diff --git a/.automation.conf/tempest/tempest-ci-multinode.overrides.conf b/.automation.conf/tempest/tempest-ci-multinode.overrides.conf index 663b384df..36b6db753 100644 --- a/.automation.conf/tempest/tempest-ci-multinode.overrides.conf +++ b/.automation.conf/tempest/tempest-ci-multinode.overrides.conf @@ -10,7 +10,7 @@ v3_endpoint_type = publicURL [compute] min_compute_nodes = 2 min_microversion = 2.1 -max_microversion = 2.95 +max_microversion = 2.96 [service-clients] http_timeout = 600 @@ -26,7 +26,7 @@ console_output = true storage_protocol = ceph build_timeout = 600 min_microversion = 3.0 -max_microversion = 3.70 +max_microversion = 3.71 [image] build_timeout = 600 diff --git a/.github/workflows/overcloud-host-image-build.yml b/.github/workflows/overcloud-host-image-build.yml index adeb7ffe7..e51b33f33 100644 --- a/.github/workflows/overcloud-host-image-build.yml +++ b/.github/workflows/overcloud-host-image-build.yml @@ -67,13 +67,6 @@ jobs: run: | echo "${{ steps.host_image_tag.outputs.host_image_tag }}" - - name: Clone StackHPC Kayobe repository - uses: actions/checkout@v4 - with: - repository: stackhpc/kayobe - ref: refs/heads/stackhpc/${{ steps.openstack_release.outputs.openstack_release }} - path: src/kayobe - - name: Install Kayobe run: | mkdir -p venvs && @@ -81,7 +74,7 @@ jobs: python3 -m venv kayobe && source kayobe/bin/activate && pip install -U pip && - pip install ../src/kayobe + pip install ../src/kayobe-config/requirements.txt - name: Install terraform uses: hashicorp/setup-terraform@v2 diff --git a/.github/workflows/overcloud-host-image-promote.yml b/.github/workflows/overcloud-host-image-promote.yml index a8a64f60f..a83bc3a3f 100644 --- a/.github/workflows/overcloud-host-image-promote.yml +++ b/.github/workflows/overcloud-host-image-promote.yml @@ -34,13 +34,6 @@ jobs: echo "openstack_release=${BRANCH}" | sed -E "s,(stable|unmaintained)/,," >> $GITHUB_OUTPUT working-directory: src/kayobe-config - - name: Clone StackHPC Kayobe repository - uses: actions/checkout@v4 - with: - repository: stackhpc/kayobe - ref: refs/heads/stackhpc/${{ steps.openstack_release.outputs.openstack_release }} - path: src/kayobe - - name: Setup networking run: | if ! ip l show breth1 >/dev/null 2>&1; then @@ -63,7 +56,7 @@ jobs: python3 -m venv kayobe && source kayobe/bin/activate && pip install -U pip && - pip install ../src/kayobe + pip install ../src/kayobe-config/requirements.txt - name: Bootstrap the control host run: | diff --git a/.github/workflows/overcloud-host-image-upload.yml b/.github/workflows/overcloud-host-image-upload.yml index b08f57381..055e53c7f 100644 --- a/.github/workflows/overcloud-host-image-upload.yml +++ b/.github/workflows/overcloud-host-image-upload.yml @@ -49,13 +49,6 @@ jobs: BRANCH=$(awk -F'=' '/defaultbranch/ {print $2}' src/kayobe-config/.gitreview) echo "openstack_release=${BRANCH}" | sed -E "s,(stable|unmaintained)/,," >> $GITHUB_OUTPUT - - name: Clone StackHPC Kayobe repository - uses: actions/checkout@v4 - with: - repository: stackhpc/kayobe - ref: refs/heads/stackhpc/${{ steps.openstack_release.outputs.openstack_release }} - path: src/kayobe - - name: Install Kayobe run: | mkdir -p venvs && @@ -63,7 +56,7 @@ jobs: python3 -m venv kayobe && source kayobe/bin/activate && pip install -U pip && - pip install ../src/kayobe + pip install ../src/kayobe-config/requirements.txt - name: Bootstrap the control host run: | diff --git a/.github/workflows/stackhpc-build-kayobe-image.yml b/.github/workflows/stackhpc-build-kayobe-image.yml