Merge branch 'stackhpc/2025.1' into os-capacity-binding

Author: dougszumski

.github/workflows/overcloud-host-image-build.yml

@@ -7,6 +7,10 @@ on:
         description: Build Rocky Linux 9
         type: boolean
         default: true
+      rocky10:
+        description: Build Rocky Linux 10
+        type: boolean
+        default: true
       ubuntu-noble:
         description: Build Ubuntu 24.04 Noble
         type: boolean
@@ -53,7 +57,7 @@ jobs:
     steps:
       - name: Validate inputs
         run: |
-          if [[ ${{ inputs.rocky9 }} == 'false' && ${{ inputs.ubuntu-noble }} == 'false' ]]; then
+          if [[ ${{ inputs.rocky9 }} == 'false' && ${{ inputs.rocky10 }} == 'false' && ${{ inputs.ubuntu-noble }} == 'false' ]]; then
             echo "At least one distribution must be selected"
             exit 1
           fi
@@ -292,6 +296,74 @@ jobs:
           KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD_CI_BUILDER }}
         if: inputs.rocky9 && steps.build_rocky_9.outcome == 'success'
 
+      - name: Build a Rocky Linux 10 overcloud host image
+        id: build_rocky_10
+        continue-on-error: true
+        run: |
+          source venvs/kayobe/bin/activate &&
+          source src/kayobe-config/kayobe-env --environment ci-builder &&
+          kayobe overcloud host image build --force-rebuild \
+          -e os_distribution="rocky" \
+          -e os_release="10" \
+          -e stackhpc_overcloud_dib_name=overcloud-rocky-10
+        env:
+          KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD_CI_BUILDER }}
+        if: inputs.rocky10
+
+      - name: Show last error logs
+        continue-on-error: true
+        run: |
+          source venvs/kayobe/bin/activate &&
+          source src/kayobe-config/kayobe-env --environment ci-builder &&
+          kayobe seed host command run --command "tail -200 /opt/kayobe/images/overcloud-rocky-10/overcloud-rocky-10.stdout" --show-output
+        env:
+          KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD_CI_BUILDER }}
+        if: steps.build_rocky_10.outcome == 'failure'
+
+      - name: Upload Rocky Linux 10 overcloud host image to current Dev Cloud (SMS/Leafcloud)
+        run: |
+          source venvs/kayobe/bin/activate &&
+          source src/kayobe-config/kayobe-env --environment ci-builder &&
+          kayobe playbook run \
+          src/kayobe-config/etc/kayobe/ansible/tools/openstack-host-image-upload.yml \
+          -e local_image_path="/opt/kayobe/images/overcloud-rocky-10/overcloud-rocky-10.qcow2" \
+          -e image_name=overcloud-rocky-10-${{ steps.host_image_tag.outputs.host_image_tag }}
+        env:
+          CLOUDS_YAML: ${{ secrets.CLOUDS_YAML }}
+          OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }}
+          OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }}
+        if: inputs.rocky10 && steps.build_rocky_10.outcome == 'success'
+
+      - name: Upload Rocky Linux 10 overcloud host image to other Dev Cloud (Leafcloud/SMS)
+        run: |
+          source venvs/kayobe/bin/activate &&
+          source src/kayobe-config/kayobe-env --environment ci-builder &&
+          kayobe playbook run \
+          src/kayobe-config/etc/kayobe/ansible/tools/openstack-host-image-upload.yml \
+          -e local_image_path="/opt/kayobe/images/overcloud-rocky-10/overcloud-rocky-10.qcow2" \
+          -e image_name=overcloud-rocky-10-${{ steps.host_image_tag.outputs.host_image_tag }}
+        env:
+          CLOUDS_YAML: ${{ secrets.CLOUDS_YAML_OTHER_CLOUD }}
+          OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID_OTHER_CLOUD }}
+          OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET_OTHER_CLOUD }}
+        if: inputs.rocky10 && steps.build_rocky_10.outcome == 'success'
+
+      - name: Upload Rocky Linux 10 overcloud host image to Ark
+        run: |
+          source venvs/kayobe/bin/activate &&
+          source src/kayobe-config/kayobe-env --environment ci-builder &&
+          kayobe playbook run \
+          src/kayobe-config/etc/kayobe/ansible/pulp/pulp-artifact-upload.yml \
+          -e artifact_path=/opt/kayobe/images/overcloud-rocky-10 \
+          -e artifact_tag=${{ steps.host_image_tag.outputs.host_image_tag }} \
+          -e artifact_type="kayobe-images" \
+          -e file_regex="*.qcow2" \
+          -e os_distribution="rocky" \
+          -e os_release="10"
+        env:
+          KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD_CI_BUILDER }}
+        if: inputs.rocky10 && steps.build_rocky_10.outcome == 'success'
+
       - name: Build an Ubuntu Noble 24.04 overcloud host image
         id: build_ubuntu_noble
         continue-on-error: true
@@ -373,6 +445,7 @@ jobs:
           echo "Builds failed. See workflow artifacts for details." &&
           exit 1
         if: steps.build_rocky_9.outcome == 'failure' ||
+            steps.build_rocky_10.outcome == 'failure' ||
             steps.build_ubuntu_noble.outcome == 'failure'
 
