From c87d387c9f16043d5e26dec454301c92faa85b03 Mon Sep 17 00:00:00 2001 From: scrungus <tyler@stackhpc.com> Date: Fri, 26 Apr 2024 13:15:52 +0100 Subject: [PATCH 01/17] enable blazar --- etc/kayobe/kolla.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/kayobe/kolla.yml b/etc/kayobe/kolla.yml index d8e88bee9..9c7c5f025 100644 --- a/etc/kayobe/kolla.yml +++ b/etc/kayobe/kolla.yml @@ -691,7 +691,7 @@ kolla_enable_tls_external: true #kolla_enable_aodh: #kolla_enable_barbican: -#kolla_enable_blazar: +kolla_enable_blazar: true #kolla_enable_cadf_notifications: #kolla_enable_caso: #kolla_enable_ceilometer: -- GitLab From c059873b347760ac734bbe24de7f9a159f7664f5 Mon Sep 17 00:00:00 2001 From: scrungus <tyler@stackhpc.com> Date: Fri, 26 Apr 2024 12:19:13 +0000 Subject: [PATCH 02/17] update constaints --- etc/kayobe/overcloud-dib.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/kayobe/overcloud-dib.yml b/etc/kayobe/overcloud-dib.yml index 7878b6630..07f9eb871 100644 --- a/etc/kayobe/overcloud-dib.yml +++ b/etc/kayobe/overcloud-dib.yml @@ -260,7 +260,7 @@ overcloud_dib_git_elements_extra: # Upper constraints file for installing packages in the virtual environment # used for building overcloud host disk images. Default is {{ # pip_upper_constraints_file }}. -overcloud_dib_upper_constraints_file: https://raw.githubusercontent.com/openstack/requirements/stable/yoga/upper-constraints.txt +overcloud_dib_upper_constraints_file: https://raw.githubusercontent.com/openstack/requirements/unmaintained/yoga/upper-constraints.txt ############################################################################### # Dummy variable to allow Ansible to accept this file. -- GitLab From cb12a8dc49e62102c86c1eb14b8adade603db6d7 Mon Sep 17 00:00:00 2001 From: scrungus <tyler@stackhpc.com> Date: Fri, 26 Apr 2024 12:21:10 +0000 Subject: [PATCH 03/17] bump automation --- .automation | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.automation b/.automation index 08a575366..8b5e98a64 160000 --- a/.automation +++ b/.automation @@ -1 +1 @@ -Subproject commit 08a57536609332c98d7c2d8db4746a59297eeb6a +Subproject commit 8b5e98a64b32a51dce45859eea4f095ad0b516b5 -- GitLab From 406d982bd739cbfbc3e706318a6fac2969e900da Mon Sep 17 00:00:00 2001 From: scrungus <tyler@stackhpc.com> Date: Tue, 14 May 2024 17:06:02 +0000 Subject: [PATCH 04/17] antelope blazar tag --- etc/kayobe/kolla/globals.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/etc/kayobe/kolla/globals.yml b/etc/kayobe/kolla/globals.yml index b34bf7cce..b0e046bf7 100644 --- a/etc/kayobe/kolla/globals.yml +++ b/etc/kayobe/kolla/globals.yml @@ -220,6 +220,7 @@ neutron_tag: "{% raw %}{{ kayobe_image_tags['neutron'][kolla_base_distro] }}{% e nova_tag: "{% raw %}{{ kayobe_image_tags['nova'][kolla_base_distro] }}{% endraw %}" octavia_tag: "{% raw %}{{ kayobe_image_tags['octavia'][kolla_base_distro] }}{% endraw %}" opensearch_tag: yoga-20231219T221916 +blazar_tag: 2023.1-rocky-9-20240423T125905 # These overrides are currently redundant, but are kept because it's not obvious that you need them if setting haproxy_tag glance_tls_proxy_tag: "{% raw %}{{ haproxy_tag }}{% endraw %}" -- GitLab From 7fbce43606c86b5faf64be86611aba5105d45e90 Mon Sep 17 00:00:00 2001 From: scrungus <tyler@stackhpc.com> Date: Tue, 14 May 2024 17:06:17 +0000 Subject: [PATCH 05/17] blazar.conf CA file --- etc/kayobe/kolla/config/blazar.conf | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 etc/kayobe/kolla/config/blazar.conf