diff --git a/etc/kayobe/ansible/purge-command-not-found.yml b/etc/kayobe/ansible/purge-command-not-found.yml index 855bfbc10..aef72a7be 100644 --- a/etc/kayobe/ansible/purge-command-not-found.yml +++ b/etc/kayobe/ansible/purge-command-not-found.yml @@ -25,6 +25,7 @@ name: - command-not-found - python3-command-not-found + - python3-commandnotfound purge: true state: absent become: true diff --git a/etc/kayobe/apt.yml b/etc/kayobe/apt.yml index 57bbd56ec..f7614dd7e 100644 --- a/etc/kayobe/apt.yml +++ b/etc/kayobe/apt.yml @@ -51,16 +51,21 @@ apt_keys: # Default is an empty list. stackhpc_apt_repositories: - url: "{{ stackhpc_repo_ubuntu_noble_url }}" + name: ubuntu suites: "{{ ansible_facts.distribution_release }} {{ ansible_facts.distribution_release }}-updates {{ ansible_facts.distribution_release }}-backports" components: main restricted universe multiverse + signed_by: /usr/share/keyrings/ubuntu-archive-keyring.gpg architecture: amd64 required: true - url: "{{ stackhpc_repo_ubuntu_noble_security_url }}" + name: ubuntu suites: "{{ ansible_facts.distribution_release }}-security" components: main restricted universe multiverse + signed_by: /usr/share/keyrings/ubuntu-archive-keyring.gpg architecture: amd64 required: true - url: "{{ stackhpc_repo_docker_ce_ubuntu_noble_url }}" + name: ubuntu suites: "{{ ansible_facts.distribution_release }}" components: stable signed_by: docker.asc diff --git a/etc/kayobe/bifrost.yml b/etc/kayobe/bifrost.yml index 30bb757d6..7af6faf49 100644 --- a/etc/kayobe/bifrost.yml +++ b/etc/kayobe/bifrost.yml @@ -138,19 +138,19 @@ kolla_bifrost_ipa_kernel_upstream_url: "{{ (stackhpc_ipa_image_url + '/ipa.kernel') if stackhpc_ipa_image_bifrost_enabled | bool }}" # URL of checksum of Ironic Python Agent (IPA) kernel image. -#kolla_bifrost_ipa_kernel_checksum_url: +kolla_bifrost_ipa_kernel_checksum_url: "{{ kolla_bifrost_ipa_kernel_upstream_url }}.sha256" # Algorithm of checksum of Ironic Python Agent (IPA) kernel image. -#kolla_bifrost_ipa_kernel_checksum_algorithm: +kolla_bifrost_ipa_kernel_checksum_algorithm: sha256 # URL of Ironic Python Agent (IPA) ramdisk image. kolla_bifrost_ipa_ramdisk_upstream_url: "{{ (stackhpc_ipa_image_url + '/ipa.initramfs') if stackhpc_ipa_image_bifrost_enabled | bool }}" # URL of checksum of Ironic Python Agent (IPA) ramdisk image. -#kolla_bifrost_ipa_ramdisk_checksum_url: +kolla_bifrost_ipa_ramdisk_checksum_url: "{{ kolla_bifrost_ipa_ramdisk_upstream_url }}.sha256" # Algorithm of checksum of Ironic Python Agent (IPA) ramdisk image. -#kolla_bifrost_ipa_ramdisk_checksum_algorithm: +kolla_bifrost_ipa_ramdisk_checksum_algorithm: sha256 ############################################################################### # Inventory configuration. diff --git a/etc/kayobe/environments/aufn-ceph/a-universe-from-nothing.sh b/etc/kayobe/environments/aufn-ceph/a-universe-from-nothing.sh index 4b35d3cf8..4c3f749b2 100755 --- a/etc/kayobe/environments/aufn-ceph/a-universe-from-nothing.sh +++ b/etc/kayobe/environments/aufn-ceph/a-universe-from-nothing.sh @@ -14,16 +14,23 @@ KAYOBE_BRANCH=stackhpc/2025.1 KAYOBE_CONFIG_BRANCH=stackhpc/2025.1 KAYOBE_ENVIRONMENT=aufn-ceph +if [[ ! -f $BASE_PATH/vault-pw ]]; then + echo "Vault password file not found at $BASE_PATH/vault-pw" + exit 1 +fi + # Install git and tmux. if $(which dnf 2>/dev/null >/dev/null); then sudo dnf -y install git tmux else sudo apt update - sudo apt -y install git tmux gcc libffi-dev python3-dev python-is-python3 + sudo apt -y install git tmux gcc libffi-dev python3-dev python-is-python3 python3-pip python3.12-venv fi +export KAYOBE_VAULT_PASSWORD=$(cat $BASE_PATH/vault-pw) + # Disable the firewall. -sudo systemctl is-enabled firewalld && sudo systemctl stop firewalld && sudo systemctl disable firewalld +sudo systemctl is-enabled firewalld && sudo systemctl stop firewalld && sudo systemctl disable firewalld || true # Disable SELinux both immediately and permanently. if $(which setenforce 2>/dev/null >/dev/null); then @@ -32,7 +39,7 @@ if $(which setenforce 2>/dev/null >/dev/null); then fi # Prevent sudo from performing DNS queries. -echo 'Defaults !fqdn' | sudo tee /etc/sudoers.d/no-fqdn +echo 'Defaults !fqdn' | sudo tee /etc/sudoers.d/no-fqdn # Clone repositories cd $BASE_PATH @@ -47,7 +54,7 @@ popd mkdir -p venvs pushd venvs if [[ ! -d kayobe ]]; then - python3 -m venv kayobe + python3.12 -m venv kayobe fi # NOTE: Virtualenv's activate and deactivate scripts reference an # unbound variable. @@ -55,7 +62,7 @@ set +u source kayobe/bin/activate set -u pip install -U pip -pip install ../src/kayobe +pip install -r ../src/kayobe-config/requirements.txt popd # Activate environment diff --git a/etc/kayobe/environments/aufn-ceph/compute.yml b/etc/kayobe/environments/aufn-ceph/compute.yml new file mode 100644 index 000000000..2d7da2e1e --- /dev/null +++ b/etc/kayobe/environments/aufn-ceph/compute.yml @@ -0,0 +1,15 @@ +--- +############################################################################### +# Compute node configuration. + +# User with which to access the computes via SSH during bootstrap, in order +# to setup the Kayobe user account. Default is {{ os_distribution }}. +compute_bootstrap_user: "{{ os_distribution if os_distribution == 'ubuntu' else 'cloud-user' }}" + +############################################################################### +# Compute node LVM configuration. + +# List of compute volume groups. See mrlesmithjr.manage-lvm role for +# format. +compute_lvm_groups: + - "{{ stackhpc_lvm_group_rootvg }}" diff --git a/etc/kayobe/environments/aufn-ceph/controllers.yml b/etc/kayobe/environments/aufn-ceph/controllers.yml new file mode 100644 index 000000000..026975e17 --- /dev/null +++ b/etc/kayobe/environments/aufn-ceph/controllers.yml @@ -0,0 +1,15 @@ +--- +############################################################################### +# Controller node configuration. + +# User with which to access the controllers via SSH during bootstrap, in order +# to setup the Kayobe user account. Default is {{ os_distribution }}. +controller_bootstrap_user: "{{ os_distribution if os_distribution == 'ubuntu' else 'cloud-user' }}" + +############################################################################### +# Controller node LVM configuration. + +# List of controller volume groups. See mrlesmithjr.manage-lvm role for +# format. +controller_lvm_groups: + - "{{ stackhpc_lvm_group_rootvg }}" diff --git a/etc/kayobe/environments/aufn-ceph/inventory/group_vars/all/lvm.yml b/etc/kayobe/environments/aufn-ceph/inventory/group_vars/all/lvm.yml new file mode 100644 index 000000000..b6e9f5438 --- /dev/null +++ b/etc/kayobe/environments/aufn-ceph/inventory/group_vars/all/lvm.yml @@ -0,0 +1,27 @@ +--- +############################################################################### +# StackHPC LVM Logical Volume (LV) configuration. + +# StackHPC LVM lv_swap LV size. +stackhpc_lvm_lv_swap_size: 120m + +# StackHPC LVM lv_root LV size. +stackhpc_lvm_lv_root_size: 1g + +# StackHPC LVM lv_tmp LV size. +stackhpc_lvm_lv_tmp_size: 1g + +# StackHPC LVM lv_var LV size. +stackhpc_lvm_lv_var_size: 2.5g + +# StackHPC LVM lv_var_tmp LV size. +stackhpc_lvm_lv_var_tmp_size: 1g + +# StackHPC LVM lv_log LV size. +stackhpc_lvm_lv_log_size: 