diff --git a/.zuul.d/base.yaml b/.zuul.d/base.yaml index ae7cb1be36..ebd1f7897f 100644 --- a/.zuul.d/base.yaml +++ b/.zuul.d/base.yaml @@ -51,12 +51,6 @@ LfDhCLDD3VtnVOrj4UxZsjzmPbday1fziua/7f+CXsShC5erz0ZM65rMCwkjWeI6Kc63A 0M27tl+OWHO3KkfFR4tWc3dws3r1kYjQeds0adBHyYD0eL8SJfwZkbtojAQ1JM= -- nodeset: - name: kolla-centos8 - nodes: - - name: primary - label: centos-8 - - nodeset: name: kolla-centos8-stream nodes: @@ -75,12 +69,6 @@ - name: primary label: debian-buster -- nodeset: - name: kolla-centos8-aarch64 - nodes: - - name: primary - label: centos-8-arm64 - - nodeset: name: kolla-centos8-stream-aarch64 nodes: diff --git a/.zuul.d/centos.yaml b/.zuul.d/centos.yaml index 374cffd7ee..ceba808e59 100644 --- a/.zuul.d/centos.yaml +++ b/.zuul.d/centos.yaml @@ -2,75 +2,34 @@ - project: check: jobs: - - kolla-build-centos8-binary - - kolla-build-centos8-source - kolla-build-centos8s-binary - kolla-build-centos8s-source - - kolla-ansible-centos8-source - - kolla-ansible-centos8-binary - - kolla-ansible-centos8-source-upgrade - kolla-ansible-centos8s-source - kolla-ansible-centos8s-binary - kolla-ansible-centos8s-source-upgrade check-arm64: jobs: - - kolla-build-centos8-source-aarch64 - kolla-build-centos8s-source-aarch64 gate: queue: kolla jobs: - - kolla-build-centos8-source - kolla-build-centos8s-source - - kolla-ansible-centos8-source - - kolla-ansible-centos8-source-upgrade - kolla-ansible-centos8s-source - kolla-ansible-centos8s-source-upgrade periodic: jobs: - - kolla-publish-centos8-source-quay - - kolla-publish-centos8-binary-quay - kolla-publish-centos8s-source-quay - kolla-publish-centos8s-binary-quay periodic-weekly: jobs: - - kolla-publish-centos8-source-dockerhub - - kolla-publish-centos8-binary-dockerhub - kolla-publish-centos8s-source-dockerhub - kolla-publish-centos8s-binary-dockerhub release: jobs: - - kolla-publish-centos8-source-dockerhub - - kolla-publish-centos8-binary-dockerhub - kolla-publish-centos8s-source-dockerhub - kolla-publish-centos8s-binary-dockerhub experimental: jobs: - - kolla-build-no-infra-wheels-centos8-source - - kolla-ansible-centos8-source-bifrost: - files: ^docker\/(base|bifrost|openstack-base)\/.* - # Test rabbitmq & mariadb changes in multinode ceph jobs. - - kolla-ansible-centos8-source-ceph-ansible: - files: ^docker\/(base|cinder|glance|mariadb|openstack-base|rabbitmq)\/.* - - kolla-ansible-centos8-source-upgrade-ceph-ansible: - files: ^docker\/(base|cinder|glance|mariadb|openstack-base|rabbitmq)\/.* - - kolla-ansible-centos8-source-zun: - files: ^docker\/(base|cinder|etcd|iscsid|kuryr|openstack-base|zun)\/.* - - kolla-ansible-centos8-source-scenario-nfv: - files: ^docker\/(base|barbican|heat|mistral|openstack-base|redis|tacker)\/.* - - kolla-ansible-centos8-source-ironic: - files: ^docker\/(base|dnsmasq|ironic|ironic-inspector|iscsid|openstack-base)\/.* - - kolla-ansible-centos8-source-swift: - files: ^docker/(base|openstack-base|glance|swift)/ - - kolla-ansible-centos8-source-mariadb: - files: ^docker/(base|mariadb)/ - - kolla-ansible-centos8-source-masakari: - files: ^docker/(base|masakari)/ - - kolla-ansible-centos8-source-ovn: - files: ^docker/(base|neutron|openstack-base|openvswitch|ovn)/ - - kolla-ansible-centos8-source-prometheus-efk: - files: ^docker/(base|elasticsearch|grafana|kibana|prometheus)/ - - kolla-ansible-centos8-source-kvm: - files: ^docker/nova/ - kolla-ansible-centos8s-source-bifrost: files: ^docker\/(base|bifrost|openstack-base)\/.* # Test rabbitmq & mariadb changes in multinode ceph jobs. @@ -97,15 +56,6 @@ - kolla-ansible-centos8s-source-kvm: files: ^docker/nova/ -- job: - name: kolla-build-centos8-binary - parent: kolla-base - nodeset: kolla-centos8 - voting: false - vars: - base_distro: centos - install_type: binary - - job: name: kolla-build-centos8s-binary parent: kolla-base @@ -117,17 +67,6 @@ base_tag: stream8 install_type: binary -- job: - name: kolla-publish-centos8-binary-dockerhub - parent: kolla-build-centos8-binary - post-run: tests/playbooks/publish.yml - vars: - publisher: true - kolla_registry: dockerhub - kolla_namespace: kolla - secrets: - - kolla_dockerhub_creds - - job: name: kolla-publish-centos8s-binary-dockerhub parent: kolla-build-centos8s-binary @@ -139,17 +78,6 @@ secrets: - kolla_dockerhub_creds -- job: - name: kolla-publish-centos8-binary-quay - parent: kolla-build-centos8-binary - post-run: tests/playbooks/publish.yml - vars: - publisher: true - kolla_registry: quay.io - kolla_namespace: openstack.kolla - secrets: - - kolla_quay_io_creds - - job: name: kolla-publish-centos8s-binary-quay parent: kolla-build-centos8s-binary @@ -161,14 +89,6 @@ secrets: - kolla_quay_io_creds -- job: - name: kolla-build-centos8-source - parent: kolla-base - nodeset: kolla-centos8 - vars: - base_distro: centos - install_type: source - - job: name: kolla-build-centos8s-source parent: kolla-base @@ -179,29 +99,12 @@ base_tag: stream8 install_type: source -- job: - name: kolla-build-centos8-source-aarch64 - parent: kolla-build-centos8-source - nodeset: kolla-centos8-aarch64 - voting: false - - job: name: kolla-build-centos8s-source-aarch64 parent: kolla-build-centos8s-source nodeset: kolla-centos8-stream-aarch64 voting: false -- job: - name: kolla-publish-centos8-source-dockerhub - parent: kolla-build-centos8-source - post-run: tests/playbooks/publish.yml - vars: - publisher: true - kolla_registry: dockerhub - kolla_namespace: kolla - secrets: - - kolla_dockerhub_creds - - job: name: kolla-publish-centos8s-source-dockerhub parent: kolla-build-centos8s-source @@ -213,17 +116,6 @@ secrets: - kolla_dockerhub_creds -- job: - name: kolla-publish-centos8-source-quay - parent: kolla-build-centos8-source - post-run: tests/playbooks/publish.yml - vars: - publisher: true - kolla_registry: quay.io - kolla_namespace: openstack.kolla - secrets: - - kolla_quay_io_creds - - job: name: kolla-publish-centos8s-source-quay parent: kolla-build-centos8s-source @@ -234,11 +126,3 @@ kolla_namespace: openstack.kolla secrets: - kolla_quay_io_creds - -- job: - name: kolla-build-no-infra-wheels-centos8-source - parent: kolla-build-no-infra-wheels-base - nodeset: kolla-centos8 - vars: - base_distro: centos - install_type: source diff --git a/doc/source/admin/image-building.rst b/doc/source/admin/image-building.rst index 1e51e135ed..069f67e2d6 100644 --- a/doc/source/admin/image-building.rst +++ b/doc/source/admin/image-building.rst @@ -78,14 +78,6 @@ See the :ref:`support matrix ` for information on supported base image distribution versions and supported images on each distribution. -The Victoria release supports both CentOS 8 Linux and CentOS 8 Stream base -container images. The default is to use CentOS 8 Linux. CentOS 8 Stream -may be used as follows: - -.. code-block:: console - - kolla-build --base centos --base-image quay.io/centos/centos --base-tag stream8 - It is possible to build only a subset of images by specifying them on the command line: diff --git a/doc/source/support_matrix.rst b/doc/source/support_matrix.rst index 87a6cfa1bb..364f3ccf0f 100644 --- a/doc/source/support_matrix.rst +++ b/doc/source/support_matrix.rst @@ -19,10 +19,14 @@ The following base container images are supported: CentOS 7 is no longer supported as a base container image. The Train release supports both CentOS 7 and 8 images, and provides a route for migration. +.. note:: + + CentOS 8 is no longer supported since it has been marked as End of Life + and repositories have been removed from CentOS mirrors. + =============== ============ =============================== ================ Distribution Default base Default base image Default base tag =============== ============ =============================== ================ -CentOS 8 Linux centos centos 8 CentOS 8 Stream centos quay.io/centos/centos stream8 Debian Buster debian debian 10 RHEL 8 rhel rhel 8 diff --git a/docker/base/Dockerfile.j2 b/docker/base/Dockerfile.j2 index 37e08409d2..188f6d2aab 100644 --- a/docker/base/Dockerfile.j2 +++ b/docker/base/Dockerfile.j2 @@ -92,12 +92,14 @@ COPY dnf.conf /etc/dnf/dnf.conf {% elif base_arch == 'aarch64' %} {% set base_yum_repo_files = [ 'elasticsearch.repo', + 'erlang-solutions.repo', 'grafana.repo', 'rabbitmq_rabbitmq-server.repo', 'td.repo', ] %} {% set base_yum_repo_keys = [ + 'https://packages.erlang-solutions.com/rpm/erlang_solutions.asc', 'https://packages.grafana.com/gpg.key', 'https://github.com/rabbitmq/signing-keys/releases/download/2.0/rabbitmq-release-signing-key.asc', ] %} @@ -213,6 +215,8 @@ RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial 'centos-ceph-nautilus', 'centos-opstools', 'centos-rabbitmq-38', + 'epel', + 'epel-modular', ] %} {% if base_arch == 'x86_64' %} @@ -361,17 +365,18 @@ COPY apt_preferences /etc/apt/preferences.d/kolla-custom 'F77F1EDA57EBB1CC', 'F6609E60DC62814E', ] %} - {% set remote_apt_keys = [ + {% set base_remote_apt_keys = [ 'https://packages.grafana.com/gpg.key', 'https://repos.influxdata.com/influxdb.key', ] %} {% elif base_distro == 'debian' %} {% set base_apt_keys = [ '46095ACC8548582C1A2699A9D27D666CD88E42B4', + 'F1656F24C74CD1D8', 'F77F1EDA57EBB1CC', 'F6609E60DC62814E', ] %} - {% set remote_apt_keys = [ + {% set base_remote_apt_keys = [ 'https://download.docker.com/linux/debian/gpg', 'https://packages.grafana.com/gpg.key', 'http://buster-ussuri.debian.net/debian/dists/pubkey.gpg', @@ -391,7 +396,7 @@ COPY apt_preferences /etc/apt/preferences.d/kolla-custom {%- if not loop.last %} \ {% endif -%} {% endfor %} - {% for key in remote_apt_keys | customizable('remote_apt_keys') %} + {% for key in base_remote_apt_keys | customizable('remote_apt_keys') %} {%- if loop.first %} RUN {% else %} && {% endif %}curl {{ key }} | apt-key add - {%- if not loop.last %} \ {% endif -%} diff --git a/docker/base/erlang-solutions.repo b/docker/base/erlang-solutions.repo new file mode 100644 index 