Merge branch 'main' into feat/nhc-v2

Author: sjpb

.github/workflows/extra.yml

@@ -121,7 +121,7 @@ jobs:
       - name: Make image usable for further builds
         run: |
           . venv/bin/activate
-          openstack image unset --property signature_verified "${{ steps.manifest.outputs.image-id }}"
+          openstack image unset --property signature_verified "${{ steps.manifest.outputs.image-id }}" || true
 
       - name: Delete image for automatically-run workflows
         run: |

.github/workflows/fatimage.yml

@@ -10,6 +10,11 @@ on:
             - LEAFCLOUD
             - SMS
             - ARCUS
+        cleanup_on_failure:
+          description: Cleanup Packer resources on failure
+          type: boolean
+          required: true
+          default: true
 
 jobs:
   openstack:
@@ -23,10 +28,10 @@ jobs:
       matrix: # build RL8, RL9
         build:
           - image_name: openhpc-RL8
-            source_image_name: Rocky-8-GenericCloud-Base-8.10-20240528.0.x86_64.qcow2
+            source_image_name: Rocky-8-GenericCloud-Base-8.10-20240528.0.x86_64.raw
             inventory_groups: control,compute,login,update
           - image_name: openhpc-RL9
-            source_image_name: Rocky-9-GenericCloud-Base-9.5-20241118.0.x86_64.qcow2
+            source_image_name: Rocky-9-GenericCloud-Base-9.5-20241118.0.x86_64.raw
             inventory_groups: control,compute,login,update
     env:
       ANSIBLE_FORCE_COLOR: True
@@ -78,7 +83,7 @@ jobs:
           packer init .
 
           PACKER_LOG=1 packer build \
-          -on-error=${{ vars.PACKER_ON_ERROR }} \
+          -on-error=${{ github.event.inputs.cleanup_on_failure && 'cleanup' || 'abort' }} \
           -var-file=$PKR_VAR_environment_root/${{ env.CI_CLOUD }}.pkrvars.hcl \
           -var "source_image_name=${{ matrix.build.source_image_name }}" \
           -var "image_name=${{ matrix.build.image_name }}" \
@@ -102,7 +107,7 @@ jobs:
       - name: Make image usable for further builds
         run: |
           . venv/bin/activate
-          openstack image unset --property signature_verified "${{ steps.manifest.outputs.image-id }}"
+          openstack image unset --property signature_verified "${{ steps.manifest.outputs.image-id }}" || true
 
       - name: Upload manifest artifact
         uses: actions/upload-artifact@v4

.github/workflows/nightly-cleanup.yml

@@ -59,10 +59,34 @@ jobs:
       - name: Delete CI clusters
         run: |
           . venv/bin/activate
-          if [[ -z "${ci_clusters}" ]]; then
+          if [[ -z ${ci_clusters} ]]; then
             echo "No clusters to delete."
             exit 0
           fi
-          echo "Deleting clusters: ${ci_clusters}"
-          ./dev/delete-cluster.py ${ci_clusters} --force
+
+          for cluster_prefix in ${ci_clusters}
+          do
+            echo "Processing cluster: $cluster_prefix"
+
+            # Get all servers with the matching name for control node
+            CONTROL_SERVERS=$(openstack server list --name ${cluster_prefix}-control --format json)
+
+            # Get unique server names to avoid duplicate cleanup
+            UNIQUE_NAMES=$(echo "$CONTROL_SERVERS" | jq -r '.[].Name' | sort | uniq)
+            for name in $UNIQUE_NAMES; do
+              echo "Deleting cluster with control node: $name"
+
+              # Get the first matching server ID by name
+              server=$(echo "$CONTROL_SERVERS" | jq -r '.[] | select(.Name=="'"$name"'") | .ID' | head -n1)
+
+              # Make sure server still exists (wasn't deleted earlier)
+              if ! openstack server show "$server" &>/dev/null; then
+                echo "Server $server no longer exists, skipping $name."
+                continue
+              fi
+
+              echo "Deleting cluster $cluster_prefix (server $server)..."
+              ./dev/delete-cluster.py $cluster_prefix --force
+            done
+          done
         shell: bash

.github/workflows/release-image.yml

@@ -0,0 +1,37 @@
+name: Release images
+on:
+  workflow_dispatch:
+  release:
+    types:
+      - published # should work for both pre-releases and releases
+env:
+  IMAGE_PATH: environments/.stackhpc/tofu/cluster_image.auto.tfvars.json
+jobs:
+  ci-image-release:
+    name: ci-image-release
+    runs-on: ubuntu-22.04
+    concurrency: ${{ github.workflow }}-${{ github.ref }}
+    strategy:
+      fail-fast: false
+      matrix:
+        build:
+          - RL8
+          - RL9
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Write s3cmd configuration
+        run: echo "${{ secrets.ARCUS_S3_CFG }}" > ~/.s3cfg
+
+      - name: Install s3cmd
+        run: |
+          sudo apt-get update
+          sudo apt-get --yes install s3cmd
+      
+      - name: Retrieve image name
+        run: |
+          TARGET_IMAGE=$(jq --arg version "${{ matrix.build }}" -r '.cluster_image[$version]' "${{ env.IMAGE_PATH }}")
+          echo "TARGET_IMAGE=${TARGET_IMAGE}" >> "$GITHUB_ENV"
+      
+      - name: Copy image from pre-release to release bucket
+        run: s3cmd cp s3://openhpc-images-prerelease/${{ env.TARGET_IMAGE }} s3://openhpc-images

