From 878b00013b01e3d02a704ce7c9fac1629cd1a705 Mon Sep 17 00:00:00 2001 From: Marcin Juszkiewicz Date: Tue, 5 Apr 2022 16:53:34 +0200 Subject: [PATCH] Move to CentOS Stream 9 OpenStack 'zed' requires Python 3.8+ so RHEL 8 family has to go. This changeset moves to CentOS Stream 9 while move to RockyLinux 9 is planned as final solution. CI moved to CentOS Stream 9 nodes. Depends-on: https://review.opendev.org/c/openstack/kolla-ansible/+/839715 Change-Id: I113b9984294cf8663d3fc0c8840320e1d40ea731 --- .zuul.d/base.yaml | 8 +-- .zuul.d/centos.yaml | 62 +++++++++---------- docker/base/Dockerfile.j2 | 51 +++++++++------ docker/base/mariadb-aarch64.repo | 6 -- docker/base/mariadb.repo | 2 +- docker/base/rabbitmq_rabbitmq-erlang.repo | 1 + docker/bifrost/bifrost-base/Dockerfile.j2 | 6 ++ docker/collectd/Dockerfile.j2 | 3 - docker/cron/Dockerfile.j2 | 5 ++ docker/cron/extend_start.sh | 20 +++--- docker/cron/logrotate | 18 ++++++ docker/horizon/Dockerfile.j2 | 1 - docker/iscsid/Dockerfile.j2 | 3 +- docker/keystone/keystone-base/Dockerfile.j2 | 2 - docker/kolla-toolbox/Dockerfile.j2 | 2 +- docker/mariadb/mariadb-server/Dockerfile.j2 | 2 +- docker/neutron/neutron-base/extend_start.sh | 38 ++++++------ docker/nova/nova-compute/Dockerfile.j2 | 4 +- docker/nova/nova-libvirt/Dockerfile.j2 | 1 - docker/openstack-base/Dockerfile.j2 | 3 +- .../prometheus-libvirt-exporter/Dockerfile.j2 | 2 + docker/rabbitmq/Dockerfile.j2 | 2 +- docker/vitrage/vitrage-base/Dockerfile.j2 | 1 - docker/watcher/watcher-base/Dockerfile.j2 | 1 - kolla/common/config.py | 10 ++- kolla/image/build.py | 12 +++- kolla/template/repos.yaml | 14 ++--- kolla/tests/test_build.py | 5 +- kolla/tests/test_methods.py | 4 +- .../centos-stream-9-ec4591d83c22b509.yaml | 4 ++ tests/playbooks/pre.yml | 16 +++-- tests/templates/template_overrides.j2 | 4 +- 32 files changed, 176 insertions(+), 137 deletions(-) delete mode 100644 docker/base/mariadb-aarch64.repo create mode 100755 docker/cron/logrotate create mode 100644 releasenotes/notes/centos-stream-9-ec4591d83c22b509.yaml diff --git a/.zuul.d/base.yaml b/.zuul.d/base.yaml index d16c76df15..bca6f1dff5 100644 --- a/.zuul.d/base.yaml +++ b/.zuul.d/base.yaml @@ -55,10 +55,10 @@ 0M27tl+OWHO3KkfFR4tWc3dws3r1kYjQeds0adBHyYD0eL8SJfwZkbtojAQ1JM= - nodeset: - name: kolla-centos8-stream + name: kolla-centos-9-stream nodes: - name: primary - label: centos-8-stream + label: centos-9-stream - nodeset: name: kolla-ubuntu-jammy @@ -73,10 +73,10 @@ label: debian-bullseye - nodeset: - name: kolla-centos8-stream-aarch64 + name: kolla-centos-9-stream-aarch64 nodes: - name: primary - label: centos-8-stream-arm64 + label: centos-9-stream-arm64 - nodeset: name: kolla-debian-bullseye-aarch64 diff --git a/.zuul.d/centos.yaml b/.zuul.d/centos.yaml index 6a9e0efa17..e05ec0c8b8 100644 --- a/.zuul.d/centos.yaml +++ b/.zuul.d/centos.yaml @@ -1,43 +1,41 @@ --- -- job: - name: kolla-build-centos8s - parent: kolla-base - nodeset: kolla-centos8-stream - vars: - base_distro: centos - base_distro_version: stream8 +- project: + check: + jobs: + - kolla-build-centos9s + - kolla-ansible-centos9s-source: + vars: + kolla_python_version: "3.9" + check-arm64: + jobs: + - kolla-build-centos9s-aarch64 + gate: + jobs: + - kolla-build-centos9s + - kolla-ansible-centos9s-source: + vars: + kolla_python_version: "3.9" + experimental: + jobs: + - kolla-build-no-infra-wheels-centos9s - job: - name: kolla-build-centos8s-aarch64 - parent: kolla-build-centos8s - nodeset: kolla-centos8-stream-aarch64 + name: kolla-build-centos9s + parent: kolla-base + nodeset: kolla-centos-9-stream + vars: + base_distro: centos voting: false - job: - name: kolla-publish-centos8s-dockerhub - parent: kolla-build-centos8s - post-run: tests/playbooks/publish.yml - vars: - publisher: true - kolla_registry: dockerhub - kolla_namespace: kolla - secrets: - - kolla_dockerhub_creds + name: kolla-build-centos9s-aarch64 + parent: kolla-build-centos9s + nodeset: kolla-centos-9-stream-aarch64 + voting: false - job: - name: kolla-publish-centos8s-quay - parent: kolla-build-centos8s - post-run: tests/playbooks/publish.yml - vars: - publisher: true - kolla_registry: quay.io - kolla_namespace: openstack.kolla - secrets: - - kolla_quay_io_creds - -- job: - name: kolla-build-no-infra-wheels-centos8s + name: kolla-build-no-infra-wheels-centos9s parent: kolla-build-no-infra-wheels-base - nodeset: kolla-centos8-stream + nodeset: kolla-centos-9-stream vars: base_distro: centos diff --git a/docker/base/Dockerfile.j2 b/docker/base/Dockerfile.j2 index a25be51c5e..13af63149d 100644 --- a/docker/base/Dockerfile.j2 +++ b/docker/base/Dockerfile.j2 @@ -62,10 +62,14 @@ COPY dnf.conf /etc/dnf/dnf.conf {% endblock %} #### BEGIN REPO ENABLEMENT +{# +Repo files not available for CentOS Stream 9: + 'elasticsearch.repo', # signed with SHA1 key https://github.com/elastic/elasticsearch/issues/85876 + 'grafana.repo', # signed with SHA1 key https://github.com/grafana/grafana/issues/41036 + 'proxysql.repo', # no repository yet for RHEL9 family + #} {% set base_yum_repo_files = [ - 'elasticsearch.repo', - 'grafana.repo', - 'proxysql.repo', + 'mariadb.repo', 'rabbitmq_rabbitmq-server.repo', 'td.repo', ] %} @@ -73,35 +77,41 @@ COPY dnf.conf /etc/dnf/dnf.conf {% set base_yum_url_packages = [ ] %} -{% set base_yum_repo_keys = [ +{# +SHA1 keys are not supported in RHEL9: https://github.com/rpm-software-management/rpm/issues/1977 'https://artifacts.elastic.co/GPG-KEY-elasticsearch', 'https://packages.grafana.com/gpg.key', + #} +{% set base_yum_repo_keys = [ 'https://downloads.mariadb.com/MariaDB/RPM-GPG-KEY-MariaDB', - 'https://repo.proxysql.com/ProxySQL/proxysql-2.4.x/repo_pub_key', - 'https://github.com/rabbitmq/signing-keys/releases/download/2.0/rabbitmq-release-signing-key.asc', 'https://packages.treasuredata.com/GPG-KEY-td-agent', ] %} {% if base_arch == 'x86_64' %} {% set base_yum_repo_files = base_yum_repo_files + [ 'influxdb.repo', - 'mariadb.repo', 'rabbitmq_rabbitmq-erlang.repo', ] %} # FIXME(mgoddard): Not available for CentOS 8 yet. # 'crmsh.repo', {% set base_yum_repo_keys = base_yum_repo_keys + [ + 'https://github.com/rabbitmq/signing-keys/releases/download/2.0/rabbitmq-release-signing-key.asc', 'https://repos.influxdata.com/influxdb.key', ] %} {% elif base_arch == 'aarch64' %} - {% set base_yum_repo_files = base_yum_repo_files + [ +{# +Repo files not available for CentOS Stream 9: 'erlang-solutions.repo', - 'mariadb-aarch64.repo', + #} + {% set base_yum_repo_files = base_yum_repo_files + [ ] %} - {% set base_yum_repo_keys = base_yum_repo_keys + [ +{# +SHA1 keys are not supported in RHEL9: https://github.com/rpm-software-management/rpm/issues/1977 'https://packages.erlang-solutions.com/rpm/erlang_solutions.asc', + #} + {% set base_yum_repo_keys = base_yum_repo_keys + [ ] %} {% endif %} @@ -150,8 +160,7 @@ RUN rm -f /etc/rpm/macros.image-language-conf \ ] %} {% set base_centos_yum_repo_packages = [ - 'centos-release-ceph-pacific', - 'centos-release-nfv-extras', + 'centos-release-ceph-quincy', 'centos-release-nfv-openvswitch', 'centos-release-opstools', 'epel-release', @@ -168,20 +177,26 @@ RUN rm -f /etc/rpm/macros.image-language-conf \ # from delorean or rdo-release-* package # https://review.rdoproject.org/r/c/rdo-infra/ansible-role-dlrn/+/33241 {% set base_centos_yum_repos_to_disable = [ - 'advanced-virtualization', - 'centos-nfv-extras', - 'centos-nfv-ovs', - 'centos-ceph-pacific', + 'centos-ceph-quincy', 'centos-nfv-openvswitch', 'centos-opstools', + 'centos9-nfv-ovs', + 'centos9-opstools', + 'centos9-rabbitmq', + 'centos9-storage', 'epel', - 'epel-modular', ] %} {% if base_arch == 'x86_64' %} {% set base_centos_yum_repos_to_disable = base_centos_yum_repos_to_disable + [ 'influxdb', ] %} +{% elif base_arch == 'aarch64' %} + +{# NOTE(hrw): delorean-deps.repo may force x86-64 repos #} + +RUN sed -i -e "s/x86_64/aarch64/g" /etc/yum.repos.d/delorean-deps.repo + {% endif %} RUN {{ macros.install_packages(base_centos_yum_repo_packages | customizable("centos_yum_repo_packages"), chain=True, clean=False) }} @@ -204,9 +219,9 @@ RUN {{ macros.install_packages(base_centos_yum_repo_packages | customizable("cen {% block base_redhat_binary_versionlock %}{% endblock %} +{# NOTE(hrw): CentOS Stream 9 has curl-minimal, Rocky Linux 9 has curl so we do not install any #} {% set base_centos_packages = [ 'ca-certificates', - 'curl', 'dumb-init', 'findutils', 'hostname', diff --git a/docker/base/mariadb-aarch64.repo b/docker/base/mariadb-aarch64.repo deleted file mode 100644 index 79929e8e9b..0000000000 --- a/docker/base/mariadb-aarch64.repo +++ /dev/null @@ -1,6 +0,0 @@ -[mariadb] -name = MariaDB Server -baseurl = https://dlm.mariadb.com/repo/mariadb-server/10.6/yum/rhel/8/aarch64 -gpgcheck = 1 -enabled = 0 -module_hotfixes = 1 diff --git a/docker/base/mariadb.repo b/docker/base/mariadb.repo index 7420fcd35e..43ea786a54 100644 --- a/docker/base/mariadb.repo +++ b/docker/base/mariadb.repo @@ -1,6 +1,6 @@ [mariadb] name = MariaDB Server -baseurl = https://dlm.mariadb.com/repo/mariadb-server/10.6/yum/rhel/8/x86_64 +baseurl = https://dlm.mariadb.com/repo/mariadb-server/10.6/yum/rhel/$releasever/$basearch gpgcheck = 1 enabled = 0 module_hotfixes = 1 diff --git a/docker/base/rabbitmq_rabbitmq-erlang.repo b/docker/base/rabbitmq_rabbitmq-erlang.repo index bcb4f40f1f..59d49c4921 100644 --- a/docker/base/rabbitmq_rabbitmq-erlang.repo +++ b/docker/base/rabbitmq_rabbitmq-erlang.repo @@ -1,5 +1,6 @@ [rabbitmq_rabbitmq-erlang] name=rabbitmq_rabbitmq-erlang +# https://www.rabbitmq.com/install-rpm.html lists "el/8" for CentOS Stream 9 baseurl=https://packagecloud.io/rabbitmq/erlang/el/8/$basearch gpgcheck=1 enabled=0 diff --git a/docker/bifrost/bifrost-base/Dockerfile.j2 b/docker/bifrost/bifrost-base/Dockerfile.j2 index 9592798b2d..7c4fed9465 100644 --- a/docker/bifrost/bifrost-base/Dockerfile.j2 +++ b/docker/bifrost/bifrost-base/Dockerfile.j2 @@ -12,6 +12,12 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {# NOTE(mgoddard): EPEL required for nginx #} {{ macros.enable_extra_repos(['epel']) }} +{% set bifrost_base_packages = [ + 'cpio', +] %} + +{{ macros.install_packages(bifrost_base_packages | customizable("packages")) }} + ENV VENV /var/lib/kolla/venv {% set bifrost_base_pip_packages = [ diff --git a/docker/collectd/Dockerfile.j2 b/docker/collectd/Dockerfile.j2 index 0190b71f5b..85194cc264 100644 --- a/docker/collectd/Dockerfile.j2 +++ b/docker/collectd/Dockerfile.j2 @@ -30,12 +30,10 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build 'collectd-dbi', 'collectd-disk', 'collectd-dns', - 'collectd-generic-jmx', 'collectd-ipmi', 'collectd-log_logstash', 'collectd-logparser', 'collectd-mcelog', - 'collectd-memcachec', 'collectd-mysql', 'collectd-netlink', 'collectd-openldap', @@ -59,7 +57,6 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% if base_arch =='x86_64' %} {% set collectd_packages = collectd_packages + [ 'collectd-hugepages', - 'collectd-iptables', 'collectd-pcie-errors', 'collectd-pmu', 'collectd-rdt', diff --git a/docker/cron/Dockerfile.j2 b/docker/cron/Dockerfile.j2 index fbbd685009..860fae576a 100644 --- a/docker/cron/Dockerfile.j2 +++ b/docker/cron/Dockerfile.j2 @@ -12,6 +12,11 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build 'cronie', 'logrotate' ] %} + +# NOTE(hrw): In RHEL 9 family it is done by systemd timer, we want cron to +# handle it. +COPY logrotate /etc/cron.daily/logrotate + {% elif base_package_type == 'deb' %} {% set cron_packages = [ 'cron', diff --git a/docker/cron/extend_start.sh b/docker/cron/extend_start.sh index 7f78e8500e..3476302e14 100644 --- a/docker/cron/extend_start.sh +++ b/docker/cron/extend_start.sh @@ -3,15 +3,19 @@ CRON_LOGROTATE_CURRENT_PATH="$(find /etc/cron* -name logrotate)" CRON_LOGROTATE_CURRENT_SCHEDULE=$(echo "${CRON_LOGROTATE_CURRENT_PATH}" | sed -r 's/(.