Merge remote-tracking branch 'origin/stackhpc/2024.1' into cross-arch-builds-2024.1

bbezak · bbezak · commit b7c04575c42d · 2025-07-15T10:16:12.000+02:00
Change-Id: I27ced2bd7356602983ee7005e61b518fa4e7ca4b
diff --git a/.github/workflows/stackhpc-container-image-build.yml b/.github/workflows/stackhpc-container-image-build.yml
@@ -139,6 +139,10 @@ jobs:
       - generate-tag
       - runner-selection
     steps:
+      - name: Purge workspace (Arm runner only)
+        if: runner.arch == 'ARM64'
+        run: sudo rm -rf "$GITHUB_WORKSPACE"/*
+
       - name: Install package dependencies
         run: |
           sudo apt update
@@ -152,10 +156,6 @@ jobs:
           sudo apt update
           sudo apt install gh -y
 
-      - name: Purge workspace (Arm runner only)
-        if: runner.arch == 'ARM64'
-        run: sudo rm -rf "$GITHUB_WORKSPACE"/*
-
       - name: Checkout
         uses: actions/checkout@v4
         with:
@@ -232,6 +232,8 @@ jobs:
             args="$args -e kolla_tag=${{ steps.write-kolla-tag.outputs.kolla-tag }}"
           fi
           args="$args -e stackhpc_repo_mirror_auth_proxy_enabled=true"
+          args="$args -e kolla_build_log_path=/var/log/kolla-build-${{ steps.write-kolla-tag.outputs.kolla-tag }}.log"
+          args="$args -e base_path=$GITHUB_WORKSPACE/opt/kayobe"
           source venvs/kayobe/bin/activate &&
           source src/kayobe-config/kayobe-env --environment ci-builder &&
           kayobe overcloud container image build $args
@@ -240,11 +242,13 @@ jobs:
         if: inputs.overcloud
 
       - name: Copy overcloud container image build logs to output directory
-        run: sudo mv /var/log/kolla-build.log image-build-logs/kolla-build-overcloud.log
+        run: |
+          sudo mv /var/log/kolla-build-${{ steps.write-kolla-tag.outputs.kolla-tag }}.log \
+                  image-build-logs/kolla-build-overcloud.log
         if: inputs.overcloud
 
       - name: Copy build configs to output directory
-        run: sudo cp -rnL /opt/kayobe/etc/kolla/* image-build-logs/
+        run: sudo cp -rnL "$GITHUB_WORKSPACE/opt/kayobe/etc/kolla/"* image-build-logs/
         if: inputs.overcloud
 
       - name: Build kolla seed images
@@ -355,9 +359,9 @@ jobs:
       - name: Remove locally built images for this run
         if: always() && runner.arch == 'ARM64'
         run: |
-          docker images --quiet \
+          docker images --format '{{.Repository}}:{{.Tag}}' \
             --filter "reference=ark.stackhpc.com/stackhpc-dev/*:${{ steps.write-kolla-tag.outputs.kolla-tag }}*" \
-            | xargs -r docker rmi -f
+            | xargs -r -n1 docker rmi -f
 
   create-manifests:
     # Only for Rocky Linux for now
diff --git a/etc/kayobe/ansible/check-kayobe-version.yml b/etc/kayobe/ansible/check-kayobe-version.yml
@@ -29,18 +29,28 @@
           register: kayobe_git_commit
           failed_when: kayobe_git_commit.stdout == ""
 
+        - name: Create a temporary directory to clone Kayobe into
+          ansible.builtin.tempfile:
+            state: directory
+          register: kayobe_temp_dir
+
         - name: Clone Kayobe
           ansible.builtin.git:
             repo: https://github.com/stackhpc/kayobe.git
-            dest: /tmp/kayobe-git
+            dest: "{{ kayobe_temp_dir.path }}/kayobe-git"
             version: stackhpc/{{ openstack_release }}
 
         - name: Get tag from Kayobe commit
           ansible.builtin.command:
             cmd: git describe --tags {{ kayobe_git_commit.stdout }}
-            chdir: /tmp/kayobe-git
+            chdir: "{{ kayobe_temp_dir.path }}/kayobe-git"
           register: kayobe_current_version
 
