Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade the base AMI to Fedora 41 #129

Draft
wants to merge 25 commits into
base: develop
Choose a base branch
from

Conversation

jsf9k
Copy link
Member

@jsf9k jsf9k commented May 15, 2024

πŸ—£ Description

This pull request upgrades the base AMI from Fedora 39 to Fedora 41.

πŸ’­ Motivation and context

Resolves #127.

πŸ§ͺ Testing

Not yet...

βœ… Pre-approval checklist

  • This PR has an informative and human-readable title.
  • Changes are limited to a single goal - eschew scope creep!
  • All relevant type-of-change labels have been added.
  • I have read the CONTRIBUTING document.
  • These code changes follow cisagov code standards.
  • All new and existing tests pass.
  • Build and test a staging AMI with these changes.

βœ… Pre-merge checklist

βœ… Post-merge checklist

  • Create a release.

@jsf9k jsf9k added improvement This issue or pull request will add or improve functionality, maintainability, or ease of use version bump This issue or pull request increments the version number packer Pull requests that update Packer code labels May 15, 2024
@jsf9k jsf9k self-assigned this May 15, 2024
@jsf9k jsf9k force-pushed the improvement/upgrade-base-ami-to-fedora-40 branch from 013791c to 47cd223 Compare May 21, 2024 18:30
@jsf9k jsf9k force-pushed the improvement/upgrade-base-ami-to-fedora-40 branch from f806e19 to dbc931e Compare May 22, 2024 19:39
@jsf9k jsf9k force-pushed the improvement/upgrade-base-ami-to-fedora-40 branch from e3efc0d to 3af363c Compare May 31, 2024 16:48
@jsf9k
Copy link
Member Author

jsf9k commented Jun 2, 2024

I attempted to upgrade our staging COOL environment to use the new Fedora 40 AMI, but the replica creation process failed at the KRA stage.

@jsf9k jsf9k added the blocked This issue or pull request is awaiting the outcome of another issue or pull request label Jun 12, 2024
@jsf9k jsf9k removed the blocked This issue or pull request is awaiting the outcome of another issue or pull request label Jun 20, 2024
@jsf9k jsf9k added the blocked This issue or pull request is awaiting the outcome of another issue or pull request label Jul 10, 2024
@jsf9k jsf9k force-pushed the improvement/upgrade-base-ami-to-fedora-40 branch from ffaa2e6 to df7baad Compare September 24, 2024 16:16
@jsf9k jsf9k changed the title Upgrade the base AMI to Fedora 40 Upgrade the base AMI to Fedora 41 Oct 30, 2024
This is being done for testing purposes and this change can be
reverted once cisagov/ansible-role-upgrade#66 is merged.
@jsf9k jsf9k force-pushed the improvement/upgrade-base-ami-to-fedora-40 branch from a88650b to 4bca549 Compare November 12, 2024 16:28
This is necessary because the base AMI we use does not come with the
python3-libdnf5 package preinstalled.  Since Ansible detects dnf5 as
the package manage on Fedora 41 and above, this package must be
installed before Ansible can be run.
@jsf9k jsf9k force-pushed the improvement/upgrade-base-ami-to-fedora-40 branch from 76b584a to 5a440e7 Compare November 12, 2024 17:50
@jsf9k
Copy link
Member Author

jsf9k commented Nov 15, 2024

I attempted to upgrade our COOL staging environment to use the new Fedora 41 AMI, but the instance failed to start up properly. It did not respond to pings and the CloudWatch Agent did not start up correctly. The changes in cisagov/freeipa-server-tf-module#86 appear to remedy this. I will fully test by again attempting to upgrade our COOL staging environment in the coming days.

This is a temporary measure so that we can login via the user on the
serial console to debug why the AMI is not booting up correctly.
There is no need to do this because before hardening /tmp has not yet
had the noexec bit set.
@jsf9k jsf9k force-pushed the improvement/upgrade-base-ami-to-fedora-40 branch from eaa98b4 to 5705ef1 Compare November 17, 2024 21:57
@jsf9k
Copy link
Member Author

jsf9k commented Nov 17, 2024

I attempted to upgrade our COOL staging environment to use the new Fedora 41 AMI, but the instance failed to start up properly. It did not respond to pings and the CloudWatch Agent did not start up correctly. The changes in cisagov/freeipa-server-tf-module#86 appear to remedy this. I will fully test by again attempting to upgrade our COOL staging environment in the coming days.

I was wrong. The changes in cisagov/freeipa-server-tf-module#86 do not remedy the situation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
blocked This issue or pull request is awaiting the outcome of another issue or pull request improvement This issue or pull request will add or improve functionality, maintainability, or ease of use packer Pull requests that update Packer code version bump This issue or pull request increments the version number
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Upgrade to Fedora 40
1 participant