airship/armada-go
Code Issues Proposed changes

CVE updates

Browse Source 
Change-Id: I452f72d521e802a2ad12de6b7e6a64e7311402f4
This commit is contained in:
Sergiy Markin 2025-04-17 15:33:12 -05:00
parent d502432266
commit 056a98356a
7 changed files with 17 additions and 241 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.zuul.yaml
View File

@ -110,9 +110,8 @@
vars:
site: airskiff
HELM_ARTIFACT_URL: https://get.helm.sh/helm-v3.16.4-linux-amd64.tar.gz
HTK_COMMIT: master
OSH_INFRA_COMMIT: master
OSH_COMMIT: master
HTK_COMMIT: 49c117443391cec75e0bd52bb4a9d033325927ad
OSH_COMMIT: 49c117443391cec75e0bd52bb4a9d033325927ad
CLONE_ARMADA_GO: false
DISTRO: ubuntu_jammy
DOCKER_REGISTRY: localhost:5000

2
go.mod
View File

@ -1,6 +1,6 @@
module opendev.org/airship/armada-go
go 1.23.5
go 1.23.8
require (
github.com/databus23/goslo.policy v0.0.0-20210929125152-81bf2876dbdb

16
images/armada-go/Dockerfile.ubuntu_jammy
View File

@ -1,8 +1,8 @@
ARG FROM=quay.io/airshipit/ubuntu:jammy
ARG GO_IMAGE=quay.io/airshipit/golang:1.23.5-bullseye
ARG GO_IMAGE=quay.io/airshipit/golang:1.23.8-bullseye
FROM ${GO_IMAGE} AS builder
ENV PATH "/usr/local/go/bin:$PATH"
ENV PATH="/usr/local/go/bin:$PATH"
ENV CGO_ENABLED=0
WORKDIR /go/src/
COPY go.mod /go.sum ./
@ -29,6 +29,18 @@ WORKDIR /armada
COPY --from=builder /usr/local/bin/armada-go /usr/local/bin/armada
COPY crd.yaml /armada/crd.yaml
RUN apt update -qq && apt upgrade -y \
&& apt autoremove -yqq --purge \
&& apt clean \
&& rm -rf \
/tmp/* \
/usr/share/doc \
/usr/share/doc-base \
/usr/share/man \
/var/lib/apt/lists/* \
/var/log/* \
/var/tmp/*
# Add armada user
RUN useradd -u 1000 -g users -d $(pwd) armada

46
tools/gate/roles/airship-run-script-set/defaults/main.yaml
View File

@ -1,46 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
ceph_osd_data_device: "/dev/loop0"
kubeadm:
pod_network_cidr: "10.244.0.0/24"
osh_params:
container_distro_name: ubuntu
container_distro_version: focal
# feature_gates:
site: airskiff
HELM_ARTIFACT_URL: https://get.helm.sh/helm-v3.13.2-linux-amd64.tar.gz
HTK_COMMIT: cfff60ec10a6c386f38db79bb9f59a552c2b032f
OSH_INFRA_COMMIT: cfff60ec10a6c386f38db79bb9f59a552c2b032f
OSH_COMMIT: 2d9457e34ca4200ed631466bd87569b0214c92e7
COREDNS_VERSION: v1.11.1
DISTRO: ubuntu_jammy
DOCKER_REGISTRY: quay.io
CLONE_ARMADA: true
CLONE_ARMADA_GO: true
CLONE_ARMADA_OPERATOR: true
CLONE_DECKHAND: true
CLONE_SHIPYARD: true
CLONE_PORTHOLE: true
CLONE_PROMENADE: true
CLONE_MAAS: true
CLONE_OSH: true
MAKE_ARMADA_IMAGES: false
MAKE_ARMADA_GO_IMAGES: false
MAKE_ARMADA_OPERATOR_IMAGES: false
MAKE_DECKHAND_IMAGES: false
MAKE_SHIPYARD_IMAGES: false
MAKE_PORTHOLE_IMAGES: false
MAKE_PROMENADE_IMAGES: false
USE_ARMADA_GO: false
...