0000000000..4adbe680fc --- /dev/null +++ b/docker/base/erlang-solutions.repo @@ -0,0 +1,6 @@ +[erlang-solutions] +name=erlang-solutions +baseurl=https://packages.erlang-solutions.com/rpm/centos/$releasever/$basearch +gpgcheck=1 +gpgkey=https://packages.erlang-solutions.com/rpm/erlang_solutions.asc +enabled=0 diff --git a/docker/base/set_configs.py b/docker/base/set_configs.py index 0cb0e414c6..e624f29ba8 100644 --- a/docker/base/set_configs.py +++ b/docker/base/set_configs.py @@ -20,6 +20,7 @@ import os import pwd import shutil +import stat import sys @@ -369,6 +370,15 @@ def set_perms(path, uid, gid, perm): perm = ''.join([perm[:1], 'o', perm[1:]]) perm = int(perm, base=0) + # Ensure execute bit on directory if read bit is set + if os.path.isdir(path): + if perm & stat.S_IRUSR: + perm |= stat.S_IXUSR + if perm & stat.S_IRGRP: + perm |= stat.S_IXGRP + if perm & stat.S_IROTH: + perm |= stat.S_IXOTH + try: os.chmod(path, perm) except OSError: diff --git a/docker/cinder/cinder-volume/Dockerfile.j2 b/docker/cinder/cinder-volume/Dockerfile.j2 index f95cfb6844..74e8c56b23 100644 --- a/docker/cinder/cinder-volume/Dockerfile.j2 +++ b/docker/cinder/cinder-volume/Dockerfile.j2 @@ -23,7 +23,9 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% elif base_package_type == 'deb' %} {% set cinder_volume_packages = [ + 'lsscsi', 'nfs-common', + 'nvme-cli', 'sysfsutils', 'python3-rtslib-fb', 'targetcli-fb', diff --git a/docker/collectd/Dockerfile.j2 b/docker/collectd/Dockerfile.j2 index d991827dc3..6f8e93ad5d 100644 --- a/docker/collectd/Dockerfile.j2 +++ b/docker/collectd/Dockerfile.j2 @@ -30,10 +30,8 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build 'collectd-dbi', 'collectd-disk', 'collectd-dns', - 'collectd-dpdk_telemetry', 'collectd-generic-jmx', 'collectd-ipmi', - 'collectd-libpod-stats', 'collectd-log_logstash', 'collectd-logparser', 'collectd-mcelog', @@ -47,7 +45,6 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build 'collectd-procevent', 'collectd-python', 'collectd-sensors', - 'collectd-sensubility', 'collectd-smart', 'collectd-snmp', 'collectd-snmp-agent', @@ -57,7 +54,6 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build 'collectd-write_http', 'collectd-write_kafka', 'collectd-write_prometheus', - 'python3-sqlalchemy-collectd' ] %} {% if base_arch in ['x86_64', 'ppc64le'] %} @@ -69,18 +65,13 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% if base_arch =='x86_64' %} {% set collectd_packages = collectd_packages + [ 'collectd-hugepages', + 'collectd-pcie-errors', 'collectd-pmu', 'collectd-rdt', 'collectd-turbostat' ] %} {% endif %} - {% if base_arch != 's390x' %} - {% set collectd_packages = collectd_packages + [ - 'collectd-pcie-errors' - ] %} - {% endif %} - {% endif %} {{ macros.install_packages(collectd_packages | customizable("packages")) }} diff --git a/docker/ironic/ironic-pxe/Dockerfile.j2 b/docker/ironic/ironic-pxe/Dockerfile.j2 index 700c4dfced..8236de6fbe 100644 --- a/docker/ironic/ironic-pxe/Dockerfile.j2 +++ b/docker/ironic/ironic-pxe/Dockerfile.j2 @@ -25,15 +25,19 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% if base_arch != 's390x' %} {% set ironic_pxe_packages = ironic_pxe_packages + [ 'grub2-tools', - 'grub2-efi-aa64-modules' + 'grub2-efi-*64', + 'grub2-efi-aa64-modules', + 'shim-*64', ] %} {% endif %} {{ macros.install_packages(ironic_pxe_packages | customizable("packages")) }} {% elif base_package_type == 'deb' %} {% set ironic_pxe_packages = [ + 'grub-efi-*64-signed', 'ipxe', 'pxelinux', + 'shim-signed', 'syslinux-common', 'tftpd-hpa' ] %} @@ -42,10 +46,6 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% set ironic_pxe_packages = ironic_pxe_packages + [ 'syslinux' ] %} - {% elif base_arch == 'aarch64' %} - {% set ironic_pxe_packages = ironic_pxe_packages + [ - 'grub-efi-arm64' - ] %} {% endif %} {{ macros.install_packages(ironic_pxe_packages | customizable("packages")) }} diff --git a/docker/ironic/ironic-pxe/extend_start.sh b/docker/ironic/ironic-pxe/extend_start.sh index 44f101bb0b..739ace15e0 100644 --- a/docker/ironic/ironic-pxe/extend_start.sh +++ b/docker/ironic/ironic-pxe/extend_start.sh @@ -1,7 +1,8 @@ #!/bin/bash -function prepare_pxe { +# For x86 legacy BIOS boot mode +function prepare_pxe_pxelinux { chown -R ironic: /tftpboot for pxe_file in /var/lib/tftpboot/pxelinux.0 /var/lib/tftpboot/chain.c32 /usr/lib/syslinux/pxelinux.0 \ /usr/lib/syslinux/chain.c32 /usr/lib/PXELINUX/pxelinux.0 \ @@ -12,32 +13,60 @@ function prepare_pxe { done } +# For UEFI boot mode +function prepare_pxe_grub { + if [[ "${KOLLA_BASE_DISTRO}" =~ debian|ubuntu ]]; then + shim_src_file="/usr/lib/shim/shim*64.efi.signed" + grub_src_file="/usr/lib/grub/*-efi-signed/grubnet*64.efi.signed" + elif [[ "${KOLLA_BASE_DISTRO}" =~ centos|rhel ]]; then + shim_src_file="/boot/efi/EFI/centos/shim*64.efi" + grub_src_file="/boot/efi/EFI/centos/grub*64.efi" + fi + + if [[ "${KOLLA_BASE_ARCH}" == "x86_64" ]]; then + shim_dst_file="bootx64.efi" + grub_dst_file="grubx64.efi" + elif [[ "${KOLLA_BASE_ARCH}" == "aarch64" ]]; then + shim_dst_file="bootaa64.efi" + grub_dst_file="grubaa64.efi" + fi + + cp $shim_src_file /tftpboot/$shim_dst_file + cp $grub_src_file /tftpboot/$grub_dst_file +} + function prepare_ipxe { + # NOTE(mgoddard): Ironic uses snponly.efi as the default for + # uefi_ipxe_bootfile_name since Xena. In Wallaby and earlier releases it + # was ipxe.efi. Ensure that both exist, using symlinks where the files are + # named differently to allow the original names to be used in ironic.conf. if [[ "${KOLLA_BASE_DISTRO}" =~ debian|ubuntu ]]; then cp /usr/lib/ipxe/{undionly.kpxe,ipxe.efi} /tftpboot + # NOTE(mgoddard): The 'else' can be removed when snponly.efi is + # available in Jammy 22.04. + if [[ -f /usr/lib/ipxe/snponly.efi ]]; then + cp /usr/lib/ipxe/snponly.efi /tftpboot/snponly.efi + elif [[ ! -e /tftpboot/snponly.efi ]]; then + ln -s /tftpboot/ipxe.efi /tftpboot/snponly.efi + fi elif [[ "${KOLLA_BASE_DISTRO}" =~ centos|rhel ]]; then cp /usr/share/ipxe/{undionly.kpxe,ipxe*.efi} /tftpboot + if [[ ! -e /tftpboot/ipxe.efi ]]; then + ln -s /tftpboot/ipxe-${KOLLA_BASE_ARCH}.efi /tftpboot/ipxe.efi + fi + if [[ ! -e /tftpboot/snponly.efi ]]; then + ln -s /tftpboot/ipxe-snponly-${KOLLA_BASE_ARCH}.efi /tftpboot/snponly.efi + fi fi } # Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases # of the KOLLA_BOOTSTRAP variable being set, including empty. if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then - prepare_pxe + prepare_pxe_pxelinux + prepare_pxe_grub prepare_ipxe exit 0 fi -if [[ -d /usr/lib/grub/arm64-efi ]]; then - modules="boot chain configfile efinet ext2 fat gettext help hfsplus loadenv \ - lsefi normal part_gpt part_msdos read search search_fs_file search_fs_uuid \ - search_label terminal terminfo tftp linux" - - if [[ "${KOLLA_BASE_DISTRO}" =~ debian|ubuntu ]]; then - grub-mkimage -v -o /tftpboot/grubaa64.efi -O arm64-efi -p "grub" $modules - elif [[ "${KOLLA_BASE_DISTRO}" =~ centos|rhel ]]; then - grub2-mkimage -v -o /tftpboot/grubaa64.efi -O arm64-efi -p "EFI/centos" $modules - fi -fi - . /usr/local/bin/kolla_httpd_setup diff --git a/docker/kolla-toolbox/Dockerfile.j2 b/docker/kolla-toolbox/Dockerfile.j2 index fa66b838de..9d3296ed49 100644 --- a/docker/kolla-toolbox/Dockerfile.j2 +++ b/docker/kolla-toolbox/Dockerfile.j2 @@ -14,12 +14,17 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {{ macros.configure_user(name='ansible') }} {{ macros.configure_user(name='rabbitmq') }} -{{ macros.enable_extra_repos(['rabbitmq', 'erlang']) }} +{% if base_arch == 'aarch64' %} +{{ macros.enable_extra_repos(['epel']) }} +{% endif %} + +{{ macros.enable_extra_repos(['erlang', 'openvswitch', 'powertools', 'rabbitmq']) }} {% if base_package_type == 'rpm' %} {% set kolla_toolbox_packages = [ 'crudini', + 'erlang-23.*', 'gcc', 'gdisk', 'git', @@ -34,19 +39,8 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build 'openssl-devel', 'openvswitch', 'python3-devel', - ] %} - - {% if base_arch == 'aarch64' %} - {% set kolla_toolbox_packages = kolla_toolbox_packages + [ - 'erlang-22.*', - 'rabbitmq-server-3.8.14' - ] %} - {% else %} - {% set kolla_toolbox_packages = kolla_toolbox_packages + [ - 'erlang-23.*', - 'rabbitmq-server-3.8.*' - ] %} - {% endif %} + 'rabbitmq-server-3.8.*' + ] %} {% elif base_package_type == 'deb' %} {% set kolla_toolbox_packages = [ diff --git a/docker/magnum/magnum-base/Dockerfile.j2 b/docker/magnum/magnum-base/Dockerfile.j2 index 14024b6ace..981ea679f6 100644 --- a/docker/magnum/magnum-base/Dockerfile.j2 +++ b/docker/magnum/magnum-base/Dockerfile.j2 @@ -32,6 +32,7 @@ RUN ln -s magnum-base-source/* magnum \ && {{ macros.install_pip(magnum_base_pip_packages | customizable("pip_packages")) }} \ && mkdir -p /etc/magnum \ && cp -r /magnum/etc/magnum/* /etc/magnum \ + && mv /etc/magnum/keystone_auth_default_policy.sample /etc/magnum/keystone_auth_default_policy.json \ && chown -R magnum: /etc/magnum {% endif %} diff --git a/docker/manila/manila-share/Dockerfile.j2 b/docker/manila/manila-share/Dockerfile.j2 index 04ddbf4ec5..68e8534557 100644 --- a/docker/manila/manila-share/Dockerfile.j2 +++ b/docker/manila/manila-share/Dockerfile.j2 @@ -22,6 +22,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% set manila_share_packages = [ 'manila-share', 'ceph-common', + 'glusterfs-client', 'python3-cephfs', 'python3-rados', 'python3-rbd', @@ -42,6 +43,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% elif base_package_type == 'deb' %} {% set manila_share_packages = [ 'ceph-common', + 'glusterfs-client', 'python3-cephfs', 'python3-rados', 'python3-rbd', diff --git a/docker/nova/nova-base/Dockerfile.j2 b/docker/nova/nova-base/Dockerfile.j2 index 7cf5cd50ca..67400baea7 100644 --- a/docker/nova/nova-base/Dockerfile.j2 +++ b/docker/nova/nova-base/Dockerfile.j2 @@ -56,7 +56,8 