Build overcloud host images using packages from Ark #1436
Conversation
product-auto-label
bot
added
size: m
workflows
|
TODO: Some automation to trigger a host/IPA image build when |
There was a problem hiding this comment.
Very nice work. LGTM and will approve once stackhpc/stackhpc-image-elements#67 is finalised
|
Thinking about it, should probably add a release note |
|
Back to draft while I tweak this a bit. I think it would be nicer to have switch(es) that could be set which enables this functionality, then leave all of the config in the base environment behind that switch, and just make enabling it in an environment (either CI or customer) something like: |
There was a problem hiding this comment.
This looks good to me, @m-bull is there anything else we have to add before we merge?
jackhodgkiss
force-pushed
the
build-images-from-ark
branch
from
9afdf57 to
17931a4
Compare
jackhodgkiss
had a problem deploying
to
Leafcloud
GitHub Actions
Failure
|
/gemini review |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces the capability to build overcloud host images using packages from Ark, controlled by the stackhpc_build_overcloud_image_from_pulp_package_mirrors flag. The changes correctly enable this for the ci-builder environment, configure DIB to use the Pulp mirrors, and use an authenticating proxy to avoid leaking credentials. The refactoring to centralize the stackhpc-image-elements repository definition is a good improvement for maintainability.
My main feedback concerns potential code duplication in the new hook files, which should ideally reference a single shared playbook instead of duplicating content. I've also left a minor suggestion to improve the wording of the release note. Overall, the changes are well-structured and align with the goals outlined in the description.
...e/environments/ci-builder/hooks/overcloud-container-image-build/pre.d/10-pulp-auth-proxy.yml
Show resolved
Hide resolved
...kayobe/environments/ci-builder/hooks/overcloud-host-image-build/pre.d/10-pulp-auth-proxy.yml
Show resolved
Hide resolved
MoteHue
force-pushed
the
build-images-from-ark
branch
from
4ebc9f9 to
53d18e8
Compare
|
Before I forget, there is a trivy scanner for VM images, but it's got pretty rubbish support at the moment (and has done for a while so I don't know if it'll ever get any better). Currently only works on VMDK images, and only the streamOptimised disk type. We might be able to convert things to that, then scan them but that'd be a lot of faff. Anyways, if it gets better, we should totally scan our images as well |
|
btw, those images were not promoted, I promoted them via GitHub actions, however the checksum of (at least) R9 image here is broken |
Override package mirrors for both Ubuntu Jammy and Rocky Linux 9 overcloud images so that they are built from package snapshots defined in
pulp-repo-versions.yml.Also build IPA from the same mirrors, although this fails currently because python3.10-dev supplied by Ark in the snapshot defined in
pulp-repo-versions.ymlis too old. Updating the package snapshot to a newer version means dependencies can be solved and the image is able to be built.Use the authenticating Pulp proxy for everything that touches packages on Ark, to prevent credentials accidentally leaking into built artefacts.
Requires: stackhpc/stackhpc-image-elements#67