CVE updates
Change-Id: I452f72d521e802a2ad12de6b7e6a64e7311402f4
This commit is contained in:
Sergiy Markin
@@ -110,9 +110,8 @@
|
|||||||
vars:
|
vars:
|
||||||
site: airskiff
|
site: airskiff
|
||||||
HELM_ARTIFACT_URL: https://get.helm.sh/helm-v3.16.4-linux-amd64.tar.gz
|
HELM_ARTIFACT_URL: https://get.helm.sh/helm-v3.16.4-linux-amd64.tar.gz
|
||||||
HTK_COMMIT: master
|
HTK_COMMIT: 49c117443391cec75e0bd52bb4a9d033325927ad
|
||||||
OSH_INFRA_COMMIT: master
|
OSH_COMMIT: 49c117443391cec75e0bd52bb4a9d033325927ad
|
||||||
OSH_COMMIT: master
|
|
||||||
CLONE_ARMADA_GO: false
|
CLONE_ARMADA_GO: false
|
||||||
DISTRO: ubuntu_jammy
|
DISTRO: ubuntu_jammy
|
||||||
DOCKER_REGISTRY: localhost:5000
|
DOCKER_REGISTRY: localhost:5000
|
||||||
|
|||||||
2
go.mod
2
go.mod
@@ -1,6 +1,6 @@
|
|||||||
module opendev.org/airship/armada-go
|
module opendev.org/airship/armada-go
|
||||||
|
|
||||||
go 1.23.5
|
go 1.23.8
|
||||||
|
|
||||||
require (
|
require (
|
||||||
github.com/databus23/goslo.policy v0.0.0-20210929125152-81bf2876dbdb
|
github.com/databus23/goslo.policy v0.0.0-20210929125152-81bf2876dbdb
|
||||||
|
|||||||
@@ -1,8 +1,8 @@
|
|||||||
ARG FROM=quay.io/airshipit/ubuntu:jammy
|
ARG FROM=quay.io/airshipit/ubuntu:jammy
|
||||||
ARG GO_IMAGE=quay.io/airshipit/golang:1.23.5-bullseye
|
ARG GO_IMAGE=quay.io/airshipit/golang:1.23.8-bullseye
|
||||||
FROM ${GO_IMAGE} AS builder
|
FROM ${GO_IMAGE} AS builder
|
||||||
|
|
||||||
ENV PATH "/usr/local/go/bin:$PATH"
|
ENV PATH="/usr/local/go/bin:$PATH"
|
||||||
ENV CGO_ENABLED=0
|
ENV CGO_ENABLED=0
|
||||||
WORKDIR /go/src/
|
WORKDIR /go/src/
|
||||||
COPY go.mod /go.sum ./
|
COPY go.mod /go.sum ./
|
||||||
@@ -29,6 +29,18 @@ WORKDIR /armada
|
|||||||
COPY --from=builder /usr/local/bin/armada-go /usr/local/bin/armada
|
COPY --from=builder /usr/local/bin/armada-go /usr/local/bin/armada
|
||||||
COPY crd.yaml /armada/crd.yaml
|
COPY crd.yaml /armada/crd.yaml
|
||||||
|
|
||||||
|
RUN apt update -qq && apt upgrade -y \
|
||||||
|
&& apt autoremove -yqq --purge \
|
||||||
|
&& apt clean \
|
||||||
|
&& rm -rf \
|
||||||
|
/tmp/* \
|
||||||
|
/usr/share/doc \
|
||||||
|
/usr/share/doc-base \
|
||||||
|
/usr/share/man \
|
||||||
|
/var/lib/apt/lists/* \
|
||||||
|
/var/log/* \
|
||||||
|
/var/tmp/*
|
||||||
|
|
||||||
# Add armada user
|
# Add armada user
|
||||||
RUN useradd -u 1000 -g users -d $(pwd) armada
|
RUN useradd -u 1000 -g users -d $(pwd) armada
|
||||||
|
|
||||||
|
|||||||
@@ -1,46 +0,0 @@
|
|||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
---
|
|
||||||
ceph_osd_data_device: "/dev/loop0"
|
|
||||||
kubeadm:
|
|
||||||
pod_network_cidr: "10.244.0.0/24"
|
|
||||||
osh_params:
|
|
