From 85049b1525fb47325b6b53fb7669f52c0561961e Mon Sep 17 00:00:00 2001 From: stackhpc-ci <22933334+stackhpc-ci@users.noreply.github.com> Date: Tue, 6 May 2025 00:14:19 +0000 Subject: [PATCH 01/33] Bump kolla to stackhpc/18.6.0.8 --- etc/kayobe/stackhpc.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/kayobe/stackhpc.yml b/etc/kayobe/stackhpc.yml index 132ad978f..b3fdce265 100644 --- a/etc/kayobe/stackhpc.yml +++ b/etc/kayobe/stackhpc.yml @@ -165,7 +165,7 @@ stackhpc_repo_elrepo_9_version: "{{ stackhpc_repo_distribution }}" # Kolla source repository. stackhpc_kolla_source_url: "https://github.com/stackhpc/kolla" -stackhpc_kolla_source_version: stackhpc/18.6.0.7 +stackhpc_kolla_source_version: stackhpc/18.6.0.8 # Kolla Ansible source repository. stackhpc_kolla_ansible_source_url: "https://github.com/stackhpc/kolla-ansible" From 027eea0ccb108874f95ca7d33650564928655d8e Mon Sep 17 00:00:00 2001 From: Pierre Riteau Date: Fri, 9 May 2025 08:59:00 +0200 Subject: [PATCH 02/33] Fix Neutron endpoint used in Octavia OVN provider --- etc/kayobe/kolla-image-tags.yml | 5 +++-- etc/kayobe/kolla.yml | 8 ++++++++ ...ovn-octavia-provider-bug-2049551-c95d69965733cd78.yaml | 5 +++++ 3 files changed, 16 insertions(+), 2 deletions(-) create mode 100644 releasenotes/notes/ovn-octavia-provider-bug-2049551-c95d69965733cd78.yaml diff --git a/etc/kayobe/kolla-image-tags.yml b/etc/kayobe/kolla-image-tags.yml index d849595cc..a4cd593de 100644 --- a/etc/kayobe/kolla-image-tags.yml +++ b/etc/kayobe/kolla-image-tags.yml @@ -41,8 +41,9 @@ kolla_image_tags: rocky-9: 2024.1-rocky-9-20250219T113722 ubuntu-jammy: 2024.1-ubuntu-jammy-20250219T113722 octavia: - rocky-9: 2024.1-rocky-9-20250219T113722 - ubuntu-jammy: 2024.1-ubuntu-jammy-20250219T113722 + rocky-9: 2024.1-rocky-9-20250507T153144 + ubuntu-jammy: 2024.1-ubuntu-jammy-20250507T153144 + ubuntu-noble: 2024.1-ubuntu-noble-20250507T153144 openvswitch: rocky-9: 2024.1-rocky-9-20250219T113722 ubuntu-jammy: 2024.1-ubuntu-jammy-20250219T113722 diff --git a/etc/kayobe/kolla.yml b/etc/kayobe/kolla.yml index 8654460b3..bd1b5ef3f 100644 --- a/etc/kayobe/kolla.yml +++ b/etc/kayobe/kolla.yml @@ -158,6 +158,14 @@ kolla_sources: type: git location: https://github.com/stackhpc/octavia.git reference: stackhpc/{{ openstack_release }} + octavia-api-plugin-ovn-octavia-provider: + type: git + location: https://github.com/stackhpc/ovn-octavia-provider.git + reference: stackhpc/{{ openstack_release }} + octavia-driver-agent-plugin-ovn-octavia-provider: + type: git + location: https://github.com/stackhpc/ovn-octavia-provider.git + reference: stackhpc/{{ openstack_release }} blazar-base: type: git location: https://github.com/stackhpc/blazar.git diff --git a/releasenotes/notes/ovn-octavia-provider-bug-2049551-c95d69965733cd78.yaml b/releasenotes/notes/ovn-octavia-provider-bug-2049551-c95d69965733cd78.yaml new file mode 100644 index 000000000..ec9037395 --- /dev/null +++ b/releasenotes/notes/ovn-octavia-provider-bug-2049551-c95d69965733cd78.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Updates Octavia images to fix Neutron endpoint selection in the OVN + provider. `LP#2049551 `__. From 681169d6bc0a4791831345cc44d399cdf54f3782 Mon Sep 17 00:00:00 2001 From: Alex-Welsh Date: Fri, 9 May 2025 08:31:47 +0100 Subject: [PATCH 03/33] Fix whitespace issues --- .github/workflows/runner-selector.yml | 2 +- .../environments/aufn-ceph/a-universe-from-nothing.sh | 4 ++-- etc/kayobe/environments/aufn-ceph/configure-openstack.sh | 4 ++-- .../ci-multinode/kolla/config/keepalived/keepalived.conf | 2 +- etc/kayobe/inventory/group_vars/overcloud/stackhpc-repos | 2 +- .../config/prometheus/prometheus-alertmanager.yml.example | 6 +++--- releasenotes/notes/add-caso-f36b98453be10169.yaml | 2 +- releasenotes/notes/add-rekey-playbook-0065c5057b1639f8.yaml | 2 +- .../notes/add-rocky-9-packages-43074cb3367171a5.yaml | 2 +- .../notes/add-vm-overcloud-support-92baa7c2ce87ac1d.yaml | 2 +- releasenotes/notes/bump-rocky-9-90412343a29bc45b.yaml | 2 +- .../bumps-redfish-exporter-to-v2-11032fb9dde36283.yaml | 2 +- releasenotes/notes/disable-heat-03f3ac52ac610223.yaml | 2 +- releasenotes/notes/docker-bump-dc4e85668ee69a21.yaml | 2 +- releasenotes/notes/feature-smartmon-65cacfe893f0eb47.yaml | 2 +- releasenotes/notes/fix-cephadm-facts-2ee6dc9a1c617944.yaml | 2 +- .../notes/kolla-bump-cve-2024-36039-07f18e18b5c86980.yaml | 2 +- releasenotes/notes/ubuntu-jammy-cd109d12954d7626.yaml | 2 +- .../notes/update-kayobe-automation-55fc9c5c380d819c.yaml | 2 +- tools/rabbitmq-queue-migration.sh | 2 +- 20 files changed, 24 insertions(+), 24 deletions(-) diff --git a/.github/workflows/runner-selector.yml b/.github/workflows/runner-selector.yml index 5c7907582..f825ec604 100644 --- a/.github/workflows/runner-selector.yml +++ b/.github/workflows/runner-selector.yml @@ -37,7 +37,7 @@ jobs: - name: Set output for container image build runner run: echo "Setting runner for ${{ inputs.runner_env }} -> ${{ vars.RUNS_ON_TARGET_CONTAINER_IMAGE_BUILDER }}" - + - id: container-image-build-runner run: echo "runner_name_container_image_build=${{ vars.RUNS_ON_TARGET_CONTAINER_IMAGE_BUILDER }}" >> $GITHUB_OUTPUT diff --git a/etc/kayobe/environments/aufn-ceph/a-universe-from-nothing.sh b/etc/kayobe/environments/aufn-ceph/a-universe-from-nothing.sh index f8014b146..9dbbeb990 100755 --- a/etc/kayobe/environments/aufn-ceph/a-universe-from-nothing.sh +++ b/etc/kayobe/environments/aufn-ceph/a-universe-from-nothing.sh @@ -50,7 +50,7 @@ if [[ ! -d kayobe ]]; then python3 -m venv kayobe fi # NOTE: Virtualenv's activate and deactivate scripts reference an -# unbound variable. +# unbound variable. set +u source kayobe/bin/activate set -u @@ -121,7 +121,7 @@ deactivate set -u $KAYOBE_CONFIG_PATH/environments/$KAYOBE_ENVIRONMENT/configure-openstack.sh $BASE_PATH -# Create a test vm +# Create a test vm VENV_DIR=$BASE_PATH/venvs/openstack if [[ ! -d $VENV_DIR ]]; then python3 -m venv $VENV_DIR diff --git a/etc/kayobe/environments/aufn-ceph/configure-openstack.sh b/etc/kayobe/environments/aufn-ceph/configure-openstack.sh index 1c7433e8a..3bac0a351 100755 --- a/etc/kayobe/environments/aufn-ceph/configure-openstack.sh +++ b/etc/kayobe/environments/aufn-ceph/configure-openstack.sh @@ -6,13 +6,13 @@ cd $BASE_PATH/src/ [[ -d openstack-config ]] || git clone https://github.com/stackhpc/openstack-config-multinode.git openstack-config cd openstack-config if [[ ! -d $VENV_DIR ]]; then - # Using virtualenv causes a strange bug with python3.6 where + # Using virtualenv causes a strange bug with python3.6 where # nested virtual env creation leads to envs without pip... # virtualenv $VENV_DIR python3 -m venv $VENV_DIR fi -# NOTE: Virtualenv's activate and deactivate scripts reference an unbound variable. +# NOTE: Virtualenv's activate and deactivate scripts reference an unbound variable. set +u source $VENV_DIR/bin/activate set -u diff --git a/etc/kayobe/environments/ci-multinode/kolla/config/keepalived/keepalived.conf b/etc/kayobe/environments/ci-multinode/kolla/config/keepalived/keepalived.conf index 7a18dbbcf..71b1682cb 100644 --- a/etc/kayobe/environments/ci-multinode/kolla/config/keepalived/keepalived.conf +++ b/etc/kayobe/environments/ci-multinode/kolla/config/keepalived/keepalived.conf @@ -12,7 +12,7 @@ vrrp_instance kolla_internal_vip_{{ keepalived_virtual_router_id }} { interface {{ api_interface }} virtual_router_id {{ keepalived_virtual_router_id }} priority {{ groups['loadbalancer'].index(inventory_hostname) + 1 }} - advert_int 3 # Increase advert interval from 1 to 3 as there was a lot of jumping amongst controllers on the internal network + advert_int 3 # Increase advert interval from 1 to 3 as there was a lot of jumping amongst controllers on the internal network {% if keepalived_traffic_mode == 'unicast' %} unicast_src_ip {{ api_interface_address }} {% if groups['loadbalancer'] | length > 1 %} diff --git a/etc/kayobe/inventory/group_vars/overcloud/stackhpc-repos b/etc/kayobe/inventory/group_vars/overcloud/stackhpc-repos index 442a9e068..22fa09487 100644 --- a/etc/kayobe/inventory/group_vars/overcloud/stackhpc-repos +++ b/etc/kayobe/inventory/group_vars/overcloud/stackhpc-repos @@ -1,6 +1,6 @@ --- # Only use local pulp mirrors for overcloud hosts -# to avoid situations where the seed-hypervisor +# to avoid situations where the seed-hypervisor # tries to use a local pulp repo on the seed VM # before the seed vm has been provisioned stackhpc_repos_enabled: true diff --git a/etc/kayobe/kolla/config/prometheus/prometheus-alertmanager.yml.example b/etc/kayobe/kolla/config/prometheus/prometheus-alertmanager.yml.example index 4a3501474..0548a8286 100644 --- a/etc/kayobe/kolla/config/prometheus/prometheus-alertmanager.yml.example +++ b/etc/kayobe/kolla/config/prometheus/prometheus-alertmanager.yml.example @@ -16,7 +16,7 @@ route: - severity=~"critical|alert" receiver: 'slack-critical-notifications' - + receivers: - name: 'slack-notifications' slack_configs: @@ -24,7 +24,7 @@ receivers: actions: - type: button text: 'Silence 🔕' - url: {{ '{% raw %}' }}{% raw %} '{{ template "__alert_silence_link" . }}' + url: {{ '{% raw %}' }}{% raw %} '{{ template "__alert_silence_link" . }}' {% endraw %}{{ '{% endraw %}' }} send_resolved: true http_config: @@ -35,7 +35,7 @@ receivers: actions: - type: button text: 'Silence 🔕' - url: {{ '{% raw %}' }}{% raw %} '{{ template "__alert_silence_link" . }}' + url: {{ '{% raw %}' }}{% raw %} '{{ template "__alert_silence_link" . }}' {% endraw %}{{ '{% endraw %}' }} send_resolved: true http_config: diff --git a/releasenotes/notes/add-caso-f36b98453be10169.yaml b/releasenotes/notes/add-caso-f36b98453be10169.yaml index fec9b8286..ee71bcf1f 100644 --- a/releasenotes/notes/add-caso-f36b98453be10169.yaml +++ b/releasenotes/notes/add-caso-f36b98453be10169.yaml @@ -5,4 +5,4 @@ that supports Cloud Accounting Usage Records. For more information, see the `upstream docs `__. Note that this container does not exist in upstream Kolla and is maintained - downstream by StackHPC. + downstream by StackHPC. diff --git a/releasenotes/notes/add-rekey-playbook-0065c5057b1639f8.yaml b/releasenotes/notes/add-rekey-playbook-0065c5057b1639f8.yaml index 5e75a51ad..d1edf25a4 100644 --- a/releasenotes/notes/add-rekey-playbook-0065c5057b1639f8.yaml +++ b/releasenotes/notes/add-rekey-playbook-0065c5057b1639f8.yaml @@ -1,5 +1,5 @@ --- features: - | - Added the ``rekey-hosts.yml`` playbook to automatically rotate the SSH + Added the ``rekey-hosts.yml`` playbook to automatically rotate the SSH keys on all hosts. diff --git a/releasenotes/notes/add-rocky-9-packages-43074cb3367171a5.yaml b/releasenotes/notes/add-rocky-9-packages-43074cb3367171a5.yaml index a202b9ecd..f9c6bd534 100644 --- a/releasenotes/notes/add-rocky-9-packages-43074cb3367171a5.yaml +++ b/releasenotes/notes/add-rocky-9-packages-43074cb3367171a5.yaml @@ -3,5 +3,5 @@ features: - | Add the package repository configuration required for Rocky Linux 9 support. - + Add CI for Rocky 9 hosts. diff --git a/releasenotes/notes/add-vm-overcloud-support-92baa7c2ce87ac1d.yaml b/releasenotes/notes/add-vm-overcloud-support-92baa7c2ce87ac1d.yaml index a3ebacc1f..cabf7a891 100644 --- a/releasenotes/notes/add-vm-overcloud-support-92baa7c2ce87ac1d.yaml +++ b/releasenotes/notes/add-vm-overcloud-support-92baa7c2ce87ac1d.yaml @@ -4,4 +4,4 @@ features: Adds support for using a VMs as compute and controller nodes in the ``ci-multinode`` environment by dynamically setting the MTU of the networks in networks.yml and removing the static definition of the network - interfaces for the compute and controller groups. + interfaces for the compute and controller groups. diff --git a/releasenotes/notes/bump-rocky-9-90412343a29bc45b.yaml b/releasenotes/notes/bump-rocky-9-90412343a29bc45b.yaml index 165b40751..cd8bbb59c 100644 --- a/releasenotes/notes/bump-rocky-9-90412343a29bc45b.yaml +++ b/releasenotes/notes/bump-rocky-9-90412343a29bc45b.yaml @@ -1,4 +1,4 @@ --- upgrade: - | - Bumped rocky 9 package versions due to missing snapshot + Bumped rocky 9 package versions due to missing snapshot diff --git a/releasenotes/notes/bumps-redfish-exporter-to-v2-11032fb9dde36283.yaml b/releasenotes/notes/bumps-redfish-exporter-to-v2-11032fb9dde36283.yaml index ddf1d58eb..6ef30e11a 100644 --- a/releasenotes/notes/bumps-redfish-exporter-to-v2-11032fb9dde36283.yaml +++ b/releasenotes/notes/bumps-redfish-exporter-to-v2-11032fb9dde36283.yaml @@ -10,6 +10,6 @@ features: fixes: - Fixes various issues with the redfish exporter dashboard. upgrade: - - | + - | Increases default ``os_capacity_scrape_interval`` to ``5m``. If you already customise this please move to the new ``stackhpc_os_capacity_scrape_interval`` variable. diff --git a/releasenotes/notes/disable-heat-03f3ac52ac610223.yaml b/releasenotes/notes/disable-heat-03f3ac52ac610223.yaml index b5c557161..9a5e8eda5 100644 --- a/releasenotes/notes/disable-heat-03f3ac52ac610223.yaml +++ b/releasenotes/notes/disable-heat-03f3ac52ac610223.yaml @@ -1,7 +1,7 @@ --- features: - | - The Heat OpenStack service is now disabled by default. + The Heat OpenStack service is now disabled by default. upgrade: - | The Heat service is now disabled by default. This behaviour can be diff --git a/releasenotes/notes/docker-bump-dc4e85668ee69a21.yaml b/releasenotes/notes/docker-bump-dc4e85668ee69a21.yaml index 3563d6d3a..d5c6c3e21 100644 --- a/releasenotes/notes/docker-bump-dc4e85668ee69a21.yaml +++ b/releasenotes/notes/docker-bump-dc4e85668ee69a21.yaml @@ -8,4 +8,4 @@ fixes: - | Separated out repos for Docker CE for Ubuntu Jammy/Focal. This fixes a Pulp sync issue where two "identical" repository versions existed with different - checksums. + checksums. diff --git a/releasenotes/notes/feature-smartmon-65cacfe893f0eb47.yaml b/releasenotes/notes/feature-smartmon-65cacfe893f0eb47.yaml index 94dc25978..23b9e5bc8 100644 --- a/releasenotes/notes/feature-smartmon-65cacfe893f0eb47.yaml +++ b/releasenotes/notes/feature-smartmon-65cacfe893f0eb47.yaml @@ -4,5 +4,5 @@ features: Adds drive temperatures to the table on the hardware overview dashboard and a timeseries to show the temperature over time. - | - Adds picker to hardware overview dashboard to select a specific host to + Adds picker to hardware overview dashboard to select a specific host to show drive information for. diff --git a/releasenotes/notes/fix-cephadm-facts-2ee6dc9a1c617944.yaml b/releasenotes/notes/fix-cephadm-facts-2ee6dc9a1c617944.yaml index 98f0e1779..bb0071fae 100644 --- a/releasenotes/notes/fix-cephadm-facts-2ee6dc9a1c617944.yaml +++ b/releasenotes/notes/fix-cephadm-facts-2ee6dc9a1c617944.yaml @@ -3,4 +3,4 @@ fixes: - | The Ceph version is now determined by ``os_release``, rather than Ansible facts. Using Ansible facts caused playbooks to fail when - facts are not gathered. + facts are not gathered. diff --git a/releasenotes/notes/kolla-bump-cve-2024-36039-07f18e18b5c86980.yaml b/releasenotes/notes/kolla-bump-cve-2024-36039-07f18e18b5c86980.yaml index 1877ebc62..bfddbb74d 100644 --- a/releasenotes/notes/kolla-bump-cve-2024-36039-07f18e18b5c86980.yaml +++ b/releasenotes/notes/kolla-bump-cve-2024-36039-07f18e18b5c86980.yaml @@ -3,5 +3,5 @@ security: - | Addresses critical vulnerability CVE-2024-36039 by bumping the PyMySQL library to 1.1.1 in all affected - Kolla images. This vulnerability allows SQL injection + Kolla images. This vulnerability allows SQL injection through untrusted JSON objects. diff --git a/releasenotes/notes/ubuntu-jammy-cd109d12954d7626.yaml b/releasenotes/notes/ubuntu-jammy-cd109d12954d7626.yaml index 2219bf37f..4265655c1 100644 --- a/releasenotes/notes/ubuntu-jammy-cd109d12954d7626.yaml +++ b/releasenotes/notes/ubuntu-jammy-cd109d12954d7626.yaml @@ -1,7 +1,7 @@ --- upgrade: - | - Dont pull apt packages from pulp for Ubuntu Jammy until Jammy packages + Dont pull apt packages from pulp for Ubuntu Jammy until Jammy packages are published. - | Dont pull ceph packages from ceph official repos for Ubuntu Jammy until diff --git a/releasenotes/notes/update-kayobe-automation-55fc9c5c380d819c.yaml b/releasenotes/notes/update-kayobe-automation-55fc9c5c380d819c.yaml index f8e2e32a3..f8dee5b4d 100644 --- a/releasenotes/notes/update-kayobe-automation-55fc9c5c380d819c.yaml +++ b/releasenotes/notes/update-kayobe-automation-55fc9c5c380d819c.yaml @@ -2,7 +2,7 @@ features: - | Upgrades kayobe-automation submodule to ``7676aa8``. - + Upgrades kayobe-workflows collection to ``v1.1.0``. Kayobe-automation config-diff now runs in parallel and generates both diff --git a/tools/rabbitmq-queue-migration.sh b/tools/rabbitmq-queue-migration.sh index 089b197eb..d0f802341 100755 --- a/tools/rabbitmq-queue-migration.sh +++ b/tools/rabbitmq-queue-migration.sh @@ -65,7 +65,7 @@ if [[ ! "$1" = "--skip-checks" ]]; then sleep 60 # Assert that all queues are durable if ! ( kayobe overcloud host command run -l controllers -b --command "docker exec $RABBITMQ_CONTAINER_NAME rabbitmqctl list_queues durable --silent | grep false" > /dev/null 2>&1 ); then - echo -e "${GREEN}Queues migrated successfully" + echo -e "${GREEN}Queues migrated successfully" else echo -e "${RED}Failed post-check: A controller has non-durable queues" fi From b4fe805243437282c05228cbffb3b41e492b34cd Mon Sep 17 00:00:00 2001 From: Jack Hodgkiss Date: Fri, 9 May 2025 16:43:57 +0100 Subject: [PATCH 04/33] fix: add missing `openbao` distribution --- etc/kayobe/pulp.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/etc/kayobe/pulp.yml b/etc/kayobe/pulp.yml index 4a858b948..a74a7d555 100644 --- a/etc/kayobe/pulp.yml +++ b/etc/kayobe/pulp.yml @@ -728,6 +728,14 @@ stackhpc_pulp_repository_container_repos_openbao: include_tags: "{{ overcloud_vault_docker_tag }}" required: "{{ stackhpc_sync_openbao_images | bool }}" +# List of OpenBao container image distributions. +stackhpc_pulp_distribution_container_openbao: + - name: openbao + repository: openbao/openbao + base_path: openbao/openbao + state: present + required: "{{ stackhpc_sync_openbao_images | bool }}" + # List of extra container image repositories. stackhpc_pulp_repository_container_repos_extra: [] From 9202db2a335ecfb87b2b4826e8dd155c5101d93e Mon Sep 17 00:00:00 2001 From: Jake Hutchinson <39007539+assumptionsandg@users.noreply.github.com> Date: Mon, 12 May 2025 12:05:49 +0100 Subject: [PATCH 05/33] Kolla-Ansible/Kayobe version enforcement (#1551) * Check Kayobe version playbook * Fix pipefail * Ignore linter * Include tag option * Hook for overcloud host upgrade * Check on control host upgrade * Include remaining hooks * Clarify fail message for unexpected current versions * Kolla-Ansible version check playbook * Add pip 24 precheck * Kolla-Ansible check hooks * service upgrade hook * s/latest/expected/g * Fixup Reno * Add hook for host configure * Include option to skip in config * Make linter happy * Ensure commit hash is not empty * Update links * Fix playbook lint * Apply suggestions from code review Co-authored-by: Alex-Welsh <112560678+Alex-Welsh@users.noreply.github.com> --------- Co-authored-by: Alex-Welsh <112560678+Alex-Welsh@users.noreply.github.com> --- .ansible-lint-ignore | 2 + etc/kayobe/ansible/check-kayobe-version.yml | 61 +++++++++++++++++++ .../ansible/check-kolla-ansible-version.yml | 27 ++++++++ .../pre.d/check-kayobe-version.yml | 1 + .../pre.d/check-kayobe-version.yml | 1 + .../pre.d/check-kayobe-version.yml | 1 + .../pre.d/check-kolla-ansible-version.yml | 1 + .../pre.d/check-kayobe-version.yml | 1 + .../pre.d/check-kolla-ansible-version.yml | 1 + .../pre.d/check-kayobe-version.yml | 1 + .../pre.d/check-kolla-ansible-version.yml | 1 + .../pre.d/check-kayobe-version.yml | 1 + .../pre.d/check-kolla-ansible-version.yml | 1 + .../pre.d/check-kayobe-version.yml | 1 + .../pre.d/check-kolla-ansible-version.yml | 1 + .../pre.d/check-kayobe-version.yml | 1 + .../pre.d/check-kolla-ansible-version.yml | 1 + .../pre.d/check-kayobe-version.yml | 1 + .../pre.d/check-kolla-ansible-version.yml | 1 + .../pre.d/check-kayobe-version.yml | 1 + .../pre.d/check-kolla-ansible-version.yml | 1 + .../pre.d/check-kayobe-version.yml | 1 + .../pre.d/check-kolla-ansible-version.yml | 1 + .../pre.d/check-kayobe-version.yml | 1 + .../pre.d/check-kolla-ansible-version.yml | 1 + etc/kayobe/stackhpc.yml | 8 +++ ...kayobe-version-check-f44d43c9c34d1b89.yaml | 13 ++++ 27 files changed, 133 insertions(+) create mode 100644 etc/kayobe/ansible/check-kayobe-version.yml create mode 100644 etc/kayobe/ansible/check-kolla-ansible-version.yml create mode 120000 etc/kayobe/hooks/control-host-bootstrap/pre.d/check-kayobe-version.yml create mode 120000 etc/kayobe/hooks/control-host-upgrade/pre.d/check-kayobe-version.yml create mode 120000 etc/kayobe/hooks/infra-vm-host-configure/pre.d/check-kayobe-version.yml create mode 120000 etc/kayobe/hooks/infra-vm-host-configure/pre.d/check-kolla-ansible-version.yml create mode 120000 etc/kayobe/hooks/infra-vm-service-deploy/pre.d/check-kayobe-version.yml create mode 120000 etc/kayobe/hooks/infra-vm-service-deploy/pre.d/check-kolla-ansible-version.yml create mode 120000 etc/kayobe/hooks/overcloud-host-configure/pre.d/check-kayobe-version.yml create mode 120000 etc/kayobe/hooks/overcloud-host-configure/pre.d/check-kolla-ansible-version.yml create mode 120000 etc/kayobe/hooks/overcloud-host-upgrade/pre.d/check-kayobe-version.yml create mode 120000 etc/kayobe/hooks/overcloud-host-upgrade/pre.d/check-kolla-ansible-version.yml create mode 120000 etc/kayobe/hooks/overcloud-service-deploy/pre.d/check-kayobe-version.yml create mode 120000 etc/kayobe/hooks/overcloud-service-deploy/pre.d/check-kolla-ansible-version.yml