diff --git a/etc/kayobe/kolla/config/blazar.conf b/etc/kayobe/kolla/config/blazar.conf new file mode 100644 index 000000000..4683ae6e3 --- /dev/null +++ b/etc/kayobe/kolla/config/blazar.conf @@ -0,0 +1,4 @@ +[DEFAULT] +{% raw %} +cafile = {{ openstack_cacert }} +{% endraw %} -- GitLab From a065cafae481fc69b963b783d468a5dbbb05962d Mon Sep 17 00:00:00 2001 From: Kayobe Automation <kayobe-automation@example.org> Date: Fri, 17 May 2024 13:13:59 +0000 Subject: [PATCH 06/17] add blazar filters --- etc/kayobe/kolla/config/nova/nova-scheduler.conf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/etc/kayobe/kolla/config/nova/nova-scheduler.conf b/etc/kayobe/kolla/config/nova/nova-scheduler.conf index 6b01784e6..395d65974 100644 --- a/etc/kayobe/kolla/config/nova/nova-scheduler.conf +++ b/etc/kayobe/kolla/config/nova/nova-scheduler.conf @@ -6,7 +6,8 @@ enable_isolated_aggregate_filtering = true [filter_scheduler] available_filters = nova.scheduler.filters.all_filters -enabled_filters = AvailabilityZoneFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter,PciPassthroughFilter,NUMATopologyFilter,AggregateInstanceExtraSpecsFilter +available_filters = blazarnova.scheduler.filters.blazar_filter.BlazarFilter +enabled_filters = AvailabilityZoneFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter,PciPassthroughFilter,NUMATopologyFilter,AggregateInstanceExtraSpecsFilter,BlazarFilter # be sure to pack VMs, when possible, to limit fragmentation ram_weight_multiplier = -100.0 -- GitLab From 63ba2d22f6ec07728b4b746cb7d1f332a265e049 Mon Sep 17 00:00:00 2001 From: Kayobe Automation <kayobe-automation@example.org> Date: Fri, 17 May 2024 14:20:27 +0000 Subject: [PATCH 07/17] blazar image tags full --- etc/kayobe/kolla/globals.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/etc/kayobe/kolla/globals.yml b/etc/kayobe/kolla/globals.yml index b0e046bf7..e4071cfd7 100644 --- a/etc/kayobe/kolla/globals.yml +++ b/etc/kayobe/kolla/globals.yml @@ -179,6 +179,9 @@ octavia_service_auth_project: octavia-lbs # Currently ahead of release train, remove in Zed etcd_image_full: registry.gitlab.com/scientific-openstack/infrastructure/kayobe-config/centos-source-etcd:victoria-20230202152347 +# No yoga image at the moment for blazar, so we use antelope: +blazar_api_image_full: "{{ docker_registry }}/stackhpc/blazar-api:2023.1-rocky-9-20240423T125905" +blazar_manager_image_full: "{{ docker_registry }}/stackhpc/blazar-manager:2023.1-rocky-9-20240423T125905" # kolla_base_distro must be set here to be resolvable on a per-host basis # This is necessary for os migrations where mixed clouds might be deployed kolla_base_distro: "{% raw %}{{ 'centos' if ansible_facts.distribution == 'Rocky' and ansible_facts.distribution_major_version == '8' else ansible_facts.distribution | lower }}{% endraw %}" @@ -220,7 +223,6 @@ neutron_tag: "{% raw %}{{ kayobe_image_tags['neutron'][kolla_base_distro] }}{% e nova_tag: "{% raw %}{{ kayobe_image_tags['nova'][kolla_base_distro] }}{% endraw %}" octavia_tag: "{% raw %}{{ kayobe_image_tags['octavia'][kolla_base_distro] }}{% endraw %}" opensearch_tag: yoga-20231219T221916 -blazar_tag: 2023.1-rocky-9-20240423T125905 # These overrides are currently redundant, but are kept because it's not obvious that you need them if setting haproxy_tag glance_tls_proxy_tag: "{% raw %}{{ haproxy_tag }}{% endraw %}" -- GitLab From 62dde5122162d5dee9b5a99359b9aa3f288a4bd3 Mon Sep 17 00:00:00 2001 From: scrungus <tyler@stackhpc.com> Date: Wed, 5 Jun 2024 18:08:56 +0100 Subject: [PATCH 08/17] only run one blazar manager --- etc/kayobe/kolla/overcloud-services.