Commit graph

2725 commits

Author SHA1 Message Date
Ian Wienand
6c8d7432a6 Set grub device in /etc/default/grub
Currently we run grub-mkconfig then go and edit the generated output
in /boot/grub/grub.cfg to override the "root=" arguments to our label.

If another element like project-config's
finalise.d/99-fix-grub-timeout then goes and re-runs grub2-install, it
overwrites these changes.

Grub has GRUB_DEVICE which should override the root device.  Let's try
using this.  Maybe it wasn't around at the time, this code is
more-or-less unchanged from I7d83bb2b359e7a8c3858eca04c96e35cf4e1fe9e

Change-Id: Ibaaa81124098f3c6febe48e455d3e1cd0a5f1761
2017-01-16 09:53:56 +00:00
Luong Anh Tuan
ff8ae43265 Replace yaml.load() with yaml.safe_load()
Avoid dangerous file parsing and object serialization libraries.
yaml.load is the obvious function to use but it is dangerous[1]
Because yaml.load return Python object may be dangerous if you
receive a YAML document from an untrusted source such as the
Internet. The function yaml.safe_load limits this ability to
simple Python objects like integers or lists.

In addition, Bandit flags yaml.load() as security risk so replace
all occurrences with yaml.safe_load(). Thus I replace yaml.load()
with yaml.safe_load()

[1]https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html

Change-Id: I84640973fd9f45a69d2b21f6d594cd5bf10660a6
Closes-Bug: #1634265
2017-01-16 15:07:05 +07:00
Jenkins
50941b13bc Merge "Update documented default Ubuntu version" 2017-01-15 23:31:57 +00:00
Andreas Florath
022d93ee82 Unify tidy up logs in lib/img-functions
Cleaning logs was split, some was done in the
img-functions.finalise_base, some was done in the base element.
The version unifies tidy up logs in the lib/img-functions.
Especially when building docker container images the base element
cannot be used. This patch removes about some hundreds KB of
useless logs in cases when the base element is not used.

Change-Id: I165bafb73daf9144c2f3a83930e85e8d8cf5fae3
Signed-off-by: Andreas Florath <andreas@florath.net>
2017-01-14 09:40:44 +00:00
Jenkins
1f75aea634 Merge "Handle failure of carrier check in dhcp-all-interfaces.sh" 2017-01-13 20:11:20 +00:00
Jenkins
56d0dfc27b Merge "Also check bin/ for tabs" 2017-01-13 18:33:32 +00:00
Jenkins
753ab9a019 Merge "Make DHCP timeout configurable" 2017-01-13 06:19:54 +00:00
Ian Wienand
812ded362d Also check bin/ for tabs
Add bin/ to dib-lint basic script checks

Change-Id: I92849ab608a6c792d790f041dc7614278c274d30
2017-01-13 15:45:56 +11:00
Jenkins
14957664d4 Merge "Fix Gentoo builds on Ubuntu 16.04 Xenial hosts" 2017-01-12 23:07:27 +00:00
Jenkins
b8a985fc02 Merge "Run dhcp-interface@.service after network.target" 2017-01-12 15:47:03 +00:00
Bob Fournier
f8eba14d99 Handle failure of carrier check in dhcp-all-interfaces.sh
As described in the bug, there are conditions with certain switches
in which the interface is 'admin down'ed during initialization.
Doing a 'cat' on /sys/class/net/<interface>/carrier when it is
'admin down'ed produces an 'Invalid Argument' error and the script
terminates.  What this fix does is ignore failures of the 'cat'
operation (by '|| echo 0') and place the link up inside the retry
loop.

Change-Id: I4f098aa5078b8482681394a3e9a6b17ed4bd4451
Closes-Bug: 1654046
2017-01-12 10:36:43 -05:00
Matthew Thode
6c5234e162
Fix Gentoo builds on Ubuntu 16.04 Xenial hosts
Xenial's bind of /dev into the chroot includes /dev/shm which is in
use by the host.  An alternitive fix for this would be to use rbind
to recursivly bind mount /dev instead of just the base bind of /dev

Change-Id: I2c0f70afd1e82dd52a522f0dd2b3ea618b30b6c6
2017-01-10 10:34:12 -06:00
Jenkins
7fc4856c6a Merge "Update component docs to refer to ironic-agent" 2017-01-10 04:27:44 +00:00
Jenkins
4e99a9c9e2 Merge "Change "Openstack" to "OpenStack"" 2017-01-10 02:34:25 +00:00
Ben Nemec
ccd00b10b2 Make DHCP timeout configurable
As noted in the bug, there may be circumstances where a longer
timeout than the current default is needed.  This patch allows users
to tune this timeout for their environment if need be.

