diff --git a/.github/workflows/stackhpc-all-in-one.yml b/.github/workflows/stackhpc-all-in-one.yml index 75aff0f82..ba6fa26cb 100644 --- a/.github/workflows/stackhpc-all-in-one.yml +++ b/.github/workflows/stackhpc-all-in-one.yml @@ -290,8 +290,3 @@ jobs: OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }} OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }} if: always() - - - name: Prune Docker images over 1 week old - # May fail if another prune is running - run: docker image prune --all --force --filter until=168h || true - if: always() diff --git a/.github/workflows/stackhpc-container-image-build.yml b/.github/workflows/stackhpc-container-image-build.yml index 5309b21d5..296637775 100644 --- a/.github/workflows/stackhpc-container-image-build.yml +++ b/.github/workflows/stackhpc-container-image-build.yml @@ -45,7 +45,7 @@ jobs: generate-tag: name: Generate container image tag if: github.repository == 'stackhpc/stackhpc-kayobe-config' - runs-on: [self-hosted, stackhpc-kayobe-config-kolla-builder] + runs-on: ubuntu-latest permissions: {} outputs: kolla_tag: ${{ steps.kolla_tag.outputs.kolla_tag }} @@ -97,7 +97,7 @@ jobs: container-image-build: name: Build Kolla container images if: github.repository == 'stackhpc/stackhpc-kayobe-config' - runs-on: [self-hosted, stackhpc-kayobe-config-kolla-builder] + runs-on: arc-skc-container-image-builder-runner timeout-minutes: 720 permissions: {} strategy: @@ -106,7 +106,13 @@ jobs: needs: - generate-tag steps: - - uses: actions/checkout@v4 + - name: Install package dependencies + run: | + sudo apt update + sudo apt install -y build-essential git unzip nodejs python3-wheel python3-pip python3-venv + + - name: Checkout + uses: actions/checkout@v4 with: path: src/kayobe-config @@ -117,33 +123,9 @@ jobs: ref: refs/heads/stackhpc/${{ needs.generate-tag.outputs.openstack_release }} path: src/kayobe - # FIXME: Failed in kolla-ansible : Ensure the latest version of pip is installed - - name: Install dependencies + - name: Make sure dockerd is running and test Docker run: | - sudo dnf -y install python3-virtualenv - - - name: Setup networking - run: | - if ! ip l show breth1 >/dev/null 2>&1; then - sudo ip l add breth1 type bridge - fi - sudo ip l set breth1 up - if ! ip a show breth1 | grep 192.168.33.3/24; then - sudo ip a add 192.168.33.3/24 dev breth1 - fi - if ! ip l show dummy1 >/dev/null 2>&1; then - sudo ip l add dummy1 type dummy - fi - sudo ip l set dummy1 up - sudo ip l set dummy1 master breth1 - - # FIXME: Without this workaround we see the following issue after the runner is power cycled: - # TASK [MichaelRigart.interfaces : RedHat | ensure network service is started and enabled] *** - # Unable to start service network: Job for network.service failed because the control process exited with error code. - # See \"systemctl status network.service\" and \"journalctl -xe\" for details. - - name: Kill dhclient (workaround) - run: | - (sudo killall dhclient || true) && sudo systemctl restart network + docker run --rm hello-world - name: Install Kayobe run: | @@ -154,23 +136,19 @@ jobs: pip install -U pip && pip install ../src/kayobe - - name: Bootstrap the control host - run: | - source venvs/kayobe/bin/activate && - source src/kayobe-config/kayobe-env --environment ci-builder && - kayobe control host bootstrap - - - name: Configure the seed host + # Required for Docker registry login. Normally installed during host configure. + - name: Install Docker Python SDK run: | - source venvs/kayobe/bin/activate && - source src/kayobe-config/kayobe-env --environment ci-builder && - kayobe seed host configure - env: - KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} + pip install --user docker - - name: Prune local Kolla container images over 1 week old + - name: Configure localhost as a seed run: | - sudo