diff --git a/.github/workflows/overcloud-host-image-build.yml b/.github/workflows/overcloud-host-image-build.yml index d67577d9d..13bf071f7 100644 --- a/.github/workflows/overcloud-host-image-build.yml +++ b/.github/workflows/overcloud-host-image-build.yml @@ -31,7 +31,7 @@ jobs: overcloud-host-image-build: name: Build overcloud host images if: github.repository == 'stackhpc/stackhpc-kayobe-config' - runs-on: [self-hosted, stackhpc-kayobe-config-kolla-builder] + runs-on: [self-hosted, stackhpc-kayobe-config-kolla-builder-rl9] permissions: {} steps: - uses: actions/checkout@v3 @@ -65,10 +65,9 @@ jobs: ref: refs/heads/stackhpc/${{ steps.openstack_release.outputs.openstack_release }} path: src/kayobe - # FIXME: Failed in kolla-ansible : Ensure the latest version of pip is installed - name: Install dependencies run: | - sudo dnf -y install python3-virtualenv zstd + sudo dnf -y install zstd - name: Setup networking run: | diff --git a/.github/workflows/overcloud-host-image-promote.yml b/.github/workflows/overcloud-host-image-promote.yml index 8bead6fd5..52674db04 100644 --- a/.github/workflows/overcloud-host-image-promote.yml +++ b/.github/workflows/overcloud-host-image-promote.yml @@ -21,7 +21,7 @@ jobs: overcloud-host-image-promote: name: Promote overcloud host image if: github.repository == 'stackhpc/stackhpc-kayobe-config' - runs-on: [self-hosted, stackhpc-kayobe-config-kolla-builder] + runs-on: [self-hosted, stackhpc-kayobe-config-kolla-builder-rl9] steps: - uses: actions/checkout@v3 with: @@ -40,11 +40,6 @@ jobs: ref: refs/heads/stackhpc/${{ steps.openstack_release.outputs.openstack_release }} path: src/kayobe - # FIXME: Failed in kolla-ansible : Ensure the latest version of pip is installed - - name: Install dependencies - run: | - sudo dnf -y install python3-virtualenv - - name: Setup networking run: | if ! ip l show breth1 >/dev/null 2>&1; then diff --git a/.github/workflows/stackhpc-all-in-one.yml b/.github/workflows/stackhpc-all-in-one.yml index 6b560fac9..261ec3994 100644 --- a/.github/workflows/stackhpc-all-in-one.yml +++ b/.github/workflows/stackhpc-all-in-one.yml @@ -79,7 +79,7 @@ jobs: - name: Output image tag id: image_tag run: | - echo image_tag=$(grep stackhpc_${{ inputs.os_distribution }}_${{ inputs.os_release }}_overcloud_host_image_version etc/kayobe/environments/ci-aio/stackhpc-ci.yml | awk '{print $2}') >> $GITHUB_OUTPUT + echo image_tag=$(grep stackhpc_${{ inputs.os_distribution }}_$(sed s/-/_/ <(echo "${{ inputs.os_release }}"))_overcloud_host_image_version: etc/kayobe/pulp-host-image-versions.yml | awk '{print $2}') >> $GITHUB_OUTPUT # Use the image override if set, otherwise use overcloud-os_distribution-os_release-tag - name: Output image name diff --git a/.github/workflows/stackhpc-container-image-build.yml b/.github/workflows/stackhpc-container-image-build.yml index 9ff1913e8..7fcc84994 100644 --- a/.github/workflows/stackhpc-container-image-build.yml +++ b/.github/workflows/stackhpc-container-image-build.yml @@ -40,7 +40,7 @@ jobs: generate-tag: name: Generate container image tag if: github.repository == 'stackhpc/stackhpc-kayobe-config' - runs-on: [self-hosted, stackhpc-kayobe-config-kolla-builder] + runs-on: [self-hosted, stackhpc-kayobe-config-kolla-builder-rl9] permissions: {} outputs: datetime_tag: ${{ steps.datetime_tag.outputs.datetime_tag }} @@ -88,7 +88,7 @@ jobs: container-image-build: name: Build Kolla container images if: github.repository == 'stackhpc/stackhpc-kayobe-config' - runs-on: [self-hosted, stackhpc-kayobe-config-kolla-builder] + runs-on: [self-hosted, stackhpc-kayobe-config-kolla-builder-rl9] timeout-minutes: 720 permissions: {} strategy: @@ -107,11 +107,6 @@ jobs: ref: refs/heads/stackhpc/${{ needs.generate-tag.outputs.openstack_release }} path: src/kayobe - # FIXME: Failed in kolla-ansible : Ensure the latest version of pip is installed - - name: Install dependencies - run: | - sudo dnf -y install python3-virtualenv - - name: Setup networking run: | if ! ip l show breth1 >/dev/null 2>&1; then @@ -127,14 +122,6 @@ jobs: sudo ip l set dummy1 up sudo ip l set dummy1 master breth1 - # FIXME: Without this workaround we see the following issue after the runner is power cycled: - # TASK [MichaelRigart.interfaces : RedHat | ensure network service is started and enabled] *** - # Unable to start service network: Job for network.service failed because the control process exited with error code. - # See \"systemctl status network.service\" and \"journalctl -xe\" for details. - - name: Kill dhclient (workaround) - run: | - (sudo killall dhclient || true) && sudo systemctl restart network - - name: Install Kayobe run: | mkdir -p venvs && diff --git a/.readthedocs.yaml b/.readthedocs.yaml new file mode 100644 index 000000000..4803b7d39 --- /dev/null +++ b/.readthedocs.yaml @@ -0,0 +1,27 @@ +# Read the Docs configuration file +# See https://docs.readthedocs.io/en/stable/config-file/v2.html for details + +# Required +version: 2 + +# Set the version of Python and other tools you might need +build: + apt_packages: + - tox + os: ubuntu-22.04 + tools: + python: "3.7" + jobs: + post_checkout: + - git remote set-branches origin master stackhpc/zed stackhpc/yoga stackhpc/xena stackhpc/wallaby + - git fetch --unshallow + +# Build documentation in the doc/source/ directory with Sphinx +sphinx: + configuration: doc/source/conf.py + +# We recommend specifying your dependencies to enable reproducible builds: +# https://docs.readthedocs.io/en/stable/guides/reproducible-builds.html +python: + install: + - requirements: doc/requirements.txt diff --git a/.yamllint b/.yamllint index 70b008794..96b2b10dd 100644 --- a/.yamllint +++ b/.yamllint @@ -11,3 +11,12 @@ rules: require-starting-space: false line-length: disable truthy: disable + +ignore: | + *etc/kayobe/environments/ci-multinode/secrets.yml + *etc/kayobe/environments/ci-multinode/kolla/globals-tls-config.yml + .automation/ + releasenotes/ + .github/ + .gitlab/ + .gitlab-ci.yml diff --git a/doc/source/configuration/host-images.rst b/doc/source/configuration/host-images.rst index ba35a244f..530068c4d 100644 --- a/doc/source/configuration/host-images.rst +++ b/doc/source/configuration/host-images.rst @@ -4,6 +4,42 @@ Host Images =========== +Pulling host images +=================== + +StackHPC provides pre-built overcloud host images through Ark, which can be +consumed using the configuration provided by this repository. + +When configured, an image will be downloaded to the seed during the +``kayobe seed service deploy`` step, and subsequently deployed using bifrost +with ``kayobe overcloud provision``. + +To use these images, set ``stackhpc_download_overcloud_host_images`` to true +in ``etc/kayobe/stackhpc-overcloud-host-images.yml``. + +Currently, images exist for the following operating systems: + +* Rocky Linux 9 +* Ubuntu Jammy 22.04 + +The image to download is selected automatically using the ``os_distribution`` +and ``os_release`` variables. These images are versioned and a variable for +each OS is stored in ``pulp-host-image-versions.yml``. + +This content requires the same set of credentials as is used for other +release train content. + +The Ark pulp credentials issued by StackHPC should be configured in +``etc/kayobe/pulp.yml``, using Ansible Vault to encrypt the password: + +.. code-block:: yaml + + stackhpc_release_pulp_username: + stackhpc_release_pulp_password: + +Building host images +==================== + StackHPC Kayobe configuration provides configuration for some standard overcloud host images, built using the :kayobe-doc:`overcloud DIB ` functionality of Kayobe. diff --git a/doc/source/configuration/release-train.rst b/doc/source/configuration/release-train.rst index 157ef384a..88079d8dd 100644 --- a/doc/source/configuration/release-train.rst +++ b/doc/source/configuration/release-train.rst @@ -2,9 +2,9 @@ StackHPC Release Train ====================== -StackHPC provides packages and container images for OpenStack via `Ark -`__. These artifacts are built and released using a -process known as the `Release Train +StackHPC provides packages, container images, and host images for OpenStack via +`Ark `__. These artifacts are built and released using +a process known as the `Release Train `__. Deployments should use a local `Pulp `__ repository @@ -41,6 +41,7 @@ This configuration provides the following: * Playbooks to synchronise a local Pulp service with Ark * Configuration to use the local Pulp repository mirrors on control plane hosts * Configuration to use the local Pulp container registry on control plane hosts +* Configuration to deploy pre-built OS images to overcloud hosts using Bifrost Local Pulp server ----------------- @@ -60,6 +61,10 @@ Pulp startup. If a proxy is required to access the Internet from the seed, ``pulp_proxy_url`` may be used. +Host images are not synchronised to the local Pulp server, since they should +only be pulled to the seed node once. More information on host images can be +found :ref:`here `. + StackHPC Ark ------------ @@ -74,6 +79,9 @@ The Ark pulp credentials issued by StackHPC should be configured in Package repositories -------------------- +Rocky Linux 9 and Ubuntu Jammy package repositories are synced based on the +value of ``os_distribution`` and ``os_release``. + On Ark, each package repository provides versioned snapshots using a datetime stamp (e.g. ``20220817T082321``). The current set of tested versions is defined in ``etc/kayobe/pulp-repo-versions.yml``. This file is managed by the StackHPC @@ -83,15 +91,28 @@ repository. Package managers ---------------- -For Rocky Linux based systems, package manager configuration is -provided by ``stackhpc_dnf_repos`` in ``etc/kayobe/dnf.yml``, which points to -package repositories on the local Pulp server. To use this configuration, the +For Ubuntu Jammy systems, the package manager configuration is provided by +``stackhpc_apt_repositories`` in ``etc/kayobe/apt.yml``. + +The configuration is applied by default to all Ubuntu hosts. The configuration +can be overridden by changing the repository definitions in +``apt_repositories`` or toggling ``apt_disable_sources_list`` to use the +default apt repositories. This can be done on a host-by host basis by defining +the variables as host or group vars under ``etc/kayobe/inventory/host_vars`` or +``etc/kayobe/inventory/group_vars``. + +For Rocky Linux based systems, package manager configuration is provided by +``stackhpc_dnf_repos`` in ``etc/kayobe/dnf.yml``, which points to package +repositories on the local Pulp server. To use this configuration, the ``dnf_custom_repos`` variable must be set, and this is done for hosts in the ``overcloud`` group via the group_vars file ``etc/kayobe/inventory/group_vars/overcloud/stackhpc-dnf-repos``. Similar configuration may be added for other groups, however there may be ordering issues during initial deployment when Pulp has not yet been deployed. +In both instances, the configuration points to package repositories on the +local Pulp server. + The distribution name for the environment should be configured as either ``development`` or ``production`` via ``stackhpc_repo_distribution`` in ``etc/kayobe/stackhpc.yml``. @@ -102,6 +123,13 @@ Ceph container images By default, Ceph images are not synced from quay.io to the local Pulp. To sync these images, set ``stackhpc_sync_ceph_images`` to ``true``. +HashiCorp container images +-------------------------- + +By default, HashiCorp images (Consul and Vault) are not synced from Docker Hub +to the local Pulp. To sync these images, set ``stackhpc_sync_hashicorp_images`` +to ``true``. + Usage ===== @@ -136,7 +164,7 @@ See the Kayobe :kayobe-doc:`custom playbook documentation these are new container image repositories, then the new image tags will not be available to cloud nodes until they have been published. * ``pulp-container-publish.yml``: Publish synchronised container images in the - local Pulp. This will make synchonised container images available to cloud + local Pulp. This will make synchronised container images available to cloud nodes. Syncing content @@ -254,4 +282,4 @@ you will see a 404 error during ``pulp-repo-sync.yml``: msg: Task failed to complete. (failed; 404, message='Not Found', url=URL('https://ark.stackhpc.com/pulp/content/rocky/9/BaseOS/x86_64/os/20211122T102435')) ''' The issue can be rectified by updating the ``stackhpc_release_pulp_username`` -and ``stackhpc_release_pulp_password`` variables +and ``stackhpc_release_pulp_password`` variables. diff --git a/doc/source/configuration/vault.rst b/doc/source/configuration/vault.rst index 403019bde..cacd12e96 100644 --- a/doc/source/configuration/vault.rst +++ b/doc/source/configuration/vault.rst @@ -39,6 +39,11 @@ Before beginning the deployment of vault for openstack internal TLS and backend * Ansible Galaxy dependencies installed: ``kayobe control host bootstrap`` * Python dependencies installed: ``pip install -r kayobe-config/requirements.txt`` +By default, Consul and Vault images are not synced from Docker Hub to the local +Pulp. To sync these images, set ``stackhpc_sync_hashicorp_images`` to ``true``. +The Vault deployment configuration will be automatically updated to pull images +from Pulp. + Deployment ========== @@ -210,6 +215,16 @@ Enable the required TLS variables in kayobe and kolla 3. Deploy backend and internal TLS + .. warning:: + + It is important that you are only using admin endpoints for keystone. If + any admin endpoints exist for other services, they must be deleted e.g. + + .. code-block:: + + openstack endpoint list --interface admin -f value | \ + awk '!