Add Rocky 9 aarch64 DOCA OFED support

Signed-off-by: Bartosz Bezak <bartosz@stackhpc.com>

Author: bbezak

.github/workflows/package-build-ofed.yml

@@ -7,6 +7,10 @@ on:
         description: Build Rocky Linux 9
         type: boolean
         default: true
+      rocky9-aarch64:
+        description: Build Rocky Linux 9 aarch64
+        type: boolean
+        default: true
     secrets:
       KAYOBE_VAULT_PASSWORD_CI_BUILDER:
         required: true
@@ -22,17 +26,27 @@ env:
   KAYOBE_ENVIRONMENT: ci-doca-builder
   KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD_CI_BUILDER }}
 jobs:
-  overcloud-ofed-packages:
-    name: Build OFED kernel modules
+  create-tag:
+    name: Create a tag to be added to resulting packages
     if: github.repository == 'stackhpc/stackhpc-kayobe-config'
     runs-on: arc-skc-host-image-builder-runner
     permissions: {}
+    outputs:
+      ofed_tag: ${{ steps.ofed_tag.outputs.ofed_tag }}
     steps:
       - name: Generate OFED tag
         id: ofed_tag
         run: |
           echo "ofed_tag=$(date +%Y%m%dT%H%M%S)" >> $GITHUB_OUTPUT
 
