upstream/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2026-02-03 20:40:45 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

[VAULT-41521] enos(ec2_infor): update scenario base images (#11508) (#11533)

Browse source 
Update the base images for all scenarios:

- RHEL: upgrade base image for 10 to 10.1
- RHEL: upgrade base image for 9 to 9.7
- SLES: upgrade base image for 15 to 15.7
- SLES: add SLES 16.0 to the matrix
- OpenSUSE: remove OpenSUSE Leap from the matrix

I ended up removing OpenSUSE because the images that we were on were rarely updated and that resulted in very slow scenarios because of package upgrades. Also, despite the latest release being in October I didn't find any public cloud images produced for the new version of Leap. We can consider adding it back later but I'm comfortable just leaving SLES 15 and 16 in there for that test coverage.

I also ended up fixing a bug in our integration host setup where we'd provision three nodes instead of one. That ought to result in many fewer instance provisions per scenario. I also had to make a few small tweaks in how we detected whether or not SELinux is enabled, as the prior implementation did not work for SLES 16.

Signed-off-by: Ryan Cragun <me@ryan.ec>
Co-authored-by: Ryan Cragun <me@ryan.ec>
This commit is contained in:
Vault Automation 2025-12-22 14:17:51 -07:00 committed by GitHub
parent 59b23f628f
commit 7b470708ac
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
26 changed files with 128 additions and 160 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.github/workflows/test-run-enos-scenario-matrix.yml vendored
View file

@ -184,7 +184,6 @@ jobs:
echo 'ENOS_VAR_aws_ssh_private_key_path=./support/private_key.pem'
echo 'ENOS_VAR_consul_license_path=./support/consul.hclic'
echo 'ENOS_VAR_distro_version_amzn=${{ matrix.attributes.distro_version_amzn }}'
echo 'ENOS_VAR_distro_version_leap=${{ matrix.attributes.distro_version_leap }}'
echo 'ENOS_VAR_distro_version_rhel=${{ matrix.attributes.distro_version_rhel }}'
echo 'ENOS_VAR_distro_version_sles=${{ matrix.attributes.distro_version_sles }}'
echo 'ENOS_VAR_distro_version_ubuntu=${{ matrix.attributes.distro_version_ubuntu }}'

5
enos/enos-dev-scenario-pr-replication.hcl
View file

@ -20,7 +20,7 @@ scenario "dev_pr_replication" {
matrix {
arch = ["amd64", "arm64"]
artifact = ["local", "deb", "rpm", "zip"]
distro = ["amzn", "leap", "rhel", "sles", "ubuntu"]
distro = ["amzn", "rhel", "sles", "ubuntu"]
edition = ["ent", "ent.fips1403", "ent.hsm", "ent.hsm.fips1403"]
primary_backend = ["consul", "raft"]
primary_seal = ["awskms", "pkcs11", "shamir"]
@ -44,7 +44,7 @@ scenario "dev_pr_replication" {
exclude {
artifact = ["deb", "rpm"]
distro = ["sles", "leap"]
distro = ["sles"]
}
exclude {
@ -78,7 +78,6 @@ scenario "dev_pr_replication" {
// specified in enos-providers.hcl), and we need to be able to access both of those here.
enos_provider = {
amzn = provider.enos.ec2_user
leap = provider.enos.ec2_user
rhel = provider.enos.ec2_user
sles = provider.enos.ec2_user
ubuntu = provider.enos.ubuntu

5
enos/enos-dev-scenario-single-cluster.hcl
View file

@ -20,7 +20,7 @@ scenario "dev_single_cluster" {
arch = ["amd64", "arm64"]
artifact = ["local", "deb", "rpm", "zip"]
backend = ["consul", "raft"]
distro = ["amzn", "leap", "rhel", "sles", "ubuntu"]
distro = ["amzn", "rhel", "sles", "ubuntu"]
edition = ["ce", "ent", "ent.fips1403", "ent.hsm", "ent.hsm.fips1403"]
seal = ["awskms", "pkcs11", "shamir"]
@ -41,7 +41,7 @@ scenario "dev_single_cluster" {
exclude {
artifact = ["deb", "rpm"]
distro = ["sles", "leap"]
distro = ["sles"]
}
exclude {
@ -72,7 +72,6 @@ scenario "dev_single_cluster" {
// specified in enos-providers.hcl), and we need to be able to access both of those here.
enos_provider = {
amzn = provider.enos.ec2_user
leap = provider.enos.ec2_user
rhel = provider.enos.ec2_user
sles = provider.enos.ec2_user
ubuntu = provider.enos.ubuntu

7
enos/enos-dynamic-config.hcl
View file

@ -11,10 +11,9 @@ globals {
sample_attributes = {
aws_region = ["us-east-1", "us-west-2"]
distro_version_amzn = ["2023"]
distro_version_leap = ["15.6"]
distro_version_rhel = ["8.10", "9.6"]
distro_version_sles = ["15.6"]
distro_version_rhel = ["8.10", "9.7", "10.1"]
distro_version_sles = ["15.7", "16.0"]
distro_version_ubuntu = ["22.04", "24.04"]
upgrade_initial_version = ["1.18.0", "1.18.1", "1.18.2", "1.18.3", "1.18.4", "1.18.5", "1.18.6", "1.18.7", "1.18.8", "1.18.9", "1.18.10", "1.18.11", "1.18.12", "1.18.13", "1.19.0", "1.19.1", "1.19.2", "1.19.3", "1.19.4", "1.19.5", "1.19.6", "1.19.7", "1.19.8", "1.20.0", "1.20.1", "1.20.2"]
upgrade_initial_version = ["1.19.0", "1.19.1", "1.19.2", "1.19.3", "1.19.4", "1.19.5", "1.19.6", "1.19.7", "1.19.8", "1.19.9", "1.19.10", "1.19.11", "1.19.12", "1.20.0", "1.20.1", "1.20.2", "1.20.3", "1.20.4", "1.20.5", "1.20.6", "1.21.0", "1.21.1"]
}
}

17
enos/enos-globals.hcl
View file

@ -18,26 +18,27 @@ globals {
config_modes = ["env", "file"]
consul_editions = ["ce", "ent"]
consul_versions = ["1.18.2", "1.19.2", "1.20.6", "1.21.1"]
distros = ["amzn", "leap", "rhel", "sles", "ubuntu"]
distros = ["amzn", "rhel", "sles", "ubuntu"]
// Different distros may require different packages, or use different aliases for the same package
distro_packages = {
// NOTE: These versions must always match the output of enos_host_info.target_distro. They are
// also used in various modules `artifact`, `ec2_info`, and `softhsm_install`. If you are adding
// or modifying keys you probably have to update those modules.
amzn = {
"2" = ["nc", "openldap-clients"]
"2023" = ["nc", "openldap-clients"]
}
leap = {
"15.6" = ["netcat", "openssl", "openldap2-client"]
}
rhel = {
"8.10" = ["nc", "openldap-clients"]
"9.6" = ["nc", "openldap-clients"]
"10.0" = ["nc", "openldap-clients"]
"9.7" = ["nc", "openldap-clients"]
"10.1" = ["nc", "openldap-clients"]
}
sles = {
// When installing Vault RPM packages on a SLES AMI, the openssl package provided
// isn't named "openssl, which rpm doesn't know how to handle. Therefore we add the
// "correctly" named one in our package installation before installing Vault.
"15.6" = ["netcat-openbsd", "openssl", "openldap2-client"]
"15.7" = ["netcat-openbsd", "openssl", "openldap2-client"]
"16.0" = ["netcat-openbsd", "openssl", "openldap2-client"]
}
ubuntu = {
"22.04" = ["netcat", "ldap-utils"]
@ -46,7 +47,6 @@ globals {
}
distro_version = {
amzn = var.distro_version_amzn
leap = var.distro_version_leap
rhel = var.distro_version_rhel
sles = var.distro_version_sles
ubuntu = var.distro_version_ubuntu
@ -56,7 +56,6 @@ globals {
ip_versions = ["4", "6"]
package_manager = {
"amzn" = "yum"
"leap" = "zypper"
"rhel" = "yum"
"sles" = "zypper"
"ubuntu" = "apt"

8
enos/enos-samples-ce-build.hcl
View file

@ -141,7 +141,7 @@ sample "build_ce_linux_amd64_rpm" {
arch = ["amd64"]
artifact_source = ["crt"]
artifact_type = ["package"]
distro = ["amzn", "leap", "rhel", "sles"]
distro = ["amzn", "rhel", "sles"]
edition = ["ce"]
}
}
@ -151,7 +151,7 @@ sample "build_ce_linux_amd64_rpm" {
arch = ["amd64"]
artifact_source = ["crt"]
artifact_type = ["package"]
distro = ["amzn", "leap", "rhel", "sles"]
distro = ["amzn", "rhel", "sles"]
edition = ["ce"]
}
}
@ -161,7 +161,7 @@ sample "build_ce_linux_amd64_rpm" {
arch = ["amd64"]
artifact_source = ["crt"]
artifact_type = ["package"]
distro = ["amzn", "leap", "rhel", "sles"]
distro = ["amzn", "rhel", "sles"]
edition = ["ce"]
}
}
@ -171,7 +171,7 @@ sample "build_ce_linux_amd64_rpm" {
arch = ["amd64"]
artifact_source = ["crt"]
artifact_type = ["package"]
distro = ["amzn", "leap", "rhel", "sles"]
distro = ["amzn", "rhel", "sles"]
edition = ["ce"]
exclude {

