From 9e2fa5d93984b1d7edf532da686199845cd83991 Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <dbd@ehtrace.com>
Date: Fri, 3 Jan 2025 11:00:10 +0100
Subject: [PATCH] Update to 2025-01-03 11:00

---
 roles/jitsi/defaults/main.yml             |  6 ++--
 roles/jitsi_jibri/defaults/main.yml       |  2 +-
 roles/jitsi_videobridge/defaults/main.yml |  4 +--
 roles/metabase/defaults/main.yml          |  6 ++--
 roles/nomad/defaults/main.yml             |  4 +--
 roles/nomad/tasks/conf.yml                |  2 +-
 roles/nomad/templates/nomad.hcl.j2        |  3 ++
 roles/nomad_bin/defaults/main.yml         |  4 +--
 roles/repo_zabbix/defaults/main.yml       |  2 +-
 roles/repo_zabbix/tasks/RedHat.yml        | 29 +++++++++--------
 roles/repo_zimbra/defaults/main.yml       |  3 ++
 roles/repo_zimbra/tasks/RedHat.yml        | 38 +++++++++++++----------
 roles/repo_zimbra/tasks/facts.yml         | 31 ++++++++++++++++++
 roles/repo_zimbra/tasks/main.yml          |  3 ++
 roles/squash_tm/defaults/main.yml         |  4 +--
 roles/vault_bin/defaults/main.yml         |  4 +--
 16 files changed, 94 insertions(+), 51 deletions(-)
 create mode 100644 roles/repo_zimbra/defaults/main.yml
 create mode 100644 roles/repo_zimbra/tasks/facts.yml

diff --git a/roles/jitsi/defaults/main.yml b/roles/jitsi/defaults/main.yml
index 01bb35f..04c02c9 100644
--- a/roles/jitsi/defaults/main.yml
+++ b/roles/jitsi/defaults/main.yml
@@ -9,16 +9,16 @@ jitsi_user: jitsi
 jitsi_web_src_ip:
   - 0.0.0.0/0
 
-jitsi_version: 9823
+jitsi_version: 9909
 
 jitsi_jicofo_archive_url: https://github.com/jitsi/jicofo/archive/refs/tags/stable/jitsi-meet_{{ jitsi_version }}.tar.gz
-jitsi_jicofo_archive_sha256: 81403c7028926717c9d14bb273082c368de42ee95d5a5f34957229cef49fb7b9
+jitsi_jicofo_archive_sha256: aa794a41c29997695cb59cd67a07881395694f3ff4191b2f438497538886f214
 
 # Jigasi has no release, nor tags, so use master
 jitsi_jigasi_archive_url: https://github.com/jitsi/jigasi/archive/refs/heads/master.tar.gz
 
 jitsi_meet_archive_url: https://github.com/jitsi/jitsi-meet/archive/refs/tags/stable/jitsi-meet_{{ jitsi_version }}.tar.gz
-jitsi_meet_archive_sha256: 8fe36606be82f071618298de4026fffaaee95decc3a458b6dc90ed410e93e196
+jitsi_meet_archive_sha256: ec09512cde6a2ea43fe5b52baae104e0aeb90bcfc1c8d3e50406d6f724cde8ca
 
 jitsi_excalidraw_version: x21
 jitsi_excalidraw_archive_url: https://github.com/jitsi/excalidraw-backend/archive/refs/tags/{{ jitsi_excalidraw_version }}.tar.gz
diff --git a/roles/jitsi_jibri/defaults/main.yml b/roles/jitsi_jibri/defaults/main.yml
index abe6387..44ce91b 100644
--- a/roles/jitsi_jibri/defaults/main.yml
+++ b/roles/jitsi_jibri/defaults/main.yml
@@ -3,7 +3,7 @@
 jitsi_root_dir: /opt/jitsi
 jitsi_jibri_user: jibri
 
-jitsi_jibri_version: "{{ jitsi_version | default('9823') }}"
+jitsi_jibri_version: "{{ jitsi_version | default('9909') }}"
 # Jibri has no release, nor tag, so use master
 jitsi_jibri_archive_url: https://github.com/jitsi/jibri/archive/refs/heads/master.tar.gz
 
diff --git a/roles/jitsi_videobridge/defaults/main.yml b/roles/jitsi_videobridge/defaults/main.yml
index 4d6cb2e..84da626 100644
--- a/roles/jitsi_videobridge/defaults/main.yml
+++ b/roles/jitsi_videobridge/defaults/main.yml
@@ -3,9 +3,9 @@
 jitsi_root_dir: /opt/jitsi
 jitsi_user: jitsi
 