83
tools/gate/roles/airship-run-script-set/tasks/main.yaml
View File

@ -1,83 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- block:
- name: "Run script set {{ workload }}"
shell: |
set -xe;
{{ gate_script_path }}
loop: "{{ workload }}"
loop_control:
loop_var: gate_script_path
pause: 5
args:
chdir: "{{ zuul.project.src_dir }}/{{ gate_scripts_relative_path }}"
environment:
CEPH_OSD_DATA_DEVICE: "{{ ceph_osd_data_device }}"
POD_NETWORK_CIDR: "{{ kubeadm.pod_network_cidr }}"
zuul_site_mirror_fqdn: "{{ zuul_site_mirror_fqdn }}"
OSH_EXTRA_HELM_ARGS: "{{ zuul_osh_extra_helm_args_relative_path | default('') }}"
OSH_PATH: "{{ zuul_osh_relative_path | default('../openstack-helm/') }}"
OSH_INFRA_PATH: "{{ zuul_osh_infra_relative_path | default('../openstack-helm-infra/') }}"
OPENSTACK_RELEASE: "{{ osh_params.openstack_release | default('') }}"
CONTAINER_DISTRO_NAME: "{{ osh_params.container_distro_name | default('') }}"
CONTAINER_DISTRO_VERSION: "{{ osh_params.container_distro_version | default('') }}"
FEATURE_GATES: "{{ osh_params.feature_gates | default('') }}"
RUN_HELM_TESTS: "{{ run_helm_tests | default('yes') }}"
PL_SITE: "{{ site | default('airskiff') }}"
HELM_ARTIFACT_URL: "{{ HELM_ARTIFACT_URL | default('https://get.helm.sh/helm-v3.13.2-linux-amd64.tar.gz') }}"
HTK_COMMIT: "{{ HTK_COMMIT | default('cfff60ec10a6c386f38db79bb9f59a552c2b032f') }}"
OSH_INFRA_COMMIT: "{{ OSH_INFRA_COMMIT | default('cfff60ec10a6c386f38db79bb9f59a552c2b032f') }}"
OSH_COMMIT: "{{ OSH_COMMIT | default('2d9457e34ca4200ed631466bd87569b0214c92e7') }}"
COREDNS_VERSION: "{{ coredns_version | default('v1.11.1') }}"
DISTRO: "{{ DISTRO | default('ubuntu_jammy') }}"
DOCKER_REGISTRY: "{{ DOCKER_REGISTRY | default('quay.io') }}"
CLONE_ARMADA: "{{ CLONE_ARMADA | default('true') }}"
CLONE_ARMADA_GO: "{{ CLONE_ARMADA_GO | default('true') }}"
CLONE_ARMADA_OPERATOR: "{{ CLONE_ARMADA_OPERATOR | default('true') }}"
CLONE_DECKHAND: "{{ CLONE_DECKHAND | default('true') }}"
CLONE_SHIPYARD: "{{ CLONE_SHIPYARD | default('true') }}"
CLONE_PORTHOLE: "{{ CLONE_PORTHOLE | default('true') }}"
CLONE_PROMENADE: "{{ CLONE_PROMENADE | default('true') }}"
CLONE_MAAS: "{{ CLONE_MAAS | default('true') }}"
CLONE_OSH: "{{ CLONE_OSH | default('true') }}"
MAKE_ARMADA_IMAGES: "{{ MAKE_ARMADA_IMAGES | default('false') }}"
MAKE_ARMADA_GO_IMAGES: "{{ MAKE_ARMADA_GO_IMAGES | default('false') }}"
MAKE_ARMADA_OPERATOR_IMAGES: "{{ MAKE_ARMADA_OPERATOR_IMAGES | default('false') }}"
MAKE_DECKHAND_IMAGES: "{{ MAKE_DECKHAND_IMAGES | default('false') }}"
MAKE_SHIPYARD_IMAGES: "{{ MAKE_SHIPYARD_IMAGES | default('false') }}"
MAKE_PORTHOLE_IMAGES: "{{ MAKE_PORTHOLE_IMAGES | default('false') }}"
MAKE_PROMENADE_IMAGES: "{{ MAKE_PROMENADE_IMAGES | default('false') }}"
USE_ARMADA_GO: "{{ USE_ARMADA_GO | default('false') }}"
# NOTE(aostapenko) using bigger than async_status timeout due to async_status issue with
# not recognizing timed out jobs: https://github.com/ansible/ansible/issues/25637
async: 3600
poll: 0
register: async_results
- name: Wait for script set to finish
async_status:
jid: '{{ item.ansible_job_id }}'
register: jobs
until: jobs.finished
delay: 5
retries: 360
loop: "{{ async_results.results }}"
always:
- name: Print script set output
shell: |
# NOTE(aostapenko) safely retrieving items for the unlikely case if jobs timed out in async_status
echo 'STDOUT:\n{{ item.get("stdout") | regex_replace("\'", "") }}\nSTDERR:\n{{ item.get("stderr") | regex_replace("\'", "") }}'
loop: "{{ jobs.results }}"
...

47
tools/gate/roles/airship-run-script/defaults/main.yaml
View File

@ -1,47 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
ceph_osd_data_device: "/dev/loop0"
kubeadm:
pod_network_cidr: "10.244.0.0/24"
osh_params:
container_distro_name: ubuntu
container_distro_version: focal
# feature_gates:
site: airskiff
HELM_ARTIFACT_URL: https://get.helm.sh/helm-v3.13.2-linux-amd64.tar.gz
HTK_COMMIT: cfff60ec10a6c386f38db79bb9f59a552c2b032f
OSH_INFRA_COMMIT: cfff60ec10a6c386f38db79bb9f59a552c2b032f
OSH_COMMIT: 2d9457e34ca4200ed631466bd87569b0214c92e7
COREDNS_VERSION: v1.11.1
DISTRO: ubuntu_jammy
DOCKER_REGISTRY: quay.io
CLONE_ARMADA: true
CLONE_ARMADA_GO: true
CLONE_ARMADA_OPERATOR: true
CLONE_DECKHAND: true
CLONE_SHIPYARD: true
CLONE_PORTHOLE: true
CLONE_PROMENADE: true
CLONE_MAAS: true
CLONE_OSH: true
MAKE_ARMADA_IMAGES: false
MAKE_ARMADA_GO_IMAGES: false
MAKE_ARMADA_OPERATOR_IMAGES: false
MAKE_DECKHAND_IMAGES: false
MAKE_SHIPYARD_IMAGES: false
MAKE_PORTHOLE_IMAGES: false
MAKE_PROMENADE_IMAGES: false
USE_ARMADA_GO: false
...

