From 0883532434fff341c444d8fce8e28fcff3f5e769 Mon Sep 17 00:00:00 2001 From: Michal Nasiadka Date: Tue, 27 Sep 2022 10:18:01 +0000 Subject: [PATCH] Add RockyLinux 9 support Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/859570 Change-Id: I7af51d07b8a939c908aa072294061def57dd67de --- .zuul.d/base.yaml | 12 ++++ .zuul.d/rocky.yaml | 66 +++++++++++++++++++ docker/base/Dockerfile.j2 | 19 ++---- docker/base/httpd_setup.sh | 4 +- docker/ironic/ironic-pxe/extend_start.sh | 6 +- docker/neutron/neutron-base/extend_start.sh | 2 +- kolla/common/config.py | 4 +- kolla/image/build.py | 13 +++- kolla/template/repos.yaml | 38 +++++++++++ .../notes/rockylinux9-1f004ab9b3b2e096.yaml | 4 ++ tests/templates/template_overrides.j2 | 35 +++++----- 11 files changed, 162 insertions(+), 41 deletions(-) create mode 100644 .zuul.d/rocky.yaml create mode 100644 releasenotes/notes/rockylinux9-1f004ab9b3b2e096.yaml diff --git a/.zuul.d/base.yaml b/.zuul.d/base.yaml index bca6f1dff5..59855222ef 100644 --- a/.zuul.d/base.yaml +++ b/.zuul.d/base.yaml @@ -60,6 +60,12 @@ - name: primary label: centos-9-stream +- nodeset: + name: kolla-rockylinux-9 + nodes: + - name: primary + label: rockylinux-9 + - nodeset: name: kolla-ubuntu-jammy nodes: @@ -84,6 +90,12 @@ - name: primary label: debian-bullseye-arm64 +- nodeset: + name: kolla-rockylinux-9-aarch64 + nodes: + - name: primary + label: rockylinux-9-arm64 + - nodeset: name: kolla-ubuntu-jammy-aarch64 nodes: diff --git a/.zuul.d/rocky.yaml b/.zuul.d/rocky.yaml new file mode 100644 index 0000000000..2a43b354fb --- /dev/null +++ b/.zuul.d/rocky.yaml @@ -0,0 +1,66 @@ +--- +- project: + check: + jobs: + - kolla-build-rocky9 + - kolla-ansible-rocky9-source: + vars: + base_distro: "rocky" + kolla_python_version: "3.9" + check-arm64: + jobs: + - kolla-build-rocky9-aarch64 + gate: + jobs: + - kolla-build-rocky9 + - kolla-ansible-rocky9-source: + vars: + base_distro: "rocky" + kolla_python_version: "3.9" + experimental: + jobs: + - kolla-build-no-infra-wheels-rocky9 + +- job: + name: kolla-build-rocky9 + parent: kolla-base + nodeset: kolla-rockylinux-9 + vars: + base_distro: rocky + base_distro_version: 9 + +- job: + name: kolla-build-rocky9-aarch64 + parent: kolla-build-rocky9 + nodeset: kolla-rockylinux-9-aarch64 + voting: false + +- job: + name: kolla-build-no-infra-wheels-rocky9 + parent: kolla-build-no-infra-wheels-base + nodeset: kolla-rockylinux-9 + vars: + base_distro: rocky + base_distro_version: 9 + +- job: + name: kolla-publish-rocky9-dockerhub + parent: kolla-build-rocky9 + post-run: tests/playbooks/publish.yml + vars: + publisher: true + kolla_registry: dockerhub + kolla_namespace: kolla + secrets: + - kolla_dockerhub_creds + +- job: + name: kolla-publish-rocky9-quay + parent: kolla-build-rocky9 + post-run: tests/playbooks/publish.yml + vars: + publisher: true + kolla_registry: quay.io + kolla_namespace: openstack.kolla + secrets: + - kolla_quay_io_creds diff --git a/docker/base/Dockerfile.j2 b/docker/base/Dockerfile.j2 index 2531b24a85..11997c5830 100644 --- a/docker/base/Dockerfile.j2 +++ b/docker/base/Dockerfile.j2 @@ -69,6 +69,7 @@ Repo files not available for CentOS Stream 9: #} {% set base_yum_repo_files = [ 'grafana.repo', + 'influxdb.repo', 'mariadb.repo', 'rabbitmq_rabbitmq-server.repo', 'td.repo', @@ -86,19 +87,16 @@ SHA1 keys are not supported in RHEL9: https://github.com/rpm-software-management 'https://downloads.mariadb.com/MariaDB/RPM-GPG-KEY-MariaDB', 'https://packages.treasuredata.com/GPG-KEY-td-agent', 'https://github.com/rabbitmq/signing-keys/releases/download/2.0/rabbitmq-release-signing-key.asc', + 'https://repos.influxdata.com/influxdb.key', ] %} {% if base_arch == 'x86_64' %} {% set base_yum_repo_files = base_yum_repo_files + [ - 'influxdb.repo', 'rabbitmq_rabbitmq-erlang.repo', ] %} # FIXME(mgoddard): Not available for CentOS 8 yet. # 'crmsh.repo', - {% set base_yum_repo_keys = base_yum_repo_keys + [ - 'https://repos.influxdata.com/influxdb.key', - ] %} {% elif base_arch == 'aarch64' %} {# Repo files not available for CentOS Stream 9: @@ -151,8 +149,6 @@ RUN rm -f /etc/rpm/macros.image-language-conf \ {% block base_centos_repo_overrides_post_rpm %}{% endblock %} - {% if base_distro == 'centos' %} - {% block base_centos_gpg_key_import %} {% endblock %} @@ -187,13 +183,10 @@ RUN rm -f /etc/rpm/macros.image-language-conf \ 'centos9-rabbitmq', 'centos9-storage', 'epel', + 'influxdb', ] %} -{% if base_arch == 'x86_64' %} - {% set base_centos_yum_repos_to_disable = base_centos_yum_repos_to_disable + [ - 'influxdb', - ] %} -{% elif base_arch == 'aarch64' %} +{% if base_arch == 'aarch64' %} {# NOTE(hrw): delorean-deps.repo may force x86-64 repos #} @@ -211,9 +204,6 @@ RUN {{ macros.install_packages(base_centos_yum_repo_packages | customizable("cen {% block base_centos_repo_overrides_post_yum %}{% endblock -%} && {{ macros.rpm_security_update(clean_package_cache) }} - {%- endif %} - {# Endif for base_distro centos #} - #### END REPO ENABLEMENT {# We are back to the basic if conditional here which is: @@ -224,6 +214,7 @@ RUN {{ macros.install_packages(base_centos_yum_repo_packages | customizable("cen {# NOTE(hrw): CentOS Stream 9 has curl-minimal, Rocky Linux 9 has curl so we do not install any #} {% set base_centos_packages = [ 'ca-certificates', + 'crypto-policies-scripts', 'dumb-init', 'findutils', 'hostname', diff --git a/docker/base/httpd_setup.sh b/docker/base/httpd_setup.sh index fe627652b1..3dbf84853e 100644 --- a/docker/base/httpd_setup.sh +++ b/docker/base/httpd_setup.sh @@ -19,12 +19,12 @@ if [[ "$(whoami)" == 'root' ]]; then rm -rf /var/run/httpd/* /run/httpd/* /tmp/httpd* fi - # CentOS 8 has an issue with mod_ssl which produces an invalid Apache + # CentOS/Rocky have an issue with mod_ssl which produces an invalid Apache # configuration in /etc/httpd/conf.d/ssl.conf. This causes the following error # on startup: # SSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt' does not exist or is empty # Work around this by generating certificates manually. - if [[ ${KOLLA_BASE_DISTRO} = centos ]] && [[ ! -e /etc/pki/tls/certs/localhost.crt ]]; then + if [[ "${KOLLA_BASE_DISTRO}" =~ centos|rocky ]] && [[ ! -e /etc/pki/tls/certs/localhost.crt ]]; then /usr/libexec/httpd-ssl-gencerts fi fi diff --git a/docker/ironic/ironic-pxe/extend_start.sh b/docker/ironic/ironic-pxe/extend_start.sh index f82d6c3c7d..155fbf760b 100644 --- a/docker/ironic/ironic-pxe/extend_start.sh +++ b/docker/ironic/ironic-pxe/extend_start.sh @@ -7,7 +7,7 @@ function prepare_pxe_pxelinux { cp /usr/lib/PXELINUX/pxelinux.0 \ /usr/lib/syslinux/modules/bios/{chain.c32,ldlinux.c32} \ ${TFTPBOOT_PATH}/ - elif [[ "${KOLLA_BASE_DISTRO}" =~ centos ]]; then + elif [[ "${KOLLA_BASE_DISTRO}" =~ centos|rocky ]]; then if [[ "${TFTPBOOT_PATH}" != /tftpboot ]]; then cp /tftpboot/{pxelinux.0,chain.c32,ldlinux.c32} \ ${TFTPBOOT_PATH}/ @@ -20,7 +20,7 @@ function prepare_pxe_grub { if [[ "${KOLLA_BASE_DISTRO}" =~ debian|ubuntu ]]; then shim_src_file="/usr/lib/shim/shim*64.efi.signed" grub_src_file="/usr/lib/grub/*-efi-signed/grubnet*64.efi.signed" - elif [[ "${KOLLA_BASE_DISTRO}" =~ centos ]]; then + elif [[ "${KOLLA_BASE_DISTRO}" =~ centos|rocky ]]; then shim_src_file="/boot/efi/EFI/centos/shim*64.efi" grub_src_file="/boot/efi/EFI/centos/grub*64.efi" fi @@ -51,7 +51,7 @@ function prepare_ipxe { elif [[ ! -e ${TFTPBOOT_PATH}/snponly.efi ]]; then ln -s ${TFTPBOOT_PATH}/ipxe.efi ${TFTPBOOT_PATH}/snponly.efi fi - elif [[ "${KOLLA_BASE_DISTRO}" =~ centos ]]; then + elif [[ "${KOLLA_BASE_DISTRO}" =~ centos|rocky ]]; then cp /usr/share/ipxe/{undionly.kpxe,ipxe*.efi} ${TFTPBOOT_PATH}/ if [[ ! -e ${TFTPBOOT_PATH}/ipxe.efi ]]; then ln -s ${TFTPBOOT_PATH}/ipxe-${KOLLA_BASE_ARCH}.efi ${TFTPBOOT_PATH}/ipxe.efi diff --git a/docker/neutron/neutron-base/extend_start.sh b/docker/neutron/neutron-base/extend_start.sh index c560cedf88..e2a2dfca44 100644 --- a/docker/neutron/neutron-base/extend_start.sh +++ b/docker/neutron/neutron-base/extend_start.sh @@ -14,7 +14,7 @@ fi # so no need to even use u-a on RHEL 9 family as there is one provider # (and there is no u-a for ip6tables so script fails) -if [[ ${KOLLA_BASE_DISTRO} != "centos" ]]; then +if [[ ! ${KOLLA_BASE_DISTRO} =~ centos|rocky ]]; then if /usr/bin/update-alternatives --display iptables; then # NOTE(yoctozepto): Kolla-Ansible does not always set KOLLA_LEGACY_IPTABLES; # the workaround below ensures it gets set to `false` in such cases to fix diff --git a/kolla/common/config.py b/kolla/common/config.py index d6b5e1e0fc..06aa7a731b 100755 --- a/kolla/common/config.py +++ b/kolla/common/config.py @@ -21,17 +21,19 @@ from kolla.common.users import USERS from kolla.version import version_info as version -BASE_OS_DISTRO = ['centos', 'debian', 'ubuntu'] +BASE_OS_DISTRO = ['centos', 'debian', 'rocky', 'ubuntu'] BASE_ARCH = ['x86_64', 'aarch64'] DEFAULT_BASE_TAGS = { 'centos': {'name': 'quay.io/centos/centos', 'tag': 'stream9'}, 'debian': {'name': 'debian', 'tag': 'bullseye'}, + 'rocky': {'name': 'quay.io/rockylinux/rockylinux', 'tag': '9'}, 'ubuntu': {'name': 'ubuntu', 'tag': '22.04'}, } # NOTE(hrw): has to match PRETTY_NAME