Fixes a hypothetical security issue related to privilege escalation via
rootwrap/privsep. A potential vulnerable service could previously allow
writes to its rootwrap/privsep config and thus allow for more commands
to be run with root privileges via rootwrap/privsep. For a succesful
attack, this would also require the service to allow to run arbitrary
commands via rootwrap/privsep. Thus far, no such vulnerabilities have
been reported and thus this fix is simply strengthening the container
images against such an issue in the future.
Change-Id: I92c81c77e6a16570a108cde8031f7977930fb02a
Closes-Bug: #1874298
OpenStack 'zed' requires Python 3.8+ so RHEL 8 family has to go.
This changeset moves to CentOS Stream 9 while move to RockyLinux 9 is
planned as final solution.
CI moved to CentOS Stream 9 nodes.
Depends-on: https://review.opendev.org/c/openstack/kolla-ansible/+/839715
Change-Id: I113b9984294cf8663d3fc0c8840320e1d40ea731
Explicitly set the permissions on the kolla-toolbox kolla_extend_start
file. Also, since all extend_start files are sourced rather than
executed, the executable bits are now cleared throughout the project.
Change-Id: I5c2deb4a2e33575d57c852089f856a9acc6818d0
Since CentOS Linux 8 repository retirement from
CentOS mirrors - we need to use CentOS Stream 8
version of Opstools repo.
Listed below packages are missing from the repo,
and according to the maintainer dpdk_telemetry is
not going to show up at all (it's basically dead).
The rest of the packages might show up at a later
stage - but it's not a priority for the maintainer.
- collectd-dpdk_telemetry
- collectd-libpod-stats
- collectd-sensubility
- python3-sqlalchemy-collectd
Change-Id: I5f446fc276e245c1e6974ceeb6ff3dccd84ee502
We do not test support for ppc64le on CI or other systems.
In previous cycles it was used by TripleO and now they have own way.
Change-Id: Ibd955869a6f9485dfa4d08a8ad2f4b28b7d59c15
This patch adds the installation of collectd-libpod-stats as part of the
collectd image. The package is available in the centos-opstools repo.
Collectd-libpod-stats monitors resource usage of running containers on a
host, specifically those managed by the libpod library.
Upstream: https://github.com/pleimer/collectd-libpod-stats
Change-Id: I12efbaae9c0795f29c2f68158127509fd1b543b0
Signed-off-by: pleimer <pfbleimer@gmail.com>
'messaging-rabbitmq' and 'opstools' are enabled by RDO
delorean-deps.repo file
'influxdb' was also enabled
Depends-On: https://review.opendev.org/728687
Change-Id: Ibb0a7edc9e5632c1b89a7d52601f55a223b49dfb
Removes and/or replaces all mentions of py27.
Cleans up obsolete requirements and their lower-constraints.
Change-Id: Id43f1bbd6a454832ab8dbf003a058403f6b34b5d
With the move to RHEL/CentOS 8 we no longer have Python 2 in our images
so there is no need for checking which Python version (2.x or 3.x) is
used inside of containers.
We also no longer have to support yum as a value for
distro_package_manager.
Partially-Implements: blueprint centos-rhel-8
Change-Id: Ie45cf3465fedddbde7856961527421883ba3d5c9
The collectd pcie-errors plugin fails to build on s390 on
big endian, ppc64le is fine. For those building containers
on s390x, this patch removes a downstream patch.
Change-Id: I71008f690fcb04289451efa819b5e7f6d81cf99f
Adds collectd-dpdk_telemetry and collectd-logparser packages
to collectd RHEL-based image. dpdk_telemetry plugin collects DPDK
ethernet device metrics via dpdk_telemetry library. Logparser is
plugin for filtering and parsing log messages.
Change-Id: I0c7c94e9fae9d11660f938b8d7d6be0f270c972f
The pcie_errors plugin collects PCI Express errors from Device Status in
Capability structure and from Advanced Error Reporting Extended Capability
where available.
