diff --git a/.github/workflows/version_check.yml b/.github/workflows/version_check.yml index 7b7393752..611d61eda 100644 --- a/.github/workflows/version_check.yml +++ b/.github/workflows/version_check.yml @@ -60,7 +60,7 @@ jobs: echo -n -e "${C_RED}" echo -e "Pull request version $PR_VERSION is <= than current version $CURRENT_VERSION." - echo -e "Please update the version in $VERSION_FILE file." + echo -e "Please update the version in $PR_VERSION_URL file." echo -n -e "${C_RST}" exit 1 diff --git a/nova/core/galaxy.yml b/nova/core/galaxy.yml index 5f6a1cb9d..de35493aa 100644 --- a/nova/core/galaxy.yml +++ b/nova/core/galaxy.yml @@ -1,6 +1,6 @@ namespace: nova name: core -version: 7.4.2 +version: 7.4.3 readme: README.md authors: - https://github.com/novateams diff --git a/nova/core/roles/accounts/tasks/create_domain_groups.yml b/nova/core/roles/accounts/tasks/create_domain_groups.yml index fbffb1d90..a602b7e2d 100644 --- a/nova/core/roles/accounts/tasks/create_domain_groups.yml +++ b/nova/core/roles/accounts/tasks/create_domain_groups.yml @@ -3,7 +3,7 @@ microsoft.ad.group: name: "{{ item.name }}" scope: "{{ item.scope | default(domainlocal) }}" - path: "{{ item.ou }}" + path: "{{ item.ou | default(omit) }}" description: "{{ item.description | default(omit) }}" loop: "{{ domain_groups }}" loop_control: @@ -14,7 +14,7 @@ microsoft.ad.group: name: "{{ item.name }}" scope: "{{ item.scope | default(domainlocal) }}" - path: "{{ item.ou }}" + path: "{{ item.ou | default(omit) }}" description: "{{ item.description | default(omit) }}" members: set: "{{ item.members }}" @@ -29,7 +29,7 @@ microsoft.ad.group: name: "{{ item.name }}" scope: "{{ item.scope | default(domainlocal) }}" - path: "{{ item.ou }}" + path: "{{ item.ou | default(omit) }}" description: "{{ item.description | default(omit) }}" members: add: "{{ item.members }}" diff --git a/nova/core/roles/accounts/tasks/unix_create.yml b/nova/core/roles/accounts/tasks/unix_create.yml index f8d141dc7..fdb9a2636 100644 --- a/nova/core/roles/accounts/tasks/unix_create.yml +++ b/nova/core/roles/accounts/tasks/unix_create.yml @@ -38,7 +38,7 @@ groups: "{{ item.groups | default(root_group if item.username in admin_accounts | map(attribute='username') else 'users') }}" name: "{{ item.username }}" password: "{{ item.password | password_hash('sha512') }}" - shell: "{{ item.shell | default(unix_distro_shell_map[ansible_facts.distribution] | default('/bin/bash')) }}" + shell: "{{ item.shell | default(ansible_facts.env.SHELL) }}" skeleton: "{{ unix_distro_skel_map[ansible_facts.distribution] | default('/etc/skel') }}" uid: "{{ item.uid | default(omit) }}" update_password: "{{ item.update_password | default('always') }}" # always or on_create diff --git a/nova/core/roles/accounts/tasks/windows_create.yml b/nova/core/roles/accounts/tasks/windows_create.yml index 7f9d0230b..82cd8f822 100644 --- a/nova/core/roles/accounts/tasks/windows_create.yml +++ b/nova/core/roles/accounts/tasks/windows_create.yml @@ -168,9 +168,6 @@ - item.username == ansible_deployer_username # Because C:\ProgramData\ssh\administrators_authorized_keys supports only one key - item.ssh_key is defined -- name: Setting correct administrators_authorized_keys permissions... - ansible.windows.win_shell: icacls.exe C:\ProgramData\ssh\administrators_authorized_keys /inheritance:r /grant "Administrators:F" /grant "SYSTEM:F" - - name: Configuring SSHD in cloud environments... when: accounts_configure_ssh_maxauthtries block: diff --git a/nova/core/roles/caddy/defaults/main.yml b/nova/core/roles/caddy/defaults/main.yml index 48c44a2de..cbc116694 100644 --- a/nova/core/roles/caddy/defaults/main.yml +++ b/nova/core/roles/caddy/defaults/main.yml @@ -18,7 +18,7 @@ caddy_api_container_ports: - "{{ '127.0.0.1:' if caddy_api_from_localhost_only else '' }}2019:2019" # Caddy