59
tools/gate/roles/airship-run-script/tasks/main.yaml
View File

@ -1,59 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- name: "Run script {{ workload[0] }}"
shell: |
set -xe;
{{ gate_script_path }}
vars:
gate_script_path: "{{ workload[0] }}"
args:
chdir: "{{ zuul.project.src_dir }}/{{ gate_scripts_relative_path }}"
environment:
CEPH_OSD_DATA_DEVICE: "{{ ceph_osd_data_device }}"
POD_NETWORK_CIDR: "{{ kubeadm.pod_network_cidr }}"
zuul_site_mirror_fqdn: "{{ zuul_site_mirror_fqdn }}"
OSH_EXTRA_HELM_ARGS: "{{ zuul_osh_extra_helm_args_relative_path | default('') }}"
OSH_PATH: "{{ zuul_osh_relative_path | default('../openstack-helm/') }}"
OSH_INFRA_PATH: "{{ zuul_osh_infra_relative_path | default('../openstack-helm-infra/') }}"
OPENSTACK_RELEASE: "{{ osh_params.openstack_release | default('') }}"
CONTAINER_DISTRO_NAME: "{{ osh_params.container_distro_name | default('') }}"
CONTAINER_DISTRO_VERSION: "{{ osh_params.container_distro_version | default('') }}"
FEATURE_GATES: "{{ osh_params.feature_gates | default('') }}"
RUN_HELM_TESTS: "{{ run_helm_tests | default('yes') }}"
PL_SITE: "{{ site | default('airskiff') }}"
HELM_ARTIFACT_URL: "{{ HELM_ARTIFACT_URL | default('https://get.helm.sh/helm-v3.13.2-linux-amd64.tar.gz') }}"
HTK_COMMIT: "{{ HTK_COMMIT | default('cfff60ec10a6c386f38db79bb9f59a552c2b032f') }}"
OSH_INFRA_COMMIT: "{{ OSH_INFRA_COMMIT | default('cfff60ec10a6c386f38db79bb9f59a552c2b032f') }}"
OSH_COMMIT: "{{ OSH_COMMIT | default('2d9457e34ca4200ed631466bd87569b0214c92e7') }}"
COREDNS_VERSION: "{{ coredns_version | default('v1.11.1') }}"
DISTRO: "{{ DISTRO | default('ubuntu_jammy') }}"
DOCKER_REGISTRY: "{{ DOCKER_REGISTRY | default('quay.io') }}"
CLONE_ARMADA: "{{ CLONE_ARMADA | default('true') }}"
CLONE_ARMADA_GO: "{{ CLONE_ARMADA_GO | default('true') }}"
CLONE_ARMADA_OPERATOR: "{{ CLONE_ARMADA_OPERATOR | default('true') }}"
CLONE_DECKHAND: "{{ CLONE_DECKHAND | default('true') }}"
CLONE_SHIPYARD: "{{ CLONE_SHIPYARD | default('true') }}"
CLONE_PORTHOLE: "{{ CLONE_PORTHOLE | default('true') }}"
CLONE_PROMENADE: "{{ CLONE_PROMENADE | default('true') }}"
CLONE_MAAS: "{{ CLONE_MAAS | default('true') }}"
CLONE_OSH: "{{ CLONE_OSH | default('true') }}"
MAKE_ARMADA_IMAGES: "{{ MAKE_ARMADA_IMAGES | default('false') }}"
MAKE_ARMADA_GO_IMAGES: "{{ MAKE_ARMADA_GO_IMAGES | default('false') }}"
MAKE_ARMADA_OPERATOR_IMAGES: "{{ MAKE_ARMADA_OPERATOR_IMAGES | default('false') }}"
MAKE_DECKHAND_IMAGES: "{{ MAKE_DECKHAND_IMAGES | default('false') }}"
MAKE_SHIPYARD_IMAGES: "{{ MAKE_SHIPYARD_IMAGES | default('false') }}"
MAKE_PORTHOLE_IMAGES: "{{ MAKE_PORTHOLE_IMAGES | default('false') }}"
MAKE_PROMENADE_IMAGES: "{{ MAKE_PROMENADE_IMAGES | default('false') }}"
USE_ARMADA_GO: "{{ USE_ARMADA_GO | default('false') }}"
...