Commit Graph

55 Commits

Author SHA1 Message Date
d06a66d0f0
make it work for rocky 2023-11-15 11:43:48 -07:00
Erik Berg
b78afe4c62
Fix double-keyed json
The second release masks the first release, which is probably a
mistake.

Order them from most significant to least;
release > distro > family > default

And fix up the indentation.

Change-Id: I54a6a49d4fe001b1a16ab38637cb55542ce96cdb
2023-03-03 12:04:30 +01:00
Ian Wienand
999da87243 yum-minimal: workaround missing $releasedir variable
As described inline, work around missing $releasedir variables seen in
production builds.

Change-Id: Ia114f41d7a2fa86957235996f10a74adeecf767c
2022-05-03 15:47:55 +00:00
Ian Wienand
27903f90e2 yum-minimal: clean up release package installs
This started a long way from here, when I noticed that "top" on centos
9-stream images wasn't working because ncurses-base wasn't installed.

This led me to the extant install of bash/glibc/ncurses-libs from
Iecf7f7e4c992bb23437b6461cdd04cdca96aafa6.  However it didn't really
explain why these are brought in here.

Reading further it became clearer that over the years of distribution
additions, Fedora updates, etc. this has grown into a bit of a mess.

Refactor the release package installs into a more logical flow,
pulling out checks/comments for Fedora's of ancient history, etc.
Remove the 9-stream package installs; this isn't the place for them,
and the should be brought in by the base packages.

Ultimately, this is intendend to a be a no-op refactor.

Change-Id: Ie7d9a6497d0d20a3303ec0da3d0668c74efa2c3d
2022-04-20 09:11:16 +10:00
Zuul
e9774d59bc Merge "Remove contrib/setup-gate-mirrors.sh" 2022-02-09 05:02:40 +00:00
Ian Wienand
88d9ef21e8 Remove contrib/setup-gate-mirrors.sh
AFAICS, use of this was removed with
I7f98a13091056809fedae8a5c8ee10b0ef8bbb2a and I can't see any other
references to it.  Correct the comment to describe how it works.

Change-Id: I5123729b7457dcbd4f4a51cff49904f7bd071e9b
2022-02-01 15:44:01 +11:00
Ian Wienand
d1b2a43a84 centos: do not use $releasever in .repo files
For centos stream, the $releasever is just the major version.  Several
of our .repo files are using $releasever in their path, and I think
that 8-stream installs are actually using 8 repos to install from.
For 9-stream, which doesn't have a corresponding 9, we're getting
errors enabling some of the aarch64 tests.

Replace all the $releasever expansions in the .repo files with the
exact version they are being installed for.  They don't need to be
generic; we are installing these specific repos for each DIB_RELEASE,
so they don't mix-and-match.

Change-Id: I48d438d8f51280cd060433fc8a67358d8345287f
2022-01-28 18:50:43 +11:00
Alfredo Moralejo
cdff9045c0 Add support for CentOS Stream 9 in DIB
CentOS Stream 9 is close to be released, and official mirrors are
already poplated. This patch is adding support to centos-minimal in CS9.

Also enable centos-minimal/[8,9]-stream-build-succeeds tests.

This patch is being tested together with [1] to apply following list of elements:

 vm centos-minimal simple-init growroot nodepool-base openstack-repos infra-package-needs

[1] https://review.opendev.org/c/openstack/project-config/+/811442

Change-Id: Iecf7f7e4c992bb23437b6461cdd04cdca96aafa6
2021-10-27 13:38:14 +02:00
Ian Wienand
5f47584196 yum-minimal: use DNF tools on host
The latest Debian bullseye release doesn't provide yum any more, only
DNF.  This breaks the minimal builds that are using on-host yum tools
to start the chroot.  Probe for yumdownloader, and if it's not there,
use DNF.

Note this requires "dnf download" which may not be packaged.  See
I21cfbd3935e48be4b92591ea36c7eed301230753 for a sample work-around
that installs this plugin in the nodepool-builder container.

