Merge branch 'stackhpc/2024.1' into pulp-tls-update

Author: jackhodgkiss

.github/workflows/package-build-ofed.yml

@@ -28,6 +28,11 @@ jobs:
     runs-on: arc-skc-host-image-builder-runner
     permissions: {}
     steps:
+      - name: Generate OFED tag
+        id: ofed_tag
+        run: |
+          echo "ofed_tag=$(date +%Y%m%dT%H%M%S)" >> $GITHUB_OUTPUT
+
       - name: Install Package
         uses: ConorMacBride/install-package@main
         with:
@@ -42,32 +47,14 @@ jobs:
         with:
           path: src/kayobe-config
 
-      - name: Determine OpenStack release
-        id: openstack_release
-        run: |
-          BRANCH=$(awk -F'=' '/defaultbranch/ {print $2}' src/kayobe-config/.gitreview)
-          echo "openstack_release=${BRANCH}" | sed -E "s,(stable|unmaintained)/,," >> $GITHUB_OUTPUT
-
-      - name: Generate OFED tag
-        id: ofed_tag
-        run: |
-          echo "ofed_tag=$(date +%Y%m%dT%H%M%S)" >> $GITHUB_OUTPUT
-
-      - name: Clone StackHPC Kayobe repository
-        uses: actions/checkout@v4
-        with:
-          repository: stackhpc/kayobe
-          ref: refs/heads/stackhpc/${{ steps.openstack_release.outputs.openstack_release }}
-          path: src/kayobe
-
       - name: Install Kayobe
         run: |
           mkdir -p venvs &&
           pushd venvs &&
           python3 -m venv kayobe &&
           source kayobe/bin/activate &&
           pip install -U pip &&
-          pip install ../src/kayobe
+          pip install -r ../src/kayobe-config/requirements.txt
 
       - name: Install terraform
         uses: hashicorp/setup-terraform@v2

.github/workflows/stackhpc-container-image-build.yml

@@ -94,18 +94,21 @@ jobs:
       # Dynamically define job matrix.
       # We need a separate matrix entry for each distribution, when the relevant input is true.
       # https://stackoverflow.com/questions/65384420/how-do-i-make-a-github-action-matrix-element-conditional
+      # NOTE(bbezak): Both amd64 and aarch64 need to be built in a single workflow to create a multi-architecture manifest.
+      # For now include only RL9 in aarch64
       - name: Generate build matrix
         id: set-matrix
         run: |
           output="{'distro': ["
           if [[ ${{ inputs.rocky-linux-9 }} == 'true' ]]; then
-              output+="{'name': 'rocky', 'release': 9},"
+              output+="{'name': 'rocky', 'release': 9, 'arch': 'amd64'},"
+              output+="{'name': 'rocky', 'release': 9, 'arch': 'aarch64'},"
           fi
           if [[ ${{ inputs.ubuntu-jammy }} == 'true' ]]; then
-              output+="{'name': 'ubuntu', 'release': 'jammy'},"
+              output+="{'name': 'ubuntu', 'release': 'jammy', 'arch': 'amd64'},"
           fi
           if [[ ${{ inputs.ubuntu-noble }} == 'true' ]]; then
-              output+="{'name': 'ubuntu', 'release': 'noble'},"
+              output+="{'name': 'ubuntu', 'release': 'noble', 'arch': 'amd64'},"
           fi
           # remove trailing comma
           output="${output%,}"
@@ -124,7 +127,9 @@ jobs:
   container-image-build:
     name: Build Kolla container images
     if: github.repository == 'stackhpc/stackhpc-kayobe-config'
-    runs-on: ${{ needs.runner-selection.outputs.runner_name_container_image_build }}
+    runs-on: ${{ matrix.distro.arch == 'aarch64'
+      && fromJson('["self-hosted","sms","arm64"]')
+      || needs.runner-selection.outputs.runner_name_container_image_build }}
     timeout-minutes: 720
     permissions: {}
     strategy:
@@ -134,19 +139,14 @@ jobs:
       - generate-tag
       - runner-selection
     steps:
+      - name: Purge workspace
+        run: sudo rm -rf "$GITHUB_WORKSPACE"/*
+
       - name: Install package dependencies
         run: |
           sudo apt update
           sudo apt install -y build-essential git unzip nodejs python3-wheel python3-pip python3-venv curl jq wget
 
