Xena: Rocky 8 AIO scenario

.github/workflows/stackhpc-all-in-one.yml

@@ -11,14 +11,26 @@ on:
         description: Kayobe container image
         type: string
         required: true
+      os_distribution:
+        description: Host OS distribution
+        type: string
+        default: centos
       neutron_plugin:
         description: Neutron ML2 plugin
         type: string
         required: true
+      vm_user:
+        description: User to use when bootstraping the VM. Leave unset to use os_distribution.
+        type: string
+        default: ''
       vm_image:
         description: Image for the all-in-one VM
         type: string
         default: CentOS-stream8
+      vm_interface:
+        description: Default network interface name
+        type: string
+        default: eth0
       vm_flavor:
         description: Flavor for the all-in-one VM
         type: string
@@ -56,6 +68,12 @@ jobs:
       KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }}
       KAYOBE_IMAGE: ${{ inputs.kayobe_image }}
     steps:
+      - name: Set bootstrap user output
+        id: bootstrap_user
+        run: |
+          user=${{ inputs.vm_user }}
+          echo "::set-output name=value::${user:-"${{ inputs.os_distribution }}"}"
+
       - uses: actions/checkout@v2
         with:
            submodules: true
@@ -81,11 +99,12 @@ jobs:
       - name: Generate terraform.tfvars
         run: |
           cat << EOF > terraform.tfvars
-          ssh_private_key = "id_rsa"
           ssh_public_key = "id_rsa.pub"
+          ssh_private_key = "id_rsa"
+          aio_vm_user = "${{ env.VM_USER }}"
+          aio_vm_interface = "${{ env.VM_INTERFACE }}"
           aio_vm_name = "${{ env.VM_NAME }}"
           aio_vm_image = "${{ env.VM_IMAGE }}"
-          aio_vm_keypair = "${{ env.VM_KEYPAIR }}"
           aio_vm_flavor = "${{ env.VM_FLAVOR }}"
           aio_vm_network = "${{ env.VM_NETWORK }}"
           aio_vm_subnet = "${{ env.VM_SUBNET }}"
@@ -94,10 +113,11 @@ jobs:
         env:
           VM_NAME: "skc-ci-aio-${{ inputs.neutron_plugin }}-${{ github.run_id }}"
           VM_IMAGE: ${{ inputs.vm_image }}
-          VM_KEYPAIR: "skc-ci-aio-${{ inputs.neutron_plugin }}-${{ github.run_id }}"
           VM_FLAVOR: ${{ inputs.vm_flavor }}
           VM_NETWORK: ${{ inputs.vm_network }}
           VM_SUBNET: ${{ inputs.vm_subnet }}
+          VM_USER: ${{ steps.bootstrap_user.outputs.value }}
+          VM_INTERFACE: ${{ inputs.vm_interface }}
 
       - name: Terraform Plan
         run: terraform plan
@@ -151,10 +171,14 @@ jobs:
         run: |
           cat << EOF > etc/kayobe/environments/$KAYOBE_ENVIRONMENT/zz-aio-scenario.yml
           ---
+          os_distribution: ${{ env.OS_DISTRIBUTION }}
           kolla_enable_ovn: ${{ env.ENABLE_OVN }}
+          bootstrap_user: ${{ env.BOOTSTRAP_USER }}
           EOF
         env:
           ENABLE_OVN: ${{ inputs.neutron_plugin == 'ovn' }}
+          OS_DISTRIBUTION: ${{ inputs.os_distribution }}
+          BOOTSTRAP_USER: ${{ steps.bootstrap_user.outputs.value }}
 
       # https://renehernandez.io/snippets/multiline-strings-as-a-job-output-in-github-actions/
       - name: Set SSH key output

.github/workflows/stackhpc-pull-request.yml

@@ -35,8 +35,8 @@ jobs:
     uses: ./.github/workflows/stackhpc-build-kayobe-image.yml
     if: github.repository == 'stackhpc/stackhpc-kayobe-config'
 
-  all-in-one-ovs:
-    name: aio (OVS)
+  all-in-one-centos-ovs:
+    name: aio (CentOS OVS)
     needs:
       - build-kayobe-image
     uses: ./.github/workflows/stackhpc-all-in-one.yml
@@ -47,8 +47,8 @@ jobs:
     secrets: inherit
     if: github.repository == 'stackhpc/stackhpc-kayobe-config'
 
