Commit Graph

1189 Commits

Author SHA1 Message Date
Noam Angel
e9b1997267 Move centos python3 installation after RHEL subscription
I088fc4284e889147ca9a375d4a159264cff53484 tried to slot the python3
install between the 00-dnf-update and before 01-package-installs;
however it also needs to run *after* the RHEL subscription
00-rhel-registration.

Thus a better place for it is 01-00-centos-python3, which will order
it after subscription and package updates, but before any use of
package-installs.

To avoid confusion over naming, move 00-0-dnf-update back to just
00-dnf-update.

Change-Id: Ib7c82895769e4889d47e10c4b37e06a42c053903
2020-09-07 11:22:55 +10:00
Matthew Thode
8cc08418d7 Copy apt gpg keys directly into trusted.gpg.d
This avoids having to have gnupg2/apt-key dependencies in the base,
and is now well supported by modern Debuntu.

Signed-off-by: Matthew Thode <mthode@mthode.org>
Change-Id: I7065b2fab6125d9635ef99ff65d374b8b6b4c3a2
2020-08-28 15:58:07 +10:00
Xinliang Liu
fd850475ea Make iscsi-boot element support centos 8
This patch makes iscsi-boot element support not only just
DISTRO_NAME centos7 but also centos and centos-minimal.

Change-Id: I8db8b01f35b2e572666badd8d2316d24a5e4287a
2020-08-25 09:28:27 +00:00
Matthew Thode
97e4627d87
update various gentoo bits
Update an rc-update call to only be made if running openrc instead of
all gentoo profiles (systemd does not have rc-update).

Add python3-pyyaml package mappings.

Update serial console to support multiple arches.

Update open-iscsi and open-isns keywords (looks like upstream merged
some musl fixes).

Update the kernel and initramfs file name globs for the
gentoo-kernel-bin usage.

Change-Id: I259bffed3a3e3f92be2210ead6bdfa383917d457
Signed-off-by: Matthew Thode <mthode@mthode.org>
2020-08-24 10:21:35 -05:00
Zuul
d140cc239a Merge "Revert "source-repositories: git is a build-only dependency"" 2020-08-20 20:37:48 +00:00
Paul Belanger
f093244611 Revert "source-repositories: git is a build-only dependency"
This breaks having git as a package-install in other elements. And results in diskimage-builder always erasing git on the image.

This reverts commit 3c65025559.

Change-Id: Ifb18c4243aa08055d98602aa4fdb30b16dae061d
2020-08-19 19:22:05 +00:00
Zuul
c2d719528e Merge "update gentoo to allow building arm64 images" 2020-08-19 04:35:28 +00:00
Zuul
e1995088af Merge "Remove glance-registry" 2020-08-18 08:12:17 +00:00
Zuul
5df71c0082 Merge "Makes EFI images bootable by bios" 2020-08-18 07:59:01 +00:00
Zuul
f49d6c996b Merge "Fedora 32 support" 2020-08-18 07:43:50 +00:00
Zuul
5c79f1cbd9 Merge "source-repositories: git is a build-only dependency" 2020-08-18 06:07:44 +00:00
Matthew Thode
bea81bd234
update gentoo to allow building arm64 images
Adds:

1. grub-efi package mappings
2. efi-64 support
3. default (openrc) arm64 profile
4. systemd arm64 profile

Cleans up the keywords and use flags in 02-gentoo-02-flags.  Most stuff
was stablized.  Also cleaned up some formatting for the if statements.

Enables less trusted overlays (up to the end user to verify).

in 10-gentoo-image I cleaned up some bash lint things as well.
using && instead of -a and avoiding $?

Change-Id: I3dffe1aab4bbdc4946a9bf2269bf0cde49529a4e
2020-08-17 23:50:39 -05:00
Pierre Crégut
6e71bd4239 Makes EFI images bootable by bios
For Bios and EFI compatibility, grub must be installed twice.
This patch adds the bios version when EFI is selected. The GPT EFI  block partitioning
already adds the bios partition, but the bootloader only called grub once.

Change-Id: Iee6c8b3b97b3cfff4562bcb30a50800f5ade894a
Closes-Bug: #1889089
2020-08-18 14:41:21 +10:00
Ian Wienand
7b6819213e Fedora 32 support
Update for Fedora 32 support.

Change-Id: I51c5645856a76e2877c013d72e9849a758ba12ff
2020-08-17 19:40:02 +10:00
Julia Kreger
46d12ae7d3 Handle NetworkManager for dhcp-all-interfaces
NetworkManager takes a distinctly differnet network management
approach and the bulk of the dhcp-all-interfaces code is largely
targetted at distribution specific configuration. Some which may
or may not override settings, or only partially assert desirable
settings.

As such, we need to set appropriate configuration, such as the
correct client to be used, and timeouts based upon user supplied
settings.

By default this change sets the client to be dhclient on redhat
styled machines, as the packaging default, while it works for
ramdisk usage, it does not reset the interface between retries,
which can be critical if the infrastucture operator is attempting
to configure LACP trunks to the end node.

Change-Id: I0e0cfbdbf7ef2b2861b934ccd7dab9d83a35c8f0
Story: 2008001
Task: 40648
2020-08-11 08:12:31 -07:00
Carlos Goncalves
3c65025559 source-repositories: git is a build-only dependency
Git is a build-time dependency that should not end up in the final
image should source-repositories be the only element requiring it at
image build time.

Change-Id: Id0798c0a753f893d02c2d13fddea0c04b28cb7ca
2020-08-11 15:53:15 +02:00
Carlos Goncalves
e4b6a2faef Add support for CentOS 8 Stream cloud image
This patch adds support for CentOS 8 Stream [1] to the centos element
(cloud image). Users should set DIB_RELEASE=8-stream.

[1] https://www.centos.org/stream/

Change-Id: Ib8f542031c46326ffed812fa60cbc9e56db9d6fd
2020-08-10 11:33:38 +02:00
Zuul
1291dcba51 Merge "Deprecate dib-python; remove from in-tree elements" 2020-08-07 09:57:12 +00:00
Zuul
ce3b6afd4d Merge "Pre-install python3 for CentOS" 2020-08-07 09:53:26 +00:00
Zuul
ab65277ca4 Merge "Fixes DIB_IPA_CERT certificate copy issue" 2020-08-07 03:03:35 +00:00
gugug
ae08dc8902 Remove glance-registry
glance-registry service was deprecated in Queens release and has been
removed in Victoria [1].

[1] https://review.opendev.org/#/c/738671/

Change-Id: Id2dfc3455b377b885521556f37f4b0f2da197655
2020-08-07 11:43:30 +10:00
Ian Wienand
8662297517 Deprecate dib-python; remove from in-tree elements
We are at the point that all distributions we are building have Python
3, so any tools running in the chroot can assume Python 3 exists.
This makes dib-python redundant; mark it as deprecated and start to
remove it from elements where it is no longer required.

Change-Id: I5d852843ec65d3b04444b77c54c5b82424455cd8
2020-08-07 10:38:16 +10:00
Ian Wienand
4dbfab66a1 Pre-install python3 for CentOS
CentOS 7 is the only distro we support currently that doesn't have
Python 3 installed in some form in the base images.  For centos 7 add
an early install of it in the yum element so we can have all the
in-chroot scripts assume Python 3.  There is only one package that
causes issues; yaml which comes from EPEL.  Everywhere else it is a
base package, but we don't have a way to say "enable epel to install
this".  Just hack it in, we don't want to go reworking the world for
CentOS 7 at this point.

Also add python3 and it's yaml library to the centos 8 path.  This
brings in the "user" python3 in /urs/bin/python3 (the "system" python3
is already installed).  Again, this just lets us assume
/usr/bin/python3 in scripts for all platforms.

package-installs is one of these things running python in the chroot,
and unfortunately we have elements that use it at 01- level in
pre-installd.  Thus to make sure python3 is there nice and early, run
it at 0 level, but make sure it comes after yum/dnf update.

Change-Id: I088fc4284e889147ca9a375d4a159264cff53484
2020-08-07 10:34:03 +10:00
Pierre Crégut
840f8ed2b2 Adds gnupg2 for apt-keys in ubuntu-minimal
Change present in debian-minimal pushed to ubuntu-minimal.

Change-Id: I736bffe6dd9fb57e450505d62c6ca000f678ded2
Closes-Bug: #1889076
2020-07-27 16:45:53 +02:00
Zuul
a7fba927ca Merge "Support non-x86_64 DIB_DISTRIBUTION_MIRROR variable for CentOS 7" 2020-07-24 09:38:36 +00:00
Jeffrey Zhang
581ffa023b Support non-x86_64 DIB_DISTRIBUTION_MIRROR variable for CentOS 7
Other architectures are stored under "altarch" for CentOS 7, update
the match.

Convert the delimiters to "," to avoid a subtle problem with "|" --
POSIX states

  Within the BRE and the replacement, the BRE delimiter itself can be
  used as a literal character if it is preceded by a backslash.

So "s|\(foo\|bar\)|moo|" doesn't do what you might think; the inner
pipe becomes a literal | and this will *not* match "foo" or "bar".

Change-Id: Ic1642325e3a59a10453c356d8d839ce649812af8
2020-07-20 10:33:01 +10:00
vmud213
90eafe078c Fixes DIB_IPA_CERT certificate copy issue
Change-Id: I0b4c5d8fa5a45aeb4d5d999ca5b7e0798162b92b
2020-07-17 09:48:30 +00:00
Matthew Thode
2559933f8f
add openrc init system support to serial console element
Change-Id: Id58e53a592b5f4601b893ba6c828bad07942b07b
Signed-off-by: Matthew Thode <mthode@mthode.org>
2020-07-14 13:59:09 -05:00
Zuul
70892a7a16 Merge "update gentoo-releng gpg key" 2020-07-14 00:39:15 +00:00
Zuul
ea6403388e Merge "Switch from unittest2 compat methods to Python 3.x methods" 2020-07-13 02:21:12 +00:00
Your Name
e384da1a98
update gentoo-releng gpg key
Simplify gpg checking by caching a keyring instead of keys to import.

Change-Id: I5ed74ec0e12732aec40ef31377e72d7ddc347f95
Signed-off-by: Matthew Thode <mthode@mthode.org>
2020-07-12 17:50:00 -05:00
Michael Johnson
8b08d212c3 Fix DIB scripts python version
Now that DIB is python3 only we can remove a hack that made sure
scripts outside the chroot ran with the correct version of python.
This is necessary as python3 does not resolve symbolic links to the
binary like python2.x did, which causes element scripts to fail finding
modules when DIB was run from inside a venv.

This patch does the following:
1. Reverts 9c7b8d1714 which was the
   workaround for mixed python2/3 environments.
2. Updates the scripts to use "python3" instead of "python".

Change-Id: If2402bb02fc8a4778fa9434fa167ea1fafd87c28
2020-07-07 12:53:51 -07:00
Zuul
b6d4bef9eb Merge "Use kpartx option to update partition mappings" 2020-07-07 08:27:29 +00:00
melissaml
bf0dc265ae Switch from unittest2 compat methods to Python 3.x methods
With the removal of Python 2.x we can remove the unittest2 compat
wrappers and switch to assertCountEqual instead of assertItemsEqual

We have been able to use them since then, because
testtools required unittest2, which still included it. With testtools
removing Python 2.7 support [3][4], we will lose support for
assertItemsEqual, so we should switch to use assertCountEqual.

[1] - https://bugs.python.org/issue17866
[2] - https://hg.python.org/cpython/rev/d9921cb6e3cd
[3] - testing-cabal/testtools#286
[4] - testing-cabal/testtools#277

Change-Id: I870286a2557e41099597c22dc9747743e1077615
2020-07-07 11:11:28 +08:00
Zuul
9f7c35b238 Merge "add musl profile to gentoo" 2020-07-06 18:52:39 +00:00
Zuul
131ddac3cb Merge "Stop bringing the test environment into the mocks" 2020-07-06 13:28:27 +00:00
Zuul
7e00908a28 Merge "add more python selections to gentoo" 2020-07-06 02:59:59 +00:00
Zuul
5d16300f00 Merge "Download latest CentOS cloud image" 2020-07-05 21:06:43 +00:00
Zuul
9ab6811e84 Merge "Add support for CentOS 8 Stream" 2020-07-05 21:06:41 +00:00
yatinkarel
e999368d2c Disable all enabled epel repos in CentOS8
EPEL centos8 have different epel repos like
epel, epel-modular, epel-playground etc, so
we need to disable all not just epel.

Also ensure other epel repositories in CentOS7
like epel-testing are also disabled.

Related-Bug: #1885315
Change-Id: I02b3b83fa2047702d5f069d3ca1c9c0bcc1dab52
2020-06-30 10:15:30 +05:30
Matthew Thode
64787d8ec2
add musl profile to gentoo
Change-Id: Id954ffe4d9b019c7e7bb648725ff7f976c929b4d
2020-06-22 18:37:30 -05:00
Carlos Goncalves
1f9619cdb5 Download latest CentOS cloud image
DIB was retrieving the oldest cloud image file which, presently, means
retrieving CentOS 8.1 instead of CentOS 8.2. Even though DIB runs a
system update and so catches up to latest, this takes bandwidth, time
and final image space (8.1 + system update = 765M qcow2, vs 8.2 + system
update = 518M qcow2).

This patch fixes that by taking the first image name in a descending
order list.

Change-Id: I648fe19f1f76c03c97492b6ac7be6381f6f9261b
2020-06-22 11:03:36 +02:00
Carlos Goncalves
367dfc9294 Add support for CentOS 8 Stream
This patch adds support for CentOS 8 Stream [1] to the centos-minimal
element. Users should set DIB_RELEASE=8-stream.

[1] https://www.centos.org/stream/

Change-Id: Id0825de735ab957c10daf35fb3c641f850cc6847
2020-06-22 10:36:30 +02:00
Matthew Thode
c7b6f0d6a1
add more python selections to gentoo
Change-Id: If4420e9ae7870739aac8a673ff290f9ed1391acf
2020-06-14 01:16:18 -05:00
Matthew Thode
52a8b2fa01
update grub cmdline to current kernel parameters
vga=normal is depreciated, use gfxpayload=text instead

Change-Id: I2e5be3b07acce14a9f3d47e24938d9da3c5b6c48
2020-06-14 00:39:42 -05:00
Chris MacNaughton
8f57ed9b9e
Stop bringing the test environment into the mocks
Change-Id: I1780f186cf107242cacd6d3da7a5bc81a330b536
Closes-Bug: #1883224
2020-06-12 10:37:36 +02:00
Zuul
2e6a7f949c Merge "Remove virtualenv activation" 2020-06-12 01:17:17 +00:00
Dmitry Tantsur
e793cc4038 Remove virtualenv activation
Since the original merge of this code
(04208e7c79) several things have
changed; particularly now we ship dib-run-parts as part of dib, not as
a separate package.

We setup $_LIB to point to the shipped library diretory via
pkg_resources lookups.  We now call dib-run-parts (as mentioned,
shipped as a dib library now), source scripts, etc. via $_LIB and thus
do not rely on $PATH.  Consequently we don't need this activation
part.