in /etc/os-release DISTRO_PRETTY_NAME = { 'centos': 'CentOS Stream 9', 'debian': 'Debian GNU/Linux 11 (bullseye)', + 'rocky': 'Rocky Linux 9.0 (Blue Onyx)', 'ubuntu': 'Ubuntu 22.04', } OPENSTACK_RELEASE = 'master' diff --git a/kolla/image/build.py b/kolla/image/build.py index b0c8280364..62a00a93f4 100755 --- a/kolla/image/build.py +++ b/kolla/image/build.py @@ -104,6 +104,17 @@ UNBUILDABLE_IMAGES = { 'debian': { }, + 'rocky': { + "elasticsearch", # SHA1 gpg key + "hacluster-pcs", # Missing crmsh package + "kibana", # SHA1 gpg key + "logstash", # SHA1 gpg key + "nova-spicehtml5proxy", # Missing spicehtml5 package + "ovsdpdk", # Not supported on CentOS + "proxysql", # no binary package + "tgtd", # Not supported on CentOS + }, + 'ubuntu': { "collectd", # Missing collectd-core package "telegraf", # Missing collectd-core package @@ -629,7 +640,7 @@ class KollaWorker(object): conf.rpm_setup_config if repo_file is not None]) self.rpm_setup = self.build_rpm_setup(rpm_setup_config) - if self.base in ['centos']: + if self.base in ['centos', 'rocky']: self.conf.distro_python_version = "3.9" self.distro_package_manager = 'dnf' self.base_package_type = 'rpm' diff --git a/kolla/template/repos.yaml b/kolla/template/repos.yaml index 867090c4b3..e3a6285997 100644 --- a/kolla/template/repos.yaml +++ b/kolla/template/repos.yaml @@ -135,6 +135,44 @@ debian-aarch64: component: "" gpg_key: "proxysql.asc" +rocky: + ceph: "centos-ceph-quincy" + crb: "crb" + elasticsearch: "elasticsearch-kibana-logstash-7.x" + epel: "epel" + erlang: "rabbitmq_rabbitmq-erlang" + extras: "extras" + grafana: "grafana" + hacluster: "highavailability" + influxdb: "influxdb" + kibana: "elasticsearch-kibana-logstash-7.x" + logstash: "elasticsearch-kibana-logstash-7.x" + mariadb: "mariadb" + openvswitch: "centos-nfv-openvswitch" + opstools: "centos-opstools" + proxysql: "proxysql" + rabbitmq: "rabbitmq_rabbitmq-server" + td-agent: "treasuredata" + +rocky-aarch64: + ceph: "centos-ceph-quincy" + crb: "crb" + elasticsearch: "elasticsearch-kibana-logstash-7.x" + epel: "epel" + erlang: "centos-rabbitmq-38" + extras: "extras" + grafana: "grafana" + influxdb: "influxdb" + hacluster: "highavailability" + kibana: "elasticsearch-kibana-logstash-7.x" + logstash: "elasticsearch-kibana-logstash-7.x" + mariadb: "mariadb" + openvswitch: "centos-nfv-openvswitch" + opstools: "centos-opstools" + proxysql: "proxysql" + rabbitmq: "rabbitmq_rabbitmq-server" + td-agent: "treasuredata" + ubuntu: elasticsearch: url: "https://artifacts.elastic.co/packages/oss-7.x/apt" diff --git a/releasenotes/notes/rockylinux9-1f004ab9b3b2e096.yaml b/releasenotes/notes/rockylinux9-1f004ab9b3b2e096.yaml new file mode 100644 index 0000000000..0cec9cb7d4 --- /dev/null +++ b/releasenotes/notes/rockylinux9-1f004ab9b3b2e096.yaml @@ -0,0 +1,4 @@ +--- +features: + - | + Adds Rocky Linux 9 support. diff --git a/tests/templates/template_overrides.j2 b/tests/templates/template_overrides.j2 index 932917c3c4..96bf682b0a 100644 --- a/tests/templates/template_overrides.j2 +++ b/tests/templates/template_overrides.j2 @@ -16,7 +16,11 @@ RUN echo registry={{ nodepool_npmjs_proxy }} > /etc/npmrc \ {% raw %} {% endblock %} +{% endraw %} +{% if base_distro == 'centos' %} + +{% raw %} {% block base_centos_repo_overrides_post_copy %} {% endraw %} @@ -51,29 +55,30 @@ RUN sed -i \ -e "s|^\(metalink.