Implement AIO testing for Rocky 10

.github/workflows/stackhpc-container-image-build.yml

@@ -23,6 +23,11 @@ on:
         type: boolean
         required: false
         default: true
+      rocky-linux-10:
+        description: Build Rocky Linux 10 images?
+        type: boolean
+        required: false
+        default: true
       ubuntu-noble:
         description: Build Ubuntu Noble 24.04 images?
         type: boolean
@@ -66,7 +71,7 @@ jobs:
     steps:
       - name: Validate inputs
         run: |
-          if [[ ${{ inputs.rocky-linux-9 }} == 'false' && ${{ inputs.ubuntu-noble }} == 'false' ]]; then
+          if [[ ${{ inputs.rocky-linux-9 }} == 'false' && ${{ inputs.rocky-linux-10 }} == 'false' && ${{ inputs.ubuntu-noble }} == 'false' ]]; then
             echo "At least one distribution must be selected"
             exit 1
           fi
@@ -104,6 +109,10 @@ jobs:
               output+="{'name': 'rocky', 'release': 9, 'arch': 'amd64'},"
               output+="{'name': 'rocky', 'release': 9, 'arch': 'aarch64'},"
           fi
+          if [[ ${{ inputs.rocky-linux-10 }} == 'true' ]]; then
+              output+="{'name': 'rocky', 'release': 10, 'arch': 'amd64'},"
+              output+="{'name': 'rocky', 'release': 10, 'arch': 'aarch64'},"
+          fi
           if [[ ${{ inputs.ubuntu-noble }} == 'true' ]]; then
               output+="{'name': 'ubuntu', 'release': 'noble', 'arch': 'amd64'},"
           fi
@@ -346,7 +355,7 @@ jobs:
   create-manifests:
     # Only for Rocky Linux for now
     name: Create Multiarch Docker Manifests
-    if: github.repository == 'stackhpc/stackhpc-kayobe-config' && inputs.push && inputs.rocky-linux-9
+    if: github.repository == 'stackhpc/stackhpc-kayobe-config' && inputs.push && (inputs.rocky-linux-9 || inputs.rocky-linux-10)
     runs-on: ${{ needs.runner-selection.outputs.runner_name_container_image_build }}
     permissions: {}
     needs:

.github/workflows/stackhpc-pull-request.yml

@@ -191,7 +191,43 @@ jobs:
     secrets: inherit
     if: ${{ ! failure() && ! cancelled() && github.repository == 'stackhpc/stackhpc-kayobe-config' }}
 
-  # Test two upgrade scenarios: Ubuntu Jammy to Noble OVN and Rocky 9 OVN.
+  all-in-one-rocky-10-ovs:
+    name: aio (Rocky 10 OVS)
+    permissions: {}
+    needs:
+      - check-changes
+      - build-kayobe-image
+    uses: ./.github/workflows/stackhpc-all-in-one.yml
+    with:
+      kayobe_image: ${{ needs.build-kayobe-image.outputs.kayobe_image }}
+      os_distribution: rocky
+      os_release: "10"
+      ssh_username: cloud-user
+      neutron_plugin: ovs
+      OS_CLOUD: openstack
+      if: ${{ needs.check-changes.outputs.aio == 'true' }}
+    secrets: inherit
+    if: ${{ ! failure() && ! cancelled() && github.repository == 'stackhpc/stackhpc-kayobe-config' }}
+
+  all-in-one-rocky-10-ovn:
+    name: aio (Rocky 10 OVN)
+    permissions: {}
+    needs:
+      - check-changes
+      - build-kayobe-image
+    uses: ./.github/workflows/stackhpc-all-in-one.yml
+    with:
+      kayobe_image: ${{ needs.build-kayobe-image.outputs.kayobe_image }}
+      os_distribution: rocky
+      os_release: "10"
+      ssh_username: cloud-user
+      neutron_plugin: ovn
+      OS_CLOUD: openstack
+      if: ${{ needs.check-changes.outputs.aio == 'true' }}
+    secrets: inherit
+    if: ${{ ! failure() && ! cancelled() && github.repository == 'stackhpc/stackhpc-kayobe-config' }}
+
+  # Test three upgrade scenarios: Ubuntu Jammy to Noble OVN and Rocky 9 OVN.
 