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% if base_package_type == 'rpm' %} {% set nova_base_packages = [ - 'openvswitch' + 'openvswitch', + 'python3-openvswitch' ] %} {% if base_arch == 'x86_64' %} {% set nova_base_packages = nova_base_packages + [ @@ -79,7 +80,8 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build 'iptables', 'openssh-client', 'openvswitch-switch', - 'python3-libvirt' + 'python3-libvirt', + 'python3-openvswitch' ] %} {% if base_arch == 'x86_64' %} {% set nova_base_packages = nova_base_packages + [ diff --git a/docker/nova/nova-compute-ironic/Dockerfile.j2 b/docker/nova/nova-compute-ironic/Dockerfile.j2 index b978e23996..1c5d7be37a 100644 --- a/docker/nova/nova-compute-ironic/Dockerfile.j2 +++ b/docker/nova/nova-compute-ironic/Dockerfile.j2 @@ -7,13 +7,12 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% import "macros.j2" as macros with context %} -{% set nova_compute_ironic_packages = ['genisoimage'] %} +{% set nova_compute_ironic_packages = ['genisoimage', 'nvme-cli'] %} {% if install_type == 'binary' %} {% if base_package_type == 'rpm' %} {% set nova_compute_ironic_packages = nova_compute_ironic_packages + [ - 'nvme-cli', 'openstack-nova-compute' ] %} {{ macros.install_packages(nova_compute_ironic_packages | customizable("packages")) }} diff --git a/docker/nova/nova-compute/Dockerfile.j2 b/docker/nova/nova-compute/Dockerfile.j2 index 724fda8713..79d3457e40 100644 --- a/docker/nova/nova-compute/Dockerfile.j2 +++ b/docker/nova/nova-compute/Dockerfile.j2 @@ -14,13 +14,14 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% set nova_compute_packages = [ 'ceph-common', + 'cyrus-sasl-md5', + 'cyrus-sasl-scram', 'device-mapper-multipath', 'e2fsprogs', 'genisoimage', 'iscsi-initiator-utils', 'ndctl', 'nfs-utils', - 'nvme-cli', 'openstack-nova-compute', 'openvswitch', 'parted', @@ -39,7 +40,9 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build ] %} {% endif %} -{{ macros.install_packages(nova_compute_packages | customizable("packages")) }} +{{ macros.install_packages(nova_compute_packages | customizable("packages")) }} \ + && dnf remove -y linux-firmware \ + && dnf clean all {% elif base_package_type == 'deb' %} @@ -49,11 +52,13 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build 'e2fsprogs', 'genisoimage', 'ironic-common', + 'libsasl2-modules-gssapi-mit', 'multipath-tools', 'nfs-common', 'nova-compute', - 'openvswitch-switch', + 'nvme-cli', 'open-iscsi', + 'openvswitch-switch', 'parted', 'pmdk-tools', 'python3-cephfs', @@ -63,6 +68,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build 'python3-rados', 'python3-rbd', 'python3-rtslib-fb', + 'sasl2-bin', 'sysfsutils', 'targetcli-fb', 'xfsprogs' @@ -86,6 +92,8 @@ RUN rm -f /etc/nova/nova-compute.conf {% set nova_compute_packages = [ 'ceph-common', + 'cyrus-sasl-md5', + 'cyrus-sasl-scram', 'device-mapper-multipath', 'dosfstools', 'e2fsprogs', @@ -94,6 +102,7 @@ RUN rm -f /etc/nova/nova-compute.conf 'libosinfo', 'ndctl', 'nfs-utils', + 'nvme-cli', 'openvswitch', 'parted', 'python3-libguestfs', @@ -112,6 +121,10 @@ RUN rm -f /etc/nova/nova-compute.conf ] %} {% endif %} +{{ macros.install_packages(nova_compute_packages | customizable("packages")) }} \ + && dnf remove -y linux-firmware \ + && dnf clean all + {% elif base_package_type == 'deb' %} {% set nova_compute_packages = [ @@ -120,8 +133,10 @@ RUN rm -f /etc/nova/nova-compute.conf 'e2fsprogs', 'genisoimage', 'libosinfo-bin', + 'libsasl2-modules-gssapi-mit', 'multipath-tools', 'nfs-common', + 'nvme-cli', 'open-iscsi', 'parted', 'pmdk-tools', @@ -132,6 +147,7 @@ RUN rm -f /etc/nova/nova-compute.conf 'python3-rbd', 'python3-rtslib-fb', 'qemu-utils', + 'sasl2-bin', 'sysfsutils', 'targetcli-fb', 'xfsprogs' @@ -151,11 +167,11 @@ RUN rm -f /etc/nova/nova-compute.conf ] %} {% endif %} -RUN mkdir -p /etc/ceph +RUN mkdir -p /etc/ceph \ + && {{ macros.install_packages(nova_compute_packages | customizable("packages"), chain=True) }} {% endif %} -{{ macros.install_packages(nova_compute_packages | customizable("packages")) }} {% set nova_compute_pip_packages = [ 'oslo-vmware' diff --git a/docker/nova/nova-libvirt/Dockerfile.j2 b/docker/nova/nova-libvirt/Dockerfile.j2 index 5613d9d9c0..96abfa7dcb 100644 --- a/docker/nova/nova-libvirt/Dockerfile.j2 +++ b/docker/nova/nova-libvirt/Dockerfile.j2 @@ -15,6 +15,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% set nova_libvirt_packages = [ 'ceph-common', + 'cyrus-sasl-md5', 'cyrus-sasl-scram', 'libguestfs', 'libvirt-client', @@ -40,6 +41,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% set nova_libvirt_packages = [ 'ceph-common', 'ebtables', + 'libsasl2-modules-gssapi-mit', 'libvirt-clients', 'libvirt-daemon-system', 'openvswitch-switch', @@ -49,6 +51,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build 'python3-rbd', 'qemu-block-extra', 'qemu-system', + 'sasl2-bin', 'trousers' ] %} diff --git a/docker/octavia/octavia-base/Dockerfile.j2 