All indication in CI is that Centos Stream9's use of dhclient
appears to point to compatability issues when interacting with
dnsmasq. However, this doesn't appear to be the issue with the
internal dhcp client. As such, lets constraint the RH default
so that it no longer applies to Centos 9-stream.
I've also added a documentation entry for DIB_DHCP_CLIENT which
was previously undocumented.
As an aside, I've already reached out to RH's NetworkManager team
regarding this, but root cause is not entirely understood at this
point.
Change-Id: I235f75b385a8b0348c8fe064038c51409f8722c4
Story: 2010109
Task: 45677
Creating a separate /boot partition is desirable in some cases[1].
This change detects if /boot is a partition, and ensures that the
kernel/ramdisk paths are correct in either case. This is applied to
all BLS entries files, whether they were generated by the previous
grub2-mkconfig call or in the source image.
This means the rhel9 specific workaround can be removed since all
paths are now normalised at this stage.
[1] https://review.opendev.org/c/openstack/tripleo-image-elements/+/846807
Change-Id: I62120ec8c65876e451532d2654d37435eb3606a6
Resolves: rhbz#2101514
Currently if no Dockerfile is specified or found, we exit later with
an obscure error. Check this after the element search; if we still
don't have something to build then we can't continue.
Change-Id: Ifb17a0995fab0ccfe7ee08363676c1fa57e37592
'9-stream' was being matched against the regex '9',
causing builds on RHEL9 to try to install C9S RPMs.
We want this the other way so that DIB_RELEASE=9
will not match the regex '9-stream'.
Resolves: rhbz#2097443
Signed-off-by: Lon Hohberger <lhh@redhat.com>
Change-Id: Iefd7c23512c460e33117d12bbc33606134daa9e2
Add a warning in satellite configuration as when no activation_key
is provided and no environment is configured, subscription-manager
might hang as it's prompting the user to provide the missing
parameter.
Change-Id: I9564841ca845eafc2bd39be6b05bef62e8062f28
Due to the referenced inline issue, 9-stream currently fails running
setfiles in a chroot without /proc. Since we want to actually label
/proc, we don't want it mounted. This pulls in the fixed packages to
get things going until the fix is rolled out.
Change-Id: Id41c16130e975779cb70e2ab19807a689450d026
When building an image, say RHEL9, on a host installed with that
same image, you will be blocked from mounting the filesystems to
extract contents, as the host OS kernel will identify the duplicate
UUIDs and error accordingly.
This was previously fixed for the root filesystem, but not the boot
filesystem.
Change-Id: I63a34fba033ed1c459aeb9c201c8821fa38a36e9
the command had one error in it (missing one backslash)
and was rendered wrong, w/o any backslashes at all.
Change-Id: If187f645b818f47d10b602ccee12c29892a8d88d
After some recent reordering[0], the /boot/grub directory isn't created
early enough on Gentoo any more, let us just ensure ourselves that it is
in place when we create the grub config.
[0] I8cb34914bbbfa05521bbb71cc6637368b980358f
Change-Id: I8a84d08c3090e46b00d1d626fb984f66ea33f256
Previously a module version was splitted from the module name:
nvidia, 510.47.03, 5.4.0-109-generic, x86_64: installed
In Jammy it is now a part of the name:
nvidia/510.47.03, 5.15.0-27-generic, x86_64: installed
Assuming the fact that it would be threatted as a path this change
doesn't brake anything which was working before. But at the same
time it allows to pass last step where dkms is requested to build all
modules.
Change-Id: Ic1bb2b45f9db906b64ca03ae5c4e05b2114f2a74
It may happen a base image has an edited version of cloud-init
"cloud.cfg" that prevents the host keys to be generated.
While it didn't represent an issue with older releases of cloud-init,
starting cloud-init-22 this isn't true anymore.
Before that release, an sshd-keygen@.service was present and called by
sshd-keygen.target (which was called by sshd.service), and we ended up
with ssh host keys in any cases - either generated from cloud-init, or
generated by sshd-keygen.service.
But cloud-init-22 introduced an edition to the sshd-keygen.service,
making it check for the presence of cloud-init service, and preventing
this sshd-keygen to kick in this case.
So we'd better ensure cloud-init is able to generate the keys, else
we'll be in a bad state, since it's instructed to remove the ones
present.
Closes-Bug: #1971751
Change-Id: I37b2f3e9d57a86544ef14e74a4a927309c18bbf0
This adds arm64 ubuntu-minimal Jammy functests and x86 ubuntu image
based Jammy functests. To make this happen we have to install
debootstrap from debian unstable on the functest nodes in order to get
access to a debootstrap that knows what jammy is.
As we ramp up Jammy support in our tools having good testing will be
helpful.