-  all-in-one-ovn:
-    name: aio (OVN)
+  all-in-one-centos-ovn:
+    name: aio (CentOS OVN)
     needs:
       - build-kayobe-image
     uses: ./.github/workflows/stackhpc-all-in-one.yml
@@ -58,3 +58,35 @@ jobs:
       OS_CLOUD: sms-lab-release
     secrets: inherit
     if: github.repository == 'stackhpc/stackhpc-kayobe-config'
+
+  all-in-one-rocky-ovs:
+    name: aio (Rocky OVS)
+    needs:
+      - build-kayobe-image
+    uses: ./.github/workflows/stackhpc-all-in-one.yml
+    with:
+      kayobe_image: ${{ needs.build-kayobe-image.outputs.kayobe_image }}
+      os_distribution: rocky
+      neutron_plugin: ovs
+      vm_image: Rocky8
+      vm_user: cloud-user
+      vm_interface: ens3
+      OS_CLOUD: sms-lab-release
+    secrets: inherit
+    if: github.repository == 'stackhpc/stackhpc-kayobe-config'
+
+  all-in-one-rocky-ovn:
+    name: aio (Rocky OVN)
+    needs:
+      - build-kayobe-image
+    uses: ./.github/workflows/stackhpc-all-in-one.yml
+    with:
+      kayobe_image: ${{ needs.build-kayobe-image.outputs.kayobe_image }}
+      os_distribution: rocky
+      neutron_plugin: ovn
+      vm_image: Rocky8
+      vm_user: cloud-user
+      vm_interface: ens3
+      OS_CLOUD: sms-lab-release
+    secrets: inherit
+    if: github.repository == 'stackhpc/stackhpc-kayobe-config'

etc/kayobe/ansible/configure-aio-resources.yml

@@ -6,47 +6,56 @@
   vars:
     venv: '{{ virtualenv_path }}/openstack'
   tasks:
-    - block:
-        - name: Install python openstack client
-          pip:
-            name: python-openstackclient
-            virtualenv: '{{ venv }}'
-            extra_args: -c "{{ pip_upper_constraints_file }}"
+    - name: Install python build dependencies
+      package:
+        name:
+          - "{% if ansible_facts.os_family == 'RedHat' %}gcc{% else %}build-essential{% endif %}"
+          - "python3-dev{% if ansible_facts.os_family == 'RedHat' %}el{% endif %}"
+        cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}"
+        update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}"
+        state: present
+      become: true
 
-        - name: Include kolla secrets
-          include_vars:
-            dir: '{{ kayobe_env_config_path }}/kolla/'
-            files_matching: passwords.yml
-            name: kolla_passwords
+    - name: Install python openstack client
+      pip:
+        name: python-openstackclient
+        virtualenv: '{{ venv }}'
+        extra_args: -c "{{ pip_upper_constraints_file }}"
 
-        - name: Add an IP to connect to the instances
-          # FIXME: host configure will have bounced the bridge
-          # and removed the IP
-          command: ip a add 10.0.2.1/24 dev breth1
-          register: result
-          failed_when: 'result.rc !=0 and "RTNETLINK answers: File exists" not in
-            result.stderr'
-          changed_when: result.rc == 0
-          become: true
+    - name: Include kolla secrets
+      include_vars:
+        dir: '{{ kayobe_env_config_path }}/kolla/'
+        files_matching: passwords.yml
+        name: kolla_passwords
 
-        - name: Run init-run-once
-          script:
-            cmd: scripts/aio-init.sh
-            creates: /tmp/.init-runonce
-          environment:
-            KOLLA_OPENSTACK_COMMAND: '{{ venv }}/bin/openstack'
-            OS_PROJECT_DOMAIN_NAME: Default
-            OS_USER_DOMAIN_NAME: Default
-            OS_PROJECT_NAME: admin
-            OS_TENANT_NAME: admin
-            OS_USERNAME: admin
-            OS_PASSWORD: "{{ kolla_passwords.keystone_admin_password | mandatory('Could\
-              \ not find keystone_admin_password in passwords.yml') }}"
-            # Use kolla_external_fqdn in wallaby
-            OS_AUTH_URL: http://{{ kolla_external_fqdn | default(public_net_name
-              | net_fqdn) | default(public_net_name | net_vip_address, true) }}:5000
-            OS_INTERFACE: public
-            OS_ENDPOINT_TYPE: publicURL
-            OS_IDENTITY_API_VERSION: 3
-            OS_REGION_NAME: RegionOne
-            OS_AUTH_PLUGIN: password
+    - name: Add an IP to connect to the instances
+      # FIXME: host configure will have bounced the bridge
+      # and removed the IP
+      command: ip a add 10.0.2.1/24 dev breth1
+      register: result
+      failed_when: 'result.rc !=0 and "RTNETLINK answers: File exists" not in
+        result.stderr'
+      changed_when: result.rc == 0
+      become: true
+
+    - name: Run init-run-once
+      script:
+        cmd: scripts/aio-init.sh
+        creates: /tmp/.init-runonce
+      environment:
+        KOLLA_OPENSTACK_COMMAND: '{{ venv }}/bin/openstack'
+        OS_PROJECT_DOMAIN_NAME: Default
+        OS_USER_DOMAIN_NAME: Default
+        OS_PROJECT_NAME: admin
+        OS_TENANT_NAME: admin
+        OS_USERNAME: admin
+        OS_PASSWORD: "{{ kolla_passwords.keystone_admin_password | mandatory('Could\
+          \ not find keystone_admin_password in passwords.yml') }}"
+        # Use kolla_external_fqdn in wallaby
+        OS_AUTH_URL: http://{{ kolla_external_fqdn | default(public_net_name
+          | net_fqdn) | default(public_net_name | net_vip_address, true) }}:5000
+        OS_INTERFACE: public
+        OS_ENDPOINT_TYPE: publicURL
+        OS_IDENTITY_API_VERSION: 3
+        OS_REGION_NAME: RegionOne
+        OS_AUTH_PLUGIN: password

etc/kayobe/compute.yml

@@ -179,6 +179,12 @@
 # compute_qemu_conf_extra.
 #compute_qemu_conf:
 
+# Whether to enable libvirt SASL authentication. Default is true.
+#compute_libvirt_enable_sasl:
+
+# libvirt SASL password. Default is unset.
+#compute_libvirt_sasl_password:
+
 # Whether to enable a libvirt TLS listener. Default is false.
 #compute_libvirt_enable_tls:
 

etc/kayobe/environments/ci-aio/compute.yml

@@ -0,0 +1,3 @@
+---
+
+compute_libvirt_sasl_password: "{{ lookup('password', kayobe_env_config_path ~ '/secrets/libvirt_sasl_password') }}"

etc/kayobe/environments/ci-aio/kolla/globals.yml

@@ -10,4 +10,4 @@ openstack_service_workers: "1"
 openstack_service_rpc_workers: "1"
 
 docker_yum_baseurl: "{{ stackhpc_repo_docker_url }}"
-docker_yum_gpgkey: "https://download.docker.com/linux/{% raw %}{{ ansible_facts.distribution | lower }}{% endraw %}/gpg"
+docker_yum_gpgkey: "https://download.docker.com/linux/centos/gpg"

etc/kayobe/environments/ci-aio/stackhpc-ci.yml

@@ -48,7 +48,9 @@ stackhpc_repo_ubuntu_cloud_archive_version: "{{ stackhpc_pulp_repo_ubuntu_cloud_
 stackhpc_repo_ubuntu_focal_version: "{{ stackhpc_pulp_repo_ubuntu_focal_version }}"
 stackhpc_repo_ubuntu_focal_security_version: "{{ stackhpc_pulp_repo_ubuntu_focal_security_version }}"
 stackhpc_repo_docker_ce_ubuntu_version: "{{ stackhpc_pulp_repo_docker_ce_ubuntu_version }}"
-
+stackhpc_repo_rocky_baseos_version: "{{ stackhpc_pulp_repo_rocky_8_6_baseos_version }}"
+stackhpc_repo_rocky_appstream_version: "{{ stackhpc_pulp_repo_rocky_8_6_appstream_version }}"
+stackhpc_repo_rocky_extras_version: "{{ stackhpc_pulp_repo_rocky_8_6_extras_version }}"
 
 # Host and port of container registry.
 # Push built images to the development Pulp service registry.

etc/kayobe/kolla.yml

@@ -527,6 +527,7 @@ kolla_build_args:
 #kolla_enable_kibana:
 #kolla_enable_kuryr:
 #kolla_enable_loadbalancer:
+kolla_enable_nova_libvirt_container: "{{ os_distribution not in ['rocky'] }}"
 #kolla_enable_magnum:
 #kolla_enable_manila:
 #kolla_enable_manila_backend_cephfs_native:

etc/kayobe/overcloud-dib.yml

@@ -71,7 +71,8 @@ overcloud_dib_host_packages_extra:
 overcloud_dib_git_elements_extra:
   - repo: "https://github.com/stackhpc/stackhpc-image-elements"
     local: "{{ source_checkout_path }}/stackhpc-image-elememts"
-    version: "v1.4.0"
+    # FIXME: merge and tag a new release
+    version: "feature/rocky-container-generic"
     elements_path: "elements"
 
