From f49d31e172c2ca1bb2630cd6dcd1da7ce0854cca Mon Sep 17 00:00:00 2001 From: Grzegorz Koper Date: Tue, 9 Jul 2024 10:27:07 +0200 Subject: [PATCH 01/10] Updating to RL9.4 --- etc/kayobe/pulp-repo-versions.yml | 27 ++++++++++++++++----------- etc/kayobe/pulp.yml | 4 ++-- 2 files changed, 18 insertions(+), 13 deletions(-) diff --git a/etc/kayobe/pulp-repo-versions.yml b/etc/kayobe/pulp-repo-versions.yml index be33dd15d..974588495 100644 --- a/etc/kayobe/pulp-repo-versions.yml +++ b/etc/kayobe/pulp-repo-versions.yml @@ -11,9 +11,9 @@ stackhpc_pulp_repo_centos_stream_8_openstack_yoga_version: 20231011T133933 stackhpc_pulp_repo_centos_stream_8_opstools_version: 20230615T071742 stackhpc_pulp_repo_centos_stream_8_powertools_version: 20231018T041416 stackhpc_pulp_repo_centos_stream_8_storage_ceph_pacific_version: 20230709T010022 -stackhpc_pulp_repo_centos_stream_9_docker_version: 20230919T015626 -stackhpc_pulp_repo_centos_stream_9_nfv_openvswitch_version: 20230929T005202 -stackhpc_pulp_repo_centos_stream_9_openstack_yoga_version: 20231005T010906 +stackhpc_pulp_repo_centos_stream_9_docker_version: 20240702T000233 +stackhpc_pulp_repo_centos_stream_9_nfv_openvswitch_version: 20240708T235303 +stackhpc_pulp_repo_centos_stream_9_openstack_yoga_version: 20240221T101621 stackhpc_pulp_repo_centos_stream_9_opstools_version: 20230615T071742 stackhpc_pulp_repo_centos_stream_9_storage_ceph_pacific_version: 20230709T010022 stackhpc_pulp_repo_docker_ce_ubuntu_focal_version: 20240122T172142 @@ -21,18 +21,18 @@ stackhpc_pulp_repo_docker_ce_ubuntu_jammy_version: 20240122T172142 stackhpc_pulp_repo_docker_version: 20230919T015626 stackhpc_pulp_repo_elasticsearch_logstash_kibana_7_x_version: 20231012T003815 stackhpc_pulp_repo_elrepo_9_version: 20230907T075311 -stackhpc_pulp_repo_epel_9_version: 20231020T014922 +stackhpc_pulp_repo_epel_9_version: 20240708T235303 stackhpc_pulp_repo_epel_modular_version: 20220913T043117 stackhpc_pulp_repo_epel_version: 20231020T014922 -stackhpc_pulp_repo_grafana_version: 20231020T014922 +stackhpc_pulp_repo_grafana_version: 20240708T235303 stackhpc_pulp_repo_mariadb_10_6_centos8_version: 20230815T010124 stackhpc_pulp_repo_mlnx_ofed_5_7_1_0_2_0_rhel8_6_version: 20220920T151419 -stackhpc_pulp_repo_opensearch_2_x_version: 20231202T013234 -stackhpc_pulp_repo_opensearch_dashboards_2_x_version: 20231202T013234 -stackhpc_pulp_repo_rabbitmq_erlang_version: 20231015T004919 -stackhpc_pulp_repo_rabbitmq_server_version: 20231018T041416 -stackhpc_pulp_repo_rhel_9_influxdb_version: 20231019T010143 -stackhpc_pulp_repo_rhel_9_mariadb_10_6_version: 20230815T010124 +stackhpc_pulp_repo_opensearch_2_x_version: 20240626T000533 +stackhpc_pulp_repo_opensearch_dashboards_2_x_version: 20240626T000533 +stackhpc_pulp_repo_rabbitmq_erlang_version: 20240506T000343 +stackhpc_pulp_repo_rabbitmq_server_version: 20240704T001154 +stackhpc_pulp_repo_rhel_9_influxdb_version: 20240702T000233 +stackhpc_pulp_repo_rhel_9_mariadb_10_6_version: 20240517T012522 stackhpc_pulp_repo_rhel_9_treasuredata_4_version: 20230903T003752 stackhpc_pulp_repo_rocky_8_6_appstream_version: 20221105T035018 stackhpc_pulp_repo_rocky_8_6_baseos_version: 20221105T035018 @@ -64,6 +64,11 @@ stackhpc_pulp_repo_rocky_9_3_baseos_version: 20231215T005810 stackhpc_pulp_repo_rocky_9_3_crb_version: 20231215T005810 stackhpc_pulp_repo_rocky_9_3_extras_version: 20231211T120328 stackhpc_pulp_repo_rocky_9_3_highavailability_version: 20231214T005538 +stackhpc_pulp_repo_rocky_9_4_appstream_version: 20240704T001154 +stackhpc_pulp_repo_rocky_9_4_baseos_version: 20240707T011413 +stackhpc_pulp_repo_rocky_9_4_crb_version: 20240702T000233 +stackhpc_pulp_repo_rocky_9_4_extras_version: 20240707T235817 +stackhpc_pulp_repo_rocky_9_4_highavailability_version: 20240629T235004 stackhpc_pulp_repo_rocky_9_sig_security_common_version: 20240708T235303 stackhpc_pulp_repo_treasuredata_4_version: 20230903T003752 stackhpc_pulp_repo_ubuntu_cloud_archive_version: 20231019T125502 diff --git a/etc/kayobe/pulp.yml b/etc/kayobe/pulp.yml index 5b2e3d9e0..2f572aded 100644 --- a/etc/kayobe/pulp.yml +++ b/etc/kayobe/pulp.yml @@ -248,8 +248,8 @@ stackhpc_pulp_sync_el_8: "{{ stackhpc_pulp_sync_rocky_8 or stackhpc_pulp_sync_ce # Whether to sync Rocky Linux 9 packages. stackhpc_pulp_sync_rocky_9: "{{ os_distribution == 'rocky' and os_release == '9' }}" -# Rocky 9 minor version number. Supported values: 1, 2, 3. Default is 3 -stackhpc_pulp_repo_rocky_9_minor_version: 3 +# Rocky 9 minor version number. Supported values: 1, 2, 3, 4. Default is 4 +stackhpc_pulp_repo_rocky_9_minor_version: 4 # Rocky 9 Snapshot versions. The defaults use the appropriate version from # pulp-repo-versions.yml for the selected minor release. stackhpc_pulp_repo_rocky_9_appstream_version: "{{ lookup('vars', 'stackhpc_pulp_repo_rocky_9_%s_appstream_version' % stackhpc_pulp_repo_rocky_9_minor_version) }}" From f02e7d1614685ca114cccaff4fd6e9af0d44fe9f Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Thu, 9 May 2024 10:20:48 +0100 Subject: [PATCH 02/10] Make kolla-toolbox and bifrost to use stackhpc/requirments (cherry picked from commit cbab7753490ca8ac1cab3095683062440c675326) --- etc/kayobe/kolla.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/etc/kayobe/kolla.yml b/etc/kayobe/kolla.yml index f9500de08..1493aa3d9 100644 --- a/etc/kayobe/kolla.yml +++ b/etc/kayobe/kolla.yml @@ -399,8 +399,12 @@ kolla_build_blocks: fi {% endif %} {% endif %} + kolla_toolbox_header: | + ENV UPPER_CONSTRAINTS_FILE=https://raw.githubusercontent.com/stackhpc/requirements/stackhpc/{{ openstack_release }}/upper-constraints.txt bifrost_base_header: | ADD additions-archive / + ENV ANSIBLE_PIP_VERSION='>=8,<9' + ENV TOX_CONSTRAINTS_FILE=/requirements/upper-constraints.txt grafana_plugins_install: | RUN grafana-cli plugins install vonage-status-panel \ && grafana-cli plugins install grafana-piechart-panel From 03823b0d5b5b37d5b3c426d73c256e567d68344c Mon Sep 17 00:00:00 2001 From: Jake Hutchinson Date: Thu, 14 Mar 2024 12:33:06 +0000 Subject: [PATCH 03/10] Support allow lists in Trivy (cherry picked from commit 571473788086be23836ce6d8b05ceed68d445bff) --- .../stackhpc-container-image-build.yml | 4 ++++ etc/kayobe/trivy/allowed-vulnerabilities.yml | 18 ++++++++++++++++++ tools/scan-images.sh | 14 ++++++++++++++ 3 files changed, 36 insertions(+) create mode 100644 etc/kayobe/trivy/allowed-vulnerabilities.yml diff --git a/.github/workflows/stackhpc-container-image-build.yml b/.github/workflows/stackhpc-container-image-build.yml index 14fd1ec9b..0014aa870 100644 --- a/.github/workflows/stackhpc-container-image-build.yml +++ b/.github/workflows/stackhpc-container-image-build.yml @@ -144,6 +144,10 @@ jobs: run: | curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sudo sh -s -- -b /usr/local/bin v0.49.0 + - name: Install yq + run: | + curl -sL https://github.com/mikefarah/yq/releases/download/v4.42.1/yq_linux_amd64.tar.gz | tar xz && sudo mv yq_linux_amd64 /usr/bin/yq + - name: Install Kayobe run: | mkdir -p venvs && diff --git a/etc/kayobe/trivy/allowed-vulnerabilities.yml b/etc/kayobe/trivy/allowed-vulnerabilities.yml new file mode 100644 index 000000000..1f0cad2f8 --- /dev/null +++ b/etc/kayobe/trivy/allowed-vulnerabilities.yml @@ -0,0 +1,18 @@ +--- +############################################################################### +# Trivy allowed vulnerabilities list + +# Example allowed vulnerabilities file setup +# +# keystone_allowed_vulnerabilities: +# - CVE-2022-2447 +# +# barbican-api_allowed_vulnerabilities: +# - CVE-2023-31047 + +global_allowed_vulnerabilities: + - CVE-2024-36039 + +############################################################################### +# Dummy variable to allow Ansible to accept this file. +workaround_ansible_issue_8743: yes diff --git a/tools/scan-images.sh b/tools/scan-images.sh index 7fe4f95ad..69522373f 100755 --- a/tools/scan-images.sh +++ b/tools/scan-images.sh @@ -36,6 +36,19 @@ touch image-scan-output/clean-images.txt image-scan-output/dirty-images.txt imag # critical-images.txt for image in $images; do filename=$(basename $image | sed 's/:/\./g') + imagename=$(echo $filename | cut -d "." -f 1) + global_vulnerabilities=$(yq .global_allowed_vulnerabilities[] src/kayobe-config/etc/kayobe/trivy/allowed-vulnerabilities.yml) + image_vulnerabilities=$(yq .$imagename'_allowed_vulnerabilities[]' src/kayobe-config/etc/kayobe/trivy/allowed-vulnerabilities.yml) + rc=$? + touch .trivyignore + for vulnerability in $global_vulnerabilities; do + echo $vulnerability >> .trivyignore + done + for vulnerability in $image_vulnerabilities; do + if [ $rc -eq 0 ]; then + echo $vulnerability >> .trivyignore + fi + done if $(trivy image \ --quiet \ --exit-code 1 \ @@ -84,4 +97,5 @@ for image in $images; do echo "${image}" >> image-scan-output/dirty-images.txt fi fi + rm .trivyignore done From 9181fa3fe2a201ce0d7973096d8ba2c4e575b3b5 Mon Sep 17 00:00:00 2001 From: Jake Hutchinson Date: Mon, 10 Jun 2024 15:44:24 +0100 Subject: [PATCH 04/10] Various Trivy whitelist fixes Substitute underscore in imagename for consistent formatting in whitelists file and remove unnecessary return code checking (cherry picked from commit f65f55bc5c9322698be195860f2e984800b8229c) --- etc/kayobe/trivy/allowed-vulnerabilities.yml | 2 +- tools/scan-images.sh | 7 ++----- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/etc/kayobe/trivy/allowed-vulnerabilities.yml b/etc/kayobe/trivy/allowed-vulnerabilities.yml index 1f0cad2f8..dc9abe1a3 100644 --- a/etc/kayobe/trivy/allowed-vulnerabilities.yml +++ b/etc/kayobe/trivy/allowed-vulnerabilities.yml @@ -7,7 +7,7 @@ # keystone_allowed_vulnerabilities: # - CVE-2022-2447 # -# barbican-api_allowed_vulnerabilities: +# barbican_api_allowed_vulnerabilities: # - CVE-2023-31047 global_allowed_vulnerabilities: diff --git a/tools/scan-images.sh b/tools/scan-images.sh index 69522373f..3ba06541e 100755 --- a/tools/scan-images.sh +++ b/tools/scan-images.sh @@ -36,18 +36,15 @@ touch image-scan-output/clean-images.txt image-scan-output/dirty-images.txt imag # critical-images.txt for image in $images; do filename=$(basename $image | sed 's/:/\./g') - imagename=$(echo $filename | cut -d "." -f 1) + imagename=$(echo $filename | cut -d "." -f 1 | sed 's/-/_/g') global_vulnerabilities=$(yq .global_allowed_vulnerabilities[] src/kayobe-config/etc/kayobe/trivy/allowed-vulnerabilities.yml) image_vulnerabilities=$(yq .$imagename'_allowed_vulnerabilities[]' src/kayobe-config/etc/kayobe/trivy/allowed-vulnerabilities.yml) - rc=$? touch .trivyignore for vulnerability in $global_vulnerabilities; do echo $vulnerability >> .trivyignore done for vulnerability in $image_vulnerabilities; do - if [ $rc -eq 0 ]; then - echo $vulnerability >> .trivyignore - fi + echo $vulnerability >> .trivyignore done if $(trivy image \ --quiet \ From 508b7c08f01d6e6053dd469bf00068f16babc078 Mon Sep 17 00:00:00 2001 From: Jake Hutchinson Date: Thu, 27 Jun 2024 13:45:37 +0100 Subject: [PATCH 05/10] Remove CVE-2024-36039 from whitelist Remove CVE-2024-36039 from the Trivy whitelist and move to the example file setup to illustrate the global_allowed_vulnerabilities variable can be used to whitelist vulnerabilities in all images. (cherry picked from commit 8ed7e8a639a219ba1d5a359bb48d9c7f607710b7) --- etc/kayobe/trivy/allowed-vulnerabilities.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/etc/kayobe/trivy/allowed-vulnerabilities.yml b/etc/kayobe/trivy/allowed-vulnerabilities.yml index dc9abe1a3..d2e490a74 100644 --- a/etc/kayobe/trivy/allowed-vulnerabilities.yml +++ b/etc/kayobe/trivy/allowed-vulnerabilities.yml @@ -4,15 +4,15 @@ # Example allowed vulnerabilities file setup # +# global_allowed_vulnerabilities: +# - CVE-2024-36039 +# # keystone_allowed_vulnerabilities: # - CVE-2022-2447 # # barbican_api_allowed_vulnerabilities: # - CVE-2023-31047 -global_allowed_vulnerabilities: - - CVE-2024-36039 - ############################################################################### # Dummy variable to allow Ansible to accept this file. workaround_ansible_issue_8743: yes From 07d350566902daa9c3fa48feb1c54b390d9e6bca Mon Sep 17 00:00:00 2001 From: Grzegorz Koper Date: Tue, 9 Jul 2024 13:59:48 +0200 Subject: [PATCH 06/10] Adding CVE-2024-27280 to list of allowed-vulnerabilities in Trivy (cherry picked from commit 77172bedaf4964c90016dfd059bdcbbf54ad72ef) --- etc/kayobe/trivy/allowed-vulnerabilities.