From e6f05673f589bad494133f9fabb6debb9fb63769 Mon Sep 17 00:00:00 2001
From: Michal Nasiadka <mnasiadka@gmail.com>
Date: Wed, 4 Jun 2025 10:48:14 +0100
Subject: [PATCH 1/3] Add support for CentOS 10 Stream

Depends-On: https://review.opendev.org/c/openstack/ansible-collection-kolla/+/962714

Signed-Off-By: Michal Nasiadka <mnasiadka@gmail.com>
Change-Id: I998fdeb51f3f01a878c159f477004b8edf4e0aa9
(cherry picked from commit 635211ca2c4140d1e5a6bcc1dbabf373bc3acfd6)
---
 ansible/roles/prechecks/vars/main.yml |  1 +
 zuul.d/jobs.yaml                      | 10 ++++++++++
 zuul.d/nodesets.yaml                  | 10 ++++++++--
 zuul.d/project.yaml                   |  1 +
 4 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/ansible/roles/prechecks/vars/main.yml b/ansible/roles/prechecks/vars/main.yml
index 4489ee976b..72485d6e37 100644
--- a/ansible/roles/prechecks/vars/main.yml
+++ b/ansible/roles/prechecks/vars/main.yml
@@ -11,6 +11,7 @@ ansible_version_max: '2.18'
 host_os_distributions:
   CentOS:
     - "9"
+    - "10"
   Debian:
     - "bookworm"
   Rocky:
diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml
index c3f4761701..3546ede679 100644
--- a/zuul.d/jobs.yaml
+++ b/zuul.d/jobs.yaml
@@ -9,6 +9,16 @@
       tls_enabled: true
       kolla_build_images: true
 
+- job:
+    name: kolla-ansible-centos10s
+    parent: kolla-ansible-base
+    nodeset: kolla-ansible-centos10s
+    voting: false
+    vars:
+      base_distro: centos
+      tls_enabled: true
+      kolla_build_images: true
+
 - job:
     name: kolla-ansible-debian-aarch64
     parent: kolla-ansible-debian
diff --git a/zuul.d/nodesets.yaml b/zuul.d/nodesets.yaml
index 79b2253d1a..a9764d56a3 100644
--- a/zuul.d/nodesets.yaml
+++ b/zuul.d/nodesets.yaml
@@ -6,10 +6,16 @@
         label: centos-9-stream
 
 - nodeset:
-    name: kolla-ansible-debian-bookworm-8GB
+    name: kolla-ansible-centos10s
     nodes:
       - name: primary
-        label: debian-bookworm-8GB
+        label: centos-10-stream-8GB
+
+- nodeset:
+    name: kolla-ansible-debian-bookworm
+    nodes:
+      - name: primary
+        label: debian-bookworm
 
 - nodeset:
     name: kolla-ansible-debian-bookworm-16GB
diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml
index a3c2f47fb5..84d2d6bc3a 100644
--- a/zuul.d/project.yaml
+++ b/zuul.d/project.yaml
@@ -15,6 +15,7 @@
         - openstack-tox-py311
         - openstack-tox-py312
         - kolla-ansible-centos9s
+        - kolla-ansible-centos10s
         - kolla-ansible-debian
         - kolla-ansible-debian-podman
         - kolla-ansible-rocky9

From dbdd7f663341b9c46987761261fcaf9c6e8a2989 Mon Sep 17 00:00:00 2001
From: Michal Nasiadka <mnasiadka@gmail.com>
Date: Thu, 4 Dec 2025 14:39:26 +0100
Subject: [PATCH 2/3] [2025.1-only] Add support for Rocky Linux 10

Depends-On: https://review.opendev.org/c/openstack/kolla/+/967507

Change-Id: I651552cc2f84c2dd88270469b1538d8b4655932d
Signed-off-by: Michal Nasiadka <mnasiadka@gmail.com>
---
 ansible/roles/common/tasks/config.yml         | 12 ++++++++
 .../hacluster-pacemaker-remote.json.j2        |  3 +-
 ansible/roles/prechecks/vars/main.yml         |  1 +
 doc/source/user/support-matrix.rst            | 12 ++++++--
 .../rocky-10-epoxy-fb16bdfd71eefaab.yaml      |  6 ++++
 tests/templates/globals-default.j2            |  3 ++
 zuul.d/jobs.yaml                              | 29 +++++++++++++++++++
 zuul.d/nodesets.yaml                          | 12 ++++++++
 zuul.d/project.yaml                           |  2 ++
 9 files changed, 76 insertions(+), 4 deletions(-)
 create mode 100644 releasenotes/notes/rocky-10-epoxy-fb16bdfd71eefaab.yaml

diff --git a/ansible/roles/common/tasks/config.yml b/ansible/roles/common/tasks/config.yml
index 789d9b7594..bdda47fba1 100644
--- a/ansible/roles/common/tasks/config.yml
+++ b/ansible/roles/common/tasks/config.yml
@@ -27,6 +27,18 @@
   when:
     - kolla_copy_ca_into_containers | bool
 
