This PS restores image build for ubuntu_bionic and adds appropriate
gates to keep it tested by appropriate functional and integrational
tests.
Change-Id: I8ef524a1f66f1a88593a18334b8c37c4db0175c6
add focal dockerfile
update zuul jobs for focal
update tox for tox4 changes
update all requirements to latest and match deckhand
update cfssl from R1.2 to v1.6.3
fixed local gates for focal
updated examples promenade manifests to run on focal
Change-Id: I2af4043784766d36588c6f738053ad66e7b89a90
The extraction of the monolithic hyperkube binary from its container
image to be used as kubelet was last relevant in Kubernetes 1.16. Since
then, the hyperkube image has been deprecated, the structure of the
image has been changed, and it has ultimately been eliminated in
Kubernetes 1.19.
This change cleans up promenade accordingly.
Reverts the following commits:
* 886007b New CLI option to extract hyperkube
* 32a6c15 hyperkube image in promenade init
* 955deed New source for hyperkube binary definition
Change-Id: Ib62ecdf1af13abe8202a4ba4f86c39b9042ed13f
This commit updates the Pegleg pep8 gate to use Ubuntu 18.04 (bionic) as
the base Ubuntu image for the job. Upstream CI has a community goal to
use Ubuntu 20.04 (focal) which defaults to python3.8. By moving to
python3.8, some of the pip packages need to be updated but until pip
conflicts are resolved, it is difficult to do so.
Additionally, update the deb-docker path to fix the docker image build
jobs.
Change-Id: I263c646f9fbf14cb65267df586c524de3da2878f
Use apt to install python3-pip, and use pip3 in event system has
both pip2 and pip3 installed. Use apt to install setuptools for
Ansible's consumption.
Change-Id: Idd1ce284298fd4574adf60180d5dc691aacaf6d4
Signed-off-by: Alexander Hughes <Alexander.Hughes@pm.me>
The current Promenade image is vulnerable to several CVEs:
CVE-2019-3462
CVE-2018-16865
CVE-2018-16864
Which Ubuntu 16.04/18.04 addresses.
This patchset makes the following changes:
1. Adds new distro specific dockerfiles for xenial/bionic.
2. Updates gates to be specific about the ubuntu image being
checked.
3. Updates .zuul.yaml checks/gates/post jobs for xenial/bionic.
4. Updates build-image.sh docker build for specific dockerfile
specified in config.sh (IMAGE_PROMENADE_DISTRO).
Change-Id: I89e5297a3baa8c2d2c142e5e29932476fc628398
Also added AppArmor to promenade genesis gates in order to test apparmor changes
to promenade charts
Change-Id: Ib393306dabf40ef9817072aaa9824c22e60626dc
Introduced new name for the field to define package that has files
which will be used as runtime for UCP containers.
Prepared set of yaml files as an example of containerd usage.
Prepared zuul job to use containerd in simple deployment.
Change-Id: Ifc82a505d064c4f13efccfd92ffc336a510220bf
This patch adds a post-run step to the genesis gate to allow for easier
debugging of failed gate runs
This patch also brings the genesis gate HostSystem configuration up to
date with the proper schema as defined here:
aea0c9d1e9
Change-Id: Iccd971010217709fc3f1047f64fc22e9829b2f36
Readthedocs failed to render Promenade exceptions with error:
> WARNING: autodoc: failed to import exception 'xxx' from module
> 'promenade'; the following exception was raised: No module
> named 'falcon'
Trying to add Promenade requirements to the installed requirements list,
so that Readthedocs has all modules, including those needed for the
Promenade itself.
Unify docs building by utilizing Zuul docs-on-readthedocs template job.
Cosmetic readability changes:
1. combined all Makefile .PHONY targets into one
2. merged multiple LABEL instructions in Dockerfile into one
Change-Id: I731ee3426a631fa765f13ba7091dcb4b9ebd0353
New option --extract-hyperkube to declare the way how hyperkube
will be delivered.
By default this option is disabled which means hyperkube should be
extracted before running promenade container for the first time.
When it's enabled the appropriate env vars should be set for
promenade container to be able to extract hyperkube binary from image.
Change-Id: I2c45100e1e953d859d768ec80f268bd490ce3a81
This commit introduces a non-voting job to lint Helm charts against the
latest version of Helm toolkit from OpenStack-Helm Infra. This job
should serve as an indicator of when it's safe to advance the version of
Helm toolkit used by Airship.
Additionally, this commit modifies all Helm chart lint jobs to run on
each commit, regardless of the files modified by a change. This should
not introduce a noticeable difference in CI runtime, as these jobs
execute quicker than the tox jobs.
Change-Id: I0b38ef3388629b88ea6d6f88eabdc2d7f5f69a3b
- Zuul updated ansible to 2.7, no longer uses missing variables.
- Using an if to try and address.
Based on Aaron Sheffield's PS for Pegleg:
https://review.openstack.org/#/c/645631/
Change-Id: I6cf52a2b9c804c29cc727ad60d45c05a8450c9e9
1) Use OCI Image Specs for labels instead of custom 'commit-id=xxxxx'
or legacy "Label Schema"
2) Fix missing git commit id labels on images (.revision)
3) Add human-readable title (.title) of the image, URL (.url), and
a few other properties (annotations) according to the latest Specs
4) Unify docker-image-build.yaml playbook with other Airship-*
components
Change-Id: I89afed3bf6a1f9fa92391d605bb6b3c871e58126
This change adds the global zuul pep8 tox job, which runs both
bandit and pep8 using tox. This also removes the two other airship
specific lint-pep8 and bandit zuul jobs since they are both covered
by the default openstack global one.
Also cleaned up the tox.ini by moving the requirements into the
test-requirements.txt file.
Change-Id: Iccf6228ab9e6d621d3047994b3adc192d67273c9
l is to let user customize the base image of the component
by passing FROM=myimage during the build process. This would let any
project leveraging Airship ensure that the base image is matching the
security requirements for that project and still use the same Dockerfile.
This will also ease the control of the /etc/apt/source.list
and thereby the result of apt-get update/upgrade procedure.
2. The above goal is achievable by using docker-ce feature such as:
ARG FROM="defaultbaseimage:xx"
FROM ${FROM}
For this reason, the installation of docker.io in the Zuul gating is beeing
replaced by docker-ce.
3. Third Goal is to bring consistency with the other compoenents leveraging
Helm such as the openstack-helm and potentially use bindep the same way
the LOCI images are to ensure
4. The new syntax in the Dockerfile is still commented out until the associated
image builder have been updated to use docker-ce as they have been for the LOCI
images.
Change-Id: Ie5ae836221dc3cb9bdafc6e5e6670f914d3d1bb4
This patchset renames the tox.ini jobs:
* coverage => cover
* lint => pep8
* unit => py35
to comply with OpenStack standards [0].
[0] e.g. 04469a5181/tox.ini (L119)
Change-Id: I1a542c5e36f29d3788df8a5ebdce3cbe49ab4046