stackhpc
diff --git a/‎.github/workflows/overcloud-host-image-promote.yml
Lines changed: 25 additions & 24 deletions b/‎.github/workflows/overcloud-host-image-promote.yml
Lines changed: 25 additions & 24 deletions
diff --git a/‎.github/workflows/stackhpc-all-in-one.yml
Lines changed: 30 additions & 5 deletions b/‎.github/workflows/stackhpc-all-in-one.yml
Lines changed: 30 additions & 5 deletions
diff --git a/‎.github/workflows/stackhpc-pull-request.yml
Lines changed: 30 additions & 14 deletions b/‎.github/workflows/stackhpc-pull-request.yml
Lines changed: 30 additions & 14 deletions
diff --git a/‎doc/source/configuration/index.rst
Lines changed: 2 additions & 0 deletions b/‎doc/source/configuration/index.rst
Lines changed: 2 additions & 0 deletions
diff --git a/‎doc/source/configuration/magnum-capi.rst
Lines changed: 45 additions & 0 deletions b/‎doc/source/configuration/magnum-capi.rst
Lines changed: 45 additions & 0 deletions
@@ -3,17 +3,26 @@ name: Promote overcloud host image
 on:
   workflow_dispatch:
     inputs:
-      os_image:
-        description: Image to promote
-        type: choice
-        required: true
-        default: 'CentOS Stream 8'
-        options:
-          - 'CentOS Stream 8'
-          - 'Rocky Linux 8'
-          - 'Rocky Linux 9'
-          - 'Ubuntu Focal 20.04'
-          - 'Ubuntu Jammy 22.04'
+      centos:
+        description: Promote CentOS Stream 8
+        type: boolean
+        default: true
+      rocky8:
+        description: Promote Rocky Linux 8
+        type: boolean
+        default: true
+      rocky9:
+        description: Promote Rocky Linux 9
+        type: boolean
+        default: true
+      ubuntu-focal:
+        description: Promote Ubuntu 20.04 Focal
+        type: boolean
+        default: true
+      ubuntu-jammy:
+        description: Promote Ubuntu 22.04 Jammy
+        type: boolean
+        default: true
       image_tag:
         description: Tag to promote
         type: string
@@ -78,14 +87,6 @@ jobs:
           source src/kayobe-config/kayobe-env --environment ci-builder &&
           kayobe control host bootstrap
 
-      - name: Configure the seed host
-        run: |
-          source venvs/kayobe/bin/activate &&
-          source src/kayobe-config/kayobe-env --environment ci-builder &&
-          kayobe seed host configure
-        env:
-          KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }}
-
       - name: Promote CentOS Stream 8 overcloud host image artifact
         run: |
           source venvs/kayobe/bin/activate &&
@@ -98,7 +99,7 @@ jobs:
         env:
           OVERCLOUD_HOST_IMAGE_TAG: ${{ inputs.image_tag }}
           KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }}
-        if: os_image == 'CentOS Stream 8'
+        if: inputs.centos
 
       - name: Promote Rocky Linux 8 overcloud host image artifact
         run: |
@@ -112,7 +113,7 @@ jobs:
         env:
           OVERCLOUD_HOST_IMAGE_TAG: ${{ inputs.image_tag }}
           KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }}
-        if: os_image == 'Rocky Linux 8'
+        if: inputs.rocky8
 
       - name: Promote Rocky Linux 9 overcloud host image artifact
         run: |
@@ -126,7 +127,7 @@ jobs:
         env:
           OVERCLOUD_HOST_IMAGE_TAG: ${{ inputs.image_tag }}
           KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }}
-        if: os_image == 'Rocky Linux 9'
+        if: inputs.rocky9
 
       - name: Promote Ubuntu Focal 20.04 overcloud host image artifact
         run: |
@@ -140,7 +141,7 @@ jobs:
         env:
           OVERCLOUD_HOST_IMAGE_TAG: ${{ inputs.image_tag }}
           KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }}
-        if: os_image == 'Ubuntu Focal 20.04'
+        if: inputs.ubuntu-focal
 
       - name: Promote Ubuntu Jammy 22.04 overcloud host image artifact
         run: |
@@ -154,4 +155,4 @@ jobs:
         env:
           OVERCLOUD_HOST_IMAGE_TAG: ${{ inputs.image_tag }}
           KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }}
-        if: os_image == 'Ubuntu Jammy 22.04'
+        if: inputs.ubuntu-jammy
@@ -27,14 +27,14 @@ on:
         description: Neutron ML2 plugin
         type: string
         required: true
-      vm_image:
-        description: Image for the all-in-one VM
+      vm_image_override:
+        description: Full name of an image to use instead of the default
         type: string
-        default: bb8c0a34-533f-42fb-a49b-3461e677f3f6
+        default: ""
       vm_interface:
         description: Default network interface name
         type: string
-        default: eth0
+        default: ens3
       vm_flavor:
         description: Flavor for the all-in-one VM
         type: string
@@ -76,6 +76,21 @@ jobs:
         with:
            submodules: true
 