1g + +# StackHPC LVM lv_audit LV size. +stackhpc_lvm_lv_audit_size: 120m + +# StackHPC LVM lv_home LV size. +stackhpc_lvm_lv_home_size: 1g diff --git a/etc/kayobe/environments/aufn-ceph/stackhpc-ci.yml b/etc/kayobe/environments/aufn-ceph/stackhpc-ci.yml new file mode 100644 index 000000000..1eae978db --- /dev/null +++ b/etc/kayobe/environments/aufn-ceph/stackhpc-ci.yml @@ -0,0 +1,20 @@ +--- +############################################################################### +# Kolla configuration. + +# Docker namespace to use for Kolla images. Default is 'kolla'. +kolla_docker_namespace: stackhpc-dev + +############################################################################### +# StackHPC configuration. + +# Use AIO credentials for access to Ark +# TODO: generate AUFN-specific credentials +stackhpc_release_pulp_username: "skc-ci-aio" +stackhpc_release_pulp_password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 31386366383365666135336331663635396237623139306362633933636233613765663731666338 + 3633633736333936383439623066653663333964343234350a393137383537316164323837386437 + 36613139323161643766666565643739373037623363636234343965343436653261326238393566 + 3837336661653962340a316631366463623138623530373133336665376433633437306631383666 + 30333461333535363433363336663664316634343432633766346564323833346663 diff --git a/etc/kayobe/environments/aufn-ceph/stackhpc.yml b/etc/kayobe/environments/aufn-ceph/stackhpc.yml index 0f31b2851..005e43b2f 100644 --- a/etc/kayobe/environments/aufn-ceph/stackhpc.yml +++ b/etc/kayobe/environments/aufn-ceph/stackhpc.yml @@ -8,8 +8,8 @@ kolla_docker_namespace: stackhpc-dev ############################################################################### # StackHPC configuration. -# Base URL of the StackHPC Test Pulp service. -stackhpc_release_pulp_url: "http://pulp-server.internal.sms-cloud:8080" - pulp_username: admin pulp_password: 9e4bfa04-9d9d-493d-9473-ba92e4361dae + +# Whether or not to download overcloud host images from Ark +stackhpc_download_overcloud_host_images: true diff --git a/etc/kayobe/environments/aufn-ceph/storage.yml b/etc/kayobe/environments/aufn-ceph/storage.yml index 4f69e973a..3cf1db9c1 100644 --- a/etc/kayobe/environments/aufn-ceph/storage.yml +++ b/etc/kayobe/environments/aufn-ceph/storage.yml @@ -1,10 +1,15 @@ --- +############################################################################### +# Storage node configuration. + +# User with which to access the storage nodes via SSH during bootstrap, in +# order to setup the Kayobe user account. Default is {{ os_distribution }}. +storage_bootstrap_user: "{{ os_distribution if os_distribution == 'ubuntu' else 'cloud-user' }}" + ############################################################################### # Storage node LVM configuration. # List of storage volume groups. See mrlesmithjr.manage-lvm role for # format. -# storage_lvm_groups: - -# Avoid undefined var which would result in 'LVM physical disks have not been configured' error -storage_lvm_groups: [] +storage_lvm_groups: + - "{{ stackhpc_lvm_group_rootvg }}" diff --git a/etc/kayobe/environments/aufn-ceph/tenks.yml b/etc/kayobe/environments/aufn-ceph/tenks.yml index 36d482b2c..173a1a97e 100644 --- a/etc/kayobe/environments/aufn-ceph/tenks.yml +++ b/etc/kayobe/environments/aufn-ceph/tenks.yml @@ -9,7 +9,7 @@ node_types: volumes: # There is a minimum disk space capacity requirement of 4GiB when using Ironic Python Agent: # https://github.com/openstack/ironic-python-agent/blob/master/ironic_python_agent/utils.py#L290 - - capacity: 20GiB + - capacity: 22GiB physical_networks: - provision-net - mgmt-net @@ -21,9 +21,10 @@ node_types: volumes: # There is a minimum disk space capacity requirement of 4GiB when using Ironic Python Agent: # https://github.com/openstack/ironic-python-agent/blob/master/ironic_python_agent/utils.py#L290 - - capacity: 15GiB + - capacity: 22GiB # Ceph volume - - capacity: 20GiB + # Must be larger than main disk, since Ceph will take the largest volume it can find + - capacity: 23GiB physical_networks: - provision-net - cloud-net @@ -34,7 +35,7 @@ node_types: volumes: # There is a minimum disk space capacity requirement of 4GiB when using Ironic Python Agent: # https://github.com/openstack/ironic-python-agent/blob/master/ironic_python_agent/utils.py#L290 - - capacity: 15GiB + - capacity: 22GiB physical_networks: - provision-net - cloud-net diff --git a/etc/kayobe/environments/aufn-ceph/time.yml b/etc/kayobe/environments/aufn-ceph/time.yml new file mode 100644 index 000000000..6c1bef686 --- /dev/null +++ b/etc/kayobe/environments/aufn-ceph/time.yml @@ -0,0 +1,3 @@ +--- +# Force system clock synchronisation +ntp_force_sync: True diff --git a/etc/kayobe/ipa.yml b/etc/kayobe/ipa.yml index ad4ca707c..bb9b33d96 100644 --- a/etc/kayobe/ipa.yml +++ b/etc/kayobe/ipa.yml @@ -91,10 +91,10 @@ ipa_build_dib_elements_extra: ipa_kernel_upstream_url: "{{ (stackhpc_ipa_image_url + '/ipa.kernel') if stackhpc_ipa_image_overcloud_enabled | bool }}" # URL of checksum of Ironic deployment kernel image. -#ipa_kernel_checksum_url: +ipa_kernel_checksum_url: "{{ ipa_kernel_upstream_url }}.sha256" # Algorithm of checksum of Ironic deployment kernel image. -#ipa_kernel_checksum_algorithm: +ipa_kernel_checksum_algorithm: sha256 # Name of Ironic deployment ramdisk image to register in Glance. #ipa_images_ramdisk_name: @@ -103,10 +103,10 @@ ipa_kernel_upstream_url: "{{ (stackhpc_ipa_image_url + '/ipa.kernel') if stackhp ipa_ramdisk_upstream_url: "{{ (stackhpc_ipa_image_url + '/ipa.initramfs') if stackhpc_ipa_image_overcloud_enabled | bool }}" # URL of checksum of Ironic deployment ramdisk image. -#ipa_ramdisk_checksum_url: +ipa_ramdisk_checksum_url: "{{ ipa_ramdisk_upstream_url }}.sha256" # Algorithm of checksum of Ironic deployment ramdisk image. -#ipa_ramdisk_checksum_algorithm: +ipa_ramdisk_checksum_algorithm: sha256 # IPA download parameters image_download_url_username: "{{ stackhpc_release_pulp_username }}" diff --git a/etc/kayobe/kolla-image-tags.yml b/etc/kayobe/kolla-image-tags.yml index 55f0c0970..d460f1f84 100644 --- a/etc/kayobe/kolla-image-tags.yml +++ b/etc/kayobe/kolla-image-tags.yml @@ -6,6 +6,9 @@ kolla_image_tags: openstack: rocky-9: 2025.1-rocky-9-20250616T133037 ubuntu-noble: 2025.1-ubuntu-noble-20250613T131221 + bifrost: + rocky-9: 2025.1-rocky-9-20250626T152358 + ubuntu-noble: 2025.1-ubuntu-noble-20250626T152358 neutron_metadata_agent: rocky-9: 2025.1-rocky-9-20250626T074649 ubuntu-noble: 2025.1-ubuntu-noble-20250626T074649 diff --git a/etc/kayobe/kolla.yml b/etc/kayobe/kolla.yml index 5e6a8b973..25beb5a87 100644 --- a/etc/kayobe/kolla.yml +++ b/etc/kayobe/kolla.yml @@ -116,6 +116,10 @@ kolla_tag: "{{ openstack_release }}-{{ kolla_base_distro }}-{{ kolla_base_distro # branches are only required when we have custom backports. For a new release, # we may have caught up with upstream. kolla_sources: + bifrost-base: + type: git + location: https://github.com/stackhpc/bifrost.git + reference: stackhpc/{{ openstack_release }} bifrost-base-additions-stackhpc-inspector-plugins: # Install our custom inspector plugins. type: git diff --git a/etc/kayobe/kolla/config/bifrost/bifrost.yml b/etc/kayobe/kolla/config/bifrost/bifrost.yml index 