openstack/kolla
Code Issues Proposed changes

Move to CentOS Stream 10

Browse Source 
Known missing packages:
- mod_auth_mellon - missing SAML support in Keystone/Horizon - built in Kolla COPR
- glusterfs-fuse in manila-share - built in Kolla COPR
- collectd/telegraf - no opstools repository
- redis - needs a switch to valkey
- python3-ethtool - not required for neutron-mlnx-agent since 6 years [1]

Building packages in Kolla COPR is a temporary solution until these show up
in EPEL10.

[1]: Id2cae3ac9ff049e9fc8225551f99e1e99a87fc65

Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/951751

Change-Id: I7074fabcf95184fcfd2561648ae1e05acfb0bc11
Signed-off-by: Michal Nasiadka <mnasiadka@gmail.com>
This commit is contained in:
Michal Nasiadka
2025-05-20 09:21:59 +00:00
parent a90a8893c8
commit 9e36b89766
25 changed files with 108 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
.zuul.d/base.yaml
View File

@@ -75,6 +75,18 @@
- name: primary
label: centos-9-stream
- nodeset:
name: kolla-centos-10-stream
nodes:
- name: primary
label: nested-virt-centos-9-stream
- nodeset:
name: kolla-centos-10-stream-aarch64
nodes:
- name: primary
label: centos-9-stream-arm64
- nodeset:
name: kolla-rockylinux-9
nodes:
@@ -93,24 +105,12 @@
- name: primary
label: debian-bookworm
- nodeset:
name: kolla-centos-9-stream-aarch64
nodes:
- name: primary
label: centos-9-stream-arm64
- nodeset:
name: kolla-debian-bookworm-aarch64
nodes:
- name: primary
label: debian-bookworm-arm64
- nodeset:
name: kolla-rockylinux-9-aarch64
nodes:
- name: primary
label: rockylinux-9-arm64
- nodeset:
name: kolla-ubuntu-noble-aarch64
nodes:

36
.zuul.d/centos.yaml Normal file
View File

@@ -0,0 +1,36 @@
---
- project:
check:
jobs:
- kolla-build-centos10s
- kolla-ansible-centos10s
check-arm64:
jobs:
- kolla-build-centos10s-aarch64
- kolla-ansible-centos10s-aarch64
experimental:
jobs:
- kolla-build-no-infra-wheels-centos10s
- job:
name: kolla-build-centos10s
parent: kolla-base
nodeset: kolla-centos-10-stream
vars:
base_distro: centos
voting: false
- job:
name: kolla-build-centos10s-aarch64
parent: kolla-build-centos10s
nodeset: kolla-centos-10-stream-aarch64
vars:
base_arch: aarch64
voting: false
- job:
name: kolla-build-no-infra-wheels-centos10s
parent: kolla-build-no-infra-wheels-base
nodeset: kolla-centos-10-stream
vars:
base_distro: centos

14
docker/base/Dockerfile.j2
View File

@@ -55,6 +55,7 @@ COPY dnf.conf /etc/dnf/dnf.conf
'docker-ce.repo',
'grafana.repo',
'influxdb.repo',
'kolla_el10.repo',
'mariadb.repo',
'opensearch.repo',
'proxysql.repo',
@@ -129,9 +130,8 @@ RUN rm -f /etc/rpm/macros.image-language-conf \
] %}
{% set base_centos_yum_repo_packages = [
'centos-release-ceph-reef',
'centos-release-ceph-squid',
'centos-release-nfv-openvswitch',
'centos-release-opstools',
'epel-release',
] %}
@@ -146,13 +146,11 @@ RUN rm -f /etc/rpm/macros.image-language-conf \
# from delorean or rdo-release-* package
# https://review.rdoproject.org/r/c/rdo-infra/ansible-role-dlrn/+/33241
{% set base_centos_yum_repos_to_disable = [
'centos-ceph-reef',
'centos-ceph-squid',
'centos-nfv-openvswitch',
'centos-opstools',
'centos9-nfv-ovs',
'centos9-opstools',
'centos9-rabbitmq',
'centos9-storage',
'centos10-nfv-ovs',
'centos10-rabbitmq',
'centos10-storage',
'epel',
'influxdb',
'opensearch-3.x',