index 0e8cc9711..f357692c0 100644 --- a/.github/workflows/stackhpc-build-kayobe-image.yml +++ b/.github/workflows/stackhpc-build-kayobe-image.yml @@ -42,7 +42,7 @@ jobs: build-kayobe-image: name: Build kayobe image if: inputs.if || github.repository == 'stackhpc/stackhpc-kayobe-config' && github.event_name == 'push' - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 permissions: contents: read packages: write diff --git a/.github/workflows/stackhpc-container-image-build.yml b/.github/workflows/stackhpc-container-image-build.yml index 6721ebab4..7f301962a 100644 --- a/.github/workflows/stackhpc-container-image-build.yml +++ b/.github/workflows/stackhpc-container-image-build.yml @@ -120,13 +120,6 @@ jobs: with: path: src/kayobe-config - - name: Clone StackHPC Kayobe repository - uses: actions/checkout@v4 - with: - repository: stackhpc/kayobe - ref: refs/heads/stackhpc/${{ needs.generate-tag.outputs.openstack_release }} - path: src/kayobe - - name: Make sure dockerd is running and test Docker run: | docker ps @@ -146,7 +139,7 @@ jobs: python3 -m venv kayobe && source kayobe/bin/activate && pip install -U pip && - pip install ../src/kayobe + pip install ../src/kayobe-config/requirements.txt # Required for Pulp auth proxy deployment and Docker registry login. # Normally installed during host configure. diff --git a/.github/workflows/stackhpc-pull-request.yml b/.github/workflows/stackhpc-pull-request.yml index 34d644bd9..196ecc3a3 100644 --- a/.github/workflows/stackhpc-pull-request.yml +++ b/.github/workflows/stackhpc-pull-request.yml @@ -13,7 +13,7 @@ jobs: # would skip the workflow entirely, and would prevent us from making the # aio jobs required to pass (a skip counts as a pass). check-changes: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 permissions: pull-requests: read name: Check changed files diff --git a/.yamllint b/.yamllint index 1c115e29b..e02351b2a 100644 --- a/.yamllint +++ b/.yamllint @@ -14,7 +14,6 @@ rules: ignore: | *etc/kayobe/environments/ci-multinode/secrets.yml - *etc/kayobe/environments/ci-multinode/kolla/globals-tls-config.yml .automation/ releasenotes/ .github/ diff --git a/README.rst b/README.rst index d58cd47f8..0f5cf6d74 100644 --- a/README.rst +++ b/README.rst @@ -1,6 +1,6 @@ -================================================ -StackHPC Kayobe Configuration (Work in progress) -================================================ +============================= +StackHPC Kayobe Configuration +============================= This repository provides a base Kayobe configuration for the Caracal release of StackHPC OpenStack. diff --git a/doc/source/conf.py b/doc/source/conf.py index 238011fc9..7d9e69d86 100644 --- a/doc/source/conf.py +++ b/doc/source/conf.py @@ -32,7 +32,7 @@ current_series = "2024.1" previous_series = "2023.1" branch = f"stackhpc/{current_series}" -ceph_series = "quincy" +ceph_series = "reef" # Substitutions loader rst_prolog = """ diff --git a/doc/source/configuration/cephadm.rst b/doc/source/configuration/cephadm.rst index 9c839b42e..85f8ad394 100644 --- a/doc/source/configuration/cephadm.rst +++ b/doc/source/configuration/cephadm.rst @@ -19,8 +19,6 @@ create or modify Ceph cluster deployments. Supported features are: Resources ========= -- https://docs.ceph.com/en/quincy/cephadm/index.html -- https://docs.ceph.com/en/quincy/ - https://docs.ceph.com/en/reef/cephadm/index.html - https://docs.ceph.com/en/reef/ - https://github.com/stackhpc/ansible-collection-cephadm diff --git