*)(hourly|daily|weekly|monthly)(.*)/\2/g') -# Pass only for hourly|daily|weekly|monthly -if [[ "${KOLLA_LOGROTATE_SCHEDULE:-undefined}" =~ hourly|daily|weekly|monthly ]]; then +if [ -z $CRON_LOGROTATE_CURRENT_PATH ]; then + echo "logrotate is not handled by cron" +else + # Pass only for hourly|daily|weekly|monthly + if [[ "${KOLLA_LOGROTATE_SCHEDULE:-undefined}" =~ hourly|daily|weekly|monthly ]]; then - CRON_LOGROTATE_DESIRED_PATH="/etc/cron.${KOLLA_LOGROTATE_SCHEDULE}/logrotate" + CRON_LOGROTATE_DESIRED_PATH="/etc/cron.${KOLLA_LOGROTATE_SCHEDULE}/logrotate" - if [[ "${CRON_LOGROTATE_CURRENT_PATH}" != "${CRON_LOGROTATE_DESIRED_PATH}" ]]; then - mv ${CRON_LOGROTATE_CURRENT_PATH} ${CRON_LOGROTATE_DESIRED_PATH} - CRON_LOGROTATE_CURRENT_SCHEDULE="${KOLLA_LOGROTATE_SCHEDULE}" + if [[ "${CRON_LOGROTATE_CURRENT_PATH}" != "${CRON_LOGROTATE_DESIRED_PATH}" ]]; then + mv ${CRON_LOGROTATE_CURRENT_PATH} ${CRON_LOGROTATE_DESIRED_PATH} + CRON_LOGROTATE_CURRENT_SCHEDULE="${KOLLA_LOGROTATE_SCHEDULE}" + fi fi -fi -echo "[i] Cron schedule for logrotate is currently set to: ${CRON_LOGROTATE_CURRENT_SCHEDULE}." + echo "[i] Cron schedule for logrotate is currently set to: ${CRON_LOGROTATE_CURRENT_SCHEDULE}." +fi diff --git a/docker/cron/logrotate b/docker/cron/logrotate new file mode 100755 index 0000000000..1ac1570016 --- /dev/null +++ b/docker/cron/logrotate @@ -0,0 +1,18 @@ +#!/bin/sh + +# skip in favour of systemd timer +if [ -d /run/systemd/system ]; then + exit 0 +fi + +# this cronjob persists removals (but not purges) +if [ ! -x /usr/sbin/logrotate ]; then + exit 0 +fi + +/usr/sbin/logrotate /etc/logrotate.conf +EXITVALUE=$? +if [ $EXITVALUE != 0 ]; then + /usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]" +fi +exit $EXITVALUE diff --git a/docker/horizon/Dockerfile.j2 b/docker/horizon/Dockerfile.j2 index 1a2352e21d..62053f88a9 100644 --- a/docker/horizon/Dockerfile.j2 +++ b/docker/horizon/Dockerfile.j2 @@ -7,7 +7,6 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% import "macros.j2" as macros with context %} -{{ macros.enable_extra_repos(['powertools']) }} {{ macros.configure_user(name='horizon') }} {% if base_package_type == 'rpm' %} diff --git a/docker/iscsid/Dockerfile.j2 b/docker/iscsid/Dockerfile.j2 index ca6e440808..091666b5f1 100644 --- a/docker/iscsid/Dockerfile.j2 +++ b/docker/iscsid/Dockerfile.j2 @@ -26,8 +26,9 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {{ macros.install_packages(iscsid_packages | customizable("packages")) }} COPY extend_start.sh /usr/local/bin/kolla_extend_start +# NOTE(hrw): CentOS Stream 9 lacks initiatorname.iscsi file RUN chmod 644 /usr/local/bin/kolla_extend_start \ - && rm /etc/iscsi/initiatorname.iscsi + && rm -f /etc/iscsi/initiatorname.iscsi {% block iscsid_footer %}{% endblock %} {% block footer %}{% endblock %} diff --git a/docker/keystone/keystone-base/Dockerfile.j2 b/docker/keystone/keystone-base/Dockerfile.j2 index fc5f814a2b..0415e0ace9 100644 --- a/docker/keystone/keystone-base/Dockerfile.j2 +++ b/docker/keystone/keystone-base/Dockerfile.j2 @@ -17,8 +17,6 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build 'openldap-devel', ] %} -RUN dnf module enable mod_auth_openidc -y - {% elif base_package_type == 'deb' %} {% set keystone_base_packages = [ 'libapache2-mod-auth-mellon', diff --git a/docker/kolla-toolbox/Dockerfile.j2 b/docker/kolla-toolbox/Dockerfile.j2 index 618bf3719d..20822738be 100644 --- a/docker/kolla-toolbox/Dockerfile.j2 +++ b/docker/kolla-toolbox/Dockerfile.j2 @@ -17,7 +17,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {{ macros.enable_extra_repos(['epel']) }} {% endif %} -{{ macros.enable_extra_repos(['erlang', 'openvswitch', 'powertools', 'rabbitmq']) }} +{{ macros.enable_extra_repos(['crb', 'erlang', 'openvswitch', 'rabbitmq']) }} {% if base_package_type == 'rpm' %} diff --git a/docker/mariadb/mariadb-server/Dockerfile.j2 b/docker/mariadb/mariadb-server/Dockerfile.j2 index d3f6d440f9..2be384f6dc 100644 --- a/docker/mariadb/mariadb-server/Dockerfile.j2 +++ b/docker/mariadb/mariadb-server/Dockerfile.j2 @@ -10,7 +10,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {{ macros.configure_user(name='mysql') }} {# NOTE(mgoddard): EPEL required for pv package #} -{{ macros.enable_extra_repos(['epel']) }} +{{ macros.enable_extra_repos(['epel', 'mariadb']) }} {% if base_package_type == 'rpm' %} {% set mariadb_packages = [ diff --git a/docker/neutron/neutron-base/extend_start.sh b/docker/neutron/neutron-base/extend_start.sh index 32108209d2..c560cedf88 100644 --- a/docker/neutron/neutron-base/extend_start.sh +++ b/docker/neutron/neutron-base/extend_start.sh @@ -6,26 +6,28 @@ fi if [[ $(stat -c %a /var/log/kolla/neutron) != "755" ]]; then chmod 755 /var/log/kolla/neutron fi -if [[ ${KOLLA_BASE_DISTRO} == "centos" ]]; then - export UPDATE_ALTERNATIVES="/usr/sbin/update-alternatives" -else - export UPDATE_ALTERNATIVES="/usr/bin/update-alternatives" -fi -# set legacy iptables to allow kernels not supporting iptables-nft -# CentOS has update-alternatives 1.13, so use --display (not --query) -if $UPDATE_ALTERNATIVES --display iptables; then - # NOTE(yoctozepto): Kolla-Ansible does not always set KOLLA_LEGACY_IPTABLES; - # the workaround below ensures it gets set to `false` in such cases to fix - # this code under `set -o nounset`. - KOLLA_LEGACY_IPTABLES=${KOLLA_LEGACY_IPTABLES-false} +# NOTE(hrw): from RHEL 9 release notes: +# "Iptables-nft and ipset are now deprecated, which included the utilities, +# iptables, ip6tables, ebtables, and arptables. These are all replaced by the +# nftables framework." +# so no need to even use u-a on RHEL 9 family as there is one provider +# (and there is no u-a for ip6tables so script fails) - if [[ $KOLLA_LEGACY_IPTABLES == "true" ]]; then - sudo $UPDATE_ALTERNATIVES --set iptables /usr/sbin/iptables-legacy - sudo $UPDATE_ALTERNATIVES --set ip6tables /usr/sbin/ip6tables-legacy - else - sudo $UPDATE_ALTERNATIVES --auto iptables - sudo $UPDATE_ALTERNATIVES --auto ip6tables +if [[ ${KOLLA_BASE_DISTRO} != "centos" ]]; then + if /usr/bin/update-alternatives --display iptables; then + # NOTE(yoctozepto): Kolla-Ansible does not always set KOLLA_LEGACY_IPTABLES; + # the workaround below ensures it gets set to `false` in such cases to fix + # this code under `set -o nounset`. + KOLLA_LEGACY_IPTABLES=${KOLLA_LEGACY_IPTABLES-false} + + if [[ $KOLLA_LEGACY_IPTABLES == "true" ]]; then + sudo /usr/bin/update-alternatives --set iptables /usr/sbin/iptables-legacy + sudo /usr/bin/update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy + else + sudo /usr/bin/update-alternatives --auto iptables + sudo /usr/bin/update-alternatives --auto ip6tables + fi fi fi diff --git a/docker/nova/nova-compute/Dockerfile.j2 b/docker/nova/nova-compute/Dockerfile.j2 index 2db11a2247..5420e93630 100644 --- a/docker/nova/nova-compute/Dockerfile.j2 +++ b/docker/nova/nova-compute/Dockerfile.j2 @@ -42,9 +42,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build ] %} {% endif %} -{{ macros.install_packages(nova_compute_packages | customizable("packages")) }} \ - && dnf remove -y linux-firmware \ - && dnf clean all +{{ macros.install_packages(nova_compute_packages | customizable("packages")) }} {% elif base_package_type == 'deb' %} diff --git a/docker/nova/nova-libvirt/Dockerfile.j2 b/docker/nova/nova-libvirt/Dockerfile.j2 index 199707b692..100b0c2d6e 100644 --- a/docker/nova/nova-libvirt/Dockerfile.j2 +++ b/docker/nova/nova-libvirt/Dockerfile.j2 @@ -25,7 +25,6 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build 'openvswitch', 'qemu-img', 'qemu-kvm', - 'trousers' ] %} {% if base_arch == 'x86_64' %} {% set nova_libvirt_packages = nova_libvirt_packages + [ diff --git a/docker/openstack-base/Dockerfile.j2 b/docker/openstack-base/Dockerfile.j2 index cd21a65b99..36d02f62f1 100644 --- a/docker/openstack-base/Dockerfile.j2 +++ b/docker/openstack-base/Dockerfile.j2 @@ -7,7 +7,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% import "macros.j2" as macros with context %} -{{ macros.enable_extra_repos(['opstools', 'powertools']) }} +{{ macros.enable_extra_repos(['crb']) }} {% if base_package_type == 'rpm' %} {% set openstack_base_packages = [ @@ -55,7 +55,6 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% endif %} -{{ macros.enable_extra_repos(['powertools']) }} {{ macros.install_packages(openstack_base_packages | customizable("packages")) }} {% set openstack_base_pip_packages = [ diff --git a/docker/prometheus/prometheus-libvirt-exporter/Dockerfile.j2 b/docker/prometheus/prometheus-libvirt-exporter/Dockerfile.j2 index d341af1e2e..0cf606ad1f 100644 --- a/docker/prometheus/prometheus-libvirt-exporter/Dockerfile.j2 +++ b/docker/prometheus/prometheus-libvirt-exporter/Dockerfile.j2 @@ -5,6 +5,8 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% import "macros.j2" as macros with context %} +{{ macros.enable_extra_repos(['crb']) }} + {% block prometheus_libvirt_exporter_header %}{% endblock %} {% if base_package_type == 'rpm' %} diff --git a/docker/rabbitmq/Dockerfile.j2 b/docker/rabbitmq/Dockerfile.j2 index 9dc7d23635..7d524df68e 100644 --- a/docker/rabbitmq/Dockerfile.j2 +++ b/docker/rabbitmq/Dockerfile.j2 @@ -14,7 +14,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {{ macros.enable_extra_repos(['epel']) }} {% endif %} -{{ macros.enable_extra_repos(['erlang', 'powertools', 'rabbitmq']) }} +{{ macros.enable_extra_repos(['crb', 'erlang', 'rabbitmq']) }} {% block rabbitmq_install %} {% if base_package_type == 'rpm' %} diff --git a/docker/vitrage/vitrage-base/Dockerfile.j2 b/docker/vitrage/vitrage-base/Dockerfile.j2 index aaa1dd55d6..d971584c26 100644 --- a/docker/vitrage/vitrage-base/Dockerfile.j2 +++ b/docker/vitrage/vitrage-base/Dockerfile.j2 @@ -7,7 +7,6 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% import "macros.j2" as macros with context %} -{{ macros.enable_extra_repos(['powertools']) }} {{ macros.configure_user(name='vitrage') }} {% if base_package_type == 'rpm' %} diff --git a/docker/watcher/watcher-base/Dockerfile.j2 b/docker/watcher/watcher-base/Dockerfile.j2 index aae288e565..7850642b7c 100644 --- a/docker/watcher/watcher-base/Dockerfile.j2 +++ b/docker/watcher/watcher-base/Dockerfile.j2 @@ -7,7 +7,6 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% import "macros.j2" as macros with context %} -{{ macros.enable_extra_repos(['powertools']) }} {{ macros.configure_user(name='watcher') }} ADD watcher-base-archive /watcher-base-source diff --git a/kolla/common/config.py b/kolla/common/config.py index 773e7c11c5..d6b5e1e0fc 100755 --- a/kolla/common/config.py +++ b/kolla/common/config.py @@ -24,22 +24,20 @@ from kolla.version import version_info as version BASE_OS_DISTRO = ['centos', 'debian', 'ubuntu'] BASE_ARCH = ['x86_64', 'aarch64'] DEFAULT_BASE_TAGS = { - 'centos': {'name': 'quay.io/centos/centos', 'tag': 'stream8'}, + 'centos': {'name': 'quay.io/centos/centos', 'tag': 'stream9'}, 'debian': {'name': 'debian', 'tag': 'bullseye'}, 'ubuntu': {'name': 'ubuntu', 'tag': '22.04'}, } # NOTE(hrw): has to match PRETTY_NAME in /etc/os-release DISTRO_PRETTY_NAME = { - 'centos': 'CentOS Stream 8', + 'centos': 'CentOS Stream 9', 'debian': 'Debian GNU/Linux 11 (bullseye)', 'ubuntu': 'Ubuntu 22.04', } OPENSTACK_RELEASE = 'master' # This is noarch repository so we will use it on all architectures -DELOREAN = "https://trunk.rdoproject.org/centos8-yoga/" \ - "consistent/delorean.repo" -DELOREAN_DEPS = "https://trunk.rdoproject.org/centos8-yoga/" \ +DELOREAN_DEPS = "https://trunk.rdoproject.org/centos9-master/" \ "delorean-deps.repo" INSTALL_TYPE_CHOICES = ['source'] @@ -270,7 +268,7 @@ _BASE_OPTS = [ help=('Set the package type of the distro. If not set then ' 'the packaging type is set to "rpm" if a RHEL based ' 'distro and "deb" if a Debian based distro.')), - cfg.ListOpt('rpm_setup_config', default=[DELOREAN, DELOREAN_DEPS], + cfg.ListOpt('rpm_setup_config', default=[DELOREAN_DEPS], help=('Comma separated list of .rpm or .repo file(s) ' 'or URL(s) to install before building containers')), cfg.StrOpt('apt_sources_list', help=('Path to custom sources.list')), diff --git a/kolla/image/build.py b/kolla/image/build.py index 25eb38a749..48e5d97315 100755 --- a/kolla/image/build.py +++ b/kolla/image/build.py @@ -87,11 +87,19 @@ UNBUILDABLE_IMAGES = { "skydive-base", # no aarch64 binary }, + # Issues for SHA1 keys: + # https://github.com/elastic/elasticsearch/issues/85876 + # https://github.com/grafana/grafana/issues/41036 'centos': { + "elasticsearch", # SHA1 gpg key + "grafana", # SHA1 gpg key "hacluster-pcs", # Missing crmsh package + "kibana", # SHA1 gpg key + "logstash", # SHA1 gpg key "nova-spicehtml5proxy", # Missing spicehtml5 package "ovsdpdk", # Not supported on CentOS - "tgtd", # Not supported on CentOS 8 + "proxysql", # no binary package + "tgtd", # Not supported on CentOS }, 'debian': { @@ -623,7 +631,7 @@ class KollaWorker(object): self.rpm_setup = self.build_rpm_setup(rpm_setup_config) if self.base in ['centos']: - self.conf.distro_python_version = "3.6" + self.conf.distro_python_version = "3.9" self.distro_package_manager = 'dnf' self.base_package_type = 'rpm' elif self.base in ['debian']: diff --git a/kolla/template/repos.yaml b/kolla/template/repos.yaml index 68f53c8260..916b35da27 100644 --- a/kolla/template/repos.yaml +++ b/kolla/template/repos.yaml @@ -1,13 +1,13 @@ --- centos: - ceph: "centos-ceph-pacific" + ceph: "centos-ceph-quincy" + crb: "crb" elasticsearch: "elasticsearch-kibana-logstash-7.x" epel: "epel" - epel-modular: "epel-modular" erlang: "rabbitmq_rabbitmq-erlang" extras: "extras" grafana: "grafana" - hacluster: "ha" + hacluster: "highavailability" haproxy: "centos-nfv-extras" influxdb: "influxdb" kibana: "elasticsearch-kibana-logstash-7.x" @@ -15,27 +15,25 @@ centos: mariadb: "mariadb" openvswitch: "centos-nfv-openvswitch" opstools: "centos-opstools" - powertools: "powertools" proxysql: "proxysql" rabbitmq: "rabbitmq_rabbitmq-server" td-agent: "treasuredata" centos-aarch64: - ceph: "centos-ceph-pacific" + ceph: "centos-ceph-quincy" + crb: "crb" elasticsearch: "elasticsearch-kibana-logstash-7.x" epel: "epel" - epel-modular: "epel-modular" erlang: "erlang-solutions" extras: "extras" grafana: "grafana" - hacluster: "ha" + hacluster: "highavailability" haproxy: "centos-nfv-extras" kibana: "elasticsearch-kibana-logstash-7.x" logstash: "elasticsearch-kibana-logstash-7.x" mariadb: "mariadb" openvswitch: "centos-nfv-openvswitch" opstools: "centos-opstools" - powertools: "powertools" proxysql: "proxysql" rabbitmq: "rabbitmq_rabbitmq-server" td-agent: "treasuredata" diff --git a/kolla/tests/test_build.py b/kolla/tests/test_build.py index ab6e374322..bf98964659 100644 --- a/kolla/tests/test_build.py +++ b/kolla/tests/test_build.py @@ -529,11 +529,10 @@ class KollaWorkerTest(base.TestCase): self.assertEqual('3.10', kolla.distro_python_version) def test_build_distro_python_version_centos(self): - """check distro_python_version for CentOS 8.0.1905""" + """check distro_python_version for CentOS Stream 9""" self.conf.set_override('base', 'centos') - self.conf.set_override('base_tag', '8.0.1905') kolla = build.KollaWorker(self.conf) - self.assertEqual('3.6', kolla.distro_python_version) + self.assertEqual('3.9', kolla.distro_python_version) def