openstack/octavia
Code Issues Proposed changes

Add support for Rocky Linux

Browse Source 
* Added support for Rocky Linux in the amphora-agent
* Amphora images for Rocky can be built when setting
  OCTAVIA_AMP_BASE_OS="rocky"
* Fixed the devstack plugin for Rocky Linux hosts

Change-Id: I41f7e2341332b9cb74b4a59fedb6eed1af3c8062
This commit is contained in:
Gregory Thiemonge 2023-02-13 02:15:40 -05:00
parent bb7c8ca2c9
commit 4e6e8f0c0e
14 changed files with 71 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
devstack/plugin.sh
View File

@ -18,6 +18,10 @@ function octavia_install {
if ! [ "$DISABLE_AMP_IMAGE_BUILD" == 'True' ]; then if ! [ "$DISABLE_AMP_IMAGE_BUILD" == 'True' ]; then
if [[ ${DISTRO} =~ (rhel|centos) ]]; then if [[ ${DISTRO} =~ (rhel|centos) ]]; then
install_package qemu-kvm install_package qemu-kvm
if [[ "$OCTAVIA_AMP_BASE_OS" == "rocky" ]]; then
# DIB requires podman for building rockylinux images.
install_package podman
fi
else else
install_package qemu install_package qemu
fi fi
@ -134,6 +138,8 @@ function build_octavia_worker_image {
fi fi
sudo mkdir -m755 ${dib_logs} sudo mkdir -m755 ${dib_logs}
sudo chown $STACK_USER ${dib_logs} sudo chown $STACK_USER ${dib_logs}
# Workaround for rockylinux images
export DIB_CONTAINERFILE_RUNTIME_ROOT=1
$OCTAVIA_DIR/diskimage-create/diskimage-create.sh -l ${dib_logs}/$(basename $OCTAVIA_AMP_IMAGE_FILE).log $octavia_dib_tracing_arg -o $OCTAVIA_AMP_IMAGE_FILE ${PARAM_OCTAVIA_AMP_BASE_OS:-} ${PARAM_OCTAVIA_AMP_DISTRIBUTION_RELEASE_ID:-} ${PARAM_OCTAVIA_AMP_IMAGE_SIZE:-} ${PARAM_OCTAVIA_AMP_IMAGE_ARCH:-} ${PARAM_OCTAVIA_AMP_DISABLE_TMP_FS:-} ${PARAM_OCTAVIA_AMP_ENABLE_FIPS:-} $OCTAVIA_DIR/diskimage-create/diskimage-create.sh -l ${dib_logs}/$(basename $OCTAVIA_AMP_IMAGE_FILE).log $octavia_dib_tracing_arg -o $OCTAVIA_AMP_IMAGE_FILE ${PARAM_OCTAVIA_AMP_BASE_OS:-} ${PARAM_OCTAVIA_AMP_DISTRIBUTION_RELEASE_ID:-} ${PARAM_OCTAVIA_AMP_IMAGE_SIZE:-} ${PARAM_OCTAVIA_AMP_IMAGE_ARCH:-} ${PARAM_OCTAVIA_AMP_DISABLE_TMP_FS:-} ${PARAM_OCTAVIA_AMP_ENABLE_FIPS:-}
fi fi
@ -490,8 +496,20 @@ function create_mgmt_network_interface {
fi fi
sudo ip link set dev o-hm0 address $MGMT_PORT_MAC sudo ip link set dev o-hm0 address $MGMT_PORT_MAC
function _get_firewall () {
# The devstack CI forces the use of iptables, the openstack-INPUT table
# can be used to indicate it.
if sudo iptables -L -n -v | grep openstack-INPUT; then
echo "iptables"
elif [[ -x $(which nft 2> /dev/null) ]]; then
echo "nft"
else
echo "iptables"
fi
}
# Check if the host is using nftables, an alternative to iptables # Check if the host is using nftables, an alternative to iptables
if [ -x "$(sudo bash -c 'command -v nft')" ]; then if [[ $(_get_firewall) == "nft" ]]; then
sudo nft add table inet octavia sudo nft add table inet octavia
sudo nft add chain inet octavia o-hm0-incoming { type filter hook input priority 0\;} sudo nft add chain inet octavia o-hm0-incoming { type filter hook input priority 0\;}
sudo nft flush chain inet octavia o-hm0-incoming sudo nft flush chain inet octavia o-hm0-incoming

