opendev/system-config
Code Issues Proposed changes
e86a1c6f96
system-config/playbooks/roles
History
Clark Boylan e86a1c6f96 Run containers on Noble with docker compose and podman 
There are two major issues we are trying to address here. The first is
that docker-compose (python implementation) is EOL and does not work
with python3.12. Instead we need to use docker compose (golang
implementation) on newer platforms like Noble. We're taking advantage of
the clean break between distro releases to do a migration of the
container management system rather than try and replace docker-compose
with docker compose in place on existing servers.

Second the docker runtime can only deal with mirrors for images hosted
on docker hub. This impacts our ability to speculatively test images
that are hosted on quay (or elsewhere) with docker since speculative
image testing currently relies on mirror configuration to provide
unreleased images to test environments. By switching the runtime to
podman instead of docker behind docker compose we fix this second
problem. Again the clean break between distro releases is a convenient
time to make ths witch rather than doing it in place.

Some design considerations include:

 * Not bothering with docker ce packaging and instead relying on
   packages in Ubuntu Noble
 * Configuring the podman service to listen on a socket located where
   docker's socket typically lives. This avoids needing environment
   overrides every time we run docker compose.
 * Not adding a special podman group for this. We effectively manage
   things as root or via sudo so we can keep this simple for now.

Future updates may include installation of docker compose and/or podman
from upstream sources. We could add a podman group. We may also switch
to using user owner podman daemons and reduce some privilege.

