| Dean Troyer | 9acc12a | 2013-08-09 15:09:31 -0500 | [diff] [blame] | 1 | #!/usr/bin/env bash | 
|  | 2 |  | 
|  | 3 | # **fixup_stuff.sh** | 
|  | 4 |  | 
|  | 5 | # fixup_stuff.sh | 
|  | 6 | # | 
|  | 7 | # All distro and package specific hacks go in here | 
| Attila Fazekas | 1f316be | 2015-01-26 16:39:57 +0100 | [diff] [blame] | 8 |  | 
| Dean Troyer | 49ba224 | 2013-08-09 19:51:20 -0500 | [diff] [blame] | 9 |  | 
| Dean Troyer | dc97cb7 | 2015-03-28 08:20:50 -0500 | [diff] [blame] | 10 | # If ``TOP_DIR`` is set we're being sourced rather than running stand-alone | 
| Dean Troyer | 04a3511 | 2014-08-15 14:03:52 -0500 | [diff] [blame] | 11 | # or in a sub-shell | 
|  | 12 | if [[ -z "$TOP_DIR" ]]; then | 
|  | 13 | set -o errexit | 
|  | 14 | set -o xtrace | 
| Dean Troyer | 9acc12a | 2013-08-09 15:09:31 -0500 | [diff] [blame] | 15 |  | 
| Dean Troyer | 04a3511 | 2014-08-15 14:03:52 -0500 | [diff] [blame] | 16 | # Keep track of the current directory | 
|  | 17 | TOOLS_DIR=$(cd $(dirname "$0") && pwd) | 
|  | 18 | TOP_DIR=$(cd $TOOLS_DIR/..; pwd) | 
| Dean Troyer | 9acc12a | 2013-08-09 15:09:31 -0500 | [diff] [blame] | 19 |  | 
| Dean Troyer | dc97cb7 | 2015-03-28 08:20:50 -0500 | [diff] [blame] | 20 | # Change dir to top of DevStack | 
| Dean Troyer | 04a3511 | 2014-08-15 14:03:52 -0500 | [diff] [blame] | 21 | cd $TOP_DIR | 
| Dean Troyer | 9acc12a | 2013-08-09 15:09:31 -0500 | [diff] [blame] | 22 |  | 
| Dean Troyer | 04a3511 | 2014-08-15 14:03:52 -0500 | [diff] [blame] | 23 | # Import common functions | 
|  | 24 | source $TOP_DIR/functions | 
| Dean Troyer | 9acc12a | 2013-08-09 15:09:31 -0500 | [diff] [blame] | 25 |  | 
| Dean Troyer | 04a3511 | 2014-08-15 14:03:52 -0500 | [diff] [blame] | 26 | FILES=$TOP_DIR/files | 
|  | 27 | fi | 
| Dean Troyer | 9acc12a | 2013-08-09 15:09:31 -0500 | [diff] [blame] | 28 |  | 
| Dean Troyer | 49ba224 | 2013-08-09 19:51:20 -0500 | [diff] [blame] | 29 | # Python Packages | 
|  | 30 | # --------------- | 
|  | 31 |  | 
| IWAMOTO Toshihiro | 4d835e3 | 2018-02-05 16:57:41 +0900 | [diff] [blame] | 32 | function fixup_fedora { | 
|  | 33 | if ! is_fedora; then | 
|  | 34 | return | 
|  | 35 | fi | 
| Dean Troyer | 49ba224 | 2013-08-09 19:51:20 -0500 | [diff] [blame] | 36 | # Disable selinux to avoid configuring to allow Apache access | 
| Gonéri Le Bouder | 394c11c | 2013-11-05 10:35:55 +0100 | [diff] [blame] | 37 | # to Horizon files (LP#1175444) | 
| Dean Troyer | 49ba224 | 2013-08-09 19:51:20 -0500 | [diff] [blame] | 38 | if selinuxenabled; then | 
|  | 39 | sudo setenforce 0 | 
|  | 40 | fi | 
| Dean Troyer | 85ebb3a | 2014-08-19 10:54:59 -0500 | [diff] [blame] | 41 |  | 
| Ian Wienand | e82bac0 | 2015-08-25 14:29:08 +1000 | [diff] [blame] | 42 | FORCE_FIREWALLD=$(trueorfalse False FORCE_FIREWALLD) | 
