Merge pull request #2334 from stackhpc/rl97-final

priteau · web-flow · commit a404eb3474ed · 2026-06-04T15:05:56.000+02:00
Bump Rocky Linux 9.7 repositories to their final version
diff --git a/etc/kayobe/kolla-image-tags.yml b/etc/kayobe/kolla-image-tags.yml
@@ -4,51 +4,10 @@
 # where the key is the OS distro and the value is the tag to deploy.
 kolla_image_tags:
   openstack:
+    rocky-9: 2025.1-rocky-9-20260603T214242
+    rocky-10: 2025.1-rocky-10-20260603T214242
+    ubuntu-noble: 2025.1-ubuntu-noble-20260603T214242
+  bifrost:
     rocky-9: 2025.1-rocky-9-20260205T152450
     rocky-10: 2025.1-rocky-10-20260423T154048
     ubuntu-noble: 2025.1-ubuntu-noble-20260205T152450
-  cinder:
-    rocky-9: 2025.1-rocky-9-20260512T204620
-    rocky-10: 2025.1-rocky-10-20260529T102322
-    ubuntu-noble: 2025.1-ubuntu-noble-20260515T083354
-  etcd:
-    rocky-9: 2025.1-rocky-9-20260303T104901
-  glance:
-    rocky-9: 2025.1-rocky-9-20260414T141624
-    ubuntu-noble: 2025.1-ubuntu-noble-20260414T141624
-  grafana:
-    rocky-9: 2025.1-rocky-9-20260303T104901
-    ubuntu-noble: 2025.1-ubuntu-noble-20260223T134735
-  ironic:
-    rocky-9: 2025.1-rocky-9-20260602T072908
-    rocky-10: 2025.1-rocky-10-20260602T072908
-    ubuntu-noble: 2025.1-ubuntu-noble-20260602T072908
-  ironic_neutron_agent:
-    rocky-9: 2025.1-rocky-9-20260205T152450
-    ubuntu-noble: 2025.1-ubuntu-noble-20260205T152450
-  keystone:
-    rocky-9: 2025.1-rocky-9-20260527T081854
-    rocky-10: 2025.1-rocky-10-20260527T081854
-    ubuntu-noble: 2025.1-ubuntu-noble-20260527T081854
-  magnum:
-    rocky-9: 2025.1-rocky-9-20260413T112937
-    ubuntu-noble: 2025.1-ubuntu-noble-20260413T112937
-  manila:
-    rocky-9: 2025.1-rocky-9-20260511T100757
-    rocky-10: 2025.1-rocky-10-20260529T102322
-    ubuntu-noble: 2025.1-ubuntu-noble-20260515T083354
-  multipathd:
-    rocky-9: 2025.1-rocky-9-20260421T115054
-    ubuntu-noble: 2025.1-ubuntu-noble-20260421T115054
-  neutron:
-    rocky-9: 2025.1-rocky-9-20260409T132248
-    ubuntu-noble: 2025.1-ubuntu-noble-20260409T132248
-  nova:
-    rocky-9: 2025.1-rocky-9-20260515T123230
-    rocky-10: 2025.1-rocky-10-20260515T123230
-    ubuntu-noble: 2025.1-ubuntu-noble-20260515T123230
-  octavia:
-    rocky-9: 2025.1-rocky-9-20260416T131004
-    ubuntu-noble: 2025.1-ubuntu-noble-20260416T131004
-  prometheus_cadvisor:
-    rocky-9: 2025.1-rocky-9-20260303T104901
diff --git a/etc/kayobe/kolla.yml b/etc/kayobe/kolla.yml
@@ -148,6 +148,12 @@ kolla_sources:
     type: git
     location: https://github.com/stackhpc/stackhpc-inspector-plugins.git
     reference: 1.3.0
+  # TODO(priteau): Remove once
+  # https://review.opendev.org/c/openstack/keystone/+/990504 is merged
+  keystone-base:
+    type: git
+    location: https://github.com/stackhpc/keystone.git
+    reference: stackhpc/{{ openstack_release }}
   magnum-conductor-plugin-helm:
     version: "v4.1.4"
     sha256:
diff --git a/etc/kayobe/pulp-repo-versions.yml b/etc/kayobe/pulp-repo-versions.yml
@@ -116,24 +116,24 @@ stackhpc_pulp_repo_rocky_9_6_extras_aarch64_version: 20250726T045704
 stackhpc_pulp_repo_rocky_9_6_extras_version: 20250726T040613
 stackhpc_pulp_repo_rocky_9_6_highavailability_aarch64_version: 20250605T150141
 stackhpc_pulp_repo_rocky_9_6_highavailability_version: 20250605T150141
-stackhpc_pulp_repo_rocky_9_7_appstream_aarch64_version: 20260503T222614
-stackhpc_pulp_repo_rocky_9_7_appstream_source_version: 20260506T220234
-stackhpc_pulp_repo_rocky_9_7_appstream_version: 20260506T215314
-stackhpc_pulp_repo_rocky_9_7_baseos_aarch64_version: 20260506T224443
-stackhpc_pulp_repo_rocky_9_7_baseos_source_version: 20260503T221514
-stackhpc_pulp_repo_rocky_9_7_baseos_version: 20260506T222838
-stackhpc_pulp_repo_rocky_9_7_crb_aarch64_version: 20260506T224443
