dell · expressmailin · Dec 31, 2025 · Dec 31, 2025 · Jan 2, 2026 · Jan 5, 2026
diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml
@@ -11,6 +11,8 @@ on:
       - pub/ochami
       - pub/ochami_aarch64
       - pub/k8s_telemetry
+      - pub/ib_support
+      - pub/v2.1_rc1
 
 jobs:
   build:

diff --git a/.github/workflows/pylint.yml b/.github/workflows/pylint.yml
@@ -10,6 +10,8 @@ on:
       - pub/ochami
       - pub/ochami_aarch64
       - pub/k8s_telemetry
+      - pub/ib_support
+      - pub/v2.1_rc1
 
 jobs:
   build:

diff --git a/README.md b/README.md
@@ -1,3 +1,5 @@
+
+
 <img src="docs/logos/omnia-logo-transparent.png" width="500px">
 <!-- ALL-CONTRIBUTORS-BADGE:START - Do not remove or modify this section -->
 <!-- DO NOT ADD A BADGE -->

diff --git a/build_image_aarch64/roles/prepare_arm_node/tasks/main.yml b/build_image_aarch64/roles/prepare_arm_node/tasks/main.yml
@@ -167,7 +167,7 @@
 
 - name: Build full Podman image path
   ansible.builtin.set_fact:
-    pulp_aarch_image: "{{ hostvars['localhost']['oim_pxe_ip'] }}:2225/dellhpcomniaaisolution/image-build-aarch64:latest"
+    pulp_aarch_image: "{{ hostvars['localhost']['oim_pxe_ip'] }}:2225/dellhpcomniaaisolution/image-build-aarch64:1.0"
 
 - name: Pull aarch64 image using Podman
   ansible.builtin.command:

diff --git a/build_image_aarch64/roles/prepare_arm_node/vars/main.yml b/build_image_aarch64/roles/prepare_arm_node/vars/main.yml
@@ -22,7 +22,6 @@ aarch64_regctl_url: "https://github.com/regclient/regclient/releases/latest/down
 pulp_repo_file_path: "/etc/yum.repos.d/pulp.repo"
 pulp_webserver_cert_path: "/opt/omnia/pulp/settings/certs/pulp_webserver.crt"
 anchors_path: "/etc/pki/ca-trust/source/anchors/pulp_webserver.crt"
-regctl_tar_path: "omnia/offline_repo/cluster/aarch64/rhel/10.0/tarball/regctl-linux-arm64/regctl-linux-arm64.tar.gz"
 regctl_bin_path: "/usr/local/bin/regctl"
 
 # Error messages

diff --git a/build_image_x86_64/roles/image_creation/tasks/build_image_tag.yml b/build_image_x86_64/roles/image_creation/tasks/build_image_tag.yml
@@ -13,21 +13,16 @@
 #  limitations under the License.
 ---
 
-- name: Pull specific OpenCHAMI image by version tag
+- name: Pull image-build image
   ansible.builtin.command:
-    cmd: "podman pull {{ openchami_image_sha }}"
+    cmd: "podman pull {{ image_build_el10 }}"
   register: pull_result
+  retries: "{{ pull_image_retries }}"
+  delay: "{{ pull_image_delay }}"
+  until: pull_result.rc == 0
   changed_when: "'Image is up to date' not in pull_result.stdout"
 
 - name: Fail if image not pulled successfully
   ansible.builtin.fail:
     msg: "{{ pull_result.stdout }}"
   when: pull_result.rc != 0
-
-- name: Tagging OpenCHAMI image with stable name
-  ansible.builtin.command:
-    cmd: "{{ ochami_stable_image_tag }}"
-  args:
-    creates: "{{ ochami_stable_image_path }}"
-  register: tag_result
-  changed_when: "'Tagged' in tag_result.stdout"
diff --git a/build_image_x86_64/roles/image_creation/vars/main.yml b/build_image_x86_64/roles/image_creation/vars/main.yml
@@ -12,7 +12,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 ---
-openchami_image_sha: "ghcr.io/openchami/image-build@sha256:52dd9d546951ce4f2f6f9febd08a228cfcb5b9e8e204ca4f5ee232f6be65d3a4"
+image_build_el10: "docker.io/dellhpcomniaaisolution/image-build-el10:1.0"
+pull_image_retries: "3"
+pull_image_delay: "10"
 input_project_dir: "{{ hostvars['localhost']['input_project_dir'] }}"
 omnia_metadata_file: "/opt/omnia/.data/oim_metadata.yml"
 dir_permissions_644: "0644"
@@ -33,7 +35,7 @@ ochami_compute_mounts:
 
 ochami_x86_64_image:
   - --entrypoint /bin/bash
-  - ghcr.io/openchami/image-build:stable
+  - docker.io/dellhpcomniaaisolution/image-build-el10:1.0
 ochami_base_command:
   - -c 'update-ca-trust extract && image-build --config /home/builder/config.yaml --log-level DEBUG'
 