Change-Id: Ia7f1e4d115cc67c378d865d91af94a07b8cdc6cc
2021-08-30 14:14:32 +10:00
Xinliang Liu
a6ee4d0c21 Introduce openEuler distro
Add openeuler-minimal element and add CI functional tests for both
x86_64 and arm64.

OpenEuler is an open source community driven YUM/DNF distro like
Fedora. It references Fedora and CentOS a lot for the rpm packages
building. So somewhat it can be treated as a redhat family distro
and reuse the YUM/DNF related elements to help build openEuler images.

For more info about openEuler, see: https://openeuler.org/en

Depends-On: https://review.opendev.org/c/zuul/zuul-jobs/+/803413
Change-Id: I3e06e49b524364c3a4edeba8bce7a8c06b9c7b76
2021-08-04 03:06:55 +00:00
Jay Faulkner
91da6ab885 Permit specification of extra bootstrap packages
This change permits the yum-minimal element to be used in downstream
custom distributions, which may have additional packages containing repo
config or GPG keys needed.

This could also be utilized at a later time to move the
distribution-specific logic in this method to each distribution element
separately.

Change-Id: Ic1434bb2fe7301086cf11ba6bd7f2ee187c5e6c8
2021-08-02 11:57:11 -07:00
Ian Wienand
12b60c4088 Mount /sys RO
As noted inline, this works around potential issues by being a strong
indication you are in a container (e.g. [1]).  Since nothing should be
changing anything on the host/build system, this is a generically
safer way to operate.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1975588

Change-Id: Ic6802c4ffc2e825f129af10717860a2d1770fe80
2021-07-05 11:45:02 +10:00
Steve Baker
5c1f9a3238 Don't install centos-linux-release on 8-stream
This package doesn't exist in the stream base repo, and neither does
centos-linux-repos.

These are presumably replaced by centos-stream-release and
centos-stream-repos. This change adds an else block to handle the
non-stream base packages.

Change-Id: I32249199c3dfa44fc24fba28d24f314112c2e200
2021-02-23 12:57:05 +13:00
Daniel Pawlik
8c714716ed Remove centos-repos package for Centos 8.3
With Centos 8.3, centos-repos package has been replaced by
other packages [1].

[1] https://lists.centos.org/pipermail/centos-devel/2020-September/056069.html

Also Increase flake8 and pyflakes version in lower-constraints.txt as
this was already broken.

Change-Id: Ife139fcaff0c2d944098ea353259971d2d3f18b8
2020-12-14 16:55:21 +00:00
Nicolas Hicher
c160538465 yum-minimal: Add centos-stream-repos package for centos-8-stream
centos-repos package is not available on centos-8-stream:

2020-11-02 15:35:20.962 | No Match for argument centos-repos
2020-11-02 15:35:20.992 | No Match for argument centos-release-stream

The build fails later on install_pkg_manager sed command:

2020-11-02 15:35:22.903 | sed: can't read
/var/cache/nodepool/dib_tmp/dib_build.iPSHptNW/mnt/etc/yum.repos.d/*repo: No
such file or directory

This change ensure centos-stream-repos package is installed to provide
/etc/yum.repos.d/*repo files

This change replace 'centos-release-stream' package with the new
'centos-stream-release' package [1]

[1] https://lists.centos.org/pipermail/centos-devel/2020-September/056069.html

Change-Id: I6c397bf7b5797a02e5f006c18ee63c9cdf66b38c
2020-11-03 09:09:03 -05:00
Carlos Goncalves
367dfc9294 Add support for CentOS 8 Stream
This patch adds support for CentOS 8 Stream [1] to the centos-minimal
element. Users should set DIB_RELEASE=8-stream.

[1] https://www.centos.org/stream/

Change-Id: Id0825de735ab957c10daf35fb3c641f850cc6847
2020-06-22 10:36:30 +02:00
Carlos Goncalves
9d9dd9249c Fix yumdownloader cache dir
TMPDIR env is not being honored as cache dir in EL 8.

