Commit Graph

68 Commits

Author SHA1 Message Date
Dirk Mueller
5d39f83f74 Test openSUSE 42.2/42.3 image builds
Currently openSUSE 42.3 has entered feature freeze mode
so it is a good point in time to verify that 42.3 builds
are working successfully. Also test opensuse-minimal for
platforms that support it (need working zypper package)

Change-Id: I4c613e1e68cb7375c29d544bbf70b5da9bf21414
2017-05-30 13:07:04 +02:00
Matthew Thode
ce7ea9d34c
allow uninstalls to fail on gentoo
The cleanup of packages should be more opertunistic, if it's not there
then fail quietly.

Change-Id: I207a1162abc9ca5e9636b8de192f21424db0f569
2017-05-29 23:46:42 -05:00
Dirk Mueller
b4edb7d0eb Disable recommended package installations for zypper-minimal
This is consistent with how dpkg based images are configured
and minimizes the nodepool images drastically (avoid installing
texlive for example)

Change-Id: I98fb31bc0e06869e9770fae3dbd62f0d86acb879
2017-05-26 09:47:07 +02:00
Jenkins
0208f83a97 Merge "Set manifest permissions in the image" 2017-05-24 06:58:10 +00:00
Noam Angel
f1369a1add Set manifest permissions in the image
This is a follow-on to 57ef187632.

There's two things going on here; DIB_MANIFEST_IMAGE_DIR is *outside*
the chroot on the build host.  We copy the files here for posterity, I
guess.  MANIFEST_IMAGE_PATH is *inside* the chroot and are the files
we want to ensure are locked to root.

The prior change modified the permissions on DIB_MANIFEST_IMAGE_DIR.
So the first time you build, it works -- then the second time,
assuming you're using the same output filename, it hits the root-owned
manifest directories and causes a build failure.

I have built with this and checked that the manifest files in the
image are locked to root:

 $ virt-ls -a ./test.qcow2 -l /etc/dib-manifests
 total 32
 drwxr-xr-x  2 0 0  4096 May 24 03:39 .
 drwxr-xr-x 53 0 0  4096 May 24 03:39 ..
 -rw-------  1 0 0 15236 May 24 03:39 dib-manifest-dpkg-test
 -rw-------  1 0 0    35 May 24 03:39 dib_arguments
 -rw-------  1 0 0   137 May 24 03:39 dib_environment

Related-Bug: #1671842
Change-Id: I08319d0b5fcc461d40fe0be8427dcf0e37ad21e6
2017-05-24 15:20:55 +10:00
Jenkins
57c40a2ac4 Merge "Add dracut-regenerate elements" 2017-05-23 07:35:51 +00:00
Ian Wienand
9eb71a1fe0 Switch debian to deb.debian.org
Per [1] this is the "official" CDN mirror, which I think is the most
appropriate for the default.  I think this addresses the concerns
httpredir service, which I don't think ever quite got out of beta.

[1] https://wiki.debian.org/DebianGeoMirror

Change-Id: I55f2a00b8bbb0f0a20d3be229e4c2c32a7b69057
2017-05-19 20:10:40 +00:00
Yolanda Robla
f23ea63341 Add dracut-regenerate elements
This new element will allow to regenerate dracut
on the produced images, to enable different modules. It
relies on a yaml blob to specify modules and packages
needed. It defaults to installing lvm and crypt.

Change-Id: I292fb70cde41ee6053b7b81a67931bcdaaa6d664
2017-05-19 09:43:11 +02:00
Gregory Haynes
57ef187632 Set manifests to mode 600 and owner root
Manifests files can release sensitive information and therefore should
have restrictive permissions.

Change-Id: I64d6c830217a7d8b0172df2dc774079dcd1e2a68
Related-Bug: #1671842
2017-05-18 10:10:15 +10:00
Yolanda Robla
6d0b9abc0f Apply setfiles on all mountpoints
With new block device definition, where content of the image
can be mounted on different partitions, is not enough with
executing setfiles on root directory. Instead of that, expose
all the mountpoints on the image, and apply setfiles on them.