10
docker/base/ci-centos.repo
View File

@@ -1,6 +1,6 @@
[baseos]
name=(OpenDev mirror) CentOS Stream $releasever - BaseOS
baseurl=http://MIRROR/centos-stream/9-stream/BaseOS/$basearch/os/
baseurl=http://MIRROR/centos-stream/$stream/BaseOS/$basearch/os/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
gpgcheck=1
repo_gpgcheck=0
@@ -8,7 +8,7 @@ enabled=1
[appstream]
name=(OpenDev mirror) CentOS Stream $releasever - AppStream
baseurl=http://MIRROR/centos-stream/9-stream/AppStream/$basearch/os/
baseurl=http://MIRROR/centos-stream/$stream/AppStream/$basearch/os/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
gpgcheck=1
repo_gpgcheck=0
@@ -16,7 +16,7 @@ enabled=1
[extras-common]
name=(OpenDev mirror) CentOS Stream $releasever - Extras packages
baseurl=http://MIRROR/centos-stream/SIGs/9-stream/extras/$basearch/extras-common/
baseurl=http://MIRROR/centos-stream/SIGs/$stream/extras/$basearch/extras-common/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Extras-SHA512
gpgcheck=1
repo_gpgcheck=0
@@ -24,7 +24,7 @@ enabled=1
[crb]
name=(OpenDev mirror) CentOS Stream $releasever - CRB
baseurl=http://MIRROR/centos-stream/9-stream/CRB/$basearch/os/
baseurl=http://MIRROR/centos-stream/$stream/CRB/$basearch/os/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
gpgcheck=1
repo_gpgcheck=0
@@ -32,7 +32,7 @@ enabled=0
[highavailability]
name=(OpenDev mirror) CentOS Stream $releasever - HighAvailability
baseurl=http://MIRROR/centos-stream/9-stream/HighAvailability/$basearch/os/
baseurl=http://MIRROR/centos-stream/$stream/HighAvailability/$basearch/os/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
gpgcheck=1
repo_gpgcheck=0

3
docker/base/influxdb.repo
View File

@@ -1,6 +1,7 @@
[influxdb]
name = InfluxDB Repository - RHEL $releasever
baseurl = https://repos.influxdata.com/rhel/$releasever/$basearch/stable
# NOTE(mnasiadka): Use EL9 for now, 10 is not available yet
baseurl = https://repos.influxdata.com/rhel/9/$basearch/stable
enabled = 0
gpgcheck = 1
gpgkey = https://repos.influxdata.com/influxdata-archive_compat.key

10
docker/base/kolla_el10.repo Normal file
View File

@@ -0,0 +1,10 @@
[kolla_el10]
name=Copr repo for el10-missing owned by @openstack-kolla
baseurl=https://download.copr.fedorainfracloud.org/results/@openstack-kolla/el10-missing/epel-10-$basearch/
type=rpm-md
skip_if_unavailable=True
gpgcheck=1
gpgkey=https://download.copr.fedorainfracloud.org/results/@openstack-kolla/el10-missing/pubkey.gpg
repo_gpgcheck=0
enabled=0
enabled_metadata=1

3
docker/base/proxysql.repo
View File

@@ -1,6 +1,7 @@
[proxysql]
name = ProxySQL
baseurl = https://repo.proxysql.com/ProxySQL/proxysql-3.0.x/almalinux/$releasever
# NOTE(mnasiadka): No EL10 packages yet
baseurl = https://repo.proxysql.com/ProxySQL/proxysql-3.0.x/almalinux/9
gpgkey = https://repo.proxysql.com/ProxySQL/proxysql-3.0.x/repo_pub_key
gpgcheck = 1
enabled = 0

3
docker/base/td.repo
View File

@@ -1,6 +1,7 @@
[fluent-package-lts]
name=Fluentd Project
baseurl=https://packages.treasuredata.com/lts/5/redhat/$releasever/$basearch
# NOTE(mnasiadka): Use EL9 packages for now - 10 are not available yet
baseurl=https://packages.treasuredata.com/lts/5/redhat/9/$basearch
gpgcheck=1
gpgkey=https://packages.treasuredata.com/GPG-KEY-td-agent
enabled=0