2
diskimage-create/README.rst
View File

@ -107,7 +107,7 @@ Command syntax:
[-f] [-f]
[-g **repository branch** | stable/train | stable/stein | ... ] [-g **repository branch** | stable/train | stable/stein | ... ]
[-h] [-h]
[-i **ubuntu-minimal** | fedora | centos-minimal | rhel ] [-i **ubuntu-minimal** | fedora | centos-minimal | rhel | rocky ]
[-k <kernel package name> ] [-k <kernel package name> ]
[-l <log file> ] [-l <log file> ]
[-m] [-m]

12
diskimage-create/diskimage-create.sh
View File

@ -28,7 +28,7 @@ usage() {
echo " [-f]" echo " [-f]"
echo " [-g **repository branch** | stable/train | stable/stein | ... ]" echo " [-g **repository branch** | stable/train | stable/stein | ... ]"
echo " [-h]" echo " [-h]"
echo " [-i **ubuntu-minimal** | fedora | centos-minimal | rhel ]" echo " [-i **ubuntu-minimal** | fedora | centos-minimal | rhel | rocky ]"
echo " [-k <kernel package name> ]" echo " [-k <kernel package name> ]"
echo " [-l <log file> ]" echo " [-l <log file> ]"
echo " [-m]" echo " [-m]"
@ -150,6 +150,7 @@ while getopts "a:b:c:d:efg:hi:k:l:mno:pt:r:s:vw:xy" opt; do
[ "$AMP_BASEOS" != "fedora" ] && \ [ "$AMP_BASEOS" != "fedora" ] && \
[ "$AMP_BASEOS" != "centos" ] && \ [ "$AMP_BASEOS" != "centos" ] && \
[ "$AMP_BASEOS" != "centos-minimal" ] && \ [ "$AMP_BASEOS" != "centos-minimal" ] && \
[ "$AMP_BASEOS" != "rocky" ] && \
[ "$AMP_BASEOS" != "rhel" ]; then [ "$AMP_BASEOS" != "rhel" ]; then
echo "Error: Unsupported base OS $AMP_BASEOS specified" echo "Error: Unsupported base OS $AMP_BASEOS specified"
exit 3 exit 3
@ -160,6 +161,9 @@ while getopts "a:b:c:d:efg:hi:k:l:mno:pt:r:s:vw:xy" opt; do
if [ "$AMP_BASEOS" == "centos" ]; then if [ "$AMP_BASEOS" == "centos" ]; then
AMP_BASEOS="centos-minimal" AMP_BASEOS="centos-minimal"
fi fi
if [ "$AMP_BASEOS" == "rocky" ]; then
AMP_BASEOS="rocky-container"
fi
;; ;;
k) k)
AMP_KERNEL=$OPTARG AMP_KERNEL=$OPTARG
@ -245,6 +249,8 @@ elif [ "${AMP_BASEOS}" = "centos-minimal" ]; then
export DIB_RELEASE=${AMP_DIB_RELEASE:-"9-stream"} export DIB_RELEASE=${AMP_DIB_RELEASE:-"9-stream"}
elif [ "${AMP_BASEOS}" = "fedora" ]; then elif [ "${AMP_BASEOS}" = "fedora" ]; then
export DIB_RELEASE=${AMP_DIB_RELEASE:-"28"} export DIB_RELEASE=${AMP_DIB_RELEASE:-"28"}
elif [ "${AMP_BASEOS}" = "rocky-container" ]; then
export DIB_RELEASE=${AMP_DIB_RELEASE:-"9"}
fi fi
AMP_OUTPUTFILENAME=${AMP_OUTPUTFILENAME:-"$PWD/amphora-x64-haproxy.qcow2"} AMP_OUTPUTFILENAME=${AMP_OUTPUTFILENAME:-"$PWD/amphora-x64-haproxy.qcow2"}
@ -454,7 +460,7 @@ AMP_element_sequence="$AMP_element_sequence cloud-init-datasources"
AMP_element_sequence="$AMP_element_sequence remove-default-ints" AMP_element_sequence="$AMP_element_sequence remove-default-ints"
# SELinux systems # SELinux systems
if [ "${AMP_BASEOS}" = "centos-minimal" ] || [ "${AMP_BASEOS}" = "fedora" ] || [ "${AMP_BASEOS}" = "rhel" ]; then if [ "${AMP_BASEOS}" = "centos-minimal" ] || [ "${AMP_BASEOS}" = "fedora" ] || [ "${AMP_BASEOS}" = "rhel" ] || [ "${AMP_BASEOS}" = "rocky-container" ]; then
if [ "$AMP_ENABLE_FULL_MAC_SECURITY" -ne 1 ]; then if [ "$AMP_ENABLE_FULL_MAC_SECURITY" -ne 1 ]; then
AMP_element_sequence="$AMP_element_sequence selinux-permissive" AMP_element_sequence="$AMP_element_sequence selinux-permissive"
else else
@ -464,7 +470,7 @@ if [ "${AMP_BASEOS}" = "centos-minimal" ] || [ "${AMP_BASEOS}" = "fedora" ] || [
fi fi
# Disable the dnf makecache timer # Disable the dnf makecache timer
if [ "${AMP_BASEOS}" = "centos-minimal" ] || [ "${AMP_BASEOS}" = "fedora" ] || [ "${AMP_BASEOS}" = "rhel" ]; then if [ "${AMP_BASEOS}" = "centos-minimal" ] || [ "${AMP_BASEOS}" = "fedora" ] || [ "${AMP_BASEOS}" = "rhel" ] || [ "${AMP_BASEOS}" = "rocky-container" ]; then
AMP_element_sequence="$AMP_element_sequence disable-makecache" AMP_element_sequence="$AMP_element_sequence disable-makecache"
fi fi

