Sync wallaby into xena

.github/workflows/stackhpc-all-in-one.yml

@@ -11,6 +11,10 @@ on:
         description: Kayobe container image
         type: string
         required: true
+      os_distribution:
+        description: Host OS distribution
+        type: string
+        default: centos
       neutron_plugin:
         description: Neutron ML2 plugin
         type: string
@@ -19,6 +23,10 @@ on:
         description: Image for the all-in-one VM
         type: string
         default: CentOS-stream8
+      vm_interface:
+        description: Default network interface name
+        type: string
+        default: eth0
       vm_flavor:
         description: Flavor for the all-in-one VM
         type: string
@@ -81,11 +89,10 @@ jobs:
       - name: Generate terraform.tfvars
         run: |
           cat << EOF > terraform.tfvars
-          ssh_private_key = "id_rsa"
           ssh_public_key = "id_rsa.pub"
+          aio_vm_interface = "${{ env.VM_INTERFACE }}"
           aio_vm_name = "${{ env.VM_NAME }}"
           aio_vm_image = "${{ env.VM_IMAGE }}"
-          aio_vm_keypair = "${{ env.VM_KEYPAIR }}"
           aio_vm_flavor = "${{ env.VM_FLAVOR }}"
           aio_vm_network = "${{ env.VM_NETWORK }}"
           aio_vm_subnet = "${{ env.VM_SUBNET }}"
@@ -94,10 +101,10 @@ jobs:
         env:
           VM_NAME: "skc-ci-aio-${{ inputs.neutron_plugin }}-${{ github.run_id }}"
           VM_IMAGE: ${{ inputs.vm_image }}
-          VM_KEYPAIR: "skc-ci-aio-${{ inputs.neutron_plugin }}-${{ github.run_id }}"
           VM_FLAVOR: ${{ inputs.vm_flavor }}
           VM_NETWORK: ${{ inputs.vm_network }}
           VM_SUBNET: ${{ inputs.vm_subnet }}
+          VM_INTERFACE: ${{ inputs.vm_interface }}
 
       - name: Terraform Plan
         run: terraform plan
@@ -151,10 +158,12 @@ jobs:
         run: |
           cat << EOF > etc/kayobe/environments/$KAYOBE_ENVIRONMENT/zz-aio-scenario.yml
           ---
+          os_distribution: ${{ env.OS_DISTRIBUTION }}
           kolla_enable_ovn: ${{ env.ENABLE_OVN }}
           EOF
         env:
           ENABLE_OVN: ${{ inputs.neutron_plugin == 'ovn' }}
+          OS_DISTRIBUTION: ${{ inputs.os_distribution }}
 
       # https://renehernandez.io/snippets/multiline-strings-as-a-job-output-in-github-actions/
       - name: Set SSH key output
@@ -217,7 +226,7 @@ jobs:
       - name: Upload test result artifacts
         uses: actions/upload-artifact@v3
         with:
-          name: tempest-results-${{ inputs.neutron_plugin }}
+          name: tempest-results-${{ inputs.os_distribution }}-${{ inputs.neutron_plugin }}
           path: tempest-artifacts/*
 
       - name: Fail if any Tempest tests failed
@@ -235,5 +244,5 @@ jobs:
 
       - name: Prune Docker images over 1 week old
         # May fail if another prune is running
-        run: sudo docker image prune --force --filter until=168h || true
+        run: sudo docker image prune --all --force --filter until=168h || true
         if: always()

.github/workflows/stackhpc-container-image-build.yml

@@ -143,9 +143,9 @@ jobs:
           retention-days: 7
         if: github.event.inputs.seed == 'true'
 
-      - name: Prune local Kolla container images
+      - name: Prune local Kolla container images over 1 week old
         run: |
-          sudo docker image prune --force --filter="label=kolla_version"
+          sudo docker image prune --all --force --filter until=168h --filter="label=kolla_version"
 
   sync-container-repositories:
     name: Trigger container image repository sync

.github/workflows/stackhpc-pull-request.yml

@@ -1,5 +1,9 @@
 ---
 
+concurrency:
+  group: stackhpc-pull-request-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
 name: Pull request
 'on':
   pull_request:
@@ -37,26 +41,56 @@ jobs:
     uses: ./.github/workflows/stackhpc-build-kayobe-image.yml
     if: github.repository == 'stackhpc/stackhpc-kayobe-config'
 
