diff --git a/diskimage-create/README.rst b/diskimage-create/README.rst index f5e7208208..c0822c6bc4 100644 --- a/diskimage-create/README.rst +++ b/diskimage-create/README.rst @@ -102,7 +102,7 @@ Command syntax: [-a **amd64** | armhf | aarch64 | ppc64le ] [-b **haproxy** ] [-c **~/.cache/image-create** | ] - [-d **jammy**/**9-stream**/**9** | ] + [-d **noble**/**9-stream**/**9** | ] [-e] [-f] [-g **repository branch** | stable/train | stable/stein | ... ] @@ -125,7 +125,7 @@ Command syntax: '-a' is the architecture type for the image (default: amd64) '-b' is the backend type (default: haproxy) '-c' is the path to the cache directory (default: ~/.cache/image-create) - '-d' distribution release id (default on ubuntu: jammy) + '-d' distribution release id (default on ubuntu: noble) '-e' enable complete mandatory access control systems when available (default: permissive) '-f' disable tmpfs for build '-g' build the image for a specific OpenStack Git branch (default: current repository branch) diff --git a/diskimage-create/diskimage-create.sh b/diskimage-create/diskimage-create.sh index ae20f656f9..fc3f9b5b3f 100755 --- a/diskimage-create/diskimage-create.sh +++ b/diskimage-create/diskimage-create.sh @@ -23,7 +23,7 @@ usage() { echo " [-a **amd64** | armhf | aarch64 | ppc64le]" echo " [-b **haproxy** ]" echo " [-c **~/.cache/image-create** | ]" - echo " [-d **jammy**/**9-stream**/**9** | ]" + echo " [-d **noble**/**9-stream**/**9** | ]" echo " [-e]" echo " [-f]" echo " [-g **repository branch** | stable/train | stable/stein | ... ]" @@ -45,7 +45,7 @@ usage() { echo " '-a' is the architecture type for the image (default: amd64)" echo " '-b' is the backend type (default: haproxy)" echo " '-c' is the path to the cache directory (default: ~/.cache/image-create)" - echo " '-d' distribution release id (default on ubuntu: jammy)" + echo " '-d' distribution release id (default on ubuntu: noble)" echo " '-e' enable complete mandatory access control systems when available (default: permissive)" echo " '-f' disable tmpfs for build" echo " '-g' build the image for a specific OpenStack Git branch (default: current repository branch)" @@ -242,7 +242,7 @@ AMP_CACHEDIR="$( cd "$AMP_CACHEDIR" && pwd )" AMP_BASEOS=${AMP_BASEOS:-"ubuntu-minimal"} if [ "$AMP_BASEOS" = "ubuntu-minimal" ]; then - export DIB_RELEASE=${AMP_DIB_RELEASE:-"jammy"} + export DIB_RELEASE=${AMP_DIB_RELEASE:-"noble"} elif [ "${AMP_BASEOS}" = "rhel" ]; then export DIB_RELEASE=${AMP_DIB_RELEASE:-"9"} elif [ "${AMP_BASEOS}" = "centos-minimal" ]; then @@ -469,6 +469,11 @@ if [ "${AMP_BASEOS}" = "centos-minimal" ] || [ "${AMP_BASEOS}" = "fedora" ] || [ fi fi +# AppArmor systems +if [ "${AMP_BASEOS}" = "ubuntu-minimal" ] || [ "${AMP_BASEOS}" = "ubuntu" ]; then + AMP_element_sequence="$AMP_element_sequence amphora-apparmor" +fi + # Disable the dnf makecache timer if [ "${AMP_BASEOS}" = "centos-minimal" ] || [ "${AMP_BASEOS}" = "fedora" ] || [ "${AMP_BASEOS}" = "rhel" ] || [ "${AMP_BASEOS}" = "rocky-container" ]; then AMP_element_sequence="$AMP_element_sequence disable-makecache" diff --git a/elements/amphora-apparmor/README.rst b/elements/amphora-apparmor/README.rst new file mode 100644 index 0000000000..42d915f372 --- /dev/null +++ b/elements/amphora-apparmor/README.rst @@ -0,0 +1,4 @@ +Element to configure apparmor for Octavia + +This element will configure apparmor to allow rsyslog to create a log socket +for Octavia Amphora logging diff --git a/elements/amphora-apparmor/element-deps b/elements/amphora-apparmor/element-deps new file mode 100644 index 0000000000..0a65984a16 --- /dev/null +++ b/elements/amphora-apparmor/element-deps @@ -0,0 +1 @@ +install-static diff --git a/elements/amphora-apparmor/post-install.d/10-fix-rsyslog b/elements/amphora-apparmor/post-install.d/10-fix-rsyslog new file mode 100755 index 0000000000..9ed402950e --- /dev/null +++ b/elements/amphora-apparmor/post-install.d/10-fix-rsyslog @@ -0,0 +1,11 @@ +#!