Add CI Tenks environment and Zuul Bifrost CI job

Author: Alex-Welsh

etc/kayobe/environments/ci-tenks/automated-deployment.sh

@@ -0,0 +1,121 @@
+
+#!/bin/bash
+
+###########################################
+# STACKHPC-KAYOBE-CONFIG ci-tenks VERSION #
+###########################################
+
+# Script for a full deployment.
+
+set -eu
+
+BASE_PATH=~
+KAYOBE_BRANCH=stackhpc/2025.1
+KAYOBE_CONFIG_REF=${KAYOBE_CONFIG_REF:-stackhpc/2025.1}
+KAYOBE_ENVIRONMENT=${KAYOBE_ENVIRONMENT:-ci-tenks}
+
+if [[ ! -f $BASE_PATH/vault-pw ]]; then
+    echo "Vault password file not found at $BASE_PATH/vault-pw"
+    exit 1
+fi
+
+export KAYOBE_VAULT_PASSWORD=$(cat $BASE_PATH/vault-pw)
+
+# Install git and tmux.
+if $(which dnf 2>/dev/null >/dev/null); then
+    sudo dnf -y install git tmux python3.12
+else
+    sudo apt update
+    sudo apt -y install git tmux gcc libffi-dev python3-dev python-is-python3 python3-pip python3.12-venv
+fi
+
+# Disable the firewall.
+sudo systemctl is-enabled firewalld && sudo systemctl stop firewalld && sudo systemctl disable firewalld || true
+
+# Disable SELinux both immediately and permanently.
+if $(which setenforce 2>/dev/null >/dev/null); then
+    sudo setenforce 0
+    sudo sed -i 's/^SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
+fi
+
+# Prevent sudo from performing DNS queries.
+echo 'Defaults !fqdn' | sudo tee /etc/sudoers.d/no-fqdn
+
+# Clone repositories
+cd $BASE_PATH
+mkdir -p src
+pushd src
+if [[ ! -d kayobe-config ]]; then
+    git clone https://github.com/stackhpc/stackhpc-kayobe-config kayobe-config
+    pushd kayobe-config
+    git checkout $KAYOBE_CONFIG_REF
+    popd
+fi
+[[ -d kayobe ]] || git clone https://github.com/stackhpc/kayobe.git -b $KAYOBE_BRANCH
+[[ -d kayobe/tenks ]] || (cd kayobe && git clone https://opendev.org/openstack/tenks.git)
+popd
+
+# Create Kayobe virtualenv
+mkdir -p venvs
+pushd venvs
+if [[ ! -d kayobe ]]; then
+    python3.12 -m venv kayobe
+fi
+# NOTE: Virtualenv's activate and deactivate scripts reference an
+# unbound variable.
+set +u
+source kayobe/bin/activate
+set -u
+pip install -U pip
+pip install -r ../src/kayobe-config/requirements.txt
+popd
+
+# Activate environment
+pushd $BASE_PATH/src/kayobe-config
+source kayobe-env --environment $KAYOBE_ENVIRONMENT
+
+# Configure host networking (bridge, routes & firewall)
+sudo $KAYOBE_CONFIG_PATH/environments/$KAYOBE_ENVIRONMENT/configure-local-networking.sh
+
+# Bootstrap the Ansible control host.
+kayobe control host bootstrap
+
+# Configure the seed hypervisor host.
+kayobe seed hypervisor host configure
+
+# Provision the seed VM.
+kayobe seed vm provision
+
+# Configure the seed host, and deploy a local registry.
+kayobe seed host configure
+
+# Deploy local pulp server as a container on the seed VM
+kayobe seed service deploy --tags seed-deploy-containers --kolla-tags none
+
+# Deploying the seed restarts networking interface, run configure-local-networking.sh again to re-add routes.
+sudo $KAYOBE_CONFIG_PATH/environments/$KAYOBE_ENVIRONMENT/configure-local-networking.sh
+
+# Sync package & container repositories.
+# FIXME: repo sync playbook takes around 30 minutes (tested on ubuntu).
+# for now we should skip it and just get to provisioning. Once we have a local
+# package mirror, we can probably add it back in and at least get to host
+# configuration.
+#kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/pulp-repo-sync.yml
+#kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/pulp-repo-publish.yml
+kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/pulp-container-sync.yml -e stackhpc_pulp_images_kolla_filter=bifrost
+kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/pulp-container-publish.yml -e stackhpc_pulp_images_kolla_filter=bifrost
+
+# Re-run full task to set up bifrost_deploy etc. using newly-populated pulp repo
+kayobe seed service deploy
+
+# NOTE: Make sure to use ./tenks, since just ‘tenks’ will install via PyPI.
+(export TENKS_CONFIG_PATH=$KAYOBE_CONFIG_PATH/environments/$KAYOBE_ENVIRONMENT/tenks.yml && \
+ export KAYOBE_CONFIG_SOURCE_PATH=$BASE_PATH/src/kayobe-config && \
+ export KAYOBE_VENV_PATH=$BASE_PATH/venvs/kayobe && \
+ cd $BASE_PATH/src/kayobe && \
+ ./dev/tenks-deploy-overcloud.sh ./tenks)
+
+# Inspect and provision the overcloud hardware:
+kayobe overcloud inventory discover
+kayobe overcloud hardware inspect
+kayobe overcloud provision