create mode 120000 etc/kayobe/hooks/overcloud-service-reconfigure/pre.d/check-kayobe-version.yml create mode 120000 etc/kayobe/hooks/overcloud-service-reconfigure/pre.d/check-kolla-ansible-version.yml create mode 120000 etc/kayobe/hooks/overcloud-service-upgrade/pre.d/check-kayobe-version.yml create mode 120000 etc/kayobe/hooks/overcloud-service-upgrade/pre.d/check-kolla-ansible-version.yml create mode 120000 etc/kayobe/hooks/seed-host-configure/pre.d/check-kayobe-version.yml create mode 120000 etc/kayobe/hooks/seed-host-configure/pre.d/check-kolla-ansible-version.yml create mode 120000 etc/kayobe/hooks/seed-hypervisor-host-configure/pre.d/check-kayobe-version.yml create mode 120000 etc/kayobe/hooks/seed-hypervisor-host-configure/pre.d/check-kolla-ansible-version.yml create mode 120000 etc/kayobe/hooks/seed-service-deploy/pre.d/check-kayobe-version.yml create mode 120000 etc/kayobe/hooks/seed-service-deploy/pre.d/check-kolla-ansible-version.yml create mode 100644 releasenotes/notes/kolla-kayobe-version-check-f44d43c9c34d1b89.yaml diff --git a/.ansible-lint-ignore b/.ansible-lint-ignore index aa444047f..4f302a2de 100644 --- a/.ansible-lint-ignore +++ b/.ansible-lint-ignore @@ -5,3 +5,5 @@ etc/kayobe/ansible/vault-generate-internal-tls.yml fqcn[action-core] etc/kayobe/ansible/vault-generate-test-external-tls.yml fqcn[action-core] etc/kayobe/ansible/rabbitmq-reset.yml command-instead-of-module etc/kayobe/ansible/ubuntu-upgrade.yml syntax-check[missing-file] +etc/kayobe/ansible/check-kayobe-version.yml command-instead-of-module +etc/kayobe/ansible/check-kolla-ansible-version.yml command-instead-of-module diff --git a/etc/kayobe/ansible/check-kayobe-version.yml b/etc/kayobe/ansible/check-kayobe-version.yml new file mode 100644 index 000000000..cc00b6aed --- /dev/null +++ b/etc/kayobe/ansible/check-kayobe-version.yml @@ -0,0 +1,61 @@ +--- +- name: Check Kayobe version + tags: kayobe-version-check + hosts: localhost + gather_facts: false + vars: + requirements_path: "{{ kayobe_config_path }}/../../requirements.txt" + tasks: + - name: Check version + when: stackhpc_enable_kayobe_check + block: + - name: Get package info + community.general.pip_package_info: + register: packages + + - name: Check if pip is version 24.0 or newer + ansible.builtin.assert: + that: "{{ packages.packages.pip.pip[0].version is version('24.0', '>=') }}" + fail_msg: | + Pip must be 24.0 or newer to run this check. Upgrade pip by running + pip install -U pip and reinstall Kayobe by running: + pip install --force-reinstall -r {{ requirements_path }} + + - name: Get installed Kayobe commit + ansible.builtin.shell: + cmd: set -o pipefail && pip freeze | grep kayobe | cut -d @ -f 3 + executable: /usr/bin/bash + register: kayobe_git_commit + failed_when: kayobe_git_commit.stdout == "" + + - name: Clone Kayobe + ansible.builtin.git: + repo: https://github.com/stackhpc/kayobe.git + dest: /tmp/kayobe-git + version: stackhpc/{{ openstack_release }} + + - name: Get tag from Kayobe commit + ansible.builtin.command: + cmd: git describe --tags {{ kayobe_git_commit.stdout }} + chdir: /tmp/kayobe-git + register: kayobe_current_version + + - name: Get latest Kayobe version + ansible.builtin.shell: + cmd: set -o pipefail && grep -o kayobe@stackhpc\/.*$ {{ requirements_path }} | cut -d @ -f 2 + executable: /usr/bin/bash + register: kayobe_latest_version + + - name: Check installed Kayobe version is the latest + ansible.builtin.assert: + that: "kayobe_latest_version.stdout in kayobe_current_version.stdout" + fail_msg: | + Kayobe must use the expected version before continuing. + + Current Kayobe version: {{ kayobe_current_version.stdout }} + Expected Kayobe version: {{ kayobe_latest_version.stdout }} + + Recreate the Kayobe environment, or install the expected version + by running: pip install --force-reinstall -r {{ requirements_path }} + success_msg: | + Kayobe running at version: {{ kayobe_current_version.stdout }} diff --git a/etc/kayobe/ansible/check-kolla-ansible-version.yml b/etc/kayobe/ansible/check-kolla-ansible-version.yml new file mode 100644 index 000000000..183a175dd --- /dev/null +++ b/etc/kayobe/ansible/check-kolla-ansible-version.yml @@ -0,0 +1,27 @@ +--- +- name: Check Kolla-Ansible version + tags: kolla-ansible-version-check + hosts: localhost + gather_facts: false + tasks: + - name: Check version + when: stackhpc_enable_kolla_ansible_check + block: + - name: Get current Kolla-Ansible tag + ansible.builtin.command: + cmd: git describe --tags + chdir: "{{ lookup('ansible.builtin.env', 'KOLLA_SOURCE_PATH') }}" + register: kolla_ansible_current_version + + - name: Check installed Kolla-Ansible version is the expected version + ansible.builtin.assert: + that: "stackhpc_kolla_ansible_source_version in kolla_ansible_current_version.stdout" + fail_msg: | + Kolla-Ansible must use the expected version before continuing. + + Current Kolla-Ansible version: {{ kolla_ansible_current_version.stdout }} + Expected Kolla-Ansible version: {{ stackhpc_kolla_ansible_source_version }} + + Upgrade Kolla-Ansible by running: kayobe control host upgrade + success_msg: | + Kolla-Ansible running at version: {{ kolla_ansible_current_version.stdout }} diff --git a/etc/kayobe/hooks/control-host-bootstrap/pre.d/check-kayobe-version.yml b/etc/kayobe/hooks/control-host-bootstrap/pre.d/check-kayobe-version.yml new file mode 120000 index 000000000..bec8ed4c6 --- /dev/null +++ b/etc/kayobe/hooks/control-host-bootstrap/pre.d/check-kayobe-version.yml @@ -0,0 +1 @@ +../../../ansible/check-kayobe-version.yml \ No newline at end of file diff --git a/etc/kayobe/hooks/control-host-upgrade/pre.d/check-kayobe-version.yml b/etc/kayobe/hooks/control-host-upgrade/pre.d/check-kayobe-version.yml new file mode 120000 index 000000000..bec8ed4c6 --- /dev/null +++ b/etc/kayobe/hooks/control-host-upgrade/pre.d/check-kayobe-version.yml @@ -0,0 +1 @@ +../../../ansible/check-kayobe-version.yml \ No newline at end of file diff --git a/etc/kayobe/hooks/infra-vm-host-configure/pre.d/check-kayobe-version.yml b/etc/kayobe/hooks/infra-vm-host-configure/pre.d/check-kayobe-version.yml new file mode 120000 index 000000000..bec8ed4c6 --- /dev/null +++ b/etc/kayobe/hooks/infra-vm-host-configure/pre.d/check-kayobe-version.yml @@ -0,0 +1 @@ +../../../ansible/check-kayobe-version.yml \ No newline at end of file diff --git a/etc/kayobe/hooks/infra-vm-host-configure/pre.d/check-kolla-ansible-version.yml b/etc/kayobe/hooks/infra-vm-host-configure/pre.d/check-kolla-ansible-version.yml new file mode 120000 index 000000000..0f7651f53 --- /dev/null +++ b/etc/kayobe/hooks/infra-vm-host-configure/pre.d/check-kolla-ansible-version.yml @@ -0,0 +1 @@ +../../../ansible/check-kolla-ansible-version.yml \ No newline at end of file diff --git a/etc/kayobe/hooks/infra-vm-service-deploy/pre.d/check-kayobe-version.yml b/etc/kayobe/hooks/infra-vm-service-deploy/pre.d/check-kayobe-version.yml new file mode 120000 index 000000000..bec8ed4c6 --- /dev/null +++ b/etc/kayobe/hooks/infra-vm-service-deploy/pre.d/check-kayobe-version.yml @@ -0,0 +1 @@ +../../../ansible/check-kayobe-version.yml \ No newline at end of file diff --git a/etc/kayobe/hooks/infra-vm-service-deploy/pre.d/check-kolla-ansible-version.yml b/etc/kayobe/hooks/infra-vm-service-deploy/pre.d/check-kolla-ansible-version.yml new file mode 120000 index 000000000..0f7651f53 --- /dev/null +++ b/etc/kayobe/hooks/infra-vm-service-deploy/pre.d/check-kolla-ansible-version.yml @@ -0,0 +1 @@ +../../../ansible/check-kolla-ansible-version.yml \ No newline at end of file diff --git a/etc/kayobe/hooks/overcloud-host-configure/pre.d/check-kayobe-version.yml b/etc/kayobe/hooks/overcloud-host-configure/pre.d/check-kayobe-version.yml new file mode 120000 index 000000000..bec8ed4c6 --- /dev/null +++ b/etc/kayobe/hooks/overcloud-host-configure/pre.d/check-kayobe-version.yml @@ -0,0 +1 @@ +../../../ansible/check-kayobe-version.yml \ No newline at end of file diff --git a/etc/kayobe/hooks/overcloud-host-configure/pre.d/check-kolla-ansible-version.yml b/etc/kayobe/hooks/overcloud-host-configure/pre.d/check-kolla-ansible-version.yml new file mode 120000 index 000000000..0f7651f53 --- /dev/null +++ b/etc/kayobe/hooks/overcloud-host-configure/pre.d/check-kolla-ansible-version.yml @@ -0,0 +1 @@ +../../../ansible/check-kolla-ansible-version.yml \ No newline at end of file diff --git a/etc/kayobe/hooks/overcloud-host-upgrade/pre.d/check-kayobe-version.yml b/etc/kayobe/hooks/overcloud-host-upgrade/pre.d/check-kayobe-version.yml new file mode 120000 index 000000000..bec8ed4c6 --- /dev/null +++ b/etc/kayobe/hooks/overcloud-host-upgrade/pre.d/check-kayobe-version.yml @@ -0,0 +1 @@ +../../../ansible/check-kayobe-version.yml \ No newline at end of file diff --git a/etc/kayobe/hooks/overcloud-host-upgrade/pre.d/check-kolla-ansible-version.yml b/etc/kayobe/hooks/overcloud-host-upgrade/pre.d/check-kolla-ansible-version.yml new file mode 120000 index 000000000..0f7651f53 --- /dev/null +++ b/etc/kayobe/hooks/overcloud-host-upgrade/pre.d/check-kolla-ansible-version.yml @@ -0,0 +1 @@ +../../../ansible/check-kolla-ansible-version.yml \ No newline at end of file diff --git a/etc/kayobe/hooks/overcloud-service-deploy/pre.d/check-kayobe-version.yml b/etc/kayobe/hooks/overcloud-service-deploy/pre.d/check-kayobe-version.yml new file mode 120000 index 000000000..bec8ed4c6 --- /dev/null +++ b/etc/kayobe/hooks/overcloud-service-deploy/pre.d/check-kayobe-version.yml @@ -0,0 +1 @@ +../../../ansible/check-kayobe-version.yml \ No newline at end of file diff --git a/etc/kayobe/hooks/overcloud-service-deploy/pre.d/check-kolla-ansible-version.yml b/etc/kayobe/hooks/overcloud-service-deploy/pre.d/check-kolla-ansible-version.yml new file mode 120000 index 000000000..0f7651f53 --- /dev/null +++ b/etc/kayobe/hooks/overcloud-service-deploy/pre.d/check-kolla-ansible-version.yml @@ -0,0 +1 @@ +../../../ansible/check-kolla-ansible-version.yml \ No newline at end of file diff --git a/etc/kayobe/hooks/overcloud-service-reconfigure/pre.d/check-kayobe-version.yml b/etc/kayobe/hooks/overcloud-service-reconfigure/pre.d/check-kayobe-version.yml new file mode 120000 index 000000000..bec8ed4c6 --- /dev/null +++ b/etc/kayobe/hooks/overcloud-service-reconfigure/pre.d/check-kayobe-version.yml @@ -0,0 +1 @@ +../../../ansible/check-kayobe-version.yml \ No newline at end of file diff --git a/etc/kayobe/hooks/overcloud-service-reconfigure/pre.d/check-kolla-ansible-version.yml b/etc/kayobe/hooks/overcloud-service-reconfigure/pre.d/check-kolla-ansible-version.yml new file mode 120000 index 000000000..0f7651f53 --- /dev/null +++ b/etc/kayobe/hooks/overcloud-service-reconfigure/pre.d/check-kolla-ansible-version.yml @@ -0,0 +1 @@ +../../../ansible/check-kolla-ansible-version.yml \ No newline at end of file