From 7b470708aca4427f0d2f164fcc9b53bfb82c3c75 Mon Sep 17 00:00:00 2001 From: Vault Automation Date: Mon, 22 Dec 2025 14:17:51 -0700 Subject: [PATCH] [VAULT-41521] enos(ec2_infor): update scenario base images (#11508) (#11533) Update the base images for all scenarios: - RHEL: upgrade base image for 10 to 10.1 - RHEL: upgrade base image for 9 to 9.7 - SLES: upgrade base image for 15 to 15.7 - SLES: add SLES 16.0 to the matrix - OpenSUSE: remove OpenSUSE Leap from the matrix I ended up removing OpenSUSE because the images that we were on were rarely updated and that resulted in very slow scenarios because of package upgrades. Also, despite the latest release being in October I didn't find any public cloud images produced for the new version of Leap. We can consider adding it back later but I'm comfortable just leaving SLES 15 and 16 in there for that test coverage. I also ended up fixing a bug in our integration host setup where we'd provision three nodes instead of one. That ought to result in many fewer instance provisions per scenario. I also had to make a few small tweaks in how we detected whether or not SELinux is enabled, as the prior implementation did not work for SLES 16. Signed-off-by: Ryan Cragun Co-authored-by: Ryan Cragun --- .../test-run-enos-scenario-matrix.yml | 1 - enos/enos-dev-scenario-pr-replication.hcl | 5 +- enos/enos-dev-scenario-single-cluster.hcl | 5 +- enos/enos-dynamic-config.hcl | 7 +- enos/enos-globals.hcl | 17 ++--- enos/enos-samples-ce-build.hcl | 8 +- enos/enos-samples-ce-release.hcl | 8 +- enos/enos-scenario-agent.hcl | 6 +- enos/enos-scenario-autopilot.hcl | 6 +- enos/enos-scenario-benchmark.hcl | 5 +- enos/enos-scenario-dr-replication.hcl | 8 +- enos/enos-scenario-pr-replication.hcl | 8 +- enos/enos-scenario-proxy.hcl | 6 +- enos/enos-scenario-seal-ha.hcl | 8 +- enos/enos-scenario-smoke.hcl | 6 +- enos/enos-scenario-upgrade.hcl | 6 +- enos/enos-variables.hcl | 16 ++-- enos/enos.vars.hcl | 11 +-- enos/modules/artifact/metadata/main.tf | 22 +++--- .../scripts/make-selinux-permissive.sh | 2 +- enos/modules/ec2_info/main.tf | 73 ++++++++----------- enos/modules/install_packages/main.tf | 18 +++-- enos/modules/softhsm_install/main.tf | 11 +-- enos/modules/vault_cluster/main.tf | 9 +-- .../pkg/generate/enos_dynamic_config.go | 6 +- .../pkg/generate/enos_dynamic_config_test.go | 10 +-- 26 files changed, 128 insertions(+), 160 deletions(-) diff --git a/.github/workflows/test-run-enos-scenario-matrix.yml b/.github/workflows/test-run-enos-scenario-matrix.yml index babd4b98c9..d0fb41dcde 100644 --- a/.github/workflows/test-run-enos-scenario-matrix.yml +++ b/.github/workflows/test-run-enos-scenario-matrix.yml @@ -184,7 +184,6 @@ jobs: echo 'ENOS_VAR_aws_ssh_private_key_path=./support/private_key.pem' echo 'ENOS_VAR_consul_license_path=./support/consul.hclic' echo 'ENOS_VAR_distro_version_amzn=${{ matrix.attributes.distro_version_amzn }}' - echo 'ENOS_VAR_distro_version_leap=${{ matrix.attributes.distro_version_leap }}' echo 'ENOS_VAR_distro_version_rhel=${{ matrix.attributes.distro_version_rhel }}' echo 'ENOS_VAR_distro_version_sles=${{ matrix.attributes.distro_version_sles }}' echo 'ENOS_VAR_distro_version_ubuntu=${{ matrix.attributes.distro_version_ubuntu }}' diff --git a/enos/enos-dev-scenario-pr-replication.hcl b/enos/enos-dev-scenario-pr-replication.hcl index dcc7b5faf1..d4a49b2b2d 100644 --- a/enos/enos-dev-scenario-pr-replication.hcl +++ b/enos/enos-dev-scenario-pr-replication.hcl @@ -20,7 +20,7 @@ scenario "dev_pr_replication" { matrix { arch = ["amd64", "arm64"] artifact = ["local", "deb", "rpm", "zip"] - distro = ["amzn", "leap", "rhel", "sles", "ubuntu"] + distro = ["amzn", "rhel", "sles", "ubuntu"] edition = ["ent", "ent.fips1403", "ent.hsm", "ent.hsm.fips1403"] primary_backend = ["consul", "raft"] primary_seal = ["awskms", "pkcs11", "shamir"] @@ -44,7 +44,7 @@ scenario "dev_pr_replication" { exclude { artifact = ["deb", "rpm"] - distro = ["sles", "leap"] + distro = ["sles"] } exclude { @@ -78,7 +78,6 @@ scenario "dev_pr_replication" { // specified in enos-providers.hcl), and we need to be able to access both of those here. enos_provider = { amzn = provider.enos.ec2_user - leap = provider.enos.ec2_user rhel = provider.enos.ec2_user sles = provider.enos.ec2_user ubuntu = provider.enos.ubuntu diff --git a/enos/enos-dev-scenario-single-cluster.hcl b/enos/enos-dev-scenario-single-cluster.hcl index 13cb06a507..b1fe648f88 100644 --- a/enos/enos-dev-scenario-single-cluster.hcl +++ b/enos/enos-dev-scenario-single-cluster.hcl @@ -20,7 +20,7 @@ scenario "dev_single_cluster" { arch = ["amd64", "arm64"] artifact = ["local", "deb", "rpm", "zip"] backend = ["consul", "raft"] - distro = ["amzn", "leap", "rhel", "sles", "ubuntu"] + distro = ["amzn", "rhel", "sles", "ubuntu"] edition = ["ce", "ent", "ent.fips1403", "ent.hsm", "ent.hsm.fips1403"] seal = ["awskms", "pkcs11", "shamir"] @@ -41,7 +41,7 @@ scenario "dev_single_cluster" { exclude { artifact = ["deb", "rpm"] - distro = ["sles", "leap"] + distro = ["sles"] } exclude { @@ -72,7 +72,6 @@ scenario "dev_single_cluster" { // specified in enos-providers.hcl), and we need to be able to access both of those here. enos_provider = { amzn = provider.enos.ec2_user - leap = provider.enos.ec2_user rhel = provider.enos.ec2_user sles = provider.enos.ec2_user ubuntu = provider.enos.ubuntu diff --git a/enos/enos-dynamic-config.hcl b/enos/enos-dynamic-config.hcl index e3cb16fd23..6c82d2106f 100644 --- a/enos/enos-dynamic-config.hcl +++ b/enos/enos-dynamic-config.hcl @@ -11,10 +11,9 @@ globals { sample_attributes = { aws_region = ["us-east-1", "us-west-2"] distro_version_amzn = ["2023"] - distro_version_leap = ["15.6"] - distro_version_rhel = ["8.10", "9.6"] - distro_version_sles = ["15.6"] + distro_version_rhel = ["8.10", "9.7", "10.1"] + distro_version_sles = ["15.7", "16.0"] distro_version_ubuntu = ["22.04", "24.04"] - upgrade_initial_version = ["1.18.0", "1.18.1", "1.18.2", "1.18.3", "1.18.4", "1.18.5", "1.18.6", "1.18.7", "1.18.8", "1.18.9", "1.18.10", "1.18.11", "1.18.12", "1.18.13", "1.19.0", "1.19.1", "1.19.2", "1.19.3", "1.19.4", "1.19.5", "1.19.6", "1.19.7", "1.19.8", "1.20.0", "1.20.1", "1.20.2"] + upgrade_initial_version = ["1.19.0", "1.19.1", "1.19.2", "1.19.3", "1.19.4", "1.19.5", "1.19.6", "1.19.7", "1.19.8", "1.19.9", "1.19.10", "1.19.11", "1.19.12", "1.20.0", "1.20.1", "1.20.2", "1.20.3", "1.20.4", "1.20.5", "1.20.6", "1.21.0", "1.21.1"] } } diff --git a/enos/enos-globals.hcl b/enos/enos-globals.hcl index bfef9ba9ca..9940b15c16 100644 --- a/enos/enos-globals.hcl +++ b/enos/enos-globals.hcl @@ -18,26 +18,27 @@ globals { config_modes = ["env", "file"] consul_editions = ["ce", "ent"] consul_versions = ["1.18.2", "1.19.2", "1.20.6", "1.21.1"] - distros = ["amzn", "leap", "rhel", "sles", "ubuntu"] + distros = ["amzn", "rhel", "sles", "ubuntu"] // Different distros may require different packages, or use different aliases for the same package distro_packages = { + // NOTE: These versions must always match the output of enos_host_info.target_distro. They are + // also used in various modules `artifact`, `ec2_info`, and `softhsm_install`. If you are adding + // or modifying keys you probably have to update those modules. amzn = { "2" = ["nc", "openldap-clients"] "2023" = ["nc", "openldap-clients"] } - leap = { - "15.6" = ["netcat", "openssl", "openldap2-client"] - } rhel = { "8.10" = ["nc", "openldap-clients"] - "9.6" = ["nc", "openldap-clients"] - "10.0" = ["nc", "openldap-clients"] + "9.7" = ["nc", "openldap-clients"] + "10.1" = ["nc", "openldap-clients"] } sles = { // When installing Vault RPM packages on a SLES AMI, the openssl package provided // isn't named "openssl, which rpm doesn't know how to handle. Therefore we add the // "correctly" named one in our package installation before installing Vault. - "15.6" = ["netcat-openbsd", "openssl", "openldap2-client"] + "15.7" = ["netcat-openbsd", "openssl", "openldap2-client"] + "16.0" = ["netcat-openbsd", "openssl", "openldap2-client"] } ubuntu = { "22.04" = ["netcat", "ldap-utils"] @@ -46,7 +47,6 @@ globals { } distro_version = { amzn = var.distro_version_amzn - leap = var.distro_version_leap rhel = var.distro_version_rhel sles = var.distro_version_sles ubuntu = var.distro_version_ubuntu @@ -56,7 +56,6 @@ globals { ip_versions = ["4", "6"] package_manager = { "amzn" = "yum" - "leap" = "zypper" "rhel" = "yum" "sles" = "zypper" "ubuntu" = "apt" diff --git a/enos/enos-samples-ce-build.hcl b/enos/enos-samples-ce-build.hcl index cf8547dfba..d603bc1d67 100644 --- a/enos/enos-samples-ce-build.hcl +++ b/enos/enos-samples-ce-build.hcl @@ -141,7 +141,7 @@ sample "build_ce_linux_amd64_rpm" { arch = ["amd64"] artifact_source = ["crt"] artifact_type = ["package"] - distro = ["amzn", "leap", "rhel", "sles"] + distro = ["amzn", "rhel", "sles"] edition = ["ce"] } } @@ -151,7 +151,7 @@ sample "build_ce_linux_amd64_rpm" { arch = ["amd64"] artifact_source = ["crt"] artifact_type = ["package"] - distro = ["amzn", "leap", "rhel", "sles"] + distro = ["amzn", "rhel", "sles"] edition = ["ce"] } } @@ -161,7 +161,7 @@ sample "build_ce_linux_amd64_rpm" { arch = ["amd64"] artifact_source = ["crt"] artifact_type = ["package"] - distro = ["amzn", "leap", "rhel", "sles"] + distro = ["amzn", "rhel", "sles"] edition = ["ce"] } } @@ -171,7 +171,7 @@ sample "build_ce_linux_amd64_rpm" { arch = ["amd64"] artifact_source = ["crt"] artifact_type = ["package"] - distro = ["amzn", "leap", "rhel", "sles"] + distro = ["amzn", "rhel", "sles"] edition = ["ce"] exclude { diff --git a/enos/enos-samples-ce-release.hcl b/enos/enos-samples-ce-release.hcl index 00306ddd22..d0e111b5e2 100644 --- a/enos/enos-samples-ce-release.hcl +++ b/enos/enos-samples-ce-release.hcl @@ -141,7 +141,7 @@ sample "release_ce_linux_amd64_rpm" { arch = ["amd64"] artifact_source = ["artifactory"] artifact_type = ["package"] - distro = ["amzn", "leap", "rhel", "sles"] + distro = ["amzn", "rhel", "sles"] edition = ["ce"] } } @@ -151,7 +151,7 @@ sample "release_ce_linux_amd64_rpm" { arch = ["amd64"] artifact_source = ["artifactory"] artifact_type = ["package"] - distro = ["amzn", "leap", "rhel", "sles"] + distro = ["amzn", "rhel", "sles"] edition = ["ce"] } } @@ -161,7 +161,7 @@ sample "release_ce_linux_amd64_rpm" { arch = ["amd64"] artifact_source = ["artifactory"] artifact_type = ["package"] - distro = ["amzn", "leap", "rhel", "sles"] + distro = ["amzn", "rhel", "sles"] edition = ["ce"] } } @@ -171,7 +171,7 @@ sample "release_ce_linux_amd64_rpm" { arch = ["amd64"] artifact_source = ["artifactory"] artifact_type = ["package"] - distro = ["amzn", "leap", "rhel", "sles"] + distro = ["amzn", "rhel", "sles"] edition = ["ce"] } } diff --git a/enos/enos-scenario-agent.hcl b/enos/enos-scenario-agent.hcl index edafa58ca2..d8dcfcd219 100644 --- a/enos/enos-scenario-agent.hcl +++ b/enos/enos-scenario-agent.hcl @@ -63,10 +63,10 @@ scenario "agent" { edition = [for e in matrix.edition : e if !strcontains(e, "hsm")] } - // softhsm packages not available for leap/sles. + // softhsm packages not available for sles (at the time of development) exclude { seal = ["pkcs11"] - distro = ["leap", "sles"] + distro = ["sles"] } // Testing in IPV6 mode is currently implemented for integrated Raft storage only @@ -88,7 +88,6 @@ scenario "agent" { artifact_path = matrix.artifact_source != "artifactory" ? abspath(var.vault_artifact_path) : null enos_provider = { amzn = provider.enos.ec2_user - leap = provider.enos.ec2_user rhel = provider.enos.ec2_user sles = provider.enos.ec2_user ubuntu = provider.enos.ubuntu @@ -182,6 +181,7 @@ scenario "agent" { ami_id = step.ec2_info.ami_ids["arm64"]["ubuntu"]["24.04"] cluster_tag_key = global.vault_tag_key common_tags = global.tags + instance_count = 1 vpc_id = step.create_vpc.id } } diff --git a/enos/enos-scenario-autopilot.hcl b/enos/enos-scenario-autopilot.hcl index 95a4919160..c6fe07e264 100644 --- a/enos/enos-scenario-autopilot.hcl +++ b/enos/enos-scenario-autopilot.hcl @@ -71,10 +71,10 @@ scenario "autopilot" { edition = [for e in matrix.edition : e if !strcontains(e, "hsm")] } - // softhsm packages not available for leap/sles. + // softhsm packages not available for sles (at the time of development) exclude { seal = ["pkcs11"] - distro = ["leap", "sles"] + distro = ["sles"] } // Testing in IPV6 mode is currently implemented for integrated Raft storage only @@ -96,7 +96,6 @@ scenario "autopilot" { artifact_path = matrix.artifact_source != "artifactory" ? abspath(var.vault_artifact_path) : null enos_provider = { amzn = provider.enos.ec2_user - leap = provider.enos.ec2_user rhel = provider.enos.ec2_user sles = provider.enos.ec2_user ubuntu = provider.enos.ubuntu @@ -179,6 +178,7 @@ scenario "autopilot" { ami_id = step.ec2_info.ami_ids["arm64"]["ubuntu"]["24.04"] cluster_tag_key = global.vault_tag_key common_tags = global.tags + instance_count = 1 vpc_id = step.create_vpc.id } } diff --git a/enos/enos-scenario-benchmark.hcl b/enos/enos-scenario-benchmark.hcl index 40a45eebd3..0561ab5877 100644 --- a/enos/enos-scenario-benchmark.hcl +++ b/enos/enos-scenario-benchmark.hcl @@ -90,10 +90,10 @@ scenario "benchmark" { edition = [for e in matrix.edition : e if !strcontains(e, "hsm")] } - // softhsm packages not available for leap/sles. + // softhsm packages not available for sles (at the time of development) exclude { seal = ["pkcs11"] - distro = ["leap", "sles"] + distro = ["sles"] } // Testing in IPV6 mode is currently implemented for integrated Raft storage only @@ -115,7 +115,6 @@ scenario "benchmark" { artifact_path = matrix.artifact_source != "artifactory" ? abspath(var.vault_artifact_path) : null enos_provider = { amzn = provider.enos.ec2_user - leap = provider.enos.ec2_user rhel = provider.enos.ec2_user sles = provider.enos.ec2_user ubuntu = provider.enos.ubuntu diff --git a/enos/enos-scenario-dr-replication.hcl b/enos/enos-scenario-dr-replication.hcl index a38ebd2b27..5f4b5dc380 100644 --- a/enos/enos-scenario-dr-replication.hcl +++ b/enos/enos-scenario-dr-replication.hcl @@ -75,15 +75,15 @@ scenario "dr_replication" { edition = [for e in matrix.edition : e if !strcontains(e, "hsm")] } - // softhsm packages not available for leap/sles. + // softhsm packages not available for sles (at the time of development) exclude { primary_seal = ["pkcs11"] - distro = ["leap", "sles"] + distro = ["sles"] } exclude { secondary_seal = ["pkcs11"] - distro = ["leap", "sles"] + distro = ["sles"] } // Testing in IPV6 mode is currently implemented for integrated Raft storage only @@ -110,7 +110,6 @@ scenario "dr_replication" { artifact_path = matrix.artifact_source != "artifactory" ? abspath(var.vault_artifact_path) : null enos_provider = { amzn = provider.enos.ec2_user - leap = provider.enos.ec2_user rhel = provider.enos.ec2_user sles = provider.enos.ec2_user ubuntu = provider.enos.ubuntu @@ -222,6 +221,7 @@ scenario "dr_replication" { ami_id = step.ec2_info.ami_ids["arm64"]["ubuntu"]["24.04"] cluster_tag_key = global.vault_tag_key common_tags = global.tags + instance_count = 1 vpc_id = step.create_vpc.id } } diff --git a/enos/enos-scenario-pr-replication.hcl b/enos/enos-scenario-pr-replication.hcl index f091fc9e51..d95dc1af98 100644 --- a/enos/enos-scenario-pr-replication.hcl +++ b/enos/enos-scenario-pr-replication.hcl @@ -75,15 +75,15 @@ scenario "pr_replication" { edition = [for e in matrix.edition : e if !strcontains(e, "hsm")] } - // softhsm packages not available for leap/sles. + // softhsm packages not available for sles (at the time of development) exclude { primary_seal = ["pkcs11"] - distro = ["leap", "sles"] + distro = ["sles"] } exclude { secondary_seal = ["pkcs11"] - distro = ["leap", "sles"] + distro = ["sles"] } // Testing in IPV6 mode is currently implemented for integrated Raft storage only @@ -110,7 +110,6 @@ scenario "pr_replication" { artifact_path = matrix.artifact_source != "artifactory" ? abspath(var.vault_artifact_path) : null enos_provider = { amzn = provider.enos.ec2_user - leap = provider.enos.ec2_user rhel = provider.enos.ec2_user sles = provider.enos.ec2_user ubuntu = provider.enos.ubuntu @@ -222,6 +221,7 @@ scenario "pr_replication" { ami_id = step.ec2_info.ami_ids["arm64"]["ubuntu"]["24.04"] cluster_tag_key = global.vault_tag_key common_tags = global.tags + instance_count = 1 vpc_id = step.create_vpc.id } } diff --git a/enos/enos-scenario-proxy.hcl b/enos/enos-scenario-proxy.hcl index 035fa0b75b..c973ebcf5f 100644 --- a/enos/enos-scenario-proxy.hcl +++ b/enos/enos-scenario-proxy.hcl @@ -63,10 +63,10 @@ scenario "proxy" { edition = [for e in matrix.edition : e if !strcontains(e, "hsm")] } - // softhsm packages not available for leap/sles. + // softhsm packages not available for sles (at the time of development) exclude { seal = ["pkcs11"] - distro = ["leap", "sles"] + distro = ["sles"] } // Testing in IPV6 mode is currently implemented for integrated Raft storage only @@ -88,7 +88,6 @@ scenario "proxy" { artifact_path = matrix.artifact_source != "artifactory" ? abspath(var.vault_artifact_path) : null enos_provider = { amzn = provider.enos.ec2_user - leap = provider.enos.ec2_user rhel = provider.enos.ec2_user sles = provider.enos.ec2_user ubuntu = provider.enos.ubuntu @@ -189,6 +188,7 @@ scenario "proxy" { ami_id = step.ec2_info.ami_ids["arm64"]["ubuntu"]["24.04"] cluster_tag_key = global.vault_tag_key common_tags = global.tags + instance_count = 1 vpc_id = step.create_vpc.id } } diff --git a/enos/enos-scenario-seal-ha.hcl b/enos/enos-scenario-seal-ha.hcl index 6962165fb5..e0fe63713d 100644 --- a/enos/enos-scenario-seal-ha.hcl +++ b/enos/enos-scenario-seal-ha.hcl @@ -73,15 +73,15 @@ scenario "seal_ha" { edition = [for e in matrix.edition : e if !strcontains(e, "hsm")] } - // softhsm packages not available for leap/sles. + // softhsm packages not available for sles (at the time of development) exclude { primary_seal = ["pkcs11"] - distro = ["leap", "sles"] + distro = ["sles"] } exclude { secondary_seal = ["pkcs11"] - distro = ["leap", "sles"] + distro = ["sles"] } // Testing in IPV6 mode is currently implemented