This is a direct dependency of python3-kubernetes 30.1.0 that is
already merged here https://review.opendev.org/c/starlingx/root/+/947651
Tests:
PASS: Create tox env locally.
Run cmd "tox --notest -epep8 -c distributedcloud/tox.ini"
for repo distributedcloud exactly same as this failed
zuul run.
https://zuul.opendev.org/t/openstack/build/b4d12dda281b463280c20266aa18d233
Command run successfully (pep8 succeeds).
Story: 2011413
Task: 51997
Change-Id: I380be128b999276061c8dfb242b6bfb930aeb554
Signed-off-by: Kaustubh Dhokte <kaustubh.dhokte@windriver.com>
While fetching the debs if the patch-build script can't find one of the
packages listed in "stx_packages" field or in "binary_packages" it will
fail instead of building the patch without it.
I have included two small changes in this review too:
- Removed print() call in line 129
- Improved debug description in line 97
Test plan:
PASS - Build patch with a non-existent package in "stx_packages"
see if error message is displayed.
PASS - Build patch with existent package in "stx_packages" see if
no error message is displayed.
PASS - Build patch with a non-existent package in "binary_packages"
see if error message is displayed.
PASS - Build patch with existent package in "binary_packages" see if
no error message is displayed.
Closes-bug: 2107493
Change-Id: Ia63638729a860f2bd9b6f6ea55763aea90dba992
Signed-off-by: Dostoievski Batista <dostoievski.albinobatista@windriver.com>
Update notificationservice-base-v2 tag to stx.11.0-v2.3.2
Update notificationservice-base tag to stx.11.0-v2.2.6
Update locationservice-base tag to stx.11.0-v2.2.4
Update notificationclient-base tag to stx.11.0-v2.3.1
This commit updates images that includes recent changes [1]
regarding to overall sync-state behavior and CVE fixes.
[1] 1f736e33fe
Test Plan:
Pass: Deployed ptp-notification using the target image versions and
verified basic operation (get status, subscribe, push notification,
delete, list)
Story: 2011370
Task: 51965
Change-Id: I3bf5c313a37a2bb65ff26c33b1c2520e6f5c9486
Signed-off-by: Tara Nath Subedi <tara.subedi@windriver.com>
This reverts commit 6efadc1683a95f49c528e074d9155cafa39c66db.
Reason for revert: Original repo is back
Change-Id: Ia1216166f7319231baeafd3b41fcf875e3b8df9c
Git repo containing spice-html5 source code [1] is down for maintenance
until Mar 22, which is breaking our builds. Use its github mirror
instead [2].
NOTE: the official mirror documented on freedesktop.org appears to
empty, so we use [2] instead.
TESTS
===================
* Verify the tag referenced by Loci, spice-html5-0.1.6, points to the
same revision in github mirror, as in the original git repo
* Build stx-loci image
[1] https://gitlab.freedesktop.org/spice/spice-html5
[2] https://github.com/freedesktop-unofficial-mirror/spice__spice-html5.git
Signed-off-by: Davlet Panech <davlet.panech@windriver.com>
Change-Id: Idfa31b664adddeafc2a632e70b729e842dde964c
This image has been updated with ceph v19.2.1,
which will be the new version used in rook-ceph.
Test Plan:
- PASS: Build the rook-ceph app using the 'src_build_tag'
reference in stx-ceph-manager deployment.
- PASS: Access the stx-ceph-manager pod and check
the ceph version
- PASS: Check the pod logs to verify if there
are any errors
Story: 2011372
Task: 51751
Change-Id: I6b30276f82fb359c325a6b97f52a8e11908d6b5f
Signed-off-by: Ítalo Vieira <italo.gomesvieira@windriver.com>
Changed some hardcoded values so they can take
values from env variables and made the old values
into the default ones.
Test plan:
pass - set up build env containers
Partial-Bug: 2101877
Change-Id: Ie59ae16ded26931e938a853f1d4fab4abfc4891f
Signed-off-by: Leonardo Fagundes Luz Serrano <Leonardo.FagundesLuzSerrano@windriver.com>
Binary package lists [1] currently support arbitrary URLs for the
packages we need to download, but there's a problem in the downloader
in that it assumes that basename of such URLs follows a standard naming
convention, ie <name>_<version>_<arch>.deb.
This fix allows us to specify any file name in such URLs. Downloader
will now save the deb file using the above convention, rregardles of how
the file name is spelled in the original source URL.
[1] https://opendev.org/starlingx/tools/src/branch/master/debian-mirror-tools/config/debian/common/base-bullseye.lst
TESTS
========================
* Clean mirrors/ directory, run downloader with and without this patch.
Make sure it produces the same files before and after.
* Add this new package to base-bullseye.lst:
bao 2.1.0 https://github.com/openbao/openbao/releases/download/v2.1.0/bao_2.1.0_linux_amd64.deb
* Re-run downloader (it fails due to file name discrepancy)
* Re-run downloader with this patch andm make sure the file is
processed correctly
Story: 2010055
Task: 51735
Signed-off-by: Davlet Panech <davlet.panech@windriver.com>
Change-Id: I4cd31e065e371545052dd3c5ed20779445a8f004
This change adds the python3-setuptools-scm to the Dockerfile of the
wheel builder container.
Test plan:
- Clean $MY_WORKSPACE/std/build-wheels-debian-stable and run
build-wheel-tarball.sh.
Closes-bug: 2099909
Change-Id: Icbc29dc000fb13c8fd0e6b031eb53af9de31fc21
Signed-off-by: Dostoievski Batista <dostoievski.albinobatista@windriver.com>
In a previous commit [1], the script was changed to use 7z
for extracting contents from the input ISO. This was done
because the main alternative was using 'mount', which
requires sudo privileges.
Unfortunately, 7z does not handle ownership and permissions [2],
and keeping them unchanged is required.
This commit changes the script back to using 'mount'
for extracting input ISO contents. This also means running it
now requires sudo privileges.
Ref:
[1] 4f69113d93
[2] https://linux.die.net/man/1/7z
Test Plan:
pass - Generate a pre-patched ISO and check that the permissions
on the output iso are the same as the ones in the input.
Closes-Bug: 2098385
Change-Id: I1e5e1f8ecdb94cafb577dcfe3651a1717abe19c7
Signed-off-by: Leonardo Fagundes Luz Serrano <Leonardo.FagundesLuzSerrano@windriver.com>
When fetching the debs to be part of the patch we filter them based on
debian_iso_image.inc. That is not always correct as some packages may
need to be part of the patch but is not part of any
debian_iso_image.inc. This change allow us to add packages to the patch
that are explicitly listed in the patch recipe.
Test plan:
PASS - Build patch with packages not present in debian_iso_image.inc
PASS - Build patch with packages present in debian_iso_image.inc
Closes-Bug: 2098403
Change-Id: I1825f38190746f0c0743582e5df56d6479d0c8b2
Signed-off-by: Dostoievski Batista <dostoievski.albinobatista@windriver.com>
This commit updates the image to include oidc-auth-armada-app changes
regarding to dependency updates and CVE fixes.
Test Plan:
PASS: Build a local docker stx-oidc-client image.
PASS: Load this new image into a sx
PASS: Modify the oidc-auth-apps helm-charts to use this image instead
and rebuild the oidc-auth-apps.
PASS: Upload and apply oidc-auth-apps. oidc should be applied
successfully.
PASS: Check if the stx-oidc-client deployment is using the new
created image with the command: kubectl -n kube-system get deployment
stx-oidc-client -o yaml
PASS: Once oidc-auth-apps in applied status, perform oidc-auth-apps
test by creating a user, apply rolebiding and authenticate it
using oidc-auth command, check if the new user can send k8s
commands based on its roles.
PASS: Try to authenticate using the Remote CLI method, should work
PASS: Try to authenticate using the WEB Method by accessing the url
https://<OAM_IP>:30555, you should be served with a webpage and be
able to authenticate through oidc as well.
Story: 2011328
Task: 51660
Change-Id: I1adafa9a824d7fd79a458e238413e72634f5ffab
Signed-off-by: Joaci Morais <joaci.demorais@windriver.com>
This update is to pick recent fix for RabbitMQ endpoint, cause
of crashes at pod startup. The fix was delivered in the
following commit:
fc05f7fb44
Update the tags for the following images:
notificationservice-base:stx.11.0-v2.2.5
notificationservice-base-v2:stx.11.0-v2.3.1
Test plan:
Pass: Deployed ptp-notification using the target image versions and
verified basic operation (get status, subscribe, push notification,
delete, list)
Closes-bug: 2097136
Change-Id: I11868dbd266bdd40143968b6b8b2a9e9748c57fb
Signed-off-by: Andre Mauricio Zelak <andre.zelak@windriver.com>
This update modifies the stable-wheels.cfg file to support building the
stx-horizon Docker image for the stable/2024.1 branch of Horizon.
