We are at the point that all distributions we are building have Python
3, so any tools running in the chroot can assume Python 3 exists.
This makes dib-python redundant; mark it as deprecated and start to
remove it from elements where it is no longer required.
Change-Id: I5d852843ec65d3b04444b77c54c5b82424455cd8
CentOS 7 is the only distro we support currently that doesn't have
Python 3 installed in some form in the base images. For centos 7 add
an early install of it in the yum element so we can have all the
in-chroot scripts assume Python 3. There is only one package that
causes issues; yaml which comes from EPEL. Everywhere else it is a
base package, but we don't have a way to say "enable epel to install
this". Just hack it in, we don't want to go reworking the world for
CentOS 7 at this point.
Also add python3 and it's yaml library to the centos 8 path. This
brings in the "user" python3 in /urs/bin/python3 (the "system" python3
is already installed). Again, this just lets us assume
/usr/bin/python3 in scripts for all platforms.
package-installs is one of these things running python in the chroot,
and unfortunately we have elements that use it at 01- level in
pre-installd. Thus to make sure python3 is there nice and early, run
it at 0 level, but make sure it comes after yum/dnf update.
Change-Id: I088fc4284e889147ca9a375d4a159264cff53484
Other architectures are stored under "altarch" for CentOS 7, update
the match.
Convert the delimiters to "," to avoid a subtle problem with "|" --
POSIX states
Within the BRE and the replacement, the BRE delimiter itself can be
used as a literal character if it is preceded by a backslash.
So "s|\(foo\|bar\)|moo|" doesn't do what you might think; the inner
pipe becomes a literal | and this will *not* match "foo" or "bar".
Change-Id: Ic1642325e3a59a10453c356d8d839ce649812af8
Simplify gpg checking by caching a keyring instead of keys to import.
Change-Id: I5ed74ec0e12732aec40ef31377e72d7ddc347f95
Signed-off-by: Matthew Thode <mthode@mthode.org>
Now that DIB is python3 only we can remove a hack that made sure
scripts outside the chroot ran with the correct version of python.
This is necessary as python3 does not resolve symbolic links to the
binary like python2.x did, which causes element scripts to fail finding
modules when DIB was run from inside a venv.
This patch does the following:
1. Reverts 9c7b8d1714 which was the
workaround for mixed python2/3 environments.
2. Updates the scripts to use "python3" instead of "python".
Change-Id: If2402bb02fc8a4778fa9434fa167ea1fafd87c28
With the removal of Python 2.x we can remove the unittest2 compat
wrappers and switch to assertCountEqual instead of assertItemsEqual
We have been able to use them since then, because
testtools required unittest2, which still included it. With testtools
removing Python 2.7 support [3][4], we will lose support for
assertItemsEqual, so we should switch to use assertCountEqual.
[1] - https://bugs.python.org/issue17866
[2] - https://hg.python.org/cpython/rev/d9921cb6e3cd
[3] - testing-cabal/testtools#286
[4] - testing-cabal/testtools#277
Change-Id: I870286a2557e41099597c22dc9747743e1077615
EPEL centos8 have different epel repos like
epel, epel-modular, epel-playground etc, so
we need to disable all not just epel.
Also ensure other epel repositories in CentOS7
like epel-testing are also disabled.
Related-Bug: #1885315
Change-Id: I02b3b83fa2047702d5f069d3ca1c9c0bcc1dab52
DIB was retrieving the oldest cloud image file which, presently, means
retrieving CentOS 8.1 instead of CentOS 8.2. Even though DIB runs a
system update and so catches up to latest, this takes bandwidth, time
and final image space (8.1 + system update = 765M qcow2, vs 8.2 + system
update = 518M qcow2).
This patch fixes that by taking the first image name in a descending
order list.
Change-Id: I648fe19f1f76c03c97492b6ac7be6381f6f9261b
This patch adds support for CentOS 8 Stream [1] to the centos-minimal
element. Users should set DIB_RELEASE=8-stream.
[1] https://www.centos.org/stream/
Change-Id: Id0825de735ab957c10daf35fb3c641f850cc6847
Since the original merge of this code
(04208e7c79) several things have
changed; particularly now we ship dib-run-parts as part of dib, not as
a separate package.
We setup $_LIB to point to the shipped library diretory via
pkg_resources lookups. We now call dib-run-parts (as mentioned,
shipped as a dib library now), source scripts, etc. via $_LIB and thus
do not rely on $PATH. Consequently we don't need this activation
part.
Which is helpful, because "venv" (as opposed to virtualenv) doesn't
have activate_this.py. So this fixes installation under that for
Python 3.