-      - name: Install gh
-        run: |
-          sudo mkdir -p -m 755 /etc/apt/keyrings && wget -qO- https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo tee /etc/apt/keyrings/githubcli-archive-keyring.gpg > /dev/null
-          sudo chmod go+r /etc/apt/keyrings/githubcli-archive-keyring.gpg
-          echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null
-          sudo apt update
-          sudo apt install gh -y
-
       - name: Checkout
         uses: actions/checkout@v4
         with:
@@ -162,7 +162,8 @@ jobs:
 
       - name: Install yq
         run: |
-          curl -sL https://github.com/mikefarah/yq/releases/download/v4.42.1/yq_linux_amd64.tar.gz | tar xz && sudo mv yq_linux_amd64 /usr/bin/yq
+          ARCH=$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/')
+          curl -sL "https://github.com/mikefarah/yq/releases/download/v4.42.1/yq_linux_${ARCH}.tar.gz" | tar xz && sudo mv yq_linux_${ARCH} /usr/bin/yq
 
       - name: Install Kayobe
         run: |
@@ -211,19 +212,28 @@ jobs:
         continue-on-error: true
         run: |
           args="${{ inputs.regexes }}"
+          if [[ "${{ matrix.distro.arch }}" == 'aarch64' ]]; then
+            args="$args -e kolla_base_arch=${{ matrix.distro.arch }}"
+          fi
           args="$args -e kolla_base_distro=${{ matrix.distro.name }}"
           args="$args -e kolla_base_distro_version=${{ matrix.distro.release }}"
-          args="$args -e kolla_tag=${{ steps.write-kolla-tag.outputs.kolla-tag }}"
+          if [[ "${{ matrix.distro.name }}" == 'rocky' ]]; then
+            args="$args -e kolla_tag=${{ steps.write-kolla-tag.outputs.kolla-tag }}-${{ matrix.distro.arch }}"
+          else
+            args="$args -e kolla_tag=${{ steps.write-kolla-tag.outputs.kolla-tag }}"
+          fi
           args="$args -e stackhpc_repo_mirror_auth_proxy_enabled=true"
+          args="$args -e kolla_build_log_path=$GITHUB_WORKSPACE/image-build-logs/kolla-build-overcloud.log"
+          args="$args -e base_path=$GITHUB_WORKSPACE/opt/kayobe"
           source venvs/kayobe/bin/activate &&
           source src/kayobe-config/kayobe-env --environment ci-builder &&
           kayobe overcloud container image build $args
         env:
           KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }}
         if: inputs.overcloud
 
-      - name: Copy overcloud container image build logs to output directory
-        run: sudo mv /var/log/kolla-build.log image-build-logs/kolla-build-overcloud.log
+      - name: Copy build configs to output directory
+        run: sudo cp -rnL "$GITHUB_WORKSPACE/opt/kayobe/etc/kolla/"* image-build-logs/
         if: inputs.overcloud
 
       - name: Build kolla seed images
@@ -239,14 +249,14 @@ jobs:
           kayobe seed container image build $args
         env:
           KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }}
-        if: inputs.seed
+        if: inputs.seed && matrix.distro.arch == 'amd64'
 
       - name: Copy seed container image build logs to output directory
         run: sudo mv /var/log/kolla-build.log image-build-logs/kolla-build-seed.log
-        if: inputs.seed
+        if: inputs.seed && matrix.distro.arch == 'amd64'
 