2
docker/ironic/ironic-conductor/Dockerfile.j2
View File

@@ -13,7 +13,6 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
'e2fsprogs',
'fuse',
'gdisk',
'genisoimage',
'ipmitool',
'mtools',
'openssh-clients',
@@ -24,6 +23,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
'systemd-udev',
'util-linux',
'xfsprogs',
'xorriso'
] %}
{% if base_arch in ['x86_64'] %}
{% set ironic_conductor_packages = ironic_conductor_packages + [

3
docker/keystone/keystone-base/Dockerfile.j2
View File

@@ -7,6 +7,9 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
{% import "macros.j2" as macros with context %}
{# NOTE(mnasiadka): mod_auth_mellon missing in CentOS 10 Stream - temporarily from Kolla COPR #}
{{ macros.enable_extra_repos(['epel', 'kolla_el10']) }}
{{ macros.configure_user(name='keystone') }}
{% if base_package_type == 'rpm' %}

3
docker/keystone/keystone-ssh/extend_start.sh
View File

@@ -1,6 +1,7 @@
#!/bin/bash
SSH_HOST_KEY_TYPES=( "rsa" "dsa" "ecdsa" "ed25519" )
# NOTE(mnasiadka): CentOS 10 does not support dsa
SSH_HOST_KEY_TYPES=( "rsa" "ecdsa" "ed25519" )
for key_type in ${SSH_HOST_KEY_TYPES[@]}; do
KEY_PATH=/etc/ssh/ssh_host_${key_type}_key

6
docker/kolla-toolbox/Dockerfile.j2
View File

@@ -23,7 +23,6 @@ COPY apt_preferences_rabbitmq.{{ base_distro }} /etc/apt/preferences.d/rabbitmq
{% if base_package_type == 'rpm' %}
{% set kolla_toolbox_packages = [
'crudini',
'erlang-27.*',
'gcc',
'gdisk',
@@ -36,8 +35,8 @@ COPY apt_preferences_rabbitmq.{{ base_distro }} /etc/apt/preferences.d/rabbitmq
'openssh-clients',
'openssl-devel',
'openvswitch',
'python3.12',
'python3.12-devel',
'python3',
'python3-devel',
'rabbitmq-server-4.1.*'
] %}
@@ -45,7 +44,6 @@ COPY apt_preferences_rabbitmq.{{ base_distro }} /etc/apt/preferences.d/rabbitmq
{% set kolla_toolbox_packages = [
'build-essential',
'ca-certificates',
'crudini',
'gdisk',
'git',
'jq',

4
docker/manila/manila-share/Dockerfile.j2
View File

@@ -7,12 +7,12 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
{% import "macros.j2" as macros with context %}
{{ macros.enable_extra_repos(['ceph', 'epel']) }}
{# NOTE(mnasiadka): glusterfs-fuse missing in CentOS 10 Stream - temporarily from Kolla COPR #}
{{ macros.enable_extra_repos(['ceph', 'epel', 'kolla_el10']) }}
{% if base_package_type == 'rpm' %}
{% set manila_share_packages = [
'ceph-common',
'glusterfs-fuse',
'sqlite',
] %}
{% elif base_package_type == 'deb' %}

4
docker/mariadb/mariadb-base/Dockerfile.j2
View File

@@ -9,14 +9,14 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
{{ macros.configure_user(name='mysql') }}
{{ macros.enable_extra_repos(['mariadb']) }}
{# NOTE(mnasiadka): Using AppStream packages on CS10 for now #}
{% if base_package_type == 'rpm' %}
{% set mariadb_base_packages = [
'mariadb',
] %}
{% elif base_package_type == 'deb' %}
{{ macros.enable_extra_repos(['mariadb']) }}
{% set mariadb_base_packages = [
'mariadb-client',
] %}

