Move managing of SSH host keys into a dedicated element.
Because glean doesn't generate SSH host keys anymore, we need to do it
with a systemd script. This is already handled by CentOS / Fedora so
we don't want to add it there.
This was done to address the upstream bug in debian:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500192
Change-Id: I31ad667672e08350872db21a83445fe0aa7a4a39
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Grub is first removed and then installed during RHEL image building. The
grub2 package typically requires the same version of grub2-tools, so if
we just remove and install the grub2 package, the installation can
potentially fail on being out of sync with grub2-tools version. Removing
and reinstalling both packages fixes this issue. Those packages are
already in package map for RHEL as "grub-pc", so we can use this alias.
Change-Id: Iefd9c17fffd43de3fea260510ad218b1322eecb3
Closes-Bug: #1627000
We are currently wasting about 10 minutes per deploy waiting for
DHCP on interfaces that will never get it. By default, the timeout
seems to be 5 minutes (the 10 minutes is because we boot both the
IPA ramdisk and the deployed image, and each waits for 5 minutes),
which is excessively long to get a DHCP response. This change
shortens the time to 30 seconds. If an interface hasn't gotten a
response in 30 seconds, chances are it's not going to. A 30
second wait should reduce our wasted time to 1 minute, which is
more reasonable.
This is being done in the systemd unit file because the -timeout
option to dhclient doesn't seem to override what is configured in
dhclient.conf, and doing it in the systemd file means that this
change will be limited to only the interfaces configured by
dhcp-all-interfaces.
Change-Id: Ia8610e3def39c937eb0c861fdc9bc571ec39f9f4
Closes-Bug: 1626673
Because we are using the building platform's "yum" to do the initial
install into the chroot, it is affected by the base-system's
/etc/yum.conf.
pip-and-virtaulenv in I82acb865378a0fa5903a6267bfcee0e2962eced0 added
"exclude=python-pip..." in /etc/yum.conf to stop the package manager
overwriting the installed pip. Now our CI images have built with
this, we are now picking up this exclude on centos. Since on F24
dnf->python->python-pip we end up failing to build the the chroot
because python-pip can not be satisifed. In a general sense, however,
this could be caused by any configuration put into /etc/yum.conf that
is incompatible with installing into the chroot.
yum has the option to disable all excludes which is used here. This
seems to be the best way to isolate the chroot install from any
excludes that may have been done on the base system for various
reasons. I did consider using a completely separate yum.conf we ship
with dib ... but let's start simple.
This should fix the current gate failures on centos
Change-Id: I4e4cc8ed09a29c4057ade34ea93025139e191bf5
yum-minimal installs selinux but not libselinux-python, which makes
interacting with the node from ansible hard fail. Add it.
Change-Id: I403e7806ae10d5dd96d0727832f4da20e34b94c7
Add support for new openSUSE Leap releases. Moreover, document
common environment variables and remove old note.
Change-Id: I8cf0b215cb4d9231e5658d49e3fd598dfbb5fd37
The previous commit removes dkms from the base element, which
means the centos elements should no longer have a dependency on
EPEL. Therefore, we should not hardcode the epel dependency. It
can still be included in image builds as desired by using the epel
element explicitly.
Co-Authored-By: Ben Nemec <bnemec@redhat.com>
Change-Id: Iceff0d5bedd9816adfd2990970e7c216b67b6bd0
The use of dkms in base was actually removed long ago in
Ic2c345bf9f0738dadae611194e263d3a5d424a3e and it is creating an
unnecessary dependency on EPEL for the centos elements.
Change-Id: Iae3100471e50a9c39f40b450f087192918ae54b3
This fix add need kernel module for Infiniband and ConnectX-4+ network
cards.
Also install by default required user space packages.
Change-Id: Ia2e7b1820f197778138a23fafaccb5a4fb44369a
On systemd-based operating systems that don't
use /etc/sysconfig/network-scripts
dhcp-all-interfaces configures 'lo' for dhcp.
This causes errors and fails networking.target
causing system-wide issues. This change excludes
'lo' at dhcp-all-interfaces udev rules level.
Closes-bug: #1621501
Change-Id: I7563b766827bedbea7ae1de35e5bdfcbf1fc0d1e
Co-Authored-By: Jeremy Stanley <fungi@yuggoth.org>
Dependency to start network-pre (which
depends on network.target) before
dhcp-interface@.service collides with
Ubuntu's own network.target that suupose
to start after network-pre.
