Merge pull request #1062 from stackhpc/q2-package-container-update-2023.1

Q2 package container update 2023.1

Author: markgoddard

etc/kayobe/kolla-image-tags.yml

@@ -4,28 +4,19 @@
 # where the key is the OS distro and the value is the tag to deploy.
 kolla_image_tags:
   openstack:
-    rocky-9: 2023.1-rocky-9-20240202T105928
-    ubuntu-jammy: 2023.1-ubuntu-jammy-20240129T151608
+    rocky-9: 2023.1-rocky-9-20240423T125905
+    ubuntu-jammy: 2023.1-ubuntu-jammy-20240423T125905
   cloudkitty:
-    rocky-9: 2023.1-rocky-9-20240429T091159
-    ubuntu-jammy: 2023.1-ubuntu-jammy-20240429T091159
+    rocky-9: 2023.1-rocky-9-20240509T111619
+    ubuntu-jammy: 2023.1-ubuntu-jammy-20240509T111619
   haproxy_ssh:
-    rocky-9: 2023.1-rocky-9-20240205T162323
-    ubuntu-jammy: 2023.1-ubuntu-jammy-20240221T133905
-  heat:
-    rocky-9: 2023.1-rocky-9-20240319T134201
-    ubuntu-jammy: 2023.1-ubuntu-jammy-20240319T134201
-  horizon:
-    ubuntu-jammy: 2023.1-ubuntu-jammy-20240402T104530
+    rocky-9: 2023.1-rocky-9-20240509T102329
+    ubuntu-jammy: 2023.1-ubuntu-jammy-20240509T102329
   letsencrypt:
-    rocky-9: 2023.1-rocky-9-20240205T162323
-    ubuntu-jammy: 2023.1-ubuntu-jammy-20240221T133905
+    rocky-9: 2023.1-rocky-9-20240509T102329
+    ubuntu-jammy: 2023.1-ubuntu-jammy-20240509T102329
   magnum:
-    rocky-9: 2023.1-rocky-9-20240422T152338
-    ubuntu-jammy: 2023.1-ubuntu-jammy-20240422T152338
-  neutron:
-    rocky-9: 2023.1-rocky-9-20240202T145927
-    ubuntu-jammy: 2023.1-ubuntu-jammy-20240221T103817
-  grafana:
-    rocky-9: 2023.1-rocky-9-20240313T165255
-    ubuntu-jammy: 2023.1-ubuntu-jammy-20240313T165255
+    rocky-9: 2023.1-rocky-9-20240509T111619
+    ubuntu-jammy: 2023.1-ubuntu-jammy-20240509T111619
+  opensearch:
+    ubuntu-jammy: 2023.1-ubuntu-jammy-20240509T094444