Which is helpful, because "venv" (as opposed to virtualenv) doesn't
have activate_this.py.  So this fixes installation under that for
Python 3.

We update the functional tests to use the virtualenv_command exported
by the ensure-pip role, which will test the venv path.  There is no
need for dib_python as we are Python 3 only now.

Change-Id: Iede929ea2d278008220aac8b1d678ba41eba0d8a
2020-06-11 16:49:15 +10:00
Zuul
3614900572 Merge "Fix yumdownloader cache dir" 2020-06-10 16:24:53 +00:00
Zuul
a0714c2300 Merge "Debuntu: add apt-transport-https" 2020-06-09 10:33:56 +00:00
Zuul
caf72a4c56 Merge "Drop six usage" 2020-06-09 10:28:14 +00:00
Simon Westphahl
4a424ecabb Use kpartx option to update partition mappings
Fix cases of 'mkfs' failing because the partitions never showed up. Partition
mappings will now be updated instead of just adding them with 'kpartx'. That
means that 'kpartx' will also remove devmappings for deleted partitions.

Traceback of failing mkfs call:

2020-05-11 22:03:25.523 | INFO diskimage_builder.block_device.utils [-] Calling [sudo sync]
2020-05-11 22:03:25.539 | INFO diskimage_builder.block_device.utils [-] Calling [sudo kpartx -avs /dev/loop0]
2020-05-11 22:03:25.581 | INFO diskimage_builder.block_device.utils [-] Calling [sudo mkfs -t ext4 -i 4096 -J size=64 -L cloudimg-rootfs -U 21c6f9eb-4d52-4e5c-b9b7-796735de8909 -q /dev/mapper/loop0p1]
2020-05-11 22:03:25.700 | ERROR diskimage_builder.block_device.blockdevice [-] Create failed; rollback initiated
2020-05-11 22:03:25.700 | Traceback (most recent call last):
2020-05-11 22:03:25.700 |   File "/home/zuul/dib/lib/python3.6/site-packages/diskimage_builder/block_device/blockdevice.py", line 406, in cmd_create
2020-05-11 22:03:25.700 |     node.create()
2020-05-11 22:03:25.700 |   File "/home/zuul/dib/lib/python3.6/site-packages/diskimage_builder/block_device/level2/mkfs.py", line 133, in create
2020-05-11 22:03:25.700 |     exec_sudo(cmd)
2020-05-11 22:03:25.700 |   File "/home/zuul/dib/lib/python3.6/site-packages/diskimage_builder/block_device/utils.py", line 143, in exec_sudo
2020-05-11 22:03:25.700 |     raise e
2020-05-11 22:03:25.700 | diskimage_builder.block_device.exception.BlockDeviceSetupException: exec_sudo failed
2020-05-11 22:03:25.700 | INFO diskimage_builder.block_device.level0.localloop [-] loopdev detach
2020-05-11 22:03:25.701 | INFO diskimage_builder.block_device.utils [-] Calling [sudo losetup -d /dev/loop0]
2020-05-11 22:03:25.732 | INFO diskimage_builder.block_device.level0.localloop [-] Remove image file [/tmp/dib_image.muyw7t1h/image0.raw]
2020-05-11 22:03:25.734 | ERROR diskimage_builder.block_device.blockdevice [-] Rollback complete, exiting
2020-05-11 22:03:25.740 | Traceback (most recent call last):
2020-05-11 22:03:25.740 |   File "/home/zuul/dib/bin/dib-block-device", line 8, in <module>
2020-05-11 22:03:25.740 |     sys.exit(main())
2020-05-11 22:03:25.740 |   File "/home/zuul/dib/lib/python3.6/site-packages/diskimage_builder/block_device/cmd.py", line 120, in main
2020-05-11 22:03:25.740 |     return bdc.main()
2020-05-11 22:03:25.740 |   File "/home/zuul/dib/lib/python3.6/site-packages/diskimage_builder/block_device/cmd.py", line 115, in main
2020-05-11 22:03:25.740 |     self.args.func()
2020-05-11 22:03:25.740 |   File "/home/zuul/dib/lib/python3.6/site-packages/diskimage_builder/block_device/cmd.py", line 36, in cmd_create
2020-05-11 22:03:25.740 |     self.bd.cmd_create()
2020-05-11 22:03:25.740 |   File "/home/zuul/dib/lib/python3.6/site-packages/diskimage_builder/block_device/blockdevice.py", line 406, in cmd_create
2020-05-11 22:03:25.740 |     node.create()
2020-05-11 22:03:25.740 |   File "/home/zuul/dib/lib/python3.6/site-packages/diskimage_builder/block_device/level2/mkfs.py", line 133, in create
2020-05-11 22:03:25.740 |     exec_sudo(cmd)
2020-05-11 22:03:25.740 |   File "/home/zuul/dib/lib/python3.6/site-packages/diskimage_builder/block_device/utils.py", line 143, in exec_sudo
2020-05-11 22:03:25.740 |     raise e
2020-05-11 22:03:25.740 | diskimage_builder.block_device.exception.BlockDeviceSetupException: exec_sudo failed

Change-Id: I374f7f22f9e93ef35eb5813712ca59e75f0733e8
Related-Bug: #1698337
2020-06-09 09:07:55 +02:00
Dmitry Tantsur
1e1e36df64 Do not fail in a venv when activate_this.py is not found
The standard Python venv module does not have this script, so currently
DIB unconditionally fails. While a real fix will be provided in
https://review.opendev.org/#/c/704478/ this change at least allows
users to try work around the problem.

Change-Id: I45b79d4d283f2b3ea909612e652672dcb6092488
2020-06-09 12:53:21 +10:00
Carlos Goncalves
9d9dd9249c Fix yumdownloader cache dir
TMPDIR env is not being honored as cache dir in EL 8.

Change-Id: I8281675ec5f0951b3e190a8d6727744a1a5cd8d7
2020-06-07 21:58:49 +02:00
Andreas Jaeger
4493208048 Drop six usage
With python3, six is not needed anymore, drop it.

Change-Id: I70bb679270605ac32ca0cceb9414ea3a210e5842
2020-06-05 12:04:37 +02:00
Ian Wienand
0c94eef7be Revert "dib-lint: use yamllint to parse YAML files"
This reverts commit 6ee2995214 and
e85c2a6f03.

I missed that if you pip install and then run dib-lint, it's not going
to pick up the .yamllint file shipped here.  Thus it gives spurious
errors.

The reason for this was simply better duplicate key detection in yaml
files, which caused us problems with the kernel installs.  However, at
this point it seems just the old "does it load" test from pyyaml will
be enough.

Change-Id: I87a9fc9bb119cfeffad48fc0fa0df31f0181825d
2020-05-28 16:44:49 +10:00
Ian Wienand
d2eaaaf622 Merge "Pre-install xz package in opensuse chroot" 2020-05-28 02:06:30 +00:00
Matthew Thode
041bdd331a
use stage3 instead of stage4 for gentoo builds
The main reason for using the stage4 is now gone (kernel compile).
Install and use the distro provided binary kernel package.

In addition to this, set the locale and timezone, beyond that very
little was done in the gentoo stage4.

Change-Id: I541b7d9b807e2357398ae1c249b1978958dd1137
Signed-off-by: Matthew Thode <mthode@mthode.org>
2020-05-27 18:50:16 -05:00
Colleen Murphy
19b3586d08 Pre-install xz package in opensuse chroot
As of recently, opensuse-minimal images fail to build because of an
error installing the kernel-default package:

> Problem: kernel-default-5.6.12-1.3.x86_64 requires mkinitrd >= 2.7.1, but this requirement cannot be provided
>   not installable providers: dracut-050+suse.61.g0fe0e854-1.1.i586[repo-oss]
>                    dracut-050+suse.61.g0fe0e854-1.1.x86_64[repo-oss]

The problem is there is a recently added package `busybox-links` which
provides a subpackage `busybox-xz` which provides the /usr/bin/xz
utility. Since this is available, the `aaa_base` package installs it
during the root.d base installation phase to fulfill it's dependency on
/usr/bin/xz. On the other hand, the dracut package explicitly requires
the `xz` package, and this is not co-installable with the `busybox-xz`
package, so the dracut package is not installable during the install.d
phase. This change explicitly adds the `xz` package to the initial
chroot provisioning phase so that the /usr/bin/xz requirement is already
fulfilled and `busybox-xz` does not get installed.

Change-Id: Iba8c301eb496657873963e1aa99736aacf87cb00
2020-05-27 10:45:03 -07:00
Ian Wienand
339d713527 Revert "Revert "ubuntu-minimal : only install 16.04 HWE kernel on xenial""
This reverts commit 6e549c33ac.

It uses the new multiple-parameter matching format from
Idff7b067ad4255e6fc4138f7eff313a81b75c8ba to actually do what it says.

Change-Id: I4656ff1a5c46bcfbd8587f2f541825f4ad08820f
2020-05-27 06:18:02 +10:00
Ian Wienand
b71d1c60d2 package-installs : allow a list of parameters
The change Ia6f10741fa6be24b11d6991c8a6b6e07951ff68d introduced having
"when:" as a list of values.  However, this was actually not
sufficient to express the logic required for arm64/x86_64/xenial
kernel matching we wanted.

Because the package name is a key, we can't have multiple entires in
the package-map YAML files.  This means we can't do more advanced
matching and thus we need to be able to match through multiple
parameters.  Similar to Ia6f10741fa6be24b11d6991c8a6b6e07951ff68d we
modify the matching rules to allow a list.

A an example of using this is provided in the README.rst, and this
same example worked through by the unit tests.

This also slightly updates the matching logic to be more sequential.
After each check we either continue on or log the failure and continue
to the next check (rather than set a list of flags then check that at
the end).  This makes it much easier to understand what is being
matched in the logging output from the tool.

Change-Id: Idff7b067ad4255e6fc4138f7eff313a81b75c8ba
2020-05-27 06:17:57 +10:00
Ian Wienand
6ee2995214 dib-lint: use yamllint to parse YAML files
This gives us better linting of YAML files that just opening them.
This would have detected the duplicate keys in
I34e27d821fbefe274e7b007f37b0bd34db2e1d26.

The .yamllint is taken from zuul-jobs where it is also used as a
fairly sane set of default rules.

A few minor newline fixes are added.

Change-Id: I96d6644ae24f7deb84fa50fefbda0f0d33e0e009
2020-05-26 12:04:09 +10:00
Ian Wienand
6e549c33ac Revert "ubuntu-minimal : only install 16.04 HWE kernel on xenial"
This reverts commit 14ff8f942c.

This seems to not be installing the kernel at all, and needs further
investigation.

Change-Id: Ifd809d4b67aff5d80f979235db246a16af0375b3
2020-05-25 18:48:51 +10:00
Ian Wienand
7539e241da ubuntu-minimal: Add Ubuntu Focal test build
Add test builds for Focal on x86 and ARM64

Change-Id: Idb23f0e00d37c7447441ea002aad078e8c61f969
2020-05-21 14:03:54 +10:00
Ian Wienand
14ff8f942c ubuntu-minimal : only install 16.04 HWE kernel on xenial
Only install the HWE kernel by default for Xenial.  This was actually
installing the 16.04 HWE kernel on Bionic by accident, since it seems
to have that package; however it was breaking Focal.

On the other distros, just install the default generic kernel.  Let's
KISS for now if we can ...

Change-Id: I34e27d821fbefe274e7b007f37b0bd34db2e1d26
2020-05-21 14:03:54 +10:00
Ian Wienand
c5acc91574 ubuntu-minimal: fix HWE install for focal
On Focal, install the 20.04 HWE kernel if linux-image-hwe is
specified.

Change-Id: I5d536e8f64e7b987415849d8cd4da7959bba7af7
2020-05-21 14:03:54 +10:00
Ian Wienand
138d3f9b81 package-installs: allow when filter to be a list
Allow the "when:" statements to be a list of values, which are
effectively anded together to filter the package install.

Change-Id: Ia6f10741fa6be24b11d6991c8a6b6e07951ff68d
2020-05-21 14:03:49 +10:00
David Hill
68912bb76f Disable all repositories after attaching a pool
Disable all repositories after attaching a pool as in some cases that
I still can't explain, the "-htb-" repositories are enabled by default
which causes problems later on when trying to install the packages.

Change-Id: I86b3baccd4b0932eb3686a17485f64ee09994dad
2020-05-13 17:18:19 -04:00
Ian Wienand
9080d04923 block device: update variable name
New versions of flake8 fail as "l" can be confused for "1" apparently
(E741) ... not sure I totally agree but since it's only one instance,
update it.

Change-Id: Ic5c47867facd56b53cc6534da4ae3a345c516202
2020-05-13 06:22:02 +10:00
Zuul
534b799de8 Merge "pip-and-virtualenv : fix fedora 30 install" 2020-04-24 05:34:35 +00:00
Zuul
0d0a5909e7 Merge "yum-minimal: strip env vars in chroot calls" 2020-04-24 05:34:33 +00:00
Ian Wienand
a8a5b1ac77 pip-and-virtualenv : fix fedora 30 install
This should be installing the python2 and python3 packages (that's
what pip-and-virtualenv is designed to do), but we dropped the +=
accidentally in ee9ad32b6f.

However, we've moved on anyway and after
I7a6a342461d6001c25e55638ba9b7438c28f2519 F31 doesn't support this
element.  fedora-latest is already updated to f31 in the opendev gate.
Remove the testing as it is no longer relevant.

Change-Id: Id696a90baa1eb05cb4c08501f8dac3665d395682
2020-04-24 12:42:35 +10:00
Ian Wienand
df3ad26f58 yum-minimal: strip env vars in chroot calls
This showed up with dnf in containers when TMPDIR was set; dnf started
trying to write to this directory while in the chroot.

We already do stripping like this in run_in_target -- but this is a
bit of a unique place because it's actually setting up the initial
chroot so the target doesn't actually exist yet; so we just hard-code
it in place here.

Change-Id: If7310cb820846da903bf60daa4486c8bf7cb0136
2020-04-24 12:38:42 +10:00
Ian Wienand
ac7fba7040 pip-and-virtualenv: drop f31 & tumbleweed, rework suse 15 install
This is an alternative approach to commit
68bb43535e.  I think this proposes a
better overall solution that the prior change which had the Python 3
packages being installed, but did not specify the _do_py3 flag to do
the installation steps that redirect the various tool installations.

Fedora 31+ doesn't have python2, and Tumbleweed does have some Python
2 support but there seems to be no reason to bother updating this
element for either with infra very close to removing this completely
[1].  Error out on these platforms, and add a release note.

The 15 path should include the python2 and python3 packages, along
with the flags to do the "cleanup"; i.e. forced removal of distutils
packages that pip 10+ won't touch.  As mentioned in the original
change, the six package causes problems here, but we can clear that
too by explicitly listing it instead of letting it come in via
dependencies.  Again, this element will be removed from the infra 15
builds ASAP; but we can release with this to provide a roll-back point
if we need to revert the removal to fix things temporarily.

Add it to the testing path as well.

