diff --git a/.zuul.d/base.yaml b/.zuul.d/base.yaml index d630cf100e..bc88cba08b 100644 --- a/.zuul.d/base.yaml +++ b/.zuul.d/base.yaml @@ -113,7 +113,6 @@ extra-vars: kolla_logs_dir: "{{ zuul_output_dir }}/logs/kolla" kolla_build_logs_dir: "{{ kolla_logs_dir }}/build" - kolla_work_dir: "{{ kolla_logs_dir }}" virtualenv_path: "/tmp/kolla-virtualenv" - job: diff --git a/.zuul.d/debian.yaml b/.zuul.d/debian.yaml index 146884ecd9..39e89be604 100644 --- a/.zuul.d/debian.yaml +++ b/.zuul.d/debian.yaml @@ -20,6 +20,8 @@ experimental: jobs: - kolla-build-no-infra-wheels-debian-source + - kolla-ansible-debian-source-ironic: + files: ^docker\/(base|dnsmasq|ironic|ironic-inspector|iscsid|openstack-base)\/.* - job: name: kolla-build-debian-source diff --git a/docker/base/Dockerfile.j2 b/docker/base/Dockerfile.j2 index b172ac1cc9..11abeca6a9 100644 --- a/docker/base/Dockerfile.j2 +++ b/docker/base/Dockerfile.j2 @@ -322,8 +322,8 @@ COPY apt_preferences /etc/apt/preferences.d/kolla-custom ] %} {% set base_apt_keys = [ - {'name': 'erlang', 'keyid': 'F77F1EDA57EBB1CC'}, - {'name': 'rabbitmq', 'keyid': 'F6609E60DC62814E'}, + {'name': 'erlang', 'keyid': 'E495BB49CC4BBE5B'}, + {'name': 'rabbitmq', 'keyid': '9F4587F226208342'}, {'name': 'haproxy', 'keyid': 'CFFB779AADC995E4F350A060505D97A41C61B9CD'}, ] %} diff --git a/docker/base/apt_preferences.debian b/docker/base/apt_preferences.debian index 0ccc2e0167..62b5805054 100644 --- a/docker/base/apt_preferences.debian +++ b/docker/base/apt_preferences.debian @@ -22,3 +22,8 @@ Pin-Priority: -1000 Package: openvswitch* python3-openvswitch ovn-* Pin: release n=bullseye-backports Pin-Priority: 1024 + +# NOTE(hrw): Debian OpenStack Team repo has some backports we do not want +Package: git* +Pin: release n=bullseye +Pin-Priority: 1024 diff --git a/docker/base/healthcheck_curl b/docker/base/healthcheck_curl index 2ef8538bac..6df232fe89 100755 --- a/docker/base/healthcheck_curl +++ b/docker/base/healthcheck_curl @@ -5,7 +5,7 @@ : ${HEALTHCHECK_CURL_OUTPUT:='/dev/null'} export NSS_SDB_USE_CACHE=no -curl -g -k -q -s -S --fail -o "${HEALTHCHECK_CURL_OUTPUT}" \ +curl -q -g -k -s -S --fail -o "${HEALTHCHECK_CURL_OUTPUT}" \ --max-time "${HEALTHCHECK_CURL_MAX_TIME}" \ --user-agent "${HEALTHCHECK_CURL_USER_AGENT}" \ --write-out "${HEALTHCHECK_CURL_WRITE_OUT}" \ diff --git a/docker/base/set_configs.py b/docker/base/set_configs.py index e624f29ba8..1d1fc48aec 100644 --- a/docker/base/set_configs.py +++ b/docker/base/set_configs.py @@ -120,6 +120,7 @@ def _set_properties(self, source, dest): self._set_properties_from_conf(dest) def _set_properties_from_file(self, source, dest): + LOG.info('Copying permissions from %s onto %s', source, dest) shutil.copystat(source, dest) stat = os.stat(source) os.chown(dest, stat.st_uid, stat.st_gid) diff --git a/docker/bifrost/bifrost-base/Dockerfile.j2 b/docker/bifrost/bifrost-base/Dockerfile.j2 index e05d80218a..93282fb03f 100644 --- a/docker/bifrost/bifrost-base/Dockerfile.j2 +++ b/docker/bifrost/bifrost-base/Dockerfile.j2 @@ -40,8 +40,13 @@ RUN apt-get update && \ {%- else %} RUN echo " " && \ {%- endif %} - bash -c './scripts/env-setup.sh && \ + bash -c 'TOX_CONSTRAINTS_FILE=/requirements/upper-constraints.txt ./scripts/env-setup.sh && \ ansible-playbook -vvvv -i /bifrost/playbooks/inventory/target /bifrost/playbooks/install.yaml \ +{%- if