From 9b5e7b6cb5cabbd452543723fbc025e0d157094b Mon Sep 17 00:00:00 2001 From: Marcin Juszkiewicz Date: Wed, 12 Oct 2022 17:58:55 +0200 Subject: [PATCH 1/3] rabbitmq: use Erlang from PPA on Debian/Ubuntu PPA from Team RabbitMQ [1] provides newer Erlang for Debian/Ubuntu. This way we have latest Erlang on both distributions and both architectures. 1. https://launchpad.net/~rabbitmq/+archive/ubuntu/rabbitmq-erlang (manual cherry-pick from master commit b40506f6dd382e1b2443dc59b918b01e2db45850) Change-Id: I6b1407cc94ffa1893dac204cf4836a7d0ae0d575 --- docker/base/Dockerfile.j2 | 6 +++--- docker/base/apt_preferences.debian | 2 +- docker/base/apt_preferences.ubuntu | 2 +- kolla/template/repos.yaml | 20 ++++++++++---------- 4 files changed, 15 insertions(+), 15 deletions(-) diff --git a/docker/base/Dockerfile.j2 b/docker/base/Dockerfile.j2 index 25229820d1..d8b5480192 100644 --- a/docker/base/Dockerfile.j2 +++ b/docker/base/Dockerfile.j2 @@ -312,9 +312,9 @@ COPY apt_preferences /etc/apt/preferences.d/kolla-custom ] %} {% set base_apt_keys = [ - {'name': 'erlang', 'keyid': 'E495BB49CC4BBE5B'}, - {'name': 'rabbitmq', 'keyid': '9F4587F226208342'}, - {'name': 'haproxy', 'keyid': 'CFFB779AADC995E4F350A060505D97A41C61B9CD'}, + {'name': 'erlang-ppa', 'keyid': 'F77F1EDA57EBB1CC'}, + {'name': 'rabbitmq', 'keyid': '9F4587F226208342'}, + {'name': 'haproxy', 'keyid': 'CFFB779AADC995E4F350A060505D97A41C61B9CD'}, ] %} {# NOTE(hrw): type field defaults to 'asc' which is used for single keys #} diff --git a/docker/base/apt_preferences.debian b/docker/base/apt_preferences.debian index 4c27082d4e..00b004072a 100644 --- a/docker/base/apt_preferences.debian +++ b/docker/base/apt_preferences.debian @@ -3,7 +3,7 @@ Pin: version 3.9.* Pin-Priority: 1000 Package: erlang* -Pin: version 1:24.* +Pin: version 1:25.* Pin-Priority: 1000 # NOTE(mgoddard): logstash 7.9.x is the last version that supports diff --git a/docker/base/apt_preferences.ubuntu b/docker/base/apt_preferences.ubuntu index 76334e51bf..d61b18bdcd 100644 --- a/docker/base/apt_preferences.ubuntu +++ b/docker/base/apt_preferences.ubuntu @@ -3,7 +3,7 @@ Pin: version 3.9.* Pin-Priority: 1000 Package: erlang* -Pin: version 1:24.* +Pin: version 1:25.* Pin-Priority: 1000 # NOTE(mgoddard): logstash 7.9.x is the last version that supports diff --git a/kolla/template/repos.yaml b/kolla/template/repos.yaml index 70d97aa9f6..9b59e1a692 100644 --- a/kolla/template/repos.yaml +++ b/kolla/template/repos.yaml @@ -47,10 +47,10 @@ debian: component: "main" gpg_key: "elasticsearch.asc" erlang: - url: "https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-erlang/deb/debian" - suite: "bullseye" + url: "https://ppa.launchpadcontent.net/rabbitmq/rabbitmq-erlang/ubuntu" + suite: "focal" component: "main" - gpg_key: "erlang.gpg" + gpg_key: "erlang-ppa.gpg" grafana: url: "https://packages.grafana.com/oss/deb" suite: "stable" @@ -99,10 +99,10 @@ debian-aarch64: component: "main" gpg_key: "elasticsearch.asc" erlang: - url: "https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-erlang/deb/debian" - suite: "bullseye" + url: "https://ppa.launchpadcontent.net/rabbitmq/rabbitmq-erlang/ubuntu" + suite: "focal" component: "main" - gpg_key: "erlang.gpg" + gpg_key: "erlang-ppa.gpg" grafana: url: "https://packages.grafana.com/oss/deb" suite: "stable" @@ -151,10 +151,10 @@ ubuntu: component: "main" gpg_key: "elasticsearch.asc" erlang: - url: "https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-erlang/deb/ubuntu" + url: "https://ppa.launchpadcontent.net/rabbitmq/rabbitmq-erlang/ubuntu" suite: "focal" component: "main" - gpg_key: "erlang.gpg" + gpg_key: "erlang-ppa.gpg" grafana: url: "https://packages.grafana.com/oss/deb" suite: "stable" @@ -208,10 +208,10 @@ ubuntu-aarch64: component: "main" gpg_key: "elasticsearch.asc" erlang: - url: "https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-erlang/deb/ubuntu" + url: "https://ppa.launchpadcontent.net/rabbitmq/rabbitmq-erlang/ubuntu" suite: "focal" component: "main" - gpg_key: "erlang.gpg" + gpg_key: "erlang-ppa.gpg" grafana: url: "https://packages.grafana.com/oss/deb" suite: "stable" From 05a316f9fb4d361b363eb8b3ffe58386d738237b Mon Sep 17 00:00:00 2001 From: Marcin Juszkiewicz Date: Wed, 19 Oct 2022 10:00:17 +0200 Subject: [PATCH 2/3] rabbitmq: bump Erlang version to 25.x We decided to ship one Erlang version for all distributions and architectures. RabbitMQ 3.9.22+ requires Erlang 24.2+ and 24.3.4.2+ is recommended due to CVE-2022-37026. Change-Id: I1eb1e1bd2bf74dbef214d458cbde13aa8c2a286f --- docker/base/apt_preferences.debian | 2 +- docker/base/apt_preferences.ubuntu | 2 +- docker/kolla-toolbox/Dockerfile.j2 | 2 +- docker/rabbitmq/Dockerfile.j2 | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docker/base/apt_preferences.debian b/docker/base/apt_preferences.debian index 4c27082d4e..00b004072a 100644 --- a/docker/base/apt_preferences.debian +++ b/docker/base/apt_preferences.debian @@ -3,7 +3,7 @@ Pin: version 3.9.* Pin-Priority: 1000 Package: erlang* -Pin: version 1:24.* +Pin: version 1:25.* Pin-Priority: 1000 # NOTE(mgoddard): logstash 7.9.x is the last version that supports diff --git a/docker/base/apt_preferences.ubuntu b/docker/base/apt_preferences.ubuntu index 76334e51bf..d61b18bdcd 100644 --- a/docker/base/apt_preferences.ubuntu +++ b/docker/base/apt_preferences.ubuntu @@ -3,7 +3,7 @@ Pin: version 3.9.* Pin-Priority: 1000 Package: erlang* -Pin: version 1:24.* +Pin: version 1:25.* Pin-Priority: 1000 # NOTE(mgoddard): logstash 7.9.x is the last version that supports diff --git a/docker/kolla-toolbox/Dockerfile.j2 b/docker/kolla-toolbox/Dockerfile.j2 index 2aa8aaed54..54147231ec 100644 --- a/docker/kolla-toolbox/Dockerfile.j2 +++ b/docker/kolla-toolbox/Dockerfile.j2 @@ -24,7 +24,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% set kolla_toolbox_packages = [ 'crudini', - 'erlang-24.*', + 'erlang-25.*', 'gcc', 'gdisk', 'git', diff --git a/docker/rabbitmq/Dockerfile.j2 b/docker/rabbitmq/Dockerfile.j2 index 0263184924..0a3180691e 100644 --- a/docker/rabbitmq/Dockerfile.j2 +++ b/docker/rabbitmq/Dockerfile.j2 @@ -20,7 +20,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% if base_package_type == 'rpm' %} {% set rabbitmq_packages = [ - 'erlang-24.