/keystone/ {print $1}' | xargs openstack endpoint delete + .. code-block:: kayobe overcloud service deploy diff --git a/doc/source/contributor/environments/aufn-ceph.rst b/doc/source/contributor/environments/aufn-ceph.rst index 8683dea50..5fe07b86f 100644 --- a/doc/source/contributor/environments/aufn-ceph.rst +++ b/doc/source/contributor/environments/aufn-ceph.rst @@ -6,6 +6,11 @@ This environment creates a Universe-from-nothing_-style deployment of Kayobe con .. _Universe-from-nothing: https://github.com/stackhpc/a-universe-from-nothing +.. warning:: + + This guide was written for the Yoga release and has not been validated for + Zed. Proceed with caution. + Prerequisites ============= diff --git a/doc/source/contributor/environments/ci-aio.rst b/doc/source/contributor/environments/ci-aio.rst index 164517173..eecd07798 100644 --- a/doc/source/contributor/environments/ci-aio.rst +++ b/doc/source/contributor/environments/ci-aio.rst @@ -44,7 +44,9 @@ Run the setup script: The script will pull the current version of Kayobe and this repository, and then run the manual setup steps below. The script can be easily edited to use -a different branch of Kayobe or this repository. +a different branch of Kayobe or this repository. The script will automatically +determine whether your image is LVM based, if so, it will expand the volume sizes +to allow ansible dependencies to install correctly. Manual Setup ============ @@ -54,15 +56,7 @@ Host Configuration Access the host via SSH. -Install package dependencies. - -On Rocky: - -.. parsed-literal:: - - sudo dnf install -y python3-virtualenv - -On Ubuntu: +Install package dependencies when on Ubuntu: .. parsed-literal:: @@ -104,6 +98,18 @@ Add initial network configuration: sudo ip l set dummy1 up sudo ip l set dummy1 master breth1 +Configuration +============= + +If using Ironic: + +.. parsed-literal:: + + cd src/kayobe-config + cat << EOF > etc/kayobe/aio.yml + kolla_enable_ironic: true + EOF + Installation ------------ @@ -140,6 +146,13 @@ Finally, deploy the overcloud services. The control plane should now be running. +If using Ironic, run overcloud post configuration: + +.. parsed-literal:: + + source ~/src/kayobe-config/etc/kolla/public-openrc.sh + kayobe overcloud post configure + Testing ------- @@ -147,5 +160,58 @@ Run a smoke test: .. parsed-literal:: - cd ~/kayobe + cd ~/src/kayobe ./dev/overcloud-test-vm.sh + +Ironic +------ + +For a control plane with Ironic enabled, a "bare metal" instance can be +deployed. We can use the Tenks project to create fake bare metal nodes. + +Clone the tenks repository: + +.. parsed-literal:: + + cd ~/src/kayobe + git clone https://opendev.org/openstack/tenks.git + +Optionally, edit the Tenks configuration file, +``~/src/kayobe/dev/tenks-deploy-config-compute.yml``. + +Run the ``dev/tenks-deploy-compute.sh`` script to deploy Tenks: + +.. parsed-literal:: + + cd ~/src/kayobe + export KAYOBE_CONFIG_SOURCE_PATH=~/src/kayobe-config + export KAYOBE_VENV_PATH=~/venvs/kayobe + ./dev/tenks-deploy-compute.sh ./tenks/ + +Check that Tenks has created VMs called tk0 and tk1: + +.. parsed-literal:: + + sudo virsh list --all + +Verify that VirtualBMC is running: + +.. parsed-literal:: + + ~/tenks-venv/bin/vbmc list + +We are now ready to run the ``dev/overcloud-test-baremetal.sh`` script. This +will run the ``init-runonce`` setup script provided by Kolla Ansible that +registers images, networks, flavors etc. It will then deploy a bare metal +server instance, and delete it once it becomes active: + +.. parsed-literal:: + + ./dev/overcloud-test-baremetal.sh + +The machines and networking created by Tenks can be cleaned up via +``dev/tenks-teardown-compute.sh``: + +.. parsed-literal:: + + ./dev/tenks-teardown-compute.sh ./tenks diff --git a/doc/source/contributor/environments/ci-builder.rst b/doc/source/contributor/environments/ci-builder.rst index 5e264f2e0..bc4c373d6 100644 --- a/doc/source/contributor/environments/ci-builder.rst +++ b/doc/source/contributor/environments/ci-builder.rst @@ -6,6 +6,12 @@ The ``ci-builder`` Kayobe environment is used to build Kolla container images. Images are built using package repositories in the StackHPC development Pulp service, and pushed there once built. +.. warning:: + + This guide was written for the Yoga release and has not been validated for + Zed. Proceed with caution. + + Prerequisites ============= diff --git a/doc/source/contributor/environments/ci-multinode.rst b/doc/source/contributor/environments/ci-multinode.rst index 051cdc75b..f7ffdffc8 100644 --- a/doc/source/contributor/environments/ci-multinode.rst +++ b/doc/source/contributor/environments/ci-multinode.rst @@ -4,7 +4,10 @@ Multinode Test Environment .. warning:: - The initial setup guide here is designed for the Yoga release of OpenStack. Proceed with caution. + This guide was written for the Yoga release and has not been validated for + Zed. Proceed with caution. + + Set up hosts ============ @@ -68,7 +71,7 @@ is not enabled by default. To enable it, set the following in .. code-block:: yaml kolla_enable_manila: true - kolla_enable_manila_backend_cephfs: true + kolla_enable_manila_backend_cephfs_native: true And re-run ``kayobe overcloud service deploy`` if you are working on an existing deployment. diff --git a/doc/source/operations/hotfix-playbook.rst b/doc/source/operations/hotfix-playbook.rst new file mode 100644 index 000000000..ee4d9df01 --- /dev/null +++ b/doc/source/operations/hotfix-playbook.rst @@ -0,0 +1,70 @@ +=============== +Hotfix Playbook +=============== + +Using the Container Hotfix Playbook +=================================== + +The StackHPC Kayobe configuration contains a playbook called +``hotfix-containers.yml`` which can be used to execute commands on, and copy +files into, a given set of containers. + +This playbook will first copy across any hotfix files, and then run the +hotfix command. If either of these are not specified, the corresponding step +will be skipped. + +This playbook is designed for use in high-severity hotfixes ONLY and should not +be used for regular operations. + +The playbook can be invoked with: + +.. code-block:: console + + kayobe playbook run ${KAYOBE_CONFIG_PATH}/ansible/hotfix-containers.yml + +Playbook variables: +------------------- + +* ``container_hotfix_command``: A command to run on each of the target + containers. Default is an empty string. + +* ``container_hotfix_files``: A list of files to copy into each target + container. Consists of a list of dicts with keys ``src`` and ``dest`` + (required), and ``mode`` (optional - default 400). Default is an empty list. + +* ``container_hotfix_container_regex``: Regex to match container names against. + Must match the entire name e.g. "nova" or "nova*" will result in only + matching a single container called "nova". To properly match every container + starting with "nova", the regex must be "nova.*" Default is an empty string. + +* ``container_hotfix_restart_containers``: Whether to restart containers after + applying the hotfix. Default is False. + +* ``container_hotfix_become``: Create files and exec as root in the target + containers. Default is False. + + +It is strongly recommended that you write your container_hotfix_* variables +to a file, then add them as an extra var. e.g: + +.. code-block:: console + + kayobe playbook run ${KAYOBE_CONFIG_PATH}/ansible/hotfix-containers.yml -e "@~/vars.yml" + + +Example Variables file +---------------------- + +.. code-block:: yaml + + --- + container_hotfix_command: "/tmp/quick-fix.sh" + container_hotfix_files: + - src: "~/quick-fix.sh" + dest: "/tmp/quick-fix.sh" + mode: "700" + - src: "/home/stackhpc/new_nova_conf.conf" + dest: "/etc/nova/nova.conf" + container_hotfix_container_regex: "nova.*" + container_hotfix_restart_containers: True + container_hotfix_become: True diff --git a/doc/source/operations/index.rst b/doc/source/operations/index.rst index 4967e8e3b..ffc571cb6 100644 --- a/doc/source/operations/index.rst +++ b/doc/source/operations/index.rst @@ -9,3 +9,4 @@ This guide is for operators of the StackHPC Kayobe configuration project. rabbitmq octavia + hotfix-playbook diff --git a/etc/kayobe/ansible/hotfix-containers.yml b/etc/kayobe/ansible/hotfix-containers.yml new file mode 100644 index 000000000..b6a811801 --- /dev/null +++ b/etc/kayobe/ansible/hotfix-containers.yml @@ -0,0 +1,70 @@ +--- +# NOTE: This playbook is designed for use in high-severity hotfixes ONLY. +# If you're considering using this for regular operations, please consider +# developing a more suitable solution instead. +# +# See https://stackhpc-kayobe-config.readthedocs.io/en/stackhpc-yoga/operations/hotfix-containers.html +# for more information. + +- name: Hotfix containers + hosts: overcloud + tags: + - hotfix-containers + vars: + container_hotfix_command: "" + container_hotfix_files: [] + container_hotfix_container_regex: "" + container_hotfix_restart_containers: False + container_hotfix_become: False + tasks: + - name: Ensure inputs are valid + fail: + msg: "Invalid input. Container list cannot be empty. Either container_hotfix_command or container_hotfix_files must be populated." + when: + - container_hotfix_container_regex == "" or + container_hotfix_command == "" and container_hotfix_files == [] + + - name: Get list of containers to hotfix + command: '{{ kolla_container_engine | default("docker")}} ps --format {% raw %}"{{.Names}}"{% endraw %}' + register: host_containers + + - name: Set fact for containers list + set_fact: + containers_list: host_containers.stdout + + - name: Fail if no containers match given regex + vars: + hotfix_containers: "{{ containers_list | split('\n') | regex_search(container_hotfix_container_regex) }}" + fail: + msg: "No containers matched. Please check your regex. Containers running on host: {{ host_containers | split('\n') }}" + when: hotfix_containers == "" + + - name: Ensure hotfix-files directory exists on the remote host + ansible.builtin.file: + path: /tmp/hotfix-files + state: directory + + - name: Ensure container hotfix file(s) exist on host + ansible.builtin.copy: + src: "{{ item.src }}" + dest: "/tmp/hotfix-files/{{ index }}" + loop: "{{ container_hotfix_files }}" + loop_control: + index_var: index + when: container_hotfix_files != [] + + - name: Apply hotfix + include_tasks: run-container-hotfix.yml + loop: "{{ containers_list | regex_findall(container_hotfix_container_regex, multiline=True) | list | unique }}" + loop_control: + loop_var: hotfix_container + + - name: Cleanup temporary files + ansible.builtin.file: + path: /tmp/hotfix-files + state: absent + + - name: Restart containers if requested + command: "{{ kolla_container_engine | default('docker')}} restart {{ item }}" + loop: "{{ containers_list | regex_findall(container_hotfix_container_regex, multiline=True) | list | unique }}" + when: container_hotfix_restart_containers diff --git a/etc/kayobe/ansible/requirements.yml b/etc/kayobe/ansible/requirements.yml index 78c231974..e54069d90 100644 --- a/etc/kayobe/ansible/requirements.yml +++ b/etc/kayobe/ansible/requirements.yml @@ -1,11 +1,11 @@ --- collections: - name: stackhpc.cephadm - version: 1.13.1 + version: 1.14.0 - name: stackhpc.pulp version: 0.4.1 - name: stackhpc.hashicorp - version: 2.3.0 + version: 2.4.0 roles: - src: stackhpc.vxlan - name: ansible-lockdown.rhel8_cis diff --git a/etc/kayobe/ansible/run-container-hotfix.yml b/etc/kayobe/ansible/run-container-hotfix.yml new file mode 100644 index 000000000..582ade5da --- /dev/null +++ b/etc/kayobe/ansible/run-container-hotfix.yml @@ -0,0 +1,22 @@ +--- +- block: + - name: Ensure any required directories exist in container(s) + command: "{{ kolla_container_engine | default('docker') }} exec {{ '-u 0' if container_hotfix_become else '' }} {{ hotfix_container }} mkdir -p {{ item.dest | dirname }}" + loop: "{{ container_hotfix_files }}" + + - name: Copy file into container(s) + command: "{{ kolla_container_engine | default('docker') }} cp /tmp/hotfix-files/{{ index }} {{ hotfix_container }}:{{ item.dest }}" + loop: "{{ container_hotfix_files }}" + loop_control: + index_var: index + + - name: Set mode for copied files + command: "{{ kolla_container_engine | default('docker') }} exec {{ '-u 0' if container_hotfix_become else '' }} {{ hotfix_container }} chmod {{ item.mode | default('400') }} {{ item.dest }}" + loop: "{{ container_hotfix_files }}" + loop_control: + index_var: index + + when: container_hotfix_files != [] + +- name: Run container_hotfix_command + command: "{{ kolla_container_engine | default('docker')}} exec {{ '-u 0' if container_hotfix_become else '' }} {{ hotfix_container }} {{ container_hotfix_command }}" diff --git a/etc/kayobe/ansible/vault-deploy-overcloud.yml b/etc/kayobe/ansible/vault-deploy-overcloud.yml index be9e7dba5..3e20725ad 100644 --- a/etc/kayobe/ansible/vault-deploy-overcloud.yml +++ b/etc/kayobe/ansible/vault-deploy-overcloud.yml @@ -60,10 +60,15 @@ - import_role: name: stackhpc.hashicorp.vault vars: + hashicorp_registry_url: "{{ overcloud_hashicorp_registry_url }}" + hashicorp_registry_username: "{{ overcloud_hashicorp_registry_username }}" + hashicorp_registry_password: "{{ overcloud_hashicorp_registry_password }}" + consul_docker_image: "{{ overcloud_consul_docker_image }}" consul_docker_tag: "{{ overcloud_consul_docker_tag }}" vault_config_dir: "/opt/kayobe/vault" vault_cluster_name: "overcloud" vault_ca_cert: "{{ '/etc/pki/tls/certs/ca-bundle.crt' if ansible_facts.os_family == 'RedHat' else '/usr/local/share/ca-certificates/OS-TLS-ROOT.crt' }}" + vault_docker_image: "{{ overcloud_vault_docker_image }}" vault_docker_tag: "{{ overcloud_vault_docker_tag }}" vault_tls_cert: "{% if kolla_internal_fqdn != kolla_internal_vip_address %}{{ kolla_internal_fqdn }}{% else %}overcloud{% endif %}.crt" vault_tls_key: "{% if kolla_internal_fqdn != kolla_internal_vip_address %}{{ kolla_internal_fqdn }}{% else %}overcloud{% endif %}.key" diff --git a/etc/kayobe/ansible/vault-deploy-seed.yml b/etc/kayobe/ansible/vault-deploy-seed.yml index 6d084f757..e0918d421 100644 --- a/etc/kayobe/ansible/vault-deploy-seed.yml +++ b/etc/kayobe/ansible/vault-deploy-seed.yml @@ -16,9 +16,11 @@ - not ansible_python_interpreter.startswith('/bin/') - not ansible_python_interpreter.startswith('/usr/bin/') - - name: Ensure Python hvac module is installed + - name: Ensure Python PyYAML and hvac modules are installed pip: - name: hvac + name: + - PyYAML + - hvac state: latest extra_args: "{% if pip_upper_constraints_file %}-c {{ pip_upper_constraints_file }}{% endif %}" virtualenv: "{{ virtualenv is defined | ternary(virtualenv, omit) }}" @@ -34,9 +36,14 @@ - import_role: name: stackhpc.hashicorp.vault vars: + hashicorp_registry_url: "{{ seed_hashicorp_registry_url }}" + hashicorp_registry_username: "{{ seed_hashicorp_registry_username }}" + hashicorp_registry_password: "{{ seed_hashicorp_registry_password }}" + consul_docker_image: "{{ seed_consul_docker_image }}" consul_docker_tag: "{{ seed_consul_docker_tag }}" vault_config_dir: "/opt/kayobe/vault" vault_cluster_name: "seed" + vault_docker_image: "{{ seed_vault_docker_image }}" vault_docker_tag: "{{ seed_vault_docker_tag }}" vault_write_keys_file: true vault_write_keys_file_path: "{{ kayobe_env_config_path }}/vault/seed-vault-keys.json" diff --git a/etc/kayobe/ansible/vault-generate-backend-tls.yml b/etc/kayobe/ansible/vault-generate-backend-tls.yml index 0f11fc6dc..fec20d157 100644 --- a/etc/kayobe/ansible/vault-generate-backend-tls.yml +++ b/etc/kayobe/ansible/vault-generate-backend-tls.yml @@ -1,10 +1,42 @@ --- +# Required for uri module to work with self-signed certificates and for systems to trust +# the self-signed CA +- name: Install CA on controllers + hosts: controllers + tasks: + - name: Copy the intermediate CA + copy: + src: "{{ kayobe_env_config_path }}/vault/OS-TLS-ROOT.pem" + dest: "{{ '/etc/pki/ca-trust/source/anchors/OS-TLS-ROOT.crt' if ansible_facts.os_family == 'RedHat' else '/usr/local/share/ca-certificates/OS-TLS-ROOT.crt' }}" + mode: 0644 + become: true + + - name: update system CA + become: true + shell: "{{ 'update-ca-trust' if ansible_facts.os_family == 'RedHat' else 'update-ca-certificates' }}" + - name: Generate backend API certificates hosts: controllers vars: vault_api_addr: "https://{{ kolla_internal_fqdn }}:8200" vault_intermediate_ca_name: "OS-TLS-INT" tasks: + - name: Set a fact about the virtualenv on the remote system + set_fact: + virtualenv: "{{ ansible_python_interpreter | dirname | dirname }}" + when: + - ansible_python_interpreter is defined + - not ansible_python_interpreter.startswith('/bin/') + - not ansible_python_interpreter.startswith('/usr/bin/') + + - name: Ensure Python hvac module is installed + pip: + name: hvac + state: latest + extra_args: "{% if pip_upper_constraints_file %}-c {{ pip_upper_constraints_file }}{% endif %}" + virtualenv: "{{ virtualenv is defined | ternary(virtualenv, omit) }}" + become: "{{ virtualenv is not defined }}" + - name: Include Vault keys include_vars: file: "{{ kayobe_env_config_path }}/vault/overcloud-vault-keys.json" diff --git a/etc/kayobe/apt.yml b/etc/kayobe/apt.yml index 11d579444..984e33cd5 100644 --- a/etc/kayobe/apt.yml +++ b/etc/kayobe/apt.yml @@ -62,7 +62,6 @@ stackhpc_apt_repositories: signed_by: docker.asc architecture: amd64 -# Disable pulp apt repos on Ubuntu Jammy until they are published. apt_repositories: "{{ stackhpc_apt_repositories }}" # Whether to disable repositories in /etc/apt/sources.list. This may be used diff --git a/etc/kayobe/cephadm.yml b/etc/kayobe/cephadm.yml index cad2bce94..7a3d2c7a7 100644 --- a/etc/kayobe/cephadm.yml +++ b/etc/kayobe/cephadm.yml @@ -17,6 +17,18 @@ cephadm_image_tag: "{{ 'v17.2.6' }}" # Ceph custom repo workaround for Ubuntu Jammy as there are no official ceph repos for jammy. cephadm_custom_repos: "{{ ansible_facts['distribution_release'] == 'jammy' }}" +# HAProxy container image. +cephadm_haproxy_image: "{{ stackhpc_docker_registry if stackhpc_sync_ceph_images | bool else 'quay.io' }}/ceph/haproxy:{{ cephadm_haproxy_image_tag }}" + +# HAProxy container image tag. +cephadm_haproxy_image_tag: "2.3" + +# Keepalived container image. +cephadm_keepalived_image: "{{ stackhpc_docker_registry if stackhpc_sync_ceph_images | bool else 'quay.io' }}/ceph/keepalived:{{ cephadm_keepalived_image_tag }}" + +# Keepalived container image tag. +cephadm_keepalived_image_tag: "2.1.5" + # Ceph container image registry URL. cephadm_registry_url: "{{ stackhpc_docker_registry }}" diff --git a/etc/kayobe/environments/aufn-ceph/globals.yml b/etc/kayobe/environments/aufn-ceph/globals.yml index 2eb8232c6..5ef9e0cb4 100644 --- a/etc/kayobe/environments/aufn-ceph/globals.yml +++ b/etc/kayobe/environments/aufn-ceph/globals.yml @@ -4,10 +4,12 @@ ############################################################################### # OS distribution. -# OS distribution name. Valid options are "centos", "ubuntu". Default is -# "centos". +# OS distribution name. Valid options are "rocky", "ubuntu". Default is +# "rocky". os_distribution: "{{ lookup('pipe', '. /etc/os-release && echo $ID') | trim }}" -# OS release. Valid options are "8-stream" when os_distribution is "centos", or -# "focal" when os_distribution is "ubuntu". -#os_release: +# OS release. Valid options are "9" when os_distribution is "rocky", or +# "jammy" when os_distribution is "ubuntu". +os_release: >- + {{ (lookup('pipe', '. /etc/os-release && echo $VERSION_CODENAME') | trim) if os_distribution == 'ubuntu' else + (lookup('pipe', '. /etc/os-release && echo $VERSION_ID') | trim | split('.') | first) if os_distribution == 'rocky' }} diff --git a/etc/kayobe/environments/aufn-ceph/kolla/config/bifrost/bifrost.yml b/etc/kayobe/environments/aufn-ceph/kolla/config/bifrost/bifrost.yml index fe11e919f..df8dc9d60 100644 --- a/etc/kayobe/environments/aufn-ceph/kolla/config/bifrost/bifrost.yml +++ b/etc/kayobe/environments/aufn-ceph/kolla/config/bifrost/bifrost.yml @@ -4,12 +4,10 @@ create_ipa_image: false download_ipa: true -# Use a locally hosted CentOS8 cloud image. +# Use a locally hosted cloud image. use_cirros: true {% if os_distribution == 'ubuntu' %} -cirros_deploy_image_upstream_url: "https://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.img" -{% elif os_distribution == 'rocky' and os_release == '9' %} -cirros_deploy_image_upstream_url: "https://dl.rockylinux.org/pub/rocky/9/images/x86_64/Rocky-9-GenericCloud.latest.x86_64.qcow2" +cirros_deploy_image_upstream_url: "https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64.img" {% else %} -cirros_deploy_image_upstream_url: "https://cloud.centos.org/centos/8-stream/x86_64/images/CentOS-Stream-GenericCloud-8-20220913.0.x86_64.qcow2" +cirros_deploy_image_upstream_url: "https://dl.rockylinux.org/pub/rocky/9/images/x86_64/Rocky-9-GenericCloud.latest.x86_64.qcow2" {% endif %} diff --git a/etc/kayobe/environments/ci-aio/automated-setup.sh b/etc/kayobe/environments/ci-aio/automated-setup.sh index 6ee2515da..63194a555 100644 --- a/etc/kayobe/environments/ci-aio/automated-setup.sh +++ b/etc/kayobe/environments/ci-aio/automated-setup.sh @@ -6,9 +6,14 @@ cat << EOF | sudo tee -a /etc/hosts 10.205.3.187 pulp-server pulp-server.internal.sms-cloud EOF +if [ sudo vgdisplay | grep -q lvm2 ]; then + sudo lvextend -L 4G /dev/rootvg/lv_home -r || true + sudo lvextend -L 4G /dev/rootvg/lv_tmp -r || true +fi + BASE_PATH=~ -KAYOBE_BRANCH=stackhpc/yoga -KAYOBE_CONFIG_BRANCH=stackhpc/yoga +KAYOBE_BRANCH=stackhpc/zed +KAYOBE_CONFIG_BRANCH=stackhpc/zed if [[ ! -f $BASE_PATH/vault-pw ]]; then echo "Vault password file not found at $BASE_PATH/vault-pw" @@ -16,10 +21,10 @@ if [[ ! -f $BASE_PATH/vault-pw ]]; then fi if type dnf; then - sudo dnf -y install git python3-virtualenv + sudo dnf -y install git else sudo apt update - sudo apt -y install gcc git libffi-dev python3-dev python-is-python3 python3-virtualenv + sudo apt -y install gcc git libffi-dev python3-dev python-is-python3 fi cd $BASE_PATH @@ -32,7 +37,7 @@ popd mkdir -p venvs pushd venvs if [[ ! -d kayobe ]]; then - virtualenv kayobe + python3 -m venv kayobe fi # NOTE: Virtualenv's activate and deactivate scripts reference an # unbound variable. @@ -62,6 +67,8 @@ source kayobe-env --environment ci-aio kayobe control host bootstrap +kayobe playbook run etc/kayobe/ansible/growroot.yml + kayobe overcloud host configure kayobe overcloud service deploy diff --git a/etc/kayobe/environments/ci-aio/globals.yml b/etc/kayobe/environments/ci-aio/globals.yml index c7183b431..edd2b87df 100644 --- a/etc/kayobe/environments/ci-aio/globals.yml +++ b/etc/kayobe/environments/ci-aio/globals.yml @@ -45,13 +45,15 @@ ############################################################################### # OS distribution. -# OS distribution name. Valid options are "centos", "ubuntu". Default is -# "centos". +# OS distribution name. Valid options are "rocky", "ubuntu". Default is +# "rocky". os_distribution: "{{ lookup('pipe', '. /etc/os-release && echo $ID') | trim }}" -# OS release. Valid options are "8-stream" when os_distribution is "centos", or -# "focal" when os_distribution is "ubuntu". -#os_release: +# OS release. Valid options are "9" when os_distribution is "rocky", or +# "jammy" when os_distribution is "ubuntu". +os_release: >- + {{ (lookup('pipe', '. /etc/os-release && echo $VERSION_CODENAME') | trim) if os_distribution == 'ubuntu' else + (lookup('pipe', '. /etc/os-release && echo $VERSION_ID') | trim | split('.') | first) if os_distribution == 'rocky' }} ############################################################################### diff --git a/etc/kayobe/environments/ci-aio/stackhpc-ci.yml b/etc/kayobe/environments/ci-aio/stackhpc-ci.yml index f74c83348..ec5a82578 