stackhpc · MoteHue · May 1, 2025 · Jan 9, 2025 · Jan 17, 2025 · Jan 30, 2025
diff --git a/.git-crypt/keys/default/0/7F26652AE6CF34774EC7B3E3A0C3CCFE2538367E.gpg b/.git-crypt/keys/default/0/7F26652AE6CF34774EC7B3E3A0C3CCFE2538367E.gpg
diff --git a/.github-deploy-prod.yml.sample b/.github-deploy-prod.yml.sample
@@ -36,7 +36,7 @@ jobs:
           sudo apt install -y python3-venv python3-dev build-essential unzip git-crypt
 
       - name: Checkout the config repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Deploy Azimuth
         shell: bash

diff --git a/.github-deploy-staging.yml.sample b/.github-deploy-staging.yml.sample
@@ -26,7 +26,7 @@ jobs:
           sudo apt install -y python3-venv python3-dev build-essential unzip git-crypt
 
       - name: Checkout the config repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Deploy Azimuth
         shell: bash

diff --git a/.github-upgrade-check.yml.sample b/.github-upgrade-check.yml.sample
@@ -3,9 +3,14 @@
 # newer tag is found in the upstream repository then a pull request is created to the downstream repo
 # in order to merge in the changes from the new upstream release.
 
-# To use this workflow in a downstream azimuth-config repository simply copy it into .github/workflows
-# and give it an appropriate name, e.g.
-# cp .github-upgrade-check.yml.sample .github/workflows/upgrade-check.yml
+# To use this workflow in a downstream azimuth-config repository, first copy it into .github/workflows
+# and give it an appropriate name, e.g. `cp .github-upgrade-check.yml.sample .github/workflows/upgrade-check.yml`
+# then create a fine-grained GitHub access token for the target repository with the permissions specified here:
+# https://github.com/peter-evans/create-pull-request?tab=readme-ov-file#token
+# (i.e. contents: write, pull-requests: write AND workflows: write).
+# GitHub actions can be funny about using tokens with no expiry date in workflows so make sure the token
+# has an expiry date. After creating the token, copy the generated secret string and set it as a GitHub
+# actions secret named WORKFLOW_TOKEN in the repository's settings page.
 
 name: Check for upstream updates
 on:
@@ -58,11 +63,12 @@ jobs:
 
       - name: Create Pull Request
         if: ${{ steps.release_tag.outputs.value }}
-        uses: peter-evans/create-pull-request@v6
+        uses: peter-evans/create-pull-request@v7
         with:
           base: main
           branch: ${{ steps.branch_name.outputs.value }}
           title: "Upgrade Azimuth to ${{ steps.release_tag.outputs.value }}"
           body: This PR was automatically generated by GitHub Actions.
           commit-message: "Upgrade Azimuth to ${{ steps.release_tag.outputs.value }}"
           delete-branch: true
+          token: ${{ secrets.WORKFLOW_TOKEN }}
diff --git a/.github/actions/setup/action.yml b/.github/actions/setup/action.yml
@@ -44,7 +44,7 @@ runs:
   using: composite
   steps:
     - name: Checkout azimuth-config repo
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         repository: ${{ inputs.repository }}
         ref: ${{ inputs.ref }}
@@ -89,10 +89,10 @@ runs:
           this_variable_is_never_used: ever
           ${{ inputs.extra-vars }}
 
-    - name: Ensure Python 3.9
-      uses: actions/setup-python@v4
+    - name: Ensure Python 3.10
+      uses: actions/setup-python@v5
       with:
-        python-version: "3.9"
+        python-version: "3.10"
         check-latest: true
 
     - name: Set up Python virtual environment

diff --git a/.github/actions/test/action.yml b/.github/actions/test/action.yml
@@ -30,6 +30,28 @@ runs:
         source ./bin/activate "$AZIMUTH_CONFIG_ENVIRONMENT" "$AZIMUTH_ENVIRONMENT"
         ansible-playbook azimuth_cloud.azimuth_ops.generate_tests -e @extra-vars.yml
 
+    - name: Downgrade installed firefox browser version
+      shell: bash
+      # Based on https://support.mozilla.org/en-US/kb/install-firefox-linux
+      run: |
+        set -e
+        # Import Mozilla repo key
+        sudo install -d -m 0755 /etc/apt/keyrings
+        wget -q https://packages.mozilla.org/apt/repo-signing-key.gpg -O- | sudo tee /etc/apt/keyrings/packages.mozilla.org.asc > /dev/null
+        # Check fingerprint
+        if [[ $(gpg -n -q --import --import-options import-show /etc/apt/keyrings/packages.mozilla.org.asc | grep 35BAA0B33E9EB396F59CA838C0BA5CE6DC6315A3) ]]; then
+          echo "Fingerprint matches"
+        else
+          echo "Mozilla repo fingerprint doesn't match expected"
+          exit 1
+        fi
+        # Add repo to sources
+        echo "deb [signed-by=/etc/apt/keyrings/packages.mozilla.org.asc] https://packages.mozilla.org/apt mozilla main" | sudo tee -a /etc/apt/sources.list.d/mozilla.list > /dev/null
+        # Install Firefox extended support release
+        sudo apt update
+        sudo apt remove firefox # Uninstall default version (1.136.0)
+        sudo apt install -y firefox-esr # Install older version (1.128)
+
     - name: Run test suite
       shell: bash
       run: |
@@ -39,7 +61,7 @@ runs:
         ./bin/run-tests
 
     - name: Upload test report artifacts
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: ${{ inputs.test-report-artifact-name }}
         path: |
@@ -67,7 +89,7 @@ runs:
       if: ${{ always() }}
 
