diff --git a/.github/workflows/overcloud-host-image-build.yml b/.github/workflows/overcloud-host-image-build.yml index 1752d6c05..a041b4f33 100644 --- a/.github/workflows/overcloud-host-image-build.yml +++ b/.github/workflows/overcloud-host-image-build.yml @@ -98,15 +98,15 @@ jobs: run: | cat << EOF > terraform.tfvars ssh_public_key = "id_rsa.pub" - ssh_username = "rocky" + ssh_username = "ubuntu" aio_vm_name = "skc-host-image-builder" - # Must be a Rocky Linux 9 host to successfully build all images + # Must be an Ubuntu Jammy host to successfully build all images # This MUST NOT be an LVM image. It can cause confusing conficts with the built image. - aio_vm_image = "Rocky-9-GenericCloud-Base-9.3-20231113.0.x86_64.qcow2" + aio_vm_image = "Ubuntu-22.04" aio_vm_flavor = "en1.medium" aio_vm_network = "stackhpc-ci" aio_vm_subnet = "stackhpc-ci" - aio_vm_interface = "eth0" + aio_vm_interface = "ens3" EOF working-directory: ${{ github.workspace }}/src/kayobe-config/terraform/aio @@ -184,14 +184,14 @@ jobs: run: | source venvs/kayobe/bin/activate && source src/kayobe-config/kayobe-env --environment ci-builder && - kayobe seed host configure -e seed_bootstrap_user=rocky --skip-tags network + kayobe seed host configure -e seed_bootstrap_user=ubuntu --skip-tags network - name: Install dependencies run: | source venvs/kayobe/bin/activate && source src/kayobe-config/kayobe-env --environment ci-builder && kayobe seed host command run \ - --command "sudo dnf config-manager --set-enabled crb && sudo dnf -y install epel-release && sudo dnf -y install cloud-init debootstrap git kpartx zstd" --show-output + --command "sudo apt update && sudo apt -y install gcc git libffi-dev python3-dev python-is-python3 python3-venv" --show-output env: KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} @@ -311,8 +311,8 @@ jobs: continue-on-error: true run: | mkdir logs - scp -r rocky@$(jq -r .access_ip_v4.value src/kayobe-config/etc/kayobe/environments/ci-builder/tf-outputs.yml):/opt/kayobe/images/*/*.std* ./logs/ - scp -r rocky@$(jq -r .access_ip_v4.value src/kayobe-config/etc/kayobe/environments/ci-builder/tf-outputs.yml):/tmp/updated_images.txt ./logs/ || true + scp -r ubuntu@$(jq -r .access_ip_v4.value src/kayobe-config/etc/kayobe/environments/ci-builder/tf-outputs.yml):/opt/kayobe/images/*/*.std* ./logs/ + scp -r ubuntu@$(jq -r .access_ip_v4.value src/kayobe-config/etc/kayobe/environments/ci-builder/tf-outputs.yml):/tmp/updated_images.txt ./logs/ || true if: always() - name: Fail if any overcloud host image builds failed diff --git a/.github/workflows/stackhpc-all-in-one.yml b/.github/workflows/stackhpc-all-in-one.yml index f026ba19c..a1defbebd 100644 --- a/.github/workflows/stackhpc-all-in-one.yml +++ b/.github/workflows/stackhpc-all-in-one.yml @@ -396,13 +396,15 @@ jobs: KAYOBE_AUTOMATION_SSH_PRIVATE_KEY: ${{ steps.ssh_key.outputs.ssh_key }} if: inputs.upgrade + # NOTE(Alex-Welsh): configure host with selinux_state=disabled, because + # Antelope images are not built as permissive - name: Host configure run: | docker run -t --rm \ -v $(pwd):/stack/kayobe-automation-env/src/kayobe-config \ -e KAYOBE_ENVIRONMENT -e KAYOBE_VAULT_PASSWORD -e KAYOBE_AUTOMATION_SSH_PRIVATE_KEY \ $KAYOBE_IMAGE \ - /stack/kayobe-automation-env/src/kayobe-config/.automation/pipeline/overcloud-host-configure.sh + /stack/kayobe-automation-env/src/kayobe-config/.automation/pipeline/overcloud-host-configure.sh -e selinux_state=disabled env: KAYOBE_AUTOMATION_SSH_PRIVATE_KEY: ${{ steps.ssh_key.outputs.ssh_key }} if: inputs.upgrade diff --git a/etc/kayobe/environments/ci-aio/globals.yml b/etc/kayobe/environments/ci-aio/globals.yml index edd2b87df..f65cba9f1 100644 --- a/etc/kayobe/environments/ci-aio/globals.yml +++ b/etc/kayobe/environments/ci-aio/globals.yml @@ -55,11 +55,6 @@ os_release: >- {{ (lookup('pipe', '. /etc/os-release && echo $VERSION_CODENAME') | trim) if os_distribution == 'ubuntu' else (lookup('pipe', '. /etc/os-release && echo $VERSION_ID') | trim | split('.') | first) if os_distribution == 'rocky' }} -############################################################################### - -# Avoid a reboot. -selinux_state: disabled - ############################################################################### # Dummy variable to allow Ansible to accept this file. workaround_ansible_issue_8743: yes diff --git a/etc/kayobe/environments/ci-aio/inventory/group_vars/controllers/selinux b/etc/kayobe/environments/ci-aio/inventory/group_vars/controllers/selinux deleted file mode 100644 index 97bfb5bb0..000000000 --- a/etc/kayobe/environments/ci-aio/inventory/group_vars/controllers/selinux +++ /dev/null @@ -1,4 +0,0 @@ ---- -# Configure SELinux to be disabled in all cases. This is a short term fix, we -# want RL9 hosts to be be permissive but our host images need to be rebuilt. -selinux_state: "disabled" diff --git a/etc/kayobe/environments/ci-builder/globals.yml b/etc/kayobe/environments/ci-builder/globals.yml index 7efb44f44..9852cbd4d 100644 --- a/etc/kayobe/environments/ci-builder/globals.yml +++ b/etc/kayobe/environments/ci-builder/globals.yml @@ -7,9 +7,3 @@ # OS distribution name. Valid options are "rocky", "ubuntu". Default is # "rocky". os_distribution: "{{ lookup('pipe', '. /etc/os-release && echo $ID') | trim }}" - -############################################################################### -# SELinux. - -# Avoid a reboot. -selinux_state: disabled diff --git a/etc/kayobe/environments/ci-multinode/globals.yml b/etc/kayobe/environments/ci-multinode/globals.yml index 3cf02f052..9fe415ecd 100644 --- a/etc/kayobe/environments/ci-multinode/globals.yml +++ b/etc/kayobe/environments/ci-multinode/globals.yml @@ -60,11 +60,6 @@ os_release: >- stackhpc_write_barbican_role_id_to_file: true stackhpc_barbican_role_id_file_path: "/tmp/barbican-role-id" -############################################################################### - -# Avoid a reboot. -selinux_state: disabled - ############################################################################### # Dummy variable to allow Ansible to accept this file. workaround_ansible_issue_8743: yes diff --git a/etc/kayobe/overcloud-dib.yml b/etc/kayobe/overcloud-dib.yml index 3e9a3cbb8..541103f08 100644 --- a/etc/kayobe/overcloud-dib.yml +++ b/etc/kayobe/overcloud-dib.yml @@ -67,7 +67,7 @@ overcloud_dib_host_packages_extra: overcloud_dib_git_elements_extra: - repo: "https://github.com/stackhpc/stackhpc-image-elements" local: "{{ source_checkout_path }}/stackhpc-image-elements" - version: "v1.6.1" + version: "v1.6.3" elements_path: "elements" # List of git repositories containing Diskimage Builder (DIB) elements. See diff --git a/etc/kayobe/pulp-host-image-versions.yml b/etc/kayobe/pulp-host-image-versions.yml index 3b8aceb84..7e19ef2ec 100644 --- a/etc/kayobe/pulp-host-image-versions.yml +++ b/etc/kayobe/pulp-host-image-versions.yml @@ -1,5 +1,5 @@ --- # Overcloud host