Commit Graph

24 Commits

Author SHA1 Message Date
Sergiy Markin 2f2455f0d1 Restored ubuntu_bionic image build
This PS restores image build for ubuntu_bionic and adds appropriate
gates to keep it tested by appropriate functional and integrational
tests.

Change-Id: I8ef524a1f66f1a88593a18334b8c37c4db0175c6
2023-05-25 22:53:15 +00:00
Sergiy Markin 32ad8a96b0 [focal] Python modules sync with Airship project
- uplifted/downgraded some python modules
- fixed falcon.API deprecation - -> falcon.App
- uplifted deckhand reference for python deps
- fixed formatting style  using yapf linter
- added bindep role and bindep.txt file with required deps
- fixed quai docker image publishing
- re-enabled openstack-tox-py38 gate job

Change-Id: I0e248182efad75630721a1291bc86a5edc79c22a
2023-04-21 06:09:14 +00:00
Wahlstedt, Walter (ww229g) 8ce937a9f7 updates for focal
add focal dockerfile
update zuul jobs for focal
update tox for tox4 changes
update all requirements to latest and match deckhand
update cfssl from R1.2 to v1.6.3
fixed local gates for focal
updated examples promenade manifests to run on focal

Change-Id: I2af4043784766d36588c6f738053ad66e7b89a90
2023-02-27 12:11:07 -05:00
Phil Sphicas c7e72942a9 Remove hyperkube extraction functionality
The extraction of the monolithic hyperkube binary from its container
image to be used as kubelet was last relevant in Kubernetes 1.16. Since
then, the hyperkube image has been deprecated, the structure of the
image has been changed, and it has ultimately been eliminated in
Kubernetes 1.19.

This change cleans up promenade accordingly.

Reverts the following commits:
* 886007b New CLI option to extract hyperkube
* 32a6c15 hyperkube image in promenade init
* 955deed New source for hyperkube binary definition

Change-Id: Ib62ecdf1af13abe8202a4ba4f86c39b9042ed13f
2021-02-11 17:23:32 +00:00
Rick Bartra 9853fcfbee fix - pep8 and image build gates
This commit updates the Pegleg pep8 gate to use Ubuntu 18.04 (bionic) as
the base Ubuntu image for the job. Upstream CI has a community goal to
use Ubuntu 20.04 (focal) which defaults to python3.8. By moving to
python3.8, some of the pip packages need to be updated but until pip
conflicts are resolved, it is difficult to do so.

Additionally, update the deb-docker path to fix the docker image build
jobs.

Change-Id: I263c646f9fbf14cb65267df586c524de3da2878f
2020-09-22 08:42:40 -05:00
Alexander Hughes bd8a62b2c3 Fix image build checks missing setuptools
Use apt to install python3-pip, and use pip3 in event system has
both pip2 and pip3 installed. Use apt to install setuptools for
Ansible's consumption.

Change-Id: Idd1ce284298fd4574adf60180d5dc691aacaf6d4
Signed-off-by: Alexander Hughes <Alexander.Hughes@pm.me>
2020-06-17 08:19:28 -04:00
anthony.bellino 0e8b5cfe59 Uplift Promenade image to address CVEs
The current Promenade image is vulnerable to several CVEs:
CVE-2019-3462
CVE-2018-16865
CVE-2018-16864

Which Ubuntu 16.04/18.04 addresses.
This patchset makes the following changes:
1. Adds new distro specific dockerfiles for xenial/bionic.
2. Updates gates to be specific about the ubuntu image being
   checked.
3. Updates .zuul.yaml checks/gates/post jobs for xenial/bionic.
4. Updates build-image.sh docker build for specific dockerfile
   specified in config.sh (IMAGE_PROMENADE_DISTRO).

Change-Id: I89e5297a3baa8c2d2c142e5e29932476fc628398
2020-05-28 16:09:40 +00:00
KHIYANI, RAHUL (rk0850) 41c5bb8e23 Promenade: Add Docker default AppArmor profile to controller_manager anchor
Also added AppArmor to promenade genesis gates in order to test apparmor changes
to promenade charts

Change-Id: Ib393306dabf40ef9817072aaa9824c22e60626dc
2020-02-04 22:52:27 +00:00
Egorov, Stanislav 66cb4d2367 containerd support
Introduced new name for the field to define package that has files
which will be used as runtime for UCP containers.

Prepared set of yaml files as an example of containerd usage.

Prepared zuul job to use containerd in simple deployment.

Change-Id: Ifc82a505d064c4f13efccfd92ffc336a510220bf
2019-11-20 16:31:30 -08:00
Doug Aaser 4773f86dd5 Add debug reporting to genesis gate
This patch adds a post-run step to the genesis gate to allow for easier
debugging of failed gate runs
This patch also brings the genesis gate HostSystem configuration up to
date with the proper schema as defined here:

aea0c9d1e9

Change-Id: Iccd971010217709fc3f1047f64fc22e9829b2f36
2019-11-20 19:50:22 +00:00
Zuul c326f87c25 Merge "New CLI option to extract hyperkube" 2019-09-13 18:39:15 +00:00
Roman Gorshunov d12927a156 Fix: Promenade Exceptions docs rendering on RTD
Readthedocs failed to render Promenade exceptions with error:
> WARNING: autodoc: failed to import exception 'xxx' from module
> 'promenade'; the following exception was raised: No module
> named 'falcon'

Trying to add Promenade requirements to the installed requirements list,
so that Readthedocs has all modules, including those needed for the
Promenade itself.

Unify docs building by utilizing Zuul docs-on-readthedocs template job.

