Merge pull request #630 from stackhpc/yoga/ubuntu-snapshots-2023-09-08

markgoddard · web-flow · commit aa457302f5e1 · 2023-09-20T16:40:22.000+01:00
Bump ubuntu snapshots
diff --git a/etc/kayobe/environments/ci-builder/stackhpc-ci.yml b/etc/kayobe/environments/ci-builder/stackhpc-ci.yml
@@ -18,6 +18,7 @@ kolla_enable_etcd: true
 kolla_enable_grafana: true
 kolla_enable_influxdb: true
 kolla_enable_ironic: true
+kolla_enable_kibana: "{{ kolla_base_distro not in ['rocky'] }}"
 kolla_enable_magnum: true
 kolla_enable_manila: true
 kolla_enable_mariabackup: true
diff --git a/etc/kayobe/kolla/globals.yml b/etc/kayobe/kolla/globals.yml
@@ -16,52 +16,39 @@ kayobe_image_tags:
   openstack:
     centos: yoga-20230905T130221
     rocky: yoga-20230310T170929
-    ubuntu: yoga-20230220T181235
+    ubuntu: yoga-20230913T160015
   bifrost:
     rocky: yoga-20230310T194732
-    ubuntu: yoga-20230220T184947
   blazar:
     rocky: yoga-20230315T130918
-    ubuntu: yoga-20230315T125441
   caso:
     rocky: yoga-20230315T130918
-    ubuntu: yoga-20230315T125441
   grafana:
     rocky: yoga-20230419T111514
-    ubuntu: yoga-20230426T084340
   ironic:
     rocky: yoga-20230316T170311
-    ubuntu: yoga-20230316T154704
   ironic_dnsmasq:
     rocky: yoga-20230310T170929
-    ubuntu: yoga-20230220T181235
   kibana:
     centos: yoga-20230907T152300
   magnum:
     rocky: yoga-20230825T142202
-    ubuntu: yoga-20230825T142202
   neutron:
     rocky: yoga-20230728T081242
-    ubuntu: yoga-20230728T081242
   nova:
     rocky: yoga-20230718T112646
-    ubuntu: yoga-20230718T112646
   nova_libvirt:
     # Live-migration is broken from qemu-kvm-6.2.0-20.module_el8.7.0+1218+f626c2ff to qemu-kvm-6.2.0-39.module_el8+669+76cc32af
     # with signature: `Missing section footer for 0000:00:01.3/piix4_pm`. Test carefully before bumping.
-    centos: yoga-20230718T112646    
+    centos: yoga-20230718T112646
   octavia:
     rocky: yoga-20230523T110936
-    ubuntu: yoga-20230523T110936
   openvswitch:
     rocky: yoga-20230515T150233
-    ubuntu: yoga-20230515T150233
   ovn:
     rocky: yoga-20230515T150233
-    ubuntu: yoga-20230515T150233
   prometheus_node_exporter:
     rocky: yoga-20230315T170614
-    ubuntu: yoga-20230315T170541
 
 bifrost_tag: "{% raw %}{{ kayobe_image_tags['bifrost'][kolla_base_distro] | default(openstack_tag) }}{% endraw %}"
 blazar_tag: "{% raw %}{{ kayobe_image_tags['blazar'][kolla_base_distro] | default(openstack_tag) }}{% endraw %}"
diff --git a/etc/kayobe/pulp-repo-versions.yml b/etc/kayobe/pulp-repo-versions.yml
@@ -16,7 +16,7 @@ stackhpc_pulp_repo_centos_stream_9_nfv_openvswitch_version: 20230510T072502
 stackhpc_pulp_repo_centos_stream_9_openstack_yoga_version: 20230310T163106
 stackhpc_pulp_repo_centos_stream_9_opstools_version: 20230301T034123
 stackhpc_pulp_repo_centos_stream_9_storage_ceph_pacific_version: 20230308T155704
-stackhpc_pulp_repo_docker_ce_ubuntu_version: 20230811T005529
+stackhpc_pulp_repo_docker_ce_ubuntu_version: 20230908T013529
 stackhpc_pulp_repo_docker_version: 20230801T003759
 stackhpc_pulp_repo_elasticsearch_logstash_kibana_7_x_version: 20230727T144020
 stackhpc_pulp_repo_epel_9_version: 20230302T031902
@@ -51,8 +51,8 @@ stackhpc_pulp_repo_rocky_9_2_crb_version: 20230825T131407
 stackhpc_pulp_repo_rocky_9_2_extras_version: 20230825T131407
 stackhpc_pulp_repo_rocky_9_2_highavailability_version: 20230805T012805
 stackhpc_pulp_repo_treasuredata_4_version: 20230903T003752
-stackhpc_pulp_repo_ubuntu_cloud_archive_version: 20230811T105337
-stackhpc_pulp_repo_ubuntu_focal_security_version: 20230825T083004
-stackhpc_pulp_repo_ubuntu_focal_version: 20230825T083004
-stackhpc_pulp_repo_ubuntu_jammy_security_version: 20230811T044829
-stackhpc_pulp_repo_ubuntu_jammy_version: 20230811T044829
+stackhpc_pulp_repo_ubuntu_cloud_archive_version: 20230908T112533
+stackhpc_pulp_repo_ubuntu_focal_security_version: 20230908T101641
+stackhpc_pulp_repo_ubuntu_focal_version: 20230908T101641
+stackhpc_pulp_repo_ubuntu_jammy_security_version: 20230908T053616
+stackhpc_pulp_repo_ubuntu_jammy_version: 20230908T053616
diff --git a/releasenotes/notes/bump-ubuntu-snapshots-2023-09-15-22ca5250d40bd5b6.yaml b/releasenotes/notes/bump-ubuntu-snapshots-2023-09-15-22ca5250d40bd5b6.yaml
@@ -0,0 +1,8 @@
+---
+security:
+  - |
+    Bumps Ubuntu repository snapshots and container images to bring in latest
+    security patches. This includes the microcode to patch Inception
+    (CVE-2023-20569) and Downfall (CVE-2022-40982). Zenbleed (CVE-2023-20593)
+    was patched in the previous snapshot bump. To apply the microcode updates,
+    it is recommended to reboot each host after upgrading all of the packages.
