diff --git a/.github/workflows/stackhpc-multinode.yml b/.github/workflows/stackhpc-multinode.yml index 2e66e2dca..5b88c2f68 100644 --- a/.github/workflows/stackhpc-multinode.yml +++ b/.github/workflows/stackhpc-multinode.yml @@ -56,7 +56,7 @@ name: Multinode jobs: multinode: name: Multinode - uses: stackhpc/stackhpc-openstack-gh-workflows/.github/workflows/multinode.yml@1.4.0 + uses: stackhpc/stackhpc-openstack-gh-workflows/.github/workflows/multinode.yml@1.4.1 with: multinode_name: ${{ inputs.multinode_name }} os_distribution: ${{ inputs.os_distribution }} diff --git a/etc/kayobe/environments/ci-builder/stackhpc-ci.yml b/etc/kayobe/environments/ci-builder/stackhpc-ci.yml index e67a472c4..103d797e1 100644 --- a/etc/kayobe/environments/ci-builder/stackhpc-ci.yml +++ b/etc/kayobe/environments/ci-builder/stackhpc-ci.yml @@ -29,7 +29,6 @@ kolla_enable_octavia: true kolla_enable_opensearch: true kolla_enable_prometheus: true kolla_enable_redis: true -kolla_enable_skyline: true kolla_build_neutron_ovs: true ############################################################################### diff --git a/etc/kayobe/environments/ci-multinode/stackhpc-monitoring.yml b/etc/kayobe/environments/ci-multinode/stackhpc-monitoring.yml index 1d9514553..93ce650b4 100644 --- a/etc/kayobe/environments/ci-multinode/stackhpc-monitoring.yml +++ b/etc/kayobe/environments/ci-multinode/stackhpc-monitoring.yml @@ -1,3 +1,3 @@ --- # Path to a CA certificate file to trust in the OpenStack Capacity exporter. -stackhpc_os_capacity_openstack_cacert: "{{ kayobe_env_config_path }}/kolla/certificates/ca/openbao.crt" +stackhpc_os_capacity_openstack_cacert: "{{ kayobe_env_config_path }}/kolla/certificates/ca/vault.crt" diff --git a/etc/kayobe/environments/ci-multinode/tempest.yml b/etc/kayobe/environments/ci-multinode/tempest.yml index ae2d8f132..0657946bb 100644 --- a/etc/kayobe/environments/ci-multinode/tempest.yml +++ b/etc/kayobe/environments/ci-multinode/tempest.yml @@ -3,4 +3,4 @@ rally_no_sensitive_log: false # Add the Vault CA certificate to the rally container when running tempest. -tempest_cacert: "{{ kayobe_env_config_path }}/kolla/certificates/ca/openbao.crt" +tempest_cacert: "{{ kayobe_env_config_path }}/kolla/certificates/ca/vault.crt" diff --git a/etc/kayobe/kolla-image-tags.yml b/etc/kayobe/kolla-image-tags.yml index 45de13c17..718131239 100644 --- a/etc/kayobe/kolla-image-tags.yml +++ b/etc/kayobe/kolla-image-tags.yml @@ -4,74 +4,50 @@ # where the key is the OS distro and the value is the tag to deploy. kolla_image_tags: openstack: - rocky-9: 2024.1-rocky-9-20241218T141751 + rocky-9: 2024.1-rocky-9-20250707T081346 ubuntu-jammy: 2024.1-ubuntu-jammy-20241218T141809 ubuntu-noble: 2024.1-ubuntu-noble-20250404T150323 bifrost: - rocky-9: 2024.1-rocky-9-20250325T141125 ubuntu-jammy: 2024.1-ubuntu-jammy-20250325T141125 glance: - rocky-9: 2024.1-rocky-9-20250213T103134 ubuntu-jammy: 2024.1-ubuntu-jammy-20250213T103134 horizon: - rocky-9: 2024.1-rocky-9-20250227T091118 ubuntu-jammy: 2024.1-ubuntu-jammy-20250227T091118 ironic: - rocky-9: 2024.1-rocky-9-20250213T110505 ubuntu-jammy: 2024.1-ubuntu-jammy-20250213T110505 ironic_dnsmasq: - rocky-9: 2024.1-rocky-9-20241218T141751 ubuntu-jammy: 2024.1-ubuntu-jammy-20241218T141809 ironic_prometheus_exporter: - rocky-9: 2024.1-rocky-9-20250124T081816 ubuntu-jammy: 