This commit adds the ironic-prometheus-exporter, following the
conventions used by the previously integrated exporters. '[The] Ironic
Prometheus Exporter is a Tool to expose hardware sensor data in the
Prometheus format through an HTTP endpoint.'[0]
[0] https://opendev.org/openstack/ironic-prometheus-exporter
Change-Id: If833f1f4a33c27cdc941dcc7cd5bbb06b26e1eaf
The ipxe package in Ubuntu Jammy includes snponly.efi [1]. Remove code
to handle Focal in which snponly.efi is absent from the ipxe package.
[1] https://packages.ubuntu.com/jammy/all/ipxe/filelist
Change-Id: I5f494de36e6400b5486c1fb786b73c9e1512a046
Fixes a hypothetical security issue related to privilege escalation via
rootwrap/privsep. A potential vulnerable service could previously allow
writes to its rootwrap/privsep config and thus allow for more commands
to be run with root privileges via rootwrap/privsep. For a succesful
attack, this would also require the service to allow to run arbitrary
commands via rootwrap/privsep. Thus far, no such vulnerabilities have
been reported and thus this fix is simply strengthening the container
images against such an issue in the future.
Change-Id: I92c81c77e6a16570a108cde8031f7977930fb02a
Closes-Bug: #1874298
Tim Shearer started it in 1d96a2bbe1.
Since all extend_start files are sourced rather than executed, the executable
bits are now cleared throughout the project.
Change-Id: Ia1797c32fc6a35f9f077c673abf4d8e16e51a760
As we have one type of images now some RUN calls could be merged so we
will have less layers in resulting images.
Change-Id: I5178c58fbd8c65efe825dc249c0f1368ef0fe8e0
Explicitly set the permissions on the kolla-toolbox kolla_extend_start
file. Also, since all extend_start files are sourced rather than
executed, the executable bits are now cleared throughout the project.
Change-Id: I5c2deb4a2e33575d57c852089f856a9acc6818d0
Big patch drops all mentions of binary images support. Suggestions are
welcome how to split it into parts or handle better.
Change-Id: I5d5a46c6ce7734ceb8b844e17b43e359d7cac6e3
This is needed to support PXE and iPXE at the same time. We will move
/tftpboot and /httpboot to /var/lib/ironic/. With these paths
configurable via an environment variable, we can support a clean
transition.
This patch also cleans up pxelinux part, making it
analogous to grub and ipxe parts.
RHEL leftover mention is removed.
Co-Authored-By: Radosław Piliszek <radoslaw.piliszek@gmail.com>
Needed-By: https://review.opendev.org/c/openstack/kolla-ansible/+/832159
Change-Id: I1ae81217c8bbf606c903c8009a372662ca3ab08c
When using Ironic with UEFI boot mode and iPXE booting, nodes will
attempt to chainload iPXE using a Network Boot Program (NBP). This is
configured in Ironic via [pxe] uefi_ipxe_bootfile_name, and the default
since Xena is snponly.efi. In Wallaby and earlier releases, the default
was ipxe.efi. These files need to be available in the /tftpboot
directory of the ironic-pxe image.
The current default of snponly.efi was not present for any supported
distros. ipxe.efi was present for Debian/Ubuntu but not CentOS, which
appends the architecture to the filename (e.g. ipxe-x86_64.efi).
This change ensures that both ipxe.efi and snponly.efi exist in
/tftpboot for all supported distributions, ensuring that both the
current and previous Ironic defaults should work. Where these files have
different names, we use symlinks to allow for any deployers overriding
the filenames in configuration.
Closes-Bug: #1959203
Change-Id: I79e78dca550262fc86b092a036f9ea96b214ab48
Use distro provided GRUB efi instead of creating it like ironic GRUB
setup doc[1]. This avoids below ubuntu ironic-python-agent images PXE
booting failure.
----------
error: invalid magic number.
error: you need to load the kernel first.
Press any key to continue...
----------
This also fixes x86_64 uefi pxe booting issue by setting up GRUB efi
for x86_64.
Besides, GRUB setup only needs to do once at bootstrap stage.
[1]:
https://docs.openstack.org/ironic/train/install/configure-pxe.html#uefi-pxe-GRUB-setup
Closes-Bug: #1879265
Change-Id: I8be5bdf5f1a62751aefe6bd0959e8f558fcfe591
We do not test support for ppc64le on CI or other systems.
In previous cycles it was used by TripleO and now they have own way.