base_distro == 'centos' %} +{# NOTE(mmalchuk): since DIB drop Python3.6 support we need to build DIB from #} +{# the latest supported stable tag until we move to CentOS9 #} + -e dib_git_branch="3.21.1" \ +{%- endif %} -e @/tmp/build_arg.yml && \ {%- if base_package_type == 'deb' %} apt-get clean && rm -rf /var/lib/apt/lists/*' diff --git a/docker/cloudkitty/cloudkitty-api/Dockerfile.j2 b/docker/cloudkitty/cloudkitty-api/Dockerfile.j2 index 4932c8a30b..f49f43ecbb 100644 --- a/docker/cloudkitty/cloudkitty-api/Dockerfile.j2 +++ b/docker/cloudkitty/cloudkitty-api/Dockerfile.j2 @@ -13,8 +13,6 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% set cloudkitty_api_packages = [ 'openstack-cloudkitty-api' ] %} -{{ macros.install_packages(cloudkitty_api_packages | customizable("packages")) }} - {% elif base_package_type == 'deb' %} {% set cloudkitty_api_packages = [ @@ -23,12 +21,12 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% endif %} {% elif install_type == 'source' %} - {% set cloudkitty_api_packages = [ ] %} -{{ macros.install_packages(cloudkitty_api_packages | customizable("packages")) }} {% endif %} +{{ macros.install_packages(cloudkitty_api_packages | customizable("packages")) }} + COPY extend_start.sh /usr/local/bin/kolla_cloudkitty_extend_start RUN chmod 755 /usr/local/bin/kolla_cloudkitty_extend_start diff --git a/docker/elasticsearch/elasticsearch/Dockerfile.j2 b/docker/elasticsearch/elasticsearch/Dockerfile.j2 index d09a0d8175..5633ce6d32 100644 --- a/docker/elasticsearch/elasticsearch/Dockerfile.j2 +++ b/docker/elasticsearch/elasticsearch/Dockerfile.j2 @@ -12,8 +12,12 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {{ macros.enable_extra_repos(['elasticsearch']) }} {% if base_package_type == 'rpm' %} + +# NOTE(hrw): post-install script of elasticsearch fails when trying to +# install elasticsearch and java together. +{{ macros.install_packages(['java-11-openjdk-headless']) }} + {% set elasticsearch_packages = [ - 'java-11-openjdk-headless', 'elasticsearch-oss', ] %} diff --git a/docker/macros.j2 b/docker/macros.j2 index 61e3edce16..f39286e283 100644 --- a/docker/macros.j2 +++ b/docker/macros.j2 @@ -34,7 +34,7 @@ {% macro install_pip(packages, constraints = true) %} {%- if packages is sequence and packages|length > 0 -%} - python3 -m pip --no-cache-dir install --upgrade{{ ' ' }} + SETUPTOOLS_USE_DISTUTILS=stdlib python3 -m pip --no-cache-dir install --upgrade{{ ' ' }} {%- if constraints %}-c /requirements/upper-constraints.txt {% endif -%} {{ packages | join(' ') }} {%- else -%} diff --git a/docker/manila/manila-share/Dockerfile.j2 b/docker/manila/manila-share/Dockerfile.j2 index 04ddbf4ec5..68e8534557 100644 --- a/docker/manila/manila-share/Dockerfile.j2 +++ b/docker/manila/manila-share/Dockerfile.j2 @@ -22,6 +22,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% set manila_share_packages = [ 'manila-share', 'ceph-common', + 'glusterfs-client', 'python3-cephfs', 'python3-rados', 'python3-rbd', @@ -42,6 +43,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% elif base_package_type == 'deb' %} {% set manila_share_packages = [ 'ceph-common', + 'glusterfs-client', 'python3-cephfs', 'python3-rados', 'python3-rbd', diff --git a/docker/masakari/masakari-monitors/Dockerfile.j2 b/docker/masakari/masakari-monitors/Dockerfile.j2 index 62da6fcfe0..0a9c2d1739 100644 --- a/docker/masakari/masakari-monitors/Dockerfile.j2 +++ b/docker/masakari/masakari-monitors/Dockerfile.j2 @@ -20,10 +20,12 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% elif base_package_type == 'deb' %} {% set masakari_base_packages = [ + 'libsasl2-modules-gssapi-mit', 'masakari-host-monitor', 'masakari-instance-monitor', 'masakari-introspective-instance-monitor', 'masakari-process-monitor', + 'sasl2-bin', ] %} {% endif %} @@ -35,6 +37,8 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% if base_package_type == 'rpm' %} {% set masakari_monitors_packages = [ + 'cyrus-sasl-md5', + 'cyrus-sasl-scram', 'python3-libvirt', 'pacemaker-cli', 'tcpdump', @@ -43,8 +47,10 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% elif base_package_type == 'deb' %} {% set masakari_monitors_packages = [ + 'libsasl2-modules-gssapi-mit', 'python3-libvirt', 'pacemaker-cli-utils', + 'sasl2-bin', 'tcpdump', ] %} diff --git a/docker/nova/nova-compute/Dockerfile.j2 b/docker/nova/nova-compute/Dockerfile.j2 index 8c0df7fd4d..6a10e66272 100644 --- a/docker/nova/nova-compute/Dockerfile.j2 +++ b/docker/nova/nova-compute/Dockerfile.j2 @@ -14,6 +14,8 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% set nova_compute_packages = [ 'ceph-common', + 'cyrus-sasl-md5', + 'cyrus-sasl-scram', 'device-mapper-multipath', 'e2fsprogs', 'genisoimage', @@ -50,6 +52,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build 'e2fsprogs', 'genisoimage', 'ironic-common', + 'libsasl2-modules-gssapi-mit', 'multipath-tools', 'nfs-common', 'nova-compute', @@ -65,6 +68,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build 'python3-rados', 'python3-rbd', 'python3-rtslib-fb', + 'sasl2-bin', 'sysfsutils', 'targetcli-fb', 'xfsprogs' @@ -88,6 +92,8 @@ RUN rm -f /etc/nova/nova-compute.conf {% set nova_compute_packages = [ 'ceph-common', + 'cyrus-sasl-md5', + 'cyrus-sasl-scram', 'device-mapper-multipath', 'dosfstools', 'e2fsprogs', @@ -127,6 +133,7 @@ RUN rm -f /etc/nova/nova-compute.conf 'e2fsprogs', 'genisoimage', 'libosinfo-bin', + 'libsasl2-modules-gssapi-mit', 'multipath-tools', 'nfs-common', 'nvme-cli', @@ -140,6 +147,7 @@ RUN rm -f /etc/nova/nova-compute.conf 'python3-rbd', 'python3-rtslib-fb', 'qemu-utils', + 'sasl2-bin', 'sysfsutils', 'targetcli-fb', 'xfsprogs' diff --git a/docker/nova/nova-libvirt/Dockerfile.j2 b/docker/nova/nova-libvirt/Dockerfile.j2 index e6da29880c..db3a43885f 100644 --- a/docker/nova/nova-libvirt/Dockerfile.j2 +++ b/docker/nova/nova-libvirt/Dockerfile.j2 @@ -15,6 +15,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% set nova_libvirt_packages = [ 'ceph-common', + 'cyrus-sasl-md5', 'cyrus-sasl-scram', 'libguestfs', 'libvirt-client', @@ -41,6 +42,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% set nova_libvirt_packages = [ 'ceph-common', 'ebtables', + 'libsasl2-modules-gssapi-mit', 'libvirt-clients', 'libvirt-daemon-system', 'openvswitch-switch', @@ -51,6 +53,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build 'qemu-block-extra', 'qemu-system', 'qemu-utils', + 'sasl2-bin', 'trousers' ] %} diff --git a/docker/prometheus/prometheus-libvirt-exporter/Dockerfile.j2 b/docker/prometheus/prometheus-libvirt-exporter/Dockerfile.j2 new file mode 100644 index 0000000000..80e4028fe7 --- /dev/null +++ b/docker/prometheus/prometheus-libvirt-exporter/Dockerfile.j2 @@ -0,0 +1,47 @@ +FROM {{ namespace }}/{{ infra_image_prefix }}prometheus-base:{{ tag }} +{% block labels %} +LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build_date }}" +{% endblock %} + +{% import "macros.j2" as macros with context %} + +{% block prometheus_libvirt_exporter_header %}{% endblock %} + +{% if base_package_type == 'rpm' %} + {% set prometheus_libvirt_exporter_packages = [ + 'git', + 'go', + 'libvirt-devel', + ] %} +{% elif base_package_type == 'deb' %} + {% set prometheus_libvirt_exporter_packages = [ + 'build-essential', + 'git', + 'golang-go', + 'libvirt-dev', + 'pkg-config', + ] %} +{% endif %} + +{{ macros.install_packages(prometheus_libvirt_exporter_packages | customizable("packages")) }} + +{% block prometheus_libvirt_exporter_version %} +ARG prometheus_libvirt_exporter_version=2.3.0 +ARG prometheus_libvirt_exporter_path=github.com/AlexZzz/libvirt-exporter +{% endblock %} + +{% block prometheus_libvirt_exporter_install %} +ENV GOPATH=/build +RUN go mod init libvirt-exporter \ + && cd ${GOPATH} \ + && go get -v ${prometheus_libvirt_exporter_path}@${prometheus_libvirt_exporter_version} \ + && go build ${prometheus_libvirt_exporter_path} \ + && mv /build/libvirt-exporter /opt \ + && rm -rf /build + +{% endblock %} + +{% block prometheus_libvirt_exporter_footer %}{% endblock %} +{% block footer %}{% endblock %} + +USER root diff --git a/kolla/common/config.py b/kolla/common/config.py index f53d664bc2..cd449a93b3 100755 --- a/kolla/common/config.py +++ b/kolla/common/config.py @@ -249,7 +249,9 @@ cfg.BoolOpt('summary', default=True, help='Show summary at the end of build'), cfg.BoolOpt('infra-rename', default=False, - help='Rename infrastructure images to infra') + help='Rename infrastructure images to infra'), + cfg.StrOpt('repos-yaml', default='', + help='Path to alternative repos.yaml file'), ] _BASE_OPTS = [ diff --git a/kolla/common/utils.py b/kolla/common/utils.py index 9cd8ecca9d..0729127284 100644 --- a/kolla/common/utils.py +++ b/kolla/common/utils.py @@ -21,21 +21,33 @@ def make_a_logger(conf=None, image_name=None): log = logging.getLogger(".".join([__name__, image_name])) else: log = logging.getLogger(__name__) + + if conf is not None and conf.debug: + loglevel = logging.DEBUG + else: + loglevel = logging.INFO + if not log.handlers: - if conf is None or not conf.logs_dir or not image_name: - handler = logging.StreamHandler(sys.stderr) - log.propagate = False + stream_handler = logging.StreamHandler(sys.stderr) + stream_handler.setFormatter(logging.Formatter(logging.BASIC_FORMAT)) + # NOTE(hrw): quiet mode matters only on console + if conf is not None and conf.quiet: + stream_handler.setLevel(logging.CRITICAL) else: + stream_handler.setLevel(loglevel) + log.addHandler(stream_handler) + log.propagate = False + + if conf is not None and conf.logs_dir and image_name: filename = os.path.join(conf.logs_dir, "%s.log" % image_name) handler = logging.FileHandler(filename, delay=True) - handler.setFormatter(logging.Formatter(logging.BASIC_FORMAT)) - log.addHandler(handler) - if conf is not None and conf.debug: - log.setLevel(logging.DEBUG) - elif conf is not None and conf.quiet and image_name: - log.setLevel(logging.CRITICAL) - else: - log.setLevel(logging.INFO) + # NOTE(hrw): logfile will be INFO or DEBUG + handler.setLevel(loglevel) + handler.setFormatter(logging.Formatter(logging.BASIC_FORMAT)) + log.addHandler(handler) + + # NOTE(hrw): needs