5
docker/mariadb/mariadb-server/Dockerfile.j2
View File

@@ -10,13 +10,15 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
{{ macros.configure_user(name='mysql') }}
{# NOTE(mgoddard): EPEL required for pv package #}
{{ macros.enable_extra_repos(['epel', 'mariadb']) }}
{# NOTE(mnasiadka): Use AppStream version of MariaDB for now in CentOS #}
{{ macros.enable_extra_repos(['epel']) }}
{% if base_package_type == 'rpm' %}
{% set mariadb_packages = [
'expect',
'mariadb-backup',
'mariadb-server',
'mariadb-server-galera',
'pv',
'rsync',
'tar'
@@ -26,6 +28,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
RUN ln -s /usr/lib64/galera-4 /usr/lib64/galera
{% elif base_package_type == 'deb' %}
{{ macros.enable_extra_repos(['mariadb']) }}
{% set mariadb_packages = [
'expect',
'mariadb-backup',

1
docker/neutron/neutron-mlnx-agent/Dockerfile.j2
View File

@@ -9,7 +9,6 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
{% set neutron_mlnx_agent_packages = [
'python3-libvirt',
'python3-ethtool',
] %}
{{ macros.install_packages(neutron_mlnx_agent_packages | customizable("packages")) }}

2
docker/nova/nova-compute-ironic/Dockerfile.j2
View File

@@ -7,7 +7,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
{% import "macros.j2" as macros with context %}
{% set nova_compute_ironic_packages = ['genisoimage', 'nvme-cli'] %}
{% set nova_compute_ironic_packages = ['xorriso', 'nvme-cli'] %}
{{ macros.install_packages(nova_compute_ironic_packages | customizable("packages")) }}

2
docker/nova/nova-libvirt/Dockerfile.j2
View File

@@ -9,7 +9,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
{{ macros.configure_user(name='nova', groups='qemu') }}
{{ macros.enable_extra_repos(['ceph', 'epel', 'openvswitch']) }}
{{ macros.enable_extra_repos(['ceph', 'crb', 'epel', 'openvswitch']) }}
{% if base_package_type == 'rpm' %}

2
docker/nova/nova-ssh/extend_start.sh
View File

@@ -1,6 +1,6 @@
#!/bin/bash
SSH_HOST_KEY_TYPES=( "rsa" "dsa" "ecdsa" "ed25519" )
SSH_HOST_KEY_TYPES=( "rsa" "ecdsa" "ed25519" )
for key_type in ${SSH_HOST_KEY_TYPES[@]}; do
KEY_PATH=/etc/ssh/ssh_host_${key_type}_key

2
docker/openstack-base/Dockerfile.j2
View File

@@ -24,7 +24,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
'mod_ssl',
'openssl',
'openssl-devel',
'pcre-devel',
'pcre2-devel',
'postgresql',
'postgresql-devel',
'python3-devel',

6
kolla/common/config.py
View File

@@ -25,14 +25,14 @@ BASE_OS_DISTRO = ['centos', 'debian', 'rocky', 'ubuntu']
BASE_ARCH = ['x86_64', 'aarch64']
DEBIAN_ARCH = ['amd64', 'arm64']
DEFAULT_BASE_TAGS = {
'centos': {'name': 'quay.io/centos/centos', 'tag': 'stream9'},
'centos': {'name': 'quay.io/centos/centos', 'tag': 'stream10'},
'debian': {'name': 'debian', 'tag': 'bookworm'},
'rocky': {'name': 'quay.io/rockylinux/rockylinux', 'tag': '9'},
'ubuntu': {'name': 'ubuntu', 'tag': '24.04'},
}
# NOTE(hrw): has to match PRETTY_NAME in /etc/os-release
DISTRO_PRETTY_NAME = {
'centos': 'CentOS Stream 9',
'centos': 'CentOS Stream 10',
'debian': 'Debian GNU/Linux 12 (bookworm)',
'rocky': 'Rocky Linux 9.* (Blue Onyx)',
'ubuntu': 'Ubuntu 24.04.* LTS',
@@ -40,7 +40,7 @@ DISTRO_PRETTY_NAME = {
OPENSTACK_RELEASE = '2025.1'
# This is noarch repository so we will use it on all architectures
DELOREAN_DEPS = "https://trunk.rdoproject.org/centos9-master/" \
DELOREAN_DEPS = "https://trunk.rdoproject.org/centos10-master/" \
"delorean-deps.repo"
# TODO(mandre) check for file integrity instead of downloading from an HTTPS

