diff --git a/.github/workflows/overcloud-host-image-build.yml b/.github/workflows/overcloud-host-image-build.yml index 7f7b6fe5b..79eb472a1 100644 --- a/.github/workflows/overcloud-host-image-build.yml +++ b/.github/workflows/overcloud-host-image-build.yml @@ -209,7 +209,7 @@ jobs: if: inputs.ubuntu-jammy && steps.build_ubuntu_jammy.outcome == 'success' - name: Upload updated images artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: Updated images list path: /tmp/updated_images.txt @@ -218,7 +218,7 @@ jobs: steps.build_ubuntu_jammy.outcome == 'success' - name: Upload Rocky 9 build logs if build failed - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: Rocky 9 build logs path: | @@ -228,7 +228,7 @@ jobs: if: steps.build_rocky_9.outcome == 'failure' - name: Upload Ubuntu Jammy 22.04 build logs if build failed - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: Ubuntu Jammy 22.04 build logs path: | diff --git a/.github/workflows/stackhpc-all-in-one.yml b/.github/workflows/stackhpc-all-in-one.yml index 8ed5095bf..5c152295d 100644 --- a/.github/workflows/stackhpc-all-in-one.yml +++ b/.github/workflows/stackhpc-all-in-one.yml @@ -34,19 +34,19 @@ on: vm_interface: description: Default network interface name type: string - default: enp3s0 + default: ens3 vm_flavor: description: Flavor for the all-in-one VM type: string - default: general.v1.medium + default: en1.large vm_network: description: Network for the all-in-one VM type: string - default: stackhpc-release + default: stackhpc-ci vm_subnet: description: Subnet for the all-in-one VM type: string - default: stackhpc-release-subnet + default: stackhpc-ci OS_CLOUD: description: Name of cloud in clouds.yaml type: string @@ -74,7 +74,7 @@ jobs: all-in-one: name: All in one if: inputs.if - runs-on: [self-hosted, stackhpc-kayobe-config-aio] + runs-on: arc-skc-aio-runner permissions: {} env: KAYOBE_ENVIRONMENT: ci-aio @@ -85,6 +85,11 @@ jobs: # NOTE(upgrade): Reference the PREVIOUS release branch here. PREVIOUS_BRANCH: stackhpc/zed steps: + - name: Install Package + uses: ConorMacBride/install-package@main + with: + apt: git unzip nodejs + # If testing upgrade, checkout previous release, otherwise checkout current branch - name: Checkout ${{ inputs.upgrade && 'previous release' || 'current' }} config uses: actions/checkout@v4 @@ -102,6 +107,10 @@ jobs: fi echo kayobe_image=$kayobe_image >> $GITHUB_OUTPUT + - name: Make sure dockerd is running and test Docker. + run: | + docker run --rm hello-world + - name: Output image tag id: image_tag run: | @@ -168,7 +177,17 @@ jobs: OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }} - name: Terraform Apply - run: terraform apply -auto-approve + run: | + for attempt in $(seq 5); do + if terraform apply -auto-approve; then + echo "Created infrastructure on attempt $attempt" + break + fi + echo "Failed to create infrastructure on attempt $attempt" + sleep 10 + terraform destroy -auto-approve + sleep 60 + done working-directory: ${{ github.workspace }}/terraform/aio env: OS_CLOUD: ${{ inputs.OS_CLOUD }} @@ -232,17 +251,17 @@ jobs: # The same tag may be reused (e.g. stackhpc/yoga), so ensure we have the latest image. - name: Pull previous Kayobe image run: | - sudo docker image pull ${{ steps.kayobe_image.outputs.kayobe_image }} + docker image pull ${{ steps.kayobe_image.outputs.kayobe_image }} if: inputs.upgrade # The same tag may be reused (e.g. pr-123), so ensure we have the latest image. - name: Pull current Kayobe image run: | - sudo docker image pull $KAYOBE_IMAGE + docker image pull $KAYOBE_IMAGE - name: Run growroot run: | - sudo -E docker run -t --rm \ + docker run -t --rm \ -v $(pwd):/stack/kayobe-automation-env/src/kayobe-config \ -e KAYOBE_ENVIRONMENT -e KAYOBE_VAULT_PASSWORD -e KAYOBE_AUTOMATION_SSH_PRIVATE_KEY \ ${{ steps.kayobe_image.outputs.kayobe_image }} \ @@ -252,7 +271,7 @@ jobs: - name: Host configure run: | - sudo -E docker run -t --rm \ + docker run -t --rm \ -v $(pwd):/stack/kayobe-automation-env/src/kayobe-config \ -e KAYOBE_ENVIRONMENT -e KAYOBE_VAULT_PASSWORD -e KAYOBE_AUTOMATION_SSH_PRIVATE_KEY \ ${{ steps.kayobe_image.outputs.kayobe_image }} \ @@ -262,7 +281,7 @@ jobs: - name: Service deploy run: | - sudo -E docker run -t --rm \ + docker run -t --rm \ -v $(pwd):/stack/kayobe-automation-env/src/kayobe-config \ -e KAYOBE_ENVIRONMENT -e KAYOBE_VAULT_PASSWORD -e KAYOBE_AUTOMATION_SSH_PRIVATE_KEY \ ${{ steps.kayobe_image.outputs.kayobe_image }} \ @@ -272,7 +291,7 @@ jobs: - name: Configure aio resources run: | - sudo -E docker run -t --rm \ + docker run -t --rm \ -v $(pwd):/stack/kayobe-automation-env/src/kayobe-config \ -e KAYOBE_ENVIRONMENT -e KAYOBE_VAULT_PASSWORD -e KAYOBE_AUTOMATION_SSH_PRIVATE_KEY \ ${{ steps.kayobe_image.outputs.kayobe_image }} \ @@ -300,7 +319,7 @@ jobs: # Now begin upgrade - name: Host upgrade run: | - sudo -E docker run -t --rm \ + docker run -t --rm \ -v $(pwd):/stack/kayobe-automation-env/src/kayobe-config \ -e KAYOBE_ENVIRONMENT -e KAYOBE_VAULT_PASSWORD -e KAYOBE_AUTOMATION_SSH_PRIVATE_KEY \ $KAYOBE_IMAGE \ @@ -311,7 +330,7 @@ jobs: - name: Host configure run: | - sudo -E docker run -t --rm \ + docker run -t --rm \ -v $(pwd):/stack/kayobe-automation-env/src/kayobe-config \ -e KAYOBE_ENVIRONMENT -e KAYOBE_VAULT_PASSWORD -e KAYOBE_AUTOMATION_SSH_PRIVATE_KEY \ $KAYOBE_IMAGE \ @@ -322,7 +341,7 @@ jobs: - name: Service upgrade run: | - sudo -E docker run -t --rm \ + docker run -t --rm \ -v $(pwd):/stack/kayobe-automation-env/src/kayobe-config \ -e KAYOBE_ENVIRONMENT -e KAYOBE_VAULT_PASSWORD -e KAYOBE_AUTOMATION_SSH_PRIVATE_KEY \ $KAYOBE_IMAGE \ @@ -334,7 +353,7 @@ jobs: - name: Tempest tests run: | mkdir -p tempest-artifacts - sudo -E docker run -t --rm \ + docker run -t --rm \ -v $(pwd):/stack/kayobe-automation-env/src/kayobe-config \ -v $(pwd)/tempest-artifacts:/stack/tempest-artifacts \ -e KAYOBE_ENVIRONMENT -e KAYOBE_VAULT_PASSWORD -e KAYOBE_AUTOMATION_SSH_PRIVATE_KEY \ @@ -344,7 +363,7 @@ jobs: KAYOBE_AUTOMATION_SSH_PRIVATE_KEY: ${{ steps.ssh_key.outputs.ssh_key }} - name: Upload test result artifacts - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: tempest-results-${{ inputs.os_distribution }}-${{ inputs.os_release }}-${{ inputs.neutron_plugin }}${{ inputs.upgrade && '-upgrade' }} path: tempest-artifacts/* @@ -361,8 +380,3 @@ jobs: OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }} OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }} if: always() - - - name: Prune Docker images over 1 week old - # May fail if another prune is running - run: sudo docker image prune --all --force --filter until=168h || true - if: always() diff --git a/.github/workflows/stackhpc-build-kayobe-image.yml b/.github/workflows/stackhpc-build-kayobe-image.yml index 201c520b4..6ac1440e9 100644 --- a/.github/workflows/stackhpc-build-kayobe-image.yml +++ b/.github/workflows/stackhpc-build-kayobe-image.yml @@ -56,7 +56,7 @@ jobs: submodules: true - name: Log in to the Container registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -64,12 +64,12 @@ jobs: - name: Extract metadata (tags, labels) for Docker id: meta - uses: docker/metadata-action@v4 + uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 with: driver-opts: | image=moby/buildkit:master @@ -82,8 +82,10 @@ jobs: https_proxy: ${{ inputs.https_proxy }} no_proxy: ${{ inputs.no_proxy }} + # Setting KAYOBE_USER_UID and KAYOBE_USER_GID to 1001 to match docker's defaults + # so that docker can run as a privileged user within the Kayobe image. - name: Build and push Docker image - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v4 with: file: ./.automation/docker/kayobe/Dockerfile context: . @@ -91,6 +93,8 @@ jobs: http_proxy=${{ inputs.http_proxy }} https_proxy=${{ inputs.https_proxy }} BASE_IMAGE=${{ inputs.base_image || 'rockylinux:9' }} + KAYOBE_USER_UID=1001 + KAYOBE_USER_GID=1001 push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/stackhpc-check-tags.yml b/.github/workflows/stackhpc-check-tags.yml index 1fdb01307..0ef1526ae 100644 --- a/.github/workflows/stackhpc-check-tags.yml +++ b/.github/workflows/stackhpc-check-tags.yml @@ -20,29 +20,33 @@ jobs: check-tags: name: Check container image tags if: github.repository == 'stackhpc/stackhpc-kayobe-config' - runs-on: [self-hosted, stackhpc-kayobe-config-aio] + runs-on: arc-skc-aio-runner permissions: {} env: KAYOBE_ENVIRONMENT: ci-aio KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} KAYOBE_IMAGE: ${{ inputs.kayobe_image }} steps: - - uses: actions/checkout@v4 + - name: Install package dependencies + run: | + sudo apt update + sudo apt install -y git unzip nodejs + + - name: Checkout + uses: actions/checkout@v4 with: submodules: true # The same tag may be reused (e.g. pr-123), so ensure we have the latest image. - name: Pull latest Kayobe image run: | - sudo docker image pull $KAYOBE_IMAGE + docker image pull $KAYOBE_IMAGE - name: Check container image tags run: | - sudo -E docker run -t --rm \ + docker run -t --rm \ -v $(pwd):/stack/kayobe-automation-env/src/kayobe-config \ -e KAYOBE_ENVIRONMENT -e KAYOBE_VAULT_PASSWORD -e KAYOBE_AUTOMATION_SSH_PRIVATE_KEY \ $KAYOBE_IMAGE \ /stack/kayobe-automation-env/src/kayobe-config/.automation/pipeline/playbook-run.sh \ '$KAYOBE_CONFIG_PATH/ansible/check-tags.yml' - #env: - #KAYOBE_AUTOMATION_SSH_PRIVATE_KEY: ${{ steps.ssh_key.outputs.ssh_key }} diff --git a/.github/workflows/stackhpc-container-image-build.yml b/.github/workflows/stackhpc-container-image-build.yml index 63f649398..e90316c39 100644 --- a/.github/workflows/stackhpc-container-image-build.yml +++ b/.github/workflows/stackhpc-container-image-build.yml @@ -40,7 +40,7 @@ jobs: generate-tag: name: Generate container image tag if: github.repository == 'stackhpc/stackhpc-kayobe-config' - runs-on: [self-hosted, stackhpc-kayobe-config-kolla-builder-rl9] + runs-on: ubuntu-latest permissions: {} outputs: datetime_tag: ${{ steps.datetime_tag.outputs.datetime_tag }} @@ -88,7 +88,7 @@ jobs: container-image-build: name: Build Kolla container images if: github.repository == 'stackhpc/stackhpc-kayobe-config' - runs-on: [self-hosted, stackhpc-kayobe-config-kolla-builder-rl9] + runs-on: arc-skc-container-image-builder-runner timeout-minutes: 720 permissions: {} strategy: @@ -97,7 +97,13 @@ jobs: needs: - generate-tag steps: - - uses: actions/checkout@v4 + - name: Install package dependencies + run: | + sudo apt update + sudo apt install -y build-essential git unzip nodejs python3-wheel python3-pip python3-venv + + - name: Checkout + uses: actions/checkout@v4 with: path: src/kayobe-config @@ -108,20 +114,9 @@ jobs: ref: refs/heads/stackhpc/${{ needs.generate-tag.outputs.openstack_release }} path: src/kayobe - - name: Setup networking + - name: Make sure dockerd is running and test Docker run: | - if ! ip l show breth1 >/dev/null 2>&1; then - sudo ip l add breth1 type bridge - fi - sudo ip l set breth1 up - if ! ip a show breth1 | grep 192.168.33.3/24; then - sudo ip a add 192.168.33.3/24 dev breth1 - fi - if ! ip l show dummy1 >/dev/null 2>&1; then - sudo ip l add dummy1 type dummy - fi - sudo ip l set dummy1 up - sudo ip l set dummy1 master breth1 + docker run --rm hello-world - name: Install Kayobe run: | @@ -132,23 +127,19 @@ jobs: pip install -U pip && pip install ../src/kayobe - - name: Bootstrap the control host + # Required for Docker registry login. Normally installed during host configure. + - name: Install Docker Python SDK run: | - source venvs/kayobe/bin/activate && - source src/kayobe-config/kayobe-env --environment ci-builder && - kayobe control host bootstrap - - - name: Configure the seed host - run: | - source venvs/kayobe/bin/activate && - source src/kayobe-config/kayobe-env --environment ci-builder && - kayobe seed host configure - env: - KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} + pip install --user docker - - name: Prune local Kolla container images over 1 week old + - name: Configure localhost as a seed run: | - sudo docker image prune --all --force --filter until=168h --filter="label=kolla_version" + cat > src/kayobe-config/etc/kayobe/environments/ci-builder/inventory/hosts << EOF + # A 'seed' host used for building images. + # Use localhost for container image builds. + [seed] + localhost ansible_connection=local ansible_python_interpreter=/usr/bin/python3 + EOF - name: Build and push kolla overcloud images run: | @@ -183,13 +174,13 @@ jobs: - name: Get built container images run: | - sudo docker image ls --filter "reference=ark.stackhpc.com/stackhpc-dev/*:*${{ matrix.distro }}*${{ needs.generate-tag.outputs.datetime_tag }}" > ${{ matrix.distro }}-container-images + docker image ls --filter "reference=ark.stackhpc.com/stackhpc-dev/*:*${{ matrix.distro }}*${{ needs.generate-tag.outputs.datetime_tag }}" > ${{ matrix.distro }}-container-images - name: Fail if no images have been built run: if [ $(wc -l < ${{ matrix.distro }}-container-images) -le 1 ]; then exit 1; fi - name: Upload container images artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: ${{ matrix.distro }} container images path: ${{ matrix.distro }}-container-images diff --git a/.github/workflows/stackhpc-pull-request.yml b/.github/workflows/stackhpc-pull-request.yml index 79405720c..dcc0c7c34 100644 --- a/.github/workflows/stackhpc-pull-request.yml +++ b/.github/workflows/stackhpc-pull-request.yml @@ -25,7 +25,7 @@ jobs: uses: actions/checkout@v4 - name: Check changed files - uses: dorny/paths-filter@v2 + uses: dorny/paths-filter@v3 id: changes with: # Filters are defined in this file. @@ -51,7 +51,7 @@ jobs: with: fetch-depth: 0 - name: Setup Python ${{ matrix.python-version }} 🐍 - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: ${{ matrix.python-version }} - name: Install Tox 📦 @@ -98,7 +98,7 @@ jobs: os_release: jammy ssh_username: ubuntu neutron_plugin: ovs - OS_CLOUD: sms-lab-release + OS_CLOUD: openstack if: ${{ needs.check-changes.outputs.aio == 'true' }} secrets: inherit if: ${{ ! failure() && github.repository == 'stackhpc/stackhpc-kayobe-config' }} @@ -115,7 +115,7 @@ jobs: os_release: jammy ssh_username: ubuntu neutron_plugin: ovn - OS_CLOUD: sms-lab-release + OS_CLOUD: openstack if: ${{ needs.check-changes.outputs.aio == 'true' }} secrets: inherit if: ${{ ! failure() && github.repository == 'stackhpc/stackhpc-kayobe-config' }} @@ -132,7 +132,7 @@ jobs: os_release: "9" ssh_username: cloud-user neutron_plugin: ovs - OS_CLOUD: sms-lab-release + OS_CLOUD: openstack if: ${{ needs.check-changes.outputs.aio == 'true' }} secrets: inherit if: ${{ ! failure() && github.repository == 'stackhpc/stackhpc-kayobe-config' }} @@ -149,7 +149,7 @@ jobs: os_release: "9" ssh_username: cloud-user neutron_plugin: ovn - OS_CLOUD: sms-lab-release + OS_CLOUD: openstack if: ${{ needs.check-changes.outputs.aio == 'true' }} secrets: inherit if: ${{ ! failure() && github.repository == 'stackhpc/stackhpc-kayobe-config' }} @@ -168,7 +168,7 @@ jobs: os_release: jammy ssh_username: ubuntu neutron_plugin: ovs - OS_CLOUD: sms-lab-release + OS_CLOUD: openstack if: ${{ needs.check-changes.outputs.aio == 'true' }} upgrade: true secrets: inherit @@ -186,7 +186,7 @@ jobs: os_release: "9" ssh_username: cloud-user neutron_plugin: ovn - OS_CLOUD: sms-lab-release + OS_CLOUD: openstack if: ${{ needs.check-changes.outputs.aio == 'true' }} upgrade: true secrets: inherit diff --git a/etc/kayobe/apt.yml b/etc/kayobe/apt.yml index 99b5125ec..8de4de783 100644 --- a/etc/kayobe/apt.yml +++ b/etc/kayobe/apt.yml @@ -75,6 +75,22 @@ apt_repositories: "{{ stackhpc_apt_repositories if 'overcloud' in group_names el # repository mirrors are deployed. apt_disable_sources_list: "{{ 'overcloud' in group_names }}" +# Apt auth configuration for accessing the package repository mirror. +stackhpc_apt_auth: + - machine: "{{ stackhpc_repo_mirror_url }}" + login: "{{ stackhpc_repo_mirror_username }}" + password: "{{ stackhpc_repo_mirror_password }}" + filename: "kayobe.conf" + +# List of Apt auth configurations. Each item is a dict with the following keys: +# * machine: 'machine' entry in the auth file +# * login: 'login' entry in the auth file +# * password: 'password' entry in the auth file +# * filename: Name of a file in which to store the auth configuration. The +# extension should be '.conf'. +# Default is an empty list. +apt_auth: "{{ stackhpc_apt_auth if 'overcloud' in group_names and stackhpc_repo_mirror_username is truthy else [] }}" + ############################################################################### # Dummy variable to allow Ansible to accept this file. workaround_ansible_issue_8743: yes diff --git a/etc/kayobe/dnf.yml b/etc/kayobe/dnf.yml index 9d7f3d986..31de1973d 100644 --- a/etc/kayobe/dnf.yml +++ b/etc/kayobe/dnf.yml @@ -58,6 +58,8 @@ dnf_custom_repos_el9: file: epel gpgkey: "{{ dnf_epel_9_gpg_key_url }}" gpgcheck: yes + username: "{{ stackhpc_repo_mirror_username | default(omit, true) }}" + password: "{{ stackhpc_repo_mirror_password | default(omit, true) }}" docker: baseurl: "{{ stackhpc_repo_centos_stream_9_docker_url }}" description: "Package repository for installing docker" @@ -65,6 +67,8 @@ dnf_custom_repos_el9: file: docker gpgkey: "{{ dnf_docker_gpg_key_url }}" gpgcheck: yes + username: "{{ stackhpc_repo_mirror_username | default(omit, true) }}" + password: "{{ stackhpc_repo_mirror_password | default(omit, true) }}" # ELRepo 9 dnf_custom_repos_elrepo_9: @@ -75,6 +79,8 @@ dnf_custom_repos_elrepo_9: file: elrepo gpgkey: https://www.elrepo.org/RPM-GPG-KEY-elrepo.org gpgcheck: yes + username: "{{ stackhpc_repo_mirror_username | default(omit, true) }}" + password: "{{ stackhpc_repo_mirror_password | default(omit, true) }}" # Rocky 9 specific repositories dnf_custom_repos_rocky_9: @@ -84,24 +90,32 @@ dnf_custom_repos_rocky_9: file: rocky gpgkey: "{{ rocky_9_gpg_key }}" gpgcheck: yes + username: "{{ stackhpc_repo_mirror_username | default(omit, true) }}" + password: "{{ stackhpc_repo_mirror_password | default(omit, true) }}" baseos: baseurl: "{{ stackhpc_repo_rocky_9_baseos_url }}" description: "Rocky Linux $releasever - BaseOS" file: rocky gpgkey: "{{ rocky_9_gpg_key }}" gpgcheck: yes + username: "{{ stackhpc_repo_mirror_username | default(omit, true) }}" + password: "{{ stackhpc_repo_mirror_password | default(omit, true) }}" crb: baseurl: "{{ stackhpc_repo_rocky_9_crb_url }}" description: "Rocky Linux $releasever - CRB" file: rocky gpgkey: "{{ rocky_9_gpg_key }}" gpgcheck: yes + username: "{{ stackhpc_repo_mirror_username | default(omit, true) }}" + password: "{{ stackhpc_repo_mirror_password | default(omit, true) }}" extras: baseurl: "{{ stackhpc_repo_rocky_9_extras_url }}" description: "Rocky Linux $releasever - Extras" file: rocky-extras gpgkey: "{{ rocky_9_gpg_key }}" gpgcheck: yes + username: "{{ stackhpc_repo_mirror_username | default(omit, true) }}" + password: "{{ stackhpc_repo_mirror_password | default(omit, true) }}" # Whether to enable EPEL repositories. This affects RedHat-based systems only. dnf_enable_epel: "{{ dnf_install_epel | bool }}" diff --git