Build Rocky Linux 10 container images

Changes:
* Updated workflow to build Rocky 10 Kolla container images
* Updated ci-builder environment to enable valkey image building on
  Rocky 10 (and enable redis image building on Rocky 9/Ubuntu Noble)
* Updated ci-builder and ci-aio environments with pulp tags for Rocky
  10 repositories
* Added new OVN-LTS repository into pulp repository configuration
* Added Rocky 10 repositories into Kolla configuration
* Added new `stackhpc_enable_ovn_lts_repo` flag to Kolla configuration
  to inject OVN-LTS repository into repository sources
* Updated Kolla build customisations to separate out Rocky 9 and 10
  customisations, and added customisations for Rocky 10
* Added valkey images to pulp image list, and updated unbuildable
  images lists to reflect
* Updated DNF configuration to include Rocky 10 repositories
* Updated kolla-images.py to support Rocky 10 as a base distro
* Added initial tag for Rocky 10 containers

Author: owenjones

.github/workflows/package-build-ofed.yml

@@ -235,15 +235,19 @@ jobs:
         run: |
           source venvs/kayobe/bin/activate &&
           source src/kayobe-config/kayobe-env --environment ci-doca-builder &&
-          kayobe seed host configure --skip-tags network,docker,docker-registry
+          kayobe seed host configure --skip-tags network,docker,docker-registry \
+          -e os_distribution="rocky" \
+          -e os_release="9"
         env:
           KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD_CI_BUILDER }}
 
       - name: Run a distro-sync
         run: |
           source venvs/kayobe/bin/activate &&
           source src/kayobe-config/kayobe-env --environment ci-doca-builder &&
-          kayobe seed host command run --become --command "dnf distro-sync --refresh --assumeyes"
+          kayobe seed host command run --become --command "dnf distro-sync --refresh --assumeyes" \
+          -e os_distribution="rocky" \
+          -e os_release="9"
         env:
           KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD_CI_BUILDER }}
 
@@ -285,7 +289,8 @@ jobs:
           source venvs/kayobe/bin/activate &&
           source src/kayobe-config/kayobe-env --environment ci-doca-builder &&
           kayobe playbook run src/kayobe-config/etc/kayobe/ansible/tools/push-ofed.yml \
-          -e "ofed_tag=${{ needs.create-tag.outputs.ofed_tag }}"
+          -e "ofed_tag=${{ needs.create-tag.outputs.ofed_tag }}" \
+          -e os_release="9"
         env:
           KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD_CI_BUILDER }}
 
@@ -462,6 +467,8 @@ jobs:
           source venvs/kayobe/bin/activate &&
           source src/kayobe-config/kayobe-env --environment ci-doca-builder &&
           kayobe seed host configure --skip-tags network,docker,docker-registry \
+          -e os_distribution="rocky" \
+          -e os_release="9" \
           -e kolla_base_arch="aarch64"
         env:
           KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD_CI_BUILDER }}
@@ -471,6 +478,8 @@ jobs:
           source venvs/kayobe/bin/activate &&
           source src/kayobe-config/kayobe-env --environment ci-doca-builder &&
           kayobe seed host command run --become --command "dnf distro-sync --refresh --assumeyes" \
+          -e os_distribution="rocky" \
+          -e os_release="9" \
           -e kolla_base_arch="aarch64"
         env:
           KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD_CI_BUILDER }}
@@ -515,6 +524,7 @@ jobs:
           source src/kayobe-config/kayobe-env --environment ci-doca-builder &&
           kayobe playbook run src/kayobe-config/etc/kayobe/ansible/tools/push-ofed.yml \
           -e "ofed_tag=${{ needs.create-tag.outputs.ofed_tag }}" \
+          -e os_release="9"
           -e kolla_base_arch="aarch64"
         env:
           KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD_CI_BUILDER }}