API port caddy_config_folder: /srv/caddy -caddy_version: 2.11.1 +caddy_version: 2.11.2 # caddy_template_caddyfile mode variables caddy_caddyfile_src: caddyfile_src # Will look for the file in templates folder for the role that includes this role diff --git a/nova/core/roles/configure_networking/tasks/vsphere/interfaces_alpine.yml b/nova/core/roles/configure_networking/tasks/vsphere/interfaces_alpine.yml index bdaef83d1..f71919cf6 100644 --- a/nova/core/roles/configure_networking/tasks/vsphere/interfaces_alpine.yml +++ b/nova/core/roles/configure_networking/tasks/vsphere/interfaces_alpine.yml @@ -143,6 +143,8 @@ ansible.builtin.set_fact: configure_networking_rescue_count: "{{ configure_networking_rescue_count | default(0) | int + 1 }}" + # Using shutdown > poweron instead of reboot to avoid potential race conditions + # where next tasks are already executing while the machine is still rebooting. - name: Shutting down {{ custom_vm_name | default(vm_name) }} VM... ansible.builtin.include_role: name: nova.core.powerstate diff --git a/nova/core/roles/configure_networking/tasks/vsphere/panos.yml b/nova/core/roles/configure_networking/tasks/vsphere/panos.yml index a88577f68..dacfc611e 100644 --- a/nova/core/roles/configure_networking/tasks/vsphere/panos.yml +++ b/nova/core/roles/configure_networking/tasks/vsphere/panos.yml @@ -15,7 +15,7 @@ - name: Including network configuration tasks... block: - name: Configuring MGMT interface on fresh deploy... - when: fresh_deploy + when: fresh_deploy or reconfigure_network | bool block: # When an IP address is reported by VMware Tools, it is ready to accept console input # Otherwise initial login attempt will just fail @@ -23,9 +23,7 @@ community.vmware.vmware_guest_tools_wait: name: "{{ custom_vm_name | default(vm_name) }}" register: panos_boot_status - until: - panos_boot_status.instance.ipv4 is not ansible.builtin.falsy - or panos_boot_status.instance.ipv6 is not ansible.builtin.falsy + until: panos_boot_status.instance.hw_guest_id != none retries: "{{ (configure_networking_panos_boot_wait_time if configure_networking_panos_boot_wait_time >= 5 else 5) // 5 }}" delay: 5 @@ -293,11 +291,19 @@ ansible.builtin.set_fact: configure_networking_rescue_count: "{{ configure_networking_rescue_count | default(0) | int + 1 }}" - - name: Restarting {{ custom_vm_name | default(vm_name) }} VM... + # Using shutdown > poweron instead of reboot to avoid potential race conditions + # where next tasks are already executing while the machine is still rebooting. + - name: Shutting down {{ custom_vm_name | default(vm_name) }} VM... ansible.builtin.include_role: name: nova.core.powerstate vars: - restart: true + shutdown: true + + - name: Starting {{ custom_vm_name | default(vm_name) }} VM... + ansible.builtin.include_role: + name: nova.core.powerstate + vars: + poweron: true - name: Re-including vSphere network configuration tasks... ansible.builtin.include_tasks: main.yml diff --git a/nova/core/roles/configure_networking/tasks/vsphere/proxmox.yml b/nova/core/roles/configure_networking/tasks/vsphere/proxmox.yml index e8e90095f..2a77caf3f 100644 --- a/nova/core/roles/configure_networking/tasks/vsphere/proxmox.yml +++ b/nova/core/roles/configure_networking/tasks/vsphere/proxmox.yml @@ -93,6 +93,8 @@ - name: Re-including vSphere network configuration tasks... ansible.builtin.include_tasks: main.yml + # Using shutdown > poweron instead of reboot to avoid potential race conditions + # where next tasks are already executing while the machine is still rebooting. - name: Shutting down {{ custom_vm_name | default(vm_name) }} VM... ansible.builtin.include_role: name: nova.core.powerstate diff --git a/nova/core/roles/configure_networking/tasks/vsphere/vyos_legacy.yml b/nova/core/roles/configure_networking/tasks/vsphere/vyos_legacy.yml index 05d289e5b..ed14cd081 