Add support for Rocky Linux

* Added support for Rocky Linux in the amphora-agent
* Amphora images for Rocky can be built when setting
  OCTAVIA_AMP_BASE_OS="rocky"
* Fixed the devstack plugin for Rocky Linux hosts

Change-Id: I41f7e2341332b9cb74b4a59fedb6eed1af3c8062
This commit is contained in:
Gregory Thiemonge 2023-02-13 02:15:40 -05:00
parent bb7c8ca2c9
commit 4e6e8f0c0e
14 changed files with 71 additions and 12 deletions

View File

@ -18,6 +18,10 @@ function octavia_install {
if ! [ "$DISABLE_AMP_IMAGE_BUILD" == 'True' ]; then
if [[ ${DISTRO} =~ (rhel|centos) ]]; then
install_package qemu-kvm
if [[ "$OCTAVIA_AMP_BASE_OS" == "rocky" ]]; then
# DIB requires podman for building rockylinux images.
install_package podman
fi
else
install_package qemu
fi
@ -134,6 +138,8 @@ function build_octavia_worker_image {
fi
sudo mkdir -m755 ${dib_logs}
sudo chown $STACK_USER ${dib_logs}
# Workaround for rockylinux images
export DIB_CONTAINERFILE_RUNTIME_ROOT=1
$OCTAVIA_DIR/diskimage-create/diskimage-create.sh -l ${dib_logs}/$(basename $OCTAVIA_AMP_IMAGE_FILE).log $octavia_dib_tracing_arg -o $OCTAVIA_AMP_IMAGE_FILE ${PARAM_OCTAVIA_AMP_BASE_OS:-} ${PARAM_OCTAVIA_AMP_DISTRIBUTION_RELEASE_ID:-} ${PARAM_OCTAVIA_AMP_IMAGE_SIZE:-} ${PARAM_OCTAVIA_AMP_IMAGE_ARCH:-} ${PARAM_OCTAVIA_AMP_DISABLE_TMP_FS:-} ${PARAM_OCTAVIA_AMP_ENABLE_FIPS:-}
fi
@ -490,8 +496,20 @@ function create_mgmt_network_interface {
fi
sudo ip link set dev o-hm0 address $MGMT_PORT_MAC
function _get_firewall () {
# The devstack CI forces the use of iptables, the openstack-INPUT table
# can be used to indicate it.
if sudo iptables -L -n -v | grep openstack-INPUT; then
echo "iptables"
elif [[ -x $(which nft 2> /dev/null) ]]; then
echo "nft"
else
echo "iptables"
fi
}
# Check if the host is using nftables, an alternative to iptables
if [ -x "$(sudo bash -c 'command -v nft')" ]; then
if [[ $(_get_firewall) == "nft" ]]; then
sudo nft add table inet octavia
sudo nft add chain inet octavia o-hm0-incoming { type filter hook input priority 0\;}
sudo nft flush chain inet octavia o-hm0-incoming

View File

@ -107,7 +107,7 @@ Command syntax:
[-f]
[-g **repository branch** | stable/train | stable/stein | ... ]
[-h]
[-i **ubuntu-minimal** | fedora | centos-minimal | rhel ]
[-i **ubuntu-minimal** | fedora | centos-minimal | rhel | rocky ]
[-k <kernel package name> ]
[-l <log file> ]
[-m]

View File

@ -28,7 +28,7 @@ usage() {
echo " [-f]"
echo " [-g **repository branch** | stable/train | stable/stein | ... ]"
echo " [-h]"
echo " [-i **ubuntu-minimal** | fedora | centos-minimal | rhel ]"
echo " [-i **ubuntu-minimal** | fedora | centos-minimal | rhel | rocky ]"
echo " [-k <kernel package name> ]"
echo " [-l <log file> ]"
echo " [-m]"
@ -150,6 +150,7 @@ while getopts "a:b:c:d:efg:hi:k:l:mno:pt:r:s:vw:xy" opt; do
[ "$AMP_BASEOS" != "fedora" ] && \
[ "$AMP_BASEOS" != "centos" ] && \
[ "$AMP_BASEOS" != "centos-minimal" ] && \
[ "$AMP_BASEOS" != "rocky" ] && \
[ "$AMP_BASEOS" != "rhel" ]; then
echo "Error: Unsupported base OS $AMP_BASEOS specified"
exit 3
@ -160,6 +161,9 @@ while getopts "a:b:c:d:efg:hi:k:l:mno:pt:r:s:vw:xy" opt; do
if [ "$AMP_BASEOS" == "centos" ]; then
AMP_BASEOS="centos-minimal"
fi
if [ "$AMP_BASEOS" == "rocky" ]; then
AMP_BASEOS="rocky-container"
fi
;;
k)
AMP_KERNEL=$OPTARG
@ -245,6 +249,8 @@ elif [ "${AMP_BASEOS}" = "centos-minimal" ]; then
export DIB_RELEASE=${AMP_DIB_RELEASE:-"9-stream"}
elif [ "${AMP_BASEOS}" = "fedora" ]; then
export DIB_RELEASE=${AMP_DIB_RELEASE:-"28"}
elif [ "${AMP_BASEOS}" = "rocky-container" ]; then
export DIB_RELEASE=${AMP_DIB_RELEASE:-"9"}
fi
AMP_OUTPUTFILENAME=${AMP_OUTPUTFILENAME:-"$PWD/amphora-x64-haproxy.qcow2"}
@ -454,7 +460,7 @@ AMP_element_sequence="$AMP_element_sequence cloud-init-datasources"
AMP_element_sequence="$AMP_element_sequence remove-default-ints"
# SELinux systems
if [ "${AMP_BASEOS}" = "centos-minimal" ] || [ "${AMP_BASEOS}" = "fedora" ] || [ "${AMP_BASEOS}" = "rhel" ]; then
if [ "${AMP_BASEOS}" = "centos-minimal" ] || [ "${AMP_BASEOS}" = "fedora" ] || [ "${AMP_BASEOS}" = "rhel" ] || [ "${AMP_BASEOS}" = "rocky-container" ]; then
if [ "$AMP_ENABLE_FULL_MAC_SECURITY" -ne 1 ]; then
AMP_element_sequence="$AMP_element_sequence selinux-permissive"
else
@ -464,7 +470,7 @@ if [ "${AMP_BASEOS}" = "centos-minimal" ] || [ "${AMP_BASEOS}" = "fedora" ] || [
fi
# Disable the dnf makecache timer
if [ "${AMP_BASEOS}" = "centos-minimal" ] || [ "${AMP_BASEOS}" = "fedora" ] || [ "${AMP_BASEOS}" = "rhel" ]; then
if [ "${AMP_BASEOS}" = "centos-minimal" ] || [ "${AMP_BASEOS}" = "fedora" ] || [ "${AMP_BASEOS}" = "rhel" ] || [ "${AMP_BASEOS}" = "rocky-container" ]; then
AMP_element_sequence="$AMP_element_sequence disable-makecache"
fi