-  all-in-one-ovs:
-    name: aio (OVS)
+  all-in-one-centos-ovs:
+    name: aio (CentOS OVS)
+    needs:
+      - build-kayobe-image
+    uses: ./.github/workflows/stackhpc-all-in-one.yml
+    with:
+      kayobe_image: ${{ needs.build-kayobe-image.outputs.kayobe_image }}
+      neutron_plugin: ovs
+      OS_CLOUD: sms-lab-release
+    secrets: inherit
+    if: github.repository == 'stackhpc/stackhpc-kayobe-config'
+
+  all-in-one-centos-ovn:
+    name: aio (CentOS OVN)
+    needs:
+      - build-kayobe-image
+    uses: ./.github/workflows/stackhpc-all-in-one.yml
+    with:
+      kayobe_image: ${{ needs.build-kayobe-image.outputs.kayobe_image }}
+      neutron_plugin: ovn
+      OS_CLOUD: sms-lab-release
+    secrets: inherit
+    if: github.repository == 'stackhpc/stackhpc-kayobe-config'
+
+  all-in-one-rocky-ovs:
+    name: aio (Rocky OVS)
     needs:
       - build-kayobe-image
     uses: ./.github/workflows/stackhpc-all-in-one.yml
     with:
       kayobe_image: ${{ needs.build-kayobe-image.outputs.kayobe_image }}
+      os_distribution: rocky
       neutron_plugin: ovs
+      vm_image: Rocky8
+      vm_interface: ens3
       OS_CLOUD: sms-lab-release
     secrets: inherit
     if: github.repository == 'stackhpc/stackhpc-kayobe-config'
 
-  all-in-one-ovn:
-    name: aio (OVN)
+  all-in-one-rocky-ovn:
+    name: aio (Rocky OVN)
     needs:
       - build-kayobe-image
     uses: ./.github/workflows/stackhpc-all-in-one.yml
     with:
       kayobe_image: ${{ needs.build-kayobe-image.outputs.kayobe_image }}
+      os_distribution: rocky
       neutron_plugin: ovn
+      vm_image: Rocky8
+      vm_interface: ens3
       OS_CLOUD: sms-lab-release
     secrets: inherit
     if: github.repository == 'stackhpc/stackhpc-kayobe-config'

etc/kayobe/ansible/configure-aio-resources.yml

@@ -6,47 +6,56 @@
   vars:
     venv: '{{ virtualenv_path }}/openstack'
   tasks:
-    - block:
-        - name: Install python openstack client
-          pip:
-            name: python-openstackclient
-            virtualenv: '{{ venv }}'
-            extra_args: -c "{{ pip_upper_constraints_file }}"
+    - name: Install python build dependencies
+      package:
+        name:
+          - "{% if ansible_facts.os_family == 'RedHat' %}gcc{% else %}build-essential{% endif %}"
+          - "python3-dev{% if ansible_facts.os_family == 'RedHat' %}el{% endif %}"
+        cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}"
+        update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}"
+        state: present
+      become: true
 
-        - name: Include kolla secrets
-          include_vars:
-            dir: '{{ kayobe_env_config_path }}/kolla/'
-            files_matching: passwords.yml
-            name: kolla_passwords
+    - name: Install python openstack client
+      pip:
+        name: python-openstackclient
+        virtualenv: '{{ venv }}'
+        extra_args: -c "{{ pip_upper_constraints_file }}"
 
-        - name: Add an IP to connect to the instances
-          # FIXME: host configure will have bounced the bridge
-          # and removed the IP
-          command: ip a add 10.0.2.1/24 dev breth1
-          register: result
-          failed_when: 'result.rc !=0 and "RTNETLINK answers: File exists" not in
-            result.stderr'
-          changed_when: result.rc == 0
-          become: true
+    - name: Include kolla secrets
+      include_vars:
+        dir: '{{ kayobe_env_config_path }}/kolla/'
+        files_matching: passwords.yml
+        name: kolla_passwords
 