8
enos/enos-samples-ce-release.hcl
View file

@ -141,7 +141,7 @@ sample "release_ce_linux_amd64_rpm" {
arch = ["amd64"]
artifact_source = ["artifactory"]
artifact_type = ["package"]
distro = ["amzn", "leap", "rhel", "sles"]
distro = ["amzn", "rhel", "sles"]
edition = ["ce"]
}
}
@ -151,7 +151,7 @@ sample "release_ce_linux_amd64_rpm" {
arch = ["amd64"]
artifact_source = ["artifactory"]
artifact_type = ["package"]
distro = ["amzn", "leap", "rhel", "sles"]
distro = ["amzn", "rhel", "sles"]
edition = ["ce"]
}
}
@ -161,7 +161,7 @@ sample "release_ce_linux_amd64_rpm" {
arch = ["amd64"]
artifact_source = ["artifactory"]
artifact_type = ["package"]
distro = ["amzn", "leap", "rhel", "sles"]
distro = ["amzn", "rhel", "sles"]
edition = ["ce"]
}
}
@ -171,7 +171,7 @@ sample "release_ce_linux_amd64_rpm" {
arch = ["amd64"]
artifact_source = ["artifactory"]
artifact_type = ["package"]
distro = ["amzn", "leap", "rhel", "sles"]
distro = ["amzn", "rhel", "sles"]
edition = ["ce"]
}
}

6
enos/enos-scenario-agent.hcl
View file

@ -63,10 +63,10 @@ scenario "agent" {
edition = [for e in matrix.edition : e if !strcontains(e, "hsm")]
}
// softhsm packages not available for leap/sles.
// softhsm packages not available for sles (at the time of development)
exclude {
seal = ["pkcs11"]
distro = ["leap", "sles"]
distro = ["sles"]
}
// Testing in IPV6 mode is currently implemented for integrated Raft storage only
@ -88,7 +88,6 @@ scenario "agent" {
artifact_path = matrix.artifact_source != "artifactory" ? abspath(var.vault_artifact_path) : null
enos_provider = {
amzn = provider.enos.ec2_user
leap = provider.enos.ec2_user
rhel = provider.enos.ec2_user
sles = provider.enos.ec2_user
ubuntu = provider.enos.ubuntu
@ -182,6 +181,7 @@ scenario "agent" {
ami_id = step.ec2_info.ami_ids["arm64"]["ubuntu"]["24.04"]
cluster_tag_key = global.vault_tag_key
common_tags = global.tags
instance_count = 1
vpc_id = step.create_vpc.id
}
}

6
enos/enos-scenario-autopilot.hcl
View file

@ -71,10 +71,10 @@ scenario "autopilot" {
edition = [for e in matrix.edition : e if !strcontains(e, "hsm")]
}
// softhsm packages not available for leap/sles.
// softhsm packages not available for sles (at the time of development)
exclude {
seal = ["pkcs11"]
distro = ["leap", "sles"]
distro = ["sles"]
}
// Testing in IPV6 mode is currently implemented for integrated Raft storage only
@ -96,7 +96,6 @@ scenario "autopilot" {
artifact_path = matrix.artifact_source != "artifactory" ? abspath(var.vault_artifact_path) : null
enos_provider = {
amzn = provider.enos.ec2_user
leap = provider.enos.ec2_user
rhel = provider.enos.ec2_user
sles = provider.enos.ec2_user
ubuntu = provider.enos.ubuntu
@ -179,6 +178,7 @@ scenario "autopilot" {
ami_id = step.ec2_info.ami_ids["arm64"]["ubuntu"]["24.04"]
cluster_tag_key = global.vault_tag_key
common_tags = global.tags
instance_count = 1
vpc_id = step.create_vpc.id
}
}

5
enos/enos-scenario-benchmark.hcl
View file

@ -90,10 +90,10 @@ scenario "benchmark" {
edition = [for e in matrix.edition : e if !strcontains(e, "hsm")]
}
// softhsm packages not available for leap/sles.
// softhsm packages not available for sles (at the time of development)
exclude {
seal = ["pkcs11"]
distro = ["leap", "sles"]
distro = ["sles"]
}
// Testing in IPV6 mode is currently implemented for integrated Raft storage only
@ -115,7 +115,6 @@ scenario "benchmark" {
artifact_path = matrix.artifact_source != "artifactory" ? abspath(var.vault_artifact_path) : null
enos_provider = {
amzn = provider.enos.ec2_user
leap = provider.enos.ec2_user
rhel = provider.enos.ec2_user
sles = provider.enos.ec2_user
ubuntu = provider.enos.ubuntu

