v1.158

What's Changed

New features

• Support multiple networks in OpenTofu configurations by @sjpb in #548
• Support attaching FIPs to login nodes by @sjpb in #572
• Support for configuring chrony by @jovial in #575
• Control default routes on boot by @sjpb in #617
• Support mapping compute & login instances to Ironic nodes by @sjpb in #573
• Add support for configuring CA certificates by @sjpb in #574

Important fixes and changes from previous release

• Support lustre on Rocky 8 by @jovial in #566
• Fix lustre IP route detection if there is no gateway by @jovial in #567
• Support sshd password authentication on Rocky 8 by @jovial in #565
• Ensure oddjobd is enabled/started by @jovial in #564
• Add lustre_repo variable by @jovial in #563
• Define login nodes using an opentofu module by @sjpb in #547
• Lower hpl memory fraction to reduce stress from defaults by @sjpb in #591
• Root-squash nfs exports by default by @sjpb in #599
• Restrict all nfs shares to nfs group IPs by @sjpb in #607
• Lustre: Harden mount options by @jovial in #618
• Manila/CephFS and NFS: harden mounts to prevent setuid and devices by @sjpb in #619

Other changes

• Read k3s_token from secrets.yml file by @sjpb in #540
• Remove slurm_openstack_tools collection by @sjpb in #537
• Rename terraform/ directories to tofu/ by @sjpb in #541
• Fix squid/dnf ordering problem by @sjpb in #546
• Optionally ignore image changes in TF by @bertiethorpe in #545
• Change docs/ references from Terraform to OpenTofu by @bertiethorpe in #544
• avoid tf updates to login/compute on control delete/recreate by @sjpb in #555
• Set k3s node IP from access network IP by @sjpb in #556
• docs: update README to use new network syntax by @priteau in #560
• Support compute node rebuild/reboot via Slurm RebootProgram by @bertiethorpe in #553
• Document compute-init image requirements by @sjpb in #569
• Support tuned in compute-init by @sjpb in #570
• Support memory limits and pam no-login in compute-init by @bertiethorpe in #568
• docs: fix OpenTofu file names in README by @priteau in #562
• Support sssd and sshd in compute-init by @bertiethorpe in #571
• Reword recommendation about image by @priteau in #580
• Fix link to Open OnDemand documentation by @priteau in #584
• Fix some typos by @priteau in #583
• Make no_proxy list more configurable by @sd109 in #579
• Fix wrong path to Ansible inventory by @priteau in #587
• Support setting PYTHON_VERSION by @priteau in #588
• Disable compute-init by default & warn of security issue by @sjpb in #585
• Fix basic_users not modifying default nfs-shared home correctly by @sjpb in #590
• Support disabling port security by @sjpb in #592
• Use bootstrap tokens provisioned by ansible for K3s instead of persistent tokens in cloud-init metadata by @wtripp180901 in #589
• Fixed bootstrap tokens not being idempotent by @wtripp180901 in #597
• Fix: Support networks not owned by openstack project by @bertiethorpe in #598
• Remove support for setting VNIC binding profiles by @priteau in #586
• Prevent nfs being mounted by tunnelling/forwarding through login node by @sjpb in #595
• Enable lustre in compute-init by @bertiethorpe in #581
• Fix OpenTofu execution as admin by @priteau in #582
• FIX: Tofu attempts to apply security groups when port_security_enabled is false by @bertiethorpe in #601
• Add file deletion to cleanup play by @sjpb in #600
• Disable nightly builds by @bertiethorpe in #603
• Fix chrony for nodes w/o network access (yet) by @sjpb in #605
• Fix typo in variables.tf by @technowhizz in #609
• Compute-init: Optimise dir copies + Numerical sort playbook + new nodes to existing cluster by @bertiethorpe in #611
• Fix builds not in stackhpc env by @sjpb in #615
• Fix documentation of sssd_install_ldap variable by @priteau in #613
• docs: fix typo by @priteau in #623
• Updated README so image consistent with codebase by @wtripp180901 in #610
• Add image share script by @sjpb in #624
• Enable creating users with local homedirs by @sjpb in #626

New Contributors

• @technowhizz made their first contribution in #609

Full Changelog: v1.157...v1.158

New images

Two new images are available:

• RockyLinux 8: openhpc-RL8-250312-1522-7e5c051d
• RockyLinux 9: openhpc-RL9-250312-1435-7e5c051d

v1.157

What's Changed

• Update ceph to use ark packages and move RL9 to ceph reef by @wtripp180901 in #519
• Add more information re. configuring production sites by @sjpb in #508
• Change defaults so a cookiecutter environment is fully functional by @wtripp180901 in #473
• Fix epel not using Ark repos for RL8 by @wtripp180901 in #526
• Fix volume_backed_instances not working for compute nodes by @sjpb in #527
• Generate and persist hostkeys for ondemand and login nodes by @wtripp180901 in #525
• Support additional volumes on compute nodes by @sjpb in #528
• Support SSSD and optionally LDAP by @sjpb in #438
• Fix nightly cleanup to deal with duplicate server names by @bertiethorpe in #532
• Fix various typos in documentation by @priteau in #530
• Fix environment creation steps by @priteau in #531
• Support and test "re-imageable" compute nodes via compute node metadata by @bertiethorpe in #518
• Document required security groups by @priteau in #534
• Bump Zenith client to latest from azimuth-cloud namespace by @m-bull in #437
• Fix yaml formatting in operations docs by @sjpb in #535
• Enable image builds to install extra packages by default by @sjpb in #536

Image Details

Two new images are available

• RL8: openhpc-RL8-250114-1627-bccc88b5
• RL9: openhpc-RL9-250114-1626-bccc88b5

New Contributors

• @priteau made their first contribution in #530

Full Changelog: v1.156...v1.157

v1.156

What's Changed

Due to the size of this release, PRs are grouped below. In brief:

• This release addresses various breakages caused by changes to upstream repos. As a result, as of this release the StackHPC images (see below) ship with all dnf repos disabled and either credentials for StackHPC's ark server or a local Pulp server mirrored from ark are required in order to build images.
• OFED and CUDA are no longer shipped in StacHPC images and require an image build to add.
• StackHPC images move to RockyLinux 9.5 and 8.10.
• Added support for NVIDIA DOCA instead of OFED.
• Added support for Lustre clients.
• OpenHPC role supports using the same nodes in multiple partitions/groups.
• Additional packages can be added via appliances_default_extra_packages.

Isolation from upstream dnf repos

• Remove CUDA and OFED builds from CI by @bertiethorpe in #479
• Use rocky 9.4 release train snapshots for builds by @wtripp180901 in #486
• Support site Pulp server for image builds by @wtripp180901 in #490
• Pin nvidia-driver and cuda packages to working packages by @sjpb in #496
• Bump RL9.4 repo timestamps to latest snapshots by @wtripp180901 in #497
• Refactor pulp/dnf roles to avoid having to redefine Ark URLs by @wtripp180901 in #507
• Release train support for Rocky 8.10 by @wtripp180901 in #501
• Bump appliance to Rocky 9.5 + release train support by @wtripp180901 in #503
• Fix python/ansible/pulp squeezer versions for RL8 deploy hosts by @sjpb in #516
• Add Release Train OpenHPC repos by @wtripp180901 in #515

New functionality

• Support lustre client by @sjpb in #447
• Install k3s cluster with ansible init by @wtripp180901 in #441
• Make block device detection work on ESXi by @mkjpryor in #481
• Add role to install NVIDIA DOCA on top of an existing "fat" image by @sjpb in #492
• Fix DOCA install cleanup deleteing /tmp by @sjpb in #494
• Add list of additional package installs by @wtripp180901 in #499
• EXPERIMENTAL: add machinery to allow compute nodes to rejoin cluster on reimage by @sjpb in #500
• Ansible-init compute node script by @bertiethorpe in #476

Docs

• Add missing bits re. initial setup to refactored README by @sjpb in #464
• Add generic upgrade docs by @sjpb in #462
• Add note about login node reboot when changing OOD servername by @sd109 in #510

Fixes

• Remove local DNS as a dependency for k3s by @sjpb in #442
• Fix adhoc/rebuild wait_for_connection race condition by @bertiethorpe in #483
• Fix Lustre deleting rdma packages and bump to v2.15.6 for RL9.5 support by @wtripp180901 in #502

Upgrades

• Upgrade RL8 ceph to quincy + trivy rate limit and OOD false positives fix by @wtripp180901 in #477
• Bump openhpc role for slurm restart, templating and nodes in multiple groups by @sjpb in #488

Internal CI changes/fixes

• Don't run trivy scan on nightly builds by @sjpb in #467
• Unset signature_verified property from nightly/latest images by @sjpb in #474
• Don't fail cluster cleanup when prefix not found by @bertiethorpe in #480
• Fix nightly images getting timestamp/git hash by @sjpb in #493
• Fix nightly build version (v2) by @sjpb in #495
• Remove use of FIPs for leafcloud packer builds by @sjpb in #498

Image Details

Two new images are available (neither of which now contain OFED) :

• RL8: openhpc-RL8-250106-0916-f8603056
• RL9: openhpc-RL9-250106-0916-f8603056

New Contributors

• @sd109 made their first contribution in #510

Full Changelog: v1.155...v1.156

v1.155

What's Changed

• Prevent ansible-init running during packer build by @wtripp180901 in #439
• Ensure podman copes with a hard reboot by @sjpb in #460
• Add workflow to cleanup CI clusters by @sjpb in #451