.github/workflows/s3-image-sync.yml

@@ -26,6 +26,7 @@ jobs:
 
       - name: Install s3cmd
         run: |
+          sudo apt-get update
           sudo apt-get --yes install s3cmd
       
       - name: Cleanup S3 bucket
@@ -75,20 +76,38 @@ jobs:
           echo "${{ secrets['ARCUS_S3_CFG'] }}" > ~/.s3cfg
         shell: bash
 
-      - name: Install s3cmd
+      - name: Install s3cmd and qemu-utils
         run: |
-          sudo apt-get --yes install s3cmd
+          sudo apt-get update
+          sudo apt-get --yes install s3cmd qemu-utils
 
       - name: Retrieve image name
         run: |
           TARGET_IMAGE=$(jq --arg version "${{ matrix.build }}" -r '.cluster_image[$version]' "${{ env.IMAGE_PATH }}")
           echo "TARGET_IMAGE=${TARGET_IMAGE}" >> "$GITHUB_ENV"
         shell: bash
 
+      - name: Clear up some space on runner
+        run: |
+          df -h
+          sudo rm -rf /usr/share/dotnet
+          sudo rm -rf /opt/ghc
+          sudo rm -rf "/usr/local/share/boost"
+          sudo rm -rf "$AGENT_TOOLSDIRECTORY"
+          sudo apt-get clean
+          df -h
+
       - name: Download image to runner
         run: |
           . venv/bin/activate
-          openstack image save --file ${{ env.TARGET_IMAGE }} ${{ env.TARGET_IMAGE }}
+          openstack image save --file "${{ env.TARGET_IMAGE }}.raw" "${{ env.TARGET_IMAGE }}"
+          df -h
+        shell: bash
+
+      - name: Convert image to QCOW2
+        run: |
+          . venv/bin/activate
+          qemu-img convert -f raw -O qcow2 -c "${{ env.TARGET_IMAGE }}.raw" "${{ env.TARGET_IMAGE }}"
         shell: bash
 
       - name: Upload Image to S3

.github/workflows/stackhpc.yml

@@ -91,9 +91,9 @@ jobs:
         run: dev/setup-env.sh
 
       - name: Install OpenTofu
-        uses: opentofu/setup-opentofu@v1
+        uses: opentofu/setup-opentofu@v1.0.5
         with:
-          tofu_version: 1.6.2
+          tofu_version: 1.9.0
 
       - name: Initialise tofu
         run: tofu init
@@ -230,6 +230,16 @@ jobs:
         env:
           DEMO_USER_PASSWORD: ${{ secrets.TEST_USER_PASSWORD }}
 
+      - name: Delete possible volume snapshot from slurm upgrade
+        run: |
+          . venv/bin/activate
+          . environments/.stackhpc/activate  
+          if [ -n "$SNAPSHOT" ]
+          then
+              echo Deleting $SNAPSHOT
+              openstack volume snapshot delete $SNAPSHOT
+          fi
+
       - name: Delete infrastructure
         run: |
           . venv/bin/activate

.gitignore

@@ -5,3 +5,4 @@ venv
 *.pyc
 packer/openhpc2
 .vscode
+requirements.yml.last

README.md

@@ -25,8 +25,6 @@ The default configuration in this repository may be used to create a cluster to
 - Persistent state backed by an OpenStack volume.
 - NFS-based shared file system backed by another OpenStack volume.
 
-Note that the Open OnDemand portal and its remote apps are not usable with this default configuration.
-
 It requires an OpenStack cloud, and an Ansible "deploy host" with access to that cloud.
 
 Before starting ensure that:

ansible/bootstrap.yml

@@ -144,7 +144,7 @@
       - appliances_mode == 'configure'
       - not (dnf_repos_allow_insecure_creds | default(false)) # useful for development
 
-- hosts: cacerts:!builder
+- hosts: cacerts
   tags: cacerts
   gather_facts: false
   tasks:

ansible/roles/cacerts/README.md

@@ -4,7 +4,7 @@ Configure CA certificates and trusts.
 
 ## Role variables
 
-- `ca-certificates`: Optional str. Path to directory containing certificates
+- `cacerts_cert_dir`: Optional str. Path to directory containing certificates
   in PEM or DER format. Any files here will be added to the list of CAs trusted
   by the system.