-jitsi_videobridge_version: "{{ jitsi_version | default('9823') }}"
+jitsi_videobridge_version: "{{ jitsi_version | default('9909') }}"
 jitsi_videobridge_archive_url: https://github.com/jitsi/jitsi-videobridge/archive/refs/tags/stable/jitsi-meet_{{ jitsi_videobridge_version }}.tar.gz
-jitsi_videobridge_archive_sha256: 0adea22ec18bb9b18e6bafe5522c3860fb421399d5a4f93a296a1827dffdc2d2
+jitsi_videobridge_archive_sha256: 6bca3b3bbd4002d53e7dd1cd8d9b0ee40afb70e2f07b23ee8afa6897ee7e07aa
 
 jitsi_videobridge_rtp_port: 10000
 jitsi_videobridge_src_ip:
diff --git a/roles/metabase/defaults/main.yml b/roles/metabase/defaults/main.yml
index 85290d4..e465490 100644
--- a/roles/metabase/defaults/main.yml
+++ b/roles/metabase/defaults/main.yml
@@ -1,15 +1,15 @@
 ---
 
 # Version to deploy
-metabase_version: 0.52.3
+metabase_version: 0.52.4
 # URL to fetch the jar
 metabase_jar_url: https://downloads.metabase.com/v{{ metabase_version }}/metabase.jar
 # Expected sha256 of the jar
-metabase_jar_sha256: c6dc61882f5034788df7d89056d3a5a2fa880ed29c619af781e4836d2044296c
+metabase_jar_sha256: b03961f3687b2dea982b11b4822d5c47864230389ce49d673f004f43de7c48b6
 # When building from source
 metabase_archive_url: https://github.com/metabase/metabase/archive/refs/tags/v{{ metabase_version }}.tar.gz
 # Expected sha256 of the archive
-metabase_archive_sha256: e3d2ee0807eadd0820b938cf9597b2a2f91ab85bf5cf4e593870106cf810525b
+metabase_archive_sha256: f42358848382dbbe88656943f8a358eee9b998dbdaccf52148889e7816b8dbb3
 # Should ansible handle upgrades ? If set to false, only the initial install (and the config) will be handled
 metabase_manage_upgrade: True
 
diff --git a/roles/nomad/defaults/main.yml b/roles/nomad/defaults/main.yml
index a53565a..bfd8ac7 100644
--- a/roles/nomad/defaults/main.yml
+++ b/roles/nomad/defaults/main.yml
@@ -3,8 +3,8 @@
 # List of plugins to install
 nomad_plugins:
   podman:
-    archive_url: https://releases.hashicorp.com/nomad-driver-podman/0.6.1/nomad-driver-podman_0.6.1_linux_amd64.zip
-    sha256: 0279086ea41fa75558dd01d540e6bee5268a88dd43b5e0bc9883ba9c15b4a568
+    archive_url: https://releases.hashicorp.com/nomad-driver-podman/0.6.2/nomad-driver-podman_0.6.2_linux_amd64.zip
+    sha256: 49fc4c03864e0c1db6f2fde1369b432948fd0eda249a10e34c87ec3eb6e5870d
   containerd:
     archive_url: https://github.com/Roblox/nomad-driver-containerd/releases/download/v0.9.4/containerd-driver
     sha256: 337e1bab178071500bfbe46a59946e0e3bafc652906ed1b755d2aa4d35990982
diff --git a/roles/nomad/tasks/conf.yml b/roles/nomad/tasks/conf.yml
index b1004b7..262eb0b 100644
--- a/roles/nomad/tasks/conf.yml
+++ b/roles/nomad/tasks/conf.yml
@@ -181,7 +181,7 @@
         - key: net.bridge.bridge-nf-call-ip6tables
           val: 1
         - key: net.bridge.bridge-nf-call-iptables
-          val: 0
+          val: 1
 
   tags: nomad
 
diff --git a/roles/nomad/templates/nomad.hcl.j2 b/roles/nomad/templates/nomad.hcl.j2
index d16921f..cdd2a5c 100644
--- a/roles/nomad/templates/nomad.hcl.j2
+++ b/roles/nomad/templates/nomad.hcl.j2
@@ -96,6 +96,9 @@ client {
 {% endfor %}
   ]
 
+  # Required for alloc to be able to reach themselves through an exposed port
+  bridge_network_hairpin_mode = true
+
 {% if nomad_conf.client.node_pool is defined %}
   node_pool = "{{ nomad_conf.client.node_pool }}"
 {% endif %}
diff --git a/roles/nomad_bin/defaults/main.yml b/roles/nomad_bin/defaults/main.yml
index c539a3e..c55be76 100644
--- a/roles/nomad_bin/defaults/main.yml
+++ b/roles/nomad_bin/defaults/main.yml
@@ -1,9 +1,9 @@
 ---
 
