This PS bumps up Airflow version to the latest
2.8.2 and also bumps up openstack dependences to
Antelope 2023.1
Change-Id: I1ab801527dacb7c667caf1d459d71f9df522cef6
This PS updates python modules and code to match Airflow 2.6.2
- bionic py36 gates were removed
- python code corrected to match new modules versions
- selection of python modules versions was performed based on
airflow-2.6.2 constraints
- a new pegleg validation gate was created based on airskiff deploy
pipeline from treasuremap v1.9
Change-Id: Icc96deb0b745eaab7a19d83b00aad909dcd28c25
Allows to use envsubst utility within pegleg container.
Signed-off-by: Ruslan Aliev <raliev@mirantis.com>
Change-Id: I7733854253f3d4a6f9367678d93da9d4056e9535
This PS restores image build for ubuntu_bionic and adds appropriate
gates to keep it tested by appropriate functional and integrational
tests.
Change-Id: Id31d97ced8732d823937fb1f218e7ad8760d735c
This PS delivers focal version of Pegleg image and has the following updates:
- removed release-notes-jobs-python3 gate job because of incompartibility with Sphinx from current requirements
- added focal gate node and switched gates to use it
- added bindep.txt file into project root
- added bindep role into gate jobs
- added ubuntu_focal dockerfile for building focal pegleg image
- switched tox profiles to py38
- uplifted references to shipyard_client, promenade and deckhand projects
- resolved required dependencies conflicts by weakening constraints in Pipfile
- updated tox profile update-requirements for generate requirements.txt and test-requirements.txt
- generated new Pipfile.lock, requirements.txt and test-requirements.txt from Pipfile
- switched tox profiles to use requirements.txt and test-requirements.txt instead of pipenv because of upstream zuul nodes Pypi mirrorring issue
- updated reference to seaworthy site certificates in treasuremap repo
- fixed unit tests issues caused by pytest/mock updates and new openssl version
- fixed focal docker image publishing issue
- added multiprocessing into coverage tests running process
- made unit and coveraget tests more verbosive
Change-Id: I5c4c519dc725cfb8c7b4e14756347c9336028aff
Uplift promenade to include:
https://review.opendev.org/c/airship/promenade/+/855432
Small typo. The extra trailing newline disappeared when I added
the comment.
Also removing dependency on gitdb, as it conflicts with gitdb2
which seems to be required.
Change-Id: I8fb9413bf3bf46a68b88635c76b9192e1f9f8b21
Uplift promenade to include the following patchset:
Ensure haproxy.cfg ends with newline to support Haproxy
versions >=2.3
https://review.opendev.org/c/airship/promenade/+/854466
Change-Id: Ifecfd093220226ece45fdb62ec6cb48c6b8732d0
* disable python 35, leave only 36
* switch to bionic nodeset only
* update requirements.txt, Pipfile and lock
Signed-off-by: Ruslan Aliev <raliev@mirantis.com>
Change-Id: Ia3c4df9d1f39f0f2cebf8ba0d89aebc5eec6f674
Unit tests are failing for check_pki_certs against airsloop, since those
certs are expiring in less than 60 days.
This change updates the reference to a commit with regenerated certs.
Change-Id: Ib1ea40a37eef14c2df44b8446fdbcfcd0e345a95
Shpinx incorrectly claims it wants docutils >=0.18 but that is an error
and older versions fail with that, as mentioned here:
https://github.com/sphinx-doc/sphinx/issues/9841
Additionally, the repo URL for OpenSUSE 15.3 python has changed.
Change-Id: I9bee6cf3ad7aaba80a44f2bd2f917b16c776c0d7
Uplift the embedded version of Promenade to produce a genesis bundle
with updated validation script and pod templates.
Relevant changes:
* Remove log-test pod if validation succeeds [0]
* Update tolerations and priority classes [1]
Full list of changes in Promenade since the last uplift:
* e4d9d99 Update charts to use stable Kubernetes APIs
* e14854b Update HTK stable commit (Ingress)
* 0890626 Update tolerations and priority classes
* e43b6f0 Remove log-test pod if validation succeeds
* 2f823c6 Helm 3: Fix Job labels
[0] https://review.opendev.org/c/airship/promenade/+/814471
[1] https://review.opendev.org/c/airship/promenade/+/814486
Change-Id: I19d790aca9d3f8f23c07e88d5bdb314686fe5528
Updates Pegleg to include the latest Promenade updates.
List of Pegleg changes since the previous uplift:
* 7692b36 Kubelet warning fix
* 183b977 Fix deprecated warning in Promenade controller-manager chart
* 1401664 Fix deprecated warning in Promenade apiserver chart
* 9da1262 Add configMap to proxy chart
Change-Id: I3f36c1575de4c748edc1c640ba9b66b59ca3de26
Remove default pip.conf as some packages are
not availablei from the mirror and cause
the image build jobs to fail.
Change-Id: I125360952190a4dc5cfb98647cd94dcf506f9b71
Updates Pegleg to include the latest Promenade updates, including
changes to support Kubernetes v1.20.
