diff --git a/.ci-operator.yaml b/.ci-operator.yaml index 38718883ba7..a83f0f84307 100644 --- a/.ci-operator.yaml +++ b/.ci-operator.yaml @@ -1,4 +1,4 @@ build_root_image: name: release namespace: openshift - tag: rhel-8-release-golang-1.21-openshift-4.16 + tag: rhel-9-release-golang-1.21-openshift-4.16 diff --git a/images/baremetal/Dockerfile.ci b/images/baremetal/Dockerfile.ci index 367615f32c0..d0b449d1f80 100644 --- a/images/baremetal/Dockerfile.ci +++ b/images/baremetal/Dockerfile.ci @@ -1,14 +1,15 @@ # This Dockerfile is a used by CI to publish an installer image # It builds an image containing openshift-install. -FROM registry.ci.openshift.org/ocp/builder:rhel-8-golang-1.21-openshift-4.16 AS builder +FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.21-openshift-4.16 AS builder ARG TAGS="baremetal fipscapable" WORKDIR /go/src/github.com/openshift/installer COPY . . RUN DEFAULT_ARCH="$(go env GOHOSTARCH)" hack/build.sh RUN DEFAULT_ARCH="$(go env GOHOSTARCH)" hack/build-node-joiner.sh -FROM registry.ci.openshift.org/ocp/4.16:base +FROM registry.ci.openshift.org/ocp/4.16:base-rhel9 + COPY --from=builder /go/src/github.com/openshift/installer/bin/openshift-install /bin/openshift-install RUN dnf upgrade -y && \ diff --git a/images/infrastructure-providers/Dockerfile b/images/infrastructure-providers/Dockerfile index 0c5944b8c9f..f7c457a682d 100644 --- a/images/infrastructure-providers/Dockerfile +++ b/images/infrastructure-providers/Dockerfile @@ -1,30 +1,30 @@ # FIPS support is offered via the baremetal-installer image -FROM registry.ci.openshift.org/ocp/builder:rhel-8-golang-1.21-openshift-4.16 AS macbuilder +FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.21-openshift-4.16 AS macbuilder ENV GO_COMPLIANCE_EXCLUDE=".*" WORKDIR /go/src/github.com/openshift/installer COPY . . RUN CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 make -C terraform -FROM registry.ci.openshift.org/ocp/builder:rhel-8-golang-1.21-openshift-4.16 AS macarmbuilder +FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.21-openshift-4.16 AS macarmbuilder ENV GO_COMPLIANCE_EXCLUDE=".*" WORKDIR /go/src/github.com/openshift/installer COPY . . RUN CGO_ENABLED=0 GOOS=darwin GOARCH=arm64 make -C terraform -FROM registry.ci.openshift.org/ocp/builder:rhel-8-golang-1.21-openshift-4.16 AS linuxbuilder +FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.21-openshift-4.16 AS linuxbuilder ENV GO_COMPLIANCE_EXCLUDE=".*" WORKDIR /go/src/github.com/openshift/installer COPY . . RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 make -C terraform -FROM registry.ci.openshift.org/ocp/builder:rhel-8-golang-1.21-openshift-4.16 AS linuxarmbuilder +FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.21-openshift-4.16 AS linuxarmbuilder ENV GO_COMPLIANCE_EXCLUDE=".