-        - name: Run init-run-once
-          script:
-            cmd: scripts/aio-init.sh
-            creates: /tmp/.init-runonce
-          environment:
-            KOLLA_OPENSTACK_COMMAND: '{{ venv }}/bin/openstack'
-            OS_PROJECT_DOMAIN_NAME: Default
-            OS_USER_DOMAIN_NAME: Default
-            OS_PROJECT_NAME: admin
-            OS_TENANT_NAME: admin
-            OS_USERNAME: admin
-            OS_PASSWORD: "{{ kolla_passwords.keystone_admin_password | mandatory('Could\
-              \ not find keystone_admin_password in passwords.yml') }}"
-            # Use kolla_external_fqdn in wallaby
-            OS_AUTH_URL: http://{{ kolla_external_fqdn | default(public_net_name
-              | net_fqdn) | default(public_net_name | net_vip_address, true) }}:5000
-            OS_INTERFACE: public
-            OS_ENDPOINT_TYPE: publicURL
-            OS_IDENTITY_API_VERSION: 3
-            OS_REGION_NAME: RegionOne
-            OS_AUTH_PLUGIN: password
+    - name: Add an IP to connect to the instances
+      # FIXME: host configure will have bounced the bridge
+      # and removed the IP
+      command: ip a add 10.0.2.1/24 dev breth1
+      register: result
+      failed_when: 'result.rc !=0 and "RTNETLINK answers: File exists" not in
+        result.stderr'
+      changed_when: result.rc == 0
+      become: true
+
+    - name: Run init-run-once
+      script:
+        cmd: scripts/aio-init.sh
+        creates: /tmp/.init-runonce
+      environment:
+        KOLLA_OPENSTACK_COMMAND: '{{ venv }}/bin/openstack'
+        OS_PROJECT_DOMAIN_NAME: Default
+        OS_USER_DOMAIN_NAME: Default
+        OS_PROJECT_NAME: admin
+        OS_TENANT_NAME: admin
+        OS_USERNAME: admin
+        OS_PASSWORD: "{{ kolla_passwords.keystone_admin_password | mandatory('Could\
+          \ not find keystone_admin_password in passwords.yml') }}"
+        # Use kolla_external_fqdn in wallaby
+        OS_AUTH_URL: http://{{ kolla_external_fqdn | default(public_net_name
+          | net_fqdn) | default(public_net_name | net_vip_address, true) }}:5000
+        OS_INTERFACE: public
+        OS_ENDPOINT_TYPE: publicURL
+        OS_IDENTITY_API_VERSION: 3
+        OS_REGION_NAME: RegionOne
+        OS_AUTH_PLUGIN: password

etc/kayobe/compute.yml

@@ -179,6 +179,12 @@
 # compute_qemu_conf_extra.
 #compute_qemu_conf:
 
+# Whether to enable libvirt SASL authentication. Default is true.
+#compute_libvirt_enable_sasl:
+
+# libvirt SASL password. Default is unset.
+#compute_libvirt_sasl_password:
+
 # Whether to enable a libvirt TLS listener. Default is false.
 #compute_libvirt_enable_tls:
 

etc/kayobe/environments/ci-aio/compute.yml

@@ -0,0 +1,3 @@
+---
+
+compute_libvirt_sasl_password: "{{ lookup('password', kayobe_env_config_path ~ '/secrets/libvirt_sasl_password') }}"

etc/kayobe/environments/ci-aio/kolla/globals.yml

@@ -10,7 +10,7 @@ openstack_service_workers: "1"
 openstack_service_rpc_workers: "1"
 
 docker_yum_baseurl: "{{ stackhpc_repo_docker_url }}"
-docker_yum_gpgkey: "https://download.docker.com/linux/{% raw %}{{ ansible_facts.distribution | lower }}{% endraw %}/gpg"
+docker_yum_gpgkey: "https://download.docker.com/linux/centos/gpg"
 
 # Elasticsearch memory tuning
 es_heap_size: 1g

etc/kayobe/environments/ci-aio/stackhpc-ci.yml

@@ -48,7 +48,9 @@ stackhpc_repo_ubuntu_cloud_archive_version: "{{ stackhpc_pulp_repo_ubuntu_cloud_
 stackhpc_repo_ubuntu_focal_version: "{{ stackhpc_pulp_repo_ubuntu_focal_version }}"
 stackhpc_repo_ubuntu_focal_security_version: "{{ stackhpc_pulp_repo_ubuntu_focal_security_version }}"
 stackhpc_repo_docker_ce_ubuntu_version: "{{ stackhpc_pulp_repo_docker_ce_ubuntu_version }}"
-
+stackhpc_repo_rocky_baseos_version: "{{ stackhpc_pulp_repo_rocky_8_6_baseos_version }}"
+stackhpc_repo_rocky_appstream_version: "{{ stackhpc_pulp_repo_rocky_8_6_appstream_version }}"
+stackhpc_repo_rocky_extras_version: "{{ stackhpc_pulp_repo_rocky_8_6_extras_version }}"
 
 # Host and port of container registry.
 # Push built images to the development Pulp service registry.

etc/kayobe/pulp.yml

@@ -10,6 +10,9 @@ pulp_url: "http://{{ admin_oc_net_name | net_ip(groups['seed'][0]) }}:80"
 pulp_username: admin
 pulp_password: "{{ secrets_pulp_password }}"
 
+# Proxy to use when adding remotes.
+pulp_proxy_url: "{{ omit }}"
+
 ###############################################################################
 # StackHPC Pulp server
 
