98 Commits

Author SHA1 Message Date
akwasniewska
0de0511e3b Add ca-certificates to required packages.
Using curl with https requires ca-certificates.

TrivialFix

Change-Id: Idcb78233fcc07fd3d5491e230ed78efc4f9b949f
2016-01-26 09:29:35 +01:00
SamYaple
0ecf6ffb38 Update keyserver for ubuntu
Our other keyservers for ubuntu use port 80 for firewall reasons.
Update the base to do the same.

TrivialFix

Change-Id: I4f6e59b3925e49a389e0415c943862cc13422f95
2016-01-25 21:54:42 +00:00
Allen Gao
80dfcd0694 use http instead of https for getting mariadb key
yum.mariadb.org intermittent ssl certificate ca bundle has problem
for now.
https://mariadb.atlassian.net/browse/MDEV-9435

Change-Id: Ic0dd72c4586958224c03572ca9de0ea15a7a38fd
Closes-Bug: #1536066
2016-01-20 17:10:47 +08:00
Wanlong Gao
f2f269125d Fix container config files directory path
TrivialFix

Change-Id: I94dd94b1e64a6a844497e551a66e7279de636f90
2016-01-16 07:25:55 +08:00
Jenkins
e6bb28f1a7 Merge "Ceph repo has been moved to download.ceph.org" 2016-01-13 07:43:43 +00:00
Jeffrey Zhang
875518eb26 Ceph repo has been moved to download.ceph.org
Ceph has move it repo to download.ceph.org[0].
Actually, http://ceph.com/rpm-hammer return a http 301 code now.

[0] http://docs.ceph.com/docs/master/install/get-packages/#add-ceph

TrivalFix

Change-Id: I304f9e231c32f63e13d4a5b889412799c39f4d7e
2016-01-13 12:16:46 +08:00
Paul Bourke
494729341d Fix missing jinja2 in source images for mesos
The base image is missing python-jinja2 for source builds which causes
the kolla_mesos_start script to fail on import.

Change-Id: I8550115dd42f4401a3351cd7c466fbeb1e02a665
Closes-Bug: #1532275
2016-01-11 15:30:16 +00:00
Jenkins
91a655105f Merge "Python 3 deprecated the logger.warn method in favor of warning" 2015-12-31 07:45:06 +00:00
Jenkins
1a3e284c2b Merge "Make the logging more safe" 2015-12-31 02:16:27 +00:00
Jeffrey Zhang
991be99c89 Make the logging more safe
TrivialFix

Change-Id: I72c541c1846e503486b402e88d5b29364920fc83
2015-12-30 15:11:43 +08:00
Artur Zarzycki
918cd10bb0 Base and openstack-base ubuntu binary containers.
Change-Id: I93d7f4227f6b4ac04e1af5afd5e46bdbaba84b4f
Partially-Implements: blueprint binary-ubuntu
2015-12-30 00:11:42 +01:00
Wanlong Gao
2fde87a0e9 Python 3 deprecated the logger.warn method in favor of warning
Python 3 deprecated the logger.warn method, see:
https://docs.python.org/3/library/logging.html#logging.warning, so we
prefer to use warning to avoid DeprecationWarning.

Change-Id: Ic4e07276def17ef39764601c8a7e0991f9a4efbc
Closes-Bug: 1508442
2015-12-29 14:40:01 +08:00
Jenkins
075ae5d832 Merge "import the gpg public key properly" 2015-12-25 21:06:32 +00:00
Jeffrey Zhang
b39c8e2918 import the gpg public key properly
include:
* CentOS 7 RPM GPG key
* Percona repo GPG key
* OpenStack Magnum repo GPG key

Closes-Bug: #1528988
Change-Id: I2419d1d130c2cc4466e884e4022b64d81109943b
2015-12-24 15:54:51 +08:00
David Moreau Simard
e8ad7488f6 Make the yum repositories configurable in the base image
- Removed hardcoded yum repository configuration in favor of
  commands dynamically generated based on repo-url and repo-file
  arguments. We maintain a sane default set of repositories.
- Added generic rpm_setup_config parameter to add support for
  installing .rpm or .repo files before building containers.

Co-Authored-By: Ryan Hallisey <rhallise@redhat.com>
Implements: blueprint custom-repos
Change-Id: I1b3a7647a9e7239de3cd162cb6f464f05632bde1
2015-12-24 02:08:52 +00:00
Jenkins
635ef667a5 Merge "Use c-style string interpolation for log messages" 2015-12-22 01:32:27 +00:00
Jenkins
64a39a6cec Merge "Simplify logic of set_configs.py a little bit" 2015-12-18 12:35:24 +00:00
Martin André
a1e3daf55e Use c-style string interpolation for log messages
TrivialFix

Change-Id: I7ddebc7b6f71e50254801324fa2bf093fdaa8ce0
2015-12-18 21:21:06 +09:00
Jenkins
50f4bc52ee Merge "Create empty file by using os.mknod" 2015-12-18 11:22:30 +00:00
Jenkins
348a4847f6 Merge "Remove wrong comment description" 2015-12-18 10:31:52 +00:00
Martin André
735deace15 Simplify logic of set_configs.py a little bit
TrivialFix

Change-Id: Ic1c9fc76f4a5725ee76460c727197a96fe5d5359
2015-12-18 16:10:48 +09:00
Jeffrey Zhang
cbb7f0503e Create empty file by using os.mknod
it is more safe and pythonic.