a/doc/source/configuration/cloudkitty.rst b/doc/source/configuration/cloudkitty.rst index c2701aa07..83f31205f 100644 --- a/doc/source/configuration/cloudkitty.rst +++ b/doc/source/configuration/cloudkitty.rst @@ -35,16 +35,6 @@ following in ``kolla/globals.yml``: cloudkitty_fetcher_backend: prometheus cloudkitty_storage_backend: elasticsearch -If you have TLS enabled, you will also need to set the cafile for Prometheus -and Elasticsearch. Set the following in ``kolla/globals.yml``. - -.. code-block:: - - {% raw %} - cloudkitty_prometheus_cafile: "{{ openstack_cacert }}" - cloudkitty_elasticsearch_cafile: "{{ openstack_cacert }}" - {% endraw %} - The default collection period is one hour, which is likely too long for most systems as CloudKitty charges by the **entire** collection period if any usage is seen within this timeframe. This is regardless of actual usage, meaning that diff --git a/doc/source/configuration/index.rst b/doc/source/configuration/index.rst index f8be7891a..d2dd4ccc6 100644 --- a/doc/source/configuration/index.rst +++ b/doc/source/configuration/index.rst @@ -12,7 +12,6 @@ the various features provided. release-train host-images lvm - swap cephadm monitoring wazuh diff --git a/doc/source/configuration/swap.rst b/doc/source/configuration/swap.rst deleted file mode 100644 index 58545e906..000000000 --- a/doc/source/configuration/swap.rst +++ /dev/null @@ -1,28 +0,0 @@ -==== -Swap -==== - -Support for :kayobe-doc:`managing swap files and devices -` was added to Kayobe in the Zed -release. The custom playbook described below is retained for backwards -compatibility but may be removed in a future release. - -StackHPC Kayobe configuration provides a ``swap.yml`` custom playbook that may -be used to configure a swap device. - -The following variables may be used to configure the playbook: - -``swap_group`` - Host pattern against which to target the playbook. Default is ``overcloud``. -``swap_device`` - Name of the swap device to configure. Default is ``/dev/rootvg/lv_swap`` to - match the standard :ref:`host image configuration `. - -This playbook may be used as a host configure post hook, e.g. for overcloud -hosts: - -.. code-block:: console - - mkdir -p ${KAYOBE_CONFIG_PATH}/hooks/overcloud-host-configure/post.d - cd ${KAYOBE_CONFIG_PATH}/hooks/overcloud-host-configure/post.d - ln -s ../../../ansible/swap.yml 10-swap.yml diff --git a/doc/source/contributor/environments/aufn-ceph.rst b/doc/source/contributor/environments/aufn-ceph.rst index ca7d8adfc..26e7fa7c9 100644 --- a/doc/source/contributor/environments/aufn-ceph.rst +++ b/doc/source/contributor/environments/aufn-ceph.rst @@ -43,13 +43,6 @@ Ubuntu: sudo apt -y install gcc libffi-dev python3-dev python-is-python3 -As a workaround for SMS lab's lack of DNS, add the following lines to ``/etc/hosts`` of the baremetal node: - -.. parsed-literal:: - - 10.0.0.34 pelican pelican.service.compute.sms-lab.cloud - 10.205.3.187 pulp-server pulp-server.internal.sms-cloud - Configure the system firewall and security settings: .. parsed-literal:: @@ -124,14 +117,6 @@ Once the seed vm is provisioned, deploy a local pulp server on the seed and then kayobe seed service deploy --tags seed-deploy-containers --kolla-tags none $KAYOBE_CONFIG_PATH/environments/aufn-ceph/configure-local-networking.sh -Once the local pulp server is deployed, we need to add the address of SMS lab test pulp to the local pulp container: - -.. parsed-literal:: - - ssh stack@192.168.33.5 - docker exec pulp sh -c 'echo "10.205.3.187 