[1] https://docs.opendev.org/opendev/infra-specs/latest/specs/cleanup-test-node-python.html

Change-Id: I7a6a342461d6001c25e55638ba9b7438c28f2519
2020-04-23 08:10:26 +10:00
Zuul
0445a5ce2b Merge "Add centos aarch64 tests" 2020-04-17 01:18:54 +00:00
Ian Wienand
3f823488c5 Add centos aarch64 tests
Change-Id: I2fffeeffa82c505a34c5c9972724b557f3b58975
2020-04-16 14:15:50 +10:00
Marcin Juszkiewicz
18e35893f7 Do not try to use MBR on AArch64
When I tried to build CentOS8 image for AArch64 I got error saying that
MBR is not supported. So make sure that it will not be used by default.

Change-Id: Ib67ab7f808d727c3c61932c540d398dbe723972f
2020-04-14 10:12:57 +00:00
Dirk Mueller
68bb43535e opensuse: fix python 2.x install
openSUSE Tumbleweed is dropping python2-* packages so we need
to stop intalling them. We can also stop installing those
for Leap 15. which avoids a pip uninstall issue (as python2-six
was still built with distribute).

Change-Id: Ie93c8addb26aab3d0154c4b5b52423799abede91
2020-04-03 18:22:33 +02:00
Ian Wienand
434d2db5d4 Debuntu: add apt-transport-https
I don't see anywhere we bring this in, especially on a minimal build.
In 2020 it seems like a base dependency, put it alongside
software-properties-common that installs the other apt helper bits.

Change-Id: I5b079eac4912cb4a164e9aa6158ed106a28f576c
2020-04-02 10:11:35 +11:00
Zuul
ac250e5ab0 Merge "centos 8 image build: fix mirror" 2020-03-31 05:03:06 +00:00
Zuul
dc67ccfe12 Merge "Mellanox element: removed ibutils,libibcm,libmlx4-dev" 2020-03-30 22:10:13 +00:00
Ian Wienand
56dc0a2c31 centos 8 image build: fix mirror
We're ending up with "centoscentos" in the mirror location and the
build fails; strip out the $contentdir from the original too.

Change-Id: If09dbbd8028ea510d2ab0d3d8afe484cea611df5
2020-03-31 08:57:15 +11:00
Zuul
21f9ea4f78 Merge "Add Fedora 31 support and test jobs" 2020-03-30 01:26:32 +00:00
Lee Yarwood
ee9ad32b6f Add Fedora 31 support and test jobs
Change-Id: Iad0261ac8db001ffa4d3a4dd6df05fe923402a69
2020-03-30 08:47:00 +11:00
Zuul
56d9956cbd Merge "Add python-stow-versions element" 2020-03-27 13:49:21 +00:00
Lenny Verkhovsky
2f4e1886e5 Mellanox element: removed ibutils,libibcm,libmlx4-dev
Those packages will be installed as part of dependencies

Change-Id: I640dc55c818dd8538bfcd199c33f9af93aae7608
2020-03-23 00:06:53 +02:00
Harald Jensås
1ac31afd62 Use rpm -e instead of dnf for cleaning old kernels
If the running kernel of the system building the image
matches the kernel that is to be removed dnf will fail.

Repalce use use of dnf with rpm -e.

Closes-Bug: #1623409
Change-Id: Ie2481ea8a02b7b0720e46fa179f24badf4aa25c5
2020-03-19 22:35:23 +01:00
Dmitriy Rabotyagov
1de6fe4ba7 Add python-stow-versions element
This element is designed to install latest minor versions of different
python releases, like py27, py35, py36, py37, py38
into stow directory, and later easily enable them with stow.

Change-Id: Iab6d20e7643e549b53c629fb430e58b1c5e72991
2020-03-19 21:21:01 +02:00
Monty Taylor
c113703050 Add support for build-only packages
Sometimes an element needs packages installed so that it can
perform tasks but those package are not appropriate for the
final image content. Add a "build-only" flag to package-install-squash
which will cause package to be installed at the beginning of the
phase and then uninstalled at the end of the phase.

Change-Id: Ie01b795991710c93f6b669c8f14b57eb4412c1d5
2020-03-18 14:40:44 -05:00
Zuul
61b72ca2c2 Merge "Add ensure-venv element, install glean with it" 2020-03-10 05:08:54 +00:00
Zuul
991586c20a Merge "Uncap hacking" 2020-03-10 01:16:02 +00:00
Ian Wienand
82cfcfe551 Add ensure-venv element, install glean with it
All the platforms we care about now have python3 with venv (even
centos7 now) packaged somehow.  Add an ensure-venv element to make
sure that "python3 -m venv" works.  Any other elements that wish to
install non-distribution-packaged Python utilities can use this to
keep them separate from the main system installs.

Port glean to use this, and drop its dependency on pip-and-virtualenv.

Change-Id: Ic16f134fe34293bb68e7c632dd320f523366320d
2020-03-10 11:57:43 +11:00
Zuul
18f46bde30 Merge "fix iscsi-boot element exiting build even if dracut-regenerate used" 2020-02-26 04:05:57 +00:00
Zuul
8deca122f9 Merge "Change tgt pkg-map to target-restore CentOS/RHEL-8" 2020-02-26 04:05:56 +00:00
Zuul
8ad2956911 Merge "Do not include efibootmgr and efivars for ppc architectures" 2020-02-26 04:02:42 +00:00
Bob Fournier
14a3776885 Do not include efibootmgr and efivars for ppc architectures
These don't exist and are not needed for ppc.

Change-Id: I9ba53e22583b148b43f74cd9b8ec79402796d09b
2020-02-25 13:27:13 -05:00
Chandan Kumar (raukadah)
31a32ff6ee Change tgt pkg-map to target-restore CentOS/RHEL-8
In ironic-agent tgt pkg-map, scsi-target-utils was used for
redhat family which is not used in CentOS/RHEL-8.

As per https://opendev.org/openstack/ironic-python-agent-builder/src/branch/master/dib/ironic-python-agent-ramdisk/pkg-map#L5
targetcli got removed and switch to target-restore. It syncs
the same element for RHEL-8 and adds the same for CentOS-8.

Closes-Bug: #1864427

Change-Id: I95a0c09a6739af23cd1e8c88dded198bd69cc53e
Signed-off-by: Chandan Kumar (raukadah) <chkumar@redhat.com>
2020-02-24 14:17:24 +05:30
Ian Wienand
28ebd24844 Uncap hacking
This causes problems for other projects incorporating dib; we don't
have a specific need for a cap.

Fix a few issues, mostly spacing or regex matches.  No functional
changes.

W503 and W504 relate to leaving artithmetic operators at the start or
end of lines, and are mutually exclusive and, due to "ignore"
overriding the defaults both get enabled.  It seems everyone gets this
wrong (https://gitlab.com/pycqa/flake8/issues/466).  Don't take a
position on this and ignore both.

Use double # around comments including YAML snippets using "# type: "
which now gets detected as PEP484/mypy type hints.

Change-Id: I8b7ce6dee02dcce31c82427a2441c931d136ef57
2020-02-24 10:34:46 +11:00
Carlos Goncalves
8226384cf0 Add CentOS 8 support
* Add "centos" element, a CentOS version-independent element. This is in
  line with the same work done for RHEL in Stein cycle.
* Deprecate the centos7 element. CentOS 7 support itself it not
  deprecated though. The new "centos" element provides the same support
  level as the "centos7" element.
* Add functional testing

The default CentOS version is 8. You can adjust it using the DIB_RELEASE
environment variable.

Change-Id: I373ba2296c4613765676e59aabd9c651345298d1
2020-02-19 10:44:56 +01:00
Zuul
9d08848f25 Merge "Fix cache-url -f" 2020-02-18 22:55:23 +00:00
Zuul
0ec74b948c Merge "Allow python3 to be used in Debian" 2020-02-17 18:18:07 +00:00
Noam Angel
48eac8b899 fix iscsi-boot element exiting build even if dracut-regenerate used
in CentOS build case building an image with "iscsi-boot" and "dracut-regenerate" will exit building because of statement "[ "$found" = 0 ]"

Change-Id: I1a6d60e9ec5f5cb508866c8376465c3e73551a30
2020-02-12 09:09:20 +00:00
Iury Gregory Melo Ferreira
6986441e2c Add efi packages for ironic-agent
On IPA we are using efivar and efibootmgr, we already added the
packages on ipa-builder.
Adding the pacakges on diskimage-builder, so that people who use
it to build the images won't get into trouble.

Change-Id: I9ab6588f20302b4808b09dc060aced5fd267a3d2
2020-02-11 17:26:59 +01:00
Riccardo Pittau
cf7d39e4cd Allow python3 to be used in Debian
Debian default Python interpreter version is 2.7, but it's
possible to install a Python 3 interpreter from the base
repository.
With this change, if we set DIB_PYTHON_VERSION to 3, we install
the python3 package from base, with python3-libs, python3-pip and
python3-setuptools, and redefine python_path, effectively allowing
Python 3 interpreter to be used in Debian.
See a result of the job for building the ipa image here:
https://review.opendev.org/705773

Change-Id: Idabfa94c2bff6e0de6daa0866084d5db14d7dcb0
2020-02-07 18:10:19 +01:00
Tobias Henkel
bad433fa92
Fix cache-url -f
When there is a hashsum mismatch diskimage-builder forces downloads
with the -f switch of cache-url. This is currently broken because bash
escapes the quotes in curl_opts. This tricks curl trying to download
'no-cache' instead of the url. This can be fixed by using an array for
curl_opts which does the correct thing here.

Change-Id: Id9f1579dda9a3e0a2b08dd5faaeef0e2e580d419
2020-02-05 10:19:12 +01:00
Zuul
500e60dbf4 Merge "Enable possibility to select HWE kernel for Ubuntu minimal" 2020-02-04 09:00:47 +00:00
Antoine Musso
168127b60a dib-lint: test elements have README.rst file
Add a basic test to ensure that all elements have a README.rst file.
This way they will be exhaustively listed in the Sphinx documentation.

Add dummy README.rst for 'disable-selinux' and 'rpm-distro' elements.

Change-Id: Ia5252ddd89b5ae5c6e9a12a66ef10f912fd54da5
2020-01-20 11:43:43 +01:00
Fatih Degirmenci
e2af38e3a5 Enable possibility to select HWE kernel for Ubuntu minimal
Change-Id: I206a77590f575e472e31b4f867fd5fd35475542d
2020-01-17 10:47:37 +00:00
Carlos Goncalves
ae2be0b464 Fix Yum repositories and GPG keys for CentOS 8.1
CentOS 8.1 split repositories and GPG keys out into subpackages. This
broke DIB support for CentOS 8.

7e41cef418
26a0d73ced

Change-Id: If3de6efa6074e059dc9fdd47c7bdc19d26d4d7f2
2020-01-15 19:39:00 +01:00
Matthew Thode
87e7f7b869
allow building of Gentoo images for non-systemd profiles
Change-Id: I61e3ba391eaaf9b300f88b082c03116388401ba3
2019-12-20 17:51:55 -06:00
Mohammed Naser
6f1b51627f modprobe.d: use $TMP_MOUNT_PATH
The hook inside extra-data.d runs outside the chroot when
building the image which means that we need to prefix paths
inside the hook to avoid running things on the host.

We also run it with sudo because if we're running DIB not
as root, /etc is uid 0 and we'll get a permission denied.

Change-Id: I1838890fe124c84c879285a471bcc78fe47d6c23
2019-12-18 11:42:02 -05:00
Zuul
71e1bcbdb8 Merge "Install rng-tools in Red Hat family distro images" 2019-12-17 06:25:32 +00:00
Zuul
f6d32a684f Merge "Add arm64 based functional test" 2019-12-16 21:31:51 +00:00
Ian Wienand
082397a86a Add arm64 based functional test
An initial functional test for bionic/arm64 builds, put it in the new
arm64 check queue.

Change-Id: I5f8a047f41c6555da7211b758c55f7a87b3aa5d1
2019-12-16 10:51:01 +11:00
Zuul
db9501cab2 Merge "Fix wrong URL in ironic-agent element" 2019-12-15 23:43:33 +00:00
Carlos Goncalves
3ff7365ee8 Install rng-tools in Red Hat family distro images
Make sure rngd, a hardware RNG entropy gatherer daemon, is installed on
all DIB-built Red Hat family distro images. rngd comes installed by
default in a typical base installation as it's proven to help speed
things up.

Nova attaches the virtio-rng-pci device to VMs. virtio-rng-pci is a
device that provides feed random data. However, it is of little to no
use if the virtual machine is not configured to make use of given
device. That is where rngd can help by facilitating entropy to the pool
from virtio-rng-pci.

$ openstack image set --property hw_rng_model=virtio [...]
$ openstack flavor set --property hw_rng:allowed=True [...]

DIB-built minimal images do not come with rngd installed. This patch
makes sure the daemon is installed. Its systemd service comes already
enabled.

Change-Id: I34a989dbfc57d4c98113ac25c81dfb500945ff0a
2019-12-12 20:26:06 +00:00
Zuul
74dff74907 Merge "Set correct python version for non-chroot scripts" 2019-12-12 16:48:17 +00:00
Madhuri Kumari
46491eb1b5 Fix wrong URL in ironic-agent element
Change-Id: Iaa107094b1409f93b101b23cea2e874c60ea26f5
2019-12-12 16:39:48 +05:30
Michael Johnson
9c7b8d1714 Set correct python version for non-chroot scripts
Some phases of diskimage-builder run outside the chroot environment,
such as the extra-data.d scripts, and don't have access to dib-python.
This means these scripts may choose the wrong python version by using
"#!/usr/bin/env python" to execute. The svc-map element is an example.

This patch creates a temporary directory and symbolic link for the
correct version of python, then manipulates the environment PATH
to preference the symbolic link "python" command.
This will allow elements with these scripts to work correctly with
the version of python diskimage-builder is running under.

Change-Id: I289d621e1bfbba0eb174dff977d1a5c92c04e4fa
Co-Authored-By: Ian Wienand <iwienand@redhat.com>
2019-12-11 22:52:28 +00:00
Ian Wienand
801fa77a16 Work around Trusty ext4 metadata_csum errors on Bionic
As described inline, Bionic hosts will build invalid Trusty images.
Hack around this by disabling metadata_csum in the ext4 mkfs.

Change-Id: Ibd67d58ca830a9e60605d0700ee2b17906c804e6
2019-12-11 16:02:13 +11:00
Zuul
361a751d36 Merge "Allow zypper repos to be overrideable" 2019-12-04 06:14:55 +00:00
Zuul
68b41854b2 Merge "Install ndisc6 package in element script" 2019-12-03 22:41:09 +00:00
Zuul
9b00377f31 Merge "Fix regex for mirror URL substitution" 2019-12-03 21:56:19 +00:00
Zuul
0b1eba25d5 Merge "Break retry loop on success in dhcp-all-interfaces" 2019-12-03 21:56:18 +00:00
Zuul
e3a904d4a6 Merge "Fix login.defs config for tumbleweed" 2019-12-03 21:56:16 +00:00
Carlos Goncalves
670df3326d Fix regex for mirror URL substitution
The base URL of EPEL repository installed by the epel-release package in
CentOS 8 at least now defaults to https.

The error seen when building an CentOS 8 image was:
"Error: Cannot find a valid baseurl for repo: epel"

This patch fixes it so that it will always match regardless of being
http or https.

