diff --git a/.ansible-lint-ignore b/.ansible-lint-ignore index aa444047f..4f302a2de 100644 --- a/.ansible-lint-ignore +++ b/.ansible-lint-ignore @@ -5,3 +5,5 @@ etc/kayobe/ansible/vault-generate-internal-tls.yml fqcn[action-core] etc/kayobe/ansible/vault-generate-test-external-tls.yml fqcn[action-core] etc/kayobe/ansible/rabbitmq-reset.yml command-instead-of-module etc/kayobe/ansible/ubuntu-upgrade.yml syntax-check[missing-file] +etc/kayobe/ansible/check-kayobe-version.yml command-instead-of-module +etc/kayobe/ansible/check-kolla-ansible-version.yml command-instead-of-module diff --git a/.github/workflows/runner-selector.yml b/.github/workflows/runner-selector.yml index 5c7907582..f825ec604 100644 --- a/.github/workflows/runner-selector.yml +++ b/.github/workflows/runner-selector.yml @@ -37,7 +37,7 @@ jobs: - name: Set output for container image build runner run: echo "Setting runner for ${{ inputs.runner_env }} -> ${{ vars.RUNS_ON_TARGET_CONTAINER_IMAGE_BUILDER }}" - + - id: container-image-build-runner run: echo "runner_name_container_image_build=${{ vars.RUNS_ON_TARGET_CONTAINER_IMAGE_BUILDER }}" >> $GITHUB_OUTPUT diff --git a/.github/workflows/stackhpc-all-in-one.yml b/.github/workflows/stackhpc-all-in-one.yml index 205a20924..75d191098 100644 --- a/.github/workflows/stackhpc-all-in-one.yml +++ b/.github/workflows/stackhpc-all-in-one.yml @@ -7,11 +7,10 @@ name: All in one on: workflow_call: inputs: - runner: - required: false + runner_env: + description: Which cloud to run on? type: string - description: 'Runner name' - default: 'arc-skc-aio-runner' + default: SMS Lab kayobe_image: description: Kayobe container image type: string @@ -40,18 +39,6 @@ on: description: Default network interface name type: string default: ens3 - vm_flavor: - description: Flavor for the all-in-one VM - type: string - default: en1.medium - vm_network: - description: Network for the all-in-one VM - type: string - default: stackhpc-ci - vm_subnet: - description: Subnet for the all-in-one VM - type: string - default: stackhpc-ci OS_CLOUD: description: Name of cloud in clouds.yaml type: string @@ -87,11 +74,18 @@ on: required: true jobs: + runner-selection: + uses: ./.github/workflows/runner-selector.yml + with: + runner_env: ${{ inputs.upgrade == true && 'Leafcloud' || inputs.runner_env }} # NOTE: Runner needs unzip and nodejs packages. all-in-one: name: All in one if: ${{ inputs.if && !cancelled() }} - runs-on: ${{ inputs.runner }} + environment: ${{ inputs.upgrade == true && 'Leafcloud' || inputs.runner_env }} + runs-on: ${{ needs.runner-selection.outputs.runner_name_aio }} + needs: + - runner-selection permissions: {} env: KAYOBE_ENVIRONMENT: ci-aio @@ -170,9 +164,9 @@ jobs: aio_vm_interface = "${{ env.VM_INTERFACE }}" aio_vm_name = "${{ env.VM_NAME }}" aio_vm_image = "${{ env.VM_IMAGE }}" - aio_vm_flavor = "${{ env.VM_FLAVOR }}" - aio_vm_network = "${{ env.VM_NETWORK }}" - aio_vm_subnet = "${{ env.VM_SUBNET }}" + aio_vm_flavor = "${{ vars.HOST_IMAGE_BUILD_FLAVOR }}" + aio_vm_network = "${{ vars.HOST_IMAGE_BUILD_NETWORK }}" + aio_vm_subnet = "${{ vars.HOST_IMAGE_BUILD_SUBNET }}" aio_vm_volume_size = "${{ env.VM_VOLUME_SIZE }}" aio_vm_tags = ${{ env.VM_TAGS }} EOF @@ -181,9 +175,6 @@ jobs: SSH_USERNAME: "${{ inputs.ssh_username }}" VM_NAME: "skc-ci-aio-${{ inputs.neutron_plugin }}-${{ github.run_id }}" VM_IMAGE: ${{ steps.image_name.outputs.image_name }} - VM_FLAVOR: ${{ inputs.vm_flavor }} - VM_NETWORK: ${{ inputs.vm_network }} - VM_SUBNET: ${{ inputs.vm_subnet }} VM_INTERFACE: ${{ inputs.vm_interface }} VM_VOLUME_SIZE: ${{ inputs.upgrade && '65' || '50' }} VM_TAGS: '["skc-ci-aio", "PR=${{ github.event.number }}"]' @@ -192,7 +183,7 @@ jobs: run: terraform plan working-directory: ${{ github.workspace }}/terraform/aio env: - OS_CLOUD: ${{ inputs.OS_CLOUD }} + OS_CLOUD: ${{ vars.OS_CLOUD }} OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }} OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }} @@ -213,7 +204,7 @@ jobs: exit 1 working-directory: ${{ github.workspace }}/terraform/aio env: - OS_CLOUD: ${{ inputs.OS_CLOUD }} + OS_CLOUD: ${{ vars.OS_CLOUD }} OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }} OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }} @@ -517,7 +508,7 @@ jobs: run: terraform destroy -auto-approve working-directory: ${{ github.workspace }}/terraform/aio env: - OS_CLOUD: ${{ inputs.OS_CLOUD }} + OS_CLOUD: ${{ vars.OS_CLOUD }} OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }} OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }} if: always() diff --git a/.github/workflows/stackhpc-pull-request.yml b/.github/workflows/stackhpc-pull-request.yml index f172e70ad..c178844c3 100644 --- a/.github/workflows/stackhpc-pull-request.yml +++ b/.github/workflows/stackhpc-pull-request.yml @@ -130,23 +130,6 @@ jobs: secrets: inherit if: ${{ ! failure() && ! cancelled() && github.repository == 'stackhpc/stackhpc-kayobe-config' }} - all-in-one-ubuntu-jammy-ovs: - name: aio (Ubuntu Jammy OVS) - needs: - - check-changes - - build-kayobe-image - uses: ./.github/workflows/stackhpc-all-in-one.yml - with: - kayobe_image: ${{ needs.build-kayobe-image.outputs.kayobe_image }} - os_distribution: ubuntu - os_release: jammy - ssh_username: ubuntu - neutron_plugin: ovs - OS_CLOUD: openstack - if: ${{ needs.check-changes.outputs.aio == 'true' }} - secrets: inherit - if: ${{ ! failure() && ! cancelled() && github.repository == 'stackhpc/stackhpc-kayobe-config' }} - all-in-one-ubuntu-jammy-ovn: name: aio (Ubuntu Jammy OVN) needs: @@ -164,23 +147,6 @@ jobs: secrets: inherit if: ${{ ! failure() && ! cancelled() && github.repository == 'stackhpc/stackhpc-kayobe-config' }} - all-in-one-ubuntu-noble-ovs: - name: aio (Ubuntu Noble OVS) - needs: - - check-changes - - build-kayobe-image - uses: ./.github/workflows/stackhpc-all-in-one.yml - with: - kayobe_image: ${{ needs.build-kayobe-image.outputs.kayobe_image }} - os_distribution: ubuntu - os_release: noble - ssh_username: ubuntu - neutron_plugin: ovs - OS_CLOUD: openstack - if: ${{ needs.check-changes.outputs.aio == 'true' }} - secrets: inherit - if: ${{ ! failure() && ! cancelled() && github.repository == 'stackhpc/stackhpc-kayobe-config' }} - all-in-one-ubuntu-noble-ovn: name: aio (Ubuntu Noble OVN) needs: @@ -232,10 +198,10 @@ jobs: secrets: inherit if: ${{ ! failure() && ! cancelled() && github.repository == 'stackhpc/stackhpc-kayobe-config' }} - # Test two upgrade scenarios: Ubuntu Jammy OVS and Rocky 9 OVN. + # Test upgrade scenarios - all-in-one-upgrade-ubuntu-jammy-ovs: - name: aio upgrade (Ubuntu Jammy OVS) + all-in-one-upgrade-ubuntu-jammy-ovn: + name: aio upgrade (Ubuntu Jammy OVN) needs: - check-changes - build-kayobe-image @@ -245,7 +211,7 @@ jobs: os_distribution: ubuntu os_release: jammy ssh_username: ubuntu - neutron_plugin: ovs + neutron_plugin: ovn OS_CLOUD: openstack if: ${{ needs.check-changes.outputs.aio == 'true' }} upgrade: true @@ -269,3 +235,21 @@ jobs: upgrade: true secrets: inherit if: ${{ ! failure() && ! cancelled() && github.repository == 'stackhpc/stackhpc-kayobe-config' }} + + all-in-one-upgrade-rocky-9-ovs: + name: aio upgrade (Rocky 9 OVS) + needs: + - check-changes + - build-kayobe-image + uses: ./.github/workflows/stackhpc-all-in-one.yml + with: + kayobe_image: ${{ needs.build-kayobe-image.outputs.kayobe_image }} + os_distribution: rocky + os_release: "9" + ssh_username: cloud-user + neutron_plugin: ovs + OS_CLOUD: openstack + if: ${{ needs.check-changes.outputs.aio == 'true' }} + upgrade: true + secrets: inherit + if: ${{ ! failure() && ! cancelled() && github.repository == 'stackhpc/stackhpc-kayobe-config' }} diff --git a/.github/workflows/update-dependencies.yml b/.github/workflows/update-dependencies.yml index dea909df5..8ae3eb9ca 100644 --- a/.github/workflows/update-dependencies.yml +++ b/.github/workflows/update-dependencies.yml @@ -14,6 +14,7 @@ on: jobs: propose_github_release_updates: + if: github.repository == 'stackhpc/stackhpc-kayobe-config' runs-on: ubuntu-22.04 strategy: matrix: diff --git a/.github/workflows/upstream-sync.yml b/.github/workflows/upstream-sync.yml new file mode 100644 index 000000000..92e5c1f54 --- /dev/null +++ b/.github/workflows/upstream-sync.yml @@ -0,0 +1,38 @@ +--- +name: Upstream Sync +'on': + schedule: + - cron: "15 8 * * 1" + workflow_dispatch: +permissions: + contents: write + pull-requests: write +jobs: + synchronise-2023-1: + if: github.repository == 'stackhpc/stackhpc-kayobe-config' + name: Synchronise 2023.1 + uses: stackhpc/.github/.github/workflows/upstream-sync.yml@main + with: + release_series: 2023.1 + upstream: openstack/kayobe-config + synchronise-2024-1: + if: github.repository == 'stackhpc/stackhpc-kayobe-config' + name: Synchronise 2024.1 + uses: stackhpc/.github/.github/workflows/upstream-sync.yml@main + with: + release_series: 2024.1 + upstream: openstack/kayobe-config + synchronise-2025-1: + if: github.repository == 'stackhpc/stackhpc-kayobe-config' + name: Synchronise 2025.1 + uses: stackhpc/.github/.github/workflows/upstream-sync.yml@main + with: + release_series: 2025.1 + upstream: openstack/kayobe-config + synchronise-master: + if: github.repository == 'stackhpc/stackhpc-kayobe-config' + name: Synchronise master + uses: stackhpc/.github/.github/workflows/upstream-sync.yml@main + with: + release_series: master + upstream: openstack/kayobe-config diff --git a/doc/source/configuration/ipa.rst b/doc/source/configuration/ipa.rst index c55b91040..5ff239030 100644 --- a/doc/source/configuration/ipa.rst +++ b/doc/source/configuration/ipa.rst @@ -11,7 +11,7 @@ StackHPC provides prebuilt Ironic Python Agent (IPA) images in Release Train through Ark. These images are built in CI using a GitHub workflow and are configured in this -repository. See :kayobe-doc: `Kayobe documentation +repository. See :kayobe-doc:`Kayobe documentation ` for more details on IPA. Release Train IPA images are used by Bifrost and Overcloud Ironic by default in diff --git a/doc/source/configuration/release-train.rst b/doc/source/configuration/release-train.rst index 5ed9b50c7..ad489f502 100644 --- a/doc/source/configuration/release-train.rst +++ b/doc/source/configuration/release-train.rst @@ -52,16 +52,29 @@ The Pulp container is deployed on the seed by default, but may be disabled by setting ``seed_pulp_container_enabled`` to ``false`` in ``etc/kayobe/seed.yml``. -The URL and credentials of the local Pulp server are configured in -``etc/kayobe/pulp.yml`` via ``pulp_url``, ``pulp_username`` and -``pulp_password``. In most cases, the default values should be sufficient. -An admin password must be generated and set as the value of a -``secrets_pulp_password`` variable, typically in an Ansible Vault encrypted -``etc/kayobe/secrets.yml`` file. This password will be automatically set on -Pulp startup. - -If a proxy is required to access the Internet from the seed, ``pulp_proxy_url`` -may be used. +The URL for the local Pulp server is configured by ``pulp_url`` within +``etc/kayobe/pulp.yml``. + +The Pulp service can be configured with two sets of credentials; one for +administrator operations and another read-only for overcloud hosts +to use. +The administrator credentials can be configured ``pulp_username``, +``pulp_password`` +The basic user account credentials can be configured with ``pulp_stack_username`` +and ``pulp_stack_password``. +Both sets of credentials can be found within ``etc/kayobe/pulp.yml``. + +Both the ``pulp_password`` and ``pulp_stack_password`` are intended to be +configured via their ``secrets_*`` counterparts, i.e. +``secrets_pulp_password`` and ``secrets_pulp_stack_password``. These variables +are expected to be set in an Ansible Vault encrypted +``etc/kayobe/secrets.yml`` file. + +Passwords can be generated using ``OpenSSL`` + +.. code-block:: console + + openssl rand -base64 32 Host images are not synchronised to the local Pulp server, since they should only be pulled to the seed node once. More information on host images can be diff --git a/etc/kayobe/ansible/cephadm-gather-keys.yml b/etc/kayobe/ansible/cephadm-gather-keys.yml index e4b8da206..1b36f8bdd 100644 --- a/etc/kayobe/ansible/cephadm-gather-keys.yml +++ b/etc/kayobe/ansible/cephadm-gather-keys.yml @@ -68,6 +68,7 @@ # Kolla Ansible's merge_configs module does not like the leading tabs in ceph.conf. content: | {{ cephadm_ceph_conf.stdout | regex_replace('\t') }} + {{ kolla_ceph_conf_append if kolla_ceph_conf_append is defined }} dest: "{{ kayobe_env_config_path }}/kolla/config/{{ kolla_service_to_conf_dir[item.0.name] }}/ceph.conf" loop: "{{ query('subelements', kolla_ceph_services | selectattr('required'), 'keys') }}" loop_control: diff --git a/etc/kayobe/ansible/check-kayobe-version.yml b/etc/kayobe/ansible/check-kayobe-version.yml new file mode 100644 index 000000000..b527fc5d8 --- /dev/null +++ b/etc/kayobe/ansible/check-kayobe-version.yml @@ -0,0 +1,62 @@ +--- +- name: Check Kayobe version + tags: kayobe-version-check + hosts: localhost + gather_facts: false + vars: + requirements_path: "{{ kayobe_config_path }}/../../requirements.txt" + tasks: + - name: Check version + when: stackhpc_enable_kayobe_check + check_mode: false + block: + - name: Get package info + community.general.pip_package_info: + register: packages + + - name: Check if pip is version 24.0 or newer + ansible.builtin.assert: + that: "{{ packages.packages.pip.pip[0].version is version('24.0', '>=') }}" + fail_msg: | + Pip must be 24.0 or newer to run this check. Upgrade pip by running + pip install -U pip and reinstall Kayobe by running: + pip install --force-reinstall -r {{ requirements_path }} + + - name: Get installed Kayobe commit + ansible.builtin.shell: + cmd: set -o pipefail && pip freeze | grep kayobe | cut -d @ -f 3 + executable: /usr/bin/bash + register: kayobe_git_commit + failed_when: kayobe_git_commit.stdout == "" + + - name: Clone Kayobe + ansible.builtin.git: + repo: https://github.com/stackhpc/kayobe.git + dest: /tmp/kayobe-git + version: stackhpc/{{ openstack_release }} + + - name: Get tag from Kayobe commit + ansible.builtin.command: + cmd: git describe --tags {{ kayobe_git_commit.stdout }} + chdir: /tmp/kayobe-git + register: kayobe_current_version + + - name: Get latest Kayobe version + ansible.builtin.shell: + cmd: set -o pipefail && grep -o kayobe@stackhpc\/.