diff --git a/doc/source/support_matrix.rst b/doc/source/support_matrix.rst index 3598e839ef..05f2d5693a 100644 --- a/doc/source/support_matrix.rst +++ b/doc/source/support_matrix.rst @@ -18,7 +18,7 @@ The following base container images are supported: Distribution Default base Default base tag ================== =============================== ================ Rocky Linux quay.io/rockylinux/rockylinux 9 -Debian Bullseye debian bullseye +Debian Bookworm debian bookworm Ubuntu Noble ubuntu 24.04 ================== =============================== ================ diff --git a/docker/aodh/aodh-base/Dockerfile.j2 b/docker/aodh/aodh-base/Dockerfile.j2 index db9d507f49..39e785dc82 100644 --- a/docker/aodh/aodh-base/Dockerfile.j2 +++ b/docker/aodh/aodh-base/Dockerfile.j2 @@ -28,6 +28,8 @@ RUN ln -s aodh-base-source/* aodh \ && {{ macros.install_pip(aodh_base_pip_packages | customizable("pip_packages")) }} \ && mkdir -p /etc/aodh /var/www/cgi-bin/aodh \ && cp /aodh/aodh/api/app.wsgi /var/www/cgi-bin/aodh \ + && cp /aodh/aodh/api/api-paste.ini /etc/aodh/ \ + && chmod 644 /etc/aodh/api-paste.ini \ && chmod 750 /etc/sudoers.d \ && chmod 640 /etc/sudoers.d/kolla_aodh_sudoers \ && chmod 755 /var/www/cgi-bin/aodh \ diff --git a/docker/heat/heat-base/extend_start.sh b/docker/heat/heat-base/extend_start.sh index a73f17345f..1c1e86b8e1 100644 --- a/docker/heat/heat-base/extend_start.sh +++ b/docker/heat/heat-base/extend_start.sh @@ -3,6 +3,9 @@ if [[ ! -d "/var/log/kolla/heat" ]]; then mkdir -p /var/log/kolla/heat fi +if [[ $(stat -c %U:%G /var/log/kolla/heat) != "heat:kolla" ]]; then + chown -R heat:kolla /var/log/kolla/heat +fi if [[ $(stat -c %a /var/log/kolla/heat) != "755" ]]; then chmod 755 /var/log/kolla/heat fi diff --git a/docker/ironic/ironic-base/Dockerfile.j2 b/docker/ironic/ironic-base/Dockerfile.j2 index 2002438c02..86f1d70148 100644 --- a/docker/ironic/ironic-base/Dockerfile.j2 +++ b/docker/ironic/ironic-base/Dockerfile.j2 @@ -21,9 +21,7 @@ COPY extend_start.sh /usr/local/bin/kolla_extend_start RUN ln -s ironic-base-source/* ironic \ && {{ macros.install_pip(ironic_base_pip_packages | customizable("pip_packages")) }} \ && mkdir -p /etc/ironic \ - && cp -r /var/lib/kolla/venv/etc/ironic/* /etc/ironic/ \ && cp /var/lib/kolla/venv/etc/pycadf/ironic_api_audit_map.conf /etc/ironic/ \ - && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/ironic/rootwrap.conf \ && chmod 750 /etc/sudoers.d \ && chmod 440 /etc/sudoers.d/kolla_ironic_sudoers \ && touch /usr/local/bin/kolla_ironic_extend_start \ diff --git a/docker/ironic/ironic-base/ironic_sudoers b/docker/ironic/ironic-base/ironic_sudoers index 1a3f32e1af..9b9deed4d1 100644 --- a/docker/ironic/ironic-base/ironic_sudoers +++ b/docker/ironic/ironic-base/ironic_sudoers @@ -1,4 +1,3 @@ -ironic ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/ironic-rootwrap /etc/ironic/rootwrap.conf * ironic ALL = (root) NOPASSWD: /bin/mkdir -p /var/lib/ironic-metrics, /usr/bin/mkdir -p /var/lib/ironic-metrics ironic ALL = (root) NOPASSWD: /bin/chown ironic\:ironic /var/lib/ironic-metrics, /usr/bin/chown ironic\:ironic /var/lib/ironic-metrics ironic ALL = (root) NOPASSWD: /bin/chmod 