhost" is still possible, but it won't be the
default anymore. If the previous behavior of assigning the hostname and
FQDN to 127.0.0.1 is still desired in some environments, it can be
achieved by setting the DIB_CLOUD_INIT_ETC_HOSTS environment variable,
as the deprecation warning message suggested.
Change-Id: I5a19d46e2f305769a0c89c9d25d2e6be02910221
Add a pkg-map to install cloud-initramfs-growroot on Precise, as it is
required there because the kernel is too old to use growroot on a live
file-system. This was generically removed in
e23b087505.
Change-Id: I5e6cbc4b74dc72a6f23f73a018c028f3ff7c0157
Add ability to filter in pkg-map on release, which defaults to
DIB_RELEASE. As per the examples, release is a more specific target
than distro, but distro still has to match.
Added a debug flag and ability to use a pkg-map directly for
debugging/development.
Change-Id: Ie282f96966e46236b06bc276de0168fc7a66c5da
Export FS_TYPE from img-defaults and use it to remove hard-coded
defaults in the debootstrap mounting. Also, cleanup the suse element
as it should have access to the exported variable.
Change-Id: Ie9b671ca9336060a5ad294be48aa7eff442bf066
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Currently there is no way for a service to become aware that
dhcp-all-interfaces is finished configuring all the interfaces at
boot time. This causes problems for applications like the
ironic-python-agent which scans the interfaces when it first starts as
part of the inspection stage and can race against dhcp-all-interfaces
bringing up the interfaces, leading to inconsistent results.
This patch ensures that the dhcp-all-interfaces script runs before any
network interface is configured and brought up by the rest of the
system, and also ensures that the ironic-agent element also waits for
the network to be online before starting. This is done by using the
network targets provided by systemd.
Change-Id: Id9583b7f54361aa603a6229da598ad6a0f0f7938
I'm not sure why this comment is here. base works with centos-minimal
(we changed it in I2956aaa49ba3137a799f97e0983ab4b7c93a0a0c) and we've
got images deployed with such a configuration.
Update the comment
Change-Id: I3207f87dc29280183c0960ea863533a4d441081c
"ironic-agent" element is currently removing sudo, which breaks other
elements such as devuser. There appears to be no security or other
reason to do this, it's just the way it has always been. Leave sudo
in as it is considered part of the base cloud images.
Change-Id: Ida9b1885f745146071e4b2d85ae59341ac85d5c8
Closes-Bug: #1572486
The apt-sources element did not work with debian-minimal, because
the later one overwrote the /etc/apt/sources.list file created by
the apt-sources element.
Two changes were made:
o the debian-minimal uses now files inside the /etc/apt/sources.list.d
directory. Therefore there is no possibilty for clashes between those
two elements any more.
o instead of only adding backports, also the updates and the security
repository is added by default which gives perfect initial
configuration for a stable system.
If you want to use local mirrors with other naming schemas or an
unstable tree, there is the possibility to fully specify the
repositories.
Change-Id: I69dbaa34be3db3d667e6bd8450ef4ce04a751c70
Signed-off-by: Andreas Florath <andreas@florath.net>
The various distro elements include a copy of this script which installs
all files in the bin/ dir of the copied element hooks in to
/usr/local/bin. Lets share code rather than repeating ourselves.
Change-Id: I354382f8c42ede2e9b8c548b7df8367c03e6836e
As motivation for this; we have had two breakouts of dib in recent
memory. One was a failure to unmount through symlinks in the core
code (I335316019ef948758392b03e91f9869102a472b9) and the other was
removing host keys on the build-system
(Ib01d71ff9415a0ae04d963f6e380aab9ac2260ce).
For the most part, dib runs unprivileged. Bits of the core code are
hopefully well tested (modulo bugs like the first one!). We give free
reign inside the chroot (although there is still some potential there
for adverse external affects via bind mounts). Where we could be a
bit safer (and could have prevented at least the second of these
breakouts) is with some better checking that the "sudo" calls
*outside* the chroot at least looked sane.