Change-Id: I153f979722eaec49eab93d7cd398c5589b9bfc44
2017-05-16 07:51:48 +02:00
Andreas Florath
e4e23897a1 Refactor: block-device filesystem creation, mount and fstab
This patch finalizes the block device refactoring.  It moves the three
remaining levels (filesystem creation, mount and fstab handling) into
the new python module.

Now it is possible to use any number of disk images, any number of
partitions and used them mounted to different directories.

Notes:

 * unmount_dir : modified to only unmount the subdirs mounted by
   mount_proc_sys_dev().  dib-block-device unmounts
   $TMP_MOUNT_PATH/mnt (see I85e01f3898d3c043071de5fad82307cb091a64a9)

Change-Id: I592c0b1329409307197460cfa8fd69798013f1f8
Signed-off-by: Andreas Florath <andreas@florath.net>
Closes-Bug: #1664924
2017-05-12 13:52:02 +02:00
Yolanda Robla
fb70a49ba2 Add a test to validate we can build debian vms
This is a partial refactor from change
I592c0b1329409307197460cfa8fd69798013f1f8

Change-Id: I8822e68e41c4ebd47eea9ffed4557efc130a7bf7
Co-Authored-By: Andreas Florath <andreas@florath.net>
2017-05-05 19:17:39 +02:00
Jenkins
83ea4a17b8 Merge "Clean out apt index caches at end of image build" 2017-05-01 08:09:07 +00:00
Jenkins
ead4a50c2a Merge "Make Gentoo package updates work more often" 2017-05-01 08:05:04 +00:00
Jenkins
c36ac99458 Merge "Turn off strict_id mode for Ec2 datasource" 2017-05-01 08:04:52 +00:00
Matthew Thode
6f51fbe355
Make Gentoo package updates work more often
Some package updates are more complex and require things like --backtrack=99 to
be passed to emerge.  We also try harder to ensure the system is in a consistent
state as a last step.

Change-Id: Ia5d3514e8b2a6cb2d656ade997cebb798d9c0a47
2017-04-22 19:34:11 -05:00
Paul Belanger
1ce16a987b
Add yum-utils as EPEL dependency
With 8e822768f9 we added the ability to
disable the EPEL repository, however we need yum-utils to use
yum-config-manager.

Change-Id: Iea445f84494fd9a89fd93e9b35f920eb5e55211d
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2017-04-20 17:01:00 -04:00
Simon Leinen
0ff40cf63c Turn off strict_id mode for Ec2 datasource
Recent changes in the default configuration of cloud-init in Ubuntu
cause warnings when the Ec2 datasource is used on non-Amazon clouds,
see https://bugs.launchpad.net/cloud-init/+bug/1660385

We explicitly select the previous behavior when an Ec2 datasource is
desired.

Change-Id: Iebad8f6c0017fe08013dd5fe667c6132158b71cd
Closes-bug: 1683038
2017-04-19 09:47:56 +02:00
Ian Wienand
7a962e9d1c Skip python3-virtualenv on <= trusty
If DIB_PYTHON_VERSION is < 3 on the !redhat path, that means we're on
an older platform that may not have python3-virtualenv packages.  Skip
install.

Ensure the order of operations happens by forcing the installs

Also add a note about limited platform support (patches welcome :)

Change-Id: I18412767f0ebf946d557a0a126285369e96af159
2017-04-12 06:36:20 +10:00
Ian Wienand
79d4113cbe pip-and-virtualenv : install python2 & 3, and default to 2
Recent changes in project-config have shown that we leave the system
in an inconsistent state when installing from source.  On fedora, we
will have installed the python2 packages, but then used $DIB_PYTHON to
install python3 pip from source!

This tries to clarify the situation.  As described in the document,
with package installs, we just install the $DIB_PYTHON packaged
versions.

Source installs want to take over the global namespace.  This is the
price you pay for running the latest versions outside package managers
:) The only sane thing seems to be for us to normalise python2 &
python3 versions of pip, setuptools and virtualenv and then hacking
things such that "/usr/bin/pip" and "/usr/bin/virtalenv" remain
defaulted to python2 versions.

