* Update ansible-role-tripleo-modify-image from branch 'master'
to cbf9d36df6cf675b958a2504e319e6403cacf2df
- Retire Tripleo: remove repo content
TripleO project is retiring
- https://review.opendev.org/c/openstack/governance/+/905145
this commit remove the content of this project repo
Change-Id: Ib5a8155d76652044701ae05e5dbcc7078f41d863
* Update ansible-role-tripleo-modify-image from branch 'master'
to b6eedb6fb194ec32b92866257131714e02bae741
- Ensure update_yum.sh has correct SELinux labels
On recent, enforcing systems, the update_yum.sh can't be executed,
because SELinux prevents container_t to open user_tmp_t:
type=AVC msg=audit(1674049913.380:22858): avc: denied { open } for
pid=70472 comm="bash" path="/tmp/yum_update.sh" dev="vda4" ino=218200014
scontext=system_u:system_r:container_t:s0:c65,c705
tcontext=unconfined_u:object_r:user_tmp_t:s0
tclass=file permissive=0
This patch ensures it gets properly relabelled when bind-mounted during
the image build. Using the "z" will also ensure it's still usable even
when running multiple builds at the same time.
Change-Id: I4085865965f48c9fa6a88cde7010a51cd8c653d8
* Update ansible-role-tripleo-modify-image from branch 'master'
to aaa89b23c7215764bd3fa851e5ec4451d699c369
- Merge "Add some notes about SELinux and limitations"
- Add some notes about SELinux and limitations
With newer podman and container-selinux, we may face some issues
depending on where directories are located. The way we're running the
role is also important - being launched as root or as a user makes a big
difference, especially with the user's home content.
It also updates the setup.cfg content to match new format requirements
Change-Id: Ib2b7fd2f557d4743efd2eaca18474fb45b91cbcf
* Update ansible-role-tripleo-modify-image from branch 'master'
to c9831b59fd1539c21ffa047b23557a1733b6c041
- Disable setup.py auto discovery
Tripleo-ci jobs are broken after latest release of setuptools 61.0
because of breaking changes which are not backwork compatible,
details in related bug and [1].
[1] https://github.com/pypa/setuptools/issues/3197
Related-Bug: #1966382
Change-Id: Id60e8bc882f6c7944f89333fb539f6800ef43725
* Update ansible-role-tripleo-modify-image from branch 'master'
to 30d23d5152cfb9b1f79ba6a65b4d6a62e86b98f1
- Merge "Move zuul jobs layout to centos9 only for master branch"
- Move zuul jobs layout to centos9 only for master branch
See topic branch [1] for related reviews.
[1] https://review.opendev.org/q/topic:c8_teardown_master
Depends-On: https://review.opendev.org/c/openstack/tripleo-ci/+/826317
Change-Id: I6b49ef5639b092166f171a43f3587ae83332c881
* Update ansible-role-tripleo-modify-image from branch 'master'
to 0b9fdccb8b3232fbc65f84c3aae25780f21f13b4
- Remove config of container_build_tool
Because there is no docker supported anymore, remove all custom
config of "container_build_tool", only "buildah" is supported.
Change-Id: I57720cc1d7da96f9277b62298cabce9ff7765f47
* Update ansible-role-tripleo-modify-image from branch 'master'
to 81ca6b4dc0efed7e7a5d12fc64b41af4720c82b1
- Remove docker modules from the role
Remove docker modules usage from the role since we
use buildah/podman everywhere.
Change-Id: Ic2a46c0a55781041016f42bdc1af686055af9fa2
* Update ansible-role-tripleo-modify-image from branch 'master'
to e4c84adc36e4aadee6188778d616a39e7d9bb8f5
- Extract updated rpms from buildah images
When a gating, component or delorean current repo
is present, containers should be updated with
the latest rpms.
This review checks the installed rpms and
greps for the repos where the updated rpms
are sourced.
Change-Id: Ie29c7c33c8d66bc3729c03c2d72cbdbf85ad443a
* Update ansible-role-tripleo-modify-image from branch 'master'
to b304c8979c1bf911fc15caac646c1b80d2c72bd5
- Only mount /etc/{{ pkg_mgr_suffix }}/vars if it exists
/etc/{{ pkg_mgr_suffix }}/vars exists on stream and
some other platforms but is missing from RHEL 8.x.