*" WORKDIR /go/src/github.com/openshift/installer COPY . . RUN CGO_ENABLED=0 GOOS=linux GOARCH=arm64 make -C terraform -FROM registry.ci.openshift.org/ocp/4.16:base +FROM registry.ci.openshift.org/ocp/4.16:base-rhel9 WORKDIR /go/src/github.com/openshift/installer COPY --from=macbuilder /go/src/github.com/openshift/installer/terraform/bin/ terraform/bin/ COPY --from=macarmbuilder /go/src/github.com/openshift/installer/terraform/bin/ terraform/bin/ diff --git a/images/installer-artifacts/Dockerfile.rhel b/images/installer-artifacts/Dockerfile.rhel index fcee3ce1f55..95d175d86b5 100644 --- a/images/installer-artifacts/Dockerfile.rhel +++ b/images/installer-artifacts/Dockerfile.rhel @@ -5,7 +5,7 @@ FROM registry.ci.openshift.org/ocp/4.16:installer-terraform-providers AS provide # FIPS support is offered via the baremetal-installer image -FROM registry.ci.openshift.org/ocp/builder:rhel-8-golang-1.21-openshift-4.16 AS macbuilder +FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.21-openshift-4.16 AS macbuilder ENV GO_COMPLIANCE_EXCLUDE=".*" ARG TAGS="" WORKDIR /go/src/github.com/openshift/installer @@ -13,7 +13,7 @@ COPY . . COPY --from=providers /go/src/github.com/openshift/installer/terraform/bin/darwin_amd64 terraform/bin/darwin_amd64 RUN GOOS=darwin GOARCH=amd64 DEFAULT_ARCH="$(go env GOHOSTARCH)" hack/build.sh -FROM registry.ci.openshift.org/ocp/builder:rhel-8-golang-1.21-openshift-4.16 AS macarmbuilder +FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.21-openshift-4.16 AS macarmbuilder ENV GO_COMPLIANCE_EXCLUDE=".*" ARG TAGS="" WORKDIR /go/src/github.com/openshift/installer @@ -21,7 +21,7 @@ COPY . . COPY --from=providers /go/src/github.com/openshift/installer/terraform/bin/darwin_arm64 terraform/bin/darwin_arm64 RUN GOOS=darwin GOARCH=arm64 DEFAULT_ARCH="$(go env GOHOSTARCH)" hack/build.sh -FROM registry.ci.openshift.org/ocp/builder:rhel-8-golang-1.21-openshift-4.16 AS linuxbuilder +FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.21-openshift-4.16 AS linuxbuilder ENV GO_COMPLIANCE_EXCLUDE=".*" ARG TAGS="" WORKDIR /go/src/github.com/openshift/installer @@ -29,7 +29,7 @@ COPY . . COPY --from=providers /go/src/github.com/openshift/installer/terraform/bin/linux_amd64 terraform/bin/linux_amd64 RUN GOOS=linux GOARCH=amd64 DEFAULT_ARCH="$(go env GOHOSTARCH)" hack/build.sh -FROM registry.ci.openshift.org/ocp/builder:rhel-8-golang-1.21-openshift-4.16 AS linuxarmbuilder +FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.21-openshift-4.16 AS linuxarmbuilder ENV GO_COMPLIANCE_EXCLUDE=".*" ARG TAGS="" WORKDIR /go/src/github.com/openshift/installer @@ -37,13 +37,14 @@ COPY . . COPY --from=providers /go/src/github.com/openshift/installer/terraform/bin/linux_arm64 terraform/bin/linux_arm64 RUN GOOS=linux GOARCH=arm64 DEFAULT_ARCH="$(go env GOHOSTARCH)" hack/build.sh -FROM registry.ci.openshift.org/ocp/builder:rhel-8-golang-1.21-openshift-4.16 AS builder +FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.21-openshift-4.16 AS builder +ENV GO_COMPLIANCE_EXCLUDE=".*" ARG TAGS="" WORKDIR /go/src/github.com/openshift/installer COPY . . RUN go run -mod=vendor hack/build-coreos-manifest.go -FROM registry.ci.openshift.org/ocp/4.16:base +FROM registry.ci.openshift.org/ocp/4.16:base-rhel9 COPY --from=macbuilder /go/src/github.com/openshift/installer/bin/openshift-install /usr/share/openshift/mac/openshift-install COPY --from=macarmbuilder /go/src/github.com/openshift/installer/bin/openshift-install /usr/share/openshift/mac_arm64/openshift-install COPY --from=linuxbuilder /go/src/github.com/openshift/installer/bin/openshift-install /usr/share/openshift/linux_amd64/openshift-install