etc/kayobe/kolla.yml

@@ -316,8 +316,12 @@ kolla_build_blocks:
         fi
     {% endif %}
     {% endif %}
+  kolla_toolbox_header: |
+    ENV UPPER_CONSTRAINTS_FILE=https://raw.githubusercontent.com/stackhpc/requirements/stackhpc/{{ openstack_release }}/upper-constraints.txt
   bifrost_base_header: |
     ADD additions-archive /
+    ENV ANSIBLE_PIP_VERSION='>=8,<9'
+    ENV TOX_CONSTRAINTS_FILE=/requirements/upper-constraints.txt
   grafana_plugins_install: |
     RUN grafana-cli plugins install vonage-status-panel \
         && grafana-cli plugins install grafana-piechart-panel \
@@ -331,6 +335,88 @@ kolla_build_blocks:
     {% set magnum_capi_packages = ['git+https://github.com/stackhpc/[email protected]'] %}
     RUN {{ macros.install_pip(magnum_capi_packages | customizable("pip_packages")) }}
     {% endraw %}
+  prometheus_alertmanager_repository_version: | # 2023.1 kolla has 0.24.0
+    {% raw %}
+    ARG prometheus_alertmanager_version=0.26.0
+    ARG prometheus_alertmanager_archive=alertmanager-${prometheus_alertmanager_version}.linux-{{debian_arch}}.tar.gz
+    ARG prometheus_alertmanager_sha256sums_url=https://github.com/prometheus/alertmanager/releases/download/v${prometheus_alertmanager_version}/sha256sums.txt
+    ARG prometheus_alertmanager_download_url=https://github.com/prometheus/alertmanager/releases/download/v${prometheus_alertmanager_version}/${prometheus_alertmanager_archive}
+    {% endraw %}
+  prometheus_blackbox_exporter_repository_version: | # 2023.1 kolla has 0.23.0
+    {% raw %}
+    ARG blackbox_exporter_version=0.25.0
+    ARG blackbox_exporter_url=https://github.com/prometheus/blackbox_exporter/releases/download/v${blackbox_exporter_version}/blackbox_exporter-${blackbox_exporter_version}.linux-{{debian_arch}}.tar.gz
+    {% endraw %}
+  prometheus_cadvisor_repository_version: | # 2023.1 kolla has 0.48.0
+    {% raw %}
+    ARG prometheus_cadvisor_version=0.49.1
+    {% if debian_arch == 'arm64' %}
+    ARG prometheus_cadvisor_sha256sum=c535f46d789599f25c7c680af193d4402da27a98d9828eb2ec916af6256e0c0c
+    {% else %}
+    ARG prometheus_cadvisor_sha256sum=1d5cc701a3fcdf1e8ed1c86da5304b896a6997d9e6673139e78a6f87812495b0
+    {% endif %}
+    ARG prometheus_cadvisor_url=https://github.com/google/cadvisor/releases/download/v${prometheus_cadvisor_version}/cadvisor-v${prometheus_cadvisor_version}-linux-{{debian_arch}}
+    {% endraw %}
+  haproxy_exporter_repository_version: | # 2023.1 kolla has 0.13.0
+    {% raw %}
+    ARG haproxy_exporter_version=0.15.0
+    ARG haproxy_exporter_url=https://github.com/prometheus/haproxy_exporter/releases/download/v${haproxy_exporter_version}/haproxy_exporter-${haproxy_exporter_version}.linux-{{debian_arch}}.tar.gz
+    {% endraw %}
+  prometheus_memcached_exporter_repository_version: | #  2023.1 kolla has 0.10.0
+    {% raw %}
+    ARG memcached_exporter_version=0.14.3
+    ARG memcached_exporter_url=https://github.com/prometheus/memcached_exporter/releases/download/v${memcached_exporter_version}/memcached_exporter-${memcached_exporter_version}.linux-{{debian_arch}}.tar.gz
+    {% endraw %}
+  prometheus_msteams_repository_version: | # 2023.1 kolla has 1.5.1
+    {% raw %}
