Merge branch 'stackhpc/2024.1' into unpin_magnum

Author: Alex-Welsh

.github/workflows/ipa-image-build.yml

@@ -76,7 +76,7 @@ jobs:
           pip install -r ../src/kayobe-config/requirements.txt
 
       - name: Install terraform
-        uses: hashicorp/setup-terraform@v3
+        uses: hashicorp/setup-terraform@v2
 
       - name: Initialise terraform
         run: terraform init
@@ -206,7 +206,8 @@ jobs:
           kayobe overcloud deployment image build --force-rebuild \
           -e os_distribution="ubuntu" \
           -e os_release="jammy" \
-          -e ipa_ci_builder_distribution="ubuntu"
+          -e ipa_ci_builder_distribution="ubuntu" \
+          -e ipa_ci_builder_release="jammy"
         env:
           KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }}
         if: inputs.ubuntu-jammy
@@ -264,7 +265,8 @@ jobs:
           kayobe overcloud deployment image build --force-rebuild \
           -e os_distribution="rocky" \
           -e os_release="9" \
-          -e ipa_ci_builder_distribution="rocky"
+          -e ipa_ci_builder_distribution="rocky" \
+          -e ipa_ci_builder_release="9"
         env:
           KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }}
         if: inputs.rocky9

.github/workflows/multinode-inputs.py

@@ -26,7 +26,7 @@ class Scenario:
     openstack_release: OpenStackRelease
     os_release: OSRelease
     neutron_plugin: str
-    upgrade: bool
+    upgrade: str
 
 
 ROCKY_9 = OSRelease("rocky", "9", "cloud-user")
@@ -50,7 +50,7 @@ def random_scenario() -> Scenario:
     openstack_release = random.choice(OPENSTACK_RELEASES)
     os_release = random.choice(openstack_release.os_releases)
     neutron_plugin = random.choice(NEUTRON_PLUGINS)
-    upgrade = random.random() > 0.6
+    upgrade = 'major' if random.random() > 0.6 else 'none'
     return Scenario(openstack_release, os_release, neutron_plugin, upgrade)
 
 
@@ -62,7 +62,7 @@ def generate_inputs(scenario: Scenario) -> t.Dict[str, str]:
         "os_release": scenario.os_release.release,
         "ssh_username": scenario.os_release.ssh_username,
         "neutron_plugin": scenario.neutron_plugin,
-        "upgrade": str(scenario.upgrade).lower(),
+        "upgrade": scenario.upgrade,
         "stackhpc_kayobe_config_version": branch,
         "stackhpc_kayobe_config_previous_version": previous_branch,
     }

.github/workflows/stackhpc-multinode.yml

@@ -27,8 +27,12 @@ name: Multinode
           - ovs
       upgrade:
         description: Whether to perform an upgrade
-        type: boolean
-        default: false
+        default: none
+        type: choice
+        options:
+          - none
+          - minor
+          - major
       break_on:
         description: When to break execution for manual interaction
         type: choice
@@ -52,7 +56,7 @@ name: Multinode
 jobs:
   multinode:
     name: Multinode
-    uses: stackhpc/stackhpc-openstack-gh-workflows/.github/workflows/multinode.yml@1.2.0
+    uses: stackhpc/stackhpc-openstack-gh-workflows/.github/workflows/multinode.yml@1.4.0
     with:
       multinode_name: ${{ inputs.multinode_name }}
       os_distribution: ${{ inputs.os_distribution }}
@@ -66,6 +70,6 @@ jobs:
       ssh_key: ${{ inputs.ssh_key }}
       stackhpc_kayobe_config_version: ${{ github.ref_name }}
       # NOTE(upgrade): Reference the PREVIOUS release here.
-      stackhpc_kayobe_config_previous_version: stackhpc/2023.1
+      stackhpc_kayobe_config_previous_version: ${{ inputs.upgrade == 'major' && 'stackhpc/2023.1' || 'stackhpc/2024.1' }}
       terraform_kayobe_multinode_version: ${{ inputs.terraform_kayobe_multinode_version }}
     secrets: inherit

etc/kayobe/ansible/pulp-artifact-upload.yml

@@ -142,21 +142,6 @@
       retries: 3
       delay: 5
 
-    - name: Update distribution for latest version
-      pulp.squeezer.file_distribution:
-        pulp_url: "{{ remote_pulp_url }}"
-        username: "{{ remote_pulp_username }}"
-        password: "{{ remote_pulp_password }}"
-        name: "{{ repository_name }}_latest"
-        base_path: "{{ pulp_base_path }}/latest"
-        publication: "{{ publication_details.publication.pulp_href }}"
-        content_guard: development
-        state: present
-      register: latest_distribution_details
-      until: latest_distribution_details is success
-      retries: 3
-      delay: 5
-
     - name: Create distribution for given version
       pulp.squeezer.file_distribution:
         pulp_url: "{{ remote_pulp_url }}"
@@ -167,7 +152,6 @@
         publication: "{{ publication_details.publication.pulp_href }}"
         content_guard: development
         state: present
-      when: latest_distribution_details.changed
       register: distribution_result
       until: distribution_result is success
       retries: 3
@@ -180,26 +164,11 @@
         {{ artifact_tag }}/{{ found_files.files[0].path | basename }}"
         create: true
 
