diff --git a/.github/workflows/ipa-image-build.yml b/.github/workflows/ipa-image-build.yml index a62e91fbf..3046b3757 100644 --- a/.github/workflows/ipa-image-build.yml +++ b/.github/workflows/ipa-image-build.yml @@ -76,7 +76,7 @@ jobs: pip install -r ../src/kayobe-config/requirements.txt - name: Install terraform - uses: hashicorp/setup-terraform@v3 + uses: hashicorp/setup-terraform@v2 - name: Initialise terraform run: terraform init @@ -206,7 +206,8 @@ jobs: kayobe overcloud deployment image build --force-rebuild \ -e os_distribution="ubuntu" \ -e os_release="jammy" \ - -e ipa_ci_builder_distribution="ubuntu" + -e ipa_ci_builder_distribution="ubuntu" \ + -e ipa_ci_builder_release="jammy" env: KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} if: inputs.ubuntu-jammy @@ -264,7 +265,8 @@ jobs: kayobe overcloud deployment image build --force-rebuild \ -e os_distribution="rocky" \ -e os_release="9" \ - -e ipa_ci_builder_distribution="rocky" + -e ipa_ci_builder_distribution="rocky" \ + -e ipa_ci_builder_release="9" env: KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} if: inputs.rocky9 diff --git a/.github/workflows/multinode-inputs.py b/.github/workflows/multinode-inputs.py index c64b73544..6971bf778 100644 --- a/.github/workflows/multinode-inputs.py +++ b/.github/workflows/multinode-inputs.py @@ -26,7 +26,7 @@ class Scenario: openstack_release: OpenStackRelease os_release: OSRelease neutron_plugin: str - upgrade: bool + upgrade: str ROCKY_9 = OSRelease("rocky", "9", "cloud-user") @@ -50,7 +50,7 @@ def random_scenario() -> Scenario: openstack_release = random.choice(OPENSTACK_RELEASES) os_release = random.choice(openstack_release.os_releases) neutron_plugin = random.choice(NEUTRON_PLUGINS) - upgrade = random.random() > 0.6 + upgrade = 'major' if random.random() > 0.6 else 'none' return Scenario(openstack_release, os_release, neutron_plugin, upgrade) @@ -62,7 +62,7 @@ def generate_inputs(scenario: Scenario) -> t.Dict[str, str]: "os_release": scenario.os_release.release, "ssh_username": scenario.os_release.ssh_username, "neutron_plugin": scenario.neutron_plugin, - "upgrade": str(scenario.upgrade).lower(), + "upgrade": scenario.upgrade, "stackhpc_kayobe_config_version": branch, "stackhpc_kayobe_config_previous_version": previous_branch, } diff --git a/.github/workflows/stackhpc-multinode.yml b/.github/workflows/stackhpc-multinode.yml index 3ec055bb4..321346ec8 100644 --- a/.github/workflows/stackhpc-multinode.yml +++ b/.github/workflows/stackhpc-multinode.yml @@ -27,8 +27,12 @@ name: Multinode - ovs upgrade: description: Whether to perform an upgrade - type: boolean - default: false + default: none + type: choice + options: + - none + - minor + - major break_on: description: When to break execution for manual interaction type: choice @@ -52,7 +56,7 @@ name: Multinode jobs: multinode: name: Multinode - uses: stackhpc/stackhpc-openstack-gh-workflows/.github/workflows/multinode.yml@1.2.0 + uses: stackhpc/stackhpc-openstack-gh-workflows/.github/workflows/multinode.yml@1.4.0 with: multinode_name: ${{ inputs.multinode_name }} os_distribution: ${{ inputs.os_distribution }} @@ -66,6 +70,6 @@ jobs: ssh_key: ${{ inputs.ssh_key }} stackhpc_kayobe_config_version: ${{ github.ref_name }} # NOTE(upgrade): Reference the PREVIOUS release here. - stackhpc_kayobe_config_previous_version: stackhpc/2023.1 + stackhpc_kayobe_config_previous_version: ${{ inputs.upgrade == 'major' && 'stackhpc/2023.1' || 'stackhpc/2024.1' }} terraform_kayobe_multinode_version: ${{ inputs.terraform_kayobe_multinode_version }} secrets: inherit diff --git a/etc/kayobe/ansible/pulp-artifact-upload.yml b/etc/kayobe/ansible/pulp-artifact-upload.yml index 992da0a7f..65f93f5f2 100644 --- a/etc/kayobe/ansible/pulp-artifact-upload.yml +++ b/etc/kayobe/ansible/pulp-artifact-upload.yml @@ -142,21 +142,6 @@ retries: 3 delay: 5 - - name: Update distribution for latest version - pulp.squeezer.file_distribution: - pulp_url: "{{ remote_pulp_url }}" - username: "{{ remote_pulp_username }}" - password: "{{ remote_pulp_password }}" - name: "{{ repository_name }}_latest" - base_path: "{{ pulp_base_path }}/latest" - publication: "{{ publication_details.publication.pulp_href }}" - content_guard: development - state: present - register: latest_distribution_details - until: latest_distribution_details is success - retries: 3 - delay: 5 - - name: Create distribution for given version pulp.squeezer.file_distribution: pulp_url: "{{ remote_pulp_url }}" @@ -167,7 +152,6 @@ publication: "{{ publication_details.publication.pulp_href }}" content_guard: development state: present - when: latest_distribution_details.changed register: distribution_result until: distribution_result is success retries: 3 @@ -180,26 +164,11 @@ {{ artifact_tag }}/{{ found_files.files[0].path | basename }}" create: true - - name: Update new artifacts file with latest path - lineinfile: - path: /tmp/updated_artifacts.txt - line: "{{ remote_pulp_url }}/pulp/content/{{ pulp_base_path }}/\ - latest/{{ found_files.files[0].path | basename }}" - when: latest_distribution_details.changed - - name: Print versioned path debug: msg: "New versioned path: {{ remote_pulp_url }}/pulp/content/{{ pulp_base_path }}/\ {{ artifact_tag }}/{{ found_files.files[0].path | basename }}" - when: latest_distribution_details.changed - - - name: Print latest path - debug: - msg: "New latest path: {{ remote_pulp_url }}/pulp/content/{{ pulp_base_path }}/\ - latest/{{ found_files.files[0].path | basename }}" - when: latest_distribution_details.changed - name: Print version tag debug: msg: "New tag: {{ artifact_tag }}" - when: latest_distribution_details.changed diff --git a/etc/kayobe/ansible/requirements.yml b/etc/kayobe/ansible/requirements.yml index 72d083a61..cb7b65c37 100644 --- a/etc/kayobe/ansible/requirements.yml +++ b/etc/kayobe/ansible/requirements.yml @@ -1,7 +1,7 @@ --- collections: - name: stackhpc.cephadm - version: 1.18.0 + version: 1.19.1 # NOTE: Pinning pulp.squeezer to 0.0.13 because 0.0.14+ depends on the # pulp_glue Python library being installed. - name: pulp.squeezer diff --git a/etc/kayobe/ansible/templates/wazuh-secrets.yml.j2 b/etc/kayobe/ansible/templates/wazuh-secrets.yml.j2 index 583c1efa4..8294edec7 100644 --- a/etc/kayobe/ansible/templates/wazuh-secrets.yml.j2 +++ b/etc/kayobe/ansible/templates/wazuh-secrets.yml.j2 @@ -3,12 +3,12 @@ # Store these securely and use lookups here secrets_wazuh: # Wazuh agent authd pass - authd_pass: "{{ secrets_wazuh.authd_pass | default(lookup('password', '/dev/null'), true) }}" + authd_pass: '{{ secrets_wazuh.authd_pass | default(lookup("password", "/dev/null"), true) }}' # Strengthen default wazuh api user pass wazuh_api_users: - username: "wazuh" - password: "{{ secrets_wazuh.wazuh_api_users[0].password | default(lookup('community.general.random_string', min_lower=1, min_upper=1, min_special=1, min_numeric=1, length=30, override_special=override_special_characters)) }}" + password: '{{ secrets_wazuh.wazuh_api_users[0].password | default(lookup("community.general.random_string", min_lower=1, min_upper=1, min_special=1, min_numeric=1, length=30, override_special=override_special_characters)) }}' # OpenSearch 'admin' user pass - opendistro_admin_password: "{{ secrets_wazuh.opendistro_admin_password | default(lookup('password', '/dev/null'), true) }}" + opendistro_admin_password: '{{ secrets_wazuh.opendistro_admin_password | default(lookup("password", "/dev/null"), true) }}' # OpenSearch 'kibanaserver' user pass - opendistro_kibana_password: "{{ secrets_wazuh.opendistro_kibana_password | default(lookup('password', '/dev/null'), true) }}" + opendistro_kibana_password: '{{ secrets_wazuh.opendistro_kibana_password | default(lookup("password", "/dev/null"), true) }}' diff --git a/etc/kayobe/ansible/wazuh-manager.yml b/etc/kayobe/ansible/wazuh-manager.yml index d4013ebd6..b0d701dee 100644 --- a/etc/kayobe/ansible/wazuh-manager.yml +++ b/etc/kayobe/ansible/wazuh-manager.yml @@ -102,19 +102,22 @@ notify: - Restart wazuh - - name: Set http/s_proxy vars in ossec-init.conf for vulnerability detector + - name: Add JVM proxy settings to wazuh-indexer blockinfile: - path: "/var/ossec/etc/ossec.conf" + path: "/etc/wazuh-indexer/jvm.options" state: present owner: root - group: ossec + group: wazuh + marker: "# {mark} ANSIBLE MANAGED BLOCK JVM PROXY SETTINGS" block: | - HTTPS_PROXY={{ http_proxy_url }} - HTTP_PROXY={{ http_proxy_url }} + -Dhttp.proxyHost={{ http_proxy_url | urlsplit('hostname') }} + -Dhttp.proxyPort={{ http_proxy_url | urlsplit('port') }} + -Dhttps.proxyHost={{ http_proxy_url | urlsplit('hostname') }} + -Dhttps.proxyPort={{ http_proxy_url | urlsplit('port') }} backup: yes when: http_proxy_url is defined notify: - - Restart wazuh + - Restart wazuh-indexer - name: Perform health check against filebeat command: filebeat test output @@ -126,3 +129,8 @@ service: name: wazuh-manager state: restarted + + - name: Restart wazuh-indexer + service: + name: wazuh-indexer + state: restarted diff --git a/etc/kayobe/environments/ci-builder/stackhpc-ci.yml b/etc/kayobe/environments/ci-builder/stackhpc-ci.yml index 4c3feb0ee..e3112029f 100644 --- a/etc/kayobe/environments/ci-builder/stackhpc-ci.yml +++ b/etc/kayobe/environments/ci-builder/stackhpc-ci.yml @@ -101,6 +101,7 @@ stackhpc_release_pulp_password: "{{ stackhpc_docker_registry_password }}" ipa_build_images: true ipa_build_dib_env_extra: DISTRO_NAME: "{{ ipa_ci_builder_distribution | default('ubuntu') }}" + DIB_RELEASE: "{{ ipa_ci_builder_release | default('jammy') }}" # Ensure Ark repos are disabled during CI runs, this is due to # builder being a member of the 'overcloud' group for IPA builds. diff --git a/etc/kayobe/kolla-image-tags.yml b/etc/kayobe/kolla-image-tags.yml index a8a98e937..8265d8954 100644 --- a/etc/kayobe/kolla-image-tags.yml +++ b/etc/kayobe/kolla-image-tags.yml @@ -5,31 +5,7 @@ kolla_image_tags: openstack: rocky-9: 2024.1-rocky-9-20241218T141751 - ubuntu-jammy: 2024.1-ubuntu-jammy-20240917T091559 - blazar: - ubuntu-jammy: 2024.1-ubuntu-jammy-20241125T093138 - cinder: - ubuntu-jammy: 2024.1-ubuntu-jammy-20241204T081836 + ubuntu-jammy: 2024.1-ubuntu-jammy-20241218T141809 magnum: rocky-9: 2024.1-rocky-9-20250102T094625 ubuntu-jammy: 