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/kayobe/kolla/overcloud-services.j2 b/etc/kayobe/kolla/overcloud-services.j2 index a3756d8aa..d471c3af4 100644 --- a/etc/kayobe/kolla/overcloud-services.j2 +++ b/etc/kayobe/kolla/overcloud-services.j2 @@ -497,7 +497,7 @@ vitrage blazar [blazar-manager:children] -blazar +{{ groups['controllers'][0] }} # Prometheus [prometheus-node-exporter:children] -- GitLab From 555699b3cdb25e0a287b1d0ce7deaff6696c4543 Mon Sep 17 00:00:00 2001 From: scrungus <tyler@stackhpc.com> Date: Wed, 5 Jun 2024 18:09:52 +0100 Subject: [PATCH 09/17] add manager config --- etc/kayobe/kolla/config/blazar.conf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/etc/kayobe/kolla/config/blazar.conf b/etc/kayobe/kolla/config/blazar.conf index 4683ae6e3..97c8244a3 100644 --- a/etc/kayobe/kolla/config/blazar.conf +++ b/etc/kayobe/kolla/config/blazar.conf @@ -2,3 +2,6 @@ {% raw %} cafile = {{ openstack_cacert }} {% endraw %} + +[manager] +plugins = virtual.instance.plugin,physical.host.plugin,flavor.plugin -- GitLab From bc0fee51d3a38bff5275d11fd9b414c101ffc99f Mon Sep 17 00:00:00 2001 From: scrungus <tyler@stackhpc.com> Date: Wed, 5 Jun 2024 18:20:59 +0100 Subject: [PATCH 10/17] add blazar internal API firewall rule --- .../staging/inventory/group_vars/controllers/firewall | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/etc/kayobe/environments/staging/inventory/group_vars/controllers/firewall b/etc/kayobe/environments/staging/inventory/group_vars/controllers/firewall index c92b67000..913c699f3 100644 --- a/etc/kayobe/environments/staging/inventory/group_vars/controllers/firewall +++ b/etc/kayobe/environments/staging/inventory/group_vars/controllers/firewall @@ -60,6 +60,11 @@ firewallgen_ipv4_input_allow_rules: proto: tcp destination: "{{ internal_net_name | net_vip_address }}" comment: "hint: used by 'haproxy' for horizon" + - interface: "{{ internal_net_interface }}" + port: 1234 + proto: tcp + destination: "{{ internal_net_name | net_ip }}" + comment: "hint: used to expose blazar API" - interface: "{{ internal_net_interface }}" port: 1984 proto: tcp -- GitLab From 5e93adee156048e2d23d3723705e3c4ac0d61838 Mon Sep 17 00:00:00 2001 From: scrungus <tyler@stackhpc.com> Date: Wed, 5 Jun 2024 18:23:42 +0100 Subject: [PATCH 11/17] blazar image bump --- etc/kayobe/kolla/globals.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/etc/kayobe/kolla/globals.yml b/etc/kayobe/kolla/globals.yml index e4071cfd7..d567eed38 100644 --- a/etc/kayobe/kolla/globals.yml +++ b/etc/kayobe/kolla/globals.yml @@ -180,8 +180,8 @@ octavia_service_auth_project: octavia-lbs etcd_image_full: registry.gitlab.com/scientific-openstack/infrastructure/kayobe-config/centos-source-etcd:victoria-20230202152347 # No yoga image at the moment for blazar, so we use antelope: -blazar_api_image_full: "{{ docker_registry }}/stackhpc/blazar-api:2023.1-rocky-9-20240423T125905" -blazar_manager_image_full: "{{ docker_registry }}/stackhpc/blazar-manager:2023.1-rocky-9-20240423T125905" +blazar_api_image_full: "{{ docker_registry }}/stackhpc/blazar-api:2023.1-rocky-9-20240605T171401" +blazar_manager_image_full: "{{ docker_registry }}/stackhpc/blazar-manager:2023.1-rocky-9-20240605T171401" # kolla_base_distro must be set here to be resolvable on a per-host basis # This is necessary for os migrations where mixed clouds might be deployed kolla_base_distro: "{% raw %}{{ 'centos' if ansible_facts.distribution == 'Rocky' and ansible_facts.distribution_major_version == '8' else ansible_facts.distribution | lower }}{% endraw %}" -- GitLab From 1fadaf62b3855f7cf3f46d2c4b9bacebeef6717f Mon Sep 17 00:00:00 2001 From: Kayobe Automation <kayobe-automation@example.org> Date: Mon, 17 Jun 2024 12:58:45 +0000 Subject: [PATCH 12/17] image bumped --- etc/kayobe/kolla/globals.