       - name: Get built container images
-        run: docker image ls --filter "reference=ark.stackhpc.com/stackhpc-dev/*:${{ steps.write-kolla-tag.outputs.kolla-tag }}" > ${{ matrix.distro.name }}-${{ matrix.distro.release }}-container-images
+        run: docker image ls --filter "reference=ark.stackhpc.com/stackhpc-dev/*:${{ steps.write-kolla-tag.outputs.kolla-tag }}*" > ${{ matrix.distro.name }}-${{ matrix.distro.release }}-container-images
 
       - name: Fail if no images have been built
         run: if [ $(wc -l < ${{ matrix.distro.name }}-${{ matrix.distro.release }}-container-images) -le 1 ]; then exit 1; fi
@@ -307,7 +317,7 @@ jobs:
       - name: Upload output artifact
         uses: actions/upload-artifact@v4
         with:
-          name: ${{ matrix.distro.name }}-${{ matrix.distro.release }}-logs
+          name: ${{ matrix.distro.name }}-${{ matrix.distro.release }}-${{ matrix.distro.arch }}-logs
           path: image-build-logs
           retention-days: 7
         if: ${{ !cancelled() }}
@@ -331,6 +341,64 @@ jobs:
         run: if [ $(wc -l < image-build-logs/image-scan-output/critical-images.txt) -gt 0 ]; then cat image-build-logs/image-scan-output/critical-images.txt && exit 1; fi
         if: ${{ !inputs.push-dirty && !cancelled() }}
 
+      - name: Remove locally built images for this run
+        if: always() && runner.arch == 'ARM64'
+        run: |
+          docker images --format '{{.Repository}}:{{.Tag}}' \
+            --filter "reference=ark.stackhpc.com/stackhpc-dev/*:${{ steps.write-kolla-tag.outputs.kolla-tag }}*" \
+            | xargs -r -n1 docker rmi -f
+
+  create-manifests:
+    # Only for Rocky Linux for now
+    name: Create Multiarch Docker Manifests
+    if: github.repository == 'stackhpc/stackhpc-kayobe-config' && inputs.push && inputs.rocky-linux-9
+    runs-on: ${{ needs.runner-selection.outputs.runner_name_container_image_build }}
+    permissions: {}
+    needs:
+      - container-image-build
+      - runner-selection
+    steps:
+      - name: Download artifacts
+        uses: actions/download-artifact@v4
+
+      - name: Combine pushed images lists
+        run: |
+          find . -name 'push-attempt-images.txt' -exec cat {} + > all-pushed-images.txt
+
+      - name: Log in to container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ark.stackhpc.com
+          username: ${{ secrets.RLS_TRAIN_CI_ARK_REGISTRY_USER }}
+          password: ${{ secrets.RLS_TRAIN_CI_ARK_REGISTRY_PASS }}
+
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          path: src/kayobe-config
+
+      - name: Create and push Docker manifests
+        run: src/kayobe-config/tools/multiarch-manifests.sh
+
+      - name: Upload manifest logs
+        uses: actions/upload-artifact@v4
+        with:
+          name: manifest-logs
+          path: |
+            all-pushed-images.txt
+            logs/manifest-creation.log
+          retention-days: 7
+        if: ${{ !cancelled() }}
+
+  trigger-image-sync:
+    name: Trigger container image repository sync
+    needs:
+      - container-image-build
+      - create-manifests
+    if: github.repository == 'stackhpc/stackhpc-kayobe-config' && inputs.push && !cancelled()
+    runs-on: ubuntu-latest
+    permissions: {}
+    steps:
       # NOTE(mgoddard): Trigger another CI workflow in the
       # stackhpc-release-train repository.
       - name: Trigger container image repository sync
@@ -347,9 +415,7 @@ jobs:
           -f sync-old-images=false
         env:
           GITHUB_TOKEN: ${{ secrets.STACKHPC_RELEASE_TRAIN_TOKEN }}
-        if: ${{ github.repository == 'stackhpc/stackhpc-kayobe-config' && inputs.push && !cancelled() }}
 