   all-in-one-upgrade-ubuntu-jammy-to-noble-ovn:
     name: aio upgrade (Ubuntu Jammy to Noble OVN)

etc/kayobe/dnf.yml

@@ -41,16 +41,18 @@
 #     file: myrepo
 #     gpgkey: http://gpgkey
 #     gpgcheck: yes
-dnf_custom_repos: "{{ stackhpc_dnf_repos if stackhpc_repos_enabled | bool else [] }}"
+dnf_custom_repos: "{{ stackhpc_dnf_repos[os_release] | default({}) if stackhpc_repos_enabled | bool else {} }}"
 
 # A dict of custom repositories that point to the local Pulp server.
 # To use these repos, set stackhpc_repos_enabled to true.
 # This is done by default for hosts in the overcloud group via a group_vars
 # file.
-stackhpc_dnf_repos: "{{ dnf_custom_repos_el9 | combine(dnf_custom_repos_rocky_9) | combine(dnf_custom_repos_elrepo_9 if dnf_install_elrepo_9 | bool else {}) | combine(dnf_custom_repos_doca if dnf_install_doca | bool else {}) }}"
+stackhpc_dnf_repos:
+  '9': "{{ dnf_custom_repos_el9 | combine(dnf_custom_repos_rocky_9) | combine(dnf_custom_repos_elrepo_9 if dnf_install_elrepo_9 | bool else {}) | combine(dnf_custom_repos_doca_rocky_9 if dnf_install_doca | bool else {}) }}"
+  '10': "{{ dnf_custom_repos_el10 | combine(dnf_custom_repos_rocky_10) | combine(dnf_custom_repos_elrepo_10 if dnf_install_elrepo_10 | bool else {}) | combine(dnf_custom_repos_doca_rocky_10 if dnf_install_doca | bool else {}) }}"
 
 # DOCA repositories
-dnf_custom_repos_doca:
+dnf_custom_repos_doca_rocky_9:
   doca:
     baseurl: "{{ stackhpc_repo_rhel9_doca_url }}"
     description: "DOCA Online Repo {{ stackhpc_pulp_doca_version }} - RHEL $releasever"
@@ -70,7 +72,28 @@ dnf_custom_repos_doca:
     username: "{{ stackhpc_repo_mirror_username | default(omit, true) }}"
     password: "{{ stackhpc_repo_mirror_password | default(omit, true) }}"
 
-# Custom repositories shared between all RHEL 9 derivatives.
+dnf_custom_repos_doca_rocky_10:
+  doca:
+    baseurl: "{{ stackhpc_repo_rhel10_doca_url }}"
+    description: "DOCA Online Repo {{ stackhpc_pulp_doca_version }} - RHEL $releasever"
+    enabled: "{{ dnf_enable_doca | bool | default(false) }}"
+    priority: -1
+    file: doca
+    gpgcheck: no
+    username: "{{ stackhpc_repo_mirror_username | default(omit, true) }}"
+    password: "{{ stackhpc_repo_mirror_password | default(omit, true) }}"
+    # TODO(owenjones): update this once repo for Rocky 10 has been created in Pulp
+    # doca-modules:
+    #   baseurl: "{{ stackhpc_repo_rhel9_doca_modules_url }}"
+    #   description: "OFED Kernel module repository for DOCA {{ stackhpc_pulp_doca_version }} - RHEL $releasever"
+    #   enabled: "{{ dnf_enable_doca_modules | bool | default(false) }}"
+    #   priority: -1
+    #   file: doca
+    #   gpgcheck: no
+    #   username: "{{ stackhpc_repo_mirror_username | default(omit, true) }}"
+    #   password: "{{ stackhpc_repo_mirror_password | default(omit, true) }}"
+
+# Custom repositories shared between all RHEL 9/10 derivatives.
 dnf_custom_repos_el9:
   epel:
     baseurl: "{{ stackhpc_repo_epel_9_url }}"
@@ -91,94 +114,164 @@ dnf_custom_repos_el9:
     username: "{{ stackhpc_repo_mirror_username | default(omit, true) }}"
     password: "{{ stackhpc_repo_mirror_password | default(omit, true) }}"
 
