diff --git a/doc/source/contributor/environments/ci-tenks.rst b/doc/source/contributor/environments/ci-tenks.rst new file mode 100644 index 0000000000..9146d631af --- /dev/null +++ b/doc/source/contributor/environments/ci-tenks.rst @@ -0,0 +1,75 @@ +========== +ci-tenks +========== + +The ``ci-tenks`` Kayobe environment is used to test seed services. +It is currently a work in progress. + +The environment is deployed using `automated-deployment.sh`. It bootstraps +localhost as a hypervisor for a seed and one controller instance. The seed +provisions the controller with Bifrost. + +It currently tests: + +* Seed hypervisor host configuration +* Seed VM provisioning +* Seed host configuration +* Pulp deployment +* Pulp container syncing (one container - Bifrost) +* Bifrost overcloud provisioning + +In the future it could test: + +* Pulp package syncing +* Overcloud host configuration, pulling packages from a local Pulp +* Upgrades (Host OS and OpenStack) +* Multi-node OpenStack deployments + + * Multiple controllers + * Multiple compute nodes (and live migration) + * Multiple storage nodes (Ceph) + +These extensions depend on more SMS hypervisor capacity and improved sync times +for the local Pulp instance. + +Prerequisites +============= + +* A Rocky Linux 9 or Ubuntu Noble 24.04 host +* 16GB of memory +* 4 cores +* No LVM + +Setup +===== + +The environment is designed to run in CI, however can also be deployed +manually. + +Access the host via SSH. You may wish to start a ``tmux`` session. + +Download the setup script: + +.. parsed-literal:: + + curl -LO https://raw.githubusercontent.com/stackhpc/stackhpc-kayobe-config/stackhpc/2025.1/etc/kayobe/environments/ci-tenks/automated-deployment.sh + +Change the permissions on the script: + +.. parsed-literal:: + + sudo chmod +x automated-deployment.sh + +Acquire the Ansible Vault password for this repository, and store a +copy at ``~/vault-pw``. + +.. note:: + + The vault password is currently the same as for the ``ci-aio`` + environment. + +Run the setup script: + +.. parsed-literal:: + + ./automated-deployment.sh diff --git a/doc/source/contributor/environments/index.rst b/doc/source/contributor/environments/index.rst index 888608973f..81afb7da07 100644 --- a/doc/source/contributor/environments/index.rst +++ b/doc/source/contributor/environments/index.rst @@ -9,4 +9,5 @@ The following Kayobe environments are provided with this configuration: ci-aio ci-builder ci-multinode + ci-tenks aufn-ceph diff --git a/etc/kayobe/environments/ci-tenks/README.md b/etc/kayobe/environments/ci-tenks/README.md new file mode 100644 index 0000000000..0c3bc2ce9a --- /dev/null +++ b/etc/kayobe/environments/ci-tenks/README.md @@ -0,0 +1,36 @@ +# CI-Tenks Kayobe Environment + +This Kayobe environment is designed for use in CI, primarily to test Seed +service deployment and Bifrost provisioning. It is currently a work in +progress. + +The environment is deployed using the `automated-deployment.sh` script. This +script bootstraps the localhost as a hypervisor for a Seed and one Controller +instance. The Seed provisions the Controller using Bifrost. + +### Current Tests + +The environment currently tests the following: + +* Seed Hypervisor host configuration +* Seed VM provisioning +* Seed host configuration +* Pulp deployment +* Pulp container syncing (one container - Bifrost) +* Bifrost Overcloud provisioning + +### Future Enhancements + +Potential future tests include: + +* Pulp package syncing +* Overcloud host configuration, pulling packages from a local Pulp instance +* Full openstack service deployment (AIO or otherwise) +* Upgrades (Host OS and OpenStack) +* Multi-node OpenStack deployments: + * Multiple Controllers + * Multiple Compute nodes (including live migration) + * Multiple Storage nodes (e.g., Ceph) + +These enhancements depend on increased SMS hypervisor capacity and improved +synchronization times for the local Pulp instance. diff --git a/etc/kayobe/environments/ci-tenks/automated-deployment.sh b/etc/kayobe/environments/ci-tenks/automated-deployment.sh new file mode 100755 index 0000000000..ccb796eab2 --- /dev/null +++ b/etc/kayobe/environments/ci-tenks/automated-deployment.sh @@ -0,0 +1,121 @@ + +#!/bin/bash + +########################################### +# STACKHPC-KAYOBE-CONFIG ci-tenks VERSION # +########################################### + +# Script for a full deployment. + +set -eu + +BASE_PATH=~ +KAYOBE_BRANCH=stackhpc/2025.1 +KAYOBE_CONFIG_REF=${KAYOBE_CONFIG_REF:-stackhpc/2025.1} +KAYOBE_ENVIRONMENT=${KAYOBE_ENVIRONMENT:-ci-tenks} + +if [[ ! -f $BASE_PATH/vault-pw ]]; then + echo "Vault password file not found at $BASE_PATH/vault-pw" + exit 1 +fi + +export KAYOBE_VAULT_PASSWORD=$(cat $BASE_PATH/vault-pw) + +# Install git and tmux. +if $(which dnf 2>/dev/null >/dev/null); then + sudo dnf -y install git tmux python3.12 +else + sudo apt update + sudo apt -y install git tmux gcc libffi-dev python3-dev python-is-python3 python3-pip python3.12-venv +fi + +# Disable the firewall. +sudo systemctl is-enabled