+  overcloud-ofed-packages:
+    name: Build OFED kernel modules
+    if: github.repository == 'stackhpc/stackhpc-kayobe-config' && inputs.rocky9
+    runs-on: arc-skc-host-image-builder-runner
+    needs:
+      - create-tag
+    permissions: {}
+    steps:
       - name: Install Package dependencies
         run: |
           sudo apt update &&
@@ -236,7 +250,235 @@ jobs:
           source venvs/kayobe/bin/activate &&
           source src/kayobe-config/kayobe-env --environment ci-doca-builder &&
           kayobe playbook run src/kayobe-config/etc/kayobe/ansible/tools/push-ofed.yml \
-          -e "ofed_tag=${{ steps.ofed_tag.outputs.ofed_tag }}"
+          -e "ofed_tag=${{ needs.create-tag.outputs.ofed_tag }}"
+        env:
+          KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD_CI_BUILDER }}
+
+      - name: Destroy
+        run: terraform destroy -auto-approve
+        working-directory: ${{ github.workspace }}/src/kayobe-config/terraform/aio
+        env:
+          OS_CLOUD: openstack
+          OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }}
+          OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }}
+        if: always()
+
+  overcloud-ofed-packages-aarch64:
+    name: Build aarch64 OFED kernel modules
+    if: github.repository == 'stackhpc/stackhpc-kayobe-config' && inputs.rocky9-aarch64
+    runs-on: arc-skc-host-image-builder-runner
+    needs:
+      - create-tag
+    permissions: {}
+    steps:
+      - name: Install Package dependencies
+        run: |
+          sudo apt update &&
+          sudo apt install -y git unzip nodejs python3-pip python3-venv openssh-server openssh-client jq
+
+      - name: Start the SSH service
+        run: |
+          sudo /etc/init.d/ssh start
+
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          path: src/kayobe-config
+
+      - name: Install Kayobe
+        run: |
+          mkdir -p venvs &&
+          pushd venvs &&
+          python3 -m venv kayobe &&
+          source kayobe/bin/activate &&
+          pip install -U pip &&
+          pip install -r ../src/kayobe-config/requirements.txt
+
+      - name: Install terraform
+        uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0
+
+      - name: Initialise terraform
+        run: terraform init
+        working-directory: ${{ github.workspace }}/src/kayobe-config/terraform/aio
+
+      - name: Generate SSH keypair
+        run: ssh-keygen -f id_rsa -N ''
+        working-directory: ${{ github.workspace }}/src/kayobe-config/terraform/aio
+
+      - name: Generate clouds.yaml
+        run: |
+          cat << EOF > clouds.yaml
+          ${{ secrets.CLOUDS_YAML }}
+          EOF
+        working-directory: ${{ github.workspace }}/src/kayobe-config/terraform/aio
+
+      - name: Output image tag
+        id: image_tag
+        run: |
+          echo image_tag=$(grep stackhpc_rocky_9_overcloud_host_image_version_aarch64: etc/kayobe/pulp-host-image-versions.yml | awk '{print $2}') >> $GITHUB_OUTPUT
+        working-directory: ${{ github.workspace }}/src/kayobe-config
+
+      # Use the image override if set, otherwise use overcloud-os_distribution-os_release-tag
+      - name: Output image name
+        id: image_name
+        run: |
+          echo image_name=overcloud-rocky-9-aarch64-${{ steps.image_tag.outputs.image_tag }} >> $GITHUB_OUTPUT
+
+      - name: Generate terraform.tfvars
+        run: |
+          cat << EOF > terraform.tfvars
+          ssh_public_key = "id_rsa.pub"
+          ssh_username = "cloud-user"
+          aio_vm_name = "skc-ofed-builder-arm64"
+          aio_vm_image = "${{ env.VM_IMAGE }}"
+          aio_vm_flavor = "${{ vars.HOST_IMAGE_BUILD_FLAVOR }}"
+          aio_vm_network = "stackhpc-ci"
+          aio_vm_subnet = "stackhpc-ci"
+          aio_vm_interface = "ens3"
+          aio_vm_tags = ${{ env.VM_TAGS }}
+          EOF
+        working-directory: ${{ github.workspace }}/src/kayobe-config/terraform/aio
+        env:
+          VM_IMAGE: ${{ steps.image_name.outputs.image_name }}
+          VM_TAGS: '["skc-ci-doca-builder", "PR=${{ github.event.number }}"]'
+
+      - name: Terraform Plan
+        run: terraform plan
+        working-directory: ${{ github.workspace }}/src/kayobe-config/terraform/aio
+        env:
+          OS_CLOUD: "openstack"
+          OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }}
+          OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }}
+
+      - name: Terraform Apply
+        run: |
+          for attempt in $(seq 5); do
+              if terraform apply -auto-approve; then
+                  echo "Created infrastructure on attempt $attempt"
+                  exit 0
+              fi
+              echo "Failed to create infrastructure on attempt $attempt"
+              sleep 10
+              terraform destroy -auto-approve
+              sleep 60
+          done
+          echo "Failed to create infrastructure after $attempt attempts"
+          exit 1
+        working-directory: ${{ github.workspace }}/src/kayobe-config/terraform/aio
+        env:
+          OS_CLOUD: "openstack"
