stackhpc · Alex-Welsh · Aug 8, 2024 · Sep 6, 2024 · Sep 10, 2024 · Sep 11, 2024
@@ -98,15 +98,15 @@ jobs:
         run: |
           cat << EOF > terraform.tfvars
           ssh_public_key = "id_rsa.pub"
-          ssh_username = "rocky"
+          ssh_username = "ubuntu"
           aio_vm_name = "skc-host-image-builder"
-          # Must be a Rocky Linux 9 host to successfully build all images
+          # Must be an Ubuntu Jammy host to successfully build all images
           # This MUST NOT be an LVM image. It can cause confusing conficts with the built image.
-          aio_vm_image = "Rocky-9-GenericCloud-Base-9.3-20231113.0.x86_64.qcow2"
+          aio_vm_image = "Ubuntu-22.04"
           aio_vm_flavor = "en1.medium"
           aio_vm_network = "stackhpc-ci"
           aio_vm_subnet = "stackhpc-ci"
-          aio_vm_interface = "eth0"
+          aio_vm_interface = "ens3"
           EOF
         working-directory: ${{ github.workspace }}/src/kayobe-config/terraform/aio
 
@@ -184,14 +184,14 @@ jobs:
         run: |
           source venvs/kayobe/bin/activate &&
           source src/kayobe-config/kayobe-env --environment ci-builder &&
-          kayobe seed host configure -e seed_bootstrap_user=rocky --skip-tags network
+          kayobe seed host configure -e seed_bootstrap_user=ubuntu --skip-tags network
 
       - name: Install dependencies
         run: |
           source venvs/kayobe/bin/activate &&
           source src/kayobe-config/kayobe-env --environment ci-builder &&
           kayobe seed host command run \
-          --command "sudo dnf config-manager --set-enabled crb && sudo dnf -y install epel-release && sudo dnf -y install cloud-init debootstrap git kpartx zstd" --show-output
+          --command "sudo apt update && sudo apt -y install gcc git libffi-dev python3-dev python-is-python3 python3-venv" --show-output
         env:
           KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }}
 
@@ -311,8 +311,8 @@ jobs:
         continue-on-error: true
         run: |
           mkdir logs
-          scp -r rocky@$(jq -r .access_ip_v4.value src/kayobe-config/etc/kayobe/environments/ci-builder/tf-outputs.yml):/opt/kayobe/images/*/*.std* ./logs/
-          scp -r rocky@$(jq -r .access_ip_v4.value src/kayobe-config/etc/kayobe/environments/ci-builder/tf-outputs.yml):/tmp/updated_images.txt ./logs/ || true
+          scp -r ubuntu@$(jq -r .access_ip_v4.value src/kayobe-config/etc/kayobe/environments/ci-builder/tf-outputs.yml):/opt/kayobe/images/*/*.std* ./logs/
+          scp -r ubuntu@$(jq -r .access_ip_v4.value src/kayobe-config/etc/kayobe/environments/ci-builder/tf-outputs.yml):/tmp/updated_images.txt ./logs/ || true
         if: always()
 
       - name: Fail if any overcloud host image builds failed

@@ -55,11 +55,6 @@ os_release: >-
           {{ (lookup('pipe', '. /etc/os-release && echo $VERSION_CODENAME') | trim) if os_distribution == 'ubuntu' else
              (lookup('pipe', '. /etc/os-release && echo $VERSION_ID') | trim | split('.') | first) if os_distribution == 'rocky' }}
 
-###############################################################################
-
-# Avoid a reboot.
-selinux_state: disabled
-
 ###############################################################################
 # Dummy variable to allow Ansible to accept this file.
 workaround_ansible_issue_8743: yes
@@ -7,9 +7,3 @@
 # OS distribution name. Valid options are "rocky", "ubuntu". Default is
 # "rocky".
 os_distribution: "{{ lookup('pipe', '. /etc/os-release && echo $ID') | trim }}"
-
-###############################################################################
-# SELinux.
-
-# Avoid a reboot.
-selinux_state: disabled
@@ -60,11 +60,6 @@ os_release: >-
 stackhpc_write_barbican_role_id_to_file: true
 stackhpc_barbican_role_id_file_path: "/tmp/barbican-role-id"
 
-###############################################################################
-
-# Avoid a reboot.
-selinux_state: disabled
-
 ###############################################################################
 # Dummy variable to allow Ansible to accept this file.
 workaround_ansible_issue_8743: yes
@@ -67,7 +67,7 @@ overcloud_dib_host_packages_extra:
 overcloud_dib_git_elements_extra:
   - repo: "https://github.com/stackhpc/stackhpc-image-elements"
     local: "{{ source_checkout_path }}/stackhpc-image-elements"
-    version: "v1.6.1"
+    version: "v1.6.2"
     elements_path: "elements"
 
 # List of git repositories containing Diskimage Builder (DIB) elements. See

@@ -1,5 +1,5 @@
 ---
 # Overcloud host image versioning tags
 # These images must be in SMS, since they are used by our AIO CI runners
-stackhpc_rocky_9_overcloud_host_image_version: "2023.1-20240126T093158"
-stackhpc_ubuntu_jammy_overcloud_host_image_version: "2023.1-20240325T130221"
+stackhpc_rocky_9_overcloud_host_image_version: "2024.1-20240911T124950"
+stackhpc_ubuntu_jammy_overcloud_host_image_version: "2024.1-20240911T124950"
@@ -23,7 +23,7 @@ stackhpc_overcloud_dib_name: "deployment_image"
 stackhpc_overcloud_dib_elements:
   - "{{ os_distribution }}-{% if os_distribution == 'rocky' %}container-stackhpc{% else %}minimal{% endif %}"
   - "cloud-init-datasources"
-  - "{% if os_distribution == 'rocky' %}disable-selinux{% endif %}"
+  - "{% if os_distribution == 'rocky' %}selinux-permissive{% endif %}"
   - "enable-serial-console"
   - "{% if kayobe_environment == 'ci-builder' %}etc-hosts{% endif %}"
   - "vm"
@@ -47,6 +47,8 @@ stackhpc_overcloud_dib_env_vars:
   # sometimes).
   # DIB_DISTRIBUTION_MIRROR: "{{ stackhpc_repo_ubuntu_focal_url if os_distribution == 'ubuntu' else '' }}"
   DIB_DRACUT_ENABLED_MODULES_DEFAULT_CONFIG: "{{ stackhpc_overcloud_dib_dracut_enabled_modules_default_config }}"
+  # NOTE: DIB_ETC_HOSTS_EXTRA must be defined and cannot be an empty string
+  DIB_ETC_HOSTS_EXTRA: "#"
   DIB_RELEASE: "{{ overcloud_dib_os_release }}"
   DIB_SUDOERS_FILENAME: "no-fqdn"
   # Avoid DNS queries during sudo commands, since we might not always have working DNS.

@@ -0,0 +1,4 @@
+---
+features:
+  - |
+    StackHPC overcloud host images have been rebuilt for the Caracal release.
@@ -0,0 +1,5 @@
+---
+upgrade:
+  - |
+    Enables SELinux in permissive mode in the overcloud host image. This
+    matches the default configuration for SELinux in StackHPC Kayobe Configuration.