Change-Id: I9ec5536ee72047c929a1ef6950ff4e9092842a4c
2019-12-03 19:13:18 +01:00
Harald Jensås
7948fee7e2 Install ndisc6 package in element script
The ndisc6 package is not yet available in EPEL 8.
See: https://bugzilla.redhat.com/show_bug.cgi?id=1779134

Until the package is available set the pkg-map to "" for
the ndisc6 package when distro is redhat and install the
package using || true in the element script instead so
that CentOS 8 build's do not fail because of the missing
package.

Once the package is in EPEL 8 this change can be reverted.

Related-Bug: #1754219
Change-Id: Icd4bad8852ce5ba40fb0e7b0d335191efbe88c67
2019-12-03 14:57:33 +01:00
Michele Baldessari
f9dcbd30cc Make sure DIB_DEBUG_TRACE has a default value
After the introduction of 'Add output for mis-configured element
scripts' we started seeing CI failures in tripleo where
instack-undercloud is being used (rocky/queens):

  /usr/lib/python2.7/site-packages/diskimage_builder/lib/dib-run-parts: line 108: DIB_DEBUG_TRACE: unbound variable
  INFO: 2019-12-02 16:24:33,423 -- ############### End stdout/stderr logging ###############
  ERROR: 2019-12-02 16:24:33,423 -- Hook FAILED.

Let's make sure that by default the env variable is set
to 0.

Change-Id: I38c76c0edee436f1e7dd0c9a868cea1e6ee3271d
Closes-Bug: #1854904
2019-12-03 08:26:12 +01:00
Colleen Murphy
ad67aa213b Allow zypper repos to be overrideable
Without this change, operating system elements that use the
zypper-minimal element always must use download.opensuse.org as their
repository source. This change makes ZYPPER_REPOS overrideable, which
allows the user to create custom operating system elements that can use
private repositories as their source for base packages. For example,
with only this change, it is possible to create a sles-minimal element
that generates a SLE 15 SP1 image just by overriding DIB_ZYPPER_REPOS
and DIB_OPENSUSE_PATTERNS.

Change-Id: I46e40fbe4408d4204056a27b182b21213f1176ff
2019-12-02 16:25:53 -08:00
Colleen Murphy
4fb5a57b8a Fix login.defs config for tumbleweed
On openSUSE Tumbleweed, the login.defs config file was moved under
/usr[1]. This change allows the login.defs config change to work for
both old and new locations.

[1] https://build.opensuse.org/request/show/736424

Change-Id: Ia5eff5e7b0709836278361b1b8daa788619eff75
2019-12-02 16:21:45 -08:00
Hervé Rousseau
b91e212434 Break retry loop on success in dhcp-all-interfaces
If rdisc6 is available, a node using this element will loops until
DIB_DHCP_TIMEOUT is reached because of a missing 'break' when rdisc6
return code is 0.
This will mark the dhcp-interface@.service unit as failed (because it
has the same timeout) and not bring any network interface online.

Change-Id: I034dcda94d765f236950ebcbee36789f5bdc515f
Closes-Bug: #1854717
Signed-off-by: Hervé Rousseau <hroussea@cern.ch>
2019-12-02 15:50:20 +01:00
Zuul
a231bc6b9f Merge "Add IPv6 support in dhcp-all-interfaces" 2019-11-26 23:54:54 +00:00
Zuul
20e468c604 Merge "Stop installing pydistutils.cfg" 2019-11-26 02:12:41 +00:00
Monty Taylor
75341292f9 Stop installing pydistutils.cfg
Support for easy_install codepaths is increasingly broken, and now
putting allow-hosts in this file breaks most recent pip. Just stop
installing the file - people should be using pip anyway.

Change-Id: I0a6b2432f81d80fbcbb336403fe555003880fa9f
2019-11-25 11:46:42 +11:00
Zuul
fdb6225acc Merge "Add output for mis-configured element scripts" 2019-11-22 06:57:40 +00:00
Zuul
9dd161471a Merge "Ensure nouveau is blacklisted in initramfs too" 2019-11-22 06:57:39 +00:00
Zuul
f268c72ed9 Merge "Adds support for GPG keyring" 2019-11-22 06:57:38 +00:00
Zuul
05a6f898fd Merge "Only wait for checksum processes" 2019-11-22 06:57:37 +00:00
Zuul
6143d40def Merge "Introduce manual setting of DIB_INIT_SYSTEM" 2019-11-22 06:43:25 +00:00
Ian Wienand
bee30b43d2 Only wait for checksum processes
When running under nodepool in a foreground, non-daemonized situation
without a tty (i.e. within a container) we're seeing this "wait" hang
indefinitely.

It is probably related to "outfilter.py" and output file descriptors,
although TBH we haven't completely root-caused it.  I won't claim this
is a great solution, but it should hopefully let the dib process
finish and just die, where outfilter will disappear.

Change-Id: If78da54df3d4c240fee16aee4413ec554b37c1d6
2019-11-21 14:04:09 +11:00
Andreas Florath
3636b40f74 Introduce manual setting of DIB_INIT_SYSTEM
The current implementation evauates the dib-init-system
script too early.  Also it looks that there is no simple
way of getting the info about the init system automatically:
another element can install (later on) a different
init system.  Therefore the only reliable way of setting
this is manual.

Change-Id: I6e9ffa1bdb3154f488f4fd335b197699b86aacd4
Signed-off-by: Andreas Florath <andreas@florath.net>
2019-11-21 12:38:15 +11:00
Michael Johnson
824042d608 Add output for mis-configured element scripts
I commonly get asked for help when people are attempting to create
local image elements and they cannot get them to work.
diskimage-builder silently ignores element scripts that it doesn't
find to it's liking, such as non-executable or files with extensions
(.sh is a common mistake).
This patch extends the '-x' tracing flag down to dib-run-parts and
will cause it to print out helpful messages when these files would
otherwise be silently ignored.

Examples:
Ignoring non-executable files: 10-do-not-run-me
Ignoring non-conforming filenames: 10-I-can-run.sh

I am not enabling these by default as they can create extra noise
and require additional filesystem IO to produce.

Change-Id: Ic804efca3015c199440b4b10da951d71a815c64f
2019-11-20 15:05:30 -08:00
David Hill
f7ee1cd733 Add grub-efi-x86_64 pkg-map
Add grub-efi-x86_64 pkg-map

Change-Id: I64fab237c3fcd5e4fe1e74eb17ddd2a9aa8110f5
Closes-bug: #1852762
2019-11-16 21:15:28 -05:00
Harald Jensås
f94508d537 Add IPv6 support in dhcp-all-interfaces
When the rdisc6 utility is available probe for router
advertisement. configure eni and rhel-netscripts interfaces
to do IPv6 address configuration according to the flags
in the RA recived from the router.

The systemd service file timeout is DIB_DHCP_TIMEOUT * 2,
so that DHCPv4 can timout, and dhcpv6 run before the service
times out.

Retries are commented in dhclient.conf, without it we end up
trying DIB_DHCP_TIMEOUT * 60 before the client move on to
IPv6.

WHEN:
  Stateful address conf.    :          No
  Stateful other conf.      :          No
THEN:
  Do not run dhclient at all, autoconfiguration via
  SLAAC only.

WHEN:
  Stateful address conf.    :          No
  Stateful other conf.      :          Yes
THEN:
  Run "dhclient -6 -S", The ``-S`` option makes the
  dhcp client not request an address, only other
  options such as DNS servers and NTP servers from
  DHCPv6 server.

WHEN:
  Stateful address conf.    :          Yes
  Stateful other conf.      :          Yes
THEN:
  The dhcp client should request an address _and_ other
  options such as DNS servers and NTP servers from
  DHCPv6 server.

NOTE: No IPv6 support added for suse-netscripts

Closes-Bug: 1754219
Change-Id: Icdc79875c33f894ab7eaec8afdfb33a731efff99
2019-11-13 09:31:01 +01:00
Felipe Alencastro
48ff601098 Adds support for GPG keyring
Currently DIB_ADD_APT_KEYS only supports GPG armor keys, while
default Debuntu apt gpg keys are in keyring format.

Change-Id: I361c375e25b03a08b19052b10c6733939c8df921
2019-11-07 17:32:05 -03:00
Ian Wienand
b52b560fb0 Revert "Drop vhdutil dependency, use qemu-img"
This reverts commit a3e9e7f89e.

We still have some issues with vhd creation on RAX

In short, it appears that images fail to resize unless they have a
specific "creator" field.  Revert this while we consider the options.

[1] https://bugs.launchpad.net/nova/+bug/862653

Change-Id: I2b6a3bfbfe28432fbb6a2ce4a0211939d224b8d5
2019-10-30 09:28:58 +11:00
nishagbkar
9e149ce8bb Deprecates the existing "ironic-agent" element in DIB
The "ironic-agent" is copied to ironic-python-agent-builder and
hence it is deprecated from DIB.

Remove from functional testing

Change-Id: Ibc4f75b9d7e2a31994fc86d05bd57975f00fb74f
Task: 36198
Story: 2005114
2019-10-29 10:00:47 +11:00
Zuul
392ebeec68 Merge "pip-and-virtualenv: include python3-venv for Debuntu" 2019-10-28 00:01:51 +00:00
Zuul
24e204eb5c Merge "Drop vhdutil dependency, use qemu-img" 2019-10-25 06:51:59 +00:00
Ian Wienand
f2e0b01336 pip-and-virtualenv: include python3-venv for Debuntu
This package is not installed by default on Debuntu, but is on RH
platforms.  This is causing a build breakage as DIB_PYTHON_VIRTUALENV
tries to use this (I3414fb9e503f94ff744b560eff9ec0f4afdbb50e).

Add the package.

Change-Id: I9a551c57dd128bbb4b095c847f634c777b2cb553
2019-10-25 16:26:33 +11:00
Zuul
220c342e76 Merge "Add security suite name override in debian-minimal" 2019-10-25 05:16:38 +00:00
Zuul
c97cb559d3 Merge "Ensure machine-id is not included in images" 2019-10-25 04:28:28 +00:00
Zuul
fccb6ce32b Merge "Fix syntax error in selinux-fixfiles-restore" 2019-10-24 22:30:27 +00:00
Oliver Walsh
ceaf79d191 Ensure nouveau is blacklisted in initramfs too
To ensure dracut does not load nouveau we need to explicitly disable it via
omit_drivers.
This change adds a method to drop in arbitary dracut conf files to an element
which are picked up by dracut-regenerate and included in the chroot where we
run dracut.

The disable-nouveau element just adds a conf file with
`omit_drivers += " nouveau"`
The default dracut conf files in /usr/lib include a similar file to omit the
nvidia kernel modules.

Change-Id: I6375e4843fd08d1410141fbbd8658042dcd5ad05
Closes-bug: 1842664
2019-10-23 10:16:00 +11:00
Zuul
5bc5f8aff3 Merge "bootloader: make serial console configurable" 2019-10-22 03:19:18 +00:00
Oliver Walsh
ef794db4d1 Fix syntax error in selinux-fixfiles-restore
Seeing this at the end of the tripleo overcloud full build:
99-selinux-fixfiles-restore: line 69: [: too many arguments

Change-Id: I8fb10f3d3d38723b41190ae1898757e6df073945
2019-10-18 12:30:21 +01:00
Ian Wienand
a3e9e7f89e Drop vhdutil dependency, use qemu-img
The vhdutil utility is completely dead; the whole subsystem it relies
on was removed with [1] so it's not even vaguely possible to keep it
up-to-date.

I took the .raw images on a nb and used the qemu-img there (so Xenial)
and generated some VPC images; uploaded them to rackspace and the all
seemed to boot fine.  If there was a problem, maybe it's been fixed on
either the qemu or RAX side in the previous few years.

Thus swith to qemu-img to generate the vhd images too.

[1] https://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=5c883cf036cf5ab8b1b79390549e2475f7a568dd

Change-Id: I3099d2ebb958370fcec623087a093b2c8dbdc6c4
2019-10-16 16:23:25 +11:00
Jeremy Stanley
3919563e58 Add security suite name override in debian-minimal
Add option to set the suite subpath after the release name for the
security mirror URL independently in the debian-minimal element,
since this can differ between mirrors.

Change-Id: I4cc8f54fba012986423e30e19bff276208b8ad62
2019-10-15 21:20:02 +00:00
Zuul
1e08be004b Merge "centos7; use numeric DIB_RELEASE" 2019-10-14 21:31:49 +00:00
Ian Wienand
9f688f53da centos7; use numeric DIB_RELEASE
With the introduction of centos 8 we have constructs like

 if [[ $DISTRO =~ (centos|fedora) && $DIB_RELEASE -ge 8 ]]

This is intended to match the "centos7" element (from the =~) but it
was missed that this is setting the DIB_RELEASE to "GenericCloud".

I think it makes more sense for this to be a numeric release, and
makes constructs like above work.  There really isn't any other type
of image to choose here; thus we move it into a new, centos7
specific variable.

Note that when the centos 8 images are available, we want to move to a
generic "centos" element that will handle both 7 and 8 together (same
as rhel) based on DIB_RELEASE and deprecate centos7; this works with
that environment too.

Change-Id: I2e6b7848070d6452c0563e2a122447627c6e6bf7
2019-10-14 14:34:36 +11:00
Clark Boylan
d1e49214ce Remove RA solicit delay
It turns out that this breaks ipv6 config with NM. Instead what we want
is for glean to not up interfaces on boot (see the depends-on).

Change-Id: I6c5bc76c433e29f02d3266ab8f669015125ec954
Depends-On: https://review.opendev.org/#/c/688031
2019-10-11 15:29:32 -07:00
Ian Wienand
5b5385cf84 CentOS 8 minimal testing and support
This adds CentOS 8 into functional and boot tests.

This completes centos-minimal support, documentation is updated and a
release note is added.

Change-Id: I435c2967b4f49faeb6d6edf189907b9f96e80357
2019-10-08 00:17:14 +02:00
Ian Wienand
85a4ec2b2d Add NetworkManager and dhcp-client for CentOS 8
As described inline, NetworkManager and dhcp-client make up the basic
networking for centos 8 installs; bring them into the base image.

Although in infra we then use simple-init, some other users find this
helpful.

Change-Id: Ib9f32e73bf9109cc1b659fe1deceb1a15301ffeb
2019-10-07 10:47:09 +00:00
Ian Wienand
314b11b6dd Fix networking for CentOS 8
By default network-scripts package isn't installed, so the directories
for these files don't exist either.  Skip by default for Centos 8.

Change-Id: I194ec3735e17f27e586386541dc51f775b01e510
2019-10-07 10:47:09 +00:00
Ian Wienand
643415f366 simple-init: Use wrappers to call pip for glean install
Use the wrapper calls from Ia267a60eecfa8f4071dd477d86daebe07e9a7e38
to install glean.