2024.1-ubuntu-jammy-20250102T094625 - nova: - ubuntu-jammy: 2024.1-ubuntu-jammy-20241004T094540 - neutron: - ubuntu-jammy: 2024.1-ubuntu-jammy-20241203T232519 - octavia: - ubuntu-jammy: 2024.1-ubuntu-jammy-20241004T094540 - horizon: - ubuntu-jammy: 2024.1-ubuntu-jammy-20241202T210927 - bifrost: - ubuntu-jammy: 2024.1-ubuntu-jammy-20241128T162336 - ironic: - ubuntu-jammy: 2024.1-ubuntu-jammy-20241023T143407 - ironic_dnsmasq: - ubuntu-jammy: 2024.1-ubuntu-jammy-20241023T143407 - ironic_neutron_agent: - ubuntu-jammy: 2024.1-ubuntu-jammy-20241023T143407 - letsencrypt: - ubuntu-jammy: 2024.1-ubuntu-jammy-20241206T090120 - grafana: - ubuntu-jammy: 2024.1-ubuntu-jammy-20241128T123708 diff --git a/etc/kayobe/pulp-ipa-image-versions.yml b/etc/kayobe/pulp-ipa-image-versions.yml index 778831c05..0ecbdfdc3 100644 --- a/etc/kayobe/pulp-ipa-image-versions.yml +++ b/etc/kayobe/pulp-ipa-image-versions.yml @@ -1,4 +1,4 @@ --- # IPA image versioning tags -stackhpc_rocky_9_ipa_image_version: "2024.1-20241206T160829" +stackhpc_rocky_9_ipa_image_version: "2024.1-20241231T102920" stackhpc_ubuntu_jammy_ipa_image_version: "2024.1-20241206T160829" diff --git a/etc/kayobe/pulp-repo-versions.yml b/etc/kayobe/pulp-repo-versions.yml index daae0cd7e..672980bfb 100644 --- a/etc/kayobe/pulp-repo-versions.yml +++ b/etc/kayobe/pulp-repo-versions.yml @@ -7,7 +7,7 @@ stackhpc_pulp_repo_centos_stream_9_openstack_caracal_version: 20241212T022636 stackhpc_pulp_repo_centos_stream_9_opstools_version: 20231213T031318 stackhpc_pulp_repo_centos_stream_9_storage_ceph_reef_version: 20240923T233036 stackhpc_pulp_repo_ceph_reef_debian_version: 20240925T152022 -stackhpc_pulp_repo_docker_ce_ubuntu_jammy_version: 20240910T001721 +stackhpc_pulp_repo_docker_ce_ubuntu_jammy_version: 20241218T154614 stackhpc_pulp_repo_elrepo_9_version: 20241129T235743 stackhpc_pulp_repo_epel_9_version: 20241216T235733 stackhpc_pulp_repo_grafana_version: 20241216T002739 @@ -46,6 +46,6 @@ stackhpc_pulp_repo_rocky_9_5_crb_version: 20241217T005008 stackhpc_pulp_repo_rocky_9_5_extras_version: 20241216T004230 stackhpc_pulp_repo_rocky_9_5_highavailability_version: 20241202T003154 stackhpc_pulp_repo_rocky_9_sig_security_common_version: 20241127T003858 -stackhpc_pulp_repo_ubuntu_cloud_archive_version: 20240911T041957 -stackhpc_pulp_repo_ubuntu_jammy_security_version: 20240924T064114 -stackhpc_pulp_repo_ubuntu_jammy_version: 20240924T064114 +stackhpc_pulp_repo_ubuntu_cloud_archive_version: 20241217T045049 +stackhpc_pulp_repo_ubuntu_jammy_security_version: 20241217T071258 +stackhpc_pulp_repo_ubuntu_jammy_version: 20241217T071258 diff --git a/releasenotes/notes/bump-ansible-collection-cephadm-2a6c988a34b192a6.yaml b/releasenotes/notes/bump-ansible-collection-cephadm-2a6c988a34b192a6.yaml new file mode 100644 index 000000000..dbc6dd22e --- /dev/null +++ b/releasenotes/notes/bump-ansible-collection-cephadm-2a6c988a34b192a6.yaml @@ -0,0 +1,4 @@ +--- +features: + - | + Updates the StackHPC Cephadm Ansible collection from 1.18.0 to 1.19.1. diff --git a/releasenotes/notes/ubuntu-refresh-december-998f4c2d2bd0032b.yaml b/releasenotes/notes/ubuntu-refresh-december-998f4c2d2bd0032b.yaml new file mode 100644 index 000000000..a98acb505 --- /dev/null +++ b/releasenotes/notes/ubuntu-refresh-december-998f4c2d2bd0032b.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + Refreshed all Ubuntu host package versions and contianer images for + December 2024.