 # Version of Nomad to install
-nomad_version: 1.9.3
+nomad_version: 1.9.4
 # URL of the archive
 nomad_archive_url: https://releases.hashicorp.com/nomad/{{ nomad_version }}/nomad_{{ nomad_version }}_linux_amd64.zip
 # Expected sha256 of the archive
-nomad_archive_sha256: 517bce4fcebdc71335ac33a1e34a4c262d2417d8ed4e60cf895fc59e69d70c84
+nomad_archive_sha256: b3d3b21960c6ffaac981dff1cfcebff2ef430d894ef94acef5f4224af27d72aa
 
diff --git a/roles/repo_zabbix/defaults/main.yml b/roles/repo_zabbix/defaults/main.yml
index 009553f..9298bca 100644
--- a/roles/repo_zabbix/defaults/main.yml
+++ b/roles/repo_zabbix/defaults/main.yml
@@ -1,2 +1,2 @@
 ---
-zabbix_major_version: 7.0
+zabbix_major_version: 7.2
diff --git a/roles/repo_zabbix/tasks/RedHat.yml b/roles/repo_zabbix/tasks/RedHat.yml
index c588782..c3679c4 100644
--- a/roles/repo_zabbix/tasks/RedHat.yml
+++ b/roles/repo_zabbix/tasks/RedHat.yml
@@ -4,7 +4,7 @@
   yum_repository:
     name: zabbix
     description: Zabbix Repository
-    baseurl: https://repo.zabbix.com/zabbix/{{ zabbix_major_version }}/rhel/$releasever/$basearch/
+    baseurl: https://repo.zabbix.com/zabbix/{{ zabbix_major_version }}{% if zabbix_major_version is version('7.2', '>=') %}/stable{% endif %}/rhel/$releasever/$basearch/
     gpgcheck: True
     gpgkey: "{{ zabbix_repo_key }}"
     priority: 50
@@ -12,6 +12,19 @@
       - zabbix*
   tags: repo,zabbix
 
+- name: Configure Zabbix repo
+  yum_repository:
+    name: zabbix-release
+    description: Zabbix Release Repository
+    baseurl: https://repo.zabbix.com/zabbix/{{ zabbix_major_version }}/release/rhel/$releasever/noarch/
+    gpgcheck: True
+    gpgkey: "{{ zabbix_repo_key }}"
+    priority: 50
+    includepkgs:
+      - zabbix*
+    state: "{{ zabbix_major_version is version('7.2', '>=') | ternary('present', 'absent') }}"
+  tags: repo,zabbix
+
 - name: Configure Zabbix Agent2 plugins repo
   yum_repository:
     name: zabbix-agent2-plugins
@@ -24,17 +37,3 @@
       - zabbix*
   tags: repo,zabbix
 
-- name: Configure Zabbix frontend repo
-  yum_repository:
-    name: zabbix-frontend
-    description: Zabbix web frontend repository
-    file: zabbix
-    baseurl: https://repo.zabbix.com/zabbix/{{ zabbix_major_version }}/rhel/$releasever/$basearch/frontend
-    gpgcheck: True
-    gpgkey: "{{ zabbix_repo_key }}"
-    priority: 50
-    includepkgs:
-      - zabbix*
-    state: absent
-  tags: repo,zabbix
-
diff --git a/roles/repo_zimbra/defaults/main.yml b/roles/repo_zimbra/defaults/main.yml
new file mode 100644
index 0000000..b2e0cf8
--- /dev/null
+++ b/roles/repo_zimbra/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+
+zcs_major: 9.0.0
diff --git a/roles/repo_zimbra/tasks/RedHat.yml b/roles/repo_zimbra/tasks/RedHat.yml
index 175ec6a..6b566e9 100644
--- a/roles/repo_zimbra/tasks/RedHat.yml
+++ b/roles/repo_zimbra/tasks/RedHat.yml
@@ -3,24 +3,28 @@
 - name: Configure Zimbra repo
   yum_repository:
     file: zimbra
-    name: "{{ item.name }}"
-    description: "{{ item.description }}"
-    baseurl: "{{ item.baseurl }}"
-    gpgcheck: True
+    name: zimbra-oss-{{ item }}
+    description: Zimbra OSS RPM Repository version {{ item }}
+    baseurl: https://repo.zimbra.com/rpm/{{ item }}/rhel$releasever
+    gpgcheck: true
     gpgkey: https://files.zimbra.com/downloads/security/public.key
     priority: 50
-    exclude: "{{ item.exclude | default(omit) }}"
-  loop:
-    - name: zimbra
-      description: Zimbra RPM Repository
-      baseurl: https://repo.zimbra.com/rpm/87/rhel$releasever
-    - name: zimbra-90-oss
-      description: Zimbra New RPM Repository
-      baseurl: https://repo.zimbra.com/rpm/90/rhel$releasever
-    - name: zimbra-90-network
-      description: Zimbra NE RPM Repository
-      baseurl: https://repo.zimbra.com/rpm/90-ne/rhel$releasever
-      exclude:
-        - zimbra-patch
+    exclude:
+      - zimbra-patch
+  loop: "{{ zcs_repo_versions }}"
+  tags: repo,zcs
+
+- name: Configure Zimbra NE repo
+  yum_repository:
+    file: zimbra
+    name: zimbra-ne-{{ item }}
+    description: Zimbra NE RPM Repository version {{ item }}
+    baseurl: https://repo.zimbra.com/rpm/{{ item }}-ne/rhel$releasever
+    gpgcheck: true
+    gpgkey: https://files.zimbra.com/downloads/security/public.key
+    priority: 50
+    exclude:
+      - zimbra-patch
+  loop: "{{ zcs_repo_versions | difference([87]) }}"
   tags: repo,zcs
 
