Merge pull request #297 from Cray-HPE/develop

Release 1.24.2 for CSM 1.6

CHANGELOG.md

@@ -7,6 +7,16 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [1.24.2] - 2024-08-23
+
+### Added 
+
+- CASMPET-7180: New CFS play to enable spire for SBPS Marshal Agent
+- CASMPET-7195: New CFS play to install (+ previous enable) SBPS Marshal Agent
+
+### Fixed
+- typo fix in DNS SRV A records
+
 ## [1.24.1] - 2024-08-12
 
 ### Fixed
@@ -488,7 +498,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Ansible playbook for applying csm packages to Compute and Application nodes
 
-[Unreleased]: https://github.com/Cray-HPE/csm-config/compare/1.24.1...HEAD
+[Unreleased]: https://github.com/Cray-HPE/csm-config/compare/1.24.2...HEAD
+
+[1.24.2]: https://github.com/Cray-HPE/csm-config/compare/1.24.1...1.24.2
 
 [1.24.1]: https://github.com/Cray-HPE/csm-config/compare/1.24.0...1.24.1
 

ansible/config_sbps_iscsi_targets.yml

@@ -23,21 +23,31 @@
 # OTHER DEALINGS IN THE SOFTWARE.
 #
 
-# Configure "Management_Worker" (all worker nodes) by default OR
-# configure only subset of worker nodes("Management_Worker") defined in 
-# CFS config/ HSM group, set by user/ admin during node personalization.
 #
-# Install and configure SBPS on iSCSI targets (worker NCNs)
+# Personalize/ configure identified worker nodes for iSCSI SBPS (Scalable Boot
+# Content Projection Service):
+#   - provision these worker nodes as iSCSI targets with LIO services
+#   - install/ enable SBPS Marshal Agent(systemd service) on these iSCSI targets
+#   - create DNS SRV and A records to be used to discover iSCSI targets during compute nodes booting
+#   - mount s3 bucket (boot-image) images using new dedicated s3 read only policy
+#   - apply k8s label to the personalized nodes for other consumers of iSCSI SBPS
+# 
+# By default all the worker nodes (Management_Worker) will be configured OR 
+# admin/ user can chose to configure only subset of worker nodes defined in 
+# CFS config/ HSM group during personalization.
+#
 - hosts: Management_Worker
   gather_facts: no
   any_errors_fatal: true
   remote_user: root
   roles:
     # Apply k8s label on all the intended worker nodes
     - role: csm.sbps.apply_label
-    # Enable/ start SBPS Marshal Agent (systemd service)
-    - role: csm.sbps.enable_sbps_marshal
-    # Configure SBPS
+    # Enable spire for SBPS Marshal Agent (systemd service)
+    - role: csm.sbps.enable_spire
+    # Install and enable SBPS Marshal Agent
+    - role: csm.sbps.install_enable_marshal
+    # Provision iSCSI targets/ LIO services
     - role: csm.sbps.lio_config
     # Configure SBPS DNS "SRV" and "A" records
     - role: csm.sbps.dns_srv_records

ansible/roles/csm.sbps.dns_srv_records/files/sbps_dns_srv_records.sh

@@ -69,7 +69,7 @@ curl -s -X PATCH -H "X-API-Key: ${PDNS_API_KEY}" "http://${PDNS_API}:8081/api/v1
   "rrsets": [
     {
       "comments": [],
-      "name": "_sbps-hsn._tcp.'"${SYSTEM_NAME}"'.'"${SITE_DOMAIN}."',
+      "name": "_sbps-hsn._tcp.'"${SYSTEM_NAME}"'.'"${SITE_DOMAIN}."'",
       "changetype":"REPLACE",
       "records":[
         '"${hsn_srv_records}"'
@@ -79,7 +79,7 @@ curl -s -X PATCH -H "X-API-Key: ${PDNS_API_KEY}" "http://${PDNS_API}:8081/api/v1
     },
     {
       "comments": [],
-      "name": "_sbps-nmn._tcp.'"${SYSTEM_NAME}"'.'"${SITE_DOMAIN}."',
+      "name": "_sbps-nmn._tcp.'"${SYSTEM_NAME}"'.'"${SITE_DOMAIN}."'",
       "changetype":"REPLACE",
       "records":[
         '"${nmn_srv_records}"'

ansible/roles/csm.sbps.enable_sbps_marshal/README.md → ansible/roles/csm.sbps.enable_spire/README.md

@@ -1,7 +1,7 @@
-csm.sbps.enable_sbps_marshal
-============================
+csm.sbps.enable_spire
+=====================
 
-Enable SBPS Marshal agent (start systemd service) on specified NCN worker nodes.
+Enable spire for SBPS Marshal Agent on specified NCN worker nodes.
 
 Requirements
 ------------
@@ -23,8 +23,8 @@ Example Playbook
       any_errors_fatal: true
       remote_user: root
       roles:
-        # Configure SBPS
-        - role: csm.sbps.enable_sbps_marshal
+        # Enable spire for SBPS Marshal Agent
+        - role: csm.sbps.enable_spire
 ```
 
 License

ansible/roles/csm.sbps.enable_spire/tasks/main.yml

@@ -0,0 +1,38 @@
+#
+# MIT License
+#
+# (C) Copyright 2024 Hewlett Packard Enterprise Development LP
+#
+# Permission is hereby granted, free of charge, to any person obtaining a
+# copy of this software and associated documentation files (the "Software"),
+# to deal in the Software without restriction, including without limitation
+# the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# and/or sell copies of the Software, and to permit persons to whom the
+# Software is furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included
+# in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR
+# OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+# ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+# OTHER DEALINGS IN THE SOFTWARE.
+#
+---
+
+# Enable spire for SBPS Marshal Agent
+# on specified NCN worker nodes.
+- name: enable_spire_for_sbps
+  ansible.builtin.file:
+    src: /opt/cray/cray-spire/spire-agent
+    dest: /usr/bin/sbps-marshal-spire-agent
+    state: hard
+
+- name: restart_spire_agent
+  ansible.builtin.systemd:
+    name: spire-agent
+    state: restarted
+    enabled: true

ansible/roles/csm.sbps.install_enable_marshal/README.md

@@ -0,0 +1,37 @@
+csm.sbps.install_enable_marshal
+===============================
+
+Install and enable/ start SBPS Marshal Agent (start systemd service) on specified NCN worker nodes.
+
+Requirements
+------------
+
+None.
+
+Role Variables
+--------------
+
+Dependencies
+------------
+
+Example Playbook
+----------------
+
+```yaml
+    - hosts: Management_Worker
+      gather_facts: no
+      any_errors_fatal: true
+      remote_user: root
+      roles:
+        # Install and enable/ start SBPS Marshal Agent
+        - role: csm.sbps.install_enable_marshal
+```
+
+License
+-------
+None.
+
+Author Information
+------------------
+
+Copyright 2024 Hewlett Packard Enterprise Development LP

ansible/roles/csm.sbps.enable_sbps_marshal/tasks/main.yml → ansible/roles/csm.sbps.install_enable_marshal/tasks/main.yml

@@ -22,8 +22,14 @@
 # OTHER DEALINGS IN THE SOFTWARE.
 #
 ---
-# Enable SBPS Marshal Agent (start systemd service) on specified
+# Install and enable/ start SBPS Marshal Agent (systemd service) on specified
 # NCN worker nodes.
+- name: install_sbps_marshal
+  zypper:
+    name: sbps-marshal
+    state: latest
+    update_cache: yes
+
 - name: enable_sbps_marshal
   ansible.builtin.systemd:
     name: sbps-marshal

zypper-docker-build.sh

@@ -55,11 +55,10 @@ function add_zypper_repos {
     zypper --non-interactive ar "${SLES_UPDATES_URL}/SLE-${label}/15-SP${SP}/${ARCH}/update/?auth=basic" "sles15sp${SP}-${label}-update"
 }
 
-if [[ ${SP} -eq 4 ]]; then
-    # The current sles15sp4 base image starts with a lock on coreutils, but this prevents a necessary
-    # security patch from being applied. Thus, adding this command to remove the lock if it is
-    # present.
-    zypper --non-interactive removelock coreutils || true
+if [[ ${SP} -lt 5 ]]; then
+    # The mirrors for these earlier SLES SPs are no longer available
+    echo "ERROR: SP == $SP, but must be 5+" >&2
+    exit 1
 fi
 
 zypper --non-interactive rr --all