-# ELRepo 9
+dnf_custom_repos_el10:
+  epel:
+    baseurl: "{{ stackhpc_repo_epel_10_url }}"
+    description: "Extra Packages for Enterprise Linux $releasever - $basearch"
+    enabled: "{{ dnf_enable_epel | bool }}"
+    file: epel
+    gpgkey: "{{ dnf_epel_10_gpg_key_url }}"
+    gpgcheck: yes
+    username: "{{ stackhpc_repo_mirror_username | default(omit, true) }}"
+    password: "{{ stackhpc_repo_mirror_password | default(omit, true) }}"
+  docker:
+    baseurl: "{{ stackhpc_repo_centos_stream_10_docker_url }}"
+    description: "Package repository for installing docker"
+    enabled: "{{ dnf_enable_docker | bool }}"
+    file: docker
+    gpgkey: "{{ dnf_docker_gpg_key_url }}"
+    gpgcheck: yes
+    username: "{{ stackhpc_repo_mirror_username | default(omit, true) }}"
+    password: "{{ stackhpc_repo_mirror_password | default(omit, true) }}"
+
+# ELRepo 9/10
 dnf_custom_repos_elrepo_9:
   elrepo:
     baseurl: "{{ stackhpc_repo_elrepo_9_url }}"
     description: "ELRepo.org Community Enterprise Linux Repository - el9"
     enabled: "{{ dnf_enable_elrepo_9 | bool }}"
     file: elrepo
-    gpgkey: https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
+    gpgkey:
+      - "{{ dnf_elrepo_gpg_key_url }}"
+      - "{{ dnf_elrepo_gpg_v2_key_url }}"
+    gpgcheck: yes
+    username: "{{ stackhpc_repo_mirror_username | default(omit, true) }}"
+    password: "{{ stackhpc_repo_mirror_password | default(omit, true) }}"
+
+dnf_custom_repos_elrepo_10:
+  elrepo:
+    baseurl: "{{ stackhpc_repo_elrepo_10_url }}"
+    description: "ELRepo.org Community Enterprise Linux Repository - el10"
+    enabled: "{{ dnf_enable_elrepo_10 | bool }}"
+    file: elrepo
+    gpgkey: "{{ dnf_elrepo_gpg_v2_key_url }}"
     gpgcheck: yes
     username: "{{ stackhpc_repo_mirror_username | default(omit, true) }}"
     password: "{{ stackhpc_repo_mirror_password | default(omit, true) }}"
 