b/docker/octavia/octavia-base/Dockerfile.j2 index 8ae291f1ed..69d1a32c28 100644 --- a/docker/octavia/octavia-base/Dockerfile.j2 +++ b/docker/octavia/octavia-base/Dockerfile.j2 @@ -23,6 +23,12 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {{ macros.install_packages(octavia_base_packages | customizable("packages")) }} {% elif install_type == 'source' %} + {% set octavia_base_packages = [ + 'python3-openvswitch' + ] %} + +{{ macros.install_packages(octavia_base_packages | customizable("packages")) }} + ADD octavia-base-archive /octavia-base-source {% set octavia_base_pip_packages = [ diff --git a/docker/openstack-base/Dockerfile.j2 b/docker/openstack-base/Dockerfile.j2 index a1120332e1..9103ab24ec 100644 --- a/docker/openstack-base/Dockerfile.j2 +++ b/docker/openstack-base/Dockerfile.j2 @@ -24,7 +24,6 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build 'mod_ssl', 'openssl', 'python3-alembic', - 'python3-anyjson', 'python3-aodhclient', 'python3-barbicanclient', 'python3-cachetools', @@ -88,7 +87,6 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build 'python3-routes', 'python3-saharaclient', 'python3-sqlalchemy', - 'python3-sqlalchemy-collectd', 'python3-sqlparse', 'python3-swiftclient', 'python3-sysv_ipc', @@ -212,7 +210,6 @@ ENV DEBIAN_FRONTEND noninteractive 'WSME', 'alembic', 'amqp', - 'anyjson', 'aodhclient', 'appdirs', 'bcrypt', @@ -315,6 +312,11 @@ ENV DEBIAN_FRONTEND noninteractive ADD openstack-base-archive /openstack-base-source RUN ln -s openstack-base-source/* /requirements \ +{# NOTE(mnasiadka): Remove ovs from upper-constraints.txt because python3-openvswitch + is usually newer than UC entry and older version would get installed + in venv (see https://launchpad.net/bugs/1961874). +#} + && sed -i /^ovs=/d /requirements/upper-constraints.txt \ && mkdir -p /var/lib/kolla \ && {{ macros.install_pip(['virtualenv'])}} \ && virtualenv --system-site-packages /var/lib/kolla/venv diff --git a/docker/rabbitmq/Dockerfile.j2 b/docker/rabbitmq/Dockerfile.j2 index d629561870..646586b392 100644 --- a/docker/rabbitmq/Dockerfile.j2 +++ b/docker/rabbitmq/Dockerfile.j2 @@ -9,27 +9,22 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {{ macros.configure_user(name='rabbitmq') }} -{{ macros.enable_extra_repos(['rabbitmq', 'erlang']) }} +{# NOTE(hrw): erlang packages from Erlang Solutions needs libwx from EPEL #} +{% if base_arch == 'aarch64' %} +{{ macros.enable_extra_repos(['epel']) }} +{% endif %} + +{{ macros.enable_extra_repos(['erlang', 'powertools', 'rabbitmq']) }} {% block rabbitmq_install %} {% if base_package_type == 'rpm' %} {% set rabbitmq_packages = [ + 'erlang-23.*', 'hostname', + 'rabbitmq-server-3.8.*' ] %} - {% if base_arch == 'aarch64' %} - {% set rabbitmq_packages = rabbitmq_packages + [ - 'erlang-22.*', - 'rabbitmq-server-3.8.14' - ] %} - {% else %} - {% set rabbitmq_packages = rabbitmq_packages + [ - 'erlang-23.*', - 'rabbitmq-server-3.8.*' - ] %} - {% endif %} - {% elif base_package_type == 'deb' %} {% set rabbitmq_packages = [ 'logrotate', diff --git a/docker/storm/storm-base/Dockerfile.j2 b/docker/storm/storm-base/Dockerfile.j2 index 0f6fecbe1c..cc07ff5ffb 100644 --- a/docker/storm/storm-base/Dockerfile.j2 +++ b/docker/storm/storm-base/Dockerfile.j2 @@ -12,6 +12,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% if base_package_type == 'rpm' %} {% set storm_packages = [ 'java-1.8.0-openjdk-headless', + 'zip', ] %} {% elif base_package_type == 'deb' %} @@ -23,6 +24,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% set storm_packages = [ 'openjdk-' + java_version + '-jre-headless', + 'zip', ] %} {% endif %} @@ -40,6 +42,9 @@ RUN curl -o /tmp/storm.tgz ${storm_url} \ && tar --strip 1 -xvf /tmp/storm.tgz -C /opt/storm \ && rm -f /tmp/storm.tgz +# Mitigation for CVE-2021-44228 and CVE-2021-45046: remove the JndiLookup class +# from the classpath +RUN zip -q -d /opt/storm/lib/log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class {% endblock %} {% block storm_python_version %} diff --git a/docker/swift/swift-base/Dockerfile.j2 b/docker/swift/swift-base/Dockerfile.j2 index bf622fcd4a..6ef3db1241 100644 --- a/docker/swift/swift-base/Dockerfile.j2 +++ b/docker/swift/swift-base/Dockerfile.j2 @@ -53,9 +53,9 @@ ADD swift-base-archive /swift-base-source RUN ln -s swift-base-source/* swift \ && {{ macros.install_pip(swift_base_pip_packages | customizable("pip_packages")) }} \ - && mkdir -p /etc/swift /var/cache/swift \ + && mkdir -p /etc/swift /var/cache/swift /var/lock/swift \ && cp -r /swift/etc/* /etc/swift/ \ - && chown -R swift: /etc/swift /var/cache/swift + && chown -R swift: /etc/swift /var/cache/swift /var/lock/swift {% endif %} COPY swift-rootwrap /var/lib/kolla/venv/bin/swift-rootwrap diff --git a/kolla/common/config.py b/kolla/common/config.py index 55aec94126..7edfa95778 100755 --- a/kolla/common/config.py +++ b/kolla/common/config.py @@ -22,10 +22,10 @@ BASE_OS_DISTRO = ['centos', 'rhel', 