100644 --- a/etc/kayobe/environments/ci-aio/stackhpc-ci.yml +++ b/etc/kayobe/environments/ci-aio/stackhpc-ci.yml @@ -45,7 +45,6 @@ stackhpc_repo_rocky_9_appstream_version: "{{ stackhpc_pulp_repo_rocky_9_appstrea stackhpc_repo_rocky_9_extras_version: "{{ stackhpc_pulp_repo_rocky_9_extras_version }}" stackhpc_repo_rocky_9_crb_version: "{{ stackhpc_pulp_repo_rocky_9_crb_version }}" stackhpc_repo_rocky_9_highavailability_version: "{{ stackhpc_pulp_repo_rocky_9_highavailability_version }}" -stackhpc_pulp_repo_rocky_9_minor_version: 1 # Rocky-and-CI-specific Pulp urls stackhpc_include_os_minor_version_in_repo_url: true @@ -63,10 +62,3 @@ stackhpc_docker_registry_password: !vault | 38333133393730633666613965653364316162353337313330346164303631313731646461363461 3963323635373866630a633533376339363734626664333765313665623662613764363038383735 38646138376438643533376161376634653439386230353365316239613430363338 - -# Overcloud host image tags -stackhpc_centos_8-stream_overcloud_host_image_version: "yoga-20230525T095243" -stackhpc_rocky_8_overcloud_host_image_version: "yoga-20230629T135322" -stackhpc_rocky_9_overcloud_host_image_version: "yoga-20230515T145140" -stackhpc_ubuntu_focal_overcloud_host_image_version: "yoga-20230609T120720" -stackhpc_ubuntu_jammy_overcloud_host_image_version: "yoga-20230609T120720" diff --git a/etc/kayobe/environments/ci-builder/globals.yml b/etc/kayobe/environments/ci-builder/globals.yml index 847485593..8240da331 100644 --- a/etc/kayobe/environments/ci-builder/globals.yml +++ b/etc/kayobe/environments/ci-builder/globals.yml @@ -4,8 +4,8 @@ ############################################################################### # OS distribution. -# OS distribution name. Valid options are "centos", "ubuntu". Default is -# "centos". +# OS distribution name. Valid options are "rocky", "ubuntu". Default is +# "rocky". os_distribution: "{{ lookup('pipe', '. /etc/os-release && echo $ID') | trim }}" ############################################################################### diff --git a/etc/kayobe/environments/ci-multinode/globals.yml b/etc/kayobe/environments/ci-multinode/globals.yml index 26acaa9d7..86bd11302 100644 --- a/etc/kayobe/environments/ci-multinode/globals.yml +++ b/etc/kayobe/environments/ci-multinode/globals.yml @@ -45,16 +45,15 @@ ############################################################################### # OS distribution. -# OS distribution name. Valid options are "centos", "ubuntu". Default is -# "centos". +# OS distribution name. Valid options are "rocky", "ubuntu". Default is +# "rocky". os_distribution: "{{ lookup('pipe', '. /etc/os-release && echo $ID') | trim }}" -# OS release. Valid options are "8-stream" when os_distribution is "centos", or -# "focal" when os_distribution is "ubuntu". +# OS release. Valid options are "9" when os_distribution is "rocky", or +# "jammy" when os_distribution is "ubuntu". os_release: >- {{ (lookup('pipe', '. /etc/os-release && echo $VERSION_CODENAME') | trim) if os_distribution == 'ubuntu' else - (lookup('pipe', '. /etc/os-release && echo $VERSION_ID') | trim | split('.') | first) if os_distribution == 'rocky' else - 'stream-8' }} + (lookup('pipe', '. /etc/os-release && echo $VERSION_ID') | trim | split('.') | first) if os_distribution == 'rocky' }} ############################################################################### # Hashicorp vault, Barbican, and TLS configuration diff --git a/etc/kayobe/environments/ci-multinode/kolla.yml b/etc/kayobe/environments/ci-multinode/kolla.yml index 6da2119c1..58576bd13 100644 --- a/etc/kayobe/environments/ci-multinode/kolla.yml +++ b/etc/kayobe/environments/ci-multinode/kolla.yml @@ -5,6 +5,8 @@ kolla_enable_neutron_provider_networks: true kolla_enable_ovn: true kolla_enable_octavia: true kolla_enable_magnum: true +kolla_enable_designate: true +kolla_enable_redis: true kolla_enable_barbican: true # The multinode environment supports Backend and internal TLS , but it must be @@ -16,3 +18,9 @@ kolla_enable_barbican: true # The multinode environment supports Manila but it is not enabled by default. # kolla_enable_manila: true # kolla_enable_manila_backend_cephfs_native: true + +kolla_internal_vip_address: "192.168.37.2" +kolla_internal_fqdn: "internal.infra.mos.{{ root_domain | default('example.com') }}" + +kolla_external_vip_address: "192.168.39.2" +kolla_external_fqdn: "public.infra.mos.{{ root_domain | default('example.com') }}" diff --git a/etc/kayobe/environments/ci-multinode/kolla/globals-tls-config.yml b/etc/kayobe/environments/ci-multinode/kolla/globals-tls-config.yml index 4d8971415..ba92218d6 100644 --- a/etc/kayobe/environments/ci-multinode/kolla/globals-tls-config.yml +++ b/etc/kayobe/environments/ci-multinode/kolla/globals-tls-config.yml @@ -6,7 +6,7 @@ # Copy the self-signed CA into the kolla containers kolla_copy_ca_into_containers: "yes" # Use the following trust store within the container -openstack_cacert: "{{ '/etc/pki/tls/certs/ca-bundle.crt' if os_distribution in ['centos', 'rocky'] else '/etc/ssl/certs/ca-certificates.crt' }}" +openstack_cacert: "{{ '/etc/pki/tls/certs/ca-bundle.crt' if os_distribution == 'rocky' else '/etc/ssl/certs/ca-certificates.crt' }}" # Backend TLS config # Enable backend TLS diff --git a/etc/kayobe/environments/ci-multinode/kolla/globals.yml b/etc/kayobe/environments/ci-multinode/kolla/globals.yml index 624f6f038..f2dacb5d7 100644 --- a/etc/kayobe/environments/ci-multinode/kolla/globals.yml +++ b/etc/kayobe/environments/ci-multinode/kolla/globals.yml @@ -25,3 +25,12 @@ octavia_provider_agents: "ovn" # Manila CephFS configuration manila_cephfs_filesystem_name: manila-cephfs + +# Designate configuration +designate_ns_record: + - "ns1.mos.{{ root_domain | default('example.com') }}" + - "ns2.mos.{{ root_domain | default('example.com') }}" + - "ns3.mos.{{ root_domain | default('example.com') }}" +designate_backend: "bind9" +designate_recursion: "yes" +designate_forwarders_addresses: "1.1.1.1; 8.8.8.8" diff --git a/etc/kayobe/environments/ci-multinode/networks.yml b/etc/kayobe/environments/ci-multinode/networks.yml index 9454591b2..ca7c4daaf 100644 --- a/etc/kayobe/environments/ci-multinode/networks.yml +++ b/etc/kayobe/environments/ci-multinode/networks.yml @@ -76,7 +76,6 @@ internal_cidr: 192.168.37.0/24 internal_mtu: "{{ ansible_facts.default_ipv4.mtu - 50 }}" internal_allocation_pool_start: 192.168.37.3 internal_allocation_pool_end: 192.168.37.254 -internal_vip_address: 192.168.37.2 internal_vlan: 101 # External network @@ -91,7 +90,6 @@ public_cidr: 192.168.39.0/24 public_mtu: "{{ ansible_facts.default_ipv4.mtu - 50 }}" public_allocation_pool_start: 192.168.39.3 public_allocation_pool_end: 192.168.39.254 -public_vip_address: 192.168.39.2 public_vlan: 103 # Tunnel network diff --git a/etc/kayobe/environments/ci-multinode/secrets.yml b/etc/kayobe/environments/ci-multinode/secrets.yml new file mode 100644 index 000000000..a7d000d75 --- /dev/null +++ b/etc/kayobe/environments/ci-multinode/secrets.yml @@ -0,0 +1,10 @@ +$ANSIBLE_VAULT;1.1;AES256 +30353135383132343937393531323366626130373332363130633032613061396466663165343963 +3138333863363665613361656237616163653332626436370a373364303561366463373365616563 +35353233393366303363376265646563636432343636623237643538653339343961616334396435 +6135653035613939640a396164373032353161623339333834653034353037663132393863396439 +63343336363537303163313762313637386662366565313933623231356133643730373435336133 +37616635646633316634636436313132666464376438646264663765386663323237333837623039 +62353237656561316231353166363132316235316331646438613234663730616239303932636436 +34613638636531366231316365653232356137363561376237353638313730626230643534393161 +6166 diff --git a/etc/kayobe/inventory/group_vars/all/vault b/etc/kayobe/inventory/group_vars/all/vault index c64deb14f..3f004baff 100644 --- a/etc/kayobe/inventory/group_vars/all/vault +++ b/etc/kayobe/inventory/group_vars/all/vault @@ -1,11 +1,22 @@ ############################################################################### # Hashicorp Vault deployment configuration. +# Registry information for seed. +seed_hashicorp_registry_url: "{{ stackhpc_docker_registry if stackhpc_sync_hashicorp_images | bool else '' }}" +seed_hashicorp_registry_username: "{{ stackhpc_docker_registry_username if stackhpc_sync_hashicorp_images | bool else '' }}" +seed_hashicorp_registry_password: "{{ stackhpc_docker_registry_password if stackhpc_sync_hashicorp_images | bool else '' }}" + +# Seed Consul container image. +seed_consul_docker_image: "{{ stackhpc_docker_registry ~ '/' if stackhpc_sync_hashicorp_images | bool else '' }}hashicorp/consul" + # Seed Consul container image tag. -seed_consul_docker_tag: "1.16" +seed_consul_docker_tag: "1.16.1" + +# Seed Vault container image. +seed_vault_docker_image: "{{ stackhpc_docker_registry ~ '/' if stackhpc_sync_hashicorp_images | bool else '' }}hashicorp/vault" # Seed Vault container image tag. -seed_vault_docker_tag: "1.14" +seed_vault_docker_tag: "1.14.1" # Seed Vault PKI Role name seed_vault_pki_role_name: "ServerCert" @@ -27,11 +38,22 @@ seed_vault_pki_roles: organization: ["StackHPC"] ou: ["OpenStack"] +# Registry information for overcloud. +overcloud_hashicorp_registry_url: "{{ stackhpc_docker_registry if stackhpc_sync_hashicorp_images | bool else '' }}" +overcloud_hashicorp_registry_username: "{{ stackhpc_docker_registry_username if stackhpc_sync_hashicorp_images | bool else '' }}" +overcloud_hashicorp_registry_password: "{{ stackhpc_docker_registry_password if stackhpc_sync_hashicorp_images | bool else '' }}" + +# Overcloud Consul container image. +overcloud_consul_docker_image: "{{ stackhpc_docker_registry ~ '/' if stackhpc_sync_hashicorp_images | bool else '' }}hashicorp/consul" + # Overcloud Consul container image tag. -overcloud_consul_docker_tag: "1.16" +overcloud_consul_docker_tag: "1.16.1" + +# Overcloud Vault container image. +overcloud_vault_docker_image: "{{ stackhpc_docker_registry ~ '/' if stackhpc_sync_hashicorp_images | bool else '' }}hashicorp/vault" # Overcloud Vault container image tag. -overcloud_vault_docker_tag: "1.14" +overcloud_vault_docker_tag: "1.14.1" # Overcloud Vault PKI Default Role name overcloud_vault_pki_default_role_name: "ServerCert" diff --git a/etc/kayobe/kolla/config/bifrost.yml b/etc/kayobe/kolla/config/bifrost.yml new file mode 100644 index 000000000..d4b585b6a --- /dev/null +++ b/etc/kayobe/kolla/config/bifrost.yml @@ -0,0 +1,7 @@ +# yamllint disable-file +--- +# Use prebuilt release train images from Ark. +{% if stackhpc_download_overcloud_host_images | bool %} +use_cirros: true +cirros_deploy_image_upstream_url: "{{ stackhpc_overcloud_host_image_url }}" +{% endif %} diff --git a/etc/kayobe/kolla/config/grafana/dashboards/ceph/ceph_overview.json b/etc/kayobe/kolla/config/grafana/dashboards/ceph/ceph_overview.json index c329878a8..e041d8ff0 100644 --- a/etc/kayobe/kolla/config/grafana/dashboards/ceph/ceph_overview.json +++ b/etc/kayobe/kolla/config/grafana/dashboards/ceph/ceph_overview.json @@ -1000,7 +1000,7 @@ } ], "thresholds": "250,300", - "title": "Agerage PGs per OSD", + "title": "Average PGs per OSD", "type": "singlestat", "valueFontSize": "80%", "valueMaps": [ diff --git a/etc/kayobe/kolla/config/grafana/dashboards/openstack/node_exporter_full.json b/etc/kayobe/kolla/config/grafana/dashboards/openstack/node_exporter_full.json index 66d630b8d..f336c0adb 100644 --- a/etc/kayobe/kolla/config/grafana/dashboards/openstack/node_exporter_full.json +++ b/etc/kayobe/kolla/config/grafana/dashboards/openstack/node_exporter_full.json @@ -11417,7 +11417,7 @@ "format": "time_series", "interval": "", "intervalFactor": 2, - "legendFormat": "TCP_tw - Sockets wating close", + "legendFormat": "TCP_tw - Sockets waiting close", "refId": "E", "step": 240 } diff --git a/etc/kayobe/kolla/config/grafana/dashboards/openstack/redfish.json b/etc/kayobe/kolla/config/grafana/dashboards/openstack/redfish.json index b3f68ac97..8712368db 100644 --- a/etc/kayobe/kolla/config/grafana/dashboards/openstack/redfish.json +++ b/etc/kayobe/kolla/config/grafana/dashboards/openstack/redfish.json @@ -2407,7 +2407,7 @@ ], "timeFrom": null, "timeShift": null, - "title": "Power comsumption", + "title": "Power consumption", "type": "gauge" }, { @@ -3774,7 +3774,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "Power comsumption", + "title": "Power consumption", "tooltip": { "shared": true, "sort": 0, diff --git a/etc/kayobe/overcloud-dib.yml