Various AUFN-related changes for Epoxy

Author: Alex-Welsh

etc/kayobe/ansible/purge-command-not-found.yml

@@ -25,6 +25,7 @@
         name:
           - command-not-found
           - python3-command-not-found
+          - python3-commandnotfound
         purge: true
         state: absent
       become: true

etc/kayobe/apt.yml

@@ -51,16 +51,21 @@ apt_keys:
 # Default is an empty list.
 stackhpc_apt_repositories:
   - url: "{{ stackhpc_repo_ubuntu_noble_url }}"
+    name: ubuntu
     suites: "{{ ansible_facts.distribution_release }} {{ ansible_facts.distribution_release }}-updates {{ ansible_facts.distribution_release }}-backports"
     components: main restricted universe multiverse
+    signed_by: /usr/share/keyrings/ubuntu-archive-keyring.gpg
     architecture: amd64
     required: true
   - url: "{{ stackhpc_repo_ubuntu_noble_security_url }}"
+    name: ubuntu
     suites: "{{ ansible_facts.distribution_release }}-security"
     components: main restricted universe multiverse
+    signed_by: /usr/share/keyrings/ubuntu-archive-keyring.gpg
     architecture: amd64
     required: true
   - url: "{{ stackhpc_repo_docker_ce_ubuntu_noble_url }}"
+    name: ubuntu
     suites: "{{ ansible_facts.distribution_release  }}"
     components: stable
     signed_by: docker.asc

etc/kayobe/bifrost.yml

@@ -138,19 +138,19 @@
 kolla_bifrost_ipa_kernel_upstream_url: "{{ (stackhpc_ipa_image_url + '/ipa.kernel') if stackhpc_ipa_image_bifrost_enabled | bool }}"
 
 # URL of checksum of Ironic Python Agent (IPA) kernel image.
-#kolla_bifrost_ipa_kernel_checksum_url:
+kolla_bifrost_ipa_kernel_checksum_url: "{{ kolla_bifrost_ipa_kernel_upstream_url }}.sha256"
 
 # Algorithm of checksum of Ironic Python Agent (IPA) kernel image.
-#kolla_bifrost_ipa_kernel_checksum_algorithm:
+kolla_bifrost_ipa_kernel_checksum_algorithm: sha256
 
 # URL of Ironic Python Agent (IPA) ramdisk image.
 kolla_bifrost_ipa_ramdisk_upstream_url: "{{ (stackhpc_ipa_image_url + '/ipa.initramfs') if stackhpc_ipa_image_bifrost_enabled | bool }}"
 
 # URL of checksum of Ironic Python Agent (IPA) ramdisk image.
-#kolla_bifrost_ipa_ramdisk_checksum_url:
+kolla_bifrost_ipa_ramdisk_checksum_url: "{{ kolla_bifrost_ipa_ramdisk_upstream_url }}.sha256"
 
 # Algorithm of checksum of Ironic Python Agent (IPA) ramdisk image.
-#kolla_bifrost_ipa_ramdisk_checksum_algorithm:
+kolla_bifrost_ipa_ramdisk_checksum_algorithm: sha256
 
 ###############################################################################
 # Inventory configuration.

etc/kayobe/environments/aufn-ceph/a-universe-from-nothing.sh

@@ -14,16 +14,23 @@ KAYOBE_BRANCH=stackhpc/2025.1
 KAYOBE_CONFIG_BRANCH=stackhpc/2025.1
 KAYOBE_ENVIRONMENT=aufn-ceph
 
+if [[ ! -f $BASE_PATH/vault-pw ]]; then
+    echo "Vault password file not found at $BASE_PATH/vault-pw"
+    exit 1
+fi
+
 # Install git and tmux.
 if $(which dnf 2>/dev/null >/dev/null); then
     sudo dnf -y install git tmux
 else
     sudo apt update
-    sudo apt -y install git tmux gcc libffi-dev python3-dev python-is-python3
+    sudo apt -y install git tmux gcc libffi-dev python3-dev python-is-python3 python3-pip python3.12-venv
 fi
 
+export KAYOBE_VAULT_PASSWORD=$(cat $BASE_PATH/vault-pw)
+
 # Disable the firewall.
-sudo systemctl is-enabled firewalld && sudo systemctl stop firewalld && sudo systemctl disable firewalld
+sudo systemctl is-enabled firewalld && sudo systemctl stop firewalld && sudo systemctl disable firewalld || true
 
 # Disable SELinux both immediately and permanently.
 if $(which setenforce 2>/dev/null >/dev/null); then
@@ -32,7 +39,7 @@ if $(which setenforce 2>/dev/null >/dev/null); then
 fi
 
