merge

Author: wtripp180901

.github/workflows/fatimage.yml

@@ -20,29 +20,23 @@ jobs:
     runs-on: ubuntu-22.04
     strategy:
       fail-fast: false # allow other matrix jobs to continue even if one fails
-      matrix: # build RL8+OFED, RL9+OFED, RL9+OFED+CUDA versions
+      matrix: # build RL8, RL9
         os_version:
           - RL8
           - RL9
         build:
           - openstack.openhpc
-          - openstack.openhpc-cuda
-        exclude:
-          - os_version: RL8
-            build: openstack.openhpc-cuda
     env:
       ANSIBLE_FORCE_COLOR: True
       OS_CLOUD: openstack
       CI_CLOUD: ${{ github.event.inputs.ci_cloud }}
       SOURCE_IMAGES_MAP: |
         {
           "RL8": {
-            "openstack.openhpc": "rocky-latest-RL8",
-            "openstack.openhpc-cuda": "rocky-latest-cuda-RL8"
+            "openstack.openhpc": "rocky-latest-RL8"
           },
           "RL9": {
-            "openstack.openhpc": "rocky-latest-RL9",
-            "openstack.openhpc-cuda": "rocky-latest-cuda-RL9"
+            "openstack.openhpc": "rocky-latest-RL9"
           }
         }
 

.github/workflows/nightlybuild.yml

@@ -22,17 +22,12 @@ jobs:
     runs-on: ubuntu-22.04
     strategy:
       fail-fast: false # allow other matrix jobs to continue even if one fails
-      matrix: # build RL8, RL9, RL9+CUDA versions
+      matrix: # build RL8, RL9
         os_version:
           - RL8
           - RL9
         build:
           - openstack.rocky-latest
-          - openstack.rocky-latest-cuda
-        exclude:
-          - os_version: RL8
-            build: openstack.rocky-latest-cuda
-
     env:
       ANSIBLE_FORCE_COLOR: True
       OS_CLOUD: openstack
@@ -108,6 +103,11 @@ jobs:
           echo "image-name=${IMAGE_NAME}" >> "$GITHUB_OUTPUT"
           echo "image-id=$IMAGE_ID" >> "$GITHUB_OUTPUT"
 
+      - name: Make image usable for further builds
+        run: |
+          . venv/bin/activate
+          openstack image unset --property signature_verified "${{ steps.manifest.outputs.image-id }}"
+
       - name: Delete old latest image
         run: |
           . venv/bin/activate
@@ -139,10 +139,7 @@ jobs:
           - RL9
         image:
           - rocky-latest
-          - rocky-latest-cuda
         exclude:
-          - os_version: RL8
-            image: rocky-latest-cuda
           - target_cloud: LEAFCLOUD
     env:
       OS_CLOUD: openstack

.github/workflows/s3-image-sync.yml

@@ -42,7 +42,6 @@ jobs:
         build:
           - RL8
           - RL9
-          - RL9-cuda
     env:
       ANSIBLE_FORCE_COLOR: True
       OS_CLOUD: openstack
@@ -112,7 +111,6 @@ jobs:
         build:
           - RL8
           - RL9
-          - RL9-cuda
         exclude: 
           - cloud: ${{ needs.image_upload.outputs.ci_cloud }}
 

.github/workflows/trivyscan.yml

@@ -10,13 +10,13 @@ on:
 jobs:
   scan:
     concurrency:
-      group: ${{ github.workflow }}-${{ github.ref }}-${{ matrix.build }} # to branch/PR + OS + build
+      group: ${{ github.workflow }}-${{ github.ref }}-${{ matrix.build }} # to branch/PR + build
       cancel-in-progress: true
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
       matrix:
-        build: ["RL8", "RL9", "RL9-cuda"]
+        build: ["RL8", "RL9"]
     env:
       JSON_PATH: environments/.stackhpc/terraform/cluster_image.auto.tfvars.json
       OS_CLOUD: openstack
@@ -94,12 +94,13 @@ jobs:
           timeout: 15m
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          TRIVY_DB_REPOSITORY: ghcr.io/azimuth-cloud/trivy-db:2
 
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: "${{ steps.manifest.outputs.image-name }}.sarif"
-          category: "${{ matrix.os_version }}-${{ matrix.build }}"
+          category: "${{ matrix.build }}"
 
