Since Zuul 4.7.0:
> The following attributes are now ignored:
>
> * The ``report-build-page`` tenant configuration setting.
> * The ``success-url`` job attribute.
> * The ``failure-url`` job attribute.
Remove `success-url` from all jobs.
Change-Id: I66a03cbf2939d95f31781e7e1ff332699a752f99
Recent ansible-lint releases have started complaining about
"name[play]: All plays should be named." throughout the playbooks in
this repository regardless of whether the commit changes them. This
may be a new difference in how ansible-lint decides which files
should be checked, but it's unclear from the release notes whether
this was intentional or a regression.
Change-Id: I906e889ad2ee50bcdacf7d5e8e0c0895df00e562
Without this conditional, the package install was being attempted
on Centos systems. This needs to merge first to unblock further
testing.
Change-Id: I6fab2b1b85ed544096bb3206ecb9c4d5bc391f0d
The enable-fips role has been refactored to support both centos/rhel and
Ubuntu.
In addition, for the Ubuntu tasks, a small role is added to enable a
Ubuntu Advantage subscription. This is required because Ubuntu requires
a subscription to enable FIPS. This role takes a subscription key as a
parameter (ubuntu_ua_token.token).
In Openstack, this is provided by the openstack-fips job in
openstack/project-config, which will be the base job for OpenStack jobs.
This job will provide the ubuntu_ua_token.token.
Change-Id: I47a31f680172b47584510adb672b68498a85bd32
Currently this no_logs the entire selection and delete loop, which is
probably maximal efficiency but makes it very hard to debug on failure
(which we are seeing). This extracts the list creation and uri call
so we can see the tags it is trying to delete.
Change-Id: I93fd19aedaa9fc328a1a347986a5f0c20439d476
Change Ibc84e4f3fb18331ff6e2eb01037254be65dc53f5 removed the {{ from
this, which Ansible does warn about. However it then started failing.
Upon local testing, I could see
The conditional check 'ansible_date_time.iso8601 |
regex_replace('^(....-..-..)T(..:..:..).*Z', '\\1 \\2') |
to_datetime' failed. The error was: time data '\\x01 \\x02' does not
match format '%Y-%m-%d %H:%M:%S
So for whatever reason, without the surrounding {{ }} the
regex_replace is getting turned into the string "\\1 \\2" -- not the
first and second results of the match. Double quoting seems to fix
this.
Change-Id: I689385a3eb8b9ce373ff579c72cd29e46ebcaf8b
These build tests are all running on Bionic for no particular reason
other than it was recent at the time; update them to Jammy.
Because Jammy appears to have a too old systemd to properly support
podman and non root continers [0] our image builds don't work by
default. We need to override the cgroup manager to cgroupfs which is
less than ideal but should be functional.
[0] https://github.com/containers/podman/issues/7650
Change-Id: I18c56aea776e9ef102fe9020db592fb04df372e2
This currently tags the image for the temporary container with
change_change_12345 (note extra change_). I think this was just a
typo introduced with I8eb7d2baa24905e7aac51fce0b2f9b1f24f037f9, which
was updating the tags for periodic pipelines.
Change-Id: I0ce0e475e325907f9ecd46b86c7cc4a655f4a1d3
This warns about pulling unversioned things from git as it is not
idempotent. Ignore in this case.
Change-Id: I3eb58fb1ee12a82223c63f19e591d908f45cfacc
Use pipefail in some shell commands. In this case I don't think we
can really be fooled, but not a bad idea to fail if the first command
errors.
Change-Id: I25750c4edfe815af9e9d9ee47639b315e7133aa2
This adds names to blocks and includes for consistency. We've done
this before (e.g. Ia7e490aaba99da9694a6f3fdb1bca9838221b30a) but I
guess 6.12.0 is finding more...
Change-Id: Ib451f6d3c5a18047873e63aa0a1aa2b425846fec
These all trigger command-instead-of-shell for ansible-lint 6.12.0.
It seems a few were ignored with warnings with
I4e415cbd34f0f4cb15857051bf95458e0316de86.
I don't see why these can't be command: for consistency
Change-Id: Ib0f590b461d2a5a7d9bb8bdddcbbfb2230cc3d1c
This is currently failing as buildx is incomaptible with the old
version of skopeo.
Switch to jammy nodes and install an updated skopeo for testing.
Change-Id: I40b9134200bcbbbe469acab3aedbea2eaf4c0f14
To test current buildx we need a later skopeo that understands the OCI
manifest formats. c.f. the zuul-executor image updates with
Iab667a92a5b6e6f8591db2aa435a782913d9d34f.
A recent enough version (1.9) isn't packaged for any LTS distros. So
add an upstream option, but it's only implemented (for now) on Jammy,
where we will test with it.
Change-Id: I206a3cbfb16575f409771d96c2b7e49929e61a49
Upstream docker-ce recently released version 23.0.0. This version
appears to depend on apparmor but does not explicitly pull it in.
Not having apparmor results in these errors:
error: exec: "apparmor_parser": executable file not found in $PATH.
Fix this by adding the apparmor package to the list of packages we
install from the distro for docker. Opensuse also uses apparmor but we
don't support installing docker from upstream on opensuse so we don't
need to make changes to opensuse just Debuntu.
Additionally, buildx appears to have been split out into its own package
now and we need to install it explicitly in order for multiarch CI
builds to be successful.
Change-Id: I7b6fd895f58de9e052af8efca27b9ed4bfac7036
The recent release of ansible-compat, which is pulled in by
ansible-lint, has dropped support for Ansible < 2.12. This was pinned
by I233fae8c9036d295968a97ee80e07fde8846c633 and it's not really clear
to me why the upper-bound was added then.
I think we can just uncap this? It doesn't match Zuul at the moment
anyway which is Ansible 6 (2.13).
Also, since the first revision of this change, ansible-lint 6.12.0
came out. We are not ready for it, so we need to squash a cap for it
into this change to unbreak the gate.
[1] https://github.com/ansible/ansible-compat/releases/tag/v3.0.0
Change-Id: I901769a133ab3cf68fe314940cd359e54dfd5353
It seems likely that new versions of buildx are uploading manifests in
the OCI manifest format, which needs to be explicitly accepted in the
headers.
Change-Id: Ie2b908b7019389087ea37058bed15760619e48c6
This enables microk8s/containerd to pull through the intermediate zuul
registry. This is tested with the new
zuul-jobs-test-registry-buildset-registry-k8s-microk8s job.
Change-Id: I5a6c0d63a6ba0acf94ab9f0ef94777fab58fec6e
Add microk8s support to the ensure-kubernetes role. This installs via
a snap, and is currently only implemented for Ubuntu Jammy.
Mostly this is a straight-forward installation. I did notice though
it needs a little more time to be stable in the test, so the timeout
is bumped slightly.
microk8s is the Ubuntu "blessed" way of doing things. This should be
a better choice for Ubuntu platforms, because minikube is tightly tied
to cri-o, which is only packaged through kubic, which is currently in
some sort of deprecated but best-effort supported mode [1]. This was
inspired by an outage where the kubic gpg expired. This appears fixed
now.
[1] https://kubic.opensuse.org/blog/2022-06-10-kubic-retired/
Change-Id: Id3e31c70a35dde218e35e7c50964f8a3c0348150
This is a no-op change for the current setup, but the URL is required
to build config files for containerd passthrough setup in a follow-on
change.
Change-Id: Iacbb08a6bf4a22bb6b91ffa781267a5eda106d48
The kubernetes + docker jobs are failing because the ensure-kubernetes
role no longer works with the docker runtime. It will be updated to
use microk8s in a later change, and we will deprecate its use with
docker.
Change-Id: Ia0a6d470ddfe594810ad761ed3494884f56cdb46
Some projects are converting from tox to nox for driving tests. This
means there isn't a tox env to find testr/stestr in. Update
fetch-subunit-output to look for nox envs as well.
Change-Id: I051c4b27d22921f1f0c3a44dc4eaccdbb50afa29
The previous change added a bunch of tox v4 compatiblity, now we switch
to as our default. This should only happen after people have had
sufficient time to add tox v4 compatibility or manually pin back to <4
in their projects.
Change-Id: I16742fb933dba2162a73d532e1a9613af69021aa
