From 750a137815f1ca58c7e65d23e9d63403ea282b1a Mon Sep 17 00:00:00 2001 From: Michal Nasiadka Date: Wed, 14 Feb 2024 14:02:50 +0100 Subject: [PATCH] Move curl sources to sources.py Move most curl sources to sources.py, so it can be automatically updated in future. This also makes overriding the versions/locations/sha256 easier. Change-Id: Ib3497fe96162ae190e5c113cacaaa3ef8334f590 --- docker/etcd/Dockerfile.j2 | 14 +- .../letsencrypt-lego/Dockerfile.j2 | 17 +- .../prometheus-alertmanager/Dockerfile.j2 | 13 +- .../Dockerfile.j2 | 14 +- .../prometheus-cadvisor/Dockerfile.j2 | 17 +- .../Dockerfile.j2 | 14 +- .../Dockerfile.j2 | 14 +- .../prometheus-msteams/Dockerfile.j2 | 12 +- .../prometheus/prometheus-mtail/Dockerfile.j2 | 16 +- .../prometheus-mysqld-exporter/Dockerfile.j2 | 14 +- .../prometheus-node-exporter/Dockerfile.j2 | 20 +-- .../Dockerfile.j2 | 13 +- .../prometheus-ovn-exporter/Dockerfile.j2 | 24 +-- .../prometheus-v2-server/Dockerfile.j2 | 14 +- kolla/common/config.py | 21 ++- kolla/common/sources.py | 151 ++++++++++++++++++ kolla/image/kolla_worker.py | 1 + kolla/image/tasks.py | 12 ++ kolla/tests/test_build.py | 12 +- .../move-curl-sources-d8fac9c8c57445cf.yaml | 10 ++ 20 files changed, 259 insertions(+), 164 deletions(-) create mode 100644 releasenotes/notes/move-curl-sources-d8fac9c8c57445cf.yaml diff --git a/docker/etcd/Dockerfile.j2 b/docker/etcd/Dockerfile.j2 index 9fb067359b..c75c861f05 100644 --- a/docker/etcd/Dockerfile.j2 +++ b/docker/etcd/Dockerfile.j2 @@ -9,16 +9,12 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {{ macros.configure_user(name='etcd') }} -{% block etcd_repository_version %} -# NOTE(wszumski): It is suggested to upgrade one minor version at a time: -# https://github.com/etcd-io/website/blob/cf046546dec9e1dcea966dc21ea38027c3290e9a/content/en/docs/v3.4/upgrades/upgrade_3_4.md#upgrade-requirements -ARG etcd_version=v3.4.27 -ARG etcd_url=https://github.com/etcd-io/etcd/releases/download/${etcd_version}/etcd-${etcd_version}-linux-{{debian_arch}}.tar.gz -{% endblock %} +{% block etcd_install %} +ADD etcd-archive /etcd-source -RUN curl ${etcd_url} -o /tmp/etcd.tar.gz \ - && tar -C /usr/bin -xvz --strip-components=1 --wildcards '*/etcd' --wildcards '*/etcdctl' -f /tmp/etcd.tar.gz \ - && rm -f /tmp/etcd.tar.gz +RUN ln -s etcd-source/* etcd \ + && cp /etcd/etcd /etcd/etcdctl /usr/bin +{% endblock %} COPY etcd_sudoers /etc/sudoers.d/kolla_etcd_sudoers COPY extend_start.sh /usr/local/bin/kolla_extend_start diff --git a/docker/letsencrypt/letsencrypt-lego/Dockerfile.j2 b/docker/letsencrypt/letsencrypt-lego/Dockerfile.j2 index 47e9a5308c..4313c5e320 100755 --- a/docker/letsencrypt/letsencrypt-lego/Dockerfile.j2 +++ b/docker/letsencrypt/letsencrypt-lego/Dockerfile.j2 @@ -24,21 +24,10 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% endif %} {{ macros.install_packages(letsencrypt_lego_packages | customizable("packages")) }} -{% block letsencrypt_lego_repository_version %} -ARG letsencrypt_lego_version=4.6.0 -{% if debian_arch == 'arm64' %} -ARG letsencrypt_lego_sha256sum=f5cecda8880d04ffc394049852a797ec120aebf0203ab0f1b877a0cd89bb0b3e -{% else %} -ARG letsencrypt_lego_sha256sum=c0c408788cdec96a4697300211c3944a050bb3d62ed3525a5409c136c94e09cb -{% endif %} -ARG letsencrypt_lego_url=https://github.com/go-acme/lego/releases/download/v${letsencrypt_lego_version}/lego_v${letsencrypt_lego_version}_linux_{{debian_arch}}.tar.gz -{% endblock %} - {% block letsencrypt_lego_install %} -RUN curl -L -o /tmp/lego.tar.gz ${letsencrypt_lego_url} \ - && echo "${letsencrypt_lego_sha256sum} /tmp/lego.tar.gz" | sha256sum -c \ - && tar xvf /tmp/lego.tar.gz -C /opt/ \ - && rm -f /tmp/lego.tar.gz +ADD letsencrypt-lego-archive /lego-source + +RUN cp -r /lego-source/lego /opt/ {% endblock %} COPY letsencrypt-certificates.sh /usr/bin/letsencrypt-certificates diff --git a/docker/prometheus/prometheus-alertmanager/Dockerfile.j2 b/docker/prometheus/prometheus-alertmanager/Dockerfile.j2 index d8c7d6113b..babcac1d43 100644 --- a/docker/prometheus/prometheus-alertmanager/Dockerfile.j2 +++ b/docker/prometheus/prometheus-alertmanager/Dockerfile.j2 @@ -5,18 +5,9 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% block prometheus_alertmanager_header %}{% endblock %} -{% block prometheus_alertmanager_repository_version %} -ARG prometheus_alertmanager_version=0.26.0 -ARG prometheus_alertmanager_archive=alertmanager-${prometheus_alertmanager_version}.linux-{{debian_arch}}.tar.gz -ARG prometheus_alertmanager_sha256sums_url=https://github.com/prometheus/alertmanager/releases/download/v${prometheus_alertmanager_version}/sha256sums.txt -ARG prometheus_alertmanager_download_url=https://github.com/prometheus/alertmanager/releases/download/v${prometheus_alertmanager_version}/${prometheus_alertmanager_archive} -{% endblock %} - {% block prometheus_alertmanager_install %} -RUN cd /tmp && curl -o ${prometheus_alertmanager_archive} ${prometheus_alertmanager_download_url} \ - && curl ${prometheus_alertmanager_sha256sums_url} -w '' | sha256sum --ignore-missing -c - \ - && tar xvf /tmp/${prometheus_alertmanager_archive} -C /opt/ \ - && rm -f /tmp/${prometheus_alertmanager_archive} \ +ADD prometheus-alertmanager-archive /prometheus-alertmanager-source +RUN cp -r /prometheus-alertmanager-source/* /opt/ \ && ln -s /opt/alertmanager* /opt/prometheus_alertmanager {% endblock %} diff --git a/docker/prometheus/prometheus-blackbox-exporter/Dockerfile.j2 b/docker/prometheus/prometheus-blackbox-exporter/Dockerfile.j2 index d36d829b82..4b45bef8b2 100644 --- a/docker/prometheus/prometheus-blackbox-exporter/Dockerfile.j2 +++ b/docker/prometheus/prometheus-blackbox-exporter/Dockerfile.j2 @@ -7,11 +7,6 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% import "macros.j2" as macros with context %} -{% block prometheus_blackbox_exporter_repository_version %} -ARG blackbox_exporter_version=0.24.0 -ARG blackbox_exporter_url=https://github.com/prometheus/blackbox_exporter/releases/download/v${blackbox_exporter_version}/blackbox_exporter-${blackbox_exporter_version}.linux-{{debian_arch}}.tar.gz -{% endblock %} - {% if base_package_type == 'rpm' %} {% set blackbox_packages = [ 'libcap' @@ -25,10 +20,11 @@ ARG blackbox_exporter_url=https://github.com/prometheus/blackbox_exporter/releas {{ macros.install_packages(blackbox_packages | customizable("packages")) }} {% block prometheus_blackbox_exporter_install %} -RUN curl -o /tmp/blackbox_exporter.tar.gz ${blackbox_exporter_url} \ - && tar xvf /tmp/blackbox_exporter.tar.gz -C /opt/ \ - && rm -f /tmp/blackbox_exporter.tar.gz \ - && ln -s /opt/blackbox_exporter* /opt/blackbox_exporter \ +ADD prometheus-blackbox-exporter-archive /prometheus-blackbox-exporter-source + +RUN ln -s /prometheus-blackbox-exporter-source/* prometheus-blackbox-exporter \ + && mkdir -p /opt/blackbox_exporter/ \ + && cp /prometheus-blackbox-exporter/blackbox_exporter /opt/blackbox_exporter/ \ && setcap cap_net_raw+ep /opt/blackbox_exporter/blackbox_exporter {% endblock %} diff --git a/docker/prometheus/prometheus-cadvisor/Dockerfile.j2 b/docker/prometheus/prometheus-cadvisor/Dockerfile.j2 index bbd2e1c05d..f70de27f29 100644 --- a/docker/prometheus/prometheus-cadvisor/Dockerfile.j2 +++ b/docker/prometheus/prometheus-cadvisor/Dockerfile.j2 @@ -7,21 +7,10 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% import "macros.j2" as macros with context %} -{% block prometheus_cadvisor_repository_version %} -ARG prometheus_cadvisor_version=0.47.2 -{% if debian_arch == 'arm64' %} -ARG prometheus_cadvisor_sha256sum=a15ebac9c60cccbb035e4af83cd45211edac19f3204ed0614b3336fddf91444b -{% else %} -ARG prometheus_cadvisor_sha256sum=30602f675e9bcd39b0d4cd4bd9e83c0849dd4bb3a60a0544b9f2a6451a3facfe -{% endif %} -ARG prometheus_cadvisor_url=https://github.com/google/cadvisor/releases/download/v${prometheus_cadvisor_version}/cadvisor-v${prometheus_cadvisor_version}-linux-{{debian_arch}} -{% endblock %} - - {% block prometheus_cadvisor_install %} -RUN curl -o /tmp/cadvisor ${prometheus_cadvisor_url} \ - && echo "${prometheus_cadvisor_sha256sum} /tmp/cadvisor" | sha256sum -c \ - && mv /tmp/cadvisor /opt \ +ADD prometheus-cadvisor-archive /prometheus-cadvisor-source + +RUN cp /prometheus-cadvisor-source /opt/cadvisor \ && chmod 0755 /opt/cadvisor {% endblock %} diff --git a/docker/prometheus/prometheus-elasticsearch-exporter/Dockerfile.j2 b/docker/prometheus/prometheus-elasticsearch-exporter/Dockerfile.j2 index f5f09493a4..8721b5c238 100644 --- a/docker/prometheus/prometheus-elasticsearch-exporter/Dockerfile.j2 +++ b/docker/prometheus/prometheus-elasticsearch-exporter/Dockerfile.j2 @@ -5,16 +5,12 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% block prometheus_elasticsearch_exporter_header %}{% endblock %} -{% block prometheus_elasticsearch_exporter_repository_version %} -ARG elasticsearch_exporter_version=1.6.0 -ARG elasticsearch_exporter_url=https://github.com/prometheus-community/elasticsearch_exporter/releases/download/v${elasticsearch_exporter_version}/elasticsearch_exporter-${elasticsearch_exporter_version}.linux-{{debian_arch}}.tar.gz -{% endblock %} - {% block prometheus_elasticsearch_exporter_install %} -RUN curl -o /tmp/elasticsearch_exporter.tar.gz ${elasticsearch_exporter_url} \ - && tar xvf /tmp/elasticsearch_exporter.tar.gz -C /opt/ \ - && rm -f /tmp/elasticsearch_exporter.tar.gz \ - && ln -s /opt/elasticsearch_exporter* /opt/elasticsearch_exporter +ADD prometheus-elasticsearch-exporter-archive /prometheus-elasticsearch-exporter-source + +RUN ln -s /prometheus-elasticsearch-exporter-source/* prometheus-elasticsearch-exporter \ + && mkdir -p /opt/elasticsearch_exporter \ + && cp /prometheus-elasticsearch-exporter/elasticsearch_exporter /opt/elasticsearch_exporter/ {% endblock %} {% block prometheus_elasticsearch_exporter_footer %}{% endblock %} diff --git a/docker/prometheus/prometheus-memcached-exporter/Dockerfile.j2 b/docker/prometheus/prometheus-memcached-exporter/Dockerfile.j2 index 0f96dd81aa..d288cce98c 100644 --- a/docker/prometheus/prometheus-memcached-exporter/Dockerfile.j2 +++ b/docker/prometheus/prometheus-memcached-exporter/Dockerfile.j2 @@ -5,16 +5,12 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% block prometheus_memcached_exporter_header %}{% endblock %} -{% block prometheus_memcached_exporter_repository_version %} -ARG memcached_exporter_version=0.13.0 -ARG memcached_exporter_url=https://github.com/prometheus/memcached_exporter/releases/download/v${memcached_exporter_version}/memcached_exporter-${memcached_exporter_version}.linux-{{debian_arch}}.tar.gz -{% endblock %} - {% block prometheus_memcached_exporter_install %} -RUN curl -o /tmp/memcached_exporter.tar.gz ${memcached_exporter_url} \ - && tar xvf /tmp/memcached_exporter.tar.gz -C /opt/ \ - && rm -f /tmp/memcached_exporter.tar.gz \ - && ln -s /opt/memcached_exporter* /opt/memcached_exporter +ADD prometheus-memcached-exporter-archive /prometheus-memcached-exporter-source + +RUN ln -s /prometheus-memcached-exporter-source/* prometheus-memcached-exporter \ + && mkdir -p /opt/memcached_exporter/ \ + && cp /prometheus-memcached-exporter/memcached_exporter /opt/memcached_exporter/ {% endblock %} {% block prometheus_memcached_exporter_footer %}{% endblock %} diff --git a/docker/prometheus/prometheus-msteams/Dockerfile.j2 b/docker/prometheus/prometheus-msteams/Dockerfile.j2 index 78e810bda8..e05eb20b6b 100644 --- a/docker/prometheus/prometheus-msteams/Dockerfile.j2 +++ b/docker/prometheus/prometheus-msteams/Dockerfile.j2 @@ -5,16 +5,10 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% block prometheus_msteams_header %}{% endblock %} -{% block prometheus_msteams_repository_version %} -ARG prometheus_msteams_version=1.5.2 -ARG prometheus_msteams_sha256sum=0f4df9ee31e655d1ec876ea2c53ab5ae5b07143ef21b9190e61b4d52839e135c -ARG prometheus_msteams_url=https://github.com/prometheus-msteams/prometheus-msteams/releases/download/v${prometheus_msteams_version}/prometheus-msteams-linux-{{debian_arch}} -{% endblock %} - {% block prometheus_msteams_install %} -RUN curl -o /tmp/prometheus-msteams ${prometheus_msteams_url} \ - && echo "${prometheus_msteams_sha256sum} /tmp/prometheus-msteams" | sha256sum -c \ - && mv /tmp/prometheus-msteams /opt \ +ADD prometheus-msteams-archive /prometheus-msteams-source + +RUN cp /prometheus-msteams-source /opt/prometheus-msteams \ && chmod 0755 /opt/prometheus-msteams \ && mkdir -p /etc/msteams {% endblock %} diff --git a/docker/prometheus/prometheus-mtail/Dockerfile.j2 b/docker/prometheus/prometheus-mtail/Dockerfile.j2 index c7607ee278..6966ffed8a 100644 --- a/docker/prometheus/prometheus-mtail/Dockerfile.j2 +++ b/docker/prometheus/prometheus-mtail/Dockerfile.j2 @@ -5,20 +5,10 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% block prometheus_mtail_header %}{% endblock %} -{% block prometheus_mtail_version %} - -ARG prometheus_mtail_version=3.0.0-rc52 -{% if debian_arch == 'amd64' %} -ARG prometheus_mtail_url=https://github.com/google/mtail/releases/download/v${prometheus_mtail_version}/mtail_${prometheus_mtail_version}_linux_amd64.tar.gz -{% else %} -ARG prometheus_mtail_url=https://github.com/google/mtail/releases/download/v${prometheus_mtail_version}/mtail_${prometheus_mtail_version}_linux_{{debian_arch}}.tar.gz -{% endif %} -{% endblock %} - {% block prometheus_mtail_install %} -RUN curl -o /tmp/mtail.tar.gz ${prometheus_mtail_url} \ - && tar xvf /tmp/mtail.tar.gz -C /opt/ \ - && rm -f /tmp/mtail.tar.gz +ADD prometheus-mtail-archive /prometheus-mtail-source + +RUN cp /prometheus-mtail-source/* /opt/ {% endblock %} {% block prometheus_mtail_footer %}{% endblock %} diff --git a/docker/prometheus/prometheus-mysqld-exporter/Dockerfile.j2 b/docker/prometheus/prometheus-mysqld-exporter/Dockerfile.j2 index 1f1342bf24..c1054dc5e0 100644 --- a/docker/prometheus/prometheus-mysqld-exporter/Dockerfile.j2 +++ b/docker/prometheus/prometheus-mysqld-exporter/Dockerfile.j2 @@ -5,16 +5,12 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% block mysqld_exporter_header %}{% endblock %} -{% block mysqld_exporter_repository_version %} -ARG mysqld_exporter_version=0.15.0 -ARG mysqld_exporter_url=https://github.com/prometheus/mysqld_exporter/releases/download/v${mysqld_exporter_version}/mysqld_exporter-${mysqld_exporter_version}.linux-{{debian_arch}}.tar.gz -{% endblock %} - {% block mysqld_exporter_install %} -RUN curl -o /tmp/mysqld_exporter.tar.gz ${mysqld_exporter_url} \ - && tar xvf /tmp/mysqld_exporter.tar.gz -C /opt/ \ - && rm -f /tmp/mysqld_exporter.tar.gz \ - && ln -s /opt/mysqld_exporter* /opt/mysqld_exporter +ADD prometheus-mysqld-exporter-archive /prometheus-mysqld-exporter-source + +RUN ln -s /prometheus-mysqld-exporter-source/* prometheus-mysqld-exporter \ + && mkdir -p /opt/mysqld_exporter \ + && cp /prometheus-mysqld-exporter/mysqld_exporter /opt/mysqld_exporter/ {% endblock %} {% block mysqld_exporter_footer %}{% endblock %} diff --git a/docker/prometheus/prometheus-node-exporter/Dockerfile.j2 b/docker/prometheus/prometheus-node-exporter/Dockerfile.j2 index 1a639ff82e..5e8cd361d2 100644 --- a/docker/prometheus/prometheus-node-exporter/Dockerfile.j2 +++ b/docker/prometheus/prometheus-node-exporter/Dockerfile.j2 @@ -5,22 +5,12 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% block node_exporter_header %}{% endblock %} -{% block node_exporter_repository_version %} -ARG node_exporter_version=1.7.0 -{% if debian_arch == 'arm64' %} -ARG node_exporter_sha256sum=e386c7b53bc130eaf5e74da28efc6b444857b77df8070537be52678aefd34d96 -{% else %} -ARG node_exporter_sha256sum=a550cd5c05f760b7934a2d0afad66d2e92e681482f5f57a917465b1fba3b02a6 -{% endif %} -ARG node_exporter_url=https://github.com/prometheus/node_exporter/releases/download/v{$node_exporter_version}/node_exporter-${node_exporter_version}.linux-{{debian_arch}}.tar.gz -{% endblock %} - {% block node_exporter_install %} -RUN curl -o /tmp/node_exporter.tar.gz ${node_exporter_url} \ - && echo "${node_exporter_sha256sum} /tmp/node_exporter.tar.gz" | sha256sum -c \ - && tar xvf /tmp/node_exporter.tar.gz -C /opt/ \ - && rm -f /tmp/node_exporter.tar.gz \ - && ln -s /opt/node_exporter* /opt/node_exporter +ADD prometheus-node-exporter-archive /prometheus-node-exporter-source + +RUN ln -s /prometheus-node-exporter-source/* prometheus-node-exporter \ + && mkdir -p /opt/node_exporter/ \ + && cp /prometheus-node-exporter/node_exporter /opt/node_exporter/ {% endblock %} {% block node_exporter_footer %}{% endblock %} diff --git a/docker/prometheus/prometheus-openstack-exporter/Dockerfile.j2 b/docker/prometheus/prometheus-openstack-exporter/Dockerfile.j2 index e13957637b..d5066973d1 100644 --- a/docker/prometheus/prometheus-openstack-exporter/Dockerfile.j2 +++ b/docker/prometheus/prometheus-openstack-exporter/Dockerfile.j2 @@ -5,16 +5,11 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% block prometheus_openstack_exporter_header %}{% endblock %} -{% block prometheus_openstack_exporter_repository_version %} -ARG prometheus_openstack_exporter_version=1.6.0 -ARG prometheus_openstack_exporter_url=https://github.com/openstack-exporter/openstack-exporter/releases/download/v${prometheus_openstack_exporter_version}/openstack-exporter_${prometheus_openstack_exporter_version}_linux_{{debian_arch}}.tar.gz -{% endblock %} - {% block prometheus_openstack_exporter_install %} -RUN curl -o /tmp/prometheus_openstack_exporter.tar.gz ${prometheus_openstack_exporter_url} \ - && mkdir /opt/openstack-exporter \ - && tar xvf /tmp/prometheus_openstack_exporter.tar.gz -C /opt/openstack-exporter \ - && rm -f /tmp/prometheus_openstack_exporter.tar.gz +ADD prometheus-openstack-exporter-archive /prometheus-openstack-exporter-source + +RUN mkdir /opt/openstack-exporter \ + && cp /prometheus-openstack-exporter-source/openstack-exporter /opt/openstack-exporter/ {% endblock %} {% block prometheus_openstack_exporter_footer %}{% endblock %} diff --git a/docker/prometheus/prometheus-ovn-exporter/Dockerfile.j2 b/docker/prometheus/prometheus-ovn-exporter/Dockerfile.j2 index cca3983721..6e7dca7453 100644 --- a/docker/prometheus/prometheus-ovn-exporter/Dockerfile.j2 +++ b/docker/prometheus/prometheus-ovn-exporter/Dockerfile.j2 @@ -5,29 +5,11 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% block prometheus_ovn_exporter_header %}{% endblock %} -{% block prometheus_ovn_exporter_repository_version %} - -{% if base_arch == 'x86_64' %} -ARG ovn_arch=amd64 -{% elif base_arch == 'aarch64' %} -ARG ovn_arch=arm64 -{% endif %} - -ARG prometheus_ovn_version=1.0.7 -ARG prometheus_ovn_cksum_url=https://github.com/greenpau/ovn_exporter/releases/download/v${prometheus_ovn_version}/checksums.txt -ARG ovn_exporter_tgz=ovn-exporter_${prometheus_ovn_version}_linux_${ovn_arch}.tar.gz -ARG prometheus_ovn_url=https://github.com/greenpau/ovn_exporter/releases/download/v${prometheus_ovn_version}/${ovn_exporter_tgz} -{% endblock %} - {% block prometheus_ovn_exporter_install %} -RUN curl -Lo /tmp/${ovn_exporter_tgz} ${prometheus_ovn_url} \ - && curl -Lo /tmp/checksums.txt ${prometheus_ovn_cksum_url} \ - && cd /tmp \ - && sha256sum --ignore-missing -c /tmp/checksums.txt \ - && tar xvf /tmp/${ovn_exporter_tgz} -C /opt/ \ - && rm -f /tmp/${ovn_exporter_tgz} \ - && rm -f /tmp/checksums.txt +ADD prometheus-ovn-exporter-archive /prometheus-ovn-exporter-source + +RUN cp /prometheus-ovn-exporter-source/* /opt/ {% endblock %} {% block prometheus_ovn_exporter_footer %}{% endblock %} diff --git a/docker/prometheus/prometheus-v2-server/Dockerfile.j2 b/docker/prometheus/prometheus-v2-server/Dockerfile.j2 index 55ed69a1b7..f77fb158ff 100644 --- a/docker/prometheus/prometheus-v2-server/Dockerfile.j2 +++ b/docker/prometheus/prometheus-v2-server/Dockerfile.j2 @@ -5,16 +5,12 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% block prometheus_v2_server_header %}{% endblock %} -{% block prometheus_v2_server_repository_version %} -ARG prometheus_version=2.48.0 -ARG prometheus_url=https://github.com/prometheus/prometheus/releases/download/v${prometheus_version}/prometheus-${prometheus_version}.linux-{{debian_arch}}.tar.gz -{% endblock %} - {% block prometheus_v2_server_install %} -RUN curl -o /tmp/prometheus.tar.gz ${prometheus_url} \ - && tar xvf /tmp/prometheus.tar.gz -C /opt/ \ - && rm -f /tmp/prometheus.tar.gz \ - && ln -s /opt/prometheus* /opt/prometheus \ +ADD prometheus-v2-server-archive /prometheus-server-source + +RUN ln -s /prometheus-server-source/* prometheus-server \ + && mkdir -p /opt/prometheus \ + && cp -r /prometheus-server/* /opt/prometheus/ \ && mkdir -p /etc/prometheus /data {% endblock %} diff --git a/kolla/common/config.py b/kolla/common/config.py index 03616fe87a..b1a2e396b0 100644 --- a/kolla/common/config.py +++ b/kolla/common/config.py @@ -137,6 +137,10 @@ _PROFILE_OPTS = [ ] hostarch = os.uname()[4] +if hostarch == 'aarch64': + debianarch = 'arm64' +elif hostarch == 'x86_64': + debianarch = 'amd64' _CLI_OPTS = [ cfg.StrOpt('base', short='b', default='rocky', @@ -149,6 +153,7 @@ _CLI_OPTS = [ cfg.StrOpt('base-arch', default=hostarch, choices=BASE_ARCH, help='The base architecture. Default is same as host.'), + cfg.StrOpt('debian-arch', default=debianarch), cfg.BoolOpt('use-dumb-init', default=True, help='Use dumb-init as init system in containers'), cfg.BoolOpt('debug', short='d', default=False, @@ -286,7 +291,8 @@ _BASE_OPTS = [ ] -def get_source_opts(type_=None, location=None, reference=None, enabled=True): +def get_source_opts(type_=None, location=None, reference=None, enabled=True, + version=None, sha256=None): return [cfg.StrOpt('type', choices=['local', 'git', 'url'], default=type_, help='Source location type'), @@ -296,7 +302,11 @@ def get_source_opts(type_=None, location=None, reference=None, enabled=True): help=('Git reference to pull, commit sha, tag ' 'or branch name')), cfg.BoolOpt('enabled', default=enabled, - help=('Whether the source is enabled'))] + help=('Whether the source is enabled')), + cfg.StrOpt('version', default=version, + help=('Package version to download for GitHub ' + 'sources')), + cfg.DictOpt('sha256', default=sha256)] def get_user_opts(uid, gid, group): @@ -324,7 +334,10 @@ def gen_all_source_opts(): location = params['location'] reference = params.get('reference') enabled = params.get('enabled', True) - yield name, get_source_opts(type_, location, reference, enabled) + version = params.get('version') + sha256 = params.get('sha256') + yield name, get_source_opts(type_, location, reference, enabled, + version, sha256) def list_opts(): @@ -364,3 +377,5 @@ def parse(conf, args, usage=None, prog=None, if not conf.base_image: conf.base_image = DEFAULT_BASE_TAGS[conf.base]['name'] + + conf.debian_arch = 'amd64' diff --git a/kolla/common/sources.py b/kolla/common/sources.py index dd99fd96a1..3ce744dadd 100644 --- a/kolla/common/sources.py +++ b/kolla/common/sources.py @@ -55,6 +55,17 @@ SOURCES = { 'type': 'url', 'location': ('$tarballs_base/openstack/designate/' 'designate-${openstack_branch}.tar.gz')}, + 'etcd': { + # NOTE(wszumski): It is suggested to upgrade one minor version at a time: + # https://github.com/etcd-io/website/blob/cf046546dec9e1dcea966dc21ea38027c3290e9a/content/en/docs/v3.4/upgrades/upgrade_3_4.md#upgrade-requirements + 'version': '3.4.27', + 'type': 'url', + 'sha256': { + 'amd64': 'a32d21e006252dbc3405b0645ba8468021ed41376974b573285927bf39b39eb9', # noqa: E501 + 'arm64': 'ed7e257c225b9b9545fac22246b97f4074a4b5109676e92dbaebfb9315b69cc0'}, # noqa: E501 + 'location': ('https://github.com/etcd-io/etcd/' + 'releases/download/v${version}' + '/etcd-v${version}-linux-${debian_arch}.tar.gz')}, 'freezer-api': { 'type': 'url', 'location': ('$tarballs_base/openstack/freezer-api/' @@ -193,6 +204,15 @@ SOURCES = { 'type': 'url', 'location': ('$tarballs_base/openstack/kuryr-libnetwork/' 'kuryr-libnetwork-${openstack_branch}.tar.gz')}, + 'letsencrypt-lego': { + 'version': 'v4.6.0', + 'type': 'url', + 'sha256': { + 'amd64': 'c0c408788cdec96a4697300211c3944a050bb3d62ed3525a5409c136c94e09cb', # noqa: E501 + 'arm64': 'f5cecda8880d04ffc394049852a797ec120aebf0203ab0f1b877a0cd89bb0b3e'}, # noqa: E501 + 'location': ('https://github.com/go-acme/lego/' + 'releases/download/${version}/' + 'lego_${version}_linux_${debian_arch}.tar.gz')}, 'magnum-base': { 'type': 'url', 'location': ('$tarballs_base/openstack/magnum/' @@ -277,6 +297,137 @@ SOURCES = { 'type': 'url', 