||||||
container_distro_name: ubuntu
|
|
||||||
container_distro_version: focal
|
|
||||||
# feature_gates:
|
|
||||||
site: airskiff
|
|
||||||
HELM_ARTIFACT_URL: https://get.helm.sh/helm-v3.13.2-linux-amd64.tar.gz
|
|
||||||
HTK_COMMIT: cfff60ec10a6c386f38db79bb9f59a552c2b032f
|
|
||||||
OSH_INFRA_COMMIT: cfff60ec10a6c386f38db79bb9f59a552c2b032f
|
|
||||||
OSH_COMMIT: 2d9457e34ca4200ed631466bd87569b0214c92e7
|
|
||||||
COREDNS_VERSION: v1.11.1
|
|
||||||
DISTRO: ubuntu_jammy
|
|
||||||
DOCKER_REGISTRY: quay.io
|
|
||||||
CLONE_ARMADA: true
|
|
||||||
CLONE_ARMADA_GO: true
|
|
||||||
CLONE_ARMADA_OPERATOR: true
|
|
||||||
CLONE_DECKHAND: true
|
|
||||||
CLONE_SHIPYARD: true
|
|
||||||
CLONE_PORTHOLE: true
|
|
||||||
CLONE_PROMENADE: true
|
|
||||||
CLONE_MAAS: true
|
|
||||||
CLONE_OSH: true
|
|
||||||
MAKE_ARMADA_IMAGES: false
|
|
||||||
MAKE_ARMADA_GO_IMAGES: false
|
|
||||||
MAKE_ARMADA_OPERATOR_IMAGES: false
|
|
||||||
MAKE_DECKHAND_IMAGES: false
|
|
||||||
MAKE_SHIPYARD_IMAGES: false
|
|
||||||
MAKE_PORTHOLE_IMAGES: false
|
|
||||||
MAKE_PROMENADE_IMAGES: false
|
|
||||||
USE_ARMADA_GO: false
|
|
||||||
...
|
|
||||||
@@ -1,83 +0,0 @@
|
|||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
---
|
|
||||||
- block:
|
|
||||||
- name: "Run script set {{ workload }}"
|
|
||||||
shell: |
|
|
||||||
set -xe;
|
|
||||||
{{ gate_script_path }}
|
|
||||||
loop: "{{ workload }}"
|
|
||||||
loop_control:
|
|
||||||
loop_var: gate_script_path
|
|
||||||
pause: 5
|
|
||||||
args:
|
|
||||||
chdir: "{{ zuul.project.src_dir }}/{{ gate_scripts_relative_path }}"
|
|
||||||
environment:
|
|
||||||
CEPH_OSD_DATA_DEVICE: "{{ ceph_osd_data_device }}"
|
|
||||||
POD_NETWORK_CIDR: "{{ kubeadm.pod_network_cidr }}"
|
|
||||||
zuul_site_mirror_fqdn: "{{ zuul_site_mirror_fqdn }}"
|
|
||||||
OSH_EXTRA_HELM_ARGS: "{{ zuul_osh_extra_helm_args_relative_path | default('') }}"
|
|
||||||
OSH_PATH: "{{ zuul_osh_relative_path | default('../openstack-helm/') }}"
|
|
||||||
OSH_INFRA_PATH: "{{ zuul_osh_infra_relative_path | default('../openstack-helm-infra/') }}"
|
|
||||||
OPENSTACK_RELEASE: "{{ osh_params.openstack_release | default('') }}"
|
|
||||||
CONTAINER_DISTRO_NAME: "{{ osh_params.container_distro_name | default('') }}"
|
|
||||||
CONTAINER_DISTRO_VERSION: "{{ osh_params.container_distro_version | default('') }}"
|
|
||||||
FEATURE_GATES: "{{ osh_params.feature_gates | default('') }}"
|
|
||||||
RUN_HELM_TESTS: "{{ run_helm_tests | default('yes') }}"
|
|
||||||
PL_SITE: "{{ site | default('airskiff') }}"
|
|
||||||
HELM_ARTIFACT_URL: "{{ HELM_ARTIFACT_URL | default('https://get.helm.sh/helm-v3.13.2-linux-amd64.tar.gz') }}"
|
|
||||||
