From e4fd6fb22b9428da747a488720cb3c42757902fc Mon Sep 17 00:00:00 2001 From: Pierre Riteau Date: Tue, 9 Dec 2025 21:52:23 +0100 Subject: [PATCH 1/6] CI: Ensure firewalld is unmasked Recent nodepool images are masking the firewalld service [1], but we need it for host configure jobs. [1] https://review.opendev.org/c/opendev/zuul-providers/+/967962 Change-Id: Ic72f2e3a262d6491da8bc39de19e23c3acbedf89 Signed-off-by: Pierre Riteau (cherry picked from commit 3c2cf92507ca0a493d1454b34dcc47f2673f830b) --- playbooks/kayobe-overcloud-host-configure-base/pre.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/playbooks/kayobe-overcloud-host-configure-base/pre.yml b/playbooks/kayobe-overcloud-host-configure-base/pre.yml index 58603157a..5a3cbdb06 100644 --- a/playbooks/kayobe-overcloud-host-configure-base/pre.yml +++ b/playbooks/kayobe-overcloud-host-configure-base/pre.yml @@ -54,3 +54,9 @@ become: true loop: "{{ range(2, 8) | list }}" when: ansible_facts.os_family == 'Debian' + + - name: Ensure firewalld is unmasked + ansible.builtin.systemd_service: + name: firewalld + masked: false + become: true From 78d21cad1148bde59eec03f81e0564dd441be216 Mon Sep 17 00:00:00 2001 From: Pierre Riteau Date: Mon, 1 Dec 2025 10:13:26 +0100 Subject: [PATCH 2/6] Fix Bifrost host variable file generation In deployments without an IPv4 gateway defined, for example when behind a proxy, Bifrost host variable file generation was failing. Fix by allowing ipv4_gateway to be set to an empty string, which is supported in Bifrost. Closes-Bug: #2133489 Change-Id: I988810541b4620ac196d216bf54896a774282fdd Signed-off-by: Pierre Riteau (cherry picked from commit fa13678912cf57ff275768379a4af4e6d775f10d) --- ansible/kolla-bifrost-hostvars.yml | 2 +- releasenotes/notes/bug-2133489-1b83b7e24655caff.yaml | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/bug-2133489-1b83b7e24655caff.yaml diff --git a/ansible/kolla-bifrost-hostvars.yml b/ansible/kolla-bifrost-hostvars.yml index d560e4d0e..a63421038 100644 --- a/ansible/kolla-bifrost-hostvars.yml +++ b/ansible/kolla-bifrost-hostvars.yml @@ -26,7 +26,7 @@ # If the admin network does not have a gateway defined and seed SNAT is # enabled, use the seed as a gateway to allow external access until other # networks have been configured. Otherwise, do not set any gateway. - ipv4_gateway: "{{ (admin_oc_net_name | net_gateway) or (admin_oc_net_name | net_ip(seed_host) if seed_enable_snat | bool) }}" + ipv4_gateway: "{{ (admin_oc_net_name | net_gateway) or (admin_oc_net_name | net_ip(seed_host) if seed_enable_snat | bool) or '' }}" ipv4_nameserver: "{{ resolv_nameservers }}" network_mtu: "{{ admin_oc_net_name | net_mtu or '1500' }}" vlan_id: "{{ '' if admin_oc_net_name == provision_oc_net_name else (admin_oc_net_name | net_vlan) }}" diff --git a/releasenotes/notes/bug-2133489-1b83b7e24655caff.yaml b/releasenotes/notes/bug-2133489-1b83b7e24655caff.yaml new file mode 100644 index 000000000..3173fb921 --- /dev/null +++ b/releasenotes/notes/bug-2133489-1b83b7e24655caff.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Fixes generation of Bifrost host variable files when ``ipv4_gateway`` is + undefined. `LP#2133489 `__ From e8d79c011147b042bd75fa9eec0fcf0e90d341ba Mon Sep 17 00:00:00 2001 From: Pierre Riteau Date: Mon, 15 Dec 2025 07:09:57 +0100 Subject: [PATCH 3/6] [2025.1 only] Deploy centos/rocky containers matching os_release Change-Id: I92bf70e1444b17d310a9d63ad53c5edf523a9bbf Signed-off-by: Pierre Riteau --- ansible/inventory/group_vars/all/kolla | 4 ++-- playbooks/kayobe-overcloud-base/overrides.yml.j2 | 5 +++-- playbooks/kayobe-seed-base/overrides.yml.j2 | 5 +++-- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/ansible/inventory/group_vars/all/kolla b/ansible/inventory/group_vars/all/kolla index 5a042cff3..6ab1c8d2e 100644 --- a/ansible/inventory/group_vars/all/kolla +++ b/ansible/inventory/group_vars/all/kolla @@ -63,9 +63,9 @@ kolla_base_distro: "{{ os_distribution }}" # Kolla base container image distribution version default map. # Defines default versions for each distribution. kolla_base_distro_version_default_map: { - "centos": "stream9", + "centos": "{{ 'stream9' if os_release == '9-stream' else 'stream10' }}", "debian": "bullseye", - "rocky": "9", + "rocky": "{{ os_release }}", "ubuntu": "noble", } diff --git a/playbooks/kayobe-overcloud-base/overrides.yml.j2 b/playbooks/kayobe-overcloud-base/overrides.yml.j2 index 33e28d855..b37ef4333 100644 --- a/playbooks/kayobe-overcloud-base/overrides.yml.j2 +++ b/playbooks/kayobe-overcloud-base/overrides.yml.j2 @@ -53,9 +53,10 @@ kolla_ironic_pxe_append_params_extra: - ipa-insecure=1 {% endif %} -# NOTE(bbezak): Kolla does not build CentOS Stream 9 container images. -# Using Rocky Linux 9 images on CentOS Stream 9 in CI. +# NOTE(bbezak): Kolla does not build CentOS Stream container images. +# Using Rocky Linux images on CentOS Stream in CI. kolla_base_distro: "{% raw %}{{ 'rocky' if os_distribution == 'centos' else os_distribution }}{% endraw %}" +kolla_base_distro_version: "{% raw %}{{ os_release | replace('-stream', '') if os_distribution == 'centos' else os_release }}{% endraw %}" # Support overriding container_engine container_engine: "{{ container_engine }}" diff --git a/playbooks/kayobe-seed-base/overrides.yml.j2 b/playbooks/kayobe-seed-base/overrides.yml.j2 index 523c71abb..8051875f0 100644 --- a/playbooks/kayobe-seed-base/overrides.yml.j2 +++ b/playbooks/kayobe-seed-base/overrides.yml.j2 @@ -48,9 +48,10 @@ overcloud_dib_build_host_images: {{ build_images }} overcloud_dib_elements_extra: - "openstack-ci-mirrors" -# NOTE(bbezak): Kolla does not build CentOS Stream 9 container images. -# Using Rocky Linux 9 images on CentOS Stream 9 in CI. +# NOTE(bbezak): Kolla does not build CentOS Stream container images. +# Using Rocky Linux images on CentOS Stream in CI. kolla_base_distro: "{% raw %}{{ 'rocky' if os_distribution == 'centos' else os_distribution }}{% endraw %}" +kolla_base_distro_version: "{% raw %}{{ os_release | replace('-stream', '') if os_distribution == 'centos' else os_release }}{% endraw %}" # Support overriding container_engine container_engine: "{{ container_engine }}" From 9d18144fde71f5b0e694cabb28c21357d028cd2b Mon Sep 17 00:00:00 2001 From: Pierre Riteau Date: Fri, 31 Oct 2025 09:41:01 +0100 Subject: [PATCH 4/6] Add centos/rocky 10 seed-images jobs Change-Id: Ia0f7040cfd009ff25c3b4dfa910560eae5eafc23 Signed-off-by: Pierre Riteau (cherry picked from commit d5e6a9e782081fb2f89c61fafd67bcf9af3b8567) --- playbooks/kayobe-seed-base/overrides.yml.j2 | 17 +++++++++++++++-- zuul.d/jobs.yaml | 20 ++++++++++++++++++++ zuul.d/project.yaml | 4 +++- 3 files changed, 38 insertions(+), 3 deletions(-) diff --git a/playbooks/kayobe-seed-base/overrides.yml.j2 b/playbooks/kayobe-seed-base/overrides.yml.j2 index 8051875f0..459313f60 100644 --- a/playbooks/kayobe-seed-base/overrides.yml.j2 +++ b/playbooks/kayobe-seed-base/overrides.yml.j2 @@ -1,4 +1,13 @@ --- +{% if ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '10' %} +# Configure EPEL repository. Necessary for gdisk to be available. +# dnf_install_epel and dnf_use_local_mirror