Change-Id: I9c600570dd2166e865878e7c2584a8377a795a43
The intel_pmu plugin collects performance counters data
on Intel CPUs using Linux perf interface.
C7 only - C8 packaging still pending.
Change-Id: If5044346a90580c4051d6138a84ce10238807460
Our images use 'scsi-target-utils' from EPEL and then can be built
without it. So let's disable this repository right after installing
package from it.
Images can enable EPEL with 'enable_extra_repos' macro.
Also added 'disable_extra_repos' macro as we have some images in a need.
Change-Id: Id70474e7602b531b63fdc11ae690fd9ed33def74
This patch add installation of collectd-sensubility as part of collectd image.
The package is available in centos-release-opstools repo.
Collectd-sensubility aims provide possibility to switch from Sensu based
availability monitoring solution to monitoring solution based on
collectd with AMQP-1.0 messaging bus.
Upstream is here: https://github.com/paramite/collectd-sensubility
Change-Id: I22a26374ee00e93b4f52ec0c4f1152ca1ad777e6
sqlalchemy-collectd was added in
I2bcaa44c184bb24e5caeeb8d204dda627de59c91, however it also must
be installed alongside anywhere that python-sqlalchemy is installed
since it provides an in-process plugin that transmits metrics
to a remote collectd daemon.
Also adds the python3 version of the package to the py3 version of
the collecd/Dockerfile.j2.
Note this is currently an *RPM only* package, and as of this
commit is not yet availble for other packaging systems.
Change-Id: If598da717653a383a2d3b3373c56517f8bca832f
RDO is currently working on python3 support for the next version of
CentOS/RHEL based systems. This package uses the distro_python3 flag
that was added as part of I4028991bad92c0e8e21066cc4173c06ce5eba393 to
use the python3 specific package names. This change only adds python3
package names for RHEL systems.
Conflicts-With: https://review.openstack.org/#/c/636457/
Change-Id: Iad6b70b433a0dd1b0f8ae6790fd280594517661a
Related-Blueprint: python3-support
This change updates the docker files to use base_package_type instead
of doing specific distro checks for the rhel/deb generic cases. The
base_distro is still available and is used when a specific distro needs
a customization but if the differences are purely rpm vs deb, then the
base_package_type can be used.
Change-Id: I8d720bb185df65a0178061ccf20b1ab2265da2c5
The plugin collectd-ceilometer-plugin has been replaced by
collectd-openstack-plugin, which is not packaged yet.
Change-Id: I851f6e6a6d8311351549f1d97ba2257f7a9c7feb
This enables to send metrics and events to AMQP 1.0.
write_prometheus provides an exporter to be scraped by
prometheus.
Change-Id: Ibd3bc04f3cedbcf3e029579877f60e90eb7081e1
Receives and handles queries from SNMP master agent and returns the data
collected by read plugins. Handles requests only for OIDs specified in
configuration file. To handle SNMP queries the plugin gets data from
collectd and translates requested values from collectd's internal format
to SNMP format.
Change-Id: I97fd12ccee9f546416111e0589f5d770119923af
The collectd-turbotstat is already installed for all arch.
This change removes the duplicates package name.
Change-Id: Iead82aad067353ddd822dfc15f54edfb313b7054
Package collectd-utils is required to get colectdctl tool,
which can be then used in container healthcheck script.
Change-Id: I178809f7419dafc409b4a247dd440c5dcf4426bf
The intel_rdt plugin collects information provided by monitoring
features of Intel Resource Director Technology (Intel(R) RDT) like
Cache Monitoring Technology (CMT), Memory Bandwidth Monitoring (MBM).
These features provide information about utilization of shared resources.
Change-Id: Ia7c9badd6c93ad0de565442ccd9fbf8561003c9f
to be able to display statistics from ovs
ovs_events can be used to get notified by events generated by
ovs.
Change-Id: Ifb2e4dd30c88e85d368f359be23e30814d26515f
Since collectd exists in both centos-opstools and also in
EPEL, we disable EPEL for collectd building.
Change-Id: I2428aea0265b1dcd050f63ea3949c112407d5d04