etc/kayobe/environments/ci-tenks/cephadm.yml

@@ -0,0 +1,63 @@
+---
+###############################################################################
+# Cephadm deployment configuration.
+
+# List of additional cephadm commands to run before deployment
+# cephadm_commands:
+#   - "config set global osd_pool_default_size {{ [3, groups['osds'] | length] | min }}"
+#   - "config set global osd_pool_default_min_size {{ [3, groups['osds'] | length] | min }}"
+
+# Ceph OSD specification.
+cephadm_osd_spec:
+  service_type: osd
+  service_id: osd_spec_default
+  placement:
+    host_pattern: "*"
+  data_devices:
+    all: true
+
+###############################################################################
+# Ceph post-deployment configuration.
+
+# List of Ceph erasure coding profiles. See stackhpc.cephadm.ec_profiles role
+# for format.
+cephadm_ec_profiles: []
+
+# List of Ceph CRUSH rules. See stackhpc.cephadm.crush_rules role for format.
+cephadm_crush_rules: []
+
+# List of Ceph pools. See stackhpc.cephadm.pools role for format.
+cephadm_pools:
+  - name: backups
+    application: rbd
+    state: present
+  - name: images
+    application: rbd
+    state: present
+  - name: volumes
+    application: rbd
+    state: present
+  - name: vms
+    application: rbd
+    state: present
+
+# List of Cephx keys. See stackhpc.cephadm.keys role for format.
+cephadm_keys:
+  - name: client.cinder
+    caps:
+      mon: "profile rbd"
+      osd: "profile rbd pool=volumes, profile rbd pool=vms, profile rbd-read-only pool=images"
+      mgr: "profile rbd pool=volumes, profile rbd pool=vms"
+    state: present
+  - name: client.cinder-backup
+    caps:
+      mon: "profile rbd"
+      osd: "profile rbd pool=volumes, profile rbd pool=backups"
+      mgr: "profile rbd pool=volumes, profile rbd pool=backups"
+    state: present
+  - name: client.glance
+    caps:
+      mon: "profile rbd"
+      osd: "profile rbd pool=images"
+      mgr: "profile rbd pool=images"
+    state: present

