diff --git a/.github/workflows/container-promote-old.yml b/.github/workflows/container-promote-old.yml new file mode 100644 index 00000000..19b2b064 --- /dev/null +++ b/.github/workflows/container-promote-old.yml @@ -0,0 +1,59 @@ +--- +name: Promote container repositories (pre-Zed) +on: + workflow_dispatch: + inputs: + filter: + description: Space-separated list of regular expressions matching images to promote + type: string + required: false + default: "" + distros: + description: Space-separated list of base distributions to promote + type: string + required: false + default: "" + tag: + description: Container image tag to promote + required: true + promote-old-images: + description: Whether to promote images for Yoga and older + type: boolean + default: true + promote-new-images: + description: Whether to promote images for Zed and newer + type: boolean + default: true + +env: + ANSIBLE_FORCE_COLOR: True + ANSIBLE_VAULT_PASSWORD_FILE: ${{ github.workspace }}/vault-pass +jobs: + container-promote: + name: Promote container repositories + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Setup Release Train & dependencies + uses: ./.github/actions/setup + with: + vault-password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }} + vault-password-file: ${{ env.ANSIBLE_VAULT_PASSWORD_FILE }} + + - name: Promote images from stackhpc-dev to stackhpc namespace in Ark + run: | + ansible-playbook -i ansible/inventory \ + ansible/dev-pulp-container-promote-old.yml \ + -e dev_pulp_repository_container_promotion_tag="$TAG" \ + -e kolla_container_image_filter="'$FILTER'" \ + -e kolla_base_distros_override="'$DISTROS'" \ + -e sync_old_images="'$PROMOTE_OLD_IMAGES'" \ + -e sync_new_images="'$PROMOTE_NEW_IMAGES'" + env: + TAG: ${{ github.event.inputs.tag }} + FILTER: ${{ github.event.inputs.filter }} + DISTROS: ${{ github.event.inputs.distros }} + PROMOTE_OLD_IMAGES: ${{ github.event.inputs.promote-old-images }} + PROMOTE_NEW_IMAGES: ${{ github.event.inputs.promote-new-images }} diff --git a/.github/workflows/container-promote.yml b/.github/workflows/container-promote.yml index 1e38cd15..76eecf76 100644 --- a/.github/workflows/container-promote.yml +++ b/.github/workflows/container-promote.yml @@ -8,22 +8,14 @@ on: type: string required: false default: "" - distros: - description: Space-separated list of base distributions to promote - type: string - required: false - default: "" - tag: - description: Container image tag to promote + kayobe_config_branch: required: true - promote-old-images: - description: Whether to promote images for Yoga and older - type: boolean - default: true - promote-new-images: - description: Whether to promote images for Zed and newer + description: Branch of StackHPC Kayobe configuration to use + check_mode: + description: Check mode type: boolean - default: true + required: false + default: false env: ANSIBLE_FORCE_COLOR: True @@ -42,18 +34,25 @@ jobs: vault-password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }} vault-password-file: ${{ env.ANSIBLE_VAULT_PASSWORD_FILE }} + - name: Clone StackHPC Kayobe configuration repository + uses: actions/checkout@v3 + with: + repository: stackhpc/stackhpc-kayobe-config + ref: refs/heads/${{ github.event.inputs.kayobe_config_branch }} + path: stackhpc-kayobe-config + - name: Promote images from stackhpc-dev to stackhpc namespace in Ark run: | + args="" + if [[ $CHECK_MODE = true ]]; then + args="$args --check --diff" + fi ansible-playbook -i ansible/inventory \ + ansible/dev-pulp-container-tag-query-kayobe.yml \ ansible/dev-pulp-container-promote.yml \ - -e dev_pulp_repository_container_promotion_tag="$TAG" \ -e kolla_container_image_filter="'$FILTER'" \ - -e kolla_base_distros_override="'$DISTROS'" \ - -e sync_old_images="'$PROMOTE_OLD_IMAGES'" \ - -e sync_new_images="'$PROMOTE_NEW_IMAGES'" + -e kayobe_config_repo_path=./stackhpc-kayobe-config/ \ + $args env: - TAG: ${{ github.event.inputs.tag }} FILTER: ${{ github.event.inputs.filter }} - DISTROS: ${{ github.event.inputs.distros }} - PROMOTE_OLD_IMAGES: ${{ github.event.inputs.promote-old-images }} - PROMOTE_NEW_IMAGES: ${{ github.event.inputs.promote-new-images }} + CHECK_MODE: ${{ inputs.check_mode }} diff --git a/.github/workflows/package-promote.yml b/.github/workflows/package-promote.yml index 4d7e87f5..1cd9a5ef 100644 --- a/.github/workflows/package-promote.yml +++ b/.github/workflows/package-promote.yml @@ -12,6 +12,11 @@ on: required: false description: Branch of StackHPC Kayobe configuration to use default: stackhpc/wallaby + check_mode: + description: Check mode + type: boolean + required: false + default: false env: ANSIBLE_FORCE_COLOR: True @@ -39,11 +44,18 @@ jobs: - name: Promote package repositories in Ark to release run: | + args="" + if [[ $CHECK_MODE = true ]]; then + args="$args --check --diff" + fi + source venv/bin/activate && ansible-playbook -i ansible/inventory \ ansible/dev-pulp-repo-version-query-kayobe.yml \ ansible/dev-pulp-repo-promote.yml \ -e deb_package_repo_filter="'$FILTER'" \ -e rpm_package_repo_filter="'$FILTER'" \ - -e kayobe_config_repo_path=./stackhpc-kayobe-config/ + -e kayobe_config_repo_path=./stackhpc-kayobe-config/ \ + $args env: FILTER: ${{ github.event.inputs.filter }} + CHECK_MODE: ${{ inputs.check_mode }} diff --git a/ansible/dev-pulp-container-promote-old.yml b/ansible/dev-pulp-container-promote-old.yml new file mode 100644 index 00000000..7870cd67 --- /dev/null +++ b/ansible/dev-pulp-container-promote-old.yml @@ -0,0 +1,65 @@ +--- +# This playbook promotes images in the development namespace (stackhpc-dev) to +# the release namespace (stackhpc). This makes them available to clients. +# Images with a tag defined by dev_pulp_repository_container_promotion_tag are +# promoted. + +- name: Promote dev Pulp containers + hosts: localhost + gather_facts: false + tasks: + - name: Fail if container image to promote is not defined + fail: + msg: > + The container image to promote must be specified via + 'dev_pulp_repository_container_promotion_tag' + when: dev_pulp_repository_container_promotion_tag is not defined + + - debug: + msg: "Promoting tag {{ dev_pulp_repository_container_promotion_tag }}" + + # Copy tags from stackhpc-dev to stackhpc repositories. + - import_role: + name: stackhpc.pulp.pulp_container_content + vars: + pulp_url: "{{ dev_pulp_url }}" + pulp_username: "{{ dev_pulp_username }}" + pulp_password: "{{ dev_pulp_password }}" + pulp_container_content: >- + {%- set contents = [] -%} + {%- if sync_old_images | bool -%} + {%- for base_distro in kolla_base_distros -%} + {%- for image in kolla_container_images_filtered -%} + {%- if image not in kolla_unbuildable_images.old_scheme[base_distro] -%} + {%- set src_image_repo = "stackhpc-dev/" ~ base_distro ~ "-source-" ~ image -%} + {%- set dest_image_repo = "stackhpc/" ~ base_distro ~ "-source-" ~ image -%} + {%- set content = { + "allow_missing": True, + "src_repo": src_image_repo, + "src_is_push": true, + "repository": dest_image_repo, + "tags": [dev_pulp_repository_container_promotion_tag], + } -%} + {%- set _ = contents.append(content) -%} + {%- endif -%} + {%- endfor -%} + {%- endfor -%} + {%- endif -%} + {%- if sync_new_images | bool -%} + {%- for image in kolla_container_images_filtered -%} + {%- if image not in kolla_unbuildable_images.new_scheme -%} + {%- set src_image_repo = "stackhpc-dev/" ~ image -%} + {%- set dest_image_repo = "stackhpc/" ~ image -%} + {%- set content = { + "allow_missing": True, + "src_repo": src_image_repo, + "src_is_push": true, + "repository": dest_image_repo, + "tags": [dev_pulp_repository_container_promotion_tag], + } -%} + {%- set _ = contents.append(content) -%} + {%- endif -%} + {%- endfor -%} + {%- endif -%} + {{ contents }} + pulp_container_content_wait: false diff --git a/ansible/dev-pulp-container-promote.yml b/ansible/dev-pulp-container-promote.yml index 7870cd67..4d11de17 100644 --- a/ansible/dev-pulp-container-promote.yml +++ b/ansible/dev-pulp-container-promote.yml @@ -1,22 +1,29 @@ --- # This playbook promotes images in the development namespace (stackhpc-dev) to # the release namespace (stackhpc). This makes them available to clients. -# Images with a tag defined by dev_pulp_repository_container_promotion_tag are -# promoted. +# Images with a tag defined by dev_pulp_repository_container_promotion_tags are +# promoted. dev_pulp_repository_container_promotion_tags is a dict with the +# following format: +# +# dev_pulp_repository_container_promotion_tags: +# : +# - +# - - name: Promote dev Pulp containers hosts: localhost gather_facts: false tasks: - - name: Fail if container image to promote is not defined + - name: Fail if container images to promote are not defined fail: msg: > - The container image to promote must be specified via - 'dev_pulp_repository_container_promotion_tag' - when: dev_pulp_repository_container_promotion_tag is not defined + The container images to promote must be specified via + 'dev_pulp_repository_container_promotion_tags' + when: dev_pulp_repository_container_promotion_tags is not defined - - debug: - msg: "Promoting tag {{ dev_pulp_repository_container_promotion_tag }}" + - name: Display which tags are being promoted + debug: + var: "dev_pulp_repository_container_promotion_tags" # Copy tags from stackhpc-dev to stackhpc repositories. - import_role: @@ -27,39 +34,17 @@ pulp_password: "{{ dev_pulp_password }}" pulp_container_content: >- {%- set contents = [] -%} - {%- if sync_old_images | bool -%} - {%- for base_distro in kolla_base_distros -%} - {%- for image in kolla_container_images_filtered -%} - {%- if image not in kolla_unbuildable_images.old_scheme[base_distro] -%} - {%- set src_image_repo = "stackhpc-dev/" ~ base_distro ~ "-source-" ~ image -%} - {%- set dest_image_repo = "stackhpc/" ~ base_distro ~ "-source-" ~ image -%} - {%- set content = { - "allow_missing": True, - "src_repo": src_image_repo, - "src_is_push": true, - "repository": dest_image_repo, - "tags": [dev_pulp_repository_container_promotion_tag], - } -%} - {%- set _ = contents.append(content) -%} - {%- endif -%} - {%- endfor -%} - {%- endfor -%} - {%- endif -%} - {%- if sync_new_images | bool -%} - {%- for image in kolla_container_images_filtered -%} - {%- if image not in kolla_unbuildable_images.new_scheme -%} + {%- for image, tags in dev_pulp_repository_container_promotion_tags.items() -%} {%- set src_image_repo = "stackhpc-dev/" ~ image -%} {%- set dest_image_repo = "stackhpc/" ~ image -%} {%- set content = { - "allow_missing": True, + "allow_missing": False, "src_repo": src_image_repo, "src_is_push": true, "repository": dest_image_repo, - "tags": [dev_pulp_repository_container_promotion_tag], + "tags": tags, } -%} {%- set _ = contents.append(content) -%} - {%- endif -%} {%- endfor -%} - {%- endif -%} {{ contents }} pulp_container_content_wait: false diff --git a/ansible/dev-pulp-container-tag-query-kayobe.yml b/ansible/dev-pulp-container-tag-query-kayobe.yml new file mode 100644 index 00000000..6b76d383 --- /dev/null +++ b/ansible/dev-pulp-container-tag-query-kayobe.yml @@ -0,0 +1,32 @@ +--- +# This playbook queries the Pulp container image tags defined in a Kayobe +# configuration repository (in etc/kayobe/kolla-image-tags.yml). It then sets +# the 'dev_pulp_repository_container_promotion_tags' tag map variable based +# upon those tags, which defines the set of container image tags that +# will be promoted when the dev-pulp-container-promote.yml playbook is run. + +- import_playbook: kayobe-container-tag-query.yml + +- name: Set dev Pulp container image tags to promote from Kayobe config tags + hosts: localhost + gather_facts: true + tasks: + - name: Set a fact about container image tags to promote + set_fact: + dev_pulp_repository_container_promotion_tags: >- + {{ kayobe_kolla_image_tags | + dict2items | + selectattr('key', 'in', kolla_container_images_filtered) | + items2dict }} + + - name: Display container promotion tags facts + debug: + var: dev_pulp_repository_container_promotion_tags + + - name: Assert that tags variable is populated + assert: + that: + - dev_pulp_repository_container_promotion_tags | length > 0 + msg: >- + Distribution promotion tag variable + 'dev_pulp_repository_container_promotion_tags' is empty diff --git a/ansible/kayobe-container-tag-query.yml b/ansible/kayobe-container-tag-query.yml new file mode 100644 index 00000000..97821b9c --- /dev/null +++ b/ansible/kayobe-container-tag-query.yml @@ -0,0 +1,42 @@ +--- +# This playbook queries the Pulp container image tags defined in a Kayobe +# configuration repository (in etc/kayobe/kolla-image-tags.yml). It then sets +# the 'kayobe_pulp_container_tags' tag map variable based upon those tags. +# +# The kayobe-config repository path should be specified via +# kayobe_config_repo_path. + +- name: Query container image tags for Kayobe + hosts: localhost + gather_facts: True + vars: + kayobe_config_repo_path: "" + tasks: + - name: Fail if Kayobe config repo path is not specified + fail: + msg: > + Kayobe config git repository path must be specified via 'kayobe_config_repo_path'. + when: not kayobe_config_repo_path + + - name: Fail if Kayobe config repo path is not a directory + fail: + msg: > + Kayobe config git repository path {{ kayobe_config_repo_path }} is not a directory. + when: kayobe_config_repo_path is not directory + + - name: List Kayobe Kolla image tags + command: + cmd: >- + {{ kayobe_config_repo_path | realpath }}/tools/kolla-images.py list-tags + chdir: "{{ kayobe_config_repo_path | realpath }}" + register: list_tags + check_mode: false + changed_when: false + + - name: Set a fact about Kayobe Kolla image tags + set_fact: + kayobe_kolla_image_tags: "{{ list_tags.stdout | from_yaml }}" + + - name: Display Kayobe Kolla image tags + debug: + var: kayobe_kolla_image_tags diff --git a/docs/usage/content-howto.md b/docs/usage/content-howto.md index 220b9480..e35332b9 100644 --- a/docs/usage/content-howto.md +++ b/docs/usage/content-howto.md @@ -7,24 +7,47 @@ That is the aim of this page. Update one or more package repositories to a new version, then build new Kolla container images from those repositories. +If using Yoga release or earlier: + * If the repository URL has changed e.g. a new minor version has been released, add new package repositories to [`package-repos`](https://github.com/stackhpc/stackhpc-release-train/blob/main/ansible/inventory/group_vars/all/package-repos) * [Sync package repositories](content-workflows.md#syncing-package-repositories) (optional: runs nightly as a scheduled GitHub Action) * [Update Kayobe repository versions](content-workflows.md#updating-package-repository-versions-in-kayobe-configuration) * [Build & push Kolla container images](content-workflows.md#building-container-images) -* [Update Kayobe container image tags](content-workflows.md#updating-container-image-tags-in-kayobe-configuration) +* [Update Kayobe container image tags](content-workflows.md#updating-container-image-tags-in-kayobe-configuration-yoga-release-and-earlier) * Test * Review & merge Kayobe configuration changes -* [Promote container images](content-workflows.md#promoting-container-images) +* [Promote container images](content-workflows.md#promoting-container-images-yoga-release-and-earlier) + +If using Zed release onwards: + +* If the repository URL has changed e.g. a new minor version has been released, add new package repositories to [`package-repos`](https://github.com/stackhpc/stackhpc-release-train/blob/main/ansible/inventory/group_vars/all/package-repos) +* [Sync