+        - name: Clean up temporary directory
+          ansible.builtin.file:
+            state: absent
+            path: "{{ kayobe_temp_dir.path }}"
+
         - name: Get latest Kayobe version
           ansible.builtin.shell:
             cmd: set -o pipefail && grep -o kayobe@stackhpc\/.*$ {{ requirements_path }} | cut -d @ -f 2
diff --git a/etc/kayobe/ansible/get-cloud-facts.yml b/etc/kayobe/ansible/get-cloud-facts.yml
@@ -0,0 +1,87 @@
+---
+- name: Gather Cloud Facts
+  hosts: localhost
+  gather_facts: true
+  tasks:
+    - name: Write facts to file
+      vars:
+        cloud_facts:
+          ansible_control_host_distribution: "{{ ansible_facts.distribution }}"
+          ansible_control_host_distribution_release: "{{ ansible_facts.distribution_release }}"
+          openstack_release: "{{ openstack_release }}"
+          openstack_release_name: "{{ openstack_release_codename }}"
+          ansible_control_host_is_vm: "{{ ansible_facts.virtualization_role == 'guest' }}"
+          controller_count: "{{ groups['controllers'] | length }}"
+          hypervisor_count: "{{ groups['hypervisors'] | length }}"
+          monitoring_count: "{{ groups['monitoring'] | length }}"
+          osd_count: "{{ groups['osds'] | length }}"
+          compute_count: "{{ groups['compute'] | length }}"
+          baremetal_count: "{{ groups['baremetal-compute'] | length }}"
+          ceph_deployed: "{{ groups['ceph'] | length > 0 | bool }}"
+          ceph_count: "{{ groups['ceph'] | length }}"
+          ceph_release: "{{ cephadm_ceph_release }}"
+          storage_hyperconverged: "{{ groups['controllers'] | intersect(groups['osds']) | length > 0 | bool }}"
+          wazuh_enabled: "{{ groups['wazuh-agent'] | length > 0 | bool }}"
+          kayobe_managed_switches: "{{ groups['switches'] | length > 0 | bool }}"
+          proxy_configured: "{{ http_proxy | bool or https_proxy | bool }}"
+          bifrost_version: "{{ kolla_bifrost_source_version }}"
+          barbican_enabled: "{{ kolla_enable_barbican }}"
+          nova_enabled: "{{ kolla_enable_nova }}"
+          neutron_enabled: "{{ kolla_enable_neutron }}"
+          ovs_enabled: "{{ kolla_enable_openvswitch }}"
+          ovn_enabled: "{{ kolla_enable_ovn }}"
+          glance_enabled: "{{ kolla_enable_glance }}"
+          cinder_enabled: "{{ kolla_enable_cinder }}"
+          keystone_enabled: "{{ kolla_enable_keystone }}"
+          horizon_enabled: "{{ kolla_enable_horizon }}"
+          fluentd_enabled: "{{ kolla_enable_fluentd }}"
+          rabbitmq_enabled: "{{ kolla_enable_rabbitmq }}"
+          mariadb_enabled: "{{ kolla_enable_mariadb }}"
+          mariabackup_enabled: "{{ kolla_enable_mariabackup }}"
+          memcached_enabled: "{{ kolla_enable_memcached }}"
+          haproxy_enabled: "{{ kolla_enable_haproxy }}"
+          keepalived_enabled: "{{ kolla_enable_keepalived }}"
+          octavia_enabled: "{{ kolla_enable_octavia }}"
+          designate_enabled: "{{ kolla_enable_designate }}"
+          manila_enabled: "{{ kolla_enable_manila }}"
+          magnum_enabled: "{{ kolla_enable_magnum }}"
+          heat_enabled: "{{ kolla_enable_heat }}"
+          ironic_enabled: "{{ kolla_enable_ironic }}"
+          skyline_enabled: "{{ kolla_enable_skyline }}"
+          blazar_enabled: "{{ kolla_enable_blazar }}"
+          pulp_enabled: "{{ seed_pulp_container_enabled }}"
+          opensearch_enabled: "{{ kolla_enable_opensearch }}"
+          opensearch_dashboards_enabled: "{{ kolla_enable_opensearch_dashboards }}"
+          influxdb_enabled: "{{ kolla_enable_influxdb }}"
+          grafana_enabled: "{{ kolla_enable_grafana }}"
+          prometheus_enabled: "{{ kolla_enable_prometheus }}"
+          cloudkitty_enabled: "{{ kolla_enable_cloudkitty }}"
+          telegraf_enabled: "{{ kolla_enable_telegraf }}"
+          internal_tls_enabled: "{{ kolla_enable_tls_internal }}"
+          external_tls_enabled: "{{ kolla_enable_tls_external }}"
+          firewalld_enabled_all: >-
+            {{
+              controller_firewalld_enabled and
+              compute_firewalld_enabled and
+              storage_firewalld_enabled and
+              monitoring_firewalld_enabled and
+              infra_vm_firewalld_enabled and
+              seed_firewalld_enabled and
+              seed_hypervisor_firewalld_enabled
+            }}
+          firewalld_enabled_any: >-
+            {{
+              controller_firewalld_enabled or
+              compute_firewalld_enabled or
+              storage_firewalld_enabled or
+              monitoring_firewalld_enabled or
+              infra_vm_firewalld_enabled or
+              seed_firewalld_enabled or
+              seed_hypervisor_firewalld_enabled
+            }}
+          stackhpc_package_repos_enabled: "{{ stackhpc_repos_enabled }}"
+          pulp_tls_enabled: "{{ pulp_enable_tls }}"
+          kolla_image_tags: "{{ kolla_image_tags }}"
+      ansible.builtin.copy:
+        content: "{{ cloud_facts | to_nice_json(sort_keys=false) }}"
+        dest: ~/cloud-facts.json
diff --git a/etc/kayobe/environments/ci-builder/stackhpc-ci.yml b/etc/kayobe/environments/ci-builder/stackhpc-ci.yml
@@ -29,7 +29,6 @@ kolla_enable_octavia: true
 kolla_enable_opensearch: true
 kolla_enable_prometheus: true
 kolla_enable_redis: true
-kolla_enable_skyline: true
 kolla_build_neutron_ovs: true
 
