diff --git a/.github/workflows/ipa-image-build.yml b/.github/workflows/ipa-image-build.yml index a4712c429..ac4f6be50 100644 --- a/.github/workflows/ipa-image-build.yml +++ b/.github/workflows/ipa-image-build.yml @@ -11,6 +11,10 @@ on: description: Build Ubuntu 22.04 Jammy type: boolean default: true + ubuntu-noble: + description: Build Ubuntu 24.04 Noble + type: boolean + default: true runner_env: description: Which cloud to run on? type: choice @@ -271,6 +275,65 @@ jobs: KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} if: inputs.ubuntu-jammy && steps.build_ubuntu_jammy_ipa.outcome == 'success' + - name: Build a Ubuntu 24.04 Noble IPA image + id: build_ubuntu_noble_ipa + continue-on-error: true + run: | + source venvs/kayobe/bin/activate && + source src/kayobe-config/kayobe-env --environment ci-builder && + kayobe overcloud deployment image build --force-rebuild \ + -e os_distribution="ubuntu" \ + -e os_release="noble" \ + -e ipa_ci_builder_distribution="ubuntu" \ + -e ipa_ci_builder_release="noble" + env: + KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} + if: inputs.ubuntu-noble + + - name: Show last error logs + continue-on-error: true + run: | + source venvs/kayobe/bin/activate && + source src/kayobe-config/kayobe-env --environment ci-builder && + kayobe seed host command run --command "tail -200 /opt/kayobe/images/ipa/ipa.stdout" --show-output + env: + KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} + if: steps.build_ubuntu_noble_ipa.outcome == 'failure' + + - name: Upload Ubuntu 24.04 Noble IPA kernel image to Ark + run: | + source venvs/kayobe/bin/activate && + source src/kayobe-config/kayobe-env --environment ci-builder && + kayobe playbook run \ + src/kayobe-config/etc/kayobe/ansible/pulp-artifact-upload.yml \ + -e artifact_path=/opt/kayobe/images/ipa \ + -e artifact_type=ipa-images \ + -e artifact_tag=${{ steps.ipa_image_tag.outputs.ipa_image_tag }} \ + -e os_distribution="ubuntu" \ + -e os_release="noble" \ + -e file_regex='*.kernel' \ + -e upload_checksum=true + env: + KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} + if: inputs.ubuntu-noble && steps.build_ubuntu_noble_ipa.outcome == 'success' + + - name: Upload Ubuntu 24.04 Noble IPA ramdisk image to Ark + run: | + source venvs/kayobe/bin/activate && + source src/kayobe-config/kayobe-env --environment ci-builder && + kayobe playbook run \ + src/kayobe-config/etc/kayobe/ansible/pulp-artifact-upload.yml \ + -e artifact_path=/opt/kayobe/images/ipa \ + -e artifact_type=ipa-images \ + -e artifact_tag=${{ steps.ipa_image_tag.outputs.ipa_image_tag }} \ + -e os_distribution="ubuntu" \ + -e os_release="noble" \ + -e file_regex='*.initramfs' \ + -e upload_checksum=true + env: + KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} + if: inputs.ubuntu-noble && steps.build_ubuntu_noble_ipa.outcome == 'success' + - name: Build a Rocky 9 IPA image id: build_rocky_9_ipa continue-on-error: true @@ -348,7 +411,8 @@ jobs: echo "Builds failed. See workflow artifacts for details." && exit 1 if: steps.build_rocky_9_ipa.outcome == 'failure' || - steps.build_ubuntu_jammy_ipa.outcome == 'failure' + steps.build_ubuntu_jammy_ipa.outcome == 'failure' || + steps.build_ubuntu_noble_ipa.outcome == 'failure' - name: Destroy run: terraform destroy -auto-approve diff --git a/.github/workflows/ipa-image-promote.yml b/.github/workflows/ipa-image-promote.yml index acba60194..4ee9d5800 100644 --- a/.github/workflows/ipa-image-promote.yml +++ b/.github/workflows/ipa-image-promote.yml @@ -11,6 +11,10 @@ on: description: Promote Ubuntu 22.04 Jammy type: boolean default: true + ubuntu-noble: + description: Promote Ubuntu 24.04 Noble + type: boolean + default: true image_tag: description: Tag to promote type: string @@ -25,7 +29,7 @@ jobs: steps: - name: Validate inputs run: | - if [[ ${{ inputs.rocky9 }} == 'false' && ${{ inputs.ubuntu-jammy }} == 'false' ]]; then + if [[ ${{ inputs.rocky9 }} == 'false' && ${{ inputs.ubuntu-jammy }} == 'false' && ${{ inputs.ubuntu-noble }} == 'false' ]]; then echo "At least one distribution must be selected" exit 1 fi @@ -98,3 +102,17 @@ jobs: ARTIFACT_TAG: ${{ inputs.image_tag }} KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} if: inputs.ubuntu-jammy + + - name: Promote Ubuntu Noble 24.04 IPA image artifact + run: | + source venvs/kayobe/bin/activate && + source src/kayobe-config/kayobe-env --environment ci-builder && + kayobe playbook run \ + src/kayobe-config/etc/kayobe/ansible/pulp-artifact-promote.yml \ + -e artifact_type="ipa-images" \ + -e os_distribution='ubuntu' \ + -e os_release='noble' + env: + ARTIFACT_TAG: ${{ inputs.image_tag }} + KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} + if: inputs.ubuntu-noble diff --git a/.github/workflows/multinode-inputs.py b/.github/workflows/multinode-inputs.py index 6971bf778..6f09ba4f2 100644 --- a/.github/workflows/multinode-inputs.py +++ b/.github/workflows/multinode-inputs.py @@ -31,10 +31,12 @@ class Scenario: ROCKY_9 = OSRelease("rocky", "9", "cloud-user") UBUNTU_JAMMY = OSRelease("ubuntu", "jammy", "ubuntu") +UBUNTU_NOBLE = OSRelease("ubuntu", "noble", "ubuntu") # NOTE(upgrade): Add supported releases here. OPENSTACK_RELEASES = [ OpenStackRelease("2024.1", "2023.1", [ROCKY_9, UBUNTU_JAMMY]), OpenStackRelease("2023.1", "zed", [ROCKY_9, UBUNTU_JAMMY]), + OpenStackRelease("master", "2024.1", [ROCKY_9, UBUNTU_NOBLE]) ] NEUTRON_PLUGINS = ["ovs", "ovn"] diff --git a/.github/workflows/overcloud-host-image-build.yml b/.github/workflows/overcloud-host-image-build.yml index a0c98c98f..905e6d7b0 100644 --- a/.github/workflows/overcloud-host-image-build.yml +++ b/.github/workflows/overcloud-host-image-build.yml @@ -11,6 +11,10 @@ on: description: Build Ubuntu 22.04 Jammy type: boolean default: true + ubuntu-noble: + description: Build Ubuntu 24.04 Noble + type: boolean + default: true runner_env: description: Which cloud to run on? type: choice @@ -48,7 +52,7 @@ jobs: steps: - name: Validate inputs run: | - if [[ ${{ inputs.rocky9 }} == 'false' && ${{ inputs.ubuntu-jammy }} == 'false' ]]; then + if [[ ${{ inputs.rocky9 }} == 'false' && ${{ inputs.ubuntu-jammy }} == 'false' && ${{ inputs.ubuntu-noble }} == 'false' ]]; then echo "At least one distribution must be selected" exit 1 fi @@ -360,6 +364,75 @@ jobs: OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET_OTHER_CLOUD }} if: inputs.ubuntu-jammy && steps.build_ubuntu_jammy.outcome == 'success' + - name: Build an Ubuntu Noble 24.04 overcloud host image + id: build_ubuntu_noble + continue-on-error: true + run: | + source venvs/kayobe/bin/activate && + source src/kayobe-config/kayobe-env --environment ci-builder && + kayobe overcloud host image build --force-rebuild \ + -e os_distribution="ubuntu" \ + -e os_release="noble" \ + -e stackhpc_overcloud_dib_name=overcloud-ubuntu-noble + env: + KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} + if: inputs.ubuntu-noble + + - name: Show last error logs + continue-on-error: true + run: | + source venvs/kayobe/bin/activate && + source src/kayobe-config/kayobe-env --environment ci-builder && + kayobe seed host command run --command "tail -200 /opt/kayobe/images/overcloud-ubuntu-noble/overcloud-ubuntu-noble.stdout" --show-output + env: + KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} + if: steps.build_ubuntu_noble.outcome == 'failure' + + - name: Upload Ubuntu Noble 24.04 overcloud host image to Ark + run: | + source