--- - name: Ensure logs directory exists file: path: '{{ workspace }}/logs' state: directory - name: Set ci_branch for building containers check jobs include_tasks: set_ci_branch.yml - name: Set facts for kolla-build.conf set_fact: push_registry: "{{ push_registry | default('127.0.0.1:8787') }}" push_containers: "{{ push_containers | default(false) | bool }}" container_config: "" - name: Set arch_tag fact set_fact: # NOTE(mjturek): Push old style tag for x86_64 first to maintain compatibility. arch_tag: "{{ '_' + ansible_architecture if ansible_architecture != 'x86_64' else ''}}" - name: Check the contents of the openstack_repo_name repo become: true shell: > set -o pipefail && cat /etc/yum.repos.d/{{ openstack_repo_name }}.repo |grep -o 'baseurl=' |wc -l register: number_baseurl_lines when: buildcontainers_version_hash is not defined - name: Use baseurl if there is only one when: - buildcontainers_version_hash is not defined - number_baseurl_lines.stdout|int == 1 block: - name: Get contents of openstack repo baseurl for the version hash become: true shell: > set -o pipefail && cat /etc/yum.repos.d/{{ openstack_repo_name }}.repo |awk -F= '/baseurl/ {print $2}' register: baseurl - name: Set version_hash fact set_fact: version_hash: "{{ baseurl.stdout.split('/')[-1] }}" - name: Use the md5sum if there is more than one baseurl line when: - buildcontainers_version_hash is not defined - number_baseurl_lines.stdout|int > 1 block: - name: Get contents of openstack repo baseurl for the version hash become: true shell: md5sum /etc/yum.repos.d/{{ openstack_repo_name }}.repo | awk '{print $1}' register: md5sum_repo - name: Set version_hash fact set_fact: version_hash: "{{ md5sum_repo.stdout }}" - name: Set version_hash fact if buildcontainers_version_hash is defined set_fact: version_hash: "{{ buildcontainers_version_hash }}" when: buildcontainers_version_hash is defined # collectd tries to disable epel and epel-modular repository, which doesn't # exist, and so fail, this is just a dummy repository so the container won't # fail. - name: Add dummy epel and epel-module repository become: true when: - ansible_pkg_mgr == "dnf" - ansible_distribution|lower == "redhat" yum_repository: name: "{{ item }}" description: Dummy epel repository file: delorean_epel_dummy baseurl: https://download.fedoraproject.org/pub/epel/$releasever/$basearch/ enabled: false with_items: - epel - epel-modular - name: grab kolla patch rhel8 when: - ansible_pkg_mgr == "dnf" - ansible_distribution|lower == "redhat" - zuul_internal is undefined shell: | set -euxo pipefail git config --global user.email "zuul@openstack.org" git config --global user.name "Zuul" git remote add upstream https://review.opendev.org/openstack/kolla git ls-remote https://review.opendev.org/openstack/kolla | \ grep -E refs/changes/[[:digit:]]+/{{ kolla_rhel8_patch[branch_override|default('master')] }}/ | \ awk '{print $2}' | \ sort -t / -k 5 -g -r | \ head -1 | \ xargs -I{} git fetch https://review.opendev.org/openstack/kolla {} && \ git checkout -b rhel8 FETCH_HEAD # Look for Kolla changes running in check queue and if present then # set the git_rebase branch as kolla change as are already clonned and # can be grabbed from zuul.ref var otherwise use master. git_rebase_branch={{ branch_override|default('master') }} {% if zuul.ref is defined and zuul.ref and zuul.pipeline in ['check', 'openstack-check'] %} found=$(git ls-remote https://review.opendev.org/openstack/kolla | grep {{ zuul.ref }} || true); echo $found; if [[ -n "$found" ]] ; then git_rebase_branch={{ zuul.ref }} fi {% endif %} git pull --rebase upstream $git_rebase_branch args: chdir: "{{ openstack_git_root }}/kolla" warn: false register: result changed_when: "'nothing to commit, working directory clean' not in result.stdout_lines" - include_tasks: venv_setup.yml when: buildcontainers_venv is defined and buildcontainers_venv - include_tasks: package_setup.yml when: buildcontainers_venv is defined and not buildcontainers_venv # TODO(aschultz): make the kolla-build branch aware - name: Generate kolla-build.conf template: src: templates/kolla-build.conf.j2 dest: "{{ workspace }}/kolla-build.conf" mode: 0644 force: true - name: Set container cli set_fact: container_cli: "{% if use_buildah|bool %}buildah{% else %}docker{% endif %}" cacheable: true - name: Set --config-file for component-ci if component_ci_containers is specified set_fact: container_config: "--config-file {{ component_ci_configs[component_ci_containers] }}" when: component_ci_containers != "" - name: build base rhel