| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
This allows the use of the PBR_VERSION environment variable when
building container imasges. This facilitates custom version numbers
with builds.
Change-Id: Ib0156836285a798ebe184691d109301bdf751efb
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
2.0 has breaking api changes:
https://www.sqlalchemy.org/blog/2023/01/26/sqlalchemy-2.0.0-released/
Revert "Update git"
This reverts commit 944b9852c9f565ec433a808385d4ed0ad3f0abcc.
Upstream Debian has updated git to 2.30.2-1+deb11u1 which patches git
for the issues we manually patched to cover. We don't need the manual
patch anymore and can switch to the distro hence this revert.
Reviewers should double check that the image build process installs the
expected 2.30.2-1+deb11u1 version.
Change-Id: I02c4746a0f6651dfcd04ea88ccfd7d62e481d490
Co-Authored-By: Clark Boylan <cboylan@sapwetik.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
skopeo has started failing with
unsupported MIME type for compression: application/vnd.in-toto+json
since the buildx v.10.0 release [1]. The version in bullseye is a
long way behind upstream, and unfortunately there's no practical way
to backport the package (it would require also pulling in a lot of
exploded out go container dependencies).
Thus we take the alternative solution of just building it ourselves
for the executor image. I couldn't figure out how to build this with
the Debian-packaged go (I think it has something to do with the
aforementioned libraries) but it works with the upstream monolith. It
produces a binary that is linked to a few local libraries, which are
installed here.
[1] https://github.com/containers/skopeo/issues/1874
Change-Id: Iab667a92a5b6e6f8591db2aa435a782913d9d34f
|
| |
|
|
|
|
|
|
| |
This updates git to address CVE-2022-23521.
Change-Id: Ib08ff1fc7b3c8623fa6b927f3010af72e1b946cf
Co-Authored-By: Jeremy Stanley <fungi@yuggoth.org>
Co-Authored-By: Clark Boylan <clark.boylan@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This updates the openshift client install to use the latest stable
release. Hashes of the oc and kubectl command remain the same which
should continue to allow us to avoid copying both files.
Note we don't fetch the client from the stable-4.11/ path because the
versions of the client under this path are updated when the stable
version updates. Instad we fetch it from the permanent location for the
current stable release (4.11.20/).
Change-Id: Ie78ecd9108f8d6d100479910aa524f867020774f
|
| |
|
|
|
|
|
|
|
| |
These binaries are about 115MB each and we copy both of them.
Fortunately they are identical according to hashing routines so we can
save space by copying them once and using a symlink. We choose to make
`oc` the canonical file as these binaries come from openshift.
Change-Id: I3a34acf4ee20db935a471c4fa9ca5e2f7d297d39
|
| |
|
|
|
|
|
|
|
|
| |
This adds python 3.11 testing and drops python3.10 in order to keep
testing only the bounds of what Zuul supports. Note that currently the
python 3.11 available for jammy is based on an RC release. This should
be fine as we do functional testing with a released python 3.11 and that
is what people will consume via the docker images.
Change-Id: Ic5ecf2e23b250d3dbf592983b17ec715d6e9722e
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 559602910ff57f90e6478e748d17e0e298430c73.
The fix to grantpt() required has been merged into bullseye with
2.31-13+deb11u4.
To minimise our differences to a standard upstream we can revert to
this version of glibc.
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015740
Depends-On: https://review.opendev.org/c/opendev/system-config/+/856537
Change-Id: I8580e15d4ea4c65154ba465462e6f38cb4363a5f
|
| |
|
|
|
|
|
|
|
|
|
| |
Ansible can deadlock when using a libc version lower than 2.33
because of ansible using os.fork for starting new processes.
See:
https://sourceware.org/bugzilla/show_bug.cgi?id=24941
https://github.com/ansible/ansible/issues/59642
https://github.com/ansible/ansible/blob/devel/lib/ansible/utils/multiprocessing.py#L17
Change-Id: I76ba278d1ffecbd00886531b4554d7aed21c43df
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds python3.10 testing on Jammy and switches the docker images to
python3.10 from 3.8.
We run sudo for postgres with -Hi to avoid non fatal errors when
postres' client attempts to write command history to Zuul's homedir (it
is running as the postgres user which can't write to zuul's homedir). We
also need to update the libffi package version for jammy to 8 in
bindep.txt. Finally, python_version values need to be quoted as "3.10"
is different than 3.10 which is equivalent to 3.1 when serialized by
yaml as a float.
Force setuptools to use stdlib (shipped by the distro) distutils to
avoid problems with virtualenvs not actually being virtualenvs.
Finally we switch the bulk of jobs over to using nodeset: ubuntu-jammy
as the default python there is 3.10.
Change-Id: I97b90bb7a23c90f108f23dda9fdd0e89f9f4dbca
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
We had been using version 14 which is the previous LTS. Now there are
problems running:
npx browserslist@latest --update-db
running out of memory. Update to the current nodejs LTS version to
ensure we are running an up to date runtime that hopefully performs more
consistently with the browserslist command.
Change-Id: Ib20c1090ea0f30b7dac2780b6ed963dd6e4b6f77
|
| |
|
|
|
|
|
|
| |
Debian bullseye includes skopeo, so we can drop the kubic repository
(which as I write this is having synchronization errors) in favor of
just using the version from the underlying OS.
Change-Id: Ifde147c8c690dd6a421b0133dbabcff7dd9b9649
|
| |
|
|
|
|
|
|
|
| |
Bullseye is out and Buster is old news :) Bump up the base image that we
build Zuul on to Bullseye from Buster. The python version remains the
same but this gives us a more up to date userland. In particular git
goes from 2.20 to 2.30.
Change-Id: I2decbe805a4d0d1daa96de24e317339cee318850
|
| |
|
|
|
|
|
|
| |
We can use more than one builder image. Use the node image for
the javascript build so we can avoid spending time installing
node in the python builder image.
Change-Id: I19b18dd419b98119f75a8c3a9f3978f37f329e58
|
| |
|
|
|
|
| |
Base images have updated. Lets do a rebuild for latest.
Change-Id: I79b20c68a94dadb92fc975c4241782d6a26eef35
|
| |
|
|
|
|
| |
This will reduce the number of layers in the final image.
Change-Id: I1102af5aa98df33d1454964955d0f2c13ee39907
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Git versions between 2.18 and 2.26 have version 2 protocol support
but it's not enabled by default. Starting in 2.26, it is the
default. V2 is more efficient at negotiating refs and can reduce
the time spent updating a repo by 50% on large repos.
This adds a setting to the container images to specify that v2
should be used. The images are currently built with git 2.20, which
is in the range where this is needed.
Change-Id: Ifc471c5fde49c65137bc34e49734b3ac3d33e3e1
|
| |
|
|
|
|
|
| |
The kubic repo has changed it signature key so update it to unbreak
container builds.
Change-Id: I3edc9bebfc6807fb2ed76e615fc9eeff48c03911
|
| |
|
|
|
|
|
|
|
| |
This reverts commit fe58e85bb1af47ca90025cfe76f68210263945b1.
We resolved the twine issue with https://review.opendev.org/#/c/755670/
Depends-On: https://review.opendev.org/#/c/755670/
Change-Id: Iab73cf93dd7556609f7bddb13ab06ac7ab879d6b
|
| |
|
|
|
|
|
|
|
| |
This breaks ensure-twine in opendev which is currently incompatible
with py38.
This reverts commit 429d73e93d83c556166a787ccedd4682a436637e.
Change-Id: I983b871d6b42b6d190bc055b57ba0a5f1a4618c0
|
| |
|
|
|
|
|
|
| |
After dropping support of Ansible 2.7 which has compatibility issues
with python 3.8 we now can finally upgrade to Python 3.8 which has
improvements regarding performance and memory usage.
Change-Id: I346c2fe22f8409c600a3ee2a229369778e3cabd6
|
| |
|
|
|
|
|
|
|
|
|
| |
There was a bug in opendevorg/python-builder that prevented extras from
being installed properly. Zuul worked around this with an explicit step
to install those extras. The depends on of this change fixes the
python-builder bug so we can remove the workaround from Zuul's
dockerfile.