| Ian Wienand | 3380a16 | 2015-05-15 13:12:02 +1000 | [diff] [blame] | 43 | if [[ $FORCE_FIREWALLD == "False" ]]; then | 
| Kashyap Chamarthy | 7c9df10 | 2015-01-02 18:39:29 +0100 | [diff] [blame] | 44 | # On Fedora 20 firewalld interacts badly with libvirt and | 
| Ian Wienand | 3380a16 | 2015-05-15 13:12:02 +1000 | [diff] [blame] | 45 | # slows things down significantly (this issue was fixed in | 
|  | 46 | # later fedoras).  There was also an additional issue with | 
|  | 47 | # firewalld hanging after install of libvirt with polkit [1]. | 
|  | 48 | # firewalld also causes problems with neturon+ipv6 [2] | 
|  | 49 | # | 
|  | 50 | # Note we do the same as the RDO packages and stop & disable, | 
|  | 51 | # rather than remove.  This is because other packages might | 
|  | 52 | # have the dependency [3][4]. | 
|  | 53 | # | 
|  | 54 | # [1] https://bugzilla.redhat.com/show_bug.cgi?id=1099031 | 
|  | 55 | # [2] https://bugs.launchpad.net/neutron/+bug/1455303 | 
|  | 56 | # [3] https://github.com/redhat-openstack/openstack-puppet-modules/blob/master/firewall/manifests/linux/redhat.pp | 
| Takashi NATSUME | fa00777 | 2017-07-22 08:59:43 +0900 | [diff] [blame] | 57 | # [4] https://docs.openstack.org/devstack/latest/guides/neutron.html | 
| Dean Troyer | 85ebb3a | 2014-08-19 10:54:59 -0500 | [diff] [blame] | 58 | if is_package_installed firewalld; then | 
| Ian Wienand | 3380a16 | 2015-05-15 13:12:02 +1000 | [diff] [blame] | 59 | sudo systemctl disable firewalld | 
| Ben Nemec | 64b2ebc | 2015-06-05 12:22:36 -0500 | [diff] [blame] | 60 | # The iptables service files are no longer included by default, | 
|  | 61 | # at least on a baremetal Fedora 21 Server install. | 
|  | 62 | install_package iptables-services | 
| Ian Wienand | 3380a16 | 2015-05-15 13:12:02 +1000 | [diff] [blame] | 63 | sudo systemctl enable iptables | 
|  | 64 | sudo systemctl stop firewalld | 
|  | 65 | sudo systemctl start iptables | 
| Dean Troyer | 85ebb3a | 2014-08-19 10:54:59 -0500 | [diff] [blame] | 66 | fi | 
|  | 67 | fi | 
| Attila Fazekas | c7e772c | 2015-09-01 15:18:57 +0200 | [diff] [blame] | 68 |  | 
| Ian Wienand | f0dc93d | 2018-04-20 10:42:07 +1000 | [diff] [blame] | 69 | # Since pip10, pip will refuse to uninstall files from packages | 
|  | 70 | # that were created with distutils (rather than more modern | 
|  | 71 | # setuptools).  This is because it technically doesn't have a | 
|  | 72 | # manifest of what to remove.  However, in most cases, simply | 
|  | 73 | # overwriting works.  So this hacks around those packages that | 
|  | 74 | # have been dragged in by some other system dependency | 
| Carlos Goncalves | b9fe9c7 | 2020-08-20 14:42:55 +0200 | [diff] [blame] | 75 | sudo rm -rf /usr/lib64/python3*/site-packages/PyYAML-*.egg-info | 
| Gregory Thiemonge | a5d5283 | 2021-06-18 13:53:21 +0200 | [diff] [blame] | 76 |  | 