Using this wrapper means we cover all cases without more and more
branches; it should work for python2, python3 and also the special
case of RHEL/CentOS where dib-python points to the special
/usr/libexec/platform-python (which is python3.6 with inbuilt pip)

Change-Id: If624e8bb66ce0761fc0d5f34c2bed8b93a7daeee
2019-10-07 10:47:09 +00:00
Ian Wienand
cbe1a0fc6b simple-init: default to NetworkManager for CentOS and Fedora
NetworkManager with simple-init has proven to be stable in OpenStack
infra, switch to it by default for CentOS and Fedora.  For CentOS 8
and Fedora, add a check to make it the only option.  Thus only CenOS 7
remains optionally using the legacy scripts; this is likely not used
anywhere (infra is really the primary user, where NetworkManager is
already used); we can likely remove this variable (and hence path) in
a future cleanup.

In the setup, remove rhel7 element which was never really tested.
Reorganise the fallthrough to call out the default paths as doing
nothing.

Change-Id: Ic996956da4b85f7d95179b8df9881d5f52c091af
2019-10-07 10:46:57 +00:00
Zuul
027092d407 Merge "pip-and-virtualenv : deprecate source for CentOS 8, new variables" 2019-10-05 05:53:36 +00:00
Zuul
dd1fa4f8c2 Merge "yum-minimal: Don't install yum, install libcurl" 2019-10-05 02:59:20 +00:00
Zuul
132bfb086e Merge "Use $YUM instead of direct calls in more places" 2019-10-05 02:59:19 +00:00
Zuul
a33c643e43 Merge "Add environment switch for centos8 to use dnf" 2019-10-05 00:18:16 +00:00
Zuul
cec04b2d55 Merge "Update redhat-common pkg-map for centos 8" 2019-10-04 10:16:39 +00:00
Zuul
71f4e370f4 Merge "Add security mirror override for debian-minimal" 2019-10-04 08:46:22 +00:00
Andrei Nistor
0e5e358063 bootloader: make serial console configurable
Currently, the serial console is hardcoded to ttyS0 in the bootloader
element.  This is a challenge for users that want to build images for
some baremetal servers. Supermicro servers, for example, use ttyS1 for
the serial over lan interface.

This patch adds a new environment variable DIB_BOOTLOADER_SERIAL_CONSOLE
that can be set to override the default.

Change-Id: Ie8173be8690ac0b7164ce9e5b66d3c1c18f844d6
2019-10-03 21:49:53 +00:00
Jeremy Stanley
9b201b58b9 Add security mirror override for debian-minimal
Add option to set the security mirror URL independently in the
debian-minimal element, since this can not be overriden by the
standard DIB_DISTRIBUTION_MIRROR variable.

Change-Id: I145844a410d06a479e68db1bf6d5d0159389305c
2019-10-03 13:49:47 +10:00
Ian Wienand
18215274d8 pip-and-virtualenv : deprecate source for CentOS 8, new variables
As described inline, deprecate the "source" install for CentOS 8.
Overwriting the packaged tools has long been a pain-point in our
images, and the best outcome is just not to play the game [1].

However, the landscape remains complicated.  For example, RHEL/CentOS
8 introduces the separate "platform-python" binary, which seems like
the right tool to install platform tools like "glean" (simple-init)
with.  However, platform-python doesn't have virtualenv (only the
inbuilt venv).

So that every element doesn't have to hard-code in workarounds for
these various layouts, create two new variables DIB_PYTHON_PIP and
DIB_PYTHON_VIRTUALENV to just "do the right thing".  If you need is
"install a pip package" or "create a virtualenv" this should work on
all the platforms we support.  If you know more specifically what you
want (e.g. must be a python3 virtualenv) then nothing stops elements
calling that directly (e.g. python3 -m virtualenv create); these are
just helper wrappers for base elements that need to be broadly
compatible.

[1] http://lists.openstack.org/pipermail/openstack-infra/2019-September/006483.html

Change-Id: Ia267a60eecfa8f4071dd477d86daebe07e9a7e38
2019-10-03 00:22:18 +00:00
Ian Wienand
5f3b7cd7b7 yum-minimal: Don't install yum, install libcurl
Don't install the "yum" package, which is a backwards compat around
dnf.  With 687003f we should not need the backwards compat links any
more.

Add libcurl to avoid conficts with in the curl "-minimal" packages
that happens on CentOS 8.  But skip it on Fedora, because it seems to
create more problems there (not going to pretend it isn't all a
hack ... but it seems to work).

Change-Id: I1de2703eb5075a0a22837b6898bd8eb960d080dd
2019-10-03 00:22:18 +00:00
Ian Wienand
b57714af75 Use $YUM instead of direct calls in more places
A few places we either assume centos uses "yum" directly, or have
switching based on the distro type.

In both cases, we can use ${YUM} directly to avoid ambiguity

Change-Id: I71095a9bd1862f8956b5982fbbb3e1d213926c14
2019-10-03 00:22:18 +00:00
Ian Wienand
ddb2811255 Add environment switch for centos8 to use dnf
Set YUM to dnf for Centos 8; this matches similar done in
fedora-minimal.

Change-Id: I2b2c41a73e468fe9045ee5b7b812da66f20d8584
2019-10-03 00:22:18 +00:00
Ian Wienand
84cf2e1b82 Update redhat-common pkg-map for centos 8
The libselinux packages etc don't exist for Python 2 on Centos 8 [1].
Ensure the package map installs the python3 versions.

We could probably invert the logic now, and make it so Centos 7 is the
"special" version that overrides things to install python2.  Left
alone for now to avoid changing too much at once.

[1] https://bugs.centos.org/view.php?id=16458

Change-Id: I944cf4f2902c28728aa5bb9e2a00b3eef122d52e
2019-10-03 00:22:18 +00:00
Ian Wienand
1176a45525 Update locales for Centos 8
CentOS 8 has the "new" split-up locales packages.  Fedora 24 is now
long gone, so take out the old branch and apply the lang package
install to Centos 8 as well.

The manual locale cleanup is not necessary on Centos 8; skip it.

Change-Id: Ib65fc15fe471348793fd6efb034517f11abd905e
2019-10-03 00:22:18 +00:00
Ian Wienand
0e230642c5 dib-python : handle centos 8
Match on centos 8 and use the inbuilt system python like on RHEL

Change-Id: I81d94481422b4982777160f736dcf463e2fc45d0
2019-10-03 00:22:18 +00:00
Ian Wienand
3bc89edd32 yum-minimal : update mirrors for Centos 8
The repo format has slightly changed for CentOS 8 (s/os/baseos/).

Make the chroot builder look for a more specific repos.d directory
first named for the distro variable, then fall back to to top-level
dir (this avoids having to constantly change fedora).

Update the gate mirror setup and roles for new Centos 8 paths too.

Change-Id: I5b7f0c3624cac1d7aa7ed8bf6286b85d808b9c9a
2019-10-03 00:22:05 +00:00
Ian Wienand
456b6cf394 Remove "failovermethod=priority" for Fedora (dnf)
This is no longer a valid option for dnf, and it puts out a lot of
warnings constantly about the invalid entry [1].  Remove it.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1653831

Change-Id: Iba0585cab3e5e78e9324196f276b2341e7bb9e3c
2019-10-01 06:01:15 +00:00
Ian Wienand
a77a214339 Install Python 3 libselinux packages for Fedora
Install the Python 3 libselinux packages for Fedora platforms.  I
think this is the right choice; Fedora is a Python-3 only distro so we
shouldn't default to installing the python2 libraries.

This has a practical effect if you're using Ansible with
ansible_python_interpreter=/usr/bin/python3 as it needs these
packages.

There is some small chance of breakage if you're using Ansible still
with Python 2, I guess.  In infra I notice we bring this in with
"zuul-worker" project-config element.  On balance, I think that if you
need the Python 2 packages for some reason, it should be a special
install and not part of redhat-common.

Change-Id: Ibcec0b3660d01b861838c2ae87ca43d98953ce32
2019-09-20 17:33:38 +10:00
Logan V
c7e907794c Ensure machine-id is not included in images
Two bugs are addressed.

1) The sysprep element was broken in that it only truncates
   /etc/machine-id, but not /var/lib/dbus/machine-id. systemd will
   not generate a new machine-id if /var/lib/dbus/machine-id is
   present[1], it will simply copy it to /etc/machine-id.

   We observed machine-ids being packaged in /var/lib/dbus/machine-id
   on several distros: Ubuntu Bionic, Fedora 29, Debian Stretch.

   CentOS 7 and Ubuntu Xenial do not contain packaged machine-id as
   far as I can tell.

   All test builds were performed using -minimal elements.

2) A second bug existed where debian-minimal did not run the sysprep
   element at all, so a stretch image I tested contained a populated
   /etc/machine-id AND a populated /var/lib/dbus/machine-id.

[1] https://www.freedesktop.org/software/systemd/man/machine-id.html#Initialization

Change-Id: Ibb28b6e90d966a845de38a2cd5a1e8babd2604bc
2019-09-20 03:17:50 +00:00
Bob Fournier
8cab82bf9d Use x86 architeture specific grub2 packages for RHEL
Similar to https://review.opendev.org/#/c/663693/, the x64 packages
should be used for x86 architectures.

Change-Id: I5e8a4d58e96d65eb60fc539b8a1d56853b12faac
Closes-Bug: 1843820
2019-09-12 15:06:17 -04:00
Zuul
b94588c862 Merge "Do not delete cracklib from /usr/share" 2019-09-06 10:25:33 +00:00
Zuul
48edd472e7 Merge "Allow configurable gzip binary name" 2019-09-06 09:47:06 +00:00
Zuul
11a5a86758 Merge "Uninstall linux-firmware and linux-firmware-whence" 2019-09-06 08:43:47 +00:00
Carlos Goncalves
f909000e5a Uninstall linux-firmware and linux-firmware-whence
linux-firmware and linux-firmware-whence (meta package for mostly iwl
firmwares) packages account for approx. 289 M install size on a F30
system, and linux-firmware for approx. 176 M on CentOS 7. Users needing
these firmwares are eventually baremetal users and are not looking for a
very minimal operating system base install like virtual image users are.
Thus, a non-minimal OS element is better suited for them. Alternatively,
it could be later considered a dedicated firmware element.

This is inline with I8ce65e1d357d15e8ed8995ad1dcaea02bbd1986f.

Change-Id: If104fc3c1e9349b8d501a2351fff1ab4c0dbc6a4
2019-09-06 15:32:51 +10:00
Dirk Mueller
d40c87876a Rename openSUSE 15.1 testing to 15
This is consistent with the previous simplication of
build targets in the opendev environment to refer to
"opensuse15" being the alias of "latest stable openSUSE Leap 15.x".

Change-Id: I904a3ca0d6dbddd2bb1a673836ab6a0ad249526d
2019-08-30 22:44:40 +02:00
Logan V
d9e85efd7c Allow configurable gzip binary name
Add a new environment variable $DIB_GZIP_BIN allowing builders to
specify a different gzip (such as pigz) to be used when compressing
tgz images.

Change-Id: Ifb617568140a149e2fda241e07ff8a59429e6697
2019-08-30 17:46:20 +02:00
Logan V
b98d482d5f Do not delete cracklib from /usr/share
We have an application breaking because /usr/share/cracklib is being
deleted from the image. The application installs its dependencies,
including cracklib, but since yum shows that cracklib is already
installed, it does not reinstall it.

Change-Id: Id6fccf76c706dbc6c2124abcfd12c1f10cef5e09
2019-08-30 15:11:26 +02:00
Zuul
9ef7f73b6a Merge "Allow extra repositories to be added to images" 2019-08-30 07:02:46 +00:00
Zuul
3e0d61ac9a Merge "Fedora 30 functional and boot tests" 2019-08-30 06:27:36 +00:00
Zuul
f4698b5864 Merge "rpm-distro: ensure we selinux relabel underlying directories" 2019-08-30 04:31:00 +00:00
Zuul
064f93acd8 Merge "yum-minimal: install fedora-release-cloud" 2019-08-30 04:24:00 +00:00
Ian Wienand
a5a6482ac1 Fedora 30 functional and boot tests
Update testing for Fedora 30

Change-Id: If60eb0b87e45efc0e71db2ddcd814223539f07b7
2019-08-28 11:21:46 +10:00
Zuul
76b09c845c Merge "zypper-minimal: Don't get confused by etc/resolv.conf symlink" 2019-08-21 20:43:08 +00:00
Dirk Mueller
6c23b97f4a zypper-minimal: Don't get confused by etc/resolv.conf symlink
Newer openSUSE distributions install an absolute link to /run/netconfig
as /etc/resolv.conf in $TARGET_ROOT. as that points outside
TARGET_ROOT, we unintentionally wipe the system resolv.conf here
and break our ability to finish building the image.

Change-Id: I9d5aaa9fad2f81dcabfe19e2f1e6b6e50af597d7
2019-08-21 19:57:25 +02:00
Zuul
3b2b87dde1 Merge "block-device-efi : expand disk size calculation" 2019-08-21 02:30:32 +00:00
Zuul
8690579efc Merge "dracut-regenerate: catch failures and exit code" 2019-08-21 01:48:10 +00:00
Zuul
3de4b71b9e Merge "update gentoo systemd profile to 17.1 from 17.0" 2019-08-20 21:21:24 +00:00
Ian Wienand
aee4fc0d35 simple-init: add configurable RA timeout with network-manager
This is a follow-on to I475a253091cbaf63687b91c748c31a6753bb0f57 as we
are still seeing issues on some clouds with unconfigured networking.

We increase the timeout, but also make it configurable so we can
fiddle it without a dib release in the gate.

To follow-on from the experimentation done by clarkb, I can confirm by
emperical testing on a Centos 7 image (from today, today being this
change's date) that setting

 net.ipv6.conf.all.autoconf=0

by itself is "fatal" and the interfaces do not come up; i.e. nm does
not by default seem to re-enable ipv6 for the interface.  However,
explicitly adding:

 IPV6INIT=yes
 IPV6_AUTOCONF=yes

to the interface file *does* seem to make it work, even if
"all.autoconf=0" is set (then again, there's also bugs about the
effect of this [1]).  However, no extant distribution (I can currently
find) does anything like this by default.

If this continues, this may be an option.  Another might be to avoid
the use of the nm-settings-ifcfg-rh profiles and move directly to nm
ini files with glean.

[1] https://bugzilla.kernel.org/show_bug.cgi?id=11655

Change-Id: I869ebffc8cde3bbff573f6583fd9dd02a5598590
2019-08-20 17:07:17 +10:00
Matthew Thode
9755c4f9a2
update gentoo systemd profile to 17.1 from 17.0
Upstream is now publishing 17.1 profile systemd stages

Also updates the docs that were forgotten in the last patch

Change-Id: I0f2e7976845b1d3c55ffe8869eec0bc04a191252
2019-08-19 15:13:09 -05:00
Ian Wienand
f23318d579 rpm-distro: ensure we selinux relabel underlying directories
As described inline, we need to ensure the underlying directories in
the image are correctly labeled, or we get all manner of services
failing during boot with selinux in enforcing mode.  Although the
problem is generic, this first shows up in Fedora 30 as systemd has
become more strict about namespace failures (I think) [1].

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1663040#c22

Change-Id: I52c1cc719884879169b606b00651aa26f5b783f1
2019-08-16 15:44:55 +10:00
Carlos Goncalves
9eb175e440 Allow extra repositories to be added to images
This patch adds option DIB_YUM_MINIMAL_EXTRA_REPOS to yum-minimal to
allow DIB users to include extra repositories to their final image.

Change-Id: I89549f4b0f4c9470143b5064817acab5043e31c5
2019-08-15 16:20:21 +02:00
Ian Wienand
efa3f3675a yum-minimal: install fedora-release-cloud
Something (possibly [1], but that change is at best cryptic) has
changed such that we don't get correct /etc/os-release files
installed.  This flows on to grub half-installing itself, enough to
not fail the build but not enough to make something bootable.

Installing the -cloud release package gets it back, and seems like a
sane choice for dib.

[1] 617b1bed34

Change-Id: Iff0413887fad798273b2bfcb140cc07f36d54a04
2019-08-15 15:56:13 +10:00
Ian Wienand
5492843aa8 block-device-efi : expand disk size calculation
As noted in the change, 7fd52ba841
increased the size of the EFI partition considerably.  This has meant
that our padding upwards of the disk size is insufficient and EFI
builds (arm64 in particular) is failing due to out-of-disk errors
during final image operations like installing kernels.

Similar to the discussion we had in
I65fa13a088eecdfe61636678578577ea2cfb3c0c, this feels a bit ugly
because we're mixing logic here with sizes specified in block-device
config files.  But it boils down to the same problem; we are
calculating the disk size here and passing it to the block-layer, so
unless we want to make large changes to the status quo about where
these sizes are calculated, small adjustments here are the most KISS
solution.

Thus we check if we have selected the EFI bootloader element, and thus
assume there will be a large system EFI partition and expand the disk
size accordingly.

Change-Id: Ifa05366c2f2b95259f3312e4dde8c85347075ba1
2019-08-14 15:49:38 +10:00
Ian Wienand
c596fb7dbd Don't show all elements found
This debug statement lists every element found and its dependencies on
every build; it's just noise unless you're debugging the element
dependency solver itself.  Remove from output.

Change-Id: I9281b953d958a3fd5e20edbc560a341a2fcc3deb
2019-08-14 13:07:16 +10:00
Zuul
0c6a4dbd92 Merge "Fixes packages for arm64 bootloader" 2019-08-13 09:21:37 +00:00
Zuul
24e620ae6d Merge "Fix the pypi element for multiple mirror URLs" 2019-08-13 07:04:20 +00:00
Zuul
1af5e6010d Merge "Create /etc/machine-id for RHEL images" 2019-08-13 07:00:31 +00:00
Ian Wienand
bac8b4246e dracut-regenerate: catch failures and exit code
This seems to miss the exit code of the dracut process, which actualy
caused some issues in I8511669e188717494daf2bc1384a6dd346f942a4 where
it would have been much clearer to stop after the initramfs generation
failed.

Add some debug messages, and catch any errors from the final call.

Change-Id: I6f89441ec4709f5199535e15a7cc53a3a8af273d
2019-08-13 15:51:05 +10:00
Zuul
4131942356 Merge "Fixes DIB_DISTRIBUTION_MIRROR_UBUNTU_IGNORE matching when empty" 2019-08-12 13:22:44 +00:00
liyingjun
bf0d7ede55 Fixes packages for arm64 bootloader
Should install "grub2-efi-aa64 grub2-efi-aa64-modules" instead of
"grub2-efi grub2-efi-modules" for arm64

Change-Id: Iee3191b0944b3b862890d166a9d36bd592fe8f7e
Closes-bug: #1839816
2019-08-12 17:18:36 +08:00
Manuel Torrinha
a38ac762f1 Fixes DIB_DISTRIBUTION_MIRROR_UBUNTU_IGNORE matching when empty
- DIB_DISTRIBUTION_MIRROR_UBUNTU_IGNORE matches when it is empty or not
 set and DIB_DISTRIBUTION_MIRROR is being used. Checking for it being 
 set and not empty solves this.
 - Normalizing bash conditionals for readability

Closes-Bug: #1808359
Change-Id: I87853fcda4c8b29a3f1720a2778debeb3acc3a53
Signed-off-by: Manuel Torrinha <manuel.torrinha@tecnico.ulisboa.pt>
2019-08-09 10:26:48 +00:00
Michael Johnson
bac0fa3eb2 Fix the pypi element for multiple mirror URLs
The 'pypi' mirror element is generating invalid pip.conf files
when more than one "DIB_PYPI_MIRROR_URL" is specified.
This patch fixes the pip.conf file rendering to use a proper form
when there are multiple "extra_index_url" provided.

Closes-Bug: #1839558
Change-Id: Ibda0e7390955683560e09b486f636775643ff57c
2019-08-08 22:52:43 +00:00
Andreas Jaeger
9a145cf0d0 Stop regex warning
python 3.6 warns about regexes like:
DeprecationWarning: invalid escape sequence \+

I noticed that debugging a trove job and it really led me in the wrong
way. Fix this with making it a raw string.

Change-Id: I58ee1a49d62316c6c3f0588832c97f659f7e460b
2019-08-08 15:31:52 +02:00
Ian Wienand
1f2a874e8e Create /etc/machine-id for RHEL images
Per the inline comment, a machine-id is required for kernels to
install correctly (this may well be a bug, but the linked issue
remained inconclusive).

Add a call to make the machine-id before install packages.

Change-Id: If75d04376e62bfdfe14ee3ca4d0bd5c8b383c1b0
Redhat-Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1737355
2019-08-07 18:18:34 +10:00
Zuul
37909a0e81 Merge "Cleanup: remove useless statement" 2019-08-05 02:46:12 +00:00
Zuul
a0c6d16e1c Merge "journal-to-console: element to send systemd journal to console" 2019-08-05 02:00:15 +00:00
Zuul
f59ffcd9f3 Merge "fix comments / spelling errors in gentoo element" 2019-07-30 07:22:26 +00:00
Zuul
3d995645e6 Merge "update version of open-iscsi that is installed on musl" 2019-07-30 02:37:18 +00:00
Matthew Thode
559d2bcf3b
fix comments / spelling errors in gentoo element
Change-Id: I41d906a99470599da3cfac7aaa0350232ce79316
2019-07-29 08:54:16 -05:00
Matthew Thode
f1d7e902e3
support alternate portage directories
The 17.1 profile changed the defaults used in portage for where we store
our repo, distfiles and binpkgs.  Some portage related variables need to
be set deterministically.  17.1 is no enabled for Systemd's profile.

Change-Id: Ib55f6875c5cb461c3c530b51d7420ce3dc8da360
2019-07-26 19:30:01 -05:00
Ian Wienand
a5bd03ec6b journal-to-console: element to send systemd journal to console
This element configures systemd to send its journal to the console,
which can then be retreived by server commands.  In the case of
nodepool, if the image failed to boot the console will be dumped into
the logs when nodepool decides the node is not responding.  Having
this can be very helpful diagnosing early boot errors.

Needed-By: https://review.opendev.org/#/c/669787/
Change-Id: I6b6df7023acb6b2f967b84840bc4b542ebc03727
2019-07-25 11:24:49 +10:00
Matthew Thode
ed95b4eba1
update version of open-iscsi that is installed on musl
Newer versions of open-iscsi seem to compile on Gentoo / musl.  Use them
if we can.  This also removes the cap on open-iscsi.

Change-Id: I596cb61494e459a419bce6a63deff89f9e78fe23
2019-07-22 14:30:32 -05:00
Zuul
f35d29c356 Merge "ironic-agent: Use targetcli & python3-devel on rhel8" 2019-07-15 00:31:01 +00:00
Zuul
fc1709b0fb Merge "set default sources conf for buster as it now has a release" 2019-07-15 00:31:00 +00:00
Zuul
c7eb556098 Merge "disable autounmask for emerge" 2019-07-15 00:25:57 +00:00
Clark Boylan
abb6aed459 Only enable dbus-daemon on fedora-29
Previously we were trying to enable dbus-daemon service on all prior to
fedora 30. Unfortunately 28 and older don't have this service so this
broke those releases and only worked for 29. Fix this by only enabling
this service on fedora 29.

Change-Id: I1bd15dcf0bbe270afccb0c0c3ea6ad08862a53f1
2019-07-12 10:21:49 -07:00
Zuul
709c9e70c9 Merge "Set router solicitation delay with using NM" 2019-07-10 19:14:00 +00:00
Clark Boylan
5b5b78bf59 Set router solicitation delay with using NM
The linux kernel and NetworkManager fight each other over control for
interface management when router advertisements are in use. Long story
short if the linux kernel configures a network interface for ipv6
before NetworkManager attempts to manage that interface then NM will
ignore the interface and not configure ipv4 on it.

This can happen because the kernel is configured to send router
advertisements solicitations which result in router advertisements which
the kernel uses to configure the interface(s). There is a default of a 1
second delay before sending the solicitation which in many cases is long
enough that NM has started before then. However, in slower environments
like those used for testing with qemu this isn't long enough.

Some testing by hand indicates that 15 seconds is about right so
increase the delay to 15 seconds via sysctl.conf.

Note this may increase boot times in ipv6 only environments (though it
is hard to be sure due to how systemd starts everything at once and does
socket activation and the like).

Change-Id: I475a253091cbaf63687b91c748c31a6753bb0f57
2019-07-10 08:33:17 -07:00
Chandan Kumar (raukadah)
08caa8034d [RHEL-8] Set _clear_old_files=0 in install-pip element
When virtualenv and setuptools gots installed from source and rpm
then their installation path lives at different places but when
the python script got called then that time it choses either of
rpm or source based path on system wide installation and leads to
different failure as their methods are not implemeted.

So by setting _clear_old_files to 0 will install
python3-virtualenv python3-pip python3-setuptools from rpms only
and avoid these failures.

Change-Id: I0c162f1fe8168513e352546ab8dd2b68fa65b88c
Signed-off-by: Chandan Kumar (raukadah) <chkumar@redhat.com>
2019-07-08 19:50:25 +05:30
Matthew Thode
de94e07a86
disable autounmask for emerge
autounmask=y (default) changes portage depsolving, causing errors
(mostly often seen in perl and binpkg related issues).

Disabling this functionality for DIB builds is OK as the enviroment is
not passed on post build and the build process is not interactive
anyway.

Change-Id: Ife9ace246bec16864ee4982bc456763af5dff2e8
Signed-off-by: Matthew Thode <mthode@mthode.org>
2019-07-05 12:41:51 -05:00
Lon Hohberger
92f87d0d0a ironic-agent: Use targetcli & python3-devel on rhel8
Change-Id: I2e596f5c3dc23b21441a4eb61c773725ebd25d34
Signed-off-by: Lon Hohberger <lhh@redhat.com>
2019-07-02 21:39:13 -04:00
Matthew Thode
d8f796e153
install gnupg2 by default in debian-minimal
debian-minimal depends on debootstrap which depends on dpkg

This needs to be installed early as dpkg installs the apt keys early via
02-add-apt-keys in pre-install.d

Change-Id: I8580849ceaa7a5152c94f29afa890ac6d6983fb1
2019-07-01 14:28:01 -05:00
Matthew Thode
03933b3ab7
set default sources conf for buster as it now has a release
Change-Id: Ica014a1a267b55e2f29a0c333213e0a4c897108b
2019-07-01 13:59:14 -05:00
Maksim Malchuk
32dd3305d2 Cleanup: remove useless statement
This change removes useless statement accidentally added in the
06576a02f0

Change-Id: I7ea4a24d8c72c9e72f5f87247403af0f9bf69b40
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>
2019-07-01 10:28:12 +03:00
Zuul
091a4e2c6e Merge "debootstrap: make default network interface names configurable" 2019-06-28 06:30:46 +00:00
Zuul
2c5fc5f8f9 Merge "Enable nodepool testing for opensuse 15.1" 2019-06-28 06:26:58 +00:00
Dirk Mueller
97444ad92e Enable nodepool testing for opensuse 15.1
There are several jobs depending on working opensuse 15.1
images in nodepool, so it makes sense to ensure its working.
Also upgrade the previously marked experimental opensuse-15.0
job as it tests the xenial->opensuse combination, which is
particularly difficult to keep working and we'll need it in
the CI.

Change-Id: Icb6d998756ce5221e017959dcb59b21f0f023454
2019-06-27 19:59:45 +02:00
Zuul
f27a0dfc26 Merge "Add DIB_UBUNTU_KERNEL to ubuntu-minimal" 2019-06-25 22:48:50 +00:00
Michael Johnson
e433aebf7d Add DIB_UBUNTU_KERNEL to ubuntu-minimal
This patch adds a new environment variable to the ubuntu-minimal
element called DIB_UBUNTU_KERNEL that allows you to specify the kernel
meta package that will be using to install the kernel inside the image.
It supports "linux-image-generic" (The default), "linux-image-kvm", and
"linux-image-virtual".
This allows building images that are smaller in size (~200MB smaller
qcow2) that have only the kernel modules necessary for virtual
machines.

Change-Id: I8ce65e1d357d15e8ed8995ad1dcaea02bbd1986f
2019-06-20 10:18:23 -07:00
jacky06
8dd7ca720f Sync Sphinx requirement
1. Sync sphinx dependency with global requirements. It caps python 2 since
sphinx 2.0 no longer supports Python 2.7.
2. Update some URLs to latest
3. Remove the unnecessary space

Change-Id: I5464be9e055feecd80918f691448acf5f100e701
2019-06-18 23:29:52 +08:00
Zuul
4afcba1fea Merge "Move pypi to dib-python" 2019-06-18 06:49:37 +00:00
Zuul
e281c4dae9 Merge "Use architecture-specific grub2 RPMs on RHEL8" 2019-06-18 06:49:35 +00:00
Zuul
c46f8714e3 Merge "Remove the rhel 8 check for xfs" 2019-06-18 06:49:34 +00:00
Zuul
fe618002ff Merge "Update test coverage for openSUSE/-minimal to 15.1" 2019-06-18 06:21:21 +00:00
Dirk Mueller
a81cf9e231 Update test coverage for openSUSE/-minimal to 15.1
Use openSUSE 15.1 as default, which is the latest released stable
openSUSE release.

Remove leftovers for unmaintained openSUSE 42.2 images.

Depends-On: https://review.opendev.org/#/c/660126/
Change-Id: I0b204b7b3d7ae74b6749320b3bfe1ca89d154ebb
2019-06-13 09:20:40 +02:00
Michael Johnson
5f4b764a11 Remove the rhel 8 check for xfs
This patch removes the check and default for rhel 8 requiring
xfs filesystem as rhel 8 images can successfully be built with
ext4 filesystems.

Change-Id: I1a6bfa26324fd43ae0c77c2c977dda0dd56e26e5
2019-06-12 07:01:36 -07:00
Andreas Florath
05af0fc863 debootstrap: make default network interface names configurable
Nowadays, in the time of Predictable Network Interface Names, the
network interface names 'ethX' are not used that often any more.
Depending on the virtualization layer and the guest OS names like
'ens3', 'enp1s0' or 'enp0s31f6' are used.
This patch enables the user to set DIB_NETWORK_INTERFACE_NAMES to a
list of network interfaces which are brought up using DHCP during
(first) boot.