Change-Id: I8281675ec5f0951b3e190a8d6727744a1a5cd8d7
2020-06-07 21:58:49 +02:00
Ian Wienand
0c94eef7be Revert "dib-lint: use yamllint to parse YAML files"
This reverts commit 6ee2995214 and
e85c2a6f03.

I missed that if you pip install and then run dib-lint, it's not going
to pick up the .yamllint file shipped here.  Thus it gives spurious
errors.

The reason for this was simply better duplicate key detection in yaml
files, which caused us problems with the kernel installs.  However, at
this point it seems just the old "does it load" test from pyyaml will
be enough.

Change-Id: I87a9fc9bb119cfeffad48fc0fa0df31f0181825d
2020-05-28 16:44:49 +10:00
Ian Wienand
6ee2995214 dib-lint: use yamllint to parse YAML files
This gives us better linting of YAML files that just opening them.
This would have detected the duplicate keys in
I34e27d821fbefe274e7b007f37b0bd34db2e1d26.

The .yamllint is taken from zuul-jobs where it is also used as a
fairly sane set of default rules.

A few minor newline fixes are added.

Change-Id: I96d6644ae24f7deb84fa50fefbda0f0d33e0e009
2020-05-26 12:04:09 +10:00
Ian Wienand
df3ad26f58 yum-minimal: strip env vars in chroot calls
This showed up with dnf in containers when TMPDIR was set; dnf started
trying to write to this directory while in the chroot.

We already do stripping like this in run_in_target -- but this is a
bit of a unique place because it's actually setting up the initial
chroot so the target doesn't actually exist yet; so we just hard-code
it in place here.

Change-Id: If7310cb820846da903bf60daa4486c8bf7cb0136
2020-04-24 12:38:42 +10:00
Carlos Goncalves
ae2be0b464 Fix Yum repositories and GPG keys for CentOS 8.1
CentOS 8.1 split repositories and GPG keys out into subpackages. This
broke DIB support for CentOS 8.

7e41cef418
26a0d73ced

Change-Id: If3de6efa6074e059dc9fdd47c7bdc19d26d4d7f2
2020-01-15 19:39:00 +01:00
Ian Wienand
85a4ec2b2d Add NetworkManager and dhcp-client for CentOS 8
As described inline, NetworkManager and dhcp-client make up the basic
networking for centos 8 installs; bring them into the base image.

Although in infra we then use simple-init, some other users find this
helpful.

Change-Id: Ib9f32e73bf9109cc1b659fe1deceb1a15301ffeb
2019-10-07 10:47:09 +00:00
Ian Wienand
5f3b7cd7b7 yum-minimal: Don't install yum, install libcurl
Don't install the "yum" package, which is a backwards compat around
dnf.  With 687003f we should not need the backwards compat links any
more.

Add libcurl to avoid conficts with in the curl "-minimal" packages
that happens on CentOS 8.  But skip it on Fedora, because it seems to
create more problems there (not going to pretend it isn't all a
hack ... but it seems to work).

Change-Id: I1de2703eb5075a0a22837b6898bd8eb960d080dd
2019-10-03 00:22:18 +00:00
Ian Wienand
1176a45525 Update locales for Centos 8
CentOS 8 has the "new" split-up locales packages.  Fedora 24 is now
long gone, so take out the old branch and apply the lang package
install to Centos 8 as well.

The manual locale cleanup is not necessary on Centos 8; skip it.

Change-Id: Ib65fc15fe471348793fd6efb034517f11abd905e
2019-10-03 00:22:18 +00:00
Ian Wienand
3bc89edd32 yum-minimal : update mirrors for Centos 8
The repo format has slightly changed for CentOS 8 (s/os/baseos/).

Make the chroot builder look for a more specific repos.d directory
first named for the distro variable, then fall back to to top-level
dir (this avoids having to constantly change fedora).

Update the gate mirror setup and roles for new Centos 8 paths too.