diff --git a/etc/kayobe/hooks/overcloud-service-upgrade/pre.d/check-kayobe-version.yml b/etc/kayobe/hooks/overcloud-service-upgrade/pre.d/check-kayobe-version.yml new file mode 120000 index 000000000..bec8ed4c6 --- /dev/null +++ b/etc/kayobe/hooks/overcloud-service-upgrade/pre.d/check-kayobe-version.yml @@ -0,0 +1 @@ +../../../ansible/check-kayobe-version.yml \ No newline at end of file diff --git a/etc/kayobe/hooks/overcloud-service-upgrade/pre.d/check-kolla-ansible-version.yml b/etc/kayobe/hooks/overcloud-service-upgrade/pre.d/check-kolla-ansible-version.yml new file mode 120000 index 000000000..0f7651f53 --- /dev/null +++ b/etc/kayobe/hooks/overcloud-service-upgrade/pre.d/check-kolla-ansible-version.yml @@ -0,0 +1 @@ +../../../ansible/check-kolla-ansible-version.yml \ No newline at end of file diff --git a/etc/kayobe/hooks/seed-host-configure/pre.d/check-kayobe-version.yml b/etc/kayobe/hooks/seed-host-configure/pre.d/check-kayobe-version.yml new file mode 120000 index 000000000..bec8ed4c6 --- /dev/null +++ b/etc/kayobe/hooks/seed-host-configure/pre.d/check-kayobe-version.yml @@ -0,0 +1 @@ +../../../ansible/check-kayobe-version.yml \ No newline at end of file diff --git a/etc/kayobe/hooks/seed-host-configure/pre.d/check-kolla-ansible-version.yml b/etc/kayobe/hooks/seed-host-configure/pre.d/check-kolla-ansible-version.yml new file mode 120000 index 000000000..0f7651f53 --- /dev/null +++ b/etc/kayobe/hooks/seed-host-configure/pre.d/check-kolla-ansible-version.yml @@ -0,0 +1 @@ +../../../ansible/check-kolla-ansible-version.yml \ No newline at end of file diff --git a/etc/kayobe/hooks/seed-hypervisor-host-configure/pre.d/check-kayobe-version.yml b/etc/kayobe/hooks/seed-hypervisor-host-configure/pre.d/check-kayobe-version.yml new file mode 120000 index 000000000..bec8ed4c6 --- /dev/null +++ b/etc/kayobe/hooks/seed-hypervisor-host-configure/pre.d/check-kayobe-version.yml @@ -0,0 +1 @@ +../../../ansible/check-kayobe-version.yml \ No newline at end of file diff --git a/etc/kayobe/hooks/seed-hypervisor-host-configure/pre.d/check-kolla-ansible-version.yml b/etc/kayobe/hooks/seed-hypervisor-host-configure/pre.d/check-kolla-ansible-version.yml new file mode 120000 index 000000000..0f7651f53 --- /dev/null +++ b/etc/kayobe/hooks/seed-hypervisor-host-configure/pre.d/check-kolla-ansible-version.yml @@ -0,0 +1 @@ +../../../ansible/check-kolla-ansible-version.yml \ No newline at end of file diff --git a/etc/kayobe/hooks/seed-service-deploy/pre.d/check-kayobe-version.yml b/etc/kayobe/hooks/seed-service-deploy/pre.d/check-kayobe-version.yml new file mode 120000 index 000000000..bec8ed4c6 --- /dev/null +++ b/etc/kayobe/hooks/seed-service-deploy/pre.d/check-kayobe-version.yml @@ -0,0 +1 @@ +../../../ansible/check-kayobe-version.yml \ No newline at end of file diff --git a/etc/kayobe/hooks/seed-service-deploy/pre.d/check-kolla-ansible-version.yml b/etc/kayobe/hooks/seed-service-deploy/pre.d/check-kolla-ansible-version.yml new file mode 120000 index 000000000..0f7651f53 --- /dev/null +++ b/etc/kayobe/hooks/seed-service-deploy/pre.d/check-kolla-ansible-version.yml @@ -0,0 +1 @@ +../../../ansible/check-kolla-ansible-version.yml \ No newline at end of file diff --git a/etc/kayobe/stackhpc.yml b/etc/kayobe/stackhpc.yml index bf7cf2a25..0f19fb2c8 100644 --- a/etc/kayobe/stackhpc.yml +++ b/etc/kayobe/stackhpc.yml @@ -187,6 +187,14 @@ stackhpc_docker_registry_password: "{{ pulp_password }}" # Whether or not to run CIS benchmark hardening playbooks. Default is false. #stackhpc_enable_cis_benchmark_hardening_hook: +# Whether or not to check the installed Kayobe version when running Kayobe commands. +# Default is true. +stackhpc_enable_kayobe_check: true + +# Whether or not to check the installed Kolla-Ansible version when running Kayobe commands. +# Default is true. +stackhpc_enable_kolla_ansible_check: true + ############################################################################### # Octavia Amphora image diff --git a/releasenotes/notes/kolla-kayobe-version-check-f44d43c9c34d1b89.yaml b/releasenotes/notes/kolla-kayobe-version-check-f44d43c9c34d1b89.yaml new file mode 100644 index 000000000..4d1c38a91 --- /dev/null +++ b/releasenotes/notes/kolla-kayobe-version-check-f44d43c9c34d1b89.yaml @@ -0,0 +1,13 @@ +--- +features: + - | + Added playbooks to check the installed Kayobe/Kolla-Ansible versions + against the expected versions in Kayobe configuration. These checks + will run on Kayobe bootstrap, host and service operations. +upgrade: + - | + Kolla Ansible and Kayobe version checks are enabled by default which + may fail on existing deployments using custom forks or branches for + Kayobe and Kolla-Ansible. To disable version checks in configuration + set ``stackhpc_enable_kayobe_check`` and + ``stackhpc_enable_kolla_ansible_check`` to false. From 39e7e8afbfa6465ad3c052ecd85078f039ad0641 Mon Sep 17 00:00:00 2001 From: Alex-Welsh Date: Mon, 12 May 2025 14:08:09 +0100 Subject: [PATCH 06/33] CI: Remove Ubuntu OVS, add RL9 OVS upgrade cases --- .github/workflows/stackhpc-pull-request.yml | 60 ++++++++------------- 1 file changed, 22 insertions(+), 38 deletions(-) diff --git a/.github/workflows/stackhpc-pull-request.yml b/.github/workflows/stackhpc-pull-request.yml index f172e70ad..c178844c3 100644 --- a/.github/workflows/stackhpc-pull-request.yml +++ b/.github/workflows/stackhpc-pull-request.yml @@ -130,23 +130,6 @@ jobs: secrets: inherit if: ${{ ! failure() && ! cancelled() && github.repository == 'stackhpc/stackhpc-kayobe-config' }} - all-in-one-ubuntu-jammy-ovs: - name: aio (Ubuntu Jammy OVS) - needs: - - check-changes - - build-kayobe-image - uses: ./.github/workflows/stackhpc-all-in-one.yml - with: - kayobe_image: ${{ needs.build-kayobe-image.outputs.kayobe_image }} - os_distribution: ubuntu - os_release: jammy - ssh_username: ubuntu - neutron_plugin: ovs - OS_CLOUD: openstack - if: ${{ needs.check-changes.outputs.aio == 'true' }} - secrets: inherit - if: ${{ ! failure() && ! cancelled() && github.repository == 'stackhpc/stackhpc-kayobe-config' }} - all-in-one-ubuntu-jammy-ovn: name: aio (Ubuntu Jammy OVN) needs: @@ -164,23 +147,6 @@ jobs: secrets: inherit if: ${{ ! failure() && ! cancelled() && github.repository == 'stackhpc/stackhpc-kayobe-config' }} - all-in-one-ubuntu-noble-ovs: - name: aio (Ubuntu Noble OVS) - needs: - - check-changes - - build-kayobe-image - uses: ./.github/workflows/stackhpc-all-in-one.yml - with: - kayobe_image: ${{ needs.build-kayobe-image.outputs.kayobe_image }} - os_distribution: ubuntu - os_release: noble - ssh_username: ubuntu - neutron_plugin: ovs - OS_CLOUD: openstack - if: ${{ needs.check-changes.outputs.aio == 'true' }} - secrets: inherit - if: ${{ ! failure() && ! cancelled() && github.repository == 'stackhpc/stackhpc-kayobe-config' }} - all-in-one-ubuntu-noble-ovn: name: aio (Ubuntu Noble OVN) needs: @@ -232,10 +198,10 @@ jobs: secrets: inherit if: ${{ ! failure() && ! cancelled() && github.repository == 'stackhpc/stackhpc-kayobe-config' }} - # Test two upgrade scenarios: Ubuntu Jammy OVS and Rocky 9 OVN. + # Test upgrade scenarios - all-in-one-upgrade-ubuntu-jammy-ovs: - name: aio upgrade (Ubuntu Jammy OVS) + all-in-one-upgrade-ubuntu-jammy-ovn: + name: aio upgrade (Ubuntu Jammy OVN) needs: - check-changes - build-kayobe-image @@ -245,7 +211,7 @@ jobs: os_distribution: ubuntu os_release: jammy ssh_username: ubuntu - neutron_plugin: ovs + neutron_plugin: ovn OS_CLOUD: openstack if: ${{ needs.check-changes.outputs.aio == 'true' }} upgrade: true @@ -269,3 +235,21 @@ jobs: upgrade: true secrets: inherit if: ${{ ! failure() && ! cancelled() && github.repository == 'stackhpc/stackhpc-kayobe-config' }} + + all-in-one-upgrade-rocky-9-ovs: + name: aio upgrade (Rocky 9 OVS) + needs: + - check-changes + - build-kayobe-image + uses: ./.github/workflows/stackhpc-all-in-one.yml + with: + kayobe_image: ${{ needs.build-kayobe-image.outputs.kayobe_image }} + os_distribution: rocky + os_release: "9" + ssh_username: cloud-user + neutron_plugin: ovs + OS_CLOUD: openstack + if: ${{ needs.check-changes.outputs.aio == 'true' }} + upgrade: true + secrets: inherit + if: ${{ ! failure() && ! cancelled() && github.repository == 'stackhpc/stackhpc-kayobe-config' }} From d8b266fe6559adfd22527992f9ffbc2a6738ed37 Mon Sep 17 00:00:00 2001 From: Matt Crees Date: Mon, 12 May 2025 14:37:21 +0100 Subject: [PATCH 07/33] Fix duplicate metrics from radosgw_usage_exporter See release for details: https://github.com/stackhpc/radosgw_usage_exporter/releases/tag/v0.1.3 --- etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml | 2 +- ...w-usage-exporter-duplicate-metrics-ca96b3e4b9d6afe9.yaml | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/fix-radosgw-usage-exporter-duplicate-metrics-ca96b3e4b9d6afe9.yaml diff --git a/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml b/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml index c70e54194..e7c0cf254 100644 --- a/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml +++ b/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml @@ -107,7 +107,7 @@ - name: Ensure radosgw_usage_exporter container is running community.docker.docker_container: name: radosgw_usage_exporter - image: ghcr.io/stackhpc/radosgw_usage_exporter:v0.1.1 + image: ghcr.io/stackhpc/radosgw_usage_exporter:v0.1.3 network_mode: host env: RADOSGW_SERVER: "{{ radosgw_server }}" diff --git a/releasenotes/notes/fix-radosgw-usage-exporter-duplicate-metrics-ca96b3e4b9d6afe9.yaml b/releasenotes/notes/fix-radosgw-usage-exporter-duplicate-metrics-ca96b3e4b9d6afe9.yaml new file mode 100644 index 000000000..fb54ae397 --- /dev/null +++ b/releasenotes/notes/fix-radosgw-usage-exporter-duplicate-metrics-ca96b3e4b9d6afe9.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Bumps the radosgw_usage_exporter tag to fix an issue where duplicate + metrics could be presented to Prometheus if S3 store usage was particularly + high. From a6f6de6beced5a24bde9e0232ec0e8e24ce81e8a Mon Sep 17 00:00:00 2001 From: stackhpc-ci <22933334+stackhpc-ci@users.noreply.github.com> Date: Tue, 13 May 2025 00:14:30 +0000 Subject: [PATCH 08/33] Bump kolla-ansible to stackhpc/18.6.0.9 --- etc/kayobe/stackhpc.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/kayobe/stackhpc.yml b/etc/kayobe/stackhpc.yml index 0f19fb2c8..2abcded02 100644 --- a/etc/kayobe/stackhpc.yml +++ b/etc/kayobe/stackhpc.yml @@ -169,7 +169,7 @@ stackhpc_kolla_source_version: stackhpc/18.6.0.8 # Kolla Ansible source repository. stackhpc_kolla_ansible_source_url: "https://github.com/stackhpc/kolla-ansible" -stackhpc_kolla_ansible_source_version: stackhpc/18.6.0.8 +stackhpc_kolla_ansible_source_version: stackhpc/18.6.0.9 ############################################################################### # Container image registry From e530be835e3842ffffb3169e1ad298164ff56f0a Mon Sep 17 00:00:00 2001 From: stackhpc-ci <22933334+stackhpc-ci@users.noreply.github.com> Date: Tue, 13 May 2025 00:14:32 +0000 Subject: [PATCH 09/33] Bump kolla to stackhpc/18.6.0.9 --- etc/kayobe/stackhpc.