This adds a basic check that we're using chroot or image paths when
calling sudo in those parts of elements that run *outside* the chroot.
Various files are updated to accomodate this check; mostly by just
ignoring it for existing code (I have not audited these calls).
Nobody is pretending this type of checking makes dib magically safe,
or removes the issues with it needing to do things as root during the
build. But this can help find egregious errors like the key removal.
Change-Id: I161a5aea1d29dcdc7236f70d372c53246ec73749
The dhcp-all-interfaces and simple-init elements did not have the ISC
DHCP Client package mapped for OpenSUSE, which caused DIB to fail with
"'isc-dhcp-client' not found in package names. Trying capabilities."
Similarly, the bootloader element did not have the grub-pc package
properly mapped for OpenSuse, which caused DIB to fail with "Package
'grub-pc' not found.".
This patch adds the package mappings for these elements so that the
opensuse element can be created and booted successfully.
Change-Id: Ife478158fec3a95de73a9206b38dcc6511d56cc8
The proliant-tools element helps to do RAID
configuration in ironic for HPE servers.
This fix proposes to install the proliantutils
in ironic-python-agent's virtualenv created
using ironic-agent element.
Closes-Bug: 1563648
Change-Id: If63c725a42740ab244a2b4004797cba09d0f154e
Every platform has a different name for their DHCP client, so use a
generic name "dhcp-client" in the package name and let everyone choose
their sub-name. This also brings some consistency across simple-init
& dhcp-all-interfaces
Change-Id: I797aa7aacb13dfb7f35700463dc11d55552eb108
This makes use of the dhcpcd package and it's ability to run on all
interfaces by default. We disable the privacy extensions and dhcp
overriding the hostname (both are enabled by default). Other than
that it 'just works' and was the method used to bring up interfaces
on Gentoo Openstack images before we switched to building with DIB.
Change-Id: I02c14927d70b22f560c6fc149fefca0f93933f56
Rather than removing all locale related stuff in cleanup, strip the
locale archive and rebuild it.
Building just en_US (along with POSIX/C) brings things inline with
debootstrap. As discussed in the bug referenced, this is about the
best we can do for Centos7.
Fedora 24 has split languages out into packages so we don't have to do
this, but I have not dealt with that yet. A guard is put in place so
we make sure we revisit this when we try to build F24.
Change-Id: I3f384d23e52effd6a09f47134746caa4a5c586be
cloud.centos.org appears to have changed their naming for images.
This latest iteration drops the YYYYMMDD in favor for YYMM, but
also has a 'latest' available without the date stamp.
This change will mean we no longer have to submit new code reviews
whenever centos changes.
Change-Id: I5a6a0de822561c1d0681abb9487993acf55918f1
After a bit of spelunking, I90d0c96d5659326ba67d6119b96d9a4113adf7fe
was the original change that introduced the setfiles here rather than
autorelabel at boot time.
Touching the autorelabel file probably makes sense somewhere low, but
when we start relabling the file system we really should be doing that
as late as possible so we fix up everything that has come before.
Move this to 90 to capture this.
Change-Id: Iae0afe850f52ec3b59c49507fa9bbcc1c8f8cfa1
If the initial yum install into the chroot fails, we can leave behind
a lockfile and an incorrectly modified rpmmacros.
Change this so we run the cleanup unconditionally.
Change-Id: Ia9f9c4c845e5f34d33ff9a4ab7226c9175283757
I guess I hadn't tried centos-minimal without the puppet elements that
install this for us. But the "base" element wants dkms, which is only
in EPEL for centos. But it's a helpful convenience so is globally
useful.
Change-Id: Ia9af97efdbd855fb8202353196ad649093788cb8
For whatever reason, RHEL identifies itself with DISTRO "rhel" for 6
and "rhel7" for 7, but centos just uses "centos" and DIB_RELEASE. So
this was wrong and installing EPEL6 on centos7.
But we can simplify it completely for centos because that comes with
the epel-release package already included.
Change-Id: I2b8f5d30b850fef46b4a5ba32a917abcbf25932c
This commits provides support to add certificate while
building the image using ironic-agent element. The
certificate can be CA certificate or self-signed certificate.