This patch checks that that directory exists first
before mounting it.
Change-Id: I048434b38eb1d6b1c83a89d90e01f71d467d7fb7
* Update ansible-role-tripleo-modify-image from branch 'master'
to 2c53d70612d7f9f30e6a315812d95ded0417cfbb
- Use dnf/yum vars based on what is available
With [1] it used yum/vars but in CentOS8-Stream
that is not available, so detect and use dnf or yum
vars.
Closes-Bug: #1927302
Change-Id: Idda53d1b68b97e5bb65314b1e07d507736932531
* Update ansible-role-tripleo-modify-image from branch 'master'
to 6ee663848e1f433cf5a59beee41b0ac29bb095b0
- Merge "Mount yum/vars along with yum repos"
- Mount yum/vars along with yum repos
Since repos may rely on yum vars, it's required
to mount yum/vars along with yum repos.
Container builds already mount yum/vars along
with yum yum. Molecule jobs also adding it with [1].
Since the repo is branchless and used in CentOS7 too,
so using yum/vars instead of dnf/vars.
[1] https://review.opendev.org/c/openstack/tripleo-ansible/+/787423
Change-Id: I36f175d97a86d4221b09dadf62f64a16b5c527e2
* Update ansible-role-tripleo-modify-image from branch 'master'
to 38691f5ef4a5949fc4f70bed6e5eec9a0fa50104
- Merge "Fix git lookup"
- Fix git lookup
In CentOS8, git-core is the package instead of just git.
Depends-On: https://review.opendev.org/c/openstack/tripleo-common/+/786053
Change-Id: I5746a7230f307e59d93401372033ae45a65ba191
* Update ansible-role-tripleo-modify-image from branch 'master'
to 12655c7e732c15ce9ab69d779086fa8afca59830
- Replace deprecated UPPER_CONSTRAINTS_FILE variable
UPPER_CONSTRAINTS_FILE is deprecated and TOX_CONSTRAINTS_FILE is
the new environment variable name that replaces it [1].
This allows to use upper-constraints file as more
readable way instead of UPPER_CONSTRAINTS_FILE=<lower-constraints file>.
[1] https://zuul-ci.org/docs/zuul-jobs/python-roles.html#rolevar-tox.tox_constraints_file
[2] https://review.opendev.org/#/c/722814/
Change-Id: I089ea79398f71bd841992eacfd088d831ce0d085
* Update ansible-role-tripleo-modify-image from branch 'master'
- Migrate to content provider jobs/templates
This change migrate c8 jobs/templates to content provider
jos so consumer jobs can use resources built by provider
jobs.
Change-Id: I17a40cbf6fb978bec17ab21fb2296ad3db46b6b3
Signed-off-by: Amol Kahat <amolkahat@gmail.com>
* Update ansible-role-tripleo-modify-image from branch 'master'
- Port jobs from centos7 to centos8
All the tripleo-ci jobs running on greater than train branch should run
on Centos8 only. Porting of this job was skipped earlier.
This change ports train jobs from centos7 to centos8.
Change-Id: I1eb2954ffcc582117b27fa3cf4d3fac4789d01b0
Signed-off-by: Bhagyashri Shewale <bshewale@redhat.com>
* Update ansible-role-tripleo-modify-image from branch 'master'
- rpm_install: return 0 if package was already installed
Currently, if the package was already installed, the script would return
2, or 6 or the package would be upgraded.
It causes the script to fail (we use set -e); so to avoid that we added
--replacepkgs --replacefiles and --oldpackage arguments to rpm.
- Install the packages even if some of them are already installed on
this system.
- Install the packages even if they replace files from other, already
installed, packages.
- Allow an upgrade to replace a newer package with an older one.
Change-Id: I8391e02456a304d4e29256cbbf5433879c6c42b1
* Update ansible-role-tripleo-modify-image from branch 'master'
- Add retries on image pull ahead of updating
We are seeing occasional failures to pull due to intermittent registry
errors downstream. A retry should help to avoid the whole update
failing because of this.
Change-Id: Ib9415e46a52cc6ad6459ec3f170d7e23aa9aca03
* Update ansible-role-tripleo-modify-image from branch 'master'
- Fix become and remote_src when modifying an image
This change updates the copy task to assume the source is remote. This
will allow the module to use any path provided and not assume the file
is within the relative path from the role.