test_build_distro_package_manager(self): """check distro_package_manager conf value is taken""" diff --git a/kolla/tests/test_methods.py b/kolla/tests/test_methods.py index 16b40c17f1..d98fa8825b 100644 --- a/kolla/tests/test_methods.py +++ b/kolla/tests/test_methods.py @@ -55,7 +55,7 @@ class MethodsTest(base.TestCase): result = methods.handle_repos(template_vars, ['grafana', 'ceph'], 'enable') expectCmd = 'RUN dnf config-manager --enable grafana ' - expectCmd += '--enable centos-ceph-pacific || true' + expectCmd += '--enable centos-ceph-quincy || true' self.assertEqual(expectCmd, result) def test_enable_repos_debian(self): @@ -145,7 +145,7 @@ class MethodsTest(base.TestCase): result = methods.handle_repos(template_vars, ['grafana', 'ceph'], 'disable') expectCmd = 'RUN dnf config-manager --disable grafana ' - expectCmd += '--disable centos-ceph-pacific || true' + expectCmd += '--disable centos-ceph-quincy || true' self.assertEqual(expectCmd, result) # NOTE(hrw): there is no disabling of repos for Debian/Ubuntu diff --git a/releasenotes/notes/centos-stream-9-ec4591d83c22b509.yaml b/releasenotes/notes/centos-stream-9-ec4591d83c22b509.yaml new file mode 100644 index 0000000000..32136eca72 --- /dev/null +++ b/releasenotes/notes/centos-stream-9-ec4591d83c22b509.yaml @@ -0,0 +1,4 @@ +--- +features: + - | + CentOS Stream 9 is now used instead of CentOS Stream 8. diff --git a/tests/playbooks/pre.yml b/tests/playbooks/pre.yml index 2e8f3c8884..5a2c01c539 100644 --- a/tests/playbooks/pre.yml +++ b/tests/playbooks/pre.yml @@ -18,26 +18,24 @@ path: "{{ kolla_build_logs_dir }}" state: directory - - name: Install Python3 setuptools and family + - name: Install Python3 pip and setuptools package: name: - python3-pip - python3-setuptools - - python3-virtualenv - - python3-wheel become: true - # NOTE(hrw): On RedHat systems it is part of python3-virtualenv - - name: Install virtualenv on Debian systems + # NOTE(hrw): On RedHat systems venv is part of python3-libs + - name: Install Python3 venv on Debian systems package: name: - - virtualenv + - python3-venv become: true when: ansible_os_family == "Debian" - name: Create virtualenv - command: python3 -m virtualenv {{ virtualenv_path }} --python python3 + command: python3 -m venv {{ virtualenv_path }} - name: Install kolla command: "{{ virtualenv_path }}/bin/python -m pip install {{ zuul.project.src_dir }}" @@ -58,11 +56,11 @@ - name: Configure Docker repo for CentOS block: - - name: Add Docker YUM repository + - name: Add Docker repository yum_repository: name: docker description: Docker - baseurl: "{{ nodepool_docker_proxy }}/centos/7/$basearch/stable" + baseurl: "{{ nodepool_docker_proxy }}/centos/9/$basearch/stable" enabled: yes gpgcheck: yes gpgkey: "{{ nodepool_docker_proxy }}/centos/gpg" diff --git a/tests/templates/template_overrides.j2 b/tests/templates/template_overrides.j2 index 5112bafa7d..932917c3c4 100644 --- a/tests/templates/template_overrides.j2 +++ b/tests/templates/template_overrides.j2 @@ -23,7 +23,7 @@ RUN echo registry={{ nodepool_npmjs_proxy }} > /etc/npmrc \ RUN sed -i \ -e "s|^\(mirrorlist.*\)|#\1|" \ -e "s|^#baseurl=http://mirror.centos.org|baseurl=http://{{ nodepool_mirror_host }}|" \ - /etc/yum.repos.d/CentOS-*.repo + /etc/yum.repos.d/centos*.repo {% raw %} {% endblock %} @@ -46,7 +46,7 @@ RUN sed -i \ -e "s|^#baseurl=https://mirror.centos.org|baseurl=http://{{ nodepool_mirror_host }}|" \ -e "s|^baseurl=http://mirror.centos.org|baseurl=http://{{ nodepool_mirror_host }}|" \ -e "s|^baseurl=https://mirror.centos.org|baseurl=http://{{ nodepool_mirror_host }}|" \ - /etc/yum.repos.d/CentOS-*.repo \ + /etc/yum.repos.d/centos*.repo \ && sed -i \ -e "s|^\(metalink.*\)|#\1|" \ -e "s|^#baseurl=http://download.example/pub|baseurl=http://{{ nodepool_mirror_host }}|" \