Merge branch 'stackhpc/2024.1' into 2024.1-ansible-lint-alex

stackhpc · Jan 9, 2025 · d997f87 · d997f87
2 parents adcbe22 + 76433b6
commit d997f87
Show file tree

Hide file tree

Showing 9 changed files with 45 additions and 47 deletions.
diff --git a/.github/workflows/multinode-inputs.py b/.github/workflows/multinode-inputs.py
@@ -26,7 +26,7 @@ class Scenario:
     openstack_release: OpenStackRelease
     os_release: OSRelease
     neutron_plugin: str
-    upgrade: bool
+    upgrade: str
 
 
 ROCKY_9 = OSRelease("rocky", "9", "cloud-user")
@@ -50,7 +50,7 @@ def random_scenario() -> Scenario:
     openstack_release = random.choice(OPENSTACK_RELEASES)
     os_release = random.choice(openstack_release.os_releases)
     neutron_plugin = random.choice(NEUTRON_PLUGINS)
-    upgrade = random.random() > 0.6
+    upgrade = 'major' if random.random() > 0.6 else 'none'
     return Scenario(openstack_release, os_release, neutron_plugin, upgrade)
 
 
@@ -62,7 +62,7 @@ def generate_inputs(scenario: Scenario) -> t.Dict[str, str]:
         "os_release": scenario.os_release.release,
         "ssh_username": scenario.os_release.ssh_username,
         "neutron_plugin": scenario.neutron_plugin,
-        "upgrade": str(scenario.upgrade).lower(),
+        "upgrade": scenario.upgrade,
         "stackhpc_kayobe_config_version": branch,
         "stackhpc_kayobe_config_previous_version": previous_branch,
     }

diff --git a/.github/workflows/stackhpc-multinode.yml b/.github/workflows/stackhpc-multinode.yml
@@ -27,8 +27,12 @@ name: Multinode
           - ovs
       upgrade:
         description: Whether to perform an upgrade
-        type: boolean
-        default: false
+        default: none
+        type: choice
+        options:
+          - none
+          - minor
+          - major
       break_on:
         description: When to break execution for manual interaction
         type: choice
@@ -52,7 +56,7 @@ name: Multinode
 jobs:
   multinode:
     name: Multinode
-    uses: stackhpc/stackhpc-openstack-gh-workflows/.github/workflows/multinode.yml@1.2.0
+    uses: stackhpc/stackhpc-openstack-gh-workflows/.github/workflows/multinode.yml@1.4.0
     with:
       multinode_name: ${{ inputs.multinode_name }}
       os_distribution: ${{ inputs.os_distribution }}
@@ -66,6 +70,6 @@ jobs:
       ssh_key: ${{ inputs.ssh_key }}
       stackhpc_kayobe_config_version: ${{ github.ref_name }}
       # NOTE(upgrade): Reference the PREVIOUS release here.
-      stackhpc_kayobe_config_previous_version: stackhpc/2023.1
+      stackhpc_kayobe_config_previous_version: ${{ inputs.upgrade == 'major' && 'stackhpc/2023.1' || 'stackhpc/2024.1' }}
       terraform_kayobe_multinode_version: ${{ inputs.terraform_kayobe_multinode_version }}
     secrets: inherit
diff --git a/etc/kayobe/ansible/requirements.yml b/etc/kayobe/ansible/requirements.yml
@@ -1,7 +1,7 @@
 ---
 collections:
   - name: stackhpc.cephadm
-    version: 1.18.0
+    version: 1.19.1
   # NOTE: Pinning pulp.squeezer to 0.0.13 because 0.0.14+ depends on the
   # pulp_glue Python library being installed.
   - name: pulp.squeezer

diff --git a/etc/kayobe/ansible/templates/wazuh-secrets.yml.j2 b/etc/kayobe/ansible/templates/wazuh-secrets.yml.j2
@@ -3,12 +3,12 @@
 # Store these securely and use lookups here
 secrets_wazuh:
   # Wazuh agent authd pass
-  authd_pass: "{{ secrets_wazuh.authd_pass | default(lookup('password', '/dev/null'), true) }}"
+  authd_pass: '{{ secrets_wazuh.authd_pass | default(lookup("password", "/dev/null"), true) }}'
   # Strengthen default wazuh api user pass
   wazuh_api_users:
     - username: "wazuh"
-      password: "{{ secrets_wazuh.wazuh_api_users[0].password | default(lookup('community.general.random_string', min_lower=1, min_upper=1, min_special=1, min_numeric=1, length=30, override_special=override_special_characters)) }}"
+      password: '{{ secrets_wazuh.wazuh_api_users[0].password | default(lookup("community.general.random_string", min_lower=1, min_upper=1, min_special=1, min_numeric=1, length=30, override_special=override_special_characters)) }}'
   # OpenSearch 'admin' user pass
-  opendistro_admin_password: "{{ secrets_wazuh.opendistro_admin_password | default(lookup('password', '/dev/null'), true) }}"
+  opendistro_admin_password: '{{ secrets_wazuh.opendistro_admin_password | default(lookup("password", "/dev/null"), true) }}'
   # OpenSearch 'kibanaserver' user pass
-  opendistro_kibana_password: "{{ secrets_wazuh.opendistro_kibana_password | default(lookup('password', '/dev/null'), true) }}"
+  opendistro_kibana_password: '{{ secrets_wazuh.opendistro_kibana_password | default(lookup("password", "/dev/null"), true) }}'
diff --git a/etc/kayobe/ansible/wazuh-manager.yml b/etc/kayobe/ansible/wazuh-manager.yml
@@ -107,19 +107,23 @@
           when:
             - custom_sca_policies_folder.stat.exists
             - custom_sca_policies.files | length > 0
-    - name: Set http/s_proxy vars in ossec-init.conf for vulnerability detector
+
+    - name: Add JVM proxy settings to wazuh-indexer
       ansible.builtin.blockinfile:
-        path: /var/ossec/etc/ossec.conf
+        path: /etc/wazuh-indexer/jvm.options
         state: present
         owner: root
-        group: ossec
+        group: wazuh
+        marker: "# {mark} ANSIBLE MANAGED BLOCK JVM PROXY SETTINGS"
         block: |
-          HTTPS_PROXY={{ http_proxy_url }}
-          HTTP_PROXY={{ http_proxy_url }}
+          -Dhttp.proxyHost={{ http_proxy_url | urlsplit('hostname') }}
+          -Dhttp.proxyPort={{ http_proxy_url | urlsplit('port') }}
+          -Dhttps.proxyHost={{ http_proxy_url | urlsplit('hostname') }}
+          -Dhttps.proxyPort={{ http_proxy_url | urlsplit('port') }}
         backup: true
       when: http_proxy_url is defined
       notify:
-        - Restart wazuh
+        - Restart wazuh-indexer
 
