From 2d1c11e4149f85d53cde1f0b2068ae4bd170f14f Mon Sep 17 00:00:00 2001
From: Stig Telfer <stig@stackhpc.com>
Date: Tue, 13 Feb 2024 12:28:40 +0000
Subject: [PATCH] Fixes for deploying Antelope (2023.1)

Ubuntu by default
Add initial TENKS provision to a-seed-from-nothing
Migrate to quay.io and new tag naming scheme
Fix for loss of DHCP on Ubuntu/Netplan instances
Give lab-specific names to security group and ssh key
Disable interactive dialog for service restart on Jammy package update
---
 a-seed-from-nothing.sh    |  30 +++++--
 openstack-device.tf       |   2 +-
 pull-retag-push-images.sh | 167 ++++++++++++++++++++------------------
 3 files changed, 109 insertions(+), 90 deletions(-)

diff --git a/a-seed-from-nothing.sh b/a-seed-from-nothing.sh
index 3b748d8..fe43806 100644
--- a/a-seed-from-nothing.sh
+++ b/a-seed-from-nothing.sh
@@ -20,14 +20,16 @@ then
     dpkg -l ufw && sudo systemctl is-enabled ufw && sudo systemctl stop ufw && sudo systemctl disable ufw
 else
     rpm -q firewalld && sudo systemctl is-enabled firewalld && sudo systemctl stop firewalld && sudo systemctl disable firewalld
-fi
 
-# Disable SELinux.
-sudo setenforce 0
+    # Disable SELinux.
+    sudo setenforce 0
+fi
 
 # Useful packages
 if [[ "${CLOUD_USER}" = "ubuntu" ]]
 then
+    # Avoid the interactive dialog prompting for service restart: set policy to leave services unchanged
+    echo "\$nrconf{restart} = 'l';" | sudo tee /etc/needrestart/conf.d/90-aufn.conf
     sudo apt update
     sudo apt install -y git tmux lvm2 iptables
 else
@@ -61,6 +63,19 @@ then
         exit -1
         ;;
     esac
+elif [[ "${CLOUD_USER}" = "ubuntu" ]]
+then
+    # Prepare for disabling of Netplan and enabling of systemd-networkd.
+    # Netplan has an interaction with systemd and cloud-init to populate
+    # systemd-networkd files, but ephemerally.  If /etc/systemd/network is
+    # empty and netplan config files are present in /run, copy them over.
+    persistent_netcfg=$(ls /etc/systemd/network)
+    ephemeral_netcfg=$(ls /run/systemd/network)
+    if [[ -z "$persistent_netcfg" && ! -z "$ephemeral_netcfg" ]]
+    then
+        echo "Creating persistent versions of Netplan ephemeral config"
+        sudo cp /run/systemd/network/* /etc/systemd/network
+    fi
 fi
 
 # Exit on error
@@ -89,8 +104,7 @@ fi
 
 # Clone Kayobe.
 cd $HOME
-#[[ -d kayobe ]] || git clone https://opendev.org/openstack/kayobe.git -b stable/yoga
-[[ -d kayobe ]] || git clone https://github.com/oneswig/kayobe -b oneswig/yoga
+[[ -d kayobe ]] || git clone https://opendev.org/openstack/kayobe.git -b stable/2023.1
 cd kayobe
 
 # Bump the provisioning time - it can be lengthy on virtualised storage
@@ -102,11 +116,10 @@ sed -i.bak 's%^[# ]*wait_active_timeout:.*%    wait_active_timeout: 5000%' ~/kay
 # Clone this Kayobe configuration.
 mkdir -p config/src
 cd config/src/
-#[[ -d kayobe-config ]] || git clone https://github.com/stackhpc/a-universe-from-nothing.git -b stable/yoga kayobe-config
-[[ -d kayobe-config ]] || git clone https://github.com/stackhpc/a-universe-from-nothing.git -b yoga-XL kayobe-config
+[[ -d kayobe-config ]] || git clone https://github.com/stackhpc/a-universe-from-nothing.git -b stable/2023.1 kayobe-config
 
 # Set default registry name to the one we just created
-sed -i.bak 's/^docker_registry.*/docker_registry: '$registry_ip':4000/' kayobe-config/etc/kayobe/docker.yml
+sed -i.bak 's/^docker_registry:.*/docker_registry: '$registry_ip':4000/' kayobe-config/etc/kayobe/docker.yml
 