@@ -44,6 +47,7 @@ stackhpc_pulp_repository_deb_repos:
     client_cert: "{{ stackhpc_release_pulp_client_cert }}"
     client_key: "{{ stackhpc_release_pulp_client_key }}"
     policy: on_demand
+    proxy_url: "{{ pulp_proxy_url }}"
     architectures: amd64
     components: main restricted universe multiverse
     distributions: focal focal-updates focal-backports
@@ -56,6 +60,7 @@ stackhpc_pulp_repository_deb_repos:
     client_cert: "{{ stackhpc_release_pulp_client_cert }}"
     client_key: "{{ stackhpc_release_pulp_client_key }}"
     policy: on_demand
+    proxy_url: "{{ pulp_proxy_url }}"
     architectures: amd64
     components: main restricted universe multiverse
     distributions: focal-security
@@ -69,6 +74,7 @@ stackhpc_pulp_repository_deb_repos:
     client_cert: "{{ stackhpc_release_pulp_client_cert }}"
     client_key: "{{ stackhpc_release_pulp_client_key }}"
     policy: on_demand
+    proxy_url: "{{ pulp_proxy_url }}"
     architectures: amd64
     components: main
     distributions: "focal-updates/{{ openstack_release }}"
@@ -82,6 +88,7 @@ stackhpc_pulp_repository_deb_repos:
     client_cert: "{{ stackhpc_release_pulp_client_cert }}"
     client_key: "{{ stackhpc_release_pulp_client_key }}"
     policy: on_demand
+    proxy_url: "{{ pulp_proxy_url }}"
     architectures: amd64
     distributions: focal
     components: stable
@@ -189,6 +196,7 @@ stackhpc_pulp_repository_rpm_repos:
     client_cert: "{{ stackhpc_release_pulp_client_cert }}"
     client_key: "{{ stackhpc_release_pulp_client_key }}"
     policy: on_demand
+    proxy_url: "{{ pulp_proxy_url }}"
     sync_policy: mirror_complete
     state: present
     required: "{{ stackhpc_pulp_sync_centos_stream8 | bool }}"
@@ -197,6 +205,7 @@ stackhpc_pulp_repository_rpm_repos:
     client_cert: "{{ stackhpc_release_pulp_client_cert }}"
     client_key: "{{ stackhpc_release_pulp_client_key }}"
     policy: on_demand
+    proxy_url: "{{ pulp_proxy_url }}"
     sync_policy: mirror_complete
     state: present
     required: "{{ stackhpc_pulp_sync_centos_stream8 | bool }}"
@@ -205,6 +214,7 @@ stackhpc_pulp_repository_rpm_repos:
     client_cert: "{{ stackhpc_release_pulp_client_cert }}"
     client_key: "{{ stackhpc_release_pulp_client_key }}"
     policy: on_demand
+    proxy_url: "{{ pulp_proxy_url }}"
     sync_policy: mirror_complete
     state: present
     required: "{{ stackhpc_pulp_sync_centos_stream8 | bool }}"
@@ -257,6 +267,7 @@ stackhpc_pulp_repository_rpm_repos:
     client_cert: "{{ stackhpc_release_pulp_client_cert }}"
     client_key: "{{ stackhpc_release_pulp_client_key }}"
     policy: on_demand
+    proxy_url: "{{ pulp_proxy_url }}"
     sync_policy: mirror_content_only
     state: present
     required: "{{ stackhpc_pulp_sync_el_8 | bool }}"
@@ -265,6 +276,7 @@ stackhpc_pulp_repository_rpm_repos:
     client_cert: "{{ stackhpc_release_pulp_client_cert }}"
     client_key: "{{ stackhpc_release_pulp_client_key }}"
     policy: on_demand
+    proxy_url: "{{ pulp_proxy_url }}"
     sync_policy: mirror_complete
     state: present
     required: "{{ stackhpc_pulp_sync_el_8 | bool }}"
@@ -275,6 +287,7 @@ stackhpc_pulp_repository_rpm_repos:
     client_cert: "{{ stackhpc_release_pulp_client_cert }}"
     client_key: "{{ stackhpc_release_pulp_client_key }}"
     policy: on_demand
+    proxy_url: "{{ pulp_proxy_url }}"
     sync_policy: mirror_complete
     state: present
     required: "{{ stackhpc_pulp_sync_el_8 }}"
@@ -535,6 +548,7 @@ stackhpc_pulp_images_kolla_filtered: "{{ stackhpc_pulp_images_kolla | select('se
 stackhpc_pulp_repository_container_repos_kolla_common:
   url: "{{ stackhpc_release_pulp_registry_url }}"
   policy: on_demand
+  proxy_url: "{{ pulp_proxy_url }}"
   remote_username: "{{ stackhpc_release_pulp_username }}"
   remote_password: "{{ stackhpc_release_pulp_password }}"
   state: present