pulp-server pulp-server.internal.sms-cloud" | tee -a /etc/hosts' - exit - We can now sync the contents of the local pulp server with that of SMS test pulp and then complete the seed VM setup: .. parsed-literal:: diff --git a/doc/source/contributor/environments/ci-aio.rst b/doc/source/contributor/environments/ci-aio.rst index c8715fe55..8dc7d3201 100644 --- a/doc/source/contributor/environments/ci-aio.rst +++ b/doc/source/contributor/environments/ci-aio.rst @@ -52,9 +52,9 @@ following options: * ``BASE_PATH`` (default: ``~``) - Directory to deploy from. The directory must exist before running the script. -* ``KAYOBE_BRANCH`` (default: ``stackhpc/2023.1``) - The branch of Kayobe +* ``KAYOBE_BRANCH`` (default: ``stackhpc/2024.1``) - The branch of Kayobe source code to use. -* ``KAYOBE_CONFIG_BRANCH`` (default: ``stackhpc/2023.1``) - The branch of +* ``KAYOBE_CONFIG_BRANCH`` (default: ``stackhpc/2024.1``) - The branch of ``stackhpc-kayobe-config`` to use. * ``KAYOBE_AIO_LVM`` (default: ``true``) - Whether the image uses LVM. * ``KAYOBE_CONFIG_EDIT_PAUSE`` (default: ``false``) - Option to pause @@ -102,7 +102,6 @@ Clone the Kayobe and Kayobe configuration repositories (this one): cd mkdir -p src pushd src - git clone https://github.com/stackhpc/kayobe.git -b |current_release_git_branch_name| git clone https://github.com/stackhpc/stackhpc-kayobe-config -b |current_release_git_branch_name| kayobe-config popd @@ -116,7 +115,7 @@ Create a virtual environment and install Kayobe: python3 -m venv kayobe source kayobe/bin/activate pip install -U pip - pip install ../src/kayobe + pip install ../src/kayobe-config/requirements.txt popd Add initial network configuration: diff --git a/doc/source/contributor/environments/ci-builder.rst b/doc/source/contributor/environments/ci-builder.rst index ce785c7a4..6bf86ae07 100644 --- a/doc/source/contributor/environments/ci-builder.rst +++ b/doc/source/contributor/environments/ci-builder.rst @@ -57,7 +57,6 @@ Clone the Kayobe and Kayobe configuration repositories (this one): cd mkdir -p src pushd src - git clone https://github.com/stackhpc/kayobe.git -b |current_release_git_branch_name| git clone https://github.com/stackhpc/stackhpc-kayobe-config -b |current_release_git_branch_name| kayobe-config popd @@ -71,7 +70,7 @@ Create a virtual environment and install Kayobe: python3 -m venv kayobe source kayobe/bin/activate pip install -U pip - pip install ../src/kayobe + pip install ../src/kayobe-config/requirements.txt popd Add initial network configuration: diff --git a/doc/source/contributor/environments/ci-multinode.rst b/doc/source/contributor/environments/ci-multinode.rst index b87b8ab2b..aa33edae5 100644 --- a/doc/source/contributor/environments/ci-multinode.rst +++ b/doc/source/contributor/environments/ci-multinode.rst @@ -35,19 +35,19 @@ deployment. To test it, you will need two virtual machines. Cirros does not support the Ceph kernel client, so you will need to use a different image. Any regular Linux -distribution should work. As an example, this guide will use Ubuntu 20.04. +distribution should work. As an example, this guide will use Ubuntu 22.04. Download the image locally: .. code-block:: bash - wget http://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.img + wget https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64.img Upload the image to Glance: .. code-block:: bash - openstack image create --container-format bare --disk-format qcow2 --file focal-server-cloudimg-amd64.img Ubuntu-20.04 --progress + openstack image create --container-format bare --disk-format qcow2 --file jammy-server-cloudimg-amd64.img Ubuntu-22.04 --progress Create a keypair: @@ -59,8 +59,8 @@ Create two virtual machines from the image: .. code-block:: bash - openstack server create --flavor m1.small --image Ubuntu-20.04 --key-name id_rsa --network admin-tenant ubuntu-client-1 - openstack server create --flavor m1.small --image Ubuntu-20.04 --key-name id_rsa --network admin-tenant ubuntu-client-2 + openstack server create --flavor m1.small --image Ubuntu-22.04 --key-name id_rsa --network admin-tenant ubuntu-client-1 + openstack server create --flavor m1.small --image Ubuntu-22.04 --key-name id_rsa --network admin-tenant ubuntu-client-2 Wait until the instances are active. It is worth noting that this process can take a while, especially if the overcloud is deployed to virtual machines. You diff --git a/doc/source/operations/secret-rotation.rst b/doc/source/operations/secret-rotation.rst index a2dad9b80..6e685f4db 100644 --- a/doc/source/operations/secret-rotation.rst +++ b/doc/source/operations/secret-rotation.rst @@ -34,34 +34,6 @@ this guide. Installation: sudo apt/dnf install pwgen - -As of writing, there are three upstream patches in the works to make this -process easier. - -#. A change to Kolla, to automate :ref:`this` step to change the - extended start for the ``nova-api`` container. - - The upstream patch can be found `here - `__. - - This was previously mitigated with a change to the StackHPC fork of - Kolla-Ansible, which has since been reverted due to an unforeseen issue. See - `here `__ for more - details. - -#. A change to Nova, to automate :ref:`this` step to change the - nova cell0 database connection string. - - The upstream patch can be found `here - `__. - -#. A change to Kolla-Ansible, to automate :ref:`this` step to - update service keystone user passwords. - - The upstream patch can be found `here - `__. - - Full method =========== diff --git a/doc/source/operations/tempest.rst b/doc/source/operations/tempest.rst index 101dae0dc..922f309d3 100644 --- a/doc/source/operations/tempest.rst +++ b/doc/source/operations/tempest.rst @@ -176,7 +176,7 @@ you understand all the options before applying them. min_compute_nodes = 2 # Required to test some API features min_microversion = 2.1 - max_microversion = 2.95 + max_microversion = 2.96 # Flavors for creating test servers and server resize. The ``alt`` flavor should be larger. flavor_ref = flavor_ref_alt = @@ -197,7 +197,7 @@ you understand all the options before applying them. storage_protocol = ceph # Required to test some API features min_microversion = 3.0 - max_microversion = 3.70 + max_microversion = 3.71 Tempest configuration override files are stored in ``.automation.conf/tempest/``. The default file used is diff --git a/etc/kayobe/ansible/fix-networking.yml b/etc/kayobe/ansible/fix-networking.yml index 01a833264..d3897e564 100644 --- a/etc/kayobe/ansible/fix-networking.yml +++ b/etc/kayobe/ansible/fix-networking.yml @@ -18,8 +18,6 @@ path: /etc/hosts marker: "# {mark} Kayobe entries" block: | - 10.0.0.34 pelican pelican.service.compute.sms-lab.cloud - 10.205.3.187 pulp-server pulp-server.internal.sms-cloud 192.168.37.2 internal.infra.mos.{{ root_domain }} 192.168.39.2 public.infra.mos.