2024.1-ubuntu-jammy-20250124T081816 kolla_toolbox: - rocky-9: 2024.1-rocky-9-20250529T081147 ubuntu-jammy: 2024.1-ubuntu-jammy-20250529T081147 ubuntu-noble: 2024.1-ubuntu-noble-20250529T081147 magnum: - rocky-9: 2024.1-rocky-9-20250522T143506 ubuntu-jammy: 2024.1-ubuntu-jammy-20250522T143506 ubuntu-noble: 2024.1-ubuntu-noble-20250522T143506 manila: - rocky-9: 2024.1-rocky-9-20250529T081147 ubuntu-jammy: 2024.1-ubuntu-jammy-20250529T081147 ubuntu-noble: 2024.1-ubuntu-noble-20250529T081147 neutron: - rocky-9: 2024.1-rocky-9-20250529T081147 ubuntu-jammy: 2024.1-ubuntu-jammy-20250529T081147 ubuntu-noble: 2024.1-ubuntu-noble-20250529T081147 neutron_bgp_dragent: - rocky-9: 2024.1-rocky-9-20250529T081147 + rocky-9: 2024.1-rocky-9-20250708T134333 ubuntu-jammy: 2024.1-ubuntu-jammy-20250529T081147 ubuntu-noble: 2024.1-ubuntu-noble-20250529T081147 nova: - rocky-9: 2024.1-rocky-9-20250529T081147 ubuntu-jammy: 2024.1-ubuntu-jammy-20250529T081147 ubuntu-noble: 2024.1-ubuntu-noble-20250529T081147 octavia: - rocky-9: 2024.1-rocky-9-20250529T081147 ubuntu-jammy: 2024.1-ubuntu-jammy-20250529T081147 ubuntu-noble: 2024.1-ubuntu-noble-20250529T081147 openvswitch: - rocky-9: 2024.1-rocky-9-20250529T081147 ubuntu-jammy: 2024.1-ubuntu-jammy-20250529T081147 ubuntu-noble: 2024.1-ubuntu-noble-20250529T081147 ovn: - rocky-9: 2024.1-rocky-9-20250529T081147 ubuntu-jammy: 2024.1-ubuntu-jammy-20250529T081147 ubuntu-noble: 2024.1-ubuntu-noble-20250529T081147 prometheus: - rocky-9: 2024.1-rocky-9-20250219T145255 ubuntu-jammy: 2024.1-ubuntu-jammy-20250219T145255 prometheus_alertmanager: - rocky-9: 2024.1-rocky-9-20250422T103147 ubuntu-jammy: 2024.1-ubuntu-jammy-20250422T103147 - skyline_apiserver: - rocky-9: 2024.1-rocky-9-20250408T133253 - ubuntu-jammy: 2024.1-ubuntu-jammy-20250408T133253 - ubuntu-noble: 2024.1-ubuntu-noble-20250415T123136 - skyline_console: - rocky-9: 2024.1-rocky-9-20250408T133253 - ubuntu-jammy: 2024.1-ubuntu-jammy-20250408T133253 - ubuntu-noble: 2024.1-ubuntu-noble-20250415T123136 diff --git a/etc/kayobe/kolla/kolla-build.conf b/etc/kayobe/kolla/kolla-build.conf index 95562f5c0..95692e5ef 100644 --- a/etc/kayobe/kolla/kolla-build.conf +++ b/etc/kayobe/kolla/kolla-build.conf @@ -16,3 +16,11 @@ build_args = {{ (kolla_build_args | default({})).items() | map('join', ':') | jo type = git location = https://github.com/stackhpc/requirements reference = stackhpc/{{ openstack_release }} + +[etcd] +version = 3.5.21 +sha256 = amd64:adddda4b06718e68671ffabff2f8cee48488ba61ad82900e639d108f2148501c,arm64:95bf6918623a097c0385b96f139d90248614485e781ec9bee4768dbb6c79c53f + +[letsencrypt-lego] +version = v4.23.1 +sha256 = amd64:1fd60b1fd59c239bed22719a5de402cb745d1f933540cb1ec196e2c03e6e8882,arm64:1114745108343286d4bff189b4bdee3cba9d07ebcacc673860d91ab951d31e0d diff --git a/etc/kayobe/pulp-repo-versions.yml b/etc/kayobe/pulp-repo-versions.yml index e2636862b..b9aebc40e 100644 --- a/etc/kayobe/pulp-repo-versions.yml +++ b/etc/kayobe/pulp-repo-versions.yml @@ -9,11 +9,11 @@ stackhpc_pulp_repo_centos_stream_9_storage_ceph_reef_version: 20240923T233036 stackhpc_pulp_repo_ceph_reef_debian_version: 20240925T152022 stackhpc_pulp_repo_docker_ce_ubuntu_jammy_version: 20241218T154614 stackhpc_pulp_repo_docker_ce_ubuntu_noble_version: 20250401T001425 -stackhpc_pulp_repo_elrepo_9_version: 20241129T235743 -stackhpc_pulp_repo_epel_9_version: 20241216T235733 -stackhpc_pulp_repo_grafana_version: 20241216T002739 -stackhpc_pulp_repo_opensearch_2_x_version: 20241106T010702 -stackhpc_pulp_repo_opensearch_dashboards_2_x_version: 20241106T010702 +stackhpc_pulp_repo_elrepo_9_version: 20250610T235426 +stackhpc_pulp_repo_epel_9_version: 20250615T000221 +stackhpc_pulp_repo_grafana_version: 20250615T005738 +stackhpc_pulp_repo_opensearch_2_x_version: 20250430T014638 +stackhpc_pulp_repo_opensearch_dashboards_2_x_version: 20250430T014638 stackhpc_pulp_repo_rhel9_rabbitmq_erlang_version: 20241217T002152 stackhpc_pulp_repo_rhel9_rabbitmq_server_version: 20241217T002152 stackhpc_pulp_repo_rhel_9_influxdb_version: 20241217T002152 @@ -47,6 +47,11 @@ stackhpc_pulp_repo_rocky_9_5_crb_version: 20241217T005008 stackhpc_pulp_repo_rocky_9_5_extras_version: 20241216T004230 stackhpc_pulp_repo_rocky_9_5_highavailability_version: 20241202T003154 stackhpc_pulp_repo_rocky_9_sig_security_common_version: 20241127T003858 +stackhpc_pulp_repo_rocky_9_6_appstream_version: 20250614T015933 +stackhpc_pulp_repo_rocky_9_6_baseos_version: 20250614T030644 +stackhpc_pulp_repo_rocky_9_6_crb_version: 20250614T015933 +stackhpc_pulp_repo_rocky_9_6_extras_version: 20250605T150141 +stackhpc_pulp_repo_rocky_9_6_highavailability_version: 20250605T150141 stackhpc_pulp_repo_ubuntu_cloud_archive_version: 20250416T042645 stackhpc_pulp_repo_ubuntu_jammy_security_version: 20250417T070229 stackhpc_pulp_repo_ubuntu_jammy_version: 20250417T070229 @@ -56,3 +61,7 @@ stackhpc_pulp_repo_rhel_9_4_doca_version: 20241211T153620 stackhpc_pulp_repo_rhel_9_4_doca_modules_version: 20241213T112245 stackhpc_pulp_repo_rhel_9_5_doca_version: 20241211T171301 stackhpc_pulp_repo_rhel_9_5_doca_modules_version: 20250115T150314 +##### NOTE: Dummy variables, currently no RL9.6 DOCA +stackhpc_pulp_repo_rhel_9_6_doca_modules_version: 00000000T000000 +stackhpc_pulp_repo_rhel_9_6_doca_version: 00000000T000000 +###### diff --git a/etc/kayobe/pulp.yml b/etc/kayobe/pulp.yml index 2397bd20e..82d3da049 100644 --- a/etc/kayobe/pulp.yml +++ b/etc/kayobe/pulp.yml @@ -242,8 +242,8 @@ stackhpc_pulp_distribution_deb_production: >- # Whether to sync Rocky Linux 9 packages. stackhpc_pulp_sync_rocky_9: "{{ os_distribution == 'rocky' }}" -# Rocky 9 minor version number. Supported values: 1, 2, 3, 4, 5. Default is 5 -stackhpc_pulp_repo_rocky_9_minor_version: 5 +# Rocky 9 minor version number. Supported values: 1, 2, 3, 4, 5, 6. Default is 6 +stackhpc_pulp_repo_rocky_9_minor_version: 6 # Rocky 9 Snapshot versions. The defaults use the appropriate version from # pulp-repo-versions.yml for the selected minor release. stackhpc_pulp_repo_rocky_9_appstream_version: "{{ lookup('vars', 'stackhpc_pulp_repo_rocky_9_%s_appstream_version' % stackhpc_pulp_repo_rocky_9_minor_version) }}" @@ -585,8 +585,6 @@ stackhpc_pulp_images_kolla: - rabbitmq - redis - redis-sentinel - - skyline-apiserver - - skyline-console # List of images for each base distribution which should not/cannot be built. stackhpc_kolla_unbuildable_images: @@ -730,7 +728,7 @@ stackhpc_pulp_repository_container_repos_openbao: policy: on_demand proxy_url: "{{ pulp_proxy_url }}" state: present - include_tags: "{{ overcloud_vault_docker_tag }}" + include_tags: "{{ overcloud_openbao_docker_tag }}" required: "{{ stackhpc_sync_openbao_images | bool }}" # List of OpenBao container image distributions. diff --git a/etc/kayobe/trivy/allowed-vulnerabilities.yml b/etc/kayobe/trivy/allowed-vulnerabilities.yml index 11356a930..579ed3194 100644 --- a/etc/kayobe/trivy/allowed-vulnerabilities.yml +++ b/etc/kayobe/trivy/allowed-vulnerabilities.yml @@ -16,8 +16,31 @@ fluentd_allowed_vulnerabilities: - CVE-2024-27280 grafana_allowed_vulnerabilities: - CVE-2024-8986 -skyline_apiserver_allowed_vulnerabilities: - - CVE-2024-33663 +influxdb_allowed_vulnerabilities: + - CVE-2024-45337 +magnum_conductor_allowed_vulnerabilities: + - CVE-2024-45337 +prometheus_blackbox_exporter_allowed_vulnerabilities: + - CVE-2024-45337 +prometheus_memcached_exporter_allowed_vulnerabilities: + - CVE-2024-45337 +prometheus_mysqld_exporter_allowed_vulnerabilities: + - CVE-2024-45337 +prometheus_elasticsearch_exporter_allowed_vulnerabilities: + - CVE-2024-45337 +prometheus_node_exporter_allowed_vulnerabilities: + - CVE-2024-45337 +prometheus_openstack_exporter_allowed_vulnerabilities: + - CVE-2024-45337 +prometheus_libvirt_exporter_allowed_vulnerabilities: + - CVE-2024-45337 +prometheus_cadvisor_allowed_vulnerabilities: + - CVE-2024-41110 + - CVE-2024-45337 +prometheus_msteams_allowed_vulnerabilities: + - CVE-2024-45337 +prometheus_v2_server_allowed_vulnerabilities: + - CVE-2024-45337 ############################################################################### # Dummy variable to allow Ansible to accept this file. diff --git a/releasenotes/notes/drop-skyline-support-31d683f58f125335.yaml b/releasenotes/notes/drop-skyline-support-31d683f58f125335.yaml new file mode 100644 index 000000000..60541ce0c --- /dev/null +++ b/releasenotes/notes/drop-skyline-support-31d683f58f125335.yaml @@ -0,0 +1,4 @@ +--- +deprecations: + - | + Disabled building of Kolla container images for Skyline diff --git a/releasenotes/notes/enable-building-skyline-61a41c13cfcd54a1.yaml b/releasenotes/notes/enable-building-skyline-61a41c13cfcd54a1.yaml deleted file mode 100644 index 681c338e6..000000000 --- a/releasenotes/notes/enable-building-skyline-61a41c13cfcd54a1.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - | - Enable building of ``Skyline`` an alternative to ``Horizon``. - diff --git a/releasenotes/notes/fix-openbao-include-tag-dfef2a0e731674f0.yaml b/releasenotes/notes/fix-openbao-include-tag-dfef2a0e731674f0.yaml new file mode 100644 index 000000000..0b3a889e5 --- /dev/null +++ b/releasenotes/notes/fix-openbao-include-tag-dfef2a0e731674f0.yaml @@ -0,0 +1,4 @@ +--- +fixes: + - | + Ensure that the correct tag is used for ``OpenBao`` repository in ``Pulp``. diff --git a/releasenotes/notes/rl9.6-f46ea1230214a657.yaml b/releasenotes/notes/rl9.6-f46ea1230214a657.yaml new file mode 100644 index 000000000..3213dd820 --- /dev/null +++ b/releasenotes/notes/rl9.6-f46ea1230214a657.yaml @@ -0,0 +1,8 @@ +--- +features: + - | + Added support for Rocky Linux 9.6, including host packages and a full + container image refresh. +upgrade: + - | + 9.6 is now the default release for Rocky Linux. diff --git a/requirements.txt b/requirements.txt index bcb2f7509..d01ee79d8 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1,3 @@ -kayobe@git+https://github.com/stackhpc/kayobe@stackhpc/16.6.0.10 +kayobe@git+https://github.com/stackhpc/kayobe@stackhpc/16.7.0.2 ansible-modules-hashivault>=5.2.1 jmespath