firewalld && sudo systemctl stop firewalld && sudo systemctl disable firewalld || true + +# Disable SELinux both immediately and permanently. +if $(which setenforce 2>/dev/null >/dev/null); then + sudo setenforce 0 + sudo sed -i 's/^SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config +fi + +# Prevent sudo from performing DNS queries. +echo 'Defaults !fqdn' | sudo tee /etc/sudoers.d/no-fqdn + +# Clone repositories +cd $BASE_PATH +mkdir -p src +pushd src +if [[ ! -d kayobe-config ]]; then + git clone https://github.com/stackhpc/stackhpc-kayobe-config kayobe-config + pushd kayobe-config + git checkout $KAYOBE_CONFIG_REF + popd +fi +[[ -d kayobe ]] || git clone https://github.com/stackhpc/kayobe.git -b $KAYOBE_BRANCH +[[ -d kayobe/tenks ]] || (cd kayobe && git clone https://opendev.org/openstack/tenks.git) +popd + +# Create Kayobe virtualenv +mkdir -p venvs +pushd venvs +if [[ ! -d kayobe ]]; then + python3.12 -m venv kayobe +fi +# NOTE: Virtualenv's activate and deactivate scripts reference an +# unbound variable. +set +u +source kayobe/bin/activate +set -u +pip install -U pip +pip install -r ../src/kayobe-config/requirements.txt +popd + +# Activate environment +pushd $BASE_PATH/src/kayobe-config +source kayobe-env --environment $KAYOBE_ENVIRONMENT + +# Configure host networking (bridge, routes & firewall) +sudo $KAYOBE_CONFIG_PATH/environments/$KAYOBE_ENVIRONMENT/configure-local-networking.sh + +# Bootstrap the Ansible control host. +kayobe control host bootstrap + +# Configure the seed hypervisor host. +kayobe seed hypervisor host configure + +# Provision the seed VM. +kayobe seed vm provision + +# Configure the seed host, and deploy a local registry. +kayobe seed host configure + +# Deploy local pulp server as a container on the seed VM +kayobe seed service deploy --tags seed-deploy-containers --kolla-tags none + +# Deploying the seed restarts networking interface, run configure-local-networking.sh again to re-add routes. +sudo $KAYOBE_CONFIG_PATH/environments/$KAYOBE_ENVIRONMENT/configure-local-networking.sh + +# Sync package & container repositories. +# FIXME: repo sync playbook takes around 30 minutes (tested on ubuntu). +# for now we should skip it and just get to provisioning. Once we have a local +# package mirror, we can probably add it back in and at least get to host +# configuration. +#kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/pulp-repo-sync.yml +#kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/pulp-repo-publish.yml +kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/pulp-container-sync.yml -e stackhpc_pulp_images_kolla_filter=bifrost +kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/pulp-container-publish.yml -e stackhpc_pulp_images_kolla_filter=bifrost + +# Re-run full task to set up bifrost_deploy etc. using newly-populated pulp repo +kayobe seed service deploy + +# NOTE: Make sure to use ./tenks, since just ‘tenks’ will install via PyPI. +(export TENKS_CONFIG_PATH=$KAYOBE_CONFIG_PATH/environments/$KAYOBE_ENVIRONMENT/tenks.yml && \ + export KAYOBE_CONFIG_SOURCE_PATH=$BASE_PATH/src/kayobe-config && \ + export KAYOBE_VENV_PATH=$BASE_PATH/venvs/kayobe && \ + cd $BASE_PATH/src/kayobe && \ + ./dev/tenks-deploy-overcloud.sh ./tenks) + +# Inspect and provision the overcloud hardware: +kayobe overcloud inventory discover +kayobe overcloud hardware inspect +kayobe overcloud provision diff --git a/etc/kayobe/environments/ci-tenks/cephadm.yml b/etc/kayobe/environments/ci-tenks/cephadm.yml new file mode 100644 index 0000000000..2b8457dca0 --- /dev/null +++ b/etc/kayobe/environments/ci-tenks/cephadm.yml @@ -0,0 +1,63 @@ +--- +############################################################################### +# Cephadm deployment configuration. + +# List of additional cephadm commands to run before deployment +# cephadm_commands: +# - "config set global osd_pool_default_size {{ [3, groups['osds'] | length] | min }}" +# - "config set global osd_pool_default_min_size {{ [3, groups['osds'] | length] | min }}" + +# Ceph OSD specification. +cephadm_osd_spec: + service_type: osd + service_id: osd_spec_default + placement: + host_pattern: "*" + data_devices: + all: true + +############################################################################### +# Ceph post-deployment configuration. + +# List of Ceph erasure coding profiles. See stackhpc.cephadm.ec_profiles role +# for format. +cephadm_ec_profiles: [] + +# List of Ceph CRUSH rules. See stackhpc.cephadm.crush_rules role for format. +cephadm_crush_rules: [] + +# List of Ceph pools. See stackhpc.cephadm.pools role for format. +cephadm_pools: + - name: backups + application: rbd + state: present + - name: images + application: rbd + state: present + - name: volumes + application: rbd + state: present + - name: vms + application: rbd + state: present + +# List of Cephx keys. See stackhpc.cephadm.keys role for format. +cephadm_keys: + - name: client.cinder + caps: + mon: "profile rbd" + osd: "profile rbd pool=volumes, profile rbd pool=vms, profile rbd-read-only pool=images" + mgr: "profile rbd pool=volumes, profile rbd pool=vms" + state: present + - name: client.cinder-backup + caps: + mon: "profile rbd" + osd: "profile rbd pool=volumes, profile rbd pool=backups" + mgr: "profile rbd pool=volumes, profile rbd pool=backups" + state: present + - name: client.glance + caps: + mon: "profile rbd" + osd: "profile rbd pool=images" + mgr: "profile rbd pool=images" + state: present diff --git a/etc/kayobe/environments/ci-tenks/configure-local-networking.sh b/etc/kayobe/environments/ci-tenks/configure-local-networking.sh new file mode 100755 index 0000000000..c22bbd5180 --- /dev/null +++ b/etc/kayobe/environments/ci-tenks/configure-local-networking.sh @@ -0,0 +1,81 @@ +#!