.github/workflows/stackhpc-container-image-build.yml

@@ -23,6 +23,11 @@ on:
         type: boolean
         required: false
         default: true
+      rocky-linux-10:
+        description: Build Rocky Linux 10 images?
+        type: boolean
+        required: false
+        default: true
       ubuntu-noble:
         description: Build Ubuntu Noble 24.04 images?
         type: boolean
@@ -66,7 +71,7 @@ jobs:
     steps:
       - name: Validate inputs
         run: |
-          if [[ ${{ inputs.rocky-linux-9 }} == 'false' && ${{ inputs.ubuntu-noble }} == 'false' ]]; then
+          if [[ ${{ inputs.rocky-linux-9 }} == 'false' && ${{ inputs.rocky-linux-10 }} == 'false' && ${{ inputs.ubuntu-noble }} == 'false' ]]; then
             echo "At least one distribution must be selected"
             exit 1
           fi
@@ -104,6 +109,10 @@ jobs:
               output+="{'name': 'rocky', 'release': 9, 'arch': 'amd64'},"
               output+="{'name': 'rocky', 'release': 9, 'arch': 'aarch64'},"
           fi
+          if [[ ${{ inputs.rocky-linux-10 }} == 'true' ]]; then
+              output+="{'name': 'rocky', 'release': 10, 'arch': 'amd64'},"
+              output+="{'name': 'rocky', 'release': 10, 'arch': 'aarch64'},"
+          fi
           if [[ ${{ inputs.ubuntu-noble }} == 'true' ]]; then
               output+="{'name': 'ubuntu', 'release': 'noble', 'arch': 'amd64'},"
           fi
@@ -346,7 +355,7 @@ jobs:
   create-manifests:
     # Only for Rocky Linux for now
     name: Create Multiarch Docker Manifests
-    if: github.repository == 'stackhpc/stackhpc-kayobe-config' && inputs.push && inputs.rocky-linux-9
+    if: github.repository == 'stackhpc/stackhpc-kayobe-config' && inputs.push && (inputs.rocky-linux-9 || inputs.rocky-linux-10)
     runs-on: ${{ needs.runner-selection.outputs.runner_name_container_image_build }}
     permissions: {}
     needs:

etc/kayobe/dnf.yml

@@ -41,16 +41,18 @@
 #     file: myrepo
 #     gpgkey: http://gpgkey
 #     gpgcheck: yes
-dnf_custom_repos: "{{ stackhpc_dnf_repos if stackhpc_repos_enabled | bool else [] }}"
+dnf_custom_repos: "{{ stackhpc_dnf_repos[os_release] | default({}) if stackhpc_repos_enabled | bool else {} }}"
 
 # A dict of custom repositories that point to the local Pulp server.
 # To use these repos, set stackhpc_repos_enabled to true.
 # This is done by default for hosts in the overcloud group via a group_vars
 # file.
-stackhpc_dnf_repos: "{{ dnf_custom_repos_el9 | combine(dnf_custom_repos_rocky_9) | combine(dnf_custom_repos_elrepo_9 if dnf_install_elrepo_9 | bool else {}) | combine(dnf_custom_repos_doca if dnf_install_doca | bool else {}) }}"
+stackhpc_dnf_repos:
+  "9": "{{ dnf_custom_repos_el9 | combine(dnf_custom_repos_rocky_9) | combine(dnf_custom_repos_elrepo_9 if dnf_install_elrepo_9 | bool else {}) | combine(dnf_custom_repos_doca_rocky_9 if dnf_install_doca | bool else {}) }}"
+  "10": "{{ dnf_custom_repos_el10 | combine(dnf_custom_repos_rocky_10) | combine(dnf_custom_repos_elrepo_10 if dnf_install_elrepo_10 | bool else {}) | combine(dnf_custom_repos_doca_rocky_10 if dnf_install_doca | bool else {}) }}"
 
 # DOCA repositories
-dnf_custom_repos_doca:
+dnf_custom_repos_doca_rocky_9:
   doca:
     baseurl: "{{ stackhpc_repo_rhel9_doca_url }}"
     description: "DOCA Online Repo {{ stackhpc_pulp_doca_version }} - RHEL $releasever"
@@ -70,7 +72,28 @@ dnf_custom_repos_doca:
     username: "{{ stackhpc_repo_mirror_username | default(omit, true) }}"
     password: "{{ stackhpc_repo_mirror_password | default(omit, true) }}"
 