Documentation is added

Change-Id: Ibc6572b89e256d1f48b7fe7c672b8b9524dc704f
2017-04-11 18:59:11 +10:00
Ian Wienand
ffd4820d59 Install pip with python interpreter
Currently we install pip/virtualenv with "/usr/local/bin/dib-python".
This means that every time you create a virtualenv, the python
interpreter inside it is called "dib-python" which is confusing.

Add an env var DIB_PYTHON that points directly the to interpreter
available during build, for use when running scripts.

Change-Id: I88ad3c9eb958d58db4631d9b27bc2c592f970345
2017-04-11 18:59:09 +10:00
Jenkins
5c1579f0d6 Merge "Unify and fix doc of several Debian and Ubuntu elements" 2017-04-10 01:25:01 +00:00
Paul Belanger
1778fb57db Clean out apt index caches at end of image build
Apt gets confused if it talks to a mirror with an older index than the
index currently cached by apt. This can happen when image builds use a
newer index than the booted image. Avoid these problems entirely by
removing those index caches at the end of image building.

Change-Id: I245d516ee8a44831b2c29612b782bad555c48a3f
Co-Author: Clark Boylan <clark.boylan@gmail.com>
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2017-04-09 11:57:23 -04:00
Jenkins
3f5c558753 Merge "Fix package-installs-v2 output" 2017-04-07 13:24:17 +00:00
Jenkins
1b5045c563 Merge "Basic logging for package-installs-squash" 2017-04-07 13:24:10 +00:00
Jenkins
08ad06f86d Merge "Fix opensuse-minimal element on non-SUSE hosts" 2017-04-07 12:06:31 +00:00
Andreas Florath
ee8fa3c4bb Unify and fix doc of several Debian and Ubuntu elements
This patch removes three nearly-copies of debootstrap documentation
and fixes some documentation aspects.

Change-Id: Ief7794f5c1abad73788c063af6c862472cd34744
Signed-off-by: Andreas Florath <andreas@florath.net>
2017-04-07 05:56:50 +00:00
Ian Wienand
f068e6aa6e Fix package-installs-v2 output
The current output for package-installs-v2 is inscrutable [1]

The problem starts with process_output() which is not capturing
stderr.  This means that any stderr output is dislocated from any
stdout output around it.  This is *really* confusing as you get a
bunch of seemingly meaningless stderr output from any calls before you
see any stdout (e.g. in [1] you can see random yum error output that
should have been with the yum call)).  The simplest thing to do is to
redirect stderr to stdout which keeps everything in sync.

This causes a slight problem, however, because pkg-map outputs both
status information and errors on stderr.  To work around this but
maintain compatibility, we add a "--prefix" argument that prepends
mapped packages from pkg-map with a value we can match on.  The
existing status/debug output from pkg-map is low-value; modify the
call so that it will be traced only at higher debug levels (e.g. -x
-x).

The current loop is also calling pkg-map for every package in every
element (this is why in [1] the same message is repeated over and
over).  This is unnecessary; it only needs to pkg-map once for each
element, giving the package list as the arguments.  Create package
lists by element and pass those to pkg-map.

As a cleanup, there is no point in printing e.output if the
process_output fails for the install because we are already tracing
it; i.e. the output, even for failures, is already in the logs.
Printing it again just duplicates the output.

[2] is an extract showing what I feel is a much more understandable
log output for a fairly complex install.

[1] http://paste.openstack.org/show/595118/
[2] http://paste.openstack.org/show/595303/

Change-Id: Ia74602a5d2db032a476481caec0e45dab013d54f
2017-04-07 13:48:53 +10:00
Ian Wienand
facabe585c Basic logging for package-installs-squash
Some basic info logging and debugging for package-installs-squash.