8
enos/enos-scenario-dr-replication.hcl
View file

@ -75,15 +75,15 @@ scenario "dr_replication" {
edition = [for e in matrix.edition : e if !strcontains(e, "hsm")]
}
// softhsm packages not available for leap/sles.
// softhsm packages not available for sles (at the time of development)
exclude {
primary_seal = ["pkcs11"]
distro = ["leap", "sles"]
distro = ["sles"]
}
exclude {
secondary_seal = ["pkcs11"]
distro = ["leap", "sles"]
distro = ["sles"]
}
// Testing in IPV6 mode is currently implemented for integrated Raft storage only
@ -110,7 +110,6 @@ scenario "dr_replication" {
artifact_path = matrix.artifact_source != "artifactory" ? abspath(var.vault_artifact_path) : null
enos_provider = {
amzn = provider.enos.ec2_user
leap = provider.enos.ec2_user
rhel = provider.enos.ec2_user
sles = provider.enos.ec2_user
ubuntu = provider.enos.ubuntu
@ -222,6 +221,7 @@ scenario "dr_replication" {
ami_id = step.ec2_info.ami_ids["arm64"]["ubuntu"]["24.04"]
cluster_tag_key = global.vault_tag_key
common_tags = global.tags
instance_count = 1
vpc_id = step.create_vpc.id
}
}

8
enos/enos-scenario-pr-replication.hcl
View file

@ -75,15 +75,15 @@ scenario "pr_replication" {
edition = [for e in matrix.edition : e if !strcontains(e, "hsm")]
}
// softhsm packages not available for leap/sles.
// softhsm packages not available for sles (at the time of development)
exclude {
primary_seal = ["pkcs11"]
distro = ["leap", "sles"]
distro = ["sles"]
}
exclude {
secondary_seal = ["pkcs11"]
distro = ["leap", "sles"]
distro = ["sles"]
}
// Testing in IPV6 mode is currently implemented for integrated Raft storage only
@ -110,7 +110,6 @@ scenario "pr_replication" {
artifact_path = matrix.artifact_source != "artifactory" ? abspath(var.vault_artifact_path) : null
enos_provider = {
amzn = provider.enos.ec2_user
leap = provider.enos.ec2_user
rhel = provider.enos.ec2_user
sles = provider.enos.ec2_user
ubuntu = provider.enos.ubuntu
@ -222,6 +221,7 @@ scenario "pr_replication" {
ami_id = step.ec2_info.ami_ids["arm64"]["ubuntu"]["24.04"]
cluster_tag_key = global.vault_tag_key
common_tags = global.tags
instance_count = 1
vpc_id = step.create_vpc.id
}
}

6
enos/enos-scenario-proxy.hcl
View file

@ -63,10 +63,10 @@ scenario "proxy" {
edition = [for e in matrix.edition : e if !strcontains(e, "hsm")]
}
// softhsm packages not available for leap/sles.
// softhsm packages not available for sles (at the time of development)
exclude {
seal = ["pkcs11"]
distro = ["leap", "sles"]
distro = ["sles"]
}
// Testing in IPV6 mode is currently implemented for integrated Raft storage only
@ -88,7 +88,6 @@ scenario "proxy" {
artifact_path = matrix.artifact_source != "artifactory" ? abspath(var.vault_artifact_path) : null
enos_provider = {
amzn = provider.enos.ec2_user
leap = provider.enos.ec2_user
rhel = provider.enos.ec2_user
sles = provider.enos.ec2_user
ubuntu = provider.enos.ubuntu
@ -189,6 +188,7 @@ scenario "proxy" {
ami_id = step.ec2_info.ami_ids["arm64"]["ubuntu"]["24.04"]
cluster_tag_key = global.vault_tag_key
common_tags = global.tags
instance_count = 1
vpc_id = step.create_vpc.id
}
}

8
enos/enos-scenario-seal-ha.hcl
View file

@ -73,15 +73,15 @@ scenario "seal_ha" {
edition = [for e in matrix.edition : e if !strcontains(e, "hsm")]
}
// softhsm packages not available for leap/sles.
// softhsm packages not available for sles (at the time of development)
exclude {
primary_seal = ["pkcs11"]
distro = ["leap", "sles"]
distro = ["sles"]
}
exclude {
secondary_seal = ["pkcs11"]
distro = ["leap", "sles"]
distro = ["sles"]
}
// Testing in IPV6 mode is currently implemented for integrated Raft storage only
@ -103,7 +103,6 @@ scenario "seal_ha" {
artifact_path = matrix.artifact_source != "artifactory" ? abspath(var.vault_artifact_path) : null
enos_provider = {
amzn = provider.enos.ec2_user
leap = provider.enos.ec2_user
rhel = provider.enos.ec2_user
sles = provider.enos.ec2_user
ubuntu = provider.enos.ubuntu
@ -221,6 +220,7 @@ scenario "seal_ha" {
ami_id = step.ec2_info.ami_ids["arm64"]["ubuntu"]["24.04"]
cluster_tag_key = global.vault_tag_key
common_tags = global.tags
instance_count = 1
vpc_id = step.create_vpc.id
}
}

