From 146ef9524d6f6ba92323a3edfb5fba08a599f536 Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Wed, 2 Apr 2025 12:20:40 +0100 Subject: [PATCH 01/17] Add noble configs to Caracal --- etc/kayobe/ansible/ubuntu-upgrade.yml | 32 ++--- etc/kayobe/apt.yml | 16 +++ etc/kayobe/cephadm.yml | 8 +- etc/kayobe/environments/aufn-ceph/globals.yml | 2 +- .../kolla/config/bifrost/bifrost.yml | 4 +- etc/kayobe/environments/ci-aio/globals.yml | 2 +- .../inventory/group_vars/cis-hardening/cis | 7 ++ .../environments/ci-aio/stackhpc-ci.yml | 3 + .../environments/ci-builder/stackhpc-ci.yml | 3 + .../environments/ci-multinode/globals.yml | 2 +- .../inventory/group_vars/cis-hardening/cis | 7 ++ .../environments/ci-multinode/stackhpc-ci.yml | 3 + etc/kayobe/globals.yml | 2 +- .../inventory/group_vars/cis-hardening/cis | 119 ++++++++++++++++++ .../group_vars/wazuh-manager/wazuh-manager | 3 +- etc/kayobe/kolla-image-tags.yml | 1 + etc/kayobe/kolla.yml | 28 ++++- etc/kayobe/kolla/kolla-build.conf | 4 +- etc/kayobe/pulp-host-image-versions.yml | 1 + etc/kayobe/pulp-ipa-image-versions.yml | 1 + etc/kayobe/pulp-repo-versions.yml | 3 + etc/kayobe/pulp.yml | 29 ++++- etc/kayobe/stackhpc-ipa-images.yml | 3 +- etc/kayobe/stackhpc-overcloud-host-images.yml | 3 +- etc/kayobe/stackhpc.yml | 12 ++ tools/kolla-images.py | 1 + tools/ubuntu-upgrade-infra-vm.sh | 4 +- tools/ubuntu-upgrade-overcloud.sh | 4 +- tools/ubuntu-upgrade-seed-hypervisor.sh | 2 +- tools/ubuntu-upgrade-seed.sh | 2 +- 30 files changed, 274 insertions(+), 37 deletions(-) diff --git a/etc/kayobe/ansible/ubuntu-upgrade.yml b/etc/kayobe/ansible/ubuntu-upgrade.yml index 8741b8cf8..29005572f 100644 --- a/etc/kayobe/ansible/ubuntu-upgrade.yml +++ b/etc/kayobe/ansible/ubuntu-upgrade.yml @@ -1,22 +1,22 @@ --- # To prevent Ansible role dependency errors, this playbook requires that environment variable # ANSIBLE_ROLES_PATH is defined and includes '$KAYOBE_PATH/ansible/roles' on the Ansible control host. -- name: Migrate hosts from Ubuntu Focal 20.04 to Jammy 22.04 +- name: Migrate hosts from Ubuntu Jammy 22.04 to Noble 24.04 hosts: overcloud:infra-vms:seed:seed-hypervisor vars: ansible_python_interpreter: /usr/bin/python3 reboot_timeout_s: "{{ 20 * 60 }}" tasks: - - name: Assert that hosts are running Ubuntu Focal + - name: Assert that hosts are running Ubuntu Jammy ansible.builtin.assert: that: - ansible_facts.distribution == 'Ubuntu' - - ansible_facts.distribution_major_version == '20' - - ansible_facts.distribution_release == 'focal' + - ansible_facts.distribution_major_version == '22' + - ansible_facts.distribution_release == 'jammy' - os_distribution == 'ubuntu' fail_msg: >- - This playbook is only designed for Ubuntu Focal 20.04 hosts. Ensure - that you are limiting it to only run on Focal hosts and + This playbook is only designed for Ubuntu Jammy 22.04 hosts. Ensure + that you are limiting it to only run on Jammy hosts and os_distribution is set to ubuntu. - name: Ensure apt packages are up to date @@ -53,14 +53,14 @@ when: file_status.stat.exists # NOTE: We cannot use apt_repository here because definitions must exist within the standard repos.list - - name: Ensure Jammy repo definitions exist in sources.list + - name: Ensure Noble repo definitions exist in sources.list ansible.builtin.blockinfile: path: /etc/apt/sources.list block: | - deb {{ stackhpc_repo_ubuntu_jammy_url }} jammy main restricted universe multiverse - deb {{ stackhpc_repo_ubuntu_jammy_url }} jammy-updates main restricted universe multiverse - deb {{ stackhpc_repo_ubuntu_jammy_url }} jammy-backports main restricted universe multiverse - deb {{ stackhpc_repo_ubuntu_jammy_security_url }} jammy-security main restricted universe multiverse + deb {{ stackhpc_repo_ubuntu_noble_url }} noble main restricted universe multiverse + deb {{ stackhpc_repo_ubuntu_noble_url }} noble-updates main restricted universe multiverse + deb {{ stackhpc_repo_ubuntu_noble_url }} noble-backports main restricted universe multiverse + deb {{ stackhpc_repo_ubuntu_noble_security_url }} noble-security main restricted universe multiverse become: true - name: Do release upgrade @@ -87,13 +87,13 @@ - name: Run the Kayobe network configuration playbook, to ensure definitions are not lost on reboot import_playbook: "{{ lookup('ansible.builtin.env', 'VIRTUAL_ENV') }}/share/kayobe/ansible/network.yml" -- name: Reboot and confirm the host is upgraded to Jammy 22.04 +- name: Reboot and confirm the host is upgraded to Noble 24.04 hosts: overcloud:infra-vms:seed:seed-hypervisor vars: ansible_python_interpreter: /usr/bin/python3 reboot_timeout_s: "{{ 20 * 60 }}" tasks: - - name: Ensure Jammy repo definitions do not exist in sources.list + - name: Ensure Noble repo definitions do not exist in sources.list ansible.builtin.blockinfile: path: /etc/apt/sources.list state: absent @@ -126,8 +126,8 @@ filter: "{{ kayobe_ansible_setup_filter }}" gather_subset: "{{ kayobe_ansible_setup_gather_subset }}" - - name: Assert that hosts are now using Ubuntu 22 + - name: Assert that hosts are now using Ubuntu 24 ansible.builtin.assert: that: - - ansible_facts.distribution_major_version == '22' - - ansible_facts.distribution_release == 'jammy' + - ansible_facts.distribution_major_version == '24' + - ansible_facts.distribution_release == 'noble' diff --git a/etc/kayobe/apt.yml b/etc/kayobe/apt.yml index cb24d7484..176a038ca 100644 --- a/etc/kayobe/apt.yml +++ b/etc/kayobe/apt.yml @@ -78,6 +78,22 @@ stackhpc_apt_repositories: signed_by: ceph.asc architecture: amd64 required: true + - url: "{{ stackhpc_repo_ubuntu_noble_url }}" + suites: "{{ ansible_facts.distribution_release }} {{ ansible_facts.distribution_release }}-updates {{ ansible_facts.distribution_release }}-backports" + components: main restricted universe multiverse + architecture: amd64 + required: true + - url: "{{ stackhpc_repo_ubuntu_noble_security_url }}" + suites: "{{ ansible_facts.distribution_release }}-security" + components: main restricted universe multiverse + architecture: amd64 + required: true + - url: "{{ stackhpc_repo_docker_ce_ubuntu_noble_url }}" + suites: "{{ ansible_facts.distribution_release }}" + components: stable + signed_by: docker.asc + architecture: amd64 + required: true # Do not replace apt configuration for non-overcloud hosts. This can result in # errors if apt reconfiguration is performed before local repository mirrors diff --git a/etc/kayobe/cephadm.yml b/etc/kayobe/cephadm.yml index c0e9a995f..b3d914525 100644 --- a/etc/kayobe/cephadm.yml +++ b/etc/kayobe/cephadm.yml @@ -3,7 +3,7 @@ # Cephadm deployment configuration. # Ceph release name. -cephadm_ceph_release: "reef" +cephadm_ceph_release: "{{ 'squid' if (ansible_facts['distribution_release'] == 'noble') else 'reef' }}" # Ceph FSID. #cephadm_fsid: @@ -12,10 +12,10 @@ cephadm_ceph_release: "reef" cephadm_image: "{{ stackhpc_docker_registry if stackhpc_sync_ceph_images | bool else 'quay.io' }}/ceph/ceph:{{ cephadm_image_tag }}" # Ceph container image tag. -cephadm_image_tag: "v18.2.4" +cephadm_image_tag: "{{ 'v19.2.1' if cephadm_ceph_release == 'squid' else 'v18.2.4' }}" -# Ceph custom repo workaround for Ubuntu Jammy as there are no official ceph repos for jammy. -cephadm_custom_repos: "{{ ansible_facts['distribution_release'] == 'jammy' }}" +# Ceph custom repo workaround for Ubuntu as there are no official ceph repos for Ubuntu jammy and noble. +cephadm_custom_repos: "{{ ansible_facts['distribution'] == 'Ubuntu' }}" # HAProxy container image. cephadm_haproxy_image: "{{ stackhpc_docker_registry if stackhpc_sync_ceph_images | bool else 'quay.io' }}/ceph/haproxy:{{ cephadm_haproxy_image_tag }}" diff --git a/etc/kayobe/environments/aufn-ceph/globals.yml b/etc/kayobe/environments/aufn-ceph/globals.yml index f9166aaa0..9fe78517c 100644 --- a/etc/kayobe/environments/aufn-ceph/globals.yml +++ b/etc/kayobe/environments/aufn-ceph/globals.yml @@ -9,7 +9,7 @@ os_distribution: "{{ lookup('pipe', '. /etc/os-release && echo $ID') | trim }}" # OS release. Valid options are "9" when os_distribution is "rocky", or -# "jammy" when os_distribution is "ubuntu". +# "jammy" and "noble" when os_distribution is "ubuntu". os_release: >- {{ (lookup('pipe', '. /etc/os-release && echo $VERSION_CODENAME') | trim) if os_distribution == 'ubuntu' else (lookup('pipe', '. /etc/os-release && echo $VERSION_ID') | trim | split('.') | first) if os_distribution == 'rocky' }} diff --git a/etc/kayobe/environments/aufn-ceph/kolla/config/bifrost/bifrost.yml b/etc/kayobe/environments/aufn-ceph/kolla/config/bifrost/bifrost.yml index df8dc9d60..94b0cd1d9 100644 --- a/etc/kayobe/environments/aufn-ceph/kolla/config/bifrost/bifrost.yml +++ b/etc/kayobe/environments/aufn-ceph/kolla/config/bifrost/bifrost.yml @@ -6,8 +6,10 @@ download_ipa: true # Use a locally hosted cloud image. use_cirros: true -{% if os_distribution == 'ubuntu' %} +{% if os_distribution == 'ubuntu' and os_release == 'jammy' %} cirros_deploy_image_upstream_url: "https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64.img" +{% elif os_distribution == 'ubuntu' and os_release == 'noble' %} +cirros_deploy_image_upstream_url: "https://cloud-images.ubuntu.com/noble/current/noble-server-cloudimg-amd64.img" {% else %} cirros_deploy_image_upstream_url: "https://dl.rockylinux.org/pub/rocky/9/images/x86_64/Rocky-9-GenericCloud.latest.x86_64.qcow2" {% endif %} diff --git a/etc/kayobe/environments/ci-aio/globals.yml b/etc/kayobe/environments/ci-aio/globals.yml