'ubuntu', 'debian'] BASE_ARCH = ['x86_64', 'ppc64le', 'aarch64'] DEFAULT_BASE_TAGS = { - 'centos': '8', - 'rhel': '8', - 'debian': '10', - 'ubuntu': '20.04', + 'centos': {'name': 'quay.io/centos/centos', 'tag': 'stream8'}, + 'rhel': {'name': 'registry.access.redhat.com/ubi8', 'tag': 'latest'}, + 'debian': {'name': 'debian', 'tag': '10'}, + 'ubuntu': {'name': 'ubuntu', 'tag': '20.04'}, } DISTRO_RELEASE = { 'centos': '8', @@ -1198,10 +1198,10 @@ def parse(conf, args, usage=None, prog=None, # NOTE(jeffrey4l): set the default base tag based on the # base option - conf.set_default('base_tag', DEFAULT_BASE_TAGS.get(conf.base)) + conf.set_default('base_tag', DEFAULT_BASE_TAGS[conf.base]['tag']) prefix = '' if conf.openstack_release == 'master' else 'stable-' openstack_branch = '{}{}'.format(prefix, conf.openstack_release) conf.set_default('openstack_branch', openstack_branch) if not conf.base_image: - conf.base_image = conf.base + conf.base_image = DEFAULT_BASE_TAGS[conf.base]['name'] diff --git a/kolla/template/repos.yaml b/kolla/template/repos.yaml index 58724461a4..c51aee40c9 100644 --- a/kolla/template/repos.yaml +++ b/kolla/template/repos.yaml @@ -21,7 +21,7 @@ centos-aarch64: elasticsearch: "elasticsearch-kibana-logstash-7.x" epel: "epel" epel-modular: "epel-modular" - erlang: "centos-rabbitmq-38" + erlang: "erlang-solutions" extras: "extras" grafana: "grafana" hacluster: "ha" @@ -56,6 +56,7 @@ debian: influxdb: "deb https://repos.influxdata.com/debian buster stable" logstash: "deb https://artifacts.elastic.co/packages/oss-7.x/apt stable main" kibana: "deb [arch=amd64] https://artifacts.elastic.co/packages/oss-7.x/apt stable main" + mariadb: "deb http://downloads.mariadb.com/MariaDB/mariadb-10.3/repo/debian buster main" rabbitmq: "deb https://packagecloud.io/rabbitmq/rabbitmq-server/debian/ buster main" td-agent: "deb http://packages.treasuredata.com/4/debian/buster buster contrib" @@ -67,6 +68,7 @@ debian-aarch64: logstash: "deb https://artifacts.elastic.co/packages/oss-7.x/apt stable main" kibana: "deb [arch=amd64] https://artifacts.elastic.co/packages/oss-7.x/apt stable main" libvirt: "deb https://obs.linaro.org/repos/home:/marcin.juszkiewicz/debian-buster ./" + mariadb: "deb http://downloads.mariadb.com/MariaDB/mariadb-10.3/repo/debian buster main" rabbitmq: "deb https://packagecloud.io/rabbitmq/rabbitmq-server/debian/ buster main" td-agent: "deb http://packages.treasuredata.com/4/debian/buster buster contrib" diff --git a/releasenotes/notes/bug-1942038-f1d96ae352f73bd1.yaml b/releasenotes/notes/bug-1942038-f1d96ae352f73bd1.yaml new file mode 100644 index 0000000000..fee95505c3 --- /dev/null +++ b/releasenotes/notes/bug-1942038-f1d96ae352f73bd1.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Fixes an issue with cinder-volume missing ``lsscsi`` and ``nvme`` commands + on Debian and Ubuntu. + `LP#1942038 `__ diff --git a/releasenotes/notes/bug-1946801-5f3af3c44e567fcf.yaml b/releasenotes/notes/bug-1946801-5f3af3c44e567fcf.yaml new file mode 100644 index 0000000000..b67c9751fd --- /dev/null +++ b/releasenotes/notes/bug-1946801-5f3af3c44e567fcf.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + CentOS ``nova-compute`` image has ``linux-firmware`` package removed to save + image size by ~500MB. + `LP#1926801 `__ diff --git a/releasenotes/notes/bug-1959203-1bb695e052248d78.yaml b/releasenotes/notes/bug-1959203-1bb695e052248d78.yaml new file mode 100644 index 0000000000..a6068423bd --- /dev/null +++ b/releasenotes/notes/bug-1959203-1bb695e052248d78.yaml @@ -0,0 +1,8 @@ +--- +fixes: + - | + Fixes an issue with Ironic deployments using UEFI and iPXE, where the + default UEFI iPXE bootloader in Ironic was not available in the TFTP + server. This affects all Kolla releases on CentOS, and Xena on + Debian/Ubuntu. `LP#1959203 + `__ diff --git a/releasenotes/notes/bug-1964140-57b433329bab067e.yaml b/releasenotes/notes/bug-1964140-57b433329bab067e.yaml new file mode 100644 index 0000000000..8869ab6420 --- /dev/null +++ b/releasenotes/notes/bug-1964140-57b433329bab067e.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Installs ``glusterfs-client`` in Debian and Ubuntu ``manila-share`` images + to support GlusterFS across supported distributions. + `LP#1964140 `__ diff --git a/releasenotes/notes/centos-8-eol-4500333b5e01f448.yaml b/releasenotes/notes/centos-8-eol-4500333b5e01f448.yaml new file mode 100644 index 0000000000..a22d0e579f --- /dev/null +++ b/releasenotes/notes/centos-8-eol-4500333b5e01f448.yaml @@ -0,0 +1,6 @@ +--- +critical: + - | + CentOS Linux 8 (non-Stream) support has been dropped, since + repositories have been removed from CentOS mirrors - see + `announcement `_. diff --git a/releasenotes/notes/debian-mariadb-upstream-75e05cbdaa013abe.yaml b/releasenotes/notes/debian-mariadb-upstream-75e05cbdaa013abe.yaml new file mode 100644 index 0000000000..bd92fedc73 --- /dev/null +++ b/releasenotes/notes/debian-mariadb-upstream-75e05cbdaa013abe.yaml @@ -0,0 +1,10 @@ +--- +upgrade: + - | + Debian now uses upstream MariaDB repos (thus following Ubuntu + images). This is done to avoid issues like the related one and + have an easy workaround of pinning to chosen MariaDB version if + need arises. + Operators may want to reflect this in their repo mirrors and + proxies. + `LP#1944410 `__ diff --git a/releasenotes/notes/distro-python-ovs-df705d1e59f16cde.yaml b/releasenotes/notes/distro-python-ovs-df705d1e59f16cde.yaml new file mode 100644 index 0000000000..0d22a0167a --- /dev/null +++ b/releasenotes/notes/distro-python-ovs-df705d1e59f16cde.