container block: - name: create docker-build dir file: path: /tmp/base-build state: directory - name: create docker-build repos dir file: path: /tmp/base-build/repos state: directory - name: Move delorean repos to base build become: true shell: cmd: | {% if zuul_internal is defined %} cp /etc/yum.repos.d/* /tmp/base-build/repos/ {% else %} cp /etc/yum.repos.d/delorean* /tmp/base-build/repos/ {% endif %} chown -R {{ ansible_user }}: /tmp/base-build/repos/* - name: render dockerfile zuul_internal when: zuul_internal is defined template: src: templates/Dockerfile_redhat.j2 dest: /tmp/base-build/Dockerfile - name: create base container with repos from rhel container shell: cmd: | set -x sudo buildah --debug bud -t {{ kolla_base_image }}:{{ kolla_base_tag }} . \ 2>&1 {{ timestamper_cmd }} > {{ workspace }}/build-rhel-base.log args: chdir: /tmp/base-build when: - ansible_distribution|lower == "redhat" - kolla_base_image is defined - kolla_base_tag is defined - name: Make sure authfile exists when: buildcontainers_authfile_path is defined block: - name: Check for authfile stat: path: '{{ buildcontainers_authfile_path }}' register: authfile_exist - name: Make sure autfile exists assert: that: - authfile_exist.stat.exists | bool - name: Generate tcib extra config file copy: dest: "{{ workspace }}/extra_config.yaml" content: | {{ tcib_extra_config | to_nice_yaml }} - name: Generate kolla building script template: src: templates/kolla-build.sh.j2 dest: "{{ workspace }}/build_containers.sh" mode: 0777 force: true when: use_kolla | default(true) - name: Generate tripleo building script template: src: templates/tripleo-build.sh.j2 dest: "{{ workspace }}/build_containers.sh" mode: 0777 force: true when: not use_kolla | default(true) - name: "Run image build as ansible user > {{ workspace }}/logs/build.log" args: chdir: '{{ workspace }}' shell: set -o pipefail && bash build_containers.sh 2>&1 {{ timestamper_cmd }} > {{ workspace }}/logs/build.log when: - ansible_distribution|lower != "redhat" - name: "Run image build as root > {{ workspace }}/logs/build.log" args: chdir: '{{ workspace }}' shell: set -o pipefail && bash build_containers.sh 2>&1 {{ timestamper_cmd }} > {{ workspace }}/logs/build.log when: - ansible_distribution|lower == "redhat" become: true # Workaround for https://bugs.launchpad.net/tripleo/+bug/1916742 as buildah is throwing warnings - name: Check if "/usr/share/containers/libpod.conf" exists. become: true stat: path=/usr/share/containers/libpod.conf register: libpod_conf_file_stat - name: "Move /usr/share/containers/libpod.conf to /usr/share/containers/libpod.conf_backup" become: true command: mv /usr/share/containers/libpod.conf /usr/share/containers/libpod.conf_backup when: libpod_conf_file_stat.stat.exists - name: Retrieve built images # noqa risky-shell-pipe shell: "{{ container_cli }} images | grep {{ container_name_prefix }} | awk '{ print $1 }'" register: built_images become: true changed_when: false - name: Retag and push x86_64 images when: - ansible_architecture == "x86_64" - push_containers | bool - not push_containers_podman | default(false) | bool block: - name: Disable HTTPS and certificates to access registry (buildah) set_fact: container_cli_opt: '--tls-verify=false' when: use_buildah | bool - name: Tag images vars: image: "{{ item }}" include: tag.yaml static: false with_items: "{{ built_images.stdout_lines }}" become: true - name: Run registry when: - job.provider_job|default(false)|bool block: - name: Run registry shell: >- $(command -v docker || command -v podman) run -d \ -e REGISTRY_HTTP_ADDR=0.0.0.0:{{ provider_registry_port }} \ -p {{ provider_registry_port }}:{{ provider_registry_port }} \ --name registry {{ container_registry_image }} changed_when: true rescue: - name: Run registry (rescue) shell: >- $(command -v docker || command -v podman) run -d \ -e REGISTRY_HTTP_ADDR=0.0.0.0:{{ provider_registry_port }} \ -p {{ provider_registry_port }}:{{ provider_registry_port }} \ --name registry quay.rdoproject.org/ceph/registry:2 changed_when: true become: true - name: Populate provider registry when: - job.provider_job|default(false)|bool block: - name: Open ports command: iptables -I INPUT -p tcp --dport 5001 -j ACCEPT changed_when: true - name: Disable HTTPS and certificates to access registry (buildah) set_fact: container_cli_opt: '--tls-verify=false' when: use_buildah | bool - name: Retag and push images to provider registry vars: image: "{{ item }}" include: provider_push.yaml static: false with_items: "{{ built_images.stdout_lines }}" become: true