This is installed for the base images in the dependent change
Depends-On: https://review.opendev.org/716788
Change-Id: Ic6ae3c5406fc0efd7fff1875459dfab85b4f702c
There are no libselinux bindings for Python 2 on CentOS 8 [1]. The
Python 3 packages are there as part of the base install.
These are required for Ansible to run correctly. We will need to set
ansible_python_interpreter to python3 for CentOS 8 until
auto-detection is complete with [2].
[1] https://bugs.centos.org/view.php?id=16458
[2] https://review.opendev.org/682797
Change-Id: I52eef3069fa8699cc72b423d476c92b339600c23
Currently ZUUL_USER_SSH_PUBLIC_KEY must be a key file, but
there is no change to create the key file, so it not convenient
for building a image with diskimage-builder, this patch makes
it possible to set ssh public key through ZUUL_USER_SSH_PUBLIC_KEY
in envirement(e.g. diskimage configuration in nodepool.yaml ).
Change-Id: I83ef3d2e5ff5c3951ecf7036c46d0d8a68871e0c
Signed-off-by: shangxdy <shang.xiaodong@zte.com.cn>
There is no jenkins, only zuul! With zuulv3 running in production,
there is no more need to add jenkins user or scripts to our images.
Move chmod of /opt/cache/files from
nodepool/elements/jenkins-slave/install.d/20-jenkins-slave to
nodepool/elements/zuul-worker/install.d/60-zuul-worker
We also leave the jenkins-slave elements for now, in case 3rd party CI
use them.
Change-Id: Ia9750877fbc1a17ec467ca4ac685afdb9c1627f8
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
We use paths relative to the current user's homedir to find the location
of the cached files for devstack. Unfortunately we only set up the
symlink for that in Jenkins' homedir and not Zuul's. Update that so
either user can find the cache.
Change-Id: Iff9bcb9700ad5eab36cf8c42d5b6c145dee342b5
Old legacy jobs will continue to want tocheck that the test user isn't
using sudo if sudo has been disabled. Add a zuul version of the checker
script and update the sudo rules to allow the zuul user to run it.
Change-Id: I10720cdec309dc8418b6cf7e9badf9a04aa8e98e
Default pkg-map to empty packages, and opt-in for each distro. This
fixes fedora builds.
Change-Id: Ic077eb39c6ad331dabe905773784a027d736ccaa
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Lets use zuul-worker element to install more ansible task
dependencies.
Change-Id: Icea27d0de8fce1275f5008e336f7b6711f353913
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Not all distros - like openSUSE - create a separate group for each user.
Be explicit when creating zuul user like in
nodepool/elements/jenkins-slave/install.d/20-jenkins-slave.
Code later assumes that user and group are both named zuul, so we need
to set the specific zuul group.
Also, set /bin/bash as root shell following a similar change for
jenkins done in Ic671b7c5344a1e7980bede88bee730b50764e60b to keep these
two invocations in sync.
Change-Id: Iec8de3c0799aa023ace8f172f84bf8a137d0967b
stackviz: In general newer openSUSE distributions switched to nodejs6 LTS,
but Leap 42.2 is still on 4.x.
zuul-worker: No need for libselinux enablement in openSUSE
puppet: cleanup the puppet repo that got added in the install_puppet.sh
code part
Change-Id: If7bf3c799ebb74aeb36c4b1b607b0454993f0ed6
This commit adds Gentoo support to elements needed to build a Gentoo
nodepool image. The previous version of this commit had the default
section of the pkg-map in the wrong area, specifically in the following
file.
nodepool/elements/infra-package-needs/pkg-map
Change-Id: Ic686c325bc06564585a2e3ac50cadd7556612333
Our images have failed to build for the last 3 days, reverting until we can debug.
This reverts commit 4c515e2073.
Change-Id: I2e653bcd8a30a85ea46a9861bdf9f95413a76f64
This commit adds Gentoo support to elements needed to build a Gentoo
nodepool image.
Change-Id: I2ceeb915748a11d8e729069566e722a3fe30ba99
Signed-off-by: Matthew Thode <mthode@mthode.org>
The devuser element is designed to add a single development user and
manage their keys. Any local use of devuser by a developer thus
silently conflicts with zuul-worker.
Additionally, this is currently tacitly taking the public-key from
~/.ssh/id_rsa.pub -- i.e. the public key of the currently building
user. Mixing permissions from the builder into the final-image makes
sense for a development-user case, but not for deploying worker
accounts.
This simply creates the worker account by hand, which is easy enough.
To maintain the status-quo we still source ~/.ssh/id_rsa.pub by
default, but provide a documented flag to override this.
Change-Id: Ic9c9e415c158ad1f057b8d2aa2776dbe2bbd1e47
Now that zuulv2.5 has landed, we can start building our DIBs using the
new zuul-worker element. As part of the jenkins clean up, we'll
eventually be removing all things jenkins from our puppet manifests.
As we move forward, we'll be using DIB to bootstrap our zuul-workers
over puppet.
Change-Id: I0e76931fdb4ca0c7445b1e72dc348f0cf03eaee5
Depends-On: Idb4ef11576671180060fb5b2b1202f9bfec5fd47
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Ian Wienand