Change-Id: I9e59c970bfb1ebdaa15b4ec6b545761ede3ca056
Closes-bug: #1619816
Running the functional tests is time consuming. This patch adds the
option `-j <job count>` to the tests/run_functests.sh: when given the
test run in parallel up the <job count> jobs.
When using this, be sure to have enough resources (CPUs, RAM and HD
space) on the host.
In addition there was the need to change two things:
o Global /tmp/dib-test-should-fail was move to temporary build
directory of each execution.
o Because the logs might now interleave, each log line has now a
prefix of the name of the testcase.
[In my environment running functests sequential takes 15+ minutes,
running them parallel takes less than 6 minutes.]
Change-Id: Id9ea5131f0026c292ca6453ba2c80fe12c47f808
Signed-off-by: Andreas Florath <andreas@florath.net>
It is possible and often desired to install glean from a source
repository when using the simple-init element. Document the process for
doing this.
Change-Id: Ie7c690406b14aae07d73261879b7ce8a2ed9dd8d
IPv6 privacy extensions can cause issues by preferring a temporary
network over a public one. This preference may limit connectivity
in certain situations. An example of a connectivity issue can be
seen where the command ``traceroute6`` fails or misses all hops
while other traffic to a given domain with a "AAAA" record may
succeed. To resolve this issue the IPv6 privacy extensions have
been disabled.
Change-Id: I62b9d6301b9e8b8e93b49cecbc96334ceea92fa5
Related-Bug: #1068756
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Currently, ironic-python-agent is installed without using an
upper-constraints.txt file.
This commits ensures ironic-python-agent is installed using
upper-constraints.
Change-Id: I6be6cfc012941e2cc9996717cba39b5415b85e14
Closes-Bug: #1616554
Explain difference between 'DIB_OFFLINE' and
'DIB_DEBIAN_USE_DEBOOTSTRAP_CACHE'
Those variables are not redundant,they hava different effective ranges.
However,some people may be confused about this and reported a bug.
So,this difference should be writen in the README file.
Closes-Bug: #1506275
Change-Id: Ie5316de41d129bf98781708954f09ef0b2592b53
During the creation of a disk image (e.g. for a VM), there is the need
to create, setup, configure and afterwards detach some kind of storage
where the newly installed OS can be copied to or directly installed
in.
Change-Id: I0a43e247fb9e258e3983db35362f627416983773
Depends-On: I7bd7e9fa94635621590f72702107e218155fef2a
Signed-off-by: Andreas Florath <andreas@florath.net>
Currently we update portage whenever we could need it. Instead we
should update portage only if we actually need to. This update adds a
check to do so.
Change-Id: Ifdb27fd844b0b3a169ced945ac7ee0ddc235e9ec
Gentoo has updated it's grub ebuild to default to the upstream
recommended installation parameter of grub-mkconfig instead of our
default multislot installation of grub2-mkconfig. Update the command
line parameter so that it works with both.
Change-Id: I359b44338a4f76af7c026f5cad212e6dc3dbf2b3
It's possible this is run form an environment where $USER isn't set,
properly fallback to whoami in this case.
Change-Id: I1181f714c3c456ee264b34d282bac5c0adb67a0e
Storing the du output in a variable seemed convenient, but I didn't
realise just how big it could get especially with things like infra
images -- there's something like 100MiB of text being stored in a bash
variable here.
Convert this to work with a temporary file
Change-Id: I6a6d22c2142e0f199490c39cca8c94769e4b0232
There has been some confusion about what this environment variable
controls, and it isnt very clear in the docs.
Change-Id: Id21b3c5ce361c4d1121eb7015020235b4c0a2f36
Even though this file ends up in the /tmp directory, for readability
it's good to point out that server.pem is not necessarily the
certificate for a server, but can be a CA certificate which is
trusted if this option is used.
Change-Id: Iea27a702a844456e4472957438f75ed3819d62ca
For some use cases, it can be useful to keep all the kernels
and not just keep the latest one. Add a parameter that allows
it, and continue cleaning up kernels by default.
Change-Id: Ia6e6c1fa18e3724c1eb89226151d81e9e748b793