*', + 'erlang-25.*', 'hostname', 'rabbitmq-server-3.9.*' ] %} From b7c886ae08997745d63b8ba0912652bc1b533ee3 Mon Sep 17 00:00:00 2001 From: Marcin Juszkiewicz Date: Mon, 17 Oct 2022 17:24:06 +0200 Subject: [PATCH 3/3] rabbitmq/aarch64: use COPR for Erlang RabbitMQ team maintains RPM package in Github repo [1]. Hrw then use it to build package using COPR service [2]. This way we have latest Erlang on both distributions and both architectures. 1. https://github.com/rabbitmq/erlang-rpm/ 2. https://copr.fedorainfracloud.org/coprs/hrw/erlang-for-rabbitmq/ (manual cherry-pick from master commit e104ef7fdcf0faf48a8f70b73a67103258004924) Change-Id: I6a6a9c3d5ffff884fc61baeafcc46ad82afc3db3 --- docker/base/Dockerfile.j2 | 2 +- docker/base/erlang-solutions.repo | 6 ------ docker/base/hrw-copr-erlang-for-rabbitmq.repo | 11 +++++++++++ kolla/template/repos.yaml | 2 +- 4 files changed, 13 insertions(+), 8 deletions(-) delete mode 100644 docker/base/erlang-solutions.repo create mode 100644 docker/base/hrw-copr-erlang-for-rabbitmq.repo diff --git a/docker/base/Dockerfile.j2 b/docker/base/Dockerfile.j2 index d8b5480192..b5e271b427 100644 --- a/docker/base/Dockerfile.j2 +++ b/docker/base/Dockerfile.j2 @@ -99,7 +99,7 @@ COPY dnf.conf /etc/dnf/dnf.conf ] %} {% elif base_arch == 'aarch64' %} {% set base_yum_repo_files = base_yum_repo_files + [ - 'erlang-solutions.repo', + 'hrw-copr-erlang-for-rabbitmq.repo', 'mariadb-aarch64.repo', ] %} diff --git a/docker/base/erlang-solutions.repo b/docker/base/erlang-solutions.repo deleted file mode 100644 index 4adbe680fc..0000000000 --- a/docker/base/erlang-solutions.repo +++ /dev/null @@ -1,6 +0,0 @@ -[erlang-solutions] -name=erlang-solutions -baseurl=https://packages.erlang-solutions.com/rpm/centos/$releasever/$basearch -gpgcheck=1 -gpgkey=https://packages.erlang-solutions.com/rpm/erlang_solutions.asc -enabled=0 diff --git a/docker/base/hrw-copr-erlang-for-rabbitmq.repo b/docker/base/hrw-copr-erlang-for-rabbitmq.repo new file mode 100644 index 0000000000..d06e114645 --- /dev/null +++ b/docker/base/hrw-copr-erlang-for-rabbitmq.repo @@ -0,0 +1,11 @@ +# NOTE(hrw): this repository contains rebuild of Erlang package from RabbitMQ team +# from https://github.com/rabbitmq/erlang-rpm/ +# Thanks to COPR we have aarch64 packages for CentOS Stream 8/9 + +[copr-hrw-erlang-for-rabbitmq] +name=Hrw's COPR with Erlang build for RabbitMQ +baseurl=https://download.copr.fedorainfracloud.org/results/hrw/erlang-for-rabbitmq/centos-stream-$releasever-$basearch/ +gpgcheck=1 +enabled=0 +gpgkey=https://download.copr.fedorainfracloud.org/results/hrw/erlang-for-rabbitmq/pubkey.gpg +repo_gpgcheck=0 diff --git a/kolla/template/repos.yaml b/kolla/template/repos.yaml index 9b59e1a692..299be04d8c 100644 --- a/kolla/template/repos.yaml +++ b/kolla/template/repos.yaml @@ -25,7 +25,7 @@ centos-aarch64: elasticsearch: "elasticsearch-kibana-logstash-7.x" epel: "epel" epel-modular: "epel-modular" - erlang: "erlang-solutions" + erlang: "copr-hrw-erlang-for-rabbitmq" extras: "extras" grafana: "grafana" hacluster: "ha"