/bin/bash + +set -e +set -o pipefail + +# This should be run on the seed hypervisor. + +# IP addresses on the all-in-one Kayobe cloud network. +# These IP addresses map to those statically configured in +# etc/kayobe/network-allocation.yml and etc/kayobe/networks.yml. +controller_vip=192.168.39.2 +seed_hv_ip=192.168.33.4 + +iface=$(ip route | awk '$1 == "default" {print $5; exit}') + +# Private IP address by which the seed hypervisor is accessible in the cloud +# hosting the VM. +seed_hv_private_ip=$(ip a show dev $iface | awk '$1 == "inet" { gsub(/\/[0-9]*/,"",$2); print $2; exit }') + +# Forward the following ports to the controller. +# 80: Horizon +# 6080: VNC console +forwarded_ports="80 6080" + +# Install iptables. +if $(which dnf >/dev/null 2>&1); then + sudo dnf -y install iptables +else + sudo apt update + sudo apt -y install iptables +fi + +# Configure local networking. +# Add bridges for the Kayobe networks. +if ! sudo ip l show brprov >/dev/null 2>&1; then + sudo ip l add brprov type bridge + sudo ip l set brprov up + sudo ip a add $seed_hv_ip/24 dev brprov +fi + +if ! sudo ip l show brcloud >/dev/null 2>&1; then + sudo ip l add brcloud type bridge + sudo ip l set brcloud up +fi + +# On Rocky Linux, bridges without a port are DOWN, which causes network +# configuration to fail. Add a dummy interface and plug it into the bridge. +for i in mgmt prov cloud; do + if ! sudo ip l show dummy-$i >/dev/null 2>&1; then + sudo ip l add dummy-$i type dummy + fi +done + +# Configure IP routing and NAT to allow the seed VM and overcloud hosts to +# route via this route to the outside world. +sudo iptables -A POSTROUTING -t nat -o $iface -j MASQUERADE +sudo sysctl -w net.ipv4.conf.all.forwarding=1 + +# FIXME: IP MASQUERADE from control plane fails without this on Ubuntu. +if ! $(which dnf >/dev/null 2>&1); then + sudo modprobe br_netfilter + echo 0 | sudo tee /proc/sys/net/bridge/bridge-nf-call-iptables +fi + +# Configure port forwarding from the hypervisor to the Horizon GUI on the +# controller. +sudo iptables -A FORWARD -i $iface -o brprov -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT +sudo iptables -A FORWARD -i brprov -o $iface -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT +for port in $forwarded_ports; do + # Allow new connections. + sudo iptables -A FORWARD -i $iface -o brcloud -p tcp --syn --dport $port -m conntrack --ctstate NEW -j ACCEPT + # Destination NAT. + sudo iptables -t nat -A PREROUTING -i $iface -p tcp --dport $port -j DNAT --to-destination $controller_vip + # Source NAT. + sudo iptables -t nat -A POSTROUTING -o brcloud -p tcp --dport $port -d $controller_vip -j SNAT --to-source $seed_hv_private_ip +done + +echo +echo "NOTE: The network configuration applied by this script is not" +echo "persistent across reboots." +echo "If you reboot the system, please re-run this script." diff --git a/etc/kayobe/environments/ci-tenks/controllers.yml b/etc/kayobe/environments/ci-tenks/controllers.yml new file mode 100644 index 0000000000..2a20c1ee6a --- /dev/null +++ b/etc/kayobe/environments/ci-tenks/controllers.yml @@ -0,0 +1,15 @@ +--- +############################################################################### +# Controller node configuration. + +# User with which to access the controllers via SSH during bootstrap, in order +# to setup the Kayobe user account. Default is {{ os_distribution }}. +controller_bootstrap_user: "zuul" + +############################################################################### +# Controller node LVM configuration. + +# List of controller volume groups. See mrlesmithjr.manage-lvm role for +# format. +controller_lvm_groups: + - "{{ stackhpc_lvm_group_rootvg }}" diff --git a/etc/kayobe/environments/ci-tenks/globals.yml b/etc/kayobe/environments/ci-tenks/globals.yml new file mode 100644 index 0000000000..88c3f37b9e --- /dev/null +++ b/etc/kayobe/environments/ci-tenks/globals.yml @@ -0,0 +1,21 @@ +--- +# Kayobe global configuration. + +############################################################################### +# OS distribution. + +# OS distribution name. Valid options are "rocky", "ubuntu". Default is +# "rocky". +os_distribution: "{{ lookup('pipe', '. /etc/os-release && echo $ID') | trim }}" + +# OS release. Valid options are "9" when os_distribution is "rocky", or +# "noble" when