Add caas openhpc image-build roles and playbook

* Add a role to execute the Packer build process from
ansible-slurm-appliance using the caas inventory variables.
* Add an opt-in role that deploys any networking infrastructure required
for the Packer build process.

Author: m-bull

image-build.yml

@@ -0,0 +1,24 @@
+---
+- name: Build image
+  hosts: openstack
+  tasks:
+    - name: Manage image build infra
+      include_role:
+        name: image_build_infra
+      when:
+        - image_build_manage_infra is defined
+        - image_build_manage_infra
+
+    - block:
+      - name: Build fat image
+        include_role:
+          name: image_build
+
+      - name: Set cluster_image fact
+        set_fact:
+          cluster_image: "{{ image_build_data.artifact_id }}"
+
+      - name: Print cluster_image UUID
+        debug:
+          msg: "{{ cluster_image }}"
+      when: cluster_state is not defined or (cluster_state is defined and cluster_state != "absent")

image-build/hosts

@@ -0,0 +1,2 @@
+[openstack]
+localhost ansible_connection=local ansible_python_interpreter="{{ ansible_playbook_python }}"

roles/cluster_infra/tasks/main.yml

@@ -75,6 +75,7 @@
   # Only run when block_device_prefix isn't set as an extravar
   when:
     - block_device_prefix is not defined
+    - cluster_image is defined
 
 - name: Template Terraform files into project directory
   template:

roles/image_build/defaults/main.yml

@@ -0,0 +1,33 @@
+---
+# Attach a floating IP to the Packer build instance
+image_build_attach_floating_ip: false
+
+# Use a volume for the root disk of the Packer build instance
+image_build_use_blockstorage_volume: false
+
+# Packer image format (only used when image_build_use_blockstorage_volume: true
+image_build_image_disk_format: "qcow2"
+
+# Metadata items to set on the Packer image
+image_build_metadata: {}
+
+# The directory that contains the openstack.pkr.hcl to build the Slurm image
+image_build_packer_root_path: "{{ playbook_dir }}/vendor/stackhpc/ansible-slurm-appliance/packer"
+
+# Vars to apply to the builder group
+image_build_builder_group_vars:
+  update_log_path: /tmp/update_log
+  appliances_repository_root: "{{ playbook_dir }}/vendor/stackhpc/ansible-slurm-appliance"
+
+# ansible_ssh_common_args for Packer build
+image_build_ansible_ssh_common_args: >-
+    {% if image_build_ssh_bastion_host is defined %}
+    '-o ProxyCommand="ssh -W %h:%p -q
+    {% if image_build_ssh_bastion_private_key_file is defined %}
+    -i {{ image_build_ssh_bastion_private_key_file }}
+    {% endif %}
+    -l {{ image_build_ssh_bastion_username }}
+    {{ image_build_ssh_bastion_host }}"'
+    {% else %}
+    ""
+    {% endif %}

roles/image_build/tasks/main.yml

@@ -0,0 +1,80 @@
+---
+
+- name: Run prechecks
+  include_tasks: prechecks.yml
+
+- name: Create temporary file for pkrvars.hcl
+  ansible.builtin.tempfile:
+    state: file
+    suffix: .pkrvars.hcl
+  register: pkrvars_hcl_file
+
+- name: Make Packer vars file
+  template:
+    src: builder.pkrvars.hcl.j2
+    dest: "{{ pkrvars_hcl_file.path }}"
+
+- name: Create temporary image-build inventory directory
+  ansible.builtin.tempfile:
+    state: directory
+    prefix: image-build.
+  register: image_build_inventory
+
+- name: Symlink "everything" layout to image-build inventory
+  file:
+    state: link
+    src: "{{ playbook_dir }}/vendor/stackhpc/ansible-slurm-appliance/environments/common/layouts/everything"
+    dest: "{{ image_build_inventory.path }}/groups"
+
+- name: Symlink CAAS group_vars to image-build inventory
+  file:
+    state: link
+    src: "{{ playbook_dir }}/group_vars"
+    dest: "{{ image_build_inventory.path }}/group_vars"
+
+- name: Add builder vars to image-build inventory hosts file
+  copy:
+    dest: "{{ image_build_inventory.path }}/hosts"
+    content: |
+      [builder:vars]
+      {% if image_build_ssh_bastion_host is defined %}
+      ansible_ssh_common_args={{ image_build_ansible_ssh_common_args }}
+      {% endif %}
+      {% for k,v in image_build_builder_group_vars.items() -%}
+      {{ k }}={{ v }}
+      {% endfor -%}
+
+- name: Create temporary file for ansible.cfg
+  ansible.builtin.tempfile:
+    state: file
+    suffix: ansible.cfg
+  register: ansible_cfg_file
+
+- name: Template image-build ansible.cfg
+  template:
+    src: ansible.cfg.j2
+    dest: "{{ ansible_cfg_file.path }}"
+
+- name: Packer init
+  command:
+    cmd: |
+      packer init .
+    chdir: "{{ image_build_packer_root_path }}"
+
+- name: Build image with packer
+  command:
+    cmd: |
+      packer build -only openstack.openhpc -var-file={{ pkrvars_hcl_file.path }} openstack.pkr.hcl
+    chdir: "{{ image_build_packer_root_path }}"
+  environment:
+    ANSIBLE_CONFIG: "{{ ansible_cfg_file.path }}"
+    PACKER_LOG: "1"
+    PACKER_LOG_PATH: "{{ lookup('ansible.builtin.env', 'PACKER_LOG_PATH', default='/tmp/packer-build.log') }}"
+
+- name: Parse packer-manifest.json
+  set_fact:
+    packer_manifest: "{{ lookup('file', '/tmp/builder.manifest.json') | from_json }}"
+
+- name: Extract image-build data
+  set_fact:
+    image_build_data: "{{ packer_manifest.builds | selectattr('packer_run_uuid', 'eq', packer_manifest.last_run_uuid) | first }}"

