From d2f84443236a2a4745d89a0f4c7956ff8532f193 Mon Sep 17 00:00:00 2001 From: Pierre Riteau Date: Tue, 10 Oct 2023 17:25:26 +0200 Subject: [PATCH 1/5] Fix condition for enabling disable-selinux element The overcloud_dib_os_element variable is set to rocky-container when we use rocky as os_distribution, which resulted in skipping the disable-selinux element. Change-Id: Id4486cd5702f95e2b45c291e2cbd930ddb73db62 --- ansible/group_vars/all/overcloud-dib | 2 +- ...disable-selinux-overcloud-dib-rocky-7c381912c3dfbc09.yaml | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/disable-selinux-overcloud-dib-rocky-7c381912c3dfbc09.yaml diff --git a/ansible/group_vars/all/overcloud-dib b/ansible/group_vars/all/overcloud-dib index bf5edc44d..9e73ddfe4 100644 --- a/ansible/group_vars/all/overcloud-dib +++ b/ansible/group_vars/all/overcloud-dib @@ -39,7 +39,7 @@ overcloud_dib_os_release: "{{ os_release }}" overcloud_dib_elements_default: - "{{ overcloud_dib_os_element }}" - "cloud-init-datasources" - - "{% if overcloud_dib_os_element in ['centos', 'rocky'] %}disable-selinux{% endif %}" + - "{% if os_distribution in ['centos', 'rocky'] %}disable-selinux{% endif %}" - "enable-serial-console" - "vm" diff --git a/releasenotes/notes/disable-selinux-overcloud-dib-rocky-7c381912c3dfbc09.yaml b/releasenotes/notes/disable-selinux-overcloud-dib-rocky-7c381912c3dfbc09.yaml new file mode 100644 index 000000000..24b3bf78a --- /dev/null +++ b/releasenotes/notes/disable-selinux-overcloud-dib-rocky-7c381912c3dfbc09.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Adds missing ``disable-selinux`` element when building Rocky Linux + overcloud host disk images. From cf78d2e7664143e1318dceafaa6a3e80da456fab Mon Sep 17 00:00:00 2001 From: Pierre Riteau Date: Mon, 25 Sep 2023 18:43:07 +0200 Subject: [PATCH 2/5] Fix last return value in _get_base_path The return value was set to the following path which is not valid: kayobe/kayobe/utils.py/.. The intent must have been to use dirname to produce: kayobe/kayobe/.. Change-Id: I9d7d71d42026f3c12da6de9c5ca55dc647554fd0 (cherry picked from commit 810e021d8bdca17b1e217569f9bf24f917f6810d) --- kayobe/utils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kayobe/utils.py b/kayobe/utils.py index 5864cfff4..6ccc4b6e9 100644 --- a/kayobe/utils.py +++ b/kayobe/utils.py @@ -91,7 +91,7 @@ def _get_base_path(): return os.path.join(prefix, "share", "kayobe") # Assume uninstalled - return os.path.join(os.path.realpath(__file__), "..") + return os.path.join(os.path.dirname(os.path.realpath(__file__)), "..") def galaxy_role_install(role_file, roles_path, force=False): From 1862781174e041c9af855fd97fdcaac025bda3b1 Mon Sep 17 00:00:00 2001 From: Alex-Welsh Date: Mon, 16 Oct 2023 17:15:05 +0100 Subject: [PATCH 3/5] Add seed_deploy_containers_registry_attempt_login Follow on to Ie17ef9ce1147cbaec2e42db932c7d59293b49b1b Adds seed_deploy_containers_registry_attempt_login variable to seed.yml, which acts as a redirection of deploy_containers_registry_attempt_login so that the variable is more descriptive, declared in a better location, and extensible to other groups Change-Id: I86d8f13062ff8e664919cd5d63bc17bdafb32e0c (cherry picked from commit 1476b9a68bc7bda524ea6ec94d701b3aaeebf68f) --- ansible/group_vars/all/seed | 4 ++++ ansible/group_vars/seed/docker-registry | 7 +++++++ .../configuration/reference/seed-custom-containers.rst | 4 ++-- etc/kayobe/seed.yml | 4 ++++ 4 files changed, 17 insertions(+), 2 deletions(-) create mode 100644 ansible/group_vars/seed/docker-registry diff --git a/ansible/group_vars/all/seed b/ansible/group_vars/all/seed index f1524a2e0..7ec3d4536 100644 --- a/ansible/group_vars/all/seed +++ b/ansible/group_vars/all/seed @@ -123,6 +123,10 @@ seed_users: "{{ users_default }}" # seed_containers: {} +# Whether to attempt a basic authentication login to a registry when +# deploying seed containers +seed_deploy_containers_registry_attempt_login: "{{ kolla_docker_registry_username is truthy and kolla_docker_registry_password is truthy }}" + ############################################################################### # Seed node firewalld configuration. diff --git a/ansible/group_vars/seed/docker-registry b/ansible/group_vars/seed/docker-registry new file mode 100644 index 000000000..f439501ec --- /dev/null +++ b/ansible/group_vars/seed/docker-registry @@ -0,0 +1,7 @@ +--- +############################################################################### +# Seed node docker regsitry configuration. + +# Whether to attempt a basic authentication login to a registry when +# deploying seed containers +deploy_containers_registry_attempt_login: "{{ seed_deploy_containers_registry_attempt_login }}" diff --git a/doc/source/configuration/reference/seed-custom-containers.rst b/doc/source/configuration/reference/seed-custom-containers.rst index 8c9738ff0..5b3e03cdd 100644 --- a/doc/source/configuration/reference/seed-custom-containers.rst +++ b/doc/source/configuration/reference/seed-custom-containers.rst @@ -73,9 +73,9 @@ custom seed container. In