We update the functional tests to use the virtualenv_command exported
by the ensure-pip role, which will test the venv path. There is no
need for dib_python as we are Python 3 only now.
Change-Id: Iede929ea2d278008220aac8b1d678ba41eba0d8a
The standard Python venv module does not have this script, so currently
DIB unconditionally fails. While a real fix will be provided in
https://review.opendev.org/#/c/704478/ this change at least allows
users to try work around the problem.
Change-Id: I45b79d4d283f2b3ea909612e652672dcb6092488
This reverts commit 6ee2995214 and
e85c2a6f03.
I missed that if you pip install and then run dib-lint, it's not going
to pick up the .yamllint file shipped here. Thus it gives spurious
errors.
The reason for this was simply better duplicate key detection in yaml
files, which caused us problems with the kernel installs. However, at
this point it seems just the old "does it load" test from pyyaml will
be enough.
Change-Id: I87a9fc9bb119cfeffad48fc0fa0df31f0181825d
The main reason for using the stage4 is now gone (kernel compile).
Install and use the distro provided binary kernel package.
In addition to this, set the locale and timezone, beyond that very
little was done in the gentoo stage4.
Change-Id: I541b7d9b807e2357398ae1c249b1978958dd1137
Signed-off-by: Matthew Thode <mthode@mthode.org>
As of recently, opensuse-minimal images fail to build because of an
error installing the kernel-default package:
> Problem: kernel-default-5.6.12-1.3.x86_64 requires mkinitrd >= 2.7.1, but this requirement cannot be provided
> not installable providers: dracut-050+suse.61.g0fe0e854-1.1.i586[repo-oss]
> dracut-050+suse.61.g0fe0e854-1.1.x86_64[repo-oss]
The problem is there is a recently added package `busybox-links` which
provides a subpackage `busybox-xz` which provides the /usr/bin/xz
utility. Since this is available, the `aaa_base` package installs it
during the root.d base installation phase to fulfill it's dependency on
/usr/bin/xz. On the other hand, the dracut package explicitly requires
the `xz` package, and this is not co-installable with the `busybox-xz`
package, so the dracut package is not installable during the install.d
phase. This change explicitly adds the `xz` package to the initial
chroot provisioning phase so that the /usr/bin/xz requirement is already
fulfilled and `busybox-xz` does not get installed.
Change-Id: Iba8c301eb496657873963e1aa99736aacf87cb00
This reverts commit 6e549c33ac.
It uses the new multiple-parameter matching format from
Idff7b067ad4255e6fc4138f7eff313a81b75c8ba to actually do what it says.
Change-Id: I4656ff1a5c46bcfbd8587f2f541825f4ad08820f
The change Ia6f10741fa6be24b11d6991c8a6b6e07951ff68d introduced having
"when:" as a list of values. However, this was actually not
sufficient to express the logic required for arm64/x86_64/xenial
kernel matching we wanted.
Because the package name is a key, we can't have multiple entires in
the package-map YAML files. This means we can't do more advanced
matching and thus we need to be able to match through multiple
parameters. Similar to Ia6f10741fa6be24b11d6991c8a6b6e07951ff68d we
modify the matching rules to allow a list.
A an example of using this is provided in the README.rst, and this
same example worked through by the unit tests.
This also slightly updates the matching logic to be more sequential.
After each check we either continue on or log the failure and continue
to the next check (rather than set a list of flags then check that at
the end). This makes it much easier to understand what is being
matched in the logging output from the tool.
Change-Id: Idff7b067ad4255e6fc4138f7eff313a81b75c8ba
This gives us better linting of YAML files that just opening them.
This would have detected the duplicate keys in
I34e27d821fbefe274e7b007f37b0bd34db2e1d26.
The .yamllint is taken from zuul-jobs where it is also used as a
fairly sane set of default rules.
A few minor newline fixes are added.
Change-Id: I96d6644ae24f7deb84fa50fefbda0f0d33e0e009
This reverts commit 14ff8f942c.
This seems to not be installing the kernel at all, and needs further
investigation.
Change-Id: Ifd809d4b67aff5d80f979235db246a16af0375b3
Only install the HWE kernel by default for Xenial. This was actually
installing the 16.04 HWE kernel on Bionic by accident, since it seems
to have that package; however it was breaking Focal.
On the other distros, just install the default generic kernel. Let's
KISS for now if we can ...
Change-Id: I34e27d821fbefe274e7b007f37b0bd34db2e1d26
Allow the "when:" statements to be a list of values, which are
effectively anded together to filter the package install.