+    ARG prometheus_msteams_version=1.5.2
+    ARG prometheus_msteams_sha256sum=0f4df9ee31e655d1ec876ea2c53ab5ae5b07143ef21b9190e61b4d52839e135c
+    ARG prometheus_msteams_url=https://github.com/prometheus-msteams/prometheus-msteams/releases/download/v${prometheus_msteams_version}/prometheus-msteams-linux-{{debian_arch}}
+    {% endraw %}
+  prometheus_mtail_version: | # 2023.1 kolla has 3.0.0-rc50
+    {% raw %}
+    ARG prometheus_mtail_version=3.0.0-rc53
+    ARG prometheus_mtail_url=https://github.com/google/mtail/releases/download/v${prometheus_mtail_version}/mtail_${prometheus_mtail_version}_linux_{{debian_arch}}.tar.gz
+    {% endraw %}
+  mysqld_exporter_repository_version: | # 2023.1 kolla has 0.15.0
+    {% raw %}
+    ARG mysqld_exporter_version=0.15.1
+    ARG mysqld_exporter_url=https://github.com/prometheus/mysqld_exporter/releases/download/v${mysqld_exporter_version}/mysqld_exporter-${mysqld_exporter_version}.linux-{{debian_arch}}.tar.gz
+    {% endraw %}
+  node_exporter_repository_version: | # 2023.1 kolla has 1.4.0
+    {% raw %}
+    ARG node_exporter_version=1.7.0
+    {% if debian_arch == 'arm64' %}
+    ARG node_exporter_sha256sum=e386c7b53bc130eaf5e74da28efc6b444857b77df8070537be52678aefd34d96
+    {% else %}
+    ARG node_exporter_sha256sum=a550cd5c05f760b7934a2d0afad66d2e92e681482f5f57a917465b1fba3b02a6
+    {% endif %}
+    ARG node_exporter_url=https://github.com/prometheus/node_exporter/releases/download/v{$node_exporter_version}/node_exporter-${node_exporter_version}.linux-{{debian_arch}}.tar.gz
+    {% endraw %}
+  prometheus_openstack_exporter_repository_version: | # 2023.1 kolla has 1.6.0
+    {% raw %}
+    ARG prometheus_openstack_exporter_version=1.7.0
+    ARG prometheus_openstack_exporter_url=https://github.com/openstack-exporter/openstack-exporter/releases/download/v${prometheus_openstack_exporter_version}/openstack-exporter_${prometheus_openstack_exporter_version}_linux_{{debian_arch}}.tar.gz
+    {% endraw %}
+  prometheus_ovn_exporter_repository_version: | # 2023.1 kolla has 1.0.6
+    {% raw %}
+    {% if base_arch == 'x86_64' %}
+    ARG ovn_arch=amd64
+    {% elif base_arch == 'aarch64' %}
+    ARG ovn_arch=arm64
+    {% endif %}
+    ARG prometheus_ovn_version=1.0.7
+    ARG prometheus_ovn_cksum_url=https://github.com/greenpau/ovn_exporter/releases/download/v${prometheus_ovn_version}/checksums.txt
+    ARG ovn_exporter_tgz=ovn-exporter_${prometheus_ovn_version}_linux_${ovn_arch}.tar.gz
+    ARG prometheus_ovn_url=https://github.com/greenpau/ovn_exporter/releases/download/v${prometheus_ovn_version}/${ovn_exporter_tgz}
+    {% endraw %}
+  prometheus_v2_server_repository_version: | # 2023.1 kolla has 2.38.0
+    {% raw %}
+    ARG prometheus_version=2.51.1
+    ARG prometheus_url=https://github.com/prometheus/prometheus/releases/download/v${prometheus_version}/prometheus-${prometheus_version}.linux-{{debian_arch}}.tar.gz
+    {% endraw %}
+
+
 # Dict mapping image customization variable names to their values.
 # Each variable takes the form:
 # <image name>_<customization>_<operation>
@@ -367,8 +453,7 @@ kolla_build_customizations: "{{ kolla_build_customizations_common | combine(koll
 