os_distribution is "ubuntu". +os_release: >- + {{ (lookup('pipe', '. /etc/os-release && echo $VERSION_CODENAME') | trim) if os_distribution == 'ubuntu' else + (lookup('pipe', '. /etc/os-release && echo $VERSION_ID') | trim | split('.') | first) if os_distribution == 'rocky' }} + +############################################################################### +# Extra vars. + +# Don't prompt when rebooting hosts. +confirm_reboot: true diff --git a/etc/kayobe/environments/ci-tenks/inventory/group_vars/all/lvm.yml b/etc/kayobe/environments/ci-tenks/inventory/group_vars/all/lvm.yml new file mode 100644 index 0000000000..b6e9f54382 --- /dev/null +++ b/etc/kayobe/environments/ci-tenks/inventory/group_vars/all/lvm.yml @@ -0,0 +1,27 @@ +--- +############################################################################### +# StackHPC LVM Logical Volume (LV) configuration. + +# StackHPC LVM lv_swap LV size. +stackhpc_lvm_lv_swap_size: 120m + +# StackHPC LVM lv_root LV size. +stackhpc_lvm_lv_root_size: 1g + +# StackHPC LVM lv_tmp LV size. +stackhpc_lvm_lv_tmp_size: 1g + +# StackHPC LVM lv_var LV size. +stackhpc_lvm_lv_var_size: 2.5g + +# StackHPC LVM lv_var_tmp LV size. +stackhpc_lvm_lv_var_tmp_size: 1g + +# StackHPC LVM lv_log LV size. +stackhpc_lvm_lv_log_size: 1g + +# StackHPC LVM lv_audit LV size. +stackhpc_lvm_lv_audit_size: 120m + +# StackHPC LVM lv_home LV size. +stackhpc_lvm_lv_home_size: 1g diff --git a/etc/kayobe/environments/ci-tenks/inventory/group_vars/compute/network-interfaces b/etc/kayobe/environments/ci-tenks/inventory/group_vars/compute/network-interfaces new file mode 100644 index 0000000000..b44b1b0484 --- /dev/null +++ b/etc/kayobe/environments/ci-tenks/inventory/group_vars/compute/network-interfaces @@ -0,0 +1,19 @@ +--- +############################################################################### +# Network interface definitions for the compute group. + +provision_oc_interface: "{{ 'ens2' if os_distribution == 'ubuntu' else 'eth0' }}" +# Route via the seed-hypervisor to the outside world. +provision_oc_gateway: 192.168.33.4 + +internal_interface: "{{ 'ens3' if os_distribution == 'ubuntu' else 'eth1' }}.{{ internal_vlan }}" + +storage_interface: "{{ 'ens3' if os_distribution == 'ubuntu' else 'eth1' }}.{{ storage_vlan }}" + +tunnel_interface: "{{ 'ens3' if os_distribution == 'ubuntu' else 'eth1' }}.{{ tunnel_vlan }}" + +external_interface: "{{ 'ens3' if os_distribution == 'ubuntu' else 'eth1' }}.{{ external_vlan }}" + +############################################################################### +# Dummy variable to allow Ansible to accept this file. +workaround_ansible_issue_8743: yes diff --git a/etc/kayobe/environments/ci-tenks/inventory/group_vars/controllers/network-interfaces b/etc/kayobe/environments/ci-tenks/inventory/group_vars/controllers/network-interfaces new file mode 100644 index 0000000000..d608a62e7f --- /dev/null +++ b/etc/kayobe/environments/ci-tenks/inventory/group_vars/controllers/network-interfaces @@ -0,0 +1,27 @@ +--- +############################################################################### +# Network interface definitions for the controller group. + +provision_oc_interface: "{{ 'ens2' if os_distribution == 'ubuntu' else 'eth0' }}" +# Route via the seed-hypervisor to the outside world. +provision_oc_gateway: 192.168.33.4 + +mgmt_interface: "{{ 'ens3' if os_distribution == 'ubuntu' else 'eth1' }}" + +provision_wl_interface: "br{{ 'ens4' if os_distribution == 'ubuntu' else 'eth2' }}" +provision_wl_bridge_ports: + - "{{ 'ens4' if os_distribution == 'ubuntu' else 'eth2' }}" + +internal_interface: "{{ 'ens4' if os_distribution == 'ubuntu' else 'eth2' }}.{{ internal_vlan }}" + +external_interface: "br{{ 'ens4' if os_distribution == 'ubuntu' else 'eth2' }}.{{ external_vlan }}" + +public_interface: "{{ 'ens4' if os_distribution == 'ubuntu' else 'eth2' }}.{{ public_vlan }}" + +storage_interface: "{{ 'ens4' if os_distribution == 'ubuntu' else 'eth2' }}.{{ storage_vlan }}" + +tunnel_interface: "{{ 'ens4' if os_distribution == 'ubuntu' else 'eth2' }}.{{ tunnel_vlan }}" + +############################################################################### +# Dummy variable to allow Ansible to accept this file. +workaround_ansible_issue_8743: yes diff --git a/etc/kayobe/environments/ci-tenks/inventory/group_vars/seed-hypervisor/network-interfaces b/etc/kayobe/environments/ci-tenks/inventory/group_vars/seed-hypervisor/network-interfaces new file mode 100644 index 0000000000..61d0a836bb --- /dev/null +++ b/etc/kayobe/environments/ci-tenks/inventory/group_vars/seed-hypervisor/network-interfaces @@ -0,0 +1,18 @@ +--- +mgmt_interface: brmgmt +mgmt_bridge_ports: + - dummy-mgmt + +provision_oc_interface: brprov +provision_oc_bridge_ports: + - dummy-prov + +provision_wl_interface: brcloud +provision_wl_bridge_ports: + - dummy-cloud + +internal_interface: "{{ provision_wl_interface }}.{{ internal_vlan }}" + +public_interface: "{{ provision_wl_interface }}.{{ public_vlan }}" + +external_interface: "{{ provision_wl_interface }}.