b/etc/kayobe/overcloud-dib.yml index a0ab5d914..9631c3981 100644 --- a/etc/kayobe/overcloud-dib.yml +++ b/etc/kayobe/overcloud-dib.yml @@ -8,7 +8,7 @@ # Bifrost. Setting it to true disables Bifrost image build and allows images to # be built with the `kayobe overcloud host image build` command. Default value # is true. -#overcloud_dib_build_host_images: +overcloud_dib_build_host_images: "{{ not stackhpc_download_overcloud_host_images | bool }}" # List of additional build host packages to install. Default is an empty list. overcloud_dib_host_packages_extra: diff --git a/etc/kayobe/pulp-host-image-versions.yml b/etc/kayobe/pulp-host-image-versions.yml new file mode 100644 index 000000000..aa4082005 --- /dev/null +++ b/etc/kayobe/pulp-host-image-versions.yml @@ -0,0 +1,5 @@ +--- +# Overcloud host image versioning tags +# These images must be in SMS, since they are used by our AIO CI runners +stackhpc_rocky_9_overcloud_host_image_version: "yoga-20230515T145140" +stackhpc_ubuntu_jammy_overcloud_host_image_version: "yoga-20230609T120720" diff --git a/etc/kayobe/pulp.yml b/etc/kayobe/pulp.yml index d3a9b2dce..d20038ed4 100644 --- a/etc/kayobe/pulp.yml +++ b/etc/kayobe/pulp.yml @@ -32,8 +32,14 @@ pulp_proxy_url: "{{ omit }}" ############################################################################### # StackHPC Pulp server +# The scheme of the StackHPC Pulp service (http or https) +stackhpc_release_pulp_scheme: "https" + +# The domain of the StackHPC Pulp service. +stackhpc_release_pulp_domain: "ark.stackhpc.com" + # Base URL of the StackHPC Pulp service. -stackhpc_release_pulp_url: "https://ark.stackhpc.com" +stackhpc_release_pulp_url: "{{ stackhpc_release_pulp_scheme }}://{{ stackhpc_release_pulp_domain }}" # Credentials used to access the StackHPC Pulp service. stackhpc_release_pulp_username: @@ -42,6 +48,11 @@ stackhpc_release_pulp_password: # Content URL of the StackHPC Pulp service. stackhpc_release_pulp_content_url: "{{ stackhpc_release_pulp_url }}/pulp/content" +# Content URL of the StackHPC Pulp service, with basic auth. +# NOTE(Alex-Welsh): This may need reworking if it reveals the credentials +# at runtime in the ansible output +stackhpc_release_pulp_content_url_with_auth: "{{ stackhpc_release_pulp_scheme }}://{{ stackhpc_release_pulp_username }}:{{ stackhpc_release_pulp_password }}@{{ stackhpc_release_pulp_domain }}/pulp/content" + # Sync all repositories required for building Kolla images from the # StackHPC Ark Pulp service to local Pulp. # NOTE: Only RPM repositories are supported. @@ -53,68 +64,54 @@ stackhpc_pulp_sync_for_local_container_build: false # Whether to sync Ubuntu packages. stackhpc_pulp_sync_ubuntu_jammy: "{{ os_distribution == 'ubuntu' }}" -stackhpc_pulp_repository_deb_repos: +# Default configuration, which each element of stackhpc_pulp_deb_repos +# is combined with +stackhpc_pulp_deb_repos_default_config: + remote_username: "{{ stackhpc_release_pulp_username }}" + remote_password: "{{ stackhpc_release_pulp_password }}" + client_cert: "" + client_key: "" + policy: on_demand + proxy_url: "{{ pulp_proxy_url }}" + architectures: amd64 + mirror: true + state: present + +# Deb repositories +stackhpc_pulp_deb_repos: # Base Ubuntu Jammy repositories - - name: Ubuntu jammy + - name: "Ubuntu jammy" url: "{{ stackhpc_release_pulp_content_url }}/ubuntu/jammy/{{ stackhpc_pulp_repo_ubuntu_jammy_version }}" - remote_username: "{{ stackhpc_release_pulp_username }}" - remote_password: "{{ stackhpc_release_pulp_password }}" - client_cert: "" - client_key: "" - policy: on_demand - proxy_url: "{{ pulp_proxy_url }}" - architectures: amd64 - components: main restricted universe multiverse - distributions: jammy jammy-updates jammy-backports - mirror: true - state: present + distribution_name: "ubuntu-jammy-" + base_path: "ubuntu/jammy/" + components: "main restricted universe multiverse" + distributions: "jammy jammy-updates jammy-backports" required: "{{ stackhpc_pulp_sync_ubuntu_jammy | bool }}" - - name: Ubuntu jammy security + - name: "Ubuntu jammy security" url: "{{ stackhpc_release_pulp_content_url }}/ubuntu/jammy-security/{{ stackhpc_pulp_repo_ubuntu_jammy_security_version }}" - remote_username: "{{ stackhpc_release_pulp_username }}" - remote_password: "{{ stackhpc_release_pulp_password }}" - client_cert: "" - client_key: "" - policy: on_demand - proxy_url: "{{ pulp_proxy_url }}" - architectures: amd64 - components: main restricted universe multiverse - distributions: jammy-security - mirror: true - state: present + distribution_name: "ubuntu-jammy-security-" + base_path: "ubuntu/jammy-security/" + components: "main restricted universe multiverse" + distributions: "jammy-security" required: "{{ stackhpc_pulp_sync_ubuntu_jammy | bool }}" # Ubuntu Cloud Archive (UCA) repositories - - name: Ubuntu Cloud Archive + - name: "Ubuntu Cloud Archive" url: "{{ stackhpc_release_pulp_content_url }}/ubuntu-cloud-archive/{{ stackhpc_pulp_repo_ubuntu_cloud_archive_version }}" - remote_username: "{{ stackhpc_release_pulp_username }}" - remote_password: "{{ stackhpc_release_pulp_password }}" - client_cert: "" - client_key: "" - policy: on_demand - proxy_url: "{{ pulp_proxy_url }}" - architectures: amd64 - components: main + distribution_name: "ubuntu-cloud-archive-" + base_path: "ubuntu-cloud-archive/" + components: "main" distributions: "jammy-updates/{{ openstack_release }}" - mirror: true - state: present required: "{{ stackhpc_pulp_sync_ubuntu_jammy | bool }}" # Third-party repositories - - name: Docker CE for Ubuntu + - name: "Docker CE for Ubuntu" url: "{{ stackhpc_release_pulp_content_url }}/docker-ce/ubuntu/{{ stackhpc_pulp_repo_docker_ce_ubuntu_version }}" - remote_username: "{{ stackhpc_release_pulp_username }}" - remote_password: "{{ stackhpc_release_pulp_password }}" - client_cert: "" - client_key: "" - policy: on_demand - proxy_url: "{{ pulp_proxy_url }}" - architectures: amd64 - distributions: jammy - components: stable - mirror: true - state: present + distribution_name: "docker-ce-for-ubuntu-" + base_path: "docker-ce/ubuntu/" + distributions: "jammy" + components: "stable" required: "{{ stackhpc_pulp_sync_ubuntu_jammy | bool }}" # Publication format is a subset of distribution. @@ -123,69 +120,74 @@ stackhpc_pulp_publication_deb_development: "{{ stackhpc_pulp_distribution_deb_de # Content is made available at well-known distribution names for development, # production. -# Development tracks the release repositories. -stackhpc_pulp_distribution_deb_development: - # Base Ubuntu Jammy repositories - - name: "ubuntu-jammy-development" - repository: Ubuntu jammy - base_path: "ubuntu/jammy/development" - mode: verbatim - state: present - required: "{{ stackhpc_pulp_sync_ubuntu_jammy | bool }}" - - name: "ubuntu-jammy-security-development" - repository: Ubuntu jammy security - base_path: "ubuntu/jammy-security/development" - mode: verbatim - state: present - required: "{{ stackhpc_pulp_sync_ubuntu_jammy | bool }}" +stackhpc_pulp_repository_deb_repos: >- + {%- set deb_repos = [] -%} + {%- for repo in stackhpc_pulp_deb_repos -%} + {%- set deb_repo = {"name": repo.name} -%} + {%- set deb_repo = deb_repo | combine({"url": repo.url}) -%} + {%- set deb_repo = deb_repo | combine({"required": repo.required}) -%} + {%- if "policy" in repo -%} + {%- set deb_repo = deb_repo | combine({"policy": repo.policy}) -%} + {%- endif -%} + {%- if "mirror" in repo -%} + {%- set deb_repo = deb_repo | combine({"mirror": repo.mirror}) -%} + {%- endif -%} + {%- if "distributions" in repo -%} + {%- set deb_repo = deb_repo | combine({"distributions": repo.distributions}) -%} + {%- endif -%} + {%- if "components" in repo -%} + {%- set deb_repo = deb_repo | combine({"components": repo.components}) -%} + {%- endif -%} + {%- if "architectures" in repo -%} + {%- set deb_repo = deb_repo | combine({"architectures": repo.architectures}) -%} + {%- endif -%} + {%- set _ = deb_repos.append(stackhpc_pulp_deb_repos_default_config | combine(deb_repo)) -%} + {%- endfor -%} + {{ deb_repos }} - # Ubuntu Cloud Archive (UCA) repositories - - name: "ubuntu-cloud-archive-development" - repository: Ubuntu Cloud Archive - base_path: "ubuntu-cloud-archive/development" - mode: verbatim - state: present - required: "{{ stackhpc_pulp_sync_ubuntu_jammy | bool }}" +stackhpc_pulp_deb_dists_default_config: + state: present + mode: verbatim - # Third-party repositories - - name: "docker-ce-for-ubuntu-development" - repository: Docker CE for Ubuntu - base_path: "docker-ce/ubuntu/development" - mode: verbatim - state: present - required: "{{ stackhpc_pulp_sync_ubuntu_jammy | bool }}" +# Development tracks the release repositories. +stackhpc_pulp_distribution_deb_development: >- + {%- set dev_dists = [] -%} + {%- for repo in stackhpc_pulp_deb_repos -%} + {%- set name = repo.distribution_name ~ 'development' -%} + {%- set base_path = repo.base_path ~ 'development' -%} + {%- set dev_dist = { + "name": name, + "repository": repo.name, + "base_path": base_path, + "required": repo.required + } + -%} + {%- if "mode" in repo -%} + {%- set dev_dist = dev_dist | combine({"mode": repo.mode}) -%} + {%- endif -%} + {%- set _ = dev_dists.append(stackhpc_pulp_deb_dists_default_config | combine(dev_dist)) -%} + {%- endfor -%} + {{ dev_dists }} # Development gets promoted to production. -stackhpc_pulp_distribution_deb_production: - # Base Ubuntu Jammy repositories - - name: "ubuntu-jammy-production" - repository: Ubuntu jammy - base_path: "ubuntu/jammy/production" - mode: verbatim - state: present - required: "{{ stackhpc_pulp_sync_ubuntu_jammy | bool }}" - - name: "ubuntu-jammy-security-production" - repository: Ubuntu jammy security - base_path: "ubuntu/jammy-security/production" - mode: verbatim - state: present - required: "{{ stackhpc_pulp_sync_ubuntu_jammy | bool }}" - - # Ubuntu Cloud Archive (UCA) repositories - - name: "ubuntu-cloud-archive-production" - repository: Ubuntu Cloud Archive - base_path: "ubuntu-cloud-archive/production" - mode: verbatim - state: present - required: "{{ stackhpc_pulp_sync_ubuntu_jammy | bool }}" - - # Third-party repositories - - name: "docker-ce-for-ubuntu-production" - repository: Docker CE for Ubuntu - base_path: "docker-ce/ubuntu/production" - mode: verbatim - state: present - required: "{{ stackhpc_pulp_sync_ubuntu_jammy | bool }}" +stackhpc_pulp_distribution_deb_production: >- + {%- set prod_dists = [] -%} + {%- for repo in stackhpc_pulp_deb_repos -%} + {%- set name = repo.distribution_name ~ 'production' -%} + {%- set base_path = repo.base_path ~ 'production' -%} + {%- set prod_dist = { + "name": name, + "distribution": repo.distribution_name ~ 'development', + "base_path": base_path, + "required": repo.required + } + -%} + {%- if "mode" in repo -%} + {%- set prod_dist = prod_dist | combine({"mode": repo.mode}) -%} + {%- endif -%} + {%- set _ = prod_dists.append(stackhpc_pulp_deb_dists_default_config | combine(prod_dist)) -%} + {%- endfor -%} + {{ prod_dists }} ############################################################################### # RPMs @@ -207,194 +209,157 @@ stackhpc_pulp_repo_rocky_9_highavailability_version: "{{ lookup('vars', 'stackhp # Whether to sync packages common to all RHEL 9 derivatives. stackhpc_pulp_sync_el_9: "{{ stackhpc_pulp_sync_rocky_9 | bool }}" -stackhpc_pulp_repository_rpm_repos: +# Default configuration, which each element of stackhpc_pulp_rpm_repos +# is combined with +stackhpc_pulp_rpm_repos_default_config: + remote_username: "{{ stackhpc_release_pulp_username }}" + remote_password: "{{ stackhpc_release_pulp_password }}" + client_cert: "" + client_key: "" + policy: on_demand + proxy_url: "{{ pulp_proxy_url }}" + sync_policy: mirror_complete + state: present + +stackhpc_pulp_rpm_repos: # Grafana and RabbitMQ repositories - version 8/9 agnositic - name: Grafana url: "{{ stackhpc_release_pulp_content_url }}/grafana/oss/rpm/{{ stackhpc_pulp_repo_grafana_version }}" - remote_username: "{{ stackhpc_release_pulp_username }}" - remote_password: "{{ stackhpc_release_pulp_password }}" - client_cert: "" - client_key: "" - policy: on_demand - proxy_url: "{{ pulp_proxy_url }}" - sync_policy: mirror_complete - state: present + distribution_name: "grafana-" + base_path: "grafana/oss/rpm/" required: "{{ stackhpc_pulp_sync_for_local_container_build | bool and stackhpc_pulp_sync_el_9 | bool }}" + - name: RabbitMQ - Erlang url: "{{ stackhpc_release_pulp_content_url }}/rabbitmq/erlang/el/8/x86_64/{{ stackhpc_pulp_repo_rabbitmq_erlang_version }}" - remote_username: "{{ stackhpc_release_pulp_username }}" - remote_password: "{{ stackhpc_release_pulp_password }}" - client_cert: "" - client_key: "" - policy: on_demand - proxy_url: "{{ pulp_proxy_url }}" - sync_policy: mirror_complete - state: present + distribution_name: "rabbitmq-erlang-" + base_path: "rabbitmq/erlang/el/8/x86_64/" required: "{{ stackhpc_pulp_sync_for_local_container_build | bool and stackhpc_pulp_sync_el_9 | bool }}" + - name: RabbitMQ - Server url: "{{ stackhpc_release_pulp_content_url }}/rabbitmq/rabbitmq-server/el/8/x86_64/{{ stackhpc_pulp_repo_rabbitmq_server_version }}" - remote_username: "{{ stackhpc_release_pulp_username }}" - remote_password: "{{ stackhpc_release_pulp_password }}" - client_cert: "" - client_key: "" - policy: on_demand - proxy_url: "{{ pulp_proxy_url }}" - sync_policy: mirror_complete - state: present + distribution_name: "rabbitmq-server-" + base_path: "rabbitmq/rabbitmq-server/el/8/x86_64/" required: "{{ stackhpc_pulp_sync_for_local_container_build | bool and stackhpc_pulp_sync_el_9 | bool }}" # Base Rocky 9 repositories - name: Rocky Linux 9 - AppStream url: "{{ stackhpc_release_pulp_content_url }}/rocky/9.