HTK_COMMIT: "{{ HTK_COMMIT | default('cfff60ec10a6c386f38db79bb9f59a552c2b032f') }}"
|
|
||||||
OSH_INFRA_COMMIT: "{{ OSH_INFRA_COMMIT | default('cfff60ec10a6c386f38db79bb9f59a552c2b032f') }}"
|
|
||||||
OSH_COMMIT: "{{ OSH_COMMIT | default('2d9457e34ca4200ed631466bd87569b0214c92e7') }}"
|
|
||||||
COREDNS_VERSION: "{{ coredns_version | default('v1.11.1') }}"
|
|
||||||
DISTRO: "{{ DISTRO | default('ubuntu_jammy') }}"
|
|
||||||
DOCKER_REGISTRY: "{{ DOCKER_REGISTRY | default('quay.io') }}"
|
|
||||||
CLONE_ARMADA: "{{ CLONE_ARMADA | default('true') }}"
|
|
||||||
CLONE_ARMADA_GO: "{{ CLONE_ARMADA_GO | default('true') }}"
|
|
||||||
CLONE_ARMADA_OPERATOR: "{{ CLONE_ARMADA_OPERATOR | default('true') }}"
|
|
||||||
CLONE_DECKHAND: "{{ CLONE_DECKHAND | default('true') }}"
|
|
||||||
CLONE_SHIPYARD: "{{ CLONE_SHIPYARD | default('true') }}"
|
|
||||||
CLONE_PORTHOLE: "{{ CLONE_PORTHOLE | default('true') }}"
|
|
||||||
CLONE_PROMENADE: "{{ CLONE_PROMENADE | default('true') }}"
|
|
||||||
CLONE_MAAS: "{{ CLONE_MAAS | default('true') }}"
|
|
||||||
CLONE_OSH: "{{ CLONE_OSH | default('true') }}"
|
|
||||||
MAKE_ARMADA_IMAGES: "{{ MAKE_ARMADA_IMAGES | default('false') }}"
|
|
||||||
MAKE_ARMADA_GO_IMAGES: "{{ MAKE_ARMADA_GO_IMAGES | default('false') }}"
|
|
||||||
MAKE_ARMADA_OPERATOR_IMAGES: "{{ MAKE_ARMADA_OPERATOR_IMAGES | default('false') }}"
|
|
||||||
MAKE_DECKHAND_IMAGES: "{{ MAKE_DECKHAND_IMAGES | default('false') }}"
|
|
||||||
MAKE_SHIPYARD_IMAGES: "{{ MAKE_SHIPYARD_IMAGES | default('false') }}"
|
|
||||||
MAKE_PORTHOLE_IMAGES: "{{ MAKE_PORTHOLE_IMAGES | default('false') }}"
|
|
||||||
MAKE_PROMENADE_IMAGES: "{{ MAKE_PROMENADE_IMAGES | default('false') }}"
|
|
||||||
USE_ARMADA_GO: "{{ USE_ARMADA_GO | default('false') }}"
|
|
||||||
# NOTE(aostapenko) using bigger than async_status timeout due to async_status issue with
|
|
||||||
# not recognizing timed out jobs: https://github.com/ansible/ansible/issues/25637
|
|
||||||
async: 3600
|
|
||||||
poll: 0
|
|
||||||
register: async_results
|
|
||||||
|
|
||||||
- name: Wait for script set to finish
|
|
||||||
async_status:
|
|
||||||
jid: '{{ item.ansible_job_id }}'
|
|
||||||
register: jobs
|
|
||||||
until: jobs.finished
|
|
||||||
delay: 5
|
|
||||||
retries: 360
|
|
||||||
loop: "{{ async_results.results }}"
|
|
||||||
|
|
||||||
always:
|
|
||||||
- name: Print script set output
|
|
||||||
shell: |
|
|
||||||
# NOTE(aostapenko) safely retrieving items for the unlikely case if jobs timed out in async_status
|
|
||||||
echo 'STDOUT:\n{{ item.get("stdout") | regex_replace("\'", "") }}\nSTDERR:\n{{ item.get("stderr") | regex_replace("\'", "") }}'
|
|
||||||
loop: "{{ jobs.results }}"
|
|
||||||
...