Change-Id: I173f3dad684894fbc3c27dece5ae15b5f63bae5a
Closes-Bug: 1654027
2017-01-04 15:41:04 -06:00
Ben Nemec
5bed4a6d5e Run dhcp-interface@.service after network.target
When we configure dhcp interfaces before network.target has run,
network.target will try to bring up those interfaces a second time
after our service does so.  This causes two issues - first, the
network target will always fail because it can't bring up an
interface that is already up, and second, when configuring interfaces
that don't actually have an available DHCP server it will result in
a five minute delay waiting for DHCP on those interfaces.  This will
also cause the network target to fail and is an unnecessary delay.

By moving the dhcp-interface service to run after the network
target we avoid both of these problems.  network.target will still
bring up the interfaces on subsequent boots.  This could result in
the five minute delay happening on reboots, but the expected use
case for interfaces without DHCP is that they would be configured
statically on initial deployment so this should be a minor issue.

The dhcp-interface service is also configured to run before the
network-online target so that services which depend on the network
actually being available will not race the DHCP process.

A snippet from /var/log/messages on a node with this patch applied
is included in the bug to demonstrate the behavior described above.

Change-Id: I5cfabf20f920beea52abf4c42362b6f6ac0b37c4
Closes-Bug: 1653812
2017-01-04 10:49:59 -06:00
Julia Kreger
197ab47226 Update component docs to refer to ironic-agent
The components documentation was previously referring to the
ramdisk image for deployment, which was previously deprecated.

Corrected to point to the ironic-agent element.

Change-Id: I770460041eb13523896aaadb7705bdc3db1a54ca
2017-01-03 23:34:13 +00:00
Cady_Chen
1d4bb04853 Change "Openstack" to "OpenStack"
According to the word choice convention in
http://docs.openstack.org/contributor-guide/writing-style/word-choice.html
We should use OpenStack instead of Openstack.

Change-Id: I66f0bf9eb81593220eb0000fe8192c478e8d075d
2016-12-30 01:15:27 +00:00
Matthew Thode
d6fe34cc59
update pkg-map entries for python3
Map python3 packages properly, or else we get invalid package names.

Change-Id: I7af8621c856c689840a11d3cb9d094f02a0b9593
2016-12-23 20:17:34 -06:00
Gregory Haynes
7603f97cad Revert "Revert Xenial to Python 2"
We landed the fix for this in
Icdb769541eee9793f261b4b8ec563be76ee13fe2.

This reverts commit 2978ff885b.

Change-Id: Iecfc41ab2aad57bc4f6f86a13810b534d19a8fd5
2016-12-22 14:26:35 +11:00
Gregory Haynes
54b2733ad8 Dont run with VIRTUAL_ENV set
debian ships a modified site.py which has some interesting behavior when
VIRTUAL_ENV is set. In this case it will add
/usr/lib/pythonx.x/site-packages to the start of sys.path. This causes
pip to install packages to this location (rather than /usr/local). As a
result, later on when booting where VIRTUAL_ENV is not set this branch
is not hit and the path where python packages were installed is not part
of sys.path.

Change-Id: Icdb769541eee9793f261b4b8ec563be76ee13fe2
2016-12-21 22:40:46 +00:00
Andreas Florath
7337c9e706 dib-lint: python3 compatibility fixes
When using up to date distributions for dib development, pep8
installs using python3.  This patch fixes the problem, that
not the complete dib-lint (which is called) is compatible
with python3.

Change-Id: I417d03746edb4d34011b997edf8b5b9662ea6f09
Signed-off-by: Andreas Florath <andreas@florath.net>
2016-12-21 20:29:26 +00:00
xhzhf
f6ecfb3b24 H803 hacking have been deprecated
H803 hacking have been removed.
https://github.com/openstack-dev/hacking/blob/master/setup.cfg
Closes-Bug: #1650741

Change-Id: Ic88b431d9260c6e31717b001ff657d10d76b9213
2016-12-21 22:19:59 +08:00
Pierre Riteau
0576d20d49 Update documented default Ubuntu version
Since commit fd5fbdd4b5 xenial is the
version used by default.