to be high, handlers have own levels + log.setLevel(logging.DEBUG) return log diff --git a/kolla/image/build.py b/kolla/image/build.py index 9135625f8c..45383535d6 100755 --- a/kolla/image/build.py +++ b/kolla/image/build.py @@ -144,6 +144,7 @@ class Status(Enum): }, 'ubuntu+binary': { + "cloudkitty-base", # no binary packages in UCA "senlin-conductor", # no binary package "senlin-health-manager", # no binary package "tacker-base", @@ -365,6 +366,15 @@ def followups(self): def process_source(self, image, source): dest_archive = os.path.join(image.path, source['name'] + '-archive') + # NOTE(mgoddard): Change ownership of files to root:root. This + # avoids an issue introduced by the fix for git CVE-2022-24765, + # which breaks PBR when the source checkout is not owned by the + # user installing it. LP#1969096 + def reset_userinfo(tarinfo): + tarinfo.uid = tarinfo.gid = 0 + tarinfo.uname = tarinfo.gname = "root" + return tarinfo + if source.get('type') == 'url': self.logger.debug("Getting archive from %s", source['source']) try: @@ -410,7 +420,8 @@ def process_source(self, image, source): return with tarfile.open(dest_archive, 'w') as tar: - tar.add(clone_dir, arcname=os.path.basename(clone_dir)) + tar.add(clone_dir, arcname=os.path.basename(clone_dir), + filter=reset_userinfo) elif source.get('type') == 'local': self.logger.debug("Getting local archive from %s", @@ -418,7 +429,8 @@ def process_source(self, image, source): if os.path.isdir(source['source']): with tarfile.open(dest_archive, 'w') as tar: tar.add(source['source'], - arcname=os.path.basename(source['source'])) + arcname=os.path.basename(source['source']), + filter=reset_userinfo) else: shutil.copyfile(source['source'], dest_archive) @@ -642,6 +654,7 @@ def __init__(self, conf): self.base_tag = conf.base_tag self.install_type = conf.install_type self.tag = conf.tag + self.repos_yaml = conf.repos_yaml self.base_arch = conf.base_arch self.debian_arch = self.base_arch if self.base_arch == 'aarch64': @@ -868,6 +881,7 @@ def create_dockerfiles(self): 'base_image': self.conf.base_image, 'base_distro_tag': self.base_tag, 'base_arch': self.base_arch, + 'repos_yaml': self.repos_yaml, 'use_dumb_init': self.use_dumb_init, 'base_package_type': self.base_package_type, 'debian_arch': self.debian_arch, diff --git a/kolla/template/filters.py b/kolla/template/filters.py index 49708ee3fc..f2fbc6e145 100644 --- a/kolla/template/filters.py +++ b/kolla/template/filters.py @@ -12,11 +12,16 @@ # See the License for the specific language governing permissions and # limitations under the License. -from jinja2 import contextfilter +# NOTE: jinja2 3.1.0 dropped contextfilter in favour of pass_context. +try: + from jinja2 import pass_context +except ImportError: + from jinja2 import contextfilter as pass_context + from jinja2 import Undefined -@contextfilter +@pass_context def customizable(context, val_list, call_type): # NOTE(mgoddard): Don't try to customise undefined values. There are cases # where this might happen, for example using a generic template overrides diff --git a/kolla/template/methods.py b/kolla/template/methods.py index 420a70306b..10a28cd0ed 100644 --- a/kolla/template/methods.py +++ b/kolla/template/methods.py @@ -15,7 +15,11 @@ import os import yaml -from jinja2 import contextfunction +# NOTE: jinja2 3.1.0 dropped contextfilter in favour of pass_context. +try: + from jinja2 import pass_context +except ImportError: + from jinja2 import contextfilter as pass_context def debian_package_install(packages, clean_package_cache=True): @@ -49,7 +53,7 @@ def debian_package_install(packages, clean_package_cache=True): # handle the apt-get install if reg_packages: - cmds.append('apt-get update') + cmds.append('apt-get --error-on=any update') cmds.append('apt-get -y install --no-install-recommends {}'.format( ' '.join(reg_packages) )) @@ -71,7 +75,7 @@ def debian_package_install(packages, clean_package_cache=True): return ' && '.join(cmds) -@contextfunction +@pass_context def handle_repos(context, reponames, mode): """NOTE(hrw): we need to handle CentOS, Debian and Ubuntu with one macro. @@ -91,7 +95,11 @@ def handle_repos(context, reponames, mode): if not isinstance(reponames, list): raise TypeError("First argument should be a list of repositories") - repofile = os.path.dirname(os.path.realpath(__file__)) + '/repos.yaml' + if context.get('repos_yaml'): + repofile = context.get('repos_yaml') + else: + repofile = os.path.dirname(os.path.realpath(__file__)) + '/repos.yaml' + with open(repofile, 'r') as repos_file: repo_data = {} for name, params in yaml.safe_load(repos_file).items(): diff --git a/kolla/template/repos.yaml b/kolla/template/repos.yaml index 1afb87f200..b75f13038d 100644 --- a/kolla/template/repos.yaml +++ b/kolla/template/repos.yaml @@ -49,9 +49,8 @@ debian: component: "main" gpg_key: "elasticsearch.asc" erlang: - # NOTE(mnasiadka): Erlang repo - Debian Buster/Bullseye needs to use bionic as per RabbitMQ docs - url: "http://ppa.launchpad.net/rabbitmq/rabbitmq-erlang/ubuntu" - suite: "bionic" + url: "https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-erlang/deb/debian" + suite: "bullseye" component: "main" gpg_key: "erlang.gpg" grafana: @@ -80,7 +79,7 @@ debian: component: "main" gpg_key: "mariadb.gpg" rabbitmq: - url: "https://packagecloud.io/rabbitmq/rabbitmq-server/debian/" + url: "https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-server/deb/debian" suite: "bullseye" component: "main" gpg_key: "rabbitmq.gpg" @@ -102,9 +101,8 @@ debian-aarch64: component: "main" gpg_key: "elasticsearch.asc" erlang: - # NOTE(mnasiadka): Erlang repo - Debian Buster/Bullseye needs to use bionic as per RabbitMQ docs - url: "http://ppa.launchpad.net/rabbitmq/rabbitmq-erlang/ubuntu" - suite: "bionic" + url: "https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-erlang/deb/debian" + suite: "bullseye" component: "main" gpg_key: "erlang.gpg" grafana: @@ -133,7 +131,7 @@ debian-aarch64: component: "main" gpg_key: "mariadb.gpg" rabbitmq: - url: "https://packagecloud.io/rabbitmq/rabbitmq-server/debian/" + url: "https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-server/deb/debian" suite: "bullseye" component: "main" gpg_key: "rabbitmq.gpg" @@ -155,7 +153,7 @@ ubuntu: component: "main" gpg_key: "elasticsearch.asc" erlang: - url: "http://ppa.launchpad.net/rabbitmq/rabbitmq-erlang/ubuntu" + url: "https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-erlang/deb/ubuntu" suite: "focal" component: "main" gpg_key: "erlang.gpg" @@ -190,7 +188,7 @@ ubuntu: component: "main" gpg_key: "mariadb.gpg" rabbitmq: - url: "https://packagecloud.io/rabbitmq/rabbitmq-server/ubuntu/" + url: "https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-server/deb/ubuntu" suite: "focal" component: "main" gpg_key: "rabbitmq.gpg" @@ -212,7 +210,7 @@ ubuntu-aarch64: component: "main" gpg_key: "elasticsearch.asc" erlang: - url: "http://ppa.launchpad.net/rabbitmq/rabbitmq-erlang/ubuntu" + url: "https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-erlang/deb/ubuntu" suite: "focal" component: "main" gpg_key: "erlang.gpg" @@ -242,7 +240,7 @@ ubuntu-aarch64: component: "main" gpg_key: "mariadb.gpg" rabbitmq: - url: "https://packagecloud.io/rabbitmq/rabbitmq-server/ubuntu/" + url: "https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-server/deb/ubuntu" suite: "focal" component: "main" gpg_key: "rabbitmq.gpg" diff --git a/releasenotes/notes/add-prometheus-libvirt-exporter-8d505dc8b74f8625.yaml b/releasenotes/notes/add-prometheus-libvirt-exporter-8d505dc8b74f8625.yaml new file mode 100644 index 0000000000..2f85a5b94d --- /dev/null +++ b/releasenotes/notes/add-prometheus-libvirt-exporter-8d505dc8b74f8625.yaml @@ -0,0 +1,4 @@ +--- +features: + - Added a container image for Prometheus libvirt exporter, to be used + for monitoring deployments which provide VMs with libvirt. diff --git a/releasenotes/notes/apt-get-update-fatal-ed2bcc5c1d93c082.yaml b/releasenotes/notes/apt-get-update-fatal-ed2bcc5c1d93c082.yaml new file mode 100644 index 0000000000..395c8936bd --- /dev/null +++ b/releasenotes/notes/apt-get-update-fatal-ed2bcc5c1d93c082.yaml @@ -0,0 +1,10 @@ +--- +fixes: + - | + The ``apt-get update`` command by default didn't fail on erroneous source + repositories, it show the warning 'W: Some index files failed to download. + They have been ignored, or old ones used instead.' and continue to work. + This causes some containers (eg. rabbitmq, kolla-toolbox) successfully + built, but makes them inconsistent because the official Ubuntu repository + contains packages with the same names. Now we use ``apt-get -eany update`` + command to stop building with an error in such cases. diff --git a/releasenotes/notes/bug-1964140-57b433329bab067e.yaml b/releasenotes/notes/bug-1964140-57b433329bab067e.yaml new file mode 100644 index 0000000000..8869ab6420 --- /dev/null +++ b/releasenotes/notes/bug-1964140-57b433329bab067e.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Installs ``glusterfs-client`` in Debian and Ubuntu ``manila-share`` images + to support GlusterFS across supported distributions. + `LP#1964140 `__ diff --git a/releasenotes/notes/git-security-fix-fix-ea56c0071585237d.yaml b/releasenotes/notes/git-security-fix-fix-ea56c0071585237d.yaml new file mode 100644 index 0000000000..a168f5d619 --- /dev/null +++ b/releasenotes/notes/git-security-fix-fix-ea56c0071585237d.yaml @@ -0,0 +1,9 @@ +--- +fixes: + - | + Fixes an issue building images that use a source with a ``type`` of + ``git``, when using a git that includes the fix for `CVE-2022-24765 + `__ (2.35.2 + or later). By default, this includes the ``gnocchi-base`` image, but may + include other images with a non-default configuration. `LP#837710 + `__ diff --git a/releasenotes/notes/healthcheck-curl-disable-curlrc-0f85aad47379e2a5.yaml b/releasenotes/notes/healthcheck-curl-disable-curlrc-0f85aad47379e2a5.yaml new file mode 100644 index 0000000000..c1c00d6ce5 --- /dev/null +++ b/releasenotes/notes/healthcheck-curl-disable-curlrc-0f85aad47379e2a5.