diff --git a/documentation/Installation.md b/documentation/Installation.md index 9ac0c89bc..15ed4eea1 100644 --- a/documentation/Installation.md +++ b/documentation/Installation.md @@ -63,6 +63,7 @@ This section provides information about the inventory, features, and steps for i - [Admission pss](#admission-pss) - [Configuring Default Profiles](#configuring-default-profiles) - [Configuring Exemptions](#configuring-exemptions) + - [Application Prerequisites](#application-prerequisites) - [RBAC Accounts](#rbac-accounts) - [RBAC account_defaults](#rbac-account_defaults) - [Plugins](#plugins) @@ -77,10 +78,10 @@ This section provides information about the inventory, features, and steps for i - [Plugins Installation Order](#plugins-installation-order) - [Node Selector](#node-selector) - [Tolerations](#tolerations) - - [Resources requets and limits](#resources-requests-and-limits) + - [Resources Requests and Limits](#resources-requests-and-limits) - [Custom Plugins Installation Procedures](#custom-plugins-installation-procedures) - [template](#template) - - [config](#config) + - [config](#config) - [expect pods](#expect-pods) - [expect deployments/daemonsets/replicasets/statefulsets](#expect-deploymentsdaemonsetsreplicasetsstatefulsets) - [python](#python) @@ -88,7 +89,7 @@ This section provides information about the inventory, features, and steps for i - [shell](#shell) - [ansible](#ansible) - [helm](#helm) - - [Advanced features](#advanced-features) + - [Advanced Features](#advanced-features) - [List Merge Strategy](#list-merge-strategy) - [Merge Strategy Positioning](#merge-strategy-positioning) - [List Merge Allowed Sections](#list-merge-allowed-sections) @@ -164,10 +165,10 @@ For cluster machines, ensure the following requirements are met: * The following distributives and versions are supported: - * Centos 7.5+, 8.4 - * RHEL 7.5+, 8.4, 8.6, 8.7 - * Oracle Linux 7.5+, 8.4 - * RockyLinux 8.6, 8.7 + * Centos 7.5+, 8.4, 9 + * RHEL 7.5+, 8.4, 8.6, 8.7, 8.8, 9.2 + * Oracle Linux 7.5+, 8.4, 9.2 + * RockyLinux 8.6, 8.7, 9.2 * Ubuntu 20.04 * Ubuntu 22.04.1 @@ -212,7 +213,7 @@ If you have other solution, remove or switch off the IP firewall before the inst * Installation of the following packages is highly recommended; however, Kubernetes can work without them, but may show warnings: * ethtool - * ebtables + * ebtables (included in the iptables-nft package which is available on systems like RHEL 9+) * socat **Warning**: You have to specify packages names in "RPM format" if it is possible for you OS, @@ -3716,7 +3717,7 @@ The default configuration does not enforce the default policy to any of the pods Do not change the namespaces exemption list without strong necessary. In any case check our maintenance guide before any implementation. -#### Application prerequisites +#### Application Prerequisites In case of using PSS the application that installed in Kubernetes cluster should be matched with PSS profiles (`privileged`, `baseline`, `restricted`). Those profiles may be set by labeling the namespace so as it described above for predefined plugins. diff --git a/kubemarine/admission.py b/kubemarine/admission.py index d3b811a4e..42897c116 100644 --- a/kubemarine/admission.py +++ b/kubemarine/admission.py @@ -856,7 +856,7 @@ def update_finalized_inventory(cluster: KubernetesCluster, inventory_to_finalize def copy_pss(group: NodeGroup) -> Optional[RunnersGroupResult]: - if group.cluster.inventory['rbac']['admission'] != "pss": + if group.cluster.inventory['rbac']['admission'] != "pss": return None if group.cluster.context.get('initial_procedure') == 'manage_pss': if not is_security_enabled(group.cluster.inventory) and \ @@ -875,15 +875,10 @@ def copy_pss(group: NodeGroup) -> Optional[RunnersGroupResult]: .render(defaults=defaults,exemptions=exemptions) # put admission config on every control-planes - filename = uuid.uuid4().hex - remote_path = tmp_filepath_pattern % filename - group.cluster.log.debug("Copy admission config: %s, %s" % (remote_path, admission_path)) - group.put(io.StringIO(admission_config), remote_path, backup=True, sudo=True) - group.sudo("mkdir -p %s" % admission_dir, warn=True) - result = group.sudo("cp %s %s" % (remote_path, admission_path), warn=True) - group.sudo("rm -f %s" % remote_path) + group.cluster.log.debug(f"Copy admission config to {admission_path}") + group.put(io.StringIO(admission_config), admission_path, backup=True, sudo=True, mkdir=True) - return result + return group.sudo(f'ls -la {admission_path}') def _get_default_labels(profile: str) -> Dict[str, str]: diff --git a/kubemarine/core/cluster.py b/kubemarine/core/cluster.py index f3f85c328..5f79d3e31 100755 --- a/kubemarine/core/cluster.py +++ b/kubemarine/core/cluster.py @@ -215,7 +215,7 @@ def get_os_family_for_nodes(self, hosts: Iterable[str]) -> str: """ Returns the detected operating system family for hosts. - :return: Detected OS family, possible values: "debian", "rhel", "rhel8", "multiple", "unknown", "unsupported". + :return: Detected OS family, possible values: "debian", "rhel", "rhel8", "rhel9", "multiple", "unknown", "unsupported". """ os_families = {self.get_os_family_for_node(host) for host in hosts} if len(os_families) > 1: @@ -230,7 +230,7 @@ def get_os_family(self) -> str: Returns common OS family name from all final remote hosts. The method can be used during enrichment when NodeGroups are not yet calculated. - :return: Detected OS family, possible values: "debian", "rhel", "rhel8", "multiple", "unknown", "unsupported". + :return: Detected OS family, possible values: "debian", "rhel", "rhel8", "rhel9", "multiple", "unknown", "unsupported". """ hosts_detect_os_family = [] for node in self.inventory['nodes']: diff --git a/kubemarine/core/group.py b/kubemarine/core/group.py index 2862055f8..c32c1e313 100755 --- a/kubemarine/core/group.py +++ b/kubemarine/core/group.py @@ -389,7 +389,7 @@ def _put_with_mv(self, local_stream: Union[io.BytesIO, str], remote_file: str, if immutable: self.cluster.log.verbose('File \"%s\" immutable set required' % remote_file) - advanced_move_required = sudo or backup or immutable + advanced_move_required = sudo or backup or immutable or mkdir temp_filepath = remote_file if advanced_move_required: @@ -406,10 +406,11 @@ def _put_with_mv(self, local_stream: Union[io.BytesIO, str], remote_file: str, self.cluster.log.verbose("Moving temporary file '%s' to '%s'..." % (temp_filepath, remote_file)) + # -Z option is necessary for RHEL family to set SELinux context to default type. if sudo: - mv_command = "sudo chown root:root %s && sudo mv -f %s %s" % (temp_filepath, temp_filepath, remote_file) + mv_command = "sudo chown root:root %s && sudo mv -fZ %s %s" % (temp_filepath, temp_filepath, remote_file) else: - mv_command = "mv -f %s %s" % (temp_filepath, remote_file) + mv_command = "mv -fZ %s %s" % (temp_filepath, remote_file) if backup: if sudo: @@ -614,7 +615,7 @@ def get_nodes_os(self) -> str: """ Returns the detected operating system family for group. - :return: Detected OS family, possible values: "debian", "rhel", "rhel8", "multiple", "unknown", "unsupported". + :return: Detected OS family, possible values: "debian", "rhel", "rhel8", "rhel9", "multiple", "unknown", "unsupported". """ return self.cluster.get_os_family_for_nodes(self.nodes) @@ -631,7 +632,7 @@ def get_subgroup_with_os(self: GROUP_SELF, os_family: str) -> GROUP_SELF: :param os_family: The name of required OS family :return: NodeGroup """ - if os_family not in ['debian', 'rhel', 'rhel8']: + if os_family not in ['debian', 'rhel', 'rhel8', 'rhel9']: raise Exception('Unsupported OS family provided') hosts = [] for host in self.nodes: diff --git a/kubemarine/keepalived.py b/kubemarine/keepalived.py index 59a41c113..8dd1ac96a 100644 --- a/kubemarine/keepalived.py +++ b/kubemarine/keepalived.py @@ -196,7 +196,6 @@ def install_haproxy_check_script(group: DeferredGroup) -> None: group.put(io.StringIO(script), "/usr/local/bin/check_haproxy.sh", sudo=True) group.sudo("chmod +x /usr/local/bin/check_haproxy.sh") - def uninstall(group: NodeGroup) -> RunnersGroupResult: return packages.remove(group, include='keepalived') diff --git a/kubemarine/packages.py b/kubemarine/packages.py index 8594b3073..3d501f436 100644 --- a/kubemarine/packages.py +++ b/kubemarine/packages.py @@ -489,7 +489,7 @@ def remove_unused_os_family_associations(cluster: KubernetesCluster, inventory: def get_associations_os_family_keys() -> Set[str]: - return {'debian', 'rhel', 'rhel8'} + return {'debian', 'rhel', 'rhel8', 'rhel9'} def get_compatibility_version_key(os_family: str) -> str: @@ -540,7 +540,7 @@ def search(self, group: DeferredGroup, package: str, callback: Callback = None) def get_package_manager(group: AbstractGroup[GROUP_RUN_TYPE]) -> PackageManager: os_family = group.get_nodes_os() - if os_family in ['rhel', 'rhel8']: + if os_family in ['rhel', 'rhel8', 'rhel9']: return yum elif os_family == 'debian': return apt @@ -598,7 +598,7 @@ def search_package(group: DeferredGroup, package: str, callback: Callback = None def get_detect_package_version_cmd(os_family: str, package_name: str) -> str: - if os_family in ["rhel", "rhel8"]: + if os_family in ["rhel", "rhel8", "rhel9"]: cmd = r"rpm -q %s" % package_name else: cmd = r"dpkg-query -f '${Package}=${Version}\n' -W %s" % package_name @@ -686,7 +686,7 @@ def get_package_name(os_family: str, package: str) -> str: package_name = "" if package: - if os_family in ["rhel", "rhel8"]: + if os_family in ["rhel", "rhel8", "rhel9"]: # regexp is needed to split package and its version, the pattern start with '-' then should be number or '*' package_name = re.split(r'-[\d,\*]', package)[0] else: diff --git a/kubemarine/patches/software_upgrade.yaml b/kubemarine/patches/software_upgrade.yaml index 83a7d5f01..b669d26ba 100644 --- a/kubemarine/patches/software_upgrade.yaml +++ b/kubemarine/patches/software_upgrade.yaml @@ -14,20 +14,24 @@ packages: docker: version_rhel: [] version_rhel8: [] + version_rhel9: [] version_debian: [] containerd: version_debian: [] containerdio: version_rhel: [] version_rhel8: [] + version_rhel9: [] version_debian: [] haproxy: version_rhel: false version_rhel8: false + version_rhel9: false version_debian: false keepalived: version_rhel: false version_rhel8: false + version_rhel9: false version_debian: false plugins: calico: [] diff --git a/kubemarine/procedures/backup.py b/kubemarine/procedures/backup.py index ec64ed664..a642ffb33 100755 --- a/kubemarine/procedures/backup.py +++ b/kubemarine/procedures/backup.py @@ -105,7 +105,7 @@ def export_ansible_inventory(cluster: KubernetesCluster) -> None: def export_packages_list(cluster: KubernetesCluster) -> None: cluster.context['backup_descriptor']['nodes']['packages'] = {} - if cluster.get_os_family() in ['rhel', 'rhel8']: + if cluster.get_os_family() in ['rhel', 'rhel8', 'rhel9']: cmd = r"rpm -qa" else: cmd = r"dpkg-query -f '${Package}=${Version}\n' -W" diff --git a/kubemarine/procedures/check_iaas.py b/kubemarine/procedures/check_iaas.py index 27c387230..56ce85039 100755 --- a/kubemarine/procedures/check_iaas.py +++ b/kubemarine/procedures/check_iaas.py @@ -426,7 +426,7 @@ def check_access_to_package_repositories(cluster: KubernetesCluster) -> None: # TODO: think about better parsing repository_urls: List[str] = [] repositories = cluster.inventory['services']['packages']['package_manager'].get("repositories") - if cluster.get_os_family() not in ['debian', 'rhel', 'rhel8']: + if cluster.get_os_family() not in ['debian', 'rhel', 'rhel8', 'rhel9']: # Skip check in case of multiply or unknown OS raise TestWarn("Can't check package repositories on multiply OS") if isinstance(repositories, list): diff --git a/kubemarine/procedures/check_paas.py b/kubemarine/procedures/check_paas.py index a6b8c70d9..2eb980500 100755 --- a/kubemarine/procedures/check_paas.py +++ b/kubemarine/procedures/check_paas.py @@ -698,7 +698,7 @@ def verify_selinux_status(cluster: KubernetesCluster) -> None: :param cluster: KubernetesCluster object :return: None """ - if cluster.get_os_family() not in ('rhel', 'rhel8'): + if cluster.get_os_family() not in ('rhel', 'rhel8', 'rhel9'): return with TestCase(cluster, '213', "Security", "Selinux security policy") as tc: @@ -757,7 +757,7 @@ def verify_selinux_config(cluster: KubernetesCluster) -> None: :param cluster: KubernetesCluster object :return: None """ - if cluster.get_os_family() not in ('rhel', 'rhel8'): + if cluster.get_os_family() not in ('rhel', 'rhel8', 'rhel9'): return with TestCase(cluster, '214', "Security", "Selinux configuration") as tc: @@ -1399,7 +1399,7 @@ def verify_apparmor_status(cluster: KubernetesCluster) -> None: :param cluster: KubernetesCluster object :return: None """ - if cluster.get_os_family() in ['rhel', 'rhel8']: + if cluster.get_os_family() in ['rhel', 'rhel8', 'rhel9']: return with TestCase(cluster, '227', "Security", "Apparmor security policy") as tc: @@ -1427,7 +1427,7 @@ def verify_apparmor_config(cluster: KubernetesCluster) -> None: :param cluster: KubernetesCluster object :return: None """ - if cluster.get_os_family() in ['rhel', 'rhel8']: + if cluster.get_os_family() in ['rhel', 'rhel8', 'rhel9']: return with TestCase(cluster, '228', "Security", "Apparmor security policy") as tc: diff --git a/kubemarine/procedures/migrate_kubemarine.py b/kubemarine/procedures/migrate_kubemarine.py index c33b765ac..768f34e6f 100644 --- a/kubemarine/procedures/migrate_kubemarine.py +++ b/kubemarine/procedures/migrate_kubemarine.py @@ -370,7 +370,7 @@ def resolve_upgrade_patches() -> List[_SoftwareUpgradePatch]: k8s_versions = [version for pkg in ('docker', 'containerd', 'containerdio') - for v_key in ('version_rhel', 'version_rhel8', 'version_debian') + for v_key in ('version_rhel', 'version_rhel8', 'version_rhel9', 'version_debian') for version in upgrade_config['packages'][pkg].get(v_key, [])] if k8s_versions: verify_allowed_kubernetes_versions(k8s_versions) @@ -378,7 +378,7 @@ def resolve_upgrade_patches() -> List[_SoftwareUpgradePatch]: for package_name in ['haproxy', 'keepalived']: if any(upgrade_config['packages'][package_name].get(v_key) - for v_key in ('version_rhel', 'version_rhel8', 'version_debian')): + for v_key in ('version_rhel', 'version_rhel8', 'version_rhel9', 'version_debian')): upgrade_patches.append(BalancerUpgradePatch(upgrade_config, package_name)) default_plugins = static.DEFAULTS['plugins'] diff --git a/kubemarine/resources/configurations/compatibility/internal/packages.yaml b/kubemarine/resources/configurations/compatibility/internal/packages.yaml index 6d4900902..bbf1df8dc 100644 --- a/kubemarine/resources/configurations/compatibility/internal/packages.yaml +++ b/kubemarine/resources/configurations/compatibility/internal/packages.yaml @@ -8,62 +8,77 @@ docker: v1.23.1: version_rhel: 19.03* version_rhel8: 19.03* + version_rhel9: 20.10* version_debian: 5:20.10.* v1.23.6: version_rhel: 19.03* version_rhel8: 19.03* + version_rhel9: 20.10* version_debian: 5:20.10.* v1.23.11: version_rhel: 19.03* version_rhel8: 19.03* + version_rhel9: 20.10* version_debian: 5:20.10.* v1.23.17: version_rhel: 19.03* version_rhel8: 19.03* + version_rhel9: 20.10* version_debian: 5:20.10.* v1.24.2: version_rhel: 19.03* version_rhel8: 19.03* + version_rhel9: 20.10* version_debian: 5:20.10.* v1.24.11: version_rhel: 19.03* version_rhel8: 19.03* + version_rhel9: 20.10* version_debian: 5:20.10.* v1.25.2: version_rhel: 19.03* version_rhel8: 19.03* + version_rhel9: 20.10* version_debian: 5:20.10.* v1.25.7: version_rhel: 19.03* version_rhel8: 19.03* + version_rhel9: 20.10* version_debian: 5:20.10.* v1.26.3: version_rhel: 19.03* version_rhel8: 19.03* + version_rhel9: 20.10* version_debian: 5:20.10.* v1.26.4: version_rhel: 19.03* version_rhel8: 19.03* + version_rhel9: 20.10* version_debian: 5:20.10.* v1.26.7: version_rhel: 19.03* version_rhel8: 19.03* + version_rhel9: 20.10* version_debian: 5:20.10.* v1.27.1: version_rhel: 19.03* version_rhel8: 19.03* + version_rhel9: 20.10* version_debian: 5:20.10.* v1.27.4: version_rhel: 19.03* version_rhel8: 19.03* + version_rhel9: 20.10* version_debian: 5:20.10.* v1.28.0: version_rhel: 19.03* version_rhel8: 19.03* + version_rhel9: 20.10* version_debian: 5:20.10.* v1.28.3: version_rhel: 19.03* version_rhel8: 19.03* + version_rhel9: 20.10* version_debian: 5:20.10.* containerd: v1.23.1: @@ -100,68 +115,85 @@ containerdio: v1.23.1: version_rhel: 1.6* version_rhel8: 1.6* + version_rhel9: 1.6* version_debian: 1.5.* v1.23.6: version_rhel: 1.6* version_rhel8: 1.6* + version_rhel9: 1.6* version_debian: 1.5.* v1.23.11: version_rhel: 1.6* version_rhel8: 1.6* + version_rhel9: 1.6* version_debian: 1.5.* v1.23.17: version_rhel: 1.6* version_rhel8: 1.6* + version_rhel9: 1.6* version_debian: 1.5.* v1.24.2: version_rhel: 1.6* version_rhel8: 1.6* + version_rhel9: 1.6* version_debian: 1.6.* v1.24.11: version_rhel: 1.6* version_rhel8: 1.6* + version_rhel9: 1.6* version_debian: 1.6.