Merge pull request #263 from lae/release/v1.9.0

Release 1.9.0

.github/workflows/amplify.yml

@@ -0,0 +1,22 @@
+---
+name: Amplify Security
+on:
+  pull_request: {}
+  workflow_dispatch: {}
+  push:
+    branches: ["main"]
+
+permissions:
+  contents: read
+  id-token: write
+
+jobs:
+  amplify-security-scan:
+    name: Amplify Security Scan
+    runs-on: ubuntu-latest
+    if: (github.actor != 'dependabot[bot]')
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Amplify Runner
+        uses: amplify-security/[email protected]

.github/workflows/ci.yml

@@ -0,0 +1,60 @@
+---
+name: CI
+
+"on":
+  pull_request: {}
+  push:
+    branches: ["main"]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
+  cancel-in-progress: true
+
+defaults:
+  run:
+    shell: bash
+
+permissions:
+  contents: read
+
+jobs:
+  vagrant-deploy:
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v4
+      - run: sudo apt install nfs-kernel-server
+      - run: sudo pipx inject ansible-core jmespath netaddr
+      - run: ansible-galaxy install geerlingguy.ntp
+      - name: setup vagrant
+        run: |
+          # Copyright The containerd Authors
+          # 
+          # Licensed under the Apache License, Version 2.0 (the "License");
+          # you may not use this file except in compliance with the License.
+          # You may obtain a copy of the License at
+          # 
+          #     http://www.apache.org/licenses/LICENSE-2.0
+          # 
+          # Unless required by applicable law or agreed to in writing, software
+          # distributed under the License is distributed on an "AS IS" BASIS,
+          # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+          # See the License for the specific language governing permissions and
+          # limitations under the License.
+          curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
+          echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
+          sudo sed -i 's/^# deb-src/deb-src/' /etc/apt/sources.list
+          sudo apt-get update
+          sudo apt-get install -y libvirt-daemon libvirt-daemon-system vagrant
+          sudo systemctl enable --now libvirtd
+          sudo usermod -aG libvirt ${USER}
+          sudo apt-get build-dep -y vagrant ruby-libvirt
+          sudo apt-get install -y --no-install-recommends libxslt-dev libxml2-dev libvirt-dev ruby-bundler ruby-dev zlib1g-dev
+          vagrant plugin install vagrant-libvirt
+      - run: >
+          sudo -E -u ${USER}
+          ANSIBLE_STDOUT_CALLBACK=debug
+          ANSIBLE_DISPLAY_SKIPPED_HOSTS=no
+          ANSIBLE_DISPLAY_OK_HOSTS=no
+          DEBIAN_FRONTEND=noninteractive
+          PATH=$PIPX_BIN_DIR:$PATH
+          vagrant up --no-tty || true

.yamllint.yml

@@ -0,0 +1,5 @@
+---
+yaml:
+  rules:
+    line-length:
+      max: 120

defaults/main.yml

@@ -8,8 +8,18 @@ pve_check_for_kernel_update: true
 pve_reboot_on_kernel_update: false
 pve_reboot_on_kernel_update_delay: 60
 pve_remove_old_kernels: true
+# pve_default_kernel_version:
 pve_run_system_upgrades: false
 pve_run_proxmox_upgrades: true
+pve_pcie_passthrough_enabled: false
+pve_iommu_passthrough_mode: false
+pve_iommu_unsafe_interrupts: false
+pve_mediated_devices_enabled: false
+pve_pcie_ovmf_enabled: false
+pve_pci_device_ids: []
+pve_vfio_blacklist_drivers: []
+pve_pcie_ignore_msrs: false
+pve_pcie_report_msrs: true
 pve_watchdog: none
 pve_watchdog_ipmi_action: power_cycle
 pve_watchdog_ipmi_timeout: 10
@@ -19,7 +29,7 @@ pve_zfs_enabled: no
 pve_zfs_create_volumes: []
 pve_ceph_enabled: false
 pve_ceph_repository_line: "deb http://download.proxmox.com/debian/{% if ansible_distribution_release == 'buster' %}ceph-nautilus buster{% else %}ceph-quincy bullseye{% endif %} main"
-pve_ceph_network: "{{ (ansible_default_ipv4.network +'/'+ ansible_default_ipv4.netmask) | ipaddr('net') }}"
+pve_ceph_network: "{{ (ansible_default_ipv4.network +'/'+ ansible_default_ipv4.netmask) | ansible.utils.ipaddr('net') }}"
 pve_ceph_nodes: "{{ pve_group }}"
 pve_ceph_mon_group: "{{ pve_group }}"
 pve_ceph_mgr_group: "{{ pve_ceph_mon_group }}"
@@ -35,7 +45,10 @@ pve_cluster_clustername: "{{ pve_group }}"
 pve_manage_hosts_enabled: yes
 pve_cluster_addr0: "{{ ansible_default_ipv4.address if ansible_default_ipv4.address is defined else ansible_default_ipv6.address if ansible_default_ipv6.address is defined }}"
 # pve_cluster_addr1: "{{ ansible_eth1.ipv4.address }}
+# pve_cluster_addr0_priority: 0
+# pve_cluster_addr1_priority: 1
 pve_datacenter_cfg: {}
+pve_domains_cfg: []
 pve_cluster_ha_groups: []
 # additional roles for your cluster (f.e. for monitoring)
 pve_pools: []
@@ -44,6 +57,8 @@ pve_groups: []
 pve_users: []
 pve_acls: []
 pve_storages: []
+pve_metric_servers: []
 pve_ssh_port: 22
 pve_manage_ssh: true
 pve_hooks: {}
+pve_no_log: false

handlers/main.yml

@@ -32,3 +32,12 @@
     name: ceph.service
     state: restarted
     daemon_reload: true
+
+- name: update-initramfs
+  command: update-initramfs -u -k all
+
+- name: update-grub
+  command: update-grub
+  register: _pve_grub_update
+  failed_when: ('error' in _pve_grub_update.stderr)
+  tags: skiponlxc