*$ {{ requirements_path }} | cut -d @ -f 2 + executable: /usr/bin/bash + register: kayobe_latest_version + + - name: Check installed Kayobe version is the latest + ansible.builtin.assert: + that: "kayobe_latest_version.stdout in kayobe_current_version.stdout" + fail_msg: | + Kayobe must use the expected version before continuing. + + Current Kayobe version: {{ kayobe_current_version.stdout }} + Expected Kayobe version: {{ kayobe_latest_version.stdout }} + + Recreate the Kayobe environment, or install the expected version + by running: pip install --force-reinstall -r {{ requirements_path }} + success_msg: | + Kayobe running at version: {{ kayobe_current_version.stdout }} diff --git a/etc/kayobe/ansible/check-kolla-ansible-version.yml b/etc/kayobe/ansible/check-kolla-ansible-version.yml new file mode 100644 index 000000000..e6bfd92fd --- /dev/null +++ b/etc/kayobe/ansible/check-kolla-ansible-version.yml @@ -0,0 +1,28 @@ +--- +- name: Check Kolla-Ansible version + tags: kolla-ansible-version-check + hosts: localhost + gather_facts: false + tasks: + - name: Check version + when: stackhpc_enable_kolla_ansible_check + check_mode: false + block: + - name: Get current Kolla-Ansible tag + ansible.builtin.command: + cmd: git describe --tags + chdir: "{{ lookup('ansible.builtin.env', 'KOLLA_SOURCE_PATH') }}" + register: kolla_ansible_current_version + + - name: Check installed Kolla-Ansible version is the expected version + ansible.builtin.assert: + that: "stackhpc_kolla_ansible_source_version in kolla_ansible_current_version.stdout" + fail_msg: | + Kolla-Ansible must use the expected version before continuing. + + Current Kolla-Ansible version: {{ kolla_ansible_current_version.stdout }} + Expected Kolla-Ansible version: {{ stackhpc_kolla_ansible_source_version }} + + Upgrade Kolla-Ansible by running: kayobe control host upgrade + success_msg: | + Kolla-Ansible running at version: {{ kolla_ansible_current_version.stdout }} diff --git a/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml b/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml index c70e54194..e7c0cf254 100644 --- a/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml +++ b/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml @@ -107,7 +107,7 @@ - name: Ensure radosgw_usage_exporter container is running community.docker.docker_container: name: radosgw_usage_exporter - image: ghcr.io/stackhpc/radosgw_usage_exporter:v0.1.1 + image: ghcr.io/stackhpc/radosgw_usage_exporter:v0.1.3 network_mode: host env: RADOSGW_SERVER: "{{ radosgw_server }}" diff --git a/etc/kayobe/ansible/pci-passthrough.yml b/etc/kayobe/ansible/pci-passthrough.yml index 59803ccf3..392713c35 100644 --- a/etc/kayobe/ansible/pci-passthrough.yml +++ b/etc/kayobe/ansible/pci-passthrough.yml @@ -11,7 +11,7 @@ vfio_pci_ids: |- {% set gpu_list = [] %} {% set output = [] %} - {% for gpu_group in gpu_group_map | dict2items | default([]) %} + {% for gpu_group in (gpu_group_map | default({})) | dict2items %} {% if gpu_group.key in group_names %} {% set _ = gpu_list.append(gpu_group.value) %} {% endif %} diff --git a/etc/kayobe/ansible/smartmon-tools.yml b/etc/kayobe/ansible/smartmon-tools.yml index 351ce0325..c6fa35acc 100644 --- a/etc/kayobe/ansible/smartmon-tools.yml +++ b/etc/kayobe/ansible/smartmon-tools.yml @@ -15,10 +15,8 @@ - name: Ensure Python 3, venv, and pip are installed ansible.builtin.package: - name: - - python3 - - python3-venv - - python3-pip + name: > + {{ ['python3', 'python3-pip'] + (['python3-venv'] if ansible_facts['distribution'] == 'Ubuntu' else []) }} state: present become: true diff --git a/etc/kayobe/cephadm.yml b/etc/kayobe/cephadm.yml index c9e0990ee..0da68b8e2 100644 --- a/etc/kayobe/cephadm.yml +++ b/etc/kayobe/cephadm.yml @@ -12,7 +12,7 @@ cephadm_ceph_release: "{{ 'squid' if os_release == 'noble' else 'reef' }}" cephadm_image: "{{ stackhpc_docker_registry if stackhpc_sync_ceph_images | bool else 'quay.io' }}/ceph/ceph:{{ cephadm_image_tag }}" # Ceph container image tag. -cephadm_image_tag: "{{ 'v19.2.1' if cephadm_ceph_release == 'squid' else 'v18.2.4' }}" +cephadm_image_tag: "{{ 'v19.2.1' if cephadm_ceph_release == 'squid' else 'v18.2.7' }}" # Ceph custom repo workaround for Ubuntu as there are no official ceph repos for Ubuntu Jammy and Noble. cephadm_custom_repos: "{{ ansible_facts['distribution'] == 'Ubuntu' }}" @@ -136,3 +136,6 @@ kolla_ceph_manila_required: "{{ kolla_enable_manila | bool }}" # Whether to generate Ceph configuration for Nova. kolla_ceph_nova_required: "{{ kolla_enable_nova | bool }}" + +# A (multiline) string to append to all Ceph configuration files. +#kolla_ceph_conf_append: diff --git a/etc/kayobe/containers/pulp/post.yml b/etc/kayobe/containers/pulp/post.yml index 967c4e37d..7a4e7e595 100644 --- a/etc/kayobe/containers/pulp/post.yml +++ b/etc/kayobe/containers/pulp/post.yml @@ -28,6 +28,18 @@ - stackhpc_pulp_sync_for_local_container_build | bool - pulp_settings.changed +- name: Ensure Pulp stack user exists + ansible.builtin.include_role: + name: stackhpc.pulp.pulp_user + vars: + pulp_users: + - username: "{{ pulp_stack_username }}" + password: "{{ pulp_stack_password }}" + is_staff: false + when: + - pulp_stack_username is defined and pulp_stack_username | length > 0 + - pulp_stack_password is defined and pulp_stack_password | length > 0 + - name: Login to docker registry docker_login: registry_url: "{{ kolla_docker_registry or omit }}" diff --git a/etc/kayobe/environments/aufn-ceph/a-universe-from-nothing.sh b/etc/kayobe/environments/aufn-ceph/a-universe-from-nothing.sh index f8014b146..9dbbeb990 100755 --- a/etc/kayobe/environments/aufn-ceph/a-universe-from-nothing.sh +++ b/etc/kayobe/environments/aufn-ceph/a-universe-from-nothing.sh @@ -50,7 +50,7 @@ if [[ ! -d kayobe ]]; then python3 -m venv kayobe fi # NOTE: Virtualenv's activate and deactivate scripts reference an -# unbound variable. +# unbound variable. set +u source kayobe/bin/activate set -u @@ -121,7 +121,7 @@ deactivate set -u $KAYOBE_CONFIG_PATH/environments/$KAYOBE_ENVIRONMENT/configure-openstack.sh $BASE_PATH -# Create a test vm +# Create a test vm VENV_DIR=$BASE_PATH/venvs/openstack if [[ ! -d $VENV_DIR ]]; then python3 -m venv $VENV_DIR diff --git a/etc/kayobe/environments/aufn-ceph/configure-openstack.sh b/etc/kayobe/environments/aufn-ceph/configure-openstack.sh index 1c7433e8a..3bac0a351 100755 --- a/etc/kayobe/environments/aufn-ceph/configure-openstack.sh +++ b/etc/kayobe/environments/aufn-ceph/configure-openstack.sh @@ -6,13 +6,13 @@ cd $BASE_PATH/src/ [[ -d openstack-config ]] || git clone https://github.com/stackhpc/openstack-config-multinode.git openstack-config cd openstack-config if [[ ! -d $VENV_DIR ]]; then - # Using virtualenv causes a strange bug with python3.6 where + # Using virtualenv causes a strange bug with python3.6 where # nested virtual env creation leads to envs without pip... # virtualenv $VENV_DIR python3 -m venv $VENV_DIR fi -# NOTE: Virtualenv's activate and deactivate scripts reference an unbound variable. +# NOTE: Virtualenv's activate and deactivate scripts reference an unbound variable. set +u source $VENV_DIR/bin/activate set -u diff --git a/etc/kayobe/environments/ci-multinode/inventory/group_vars/all/vxlan.yml b/etc/kayobe/environments/ci-multinode/inventory/group_vars/all/vxlan.yml index 808c78034..fe92c42a0 100644 --- a/etc/kayobe/environments/ci-multinode/inventory/group_vars/all/vxlan.yml +++ b/etc/kayobe/environments/ci-multinode/inventory/group_vars/all/vxlan.yml @@ -15,4 +15,4 @@ vxlan_vni: # This is a dictionary of interfaces to be created by the stackhpc.vxlan role. vxlan_interfaces: - device: "vxlan{{ vxlan_vni }}" - group: "{{ '239.0.0.0/8' | next_nth_usable(vxlan_vni) }}" + group: "{{ '239.0.0.0/8' | ansible.utils.next_nth_usable(vxlan_vni) }}" diff --git a/etc/kayobe/environments/ci-multinode/kolla/config/keepalived/keepalived.conf b/etc/kayobe/environments/ci-multinode/kolla/config/keepalived/keepalived.conf index 7a18dbbcf..71b1682cb 100644 --- a/etc/kayobe/environments/ci-multinode/kolla/config/keepalived/keepalived.conf +++ b/etc/kayobe/environments/ci-multinode/kolla/config/keepalived/keepalived.conf @@ -12,7 +12,7 @@ vrrp_instance kolla_internal_vip_{{ keepalived_virtual_router_id }} { interface {{ api_interface }} virtual_router_id {{ keepalived_virtual_router_id }} priority {{ groups['loadbalancer'].index(inventory_hostname) + 1 }} - advert_int 3 # Increase advert interval from 1 to 3 as there was a lot of jumping amongst controllers on the internal network + advert_int 3 # Increase advert interval from 1 to 3 as there was a lot of jumping amongst controllers on the internal network {% if keepalived_traffic_mode == 'unicast' %} unicast_src_ip {{ api_interface_address }} {% if groups['loadbalancer'] | length > 1 %} diff --git a/etc/kayobe/hooks/control-host-bootstrap/pre.d/check-kayobe-version.yml b/etc/kayobe/hooks/control-host-bootstrap/pre.d/check-kayobe-version.yml new file mode 120000 index 000000000..bec8ed4c6 --- /dev/null +++ b/etc/kayobe/hooks/control-host-bootstrap/pre.d/check-kayobe-version.yml @@ -0,0 +1 @@ +../../../ansible/check-kayobe-version.yml \ No newline at end of file diff --git a/etc/kayobe/hooks/control-host-upgrade/pre.d/check-kayobe-version.yml b/etc/kayobe/hooks/control-host-upgrade/pre.d/check-kayobe-version.yml new file mode 120000 index 000000000..bec8ed4c6 --- /dev/null +++ b/etc/kayobe/hooks/control-host-upgrade/pre.d/check-kayobe-version.yml @@ -0,0 +1 @@ +../../../ansible/check-kayobe-version.yml \ No newline at end of file diff --git a/etc/kayobe/hooks/infra-vm-host-configure/pre.d/check-kayobe-version.yml b/etc/kayobe/hooks/infra-vm-host-configure/pre.d/check-kayobe-version.yml new file mode 120000 index 000000000..bec8ed4c6 --- /dev/null +++ b/etc/kayobe/hooks/infra-vm-host-configure/pre.d/check-kayobe-version.yml @@ -0,0 +1 @@ +../../../ansible/check-kayobe-version.yml \ No newline at end of file diff --git a/etc/kayobe/hooks/infra-vm-host-configure/pre.d/check-kolla-ansible-version.yml b/etc/kayobe/hooks/infra-vm-host-configure/pre.d/check-kolla-ansible-version.yml new file mode 120000 index 000000000..0f7651f53 --- /dev/null +++ b/etc/kayobe/hooks/infra-vm-host-configure/pre.d/check-kolla-ansible-version.yml @@ -0,0 +1 @@ +../../../ansible/check-kolla-ansible-version.yml \ No newline at end of file diff --git a/etc/kayobe/hooks/infra-vm-service-deploy/pre.d/check-kayobe-version.yml b/etc/kayobe/hooks/infra-vm-service-deploy/pre.d/check-kayobe-version.yml new file mode 120000 index 000000000..bec8ed4c6 --- /dev/null +++ b/etc/kayobe/hooks/infra-vm-service-deploy/pre.d/check-kayobe-version.yml @@ -0,0 +1 @@ +../../../ansible/check-kayobe-version.yml \ No newline at end of file diff --git a/etc/kayobe/hooks/infra-vm-service-deploy/pre.d/check-kolla-ansible-version.yml b/etc/kayobe/hooks/infra-vm-service-deploy/pre.d/check-kolla-ansible-version.yml new file mode 120000 index 000000000..0f7651f53 --- /dev/null +++ b/etc/kayobe/hooks/infra-vm-service-deploy/pre.d/check-kolla-ansible-version.yml @@ -0,0 +1 @@ +../../../ansible/check-kolla-ansible-version.yml \ No newline at end of file diff --git a/etc/kayobe/hooks/overcloud-host-configure/pre.d/check-kayobe-version.yml b/etc/kayobe/hooks/overcloud-host-configure/pre.d/check-kayobe-version.yml new file mode 120000 index 000000000..bec8ed4c6 --- /dev/null +++ b/etc/kayobe/hooks/overcloud-host-configure/pre.d/check-kayobe-version.yml @@ -0,0 +1 @@ +../../../ansible/check-kayobe-version.yml \ No newline at end of file diff --git a/etc/kayobe/hooks/overcloud-host-configure/pre.d/check-kolla-ansible-version.yml b/etc/kayobe/hooks/overcloud-host-configure/pre.d/check-kolla-ansible-version.yml new file mode 120000 index 000000000..0f7651f53 --- /dev/null +++ b/etc/kayobe/hooks/overcloud-host-configure/pre.d/check-kolla-ansible-version.yml @@ -0,0 +1 @@ +../../../ansible/check-kolla-ansible-version.yml \ No newline at end of file diff --git a/etc/kayobe/hooks/overcloud-host-upgrade/pre.d/check-kayobe-version.yml b/etc/kayobe/hooks/overcloud-host-upgrade/pre.d/check-kayobe-version.yml new file mode 120000 index 000000000..bec8ed4c6 --- /dev/null +++ b/etc/kayobe/hooks/overcloud-host-upgrade/pre.d/check-kayobe-version.yml @@ -0,0 +1 @@ +../../../ansible/check-kayobe-version.yml \ No newline at end of file diff --git a/etc/kayobe/hooks/overcloud-host-upgrade/pre.d/check-kolla-ansible-version.yml b/etc/kayobe/hooks/overcloud-host-upgrade/pre.d/check-kolla-ansible-version.yml new file mode 120000 index 000000000..0f7651f53 --- /dev/null +++ b/etc/kayobe/hooks/overcloud-host-upgrade/pre.d/check-kolla-ansible-version.yml @@ -0,0 +1 @@ +../../../ansible/check-kolla-ansible-version.yml \ No newline at end of file diff --git a/etc/kayobe/hooks/overcloud-service-deploy/pre.d/check-kayobe-version.yml b/etc/kayobe/hooks/overcloud-service-deploy/pre.d/check-kayobe-version.yml new file mode 120000 index 000000000..bec8ed4c6 --- /dev/null +++ b/etc/kayobe/hooks/overcloud-service-deploy/pre.d/check-kayobe-version.yml @@ -0,0 +1 @@ +../../../ansible/check-kayobe-version.yml \ No newline at end of file diff --git a/etc/kayobe/hooks/overcloud-service-deploy/pre.d/check-kolla-ansible-version.yml b/etc/kayobe/hooks/overcloud-service-deploy/pre.d/check-kolla-ansible-version.yml new file mode 120000 index 000000000..0f7651f53 --- /dev/null +++ b/etc/kayobe/hooks/overcloud-service-deploy/pre.d/check-kolla-ansible-version.yml @@ -0,0 +1 @@ +../../../ansible/check-kolla-ansible-version.yml \ No newline at end of file diff --git a/etc/kayobe/hooks/overcloud-service-reconfigure/pre.d/check-kayobe-version.yml b/etc/kayobe/hooks/overcloud-service-reconfigure/pre.d/check-kayobe-version.yml new file mode 120000 index 000000000..bec8ed4c6 --- /dev/null +++ b/etc/kayobe/hooks/overcloud-service-reconfigure/pre.d/check-kayobe-version.yml @@ -0,0 +1 @@ +../../../ansible/check-kayobe-version.yml \ No newline at end of file diff --git a/etc/kayobe/hooks/overcloud-service-reconfigure/pre.d/check-kolla-ansible-version.yml b/etc/kayobe/hooks/overcloud-service-reconfigure/pre.d/check-kolla-ansible-version.yml new file mode 120000 index 000000000..0f7651f53 --- /dev/null +++ b/etc/kayobe/hooks/overcloud-service-reconfigure/pre.d/check-kolla-ansible-version.yml @@ -0,0 +1 @@ +../../../ansible/check-kolla-ansible-version.yml \ No newline at end of file diff --git a/etc/kayobe/hooks/overcloud-service-upgrade/pre.d/check-kayobe-version.yml b/etc/kayobe/hooks/overcloud-service-upgrade/pre.d/check-kayobe-version.yml new file mode 120000 index 000000000..bec8ed4c6 --- /dev/null +++ b/etc/kayobe/hooks/overcloud-service-upgrade/pre.d/check-kayobe-version.yml @@ -0,0 +1 @@ +../../../ansible/check-kayobe-version.yml \ No newline at end of file diff --git a/etc/kayobe/hooks/overcloud-service-upgrade/pre.d/check-kolla-ansible-version.yml b/etc/kayobe/hooks/overcloud-service-upgrade/pre.d/check-kolla-ansible-version.yml new file mode 120000 index 000000000..0f7651f53 --- /dev/null +++ b/etc/kayobe/hooks/overcloud-service-upgrade/pre.d/check-kolla-ansible-version.yml @@ -0,0 +1 @@ +../../../ansible/check-kolla-ansible-version.yml \ No newline at end of file diff --git a/etc/kayobe/hooks/seed-host-configure/pre.d/check-kayobe-version.yml b/etc/kayobe/hooks/seed-host-configure/pre.d/check-kayobe-version.yml new file mode 120000 index 000000000..bec8ed4c6 --- /dev/null +++ b/etc/kayobe/hooks/seed-host-configure/pre.d/check-kayobe-version.yml @@ -0,0 +1 @@ +../../../ansible/check-kayobe-version.yml \ No newline at end of file diff --git a/etc/kayobe/hooks/seed-host-configure/pre.d/check-kolla-ansible-version.yml b/etc/kayobe/hooks/seed-host-configure/pre.d/check-kolla-ansible-version.yml new file mode 120000 index 000000000..0f7651f53 --- /dev/null +++ b/etc/kayobe/hooks/seed-host-configure/pre.d/check-kolla-ansible-version.yml @@ -0,0 +1 @@ +../../../ansible/check-kolla-ansible-version.yml \ No newline at end of file diff --git a/etc/kayobe/hooks/seed-hypervisor-host-configure/pre.d/check-kayobe-version.yml b/etc/kayobe/hooks/seed-hypervisor-host-configure/pre.d/check-kayobe-version.yml new file mode 120000 index 000000000..bec8ed4c6 --- /dev/null +++ b/etc/kayobe/hooks/seed-hypervisor-host-configure/pre.d/check-kayobe-version.yml @@ -0,0 +1 @@ +../../../ansible/check-kayobe-version.yml \ No newline at end of file diff --git a/etc/kayobe/hooks/seed-hypervisor-host-configure/pre.d/check-kolla-ansible-version.yml b/etc/kayobe/hooks/seed-hypervisor-host-configure/pre.d/check-kolla-ansible-version.yml new file mode 120000 index 000000000..0f7651f53 --- /dev/null +++ b/etc/kayobe/hooks/seed-hypervisor-host-configure/pre.d/check-kolla-ansible-version.yml @@ -0,0 +1 @@ +../../../ansible/check-kolla-ansible-version.yml \ No newline at end of file diff --git a/etc/kayobe/hooks/seed-service-deploy/pre.d/check-kayobe-version.yml b/etc/kayobe/hooks/seed-service-deploy/pre.d/check-kayobe-version.yml new file mode 120000 index 000000000..bec8ed4c6 --- /dev/null +++ b/etc/kayobe/hooks/seed-service-deploy/pre.d/check-kayobe-version.yml @@ -0,0 +1 @@ +../../../ansible/check-kayobe-version.yml \ No newline at end of file diff --git a/etc/kayobe/hooks/seed-service-deploy/pre.d/check-kolla-ansible-version.yml b/etc/kayobe/hooks/seed-service-deploy/pre.d/check-kolla-ansible-version.yml new file mode 120000 index 000000000..0f7651f53 --- /dev/null +++ b/etc/kayobe/hooks/seed-service-deploy/pre.d/check-kolla-ansible-version.yml @@ -0,0 +1 @@ +../../../ansible/check-kolla-ansible-version.yml \ No newline at end of file diff --git a/etc/kayobe/inventory/group_vars/overcloud/stackhpc-repos b/etc/kayobe/inventory/group_vars/overcloud/stackhpc-repos index 442a9e068..22fa09487 100644 --- a/etc/kayobe/inventory/group_vars/overcloud/stackhpc-repos +++ b/etc/kayobe/inventory/group_vars/overcloud/stackhpc-repos @@ -1,6 +1,6 @@ --- # Only use local pulp mirrors for overcloud hosts -# to avoid situations where the seed-hypervisor +# to avoid situations where the seed-hypervisor # tries to use a local pulp repo on the seed VM # before the seed vm has been provisioned stackhpc_repos_enabled: true diff --git a/etc/kayobe/kolla-image-tags.yml b/etc/kayobe/kolla-image-tags.yml index d849595cc..a8f103562 100644 --- a/etc/kayobe/kolla-image-tags.yml +++ b/etc/kayobe/kolla-image-tags.yml @@ -26,29 +26,40 @@ kolla_image_tags: rocky-9: 2024.1-rocky-9-20250124T081816 ubuntu-jammy: 2024.1-ubuntu-jammy-20250124T081816 kolla_toolbox: - rocky-9: 2024.1-rocky-9-20250219T113722 - ubuntu-jammy: 2024.1-ubuntu-jammy-20250219T113722 + rocky-9: 2024.1-rocky-9-20250529T081147 + ubuntu-jammy: 2024.1-ubuntu-jammy-20250529T081147 + ubuntu-noble: 2024.1-ubuntu-noble-20250529T081147 magnum: - rocky-9: 2024.1-rocky-9-20250102T094625 - ubuntu-jammy: 2024.1-ubuntu-jammy-20250102T094625 + rocky-9: 2024.1-rocky-9-20250522T143506 + ubuntu-jammy: 2024.1-ubuntu-jammy-20250522T143506 + ubuntu-noble: 2024.1-ubuntu-noble-20250522T143506 manila: - rocky-9: 2024.1-rocky-9-20250219T113722 - ubuntu-jammy: 2024.1-ubuntu-jammy-20250219T113722 + rocky-9: 2024.1-rocky-9-20250529T081147 + ubuntu-jammy: 2024.1-ubuntu-jammy-20250529T081147 + ubuntu-noble: 2024.1-ubuntu-noble-20250529T081147 neutron: - rocky-9: 2024.1-rocky-9-20250219T113722 - ubuntu-jammy: 2024.1-ubuntu-jammy-20250219T113722 + rocky-9: 2024.1-rocky-9-20250529T081147 + ubuntu-jammy: 2024.1-ubuntu-jammy-20250529T081147 + ubuntu-noble: 2024.1-ubuntu-noble-20250529T081147 nova: - rocky-9: 2024.1-rocky-9-20250219T113722 - ubuntu-jammy: 2024.1-ubuntu-jammy-20250219T113722 + rocky-9: 2024.1-rocky-9-20250529T081147 + ubuntu-jammy: 2024.1-ubuntu-jammy-20250529T081147 + ubuntu-noble: 2024.1-ubuntu-noble-20250529T081147 octavia: - rocky-9: 2024.1-rocky-9-20250219T113722 - ubuntu-jammy: 2024.1-ubuntu-jammy-20250219T113722 + rocky-9: 2024.1-rocky-9-20250529T081147 + ubuntu-jammy: 2024.1-ubuntu-jammy-20250529T081147 + ubuntu-noble: 2024.1-ubuntu-noble-20250529T081147 openvswitch: - rocky-9: 2024.1-rocky-9-20250219T113722 - ubuntu-jammy: 2024.1-ubuntu-jammy-20250219T113722 + rocky-9: 2024.1-rocky-9-20250529T081147 + ubuntu-jammy: 2024.1-ubuntu-jammy-20250529T081147 + ubuntu-noble: 2024.1-ubuntu-noble-20250529T081147 ovn: - rocky-9: 2024.1-rocky-9-20250219T113722 - ubuntu-jammy: 2024.1-ubuntu-jammy-20250219T113722 + rocky-9: 2024.1-rocky-9-20250529T081147 + ubuntu-jammy: 2024.1-ubuntu-jammy-20250529T081147 + ubuntu-noble: 2024.1-ubuntu-noble-20250529T081147 + prometheus: + rocky-9: 2024.1-rocky-9-20250219T145255 + ubuntu-jammy: 2024.1-ubuntu-jammy-20250219T145255 prometheus_alertmanager: rocky-9: 2024.1-rocky-9-20250422T103147 ubuntu-jammy: 2024.1-ubuntu-jammy-20250422T103147 diff --git a/etc/kayobe/kolla.yml b/etc/kayobe/kolla.yml index 8654460b3..5eb6740dc 100644 --- a/etc/kayobe/kolla.yml +++ b/etc/kayobe/kolla.yml @@ -158,6 +158,14 @@ kolla_sources: type: git location: https://github.com/stackhpc/octavia.git reference: stackhpc/{{ openstack_release }} + octavia-api-plugin-ovn-octavia-provider: + type: git + location: https://github.com/stackhpc/ovn-octavia-provider.git + reference: stackhpc/{{ openstack_release }} + octavia-driver-agent-plugin-ovn-octavia-provider: + type: git + location: https://github.com/stackhpc/ovn-octavia-provider.git + reference: stackhpc/{{ openstack_release }} blazar-base: type: git location: https://github.com/stackhpc/blazar.git @@ -395,7 +403,7 @@ kolla_build_customizations_common: - /additions/* magnum_base_pip_packages_override: - /magnum[osprofiler] - - magnum-capi-helm==1.2.0 + - magnum-capi-helm==1.2.1 neutron_server_packages_append: - python3-libvirt - python3-ethtool diff --git a/etc/kayobe/kolla/config/nova/nova-api.conf b/etc/kayobe/kolla/config/nova/nova-api.conf index 59e3a6102..ba96a2ddb 100644 --- a/etc/kayobe/kolla/config/nova/nova-api.conf +++ b/etc/kayobe/kolla/config/nova/nova-api.conf @@ -1,4 +1,4 @@ [pci] -{% for item in gpu_group_map | dict2items | map(attribute='value') | flatten | unique | list %} +{% for item in (gpu_group_map | default({})) | dict2items | map(attribute='value') | flatten | unique | list %} alias = { "vendor_id":"{{ stackhpc_gpu_data[item].vendor_id }}", "product_id":"{{ stackhpc_gpu_data[item].product_id }}", "device_type":"{{ stackhpc_gpu_data[item].device_type }}", "name":"{{ stackhpc_gpu_data[item].resource_name }}" } {% endfor %} diff --git a/etc/kayobe/kolla/config/nova/nova-compute.conf b/etc/kayobe/kolla/config/nova/nova-compute.conf index 5f8593dde..ed83c7101 100644 --- a/etc/kayobe/kolla/config/nova/nova-compute.conf +++ b/etc/kayobe/kolla/config/nova/nova-compute.conf @@ -1,7 +1,7 @@ [pci] {% raw %} {% set gpu_list = [] %} -{% for gpu_group in gpu_group_map | dict2items | default([]) %} +{% for gpu_group in (gpu_group_map | default({})) | dict2items %} {% if gpu_group.key in group_names %} {% set _ = gpu_list.append(gpu_group.value) %} {% endif %} diff --git a/etc/kayobe/kolla/config/prometheus/prometheus-alertmanager.yml.example b/etc/kayobe/kolla/config/prometheus/prometheus-alertmanager.yml.example index 4a3501474..0548a8286 100644 --- a/etc/kayobe/kolla/config/prometheus/prometheus-alertmanager.yml.example +++ b/etc/kayobe/kolla/config/prometheus/prometheus-alertmanager.yml.example @@ -16,7 +16,7 @@ route: - severity=~"critical|alert" receiver: 'slack-critical-notifications' - + receivers: - name: 'slack-notifications' slack_configs: @@ -24,7 +24,7 @@ receivers: actions: - type: button text: 'Silence 🔕' - url: {{ '{% raw %}' }}{% raw %} '{{ template "__alert_silence_link" . }}' + url: {{ '{% raw %}' }}{% raw %} '{{ template "__alert_silence_link" . }}' {% endraw %}{{ '{% endraw %}' }} send_resolved: true http_config: @@ -35,7 +35,7 @@ receivers: actions: - type: button text: 'Silence 🔕' - url: {{ '{% raw %}' }}{% raw %} '{{ template "__alert_silence_link" . }}' + url: {{ '{% raw %}' }}{% raw %} '{{ template "__alert_silence_link" . }}' {% endraw %}{{ '{% endraw %}' }} send_resolved: true http_config: diff --git a/etc/kayobe/kolla/config/prometheus/rabbitmq.rules b/etc/kayobe/kolla/config/prometheus/rabbitmq.rules index d72230421..82022d72a 100644 --- a/etc/kayobe/kolla/config/prometheus/rabbitmq.rules +++ b/etc/kayobe/kolla/config/prometheus/rabbitmq.rules @@ -6,7 +6,7 @@ groups: - name: rabbitmq.rules rules: - alert: RabbitMQNodeDown - expr: sum(rabbitmq_build_info{instance!=""}) < 3 + expr: sum(rabbitmq_build_info{instance!=""}) < {% endraw %}{{ alertmanager_number_of_rabbitmq_nodes }}{% raw %} for: 30m labels: severity: critical diff --git a/etc/kayobe/kolla/kolla-build.conf b/etc/kayobe/kolla/kolla-build.conf index 1c2165c8b..95562f5c0 100644 --- a/etc/kayobe/kolla/kolla-build.conf +++ b/etc/kayobe/kolla/kolla-build.conf @@ -16,15 +16,3 @@ build_args = {{ (kolla_build_args | default({})).items() | map('join', ':') | jo type = git location = https://github.com/stackhpc/requirements reference = stackhpc/{{ openstack_release }} - -[prometheus-v2-server] -version = 2.54.1 -sha256 = amd64:31715ef65e8a898d0f97c8c08c03b6b9afe485ac84e1698bcfec90fc6e62924f,arm64:3d9946ca730f2679bbd63e9d40e559a0ba227a638d237e723af1a99bd7098263 - -[prometheus-blackbox-exporter] -version = 0.25.0 -sha256 = amd64:c651ced6405c5e0cd292a400f47ae9b34f431f16c7bb098afbcd38f710144640,arm64:46ec5a54a41dc1ea8a8cecee637e117de4807d3b0976482a16596e82e79ac484 - -[prometheus-memcached-exporter] -version = 0.14.4 -sha256 = amd64:e61b9f15959218a38c49b9ba919fca0a3e36e7edf9c607aabcf1ccbbd3b8cc59,arm64:9a28b57bd217e80acd1cdc86cef97e32058f3b2cce75f79baa13b42a27b7291a diff --git a/etc/kayobe/pulp-repo-versions.yml b/etc/kayobe/pulp-repo-versions.yml index 2c22d0b32..e2636862b 100644 --- a/etc/kayobe/pulp-repo-versions.yml +++ b/etc/kayobe/pulp-repo-versions.yml @@ -2,7 +2,7 @@ # This file is autogenerated by Ansible using the following workflow: # https://github.com/stackhpc/stackhpc-release-train/actions/workflows/package-update-kayobe.yml stackhpc_pulp_repo_centos_stream_9_docker_version: 20241210T000909 -stackhpc_pulp_repo_centos_stream_9_nfv_openvswitch_version: 20250217T103110 +stackhpc_pulp_repo_centos_stream_9_nfv_openvswitch_version: 20250528T022338 stackhpc_pulp_repo_centos_stream_9_openstack_caracal_version: 20241212T022636 stackhpc_pulp_repo_centos_stream_9_opstools_version: 20231213T031318 stackhpc_pulp_repo_centos_stream_9_storage_ceph_reef_version: 20240923T233036 diff --git a/etc/kayobe/pulp.yml b/etc/kayobe/pulp.yml index 4a858b948..214e8bc10 100644 --- a/etc/kayobe/pulp.yml +++ b/etc/kayobe/pulp.yml @@ -26,6 +26,10 @@ pulp_enable_tls: false pulp_username: admin pulp_password: "{{ secrets_pulp_password }}" +# Credentials for non-admin user within Pulp. +pulp_stack_username: stack +pulp_stack_password: "{{ secrets_pulp_stack_password | default('') }}" + # Proxy to use when adding remotes. pulp_proxy_url: "{{ omit }}" @@ -728,6 +732,14 @@ stackhpc_pulp_repository_container_repos_openbao: include_tags: "{{ overcloud_vault_docker_tag }}" required: "{{ stackhpc_sync_openbao_images | bool }}" +# List of OpenBao container image distributions. +stackhpc_pulp_distribution_container_openbao: + - name: openbao + repository: openbao/openbao + base_path: openbao/openbao + state: present + required: "{{ stackhpc_sync_openbao_images | bool }}" + # List of extra container image repositories. stackhpc_pulp_repository_container_repos_extra: [] diff --git a/etc/kayobe/stackhpc-monitoring.yml b/etc/kayobe/stackhpc-monitoring.yml index 831486d10..a2a88b503 100644 --- a/etc/kayobe/stackhpc-monitoring.yml +++ b/etc/kayobe/stackhpc-monitoring.yml @@ -26,6 +26,9 @@ alertmanager_packet_drop_threshold: 1 # packets/s averaged over 5 minutes. alertmanager_packet_errors_threshold: 1 +# Number of RabbitMQ nodes in the cluster. +alertmanager_number_of_rabbitmq_nodes: "{{ groups['controllers'] | length }}" + ############################################################################### # Exporter configuration diff --git a/etc/kayobe/stackhpc.yml b/etc/kayobe/stackhpc.yml index 3a7e929a0..2e47b0022 100644 --- a/etc/kayobe/stackhpc.yml +++ b/etc/kayobe/stackhpc.yml @@ -165,11 +165,11 @@ stackhpc_repo_elrepo_9_version: "{{ stackhpc_repo_distribution }}" # Kolla source repository. stackhpc_kolla_source_url: "https://github.com/stackhpc/kolla" -stackhpc_kolla_source_version: stackhpc/18.6.0.7 +stackhpc_kolla_source_version: stackhpc/18.6.0.9 # Kolla Ansible source repository. stackhpc_kolla_ansible_source_url: "https://github.com/stackhpc/kolla-ansible" -stackhpc_kolla_ansible_source_version: stackhpc/18.6.0.8 +stackhpc_kolla_ansible_source_version: stackhpc/18.6.0.10 ############################################################################### # Container image registry @@ -178,8 +178,8 @@ stackhpc_kolla_ansible_source_version: stackhpc/18.6.0.8 stackhpc_docker_registry: "{{ pulp_url | regex_replace('^https?://', '') }}" # Username and password of container registry. -stackhpc_docker_registry_username: "{{ pulp_username }}" -stackhpc_docker_registry_password: "{{ pulp_password }}" +stackhpc_docker_registry_username: "{{ pulp_stack_username if pulp_stack_password is defined and pulp_stack_password | length > 0 else pulp_username }}" +stackhpc_docker_registry_password: "{{ pulp_stack_password if