From 4e6e8f0c0e6db892f5f60437541531f84aabc7cb Mon Sep 17 00:00:00 2001 From: Gregory Thiemonge Date: Mon, 13 Feb 2023 02:15:40 -0500 Subject: [PATCH] Add support for Rocky Linux * Added support for Rocky Linux in the amphora-agent * Amphora images for Rocky can be built when setting OCTAVIA_AMP_BASE_OS="rocky" * Fixed the devstack plugin for Rocky Linux hosts Change-Id: I41f7e2341332b9cb74b4a59fedb6eed1af3c8062 --- devstack/plugin.sh | 20 ++++++++++++++++++- diskimage-create/README.rst | 2 +- diskimage-create/diskimage-create.sh | 12 ++++++++--- elements/amphora-agent/pkg-map | 13 ++++++++++++ .../post-install.d/90-remove-build-deps | 2 +- .../amphora-fips/environment.d/95-enable-fips | 2 +- .../post-install.d/10-enable-fips | 2 +- .../environment.d/80-kernel-cpu-affinity | 2 +- .../post-install.d/80-disable-makecache | 2 +- .../20-haproxy-user-group-config | 2 +- .../backends/agent/api_server/osutils.py | 2 +- playbooks/image-build/run.yaml | 1 + ...d-rockylinux-support-ac6e410b979e622e.yaml | 8 ++++++++ zuul.d/jobs.yaml | 13 ++++++++++++ 14 files changed, 71 insertions(+), 12 deletions(-) create mode 100644 releasenotes/notes/add-rockylinux-support-ac6e410b979e622e.yaml diff --git a/devstack/plugin.sh b/devstack/plugin.sh index d6b0048291..3c86a9c5de 100644 --- a/devstack/plugin.sh +++ b/devstack/plugin.sh @@ -18,6 +18,10 @@ function octavia_install { if ! [ "$DISABLE_AMP_IMAGE_BUILD" == 'True' ]; then if [[ ${DISTRO} =~ (rhel|centos) ]]; then install_package qemu-kvm + if [[ "$OCTAVIA_AMP_BASE_OS" == "rocky" ]]; then + # DIB requires podman for building rockylinux images. + install_package podman + fi else install_package qemu fi @@ -134,6 +138,8 @@ function build_octavia_worker_image { fi sudo mkdir -m755 ${dib_logs} sudo chown $STACK_USER ${dib_logs} + # Workaround for rockylinux images + export DIB_CONTAINERFILE_RUNTIME_ROOT=1 $OCTAVIA_DIR/diskimage-create/diskimage-create.sh -l ${dib_logs}/$(basename $OCTAVIA_AMP_IMAGE_FILE).log $octavia_dib_tracing_arg -o $OCTAVIA_AMP_IMAGE_FILE ${PARAM_OCTAVIA_AMP_BASE_OS:-} ${PARAM_OCTAVIA_AMP_DISTRIBUTION_RELEASE_ID:-} ${PARAM_OCTAVIA_AMP_IMAGE_SIZE:-} ${PARAM_OCTAVIA_AMP_IMAGE_ARCH:-} ${PARAM_OCTAVIA_AMP_DISABLE_TMP_FS:-} ${PARAM_OCTAVIA_AMP_ENABLE_FIPS:-} fi @@ -490,8 +496,20 @@ function create_mgmt_network_interface { fi sudo ip link set dev o-hm0 address $MGMT_PORT_MAC + function _get_firewall () { + # The devstack CI forces the use of iptables, the openstack-INPUT table + # can be used to indicate it. + if sudo iptables -L -n -v | grep openstack-INPUT; then + echo "iptables" + elif [[ -x $(which nft 2> /dev/null) ]]; then + echo "nft" + else + echo "iptables" + fi + } + # Check if the host is using nftables, an alternative to iptables - if [ -x "$(sudo bash -c 'command -v nft')" ]; then + if [[ $(_get_firewall) == "nft" ]]; then sudo nft add table inet octavia sudo nft add chain inet octavia o-hm0-incoming { type filter