this case, basic authentication login attempts can be disabled by setting .. code-block:: yaml - :caption: ``kolla.yml`` + :caption: ``seed.yml`` - deploy_containers_registry_attempt_login: false + seed_deploy_containers_registry_attempt_login: false Without this setting, the login will fail because the registry has not yet been deployed. diff --git a/etc/kayobe/seed.yml b/etc/kayobe/seed.yml index f7cacab42..bc86fa627 100644 --- a/etc/kayobe/seed.yml +++ b/etc/kayobe/seed.yml @@ -106,6 +106,10 @@ # #seed_containers: +# Whether to attempt a basic authentication login to a registry when +# deploying seed containers +#seed_deploy_containers_registry_attempt_login: + ############################################################################### # Seed node firewalld configuration. From 9b8ed55abe936e99d6dec726b41266284a149943 Mon Sep 17 00:00:00 2001 From: Mark Goddard Date: Thu, 20 Apr 2023 10:25:36 +0100 Subject: [PATCH 4/5] Add retries to get_url and uri tasks These tasks occasionally fail in CI, causing jobs to fail. Change-Id: I89041a641d8cb66c7848fa9ae9264a51aa1e38c8 (cherry picked from commit 2951f26ad1d6d79671f5f94016468af3c43e6143) --- ansible/roles/apt/tasks/keys.yml | 4 ++++ ansible/roles/dell-switch-bmp/tasks/main.yml | 4 ++++ ansible/roles/image-download/tasks/main.yml | 7 +++++++ 3 files changed, 15 insertions(+) diff --git a/ansible/roles/apt/tasks/keys.yml b/ansible/roles/apt/tasks/keys.yml index 4c1cda1e0..4b04e824b 100644 --- a/ansible/roles/apt/tasks/keys.yml +++ b/ansible/roles/apt/tasks/keys.yml @@ -17,3 +17,7 @@ mode: 0644 loop: "{{ apt_keys }}" become: true + register: result + until: result is successful + retries: 3 + delay: 5 diff --git a/ansible/roles/dell-switch-bmp/tasks/main.yml b/ansible/roles/dell-switch-bmp/tasks/main.yml index cc7e65894..c02a5a8bc 100644 --- a/ansible/roles/dell-switch-bmp/tasks/main.yml +++ b/ansible/roles/dell-switch-bmp/tasks/main.yml @@ -20,3 +20,7 @@ notify: - Copy Dell switch BMP images become: True + register: result + until: result is successful + retries: 3 + delay: 5 diff --git a/ansible/roles/image-download/tasks/main.yml b/ansible/roles/image-download/tasks/main.yml index 3f905b8bf..85a418ac8 100644 --- a/ansible/roles/image-download/tasks/main.yml +++ b/ansible/roles/image-download/tasks/main.yml @@ -12,6 +12,9 @@ url: "{{ image_download_checksum_url }}" return_content: true register: expected_checksum + until: expected_checksum is successful + retries: 3 + delay: 5 when: - image_download_checksum_url is not none - image_download_checksum_url != "" @@ -29,6 +32,10 @@ # Always download the image if we have no checksum to compare with. force: "{{ expected_checksum is skipped }}" backup: true + register: result + until: result is successful + retries: 3 + delay: 5 when: - image_download_url is not none - image_download_url != "" From 89994fe7fa1d06401e4aef846f667dbb0000fc5c Mon Sep 17 00:00:00 2001 From: Mark Goddard Date: Wed, 24 May 2023 14:44:55 +0100 Subject: [PATCH 5/5] dev: Improve error checking for config check functions Various functions in the development/testing scripts rely on 'kayobe configuration dump' to extract the value of flags. If this command fails for any reason, we should exit the script. Currently, some places we continue and return 1, since we check the output against the string 'true'. The to_bool helper function handles failure by checking for a valid boolean output, so let's use that everywhere. Change-Id: I3a5a43fef9c3d68d0db02be12b9f892c437e513d (cherry picked from commit 89fc4fa2792ef256ff7624559a8ea8e2ee2f13fc) --- dev/functions | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/dev/functions b/dev/functions index b790e727f..78379c101 100644 --- a/dev/functions +++ b/dev/functions @@ -233,17 +233,22 @@ function upgrade_kayobe_venv { function is_deploy_image_built_locally { ipa_build_images=$(kayobe configuration dump --host controllers[0] --var-name ipa_build_images) - [[ $ipa_build_images =~ ^true$ ]] + to_bool "$ipa_build_images" } function is_ironic_enabled { ironic_enabled=$(kayobe configuration dump --host controllers[0] --var-name kolla_enable_ironic) - [[ $ironic_enabled =~ ^true$ ]] + to_bool "$ironic_enabled" } function is_overcloud_host_image_built_by_dib { overcloud_dib_build_host_images=$(kayobe configuration dump --host controllers[0] --var-name overcloud_dib_build_host_images) - [[ $overcloud_dib_build_host_images =~ ^true$ ]] + to_bool "$overcloud_dib_build_host_images" +} + +function is_cinder_enabled { + flag="$(run_kayobe configuration dump --host controllers[0] --var-name kolla_enable_cinder)" + to_bool "$flag" } function environment_setup { @@ -856,11 +861,6 @@ function to_bool { fi } -function is_cinder_enabled { - flag="$(run_kayobe configuration dump --host controllers[0] --var-name kolla_enable_cinder)" - to_bool "$flag" -} - function configure_iptables { # NOTE(wszumski): adapted from the ironic devstack plugin, see: # https://github.com/openstack/ironic/blob/36e87dc5b472d79470b783fbba9ce396e3cbb96e/devstack/lib/ironic#L2132