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/kayobe/stackhpc.yml b/etc/kayobe/stackhpc.yml index 0f19fb2c8..d0036bf5a 100644 --- a/etc/kayobe/stackhpc.yml +++ b/etc/kayobe/stackhpc.yml @@ -165,7 +165,7 @@ stackhpc_repo_elrepo_9_version: "{{ stackhpc_repo_distribution }}" # Kolla source repository. stackhpc_kolla_source_url: "https://github.com/stackhpc/kolla" -stackhpc_kolla_source_version: stackhpc/18.6.0.8 +stackhpc_kolla_source_version: stackhpc/18.6.0.9 # Kolla Ansible source repository. stackhpc_kolla_ansible_source_url: "https://github.com/stackhpc/kolla-ansible" From 61011bf158a275271446b5362525516777433454 Mon Sep 17 00:00:00 2001 From: "max.bed4d" Date: Wed, 14 May 2025 08:36:49 +0100 Subject: [PATCH 10/33] Make SMS the default runner environment --- .github/workflows/stackhpc-all-in-one.yml | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/.github/workflows/stackhpc-all-in-one.yml b/.github/workflows/stackhpc-all-in-one.yml index 205a20924..a033621e9 100644 --- a/.github/workflows/stackhpc-all-in-one.yml +++ b/.github/workflows/stackhpc-all-in-one.yml @@ -7,11 +7,10 @@ name: All in one on: workflow_call: inputs: - runner: - required: false + runner_env: + description: Which cloud to run on? type: string - description: 'Runner name' - default: 'arc-skc-aio-runner' + default: SMS Lab kayobe_image: description: Kayobe container image type: string @@ -87,11 +86,18 @@ on: required: true jobs: + runner-selection: + uses: ./.github/workflows/runner-selector.yml + with: + runner_env: ${{ inputs.runner_env }} # NOTE: Runner needs unzip and nodejs packages. all-in-one: name: All in one if: ${{ inputs.if && !cancelled() }} - runs-on: ${{ inputs.runner }} + environment: ${{ inputs.runner_env }} + runs-on: ${{ needs.runner-selection.outputs.runner_name_aio }} + needs: + - runner-selection permissions: {} env: KAYOBE_ENVIRONMENT: ci-aio From d3628ef25ecd242619c66308b3989f9c1efdcd0f Mon Sep 17 00:00:00 2001 From: "max.bed4d" Date: Wed, 14 May 2025 09:20:43 +0100 Subject: [PATCH 11/33] Add environment variables and secrets --- .github/workflows/stackhpc-all-in-one.yml | 20 +++++--------------- 1 file changed, 5 insertions(+), 15 deletions(-) diff --git a/.github/workflows/stackhpc-all-in-one.yml b/.github/workflows/stackhpc-all-in-one.yml index a033621e9..e8b334279 100644 --- a/.github/workflows/stackhpc-all-in-one.yml +++ b/.github/workflows/stackhpc-all-in-one.yml @@ -43,14 +43,6 @@ on: description: Flavor for the all-in-one VM type: string default: en1.medium - vm_network: - description: Network for the all-in-one VM - type: string - default: stackhpc-ci - vm_subnet: - description: Subnet for the all-in-one VM - type: string - default: stackhpc-ci OS_CLOUD: description: Name of cloud in clouds.yaml type: string @@ -177,8 +169,8 @@ jobs: aio_vm_name = "${{ env.VM_NAME }}" aio_vm_image = "${{ env.VM_IMAGE }}" aio_vm_flavor = "${{ env.VM_FLAVOR }}" - aio_vm_network = "${{ env.VM_NETWORK }}" - aio_vm_subnet = "${{ env.VM_SUBNET }}" + aio_vm_network = "${{ vars.HOST_IMAGE_BUILD_NETWORK }}" + aio_vm_subnet = "${{ vars.HOST_IMAGE_BUILD_SUBNET }}" aio_vm_volume_size = "${{ env.VM_VOLUME_SIZE }}" aio_vm_tags = ${{ env.VM_TAGS }} EOF @@ -188,8 +180,6 @@ jobs: VM_NAME: "skc-ci-aio-${{ inputs.neutron_plugin }}-${{ github.run_id }}" VM_IMAGE: ${{ steps.image_name.outputs.image_name }} VM_FLAVOR: ${{ inputs.vm_flavor }} - VM_NETWORK: ${{ inputs.vm_network }} - VM_SUBNET: ${{ inputs.vm_subnet }} VM_INTERFACE: ${{ inputs.vm_interface }} VM_VOLUME_SIZE: ${{ inputs.upgrade && '65' || '50' }} VM_TAGS: '["skc-ci-aio", "PR=${{ github.event.number }}"]' @@ -198,7 +188,7 @@ jobs: run: terraform plan working-directory: ${{ github.workspace }}/terraform/aio env: - OS_CLOUD: ${{ inputs.OS_CLOUD }} + OS_CLOUD: ${{ vars.OS_CLOUD }} OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }} OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }} @@ -219,7 +209,7 @@ jobs: exit 1 working-directory: ${{ github.workspace }}/terraform/aio env: - OS_CLOUD: ${{ inputs.OS_CLOUD }} + OS_CLOUD: ${{ vars.OS_CLOUD }} OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }} OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }} @@ -523,7 +513,7 @@ jobs: run: terraform destroy -auto-approve working-directory: ${{ github.workspace }}/terraform/aio env: - OS_CLOUD: ${{ inputs.OS_CLOUD }} + OS_CLOUD: ${{ vars.OS_CLOUD }} OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }} OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }} if: always() From 90b8f101cf7438065a5abc9e167104d2afa4c621 Mon Sep 17 00:00:00 2001 From: "max.bed4d" Date: Wed, 14 May 2025 09:52:48 +0100 Subject: [PATCH 12/33] Set VM flavour based on env vars --- .github/workflows/stackhpc-all-in-one.yml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/.github/workflows/stackhpc-all-in-one.yml b/.github/workflows/stackhpc-all-in-one.yml index e8b334279..00f28eadf 100644 --- a/.github/workflows/stackhpc-all-in-one.yml +++ b/.github/workflows/stackhpc-all-in-one.yml @@ -39,10 +39,6 @@ on: description: Default network interface name type: string default: ens3 - vm_flavor: - description: Flavor for the all-in-one VM - type: string - default: en1.medium OS_CLOUD: description: Name of cloud in clouds.yaml type: string @@ -168,7 +164,7 @@ jobs: aio_vm_interface = "${{ env.VM_INTERFACE }}" aio_vm_name = "${{ env.VM_NAME }}" aio_vm_image = "${{ env.VM_IMAGE }}" - aio_vm_flavor = "${{ env.VM_FLAVOR }}" + aio_vm_flavor = "${{ vars.HOST_IMAGE_BUILD_FLAVOR }}" aio_vm_network = "${{ vars.HOST_IMAGE_BUILD_NETWORK }}" aio_vm_subnet = "${{ vars.HOST_IMAGE_BUILD_SUBNET }}" aio_vm_volume_size = "${{ env.VM_VOLUME_SIZE }}" @@ -179,7 +175,6 @@ jobs: SSH_USERNAME: "${{ inputs.ssh_username }}" VM_NAME: "skc-ci-aio-${{ inputs.neutron_plugin }}-${{ github.run_id }}" VM_IMAGE: ${{ steps.image_name.outputs.image_name }} - VM_FLAVOR: ${{ inputs.vm_flavor }} VM_INTERFACE: ${{ inputs.vm_interface }} VM_VOLUME_SIZE: ${{ inputs.upgrade && '65' || '50' }} VM_TAGS: '["skc-ci-aio", "PR=${{ github.event.number }}"]' From a812b7c756780d1c0126f294eca575d688ac23b7 Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Wed, 14 May 2025 14:30:54 +0100 Subject: [PATCH 13/33] Fix PCI passthrough default templates Even though the variable ``gpu_group_map`` has default value of {} defined at stackhpc-compute.yml, it can be set to anything by users. Therefore, Using dict2items filter with it can cause unexpected templating error. Fixing this by setting {} as a default of ``gpu_group_map`` before using dict2items filter. So even if ``gpu_group_map`` becomes undefined for some reason, it doesn't fail in run time. --- etc/kayobe/ansible/pci-passthrough.yml | 2 +- etc/kayobe/kolla/config/nova/nova-api.conf | 2 +- etc/kayobe/kolla/config/nova/nova-compute.conf | 2 +- .../notes/fix-pci-default-template-8660ab2a7a106376.yaml | 4 ++++ 4 files changed, 7 insertions(+), 3 deletions(-) create mode 100644 releasenotes/notes/fix-pci-default-template-8660ab2a7a106376.yaml diff --git a/etc/kayobe/ansible/pci-passthrough.yml b/etc/kayobe/ansible/pci-passthrough.yml index 59803ccf3..392713c35 100644 --- a/etc/kayobe/ansible/pci-passthrough.yml +++ b/etc/kayobe/ansible/pci-passthrough.yml @@ -11,7 +11,7 @@ vfio_pci_ids: |- {% set gpu_list = [] %} {% set output = [] %} - {% for gpu_group in gpu_group_map | dict2items | default([]) %} + {% for gpu_group in (gpu_group_map | default({})) | dict2items %} {% if gpu_group.key in group_names %} {% set _ = gpu_list.append(gpu_group.value) %} {% endif %} diff --git a/etc/kayobe/kolla/config/nova/nova-api.conf b/etc/kayobe/kolla/config/nova/nova-api.conf index 59e3a6102..ba96a2ddb 100644 --- a/etc/kayobe/kolla/config/nova/nova-api.conf +++ b/etc/kayobe/kolla/config/nova/nova-api.conf @@ -1,4 +1,4 @@ [pci] -{% for item in gpu_group_map | dict2items | map(attribute='value') | flatten | unique | list %} +{% for item in (gpu_group_map | default({})) | dict2items | map(attribute='value') | flatten | unique | list %} alias = { "vendor_id":"{{ stackhpc_gpu_data[item].vendor_id }}", "product_id":"{{ stackhpc_gpu_data[item].product_id }}", "device_type":"{{ stackhpc_gpu_data[item].device_type }}", "name":"{{ stackhpc_gpu_data[item].resource_name }}" } {% endfor %} diff --git a/etc/kayobe/kolla/config/nova/nova-compute.conf b/etc/kayobe/kolla/config/nova/nova-compute.conf index 5f8593dde..ed83c7101 100644 --- a/etc/kayobe/kolla/config/nova/nova-compute.conf +++ b/etc/kayobe/kolla/config/nova/nova-compute.conf @@ -1,7 +1,7 @@ [pci] {% raw %} {% set gpu_list = [] %} -{% for gpu_group in gpu_group_map | dict2items | default([]) %} +{% for gpu_group in (gpu_group_map | default({})) | dict2items %} {% if gpu_group.key in group_names %} {% set _ = gpu_list.append(gpu_group.value) %} {% endif %} diff --git a/releasenotes/notes/fix-pci-default-template-8660ab2a7a106376.yaml b/releasenotes/notes/fix-pci-default-template-8660ab2a7a106376.yaml new file mode 100644 index 000000000..affc29fd8 --- /dev/null +++ b/releasenotes/notes/fix-pci-default-template-8660ab2a7a106376.yaml @@ -0,0 +1,4 @@ +--- +fixes: + - | + Fixes possible templating error with PCI passthrough configuration. From 40240f9b0d3cc625a505ae5c10b5088a9afee6dd Mon Sep 17 00:00:00 2001 From: Alex-Welsh <112560678+Alex-Welsh@users.noreply.github.com> Date: Thu, 15 May 2025 08:47:46 +0000 Subject: [PATCH 14/33] Merge pull request #1649 from stackhpc/zed-utils CI: Replace next_nth_usable with FQCN --- .../ci-multinode/inventory/group_vars/all/vxlan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/kayobe/environments/ci-multinode/inventory/group_vars/all/vxlan.yml b/etc/kayobe/environments/ci-multinode/inventory/group_vars/all/vxlan.yml index 808c78034..fe92c42a0 100644 --- a/etc/kayobe/environments/ci-multinode/inventory/group_vars/all/vxlan.yml +++ b/etc/kayobe/environments/ci-multinode/inventory/group_vars/all/vxlan.yml @@ -15,4 +15,4 @@ vxlan_vni: # This is a dictionary of interfaces to be created by the stackhpc.vxlan role. vxlan_interfaces: - device: "vxlan{{ vxlan_vni }}" - group: "{{ '239.0.0.0/8' | next_nth_usable(vxlan_vni) }}" + group: "{{ '239.0.0.0/8' | ansible.utils.next_nth_usable(vxlan_vni) }}" From 67961f9d5061dc0c28124b01e3eea009d40ecd9a Mon Sep 17 00:00:00 2001 From: Pierre Riteau Date: Thu, 15 May 2025 16:24:44 +0200 Subject: [PATCH 15/33] CI: Avoid dependency updates in forks This workflow currently runs in any customer repository hosted on GitHub. Restrict this workflow to stackhpc like the other ones. --- .github/workflows/update-dependencies.