3
kolla/image/unbuildable.py
View File

@@ -23,10 +23,13 @@ UNBUILDABLE_IMAGES = {
# Issues for SHA1 keys:
# https://github.com/grafana/grafana/issues/41036
'centos': {
"collectd", # CS10 no opstools repo
"hacluster-pcs", # Missing crmsh package
"nova-spicehtml5proxy", # Missing spicehtml5 package
"ovsdpdk", # Not supported on CentOS
"redis-base", # Missing in CS10
"tgtd", # Not supported on CentOS
"telegraf", # CS10 no opstools repo
},
'debian': {

6
kolla/template/repos.yaml
View File

@@ -1,6 +1,6 @@
---
centos:
ceph: "centos-ceph-reef"
ceph: "centos-ceph-squid"
crb: "crb"
docker-ce: "docker-ce"
epel: "epel"
@@ -10,6 +10,7 @@ centos:
grafana: "grafana"
hacluster: "highavailability"
influxdb: "influxdb"
kolla_el10: "kolla_el10"
mariadb: "mariadb"
opensearch: "opensearch-3.x"
opensearch-dashboards: "opensearch-dashboards-3.x"
@@ -19,7 +20,7 @@ centos:
rabbitmq: "rabbitmq_rabbitmq-server"
centos-aarch64:
ceph: "centos-ceph-reef"
ceph: "centos-ceph-squid"
crb: "crb"
docker-ce: "docker-ce"
epel: "epel"
@@ -29,6 +30,7 @@ centos-aarch64:
grafana: "grafana"
hacluster: "highavailability"
influxdb: "influxdb"
kolla_el10: "kolla_el10"
mariadb: "mariadb"
opensearch: "opensearch-3.x"
opensearch-dashboards: "opensearch-dashboards-3.x"

4
kolla/tests/test_methods.py
View File

@@ -55,7 +55,7 @@ class MethodsTest(base.TestCase):
result = methods.handle_repos(template_vars, ['grafana', 'ceph'],
'enable')
expectCmd = 'RUN dnf config-manager --enable grafana '
expectCmd += '--enable centos-ceph-reef || true'
expectCmd += '--enable centos-ceph-squid || true'
self.assertEqual(expectCmd, result)
def test_enable_repos_debian(self):
@@ -167,7 +167,7 @@ class MethodsTest(base.TestCase):
result = methods.handle_repos(template_vars, ['grafana', 'ceph'],
'disable')
expectCmd = 'RUN dnf config-manager --disable grafana '
expectCmd += '--disable centos-ceph-reef || true'
expectCmd += '--disable centos-ceph-squid || true'
self.assertEqual(expectCmd, result)
# NOTE(hrw): there is no disabling of repos for Debian/Ubuntu

17
tests/templates/template_overrides.j2
View File

@@ -18,21 +18,7 @@ RUN echo registry={{ nodepool_npmjs_proxy }} > /etc/npmrc \
{% endblock %}
{% endraw %}
{% if base_distro in ['centos', 'rocky'] %}
{% if base_distro == 'centos' %}
{% raw %}
{% block base_centos_repo_overrides_post_copy %}
{% endraw %}
COPY ci-centos.repo /etc/yum.repos.d/
RUN cd /etc/yum.repos.d/ && mkdir not-for-ci/ && mv centos*.repo not-for-ci/ \
&& sed -i -e "s/MIRROR/{{ nodepool_mirror_host }}/g" /etc/yum.repos.d/ci-centos.repo
{% raw %}
{% endblock %}
{% endraw %}
{% elif base_distro == 'rocky' %}
{% if base_distro == 'rocky' %}
{#
NOTE(hrw): Rocky is not mirrored but it uses CentOS repos which are
#}
@@ -47,7 +33,6 @@ RUN cd /etc/yum.repos.d/ && mkdir not-for-ci/ \
{% raw %}
{% endblock %}
{% endraw %}
{% endif %} {# if centos/rocky #}
{% raw %}
{% block base_centos_repo_overrides_post_rpm %}