13
elements/amphora-agent/pkg-map
View File

@ -41,6 +41,19 @@
"dkms": "", "dkms": "",
"network-scripts": "" "network-scripts": ""
} }
},
"rocky": {
"9": {
"curl": "curl-minimal",
"isc-dhcp-client": "dhcp-client",
"python3-dev": "platform-python-devel",
"python3-venv": "",
"python3": "python39",
"vlan": "",
"screen": "",
"dkms": "",
"network-scripts": ""
}
} }
}, },
"family": { "family": {

2
elements/amphora-agent/post-install.d/90-remove-build-deps
View File

@ -15,7 +15,7 @@ case $DISTRO_NAME in
ubuntu | debian ) ubuntu | debian )
apt-get --assume-yes purge --auto-remove apt-get --assume-yes purge --auto-remove
;; ;;
fedora | centos* | rhel* ) fedora | centos* | rhel* | rocky )
YUM=${YUM:-yum} YUM=${YUM:-yum}
${YUM} -v -y autoremove ${YUM} -v -y autoremove
;; ;;

2
elements/amphora-fips/environment.d/95-enable-fips
View File

@ -12,7 +12,7 @@ case $DISTRO_NAME in
echo "ERROR: $DISTRO_NAME is not supported for FIPS mode." echo "ERROR: $DISTRO_NAME is not supported for FIPS mode."
exit 1 exit 1
;; ;;
fedora | centos* | rhel* ) fedora | centos* | rhel* | rocky )
DIB_DRACUT_ENABLED_MODULES+=" DIB_DRACUT_ENABLED_MODULES+="
- name: fips - name: fips
" "

2
elements/amphora-fips/post-install.d/10-enable-fips
View File

@ -12,7 +12,7 @@ case $DISTRO_NAME in
echo "ERROR: $DISTRO_NAME is not supported for FIPS mode." echo "ERROR: $DISTRO_NAME is not supported for FIPS mode."
exit 1 exit 1
;; ;;
fedora | centos* | rhel* ) fedora | centos* | rhel* | rocky )
update-crypto-policies --no-reload --set FIPS update-crypto-policies --no-reload --set FIPS
;; ;;
*) *)