|  | 77 | # After updating setuptools based on the requirements, the files from the | 
|  | 78 | # python3-setuptools RPM are deleted, it breaks some tools such as semanage | 
|  | 79 | # (used in diskimage-builder) that use the -s flag of the python | 
|  | 80 | # interpreter, enforcing the use of the packages from /usr/lib. | 
|  | 81 | # Importing setuptools/pkg_resources in a such environment fails. | 
|  | 82 | # Enforce the package re-installation to fix those applications. | 
|  | 83 | if is_package_installed python3-setuptools; then | 
|  | 84 | sudo dnf reinstall -y python3-setuptools | 
|  | 85 | fi | 
| yatinkarel | d5d0bed | 2022-01-17 12:04:16 +0530 | [diff] [blame] | 86 | # Workaround CentOS 8-stream iputils and systemd Bug | 
|  | 87 | # https://bugzilla.redhat.com/show_bug.cgi?id=2037807 | 
|  | 88 | if [[ $os_VENDOR == "CentOSStream" && $os_RELEASE -eq 8 ]]; then | 
|  | 89 | sudo sysctl -w net.ipv4.ping_group_range='0 2147483647' | 
|  | 90 | fi | 
| IWAMOTO Toshihiro | 4d835e3 | 2018-02-05 16:57:41 +0900 | [diff] [blame] | 91 | } | 
| Vigneshvar.A.S | 834b804 | 2015-02-14 01:05:55 +0530 | [diff] [blame] | 92 |  | 
| aojeagarcia | eb7d1ad | 2018-09-24 10:17:16 +0200 | [diff] [blame] | 93 | function fixup_suse { | 
|  | 94 | if ! is_suse; then | 
|  | 95 | return | 
|  | 96 | fi | 
|  | 97 |  | 
| Adam Spiers | 6c7337e | 2019-08-07 14:34:56 +0100 | [diff] [blame] | 98 | # Deactivate and disable apparmor profiles in openSUSE and SLE | 
|  | 99 | # distros to avoid issues with haproxy and dnsmasq.  In newer | 
|  | 100 | # releases, systemctl stop apparmor is actually a no-op, so we | 
|  | 101 | # have to use aa-teardown to make sure we've deactivated the | 
|  | 102 | # profiles: | 
|  | 103 | # | 
|  | 104 | # https://www.suse.com/releasenotes/x86_64/SUSE-SLES/15/#fate-325343 | 
|  | 105 | # https://gitlab.com/apparmor/apparmor/merge_requests/81 | 
|  | 106 | # https://build.opensuse.org/package/view_file/openSUSE:Leap:15.2/apparmor/apparmor.service?expand=1 | 
|  | 107 | if sudo systemctl is-active -q apparmor; then | 
|  | 108 | sudo systemctl stop apparmor | 
|  | 109 | fi | 
|  | 110 | if [ -x /usr/sbin/aa-teardown ]; then | 
| aojeagarcia | eb7d1ad | 2018-09-24 10:17:16 +0200 | [diff] [blame] | 111 | sudo /usr/sbin/aa-teardown | 
|  | 112 | fi | 
| Adam Spiers | 6c7337e | 2019-08-07 14:34:56 +0100 | [diff] [blame] | 113 | if sudo systemctl is-enabled -q apparmor; then | 
|  | 114 | sudo systemctl disable apparmor | 
|  | 115 | fi | 
| Colleen Murphy | 10f4409 | 2019-02-28 23:44:14 +0100 | [diff] [blame] | 116 |  | 
|  | 117 | # Since pip10, pip will refuse to uninstall files from packages | 
|  | 118 | # that were created with distutils (rather than more modern | 
|  | 119 | # setuptools).  This is because it technically doesn't have a | 