{{ external_vlan }}" diff --git a/etc/kayobe/environments/ci-tenks/inventory/group_vars/seed/network-interfaces b/etc/kayobe/environments/ci-tenks/inventory/group_vars/seed/network-interfaces new file mode 100644 index 0000000000..ca04864d40 --- /dev/null +++ b/etc/kayobe/environments/ci-tenks/inventory/group_vars/seed/network-interfaces @@ -0,0 +1,13 @@ +--- +############################################################################### +# Network interface definitions for the seed group. + +mgmt_interface: "{{ 'ens2' if os_distribution == 'ubuntu' else 'eth0' }}" + +provision_oc_interface: "{{ 'ens3' if os_distribution == 'ubuntu' else 'eth1' }}" +# Route via the seed-hypervisor to the outside world. +provision_oc_gateway: 192.168.33.4 + +############################################################################### +# Dummy variable to allow Ansible to accept this file. +workaround_ansible_issue_8743: yes diff --git a/etc/kayobe/environments/ci-tenks/inventory/group_vars/storage/network-interfaces b/etc/kayobe/environments/ci-tenks/inventory/group_vars/storage/network-interfaces new file mode 100644 index 0000000000..c2b0dac841 --- /dev/null +++ b/etc/kayobe/environments/ci-tenks/inventory/group_vars/storage/network-interfaces @@ -0,0 +1,17 @@ +--- +############################################################################### +# Network interface definitions for the compute group. + +provision_oc_interface: "{{ 'ens2' if os_distribution == 'ubuntu' else 'eth0' }}" +# Route via the seed-hypervisor to the outside world. +provision_oc_gateway: 192.168.33.4 + +internal_interface: "{{ 'ens3' if os_distribution == 'ubuntu' else 'eth1' }}.{{ internal_vlan }}" + +storage_interface: "{{ 'ens3' if os_distribution == 'ubuntu' else 'eth1' }}.{{ storage_vlan }}" + +storage_mgmt_interface: "{{ 'ens3' if os_distribution == 'ubuntu' else 'eth1' }}.{{ storage_mgmt_vlan }}" + +############################################################################### +# Dummy variable to allow Ansible to accept this file. +workaround_ansible_issue_8743: yes diff --git a/etc/kayobe/environments/ci-tenks/inventory/groups b/etc/kayobe/environments/ci-tenks/inventory/groups new file mode 100644 index 0000000000..71b723a910 --- /dev/null +++ b/etc/kayobe/environments/ci-tenks/inventory/groups @@ -0,0 +1,29 @@ +# Kayobe groups inventory file. This file should generally not be modified. +# It declares the top-level groups and sub-groups. + +############################################################################### +# Ceph groups + +# Empty group with hosts added in overcloud.yml +[storage-ceph] + +[mons:children] +storage-ceph + +[mgrs:children] +storage-ceph + +[osds:children] +storage-ceph + +[rgws:children] +storage-ceph + +[storage:children] +storage-ceph + +############################################################################### +# Monitoring groups + +[monitoring:children] +controllers diff --git a/etc/kayobe/environments/ci-tenks/inventory/hosts b/etc/kayobe/environments/ci-tenks/inventory/hosts new file mode 100644 index 0000000000..c0d1b51fde --- /dev/null +++ b/etc/kayobe/environments/ci-tenks/inventory/hosts @@ -0,0 +1,27 @@ +# This host acts as the configuration management Ansible control host. This must be +# localhost. +localhost ansible_connection=local + +[seed-hypervisor] +seed-hypervisor + +[seed] +seed + +[controllers] +#controller0 + +[compute:children] +#controllers + +[baremetal-compute] +# Add baremetal compute nodes here if required. + +[mgmt-switches] +# Add management network switches here if required. + +[ctl-switches] +# Add control and provisioning switches here if required. + +[hs-switches] +# Add high speed switches here if required. diff --git a/etc/kayobe/environments/ci-tenks/kolla.yml b/etc/kayobe/environments/ci-tenks/kolla.yml new file mode 100644 index 0000000000..95c25cd799 --- /dev/null +++ b/etc/kayobe/environments/ci-tenks/kolla.yml @@ -0,0 +1,4 @@ +--- +# Kolla feature flag configuration. +kolla_enable_cinder: true +kolla_enable_neutron_provider_networks: true diff --git a/etc/kayobe/environments/ci-tenks/kolla/config/neutron.conf b/etc/kayobe/environments/ci-tenks/kolla/config/neutron.conf new file mode 100644 index 0000000000..1014e6730d --- /dev/null +++ b/etc/kayobe/environments/ci-tenks/kolla/config/neutron.conf @@ -0,0 +1,2 @@ +[DEFAULT] +global_physnet_mtu = {{ tunnel_net_name | net_mtu }} diff --git a/etc/kayobe/environments/ci-tenks/kolla/config/neutron/ml2_conf.ini b/etc/kayobe/environments/ci-tenks/kolla/config/neutron/ml2_conf.ini new file mode 100644 index 0000000000..7695e792bb --- /dev/null +++ b/etc/kayobe/environments/ci-tenks/kolla/config/neutron/ml2_conf.ini @@ -0,0 +1,2 @@ +[ml2] +path_mtu = {{ tunnel_net_name | net_mtu }} diff --git a/etc/kayobe/environments/ci-tenks/kolla/globals.yml b/etc/kayobe/environments/ci-tenks/kolla/globals.yml new file mode 100644 index 0000000000..872a57b80f --- /dev/null +++ b/etc/kayobe/environments/ci-tenks/kolla/globals.yml @@ -0,0 +1,17 @@ +--- +# Most development