-# Custom repositories shared between all RHEL 9 derivatives.
+dnf_custom_repos_doca_rocky_10:
+  doca:
+    baseurl: "{{ stackhpc_repo_rhel10_doca_url }}"
+    description: "DOCA Online Repo {{ stackhpc_pulp_doca_version }} - RHEL $releasever"
+    enabled: "{{ dnf_enable_doca | bool | default(false) }}"
+    priority: -1
+    file: doca
+    gpgcheck: no
+    username: "{{ stackhpc_repo_mirror_username | default(omit, true) }}"
+    password: "{{ stackhpc_repo_mirror_password | default(omit, true) }}"
+    # TODO(owenjones): update this once repo for Rocky 10 has been created in Pulp
+    # doca-modules:
+    #   baseurl: "{{ stackhpc_repo_rhel9_doca_modules_url }}"
+    #   description: "OFED Kernel module repository for DOCA {{ stackhpc_pulp_doca_version }} - RHEL $releasever"
+    #   enabled: "{{ dnf_enable_doca_modules | bool | default(false) }}"
+    #   priority: -1
+    #   file: doca
+    #   gpgcheck: no
+    #   username: "{{ stackhpc_repo_mirror_username | default(omit, true) }}"
+    #   password: "{{ stackhpc_repo_mirror_password | default(omit, true) }}"
+
+# Custom repositories shared between all RHEL 9/10 derivatives.
 dnf_custom_repos_el9:
   epel:
     baseurl: "{{ stackhpc_repo_epel_9_url }}"
@@ -91,94 +114,164 @@ dnf_custom_repos_el9:
     username: "{{ stackhpc_repo_mirror_username | default(omit, true) }}"
     password: "{{ stackhpc_repo_mirror_password | default(omit, true) }}"
 
-# ELRepo 9
+dnf_custom_repos_el10:
+  epel:
+    baseurl: "{{ stackhpc_repo_epel_10_url }}"
+    description: "Extra Packages for Enterprise Linux $releasever - $basearch"
+    enabled: "{{ dnf_enable_epel | bool }}"
+    file: epel
+    gpgkey: "{{ dnf_epel_10_gpg_key_url }}"
+    gpgcheck: yes
+    username: "{{ stackhpc_repo_mirror_username | default(omit, true) }}"
+    password: "{{ stackhpc_repo_mirror_password | default(omit, true) }}"
+  docker:
+    baseurl: "{{ stackhpc_repo_centos_stream_10_docker_url }}"
+    description: "Package repository for installing docker"
+    enabled: "{{ dnf_enable_docker | bool }}"
+    file: docker
+    gpgkey: "{{ dnf_docker_gpg_key_url }}"
+    gpgcheck: yes
+    username: "{{ stackhpc_repo_mirror_username | default(omit, true) }}"
+    password: "{{ stackhpc_repo_mirror_password | default(omit, true) }}"
+
+# ELRepo 9/10
 dnf_custom_repos_elrepo_9:
   elrepo:
     baseurl: "{{ stackhpc_repo_elrepo_9_url }}"
     description: "ELRepo.org Community Enterprise Linux Repository - el9"
     enabled: "{{ dnf_enable_elrepo_9 | bool }}"
     file: elrepo
-    gpgkey: https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
+    gpgkey:
+      - "{{ dnf_elrepo_gpg_key_url }}"
+      - "{{ dnf_elrepo_gpg_v2_key_url }}"
+    gpgcheck: yes
+    username: "{{ stackhpc_repo_mirror_username | default(omit, true) }}"
+    password: "{{ stackhpc_repo_mirror_password | default(omit, true) }}"
+
+dnf_custom_repos_elrepo_10:
+  elrepo:
+    baseurl: "{{ stackhpc_repo_elrepo_10_url }}"
+    description: "ELRepo.org Community Enterprise Linux Repository - el10"
+    enabled: "{{ dnf_enable_elrepo_10 | bool }}"
+    file: elrepo
+    gpgkey: "{{ dnf_elrepo_gpg_v2_key_url }}"
     gpgcheck: yes
     username: "{{ stackhpc_repo_mirror_username | default(omit, true) }}"
     password: "{{ stackhpc_repo_mirror_password | default(omit, true) }}"
 
