diff --git a/.github/workflows/ipa-image-build.yml b/.github/workflows/ipa-image-build.yml index 3046b3757..3a4d46d52 100644 --- a/.github/workflows/ipa-image-build.yml +++ b/.github/workflows/ipa-image-build.yml @@ -7,8 +7,8 @@ on: description: Build Rocky Linux 9 type: boolean default: true - ubuntu-jammy: - description: Build Ubuntu 22.04 Jammy + ubuntu-noble: + description: Build Ubuntu 24.04 Noble type: boolean default: true secrets: @@ -99,7 +99,7 @@ jobs: ssh_public_key = "id_rsa.pub" ssh_username = "ubuntu" aio_vm_name = "skc-ipa-image-builder" - aio_vm_image = "Ubuntu-22.04" + aio_vm_image = "Ubuntu-24.04" aio_vm_flavor = "en1.large" aio_vm_network = "stackhpc-ci" aio_vm_subnet = "stackhpc-ci" @@ -197,20 +197,20 @@ jobs: env: KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} - - name: Build a Ubuntu 22.04 Jammy IPA image - id: build_ubuntu_jammy_ipa + - name: Build a Ubuntu 24.04 Noble IPA image + id: build_ubuntu_noble_ipa continue-on-error: true run: | source venvs/kayobe/bin/activate && source src/kayobe-config/kayobe-env --environment ci-builder && kayobe overcloud deployment image build --force-rebuild \ -e os_distribution="ubuntu" \ - -e os_release="jammy" \ + -e os_release="noble" \ -e ipa_ci_builder_distribution="ubuntu" \ - -e ipa_ci_builder_release="jammy" + -e ipa_ci_builder_release="noble" env: KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} - if: inputs.ubuntu-jammy + if: inputs.ubuntu-noble - name: Show last error logs continue-on-error: true @@ -220,9 +220,9 @@ jobs: kayobe seed host command run --command "tail -200 /opt/kayobe/images/ipa/ipa.stdout" --show-output env: KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} - if: steps.build_ubuntu_jammy_ipa.outcome == 'failure' + if: steps.build_ubuntu_noble_ipa.outcome == 'failure' - - name: Upload Ubuntu 22.04 Jammy IPA kernel image to Ark + - name: Upload Ubuntu 24.04 Noble IPA kernel image to Ark run: | source venvs/kayobe/bin/activate && source src/kayobe-config/kayobe-env --environment ci-builder && @@ -232,14 +232,14 @@ jobs: -e artifact_type=ipa-images \ -e artifact_tag=${{ steps.ipa_image_tag.outputs.ipa_image_tag }} \ -e os_distribution="ubuntu" \ - -e os_release="jammy" \ + -e os_release="noble" \ -e file_regex='*.kernel' \ -e upload_checksum=true env: KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} - if: inputs.ubuntu-jammy && steps.build_ubuntu_jammy_ipa.outcome == 'success' + if: inputs.ubuntu-noble && steps.build_ubuntu_noble_ipa.outcome == 'success' - - name: Upload Ubuntu 22.04 Jammy IPA ramdisk image to Ark + - name: Upload Ubuntu 24.04 Noble IPA ramdisk image to Ark run: | source venvs/kayobe/bin/activate && source src/kayobe-config/kayobe-env --environment ci-builder && @@ -249,12 +249,12 @@ jobs: -e artifact_type=ipa-images \ -e artifact_tag=${{ steps.ipa_image_tag.outputs.ipa_image_tag }} \ -e os_distribution="ubuntu" \ - -e os_release="jammy" \ + -e os_release="noble" \ -e file_regex='*.initramfs' \ -e upload_checksum=true env: KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} - if: inputs.ubuntu-jammy && steps.build_ubuntu_jammy_ipa.outcome == 'success' + if: inputs.ubuntu-noble && steps.build_ubuntu_noble_ipa.outcome == 'success' - name: Build a Rocky 9 IPA image id: build_rocky_9_ipa @@ -333,7 +333,7 @@ jobs: echo "Builds failed. See workflow artifacts for details." && exit 1 if: steps.build_rocky_9_ipa.outcome == 'failure' || - steps.build_ubuntu_jammy_ipa.outcome == 'failure' + steps.build_ubuntu_noble_ipa.outcome == 'failure' - name: Destroy run: terraform destroy -auto-approve diff --git a/.github/workflows/ipa-image-promote.yml b/.github/workflows/ipa-image-promote.yml index acba60194..4d830796e 100644 --- a/.github/workflows/ipa-image-promote.yml +++ b/.github/workflows/ipa-image-promote.yml @@ -7,8 +7,8 @@ on: description: Promote Rocky Linux 9 type: boolean default: true - ubuntu-jammy: - description: Promote Ubuntu 22.04 Jammy + ubuntu-noble: + description: Promote Ubuntu 24.04 Noble type: boolean default: true image_tag: @@ -21,11 +21,11 @@ jobs: ipa-image-promote: name: Promote IPA image if: github.repository == 'stackhpc/stackhpc-kayobe-config' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest steps: - name: Validate inputs run: | - if [[ ${{ inputs.rocky9 }} == 'false' && ${{ inputs.ubuntu-jammy }} == 'false' ]]; then + if [[ ${{ inputs.rocky9 }} == 'false' && ${{ inputs.ubuntu-noble }} == 'false' ]]; then echo "At least one distribution must be selected" exit 1 fi @@ -85,7 +85,7 @@ jobs: KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} if: inputs.rocky9 - - name: Promote Ubuntu Jammy 22.04 IPA image artifact + - name: Promote Ubuntu Noble 24.04 IPA image artifact run: | source venvs/kayobe/bin/activate && source src/kayobe-config/kayobe-env --environment ci-builder && @@ -93,8 +93,8 @@ jobs: src/kayobe-config/etc/kayobe/ansible/pulp-artifact-promote.yml \ -e artifact_type="ipa-images" \ -e os_distribution='ubuntu' \ - -e os_release='jammy' + -e os_release='noble' env: ARTIFACT_TAG: ${{ inputs.image_tag }} KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} - if: inputs.ubuntu-jammy + if: inputs.ubuntu-noble diff --git a/.github/workflows/multinode-inputs.py b/.github/workflows/multinode-inputs.py index 6971bf778..56f9327c2 100644 --- a/.github/workflows/multinode-inputs.py +++ b/.github/workflows/multinode-inputs.py @@ -31,10 +31,12 @@ class Scenario: ROCKY_9 = OSRelease("rocky", "9", "cloud-user") UBUNTU_JAMMY = OSRelease("ubuntu", "jammy", "ubuntu") +UBUNTU_NOBLE = OSRelease("ubuntu", "noble", "ubuntu") # NOTE(upgrade): Add supported releases here. OPENSTACK_RELEASES = [ - OpenStackRelease("2024.1", "2023.1", [ROCKY_9, UBUNTU_JAMMY]), OpenStackRelease("2023.1", "zed", [ROCKY_9, UBUNTU_JAMMY]), + OpenStackRelease("2024.1", "2023.1", [ROCKY_9, UBUNTU_JAMMY]), + OpenStackRelease("master", "2024.1", [ROCKY_9, UBUNTU_NOBLE]), ] NEUTRON_PLUGINS = ["ovs", "ovn"] diff --git a/.github/workflows/overcloud-host-image-build.yml b/.github/workflows/overcloud-host-image-build.yml index 215452cf2..af403b21c 100644 --- a/.github/workflows/overcloud-host-image-build.yml +++ b/.github/workflows/overcloud-host-image-build.yml @@ -7,8 +7,8 @@ on: description: Build Rocky Linux 9 type: boolean default: true - ubuntu-jammy: - description: Build Ubuntu 22.04 Jammy + ubuntu-noble: + description: Build Ubuntu 24.04 Noble type: boolean default: true secrets: @@ -34,7 +34,7 @@ jobs: steps: - name: Validate inputs run: | - if [[ ${{ inputs.rocky9 }} == 'false' && ${{ inputs.ubuntu-jammy }} == 'false' ]]; then + if [[ ${{ inputs.rocky9 }} == 'false' && ${{ inputs.ubuntu-noble }} == 'false' ]]; then echo "At least one distribution must be selected" exit 1 fi @@ -107,9 +107,9 @@ jobs: ssh_public_key = "id_rsa.pub" ssh_username = "ubuntu" aio_vm_name = "skc-host-image-builder" - # Must be an Ubuntu Jammy host to successfully build all images + # Must be an Ubuntu Noble host to successfully build all images # This MUST NOT be an LVM image. It can cause confusing conficts with the built image. - aio_vm_image = "Ubuntu-22.04" + aio_vm_image = "Ubuntu-24.04" aio_vm_flavor = "en1.medium" aio_vm_network = "stackhpc-ci" aio_vm_subnet = "stackhpc-ci" @@ -264,59 +264,59 @@ jobs: OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }} if: inputs.rocky9 && steps.build_rocky_9.outcome == 'success' - - name: Build an Ubuntu Jammy 22.04 overcloud host image - id: build_ubuntu_jammy + - name: Build an Ubuntu Noble 24.04 overcloud host image + id: build_ubuntu_noble continue-on-error: true run: | source venvs/kayobe/bin/activate && source src/kayobe-config/kayobe-env --environment ci-builder && kayobe overcloud host image build --force-rebuild \ -e os_distribution="ubuntu" \ - -e os_release="jammy" \ - -e stackhpc_overcloud_dib_name=overcloud-ubuntu-jammy + -e os_release="noble" \ + -e stackhpc_overcloud_dib_name=overcloud-ubuntu-noble env: KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} - if: inputs.ubuntu-jammy + if: inputs.ubuntu-noble - name: Show last error logs continue-on-error: true run: | source venvs/kayobe/bin/activate && source src/kayobe-config/kayobe-env --environment ci-builder && - kayobe seed host command run --command "tail -200 /opt/kayobe/images/overcloud-ubuntu-jammy/overcloud-ubuntu-jammy.stdout" --show-output + kayobe seed host command run --command "tail -200 /opt/kayobe/images/overcloud-ubuntu-noble/overcloud-ubuntu-noble.stdout" --show-output env: KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} - if: steps.build_ubuntu_jammy.outcome == 'failure' + if: steps.build_ubuntu_noble.outcome == 'failure' - - name: Upload Ubuntu Jammy 22.04 overcloud host image to Ark + - name: Upload Ubuntu Noble 24.04 overcloud host image to Ark run: | source venvs/kayobe/bin/activate && source src/kayobe-config/kayobe-env --environment ci-builder && kayobe playbook run \ src/kayobe-config/etc/kayobe/ansible/pulp-artifact-upload.yml \ - -e artifact_path=/opt/kayobe/images/overcloud-ubuntu-jammy \ + -e artifact_path=/opt/kayobe/images/overcloud-ubuntu-noble \ -e artifact_tag=${{ steps.host_image_tag.outputs.host_image_tag }} \ -e artifact_type="kayobe-images" \ -e file_regex="*.qcow2" \ -e os_distribution="ubuntu" \ - -e os_release="jammy" + -e os_release="noble" env: KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} - if: inputs.ubuntu-jammy && steps.build_ubuntu_jammy.outcome == 'success' + if: inputs.ubuntu-noble && steps.build_ubuntu_noble.outcome == 'success' - - name: Upload Ubuntu Jammy overcloud host image to Dev Cloud + - name: Upload Ubuntu Noble overcloud host image to Dev Cloud run: | source venvs/kayobe/bin/activate && source src/kayobe-config/kayobe-env --environment ci-builder && kayobe playbook run \ src/kayobe-config/etc/kayobe/ansible/openstack-host-image-upload.yml \ - -e local_image_path="/opt/kayobe/images/overcloud-ubuntu-jammy/overcloud-ubuntu-jammy.qcow2" \ - -e image_name=overcloud-ubuntu-jammy-${{ steps.host_image_tag.outputs.host_image_tag }} + -e local_image_path="/opt/kayobe/images/overcloud-ubuntu-noble/overcloud-ubuntu-noble.qcow2" \ + -e image_name=overcloud-ubuntu-noble-${{ steps.host_image_tag.outputs.host_image_tag }} env: CLOUDS_YAML: ${{ secrets.CLOUDS_YAML }} OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }} OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }} - if: inputs.ubuntu-jammy && steps.build_ubuntu_jammy.outcome == 'success' + if: inputs.ubuntu-noble && steps.build_ubuntu_noble.outcome == 'success' - name: Copy logs back continue-on-error: true @@ -331,7 +331,7 @@ jobs: echo "Builds failed. See workflow artifacts for details." && exit 1 if: steps.build_rocky_9.outcome == 'failure' || - steps.build_ubuntu_jammy.outcome == 'failure' + steps.build_ubuntu_noble.outcome == 'failure' - name: Upload logs artifact uses: actions/upload-artifact@v4 diff --git a/.github/workflows/overcloud-host-image-promote.yml b/.github/workflows/overcloud-host-image-promote.yml index f6e167d45..960dbc0df 100644 --- a/.github/workflows/overcloud-host-image-promote.yml +++ b/.github/workflows/overcloud-host-image-promote.yml @@ -7,8 +7,8 @@ on: description: Promote Rocky Linux 9 type: boolean default: true - ubuntu-jammy: - description: Promote Ubuntu 22.04 Jammy + ubuntu-noble: + description: Promote Ubuntu 24.04 Noble type: boolean default: true image_tag: @@ -21,11 +21,11 @@ jobs: overcloud-host-image-promote: name: Promote overcloud host image if: github.repository == 'stackhpc/stackhpc-kayobe-config' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: Validate inputs run: | - if [[ ${{ inputs.rocky9 }} == 'false' && ${{ inputs.ubuntu-jammy }} == 'false' ]]; then + if [[ ${{ inputs.rocky9 }} == 'false' && ${{ inputs.ubuntu-noble }} == 'false' ]]; then echo "At least one distribution must be selected" exit 1 fi @@ -85,7 +85,7 @@ jobs: KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} if: inputs.rocky9 - - name: Promote Ubuntu Jammy 22.04 overcloud host image artifact + - name: Promote Ubuntu Noble 24.04 overcloud host image artifact run: | source venvs/kayobe/bin/activate && source src/kayobe-config/kayobe-env --environment ci-builder && @@ -93,8 +93,8 @@ jobs: src/kayobe-config/etc/kayobe/ansible/pulp-artifact-promote.yml \ -e artifact_type="kayobe-images" \ -e os_distribution='ubuntu' \ - -e os_release='jammy' + -e os_release='noble' env: ARTIFACT_TAG: ${{ inputs.image_tag }} KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} - if: inputs.ubuntu-jammy + if: inputs.ubuntu-noble diff --git a/.github/workflows/overcloud-host-image-upload.yml b/.github/workflows/overcloud-host-image-upload.yml index 505a4b194..d5466b0fc 100644 --- a/.github/workflows/overcloud-host-image-upload.yml +++ b/.github/workflows/overcloud-host-image-upload.yml @@ -7,8 +7,8 @@ on: description: Upload Rocky Linux 9 type: boolean default: true - ubuntu-jammy: - description: Upload Ubuntu 22.04 Jammy + ubuntu-noble: + description: Upload Ubuntu 24.04 Noble type: boolean default: true kayobe-environment: @@ -36,7 +36,7 @@ jobs: steps: - name: Validate inputs run: | - if [[ ${{ inputs.rocky9 }} == 'false' && ${{ inputs.ubuntu-jammy }} == 'false' ]]; then + if [[ ${{ inputs.rocky9 }} == 'false' && ${{ inputs.ubuntu-noble }} == 'false' ]]; then echo "At least one distribution must be selected" exit 1 fi @@ -127,47 +127,47 @@ jobs: OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }} if: inputs.rocky9 && steps.rocky_9_image_exists.outcome == 'failure' - - name: Output Ubuntu Jammy image tag - id: ubuntu_jammy_image_tag + - name: Output Ubuntu Noble image tag + id: ubuntu_noble_image_tag run: | - echo image_tag=$(grep stackhpc_ubuntu_jammy_overcloud_host_image_version: src/kayobe-config/etc/kayobe/pulp-host-image-versions.yml | awk '{print $2}') >> $GITHUB_OUTPUT + echo image_tag=$(grep stackhpc_ubuntu_noble_overcloud_host_image_version: src/kayobe-config/etc/kayobe/pulp-host-image-versions.yml | awk '{print $2}') >> $GITHUB_OUTPUT - name: Check if image exists already - id: ubuntu_jammy_image_exists + id: ubuntu_noble_image_exists run: | source venvs/kayobe/bin/activate && openstack image show \ - overcloud-ubuntu-jammy-${{ steps.ubuntu_jammy_image_tag.outputs.image_tag }} + overcloud-ubuntu-noble-${{ steps.ubuntu_noble_image_tag.outputs.image_tag }} env: OS_CLOUD: openstack OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }} OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }} continue-on-error: true - - name: Download Ubuntu Jammy 22.04 overcloud host image from Ark + - name: Download Ubuntu Noble 24.04 overcloud host image from Ark run: | source venvs/kayobe/bin/activate && source src/kayobe-config/kayobe-env --environment ${{ inputs.kayobe-environment }} && kayobe playbook run \ src/kayobe-config/etc/kayobe/ansible/pulp-host-image-download.yml \ -e os_distribution="ubuntu" \ - -e os_release="jammy" + -e os_release="noble" env: KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} - if: inputs.ubuntu-jammy && steps.ubuntu_jammy_image_exists.outcome == 'failure' + if: inputs.ubuntu-noble && steps.ubuntu_noble_image_exists.outcome == 'failure' - - name: Upload Ubuntu Jammy 22.04 overcloud host image to Cloud + - name: Upload Ubuntu Noble 24.04 overcloud host image to Cloud run: | source venvs/kayobe/bin/activate && openstack image create \ - overcloud-ubuntu-jammy-${{ steps.ubuntu_jammy_image_tag.outputs.image_tag }} \ + overcloud-ubuntu-noble-${{ steps.ubuntu_noble_image_tag.outputs.image_tag }} \ --container-format bare \ --disk-format qcow2 \ - --file /tmp/ubuntu-jammy.qcow2 \ + --file /tmp/ubuntu-noble.qcow2 \ --private \ --progress env: OS_CLOUD: openstack OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }} OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }} - if: inputs.ubuntu-jammy && steps.ubuntu_jammy_image_exists.outcome == 'failure' + if: inputs.ubuntu-noble && steps.ubuntu_noble_image_exists.outcome == 'failure' diff --git a/.github/workflows/stackhpc-build-kayobe-image.yml b/.github/workflows/stackhpc-build-kayobe-image.yml index 677be9ac8..70c1b166e 100644 --- a/.github/workflows/stackhpc-build-kayobe-image.yml +++ b/.github/workflows/stackhpc-build-kayobe-image.yml @@ -42,7 +42,7 @@ jobs: build-kayobe-image: name: Build kayobe image if: inputs.if || github.repository == 'stackhpc/stackhpc-kayobe-config' && github.event_name == 'push' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: contents: read packages: write diff --git a/.github/workflows/stackhpc-container-image-build.yml b/.github/workflows/stackhpc-container-image-build.yml index 2642b90b6..3a3db1fdc 100644 --- a/.github/workflows/stackhpc-container-image-build.yml +++ b/.github/workflows/stackhpc-container-image-build.yml @@ -23,8 +23,8 @@ on: type: boolean required: false default: true - ubuntu-jammy: - description: Build Ubuntu Jammy 22.04 images? + ubuntu-noble: + description: Build Ubuntu Noble 24.04 images? type: boolean required: false default: true @@ -54,7 +54,7 @@ jobs: steps: - name: Validate inputs run: | - if [[ ${{ inputs.rocky-linux-9 }} == 'false' && ${{ inputs.ubuntu-jammy }} == 'false' ]]; then + if [[ ${{ inputs.rocky-linux-9 }} == 'false' && ${{ inputs.ubuntu-noble }} == 'false' ]]; then echo "At least one distribution must be selected" exit 1 fi @@ -91,7 +91,7 @@ jobs: echo -n "$comma\"rocky\"" >> $GITHUB_OUTPUT comma=", " fi - if [[ ${{ inputs.ubuntu-jammy }} == 'true' ]]; then + if [[ ${{ inputs.ubuntu-noble }} == 'true' ]]; then echo -n "$comma\"ubuntu\"" >> $GITHUB_OUTPUT comma=", " fi @@ -160,7 +160,7 @@ jobs: - name: Get Kolla tag id: write-kolla-tag - run: echo "kolla-tag=${{ needs.generate-tag.outputs.openstack_release }}-${{ matrix.distro }}-${{ matrix.distro == 'rocky' && '9' || 'jammy' }}-${{ needs.generate-tag.outputs.datetime_tag }}" >> $GITHUB_OUTPUT + run: echo "kolla-tag=${{ needs.generate-tag.outputs.openstack_release }}-${{ matrix.distro }}-${{ matrix.distro == 'rocky' && '9' || 'noble' }}-${{ needs.generate-tag.outputs.datetime_tag }}" >> $GITHUB_OUTPUT - name: Configure localhost as a seed run: | diff --git a/.github/workflows/stackhpc-multinode.yml b/.github/workflows/stackhpc-multinode.yml index 2e66e2dca..01476271d 100644 --- a/.github/workflows/stackhpc-multinode.yml +++ b/.github/workflows/stackhpc-multinode.yml @@ -60,7 +60,7 @@ jobs: with: multinode_name: ${{ inputs.multinode_name }} os_distribution: ${{ inputs.os_distribution }} - os_release: ${{ inputs.os_distribution == 'rocky' && '9' || 'jammy' }} + os_release: ${{ inputs.os_distribution == 'rocky' && '9' || 'noble' }} ssh_username: ${{ inputs.os_distribution == 'rocky' && 'cloud-user' || 'ubuntu' }} neutron_plugin: ${{ inputs.neutron_plugin }} upgrade: ${{ inputs.upgrade }} diff --git a/.github/workflows/stackhpc-pull-request.yml b/.github/workflows/stackhpc-pull-request.yml index a353b9e55..7f9ae395c 100644 --- a/.github/workflows/stackhpc-pull-request.yml +++ b/.github/workflows/stackhpc-pull-request.yml @@ -13,7 +13,7 @@ jobs: # # would skip the workflow entirely, and would prevent us from making the # # aio jobs required to pass (a skip counts as a pass). # check-changes: - # runs-on: ubuntu-22.04 + # runs-on: ubuntu-24.04 # permissions: # pull-requests: read # name: Check changed files @@ -34,7 +34,7 @@ jobs: # filters: .github/path-filters.yml # tox: - # runs-on: ubuntu-22.04 + # runs-on: ubuntu-24.04 # permissions: {} # strategy: # matrix: @@ -62,7 +62,7 @@ jobs: # run: tox -e ${{ matrix.environment }} lint: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: {} strategy: fail-fast: false @@ -127,8 +127,8 @@ jobs: # secrets: inherit # if: ${{ ! failure() && ! cancelled() && github.repository == 'stackhpc/stackhpc-kayobe-config' }} - # all-in-one-ubuntu-jammy-ovs: - # name: aio (Ubuntu Jammy OVS) + # all-in-one-ubuntu-noble-ovs: + # name: aio (Ubuntu Noble OVS) # needs: # - check-changes # - build-kayobe-image @@ -136,7 +136,7 @@ jobs: # with: # kayobe_image: ${{ needs.build-kayobe-image.outputs.kayobe_image }} # os_distribution: ubuntu - # os_release: jammy + # os_release: noble # ssh_username: ubuntu # neutron_plugin: ovs # OS_CLOUD: openstack @@ -144,8 +144,8 @@ jobs: # secrets: inherit # if: ${{ ! failure() && ! cancelled() && github.repository == 'stackhpc/stackhpc-kayobe-config' }} - # all-in-one-ubuntu-jammy-ovn: - # name: aio (Ubuntu Jammy OVN) + # all-in-one-ubuntu-noble-ovn: + # name: aio (Ubuntu Noble OVN) # needs: # - check-changes # - build-kayobe-image @@ -153,7 +153,7 @@ jobs: # with: # kayobe_image: ${{ needs.build-kayobe-image.outputs.kayobe_image }} # os_distribution: ubuntu - # os_release: jammy + # os_release: noble # ssh_username: ubuntu # neutron_plugin: ovn # OS_CLOUD: openstack @@ -195,10 +195,10 @@ jobs: # secrets: inherit # if: ${{ ! failure() && ! cancelled() && github.repository == 'stackhpc/stackhpc-kayobe-config' }} - # # Test two upgrade scenarios: Ubuntu Jammy OVS and Rocky 9 OVN. + # Test two upgrade scenarios: Ubuntu Noble OVS and Rocky 9 OVN. - # all-in-one-upgrade-ubuntu-jammy-ovs: - # name: aio upgrade (Ubuntu Jammy OVS) + # all-in-one-upgrade-ubuntu-noble-ovs: + # name: aio upgrade (Ubuntu Noble OVS) # needs: # - check-changes # - build-kayobe-image @@ -206,7 +206,7 @@ jobs: # with: # kayobe_image: ${{ needs.build-kayobe-image.outputs.kayobe_image }} # os_distribution: ubuntu - # os_release: jammy + # os_release: noble # ssh_username: ubuntu # neutron_plugin: ovs # OS_CLOUD: openstack diff --git