       - name: Upload logs artifact
@@ -398,6 +471,7 @@ jobs:
           --repo stackhpc/stackhpc-kayobe-config \
           --ref $BRANCH_NAME \
           $(if [[ "${{ inputs.rocky9 }}" == "true" ]]; then echo "-f rocky9_tag=${{ steps.host_image_tag.outputs.host_image_tag }}"; fi) \
+          $(if [[ "${{ inputs.rocky10 }}" == "true" ]]; then echo "-f rocky10_tag=${{ steps.host_image_tag.outputs.host_image_tag }}"; fi) \
           $(if [[ "${{ inputs.ubuntu-noble }}" == "true" ]]; then echo "-f ubuntu_noble_tag=${{ steps.host_image_tag.outputs.host_image_tag }}"; fi)
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/overcloud-host-image-promote.yml

@@ -7,6 +7,10 @@ on:
         description: Promote Rocky Linux 9
         type: boolean
         default: true
+      rocky10:
+        description: Promote Rocky Linux 10
+        type: boolean
+        default: true
       ubuntu-noble:
         description: Promote Ubuntu 24.04 Noble
         type: boolean
@@ -21,7 +25,7 @@ jobs:
     steps:
       - name: Validate inputs
         run: |
-          if [[ ${{ inputs.rocky9 }} == 'false' && ${{ inputs.ubuntu-noble }} == 'false' ]]; then
+          if [[ ${{ inputs.rocky9 }} == 'false' && ${{ inputs.rocky10 }} == 'false' && ${{ inputs.ubuntu-noble }} == 'false' ]]; then
             echo "At least one distribution must be selected"
             exit 1
           fi
@@ -74,6 +78,13 @@ jobs:
         working-directory: src/kayobe-config
         if: inputs.rocky9
 
+      - name: Gather Rocky Linux 10 overcloud host image tag
+        id: rocky10_image_tag
+        run: |
+          echo image_tag=$(grep stackhpc_rocky_10_overcloud_host_image_version: etc/kayobe/pulp-host-image-versions.yml | awk '{print $2}') >> $GITHUB_OUTPUT
+        working-directory: src/kayobe-config
+        if: inputs.rocky10
+
       - name: Gather Ubuntu Noble overcloud host image tag
         id: ubuntu_noble_image_tag
         run: |
@@ -95,6 +106,20 @@ jobs:
           KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD_CI_BUILDER }}
         if: inputs.rocky9
 
+      - name: Promote Rocky Linux 10 overcloud host image artifact
+        run: |
+          source venvs/kayobe/bin/activate &&
+          source src/kayobe-config/kayobe-env --environment ci-builder &&
+          kayobe playbook run \
+          src/kayobe-config/etc/kayobe/ansible/pulp/pulp-artifact-promote.yml \
+          -e artifact_type="kayobe-images" \
+          -e os_distribution='rocky' \
+          -e os_release='10' \
+          -e promotion_tag=${{ steps.rocky10_image_tag.outputs.image_tag }}
+        env:
+          KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD_CI_BUILDER }}
+        if: inputs.rocky10
+
       - name: Promote Ubuntu Noble 24.04 overcloud host image artifact
         run: |
           source venvs/kayobe/bin/activate &&

.github/workflows/overcloud-host-image-upload.yml

@@ -7,6 +7,10 @@ on:
         description: Upload Rocky Linux 9
         type: boolean
         default: true
+      rocky10:
+        description: Upload Rocky Linux 10
+        type: boolean
+        default: true
       ubuntu-noble:
         description: Upload Ubuntu 24.04 Noble
         type: boolean
@@ -50,7 +54,7 @@ jobs:
     steps:
       - name: Validate inputs
         run: |
-          if [[ ${{ inputs.rocky9 }} == 'false' && ${{ inputs.ubuntu-noble }} == 'false' ]]; then
+          if [[ ${{ inputs.rocky9 }} == 'false' && ${{ inputs.rocky10 }} == 'false' && ${{ inputs.ubuntu-noble }} == 'false' ]]; then
             echo "At least one distribution must be selected"
             exit 1
           fi
@@ -141,6 +145,51 @@ jobs:
           OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }}
         if: inputs.rocky9 && steps.rocky_9_image_exists.outcome == 'failure'
 