+- name: Ensure /var/log/journal exists on EL10 systems
+  become: true
+  file:
+    path: /var/log/journal
+    state: directory
+    owner: root
+    group: systemd-journal
+    mode: "2755"
+  when: >
+    (kolla_base_distro == 'centos' and kolla_base_distro_version == 'stream10') or
+    (kolla_base_distro == 'rocky' and kolla_base_distro_version == '10')
+
 - name: Copying over /run subdirectories conf
   become: true
   template:
diff --git a/ansible/roles/hacluster/templates/hacluster-pacemaker-remote.json.j2 b/ansible/roles/hacluster/templates/hacluster-pacemaker-remote.json.j2
index e84923d67d..1fb909fb8e 100644
--- a/ansible/roles/hacluster/templates/hacluster-pacemaker-remote.json.j2
+++ b/ansible/roles/hacluster/templates/hacluster-pacemaker-remote.json.j2
@@ -1,5 +1,6 @@
+{% set remoted = '/usr/sbin/pacemaker-remoted' if kolla_base_distro in ['centos', 'rocky'] and kolla_base_distro_version in ['10', 'stream10'] else '/usr/sbin/pacemaker_remoted' %}
 {
-    "command": "/usr/sbin/pacemaker_remoted -l /var/log/kolla/hacluster/pacemaker-remoted.log{% if openstack_logging_debug | bool %} -VV{% endif %} -p {{ hacluster_pacemaker_remote_port }}",
+    "command": "{{ remoted }} -l /var/log/kolla/hacluster/pacemaker-remoted.log{% if openstack_logging_debug | bool %} -VV{% endif %} -p {{ hacluster_pacemaker_remote_port }}",
     "config_files": [
         {
             "source": "{{ container_config_directory }}/authkey",
diff --git a/ansible/roles/prechecks/vars/main.yml b/ansible/roles/prechecks/vars/main.yml
index 72485d6e37..8eb062db85 100644
--- a/ansible/roles/prechecks/vars/main.yml
+++ b/ansible/roles/prechecks/vars/main.yml
@@ -16,5 +16,6 @@ host_os_distributions:
     - "bookworm"
   Rocky:
     - "9"
+    - "10"
   Ubuntu:
     - "noble"
diff --git a/doc/source/user/support-matrix.rst b/doc/source/user/support-matrix.rst
index 0301775f19..7d686285cc 100644
--- a/doc/source/user/support-matrix.rst
+++ b/doc/source/user/support-matrix.rst
@@ -9,11 +9,12 @@ Kolla Ansible supports the following host Operating Systems (OS):
 
 .. note::
 
-   CentOS Stream 9 is supported as a host OS while Kolla does not publish CS9
-   based images. Users can build them on their own. We recommend using Rocky
-   Linux 9 images instead.
+   CentOS Stream 9 and 10 is supported as a host OS while Kolla does not
+   publish CS9/10 based images. Users can build them on their own. We recommend
+   using Rocky and 10 images instead.
 
 * CentOS Stream 9
+* CentOS Stream 10
 * Debian Bookworm (12)
 * Rocky Linux 9
 * Ubuntu Noble (24.04)
@@ -29,5 +30,10 @@ OS distribution. The following values are supported for ``kolla_base_distro``:
 * ``rocky``
 * ``ubuntu``
 
+.. note::
+
+   In order to use CentOS Stream 10 please set ``kolla_base_distro_version``
+   to ``stream10`` and to ``10`` for using Rocky Linux 10.
+
 For details of which images are supported on which distributions, see the
 :kolla-doc:`Kolla support matrix <support_matrix>`.
diff --git a/releasenotes/notes/rocky-10-epoxy-fb16bdfd71eefaab.yaml b/releasenotes/notes/rocky-10-epoxy-fb16bdfd71eefaab.yaml
new file mode 100644
index 0000000000..66f3342f6e
--- /dev/null
+++ b/releasenotes/notes/rocky-10-epoxy-fb16bdfd71eefaab.yaml
@@ -0,0 +1,6 @@
+---
+features:
+  - |
+    Adds ``Rocky Linux 10`` support alongside existing ``Rocky Linux 9`` to
+    allow for operating system migrations before upgrading to 2025.2 (Flamingo)
+    or 2026.1 (Gazpacho) which the former.
diff --git a/tests/templates/globals-default.j2 b/tests/templates/globals-default.j2
index ac92e3de3b..3e6351ab33 100644
--- a/tests/templates/globals-default.j2
+++ b/tests/templates/globals-default.j2
@@ -11,6 +11,9 @@ virtualenv: "{{ kolla_runtime_venv_path }}"
 {% endif %}
 
 kolla_base_distro: "{{ base_distro }}"
+{% if base_distro_version is defined %}
+kolla_base_distro_version: "{{ base_distro_version }}"
+{% endif %}
 network_interface: "{{ api_interface_name }}"
 network_address_family: "{{ address_family }}"
 kolla_container_engine: "{{ container_engine }}"
diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml
index 3546ede679..70397d9114 100644
--- a/zuul.d/jobs.yaml
+++ b/zuul.d/jobs.yaml
@@ -16,6 +16,7 @@
     voting: false
     vars:
       base_distro: centos
+      base_distro_version: stream10
       tls_enabled: true
       kolla_build_images: true
 