diff --git a/images/installer/Dockerfile.ci b/images/installer/Dockerfile.ci index ecbf74e880b..91b4277d1a1 100644 --- a/images/installer/Dockerfile.ci +++ b/images/installer/Dockerfile.ci @@ -3,7 +3,7 @@ FROM registry.ci.openshift.org/ocp/4.16:installer-terraform-providers AS providers -FROM registry.ci.openshift.org/ocp/builder:rhel-8-golang-1.21-openshift-4.16 AS builder +FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.21-openshift-4.16 AS builder # FIPS support is offered via the baremetal-installer image ENV GO_COMPLIANCE_EXCLUDE=".*" ARG TAGS="" @@ -13,7 +13,8 @@ COPY --from=providers /go/src/github.com/openshift/installer/terraform/bin/ terr RUN DEFAULT_ARCH="$(go env GOHOSTARCH)" hack/build.sh RUN go run -mod=vendor hack/build-coreos-manifest.go -FROM registry.ci.openshift.org/ocp/4.16:base +FROM registry.ci.openshift.org/ocp/4.16:base-rhel9 + COPY --from=builder /go/src/github.com/openshift/installer/bin/openshift-install /bin/openshift-install COPY --from=builder /go/src/github.com/openshift/installer/bin/manifests/ /manifests/ diff --git a/images/installer/Dockerfile.upi.ci b/images/installer/Dockerfile.upi.ci index 9d78b850a2e..25fedf52d11 100644 --- a/images/installer/Dockerfile.upi.ci +++ b/images/installer/Dockerfile.upi.ci @@ -4,7 +4,7 @@ FROM registry.ci.openshift.org/ocp/4.16:installer-terraform-providers as providers -FROM registry.ci.openshift.org/ocp/builder:rhel-8-golang-1.21-openshift-4.16 AS builder +FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.21-openshift-4.16 AS builder # FIPS support is offered via the baremetal-installer image ENV GO_COMPLIANCE_EXCLUDE=".*" ARG TAGS="" @@ -18,7 +18,7 @@ FROM quay.io/ocp-splat/govc:v0.30.7 as govc FROM quay.io/multi-arch/yq:3.3.0 as yq3 FROM quay.io/multi-arch/yq:4.30.5 as yq4 -FROM registry.ci.openshift.org/ocp/4.16:base +FROM registry.ci.openshift.org/ocp/4.16:base-rhel9 COPY --from=cli /usr/bin/oc /bin/oc COPY --from=builder /go/src/github.com/openshift/installer/bin/openshift-install /bin/openshift-install COPY --from=builder /go/src/github.com/openshift/installer/upi /var/lib/openshift-install/upi @@ -26,12 +26,12 @@ COPY --from=builder /go/src/github.com/openshift/installer/upi /var/lib/openshif COPY --from=govc /govc /bin/govc RUN rpm --import https://packages.microsoft.com/keys/microsoft.asc && \ - sh -c 'echo -e "[packages-microsoft-com-prod]\nname=packages-microsoft-com-prod\nbaseurl=https://packages.microsoft.com/rhel/8/prod\nenabled=1\ngpgcheck=1\ngpgkey=https://packages.microsoft.com/keys/microsoft.asc" >/etc/yum.repos.d/microsoft-prod.repo' && \ - sh -c 'echo -e "[google-cloud-cli]\nname=Google Cloud CLI\nbaseurl=https://packages.cloud.google.com/yum/repos/cloud-sdk-el8-x86_64\nenabled=1\ngpgcheck=1\nrepo_gpgcheck=1\ngpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg\n https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg" > /etc/yum.repos.d/google-cloud-sdk.repo' + sh -c 'echo -e "[packages-microsoft-com-prod]\nname=packages-microsoft-com-prod\nbaseurl=https://packages.microsoft.com/rhel/9/prod\nenabled=1\ngpgcheck=1\ngpgkey=https://packages.microsoft.com/keys/microsoft.asc" >/etc/yum.repos.d/microsoft-prod.repo' && \ + sh -c 