venvs/kayobe/bin/activate && + source src/kayobe-config/kayobe-env --environment ci-builder && + kayobe playbook run \ + src/kayobe-config/etc/kayobe/ansible/pulp-artifact-upload.yml \ + -e artifact_path=/opt/kayobe/images/overcloud-ubuntu-noble \ + -e artifact_tag=${{ steps.host_image_tag.outputs.host_image_tag }} \ + -e artifact_type="kayobe-images" \ + -e file_regex="*.qcow2" \ + -e os_distribution="ubuntu" \ + -e os_release="noble" + env: + KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} + if: inputs.ubuntu-noble && steps.build_ubuntu_noble.outcome == 'success' + + - name: Upload Ubuntu Noble overcloud host image to current Dev Cloud (SMS/Leafcloud) + run: | + source venvs/kayobe/bin/activate && + source src/kayobe-config/kayobe-env --environment ci-builder && + kayobe playbook run \ + src/kayobe-config/etc/kayobe/ansible/openstack-host-image-upload.yml \ + -e local_image_path="/opt/kayobe/images/overcloud-ubuntu-noble/overcloud-ubuntu-noble.qcow2" \ + -e image_name=overcloud-ubuntu-noble-${{ steps.host_image_tag.outputs.host_image_tag }} + env: + CLOUDS_YAML: ${{ secrets.CLOUDS_YAML }} + OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }} + OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }} + if: inputs.ubuntu-noble && steps.build_ubuntu_noble.outcome == 'success' + + - name: Upload Ubuntu Noble overcloud host image to other Dev Cloud (Leafcloud/SMS) + run: | + source venvs/kayobe/bin/activate && + source src/kayobe-config/kayobe-env --environment ci-builder && + kayobe playbook run \ + src/kayobe-config/etc/kayobe/ansible/openstack-host-image-upload.yml \ + -e local_image_path="/opt/kayobe/images/overcloud-ubuntu-noble/overcloud-ubuntu-noble.qcow2" \ + -e image_name=overcloud-ubuntu-noble-${{ steps.host_image_tag.outputs.host_image_tag }} + env: + CLOUDS_YAML: ${{ secrets.CLOUDS_YAML_OTHER_CLOUD }} + OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID_OTHER_CLOUD }} + OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET_OTHER_CLOUD }} + if: inputs.ubuntu-noble && steps.build_ubuntu_noble.outcome == 'success' + + - name: Copy logs back continue-on-error: true run: | @@ -373,7 +446,8 @@ jobs: echo "Builds failed. See workflow artifacts for details." && exit 1 if: steps.build_rocky_9.outcome == 'failure' || - steps.build_ubuntu_jammy.outcome == 'failure' + steps.build_ubuntu_jammy.outcome == 'failure' || + steps.build_ubuntu_noble.outcome == 'failure' - name: Upload logs artifact uses: actions/upload-artifact@v4 diff --git a/.github/workflows/overcloud-host-image-promote.yml b/.github/workflows/overcloud-host-image-promote.yml index f6e167d45..a2f047641 100644 --- a/.github/workflows/overcloud-host-image-promote.yml +++ b/.github/workflows/overcloud-host-image-promote.yml @@ -11,6 +11,10 @@ on: description: Promote Ubuntu 22.04 Jammy type: boolean default: true + ubuntu-noble: + description: Promote Ubuntu 24.04 Noble + type: boolean + default: true image_tag: description: Tag to promote type: string @@ -25,7 +29,7 @@ jobs: steps: - name: Validate inputs run: | - if [[ ${{ inputs.rocky9 }} == 'false' && ${{ inputs.ubuntu-jammy }} == 'false' ]]; then + if [[ ${{ inputs.rocky9 }} == 'false' && ${{ inputs.ubuntu-jammy }} == 'false' && ${{ inputs.ubuntu-noble }} == 'false' ]]; then echo "At least one distribution must be selected" exit 1 fi @@ -98,3 +102,17 @@ jobs: ARTIFACT_TAG: ${{ inputs.image_tag }} KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} if: inputs.ubuntu-jammy + + - name: Promote Ubuntu Noble 24.04 overcloud host image artifact + run: | + source venvs/kayobe/bin/activate && + source src/kayobe-config/kayobe-env --environment ci-builder && + kayobe playbook run \ + src/kayobe-config/etc/kayobe/ansible/pulp-artifact-promote.yml \ + -e artifact_type="kayobe-images" \ + -e os_distribution='ubuntu' \ + -e os_release='noble' + env: + ARTIFACT_TAG: ${{ inputs.image_tag }} + KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} + if: inputs.ubuntu-noble diff --git a/.github/workflows/overcloud-host-image-upload.yml b/.github/workflows/overcloud-host-image-upload.yml index d9d9e3f7c..981435f9a 100644 --- a/.github/workflows/overcloud-host-image-upload.yml +++ b/.github/workflows/overcloud-host-image-upload.yml @@ -11,6 +11,10 @@ on: description: Upload Ubuntu 22.04 Jammy type: boolean default: true + ubuntu-noble: + description: Upload Ubuntu 24.04 Noble + type: boolean + default: true kayobe-environment: description: Kayobe environment to use type: string @@ -50,7 +54,7 @@ jobs: steps: - name: Validate inputs run: | - if [[ ${{ inputs.rocky9 }} == 'false' && ${{ inputs.ubuntu-jammy }} == 'false' ]]; then + if [[ ${{ inputs.rocky9 }} == 'false' && ${{ inputs.ubuntu-jammy }} == 'false' && ${{ inputs.ubuntu-noble }} == 'false' ]]; then echo "At least one distribution must be selected" exit 1 fi @@ -185,3 +189,48 @@ jobs: OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }} OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }} if: inputs.ubuntu-jammy && steps.ubuntu_jammy_image_exists.outcome == 'failure' + + - name: Output Ubuntu Noble image tag + id: ubuntu_noble_image_tag + run: | + echo image_tag=$(grep stackhpc_ubuntu_noble_overcloud_host_image_version: src/kayobe-config/etc/kayobe/pulp-host-image-versions.yml | awk '{print $2}') >> $GITHUB_OUTPUT + + - name: Check if image exists already + id: ubuntu_noble_image_exists + run: | + source venvs/kayobe/bin/activate && + openstack image show \ + overcloud-ubuntu-noble-${{ steps.ubuntu_noble_image_tag.outputs.image_tag }} + env: + OS_CLOUD: openstack + OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }} + OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }} + continue-on-error: true + + - name: Download Ubuntu Noble 24.04 overcloud host image from Ark + run: | + source venvs/kayobe/bin/activate && + source src/kayobe-config/kayobe-env --environment ${{ inputs.kayobe-environment }} && + kayobe playbook run \ + src/kayobe-config/etc/kayobe/ansible/pulp-host-image-download.yml \ + -e os_distribution="ubuntu" \ + -e os_release="noble" + env: + KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} + if: inputs.ubuntu-noble && steps.ubuntu_noble_image_exists.outcome == 'failure' + + - name: Upload Ubuntu Noble 24.04 overcloud host image to Cloud + run: | + source venvs/kayobe/bin/activate && + openstack image create \ + overcloud-ubuntu-noble-${{ steps.ubuntu_noble_image_tag.outputs.image_tag }} \ + --container-format bare \ + --disk-format qcow2 \ + --file /tmp/ubuntu-noble.qcow2 \ + --private \ + --progress + env: + OS_CLOUD: openstack + OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }} + OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }} + if: inputs.ubuntu-noble && steps.ubuntu_noble_image_exists.outcome == 'failure' diff --git a/.github/workflows/stackhpc-container-image-build.yml b/.github/workflows/stackhpc-container-image-build.yml index 059731283..8e7842e95 100644 --- a/.github/workflows/stackhpc-container-image-build.yml +++ b/.github/workflows/stackhpc-container-image-build.yml @@ -28,6 +28,11 @@ on: type: boolean required: false default: true + ubuntu-noble: + description: Build Ubuntu Noble 24.04 images? + type: boolean + required: false + default: true push: description: Whether to push images type: boolean @@ -61,7 +66,7 @@ jobs: steps: - name: Validate inputs run: | - if [[ ${{ inputs.rocky-linux-9 }} == 'false' && ${{ inputs.ubuntu-jammy }} == 'false' ]]; then + if [[ ${{ inputs.rocky-linux-9 }} == 'false' && ${{ inputs.ubuntu-jammy }} == 'false' && ${{ inputs.ubuntu-noble }} == 'false' ]]; then echo "At least one distribution must be selected" exit 1 fi @@ -92,17 +97,20 @@ jobs: - name: Generate build matrix id: set-matrix run: | - comma="" - echo -n "matrix={\"distro\": [" >> $GITHUB_OUTPUT + output="{'distro': [" if [[ ${{ inputs.rocky-linux-9 }} == 'true' ]]; then - echo -n "$comma\"rocky\"" >> $GITHUB_OUTPUT - comma=", " + output+="{'name': 'rocky', 'release': 9}," fi if [[ ${{ inputs.ubuntu-jammy }} == 'true' ]]; then - echo -n "$comma\"ubuntu\"" >> $GITHUB_OUTPUT - comma=", " + output+="{'name': 'ubuntu', 'release': 'jammy'}," + fi + if [[ ${{ inputs.ubuntu-noble }} == 'true' ]]; then + output+="{'name': 'ubuntu', 'release': 'noble'}," fi - echo "]}" >> $GITHUB_OUTPUT + # remove trailing comma + output="${output%,}" + output+="]}" + echo "matrix=$output" >> $GITHUB_OUTPUT - name: Display container datetime tag run: | @@ -173,7 +181,7 @@ jobs: - name: Get Kolla tag id: write-kolla-tag - run: echo "kolla-tag=${{ needs.generate-tag.outputs.openstack_release }}-${{ matrix.distro }}-${{ matrix.distro == 'rocky' && '9' || 'jammy' }}-${{ needs.generate-tag.outputs.datetime_tag }}" >> $GITHUB_OUTPUT + run: echo "kolla-tag=${{ needs.generate-tag.outputs.openstack_release }}-${{ matrix.distro.name }}-${{ matrix.distro.release }}-${{ needs.generate-tag.outputs.datetime_tag }}" >> $GITHUB_OUTPUT - name: Configure localhost as a seed run: | @@ -203,7 +211,8 @@ jobs: continue-on-error: true run: | args="${{ inputs.regexes }}" - args="$args -e kolla_base_distro=${{ matrix.distro }}" + args="$args -e kolla_base_distro=${{ matrix.distro.name }}" + args="$args -e kolla_base_distro_version=${{ matrix.distro.release }}" args="$args -e kolla_tag=${{ steps.write-kolla-tag.outputs.kolla-tag }}" args="$args -e stackhpc_repo_mirror_auth_proxy_enabled=true" source venvs/kayobe/bin/activate && @@ -221,7 +230,8 @@ jobs: id: build_seed_images continue-on-error: true run: | - args="-e kolla_base_distro=${{ matrix.distro }}" + args="-e kolla_base_distro=${{ matrix.distro.name }}" + args="$args -e kolla_base_distro_version=${{ matrix.distro.release }}" args="$args -e kolla_tag=${{ steps.write-kolla-tag.outputs.kolla-tag }}" args="$args -e stackhpc_repo_mirror_auth_proxy_enabled=true" source venvs/kayobe/bin/activate && @@ -236,13 +246,13 @@ jobs: if: inputs.seed - name: Get built container images - run: docker image ls --filter "reference=ark.stackhpc.com/stackhpc-dev/*:${{ steps.write-kolla-tag.outputs.kolla-tag }}" > ${{ matrix.distro }}-container-images + run: docker image ls --filter "reference=ark.stackhpc.com/stackhpc-dev/*:${{ steps.write-kolla-tag.outputs.kolla-tag }}" > ${{ matrix.distro.name }}-${{ matrix.distro.release }}-container-images - name: Fail if no images have been built - run: if [ $(wc -l < ${{ matrix.distro }}-container-images) -le 1 ]; then exit 1; fi + run: if [ $(wc -l < ${{ matrix.distro.name }}-${{ matrix.distro.release }}-container-images) -le 1 ]; then exit 1; fi - name: Scan built container images - run: src/kayobe-config/tools/scan-images.sh ${{ matrix.distro }} ${{ steps.write-kolla-tag.outputs.kolla-tag }} + run: src/kayobe-config/tools/scan-images.sh ${{ matrix.distro.name }}-${{ matrix.distro.release }} ${{ steps.write-kolla-tag.outputs.kolla-tag }} - name: Move image scan logs to output artifact run: mv image-scan-output image-build-logs/image-scan-output @@ -297,7 +307,7 @@ jobs: - name: Upload output artifact uses: actions/upload-artifact@v4 with: - name: ${{ matrix.distro }}-logs + name: ${{ matrix.distro.name }}-${{ matrix.distro.release }}-logs path: image-build-logs retention-days: 7 if: ${{ !cancelled() }} diff --git a/.github/workflows/stackhpc-pull-request.yml b/.github/workflows/stackhpc-pull-request.yml index 65caaa0ce..4fa07cdf6 100644 --- a/.github/workflows/stackhpc-pull-request.yml +++ b/.github/workflows/stackhpc-pull-request.yml @@ -161,6 +161,40 @@ jobs: secrets: inherit if: ${{ ! failure() && ! cancelled() && github.repository == 'stackhpc/stackhpc-kayobe-config' }} + all-in-one-ubuntu-noble-ovs: + name: aio (Ubuntu Noble OVS) + needs: + - check-changes + - build-kayobe-image + uses: ./.github/workflows/stackhpc-all-in-one.yml + with: + kayobe_image: ${{ needs.build-kayobe-image.outputs.kayobe_image }} + os_distribution: ubuntu + os_release: noble + ssh_username: ubuntu + neutron_plugin: ovs + OS_CLOUD: openstack + if: ${{ needs.check-changes.outputs.aio == 'true' }} + secrets: inherit + if: ${{ ! failure() && ! cancelled() && github.repository == 'stackhpc/stackhpc-kayobe-config' }} + + all-in-one-ubuntu-noble-ovn: + name: aio (Ubuntu Noble OVN) + needs: + - check-changes + - build-kayobe-image + uses: ./.github/workflows/stackhpc-all-in-one.yml + with: + kayobe_image: ${{ needs.build-kayobe-image.outputs.kayobe_image }} + os_distribution: ubuntu + os_release: noble + ssh_username: ubuntu + neutron_plugin: ovn + OS_CLOUD: openstack + if: ${{ needs.check-changes.outputs.aio == 'true' }} + secrets: inherit + if: ${{ ! failure() && ! cancelled() && github.repository == 'stackhpc/stackhpc-kayobe-config' }} + all-in-one-rocky-9-ovs: name: aio (Rocky 9 OVS) needs: diff --git a/etc/kayobe/ansible/stackhpc-cloud-tests.yml b/etc/kayobe/ansible/stackhpc-cloud-tests.yml index b2fed995d..cdc94c2cd 100644 --- a/etc/kayobe/ansible/stackhpc-cloud-tests.yml +++ b/etc/kayobe/ansible/stackhpc-cloud-tests.yml @@ -142,7 +142,7 @@ # Inclusive min sct_docker_version_min: "24.0.0" # Exclusive max - sct_docker_version_max: "28.0.0" + sct_docker_version_max: "28.1.0" sct_selinux_state: "{{ selinux_state }}" failed_when: host_results.rc not in [0, 1] register: host_results diff --git a/etc/kayobe/ansible/ubuntu-upgrade.yml b/etc/kayobe/ansible/ubuntu-upgrade.yml index 8741b8cf8..29005572f 100644 --- a/etc/kayobe/ansible/ubuntu-upgrade.yml +++ b/etc/kayobe/ansible/ubuntu-upgrade.yml @@ -1,22 +1,22 @@ --- # To prevent Ansible role dependency errors, this playbook requires that environment variable # ANSIBLE_ROLES_PATH is defined and includes '$KAYOBE_PATH/ansible/roles' on the Ansible control host. -- name: Migrate hosts from Ubuntu Focal 20.04 to Jammy 22.04 +- name: Migrate hosts from Ubuntu Jammy 22.04 to Noble 24.04 hosts: overcloud:infra-vms:seed:seed-hypervisor vars: ansible_python_interpreter: /usr/bin/python3 reboot_timeout_s: "{{ 20 * 60 }}" tasks: - - name: Assert that hosts are running Ubuntu Focal + - name: Assert that hosts are running Ubuntu Jammy ansible.builtin.assert: that: - ansible_facts.distribution == 'Ubuntu' - - ansible_facts.distribution_major_version == '20' - - ansible_facts.distribution_release == 'focal' + - ansible_facts.distribution_major_version == '22' + - ansible_facts.distribution_release == 'jammy' - os_distribution == 'ubuntu' fail_msg: >- - This playbook is only designed for Ubuntu Focal 20.04 hosts. Ensure - that you are limiting it to only run on Focal hosts and + This playbook is only designed for Ubuntu Jammy 22.04 hosts. Ensure + that you are limiting it to only run on Jammy hosts and os_distribution is set to ubuntu. - name: Ensure apt packages are up to date @@ -53,14 +53,14 @@ when: file_status.stat.exists # NOTE: We cannot use apt_repository here because definitions must exist within the standard repos.list - - name: Ensure Jammy repo definitions exist in sources.list + - name: Ensure Noble repo definitions exist in sources.list ansible.builtin.blockinfile: path: /etc/apt/sources.list block: | - deb {{ stackhpc_repo_ubuntu_jammy_url }} jammy main restricted universe multiverse - deb {{ stackhpc_repo_ubuntu_jammy_url }} jammy-updates main restricted universe multiverse - deb {{ stackhpc_repo_ubuntu_jammy_url }} jammy-backports main restricted universe multiverse - deb {{ stackhpc_repo_ubuntu_jammy_security_url }} jammy-security main restricted universe multiverse + deb {{ stackhpc_repo_ubuntu_noble_url }} noble main restricted universe multiverse + deb {{ stackhpc_repo_ubuntu_noble_url }} noble-updates main restricted universe multiverse + deb {{ stackhpc_repo_ubuntu_noble_url }} noble-backports main restricted universe multiverse + deb {{ stackhpc_repo_ubuntu_noble_security_url }} noble-security main restricted universe multiverse become: true - name: Do release upgrade @@ -87,13 +87,13 @@ - name: Run the Kayobe network configuration playbook, to ensure definitions are not lost on reboot import_playbook: "{{ lookup('ansible.builtin.env', 'VIRTUAL_ENV') }}/share/kayobe/ansible/network.yml" -- name: Reboot and confirm the host is upgraded to Jammy 22.04 +- name: Reboot and confirm the host is upgraded to Noble 24.04 hosts: overcloud:infra-vms:seed:seed-hypervisor vars: ansible_python_interpreter: /usr/bin/python3 reboot_timeout_s: "{{ 20 * 60 }}" tasks: - - name: Ensure Jammy repo definitions do not exist in sources.list + - name: Ensure Noble repo definitions do not exist in sources.list ansible.builtin.blockinfile: path: /etc/apt/sources.list state: absent @@ -126,8 +126,8 @@ filter: "{{ kayobe_ansible_setup_filter }}" gather_subset: "{{ kayobe_ansible_setup_gather_subset }}" - - name: Assert that hosts are now using Ubuntu 22 + - name: Assert that hosts are now using Ubuntu 24 ansible.builtin.assert: that: - - ansible_facts.distribution_major_version == '22' - - ansible_facts.distribution_release == 'jammy' + - ansible_facts.distribution_major_version == '24' + - ansible_facts.distribution_release == 'noble' diff --git a/etc/kayobe/apt.yml b/etc/kayobe/apt.yml index cb24d7484..83ceaeec1 100644 --- a/etc/kayobe/apt.yml +++ b/etc/kayobe/apt.yml @@ -50,34 +50,34 @@ apt_keys: # (optional, default is unset) # Default is an empty list. stackhpc_apt_repositories: - - url: "{{ stackhpc_repo_ubuntu_jammy_url }}" + - url: "{{ stackhpc_repo_ubuntu_noble_url if ansible_facts.distribution_release == 'noble' else stackhpc_repo_ubuntu_jammy_url }}" suites: "{{ ansible_facts.distribution_release }} {{ ansible_facts.distribution_release }}-updates {{ ansible_facts.distribution_release }}-backports" components: main restricted universe multiverse architecture: amd64 required: true - - url: "{{ stackhpc_repo_ubuntu_jammy_security_url }}" + - url: "{{ stackhpc_repo_ubuntu_noble_security_url if ansible_facts.distribution_release == 'noble' else stackhpc_repo_ubuntu_jammy_security_url }}" suites: "{{ ansible_facts.distribution_release }}-security" components: main restricted universe multiverse architecture: amd64 required: true + - url: "{{ stackhpc_repo_docker_ce_ubuntu_noble_url if ansible_facts.distribution_release == 'noble' else stackhpc_repo_docker_ce_ubuntu_jammy_url }}" + suites: "{{ ansible_facts.distribution_release }}" + components: stable + signed_by: docker.asc + architecture: amd64 + required: true - url: "{{ stackhpc_repo_ubuntu_jammy_cve_2024_6387_url }}" suites: "pulp" components: upload architecture: amd64 trusted: yes - required: true - - url: "{{ stackhpc_repo_docker_ce_ubuntu_jammy_url }}" - suites: "{{ ansible_facts.distribution_release }}" - components: stable - signed_by: docker.asc - architecture: amd64 - required: true + required: "{{ ansible_facts.distribution_release == 'jammy' }}" - url: "{{ stackhpc_repo_ceph_reef_debian_url }}" suites: "{{ ansible_facts.distribution_release }}" components: main signed_by: ceph.asc architecture: amd64 - required: true + required: "{{ ansible_facts.distribution_release == 'jammy' }}" # Do not replace apt configuration for non-overcloud hosts. This can result in # errors if apt reconfiguration is performed before local repository mirrors diff --git a/etc/kayobe/cephadm.yml b/etc/kayobe/cephadm.yml index c0e9a995f..f83c2eacd 100644 --- a/etc/kayobe/cephadm.yml +++ b/etc/kayobe/cephadm.yml @@ -3,7 +3,7 @@ # Cephadm deployment configuration. # Ceph release name. -cephadm_ceph_release: "reef" +cephadm_ceph_release: "{{ 'squid' if (ansible_facts['distribution_release'] == 'noble') else 'reef' }}" # Ceph FSID. #cephadm_fsid: @@ -12,10 +12,10 @@ cephadm_ceph_release: "reef" cephadm_image: "{{ stackhpc_docker_registry if stackhpc_sync_ceph_images | bool else 'quay.io' }}/ceph/ceph:{{ cephadm_image_tag }}" # Ceph container image tag. -cephadm_image_tag: "v18.2.4" +cephadm_image_tag: "{{ 'v19.2.1' if cephadm_ceph_release == 'squid' else 'v18.2.4' }}" -# Ceph custom repo workaround for Ubuntu Jammy as there are no official ceph repos for jammy. -cephadm_custom_repos: "{{ ansible_facts['distribution_release'] == 'jammy' }}" +# Ceph custom repo workaround for Ubuntu as there are no official ceph repos for Ubuntu Jammy and Noble. +cephadm_custom_repos: "{{ ansible_facts['distribution'] == 'Ubuntu' }}" # HAProxy container image. cephadm_haproxy_image: "{{ stackhpc_docker_registry if stackhpc_sync_ceph_images | bool else 'quay.io' }}/ceph/haproxy:{{ cephadm_haproxy_image_tag }}" diff --git a/etc/kayobe/environments/aufn-ceph/globals.yml b/etc/kayobe/environments/aufn-ceph/globals.yml index f9166aaa0..9fe78517c 100644 --- a/etc/kayobe/environments/aufn-ceph/globals.yml +++ b/etc/kayobe/environments/aufn-ceph/globals.yml @@ -9,7 +9,7 @@ os_distribution: "{{ lookup('pipe', '. /etc/os-release && echo $ID') | trim }}" # OS release. Valid options are "9" when os_distribution is "rocky", or -# "jammy" when os_distribution is "ubuntu". +# "jammy" and "noble" when os_distribution is "ubuntu". os_release: >- {{ (lookup('pipe', '. /etc/os-release && echo $VERSION_CODENAME') | trim) if os_distribution == 'ubuntu' else (lookup('pipe', '. /etc/os-release && echo $VERSION_ID') | trim | split('.') | first) if os_distribution == 'rocky' }} diff --git a/etc/kayobe/environments/aufn-ceph/kolla/config/bifrost/bifrost.yml b/etc/kayobe/environments/aufn-ceph/kolla/config/bifrost/bifrost.yml index df8dc9d60..94b0cd1d9 100644 --- a/etc/kayobe/environments/aufn-ceph/kolla/config/bifrost/bifrost.yml +++ b/etc/kayobe/environments/aufn-ceph/kolla/config/bifrost/bifrost.yml @@ -6,8 +6,10 @@ download_ipa: true # Use a locally hosted cloud image. use_cirros: true -{% if os_distribution == 'ubuntu' %} +{% if os_distribution == 'ubuntu' and os_release == 'jammy' %} cirros_deploy_image_upstream_url: "https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64.img" +{% elif os_distribution == 'ubuntu' and os_release == 'noble' %} +cirros_deploy_image_upstream_url: "https://cloud-images.ubuntu.com/noble/current/noble-server-cloudimg-amd64.img" {% else %} cirros_deploy_image_upstream_url: "https://dl.rockylinux.org/pub/rocky/9/images/x86_64/Rocky-9-GenericCloud.latest.x86_64.qcow2" {% endif %} diff --git a/etc/kayobe/environments/ci-aio/globals.yml b/etc/kayobe/environments/ci-aio/globals.yml index 716dcb309..12d3fc767 100644 --- a/etc/kayobe/environments/ci-aio/globals.yml +++ b/etc/kayobe/environments/ci-aio/globals.yml @@ -50,7 +50,7 @@ os_distribution: "{{ lookup('pipe', '. /etc/os-release && echo $ID') | trim }}" # OS release. Valid options are "9" when os_distribution is "rocky", or -# "jammy" when os_distribution is "ubuntu". +# "jammy" and "noble" when os_distribution is "ubuntu". os_release: >- {{ (lookup('pipe', '. /etc/os-release && echo $VERSION_CODENAME') | trim) if os_distribution == 'ubuntu' else (lookup('pipe', '. /etc/os-release && echo $VERSION_ID') | trim | split('.') | first) if os_distribution == 'rocky' }} diff --git a/etc/kayobe/environments/ci-aio/inventory/group_vars/cis-hardening/cis b/etc/kayobe/environments/ci-aio/inventory/group_vars/cis-hardening/cis index 50084c72f..9f5e273c7 100644 --- a/etc/kayobe/environments/ci-aio/inventory/group_vars/cis-hardening/cis +++ b/etc/kayobe/environments/ci-aio/inventory/group_vars/cis-hardening/cis @@ -14,3 +14,11 @@ rhel9cis_rule_5_4_3_2: false ubtu22cis_rule_5_4_3_2: false ############################################################################## +# Ubuntu Noble CIS Hardening Configuration +# TODO: Test CIS rules for Ubuntu Noble + +# Disable shell timeout for inactivity which can be disruptive to +# development work. +ubtu24cis_rule_5_4_3_2: false + +############################################################################## diff --git a/etc/kayobe/environments/ci-aio/stackhpc-ci.yml b/etc/kayobe/environments/ci-aio/stackhpc-ci.yml index a3f2bbb14..4ddb48625 100644 --- a/etc/kayobe/environments/ci-aio/stackhpc-ci.yml +++ b/etc/kayobe/environments/ci-aio/stackhpc-ci.yml @@ -30,6 +30,9 @@ stackhpc_repo_ubuntu_jammy_security_version: "{{ stackhpc_pulp_repo_ubuntu_jammy stackhpc_repo_ubuntu_jammy_cve_2024_6387_version: "" stackhpc_repo_ubuntu_cloud_archive_version: "{{ stackhpc_pulp_repo_ubuntu_cloud_archive_version }}" stackhpc_repo_docker_ce_ubuntu_jammy_version: "{{ stackhpc_pulp_repo_docker_ce_ubuntu_jammy_version }}" +stackhpc_repo_ubuntu_noble_version: "{{ stackhpc_pulp_repo_ubuntu_noble_version }}" +stackhpc_repo_ubuntu_noble_security_version: "{{ stackhpc_pulp_repo_ubuntu_noble_security_version }}" +stackhpc_repo_docker_ce_ubuntu_noble_version: "{{ stackhpc_pulp_repo_docker_ce_ubuntu_noble_version }}" stackhpc_repo_ceph_reef_debian_version: "{{ stackhpc_pulp_repo_ceph_reef_debian_version }}" stackhpc_repo_centos_stream_9_nfv_openvswitch_version: "{{ stackhpc_pulp_repo_centos_stream_9_nfv_openvswitch_version }}" stackhpc_repo_centos_stream_9_openstack_caracal_version: "{{ stackhpc_pulp_repo_centos_stream_9_openstack_caracal_version }}" diff --git a/etc/kayobe/environments/ci-builder/stackhpc-ci.yml b/etc/kayobe/environments/ci-builder/stackhpc-ci.yml index ded33bd37..e67a472c4 100644 --- a/etc/kayobe/environments/ci-builder/stackhpc-ci.yml +++ b/etc/kayobe/environments/ci-builder/stackhpc-ci.yml @@ -57,6 +57,9 @@ stackhpc_repo_ubuntu_jammy_security_version: "{{ stackhpc_pulp_repo_ubuntu_jammy stackhpc_repo_ubuntu_jammy_cve_2024_6387_version: "" stackhpc_repo_ubuntu_cloud_archive_version: "{{ stackhpc_pulp_repo_ubuntu_cloud_archive_version }}" stackhpc_repo_docker_ce_ubuntu_jammy_version: "{{ stackhpc_pulp_repo_docker_ce_ubuntu_jammy_version }}" +stackhpc_repo_ubuntu_noble_version: "{{ stackhpc_pulp_repo_ubuntu_noble_version }}" +stackhpc_repo_ubuntu_noble_security_version: "{{ stackhpc_pulp_repo_ubuntu_noble_security_version }}" +stackhpc_repo_docker_ce_ubuntu_noble_version: "{{ stackhpc_pulp_repo_docker_ce_ubuntu_noble_version }}" stackhpc_repo_ceph_reef_debian_version: "{{ stackhpc_pulp_repo_ceph_reef_debian_version }}" stackhpc_repo_centos_stream_9_nfv_openvswitch_version: "{{ stackhpc_pulp_repo_centos_stream_9_nfv_openvswitch_version }}" stackhpc_repo_centos_stream_9_openstack_caracal_version: "{{ stackhpc_pulp_repo_centos_stream_9_openstack_caracal_version }}" diff --git a/etc/kayobe/environments/ci-multinode/globals.yml b/etc/kayobe/environments/ci-multinode/globals.yml index 4dd25ddd3..21f217354 100644 --- a/etc/kayobe/environments/ci-multinode/globals.yml +++ b/etc/kayobe/environments/ci-multinode/globals.yml @@ -50,7 +50,7 @@ os_distribution: "{{ lookup('pipe', '. /etc/os-release && echo $ID') | trim }}" # OS release. Valid options are "9" when os_distribution is "rocky", or -# "jammy" when os_distribution is "ubuntu". +# "jammy" and "noble" when os_distribution is "ubuntu". os_release: >- {{ (lookup('pipe', '. /etc/os-release && echo $VERSION_CODENAME') | trim) if os_distribution == 'ubuntu' else (lookup('pipe', '. /etc/os-release && echo $VERSION_ID') | trim | split('.') | first) if os_distribution == 'rocky' }} diff --git a/etc/kayobe/environments/ci-multinode/inventory/group_vars/cis-hardening/cis b/etc/kayobe/environments/ci-multinode/inventory/group_vars/cis-hardening/cis index 50084c72f..9f5e273c7 100644 --- a/etc/kayobe/environments/ci-multinode/inventory/group_vars/cis-hardening/cis +++ b/etc/kayobe/environments/ci-multinode/inventory/group_vars/cis-hardening/cis @@ -14,3 +14,11 @@ rhel9cis_rule_5_4_3_2: false ubtu22cis_rule_5_4_3_2: false ############################################################################## +# Ubuntu Noble CIS Hardening Configuration +# TODO: Test CIS rules for Ubuntu Noble + +# Disable shell timeout for inactivity which can be disruptive to +# development work. +ubtu24cis_rule_5_4_3_2: false + +############################################################################## diff --git a/etc/kayobe/environments/ci-multinode/stackhpc-ci.yml b/etc/kayobe/environments/ci-multinode/stackhpc-ci.yml index 6e10b63ea..a28519e83 100644 --- a/etc/kayobe/environments/ci-multinode/stackhpc-ci.yml +++ b/etc/kayobe/environments/ci-multinode/stackhpc-ci.yml @@ -30,6 +30,9 @@ stackhpc_repo_ubuntu_jammy_security_version: "{{ stackhpc_pulp_repo_ubuntu_jammy stackhpc_repo_ubuntu_jammy_cve_2024_6387_version: "" stackhpc_repo_ubuntu_cloud_archive_version: "{{ stackhpc_pulp_repo_ubuntu_cloud_archive_version }}" stackhpc_repo_docker_ce_ubuntu_jammy_version: "{{ stackhpc_pulp_repo_docker_ce_ubuntu_jammy_version }}" +stackhpc_repo_ubuntu_noble_version: "{{ stackhpc_pulp_repo_ubuntu_noble_version }}" +stackhpc_repo_ubuntu_noble_security_version: "{{ stackhpc_pulp_repo_ubuntu_noble_security_version }}" +stackhpc_repo_docker_ce_ubuntu_noble_version: "{{ stackhpc_pulp_repo_docker_ce_ubuntu_noble_version }}" stackhpc_repo_ceph_reef_debian_version: "{{ stackhpc_pulp_repo_ceph_reef_debian_version }}" stackhpc_repo_centos_stream_9_nfv_openvswitch_version: "{{ stackhpc_pulp_repo_centos_stream_9_nfv_openvswitch_version }}" stackhpc_repo_centos_stream_9_openstack_caracal_version: "{{ stackhpc_pulp_repo_centos_stream_9_openstack_caracal_version }}" diff --git a/etc/kayobe/globals.yml b/etc/kayobe/globals.yml index a97f74d1a..c6b9830b7 100644 --- a/etc/kayobe/globals.yml +++ b/etc/kayobe/globals.yml @@ -49,7 +49,7 @@ #os_distribution: # OS release. Valid options are "9-stream" when os_distribution is "centos", or -# "9" when os_distribution is "rocky", or "jammy" when os_distribution is +# "9" when os_distribution is "rocky", or "jammy" and "noble" when os_distribution is # "ubuntu". #os_release: diff --git a/etc/kayobe/inventory/group_vars/cis-hardening/cis b/etc/kayobe/inventory/group_vars/cis-hardening/cis index 2c103cb34..731be1cd9 100644 --- a/etc/kayobe/inventory/group_vars/cis-hardening/cis +++ b/etc/kayobe/inventory/group_vars/cis-hardening/cis @@ -192,3 +192,122 @@ ubtu22cis_rule_5_5_1_5: false ubtu22cis_ipv6_required: true ############################################################################## +# Ubuntu Noble CIS Hardening Configuration +# FIXME: These settings are untested, they are just carried over from Jammy + +# Ubuntu 24 CIS configuration +# Disable changing routing rules +ubtu24cis_is_router: true + +# Set Chrony as the time sync tool +ubtu24cis_time_sync_tool: "chrony" + +# Disable CIS from configuring the firewall +ubtu24cis_firewall_package: "none" + +# Stop CIS from installing Network Manager +ubtu24cis_install_network_manager: false + +# Set syslog service to journald +ubtu24cis_syslog_service: journald + +# Squashfs is compiled into the kernel +ubtu24cis_rule_1_1_1_2: false + +# This updates the system. Let's do this explicitly. +ubtu24cis_rule_1_9: false + +# Do not change Chrony Time servers +ubtu24cis_rule_2_1_2_1: false + +# Disable CIS from touching sudoers +ubtu24cis_rule_5_3_4: false + +# Add stack and kolla to allowed ssh users +ubtu24cis_sshd: + log_level: "INFO" + max_auth_tries: 4 + ciphers: + - chacha20-poly1305@openssh.com + - aes256-gcm@openssh.com + - aes128-gcm@openssh.com + - aes256-ctr + - aes192-ctr + - aes128-ctr + macs: + - hmac-sha2-512-etm@openssh.com + - hmac-sha2-256-etm@openssh.com + - hmac-sha2-512 + - hmac-sha2-256 + kex_algorithms: + - curve25519-sha256 + - curve25519-sha256@libssh.org + - diffie-hellman-group14-sha256 + - diffie-hellman-group16-sha512 + - diffie-hellman-group18-sha512 + - ecdh-sha2-nistp521 + - ecdh-sha2-nistp384 + - ecdh-sha2-nistp256 + - diffie-hellman-group-exchange-sha256 + client_alive_interval: 300 + client_alive_count_max: 3 + login_grace_time: 60 + max_sessions: 8 + allow_users: "kolla stack ubuntu" + allow_groups: "kolla stack ubuntu" + deny_users: "" + deny_groups: "" + +# Stop the CIS benchmark scanning all files on every filesystem since this +# takes a long time. Related to the changing permissions block below. This +# would normally warn you about violations, but we can use Wazuh to continually +# monitor this. +ubtu24cis_rule_6_1_9: false +ubtu24cis_rule_6_1_10: false +ubtu24cis_rule_6_1_11: false +ubtu24cis_rule_6_1_12: false +ubtu24cis_rule_6_1_13: false + +# The following rules change permissions on all files on every mounted +# filesystem. We do not want to change /var/lib/docker permissions. +ubtu24cis_no_group_adjust: false +ubtu24cis_no_owner_adjust: false +ubtu24cis_no_world_write_adjust: false +ubtu24cis_suid_adjust: false + +# Prevent hardening from recursivley changing permissions on log files +ubtu24cis_rule_4_2_3: false + +# Configure log rotation to prevent audit logs from filling the disk +ubtu24cis_auditd: + action_mail_acct: root + space_left_action: syslog + admin_space_left_action: syslog + max_log_file_action: rotate + +# Max size of audit logs (MB) +ubtu24cis_max_log_file_size: 1024 + +# Disable grub bootloader password. Requires overriding +# ubtu24cis_bootloader_password_hash +ubtu24cis_rule_1_4_1: false +ubtu24cis_rule_1_4_3: false + +# Disable: Ensure minimum days between password changes is configured +ubtu24cis_rule_5_5_1_1: false + +# Disable: Ensure password expiration is 365 days or less +ubtu24cis_rule_5_5_1_2: false + +# Disable: Ensure inactive password lock is 30 days or less +ubtu24cis_rule_5_5_1_4: false + +# Disable: Ensure all users last password change date is in the past +ubtu24cis_rule_5_5_1_5: false + +# The way this is disabled currently breaks kolla's IPV6 check, see: +# https://bugs.launchpad.net/kolla-ansible/+bug/2071443 +# Also matches RHEL hardening behavior. +ubtu24cis_ipv6_required: true + +############################################################################## diff --git a/etc/kayobe/inventory/group_vars/wazuh-manager/wazuh-manager b/etc/kayobe/inventory/group_vars/wazuh-manager/wazuh-manager index d758aa235..26ddb2a5c 100644 --- a/etc/kayobe/inventory/group_vars/wazuh-manager/wazuh-manager +++ b/etc/kayobe/inventory/group_vars/wazuh-manager/wazuh-manager @@ -28,7 +28,7 @@ indexer_node_name: "{{ inventory_hostname }}" indexer_network_host: "{{ provision_oc_net_name | net_ip }}" # Even in a single node setup this must be defined. If not defaults to 127.0.0.1 -indexer_cluster_nodes: +indexer_cluster_nodes: - "{{ indexer_network_host }}" instances: @@ -132,6 +132,7 @@ wazuh_manager_vulnerability_detector: os: - 'focal' - 'jammy' + - 'noble' update_interval: '1h' name: '"canonical"' - enabled: 'yes' diff --git a/etc/kayobe/kolla-image-tags.yml b/etc/kayobe/kolla-image-tags.yml index c17bf7f56..16d316158 100644 --- a/etc/kayobe/kolla-image-tags.yml +++ b/etc/kayobe/kolla-image-tags.yml @@ -6,6 +6,7 @@ kolla_image_tags: openstack: rocky-9: 2024.1-rocky-9-20241218T141751 ubuntu-jammy: 2024.1-ubuntu-jammy-20241218T141809 + ubuntu-noble: 2024.1-ubuntu-noble-20250404T150323 bifrost: rocky-9: 2024.1-rocky-9-20250325T141125 ubuntu-jammy: 2024.1-ubuntu-jammy-20250325T141125 @@ -51,6 +52,8 @@ kolla_image_tags: skyline_apiserver: rocky-9: 2024.1-rocky-9-20250408T133253 ubuntu-jammy: 2024.1-ubuntu-jammy-20250408T133253 + ubuntu-noble: 2024.1-ubuntu-noble-20250415T123136 skyline_console: rocky-9: 2024.1-rocky-9-20250408T133253 ubuntu-jammy: 2024.1-ubuntu-jammy-20250408T133253 + ubuntu-noble: 2024.1-ubuntu-noble-20250415T123136 diff --git a/etc/kayobe/kolla.yml b/etc/kayobe/kolla.yml index 2dabe5bc2..8c68e57af 100644 --- a/etc/kayobe/kolla.yml +++ b/etc/kayobe/kolla.yml @@ -254,6 +254,19 @@ stackhpc_ubuntu_jammy_uca_repos: # List of repositories for Ubuntu Jammy. stackhpc_ubuntu_jammy_repos: "{{ stackhpc_ubuntu_jammy_base_repos + stackhpc_ubuntu_jammy_uca_repos }}" +# List of base repositories for Ubuntu Noble. +stackhpc_ubuntu_noble_base_repos: + - "{{ stackhpc_ubuntu_repo_prefix }}{{ stackhpc_repo_ubuntu_noble_url }} noble main universe" + - "{{ stackhpc_ubuntu_repo_prefix }}{{ stackhpc_repo_ubuntu_noble_url }} noble-updates main universe" + - "{{ stackhpc_ubuntu_repo_prefix }}{{ stackhpc_repo_ubuntu_noble_url }} noble-backports main universe" + - "{{ stackhpc_ubuntu_repo_prefix }}{{ stackhpc_repo_ubuntu_noble_security_url }} noble-security main universe" + +# List of UCA repositories for Ubuntu Noble. +stackhpc_ubuntu_noble_uca_repos: [] + +# List of repositories for Ubuntu Noble. +stackhpc_ubuntu_noble_repos: "{{ stackhpc_ubuntu_noble_base_repos + stackhpc_ubuntu_noble_uca_repos }}" + # Whether to revert to the upstream mirrors in built Kolla container images. stackhpc_kolla_clean_up_repo_mirrors: true @@ -280,10 +293,17 @@ kolla_build_blocks: {# We lack the ca-certificates package at this stage, so don't verify the CA initially #} echo 'Acquire::https::Verify-Peer "false";' > /etc/apt/apt.conf.d/90no-verify-peer && \ {% endif %} + {% if kolla_base_distro_version == 'jammy' %} {% for repo in stackhpc_ubuntu_jammy_base_repos %} echo '{{ repo }}' >> /etc/apt/sources.list {% if not loop.last %} && \ {% endif %} {% endfor %} + {% else %} + {% for repo in stackhpc_ubuntu_noble_repos %} + echo '{{ repo }}' >> /etc/apt/sources.list {% if not loop.last %} && \ + {% endif %} + {% endfor %} + {% endif %} {% endif %} base_centos_repo_overrides_post_yum: | {# fixme #} @@ -304,15 +324,27 @@ kolla_build_blocks: # With the UCA keyring installed we can now add all repos. base_ubuntu_package_sources_list: | {% if stackhpc_kolla_clean_up_repo_mirrors | bool %} + {% if kolla_base_distro_version == 'jammy' %} COPY sources.list.ubuntu.jammy /etc/apt/sources.list.backup + {% else %} + COPY