From aa3ee6c8a8b350df5dfb3f5842ec4d3ad45f9d86 Mon Sep 17 00:00:00 2001 From: Owen Jones Date: Tue, 26 May 2026 13:44:47 +0100 Subject: [PATCH] Implement multinode testing for Rocky 10 * Multinode workflows modified to add Rocky 10 as an option * `ci-multinode` environment updated to support multinode testing with Rocky 10 * cephadm deployment now supported in Rocky 10; The cephadm collection has been bumped to 1.22.1 which updates the Ceph repository URL for Squid on Rocky 10. The Rocky crypto policy in use during Ceph deployment is required to be downgraded to LEGACY in order to use Ceph's release signing key. The policy is reverted after deployment or on deployment failure --- .github/workflows/multinode-inputs.py | 4 +- .../workflows/stackhpc-multinode-periodic.yml | 2 +- .github/workflows/stackhpc-multinode.yml | 17 ++++--- etc/kayobe/ansible/ceph/cephadm-deploy.yml | 27 +++++++++- etc/kayobe/ansible/requirements.yml | 2 +- .../environments/ci-multinode/kolla.yml | 11 ++-- .../environments/ci-multinode/stackhpc-ci.yml | 51 ++++++++++++------- .../rocky-10-multinode-cbcb0f38859626e7.yaml | 11 ++++ 8 files changed, 89 insertions(+), 36 deletions(-) create mode 100644 releasenotes/notes/rocky-10-multinode-cbcb0f38859626e7.yaml diff --git a/.github/workflows/multinode-inputs.py b/.github/workflows/multinode-inputs.py index 198dfc6741..7e51a54c66 100644 --- a/.github/workflows/multinode-inputs.py +++ b/.github/workflows/multinode-inputs.py @@ -31,12 +31,14 @@ class Scenario: ROCKY_9 = OSRelease("rocky", "9", "cloud-user") +ROCKY_10 = OSRelease("rocky", "10", "cloud-user") UBUNTU_JAMMY = OSRelease("ubuntu", "jammy", "ubuntu") UBUNTU_NOBLE = OSRelease("ubuntu", "noble", "ubuntu") # NOTE(upgrade): Add supported releases here. OPENSTACK_RELEASES = [ OpenStackRelease("2024.1", "2023.1", [ROCKY_9, UBUNTU_JAMMY]), OpenStackRelease("2025.1", "2024.1", [ROCKY_9, UBUNTU_NOBLE]), + OpenStackRelease("2025.1", "", [ROCKY_10]), ] NEUTRON_PLUGINS = ["ovs", "ovn"] VERSION_HIERARCHY = ["2023.1", "2024.1", "2025.1"] @@ -75,7 +77,7 @@ def random_scenario() -> Scenario: openstack_release = random.choice(OPENSTACK_RELEASES) os_release = random.choice(openstack_release.os_releases) neutron_plugin = random.choice(NEUTRON_PLUGINS) - upgrade = "major" if random.random() > 0.6 else "none" + upgrade = "major" if (random.random() > 0.6 and openstack_release.previous_version not "") else "none" return Scenario(openstack_release, os_release, neutron_plugin, upgrade) diff --git a/.github/workflows/stackhpc-multinode-periodic.yml b/.github/workflows/stackhpc-multinode-periodic.yml index fbbebda6bb..00bdc95a45 100644 --- a/.github/workflows/stackhpc-multinode-periodic.yml +++ b/.github/workflows/stackhpc-multinode-periodic.yml @@ -38,7 +38,7 @@ jobs: name: Multinode periodic needs: - generate-inputs - uses: stackhpc/stackhpc-openstack-gh-workflows/.github/workflows/multinode.yml@1.8.0 + uses: stackhpc/stackhpc-openstack-gh-workflows/.github/workflows/multinode.yml@1.8.1 with: multinode_name: mn-periodic-${{ github.run_id }} os_distribution: ${{ needs.generate-inputs.outputs.os_distribution }} diff --git a/.github/workflows/stackhpc-multinode.yml b/.github/workflows/stackhpc-multinode.yml index 9878ed9d14..10e6690928 100644 --- a/.github/workflows/stackhpc-multinode.yml +++ b/.github/workflows/stackhpc-multinode.yml @@ -11,12 +11,13 @@ name: Multinode description: Multinode cluster name type: string required: true - os_distribution: - description: Host OS distribution + host_os: + description: Host OS type: choice - default: rocky + default: rocky-9 options: - - rocky + - rocky-9 + - rocky-10 - ubuntu neutron_plugin: description: Neutron ML2 plugin @@ -95,12 +96,12 @@ jobs: multinode: name: Multinode needs: github_user_ssh_keys - uses: stackhpc/stackhpc-openstack-gh-workflows/.github/workflows/multinode.yml@1.8.0 + uses: stackhpc/stackhpc-openstack-gh-workflows/.github/workflows/multinode.yml@1.8.1 with: multinode_name: ${{ inputs.multinode_name }} - os_distribution: ${{ inputs.os_distribution }} - os_release: ${{ inputs.os_distribution == 'rocky' && '9' || 'noble' }} - ssh_username: ${{ inputs.os_distribution == 'rocky' && 'cloud-user' || 'ubuntu' }} + os_distribution: ${{ inputs.host_os == 'ubuntu' && 'ubuntu' || 'rocky' }} + os_release: ${{ inputs.host_os == 'rocky-9' && '9' || inputs.host_os == 'rocky-10' && '10' || 'noble' }} + ssh_username: ${{ (inputs.host_os == 'rocky-9' || inputs.host_os == 'rocky-10') && 'cloud-user' || 'ubuntu' }} neutron_plugin: ${{ inputs.neutron_plugin }} upgrade: ${{ inputs.upgrade }} break_on: ${{ inputs.break_on }} diff --git a/etc/kayobe/ansible/ceph/cephadm-deploy.yml b/etc/kayobe/ansible/ceph/cephadm-deploy.yml index 471d6037db..390f38ea71 100644 --- a/etc/kayobe/ansible/ceph/cephadm-deploy.yml +++ b/etc/kayobe/ansible/ceph/cephadm-deploy.yml @@ -7,6 +7,29 @@ - cephadm - cephadm-deploy tasks: + # note(owenjones): the Ceph release signing key still uses SHA-1, which requires us to + # downgrade to the LEGACY policy on Rocky 10 until a new key is published. + # A later Ceph release might fix this - https://tracker.ceph.com/issues/74861 + - name: Discover currently active crypto policy (Rocky 10) + ansible.builtin.command: + cmd: update-crypto-policies --show + become: true + changed_when: false + register: crypto_policy + when: ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '10' + - name: Set crypto policy to LEGACY (Rocky 10) + ansible.builtin.command: + cmd: update-crypto-policies --set LEGACY + become: true + when: ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '10' - name: Apply Cephadm role - ansible.builtin.import_role: - name: stackhpc.cephadm.cephadm + block: + - name: Apply Cephadm role + ansible.builtin.import_role: + name: stackhpc.cephadm.cephadm + always: + - name: Revert crypto policy to {{ crypto_policy.stdout | default('DEFAULT') }} (Rocky 10) + ansible.builtin.command: + cmd: update-crypto-policies --set {{ crypto_policy.stdout | default('DEFAULT') }} + become: true + when: ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '10' diff --git a/etc/kayobe/ansible/requirements.yml b/etc/kayobe/ansible/requirements.yml index 70a41ac1a2..2690b17a37 100644 --- a/etc/kayobe/ansible/requirements.yml +++ b/etc/kayobe/ansible/requirements.yml @@ -1,7 +1,7 @@ --- collections: - name: stackhpc.cephadm - version: 1.22.0 + version: 1.22.1 - name: pulp.squeezer version: 0.3.0 - name: stackhpc.pulp diff --git a/etc/kayobe/environments/ci-multinode/kolla.yml b/etc/kayobe/environments/ci-multinode/kolla.yml index 809c71142e..c81747d309 100644 --- a/etc/kayobe/environments/ci-multinode/kolla.yml +++ b/etc/kayobe/environments/ci-multinode/kolla.yml @@ -1,12 +1,13 @@ --- -kolla_enable_cinder: true +kolla_enable_barbican: true kolla_enable_cinder_backup: true +kolla_enable_cinder: true +kolla_enable_designate: true +kolla_enable_magnum: true kolla_enable_neutron_provider_networks: true kolla_enable_octavia: true -kolla_enable_magnum: true -kolla_enable_designate: true -kolla_enable_redis: true -kolla_enable_barbican: true +kolla_enable_redis: "{{ kolla_base_distro_and_version in ['ubuntu-noble', 'rocky-9'] }}" +kolla_enable_valkey: "{{ kolla_base_distro_and_version == 'rocky-10' }}" kolla_enable_tls_external: true kolla_enable_tls_internal: true diff --git a/etc/kayobe/environments/ci-multinode/stackhpc-ci.yml b/etc/kayobe/environments/ci-multinode/stackhpc-ci.yml index b44b291374..3fea498e19 100644 --- a/etc/kayobe/environments/ci-multinode/stackhpc-ci.yml +++ b/etc/kayobe/environments/ci-multinode/stackhpc-ci.yml @@ -22,36 +22,51 @@ stackhpc_repo_mirror_password: !vault | 33306539316466373763656137653232313732646533353333626665313936613736 # Build and deploy released Pulp repository versions. -stackhpc_repo_grafana_version: "{{ stackhpc_pulp_repo_grafana_version }}" -stackhpc_repo_rhel9_rabbitmq_erlang_version: "{{ stackhpc_pulp_repo_multiarch_rhel9_rabbitmq_erlang_version }}" -stackhpc_repo_rhel9_rabbitmq_erlang_26_version: "{{ stackhpc_pulp_repo_multiarch_rhel9_rabbitmq_erlang_26_version }}" -stackhpc_repo_rhel9_rabbitmq_erlang_27_version: "{{ stackhpc_pulp_repo_multiarch_rhel9_rabbitmq_erlang_27_version }}" -stackhpc_repo_rhel9_rabbitmq_server_version: "{{ stackhpc_pulp_repo_rhel9_rabbitmq_server_version }}" -stackhpc_repo_ubuntu_noble_version: "{{ stackhpc_pulp_repo_ubuntu_noble_version }}" -stackhpc_repo_ubuntu_noble_security_version: "{{ stackhpc_pulp_repo_ubuntu_noble_security_version }}" -stackhpc_repo_ubuntu_cloud_archive_version: "{{ stackhpc_pulp_repo_ubuntu_cloud_archive_version }}" -stackhpc_repo_docker_ce_ubuntu_noble_version: "{{ stackhpc_pulp_repo_docker_ce_ubuntu_noble_version }}" +# Minor versions for stackhpc_repo_rocky_X_* repos are derived from +# stackhpc_pulp_repo_rocky_X_minor_version in etc/kayobe/pulp.yml +stackhpc_repo_almalinux_9_proxysql_2_7_version: "{{ stackhpc_pulp_repo_almalinux_9_proxysql_2_7_version }}" +stackhpc_repo_centos_stream_10_docker_version: "{{ stackhpc_pulp_repo_multiarch_centos_stream_10_docker_version }}" +stackhpc_repo_centos_stream_10_nfv_openvswitch_version: "{{ stackhpc_pulp_repo_multiarch_centos_stream_10_nfv_openvswitch_version }}" +stackhpc_repo_centos_stream_10_openstack_epoxy_version: "{{ stackhpc_pulp_repo_multiarch_centos_stream_10_openstack_epoxy_version }}" +stackhpc_repo_centos_stream_10_ovn_lts_version: "{{ stackhpc_pulp_repo_multiarch_centos_stream_10_ovn_lts_version }}" +stackhpc_repo_centos_stream_10_storage_ceph_squid_version: "{{ stackhpc_pulp_repo_multiarch_centos_stream_10_storage_ceph_squid_version }}" +stackhpc_repo_centos_stream_9_docker_version: "{{ stackhpc_pulp_repo_multiarch_centos_stream_9_docker_version }}" stackhpc_repo_centos_stream_9_nfv_openvswitch_version: "{{ stackhpc_pulp_repo_multiarch_centos_stream_9_nfv_openvswitch_version }}" stackhpc_repo_centos_stream_9_openstack_epoxy_version: "{{ stackhpc_pulp_repo_multiarch_centos_stream_9_openstack_epoxy_version }}" stackhpc_repo_centos_stream_9_opstools_version: "{{ stackhpc_pulp_repo_multiarch_centos_stream_9_opstools_version }}" stackhpc_repo_centos_stream_9_storage_ceph_squid_version: "{{ stackhpc_pulp_repo_multiarch_centos_stream_9_storage_ceph_squid_version }}" -stackhpc_repo_centos_stream_9_docker_version: "{{ stackhpc_pulp_repo_multiarch_centos_stream_9_docker_version }}" -stackhpc_repo_rhel_9_treasuredata_5_version: "{{ stackhpc_pulp_repo_multiarch_rhel_9_treasuredata_5_version }}" -stackhpc_repo_rhel_9_mariadb_10_11_version: "{{ stackhpc_pulp_repo_multiarch_rhel_9_mariadb_10_11_version }}" -stackhpc_repo_rhel_9_influxdb_version: "{{ stackhpc_pulp_repo_multiarch_rhel_9_influxdb_version }}" +stackhpc_repo_docker_ce_ubuntu_noble_version: "{{ stackhpc_pulp_repo_docker_ce_ubuntu_noble_version }}" +stackhpc_repo_epel_10_version: "{{ stackhpc_pulp_repo_multiarch_epel_10_version }}" stackhpc_repo_epel_9_version: "{{ stackhpc_pulp_repo_multiarch_epel_9_version }}" +stackhpc_repo_grafana_version: "{{ stackhpc_pulp_repo_grafana_version }}" stackhpc_repo_opensearch_2_x_version: "{{ stackhpc_pulp_repo_opensearch_2_x_version }}" stackhpc_repo_opensearch_dashboards_2_x_version: "{{ stackhpc_pulp_repo_opensearch_dashboards_2_x_version }}" -stackhpc_repo_almalinux_9_proxysql_2_7_version: "{{ stackhpc_pulp_repo_almalinux_9_proxysql_2_7_version }}" -## Use derived vars from etc/kayobe/pulp.yml to switch between -## minor Rocky versions using stackhpc_pulp_repo_rocky_x_minor_version -stackhpc_repo_rocky_9_baseos_version: "{{ stackhpc_pulp_repo_rocky_9_baseos_version }}" +stackhpc_repo_rhel_10_mariadb_10_11_version: "{{ stackhpc_pulp_repo_multiarch_rhel_10_mariadb_10_11_version }}" +stackhpc_repo_rhel_9_influxdb_version: "{{ stackhpc_pulp_repo_multiarch_rhel_9_influxdb_version }}" +stackhpc_repo_rhel_9_mariadb_10_11_version: "{{ stackhpc_pulp_repo_multiarch_rhel_9_mariadb_10_11_version }}" +stackhpc_repo_rhel_9_treasuredata_5_version: "{{ stackhpc_pulp_repo_multiarch_rhel_9_treasuredata_5_version }}" +stackhpc_repo_rhel10_doca_version: "{{ stackhpc_pulp_repo_rhel10_doca_version }}" +stackhpc_repo_rhel9_doca_version: "{{ stackhpc_pulp_repo_rhel9_doca_version }}" +stackhpc_repo_rhel9_rabbitmq_erlang_26_version: "{{ stackhpc_pulp_repo_multiarch_rhel9_rabbitmq_erlang_26_version }}" +stackhpc_repo_rhel9_rabbitmq_erlang_27_version: "{{ stackhpc_pulp_repo_multiarch_rhel9_rabbitmq_erlang_27_version }}" +stackhpc_repo_rhel9_rabbitmq_erlang_version: "{{ stackhpc_pulp_repo_multiarch_rhel9_rabbitmq_erlang_version }}" +stackhpc_repo_rhel9_rabbitmq_server_version: "{{ stackhpc_pulp_repo_rhel9_rabbitmq_server_version }}" +stackhpc_repo_rocky_10_appstream_version: "{{ stackhpc_pulp_repo_rocky_10_appstream_version }}" +stackhpc_repo_rocky_10_baseos_version: "{{ stackhpc_pulp_repo_rocky_10_baseos_version }}" +stackhpc_repo_rocky_10_crb_version: "{{ stackhpc_pulp_repo_rocky_10_crb_version }}" +stackhpc_repo_rocky_10_extras_version: "{{ stackhpc_pulp_repo_rocky_10_extras_version }}" +stackhpc_repo_rocky_10_highavailability_version: "{{ stackhpc_pulp_repo_rocky_10_highavailability_version }}" +stackhpc_repo_rocky_10_security_version: "{{ stackhpc_pulp_repo_rocky_10_security_version }}" stackhpc_repo_rocky_9_appstream_version: "{{ stackhpc_pulp_repo_rocky_9_appstream_version }}" -stackhpc_repo_rocky_9_extras_version: "{{ stackhpc_pulp_repo_rocky_9_extras_version }}" +stackhpc_repo_rocky_9_baseos_version: "{{ stackhpc_pulp_repo_rocky_9_baseos_version }}" stackhpc_repo_rocky_9_crb_version: "{{ stackhpc_pulp_repo_rocky_9_crb_version }}" +stackhpc_repo_rocky_9_extras_version: "{{ stackhpc_pulp_repo_rocky_9_extras_version }}" stackhpc_repo_rocky_9_highavailability_version: "{{ stackhpc_pulp_repo_rocky_9_highavailability_version }}" stackhpc_repo_rocky_9_security_version: "{{ stackhpc_pulp_repo_rocky_9_security_version }}" stackhpc_repo_rocky_9_sig_security_common_version: "{{ stackhpc_pulp_repo_multiarch_rocky_9_sig_security_common_version }}" +stackhpc_repo_ubuntu_cloud_archive_version: "{{ stackhpc_pulp_repo_ubuntu_cloud_archive_version }}" +stackhpc_repo_ubuntu_noble_security_version: "{{ stackhpc_pulp_repo_ubuntu_noble_security_version }}" +stackhpc_repo_ubuntu_noble_version: "{{ stackhpc_pulp_repo_ubuntu_noble_version }}" # Rocky-and-CI-specific Pulp urls stackhpc_include_os_minor_version_in_repo_url: true diff --git a/releasenotes/notes/rocky-10-multinode-cbcb0f38859626e7.yaml b/releasenotes/notes/rocky-10-multinode-cbcb0f38859626e7.yaml new file mode 100644 index 0000000000..afdeff37be --- /dev/null +++ b/releasenotes/notes/rocky-10-multinode-cbcb0f38859626e7.yaml @@ -0,0 +1,11 @@ +--- +features: + - | + The ``ci-multinode`` environment has been updated to support multinode + testing with Rocky 10. + - | + cephadm deployment now supported in Rocky 10; The cephadm collection has + been bumped to 1.22.1 which updates the Ceph repository URL for Squid on + Rocky 10. The Rocky crypto policy in use during Ceph deployment is required + to be downgraded to LEGACY in order to use Ceph's release signing key. The + policy is reverted after deployment or on deployment failure.