etc/kayobe/environments/ci-tenks/configure-local-networking.sh

@@ -0,0 +1,81 @@
+#!/bin/bash
+
+set -e
+set -o pipefail
+
+# This should be run on the seed hypervisor.
+
+# IP addresses on the all-in-one Kayobe cloud network.
+# These IP addresses map to those statically configured in
+# etc/kayobe/network-allocation.yml and etc/kayobe/networks.yml.
+controller_vip=192.168.39.2
+seed_hv_ip=192.168.33.4
+
+iface=$(ip route | awk '$1 == "default" {print $5; exit}')
+
+# Private IP address by which the seed hypervisor is accessible in the cloud
+# hosting the VM.
+seed_hv_private_ip=$(ip a show dev $iface | awk '$1 == "inet" { gsub(/\/[0-9]*/,"",$2); print $2; exit }')
+
+# Forward the following ports to the controller.
+# 80: Horizon
+# 6080: VNC console
+forwarded_ports="80 6080"
+
+# Install iptables.
+if $(which dnf >/dev/null 2>&1); then
+    sudo dnf -y install iptables
+else
+    sudo apt update
+    sudo apt -y install iptables
+fi
+
+# Configure local networking.
+# Add bridges for the Kayobe networks.
+if ! sudo ip l show brprov >/dev/null 2>&1; then
+    sudo ip l add brprov type bridge
+    sudo ip l set brprov up
+    sudo ip a add $seed_hv_ip/24 dev brprov
+fi
+
+if ! sudo ip l show brcloud >/dev/null 2>&1; then
+    sudo ip l add brcloud type bridge
+    sudo ip l set brcloud up
+fi
+
+# On Rocky Linux, bridges without a port are DOWN, which causes network
+# configuration to fail. Add a dummy interface and plug it into the bridge.
+for i in mgmt prov cloud; do
+    if ! sudo ip l show dummy-$i >/dev/null 2>&1; then
+      sudo ip l add dummy-$i type dummy
+    fi
+done
+
+# Configure IP routing and NAT to allow the seed VM and overcloud hosts to
+# route via this route to the outside world.
+sudo iptables -A POSTROUTING -t nat -o $iface -j MASQUERADE
+sudo sysctl -w net.ipv4.conf.all.forwarding=1
+
+# FIXME: IP MASQUERADE from control plane fails without this on Ubuntu.
+if ! $(which dnf >/dev/null 2>&1); then
+    sudo modprobe br_netfilter
+    echo 0 | sudo tee /proc/sys/net/bridge/bridge-nf-call-iptables
+fi
+
+# Configure port forwarding from the hypervisor to the Horizon GUI on the
+# controller.
+sudo iptables -A FORWARD -i $iface -o brprov -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+sudo iptables -A FORWARD -i brprov -o $iface -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+for port in $forwarded_ports; do
+  # Allow new connections.
+  sudo iptables -A FORWARD -i $iface -o brcloud -p tcp --syn --dport $port -m conntrack --ctstate NEW -j ACCEPT
+  # Destination NAT.
+  sudo iptables -t nat -A PREROUTING -i $iface -p tcp --dport $port -j DNAT --to-destination $controller_vip
+  # Source NAT.
+  sudo iptables -t nat -A POSTROUTING -o brcloud -p tcp --dport $port -d $controller_vip -j SNAT --to-source $seed_hv_private_ip
+done
+
+echo
+echo "NOTE: The network configuration applied by this script is not"
+echo "persistent across reboots."
+echo "If you reboot the system, please re-run this script."

etc/kayobe/environments/ci-tenks/controllers.yml

@@ -0,0 +1,15 @@
+---
+###############################################################################
+# Controller node configuration.
+
+# User with which to access the controllers via SSH during bootstrap, in order
+# to setup the Kayobe user account. Default is {{ os_distribution }}.
+controller_bootstrap_user: "zuul"
+
+###############################################################################
+# Controller node LVM configuration.
+
+# List of controller volume groups. See mrlesmithjr.manage-lvm role for
+# format.
+controller_lvm_groups:
+  - "{{ stackhpc_lvm_group_rootvg }}"

etc/kayobe/environments/ci-tenks/globals.yml

@@ -0,0 +1,21 @@
+---
+# Kayobe global configuration.
+
+###############################################################################
+# OS distribution.
+
+# OS distribution name. Valid options are "rocky", "ubuntu". Default is
+# "rocky".
+os_distribution: "{{ lookup('pipe', '. /etc/os-release && echo $ID') | trim }}"
+
+# OS release. Valid options are "9" when os_distribution is "rocky", or
+# "noble" when os_distribution is "ubuntu".
+os_release: >-
+          {{ (lookup('pipe', '. /etc/os-release && echo $VERSION_CODENAME') | trim) if os_distribution == 'ubuntu' else
+             (lookup('pipe', '. /etc/os-release && echo $VERSION_ID') | trim | split('.') | first) if os_distribution == 'rocky' }}
+
+###############################################################################
+# Extra vars.
+
+# Don't prompt when rebooting hosts.
+confirm_reboot: true