The certificate is set to the environment variable
'DIB_IPA_CERT' which in turn is used by the ironic-agent
element while building the image.
Change-Id: I648f7934d4787dcc3030885cfca771b642a9595e
Running 'disk-image-create -a amd64 -o precise vm precise' will fail to
build with the following error [1]. To fix this, we should split out the
switch-case to allow base to install the 'software-properties-common'
package.
[1]
dib-run-parts Fri Mar 18 18:43:16 UTC 2016 Running /tmp/in_target.d/pre-install.d/03-baseline-tools
Hit:1 http://mirrors.cat.pdx.edu/ubuntu precise InRelease
Reading package lists... Done
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package python-software-properties is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
However the following packages replace it:
software-properties-common
E: Package 'python-software-properties' has no installation candidate
Change-Id: I011f02fcf70df9d1d6fa30ed89907fbc2588937e
If we dont force the hostname to be debian, the hostname will
be the one choosen when creating the instance with horizon
This bug was introduced when the debian element was split
into debian and debian-minimal and debootstrap in commit 23aa76df
Change-Id: I007a3531f6876890a2e113082211889ec5ead1a1
In order for glean to operate properly and regenerate ssh host keys it
needs to start on a host without any ssh host keys. We hadn't been doing
this meaning that new host keys were not generated on images using
simple-init. Fix this by having simple-init delete any host keys found
in /etc/ssh late in the build process.
This should force glean/sshd to generate new host keys on first boot
depending on the distro.
Change-Id: Ic917387d92febf21c2cc37dfc1fa83fcf0c8e469
The dib-run-parts/root.d/90-base-dib-run-parts script would mysteriously
fail whenever the dib-run-parts is not in the path. The install
commands complaining with:
install: missing destination file operand after
'/tmp/image.ILFTBYVy/mnt/usr/local/bin/dib-run-parts'
The reason is chaining a command in exec bypasses set -e. For example:
exec /bin/ls $(which doesnotexist)
Will works and continue.
Handle the which lookup in a variable to have the script abort
immediately whenever dib-run-parts is not found.
Left an inline comment to make sure the fix is kept around in the
future.
Signed-off-by: Dan Duvall <dduvall@wikimedia.org>
Change-Id: Ibb5d7342b0d06483b84f9dd567e1cc0bf90f194e
Tgtd starts after OS boots up automatically, listens on the port 3260,
which cause lio fails to bind the same port later.
This patch removes the auto-start script of tgtd.
In IPA service, lio or tgtd would be used to create iscsi target.
If tgtd be chosen, IPA will start tgtd before iscsi setting.
IF lio be chosen, tgtd would keep not running.
Change-Id: Ic62055ac2f9252df832739631bfcbabfac0f9c4e
Closes-Bug: #1554987
On ubuntu, if an interface exists but is unconfigured then ifquery
$iface will return 0 but no output. This will cause dhcp-all-interfaces
to not attempt to dhcp on that interface.
Change-Id: Ic1532728ae9ca6d759714392f727d25b814ef336
As the doc says, we want to remove all interfaces that come by default
in cloud images. Cloud images also come with an eth1 though, so lets
just remove all interfaces.
Change-Id: I49c74a3285e6a610ac723bdf976f3727d2736749
Where the base install for the image uses systemd but
the iptables service is not present, the postinstall
script for the ironic-agent element can fail. This is
due to 'systemctl disable iptables.service' returning
an error status when the service isn't present. Check
whether the service is enabled using 'systemctl
list-unit-files'.
Change-Id: I8069b062a27caead4097747d7aeae24a5262e117
Add a pkg-map file so that Gentoo can avoid polluting the FS with
files not tracked in the package manager.
Changed the directory name so that the source-install method would
actually be disabled when DIB_INSTALLTYPE_pip_and_virtualenv=package
is set. Also changed source-repository line to be consistent with
the element name.