a/etc/kayobe/ansible/ubuntu-upgrade.yml b/etc/kayobe/ansible/ubuntu-upgrade.yml index 8741b8cf8..cc0faf3a5 100644 --- a/etc/kayobe/ansible/ubuntu-upgrade.yml +++ b/etc/kayobe/ansible/ubuntu-upgrade.yml @@ -1,22 +1,22 @@ --- # To prevent Ansible role dependency errors, this playbook requires that environment variable # ANSIBLE_ROLES_PATH is defined and includes '$KAYOBE_PATH/ansible/roles' on the Ansible control host. -- name: Migrate hosts from Ubuntu Focal 20.04 to Jammy 22.04 +- name: Migrate hosts from Ubuntu Jammy 22.04 to Noble 24.04 hosts: overcloud:infra-vms:seed:seed-hypervisor vars: ansible_python_interpreter: /usr/bin/python3 reboot_timeout_s: "{{ 20 * 60 }}" tasks: - - name: Assert that hosts are running Ubuntu Focal + - name: Assert that hosts are running Ubuntu Jammy ansible.builtin.assert: that: - ansible_facts.distribution == 'Ubuntu' - - ansible_facts.distribution_major_version == '20' - - ansible_facts.distribution_release == 'focal' + - ansible_facts.distribution_major_version == '22' + - ansible_facts.distribution_release == 'jammy' - os_distribution == 'ubuntu' fail_msg: >- - This playbook is only designed for Ubuntu Focal 20.04 hosts. Ensure - that you are limiting it to only run on Focal hosts and + This playbook is only designed for Ubuntu Jammy 22.04 hosts. Ensure + that you are limiting it to only run on Jammy hosts and os_distribution is set to ubuntu. - name: Ensure apt packages are up to date @@ -53,14 +53,14 @@ when: file_status.stat.exists # NOTE: We cannot use apt_repository here because definitions must exist within the standard repos.list - - name: Ensure Jammy repo definitions exist in sources.list + - name: Ensure Noble repo definitions exist in sources.list ansible.builtin.blockinfile: path: /etc/apt/sources.list block: | - deb {{ stackhpc_repo_ubuntu_jammy_url }} jammy main restricted universe multiverse - deb {{ stackhpc_repo_ubuntu_jammy_url }} jammy-updates main restricted universe multiverse - deb {{ stackhpc_repo_ubuntu_jammy_url }} jammy-backports main restricted universe multiverse - deb {{ stackhpc_repo_ubuntu_jammy_security_url }} jammy-security main restricted universe multiverse + deb {{ stackhpc_repo_ubuntu_noble_url }} noble main restricted universe multiverse + deb {{ stackhpc_repo_ubuntu_noble_url }} noble-updates main restricted universe multiverse + deb {{ stackhpc_repo_ubuntu_noble_url }} noble-backports main restricted universe multiverse + deb {{ stackhpc_repo_ubuntu_noble_security_url }} noble-security main restricted universe multiverse become: true - name: Do release upgrade @@ -87,13 +87,13 @@ - name: Run the Kayobe network configuration playbook, to ensure definitions are not lost on reboot import_playbook: "{{ lookup('ansible.builtin.env', 'VIRTUAL_ENV') }}/share/kayobe/ansible/network.yml" -- name: Reboot and confirm the host is upgraded to Jammy 22.04 +- name: Reboot and confirm the host is upgraded to Noble 24.04 hosts: overcloud:infra-vms:seed:seed-hypervisor vars: ansible_python_interpreter: /usr/bin/python3 reboot_timeout_s: "{{ 20 * 60 }}" tasks: - - name: Ensure Jammy repo definitions do not exist in sources.list + - name: Ensure Noble repo definitions do not exist in sources.list ansible.builtin.blockinfile: path: /etc/apt/sources.list state: absent @@ -126,8 +126,8 @@ filter: "{{ kayobe_ansible_setup_filter }}" gather_subset: "{{ kayobe_ansible_setup_gather_subset }}" - - name: Assert that hosts are now using Ubuntu 22 + - name: Assert that hosts are now using Ubuntu 24.04 ansible.builtin.assert: that: - - ansible_facts.distribution_major_version == '22' - - ansible_facts.distribution_release == 'jammy' + - ansible_facts.distribution_major_version == '24' + - ansible_facts.distribution_release == 'noble' diff --git a/etc/kayobe/apt.yml b/etc/kayobe/apt.yml index 1d6d92a79..d27bc1ff1 100644 --- a/etc/kayobe/apt.yml +++ b/etc/kayobe/apt.yml @@ -50,34 +50,22 @@ apt_keys: # (optional, default is unset) # Default is an empty list. stackhpc_apt_repositories: - - url: "{{ stackhpc_repo_ubuntu_jammy_url }}" + - url: "{{ stackhpc_repo_ubuntu_noble_url }}" suites: "{{ ansible_facts.distribution_release }} {{ ansible_facts.distribution_release }}-updates {{ ansible_facts.distribution_release }}-backports" components: main restricted universe multiverse architecture: amd64 required: true - - url: "{{ stackhpc_repo_ubuntu_jammy_security_url }}" + - url: "{{ stackhpc_repo_ubuntu_noble_security_url }}" suites: "{{ ansible_facts.distribution_release }}-security" components: main restricted universe multiverse architecture: amd64 required: true - - url: "{{ stackhpc_repo_ubuntu_jammy_cve_2024_6387_url }}" - suites: "pulp" - components: upload - architecture: amd64 - trusted: yes - required: true - - url: "{{ stackhpc_repo_docker_ce_ubuntu_jammy_url }}" + - url: "{{ stackhpc_repo_docker_ce_ubuntu_noble_url }}" suites: "{{ ansible_facts.distribution_release }}" components: stable signed_by: docker.asc architecture: amd64 required: true - - url: "{{ stackhpc_repo_ceph_reef_debian_url }}" - suites: "{{ ansible_facts.distribution_release }}" - components: main - signed_by: ceph.asc - architecture: amd64 - required: true # Do not replace apt configuration for non-overcloud hosts. This can result in # errors if apt reconfiguration is performed before local repository mirrors diff --git a/etc/kayobe/cephadm.yml b/etc/kayobe/cephadm.yml index c0e9a995f..c35beea36 100644 --- a/etc/kayobe/cephadm.yml +++ b/etc/kayobe/cephadm.yml @@ -14,9 +14,6 @@ cephadm_image: "{{ stackhpc_docker_registry if stackhpc_sync_ceph_images | bool # Ceph container image tag. cephadm_image_tag: "v18.2.4" -# Ceph custom repo workaround for Ubuntu Jammy as there are no official ceph repos for jammy. -cephadm_custom_repos: "{{ ansible_facts['distribution_release'] == 'jammy' }}" - # HAProxy container image. cephadm_haproxy_image: "{{ stackhpc_docker_registry if stackhpc_sync_ceph_images | bool else 'quay.io' }}/ceph/haproxy:{{ cephadm_haproxy_image_tag }}" diff --git a/etc/kayobe/environments/aufn-ceph/globals.yml b/etc/kayobe/environments/aufn-ceph/globals.yml index 5ef9e0cb4..2e3d26996 100644 --- a/etc/kayobe/environments/aufn-ceph/globals.yml +++ b/etc/kayobe/environments/aufn-ceph/globals.yml @@ -9,7 +9,7 @@ os_distribution: "{{ lookup('pipe', '. /etc/os-release && echo $ID') | trim }}" # OS release. Valid options are "9" when os_distribution is "rocky", or -# "jammy" when os_distribution is "ubuntu". +# "noble" when os_distribution is "ubuntu". os_release: >- {{ (lookup('pipe', '. /etc/os-release && echo $VERSION_CODENAME') | trim) if os_distribution == 'ubuntu' else (lookup('pipe', '. /etc/os-release && echo $VERSION_ID') | trim | split('.') | first) if os_distribution == 'rocky' }} diff --git a/etc/kayobe/environments/aufn-ceph/kolla/config/bifrost/bifrost.yml b/etc/kayobe/environments/aufn-ceph/kolla/config/bifrost/bifrost.yml index df8dc9d60..ab78a8035 100644 --- a/etc/kayobe/environments/aufn-ceph/kolla/config/bifrost/bifrost.yml +++ b/etc/kayobe/environments/aufn-ceph/kolla/config/bifrost/bifrost.yml @@ -7,7 +7,7 @@ download_ipa: true # Use a locally hosted cloud image. use_cirros: true {% if os_distribution == 'ubuntu' %} -cirros_deploy_image_upstream_url: "https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64.img" +cirros_deploy_image_upstream_url: "https://cloud-images.ubuntu.com/noble/current/noble-server-cloudimg-amd64.img" {% else %} cirros_deploy_image_upstream_url: "https://dl.rockylinux.org/pub/rocky/9/images/x86_64/Rocky-9-GenericCloud.latest.x86_64.qcow2" {% endif %} diff --git a/etc/kayobe/environments/ci-aio/globals.yml b/etc/kayobe/environments/ci-aio/globals.yml index f65cba9f1..b7fda2fb8 100644 --- a/etc/kayobe/environments/ci-aio/globals.yml +++ b/etc/kayobe/environments/ci-aio/globals.yml @@ -50,7 +50,7 @@ os_distribution: "{{ lookup('pipe', '. /etc/os-release && echo $ID') | trim }}" # OS release. Valid options are "9" when os_distribution is "rocky", or -# "jammy" when os_distribution is "ubuntu". +# "noble" when os_distribution is "ubuntu". os_release: >- {{ (lookup('pipe', '. /etc/os-release && echo $VERSION_CODENAME') | trim) if os_distribution == 'ubuntu' else (lookup('pipe', '. /etc/os-release && echo $VERSION_ID') | trim | split('.') | first) if os_distribution == 'rocky' }} diff --git a/etc/kayobe/environments/ci-aio/stackhpc-ci.yml b/etc/kayobe/environments/ci-aio/stackhpc-ci.yml index 50af5d160..4252b65fb 100644 --- a/etc/kayobe/environments/ci-aio/stackhpc-ci.yml +++ b/etc/kayobe/environments/ci-aio/stackhpc-ci.yml @@ -25,12 +25,10 @@ stackhpc_repo_mirror_password: !vault | stackhpc_repo_grafana_version: "{{ stackhpc_pulp_repo_grafana_version }}" stackhpc_repo_rhel9_rabbitmq_erlang_version: "{{ stackhpc_pulp_repo_rhel9_rabbitmq_erlang_version }}" stackhpc_repo_rhel9_rabbitmq_server_version: "{{ stackhpc_pulp_repo_rhel9_rabbitmq_server_version }}" -stackhpc_repo_ubuntu_jammy_version: "{{ stackhpc_pulp_repo_ubuntu_jammy_version }}" -stackhpc_repo_ubuntu_jammy_security_version: "{{ stackhpc_pulp_repo_ubuntu_jammy_security_version }}" -stackhpc_repo_ubuntu_jammy_cve_2024_6387_version: "" +stackhpc_repo_ubuntu_noble_version: "{{ stackhpc_pulp_repo_ubuntu_noble_version }}" +stackhpc_repo_ubuntu_noble_security_version: "{{ stackhpc_pulp_repo_ubuntu_noble_security_version }}" stackhpc_repo_ubuntu_cloud_archive_version: "{{ stackhpc_pulp_repo_ubuntu_cloud_archive_version }}" -stackhpc_repo_docker_ce_ubuntu_jammy_version: "{{ stackhpc_pulp_repo_docker_ce_ubuntu_jammy_version }}" -stackhpc_repo_ceph_reef_debian_version: "{{ stackhpc_pulp_repo_ceph_reef_debian_version }}" +stackhpc_repo_docker_ce_ubuntu_noble_version: "{{ stackhpc_pulp_repo_docker_ce_ubuntu_noble_version }}" stackhpc_repo_centos_stream_9_nfv_openvswitch_version: "{{ stackhpc_pulp_repo_centos_stream_9_nfv_openvswitch_version }}" stackhpc_repo_centos_stream_9_openstack_caracal_version: "{{ stackhpc_pulp_repo_centos_stream_9_openstack_caracal_version }}" stackhpc_repo_centos_stream_9_opstools_version: "{{ stackhpc_pulp_repo_centos_stream_9_opstools_version }}" diff --git a/etc/kayobe/environments/ci-builder/stackhpc-ci.yml b/etc/kayobe/environments/ci-builder/stackhpc-ci.yml index ffe880831..6eda10ce9 100644 --- a/etc/kayobe/environments/ci-builder/stackhpc-ci.yml +++ b/etc/kayobe/environments/ci-builder/stackhpc-ci.yml @@ -51,12 +51,10 @@ stackhpc_repo_mirror_password: !vault | stackhpc_repo_grafana_version: "{{ stackhpc_pulp_repo_grafana_version }}" stackhpc_repo_rhel9_rabbitmq_erlang_version: "{{ stackhpc_pulp_repo_rhel9_rabbitmq_erlang_version }}" stackhpc_repo_rhel9_rabbitmq_server_version: "{{ stackhpc_pulp_repo_rhel9_rabbitmq_server_version }}" -stackhpc_repo_ubuntu_jammy_version: "{{ stackhpc_pulp_repo_ubuntu_jammy_version }}" -stackhpc_repo_ubuntu_jammy_security_version: "{{ stackhpc_pulp_repo_ubuntu_jammy_security_version }}" -stackhpc_repo_ubuntu_jammy_cve_2024_6387_version: "" +stackhpc_repo_ubuntu_noble_version: "{{ stackhpc_pulp_repo_ubuntu_noble_version }}" +stackhpc_repo_ubuntu_noble_security_version: "{{ stackhpc_pulp_repo_ubuntu_noble_security_version }}" stackhpc_repo_ubuntu_cloud_archive_version: "{{ stackhpc_pulp_repo_ubuntu_cloud_archive_version }}" -stackhpc_repo_docker_ce_ubuntu_jammy_version: "{{ stackhpc_pulp_repo_docker_ce_ubuntu_jammy_version }}" -stackhpc_repo_ceph_reef_debian_version: "{{ stackhpc_pulp_repo_ceph_reef_debian_version }}" +stackhpc_repo_docker_ce_ubuntu_noble_version: "{{ stackhpc_pulp_repo_docker_ce_ubuntu_noble_version }}" stackhpc_repo_centos_stream_9_nfv_openvswitch_version: "{{ stackhpc_pulp_repo_centos_stream_9_nfv_openvswitch_version }}" stackhpc_repo_centos_stream_9_openstack_caracal_version: "{{ stackhpc_pulp_repo_centos_stream_9_openstack_caracal_version }}" stackhpc_repo_centos_stream_9_opstools_version: "{{ stackhpc_pulp_repo_centos_stream_9_opstools_version }}" @@ -102,7 +100,7 @@ stackhpc_release_pulp_password: "{{ stackhpc_docker_registry_password }}" ipa_build_images: true ipa_build_dib_env_extra: DISTRO_NAME: "{{ ipa_ci_builder_distribution | default('ubuntu') }}" - DIB_RELEASE: "{{ ipa_ci_builder_release | default('jammy') }}" + DIB_RELEASE: "{{ ipa_ci_builder_release | default('noble') }}" # Ensure Ark repos are disabled during CI runs, this is due to # builder being a member of the 'overcloud' group for IPA builds. diff --git a/etc/kayobe/environments/ci-multinode/globals.yml b/etc/kayobe/environments/ci-multinode/globals.yml index de497cb84..a9157f07d 100644 --- a/etc/kayobe/environments/ci-multinode/globals.yml +++ b/etc/kayobe/environments/ci-multinode/globals.yml @@ -50,7 +50,7 @@ os_distribution: "{{ lookup('pipe', '. /etc/os-release && echo $ID') | trim }}" # OS release. Valid options are "9" when os_distribution is "rocky", or -# "jammy" when os_distribution is "ubuntu". +# "noble" when os_distribution is "ubuntu". os_release: >- {{ (lookup('pipe', '. /etc/os-release && echo $VERSION_CODENAME') | trim) if os_distribution == 'ubuntu' else (lookup('pipe', '. /etc/os-release && echo $VERSION_ID') | trim | split('.') | first) if os_distribution == 'rocky' }} diff --git a/etc/kayobe/environments/ci-multinode/stackhpc-ci.yml b/etc/kayobe/environments/ci-multinode/stackhpc-ci.yml index 6e10b63ea..30e4b1a57 100644 --- a/etc/kayobe/environments/ci-multinode/stackhpc-ci.yml +++ b/etc/kayobe/environments/ci-multinode/stackhpc-ci.yml @@ -25,12 +25,10 @@ stackhpc_repo_mirror_password: !vault | stackhpc_repo_grafana_version: "{{ stackhpc_pulp_repo_grafana_version }}" stackhpc_repo_rhel9_rabbitmq_erlang_version: "{{ stackhpc_pulp_repo_rhel9_rabbitmq_erlang_version }}" stackhpc_repo_rhel9_rabbitmq_server_version: "{{ stackhpc_pulp_repo_rhel9_rabbitmq_server_version }}" -stackhpc_repo_ubuntu_jammy_version: "{{ stackhpc_pulp_repo_ubuntu_jammy_version }}" -stackhpc_repo_ubuntu_jammy_security_version: "{{ stackhpc_pulp_repo_ubuntu_jammy_security_version }}" -stackhpc_repo_ubuntu_jammy_cve_2024_6387_version: "" +stackhpc_repo_ubuntu_noble_version: "{{ stackhpc_pulp_repo_ubuntu_noble_version }}" +stackhpc_repo_ubuntu_noble_security_version: "{{ stackhpc_pulp_repo_ubuntu_noble_security_version }}" stackhpc_repo_ubuntu_cloud_archive_version: "{{ stackhpc_pulp_repo_ubuntu_cloud_archive_version }}" -stackhpc_repo_docker_ce_ubuntu_jammy_version: "{{ stackhpc_pulp_repo_docker_ce_ubuntu_jammy_version }}" -stackhpc_repo_ceph_reef_debian_version: "{{ stackhpc_pulp_repo_ceph_reef_debian_version }}" +stackhpc_repo_docker_ce_ubuntu_noble_version: "{{ stackhpc_pulp_repo_docker_ce_ubuntu_noble_version }}" stackhpc_repo_centos_stream_9_nfv_openvswitch_version: "{{ stackhpc_pulp_repo_centos_stream_9_nfv_openvswitch_version }}" stackhpc_repo_centos_stream_9_openstack_caracal_version: "{{ stackhpc_pulp_repo_centos_stream_9_openstack_caracal_version }}" stackhpc_repo_centos_stream_9_opstools_version: "{{ stackhpc_pulp_repo_centos_stream_9_opstools_version }}" diff --git a/etc/kayobe/inventory/group_vars/cis-hardening/cis b/etc/kayobe/inventory/group_vars/cis-hardening/cis index 2c103cb34..9c9c48fbe 100644 --- a/etc/kayobe/inventory/group_vars/cis-hardening/cis +++ b/etc/kayobe/inventory/group_vars/cis-hardening/cis @@ -74,38 +74,39 @@ rhel9cis_set_boot_pass: false rhel9cis_rule_5_6_1_1: false ############################################################################## -# Ubuntu Jammy CIS Hardening Configuration +# Ubuntu Noble CIS Hardening Configuration +# FIXME: These settings are untested, they are just carried over from Jammy -# Ubuntu 22 CIS configuration +# Ubuntu 24 CIS configuration # Disable changing routing rules -ubtu22cis_is_router: true +ubtu24cis_is_router: true # Set Chrony as the time sync tool -ubtu22cis_time_sync_tool: "chrony" +ubtu24cis_time_sync_tool: "chrony" # Disable CIS from configuring the firewall -ubtu22cis_firewall_package: "none" +ubtu24cis_firewall_package: "none" # Stop CIS from installing Network Manager -ubtu22cis_install_network_manager: false +ubtu24cis_install_network_manager: false # Set syslog service to journald -ubtu22cis_syslog_service: journald +ubtu24cis_syslog_service: journald # Squashfs is compiled into the kernel -ubtu22cis_rule_1_1_1_2: false +ubtu24cis_rule_1_1_1_2: false # This updates the system. Let's do this explicitly. -ubtu22cis_rule_1_9: false +ubtu24cis_rule_1_9: false # Do not change Chrony Time servers -ubtu22cis_rule_2_1_2_1: false +ubtu24cis_rule_2_1_2_1: false # Disable CIS from touching sudoers -ubtu22cis_rule_5_3_4: false +ubtu24cis_rule_5_3_4: false # Add stack and kolla to allowed ssh users -ubtu22cis_sshd: +ubtu24cis_sshd: log_level: "INFO" max_auth_tries: 4 ciphers: @@ -143,52 +144,52 @@ ubtu22cis_sshd: # takes a long time. Related to the changing permissions block below. This # would normally warn you about violations, but we can use Wazuh to continually # monitor this. -ubtu22cis_rule_6_1_9: false -ubtu22cis_rule_6_1_10: false -ubtu22cis_rule_6_1_11: false -ubtu22cis_rule_6_1_12: false -ubtu22cis_rule_6_1_13: false +ubtu24cis_rule_6_1_9: false +ubtu24cis_rule_6_1_10: false +ubtu24cis_rule_6_1_11: false +ubtu24cis_rule_6_1_12: false +ubtu24cis_rule_6_1_13: false # The following rules change permissions on all files on every mounted # filesystem. We do not want to change /var/lib/docker permissions. -ubtu22cis_no_group_adjust: false -ubtu22cis_no_owner_adjust: false -ubtu22cis_no_world_write_adjust: false -ubtu22cis_suid_adjust: false +ubtu24cis_no_group_adjust: false +ubtu24cis_no_owner_adjust: false +ubtu24cis_no_world_write_adjust: false +ubtu24cis_suid_adjust: false # Prevent hardening from recursivley changing permissions on log files -ubtu22cis_rule_4_2_3: false +ubtu24cis_rule_4_2_3: false # Configure log rotation to prevent audit logs from filling the disk -ubtu22cis_auditd: +ubtu24cis_auditd: action_mail_acct: root space_left_action: syslog admin_space_left_action: syslog max_log_file_action: rotate # Max size of audit logs (MB) -ubtu22cis_max_log_file_size: 1024 +ubtu24cis_max_log_file_size: 1024 # Disable grub bootloader password. Requires overriding -# ubtu22cis_bootloader_password_hash -ubtu22cis_rule_1_4_1: false -ubtu22cis_rule_1_4_3: false +# ubtu24cis_bootloader_password_hash +ubtu24cis_rule_1_4_1: false +ubtu24cis_rule_1_4_3: false # Disable: Ensure minimum days between password changes is configured -ubtu22cis_rule_5_5_1_1: false +ubtu24cis_rule_5_5_1_1: false # Disable: Ensure password expiration is 365 days or less -ubtu22cis_rule_5_5_1_2: false +ubtu24cis_rule_5_5_1_2: false # Disable: Ensure inactive password lock is 30 days or less -ubtu22cis_rule_5_5_1_4: false +ubtu24cis_rule_5_5_1_4: false # Disable: Ensure all users last password change date is in the past -ubtu22cis_rule_5_5_1_5: false +ubtu24cis_rule_5_5_1_5: false # The way this is disabled currently breaks kolla's IPV6 check, see: # https://bugs.launchpad.net/kolla-ansible/+bug/2071443 # Also matches RHEL hardening behavior. -ubtu22cis_ipv6_required: true +ubtu24cis_ipv6_required: true ############################################################################## diff --git a/etc/kayobe/inventory/group_vars/wazuh-manager/wazuh-manager b/etc/kayobe/inventory/group_vars/wazuh-manager/wazuh-manager index d758aa235..76ce10766 100644 --- a/etc/kayobe/inventory/group_vars/wazuh-manager/wazuh-manager +++ b/etc/kayobe/inventory/group_vars/wazuh-manager/wazuh-manager @@ -130,8 +130,8 @@ wazuh_manager_vulnerability_detector: providers: - enabled: 'yes' os: - - 'focal' - 'jammy' + - 'noble' update_interval: '1h' name: '"canonical"' - enabled: 'yes' diff --git a/etc/kayobe/kolla-image-tags.yml b/etc/kayobe/kolla-image-tags.yml index 85ced7397..b36d23798 100644 --- a/etc/kayobe/kolla-image-tags.yml +++ b/etc/kayobe/kolla-image-tags.yml @@ -2,19 +2,20 @@ # Dict of Kolla image tags to deploy for each service. # Each key is the tag variable prefix name, and the value is another dict, # where the key is the OS distro and the value is the tag to deploy. +# TODO: Build real master images kolla_image_tags: openstack: rocky-9: 2024.1-rocky-9-20241218T141751 - ubuntu-jammy: 2024.1-ubuntu-jammy-20241218T141809 + ubuntu-noble: 2024.1-ubuntu-noble-20241218T141809 ironic_prometheus_exporter: rocky-9: 2024.1-rocky-9-20250124T081816 - ubuntu-jammy: 2024.1-ubuntu-jammy-20250124T081816 + ubuntu-noble: 2024.1-ubuntu-noble-20250124T081816 magnum: rocky-9: 2024.1-rocky-9-20250102T094625 - ubuntu-jammy: 2024.1-ubuntu-jammy-20250102T094625 + ubuntu-noble: 2024.1-ubuntu-noble-20250102T094625 nova_compute: rocky-9: 2024.1-rocky-9-20250127T211632 - ubuntu-jammy: 2024.1-ubuntu-jammy-20250127T211632 + ubuntu-noble: 2024.1-ubuntu-noble-20250127T211632 neutron: rocky-9: 2024.1-rocky-9-20250129T143601 - ubuntu-jammy: 2024.1-ubuntu-jammy-20250129T143601 + ubuntu-noble: 2024.1-ubuntu-noble-20250129T143601 diff --git a/etc/kayobe/kolla.yml b/etc/kayobe/kolla.yml index 29427f1ef..1200b3c36 100644 --- a/etc/kayobe/kolla.yml +++ b/etc/kayobe/kolla.yml @@ -240,19 +240,19 @@ stackhpc_yum_repos: "{{ stackhpc_rocky_9_repos }}" # the certificate provided by the upstream repo will not match the proxy's IP. stackhpc_ubuntu_repo_prefix: "deb {% if stackhpc_repo_mirror_auth_proxy_enabled | bool %}[trusted=yes] {% endif %}" -# List of base repositories for Ubuntu Jammy. -stackhpc_ubuntu_jammy_base_repos: - - "{{ stackhpc_ubuntu_repo_prefix }}{{ stackhpc_repo_ubuntu_jammy_url }} jammy main universe" - - "{{ stackhpc_ubuntu_repo_prefix }}{{ stackhpc_repo_ubuntu_jammy_url }} jammy-updates