       - name: Display link to container image repository sync workflows
         run: |
           echo "::notice Container image repository sync workflows: https://github.com/stackhpc/stackhpc-release-train/actions/workflows/container-sync.yml"
-        if: ${{ github.repository == 'stackhpc/stackhpc-kayobe-config' && inputs.push && !cancelled() }}

.github/workflows/stackhpc-multinode.yml

@@ -56,7 +56,7 @@ name: Multinode
 jobs:
   multinode:
     name: Multinode
-    uses: stackhpc/stackhpc-openstack-gh-workflows/.github/workflows/[email protected].0
+    uses: stackhpc/stackhpc-openstack-gh-workflows/.github/workflows/[email protected].1
     with:
       multinode_name: ${{ inputs.multinode_name }}
       os_distribution: ${{ inputs.os_distribution }}

etc/kayobe/ansible/check-kayobe-version.yml

@@ -29,18 +29,28 @@
           register: kayobe_git_commit
           failed_when: kayobe_git_commit.stdout == ""
 
+        - name: Create a temporary directory to clone Kayobe into
+          ansible.builtin.tempfile:
+            state: directory
+          register: kayobe_temp_dir
+
         - name: Clone Kayobe
           ansible.builtin.git:
             repo: https://github.com/stackhpc/kayobe.git
-            dest: /tmp/kayobe-git
+            dest: "{{ kayobe_temp_dir.path }}/kayobe-git"
             version: stackhpc/{{ openstack_release }}
 
         - name: Get tag from Kayobe commit
           ansible.builtin.command:
             cmd: git describe --tags {{ kayobe_git_commit.stdout }}
-            chdir: /tmp/kayobe-git
+            chdir: "{{ kayobe_temp_dir.path }}/kayobe-git"
           register: kayobe_current_version
 
+        - name: Clean up temporary directory
+          ansible.builtin.file:
+            state: absent
+            path: "{{ kayobe_temp_dir.path }}"
+
         - name: Get latest Kayobe version
           ansible.builtin.shell:
             cmd: set -o pipefail && grep -o kayobe@stackhpc\/.*$ {{ requirements_path }} | cut -d @ -f 2