{{ root_domain }} become: true diff --git a/etc/kayobe/ansible/requirements.yml b/etc/kayobe/ansible/requirements.yml index 2bb4047ce..589068d72 100644 --- a/etc/kayobe/ansible/requirements.yml +++ b/etc/kayobe/ansible/requirements.yml @@ -15,15 +15,11 @@ collections: roles: - src: stackhpc.vxlan - name: ansible-lockdown.ubuntu22_cis - src: https://github.com/stackhpc/UBUNTU22-CIS - #FIXME: Waiting for https://github.com/ansible-lockdown/UBUNTU22-CIS/pull/174 - # to be in a tagged release - version: bugfix/inject-facts + src: https://github.com/ansible-lockdown/UBUNTU22-CIS + version: 1.4.1 - name: ansible-lockdown.rhel9_cis - src: https://github.com/stackhpc/RHEL9-CIS - #FIXME: Waiting for https://github.com/ansible-lockdown/RHEL9-CIS/pull/115 - # to be in a tagged release. - version: bugfix/inject-facts + src: https://github.com/ansible-lockdown/RHEL9-CIS + version: 1.3.1 - name: wazuh-ansible src: https://github.com/stackhpc/wazuh-ansible version: stackhpc diff --git a/etc/kayobe/ansible/scripts/aio-init.sh b/etc/kayobe/ansible/scripts/aio-init.sh index cc96ddc04..b50ccfd38 100644 --- a/etc/kayobe/ansible/scripts/aio-init.sh +++ b/etc/kayobe/ansible/scripts/aio-init.sh @@ -22,8 +22,8 @@ fi ARCH=$(uname -m) IMAGE_PATH=/opt/cache/files/ -IMAGE_URL=https://github.com/cirros-dev/cirros/releases/download/0.5.1/ -IMAGE=cirros-0.5.1-${ARCH}-disk.img +IMAGE_URL=https://github.com/cirros-dev/cirros/releases/download/0.6.2/ +IMAGE=cirros-0.6.2-${ARCH}-disk.img IMAGE_NAME=cirros IMAGE_TYPE=linux diff --git a/etc/kayobe/ansible/swap.yml b/etc/kayobe/ansible/swap.yml deleted file mode 100644 index dd08edac6..000000000 --- a/etc/kayobe/ansible/swap.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -# NOTE: Kayobe provides support for managing swap devices and files since the -# Zed release. This playbook is retained for backwards compatibility but will -# be removed in a future release. - -# Custom playbook to configure a swap device. This may be used as a -# post-overcloud host configure hook. -# -# Variables: -# * swap_group: Host pattern against which to target the playbook. Default is -# 'overcloud'. -# * swap_device: Name of the swap device to configure. Default is -# '/dev/rootvg/lv_swap'. To use a different value, set an extra -# var (e.g. in $KAYOBE_CONFIG_PATH/swap.yml) because play vars -# take precedence over any inventory variable. - -- name: Configure swap - hosts: "{{ swap_group | default('overcloud') }}" - tags: - - swap - vars: - swap_device: "/dev/rootvg/lv_swap" - become: true - tasks: - - name: Ensure swap filesystem is present - filesystem: - fstype: "swap" - dev: "{{ swap_device }}" - - - name: Ensure swap device present in fstab - mount: - name: "none" - src: "{{ swap_device }}" - fstype: "swap" - state: "present" - - # It does no harm to run this when swap is already active - - name: Enable swap devices - command: "/sbin/swapon -a" - when: - - ansible_facts.swaptotal_mb == 0 diff --git a/etc/kayobe/cephadm.yml b/etc/kayobe/cephadm.yml index d8f7e54f7..c0e9a995f 100644 --- a/etc/kayobe/cephadm.yml +++ b/etc/kayobe/cephadm.yml @@ -3,7 +3,7 @@ # Cephadm deployment configuration. # Ceph release name. -cephadm_ceph_release: "quincy" +cephadm_ceph_release: "reef" # Ceph FSID. #cephadm_fsid: @@ -12,7 +12,7 @@ cephadm_ceph_release: "quincy" cephadm_image: "{{ stackhpc_docker_registry if stackhpc_sync_ceph_images | bool else 'quay.io' }}/ceph/ceph:{{ cephadm_image_tag }}" # Ceph container image tag. -cephadm_image_tag: "v17.2.7" +cephadm_image_tag: "v18.2.4" # Ceph custom repo workaround for Ubuntu Jammy as there are no official ceph repos for jammy. cephadm_custom_repos: "{{ ansible_facts['distribution_release'] == 'jammy' }}" @@ -21,13 +21,13 @@ cephadm_custom_repos: "{{ ansible_facts['distribution_release'] == 'jammy' }}" cephadm_haproxy_image: "{{ stackhpc_docker_registry if stackhpc_sync_ceph_images | bool else 'quay.io' }}/ceph/haproxy:{{ cephadm_haproxy_image_tag }}" # HAProxy container image tag. -cephadm_haproxy_image_tag: "2.3" +cephadm_haproxy_image_tag: "2.6" # Keepalived container image. cephadm_keepalived_image: "{{ stackhpc_docker_registry if stackhpc_sync_ceph_images | bool else 'quay.io' }}/ceph/keepalived:{{ cephadm_keepalived_image_tag }}" # Keepalived container image tag. -cephadm_keepalived_image_tag: "2.1.5" +cephadm_keepalived_image_tag: "2.2.4" # Ceph container image registry URL. cephadm_registry_url: "{{ stackhpc_docker_registry }}" diff --git a/etc/kayobe/environments/aufn-ceph/a-universe-from-nothing.sh b/etc/kayobe/environments/aufn-ceph/a-universe-from-nothing.sh index 886f1f9f2..f8014b146 100755 --- a/etc/kayobe/environments/aufn-ceph/a-universe-from-nothing.sh +++ b/etc/kayobe/environments/aufn-ceph/a-universe-from-nothing.sh @@ -14,15 +14,6 @@ KAYOBE_BRANCH=stackhpc/2024.1 KAYOBE_CONFIG_BRANCH=stackhpc/2024.1 KAYOBE_ENVIRONMENT=aufn-ceph -PELICAN_HOST="10.0.0.34 pelican pelican.service.compute.sms-lab.cloud" -PULP_HOST="10.205.3.187 pulp-server pulp-server.internal.sms-cloud" - -# FIXME: Work around lack of DNS on SMS lab. -cat << EOF | sudo tee -a /etc/hosts -$PELICAN_HOST -$PULP_HOST -EOF - # Install git and tmux. if $(which dnf 2>/dev/null >/dev/null); then sudo dnf -y install git tmux @@ -92,11 +83,6 @@ kayobe seed service deploy --tags seed-deploy-containers --kolla-tags none # Deploying the seed restarts networking interface, run configure-local-networking.sh again to re-add routes. $KAYOBE_CONFIG_PATH/environments/$KAYOBE_ENVIRONMENT/configure-local-networking.sh -# Add sms lab test pulp to /etc/hosts of seed vm's pulp container -SEED_IP=192.168.33.5 -REMOTE_COMMAND="docker exec pulp sh -c 'echo $PULP_HOST | tee -a /etc/hosts'" -ssh stack@$SEED_IP $REMOTE_COMMAND - # Sync package & container repositories. kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/pulp-repo-sync.yml kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/pulp-repo-publish.yml diff --git a/etc/kayobe/environments/ci-aio/automated-setup.sh b/etc/kayobe/environments/ci-aio/automated-setup.sh index 686e708d2..93a310ed2 100644 --- a/etc/kayobe/environments/ci-aio/automated-setup.sh +++ b/etc/kayobe/environments/ci-aio/automated-setup.sh @@ -60,7 +60,7 @@ set +u source kayobe/bin/activate set -u pip install -U pip -pip install ../src/kayobe +pip install ../src/kayobe-config/requirements.txt popd if ! ip l show breth1 >/dev/null 2>&1; then diff --git a/etc/kayobe/inventory/group_vars/cis-hardening/cis b/etc/kayobe/inventory/group_vars/cis-hardening/cis index 1ec8c3dcc..a80571f85 100644 --- a/etc/kayobe/inventory/group_vars/cis-hardening/cis +++ b/etc/kayobe/inventory/group_vars/cis-hardening/cis @@ -56,6 +56,7 @@ rhel9cis_auditd: space_left_action: syslog action_mail_acct: root admin_space_left_action: halt + max_log_file: 10 max_log_file_action: rotate # Max size of audit logs (MB) diff --git a/etc/kayobe/stackhpc-overcloud-dib.yml b/etc/kayobe/stackhpc-overcloud-dib.yml index 8ab614860..69ba5c81e 100644 --- a/etc/kayobe/stackhpc-overcloud-dib.yml +++ b/etc/kayobe/stackhpc-overcloud-dib.yml @@ -47,9 +47,6 @@ stackhpc_overcloud_dib_env_vars: # sometimes). # DIB_DISTRIBUTION_MIRROR: "{{ stackhpc_repo_ubuntu_focal_url if os_distribution == 'ubuntu' else '' }}" DIB_DRACUT_ENABLED_MODULES_DEFAULT_CONFIG: "{{ stackhpc_overcloud_dib_dracut_enabled_modules_default_config }}" - # FIXME: Workaround for lack of internal DNS on SMS lab. - DIB_ETC_HOSTS_EXTRA: | - 10.205.3.187 pulp-server pulp-server.internal.sms-cloud DIB_RELEASE: "{{ overcloud_dib_os_release }}" DIB_SUDOERS_FILENAME: "no-fqdn" # Avoid DNS queries during sudo commands, since we might not always have working DNS. diff --git a/releasenotes/notes/ceph-reef-f447dde8c397f91b.yaml b/releasenotes/notes/ceph-reef-f447dde8c397f91b.yaml new file mode 100644 index 000000000..a5c1313b8 --- /dev/null +++ b/releasenotes/notes/ceph-reef-f447dde8c397f91b.yaml @@ -0,0 +1,9 @@ +--- +upgrade: + - | + Updates the default version of Ceph to Reef. The following container tags + are used for Ceph: + + - ``ceph``: ``v18.2.4`` + - ``haproxy``: ``2.6`` + - ``keepalived``: ``2.2.4`` diff --git a/releasenotes/notes/remove-swap-playbook-f62a41945e29816d.yaml b/releasenotes/notes/remove-swap-playbook-f62a41945e29816d.yaml new file mode 100644 index 000000000..0e7173b68 --- /dev/null +++ b/releasenotes/notes/remove-swap-playbook-f62a41945e29816d.yaml @@ -0,0 +1,7 @@ +--- +upgrade: + - | + The ``swap.yml`` custom playbook has been removed in favour of Kayobe's + support for configuring swap. See the `Kayobe documentation + `__ + for details. diff --git a/releasenotes/notes/update-cis-roles-8c73975c37188071.yaml b/releasenotes/notes/update-cis-roles-8c73975c37188071.yaml new file mode 100644 index 000000000..c1705edf0 --- /dev/null +++ b/releasenotes/notes/update-cis-roles-8c73975c37188071.yaml @@ -0,0 +1,9 @@ +--- +upgrade: + - | + Updates the Ansible Lockdown roles for Ubuntu and Rocky Linux to 1.4.1 and + 1.3.1 respectively. See `UBUNTU22-CIS + `__ + and `RHEL9-CIS + `__ for + release notes. diff --git a/releasenotes/requirements.txt b/releasenotes/requirements.txt index f3596419c..22e2f6c3a 100644 --- a/releasenotes/requirements.txt +++ b/releasenotes/requirements.txt @@ -1,4 +1,4 @@ -reno>=3.4.0 # Apache-2.0 +reno>=4.1.0 # Apache-2.0 sphinx>=2.0.0,!=2.1.0 # BSD sphinxcontrib-svg2pdfconverter>=0.1.0 # BSD sphinx-material diff --git a/releasenotes/source/conf.py b/releasenotes/source/conf.py index 30b5cf819..3db9e147d 100644 --- a/releasenotes/source/conf.py +++ b/releasenotes/source/conf.py @@ -45,7 +45,7 @@ # General information about the project. project = 'StackHPC Kayobe Configuration Release Notes' -copyright = '2023 StackHPC Ltd' +copyright = '2024 StackHPC Ltd' # Release notes do not need a version number in the title, they # cover multiple releases. diff --git a/terraform/aio/templates/userdata.cfg.tpl b/terraform/aio/templates/userdata.cfg.tpl index aebd19229..b91b0e741 100644 --- a/terraform/aio/templates/userdata.cfg.tpl +++ b/terraform/aio/templates/userdata.cfg.tpl @@ -2,10 +2,6 @@ # Don't automatically mount ephemeral disk mounts: - [/dev/vdb, null] -# WORKAROUND: internal DNS missing from SMS lab. -runcmd: - - 'echo "10.0.0.34 pelican pelican.service.compute.sms-lab.cloud" >> /etc/hosts' - - 'echo "10.205.3.187 pulp-server pulp-server.internal.sms-cloud" >> /etc/hosts' # Configure SSH keys here, to avoid creating an ephemeral keypair. # This means only the instance needs to be cleaned up if the destroy fails. ssh_authorized_keys: diff --git a/test-requirements.txt b/test-requirements.txt index d7f05bb0d..528bb2001 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -4,4 +4,4 @@ yamllint # GPLv3 doc8 # Apache-2.0 -reno>=3.4.0 # Apache-2.0 +reno>=4.1.0 # Apache-2.0