-    - name: Update new artifacts file with latest path
-      lineinfile:
-        path: /tmp/updated_artifacts.txt
-        line: "{{ remote_pulp_url }}/pulp/content/{{ pulp_base_path }}/\
-        latest/{{ found_files.files[0].path | basename }}"
-      when: latest_distribution_details.changed
-
     - name: Print versioned path
       debug:
         msg: "New versioned path: {{ remote_pulp_url }}/pulp/content/{{ pulp_base_path }}/\
         {{ artifact_tag }}/{{ found_files.files[0].path | basename }}"
-      when: latest_distribution_details.changed
-
-    - name: Print latest path
-      debug:
-        msg: "New latest path: {{ remote_pulp_url }}/pulp/content/{{ pulp_base_path }}/\
-        latest/{{ found_files.files[0].path | basename }}"
-      when: latest_distribution_details.changed
 
     - name: Print version tag
       debug:
         msg: "New tag: {{ artifact_tag }}"
-      when: latest_distribution_details.changed

etc/kayobe/ansible/requirements.yml

@@ -1,7 +1,7 @@
 ---
 collections:
   - name: stackhpc.cephadm
-    version: 1.18.0
+    version: 1.19.1
   # NOTE: Pinning pulp.squeezer to 0.0.13 because 0.0.14+ depends on the
   # pulp_glue Python library being installed.
   - name: pulp.squeezer

etc/kayobe/ansible/templates/wazuh-secrets.yml.j2

@@ -3,12 +3,12 @@
 # Store these securely and use lookups here
 secrets_wazuh:
   # Wazuh agent authd pass
-  authd_pass: "{{ secrets_wazuh.authd_pass | default(lookup('password', '/dev/null'), true) }}"
+  authd_pass: '{{ secrets_wazuh.authd_pass | default(lookup("password", "/dev/null"), true) }}'
   # Strengthen default wazuh api user pass
   wazuh_api_users:
     - username: "wazuh"
-      password: "{{ secrets_wazuh.wazuh_api_users[0].password | default(lookup('community.general.random_string', min_lower=1, min_upper=1, min_special=1, min_numeric=1, length=30, override_special=override_special_characters)) }}"
+      password: '{{ secrets_wazuh.wazuh_api_users[0].password | default(lookup("community.general.random_string", min_lower=1, min_upper=1, min_special=1, min_numeric=1, length=30, override_special=override_special_characters)) }}'
   # OpenSearch 'admin' user pass
-  opendistro_admin_password: "{{ secrets_wazuh.opendistro_admin_password | default(lookup('password', '/dev/null'), true) }}"
+  opendistro_admin_password: '{{ secrets_wazuh.opendistro_admin_password | default(lookup("password", "/dev/null"), true) }}'
   # OpenSearch 'kibanaserver' user pass
-  opendistro_kibana_password: "{{ secrets_wazuh.opendistro_kibana_password | default(lookup('password', '/dev/null'), true) }}"
+  opendistro_kibana_password: '{{ secrets_wazuh.opendistro_kibana_password | default(lookup("password", "/dev/null"), true) }}'

etc/kayobe/ansible/wazuh-manager.yml

@@ -102,19 +102,22 @@
       notify:
         - Restart wazuh
 
-    - name: Set http/s_proxy vars in ossec-init.conf for vulnerability detector
+    - name: Add JVM proxy settings to wazuh-indexer
       blockinfile:
-        path: "/var/ossec/etc/ossec.conf"
+        path: "/etc/wazuh-indexer/jvm.options"
         state: present
         owner: root
-        group: ossec
+        group: wazuh
+        marker: "# {mark} ANSIBLE MANAGED BLOCK JVM PROXY SETTINGS"
         block: |
-          HTTPS_PROXY={{ http_proxy_url }}
-          HTTP_PROXY={{ http_proxy_url }}
+          -Dhttp.proxyHost={{ http_proxy_url | urlsplit('hostname') }}
+          -Dhttp.proxyPort={{ http_proxy_url | urlsplit('port') }}
+          -Dhttps.proxyHost={{ http_proxy_url | urlsplit('hostname') }}
+          -Dhttps.proxyPort={{ http_proxy_url | urlsplit('port') }}
         backup: yes
       when: http_proxy_url is defined
       notify:
-        - Restart wazuh
+        - Restart wazuh-indexer
 
     - name: Perform health check against filebeat
       command: filebeat test output
@@ -126,3 +129,8 @@
       service:
         name: wazuh-manager
         state: restarted
+
+    - name: Restart wazuh-indexer
+      service:
+        name: wazuh-indexer
+        state: restarted

etc/kayobe/environments/ci-builder/stackhpc-ci.yml

@@ -101,6 +101,7 @@ stackhpc_release_pulp_password: "{{ stackhpc_docker_registry_password }}"
 ipa_build_images: true
 ipa_build_dib_env_extra:
   DISTRO_NAME: "{{ ipa_ci_builder_distribution | default('ubuntu') }}"
+  DIB_RELEASE: "{{ ipa_ci_builder_release | default('jammy') }}"
 