Change-Id: I5b7f0c3624cac1d7aa7ed8bf6286b85d808b9c9a
2019-10-03 00:22:05 +00:00
Zuul
b94588c862 Merge "Do not delete cracklib from /usr/share" 2019-09-06 10:25:33 +00:00
Zuul
11a5a86758 Merge "Uninstall linux-firmware and linux-firmware-whence" 2019-09-06 08:43:47 +00:00
Carlos Goncalves
f909000e5a Uninstall linux-firmware and linux-firmware-whence
linux-firmware and linux-firmware-whence (meta package for mostly iwl
firmwares) packages account for approx. 289 M install size on a F30
system, and linux-firmware for approx. 176 M on CentOS 7. Users needing
these firmwares are eventually baremetal users and are not looking for a
very minimal operating system base install like virtual image users are.
Thus, a non-minimal OS element is better suited for them. Alternatively,
it could be later considered a dedicated firmware element.

This is inline with I8ce65e1d357d15e8ed8995ad1dcaea02bbd1986f.

Change-Id: If104fc3c1e9349b8d501a2351fff1ab4c0dbc6a4
2019-09-06 15:32:51 +10:00
Logan V
b98d482d5f Do not delete cracklib from /usr/share
We have an application breaking because /usr/share/cracklib is being
deleted from the image. The application installs its dependencies,
including cracklib, but since yum shows that cracklib is already
installed, it does not reinstall it.

Change-Id: Id6fccf76c706dbc6c2124abcfd12c1f10cef5e09
2019-08-30 15:11:26 +02:00
Zuul
9ef7f73b6a Merge "Allow extra repositories to be added to images" 2019-08-30 07:02:46 +00:00
Carlos Goncalves
9eb175e440 Allow extra repositories to be added to images
This patch adds option DIB_YUM_MINIMAL_EXTRA_REPOS to yum-minimal to
allow DIB users to include extra repositories to their final image.

Change-Id: I89549f4b0f4c9470143b5064817acab5043e31c5
2019-08-15 16:20:21 +02:00
Ian Wienand
efa3f3675a yum-minimal: install fedora-release-cloud
Something (possibly [1], but that change is at best cryptic) has
changed such that we don't get correct /etc/os-release files
installed.  This flows on to grub half-installing itself, enough to
not fail the build but not enough to make something bootable.

Installing the -cloud release package gets it back, and seems like a
sane choice for dib.

[1] 617b1bed34

Change-Id: Iff0413887fad798273b2bfcb140cc07f36d54a04
2019-08-15 15:56:13 +10:00
Clark Boylan
abb6aed459 Only enable dbus-daemon on fedora-29
Previously we were trying to enable dbus-daemon service on all prior to
fedora 30. Unfortunately 28 and older don't have this service so this
broke those releases and only worked for 29. Fix this by only enabling
this service on fedora 29.

Change-Id: I1bd15dcf0bbe270afccb0c0c3ea6ad08862a53f1
2019-07-12 10:21:49 -07:00
Paul Belanger
5d60979e93 Use fedora-release-common for fedora 30+
It looks like fedora-release on fedora 30+ has been split into sub
packages. Use fedora-release-common to avoid package conflicts.

Change-Id: I8f8711044fc4074b91939e0a6dfdac4d7a14a35b
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2019-05-07 12:08:50 +00:00
Paul Belanger
38d7574127 Only enable dbus-daemon for fedora-29 and below
In fedora-30 is when we migrate to dbus-broker, fedora-29 is still using
dbus-daemon.

Change-Id: I1e1d3a3826157b8b22386c211eaa58b6439b5f3c
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2019-05-06 17:49:42 +10:00
Ian Wienand
7cb5916a76 Enable dbus-broker for Fedora 29
As described in the comments, it seems the transition between
dbus-daemon -> dbus-broker in Fedora 29 has made it so the packages
can get into a state where neither service is enabled.

Explicitly install and enable dbus-broker for F29

Change-Id: I06753043a75be2f635653899c6c251b9fbdd7c67
2019-01-31 18:08:37 +11:00
Zuul
6ab9655ca3 Merge "Fix /dev/pts mount options handling" 2017-12-01 02:01:46 +00:00
Ian Wienand
1b203f8a38 Pre-install curl
As described, Fedora 27 has a curl-minimal package that comes in to
satisfy the rpm package dependency.  It conflicts with the "real" curl
package -- which is so commonly installed (by infra elements, etc)
that this becomes an annoying problem.  Just pre-install the full curl
package.

