Since change I1bc19f8198da3f9ab2ae2a8864c3349b21b0249e we install the
centos-release-ceph-reef package as a dependency, but some code was
still expecting the quincy package.
Change-Id: I8ebcf815d80f3bead25e0078d69b34e17ad013bd
Fixes a hypothetical security issue related to privilege escalation via
rootwrap/privsep. A potential vulnerable service could previously allow
writes to its rootwrap/privsep config and thus allow for more commands
to be run with root privileges via rootwrap/privsep. For a succesful
attack, this would also require the service to allow to run arbitrary
commands via rootwrap/privsep. Thus far, no such vulnerabilities have
been reported and thus this fix is simply strengthening the container
images against such an issue in the future.
Change-Id: I92c81c77e6a16570a108cde8031f7977930fb02a
Closes-Bug: #1874298
Cinder-volume container can operate on multipath devices but
fails to do so due to absent multipath package for several images.
This fix explicitely adds multipath to the image.
Closes-Bug: #1970541
Change-Id: I14af40078508b06e46866b77ab200228ec827a0d
Tim Shearer started it in 1d96a2bbe1.
Since all extend_start files are sourced rather than executed, the executable
bits are now cleared throughout the project.
Change-Id: Ia1797c32fc6a35f9f077c673abf4d8e16e51a760
As we have one type of images now some RUN calls could be merged so we
will have less layers in resulting images.
Change-Id: I5178c58fbd8c65efe825dc249c0f1368ef0fe8e0
Explicitly set the permissions on the kolla-toolbox kolla_extend_start
file. Also, since all extend_start files are sourced rather than
executed, the executable bits are now cleared throughout the project.
Change-Id: I5c2deb4a2e33575d57c852089f856a9acc6818d0
Big patch drops all mentions of binary images support. Suggestions are
welcome how to split it into parts or handle better.
Change-Id: I5d5a46c6ce7734ceb8b844e17b43e359d7cac6e3
This is a follow-up on "Refactor httpd install to base image"
[1].
It seems a copy-paste algorithm was used to craft Dockerfiles
for some httpd-enabled services which resulted in an abundance of
ldappool packages getting installed, even in the 'source' case.
This seems to have also kept ldappool at a lower version because
it did not get updated via pip later.
This patch deals with that and also moves ldap deps for Keystone
to their proper place in 'source' case (extras).
Note Keystone client gets installed in openstack-base.
Cinder does not need to include Keystone either.
[1] https://review.opendev.org/744037
Change-Id: I017d7a6a5d2b1ae6c04556dcf172453a36de5be7
Refactor installing and initial setup of httpd and mod wsgi from
individual services to base image.
Change-Id: I651a55a9ebe258ef403d33de010a4dfb368a4021
This variable won't be used by Kolla Ansible once change
Ia786d037f5484f18294188639c956d4ed5ffbc2a is merged.
Change-Id: I600e24896e74496f05387183c10d6c8c6bbbb17b
Depends-On: https://review.opendev.org/735617
With the move to RHEL/CentOS 8 we no longer have Python 2 in our images
so there is no need for checking which Python version (2.x or 3.x) is
used inside of containers.
We also no longer have to support yum as a value for
distro_package_manager.
Partially-Implements: blueprint centos-rhel-8
Change-Id: Ie45cf3465fedddbde7856961527421883ba3d5c9
The extend_start.sh script for cinder-api uses an incorrect test to
check if the MAX_NUMBER variable is set. This leads to a incorrect
cinder-manage command being run if this variable is not set, making the
database migration fail.
This change fixes the test to properly use the MAX_NUMBER variable.
Change-Id: Ie46da709db0de09a9cf641b3c154275282f213fc
Closes-Bug: #1866827
Storage SIG has built Ceph Nautilus and Ganesha for CentOS8 in CentOS
Build System.
Let's switch to use them in kolla.
Change-Id: Id37dca84c4eb918aaf2d3c036ef5387fe75988dd
The only Ceph version that will support CentOS 8 is Octopus.
It will be released end of March 2020 - so for now let's use master.
Change-Id: I5955acb41e7346802d76f4f2b244cbf5c36f5bf2
Partially-Implements: blueprint centos-rhel-8
* Some further changes for python2 vs python3 packages
* Allow rabbitmq 3.7.*, since a newer erlang is available
* Switch from qemu-img-ev to qemu-img on CentOS 8
* bridge-utils no longer available on CentOS 8
* libvirt-daemon-driver-lxc no longer available on CentOS 8
* Mark some more images buildable for CentOS 8
Change-Id: Iaf5b68ff6d944ae730ca0b1d5832172c106a6c08
Partially-Implements: blueprint centos-rhel-8
Partially-Implements: blueprint centos-rhel-python-3
Finding the root cause of attach/detach operation on volumes can be very
complicated.
This patch adds the cinderlib RPM to the cinder-volume container, which
can, in many scenarios, really help debug these issues on live nodes
(controller and compute) without affecting our running services.
Change-Id: I5f55c892b1ae9eba9b6af8a45ef7dfad515c7b05
In CentOS/RHEL 8 there is no scsi-target-utils package, nor is it
available in EPEL. In RHEL 7 and beyond the LIO kernel subsystem can be
used instead of the tgtd daemon.
This change removes support for the SCSI target daemon on CentOS/RHEL 8.
The 'tgtd' image is no longer available for CentOS/RHEL 8.