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/update-dependencies.yml b/.github/workflows/update-dependencies.yml index dea909df5..8ae3eb9ca 100644 --- a/.github/workflows/update-dependencies.yml +++ b/.github/workflows/update-dependencies.yml @@ -14,6 +14,7 @@ on: jobs: propose_github_release_updates: + if: github.repository == 'stackhpc/stackhpc-kayobe-config' runs-on: ubuntu-22.04 strategy: matrix: From 45d731db86d9e26ded6889e7e37dcc69b2a0aa14 Mon Sep 17 00:00:00 2001 From: "max.bed4d" Date: Fri, 16 May 2025 13:55:29 +0100 Subject: [PATCH 16/33] Var to set upgrade AiOs to Leafcloud --- .github/workflows/stackhpc-all-in-one.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/stackhpc-all-in-one.yml b/.github/workflows/stackhpc-all-in-one.yml index 00f28eadf..75d191098 100644 --- a/.github/workflows/stackhpc-all-in-one.yml +++ b/.github/workflows/stackhpc-all-in-one.yml @@ -77,12 +77,12 @@ jobs: runner-selection: uses: ./.github/workflows/runner-selector.yml with: - runner_env: ${{ inputs.runner_env }} + runner_env: ${{ inputs.upgrade == true && 'Leafcloud' || inputs.runner_env }} # NOTE: Runner needs unzip and nodejs packages. all-in-one: name: All in one if: ${{ inputs.if && !cancelled() }} - environment: ${{ inputs.runner_env }} + environment: ${{ inputs.upgrade == true && 'Leafcloud' || inputs.runner_env }} runs-on: ${{ needs.runner-selection.outputs.runner_name_aio }} needs: - runner-selection From 64da1b1d47a7a3209678cd797215cc6819d75525 Mon Sep 17 00:00:00 2001 From: Jack Hodgkiss Date: Mon, 19 May 2025 16:09:29 +0100 Subject: [PATCH 17/33] fix: use `rabbitmq` length for `RabbitMQNodeDown` (#1579) The `RabbitMQNodeDown` made the assumption that all deployments involve only three RabbitMQ nodes. However, this is not always the case as we do support deployments with a single node or more than three. Before this would have caused false alerts in deployments with a single RabbitMQ node. Whilst also concealing alerts in deployments with more than three nodes. Co-authored-by: Matt Crees --- etc/kayobe/kolla/config/prometheus/rabbitmq.rules | 2 +- etc/kayobe/stackhpc-monitoring.yml | 3 +++ ...ngth-for-rabbitmq-node-down-rule-c9e9c6b09f57954d.yaml | 8 ++++++++ 3 files changed, 12 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/use-length-for-rabbitmq-node-down-rule-c9e9c6b09f57954d.yaml diff --git a/etc/kayobe/kolla/config/prometheus/rabbitmq.rules b/etc/kayobe/kolla/config/prometheus/rabbitmq.rules index d72230421..82022d72a 100644 --- a/etc/kayobe/kolla/config/prometheus/rabbitmq.rules +++ b/etc/kayobe/kolla/config/prometheus/rabbitmq.rules @@ -6,7 +6,7 @@ groups: - name: rabbitmq.rules rules: - alert: RabbitMQNodeDown - expr: sum(rabbitmq_build_info{instance!=""}) < 3 + expr: sum(rabbitmq_build_info{instance!=""}) < {% endraw %}{{ alertmanager_number_of_rabbitmq_nodes }}{% raw %} for: 30m labels: severity: critical diff --git a/etc/kayobe/stackhpc-monitoring.yml b/etc/kayobe/stackhpc-monitoring.yml index 831486d10..a2a88b503 100644 --- a/etc/kayobe/stackhpc-monitoring.yml +++ b/etc/kayobe/stackhpc-monitoring.yml @@ -26,6 +26,9 @@ alertmanager_packet_drop_threshold: 1 # packets/s averaged over 5 minutes. alertmanager_packet_errors_threshold: 1 +# Number of RabbitMQ nodes in the cluster. +alertmanager_number_of_rabbitmq_nodes: "{{ groups['controllers'] | length }}" + ############################################################################### # Exporter configuration diff --git a/releasenotes/notes/use-length-for-rabbitmq-node-down-rule-c9e9c6b09f57954d.yaml b/releasenotes/notes/use-length-for-rabbitmq-node-down-rule-c9e9c6b09f57954d.yaml new file mode 100644 index 000000000..e7b7b2f9a --- /dev/null +++ b/releasenotes/notes/use-length-for-rabbitmq-node-down-rule-c9e9c6b09f57954d.yaml @@ -0,0 +1,8 @@ +--- +features: + - | + Allow for easy customisation of the number of expected `RabbitMQ` + nodes when evaluating the alert `RabbitMQNodeDown`. It is set by + the `alertmanager_number_of_rabbitmq_nodes` which defaults to the + number of `controllers`. This is benefical for deployments that + do not use a standard three node setup. From ffbf780860e0cd8aacde607af5c39a6a870fcce1 Mon Sep 17 00:00:00 2001 From: stackhpc-ci <22933334+stackhpc-ci@users.noreply.github.com> Date: Tue, 20 May 2025 00:14:57 +0000 Subject: [PATCH 18/33] Bump kayobe to stackhpc/16.6.0.5 --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index bd1828f53..597523c22 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1,3 @@ -kayobe@git+https://github.com/stackhpc/kayobe@stackhpc/16.6.0.4 +kayobe@git+https://github.com/stackhpc/kayobe@stackhpc/16.6.0.5 ansible-modules-hashivault>=5.2.1 jmespath From 7aee438dd947edbb008335775c843d91117e1757 Mon Sep 17 00:00:00 2001 From: stackhpc-ci <22933334+stackhpc-ci@users.noreply.github.com> Date: Tue, 20 May 2025 00:14:57 +0000 Subject: [PATCH 19/33] Bump kolla-ansible to stackhpc/18.6.0.10 --- etc/kayobe/stackhpc.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/kayobe/stackhpc.yml b/etc/kayobe/stackhpc.yml index 1de67a738..8dc781455 100644 --- a/etc/kayobe/stackhpc.yml +++ b/etc/kayobe/stackhpc.yml @@ -169,7 +169,7 @@ stackhpc_kolla_source_version: stackhpc/18.6.0.9 # Kolla Ansible source repository. stackhpc_kolla_ansible_source_url: "https://github.com/stackhpc/kolla-ansible" -stackhpc_kolla_ansible_source_version: stackhpc/18.6.0.9 +stackhpc_kolla_ansible_source_version: stackhpc/18.6.0.10 ############################################################################### # Container image registry From aeba2effb38fe74950babe57adbbbedb7d7c8841 Mon Sep 17 00:00:00 2001 From: Jake Hutchinson Date: Thu, 22 May 2025 14:47:43 +0100 Subject: [PATCH 20/33] Set check_mode to false for Kayobe/Kolla-Ansible version checks --- etc/kayobe/ansible/check-kayobe-version.yml | 1 + etc/kayobe/ansible/check-kolla-ansible-version.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/etc/kayobe/ansible/check-kayobe-version.yml b/etc/kayobe/ansible/check-kayobe-version.yml index cc00b6aed..b527fc5d8 100644 --- a/etc/kayobe/ansible/check-kayobe-version.yml +++ b/etc/kayobe/ansible/check-kayobe-version.yml @@ -8,6 +8,7 @@ tasks: - name: Check version when: stackhpc_enable_kayobe_check + check_mode: false block: - name: Get package info community.general.pip_package_info: diff --git a/etc/kayobe/ansible/check-kolla-ansible-version.yml b/etc/kayobe/ansible/check-kolla-ansible-version.yml index 183a175dd..e6bfd92fd 100644 --- a/etc/kayobe/ansible/check-kolla-ansible-version.yml +++ b/etc/kayobe/ansible/check-kolla-ansible-version.yml @@ -6,6 +6,7 @@ tasks: - name: Check version when: stackhpc_enable_kolla_ansible_check + check_mode: false block: - name: Get current Kolla-Ansible tag ansible.builtin.command: From 902e393246b3d653dd761626e9cd0ba6a7c5f0fb Mon Sep 17 00:00:00 2001 From: Alex-Welsh Date: Thu, 22 May 2025 15:35:14 +0100 Subject: [PATCH 21/33] Bump magnum-capi-helm --- etc/kayobe/kolla-image-tags.yml | 5 +++-- etc/kayobe/kolla.yml | 2 +- releasenotes/notes/capi-bump-78cd6f89a0eff0d7.yaml | 7 +++++++ 3 files changed, 11 insertions(+), 3 deletions(-) create mode 100644 releasenotes/notes/capi-bump-78cd6f89a0eff0d7.yaml diff --git a/etc/kayobe/kolla-image-tags.yml b/etc/kayobe/kolla-image-tags.yml index a4cd593de..96cdb449f 100644 --- a/etc/kayobe/kolla-image-tags.yml +++ b/etc/kayobe/kolla-image-tags.yml @@ -29,8 +29,9 @@ kolla_image_tags: rocky-9: 2024.1-rocky-9-20250219T113722 ubuntu-jammy: 2024.1-ubuntu-jammy-20250219T113722 magnum: - rocky-9: 2024.1-rocky-9-20250102T094625 - ubuntu-jammy: 2024.1-ubuntu-jammy-20250102T094625 + rocky-9: 2024.1-rocky-9-20250522T143506 + ubuntu-jammy: 2024.1-ubuntu-jammy-20250522T143506 + ubuntu-noble: 2024.1-ubuntu-noble-20250522T143506 manila: rocky-9: 2024.1-rocky-9-20250219T113722 ubuntu-jammy: 2024.1-ubuntu-jammy-20250219T113722 diff --git a/etc/kayobe/kolla.yml b/etc/kayobe/kolla.yml index bd1b5ef3f..5eb6740dc 100644 --- a/etc/kayobe/kolla.yml +++ b/etc/kayobe/kolla.yml @@ -403,7 +403,7 @@ kolla_build_customizations_common: - /additions/* magnum_base_pip_packages_override: - /magnum[osprofiler] - - magnum-capi-helm==1.2.0 + - magnum-capi-helm==1.2.1 neutron_server_packages_append: - python3-libvirt - python3-ethtool diff --git a/releasenotes/notes/capi-bump-78cd6f89a0eff0d7.yaml b/releasenotes/notes/capi-bump-78cd6f89a0eff0d7.yaml new file mode 100644 index 000000000..5a4aae413 --- /dev/null +++ b/releasenotes/notes/capi-bump-78cd6f89a0eff0d7.yaml @@ -0,0 +1,7 @@ +--- +fixes: + - | + Updated the version of magnum-capi-helm used in Magnum containers. This + resolves an issue stopping non-default node groups from being deleted. See + `#2095539 `__ for more + details. From cc10a8b24ba1e9376d8affd0d1e495cb18be8157 Mon Sep 17 00:00:00 2001 From: Pierre Riteau Date: Mon, 26 May 2025 09:56:15 +0200 Subject: [PATCH 22/33] Bump Ceph Reef container image to v18.2.7 --- etc/kayobe/cephadm.yml | 2 +- releasenotes/notes/ceph-reef-18.2.7-9d8d3ad3a1ea517b.yaml | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/ceph-reef-18.2.7-9d8d3ad3a1ea517b.yaml diff --git a/etc/kayobe/cephadm.yml b/etc/kayobe/cephadm.yml index c9e0990ee..fa633ab47 100644 --- a/etc/kayobe/cephadm.yml +++ b/etc/kayobe/cephadm.yml @@ -12,7 +12,7 @@ cephadm_ceph_release: "{{ 'squid' if os_release == 'noble' else 'reef' }}" cephadm_image: "{{ stackhpc_docker_registry if stackhpc_sync_ceph_images | bool else 'quay.io' }}/ceph/ceph:{{ cephadm_image_tag }}" # Ceph container image tag. -cephadm_image_tag: "{{ 'v19.2.1' if cephadm_ceph_release == 'squid' else 'v18.2.4' }}" +cephadm_image_tag: "{{ 'v19.2.1' if cephadm_ceph_release == 'squid' else 'v18.2.7' }}" # Ceph custom repo workaround for Ubuntu as there are no official ceph repos for Ubuntu Jammy and Noble. cephadm_custom_repos: "{{ ansible_facts['distribution'] == 'Ubuntu' }}" diff --git a/releasenotes/notes/ceph-reef-18.2.7-9d8d3ad3a1ea517b.yaml b/releasenotes/notes/ceph-reef-18.2.7-9d8d3ad3a1ea517b.yaml new file mode 100644 index 000000000..8f7efe343 --- /dev/null +++ b/releasenotes/notes/ceph-reef-18.2.7-9d8d3ad3a1ea517b.yaml @@ -0,0 +1,4 @@ +--- +upgrade: + - | + Bumps the default Ceph Reef container image to ``v18.2.7``. From 03452e76fadc9654408b0d992c7f214fb9c5f221 Mon Sep 17 00:00:00 2001 From: Bartosz Bezak Date: Thu, 29 May 2025 09:28:47 +0200 Subject: [PATCH 23/33] bump ovs/ovn in RL9 in caracal multiple bug fixes for ovs [1] and ovn [2] - especially ct_state.dnat handling in OVN [1] https://git.centos.org/rpms/openvswitch/blob/c9s-sig-nfv-openvswitch-3.3/f/SPECS/openvswitch3.3.spec#_1020 [2] https://git.centos.org/rpms/ovn/blob/c9s-sig-nfv-ovn24.03/f/SPECS/ovn24.03.spec#_535 Kolla Toolbox, Manila, Neutron, Nova, and Octavia containers received updates on both Rocky Linux 9 and Ubuntu. Only the Rocky Linux 9 images