diff options
| author | Julia Kreger <juliaashleykreger@gmail.com> | 2021-11-17 07:28:12 -0800 |
|---|---|---|
| committer | Julia Kreger <juliaashleykreger@gmail.com> | 2021-11-17 07:28:12 -0800 |
| commit | 68961df8d57bf9f3fda1d81bbf71bca87a462738 (patch) | |
| tree | 9736e94e4125d57632aa4fe7c5f93569ade25df0 | |
| parent | f360d0db32430c76dda15bccdca31e57ede7e199 (diff) | |
| download | ironic-68961df8d57bf9f3fda1d81bbf71bca87a462738.tar.gz | |
CI: Get tinyipa build working for CI usage
The qemu git server has updated it's ssl certificate, and can no longer
be verified by the software libraries and embedded tinycore data for
the 10.x release. Unfortunately, we have CI hard coded to an older
release and we cannot release a newer, older version of the tinycore
10.x supporting packages.
So, for our CI purposes, we just need a working build, so that
is all this patch attempts to do, get our CI in a working state
for the older branches.
It is an awful change. None of us like it, but we're stuck and
this is the only path forward short of completely abandoning
the use of the software builds on these branches.
Change-Id: Ia4434e9d2e4df49b26c33fcf371d821e0d44d6b7
| -rw-r--r-- | devstack/lib/ironic | 7 | ||||
| -rw-r--r-- | releasenotes/notes/dont-use-tinyipa-for-production-620d8c7488c3a677.yaml | 12 |
2 files changed, 19 insertions, 0 deletions
diff --git a/devstack/lib/ironic b/devstack/lib/ironic index 0f60bf558..09e6ac919 100644 --- a/devstack/lib/ironic +++ b/devstack/lib/ironic @@ -2697,6 +2697,13 @@ function build_tinyipa_ramdisk { export AUTHORIZE_SSH=true export SSH_PUBLIC_KEY=$IRONIC_ANSIBLE_SSH_KEY.pub fi + # NOTE(TheJulia): This is insecure. We know it, we don't like it. + # but we need CI to work and we're in a catch-22 as we can't explicitly patch + # this in to the versions used for CI with ussuri and train releases. This is + # because the certificates on qemu.org can no longer be verified since it was + # recently in late October 2021. + sed -i 's/git\ clone\ --branch/git\ clone\ --insecure\ --branch/' build-tinyipa.sh + # Resume our build process. make cp tinyipa.gz $ramdisk_path cp tinyipa.vmlinuz $kernel_path diff --git a/releasenotes/notes/dont-use-tinyipa-for-production-620d8c7488c3a677.yaml b/releasenotes/notes/dont-use-tinyipa-for-production-620d8c7488c3a677.yaml new file mode 100644 index 000000000..86aaa0dfa --- /dev/null +++ b/releasenotes/notes/dont-use-tinyipa-for-production-620d8c7488c3a677.yaml @@ -0,0 +1,12 @@ +--- +issues: + - Users attempting to build older TinyIPA versions for Ussuri and Train + may find that they are unable to do so due to SSL certificate verification + issues. This is not expected to be fixed by the ironic community as we + are unable to release new versions of ironic-python-agent-builder used + by those releases. +other: + - | + As a general reminder and a direct results of attempt to fix Continious + Integration test jobs for Ussuri and Train releases, it must be stressed + to *not* use TinyIPA in production. |