|
|
||||||
@@ -1,47 +0,0 @@
|
|||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
---
|
|
||||||
ceph_osd_data_device: "/dev/loop0"
|
|
||||||
kubeadm:
|
|
||||||
pod_network_cidr: "10.244.0.0/24"
|
|
||||||
osh_params:
|
|
||||||
container_distro_name: ubuntu
|
|
||||||
container_distro_version: focal
|
|
||||||
# feature_gates:
|
|
||||||
site: airskiff
|
|
||||||
HELM_ARTIFACT_URL: https://get.helm.sh/helm-v3.13.2-linux-amd64.tar.gz
|
|
||||||
HTK_COMMIT: cfff60ec10a6c386f38db79bb9f59a552c2b032f
|
|
||||||
OSH_INFRA_COMMIT: cfff60ec10a6c386f38db79bb9f59a552c2b032f
|
|
||||||
OSH_COMMIT: 2d9457e34ca4200ed631466bd87569b0214c92e7
|
|
||||||
COREDNS_VERSION: v1.11.1
|
|
||||||
DISTRO: ubuntu_jammy
|
|
||||||
DOCKER_REGISTRY: quay.io
|
|
||||||
|
|
||||||
CLONE_ARMADA: true
|
|
||||||
CLONE_ARMADA_GO: true
|
|
||||||
CLONE_ARMADA_OPERATOR: true
|
|
||||||
CLONE_DECKHAND: true
|
|
||||||
CLONE_SHIPYARD: true
|
|
||||||
CLONE_PORTHOLE: true
|
|
||||||
CLONE_PROMENADE: true
|
|
||||||
CLONE_MAAS: true
|
|
||||||
CLONE_OSH: true
|
|
||||||
MAKE_ARMADA_IMAGES: false
|
|
||||||
MAKE_ARMADA_GO_IMAGES: false
|
|
||||||
MAKE_ARMADA_OPERATOR_IMAGES: false
|
|
||||||
MAKE_DECKHAND_IMAGES: false
|
|
||||||
MAKE_SHIPYARD_IMAGES: false
|
|
||||||
MAKE_PORTHOLE_IMAGES: false
|
|
||||||
MAKE_PROMENADE_IMAGES: false
|
|
||||||
USE_ARMADA_GO: false
|
|
||||||
...