Change-Id: I1d1dc752ce176457d0656cbd50e27a2721ca9856
This makes 03-reset-bls-entries consistent with rhel so that the glob
match is *.conf, and a check is added to ensure that a rename is
actually required.
Change-Id: I4adff43cf7d4f31d939e6ddf37ac8d162ccd0db7
This reverts commit 8401290976.
We are reverting this because some users may want to use predictable
device names and may not even use Debian. However, after some
investigation we have found a couple of bugs in dhcp-all-interfaces on
Debuntu distros. The parent change corrects those bugs. Additionally new
Linux kernels emit "move" events to udev when interfaces are renamed to
their predictable name. Support this "move" in the dhcp-all-interfaces
udev rules. Making these changes appaers to produce functional images
for Debian users using predictable device names. If predictable device
names are not desired turning them off is straightforward and release
notes are updated to give users the info they need to do that outside of
this element.
Change-Id: I125f1a0c78a103b51bda961528c3e66c345bf604
Co-Authored-By: Clark Boylan <clark.boylan@gmail.com>
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>
There are two issues with dhcp-all-interfaces on debuntu interfaces
addressed here. First is the path to dhclient lease files is
/var/lib/dhcp not /var/lib/dhclient. Second there is a missing newline
in the ENI interface file which causes a parse error.
Change-Id: Ice83e0d49a4234301dc12daf828ba80fef414cdb
I just saw in the trace output of a failure
> grep -o 'CentOS-.[^>]*GenericCloud-.[^>]*.qcow2'
> sort -r
> head -1
sort: fflush failed: 'standard output': Broken pipe
sort: write error
i.e. the "head -1" has exited after reading one line, but "sort -r"
still wants to write and thus has hit a pipe failure, and because we
run with "-o pipefail" this has halted the script.
This seems like it has been there more or less forever, maybe we just
got lucky hitting it now? Anyway, we can work around this by using a
process substitution and passing the output of this into head, this
way we won't hit a pipe failure.
I also updated the fedora path as it does the same thing.
Change-Id: I44d97e5bb31702aacf396e0229329a2ef9c64f2f
We've not really been using the Focal containerfile, as we move
forward jammy is a better choice for keeping stable as we might find
some new users for it.
Also add binutils to bindep for native bullseye builds (see
Icb0e40827c9f8ac583fa143545e6bed9641bf613)
Change-Id: I22ebe2bbccaec34180e58996b21e47bfc4f36055
03-reset-bls-entries was previously a pre-install script to run after
the machine-id was set, but a new kernel may be installed during the
install phase, which will install another bls entry file with a
filename which differs from the machine-id.
This means this package installed bls file won't be updated when
grub2-mkconfig is called, resulting in incorrect kernel args and boot
device in the entry file that will get booted by default.
By fixing the filenames after the new kernel is installed,
grub2-mkconfig will update the bls file that actually gets used on
boot.
Change-Id: I653bef9638e38ded68458fd40d90e30e5206caad
According to the systemd documentation[1], if /etc/machine-id is empty
it will be populated with a unique value, but not in a way which
triggers an actual first boot event (running units with
ConditionFirstBoot=yes set)
This change writes "uninitialized" to /etc/machine-id to ensure that
systemd-firstboot.service actually runs, and other units can use
first-boot-complete.target as a dependency to trigger on first boot.
Since /var/lib/dbus/machine-id is sometimes a symlink to
/etc/machine-id, it is truncated before writing to /etc/machine-id.
On older versions of systemd before first boot semantics were
formalised, any non-uuid value will trigger a new machine-id to be
generated, so "uninitialized" also works.
[1] https://www.freedesktop.org/software/systemd/man/machine-id.html#First%20Boot%20Semantics
Change-Id: I77c35e51a3da2e8a6b5a2c80d033a159b303c9af
This started a long way from here, when I noticed that "top" on centos
9-stream images wasn't working because ncurses-base wasn't installed.
This led me to the extant install of bash/glibc/ncurses-libs from
Iecf7f7e4c992bb23437b6461cdd04cdca96aafa6. However it didn't really
explain why these are brought in here.
Reading further it became clearer that over the years of distribution
additions, Fedora updates, etc. this has grown into a bit of a mess.
Refactor the release package installs into a more logical flow,
pulling out checks/comments for Fedora's of ancient history, etc.
Remove the 9-stream package installs; this isn't the place for them,
and the should be brought in by the base packages.
Ultimately, this is intendend to a be a no-op refactor.
Change-Id: Ie7d9a6497d0d20a3303ec0da3d0668c74efa2c3d
The recent git ownership-checking changes (see related bug for full
details) mean we can not run git in non-owned directories.
