Merge "git: git checkout for a commit hash combinated with depth argument"

commit: 280feb08613b5f13b87127987669c59720e75c44 [log] [tgz]
author: Zuul <zuul@review.opendev.org> Mon Jul 31 11:29:32 2023 +0000
committer: Gerrit Code Review <review@openstack.org> Mon Jul 31 11:29:32 2023 +0000
tree: 78be3c4c9f9f72388eb35b9b514e15efbe29abf9
parent: b314d07e34826271369ce6583eec3d2e273bb6ba [diff]
parent: 770352beb05f63fb9192ad488b6b8344fd57c985 [diff]
diff --git a/files/apache-keystone.template b/files/apache-keystone.template
index 1a353e5..d99e8e6 100644
--- a/files/apache-keystone.template
+++ b/files/apache-keystone.template

@@ -23,6 +23,7 @@
 %SSLLISTEN%    %SSLENGINE%
 %SSLLISTEN%    %SSLCERTFILE%
 %SSLLISTEN%    %SSLKEYFILE%
+%SSLLISTEN%    SSLProtocol -all +TLSv1.3 +TLSv1.2
 %SSLLISTEN%</VirtualHost>
 
 Alias /identity %KEYSTONE_BIN%/keystone-wsgi-public

diff --git a/files/apache-neutron.template b/files/apache-neutron.template
index c7796b9..358e87f 100644
--- a/files/apache-neutron.template
+++ b/files/apache-neutron.template

@@ -24,6 +24,7 @@
 %SSLLISTEN%    %SSLENGINE%
 %SSLLISTEN%    %SSLCERTFILE%
 %SSLLISTEN%    %SSLKEYFILE%
+%SSLLISTEN%    SSLProtocol -all +TLSv1.3 +TLSv1.2
 %SSLLISTEN%</VirtualHost>
 
 Alias /networking %NEUTRON_BIN%/neutron-api

diff --git a/files/dnsmasq-for-baremetal-from-nova-network.conf b/files/dnsmasq-for-baremetal-from-nova-network.conf
deleted file mode 100644
index 66a3751..0000000
--- a/files/dnsmasq-for-baremetal-from-nova-network.conf
+++ /dev/null

@@ -1,3 +0,0 @@
-enable-tftp
-tftp-root=/tftpboot
-dhcp-boot=pxelinux.0

diff --git a/files/rpms/general b/files/rpms/general
index b6866de..8a5755c 100644
--- a/files/rpms/general
+++ b/files/rpms/general

@@ -6,9 +6,11 @@
 gcc-c++
 gettext  # used for compiling message catalogs
 git-core
+glibc-langpack-en # dist:rhel9
 graphviz # needed only for docs
 httpd
 httpd-devel
+iptables-nft # dist:rhel9
 iptables-services
 java-1.8.0-openjdk-headless
 libffi-devel

diff --git a/functions-common b/functions-common
index a668d55..5e1aa34 100644
--- a/functions-common
+++ b/functions-common

@@ -412,9 +412,9 @@
 #  - os_VENDOR
 #  - os_PACKAGE
 function GetOSVersion {
-    # CentOS Stream 9 does not provide lsb_release
+    # CentOS Stream 9 and RHEL 9 do not provide lsb_release
     source /etc/os-release
-    if [[ "${ID}${VERSION}" == "centos9" ]]; then
+    if [[ "${ID}${VERSION}" == "centos9" ]] || [[ "${ID}${VERSION}" =~ "rhel9" ]]; then
         os_RELEASE=${VERSION_ID}
         os_CODENAME="n/a"
         os_VENDOR=$(echo $NAME | tr -d '[:space:]')
@@ -520,6 +520,7 @@
         [ "$os_VENDOR" = "openEuler" ] || \
         [ "$os_VENDOR" = "RedHatEnterpriseServer" ] || \
         [ "$os_VENDOR" = "RedHatEnterprise" ] || \
+        [ "$os_VENDOR" = "RedHatEnterpriseLinux" ] || \
         [ "$os_VENDOR" = "Rocky" ] || \
         [ "$os_VENDOR" = "CentOS" ] || [ "$os_VENDOR" = "CentOSStream" ] || \
         [ "$os_VENDOR" = "AlmaLinux" ] || \

diff --git a/lib/apache b/lib/apache
index 4d68b49..76eae9c 100644
--- a/lib/apache
+++ b/lib/apache

@@ -137,6 +137,8 @@
     elif is_fedora; then
         sudo rm -f /etc/httpd/conf.d/000-*
         install_package httpd python3-mod_wsgi
+        # rpm distros dont enable httpd by default so enable it to support reboots.
+        sudo systemctl enable httpd
         # For consistency with Ubuntu, switch to the worker mpm, as
         # the default is event
         sudo sed -i '/mod_mpm_prefork.so/s/^/#/g' /etc/httpd/conf.modules.d/00-mpm.conf

diff --git a/lib/tls b/lib/tls
index e0c7500..a1e162d 100644
--- a/lib/tls
+++ b/lib/tls

@@ -527,6 +527,7 @@
 <VirtualHost $f_host:$f_port>
     SSLEngine On
     SSLCertificateFile $DEVSTACK_CERT
+    SSLProtocol -all +TLSv1.3 +TLSv1.2
 
     # Disable KeepAlive to fix bug #1630664 a.k.a the
     # ('Connection aborted.', BadStatusLine("''",)) error

diff --git a/stack.sh b/stack.sh
index 1d32ed8..5a946ab 100755
--- a/stack.sh
+++ b/stack.sh

@@ -406,7 +406,10 @@
     # Patch: https://github.com/rpm-software-management/dnf/pull/1448
     echo "[]" | sudo tee /var/cache/dnf/expired_repos.json
 elif [[ $DISTRO == "rhel9" ]]; then
+    # for CentOS Stream 9 repository
     sudo dnf config-manager --set-enabled crb
+    # for RHEL 9 repository
+    sudo dnf config-manager --set-enabled codeready-builder-for-rhel-9-x86_64-rpms
     # rabbitmq and other packages are provided by RDO repositories.
     _install_rdo
 

diff --git a/tools/fixup_stuff.sh b/tools/fixup_stuff.sh
index 0ec426b..faea44f 100755
--- a/tools/fixup_stuff.sh
+++ b/tools/fixup_stuff.sh

@@ -36,6 +36,12 @@
     # Disable selinux to avoid configuring to allow Apache access
     # to Horizon files (LP#1175444)
     if selinuxenabled; then
+        #persit selinux config across reboots
+        cat << EOF | sudo tee /etc/selinux/config
+SELINUX=permissive
+SELINUXTYPE=targeted
+EOF
+        # then disable at runtime
         sudo setenforce 0
     fi
commit	280feb08613b5f13b87127987669c59720e75c44	[log] [tgz]
author	Zuul <zuul@review.opendev.org>	Mon Jul 31 11:29:32 2023 +0000
committer	Gerrit Code Review <review@openstack.org>	Mon Jul 31 11:29:32 2023 +0000
tree	78be3c4c9f9f72388eb35b9b514e15efbe29abf9
parent	b314d07e34826271369ce6583eec3d2e273bb6ba [diff]
parent	770352beb05f63fb9192ad488b6b8344fd57c985 [diff]