Fix prechecks with Docker 20.10.0 and py27 job

The 'prechecks : Checking Docker version' task previously failed with Docker 20.10.0. The regex used to parse the version was returning 0.10.0, which is not above the minimum. The previous version of 19.x would have been parsed as 9.x, which is above the minimum. This change fixes the issue by matching the beginning and end of the version using \b. For Train and below additionally blacklist bandit 1.6.3 as it was improperly released as a universal wheel. [1] And also drop lower-constraints job as agreed during the PTG. [2] It started to fail. [1] PyCQA/bandit#663 [2] http://lists.openstack.org/pipermail/openstack-discuss/2020-October/018445.html Depends-On: https://review.opendev.org/766180 Change-Id: I2a23eea7effb5b9a5e73361bcd48bd2e16d1569c Closes-Bug: 1907436 Co-Authored-By: Radosław Piliszek <radoslaw.piliszek@gmail.com>
RSE-Cambridge · Dec 14, 2020 · 755b836 · 755b836
1 parent 2471a9f
commit 755b836
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 3 deletions.
diff --git a/ansible/roles/prechecks/tasks/service_checks.yml b/ansible/roles/prechecks/tasks/service_checks.yml
@@ -6,7 +6,7 @@
   changed_when: false
   when: inventory_hostname in groups['baremetal']
   failed_when: result is failed
-               or result.stdout | regex_replace('.*(\\d+\\.\\d+\\.\\d+).*', '\\1')  is version(docker_version_min, '<')
+               or result.stdout | regex_replace('.*\\b(\\d+\\.\\d+\\.\\d+)\\b.*', '\\1')  is version(docker_version_min, '<')
 
 # NOTE(mgoddard): If passwords.yml is encrypted using ansible-vault, this check
 # will pass, but only because nothing in the vault file has the format of a

diff --git a/releasenotes/notes/bug-1907436-2da50ed38d107127.yaml b/releasenotes/notes/bug-1907436-2da50ed38d107127.yaml
@@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    Fixes an issue with the ``kolla-ansible prechecks`` command with Docker
+    20.10. `LP#1907436
+    <https://bugs.launchpad.net/kolla-ansible/+bug/1907436>`__
diff --git a/test-requirements.txt b/test-requirements.txt
@@ -1,7 +1,7 @@
 # The order of packages is significant, because pip processes them in the order
 # of appearance. Changing the order has an impact on the overall integration
 # process, which may cause wedges in the gate later.
-bandit>=1.1.0 # Apache-2.0
+bandit!=1.6.3,>=1.1.0 # Apache-2.0
 bashate>=0.5.1 # Apache-2.0
 beautifulsoup4>=4.6.0 # MIT
 coverage!=4.4,>=4.0 # Apache-2.0

diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml
@@ -3,7 +3,6 @@
     templates:
       - check-requirements
       - openstack-cover-jobs
-      - openstack-lower-constraints-jobs
       - openstack-python-jobs
       - openstack-python3-train-jobs
       - publish-openstack-docs-pti