 # Dict mapping Kolla Dockerfile ARG names to their values.
 kolla_build_args:
-  node_exporter_version: "1.5.0"  # kolla has 1.4.0
-  node_exporter_sha256sum: "af999fd31ab54ed3a34b9f0b10c28e9acee9ef5ac5a5d5edfdde85437db7acbb"
+  placeholder: "placeholder"
 
 ###############################################################################
 # Kolla-ansible inventory configuration.

etc/kayobe/pulp-host-image-versions.yml

@@ -2,4 +2,4 @@
 # Overcloud host image versioning tags
 # These images must be in SMS, since they are used by our AIO CI runners
 stackhpc_rocky_9_overcloud_host_image_version: "2023.1-20240126T093158"
-stackhpc_ubuntu_jammy_overcloud_host_image_version: "zed-20231013T123933"
+stackhpc_ubuntu_jammy_overcloud_host_image_version: "2023.1-20240325T130221"

etc/kayobe/pulp-repo-versions.yml

@@ -1,36 +1,36 @@
 ---
 # Do not edit! This file is autogenerated by Ansible.
-stackhpc_pulp_repo_centos_stream_9_docker_version: 20230919T015626
-stackhpc_pulp_repo_centos_stream_9_nfv_openvswitch_version: 20230929T005202
-stackhpc_pulp_repo_centos_stream_9_openstack_antelope_version: 20230912T101324
-stackhpc_pulp_repo_centos_stream_9_opstools_version: 20230615T071742
-stackhpc_pulp_repo_centos_stream_9_storage_ceph_quincy_version: 20230712T025152
+stackhpc_pulp_repo_centos_stream_9_docker_version: 20240412T001239
+stackhpc_pulp_repo_centos_stream_9_nfv_openvswitch_version: 20240406T233848
+stackhpc_pulp_repo_centos_stream_9_openstack_antelope_version: 20240417T235558
+stackhpc_pulp_repo_centos_stream_9_opstools_version: 20231213T031318
+stackhpc_pulp_repo_centos_stream_9_storage_ceph_quincy_version: 20231104T015751
 stackhpc_pulp_repo_docker_ce_ubuntu_version: 20231020T014922
-stackhpc_pulp_repo_elrepo_9_version: 20230907T075311
-stackhpc_pulp_repo_epel_9_version: 20231020T014922
-stackhpc_pulp_repo_grafana_version: 20231020T014922
-stackhpc_pulp_repo_opensearch_2_x_version: 20231202T013234
-stackhpc_pulp_repo_opensearch_dashboards_2_x_version: 20231202T013234
-stackhpc_pulp_repo_rabbitmq_erlang_version: 20231015T004919
-stackhpc_pulp_repo_rabbitmq_server_version: 20231018T041416
-stackhpc_pulp_repo_rhel_9_influxdb_version: 20231019T010143
-stackhpc_pulp_repo_rhel_9_mariadb_10_6_version: 20230815T010124
-stackhpc_pulp_repo_rhel_9_treasuredata_4_version: 20230903T003752
-stackhpc_pulp_repo_rocky_9_1_appstream_version: 20231012T003815
-stackhpc_pulp_repo_rocky_9_1_baseos_version: 20230921T005001
-stackhpc_pulp_repo_rocky_9_1_crb_version: 20231020T014922
-stackhpc_pulp_repo_rocky_9_1_extras_version: 20231020T014922
-stackhpc_pulp_repo_rocky_9_1_highavailability_version: 20231020T014922
+stackhpc_pulp_repo_elrepo_9_version: 20240214T143520
+stackhpc_pulp_repo_epel_9_version: 20240417T235558
+stackhpc_pulp_repo_grafana_version: 20240417T235558
+stackhpc_pulp_repo_opensearch_2_x_version: 20240403T011714
+stackhpc_pulp_repo_opensearch_dashboards_2_x_version: 20240403T011714
+stackhpc_pulp_repo_rabbitmq_erlang_version: 20240413T235245
+stackhpc_pulp_repo_rabbitmq_server_version: 20240330T001322
+stackhpc_pulp_repo_rhel_9_influxdb_version: 20240417T000423
+stackhpc_pulp_repo_rhel_9_mariadb_10_6_version: 20240208T002309
+stackhpc_pulp_repo_rhel_9_treasuredata_4_version: 20231130T012511
+stackhpc_pulp_repo_rocky_9_1_appstream_version: 20231207T013715
+stackhpc_pulp_repo_rocky_9_1_baseos_version: 20231206T014015
+stackhpc_pulp_repo_rocky_9_1_crb_version: 20231211T120328
+stackhpc_pulp_repo_rocky_9_1_extras_version: 20231211T120328
+stackhpc_pulp_repo_rocky_9_1_highavailability_version: 20231208T011702
 stackhpc_pulp_repo_rocky_9_2_appstream_version: 20231211T120328
 stackhpc_pulp_repo_rocky_9_2_baseos_version: 20231211T120328
 stackhpc_pulp_repo_rocky_9_2_crb_version: 20231207T013715
 stackhpc_pulp_repo_rocky_9_2_extras_version: 20231207T013715
 stackhpc_pulp_repo_rocky_9_2_highavailability_version: 20231208T011702
-stackhpc_pulp_repo_rocky_9_3_appstream_version: 20231215T005810
-stackhpc_pulp_repo_rocky_9_3_baseos_version: 20231215T005810
-stackhpc_pulp_repo_rocky_9_3_crb_version: 20231215T005810
-stackhpc_pulp_repo_rocky_9_3_extras_version: 20231211T120328
-stackhpc_pulp_repo_rocky_9_3_highavailability_version: 20231214T005538
-stackhpc_pulp_repo_ubuntu_jammy_security_version: 20231020T074329
-stackhpc_pulp_repo_ubuntu_jammy_version: 20231020T074329
-stackhpc_pulp_repo_ubuntu_cloud_archive_version: 20231019T125502
+stackhpc_pulp_repo_rocky_9_3_appstream_version: 20240416T010957
+stackhpc_pulp_repo_rocky_9_3_baseos_version: 20240413T014042
+stackhpc_pulp_repo_rocky_9_3_crb_version: 20240413T014042
+stackhpc_pulp_repo_rocky_9_3_extras_version: 20240413T014042
+stackhpc_pulp_repo_rocky_9_3_highavailability_version: 20240404T012937
+stackhpc_pulp_repo_ubuntu_jammy_version: 20240418T043733
+stackhpc_pulp_repo_ubuntu_cloud_archive_version: 20240418T070026
+stackhpc_pulp_repo_ubuntu_jammy_security_version: 20240418T043733