The become jinja used in the task "Modify image from {{ modify_dir_path }}"
was attempting to match on the full command executed, which would always
evaluate to `false`. This change corrects the condition so that it can
evaluate to true, when "buildah" is used.
Change-Id: I348dbf91b5f2e0dcdfeffd336782c24499d7a569
Signed-off-by: Kevin Carter <kecarter@redhat.com>
* Update ansible-role-tripleo-modify-image from branch 'master'
- Add double quotes around the printf statements in yum_update.sh
This is consistent with the other printf statements in the file. This
keeps the sorted data with the newlines as they are, and avoids
breaking down the data again. Otherwise, the sorting order can be
altered which breaks comm comparison and causes the "Run yum_update.sh"
task to fail with the following error:
"stderr_lines": [
"comm: file 2 is not in sorted order",
"error while running runtime: exit status 1"
],
This is particularly important for the $available variable which
contains the repoquery output, often very large and with unusual
characters. The error happens consistently when including RHEL 7 server
repos or RHEL 8 BaseOS repo and prevents the update from working at
all.
This patch also adds -u when sorting the $available output. Once the
versions are removed with cut, there can be a tremendous amount of
duplication in the data obtained from repoquery. That makes verbose
mode even more difficult to navigate when debugging.
Change-Id: Id64a8c2e395de28945d5d6b4370c44b80392e543
* Update ansible-role-tripleo-modify-image from branch 'master'
- Ensure the yum cache has at most one writer
If the yum cache path exists and already mounted by someone,
do not attempt writing to it, use the overlay mode instead.
This still leaves a window of opportunity for another workers to
RW mount the cache after the ansible check has reported a stale
fact about there was no other mounts found. But this is unlikely
to happen.
Also, if it has to be retried in the rescue block, do not use the yum
cache for the maximum data safety and clean (a scratch) cache state
reasons.
This drastically reduces chances to have multiple writers for the
cache.
Closes-bug: #1860804
Change-Id: I19491a162e5bf6d6517fd343d675aff12bdc9719
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
* Update ansible-role-tripleo-modify-image from branch 'master'
- Force docker format
The undercloud registry currently doesn't handle OCI formated images
correctly. We need to ensure that when buildah is run, we specify that
we want the docker format until we correctly support the OCI metadata.
Change-Id: Icf1a1c8f3a353239f2d244aa0bc811f8f86f6867
Related-Bug: #1860585
* Update ansible-role-tripleo-modify-image from branch 'master'
- Dockerfile-yum.j2 doesn't copy the RPMs so yum_update.sh fails
After implementing "yum localinstall", a critical part of the
process wasn't merged in the code which consists of copying
the actual RPMs through the Dockerfile-yum.j2 file.
Change-Id: Ifbcaa07bb80dd612e85f0d7cf8d99131fb739c84
Closes-bug: #1860184
* Update ansible-role-tripleo-modify-image from branch 'master'
- Merge "Add the possibility to update packages from local rpms using yum."
- Add the possibility to update packages from local rpms using yum.
This is needed if we want to only update installed packages and not
hit depenency issues encountered when updating packages with rpm_install.sh
Change-Id: I5095d7b04cb10fde1bd82afd1bc406445b7595fd
Closes-bug: #1858837
* Update ansible-role-tripleo-modify-image from branch 'master'
- When updating, set PKG variable to dnf or yum at runtime
When updating RHEL7 containers from a RHEL8-based environment, the
update fails with the following messages:
"stderr": "/tmp/yum_update.sh: line 18: /bin/dnf: No such file or directory",
"stdout": "No packages were found for update...",
This patch reverts the PKG variable assignment to the way it used to be
so that the decision to use dnf or yum is made at runtime, within the
container.
Change-Id: I6a248b5277efd8707fc744292075949d94e3a05f
* Update ansible-role-tripleo-modify-image from branch 'master'
- Merge "Mount /etc/pki during buildah yum update for RHUI"
- Mount /etc/pki during buildah yum update for RHUI
In order to make sure RHUI repos works with in a container,
PKI certs dirs needs to be mounted to container so that
RHUI repo solves and download the content.