+          OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }}
+          OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }}
+
+      - name: Get Terraform outputs
+        id: tf_outputs
+        run: |
+          terraform output -json
+        working-directory: ${{ github.workspace }}/src/kayobe-config/terraform/aio
+
+      - name: Write Terraform outputs
+        run: |
+          cat << EOF > src/kayobe-config/etc/kayobe/environments/ci-doca-builder/tf-outputs.yml
+          ${{ steps.tf_outputs.outputs.stdout }}
+          EOF
+
+      - name: Write Terraform network config
+        run: |
+          cat << EOF > src/kayobe-config/etc/kayobe/environments/ci-doca-builder/tf-network-allocation.yml
+          ---
+          aio_ips:
+            builder: "{{ access_ip_v4.value }}"
+          EOF
+
+      - name: Write Terraform network interface config
+        run: |
+          mkdir -p src/kayobe-config/etc/kayobe/environments/$KAYOBE_ENVIRONMENT/inventory/group_vars/seed
+          rm -f src/kayobe-config/etc/kayobe/environments/$KAYOBE_ENVIRONMENT/inventory/group_vars/seed/network-interfaces
+          cat << EOF > src/kayobe-config/etc/kayobe/environments/$KAYOBE_ENVIRONMENT/inventory/group_vars/seed/network-interfaces
+          admin_interface: "{{ access_interface.value }}"
+          aio_interface: "{{ access_interface.value }}"
+          EOF
+
+      - name: Manage SSH keys
+        run: |
+          mkdir -p ~/.ssh
+          touch ~/.ssh/authorized_keys
+          cat src/kayobe-config/terraform/aio/id_rsa.pub >> ~/.ssh/authorized_keys
+          cp src/kayobe-config/terraform/aio/id_rsa* ~/.ssh/
+
+      - name: Bootstrap the control host
+        run: |
+          source venvs/kayobe/bin/activate &&
+          source src/kayobe-config/kayobe-env --environment ci-doca-builder &&
+          kayobe control host bootstrap
+
+      - name: Run growroot playbook
+        run: |
+          source venvs/kayobe/bin/activate &&
+          source src/kayobe-config/kayobe-env --environment ci-doca-builder &&
+          kayobe playbook run src/kayobe-config/etc/kayobe/ansible/tools/growroot.yml
+        env:
+          KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD_CI_BUILDER }}
+
+      - name: Configure the seed host (Builder VM)
+        run: |
+          source venvs/kayobe/bin/activate &&
+          source src/kayobe-config/kayobe-env --environment ci-doca-builder &&
+          kayobe seed host configure --skip-tags network,docker,docker-registry \
+          -e kolla_base_arch="aarch64"
+        env:
+          KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD_CI_BUILDER }}
+
+      - name: Run a distro-sync
+        run: |
+          source venvs/kayobe/bin/activate &&
+          source src/kayobe-config/kayobe-env --environment ci-doca-builder &&
+          kayobe seed host command run --become --command "dnf distro-sync --refresh --assumeyes" \
+          -e kolla_base_arch="aarch64"
+        env:
+          KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD_CI_BUILDER }}
+
+      - name: Reset BLS entries on the seed host
+        run: |
+          source venvs/kayobe/bin/activate &&
+          source src/kayobe-config/kayobe-env --environment ci-doca-builder &&
+          kayobe playbook run src/kayobe-config/etc/kayobe/ansible/maintenance/reset-bls-entries.yml \
+          -e "reset_bls_host=ofed-builder"
+        env:
+          KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD_CI_BUILDER }}
+
+      - name: Disable noexec in /var/tmp
+        run: |
+          source venvs/kayobe/bin/activate &&
+          source src/kayobe-config/kayobe-env --environment ci-doca-builder &&
+          kayobe seed host command run --become --command "sed -i 's/noexec,//g' /etc/fstab"
+        env:
+          KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD_CI_BUILDER }}
+
+      - name: Reboot to apply the kernel update
+        run: |
+          source venvs/kayobe/bin/activate &&
+          source src/kayobe-config/kayobe-env --environment ci-doca-builder &&
+          kayobe playbook run src/kayobe-config/etc/kayobe/ansible/maintenance/reboot.yml
+        env:
+          KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD_CI_BUILDER }}
+
+      - name: Run OFED builder playbook
+        run: |
+          source venvs/kayobe/bin/activate &&
+          source src/kayobe-config/kayobe-env --environment ci-doca-builder &&
+          kayobe playbook run src/kayobe-config/etc/kayobe/ansible/tools/build-ofed-rocky.yml \
+          -e kolla_base_arch="aarch64"
+        env:
+          KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD_CI_BUILDER }}
+
+      - name: Run OFED upload playbook
+        run: |
+          source venvs/kayobe/bin/activate &&
+          source src/kayobe-config/kayobe-env --environment ci-doca-builder &&
+          kayobe playbook run src/kayobe-config/etc/kayobe/ansible/tools/push-ofed.yml \
+          -e "ofed_tag=${{ needs.create-tag.outputs.ofed_tag }}" \
+          -e kolla_base_arch="aarch64"
         env:
           KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD_CI_BUILDER }}
 