/bin/bash +# This is a workaround to a known kernel bug with apparmor: +# https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1373070 +# +# Apparmor cannot handle namespaces correctly and will drop the '/' prefix +# from a file path, thus causing the process to not have access. +# +# The reported workaround is to add flags=(attach_disconnected) to the rsyslog +# profile. + +sed -i 's#profile rsyslogd /usr/sbin/rsyslogd {#profile rsyslogd /usr/sbin/rsyslogd flags=(attach_disconnected) {#g' /etc/apparmor.d/usr.sbin.rsyslogd diff --git a/elements/amphora-apparmor/static/etc/apparmor.d/rsyslog.d/octavia b/elements/amphora-apparmor/static/etc/apparmor.d/rsyslog.d/octavia new file mode 100644 index 0000000000..8643e2c2ed --- /dev/null +++ b/elements/amphora-apparmor/static/etc/apparmor.d/rsyslog.d/octavia @@ -0,0 +1,4 @@ +# Allow rsyslog to create the octavia logging socket +/run/rsyslog/ w, +/run/rsyslog/octavia/ w, +/run/rsyslog/octavia/log rwk, diff --git a/octavia/common/jinja/haproxy/combined_listeners/templates/haproxy.cfg.j2 b/octavia/common/jinja/haproxy/combined_listeners/templates/haproxy.cfg.j2 index 000af57789..31ec07818c 100644 --- a/octavia/common/jinja/haproxy/combined_listeners/templates/haproxy.cfg.j2 +++ b/octavia/common/jinja/haproxy/combined_listeners/templates/haproxy.cfg.j2 @@ -34,7 +34,6 @@ frontend prometheus-exporter-internal-endpoint bind 127.0.0.1:9101 mode http no log - option http-use-htx http-request use-service prometheus-exporter if { path /metrics } http-request reject timeout http-request 5s diff --git a/octavia/tests/unit/common/jinja/haproxy/combined_listeners/test_jinja_cfg.py b/octavia/tests/unit/common/jinja/haproxy/combined_listeners/test_jinja_cfg.py index bfe2003f0e..8d8970c6a1 100644 --- a/octavia/tests/unit/common/jinja/haproxy/combined_listeners/test_jinja_cfg.py +++ b/octavia/tests/unit/common/jinja/haproxy/combined_listeners/test_jinja_cfg.py @@ -570,7 +570,6 @@ class TestHaproxyCfg(base.TestCase): " bind 127.0.0.1:9101\n" " mode http\n" " no log\n" - " option http-use-htx\n" " http-request use-service prometheus-exporter if { " "path /metrics }\n" " http-request reject\n" diff --git a/releasenotes/notes/update-ubuntu-amphora-image-default-to-noble-d2733d4bcc31fec9.yaml b/releasenotes/notes/update-ubuntu-amphora-image-default-to-noble-d2733d4bcc31fec9.yaml new file mode 100644 index 0000000000..b6042abad5 --- /dev/null +++ b/releasenotes/notes/update-ubuntu-amphora-image-default-to-noble-d2733d4bcc31fec9.yaml @@ -0,0 +1,5 @@ +--- +upgrade: + - | + ``diskimage-create.sh`` has been updated to build Ubuntu Noble (24.04) + amphora images per default. diff --git a/zuul.d/projects.yaml b/zuul.d/projects.yaml index 5cbd40ad11..6cce3253f2 100644 --- a/zuul.d/projects.yaml +++ b/zuul.d/projects.yaml @@ -46,8 +46,10 @@ irrelevant-files: *irrelevant-files - octavia-v2-dsvm-scenario-traffic-ops-ubuntu-jammy: irrelevant-files: *irrelevant-files + voting: false - octavia-v2-dsvm-scenario-non-traffic-ops-ubuntu-jammy: irrelevant-files: *irrelevant-files + voting: false - octavia-v2-dsvm-scenario-traffic-ops-jobboard: irrelevant-files: *irrelevant-files - octavia-v2-dsvm-scenario-non-traffic-ops-jobboard: @@ -104,8 +106,6 @@ - octavia-v2-dsvm-noop-api - octavia-v2-dsvm-scenario-traffic-ops - octavia-v2-dsvm-scenario-non-traffic-ops - - octavia-v2-dsvm-scenario-traffic-ops-ubuntu-jammy - - octavia-v2-dsvm-scenario-non-traffic-ops-ubuntu-jammy - octavia-v2-dsvm-tls-barbican - octavia-grenade: voting: false