image versioning tags # These images must be in SMS, since they are used by our AIO CI runners -stackhpc_rocky_9_overcloud_host_image_version: "2023.1-20240126T093158" -stackhpc_ubuntu_jammy_overcloud_host_image_version: "2023.1-20240325T130221" +stackhpc_rocky_9_overcloud_host_image_version: "2024.1-20240912T145502" +stackhpc_ubuntu_jammy_overcloud_host_image_version: "2024.1-20240911T124950" diff --git a/etc/kayobe/pulp-repo-versions.yml b/etc/kayobe/pulp-repo-versions.yml index 67999a8a7..6867b40ee 100644 --- a/etc/kayobe/pulp-repo-versions.yml +++ b/etc/kayobe/pulp-repo-versions.yml @@ -5,7 +5,7 @@ stackhpc_pulp_repo_centos_stream_9_nfv_openvswitch_version: 20240829T093746 stackhpc_pulp_repo_centos_stream_9_openstack_caracal_version: 20240902T080424 stackhpc_pulp_repo_centos_stream_9_opstools_version: 20231213T031318 stackhpc_pulp_repo_centos_stream_9_storage_ceph_reef_version: 20240502T000614 -stackhpc_pulp_repo_docker_ce_ubuntu_jammy_version: 20240829T093746 +stackhpc_pulp_repo_docker_ce_ubuntu_jammy_version: 20240910T001721 stackhpc_pulp_repo_elrepo_9_version: 20240902T122220 stackhpc_pulp_repo_epel_9_version: 20240902T080424 stackhpc_pulp_repo_grafana_version: 20240902T080424 @@ -39,6 +39,6 @@ stackhpc_pulp_repo_rocky_9_4_crb_version: 20240816T002610 stackhpc_pulp_repo_rocky_9_4_extras_version: 20240816T002610 stackhpc_pulp_repo_rocky_9_4_highavailability_version: 20240816T002610 stackhpc_pulp_repo_rocky_9_sig_security_common_version: 20240718T001130 -stackhpc_pulp_repo_ubuntu_cloud_archive_version: 20240902T130724 -stackhpc_pulp_repo_ubuntu_jammy_security_version: 20240901T094519 -stackhpc_pulp_repo_ubuntu_jammy_version: 20240901T094519 +stackhpc_pulp_repo_ubuntu_cloud_archive_version: 20240911T041957 +stackhpc_pulp_repo_ubuntu_jammy_security_version: 20240911T063424 +stackhpc_pulp_repo_ubuntu_jammy_version: 20240911T063424 diff --git a/etc/kayobe/stackhpc-overcloud-dib.yml b/etc/kayobe/stackhpc-overcloud-dib.yml index 69ba5c81e..fda22fdfe 100644 --- a/etc/kayobe/stackhpc-overcloud-dib.yml +++ b/etc/kayobe/stackhpc-overcloud-dib.yml @@ -23,9 +23,8 @@ stackhpc_overcloud_dib_name: "deployment_image" stackhpc_overcloud_dib_elements: - "{{ os_distribution }}-{% if os_distribution == 'rocky' %}container-stackhpc{% else %}minimal{% endif %}" - "cloud-init-datasources" - - "{% if os_distribution == 'rocky' %}disable-selinux{% endif %}" + - "{% if os_distribution == 'rocky' %}selinux-permissive{% endif %}" - "enable-serial-console" - - "{% if kayobe_environment == 'ci-builder' %}etc-hosts{% endif %}" - "vm" - "block-device-efi" - "cloud-init" diff --git a/releasenotes/notes/host-image-rebuild-957b0a69de1044fc.yaml b/releasenotes/notes/host-image-rebuild-957b0a69de1044fc.yaml new file mode 100644 index 000000000..a8bed0df6 --- /dev/null +++ b/releasenotes/notes/host-image-rebuild-957b0a69de1044fc.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + The StackHPC overcloud host images have been rebuilt using new packages for + the Caracal release. diff --git a/releasenotes/notes/selinux-host-image-ff0fed2583cae7b0.yaml b/releasenotes/notes/selinux-host-image-ff0fed2583cae7b0.yaml new file mode 100644 index 000000000..b545668f4 --- /dev/null +++ b/releasenotes/notes/selinux-host-image-ff0fed2583cae7b0.yaml @@ -0,0 +1,5 @@ +--- +upgrade: + - | + Enables SELinux in permissive mode in the overcloud host image. This + matches the default configuration for SELinux in StackHPC Kayobe Configuration.