releasenotes/notes/2023.1-update-packages-and-containers-q2-2024-02ed375b9c73ac75.yaml

@@ -0,0 +1,45 @@
+---
+features:
+  - |
+    Bumped pulp repo versions for Q2 2024
+    Bumped Kolla image tags for Q2 2024
+    Bumped prometheus server from 2.38.0 to 2.51.1
+    Bumped prometheus alertmanager from 0.24.0 to 0.26.0
+    Bumped prometheus blackbox exporter from 0.23.0 to 0.25.0
+    Bumped prometheus cadvisor exporter from 0.48.0 to 0.49.1
+    Bumped prometheus haproxy exporter from 0.13.0 to 0.15.0
+    Bumped prometheus memcached exporter from 0.10.0 to 0.14.3
+    Bumped prometheus msteams from 1.5.1 to 1.5.2
+    Bumped prometheus mtail from 3.0.0-rc50 to 3.0.0-rc53
+    Bumped prometheus mysqld exporter from 0.15.0 to 0.15.1
+    Bumped prometheus node exporter from 1.4.0 to 1.7.0
+    Bumped prometheus openstack exporter from 1.6.0 to 1.7.0
+    Bumped prometheus ovn exporter from 1.0.6 to 1.0.7
+    Bumped opensearch from 2.11.1-1 to 2.13.0-1 (Rocky Linux 9)
+    Bumped opensearch from 2.12.0 to 2.13.0 (Ubuntu Jammy)
+    Bumped grafana from 10.1.5-1 to 10.4.2-1 (Rocky Linux 9)
+    Bumped grafana from 10.4.0 to 10.4.2 (Ubuntu Jammy)
+security:
+  - |
+    Fixed CVE-2023-31047, CVE-2023-23969, CVE-2023-24580, CVE-2023-36053,
+    CVE-2023-46695, CVE-2023-30861, CVE-2022-4899. CVE-2024-1135,
+    GHSA-2m57-hf25-phgg, CVE-2023-0286, CVE-2023-50782, CVE-2024-26130
+    for openstack services.
+
+    Fixed CVE-2022-41723, CVE-2023-39325 (except prometheus-alertmanager,
+    prometheus-msteams-exporter, prometheus-haproxy-exporter,
+    prometheus-openstack-exporter. No patch available.), CVE-2021-43565,
+    CVE-2022-27191, CVE-2022-27664, CVE-2021-38561, CVE-2022-21698,
+    CVE-2021-4238, CVE-2022-40083, CVE-2022-41721, CVE-2021-33194,
+    CVE-2023-2253, CVE-2023-27561, CVE-2023-28840, CVE-2024-21626,
+    CVE-2022-32149, CVE-2023-45142, GHSA-m425-mq94-257g
+    for prometheus server and exporters except prometheus-libvirt-exporter
+    and prometheus-haproxy-exporter. (Source repository of each are archived
+    and no longer maintained)
+
+    Fixed CVE-2023-39325, CVE-2023-45142, CVE-2023-47108, CVE-2023-49568,
+    CVE-2023-49569, GHSA-9763-4f94-gfch, GHSA-m425-mq94-257g
+    for grafana.
+
+    It is advised to redeploy service with current version of images from
+    StackHPC Release Train.