Change-Id: I728649af37cee8d1e255bb0a389cbc532e551c74
2015-12-18 14:14:48 +08:00
Jeffrey Zhang
e4b71a745e Remove wrong comment description
Base on the code logic, all the source, dest, owner and perm field
is required.

Change-Id: Iba5b4b2c2bd3ca0b97a3c29655e87c9701a84350
2015-12-18 12:46:11 +08:00
Michal Jastrzebski
9cd603dfde Add kolla version to base container
We want to record kolla version of running containers to be able to
detect whether or not we need to perform certain downtime-causing
actions during upgrade.

Change-Id: Ie113029da98303e6809d56edbf6d8de37be128d7
Implements: blueprint record-version
2015-12-17 17:55:04 +00:00
Jeffrey Zhang
551c0fa2ce import the rpm gpg key
this will purge the package pgp key warning

Closes-Bug: #1525276
Change-Id: I956c8b0b6f1e1bfbceaa6abc06da16a980f023c1
2015-12-16 14:17:16 +08:00
Jeffrey Zhang
b35ba2b1b1 do not replace the systemd-container with systemd
Systemd-container no longer exist in centos latest docker image.

Change-Id: Icbfc7fce99885551f7f4caa707a600b20db849ae
Closes-Bug: #1526606
2015-12-16 12:41:59 +08:00
Jenkins
5d762a117a Merge "Do not purge yum-plugin-fastestmirror package" 2015-12-15 03:57:55 +00:00
Jeffrey Zhang
aabafd343b Do not purge yum-plugin-fastestmirror package
It will be helpful for speed up the package installation.

Closes-Bug: #1525514
Change-Id: Id40a0afa30dd0a142bee3b13f7622cb0d42d9298
2015-12-12 21:04:12 +08:00
Martin André
ae8b402b4d Fetch ceph gpg key from more reliable mirror
The ceph master repository is slow and the centos build often fails due
to timeouts fetching the ceph repo GPG key.

Switching to a more reliable mirror should improve things.

Change-Id: I7eef31fa9d83413a7c12134d285b3d20d95805e8
Closes-Bug: 1525505
2015-12-12 21:02:43 +09:00
Jeffrey Zhang
0932a0f7b2 add python-kazoo and python-six when using centos source install type
Closes-Bug: #1525055
Change-Id: Id800da1a0cce4db20c32e8daf09c5f0f2c9f8929
2015-12-11 13:24:35 +08:00
Michal Rostecki
dab8cae9b2 Add Python 3.x support in set_configs.py
Change-Id: I348c69e5411135da8434e9278a48a5777ff2a72d
Partially-Implements: blueprint python3
2015-12-07 09:41:31 +01:00
Jenkins
939b464d12 Merge "Add support for copying files from a "zk://" source" 2015-12-04 17:04:59 +00:00
Jeffrey Zhang
b3a695e934 Remove the meaningless comment line in base image Dockerfile
Use jinja2 comment syntax instead.

Closes-Bug: #1521932
Change-Id: Ida5a9204e7affe880ac6156d3fed3206b1eae7b9
2015-12-02 20:37:32 +08:00
Angus Salkeld
27c0ae0624 Add support for copying files from a "zk://" source
Co-Authored-By: Michal Rostecki <mrostecki@mirantis.com>
Implements: blueprint zookeeper

Change-Id: I176f063d3802716846b921e210c1569d28bd90d8
2015-12-02 10:25:43 +01:00
Jeffrey Zhang
ce05819d6c Fix the confused comment in the base image Dockerfile
Use jinja2 comment syntax instead.

Closes-Bug: #1521078
Change-Id: I261f7bdd9e1286b4ad71fc4529228449ffe21af2
2015-11-30 10:03:13 +00:00
David Moreau Simard
a9d570695a Install yum-plugin-priorities on RHEL-derivatives
RDO provides all of the OpenStack services, clients, libs and their
dependencies self-contained in it's repositories.
We have had users that were impacted by sudden updates from EPEL
when it was enabled because EPEL provided a more up-to-date version.
Packages may also be found in both the delorean and delorean-deps
repositories. yum-plugin-priorities will ensure the right package
candidates are chosen for installation.

