Switch to RHEL 8.4 for longer support (hitachienergy#3117)

ansible/playbooks/roles/common/tasks/RedHat.yml

@@ -49,3 +49,7 @@
   lineinfile:
     path: /home/{{ admin_user.name }}/.bash_profile
     line: source /etc/profile.d/operations.sh
+
+- name: Fix NetworkManager-cloud-setup issue
+  include_tasks: fix-nm-cloud-setup.yml
+  when: ansible_distribution_version is version('8.4','=')

ansible/playbooks/roles/common/tasks/fix-nm-cloud-setup.yml

@@ -0,0 +1,41 @@
+---
+# Workaround for bug in NetworkManager-cloud-setup-1.30.0-10.el8_4 (RHEL 8.4)
+#
+# More info:
+# https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/740
+# https://bugzilla.redhat.com/show_bug.cgi?id=2007341
+
+- name: Get information on installed packages
+  package_facts:
+    manager: rpm
+  when: ansible_facts.packages is undefined
+
+# "When a user wants a special network configuration, then it seems reasonable and expected
+# that they disable the automatism -- if it doesn't do what they want."
+# Source: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/974
+
+- name: Disable nm-cloud-setup service and remove its routing rule
+  when:
+    - ansible_facts.packages['NetworkManager-cloud-setup'] is defined
+    - ansible_facts.packages['NetworkManager-cloud-setup'][0].version is version('1.30.0', '=')
+    - ansible_facts.packages['NetworkManager-cloud-setup'][0].release == '10.el8_4'
+  block:
+    - name: Disable nm-cloud-setup units
+      systemd:
+        name: "{{ item }}"
+        enabled: false
+      loop:
+        - nm-cloud-setup.timer
+        - nm-cloud-setup.service
+
+    - name: Check if routing rule 30400 exists
+      command: ip rule list
+      changed_when: false
+      register: ip_rule_list
+
+    - name: Remove routing rule 30400
+      command: "{{ item }}"
+      loop:
+        - ip rule delete prio 30400
+        - ip route flush table 30400
+      when: "'30400:' in ip_rule_list.stdout"

ansible/playbooks/roles/preflight/defaults/main.yml

@@ -2,11 +2,11 @@
 supported_oses:
   - name: AlmaLinux
     version:
-      min: '8.5'
+      min: '8.4'
       max: '8.10'
   - name: RedHat
     version:
-      min: '8.5'
+      min: '8.4'
       max: '8.10'  # based on https://access.redhat.com/support/policy/updates/errata#RHEL8_Life_Cycle
   - name: Ubuntu
     version:

ansible/playbooks/roles/repository/files/download-requirements/requirements/x86_64/redhat/packages.yml

@@ -61,6 +61,7 @@ packages:
     - 'libXcursor'  # for grafana
     - 'libXt'  # for grafana
     - 'logrotate'
+    - 'lua'  # for java-1.8.0-openjdk-headless
     - 'mcpp'  # for grafana
     - 'net-tools'
     - 'nfs-utils'
@@ -92,6 +93,7 @@ packages:
     - 'python3-libselinux'
     - 'python3-lxml'  # for java-1.8.0-openjdk-headless
     - 'python3-nftables'  # for python3-firewall
+    - 'python3-pip'  # for python36
     - 'python3-policycoreutils'  # for container-selinux
     - 'python3-psycopg2'
     - 'python3-pycparser'  # for python3-cryptography

cli/src/helpers/naming_helpers.py

@@ -71,8 +71,8 @@ def get_os_name_normalized(vm_doc):
     if vm_doc.provider == "aws":
         # Example public/official AMI names:
         # - ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20220419
-        # - RHEL-8.5_HVM-20220127-x86_64-3-Hourly2-GP2
-        # - AlmaLinux OS 8.5.20211116 x86_64
+        # - RHEL-8.4.0_HVM-20210825-x86_64-0-Hourly2-GP2
+        # - AlmaLinux OS 8.4.20211015 x86_64
         for indicator in expected_indicators:
             if indicator in vm_doc.specification.os_full_name.lower():
                 return expected_indicators[indicator]

docs/changelogs/CHANGELOG-2.0.md

@@ -4,7 +4,7 @@
 
 ### Added
 
-- [#1332](https://github.com/epiphany-platform/epiphany/issues/1332) - Support for RHEL 8.5 and AlmaLinux 8.5
+- [#1332](https://github.com/epiphany-platform/epiphany/issues/1332) - Support for RHEL 8.4 and AlmaLinux 8.4
 - [#959](https://github.com/epiphany-platform/epiphany/issues/959) - Add usage of use_network_security_groups to disable NSG on AWS
 - [#2701](https://github.com/epiphany-platform/epiphany/issues/2701) - Epicli prepare - generate files in separate directory
 - [#2812](https://github.com/epiphany-platform/epiphany/issues/2812) - Extend K8s config validation
@@ -89,7 +89,7 @@
 