Change-Id: Ia6f10741fa6be24b11d6991c8a6b6e07951ff68d
New versions of flake8 fail as "l" can be confused for "1" apparently
(E741) ... not sure I totally agree but since it's only one instance,
update it.
Change-Id: Ic5c47867facd56b53cc6534da4ae3a345c516202
This should be installing the python2 and python3 packages (that's
what pip-and-virtualenv is designed to do), but we dropped the +=
accidentally in ee9ad32b6f.
However, we've moved on anyway and after
I7a6a342461d6001c25e55638ba9b7438c28f2519 F31 doesn't support this
element. fedora-latest is already updated to f31 in the opendev gate.
Remove the testing as it is no longer relevant.
Change-Id: Id696a90baa1eb05cb4c08501f8dac3665d395682
This showed up with dnf in containers when TMPDIR was set; dnf started
trying to write to this directory while in the chroot.
We already do stripping like this in run_in_target -- but this is a
bit of a unique place because it's actually setting up the initial
chroot so the target doesn't actually exist yet; so we just hard-code
it in place here.
Change-Id: If7310cb820846da903bf60daa4486c8bf7cb0136
This is an alternative approach to commit
68bb43535e. I think this proposes a
better overall solution that the prior change which had the Python 3
packages being installed, but did not specify the _do_py3 flag to do
the installation steps that redirect the various tool installations.
Fedora 31+ doesn't have python2, and Tumbleweed does have some Python
2 support but there seems to be no reason to bother updating this
element for either with infra very close to removing this completely
[1]. Error out on these platforms, and add a release note.
The 15 path should include the python2 and python3 packages, along
with the flags to do the "cleanup"; i.e. forced removal of distutils
packages that pip 10+ won't touch. As mentioned in the original
change, the six package causes problems here, but we can clear that
too by explicitly listing it instead of letting it come in via
dependencies. Again, this element will be removed from the infra 15
builds ASAP; but we can release with this to provide a roll-back point
if we need to revert the removal to fix things temporarily.
Add it to the testing path as well.
[1] https://docs.opendev.org/opendev/infra-specs/latest/specs/cleanup-test-node-python.html
Change-Id: I7a6a342461d6001c25e55638ba9b7438c28f2519
When I tried to build CentOS8 image for AArch64 I got error saying that
MBR is not supported. So make sure that it will not be used by default.
Change-Id: Ib67ab7f808d727c3c61932c540d398dbe723972f
openSUSE Tumbleweed is dropping python2-* packages so we need
to stop intalling them. We can also stop installing those
for Leap 15. which avoids a pip uninstall issue (as python2-six
was still built with distribute).
Change-Id: Ie93c8addb26aab3d0154c4b5b52423799abede91
I don't see anywhere we bring this in, especially on a minimal build.
In 2020 it seems like a base dependency, put it alongside
software-properties-common that installs the other apt helper bits.
Change-Id: I5b079eac4912cb4a164e9aa6158ed106a28f576c
We're ending up with "centoscentos" in the mirror location and the
build fails; strip out the $contentdir from the original too.
Change-Id: If09dbbd8028ea510d2ab0d3d8afe484cea611df5
If the running kernel of the system building the image
matches the kernel that is to be removed dnf will fail.
Repalce use use of dnf with rpm -e.
Closes-Bug: #1623409
Change-Id: Ie2481ea8a02b7b0720e46fa179f24badf4aa25c5
This element is designed to install latest minor versions of different
python releases, like py27, py35, py36, py37, py38
into stow directory, and later easily enable them with stow.
Change-Id: Iab6d20e7643e549b53c629fb430e58b1c5e72991
Sometimes an element needs packages installed so that it can
perform tasks but those package are not appropriate for the
final image content. Add a "build-only" flag to package-install-squash
which will cause package to be installed at the beginning of the
phase and then uninstalled at the end of the phase.
Change-Id: Ie01b795991710c93f6b669c8f14b57eb4412c1d5
All the platforms we care about now have python3 with venv (even
centos7 now) packaged somehow. Add an ensure-venv element to make
sure that "python3 -m venv" works. Any other elements that wish to
install non-distribution-packaged Python utilities can use this to
keep them separate from the main system installs.
Port glean to use this, and drop its dependency on pip-and-virtualenv.
Change-Id: Ic16f134fe34293bb68e7c632dd320f523366320d
This causes problems for other projects incorporating dib; we don't
have a specific need for a cap.
Fix a few issues, mostly spacing or regex matches. No functional
changes.
W503 and W504 relate to leaving artithmetic operators at the start or
end of lines, and are mutually exclusive and, due to "ignore"
overriding the defaults both get enabled. It seems everyone gets this
wrong (https://gitlab.com/pycqa/flake8/issues/466). Don't take a
position on this and ignore both.