index 716dcb309..12d3fc767 100644 --- a/etc/kayobe/environments/ci-aio/globals.yml +++ b/etc/kayobe/environments/ci-aio/globals.yml @@ -50,7 +50,7 @@ os_distribution: "{{ lookup('pipe', '. /etc/os-release && echo $ID') | trim }}" # OS release. Valid options are "9" when os_distribution is "rocky", or -# "jammy" when os_distribution is "ubuntu". +# "jammy" and "noble" when os_distribution is "ubuntu". os_release: >- {{ (lookup('pipe', '. /etc/os-release && echo $VERSION_CODENAME') | trim) if os_distribution == 'ubuntu' else (lookup('pipe', '. /etc/os-release && echo $VERSION_ID') | trim | split('.') | first) if os_distribution == 'rocky' }} diff --git a/etc/kayobe/environments/ci-aio/inventory/group_vars/cis-hardening/cis b/etc/kayobe/environments/ci-aio/inventory/group_vars/cis-hardening/cis index 50084c72f..f1129179a 100644 --- a/etc/kayobe/environments/ci-aio/inventory/group_vars/cis-hardening/cis +++ b/etc/kayobe/environments/ci-aio/inventory/group_vars/cis-hardening/cis @@ -14,3 +14,10 @@ rhel9cis_rule_5_4_3_2: false ubtu22cis_rule_5_4_3_2: false ############################################################################## +# Ubuntu Noble CIS Hardening Configuration + +# Disable shell timeout for inactivity which can be disruptive to +# development work. +ubtu24cis_rule_5_4_3_2: false + +############################################################################## diff --git a/etc/kayobe/environments/ci-aio/stackhpc-ci.yml b/etc/kayobe/environments/ci-aio/stackhpc-ci.yml index a3f2bbb14..4ddb48625 100644 --- a/etc/kayobe/environments/ci-aio/stackhpc-ci.yml +++ b/etc/kayobe/environments/ci-aio/stackhpc-ci.yml @@ -30,6 +30,9 @@ stackhpc_repo_ubuntu_jammy_security_version: "{{ stackhpc_pulp_repo_ubuntu_jammy stackhpc_repo_ubuntu_jammy_cve_2024_6387_version: "" stackhpc_repo_ubuntu_cloud_archive_version: "{{ stackhpc_pulp_repo_ubuntu_cloud_archive_version }}" stackhpc_repo_docker_ce_ubuntu_jammy_version: "{{ stackhpc_pulp_repo_docker_ce_ubuntu_jammy_version }}" +stackhpc_repo_ubuntu_noble_version: "{{ stackhpc_pulp_repo_ubuntu_noble_version }}" +stackhpc_repo_ubuntu_noble_security_version: "{{ stackhpc_pulp_repo_ubuntu_noble_security_version }}" +stackhpc_repo_docker_ce_ubuntu_noble_version: "{{ stackhpc_pulp_repo_docker_ce_ubuntu_noble_version }}" stackhpc_repo_ceph_reef_debian_version: "{{ stackhpc_pulp_repo_ceph_reef_debian_version }}" stackhpc_repo_centos_stream_9_nfv_openvswitch_version: "{{ stackhpc_pulp_repo_centos_stream_9_nfv_openvswitch_version }}" stackhpc_repo_centos_stream_9_openstack_caracal_version: "{{ stackhpc_pulp_repo_centos_stream_9_openstack_caracal_version }}" diff --git a/etc/kayobe/environments/ci-builder/stackhpc-ci.yml b/etc/kayobe/environments/ci-builder/stackhpc-ci.yml index ded33bd37..e67a472c4 100644 --- a/etc/kayobe/environments/ci-builder/stackhpc-ci.yml +++ b/etc/kayobe/environments/ci-builder/stackhpc-ci.yml @@ -57,6 +57,9 @@ stackhpc_repo_ubuntu_jammy_security_version: "{{ stackhpc_pulp_repo_ubuntu_jammy stackhpc_repo_ubuntu_jammy_cve_2024_6387_version: "" stackhpc_repo_ubuntu_cloud_archive_version: "{{ stackhpc_pulp_repo_ubuntu_cloud_archive_version }}" stackhpc_repo_docker_ce_ubuntu_jammy_version: "{{ stackhpc_pulp_repo_docker_ce_ubuntu_jammy_version }}" +stackhpc_repo_ubuntu_noble_version: "{{ stackhpc_pulp_repo_ubuntu_noble_version }}" +stackhpc_repo_ubuntu_noble_security_version: "{{ stackhpc_pulp_repo_ubuntu_noble_security_version }}" +stackhpc_repo_docker_ce_ubuntu_noble_version: "{{ stackhpc_pulp_repo_docker_ce_ubuntu_noble_version }}" stackhpc_repo_ceph_reef_debian_version: "{{ stackhpc_pulp_repo_ceph_reef_debian_version }}" stackhpc_repo_centos_stream_9_nfv_openvswitch_version: "{{ stackhpc_pulp_repo_centos_stream_9_nfv_openvswitch_version }}" stackhpc_repo_centos_stream_9_openstack_caracal_version: "{{ stackhpc_pulp_repo_centos_stream_9_openstack_caracal_version }}" diff --git a/etc/kayobe/environments/ci-multinode/globals.yml b/etc/kayobe/environments/ci-multinode/globals.yml index 4dd25ddd3..21f217354 100644 --- a/etc/kayobe/environments/ci-multinode/globals.yml +++ b/etc/kayobe/environments/ci-multinode/globals.yml @@ -50,7 +50,7 @@ os_distribution: "{{ lookup('pipe', '. /etc/os-release && echo $ID') | trim }}" # OS release. Valid options are "9" when os_distribution is "rocky", or -# "jammy" when os_distribution is "ubuntu". +# "jammy" and "noble" when os_distribution is "ubuntu". os_release: >- {{ (lookup('pipe', '. /etc/os-release && echo $VERSION_CODENAME') | trim) if os_distribution == 'ubuntu' else (lookup('pipe', '. /etc/os-release && echo $VERSION_ID') | trim | split('.') | first) if os_distribution == 'rocky' }} diff --git a/etc/kayobe/environments/ci-multinode/inventory/group_vars/cis-hardening/cis b/etc/kayobe/environments/ci-multinode/inventory/group_vars/cis-hardening/cis index 50084c72f..f1129179a 100644 --- a/etc/kayobe/environments/ci-multinode/inventory/group_vars/cis-hardening/cis +++ b/etc/kayobe/environments/ci-multinode/inventory/group_vars/cis-hardening/cis @@ -14,3 +14,10 @@ rhel9cis_rule_5_4_3_2: false ubtu22cis_rule_5_4_3_2: false ############################################################################## +# Ubuntu Noble CIS Hardening Configuration + +# Disable shell timeout for inactivity which can be disruptive to +# development work. +ubtu24cis_rule_5_4_3_2: false + +############################################################################## diff --git a/etc/kayobe/environments/ci-multinode/stackhpc-ci.yml b/etc/kayobe/environments/ci-multinode/stackhpc-ci.yml index 6e10b63ea..a28519e83 100644 --- a/etc/kayobe/environments/ci-multinode/stackhpc-ci.yml +++ b/etc/kayobe/environments/ci-multinode/stackhpc-ci.yml @@ -30,6 +30,9 @@ stackhpc_repo_ubuntu_jammy_security_version: "{{ stackhpc_pulp_repo_ubuntu_jammy stackhpc_repo_ubuntu_jammy_cve_2024_6387_version: "" stackhpc_repo_ubuntu_cloud_archive_version: "{{ stackhpc_pulp_repo_ubuntu_cloud_archive_version }}" stackhpc_repo_docker_ce_ubuntu_jammy_version: "{{ stackhpc_pulp_repo_docker_ce_ubuntu_jammy_version }}" +stackhpc_repo_ubuntu_noble_version: "{{ stackhpc_pulp_repo_ubuntu_noble_version }}" +stackhpc_repo_ubuntu_noble_security_version: "{{ stackhpc_pulp_repo_ubuntu_noble_security_version }}" +stackhpc_repo_docker_ce_ubuntu_noble_version: "{{ stackhpc_pulp_repo_docker_ce_ubuntu_noble_version }}" stackhpc_repo_ceph_reef_debian_version: "{{ stackhpc_pulp_repo_ceph_reef_debian_version }}" stackhpc_repo_centos_stream_9_nfv_openvswitch_version: "{{ stackhpc_pulp_repo_centos_stream_9_nfv_openvswitch_version }}" stackhpc_repo_centos_stream_9_openstack_caracal_version: "{{ stackhpc_pulp_repo_centos_stream_9_openstack_caracal_version }}" diff --git a/etc/kayobe/globals.yml b/etc/kayobe/globals.yml index a97f74d1a..c6b9830b7 100644 --- a/etc/kayobe/globals.yml +++ b/etc/kayobe/globals.yml @@ -49,7 +49,7 @@ #os_distribution: # OS release. Valid options are "9-stream" when os_distribution is "centos", or -# "9" when os_distribution is "rocky", or "jammy" when os_distribution is +# "9" when os_distribution is "rocky", or "jammy" and "noble" when os_distribution is # "ubuntu". #os_release: diff --git a/etc/kayobe/inventory/group_vars/cis-hardening/cis b/etc/kayobe/inventory/group_vars/cis-hardening/cis index 2c103cb34..731be1cd9 100644 --- a/etc/kayobe/inventory/group_vars/cis-hardening/cis +++ b/etc/kayobe/inventory/group_vars/cis-hardening/cis @@ -192,3 +192,122 @@ ubtu22cis_rule_5_5_1_5: false ubtu22cis_ipv6_required: true ############################################################################## +# Ubuntu Noble CIS Hardening Configuration +# FIXME: These settings are untested, they are just carried over from Jammy + +# Ubuntu 24 CIS configuration +# Disable changing routing rules +ubtu24cis_is_router: true + +# Set Chrony as the time sync tool +ubtu24cis_time_sync_tool: "chrony" + +# Disable CIS from configuring the firewall +ubtu24cis_firewall_package: "none" + +# Stop CIS from installing Network Manager +ubtu24cis_install_network_manager: false + +# Set syslog service to journald +ubtu24cis_syslog_service: journald + +# Squashfs is compiled into the kernel +ubtu24cis_rule_1_1_1_2: false + +# This updates the system. Let's do this explicitly. +ubtu24cis_rule_1_9: false + +# Do not change Chrony Time servers +ubtu24cis_rule_2_1_2_1: false + +# Disable CIS from touching sudoers +ubtu24cis_rule_5_3_4: false + +# Add stack and kolla to allowed ssh users +ubtu24cis_sshd: + log_level: "INFO" + max_auth_tries: 4 + ciphers: + - chacha20-poly1305@openssh.com + - aes256-gcm@openssh.com + - aes128-gcm@openssh.com + - aes256-ctr + - aes192-ctr + - aes128-ctr + macs: + - hmac-sha2-512-etm@openssh.com + - hmac-sha2-256-etm@openssh.com + - hmac-sha2-512 + - hmac-sha2-256 + kex_algorithms: + - curve25519-sha256 + - curve25519-sha256@libssh.org + - diffie-hellman-group14-sha256 + - diffie-hellman-group16-sha512 + - diffie-hellman-group18-sha512 + - ecdh-sha2-nistp521 + - ecdh-sha2-nistp384 + - ecdh-sha2-nistp256 + - diffie-hellman-group-exchange-sha256 + client_alive_interval: 300 + client_alive_count_max: 3 + login_grace_time: 60 + max_sessions: 8 + allow_users: "kolla stack ubuntu" + allow_groups: "kolla stack ubuntu" + deny_users: "" + deny_groups: "" + +# Stop the CIS benchmark scanning all files on every filesystem since this +# takes a long time. Related to the changing permissions block below. This +# would normally