 # Configure host networking (bridge, routes & firewall)
 ./kayobe-config/configure-local-networking.sh
@@ -150,7 +163,6 @@ fi
 
 # Run TENKS
 cd ~/kayobe
-source dev/environment-setup.sh
 export TENKS_CONFIG_PATH=config/src/kayobe-config/tenks.yml
 ./dev/tenks-deploy-overcloud.sh ./tenks
 
diff --git a/openstack-device.tf b/openstack-device.tf
index 01137b7..e58df32 100644
--- a/openstack-device.tf
+++ b/openstack-device.tf
@@ -1,5 +1,5 @@
 resource "openstack_compute_keypair_v2" "ufn_lab_key" {
-  name       = "ufn_lab_key"
+  name       = "${var.lab_prefix}_lab_key"
   public_key = tls_private_key.default.public_key_openssh
 }
 
diff --git a/pull-retag-push-images.sh b/pull-retag-push-images.sh
index 0577692..a9abdf0 100755
--- a/pull-retag-push-images.sh
+++ b/pull-retag-push-images.sh
@@ -41,88 +41,95 @@ if [ ! "$(sudo docker ps -q -f name=registry)" ]; then
     sudo docker run -d -p 4000:5000 --restart=always --name registry registry
 fi
 
-tag=${1:-yoga}
-images="kolla/${DISTRO}-source-bifrost-deploy
-kolla/${DISTRO}-source-kolla-toolbox
-kolla/${DISTRO}-source-haproxy
-kolla/${DISTRO}-source-mariadb-server
-kolla/${DISTRO}-source-mariadb-clustercheck
-kolla/${DISTRO}-source-fluentd
-kolla/${DISTRO}-source-cron
-kolla/${DISTRO}-source-keepalived
-kolla/${DISTRO}-source-neutron-server
-kolla/${DISTRO}-source-neutron-l3-agent
-kolla/${DISTRO}-source-neutron-metadata-agent
-kolla/${DISTRO}-source-neutron-openvswitch-agent
-kolla/${DISTRO}-source-neutron-dhcp-agent
-kolla/${DISTRO}-source-glance-api
-kolla/${DISTRO}-source-nova-compute
-kolla/${DISTRO}-source-keystone-fernet
-kolla/${DISTRO}-source-keystone-ssh
-kolla/${DISTRO}-source-keystone
-kolla/${DISTRO}-source-nova-api
-kolla/${DISTRO}-source-nova-conductor
-kolla/${DISTRO}-source-nova-ssh
-kolla/${DISTRO}-source-nova-novncproxy
-kolla/${DISTRO}-source-nova-scheduler
-kolla/${DISTRO}-source-placement-api
-kolla/${DISTRO}-source-openvswitch-vswitchd
-kolla/${DISTRO}-source-openvswitch-db-server
-kolla/${DISTRO}-source-nova-libvirt
-kolla/${DISTRO}-source-memcached
-kolla/${DISTRO}-source-rabbitmq
-kolla/${DISTRO}-source-heat-api
-kolla/${DISTRO}-source-heat-api-cfn
-kolla/${DISTRO}-source-heat-engine
-kolla/${DISTRO}-source-horizon
-kolla/${DISTRO}-source-kibana
-kolla/${DISTRO}-source-elasticsearch
-kolla/${DISTRO}-source-elasticsearch-curator
-kolla/${DISTRO}-source-barbican-base
-kolla/${DISTRO}-source-barbican-api
-kolla/${DISTRO}-source-barbican-worker
-kolla/${DISTRO}-source-barbican-keystone-listener
-kolla/${DISTRO}-source-magnum-base
-kolla/${DISTRO}-source-magnum-api
-kolla/${DISTRO}-source-magnum-conductor
-kolla/${DISTRO}-source-prometheus-alertmanager
-kolla/${DISTRO}-source-prometheus-v2-server
-kolla/${DISTRO}-source-prometheus-cadvisor
-kolla/${DISTRO}-source-prometheus-haproxy-exporter
-kolla/${DISTRO}-source-prometheus-mtail
-kolla/${DISTRO}-source-prometheus-memcached-exporter
-kolla/${DISTRO}-source-prometheus-blackbox-exporter
-kolla/${DISTRO}-source-prometheus-node-exporter