We have a couple of cases here where we have done a "pushd" to work in
the REPO_DEST context; this is the destination directory that is
inside the chroot so needs to be operated on as "root" (via sudo
calls). This certainly makes sense -- but given the new way of things
it can hide what context each call is working in, which is now very
important. Previously this worked because you could read it; now it's
doing the UID check too, calls in here without sudo now fail.
Remvoe the pushd's and make every call that works in REPO_DEST
explicit with -C, and add sudo calls around it.
Change-Id: Id1f6bd94c9c77ef6ab2b562a7e0bc48f749c58ac
Related-Bug: https://bugs.launchpad.net/devstack/+bug/1968798
The bootloader element installs the grub bootloader for whole-disk
images, but it also correctly sets values in /etc/default/grub and BLS
entries.
This value setting is useful even if the bootloader isn't installed.
For example, the overcloud-full partition image benefits from a
correct /etc/default/grub and BLS entries which ironic-python-agent
will use when it installs grub on the disk during baremetal deploy.
This change moves the actual grub install to the end of the script,
and if there is no $DIB_BLOCK_DEVICE set then install is skipped.
This allows overcloud-full to use the bootloader element instead of
the grub2 element, so the correct grub defaults are set on centos9,
including the correct root device on centos9.
Change-Id: I8cb34914bbbfa05521bbb71cc6637368b980358f
This reverts the mirror removal in
I817b412b7f06523df635e8b16111bc1081b40f66 and updates the test to F35,
which is mirrored.
Change-Id: I00d24690f57bedd3fc5ebbc18de0ed874ad1e4ef
In some build environments Docker is already installed - and adding
podman is not an option. Add a new variable to toggle this, and
rename the now incorrectly titled DIB_CONTAINERFILE_PODMAN_ROOT to
just ...RUNTIME_ROOT to match.
Change-Id: I677e4f491b40360dceabdf4f2a9e64c7cb493dc7
This adds a check for the root device having filesystem type btrfs,
and when it is assume there is a subvolume called "root". This fixes
extract-image when using Fedora-Cloud-Base btrfs images.
This should be sufficient until there is another btrfs base image with
a different subvolume layout.
Change-Id: Ib18979090585ba92566e523951b521b9d902fcb7
This change is proposed again, avoiding lsblk features missing from
older distros:
- lsblk is avoided entirely for a whole-disk image with a single
partition, which would be the majority of old image building jobs
- Field PARTTYPENAME not available on the lsblk in CentOS-8, instead
rely on the GUID being correct for EFI partitions
- Argument --output-all not available on the lsblk in CentOS-7, this
is just for logging debug, so can be removed
This reverts commit b06bac734c.
Change-Id: Ib0d4e7751fd968511fc7f672d524e58d1488ae11
This reverts commit 0630b3cb69.
Reason for revert: breaks compatibility with CentOS Stream 8, lsblk does not have PARTTYPENAME until version 2.35 and CS8 has version 2.32.1 installed
Change-Id: I7fc0e76f0eeb8594d8a0d57629b2c67526b961ad
Rocky Linux is very similar to CentOS 8. CentOS 8 required and forced
NetworkManager with glean so we update dib to do the same for Rocky.
Change-Id: I145e57d61059c2f34dc2d4810e83809b71c6aade
RHEL-9 base images are whole-disk images with the /boot/efi partition
correctly set up for EFI Secure Boot. This doesn't work with
extract-image because it only mounts the root partition, leaving
/boot/efi empty even though grub2-efi & shim packages are "installed".
This change mounts discovered partitions to mnt/boot, mnt/boot/efi so
all content can be extracted from the image.
Partition detection is done by reading block device attributes and
matching on Boot Loader Specification[1] UIDs or labels as observed in
supported base images.
[1] https://systemd.io/BOOT_LOADER_SPECIFICATION/
Change-Id: I8487002a18ae6ca98609ab68d92ae9173a2b864f
Similar to the CentOS-9-Stream fix [1] this change renames the default
BLS entry to match the current machine-id so that grub2-mkconfig calls
will refresh the kernel options.
However there is an additional issue with the rhel-9 base image. It is
unique in having a dedicated boot partition, so the path to the kernel
and initramfs don't include /boot. This results in an unbootable image
when /boot is a directory of the root partition.
These paths do not get corrected by calling grub2-mkconfig, so this
change performs a sed on the paths to fix them for a root partition
/boot.
[1] I327f5e7a95e47905c01138c8c4483f3f03e8efff
Change-Id: I37a1d310e1854f4a49725e355d484e456ea4fc7a
The check removed here came in with
I4481b43e4a8fe4144be9c7eb9d9c618bbb2df21e a long time ago. At that
time we were not building EFI images, and were building i386 images;
both of which are now untrue.