warn you about violations, but we can use Wazuh to continually +# monitor this. +ubtu24cis_rule_6_1_9: false +ubtu24cis_rule_6_1_10: false +ubtu24cis_rule_6_1_11: false +ubtu24cis_rule_6_1_12: false +ubtu24cis_rule_6_1_13: false + +# The following rules change permissions on all files on every mounted +# filesystem. We do not want to change /var/lib/docker permissions. +ubtu24cis_no_group_adjust: false +ubtu24cis_no_owner_adjust: false +ubtu24cis_no_world_write_adjust: false +ubtu24cis_suid_adjust: false + +# Prevent hardening from recursivley changing permissions on log files +ubtu24cis_rule_4_2_3: false + +# Configure log rotation to prevent audit logs from filling the disk +ubtu24cis_auditd: + action_mail_acct: root + space_left_action: syslog + admin_space_left_action: syslog + max_log_file_action: rotate + +# Max size of audit logs (MB) +ubtu24cis_max_log_file_size: 1024 + +# Disable grub bootloader password. Requires overriding +# ubtu24cis_bootloader_password_hash +ubtu24cis_rule_1_4_1: false +ubtu24cis_rule_1_4_3: false + +# Disable: Ensure minimum days between password changes is configured +ubtu24cis_rule_5_5_1_1: false + +# Disable: Ensure password expiration is 365 days or less +ubtu24cis_rule_5_5_1_2: false + +# Disable: Ensure inactive password lock is 30 days or less +ubtu24cis_rule_5_5_1_4: false + +# Disable: Ensure all users last password change date is in the past +ubtu24cis_rule_5_5_1_5: false + +# The way this is disabled currently breaks kolla's IPV6 check, see: +# https://bugs.launchpad.net/kolla-ansible/+bug/2071443 +# Also matches RHEL hardening behavior. +ubtu24cis_ipv6_required: true + +############################################################################## diff --git a/etc/kayobe/inventory/group_vars/wazuh-manager/wazuh-manager b/etc/kayobe/inventory/group_vars/wazuh-manager/wazuh-manager index d758aa235..26ddb2a5c 100644 --- a/etc/kayobe/inventory/group_vars/wazuh-manager/wazuh-manager +++ b/etc/kayobe/inventory/group_vars/wazuh-manager/wazuh-manager @@ -28,7 +28,7 @@ indexer_node_name: "{{ inventory_hostname }}" indexer_network_host: "{{ provision_oc_net_name | net_ip }}" # Even in a single node setup this must be defined. If not defaults to 127.0.0.1 -indexer_cluster_nodes: +indexer_cluster_nodes: - "{{ indexer_network_host }}" instances: @@ -132,6 +132,7 @@ wazuh_manager_vulnerability_detector: os: - 'focal' - 'jammy' + - 'noble' update_interval: '1h' name: '"canonical"' - enabled: 'yes' diff --git a/etc/kayobe/kolla-image-tags.yml b/etc/kayobe/kolla-image-tags.yml index c17bf7f56..cfe14d08a 100644 --- a/etc/kayobe/kolla-image-tags.yml +++ b/etc/kayobe/kolla-image-tags.yml @@ -6,6 +6,7 @@ kolla_image_tags: openstack: rocky-9: 2024.1-rocky-9-20241218T141751 ubuntu-jammy: 2024.1-ubuntu-jammy-20241218T141809 + ubuntu-noble: placeholder bifrost: rocky-9: 2024.1-rocky-9-20250325T141125 ubuntu-jammy: 2024.1-ubuntu-jammy-20250325T141125 diff --git a/etc/kayobe/kolla.yml b/etc/kayobe/kolla.yml index 2dabe5bc2..15fbf3fd5 100644 --- a/etc/kayobe/kolla.yml +++ b/etc/kayobe/kolla.yml @@ -254,6 +254,20 @@ stackhpc_ubuntu_jammy_uca_repos: # List of repositories for Ubuntu Jammy. stackhpc_ubuntu_jammy_repos: "{{ stackhpc_ubuntu_jammy_base_repos + stackhpc_ubuntu_jammy_uca_repos }}" +# List of base repositories for Ubuntu Noble. +stackhpc_ubuntu_noble_base_repos: + - "{{ stackhpc_ubuntu_repo_prefix }}{{ stackhpc_repo_ubuntu_noble_url }} noble main universe" + - "{{ stackhpc_ubuntu_repo_prefix }}{{ stackhpc_repo_ubuntu_noble_url }} noble-updates main universe" + - "{{ stackhpc_ubuntu_repo_prefix }}{{ stackhpc_repo_ubuntu_noble_url }} noble-backports main universe" + - "{{ stackhpc_ubuntu_repo_prefix }}{{ stackhpc_repo_ubuntu_noble_security_url }} noble-security main universe" + +# List of UCA repositories for Ubuntu Noble. +stackhpc_ubuntu_noble_uca_repos: + - "{{ stackhpc_ubuntu_repo_prefix }}{{ stackhpc_repo_ubuntu_cloud_archive_url }} noble-updates/{{ openstack_release_codename }} main" + +# List of repositories for Ubuntu Noble. +stackhpc_ubuntu_noble_repos: "{{ stackhpc_ubuntu_noble_base_repos + stackhpc_ubuntu_noble_uca_repos }}" + # Whether to revert to the upstream mirrors in built Kolla container images. stackhpc_kolla_clean_up_repo_mirrors: true @@ -280,10 +294,16 @@ kolla_build_blocks: {# We lack the ca-certificates package at this stage, so don't verify the CA initially #} echo 'Acquire::https::Verify-Peer "false";' > /etc/apt/apt.conf.d/90no-verify-peer && \ {% endif %} + {% if kolla_base_distro_version == 'jammy' %} {% for repo in stackhpc_ubuntu_jammy_base_repos %} echo '{{ repo }}' >> /etc/apt/sources.list {% if not loop.last %} && \ {% endif %} {% endfor %} + {% else %} + {% for repo in stackhpc_ubuntu_noble_repos %} + echo '{{ repo }}' >> /etc/apt/sources.list {% if not loop.last %} && \ + {% endif %} + {% endif %} {% endif %} base_centos_repo_overrides_post_yum: | {# fixme #} @@ -309,10 +329,16 @@ kolla_build_blocks: RUN \ rm /etc/apt/sources.list && \ rm -f /etc/apt/apt.conf.d/90no-verify-peer && \ - {% for repo in stackhpc_ubuntu_jammy_repos %} + {% if kolla_base_distro_version == 'jammy' %} + {% for repo in stackhpc_ubuntu_jammy_base_repos %} echo '{{ repo }}' >> /etc/apt/sources.list {% if not loop.last %} && \ {% endif %} {% endfor %} + {% else %} + {% for repo in stackhpc_ubuntu_noble_repos %} + echo '{{ repo }}' >> /etc/apt/sources.list {% if not loop.last %} && \ + {% endif %} + {% endif %} footer: | {% if stackhpc_kolla_clean_up_repo_mirrors | bool %} {% if kolla_base_distro == 'rocky' %} diff --git a/etc/kayobe/kolla/kolla-build.conf b/etc/kayobe/kolla/kolla-build.conf index 96699c2f7..4f8dc71d3 100644 --- a/etc/kayobe/kolla/kolla-build.conf +++ b/etc/kayobe/kolla/kolla-build.conf @@ -2,8 +2,10 @@ {# Packages in the latest upstream Ubuntu base image can be ahead of our package repo #} {# snapshots, so pin to a specific tag. #} {# This tag should be updated when Ubuntu package repo snapshot versions are changed. #} -{% if kolla_base_distro == 'ubuntu' %} +{% if kolla_base_distro == 'ubuntu' and kolla_base_distro_version == 'jammy' %} base_tag = jammy-20240808 +{% elif kolla_base_distro == 'ubuntu' and kolla_base_distro_version == 'noble' %} +base_tag = noble-20250127 {# Similarly pinning to Rocky 9 minor version used in our repos #} {% elif kolla_base_distro == 'rocky' %} base_tag = 9.{{ stackhpc_pulp_repo_rocky_9_minor_version }} diff --git a/etc/kayobe/pulp-host-image-versions.yml b/etc/kayobe/pulp-host-image-versions.yml index a9507e70e..f5443770f 100644 --- a/etc/kayobe/pulp-host-image-versions.yml +++ b/etc/kayobe/pulp-host-image-versions.yml @@ -3,3 +3,4 @@ # These images must be in SMS, since they are used by our AIO CI runners stackhpc_rocky_9_overcloud_host_image_version: "2024.1-20241209T151515" stackhpc_ubuntu_jammy_overcloud_host_image_version: "2024.1-20250408T082408" +stackhpc_ubuntu_noble_overcloud_host_image_version: placeholder diff --git a/etc/kayobe/pulp-ipa-image-versions.yml b/etc/kayobe/pulp-ipa-image-versions.yml index 0ecbdfdc3..1b15362de 100644 --- a/etc/kayobe/pulp-ipa-image-versions.yml +++ b/etc/kayobe/pulp-ipa-image-versions.yml @@ -2,3 +2,4 @@ # IPA image versioning tags stackhpc_rocky_9_ipa_image_version: "2024.1-20241231T102920" stackhpc_ubuntu_jammy_ipa_image_version: "2024.1-20241206T160829" +stackhpc_ubuntu_noble_ipa_image_version: placeholder diff --git a/etc/kayobe/pulp-repo-versions.yml b/etc/kayobe/pulp-repo-versions.yml index 5eb4d3c8a..a4239f5a3 100644 --- a/etc/kayobe/pulp-repo-versions.yml +++ b/etc/kayobe/pulp-repo-versions.yml @@ -8,6 +8,7 @@ stackhpc_pulp_repo_centos_stream_9_opstools_version: 20231213T031318 stackhpc_pulp_repo_centos_stream_9_storage_ceph_reef_version: 20240923T233036 stackhpc_pulp_repo_ceph_reef_debian_version: 20240925T152022 stackhpc_pulp_repo_docker_ce_ubuntu_jammy_version: 20241218T154614 +stackhpc_pulp_repo_docker_ce_ubuntu_noble_version: placeholder stackhpc_pulp_repo_elrepo_9_version: 20241129T235743 stackhpc_pulp_repo_epel_9_version: 20241216T235733 stackhpc_pulp_repo_grafana_version: 20241216T002739 @@ -49,6 +50,8 @@ stackhpc_pulp_repo_rocky_9_sig_security_common_version: 20241127T003858 stackhpc_pulp_repo_ubuntu_cloud_archive_version: 20250408T063025 stackhpc_pulp_repo_ubuntu_jammy_security_version: 20250408T085614 stackhpc_pulp_repo_ubuntu_jammy_version: 20250408T085614 +stackhpc_pulp_repo_ubuntu_noble_security_version: placeholder +stackhpc_pulp_repo_ubuntu_noble_version: placeholder stackhpc_pulp_repo_rhel_9_4_doca_version: 20241211T153620 stackhpc_pulp_repo_rhel_9_4_doca_modules_version: 20241213T112245 stackhpc_pulp_repo_rhel_9_5_doca_version: 20241211T171301 diff --git a/etc/kayobe/pulp.yml b/etc/kayobe/pulp.yml index 43de35091..5b4cd77a3 100644 --- a/etc/kayobe/pulp.yml +++ b/etc/kayobe/pulp.yml @@ -62,7 +62,8 @@ stackhpc_pulp_sync_for_local_container_build: false # Debs # Whether to sync Ubuntu packages. -stackhpc_pulp_sync_ubuntu_jammy: "{{ os_distribution == 'ubuntu' }}" +stackhpc_pulp_sync_ubuntu_jammy: "{{ os_release == 'jammy' }}" +stackhpc_pulp_sync_ubuntu_noble: "{{ os_release == 'noble' }}" # Default configuration, which each element of stackhpc_pulp_deb_repos # is combined with @@ -104,6 +105,23 @@ stackhpc_pulp_deb_repos: distributions: "pulp" required: "{{ stackhpc_pulp_sync_ubuntu_jammy | bool }}" + # Base Ubuntu Noble repositories + - name: "Ubuntu Noble" + url: "{{ stackhpc_release_pulp_content_url }}/ubuntu/noble/{{ stackhpc_pulp_repo_ubuntu_noble_version }}" + distribution_name: "ubuntu-noble-" + base_path: "ubuntu/noble/" + components: "main restricted universe multiverse" + distributions: "noble noble-updates noble-backports" + required: "{{ stackhpc_pulp_sync_ubuntu_noble | bool }}" + + - name: "Ubuntu Noble security" + url: "{{ stackhpc_release_pulp_content_url }}/ubuntu/noble-security/{{ stackhpc_pulp_repo_ubuntu_noble_security_version }}" + distribution_name: "ubuntu-noble-security-" + base_path: "ubuntu/noble-security/" + components: "main restricted universe multiverse" + distributions: "noble-security" + required: "{{ stackhpc_pulp_sync_ubuntu_noble | bool }}" + # Ubuntu Cloud Archive (UCA) repositories - name: "Ubuntu Cloud Archive" url: "{{ stackhpc_release_pulp_content_url }}/ubuntu-cloud-archive/{{ stackhpc_pulp_repo_ubuntu_cloud_archive_version }}" @@ -122,6 +140,14 @@ stackhpc_pulp_deb_repos: components: "stable" required: "{{ stackhpc_pulp_sync_ubuntu_jammy | bool }}" + - name: "Docker CE for Ubuntu Noble" + url: "{{ stackhpc_release_pulp_content_url }}/docker-ce/ubuntu-noble/{{ stackhpc_pulp_repo_docker_ce_ubuntu_noble_version }}" + distribution_name: "docker-ce-for-ubuntu-noble-" + base_path: "docker-ce/ubuntu-noble/" + distributions: "noble" + components: "stable" + required: "{{ stackhpc_pulp_sync_ubuntu_noble | bool }}" + - name: "Ceph Reef for Debian" url: "{{ stackhpc_release_pulp_content_url }}/ceph/debian-reef/{{ stackhpc_pulp_repo_ceph_reef_debian_version }}" distribution_name: "ceph-reef-debian-" @@ -560,6 +586,7 @@ stackhpc_pulp_images_kolla: # List of images for each base distribution which should not/cannot be built. stackhpc_kolla_unbuildable_images: ubuntu-jammy: [] + ubuntu-noble: [] rocky-9: [] # Whitespace-separated list of regular expressions matching Kolla image names. diff --git a/etc/kayobe/stackhpc-ipa-images.yml b/etc/kayobe/stackhpc-ipa-images.yml index 2246e678a..3c6a0a62c 100644 --- a/etc/kayobe/stackhpc-ipa-images.yml +++ b/etc/kayobe/stackhpc-ipa-images.yml @@ -17,4 +17,5 @@ stackhpc_ipa_image_url: "{{ stackhpc_release_pulp_content_url }}/ipa-images/\ # IPA image version tag selection stackhpc_ipa_image_version: >- {{ stackhpc_rocky_9_ipa_image_version if os_distribution == 'rocky' and os_release == '9' else - stackhpc_ubuntu_jammy_ipa_image_version if os_distribution == 'ubuntu' and os_release == 'jammy' }} + stackhpc_ubuntu_jammy_ipa_image_version if os_distribution == 'ubuntu' and os_release == 'jammy' else + stackhpc_ubuntu_noble_ipa_image_version if os_distribution == 'ubuntu' and os_release == 'noble' }} diff --git a/etc/kayobe/stackhpc-overcloud-host-images.yml b/etc/kayobe/stackhpc-overcloud-host-images.yml index e9de707e1..48cc04c37 100644 --- a/etc/kayobe/stackhpc-overcloud-host-images.yml +++ b/etc/kayobe/stackhpc-overcloud-host-images.yml @@ -22,4 +22,5 @@ stackhpc_overcloud_host_image_url: "{{ stackhpc_release_pulp_content_url_with_au # Overcloud host image version tag selection stackhpc_overcloud_host_image_version: >- {{ stackhpc_rocky_9_overcloud_host_image_version if os_distribution == 'rocky' and os_release == '9' else - stackhpc_ubuntu_jammy_overcloud_host_image_version if os_distribution == 'ubuntu' and os_release == 'jammy' }} + stackhpc_ubuntu_jammy_overcloud_host_image_version if os_distribution == 'ubuntu' and os_release == 'jammy' else + stackhpc_ubuntu_noble_overcloud_host_image_version if os_distribution == 'ubuntu' and os_release == 'noble' }} diff --git a/etc/kayobe/stackhpc.yml b/etc/kayobe/stackhpc.yml index 89d27d63c..8b045f12b 100644 --- a/etc/kayobe/stackhpc.yml +++ b/etc/kayobe/stackhpc.yml @@ -41,6 +41,14 @@ stackhpc_repo_ubuntu_jammy_security_version: "{{ stackhpc_repo_distribution }}" stackhpc_repo_ubuntu_jammy_cve_2024_6387_url: "{{ stackhpc_repo_mirror_url }}/pulp/content/ubuntu-jammy-cve-2024-6387/{{ stackhpc_repo_ubuntu_jammy_cve_2024_6387_version }}" stackhpc_repo_ubuntu_jammy_cve_2024_6387_version: "{{ stackhpc_repo_distribution }}" +# Ubuntu noble +stackhpc_repo_ubuntu_noble_url: "{{ stackhpc_repo_mirror_url }}/pulp/content/ubuntu/noble/{{ stackhpc_repo_ubuntu_noble_version }}" +stackhpc_repo_ubuntu_noble_version: "{{ stackhpc_repo_distribution }}" + +# Ubuntu noble security +stackhpc_repo_ubuntu_noble_security_url: "{{ stackhpc_repo_mirror_url }}/pulp/content/ubuntu/noble-security/{{ stackhpc_repo_ubuntu_noble_security_version }}" +stackhpc_repo_ubuntu_noble_security_version: "{{ stackhpc_repo_distribution }}" + # Ubuntu Cloud Archive stackhpc_repo_ubuntu_cloud_archive_url: "{{ stackhpc_repo_mirror_url }}/pulp/content/ubuntu-cloud-archive/{{ stackhpc_repo_ubuntu_cloud_archive_version }}" stackhpc_repo_ubuntu_cloud_archive_version: "{{ stackhpc_repo_distribution }}" @@ -49,6 +57,10 @@ stackhpc_repo_ubuntu_cloud_archive_version: "{{ stackhpc_repo_distribution }}" stackhpc_repo_docker_ce_ubuntu_jammy_url: "{{ stackhpc_repo_mirror_url }}/pulp/content/docker-ce/ubuntu-jammy/{{ stackhpc_repo_docker_ce_ubuntu_jammy_version }}" stackhpc_repo_docker_ce_ubuntu_jammy_version: "{{ stackhpc_repo_distribution }}" +# Docker CE for Ubuntu Noble +stackhpc_repo_docker_ce_ubuntu_noble_url: "{{ stackhpc_repo_mirror_url }}/pulp/content/docker-ce/ubuntu-noble/{{ stackhpc_repo_docker_ce_ubuntu_noble_version }}" +stackhpc_repo_docker_ce_ubuntu_noble_version: "{{ stackhpc_repo_distribution }}" + # Ceph Reef for Debian stackhpc_repo_ceph_reef_debian_url: "{{ stackhpc_repo_mirror_url }}/pulp/content/ceph/debian-reef/{{ stackhpc_repo_ceph_reef_debian_version }}" stackhpc_repo_ceph_reef_debian_version: "{{ stackhpc_repo_distribution }}" diff --git a/tools/kolla-images.py b/tools/kolla-images.py index 1065db034..6ca651a67 100755 --- a/tools/kolla-images.py +++ b/tools/kolla-images.py @@ -101,6 +101,7 @@ SUPPORTED_BASE_DISTROS = [ "rocky-9", "ubuntu-jammy", + "ubuntu-noble", ] diff --git a/tools/ubuntu-upgrade-infra-vm.sh b/tools/ubuntu-upgrade-infra-vm.sh index 8d5810174..8316021b4 100755 --- a/tools/ubuntu-upgrade-infra-vm.sh +++ b/tools/ubuntu-upgrade-infra-vm.sh @@ -29,6 +29,6 @@ fi set -x -kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/ubuntu-upgrade.yml -e os_release=jammy --limit $1 +kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/ubuntu-upgrade.yml -e os_release=noble --limit $1 -kayobe infra vm host configure --limit $1 -e os_release=jammy +kayobe infra vm host configure --limit $1 -e os_release=noble diff --git a/tools/ubuntu-upgrade-overcloud.sh b/tools/ubuntu-upgrade-overcloud.sh index 50959c263..14271c3d1 100755 --- a/tools/ubuntu-upgrade-overcloud.sh +++ b/tools/ubuntu-upgrade-overcloud.sh @@ -29,8 +29,8 @@ fi set -x -kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/ubuntu-upgrade.yml -e os_release=jammy --limit $1 +kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/ubuntu-upgrade.yml -e os_release=noble --limit $1 kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/ovn-fix-chassis-priorities.yml -kayobe overcloud host configure --limit $1 --kolla-limit $1 -e os_release=jammy +kayobe overcloud host configure --limit $1 --kolla-limit $1 -e os_release=noble diff --git a/tools/ubuntu-upgrade-seed-hypervisor.sh b/tools/ubuntu-upgrade-seed-hypervisor.sh index ad09f2b34..d34e58b26 100755 --- a/tools/ubuntu-upgrade-seed-hypervisor.sh +++ b/tools/ubuntu-upgrade-seed-hypervisor.sh @@ -24,6 +24,6 @@ fi set -x -kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/ubuntu-upgrade.yml -e os_release=jammy --limit seed-hypervisor +kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/ubuntu-upgrade.yml -e os_release=noble --limit seed-hypervisor kayobe seed hypervisor host configure diff --git a/tools/ubuntu-upgrade-seed.sh b/tools/ubuntu-upgrade-seed.sh index 4a48d5f36..d4191da46 100755 --- a/tools/ubuntu-upgrade-seed.sh +++ b/tools/ubuntu-upgrade-seed.sh @@ -24,6 +24,6 @@ fi set -x -kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/ubuntu-upgrade.yml -e os_release=jammy --limit seed +kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/ubuntu-upgrade.yml -e os_release=noble --limit seed kayobe seed host configure From fc36ed85d4660db2db67b806ec1ee3a5ab4857f0 Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Wed, 2 Apr 2025 13:23:34 +0100 Subject: [PATCH 02/17] Add Noble pulp repo versions for Caracal Also updated UCA and Jammy repos --- etc/kayobe/kolla.yml | 2 ++ etc/kayobe/pulp-repo-versions.yml | 12 ++++++------ 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/etc/kayobe/kolla.yml b/etc/kayobe/kolla.yml index 15fbf3fd5..e8d3f646e 100644 --- a/etc/kayobe/kolla.yml +++ b/etc/kayobe/kolla.yml @@ -303,6 +303,7 @@ kolla_build_blocks: {% for repo in stackhpc_ubuntu_noble_repos %} echo '{{ repo }}' >> /etc/apt/sources.list {% if not loop.last %} && \ {% endif %} + {% endfor %} {% endif %} {% endif %} base_centos_repo_overrides_post_yum: | @@ -338,6 +339,7 @@ kolla_build_blocks: {% for repo in stackhpc_ubuntu_noble_repos %} echo '{{ repo }}' >> /etc/apt/sources.list {% if not loop.last %} && \ {% endif %} + {% endfor %} {% endif %} footer: | {% if stackhpc_kolla_clean_up_repo_mirrors | bool %} diff --git a/etc/kayobe/pulp-repo-versions.yml b/etc/kayobe/pulp-repo-versions.yml index a4239f5a3..2c22d0b32 100644 --- a/etc/kayobe/pulp-repo-versions.yml +++ b/etc/kayobe/pulp-repo-versions.yml @@ -8,7 +8,7 @@ stackhpc_pulp_repo_centos_stream_9_opstools_version: 20231213T031318 stackhpc_pulp_repo_centos_stream_9_storage_ceph_reef_version: 