 # Prevent sudo from performing DNS queries.
-echo 'Defaults	!fqdn' | sudo tee /etc/sudoers.d/no-fqdn
+echo 'Defaults !fqdn' | sudo tee /etc/sudoers.d/no-fqdn
 
 # Clone repositories
 cd $BASE_PATH
@@ -47,15 +54,15 @@ popd
 mkdir -p venvs
 pushd venvs
 if [[ ! -d kayobe ]]; then
-    python3 -m venv kayobe
+    python3.12 -m venv kayobe
 fi
 # NOTE: Virtualenv's activate and deactivate scripts reference an
 # unbound variable.
 set +u
 source kayobe/bin/activate
 set -u
 pip install -U pip
-pip install ../src/kayobe
+pip install -r ../src/kayobe-config/requirements.txt
 popd
 
 # Activate environment

etc/kayobe/environments/aufn-ceph/compute.yml

@@ -0,0 +1,15 @@
+---
+###############################################################################
+# Compute node configuration.
+
+# User with which to access the computes via SSH during bootstrap, in order
+# to setup the Kayobe user account. Default is {{ os_distribution }}.
+compute_bootstrap_user: "{{ os_distribution if os_distribution == 'ubuntu' else 'cloud-user' }}"
+
+###############################################################################
+# Compute node LVM configuration.
+
+# List of compute volume groups. See mrlesmithjr.manage-lvm role for
+# format.
+compute_lvm_groups:
+  - "{{ stackhpc_lvm_group_rootvg }}"

etc/kayobe/environments/aufn-ceph/controllers.yml

@@ -0,0 +1,15 @@
+---
+###############################################################################
+# Controller node configuration.
+
+# User with which to access the controllers via SSH during bootstrap, in order
+# to setup the Kayobe user account. Default is {{ os_distribution }}.
+controller_bootstrap_user: "{{ os_distribution if os_distribution == 'ubuntu' else 'cloud-user' }}"
+
+###############################################################################
+# Controller node LVM configuration.
+
+# List of controller volume groups. See mrlesmithjr.manage-lvm role for
+# format.
+controller_lvm_groups:
+  - "{{ stackhpc_lvm_group_rootvg }}"

etc/kayobe/environments/aufn-ceph/inventory/group_vars/all/lvm.yml

@@ -0,0 +1,27 @@
+---
+###############################################################################
+# StackHPC LVM Logical Volume (LV) configuration.
+
+# StackHPC LVM lv_swap LV size.
+stackhpc_lvm_lv_swap_size: 120m
+
+# StackHPC LVM lv_root LV size.
+stackhpc_lvm_lv_root_size: 1g
+
+# StackHPC LVM lv_tmp LV size.
+stackhpc_lvm_lv_tmp_size: 1g
+
+# StackHPC LVM lv_var LV size.
+stackhpc_lvm_lv_var_size: 2.5g
+
+# StackHPC LVM lv_var_tmp LV size.
+stackhpc_lvm_lv_var_tmp_size: 1g
+
+# StackHPC LVM lv_log LV size.
+stackhpc_lvm_lv_log_size: 1g
+
+# StackHPC LVM lv_audit LV size.
+stackhpc_lvm_lv_audit_size: 120m
+
+# StackHPC LVM lv_home LV size.
+stackhpc_lvm_lv_home_size: 1g

etc/kayobe/environments/aufn-ceph/stackhpc-ci.yml

@@ -0,0 +1,20 @@
+---
+###############################################################################
+# Kolla configuration.
+
+# Docker namespace to use for Kolla images. Default is 'kolla'.
+kolla_docker_namespace: stackhpc-dev
+
+###############################################################################
+# StackHPC configuration.
+
+# Use AIO credentials for access to Ark
+# TODO: generate AUFN-specific credentials
+stackhpc_release_pulp_username: "skc-ci-aio"
+stackhpc_release_pulp_password: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  31386366383365666135336331663635396237623139306362633933636233613765663731666338
+  3633633736333936383439623066653663333964343234350a393137383537316164323837386437
+  36613139323161643766666565643739373037623363636234343965343436653261326238393566
+  3837336661653962340a316631366463623138623530373133336665376433633437306631383666
+  30333461333535363433363336663664316634343432633766346564323833346663

etc/kayobe/environments/aufn-ceph/stackhpc.yml

@@ -8,8 +8,8 @@ kolla_docker_namespace: stackhpc-dev
 ###############################################################################
 # StackHPC configuration.
 