Test Plan:
- PASS: Manually remove existing wheels and build a new wheels tarball
- PASS: Successfully build the stx-horizon Docker image
- PASS: Override stx-horizon tags as expected
- PASS: Apply stx-openstack with image overrides
Story: 2011303
Task: 51502
Change-Id: I1e5204375603db8126080283bd292c273f33cb76
Signed-off-by: Mateus Nascimento <mateus.soaresdonascimento@windriver.com>
(cherry picked from commit efc140de5f1468354f26ef880fafeea2c32f444d)
Requirements were already updated by a previous change [1].
This change updates stable-wheels.cfg file to fix the build of the stx-neutron and stx-placement docker images. This is required to build such images using OPENSTACK_2024.1 (Caracal) code.
Test Plan:
PASS - Manually remove the python wheels and build
the new wheels tarball
PASS - Build base stx-debian image
PASS - Build stx-neutron docker image
PASS - Build stx-placement docker image
PASS - Override stx-neutron and stx-placement tags
PASS - Apply STX-O with image overrides
Story: 2011303
Task: 51502
Relates-to: https://review.opendev.org/c/starlingx/openstack-armada-app/+/939711
[1] https://review.opendev.org/c/starlingx/root/+/938292/
Change-Id: I117dc52303674173378a3cc2632f9a2be4b3c3f3
Signed-off-by: vrochalo <vinicius.rochalobo@windriver.com>
Co-authored-by: msoaresd <mateus.soaresdonascimento@windriver.com>
(cherry picked from commit 8339817b8041cd63b383cf3116748156669d1b84)
Requirements were already updated by a previous change [1].
This change updates stable-wheels.cfg file to fix the build of the stx-heat, stx-cinder, stx-glance and stx-keystone docker images. This is required to build such images using OPENSTACK_2024.1 (Caracal) code.
Test Plan:
PASS - Manually remove the python wheels and build
the new wheels tarball
PASS - Build base stx-debian image
PASS - Build stx-heat docker image
PASS - Build stx-cinder docker image
PASS - Build stx-glance docker image
PASS - Build stx-keystone docker image
PASS - Load built Docker images to registry.local and apply stx-openstack
Story: 2011303
Task: 51502
Relates-to: https://review.opendev.org/c/starlingx/openstack-armada-app/+/939711
[1] https://review.opendev.org/c/starlingx/root/+/938292/
Change-Id: Iedebf34d526cb4f91eee6ce597c926296293303f
Signed-off-by: Jose Claudio <joseclaudio.paespires@windriver.com>
(cherry picked from commit 85ea8c53cf6e9e02eb687f96dfe32207eb524018)
As part of openstack upversion from Antelope to Caracal the Openstack
requirements must be update. For this, the following commits were
selected from branch stable/2024.1 of the openstack/requirements repos
[1]:
- upper-contrainsts.txt: c1cde0f897
- global-requirements.txt: 2f72094e9b
The stable-wheels.cfg was also updated to match the new requirements
and make it possible to proceed with the work on openstack images
upversioning. New changes in wheels config can be necessary throughout
the caracal upversioning.
[1] https://opendev.org/openstack/requirements/src/branch/stable/2024.1/
Test Plan:
PASS - Manually remove the python wheels and build
the new wheels tarball
PASS - Build base stx-debian image
PASS - Build stx-o docker images
PASS - Load those Docker images to a lab registry and apply stx-openstack
Story: 2011303
Task: 51502
Change-Id: Ib42b43621e89986866f410e29817bfc2da5a9b17
Signed-off-by: giuliamelao <giulia.depaulamelao@windriver.com>
Co-authored-by: vrochalo <vinicius.rochalobo@windriver.com>
Co-authored-by: msoaresd <mateus.soaresdonascimento@windriver.com>
(cherry picked from commit 33b5687056ebf0a7c75bbeb8ed67861588aba6b6)
Changes in the dependencies defined in the
upstream client packages may have created
a new circular dependency between the novaclient
and openstackclient packages.