* v1.25.2: version_rhel: 1.6* version_rhel8: 1.6* + version_rhel9: 1.6* version_debian: 1.6.* v1.25.7: version_rhel: 1.6* version_rhel8: 1.6* + version_rhel9: 1.6* version_debian: 1.6.* v1.26.3: version_rhel: 1.6* version_rhel8: 1.6* + version_rhel9: 1.6* version_debian: 1.6.* v1.26.4: version_rhel: 1.6* version_rhel8: 1.6* + version_rhel9: 1.6* version_debian: 1.6.* v1.26.7: version_rhel: 1.6* version_rhel8: 1.6* + version_rhel9: 1.6* version_debian: 1.6.* v1.27.1: version_rhel: 1.6* version_rhel8: 1.6* + version_rhel9: 1.6* version_debian: 1.6.* v1.27.4: version_rhel: 1.6* version_rhel8: 1.6* + version_rhel9: 1.6* version_debian: 1.6.* v1.28.0: version_rhel: 1.6* version_rhel8: 1.6* + version_rhel9: 1.6* version_debian: 1.6.* v1.28.3: version_rhel: 1.6* version_rhel8: 1.6* + version_rhel9: 1.6* version_debian: 1.6.* haproxy: version_rhel: 1.8* version_rhel8: 1.8* + version_rhel9: 2.4* version_debian: 2.* keepalived: version_rhel: 1.3* version_rhel8: 2.1* + version_rhel9: 2.2* version_debian: 1:2.* diff --git a/kubemarine/resources/configurations/defaults.yaml b/kubemarine/resources/configurations/defaults.yaml index 1f9dc4682..e4049f6c7 100644 --- a/kubemarine/resources/configurations/defaults.yaml +++ b/kubemarine/resources/configurations/defaults.yaml @@ -157,6 +157,13 @@ services: - '{% if not nodes[0]["internal_address"]|isipv4 %}nf_nat{% endif %}' - '{% if not nodes[0]["internal_address"]|isipv4 %}nf_reject_ipv6{% endif %}' - '{% if not nodes[0]["internal_address"]|isipv4 %}nf_defrag_ipv6{% endif %}' + rhel9: + - br_netfilter + - '{% if not nodes[0]["internal_address"]|isipv4 %}ip6table_filter{% endif %}' + - '{% if not nodes[0]["internal_address"]|isipv4 %}nf_conntrack{% endif %}' + - '{% if not nodes[0]["internal_address"]|isipv4 %}nf_nat{% endif %}' + - '{% if not nodes[0]["internal_address"]|isipv4 %}nf_reject_ipv6{% endif %}' + - '{% if not nodes[0]["internal_address"]|isipv4 %}nf_defrag_ipv6{% endif %}' debian: - br_netfilter - '{% if not nodes[0]["internal_address"]|isipv4 %}ip6table_filter{% endif %}' @@ -478,6 +485,21 @@ services: package_name: 'conntrack-tools' semanage: package_name: 'policycoreutils-python-utils' + rhel9: + docker: {} + containerd: {} + haproxy: + executable_name: '/usr/sbin/haproxy' + service_name: 'haproxy' + keepalived: {} + audit: + package_name: 'audit' + conntrack: + package_name: 'conntrack-tools' + semanage: + package_name: 'policycoreutils-python-utils' + iptables: + package_name: 'iptables-nft' plugin_defaults: installation: {} diff --git a/kubemarine/resources/configurations/globals.yaml b/kubemarine/resources/configurations/globals.yaml index 6661239fc..4496eba1b 100644 --- a/kubemarine/resources/configurations/globals.yaml +++ b/kubemarine/resources/configurations/globals.yaml @@ -202,6 +202,21 @@ packages: keepalived: package_name: - keepalived: keepalived + rhel9: + docker: + package_name: + - docker-ce: docker + - docker-ce-cli: docker + - containerd.io: containerdio + containerd: + package_name: + - containerd.io: containerdio + haproxy: + package_name: + - haproxy: haproxy + keepalived: + package_name: + - keepalived: keepalived common_associations: docker: executable_name: 'docker' @@ -314,6 +329,9 @@ compatibility_map: - os_family: 'rhel8' versions: - '8.4' + - os_family: 'rhel9' + versions: + - '9' rhel: - os_family: 