-# Base URL of the StackHPC Test Pulp service.
-stackhpc_release_pulp_url: "http://pulp-server.internal.sms-cloud:8080"
-
 pulp_username: admin
 pulp_password: 9e4bfa04-9d9d-493d-9473-ba92e4361dae
+
+# Whether or not to download overcloud host images from Ark
+stackhpc_download_overcloud_host_images: true

etc/kayobe/environments/aufn-ceph/storage.yml

@@ -1,10 +1,15 @@
 ---
+###############################################################################
+# Storage node configuration.
+
+# User with which to access the storage nodes via SSH during bootstrap, in
+# order to setup the Kayobe user account. Default is {{ os_distribution }}.
+storage_bootstrap_user: "{{ os_distribution if os_distribution == 'ubuntu' else 'cloud-user' }}"
+
 ###############################################################################
 # Storage node LVM configuration.
 
 # List of storage volume groups. See mrlesmithjr.manage-lvm role for
 # format.
-# storage_lvm_groups:
-
-# Avoid undefined var which would result in 'LVM physical disks have not been configured' error
-storage_lvm_groups: []
+storage_lvm_groups:
+  - "{{ stackhpc_lvm_group_rootvg }}"

etc/kayobe/environments/aufn-ceph/tenks.yml

@@ -9,7 +9,7 @@ node_types:
     volumes:
       # There is a minimum disk space capacity requirement of 4GiB when using Ironic Python Agent:
       # https://github.com/openstack/ironic-python-agent/blob/master/ironic_python_agent/utils.py#L290
-      - capacity: 20GiB
+      - capacity: 22GiB
     physical_networks:
       - provision-net
       - mgmt-net
@@ -21,9 +21,10 @@ node_types:
     volumes:
       # There is a minimum disk space capacity requirement of 4GiB when using Ironic Python Agent:
       # https://github.com/openstack/ironic-python-agent/blob/master/ironic_python_agent/utils.py#L290
-      - capacity: 15GiB
+      - capacity: 22GiB
       # Ceph volume
-      - capacity: 20GiB
+      # Must be larger than main disk, since Ceph will take the largest volume it can find
+      - capacity: 23GiB
     physical_networks:
       - provision-net
       - cloud-net
@@ -34,7 +35,7 @@ node_types:
     volumes:
       # There is a minimum disk space capacity requirement of 4GiB when using Ironic Python Agent:
       # https://github.com/openstack/ironic-python-agent/blob/master/ironic_python_agent/utils.py#L290
-      - capacity: 15GiB
+      - capacity: 22GiB
     physical_networks:
       - provision-net
       - cloud-net

etc/kayobe/environments/aufn-ceph/time.yml

@@ -0,0 +1,3 @@
+---
+# Force system clock synchronisation
+ntp_force_sync: True

etc/kayobe/ipa.yml

@@ -91,10 +91,10 @@ ipa_build_dib_elements_extra:
 ipa_kernel_upstream_url: "{{ (stackhpc_ipa_image_url + '/ipa.kernel') if stackhpc_ipa_image_overcloud_enabled | bool }}"
 
 # URL of checksum of Ironic deployment kernel image.
-#ipa_kernel_checksum_url:
+ipa_kernel_checksum_url: "{{ ipa_kernel_upstream_url }}.sha256"
 
 # Algorithm of checksum of Ironic deployment kernel image.
-#ipa_kernel_checksum_algorithm:
+ipa_kernel_checksum_algorithm: sha256
 
 # Name of Ironic deployment ramdisk image to register in Glance.
 #ipa_images_ramdisk_name:
@@ -103,10 +103,10 @@ ipa_kernel_upstream_url: "{{ (stackhpc_ipa_image_url + '/ipa.kernel') if stackhp
 ipa_ramdisk_upstream_url: "{{ (stackhpc_ipa_image_url + '/ipa.initramfs') if stackhpc_ipa_image_overcloud_enabled | bool }}"
 
 # URL of checksum of Ironic deployment ramdisk image.
-#ipa_ramdisk_checksum_url:
+ipa_ramdisk_checksum_url: "{{ ipa_ramdisk_upstream_url }}.sha256"
 
 # Algorithm of checksum of Ironic deployment ramdisk image.
-#ipa_ramdisk_checksum_algorithm:
+ipa_ramdisk_checksum_algorithm: sha256
 
 # IPA download parameters
 image_download_url_username: "{{ stackhpc_release_pulp_username }}"

etc/kayobe/kolla-image-tags.yml

@@ -6,6 +6,9 @@ kolla_image_tags:
   openstack:
     rocky-9: 2025.1-rocky-9-20250616T133037
     ubuntu-noble: 2025.1-ubuntu-noble-20250613T131221
+  bifrost:
+    rocky-9: 2025.1-rocky-9-20250626T152358
+    ubuntu-noble: 2025.1-ubuntu-noble-20250626T152358
   neutron_metadata_agent:
     rocky-9: 2025.1-rocky-9-20250626T074649
     ubuntu-noble: 2025.1-ubuntu-noble-20250626T074649