6
enos/enos-scenario-smoke.hcl
View file

@ -62,10 +62,10 @@ scenario "smoke" {
edition = [for e in matrix.edition : e if !strcontains(e, "hsm")]
}
// softhsm packages not available for leap/sles.
// softhsm packages not available for sles (at the time of development)
exclude {
seal = ["pkcs11"]
distro = ["leap", "sles"]
distro = ["sles"]
}
// Testing in IPV6 mode is currently implemented for integrated Raft storage only
@ -87,7 +87,6 @@ scenario "smoke" {
artifact_path = matrix.artifact_source != "artifactory" ? abspath(var.vault_artifact_path) : null
enos_provider = {
amzn = provider.enos.ec2_user
leap = provider.enos.ec2_user
rhel = provider.enos.ec2_user
sles = provider.enos.ec2_user
ubuntu = provider.enos.ubuntu
@ -179,6 +178,7 @@ scenario "smoke" {
ami_id = step.ec2_info.ami_ids["arm64"]["ubuntu"]["24.04"]
cluster_tag_key = global.vault_tag_key
common_tags = global.tags
instance_count = 1
vpc_id = step.create_vpc.id
}
}

6
enos/enos-scenario-upgrade.hcl
View file

@ -72,10 +72,10 @@ scenario "upgrade" {
edition = [for e in matrix.edition : e if !strcontains(e, "hsm")]
}
// softhsm packages not available for leap/sles.
// softhsm packages not available for sles (at the time of development)
exclude {
seal = ["pkcs11"]
distro = ["leap", "sles"]
distro = ["sles"]
}
// Testing in IPV6 mode is currently implemented for integrated Raft storage only
@ -97,7 +97,6 @@ scenario "upgrade" {
artifact_path = matrix.artifact_source != "artifactory" ? abspath(var.vault_artifact_path) : null
enos_provider = {
amzn = provider.enos.ec2_user
leap = provider.enos.ec2_user
rhel = provider.enos.ec2_user
sles = provider.enos.ec2_user
ubuntu = provider.enos.ubuntu
@ -191,6 +190,7 @@ scenario "upgrade" {
ami_id = step.ec2_info.ami_ids["arm64"]["ubuntu"]["24.04"]
cluster_tag_key = global.vault_tag_key
common_tags = global.tags
instance_count = 1
vpc_id = step.create_vpc.id
}
}

16
enos/enos-variables.hcl
View file

@ -68,26 +68,20 @@ variable "distro_version_amzn" {
default = "2023" // or "2", though pkcs11 has not been tested with 2
}
variable "distro_version_leap" {
description = "The version of openSUSE leap to use"
type = string
default = "15.6"
}
variable "distro_version_rhel" {
description = "The version of RHEL to use"
description = "The version of RedHat Enterprise Linux to use"
type = string
default = "10.0" // or "8.10", "9.6"
default = "10.1" // or "8.10", "9.7"
}
variable "distro_version_sles" {
description = "The version of SUSE SLES to use"
description = "The version of SUSE Enterprise Linux to use"
type = string
default = "15.6"
default = "16.0" // or "15.7"
}
variable "distro_version_ubuntu" {
description = "The version of ubuntu to use"
description = "The version of Ubuntu Linux to use"
type = string
default = "24.04" // or "22.04"
}

11
enos/enos.vars.hcl
View file

@ -34,17 +34,14 @@
// resources.
// project_name = "vault-enos-integration"
// distro_version_amzn is the version of Amazon Linux 2 to use for "distro:amzn" variants
// distro_version_amzn = "2"
// distro_version_leap is the version of openSUSE Leap to use for "distro:leap" variants
// distro_version_leap = "15.5"
// distro_version_amzn is the version of Amazon Linux to use for "distro:amzn" variants
// distro_version_amzn = "2023"
// distro_version_rhel is the version of RHEL to use for "distro:rhel" variants.
// distro_version_rhel = "9.3" // or "8.9"
// distro_version_rhel = "10.1" // or "8.10" or "9.7"
// distro_version_sles is the version of SUSE SLES to use for "distro:sles" variants.
// distro_version_sles = "v15_sp5_standard"
// distro_version_sles = "16.0" // or "15.7"
// distro_version_ubuntu is the version of ubuntu to use for "distro:ubuntu" variants
// distro_version_ubuntu = "22.04" // or "24.04"