Change-Id: I5225bd7113ff2588c755ad4cd4ae9a2d78fff196
If you check logs like [1] it's literally thousands of lines of the
same thing over-and-over as the git caching happens. It is basically
all just noise unless you're debugging it specifically. Up this to
tracing level 2 ("-x -x") to see it. Add a note in the help about
multiple flags, which has always been intended but not documented.
Image builds should continue to run with single "-x", but we could
probably greatly increase signal:noise ratio in the logs with a little
more judicial use of this to turn down some of the very noisy &
repetitive parts.
[1] anything in http://nodepool.openstack.org/
Change-Id: I91c5e55814ba9840769357261d203f4850e2eba6
This commit adds 'psmisc' and 'dosfstools' to the required
packages for ironic-agent element which in turn
installs ironic-python-agent and ironic-lib.
The ironic-lib requires the fuser command to be executed,
which needs the package 'psmisc'. Similarly mkfs with
'vfat' requires 'dosfstools' package.
Closes-Bug: 1554075
Change-Id: If421f2394c34bb938813d0e15e5085d093215921
This element installs package to ensure that the resulting image
provides the binaries outlined in posix specification [1]. This solves
some problems such as cron missing from the ubuntu-minimal images, and
hopefully minimizing the problems from similar problems in the future.
This is the image size difference:
Resulting qcow image sizes:
Ubuntu Ubuntu-Minimal Debian Centos7
None 334MB 330MB 352MB 470MB
Posix 353MB 375MB
Posix+ 354MB 374MB 406MB 471MB
Posix+ = Posix + gcc + cssc
[1] http://pubs.opengroup.org/onlinepubs/9699919799/idx/utilities.html
Change-Id: I2a8f77bf8a0fdb04b328e56425d43a60eb3f7eed
The vm element makes use of parted. In order to create partitions
parted needs to be installed, growroot does not work without partitions.
Change-Id: Ib46cb818e0116f050de01f9a19e6041328d6d478
We are currently removing only eth0 network config in the simple-init
element (since simple-init is responsible for networking if you are
using it). We install an eth1 as well in elements such as debootstrap.
Lets just rm eth*.
Change-Id: Id9ea8c5e402f3a06b9064a939ad4b2e168cd6223
Right now we hard code in a path for an alpha release image. There are
release of ubuntu-core now so lets support them.
Change-Id: Ice989d32e0910cbbfb711e06adb33b07682856c9
This commit adds testing for the gentoo element based off of the debian
element. In adding testing support a couple of additional errors were
found and corrected, namely the following.
* shm is not in /proc/mounts though it is valid for use based off of
the sticky flag.
* The path in ELEMENTS_PATH needs to be pruned to be usable.
* Added uuidgen-runtime to the list of packages installed for Ubuntu
as the new ubuntu-trusty image does not ship with it.
Change-Id: I0d2768a912b350e1b2cf40d2fd227fdc767b1bcb
The "base" element is included by default, and if centos-minimal tries
to provide it then we die because two elements are providing the same
thing.
Change-Id: I2956aaa49ba3137a799f97e0983ab4b7c93a0a0c
This patch add the lshw utils to allow the agent
to retrive the vendor name. It also keeps the
/usr/share/misc/pci.ids file for Ubuntu distro.
Change-Id: I2828a7e585449f63887ad5a2e338b4e043d68e63
I have seem some occasional odd failures coming from the "dnf -y
update" done by elements/base/install.d/00-up-to-date.
dnf seems to sometimes think a package is not installed when it really
is. It then seems to try and re-install them, but notices they are
installed, and then bails with a failure exit [1]. The packages that
seem to cause this vary, but the common thread is that they seem to
have all been installed during the initial phase of installing the
package manager in the chroot.
I suspect that when we are building the chroot, we do our initial
install with the "external" yum & rpm. Then we start using the
dnf/yum in the chroot, but we're actually using meta-data created by
the *external* tools -- which could be vastly different versions or
who-knows-what. While I honestly I don't have an exact root cause,
empirically I've found rebuilding the rpm db always seems to fix
things up.
