From 112fec32ec3c18e4e94aefb4d81eefc9a16f603c Mon Sep 17 00:00:00 2001 From: Will Szumski Date: Wed, 22 Apr 2026 17:58:46 +0100 Subject: [PATCH 1/3] [stable-only] Fix key collection in luks role The luks role set bad permissions for the for key directory on the control host in versions < 0.4.3[1]. The symptom was that the synchronize module would fail with a permissions error. This issue has already fixed on master when the versions of all roles were bumped[2]. [1] https://github.com/stackhpc/ansible-role-luks/commit/b3d4cfbda3fa3b60defe1c5e0be705bf5a337d2c#diff-cceeaaa1206687d1775b9640dd0a6536f606e79c6305ebccfa1d01917463cb1cL34-L67 [2] https://review.opendev.org/c/openstack/kayobe/+/976059 Change-Id: Id882a49fd9bf30df0afbb31fe1c9ea11ffd57606 Signed-off-by: Will Szumski (cherry picked from commit c9179a6fd2a5ee874b498c90f111512d1cfc351e) --- .../fix-luks-directory-permissions-dcdcf81f7920306d.yaml | 7 +++++++ requirements.yml | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/fix-luks-directory-permissions-dcdcf81f7920306d.yaml diff --git a/releasenotes/notes/fix-luks-directory-permissions-dcdcf81f7920306d.yaml b/releasenotes/notes/fix-luks-directory-permissions-dcdcf81f7920306d.yaml new file mode 100644 index 000000000..de29a3ea5 --- /dev/null +++ b/releasenotes/notes/fix-luks-directory-permissions-dcdcf81f7920306d.yaml @@ -0,0 +1,7 @@ +--- +fixes: + - | + Fixes an issue in the ``stackhpc.luks`` role where the directory on the + control host was created with insufficent permissions causing the Ansible + ``synchronize`` module to fail when copying the keys to the control host. + diff --git a/requirements.yml b/requirements.yml index 1c534cace..775abdeed 100644 --- a/requirements.yml +++ b/requirements.yml @@ -45,7 +45,7 @@ roles: - src: stackhpc.libvirt-vm version: v1.16.3 - src: stackhpc.luks - version: 0.4.2 + version: 0.4.4 - src: stackhpc.os-ironic-state version: v1.3.1 - src: stackhpc.timezone From 6d8c19e186249c560d39fbe8c77580995ca5f8b4 Mon Sep 17 00:00:00 2001 From: Will Szumski Date: Wed, 22 Apr 2026 18:27:09 +0100 Subject: [PATCH 2/3] [CI] Disable NTP checks in CI These are proving unreliable. Re-enable once the root cause is fixed. Change-Id: Ic5ac59f0cdf0494ad3963cefb752b8d58626a43a Signed-off-by: Will Szumski (cherry picked from commit 69588969bd982a859961b0daade6b60c4e871081) --- playbooks/kayobe-overcloud-base/globals.yml.j2 | 3 +++ playbooks/kayobe-overcloud-upgrade-base/globals.yml.j2 | 3 +++ playbooks/kayobe-seed-base/globals.yml.j2 | 3 +++ playbooks/kayobe-seed-upgrade-base/globals.yml.j2 | 3 +++ 4 files changed, 12 insertions(+) diff --git a/playbooks/kayobe-overcloud-base/globals.yml.j2 b/playbooks/kayobe-overcloud-base/globals.yml.j2 index 58c4c7ec9..75a08f71a 100644 --- a/playbooks/kayobe-overcloud-base/globals.yml.j2 +++ b/playbooks/kayobe-overcloud-base/globals.yml.j2 @@ -24,3 +24,6 @@ kolla_admin_openrc_cacert: "/etc/pki/tls/certs/ca-bundle.crt" libvirt_tls: "yes" certificates_libvirt_output_dir: "{% raw %}{{ kayobe_env_config_path }}{% endraw %}/certificates/libvirt" {% endif %} + +# FIXME(wszumski): The time check is unreliable in CI +prechecks_enable_host_ntp_checks: false diff --git a/playbooks/kayobe-overcloud-upgrade-base/globals.yml.j2 