22
enos/modules/artifact/metadata/main.tf
View file

@ -21,9 +21,9 @@ variable "distro" {
type = string
validation {
condition = contains(["amzn", "leap", "rhel", "sles", "ubuntu"], var.distro)
condition = contains(["amzn", "rhel", "sles", "ubuntu"], var.distro)
error_message = <<-EOF
distro must be one of "amzn", "leap", "rhel", "sles", "ubuntu"
distro must be one of "amzn", "rhel", "sles", "ubuntu"
EOF
}
}
@ -69,21 +69,18 @@ locals {
package_extensions = {
amd64 = {
amzn = local.package_extension_amd64_rpm
leap = local.package_extension_amd64_rpm
rhel = local.package_extension_amd64_rpm
sles = local.package_extension_amd64_rpm
ubuntu = local.package_extension_amd64_deb
}
arm64 = {
amzn = local.package_extension_arm64_rpm
leap = local.package_extension_arm64_rpm
rhel = local.package_extension_arm64_rpm
sles = local.package_extension_arm64_rpm
ubuntu = local.package_extension_arm64_deb
}
s390x = {
amzn = null
leap = local.package_extension_s390x_rpm
rhel = local.package_extension_s390x_rpm
sles = local.package_extension_s390x_rpm
ubuntu = local.package_extension_s390x_deb
@ -115,7 +112,6 @@ locals {
// file name prefixes for the install packages of vault for the various distributions and artifact types (package or bundle)
package_prefixes = {
amzn = local.package_prefixes_rpm,
leap = local.package_prefixes_rpm,
rhel = local.package_prefixes_rpm,
sles = local.package_prefixes_rpm,
ubuntu = local.package_prefixes_deb,
@ -126,7 +122,6 @@ locals {
release_repo_apt = "hashicorp-apt-release-local*"
release_repos = {
amzn = local.release_repo_rpm
leap = local.release_repo_rpm
rhel = local.release_repo_rpm
sles = local.release_repo_rpm
ubuntu = local.release_repo_apt
@ -142,21 +137,22 @@ locals {
release_path_deb = "pool/${var.arch}/main"
release_sub_path_rpm = "${local.release_package_rpm_arch[var.arch]}/stable"
release_path_distro = {
// NOTE: The versions here always correspond to the output of enos_host_info.distro_version. These are used in
// several modules so if you change the keys here also consider the "artifact/metadata", "ec2_info",
// "install_packages" and "softhsm_install" modules.
amzn = {
"2" = "AmazonLinux/2/${local.release_sub_path_rpm}"
"2023" = "AmazonLinux/latest/${local.release_sub_path_rpm}"
"latest" = "AmazonLinux/latest/${local.release_sub_path_rpm}"
}
leap = {
"15.6" = "RHEL/9/${local.release_sub_path_rpm}"
}
rhel = {
"8.10" = "RHEL/8/${local.release_sub_path_rpm}"
"9.6" = "RHEL/9/${local.release_sub_path_rpm}"
"10.0" = "RHEL/10/${local.release_sub_path_rpm}"
"9.7" = "RHEL/9/${local.release_sub_path_rpm}"
"10.1" = "RHEL/10/${local.release_sub_path_rpm}"
}
sles = {
"15.6" = "RHEL/9/${local.release_sub_path_rpm}"
"15.7" = "RHEL/9/${local.release_sub_path_rpm}"
"16.0" = "RHEL/10/${local.release_sub_path_rpm}"
}
ubuntu = {
"22.04" = local.release_path_deb,

2
enos/modules/disable_selinux/scripts/make-selinux-permissive.sh
View file

@ -9,7 +9,7 @@ fail() {
exit 1
}
if ! type getenforce &> /dev/null; then
if ! sudo bash -c 'type getenforce'; then
exit 0
fi