2755 /var/lib/ironic-metrics, /usr/bin/chmod 2775 /var/lib/ironic-metrics diff --git a/docker/keystone/keystone-base/Dockerfile.j2 b/docker/keystone/keystone-base/Dockerfile.j2 index 8996a8e75d..128c841487 100644 --- a/docker/keystone/keystone-base/Dockerfile.j2 +++ b/docker/keystone/keystone-base/Dockerfile.j2 @@ -33,6 +33,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% block keystone_source_install %} ADD keystone-base-archive /keystone-base-source +ADD wsgi /var/lib/kolla/venv/bin/keystone-wsgi-public {% set keystone_base_pip_packages = [ '/keystone[ldap]', @@ -40,14 +41,10 @@ ADD keystone-base-archive /keystone-base-source RUN ln -s keystone-base-source/* keystone \ && {{ macros.install_pip(keystone_base_pip_packages | customizable("pip_packages")) }} \ - && mkdir -p /etc/keystone /var/www/cgi-bin/keystone \ - && cp -r /keystone/etc/* /etc/keystone/ \ - && cp /var/lib/kolla/venv/bin/keystone-wsgi-admin /var/www/cgi-bin/keystone/admin \ - && cp /var/lib/kolla/venv/bin/keystone-wsgi-public /var/www/cgi-bin/keystone/main + && mkdir -p /etc/keystone \ + && cp -r /keystone/etc/* /etc/keystone/ {% endblock %} -RUN chmod 755 /var/www/cgi-bin/keystone/* - {{ macros.kolla_patch_sources() }} {% block keystone_base_footer %}{% endblock %} diff --git a/docker/keystone/keystone-base/wsgi b/docker/keystone/keystone-base/wsgi new file mode 100644 index 0000000000..852ee95eb9 --- /dev/null +++ b/docker/keystone/keystone-base/wsgi @@ -0,0 +1,2 @@ +#!/var/lib/kolla/venv/bin/python +from keystone.wsgi.api import application diff --git a/docker/manila/manila-api/Dockerfile.j2 b/docker/manila/manila-api/Dockerfile.j2 index 817933cfcd..4e13321f53 100644 --- a/docker/manila/manila-api/Dockerfile.j2 +++ b/docker/manila/manila-api/Dockerfile.j2 @@ -13,10 +13,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build COPY extend_start.sh /usr/local/bin/kolla_manila_extend_start -RUN mkdir -p /var/www/cgi-bin/manila \ - && cp -a /var/lib/kolla/venv/bin/manila-wsgi /var/www/cgi-bin/manila/manila-wsgi \ - && chmod 644 /usr/local/bin/kolla_manila_extend_start \ - && chmod 755 /var/www/cgi-bin/manila/manila-wsgi +RUN chmod 644 /usr/local/bin/kolla_manila_extend_start {{ macros.kolla_patch_sources() }} diff --git a/docker/masakari/masakari-base/extend_start.sh b/docker/masakari/masakari-base/extend_start.sh index d4fdcc86a7..4f13d3e8b5 100755 --- a/docker/masakari/masakari-base/extend_start.sh +++ b/docker/masakari/masakari-base/extend_start.sh @@ -3,6 +3,9 @@ if [[ ! -d "/var/log/kolla/masakari" ]]; then mkdir -p /var/log/kolla/masakari fi +if [[ $(stat -c %U:%G /var/log/kolla/masakari) != "masakari:kolla" ]]; then + chown -R masakari:kolla /var/log/kolla/masakari +fi if [[ $(stat -c %a /var/log/kolla/masakari) != "755" ]]; then chmod 755 /var/log/kolla/masakari fi diff --git a/kolla/common/sources.py b/kolla/common/sources.py index 7a82fd1e9b..9449c060f1 100644 --- a/kolla/common/sources.py +++ b/kolla/common/sources.py @@ -318,11 +318,11 @@ 'elasticsearch_exporter' '-${version}.linux-${debian_arch}.tar.gz')}, 'prometheus-libvirt-exporter': { - 'version': '1.6.0', + 'version': '2.2.0', 'type': 'url', 'sha256': { - 