@@ -52,7 +54,3 @@ compute_image_failure_msg: |
 # build_compute_image.yml
 openchami_compute_image_vars_template: "{{ role_path }}/templates/compute_images_templates.j2"
 openchami_compute_image_vars_path: "/opt/omnia/openchami/compute_images_template.yaml"
-
-# build_image_tag.yml
-ochami_stable_image_tag: "podman tag {{ openchami_image_sha }} ghcr.io/openchami/image-build:stable"
-ochami_stable_image_path: "/var/lib/containers/storage/overlay-images/{{ openchami_image_sha }}"
diff --git a/common/library/module_utils/input_validation/common_utils/en_us_validation_msg.py b/common/library/module_utils/input_validation/common_utils/en_us_validation_msg.py
@@ -326,6 +326,12 @@ def json_file_mandatory(file_path):
     "Please ensure the CSV file has the required headers."
 )
 NETWORK_SPEC_FILE_NOT_FOUND_MSG = "network_spec.yml file not found in input folder."
+IB_NETMASK_BITS_MISMATCH_MSG = (
+    "netmask_bits configured for ib_network must match admin_network netmask_bits in network_spec.yml."
+)
+IB_SUBNET_IN_ADMIN_RANGE_MSG = (
+    "ib_network subnet must be outside the admin network range derived from primary_oim_admin_ip/netmask_bits in network_spec.yml."
+)
 
 # telemetry
 MANDATORY_FIELD_FAIL_MSG = "must not be empty"
@@ -427,3 +433,4 @@ def get_logic_failed(input_file_path):
 def get_logic_success(input_file_path):
     """Returns a formatted message indicating logic validation success for a file."""
     return f"{'#' * 10} Logic validation successful for {input_file_path} {'#' * 10}"
+
diff --git a/common/library/module_utils/input_validation/schema/network_spec.json b/common/library/module_utils/input_validation/schema/network_spec.json
@@ -100,9 +100,35 @@
               }
             },
             "additionalProperties": false
+          },
+          {
+            "type": "object",
+            "required": ["ib_network"],
+            "properties": {
+              "ib_network": {
+                "type": "object",
+                "required": [
+                  "subnet",
+                  "netmask_bits"
+                ],
+                "properties": {
+                  "subnet": {
+                    "type": "string",
+                    "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|1?[0-9]{1,2})\\.){3}(?:25[0-5]|2[0-4][0-9]|1?[0-9]{1,2})$"
+                  },
+                  "netmask_bits": {
+                    "type": "string",
+                    "pattern": "^(1[0-9]|2[0-9]|[1-9])$|^3[0-2]$"
+                  }
+                },
+                "additionalProperties": false
+              }
+            },
+            "additionalProperties": false
           }
         ]
       }
     }
   }
 }
+
diff --git a/common/library/module_utils/input_validation/validation_flows/provision_validation.py b/common/library/module_utils/input_validation/validation_flows/provision_validation.py
@@ -21,6 +21,7 @@
 import itertools
 import csv
 import yaml
+import ipaddress
 from ansible.module_utils.input_validation.common_utils import validation_utils
 from ansible.module_utils.input_validation.common_utils import config
 from ansible.module_utils.input_validation.common_utils import en_us_validation_msg
@@ -744,6 +745,54 @@ def validate_network_spec(
         )
         return errors
 
