From 72c30177050ad6fb88e72ce24d4a8b9f02eca5a7 Mon Sep 17 00:00:00 2001 From: Mark Goddard Date: Wed, 15 Nov 2023 15:55:43 +0000 Subject: [PATCH 1/4] RL9: Set SELinux to permissive mode in the standard overcloud host image From the Zed release, Kayobe changes its default SELinux mode from disabled to permissive. Changing SELinux from disabled to permissive mode requires a reboot, so it's best to include the correct mode in the image. This change is proposed to the Yoga branch because that is the point of the RL9 migration, when it is most convenient to make this change. Doing so requires a backport of the Kayobe patch supporting SELinux modes, and for Kayobe config to set selinux_mode to permissive (we would not change the default config in a backport). --- etc/kayobe/stackhpc-overcloud-dib.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/etc/kayobe/stackhpc-overcloud-dib.yml b/etc/kayobe/stackhpc-overcloud-dib.yml index fcce90746..ef939b758 100644 --- a/etc/kayobe/stackhpc-overcloud-dib.yml +++ b/etc/kayobe/stackhpc-overcloud-dib.yml @@ -23,7 +23,7 @@ stackhpc_overcloud_dib_name: "deployment_image" stackhpc_overcloud_dib_elements: - "{{ os_distribution }}-{% if os_distribution == 'rocky' %}container-stackhpc{% else %}minimal{% endif %}" - "cloud-init-datasources" - - "{% if os_distribution in ['centos', 'rocky'] %}disable-selinux{% endif %}" + - "{% if os_distribution == 'rocky' and os_release == '9' %}selinux-permissive{% elif os_distribution in ['centos', 'rocky'] %}disable-selinux{% endif %}" - "enable-serial-console" - "{% if kayobe_environment == 'ci-builder' %}etc-hosts{% endif %}" - "vm" @@ -55,8 +55,7 @@ stackhpc_overcloud_dib_env_vars: # Avoid DNS queries during sudo commands, since we might not always have working DNS. DIB_SUDOERS_CONFIG: | Defaults !fqdn - # FIXME: Support templating repo files. - # DIB_YUM_MINIMAL_BOOTSTRAP_REPOS: /path/to/dir/containing/dib-mirror-*.repo + DIB_YUM_MINIMAL_BOOTSTRAP_REPOS: /etc/yum.repos.d/ YUM: dnf # Workaround for stack user home ownership bug DIB_IMAGE_CACHE: "/tmp/yum" From 920f01dd1c3d58c99c9896e91ae512bc64be5cfa Mon Sep 17 00:00:00 2001 From: Mark Goddard Date: Wed, 15 Nov 2023 16:03:53 +0000 Subject: [PATCH 2/4] RL9: Use Pulp repo snapshots when building overcloud host image --- etc/kayobe/stackhpc-overcloud-dib.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/etc/kayobe/stackhpc-overcloud-dib.yml b/etc/kayobe/stackhpc-overcloud-dib.yml index ef939b758..a7c82cf74 100644 --- a/etc/kayobe/stackhpc-overcloud-dib.yml +++ b/etc/kayobe/stackhpc-overcloud-dib.yml @@ -55,7 +55,10 @@ stackhpc_overcloud_dib_env_vars: # Avoid DNS queries during sudo commands, since we might not always have working DNS. DIB_SUDOERS_CONFIG: | Defaults !fqdn - DIB_YUM_MINIMAL_BOOTSTRAP_REPOS: /etc/yum.repos.d/ + # On Rocky Linux 9, use the host's repo files. + # These will have been configured to point to Test Pulp repo snapshots during the 'host configure' step. + # FIXME: This assumes we are building on RL9, which may not be the case. + DIB_YUM_MINIMAL_BOOTSTRAP_REPOS: "{% if os_distribution == 'rocky' and os_release == '9' %}/etc/yum.repos.d/{% endif %}" YUM: dnf # Workaround for stack user home ownership bug DIB_IMAGE_CACHE: "/tmp/yum" From 6c8460bf2ec8132b5ae659c891bde7ddbf56560c Mon Sep 17 00:00:00 2001 From: Mark Goddard Date: Thu, 16 Nov 2023 11:42:17 +0000 Subject: [PATCH 3/4] Add retries to overcloud host image pulp tasks Retries have been added to the stackhpc.pulp collection to improve reliability. Adding the same here. --- .../ansible/pulp-host-image-promote.yml | 7 +++++ etc/kayobe/ansible/pulp-host-image-upload.yml | 26 +++++++++++++++++++ 2 files changed, 33 insertions(+) diff --git a/etc/kayobe/ansible/pulp-host-image-promote.yml b/etc/kayobe/ansible/pulp-host-image-promote.yml index d93d71d51..c6412415a 100644 --- a/etc/kayobe/ansible/pulp-host-image-promote.yml +++ b/etc/kayobe/ansible/pulp-host-image-promote.yml @@ -19,6 +19,9 @@ name: "{{ repository_name }}_{{ promotion_tag }}" base_path: "{{ base_path }}/{{ promotion_tag }}" register: distribution_details + until: distribution_details is success + retries: 3 + delay: 1 - name: Fail if the image does not exist fail: @@ -34,6 +37,10 @@ base_path: "{{ base_path }}/{{ promotion_tag }}" content_guard: release state: present + register: content_guard_result + until: content_guard_result is success + retries: 3 + delay: 1 - name: Print version tag and os debug: diff --git a/etc/kayobe/ansible/pulp-host-image-upload.yml b/etc/kayobe/ansible/pulp-host-image-upload.yml index a06897d90..6b80e47e9 100644 --- a/etc/kayobe/ansible/pulp-host-image-upload.yml +++ b/etc/kayobe/ansible/pulp-host-image-upload.yml @@ -25,6 +25,10 @@ password: "{{ remote_pulp_password }}" file: "{{ found_files.files[0].path }}" state: present + register: upload_result + until: upload_result is success + retries: 3 + delay: 1 - name: Get sha256 hash ansible.builtin.stat: @@ -40,6 +44,10 @@ sha256: "{{ file_stats.stat.checksum }}" relative_path: "{{ found_files.files[0].path | basename }}" state: present + register: file_content_result + until: file_content_result is success + retries: 3 + delay: 1 - name: Ensure file repo exists pulp.squeezer.file_repository: @@ -48,6 +56,10 @@ password: "{{ remote_pulp_password }}" name: "{{ repository_name }}" state: present + register: file_repo_result + until: file_repo_result is success + retries: 3 + delay: 1 - name: Add content to file repo pulp.squeezer.file_repository_content: @@ -58,6 +70,10 @@ present_content: - relative_path: "{{ found_files.files[0].path | basename }}" sha256: "{{ file_stats.stat.checksum }}" + register: file_repo_content_result + until: file_repo_content_result is success + retries: 3 + delay: 1 - name: Create a new publication to point to this version pulp.squeezer.file_publication: @@ -67,6 +83,9 @@ repository: "{{ repository_name }}" state: present register: publication_details + until: publication_details is success + retries: 3 + delay: 1 - name: Update distribution for latest version pulp.squeezer.file_distribution: @@ -79,6 +98,9 @@ content_guard: development state: present register: latest_distribution_details + until: latest_distribution_details is success + retries: 3 + delay: 1 - name: Create distribution for given version pulp.squeezer.file_distribution: @@ -91,6 +113,10 @@ content_guard: development state: present when: latest_distribution_details.changed + register: distribution_result + until: distribution_result is success + retries: 3 + delay: 1 - name: Update new images file with versioned path lineinfile: From 106d23695d227b7d6435de8b785afca08b41fc91 Mon Sep 17 00:00:00 2001 From: Michal Nasiadka Date: Tue, 5 Dec 2023 15:56:53 +0000 Subject: [PATCH 4/4] Use build args in containerfile element --- etc/kayobe/overcloud-dib.yml | 2 +- etc/kayobe/stackhpc-overcloud-dib.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/etc/kayobe/overcloud-dib.yml b/etc/kayobe/overcloud-dib.yml index 8f59d58ef..7b60f463a 100644 --- a/etc/kayobe/overcloud-dib.yml +++ b/etc/kayobe/overcloud-dib.yml @@ -71,7 +71,7 @@ overcloud_dib_host_packages_extra: overcloud_dib_git_elements_extra: - repo: "https://github.com/stackhpc/stackhpc-image-elements" local: "{{ source_checkout_path }}/stackhpc-image-elements" - version: "v1.6.0" + version: "rocky_container_pulp" elements_path: "elements" # List of git repositories containing Diskimage Builder (DIB) elements. See diff --git a/etc/kayobe/stackhpc-overcloud-dib.yml b/etc/kayobe/stackhpc-overcloud-dib.yml index a7c82cf74..024aff9bd 100644 --- a/etc/kayobe/stackhpc-overcloud-dib.yml +++ b/etc/kayobe/stackhpc-overcloud-dib.yml @@ -58,10 +58,10 @@ stackhpc_overcloud_dib_env_vars: # On Rocky Linux 9, use the host's repo files. # These will have been configured to point to Test Pulp repo snapshots during the 'host configure' step. # FIXME: This assumes we are building on RL9, which may not be the case. - DIB_YUM_MINIMAL_BOOTSTRAP_REPOS: "{% if os_distribution == 'rocky' and os_release == '9' %}/etc/yum.repos.d/{% endif %}" YUM: dnf # Workaround for stack user home ownership bug DIB_IMAGE_CACHE: "/tmp/yum" + DIB_CONTAINERFILE_BUILDOPTS: "--add-host pulp-server.internal.sms-cloud:10.205.3.187 --build-arg ROCKY_USE_MIRROR=true --build-arg ROCKY_APPSTREAM_URL={{ stackhpc_repo_rocky_9_appstream_url }} --build-arg ROCKY_BASEOS_URL={{ stackhpc_repo_rocky_9_baseos_url }} --build-arg ROCKY_CRB_URL={{ stackhpc_repo_rocky_9_crb_url }}" # StackHPC overcloud DIB image packages. stackhpc_overcloud_dib_packages: