AQ Builders

os_builders/CHANGELOG

@@ -8,6 +8,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [Unreleased]
 
 ### Added:
+- Added new builders for Rocky 8 and 9 AQ images. [#148](https://github.com/stfc/cloud-image-builders/pull/148)
 
 ### Changed:
 

os_builders/build.pkr.hcl

@@ -13,16 +13,6 @@ packer {
 
 locals {
   date_suffix = "${formatdate("YYYY-MM-DD", timestamp())}"
-}
-
-source "openstack" "builder" {
-  domain_name       = "Default"
-  flavor            = "l6.c2"
-  security_groups   = ["default"]
-  networks          = ["fa2f5ebe-d0e0-4465-9637-e9461de443f1"]  # Dev OpenStack Network ID
-  image_visibility  = "private"
-  ssh_timeout       = "20m"
-  image_min_disk    = "20"
   metadata = {
     "hw_machine_type" : "q35",
     "hw_disk_bus" : "scsi",
@@ -39,6 +29,24 @@ source "openstack" "builder" {
     "hw_firmware_type" : "bios",
     "image_builder_version": "0.1.0"
   }
+  aq_metadata = {
+    "AQ_ARCHETYPE": "cloud",
+    "AQ_DOMAIN": "prod_cloud",
+    "aq_managed": "true",
+    "AQ_OS": "rocky",
+    "AQ_OSNAME": "rocky",
+    "AQ_PERSONALITY": "nubesvms",
+  }
+}
+
+source "openstack" "builder" {
+  domain_name       = "Default"
+  flavor            = "l6.c2"
+  security_groups   = ["default"]
+  networks          = ["fa2f5ebe-d0e0-4465-9637-e9461de443f1"]  # Dev OpenStack Network ID
+  image_visibility  = "private"
+  ssh_timeout       = "20m"
+  image_min_disk    = "20"
 }
 
 build {
@@ -47,43 +55,64 @@ build {
     image_name                = "ubuntu-jammy-22.04-nogui-${ local.date_suffix }"
     ssh_username              = "ubuntu"
     external_source_image_url = "https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64.img"
+    metadata = local.metadata
   }
   source "openstack.builder" {
     name                      = "ubuntu-noble"
     image_name                = "ubuntu-noble-24.04-nogui-${ local.date_suffix }"
     ssh_username              = "ubuntu"
     external_source_image_url = "https://cloud-images.ubuntu.com/noble/current/noble-server-cloudimg-amd64.img"
+    metadata = local.metadata
   }
   source "openstack.builder" {
     name = "rocky-8"
     image_name = "rocky-8-nogui-${ local.date_suffix }"
     ssh_username = "rocky"
-    external_source_image_url = "https://www.mirrorservice.org/sites/download.rockylinux.org/pub/rocky/8/images/x86_64/Rocky-8-GenericCloud-Base.latest.x86_64.qcow2"    
+    external_source_image_url = "https://www.mirrorservice.org/sites/download.rockylinux.org/pub/rocky/8/images/x86_64/Rocky-8-GenericCloud-Base.latest.x86_64.qcow2"
+    metadata = local.metadata
   }
     source "openstack.builder" {
     name = "rocky-9"
     image_name = "rocky-9-nogui-${ local.date_suffix }"
     ssh_username = "rocky"
     external_source_image_url = "https://www.mirrorservice.org/sites/download.rockylinux.org/pub/rocky/9/images/x86_64/Rocky-9-GenericCloud-Base.latest.x86_64.qcow2"
+    metadata = local.metadata
   }
 
   source "openstack.builder" {
     name                      = "azimuth-workstation"
     external_source_image_url = "https://object.arcus.openstack.hpc.cam.ac.uk/swift/v1/AUTH_f0dc9cb312144d0aa44037c9149d2513/azimuth-images/ubuntu-jammy-desktop-251029-1115.qcow2"
     image_name                = "azimuth-workstation-${ local.date_suffix }"
     ssh_username              = "ubuntu"
+    metadata = local.metadata
   }
   source "openstack.builder" {
     name                      = "azimuth-rstudio"
     external_source_image_url = "https://object.arcus.openstack.hpc.cam.ac.uk/swift/v1/AUTH_f0dc9cb312144d0aa44037c9149d2513/azimuth-images/ubuntu-jammy-linux-rstudio-251029-1117.qcow2"
     image_name                = "azimuth-rstudio-${ local.date_suffix }"
     ssh_username              = "ubuntu"
+    metadata = local.metadata
   }
   source "openstack.builder" {
     name                      = "azimuth-jupyter-repo2docker"
     external_source_image_url = "https://object.arcus.openstack.hpc.cam.ac.uk/swift/v1/AUTH_f0dc9cb312144d0aa44037c9149d2513/azimuth-images/ubuntu-jammy-jupyter-repo2docker-251029-1115.qcow2"
     image_name                = "azimuth-jupyter-repo2docker-${ local.date_suffix }"
     ssh_username              = "ubuntu"
+    metadata = local.metadata
+  }
+  source "openstack.builder" {
+    name = "rocky-8-aq"
+    image_name = "rocky-8-aq-${ local.date_suffix }"
+    ssh_username = "rocky"
+    external_source_image_url = "https://www.mirrorservice.org/sites/download.rockylinux.org/pub/rocky/8/images/x86_64/Rocky-8-GenericCloud-Base.latest.x86_64.qcow2"
+    metadata                  = merge(local.metadata, local.aq_metadata, {"AQ_OSVERSION": "8"})
+  }
+    source "openstack.builder" {
+    name = "rocky-9-aq"
+    image_name = "rocky-9-aq-${ local.date_suffix }"
+    ssh_username = "rocky"
+    external_source_image_url = "https://www.mirrorservice.org/sites/download.rockylinux.org/pub/rocky/9/images/x86_64/Rocky-9-GenericCloud-Base.latest.x86_64.qcow2"
+    metadata                  = merge(local.metadata, local.aq_metadata, {"AQ_OSVERSION": "9"})
   }
 