     - name: Upload debug bundle
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: ${{ inputs.debug-bundle-artifact-name }}
         path: debug-bundle.tar.gz

diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out the repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Generate and update release notes
         uses: ./.github/actions/release-notes
diff --git a/.github/workflows/test-backup-restore.yml b/.github/workflows/test-backup-restore.yml
@@ -26,7 +26,7 @@ jobs:
     steps:
       # We need to check out the code under test first in order to use local actions
       - name: Checkout code under test
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Set up Azimuth environment
         uses: ./.github/actions/setup
@@ -103,7 +103,7 @@ jobs:
         if: ${{ !cancelled() }}
 
       - name: Upload pre-restore debug bundle
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: azimuth-pre-restore-debug-bundle
           path: debug-bundle.tar.gz
@@ -157,7 +157,7 @@ jobs:
         if: ${{ always() }}
 
       - name: Upload test report artifacts
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: azimuth-restore-test-reports
           path: reports/*
@@ -172,7 +172,7 @@ jobs:
         if: ${{ always() }}
 
       - name: Upload debug bundle
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: azimuth-restore-debug-bundle
           path: debug-bundle.tar.gz

diff --git a/.github/workflows/test-ha.yml b/.github/workflows/test-ha.yml
@@ -21,7 +21,7 @@ jobs:
     steps:
       # We need to check out the code under test first in order to use local actions
       - name: Checkout code under test
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Set up Azimuth environment
         uses: ./.github/actions/setup

diff --git a/.github/workflows/test-singlenode.yml b/.github/workflows/test-singlenode.yml
@@ -63,7 +63,7 @@ jobs:
     steps:
       # We need to check out the code under test first in order to use local actions
       - name: Checkout code under test
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Set up Azimuth environment
         uses: ./.github/actions/setup

diff --git a/.github/workflows/test-upgrade.yml b/.github/workflows/test-upgrade.yml
@@ -32,7 +32,7 @@ jobs:
           echo "tag-name=${TAG_NAME}" >> "$GITHUB_OUTPUT"
 
       - name: Checkout latest tag
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: ${{ steps.latest-tag.outputs.tag-name }}
 
@@ -105,7 +105,7 @@ jobs:
 
       - name: Checkout code under test
         id: checkout-latest
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           # Make sure not to remove working directories
           clean: false
@@ -178,7 +178,7 @@ jobs:
         if: ${{ always() }}
 
       - name: Upload test report artifacts
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: azimuth-upgrade-test-reports
           path: reports/*
@@ -193,7 +193,7 @@ jobs:
         if: ${{ always() }}
 
       - name: Upload debug bundle
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: azimuth-upgrade-debug-bundle
           path: debug-bundle.tar.gz

diff --git a/.github/workflows/update-dependencies.yml b/.github/workflows/update-dependencies.yml
@@ -49,7 +49,7 @@ jobs:
           app-private-key: ${{ secrets.AUTOMATION_APP_PRIVATE_KEY }}
 
       - name: Propose changes via PR if required
-        uses: peter-evans/create-pull-request@v6
+        uses: peter-evans/create-pull-request@v7
         with:
           token: ${{ steps.generate-app-token.outputs.token }}
           commit-message: >-

diff --git a/bin/generate-secrets b/bin/generate-secrets
@@ -87,4 +87,8 @@ harbor_secret_key: "$(openssl rand -hex 8)"
 # https://azimuth-config.readthedocs.io/en/stable/configuration/14-monitoring/#accessing-web-interfaces
 # The admin password for Azimuth administrative dashboards
 admin_dashboard_ingress_basic_auth_password: "$(openssl rand -hex 16)"
+
+# https://azimuth-config.readthedocs.io/en/stable/configuration/04-target-cloud/01-openstack-blazar/#coral-credits
+# The admin password for Coral Credits
+coral_credits_admin_password: "$(openssl rand -hex 16)"
 EOF
diff --git a/docs/debugging/k9s-all-pods.png b/docs/debugging/k9s-all-pods.png
diff --git a/docs/debugging/k9s-default-pods.png b/docs/debugging/k9s-default-pods.png
diff --git a/docs/debugging/k9s-pod-logs.png b/docs/debugging/k9s-pod-logs.png
diff --git a/docs/debugging/using-k9s.md b/docs/debugging/using-k9s.md
@@ -0,0 +1,37 @@
+# Using K9s
+
+K9s is installed onto the seed VM. You can use this for a more interactive view
+of the Kubernetes clusters. From the seed, either run `k9s` with `KUBECONFIG`
+unset to view the K3s cluster, or export the provided `KUBECONFIG` file to view
+the HA cluster.
+
+```console
+$ ./bin/seed-ssh
+ubuntu@azimuth-staging-seed:~$ export KUBECONFIG=./kubeconfig-azimuth-staging.yaml
+ubuntu@azimuth-staging-seed:~$ k9s
+```
+
+By default, you are viewing the pods in the default namespace.
+
+![Pods view in K9s](k9s-default-pods.png)
+
+Here's some simple commands to get started:
+
+* View all namespaces by pressing `0`.
+
+  ![All pods in K9s](k9s-all-pods.png)
+
+* Select a pod with the arrow keys and view its logs with `l`.
+
+  ![capo-controller logs in K9s](k9s-pod-logs.png)
+
+* Switch between resources with `:<resource-type>`. For example:
+
+  ```console
+  :machines
+  :clusters
+  :pods
+  ```
+
+
+See the [k9s docs](https://k9scli.io/) for more details.