stackhpc · markgoddard · Feb 2, 2024 · Sep 14, 2023 · Oct 3, 2023 · Oct 3, 2023
@@ -0,0 +1,48 @@
+---
+# This workflow queries the Test Pulp server to check that all image tags
+# specified in kolla_image_tags are present.
+
+name: Check container image tags
+on:
+  workflow_call:
+    inputs:
+      kayobe_image:
+        description: Kayobe container image
+        type: string
+        required: true
+    secrets:
+      KAYOBE_VAULT_PASSWORD:
+        required: true
+
+env:
+  ANSIBLE_FORCE_COLOR: True
+jobs:
+  check-tags:
+    name: Check container image tags
+    if: github.repository == 'stackhpc/stackhpc-kayobe-config'
+    runs-on: [self-hosted, stackhpc-kayobe-config-aio]
+    permissions: {}
+    env:
+      KAYOBE_ENVIRONMENT: ci-aio
+      KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }}
+      KAYOBE_IMAGE: ${{ inputs.kayobe_image }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: true
+
+      # The same tag may be reused (e.g. pr-123), so ensure we have the latest image.
+      - name: Pull latest Kayobe image
+        run: |
+          sudo docker image pull $KAYOBE_IMAGE
+
+      - name: Check container image tags
+        run: |
+          sudo -E docker run -t --rm \
+            -v $(pwd):/stack/kayobe-automation-env/src/kayobe-config \
+            -e KAYOBE_ENVIRONMENT -e KAYOBE_VAULT_PASSWORD -e KAYOBE_AUTOMATION_SSH_PRIVATE_KEY \
+            $KAYOBE_IMAGE \
+            /stack/kayobe-automation-env/src/kayobe-config/.automation/pipeline/playbook-run.sh \
+            '$KAYOBE_CONFIG_PATH/ansible/check-tags.yml'
+        #env:
+          #KAYOBE_AUTOMATION_SSH_PRIVATE_KEY: ${{ steps.ssh_key.outputs.ssh_key }}
@@ -1,13 +1,13 @@
 ---
-name: Promote package repositories
+name: Promote Pulp repositories
 on:
   push:
     branches:
       # NOTE(upgrade): Reference only the current release branch here.
       - stackhpc/zed
 jobs:
   promote:
-    name: Trigger package repository promotion
+    name: Trigger Pulp promotion workflows
     if: github.repository == 'stackhpc/stackhpc-kayobe-config'
     runs-on: ubuntu-latest
     permissions: {}
@@ -27,3 +27,19 @@ jobs:
       - name: Display link to package repository promotion workflows
         run: |
           echo "::notice Package repository promote workflow: https://github.com/stackhpc/stackhpc-release-train/actions/workflows/package-promote.yml"
+
+      # NOTE(mgoddard): Trigger another CI workflow in the
+      # stackhpc-release-train repository.
+      - name: Trigger container image promotion
+        run: |
+          gh workflow run \
+          container-promote.yml \
+          --repo stackhpc/stackhpc-release-train \
+          --ref main \
+          -f kayobe_config_branch=${{ github.ref_name }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.STACKHPC_RELEASE_TRAIN_TOKEN }}
+
+      - name: Display link to container image promotion workflows
+        run: |
+          echo "::notice Container image promote workflow: https://github.com/stackhpc/stackhpc-release-train/actions/workflows/container-promote.yml"
@@ -76,6 +76,16 @@ jobs:
       if: ${{ needs.check-changes.outputs.aio == 'true' }}
     if: github.repository == 'stackhpc/stackhpc-kayobe-config'
 
+  check-tags:
+    name: Check container image tags
+    needs:
+      - build-kayobe-image
+    uses: ./.github/workflows/stackhpc-check-tags.yml
+    with:
+      kayobe_image: ${{ needs.build-kayobe-image.outputs.kayobe_image }}
+    secrets: inherit
+    if: github.repository == 'stackhpc/stackhpc-kayobe-config'
+
   all-in-one-ubuntu-jammy-ovs:
     name: aio (Ubuntu Jammy OVS)
     needs:

@@ -0,0 +1,39 @@
+---
+# This playbook queries the Pulp server to check that all image tags specified
+# in kolla_image_tags are present.
+
+- name: Check whether tags exist in Pulp container registry
+  hosts: localhost
+  tasks:
+    - name: Query images and tags
+      command:
+        cmd: >-
+          {{ kayobe_config_path }}/../../tools/kolla-images.py list-tags
+      register: kolla_images_result
+      changed_when: false
+
+    - name: Set a fact about images and tags
+      set_fact:
+        kolla_images: "{{ kolla_images_result.stdout | from_yaml }}"
+
+    - name: Set a fact about the Pulp URL
+      set_fact:
+        pulp_url: "{{ stackhpc_repo_mirror_url }}"
+
+    # Use state=read and allow_missing=false to check for missing tags in test pulp.
+    - import_role:
+        name: stackhpc.pulp.pulp_container_content
+      vars:
+        pulp_container_content: >-
+          {%- set contents = [] -%}
+          {%- for image, tags in kolla_images.items() -%}
+          {%- set repository = kolla_docker_namespace ~ "/" ~ image -%}
+          {%- set content = {
+            "allow_missing": False,
+            "repository": repository,
+            "state": "read",
+            "tags": tags,
+          } -%}
+          {%- set _ = contents.append(content) -%}
+          {%- endfor -%}
+          {{ contents }}
@@ -7,7 +7,7 @@ collections:
   - name: pulp.squeezer
     version: 0.0.13
   - name: stackhpc.pulp
-    version: 0.5.2
+    version: 0.5.4
   - name: stackhpc.hashicorp
     version: 2.4.0
   - name: stackhpc.kayobe_workflows