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/etc/kayobe/trivy/allowed-vulnerabilities.yml b/etc/kayobe/trivy/allowed-vulnerabilities.yml index d2e490a74..a1df0d97f 100644 --- a/etc/kayobe/trivy/allowed-vulnerabilities.yml +++ b/etc/kayobe/trivy/allowed-vulnerabilities.yml @@ -12,6 +12,8 @@ # # barbican_api_allowed_vulnerabilities: # - CVE-2023-31047 +rocky_source_fluentd_allowed_vulnerabilities: + - CVE-2024-27280 ############################################################################### # Dummy variable to allow Ansible to accept this file. From a62b9b71484965707556ceaabb677cbfd54805bc Mon Sep 17 00:00:00 2001 From: Matt Anson Date: Wed, 24 Jul 2024 16:32:55 +0100 Subject: [PATCH 07/10] Update image tags for RL9.4 --- etc/kayobe/kolla/globals.yml | 44 ++++++++++++++++++++++++------------ 1 file changed, 30 insertions(+), 14 deletions(-) diff --git a/etc/kayobe/kolla/globals.yml b/etc/kayobe/kolla/globals.yml index eaa8b910a..d59dc450d 100644 --- a/etc/kayobe/kolla/globals.yml +++ b/etc/kayobe/kolla/globals.yml @@ -13,53 +13,69 @@ kolla_base_distro: "{% raw %}{{ 'centos' if ansible_facts.distribution == 'Rocky kayobe_image_tags: openstack: centos: yoga-20231024T093507 - rocky: yoga-20231218T141822 + rocky: yoga-20240724T134946 ubuntu: yoga-20231024T093507 cinder: centos: yoga-20240701T132344 - rocky: yoga-20240701T132344 + rocky: yoga-20240724T134946 ubuntu: yoga-20240701T132344 cloudkitty: centos: yoga-20240503T150127 - rocky: yoga-20240503T150127 + rocky: yoga-20240724T134946 ubuntu: yoga-20240503T150127 glance: centos: yoga-20240702T105751 - rocky: yoga-20240702T105751 + rocky: yoga-20240724T134946 ubuntu: yoga-20240702T105751 + grafana: + centos: yoga-20240510T114335 + rocky: yoga-20240724T134946 + ubuntu: yoga-20240510T114335 heat: centos: yoga-20240320T082414 - rocky: yoga-20240320T082414 + rocky: yoga-20240724T134946 ubuntu: yoga-20240320T082414 + horizon: + centos: yoga-20240510T114335 + rocky: yoga-20240724T134946 + ubuntu: yoga-20240510T114335 magnum: centos: yoga-20240308T154440 - rocky: yoga-20240308T154440 + rocky: yoga-20240724T134946 ubuntu: yoga-20240308T154440 neutron: centos: yoga-20231114T125927 - rocky: yoga-20240105T120257 + rocky: yoga-20240724T134946 ubuntu: yoga-20231114T125927 nova: centos: yoga-20240702T105751 - rocky: yoga-20240702T105751 + rocky: yoga-20240724T134946 ubuntu: yoga-20240702T105751 nova_libvirt: centos: yoga-20231113T171023 - rocky: yoga-20240105T120257 + rocky: yoga-20240724T134946 ubuntu: yoga-20231103T161400 - + opensearch: + centos: yoga-20231219T221916 + rocky: yoga-20240724T134946 + ubuntu: yoga-20231219T221916 + prometheus: + centos: yoga-20240510T145442 + rocky: yoga-20240724T134946 + ubuntu: yoga-20240510T145442 + cloudkitty_tag: "{% raw %}{{ kayobe_image_tags['cloudkitty'][kolla_base_distro] }}{% endraw %}" cinder_tag: "{% raw %}{{ kayobe_image_tags['cinder'][kolla_base_distro] }}{% endraw %}" glance_tag: "{% raw %}{{ kayobe_image_tags['glance'][kolla_base_distro] }}{% endraw %}" -grafana_tag: yoga-20240510T114335 +grafana_tag: "{% raw %}{{ kayobe_image_tags['grafana'][kolla_base_distro] }}{% endraw %}" heat_tag: "{% raw %}{{ kayobe_image_tags['heat'][kolla_base_distro] }}{% endraw %}" -horizon_tag: yoga-20240510T114335 +horizon_tag: "{% raw %}{{ kayobe_image_tags['horizon'][kolla_base_distro] }}{% endraw %}" magnum_tag: "{% raw %}{{ kayobe_image_tags['magnum'][kolla_base_distro] }}{% endraw %}" neutron_tag: "{% raw %}{{ kayobe_image_tags['neutron'][kolla_base_distro] }}{% endraw %}" nova_tag: "{% raw %}{{ kayobe_image_tags['nova'][kolla_base_distro] }}{% endraw %}" nova_libvirt_tag: "{% raw %}{{ kayobe_image_tags['nova_libvirt'][kolla_base_distro] }}{% endraw %}" -opensearch_tag: yoga-20231219T221916 -prometheus_tag: yoga-20240510T145442 +opensearch_tag: "{% raw %}{{ kayobe_image_tags['opensearch'][kolla_base_distro] }}{% endraw %}" +prometheus_tag: "{% raw %}{{ kayobe_image_tags['prometheus'][kolla_base_distro] }}{% endraw %}" # These overrides are currently redundant, but are kept because it's not obvious that you need them if setting haproxy_tag glance_tls_proxy_tag: "{% raw %}{{ haproxy_tag | default(openstack_tag) }}{% endraw %}" From d82ac2bd6cc473a2c03409b1c5dde97437c30c8d Mon Sep 17 00:00:00 2001 From: Mark Goddard Date: Thu, 14 Sep 2023 09:41:07 +0100 Subject: [PATCH 08/10] CI: Allow logging of Rally/Tempest By default the 'Run tempest' task has no_log set to avoid revealing sensitive data. This does not apply in CI, and makes it difficult to debug failures. (cherry picked from commit 8384dc4280b974c2c2e433aca10a02efcb88f705) --- .github/workflows/stackhpc-all-in-one.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/stackhpc-all-in-one.yml b/.github/workflows/stackhpc-all-in-one.yml index c1d119b15..82441b710 100644 --- a/.github/workflows/stackhpc-all-in-one.yml +++ b/.github/workflows/stackhpc-all-in-one.yml @@ -297,7 +297,7 @@ jobs: -v $(pwd)/tempest-artifacts:/stack/tempest-artifacts \ -e KAYOBE_ENVIRONMENT -e KAYOBE_VAULT_PASSWORD -e KAYOBE_AUTOMATION_SSH_PRIVATE_KEY \ $KAYOBE_IMAGE \ - /stack/kayobe-automation-env/src/kayobe-config/.automation/pipeline/tempest.sh -e ansible_user=stack + /stack/kayobe-automation-env/src/kayobe-config/.automation/pipeline/tempest.sh -e ansible_user=stack -e rally_no_sensitive_log=false env: KAYOBE_AUTOMATION_SSH_PRIVATE_KEY: ${{ steps.ssh_key.outputs.ssh_key }} From 65179583f32b175f1f2f79f506a2c8809149b779 Mon Sep 17 00:00:00 2001 From: Matt Anson Date: Wed, 24 Jul 2024 16:27:39 +0100 Subject: [PATCH 09/10] CI: Bump AIO root volume size to 40GB --- terraform/aio/vm.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/aio/vm.tf b/terraform/aio/vm.tf index 36dfa50a5..65ec19184 100644 --- a/terraform/aio/vm.tf +++ b/terraform/aio/vm.tf @@ -35,7 +35,7 @@ variable "aio_vm_subnet" { variable "aio_vm_volume_size" { type = number - default = 35 + default = 40 } variable "aio_vm_tags" { From 0459ff60defc7d7223afa9a59e10e90e4f4861ba Mon Sep 17 00:00:00 2001 From: Matt Anson Date: Wed, 24 Jul 2024 16:51:49 +0100 Subject: [PATCH 10/10] Add releasenote --- .../notes/rocky-linux-9.4-yoga-314ec04937915dc0.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 releasenotes/notes/rocky-linux-9.4-yoga-314ec04937915dc0.yaml diff --git a/releasenotes/notes/rocky-linux-9.4-yoga-314ec04937915dc0.yaml b/releasenotes/notes/rocky-linux-9.4-yoga-314ec04937915dc0.yaml new file mode 100644 index 000000000..0a05455ca --- /dev/null +++ b/releasenotes/notes/rocky-linux-9.4-yoga-314ec04937915dc0.yaml @@ -0,0 +1,9 @@ +--- +features: + - | + Added support for Rocky Linux 9.4 repositories and Kolla containers. + Made 9.4 the default version for Rocky Linux. + - | + Updated Rocky Linux 9.3 pulp repo versions. + Added Rocky Linux pulp repo versions. + Rebuilt Kolla containers with Rocky 9.4.