for integrated Raft storage only @@ -103,7 +103,6 @@ scenario "seal_ha" { artifact_path = matrix.artifact_source != "artifactory" ? abspath(var.vault_artifact_path) : null enos_provider = { amzn = provider.enos.ec2_user - leap = provider.enos.ec2_user rhel = provider.enos.ec2_user sles = provider.enos.ec2_user ubuntu = provider.enos.ubuntu @@ -221,6 +220,7 @@ scenario "seal_ha" { ami_id = step.ec2_info.ami_ids["arm64"]["ubuntu"]["24.04"] cluster_tag_key = global.vault_tag_key common_tags = global.tags + instance_count = 1 vpc_id = step.create_vpc.id } } diff --git a/enos/enos-scenario-smoke.hcl b/enos/enos-scenario-smoke.hcl index 42264025fe..c6ffff5226 100644 --- a/enos/enos-scenario-smoke.hcl +++ b/enos/enos-scenario-smoke.hcl @@ -62,10 +62,10 @@ scenario "smoke" { edition = [for e in matrix.edition : e if !strcontains(e, "hsm")] } - // softhsm packages not available for leap/sles. + // softhsm packages not available for sles (at the time of development) exclude { seal = ["pkcs11"] - distro = ["leap", "sles"] + distro = ["sles"] } // Testing in IPV6 mode is currently implemented for integrated Raft storage only @@ -87,7 +87,6 @@ scenario "smoke" { artifact_path = matrix.artifact_source != "artifactory" ? abspath(var.vault_artifact_path) : null enos_provider = { amzn = provider.enos.ec2_user - leap = provider.enos.ec2_user rhel = provider.enos.ec2_user sles = provider.enos.ec2_user ubuntu = provider.enos.ubuntu @@ -179,6 +178,7 @@ scenario "smoke" { ami_id = step.ec2_info.ami_ids["arm64"]["ubuntu"]["24.04"] cluster_tag_key = global.vault_tag_key common_tags = global.tags + instance_count = 1 vpc_id = step.create_vpc.id } } diff --git a/enos/enos-scenario-upgrade.hcl b/enos/enos-scenario-upgrade.hcl index ae23058fb1..ac69be03c5 100644 --- a/enos/enos-scenario-upgrade.hcl +++ b/enos/enos-scenario-upgrade.hcl @@ -72,10 +72,10 @@ scenario "upgrade" { edition = [for e in matrix.edition : e if !strcontains(e, "hsm")] } - // softhsm packages not available for leap/sles. + // softhsm packages not available for sles (at the time of development) exclude { seal = ["pkcs11"] - distro = ["leap", "sles"] + distro = ["sles"] } // Testing in IPV6 mode is currently implemented for integrated Raft storage only @@ -97,7 +97,6 @@ scenario "upgrade" { artifact_path = matrix.artifact_source != "artifactory" ? abspath(var.vault_artifact_path) : null enos_provider = { amzn = provider.enos.ec2_user - leap = provider.enos.ec2_user rhel = provider.enos.ec2_user sles = provider.enos.ec2_user ubuntu = provider.enos.ubuntu @@ -191,6 +190,7 @@ scenario "upgrade" { ami_id = step.ec2_info.ami_ids["arm64"]["ubuntu"]["24.04"] cluster_tag_key = global.vault_tag_key common_tags = global.tags + instance_count = 1 vpc_id = step.create_vpc.id } } diff --git a/enos/enos-variables.hcl b/enos/enos-variables.hcl index 2e7fcec507..ba899a1f4f 100644 --- a/enos/enos-variables.hcl +++ b/enos/enos-variables.hcl @@ -68,26 +68,20 @@ variable "distro_version_amzn" { default = "2023" // or "2", though pkcs11 has not been tested with 2 } -variable "distro_version_leap" { - description = "The version of openSUSE leap to use" - type = string - default = "15.6" -} - variable "distro_version_rhel" { - description = "The version of RHEL to use" + description = "The version of RedHat Enterprise Linux to use" type = string - default = "10.0" // or "8.10", "9.6" + default = "10.1" // or "8.10", "9.7" } variable "distro_version_sles" { - description = "The version of SUSE SLES to use" + description = "The version of SUSE Enterprise Linux to use" type = string - default = "15.6" + default = "16.0" // or "15.7" } variable "distro_version_ubuntu" { - description = "The version of ubuntu to use" + description = "The version of Ubuntu Linux to use" type = string default = "24.04" // or "22.04" } diff --git a/enos/enos.vars.hcl b/enos/enos.vars.hcl index 6ab7b8452e..b57d6c54db 100644 --- a/enos/enos.vars.hcl +++ b/enos/enos.vars.hcl @@ -34,17 +34,14 @@ // resources. // project_name = "vault-enos-integration" -// distro_version_amzn is the version of Amazon Linux 2 to use for "distro:amzn" variants -// distro_version_amzn = "2" - -// distro_version_leap is the version of openSUSE Leap to use for "distro:leap" variants -// distro_version_leap = "15.5" +// distro_version_amzn is the version of Amazon Linux to use for "distro:amzn" variants +// distro_version_amzn = "2023" // distro_version_rhel is the version of RHEL to use for "distro:rhel" variants. -// distro_version_rhel = "9.3" // or "8.9" +// distro_version_rhel = "10.1" // or "8.10" or "9.7" // distro_version_sles is the version of SUSE SLES to use for "distro:sles" variants. -// distro_version_sles = "v15_sp5_standard" +// distro_version_sles = "16.0" // or "15.7" // distro_version_ubuntu is the version of ubuntu to use for "distro:ubuntu" variants // distro_version_ubuntu = "22.04" // or "24.04" diff --git a/enos/modules/artifact/metadata/main.tf b/enos/modules/artifact/metadata/main.tf index 7ca4870f8d..6c6d3a1acb 100644 --- a/enos/modules/artifact/metadata/main.tf +++ b/enos/modules/artifact/metadata/main.tf @@ -21,9 +21,9 @@ variable "distro" { type = string validation { - condition = contains(["amzn", "leap", "rhel", "sles", "ubuntu"], var.distro) + condition = contains(["amzn", "rhel", "sles", "ubuntu"], var.distro) error_message = <<-EOF - distro must be one of "amzn", "leap", "rhel", "sles", "ubuntu" + distro must be one of "amzn", "rhel", "sles", "ubuntu" EOF } } @@ -69,21 +69,18 @@ locals { package_extensions = { amd64 = { amzn = local.package_extension_amd64_rpm - leap = local.package_extension_amd64_rpm rhel = local.package_extension_amd64_rpm sles = local.package_extension_amd64_rpm ubuntu = local.package_extension_amd64_deb } arm64 = { amzn = local.package_extension_arm64_rpm - leap = local.package_extension_arm64_rpm rhel = local.package_extension_arm64_rpm sles = local.package_extension_arm64_rpm ubuntu = local.package_extension_arm64_deb } s390x = { amzn = null - leap = local.package_extension_s390x_rpm rhel = local.package_extension_s390x_rpm sles = local.package_extension_s390x_rpm ubuntu = local.package_extension_s390x_deb @@ -115,7 +112,6 @@ locals { // file name prefixes for the install packages of vault for the various distributions and artifact types (package or bundle) package_prefixes = { amzn = local.package_prefixes_rpm, - leap = local.package_prefixes_rpm, rhel = local.package_prefixes_rpm, sles = local.package_prefixes_rpm, ubuntu = local.package_prefixes_deb, @@ -126,7 +122,6 @@ locals { release_repo_apt = "hashicorp-apt-release-local*" release_repos = { amzn = local.release_repo_rpm - leap = local.release_repo_rpm rhel = local.release_repo_rpm sles = local.release_repo_rpm ubuntu = local.release_repo_apt @@ -142,21 +137,22 @@ locals { release_path_deb = "pool/${var.arch}/main" release_sub_path_rpm = "${local.release_package_rpm_arch[var.arch]}/stable" release_path_distro = { + // NOTE: The versions here always correspond to the output of enos_host_info.distro_version. These are used in + // several modules so if you change the keys here also consider the "artifact/metadata", "ec2_info", + // "install_packages" and "softhsm_install" modules. amzn = { "2" = "AmazonLinux/2/${local.release_sub_path_rpm}" "2023" = "AmazonLinux/latest/${local.release_sub_path_rpm}" "latest" = "AmazonLinux/latest/${local.release_sub_path_rpm}" } - leap = { - "15.6" = "RHEL/9/${local.release_sub_path_rpm}" - } rhel = { "8.10" = "RHEL/8/${local.release_sub_path_rpm}" - "9.6" = "RHEL/9/${local.release_sub_path_rpm}" - "10.0" = "RHEL/10/${local.release_sub_path_rpm}" + "9.7" = "RHEL/9/${local.release_sub_path_rpm}" + "10.1" = "RHEL/10/${local.release_sub_path_rpm}" } sles = { - "15.6" = "RHEL/9/${local.release_sub_path_rpm}" + "15.7" = "RHEL/9/${local.release_sub_path_rpm}" + "16.0" = "RHEL/10/${local.release_sub_path_rpm}" } ubuntu = { "22.04" = local.release_path_deb, diff --git a/enos/modules/disable_selinux/scripts/make-selinux-permissive.sh b/enos/modules/disable_selinux/scripts/make-selinux-permissive.sh index 689a3ab045..0bc0f607b1 100644 --- a/enos/modules/disable_selinux/scripts/make-selinux-permissive.sh +++ b/enos/modules/disable_selinux/scripts/make-selinux-permissive.sh @@ -9,7 +9,7 @@ fail() { exit 1 } -if ! type getenforce &> /dev/null; then +if ! sudo bash -c 'type getenforce'; then exit 0 fi diff --git a/enos/modules/ec2_info/main.tf b/enos/modules/ec2_info/main.tf index f3c9d1a16d..f66425c142 100644 --- a/enos/modules/ec2_info/main.tf +++ b/enos/modules/ec2_info/main.tf @@ -1,37 +1,28 @@ # Copyright IBM Corp. 2016, 2025 # SPDX-License-Identifier: BUSL-1.1 -# Note: in order to use the openSUSE Leap AMIs, the AWS account in use must "subscribe" -# and accept SUSE's terms of use. You can do this at the links below. If the AWS account -# you are using is already subscribed, this confirmation will be displayed on each page. -# openSUSE Leap arm64 subscription: https://aws.amazon.com/marketplace/server/procurement?productId=a516e959-df54-4035-bb1a-63599b7a6df9 -# openSUSE Leap amd64 subscription: https://aws.amazon.com/marketplace/server/procurement?productId=5535c495-72d4-4355-b169-54ffa874f849 - locals { architectures = toset(["arm64", "x86_64"]) amazon_owner_id = "591542846629" canonical_owner_id = "099720109477" suse_owner_id = "013907871322" - opensuse_owner_id = "679593333241" redhat_owner_id = "309956199498" ids = { - // NOTE: If you modify these versions you'll probably also need to update the `softhsm_install` - // module to match. + // NOTE: The versions here always correspond to the output of enos_host_info.distro_version. These are used in + // several modules so if you change the keys here also consider the "artifact/metadata", "ec2_info", "arm64" = { "amzn" = { "2" = data.aws_ami.amzn_2["arm64"].id "2023" = data.aws_ami.amzn_2023["arm64"].id } - "leap" = { - "15.6" = data.aws_ami.leap_15["arm64"].id - } "rhel" = { "8.10" = data.aws_ami.rhel_8["arm64"].id - "9.6" = data.aws_ami.rhel_9["arm64"].id - "10.0" = data.aws_ami.rhel_10["arm64"].id + "9.7" = data.aws_ami.rhel_9["arm64"].id + "10.1" = data.aws_ami.rhel_10["arm64"].id } "sles" = { - "15.6" = data.aws_ami.sles_15["arm64"].id + "15.7" = data.aws_ami.sles_15["arm64"].id + "16.0" = data.aws_ami.sles_16["arm64"].id } "ubuntu" = { "22.04" = data.aws_ami.ubuntu_2204["arm64"].id @@ -43,16 +34,14 @@ locals { "2" = data.aws_ami.amzn_2["x86_64"].id "2023" = data.aws_ami.amzn_2023["x86_64"].id } - "leap" = { - "15.6" = data.aws_ami.leap_15["x86_64"].id - } "rhel" = { "8.10" = data.aws_ami.rhel_8["x86_64"].id - "9.6" = data.aws_ami.rhel_9["x86_64"].id - "10.0" = data.aws_ami.rhel_10["x86_64"].id + "9.7" = data.aws_ami.rhel_9["x86_64"].id + "10.1" = data.aws_ami.rhel_10["x86_64"].id } "sles" = { - "15.6" = data.aws_ami.sles_15["x86_64"].id + "15.7" = data.aws_ami.sles_15["x86_64"].id + "16.0" = data.aws_ami.sles_16["x86_64"].id } "ubuntu" = { "22.04" = data.aws_ami.ubuntu_2204["x86_64"].id @@ -96,30 +85,13 @@ data "aws_ami" "amzn_2023" { owners = [local.amazon_owner_id] } -data "aws_ami" "leap_15" { - most_recent = true - for_each = local.architectures - - filter { - name = "name" - values = ["openSUSE-Leap-15-6*"] - } - - filter { - name = "architecture" - values = [each.value] - } - - owners = [local.opensuse_owner_id] -} - data "aws_ami" "rhel_8" { most_recent = true for_each = local.architectures filter { name = "name" - values = ["RHEL-8.10*HVM-20*"] + values = ["RHEL-8.10*HVM_GA-20*"] } filter { @@ -141,7 +113,7 @@ data "aws_ami" "rhel_9" { filter { name = "name" - values = ["RHEL-9.6*HVM-20*"] + values = ["RHEL-9.7*HVM_GA-20*"] } filter { @@ -163,7 +135,7 @@ data "aws_ami" "rhel_10" { filter { name = "name" - values = ["RHEL-10.0*HVM-20*"] + values = ["RHEL-10.1*HVM_GA-20*"] } filter { @@ -185,7 +157,24 @@ data "aws_ami" "sles_15" { filter { name = "name" - values = ["suse-sles-15-sp6-v*-hvm-*"] + values = ["suse-sles-15-sp7-v*-hvm-*"] + } + + filter { + name = "architecture" + values = [each.value] + } + + owners = [local.suse_owner_id] +} + +data "aws_ami" "sles_16" { + most_recent = true + for_each = local.architectures + + filter { + name = "name" + values = ["suse-sles-16-0-v*-hvm-ssd-*"] } filter { diff --git a/enos/modules/install_packages/main.tf b/enos/modules/install_packages/main.tf index 9fb59f1a10..ba7b514ce5 100644 --- a/enos/modules/install_packages/main.tf +++ b/enos/modules/install_packages/main.tf @@ -15,20 +15,22 @@ locals { "arm64" = "aarch64" } package_manager = { - "amzn" = "yum" - "opensuse-leap" = "zypper" - "rhel" = "dnf" - "sles" = "zypper" - "ubuntu" = "apt" + "amzn" = "yum" + "rhel" = "dnf" + "sles" = "zypper" + "ubuntu" = "apt" } distro_repos = { + // NOTE: The versions here always correspond to the output of enos_host_info.distro_version. These are used in + // several modules so if you change the keys here also consider the "artifact/metadata", "ec2_info", "sles" = { - "15.6" = "https://download.opensuse.org/repositories/network:utilities/SLE_15_SP6/network:utilities.repo" + "15.7" = "https://download.opensuse.org/repositories/network:utilities/15.6/network:utilities.repo" + "16.0" = "https://download.opensuse.org/repositories/network:utilities/16.0/network:utilities.repo" } "rhel" = { "8.10" = "https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm" - "9.6" = "https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm" - "10.0" = "https://dl.fedoraproject.org/pub/epel/epel-release-latest-10.noarch.rpm" + "9.7" = "https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm" + "10.1" = "https://dl.fedoraproject.org/pub/epel/epel-release-latest-10.noarch.rpm" } } } diff --git a/enos/modules/softhsm_install/main.tf b/enos/modules/softhsm_install/main.tf index 6ce353d9cc..80278d1ac0 100644 --- a/enos/modules/softhsm_install/main.tf +++ b/enos/modules/softhsm_install/main.tf @@ -38,14 +38,15 @@ variable "timeout" { locals { packages = var.include_tools ? { - // These packages match the distros that are currently defined in the `ec2_info` module. + // NOTE: The versions here always correspond to the output of enos_host_info.distro_version. These are used in + // several modules so if you change the keys here also consider the "artifact/metadata", "ec2_info", amzn = { "2023" = ["softhsm", "opensc"] } rhel = { "8.10" = ["softhsm", "opensc"] - "9.6" = ["softhsm", "opensc"] - "10.0" = ["softhsm", "opensc"] + "9.7" = ["softhsm", "opensc"] + "10.1" = ["softhsm", "opensc"] } ubuntu = { "22.04" = ["softhsm", "opensc"] @@ -57,8 +58,8 @@ locals { } rhel = { "8.10" = ["softhsm"] - "9.6" = ["softhsm"] - "10.0" = ["softhsm"] + "9.7" = ["softhsm"] + "10.1" = ["softhsm"] } ubuntu = { "22.04" = ["softhsm"] diff --git a/enos/modules/vault_cluster/main.tf b/enos/modules/vault_cluster/main.tf index 7dc349499b..e84683955d 100644 --- a/enos/modules/vault_cluster/main.tf +++ b/enos/modules/vault_cluster/main.tf @@ -39,11 +39,10 @@ locals { } leader = toset(slice(local.instances, 0, 1)) netcat_command = { - amzn = "nc" - opensuse-leap = "netcat" - rhel = "nc" - sles = "nc" - ubuntu = "netcat" + amzn = "nc" + rhel = "nc" + sles = "nc" + ubuntu = "netcat" } recovery_shares = { "awskms" = 5 diff --git a/tools/pipeline/internal/pkg/generate/enos_dynamic_config.go b/tools/pipeline/internal/pkg/generate/enos_dynamic_config.go index 44ae97cf3c..1517b78b88 100644 --- a/tools/pipeline/internal/pkg/generate/enos_dynamic_config.go +++ b/tools/pipeline/internal/pkg/generate/enos_dynamic_config.go @@ -45,7 +45,6 @@ type Globals struct { type SampleAttrs struct { AWSRegion []string `json:"aws_region,omitempty" hcl:"aws_region" cty:"aws_region"` DistroVersionAmzn []string `json:"distro_version_amzn,omitempty" hcl:"distro_version_amzn" cty:"distro_version_amzn"` - DistroVersionLeap []string `json:"distro_version_leap,omitempty" hcl:"distro_version_leap" cty:"distro_version_leap"` DistroVersionRhel []string `json:"distro_version_rhel,omitempty" hcl:"distro_version_rhel" cty:"distro_version_rhel"` DistroVersionSles []string `json:"distro_version_sles,omitempty" hcl:"distro_version_sles" cty:"distro_version_sles"` DistroVersionUbuntu []string `json:"distro_version_ubuntu,omitempty" hcl:"distro_version_ubuntu" cty:"distro_version_ubuntu"` @@ -135,9 +134,8 @@ func (e *EnosDynamicConfigReq) getSampleAttrs(ctx context.Context) (*SampleAttrs AWSRegion: []string{"us-east-1", "us-west-2"}, // Current distro defaults DistroVersionAmzn: []string{"2023"}, - DistroVersionLeap: []string{"15.6"}, - DistroVersionRhel: []string{"8.10", "9.6", "10.0"}, - DistroVersionSles: []string{"15.6"}, + DistroVersionRhel: []string{"8.10", "9.7", "10.1"}, + DistroVersionSles: []string{"15.7", "16.0"}, DistroVersionUbuntu: []string{"22.04", "24.04"}, } diff --git a/tools/pipeline/internal/pkg/generate/enos_dynamic_config_test.go b/tools/pipeline/internal/pkg/generate/enos_dynamic_config_test.go index 5f27641d21..ddf523e4d2 100644 --- a/tools/pipeline/internal/pkg/generate/enos_dynamic_config_test.go +++ b/tools/pipeline/internal/pkg/generate/enos_dynamic_config_test.go @@ -229,9 +229,8 @@ func Test_EnosDynamicConfigReq_Run(t *testing.T) { SampleAttributes: &SampleAttrs{ AWSRegion: []string{"us-east-1", "us-west-2"}, DistroVersionAmzn: []string{"2023"}, - DistroVersionLeap: []string{"15.6"}, - DistroVersionRhel: []string{"8.10", "9.6", "10.0"}, - DistroVersionSles: []string{"15.6"}, + DistroVersionRhel: []string{"8.10", "9.7", "10.1"}, + DistroVersionSles: []string{"15.7", "16.0"}, DistroVersionUbuntu: []string{"22.04", "24.04"}, UpgradeInitialVersion: versions, }, @@ -251,9 +250,8 @@ globals { sample_attributes = { aws_region = ["us-east-1", "us-west-2"] distro_version_amzn = ["2023"] - distro_version_leap = ["15.6"] - distro_version_rhel = ["8.10", "9.6", "10.0"] - distro_version_sles = ["15.6"] + distro_version_rhel = ["8.10", "9.7", "10.1"] + distro_version_sles = ["15.7", "16.0"] distro_version_ubuntu = ["22.04", "24.04"] upgrade_initial_version = ["1.16.6", "1.16.7", "1.16.8", "1.16.9", "1.16.10", "1.17.3", "1.17.4", "1.17.6", "1.18.0-rc1"] }