a/etc/kayobe/environments/ci-aio/stackhpc-ci.yml b/etc/kayobe/environments/ci-aio/stackhpc-ci.yml index 384afbd92..f7f69d01a 100644 --- a/etc/kayobe/environments/ci-aio/stackhpc-ci.yml +++ b/etc/kayobe/environments/ci-aio/stackhpc-ci.yml @@ -17,7 +17,10 @@ resolv_is_managed: false # Host and port of a package repository mirror. # Build and deploy the development Pulp service repositories. -stackhpc_repo_mirror_url: "http://pulp-server.internal.sms-cloud:8080" +# Use Ark's package repositories to install packages. +stackhpc_repo_mirror_url: "{{ stackhpc_release_pulp_url }}" +stackhpc_repo_mirror_username: "{{ stackhpc_docker_registry_username }}" +stackhpc_repo_mirror_password: "{{ stackhpc_docker_registry_password }}" # Build against released Pulp repository versions. stackhpc_repo_grafana_version: "{{ stackhpc_pulp_repo_grafana_version }}" @@ -54,14 +57,14 @@ stackhpc_include_os_minor_version_in_repo_url: true stackhpc_docker_registry: "{{ stackhpc_repo_mirror_url | regex_replace('^https?://', '') }}" # Username and password of container registry. -stackhpc_docker_registry_username: "admin" +stackhpc_docker_registry_username: "release-train-ci" stackhpc_docker_registry_password: !vault | $ANSIBLE_VAULT;1.1;AES256 - 38653432663133653430323937626239323836653537633633326265643930653034306532646464 - 3766353637326534643136326533633034666535323364660a633639393433376564363666663233 - 38333133393730633666613965653364316162353337313330346164303631313731646461363461 - 3963323635373866630a633533376339363734626664333765313665623662613764363038383735 - 38646138376438643533376161376634653439386230353365316239613430363338 + 38356134376436656165303634626531653836366233383531343439646433376334396438373735 + 3135643664353934356237376134623235356137383263300a333165386562396134633534376532 + 34386133383366326639353432386235336132663839333337323739633434613934346462363031 + 3265323831663964360a643962346231386462323236373963633066393736323234303833363535 + 3664 # Override Pulp credentials to allow querying container image tags in the # check-tags.yml custom playbook. diff --git a/etc/kayobe/environments/ci-builder/stackhpc-ci.yml b/etc/kayobe/environments/ci-builder/stackhpc-ci.yml index 101931d6a..cf0939088 100644 --- a/etc/kayobe/environments/ci-builder/stackhpc-ci.yml +++ b/etc/kayobe/environments/ci-builder/stackhpc-ci.yml @@ -39,7 +39,10 @@ resolv_is_managed: false # Host and port of a package repository mirror. # Build against the development Pulp service repositories. -stackhpc_repo_mirror_url: "http://pulp-server.internal.sms-cloud:8080" +# Use Ark's package repositories to install packages. +stackhpc_repo_mirror_url: "{{ stackhpc_release_pulp_url }}" +stackhpc_repo_mirror_username: "{{ stackhpc_docker_registry_username }}" +stackhpc_repo_mirror_password: "{{ stackhpc_docker_registry_password }}" # Build against released Pulp repository versions. stackhpc_repo_grafana_version: "{{ stackhpc_pulp_repo_grafana_version }}" diff --git a/etc/kayobe/kolla.yml b/etc/kayobe/kolla.yml index f65d2b90e..9454a6008 100644 --- a/etc/kayobe/kolla.yml +++ b/etc/kayobe/kolla.yml @@ -246,12 +246,26 @@ kolla_build_blocks: sed -i -e '/\[{{ repo.tag }}\]/,/^\[/ s/^\(mirrorlist *=.