Use double # around comments including YAML snippets using "# type: "
which now gets detected as PEP484/mypy type hints.
Change-Id: I8b7ce6dee02dcce31c82427a2441c931d136ef57
* Add "centos" element, a CentOS version-independent element. This is in
line with the same work done for RHEL in Stein cycle.
* Deprecate the centos7 element. CentOS 7 support itself it not
deprecated though. The new "centos" element provides the same support
level as the "centos7" element.
* Add functional testing
The default CentOS version is 8. You can adjust it using the DIB_RELEASE
environment variable.
Change-Id: I373ba2296c4613765676e59aabd9c651345298d1
in CentOS build case building an image with "iscsi-boot" and "dracut-regenerate" will exit building because of statement "[ "$found" = 0 ]"
Change-Id: I1a6d60e9ec5f5cb508866c8376465c3e73551a30
On IPA we are using efivar and efibootmgr, we already added the
packages on ipa-builder.
Adding the pacakges on diskimage-builder, so that people who use
it to build the images won't get into trouble.
Change-Id: I9ab6588f20302b4808b09dc060aced5fd267a3d2
Debian default Python interpreter version is 2.7, but it's
possible to install a Python 3 interpreter from the base
repository.
With this change, if we set DIB_PYTHON_VERSION to 3, we install
the python3 package from base, with python3-libs, python3-pip and
python3-setuptools, and redefine python_path, effectively allowing
Python 3 interpreter to be used in Debian.
See a result of the job for building the ipa image here:
https://review.opendev.org/705773
Change-Id: Idabfa94c2bff6e0de6daa0866084d5db14d7dcb0
When there is a hashsum mismatch diskimage-builder forces downloads
with the -f switch of cache-url. This is currently broken because bash
escapes the quotes in curl_opts. This tricks curl trying to download
'no-cache' instead of the url. This can be fixed by using an array for
curl_opts which does the correct thing here.
Change-Id: Id9f1579dda9a3e0a2b08dd5faaeef0e2e580d419
Add a basic test to ensure that all elements have a README.rst file.
This way they will be exhaustively listed in the Sphinx documentation.
Add dummy README.rst for 'disable-selinux' and 'rpm-distro' elements.
Change-Id: Ia5252ddd89b5ae5c6e9a12a66ef10f912fd54da5
CentOS 8.1 split repositories and GPG keys out into subpackages. This
broke DIB support for CentOS 8.
7e41cef41826a0d73ced
Change-Id: If3de6efa6074e059dc9fdd47c7bdc19d26d4d7f2
The hook inside extra-data.d runs outside the chroot when
building the image which means that we need to prefix paths
inside the hook to avoid running things on the host.
We also run it with sudo because if we're running DIB not
as root, /etc is uid 0 and we'll get a permission denied.
Change-Id: I1838890fe124c84c879285a471bcc78fe47d6c23
Make sure rngd, a hardware RNG entropy gatherer daemon, is installed on
all DIB-built Red Hat family distro images. rngd comes installed by
default in a typical base installation as it's proven to help speed
things up.
Nova attaches the virtio-rng-pci device to VMs. virtio-rng-pci is a
device that provides feed random data. However, it is of little to no
use if the virtual machine is not configured to make use of given
device. That is where rngd can help by facilitating entropy to the pool
from virtio-rng-pci.
$ openstack image set --property hw_rng_model=virtio [...]
$ openstack flavor set --property hw_rng:allowed=True [...]
DIB-built minimal images do not come with rngd installed. This patch
makes sure the daemon is installed. Its systemd service comes already
enabled.
Change-Id: I34a989dbfc57d4c98113ac25c81dfb500945ff0a
Some phases of diskimage-builder run outside the chroot environment,
such as the extra-data.d scripts, and don't have access to dib-python.
This means these scripts may choose the wrong python version by using
"#!/usr/bin/env python" to execute. The svc-map element is an example.
This patch creates a temporary directory and symbolic link for the
correct version of python, then manipulates the environment PATH
to preference the symbolic link "python" command.
This will allow elements with these scripts to work correctly with
the version of python diskimage-builder is running under.
Change-Id: I289d621e1bfbba0eb174dff977d1a5c92c04e4fa
Co-Authored-By: Ian Wienand <iwienand@redhat.com>
As described inline, Bionic hosts will build invalid Trusty images.
Hack around this by disabling metadata_csum in the ext4 mkfs.
Change-Id: Ibd67d58ca830a9e60605d0700ee2b17906c804e6