     - name: Perform health check against filebeat
       ansible.builtin.command: filebeat test output
@@ -131,3 +135,8 @@
       ansible.builtin.service:
         name: wazuh-manager
         state: restarted
+
+    - name: Restart wazuh-indexer
+      ansible.builtin.service:
+        name: wazuh-indexer
+        state: restarted
diff --git a/etc/kayobe/kolla-image-tags.yml b/etc/kayobe/kolla-image-tags.yml
@@ -5,28 +5,4 @@
 kolla_image_tags:
   openstack:
     rocky-9: 2024.1-rocky-9-20241218T141751
-    ubuntu-jammy: 2024.1-ubuntu-jammy-20240917T091559
-  blazar:
-    ubuntu-jammy: 2024.1-ubuntu-jammy-20241125T093138
-  cinder:
-    ubuntu-jammy: 2024.1-ubuntu-jammy-20241204T081836
-  nova:
-    ubuntu-jammy: 2024.1-ubuntu-jammy-20241004T094540
-  neutron:
-    ubuntu-jammy: 2024.1-ubuntu-jammy-20241203T232519
-  octavia:
-    ubuntu-jammy: 2024.1-ubuntu-jammy-20241004T094540
-  horizon:
-    ubuntu-jammy: 2024.1-ubuntu-jammy-20241202T210927
-  bifrost:
-    ubuntu-jammy: 2024.1-ubuntu-jammy-20241128T162336
-  ironic:
-    ubuntu-jammy: 2024.1-ubuntu-jammy-20241023T143407
-  ironic_dnsmasq:
-    ubuntu-jammy: 2024.1-ubuntu-jammy-20241023T143407
-  ironic_neutron_agent:
-    ubuntu-jammy: 2024.1-ubuntu-jammy-20241023T143407
-  letsencrypt:
-    ubuntu-jammy: 2024.1-ubuntu-jammy-20241206T090120
-  grafana:
-    ubuntu-jammy: 2024.1-ubuntu-jammy-20241128T123708
+    ubuntu-jammy: 2024.1-ubuntu-jammy-20241218T141809
diff --git a/etc/kayobe/pulp-repo-versions.yml b/etc/kayobe/pulp-repo-versions.yml
@@ -7,7 +7,7 @@ stackhpc_pulp_repo_centos_stream_9_openstack_caracal_version: 20241212T022636
 stackhpc_pulp_repo_centos_stream_9_opstools_version: 20231213T031318
 stackhpc_pulp_repo_centos_stream_9_storage_ceph_reef_version: 20240923T233036
 stackhpc_pulp_repo_ceph_reef_debian_version: 20240925T152022
-stackhpc_pulp_repo_docker_ce_ubuntu_jammy_version: 20240910T001721
+stackhpc_pulp_repo_docker_ce_ubuntu_jammy_version: 20241218T154614
 stackhpc_pulp_repo_elrepo_9_version: 20241129T235743
 stackhpc_pulp_repo_epel_9_version: 20241216T235733
 stackhpc_pulp_repo_grafana_version: 20241216T002739
@@ -46,6 +46,6 @@ stackhpc_pulp_repo_rocky_9_5_crb_version: 20241217T005008
 stackhpc_pulp_repo_rocky_9_5_extras_version: 20241216T004230
 stackhpc_pulp_repo_rocky_9_5_highavailability_version: 20241202T003154
 stackhpc_pulp_repo_rocky_9_sig_security_common_version: 20241127T003858
-stackhpc_pulp_repo_ubuntu_cloud_archive_version: 20240911T041957
-stackhpc_pulp_repo_ubuntu_jammy_security_version: 20240924T064114
-stackhpc_pulp_repo_ubuntu_jammy_version: 20240924T064114
+stackhpc_pulp_repo_ubuntu_cloud_archive_version: 20241217T045049
+stackhpc_pulp_repo_ubuntu_jammy_security_version: 20241217T071258
+stackhpc_pulp_repo_ubuntu_jammy_version: 20241217T071258
diff --git a/releasenotes/notes/bump-ansible-collection-cephadm-2a6c988a34b192a6.yaml b/releasenotes/notes/bump-ansible-collection-cephadm-2a6c988a34b192a6.yaml
@@ -0,0 +1,4 @@
+---
+features:
+  - |
+    Updates the StackHPC Cephadm Ansible collection from 1.18.0 to 1.19.1.
diff --git a/releasenotes/notes/ubuntu-refresh-december-998f4c2d2bd0032b.yaml b/releasenotes/notes/ubuntu-refresh-december-998f4c2d2bd0032b.yaml
@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Refreshed all Ubuntu host package versions and contianer images for
+    December 2024.