Add playbooks for SKMO by vakwetu · Pull Request #3684 · openstack-k8s-operators/ci-framework

vakwetu · 2026-02-13T21:59:54Z

Add multi-namespace SKMO scenario and playbooks
Add support for Shared Keystone Multi-region OpenStack (SKMO)
deployments with cross-region Barbican keystone listener:

Playbooks:

prepare-leaf.yaml: Pre-stage hook that creates a TransportURL CR
in the central region for the leaf's barbican-keystone-listener,
copies the generated secret to the leaf namespace, extracts
rootca-internal CA cert from central and adds it to the leaf's
custom-ca-certs bundle, and waits for central Keystone and
openstackclient readiness with retry logic
configure-leaf-listener.yaml: Post-stage hook that patches the
leaf OpenStackControlPlane with the cross-region transport_url
for the barbican-keystone-listener
trust-leaf-ca.yaml: Post-stage hook that extracts the leaf
region's rootca-public and rootca-internal CA certs and adds
them to the central region's custom-ca-certs bundle
ensure-central-ca-bundle.yaml: Ensures the central CA bundle
secret exists before the leaf control plane deployment

Scenario:

va-multi-skmo.yml reproducer scenario configuration
multi-namespace-skmo architecture scenario symlink

openshift-ci · 2026-02-13T22:00:00Z

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign bshewale for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

softwarefactory-project-zuul · 2026-02-17T18:28:22Z

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/b7e9a45c2dc540e683237f9d199a301c

✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 01m 57s
✔️ podified-multinode-edpm-deployment-crc SUCCESS in 1h 18m 44s
❌ cifmw-crc-podified-edpm-baremetal RETRY_LIMIT in 27m 33s
✔️ cifmw-crc-podified-edpm-baremetal-minor-update SUCCESS in 1h 49m 08s
✔️ noop SUCCESS in 0s
✔️ cifmw-pod-ansible-test SUCCESS in 9m 04s
✔️ cifmw-pod-pre-commit SUCCESS in 8m 26s

softwarefactory-project-zuul · 2026-02-18T21:09:28Z

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/9a0c3d521a444791a9cb4da2cf7cedca

✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 15m 25s
❌ podified-multinode-edpm-deployment-crc FAILURE in 56m 51s
❌ cifmw-crc-podified-edpm-baremetal FAILURE in 1h 01m 47s
❌ cifmw-crc-podified-edpm-baremetal-minor-update FAILURE in 58m 54s
✔️ noop SUCCESS in 0s
✔️ cifmw-pod-ansible-test SUCCESS in 8m 59s
✔️ cifmw-pod-pre-commit SUCCESS in 8m 32s

softwarefactory-project-zuul · 2026-02-24T05:02:49Z

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/17da5110aa71420dbf164b2d3651f1bf

✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 27m 13s
✔️ podified-multinode-edpm-deployment-crc SUCCESS in 1h 23m 03s
✔️ cifmw-crc-podified-edpm-baremetal SUCCESS in 1h 30m 14s
❌ cifmw-crc-podified-edpm-baremetal-minor-update FAILURE in 2h 12m 02s
✔️ cifmw-pod-zuul-files SUCCESS in 5m 00s
✔️ noop SUCCESS in 0s
✔️ cifmw-pod-ansible-test SUCCESS in 8m 13s
✔️ cifmw-pod-k8s-snippets-source SUCCESS in 4m 37s
✔️ cifmw-pod-pre-commit SUCCESS in 8m 42s
✔️ cifmw-architecture-validate-hci SUCCESS in 4m 19s
✔️ cifmw-molecule-ci_gen_kustomize_values SUCCESS in 5m 56s

softwarefactory-project-zuul · 2026-02-25T07:56:00Z

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/2382ae10dbf24bc185e36fba76f1ffc5

✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 35m 34s
✔️ podified-multinode-edpm-deployment-crc SUCCESS in 1h 21m 39s
❌ cifmw-crc-podified-edpm-baremetal RETRY_LIMIT in 14m 38s
❌ cifmw-crc-podified-edpm-baremetal-minor-update RETRY_LIMIT in 14m 22s
✔️ cifmw-pod-zuul-files SUCCESS in 6m 58s
✔️ noop SUCCESS in 0s
✔️ cifmw-pod-ansible-test SUCCESS in 10m 22s
✔️ cifmw-pod-k8s-snippets-source SUCCESS in 5m 25s
✔️ cifmw-pod-pre-commit SUCCESS in 11m 33s
✔️ cifmw-architecture-validate-hci SUCCESS in 4m 52s
✔️ cifmw-molecule-ci_gen_kustomize_values SUCCESS in 5m 11s

vakwetu · 2026-03-10T21:32:10Z

recheck

Configure the multi-namespace SKMO scenario with: - SKMO-specific control-plane kustomization for the central region with barbican-keystone-listener pool_name and RabbitMQ memory reduction (4Gi -> 2Gi) for compact clusters - Barbican keystone listener pool_name configuration for both central (regionOne) and leaf (regionTwo) regions - Automation stages updated to reference SKMO-specific paths - Post-stage hook for populating cross-region transport URL - Wait conditions adjusted for parallel deployment - Correct keystone endpoint values for leaf region - CA trust configuration between central and leaf regions - Symlink net-env for SKMO to reuse multi-namespace networking Depends-On: openstack-k8s-operators/ci-framework#3684 Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Ade Lee <alee@redhat.com>

softwarefactory-project-zuul · 2026-03-11T00:17:22Z

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/9e5fc4b91c634fd3bf5d511b0afa0c50

✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 08m 47s
✔️ podified-multinode-edpm-deployment-crc SUCCESS in 1h 22m 21s
✔️ cifmw-crc-podified-edpm-baremetal SUCCESS in 1h 32m 18s
❌ cifmw-crc-podified-edpm-baremetal-minor-update FAILURE in 1h 56m 20s
✔️ cifmw-pod-zuul-files SUCCESS in 4m 39s
✔️ noop SUCCESS in 0s
✔️ cifmw-pod-ansible-test SUCCESS in 8m 43s
✔️ cifmw-pod-k8s-snippets-source SUCCESS in 5m 04s
✔️ cifmw-pod-pre-commit SUCCESS in 8m 48s
✔️ cifmw-architecture-validate-hci SUCCESS in 4m 43s
✔️ cifmw-molecule-ci_gen_kustomize_values SUCCESS in 5m 34s

…ooks Add support for Shared Keystone Multi-region OpenStack (SKMO) deployments with cross-region Barbican keystone listener: Playbooks: - prepare-leaf.yaml: Pre-stage hook that creates a TransportURL CR in the central region for the leaf's barbican-keystone-listener, copies the generated secret to the leaf namespace, extracts rootca-internal CA cert from central and adds it to the leaf's custom-ca-certs bundle, and waits for central Keystone and openstackclient readiness with retry logic - configure-leaf-listener.yaml: Post-stage hook that patches the leaf OpenStackControlPlane with the cross-region transport_url for the barbican-keystone-listener - trust-leaf-ca.yaml: Post-stage hook that extracts the leaf region's rootca-public and rootca-internal CA certs and adds them to the central region's custom-ca-certs bundle - ensure-central-ca-bundle.yaml: Ensures the central CA bundle secret exists before the leaf control plane deployment Scenario: - va-multi-skmo.yml reproducer scenario configuration - multi-namespace-skmo architecture scenario symlink Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Ade Lee <alee@redhat.com>

Configure the multi-namespace SKMO scenario with: - SKMO-specific control-plane kustomization for the central region with barbican-keystone-listener pool_name and RabbitMQ memory reduction (4Gi -> 2Gi) for compact clusters - Barbican keystone listener pool_name configuration for both central (regionOne) and leaf (regionTwo) regions - Automation stages updated to reference SKMO-specific paths - Post-stage hook for populating cross-region transport URL - Wait conditions adjusted for parallel deployment - Correct keystone endpoint values for leaf region - CA trust configuration between central and leaf regions - Symlink net-env for SKMO to reuse multi-namespace networking Depends-On: openstack-k8s-operators/ci-framework#3684 Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Ade Lee <alee@redhat.com>

vakwetu added the do-not-merge/work-in-progress label Feb 13, 2026

vakwetu force-pushed the add_skmo branch 2 times, most recently from 5c879e4 to 4300f16 Compare February 14, 2026 00:16

github-actions bot added the Ready For Review label Feb 14, 2026

vakwetu force-pushed the add_skmo branch from 4300f16 to 59a1f5e Compare February 16, 2026 22:28

github-actions bot added Ready For Review and removed Ready For Review labels Feb 16, 2026

vakwetu force-pushed the add_skmo branch from 59a1f5e to ed495c5 Compare February 17, 2026 16:25

github-actions bot removed the Ready For Review label Feb 17, 2026

vakwetu force-pushed the add_skmo branch from ed495c5 to 91e8651 Compare February 17, 2026 19:20

github-actions bot added the Ready For Review label Feb 17, 2026

vakwetu force-pushed the add_skmo branch from 91e8651 to 66a26d1 Compare February 17, 2026 22:04

github-actions bot added Ready For Review and removed Ready For Review labels Feb 17, 2026

vakwetu force-pushed the add_skmo branch from 1652dd1 to b7eb184 Compare February 18, 2026 19:52

github-actions bot removed the Ready For Review label Feb 18, 2026

vakwetu force-pushed the add_skmo branch from b7eb184 to d470f18 Compare February 19, 2026 02:19

github-actions bot added the Ready For Review label Feb 19, 2026

vakwetu force-pushed the add_skmo branch from d470f18 to defd4ab Compare February 24, 2026 02:34

github-actions bot removed the Ready For Review label Feb 24, 2026

vakwetu force-pushed the add_skmo branch from defd4ab to 88d0f06 Compare February 25, 2026 06:19

vakwetu force-pushed the add_skmo branch from 88d0f06 to 05597b1 Compare March 3, 2026 17:23

github-actions bot added Ready For Review and removed Ready For Review labels Mar 3, 2026

vakwetu force-pushed the add_skmo branch from 3df0526 to 7fc900c Compare March 10, 2026 21:14

github-actions bot removed the Ready For Review label Mar 10, 2026

openshift-ci bot removed the do-not-merge/work-in-progress label Mar 10, 2026

vakwetu force-pushed the add_skmo branch 2 times, most recently from ddb6a04 to 7da97ce Compare March 10, 2026 22:07

vakwetu mentioned this pull request Mar 10, 2026

Multi-namespace test openstack-k8s-operators/architecture#693

Open

vakwetu requested review from abays and fultonj March 12, 2026 14:20

vakwetu force-pushed the add_skmo branch from 7da97ce to 5e5ae2f Compare March 12, 2026 14:53

github-actions bot added the Ready For Review label Mar 12, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add playbooks for SKMO#3684

Add playbooks for SKMO#3684
vakwetu wants to merge 1 commit intoopenstack-k8s-operators:mainfrom
vakwetu:add_skmo

vakwetu commented Feb 13, 2026 •

edited

Loading

Uh oh!

openshift-ci bot commented Feb 13, 2026

Uh oh!

softwarefactory-project-zuul bot commented Feb 17, 2026

Uh oh!

softwarefactory-project-zuul bot commented Feb 18, 2026

Uh oh!

softwarefactory-project-zuul bot commented Feb 24, 2026

Uh oh!

softwarefactory-project-zuul bot commented Feb 25, 2026

Uh oh!

vakwetu commented Mar 10, 2026

Uh oh!

softwarefactory-project-zuul bot commented Mar 11, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

vakwetu commented Feb 13, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

openshift-ci bot commented Feb 13, 2026

Uh oh!

softwarefactory-project-zuul bot commented Feb 17, 2026

Uh oh!

softwarefactory-project-zuul bot commented Feb 18, 2026

Uh oh!

softwarefactory-project-zuul bot commented Feb 24, 2026

Uh oh!

softwarefactory-project-zuul bot commented Feb 25, 2026

Uh oh!

vakwetu commented Mar 10, 2026

Uh oh!

softwarefactory-project-zuul bot commented Mar 11, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

vakwetu commented Feb 13, 2026 •

edited

Loading