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/etc/kayobe/kolla/globals.yml b/etc/kayobe/kolla/globals.yml index d567eed38..32f73e758 100644 --- a/etc/kayobe/kolla/globals.yml +++ b/etc/kayobe/kolla/globals.yml @@ -180,8 +180,8 @@ octavia_service_auth_project: octavia-lbs etcd_image_full: registry.gitlab.com/scientific-openstack/infrastructure/kayobe-config/centos-source-etcd:victoria-20230202152347 # No yoga image at the moment for blazar, so we use antelope: -blazar_api_image_full: "{{ docker_registry }}/stackhpc/blazar-api:2023.1-rocky-9-20240605T171401" -blazar_manager_image_full: "{{ docker_registry }}/stackhpc/blazar-manager:2023.1-rocky-9-20240605T171401" +blazar_api_image_full: "{{ docker_registry }}/stackhpc/blazar-api:2023.1-rocky-9-20240611T153543" +blazar_manager_image_full: "{{ docker_registry }}/stackhpc/blazar-manager:2023.1-rocky-9-20240611T153543" # kolla_base_distro must be set here to be resolvable on a per-host basis # This is necessary for os migrations where mixed clouds might be deployed kolla_base_distro: "{% raw %}{{ 'centos' if ansible_facts.distribution == 'Rocky' and ansible_facts.distribution_major_version == '8' else ansible_facts.distribution | lower }}{% endraw %}" -- GitLab From b92fb05b6a9d399cd8ef120b3755513e578ba829 Mon Sep 17 00:00:00 2001 From: Kayobe Automation <kayobe-automation@example.org> Date: Mon, 17 Jun 2024 12:59:09 +0000 Subject: [PATCH 13/17] group fixed --- etc/kayobe/kolla/overcloud-services.j2 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/etc/kayobe/kolla/overcloud-services.j2 b/etc/kayobe/kolla/overcloud-services.j2 index d471c3af4..64318d2cc 100644 --- a/etc/kayobe/kolla/overcloud-services.j2 +++ b/etc/kayobe/kolla/overcloud-services.j2 @@ -496,8 +496,10 @@ vitrage [blazar-api:children] blazar -[blazar-manager:children] +[blazar-manager] +{% if groups.get('controllers', []) | length > 0 %} {{ groups['controllers'][0] }} +{% endif %} # Prometheus [prometheus-node-exporter:children] -- GitLab From 2d7c02475f3ab4465cad28fb55e06fca69ec13a8 Mon Sep 17 00:00:00 2001 From: John Garbutt <john.garbutt@stackhpc.com> Date: Tue, 2 Jul 2024 17:50:18 +0100 Subject: [PATCH 14/17] Yoga Fix CVE-2024-32498 Commit based on: https://github.com/stackhpc/stackhpc-kayobe-config/commit/928f96c9e149e4afa1863a4217cb809d1b8e1668 --- etc/kayobe/kolla/globals.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/etc/kayobe/kolla/globals.yml b/etc/kayobe/kolla/globals.yml index 215d47b5d..45cd9ae1f 100644 --- a/etc/kayobe/kolla/globals.yml +++ b/etc/kayobe/kolla/globals.yml @@ -191,10 +191,18 @@ kayobe_image_tags: centos: yoga-20230905T130221 rocky: yoga-20231218T141822 ubuntu: yoga-20231024T093507 + cinder: + centos: yoga-20240701T132344 + rocky: yoga-20240701T132344 + ubuntu: yoga-20240701T132344 cloudkitty: centos: yoga-20231107T165648 rocky: yoga-20231218T141822 ubuntu: yoga-20231107T165648 + glance: + centos: yoga-20240702T105751 + rocky: yoga-20240702T105751 + ubuntu: yoga-20240702T105751 heat: centos: yoga-20240320T082414 rocky: yoga-20240320T082414 @@ -208,6 +216,10 @@ kayobe_image_tags: rocky: yoga-20240105T120257 ubuntu: yoga-20231114T125927 nova: + centos: yoga-20240702T105751 + rocky: yoga-20240702T105751 + ubuntu: yoga-20240702T105751 + nova_libvirt: centos: yoga-20230905T130221 rocky: yoga-20240105T120257 ubuntu: yoga-20231103T161400 @@ -217,10 +229,13 @@ kayobe_image_tags: ubuntu: yoga-20231024T093507 cloudkitty_tag: "{% raw %}{{ kayobe_image_tags['cloudkitty'][kolla_base_distro] }}{% endraw %}" +cinder_tag: "{% raw %}{{ kayobe_image_tags['cinder'][kolla_base_distro] }}{% endraw %}" +glance_tag: "{% raw %}{{ kayobe_image_tags['glance'][kolla_base_distro] }}{% endraw %}" heat_tag: "{% raw %}{{ kayobe_image_tags['heat'][kolla_base_distro] }}{% endraw %}" magnum_tag: "{% raw %}{{ kayobe_image_tags['magnum'][kolla_base_distro] }}{% endraw %}" neutron_tag: "{% raw %}{{ kayobe_image_tags['neutron'][kolla_base_distro] }}{% endraw %}" nova_tag: "{% raw %}{{ kayobe_image_tags['nova'][kolla_base_distro] }}{% endraw %}" +nova_libvirt_tag: "{% raw %}{{ kayobe_image_tags['nova_libvirt'][kolla_base_distro] }}{% endraw %}" octavia_tag: "{% raw %}{{ kayobe_image_tags['octavia'][kolla_base_distro] }}{% endraw %}" opensearch_tag: yoga-20231219T221916 -- GitLab From 74b4daafb8b10cf979af7b313a3ba28d31b812b2 Mon Sep 17 00:00:00 2001 From: Kayobe Automation <kayobe-automation@example.org> Date: Wed, 3 Jul 2024 11:05:30 +0000 Subject: [PATCH 15/17] Convert AR02 Cumulus U19 switch to use Arcus NGS user --- .../production/kolla/config/neutron/ml2_conf.ini | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/etc/kayobe/environments/production/kolla/config/neutron/ml2_conf.ini b/etc/kayobe/environments/production/kolla/config/neutron/ml2_conf.ini index 654240d55..3be33f68d 100644 --- a/etc/kayobe/environments/production/kolla/config/neutron/ml2_conf.ini +++ b/etc/kayobe/environments/production/kolla/config/neutron/ml2_conf.ini @@ -974,9 +974,9 @@ ngs_manage_vlans = False [genericswitch:ethsw-ar02-u19] device_type = netmiko_cumulus ip = 10.45.253.79 -username = cumulus -password = {{ secrets_switch_ssh_password }} -secret = {{ secrets_switch_ssh_password }} +username = arcus-ngs +password = {{ secrets_arcus_ngs_switch_ssh_password }} +secret = {{ secrets_arcus_ngs_switch_ssh_password }} ngs_physical_networks = physnet1 ngs_port_default_vlan = 610 ngs_disable_inactive_ports = False -- GitLab From 2986ca4367b6a4e5b328fe8d2095f73de43d1fe3 Mon Sep 17 00:00:00 2001 From: Kayobe Automation <kayobe-automation@example.org> Date: Wed, 3 Jul 2024 11:07:32 +0000 Subject: [PATCH 16/17] Update .kayobe-automation --- .automation | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.automation b/.automation index 8b5e98a64..534a2d98d 160000 --- a/.automation +++ b/.automation @@ -1 +1 @@ -Subproject commit 8b5e98a64b32a51dce45859eea4f095ad0b516b5 +Subproject commit 534a2d98dae60b86297b6456dc114f0bd8482d80 -- GitLab From 9c7f8f55bc75102004710f49607c56145f766ff7 Mon Sep 17 00:00:00 2001 From: Kayobe Automation <kayobe-automation@example.org> Date: Wed, 3 Jul 2024 12:03:37 +0000 Subject: [PATCH 17/17] Update .kayobe-automation --- .automation | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.automation b/.automation index 8b5e98a64..534a2d98d 160000 --- a/.automation +++ b/.automation @@ -1 +1 @@ -Subproject commit 8b5e98a64b32a51dce45859eea4f095ad0b516b5 +Subproject commit 534a2d98dae60b86297b6456dc114f0bd8482d80 -- GitLab