'location': ('$tarballs_base/openstack/placement/' 'placement-${openstack_branch}.tar.gz')}, + 'prometheus-alertmanager': { + 'version': '0.26.0', + 'type': 'url', + 'sha256': { + 'amd64': 'abd73e2ee6bf67d3888699660abbecba7b076bf1f9459a3a8999d493b149ffa6', # noqa: E501 + 'arm64': 'f65969661821570929ad34cf64e034fe72c8e014855d244321c67a0c3ce3fc08'}, # noqa: E501 + 'location': ('https://github.com/' + 'prometheus/alertmanager/' + 'releases/download/v${version}/' + 'alertmanager' + '-${version}.linux-${debian_arch}.tar.gz')}, + 'prometheus-blackbox-exporter': { + 'version': '0.24.0', + 'type': 'url', + 'sha256': { + 'amd64': '81b36cece040491ac0d9995db2a0964c40e24838a03a151c3333a7dc3eef94ff', # noqa: E501 + 'arm64': 'acbbedf03de862fa833bc4dd810e63f105cb44e47abf493192fce3451852dc58'}, # noqa: E501 + 'location': ('https://github.com/' + 'prometheus/blackbox_exporter/' + 'releases/download/v${version}/' + 'blackbox_exporter' + '-${version}.linux-${debian_arch}.tar.gz')}, + 'prometheus-cadvisor': { + 'version': '0.47.2', + 'type': 'url', + 'sha256': { + 'amd64': '30602f675e9bcd39b0d4cd4bd9e83c0849dd4bb3a60a0544b9f2a6451a3facfe', # noqa: E501 + 'arm64': 'a15ebac9c60cccbb035e4af83cd45211edac19f3204ed0614b3336fddf91444b'}, # noqa: E501 + 'location': ('https://github.com/' + 'google/cadvisor/' + 'releases/download/v${version}/' + 'cadvisor' + '-v${version}-linux-${debian_arch}')}, + 'prometheus-elasticsearch-exporter': { + 'version': '1.6.0', + 'type': 'url', + 'sha256': { + 'amd64': 'ce16d7ba4e1e87895ea5881dc6a242d9fbd9ccfd68c217248c88d8dcd519cc35', # noqa: E501 + 'arm64': '250d8351a02daf1c631fb37dd4bb95bdb5dcf16196a8ca0ca0db6107ce5bb795'}, # noqa: E501 + 'location': ('https://github.com/' + 'prometheus-community/elasticsearch_exporter/' + 'releases/download/v${version}/' + 'elasticsearch_exporter' + '-${version}.linux-${debian_arch}.tar.gz')}, + 'prometheus-memcached-exporter': { + 'version': '0.13.0', + 'type': 'url', + 'sha256': { + 'amd64': 'ba6a218a36ce121fdcfd403ceb4874d1943903aa5aaa664ada3b953bad3b9f1c', # noqa: E501 + 'arm64': '546a6d40c1e5ece56099e4538de5dfd577fc65d2d5aa3aa507269a203540cb44'}, # noqa: E501 + 'location': ('https://github.com/' + 'prometheus/memcached_exporter/' + 'releases/download/v${version}/' + 'memcached_exporter' + '-${version}.linux-${debian_arch}.tar.gz')}, + 'prometheus-msteams': { + 'version': '1.5.2', + 'type': 'url', + 'sha256': { + 'amd64': '0f4df9ee31e655d1ec876ea2c53ab5ae5b07143ef21b9190e61b4d52839e135c'}, # noqa: E501 + 'location': ('https://github.com/' + 'prometheus-msteams/prometheus-msteams/' + 'releases/download/v${version}/' + 'prometheus-msteams' + '-linux-${debian_arch}')}, + 'prometheus-mtail': { + 'version': '3.0.0-rc52', + 'type': 'url', + 'sha256': { + 'amd64': '96fb8b40579dd281c5c0487d2e1b06350099db82b4539c912370b26198027bc9', # noqa: E501 + 'arm64': 'f7f67545ca2bc7a82bf485287af93af73699e5f86a3a0d5ac2e3c6acdba97baf'}, # noqa: E501 + 'location': ('https://github.com/' + 'google/mtail/' + 'releases/download/v${version}/' + 'mtail' + '_${version}_linux_${debian_arch}.tar.gz')}, + 'prometheus-mysqld-exporter': { + 'version': '0.15.0', + 'type': 'url', + 'sha256': { + 'amd64': '3973db1c46b0323a957a43916b759ee71ddab9096958ce78401fdff894b0dc51', # noqa: E501 + 'arm64': '7de13ac71ac17e345b0da0a97330a81492dc3a811fe8143c90f010b6e012acf8'}, # noqa: E501 + 'location': ('https://github.com/' + 'prometheus/mysqld_exporter/' + 'releases/download/v${version}/' + 'mysqld_exporter' + '-${version}.linux-${debian_arch}.tar.gz')}, + 'prometheus-node-exporter': { + 'version': '1.7.0', + 'type': 'url', + 'sha256': { + 'amd64': 'a550cd5c05f760b7934a2d0afad66d2e92e681482f5f57a917465b1fba3b02a6', # noqa: E501 + 'arm64': 'e386c7b53bc130eaf5e74da28efc6b444857b77df8070537be52678aefd34d96'}, # noqa: E501 + 'location': ('https://github.com/' + 'prometheus/node_exporter/' + 'releases/download/v${version}/' + 'node_exporter' + '-${version}.linux-${debian_arch}.tar.gz')}, + 'prometheus-openstack-exporter': { + 'version': '1.6.0', + 'type': 'url', + 'sha256': { + 