Merge branch 'stackhpc/wallaby' into upstream/wallaby-2022-10-17

Author: markgoddard

.github/CODEOWNERS

@@ -0,0 +1 @@
+* @stackhpc/kayobe

.github/workflows/tag-and-release.yml

@@ -0,0 +1,11 @@
+---
+name: Tag & Release
+'on':
+  push:
+    branches:
+      - stackhpc/wallaby
+permissions:
+  contents: write
+jobs:
+  tag-and-release:
+    uses: stackhpc/.github/.github/workflows/tag-and-release.yml@main

.github/workflows/tox.yml

@@ -0,0 +1,7 @@
+---
+name: Tox Continuous Integration
+'on':
+  pull_request:
+jobs:
+  tox:
+    uses: stackhpc/.github/.github/workflows/tox.yml@main

ansible/action_plugins/merge_configs.py

@@ -0,0 +1,19 @@
+# Copyright (c) 2021 StackHPC Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+__metaclass__ = type
+
+import kayobe.plugins.action.merge_configs
+
+ActionModule = kayobe.plugins.action.merge_configs.ActionModule

ansible/action_plugins/merge_yaml.py

@@ -0,0 +1,19 @@
+# Copyright (c) 2021 StackHPC Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+__metaclass__ = type
+
+import kayobe.plugins.action.merge_yaml
+
+ActionModule = kayobe.plugins.action.merge_yaml.ActionModule

ansible/apt.yml

@@ -1,6 +1,6 @@
 ---
 - name: Ensure APT is configured
-  hosts: seed-hypervisor:seed:overcloud
+  hosts: seed-hypervisor:seed:overcloud:infra-vms
   vars:
     ansible_python_interpreter: /usr/bin/python3
   tags:

ansible/compute-libvirt-host.yml

@@ -0,0 +1,59 @@
+---
+- name: Ensure the libvirt daemon is configured
+  hosts: compute
+  tags:
+    - libvirt-host
+  tasks:
+    - name: Ensure Ceph package repository is available
+      package:
+        name: "centos-release-ceph-{{ compute_libvirt_ceph_repo_release }}"
+        state: present
+      when:
+        - compute_libvirt_enabled | bool
+        - ansible_facts.distribution in ['CentOS', 'Rocky']
+        - compute_libvirt_ceph_repo_install | bool
+      become: true
+
+    - name: Include stackhpc.libvirt-host role
+      include_role:
+        name: stackhpc.libvirt-host
+      vars:
+        libvirt_host_libvirtd_conf: "{{ compute_libvirt_conf }}"
+        libvirt_host_qemu_conf: "{{ compute_qemu_conf }}"
+        libvirt_host_enable_sasl_support: "{{ compute_libvirt_enable_sasl | bool }}"
+        libvirt_host_sasl_authname: nova
+        libvirt_host_sasl_password: "{{ compute_libvirt_sasl_password }}"
+        libvirt_host_tcp_listen: "{{ not compute_libvirt_enable_tls | bool }}"
+        libvirt_host_tcp_listen_address: "{{ internal_net_name | net_ip }}:16509"
+        libvirt_host_tls_listen: "{{ compute_libvirt_enable_tls | bool }}"
+        libvirt_host_tls_listen_address: "{{ internal_net_name | net_ip }}:16514"
+        # TLS server and client certificates.
+        libvirt_host_tls_server_cert: >-
+          {{ lookup('file', lookup('first_found', lookup_params | combine({'files': ['servercert.pem']})))
+             if libvirt_host_tls_listen | default(False) | bool else '' }}
+        libvirt_host_tls_server_key: >-
+          {{ lookup('file', lookup('first_found', lookup_params | combine({'files': ['serverkey.pem']})))
+             if libvirt_host_tls_listen | default(False) | bool else '' }}
+        libvirt_host_tls_client_cert: >-
+          {{ lookup('file', lookup('first_found', lookup_params | combine({'files': ['clientcert.pem']})))
+             if libvirt_host_tls_listen | default(False) | bool else '' }}
+        libvirt_host_tls_client_key: >-
+          {{ lookup('file', lookup('first_found', lookup_params | combine({'files': ['clientkey.pem']})))
+             if libvirt_host_tls_listen | default(False) | bool else '' }}
+        libvirt_host_tls_cacert: >-
+          {{ lookup('file', lookup('first_found', lookup_params | combine({'files': ['cacert.pem']})))
+             if libvirt_host_tls_listen | default(False) | bool else '' }}
+        lookup_params:
+          paths: "{{ libvirt_tls_cert_paths }}"
+          skip: true
+        # Support loading libvirt TLS certificates & keys from per-host and
+        # global locations.
+        libvirt_tls_cert_paths: >-
+          {{ (libvirt_tls_cert_dirs | unique | product([inventory_hostname]) | map('path_join') | list +
+              libvirt_tls_cert_dirs | unique | list) | list }}
+        libvirt_tls_cert_dirs:
+          - "{{ kayobe_env_config_path }}/certificates/libvirt"
+          - "{{ kayobe_config_path }}/certificates/libvirt"
+        libvirt_host_enable_efi_support: true
+      when:
+        - compute_libvirt_enabled | bool

ansible/dev-tools.yml

@@ -1,6 +1,6 @@
 ---
 - name: Ensure development tools are installed
-  hosts: seed-hypervisor:seed:overcloud
+  hosts: seed-hypervisor:seed:overcloud:infra-vms
   tags:
     - dev-tools
   roles:

ansible/disable-cloud-init.yml

@@ -4,7 +4,7 @@
 # In some cases cloud-init reconfigure automatically network interface
 # and cause some issues in network configuration
 - name: Disable Cloud-init service
-  hosts: overcloud
+  hosts: overcloud:infra-vms
   tags:
     - disable-cloud-init
   roles:

ansible/disable-glean.yml

@@ -3,7 +3,7 @@
 # servers but gets in the way after this as it tries to enable all network
 # interfaces. In some cases this can lead to timeouts.
 - name: Ensure Glean is disabled and its artifacts are removed
-  hosts: seed:overcloud
+  hosts: seed:overcloud:infra-vms
   tags:
     - disable-glean
   roles: