Allows to use envsubst utility within pegleg container.
Signed-off-by: Ruslan Aliev <raliev@mirantis.com>
Change-Id: I7733854253f3d4a6f9367678d93da9d4056e9535
This PS restores image build for ubuntu_bionic and adds appropriate
gates to keep it tested by appropriate functional and integrational
tests.
Change-Id: Id31d97ced8732d823937fb1f218e7ad8760d735c
This PS delivers focal version of Pegleg image and has the following updates:
- removed release-notes-jobs-python3 gate job because of incompartibility with Sphinx from current requirements
- added focal gate node and switched gates to use it
- added bindep.txt file into project root
- added bindep role into gate jobs
- added ubuntu_focal dockerfile for building focal pegleg image
- switched tox profiles to py38
- uplifted references to shipyard_client, promenade and deckhand projects
- resolved required dependencies conflicts by weakening constraints in Pipfile
- updated tox profile update-requirements for generate requirements.txt and test-requirements.txt
- generated new Pipfile.lock, requirements.txt and test-requirements.txt from Pipfile
- switched tox profiles to use requirements.txt and test-requirements.txt instead of pipenv because of upstream zuul nodes Pypi mirrorring issue
- updated reference to seaworthy site certificates in treasuremap repo
- fixed unit tests issues caused by pytest/mock updates and new openssl version
- fixed focal docker image publishing issue
- added multiprocessing into coverage tests running process
- made unit and coveraget tests more verbosive
Change-Id: I5c4c519dc725cfb8c7b4e14756347c9336028aff
Shpinx incorrectly claims it wants docutils >=0.18 but that is an error
and older versions fail with that, as mentioned here:
https://github.com/sphinx-doc/sphinx/issues/9841
Additionally, the repo URL for OpenSUSE 15.3 python has changed.
Change-Id: I9bee6cf3ad7aaba80a44f2bd2f917b16c776c0d7
pip 21.0 requires Python >= 3.6. [0]
The latest official python3 package for xenial is 3.5.1-3 [1]
Until we stop building xenial images, ensure that an older pip version
is used.
0: https://pypi.org/project/pip/21.0/
1: https://packages.ubuntu.com/xenial/python3
Change-Id: I6a51ae5b9e3222ca404c7ccd7dea1209b20ce8fd
Updates Dockerfiles to build the LibYAML library, which can provide much
faster YAML parsing and emitting than the native Python library.
https://pyyaml.org/wiki/LibYAML
Change-Id: I4cd48d5d5b5dddc44c88e9e08e405db96359ea6f
This patchset updates pegleg airship clients for shipyard and
deckhand to use the new clients, which support bionic base image.
Change-Id: I266747b84c39984b941afd6454647fe0d5510ca3
The `gpg` package does not come preinstalled on Ubuntu Bionic, but is
required in order to run the `genesis_bundle` command. This change adds
an install command for `gpg` to the Bionic image.
Change-Id: I77fa9151fbc947aabb371581ad4defd2cf37af1c
Upgrades Deckhand to revision supporting six 1.12.0
https://review.opendev.org/#/c/677272/
Installs python3 and overrides python3-six version in OpenSUSE image
Reenables OpenSUSE image build gate
Change-Id: Id72dad8e3668d77b06aa8af4278fcdff0cb678eb
A recent change to implement Pipenv caused VCS dependencies (Promenade,
Deckhand, and Shipyard) to not be fully installed in Docker images. This
change removes the "editable" tags from the VCS dependencies to ensure a
full install as having "editable" enabled will only install dependencies
in development mode.
Unfortunately, the "editable" tag is required to install the
requirements.txt for a VCS dependency. To get the lower-level
dependencies installed from VCS dependencies, I implemented a few
commands in the Dockerfiles to retrieve the appropriate requirements.txt
and install them before fully installing Pegleg. An upcoming release of
Pipenv will fix the existing problems with VCS dependency resolution at
which point this temporary solution may be removed.
Adds manual installation of VCS dependency requirements.txt in Docker
Removes "editable" tags from VCS dependencies
Moves docker package to deployment packages from dev packages
Adds .env file to track VCS refs used by Docker for requirements.txt
Change-Id: Ifdb1fe960b32280dcb3c5308e56b2d608f848975
From community meeting on 04-June-2019 Ubuntu Xenial is the default
image for Airship projects, but a desire was voiced to also add support
for Ubuntu Bionic at the convenience of the contributors for each
project.
This patch:
1. Adds a new dockerfile specific to ubuntu:18.04 (bionic)
2. Updates gates to be specific about which ubuntu image is being
checked.