-# Rocky 9 specific repositories
+# Rocky 9/10 specific repositories
 dnf_custom_repos_rocky_9:
   appstream:
     baseurl: "{{ stackhpc_repo_rocky_9_appstream_url }}"
     description: "Rocky Linux $releasever - AppStream"
     file: rocky
-    gpgkey: "{{ rocky_9_gpg_key }}"
+    gpgkey: "{{ dnf_rocky_9_gpg_key_url }}"
     gpgcheck: yes
     username: "{{ stackhpc_repo_mirror_username | default(omit, true) }}"
     password: "{{ stackhpc_repo_mirror_password | default(omit, true) }}"
   baseos:
     baseurl: "{{ stackhpc_repo_rocky_9_baseos_url }}"
     description: "Rocky Linux $releasever - BaseOS"
     file: rocky
-    gpgkey: "{{ rocky_9_gpg_key }}"
+    gpgkey: "{{ dnf_rocky_9_gpg_key_url }}"
     gpgcheck: yes
     username: "{{ stackhpc_repo_mirror_username | default(omit, true) }}"
     password: "{{ stackhpc_repo_mirror_password | default(omit, true) }}"
   crb:
     baseurl: "{{ stackhpc_repo_rocky_9_crb_url }}"
     description: "Rocky Linux $releasever - CRB"
     file: rocky
-    gpgkey: "{{ rocky_9_gpg_key }}"
+    gpgkey: "{{ dnf_rocky_9_gpg_key_url }}"
     gpgcheck: yes
     username: "{{ stackhpc_repo_mirror_username | default(omit, true) }}"
     password: "{{ stackhpc_repo_mirror_password | default(omit, true) }}"
   extras:
     baseurl: "{{ stackhpc_repo_rocky_9_extras_url }}"
     description: "Rocky Linux $releasever - Extras"
     file: rocky-extras
-    gpgkey: "{{ rocky_9_gpg_key }}"
+    gpgkey: "{{ dnf_rocky_9_gpg_key_url }}"
     gpgcheck: yes
     username: "{{ stackhpc_repo_mirror_username | default(omit, true) }}"
     password: "{{ stackhpc_repo_mirror_password | default(omit, true) }}"
   security-common:
     baseurl: "{{ stackhpc_repo_rocky_9_sig_security_common_url }}"
     description: "Rocky Linux $releasever - SIG Security Common"
     file: Rocky-SIG-Security-Common
-    gpgkey: "{{ rocky_9_sig_security_gpg_key }}"
+    gpgkey: "{{ dnf_rocky_9_sig_security_gpg_key_url }}"
     gpgcheck: yes
     includepkgs: "openssh*"
     username: "{{ stackhpc_repo_mirror_username | default(omit, true) }}"
     password: "{{ stackhpc_repo_mirror_password | default(omit, true) }}"
 