doc/source/contributor/ofed.rst

@@ -31,6 +31,7 @@ build-ofed
 ----------
 
 Currently we only support building Rocky Linux 9 OFED kernel module packages.
+The workflow can build packages for ``x86_64`` and ``aarch64``.
 
 The Build OFED module workflow will check that the filesystem is configured (noexec disabled)
 to allow the DOCA build script to run. The workflow will also install any necessary dependencies

etc/kayobe/ansible/maintenance/rocky-97-ofed-upgrade.yml

@@ -17,7 +17,7 @@
   vars:
     # we don't build kernel modules for each version, eg 5.14.0-611.13.1 has been built,
     # but not 5.14.0-611.20.1.
-    doca_kernel_version: "{{ stackhpc_doca_kernel_version_matrix[stackhpc_pulp_repo_rocky_9_minor_version | string] }}"
+    doca_kernel_version: "{{ stackhpc_doca_kernel_version_matrix[stackhpc_pulp_repo_rocky_9_minor_version | string][ansible_facts.architecture] }}"
   tasks:
     - name: Assert that hosts are running Rocky Linux 9.6
       ansible.builtin.assert:

etc/kayobe/ansible/tools/install-doca.yml

@@ -6,7 +6,7 @@
   vars:
     # we don't build kernel modules for each version, eg 5.14.0-611.13.1 has been built,
     # but not 5.14.0-611.20.1
-    doca_kernel_version: "{{ stackhpc_doca_kernel_version_matrix[stackhpc_pulp_repo_rocky_9_minor_version | string] }}"
+    doca_kernel_version: "{{ stackhpc_doca_kernel_version_matrix[stackhpc_pulp_repo_rocky_9_minor_version | string][ansible_facts.architecture] }}"
   tasks:
     - name: Install kernel repo
       ansible.builtin.dnf:

etc/kayobe/ansible/tools/push-ofed.yml

@@ -7,9 +7,9 @@
   tasks:
     - name: Get OFED module repo variables
       ansible.builtin.set_fact:
-        doca_modules_repo_name: "{{ stackhpc_pulp_rpm_repos | selectattr('name', 'search', 'OFED') | map(attribute='name') | join('') }}"
-        doca_modules_repo_base_path: "{{ stackhpc_pulp_rpm_repos | selectattr('name', 'search', 'OFED') | map(attribute='base_path') | join('') }}"
-        doca_modules_repo_distribution_name: "{{ stackhpc_pulp_rpm_repos | selectattr('name', 'search', 'OFED') | map(attribute='distribution_name') | join('') }}"
+        doca_modules_repo_name: "{{ stackhpc_pulp_rpm_repos | selectattr('name', 'search', 'OFED') | selectattr('base_path', 'search', '/' ~ kolla_base_arch ~ '/') | map(attribute='name') | join('') }}"
+        doca_modules_repo_base_path: "{{ stackhpc_pulp_rpm_repos | selectattr('name', 'search', 'OFED') | selectattr('base_path', 'search', '/' ~ kolla_base_arch ~ '/') | map(attribute='base_path') | join('') }}"
+        doca_modules_repo_distribution_name: "{{ stackhpc_pulp_rpm_repos | selectattr('name', 'search', 'OFED') | selectattr('base_path', 'search', '/' ~ kolla_base_arch ~ '/') | map(attribute='distribution_name') | join('') }}"
 
     - name: Install python dependencies
       ansible.builtin.pip:

etc/kayobe/ofed.yml

@@ -10,8 +10,11 @@ stackhpc_pulp_doca_version: "{{ stackhpc_pulp_doca_version_matrix[stackhpc_pulp_
 