 # Ensure Ark repos are disabled during CI runs, this is due to
 # builder being a member of the 'overcloud' group for IPA builds.

etc/kayobe/kolla-image-tags.yml

@@ -5,31 +5,7 @@
 kolla_image_tags:
   openstack:
     rocky-9: 2024.1-rocky-9-20241218T141751
-    ubuntu-jammy: 2024.1-ubuntu-jammy-20240917T091559
-  blazar:
-    ubuntu-jammy: 2024.1-ubuntu-jammy-20241125T093138
-  cinder:
-    ubuntu-jammy: 2024.1-ubuntu-jammy-20241204T081836
+    ubuntu-jammy: 2024.1-ubuntu-jammy-20241218T141809
   magnum:
     rocky-9: 2024.1-rocky-9-20250102T094625
     ubuntu-jammy: 2024.1-ubuntu-jammy-20250102T094625
-  nova:
-    ubuntu-jammy: 2024.1-ubuntu-jammy-20241004T094540
-  neutron:
-    ubuntu-jammy: 2024.1-ubuntu-jammy-20241203T232519
-  octavia:
-    ubuntu-jammy: 2024.1-ubuntu-jammy-20241004T094540
-  horizon:
-    ubuntu-jammy: 2024.1-ubuntu-jammy-20241202T210927
-  bifrost:
-    ubuntu-jammy: 2024.1-ubuntu-jammy-20241128T162336
-  ironic:
-    ubuntu-jammy: 2024.1-ubuntu-jammy-20241023T143407
-  ironic_dnsmasq:
-    ubuntu-jammy: 2024.1-ubuntu-jammy-20241023T143407
-  ironic_neutron_agent:
-    ubuntu-jammy: 2024.1-ubuntu-jammy-20241023T143407
-  letsencrypt:
-    ubuntu-jammy: 2024.1-ubuntu-jammy-20241206T090120
-  grafana:
-    ubuntu-jammy: 2024.1-ubuntu-jammy-20241128T123708

etc/kayobe/pulp-ipa-image-versions.yml

@@ -1,4 +1,4 @@
 ---
 # IPA image versioning tags
-stackhpc_rocky_9_ipa_image_version: "2024.1-20241206T160829"
+stackhpc_rocky_9_ipa_image_version: "2024.1-20241231T102920"
 stackhpc_ubuntu_jammy_ipa_image_version: "2024.1-20241206T160829"

etc/kayobe/pulp-repo-versions.yml

@@ -7,7 +7,7 @@ stackhpc_pulp_repo_centos_stream_9_openstack_caracal_version: 20241212T022636
 stackhpc_pulp_repo_centos_stream_9_opstools_version: 20231213T031318
 stackhpc_pulp_repo_centos_stream_9_storage_ceph_reef_version: 20240923T233036
 stackhpc_pulp_repo_ceph_reef_debian_version: 20240925T152022
-stackhpc_pulp_repo_docker_ce_ubuntu_jammy_version: 20240910T001721
+stackhpc_pulp_repo_docker_ce_ubuntu_jammy_version: 20241218T154614
 stackhpc_pulp_repo_elrepo_9_version: 20241129T235743
 stackhpc_pulp_repo_epel_9_version: 20241216T235733
 stackhpc_pulp_repo_grafana_version: 20241216T002739
@@ -46,6 +46,6 @@ stackhpc_pulp_repo_rocky_9_5_crb_version: 20241217T005008
 stackhpc_pulp_repo_rocky_9_5_extras_version: 20241216T004230
 stackhpc_pulp_repo_rocky_9_5_highavailability_version: 20241202T003154
 stackhpc_pulp_repo_rocky_9_sig_security_common_version: 20241127T003858
-stackhpc_pulp_repo_ubuntu_cloud_archive_version: 20240911T041957
-stackhpc_pulp_repo_ubuntu_jammy_security_version: 20240924T064114
-stackhpc_pulp_repo_ubuntu_jammy_version: 20240924T064114
+stackhpc_pulp_repo_ubuntu_cloud_archive_version: 20241217T045049
+stackhpc_pulp_repo_ubuntu_jammy_security_version: 20241217T071258
+stackhpc_pulp_repo_ubuntu_jammy_version: 20241217T071258

releasenotes/notes/bump-ansible-collection-cephadm-2a6c988a34b192a6.yaml

@@ -0,0 +1,4 @@
+---
+features:
+  - |
+    Updates the StackHPC Cephadm Ansible collection from 1.18.0 to 1.19.1.

releasenotes/notes/ubuntu-refresh-december-998f4c2d2bd0032b.yaml

@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Refreshed all Ubuntu host package versions and contianer images for
+    December 2024.