include the new OVS versions. --- etc/kayobe/kolla-image-tags.yml | 36 +++++++++++-------- etc/kayobe/pulp-repo-versions.yml | 2 +- ...vs-ovn-rocky9-2024.1-eb5a42d9f890d3cd.yaml | 11 ++++++ 3 files changed, 33 insertions(+), 16 deletions(-) create mode 100644 releasenotes/notes/bump-ovs-ovn-rocky9-2024.1-eb5a42d9f890d3cd.yaml diff --git a/etc/kayobe/kolla-image-tags.yml b/etc/kayobe/kolla-image-tags.yml index a4cd593de..81676ecb3 100644 --- a/etc/kayobe/kolla-image-tags.yml +++ b/etc/kayobe/kolla-image-tags.yml @@ -26,30 +26,36 @@ kolla_image_tags: rocky-9: 2024.1-rocky-9-20250124T081816 ubuntu-jammy: 2024.1-ubuntu-jammy-20250124T081816 kolla_toolbox: - rocky-9: 2024.1-rocky-9-20250219T113722 - ubuntu-jammy: 2024.1-ubuntu-jammy-20250219T113722 + rocky-9: 2024.1-rocky-9-20250529T081147 + ubuntu-jammy: 2024.1-ubuntu-jammy-20250529T081147 + ubuntu-noble: 2024.1-ubuntu-noble-20250529T081147 magnum: rocky-9: 2024.1-rocky-9-20250102T094625 ubuntu-jammy: 2024.1-ubuntu-jammy-20250102T094625 manila: - rocky-9: 2024.1-rocky-9-20250219T113722 - ubuntu-jammy: 2024.1-ubuntu-jammy-20250219T113722 + rocky-9: 2024.1-rocky-9-20250529T081147 + ubuntu-jammy: 2024.1-ubuntu-jammy-20250529T081147 + ubuntu-noble: 2024.1-ubuntu-noble-20250529T081147 neutron: - rocky-9: 2024.1-rocky-9-20250219T113722 - ubuntu-jammy: 2024.1-ubuntu-jammy-20250219T113722 + rocky-9: 2024.1-rocky-9-20250529T081147 + ubuntu-jammy: 2024.1-ubuntu-jammy-20250529T081147 + ubuntu-noble: 2024.1-ubuntu-noble-20250529T081147 nova: - rocky-9: 2024.1-rocky-9-20250219T113722 - ubuntu-jammy: 2024.1-ubuntu-jammy-20250219T113722 + rocky-9: 2024.1-rocky-9-20250529T081147 + ubuntu-jammy: 2024.1-ubuntu-jammy-20250529T081147 + ubuntu-noble: 2024.1-ubuntu-noble-20250529T081147 octavia: - rocky-9: 2024.1-rocky-9-20250507T153144 - ubuntu-jammy: 2024.1-ubuntu-jammy-20250507T153144 - ubuntu-noble: 2024.1-ubuntu-noble-20250507T153144 + rocky-9: 2024.1-rocky-9-20250529T081147 + ubuntu-jammy: 2024.1-ubuntu-jammy-20250529T081147 + ubuntu-noble: 2024.1-ubuntu-noble-20250529T081147 openvswitch: - rocky-9: 2024.1-rocky-9-20250219T113722 - ubuntu-jammy: 2024.1-ubuntu-jammy-20250219T113722 + rocky-9: 2024.1-rocky-9-20250529T081147 + ubuntu-jammy: 2024.1-ubuntu-jammy-20250529T081147 + ubuntu-noble: 2024.1-ubuntu-noble-20250529T081147 ovn: - rocky-9: 2024.1-rocky-9-20250219T113722 - ubuntu-jammy: 2024.1-ubuntu-jammy-20250219T113722 + rocky-9: 2024.1-rocky-9-20250529T081147 + ubuntu-jammy: 2024.1-ubuntu-jammy-20250529T081147 + ubuntu-noble: 2024.1-ubuntu-noble-20250529T081147 prometheus_alertmanager: rocky-9: 2024.1-rocky-9-20250422T103147 ubuntu-jammy: 2024.1-ubuntu-jammy-20250422T103147 diff --git a/etc/kayobe/pulp-repo-versions.yml b/etc/kayobe/pulp-repo-versions.yml index 2c22d0b32..e2636862b 100644 --- a/etc/kayobe/pulp-repo-versions.yml +++ b/etc/kayobe/pulp-repo-versions.yml @@ -2,7 +2,7 @@ # This file is autogenerated by Ansible using the following workflow: # https://github.com/stackhpc/stackhpc-release-train/actions/workflows/package-update-kayobe.yml stackhpc_pulp_repo_centos_stream_9_docker_version: 20241210T000909 -stackhpc_pulp_repo_centos_stream_9_nfv_openvswitch_version: 20250217T103110 +stackhpc_pulp_repo_centos_stream_9_nfv_openvswitch_version: 20250528T022338 stackhpc_pulp_repo_centos_stream_9_openstack_caracal_version: 20241212T022636 stackhpc_pulp_repo_centos_stream_9_opstools_version: 20231213T031318 stackhpc_pulp_repo_centos_stream_9_storage_ceph_reef_version: 20240923T233036 diff --git a/releasenotes/notes/bump-ovs-ovn-rocky9-2024.1-eb5a42d9f890d3cd.yaml b/releasenotes/notes/bump-ovs-ovn-rocky9-2024.1-eb5a42d9f890d3cd.yaml new file mode 100644 index 000000000..1aac67bd8 --- /dev/null +++ b/releasenotes/notes/bump-ovs-ovn-rocky9-2024.1-eb5a42d9f890d3cd.yaml @@ -0,0 +1,11 @@ +--- +features: + - | + Updated OpenvSwitch to 3.3.4-115 and OVN to 24.03.5-88 for Rocky Linux 9 + in Caracal. For details, see the following changelogs: + * `[OVS changelog](https://git.centos.org/rpms/openvswitch/blob/c9s-sig-nfv-openvswitch-3.3/f/SPECS/openvswitch3.3.spec#_806)`_ + * `[OVN changelog](https://git.centos.org/rpms/ovn/blob/c9s-sig-nfv-ovn24.03/f/SPECS/ovn24.03.spec#_535)`_ + - | + Kolla Toolbox, Manila, Neutron, Nova, and Octavia containers received + updates on both Rocky Linux 9 and Ubuntu. Only the Rocky Linux 9 images + include the new OVS versions. From ed21759bea84a0123b44b0fa757913b73da8b0ea Mon Sep 17 00:00:00 2001 From: Alex-Welsh Date: Fri, 30 May 2025 09:32:05 +0100 Subject: [PATCH 24/33] Fix release note link format --- .../notes/bump-ovs-ovn-rocky9-2024.1-eb5a42d9f890d3cd.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/releasenotes/notes/bump-ovs-ovn-rocky9-2024.1-eb5a42d9f890d3cd.yaml b/releasenotes/notes/bump-ovs-ovn-rocky9-2024.1-eb5a42d9f890d3cd.yaml index 1aac67bd8..0268db52b 100644 --- a/releasenotes/notes/bump-ovs-ovn-rocky9-2024.1-eb5a42d9f890d3cd.yaml +++ b/releasenotes/notes/bump-ovs-ovn-rocky9-2024.1-eb5a42d9f890d3cd.yaml @@ -3,8 +3,10 @@ features: - | Updated OpenvSwitch to 3.3.4-115 and OVN to 24.03.5-88 for Rocky Linux 9 in Caracal. For details, see the following changelogs: - * `[OVS changelog](https://git.centos.org/rpms/openvswitch/blob/c9s-sig-nfv-openvswitch-3.3/f/SPECS/openvswitch3.3.spec#_806)`_ - * `[OVN changelog](https://git.centos.org/rpms/ovn/blob/c9s-sig-nfv-ovn24.03/f/SPECS/ovn24.03.spec#_535)`_ + + * `OVS changelog `__ + * `OVN changelog `__ + - | Kolla Toolbox, Manila, Neutron, Nova, and Octavia containers received updates on both Rocky Linux 9 and Ubuntu. Only the Rocky Linux 9 images From 700704cdce2751b4a5d42e22f816db1e42f6549f Mon Sep 17 00:00:00 2001 From: Jack Hodgkiss Date: Fri, 30 May 2025 15:43:17 +0100 Subject: [PATCH 25/33] fix: do not attempt to install `python3-venv` on non `Ubuntu` systems --- etc/kayobe/ansible/smartmon-tools.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/etc/kayobe/ansible/smartmon-tools.yml b/etc/kayobe/ansible/smartmon-tools.yml index 351ce0325..c6fa35acc 100644 --- a/etc/kayobe/ansible/smartmon-tools.yml +++ b/etc/kayobe/ansible/smartmon-tools.yml @@ -15,10 +15,8 @@ - name: Ensure Python 3, venv, and pip are installed ansible.builtin.package: - name: - - python3 - - python3-venv - - python3-pip + name: > + {{ ['python3', 'python3-pip'] + (['python3-venv'] if ansible_facts['distribution'] == 'Ubuntu' else []) }} state: present become: true From d6a8981737168584280fd381454ef3c6499483e5 Mon Sep 17 00:00:00 2001 From: Piotr Parczewski Date: Wed, 19 Feb 2025 15:49:49 +0100 Subject: [PATCH 26/33] Prometheus: Remove build overrides Co-authored-by: Bartosz Bezak --- etc/kayobe/kolla/kolla-build.conf | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/etc/kayobe/kolla/kolla-build.conf b/etc/kayobe/kolla/kolla-build.conf index 1c2165c8b..95562f5c0 100644 --- a/etc/kayobe/kolla/kolla-build.conf +++ b/etc/kayobe/kolla/kolla-build.conf @@ -16,15 +16,3 @@ build_args = {{ (kolla_build_args | default({})).items() | map('join', ':') | jo type = git location = https://github.com/stackhpc/requirements reference = stackhpc/{{ openstack_release }} - -[prometheus-v2-server] -version = 2.54.1 -sha256 = amd64:31715ef65e8a898d0f97c8c08c03b6b9afe485ac84e1698bcfec90fc6e62924f,arm64:3d9946ca730f2679bbd63e9d40e559a0ba227a638d237e723af1a99bd7098263 - -[prometheus-blackbox-exporter] -version = 0.25.0 -sha256 = amd64:c651ced6405c5e0cd292a400f47ae9b34f431f16c7bb098afbcd38f710144640,arm64:46ec5a54a41dc1ea8a8cecee637e117de4807d3b0976482a16596e82e79ac484 - -[prometheus-memcached-exporter] -version = 0.14.4 -sha256 = amd64:e61b9f15959218a38c49b9ba919fca0a3e36e7edf9c607aabcf1ccbbd3b8cc59,arm64:9a28b57bd217e80acd1cdc86cef97e32058f3b2cce75f79baa13b42a27b7291a From 84ad0cba7a0bb76a908a4bce3ab60b4e60892e89 Mon Sep 17 00:00:00 2001 From: Piotr Parczewski Date: Mon, 3 Feb 2025 10:00:53 +0100 Subject: [PATCH 27/33] Bump up Prometheus image tag --- etc/kayobe/kolla-image-tags.yml | 3 +++ releasenotes/notes/update-prometheus-3519aa260d5f24ef.yaml | 4 ++++ 2 files changed, 7 insertions(+) create mode 100644 releasenotes/notes/update-prometheus-3519aa260d5f24ef.yaml diff --git a/etc/kayobe/kolla-image-tags.yml b/etc/kayobe/kolla-image-tags.yml index e88e76837..a8f103562 100644 --- a/etc/kayobe/kolla-image-tags.yml +++ b/etc/kayobe/kolla-image-tags.yml @@ -57,6 +57,9 @@ kolla_image_tags: rocky-9: 2024.1-rocky-9-20250529T081147 ubuntu-jammy: 2024.1-ubuntu-jammy-20250529T081147 ubuntu-noble: 2024.1-ubuntu-noble-20250529T081147 + prometheus: + rocky-9: 2024.1-rocky-9-20250219T145255 + ubuntu-jammy: 2024.1-ubuntu-jammy-20250219T145255 prometheus_alertmanager: rocky-9: 2024.1-rocky-9-20250422T103147 ubuntu-jammy: 2024.1-ubuntu-jammy-20250422T103147 diff --git a/releasenotes/notes/update-prometheus-3519aa260d5f24ef.yaml b/releasenotes/notes/update-prometheus-3519aa260d5f24ef.yaml new file mode 100644 index 000000000..db9c0159d --- /dev/null +++ b/releasenotes/notes/update-prometheus-3519aa260d5f24ef.yaml @@ -0,0 +1,4 @@ +--- +features: + - | + Updates Prometheus to version 2.55.1. From bb093cab05c80621838b7a05ff4412dfe5a078e8 Mon Sep 17 00:00:00 2001 From: Pierre Riteau Date: Tue, 3 Jun 2025 11:17:17 +0100 Subject: [PATCH 28/33] CI: Add upstream-sync workflow We tried adding upstream-sync using stackhpc-release-train [1], but the workflow addition is skipped because our default branch is a StackHPC release branch [2]. Add workflow manually to synchronise releases that still exist upstream. [1] https://github.com/stackhpc/stackhpc-release-train/pull/410 [2] https://github.com/stackhpc/stackhpc-release-train/commit/49c06d14375a90a61af7d4a4cb765111c1e6b7b3 --- .github/workflows/upstream-sync.yml | 34 +++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 .github/workflows/upstream-sync.yml diff --git a/.github/workflows/upstream-sync.yml b/.github/workflows/upstream-sync.yml new file mode 100644 index 000000000..35eaea448 --- /dev/null +++ b/.github/workflows/upstream-sync.yml @@ -0,0 +1,34 @@ +--- +name: Upstream Sync +'on': + schedule: + - cron: "15 8 * * 1" + workflow_dispatch: +permissions: + contents: write + pull-requests: write +jobs: + synchronise-2023-1: + if: github.repository == 'stackhpc/stackhpc-kayobe-config' + name: Synchronise 2023.1 + uses: stackhpc/.github/.github/workflows/upstream-sync.yml@main + with: + release_series: 2023.1 + synchronise-2024-1: + if: github.repository == 'stackhpc/stackhpc-kayobe-config' + name: Synchronise 2024.1 + uses: stackhpc/.github/.github/workflows/upstream-sync.yml@main + with: + release_series: 2024.1 + synchronise-2025.1: + if: github.repository == 'stackhpc/stackhpc-kayobe-config' + name: Synchronise 2025.1 + uses: stackhpc/.github/.github/workflows/upstream-sync.yml@main + with: + release_series: 2025.1 + synchronise-master: + if: github.repository == 'stackhpc/stackhpc-kayobe-config' + name: Synchronise master + uses: stackhpc/.github/.github/workflows/upstream-sync.yml@main + with: + release_series: master From 5ae9d02e77def1eb4357c19a50327d35afa69e5a Mon Sep 17 00:00:00 2001 From: Pierre Riteau Date: Tue, 3 Jun 2025 12:03:33 +0100 Subject: [PATCH 29/33] CI: Fix workflow syntax error --- .github/workflows/upstream-sync.