@@ -62,3 +62,9 @@ stackhpc_docker_registry_password: !vault |
   38333133393730633666613965653364316162353337313330346164303631313731646461363461
   3963323635373866630a633533376339363734626664333765313665623662613764363038383735
   38646138376438643533376161376634653439386230353365316239613430363338
+
+# Override Pulp credentials to allow querying container image tags in the
+# check-tags.yml custom playbook.
+pulp_url: "{{ stackhpc_repo_mirror_url }}"
+pulp_username: "{{ stackhpc_docker_registry_username }}"
+pulp_password: "{{ stackhpc_docker_registry_password }}"
@@ -0,0 +1,23 @@
+---
+# Dict of Kolla image tags to deploy for each service.
+# Each key is the tag variable prefix name, and the value is another dict,
+# where the key is the OS distro and the value is the tag to deploy.
+kolla_image_tags:
+  openstack:
+    rocky-9: zed-rocky-9-20230921T153510
+    ubuntu-jammy: zed-ubuntu-jammy-20230921T153510
+  bifrost:
+    rocky-9: zed-rocky-9-20230927T142529
+    ubuntu-jammy: zed-ubuntu-jammy-20231101T132522
+  ovn:
+    rocky-9: zed-rocky-9-20230925T132313
+    ubuntu-jammy: zed-ubuntu-jammy-20230821T155947
+  cloudkitty:
+    rocky-9: zed-rocky-9-20231114T124701
+    ubuntu-jammy: zed-ubuntu-jammy-20231114T124701
+  neutron:
+    rocky-9: zed-rocky-9-20231115T094053
+    ubuntu-jammy: zed-ubuntu-jammy-20231115T094053
+  opensearch:
+    rocky-9: zed-rocky-9-20231214T095452
+    ubuntu-jammy: zed-ubuntu-jammy-20231214T095452
@@ -10,32 +10,21 @@ enable_docker_repo: "{% raw %}{{ 'overcloud' not in group_names }}{% endraw %}"
 # This is necessary for os migrations where mixed clouds might be deployed
 kolla_base_distro: "{% raw %}{{ ansible_facts.distribution | lower }}{% endraw %}"
 
-kayobe_image_tags:
-  openstack:
-    rocky: zed-rocky-9-20230921T153510
-    ubuntu: zed-ubuntu-jammy-20230921T153510
-  bifrost:
-    rocky: zed-rocky-9-20230927T142529
-    ubuntu: zed-ubuntu-jammy-20230927T154443
-  ovn:
-    rocky: zed-rocky-9-20230925T132313
-    ubuntu: zed-ubuntu-jammy-20230821T155947
-  cloudkitty:
-    rocky: zed-rocky-9-20231114T124701
-    ubuntu: zed-ubuntu-jammy-20231114T124701
-  neutron:
-    rocky: zed-rocky-9-20231115T094053
-    ubuntu: zed-ubuntu-jammy-20231115T094053
-  opensearch:
-    rocky: zed-rocky-9-20231214T095452
-    ubuntu: zed-ubuntu-jammy-20231214T095452
+# Convenience variable for base distro and version string.
+kolla_base_distro_and_version: "{% raw %}{{ kolla_base_distro }}-{{ kolla_base_distro_version }}{% endraw %}"
 
-openstack_tag: "{% raw %}{{ kayobe_image_tags['openstack'][kolla_base_distro] }}{% endraw %}"
-bifrost_tag: "{% raw %}{{ kayobe_image_tags['bifrost'][kolla_base_distro] }}{% endraw %}"
-ovn_tag: "{% raw %}{{ kayobe_image_tags['ovn'][kolla_base_distro] }}{% endraw %}"
-cloudkitty_tag: "{% raw %}{{ kayobe_image_tags['cloudkitty'][kolla_base_distro] }}{% endraw %}"
-neutron_tag: "{% raw %}{{ kayobe_image_tags['neutron'][kolla_base_distro] }}{% endraw %}"
-opensearch_tag: "{% raw %}{{ kayobe_image_tags['opensearch'][kolla_base_distro] }}{% endraw %}"
+# Dict of Kolla image tags to deploy for each service.
+# Each key is the tag variable prefix name, and the value is another dict,
+# where the key is the OS distro and the value is the tag to deploy.
+# NOTE: This is defined in etc/kayobe/kolla-image-tags.yml.
+kolla_image_tags:
+{{ kolla_image_tags | to_nice_yaml | indent(width=4, first=true) }}
+
+# Variables defining which tag to use for each container's image.
+{{ lookup('pipe', 'python3 ' ~ kayobe_config_path ~ '/../../tools/kolla-images.py list-tag-vars') }}
+
+#############################################################################
+# RabbitMQ
 
 om_enable_rabbitmq_high_availability: true
 

@@ -522,8 +522,8 @@ stackhpc_pulp_images_kolla:
 
 # List of images for each base distribution which should not/cannot be built.
 stackhpc_kolla_unbuildable_images:
-  ubuntu: []
-  rocky: []
+  ubuntu-jammy: []
+  rocky-9: []
 
 # Whitespace-separated list of regular expressions matching Kolla image names.
 # Usage is similar to kolla-build CLI arguments.