docker image prune --all --force --filter until=168h --filter="label=kolla_version" + cat > src/kayobe-config/etc/kayobe/environments/ci-builder/inventory/hosts << EOF + # A 'seed' host used for building images. + # Use localhost for container image builds. + [seed] + localhost ansible_connection=local ansible_python_interpreter=/usr/bin/python3 + EOF - name: Build and push kolla overcloud images run: | @@ -203,7 +181,7 @@ jobs: - name: Get built container images run: | - sudo docker image ls --filter "reference=ark.stackhpc.com/stackhpc-dev/${{ matrix.distro }}-*:${{ needs.generate-tag.outputs.kolla_tag }}" > ${{ matrix.distro }}-container-images + docker image ls --filter "reference=ark.stackhpc.com/stackhpc-dev/${{ matrix.distro }}-*:${{ needs.generate-tag.outputs.kolla_tag }}" > ${{ matrix.distro }}-container-images - name: Fail if no images have been built run: if [ $(wc -l < ${{ matrix.distro }}-container-images) -le 1 ]; then exit 1; fi diff --git a/etc/kayobe/kolla.yml b/etc/kayobe/kolla.yml index 082e9243b..15407f00c 100644 --- a/etc/kayobe/kolla.yml +++ b/etc/kayobe/kolla.yml @@ -317,12 +317,26 @@ kolla_build_blocks: sed -i -e '/\[{{ repo.tag }}\]/,/^\[/ s/^\(mirrorlist *=.*\)/#\1/g' \ -e '/\[{{ repo.tag }}\]/,/^\[/ s/^[# ]*\(baseurl *=.*\)/#\1/g' \ -e '/\[{{ repo.tag }}\]/,/^\[/ s/^[# ]*\(metalink *=.*\)/#\1/g' \ + {% if stackhpc_repo_mirror_username is truthy %} + -e '/\[{{ repo.tag }}\]/,/^\[/ s|^\(name.*\)|\1\nusername={{ stackhpc_repo_mirror_username }}|' \ + -e '/\[{{ repo.tag }}\]/,/^\[/ s|^\(name.*\)|\1\npassword={{ stackhpc_repo_mirror_password }}|' \ + {% endif %} -e '/\[{{ repo.tag }}\]/,/^\[/ s|^\(name.*\)|\1\nbaseurl={{ repo.url }}|' /etc/yum.repos.d/{{ repo.file }}{% if not loop.last %} && \ {% endif %} {% endfor %} {% else %} RUN \ rm /etc/apt/sources.list && \ + rm -f /etc/apt/auth.conf && \ + {% if stackhpc_repo_mirror_url | urlsplit('scheme') == 'https' %} + {# We lack the ca-certificates package at this stage, so don't verify the CA #} + echo 'Acquire::https::Verify-Peer "false";' > /etc/apt/apt.conf.d/90no-verify-peer && \ + {% endif %} + {% if stackhpc_repo_mirror_username is truthy %} + echo 'machine {{ stackhpc_repo_mirror_url }}' >> /etc/apt/auth.conf && \ + echo 'login {{ stackhpc_repo_mirror_username }}' >> /etc/apt/auth.conf && \ + echo 'password {{ stackhpc_repo_mirror_password }}' >> /etc/apt/auth.conf && \ + {% endif %} {% for repo in stackhpc_ubuntu_focal_base_repos %} echo '{{ repo }}' >> /etc/apt/sources.list {% if not loop.last %} && \ {% endif %} @@ -340,6 +354,10 @@ kolla_build_blocks: sed -i -e '/\[{{ repo.tag }}\]/,/^\[/ s/^\(mirrorlist *=.*\)/#\1/g' \ -e '/\[{{ repo.tag }}\]/,/^\[/ s/^[# ]*\(baseurl *=.*\)/#\1/g' \ -e '/\[{{ repo.tag }}\]/,/^\[/ s/^[# ]*\(metalink *=.*\)/#\1/g' \ + {% if stackhpc_repo_mirror_username is truthy %} + -e '/\[{{ repo.tag }}\]/,/^\[/ s|^\(name.*\)|\1\nusername={{ stackhpc_repo_mirror_username }}|' \ + -e '/\[{{ repo.tag }}\]/,/^\[/ s|^\(name.*\)|\1\npassword={{ stackhpc_repo_mirror_password }}|' \ + {% endif %} -e '/\[{{ repo.tag }}\]/,/^\[/ s|^\(name.*\)|\1\nbaseurl={{ repo.url }}|' /etc/yum.repos.d/{{ repo.file }}{% if not loop.last %} &&{% endif %} \ {% endfor %} {% endif %} @@ -350,6 +368,13 @@ kolla_build_blocks: {% endif %} RUN \ rm /etc/apt/sources.list && \ + rm -f /etc/apt/auth.conf && \ + rm -f /etc/apt/apt.conf.d/90no-verify-peer && \ + {% if stackhpc_repo_mirror_username is truthy %} + echo 'machine {{ stackhpc_repo_mirror_url }}' >> /etc/apt/auth.conf && \ + echo 'login {{ stackhpc_repo_mirror_username }}' >> /etc/apt/auth.conf && \ + echo 'password {{ stackhpc_repo_mirror_password }}' >> /etc/apt/auth.conf && \ + {% endif %} {% for repo in stackhpc_ubuntu_focal_repos %} echo '{{ repo }}' >> /etc/apt/sources.list {% if not loop.last %} && \ {% endif %}