Change-Id: I04cc2ee710f0389a8085b1c91d9329784cb28048
Signed-off-by: Andreas Florath <Andreas.Florath@telekom.de>
2019-06-12 13:53:38 +00:00
Maksim Malchuk
ea9ab89829 Move pypi to dib-python
The latest Fedora/Ubuntu images don't ship python2 by default, so we
need to use our dib-python wrapper for this so we work in python3 only
environments.

This change also correctly creates the pip.conf and .pydistutils.cfg
files with trusted host extracted from the index-url.

Related-bug: 1577105

Change-Id: Ibb5348af3e3bbe46b19affe90a8930a4b4ad4cad
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>
2019-06-10 20:43:09 +03:00
Dmitry Tantsur
928c6e61f0 ironic-agent: install mdadm on the ramdisk
The newly introduced software RAID support requires it.

Change-Id: Ic438865006f1472abc0c9f4d40cc40c91b4ada71
2019-06-07 14:05:41 +02:00
Lon Hohberger
0cf0942068 Use architecture-specific grub2 RPMs on RHEL8
RHEL8 ships a bunch of grub2-efi-X-modules in its main
repository, each of which provides grub2-efi-modules,
potentially causing nondeterminism when building images.

This changes the DIB elements to always use architecture-
specific RPMs when RHEL8 is selected.

Change-Id: If94f3721195d5ecd80036e4234a3ca223a19c349
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1716672
2019-06-06 10:50:51 -04:00
Zuul
7f469e3e83 Merge "Increase size of EFI system partition (again)" 2019-05-31 09:05:17 +00:00
Zuul
d323928af0 Merge "Makes image caching more resilient" 2019-05-31 08:54:31 +00:00
Zuul
d6f43865ed Merge "fail early when lates build information can not be fetched" 2019-05-31 08:45:50 +00:00
Zuul
21676bd350 Merge "Add option to skip update packages" 2019-05-31 08:13:38 +00:00
Zuul
49930da885 Merge "Deprecate rhel7 in favor of rhel" 2019-05-31 08:01:13 +00:00
Zuul
4367dd2dd3 Merge "Add version-less RHEL element for RHEL7 and RHEL8" 2019-05-31 07:56:50 +00:00
Pierre Riteau
7fd52ba841 Increase size of EFI system partition (again)
When I said in I8594d1fe05242f246a5809740a115ab2f84ac5a3 that 12 MiB
ought to be enough, I should have expected that I would be proven wrong.
While 12 MiB is enough to fit shim-x64 and grub2-efi-x64, yum fails to
update these packages to newer versions:

Transaction check error:
  installing package shim-x64-15-2.el7.centos.x86_64 needs 7MB on the /boot/efi filesystem
  installing package grub2-efi-x64-1:2.02-0.76.el7.centos.1.x86_64 needs 3MB on the /boot/efi filesystem

Error Summary
-------------
Disk Requirements:
  At least 7MB more space needed on the /boot/efi filesystem.

It is recommended that the ESP partition be much bigger. This commit
bumps its size to 550MiB, following guidelines from Rod Smith to avoid
incompatibilities with some EFIs [1].

[1] https://www.rodsbooks.com/efi-bootloaders/principles.html

Change-Id: If9515234f1a803cda32b2482f8abe10ddf0e6d26
2019-05-31 17:10:08 +10:00
Sorin Sbarnea
fb656718fb Makes image caching more resilient
Avoids failing on the first attempt to download the image to cache as
mirrors hosting them can randomly go down, usually with a connection
refused.

Change-Id: I9de9f33c2cc16596d04b35c4eb92621e6a2c7511
2019-05-31 16:31:43 +10:00
Dirk Mueller
421a0fa541 fail early when lates build information can not be fetched
When the mirror returns a error, it was trying to interpret the error
message (e.g. <html><title>Internal server error..) as a download link.
By using -f on curl we get an empty reply and an exit code, which, as
we run in set -e mode, aborts.

Change-Id: Ibaa39aedb7db286f859c4b090114c6a233b150c7
2019-05-31 16:09:25 +10:00
Zuul
ed6dfd87e5 Merge "allow the use of non-bzip compressed stages for building gentoo" 2019-05-31 04:42:07 +00:00
Nir Magnezi
433a374748 Deprecate rhel7 in favor of rhel
The rhel7 element is deprecated and is left only for backward
compatibility.
The rhel element should be used instead. Users should set DIB_RELEASE to
'7' to indicate which release you are using.

The new element is a version-less RHEL element to handle both '7'
and '8' DIB_RELEASE, which aligns with other elements which operate in
the same way such as the Fedora element.

Change-Id: Ic39ed85cacae9942448eb18ad685763f9369c2ed
2019-05-29 12:07:44 +00:00
Nir Magnezi
ee46e2f9b7 Add version-less RHEL element for RHEL7 and RHEL8
Make a version-less RHEL element to handle both '7' and '8' DIB_RELEASE.
The element usage should align with other elements which operate in the
same way such as the Fedora element.

Additionally, this patch adds support for RHEL8 that operates with
Python 3.
As of now, users of diskimage-builder will still be able to use the
'rhel7' element, or migrate to 'rhel' and specify their respective
DIB_RELEASE value.

* mount the xfs file-system for extraction as read-only.  vaguely
  based on explaination in [1] and the fact we only read the image
  data into a tar, so can ignore this.

    XFS (dm-1): Superblock has unknown read-only compatible features (0x4) enabled.

* Use the redhat system python as the dib-python version.  dib was
  ahead of it's time making an abstracted python interpreter for
  system work ;) the system python should work for running the various
  dib element scripts.

[1] https://unix.stackexchange.com/questions/247550/unmountable-xfs-filesystem

Redhat-Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1700253
Co-Authored-By: Ian Wienand <iwienand@redhat.com>
Change-Id: I90540675c70bb475d9db2ae24f81c648a31f3f95
2019-05-29 11:28:53 +03:00
Matthew Thode
afcac1922c
allow the use of non-bzip compressed stages for building gentoo
Upstream is switching to xz so we need to be able to support it.

Change-Id: I382cc3e8038e2e552c553c526a990a01e51aeb12
2019-05-24 09:32:57 -05:00
Zuul
c47a9d5001 Merge "Replace git.openstack.org URLs with opendev.org URLs" 2019-05-24 08:03:47 +00:00
melissaml
a6322c6ed0 Replace git.openstack.org URLs with opendev.org URLs
Change-Id: I03e9162d5a59a2aa1631a9ecf6f6833bb7ac6050
2019-05-16 14:45:52 +08:00
Zuul
3d3ba26edd Merge "Use megabyte granularity for image extra space" 2019-05-15 06:51:10 +00:00
Logan V
87a18f51e3 Use megabyte granularity for image extra space
I want to use the new --image-extra-size flag[1] but my use-case
calls for megabyte granularity of this value. Rather than adding
60% to an 800MB image, maybe I only want to add 100 or 200MB, etc.

[1] https://review.opendev.org/#/c/655127/

Change-Id: I8fb9685d60ebb1260d5efcf03c5c23c561c24384
2019-05-15 13:38:25 +10:00
Dirk Mueller
c7ac6ee0cb Update test coverage for openSUSE/-minimal to 15.0
Use openSUSE 15.0 as default, which is the latest released stable
openSUSE release. Switch to https for accessing download.o.org
as encrypted transfers should be used by default.

Remove leftovers for definitely unmaintained openSUSE 13.x images
and split into old/new leap style versioning scheme for clarity.

Change-Id: Iab129eeee2b1a2563f0f0d2cb17bbad57c068e38
2019-05-08 14:59:51 +00:00
Zuul
4665e79245 Merge "openssh-server: harden sshd config" 2019-05-07 19:35:42 +00:00
Paul Belanger
5d60979e93 Use fedora-release-common for fedora 30+
It looks like fedora-release on fedora 30+ has been split into sub
packages. Use fedora-release-common to avoid package conflicts.

Change-Id: I8f8711044fc4074b91939e0a6dfdac4d7a14a35b
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2019-05-07 12:08:50 +00:00
Zuul
fa34eb7fe4 Merge "Support defining the free space in the image" 2019-05-07 10:14:01 +00:00
Zuul
8bf37a064e Merge "Allow specification of filesystem journal size" 2019-05-07 10:14:00 +00:00
Zuul
8c8b856c27 Merge "Only enable dbus-daemon for fedora-29 and below" 2019-05-07 05:47:57 +00:00
Paul Belanger
38d7574127 Only enable dbus-daemon for fedora-29 and below
In fedora-30 is when we migrate to dbus-broker, fedora-29 is still using
dbus-daemon.

Change-Id: I1e1d3a3826157b8b22386c211eaa58b6439b5f3c
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2019-05-06 17:49:42 +10:00
Paul Belanger
daf5a4e4bd Switch simple-init to support python3
Depending on the version of $DIB_PYTHON_VERSION, we can either use pip /
pip3 to install glean.  This is helpful for newer OSes that might not
want to ship python2 (pip).

Change-Id: I25c5927a1eb55ee16b919dd64403184f335839b6
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2019-05-02 19:38:16 -04:00
Tristan Cacqueray
11ec95b779 openssh-server: harden sshd config
Harden sshd configuration by adding KexAlgorithms, Ciphers and MACs for sshd,
following good pratices on https://infosec.mozilla.org/guidelines/openssh

Change-Id: I3051320d867a5033e82deef10c5e723ca9829884
Co-Authored-By: Nicolas Hicher <nhicher@redhat.com>
2019-05-01 11:42:21 -04:00
Tobias Henkel
778d007150 Support defining the free space in the image
Currently diskimage-builder supports two ways to specify the image
size. One is defining a fixed image size using DIB_IMAGE_SIZE, the
other one is auto-detection while adding a security margin of 60% as
free space. This means when building larger images (e.g. >100GB) with
unknown size upfront we end up with much wasted space, IO and network
traffic when uploading the images to several cloud providers. This can
be optimized by adding a third way by defining DIB_IMAGE_EXTRA_SIZE to
specify the free space in GB. This makes it possible to easily build
images of varying sizes while still minimizing the overhead by keeping
the free space constant to e.g. 1GB.

Change-Id: I114c739d11d0cfe3b8d8abc6df5ff989edfb67f2
2019-04-29 20:18:43 +10:00
caoyuan
0329a6de5e Replace git.openstack.org URLs with opendev.org URLs
Change-Id: Iac5a9da62db84365a769ea07146281866215a9c5
2019-04-29 20:15:25 +10:00
Logan V
11142f75b4 Allow specification of filesystem journal size
In many cases, the statically sized 64MB journal is far below the
e2fstools default calculation[0] which calls for a 64MB journal only
on filesystems smaller than 16GB. On bare metal in particular, the
correct default journal size will often be in the 512MB-1GB range.

Since we cannot know what the target system is, this should be a
tunable parameter that the user can set depending on the intended
image usage.

Add a DIB_JOURNAL_SIZE envvar and --mkfs-journal-size parameter
to the image creation so users can override the default journal
size.

[0] https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/tree/lib/ext2fs/mkjournal.c#n333

Change-Id: I65fa13a088eecdfe61636678578577ea2cfb3c0c
2019-04-29 17:00:30 +10:00
Zuul
6a4bf78e0c Merge "Fix Fedora aarch64 image location" 2019-04-18 12:22:06 +00:00
Zuul
5b47dc3a5b Merge "debian-minimal buster support" 2019-04-18 08:32:47 +00:00
Zuul
2205741de6 Merge "Also use selinuxenabled to check selinux status" 2019-04-18 08:32:15 +00:00
Pedro Alvarez
f034dd00d9 Fix Fedora aarch64 image location
It used to be considered a 'secondary architecture' but that
is not the case anymore.

Change-Id: I8e5e9cfa915c8a3c979ff9db26477c0542d271db
2019-04-09 15:50:55 +00:00
Ian Wienand
105d201e1f debian-minimal buster support
Due to the referenced bug, many versions of debootstrap can't bring up
a buster environment.  Unfortunately, these include versions we use to
do this on Xenial/Bionic nodes.

Also, there isn't backports or security updates, so elide these for
now.

I did get a working build (I haven't gone so far as a full boot+glean)
with this, at least.

Change-Id: If2420e92cb728ab6e91b0d70547da4483679b391
Paritial-Bug: #1822927
2019-04-04 16:10:08 +11:00
Serena Ziviani
19cc00041a Also use selinuxenabled to check selinux status
Currently, the cleanup script is using the existence of the folder
/sys/fs/selinux to check if SELinux is enabled. This, however, is
misleading in case disk-image-builder is used inside a Docker
container on a selinux-enabled host. In this case, the folder exists
in the container but SELinux is disabled.

This patch addresses the problem by checking, in addition to the
check already in place, the output of the command selinuxenabled.

Change-Id: I83e58f2467e60df9f0f00f7b7a58d0e2ce357a9a
Closes-Bug: #1820077
2019-03-28 14:20:24 +01:00
Zuul
36b4bc87f9 Merge "Minor clarifications in centos7 element docs" 2019-03-28 03:50:52 +00:00
Ian Wienand
20c5c98426 Replace openstack.org git:// URLs with https://
This is a mechanically generated change to replace openstack.org
git:// URLs with https:// equivalents.

This is in aid of a planned future move of the git hosting
infrastructure to a self-hosted instance of gitea (https://gitea.io),
which does not support the git wire protocol at this stage.

This update should result in no functional change.

For more information see the thread at

 http://lists.openstack.org/pipermail/openstack-discuss/2019-March/003825.html

Change-Id: Id26bec14c3d94e2f81b2148fc85d17f07866398c
2019-03-22 01:35:42 +00:00
Daniel Abad
965d6f97aa Minor clarifications in centos7 element docs
Change-Id: I6aef77513efa37262269ca24b296acbdc823a039
2019-03-20 17:23:34 +01:00
Ian Wienand
5284564071 Unmount internal mounts on finalise errors
This is only one line, but it takes a lot to untangle ...  basically
the current "correct" path is:

---
 mk_build_dir()
  -> sets trap trap_cleanup EXIT

 ... stuff ..

 mount_proc_dev_sys
  -> mounts $TMP_MOUNT_PATH/<proc,dev.sysfs>

 pre-finalise.d
 finalise.d

 unmount_image $TMP_BUILD_DIR/mnt # nb == $TMP_MOUNT_PATH
  -> unmount_dir()
   -> recursive unmount everything inside TMP_MOUNT_PATH

 TMP_IMAGE_PATH=$(dib-block-device getval image-path)
 export TMP_IMAGE_PATH

 dib-block-device umount
 dib-block-device cleanup

 ... actually cleanup directories ...
---

Our current failure exit trap does:

---
 dib-block-device umount
 unmount_image
 ...
---

Note this is the *opposite* of what is done in the correct exit path.
In the failure case, if a script fails in the finalise stages it leads
to /proc, /sys, /dev etc. still being mounted inside the image; the
"dib-block-device umount" call doesn't know anything about these
mounts and tries to unmount the parent directory, and we get a hard
failure with a busy mount, and all the mounts are subsequently leaked.

Note that "unmount_dir", which is ultimately called by
"unmount_image", already knows to skip those mounts that
"dib-block-device umount" manages (this is the DIB_MOUNTPOINTS list).
This is further evidence it should be called *before* the
dib-block-device umount.