*\)|#\1|" \ -e "s|^#baseurl=http://download.example/pub|baseurl=http://{{ nodepool_mirror_host }}|" \ -e "s|^#baseurl=https://download.example/pub|baseurl=http://{{ nodepool_mirror_host }}|" \ - /etc/yum.repos.d/epel*.repo + /etc/yum.repos.d/epel*.repo \ {%- raw -%} {% endblock %} - -{% block base_debian_after_sources_list %} -{% if base_distro == "debian" %} {% endraw %} +{% endif %} + +{% raw %} +{% block base_debian_after_sources_list %} +{% endraw %} +{% if base_distro == "debian" %} RUN sed -i -e "s|http://deb.debian.org|[trusted=yes] http://{{ nodepool_mirror_host }}|" \ -e "s|http://security.debian.org|[trusted=yes] http://{{ nodepool_mirror_host }}|" \ /etc/apt/sources.list -{% raw %} {% elif base_distro == "ubuntu" %} -{% endraw %} RUN sed -i -e "s|mirror://mirrors.ubuntu.com/mirrors.txt|[trusted=yes] http://{{ nodepool_mirror_host }}/ubuntu/|" \ -e "s|http://ubuntu-cloud.archive.canonical.com/ubuntu|[trusted=yes] http://{{ nodepool_mirror_host }}/ubuntu-cloud-archive|" \ -e "s|http://ports.ubuntu.com|[trusted=yes] http://{{ nodepool_mirror_host }}/ubuntu-ports|" \ /etc/apt/sources.list -{% raw %} {% endif %} +{% raw %} {% endblock %} {# Revert to upstream mirrors after build is complete #} @@ -92,13 +97,11 @@ RUN if [ -f /usr/etc/npmrc ]; then \ fi \ && rm -f /etc/npmrc -{% raw %} -{% if base_package_type == 'rpm' %} -{% endraw %} +{% if base_distro == 'centos' %} RUN sed -i \ -e "s|^#\(mirrorlist.*\)|\1|" \ -e "s|^baseurl=http://{{ nodepool_mirror_host }}|#baseurl=http://mirror.centos.org|" \ - /etc/yum.repos.d/CentOS-*.repo \ + /etc/yum.repos.d/centos*.repo \ && sed -i \ -e "s|{{ nodepool_rdo_proxy }}|https://trunk.rdoproject.org|g" \ /etc/yum.repos.d/delorean*.repo \ @@ -106,22 +109,16 @@ RUN sed -i \ -e "s|^#\(metalink.*\)|\1|" \ -e "s|^baseurl=http://{{ nodepool_mirror_host }}|#baseurl=http://download.example/pub|" \ /etc/yum.repos.d/epel*.repo -{% raw %} -{% elif base_package_type == 'deb' %} -{% if base_distro == "debian" %} -{% endraw %} +{% elif base_distro == "debian" %} RUN sed -i -e "s|\[trusted=yes\] http://{{ nodepool_mirror_host }}|http://deb.debian.org|" \ -e "s|\[trusted=yes\] http://{{ nodepool_mirror_host }}|http://security.debian.org|" \ /etc/apt/sources.list -{% raw %} {% elif base_distro == "ubuntu" %} -{% endraw %} RUN sed -i -e "s|\[trusted=yes\] http://{{ nodepool_mirror_host }}/ubuntu/|mirror://mirrors.ubuntu.com/mirrors.txt|" \ -e "s|\[trusted=yes\] http://{{ nodepool_mirror_host }}/ubuntu-cloud-archive|http://ubuntu-cloud.archive.canonical.com/ubuntu|" \ -e "s|\[trusted=yes\] http://{{ nodepool_mirror_host }}/ubuntu-ports|http://ports.ubuntu.com|" \ /etc/apt/sources.list +{% endif %} {% raw %} -{% endif %} -{% endif %} {% endblock %} {% endraw %}