'rhel' versions: @@ -328,11 +346,18 @@ compatibility_map: - '8.6' - '8.7' - '8.8' + - os_family: 'rhel9' + versions: + - '9.2' + rocky: - os_family: 'rhel8' versions: - '8.6' - '8.7' + - os_family: 'rhel9' + versions: + - '9.2' ubuntu: - os_family: 'debian' versions: @@ -356,6 +381,9 @@ compatibility_map: - os_family: 'rhel8' versions: - '8.4' + - os_family: 'rhel9' + versions: + - '9.2' network: connection: diff --git a/kubemarine/resources/etalons/patches/software_upgrade.yaml b/kubemarine/resources/etalons/patches/software_upgrade.yaml index 83a7d5f01..b669d26ba 100644 --- a/kubemarine/resources/etalons/patches/software_upgrade.yaml +++ b/kubemarine/resources/etalons/patches/software_upgrade.yaml @@ -14,20 +14,24 @@ packages: docker: version_rhel: [] version_rhel8: [] + version_rhel9: [] version_debian: [] containerd: version_debian: [] containerdio: version_rhel: [] version_rhel8: [] + version_rhel9: [] version_debian: [] haproxy: version_rhel: false version_rhel8: false + version_rhel9: false version_debian: false keepalived: version_rhel: false version_rhel8: false + version_rhel9: false version_debian: false plugins: calico: [] diff --git a/kubemarine/resources/schemas/definitions/services/modprobe.json b/kubemarine/resources/schemas/definitions/services/modprobe.json index 62b5f89b7..da8a67a2e 100644 --- a/kubemarine/resources/schemas/definitions/services/modprobe.json +++ b/kubemarine/resources/schemas/definitions/services/modprobe.json @@ -4,11 +4,12 @@ "properties": { "debian": {"$ref": "#/definitions/OSFamilyModules"}, "rhel": {"$ref": "#/definitions/OSFamilyModules"}, - "rhel8": {"$ref": "#/definitions/OSFamilyModules"} + "rhel8": {"$ref": "#/definitions/OSFamilyModules"}, + "rhel9": {"$ref": "#/definitions/OSFamilyModules"} }, "propertyNames": { "anyOf": [ - {"enum": ["debian", "rhel", "rhel8"]} + {"enum": ["debian", "rhel", "rhel8", "rhel9"]} ] }, "definitions": { diff --git a/kubemarine/resources/schemas/definitions/services/packages/associations.json b/kubemarine/resources/schemas/definitions/services/packages/associations.json index fcd00afac..ca492b5df 100644 --- a/kubemarine/resources/schemas/definitions/services/packages/associations.json +++ b/kubemarine/resources/schemas/definitions/services/packages/associations.json @@ -5,12 +5,13 @@ "properties": { "debian": {"$ref": "#/definitions/OSFamilyAssociations"}, "rhel": {"$ref": "#/definitions/OSFamilyAssociations"}, - "rhel8": {"$ref": "#/definitions/OSFamilyAssociations"} + "rhel8": {"$ref": "#/definitions/OSFamilyAssociations"}, + "rhel9": {"$ref": "#/definitions/OSFamilyAssociations"} }, "propertyNames": { "anyOf": [ {"$ref": "#/definitions/AssociationsNames"}, - {"enum": ["debian", "rhel", "rhel8"]} + {"enum": ["debian", "rhel", "rhel8", "rhel9"]} ] }, "definitions": { diff --git a/kubemarine/selinux.py b/kubemarine/selinux.py index 084115296..bac32a015 100644 --- a/kubemarine/selinux.py +++ b/kubemarine/selinux.py @@ -179,7 +179,7 @@ def setup_selinux(group: NodeGroup) -> Optional[RunnersGroupResult]: log = group.cluster.log # this method handles cluster with multiple os, suppressing should be enabled - if group.get_nodes_os() not in ['rhel', 'rhel8']: + if group.get_nodes_os() not in ['rhel', 'rhel8', 'rhel9']: log.debug("Skipped - selinux is not supported on Ubuntu/Debian os family") return None diff --git a/kubemarine/system.py b/kubemarine/system.py