+    # Extract admin and IB parameters for cross-validation
+    admin_netmask_bits = None
+    admin_primary_ip = None
+    ib_netmask_bits = None
+    ib_subnet = None
+    ib_present = False
+
+    for network in data["Networks"]:
+        if "admin_network" in network and isinstance(network["admin_network"], dict):
+            admin_net = network["admin_network"]
+            admin_netmask_bits = admin_net.get("netmask_bits", admin_netmask_bits)
+            admin_primary_ip = admin_net.get("primary_oim_admin_ip", admin_primary_ip)
+
+        if "ib_network" in network and isinstance(network["ib_network"], dict):
+            ib_net = network["ib_network"]
+            # Consider IB network present only when config is non-empty
+            if ib_net:
+                ib_present = True
+                ib_netmask_bits = ib_net.get("netmask_bits", ib_netmask_bits)
+                ib_subnet = ib_net.get("subnet", ib_subnet)
+
+    # If IB network is configured and both netmask bits are available, they must match
+    if ib_present and ib_netmask_bits and admin_netmask_bits and ib_netmask_bits != admin_netmask_bits:
+        errors.append(
+            create_error_msg(
+                "ib_network.netmask_bits",
+                ib_netmask_bits,
+                en_us_validation_msg.IB_NETMASK_BITS_MISMATCH_MSG,
+            )
+        )
+
+    # If IB subnet and admin primary IP are available, ensure IB subnet is not in admin range
+    if ib_present and ib_subnet and admin_primary_ip and admin_netmask_bits:
+        try:
+            admin_network = ipaddress.IPv4Network(f"{admin_primary_ip}/{admin_netmask_bits}", strict=False)
+            ib_ip = ipaddress.IPv4Address(ib_subnet)
+            if ib_ip in admin_network:
+                errors.append(
+                    create_error_msg(
+                        "ib_network.subnet",
+                        ib_subnet,
+                        en_us_validation_msg.IB_SUBNET_IN_ADMIN_RANGE_MSG,
+                    )
+                )
+        except ValueError:
+            # If IPs/netmask are invalid, rely on existing validations to report issues
+            pass
+
     for network in data["Networks"]:
         errors.extend(_validate_admin_network(network))
 
@@ -941,3 +990,4 @@ def _validate_ip_ranges(dynamic_range, network_type, netmask_bits):
             )
 
     return errors
+
diff --git a/common/vars/openchami_image_cmd.yml b/common/vars/openchami_image_cmd.yml
@@ -20,8 +20,6 @@ rhel_aarch64_base_image_name: "rhel-aarch64_base"
 base_image_commands:
   - "dracut --add 'dmsquash-live livenet network-manager' --install '/usr/lib/systemd/systemd-sysroot-fstab-check' --kver $(basename /lib/modules/*) -N -f --logfile /tmp/dracut.log 2>/dev/null"   # noqa: yaml[line-length]
   - "echo DRACUT LOG:; cat /tmp/dracut.log"
-  - "rm -f /var/lib/rpm/__db*"
-  - "rpmdb --rebuilddb"
 
 #  x86_64 compute commands
 default_x86_64_compute_commands:

diff --git a/discovery/discovery.yml b/discovery/discovery.yml
@@ -75,6 +75,18 @@
         name: discovery_validations
         tasks_from: validate_oim_timezone.yml
 
+- name: Build cluster host lists from PXE mapping
+  hosts: localhost
+  connection: local
+  roles:
+    - passwordless_ssh
+
+- name: Configure OIM SSH from cluster host lists
+  hosts: oim
+  connection: ssh
+  roles:
+    - passwordless_ssh
+
 - name: Validate discovery parameters
   hosts: oim
   connection: ssh
@@ -102,6 +114,11 @@
       ansible.builtin.include_role:
         name: configure_ochami
         tasks_from: discover_mapping_nodes.yml
+
+    - name: Read nodes.yaml and derive Omnia node facts
+      ansible.builtin.include_role:
+        name: passwordless_ssh
+        tasks_from: read_nodes_yaml.yml
   roles:
     - nfs_client
     - k8s_config

diff --git a/discovery/roles/configure_ochami/tasks/configure_bss_cloud_init.yml b/discovery/roles/configure_ochami/tasks/configure_bss_cloud_init.yml
@@ -66,6 +66,12 @@
   register: read_ssh_key
   no_log: true
 
+- name: Read the ssh private key
+  ansible.builtin.command: cat {{ ssh_private_key_path }}
+  changed_when: false
+  register: read_ssh_private_key
+  no_log: true
+
 - name: Hash the password
   ansible.builtin.command: openssl passwd -6 "{{ hostvars['localhost']['provision_password'] }}"
   changed_when: false