 ###############################################################################
diff --git a/etc/kayobe/kolla/inventory/group_vars/prometheus-blackbox-exporter b/etc/kayobe/kolla/inventory/group_vars/prometheus-blackbox-exporter
@@ -111,6 +111,8 @@ prometheus_blackbox_exporter_endpoints_default:
     enabled: "{{ enable_etcd | bool }}"
   - endpoints:
       - "grafana:http_2xx:{{ grafana_public_endpoint }}"
+    enabled: "{{ enable_grafana_external | bool }}"
+  - endpoints:
       - "{{ ('grafana_internal:http_2xx:' + grafana_internal_endpoint) if not kolla_same_external_internal_vip | bool }}"
     enabled: "{{ enable_grafana | bool }}"
   - endpoints:
diff --git a/etc/kayobe/kolla/kolla-build.conf b/etc/kayobe/kolla/kolla-build.conf
@@ -16,3 +16,11 @@ build_args = {{ (kolla_build_args | default({})).items() | map('join', ':') | jo
 type = git
 location = https://github.com/stackhpc/requirements
 reference = stackhpc/{{ openstack_release }}
+
+[etcd]
+version = 3.5.21
+sha256 = amd64:adddda4b06718e68671ffabff2f8cee48488ba61ad82900e639d108f2148501c,arm64:95bf6918623a097c0385b96f139d90248614485e781ec9bee4768dbb6c79c53f
+
+[letsencrypt-lego]
+version = v4.23.1
+sha256 = amd64:1fd60b1fd59c239bed22719a5de402cb745d1f933540cb1ec196e2c03e6e8882,arm64:1114745108343286d4bff189b4bdee3cba9d07ebcacc673860d91ab951d31e0d
diff --git a/etc/kayobe/pulp-repo-versions.yml b/etc/kayobe/pulp-repo-versions.yml
@@ -14,13 +14,13 @@ stackhpc_pulp_repo_centos_stream_9_storage_ceph_reef_aarch64_version: 20240927T0
 stackhpc_pulp_repo_ceph_reef_debian_version: 20240925T152022
 stackhpc_pulp_repo_docker_ce_ubuntu_jammy_version: 20241218T154614
 stackhpc_pulp_repo_docker_ce_ubuntu_noble_version: 20250401T001425
-stackhpc_pulp_repo_elrepo_9_version: 20241129T235743
-stackhpc_pulp_repo_elrepo_9_aarch64_version: 20240927T073838
-stackhpc_pulp_repo_epel_9_version: 20241216T235733
-stackhpc_pulp_repo_epel_9_aarch64_version: 20241217T012754
-stackhpc_pulp_repo_grafana_version: 20241216T002739
-stackhpc_pulp_repo_opensearch_2_x_version: 20241106T010702
-stackhpc_pulp_repo_opensearch_dashboards_2_x_version: 20241106T010702
+stackhpc_pulp_repo_elrepo_9_version: 20250610T235426
+stackhpc_pulp_repo_elrepo_9_aarch64_version: 20250408T030629
+stackhpc_pulp_repo_epel_9_version: 20250615T000221
+stackhpc_pulp_repo_epel_9_aarch64_version: 20250615T015805
+stackhpc_pulp_repo_grafana_version: 20250615T005738
+stackhpc_pulp_repo_opensearch_2_x_version: 20250430T014638
+stackhpc_pulp_repo_opensearch_dashboards_2_x_version: 20250430T014638
 stackhpc_pulp_repo_rhel9_rabbitmq_erlang_version: 20241217T002152
 stackhpc_pulp_repo_rhel9_rabbitmq_erlang_aarch64_version: 20241213T015928
 stackhpc_pulp_repo_rhel9_rabbitmq_server_version: 20241217T002152