       - name: Fail if scan has CRITICAL vulnerabilities
         uses: aquasecurity/[email protected]
@@ -114,3 +115,4 @@ jobs:
           timeout: 15m
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          TRIVY_DB_REPOSITORY: ghcr.io/azimuth-cloud/trivy-db:2

environments/.stackhpc/hooks/post.yml

@@ -9,8 +9,6 @@
         path: "{{ item }}"
         state: absent
       with_items:
-        - /opt/ood/ondemand/root/usr/share/gems/3.1/ondemand/3.1.7-1/gems/bootstrap_form-2.7.0/test/dummy/Gemfile.lock
-        - /opt/ood/ondemand/root/usr/share/gems/3.1/ondemand/3.1.9-1/gems/bootstrap_form-2.7.0/test/dummy/Gemfile.lock
-        - /opt/ood/ondemand/root/usr/share/gems/3.1/ondemand/3.1.7-1/gems/bootstrap_form-4.5.0/demo/yarn.lock
-        - /opt/ood/ondemand/root/usr/share/gems/3.1/ondemand/3.1.9-1/gems/bootstrap_form-4.5.0/demo/yarn.lock
+        - "/opt/ood/ondemand/root/usr/share/gems/3.1/ondemand/{{ ondemand_package_version }}-1/gems/bootstrap_form-2.7.0/test/dummy/Gemfile.lock"
+        - "/opt/ood/ondemand/root/usr/share/gems/3.1/ondemand/{{ ondemand_package_version }}-1/gems/bootstrap_form-4.5.0/demo/yarn.lock"
         - /var/www/ood/apps/sys/dashboard/node_modules/data-confirm-modal/Gemfile.lock

environments/.stackhpc/inventory/group_vars/openondemand/overrides.yml

@@ -4,3 +4,5 @@ openondemand_desktop_partition: standard
 #openondemand_dashboard_support_url: 
 #openondemand_dashboard_docs_url:
 #openondemand_filesapp_paths:
+ondemand_package: ondemand-"{{ ondemand_package_version }}"
+ondemand_package_version: '3.1.10'

environments/.stackhpc/terraform/cluster_image.auto.tfvars.json

@@ -1,7 +1,6 @@
 {
     "cluster_image": {
-        "RL8": "openhpc-RL8-241113-0934-20a8a626",
-        "RL9": "openhpc-RL9-241113-0934-20a8a626",
-        "RL9-cuda": "openhpc-cuda-RL9-241113-0934-20a8a626"
+        "RL8": "openhpc-RL8-241115-1209-097cdae1",
+        "RL9": "openhpc-RL9-241115-1209-097cdae1"
     }
 }

packer/openstack.pkr.hcl

@@ -127,15 +127,13 @@ variable "volume_size" {
   default = {
     # fat image builds, GB:
     rocky-latest = 15
-    rocky-latest-cuda = 30
     openhpc = 15
-    openhpc-cuda = 30
   }
 }
 
 variable "extra_build_volume_size" {
   type = number
-  default = 15 # same as default non-CUDA build
+  default = 15
 }
 
 variable "image_disk_format" {
@@ -153,10 +151,8 @@ variable "groups" {
   description = "Additional inventory groups (other than 'builder') to add build VM to, keyed by source name"
   default = {
     # fat image builds:
-    rocky-latest = ["update", "ofed"]
-    rocky-latest-cuda = ["update", "ofed", "cuda"]
+    rocky-latest = ["update"]
     openhpc = ["control", "compute", "login"]
-    openhpc-cuda = ["control", "compute", "login"]
   }
 }
 
@@ -210,24 +206,12 @@ build {
     image_name = "${source.name}-${var.os_version}"
   }
 
-  # latest nightly cuda image:
-  source "source.openstack.openhpc" {
-    name = "rocky-latest-cuda"
-    image_name = "${source.name}-${var.os_version}"
-  }
-
-  # OFED fat image:
+  # fat image:
   source "source.openstack.openhpc" {
     name = "openhpc"
     image_name = "${source.name}-${var.os_version}-${local.timestamp}-${substr(local.git_commit, 0, 8)}"
   }
 
-  # CUDA fat image:
-  source "source.openstack.openhpc" {
-    name = "openhpc-cuda"
-    image_name = "${source.name}-${var.os_version}-${local.timestamp}-${substr(local.git_commit, 0, 8)}"
-  }
-
   # Extended site-specific image, built on fat image:
   source "source.openstack.openhpc" {
     name = "openhpc-extra"

requirements.yml

@@ -21,7 +21,7 @@ roles:
     version: v3.1.5
   - src: https://github.com/stackhpc/ansible-role-os-manila-mount.git
     name: stackhpc.os-manila-mount
-    version: v24.5.1 # Support ceph quincy for RL9
+    version: v24.11.0 # Support ceph quincy for RL9
 
 collections:
   - name: containers.podman