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Fixes disabling the use of the ``curlrc`` configuration file in + ``healthcheck_curl``. `LP#1967272 `__ diff --git a/releasenotes/notes/jinja2-pass-context-3f3febcd944e3a51.yaml b/releasenotes/notes/jinja2-pass-context-3f3febcd944e3a51.yaml new file mode 100644 index 0000000000..3a7ecc729c --- /dev/null +++ b/releasenotes/notes/jinja2-pass-context-3f3febcd944e3a51.yaml @@ -0,0 +1,4 @@ +--- +fixes: + - | + Fixes an issue seen when using Jinja2 3.1.0. diff --git a/releasenotes/notes/libvirt-sasl-07a8a1a25d2450c6.yaml b/releasenotes/notes/libvirt-sasl-07a8a1a25d2450c6.yaml new file mode 100644 index 0000000000..e88bc0d922 --- /dev/null +++ b/releasenotes/notes/libvirt-sasl-07a8a1a25d2450c6.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + Adds Cyrus SASL packages necessary for the DIGEST-MD5 and SCRAM-SHA-256 + mechanisms. These can be used for libvirt SASL authentication. + `LP#1964013 `__ diff --git a/releasenotes/notes/quiet-mode-with-logs-0abafc07923945ac.yaml b/releasenotes/notes/quiet-mode-with-logs-0abafc07923945ac.yaml new file mode 100644 index 0000000000..1b8e67855a --- /dev/null +++ b/releasenotes/notes/quiet-mode-with-logs-0abafc07923945ac.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + Quiet mode (enabled with ``--quiet`` argument) can be combined with + ``--logs-dir`` option now. Console output will be quiet as expected while + building output will be stored in separate log files. diff --git a/releasenotes/notes/rabbitmq-erlang-cloudsmith-c837bf4a450dd802.yaml b/releasenotes/notes/rabbitmq-erlang-cloudsmith-c837bf4a450dd802.yaml new file mode 100644 index 0000000000..b87bf97632 --- /dev/null +++ b/releasenotes/notes/rabbitmq-erlang-cloudsmith-c837bf4a450dd802.yaml @@ -0,0 +1,10 @@ +--- +fixes: + - | + Fixes the Debian and Ubuntu images to use rabbitmq and erlang from + cloudsmith so that the images are still buildable and use proper versions. +upgrade: + - | + The Debian and Ubuntu images use rabbitmq and erlang from cloudsmith now. + Operators might want to mirror/proxy this new source as it provides the + correct set of packages unlike the previous combination. diff --git a/releasenotes/notes/user-provided-repos.yaml-d6e8583e9d9d01ef.yaml b/releasenotes/notes/user-provided-repos.yaml-d6e8583e9d9d01ef.yaml new file mode 100644 index 0000000000..98e41ec3f7 --- /dev/null +++ b/releasenotes/notes/user-provided-repos.yaml-d6e8583e9d9d01ef.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + Added an `--repos-yaml` argument to allow user to provide own file with + definitions of external package repositories. Useful for those building + in offline environments with set of internal mirrors. diff --git a/tests/playbooks/run.yml b/tests/playbooks/run.yml index 0142c08070..a9e6db843a 100644 --- a/tests/playbooks/run.yml +++ b/tests/playbooks/run.yml @@ -8,13 +8,13 @@ DEFAULT: debug: true logs_dir: "{{ kolla_build_logs_dir }}" + quiet: true base: "{{ base_distro }}" install_type: "{{ install_type }}" template_override: /etc/kolla/template_overrides.j2 # NOTE(yoctozepto): to avoid issues with IPv6 not enabled in the docker daemon # and since we don't need isolated networks here, use host networking network_mode: host - work_dir: "{{ kolla_work_dir }}" tasks: - name: Ensure /etc/kolla exists file: