From 9880ae035b6e6ea8995aa1ac2a837d224903476b Mon Sep 17 00:00:00 2001
From: Jack Hodgkiss <identity@jackhodgkiss.uk>
Date: Tue, 22 Oct 2024 11:07:21 +0100
Subject: [PATCH 1/4] INFRA-841 add tags for updated `Ironic` containers

The Ironic containers been rebuilt with the latest sync which includes
patches for the vulnerability `OSSA-2024-004`.
---
 etc/kayobe/kolla-image-tags.yml                      | 12 ++++++------
 .../notes/fix-ossa-2024-004-f732e58c12e26785.yaml    |  6 ++++++
 2 files changed, 12 insertions(+), 6 deletions(-)
 create mode 100644 releasenotes/notes/fix-ossa-2024-004-f732e58c12e26785.yaml

diff --git a/etc/kayobe/kolla-image-tags.yml b/etc/kayobe/kolla-image-tags.yml
index 017319e3d..5f134c78f 100644
--- a/etc/kayobe/kolla-image-tags.yml
+++ b/etc/kayobe/kolla-image-tags.yml
@@ -15,14 +15,14 @@ kolla_image_tags:
   haproxy_ssh:
     ubuntu-jammy: 2023.1-ubuntu-jammy-20240509T102329
   ironic:
-    rocky-9: 2023.1-rocky-9-20240906T144646
-    ubuntu-jammy: 2023.1-ubuntu-jammy-20240906T144646
+    rocky-9: 2023.1-rocky-9-20241022T090717
+    ubuntu-jammy: 2023.1-ubuntu-jammy-20241022T090717
   ironic_dnsmasq:
-    rocky-9: 2023.1-rocky-9-20240709T132012
-    ubuntu-jammy: 2023.1-ubuntu-jammy-20240621T104542
+    rocky-9: 2023.1-rocky-9-20241022T090717
+    ubuntu-jammy: 2023.1-ubuntu-jammy-20241022T090717
   ironic_neutron_agent:
-    rocky-9: 2023.1-rocky-9-20240916T114629
-    ubuntu-jammy: 2023.1-ubuntu-jammy-20240916T114629
+    rocky-9: 2023.1-rocky-9-20241022T090717
+    ubuntu-jammy: 2023.1-ubuntu-jammy-20241022T090717
   kolla_toolbox:
     rocky-9: 2023.1-rocky-9-20240809T102431
   letsencrypt:
diff --git a/releasenotes/notes/fix-ossa-2024-004-f732e58c12e26785.yaml b/releasenotes/notes/fix-ossa-2024-004-f732e58c12e26785.yaml
new file mode 100644
index 000000000..ae0bd5b5f
--- /dev/null
+++ b/releasenotes/notes/fix-ossa-2024-004-f732e58c12e26785.yaml
@@ -0,0 +1,6 @@
+---
+security:
+  - |
+    Fixes `OSSA-2024-004
+    <https://security.openstack.org/ossa/OSSA-2024-004.html>`_ with updated
+    container images for Ironic.

From 32bb55cf72c8a03a71a2a0053b82c409c2dd67ba Mon Sep 17 00:00:00 2001
From: Will Szumski <will@stackhpc.com>
Date: Fri, 25 Oct 2024 09:33:42 +0100
Subject: [PATCH 2/4] [2023.1] Fix eswitchd and neutron_mlnx_agent not using
 our fork (#1326)

* [2023.1] Fix eswitchd and neutron_mlnx_agent not using our fork

The neutron_mlnx_agent based containers are not using the neutron plugins, so we need to customize the pip package directly.

* Bump neutron containers

* Update kolla-image-tags.yml

* Update kolla-image-tags.yml
---
 etc/kayobe/kolla-image-tags.yml | 4 ++--
 etc/kayobe/kolla.yml            | 2 ++
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/etc/kayobe/kolla-image-tags.yml b/etc/kayobe/kolla-image-tags.yml
index 5f134c78f..7132a6d1a 100644
--- a/etc/kayobe/kolla-image-tags.yml
+++ b/etc/kayobe/kolla-image-tags.yml
@@ -33,8 +33,8 @@ kolla_image_tags:
   manila:
     rocky-9: 2023.1-rocky-9-20240809T102431
   neutron:
-    rocky-9: 2023.1-rocky-9-20240926T151818
-    ubuntu-jammy: 2023.1-ubuntu-jammy-20240926T151818
+    rocky-9: 2023.1-rocky-9-20241011T212435
+    ubuntu-jammy: 2023.1-ubuntu-jammy-20241011T212435
   nova:
     rocky-9: 2023.1-rocky-9-20240926T151818
     ubuntu-jammy: 2023.1-ubuntu-jammy-20240926T151818
diff --git a/etc/kayobe/kolla.yml b/etc/kayobe/kolla.yml
index c7fcc0675..ed5ef31e9 100644
--- a/etc/kayobe/kolla.yml
+++ b/etc/kayobe/kolla.yml
@@ -456,6 +456,8 @@ kolla_build_customizations_common:
   nova_compute_packages_append:
     - python3-libvirt
     - python3-ethtool
+  neutron_mlnx_agent_pip_packages_override:
+    - networking-mlnx@git+https://github.com/stackhpc/networking-mlnx@stackhpc/{{ openstack_release }}
 
 kolla_build_customizations_rocky:
   kolla_toolbox_packages_remove:

From 362d6b6955c3b3c7486e7b8eb6774a6f41d3c369 Mon Sep 17 00:00:00 2001
From: Seunghun Lee <45145778+seunghun1ee@users.noreply.github.com>
Date: Mon, 28 Oct 2024 10:23:39 +0000
Subject: [PATCH 3/4] CI: Bump AIO root volume size to 50GB

Tempest test on https://github.com/stackhpc/stackhpc-kayobe-config/actions/runs/11516474614/job/32145413990?pr=1312 is keep failing because the aio is running out of space. Bumping it to 50 GB.
---
 terraform/aio/vm.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/terraform/aio/vm.tf b/terraform/aio/vm.tf
index a0d097cbe..8113a5912 100644
--- a/terraform/aio/vm.tf
+++ b/terraform/aio/vm.tf
@@ -35,7 +35,7 @@ variable "aio_vm_subnet" {
 
 variable "aio_vm_volume_size" {
   type = number
-  default = 40
+  default = 50
 }
 
 variable "aio_vm_tags" {

From 978d7b192d17b7b51fb574e0cfb1fd1853a1356f Mon Sep 17 00:00:00 2001
From: Seunghun Lee <seunghun@stackhpc.com>
Date: Fri, 1 Nov 2024 10:57:28 +0000
Subject: [PATCH 4/4] Bump AIO disk size for CI tests

---
 .github/workflows/stackhpc-all-in-one.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/stackhpc-all-in-one.yml b/.github/workflows/stackhpc-all-in-one.yml
index d0460d813..5d9d4f125 100644
--- a/.github/workflows/stackhpc-all-in-one.yml
+++ b/.github/workflows/stackhpc-all-in-one.yml
@@ -167,7 +167,7 @@ jobs:
           VM_NETWORK: ${{ inputs.vm_network }}
           VM_SUBNET: ${{ inputs.vm_subnet }}
           VM_INTERFACE: ${{ inputs.vm_interface }}
-          VM_VOLUME_SIZE: ${{ inputs.upgrade && '55' || '40' }}
+          VM_VOLUME_SIZE: ${{ inputs.upgrade && '65' || '50' }}
           VM_TAGS: '["skc-ci-aio", "PR=${{ github.event.number }}"]'
 
       - name: Terraform Plan