73
enos/modules/ec2_info/main.tf
View file

@ -1,37 +1,28 @@
# Copyright IBM Corp. 2016, 2025
# SPDX-License-Identifier: BUSL-1.1
# Note: in order to use the openSUSE Leap AMIs, the AWS account in use must "subscribe"
# and accept SUSE's terms of use. You can do this at the links below. If the AWS account
# you are using is already subscribed, this confirmation will be displayed on each page.
# openSUSE Leap arm64 subscription: https://aws.amazon.com/marketplace/server/procurement?productId=a516e959-df54-4035-bb1a-63599b7a6df9
# openSUSE Leap amd64 subscription: https://aws.amazon.com/marketplace/server/procurement?productId=5535c495-72d4-4355-b169-54ffa874f849
locals {
architectures = toset(["arm64", "x86_64"])
amazon_owner_id = "591542846629"
canonical_owner_id = "099720109477"
suse_owner_id = "013907871322"
opensuse_owner_id = "679593333241"
redhat_owner_id = "309956199498"
ids = {
// NOTE: If you modify these versions you'll probably also need to update the `softhsm_install`
// module to match.
// NOTE: The versions here always correspond to the output of enos_host_info.distro_version. These are used in
// several modules so if you change the keys here also consider the "artifact/metadata", "ec2_info",
"arm64" = {
"amzn" = {
"2" = data.aws_ami.amzn_2["arm64"].id
"2023" = data.aws_ami.amzn_2023["arm64"].id
}
"leap" = {
"15.6" = data.aws_ami.leap_15["arm64"].id
}
"rhel" = {
"8.10" = data.aws_ami.rhel_8["arm64"].id
"9.6" = data.aws_ami.rhel_9["arm64"].id
"10.0" = data.aws_ami.rhel_10["arm64"].id
"9.7" = data.aws_ami.rhel_9["arm64"].id
"10.1" = data.aws_ami.rhel_10["arm64"].id
}
"sles" = {
"15.6" = data.aws_ami.sles_15["arm64"].id
"15.7" = data.aws_ami.sles_15["arm64"].id
"16.0" = data.aws_ami.sles_16["arm64"].id
}
"ubuntu" = {
"22.04" = data.aws_ami.ubuntu_2204["arm64"].id
@ -43,16 +34,14 @@ locals {
"2" = data.aws_ami.amzn_2["x86_64"].id
"2023" = data.aws_ami.amzn_2023["x86_64"].id
}
"leap" = {
"15.6" = data.aws_ami.leap_15["x86_64"].id
}
"rhel" = {
"8.10" = data.aws_ami.rhel_8["x86_64"].id
"9.6" = data.aws_ami.rhel_9["x86_64"].id
"10.0" = data.aws_ami.rhel_10["x86_64"].id
"9.7" = data.aws_ami.rhel_9["x86_64"].id
"10.1" = data.aws_ami.rhel_10["x86_64"].id
}
"sles" = {
"15.6" = data.aws_ami.sles_15["x86_64"].id
"15.7" = data.aws_ami.sles_15["x86_64"].id
"16.0" = data.aws_ami.sles_16["x86_64"].id
}
"ubuntu" = {
"22.04" = data.aws_ami.ubuntu_2204["x86_64"].id
@ -96,30 +85,13 @@ data "aws_ami" "amzn_2023" {
owners = [local.amazon_owner_id]
}
data "aws_ami" "leap_15" {
most_recent = true
for_each = local.architectures
filter {
name = "name"
values = ["openSUSE-Leap-15-6*"]
}
filter {
name = "architecture"
values = [each.value]
}
owners = [local.opensuse_owner_id]
}
data "aws_ami" "rhel_8" {
most_recent = true
for_each = local.architectures
filter {
name = "name"
values = ["RHEL-8.10*HVM-20*"]
values = ["RHEL-8.10*HVM_GA-20*"]
}
filter {
@ -141,7 +113,7 @@ data "aws_ami" "rhel_9" {
filter {
name = "name"
values = ["RHEL-9.6*HVM-20*"]
values = ["RHEL-9.7*HVM_GA-20*"]
}
filter {
@ -163,7 +135,7 @@ data "aws_ami" "rhel_10" {
filter {
name = "name"
values = ["RHEL-10.0*HVM-20*"]
values = ["RHEL-10.1*HVM_GA-20*"]
}
filter {
@ -185,7 +157,24 @@ data "aws_ami" "sles_15" {
filter {
name = "name"
values = ["suse-sles-15-sp6-v*-hvm-*"]
values = ["suse-sles-15-sp7-v*-hvm-*"]
}
filter {
name = "architecture"
values = [each.value]
}
owners = [local.suse_owner_id]
}
data "aws_ami" "sles_16" {
most_recent = true
for_each = local.architectures
filter {
name = "name"
values = ["suse-sles-16-0-v*-hvm-ssd-*"]
}
filter {

18
enos/modules/install_packages/main.tf
View file

@ -15,20 +15,22 @@ locals {
"arm64" = "aarch64"
}
package_manager = {
"amzn" = "yum"
"opensuse-leap" = "zypper"
"rhel" = "dnf"
"sles" = "zypper"
"ubuntu" = "apt"
"amzn" = "yum"
"rhel" = "dnf"
"sles" = "zypper"
"ubuntu" = "apt"
}
distro_repos = {
// NOTE: The versions here always correspond to the output of enos_host_info.distro_version. These are used in
// several modules so if you change the keys here also consider the "artifact/metadata", "ec2_info",
"sles" = {
"15.6" = "https://download.opensuse.org/repositories/network:utilities/SLE_15_SP6/network:utilities.repo"
"15.7" = "https://download.opensuse.org/repositories/network:utilities/15.6/network:utilities.repo"
"16.0" = "https://download.opensuse.org/repositories/network:utilities/16.0/network:utilities.repo"
}
"rhel" = {
"8.10" = "https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm"
"9.6" = "https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm"
"10.0" = "https://dl.fedoraproject.org/pub/epel/epel-release-latest-10.noarch.rpm"
"9.7" = "https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm"
"10.1" = "https://dl.fedoraproject.org/pub/epel/epel-release-latest-10.noarch.rpm"
}
}
}