100644 --- a/nova/core/roles/configure_networking/tasks/vsphere/vyos_legacy.yml +++ b/nova/core/roles/configure_networking/tasks/vsphere/vyos_legacy.yml @@ -39,6 +39,8 @@ ansible.builtin.include_tasks: command_run_check.yml # This will reset all interfaces + # Using shutdown > poweron instead of reboot to avoid potential race conditions + # where next tasks are already executing while the machine is still rebooting. - name: Shutting down {{ custom_vm_name | default(vm_name) }} VM... ansible.builtin.include_role: name: nova.core.powerstate diff --git a/nova/core/roles/configure_networking/tasks/vsphere/vyos_stream.yml b/nova/core/roles/configure_networking/tasks/vsphere/vyos_stream.yml index 37b4a4128..c0c9e14a9 100644 --- a/nova/core/roles/configure_networking/tasks/vsphere/vyos_stream.yml +++ b/nova/core/roles/configure_networking/tasks/vsphere/vyos_stream.yml @@ -84,6 +84,8 @@ ansible.builtin.include_tasks: main.yml # This will reset all interfaces + # Using shutdown > poweron instead of reboot to avoid potential race conditions + # where next tasks are already executing while the machine is still rebooting. - name: Shutting down {{ custom_vm_name | default(vm_name) }} VM... ansible.builtin.include_role: name: nova.core.powerstate diff --git a/nova/core/roles/expo/defaults/main.yml b/nova/core/roles/expo/defaults/main.yml index 0011c21bb..6acbc18e7 100644 --- a/nova/core/roles/expo/defaults/main.yml +++ b/nova/core/roles/expo/defaults/main.yml @@ -1,6 +1,7 @@ --- ### general ### expo_git_repo: +expo_git_branch: main expo_fqdn: expo.localhost expo_configuration_folder: XS/2023/XS23TR expo_project_mode: production diff --git a/nova/core/roles/expo/tasks/sync-code.yml b/nova/core/roles/expo/tasks/sync-code.yml index b52bdaba2..8ac7835d0 100644 --- a/nova/core/roles/expo/tasks/sync-code.yml +++ b/nova/core/roles/expo/tasks/sync-code.yml @@ -23,6 +23,8 @@ dest: /tmp/expo-{{ fqdn }} recursive: true depth: 1 + single_branch: yes + version: "{{ expo_git_branch }}" delegate_to: localhost become: false diff --git a/nova/core/roles/gitlab/defaults/main.yml b/nova/core/roles/gitlab/defaults/main.yml index efecc9dbf..60f20b465 100644 --- a/nova/core/roles/gitlab/defaults/main.yml +++ b/nova/core/roles/gitlab/defaults/main.yml @@ -1,6 +1,6 @@ --- ### gitlab general -gitlab_version: 18.9.1-ee.0 +gitlab_version: 18.9.2-ee.0 gitlab_ssh_port: 10022 # Increase gitlab ssh MaxAuthTries to avoid connection issues for users with more than 6 keys in their SSH agent set to {} to disable gitlab_ssh_max_auth_tries: 20 diff --git a/nova/core/roles/keycloak/defaults/main.yml b/nova/core/roles/keycloak/defaults/main.yml index ad29e40ad..de641228b 100644 --- a/nova/core/roles/keycloak/defaults/main.yml +++ b/nova/core/roles/keycloak/defaults/main.yml @@ -1,10 +1,10 @@ --- # The Keycloak version and the Keycloak Config CLI version should be compatible -keycloak_version: 26.5.4 +keycloak_version: 26.5.6 # https://github.com/adorsys/keycloak-config-cli # https://hub.docker.com/r/adorsys/keycloak-config-cli/tags -keycloak_config_cli_version: 6.4.1-26 +keycloak_config_cli_version: 6.5.0-26 keycloak_postgres_version: 15 # POSTGRES_VERSION_TAG keycloak_container_config_folder: /srv/keycloak diff --git a/nova/core/roles/linux_xrdp_server/defaults/main.yml b/nova/core/roles/linux_xrdp_server/defaults/main.yml index 37501cb98..dfdc9d64f 100644 --- a/nova/core/roles/linux_xrdp_server/defaults/main.yml +++ b/nova/core/roles/linux_xrdp_server/defaults/main.yml @@ -1,6 +1,7 @@ --- # Can be used to lock to a specific version when the latest is not desired or is temporarily broken linux_xrdp_server_xorgxrdp_version: {} +linux_xrdp_server_xrdp_version: {} # Kali & Ubuntu 24 and later diff --git a/nova/core/roles/linux_xrdp_server/tasks/debian_os.yml b/nova/core/roles/linux_xrdp_server/tasks/debian_os.yml