Image Details

Three new images are available, all with OFED:

• openhpc-RL8-241022-0441-a5affa58
• openhpc-RL9-241022-0038-a5affa58
• openhpc-cuda-RL9-241022-0441-a5affa58

New Contributors

• @wtripp180901 made their first contribution in #439

Full Changelog: v1.154...v1.155

v1.154

What's Changed

• Add description of image to build by @sjpb in #444
• Nightly Slurm CI Rocky update workflow by @bertiethorpe in #440
• stub s3-image-sync workflow for easier ci by @bertiethorpe in #450
• Upload main images to Arcus S3 and sync clouds by @bertiethorpe in #448
• Update docs to include operations by @sjpb in #422
• Fix error in packer build command for nightly builds by @bertiethorpe in #455
• Bump terraform collection to fix race with waiting for ssh by @sjpb in #457

Image details

Three new images are available, all with OFED:

• openhpc-RL8-241009-1523-354b048a
• openhpc-RL9-241009-1523-354b048a
• openhpc-cuda-RL9-241009-1523-354b048a

These require a 15GB root disk except for the image with CUDA which requires 30GB.

Full Changelog: v1.153.1...v1.154

v1.153.1

What's Changed

• Fix up the outputs, after the fip fix by @JohnGarbutt in #446

Full Changelog: v1.153...v1.153.1

No new images provided at this release.

v1.153

What's Changed

• Add RL9 cuda build variant by @sjpb in #428
• Build RL8+OFED image in CI by @MoteHue in #427
• Dev script - Extract fatimage.yml logs to analyse packer build times by @bertiethorpe in #435
• Enable SMS Labs for CI by @bertiethorpe in #426
• Caas updated to use openstack_networking_floatingip_associate_v2 by @JohnGarbutt in #445

Full Changelog: v1.152...v1.153

Image details

Three new images are available:

• RL8 with OFED: openhpc-ofed-RL8-240906-1042-32568dbb - requires a 15 GB root disk
• RL9 with OFED: openhpc-ofed-RL9-240906-1041-32568dbb - requires a 15 GB root disk
• RL9 with OFED+CUDA: openhpc-cuda-RL9-240906-1041-32568dbb - requires a 30 GB root disk

v1.152

What's Changed

• Update OSes available for deployment by @bertiethorpe in #424
• Correct the -only options in the Packer README by @MoteHue in #423
• Add trivy image scanning by @sjpb in #413
• Enable 'openstack baremetal ...' commands on deploy host by @sjpb in #425
• Automated PRs for version bumps by @bertiethorpe in #429
• Add workflow for fat image uploads to client sites by @bertiethorpe in #430

New Contributors

• @MoteHue made their first contribution in #423

Full Changelog: v1.151...v1.152

Image details

Two new images are available, both of which require a 15GB root disk:

• RL8 without OFED: openhpc-RL8-240813-1317-1b370a36
• RL9 with OFED: openhpc-ofed-RL9-240813-1317-1b370a36

v1.151

What's Changed

• Add TuneD by @bertiethorpe in #409
• Use shorter names for CI clusters by @sjpb in #415
• Allow items in compute mapping to have different keys by @sjpb in #412
• Move jupyter openondemand installation to fatimage by @bertiethorpe in #414
• Support ansible-init for remote collections by @sjpb in #411
• Avoid python-openstackclient v7 due to rebuild bug by @sjpb in #420
• Update hpctests to obey UCX_NET_DEVICES when RoCE devices present by @bertiethorpe in #421

New Contributors

• @bertiethorpe made their first contribution in #409

Full Changelog: v1.150...v1.151

Image details

Two new images are available, both of which require a 15GB root disk:

• RL8 without OFED: openhpc-RL8-240725-1710-325c7b47
• RL9 with OFED: openhpc-ofed-RL9-240725-1710-325c7b47

https://object.arcus.openstack.hpc.cam.ac.uk/swift/v1/AUTH_3a06571936a0424bb40bc5c672c4ccb1/openhpc-images/

v1.150

What's Changed

• Fix squid port default by @sjpb in #405
• Allow extending fat images with site-specific groups by @sjpb in #403
• Remove squid nodes from podman group by @sjpb in #407
• Fix README for RL9 by @sjpb in #408
• Add support for defining groups to basic_users by @sjpb in #406
• Revert to base ssh repos by @sjpb in #410

Full Changelog: v1.149...v1.150

Image details

Two new images are available, both of which require a 15GB root disk:

• RL8 without OFED: openhpc-RL8-240712-1426-6830f97b
• RL9 with OFED: openhpc-ofed-RL9-240712-1425-6830f97b