20240923T233036 stackhpc_pulp_repo_ceph_reef_debian_version: 20240925T152022 stackhpc_pulp_repo_docker_ce_ubuntu_jammy_version: 20241218T154614 -stackhpc_pulp_repo_docker_ce_ubuntu_noble_version: placeholder +stackhpc_pulp_repo_docker_ce_ubuntu_noble_version: 20250401T001425 stackhpc_pulp_repo_elrepo_9_version: 20241129T235743 stackhpc_pulp_repo_epel_9_version: 20241216T235733 stackhpc_pulp_repo_grafana_version: 20241216T002739 @@ -47,11 +47,11 @@ stackhpc_pulp_repo_rocky_9_5_crb_version: 20241217T005008 stackhpc_pulp_repo_rocky_9_5_extras_version: 20241216T004230 stackhpc_pulp_repo_rocky_9_5_highavailability_version: 20241202T003154 stackhpc_pulp_repo_rocky_9_sig_security_common_version: 20241127T003858 -stackhpc_pulp_repo_ubuntu_cloud_archive_version: 20250408T063025 -stackhpc_pulp_repo_ubuntu_jammy_security_version: 20250408T085614 -stackhpc_pulp_repo_ubuntu_jammy_version: 20250408T085614 -stackhpc_pulp_repo_ubuntu_noble_security_version: placeholder -stackhpc_pulp_repo_ubuntu_noble_version: placeholder +stackhpc_pulp_repo_ubuntu_cloud_archive_version: 20250416T042645 +stackhpc_pulp_repo_ubuntu_jammy_security_version: 20250417T070229 +stackhpc_pulp_repo_ubuntu_jammy_version: 20250417T070229 +stackhpc_pulp_repo_ubuntu_noble_security_version: 20250417T033501 +stackhpc_pulp_repo_ubuntu_noble_version: 20250417T033501 stackhpc_pulp_repo_rhel_9_4_doca_version: 20241211T153620 stackhpc_pulp_repo_rhel_9_4_doca_modules_version: 20241213T112245 stackhpc_pulp_repo_rhel_9_5_doca_version: 20241211T171301 From b68407d54dbed4608bfa5e35ee019697f36e1cab Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Wed, 2 Apr 2025 13:57:34 +0100 Subject: [PATCH 03/17] Create caracal-noble workflows --- .github/workflows/ipa-image-build.yml | 66 +++++++++++++++- .github/workflows/ipa-image-promote.yml | 20 ++++- .github/workflows/multinode-inputs.py | 2 + .../workflows/overcloud-host-image-build.yml | 78 ++++++++++++++++++- .../overcloud-host-image-promote.yml | 20 ++++- .../workflows/overcloud-host-image-upload.yml | 51 +++++++++++- .../stackhpc-container-image-build.yml | 40 ++++++---- 7 files changed, 256 insertions(+), 21 deletions(-) diff --git a/.github/workflows/ipa-image-build.yml b/.github/workflows/ipa-image-build.yml index a4712c429..ac4f6be50 100644 --- a/.github/workflows/ipa-image-build.yml +++ b/.github/workflows/ipa-image-build.yml @@ -11,6 +11,10 @@ on: description: Build Ubuntu 22.04 Jammy type: boolean default: true + ubuntu-noble: + description: Build Ubuntu 24.04 Noble + type: boolean + default: true runner_env: description: Which cloud to run on? type: choice @@ -271,6 +275,65 @@ jobs: KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} if: inputs.ubuntu-jammy && steps.build_ubuntu_jammy_ipa.outcome == 'success' + - name: Build a Ubuntu 24.04 Noble IPA image + id: build_ubuntu_noble_ipa + continue-on-error: true + run: | + source venvs/kayobe/bin/activate && + source src/kayobe-config/kayobe-env --environment ci-builder && + kayobe overcloud deployment image build --force-rebuild \ + -e os_distribution="ubuntu" \ + -e os_release="noble" \ + -e ipa_ci_builder_distribution="ubuntu" \ + -e ipa_ci_builder_release="noble" + env: + KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} + if: inputs.ubuntu-noble + + - name: Show last error logs + continue-on-error: true + run: | + source venvs/kayobe/bin/activate && + source src/kayobe-config/kayobe-env --environment ci-builder && + kayobe seed host command run --command "tail -200 /opt/kayobe/images/ipa/ipa.stdout" --show-output + env: + KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} + if: steps.build_ubuntu_noble_ipa.outcome == 'failure' + + - name: Upload Ubuntu 24.04 Noble IPA kernel image to Ark + run: | + source venvs/kayobe/bin/activate && + source src/kayobe-config/kayobe-env --environment ci-builder && + kayobe playbook run \ + src/kayobe-config/etc/kayobe/ansible/pulp-artifact-upload.yml \ + -e artifact_path=/opt/kayobe/images/ipa \ + -e artifact_type=ipa-images \ + -e artifact_tag=${{ steps.ipa_image_tag.outputs.ipa_image_tag }} \ + -e os_distribution="ubuntu" \ + -e os_release="noble" \ + -e file_regex='*.kernel' \ + -e upload_checksum=true + env: + KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} + if: inputs.ubuntu-noble && steps.build_ubuntu_noble_ipa.outcome == 'success' + + - name: Upload Ubuntu 24.04 Noble IPA ramdisk image to Ark + run: | + source venvs/kayobe/bin/activate && + source src/kayobe-config/kayobe-env --environment ci-builder && + kayobe playbook run \ + src/kayobe-config/etc/kayobe/ansible/pulp-artifact-upload.yml \ + -e artifact_path=/opt/kayobe/images/ipa \ + -e artifact_type=ipa-images \ + -e artifact_tag=${{ steps.ipa_image_tag.outputs.ipa_image_tag }} \ + -e os_distribution="ubuntu" \ + -e os_release="noble" \ + -e file_regex='*.initramfs' \ + -e upload_checksum=true + env: + KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} + if: inputs.ubuntu-noble && steps.build_ubuntu_noble_ipa.outcome == 'success' + - name: Build a Rocky 9 IPA image id: build_rocky_9_ipa continue-on-error: true @@ -348,7 +411,8 @@ jobs: echo "Builds failed. See workflow artifacts for details." && exit 1 if: steps.build_rocky_9_ipa.outcome == 'failure' || - steps.build_ubuntu_jammy_ipa.outcome == 'failure' + steps.build_ubuntu_jammy_ipa.outcome == 'failure' || + steps.build_ubuntu_noble_ipa.outcome == 'failure' - name: Destroy run: terraform destroy -auto-approve diff --git a/.github/workflows/ipa-image-promote.yml b/.github/workflows/ipa-image-promote.yml index acba60194..4ee9d5800 100644 --- a/.github/workflows/ipa-image-promote.yml +++ b/.github/workflows/ipa-image-promote.yml @@ -11,6 +11,10 @@ on: description: Promote Ubuntu 22.04 Jammy type: boolean default: true + ubuntu-noble: + description: Promote Ubuntu 24.04 Noble + type: boolean + default: true image_tag: description: Tag to promote type: string @@ -25,7 +29,7 @@ jobs: steps: - name: Validate inputs run: | - if [[ ${{ inputs.rocky9 }} == 'false' && ${{ inputs.ubuntu-jammy }} == 'false' ]]; then + if [[ ${{ inputs.rocky9 }} == 'false' && ${{ inputs.ubuntu-jammy }} == 'false' && ${{ inputs.ubuntu-noble }} == 'false' ]]; then echo "At least one distribution must be selected" exit 1 fi @@ -98,3 +102,17 @@ jobs: ARTIFACT_TAG: ${{ inputs.image_tag }} KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} if: inputs.ubuntu-jammy + + - name: Promote Ubuntu Noble 24.04 IPA image artifact + run: | + source venvs/kayobe/bin/activate && + source src/kayobe-config/kayobe-env --environment ci-builder && + kayobe playbook run \ + src/kayobe-config/etc/kayobe/ansible/pulp-artifact-promote.yml \ + -e artifact_type="ipa-images" \ + -e os_distribution='ubuntu' \ + -e os_release='noble' + env: + ARTIFACT_TAG: ${{ inputs.image_tag }} + KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} + if: inputs.ubuntu-noble diff --git a/.github/workflows/multinode-inputs.py b/.github/workflows/multinode-inputs.py index 6971bf778..6f09ba4f2 100644 --- a/.github/workflows/multinode-inputs.py +++ b/.github/workflows/multinode-inputs.py @@ -31,10 +31,12 @@ class Scenario: ROCKY_9 = OSRelease("rocky", "9", "cloud-user") UBUNTU_JAMMY = OSRelease("ubuntu", "jammy", "ubuntu") +UBUNTU_NOBLE = OSRelease("ubuntu", "noble", "ubuntu") # NOTE(upgrade): Add supported releases here. OPENSTACK_RELEASES = [ OpenStackRelease("2024.1", "2023.1", [ROCKY_9, UBUNTU_JAMMY]), OpenStackRelease("2023.1", "zed", [ROCKY_9, UBUNTU_JAMMY]), + OpenStackRelease("master", "2024.1", [ROCKY_9, UBUNTU_NOBLE]) ] NEUTRON_PLUGINS = ["ovs", "ovn"] diff --git a/.github/workflows/overcloud-host-image-build.yml b/.github/workflows/overcloud-host-image-build.yml index a0c98c98f..905e6d7b0 100644 --- a/.github/workflows/overcloud-host-image-build.yml +++ b/.github/workflows/overcloud-host-image-build.yml @@ -11,6 +11,10 @@ on: description: Build Ubuntu 22.04 Jammy type: boolean default: true + ubuntu-noble: + description: Build Ubuntu 24.04 Noble + type: boolean + default: true runner_env: description: Which cloud to run on? type: choice @@ -48,7 +52,7 @@ jobs: steps: - name: Validate inputs run: | - if [[ ${{ inputs.rocky9 }} == 'false' && ${{ inputs.ubuntu-jammy }} == 'false' ]]; then + if [[ ${{ inputs.rocky9 }} == 'false' && ${{ inputs.ubuntu-jammy }} == 'false' && ${{ inputs.ubuntu-noble }} == 'false' ]]; then echo "At least one distribution must be selected" exit 1 fi @@ -360,6 +364,75 @@ jobs: OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET_OTHER_CLOUD }} if: inputs.ubuntu-jammy && steps.build_ubuntu_jammy.outcome == 'success' + - name: Build an Ubuntu Noble 24.04 overcloud host image + id: build_ubuntu_noble + continue-on-error: true + run: | + source venvs/kayobe/bin/activate && + source src/kayobe-config/kayobe-env --environment ci-builder && + kayobe overcloud host image build --force-rebuild \ + -e os_distribution="ubuntu" \ + -e os_release="noble" \ + -e stackhpc_overcloud_dib_name=overcloud-ubuntu-noble + env: + KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} + if: inputs.ubuntu-noble + + - name: Show last error logs + continue-on-error: true + run: | + source venvs/kayobe/bin/activate && + source src/kayobe-config/kayobe-env --environment ci-builder && + kayobe seed host command run --command "tail -200 /opt/kayobe/images/overcloud-ubuntu-noble/overcloud-ubuntu-noble.stdout" --show-output + env: + KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} + if: steps.build_ubuntu_noble.outcome == 'failure' + + - name: Upload Ubuntu Noble 24.04 overcloud host image to Ark + run: | + source venvs/kayobe/bin/activate && + source src/kayobe-config/kayobe-env --environment ci-builder && + kayobe playbook run \ + src/kayobe-config/etc/kayobe/ansible/pulp-artifact-upload.yml \ + -e artifact_path=/opt/kayobe/images/overcloud-ubuntu-noble \ + -e artifact_tag=${{ steps.host_image_tag.outputs.host_image_tag }} \ + -e artifact_type="kayobe-images" \ + -e file_regex="*.qcow2" \ + -e os_distribution="ubuntu" \ + -e os_release="noble" + env: + KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} + if: inputs.ubuntu-noble && steps.build_ubuntu_noble.outcome == 'success' + + - name: Upload Ubuntu Noble overcloud host image to current Dev Cloud (SMS/Leafcloud) + run: | + source venvs/kayobe/bin/activate && + source src/kayobe-config/kayobe-env --environment ci-builder && + kayobe playbook run \ + src/kayobe-config/etc/kayobe/ansible/openstack-host-image-upload.yml \ + -e local_image_path="/opt/kayobe/images/overcloud-ubuntu-noble/overcloud-ubuntu-noble.qcow2" \ + -e image_name=overcloud-ubuntu-noble-${{ steps.host_image_tag.outputs.host_image_tag }} + env: + CLOUDS_YAML: ${{ secrets.CLOUDS_YAML }} + OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }} + OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }} + if: inputs.ubuntu-noble && steps.build_ubuntu_noble.outcome == 'success' + + - name: Upload Ubuntu Noble overcloud host image to other Dev Cloud (Leafcloud/SMS) + run: | + source venvs/kayobe/bin/activate && + source src/kayobe-config/kayobe-env --environment ci-builder && + kayobe playbook run \ + src/kayobe-config/etc/kayobe/ansible/openstack-host-image-upload.yml \ + -e local_image_path="/opt/kayobe/images/overcloud-ubuntu-noble/overcloud-ubuntu-noble.qcow2" \ + -e image_name=overcloud-ubuntu-noble-${{ steps.host_image_tag.outputs.host_image_tag }} + env: + CLOUDS_YAML: ${{ secrets.CLOUDS_YAML_OTHER_CLOUD }} + OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID_OTHER_CLOUD }} + OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET_OTHER_CLOUD }} + if: inputs.ubuntu-noble && steps.build_ubuntu_noble.outcome == 'success' + + - name: Copy logs back continue-on-error: true run: | @@ -373,7 +446,8 @@ jobs: echo "Builds failed. See workflow artifacts for details." && exit 1 if: steps.build_rocky_9.outcome == 'failure' || - steps.build_ubuntu_jammy.outcome == 'failure' + steps.build_ubuntu_jammy.outcome == 'failure' || + steps.build_ubuntu_noble.outcome == 'failure' - name: Upload logs artifact uses: actions/upload-artifact@v4 diff --git a/.github/workflows/overcloud-host-image-promote.yml b/.github/workflows/overcloud-host-image-promote.yml index f6e167d45..a2f047641 100644 --- a/.github/workflows/overcloud-host-image-promote.yml +++ b/.github/workflows/overcloud-host-image-promote.yml @@ -11,6 +11,10 @@ on: description: Promote Ubuntu 22.04 Jammy type: boolean default: true + ubuntu-noble: + description: Promote Ubuntu 24.04 Noble + type: boolean + default: true image_tag: description: Tag to promote type: string @@ -25,7 +29,7 @@ jobs: steps: - name: Validate inputs run: | - if [[ ${{ inputs.rocky9 }} == 'false' && ${{ inputs.ubuntu-jammy }} == 'false' ]]; then + if [[ ${{ inputs.rocky9 }} == 'false' && ${{ inputs.ubuntu-jammy }} == 'false' && ${{ inputs.ubuntu-noble }} == 'false' ]]; then echo "At least one distribution must be selected" exit 1 fi @@ -98,3 +102,17 @@ jobs: ARTIFACT_TAG: ${{ inputs.image_tag }} KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} if: inputs.ubuntu-jammy + + - name: Promote Ubuntu Noble 24.04 overcloud host image artifact + run: | + source venvs/kayobe/bin/activate && + source src/kayobe-config/kayobe-env --environment ci-builder && + kayobe playbook run \ + src/kayobe-config/etc/kayobe/ansible/pulp-artifact-promote.yml \ + -e artifact_type="kayobe-images" \ + -e os_distribution='ubuntu' \ + -e os_release='noble' + env: + ARTIFACT_TAG: ${{ inputs.image_tag }} + KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} + if: inputs.ubuntu-noble diff --git a/.github/workflows/overcloud-host-image-upload.yml b/.github/workflows/overcloud-host-image-upload.yml index d9d9e3f7c..981435f9a 100644 --- a/.github/workflows/overcloud-host-image-upload.yml +++ b/.github/workflows/overcloud-host-image-upload.yml @@ -11,6 +11,10 @@ on: description: Upload Ubuntu 22.04 Jammy type: boolean default: true + ubuntu-noble: + description: Upload Ubuntu 24.04 Noble + type: boolean + default: true kayobe-environment: description: Kayobe environment to use type: string @@ -50,7 +54,7 @@ jobs: steps: - name: Validate inputs run: | - if [[ ${{ inputs.rocky9 }} == 'false' && ${{ inputs.ubuntu-jammy }} == 'false' ]]; then + if [[ ${{ inputs.rocky9 }} == 'false' && ${{ inputs.ubuntu-jammy }} == 'false' && ${{ inputs.ubuntu-noble }} == 'false' ]]; then echo "At least one distribution must be selected" exit 1 fi @@ -185,3 +189,48 @@ jobs: OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }} OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }} if: inputs.ubuntu-jammy && steps.ubuntu_jammy_image_exists.outcome == 'failure' + + - name: Output Ubuntu Noble image tag + id: ubuntu_noble_image_tag + run: | + echo image_tag=$(grep stackhpc_ubuntu_noble_overcloud_host_image_version: src/kayobe-config/etc/kayobe/pulp-host-image-versions.yml | awk '{print $2}') >> $GITHUB_OUTPUT + + - name: Check if image exists already + id: ubuntu_noble_image_exists + run: | + source venvs/kayobe/bin/activate && + openstack image show \ + overcloud-ubuntu-noble-${{ steps.ubuntu_noble_image_tag.outputs.image_tag }} + env: + OS_CLOUD: openstack + OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }} + OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }} + continue-on-error: true + + - name: Download Ubuntu Noble 24.04 overcloud host image from Ark + run: | + source venvs/kayobe/bin/activate && + source src/kayobe-config/kayobe-env --environment ${{ inputs.kayobe-environment }} && + kayobe playbook run \ + src/kayobe-config/etc/kayobe/ansible/pulp-host-image-download.yml \ + -e os_distribution="ubuntu" \ + -e os_release="noble" + env: + KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} + if: inputs.ubuntu-noble && steps.ubuntu_noble_image_exists.outcome == 'failure' + + - name: Upload Ubuntu Noble 24.04 overcloud host image to Cloud + run: | + source venvs/kayobe/bin/activate && + openstack image create \ + overcloud-ubuntu-noble-${{ steps.ubuntu_noble_image_tag.outputs.image_tag }} \ + --container-format bare \ + --disk-format qcow2 \ + --file /tmp/ubuntu-noble.qcow2 \ + --private \ + --progress + env: + OS_CLOUD: openstack + OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }} + OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }} + if: inputs.ubuntu-noble && steps.ubuntu_noble_image_exists.outcome == 'failure' diff --git a/.github/workflows/stackhpc-container-image-build.yml b/.github/workflows/stackhpc-container-image-build.yml index 059731283..8e7842e95 100644 --- a/.github/workflows/stackhpc-container-image-build.yml +++ b/.github/workflows/stackhpc-container-image-build.yml @@ -28,6 +28,11 @@ on: type: boolean required: false default: true + ubuntu-noble: + description: Build Ubuntu Noble 24.04 images? + type: boolean + required: false + default: true push: description: Whether to push images type: boolean @@ -61,7 +66,7 @@ jobs: steps: - name: Validate inputs run: | - if [[ ${{ inputs.rocky-linux-9 }} == 'false' && ${{ inputs.ubuntu-jammy }} == 'false' ]]; then + if [[ ${{ inputs.rocky-linux-9 }} == 'false' && ${{ inputs.ubuntu-jammy }} == 'false' && ${{ inputs.ubuntu-noble }} == 'false' ]]; then echo "At least one distribution must be selected" exit 1 fi @@ -92,17 +97,20 @@ jobs: - name: Generate build matrix id: set-matrix run: | - comma="" - echo -n "matrix={\"distro\": [" >> $GITHUB_OUTPUT + output="{'distro': [" if [[ ${{ inputs.rocky-linux-9 }} == 'true' ]]; then - echo -n "$comma\"rocky\"" >> $GITHUB_OUTPUT - comma=", " + output+="{'name': 'rocky', 'release': 9}," fi if [[ ${{ inputs.ubuntu-jammy }} == 'true' ]]; then - echo -n "$comma\"ubuntu\"" >> $GITHUB_OUTPUT - comma=", " + output+="{'name': 'ubuntu', 'release': 'jammy'}," + fi + if [[ ${{ inputs.ubuntu-noble }} == 'true' ]]; then + output+="{'name': 'ubuntu', 'release': 'noble'}," fi - echo "]}" >> $GITHUB_OUTPUT + # remove trailing comma + output="${output%,}" + output+="]}" + echo "matrix=$output" >> $GITHUB_OUTPUT - name: Display container datetime tag run: | @@ -173,7 +181,7 @@ jobs: - name: Get Kolla tag id: write-kolla-tag - run: echo "kolla-tag=${{ needs.generate-tag.outputs.openstack_release }}-${{ matrix.distro }}-${{ matrix.distro == 'rocky' && '9' || 'jammy' }}-${{ needs.generate-tag.outputs.datetime_tag }}" >> $GITHUB_OUTPUT + run: echo "kolla-tag=${{ needs.generate-tag.outputs.openstack_release }}-${{ matrix.distro.name }}-${{ matrix.distro.release }}-${{ needs.generate-tag.outputs.datetime_tag }}" >> $GITHUB_OUTPUT - name: Configure localhost as a seed run: | @@ -203,7 +211,8 @@ jobs: continue-on-error: true run: | args="${{ inputs.regexes }}" - args="$args -e kolla_base_distro=${{ matrix.distro }}" + args="$args -e kolla_base_distro=${{ matrix.distro.name }}" + args="$args -e kolla_base_distro_version=${{ matrix.distro.release }}" args="$args -e kolla_tag=${{ steps.write-kolla-tag.outputs.kolla-tag }}" args="$args -e stackhpc_repo_mirror_auth_proxy_enabled=true" source venvs/kayobe/bin/activate && @@ -221,7 +230,8 @@ jobs: id: build_seed_images continue-on-error: true run: | - args="-e kolla_base_distro=${{ matrix.distro }}" + args="-e kolla_base_distro=${{ matrix.distro.name }}" + args="$args -e kolla_base_distro_version=${{ matrix.distro.release }}" args="$args -e kolla_tag=${{ steps.write-kolla-tag.outputs.kolla-tag }}" args="$args -e stackhpc_repo_mirror_auth_proxy_enabled=true" source venvs/kayobe/bin/activate && @@ -236,13 +246,13 @@ jobs: if: inputs.seed - name: Get built container images - run: docker image ls --filter "reference=ark.stackhpc.com/stackhpc-dev/*:${{ steps.write-kolla-tag.outputs.kolla-tag }}" > ${{ matrix.distro }}-container-images + run: docker image ls --filter "reference=ark.stackhpc.com/stackhpc-dev/*:${{ steps.write-kolla-tag.outputs.kolla-tag }}" > ${{ matrix.distro.name }}-${{ matrix.distro.release }}-container-images - name: Fail if no images have been built - run: if [ $(wc -l < ${{ matrix.distro }}-container-images) -le 1 ]; then exit 1; fi + run: if [ $(wc -l < ${{ matrix.distro.name }}-${{ matrix.distro.release }}-container-images) -le 1 ]; then exit 1; fi - name: Scan built container images - run: src/kayobe-config/tools/scan-images.sh ${{ matrix.distro }} ${{ steps.write-kolla-tag.outputs.kolla-tag }} + run: src/kayobe-config/tools/scan-images.sh ${{ matrix.distro.name }}-${{ matrix.distro.release }} ${{ steps.write-kolla-tag.outputs.kolla-tag }} - name: Move image scan logs to output artifact run: mv image-scan-output image-build-logs/image-scan-output @@ -297,7 +307,7 @@ jobs: - name: Upload output artifact uses: actions/upload-artifact@v4 with: - name: ${{ matrix.distro }}-logs + name: ${{ matrix.distro.name }}-${{ matrix.distro.release }}-logs path: image-build-logs retention-days: 7 if: ${{ !cancelled() }} From b53d179aef86d49266e766869c980d5cc5b12119 Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Thu, 3 Apr 2025 09:33:08 +0100 Subject: [PATCH 04/17] Remove unnecessary UCA repo for Caracal Noble --- etc/kayobe/kolla.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/etc/kayobe/kolla.yml b/etc/kayobe/kolla.yml index e8d3f646e..d02e7a957 100644 --- a/etc/kayobe/kolla.yml +++ b/etc/kayobe/kolla.yml @@ -262,8 +262,7 @@ stackhpc_ubuntu_noble_base_repos: - "{{ stackhpc_ubuntu_repo_prefix }}{{ stackhpc_repo_ubuntu_noble_security_url }} noble-security main universe" # List of UCA repositories for Ubuntu Noble. -stackhpc_ubuntu_noble_uca_repos: - - "{{ stackhpc_ubuntu_repo_prefix }}{{ stackhpc_repo_ubuntu_cloud_archive_url }} noble-updates/{{ openstack_release_codename }} main" +stackhpc_ubuntu_noble_uca_repos: [] # List of repositories for Ubuntu Noble. stackhpc_ubuntu_noble_repos: "{{ stackhpc_ubuntu_noble_base_repos + stackhpc_ubuntu_noble_uca_repos }}" From eb34913f47cc22eaab1e241a6f79373b93e0498a Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Thu, 3 Apr 2025 09:41:01 +0100 Subject: [PATCH 05/17] Split Jammy and Noble case in kolla override --- etc/kayobe/kolla.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/etc/kayobe/kolla.yml b/etc/kayobe/kolla.yml index d02e7a957..8c68e57af 100644 --- a/etc/kayobe/kolla.yml +++ b/etc/kayobe/kolla.yml @@ -324,7 +324,12 @@ kolla_build_blocks: # With the UCA keyring installed we can now add all repos. base_ubuntu_package_sources_list: | {% if stackhpc_kolla_clean_up_repo_mirrors | bool %} + {% if kolla_base_distro_version == 'jammy' %} COPY sources.list.ubuntu.jammy /etc/apt/sources.list.backup + {% else %} + COPY sources.list.ubuntu.noble /etc/apt/sources.list.backup + {% endif %} + {% endif %} RUN \ rm /etc/apt/sources.list && \ From eed627eb01f16babb37f3353596ffc5eaa122bae Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Fri, 4 Apr 2025 10:43:41 +0100 Subject: [PATCH 06/17] Match Noble base tag to what stackhpc/master has --- etc/kayobe/kolla/kolla-build.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/kayobe/kolla/kolla-build.conf b/etc/kayobe/kolla/kolla-build.conf index 4f8dc71d3..1c2165c8b 100644 --- a/etc/kayobe/kolla/kolla-build.conf +++ b/etc/kayobe/kolla/kolla-build.conf @@ -5,7 +5,7 @@ {% if kolla_base_distro == 'ubuntu' and kolla_base_distro_version == 'jammy' %} base_tag = jammy-20240808 {% elif kolla_base_distro == 'ubuntu' and kolla_base_distro_version == 'noble' %} -base_tag = noble-20250127 +base_tag = noble-20241118.1 {# Similarly pinning to Rocky 9 minor version used in our repos #} {% elif kolla_base_distro == 'rocky' %} base_tag = 9.{{ stackhpc_pulp_repo_rocky_9_minor_version }} From 302bc24c0ec6fd133cefbf05d028cdb4b18eb232 Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Fri, 4 Apr 2025 10:44:12 +0100 Subject: [PATCH 07/17] Add Caracal Noble overcloud host image --- etc/kayobe/pulp-host-image-versions.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/kayobe/pulp-host-image-versions.yml b/etc/kayobe/pulp-host-image-versions.yml index f5443770f..db0316a37 100644 --- a/etc/kayobe/pulp-host-image-versions.yml +++ b/etc/kayobe/pulp-host-image-versions.yml @@ -3,4 +3,4 @@ # These images must be in SMS, since they are used by our AIO CI runners stackhpc_rocky_9_overcloud_host_image_version: "2024.1-20241209T151515" stackhpc_ubuntu_jammy_overcloud_host_image_version: "2024.1-20250408T082408" -stackhpc_ubuntu_noble_overcloud_host_image_version: placeholder +stackhpc_ubuntu_noble_overcloud_host_image_version: "2024.1-20250417T104113" From 3ffe9b0ef7b2b269b93017660105336cbb3d06e5 Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Fri, 4 Apr 2025 10:45:37 +0100 Subject: [PATCH 08/17] Add Caracal Noble IPA images --- etc/kayobe/pulp-ipa-image-versions.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/kayobe/pulp-ipa-image-versions.yml b/etc/kayobe/pulp-ipa-image-versions.yml index 1b15362de..ca2781ae2 100644 --- a/etc/kayobe/pulp-ipa-image-versions.yml +++ b/etc/kayobe/pulp-ipa-image-versions.yml @@ -2,4 +2,4 @@ # IPA image versioning tags stackhpc_rocky_9_ipa_image_version: "2024.1-20241231T102920" stackhpc_ubuntu_jammy_ipa_image_version: "2024.1-20241206T160829" -stackhpc_ubuntu_noble_ipa_image_version: placeholder +stackhpc_ubuntu_noble_ipa_image_version: "2024.1-20250402T132932" From 9c5da6bd1e13d7749beecb29bd352b4cce3356f7 Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Fri, 4 Apr 2025 14:41:16 +0100 Subject: [PATCH 09/17] Add TODO for testing Ubuntu Noble CIS rules --- .../environments/ci-aio/inventory/group_vars/cis-hardening/cis | 1 + .../ci-multinode/inventory/group_vars/cis-hardening/cis | 1 + 2 files changed, 2 insertions(+) diff --git a/etc/kayobe/environments/ci-aio/inventory/group_vars/cis-hardening/cis b/etc/kayobe/environments/ci-aio/inventory/group_vars/cis-hardening/cis index f1129179a..9f5e273c7 100644 --- a/etc/kayobe/environments/ci-aio/inventory/group_vars/cis-hardening/cis +++ b/etc/kayobe/environments/ci-aio/inventory/group_vars/cis-hardening/cis @@ -15,6 +15,7 @@ ubtu22cis_rule_5_4_3_2: false ############################################################################## # Ubuntu Noble CIS Hardening Configuration +# TODO: Test CIS rules for Ubuntu Noble # Disable shell timeout for inactivity which can be disruptive to # development work. diff --git a/etc/kayobe/environments/ci-multinode/inventory/group_vars/cis-hardening/cis b/etc/kayobe/environments/ci-multinode/inventory/group_vars/cis-hardening/cis index f1129179a..9f5e273c7 100644 --- a/etc/kayobe/environments/ci-multinode/inventory/group_vars/cis-hardening/cis +++ b/etc/kayobe/environments/ci-multinode/inventory/group_vars/cis-hardening/cis @@ -15,6 +15,7 @@ ubtu22cis_rule_5_4_3_2: false ############################################################################## # Ubuntu Noble CIS Hardening Configuration +# TODO: Test CIS rules for Ubuntu Noble # Disable shell timeout for inactivity which can be disruptive to # development work. From a83ba64d29e75ef51f40d11f85b4a709d56eaa4f Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Fri, 4 Apr 2025 14:56:01 +0100 Subject: [PATCH 10/17] Add Noble CI-AIO tests for PRs --- .github/workflows/stackhpc-pull-request.yml | 34 +++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/.github/workflows/stackhpc-pull-request.yml b/.github/workflows/stackhpc-pull-request.yml index 65caaa0ce..4fa07cdf6 100644 --- a/.github/workflows/stackhpc-pull-request.yml +++ b/.github/workflows/stackhpc-pull-request.yml @@ -161,6 +161,40 @@ jobs: secrets: inherit if: ${{ ! failure() && ! cancelled() && github.repository == 'stackhpc/stackhpc-kayobe-config' }} + all-in-one-ubuntu-noble-ovs: + name: aio (Ubuntu Noble OVS) + needs: + - check-changes + - build-kayobe-image + uses: ./.github/workflows/stackhpc-all-in-one.yml + with: + kayobe_image: ${{ needs.build-kayobe-image.outputs.kayobe_image }} + os_distribution: ubuntu + os_release: noble + ssh_username: ubuntu + neutron_plugin: ovs + OS_CLOUD: openstack + if: ${{ needs.check-changes.outputs.aio == 'true' }} + secrets: inherit + if: ${{ ! failure() && ! cancelled() && github.repository == 'stackhpc/stackhpc-kayobe-config' }} + + all-in-one-ubuntu-noble-ovn: + name: aio (Ubuntu Noble OVN) + needs: + - check-changes + - build-kayobe-image + uses: ./.github/workflows/stackhpc-all-in-one.yml + with: + kayobe_image: ${{ needs.build-kayobe-image.outputs.kayobe_image }} + os_distribution: ubuntu + os_release: noble + ssh_username: ubuntu + neutron_plugin: ovn + OS_CLOUD: openstack + if: ${{ needs.check-changes.outputs.aio == 'true' }} + secrets: inherit + if: ${{ ! failure() && ! cancelled() && github.repository == 'stackhpc/stackhpc-kayobe-config' }} + all-in-one-rocky-9-ovs: name: aio (Rocky 9 OVS) needs: From 3776608090386f84a78925901c25684014773c8f Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Fri, 4 Apr 2025 14:34:59 +0100 Subject: [PATCH 11/17] Only enable Ubuntu repos match current dist release --- etc/kayobe/apt.yml | 36 ++++++++++-------------------------- 1 file changed, 10 insertions(+), 26 deletions(-) diff --git a/etc/kayobe/apt.yml b/etc/kayobe/apt.yml index 176a038ca..83ceaeec1 100644 --- a/etc/kayobe/apt.yml +++ b/etc/kayobe/apt.yml @@ -50,50 +50,34 @@ apt_keys: # (optional, default is unset) # Default is an empty list. stackhpc_apt_repositories: - - url: "{{ stackhpc_repo_ubuntu_jammy_url }}" + - url: "{{ stackhpc_repo_ubuntu_noble_url if ansible_facts.distribution_release == 'noble' else stackhpc_repo_ubuntu_jammy_url }}" suites: "{{ ansible_facts.distribution_release }} {{ ansible_facts.distribution_release }}-updates {{ ansible_facts.distribution_release }}-backports" components: main restricted universe multiverse architecture: amd64 required: true - - url: "{{ stackhpc_repo_ubuntu_jammy_security_url }}" + - url: "{{ stackhpc_repo_ubuntu_noble_security_url if ansible_facts.distribution_release == 'noble' else stackhpc_repo_ubuntu_jammy_security_url }}" suites: "{{ ansible_facts.distribution_release }}-security" components: main restricted universe multiverse architecture: amd64 required: true + - url: "{{ stackhpc_repo_docker_ce_ubuntu_noble_url if ansible_facts.distribution_release == 'noble' else stackhpc_repo_docker_ce_ubuntu_jammy_url }}" + suites: "{{ ansible_facts.distribution_release }}" + components: stable + signed_by: docker.asc + architecture: amd64 + required: true - url: "{{ stackhpc_repo_ubuntu_jammy_cve_2024_6387_url }}" suites: "pulp" components: upload architecture: amd64 trusted: yes - required: true - - url: "{{ stackhpc_repo_docker_ce_ubuntu_jammy_url }}" - suites: "{{ ansible_facts.distribution_release }}" - components: stable - signed_by: docker.asc - architecture: amd64 - required: true + required: "{{ ansible_facts.distribution_release == 'jammy' }}" - url: "{{ stackhpc_repo_ceph_reef_debian_url }}" suites: "{{ ansible_facts.distribution_release }}" components: main signed_by: ceph.asc architecture: amd64 - required: true - - url: "{{ stackhpc_repo_ubuntu_noble_url }}" - suites: "{{ ansible_facts.distribution_release }} {{ ansible_facts.distribution_release }}-updates {{ ansible_facts.distribution_release }}-backports" - components: main restricted universe multiverse - architecture: amd64 - required: true - - url: "{{ stackhpc_repo_ubuntu_noble_security_url }}" - suites: "{{ ansible_facts.distribution_release }}-security" - components: main restricted universe multiverse - architecture: amd64 - required: true - - url: "{{ stackhpc_repo_docker_ce_ubuntu_noble_url }}" - suites: "{{ ansible_facts.distribution_release }}" - components: stable - signed_by: docker.asc - architecture: amd64 - required: true + required: "{{ ansible_facts.distribution_release == 'jammy' }}" # Do not replace apt configuration for non-overcloud hosts. This can result in # errors if apt reconfiguration is performed before local repository mirrors From da55b430bb19cc5a7ab63609d007e401df8f552b Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Fri, 4 Apr 2025 16:27:51 +0100 Subject: [PATCH 12/17] Add Caracal Noble Kolla container images --- etc/kayobe/kolla-image-tags.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/kayobe/kolla-image-tags.yml b/etc/kayobe/kolla-image-tags.yml index cfe14d08a..f6988b7bd 100644 --- a/etc/kayobe/kolla-image-tags.yml +++ b/etc/kayobe/kolla-image-tags.yml @@ -6,7 +6,7 @@ kolla_image_tags: openstack: rocky-9: 2024.1-rocky-9-20241218T141751 ubuntu-jammy: 2024.1-ubuntu-jammy-20241218T141809 - ubuntu-noble: placeholder + ubuntu-noble: 2024.1-ubuntu-noble-20250404T150323 bifrost: rocky-9: 2024.1-rocky-9-20250325T141125 ubuntu-jammy: 2024.1-ubuntu-jammy-20250325T141125 From b2c62a6acc77f05ce7cd722f0237692b2ce5254f Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Mon, 7 Apr 2025 09:47:53 +0100 Subject: [PATCH 13/17] Override K-A python version and base distro version for noble --- etc/kayobe/kolla/globals.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/etc/kayobe/kolla/globals.yml b/etc/kayobe/kolla/globals.yml index c36b659b5..68521bab1 100644 --- a/etc/kayobe/kolla/globals.yml +++ b/etc/kayobe/kolla/globals.yml @@ -7,11 +7,19 @@ kolla_base_distro: "{% raw %}{{ ansible_facts.distribution | lower }}{% endraw % # Use facts so this is determined correctly when the control host OS differs # from os_distribuition. -kolla_base_distro_version: "{% raw %}{{ kolla_base_distro_version_default_map[kolla_base_distro] }}{% endraw %}" +kolla_base_distro_version: "{% raw %}{{ 'noble' if ansible_facts.distribution_release == 'noble' else kolla_base_distro_version_default_map[kolla_base_distro] }}{% endraw %}" # Convenience variable for base distro and version string. kolla_base_distro_and_version: "{% raw %}{{ kolla_base_distro }}-{{ kolla_base_distro_version }}{% endraw %}" +kolla_base_distro_version_custom_map: { + "rocky-9": "3.9", + "ubuntu-jammy": "3.10", + "ubuntu-noble": "3.12" +} + +distro_python_version: "{% raw %}{{ kolla_base_distro_version_custom_map[kolla_base_distro_and_version] }}{% endraw %}" + # Dict of Kolla image tags to deploy for each service. # Each key is the tag variable prefix name, and the value is another dict, # where the key is the OS distro and the value is the tag to deploy. From de8355f7571aa8e5eadb9679de44b60d6556d491 Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Mon, 7 Apr 2025 13:52:03 +0100 Subject: [PATCH 14/17] Bump sct_docker_version_max to 28.1.0 Default version of docker running on Ubuntu Noble is 28.0.4. This version is now tested. As SCT is using this value as exlusive max, bumping to 28.1.0 to ensure 28.0.4 is included. --- etc/kayobe/ansible/stackhpc-cloud-tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/kayobe/ansible/stackhpc-cloud-tests.yml b/etc/kayobe/ansible/stackhpc-cloud-tests.yml index b2fed995d..cdc94c2cd 100644 --- a/etc/kayobe/ansible/stackhpc-cloud-tests.yml +++ b/etc/kayobe/ansible/stackhpc-cloud-tests.yml @@ -142,7 +142,7 @@ # Inclusive min sct_docker_version_min: "24.0.0" # Exclusive max - sct_docker_version_max: "28.0.0" + sct_docker_version_max: "28.1.0" sct_selinux_state: "{{ selinux_state }}" failed_when: host_results.rc not in [0, 1] register: host_results From 18f61960aafd7472dc5221133b4651b59005e68e Mon Sep 17 00:00:00 2001 From: Seunghun Lee <45145778+seunghun1ee@users.noreply.github.com> Date: Tue, 15 Apr 2025 10:17:56 +0100 Subject: [PATCH 15/17] Capitalisation Co-authored-by: Alex-Welsh <112560678+Alex-Welsh@users.noreply.github.com> --- etc/kayobe/cephadm.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/kayobe/cephadm.yml b/etc/kayobe/cephadm.yml index b3d914525..f83c2eacd 100644 --- a/etc/kayobe/cephadm.yml +++ b/etc/kayobe/cephadm.yml @@ -14,7 +14,7 @@ cephadm_image: "{{ stackhpc_docker_registry if stackhpc_sync_ceph_images | bool # Ceph container image tag. cephadm_image_tag: "{{ 'v19.2.1' if cephadm_ceph_release == 'squid' else 'v18.2.4' }}" -# Ceph custom repo workaround for Ubuntu as there are no official ceph repos for Ubuntu jammy and noble. +# Ceph custom repo workaround for Ubuntu as there are no official ceph repos for Ubuntu Jammy and Noble. cephadm_custom_repos: "{{ ansible_facts['distribution'] == 'Ubuntu' }}" # HAProxy container image. From 89f24f3a0aed124970f0c7f6aba4dcef7f734158 Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Tue, 15 Apr 2025 11:05:57 +0100 Subject: [PATCH 16/17] Add Ubuntu Noble support release note Co-authored-by: Alex-Welsh <112560678+Alex-Welsh@users.noreply.github.com> --- .../add-ubuntu-noble-support-caracal-1b9e64d4aa2e1ff7.yaml | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 releasenotes/notes/add-ubuntu-noble-support-caracal-1b9e64d4aa2e1ff7.yaml diff --git a/releasenotes/notes/add-ubuntu-noble-support-caracal-1b9e64d4aa2e1ff7.yaml b/releasenotes/notes/add-ubuntu-noble-support-caracal-1b9e64d4aa2e1ff7.yaml new file mode 100644 index 000000000..12079d9af --- /dev/null +++ b/releasenotes/notes/add-ubuntu-noble-support-caracal-1b9e64d4aa2e1ff7.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + Added support for Ubuntu 24.04 Noble Numbat as a host operating system. + Repositories and configuration for Ubuntu Noble have been added. From 624cb880ead1821be32efbe11290ca167e5fe2a4 Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Tue, 15 Apr 2025 14:30:14 +0100 Subject: [PATCH 17/17] Add skyline image for Ubuntu Noble --- etc/kayobe/kolla-image-tags.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/etc/kayobe/kolla-image-tags.yml b/etc/kayobe/kolla-image-tags.yml index f6988b7bd..16d316158 100644 --- a/etc/kayobe/kolla-image-tags.yml +++ b/etc/kayobe/kolla-image-tags.yml @@ -52,6 +52,8 @@ kolla_image_tags: skyline_apiserver: rocky-9: 2024.1-rocky-9-20250408T133253 ubuntu-jammy: 2024.1-ubuntu-jammy-20250408T133253 + ubuntu-noble: 2024.1-ubuntu-noble-20250415T123136 skyline_console: rocky-9: 2024.1-rocky-9-20250408T133253 ubuntu-jammy: 2024.1-ubuntu-jammy-20250408T133253 + ubuntu-noble: 2024.1-ubuntu-noble-20250415T123136