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/upstream-sync.yml b/.github/workflows/upstream-sync.yml index 35eaea448..3f6449a3a 100644 --- a/.github/workflows/upstream-sync.yml +++ b/.github/workflows/upstream-sync.yml @@ -20,7 +20,7 @@ jobs: uses: stackhpc/.github/.github/workflows/upstream-sync.yml@main with: release_series: 2024.1 - synchronise-2025.1: + synchronise-2025-1: if: github.repository == 'stackhpc/stackhpc-kayobe-config' name: Synchronise 2025.1 uses: stackhpc/.github/.github/workflows/upstream-sync.yml@main From 712030c83ade8487cb555ad7f79cca871fe45bb5 Mon Sep 17 00:00:00 2001 From: Matt Anson Date: Tue, 3 Jun 2025 12:33:56 +0100 Subject: [PATCH 30/33] Add an option to append content to Ceph configs Adds the ``kolla_ceph_conf_append`` config option to allow the specification of a string to append to all Ceph config files retrieved using the ``cephadm-gather-keys.yml`` playbook. --- etc/kayobe/ansible/cephadm-gather-keys.yml | 1 + etc/kayobe/cephadm.yml | 3 +++ releasenotes/notes/ceph-config-append-1cc6146d3241b63e.yaml | 6 ++++++ 3 files changed, 10 insertions(+) create mode 100644 releasenotes/notes/ceph-config-append-1cc6146d3241b63e.yaml diff --git a/etc/kayobe/ansible/cephadm-gather-keys.yml b/etc/kayobe/ansible/cephadm-gather-keys.yml index e4b8da206..1b36f8bdd 100644 --- a/etc/kayobe/ansible/cephadm-gather-keys.yml +++ b/etc/kayobe/ansible/cephadm-gather-keys.yml @@ -68,6 +68,7 @@ # Kolla Ansible's merge_configs module does not like the leading tabs in ceph.conf. content: | {{ cephadm_ceph_conf.stdout | regex_replace('\t') }} + {{ kolla_ceph_conf_append if kolla_ceph_conf_append is defined }} dest: "{{ kayobe_env_config_path }}/kolla/config/{{ kolla_service_to_conf_dir[item.0.name] }}/ceph.conf" loop: "{{ query('subelements', kolla_ceph_services | selectattr('required'), 'keys') }}" loop_control: diff --git a/etc/kayobe/cephadm.yml b/etc/kayobe/cephadm.yml index fa633ab47..0da68b8e2 100644 --- a/etc/kayobe/cephadm.yml +++ b/etc/kayobe/cephadm.yml @@ -136,3 +136,6 @@ kolla_ceph_manila_required: "{{ kolla_enable_manila | bool }}" # Whether to generate Ceph configuration for Nova. kolla_ceph_nova_required: "{{ kolla_enable_nova | bool }}" + +# A (multiline) string to append to all Ceph configuration files. +#kolla_ceph_conf_append: diff --git a/releasenotes/notes/ceph-config-append-1cc6146d3241b63e.yaml b/releasenotes/notes/ceph-config-append-1cc6146d3241b63e.yaml new file mode 100644 index 000000000..1d0e534d4 --- /dev/null +++ b/releasenotes/notes/ceph-config-append-1cc6146d3241b63e.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + Add ``kolla_ceph_conf_append`` configuration option to specify a string + to be appended to all ceph.conf files gathered from a ceph cluster using + ``kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/cephadm-gather-keys.yml``. From b2bb217359c288028f87236e68b0c8808cdcea9a Mon Sep 17 00:00:00 2001 From: Pierre Riteau Date: Wed, 4 Jun 2025 07:36:51 +0100 Subject: [PATCH 31/33] CI: Configure upstream repository to use for sync This requires https://github.com/stackhpc/.github/pull/55 to merge. --- .github/workflows/upstream-sync.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/upstream-sync.yml b/.github/workflows/upstream-sync.yml index 3f6449a3a..92e5c1f54 100644 --- a/.github/workflows/upstream-sync.yml +++ b/.github/workflows/upstream-sync.yml @@ -14,21 +14,25 @@ jobs: uses: stackhpc/.github/.github/workflows/upstream-sync.yml@main with: release_series: 2023.1 + upstream: openstack/kayobe-config synchronise-2024-1: if: github.repository == 'stackhpc/stackhpc-kayobe-config' name: Synchronise 2024.1 uses: stackhpc/.github/.github/workflows/upstream-sync.yml@main with: release_series: 2024.1 + upstream: openstack/kayobe-config synchronise-2025-1: if: github.repository == 'stackhpc/stackhpc-kayobe-config' name: Synchronise 2025.1 uses: stackhpc/.github/.github/workflows/upstream-sync.yml@main with: release_series: 2025.1 + upstream: openstack/kayobe-config synchronise-master: if: github.repository == 'stackhpc/stackhpc-kayobe-config' name: Synchronise master uses: stackhpc/.github/.github/workflows/upstream-sync.yml@main with: release_series: master + upstream: openstack/kayobe-config From 47d7ccda88c01823972994ac52dc8db5fd23d2a1 Mon Sep 17 00:00:00 2001 From: Pierre Riteau Date: Thu, 5 Jun 2025 12:40:42 +0100 Subject: [PATCH 32/33] docs: fix link to IPA upstream documentation --- doc/source/configuration/ipa.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/source/configuration/ipa.rst b/doc/source/configuration/ipa.rst index c55b91040..5ff239030 100644 --- a/doc/source/configuration/ipa.rst +++ b/doc/source/configuration/ipa.rst @@ -11,7 +11,7 @@ StackHPC provides prebuilt Ironic Python Agent (IPA) images in Release Train through Ark. These images are built in CI using a GitHub workflow and are configured in this -repository. See :kayobe-doc: `Kayobe documentation +repository. See :kayobe-doc:`Kayobe documentation ` for more details on IPA. Release Train IPA images are used by Bifrost and Overcloud Ironic by default in From 88786d6d511c2268f4b3ad7314da11cf4d55291c Mon Sep 17 00:00:00 2001 From: Jack Hodgkiss Date: Thu, 5 Jun 2025 11:06:23 +0100 Subject: [PATCH 33/33] feat: add `stack` user for `Pulp` The `stack` user is intended to be used for accessing `Pulp` from the `overcloud` hosts rather than using the `admin` user. --- doc/source/configuration/release-train.rst | 33 +++++++++++++------ etc/kayobe/containers/pulp/post.yml | 12 +++++++ etc/kayobe/pulp.yml | 4 +++ etc/kayobe/stackhpc.yml | 4 +-- ...-stack-user-for-pulp-c96041e82c13aa10.yaml | 6 ++++ 5 files changed, 47 insertions(+), 12 deletions(-) create mode 100644 releasenotes/notes/add-stack-user-for-pulp-c96041e82c13aa10.yaml diff --git a/doc/source/configuration/release-train.rst b/doc/source/configuration/release-train.rst index 5ed9b50c7..ad489f502 100644 --- a/doc/source/configuration/release-train.rst +++ b/doc/source/configuration/release-train.rst @@ -52,16 +52,29 @@ The Pulp container is deployed on the seed by default, but may be disabled by setting ``seed_pulp_container_enabled`` to ``false`` in ``etc/kayobe/seed.yml``. -The URL and credentials of the local Pulp server are configured in -``etc/kayobe/pulp.yml`` via ``pulp_url``, ``pulp_username`` and -``pulp_password``. In most cases, the default values should be sufficient. -An admin password must be generated and set as the value of a -``secrets_pulp_password`` variable, typically in an Ansible Vault encrypted -``etc/kayobe/secrets.yml`` file. This password will be automatically set on -Pulp startup. - -If a proxy is required to access the Internet from the seed, ``pulp_proxy_url`` -may be used. +The URL for the local Pulp server is configured by ``pulp_url`` within +``etc/kayobe/pulp.yml``. + +The Pulp service can be configured with two sets of credentials; one for +administrator operations and another read-only for overcloud hosts +to use. +The administrator credentials can be configured ``pulp_username``, +``pulp_password`` +The basic user account credentials can be configured with ``pulp_stack_username`` +and ``pulp_stack_password``. +Both sets of credentials can be found within ``etc/kayobe/pulp.yml``. + +Both the ``pulp_password`` and ``pulp_stack_password`` are intended to be +configured via their ``secrets_*`` counterparts, i.e. +``secrets_pulp_password`` and ``secrets_pulp_stack_password``. These variables +are expected to be set in an Ansible Vault encrypted +``etc/kayobe/secrets.yml`` file. + +Passwords can be generated using ``OpenSSL`` + +.. code-block:: console + + openssl rand -base64 32 Host images are not synchronised to the local Pulp server, since they should only be pulled to the seed node once. More information on host images can be diff --git a/etc/kayobe/containers/pulp/post.yml b/etc/kayobe/containers/pulp/post.yml index 967c4e37d..7a4e7e595 100644 --- a/etc/kayobe/containers/pulp/post.yml +++ b/etc/kayobe/containers/pulp/post.yml @@ -28,6 +28,18 @@ - stackhpc_pulp_sync_for_local_container_build | bool - pulp_settings.changed +- name: Ensure Pulp stack user exists + ansible.builtin.include_role: + name: stackhpc.pulp.pulp_user + vars: + pulp_users: + - username: "{{ pulp_stack_username }}" + password: "{{ pulp_stack_password }}" + is_staff: false + when: + - pulp_stack_username is defined and pulp_stack_username | length > 0 + - pulp_stack_password is defined and pulp_stack_password | length > 0 + - name: Login to docker registry docker_login: registry_url: "{{ kolla_docker_registry or omit }}" diff --git a/etc/kayobe/pulp.yml b/etc/kayobe/pulp.yml index a74a7d555..214e8bc10 100644 --- a/etc/kayobe/pulp.yml +++ b/etc/kayobe/pulp.yml @@ -26,6 +26,10 @@ pulp_enable_tls: false pulp_username: admin pulp_password: "{{ secrets_pulp_password }}" +# Credentials for non-admin user within Pulp. +pulp_stack_username: stack +pulp_stack_password: "{{ secrets_pulp_stack_password | default('') }}" + # Proxy to use when adding remotes. pulp_proxy_url: "{{ omit }}" diff --git a/etc/kayobe/stackhpc.yml b/etc/kayobe/stackhpc.yml index 8dc781455..2e47b0022 100644 --- a/etc/kayobe/stackhpc.yml +++ b/etc/kayobe/stackhpc.yml @@ -178,8 +178,8 @@ stackhpc_kolla_ansible_source_version: stackhpc/18.6.0.10 stackhpc_docker_registry: "{{ pulp_url | regex_replace('^https?://', '') }}" # Username and password of container registry. -stackhpc_docker_registry_username: "{{ pulp_username }}" -stackhpc_docker_registry_password: "{{ pulp_password }}" +stackhpc_docker_registry_username: "{{ pulp_stack_username if pulp_stack_password is defined and pulp_stack_password | length > 0 else pulp_username }}" +stackhpc_docker_registry_password: "{{ pulp_stack_password if pulp_stack_password is defined and pulp_stack_password | length > 0 else pulp_password }}" ############################################################################### # Feature flags diff --git a/releasenotes/notes/add-stack-user-for-pulp-c96041e82c13aa10.yaml b/releasenotes/notes/add-stack-user-for-pulp-c96041e82c13aa10.yaml new file mode 100644 index 000000000..63b4dae95 --- /dev/null +++ b/releasenotes/notes/add-stack-user-for-pulp-c96041e82c13aa10.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + Add support for a basic user for Pulp operations instead of using + the admin user for usage. Can be enabled by setting + `pulp_stack_password`.