This change is necessary to allow openstack to be
built without circular dependency errors with the
novaclients and openstackclients.
This change is needed to support:
https://review.opendev.org/c/starlingx/openstack-armada-app/+/937801
Test plan:
PASS build-pkgs -c -l openstack
Closes-Bug: 2092540
Change-Id: I1d41d1445c6a574e81b3974c821b14b2c3d2e3a4
Signed-off-by: vrochalo <vinicius.rochalobo@windriver.com>
(cherry picked from commit 944f9846856d8796b8ef9a04853c1b9da8142618)
With the introduction of the custom manifests
update [1], a new bug was found when third-party
packages were added to the project scope. This
new feature was ignoring all custom manifests
that were not part of the official build,
causing errors to happen when such packages
were used
[1] https://review.opendev.org/c/starlingx/root/+/938481
Test Plan:
- PASS: Build package with specific custom manifest
directory (/custom-manifests)
- PASS: Execute build-helm-charts.sh
- PASS: Compare diffs between official and merged manifests
- PASS: Apply generated tarball
- PASS: Execute any commands related to the third-party
package
Closes-Bug: 2095498
Change-Id: Id212e7dd63d7a6013f572a8c217fde6f1b663f9c
Signed-off-by: jbarboza <joaopedro.barbozalioneza@windriver.com>
(cherry picked from commit 3618d3046a5f1f2d897570754b465413b1920b5e)
StarlingX build tools consume excessive cpu and io which can starve
non-build services, including kubernetes and calico. This results in
timeouts, restarts, and general instability of calico and kubernetes
which in turn can the build to fail. This affect is observed on the
main StarlingX build server.
The major build steps should employ 'nice' and 'ionice' to ensure
that critical services on the build host are not starved for cpu or io.
Depends-On: https://review.opendev.org/c/starlingx/tools/+/939799
Closes-bug: 2095512
Change-Id: Ib904fb28d403c958c10311d5940cc96c752728b4
Signed-off-by: Scott Little <scott.little@windriver.com>
Some references to remote ostree repos were being left
in the ostree repo config of the output ISO, causing
problems when manipulating it during install and runtime.
Added a remote refs removal step.
Test Plan:
pass: input ostree repo without remotes
pass: input ostree repo with remotes
pass: pre-patched ISO ostree repo configs do not include
the ostree remotes used for building the ISO
pass: Testpatch applied on pre-patched ISO
Story: 2011318
Task: 51562
Change-Id: I02957c19a1238b5ca947c22b201cd48614527faf
Signed-off-by: Leonardo Fagundes Luz Serrano <Leonardo.FagundesLuzSerrano@windriver.com>
Added a feature where the user may provide a secondary ISO
along with a list of ISO contents which should be taken
from this second ISO instead of the first.
For instance, if all output ISO contents should be taken from
the first ISO, but a folder named "kickstart" must be taken from
a second ISO, the user may run:
<script> -i <iso_A> -si <iso_B> -sc kickstart -p <patch> -o <iso_out>
In addition, some extensive re-factoring has been made on the
majority of the script now that the requirements for it
have stabilized. More logging has been added as well.
Test Plan:
pass: Generated ISO using as inputs:
- Only a base ISO and a patch
- Added a secondary ISO and secondary contents,
and confirmed output ISO content matches selection
- Custom base ostree repo
pass: Dummy jenkins pipeline
pass: Install and Unlock with output ISO
Story: 2011318
Task: 51505
Change-Id: I6ecc6eab3149ca1d05d53ac3591f5a96abca5270
Signed-off-by: Leonardo Fagundes Luz Serrano <Leonardo.FagundesLuzSerrano@windriver.com>
When running the apt-ostree to generate the commit for the prepatched
ISO we can use the gpg key from the LAT container to sign the commit.
This change allow us to choose when we want to do this with the
argument '--sign-gpg'.
Test plan:
PASS: Run create-prepatched-iso without --sign-gpg, test full
install of AIO-SX.
PASS: Run create-prepatched-iso with --sign-gpg, test full install
of AIO-SX.
PASS: Run patch-iso sub-job from patch pipeline.
Story: 2010676
Task: 51485
Change-Id: I90650c5550c812955fa57baae3044c89e427a34d
Signed-off-by: Dostoievski Batista <dostoievski.albinobatista@windriver.com>
This change now allows the user to specify the ostree repository he
wishes to use as base for the pre-patched ISO.