@@ -73,6 +74,34 @@
       tls_enabled: true
       container_engine: podman
 
+- job:
+    name: kolla-ansible-rocky10
+    parent: kolla-ansible-base
+    nodeset: kolla-ansible-rocky10-8GB
+    vars:
+      base_distro: rocky
+      base_distro_version: 10
+      tls_enabled: true
+
+- job:
+    name: kolla-ansible-rocky10-podman
+    parent: kolla-ansible-base
+    nodeset: kolla-ansible-rocky10-8GB
+    vars:
+      base_distro: rocky
+      base_distro_version: 10
+      tls_enabled: true
+      container_engine: podman
+
+- job:
+    name: kolla-ansible-rocky9-podman
+    parent: kolla-ansible-base
+    nodeset: kolla-ansible-rocky9
+    vars:
+      base_distro: rocky
+      tls_enabled: true
+      container_engine: podman
+
 - job:
     name: kolla-ansible-ubuntu
     parent: kolla-ansible-base
diff --git a/zuul.d/nodesets.yaml b/zuul.d/nodesets.yaml
index a9764d56a3..f02293079e 100644
--- a/zuul.d/nodesets.yaml
+++ b/zuul.d/nodesets.yaml
@@ -67,6 +67,18 @@
       - name: primary
         label: rockylinux-9
 
+- nodeset:
+    name: kolla-ansible-rocky10-8GB
+    nodes:
+      - name: primary
+        label: rockylinux-10-8GB
+
+- nodeset:
+    name: kolla-ansible-rocky-10-16GB
+    nodes:
+      - name: primary
+        label: rockylinux-10-16GB
+
 - nodeset:
     name: kolla-ansible-ubuntu-noble-multi-8GB
     nodes:
diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml
index 84d2d6bc3a..c9f4428770 100644
--- a/zuul.d/project.yaml
+++ b/zuul.d/project.yaml
@@ -20,6 +20,8 @@
         - kolla-ansible-debian-podman
         - kolla-ansible-rocky9
         - kolla-ansible-rocky9-podman
+        - kolla-ansible-rocky10
+        - kolla-ansible-rocky10-podman
         - kolla-ansible-ubuntu
         - kolla-ansible-ubuntu-podman
         - kolla-ansible-rocky9-kvm

From e642de1f8563b17f07fc55844d2088c419b8ba4b Mon Sep 17 00:00:00 2001
From: Michal Nasiadka <mnasiadka@gmail.com>
Date: Thu, 20 Mar 2025 17:51:24 +0100
Subject: [PATCH 3/3] prometheus: Fix running blackbox-exporter on podman

Closes-Bug: #2103732
Change-Id: Ibaac480503338085eb2c0c17b1fd04c0593c5380
(cherry picked from commit c0b9dea0d07f22d0072ee66f6c76065f2849a8ec)
Signed-off-by: Victor Chembaev <chembervint@gmail.com>
---
 ansible/roles/prometheus/defaults/main.yml | 2 ++
 ansible/roles/prometheus/handlers/main.yml | 1 +
 2 files changed, 3 insertions(+)

diff --git a/ansible/roles/prometheus/defaults/main.yml b/ansible/roles/prometheus/defaults/main.yml
index 4dec0287ee..4bf601c747 100644
--- a/ansible/roles/prometheus/defaults/main.yml
+++ b/ansible/roles/prometheus/defaults/main.yml
@@ -121,6 +121,8 @@ prometheus_services:
     volumes: "{{ prometheus_elasticsearch_exporter_default_volumes + prometheus_elasticsearch_exporter_extra_volumes }}"
     dimensions: "{{ prometheus_elasticsearch_exporter_dimensions }}"
   prometheus-blackbox-exporter:
+    cap_add:
+      - CAP_NET_RAW
     container_name: "prometheus_blackbox_exporter"
     group: "prometheus-blackbox-exporter"
     enabled: "{{ enable_prometheus_blackbox_exporter | bool }}"
diff --git a/ansible/roles/prometheus/handlers/main.yml b/ansible/roles/prometheus/handlers/main.yml
index 7243222c54..9b58a236d6 100644
--- a/ansible/roles/prometheus/handlers/main.yml
+++ b/ansible/roles/prometheus/handlers/main.yml
@@ -112,6 +112,7 @@
   become: true
   kolla_container:
     action: "recreate_or_restart_container"
+    cap_add: "{{ service.cap_add }}"
     common_options: "{{ docker_common_options }}"
     name: "{{ service.container_name }}"
     image: "{{ service.image }}"