*\)/#\1/g' \ -e '/\[{{ repo.tag }}\]/,/^\[/ s/^[# ]*\(baseurl *=.*\)/#\1/g' \ -e '/\[{{ repo.tag }}\]/,/^\[/ s/^[# ]*\(metalink *=.*\)/#\1/g' \ + {% if stackhpc_repo_mirror_username is truthy %} + -e '/\[{{ repo.tag }}\]/,/^\[/ s|^\(name.*\)|\1\nusername={{ stackhpc_repo_mirror_username }}|' \ + -e '/\[{{ repo.tag }}\]/,/^\[/ s|^\(name.*\)|\1\npassword={{ stackhpc_repo_mirror_password }}|' \ + {% endif %} -e '/\[{{ repo.tag }}\]/,/^\[/ s|^\(name.*\)|\1\nbaseurl={{ repo.url }}|' /etc/yum.repos.d/{{ repo.file }}{% if not loop.last %} && \ {% endif %} {% endfor %} {% else %} RUN \ rm /etc/apt/sources.list && \ + rm -f /etc/apt/auth.conf && \ + {% if stackhpc_repo_mirror_url | urlsplit('scheme') == 'https' %} + {# We lack the ca-certificates package at this stage, so don't verify the CA #} + echo 'Acquire::https::Verify-Peer "false";' > /etc/apt/apt.conf.d/90no-verify-peer && \ + {% endif %} + {% if stackhpc_repo_mirror_username is truthy %} + echo 'machine {{ stackhpc_repo_mirror_url }}' >> /etc/apt/auth.conf && \ + echo 'login {{ stackhpc_repo_mirror_username }}' >> /etc/apt/auth.conf && \ + echo 'password {{ stackhpc_repo_mirror_password }}' >> /etc/apt/auth.conf && \ + {% endif %} {% for repo in stackhpc_ubuntu_jammy_base_repos %} echo '{{ repo }}' >> /etc/apt/sources.list {% if not loop.last %} && \ {% endif %} @@ -269,6 +283,10 @@ kolla_build_blocks: sed -i -e '/\[{{ repo.tag }}\]/,/^\[/ s/^\(mirrorlist *=.*\)/#\1/g' \ -e '/\[{{ repo.tag }}\]/,/^\[/ s/^[# ]*\(baseurl *=.*\)/#\1/g' \ -e '/\[{{ repo.tag }}\]/,/^\[/ s/^[# ]*\(metalink *=.*\)/#\1/g' \ + {% if stackhpc_repo_mirror_username is truthy %} + -e '/\[{{ repo.tag }}\]/,/^\[/ s|^\(name.*\)|\1\nusername={{ stackhpc_repo_mirror_username }}|' \ + -e '/\[{{ repo.tag }}\]/,/^\[/ s|^\(name.*\)|\1\npassword={{ stackhpc_repo_mirror_password }}|' \ + {% endif %} -e '/\[{{ repo.tag }}\]/,/^\[/ s|^\(name.*\)|\1\nbaseurl={{ repo.url }}|' /etc/yum.repos.d/{{ repo.file }}{% if not loop.last %} &&{% endif %} \ {% endfor %} {% endif %} @@ -279,6 +297,13 @@ kolla_build_blocks: {% endif %} RUN \ rm /etc/apt/sources.list && \ + rm -f /etc/apt/auth.conf && \ + rm -f /etc/apt/apt.conf.d/90no-verify-peer && \ + {% if stackhpc_repo_mirror_username is truthy %} + echo 'machine {{ stackhpc_repo_mirror_url }}' >> /etc/apt/auth.conf && \ + echo 'login {{ stackhpc_repo_mirror_username }}' >> /etc/apt/auth.conf && \ + echo 'password {{ stackhpc_repo_mirror_password }}' >> /etc/apt/auth.conf && \ + {% endif %} {% for repo in stackhpc_ubuntu_jammy_repos %} echo '{{ repo }}' >> /etc/apt/sources.list {% if not loop.last %} && \ {% endif %} diff --git a/etc/kayobe/stackhpc.yml b/etc/kayobe/stackhpc.yml index b12837869..b94b355bb 100644 --- a/etc/kayobe/stackhpc.yml +++ b/etc/kayobe/stackhpc.yml @@ -2,6 +2,12 @@ # Host and port of a package repository mirror. stackhpc_repo_mirror_url: "{{ pulp_url }}" +# Username of a package repository mirror. +stackhpc_repo_mirror_username: + +# Password of a package repository mirror. +stackhpc_repo_mirror_password: + # Distribution name. Either 'development' or 'production'. stackhpc_repo_distribution: "development"