index daa64bf85..1825cca41 100644 --- a/kubemarine/system.py +++ b/kubemarine/system.py @@ -91,7 +91,7 @@ def enrich_kernel_modules(inventory: dict, cluster: KubernetesCluster) -> dict: os_family = cluster.get_os_family() if os_family in ["unknown", "unsupported"]: raise Exception(ERROR_UNSUPPORTED_KERNEL_MODULES_VERSIONS_DETECTED) - elif os_family in ["debian", "rhel", "rhel8"]: + elif os_family in ["debian", "rhel", "rhel8", "rhel9"]: modprobe = {} modprobe[os_family] = inventory["services"]["modprobe"][os_family] inventory["services"]["modprobe"] = modprobe @@ -537,7 +537,7 @@ def verify_system(cluster: KubernetesCluster) -> None: # this method handles clusters with multiple OS os_family = group.get_nodes_os() - if os_family in ['rhel', 'rhel8'] and cluster.is_task_completed('prepare.system.setup_selinux'): + if os_family in ['rhel', 'rhel8', 'rhel9'] and cluster.is_task_completed('prepare.system.setup_selinux'): log.debug("Verifying Selinux...") selinux_configured, selinux_result, selinux_parsed_result = \ selinux.is_config_valid(group, diff --git a/scripts/thirdparties/src/software/packages.py b/scripts/thirdparties/src/software/packages.py index 8636375f8..0c7ddb8d5 100644 --- a/scripts/thirdparties/src/software/packages.py +++ b/scripts/thirdparties/src/software/packages.py @@ -86,11 +86,13 @@ def get_compatibility_version_keys(package_name: str) -> List[str]: keys = [ 'version_rhel', 'version_rhel8', + 'version_rhel9', 'version_debian', ] if package_name == 'containerd': keys.remove('version_rhel') keys.remove('version_rhel8') + keys.remove('version_rhel9') return keys diff --git a/test/unit/test_migrate_kubemarine.py b/test/unit/test_migrate_kubemarine.py index 3e840a969..74fd0b207 100644 --- a/test/unit/test_migrate_kubemarine.py +++ b/test/unit/test_migrate_kubemarine.py @@ -201,7 +201,8 @@ def test_specific_os_family_cri_association_upgrade_required(self): for os_name, os_family, os_version in ( ('ubuntu', 'debian', '20.04'), ('centos', 'rhel', '7.9'), - ('rhel', 'rhel8', '8.7') + ('rhel', 'rhel8', '8.7'), + ('rhel', 'rhel9', '9.2') ): for cri in ('docker', 'containerd'): for package_vary in ('docker', 'containerd', 'containerdio'): @@ -216,7 +217,7 @@ def test_specific_os_family_cri_association_upgrade_required(self): def _packages_for_cri_os_family(self, cri: str, os_family: str) -> List[str]: if cri == 'containerd': - if os_family in ('rhel', 'rhel8'): + if os_family in ('rhel', 'rhel8', 'rhel9'): package_names = ['containerdio'] else: package_names = ['containerd'] diff --git a/test/unit/test_upgrade.py b/test/unit/test_upgrade.py index 9bd2098e0..3d659bbe1 100755 --- a/test/unit/test_upgrade.py +++ b/test/unit/test_upgrade.py @@ -209,7 +209,8 @@ def test_compatibility_upgrade_required(self): for os_name, os_family, os_version in ( ('ubuntu', 'debian', '20.04'), ('centos', 'rhel', '7.9'), - ('rhel', 'rhel8', '8.7') + ('rhel', 'rhel8', '8.7'), + ('rhel', 'rhel9', '9.2') ): for cri in ('docker', 'containerd'): for package_vary in ('docker', 'containerd', 'containerdio'): @@ -230,7 +231,7 @@ def test_compatibility_upgrade_required(self): def _packages_for_cri_os_family(self, cri: str, os_family: str) -> List[str]: if cri == 'containerd': - if os_family in ('rhel', 'rhel8'): + if os_family in ('rhel', 'rhel8', 'rhel9'): package_names = ['containerdio'] else: package_names = ['containerd']