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Fixes an issue when older version of Python OpenvSwitch bindings package + was used, than the running OpenvSwitch code. + `LP#1961874 `__ diff --git a/releasenotes/notes/fix-lock-swift-path-9b743367e4014f92.yaml b/releasenotes/notes/fix-lock-swift-path-9b743367e4014f92.yaml new file mode 100644 index 0000000000..281fdee4c0 --- /dev/null +++ b/releasenotes/notes/fix-lock-swift-path-9b743367e4014f92.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Fixes "Permission denied" issue for swift-recon tool that appears when + swift-recon tool tries to access deafult recon_lock_path diff --git a/releasenotes/notes/fix-ubuntu-ironic-python-agent-pxe-booting-issue-95adaf9249207d5b.yaml b/releasenotes/notes/fix-ubuntu-ironic-python-agent-pxe-booting-issue-95adaf9249207d5b.yaml new file mode 100644 index 0000000000..1679f59f7a --- /dev/null +++ b/releasenotes/notes/fix-ubuntu-ironic-python-agent-pxe-booting-issue-95adaf9249207d5b.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Fix AArch64 ubuntu ironic-python-agent images UEFI PXE booting failure. + Also fix x86_64 lacking of GRUB efi files issue. + `LP#1879265 `__ diff --git a/releasenotes/notes/libvirt-sasl-07a8a1a25d2450c6.yaml b/releasenotes/notes/libvirt-sasl-07a8a1a25d2450c6.yaml new file mode 100644 index 0000000000..e88bc0d922 --- /dev/null +++ b/releasenotes/notes/libvirt-sasl-07a8a1a25d2450c6.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + Adds Cyrus SASL packages necessary for the DIGEST-MD5 and SCRAM-SHA-256 + mechanisms. These can be used for libvirt SASL authentication. + `LP#1964013 `__ diff --git a/releasenotes/notes/magnum-keystone-auth-default-policy-e16f7bb558aa4b14.yaml b/releasenotes/notes/magnum-keystone-auth-default-policy-e16f7bb558aa4b14.yaml new file mode 100644 index 0000000000..820b69d3c2 --- /dev/null +++ b/releasenotes/notes/magnum-keystone-auth-default-policy-e16f7bb558aa4b14.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Fixes an issue with missing Magnum Keystone auth default policy. + `LP#1957159 `__ diff --git a/releasenotes/notes/nova-nvme-cli-bf940ad0005cac80.yaml b/releasenotes/notes/nova-nvme-cli-bf940ad0005cac80.yaml new file mode 100644 index 0000000000..c5cfa373c8 --- /dev/null +++ b/releasenotes/notes/nova-nvme-cli-bf940ad0005cac80.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Ensures the ``nvme-cli`` package is present in ``nova-compute`` images, as + it expected by ``os-brick``. diff --git a/releasenotes/notes/set_config-directory-execute-permission-8ab919b7b17025d2.yaml b/releasenotes/notes/set_config-directory-execute-permission-8ab919b7b17025d2.yaml new file mode 100644 index 0000000000..04a047629f --- /dev/null +++ b/releasenotes/notes/set_config-directory-execute-permission-8ab919b7b17025d2.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Fixes set_configs.py configuring same permission for directories and files, + causing directories lacking execute permission if not set for files. diff --git a/releasenotes/notes/storm-log4j-vulnerability-mitigation-6746a8a0bb329485.yaml b/releasenotes/notes/storm-log4j-vulnerability-mitigation-6746a8a0bb329485.yaml new file mode 100644 index 0000000000..5126662ad0 --- /dev/null +++ b/releasenotes/notes/storm-log4j-vulnerability-mitigation-6746a8a0bb329485.yaml @@ -0,0 +1,5 @@ +--- +security: + - | + Adds mitigation for Apache Log4j 2 Remote Code Execution (RCE) + vulnerabilities CVE-2021-44228 and CVE-2021-45046 to Apache Storm. diff --git a/tests/templates/template_overrides.j2 b/tests/templates/template_overrides.j2 index 7fdf25fb81..be9145de97 100644 --- a/tests/templates/template_overrides.j2 +++ b/tests/templates/template_overrides.j2 @@ -36,6 +36,12 @@ RUN sed -i \ {% block base_centos_repo_overrides_post_yum -%} {%- endraw -%} +{# TODO(mnasiadka): Drop this line once baseurl in centos-ceph-nautilus has $stream instead of #} +{# pointing to centos8 #} + && sed -i \ + -e "s|^\(mirrorlist.*\)|#\1|" \ + -e "s|^#baseurl=http://mirror.centos.org/\$contentdir/\$releasever|baseurl=http://{{ nodepool_mirror_host }}/\$contentdir/\$stream|" \ + /etc/yum.repos.d/CentOS-Ceph*.repo \ && sed -i \ -e "s|^\(mirrorlist.*\)|#\1|" \ -e "s|^#baseurl=http://mirror.centos.org|baseurl=http://{{ nodepool_mirror_host }}|" \