6310d4931..7e6d325a0 100644 --- a/etc/kayobe/kolla/config/bifrost/bifrost.yml +++ b/etc/kayobe/kolla/config/bifrost/bifrost.yml @@ -2,8 +2,10 @@ --- # Use prebuilt release train images from Ark. {% if stackhpc_download_overcloud_host_images | bool %} -use_cirros: true -cirros_deploy_image_upstream_url: "{{ stackhpc_overcloud_host_image_url }}" +download_custom_deploy_image: true +custom_deploy_image_checksum_algorithm: "sha256" +custom_deploy_image_upstream_url: "{{ stackhpc_overcloud_host_image_url }}" +custom_deploy_image_checksum_url: "{{ stackhpc_overcloud_host_image_url }}.sha256" {% endif %} # Disable debug logging to avoid generating large log files diff --git a/etc/kayobe/pulp-host-image-versions.yml b/etc/kayobe/pulp-host-image-versions.yml index 2d3dda5d2..4a189c65b 100644 --- a/etc/kayobe/pulp-host-image-versions.yml +++ b/etc/kayobe/pulp-host-image-versions.yml @@ -1,6 +1,5 @@ --- # Overcloud host image versioning tags # These images must be in SMS, since they are used by our AIO CI runners -#TODO: build epoxy images -stackhpc_rocky_9_overcloud_host_image_version: "master-20250213T092714" -stackhpc_ubuntu_noble_overcloud_host_image_version: "master-20250213T092714" +stackhpc_rocky_9_overcloud_host_image_version: "2025.1-20250620T125648" +stackhpc_ubuntu_noble_overcloud_host_image_version: "2025.1-20250620T125648" diff --git a/etc/kayobe/pulp-ipa-image-versions.yml b/etc/kayobe/pulp-ipa-image-versions.yml index 69c4d14ae..460d32843 100644 --- a/etc/kayobe/pulp-ipa-image-versions.yml +++ b/etc/kayobe/pulp-ipa-image-versions.yml @@ -1,5 +1,4 @@ --- # IPA image versioning tags -# TODO: Build real images -stackhpc_rocky_9_ipa_image_version: "2024.1-20241231T102920" -stackhpc_ubuntu_noble_ipa_image_version: "2024.1-20241206T160829" +stackhpc_rocky_9_ipa_image_version: "2025.1-20250618T103101" +stackhpc_ubuntu_noble_ipa_image_version: "2025.1-20250618T103101" diff --git a/etc/kayobe/pulp-repo-versions.yml b/etc/kayobe/pulp-repo-versions.yml index a7315553d..9457b357b 100644 --- a/etc/kayobe/pulp-repo-versions.yml +++ b/etc/kayobe/pulp-repo-versions.yml @@ -5,7 +5,7 @@ stackhpc_pulp_repo_centos_stream_9_docker_version: 20250531T002004 stackhpc_pulp_repo_centos_stream_9_nfv_openvswitch_version: 20250528T022338 stackhpc_pulp_repo_centos_stream_9_opstools_version: 20231213T031318 stackhpc_pulp_repo_centos_stream_9_storage_ceph_squid_version: 20250412T024303 -stackhpc_pulp_repo_docker_ce_ubuntu_noble_version: 20250604T001951 +stackhpc_pulp_repo_docker_ce_ubuntu_noble_version: 20250616T155742 stackhpc_pulp_repo_elrepo_9_version: 20250610T235426 stackhpc_pulp_repo_epel_9_version: 20250615T000221 stackhpc_pulp_repo_grafana_version: 20250615T005738 @@ -58,6 +58,6 @@ stackhpc_pulp_repo_rocky_9_6_crb_version: 20250614T015933 stackhpc_pulp_repo_rocky_9_6_extras_version: 20250605T150141 stackhpc_pulp_repo_rocky_9_6_highavailability_version: 20250605T150141 stackhpc_pulp_repo_rocky_9_sig_security_common_version: 20250222T040303 -stackhpc_pulp_repo_ubuntu_cloud_archive_version: 20250609T053359 -stackhpc_pulp_repo_ubuntu_noble_security_version: 20250609T094526 -stackhpc_pulp_repo_ubuntu_noble_version: 20250609T094526 +stackhpc_pulp_repo_ubuntu_cloud_archive_version: 20250620T063939 +stackhpc_pulp_repo_ubuntu_noble_security_version: 20250620T113028 +stackhpc_pulp_repo_ubuntu_noble_version: 20250620T113028 diff --git a/requirements.txt b/requirements.txt index d5f6016d9..3bf1d708e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1,4 @@ kayobe@git+https://github.com/stackhpc/kayobe@stackhpc/18.1.0.4 ansible-modules-hashivault>=5.3.0 +pulp-glue<0.32,>=0.29.2 jmespath