   sources = ["openstack.builder"]
@@ -97,5 +126,14 @@ build {
       "--scp-extra-args", "'-O'",
     ]
   }
+  provisioner "ansible" {
+    only = ["openstack.rocky-8-aq", "openstack.rocky-9-aq"]
+    user          = "${build.User}"
+    playbook_file = "quattor.yml"
+    extra_arguments = [
+      # Still required for Rocky 8 and 9
+      "--scp-extra-args", "'-O'",
+    ]
+  }
 }
 

os_builders/quattor.yml

@@ -0,0 +1,4 @@
+- name: Install Quattor Onto STFC Cloud User Image
+  hosts: all
+  roles:
+    - role: quattor

os_builders/roles/quattor/defaults/main.yaml

@@ -0,0 +1 @@
+quattor_version: 24.10.0

os_builders/roles/quattor/files/99-set-aquilon-profile.cfg

@@ -0,0 +1,20 @@
+## template: jinja
+#cloud-config
+write_files:
+- path: /etc/ccm.conf
+  content: |
+    ca_dir /etc/grid-security/certificates/
+    cache_root /var/lib/ccm
+    debug 0
+    force 0
+    get_timeout 30
+    lock_retries 3
+    lock_wait 30
+    profile https://aquilon.gridpp.rl.ac.uk/profiles/host-{{ ds.ec2_metadata.local_ipv4 | replace(".","-") }}.nubes.stfc.ac.uk.json
+    profile_failover http://aquilon.gridpp.rl.ac.uk/profiles/host-{{ ds.ec2_metadata.local_ipv4 | replace(".","-") }}.nubes.stfc.ac.uk.json
+    retrieve_retries 3
+    retrieve_wait 30
+    world_readable 0
+  owner: 'root:root'
+  permissions: '0644'
+  defer: true

os_builders/roles/quattor/tasks/main.yaml

@@ -0,0 +1,77 @@
+- name: Add EPEL repository
+  ansible.builtin.yum_repository:
+    name: epel-{{ ansible_facts.distribution_major_version }}-x86_64
+    description: "EPEL {{ ansible_facts.distribution_major_version }} Repository"
+    baseurl: "http://mirrors.gridpp.rl.ac.uk/current/epel-{{ ansible_facts.distribution_major_version }}-x86_64/RPMS.base/"
+    enabled: true
+    gpgcheck: false
+    state: present
+  become: true
+
+- name: Add Powertools repository
+  ansible.builtin.yum_repository:
+    name: rocky-{{ ansible_facts.distribution_major_version }}x-x86_64-powertools
+    description: Rocky Mirror powertools
+    baseurl: "http://mirrors.gridpp.rl.ac.uk/current/rocky-{{ ansible_facts.distribution_major_version }}-x86_64/RPMS.powertools/"
+    enabled: true
+    gpgcheck: true
+    state: present
+    module_hotfixes: true
+  become: true
+
+- name: Add Rocky mirror repositories crb
+  ansible.builtin.yum_repository:
+    name: rocky-{{ ansible_facts.distribution_major_version }}x-x86_64-crb
+    description: Rocky Mirror crb
+    baseurl: "http://mirrors.gridpp.rl.ac.uk/current/rocky-{{ ansible_facts.distribution_major_version }}-x86_64/RPMS.crb/"
+    enabled: true
+    gpgcheck: true
+    state: present
+    module_hotfixes: true
+  become: true
+  when: ansible_facts.distribution_major_version == '9'
+
+- name: Add Rocky mirror repositories
+  ansible.builtin.yum_repository:
+    name: rocky-{{ ansible_facts.distribution_major_version }}x-x86_64-{{ item }}
+    description: Rocky Mirror {{ item }}
+    baseurl: "http://mirrors.gridpp.rl.ac.uk/current/rocky-{{ ansible_facts.distribution_major_version }}-x86_64/RPMS.{{ item }}/"
+    enabled: true
+    gpgcheck: true
+    state: present
+    module_hotfixes: true
+  with_items:
+    - appstream
+    - extras
+    - os
+  become: true
+
+
+- name: Add Quattor repositories
+  ansible.builtin.yum_repository:
+    name: "{{ item }}"
+    description: "{{ item }} Repository"
+    baseurl: "http://mirrors.gridpp.rl.ac.uk/live/quattor-noarch/RPMS.{{ item }}/"
+    enabled: true
+    gpgcheck: false
+    state: present
+  become: true
+  loop:
+    - externals-el{{ ansible_facts.distribution_major_version }}
+    - quattor-{{ quattor_version }}-el{{ ansible_facts.distribution_major_version }}
+
+- name: Install packages
+  ansible.builtin.yum:
+    name:
+      - ncm-ncd
+      - ncm-spma
+  become: true
+
+- name: Create cloud-init config to run the script
+  ansible.builtin.copy:
+    src: 99-set-aquilon-profile.cfg
+    dest: /etc/cloud/cloud.cfg.d/
+    owner: root
+    group: root
+    mode: "0644"
+  become: true