'amd64': '80bfe3696e6d953b56b1b5cbbc8cb5c44c533cdfc84e31eb50877c07c92f8ec0', # noqa: E501 + 'arm64': 'd64cfb48b06e6fab5933d438d296fd391a020a59429bbf1149b1b638b2a3f780'}, # noqa: E501 + 'location': ('https://github.com/' + 'openstack-exporter/openstack-exporter/' + 'releases/download/v${version}/' + 'openstack-exporter' + '_${version}_linux_${debian_arch}.tar.gz')}, + 'prometheus-ovn-exporter': { + 'version': '1.0.7', + 'type': 'url', + 'sha256': { + 'amd64': '38d9874ddca1581574a7fa0a28ea53447a57dada37bb1385adeb766e6e819de0', # noqa: E501 + 'arm64': 'e03f6a5ab4cf2855a498697026981273ce3c9ff16bd9bb6c97fd7f1344ec2067'}, # noqa: E501 + 'location': ('https://github.com/' + 'greenpau/ovn_exporter/' + 'releases/download/v${version}/' + 'ovn-exporter' + '_${version}_linux_${debian_arch}.tar.gz')}, + 'prometheus-v2-server': { + 'version': '2.48.0', + 'type': 'url', + 'sha256': { + 'amd64': '5871ca9e01ae35bb7ab7a129a845a7a80f0e1453f00f776ac564dd41ff4d754e', # noqa: E501 + 'arm64': 'c6e85f7b4fd0785df48266c1ee53975f862996a99b7d96520dc730e65da7bcf6'}, # noqa: E501 + 'location': ('https://github.com/' + 'prometheus/prometheus/' + 'releases/download/v${version}/' + 'prometheus' + '-${version}.linux-${debian_arch}.tar.gz')}, 'sahara-base': { 'type': 'url', 'location': ('$tarballs_base/openstack/sahara/' diff --git a/kolla/image/kolla_worker.py b/kolla/image/kolla_worker.py index 3ea290d06c..b959ec7540 100644 --- a/kolla/image/kolla_worker.py +++ b/kolla/image/kolla_worker.py @@ -636,6 +636,7 @@ class KollaWorker(object): if installation['type'] == 'git': installation['reference'] = self.conf[section]['reference'] installation['enabled'] = self.conf[section]['enabled'] + installation['sha256'] = self.conf[section]['sha256'] return installation all_sections = (set(self.conf._groups.keys()) | diff --git a/kolla/image/tasks.py b/kolla/image/tasks.py index c6cde6bbe6..e9790b708d 100644 --- a/kolla/image/tasks.py +++ b/kolla/image/tasks.py @@ -12,6 +12,7 @@ import datetime import errno +import hashlib import json import os import shutil @@ -198,6 +199,17 @@ class BuildTask(EngineTask): return if r.status_code == 200: + if source.get('sha256'): + conf_sha = source['sha256'][self.conf.debian_arch] + computed_sha = hashlib.sha256(r.content).hexdigest() + if conf_sha != computed_sha: + self.logger.error("%s SHA256 checksum does not match" + "(configured: %s, computed: %s)", + source['source'], + conf_sha, + computed_sha) + image.status = Status.ERROR + return with open(dest_archive, 'wb') as f: f.write(r.content) else: diff --git a/kolla/tests/test_build.py b/kolla/tests/test_build.py index 1aa0b3a9dd..7ffa6827a5 100644 --- a/kolla/tests/test_build.py +++ b/kolla/tests/test_build.py @@ -293,6 +293,15 @@ class TasksTest(base.TestCase): {'source': 'http://fake/source4', 'type': None, 'name': 'fake-image-base4', 'reference': 'http://fake/reference4', + 'enabled': True}, + {'source': 'http://fake/source${version}', + 'type': 'url', + 'name': 'fake-image-base5', + 'version': '5', + 'enabled': True}, + {'source': 'http://fake/source${debian_arch}', + 'type': 'url', + 'name': 'fake-image-base6', 'enabled': True}]: self.image.source = source push_queue = mock.Mock() @@ -499,7 +508,8 @@ class KollaWorkerTest(base.TestCase): 'reference': 'master', 'source': 'https://opendev.org/x/networking-arista', 'type': 'git', - 'enabled': True + 'enabled': True, + 'sha256': None } found = False diff --git a/releasenotes/notes/move-curl-sources-d8fac9c8c57445cf.yaml b/releasenotes/notes/move-curl-sources-d8fac9c8c57445cf.yaml new file mode 100644 index 0000000000..b4a2f20dbd --- /dev/null +++ b/releasenotes/notes/move-curl-sources-d8fac9c8c57445cf.yaml @@ -0,0 +1,10 @@ +--- +features: + - | + Adds support for overriding Prometheus, Let's Encrypt lego and etcd source + urls, versions and sha256 sums using ``kolla-build.conf``. +upgrade: + - | + Overriding Prometheus/Let's Encrypt lego and etcd source urls, versions + and sha256 sums using ``template-overrides.j2`` is not supported anymore. + Please migrate those overrides to ``kolla-build.conf``.