|  | 120 | # manifest of what to remove.  However, in most cases, simply | 
|  | 121 | # overwriting works.  So this hacks around those packages that | 
|  | 122 | # have been dragged in by some other system dependency | 
|  | 123 | sudo rm -rf /usr/lib/python3.6/site-packages/ply-*.egg-info | 
| Colleen Murphy | 6eb2c59 | 2019-09-25 12:51:23 -0700 | [diff] [blame] | 124 | sudo rm -rf /usr/lib/python3.6/site-packages/six-*.egg-info | 
| Colleen Murphy | 497caf0 | 2020-04-03 10:14:07 -0700 | [diff] [blame] | 125 |  | 
|  | 126 | # Ensure trusted CA certificates are up to date | 
|  | 127 | # See https://bugzilla.suse.com/show_bug.cgi?id=1154871 | 
|  | 128 | # May be removed once a new opensuse-15 image is available in nodepool | 
|  | 129 | sudo zypper up -y p11-kit ca-certificates-mozilla | 
| aojeagarcia | eb7d1ad | 2018-09-24 10:17:16 +0200 | [diff] [blame] | 130 | } | 
|  | 131 |  | 
| Lucas Alvares Gomes | e651d9e | 2020-11-19 14:50:01 +0000 | [diff] [blame] | 132 | function fixup_ovn_centos { | 
|  | 133 | if [[ $os_VENDOR != "CentOS" ]]; then | 
|  | 134 | return | 
|  | 135 | fi | 
|  | 136 | # OVN packages are part of this release for CentOS | 
|  | 137 | yum_install centos-release-openstack-victoria | 
|  | 138 | } | 
|  | 139 |  | 
| Ian Wienand | 6b9a564 | 2021-07-28 11:19:57 +1000 | [diff] [blame] | 140 | function fixup_ubuntu { | 
|  | 141 | if ! is_ubuntu; then | 
|  | 142 | return | 
|  | 143 | fi | 
|  | 144 |  | 
|  | 145 | # Since pip10, pip will refuse to uninstall files from packages | 
|  | 146 | # that were created with distutils (rather than more modern | 
|  | 147 | # setuptools).  This is because it technically doesn't have a | 
|  | 148 | # manifest of what to remove.  However, in most cases, simply | 
|  | 149 | # overwriting works.  So this hacks around those packages that | 
|  | 150 | # have been dragged in by some other system dependency | 
|  | 151 | sudo rm -rf /usr/lib/python3/dist-packages/PyYAML-*.egg-info | 
| Dr. Jens Harbott | 61a37bf | 2021-10-08 10:59:09 +0200 | [diff] [blame] | 152 | sudo rm -rf /usr/lib/python3/dist-packages/pyasn1_modules-*.egg-info | 
|  | 153 | sudo rm -rf /usr/lib/python3/dist-packages/simplejson-*.egg-info | 
| Ian Wienand | 6b9a564 | 2021-07-28 11:19:57 +1000 | [diff] [blame] | 154 | } | 
|  | 155 |  | 
| IWAMOTO Toshihiro | 4d835e3 | 2018-02-05 16:57:41 +0900 | [diff] [blame] | 156 | function fixup_all { | 
| Ian Wienand | 6b9a564 | 2021-07-28 11:19:57 +1000 | [diff] [blame] | 157 | fixup_ubuntu | 
| IWAMOTO Toshihiro | 4d835e3 | 2018-02-05 16:57:41 +0900 | [diff] [blame] | 158 | fixup_fedora | 
| aojeagarcia | eb7d1ad | 2018-09-24 10:17:16 +0200 | [diff] [blame] | 159 | fixup_suse | 
| IWAMOTO Toshihiro | 4d835e3 | 2018-02-05 16:57:41 +0900 | [diff] [blame] | 160 | } |