Change-Id: I18e01d806635539b2d6c8a4e6b2d25460647c910
2016-12-21 11:49:27 +00:00
Ian Wienand
2978ff885b Revert Xenial to Python 2
There are issues with pip packages and a python3 only Xenial systems.
This is occuring after Ie609de51cc5fcde701296c9474e315981d9778a2.

We believe the issue is with VIRTUAL_ENV being set within the chroot
and messing up pip installs
(Icdb769541eee9793f261b4b8ec563be76ee13fe2) but a full solution is not
yet clear.

For now, set Xenial to ensure we use python2.  Install the package for
the ubuntu element (75-debian-minimal-baseinstall will install python2
for the minimal elements).

Change-Id: Id403919b0af93b375a900186c01a0d3a3bdfafea
2016-12-21 20:46:13 +11:00
Antoine Musso
2209d34372 debootstrap: avoid duplicate network configuration
On Debian network configuration can be done via /etc/network/interfaces.
It can accept a statement to load additional files, which varied in
history:

Wheezy only supports 'source' (see b822581)
Jessie supports 'source-directory' and comes with the statement by
default.

However since 754dd05 we inconditionally inject 'source', thus on Jessie
the configuration ends up with:

 source-directory /etc/network/interfaces.d/*
 source /etc/network/interfaces.d/*

When networking is started, 'ifup -a' parses the list of interfaces
twice. When configured with dhcp, that causes two dhclient to spawn
which might conflict with each other.

Inject the source statement only if there is neither a source or
source-directory with the same path.

Change-Id: Iefa9c9584f676e50481c621b4111eded3125a50b
2016-12-21 10:23:32 +01:00
Jenkins
e32688e71e Merge "Start func testing on centos-minimal again" 2016-12-21 04:13:42 +00:00
Jenkins
9ee7acc5ee Merge "Increase func testing for ubuntu-minimal element" 2016-12-21 04:03:57 +00:00
Paul Belanger
9d9a1e3000 Start func testing on centos-minimal again
Because we run this image in openstack-infra, we want to increase our
test coverage to help avoid potential breaks to our CI systems.

Change-Id: I26405e3f7465654075278ec35b5e0da1338bb45e
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2016-12-21 11:52:14 +11:00
Paul Belanger
d9dcb3fe99 Increase func testing for ubuntu-minimal element
Since we still run these 3 version of ubuntu-minimal elements in
openstack-infra, also run functional testing for them.

Trusty and xenial will be in voting gate, precise added as skipped for
non-voting.

Add the default skip/run status to the "-l" output just to confirm
this too.

Change-Id: Icfbfd0cb7d9acae824972474b77e2fe0486c4f69
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2016-12-21 11:50:47 +11:00
Jenkins
c73e6b5ab1 Merge "Set grub timeout default" 2016-12-20 22:45:07 +00:00
Jenkins
a6f7e30055 Merge "Add squashfs output image format" 2016-12-20 03:50:29 +00:00
Jenkins
9351618e70 Merge "Add output image format tgz support" 2016-12-20 03:48:24 +00:00
Jenkins
0a34d135fb Merge "Switch py34 tests to py35" 2016-12-20 03:41:25 +00:00
Jenkins
f9055b938d Merge "Support sysv init system used by Debian Wheezy" 2016-12-20 03:31:31 +00:00
Jenkins
05de769154 Merge "Update our package classifiers" 2016-12-20 03:03:52 +00:00
Ian Wienand
4585955a8b Remove yum chroot caching
Every run we are doing a full tar.gz of the chroot environment that
never gets used.

It's not suitable for CI since we use fresh images each time there.

The cache in general isn't really isn't a very safe thing to have
around, because there's no invalidation procedure and no real way to
make one -- we've no guarantee that a new chroot build even moments
after a previous one wouldn't bring in or different packages, etc (of
course this is *unlikely*, but the longer you go between builds the
worse the problem becomes.  Also, tons of packages get installed after
this not from any cache, so potential speed-up is rather marginal.