Test plan:
PASS: Build pre-patched ISO with default ostree repository
PASS: Build pre-patched ISO with specific ostree repository
Partial-Bug: 2090871
Change-Id: I52845b2a633b30f3407a3e2a65edd2ba088b63c7
Signed-off-by: Dostoievski Batista <dostoievski.albinobatista@windriver.com>
When adding patches to the pre-patched ISO some may have the following
precheck scripts: "deploy-precheck" and "upgrade_utils.py".
With this change they will be copied to the upgrades folder inside the
pre-patched ISO.
Test plan:
PASS: Build pre-patched ISO with one patch
PASS: Build pre-patched ISO with more than one patch
Partial-Bug: 2090871
Change-Id: I10186da0cea59b0f8a6560b0d7c77df2abaf19ab
Signed-off-by: Dostoievski Batista <dostoievski.albinobatista@windriver.com>
When re-naming the metadata file inside the pre-patched ISO, we should
use the value of the "component" element together with the "sw_version"
value.
Test plan:
PASS: Build pre-patched ISO with one patch
PASS: Build pre-patched ISO with more than one patch
Partial-Bug: 2090871
Change-Id: Ic3f190748dddeff380bc3a236f03ebd200c350a3
Signed-off-by: Dostoievski Batista <dostoievski.albinobatista@windriver.com>
Updated image with the new fixes since the last build
Story: 2011266
Task: 51421
Change-Id: Iacb5c9a06cc7329a63fc6381a2ca7ef382b34881
Signed-off-by: Gustavo Ornaghi Antunes <gustavo.ornaghiantunes@windriver.com>
Update the following app-sriov-fec-operator image tags:
sriov-fec-operator:stx.10.0-v2.9.0-1
sriov-fec-labeler:stx.10.0-v2.9.0-1
sriov-fec-daemon:stx.10.0-v2.9.0-1
Test Plan:
PASS: Install the application and override the values of the probe
environment variables, then verify that both the daemonset
and the controller are respecting the changes.
PASS: Validate basic application lifecycle operations:
upload/apply/remove/delete.
Closes-Bug: #2087998
Change-Id: I7c18f6c0fd4f0fa9ac515a43ef2bccb1bba2dad9
Signed-off-by: Thiago Miranda <tmarques@windriver.com>
This change add the option --remote-sign for the patch-builder script
allowing the user to send the patch to a remote signing server, get the
it signed and download it signed.
Test plan:
PASS: Build patch without signing it remotely
PASS: Build patch signing it remotely
Story: 2010676
Task: 51341
Change-Id: I59631ea81f05133f47aa3036f6c9f29e1a02b9c2
Signed-off-by: Dostoievski Batista <dostoievski.albinobatista@windriver.com>
This feature introduces support for creating local
custom manifest files without losing visibility
of new updates. It ensures flexibility for local
customization while maintaining alignment
with official changes
Test Plan:
- PASS: Build package with specific custom manifest
directory (/custom-manifests)
- PASS: Execute build-helm-charts.sh
- PASS: Compare diffs between official and merged manifests
Change-Id: Ifbdb14e30e8ecccba6b6f7a93ce0914247c7c71d
Signed-off-by: jbarboza <joaopedro.barbozalioneza@windriver.com>
Updated image with the new fixes since the last build
Story: 2011279
Task: 51326
Change-Id: I207c90c7e0fab4ad03a9c9a5af860237c77dc209
Signed-off-by: Gustavo Ornaghi Antunes <gustavo.ornaghiantunes@windriver.com>
This change adds the option 'activation scripts' to the patch recipe,
allowing the user to add one or multiples scripts that will be copied to
the patch and added to the metadata.
Test plan:
PASS - Create patch with one activation script, check if file is on
patch and check value in the patch's metadata.
PASS - Create patch with multiple activation scripts, check if files
are inside the patch and check values in the patch's metadata.
PASS - Create patch without any activation script, check if files
are inside the patch and check if value in the patch's metadata.
PASS - Check if patch-builder fails when patch recipe doesn't have
activate script element.
Story: 2010676
Task: 51239
Change-Id: I7073f59dfd7eefa0986a39fd70d4207bb437c9ba
Signed-off-by: Dostoievski Batista <dostoievski.albinobatista@windriver.com>