Change-Id: I043ec1f60381dc7f5baab5f320ed5f1edde8ae82
Related-bug: https://bugzilla.redhat.com/show_bug.cgi?id=1284978
Closes-bug: #1520620
2015-11-27 15:21:58 +00:00
Michal Rostecki
7910044803 Pin specific version of Ceph
Change-Id: Ie358064b507729b9606683ce1a0e8feac7646030
Implements: blueprint pin-ceph
2015-11-24 19:15:47 +01:00
Swapnil Kulkarni (coolsvap)
59a1c8b9fb Remove hardcoded MAINTAINER in Dockerfiles
Added new option in kolla-build.conf

Change-Id: I45fe51966bcb59ea19d112281ba3d5a1ba091a56
Closes-Bug:#1514304
2015-11-23 11:03:47 +00:00
Angus Salkeld
2f1c00a467 Add support for loading kolla config from ENV
Implements: blueprint zookeeper

Change-Id: Ibabcb5d6d304be9290633338c513f16651d4479a
2015-11-17 07:51:32 +00:00
Steven Dake
4c9e15b94e Drop root privileges for mariadb
Drop root privileges for mariadb.  This isn't perfect.  If somemone
breaks out of the container and can run sudo within the contianer,
it would be possible to replace the root credentials of the database.

Any container that uses sudo suffers from some extra attack vector
related to the sudo command.  That said, the sudo commands are
locked down to minimize harm.

Change-Id: I4b3573725d940bb8aa90d43a6235d8cf7d30fc64
Partially-Implements: blueprint drop-root
2015-11-12 03:12:40 -05:00
Steven Dake
6cf5928ff1 Base image changes for drop-root
The reason we are doing drop root is so that a network exposed
software component (i.e. glance) cannot be used to affect the
immutability of the container which it runs in.  I have tried
several different approaches and this is the only approach which
puts glance in PID=1 while ensuring no files may be written by
the glance process in the container image except for the log files.

Change-Id: Ifd3c8c361b78d0e4791dade3afa6435290407c41
Partially-Implements: blueprint drop-root
2015-11-09 11:00:26 -05:00
David Moreau Simard
4a1db7a08d Switch to RDO untested master repository
RDO does not yet provide a CI tested Mitaka repository.
As such, the current-passed-ci repository is the last tested
repository before the stable/liberty branch was cut.

To be able to test against the latest packages, we need to
use the untested repositories until the CI tested repository
is in place.

TrivialFix

Change-Id: I4a125eb3c84fa790746a9a8eca19e4fb2d9ecf38
2015-11-06 12:30:18 -05:00
Ryan Hallisey
0340bc4043 Fix RHEL builds
Register with RHEL on the host machine and use yum to setup
the repos in the container.

Change-Id: I38aaf43fffaf7a235e69b330d5d9f0f1be31fe83
Backport: Liberty
Closes-Bug: #1513088
2015-11-04 09:32:08 -05:00
Sam Yaple
2e07be310a Download, install, and enable rabbitmq_cluster
Change-Id: I84d7587fca64dc8a9f05e326a27511ded79e902d
Partially-Implements: blueprint rabbitmq-clusterer
2015-11-03 04:51:45 +00:00
Steven Dake
a40989c002 Use EL7 repostitory instead of EL6 for percona
This patch uses the EL7 binary bits for percona's software instead
of EL6.  To match binary ABIs, it is recommended to use the same
major version of EL for CentOS.

backport: liberty

Change-Id: I1d2b146a036806c7fd2baef97a6ed861a570d26e
Partial-Fix: #1509281
2015-10-23 02:55:44 -07:00
Steven Dake
c7a9835b68 Improve dry-ness of base dockerfile.j2
The delorean repositories no longer have a separate location for
openvswitch.  Now openvswitch is located in delorean-deps.repo
and the rest of delorean master is located in the delorean.repo
file.  These files can be installed for both RDO and SOURCE, but
not for RHOS.  This patch uses the install_metatype to make a
determination as to when to install these two repos.  In the
process, we can remove the source RPM installation.

Change-Id: Ieedddd9d7ee234b6acdb03f7043d57c18e024951
Closes-Bug: #1508326
2015-10-21 04:56:52 -04:00
Steven Dake
a026ec253a Increase Ceph RPM gpg key timeout to 90 seconds
The default timeout for Ceph GPG rpm key retrieval is 30 seconds.
In my testing, the GPG key takes approximately 50 seconds to download
often resulting in a failure to build containers that need to retrieve
the Ceph GPG sign key.  Crank up the timer to 90 seconds so the key
is more likely to be downloaded, allowing images to be built.

backport: liberty

TrivialFix

Change-Id: I7420cdf8d3b61aa9f4f52795fccbe5da3e48d57b
2015-10-20 16:28:19 -04:00
Steven Dake
1353538644 Make Ceph work for RPM based distributions
Ceph packages need to be installed in nova, glance, and cinder.
Once that is done, Ceph works like a champ!

Change-Id: I296da1d04d0c1bcb729f22e65e432d53d561b49c
backport: liberty
Closes-Bug: #1505549
2015-10-13 21:48:17 -04:00
Jenkins
c4888d3310 Merge "Remove debug output in base image yum command" 2015-10-08 03:06:41 +00:00
Steven Dake
fbb1842fc8 Enable source for openstack-base for RPM distros
Make openstack-base optimized for from source builds for RPM based
distributions.

backport: liberty

Change-Id: I5f1056ebc09fd55cd5d46da7a09331e38940d888
Implements: blueprint openstack-common-container
2015-10-06 22:59:50 -07:00