Fedora 24 is old enough to not worry about, so remove some old
workarounds to make the flow a little simpler.

Change-Id: I67baf96377109ac4521ba00243a0d91b35fafba0
2017-11-30 15:15:42 +11:00
Ian Wienand
bf8de79940 Install fedora-gpg-keys for F27
The repo GPG keys moved into a separate package [1] which now needs to
be installed.

Since the fedora-release/fedora-repos split is *long* since over,
remove that work-around and add this one.

[1] https://pagure.io/fedora-repos/c/f69f3729511c3eba5f470b1d90ea2bfee372eb29?branch=f27

Change-Id: I9ad28d5bdb78375ae21dbb16e2d8c4effb32cb35
2017-11-30 15:15:37 +11:00
Andreas Florath
46a07de480 Fix /dev/pts mount options handling
The current implementation - as introduced in
Iee44703297a15b14c715f4bfb7bae67f613aceee - has some shortcomings / bugs,
like:

* the 'grep' check is too sloppy
* when /dev/pts is already mounted multiple times the current implementation
  fails:
  $ mount | grep devpts | sed 's/.*(\(.*\))/\1/'
  rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000
  rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000
  rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000
* code duplication
* Using the undocumented and non-robust output
  of 'mount'.

This patch fixed the above problems.

Change-Id: Ib0c7358772480c56d405659a6a32afd60c311686
Signed-off-by: Andreas Florath <andreas@florath.net>
2017-11-24 07:14:56 +00:00
Markos Chandras
da02f37de1 elements: Respect devpts mount options
This is a continuation for f2cc647dae ("diskimage_builder: lib:
common-functions: Fix options for devpts mount"). We also need to
respect the devpts mount options when the dib elements are mounting
this virtual filesystems themselves.

Change-Id: Iee44703297a15b14c715f4bfb7bae67f613aceee
2017-11-14 08:31:55 +00:00
Zuul
bc6c928bb9 Merge "Move to a common lock-file directory" 2017-11-07 17:32:28 +00:00
Ian Wienand
b25d0337b8 Move to a common lock-file directory
In a couple of places we use flock for critical sections, but we leave
lockfiles around in various locations which can be confusing.

Introduce DIB_LOCKFILES global (under ~/.cache/dib/lockfiles) and
write lockfiles in there.

Fix up removal of the lockfile in the yum path; we just want to make
sure we cleanup the .rpmmacros file, but we don't need to remove the
lockfile as well.

Co-Authored-By: Andreas Florath <andreas@florath.net>

Change-Id: Ie810b2836be521325afe923708d046112e1e1e20
2017-10-26 16:27:59 +11:00
Andreas Florath
cebfcf85f9 Use -t devpts for /dev/pts mounts
Currently a bind is used when mounting /dev/pts in chroot.
This leads to problems - especially when running DIB in parallel:
It was observed that the /dev/pts mount vanishes from the host
system.

This patch uses '-t devpts' - as it is done for /sys and /proc -
for handling /dev/pts.

Change-Id: Id7775ae6fca6502af800e7b73a00862ef320206b
Signed-off-by: Andreas Florath <andreas@florath.net>
2017-10-23 07:13:02 +00:00
Ian Wienand
818b75af41 Move selinux packages to redhat-common
Change I008f8bbc9c8414ce948c601e3907e27764e15a52 has shown that we
build redhat images without the "semange" tool available, which comes
from the policycoreutils-python package (see also
I3f9e2c322d042a5dddba33451c0fc21a4d32a88a).

I403e7806ae10d5dd96d0727832f4da20e34b94c7 added some of the selinux
libraries to yum-minimal for ansible support, but not to others.

Given both these changes, it seems that selinux[-targeted],
libselinux[-python] and policycoreutils[-python] can reasonably
considered part of all base images.  Move the selinux related packages
into redhat-common.