Change-Id: I56f230d66f75dd0546325676278f91579f08c822
Signed-off-by: Maciej Kucia <maciej@kucia.net>
Co-Authored-By: Maciej Kucia <maciej@kucia.net>
Co-Authored-By: Mark Goddard <mark@stackhpc.com>
Related: blueprint centos-rhel-8
Depends-On: https://review.opendev.org/631479/
All Apache httpd setup has been moved to a new helper script,
kolla_httpd_setup. This includes the existing clean of /run/httpd,
/var/run/httpd, /tmp/httpd etc.
Horizon has an additional bit of Apache config for Debian/binary, which
has been kept in extend_start.sh for horizon.
Change-Id: Ia2af74b69c151db0bd7e452460b0babcee50b282
Related: blueprint centos-rhel-8
Disable external repositories by default and enable only when needed.
Depends-on: https://review.opendev.org/696480
Implements: blueprint repos-off-by-default
Change-Id: Icf2a8397a8349e0fe849d88d160409fd234480a9
backport: Stein
During the switch to Stein UCA, we did not switch all packages to python
3 for Debian/Ubuntu binary images. This change switches some more of
those packages.
Change-Id: I0bff21384d88ea678608392de2db1ba418c96665
Co-Authored-By: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Commit 43b74ccc15 enabled use of Python 3
based packages but not switched to use Python 3.
Some of images still contain Python 2. There are two reasons:
- Ceph (ceph-common depends on Py2)
- python3-ldappool on Ubuntu 18.04
In Ceph situation Py3 packages were added. For second one we can not do
anything - Py2 dependency got dropped in Ubuntu 18.10 version.
Removed neutron-server-plugin-networking-infoblox due to being not
maintained. Once https://review.opendev.org/#/c/657578/ get merged
someone may revert that part.
Implements: blueprint debian-ubuntu-python3
Depends-on: Ie2a1077f7def0743f1403341985e2109aa490026
Change-Id: Ibfe0c2b8be98db56c61f74fb0247488ab3749ef4
Ubuntu/source deployment of several images (horizon, placement-api, zun)
failed with:
+ exec /usr/sbin/apache2 -DFOREGROUND
apache2: Syntax error on line 80 of /etc/apache2/apache2.conf: DefaultRuntimeDir must be a valid directory, absolute or relative to ServerRoot
Change-Id: Ie2a1077f7def0743f1403341985e2109aa490026
RDO is currently working on python3 support for the next version of
CentOS/RHEL based systems. This package uses the distro_python3 flag
that was added as part of I4028991bad92c0e8e21066cc4173c06ce5eba393 to
use the python3 specific package names. This change only adds python3
package names for RHEL systems.
Conflicts-With: https://review.openstack.org/#/c/636457/
Change-Id: Iad6b70b433a0dd1b0f8ae6790fd280594517661a
Related-Blueprint: python3-support
Both Ubuntu Stein UCA and Debian 'buster' migrated their OpenStack
packages to Python 3.
Note that Debian 'buster' is not released yet and contains Rocky
packages. Stein ones will be available later.
Co-Authored-By: Lee Yarwood <lyarwood@redhat.com>
Co-Authored-By: Eduardo Gonzalez <dabarren@gmail.com>
Change-Id: I160f79cc57f54ec3eac857c5babd1a6e2656d228
This change updates the docker files to use base_package_type instead
of doing specific distro checks for the rhel/deb generic cases. The
base_distro is still available and is used when a specific distro needs
a customization but if the differences are purely rpm vs deb, then the
base_package_type can be used.
Change-Id: I8d720bb185df65a0178061ccf20b1ab2265da2c5
qemu-kvm-ev was used with centos,
in case of rhel when you have
access to the virtualisation related channels qemu-kvm pulls
qemu-kvm-rhev which is the recommended one.
qemu-kvm-ev was referenced by devstack long time ago,
but the explicit package install on rhel family today
is qemu-kvm and not qemu-kvm-ev.
I am unsure about the other distros, so just changing rhel.
Change-Id: If6d1e0367730fa80284395be33674a7cd1465389
These packages produce a warning during the installation, we should
switch to their new names, usually to be specific about their use of
python2.
Change-Id: I0a80e822f64222d9a32aabd1fd834bcf794d6320
Ubuntu 18.04 has been released. We need upgrade to it this cycle.
Changes made in this patch
- Bump ubuntu repo from xenial to bionic. Some repos do not have bionic
packages, so still using xenial repos.
- Drop mariadb, percona and nfs-ganesha repo, because these packages are
already provided by Ubuntu official repo.
- Since qdrouterd does not have bionic repo and xenial packages does not
work on Ubuntu bionic, just add it into ignore image list.
- Use python-rtslib-fb and targetcli-fb rather than python-rtslib
and targetcli
- use xen-utils package name rather than with package version one.
- Seems unsigned repo won't work on Ubuntu bionic, stop using infra
mirrored unsigned repo in gate building job.
Needed-By: https://review.openstack.org/568728
Implement blueprint: ubuntu-bionic
Change-Id: I4e3b0ca669cfbf6316bf591f2d8428fa1a0d6182
Neutron and Cinder base images doesn't include the necessary
vmware libs. If we enable vmware nsx (nsxv or dvs) we need those
libraries to be available.
Closes-Bug: #1730662
Change-Id: I94005728fbce8320d7cf9d3b746978d8c7634ed5
targetcli tool will be used by kolla-k8s's iscsi-target microservice
to save and restore lioadm targets.
Change-Id: I7c38d814c5d1dd336d7199c41b77d63b06a4989b