main universe" - - "{{ stackhpc_ubuntu_repo_prefix }}{{ stackhpc_repo_ubuntu_jammy_url }} jammy-backports main universe" - - "{{ stackhpc_ubuntu_repo_prefix }}{{ stackhpc_repo_ubuntu_jammy_security_url }} jammy-security main universe" +# List of base repositories for Ubuntu Noble. +stackhpc_ubuntu_noble_base_repos: + - "{{ stackhpc_ubuntu_repo_prefix }}{{ stackhpc_repo_ubuntu_noble_url }} noble main universe" + - "{{ stackhpc_ubuntu_repo_prefix }}{{ stackhpc_repo_ubuntu_noble_url }} noble-updates main universe" + - "{{ stackhpc_ubuntu_repo_prefix }}{{ stackhpc_repo_ubuntu_noble_url }} noble-backports main universe" + - "{{ stackhpc_ubuntu_repo_prefix }}{{ stackhpc_repo_ubuntu_noble_security_url }} noble-security main universe" -# List of UCA repositories for Ubuntu Jammy. -stackhpc_ubuntu_jammy_uca_repos: - - "{{ stackhpc_ubuntu_repo_prefix }}{{ stackhpc_repo_ubuntu_cloud_archive_url }} jammy-updates/{{ openstack_release_codename }} main" +# List of UCA repositories for Ubuntu Noble. +stackhpc_ubuntu_noble_uca_repos: + - "{{ stackhpc_ubuntu_repo_prefix }}{{ stackhpc_repo_ubuntu_cloud_archive_url }} noble-updates/{{ openstack_release_codename }} main" -# List of repositories for Ubuntu Jammy. -stackhpc_ubuntu_jammy_repos: "{{ stackhpc_ubuntu_jammy_base_repos + stackhpc_ubuntu_jammy_uca_repos }}" +# List of repositories for Ubuntu Noble. +stackhpc_ubuntu_noble_repos: "{{ stackhpc_ubuntu_noble_base_repos + stackhpc_ubuntu_noble_uca_repos }}" # Whether to revert to the upstream mirrors in built Kolla container images. stackhpc_kolla_clean_up_repo_mirrors: true @@ -280,7 +280,7 @@ kolla_build_blocks: {# We lack the ca-certificates package at this stage, so don't verify the CA initially #} echo 'Acquire::https::Verify-Peer "false";' > /etc/apt/apt.conf.d/90no-verify-peer && \ {% endif %} - {% for repo in stackhpc_ubuntu_jammy_base_repos %} + {% for repo in stackhpc_ubuntu_noble_base_repos %} echo '{{ repo }}' >> /etc/apt/sources.list {% if not loop.last %} && \ {% endif %} {% endfor %} @@ -309,7 +309,7 @@ kolla_build_blocks: RUN \ rm /etc/apt/sources.list && \ rm -f /etc/apt/apt.conf.d/90no-verify-peer && \ - {% for repo in stackhpc_ubuntu_jammy_repos %} + {% for repo in stackhpc_ubuntu_noble_repos %} echo '{{ repo }}' >> /etc/apt/sources.list {% if not loop.last %} && \ {% endif %} {% endfor %} diff --git a/etc/kayobe/kolla/kolla-build.conf b/etc/kayobe/kolla/kolla-build.conf index 96699c2f7..db9caaa5d 100644 --- a/etc/kayobe/kolla/kolla-build.conf +++ b/etc/kayobe/kolla/kolla-build.conf @@ -3,7 +3,7 @@ {# snapshots, so pin to a specific tag. #} {# This tag should be updated when Ubuntu package repo snapshot versions are changed. #} {% if kolla_base_distro == 'ubuntu' %} -base_tag = jammy-20240808 +base_tag = noble-20241118.1 {# Similarly pinning to Rocky 9 minor version used in our repos #} {% elif kolla_base_distro == 'rocky' %} base_tag = 9.{{ stackhpc_pulp_repo_rocky_9_minor_version }} diff --git a/etc/kayobe/pulp-host-image-versions.yml b/etc/kayobe/pulp-host-image-versions.yml index 5e4ef717a..fa91d4657 100644 --- a/etc/kayobe/pulp-host-image-versions.yml +++ b/etc/kayobe/pulp-host-image-versions.yml @@ -1,5 +1,6 @@ --- # Overcloud host image versioning tags # These images must be in SMS, since they are used by our AIO CI runners +# TODO: Build real master images stackhpc_rocky_9_overcloud_host_image_version: "2024.1-20241209T151515" -stackhpc_ubuntu_jammy_overcloud_host_image_version: "2024.1-20250116T133659" +stackhpc_ubuntu_noble_overcloud_host_image_version: "2024.1-20250116T133659" diff --git a/etc/kayobe/pulp-ipa-image-versions.yml b/etc/kayobe/pulp-ipa-image-versions.yml index 0ecbdfdc3..69c4d14ae 100644 --- a/etc/kayobe/pulp-ipa-image-versions.yml +++ b/etc/kayobe/pulp-ipa-image-versions.yml @@ -1,4 +1,5 @@ --- # IPA image versioning tags +# TODO: Build real images stackhpc_rocky_9_ipa_image_version: "2024.1-20241231T102920" -stackhpc_ubuntu_jammy_ipa_image_version: "2024.1-20241206T160829" +stackhpc_ubuntu_noble_ipa_image_version: "2024.1-20241206T160829" diff --git a/etc/kayobe/pulp-repo-versions.yml b/etc/kayobe/pulp-repo-versions.yml index 672980bfb..9816834cf 100644 --- a/etc/kayobe/pulp-repo-versions.yml +++ b/etc/kayobe/pulp-repo-versions.yml @@ -7,7 +7,7 @@ stackhpc_pulp_repo_centos_stream_9_openstack_caracal_version: 20241212T022636 stackhpc_pulp_repo_centos_stream_9_opstools_version: 20231213T031318 stackhpc_pulp_repo_centos_stream_9_storage_ceph_reef_version: 20240923T233036 stackhpc_pulp_repo_ceph_reef_debian_version: 20240925T152022 -stackhpc_pulp_repo_docker_ce_ubuntu_jammy_version: 20241218T154614 +stackhpc_pulp_repo_docker_ce_ubuntu_noble_version: 20241218T154614 stackhpc_pulp_repo_elrepo_9_version: 20241129T235743 stackhpc_pulp_repo_epel_9_version: 20241216T235733 stackhpc_pulp_repo_grafana_version: 20241216T002739 @@ -47,5 +47,5 @@ stackhpc_pulp_repo_rocky_9_5_extras_version: 20241216T004230 stackhpc_pulp_repo_rocky_9_5_highavailability_version: 20241202T003154 stackhpc_pulp_repo_rocky_9_sig_security_common_version: 20241127T003858 stackhpc_pulp_repo_ubuntu_cloud_archive_version: 20241217T045049 -stackhpc_pulp_repo_ubuntu_jammy_security_version: 20241217T071258 -stackhpc_pulp_repo_ubuntu_jammy_version: 20241217T071258 +stackhpc_pulp_repo_ubuntu_noble_security_version: 20241217T071258 +stackhpc_pulp_repo_ubuntu_noble_version: 20241217T071258 diff --git a/etc/kayobe/pulp.yml b/etc/kayobe/pulp.yml index 4db12d267..3b6d59115 100644 --- a/etc/kayobe/pulp.yml +++ b/etc/kayobe/pulp.yml @@ -62,7 +62,7 @@ stackhpc_pulp_sync_for_local_container_build: false # Debs # Whether to sync Ubuntu packages. -stackhpc_pulp_sync_ubuntu_jammy: "{{ os_distribution == 'ubuntu' }}" +stackhpc_pulp_sync_ubuntu_noble: "{{ os_distribution == 'ubuntu' }}" # Default configuration, which each element of stackhpc_pulp_deb_repos # is combined with @@ -79,30 +79,22 @@ stackhpc_pulp_deb_repos_default_config: # Deb repositories stackhpc_pulp_deb_repos: - # Base Ubuntu Jammy repositories - - name: "Ubuntu jammy" - url: "{{ stackhpc_release_pulp_content_url }}/ubuntu/jammy/{{ stackhpc_pulp_repo_ubuntu_jammy_version }}" - distribution_name: "ubuntu-jammy-" - base_path: "ubuntu/jammy/" + # Base Ubuntu Noble repositories + - name: "Ubuntu Noble" + url: "{{ stackhpc_release_pulp_content_url }}/ubuntu/noble/{{ stackhpc_pulp_repo_ubuntu_noble_version }}" + distribution_name: "ubuntu-noble-" + base_path: "ubuntu/noble/" components: "main restricted universe multiverse" - distributions: "jammy jammy-updates jammy-backports" - required: "{{ stackhpc_pulp_sync_ubuntu_jammy | bool }}" + distributions: "noble noble-updates noble-backports" + required: "{{ stackhpc_pulp_sync_ubuntu_noble | bool }}" - - name: "Ubuntu jammy security" - url: "{{ stackhpc_release_pulp_content_url }}/ubuntu/jammy-security/{{ stackhpc_pulp_repo_ubuntu_jammy_security_version }}" - distribution_name: "ubuntu-jammy-security-" - base_path: "ubuntu/jammy-security/" + - name: "Ubuntu Noble security" + url: "{{ stackhpc_release_pulp_content_url }}/ubuntu/noble-security/{{ stackhpc_pulp_repo_ubuntu_noble_security_version }}" + distribution_name: "ubuntu-noble-security-" + base_path: "ubuntu/noble-security/" components: "main restricted universe multiverse" - distributions: "jammy-security" - required: "{{ stackhpc_pulp_sync_ubuntu_jammy | bool }}" - - - name: "Ubuntu jammy CVE-2024-6387" - url: "{{ stackhpc_release_pulp_content_url }}/ubuntu-jammy-cve-2024-6387/" - distribution_name: "ubuntu-jammy-cve-2024-6387-" - base_path: "ubuntu-jammy-cve-2024-6387/" - components: "upload" - distributions: "pulp" - required: "{{ stackhpc_pulp_sync_ubuntu_jammy | bool }}" + distributions: "noble-security" + required: "{{ stackhpc_pulp_sync_ubuntu_noble | bool }}" # Ubuntu Cloud Archive (UCA) repositories - name: "Ubuntu Cloud Archive" @@ -110,25 +102,17 @@ stackhpc_pulp_deb_repos: distribution_name: "ubuntu-cloud-archive-" base_path: "ubuntu-cloud-archive/" components: "main" - distributions: "jammy-updates/{{ openstack_release_codename }}" - required: "{{ stackhpc_pulp_sync_ubuntu_jammy | bool }}" + distributions: "noble-updates/{{ openstack_release_codename }}" + required: "{{ stackhpc_pulp_sync_ubuntu_noble | bool }}" # Third-party repositories - - name: "Docker CE for Ubuntu Jammy" - url: "{{ stackhpc_release_pulp_content_url }}/docker-ce/ubuntu-jammy/{{ stackhpc_pulp_repo_docker_ce_ubuntu_jammy_version }}" - distribution_name: "docker-ce-for-ubuntu-jammy-" - base_path: "docker-ce/ubuntu-jammy/" - distributions: "jammy" + - name: "Docker CE for Ubuntu Noble" + url: "{{ stackhpc_release_pulp_content_url }}/docker-ce/ubuntu-noble/{{ stackhpc_pulp_repo_docker_ce_ubuntu_noble_version }}" + distribution_name: "docker-ce-for-ubuntu-noble-" + base_path: "docker-ce/ubuntu-noble/" + distributions: "noble" components: "stable" - required: "{{ stackhpc_pulp_sync_ubuntu_jammy | bool }}" - - - name: "Ceph Reef for Debian" - url: "{{ stackhpc_release_pulp_content_url }}/ceph/debian-reef/{{ stackhpc_pulp_repo_ceph_reef_debian_version }}" - distribution_name: "ceph-reef-debian-" - base_path: "ceph/debian-reef/" - distributions: "jammy" - components: "main" - required: "{{ stackhpc_pulp_sync_ubuntu_jammy | bool }}" + required: "{{ stackhpc_pulp_sync_ubuntu_noble | bool }}" # Publication format is a subset of distribution. stackhpc_pulp_publication_deb_development: "{{ stackhpc_pulp_distribution_deb_development }}" @@ -544,7 +528,7 @@ stackhpc_pulp_images_kolla: # List of images for each base distribution which should not/cannot be built. stackhpc_kolla_unbuildable_images: - ubuntu-jammy: [] + ubuntu-noble: [] rocky-9: [] # Whitespace-separated list of regular expressions matching Kolla image names. diff --git a/etc/kayobe/stackhpc-ipa-images.yml b/etc/kayobe/stackhpc-ipa-images.yml index 2246e678a..c8c1d722e 100644 --- a/etc/kayobe/stackhpc-ipa-images.yml +++ b/etc/kayobe/stackhpc-ipa-images.yml @@ -17,4 +17,4 @@ stackhpc_ipa_image_url: "{{ stackhpc_release_pulp_content_url }}/ipa-images/\ # IPA image version tag selection stackhpc_ipa_image_version: >- {{ stackhpc_rocky_9_ipa_image_version if os_distribution == 'rocky' and os_release == '9' else - stackhpc_ubuntu_jammy_ipa_image_version if os_distribution == 'ubuntu' and os_release == 'jammy' }} + stackhpc_ubuntu_noble_ipa_image_version if os_distribution == 'ubuntu' and os_release == 'noble' }} diff --git a/etc/kayobe/stackhpc-overcloud-host-images.yml b/etc/kayobe/stackhpc-overcloud-host-images.yml index e9de707e1..9e4546fc2 100644 --- a/etc/kayobe/stackhpc-overcloud-host-images.yml +++ b/etc/kayobe/stackhpc-overcloud-host-images.yml @@ -6,7 +6,7 @@ stackhpc_download_overcloud_host_images: false # Whether or not to use images with MLNX_OFED installed (for deployment using -# mellanox/Nvidia NICs). Only available for Ubuntu Jammy and Rocky Linux 9 +# mellanox/Nvidia NICs). Only available for Ubuntu Noble and Rocky Linux 9 # OFED images are currently WIP and this variable is a placeholder stackhpc_overcloud_host_image_is_ofed: false @@ -22,4 +22,4 @@ stackhpc_overcloud_host_image_url: "{{ stackhpc_release_pulp_content_url_with_au # Overcloud host image version tag selection stackhpc_overcloud_host_image_version: >- {{ stackhpc_rocky_9_overcloud_host_image_version if os_distribution == 'rocky' and os_release == '9' else - stackhpc_ubuntu_jammy_overcloud_host_image_version if os_distribution == 'ubuntu' and os_release == 'jammy' }} + stackhpc_ubuntu_noble_overcloud_host_image_version if os_distribution == 'ubuntu' and os_release == 'noble' }} diff --git a/etc/kayobe/stackhpc.yml b/etc/kayobe/stackhpc.yml index b1955c02b..6394327f2 100644 --- a/etc/kayobe/stackhpc.yml +++ b/etc/kayobe/stackhpc.yml @@ -29,29 +29,21 @@ stackhpc_rocky_9_url_version: "{{ '9.' + stackhpc_pulp_repo_rocky_9_minor_versio ############################################################################### # Debs -# Ubuntu jammy -stackhpc_repo_ubuntu_jammy_url: "{{ stackhpc_repo_mirror_url }}/pulp/content/ubuntu/jammy/{{ stackhpc_repo_ubuntu_jammy_version }}" -stackhpc_repo_ubuntu_jammy_version: "{{ stackhpc_repo_distribution }}" +# Ubuntu noble +stackhpc_repo_ubuntu_noble_url: "{{ stackhpc_repo_mirror_url }}/pulp/content/ubuntu/noble/{{ stackhpc_repo_ubuntu_noble_version }}" +stackhpc_repo_ubuntu_noble_version: "{{ stackhpc_repo_distribution }}" -# Ubuntu jammy security -stackhpc_repo_ubuntu_jammy_security_url: "{{ stackhpc_repo_mirror_url }}/pulp/content/ubuntu/jammy-security/{{ stackhpc_repo_ubuntu_jammy_security_version }}" -stackhpc_repo_ubuntu_jammy_security_version: "{{ stackhpc_repo_distribution }}" - -# Ubuntu jammy CVE-3034-6287 -stackhpc_repo_ubuntu_jammy_cve_2024_6387_url: "{{ stackhpc_repo_mirror_url }}/pulp/content/ubuntu-jammy-cve-2024-6387/{{ stackhpc_repo_ubuntu_jammy_cve_2024_6387_version }}" -stackhpc_repo_ubuntu_jammy_cve_2024_6387_version: "{{ stackhpc_repo_distribution }}" +# Ubuntu noble security +stackhpc_repo_ubuntu_noble_security_url: "{{ stackhpc_repo_mirror_url }}/pulp/content/ubuntu/noble-security/{{ stackhpc_repo_ubuntu_noble_security_version }}" +stackhpc_repo_ubuntu_noble_security_version: "{{ stackhpc_repo_distribution }}" # Ubuntu Cloud Archive stackhpc_repo_ubuntu_cloud_archive_url: "{{ stackhpc_repo_mirror_url }}/pulp/content/ubuntu-cloud-archive/{{ stackhpc_repo_ubuntu_cloud_archive_version }}" stackhpc_repo_ubuntu_cloud_archive_version: "{{ stackhpc_repo_distribution }}" -# Docker CE for Ubuntu Jammy -stackhpc_repo_docker_ce_ubuntu_jammy_url: "{{ stackhpc_repo_mirror_url }}/pulp/content/docker-ce/ubuntu-jammy/{{ stackhpc_repo_docker_ce_ubuntu_jammy_version }}" -stackhpc_repo_docker_ce_ubuntu_jammy_version: "{{ stackhpc_repo_distribution }}" - -# Ceph Reef for Debian -stackhpc_repo_ceph_reef_debian_url: "{{ stackhpc_repo_mirror_url }}/pulp/content/ceph/debian-reef/{{ stackhpc_repo_ceph_reef_debian_version }}" -stackhpc_repo_ceph_reef_debian_version: "{{ stackhpc_repo_distribution }}" +# Docker CE for Ubuntu Noble +stackhpc_repo_docker_ce_ubuntu_noble_url: "{{ stackhpc_repo_mirror_url }}/pulp/content/docker-ce/ubuntu-noble/{{ stackhpc_repo_docker_ce_ubuntu_noble_version }}" +stackhpc_repo_docker_ce_ubuntu_noble_version: "{{ stackhpc_repo_distribution }}" ############################################################################### # RPMs