This also adds it explicitly to install_test_deps.sh.  It was actually
being dragged in by the docker install, but is a required component
for building (should be in bindep, but not there with that yet).

Change-Id: Idd4ae71ee6deee84604823b6b5dc4a845f316e01
Related-Bug: #1707788
2017-08-01 11:08:54 +10:00
Ian Wienand
6ffde2e596 yum-minimal: pre-install coreutils
As described in the referenced bug, the dependency solver in yum
doesn't handle weak dependencies well and in some cases, such as
Fedora 26, can end up choosing coreutils-single (the busybox-esque
single binary) instead of actual coreutils, which then causes problems
with conflicting packages later.

Change-Id: I2907bf3b74c146986b483d52cc6ac437036330b4
2017-07-18 14:51:18 +10:00
Ian Wienand
18a0d970fa Move ironic-agent test to fedora-minimal
I'm uncertain as to why this is using the "fedora" element for testing
... but it requires downloading the fedora .qcow on every test which
has shown to be unreliable.  An easy thing to do is to switch it to
fedora-minimal; that will only involve downloads from local mirrors in
the gate.

Add redhat-rpm-config for minimal.  I admit I have not fully gone
through why this is not pulled in.  It's been an issue since
I459f2203fa145049dda185da952813118193d573 and there's all sorts of
bugs.

Change-Id: I37458e3926dae32a259bd5aa9efc645561b029a0
2017-06-21 15:05:36 +10:00
Ian Wienand
649f0b66d9 Start at using CI mirrors for fedora/centos
fedora/centos-minimal don't obey DIB_DISTRIBUTION_MIRROR currently.  I
don't really want them too -- we want to be able to separate the
mirrors used during the build process from those embedded into the
final image.  Add DIB_YUM_MINIMAL_BOOTSTRAP_REPOS which is a directory
with repo files to use during the install.

This introduces setup-gate-mirrors.sh which is intended to setup
repo/sources/whatever files in the openstack gate that point to the
local region mirror.  It pulls the info from the mirror_info.sh script
on each CI node.

The openstack-ci-mirrors element is updated to export these variables.
elements are updated to depend on it.  Tests are restored

Change-Id: I7604fc4d41cb1483be16b8d628a24e8fc764f515
2017-06-21 12:02:27 +10:00
Andreas Florath
e4e23897a1 Refactor: block-device filesystem creation, mount and fstab
This patch finalizes the block device refactoring.  It moves the three
remaining levels (filesystem creation, mount and fstab handling) into
the new python module.

Now it is possible to use any number of disk images, any number of
partitions and used them mounted to different directories.

Notes:

 * unmount_dir : modified to only unmount the subdirs mounted by
   mount_proc_sys_dev().  dib-block-device unmounts
   $TMP_MOUNT_PATH/mnt (see I85e01f3898d3c043071de5fad82307cb091a64a9)

Change-Id: I592c0b1329409307197460cfa8fd69798013f1f8
Signed-off-by: Andreas Florath <andreas@florath.net>
Closes-Bug: #1664924
2017-05-12 13:52:02 +02:00
Ian Wienand
6802cf7100 Run dib-run-parts out of /tmp
The dib-run-parts element was copying our internal version of
dib-run-parts into /usr/local/bin to be used running scripts inside
the target chroot.  However, it never cleaned up after itself.  This
means all images were left with an unmanaged local install of
dib-run-parts.

This copies dib-run-parts into the hooks directory of the chroot and
runs it from there.  It is cleaned up automatically on the exit path.

The dib-run-parts element is no longer required and it has been
removed from all dependencies.  It is left with a deprecation notice
in the README.  For compatability we convert it to simply install
dib-utils.

Codesearch shows no users depending on this unintentional implicit
install.  Note os-refresh-config depends on dib-utils and thus will
have an explicitly installed version.

Partial-Bug: #1673144
Change-Id: Ia2e96c00a4246c04beb96c17f83b8aefb69219ca
2017-04-05 13:11:22 +10:00