 # List of git repositories containing Diskimage Builder (DIB) elements. See

etc/kayobe/stackhpc-overcloud-dib.yml

@@ -21,7 +21,7 @@ stackhpc_overcloud_dib_name: "deployment_image"
 
 # StackHPC overcloud DIB image elements.
 stackhpc_overcloud_dib_elements:
-  - "{{ os_distribution }}-{% if os_distribution == 'rocky' %}container{% else %}minimal{% endif %}"
+  - "{{ os_distribution }}-{% if os_distribution == 'rocky' %}container-generic{% else %}minimal{% endif %}"
   - "cloud-init-datasources"
   - "{% if os_distribution in ['centos', 'rocky'] %}disable-selinux{% endif %}"
   - "enable-serial-console"

etc/kayobe/stackhpc.yml

@@ -104,15 +104,15 @@ stackhpc_repo_treasuredata_4_url: "{{ stackhpc_repo_mirror_url }}/pulp/content/t
 stackhpc_repo_treasuredata_4_version: "{{ stackhpc_repo_distribution }}"
 
 # Rocky 8 BaseOS
-stackhpc_repo_rocky_baseos_url: "{{ stackhpc_repo_mirror_url }}/pulp/content/rocky/8/BaseOS/x86_64/os/{{ stackhpc_repo_rocky_baseos_version }}"
+stackhpc_repo_rocky_baseos_url: "{{ stackhpc_repo_mirror_url }}/pulp/content/rocky/8.6/BaseOS/x86_64/os/{{ stackhpc_repo_rocky_baseos_version }}"
 stackhpc_repo_rocky_baseos_version: "{{ stackhpc_repo_distribution }}"
 
 # Rocky 8 AppStream
-stackhpc_repo_rocky_appstream_url: "{{ stackhpc_repo_mirror_url }}/pulp/content/rocky/8/AppStream/x86_64/os/{{ stackhpc_repo_rocky_appstream_version }}"
+stackhpc_repo_rocky_appstream_url: "{{ stackhpc_repo_mirror_url }}/pulp/content/rocky/8.6/AppStream/x86_64/os/{{ stackhpc_repo_rocky_appstream_version }}"
 stackhpc_repo_rocky_appstream_version: "{{ stackhpc_repo_distribution }}"
 
 # Rocky 8 extras
-stackhpc_repo_rocky_extras_url: "{{ stackhpc_repo_mirror_url }}/pulp/content/rocky/8/extras/x86_64/os/{{ stackhpc_repo_rocky_extras_version }}"
+stackhpc_repo_rocky_extras_url: "{{ stackhpc_repo_mirror_url }}/pulp/content/rocky/8.6/extras/x86_64/os/{{ stackhpc_repo_rocky_extras_version }}"
 stackhpc_repo_rocky_extras_version: "{{ stackhpc_repo_distribution }}"
 
 ###############################################################################

terraform/aio/outputs.tf

@@ -11,5 +11,5 @@ output "access_gw" {
 }
 
 output "access_interface" {
-  value = "eth0"
+  value = var.aio_vm_interface
 }

terraform/aio/scripts/configure-local-networking.sh

@@ -53,6 +53,3 @@ done
 if ! sudo ip a show dev breth1 | grep $public_ip/24 >/dev/null 2>&1; then
   sudo ip a add $public_ip/24 dev breth1
 fi
-
-# This prevents network.service from restarting correctly.
-sudo killall dhclient || true

terraform/aio/templates/userdata.cfg.tpl

@@ -2,3 +2,11 @@
 # Don't automatically mount ephemeral disk
 mounts:
   - [/dev/vdb, null]
+# WORKAROUND: internal DNS missing from SMS lab.
+runcmd:
+  - 'echo "10.0.0.34 pelican pelican.service.compute.sms-lab.cloud" >> /etc/hosts'
+  - 'echo "10.205.3.187 pulp-server pulp-server.internal.sms-cloud" >> /etc/hosts'
+# Configure SSH keys here, to avoid creating an ephemeral keypair.
+# This means only the instance needs to be cleaned up if the destroy fails.
+ssh_authorized_keys:
+ - ${ssh_public_key}