Depends-On: https://review.opendev.org/744531
Change-Id: I28a783ca0582669c7fe9045aa912908f4229fd29
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The js content tarball creation was broken. Instead of leaving the
symlink to a non-existing directory which gets created during python
setup we should just remove that symlink as well and create the
symlink and the static dir during the python setup. This way nothing
will be in the way of the javascript content generation.
This reverts commit eb7b18b38e01688b5b05e5dfdb359ff5d42d1ed8.
Change-Id: I5f8bfa62cd2d4d9823b86dbcda14885230847a82
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixed error observed locally when trying to reproduce CI command failure:
debconf: (TERM is not set, so the dialog frontend is not usable.)
debconf: falling back to frontend: Readline
Configuring openafs-client
--------------------------
AFS filespace is organized into cells or administrative domains. Each
workstation belongs to one cell. Usually the cell is the DNS domain name of
the site.
AFS cell this workstation belongs to: ^C
Change-Id: I5e818d1fcdac360b13947c750c536ed5d0811cb9
|
| | |
| |
| |
| |
| |
| |
| | |
This has been incorporated into the upstream image now.
Depends-On: https://review.opendev.org/738204
Change-Id: I9761bdf04c6e7b559e82ffd0d2c1accd62d86e46
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We added openafs-krb5 but we need krb5-user for kinit.
Add DEBIAN_FRONTEND=noninteractive to the Dockerfile
to prevent the krb5-user package from asking for our
default realm.
Change-Id: Ifbef43887e541a3edc259ffaf9a75d7343c97dca
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
virtualenv 20.0.24 creates ~/.local/share/virtualenv with the
seed packages needed for making virtualenvs per-python version.
Creating empty virtualenvs is quick, so run those in sequence
to avoid race possibilities. Then, we can still run the
installs into the virtualenvs in parallel.
We also fix a bug in the console stream functional jobs and install pip
with the use of ensure-pip. This is necessary because the virtualenv
fix runs the stream functional jobs and the update to the stream
functional jobs relies on working docker images.
Change-Id: I3dec251d19dd7b3807848a54e6a20a8e89d30a4e
|
| |
|
|
|
|
|
|
|
|
| |
We are consuming OpenDev's default python-builder and python-base images
which happen to be python3.7 today. Zuul specifically wants python3.7 so
we should explicitly use OpenDev's 3.7 tags of these images. This way if
OpenDev updates the default to 3.8 zuul can continue to assert its
dependency on 3.7.
Change-Id: I1f344eccfddff9bf1050c571604038371eec1a3f
|
| |
|
|
|
|
|
| |
Ansible 2.7 is known to be broken with python 3.8 so switch back to
python 3.7 for now until we dropped support for Ansible 2.7.
Change-Id: Ibfe1b226630c8db202a294590c6435666afcb62d
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We suspect a memory leak in python 3.7. BMW saw one and reverted
to 3.6 and has been better. OpenDev is seeing one which seems to
be improved by sending SIGUSR2 signals to the process, which makes
us think there may be an issue in the GC.
Try updating to 3.8. If it fixes it, we can just shrug and say
"3.7 lol". If it doesn't, we can follow BMW's lead and try 3.6.
Change-Id: Iaa53fa2b3125dd3a2c79ba25191b2b44ed473200
|
| |
|
|
|
|
|
|
| |
The container roles in zuul jobs use skopeo to copy to and from
the intermediate registry. It is therefore helpful to have
skopeo in the images.
Change-Id: I1550b2eeca6cb1755976dd884e668bddf960f296
|
| |
|
|
|
|
|
| |
python-base is buster now, so this is not necessary. We can
just install bubblewrap and socat from buster directly.
Change-Id: If65f3c2d6367a7c79cf9d6d8f788021ba72cccd4
|
| |
|
|
|
|
|
| |
podman build can't build this Dockerfile if we use unprefixed
images.
Change-Id: I6f3c21fe38bf446b22dbf09e6ceadb98d0f29212
|
| |
|
|
|
|
|
|
|
|
|
| |
When we get a pod from nodepool, this starts a kubectl port-forward
on the pod so that zuul-console and the normal method of streaming
command output will work.