|
|
||||||
@@ -1,59 +0,0 @@
|
|||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
---
|
|
||||||
- name: "Run script {{ workload[0] }}"
|
|
||||||
shell: |
|
|
||||||
set -xe;
|
|
||||||
{{ gate_script_path }}
|
|
||||||
vars:
|
|
||||||
gate_script_path: "{{ workload[0] }}"
|
|
||||||
args:
|
|
||||||
chdir: "{{ zuul.project.src_dir }}/{{ gate_scripts_relative_path }}"
|
|
||||||
environment:
|
|
||||||
CEPH_OSD_DATA_DEVICE: "{{ ceph_osd_data_device }}"
|
|
||||||
POD_NETWORK_CIDR: "{{ kubeadm.pod_network_cidr }}"
|
|
||||||
zuul_site_mirror_fqdn: "{{ zuul_site_mirror_fqdn }}"
|
|
||||||
OSH_EXTRA_HELM_ARGS: "{{ zuul_osh_extra_helm_args_relative_path | default('') }}"
|
|
||||||
OSH_PATH: "{{ zuul_osh_relative_path | default('../openstack-helm/') }}"
|
|
||||||
OSH_INFRA_PATH: "{{ zuul_osh_infra_relative_path | default('../openstack-helm-infra/') }}"
|
|
||||||
OPENSTACK_RELEASE: "{{ osh_params.openstack_release | default('') }}"
|
|
||||||
CONTAINER_DISTRO_NAME: "{{ osh_params.container_distro_name | default('') }}"
|
|
||||||
CONTAINER_DISTRO_VERSION: "{{ osh_params.container_distro_version | default('') }}"
|
|
||||||
FEATURE_GATES: "{{ osh_params.feature_gates | default('') }}"
|
|
||||||
RUN_HELM_TESTS: "{{ run_helm_tests | default('yes') }}"
|
|
||||||
PL_SITE: "{{ site | default('airskiff') }}"
|
|
||||||
HELM_ARTIFACT_URL: "{{ HELM_ARTIFACT_URL | default('https://get.helm.sh/helm-v3.13.2-linux-amd64.tar.gz') }}"
|
|
||||||
HTK_COMMIT: "{{ HTK_COMMIT | default('cfff60ec10a6c386f38db79bb9f59a552c2b032f') }}"
|
|
||||||
OSH_INFRA_COMMIT: "{{ OSH_INFRA_COMMIT | default('cfff60ec10a6c386f38db79bb9f59a552c2b032f') }}"
|
|
||||||
OSH_COMMIT: "{{ OSH_COMMIT | default('2d9457e34ca4200ed631466bd87569b0214c92e7') }}"
|
|
||||||
COREDNS_VERSION: "{{ coredns_version | default('v1.11.1') }}"
|
|
||||||
DISTRO: "{{ DISTRO | default('ubuntu_jammy') }}"
|
|
||||||
DOCKER_REGISTRY: "{{ DOCKER_REGISTRY | default('quay.io') }}"
|
|
||||||
CLONE_ARMADA: "{{ CLONE_ARMADA | default('true') }}"
|
|
||||||
CLONE_ARMADA_GO: "{{ CLONE_ARMADA_GO | default('true') }}"
|
|
||||||
CLONE_ARMADA_OPERATOR: "{{ CLONE_ARMADA_OPERATOR | default('true') }}"
|
|
||||||
CLONE_DECKHAND: "{{ CLONE_DECKHAND | default('true') }}"
|
|
||||||
CLONE_SHIPYARD: "{{ CLONE_SHIPYARD | default('true') }}"
|
|
||||||
CLONE_PORTHOLE: "{{ CLONE_PORTHOLE | default('true') }}"
|
|
||||||
CLONE_PROMENADE: "{{ CLONE_PROMENADE | default('true') }}"
|
|
||||||
CLONE_MAAS: "{{ CLONE_MAAS | default('true') }}"
|
|
||||||
CLONE_OSH: "{{ CLONE_OSH | default('true') }}"
|
|
||||||
MAKE_ARMADA_IMAGES: "{{ MAKE_ARMADA_IMAGES | default('false') }}"
|
|
||||||
MAKE_ARMADA_GO_IMAGES: "{{ MAKE_ARMADA_GO_IMAGES | default('false') }}"
|
|
||||||
MAKE_ARMADA_OPERATOR_IMAGES: "{{ MAKE_ARMADA_OPERATOR_IMAGES | default('false') }}"
|
|
||||||
MAKE_DECKHAND_IMAGES: "{{ MAKE_DECKHAND_IMAGES | default('false') }}"
|
|
||||||
MAKE_SHIPYARD_IMAGES: "{{ MAKE_SHIPYARD_IMAGES | default('false') }}"
|
|
||||||
MAKE_PORTHOLE_IMAGES: "{{ MAKE_PORTHOLE_IMAGES | default('false') }}"
|
|
||||||
MAKE_PROMENADE_IMAGES: "{{ MAKE_PROMENADE_IMAGES | default('false') }}"
|
|
||||||
USE_ARMADA_GO: "{{ USE_ARMADA_GO | default('false') }}"
|
|
||||||
...
|
|
||||||
Reference in New Issue
Block a user