2024.1: 2023.1 merge #1287
Merged
2024.1: 2023.1 merge #1287
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
markgoddard
commented
Sep 12, 2024
markgoddard
commented
- Fix prometheus_blackbox_exporter_endpoints to allow truthy values
- Add bool to rabbitmq endpoint
- Correct horizon_public_endpoint
- Add merge.py
- Fix CVE-2024-44082 / OSSA-2024-003
- Add select
- CI: Bump multinode.yml reusable workflow to 1.1.0
- CI: Add 2024.1 to nightly multinode test matrix
- Add hook for fixing hostname bug in Multinode
- Reboot hosts after fix-hostname changed
- Reboot with bootstrap user in ci-aio env
- Reference controller IP for backend TLS certificates
- kolla-images.py: Add a check-image-map command
- kolla-images.py: Fix image to container exceptions using check-image-map
- kolla-images.py: Misc fixes
- CI: Add check-image-map and check-hierarchy to check-tags workflow
- CI: Trigger build-kayobe-image for check-tags job
- kolla-images.py: Add image map exception for neutron_eswitchd
- Fix growroot when using software raid (Fix growroot when using software raid #818)
horizon_public_port is dependent on backend_tls being enabled, rather than external tls.
zed: yoga merge
This script can be used for merging from one release branch of SKC into the next.
Add merge.py
Fixes CVE-2024-44082 [1] with updated container images for Ironic services. Note that Ironic Python Agent images also need to be updated to fully fix this vulnerability. If this is not possible, a new configuration option ``[conductor]conductor_always_validates_images`` is available. See the OSSA-2024-003 announcement [2] for more details. [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44082 [2] https://security.openstack.org/ossa/OSSA-2024-003.html
Fix CVE-2024-44082 / OSSA-2024-003
This pulls in a timeout increase and a fix for sanitising filenames in artifacts. https://github.com/stackhpc/stackhpc-openstack-gh-workflows/releases/tag/1.1.0
2023.1: CI: Bump multinode.yml reusable workflow to 1.1.0
Further fixes to Prometheus blackbox exporter endpoints
CI: Add 2024.1 to nightly multinode test matrix
Add hooks for fixing hostname bug in Multinode for Caracal upgrade job
Reboot with bootstrap user in ci-aio env
vault: Reference controller IP for backend TLS certificates
This command checks the image mapping against Kolla Ansible variables. The *_image variables in Kolla Ansible define the mapping between containers and images. Ensure that the mapping defined in this script matches the one in Kolla Ansible.
We recently had an issue where images were built for ironic, but this did not include dnsmasq due to not matching the regex. The 'ironic' tag was updated in kolla-image-tags.yml, which matches ironic_dnsmasq container, but no such dnsmasq image existed. This issue would have been caught the check-tags workflow with the correct mapping added in this change.
These commands ensure that the image map and hierarchy defined in kolla-images.py matches Kolla Ansible. Also update the path filter to run the check-tags workflow when pulp.yml or kolla-images.py is modified.
This was not caught because neutron-mlnx-agent is not in the list of supported images in pulp.yml.
* Fix growroot when using software raid Using @markgoddard's suggestion from: #770 (comment) * Add a release note * Update releasenotes/notes/fixes-growroot-for-software-raid-3852bdea5415a0be.yaml Co-authored-by: Alex-Welsh <alex@stackhpc.com> Co-authored-by: Michał Nasiadka <michal@stackhpc.com>
zed: Fix image mapping in kolla-images.py, add tests and CI
Alex-Welsh
approved these changes
Sep 16, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.