package repositories](content-workflows.md#syncing-package-repositories) (optional: runs nightly as a scheduled GitHub Action) +* [Update Kayobe repository versions](content-workflows.md#updating-package-repository-versions-in-kayobe-configuration) +* [Build & push Kolla container images](content-workflows.md#building-container-images) +* [Update Kayobe container image tags](content-workflows.md#updating-container-image-tags-in-kayobe-configuration-zed-release-onwards) +* Test +* Review & merge Kayobe configuration changes +* [Promote container images](content-workflows.md#promoting-container-images-zed-release-onwards) ## Update Kolla container images Update one or more Kolla container images, without updating package repositories. +If using Yoga release or earlier: + +* [Build & push Kolla container images](content-workflows.md#building-container-images) +* [Update Kayobe container image tags](content-workflows.md#updating-container-image-tags-in-kayobe-configuration-yoga-release-and-earlier) +* Test +* Review & merge Kayobe configuration changes +* [Promote container images](content-workflows.md#promoting-container-images-yoga-release-and-earlier) + +If using Zed release onwards: + * [Build & push Kolla container images](content-workflows.md#building-container-images) -* [Update Kayobe container image tags](content-workflows.md#updating-container-image-tags-in-kayobe-configuration) +* [Update Kayobe container image tags](content-workflows.md#updating-container-image-tags-in-kayobe-configuration-zed-release-onwards) * Test * Review & merge Kayobe configuration changes -* [Promote container images](content-workflows.md#promoting-container-images) +* [Promote container images](content-workflows.md#promoting-container-images-zed-release-onwards) ## Add a new Kolla container image diff --git a/docs/usage/content-workflows.md b/docs/usage/content-workflows.md index 2c9f3497..be7a70a2 100644 --- a/docs/usage/content-workflows.md +++ b/docs/usage/content-workflows.md @@ -204,11 +204,7 @@ ansible/test-pulp-container-sync.yml \ ansible/test-pulp-container-publish.yml ``` -## Updating container image tags in Kayobe configuration - -!!! note - - This procedure is expected to change. +## Updating container image tags in Kayobe configuration (Yoga release and earlier) The image tag used deploy containers may be updated for all images in [etc/kayobe/kolla.yml](https://github.com/stackhpc/stackhpc-kayobe-config/blob/stackhpc/wallaby/etc/kayobe/kolla.yml), or for specific images in [etc/kayobe/kolla/globals.yml](https://github.com/stackhpc/stackhpc-kayobe-config/blob/stackhpc/wallaby/etc/kayobe/kolla/globals.yml). Currently this is a manual process. @@ -237,23 +233,97 @@ Alternatively, to update the tag for a specific container, update `etc/kayobe/ko skydive_analyzer_tag: wallaby-20220811T091848 ``` -## Promoting container images +## Updating container image tags in Kayobe configuration (Zed release onwards) + +The image tags used deploy containers are defined in [etc/kayobe/kolla-image-tags.yml](https://github.com/stackhpc/stackhpc-kayobe-config/blob/stackhpc/zed/etc/kayobe/kolla-image-tags.yml). +Currently updating these is a manual process. + +Use the new tag from the [container image build](#building-container-images). + +For example, to update the default tag for all images (used where no service-specific tag has been set), update the `openstack` key, and remove all other keys: + +```yaml +# Dict of Kolla image tags to deploy for each service. +# Each key is the tag variable prefix name, and the value is another dict, +# where the key is the OS distro and the value is the tag to deploy. +kolla_image_tags: + openstack: + rocky-9: zed-rocky-9-20230101T000000 + ubuntu-jammy: zed-ubuntu-jammy-20230101T000000 +``` + +Alternatively, update the tag for all containers in a