environments will use nested virtualisation, and we can't +# guarantee that nested KVM support is available. Use QEMU as a lowest common +# denominator. +nova_compute_virt_type: qemu + +# Reduce the control plane's memory footprint by limiting the number of worker +# processes to one per-service. +openstack_service_workers: "1" +openstack_service_rpc_workers: "1" + +glance_backend_ceph: "yes" +cinder_backend_ceph: "yes" +nova_backend_ceph: "yes" + +# OpenSearch memory tuning +opensearch_heap_size: 1g diff --git a/etc/kayobe/environments/ci-tenks/kolla/kolla-build.conf b/etc/kayobe/environments/ci-tenks/kolla/kolla-build.conf new file mode 100644 index 0000000000..0a665e1bd1 --- /dev/null +++ b/etc/kayobe/environments/ci-tenks/kolla/kolla-build.conf @@ -0,0 +1,4 @@ +[DEFAULT] +# This is necessary for network connectivity of kolla-build, when Docker +# default iptables rules are disabled. +network_mode = host diff --git a/etc/kayobe/environments/ci-tenks/network-allocation.yml b/etc/kayobe/environments/ci-tenks/network-allocation.yml new file mode 100644 index 0000000000..ba8a1241cb --- /dev/null +++ b/etc/kayobe/environments/ci-tenks/network-allocation.yml @@ -0,0 +1,13 @@ +--- +provision_oc_ips: + compute0: 192.168.33.6 + compute1: 192.168.33.7 + compute2: 192.168.33.8 + controller0: 192.168.33.3 + controller1: 192.168.33.9 + controller2: 192.168.33.10 + seed: 192.168.33.5 + seed-hypervisor: 192.168.33.4 + storage0: 192.168.33.11 + storage1: 192.168.33.12 + storage2: 192.168.33.13 diff --git a/etc/kayobe/environments/ci-tenks/networks.yml b/etc/kayobe/environments/ci-tenks/networks.yml new file mode 100644 index 0000000000..89a30331c2 --- /dev/null +++ b/etc/kayobe/environments/ci-tenks/networks.yml @@ -0,0 +1,117 @@ +--- +# Kayobe network configuration. + +############################################################################### +# Network role to network mappings. + +# Name of the network used by the seed to manage the bare metal overcloud +# hosts via their out-of-band management controllers. +oob_oc_net_name: mgmt + +# Name of the network used by the seed to provision the bare metal overcloud +# hosts. +provision_oc_net_name: provision_oc + +# Name of the network used by the overcloud hosts to manage the bare metal +# compute hosts via their out-of-band management controllers. +oob_wl_net_name: mgmt + +# Name of the network used by the overcloud hosts to provision the bare metal +# workload hosts. +provision_wl_net_name: provision_wl + +# Name of the network used to expose the internal OpenStack API endpoints. +internal_net_name: internal + +# List of names of networks used to provide external network access via +# Neutron. +# Deprecated name: external_net_name +# If external_net_name is defined, external_net_names will default to a list +# containing one item, external_net_name. +external_net_names: + - external + +# Name of the network used to expose the public OpenStack API endpoints. +public_net_name: public + +# Name of the network used by Neutron to carry tenant overlay network traffic. +tunnel_net_name: tunnel + +# Name of the network used to carry storage data traffic. +storage_net_name: storage + +# Name of the network used to carry storage management traffic. +storage_mgmt_net_name: storage_mgmt + +# Name of the network used to perform hardware introspection on the bare metal +# workload hosts. +inspection_net_name: provision_wl + +# Name of the network used to perform cleaning on the bare metal workload +# hosts +cleaning_net_name: provision_wl + +############################################################################### +# Network definitions. + +mgmt_cidr: 192.168.35.0/24 +mgmt_mtu: 1442 +# Native VLAN +mgmt_physical_network: mgmt + +provision_oc_cidr: 192.168.33.0/24 +provision_oc_mtu: 1442 +provision_oc_inspection_allocation_pool_start: 192.168.33.128 +provision_oc_inspection_allocation_pool_end: 192.168.33.254 +# Native VLAN +provision_oc_physical_network: provision + +provision_wl_cidr: 192.168.36.0/24 +provision_wl_mtu: 1442 +provision_wl_inspection_allocation_pool_start: 192.168.36.128 +provision_wl_inspection_allocation_pool_end: 192.168.36.254 +provision_wl_neutron_allocation_pool_start: 192.168.36.2 +provision_wl_neutron_allocation_pool_end: 192.168.36.127 +# Native VLAN +provision_wl_physical_network: cloud + +internal_cidr: 192.168.37.0/24 +internal_mtu: 1442 +internal_allocation_pool_start: 192.168.37.3 +internal_allocation_pool_end: 192.168.37.254 +internal_vip_address: 192.168.37.2 +internal_vlan: 101 +internal_physical_network: cloud + +external_cidr: 192.168.38.0/24 +external_mtu: 1392 +external_vlan: 102 +external_physical_network: cloud + +public_cidr: 192.168.39.0/24 +public_mtu: 1442 +public_allocation_pool_start: 192.168.39.3 +public_allocation_pool_end: 192.168.39.254 +public_vip_address: 192.168.39.2 +public_vlan: 103 +public_physical_network: cloud + +tunnel_cidr: 192.168.40.0/24 +tunnel_mtu: 1442 +tunnel_vlan: 104 +tunnel_physical_network: cloud + +storage_cidr: 192.168.41.0/24 +storage_mtu: 