hook input priority 0\;} sudo nft flush chain inet octavia o-hm0-incoming diff --git a/diskimage-create/README.rst b/diskimage-create/README.rst index 7499ca1ec9..45c011bcd6 100644 --- a/diskimage-create/README.rst +++ b/diskimage-create/README.rst @@ -107,7 +107,7 @@ Command syntax: [-f] [-g **repository branch** | stable/train | stable/stein | ... ] [-h] - [-i **ubuntu-minimal** | fedora | centos-minimal | rhel ] + [-i **ubuntu-minimal** | fedora | centos-minimal | rhel | rocky ] [-k ] [-l ] [-m] diff --git a/diskimage-create/diskimage-create.sh b/diskimage-create/diskimage-create.sh index 86e2cea607..6f745acaea 100755 --- a/diskimage-create/diskimage-create.sh +++ b/diskimage-create/diskimage-create.sh @@ -28,7 +28,7 @@ usage() { echo " [-f]" echo " [-g **repository branch** | stable/train | stable/stein | ... ]" echo " [-h]" - echo " [-i **ubuntu-minimal** | fedora | centos-minimal | rhel ]" + echo " [-i **ubuntu-minimal** | fedora | centos-minimal | rhel | rocky ]" echo " [-k ]" echo " [-l ]" echo " [-m]" @@ -150,6 +150,7 @@ while getopts "a:b:c:d:efg:hi:k:l:mno:pt:r:s:vw:xy" opt; do [ "$AMP_BASEOS" != "fedora" ] && \ [ "$AMP_BASEOS" != "centos" ] && \ [ "$AMP_BASEOS" != "centos-minimal" ] && \ + [ "$AMP_BASEOS" != "rocky" ] && \ [ "$AMP_BASEOS" != "rhel" ]; then echo "Error: Unsupported base OS $AMP_BASEOS specified" exit 3 @@ -160,6 +161,9 @@ while getopts "a:b:c:d:efg:hi:k:l:mno:pt:r:s:vw:xy" opt; do if [ "$AMP_BASEOS" == "centos" ]; then AMP_BASEOS="centos-minimal" fi + if [ "$AMP_BASEOS" == "rocky" ]; then + AMP_BASEOS="rocky-container" + fi ;; k) AMP_KERNEL=$OPTARG @@ -245,6 +249,8 @@ elif [ "${AMP_BASEOS}" = "centos-minimal" ]; then export DIB_RELEASE=${AMP_DIB_RELEASE:-"9-stream"} elif [ "${AMP_BASEOS}" = "fedora" ]; then export DIB_RELEASE=${AMP_DIB_RELEASE:-"28"} +elif [ "${AMP_BASEOS}" = "rocky-container" ]; then + export DIB_RELEASE=${AMP_DIB_RELEASE:-"9"} fi AMP_OUTPUTFILENAME=${AMP_OUTPUTFILENAME:-"$PWD/amphora-x64-haproxy.qcow2"} @@ -454,7 +460,7 @@ AMP_element_sequence="$AMP_element_sequence cloud-init-datasources" AMP_element_sequence="$AMP_element_sequence remove-default-ints" # SELinux systems -if [ "${AMP_BASEOS}" = "centos-minimal" ] || [ "${AMP_BASEOS}" = "fedora" ] || [ "${AMP_BASEOS}" = "rhel" ]; then +if [ "${AMP_BASEOS}" = "centos-minimal" ] || [ "${AMP_BASEOS}" = "fedora" ] || [ "${AMP_BASEOS}" = "rhel" ] || [ "${AMP_BASEOS}" = "rocky-container" ]; then if [ "$AMP_ENABLE_FULL_MAC_SECURITY" -ne 1 ]; then AMP_element_sequence="$AMP_element_sequence selinux-permissive" else @@ -464,7 +470,7 @@ if [ "${AMP_BASEOS}" = "centos-minimal" ] || [ "${AMP_BASEOS}" = "fedora" ] || [ fi # Disable the dnf makecache timer -if [ "${AMP_BASEOS}" = "centos-minimal" ] || [ "${AMP_BASEOS}" = "fedora" ] || [ "${AMP_BASEOS}" = "rhel" ]; then +if [ "${AMP_BASEOS}" = "centos-minimal" ] || [ "${AMP_BASEOS}" = "fedora" ] || [ "${AMP_BASEOS}" = "rhel" ] || [ "${AMP_BASEOS}" = "rocky-container" ]; then AMP_element_sequence="$AMP_element_sequence disable-makecache" fi diff --git a/elements/amphora-agent/pkg-map b/elements/amphora-agent/pkg-map index 16a6014773..02b5d062a9 100644 --- a/elements/amphora-agent/pkg-map +++ b/elements/amphora-agent/pkg-map @@ -41,6 +41,19 @@ "dkms": "", "network-scripts": "" } + }, + "rocky": { + "9": { + "curl": "curl-minimal", + "isc-dhcp-client": "dhcp-client", + "python3-dev": "platform-python-devel", + "python3-venv": "", + "python3": "python39", + "vlan": "", + "screen": "", + "dkms": "", + "network-scripts": "" + } } }, "family": { diff --git a/elements/amphora-agent/post-install.d/90-remove-build-deps b/elements/amphora-agent/post-install.d/90-remove-build-deps index 1e10e23f33..0858385ff3 100755 --- a/elements/amphora-agent/post-install.d/90-remove-build-deps +++ b/elements/amphora-agent/post-install.d/90-remove-build-deps @@ -15,7 +15,7 @@ case $DISTRO_NAME in ubuntu | debian ) apt-get --assume-yes purge --auto-remove ;; - fedora | centos* | rhel* ) + fedora | centos* | rhel* | rocky ) YUM=${YUM:-yum} ${YUM} -v -y autoremove ;; diff --git a/elements/amphora-fips/environment.d/95-enable-fips b/elements/amphora-fips/environment.d/95-enable-fips index 88b48c8f74..83f7858117 100755 --- a/elements/amphora-fips/environment.d/95-enable-fips +++ b/elements/amphora-fips/environment.d/95-enable-fips @@ -12,7 +12,7 @@ case $DISTRO_NAME in echo "ERROR: $DISTRO_NAME is not supported for FIPS mode." exit 1 ;; - fedora | centos* | rhel* ) + fedora | centos* | rhel* | rocky ) DIB_DRACUT_ENABLED_MODULES+=" - name: fips " diff --git a/elements/amphora-fips/post-install.d/10-enable-fips b/elements/amphora-fips/post-install.d/10-enable-fips index 1579a1210d..33fa1456ec 100755 --- a/elements/amphora-fips/post-install.d/10-enable-fips +++ b/elements/amphora-fips/post-install.d/10-enable-fips @@ -12,7 +12,7 @@ case $DISTRO_NAME in echo "ERROR: $DISTRO_NAME is not supported for FIPS mode." exit 1 ;; - fedora | centos* | rhel* ) + fedora | centos* | rhel* | rocky ) update-crypto-policies --no-reload --set FIPS ;; *) diff --git a/elements/cpu-pinning/environment.d/80-kernel-cpu-affinity b/elements/cpu-pinning/environment.d/80-kernel-cpu-affinity index 76bcf2f55e..24e1c23ef7 100644 --- a/elements/cpu-pinning/environment.d/80-kernel-cpu-affinity +++ b/elements/cpu-pinning/environment.d/80-kernel-cpu-affinity @@ -23,7 +23,7 @@ fi set -euo pipefail case $DISTRO_NAME in - ubuntu | debian | fedora | centos* | rhel* ) + ubuntu | debian | fedora | centos* | rhel* | rocky ) DIB_BOOTLOADER_DEFAULT_CMDLINE+=" irqaffinity=0" # This will be ignored on single vCPU systems DIB_BOOTLOADER_DEFAULT_CMDLINE+=" isolcpus=1-N" diff --git a/elements/disable-makecache/post-install.d/80-disable-makecache b/elements/disable-makecache/post-install.d/80-disable-makecache index 32aafd439b..f8445f7f86 100755 --- a/elements/disable-makecache/post-install.d/80-disable-makecache +++ b/elements/disable-makecache/post-install.d/80-disable-makecache @@ -8,7 +8,7 @@ set -eu set -o pipefail case $DISTRO_NAME in - fedora | centos* | rhel* ) + fedora | centos* | rhel* | rocky ) systemctl disable dnf-makecache.timer || true ;; *) diff --git a/elements/haproxy-octavia/post-install.d/20-haproxy-user-group-config b/elements/haproxy-octavia/post-install.d/20-haproxy-user-group-config index 0fb982540a..290158ea9a 100755 --- a/elements/haproxy-octavia/post-install.d/20-haproxy-user-group-config +++ b/elements/haproxy-octavia/post-install.d/20-haproxy-user-group-config @@ -7,7 +7,7 @@ case $DISTRO_NAME in ubuntu | debian ) HAPROXY_USER_GROUP=nogroup ;; - fedora | centos* | rhel* ) + fedora | centos* | rhel* | rocky ) HAPROXY_USER_GROUP=haproxy ;; *) diff --git a/octavia/amphorae/backends/agent/api_server/osutils.py b/octavia/amphorae/backends/agent/api_server/osutils.py index d4cca5ad56..6693d63ec6 100644 --- a/octavia/amphorae/backends/agent/api_server/osutils.py +++ b/octavia/amphorae/backends/agent/api_server/osutils.py @@ -115,7 +115,7 @@ class RH(BaseOS): @classmethod def is_os_name(cls, os_name): - return os_name in ['fedora', 'rhel'] + return os_name in ['fedora', 'rhel', 'rocky'] def cmd_get_version_of_installed_package(self, package_name): name = self._map_package_name(package_name) diff --git a/playbooks/image-build/run.yaml b/playbooks/image-build/run.yaml index 9d49fc65a3..a19afe05ac 100644 --- a/playbooks/image-build/run.yaml +++ b/playbooks/image-build/run.yaml @@ -50,6 +50,7 @@ - qemu-kvm - python3-setuptools - yum + - podman when: - ansible_os_family == 'RedHat' - name: Install required pip packages diff --git a/releasenotes/notes/add-rockylinux-support-ac6e410b979e622e.yaml b/releasenotes/notes/add-rockylinux-support-ac6e410b979e622e.yaml new file mode 100644 index 0000000000..49cdf0cafe --- /dev/null +++ b/releasenotes/notes/add-rockylinux-support-ac6e410b979e622e.yaml @@ -0,0 +1,8 @@ +--- +features: + - | + Added support for Rocky Linux controllers in devstack. + - | + Added support for Rocky Linux amphora images. To enable it, users have to + build their amphora images with the ``OCTAVIA_AMP_BASE_OS=rocky`` and + ``OCTAVIA_AMP_DISTRIBUTION_RELEASE_ID=9`` parameters. diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml index f22ab89f47..9d64fd0c46 100644 --- a/zuul.d/jobs.yaml +++ b/zuul.d/jobs.yaml @@ -182,6 +182,19 @@ amphora_os: centos amphora_os_release: 9-stream +- job: + name: octavia-amphora-image-build-live-rocky-9 + parent: octavia-amphora-image-build + nodeset: centos-9-stream + description: | + Builds a Rocky Linux 9 amphora image using diskimage-builder from Git + master. This job does not publish the image. + required-projects: + - openstack/diskimage-builder + vars: + amphora_os: rocky + amphora_os_release: 9 + - job: name: octavia-v2-dsvm-scenario-nftables parent: octavia-v2-dsvm-scenario