11
enos/modules/softhsm_install/main.tf
View file

@ -38,14 +38,15 @@ variable "timeout" {
locals {
packages = var.include_tools ? {
// These packages match the distros that are currently defined in the `ec2_info` module.
// NOTE: The versions here always correspond to the output of enos_host_info.distro_version. These are used in
// several modules so if you change the keys here also consider the "artifact/metadata", "ec2_info",
amzn = {
"2023" = ["softhsm", "opensc"]
}
rhel = {
"8.10" = ["softhsm", "opensc"]
"9.6" = ["softhsm", "opensc"]
"10.0" = ["softhsm", "opensc"]
"9.7" = ["softhsm", "opensc"]
"10.1" = ["softhsm", "opensc"]
}
ubuntu = {
"22.04" = ["softhsm", "opensc"]
@ -57,8 +58,8 @@ locals {
}
rhel = {
"8.10" = ["softhsm"]
"9.6" = ["softhsm"]
"10.0" = ["softhsm"]
"9.7" = ["softhsm"]
"10.1" = ["softhsm"]
}
ubuntu = {
"22.04" = ["softhsm"]

9
enos/modules/vault_cluster/main.tf
View file

@ -39,11 +39,10 @@ locals {
}
leader = toset(slice(local.instances, 0, 1))
netcat_command = {
amzn = "nc"
opensuse-leap = "netcat"
rhel = "nc"
sles = "nc"
ubuntu = "netcat"
amzn = "nc"
rhel = "nc"
sles = "nc"
ubuntu = "netcat"
}
recovery_shares = {
"awskms" = 5

6
tools/pipeline/internal/pkg/generate/enos_dynamic_config.go
View file

@ -45,7 +45,6 @@ type Globals struct {
type SampleAttrs struct {
AWSRegion []string `json:"aws_region,omitempty" hcl:"aws_region" cty:"aws_region"`
DistroVersionAmzn []string `json:"distro_version_amzn,omitempty" hcl:"distro_version_amzn" cty:"distro_version_amzn"`
DistroVersionLeap []string `json:"distro_version_leap,omitempty" hcl:"distro_version_leap" cty:"distro_version_leap"`
DistroVersionRhel []string `json:"distro_version_rhel,omitempty" hcl:"distro_version_rhel" cty:"distro_version_rhel"`
DistroVersionSles []string `json:"distro_version_sles,omitempty" hcl:"distro_version_sles" cty:"distro_version_sles"`
DistroVersionUbuntu []string `json:"distro_version_ubuntu,omitempty" hcl:"distro_version_ubuntu" cty:"distro_version_ubuntu"`
@ -135,9 +134,8 @@ func (e *EnosDynamicConfigReq) getSampleAttrs(ctx context.Context) (*SampleAttrs
AWSRegion: []string{"us-east-1", "us-west-2"},
// Current distro defaults
DistroVersionAmzn: []string{"2023"},
DistroVersionLeap: []string{"15.6"},
DistroVersionRhel: []string{"8.10", "9.6", "10.0"},
DistroVersionSles: []string{"15.6"},
DistroVersionRhel: []string{"8.10", "9.7", "10.1"},
DistroVersionSles: []string{"15.7", "16.0"},
DistroVersionUbuntu: []string{"22.04", "24.04"},
}

10
tools/pipeline/internal/pkg/generate/enos_dynamic_config_test.go
View file

@ -229,9 +229,8 @@ func Test_EnosDynamicConfigReq_Run(t *testing.T) {
SampleAttributes: &SampleAttrs{
AWSRegion: []string{"us-east-1", "us-west-2"},
DistroVersionAmzn: []string{"2023"},
DistroVersionLeap: []string{"15.6"},
DistroVersionRhel: []string{"8.10", "9.6", "10.0"},
DistroVersionSles: []string{"15.6"},
DistroVersionRhel: []string{"8.10", "9.7", "10.1"},
DistroVersionSles: []string{"15.7", "16.0"},
DistroVersionUbuntu: []string{"22.04", "24.04"},
UpgradeInitialVersion: versions,
},
@ -251,9 +250,8 @@ globals {
sample_attributes = {
aws_region = ["us-east-1", "us-west-2"]
distro_version_amzn = ["2023"]
distro_version_leap = ["15.6"]
distro_version_rhel = ["8.10", "9.6", "10.0"]
distro_version_sles = ["15.6"]
distro_version_rhel = ["8.10", "9.7", "10.1"]
distro_version_sles = ["15.7", "16.0"]
distro_version_ubuntu = ["22.04", "24.04"]
upgrade_initial_version = ["1.16.6", "1.16.7", "1.16.8", "1.16.9", "1.16.10", "1.17.3", "1.17.4", "1.17.6", "1.18.0-rc1"]
}