-kolla/${DISTRO}-source-prometheus-elasticsearch-exporter
-kolla/${DISTRO}-source-prometheus-mysqld-exporter
-kolla/${DISTRO}-source-prometheus-openstack-exporter
-kolla/${DISTRO}-source-prometheus-libvirt-exporter
-kolla/${DISTRO}-source-grafana
-kolla/${DISTRO}-source-cinder-scheduler
-kolla/${DISTRO}-source-cinder-volume
-kolla/${DISTRO}-source-cinder-backup
-kolla/${DISTRO}-source-cinder-api
-kolla/${DISTRO}-source-ovn-controller
-kolla/${DISTRO}-source-ovn-northd
-kolla/${DISTRO}-source-ovn-nb-db-server
-kolla/${DISTRO}-source-ovn-sb-db-server
-kolla/${DISTRO}-source-dnsmasq
-kolla/${DISTRO}-source-ironic-api
-kolla/${DISTRO}-source-ironic-conductor
-kolla/${DISTRO}-source-ironic-inspector
-kolla/${DISTRO}-source-ironic-neutron-agent
-kolla/${DISTRO}-source-ironic-pxe
-kolla/${DISTRO}-source-nova-compute-ironic
-kolla/${DISTRO}-source-manila-api
-kolla/${DISTRO}-source-manila-share
-kolla/${DISTRO}-source-manila-data
-kolla/${DISTRO}-source-manila-scheduler"
+registry=quay.io
+acct=openstack.kolla
+if [[ "${DISTRO}" = "ubuntu" ]]
+then
+    tag=${1:-2023.1-ubuntu-jammy}
+else
+    tag=${1:-2023.1-rocky-9}
+fi
+images="bifrost-deploy
+kolla-toolbox
+haproxy
+mariadb-server
+mariadb-clustercheck
+fluentd
+cron
+keepalived
+neutron-server
+neutron-l3-agent
+neutron-metadata-agent
+neutron-openvswitch-agent
+neutron-dhcp-agent
+glance-api
+nova-compute
+keystone-fernet
+keystone-ssh
+keystone
+nova-api
+nova-conductor
+nova-ssh
+nova-novncproxy
+nova-scheduler
+placement-api
+openvswitch-vswitchd
+openvswitch-db-server
+nova-libvirt
+memcached
+rabbitmq
+heat-api
+heat-api-cfn
+heat-engine
+horizon
+opensearch
+opensearch-dashboards
+barbican-base
+barbican-api
+barbican-worker
+barbican-keystone-listener
+magnum-base
+magnum-api
+magnum-conductor
+prometheus-alertmanager
+prometheus-v2-server
+prometheus-cadvisor
+prometheus-haproxy-exporter
+prometheus-mtail
+prometheus-memcached-exporter
+prometheus-blackbox-exporter
+prometheus-node-exporter
+prometheus-elasticsearch-exporter
+prometheus-mysqld-exporter
+prometheus-openstack-exporter
+prometheus-libvirt-exporter
+grafana
+cinder-scheduler
+cinder-volume
+cinder-backup
+cinder-api
+ovn-controller
+ovn-northd
+ovn-nb-db-server
+ovn-sb-db-server
+dnsmasq
+ironic-api
+ironic-conductor
+ironic-inspector
+ironic-neutron-agent
+ironic-pxe
+nova-compute-ironic
+manila-api
+manila-share
+manila-data
+manila-scheduler"
 
 for image in $images; do
-    sudo docker pull $image:$tag
-    sudo docker tag docker.io/$image:$tag localhost:4000/openstack.$image:$tag
-    sudo docker push localhost:4000/openstack.$image:$tag
-    sudo docker image remove docker.io/$image:$tag
+    echo "Processing $acct/$image:$tag..."
+    sudo docker pull $registry/$acct/$image:$tag
+    sudo docker tag $registry/$acct/$image:$tag localhost:4000/$acct/$image:$tag
+    sudo docker push localhost:4000/$acct/$image:$tag
+    sudo docker image remove $registry/$acct/$image:$tag
 done
 
 # Duration