+      - name: Output image tag
+        id: image_tag
+        run: |
+          echo image_tag=$(grep stackhpc_${{ inputs.os_distribution }}_${{ inputs.os_release }}_overcloud_host_image_version etc/kayobe/environments/ci-aio/stackhpc-ci.yml | awk '{print $2}') >> $GITHUB_OUTPUT
+
+      # Use the image override if set, otherwise use overcloud-os_distribution-os_release-tag
+      - name: Output image name
+        id: image_name
+        run: |
+          if [ -z "${{ inputs.vm_image_override }}" ]; then
+            echo image_name=overcloud-${{ inputs.os_distribution }}-${{ inputs.os_release }}-${{ steps.image_tag.outputs.image_tag }} >> $GITHUB_OUTPUT
+          else
+            echo image_name=${{ inputs.vm_image_override }} >> $GITHUB_OUTPUT
+          fi
+
       - name: Install terraform
         uses: hashicorp/setup-terraform@v2
 
@@ -110,7 +125,7 @@ jobs:
         env:
           SSH_USERNAME: "${{ inputs.ssh_username }}"
           VM_NAME: "skc-ci-aio-${{ inputs.neutron_plugin }}-${{ github.run_id }}"
-          VM_IMAGE: ${{ inputs.vm_image }}
+          VM_IMAGE: ${{ steps.image_name.outputs.image_name }}
           VM_FLAVOR: ${{ inputs.vm_flavor }}
           VM_NETWORK: ${{ inputs.vm_network }}
           VM_SUBNET: ${{ inputs.vm_subnet }}
@@ -191,6 +206,16 @@ jobs:
         run: |
           sudo docker image pull $KAYOBE_IMAGE
 
+      - name: Run growroot
+        run: |
+          sudo -E docker run -t --rm \
+            -v $(pwd):/stack/kayobe-automation-env/src/kayobe-config \
+            -e KAYOBE_ENVIRONMENT -e KAYOBE_VAULT_PASSWORD -e KAYOBE_AUTOMATION_SSH_PRIVATE_KEY \
+            $KAYOBE_IMAGE \
+            /stack/kayobe-automation-env/src/kayobe-config/.automation/pipeline/playbook-run.sh '$KAYOBE_CONFIG_PATH/ansible/growroot.yml'
+        env:
+          KAYOBE_AUTOMATION_SSH_PRIVATE_KEY: ${{ steps.ssh_key.outputs.ssh_key }}
+
       - name: Host configure
         run: |
           sudo -E docker run -t --rm \
 