3. Add to .zuul.yaml checks/gates/post jobs for bionic
Change-Id: Ib10641656f48baffec5b03ec48bf864d67209289
It was discovered that some base images when used as an override to
the specified default images do not include the openssh package.
This is particularly problematic if a user wishes to use ssh access
when specifying their repositories in the site's site-definition.yaml
Without the openssh package the following error occurs:
ERROR pegleg.engine.util.git:normalize_repo_path [nnn] The
repo_path=ssh://user@domain:port/site-repo is not a valid Git repo
Adding the openssh package does not impact the current base images as
they already include it, but has the added benefit of ensuring that
a non-default base image will still work with Pegleg.
Change-Id: I154c3db5071a373ad16cb0a0c4c6103b6ea8ac4e
Currently the Pegleg base image is python:3.6, after a full build of
the Pegleg image and pushing it to quay it was discovered that the
final image had more than 600 vulnerabilities in the image scan
report [0].
When inspecting other Airship projects it became evident that only
the Pegleg and Spyglass projects were using python:3.6. The remaining
projects use ubuntu:16.04 as their default base image
Locally scanning with Clair [1] confirmed that the base image plays a
substantial role in the number and severity of vulnerabilities
present in the final Pegleg image. By switching from python:3.6 to
ubuntu:16.04 the number of vulnerabilities reported by Clair was
reduced to 130, none of which were high - from the original 600+ with
~50 high.
This patchset makes the following changes with the aim to reduce the
vulnerability count and severity in the final Pegleg image by:
1. Updating the Dockerfile for Ubuntu builds to use 16.04
2. Updating the Dockerfile to install necessary packages for Pegleg
to run that are not included with the ubuntu:16.04 base image
3. Renaming the Dockerfile to accurately reflect the Ubuntu
distribution
4. Updating the docker build jobs in .zuul.yaml to set the
distribution to ubuntu_xenial
5. Updating the Makefile to set distribution to ubuntu_xenial
6. Updating the pegleg.sh script to use the correct image tag with
the changes to the distribution in (1-5)
7. Updating the documentation to reflect that the Ubuntu base image
is 16.04 (Xenial)
[0]: https://quay.io/repository/airshipit/pegleg/manifest/sha256:86d47bf777216eb28c4fc3594e57b0f758fd532b7e88a17ab8e5bd4f42dcd44e?tab=vulnerabilities
[1]: https://github.com/arminc/clair-scanner
Change-Id: I3c5ef761f9ea01b9673f6a2d08c499e8dc409c9d
Add DISTRO parameter to support multiple distros
Add Dockerfile for opensuse to build leap 15 image.
Change-Id: I7a529476937494e042a4801117489325aa6621c7
The dockerfile and some unit tests were still pointing to review.openstack.org
update those references to review.opendev.org
Change-Id: I161158ac0d66533a1775957864d1bd69dfa9530b
This patch set standardizes the Pegleg directory
structure because of the following reasons:
1) src/bin/pegleg is not necessary and only makes
building (e.g. documentation building) and running
of tox targets unnecessarily difficult.
2) src/bin/pegleg is a Java-like standard that
bears no relevance to Python.
Change-Id: I37d39d3d6186b92f8fbfe234221c9e44da48cf10
1) Use OCI Image Specs for labels instead of custom 'commit-id=xxxxx'
or legacy "Label Schema"
2) Fix missing git commit id labels on images (.revision)
3) Add human-readable title (.title) of the image, URL (.url), and
a few other properties (annotations) according to the latest Specs
Change-Id: I57318d4662d90b439d4b7766f7c67571e0f69f15
l is to let user customize the base image of the component
by passing FROM=myimage during the build process. This would let any
project leveraging Airship ensure that the base image is matching the
security requirements for that project and still use the same Dockerfile.
This will also ease the control of the /etc/apt/source.list
and thereby the result of apt-get update/upgrade procedure.
2. The above goal is achievable by using docker-ce feature such as:
ARG FROM="defaultbaseimage:xx"
FROM ${FROM}
For this reason, the installation of docker.io in the Zuul gating is beeing
replaced by docker-ce.
3. Third Goal is to bring consistency with the other compoenents leveraging
Helm such as the openstack-helm and potentially use bindep the same way
the LOCI images are to ensure
4. The new syntax in the Dockerfile is still commented out until the associated
image builder have been updated to use docker-ce as they have been for the LOCI
images.
Change-Id: I6703589f32487f5668d709f485dae5782b13c002