diff --git a/.automation.conf/config.sh b/.automation.conf/config.sh index 76f2a59a0..21c037ed3 100644 --- a/.automation.conf/config.sh +++ b/.automation.conf/config.sh @@ -30,6 +30,7 @@ if [ ! -z ${KAYOBE_ENVIRONMENT:+x} ]; then if [[ "$KAYOBE_ENVIRONMENT" =~ "ci-multinode" ]]; then export TEMPEST_CONCURRENCY=4 # Uncomment this to perform a full tempest test + export KAYOBE_AUTOMATION_TEMPEST_LOADLIST=ipv6-tests # export KAYOBE_AUTOMATION_TEMPEST_LOADLIST=tempest-full # export KAYOBE_AUTOMATION_TEMPEST_SKIPLIST=ci-multinode-tempest-full fi diff --git a/.automation.conf/tempest/load-lists/ipv6-tests b/.automation.conf/tempest/load-lists/ipv6-tests new file mode 100644 index 000000000..e0429671b --- /dev/null +++ b/.automation.conf/tempest/load-lists/ipv6-tests @@ -0,0 +1,8 @@ +tempest.scenario.test_network_v6.TestGettingAddress.test_dhcp6_stateless_from_os[compute,id-d7e1f858-187c-45a6-89c9-bdafde619a9f,network,slow] +tempest.scenario.test_network_v6.TestGettingAddress.test_dualnet_dhcp6_stateless_from_os[compute,id-76f26acd-9688-42b4-bc3e-cd134c4cb09e,network,slow] +tempest.scenario.test_network_v6.TestGettingAddress.test_dualnet_multi_prefix_dhcpv6_stateless[compute,id-cf1c4425-766b-45b8-be35-e2959728eb00,network,slow] +tempest.scenario.test_network_v6.TestGettingAddress.test_dualnet_multi_prefix_slaac[compute,id-9178ad42-10e4-47e9-8987-e02b170cc5cd,network,slow] +tempest.scenario.test_network_v6.TestGettingAddress.test_dualnet_slaac_from_os[compute,id-b6399d76-4438-4658-bcf5-0d6c8584fde2,network,slow] +tempest.scenario.test_network_v6.TestGettingAddress.test_multi_prefix_dhcpv6_stateless[compute,id-7ab23f41-833b-4a16-a7c9-5b42fe6d4123,network,slow] +tempest.scenario.test_network_v6.TestGettingAddress.test_multi_prefix_slaac[compute,id-dec222b1-180c-4098-b8c5-cc1b8342d611,network,slow] +tempest.scenario.test_network_v6.TestGettingAddress.test_slaac_from_os[compute,id-2c92df61-29f0-4eaa-bee3-7c65bef62a43,network,slow] diff --git a/etc/kayobe/ansible/openbao-generate-internal-tls.yml b/etc/kayobe/ansible/openbao-generate-internal-tls.yml index 2cc9e841a..d96b9f2bd 100644 --- a/etc/kayobe/ansible/openbao-generate-internal-tls.yml +++ b/etc/kayobe/ansible/openbao-generate-internal-tls.yml @@ -54,3 +54,38 @@ dest: "{{ kayobe_env_config_path }}/kolla/certificates/ca/openbao.crt" mode: "0600" delegate_to: localhost + +# NOTE(seunghun1ee): Kolla Ansible reuses internal TLS certificate when +# creating certificate for proxysql +# https://opendev.org/openstack/kolla-ansible/src/branch/stable/2025.1/ansible/roles/certificates/tasks/generate.yml#L169-L183 + - name: Generate ProxySQL certificates + when: kolla_enable_proxysql + block: + - name: Copy ProxySQL certificate + no_log: true + ansible.builtin.copy: + dest: "{{ kayobe_env_config_path }}/kolla/certificates/proxysql-cert.pem" + content: | + {{ internal_cert.data.certificate }} + {{ internal_cert.data.issuing_ca }} + mode: "0600" + delegate_to: localhost + + - name: Copy ProxySQL certificate key + no_log: true + ansible.builtin.copy: + dest: "{{ kayobe_env_config_path }}/kolla/certificates/proxysql-key.pem" + content: | + {{ internal_cert.data.private_key }} + mode: "0600" + delegate_to: localhost + +# NOTE(seunghun1ee): ProxySQL only expects root CA to be named ``root.crt`` because of +# https://opendev.org/openstack/kolla-ansible/src/branch/stable/2025.1/ansible/roles/loadbalancer/templates/proxysql/proxysql.json.j2#L36 +# Make a duplicate of ``openbao.crt`` named ``root.crt`` + - name: Copy root CA for ProxySQL + ansible.builtin.copy: + src: "{{ kayobe_env_config_path }}/openbao/OS-TLS-ROOT.pem" + dest: "{{ kayobe_env_config_path }}/kolla/certificates/ca/root.crt" + mode: "0600" + delegate_to: localhost diff --git a/etc/kayobe/ansible/requirements.yml b/etc/kayobe/ansible/requirements.yml index 7c83c00ec..c39978d27 100644 --- a/etc/kayobe/ansible/requirements.yml +++ b/etc/kayobe/ansible/requirements.yml @@ -1,7 +1,7 @@ --- collections: - name: stackhpc.cephadm - version: 1.19.1 + version: 1.19.3 # NOTE: Pinning pulp.squeezer to 0.0.13 because 0.0.14+ depends on the # pulp_glue Python library being installed. - name: pulp.squeezer diff --git a/etc/kayobe/ansible/vault-generate-internal-tls.yml b/etc/kayobe/ansible/vault-generate-internal-tls.yml index a585d1bc9..3095b6615 100644 --- a/etc/kayobe/ansible/vault-generate-internal-tls.yml +++ b/etc/kayobe/ansible/vault-generate-internal-tls.yml @@ -54,3 +54,38 @@ dest: "{{ kayobe_env_config_path }}/kolla/certificates/ca/vault.crt" mode: "0600" delegate_to: localhost + +# NOTE(seunghun1ee): Kolla Ansible reuses internal TLS certificate when +# creating certificate for proxysql +# https://opendev.org/openstack/kolla-ansible/src/branch/stable/2025.1/ansible/roles/certificates/tasks/generate.yml#L169-L183 + - name: Generate ProxySQL certificates + when: kolla_enable_proxysql + block: + - name: Copy ProxySQL certificate + no_log: true + ansible.builtin.copy: + dest: "{{ kayobe_env_config_path }}/kolla/certificates/proxysql-cert.pem" + content: | + {{ internal_cert.data.certificate }} + {{ internal_cert.data.issuing_ca }} + mode: "0600" + delegate_to: localhost + + - name: Copy ProxySQL certificate key + no_log: true + ansible.builtin.copy: + dest: "{{ kayobe_env_config_path }}/kolla/certificates/proxysql-key.pem" + content: | + {{ internal_cert.data.private_key }} + mode: "0600" + delegate_to: localhost + +# NOTE(seunghun1ee): ProxySQL only expects root CA to be named ``root.crt`` because of +# https://opendev.org/openstack/kolla-ansible/src/branch/stable/2025.1/ansible/roles/loadbalancer/templates/proxysql/proxysql.json.j2#L36 +# Make a duplicate of ``vault.crt`` named ``root.crt`` + - name: Copy root CA for ProxySQL + ansible.builtin.copy: + src: "{{ kayobe_env_config_path }}/vault/OS-TLS-ROOT.pem" + dest: "{{ kayobe_env_config_path }}/kolla/certificates/ca/root.crt" + mode: "0600" + delegate_to: localhost diff --git a/etc/kayobe/cephadm.yml b/etc/kayobe/cephadm.yml index 64c087081..2e48ad197 100644 --- a/etc/kayobe/cephadm.yml +++ b/etc/kayobe/cephadm.yml @@ -12,7 +12,7 @@ cephadm_ceph_release: "squid" cephadm_image: "{{ stackhpc_docker_registry if stackhpc_sync_ceph_images | bool else 'quay.io' }}/ceph/ceph:{{ cephadm_image_tag }}" # Ceph container image tag. -cephadm_image_tag: "v19.2.1" +cephadm_image_tag: "v19.2.2" # HAProxy container image. cephadm_haproxy_image: "{{ stackhpc_docker_registry if stackhpc_sync_ceph_images | bool else 'quay.io' }}/ceph/haproxy:{{ cephadm_haproxy_image_tag }}" diff --git a/etc/kayobe/environments/ci-multinode/kolla/config/nova.conf b/etc/kayobe/environments/ci-multinode/kolla/config/nova.conf new file mode 100644 index 000000000..d1df062fa --- /dev/null +++ b/etc/kayobe/environments/ci-multinode/kolla/config/nova.conf @@ -0,0 +1,5 @@ +#NOTE(seunghun1ee): This needs to be set until +# https://bugs.launchpad.net/kolla-ansible/+bug/2115064 +# is fixed +[cinder] +catalog_info = block-storage::internalURL diff --git a/etc/kayobe/environments/ci-multinode/kolla/globals.yml b/etc/kayobe/environments/ci-multinode/kolla/globals.yml index 2fe551d8d..7eeaeeeb8 100644 --- a/etc/kayobe/environments/ci-multinode/kolla/globals.yml +++ b/etc/kayobe/environments/ci-multinode/kolla/globals.yml @@ -67,3 +67,10 @@ designate_forwarders_addresses: "1.1.1.1; 8.8.8.8" # Open up ports in firewalld for services on the public API network. enable_external_api_firewalld: true external_api_firewalld_zone: "{{ public_net_name | net_zone }}" + +# Test cinder cluster +cinder_cluster_name: "stackhpc_test_cinder_cluster" + +om_enable_rabbitmq_stream_fanout: true +om_rabbitmq_stream_max_segment_size_bytes: 5000 +om_rabbitmq_stream_segment_max_age: 60 diff --git a/etc/kayobe/kolla-image-tags.yml b/etc/kayobe/kolla-image-tags.yml index 77b8a8740..455614bea 100644 --- a/etc/kayobe/kolla-image-tags.yml +++ b/etc/kayobe/kolla-image-tags.yml @@ -4,5 +4,8 @@ # where the key is the OS distro and the value is the tag to deploy. kolla_image_tags: openstack: + rocky-9: 2025.1-rocky-9-20250624T160903 + ubuntu-noble: 2025.1-ubuntu-noble-20250624T160903 + bifrost: rocky-9: 2025.1-rocky-9-20250616T133037 ubuntu-noble: 2025.1-ubuntu-noble-20250613T131221 diff --git a/etc/kayobe/stackhpc.yml b/etc/kayobe/stackhpc.yml index 88cc16df6..c51c28f00 100644 --- a/etc/kayobe/stackhpc.yml +++ b/etc/kayobe/stackhpc.yml @@ -145,7 +145,7 @@ stackhpc_kolla_source_version: stackhpc/20.0.0.14 # Kolla Ansible source repository. stackhpc_kolla_ansible_source_url: "https://github.com/stackhpc/kolla-ansible" -stackhpc_kolla_ansible_source_version: stackhpc/20.0.0.3 +stackhpc_kolla_ansible_source_version: rabbitmq-stream-fix ############################################################################### # Container image registry @@ -169,7 +169,7 @@ stackhpc_enable_kayobe_check: true # Whether or not to check the installed Kolla-Ansible version when running Kayobe commands. # Default is true. -stackhpc_enable_kolla_ansible_check: true +stackhpc_enable_kolla_ansible_check: false ############################################################################### # Octavia Amphora image diff --git a/requirements.txt b/requirements.txt index 63fe6aa65..9fcd7f67b 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1,3 @@ -kayobe@git+https://github.com/stackhpc/kayobe@stackhpc/18.0.0.0rc1.2 +kayobe@git+https://github.com/stackhpc/kayobe@stackhpc/18.0.0.11 ansible-modules-hashivault>=5.2.1 jmespath