{{ stackhpc_pulp_repo_rocky_9_minor_version }}/AppStream/x86_64/os/{{ stackhpc_pulp_repo_rocky_9_appstream_version }}" - remote_username: "{{ stackhpc_release_pulp_username }}" - remote_password: "{{ stackhpc_release_pulp_password }}" - policy: on_demand - proxy_url: "{{ pulp_proxy_url }}" - sync_policy: mirror_complete - state: present + distribution_name: "rocky-9-appstream-" + base_path: "rocky/9/AppStream/x86_64/os/" required: "{{ stackhpc_pulp_sync_rocky_9 | bool }}" + - name: Rocky Linux 9 - BaseOS url: "{{ stackhpc_release_pulp_content_url }}/rocky/9.{{ stackhpc_pulp_repo_rocky_9_minor_version }}/BaseOS/x86_64/os/{{ stackhpc_pulp_repo_rocky_9_baseos_version }}" - remote_username: "{{ stackhpc_release_pulp_username }}" - remote_password: "{{ stackhpc_release_pulp_password }}" - policy: on_demand - proxy_url: "{{ pulp_proxy_url }}" - sync_policy: mirror_complete - state: present + distribution_name: "rocky-9-baseos-" + base_path: "rocky/9/BaseOS/x86_64/os/" required: "{{ stackhpc_pulp_sync_rocky_9 | bool }}" + - name: Rocky Linux 9 - Extras url: "{{ stackhpc_release_pulp_content_url }}/rocky/9.{{ stackhpc_pulp_repo_rocky_9_minor_version }}/extras/x86_64/os/{{ stackhpc_pulp_repo_rocky_9_extras_version }}" - remote_username: "{{ stackhpc_release_pulp_username }}" - remote_password: "{{ stackhpc_release_pulp_password }}" - policy: on_demand - proxy_url: "{{ pulp_proxy_url }}" - sync_policy: mirror_complete - state: present + distribution_name: "rocky-9-extras-" + base_path: "rocky/9/extras/x86_64/os/" required: "{{ stackhpc_pulp_sync_rocky_9 | bool }}" + - name: Rocky Linux 9 - CRB url: "{{ stackhpc_release_pulp_content_url }}/rocky/9.{{ stackhpc_pulp_repo_rocky_9_minor_version }}/CRB/x86_64/os/{{ stackhpc_pulp_repo_rocky_9_crb_version }}" - remote_username: "{{ stackhpc_release_pulp_username }}" - remote_password: "{{ stackhpc_release_pulp_password }}" - policy: on_demand - proxy_url: "{{ pulp_proxy_url }}" - sync_policy: mirror_complete - state: present + distribution_name: "rocky-9-crb-" + base_path: "rocky/9/CRB/x86_64/os/" required: "{{ stackhpc_pulp_sync_rocky_9 | bool }}" + - name: Rocky Linux 9 - HighAvailability url: "{{ stackhpc_release_pulp_content_url }}/rocky/9.{{ stackhpc_pulp_repo_rocky_9_minor_version }}/highavailability/x86_64/os/{{ stackhpc_pulp_repo_rocky_9_highavailability_version }}" - remote_username: "{{ stackhpc_release_pulp_username }}" - remote_password: "{{ stackhpc_release_pulp_password }}" - policy: on_demand - proxy_url: "{{ pulp_proxy_url }}" - sync_policy: mirror_complete - state: present + distribution_name: "rocky-9-highavailability-" + base_path: "rocky/9/highavailability/x86_64/os/" required: "{{ stackhpc_pulp_sync_rocky_9 | bool }}" # Additional CentOS Stream 9 repositories - name: CentOS Stream 9 - NFV OpenvSwitch url: "{{ stackhpc_release_pulp_content_url }}/centos/9-stream/nfv/x86_64/openvswitch-2/{{ stackhpc_pulp_repo_centos_stream_9_nfv_openvswitch_version }}" - remote_username: "{{ stackhpc_release_pulp_username }}" - remote_password: "{{ stackhpc_release_pulp_password }}" - policy: on_demand - proxy_url: "{{ pulp_proxy_url }}" - sync_policy: mirror_complete - state: present + distribution_name: "centos-stream-9-nfv-openvswitch-" + base_path: "centos/9-stream/nfv/x86_64/openvswitch-2/" required: "{{ stackhpc_pulp_sync_for_local_container_build | bool and stackhpc_pulp_sync_el_9 | bool }}" + + - name: CentOS Stream 9 - OpenStack Zed url: "{{ stackhpc_release_pulp_content_url }}/centos/9-stream/cloud/x86_64/openstack-zed/{{ stackhpc_pulp_repo_centos_stream_9_openstack_zed_version }}" - remote_username: "{{ stackhpc_release_pulp_username }}" - remote_password: "{{ stackhpc_release_pulp_password }}" - client_cert: "" - client_key: "" - policy: on_demand - proxy_url: "{{ pulp_proxy_url }}" - sync_policy: mirror_complete - state: present + distribution_name: "centos-stream-9-openstack-zed-" + base_path: "centos/9-stream/cloud/x86_64/openstack-zed/" required: "{{ stackhpc_pulp_sync_for_local_container_build | bool and stackhpc_pulp_sync_el_9 | bool }}" + - name: CentOS 9 - OpsTools - collectd url: "{{ stackhpc_release_pulp_content_url }}/centos/9-stream/opstools/x86_64/collectd-5/{{ stackhpc_pulp_repo_centos_stream_9_opstools_version }}" - remote_username: "{{ stackhpc_release_pulp_username }}" - remote_password: "{{ stackhpc_release_pulp_password }}" - policy: on_demand - proxy_url: "{{ pulp_proxy_url }}" - sync_policy: mirror_complete - state: present + distribution_name: "centos-9-opstools-collectd-" + base_path: "centos/9-stream/opstools/x86_64/collectd-5/" required: "{{ stackhpc_pulp_sync_for_local_container_build | bool and stackhpc_pulp_sync_el_9 | bool }}" + - name: CentOS Stream 9 - Ceph Quincy url: "{{ stackhpc_release_pulp_content_url }}/centos/9-stream/storage/x86_64/ceph-quincy/{{ stackhpc_pulp_repo_centos_stream_9_storage_ceph_quincy_version }}" - remote_username: "{{ stackhpc_release_pulp_username }}" - remote_password: "{{ stackhpc_release_pulp_password }}" - policy: on_demand - proxy_url: "{{ pulp_proxy_url }}" - sync_policy: mirror_complete - state: present + distribution_name: "centos-stream-9-ceph-quincy-" + base_path: "centos/9-stream/storage/x86_64/ceph-quincy/" required: "{{ stackhpc_pulp_sync_for_local_container_build | bool and stackhpc_pulp_sync_el_9 | bool }}" + + # EPEL 9 repository - name: Extra Packages for Enterprise Linux 9 - x86_64 url: "{{ stackhpc_release_pulp_content_url }}/epel/9/Everything/x86_64/{{ stackhpc_pulp_repo_epel_9_version }}" - remote_username: "{{ stackhpc_release_pulp_username }}" - remote_password: "{{ stackhpc_release_pulp_password }}" - policy: on_demand - proxy_url: "{{ pulp_proxy_url }}" + distribution_name: "extra-packages-for-enterprise-linux-9-x86_64-" + base_path: "epel/9/Everything/x86_64/" sync_policy: mirror_content_only - state: present required: "{{ stackhpc_pulp_sync_el_9 | bool }}" + + # Third-party repositories - name: Docker CE for CentOS 9 url: "{{ stackhpc_release_pulp_content_url }}/docker-ce/centos/9/x86_64/stable/{{ stackhpc_pulp_repo_centos_stream_9_docker_version }}" - remote_username: "{{ stackhpc_release_pulp_username }}" - remote_password: "{{ stackhpc_release_pulp_password }}" - policy: on_demand - proxy_url: "{{ pulp_proxy_url }}" - sync_policy: mirror_complete - state: present + distribution_name: "docker-ce-for-centos-9-" + base_path: "docker-ce/centos/9/x86_64/stable/" required: "{{ stackhpc_pulp_sync_el_9 | bool }}" # Additional RHEL 9 repositories - name: TreasureData 4 for RHEL 9 url: "{{ stackhpc_release_pulp_content_url }}/treasuredata/4/redhat/9/x86_64/{{ stackhpc_pulp_repo_rhel_9_treasuredata_4_version }}" - remote_username: "{{ stackhpc_release_pulp_username }}" - remote_password: "{{ stackhpc_release_pulp_password }}" - policy: on_demand - proxy_url: "{{ pulp_proxy_url }}" - sync_policy: mirror_complete - state: present + distribution_name: "rhel-9-treasuredata-4-" + base_path: "treasuredata/4/redhat/9/x86_64/" required: "{{ stackhpc_pulp_sync_for_local_container_build | bool and stackhpc_pulp_sync_el_9 | bool }}" + - name: MariaDB 10.6 for RHEL 9 url: "{{ stackhpc_release_pulp_content_url }}/mariadb-10.6/yum/rhel/9/x86_64/{{ stackhpc_pulp_repo_rhel_9_mariadb_10_6_version }}" - remote_username: "{{ stackhpc_release_pulp_username }}" - remote_password: "{{ stackhpc_release_pulp_password }}" - policy: on_demand - proxy_url: "{{ pulp_proxy_url }}" - sync_policy: mirror_complete - state: present + distribution_name: "rhel-9-mariadb-10-6-" + base_path: "mariadb-10.6/yum/rhel/9/x86_64/" required: "{{ stackhpc_pulp_sync_for_local_container_build | bool and stackhpc_pulp_sync_el_9 | bool }}" + - name: InfluxDB for RHEL 9 url: "{{ stackhpc_release_pulp_content_url }}/influxdb/rhel/9/x86_64/stable/{{ stackhpc_pulp_repo_rhel_9_influxdb_version }}" - remote_username: "{{ stackhpc_release_pulp_username }}" - remote_password: "{{ stackhpc_release_pulp_password }}" - policy: on_demand - proxy_url: "{{ pulp_proxy_url }}" - sync_policy: mirror_complete - state: present + distribution_name: "rhel-9-influxdb-" + base_path: "influxdb/rhel/9/x86_64/stable/" required: "{{ stackhpc_pulp_sync_for_local_container_build | bool and stackhpc_pulp_sync_el_9 | bool }}" + - name: OpenSearch 2.x url: "{{ stackhpc_release_pulp_content_url }}/opensearch/2.x/yum/{{ stackhpc_pulp_repo_opensearch_2_x_version }}" - remote_username: "{{ stackhpc_release_pulp_username }}" - remote_password: "{{ stackhpc_release_pulp_password }}" - policy: on_demand - proxy_url: "{{ pulp_proxy_url }}" - sync_policy: mirror_complete - state: present + distribution_name: "opensearch-2-x-" + base_path: "opensearch/2.x/yum/" required: "{{ stackhpc_pulp_sync_for_local_container_build | bool and stackhpc_pulp_sync_el_9 | bool }}" + - name: OpenSearch Dashboards 2.x url: "{{ stackhpc_release_pulp_content_url }}/opensearch-dashboards/2.x/yum/{{ stackhpc_pulp_repo_opensearch_dashboards_2_x_version }}" - remote_username: "{{ stackhpc_release_pulp_username }}" - remote_password: "{{ stackhpc_release_pulp_password }}" - policy: on_demand - proxy_url: "{{ pulp_proxy_url }}" - sync_policy: mirror_complete - state: present - required: "{{ stackhpc_pulp_sync_for_local_container_build | bool and stackhpc_pulp_sync_el_9 | bool }}" - + distribution_name: "opensearch-dashboards-2-x-" + base_path: "opensearch-dashboards/2.x/yum/" + required: "{{ stackhpc_pulp_sync_for_local_container_build | bool and stackhpc_pulp_sync_el_9 | bool }}" + +# RPM repositories +stackhpc_pulp_repository_rpm_repos: >- + {%- set rpm_repos = [] -%} + {%- for repo in stackhpc_pulp_rpm_repos -%} + {%- set rpm_repo = {"name": repo.name} -%} + {%- set rpm_repo = rpm_repo | combine({"url": repo.url}) -%} + {%- set rpm_repo = rpm_repo | combine({"required": repo.required}) -%} + {%- if "policy" in repo -%} + {%- set rpm_repo = rpm_repo | combine({"policy": repo.policy}) -%} + {%- endif -%} + {%- if "sync_policy" in repo -%} + {%- set rpm_repo = rpm_repo | combine({"sync_policy": repo.sync_policy}) -%} + {%- endif -%} + {%- set _ = rpm_repos.append(stackhpc_pulp_rpm_repos_default_config | combine(rpm_repo)) -%} + {%- endfor -%} + {{ rpm_repos }} # Publication format is a subset of distribution. stackhpc_pulp_publication_rpm_development: "{{ stackhpc_pulp_distribution_rpm_development }}" @@ -402,216 +367,42 @@ stackhpc_pulp_publication_rpm_development: "{{ stackhpc_pulp_distribution_rpm_de # Content is made available at well-known distribution names for development, # production. -# Development tracks the release repositories. -stackhpc_pulp_distribution_rpm_development: - # Grafana and RabbitMQ repositories - version 8/9 agnositic - - name: "grafana-development" - base_path: "grafana/oss/rpm/development" - repository: Grafana - state: present - required: "{{ stackhpc_pulp_sync_for_local_container_build | bool and stackhpc_pulp_sync_el_9 | bool }}" - - name: "rabbitmq-erlang-development" - base_path: "rabbitmq/erlang/el/8/x86_64/development" - repository: RabbitMQ - Erlang - state: present - required: "{{ stackhpc_pulp_sync_for_local_container_build | bool and stackhpc_pulp_sync_el_9 | bool }}" - - name: "rabbitmq-server-development" - base_path: "rabbitmq/rabbitmq-server/el/8/x86_64/development" - repository: RabbitMQ - Server - state: present - required: "{{ stackhpc_pulp_sync_for_local_container_build | bool and stackhpc_pulp_sync_el_9 | bool }}" - - # Base Rocky Linux 9 repositories - - name: "rocky-9-appstream-development" - repository: Rocky Linux 9 - AppStream - base_path: "rocky/9/AppStream/x86_64/os/development" - state: present - required: "{{ stackhpc_pulp_sync_rocky_9 | bool }}" - - name: "rocky-9-baseos-development" - repository: Rocky Linux 9 - BaseOS - base_path: "rocky/9/BaseOS/x86_64/os/development" - state: present - required: "{{ stackhpc_pulp_sync_rocky_9 | bool }}" - - name: "rocky-9-extras-development" - repository: Rocky Linux 9 - Extras - base_path: "rocky/9/extras/x86_64/os/development" - state: present - required: "{{ stackhpc_pulp_sync_rocky_9 | bool }}" - - name: "rocky-9-crb-development" - repository: Rocky Linux 9 - CRB - base_path: "rocky/9/CRB/x86_64/os/development" - state: present - required: "{{ stackhpc_pulp_sync_rocky_9 | bool }}" - - name: "rocky-9-highavailability-development" - repository: Rocky Linux 9 - HighAvailability - base_path: "rocky/9/highavailability/x86_64/os/development" - state: present - required: "{{ stackhpc_pulp_sync_rocky_9 | bool }}" - - # Additional CentOS Stream 9 repositories - - name: "centos-stream-9-nfv-openvswitch-development" - base_path: "centos/9-stream/nfv/x86_64/openvswitch-2/development" - repository: CentOS Stream 9 - NFV OpenvSwitch - state: present - required: "{{ stackhpc_pulp_sync_for_local_container_build | bool and stackhpc_pulp_sync_el_9 | bool }}" - - name: "centos-stream-9-openstack-zed-development" - base_path: "centos/9-stream/cloud/x86_64/openstack-zed/development" - repository: CentOS Stream 9 - OpenStack Zed - state: present - required: "{{ stackhpc_pulp_sync_for_local_container_build | bool and stackhpc_pulp_sync_el_9 | bool }}" - - name: "centos-9-opstools-collectd-development" - base_path: "centos/9-stream/opstools/x86_64/collectd-5/development" - repository: CentOS 9 - OpsTools - collectd - state: present - required: "{{ stackhpc_pulp_sync_for_local_container_build | bool and stackhpc_pulp_sync_el_9 | bool }}" - - name: "centos-stream-9-ceph-quincy-development" - base_path: "centos/9-stream/storage/x86_64/ceph-quincy/development" - repository: CentOS Stream 9 - Ceph Quincy - state: present - required: "{{ stackhpc_pulp_sync_for_local_container_build | bool and stackhpc_pulp_sync_el_9 | bool }}" - - name: "extra-packages-for-enterprise-linux-9-x86_64-development" - repository: Extra Packages for Enterprise Linux 9 - x86_64 - base_path: "epel/9/Everything/x86_64/development" - state: present - required: "{{ stackhpc_pulp_sync_el_9 | bool }}" - - name: "docker-ce-for-centos-9-development" - repository: Docker CE for CentOS 9 - base_path: "docker-ce/centos/9/x86_64/stable/development" - state: present - required: "{{ stackhpc_pulp_sync_el_9 | bool }}" - - # Additional RHEL 9 repositories - - name: "rhel-9-treasuredata-4-development" - base_path: "treasuredata/4/redhat/9/x86_64/development" - repository: TreasureData 4 for RHEL 9 - state: present - required: "{{ stackhpc_pulp_sync_for_local_container_build | bool and stackhpc_pulp_sync_el_9 | bool }}" - - name: "rhel-9-mariadb-10-6-development" - base_path: "mariadb-10.6/yum/rhel/9/x86_64/development" - repository: MariaDB 10.6 for RHEL 9 - state: present - required: "{{ stackhpc_pulp_sync_for_local_container_build | bool and stackhpc_pulp_sync_el_9 | bool }}" - - name: "rhel-9-influxdb-development" - base_path: "influxdb/rhel/9/x86_64/stable/development" - repository: InfluxDB for RHEL 9 - state: present - required: "{{ stackhpc_pulp_sync_for_local_container_build | bool and stackhpc_pulp_sync_el_9 | bool }}" - - name: "opensearch-2-x-development" - base_path: "opensearch/2.x/yum/development" - repository: OpenSearch 2.x - state: present - required: "{{ stackhpc_pulp_sync_for_local_container_build | bool and stackhpc_pulp_sync_el_9 | bool }}" - - name: "opensearch-dashboards-2-x-development" - base_path: "opensearch-dashboards/2.x/yum/development" - repository: OpenSearch Dashboards 2.x - state: present - required: "{{ stackhpc_pulp_sync_for_local_container_build | bool and stackhpc_pulp_sync_el_9 | bool }}" +stackhpc_pulp_rpm_dists_default_config: + state: present +# Development tracks the release repositories. +stackhpc_pulp_distribution_rpm_development: >- + {%- set dev_dists = [] -%} + {%- for repo in stackhpc_pulp_rpm_repos -%} + {%- set name = repo.distribution_name ~ 'development' -%} + {%- set base_path = repo.base_path ~ 'development' -%} + {%- set dev_dist = { + "name": name, + "repository": repo.name, + "base_path": base_path, + "required": repo.required + } + -%} + {%- set _ = dev_dists.append(stackhpc_pulp_rpm_dists_default_config | combine(dev_dist)) -%} + {%- endfor -%} + {{ dev_dists }} # Development gets promoted to production. -stackhpc_pulp_distribution_rpm_production: - # Grafana and RabbitMQ repositories - version 8/9 agnositic - - name: "grafana-production" - base_path: "grafana/oss/rpm/production" - repository: Grafana - state: present - required: "{{ stackhpc_pulp_sync_for_local_container_build | bool and stackhpc_pulp_sync_el_9 | bool }}" - - name: "rabbitmq-erlang-production" - base_path: "rabbitmq/erlang/el/8/x86_64/production" - repository: RabbitMQ - Erlang - state: present - required: "{{ stackhpc_pulp_sync_for_local_container_build | bool and stackhpc_pulp_sync_el_9 | bool }}" - - name: "rabbitmq-server-production" - base_path: "rabbitmq/rabbitmq-server/el/8/x86_64/production" - repository: RabbitMQ - Server - state: present - required: "{{ stackhpc_pulp_sync_for_local_container_build | bool and stackhpc_pulp_sync_el_9 | bool }}" - - # Base Rocky Linux 9 repositories - - name: "rocky-9-appstream-production" - repository: Rocky Linux 9 - AppStream - base_path: "rocky/9/AppStream/x86_64/os/production" - state: present - required: "{{ stackhpc_pulp_sync_rocky_9 | bool }}" - - name: "rocky-9-baseos-production" - repository: Rocky Linux 9 - BaseOS - base_path: "rocky/9/BaseOS/x86_64/os/production" - state: present - required: "{{ stackhpc_pulp_sync_rocky_9 | bool }}" - - name: "rocky-9-extras-production" - repository: Rocky Linux 9 - Extras - base_path: "rocky/9/extras/x86_64/os/production" - state: present - required: "{{ stackhpc_pulp_sync_rocky_9 | bool }}" - - name: "rocky-9-crb-production" - repository: Rocky Linux 9 - CRB - base_path: "rocky/9/CRB/x86_64/os/production" - state: present - required: "{{ stackhpc_pulp_sync_rocky_9 | bool }}" - - name: "rocky-9-highavailability-production" - repository: Rocky Linux 9 - HighAvailability - base_path: "rocky/9/highavailability/x86_64/os/production" - state: present - required: "{{ stackhpc_pulp_sync_rocky_9 | bool }}" - - # Additional CentOS Stream 9 repositories - - name: "centos-stream-9-nfv-openvswitch-production" - base_path: "centos/9-stream/nfv/x86_64/openvswitch-2/production" - repository: CentOS Stream 9 - NFV OpenvSwitch - state: present - required: "{{ stackhpc_pulp_sync_for_local_container_build | bool and stackhpc_pulp_sync_el_9 | bool }}" - - name: "centos-stream-9-openstack-zed-production" - base_path: "centos/9-stream/cloud/x86_64/openstack-zed/production" - repository: CentOS Stream 9 - OpenStack Zed - state: present - required: "{{ stackhpc_pulp_sync_for_local_container_build | bool and stackhpc_pulp_sync_el_9 | bool }}" - - name: "centos-9-opstools-collectd-production" - base_path: "centos/9-stream/opstools/x86_64/collectd-5/production" - repository: CentOS 9 - OpsTools - collectd - state: present - required: "{{ stackhpc_pulp_sync_for_local_container_build | bool and stackhpc_pulp_sync_el_9 | bool }}" - - name: "centos-stream-9-ceph-quincy-production" - base_path: "centos/9-stream/storage/x86_64/ceph-quincy/production" - repository: CentOS Stream 9 - Ceph Quincy - state: present - required: "{{ stackhpc_pulp_sync_for_local_container_build | bool and stackhpc_pulp_sync_el_9 | bool }}" - - name: "extra-packages-for-enterprise-linux-9-x86_64-production" - repository: Extra Packages for Enterprise Linux 9 - x86_64 - base_path: "epel/9/Everything/x86_64/production" - state: present - required: "{{ stackhpc_pulp_sync_el_9 | bool }}" - - name: "docker-ce-for-centos-9-production" - repository: Docker CE for CentOS 9 - base_path: "docker-ce/centos/9/x86_64/stable/production" - state: present - required: "{{ stackhpc_pulp_sync_el_9 | bool }}" - - # Additional RHEL 9 repositories - - name: "rhel-9-treasuredata-4-production" - base_path: "treasuredata/4/redhat/9/x86_64/production" - repository: TreasureData 4 for RHEL 9 - state: present - required: "{{ stackhpc_pulp_sync_for_local_container_build | bool and stackhpc_pulp_sync_el_9 | bool }}" - - name: "rhel-9-mariadb-10-6-production" - base_path: "mariadb-10.6/yum/rhel/9/x86_64/production" - repository: MariaDB 10.6 for RHEL 9 - state: present - required: "{{ stackhpc_pulp_sync_for_local_container_build | bool and stackhpc_pulp_sync_el_9 | bool }}" - - name: "rhel-9-influxdb-production" - base_path: "influxdb/rhel/9/x86_64/stable/production" - repository: InfluxDB for RHEL 9 - state: present - required: "{{ stackhpc_pulp_sync_for_local_container_build | bool and stackhpc_pulp_sync_el_9 | bool }}" - - name: "opensearch-2-x-production" - base_path: "opensearch/2.x/yum/production" - repository: OpenSearch 2.x - state: present - required: "{{ stackhpc_pulp_sync_for_local_container_build | bool and stackhpc_pulp_sync_el_9 | bool }}" - - name: "opensearch-dashboards-2-x-production" - base_path: "opensearch-dashboards/2.x/yum/production" - repository: OpenSearch Dashboards 2.x - state: present - required: "{{ stackhpc_pulp_sync_for_local_container_build | bool and stackhpc_pulp_sync_el_9 | bool }}" +stackhpc_pulp_distribution_rpm_production: >- + {%- set prod_dists = [] -%} + {%- for repo in stackhpc_pulp_rpm_repos -%} + {%- set name = repo.distribution_name ~ 'production' -%} + {%- set base_path = repo.base_path ~ 'production' -%} + {%- set dev_dist = { + "name": name, + "distribution": repo.distribution_name ~ 'development', + "base_path": base_path, + "required": repo.required + } + -%} + {%- set _ = prod_dists.append(stackhpc_pulp_rpm_dists_default_config | combine(dev_dist)) -%} + {%- endfor -%} + {{ prod_dists }} ############################################################################### # Containers @@ -788,6 +579,20 @@ stackhpc_pulp_repository_container_repos_ceph: state: present include_tags: "{{ cephadm_image_tag }}" required: "{{ stackhpc_sync_ceph_images | bool }}" + - name: "ceph/haproxy" + url: "https://quay.io" + policy: on_demand + proxy_url: "{{ pulp_proxy_url }}" + state: present + include_tags: "{{ cephadm_haproxy_image_tag }}" + required: "{{ stackhpc_sync_ceph_images | bool }}" + - name: "ceph/keepalived" + url: "https://quay.io" + policy: on_demand + proxy_url: "{{ pulp_proxy_url }}" + state: present + include_tags: "{{ cephadm_keepalived_image_tag }}" + required: "{{ stackhpc_sync_ceph_images | bool }}" # List of Ceph container image distributions. stackhpc_pulp_distribution_container_ceph: @@ -796,13 +601,58 @@ stackhpc_pulp_distribution_container_ceph: base_path: ceph/ceph state: present required: "{{ stackhpc_sync_ceph_images | bool }}" + - name: ceph/haproxy + repository: ceph/haproxy + base_path: ceph/haproxy + state: present + required: "{{ stackhpc_sync_ceph_images | bool }}" + - name: ceph/keepalived + repository: ceph/keepalived + base_path: ceph/keepalived + state: present + required: "{{ stackhpc_sync_ceph_images | bool }}" + +# Whether to sync HashiCorp container images. +stackhpc_sync_hashicorp_images: false + +# List of HashiCorp container image repositories. +stackhpc_pulp_repository_container_repos_hashicorp: + - name: "hashicorp/consul" + url: "https://registry-1.docker.io" + policy: on_demand + proxy_url: "{{ pulp_proxy_url }}" + state: present + include_tags: "{{ overcloud_consul_docker_tag }}" + required: "{{ stackhpc_sync_hashicorp_images | bool }}" + - name: "hashicorp/vault" + url: "https://registry-1.docker.io" + policy: on_demand + proxy_url: "{{ pulp_proxy_url }}" + state: present + include_tags: "{{ overcloud_vault_docker_tag }}" + required: "{{ stackhpc_sync_hashicorp_images | bool }}" + +# List of HashiCorp container image distributions. +stackhpc_pulp_distribution_container_hashicorp: + - name: consul + repository: hashicorp/consul + base_path: hashicorp/consul + state: present + required: "{{ stackhpc_sync_hashicorp_images | bool }}" + - name: vault + repository: hashicorp/vault + base_path: hashicorp/vault + state: present + required: "{{ stackhpc_sync_hashicorp_images | bool }}" # List of container image repositories. stackhpc_pulp_repository_container_repos: >- {{ (stackhpc_pulp_repository_container_repos_kolla + - stackhpc_pulp_repository_container_repos_ceph) | selectattr('required') }} + stackhpc_pulp_repository_container_repos_ceph + + stackhpc_pulp_repository_container_repos_hashicorp) | selectattr('required') }} # List of container image distributions. stackhpc_pulp_distribution_container: >- {{ (stackhpc_pulp_distribution_container_kolla + - stackhpc_pulp_distribution_container_ceph) | selectattr('required') }} + stackhpc_pulp_distribution_container_ceph + + stackhpc_pulp_distribution_container_hashicorp) | selectattr('required') }} diff --git a/etc/kayobe/seed.yml b/etc/kayobe/seed.yml index 0ba8c362b..3bef4f878 100644 --- a/etc/kayobe/seed.yml +++ b/etc/kayobe/seed.yml @@ -112,8 +112,8 @@ seed_pulp_container: # s6-overlay-suexec starts as pid 1 init: false env: - PULP_CONTENT_WORKERS: "{{ ansible_facts.processor_vcpus * 2 + 1 }}" - PULP_API_WORKERS: "{{ ansible_facts.processor_vcpus * 2 + 1 }}" + PULP_CONTENT_WORKERS: "{{ [ansible_facts.processor_vcpus * 2 + 1, 32] | min }}" + PULP_API_WORKERS: "{{ [ansible_facts.processor_vcpus * 2 + 1, 32] | min }}" PULP_HTTPS: "{{ 'true' if pulp_enable_tls | bool else 'false' }}" volumes: - /opt/kayobe/containers/pulp:/etc/pulp diff --git a/etc/kayobe/stackhpc-overcloud-dib.yml b/etc/kayobe/stackhpc-overcloud-dib.yml index 4031ea240..ddb93600e 100644 --- a/etc/kayobe/stackhpc-overcloud-dib.yml +++ b/etc/kayobe/stackhpc-overcloud-dib.yml @@ -23,13 +23,13 @@ stackhpc_overcloud_dib_name: "deployment_image" stackhpc_overcloud_dib_elements: - "{{ os_distribution }}-{% if os_distribution == 'rocky' %}container{% else %}minimal{% endif %}" - "cloud-init-datasources" - - "{% if os_distribution in ['centos', 'rocky'] %}disable-selinux{% endif %}" + - "{% if os_distribution == 'rocky' %}disable-selinux{% endif %}" - "enable-serial-console" - "{% if kayobe_environment == 'ci-builder' %}etc-hosts{% endif %}" - "vm" - "block-device-efi" - "cloud-init" - - "{% if os_distribution in ['centos', 'rocky'] %}dracut-regenerate{% endif %}" + - "{% if os_distribution == 'rocky' %}dracut-regenerate{% endif %}" - "{% if os_distribution == 'ubuntu' %}lvm{% endif %}" - "openssh-server" - "{% if os_distribution == 'ubuntu' %}sudoers{% endif %}" @@ -71,7 +71,7 @@ stackhpc_overcloud_dib_packages: - "{% if os_distribution == 'ubuntu' %}iputils-ping{% endif %}" - "{% if os_distribution == 'ubuntu' %}curl{% endif %}" - "{% if os_distribution == 'ubuntu' %}apt-utils{% endif %}" - - "{% if os_distribution == 'centos' %}openssh-clients{% endif %}" + - "{% if os_distribution == 'rocky' %}NetworkManager-config-server{% endif %}" # StackHPC overcloud DIB image block device configuration. # This image layout conforms to the CIS partition benchmarks. diff --git a/etc/kayobe/stackhpc-overcloud-host-images.yml b/etc/kayobe/stackhpc-overcloud-host-images.yml new file mode 100644 index 000000000..e9de707e1 --- /dev/null +++ b/etc/kayobe/stackhpc-overcloud-host-images.yml @@ -0,0 +1,25 @@ +--- +############################## +# Release train overcloud host image sources + +# Whether or not to download overcloud host images from Ark +stackhpc_download_overcloud_host_images: false + +# Whether or not to use images with MLNX_OFED installed (for deployment using +# mellanox/Nvidia NICs). Only available for Ubuntu Jammy and Rocky Linux 9 +# OFED images are currently WIP and this variable is a placeholder +stackhpc_overcloud_host_image_is_ofed: false + +# The overcloud host image source, defined by os_distribution, os_release, +# stackhpc_overcloud_host_image_is_ofed, and the current stable version. +stackhpc_overcloud_host_image_url: "{{ stackhpc_release_pulp_content_url_with_auth }}/kayobe-images/\ + {{ openstack_release }}/{{ os_distribution }}/{{ os_release }}/\ + {{ 'ofed/' if stackhpc_overcloud_host_image_is_ofed else '' }}\ + {{ stackhpc_overcloud_host_image_version }}/\ + overcloud-{{ os_distribution }}-{{ os_release }}\ + {{ '-ofed' if stackhpc_overcloud_host_image_is_ofed else '' }}.qcow2" + +# Overcloud host image version tag selection +stackhpc_overcloud_host_image_version: >- + {{ stackhpc_rocky_9_overcloud_host_image_version if os_distribution == 'rocky' and os_release == '9' else + stackhpc_ubuntu_jammy_overcloud_host_image_version if os_distribution == 'ubuntu' and os_release == 'jammy' }} diff --git a/etc/kayobe/stackhpc.yml b/etc/kayobe/stackhpc.yml index 70bc5bac5..13b384484 100644 --- a/etc/kayobe/stackhpc.yml +++ b/etc/kayobe/stackhpc.yml @@ -12,7 +12,6 @@ stackhpc_rocky_9_url_version: "{{ '9.' + stackhpc_pulp_repo_rocky_9_minor_versio ############################################################################### # Debs - # Ubuntu jammy stackhpc_repo_ubuntu_jammy_url: "{{ stackhpc_repo_mirror_url }}/pulp/content/ubuntu/jammy/{{ stackhpc_repo_ubuntu_jammy_version }}" stackhpc_repo_ubuntu_jammy_version: "{{ stackhpc_repo_distribution }}" diff --git a/etc/kayobe/vault.yml b/etc/kayobe/vault.yml index 4c92b9fce..98e48ce4a 100644 --- a/etc/kayobe/vault.yml +++ b/etc/kayobe/vault.yml @@ -2,9 +2,20 @@ ############################################################################### # Hashicorp Vault deployment configuration. +# Registry information for seed. +# seed_hashicorp_registry_url: +# seed_hashicorp_registry_username: +# seed_hashicorp_registry_password: + +# Seed Consul container image. +# seed_consul_docker_image: + # Seed Consul container image tag. # seed_consul_docker_tag: +# Seed Vault container image. +# seed_vault_docker_image: + # Seed Vault container image tag. # seed_vault_docker_tag: @@ -14,9 +25,20 @@ # Seed Vault PKI Roles definition # seed_vault_pki_roles: [] +# Registry information for overcloud. +# overcloud_hashicorp_registry_url: +# overcloud_hashicorp_registry_username: +# overcloud_hashicorp_registry_password: + +# Overcloud Consul container image. +# overcloud_consul_docker_image: + # Overcloud Consul container image tag. # overcloud_consul_docker_tag: +# Overcloud Vault container image. +# overcloud_vault_docker_image: + # Overcloud Vault container image tag. # overcloud_vault_docker_tag: diff --git a/releasenotes/notes/NetworkManager-config-server-5423b1ba9e3bc165.yaml b/releasenotes/notes/NetworkManager-config-server-5423b1ba9e3bc165.yaml new file mode 100644 index 000000000..f1b9fa9ef --- /dev/null +++ b/releasenotes/notes/NetworkManager-config-server-5423b1ba9e3bc165.yaml @@ -0,0 +1,7 @@ +--- +fixes: + - | + Added ``NetworkManager-config-server`` package to Rocky Linux 9 deployment + image. Which prevents NetworkManager from automatically running DHCP on + unconfigured ethernet devices and allows connections with static IP + addresses to be brought up even on ethernet devices with no carrier. diff --git a/releasenotes/notes/add-hotfix-containers-playbook-5a6d3d48067cf0b6.yaml b/releasenotes/notes/add-hotfix-containers-playbook-5a6d3d48067cf0b6.yaml new file mode 100644 index 000000000..98d1e7c10 --- /dev/null +++ b/releasenotes/notes/add-hotfix-containers-playbook-5a6d3d48067cf0b6.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + The playbook ``hotfix-containers.yml`` has been added. This allows + arbitrary files to be copied into, and/or arbitrary commands to be executed + within, overcloud containers. diff --git a/releasenotes/notes/add-jammy-repo-yoga-f58bfb9792a3c6a7.yaml b/releasenotes/notes/add-jammy-repo-yoga-f58bfb9792a3c6a7.yaml new file mode 100644 index 000000000..448bf2ad7 --- /dev/null +++ b/releasenotes/notes/add-jammy-repo-yoga-f58bfb9792a3c6a7.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + Support for Ubuntu 22.04 Jammy Jellyfish + repositories have been added to the Yoga Release. \ No newline at end of file diff --git a/releasenotes/notes/aio-lvm-script-7de0c919f312040b.yaml b/releasenotes/notes/aio-lvm-script-7de0c919f312040b.yaml new file mode 100644 index 000000000..9b049fc0c --- /dev/null +++ b/releasenotes/notes/aio-lvm-script-7de0c919f312040b.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + Improvements to the ci-aio automated deployment script + to allow the script to successfully run on LVM-based + images. \ No newline at end of file diff --git a/releasenotes/notes/bump-focal-7d99ewj84r7h70sq1.yaml b/releasenotes/notes/bump-focal-7d99ewj84r7h70sq1.yaml new file mode 100644 index 000000000..1d47cbd5a --- /dev/null +++ b/releasenotes/notes/bump-focal-7d99ewj84r7h70sq1.yaml @@ -0,0 +1,4 @@ +--- +upgrade: + - | + Bumped focal package versions due to unmet depenencies diff --git a/releasenotes/notes/cap-pulp-workers-e0f12c0b67d3d0bf.yaml b/releasenotes/notes/cap-pulp-workers-e0f12c0b67d3d0bf.yaml new file mode 100644 index 000000000..b1ca452fa --- /dev/null +++ b/releasenotes/notes/cap-pulp-workers-e0f12c0b67d3d0bf.yaml @@ -0,0 +1,4 @@ +fixes: + - | + Caps the number of Pulp API and content workers to 32 each to avoid errors + on hosts with many CPUs. diff --git a/releasenotes/notes/ceph-ingress-images-e756bde5087460ad.yaml b/releasenotes/notes/ceph-ingress-images-e756bde5087460ad.yaml new file mode 100644 index 000000000..dec3154c0 --- /dev/null +++ b/releasenotes/notes/ceph-ingress-images-e756bde5087460ad.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + Adds support for using Ceph HAProxy and Keepalived images stored in Pulp. + This is enabled automatically if ``stackhpc_sync_ceph_images`` is set to + ``true``. diff --git a/releasenotes/notes/deduplicate-pulp-yml-a65b3e949662a284.yaml b/releasenotes/notes/deduplicate-pulp-yml-a65b3e949662a284.yaml new file mode 100644 index 000000000..514354615 --- /dev/null +++ b/releasenotes/notes/deduplicate-pulp-yml-a65b3e949662a284.yaml @@ -0,0 +1,3 @@ +--- +other: + - Reduced verbosity in etc/kayobe/pulp.yml diff --git a/releasenotes/notes/hashicorp-sync-images-96dc726e85323104.yaml b/releasenotes/notes/hashicorp-sync-images-96dc726e85323104.yaml new file mode 100644 index 000000000..e8aee8925 --- /dev/null +++ b/releasenotes/notes/hashicorp-sync-images-96dc726e85323104.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + Adds support for synchronising HashiCorp Consul and Vault images to a local + Pulp registry. diff --git a/releasenotes/notes/magnum-bump-tags-42u298jfj93r3ok32b.yaml b/releasenotes/notes/magnum-bump-tags-42u298jfj93r3ok32b.yaml new file mode 100644 index 000000000..8a63500c0 --- /dev/null +++ b/releasenotes/notes/magnum-bump-tags-42u298jfj93r3ok32b.yaml @@ -0,0 +1,4 @@ +--- +fixes: + - | + Fixes Octavia health monitors not being created on cluster spawn. diff --git a/releasenotes/notes/pull-stackhpc-host-images-a623e4ab2d2a9e5b.yaml b/releasenotes/notes/pull-stackhpc-host-images-a623e4ab2d2a9e5b.yaml new file mode 100644 index 000000000..5869eec04 --- /dev/null +++ b/releasenotes/notes/pull-stackhpc-host-images-a623e4ab2d2a9e5b.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + Prebuilt overcloud host images can now be pulled from Ark using the + `stackhpc_download_overcloud_host_images` variable. The image is selected + based on `os_distribution` and `os_release`. diff --git a/releasenotes/notes/readthedocs-configuration-17cf3e6a63f571fa.yaml b/releasenotes/notes/readthedocs-configuration-17cf3e6a63f571fa.yaml new file mode 100644 index 000000000..2445b5cbc --- /dev/null +++ b/releasenotes/notes/readthedocs-configuration-17cf3e6a63f571fa.yaml @@ -0,0 +1,4 @@ +--- +fixes: + - | + Fixes documentation builds on Read the Docs. diff --git a/terraform/aio/README.rst b/terraform/aio/README.rst index edb465943..c27f59f2f 100644 --- a/terraform/aio/README.rst +++ b/terraform/aio/README.rst @@ -84,7 +84,7 @@ Generate Terraform variables: cat << EOF > terraform.tfvars ssh_public_key = "id_rsa.pub" aio_vm_name = "kayobe-aio" - aio_vm_image = "CentOS-stream8" + aio_vm_image = "Rocky9" aio_vm_flavor = "general.v1.medium" aio_vm_network = "stackhpc-ipv4-geneve" aio_vm_subnet = "stackhpc-ipv4-geneve-subnet" diff --git a/terraform/aio/vm.tf b/terraform/aio/vm.tf index b4d1ba7cc..d3369e520 100644 --- a/terraform/aio/vm.tf +++ b/terraform/aio/vm.tf @@ -13,7 +13,7 @@ variable "aio_vm_name" { variable "aio_vm_image" { type = string - default = "CentOS-stream8" + default = "Rocky9" } variable "aio_vm_interface" {