 # Available and tested versions of the pre-compiled doca-ofed kernel modules
 stackhpc_doca_kernel_version_matrix:
-    "6": 5.14.0.570.21.1.el9.6.x86.64
-    "7": 5.14.0.611.41.1.el9.7.x86.64
+    "6":
+        x86_64: 5.14.0.570.21.1.el9.6.x86.64
+    "7":
+        x86_64: 5.14.0.611.41.1.el9.7.x86.64
+        aarch64: 5.14.0.611.41.1.el9.7.aarch64
 
 ###############################################################################
 # Pulp configuration for DOCA OFED
@@ -24,11 +27,13 @@ doca_rocky_9_minor_dot: "{% if stackhpc_pulp_doca_version is version('3.2.0', '>
 # eg stackhpc_pulp_repo_doca_2_9_3_rhel9_6_version or stackhpc_pulp_repo_doca_3_2_2_rhel9_version
 doca_version_lookup_var: "stackhpc_pulp_repo_doca_{{ stackhpc_pulp_doca_version | replace('.', '_') }}_rhel{{ doca_rocky_9_minor_dot | replace('.', '_') }}_version"
 doca_modules_version_lookup_var: "stackhpc_pulp_repo_doca_{{ stackhpc_pulp_doca_version | replace('.', '_') }}_rhel9_{{ stackhpc_pulp_repo_rocky_9_minor_version }}_modules_version"
+doca_modules_aarch64_version_lookup_var: "stackhpc_pulp_repo_doca_{{ stackhpc_pulp_doca_version | replace('.', '_') }}_rhel9_{{ stackhpc_pulp_repo_rocky_9_minor_version }}_modules_aarch64_version"
 
 # DOCA Snapshot versions. The defaults use the appropriate version from
 # pulp-repo-versions.yml
 stackhpc_pulp_repo_rhel9_doca_version: "{{ lookup('vars', doca_version_lookup_var) }}"
 stackhpc_pulp_repo_rhel9_doca_modules_version: "{{ lookup('vars', doca_modules_version_lookup_var) }}"
+stackhpc_pulp_repo_rhel9_doca_modules_aarch64_version: "{{ lookup('vars', doca_modules_aarch64_version_lookup_var) }}"
 
 ###############################################################################
 # Dummy variable to allow Ansible to accept this file.

etc/kayobe/pulp-repo-versions.yml

@@ -28,6 +28,7 @@ stackhpc_pulp_repo_doca_2_9_3_rhel9_6_modules_version: 20250714T141841
 stackhpc_pulp_repo_doca_2_9_3_rhel9_6_version: 20250703T135021
 stackhpc_pulp_repo_doca_3_2_2_rhel10_aarch64_version: 20260326T091359
 stackhpc_pulp_repo_doca_3_2_2_rhel10_x86_64_version: 20260326T091359
+stackhpc_pulp_repo_doca_3_2_2_rhel9_7_modules_aarch64_version: 20260403T153134
 stackhpc_pulp_repo_doca_3_2_2_rhel9_7_modules_version: 20260403T153134
 stackhpc_pulp_repo_doca_3_2_2_rhel9_version: 20260326T091359
 stackhpc_pulp_repo_docker_ce_ubuntu_noble_version: 20260402T202840

etc/kayobe/pulp.yml

@@ -419,12 +419,24 @@ stackhpc_pulp_rpm_repos:
     base_path: "doca/{{ stackhpc_pulp_doca_version }}/rhel{{ doca_rocky_9_minor_dot }}/x86_64/"
     required: "{{ stackhpc_pulp_sync_ofed | bool and stackhpc_pulp_sync_el_9 | bool }}"
 