Change-Id: If7c227cf0a53b71d334b5f5a6075120f2a7bf3a7
2017-04-07 13:48:52 +10:00
Corey O'Brien
0ea7e927de Fix typo in pip-and-virtualenv
Change-Id: I3058b45fff037106eba0267fd6629707a5ebb8b1
2017-04-06 10:19:40 -04:00
Jenkins
10baebe1e4 Merge "Run dib-run-parts out of /tmp" 2017-04-05 10:18:55 +00:00
Jenkins
0279258ac6 Merge "Don't provide dib-run-parts" 2017-04-05 07:01:29 +00:00
Jenkins
221c44f24c Merge "Adding aarch64 support for CentOS7" 2017-04-05 05:10:05 +00:00
Ian Wienand
6802cf7100 Run dib-run-parts out of /tmp
The dib-run-parts element was copying our internal version of
dib-run-parts into /usr/local/bin to be used running scripts inside
the target chroot.  However, it never cleaned up after itself.  This
means all images were left with an unmanaged local install of
dib-run-parts.

This copies dib-run-parts into the hooks directory of the chroot and
runs it from there.  It is cleaned up automatically on the exit path.

The dib-run-parts element is no longer required and it has been
removed from all dependencies.  It is left with a deprecation notice
in the README.  For compatability we convert it to simply install
dib-utils.

Codesearch shows no users depending on this unintentional implicit
install.  Note os-refresh-config depends on dib-utils and thus will
have an explicitly installed version.

Partial-Bug: #1673144
Change-Id: Ia2e96c00a4246c04beb96c17f83b8aefb69219ca
2017-04-05 13:11:22 +10:00
Ian Wienand
fd424757a6 Don't provide dib-run-parts
It was an oversight during v2 development for dib to start providing
dib-run-parts.  The intention was for dib to use a vendored
dib-run-parts directly from $_LIB and have no dependencies on
dib-utils at all.  By exporting dib-run-parts, we created an
unintentional conflict with the dib-utils package which provides the
same script.

Tools that depend on dib-utils are unaffected by this
(os-refresh-config).

The only tool that installs diskimage-builder and then assumes
dib-run-parts is available in the path is instack.  I have proposed
Ibfe972208df40fa092b11b5419043524c903f1b4 to modify that to use our
internal version.

Change-Id: I149c345d38d761a49b3a6ccc4833482f09f1cd05
2017-04-05 13:11:20 +10:00
Ian Wienand
8e822768f9 Add flag to disable EPEL
Add DIB_EPEL_DISABLED flag that allows installation of the EPEL repo,
but to have it disabled by default.  This will help when you have
unavoidable EPEL dependencies, but want to make sure you only pull
specific things in with "--enablerepo" calls when installing those
packages.

Change-Id: Iedf6167a7cd69418255ebbee095aea04c50d73fd
2017-04-05 05:59:40 +10:00
Hironori Shiina
eaa0569ac5 Fix code-block in README of rhel7 element
A code-block in README of rhel7 element is not rendered as expected.
This patch fixes it to be rendered correctly.

Change-Id: Ie8f4c05edd1dd93314290682e4b2734622894e15
2017-04-03 03:56:22 +00:00
Dirk Mueller
1bdeaadc95 Fix opensuse-minimal element on non-SUSE hosts
zypper on non-suse hosts is not parsing the pattern repodata because
those are marked as an inofficial extension to the repomd specification.
This is not a big issue as there is meanwhile in newer openSUSE
distributions a pattern *package* that depends on the same packages like
the pattern would do, so we can just replace it with that.

Change-Id: I0c8f713075bd7e5bf1d425f81933b4666654add7
Depends-On: I34e98f0f7693859ed05011b008334628adff612f
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2017-04-02 19:37:01 -04:00
Paul Belanger
87236af75c Have simple-init enable network.service
When a glean is running on centos with multiple NICs, it will try to
systemctl enable network.service multiple times for each interface.
Because of systemd magic, it is possible for the systemctl command to
fail in a race condition.

glean shouldn't be enabling network.service during boot in
pre-networking phases (Ib2b618dd975ca44e9c6b0a2c9027642ffc46b9b0).  I
have proposed I8319f1ed6498a9d447950c2b4b34bca59e7b97e4 to remove this
and document the behaviour.