Change-Id: Ibef3ce9d1167b9c4ff3d5717b113cd3ed374f5e3
2019-03-13 16:38:49 +11:00
Zuul
bdfc13a5c0 Merge "[lvm] Add Ubuntu bionic as supported distro" 2019-03-11 09:19:49 +00:00
Zuul
186db05ffb Merge "Add DIB_APT_MINIMAL_CREATE_INTERFACES toggle" 2019-03-05 07:24:24 +00:00
Logan V
8756cbea1b Add DIB_APT_MINIMAL_CREATE_INTERFACES toggle
Add a DIB_APT_MINIMAL_CREATE_INTERFACES boolean to the debootstrap
element which functions identically to
DIB_YUM_MINIMAL_CREATE_INTERFACES in the yum-minimal element.

This can be used to disable the creation of the
/etc/network/interfaces.d/eth[01] dhcp configuration files, which
are not needed on systems where cloud-init or other means are used
to configure networking.

The flag is enabled by default to keep creating the dhcp interface
files, maintaining backwards compatibility.

Change-Id: I1fdaca8350a5ceefd9e437af4fd000ce6a3ee7f3
2019-03-05 16:27:57 +11:00
Gaëtan Trellu
bbde9bb320 [lvm] Add Ubuntu bionic as supported distro
The way how LVM is created on Ubuntu Xenial and Ubuntu Bionic
is the same.

Change-Id: I16d548f6393dd3cdfd5a9befa5c0ef0f6db92df1
2019-03-04 15:05:37 -05:00
Zuul
0f8d340c6c Merge "Update gentoo-releng gpg key" 2019-02-28 00:33:06 +00:00
Matthew Thode
b2cc91d276
Update gentoo-releng gpg key
A new signing subkey is used.

Change-Id: Idc9aceba7ee144fd0307737c24991acfacf68985
2019-02-27 15:18:25 -06:00
Zuul
703549412d Merge "update spelling errors" 2019-02-25 08:49:56 +00:00
Zuul
b2e2d121f0 Merge "set rhel minor release" 2019-02-25 08:11:56 +00:00
Noam Angel
8b83196024 Add option to skip update packages
in same cases it is required to avoid update all existing packages,
doing so can result in release update which is currently not possible
unless you not include "base" element.

"base" element used for most distribution (rhel, debain), and is
necessary for most cloud operations, this patch add 
"DIB_AVOID_PACKAGES_UPDATE" parameter to skip updating all packages.

usecases for this patch can be:
 * Avoid release update when building old release ex. RHEL7.5.
 * build on network-less environment.

usage:
DIB_AVOID_PACKAGES_UPDATE=1

or
DIB_AVOID_PACKAGES_UPDATE=0

Change-Id: I71192b23c8f0bc48b348fe7377bf8a2399b53792
2019-02-25 06:31:30 +00:00
Ian Wienand
37dff9738a Fix opensuse 42.3 pip-and-virtualenv
Related to I041a141366099093805e6052b1bbf64efd277e1e, we also need to
remove this on opensuse.  The files for gate testing are added, but
the test is not added to any jobs at this point in the interests of
gate time.

Change-Id: I1af9e84d76bedcb2607717edc6d2abe2920b0584
2019-02-25 15:37:17 +11:00
Quique Llorente
5b1844acf9 Keep git after ironic-agent post
New versions of pbr depends on git [1] and IPA depends on pbr [2] so
removing git will remove pbr, IPA and friends.

[1] https://src.fedoraproject.org/rpms/python-pbr/blob/master/f/python-pbr.spec#_64
[2] https://github.com/rdo-packages/ironic-python-agent-distgit/blob/rpm-master/openstack-ironic-python-agent.spec#L85

Closes-Bug: #1816017
Depends-On: https://review.openstack.org/637668
Change-Id: I97f6b593e88e1cb81cd4bb2d77787bc012fb8271
2019-02-19 16:32:22 +11:00
Noam Angel
802dc35a61 set rhel minor release
Change-Id: I52a38c16dbbbe9fa1d4d6b6daffde01f63f664e6
2019-02-10 14:59:41 +00:00
Zuul
25ba034a0e Merge "pip-and-virtualenv: handle centos image-based builds" 2019-02-07 07:54:23 +00:00
Ian Wienand
d0906ad473 pip-and-virtualenv: handle centos image-based builds
This fixes a regression in I041a141366099093805e6052b1bbf64efd277e1e
where we starting skipping the removal of old files for image-based
builds (confusingly named centos7 rather than centos for historical
reasons).  Fix the check

Change-Id: I74688a9e91d833b5d654056431729bed0585616c
2019-02-07 10:56:29 +11:00
Zuul
dd8bbd5c4f Merge "fix systemd import-tar for gentoo" 2019-02-04 02:15:09 +00:00
Zuul
46ac931513 Merge "pip-and-virtualenv : only remove system files on centos" 2019-02-02 01:38:48 +00:00
Ian Wienand
ea1735b6a2 pip-and-virtualenv : only remove system files on centos
As described inline, we only want to remove the system package files
on centos; it causes problems on Fedora where some system tools expect
these to be there.

But there is an additional bug -- pip actually removes the system
package files anyway.  To work around this, reinstall the system
package.

Closes-Bug: #1813232
Change-Id: I041a141366099093805e6052b1bbf64efd277e1e
2019-02-01 11:01:45 +11:00
Ian Wienand
7cb5916a76 Enable dbus-broker for Fedora 29
As described in the comments, it seems the transition between
dbus-daemon -> dbus-broker in Fedora 29 has made it so the packages
can get into a state where neither service is enabled.

Explicitly install and enable dbus-broker for F29

Change-Id: I06753043a75be2f635653899c6c251b9fbdd7c67
2019-01-31 18:08:37 +11:00
Matthew Thode
f4a1c7f89f
fix systemd import-tar for gentoo
use a newer version of systemd
Fixes https://review.openstack.org/#/c/608102

Change-Id: I23fd671adb893f3abd9fbc65382f2aec5a317c24
2019-01-27 18:16:51 -06:00
Zuul
379f1bdfc0 Merge "support cracklib in pam for Gentoo's musl profile" 2019-01-21 05:03:48 +00:00
Zuul
ad23eef69c Merge "Change phase to check for dracut-regenerate in iscsi-boot" 2019-01-18 09:57:14 +00:00
Matthew Thode
1bde2591ae
support cracklib in pam for Gentoo's musl profile
Needed for any musl build, is default in other profiles

Change-Id: Ib7cae9124f5846d33c05f26befd8f13646a08610
2019-01-15 09:47:46 -06:00
Michael Johnson
cfba9ea79d Make sure $TMP_BUILD_DIR/mnt is owned by root
The path $TMP_BUILD_DIR/mnt becomes the / inside the chroot during
the chroot phases of diskimage-builder. Previously this path was being
created using the account running diskimage-builder. This account may
not be valid inside the chroot. This causes path validation, when running
on a Ubuntu bionic host, to fail.
This patch chown's the $TMP_BUILD_DIR/mnt to root.root to make sure
that / is owned by a valid account inside the chroot.

Change-Id: Ifedc136baa67c7952942aed2c8cb1041902fef91
Closes-Bug: 1811113
2019-01-09 20:08:15 -08:00
Zuul
b0d41230e4 Merge "Delete the duplicate words in 50-zipl" 2019-01-10 00:17:53 +00:00
Zuul
8d3fa3a85c Merge "simple-init: allow for NetworkManager support" 2019-01-09 03:38:25 +00:00
Zuul
18c0c42c8d Merge "package-installs: provide for skip from env var" 2019-01-09 03:34:08 +00:00
Zuul
234f000e6b Merge "Update to Fedora 29" 2019-01-08 23:56:43 +00:00
Matthew Thode
cf786bb175
change to python36 for gentoo
fixes build issues since dev-util/glib-utils was updated

Change-Id: Ie8b5c425f846619ab4fc07f5bd1902dc83172a59
2019-01-08 04:59:08 -06:00
weiyj
64a8fc7c58 update spelling errors
Change-Id: Ic206b8247acce1975409329faa29deccd4f886de
2019-01-08 14:31:06 +08:00
Zuul
31f3e9dbc3 Merge "source-repositories: Replace documentation http with https links" 2019-01-08 05:16:18 +00:00
chengebj5238
079a104c1a source-repositories: Replace documentation http with https links
Change-Id: I7db3f2a1ed4e0460db60635ab00367050b0300a5
2019-01-08 15:49:41 +11:00
zhouxinyong
e3d6b8b0ec Delete the duplicate words in 50-zipl
Change-Id: Icaa3678f8b46f2a02eb9254753ed30ab8215aa7f
2019-01-07 10:02:35 +08:00
Yolanda Robla
853e13c6c3 Change phase to check for dracut-regenerate in iscsi-boot
There is an use of get_image_element_array on the environment.d
phase, for the iscsi-boot element.
This function is not available on that step. So moving the check
at next step, extra-data-d, where it is available.

Change-Id: I89cfe565492142c2f7962109360fcbcebadfd469
2019-01-02 11:05:00 +01:00
Zuul
56c72a0139 Merge "Add an element to configure iBFT network interfaces" 2018-11-30 13:46:05 +00:00
Zuul
58790e15f2 Merge "Add missing ws separator between words" 2018-11-30 03:53:49 +00:00
Ian Wienand
8ec3750dda simple-init: allow for NetworkManager support
This plumbs through an "--use-nm" flag to glean which instructs it to
setup interface bringup with NetworkManager rather than legacy network
enablement scripts.

In this case, install the NetworkManager package.  In the non-nm case,
also install the network-scripts for Fedora 29 -- this has stopped
being installed by default (it's been deprecated since forever).

As noted in the docs, this is currently really only relevant on the
supported rpm distros which are using the ifcfg-rh NetworkManager
plugin to effectively re-use old config files.  However,
NetworkManager has similar plugins for other platforms, so support can
be expanded if changes are proposed.

Depends-On: https://review.openstack.org/618964
Change-Id: I4d76e88ce25e5675fd5ef48924acd09915a62a4b
2018-11-30 10:02:47 +11:00
Ian Wienand
c52c383f1b package-installs: provide for skip from env var
Provide a "when" option that provides for not installing packages
based on a = or != match on an environment variable.

Unit tests are added.

Change-Id: Ifa824dccaff69fd447f45d54cb4a3083bcabdd86
2018-11-30 10:02:47 +11:00
Zuul
3eab481ab8 Merge "Fix a typo in the help message of disk-image-create" 2018-11-29 11:42:19 +00:00
Ian Wienand
0da1d3a419 Fix unit tests for elements
It looks like we dropped running these probably when we moved the
elements around.  For testtools to find the test scripts we need to
add the __init__.py files to make the directories look like modules.
Also prevent copying any .pyc or cache files in as hooks.

Change-Id: I66d5f6ee62cc4d9ee14c64e819b4db57d035d09f
2018-11-28 11:04:50 +11:00
Pierre Riteau
a64aa0cb47 Fix a typo in the help message of disk-image-create
Change-Id: I092e5ea88747b80c0e59c0aea4301d19009e0241
2018-11-23 09:09:31 +00:00
zhufl
b5f247b04f Add missing ws separator between words
This is to add missing ws separator between words.

Change-Id: Ie192d296128fb785c344ac5d8a77cad59764080e
2018-11-21 16:07:59 +08:00
Dmitry Tantsur
f0f3e3bac4 Add an element to configure iBFT network interfaces
This allows nodes with remote devices configured via iBFT to be
correctly used during Ironic introspection and deployment,
at least for non-multipath configurations.

The new element is added as a dependency for ironic-agent.

Change-Id: If3dac6504d26535593f12e851092065b688ef696
2018-11-20 14:11:11 +01:00
Zuul
d9d59b70da Merge "move selinux-permissive configure to pre-install phase" 2018-11-20 10:34:42 +00:00
Noam Angel
6f1f60983f move selinux-permissive configure to pre-install phase
install-packages is running before install.d phase, there is a chance
that installing a package like "container-selinux" will failed the
build, moving "selinux-permissive" to run at pre-install stage make
more sense.

Change-Id: I32f988be725d4b385c3765c47a00cd57c53d7d71
2018-11-19 13:13:57 +11:00
Zuul
d591c53196 Merge "fix some errors for ill-syntax in README.rst" 2018-11-19 01:59:49 +00:00
Ian Wienand
5085f23fdf Update to Fedora 29
Update builds to Fedora 29.  Remove the openstack gate CI mirror
workaround for pre-28 versions as they're not building in the gate any
more.

Change-Id: Ia6a8ae8d66d69f6add39e571043328e7274ba26c
2018-11-16 09:05:08 +00:00
Zuul
04806ea971 Merge "Increase size of EFI system partition" 2018-11-15 10:14:26 +00:00
zhouxinyong
621cbfca26 fix some errors for ill-syntax in README.rst
Change-Id: I0daf36848e8ddb09fcae6cbd55f460a8e49d209c
2018-11-13 15:05:51 +08:00
Pierre Riteau
257f9f4d1d Increase size of EFI system partition
8 MiB is not enough when using the grub2 element with centos7 images,
which installs binaries from the shim-x64 and grub2-efi-x64 packages
under /boot/efi. 12 MiB ought to be enough for anybody.

Change-Id: I8594d1fe05242f246a5809740a115ab2f84ac5a3
2018-10-31 14:38:28 +00:00
Jesse Pretorius
d59a0c8786 Add ubuntu-systemd-container operating-system element
In order to allow the simple preparation of base images which
can be used for LXC/nspawn machine containers, we add this
element.

Containers inherit a kernel from the host, so there is no need
to build a kernel into the image. All the element needs is a
base init system which, in this case, is systemd.

Change-Id: I45651de2aa1b19bdeee301094f0bdffdd0a3b45c
2018-10-31 14:22:28 +11:00
Zuul
16d5c4280b Merge "Turn on quiet mode when logfile specified" 2018-10-31 00:15:27 +00:00
Zuul
f8c12712cc Merge "Native zuulv3 tests" 2018-10-29 05:45:18 +00:00
Ian Wienand
36d642a6a0 Native zuulv3 tests
This finalises the ports of the legacy jobs to zuul native jobs.

The dib-setup-gate-mirrors role preconfigures the repo templates,
etc. for the openstack-ci-mirrors element.

The dib-functests role runs the tests as specified by dib_functests,
and can run under python2 or 3.

Change-Id: Ied67a31f0d31503d13eccad8662c29740c93f33e
2018-10-29 12:46:15 +11:00
Zuul
1785bd3975 Merge "Fix epel repo rewrite, add to testing" 2018-10-28 23:41:21 +00:00
Ian Wienand
86d5534352 Turn on quiet mode when logfile specified
I'm not really sure why I originally had --logfile also log to stdout
in I202e1cb200bde17f6d7770cf1e2710bbf4cca64c, but it seem
counter-intuitive (indeed, I just tripped myself up thinking that in a
devstack job "--logfile" would put the logs into a separate file and
avoid the stdout logging, and I wrote it!).

Make it so specifying a --logfile puts dib into quiet mode for stdout.
Explicitly overriding DIB_QUIET will allow both if someone wants that.

Change-Id: I3279c9253eee1c9db69c958b87a0ce73efc0be9b
2018-10-24 12:40:09 +11:00