So this change takes care to rebuild the rpm db with the chroot
version of rpm, and clear out the package metadata for a refresh with
"update". This should hopefully put us in a consistent state.
[1] http://paste.openstack.org/show/487356/
Change-Id: I565df23897ae511356c4861fdbe63823fa6b6ff9
This element is similar to vm, but allows more flexibility
on disk partitioning. It receives a DIB_PARTITIONING_SFDISK_SCHEMA
setting, allowing to partition the disk according to project needs.
Change-Id: I01dca5d5fd670d317f7761911a1549507de6e97d
If we are being run from a python 3 virtualenv where python2 is also
available on the host we will use the hosts' python2 over the virtualenv
python3 (even if the virtualenv is higher precedence in PATH).
Change-Id: I9a25b9e45845a4121aab8250fd53c6f006825742
This patch fixes the profile autodetect. If the profile was passed at install
time, it would overridden by the environment.d script. This was fixed by
accepting the value passed by the user, if one was passed.
The enviroment.d file is run outside of chroot, because of this eselect will
not be available on non-gentoo systems. We change the behavior to work
elsewhere, it was not working on non-gentoo systems and giving bad results on
gentoo systems (returing values from the host, not the guest being built).
This patch also fixes shm detection by checking if it is mounted already.
Change-Id: Ie58d8e19529a731bfbc9eeb4bb246988d1aaa772
Newer distros, such as debian jessie and ubuntu xenial, do not provide
ifupdown by default, but simple-init depends on it. Add it to the pile.
Change-Id: I6f4876863c67c65a82464d4e0593015cdc839c5c
This is breaking deployments that use registration. I
believe os-refresh-config scripts don't source environment.d
files, so the variable is unset there.
Given that this a blocking issue for RHEL deployments, I'm
pushing a quick revert and we can come up with a proper fix
when this isn't stopping other work.
This reverts commit 71bd8b3a33.
Change-Id: I87504660352220d45f5445bb933edc1c28885fcb
This patch update the find_interface to lookup
for InfiniBand interface according to it's BOOTIF
Closes-Bug: #1532534
Change-Id: I21b91cfd10888ac036f6347a0a44cdca422830a6
In certain cases, with packages cached that need an upgrade,
when performing that action the system hangs waiting for
a prompt.
Add force-confdef option, that will let dpkg overwrite
configuration packages that were not modified. In combination
with already existing force-confold flag, it will allow
to avoid any conffile prompt.
Change-Id: Ifb177f9ac2c9ad29f8b92309c5b8cfe8e60a4e14
In order to avoid conflict with installing dependencies for IPA from
pypi and distribution packages this patch propose installing IPA in a
virtual environment.
Closes-Bug: #1506792
Change-Id: I6a4c6403813d86f4110e98449ddd874109101b9e
By default we create a tarball of any debootstrap rootfs we create. For
the majority of use cases this is a large performance hit for no
benefit. Lets make this an opt-in feature.
Change-Id: I58fc485aacacaa17243bf9ce760ed91256d1f182
python3 is a hard requirement of dnf so can't be removed [1]
grubby is also required for kernel installs on Fedora. For too much
detail see I1a6e45d04755515286b3d49f8280c16b527e2f48; but the kernel,
via dracut, now has this as a "recommends" due to people removing it
and making unbootable systems.
[1] http://logs.openstack.org/76/248976/2/check/gate-dib-dsvm-functests-devstack-f21/734c8bd/console.html
Change-Id: I5867ecd57834eece9477aa9ea4b8bdd70e238084
The debian-minimal element creates /etc/apt/sources.list solely with
the 'main' component. I need to add 'non-free' and 'contribs'. I tried
to pass them via DIB_DEBIAN_COMPONENTS but it is not recognized.
Make debian-minimal to honor DIB_DEBIAN_COMPONENTS. Note that it is
comma separated for 'debootstrap', so replace commas with spaces to fit
the needs of sources.list.