+dnf_custom_repos_rocky_10:
+  appstream:
+    baseurl: "{{ stackhpc_repo_rocky_10_appstream_url }}"
+    description: "Rocky Linux $releasever - AppStream"
+    file: rocky
+    gpgkey: "{{ dnf_rocky_10_gpg_key_url }}"
+    gpgcheck: yes
+    username: "{{ stackhpc_repo_mirror_username | default(omit, true) }}"
+    password: "{{ stackhpc_repo_mirror_password | default(omit, true) }}"
+  baseos:
+    baseurl: "{{ stackhpc_repo_rocky_10_baseos_url }}"
+    description: "Rocky Linux $releasever - BaseOS"
+    file: rocky
+    gpgkey: "{{ dnf_rocky_10_gpg_key_url }}"
+    gpgcheck: yes
+    username: "{{ stackhpc_repo_mirror_username | default(omit, true) }}"
+    password: "{{ stackhpc_repo_mirror_password | default(omit, true) }}"
+  crb:
+    baseurl: "{{ stackhpc_repo_rocky_10_crb_url }}"
+    description: "Rocky Linux $releasever - CRB"
+    file: rocky
+    gpgkey: "{{ dnf_rocky_10_gpg_key_url }}"
+    gpgcheck: yes
+    username: "{{ stackhpc_repo_mirror_username | default(omit, true) }}"
+    password: "{{ stackhpc_repo_mirror_password | default(omit, true) }}"
+  extras:
+    baseurl: "{{ stackhpc_repo_rocky_10_extras_url }}"
+    description: "Rocky Linux $releasever - Extras"
+    file: rocky-extras
+    gpgkey: "{{ dnf_rocky_10_gpg_key_url }}"
+    gpgcheck: yes
+    username: "{{ stackhpc_repo_mirror_username | default(omit, true) }}"
+    password: "{{ stackhpc_repo_mirror_password | default(omit, true) }}"
+
+# GPG key urls
+dnf_docker_gpg_key_url: "https://download.docker.com/linux/centos/gpg"
+dnf_elrepo_gpg_key_url: "https://www.elrepo.org/RPM-GPG-KEY-elrepo.org"
+dnf_elrepo_gpg_v2_key_url: "https://www.elrepo.org/RPM-GPG-KEY-v2-elrepo.org"
+dnf_epel_10_gpg_key_url: "https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-10"
+dnf_epel_9_gpg_key_url: "https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-9"
+dnf_rocky_10_gpg_key_url: "https://dl.rockylinux.org/pub/rocky/RPM-GPG-KEY-Rocky-10"
+dnf_rocky_9_gpg_key_url: "https://dl.rockylinux.org/pub/rocky/RPM-GPG-KEY-Rocky-9"
+dnf_rocky_9_sig_security_gpg_key_url: "https://dl.rockylinux.org/pub/sig/9/security/x86_64/security-common/RPM-GPG-KEY-Rocky-SIG-Security"
+
 # Whether to enable EPEL repositories. This affects RedHat-based systems only.
 dnf_enable_epel: "{{ dnf_install_epel | bool }}"
 
 # Whether to enable the ELRepo repository. This affects RedHat-based, 9.x release systems only.
 dnf_enable_elrepo_9: "{{ dnf_install_elrepo_9 | bool }}"
+dnf_enable_elrepo_10: "{{ dnf_install_elrepo_10 | bool }}"
 
 # Whether to enable DOCA repositories. This affects RedHat-based systems only.
 dnf_enable_doca: "{{ dnf_install_doca | bool }}"
 
 # Whether to enable the DOCA kernel module repository. This affects RedHat-based systems only.
 dnf_enable_doca_modules: "{{ dnf_install_doca | bool }}"
 
-# URL of EPEL GPG keys.
-dnf_epel_9_gpg_key_url: "https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-9"
-
-rocky_9_gpg_key: "https://dl.rockylinux.org/pub/rocky/RPM-GPG-KEY-Rocky-9"
-rocky_9_sig_security_gpg_key: "https://dl.rockylinux.org/pub/sig/9/security/x86_64/security-common/RPM-GPG-KEY-Rocky-SIG-Security"
-
 # Whether to install the epel-release package. This affects RedHat-based
 # systems only. Default value is 'false'.
 #dnf_install_epel:
 
 # Whether to create a repo file for ELRepo. This affects RedHat-based
 # systems only.
 dnf_install_elrepo_9: false
+dnf_install_elrepo_10: false
 
 # Whether to enable docker dnf repo in stackhpc_dnf_repos
 dnf_enable_docker: true
 
-#URL of docker repo GPG key
-dnf_docker_gpg_key_url: "https://download.docker.com/linux/centos/gpg"
-
 # Whether to create a repo file for DOCA. This affects RedHat-based
 # systems only.
 dnf_install_doca: "{{ 'mlnx' in group_names }}"