b/playbooks/kayobe-overcloud-upgrade-base/globals.yml.j2 index 6dc842c47..561e1e9d5 100644 --- a/playbooks/kayobe-overcloud-upgrade-base/globals.yml.j2 +++ b/playbooks/kayobe-overcloud-upgrade-base/globals.yml.j2 @@ -14,3 +14,6 @@ openstack_service_rpc_workers: "1" # Reduce size of libvirt logs when OpenStack debug logging is enabled nova_libvirt_logging_debug: False + +# FIXME(wszumski): The time check is unreliable in CI +prechecks_enable_host_ntp_checks: false diff --git a/playbooks/kayobe-seed-base/globals.yml.j2 b/playbooks/kayobe-seed-base/globals.yml.j2 index 82a51b601..153934272 100644 --- a/playbooks/kayobe-seed-base/globals.yml.j2 +++ b/playbooks/kayobe-seed-base/globals.yml.j2 @@ -1,3 +1,6 @@ --- # Use HTTPS opendev quay.io registry proxy. docker_registry_insecure: no + +# FIXME(wszumski): The time check is unreliable in CI +prechecks_enable_host_ntp_checks: false diff --git a/playbooks/kayobe-seed-upgrade-base/globals.yml.j2 b/playbooks/kayobe-seed-upgrade-base/globals.yml.j2 index 82a51b601..153934272 100644 --- a/playbooks/kayobe-seed-upgrade-base/globals.yml.j2 +++ b/playbooks/kayobe-seed-upgrade-base/globals.yml.j2 @@ -1,3 +1,6 @@ --- # Use HTTPS opendev quay.io registry proxy. docker_registry_insecure: no + +# FIXME(wszumski): The time check is unreliable in CI +prechecks_enable_host_ntp_checks: false From 65370cc98e2360429c4b97c0f9c298a3d82fa967 Mon Sep 17 00:00:00 2001 From: Pierre Riteau Date: Fri, 24 Apr 2026 11:50:22 +0200 Subject: [PATCH 3/3] CI: Remove upgrade jobs before 2024.2 moves to EOL The stable/2024.2 branch is going to be deleted soon [1]. Stop running upgrade jobs that depend on it, to avoid CI breakage. We still test upgrades from 2024.1 (SLURP). [1] https://review.opendev.org/c/openstack/releases/+/984984 Change-Id: I30cf02c2e40998676a64c8489599fdc6a0dcd731 Signed-off-by: Pierre Riteau --- zuul.d/project.yaml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml index 6db6f7299..6db47b394 100644 --- a/zuul.d/project.yaml +++ b/zuul.d/project.yaml @@ -28,19 +28,15 @@ - kayobe-overcloud-tls-rocky9 - kayobe-overcloud-ubuntu-noble - kayobe-overcloud-ubuntu-noble-podman - - kayobe-overcloud-upgrade-rocky9 - kayobe-overcloud-upgrade-slurp-rocky9 - kayobe-overcloud-upgrade-slurp-ubuntu-noble - - kayobe-overcloud-upgrade-ubuntu-noble - kayobe-seed-rocky10 - kayobe-seed-rocky10-podman - kayobe-seed-rocky9 - kayobe-seed-rocky9-podman - kayobe-seed-ubuntu-noble - kayobe-seed-ubuntu-noble-podman - - kayobe-seed-upgrade-rocky9 - kayobe-seed-upgrade-slurp-rocky9 - - kayobe-seed-upgrade-ubuntu-noble - kayobe-seed-vm-rocky10 - kayobe-seed-vm-rocky9 - kayobe-seed-vm-ubuntu-noble @@ -66,19 +62,15 @@ - kayobe-overcloud-tls-rocky9 - kayobe-overcloud-ubuntu-noble - kayobe-overcloud-ubuntu-noble-podman - - kayobe-overcloud-upgrade-rocky9 - kayobe-overcloud-upgrade-slurp-rocky9 - kayobe-overcloud-upgrade-slurp-ubuntu-noble - - kayobe-overcloud-upgrade-ubuntu-noble - kayobe-seed-rocky10 - kayobe-seed-rocky10-podman - kayobe-seed-rocky9 - kayobe-seed-rocky9-podman - kayobe-seed-ubuntu-noble - kayobe-seed-ubuntu-noble-podman - - kayobe-seed-upgrade-rocky9 - kayobe-seed-upgrade-slurp-rocky9 - - kayobe-seed-upgrade-ubuntu-noble - kayobe-seed-vm-rocky10 - kayobe-seed-vm-rocky9 - kayobe-seed-vm-ubuntu-noble