From 4429d8adc14423095dc069fd2e61ad8f9b3c344c Mon Sep 17 00:00:00 2001 From: technowhizz <7688823+technowhizz@users.noreply.github.com> Date: Wed, 27 Nov 2024 13:59:39 +0000 Subject: [PATCH 1/3] Remove angular plugins from Grafana --- etc/kayobe/kolla.yml | 4 +--- .../grafana-remove-angular-plugins-1c10e83ddb6556f4.yaml | 6 ++++++ 2 files changed, 7 insertions(+), 3 deletions(-) create mode 100644 releasenotes/notes/grafana-remove-angular-plugins-1c10e83ddb6556f4.yaml diff --git a/etc/kayobe/kolla.yml b/etc/kayobe/kolla.yml index cdfa42ab1..b7e75fd8f 100644 --- a/etc/kayobe/kolla.yml +++ b/etc/kayobe/kolla.yml @@ -339,9 +339,7 @@ kolla_build_blocks: ENV TOX_CONSTRAINTS_FILE=/requirements/upper-constraints.txt grafana_plugins_install: | RUN grafana-cli plugins install vonage-status-panel \ - && grafana-cli plugins install grafana-piechart-panel \ - && grafana-cli plugins install grafana-opensearch-datasource \ - && grafana-cli plugins install gnocchixyz-gnocchi-datasource + && grafana-cli plugins install grafana-opensearch-datasource ironic_inspector_header: | ADD additions-archive / magnum_base_footer: | diff --git a/releasenotes/notes/grafana-remove-angular-plugins-1c10e83ddb6556f4.yaml b/releasenotes/notes/grafana-remove-angular-plugins-1c10e83ddb6556f4.yaml new file mode 100644 index 000000000..6eb2ccb47 --- /dev/null +++ b/releasenotes/notes/grafana-remove-angular-plugins-1c10e83ddb6556f4.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Grafana now refuses to load AngularJS plugins. As such the + ``grafana-piechart-panel`` and ``gnocchixyz-gnocchi-datasource`` plugins + have been removed from the Grafana image. From 33f86282928de3a57fb2cf3a602b06d37b42abcc Mon Sep 17 00:00:00 2001 From: technowhizz <7688823+technowhizz@users.noreply.github.com> Date: Thu, 28 Nov 2024 13:52:46 +0000 Subject: [PATCH 2/3] Add CVE-2024-8986 to allow list for grafana --- etc/kayobe/trivy/allowed-vulnerabilities.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/etc/kayobe/trivy/allowed-vulnerabilities.yml b/etc/kayobe/trivy/allowed-vulnerabilities.yml index bd2e288c2..9a3d67589 100644 --- a/etc/kayobe/trivy/allowed-vulnerabilities.yml +++ b/etc/kayobe/trivy/allowed-vulnerabilities.yml @@ -14,6 +14,9 @@ # - CVE-2023-31047 fluentd_allowed_vulnerabilities: - CVE-2024-27280 +grafana_allowed_vulnerabilities: + - CVE-2024-8986 + ############################################################################### # Dummy variable to allow Ansible to accept this file. From 213a49464d545161f6d0ddef1e4684fcafced64c Mon Sep 17 00:00:00 2001 From: technowhizz <7688823+technowhizz@users.noreply.github.com> Date: Thu, 28 Nov 2024 13:53:18 +0000 Subject: [PATCH 3/3] Bump tag for new grafana images --- etc/kayobe/kolla-image-tags.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/etc/kayobe/kolla-image-tags.yml b/etc/kayobe/kolla-image-tags.yml index 4f23304aa..0ec98ea88 100644 --- a/etc/kayobe/kolla-image-tags.yml +++ b/etc/kayobe/kolla-image-tags.yml @@ -45,3 +45,6 @@ kolla_image_tags: letsencrypt: rocky-9: 2024.1-rocky-9-20241206T090120 ubuntu-jammy: 2024.1-ubuntu-jammy-20241206T090120 + grafana: + rocky-9: 2024.1-rocky-9-20241128T123708 + ubuntu-jammy: 2024.1-ubuntu-jammy-20241128T123708