1442 +storage_vlan: 105 +storage_physical_network: cloud + +storage_mgmt_cidr: 192.168.42.0/24 +storage_mgmt_mtu: 1442 +storage_mgmt_vlan: 106 +storage_mgmt_physical_network: cloud + +############################################################################### +# MichaelRigart interfaces configuration. + +interfaces_pause_time: 5 diff --git a/etc/kayobe/environments/ci-tenks/neutron.yml b/etc/kayobe/environments/ci-tenks/neutron.yml new file mode 100644 index 0000000000..258c0a15f1 --- /dev/null +++ b/etc/kayobe/environments/ci-tenks/neutron.yml @@ -0,0 +1,13 @@ +--- +kolla_neutron_ml2_network_vlan_ranges: + - physical_network: "physnet1" + +kolla_neutron_ml2_type_drivers: + - flat + - vlan + - geneve + +kolla_neutron_ml2_tenant_network_types: + - flat + - vlan + - geneve diff --git a/etc/kayobe/environments/ci-tenks/overcloud.yml b/etc/kayobe/environments/ci-tenks/overcloud.yml new file mode 100644 index 0000000000..1530c401da --- /dev/null +++ b/etc/kayobe/environments/ci-tenks/overcloud.yml @@ -0,0 +1,21 @@ +--- +############################################################################### +# Overcloud configuration. + +# Dict mapping overcloud Ansible group names to lists of hosts in the group. +# As a special case, the group 'ignore' can be used to specify hosts that +# should not be added to the inventory. +#overcloud_group_hosts_map: +overcloud_group_hosts_map: + controllers: + - controller0 + - controller1 + - controller2 + compute: + - compute0 + - compute1 + - compute2 + storage-ceph: + - storage0 + - storage1 + - storage2 diff --git a/etc/kayobe/environments/ci-tenks/seed-hypervisor.yml b/etc/kayobe/environments/ci-tenks/seed-hypervisor.yml new file mode 100644 index 0000000000..2f288f0303 --- /dev/null +++ b/etc/kayobe/environments/ci-tenks/seed-hypervisor.yml @@ -0,0 +1,14 @@ +--- + +############################################################################### +# Seed hypervisor network interface configuration. + +# List of extra networks to which seed hypervisor nodes are attached. +seed_hypervisor_extra_network_interfaces: + - "{{ provision_wl_net_name }}" + - "{{ internal_net_name }}" + - "{{ public_net_name }}" + - "{{ external_net_names[0] }}" + +# Workaround change to cloud-user default login name on Rocky Linux +seed_hypervisor_bootstrap_user: "{{ lookup('env', 'USER') }}" diff --git a/etc/kayobe/environments/ci-tenks/seed-vm.yml b/etc/kayobe/environments/ci-tenks/seed-vm.yml new file mode 100644 index 0000000000..ddf82f9de5 --- /dev/null +++ b/etc/kayobe/environments/ci-tenks/seed-vm.yml @@ -0,0 +1,9 @@ +--- +############################################################################### +# Seed node VM configuration. + +# Memory in MB. +seed_vm_memory_mb: "{{ 4 * 1024 }}" + +# Number of vCPUs. +seed_vm_vcpus: 1 diff --git a/etc/kayobe/environments/ci-tenks/seed.yml b/etc/kayobe/environments/ci-tenks/seed.yml new file mode 100644 index 0000000000..9e316816d9 --- /dev/null +++ b/etc/kayobe/environments/ci-tenks/seed.yml @@ -0,0 +1,5 @@ +--- +# Default seed volumes are 50G and 100G for root and data respectively. Reduce +# these in CI to minimise resource usage. +seed_vm_root_capacity: 15G +seed_vm_data_capacity: 20G diff --git a/etc/kayobe/environments/ci-tenks/stackhpc-ci.yml b/etc/kayobe/environments/ci-tenks/stackhpc-ci.yml new file mode 100644 index 0000000000..81791dc681 --- /dev/null +++ b/etc/kayobe/environments/ci-tenks/stackhpc-ci.yml @@ -0,0 +1,19 @@ +--- +############################################################################### +# Kolla configuration. + +# Docker namespace to use for Kolla images. Default is 'kolla'. +kolla_docker_namespace: stackhpc-dev + +############################################################################### +# StackHPC configuration. + +# Use AIO credentials for access to Ark +stackhpc_release_pulp_username: "skc-ci-aio" +stackhpc_release_pulp_password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 31386366383365666135336331663635396237623139306362633933636233613765663731666338 + 3633633736333936383439623066653663333964343234350a393137383537316164323837386437 + 36613139323161643766666565643739373037623363636234343965343436653261326238393566 + 3837336661653962340a316631366463623138623530373133336665376433633437306631383666 + 30333461333535363433363336663664316634343432633766346564323833346663 diff --git a/etc/kayobe/environments/ci-tenks/stackhpc.yml b/etc/kayobe/environments/ci-tenks/stackhpc.yml new file mode 100644 index 0000000000..48e7725d3a --- /dev/null +++ b/etc/kayobe/environments/ci-tenks/stackhpc.yml @@ -0,0 +1,16 @@ +--- +############################################################################### +# Kolla configuration. +# +# Docker namespace to use for Kolla images. Default is 'kolla'. +kolla_docker_namespace: stackhpc-dev + +############################################################################### +# StackHPC configuration. + +pulp_username: admin +# Password for locally deployed pulp container. Not secret +pulp_password: 9e4bfa04-9d9d-493d-9473-ba92e4361dae + +# Whether or not to download overcloud host images from Ark +stackhpc_download_overcloud_host_images: true diff --git a/etc/kayobe/environments/ci-tenks/storage.yml b/etc/kayobe/environments/ci-tenks/storage.yml new file mode 100644 index 0000000000..4f69e973aa --- /dev/null +++ b/etc/kayobe/environments/ci-tenks/storage.yml @@ -0,0 +1,10 @@ +--- +############################################################################### +# Storage node LVM configuration. + +# List of storage volume groups. See mrlesmithjr.manage-lvm role for +# format. +# storage_lvm_groups: + +# Avoid undefined var which would result in 'LVM physical disks have not been configured' error +storage_lvm_groups: [] diff --git a/etc/kayobe/environments/ci-tenks/tenks.yml b/etc/kayobe/environments/ci-tenks/tenks.yml new file mode 100644 index 0000000000..00989520b8 --- /dev/null +++ b/etc/kayobe/environments/ci-tenks/tenks.yml @@ -0,0 +1,45 @@ +--- +# This file holds the config given to Tenks when running `tenks-deploy.sh`. It +# assumes the existence of the bridges `brmgmt` and `brcloud`. + +node_types: + controller: + memory_mb: 8192 + vcpus: 2 + volumes: + # Host images pulled from Ark require a disk larger than 20GB + - capacity: 22GiB + physical_networks: + - provision-net + - mgmt-net + - cloud-net + console_log_enabled: true + +specs: + - type: controller + count: 1 + node_name_prefix: controller + ironic_config: + resource_class: test-rc + network_interface: noop + +ipmi_address: 192.168.33.4 +ipmi_port_range_end: 6250 + +nova_flavors: [] + +physnet_mappings: + mgmt-net: brmgmt + provision-net: brprov + cloud-net: brcloud + +bridge_type: linuxbridge + +# No placement service. +wait_for_placement: false + +# NOTE(priteau): Disable libvirt_vm_trust_guest_rx_filters, which when enabled +# triggers the following errors when booting baremetal instances with Tenks on +# Libvirt 9: Cannot set interface flags on 'macvtap1': Value too large for +# defined data type +libvirt_vm_trust_guest_rx_filters: false diff --git a/etc/kayobe/environments/ci-tenks/time.yml b/etc/kayobe/environments/ci-tenks/time.yml new file mode 100644 index 0000000000..6c1bef6860 --- /dev/null +++ b/etc/kayobe/environments/ci-tenks/time.yml @@ -0,0 +1,3 @@ +--- +# Force system clock synchronisation +ntp_force_sync: True diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml new file mode 100644 index 0000000000..a46b07b8d2 --- /dev/null +++ b/zuul.d/jobs.yaml @@ -0,0 +1,28 @@ +--- +- job: + name: tenks-base + description: | + Base job for testing seed VM deployment and overcloud + provisioning. + + Configures the primary VM as a seed hypervisor. Uses tenks to create + a single overcloud host and test Bifrost provisioning. + run: zuul.d/playbooks/tenks-base/run.yml + timeout: 10800 + secrets: + - aio_vault_password + +- job: + name: tenks-ubuntu-noble + parent: tenks-base + nodeset: + nodes: + - name: ubuntu-noble-tenks + label: ubuntu-noble-tenks +- job: + name: tenks-rocky-9 + parent: tenks-base + nodeset: + nodes: + - name: rocky-9-tenks + label: rocky-9-tenks diff --git a/zuul.d/playbooks/tenks-base/run.yml b/zuul.d/playbooks/tenks-base/run.yml new file mode 100644 index 0000000000..c2499bf33f --- /dev/null +++ b/zuul.d/playbooks/tenks-base/run.yml @@ -0,0 +1,17 @@ +--- +- hosts: all + vars: + script_path: "/home/zuul/src/github.com/stackhpc/stackhpc-kayobe-config/etc/kayobe/environments/ci-tenks/automated-deployment.sh" + tasks: + - name: Write out vault password file + copy: + content: "{{ aio_vault_password.vault_pw | trim }}" + dest: "~/vault-pw" + no_log: true + + - name: Run deploy script + environment: + KAYOBE_CONFIG_REF: "{{ zuul.patchset }}" + shell: + cmd: "{{ script_path }}" + executable: /bin/bash diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml index 2551dd112e..5d69fc0610 100644 --- a/zuul.d/project.yaml +++ b/zuul.d/project.yaml @@ -5,6 +5,13 @@ jobs: - openstack-tox-pep8 + check-review: + jobs: + - tenks-ubuntu-noble + - tenks-rocky-9 + gate: jobs: - openstack-tox-pep8 + - tenks-ubuntu-noble + - tenks-rocky-9 diff --git a/zuul.d/secrets.yaml b/zuul.d/secrets.yaml new file mode 100644 index 0000000000..d481e4c01f --- /dev/null +++ b/zuul.d/secrets.yaml @@ -0,0 +1,15 @@ +--- +- secret: + name: aio_vault_password + data: + vault_pw: !encrypted/pkcs1-oaep + - HyNVu3K9CqgBWIdraZwqGBIgh+uNiHdPz43TOG0vGmm4sF++axK4/JFtoGeyV6UhtsqzC + 5kXiKLjNj9HRxN9E7u5MDljIsduviEilkI5NQEJ5ctCJGMM0W42+7RtvwD/bIKK/ZHupV + suSDt0WxaBy6ipHjNj+3HgacxH0hG2B2wDuvxnkmMH1z5Z+LTQ4E8h3az/qwuxB9S7WK7 + Mekq6ujBUKcgoZg7x9JGsbD0U2+pNSTSUtEzbM73jhtlTzZB8pYcgsYDyxF69yyf451Ww + L0vRbExNnfGxiclc4jWGpQHGUj4G0kPp+SYet3dzp8o29xzfr76e/9c3FCABXGQ8ShHin + uY7tzr07bqobWW3gRiyqDMZ8e41ipjTl+yN66TDLafftmk2k8uj8wxgf8X08eZhpYsOxx + BhDzI0IcC2vmhlp9HpF4oZBwtzZFD2XSGMVr79+535l49qzayJtgj2H6fBTonkf9WTjUC + lo1zXFr4Smer4FQJnIVK5N1GaW5PBTUNl2ZHxF9u/RIvf+XhHF0q540PNB1MQaTwptJw3 + d2v19p9vbTk7pjrtgWZDy9g/G+vGjSJ/QPbItcp4MqmVhSZFT+B4v03xlNzi8/3CR5tIw + MPPm5+laBkk4PTU0sAJu7dbS9lonx0su2Rvjzoa/zxkVsGXW71ztkU45ODOPn8=