Example usage:
DIB_DEBIAN_COMPONENTS='main,non-free,contrib'
Will debootstrap with the three components then when debian-minimal is
realized pre install a sources.list that has:
deb http://example.org/debian jessie main contrib non-free
Change-Id: I1dca2e8ffd31044a6b441ccb277298601e62f67c
Gentoo provides eclean-dist via the gentoolkit package
eclean-dist isn't needed anyway was /usr/portage is removed anyway
Removed redundant package update in cleanup.
Change-Id: Icf4f9ed549b9a6d923448d927d7c42bcf8d6091b
This action has been reordered so cleanup can occur before copy to blockdev
occurs. Documentation has been added about the ordering of this element in
relation to cleanup actions as well.
Change-Id: I3f9334a3669ee588d7fa7129202c97fa22fdb050
While it does save 1MiB of space, it might also pull python packages
depending on it. E.g. it makes impossible to install python-hardware
on the IPA image for advanced introspection.
Change-Id: Iab80dde63e6de62a5e45dcf404b4f9f633e50ac3
We were getting some subtle issues in fedora-minimal builds that
turned out to be because /var/run was not a symlink to /run.
Upon further investigation, it turns out that yum is creating a
/var/run directory for it's pid file when it starts working in the
empty chroot (which I verified by stracing it)
---
5905 stat("/home/ubuntu/tmp/dib-tmp/image.Ac4VZZsl/mnt/var/run", 0x7ffddffa0330) = -1 ENOENT (No such file or directory)
5905 mkdir("/home/ubuntu/tmp/dib-tmp/image.Ac4VZZsl/mnt/var/run", 0755) = 0
5905 open("/home/ubuntu/tmp/dib-tmp/image.Ac4VZZsl/mnt/var/run/yum.pid", O_WRONLY|O_CREAT|O_EXCL, 0644) = 6
---
Because this happens *before* we install "filesystem" (the package),
we mess up it's symlinking.
To work-around this, pre-install the trio of base packages (setup,
basesystem, filesystem) with rpm from outside the chroot.
Change-Id: I411b6ec9d91d95d3a0f98e76853086af3b70abe8
The Ubuntu Xenial cloud server images set the mode of
/var/lib/apt/lists/partial to 700, so when mounted it's inaccessible to
an unprivileged user, resulting in an error:
find: `/tmp/image.aDQKdkRi/mnt/var/lib/apt/lists/partial': Permission denied
There's no reason an image should come with anything already in
/var/lib/apt/lists/partial, so just avoid trying to descend into that
directory when fixing the apt translations packages.
Change-Id: Id27f0166bfb09d67200f337a5ffff2f2037b7c1c
This is a slight refactor I found useful when debugging. The
udevadmin info query will be visbile in the output of "set -x" which
helps, and is the logs/journal.
We can also reduce some calls by keeping the value and just grepping
with a herefile.
This also does some error checking and bails out if it does not see
what it needs to continue.
Change-Id: I39c4d262f9c5ce53f6b83d95b1363a74834cf2c8
Tucked away in systemd-udev-settle.service is the following comment
# This service can dynamically be pulled-in by legacy services which
# cannot reliably cope with dynamic device configurations, and
# wrongfully expect a populated /dev during bootup.
The info that the growroot script is querying is populated via udev,
particularly the blkid bits of [1]. This creates a race-condition
where sometimes udev has been triggered and the rules have applied and
sometimes not. Obviously in the first case, the root disk is not
grown correctly.
systemd-udev-settle is mostly disabled on distros because it can cause
an increase in boot-time for systems with lots of disks; this is not
our situation so it makes basically no difference.
That said, I will investigate if some systemd people know even better
ways to do this (possibly the service should depend on block .device
targets in systemd, and then filter out and only apply to the root
disk?)
[1] https://github.com/systemd/systemd/blob/master/rules/60-persistent-storage.rules#L66
Change-Id: I453e3afcd953dfc29ab6c42ddc81e940cfa70ee0
A TODO was placed on the partitioning section of the vm element to
replace sfdisk with a saner (and less arcane) way of partitioning. It
suggested parted for replacement. This changeset should reproduce the
same disk label and partition layout as sfdisk, but with less ioctl
errors and version dependency. It will also ensure partition alignment.