Cosmetic readability changes:
1. combined all Makefile .PHONY targets into one
2. merged multiple LABEL instructions in Dockerfile into one

Change-Id: I731ee3426a631fa765f13ba7091dcb4b9ebd0353
2019-08-27 22:57:15 +02:00
Egorov, Stanislav (se6518) 886007b36e New CLI option to extract hyperkube
New option --extract-hyperkube to declare the way how hyperkube
will be delivered.

By default this option is disabled which means hyperkube should be
extracted before running promenade container for the first time.

When it's enabled the appropriate env vars should be set for
promenade container to be able to extract hyperkube binary from image.

Change-Id: I2c45100e1e953d859d768ec80f268bd490ce3a81
2019-07-15 20:21:34 +00:00
rajesh.kudaka 856b6132fa Add deploy promenade gate check
Change-Id: I47b448234f95b157e55bf649310d1ebd71abc7c0
2019-06-11 04:53:20 -05:00
Drew Walters 93a839f588 CI: Add chart build job for latest Helm toolkit
This commit introduces a non-voting job to lint Helm charts against the
latest version of Helm toolkit from OpenStack-Helm Infra. This job
should serve as an indicator of when it's safe to advance the version of
Helm toolkit used by Airship.

Additionally, this commit modifies all Helm chart lint jobs to run on
each commit, regardless of the files modified by a change. This should
not introduce a noticeable difference in CI runtime, as these jobs
execute quicker than the tox jobs.

Change-Id: I0b38ef3388629b88ea6d6f88eabdc2d7f5f69a3b
2019-05-07 20:03:22 +00:00
Scott Hussey 66ab47386f (zuul) Fix image publish job
- Fix issue in post pipeline image publish job introduced
  by Ansible update.

Change-Id: I23d8621901e225fb7b134b276156f248720b248f
2019-04-03 14:54:48 -05:00
Matt McEuen 7c9b2253f1 Updating Docker Gate use of zuul.newrev
- Zuul updated ansible to 2.7, no longer uses missing variables.
- Using an if to try and address.

Based on Aaron Sheffield's PS for Pegleg:
https://review.openstack.org/#/c/645631/

Change-Id: I6cf52a2b9c804c29cc727ad60d45c05a8450c9e9
2019-03-22 12:07:48 -05:00
Roman Gorshunov 02c5f2943e Fix: git commit id labels on images
1) Use OCI Image Specs for labels instead of custom 'commit-id=xxxxx'
   or legacy "Label Schema"
2) Fix missing git commit id labels on images (.revision)
3) Add human-readable title (.title) of the image, URL (.url), and
   a few other properties (annotations) according to the latest Specs
4) Unify docker-image-build.yaml playbook with other Airship-*
   components

Change-Id: I89afed3bf6a1f9fa92391d605bb6b3c871e58126
2018-09-21 03:31:13 +02:00
Mark Burnett ee10b894bf Enable gate shell linting
This enables linting the various supporting shell scripts for the gate
during the unit test job.

Change-Id: I95dc098a602b2ae6807165d3d08c1cb57ba0c702
2018-08-29 08:13:59 -05:00
Gage Hugo f60f6d7a85 Consolidate pep8/bandit zuul gating
This change adds the global zuul pep8 tox job, which runs both
bandit and pep8 using tox. This also removes the two other airship
specific lint-pep8 and bandit zuul jobs since they are both covered
by the default openstack global one.

Also cleaned up the tox.ini by moving the requirements into the
test-requirements.txt file.

Change-Id: Iccf6228ab9e6d621d3047994b3adc192d67273c9
2018-08-21 12:57:02 -05:00
Jerome Brette 5232d17a2a Update Dockerfile to allow override of FROM variable
l is to let user customize the base image of the component
by passing FROM=myimage during the build process. This would let any
project leveraging Airship ensure that the base image is matching the
security requirements for that project and still use the same Dockerfile.
This will also ease the control of the /etc/apt/source.list
and thereby the result of apt-get update/upgrade procedure.
2. The above goal is achievable by using docker-ce feature such as:
ARG FROM="defaultbaseimage:xx"
FROM ${FROM}
For this reason, the installation of docker.io in the Zuul gating is beeing
replaced by docker-ce.
3. Third Goal is to bring consistency with the other compoenents leveraging
Helm such as the openstack-helm and potentially use bindep the same way
the LOCI images are to ensure
4. The new syntax in the Dockerfile is still commented out until the associated
image builder have been updated to use docker-ce as they have been for the LOCI
images.

Change-Id: Ie5ae836221dc3cb9bdafc6e5e6670f914d3d1bb4
2018-07-24 21:11:35 +00:00
Scott Hussey 68faf5a5f6 (zuul) Update docker publish to quay.io
- Use quay.io for publishing images
- Add debug output to image build

Change-Id: I00408cc981b400cefcb4b7c4e598274b86d5fb52
2018-06-07 18:05:05 -05:00
Felipe Monteiro ed65d983f7 [trivial] Rename tox jobs for zuul
This patchset renames the tox.ini jobs:

* coverage => cover
* lint => pep8
* unit => py35

to comply with OpenStack standards [0].

[0] e.g. 04469a5181/tox.ini (L119)

Change-Id: I1a542c5e36f29d3788df8a5ebdce3cbe49ab4046
2018-06-06 15:12:54 +00:00
Scott Hussey 59a03d5997 (zuul) Add basic gating
- Add gate for PEP8 linting
- Add gate for Helm chart linting
- Add gate for Bandit security scanning
- Add gate for document generation
- Add gate for unit tests

Change-Id: I7a9358a021dd3268eeede134fbcd68f791b83472
2018-06-01 08:48:42 -05:00