-# Rocky 9 specific repositories
+# Rocky 9/10 specific repositories
 dnf_custom_repos_rocky_9:
   appstream:
     baseurl: "{{ stackhpc_repo_rocky_9_appstream_url }}"
     description: "Rocky Linux $releasever - AppStream"
     file: rocky
-    gpgkey: "{{ rocky_9_gpg_key }}"
+    gpgkey: "{{ dnf_rocky_9_gpg_key_url }}"
     gpgcheck: yes
     username: "{{ stackhpc_repo_mirror_username | default(omit, true) }}"
     password: "{{ stackhpc_repo_mirror_password | default(omit, true) }}"
   baseos:
     baseurl: "{{ stackhpc_repo_rocky_9_baseos_url }}"
     description: "Rocky Linux $releasever - BaseOS"
     file: rocky
-    gpgkey: "{{ rocky_9_gpg_key }}"
+    gpgkey: "{{ dnf_rocky_9_gpg_key_url }}"
     gpgcheck: yes
     username: "{{ stackhpc_repo_mirror_username | default(omit, true) }}"
     password: "{{ stackhpc_repo_mirror_password | default(omit, true) }}"
   crb:
     baseurl: "{{ stackhpc_repo_rocky_9_crb_url }}"
     description: "Rocky Linux $releasever - CRB"
     file: rocky
-    gpgkey: "{{ rocky_9_gpg_key }}"
+    gpgkey: "{{ dnf_rocky_9_gpg_key_url }}"
     gpgcheck: yes
     username: "{{ stackhpc_repo_mirror_username | default(omit, true) }}"
     password: "{{ stackhpc_repo_mirror_password | default(omit, true) }}"
   extras:
     baseurl: "{{ stackhpc_repo_rocky_9_extras_url }}"
     description: "Rocky Linux $releasever - Extras"
     file: rocky-extras
-    gpgkey: "{{ rocky_9_gpg_key }}"
+    gpgkey: "{{ dnf_rocky_9_gpg_key_url }}"
     gpgcheck: yes
     username: "{{ stackhpc_repo_mirror_username | default(omit, true) }}"
     password: "{{ stackhpc_repo_mirror_password | default(omit, true) }}"
   security-common:
     baseurl: "{{ stackhpc_repo_rocky_9_sig_security_common_url }}"
     description: "Rocky Linux $releasever - SIG Security Common"
     file: Rocky-SIG-Security-Common
-    gpgkey: "{{ rocky_9_sig_security_gpg_key }}"
+    gpgkey: "{{ dnf_rocky_9_sig_security_gpg_key_url }}"
     gpgcheck: yes
     includepkgs: "openssh*"
     username: "{{ stackhpc_repo_mirror_username | default(omit, true) }}"
     password: "{{ stackhpc_repo_mirror_password | default(omit, true) }}"
 
+dnf_custom_repos_rocky_10:
+  appstream:
+    baseurl: "{{ stackhpc_repo_rocky_10_appstream_url }}"
+    description: "Rocky Linux $releasever - AppStream"
+    file: rocky
+    gpgkey: "{{ dnf_rocky_10_gpg_key_url }}"
+    gpgcheck: yes
+    username: "{{ stackhpc_repo_mirror_username | default(omit, true) }}"
+    password: "{{ stackhpc_repo_mirror_password | default(omit, true) }}"
+  baseos:
+    baseurl: "{{ stackhpc_repo_rocky_10_baseos_url }}"
+    description: "Rocky Linux $releasever - BaseOS"
+    file: rocky
+    gpgkey: "{{ dnf_rocky_10_gpg_key_url }}"
+    gpgcheck: yes
+    username: "{{ stackhpc_repo_mirror_username | default(omit, true) }}"
+    password: "{{ stackhpc_repo_mirror_password | default(omit, true) }}"
+  crb:
+    baseurl: "{{ stackhpc_repo_rocky_10_crb_url }}"
+    description: "Rocky Linux $releasever - CRB"
+    file: rocky
+    gpgkey: "{{ dnf_rocky_10_gpg_key_url }}"
+    gpgcheck: yes
+    username: "{{ stackhpc_repo_mirror_username | default(omit, true) }}"
+    password: "{{ stackhpc_repo_mirror_password | default(omit, true) }}"
+  extras:
+    baseurl: "{{ stackhpc_repo_rocky_10_extras_url }}"
+    description: "Rocky Linux $releasever - Extras"
+    file: rocky-extras
+    gpgkey: "{{ dnf_rocky_10_gpg_key_url }}"
+    gpgcheck: yes
+    username: "{{ stackhpc_repo_mirror_username | default(omit, true) }}"
+    password: "{{ stackhpc_repo_mirror_password | default(omit, true) }}"
+
+# GPG key urls
+dnf_docker_gpg_key_url: "https://download.docker.com/linux/centos/gpg"
+dnf_elrepo_gpg_key_url: "https://www.elrepo.org/RPM-GPG-KEY-elrepo.org"
+dnf_elrepo_gpg_v2_key_url: "https://www.elrepo.org/RPM-GPG-KEY-v2-elrepo.org"
+dnf_epel_10_gpg_key_url: "https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-10"
+dnf_epel_9_gpg_key_url: "https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-9"
+dnf_rocky_10_gpg_key_url: "https://dl.rockylinux.org/pub/rocky/RPM-GPG-KEY-Rocky-10"
+dnf_rocky_9_gpg_key_url: "https://dl.rockylinux.org/pub/rocky/RPM-GPG-KEY-Rocky-9"
+dnf_rocky_9_sig_security_gpg_key_url: "https://dl.rockylinux.org/pub/sig/9/security/x86_64/security-common/RPM-GPG-KEY-Rocky-SIG-Security"
+
 # Whether to enable EPEL repositories. This affects RedHat-based systems only.
 dnf_enable_epel: "{{ dnf_install_epel | bool }}"
 