@@ -50,20 +50,30 @@ stackhpc_pulp_repo_rocky_9_3_highavailability_version: 20240510T001129
 stackhpc_pulp_repo_rocky_9_4_appstream_version: 20240816T002610
 stackhpc_pulp_repo_rocky_9_4_baseos_version: 20240816T002610
 stackhpc_pulp_repo_rocky_9_4_crb_version: 20240816T002610
-stackhpc_pulp_repo_rocky_9_5_crb_aarch64_version: 20241217T012754
 stackhpc_pulp_repo_rocky_9_4_extras_version: 20240816T002610
 stackhpc_pulp_repo_rocky_9_4_highavailability_version: 20240816T002610
 stackhpc_pulp_repo_rocky_9_5_appstream_version: 20241217T005008
 stackhpc_pulp_repo_rocky_9_5_appstream_aarch64_version: 20241217T012754
 stackhpc_pulp_repo_rocky_9_5_baseos_version: 20241216T013503
 stackhpc_pulp_repo_rocky_9_5_baseos_aarch64_version: 20241216T011954
 stackhpc_pulp_repo_rocky_9_5_crb_version: 20241217T005008
+stackhpc_pulp_repo_rocky_9_5_crb_aarch64_version: 20241217T012754
 stackhpc_pulp_repo_rocky_9_5_extras_version: 20241216T004230
 stackhpc_pulp_repo_rocky_9_5_extras_aarch64_version: 20241216T011954
 stackhpc_pulp_repo_rocky_9_5_highavailability_version: 20241202T003154
 stackhpc_pulp_repo_rocky_9_5_highavailability_aarch64_version: 20241203T010516
 stackhpc_pulp_repo_rocky_9_sig_security_common_version: 20241127T003858
 stackhpc_pulp_repo_rocky_9_sig_security_common_aarch64_version: 20241127T011228
+stackhpc_pulp_repo_rocky_9_6_appstream_version: 20250614T015933
+stackhpc_pulp_repo_rocky_9_6_appstream_aarch64_version: 20250614T024523
+stackhpc_pulp_repo_rocky_9_6_baseos_version: 20250614T030644
+stackhpc_pulp_repo_rocky_9_6_baseos_aarch64_version: 20250614T024523
+stackhpc_pulp_repo_rocky_9_6_crb_version: 20250614T015933
+stackhpc_pulp_repo_rocky_9_6_crb_aarch64_version: 20250614T024523
+stackhpc_pulp_repo_rocky_9_6_extras_version: 20250605T150141
+stackhpc_pulp_repo_rocky_9_6_extras_aarch64_version: 20250605T150141
+stackhpc_pulp_repo_rocky_9_6_highavailability_version: 20250605T150141
+stackhpc_pulp_repo_rocky_9_6_highavailability_aarch64_version: 20250605T150141
 stackhpc_pulp_repo_ubuntu_cloud_archive_version: 20250416T042645
 stackhpc_pulp_repo_ubuntu_jammy_security_version: 20250417T070229
 stackhpc_pulp_repo_ubuntu_jammy_version: 20250417T070229
@@ -73,3 +83,7 @@ stackhpc_pulp_repo_rhel_9_4_doca_version: 20241211T153620
 stackhpc_pulp_repo_rhel_9_4_doca_modules_version: 20241213T112245
 stackhpc_pulp_repo_rhel_9_5_doca_version: 20241211T171301
 stackhpc_pulp_repo_rhel_9_5_doca_modules_version: 20250115T150314
+##### NOTE: Dummy variables, currently no RL9.6 DOCA
+stackhpc_pulp_repo_rhel_9_6_doca_modules_version: 00000000T000000
+stackhpc_pulp_repo_rhel_9_6_doca_version: 00000000T000000
+######
diff --git a/etc/kayobe/pulp.yml b/etc/kayobe/pulp.yml
@@ -242,8 +242,8 @@ stackhpc_pulp_distribution_deb_production: >-
 
 # Whether to sync Rocky Linux 9 packages.
 stackhpc_pulp_sync_rocky_9: "{{ os_distribution == 'rocky' }}"
-# Rocky 9 minor version number. Supported values: 1, 2, 3, 4, 5. Default is 5
-stackhpc_pulp_repo_rocky_9_minor_version: 5
+# Rocky 9 minor version number. Supported values: 1, 2, 3, 4, 5, 6. Default is 6
+stackhpc_pulp_repo_rocky_9_minor_version: 6
 # Rocky 9 Snapshot versions. The defaults use the appropriate version from
 # pulp-repo-versions.yml for the selected minor release.
 
@@ -603,8 +603,6 @@ stackhpc_pulp_images_kolla:
   - rabbitmq
   - redis
   - redis-sentinel
-  - skyline-apiserver
-  - skyline-console
 
 # List of images for each base distribution which should not/cannot be built.
 stackhpc_kolla_unbuildable_images:
diff --git a/etc/kayobe/trivy/allowed-vulnerabilities.yml b/etc/kayobe/trivy/allowed-vulnerabilities.yml
@@ -16,8 +16,31 @@ fluentd_allowed_vulnerabilities:
   - CVE-2024-27280
 grafana_allowed_vulnerabilities:
   - CVE-2024-8986
-skyline_apiserver_allowed_vulnerabilities:
-  - CVE-2024-33663
+influxdb_allowed_vulnerabilities:
+  - CVE-2024-45337
+magnum_conductor_allowed_vulnerabilities:
+  - CVE-2024-45337
+prometheus_blackbox_exporter_allowed_vulnerabilities:
+  - CVE-2024-45337
+prometheus_memcached_exporter_allowed_vulnerabilities:
+  - CVE-2024-45337
+prometheus_mysqld_exporter_allowed_vulnerabilities:
+  - CVE-2024-45337
+prometheus_elasticsearch_exporter_allowed_vulnerabilities:
+  - CVE-2024-45337
+prometheus_node_exporter_allowed_vulnerabilities:
+  - CVE-2024-45337
+prometheus_openstack_exporter_allowed_vulnerabilities:
+  - CVE-2024-45337
+prometheus_libvirt_exporter_allowed_vulnerabilities:
+  - CVE-2024-45337
+prometheus_cadvisor_allowed_vulnerabilities:
+  - CVE-2024-41110
+  - CVE-2024-45337
+prometheus_msteams_allowed_vulnerabilities:
+  - CVE-2024-45337
+prometheus_v2_server_allowed_vulnerabilities:
+  - CVE-2024-45337
 
 ###############################################################################
 # Dummy variable to allow Ansible to accept this file.
diff --git a/releasenotes/notes/drop-skyline-support-31d683f58f125335.yaml b/releasenotes/notes/drop-skyline-support-31d683f58f125335.yaml
@@ -0,0 +1,4 @@
+---
+deprecations:
+  - |
+    Disabled building of Kolla container images for Skyline
diff --git a/releasenotes/notes/enable-building-skyline-61a41c13cfcd54a1.yaml b/releasenotes/notes/enable-building-skyline-61a41c13cfcd54a1.yaml
diff --git a/releasenotes/notes/fix-blackbox-exporter-config-with-no-external-grafana-de1db02c540af6d8.yaml b/releasenotes/notes/fix-blackbox-exporter-config-with-no-external-grafana-de1db02c540af6d8.yaml
@@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    Fixes an issue where the external Grafana endpoint would be added to
+    Prometheus Blackbox Exporter config, even when ``enable_grafana_external``
+    was disabled.
diff --git a/releasenotes/notes/fix-kayobe-version-checks-d1fb3e09391e4a3e.yaml b/releasenotes/notes/fix-kayobe-version-checks-d1fb3e09391e4a3e.yaml
@@ -0,0 +1,5 @@
+---
+fixes:
+  - |
+    Fix Kayobe version checks that were failing on multiuser
+    Ansible control hosts.
diff --git a/releasenotes/notes/rl9.6-f46ea1230214a657.yaml b/releasenotes/notes/rl9.6-f46ea1230214a657.yaml
@@ -0,0 +1,8 @@
+---
+features:
+  - |
+    Added support for Rocky Linux 9.6, including host packages and a full
+    container image refresh.
+upgrade:
+  - |
+    9.6 is now the default release for Rocky Linux.

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +---
 +deprecations:
 +  - |
 +    Disabled building of Kolla container images for Skyline