'echo -e "[google-cloud-cli]\nname=Google Cloud CLI\nbaseurl=https://packages.cloud.google.com/yum/repos/cloud-sdk-el9-x86_64\nenabled=1\ngpgcheck=1\nrepo_gpgcheck=0\ngpgkey=https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg" > /etc/yum.repos.d/google-cloud-sdk.repo' RUN yum update -y && \ yum install --setopt=tsflags=nodocs -y \ - azure-cli-2.49.0-1.el8 \ + azure-cli-2.49.0-1.el9 \ gettext \ google-cloud-cli-447.0.0-1 \ gzip \ @@ -40,8 +40,7 @@ RUN yum update -y && \ openssh-clients \ openssl \ powershell \ - python3-pyOpenSSL \ - python2-pyyaml \ + python3-pip \ python3-pyyaml \ bind-utils \ util-linux \ @@ -59,7 +58,8 @@ RUN curl -sSL "${ALIYUN_URI}" --output /tmp/aliyun-cli-linux-latest-amd64.tgz && rm -f /tmp/aliyun-cli-linux-latest-amd64.tgz # Not packaged, but required by gcloud. See https://cloud.google.com/sdk/crypto -RUN pip-3 install cryptography +# Pin version because of https://github.com/GoogleCloudPlatform/gsutil/issues/1753 +RUN pip-3 install cryptography pyOpenSSL==23.2.0 ENV CLOUDSDK_PYTHON=/usr/bin/python ENV CLOUDSDK_PYTHON_SITEPACKAGES=1 diff --git a/images/libvirt/Dockerfile.ci b/images/libvirt/Dockerfile.ci index 54f2800c14d..7096703482f 100644 --- a/images/libvirt/Dockerfile.ci +++ b/images/libvirt/Dockerfile.ci @@ -2,7 +2,7 @@ # It builds an image containing openshift-install and nss-wrapper for remote deployments, as well as the google cloud-sdk for nested GCE environments and # oc for getting assets from an existing cluster to spin up multi-architecture compute clusters on libvirt. -FROM registry.ci.openshift.org/ocp/builder:rhel-8-golang-1.21-openshift-4.16 AS builder +FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.21-openshift-4.16 AS builder ARG TAGS="libvirt fipscapable" WORKDIR /go/src/github.com/openshift/installer COPY . . @@ -12,7 +12,7 @@ FROM registry.ci.openshift.org/ocp/4.16:cli as cli FROM quay.io/multi-arch/yq:3.3.0 as yq3 FROM quay.io/multi-arch/yq:4.30.5 as yq4 -FROM quay.io/centos/centos:stream +FROM quay.io/centos/centos:stream9 COPY --from=builder /go/src/github.com/openshift/installer/bin/openshift-install /bin/openshift-install COPY --from=builder /go/src/github.com/openshift/installer/images/libvirt/mock-nss.sh /bin/mock-nss.sh COPY --from=builder /go/src/github.com/openshift/installer/images/libvirt/google-cloud-sdk.repo /etc/yum.repos.d/google-cloud-sdk.repo @@ -22,7 +22,7 @@ RUN yum update -y && \ yum install --setopt=tsflags=nodocs -y \ genisoimage \ gettext \ - google-cloud-sdk-365.0.1 \ + google-cloud-sdk \ libvirt-client \ libvirt-libs \ nss_wrapper \ diff --git a/images/libvirt/google-cloud-sdk.repo b/images/libvirt/google-cloud-sdk.repo index ced4c9350ba..b5ce05b6f23 100644 --- a/images/libvirt/google-cloud-sdk.repo +++ b/images/libvirt/google-cloud-sdk.repo @@ -1,8 +1,7 @@ [google-cloud-sdk] name=Google Cloud SDK -baseurl=https://packages.cloud.google.com/yum/repos/cloud-sdk-el8-x86_64 +baseurl=https://packages.cloud.google.com/yum/repos/cloud-sdk-el9-x86_64 enabled=1 gpgcheck=1 -repo_gpgcheck=1 -gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg - https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg +repo_gpgcheck=0 +gpgkey=https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg diff --git a/images/openstack/Dockerfile.ci b/images/openstack/Dockerfile.ci index cb93b335cbd..60c9c884ffa 100644 --- a/images/openstack/Dockerfile.ci +++ b/images/openstack/Dockerfile.ci @@ -2,7 +2,7 @@ # It builds an image containing the openshift-install command as well as the openstack cli. FROM registry.ci.openshift.org/ocp/4.16:installer-terraform-providers as providers -FROM registry.ci.openshift.org/ocp/builder:rhel-8-golang-1.21-openshift-4.16 AS builder +FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.21-openshift-4.16 AS builder # FIPS support is offered via the baremetal-installer image ENV GO_COMPLIANCE_EXCLUDE=".*" ARG TAGS="" @@ -13,7 +13,7 @@ RUN DEFAULT_ARCH="$(go env GOHOSTARCH)" hack/build.sh FROM registry.ci.openshift.org/ocp/4.16:cli AS cli -FROM registry.ci.openshift.org/ocp/4.16:base +FROM registry.ci.openshift.org/ocp/4.16:base-rhel9 COPY --from=cli /usr/bin/oc /bin/oc COPY --from=builder /go/src/github.com/openshift/installer/bin/openshift-install /bin/openshift-install COPY --from=builder /go/src/github.com/openshift/installer/upi/openstack /var/lib/openshift-install/upi @@ -22,21 +22,14 @@ COPY --from=builder /go/src/github.com/openshift/installer/hack/openstack/test-m # Install Dependendencies for tests # https://github.com/openshift/origin/blob/6114cbc507bf18890f009f16ee424a62007bc390/images/tests/Dockerfile.rhel -RUN yum install --setopt=tsflags=nodocs -y gettext make git gzip util-linux glibc-locale-source && \ +RUN yum update -y && \ + yum install --setopt=tsflags=nodocs -y gettext make git gzip util-linux glibc-locale-source python3-pip unzip jq nmap && \ yum clean all && rm -rf /var/cache/yum/* && \ localedef -c -f UTF-8 -i en_US en_US.UTF-8 && \ git config --system user.name test && \ git config --system user.email test@example.com && \ chmod g+w /etc/passwd -RUN yum update -y && \ - yum install --setopt=tsflags=nodocs -y \ - python38 unzip jq nmap && \ - yum erase -y python36 && \ - yum clean all && rm -rf /var/cache/yum/* - -RUN python3 -m pip install --upgrade pip - # ansible 2.9 is EOL in September 2023, so we need to install ansible-core and get the collections from source # until we have a package available. RUN python3 -m pip install ansible-core diff --git a/pkg/hostcrypt/static.go b/pkg/hostcrypt/static.go index 049b96cf752..72c919dc6c9 100644 --- a/pkg/hostcrypt/static.go +++ b/pkg/hostcrypt/static.go @@ -5,13 +5,13 @@ package hostcrypt import "fmt" -const binaryInstructions = "To obtain a suitable binary, download the openshift-install-rhel8 archive from the client mirror, or extract the openshift-install-fips command from the release payload." +const binaryInstructions = "To obtain a suitable binary, download the openshift-install-rhel9 archive from the client mirror, or extract the openshift-install-fips command from the release payload." func allowFIPSCluster() error { hostMsg := "" if fipsEnabled, err := hostFIPSEnabled(); err != nil || !fipsEnabled { hostMsg = " on a host with FIPS enabled" } - return fmt.Errorf("use the FIPS-capable installer binary for RHEL 8%s.\n%s", + return fmt.Errorf("use the FIPS-capable installer binary for RHEL 9%s.\n%s", hostMsg, binaryInstructions) }