 # Whether to enable the ELRepo repository. This affects RedHat-based, 9.x release systems only.
 dnf_enable_elrepo_9: "{{ dnf_install_elrepo_9 | bool }}"
+dnf_enable_elrepo_10: "{{ dnf_install_elrepo_10 | bool }}"
 
 # Whether to enable DOCA repositories. This affects RedHat-based systems only.
 dnf_enable_doca: "{{ dnf_install_doca | bool }}"
 
 # Whether to enable the DOCA kernel module repository. This affects RedHat-based systems only.
 dnf_enable_doca_modules: "{{ dnf_install_doca | bool }}"
 
-# URL of EPEL GPG keys.
-dnf_epel_9_gpg_key_url: "https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-9"
-
-rocky_9_gpg_key: "https://dl.rockylinux.org/pub/rocky/RPM-GPG-KEY-Rocky-9"
-rocky_9_sig_security_gpg_key: "https://dl.rockylinux.org/pub/sig/9/security/x86_64/security-common/RPM-GPG-KEY-Rocky-SIG-Security"
-
 # Whether to install the epel-release package. This affects RedHat-based
 # systems only. Default value is 'false'.
 #dnf_install_epel:
 
 # Whether to create a repo file for ELRepo. This affects RedHat-based
 # systems only.
 dnf_install_elrepo_9: false
+dnf_install_elrepo_10: false
 
 # Whether to enable docker dnf repo in stackhpc_dnf_repos
 dnf_enable_docker: true
 
-#URL of docker repo GPG key
-dnf_docker_gpg_key_url: "https://download.docker.com/linux/centos/gpg"
-
 # Whether to create a repo file for DOCA. This affects RedHat-based
 # systems only.
 dnf_install_doca: "{{ 'mlnx' in group_names }}"

etc/kayobe/environments/ci-aio/inventory/group_vars/controllers/network-interfaces

@@ -10,7 +10,7 @@ ethernet_interface: "{{ ansible_facts['default_ipv4']['interface'] }}"
 # Controller interface on all-in-one network.
 aio_interface: breth1
 # Use dummy1 if it exists, otherwise the bridge will have no ports.
-aio_bridge_ports: "{{ ['dummy1'] if ('dummy1' in hostvars[inventory_hostname].ansible_facts) or (os_distribution == 'rocky' and os_release == '9') else [] }}"
+aio_bridge_ports: "{{ ['dummy1'] if 'dummy1' in hostvars[inventory_hostname].ansible_facts or os_distribution == 'rocky' else [] }}"
 
 ###############################################################################
 # Dummy variable to allow Ansible to accept this file.

etc/kayobe/environments/ci-aio/kolla/globals.yml

@@ -17,3 +17,12 @@ grafana_start_first_node_retries: 20
 
 # Open up ports in firewalld for services on the public API network.
 enable_external_api_firewalld: "{{ controller_firewalld_enabled | bool }}"
+
+# Override the version map used, so we can deploy Rocky 10 container images
+# on Rocky 10 hosts.
+kolla_base_distro_version_default_map: {
+  "centos": "stream9",
+  "debian": "bookworm",
+  "rocky": "{{ os_release }}",
+  "ubuntu": "noble",
+}