 ### Breaking changes
 
-- **RHEL 7 and CentOS are not supported**. For RHEL, release 8.5 is required and upgrade from version 7 is not handled by Epiphany.
+- **RHEL 7 and CentOS are not supported**. For RHEL, release 8.4 is required and upgrade from version 7 is not handled by Epiphany.
 Support for CentOS has been replaced by AlmaLinux (migration is not handled by Epiphany).
 - Support for ARM architecture has been removed (together with CentOS), planned to be added for AlmaLinux in the next release.
 - Upgrade of Terraform components in issue [#2825](https://github.com/epiphany-platform/epiphany/issues/2825) and [#2853](https://github.com/epiphany-platform/epiphany/issues/2853) will make running re-apply with infrastructure break on existing 1.x clusters. The advice is to deploy a new cluster and migrate data. If needed a manual upgrade path is described [here.](../home/howto/UPGRADE.md#terraform-upgrade-from-epiphany-1.x-to-2.x)

docs/home/howto/CLUSTER.md

@@ -79,8 +79,8 @@ Epicli has the ability to set up a cluster on infrastructure provided by you. Th
 At least one of them (with `repository` role) has Internet access in order to download dependencies.
 If there is no Internet access, you can use [air gap feature (offline mode)](#how-to-create-an-epiphany-cluster-on-existing-air-gapped-infrastructure).
 2. The cluster machines/VMs are running one of the following Linux distributions:
-    - AlmaLinux 8.5+
-    - RedHat 7.6+ and < 8
+    - AlmaLinux 8.4+
+    - RedHat 8.4+
     - Ubuntu 20.04
 3. The cluster machines/VMs are accessible through SSH with a set of SSH keys you provide and configure on each machine yourself (key-based authentication).
 4. The user used for SSH connection (`admin_user`) has passwordless root privileges through `sudo`.

docs/home/howto/OS_PATCHING.md

@@ -28,7 +28,7 @@ This document will help you decide how you should patch your OS. This is not a s
 
 For Epiphany >= v2.0 we recommend the following image (AMI):
 
-- RHEL: `RHEL-8.5_HVM-20220127-x86_64-3-Hourly2-GP2` (kernel 4.18.0-348.12.2.el8_5.x86_64),
+- RHEL: `RHEL-8.4.0_HVM-20210825-x86_64-0-Hourly2-GP2` (kernel 4.18.0-305.12.1.el8_4.x86_64),
 - Ubuntu: `ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20220419` (kernel 5.13.0-1022-aws).
 
 Note: For different supported OS versions this guide may be useful as well.
@@ -56,7 +56,7 @@ For more information, refer to [AWS Systems Manager User Guide](https://docs.aws
 
 For Epiphany >= v2.0 we recommend the following image (urn):
 
-- RHEL: `RedHat:rhel-raw:8-raw-gen2:8.5.2022032202` (kernel 4.18.0-348.20.1.el8_5.x86_64),
+- RHEL: `RedHat:rhel-raw:8-raw-gen2:8.4.2022031606` (kernel 4.18.0-305.el8.x86_64),
 - Ubuntu: `Canonical:0001-com-ubuntu-server-focal:20_04-lts-gen2:20.04.202204190` (kernel 5.13.0-1022-azure).
 
 Note: For different supported OS versions this guide may be useful as well.

docs/home/howto/UPGRADE.md

@@ -45,8 +45,8 @@ Your airgapped existing cluster should meet the following requirements:
 1. The cluster machines/vm`s are connected by a network or virtual network of some sorts and can communicate which each
    other and have access to the internet:
 2. The cluster machines/vm`s are **upgraded** to the following versions:
-  - AlmaLinux 8.5+
-  - RedHat 8.5+
+  - AlmaLinux 8.4+
+  - RedHat 8.4+
   - Ubuntu 20.04
 3. The cluster machines/vm`s should be accessible through SSH with a set of SSH keys you provided and configured on each
    machine yourself.
@@ -77,8 +77,8 @@ Your airgapped existing cluster should meet the following requirements:
 1. The airgapped cluster machines/vm`s are connected by a network or virtual network of some sorts and can communicate
    with each other:
 2. The airgapped cluster machines/vm`s are **upgraded** to the following versions:
-  - AlmaLinux 8.5+
-  - RedHat 8.5+
+  - AlmaLinux 8.4+
+  - RedHat 8.4+
   - Ubuntu 20.04
 3. The airgapped cluster machines/vm`s should be accessible through SSH with a set of SSH keys you provided and
    configured on each machine yourself.

schema/aws/defaults/infrastructure/cloud-os-image-defaults.yml

@@ -2,7 +2,7 @@ kind: infrastructure/cloud-os-image-defaults
 title: "Cloud OS Image Defaults"
 name: default
 specification:
-  almalinux-8-arm64: AlmaLinux OS 8.5.20211116 aarch64
-  almalinux-8-x86_64: AlmaLinux OS 8.5.20211116 x86_64
-  rhel-8-x86_64: RHEL-8.5_HVM-20220127-x86_64-3-Hourly2-GP2
+  almalinux-8-arm64: AlmaLinux OS 8.4.20211015 aarch64
+  almalinux-8-x86_64: AlmaLinux OS 8.4.20211015 x86_64
+  rhel-8-x86_64: RHEL-8.4.0_HVM-20210825-x86_64-0-Hourly2-GP2
   ubuntu-20.04-x86_64: ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20220419

schema/azure/defaults/infrastructure/cloud-os-image-defaults.yml

@@ -6,7 +6,7 @@ specification:
     publisher: almalinux
     offer: almalinux
     sku: 8_5-gen2
-    version: '8.5.20220311'
+    version: '8.5.20220311'  # offer with PlanId: 8_4 was removed from the marketplace for new purchase
     plan:
       name: 8_5-gen2
       product: almalinux
@@ -15,7 +15,7 @@ specification:
     publisher: RedHat
     offer: rhel-raw
     sku: 8-raw-gen2
-    version: '8.5.2022032202'
+    version: '8.4.2022031606'
   ubuntu-20.04-x86_64:
     publisher: Canonical
     offer: 0001-com-ubuntu-server-focal