Debian turned this off with I58fc485aacacaa17243bf9ce760ed91256d1f182.
However, given the reasons above and it's complete lack of testing, I
don't see this as useful.

If we really want this type of thing, I think we should come up with a
way to use a persistent external yum/dnf cache that yum/dnf keeps in
sync with it's usual invalidation rules.

Change-Id: I66789c35db75c41bc45ea1ad2e26f87456de4e4d
2016-12-20 13:56:46 +11:00
Ian Wienand
61087d33e9 Set grub timeout default
Set the grub timeout to 5 seconds by default, and add notes on how to
update this.  This will stop infra having to carry an element that
goes and rewrites the grub configuration.

Change-Id: I556b3f48eff1b67ee8c4b9b64f749af95100fb99
2016-12-20 11:46:22 +11:00
Gregory Haynes
54dd54d81d Switch py34 tests to py35
Py35 is now commonly available on things like -infra test nodes, lets
use that instead.

Change-Id: I554ec84d709a9937df5ec3c2fa7eab8f158cf64e
2016-12-19 23:22:24 +00:00
Jenkins
46af2452f7 Merge "Generate ssh-hostkeys on boot for ironic agent" 2016-12-19 22:55:30 +00:00
Gregory Haynes
7c4c304f8a Update our package classifiers
Our setuptools action classifiers are woefully out of date, notably: we
are no longer alpha and we support python3.

Change-Id: I2425152129406e22073936275761bd5d850903fb
2016-12-19 18:55:44 +00:00
Jenkins
029b6dd3d5 Merge "set default DIB_PYTHON_VERSION=2 for rhel7" 2016-12-19 18:07:31 +00:00
Jenkins
bbe81c30be Merge "Switch to openSUSE Leap 42.2 release by default" 2016-12-19 08:40:32 +00:00
Noam Angel
4789aa317e set default DIB_PYTHON_VERSION=2 for rhel7
python 3 not exist on minimal/KVM guest image. set default python version
2 for rhel7 also.

Change-Id: Icbc10e742da8dded25625a1eed0a79065702837d
2016-12-19 07:31:34 +00:00
Tristan Cacqueray
9d13084c41 Add squashfs output image format
The squashfs format brings a couple of advantages over the other
formats. Image is often an order of magnitude smaller and it can
be used natively, either as an initrd, either with loop mount.

Change-Id: If72940b0c4dafb2504c52dd0429a8eb3f8305751
2016-12-19 07:21:39 +00:00
Jenkins
e0a2163157 Merge "Fix bootloader element on ppc" 2016-12-19 04:55:05 +00:00
Jenkins
b8e60d52ea Merge "FIx the DIB_CLOUD_INIT_ALLOW_SSH_PWAUTH variable name in README file" 2016-12-19 04:10:17 +00:00
Jenkins
9e9425ba3a Merge "Install dracut-generic-config package" 2016-12-19 02:58:55 +00:00
Paul Belanger
da41ee6012 Add output image format tgz support
We now support tgz (tar.gz) as an output format.

Change-Id: Iadec92f2f96c3f904f28bd49f87ffc7d48ef7bd7
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2016-12-17 16:41:42 -05:00
Ian Wienand
f6a02fbdb9 Install dracut-generic-config package
dracut has a "hostonly" mode where it builds an initramfs that is
suitable for booting the system it is building on.  This is on by
default, but obviously in our nested multi-platform chroot situation
this is fraught with danger.

As highlighted by [1] our builds were inadvertently turning off
"hostonly" mode when the mountpoints in the chroot were not found.
The CentOS 7.3 behaviour change broke this and we ended up with an
initramfs with no file-system modules.

Iaf2a1e8470f642bfaaaad3f9b7f26cfc8cc445c9 introduced a regeneration of
the initramfs, which I think does work as described because it runs in
the loopback device.

However, dracut includes a package that installs configuration
overrides to build a generic initramfs.  This is really what we want,
and should solve the problem no matter where the initramfs is created.

Add this package into yum-minimal and remove the extra re-create call
which should not be necessary.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1405238

Change-Id: I5d203f2abe743cb23a44d449850e692a948e7871
2016-12-17 16:37:55 +00:00