Merge branch 'stackhpc/2023.1' into merge-stackhpc-2023.1

Change-Id: I677ec4000ce8fe37c9be65dd98dd3eb5b261eb35
stackhpc · Dec 16, 2024 · d432be4 · d432be4
2 parents e336977 + 0092610
commit d432be4
Show file tree

Hide file tree

Showing 5 changed files with 26 additions and 3 deletions.
diff --git a/ansible/inventory/group_vars/all/proxy b/ansible/inventory/group_vars/all/proxy
@@ -19,3 +19,4 @@ no_proxy:
   - "127.0.0.1"
   - "localhost"
   - "{{ ('http://' ~ docker_registry) | urlsplit('hostname') if docker_registry else '' }}"
+  - "{{ kolla_internal_vip_address }}"
diff --git a/etc/kayobe/proxy.yml b/etc/kayobe/proxy.yml
@@ -12,8 +12,9 @@
 
 # List of domains, hostnames, IP addresses and networks for which no proxy is
 # used. Defaults to ["127.0.0.1", "localhost", "{{ ('http://' ~
-# docker_registry) | urlsplit('hostname') }}"] if docker_registry is set, or
-# ["127.0.0.1", "localhost"] otherwise. This is configured only if either
+# docker_registry) | urlsplit('hostname') }}","{{ kolla_internal_vip_address
+# }}"] if docker_registry is set, or ["127.0.0.1", "localhost","{{
+# kolla_internal_vip_address }}"] otherwise. This is configured only if either
 # http_proxy or https_proxy is set.
 #no_proxy:
 

diff --git a/releasenotes/notes/adds-internal-vip-to-no-proxy-cbb4db4ea3909185.yaml b/releasenotes/notes/adds-internal-vip-to-no-proxy-cbb4db4ea3909185.yaml
@@ -0,0 +1,17 @@
+---
+features:
+  - |
+    Adds the internal VIP to the NOPROXY/noproxy environment variables.
+security:
+  - |
+    When running API requests from a host configured with kayobe, traffic
+    destined for the internal VIP is sent via the default proxy. This can be a
+    security issue if not using TLS as the proxy will be able to intercept the
+    traffic. If using an untrusted proxy, with TLS disabled on the internal
+    VIP, it is recommended that you run ``kayobe overcloud host configure -t
+    proxy``, ``kayobe seed hypervisor host configure -t proxy``, ``kayobe seed
+    host configure -t proxy``, and ``kayobe infra vm host configure -t proxy``,
+    to add the internal VIP to the no proxy configuration. This is considered a
+    minor issue as traffic between containers will not use the proxy by
+    default.
+    `LP#2087556 <https://launchpad.net/bugs/2087556>`__
diff --git a/releasenotes/notes/nvue-1-2-6-dd6aaa63cd49a37d.yaml b/releasenotes/notes/nvue-1-2-6-dd6aaa63cd49a37d.yaml
@@ -0,0 +1,4 @@
+---
+upgrade:
+  - |
+    Bumps the ``nvidia.nvue`` collection to 1.2.6.
diff --git a/requirements.yml b/requirements.yml
@@ -8,7 +8,7 @@ collections:
   - name: stackhpc.linux
     version: 1.1.0
   - name: nvidia.nvue
-    version: 1.2.0
+    version: 1.2.6
 
 roles:
   - src: ahuffman.resolv