+stackhpc_pulp_repo_rocky_9_7_appstream_aarch64_version: 20260519T222921
+stackhpc_pulp_repo_rocky_9_7_appstream_source_version: 20260519T215441
+stackhpc_pulp_repo_rocky_9_7_appstream_version: 20260520T215442
+stackhpc_pulp_repo_rocky_9_7_baseos_aarch64_version: 20260520T223010
+stackhpc_pulp_repo_rocky_9_7_baseos_source_version: 20260519T215441
+stackhpc_pulp_repo_rocky_9_7_baseos_version: 20260520T223700
+stackhpc_pulp_repo_rocky_9_7_crb_aarch64_version: 20260520T223010
 stackhpc_pulp_repo_rocky_9_7_crb_source_version: 20260428T214810
-stackhpc_pulp_repo_rocky_9_7_crb_version: 20260506T215314
+stackhpc_pulp_repo_rocky_9_7_crb_version: 20260519T212648
 stackhpc_pulp_repo_rocky_9_7_extras_aarch64_version: 20260226T234714
 stackhpc_pulp_repo_rocky_9_7_extras_source_version: 20260226T232039
 stackhpc_pulp_repo_rocky_9_7_extras_version: 20260226T231043
-stackhpc_pulp_repo_rocky_9_7_highavailability_aarch64_version: 20260506T224443
-stackhpc_pulp_repo_rocky_9_7_highavailability_source_version: 20260429T221435
-stackhpc_pulp_repo_rocky_9_7_highavailability_version: 20260506T215314
-stackhpc_pulp_repo_rocky_9_7_security_aarch64_version: 20260510T220648
-stackhpc_pulp_repo_rocky_9_7_security_source_version: 20260510T215711
-stackhpc_pulp_repo_rocky_9_7_security_version: 20260510T213653
+stackhpc_pulp_repo_rocky_9_7_highavailability_aarch64_version: 20260514T224159
+stackhpc_pulp_repo_rocky_9_7_highavailability_source_version: 20260507T220441
+stackhpc_pulp_repo_rocky_9_7_highavailability_version: 20260514T220209
+stackhpc_pulp_repo_rocky_9_7_security_aarch64_version: 20260519T222921
+stackhpc_pulp_repo_rocky_9_7_security_source_version: 20260520T222157
+stackhpc_pulp_repo_rocky_9_7_security_version: 20260520T215442
 stackhpc_pulp_repo_rocky_9_sig_security_common_aarch64_version: 20260305T225932
 stackhpc_pulp_repo_rocky_9_sig_security_common_source_version: 20260305T224636
 stackhpc_pulp_repo_rocky_9_sig_security_common_version: 20260305T222525
diff --git a/etc/kayobe/trivy/allowed-vulnerabilities.yml b/etc/kayobe/trivy/allowed-vulnerabilities.yml
@@ -12,18 +12,24 @@
 #
 # barbican_api_allowed_vulnerabilities:
 #   - CVE-2023-31047
+etcd_allowed_vulnerabilities:
+  - CVE-2026-33186
 fluentd_allowed_vulnerabilities:
   - CVE-2024-27280
+  - CVE-2026-27820
 grafana_allowed_vulnerabilities:
   - CVE-2024-8986
   - CVE-2025-68121  # the opensearch datasource plugin is still vulnerable
+  - CVE-2026-33816
 influxdb_allowed_vulnerabilities:
   - CVE-2024-45337
   - CVE-2025-68121
+  - CVE-2026-33186
 ironic_neutron_agent_allowed_vulnerabilities:
   - CVE-2025-68121
 letsencrypt_lego_allowed_vulnerabilities:
   - CVE-2025-68121
+  - CVE-2026-33186
 magnum_conductor_allowed_vulnerabilities:
   - CVE-2024-45337
   - CVE-2025-68121
@@ -52,12 +58,15 @@ neutron_sriov_agent_allowed_vulnerabilities:
 opensearch_dashboards_allowed_vulnerabilities:
   - CVE-2025-68428
   - CVE-2026-27699
+  - CVE-2026-31938
+  - CVE-2026-33937
 prometheus_alertmanager_allowed_vulnerabilities:
   - CVE-2025-68121
 prometheus_blackbox_exporter_allowed_vulnerabilities:
   - CVE-2024-24790
   - CVE-2024-45337
   - CVE-2025-68121
+  - CVE-2026-33186
 prometheus_memcached_exporter_allowed_vulnerabilities:
   - CVE-2024-45337
   - CVE-2025-68121
@@ -84,12 +93,15 @@ prometheus_cadvisor_allowed_vulnerabilities:
   - CVE-2024-41110
   - CVE-2024-45337
   - CVE-2025-68121
+  - CVE-2026-33186
 prometheus_mtail_allowed_vulnerabilities:
   - CVE-2024-24790
   - CVE-2025-68121
+  - CVE-2026-33186
 prometheus_server_allowed_vulnerabilities:
   - CVE-2024-45337
   - CVE-2025-68121
+  - CVE-2026-33186
 
 ###############################################################################
 # Dummy variable to allow Ansible to accept this file.