etc/kayobe/kolla.yml

@@ -116,6 +116,10 @@ kolla_tag: "{{ openstack_release }}-{{ kolla_base_distro }}-{{ kolla_base_distro
 # branches are only required when we have custom backports. For a new release,
 # we may have caught up with upstream.
 kolla_sources:
+  bifrost-base:
+    type: git
+    location: https://github.com/stackhpc/bifrost.git
+    reference: stackhpc/{{ openstack_release }}
   bifrost-base-additions-stackhpc-inspector-plugins:
     # Install our custom inspector plugins.
     type: git

etc/kayobe/kolla/config/bifrost/bifrost.yml

@@ -2,8 +2,10 @@
 ---
 # Use prebuilt release train images from Ark.
 {% if stackhpc_download_overcloud_host_images | bool %}
-use_cirros: true
-cirros_deploy_image_upstream_url: "{{ stackhpc_overcloud_host_image_url }}"
+download_custom_deploy_image: true
+custom_deploy_image_checksum_algorithm: "sha256"
+custom_deploy_image_upstream_url: "{{ stackhpc_overcloud_host_image_url }}"
+custom_deploy_image_checksum_url: "{{ stackhpc_overcloud_host_image_url }}.sha256"
 {% endif %}
 
 # Disable debug logging to avoid generating large log files

etc/kayobe/pulp-host-image-versions.yml

@@ -1,6 +1,6 @@
 ---
 # Overcloud host image versioning tags
 # These images must be in SMS, since they are used by our AIO CI runners
-#TODO: build epoxy images
-stackhpc_rocky_9_overcloud_host_image_version: "master-20250213T092714"
-stackhpc_ubuntu_noble_overcloud_host_image_version: "master-20250213T092714"
+# TODO: make public in both clouds
+stackhpc_rocky_9_overcloud_host_image_version: "2025.1-20250620T125648"
+stackhpc_ubuntu_noble_overcloud_host_image_version: "2025.1-20250620T125648"

etc/kayobe/pulp-ipa-image-versions.yml

@@ -1,5 +1,4 @@
 ---
 # IPA image versioning tags
-# TODO: Build real images
-stackhpc_rocky_9_ipa_image_version: "2024.1-20241231T102920"
-stackhpc_ubuntu_noble_ipa_image_version: "2024.1-20241206T160829"
+stackhpc_rocky_9_ipa_image_version: "2025.1-20250618T103101"
+stackhpc_ubuntu_noble_ipa_image_version: "2025.1-20250618T103101"

etc/kayobe/pulp-repo-versions.yml

@@ -5,7 +5,7 @@ stackhpc_pulp_repo_centos_stream_9_docker_version: 20250531T002004
 stackhpc_pulp_repo_centos_stream_9_nfv_openvswitch_version: 20250528T022338
 stackhpc_pulp_repo_centos_stream_9_opstools_version: 20231213T031318
 stackhpc_pulp_repo_centos_stream_9_storage_ceph_squid_version: 20250412T024303
-stackhpc_pulp_repo_docker_ce_ubuntu_noble_version: 20250604T001951
+stackhpc_pulp_repo_docker_ce_ubuntu_noble_version: 20250616T155742
 stackhpc_pulp_repo_elrepo_9_version: 20250610T235426
 stackhpc_pulp_repo_epel_9_version: 20250615T000221
 stackhpc_pulp_repo_grafana_version: 20250615T005738
@@ -57,6 +57,6 @@ stackhpc_pulp_repo_rocky_9_6_crb_version: 20250614T015933
 stackhpc_pulp_repo_rocky_9_6_extras_version: 20250605T150141
 stackhpc_pulp_repo_rocky_9_6_highavailability_version: 20250605T150141
 stackhpc_pulp_repo_rocky_9_sig_security_common_version: 20250222T040303
-stackhpc_pulp_repo_ubuntu_cloud_archive_version: 20250609T053359
-stackhpc_pulp_repo_ubuntu_noble_security_version: 20250609T094526
-stackhpc_pulp_repo_ubuntu_noble_version: 20250609T094526
+stackhpc_pulp_repo_ubuntu_cloud_archive_version: 20250620T063939
+stackhpc_pulp_repo_ubuntu_noble_security_version: 20250620T113028
+stackhpc_pulp_repo_ubuntu_noble_version: 20250620T113028

requirements.txt

@@ -1,3 +1,4 @@
-kayobe@git+https://github.com/stackhpc/kayobe@stackhpc/18.0.0.0rc1.2
+kayobe@git+https://github.com/stackhpc/kayobe@stackhpc/18.0.0.11
 ansible-modules-hashivault>=5.3.0
+pulp-glue<0.32,>=0.29.2
 jmespath