Related-Bug: #1854685
Change-Id: Id09059559b5c207ef6f604e4bb999528118ae096
Signed-off-by: Chandan Kumar (raukadah) <chkumar@redhat.com>
* Update ansible-role-tripleo-modify-image from branch 'master'
- Use length to avoid unsupported operations with '>'
The dev_install.yaml script breaks when running python 3 because of
unsupported comparisions between 'AnsibleUnsafeText' and 'int' with the
'>' operator.
This is very similar to a bug opened against ansible upstream [0]. We
can fix the issue by using length explicitly, which ensures we're
comparing integers to integers since we're dealing with a list.
[0] https://github.com/ansible/ansible/issues/50388
Change-Id: I100639982b75c9d345269ba9bf10defb7e96d774
* Update ansible-role-tripleo-modify-image from branch 'master'
- fixed and bumped linters
- avoids ansible-lint installation bug
- bumps linters to their current versions
- adds missing passenv which prevented run with SSL proxies
- removes tox environments to ease maintenance, user can use posargs
to run a single linter (hook).
Bug: https://bugs.launchpad.net/tripleo/+bug/1848512
Change-Id: I7657bb829a2928a8310c1758e6934b2f2ddef5c9
* Update ansible-role-tripleo-modify-image from branch 'master'
- Add retires/ignore errors for removing buildah containers
We want to try a best effort to remove the buildah containers but since
it's run with multiple processes we occassionally get layer conflicts.
Let's add a bit of a retry and ultimately skip the error since that was
the previous behavior.
Change-Id: I75a85745aed652a85f4c143c987cd5cccbf31cac
Related-Bug: #1846413
* Update ansible-role-tripleo-modify-image from branch 'master'
- Merge "Enable saving of rpms"
- Enable saving of rpms
We currently map in the cache dir, but it only saves the metadata. The
improvements would come with the rpm saving as well. In order to have
that, we need to set keepcache=1 which is disabled by default. We can
enable this on the command line via --setopt so we don't have to touch
the container yum configuration.
Change-Id: Ia274dbbad9a220e52b2cfa554dede3bf40055f98
* Update ansible-role-tripleo-modify-image from branch 'master'
- Merge "Fix exists check"
- Fix exists check
The |exists is currently deprecated.
[DEPRECATION WARNING]: Using tests as filters is deprecated. Instead of using
`result|exists` use `result is exists`. This feature will be removed in version
2.9. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.
Change-Id: I0c32686062e79142aa5c664a4a42ac590263b64e
* Update ansible-role-tripleo-modify-image from branch 'master'
- Merge "Cleanup buildah working container"
- Cleanup buildah working container
Currently in the yum update output, we see buildah trying to rmi the
image we were working with however it is currently in use. After we
commit our changes we need to cleanup our working container so we can
remove the image we were using (if not used by another process
elsewhere).
Change-Id: I54e37b43346b97be0a7cfab12e6cac9809537c83
* Update ansible-role-tripleo-modify-image from branch 'master'
- Switch to template for yum_update.sh
Followup of [1] which switched to template for
yum_update.sh but missed updating it for
yum_update_docker.yml.
[1] https://review.opendev.org/#/c/683100/
Change-Id: Ibf5c9f0e07ff141a6c879fcda71be8119ae29b38
* Update ansible-role-tripleo-modify-image from branch 'master'
- Merge "Add support for yum caching when buildah updates"
- Add support for yum caching when buildah updates
When yum_cache is set, that directory will be automatically
picked as either the source or destination for the containers
being updated as the following:
* when that host directory is missing (or empty), the container
under update will start populating it, while it gets updated.
That path going to become the lower overlay FS layer for future
use among other containers under concurrent yum update executions.
* when the yum_cache directory exists and is not empty, it will be
bind-mounted as an upper overlay FS layer for other containers under
update. So those can benefit from some of the already prefetched
contents in its yum cache without data races or conflicts when
concurrently accessing the cached data.
Overlaying ensures data safety as each container can only see the lower
layer of the overlay, while storing its local changes on top of it as
an ephemeral. The yum_cache directory existance & non-emptiness facts
act as a single mutex, which only grants a dedicated writing access to
the lower layer to a single "populating" container at a time. This
behavior may be forcefully reset via the force_purge_yum_cache flag.