+      - name: Output Rocky Linux 10 image tag
+        id: rocky_10_image_tag
+        run: |
+          echo image_tag=$(grep stackhpc_rocky_10_overcloud_host_image_version: src/kayobe-config/etc/kayobe/pulp-host-image-versions.yml | awk '{print $2}') >> $GITHUB_OUTPUT
+
+      - name: Check if image exists already
+        id: rocky_10_image_exists
+        run: |
+          source venvs/kayobe/bin/activate &&
+          openstack image show \
+          overcloud-rocky-10-${{ steps.rocky_10_image_tag.outputs.image_tag }}
+        env:
+          OS_CLOUD: openstack
+          OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }}
+          OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }}
+        continue-on-error: true
+
+      - name: Download Rocky Linux 10 overcloud host image from Ark
+        run: |
+          source venvs/kayobe/bin/activate &&
+          source src/kayobe-config/kayobe-env --environment ${{ inputs.kayobe-environment }} &&
+          kayobe playbook run \
+          src/kayobe-config/etc/kayobe/ansible/pulp/pulp-host-image-download.yml \
+          -e os_distribution="rocky" \
+          -e os_release="10"
+        env:
+          KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD_CI_BUILDER }}
+        if: inputs.rocky10 && steps.rocky_10_image_exists.outcome == 'failure'
+
+      - name: Upload Rocky Linux 10 overcloud host image to Cloud
+        run: |
+          source venvs/kayobe/bin/activate &&
+          openstack image create \
+          overcloud-rocky-10-${{ steps.rocky_10_image_tag.outputs.image_tag }} \
+          --container-format bare \
+          --disk-format qcow2 \
+          --file /tmp/rocky-10.qcow2 \
+          --private \
+          --progress
+        env:
+          OS_CLOUD: openstack
+          OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }}
+          OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }}
+        if: inputs.rocky10 && steps.rocky_10_image_exists.outcome == 'failure'
+
       - name: Output Ubuntu Noble image tag
         id: ubuntu_noble_image_tag
         run: |

.github/workflows/stackhpc-all-in-one.yml

@@ -77,12 +77,12 @@ jobs:
   runner-selection:
     uses: ./.github/workflows/runner-selector.yml
     with:
-      runner_env: ${{ inputs.upgrade == true && 'Leafcloud' || inputs.runner_env }}
+      runner_env: ${{ inputs.runner_env }}
   # NOTE: Runner needs unzip and nodejs packages.
   all-in-one:
     name: All in one
     if: ${{ inputs.if && !cancelled() }}
-    environment: ${{ inputs.upgrade == true && 'Leafcloud' || inputs.runner_env }}
+    environment: ${{ inputs.runner_env }}
     runs-on: ${{ needs.runner-selection.outputs.runner_name_aio }}
     needs:
       - runner-selection

.github/workflows/update-overcloud-host-image-tags.yml

@@ -7,6 +7,9 @@ on:
       rocky9_tag:
         description: Overcloud host image tag for Rocky 9
         type: string
+      rocky10_tag:
+        description: Overcloud host image tag for Rocky 10
+        type: string
       ubuntu_noble_tag:
         description: Overcloud host image tag for Ubuntu
         type: string
@@ -31,6 +34,11 @@ jobs:
           sed -i "/stackhpc_rocky_9_overcloud_host_image_version/s/.*/stackhpc_rocky_9_overcloud_host_image_version: ${{ inputs.rocky9_tag }}/" ${{ github.workspace }}/src/kayobe-config/etc/kayobe/pulp-host-image-versions.yml
         if: "${{ inputs.rocky9_tag != '' }}"
 
+      - name: Update Rocky 10 overcloud host image tag
+        run: |
+          sed -i "/stackhpc_rocky_10_overcloud_host_image_version/s/.*/stackhpc_rocky_10_overcloud_host_image_version: ${{ inputs.rocky10_tag }}/" ${{ github.workspace }}/src/kayobe-config/etc/kayobe/pulp-host-image-versions.yml
+        if: "${{ inputs.rocky10_tag != '' }}"
+
       - name: Update Ubuntu Noble overcloud host image tag
         run: |
           sed -i "/stackhpc_ubuntu_noble_overcloud_host_image_version/s/.*/stackhpc_ubuntu_noble_overcloud_host_image_version: ${{ inputs.ubuntu_noble_tag }}/" ${{ github.workspace }}/src/kayobe-config/etc/kayobe/pulp-host-image-versions.yml
@@ -43,14 +51,15 @@ jobs:
           commit-message: >-
             Bump overcloud host image tags
           author: stackhpc-ci <22933334+stackhpc-ci@users.noreply.github.com>
-          branch: bump-overcloud-host-images-${{ inputs.rocky9_tag }}-${{ inputs.ubuntu_noble_tag }}
+          branch: bump-overcloud-host-images-${{ inputs.rocky9_tag }}-${{ inputs.rocky10_tag }}-${{ inputs.ubuntu_noble_tag }}
           delete-branch: true
           title: >-
             Bump overcloud host image tags 
           body: |
             This PR was created automatically to update the overcloud host image
             tags.
             Rocky 9: ${{ inputs.rocky9_tag }}
+            Rocky 10: ${{ inputs.rocky10_tag }}
             Ubuntu Noble: ${{ inputs.ubuntu_noble_tag }}
           labels: |
             automated

doc/source/configuration/monitoring.rst

@@ -69,6 +69,12 @@ present, the workaround is to go into each node running Grafana and manually
 restart the process with ``systemctl restart kolla-grafana-container.service``
 and then try the reconfigure command again.)
 