2
elements/cpu-pinning/environment.d/80-kernel-cpu-affinity
View File

@ -23,7 +23,7 @@ fi
set -euo pipefail set -euo pipefail
case $DISTRO_NAME in case $DISTRO_NAME in
ubuntu | debian | fedora | centos* | rhel* ) ubuntu | debian | fedora | centos* | rhel* | rocky )
DIB_BOOTLOADER_DEFAULT_CMDLINE+=" irqaffinity=0" DIB_BOOTLOADER_DEFAULT_CMDLINE+=" irqaffinity=0"
# This will be ignored on single vCPU systems # This will be ignored on single vCPU systems
DIB_BOOTLOADER_DEFAULT_CMDLINE+=" isolcpus=1-N" DIB_BOOTLOADER_DEFAULT_CMDLINE+=" isolcpus=1-N"

2
elements/disable-makecache/post-install.d/80-disable-makecache
View File

@ -8,7 +8,7 @@ set -eu
set -o pipefail set -o pipefail
case $DISTRO_NAME in case $DISTRO_NAME in
fedora | centos* | rhel* ) fedora | centos* | rhel* | rocky )
systemctl disable dnf-makecache.timer || true systemctl disable dnf-makecache.timer || true
;; ;;
*) *)

2
elements/haproxy-octavia/post-install.d/20-haproxy-user-group-config
View File

@ -7,7 +7,7 @@ case $DISTRO_NAME in
ubuntu | debian ) ubuntu | debian )
HAPROXY_USER_GROUP=nogroup HAPROXY_USER_GROUP=nogroup
;; ;;
fedora | centos* | rhel* ) fedora | centos* | rhel* | rocky )
HAPROXY_USER_GROUP=haproxy HAPROXY_USER_GROUP=haproxy
;; ;;
*) *)

2
octavia/amphorae/backends/agent/api_server/osutils.py
View File

@ -115,7 +115,7 @@ class RH(BaseOS):
@classmethod @classmethod
def is_os_name(cls, os_name): def is_os_name(cls, os_name):
return os_name in ['fedora', 'rhel'] return os_name in ['fedora', 'rhel', 'rocky']
def cmd_get_version_of_installed_package(self, package_name): def cmd_get_version_of_installed_package(self, package_name):
name = self._map_package_name(package_name) name = self._map_package_name(package_name)

1
playbooks/image-build/run.yaml
View File

@ -50,6 +50,7 @@
- qemu-kvm - qemu-kvm
- python3-setuptools - python3-setuptools
- yum - yum
- podman
when: when:
- ansible_os_family == 'RedHat' - ansible_os_family == 'RedHat'
- name: Install required pip packages - name: Install required pip packages

8
releasenotes/notes/add-rockylinux-support-ac6e410b979e622e.yaml Normal file
View File

@ -0,0 +1,8 @@
---
features:
- |
Added support for Rocky Linux controllers in devstack.
- |
Added support for Rocky Linux amphora images. To enable it, users have to
build their amphora images with the ``OCTAVIA_AMP_BASE_OS=rocky`` and
``OCTAVIA_AMP_DISTRIBUTION_RELEASE_ID=9`` parameters.

13
zuul.d/jobs.yaml
View File

@ -182,6 +182,19 @@
amphora_os: centos amphora_os: centos
amphora_os_release: 9-stream amphora_os_release: 9-stream
- job:
name: octavia-amphora-image-build-live-rocky-9
parent: octavia-amphora-image-build
nodeset: centos-9-stream
description: |
Builds a Rocky Linux 9 amphora image using diskimage-builder from Git
master. This job does not publish the image.
required-projects:
- openstack/diskimage-builder
vars:
amphora_os: rocky
amphora_os_release: 9
- job: - job:
name: octavia-v2-dsvm-scenario-nftables name: octavia-v2-dsvm-scenario-nftables
parent: octavia-v2-dsvm-scenario parent: octavia-v2-dsvm-scenario