Change-Id: Iae85347c3d8e0a74e330a7b62b513c7b41641383
Story: 2007321
Task: 38832
Depends-On: https://review.opendev.org/709259
|
| |
|
|
|
|
|
|
|
|
| |
The current options stated as 'do not run as a daemon' is actually
'run in debug mode in foreground'. When running in container we
actually want an option for running normally in foreground. Thus add a
new option -f for foreground operations and change the docker imaged
to use this accordingly.
Change-Id: I16173a73dbfb79dc2c2b05c2002ac41e20a48225
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| | |
The binaries were only installed on the builder image. This change
installs them on the executor image.
Change-Id: I86f7102218a77908c02b7da8a913fd20d417794d
|
| |/
|
|
|
|
|
|
| |
Rather than relying on the setup hook to build the javascript
on demand, we always want to build the javascript in the container
context, so just run yarn explicitly.
Change-Id: Iaf456a78b5f798d3b4d05aa3925beb920dc56258
|
| |
|
|
|
|
|
|
| |
This installs oc and kubectl (really oc masquerading as kubectl)
into the zuul-executor container image, so that Ansible kubectl
connections work as expected.
Change-Id: Ib40cacea6751674346154457db4187e8600788d5
|
| |
|
|
|
|
|
| |
This change creates an unprivileged user zuul (uid 10001) to run the
zuul service.
Change-Id: I8bd2cafbe9d2e7580407262c035e50e2e3be474e
|
| |
|
|
|
|
|
| |
Ara and openstacksdk are installed into the ansible virtualenvs now so
there is no need to pull them as executor specific dependencies.
Change-Id: I3aeac278b8e1f4bb796e0f3a3f475b3c97208a85
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As a first step towards supporting multiple ansible versions we need
tooling to manage ansible installations. This moves the installation
of ansible from the requirements.txt into zuul. This is called as a
setup hook to install the ansible versions into
<prefix>/lib/zuul/ansible. Further this tooling abstracts knowledge
that the executor must know in order to actually run the correct
version of ansible.
The actual usage of multiple ansible versions will be done in
follow-ups.
For better maintainability the ansible plugins live in
zuul/ansible/base where plugins can be kept in different versions if
necessary. For each supported ansible version there is a specific
folder that symlinks the according plugins.
Change-Id: I5ce1385245c76818777aa34230786a9dbaf723e5
Depends-On: https://review.openstack.org/623927
|
| |
|
|
|
|
|
|
|
|
|
| |
Most configuration options depend on storing state data inside
the /var/lib/zuul path which does not exist by default, causing
a lot of configurations to not work out of the box.
This patch creates the folder in the zuul base image, which will
reduce the number of options to be moved around to store state.
Change-Id: I22d05ca26324ffc02cd0b8d2a3059247a21ffdd9
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The Service Workers seem to be consistently causing issues for people
that are strange, meaning many of our deployers are disabling them.
Since they aren't super necessary for the Zuul use case, change the
default behavior to be to disable them instead of enable them.
Change-Id: Iea8348a3b007badaae74fc1837b55bb0b076ac65
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
So that people can re-use the Dockerfiles to build zuul images
but with different flags set, plumb the env vars through here
as ARG entries.
Also, fix 2 doc references that were misspelled.
Change-Id: I320a496eadf4132fc0583dd48a87024a2ff61a07
|
| |/
|
|
|
|
|
|
|
| |
We have a utility image that we use for running the zuul command
that doens't have any additional software installed. Although it does
set a COMMAND of /usr/local/bin/zuul, it could still be useful as
a general base image for other people if they wanted such a thing.
Change-Id: I4f92d8707f478c73cd41678db4ed511e8dbfbb7e
|
|
|
While pbrx is nice and all, it's quite the divergence from how
the rest of the container ecosystem works. Switch to using
Dockerfile and the python-builder image.
Bind mount ld.so.cache into bwrap context
When using images based on the python:slim base image, python
is installed in /usr/local and the linker needs to know to look
in /usr/local/lib for shared libraries.
Depends-On: https://review.openstack.org/632187
Change-Id: I84f6dd2a8e3222f7807103dcbb61bdadedfdd22d
|