+.. note::
+   If the environment defines additional Prometheus Node Exporter startup parameters
+   via ``prometheus_node_exporter_cmdline_extras``, the parameters should be updated
+   to include the textfile collector used by SMART monitoring:
+   ``--collector.textfile.directory=/var/lib/node_exporter/textfile_collector``
+
 Once the reconfigure has completed you can now run the custom playbook which
 copies over the scripts and sets up the cron jobs to start SMART monitoring
 on the overcloud hosts:
@@ -81,6 +87,27 @@ on the overcloud hosts:
 SMART reporting should now be enabled along with a Prometheus alert for
 unhealthy disks and a Grafana dashboard called ``Hardware Overview``.
 
+Monitoring Drive Writes Per Day
+-------------------------------
+
+Drives can be monitored for the level of write intensity of the
+workload, and alerts defined for drives that are persistently
+exceeding their stated level of write endurance.  To enable this
+feature, set the flag ``create_dwpd_ratings``:
+
+.. code-block:: console
+
+    (kayobe) [stack@node ~]$ cd etc/kayobe
+    (kayobe) [stack@node kayobe]$ kayobe playbook run ansible/deployment/smartmon-tools.yml -e create_dwpd_ratings=true
+
+This flag scans for NVME/SSD devices in the system and creates a new
+file, ``dwpd-ratings.yml``, in the directory of the current environment.
+
+.. note::
+   The playbook assigns placeholder values for write endurance for each
+   drive model. These values should be updated with specifications from
+   vendor datasheets.
+
 Alertmanager, Slack and Microsoft Teams
 =======================================
 

doc/source/configuration/openbao.rst

@@ -236,8 +236,8 @@ Certificates generation
 Create the external TLS certificates (testing only)
 ---------------------------------------------------
 
-This method should only be used for testing. For external TLS on production systems,
-See `Installing External TLS Certificates <installing-external-tls-certificates>`__.
+This method should only be used for testing. For external TLS on production
+systems, see :ref:`installing-external-tls-certificates`.
 
 Typically external API TLS certificates should be generated by a organisation's trusted internal or third-party CA.
 For test and development purposes it is possible to use OpenBao as a CA for the external API.

doc/source/contributor/ofed.rst

@@ -86,7 +86,7 @@ to be reset before rebooting.
   kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/maintenance/reset-bls-entries.yml -e reset_bls_host=mlnx
 
 The hosts can now be rebooted to use the latest kernel, a rolling reboot may be applicable
-here to reduce distruptions. See the `package updates documentation <package-updates>`.
+here to reduce disruptions. See the :doc:`package updates documentation <package-updates>`.
 
 .. code-block:: console
 

doc/source/operations/openstack-reconfiguration.rst

@@ -41,8 +41,7 @@ Installing External TLS Certificates
 ====================================
 
 This section explains the process of deploying external TLS.
-For internal and backend TLS, see `Hashicorp Vault for internal PKI
-<hashicorp-vault>`__.
+For internal and backend TLS, see :doc:`/configuration/openbao`.
 
 To configure TLS for the first time, we write the contents of a PEM
 file to the ``secrets.yml`` file as ``secrets_kolla_external_tls_cert``.

etc/kayobe/environments/ci-builder/stackhpc-ci.yml

@@ -80,6 +80,9 @@ stackhpc_repo_rocky_9_highavailability_version: "{{ stackhpc_pulp_repo_rocky_9_h
 stackhpc_repo_rocky_9_sig_security_common_version: "{{ stackhpc_pulp_repo_multiarch_rocky_9_sig_security_common_version }}"
 stackhpc_repo_rhel9_doca_version: "{{ stackhpc_pulp_repo_rhel9_doca_version }}"
 
+stackhpc_repo_rocky_10_baseos_version: "{{ stackhpc_pulp_repo_rocky_10_baseos_version }}"
+stackhpc_repo_rocky_10_appstream_version: "{{ stackhpc_pulp_repo_rocky_10_appstream_version }}"
+
 # Rocky-and-CI-specific Pulp urls
 stackhpc_include_os_minor_version_in_repo_url: true