are both necessary to trigger +# templating of epel.repo. We use the official EPEL repository because there is +# no OpenDev mirror for EL10. +dnf_install_epel: true +dnf_use_local_mirror: true +{% endif %} + docker_daemon_debug: true # Use alternative registry image to avoid Docker Hub pull rate limit. docker_registry_image_full: "quay.io/libpod/registry:2.8.2" @@ -37,7 +46,9 @@ ipa_build_images: {{ build_images }} ipa_build_dib_elements_extra: # extra-hardware is currently failing on Ubuntu - "{% raw %}{{ 'extra-hardware' if os_distribution != 'ubuntu' else '' }}{% endraw %}" - - "openstack-ci-mirrors" + # Broken openstack-ci-mirrors for CentOS Stream 10. TODO(priteau): Remove + # conditional once https://review.opendev.org/965344 is released. + - "{% raw %}{{ 'openstack-ci-mirrors' if os_distribution != 'centos' else '' }}{% endraw %}" # Workaround for limited tmpfs space in CI ipa_build_dib_env_extra: @@ -46,7 +57,9 @@ ipa_build_dib_env_extra: # Build overcloud host image. overcloud_dib_build_host_images: {{ build_images }} overcloud_dib_elements_extra: - - "openstack-ci-mirrors" + # Broken openstack-ci-mirrors for CentOS Stream 10. TODO(priteau): Remove + # conditional once https://review.opendev.org/965344 is released. + - "{% raw %}{{ 'openstack-ci-mirrors' if os_distribution != 'centos' else '' }}{% endraw %}" # NOTE(bbezak): Kolla does not build CentOS Stream container images. # Using Rocky Linux images on CentOS Stream in CI. diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml index 2217c8282..b43346908 100644 --- a/zuul.d/jobs.yaml +++ b/zuul.d/jobs.yaml @@ -271,6 +271,12 @@ nodeset: kayobe-centos9s voting: false +- job: + name: kayobe-seed-images-centos10s + parent: kayobe-seed-images-base + nodeset: kayobe-centos10s + voting: false + # Build only the base container image in the kayobe-seed-images-rocky9 job # which always runs. Use `check experimental` to run the other jobs which build # more images. @@ -290,6 +296,20 @@ vars: container_engine: podman +- job: + name: kayobe-seed-images-rocky10 + parent: kayobe-seed-images-base + nodeset: kayobe-rocky10 + vars: + kayobe_control_host_become: false + +- job: + name: kayobe-seed-images-rocky10-podman + parent: kayobe-seed-images-base + nodeset: kayobe-rocky10 + vars: + container_engine: podman + - job: name: kayobe-seed-images-ubuntu-noble parent: kayobe-seed-images-base diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml index 741899b51..8cc821d0b 100644 --- a/zuul.d/project.yaml +++ b/zuul.d/project.yaml @@ -87,8 +87,10 @@ - kayobe-overcloud-centos9s - kayobe-overcloud-host-configure-centos10s - kayobe-overcloud-host-configure-centos9s - - kayobe-overcloud-host-configure-centos10s + - kayobe-seed-images-centos10s - kayobe-seed-images-centos9s + - kayobe-seed-images-rocky10 + - kayobe-seed-images-rocky10-podman - kayobe-seed-images-rocky9 - kayobe-seed-images-rocky9-podman - kayobe-seed-images-ubuntu-noble From ffa21abbfb9fbc697ac82e4da568f3cc415126b9 Mon Sep 17 00:00:00 2001 From: Pierre Riteau Date: Thu, 2 Oct 2025 18:08:12 +0200 Subject: [PATCH 5/6] CI: Add more centos/rocky 10 jobs Depends-On: https://review.opendev.org/c/openstack/ansible-collection-kolla/+/962714 Change-Id: Id50444efffc0c9806614620eac049a12408dcbae Signed-off-by: Pierre Riteau (cherry picked from commit 29966350ec70932accf10c07920c9ed046da54a1) --- zuul.d/jobs.yaml | 57 ++++++++++++++++++++++++++++++++++++++------- zuul.d/project.yaml | 15 ++++++++++-- 2 files changed, 62 insertions(+), 10 deletions(-) diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml index b43346908..fcfc2e337 100644 --- a/zuul.d/jobs.yaml +++ b/zuul.d/jobs.yaml @@ -71,19 +71,11 @@ required-projects: # Include kayobe to ensure other projects can use this job. - name: openstack/ansible-collection-kolla - # TODO(priteau): Remove when kayobe stable/2025.1 exists. - override-checkout: stable/2025.1 - name: openstack/kayobe - name: openstack/kayobe-config-dev - name: openstack/kolla - # TODO(priteau): Remove when kayobe stable/2025.1 exists. - override-checkout: stable/2025.1 - name: openstack/kolla-ansible - # TODO(priteau): Remove when kayobe stable/2025.1 exists. - override-checkout: stable/2025.1 - name: openstack/requirements - # TODO(priteau): Remove when kayobe stable/2025.1 exists. - override-checkout: stable/2025.1 - name: openstack/tenks irrelevant-files: - ^\..+ @@ -135,6 +127,12 @@ nodeset: kayobe-centos9s voting: false +- job: + name: kayobe-overcloud-centos10s + parent: kayobe-overcloud-base + nodeset: kayobe-centos10s + voting: false + - job: name: kayobe-overcloud-rocky9 parent: kayobe-overcloud-base @@ -149,6 +147,20 @@ vars: container_engine: podman +- job: + name: kayobe-overcloud-rocky10 + parent: kayobe-overcloud-base + vars: + kayobe_control_host_become: false + nodeset: kayobe-rocky10 + +- job: + name: kayobe-overcloud-rocky10-podman + parent: kayobe-overcloud-base + nodeset: kayobe-rocky10 + vars: + container_engine: podman + - job: name: kayobe-overcloud-ubuntu-noble parent: kayobe-overcloud-base @@ -175,11 +187,22 @@ nodeset: kayobe-centos9s voting: false +- job: + name: kayobe-overcloud-tls-centos10s + parent: kayobe-overcloud-tls-base + nodeset: kayobe-centos10s + voting: false + - job: name: kayobe-overcloud-tls-rocky9 parent: kayobe-overcloud-tls-base nodeset: kayobe-rocky9 +- job: + name: kayobe-overcloud-tls-rocky10 + parent: kayobe-overcloud-tls-base + nodeset: kayobe-rocky10 + - job: name: kayobe-overcloud-upgrade-base parent: kayobe-base @@ -231,6 +254,12 @@ nodeset: kayobe-centos9s voting: false +- job: + name: kayobe-seed-centos10s + parent: kayobe-seed-base + nodeset: kayobe-centos10s + voting: false + - job: name: kayobe-seed-rocky9 parent: kayobe-seed-base @@ -243,6 +272,18 @@ vars: container_engine: podman +- job: + name: kayobe-seed-rocky10 + parent: kayobe-seed-base + nodeset: kayobe-rocky10 + +- job: + name: kayobe-seed-rocky10-podman + parent: kayobe-seed-base + nodeset: kayobe-rocky10 + vars: + container_engine: podman + - job: name: kayobe-seed-ubuntu-noble parent: kayobe-seed-base diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml index 8cc821d0b..6db6f7299 100644 --- a/zuul.d/project.yaml +++ b/zuul.d/project.yaml @@ -19,10 +19,12 @@ - kayobe-infra-vm-ubuntu-noble - kayobe-overcloud-host-configure-rocky10 - kayobe-overcloud-host-configure-rocky9 - - kayobe-overcloud-host-configure-rocky10 - kayobe-overcloud-host-configure-ubuntu-noble + - kayobe-overcloud-rocky10 + - kayobe-overcloud-rocky10-podman - kayobe-overcloud-rocky9 - kayobe-overcloud-rocky9-podman + - kayobe-overcloud-tls-rocky10 - kayobe-overcloud-tls-rocky9 - kayobe-overcloud-ubuntu-noble - kayobe-overcloud-ubuntu-noble-podman @@ -30,6 +32,8 @@ - kayobe-overcloud-upgrade-slurp-rocky9 - kayobe-overcloud-upgrade-slurp-ubuntu-noble - kayobe-overcloud-upgrade-ubuntu-noble + - kayobe-seed-rocky10 + - kayobe-seed-rocky10-podman - kayobe-seed-rocky9 - kayobe-seed-rocky9-podman - kayobe-seed-ubuntu-noble @@ -53,10 +57,12 @@ - kayobe-infra-vm-ubuntu-noble - kayobe-overcloud-host-configure-rocky10 - kayobe-overcloud-host-configure-rocky9 - - kayobe-overcloud-host-configure-rocky10 - kayobe-overcloud-host-configure-ubuntu-noble + - kayobe-overcloud-rocky10 + - kayobe-overcloud-rocky10-podman - kayobe-overcloud-rocky9 - kayobe-overcloud-rocky9-podman + - kayobe-overcloud-tls-rocky10 - kayobe-overcloud-tls-rocky9 - kayobe-overcloud-ubuntu-noble - kayobe-overcloud-ubuntu-noble-podman @@ -64,6 +70,8 @@ - kayobe-overcloud-upgrade-slurp-rocky9 - kayobe-overcloud-upgrade-slurp-ubuntu-noble - kayobe-overcloud-upgrade-ubuntu-noble + - kayobe-seed-rocky10 + - kayobe-seed-rocky10-podman - kayobe-seed-rocky9 - kayobe-seed-rocky9-podman - kayobe-seed-ubuntu-noble @@ -84,9 +92,12 @@ - kayobe-infra-vm-rocky10-cloud-image - kayobe-infra-vm-rocky9-cloud-image - kayobe-infra-vm-ubuntu-noble-cloud-image + - kayobe-overcloud-centos10s - kayobe-overcloud-centos9s - kayobe-overcloud-host-configure-centos10s - kayobe-overcloud-host-configure-centos9s + - kayobe-overcloud-tls-centos10s + - kayobe-seed-centos10s - kayobe-seed-images-centos10s - kayobe-seed-images-centos9s - kayobe-seed-images-rocky10 From 8bc2d17040a1dab07dc33e0a13e1b091a9737b89 Mon Sep 17 00:00:00 2001 From: Pierre Riteau Date: Mon, 15 Dec 2025 13:30:37 +0100 Subject: [PATCH 6/6] Document centos/rocky 10 as supported Change-Id: I1a11e570d8023162522ec7ff2b7f35bcd2307372 Signed-off-by: Pierre Riteau --- doc/source/installation.rst | 2 ++ doc/source/support-matrix.rst | 17 ++++++++++------- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/doc/source/installation.rst b/doc/source/installation.rst index 01fd80f2f..2da16aacd 100644 --- a/doc/source/installation.rst +++ b/doc/source/installation.rst @@ -16,7 +16,9 @@ Currently Kayobe supports the following Operating Systems on the Ansible control host: - CentOS Stream 9 (since Zed 13.0.0 release) +- CentOS Stream 10 (since Epoxy 18.3.0 release) - Rocky Linux 9 (since Zed 13.0.0 release) +- Rocky Linux 10 (since Epoxy 18.3.0 release) - Ubuntu Noble 24.04 (since Dalmatian 17.0.0 release) See the :doc:`support matrix ` for details of supported diff --git a/doc/source/support-matrix.rst b/doc/source/support-matrix.rst index e52fa111c..78ab21e1d 100644 --- a/doc/source/support-matrix.rst +++ b/doc/source/support-matrix.rst @@ -10,21 +10,24 @@ Supported Operating Systems Kayobe supports the following host Operating Systems (OS): * Rocky Linux 9 (since Zed 13.0.0 release) +* Rocky Linux 10 (since Epoxy 18.3.0 release) * Ubuntu Noble 24.04 (since Dalmatian 17.0.0 release) -In addition to that CentOS Stream 9 host OS is functional, but not officially -supported. Kolla does not publish CentOS Stream 9 images to Docker Hub/Quay.io, -therefore users need to build them by themselves. +In addition to that CentOS Stream 9/10 host OS is functional, but not +officially supported. Kolla does not publish CentOS Stream 9/10 images to +Docker Hub/Quay.io, therefore users need to build them by themselves. .. note:: - CentOS Stream 8 is no longer supported as a host OS. The Yoga release - supports both CentOS Stream 8 and 9, and provides a route for migration. + CentOS Stream 9 is no longer supported as a host OS beyond the Epoxy + release. The Epoxy release supports both CentOS Stream 9 and 10, and + provides a route for migration. .. note:: - Rocky Linux 8 is no longer supported as a host OS. The Yoga release supports - both Rocky Linux 8 and 9, and provides a route for migration. + Rocky Linux 9 is no longer supported as a host OS beyond the Epoxy release. + The Epoxy release supports both Rocky Linux 9 and 10, and provides a route + for migration. Supported container images ~~~~~~~~~~~~~~~~~~~~~~~~~~