'amd64': '57f1e71ac5bd87f18a40b9089e9fb513dec44ced58328b3065879b279f967596', # noqa: E501 - 'arm64': '8f474fbb515caf19fda92c839eece761738138c7c676d12d10aa0b8c29b3ef9d'}, # noqa: E501 + 'amd64': '37e26779be1ebaef2e76d7304a3d3ecfbdc232a5c57645ee0f97b13f014bd842', # noqa: E501 + 'arm64': '94ac011349d60d70c14985df2942d02ecac87c0b7c7a468133394eb1800a22b0'}, # noqa: E501 'location': ('https://github.com/' 'inovex/prometheus-libvirt-exporter/' 'releases/download/v${version}/' diff --git a/kolla/image/tasks.py b/kolla/image/tasks.py index 28af3d52d0..39d7593907 100644 --- a/kolla/image/tasks.py +++ b/kolla/image/tasks.py @@ -119,6 +119,16 @@ def run(self): def push_image(self, image): kwargs = dict(stream=True, decode=True) + # NOTE(bbezak): Docker ≥ 28.3.3 rejects a push with no + # X-Registry-Auth header (moby/moby#50371, docker-py#3348). + # If the SDK cannot find creds for this registry, we inject + # an empty {} so the daemon still accepts the request. + # TODO(bbezak): Remove fallback once docker-py handles empty auth + if self.conf.engine == engine.Engine.DOCKER.value: + from docker.auth import resolve_authconfig + if not resolve_authconfig(self.engine_client.api._auth_configs, + registry=self.conf.registry): + kwargs.setdefault("auth_config", {}) for response in self.engine_client.images.push(image.canonical_name, **kwargs): diff --git a/kolla/tests/test_build.py b/kolla/tests/test_build.py index ca2faa0561..deb2dfa103 100644 --- a/kolla/tests/test_build.py +++ b/kolla/tests/test_build.py @@ -81,10 +81,12 @@ def setUp(self): @mock.patch(engine_client) def test_push_image(self, mock_client): self.engine_client = mock_client + mock_client().api._auth_configs = {} pusher = tasks.PushTask(self.conf, self.image) pusher.run() mock_client().images.push.assert_called_once_with( - self.image.canonical_name, decode=True, stream=True) + self.image.canonical_name, + decode=True, stream=True, auth_config={}) self.assertTrue(pusher.success) @mock.patch.dict(os.environ, clear=True) @@ -92,11 +94,13 @@ def test_push_image(self, mock_client): def test_push_image_failure(self, mock_client): """failure on connecting Docker API""" self.engine_client = mock_client + mock_client().api._auth_configs = {} mock_client().images.push.side_effect = Exception pusher = tasks.PushTask(self.conf, self.image) pusher.run() mock_client().images.push.assert_called_once_with( - self.image.canonical_name, decode=True, stream=True) + self.image.canonical_name, + decode=True, stream=True, auth_config={}) self.assertFalse(pusher.success) self.assertEqual(utils.Status.PUSH_ERROR, self.image.status) @@ -105,11 +109,13 @@ def test_push_image_failure(self, mock_client): def test_push_image_failure_retry(self, mock_client): """failure on connecting Docker API, success on retry""" self.engine_client = mock_client + mock_client().api._auth_configs = {} mock_client().images.push.side_effect = [Exception, []] pusher = tasks.PushTask(self.conf, self.image) pusher.run() mock_client().images.push.assert_called_once_with( - self.image.canonical_name, decode=True, stream=True) + self.image.canonical_name, + decode=True, stream=True, auth_config={}) self.assertFalse(pusher.success) self.assertEqual(utils.Status.PUSH_ERROR, self.image.status) @@ -125,12 +131,14 @@ def test_push_image_failure_retry(self, mock_client): def test_push_image_failure_error(self, mock_client): """Docker connected, failure to push""" self.engine_client = mock_client + mock_client().api._auth_configs = {} mock_client().images.push.return_value = [{'errorDetail': {'message': 'mock push fail'}}] pusher = tasks.PushTask(self.conf, self.image) pusher.run() mock_client().images.push.assert_called_once_with( - self.image.canonical_name, decode=True, stream=True) + self.image.canonical_name, + decode=True, stream=True, auth_config={}) self.assertFalse(pusher.success) self.assertEqual(utils.Status.PUSH_ERROR, self.image.status) @@ -139,12 +147,14 @@ def test_push_image_failure_error(self, mock_client): def test_push_image_failure_error_retry(self, mock_client): """Docker connected, failure to push, success on retry""" self.engine_client = mock_client + mock_client().api._auth_configs = {} mock_client().images.push.return_value = [{'errorDetail': {'message': 'mock push fail'}}] pusher = tasks.PushTask(self.conf, self.image) pusher.run() mock_client().images.push.assert_called_once_with( - self.image.canonical_name, decode=True, stream=True) + self.image.canonical_name, + decode=True, stream=True, auth_config={}) self.assertFalse(pusher.success) self.assertEqual(utils.Status.PUSH_ERROR, self.image.status) diff --git a/releasenotes/notes/bug-2120639-74c180bd812ddcf7.yaml b/releasenotes/notes/bug-2120639-74c180bd812ddcf7.yaml new file mode 100644 index 0000000000..0b77a1bf8c --- /dev/null +++ b/releasenotes/notes/bug-2120639-74c180bd812ddcf7.yaml @@ -0,0 +1,10 @@ +--- +fixes: + - | + Fixed missing metrics in Prometheus libvirt exporter. + + The Prometheus libvirt exporter has been bumped from ``v1.6.0`` to + ``v2.2.0``. This restores some metrics that were lost when the exporter + source was changed in a previous release. + + `LP#2120639 `__. diff --git a/releasenotes/notes/deprecate-collectd-8ba94052bdc9424b.yaml b/releasenotes/notes/deprecate-collectd-8ba94052bdc9424b.yaml new file mode 100644 index 0000000000..c41b720f96 --- /dev/null +++ b/releasenotes/notes/deprecate-collectd-8ba94052bdc9424b.yaml @@ -0,0 +1,4 @@ +--- +deprecations: + - | + Deprecates support for building ``collectd`` images. diff --git a/releasenotes/notes/deprecate-telegraf-db2b0b9f30591552.yaml b/releasenotes/notes/deprecate-telegraf-db2b0b9f30591552.yaml new file mode 100644 index 0000000000..7aa96baff9 --- /dev/null +++ b/releasenotes/notes/deprecate-telegraf-db2b0b9f30591552.yaml @@ -0,0 +1,4 @@ +--- +deprecations: + - | + Deprecates support for building ``telegraf`` images. diff --git a/tests/playbooks/run.yml b/tests/playbooks/run.yml index c946343a53..ad3c80075d 100644 --- a/tests/playbooks/run.yml +++ b/tests/playbooks/run.yml @@ -29,7 +29,7 @@ vars: kolla_mirror_config: DEFAULT: - base_image: "quay.io/openstack.kolla/{{ base_distro }}" + base_image: "quay.io/opendevmirror/{{ base_distro }}" ansible.builtin.set_fact: kolla_build_config: "{{ kolla_build_config | combine(kolla_mirror_config, recursive=True) }}" when: base_distro in ['debian', 'ubuntu']