From efde94c3f69b56d396075def5ba0d8fdab5c8e17 Mon Sep 17 00:00:00 2001 From: Michal Nasiadka Date: Wed, 25 Jan 2023 16:43:25 +0100 Subject: [PATCH 1/3] Add util-linux to centos base packages Currently /usr/sbin/nologin is missing, because util-linux is not installed in the image. Change-Id: I717b4f2215054ef9135a1ac252ed26820bdcb1aa (cherry picked from commit 1371e4fc5b9d3d55f5bb48540753f740f1d1af02) (cherry picked from commit 055cbf6876216d63f3f3cb8f3460d2409f9855d5) --- docker/base/Dockerfile.j2 | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/docker/base/Dockerfile.j2 b/docker/base/Dockerfile.j2 index 80e6c8747d..2b299a0d64 100644 --- a/docker/base/Dockerfile.j2 +++ b/docker/base/Dockerfile.j2 @@ -17,15 +17,6 @@ COPY curlrc /root/.curlrc ENV LANG en_US.UTF-8 {% endblock %} -{# NOTE(SamYaple): Avoid uid/gid conflicts by creating each user/group up front. #} -{# Specifics required such as homedir or shell are configured within the service specific image #} -{%- for name, user in users | dictsort() %} -{% if loop.first -%}RUN {% else %} && {% endif -%} - groupadd --gid {{ user.gid }} {{ user.group }} \ - && useradd -l -M --shell /usr/sbin/nologin --uid {{ user.uid }} --gid {{ user.gid }} {{ name }} - {%- if not loop.last %} \{% endif -%} -{%- endfor %} - LABEL kolla_version="{{ kolla_version }}" {% import "macros.j2" as macros with context %} @@ -223,6 +214,7 @@ RUN {{ macros.install_packages(base_centos_yum_repo_packages | customizable("cen 'socat', 'sudo', 'tar', + 'util-linux', 'util-linux-user', 'which' ] %} @@ -358,6 +350,15 @@ RUN apt-get update \ {# endif base_package_type deb #} {% endif %} +{# NOTE(SamYaple): Avoid uid/gid conflicts by creating each user/group up front. #} +{# Specifics required such as homedir or shell are configured within the service specific image #} +{%- for name, user in users | dictsort() %} +{% if loop.first -%}RUN {% else %} && {% endif -%} + groupadd --gid {{ user.gid }} {{ user.group }} \ + && useradd -l -M --shell /usr/sbin/nologin --uid {{ user.uid }} --gid {{ user.gid }} {{ name }} + {%- if not loop.last %} \{% endif -%} +{%- endfor %} + {% if base_distro == 'centos' %} RUN sed -ri '/-session(\s+)optional(\s+)pam_systemd.so/d' /etc/pam.d/system-auth \ && sed -ri '/^[^#]/ s/systemd//g' /etc/nsswitch.conf From 73e4461bd25231dfcd40296e13bf5785b41d801c Mon Sep 17 00:00:00 2001 From: Michal Nasiadka Date: Thu, 2 Feb 2023 14:40:18 +0100 Subject: [PATCH 2/3] CI: Install Apparmor Docker 23.* is out and it started failing with apparmor_parser related messages - it seems apparmor is missing in the OpenDev image. Change-Id: I2a6d98e3c1d2d1b7c97a8e6172decbf56e77042d (cherry picked from commit 16f27c549660c4c27e3f440578ea1cf05b772a90) --- tests/playbooks/pre.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/playbooks/pre.yml b/tests/playbooks/pre.yml index 30eb8c9fc7..0fbeec3dfc 100644 --- a/tests/playbooks/pre.yml +++ b/tests/playbooks/pre.yml @@ -55,6 +55,12 @@ apt_repository: repo: "deb {{ nodepool_docker_proxy }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable" state: present + + - name: Ensure AppArmor is installed + package: + name: apparmor + state: present + when: ansible_os_family == "Debian" become: true From daedc1d1f4acd8c3494f625b5f1189928f0ee9e4 Mon Sep 17 00:00:00 2001 From: Michal Nasiadka Date: Tue, 31 Jan 2023 16:49:53 +0100 Subject: [PATCH 3/3] CI: store only templated out Dockerfiles in work_dir Change-Id: I0832d7997536f5f0dc195d5038545b6cc220f0fa (cherry picked from commit c45a742e6fbfd3392511b315edde17ab42a9760d) --- tests/playbooks/run.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/playbooks/run.yml b/tests/playbooks/run.yml index f5f0882163..f95b1da40c 100644 --- a/tests/playbooks/run.yml +++ b/tests/playbooks/run.yml @@ -8,7 +8,6 @@ DEFAULT: debug: true logs_dir: "{{ kolla_build_logs_dir }}" - work_dir: "{{ kolla_logs_dir }}/work_dir" quiet: true base: "{{ base_distro }}" install_type: "{{ install_type }}" @@ -43,5 +42,8 @@ src: "{{ zuul.executor.work_root }}/{{ zuul.project.src_dir }}/tests/templates/template_overrides.j2" dest: /etc/kolla/template_overrides.j2 + - name: Run kolla-build to template out dockerfiles + command: "{{ virtualenv_path }}/bin/kolla-build --template-only --work-dir {{ kolla_build_logs_dir }}/work_dir" + - name: Run kolla-build command: "{{ virtualenv_path }}/bin/kolla-build"