+  - name: DOCA Online Repo {{ stackhpc_pulp_doca_version }} - RHEL {{ doca_rocky_9_minor_dot }} aarch64
+    url: "{{ stackhpc_release_pulp_content_url }}/doca/{{ stackhpc_pulp_doca_version }}/rhel{{ doca_rocky_9_minor_dot }}/aarch64/{{ stackhpc_pulp_repo_rhel9_doca_version }}"
+    distribution_name: "doca-{{ stackhpc_pulp_doca_version }}-rhel{{ doca_rocky_9_minor_dot }}-aarch64-"
+    base_path: "doca/{{ stackhpc_pulp_doca_version }}/rhel{{ doca_rocky_9_minor_dot }}/aarch64/"
+    required: "{{ stackhpc_pulp_sync_ofed | bool and stackhpc_pulp_sync_el_9 | bool }}"
+
   - name: OFED Kernel modules for DOCA {{ stackhpc_pulp_doca_version }} - RHEL 9.{{ stackhpc_pulp_repo_rocky_9_minor_version }}
     url: "{{ stackhpc_release_pulp_content_url }}/doca-modules/{{ stackhpc_pulp_doca_version }}/rhel9.{{ stackhpc_pulp_repo_rocky_9_minor_version }}/x86_64/{{ stackhpc_pulp_repo_rhel9_doca_modules_version }}"
     distribution_name: "doca-modules-{{ stackhpc_pulp_doca_version }}-rhel9.{{ stackhpc_pulp_repo_rocky_9_minor_version }}-"
     base_path: "doca-modules/{{ stackhpc_pulp_doca_version }}/rhel9.{{ stackhpc_pulp_repo_rocky_9_minor_version }}/x86_64/"
     required: "{{ stackhpc_pulp_sync_ofed | bool and stackhpc_pulp_sync_el_9 | bool }}"
 
+  - name: OFED Kernel modules for DOCA {{ stackhpc_pulp_doca_version }} - RHEL 9.{{ stackhpc_pulp_repo_rocky_9_minor_version }} aarch64
+    url: "{{ stackhpc_release_pulp_content_url }}/doca-modules/{{ stackhpc_pulp_doca_version }}/rhel9.{{ stackhpc_pulp_repo_rocky_9_minor_version }}/aarch64/{{ stackhpc_pulp_repo_rhel9_doca_modules_aarch64_version }}"
+    distribution_name: "doca-modules-{{ stackhpc_pulp_doca_version }}-rhel9.{{ stackhpc_pulp_repo_rocky_9_minor_version }}-aarch64-"
+    base_path: "doca-modules/{{ stackhpc_pulp_doca_version }}/rhel9.{{ stackhpc_pulp_repo_rocky_9_minor_version }}/aarch64/"
+    required: "{{ stackhpc_pulp_sync_ofed | bool and stackhpc_pulp_sync_el_9 | bool }}"
+
   # Base Rocky 10 repositories
   - name: Rocky Linux 10 - AppStream
     url: "{{ stackhpc_release_pulp_content_url }}/rocky/10.{{ stackhpc_pulp_repo_rocky_10_minor_version }}/AppStream/x86_64/os/{{ stackhpc_pulp_repo_rocky_10_appstream_version }}"
@@ -511,6 +523,12 @@ stackhpc_pulp_rpm_repos:
     base_path: "doca/3.2.2/rhel10/x86_64/"
     required: "{{ stackhpc_pulp_sync_ofed | bool and stackhpc_pulp_sync_el_10 | bool }}"
 
+  - name: DOCA Online Repo 3.2.2 - RHEL 10 aarch64
+    url: "{{ stackhpc_release_pulp_content_url }}/doca/3.2.2/rhel10/aarch64/{{ stackhpc_pulp_repo_doca_3_2_2_rhel10_aarch64_version }}"
+    distribution_name: "doca-3.2.2-rhel10-aarch64-"
+    base_path: "doca/3.2.2/rhel10/aarch64/"
+    required: "{{ stackhpc_pulp_sync_ofed | bool and stackhpc_pulp_sync_el_10 | bool }}"
+
 # RPM repositories
 stackhpc_pulp_repository_rpm_repos: >-
   {%- set rpm_repos = [] -%}