service, e.g. for all `nova` containers: + +```yaml +# Dict of Kolla image tags to deploy for each service. +# Each key is the tag variable prefix name, and the value is another dict, +# where the key is the OS distro and the value is the tag to deploy. +kolla_image_tags: + openstack: + rocky-9: zed-rocky-9-20230101T000000 + ubuntu-jammy: zed-ubuntu-jammy-20230101T000000 + nova: + rocky-9: zed-rocky-9-20230102T000000 + ubuntu-jammy: zed-ubuntu-jammy-20230102T000000 +``` + +Alternatively, update the tag for a specific container, e.g. for the `nova_compute` container: + +```yaml +# Dict of Kolla image tags to deploy for each service. +# Each key is the tag variable prefix name, and the value is another dict, +# where the key is the OS distro and the value is the tag to deploy. +kolla_image_tags: + openstack: + rocky-9: zed-rocky-9-20230101T000000 + ubuntu-jammy: zed-ubuntu-jammy-20230101T000000 + nova_compute: + rocky-9: zed-rocky-9-20230103T000000 + ubuntu-jammy: zed-ubuntu-jammy-20230103T000000 +``` + +## Promoting container images (Zed release onwards) + +!!! note + + This should only be performed when container images are ready for release. + +The [Promote container repositories](https://github.com/stackhpc/stackhpc-release-train/actions/workflows/container-promote.yml) workflow is triggered automatically when a change is merged to stackhpc-kayobe-config. +It may also be run on demand. + +It runs the following playbooks: + +* `dev-pulp-container-tag-query-kayobe.yml`: Query the Pulp container image tags defined in a Kayobe configuration repository and set the tag map variable `dev_pulp_repository_container_promotion_tags` based upon those tags. A path to a Kayobe configuration repository must be specified via `kayobe_config_repo_path`. +* `dev-pulp-container-promote.yml`: Promote a set of container images from `stackhpc-dev` to `stackhpc` namespace. The tags to be promoted are defined via `dev_pulp_repository_container_promotion_tags`. + +Use GitHub Actions to run this workflow, or to run it manually: + +``` +ansible-playbook -i ansible/inventory \ +ansible/dev-pulp-container-tag-query-kayobe.yml \ +ansible/dev-pulp-container-promote.yml \ +-e kayobe_config_repo_path=../stackhpc-kayobe-config/ +``` + +In this example, the Pulp container image tags defined in the `etc/kayobe/kolla-image-tags.yml` file in `../stackhpc-kayobe-config` repository (relative to the current working directory) will be promoted to releases. + +## Promoting container images (Yoga release and earlier) !!! note This should only be performed when container images are ready for release. -The [Promote container repositories](https://github.com/stackhpc/stackhpc-release-train/actions/workflows/container-promote.yml) workflow runs on demand. +The [Promote container repositories (old)](https://github.com/stackhpc/stackhpc-release-train/actions/workflows/container-promote-old.yml) workflow runs on demand. It should be run when container images need to be released, typically after a change to [update container image tags](#updating-container-image-tags-in-kayobe-configuration) has been approved. It runs the following playbook: -* `dev-pulp-container-promote.yml`: Promote a set of container images from `stackhpc-dev` to `stackhpc` namespace. The tag to be promoted is defined via `dev_pulp_repository_container_promotion_tag` which should be specified as an extra variable (`-e`). +* `dev-pulp-container-promote-old.yml`: Promote a set of container images from `stackhpc-dev` to `stackhpc` namespace. The tag to be promoted is defined via `dev_pulp_repository_container_promotion_tag` which should be specified as an extra variable (`-e`). Use GitHub Actions to run this workflow, or to run it manually: ``` ansible-playbook -i ansible/inventory \ -ansible/dev-pulp-container-promote.yml +ansible/dev-pulp-container-promote-old.yml ``` ## Other utilities