roles/image_build/tasks/prechecks.yml

@@ -0,0 +1,22 @@
+---
+
+- name: Check required vars are defined
+  assert:
+    that:
+      - "{{ item }} is defined"
+    fail_msg: "{{ item }} is not defined"
+  loop:
+    - image_build_network_id
+    - image_build_floating_ip_network
+    - image_build_source_image_id
+    - image_build_security_group_id
+
+- name: Ensure builder access mode
+  fail:
+    msg: >- 
+      Set either image_build_ssh_bastion_host or 
+      image_build_attach_floating_ip to access the image
+      build instance via a bastion or directly
+  when:
+    - image_build_ssh_bastion_host is defined 
+    - image_build_attach_floating_ip is defined and image_build_attach_floating_ip

roles/image_build/templates/ansible.cfg.j2

@@ -0,0 +1,15 @@
+[defaults]
+any_errors_fatal = True
+gathering = smart
+host_key_checking = False
+remote_tmp = /tmp
+roles_path = {{ playbook_dir }}/vendor/stackhpc/ansible-slurm-appliance/ansible/roles
+inventory = {{ playbook_dir }}/vendor/stackhpc/ansible-slurm-appliance/environments/common/inventory,{{ image_build_inventory.path }}
+
+[ssh_connection]
+ssh_args = -o ControlMaster=auto -o ControlPersist=240s -o PreferredAuthentications=publickey -o UserKnownHostsFile=/dev/null
+pipelining = True
+# This is important because we are using one of the hosts in the play as a jump host
+# This ensures that if the proxy connection is interrupted, rendering the other hosts
+# unreachable, the connection is retried instead of failing the entire play
+retries = 10

roles/image_build/templates/builder.pkrvars.hcl.j2

@@ -0,0 +1,35 @@
+repo_root = "{{ playbook_dir }}/vendor/stackhpc/ansible-slurm-appliance"
+environment_root = "{{ playbook_dir }}/image_build"
+networks = ["{{ image_build_network_id }}"]
+{% if image_build_ssh_bastion_host is defined %}
+ssh_bastion_host = "{{ image_build_ssh_bastion_host }}"
+{% endif %}
+{% if image_build_ssh_bastion_username is defined %}
+ssh_bastion_username = "{{ image_build_ssh_bastion_username }}"
+{% endif %}
+{% if image_build_ssh_bastion_private_key_file is defined %}
+ssh_bastion_private_key_file = "{{ image_build_ssh_bastion_private_key_file }}"
+{% endif %}
+{% if image_build_attach_floating_ip %}
+floating_ip_network = "{{ image_build_floating_ip_network }}"
+{% endif %}
+security_groups = ["{{ image_build_security_group_id }}"]
+fatimage_source_image = "{{ image_build_source_image_id }}"
+{% if image_build_ssh_keypair_name is defined %}
+ssh_keypair_name = "{{ image_build_ssh_keypair_name }}"
+{% endif %}
+{% if image_build_ssh_private_key_file is defined %}
+ssh_private_key_file = "{{ image_build_ssh_private_key_file }}"
+{% endif %}
+flavor = "{{ image_build_flavor_name }}"
+metadata = {
+{% for k,v in image_build_metadata.items() %}
+  "{{ k }}" = "{{ v }}"
+{% endfor %}
+}
+use_blockstorage_volume = {{ image_build_use_blockstorage_volume | string | lower }}
+{% if image_build_use_blockstorage_volume %}
+volume_size = {{ image_build_volume_size }}
+image_disk_format = "{{ image_build_image_disk_format }}"
+{% endif %}
+manifest_output_path = "/tmp/builder.manifest.json"

roles/image_build_infra/defaults/main.yml

@@ -0,0 +1,12 @@
+---
+
+image_build_terraform_project_path: "{{ playbook_dir }}/terraform-caas-image-build"
+image_build_cluster_id: "caas-image-build"
+
+# Regex to capture existing cloud image names to use as the
+# OpenHPC Slurm base-image
+image_build_existing_image_regex: "^Rocky-8-GenericCloud-Base-8.8-.*"
+# Attributes to sort the list of existing base images returned by
+# image_build_existing_image_regex. See
+# https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs/data-sources/images_image_ids_v2#sort
+image_build_existing_image_sort_attributes: "name,updated_at"

roles/image_build_infra/tasks/main.yml

@@ -0,0 +1,23 @@
+---
+- name: Get path to the image-buid Terraform templates directory
+  set_fact:
+    image_build_terraform_template_dir: "{{ role_path }}/templates"
+
+- name: Run cluster_infra role with image-build terraform template
+  include_role:
+    name: cluster_infra
+    public: true
+  vars:
+    cluster_id: "{{ image_build_cluster_id }}"
+    cluster_name: "{{ image_build_cluster_id }}"
+    cluster_terraform_template_dir: "{{ image_build_terraform_template_dir }}"
+    terraform_project_path: "{{ image_build_terraform_project_path }}"
+
+- name: Set image build infrastructure facts
+  set_fact:
+    image_build_network_id: "{{ terraform_provision.outputs.network_id.value }}"
+    image_build_floating_ip_network: "{{ terraform_provision.outputs.floating_ip_network_id.value }}"
+    image_build_source_image_id: "{{ terraform_provision.outputs.source_image_name.value.ids | first }}"
+    image_build_security_group_id: "{{ terraform_provision.outputs.security_group_id.value }}"
+  when: cluster_state is not defined or (cluster_state is defined and cluster_state != "absent")
+