etc/kayobe/environments/ci-tenks/inventory/group_vars/all/lvm.yml

@@ -0,0 +1,27 @@
+---
+###############################################################################
+# StackHPC LVM Logical Volume (LV) configuration.
+
+# StackHPC LVM lv_swap LV size.
+stackhpc_lvm_lv_swap_size: 120m
+
+# StackHPC LVM lv_root LV size.
+stackhpc_lvm_lv_root_size: 1g
+
+# StackHPC LVM lv_tmp LV size.
+stackhpc_lvm_lv_tmp_size: 1g
+
+# StackHPC LVM lv_var LV size.
+stackhpc_lvm_lv_var_size: 2.5g
+
+# StackHPC LVM lv_var_tmp LV size.
+stackhpc_lvm_lv_var_tmp_size: 1g
+
+# StackHPC LVM lv_log LV size.
+stackhpc_lvm_lv_log_size: 1g
+
+# StackHPC LVM lv_audit LV size.
+stackhpc_lvm_lv_audit_size: 120m
+
+# StackHPC LVM lv_home LV size.
+stackhpc_lvm_lv_home_size: 1g

etc/kayobe/environments/ci-tenks/inventory/group_vars/compute/network-interfaces

@@ -0,0 +1,19 @@
+---
+###############################################################################
+# Network interface definitions for the compute group.
+
+provision_oc_interface: "{{ 'ens2' if os_distribution == 'ubuntu' else 'eth0' }}"
+# Route via the seed-hypervisor to the outside world.
+provision_oc_gateway: 192.168.33.4
+
+internal_interface: "{{ 'ens3' if os_distribution == 'ubuntu' else 'eth1' }}.{{ internal_vlan }}"
+
+storage_interface: "{{ 'ens3' if os_distribution == 'ubuntu' else 'eth1' }}.{{ storage_vlan }}"
+
+tunnel_interface: "{{ 'ens3' if os_distribution == 'ubuntu' else 'eth1' }}.{{ tunnel_vlan }}"
+
+external_interface: "{{ 'ens3' if os_distribution == 'ubuntu' else 'eth1' }}.{{ external_vlan }}"
+
+###############################################################################
+# Dummy variable to allow Ansible to accept this file.
+workaround_ansible_issue_8743: yes

etc/kayobe/environments/ci-tenks/inventory/group_vars/controllers/network-interfaces

@@ -0,0 +1,27 @@
+---
+###############################################################################
+# Network interface definitions for the controller group.
+
+provision_oc_interface: "{{ 'ens2' if os_distribution == 'ubuntu' else 'eth0' }}"
+# Route via the seed-hypervisor to the outside world.
+provision_oc_gateway: 192.168.33.4
+
+mgmt_interface: "{{ 'ens3' if os_distribution == 'ubuntu' else 'eth1' }}"
+
+provision_wl_interface: "br{{ 'ens4' if os_distribution == 'ubuntu' else 'eth2' }}"
+provision_wl_bridge_ports:
+  - "{{ 'ens4' if os_distribution == 'ubuntu' else 'eth2' }}"
+
+internal_interface: "{{ 'ens4' if os_distribution == 'ubuntu' else 'eth2' }}.{{ internal_vlan }}"
+
+external_interface: "br{{ 'ens4' if os_distribution == 'ubuntu' else 'eth2' }}.{{ external_vlan }}"
+
+public_interface: "{{ 'ens4' if os_distribution == 'ubuntu' else 'eth2' }}.{{ public_vlan }}"
+
+storage_interface: "{{ 'ens4' if os_distribution == 'ubuntu' else 'eth2' }}.{{ storage_vlan }}"
+
+tunnel_interface: "{{ 'ens4' if os_distribution == 'ubuntu' else 'eth2' }}.{{ tunnel_vlan }}"
+
+###############################################################################
+# Dummy variable to allow Ansible to accept this file.
+workaround_ansible_issue_8743: yes