etc/kayobe/ansible/get-cloud-facts.yml

@@ -0,0 +1,87 @@
+---
+- name: Gather Cloud Facts
+  hosts: localhost
+  gather_facts: true
+  tasks:
+    - name: Write facts to file
+      vars:
+        cloud_facts:
+          ansible_control_host_distribution: "{{ ansible_facts.distribution }}"
+          ansible_control_host_distribution_release: "{{ ansible_facts.distribution_release }}"
+          openstack_release: "{{ openstack_release }}"
+          openstack_release_name: "{{ openstack_release_codename }}"
+          ansible_control_host_is_vm: "{{ ansible_facts.virtualization_role == 'guest' }}"
+          controller_count: "{{ groups['controllers'] | length }}"
+          hypervisor_count: "{{ groups['hypervisors'] | length }}"
+          monitoring_count: "{{ groups['monitoring'] | length }}"
+          osd_count: "{{ groups['osds'] | length }}"
+          compute_count: "{{ groups['compute'] | length }}"
+          baremetal_count: "{{ groups['baremetal-compute'] | length }}"
+          ceph_deployed: "{{ groups['ceph'] | length > 0 | bool }}"
+          ceph_count: "{{ groups['ceph'] | length }}"
+          ceph_release: "{{ cephadm_ceph_release }}"
+          storage_hyperconverged: "{{ groups['controllers'] | intersect(groups['osds']) | length > 0 | bool }}"
+          wazuh_enabled: "{{ groups['wazuh-agent'] | length > 0 | bool }}"
+          kayobe_managed_switches: "{{ groups['switches'] | length > 0 | bool }}"
+          proxy_configured: "{{ http_proxy | bool or https_proxy | bool }}"
+          bifrost_version: "{{ kolla_bifrost_source_version }}"
+          barbican_enabled: "{{ kolla_enable_barbican }}"
+          nova_enabled: "{{ kolla_enable_nova }}"
+          neutron_enabled: "{{ kolla_enable_neutron }}"
+          ovs_enabled: "{{ kolla_enable_openvswitch }}"
+          ovn_enabled: "{{ kolla_enable_ovn }}"
+          glance_enabled: "{{ kolla_enable_glance }}"
+          cinder_enabled: "{{ kolla_enable_cinder }}"
+          keystone_enabled: "{{ kolla_enable_keystone }}"
+          horizon_enabled: "{{ kolla_enable_horizon }}"
+          fluentd_enabled: "{{ kolla_enable_fluentd }}"
+          rabbitmq_enabled: "{{ kolla_enable_rabbitmq }}"
+          mariadb_enabled: "{{ kolla_enable_mariadb }}"
+          mariabackup_enabled: "{{ kolla_enable_mariabackup }}"
+          memcached_enabled: "{{ kolla_enable_memcached }}"
+          haproxy_enabled: "{{ kolla_enable_haproxy }}"
+          keepalived_enabled: "{{ kolla_enable_keepalived }}"
+          octavia_enabled: "{{ kolla_enable_octavia }}"
+          designate_enabled: "{{ kolla_enable_designate }}"
+          manila_enabled: "{{ kolla_enable_manila }}"
+          magnum_enabled: "{{ kolla_enable_magnum }}"
+          heat_enabled: "{{ kolla_enable_heat }}"
+          ironic_enabled: "{{ kolla_enable_ironic }}"
+          skyline_enabled: "{{ kolla_enable_skyline }}"
+          blazar_enabled: "{{ kolla_enable_blazar }}"
+          pulp_enabled: "{{ seed_pulp_container_enabled }}"
+          opensearch_enabled: "{{ kolla_enable_opensearch }}"
+          opensearch_dashboards_enabled: "{{ kolla_enable_opensearch_dashboards }}"
+          influxdb_enabled: "{{ kolla_enable_influxdb }}"
+          grafana_enabled: "{{ kolla_enable_grafana }}"
+          prometheus_enabled: "{{ kolla_enable_prometheus }}"
+          cloudkitty_enabled: "{{ kolla_enable_cloudkitty }}"
+          telegraf_enabled: "{{ kolla_enable_telegraf }}"
+          internal_tls_enabled: "{{ kolla_enable_tls_internal }}"
+          external_tls_enabled: "{{ kolla_enable_tls_external }}"
+          firewalld_enabled_all: >-
+            {{
+              controller_firewalld_enabled and
+              compute_firewalld_enabled and
+              storage_firewalld_enabled and
+              monitoring_firewalld_enabled and
+              infra_vm_firewalld_enabled and
+              seed_firewalld_enabled and
+              seed_hypervisor_firewalld_enabled
+            }}
+          firewalld_enabled_any: >-
+            {{
+              controller_firewalld_enabled or
+              compute_firewalld_enabled or
+              storage_firewalld_enabled or
+              monitoring_firewalld_enabled or
+              infra_vm_firewalld_enabled or
+              seed_firewalld_enabled or
+              seed_hypervisor_firewalld_enabled
+            }}
+          stackhpc_package_repos_enabled: "{{ stackhpc_repos_enabled }}"
+          pulp_tls_enabled: "{{ pulp_enable_tls }}"
+          kolla_image_tags: "{{ kolla_image_tags }}"
+      ansible.builtin.copy:
+        content: "{{ cloud_facts | to_nice_json(sort_keys=false) }}"
+        dest: ~/cloud-facts.json

etc/kayobe/ansible/push-ofed.yml

@@ -76,6 +76,6 @@
         password: "{{ stackhpc_release_pulp_password }}"
         name: "{{ doca_modules_repo_distribution_name + ofed_tag }}"
         publication: "{{ publication.publication.pulp_href }}"
-        content_guard: development
+        content_guard: release
         base_path: "{{ doca_modules_repo_base_path + ofed_tag }}"
         state: present