Change-Id: I5d8d75131458b73bfb05f80f1bfa7e2970e004b3
We currently install pip from package in the simple-init element.
We should really allow users to select whether to install pip from
git or package.
Change-Id: Ia5e62b9635af90d81227274a1dd8f20474cdbf73
As described in the comment, there is a dnf equivalent of this command
that doesn't require us installing yum-utils (which drags in yum on
dnf-only systems such as f23)
This is a small consequence to this -- due to us not installing
yum-utils some installs will now be completely yum free. This causes
a breakage in ironic-agent 99-remove-extra-packages where we remove
the yum package. There is a long-standing bug/feature where missing
packages in a group of packages do not cause yum/dnf to exit with
failure, but uninstalling a single package will. Because we have made
the systems yum-free, the uninstall of yum can fail in this corner
case.
It has always been like this, so I'm in favour of the "ain't broke"
approach. To work-around this, I have just put yum into the existing
list of packages to be cleaned up. I have added a note to the yum
installer taking note of this behaviour for future reference.
Change-Id: I8bbdc07ccdb89a105b4fc70d5a215077c42fcd03
InfiniBand interface takes more time to bring up then
Ethernet interface. This patch just increase the retries
to 20 times, to make it work for InfiniBand as well.
Change-Id: I5c4842696207885552413ea2d053f2e90bd6803c
Adds a post-install function that enables installed initscripts,
as that is not done by default in gentoo.
Change-Id: I04e8d506ddcbefa8a983dd31ad16df5e13cb26e7
Closes-Bug: 1539276
This checks the profile, if it has hardened in it's name it needs xattr support
unfortunately xattr support cannot yet be relied on everywhere, so it needs to
be disabled for hardened profile builds to correctly pax-mark.
Change-Id: I7fb855249a9e6c9b6497ab5061b4ea3c014f5081
Closes-Bug: 1537177
Due to upstream bug [1] there are uninstallable packages which mean
our functional tests don't work. We will revert this when things are
working upstream.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1303660
Change-Id: I93c2990472e88ab3e5ff14db56b4ff1b4dd965ef
subprocess.check_call() returns a byte-string which needs to be turned
into a unicode string for python3 compatability.
Also some minor refactoring while we're here.
Closes-Bug: 1536462
Change-Id: Icd957bc4d93ccad94b1246ad62e6e02ee14d9ca5
Add missing growroot initscript and pkg-map entries for Gentoo.
growpart was added to Gentoo with [1]
Update the readme to reflect reality too (fedora added with
I5630dc638f85b1e80795826ef36a306632075460)
[1] https://packages.gentoo.org/packages/sys-fs/growpart
Closes-Bug: #1539273
Change-Id: I29056c7297489ec04f37757dbe33976901eceb49
As mentioned in package-installs.yaml, git is a transitive dependency
for pbr in this element. Add pkg-map for the Gentoo package.
Change-Id: I7f2fe1663152ea66b941594e86f1da93ddd21677
Closes-Bug: 1539278
Our dib-lint checking is only considering scripts with #!/bin/bash.
While there's nothing really wrong with some other shebang line like
"#!/usr/bin/env bash" let's keep things consistent.
We can use the same regex match to reduce a few forks in the main
checking.
Also a minor cleanup to the file matching
Change-Id: I609721b2671e704ea26075dad7e5b39a8b858f6b
'locales' package gets installed before '12-debian-locale-gen' is executed
and generates effectively empty /etc/locales.gen in debian, which makes
dpkg-reconfigure call to locales ignore the values set by
debconf-set-selections.
* Remove /etc/locale.gen generated by 'locales' installation to ensure
proper locales generation on debian images
* Remove 'locales-all' package installation from debian element since
it's not needed anymore to build the image and cosnumes additional
~120MB of space
* Remove unused 'package-installs' dependency from debian-minimal
element
Change-Id: Ic39ba2b5ceb5018efb75742547b2babf80827e56
Closes-Bug: #1452400