Complete list of Pegleg changes since the previous uplift:
* 06254b3 CoreDNS: Uplift to 1.7.0
* ae6782b Kubernetes: Uplift to v1.20.5
* 5cf854e CoreDNS: Migrate Corefile to version 1.6.4
* 9533be3 Add required apiserver serviceaccount flags
* f3febea Gate stability improvements
* 300a399 apiserver(-webhook): Allow fileless kube-apiserver command_options
Change-Id: I61fb95e0d35bb10b6f22f4dd1cff79a6d5f92df4
Uplift the Promenade commit to pick up a change that disables the
kube-apiserver insecure-port in the Armada bootstrap pod. [0]
List of Promenade changes since the last uplift:
* fd9f3d6 Stop using kube-apiserver insecure-port
* ef66d10 Remove TaintBasedEvictions feature gate references
* c6b62ff apiserver(-webhook): Allow volume overrides
* 27f181a Add configmap-etc-hash to apiserver anchor
* a57158d Disable kubernetes-etcd anchor cleanup in gates
0: https://review.opendev.org/c/airship/promenade/+/784016
Change-Id: Idfb28343b7ab3a69b420f3a63ef0d42a5259a84f
Uplifts promenade to the latest verson. Notably, this removes support
for kubelet extraction from the hyperkube image (which has not been
possible since Kubernetes v1.16).
Complete list of promenade changes since the last uplift:
* 5bb5886 Uplift Kubernetes to v1.19.7
* 023e7d4 Uplift etcd to v3.4.13
* e2324e7 Remove remaining hyperkube references
* 5323ca2 Deploy with standalone kubernetes images
* c7e7294 Remove hyperkube extraction functionality
* 0307391 Update cleanup.sh developer script
Change-Id: I51766a1b9fb8bb2e86f60370625a2bb81fd9e8f6
Uplifts promenade to a version that supports specifying a direct url as
the source for a file in the HostSystem and Genesis schema.
Complete list of promenade changes since the last uplift:
* c9862e5 Allow url as source of file to be deployed to host
* d161528 Avoid calico-etcd crashloop
* 77c7624 Fix ubuntu_xenial build (use pip <21.0)
* 630e504 Update to container image repo k8s.gcr.io
* 5e70957 Merge "Makefile; clean should include .tox"
* 946a28d Use HostToContainer mountPropagation
* f29d6df Ignore upstream chart repos when installing Helm
* 2f2a872 Makefile; clean should include .tox
* 922e3b2 Uplift HTK for etcd backup/restore delete archive capability
* de9f841 kube-apiserver: disable http2
Change-Id: Ia054136956d0a6c3ac24ae1658085a62157427ea
pip 21.0 requires Python >= 3.6. [0]
The latest official python3 package for xenial is 3.5.1-3 [1]
Until we stop building xenial images, ensure that an older pip version
is used.
0: https://pypi.org/project/pip/21.0/
1: https://packages.ubuntu.com/xenial/python3
Change-Id: I6a51ae5b9e3222ca404c7ccd7dea1209b20ce8fd
The PEGLEG_PASSPHRASE and PEGLEG_SALT environment variables are used to
generate the fernet key for encryption and decryption of site documents,
and the global passphrase and salt are used to generate the fernet key
for global documents.
This change caches the resulting fernet keys to avoid recalculating them
for each document that needs to be encrypted or decrypted, resulting in
a small time savings.
Change-Id: I7b7e77a4740e7abb54efce2fcb3cca6d84a9d7d4
Some operators may have externally managed certificates that do not
conform to the originally expected certificate pattern of
---BEGIN CERTIFICATE-----
foo
-----END CERTIFICATE-----
and may instead include additional information on the subject/issuer. In
these cases the current regex will fail to load certs that can be parsed
with the existing cfssl command. Addressing this by tightening up the
regex prior to trying to obtain certificate information.
Change-Id: Ief9993632718caa46b52761b49a97621f134ca53
Signed-off-by: Alexander Hughes <Alexander.Hughes@pm.me>
Adding in note under environment variables that PROMENADE_ENCRYPTION_KEY environment variable is required
Change-Id: I52c24608b2ecf61cbeea693ccbae1d2dd081ac29
When pip is upgraded to 20.3, the pip dependency resolver is much more
strict and will no longer install a combination of packages that is mutually
inconsistent[0].
These changes account for the fact that Pegleg imports Shipyard, Promenade,
and Deckhand. Having said that, with pip 20.3, the pip packages amongst
those projects cannot conflict. A follow-up change may be needed if more
conflicts are found.
[0] https://pip.pypa.io/en/latest/user_guide/#changes-to-the-pip-dependency-resolver-in-20-2-2020
Change-Id: Iedf7227c468d678430a5525a2d71d22ce210c557
Patch PyYAML (via the pylibyaml library) to automatically enable the
LibYAML parser and emitter, which are faster than the Python versions.
https://pypi.org/project/pylibyaml/
Change-Id: Ic48d2234ca3107404d9f883ca6038a12ca06a408
Updates Dockerfiles to build the LibYAML library, which can provide much
faster YAML parsing and emitting than the native Python library.
https://pyyaml.org/wiki/LibYAML
Change-Id: I4cd48d5d5b5dddc44c88e9e08e405db96359ea6f