diff --git a/.github/workflows/stackhpc-pull-request.yml b/.github/workflows/stackhpc-pull-request.yml index 196ecc3a3..3b7f1bda0 100644 --- a/.github/workflows/stackhpc-pull-request.yml +++ b/.github/workflows/stackhpc-pull-request.yml @@ -59,138 +59,3 @@ jobs: run: pip install tox - name: Run Tox ${{ matrix.environment }} 🧪 run: tox -e ${{ matrix.environment }} - - # A skipped job is treated as success when used as a required status check. - # The registered required status checks refer to the name of the job in the - # called reusable workflow rather than the jobs in this file. The following - # jobs need to run unconditionally to allow GitHub required status checks to - # pass even when there are changed files. The `! failure()` condition runs - # when the parent jobs completed successfully or were skipped. We pass an - # 'if' argument to the called workflow to allow running it conditionally. - - build-kayobe-image: - name: Build Kayobe Image - needs: - - check-changes - uses: ./.github/workflows/stackhpc-build-kayobe-image.yml - with: - if: ${{ needs.check-changes.outputs.aio == 'true' }} - if: github.repository == 'stackhpc/stackhpc-kayobe-config' - - check-tags: - name: Check container image tags - needs: - - check-changes - - build-kayobe-image - uses: ./.github/workflows/stackhpc-check-tags.yml - with: - kayobe_image: ${{ needs.build-kayobe-image.outputs.kayobe_image }} - if: ${{ needs.check-changes.outputs.check-tags == 'true' }} - secrets: inherit - if: ${{ ! failure() && ! cancelled() && github.repository == 'stackhpc/stackhpc-kayobe-config' }} - - all-in-one-ubuntu-jammy-ovs: - name: aio (Ubuntu Jammy OVS) - needs: - - check-changes - - build-kayobe-image - uses: ./.github/workflows/stackhpc-all-in-one.yml - with: - kayobe_image: ${{ needs.build-kayobe-image.outputs.kayobe_image }} - os_distribution: ubuntu - os_release: jammy - ssh_username: ubuntu - neutron_plugin: ovs - OS_CLOUD: openstack - if: ${{ needs.check-changes.outputs.aio == 'true' }} - secrets: inherit - if: ${{ ! failure() && ! cancelled() && github.repository == 'stackhpc/stackhpc-kayobe-config' }} - - all-in-one-ubuntu-jammy-ovn: - name: aio (Ubuntu Jammy OVN) - needs: - - check-changes - - build-kayobe-image - uses: ./.github/workflows/stackhpc-all-in-one.yml - with: - kayobe_image: ${{ needs.build-kayobe-image.outputs.kayobe_image }} - os_distribution: ubuntu - os_release: jammy - ssh_username: ubuntu - neutron_plugin: ovn - OS_CLOUD: openstack - if: ${{ needs.check-changes.outputs.aio == 'true' }} - secrets: inherit - if: ${{ ! failure() && ! cancelled() && github.repository == 'stackhpc/stackhpc-kayobe-config' }} - - all-in-one-rocky-9-ovs: - name: aio (Rocky 9 OVS) - needs: - - check-changes - - build-kayobe-image - uses: ./.github/workflows/stackhpc-all-in-one.yml - with: - kayobe_image: ${{ needs.build-kayobe-image.outputs.kayobe_image }} - os_distribution: rocky - os_release: "9" - ssh_username: cloud-user - neutron_plugin: ovs - OS_CLOUD: openstack - if: ${{ needs.check-changes.outputs.aio == 'true' }} - secrets: inherit - if: ${{ ! failure() && ! cancelled() && github.repository == 'stackhpc/stackhpc-kayobe-config' }} - - all-in-one-rocky-9-ovn: - name: aio (Rocky 9 OVN) - needs: - - check-changes - - build-kayobe-image - uses: ./.github/workflows/stackhpc-all-in-one.yml - with: - kayobe_image: ${{ needs.build-kayobe-image.outputs.kayobe_image }} - os_distribution: rocky - os_release: "9" - ssh_username: cloud-user - neutron_plugin: ovn - OS_CLOUD: openstack - if: ${{ needs.check-changes.outputs.aio == 'true' }} - secrets: inherit - if: ${{ ! failure() && ! cancelled() && github.repository == 'stackhpc/stackhpc-kayobe-config' }} - - # Test two upgrade scenarios: Ubuntu Jammy OVS and Rocky 9 OVN. - - all-in-one-upgrade-ubuntu-jammy-ovs: - name: aio upgrade (Ubuntu Jammy OVS) - needs: - - check-changes - - build-kayobe-image - uses: ./.github/workflows/stackhpc-all-in-one.yml - with: - kayobe_image: ${{ needs.build-kayobe-image.outputs.kayobe_image }} - os_distribution: ubuntu - os_release: jammy - ssh_username: ubuntu - neutron_plugin: ovs - OS_CLOUD: openstack - if: ${{ needs.check-changes.outputs.aio == 'true' }} - upgrade: true - secrets: inherit - if: ${{ ! failure() && ! cancelled() && github.repository == 'stackhpc/stackhpc-kayobe-config' }} - - all-in-one-upgrade-rocky-9-ovn: - name: aio upgrade (Rocky 9 OVN) - needs: - - check-changes - - build-kayobe-image - uses: ./.github/workflows/stackhpc-all-in-one.yml - with: - kayobe_image: ${{ needs.build-kayobe-image.outputs.kayobe_image }} - os_distribution: rocky - os_release: "9" - ssh_username: cloud-user - neutron_plugin: ovn - OS_CLOUD: openstack - if: ${{ needs.check-changes.outputs.aio == 'true' }} - upgrade: true - secrets: inherit - if: ${{ ! failure() && ! cancelled() && github.repository == 'stackhpc/stackhpc-kayobe-config' }} diff --git a/doc/source/operations/secret-rotation.rst b/doc/source/operations/secret-rotation.rst index 6e685f4db..fe69f4184 100644 --- a/doc/source/operations/secret-rotation.rst +++ b/doc/source/operations/secret-rotation.rst @@ -48,6 +48,8 @@ Full method 2. Edit your Kolla-Ansible checkout to include changes not yet included upstream. +TODO + .. _kolla-change: 1. Add this line within the ``kolla_docker`` dict in @@ -62,16 +64,7 @@ Full method This change will break new deployments and should be reverted once this process is complete -.. _k-a-change: - - 2. Cherry-pick `this patch - `__ - - .. code:: bash - - git fetch https://review.opendev.org/openstack/kolla-ansible refs/changes/78/903178/2 && git cherry-pick FETCH_HEAD - - 3. Re-install Kolla-Ansible from source in your Kolla-Ansible Python + 2. Re-install Kolla-Ansible from source in your Kolla-Ansible Python environment diff --git a/etc/kayobe/kolla/config/fluentd/output/00-local.conf b/etc/kayobe/kolla/config/fluentd/output/00-local.conf index a00daa5c9..af2a49672 100644 --- a/etc/kayobe/kolla/config/fluentd/output/00-local.conf +++ b/etc/kayobe/kolla/config/fluentd/output/00-local.conf @@ -1,3 +1,4 @@ +{# Is it fixed yet? #} {% raw %} {% for item in syslog_facilities | selectattr('enabled') %} diff --git a/etc/kayobe/kolla/config/fluentd/output/03-opensearch.conf b/etc/kayobe/kolla/config/fluentd/output/03-opensearch.conf index 9106c4175..6822fe300 100644 --- a/etc/kayobe/kolla/config/fluentd/output/03-opensearch.conf +++ b/etc/kayobe/kolla/config/fluentd/output/03-opensearch.conf @@ -1,3 +1,4 @@ +{# Is it fixed yet? #} {% raw %} {% if enable_caso | bool and inventory_hostname in groups['caso'] %} diff --git a/etc/kayobe/kolla/kolla-build.conf b/etc/kayobe/kolla/kolla-build.conf index 9f78e1125..3fc7c826a 100644 --- a/etc/kayobe/kolla/kolla-build.conf +++ b/etc/kayobe/kolla/kolla-build.conf @@ -3,7 +3,7 @@ {# snapshots, so pin to a specific tag. #} {# This tag should be updated when Ubuntu package repo snapshot versions are changed. #} {% if kolla_base_distro == 'ubuntu' %} -base_tag = jammy-20231004 +base_tag = jammy-20240416 {# Similarly pinning to Rocky 9 minor version used in our repos #} {% elif kolla_base_distro == 'rocky' %} base_tag = 9.{{ stackhpc_pulp_repo_rocky_9_minor_version }} diff --git a/etc/kayobe/pulp-repo-versions.yml b/etc/kayobe/pulp-repo-versions.yml index 50985a30a..b2f90442c 100644 --- a/etc/kayobe/pulp-repo-versions.yml +++ b/etc/kayobe/pulp-repo-versions.yml @@ -37,6 +37,7 @@ stackhpc_pulp_repo_rocky_9_4_crb_version: 20240702T000233 stackhpc_pulp_repo_rocky_9_4_extras_version: 20240707T235817 stackhpc_pulp_repo_rocky_9_4_highavailability_version: 20240629T235004 stackhpc_pulp_repo_rocky_9_sig_security_common_version: 20240708T235303 +# BUMP? stackhpc_pulp_repo_ubuntu_cloud_archive_version: 20240418T070026 stackhpc_pulp_repo_ubuntu_jammy_security_version: 20240418T043733 stackhpc_pulp_repo_ubuntu_jammy_version: 20240418T043733 diff --git a/etc/kayobe/stackhpc-overcloud-dib.yml b/etc/kayobe/stackhpc-overcloud-dib.yml index 69ba5c81e..a0d26495a 100644 --- a/etc/kayobe/stackhpc-overcloud-dib.yml +++ b/etc/kayobe/stackhpc-overcloud-dib.yml @@ -38,6 +38,7 @@ stackhpc_overcloud_dib_elements: stackhpc_overcloud_dib_env_vars: DIB_BLOCK_DEVICE_CONFIG: "{{ stackhpc_overcloud_dib_block_device_config_uefi_lvm }}" DIB_BOOTLOADER_DEFAULT_CMDLINE: "nofb nomodeset gfxpayload=text net.ifnames=1 rd.auto" + # FIXME: Make host images work with metadata too? DIB_CLOUD_INIT_DATASOURCES: "ConfigDrive" DIB_CONTAINERFILE_RUNTIME: "docker" DIB_CONTAINERFILE_NETWORK_DRIVER: "host" diff --git a/etc/kayobe/stackhpc.yml b/etc/kayobe/stackhpc.yml index bb604e2f1..5433348be 100644 --- a/etc/kayobe/stackhpc.yml +++ b/etc/kayobe/stackhpc.yml @@ -37,6 +37,7 @@ stackhpc_repo_ubuntu_jammy_version: "{{ stackhpc_repo_distribution }}" stackhpc_repo_ubuntu_jammy_security_url: "{{ stackhpc_repo_mirror_url }}/pulp/content/ubuntu/jammy-security/{{ stackhpc_repo_ubuntu_jammy_security_version }}" stackhpc_repo_ubuntu_jammy_security_version: "{{ stackhpc_repo_distribution }}" +# Can we drop this if we bump ubuntu snapshots? # Ubuntu jammy CVE-3034-6287 stackhpc_repo_ubuntu_jammy_cve_2024_6387_url: "{{ stackhpc_repo_mirror_url }}/pulp/content/ubuntu-jammy-cve-2024-6387/{{ stackhpc_repo_ubuntu_jammy_cve_2024_6387_version }}" stackhpc_repo_ubuntu_jammy_cve_2024_6387_version: "{{ stackhpc_repo_distribution }}"