Upgrade RL8 ceph to quincy + trivy rate limit and OOD false positives…

… fix (#477) * bumped os-manilla-mount to test branch * bump images * bumped role to new release * trivy now uses mirrored db * pinned ood fatimage version * bump images * fixed trivy ratelimiting
stackhpc · Nov 14, 2024 · a8f87fe · a8f87fe
1 parent a03d9f1
commit a8f87fe
Show file tree

Hide file tree

Showing 5 changed files with 11 additions and 9 deletions.
diff --git a/.github/workflows/trivyscan.yml b/.github/workflows/trivyscan.yml
@@ -94,6 +94,7 @@ jobs:
           timeout: 15m
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          TRIVY_DB_REPOSITORY: ghcr.io/azimuth-cloud/trivy-db:2
 
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v3
@@ -114,3 +115,4 @@ jobs:
           timeout: 15m
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          TRIVY_DB_REPOSITORY: ghcr.io/azimuth-cloud/trivy-db:2
diff --git a/environments/.stackhpc/hooks/post.yml b/environments/.stackhpc/hooks/post.yml
@@ -9,8 +9,6 @@
         path: "{{ item }}"
         state: absent
       with_items:
-        - /opt/ood/ondemand/root/usr/share/gems/3.1/ondemand/3.1.7-1/gems/bootstrap_form-2.7.0/test/dummy/Gemfile.lock
-        - /opt/ood/ondemand/root/usr/share/gems/3.1/ondemand/3.1.9-1/gems/bootstrap_form-2.7.0/test/dummy/Gemfile.lock
-        - /opt/ood/ondemand/root/usr/share/gems/3.1/ondemand/3.1.7-1/gems/bootstrap_form-4.5.0/demo/yarn.lock
-        - /opt/ood/ondemand/root/usr/share/gems/3.1/ondemand/3.1.9-1/gems/bootstrap_form-4.5.0/demo/yarn.lock
+        - "/opt/ood/ondemand/root/usr/share/gems/3.1/ondemand/{{ ondemand_package_version }}-1/gems/bootstrap_form-2.7.0/test/dummy/Gemfile.lock"
+        - "/opt/ood/ondemand/root/usr/share/gems/3.1/ondemand/{{ ondemand_package_version }}-1/gems/bootstrap_form-4.5.0/demo/yarn.lock"
         - /var/www/ood/apps/sys/dashboard/node_modules/data-confirm-modal/Gemfile.lock
diff --git a/environments/.stackhpc/inventory/group_vars/openondemand/overrides.yml b/environments/.stackhpc/inventory/group_vars/openondemand/overrides.yml
@@ -4,3 +4,5 @@ openondemand_desktop_partition: standard
 #openondemand_dashboard_support_url: 
 #openondemand_dashboard_docs_url:
 #openondemand_filesapp_paths:
+ondemand_package: ondemand-"{{ ondemand_package_version }}"
+ondemand_package_version: '3.1.10'
diff --git a/environments/.stackhpc/terraform/cluster_image.auto.tfvars.json b/environments/.stackhpc/terraform/cluster_image.auto.tfvars.json
@@ -1,7 +1,7 @@
 {
     "cluster_image": {
-        "RL8": "openhpc-RL8-241024-1439-177083b1",
-        "RL9": "openhpc-RL9-241024-1438-177083b1",
-        "RL9-cuda": "openhpc-cuda-RL9-241024-1628-177083b1"
+        "RL8": "openhpc-RL8-241114-1531-6f0a3a02",
+        "RL9": "openhpc-RL9-241114-1531-6f0a3a02",
+        "RL9-cuda": "openhpc-cuda-RL9-241114-1531-6f0a3a02"
     }
-}
+}
diff --git a/requirements.yml b/requirements.yml
@@ -21,7 +21,7 @@ roles:
     version: v3.1.5
   - src: https://github.com/stackhpc/ansible-role-os-manila-mount.git
     name: stackhpc.os-manila-mount
-    version: v24.5.1 # Support ceph quincy for RL9
+    version: v24.11.0 # Support ceph quincy for RL9
 
 collections:
   - name: containers.podman