Change-Id: Ib0a9cdb38b99521bcd7e15c17f6175aea2c042eb
2024-12-17 14:30:43 -08:00
..
accessbot Revert "Move system-config irc bots into quay.io" 2023-05-24 13:17:54 -07:00
add-inventory-known-hosts bridge: Disable writing known_hosts files 2022-11-21 15:29:56 +11:00
afs-release afs-release: better info when can not get lockfile 2022-10-11 10:53:02 +11:00
afsmon afsmon: install python3-pip 2020-02-12 16:39:11 +11:00
apache-ua-filter Merge "Apply apache us filter to Zuul" 2024-04-23 19:27:34 +00:00
base Install dns-root-data before unbound 2024-08-29 16:21:26 +00:00
borg-backup Add hints to borg backup error logging 2023-12-11 08:42:04 -08:00
borg-backup-server Merge "Skip purged borg backups during backup pruning" 2024-11-25 18:44:02 +00:00
codesearch codesearch: Add robots.txt 2020-11-20 19:13:32 +11:00
configure-kubectl Configure .kube/config on bridge 2019-02-06 15:43:19 -08:00
configure-openstacksdk Cleanup leftover inmotion configs 2024-06-20 09:52:50 -07:00
create-venv Fix task name to reflect correct distro 2024-07-09 09:12:13 +10:00
disable-puppet-agent Stop running mcollective 2020-05-05 15:00:04 -05:00
dstat-logger dstat-logger: redirect stdout to /dev/null 2021-03-24 22:23:13 +00:00
edit-secrets-script edit-secrets: configure gpg-agent/emacs 2022-11-03 10:07:20 +11:00
etherpad Update Etherpad to v2.2.5 2024-09-23 10:29:15 -07:00
gerrit Remove log cleanup cronjob from review 2024-12-06 10:14:08 -08:00
gerritbot Revert "Move pull external IRC bot images from quay.io" 2023-05-24 13:42:47 -07:00
gitea Fix the formatting of the gitea app.ini file 2024-07-19 10:23:54 -07:00
gitea-git-repos gitea-git-repos: remove #!/usr/bin/env python 2022-11-23 08:26:28 +11:00
gitea-lb gitea-haproxy: issue liveness check to HEAD / 2022-03-08 09:46:59 +11:00
gitea-set-org-logos Update gitea to 1.19.3 2023-05-03 14:42:08 -07:00
grafana Temporarily pin Grafana to 10.2.2 2023-12-31 19:15:56 +00:00
graphite graphite: add grafana header to CORS allowed list 2023-12-31 14:28:49 +00:00
haproxy Downgrade haproxy image from latest to lts 2023-12-20 13:41:53 +00:00
import-gpg-key reprepro: convert to Ansible 2020-10-19 14:06:57 +11:00
install-ansible Remove most linaro cloud resources 2024-08-02 09:21:11 -07:00
install-ansible-roles Mark .git dirs safe when marking ansible roles safe for git 2024-06-10 08:15:44 -07:00
install-apt-repo Vendor the apt repo gpg keys used for Zuul 2020-05-20 13:17:09 -07:00
install-borg install-borg: update to borg 1.1.18 2022-08-10 10:14:56 +10:00
install-certcheck Generate ssl check list directly from letsencrypt variables 2020-05-20 14:27:14 +10:00
install-docker Run containers on Noble with docker compose and podman 2024-12-17 14:30:43 -08:00
install-kubectl Remove snap cleanup tasks 2020-04-16 12:45:36 -05:00
install-launch-node Deduplicate Rackspace control plane API keys 2024-03-12 19:17:09 +00:00
install-podman Run a gerrit container on review-dev01 2019-10-29 08:29:17 +09:00
iptables iptables: handle hosts in allowed groups not having an ipv6 address 2023-01-12 21:48:22 +11:00
jaeger Pin the Jaeger container to 1.58.1 2024-07-10 11:43:55 -07:00
jitsi-meet Explicitly down Jitsi-Meet containers on upgrade 2024-09-26 17:52:29 +00:00
kerberos-kdc Merge "kerberos-kdc: quote some integers to avoid string/int confusion" 2021-03-22 22:56:26 +00:00
keycloak Add backups for the new Keycloak server 2024-02-09 17:35:02 +00:00
letsencrypt-acme-sh-install Only update acme.sh if necessary 2024-11-06 09:32:21 -08:00
letsencrypt-config-certcheck Add more LE debugging info to our Ansible role 2024-04-05 13:40:14 -07:00
letsencrypt-create-certs Add a Rackspace Flex SJC3 mirror server 2024-08-30 00:34:00 +00:00
letsencrypt-install-txt-record dns: abstract names 2023-04-19 09:53:10 +10:00
letsencrypt-request-certs letsencrypt-request-certs: refactor certcheck list 2022-11-23 08:26:28 +11:00
limnoria Revert "Move system-config irc bots into quay.io" 2023-05-24 13:17:54 -07:00
lodgeit Upgrade the lodgeit mariadb to 10.11 2024-02-20 14:25:42 -08:00
logrotate Cleanup opensuse mirroring configs entirely 2024-03-18 15:49:43 -07:00
mailman3 Merge "Enable extra VERP probes in Mailman" 2024-12-02 22:07:20 +00:00
mariadb Merge "Restrict permissions on mariadb compose file" 2024-04-05 03:17:11 +00:00
master-nameserver bind9 : drop obsolete option for later versions 2023-03-09 16:37:32 +11:00
matrix-eavesdrop Restart matrix-eavesdrop when config changes 2023-08-24 12:59:13 -07:00
matrix-gerritbot Report Zuul events for WanderTracks repos 2024-06-11 08:30:11 -07:00
mirror Add rabbitmq caching mirrors 2024-10-09 12:36:52 +02:00
mirror-update Trim unneeded content from OpenEuler mirror 2024-12-05 20:46:29 +00:00
nameserver nameserver: Allow master server to notify via ipv6 2020-10-28 09:26:14 +00:00
nodepool-base nodepool-base: use ipv4 ZK addresses if we don't have an ipv6 address 2023-01-12 21:50:17 +11:00
nodepool-builder Temporarily limit node image upload concurrency 2023-08-30 21:16:01 +00:00
nodepool-launcher Switch to nodepool images on quay.io 2023-04-26 10:37:08 -07:00
openafs-db-server openafs-<db|file>-server: fix role name 2021-02-10 13:49:12 +11:00
openafs-file-server openafs-<db|file>-server: fix role name 2021-02-10 13:49:12 +11:00
openafs-server-config Retire mordred as infra-root 2022-12-06 11:04:08 -06:00
opendev-ca Correct internal tracing server cert name 2022-09-28 10:38:41 -07:00
pip3 Use versioned get-pip.py URL for Ubuntu Bionic 2022-01-30 15:37:58 +00:00
ptgbot Revert "Move pull external IRC bot images from quay.io" 2023-05-24 13:42:47 -07:00
puppet-run puppet: don't run module install steps multiple times 2020-09-03 09:23:05 +10:00
puppet-setup-ansible install-ansible: move install_modules.sh to puppet-setup-ansible 2020-09-03 09:28:16 +10:00
rax-dns-backup rax-dns-backup: fix parsing 2022-11-21 11:44:07 +11:00
refstack Upgrade Refstack's MariaDB to 10.11 2024-03-04 13:27:20 -08:00
registry Fix registry container name in pruning cron job 2024-11-25 08:30:13 -08:00
reprepro Fix missing puppet8 component 2024-11-03 00:47:36 +09:00
root-keys roles: Add README.rst and lint 2018-08-23 21:34:42 +10:00
run-selenium run-selenium: Use latest tag on firefox image 2022-10-11 10:53:00 +11:00
static Host a redirect for api.openstack.org 2024-05-14 19:49:32 +00:00
statusbot Revert "Move pull external IRC bot images from quay.io" 2023-05-24 13:42:47 -07:00
sync-project-config Revert "Update to tip of master in periodic jobs" 2022-11-03 16:40:54 +11:00
vos-release Add missing newline in vos_release.sudo 2019-11-21 19:08:30 +00:00
zookeeper Bump zookeeper from 3.7 to 3.8 2023-10-11 08:56:18 -07:00
zuul Configure zuul-launcher to use its logging config file 2024-10-09 15:01:37 -07:00
zuul-executor Stop adding duplicate OpenAFS PPA on executors 2023-06-06 23:45:46 +00:00
zuul-launcher Install clouds.yaml on zuul-launcher 2024-10-10 09:05:59 -07:00
zuul-lb Do more robust checks against zuul-web with haproxy 2022-03-04 14:17:51 -08:00
zuul-merger Switch zuul container images to quay.io 2023-04-26 10:40:30 -07:00
zuul-preview Switch zuul container images to quay.io 2023-04-26 10:40:30 -07:00
zuul-scheduler Add clouds.yaml to zuul schedulers 2024-10-14 11:32:49 -07:00
zuul-status-backup Add --fail flag to zuul status backup curl 2020-04-28 08:33:05 -05:00
zuul-user Split eavesdrop into its own playbook 2020-04-23 14:34:28 -05:00
zuul-web Add robots.txt to Zuul web 2024-04-03 13:31:06 -07:00
set-hostname Split eavesdrop into its own playbook 2020-04-23 14:34:28 -05:00