Change-Id: Ibd955869a6f9485dfa4d08a8ad2f4b28b7d59c15
grub2-efi-aa64-modules ships in RHEL and CentOS on all GRUB
architectures (x86_64, ppc64le, aarch64, but not s390x), and therefore
can be used on any of them to support heterogeneous clusters with AArch64.
Change-Id: Icf7e7bfddec89c4aec89410884480539b6bbfd74
This patch modifies the Dockerfile for both the Ironic API and
Inspector so that the 'root' user executes the container setup scripts.
This enables the container httpd configuration script to execute.
Change-Id: I02b58ac571cd4eb3b9d4a814fe0cb907a3564e23
Refactor installing and initial setup of httpd and mod wsgi from
individual services to base image.
Change-Id: I651a55a9ebe258ef403d33de010a4dfb368a4021
This change modifies the ironic base container
to copy rootwarp filters from the virtual
env rather than the source code directory. This
is need because some required filters have
been moved to ironic-lib and are not present in
the /ironic dir. The rootwrap filters are not
automitaclly installed in /etc/... due to kolla
use of virtual envs and https://github.com/pypa/wheel/issues/92
Closes-Bug: #1886663
Change-Id: Idb0a675d92bab8b9a0cf5209f0a06e996e96033c
With the move to RHEL/CentOS 8 we no longer have Python 2 in our images
so there is no need for checking which Python version (2.x or 3.x) is
used inside of containers.
We also no longer have to support yum as a value for
distro_package_manager.
Partially-Implements: blueprint centos-rhel-8
Change-Id: Ie45cf3465fedddbde7856961527421883ba3d5c9
The disable_extra_repos macro accepts a list as its only argument. We
were calling it like this to disable EPEL:
disable_extra_repos('epel')
The macro interpreted this as a request to disable three repos, e, p, l.
Thanks Python! Type validation to be improved separately.
Additionally, on CentOS 8 the EPEL repository was not included in the
repository mapping file, repos.yaml. There is also another EPEL
repository on CentOS 8, epel-modular, which is enabled by default after
installing epel-release.
This change adds mappings for epel and epel-modular repos to repos.yaml,
and fixes the disabling of epel in the base image, as well as disabling
epel-modular.
There are some cases where EPEL is still used (it seemed a bit too
easy...), and the repository has been enabled for these images:
* bifrost-base (nginx)
* ironic-conductor (C7 only, shellinabox)
* freezer-base (C7 only, trickle)
* gnocchi-base (C8 binary only, python3-boto3)
* mariadb (pv)
* mongodb (C7 only, mongodb)
* nova-spicehtml5proxy (C7 only, spice-html5)
* telegraf (C7 only, python2-pip)
A few other things were changed:
* ironic-conductor does not require the ceph repo
* python3-pika is no longer installed in the openstack-base image
Related: blueprint remove-epel
Change-Id: I3761825239dfc462072383cde6276c4fb3e1bf12
CentOS 7 had ipxe.efi. CentOS 8 has ipxe-i386.efi and ipxe-x86_64.efi.
Use a wildcard to copy any of these that are present.
Change-Id: I6d409e56b424a039f5aff9af86ca1b026c2c6286
Partially-Implements: blueprint centos-rhel-8
When doing a source install, ironic doesn't have python3-systemd as a
dependency and the current ironic-conductor container doesn't install
the required dependencies which causes the ansible deploy interface to
fail with the error, "Systemd bindings do not exist". This adds the
needed dependencies when doing a source build. This installs the needed
files for both rpm and deb builds on python 2.x and 3.x.
Change-Id: I5d1bcb0f7d7902b4e122c12697483433bcf52ca2
Closes-Bug: #1861427
shellinabox is used by ironic-conductor to provide a browser-based shell
to access the consoles of nodes. It is not used by all console drivers,
and is not used in the integration with nova serial consoles.
The package was previously installed from EPEL7, but is not currently
provided by EPEL8.
This change removes the package to allow the ironic-conductor image to
build.
Change-Id: I210d9fddd6948dab1feb5abf59a50bce86f21f0f
Partially-Implements: blueprint centos-rhel-8
* Some further changes for python2 vs python3 packages
* Allow rabbitmq 3.7.*, since a newer erlang is available
* Switch from qemu-img-ev to qemu-img on CentOS 8
* bridge-utils no longer available on CentOS 8
* libvirt-daemon-driver-lxc no longer available on CentOS 8
* Mark some more images buildable for CentOS 8
Change-Id: Iaf5b68ff6d944ae730ca0b1d5832172c106a6c08
Partially-Implements: blueprint centos-rhel-8
Partially-Implements: blueprint centos-rhel-python-3
All Apache httpd setup has been moved to a new helper script,
kolla_httpd_setup. This includes the existing clean of /run/httpd,
/var/run/httpd, /tmp/httpd etc.