sources.list.ubuntu.noble /etc/apt/sources.list.backup + {% endif %} + {% endif %} RUN \ rm /etc/apt/sources.list && \ rm -f /etc/apt/apt.conf.d/90no-verify-peer && \ - {% for repo in stackhpc_ubuntu_jammy_repos %} + {% if kolla_base_distro_version == 'jammy' %} + {% for repo in stackhpc_ubuntu_jammy_base_repos %} + echo '{{ repo }}' >> /etc/apt/sources.list {% if not loop.last %} && \ + {% endif %} + {% endfor %} + {% else %} + {% for repo in stackhpc_ubuntu_noble_repos %} echo '{{ repo }}' >> /etc/apt/sources.list {% if not loop.last %} && \ {% endif %} {% endfor %} + {% endif %} footer: | {% if stackhpc_kolla_clean_up_repo_mirrors | bool %} {% if kolla_base_distro == 'rocky' %} diff --git a/etc/kayobe/kolla/globals.yml b/etc/kayobe/kolla/globals.yml index c36b659b5..68521bab1 100644 --- a/etc/kayobe/kolla/globals.yml +++ b/etc/kayobe/kolla/globals.yml @@ -7,11 +7,19 @@ kolla_base_distro: "{% raw %}{{ ansible_facts.distribution | lower }}{% endraw % # Use facts so this is determined correctly when the control host OS differs # from os_distribuition. -kolla_base_distro_version: "{% raw %}{{ kolla_base_distro_version_default_map[kolla_base_distro] }}{% endraw %}" +kolla_base_distro_version: "{% raw %}{{ 'noble' if ansible_facts.distribution_release == 'noble' else kolla_base_distro_version_default_map[kolla_base_distro] }}{% endraw %}" # Convenience variable for base distro and version string. kolla_base_distro_and_version: "{% raw %}{{ kolla_base_distro }}-{{ kolla_base_distro_version }}{% endraw %}" +kolla_base_distro_version_custom_map: { + "rocky-9": "3.9", + "ubuntu-jammy": "3.10", + "ubuntu-noble": "3.12" +} + +distro_python_version: "{% raw %}{{ kolla_base_distro_version_custom_map[kolla_base_distro_and_version] }}{% endraw %}" + # Dict of Kolla image tags to deploy for each service. # Each key is the tag variable prefix name, and the value is another dict, # where the key is the OS distro and the value is the tag to deploy. diff --git a/etc/kayobe/kolla/kolla-build.conf b/etc/kayobe/kolla/kolla-build.conf index 96699c2f7..1c2165c8b 100644 --- a/etc/kayobe/kolla/kolla-build.conf +++ b/etc/kayobe/kolla/kolla-build.conf @@ -2,8 +2,10 @@ {# Packages in the latest upstream Ubuntu base image can be ahead of our package repo #} {# snapshots, so pin to a specific tag. #} {# This tag should be updated when Ubuntu package repo snapshot versions are changed. #} -{% if kolla_base_distro == 'ubuntu' %} +{% if kolla_base_distro == 'ubuntu' and kolla_base_distro_version == 'jammy' %} base_tag = jammy-20240808 +{% elif kolla_base_distro == 'ubuntu' and kolla_base_distro_version == 'noble' %} +base_tag = noble-20241118.1 {# Similarly pinning to Rocky 9 minor version used in our repos #} {% elif kolla_base_distro == 'rocky' %} base_tag = 9.{{ stackhpc_pulp_repo_rocky_9_minor_version }} diff --git a/etc/kayobe/pulp-host-image-versions.yml b/etc/kayobe/pulp-host-image-versions.yml index a9507e70e..db0316a37 100644 --- a/etc/kayobe/pulp-host-image-versions.yml +++ b/etc/kayobe/pulp-host-image-versions.yml @@ -3,3 +3,4 @@ # These images must be in SMS, since they are used by our AIO CI runners stackhpc_rocky_9_overcloud_host_image_version: "2024.1-20241209T151515" stackhpc_ubuntu_jammy_overcloud_host_image_version: "2024.1-20250408T082408" +stackhpc_ubuntu_noble_overcloud_host_image_version: "2024.1-20250417T104113" diff --git a/etc/kayobe/pulp-ipa-image-versions.yml b/etc/kayobe/pulp-ipa-image-versions.yml index 0ecbdfdc3..ca2781ae2 100644 --- a/etc/kayobe/pulp-ipa-image-versions.yml +++ b/etc/kayobe/pulp-ipa-image-versions.yml @@ -2,3 +2,4 @@ # IPA image versioning tags stackhpc_rocky_9_ipa_image_version: "2024.1-20241231T102920" stackhpc_ubuntu_jammy_ipa_image_version: "2024.1-20241206T160829" +stackhpc_ubuntu_noble_ipa_image_version: "2024.1-20250402T132932" diff --git a/etc/kayobe/pulp-repo-versions.yml b/etc/kayobe/pulp-repo-versions.yml index 5eb4d3c8a..2c22d0b32 100644 --- a/etc/kayobe/pulp-repo-versions.yml +++ b/etc/kayobe/pulp-repo-versions.yml @@ -8,6 +8,7 @@ stackhpc_pulp_repo_centos_stream_9_opstools_version: 20231213T031318 stackhpc_pulp_repo_centos_stream_9_storage_ceph_reef_version: 20240923T233036 stackhpc_pulp_repo_ceph_reef_debian_version: 20240925T152022 stackhpc_pulp_repo_docker_ce_ubuntu_jammy_version: 20241218T154614 +stackhpc_pulp_repo_docker_ce_ubuntu_noble_version: 20250401T001425 stackhpc_pulp_repo_elrepo_9_version: 20241129T235743 stackhpc_pulp_repo_epel_9_version: 20241216T235733 stackhpc_pulp_repo_grafana_version: 20241216T002739 @@ -46,9 +47,11 @@ stackhpc_pulp_repo_rocky_9_5_crb_version: 20241217T005008 stackhpc_pulp_repo_rocky_9_5_extras_version: 20241216T004230 stackhpc_pulp_repo_rocky_9_5_highavailability_version: 20241202T003154 stackhpc_pulp_repo_rocky_9_sig_security_common_version: 20241127T003858 -stackhpc_pulp_repo_ubuntu_cloud_archive_version: 20250408T063025 -stackhpc_pulp_repo_ubuntu_jammy_security_version: 20250408T085614 -stackhpc_pulp_repo_ubuntu_jammy_version: 20250408T085614 +stackhpc_pulp_repo_ubuntu_cloud_archive_version: 20250416T042645 +stackhpc_pulp_repo_ubuntu_jammy_security_version: 20250417T070229 +stackhpc_pulp_repo_ubuntu_jammy_version: 20250417T070229 +stackhpc_pulp_repo_ubuntu_noble_security_version: 20250417T033501 +stackhpc_pulp_repo_ubuntu_noble_version: 20250417T033501 stackhpc_pulp_repo_rhel_9_4_doca_version: 20241211T153620 stackhpc_pulp_repo_rhel_9_4_doca_modules_version: 20241213T112245 stackhpc_pulp_repo_rhel_9_5_doca_version: 20241211T171301 diff --git a/etc/kayobe/pulp.yml b/etc/kayobe/pulp.yml index 43de35091..5b4cd77a3 100644 --- a/etc/kayobe/pulp.yml +++ b/etc/kayobe/pulp.yml @@ -62,7 +62,8 @@ stackhpc_pulp_sync_for_local_container_build: false # Debs # Whether to sync Ubuntu packages. -stackhpc_pulp_sync_ubuntu_jammy: "{{ os_distribution == 'ubuntu' }}" +stackhpc_pulp_sync_ubuntu_jammy: "{{ os_release == 'jammy' }}" +stackhpc_pulp_sync_ubuntu_noble: "{{ os_release == 'noble' }}" # Default configuration, which each element of stackhpc_pulp_deb_repos # is combined with @@ -104,6 +105,23 @@ stackhpc_pulp_deb_repos: distributions: "pulp" required: "{{ stackhpc_pulp_sync_ubuntu_jammy | bool }}" + # Base Ubuntu Noble repositories + - name: "Ubuntu Noble" + url: "{{ stackhpc_release_pulp_content_url }}/ubuntu/noble/{{ stackhpc_pulp_repo_ubuntu_noble_version }}" + distribution_name: "ubuntu-noble-" + base_path: "ubuntu/noble/" + components: "main restricted universe multiverse" + distributions: "noble noble-updates noble-backports" + required: "{{ stackhpc_pulp_sync_ubuntu_noble | bool }}" + + - name: "Ubuntu Noble security" + url: "{{ stackhpc_release_pulp_content_url }}/ubuntu/noble-security/{{ stackhpc_pulp_repo_ubuntu_noble_security_version }}" + distribution_name: "ubuntu-noble-security-" + base_path: "ubuntu/noble-security/" + components: "main restricted universe multiverse" + distributions: "noble-security" + required: "{{ stackhpc_pulp_sync_ubuntu_noble | bool }}" + # Ubuntu Cloud Archive (UCA) repositories - name: "Ubuntu Cloud Archive" url: "{{ stackhpc_release_pulp_content_url }}/ubuntu-cloud-archive/{{ stackhpc_pulp_repo_ubuntu_cloud_archive_version }}" @@ -122,6 +140,14 @@ stackhpc_pulp_deb_repos: components: "stable" required: "{{ stackhpc_pulp_sync_ubuntu_jammy | bool }}" + - name: "Docker CE for Ubuntu Noble" + url: "{{ stackhpc_release_pulp_content_url }}/docker-ce/ubuntu-noble/{{ stackhpc_pulp_repo_docker_ce_ubuntu_noble_version }}" + distribution_name: "docker-ce-for-ubuntu-noble-" + base_path: "docker-ce/ubuntu-noble/" + distributions: "noble" + components: "stable" + required: "{{ stackhpc_pulp_sync_ubuntu_noble | bool }}" + - name: "Ceph Reef for Debian" url: "{{ stackhpc_release_pulp_content_url }}/ceph/debian-reef/{{ stackhpc_pulp_repo_ceph_reef_debian_version }}" distribution_name: "ceph-reef-debian-" @@ -560,6 +586,7 @@ stackhpc_pulp_images_kolla: # List of images for each base distribution which should not/cannot be built. stackhpc_kolla_unbuildable_images: ubuntu-jammy: [] + ubuntu-noble: [] rocky-9: [] # Whitespace-separated list of regular expressions matching Kolla image names. diff --git a/etc/kayobe/stackhpc-ipa-images.yml b/etc/kayobe/stackhpc-ipa-images.yml index 2246e678a..3c6a0a62c 100644 --- a/etc/kayobe/stackhpc-ipa-images.yml +++ b/etc/kayobe/stackhpc-ipa-images.yml @@ -17,4 +17,5 @@ stackhpc_ipa_image_url: "{{ stackhpc_release_pulp_content_url }}/ipa-images/\ # IPA image version tag selection stackhpc_ipa_image_version: >- {{ stackhpc_rocky_9_ipa_image_version if os_distribution == 'rocky' and os_release == '9' else - stackhpc_ubuntu_jammy_ipa_image_version if os_distribution == 'ubuntu' and os_release == 'jammy' }} + stackhpc_ubuntu_jammy_ipa_image_version if os_distribution == 'ubuntu' and os_release == 'jammy' else + stackhpc_ubuntu_noble_ipa_image_version if os_distribution == 'ubuntu' and os_release == 'noble' }} diff --git a/etc/kayobe/stackhpc-overcloud-host-images.yml b/etc/kayobe/stackhpc-overcloud-host-images.yml index e9de707e1..48cc04c37 100644 --- a/etc/kayobe/stackhpc-overcloud-host-images.yml +++ b/etc/kayobe/stackhpc-overcloud-host-images.yml @@ -22,4 +22,5 @@ stackhpc_overcloud_host_image_url: "{{ stackhpc_release_pulp_content_url_with_au # Overcloud host image version tag selection stackhpc_overcloud_host_image_version: >- {{ stackhpc_rocky_9_overcloud_host_image_version if os_distribution == 'rocky' and os_release == '9' else - stackhpc_ubuntu_jammy_overcloud_host_image_version if os_distribution == 'ubuntu' and os_release == 'jammy' }} + stackhpc_ubuntu_jammy_overcloud_host_image_version if os_distribution == 'ubuntu' and os_release == 'jammy' else + stackhpc_ubuntu_noble_overcloud_host_image_version if os_distribution == 'ubuntu' and os_release == 'noble' }} diff --git a/etc/kayobe/stackhpc.yml b/etc/kayobe/stackhpc.yml index 89d27d63c..8b045f12b 100644 --- a/etc/kayobe/stackhpc.yml +++ b/etc/kayobe/stackhpc.yml @@ -41,6 +41,14 @@ stackhpc_repo_ubuntu_jammy_security_version: "{{ stackhpc_repo_distribution }}" stackhpc_repo_ubuntu_jammy_cve_2024_6387_url: "{{ stackhpc_repo_mirror_url }}/pulp/content/ubuntu-jammy-cve-2024-6387/{{ stackhpc_repo_ubuntu_jammy_cve_2024_6387_version }}" stackhpc_repo_ubuntu_jammy_cve_2024_6387_version: "{{ stackhpc_repo_distribution }}" +# Ubuntu noble +stackhpc_repo_ubuntu_noble_url: "{{ stackhpc_repo_mirror_url }}/pulp/content/ubuntu/noble/{{ stackhpc_repo_ubuntu_noble_version }}" +stackhpc_repo_ubuntu_noble_version: "{{ stackhpc_repo_distribution }}" + +# Ubuntu noble security +stackhpc_repo_ubuntu_noble_security_url: "{{ stackhpc_repo_mirror_url }}/pulp/content/ubuntu/noble-security/{{ stackhpc_repo_ubuntu_noble_security_version }}" +stackhpc_repo_ubuntu_noble_security_version: "{{ stackhpc_repo_distribution }}" + # Ubuntu Cloud Archive stackhpc_repo_ubuntu_cloud_archive_url: "{{ stackhpc_repo_mirror_url }}/pulp/content/ubuntu-cloud-archive/{{ stackhpc_repo_ubuntu_cloud_archive_version }}" stackhpc_repo_ubuntu_cloud_archive_version: "{{ stackhpc_repo_distribution }}" @@ -49,6 +57,10 @@ stackhpc_repo_ubuntu_cloud_archive_version: "{{ stackhpc_repo_distribution }}" stackhpc_repo_docker_ce_ubuntu_jammy_url: "{{ stackhpc_repo_mirror_url }}/pulp/content/docker-ce/ubuntu-jammy/{{ stackhpc_repo_docker_ce_ubuntu_jammy_version }}" stackhpc_repo_docker_ce_ubuntu_jammy_version: "{{ stackhpc_repo_distribution }}" +# Docker CE for Ubuntu Noble +stackhpc_repo_docker_ce_ubuntu_noble_url: "{{ stackhpc_repo_mirror_url }}/pulp/content/docker-ce/ubuntu-noble/{{ stackhpc_repo_docker_ce_ubuntu_noble_version }}" +stackhpc_repo_docker_ce_ubuntu_noble_version: "{{ stackhpc_repo_distribution }}" + # Ceph Reef for Debian stackhpc_repo_ceph_reef_debian_url: "{{ stackhpc_repo_mirror_url }}/pulp/content/ceph/debian-reef/{{ stackhpc_repo_ceph_reef_debian_version }}" stackhpc_repo_ceph_reef_debian_version: "{{ stackhpc_repo_distribution }}" diff --git a/releasenotes/notes/add-ubuntu-noble-support-caracal-1b9e64d4aa2e1ff7.yaml b/releasenotes/notes/add-ubuntu-noble-support-caracal-1b9e64d4aa2e1ff7.yaml new file mode 100644 index 000000000..12079d9af --- /dev/null +++ b/releasenotes/notes/add-ubuntu-noble-support-caracal-1b9e64d4aa2e1ff7.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + Added support for Ubuntu 24.04 Noble Numbat as a host operating system. + Repositories and configuration for Ubuntu Noble have been added. diff --git a/tools/kolla-images.py b/tools/kolla-images.py index 1065db034..6ca651a67 100755 --- a/tools/kolla-images.py +++ b/tools/kolla-images.py @@ -101,6 +101,7 @@ SUPPORTED_BASE_DISTROS = [ "rocky-9", "ubuntu-jammy", + "ubuntu-noble", ] diff --git a/tools/ubuntu-upgrade-infra-vm.sh b/tools/ubuntu-upgrade-infra-vm.sh index 8d5810174..8316021b4 100755 --- a/tools/ubuntu-upgrade-infra-vm.sh +++ b/tools/ubuntu-upgrade-infra-vm.sh @@ -29,6 +29,6 @@ fi set -x -kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/ubuntu-upgrade.yml -e os_release=jammy --limit $1 +kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/ubuntu-upgrade.yml -e os_release=noble --limit $1 -kayobe infra vm host configure --limit $1 -e os_release=jammy +kayobe infra vm host configure --limit $1 -e os_release=noble diff --git a/tools/ubuntu-upgrade-overcloud.sh b/tools/ubuntu-upgrade-overcloud.sh index 50959c263..14271c3d1 100755 --- a/tools/ubuntu-upgrade-overcloud.sh +++ b/tools/ubuntu-upgrade-overcloud.sh @@ -29,8 +29,8 @@ fi set -x -kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/ubuntu-upgrade.yml -e os_release=jammy --limit $1 +kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/ubuntu-upgrade.yml -e os_release=noble --limit $1 kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/ovn-fix-chassis-priorities.yml -kayobe overcloud host configure --limit $1 --kolla-limit $1 -e os_release=jammy +kayobe overcloud host configure --limit $1 --kolla-limit $1 -e os_release=noble diff --git a/tools/ubuntu-upgrade-seed-hypervisor.sh b/tools/ubuntu-upgrade-seed-hypervisor.sh index ad09f2b34..d34e58b26 100755 --- a/tools/ubuntu-upgrade-seed-hypervisor.sh +++ b/tools/ubuntu-upgrade-seed-hypervisor.sh @@ -24,6 +24,6 @@ fi set -x -kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/ubuntu-upgrade.yml -e os_release=jammy --limit seed-hypervisor +kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/ubuntu-upgrade.yml -e os_release=noble --limit seed-hypervisor kayobe seed hypervisor host configure diff --git a/tools/ubuntu-upgrade-seed.sh b/tools/ubuntu-upgrade-seed.sh index 4a48d5f36..d4191da46 100755 --- a/tools/ubuntu-upgrade-seed.sh +++ b/tools/ubuntu-upgrade-seed.sh @@ -24,6 +24,6 @@ fi set -x -kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/ubuntu-upgrade.yml -e os_release=jammy --limit seed +kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/ubuntu-upgrade.yml -e os_release=noble --limit seed kayobe seed host configure