index 34ddf90cb..f4e7fae5e 100644 --- a/nova/core/roles/linux_xrdp_server/tasks/debian_os.yml +++ b/nova/core/roles/linux_xrdp_server/tasks/debian_os.yml @@ -2,7 +2,7 @@ - name: Installing xrdp... ansible.builtin.package: name: - - xrdp + - xrdp{{ '=' + linux_xrdp_server_xrdp_version if linux_xrdp_server_xrdp_version != {} else '' }} - xorgxrdp{{ '=' + linux_xrdp_server_xorgxrdp_version if linux_xrdp_server_xorgxrdp_version != {} else '' }} state: present update_cache: true @@ -14,6 +14,11 @@ notify: linux_xrdp_server_reboot # This is to avoid updating xorgxrdp with apt upgrade when it's versioned +- name: "{{ 'Locking' if linux_xrdp_server_xrdp_version != {} else 'Unlocking' }} xrdp version..." + ansible.builtin.dpkg_selections: + name: xrdp + selection: "{{ 'hold' if linux_xrdp_server_xrdp_version != {} else 'install' }}" + - name: "{{ 'Locking' if linux_xrdp_server_xorgxrdp_version != {} else 'Unlocking' }} xorgxrdp version..." ansible.builtin.dpkg_selections: name: xorgxrdp diff --git a/nova/core/roles/machine_operations/tasks/main.yml b/nova/core/roles/machine_operations/tasks/main.yml index 64f347088..d54318ffa 100644 --- a/nova/core/roles/machine_operations/tasks/main.yml +++ b/nova/core/roles/machine_operations/tasks/main.yml @@ -28,7 +28,7 @@ - name: Including metadata generation role... ansible.builtin.include_role: name: nova.core.role_metadata_post - when: (just_create) or (deploy_mode == "undeploy") # Post metadata here only when undeploying or just creating the machine + when: (just_create | bool) or (deploy_mode == "undeploy") # Post metadata here only when undeploying or just creating the machine - name: Including type - host machine operations... when: customization_context == "host" # Alternative is container and then it's not creating it with this role diff --git a/nova/core/roles/nexus/defaults/main.yml b/nova/core/roles/nexus/defaults/main.yml index b96247f07..54f59fe73 100644 --- a/nova/core/roles/nexus/defaults/main.yml +++ b/nova/core/roles/nexus/defaults/main.yml @@ -9,7 +9,7 @@ nexus_configure_ldap: false # Set to true to also configure LDAP after installat nexus_create_repos: false # Set to true to also create default repositories after installation nexus_allow_anonymous_access: true # Set to false to disable anonymous access nexus_active_encryption_key_id: Primary Encryption Key # Name of the active encryption key that comes with this role -nexus_version: 3.89.1 # Nexus version to install +nexus_version: 3.90.1 # Nexus version to install # Default is the built-in Nexus admin user. If set to a different value than admin, the role will create the user. nexus_admin_username: admin diff --git a/nova/core/roles/os_configuration/tasks/opnsense.yml b/nova/core/roles/os_configuration/tasks/opnsense.yml index b620eb307..a6c882354 100644 --- a/nova/core/roles/os_configuration/tasks/opnsense.yml +++ b/nova/core/roles/os_configuration/tasks/opnsense.yml @@ -40,6 +40,10 @@ owner: root group: wheel +- name: Reloading OPNsense configuration for {{ inventory_hostname }}... + ansible.builtin.command: /etc/rc.reload_all + changed_when: true + - name: Removing local config.xml file... ansible.builtin.file: path: /tmp/{{ project_fullname | default('') }}_{{ inventory_hostname }}_opnsense_config.xml diff --git a/nova/core/roles/os_configuration/tasks/pfsense.yml b/nova/core/roles/os_configuration/tasks/pfsense.yml index 58f8a3d0b..0e9707897 100644 --- a/nova/core/roles/os_configuration/tasks/pfsense.yml +++ b/nova/core/roles/os_configuration/tasks/pfsense.yml @@ -56,6 +56,10 @@ group: wheel notify: pf_sense_reboot +- name: Reloading pfSense configuration for {{ inventory_hostname }}... + ansible.builtin.command: /etc/rc.reload_all + changed_when: true + - name: Removing local config.xml file... ansible.builtin.file: path: /tmp/{{ project_fullname | default('') }}_{{ inventory_hostname }}_pfsense_config.xml diff --git a/nova/core/roles/outline/defaults/main.yml b/nova/core/roles/outline/defaults/main.yml index 1fa2dd15b..5ea81b27a 100644 --- a/nova/core/roles/outline/defaults/main.yml +++ b/nova/core/roles/outline/defaults/main.yml @@ -1,5 +1,5 @@ --- -outline_version: 1.5.0 +outline_version: 1.6.1 outline_postgres_version: 17 # POSTGRES_VERSION_TAG # Pre-generated secret key for Outline diff --git a/nova/core/roles/snapshots/vsphere/revert.yml b/nova/core/roles/snapshots/vsphere/revert.yml index e08e93ac2..64a7b55e9 100644 --- a/nova/core/roles/snapshots/vsphere/revert.yml +++ b/nova/core/roles/snapshots/vsphere/revert.yml @@ -1,10 +1,9 @@ --- - name: Reverting to {{ snapshot_name | default(vcenter_vm_info.guests[0].current_snapshot.name) | default('') }} snapshot... - community.vmware.vmware_guest_snapshot: + vmware.vmware.vm_snapshot_revert: datacenter: "{{ datacenter }}" folder: "{{ folder }}" name: "{{ custom_vm_name | default(vm_name) }}" - state: revert snapshot_name: "{{ snapshot_name | default(vcenter_vm_info.guests[0].current_snapshot.name) }}" delegate_to: localhost become: false diff --git a/nova/core/roles/updates/tasks/macos.yml b/nova/core/roles/updates/tasks/macos.yml index 98aed8752..f4400fcd3 100644 --- a/nova/core/roles/updates/tasks/macos.yml +++ b/nova/core/roles/updates/tasks/macos.yml @@ -22,6 +22,21 @@ Check that the host is up and running and try again. when: updates_rescue_loop_count | int > 3 + # In some cases, MacOS update process can cause the machine to become temporarily unreachable. + # For those cases will try to use the Hypervisor to power cycle the machine and wait for it to come back up. + - name: Shutting down {{ custom_vm_name | default(vm_name) }} VM... + ansible.builtin.include_role: + name: nova.core.powerstate + vars: + powerstate_agent_info_timeout: 600 + shutdown: true + + - name: Starting {{ custom_vm_name | default(vm_name) }} VM... + ansible.builtin.include_role: + name: nova.core.powerstate + vars: + poweron: true + - name: Waiting until ssh is up for {{ inventory_hostname }}... ansible.builtin.wait_for: host: "{{ ansible_host }}" diff --git a/nova/core/roles/vault/defaults/main.yml b/nova/core/roles/vault/defaults/main.yml index d2fe15f12..753a9074a 100644 --- a/nova/core/roles/vault/defaults/main.yml +++ b/nova/core/roles/vault/defaults/main.yml @@ -10,7 +10,7 @@ vault_configure: false # Run the initial default configuration for Vault vault_configure_ldap: false # Configuring LDAP authentication for Vault vault_configuration_uri: "https://{{ fqdn }}" # Defined separately for when configuring multiple Vaults vault_config_folder: /srv/vault -vault_version: 1.21.2 # Default Vault Docker image version +vault_version: 1.21.4 # Default Vault Docker image version vault_container_name: vault vault_server_log_level: debug # Debug gives better info about LDAP login failures and their reasons vault_audit_logging: false # Enable Vault audit logging diff --git a/nova/core/roles/vault/tasks/ca_intermediates.yml b/nova/core/roles/vault/tasks/ca_intermediates.yml index b9dd2055d..86095c995 100644 --- a/nova/core/roles/vault/tasks/ca_intermediates.yml +++ b/nova/core/roles/vault/tasks/ca_intermediates.yml @@ -135,7 +135,7 @@ cn_validations: disabled code_signing_flag: "{{ certificate_role.vault_cert_code_signing | default(false) }}" country: "{{ certificate_role.vault_cert_country | default('') }}" - enforce_hostnames: true + enforce_hostnames: "{{ certificate_role.vault_cert_enforce_hostnames | default(true) }}" key_bits: "{{ certificate_role.vault_cert_key_bits }}" key_type: "{{ certificate_role.vault_cert_key_type }}" key_usage: "{{ certificate_role.vault_cert_key_usage | join(', ') | default('DigitalSignature, KeyAgreement, KeyEncipherment') }}"