This also bring across suse's version
(I20bffabd333ea290d8712ec2a467f2b2d5678f3a)

Change-Id: I89d9443cb61e287bd0d9da3f48315272218ee335
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2017-03-28 19:28:51 +11:00
Jenkins
f128d08cf0 Merge "Use correct Ubuntu distro url on non-x86 arches" 2017-03-24 04:42:59 +00:00
Jenkins
94e2973785 Merge "functests: skip qcow2 generically but add specific test" 2017-03-24 01:07:10 +00:00
Mikhail S Medvedev
4d4417c9a6 Use correct Ubuntu distro url on non-x86 arches
diskimage-builder usually provides defaults that work out of the box.
One default that does not work outside of x86 land is Ubuntu distro
mirror url. Considering there are only two valid default options, we can
automatically choose a better default.

This patch changes behavior only for architectures known to be using
http://ports.ubuntu.com/ubuntu-ports. All others still would use
http://archive.ubuntu.com/ubuntu as default. It provides some guarantee
that we do not introduce a regression.

Change-Id: If95a64bac0c88f30736da4bae7f1fdce126c0bf6
2017-03-23 09:27:25 -05:00
gecong1973
8ff6f51b81 Typo fix: curent => current
Change-Id: I5ce5a98c355310d6f5f6c09e19993b01ed025f0e
2017-03-23 15:02:20 +08:00
Ian Wienand
76ae374413 functests: skip qcow2 generically but add specific test
We somewhat discussed skipping qcow2 generation previously in
I9372e195913798a851c96e62eee89029e067baa1.  As recent issues with PPC
testing have shown, we are not actually testing the "vm" element and
hence the bootloader path in the functional tests.

I don't think we need to test this on every element; it overlaps
somewhat with the testing done by the nodepool jobs which build full
images and boot them.  I also didn't want to introduce a separate run
for this.  Thus it seems valuable to at least have one element
enhanced to do this installation and conversion in our default tests
for basic sanity.

This disables qcow generation by default, as per the other change, but
allows an element to drop a file that will override the output
formats.  The Xenial element is modified to produce a qcow2 using
this, and also introduces a dependency on the "vm" element so it tries
to install the bootloader.

We now exit if the .qcow2 fails to build as well.

Change-Id: I1a6acefe52f8c696c39b2d592fdc7ae32a87e6fe
2017-03-23 13:49:24 +11:00
Jenkins
2ea3a434f7 Merge "Add default PPC block-device layout" 2017-03-23 01:03:13 +00:00
Ian Wienand
19fcd263d0 Add default PPC block-device layout
Add a default PPC block-device layout.  I've extracted this into
separate yaml files for ease of editing and to facilitate things like
longer comments.

This is not sufficient to get PPC images working, but it is required.

Change-Id: I09e5d1ed92260bdb632333f5203dd7e70d512dc8
2017-03-23 09:44:01 +11:00
Dan Radez
06576a02f0 Adding aarch64 support for CentOS7
Using delorian and delorian-deps for aarch64
this will produce an overcloud-full image

Change-Id: Id0dc83d9c558b0c0bbfaed7727883541d140472c
2017-03-22 10:46:54 -04:00
Yolanda Robla
8a3a3ffe6e Fix typo in CMDLINE env var for bootloader
The correct spelling of the env var needs to be
DIB_BOOTLOADER_DEFAULT_CMDLINE

Change-Id: I4ae2aed928723588e736b63283a54eca5f4b4c3b
2017-03-22 12:02:37 +01:00
Jenkins
f1d53f2e31 Merge "Use sphinx warning-is-error" 2017-03-15 23:56:59 +00:00
Ian Wienand
fea6ab1624 Use sphinx warning-is-error
Sphix 1.5 (I9e7261c4124b71eeb6bddd9e21747b61bbdc16fa) includes
"warning-is-error" which supersedes pbr's warnerrors.  Enable this and
fix up the resulting failures

 - trailing lines for lists in element_deps directive
 - missing README's that are linked
 - syntax error and highlighting in building instructions

Change-Id: I6549551b4a9bf47076c9811a7a38a666cbea2a50
2017-03-14 14:49:49 +11:00