@@ -75,10 +75,6 @@ jobs:
       os_distribution: rocky
       os_release: "8"
       neutron_plugin: ovs
-      # NOTE: The current SMS lab Rocky8 image has moved ahead of our release
-      # train snapshots, causing failures installing some packages.
-      vm_image: Rocky8-2022-11-08
-      vm_interface: ens3
       OS_CLOUD: sms-lab-release
     secrets: inherit
     if: github.repository == 'stackhpc/stackhpc-kayobe-config'
@@ -93,10 +89,6 @@ jobs:
       os_distribution: rocky
       os_release: "8"
       neutron_plugin: ovn
-      # NOTE: The current SMS lab Rocky8 image has moved ahead of our release
-      # train snapshots, causing failures installing some packages.
-      vm_image: Rocky8-2022-11-08
-      vm_interface: ens3
       OS_CLOUD: sms-lab-release
     secrets: inherit
     if: github.repository == 'stackhpc/stackhpc-kayobe-config'
@@ -112,7 +104,6 @@ jobs:
       os_release: focal
       ssh_username: ubuntu
       neutron_plugin: ovs
-      vm_image: Ubuntu-20.04
       OS_CLOUD: sms-lab-release
     secrets: inherit
     if: github.repository == 'stackhpc/stackhpc-kayobe-config'
@@ -128,7 +119,36 @@ jobs:
       os_release: focal
       ssh_username: ubuntu
       neutron_plugin: ovn
-      vm_image: Ubuntu-20.04
+      OS_CLOUD: sms-lab-release
+    secrets: inherit
+    if: github.repository == 'stackhpc/stackhpc-kayobe-config'
+
+  all-in-one-ubuntu-jammy-ovs:
+    name: aio (Ubuntu Jammy OVS)
+    needs:
+      - build-kayobe-image
+    uses: ./.github/workflows/stackhpc-all-in-one.yml
+    with:
+      kayobe_image: ${{ needs.build-kayobe-image.outputs.kayobe_image }}
+      os_distribution: ubuntu
+      os_release: jammy
+      ssh_username: ubuntu
+      neutron_plugin: ovs
+      OS_CLOUD: sms-lab-release
+    secrets: inherit
+    if: github.repository == 'stackhpc/stackhpc-kayobe-config'
+
+  all-in-one-ubuntu-jammy-ovn:
+    name: aio (Ubuntu Jammy OVN)
+    needs:
+      - build-kayobe-image
+    uses: ./.github/workflows/stackhpc-all-in-one.yml
+    with:
+      kayobe_image: ${{ needs.build-kayobe-image.outputs.kayobe_image }}
+      os_distribution: ubuntu
+      os_release: jammy
+      ssh_username: ubuntu
+      neutron_plugin: ovn
       OS_CLOUD: sms-lab-release
     secrets: inherit
     if: github.repository == 'stackhpc/stackhpc-kayobe-config'
@@ -144,8 +164,6 @@ jobs:
       os_release: "9"
       ssh_username: cloud-user
       neutron_plugin: ovs
-      vm_image: Rocky9
-      vm_interface: ens3
       OS_CLOUD: sms-lab-release
     secrets: inherit
     if: github.repository == 'stackhpc/stackhpc-kayobe-config'
@@ -161,8 +179,6 @@ jobs:
       os_release: "9"
       ssh_username: cloud-user
       neutron_plugin: ovn
-      vm_image: Rocky9
-      vm_interface: ens3
       OS_CLOUD: sms-lab-release
     secrets: inherit
     if: github.repository == 'stackhpc/stackhpc-kayobe-config'
@@ -16,3 +16,5 @@ the various features provided.
    cephadm
    monitoring
    wazuh
+   vault
+   magnum-capi
@@ -0,0 +1,45 @@
+=========================
+Magnum Cluster API Driver
+=========================
+A new driver for magnum has been written. It is an alternative to heat (as heat gets phased out due to maintenance burden) that allows the definition of clusters as Kubernetes CRDs as opposed to heat templates. The two are compatible and can both be active on the same deployment, and the decision of which driver is used for a given template depends on certain parameters inferred from the template. For the new driver, these are `{'server_type' : 'vm', 'os' : 'ubuntu', 'coe': kubernetes'}`.
+Drivers can be enabled and disabled via the `disabled_drivers` parameter of `[drivers]` under `magnum.conf`.
+
+Prerequisites for deploying the CAPI driver in magnum:
+
+Management Cluster
+===================
+The CAPI driver relies on a management Kubernetes cluster, installed inside the cloud, to manage tenant Kubernetes clusters.
+The easiest way to get one is by deploying `this <https://github.com/stackhpc/azimuth-config/tree/feature/capi-mgmt-config>`__ branch of azimuth-config, and look at the `capi-mgmt-example` environment. Refer to the `azimuth-config wiki <https://stackhpc.github.io/azimuth-config/>`__ for detailed steps on how to deploy.
+
+Ensure that you have set `capi_cluster_apiserver_floating_ip: true`, as the management cluster will need an externally accessible IP. The external network this corresponds to is whatever you have set `azimuth_capi_operator_external_network_id` to. This network needs to be reachable from wherever the magnum container is running.
+
+It's preferable that most Day 2 ops be done via a `CD Pipeline <https://stackhpc.github.io/azimuth-config/deployment/automation/>`__.
+
+Kayobe Config
+==============
+Ensure that your kayobe-config branch is up to date on |current_release_git_branch_name|.
+
+Copy the kubeconfig found at `kubeconfig-capi-mgmt-<your-az-environment>.yaml` to your kayobe environment (e.g. `<your-skc-environment>/kolla/config/magnum/kubeconfig`. It is highly likely you'll want to add this file to ansible vault.
+
+Ensure that your magnum.conf has the following set:
+
+.. code-block:: yaml
+
+    [nova_client]
+    endpoint_type = publicURL
+
+
+This is used to generate the application credential config injected into the tenant Kubernetes clusters, such that it is usable from within an OpenStack project, so you can't use the "internal API" end point here.
+
+Control Plane
+==============
+Ensure that the nodes (either controllers or dedicated network hosts) that you are running the magnum containers on have connectivity to the network on which your management cluster has a floating IP (so that the magnum containers can reach the IP listed in the kubeconfig).
+
+Magnum Templates
+================
+
+`azimuth-images <https://github.com/stackhpc/azimuth-images>`__ builds the required Ubuntu Kubernetes images, and `capi-helm-charts <https://github.com/stackhpc/capi-helm-charts/blob/main/.github/workflows/test.yaml>`__ CI runs conformance tests on each image built.
+
+Magnum templates can be deployed using `openstack-config <https://github.com/stackhpc/openstack-config>`__. Typically, you would create a fork `<environment>-config` of this repository, move the resources defined in `examples/capi-templates-images.yml` into `etc/openstack-config/openstack-config.yml`, and then follow the instructions in the readme to deploy these.
+
+