Horizon has an additional bit of Apache config for Debian/binary, which
has been kept in extend_start.sh for horizon.
Change-Id: Ia2af74b69c151db0bd7e452460b0babcee50b282
Related: blueprint centos-rhel-8
Disable external repositories by default and enable only when needed.
Depends-on: https://review.opendev.org/696480
Implements: blueprint repos-off-by-default
Change-Id: Icf2a8397a8349e0fe849d88d160409fd234480a9
backport: Stein
During the switch to Stein UCA, we did not switch all packages to python
3 for Debian/Ubuntu binary images. This change switches some more of
those packages.
Change-Id: I0bff21384d88ea678608392de2db1ba418c96665
Co-Authored-By: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Commit 43b74ccc15 enabled use of Python 3
based packages but not switched to use Python 3.
Some of images still contain Python 2. There are two reasons:
- Ceph (ceph-common depends on Py2)
- python3-ldappool on Ubuntu 18.04
In Ceph situation Py3 packages were added. For second one we can not do
anything - Py2 dependency got dropped in Ubuntu 18.10 version.
Removed neutron-server-plugin-networking-infoblox due to being not
maintained. Once https://review.opendev.org/#/c/657578/ get merged
someone may revert that part.
Implements: blueprint debian-ubuntu-python3
Depends-on: Ie2a1077f7def0743f1403341985e2109aa490026
Change-Id: Ibfe0c2b8be98db56c61f74fb0247488ab3749ef4
Ubuntu/source deployment of several images (horizon, placement-api, zun)
failed with:
+ exec /usr/sbin/apache2 -DFOREGROUND
apache2: Syntax error on line 80 of /etc/apache2/apache2.conf: DefaultRuntimeDir must be a valid directory, absolute or relative to ServerRoot
Change-Id: Ie2a1077f7def0743f1403341985e2109aa490026
Rather than specify ansible-python3 or ansible, we can try the virtual
package for the python specific version of ansible.
Change-Id: I246edfaf8cc0ee12852c18c6f9027e48880797a4
RDO is currently working on python3 support for the next version of
CentOS/RHEL based systems. This package uses the distro_python3 flag
that was added as part of I4028991bad92c0e8e21066cc4173c06ce5eba393 to
use the python3 specific package names. This change only adds python3
package names for RHEL systems.
Conflicts-With: https://review.openstack.org/#/c/636457/
Change-Id: Iad6b70b433a0dd1b0f8ae6790fd280594517661a
Related-Blueprint: python3-support
Both Ubuntu Stein UCA and Debian 'buster' migrated their OpenStack
packages to Python 3.
Note that Debian 'buster' is not released yet and contains Rocky
packages. Stein ones will be available later.
Co-Authored-By: Lee Yarwood <lyarwood@redhat.com>
Co-Authored-By: Eduardo Gonzalez <dabarren@gmail.com>
Change-Id: I160f79cc57f54ec3eac857c5babd1a6e2656d228
This change updates the docker files to use base_package_type instead
of doing specific distro checks for the rhel/deb generic cases. The
base_distro is still available and is used when a specific distro needs
a customization but if the differences are purely rpm vs deb, then the
base_package_type can be used.
Change-Id: I8d720bb185df65a0178061ccf20b1ab2265da2c5
qemu-kvm-ev was used with centos,
in case of rhel when you have
access to the virtualisation related channels qemu-kvm pulls
qemu-kvm-rhev which is the recommended one.
qemu-kvm-ev was referenced by devstack long time ago,
but the explicit package install on rhel family today
is qemu-kvm and not qemu-kvm-ev.
I am unsure about the other distros, so just changing rhel.
Change-Id: If6d1e0367730fa80284395be33674a7cd1465389
These packages produce a warning during the installation, we should
switch to their new names, usually to be specific about their use of
python2.
Change-Id: I0a80e822f64222d9a32aabd1fd834bcf794d6320
This allows you to chainload iPXE from a standard PXE
environment.
As the PXE container already has apache installed, we
now have everything we need to support iPXE booting.
Change-Id: Ide32dc1910e9f8b3ff875238648726f719e271b2
Implements: blueprint ironic-ipxe