We can simplify this now by merging it into the gpt/mbr path. If we
are in there we know that we should set --target=i386-pc for BIOS
boot. For sanity check that we are x86 in this path -- PPC is handled
separately (although it's probably bit-rotted) and ARM64 is EFI.
Change-Id: Ie9839c9adc642b0dd688bced3faa46e9314e9799
Co-Authored-By: Clark Boylan <clark.boylan@gmail.com>
OpenDev relies on the epel role to configure the epel repository for our
image builds. Specifically we need epel to pull in haveged. Update the
epel role to recognize rocky and configure it properly.
Change-Id: I968d4702ef39590e972b782a09e18a5db40703ad
This fixes a regression introduced by
Ia99687815667c3cf5e82cf21d841d3b1008b8fa9
It turns out that [[ -d /usr/lib/grub/*-efi ]] is not a good check,
because [[ doesn't split that and try to glob match ( [ would ). This
has resulted in us triggering this path on ARM64.
This is an x86-64 only check, because on other platforms we either
don't support EFI or are EFI only. Restrict this check to get arm64
working again.
Change-Id: I6a75f8504826bcb0ac122d53dfb9faff975077f4
Gentoo updated the layout and files for vaidating stages
At least we can validate cryptographically and infer valid checksum now.
https://www.gentoo.org/news/2022/02/17/changed-signatures.html
Change-Id: I708b44419ae53dec2c19a2210ef427dcd2eb6002
Signed-off-by: Matthew Thode <mthode@mthode.org>
The fedora and fedora-minimal elements currently test Fedora <=34. The
opendev ci mirrors no longer mirror Fedora 34 which means we cannot rely
on those mirrors for these tests. Remove the mirror configuration when
testing these older Fedora builds.
Change-Id: I817b412b7f06523df635e8b16111bc1081b40f66
The reality is that "stable" is what is tested. This tries to give
enough info that users can ascertain what tests are running at any
given time and hence what elements are known to be working.
Additional, clarify the Fedora position in the README as now described
by above.
Closes: #1653561
Change-Id: Ifb91b9089790897861bd7e671c3dba59adac239d
GRUB_OPTS has never been documented as externally available, and is
not used. Assume it's value to simplify the code.
Move the grub version check separately, as we only support grub2
Remove references to buliding i386 images. I don't image it works in
any way.
Remove ci.md, which is no longer relevant.
Refactor the test for "building BIOS image on EFI system" consiberably
after these changes.
Change-Id: Ia99687815667c3cf5e82cf21d841d3b1008b8fa9
The dhcp-all-interfaces element does not work with the predictable names
scheme, fallback to the persistent names scheme as workaround.
Bug: 1960301
Change-Id: I117964a60615a5b7e9984f52f02cd018d1a48ed0
Using rpm -e to remove old kernels fails when other packages also
depend on the removed kernel.
This change reverts back to using dnf to remove the kernel, but also
sets the config value protect_running_kernel=False to avoid the issue
where the build host kernel version matches the version of the package
being deleted.
reverts commit 1ac31afd62.
Change-Id: Ie58630c23a34f2db34f3934abbd0c1076ab9d835
DevStack likes to use LC_ALL=en_US.UTF-8 because it does some
post-processing of output that depends on stable sort-order. Pull in
the langpack package that provides this by default -- fedora-minimal
was doing this via yum-minimal so it makes sense to be equivalent.
Change-Id: I799bcfd73e1cb76ee1808b3441f40b0525e3c73d
AFAICS, use of this was removed with
I7f98a13091056809fedae8a5c8ee10b0ef8bbb2a and I can't see any other
references to it. Correct the comment to describe how it works.
Change-Id: I5123729b7457dcbd4f4a51cff49904f7bd071e9b
Introduce new container image for Rocky Linux, a downstream clone of Red
Hat Enterprise Linux.
Keep non-voting in Check for a while before adding to any gate checks
Signed-off-by: Neil Hanlon <neil@shrug.pw>
Change-Id: Ib383f60bc23b434b400f85c376840a000cafc697
Related-Bug: https://review.opendev.org/805800/
For centos stream, the $releasever is just the major version. Several
of our .repo files are using $releasever in their path, and I think
that 8-stream installs are actually using 8 repos to install from.
For 9-stream, which doesn't have a corresponding 9, we're getting
errors enabling some of the aarch64 tests.
Replace all the $releasever expansions in the .repo files with the
exact version they are being installed for. They don't need to be
generic; we are installing these specific repos for each DIB_RELEASE,
so they don't mix-and-match.
Change-Id: I48d438d8f51280cd060433fc8a67358d8345287f