View File

@ -41,6 +41,19 @@
"dkms": "",
"network-scripts": ""
}
},
"rocky": {
"9": {
"curl": "curl-minimal",
"isc-dhcp-client": "dhcp-client",
"python3-dev": "platform-python-devel",
"python3-venv": "",
"python3": "python39",
"vlan": "",
"screen": "",
"dkms": "",
"network-scripts": ""
}
}
},
"family": {

View File

@ -15,7 +15,7 @@ case $DISTRO_NAME in
ubuntu | debian )
apt-get --assume-yes purge --auto-remove
;;
fedora | centos* | rhel* )
fedora | centos* | rhel* | rocky )
YUM=${YUM:-yum}
${YUM} -v -y autoremove
;;

View File

@ -12,7 +12,7 @@ case $DISTRO_NAME in
echo "ERROR: $DISTRO_NAME is not supported for FIPS mode."
exit 1
;;
fedora | centos* | rhel* )
fedora | centos* | rhel* | rocky )
DIB_DRACUT_ENABLED_MODULES+="
- name: fips
"

View File

@ -12,7 +12,7 @@ case $DISTRO_NAME in
echo "ERROR: $DISTRO_NAME is not supported for FIPS mode."
exit 1
;;
fedora | centos* | rhel* )
fedora | centos* | rhel* | rocky )
update-crypto-policies --no-reload --set FIPS
;;
*)

View File

@ -23,7 +23,7 @@ fi
set -euo pipefail
case $DISTRO_NAME in
ubuntu | debian | fedora | centos* | rhel* )
ubuntu | debian | fedora | centos* | rhel* | rocky )
DIB_BOOTLOADER_DEFAULT_CMDLINE+=" irqaffinity=0"
# This will be ignored on single vCPU systems
DIB_BOOTLOADER_DEFAULT_CMDLINE+=" isolcpus=1-N"

View File

@ -8,7 +8,7 @@ set -eu
set -o pipefail
case $DISTRO_NAME in
fedora | centos* | rhel* )
fedora | centos* | rhel* | rocky )
systemctl disable dnf-makecache.timer || true
;;
*)

View File

@ -7,7 +7,7 @@ case $DISTRO_NAME in
ubuntu | debian )
HAPROXY_USER_GROUP=nogroup
;;
fedora | centos* | rhel* )
fedora | centos* | rhel* | rocky )
HAPROXY_USER_GROUP=haproxy
;;
*)

View File

@ -115,7 +115,7 @@ class RH(BaseOS):
@classmethod
def is_os_name(cls, os_name):
return os_name in ['fedora', 'rhel']
return os_name in ['fedora', 'rhel', 'rocky']
def cmd_get_version_of_installed_package(self, package_name):
name = self._map_package_name(package_name)

View File

@ -50,6 +50,7 @@
- qemu-kvm
- python3-setuptools
- yum
- podman
when:
- ansible_os_family == 'RedHat'
- name: Install required pip packages

View File

@ -0,0 +1,8 @@
---
features:
- |
Added support for Rocky Linux controllers in devstack.
- |
Added support for Rocky Linux amphora images. To enable it, users have to
build their amphora images with the ``OCTAVIA_AMP_BASE_OS=rocky`` and
``OCTAVIA_AMP_DISTRIBUTION_RELEASE_ID=9`` parameters.

View File

@ -182,6 +182,19 @@
amphora_os: centos
amphora_os_release: 9-stream
- job:
name: octavia-amphora-image-build-live-rocky-9
parent: octavia-amphora-image-build
nodeset: centos-9-stream
description: |
Builds a Rocky Linux 9 amphora image using diskimage-builder from Git
master. This job does not publish the image.
required-projects:
- openstack/diskimage-builder
vars:
amphora_os: rocky
amphora_os_release: 9
- job:
name: octavia-v2-dsvm-scenario-nftables
parent: octavia-v2-dsvm-scenario