pulp_stack_password is defined and pulp_stack_password | length > 0 else pulp_password }}" ############################################################################### # Feature flags @@ -187,6 +187,14 @@ stackhpc_docker_registry_password: "{{ pulp_password }}" # Whether or not to run CIS benchmark hardening playbooks. Default is false. #stackhpc_enable_cis_benchmark_hardening_hook: +# Whether or not to check the installed Kayobe version when running Kayobe commands. +# Default is true. +stackhpc_enable_kayobe_check: true + +# Whether or not to check the installed Kolla-Ansible version when running Kayobe commands. +# Default is true. +stackhpc_enable_kolla_ansible_check: true + ############################################################################### # Octavia Amphora image diff --git a/releasenotes/notes/add-caso-f36b98453be10169.yaml b/releasenotes/notes/add-caso-f36b98453be10169.yaml index fec9b8286..ee71bcf1f 100644 --- a/releasenotes/notes/add-caso-f36b98453be10169.yaml +++ b/releasenotes/notes/add-caso-f36b98453be10169.yaml @@ -5,4 +5,4 @@ that supports Cloud Accounting Usage Records. For more information, see the `upstream docs `__. Note that this container does not exist in upstream Kolla and is maintained - downstream by StackHPC. + downstream by StackHPC. diff --git a/releasenotes/notes/add-rekey-playbook-0065c5057b1639f8.yaml b/releasenotes/notes/add-rekey-playbook-0065c5057b1639f8.yaml index 5e75a51ad..d1edf25a4 100644 --- a/releasenotes/notes/add-rekey-playbook-0065c5057b1639f8.yaml +++ b/releasenotes/notes/add-rekey-playbook-0065c5057b1639f8.yaml @@ -1,5 +1,5 @@ --- features: - | - Added the ``rekey-hosts.yml`` playbook to automatically rotate the SSH + Added the ``rekey-hosts.yml`` playbook to automatically rotate the SSH keys on all hosts. diff --git a/releasenotes/notes/add-rocky-9-packages-43074cb3367171a5.yaml b/releasenotes/notes/add-rocky-9-packages-43074cb3367171a5.yaml index a202b9ecd..f9c6bd534 100644 --- a/releasenotes/notes/add-rocky-9-packages-43074cb3367171a5.yaml +++ b/releasenotes/notes/add-rocky-9-packages-43074cb3367171a5.yaml @@ -3,5 +3,5 @@ features: - | Add the package repository configuration required for Rocky Linux 9 support. - + Add CI for Rocky 9 hosts. diff --git a/releasenotes/notes/add-stack-user-for-pulp-c96041e82c13aa10.yaml b/releasenotes/notes/add-stack-user-for-pulp-c96041e82c13aa10.yaml new file mode 100644 index 000000000..63b4dae95 --- /dev/null +++ b/releasenotes/notes/add-stack-user-for-pulp-c96041e82c13aa10.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + Add support for a basic user for Pulp operations instead of using + the admin user for usage. Can be enabled by setting + `pulp_stack_password`. diff --git a/releasenotes/notes/add-vm-overcloud-support-92baa7c2ce87ac1d.yaml b/releasenotes/notes/add-vm-overcloud-support-92baa7c2ce87ac1d.yaml index a3ebacc1f..cabf7a891 100644 --- a/releasenotes/notes/add-vm-overcloud-support-92baa7c2ce87ac1d.yaml +++ b/releasenotes/notes/add-vm-overcloud-support-92baa7c2ce87ac1d.yaml @@ -4,4 +4,4 @@ features: Adds support for using a VMs as compute and controller nodes in the ``ci-multinode`` environment by dynamically setting the MTU of the networks in networks.yml and removing the static definition of the network - interfaces for the compute and controller groups. + interfaces for the compute and controller groups. diff --git a/releasenotes/notes/bump-ovs-ovn-rocky9-2024.1-eb5a42d9f890d3cd.yaml b/releasenotes/notes/bump-ovs-ovn-rocky9-2024.1-eb5a42d9f890d3cd.yaml new file mode 100644 index 000000000..0268db52b --- /dev/null +++ b/releasenotes/notes/bump-ovs-ovn-rocky9-2024.1-eb5a42d9f890d3cd.yaml @@ -0,0 +1,13 @@ +--- +features: + - | + Updated OpenvSwitch to 3.3.4-115 and OVN to 24.03.5-88 for Rocky Linux 9 + in Caracal. For details, see the following changelogs: + + * `OVS changelog `__ + * `OVN changelog `__ + + - | + Kolla Toolbox, Manila, Neutron, Nova, and Octavia containers received + updates on both Rocky Linux 9 and Ubuntu. Only the Rocky Linux 9 images + include the new OVS versions. diff --git a/releasenotes/notes/bump-rocky-9-90412343a29bc45b.yaml b/releasenotes/notes/bump-rocky-9-90412343a29bc45b.yaml index 165b40751..cd8bbb59c 100644 --- a/releasenotes/notes/bump-rocky-9-90412343a29bc45b.yaml +++ b/releasenotes/notes/bump-rocky-9-90412343a29bc45b.yaml @@ -1,4 +1,4 @@ --- upgrade: - | - Bumped rocky 9 package versions due to missing snapshot + Bumped rocky 9 package versions due to missing snapshot diff --git a/releasenotes/notes/bumps-redfish-exporter-to-v2-11032fb9dde36283.yaml b/releasenotes/notes/bumps-redfish-exporter-to-v2-11032fb9dde36283.yaml index ddf1d58eb..6ef30e11a 100644 --- a/releasenotes/notes/bumps-redfish-exporter-to-v2-11032fb9dde36283.yaml +++ b/releasenotes/notes/bumps-redfish-exporter-to-v2-11032fb9dde36283.yaml @@ -10,6 +10,6 @@ features: fixes: - Fixes various issues with the redfish exporter dashboard. upgrade: - - | + - | Increases default ``os_capacity_scrape_interval`` to ``5m``. If you already customise this please move to the new ``stackhpc_os_capacity_scrape_interval`` variable. diff --git a/releasenotes/notes/capi-bump-78cd6f89a0eff0d7.yaml b/releasenotes/notes/capi-bump-78cd6f89a0eff0d7.yaml new file mode 100644 index 000000000..5a4aae413 --- /dev/null +++ b/releasenotes/notes/capi-bump-78cd6f89a0eff0d7.yaml @@ -0,0 +1,7 @@ +--- +fixes: + - | + Updated the version of magnum-capi-helm used in Magnum containers. This + resolves an issue stopping non-default node groups from being deleted. See + `#2095539 `__ for more + details. diff --git a/releasenotes/notes/ceph-config-append-1cc6146d3241b63e.yaml b/releasenotes/notes/ceph-config-append-1cc6146d3241b63e.yaml new file mode 100644 index 000000000..1d0e534d4 --- /dev/null +++ b/releasenotes/notes/ceph-config-append-1cc6146d3241b63e.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + Add ``kolla_ceph_conf_append`` configuration option to specify a string + to be appended to all ceph.conf files gathered from a ceph cluster using + ``kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/cephadm-gather-keys.yml``. diff --git a/releasenotes/notes/ceph-reef-18.2.7-9d8d3ad3a1ea517b.yaml b/releasenotes/notes/ceph-reef-18.2.7-9d8d3ad3a1ea517b.yaml new file mode 100644 index 000000000..8f7efe343 --- /dev/null +++ b/releasenotes/notes/ceph-reef-18.2.7-9d8d3ad3a1ea517b.yaml @@ -0,0 +1,4 @@ +--- +upgrade: + - | + Bumps the default Ceph Reef container image to ``v18.2.7``. diff --git a/releasenotes/notes/disable-heat-03f3ac52ac610223.yaml b/releasenotes/notes/disable-heat-03f3ac52ac610223.yaml index b5c557161..9a5e8eda5 100644 --- a/releasenotes/notes/disable-heat-03f3ac52ac610223.yaml +++ b/releasenotes/notes/disable-heat-03f3ac52ac610223.yaml @@ -1,7 +1,7 @@ --- features: - | - The Heat OpenStack service is now disabled by default. + The Heat OpenStack service is now disabled by default. upgrade: - | The Heat service is now disabled by default. This behaviour can be diff --git a/releasenotes/notes/docker-bump-dc4e85668ee69a21.yaml b/releasenotes/notes/docker-bump-dc4e85668ee69a21.yaml index 3563d6d3a..d5c6c3e21 100644 --- a/releasenotes/notes/docker-bump-dc4e85668ee69a21.yaml +++ b/releasenotes/notes/docker-bump-dc4e85668ee69a21.yaml @@ -8,4 +8,4 @@ fixes: - | Separated out repos for Docker CE for Ubuntu Jammy/Focal. This fixes a Pulp sync issue where two "identical" repository versions existed with different - checksums. + checksums. diff --git a/releasenotes/notes/feature-smartmon-65cacfe893f0eb47.yaml b/releasenotes/notes/feature-smartmon-65cacfe893f0eb47.yaml index 94dc25978..23b9e5bc8 100644 --- a/releasenotes/notes/feature-smartmon-65cacfe893f0eb47.yaml +++ b/releasenotes/notes/feature-smartmon-65cacfe893f0eb47.yaml @@ -4,5 +4,5 @@ features: Adds drive temperatures to the table on the hardware overview dashboard and a timeseries to show the temperature over time. - | - Adds picker to hardware overview dashboard to select a specific host to + Adds picker to hardware overview dashboard to select a specific host to show drive information for. diff --git a/releasenotes/notes/fix-cephadm-facts-2ee6dc9a1c617944.yaml b/releasenotes/notes/fix-cephadm-facts-2ee6dc9a1c617944.yaml index 98f0e1779..bb0071fae 100644 --- a/releasenotes/notes/fix-cephadm-facts-2ee6dc9a1c617944.yaml +++ b/releasenotes/notes/fix-cephadm-facts-2ee6dc9a1c617944.yaml @@ -3,4 +3,4 @@ fixes: - | The Ceph version is now determined by ``os_release``, rather than Ansible facts. Using Ansible facts caused playbooks to fail when - facts are not gathered. + facts are not gathered. diff --git a/releasenotes/notes/fix-pci-default-template-8660ab2a7a106376.yaml b/releasenotes/notes/fix-pci-default-template-8660ab2a7a106376.yaml new file mode 100644 index 000000000..affc29fd8 --- /dev/null +++ b/releasenotes/notes/fix-pci-default-template-8660ab2a7a106376.yaml @@ -0,0 +1,4 @@ +--- +fixes: + - | + Fixes possible templating error with PCI passthrough configuration. diff --git a/releasenotes/notes/fix-radosgw-usage-exporter-duplicate-metrics-ca96b3e4b9d6afe9.yaml b/releasenotes/notes/fix-radosgw-usage-exporter-duplicate-metrics-ca96b3e4b9d6afe9.yaml new file mode 100644 index 000000000..fb54ae397 --- /dev/null +++ b/releasenotes/notes/fix-radosgw-usage-exporter-duplicate-metrics-ca96b3e4b9d6afe9.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Bumps the radosgw_usage_exporter tag to fix an issue where duplicate + metrics could be presented to Prometheus if S3 store usage was particularly + high. diff --git a/releasenotes/notes/kolla-bump-cve-2024-36039-07f18e18b5c86980.yaml b/releasenotes/notes/kolla-bump-cve-2024-36039-07f18e18b5c86980.yaml index 1877ebc62..bfddbb74d 100644 --- a/releasenotes/notes/kolla-bump-cve-2024-36039-07f18e18b5c86980.yaml +++ b/releasenotes/notes/kolla-bump-cve-2024-36039-07f18e18b5c86980.yaml @@ -3,5 +3,5 @@ security: - | Addresses critical vulnerability CVE-2024-36039 by bumping the PyMySQL library to 1.1.1 in all affected - Kolla images. This vulnerability allows SQL injection + Kolla images. This vulnerability allows SQL injection through untrusted JSON objects. diff --git a/releasenotes/notes/kolla-kayobe-version-check-f44d43c9c34d1b89.yaml b/releasenotes/notes/kolla-kayobe-version-check-f44d43c9c34d1b89.yaml new file mode 100644 index 000000000..4d1c38a91 --- /dev/null +++ b/releasenotes/notes/kolla-kayobe-version-check-f44d43c9c34d1b89.yaml @@ -0,0 +1,13 @@ +--- +features: + - | + Added playbooks to check the installed Kayobe/Kolla-Ansible versions + against the expected versions in Kayobe configuration. These checks + will run on Kayobe bootstrap, host and service operations. +upgrade: + - | + Kolla Ansible and Kayobe version checks are enabled by default which + may fail on existing deployments using custom forks or branches for + Kayobe and Kolla-Ansible. To disable version checks in configuration + set ``stackhpc_enable_kayobe_check`` and + ``stackhpc_enable_kolla_ansible_check`` to false. diff --git a/releasenotes/notes/ovn-octavia-provider-bug-2049551-c95d69965733cd78.yaml b/releasenotes/notes/ovn-octavia-provider-bug-2049551-c95d69965733cd78.yaml new file mode 100644 index 000000000..ec9037395 --- /dev/null +++ b/releasenotes/notes/ovn-octavia-provider-bug-2049551-c95d69965733cd78.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Updates Octavia images to fix Neutron endpoint selection in the OVN + provider. `LP#2049551 `__. diff --git a/releasenotes/notes/ubuntu-jammy-cd109d12954d7626.yaml b/releasenotes/notes/ubuntu-jammy-cd109d12954d7626.yaml index 2219bf37f..4265655c1 100644 --- a/releasenotes/notes/ubuntu-jammy-cd109d12954d7626.yaml +++ b/releasenotes/notes/ubuntu-jammy-cd109d12954d7626.yaml @@ -1,7 +1,7 @@ --- upgrade: - | - Dont pull apt packages from pulp for Ubuntu Jammy until Jammy packages + Dont pull apt packages from pulp for Ubuntu Jammy until Jammy packages are published. - | Dont pull ceph packages from ceph official repos for Ubuntu Jammy until diff --git a/releasenotes/notes/update-kayobe-automation-55fc9c5c380d819c.yaml b/releasenotes/notes/update-kayobe-automation-55fc9c5c380d819c.yaml index f8e2e32a3..f8dee5b4d 100644 --- a/releasenotes/notes/update-kayobe-automation-55fc9c5c380d819c.yaml +++ b/releasenotes/notes/update-kayobe-automation-55fc9c5c380d819c.yaml @@ -2,7 +2,7 @@ features: - | Upgrades kayobe-automation submodule to ``7676aa8``. - + Upgrades kayobe-workflows collection to ``v1.1.0``. Kayobe-automation config-diff now runs in parallel and generates both diff --git a/releasenotes/notes/update-prometheus-3519aa260d5f24ef.yaml b/releasenotes/notes/update-prometheus-3519aa260d5f24ef.yaml new file mode 100644 index 000000000..db9c0159d --- /dev/null +++ b/releasenotes/notes/update-prometheus-3519aa260d5f24ef.yaml @@ -0,0 +1,4 @@ +--- +features: + - | + Updates Prometheus to version 2.55.1. diff --git a/releasenotes/notes/use-length-for-rabbitmq-node-down-rule-c9e9c6b09f57954d.yaml b/releasenotes/notes/use-length-for-rabbitmq-node-down-rule-c9e9c6b09f57954d.yaml new file mode 100644 index 000000000..e7b7b2f9a --- /dev/null +++ b/releasenotes/notes/use-length-for-rabbitmq-node-down-rule-c9e9c6b09f57954d.yaml @@ -0,0 +1,8 @@ +--- +features: + - | + Allow for easy customisation of the number of expected `RabbitMQ` + nodes when evaluating the alert `RabbitMQNodeDown`. It is set by + the `alertmanager_number_of_rabbitmq_nodes` which defaults to the + number of `controllers`. This is benefical for deployments that + do not use a standard three node setup. diff --git a/requirements.txt b/requirements.txt index bd1828f53..597523c22 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1,3 @@ -kayobe@git+https://github.com/stackhpc/kayobe@stackhpc/16.6.0.4 +kayobe@git+https://github.com/stackhpc/kayobe@stackhpc/16.6.0.5 ansible-modules-hashivault>=5.2.1 jmespath diff --git a/tools/rabbitmq-queue-migration.sh b/tools/rabbitmq-queue-migration.sh index 089b197eb..d0f802341 100755 --- a/tools/rabbitmq-queue-migration.sh +++ b/tools/rabbitmq-queue-migration.sh @@ -65,7 +65,7 @@ if [[ ! "$1" = "--skip-checks" ]]; then sleep 60 # Assert that all queues are durable if ! ( kayobe overcloud host command run -l controllers -b --command "docker exec $RABBITMQ_CONTAINER_NAME rabbitmqctl list_queues durable --silent | grep false" > /dev/null 2>&1 ); then - echo -e "${GREEN}Queues migrated successfully" + echo -e "${GREEN}Queues migrated successfully" else echo -e "${RED}Failed post-check: A controller has non-durable queues" fi