The container update playbook invoked with it, instantly creates a
new populator and creates a fresh yum cache.
Note that the 100% saturation of the cache is only expected, when the
populating container finishes its execution.
The feature can be used only for buildah in yum update scenarios using
yum or dnf.
Change-Id: I30c6dd12454a0b1781803ab16ef79b5914178114
Related-bug: #1844446
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
* Update ansible-role-tripleo-modify-image from branch 'master'
- Update README examples on yum update/install
Drop compare_host_packages parameter and description from examples
This was dropped some time ago in
c9d085729f62dfcfeeaecccf36c3c0161414afb7
Also highlight that only file repositories will be used in yum update
task
Change-Id: If9942c75ea786304ffe3aa6e28939708f8597ef3
* Update ansible-role-tripleo-modify-image from branch 'master'
- Add docs for updating from local gating repo
Also fix the name of the included role.
Change-Id: Id5f14a2f397a9e63726b6410793304689b4efb62
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
* Update ansible-role-tripleo-modify-image from branch 'master'
- get_original_user: override source_image_facts
See https://github.com/ansible/ansible/issues/15710#issuecomment-216645922
for the context.
So we need to override the source_image_facts in the block to make
sure we can get the image infos later.
Change-Id: Iedef1fa3791342479915cf36a30c18602a402c3f
Closes-Bug: #1836048
* Update ansible-role-tripleo-modify-image from branch 'master'
- Merge "Implement a yum install command"
- Implement a yum install command
Yum update works if you want to update existing packages, but sometimes
you want to install a package that's available via the yum repositories
that is extra. This implements a yum install action similiar to the yum
update action except it takes package names instead of repos to install.
Change-Id: Ia47a1ea9eb51a37f6d75d39c524e97fd4ec94fba
* Update ansible-role-tripleo-modify-image from branch 'master'
- Try downloading the image when inspecting if not available
Currently if you don't have the image on the undercloud, when you try to
run image modify it will fail. Instead of requiring the user
pre-download the image prior to running the image modify script, let's
attempt a pull if the image doesn't exist.
Change-Id: Ib47331197f27c20281ff86b381cde2a2d8b61519
Closes-Bug: #1835219
* Update ansible-role-tripleo-modify-image from branch 'master'
- Merge "Allow devs to modify images with Python directories"
- Allow devs to modify images with Python directories
This will allow dev to update their container images from a local Python
directory, example in /home/joe/git/openstack/heat.
The new parameter python_dir is a list of directories.
To use it, your playbook must be like:
- hosts: localhost
connection: local
tasks:
- name: dev install heat-api
import_role:
name: tripleo-modify-image
vars:
tasks_from: dev_install.yml
source_image: docker.io/tripleomaster/centos-binary-heat-api:current-tripleo
modified_append_tag: -devel
python_dir:
- /home/joe/git/openstack/heat
Change-Id: I182c3fa58dc9af870e0da9f51ae1e22aa90d03e5
* Update ansible-role-tripleo-modify-image from branch 'master'
- Fix dnf repoquery regression
Fixed issue identified at https://review.opendev.org/#/c/664872/1 which
prevented full execution of yum_update.sh on dnf platforms because
`dnf repoquery` returned exit code 1 when repo did not exist.
Change-Id: I86918f292b6863d6cb0e4fd16e62409a7f9fa80a
* Update ansible-role-tripleo-modify-image from branch 'master'
- Merge "dev_install: fetch git/gerrit from opendev"
- dev_install: fetch git/gerrit from opendev
To avoid warning about the redirection, let's use the new URL.
Change-Id: I053ce25b7531fbec8bbca6dfb087acf13afcf511
* Update ansible-role-tripleo-modify-image from branch 'master'
- yum_update.sh: don't fail when plugin package is unavailable for install
Change-Id: Id1534e9d1005d48fc3893182e156503b703af405
* Update ansible-role-tripleo-modify-image from branch 'master'
- Use 'dnf repoquery' when system uses DNF
repoquery is part of dnf so we can use 'dnf repoquery' directly rather
than install dnf-utils, which isn't installed by default on e.g. RHEL8.
When using yum, command -v repoquery will still be used as it was
before this update.
Change-Id: Iea8822084988b23652e6d3f8b5828c05734158af