diff --git a/roles/repo_zimbra/tasks/facts.yml b/roles/repo_zimbra/tasks/facts.yml
new file mode 100644
index 0000000..938ba10
--- /dev/null
+++ b/roles/repo_zimbra/tasks/facts.yml
@@ -0,0 +1,31 @@
+---
+
+- name: Set repo versions
+  set_fact:
+    zcs_repo_versions:
+      - 87
+      - 90
+  when:
+    - zcs_major is version('9.0.0', '>=')
+    - zcs_major is version('10.0.0', '<')
+  tags: zcs,repo
+
+- name: Set repo versions
+  set_fact:
+    zcs_repo_versions:
+      - 87
+      - 1000
+  when:
+    - zcs_major is version('10.0.0', '>=')
+    - zcs_major is version('10.1.0', '<')
+  tags: zcs,repo
+
+- name: Set repo versions
+  set_fact:
+    zcs_repo_versions:
+      - 87
+      - 1000
+      - 1010
+  when:
+    - zcs_major is version('10.1.0', '>=')
+  tags: zcs,repo
diff --git a/roles/repo_zimbra/tasks/main.yml b/roles/repo_zimbra/tasks/main.yml
index 7d4da8a..47fa008 100644
--- a/roles/repo_zimbra/tasks/main.yml
+++ b/roles/repo_zimbra/tasks/main.yml
@@ -1,5 +1,8 @@
 ---
 
+- include_tasks: facts.yml
+  tags: always
+
 - include_tasks: "{{ ansible_os_family }}.yml"
   tags: always
 
diff --git a/roles/squash_tm/defaults/main.yml b/roles/squash_tm/defaults/main.yml
index 9b9824b..c763e23 100644
--- a/roles/squash_tm/defaults/main.yml
+++ b/roles/squash_tm/defaults/main.yml
@@ -1,11 +1,11 @@
 ---
 
 # Version of Shash TM to install
-squashtm_version: 8.0.0
+squashtm_version: 8.1.1
 # Archive URL which will be downloaded during install/upgrades
 squashtm_archive_url: https://nexus.squashtest.org/nexus/repository/public-releases/tm/core/squash-tm-distribution/{{ squashtm_version }}.RELEASE/squash-tm-{{ squashtm_version }}.RELEASE.tar.gz
 # Expected checksum of the archive
-squashtm_archive_sha256: e9bc48bc8d9cef9e5c81334a172121ddbcdc73ec059ba03139f974ac9e93dd96
+squashtm_archive_sha256: 1b30b4d74fa693733ea1d2b3f0155aaf940a1fc7020df85b3410a92eaa1f18f9
 # Should ansible handle upgrades ? (if False, only initial install and configuration will be done)
 squashtm_manage_upgrade: True
 
diff --git a/roles/vault_bin/defaults/main.yml b/roles/vault_bin/defaults/main.yml
index 4b9e405..d2cc7a8 100644
--- a/roles/vault_bin/defaults/main.yml
+++ b/roles/vault_bin/defaults/main.yml
@@ -1,7 +1,7 @@
 # Version of Vault to install
-vault_version: 1.18.2
+vault_version: 1.18.3
 # URL of the archive
 vault_archive_url: https://releases.hashicorp.com/vault/{{ vault_version }}/vault_{{ vault_version }}_linux_amd64.zip
 # Expected sha256 of the archive
-vault_archive_sha256: a448c8b6839d76ec54fa320d3a558ff0e5ef0c3d27ea78c88ace333461d7264b
+vault_archive_sha256: 405ec904a45c2261e2c091640fb805bf5904fd2fe8a991ebc58d2eb64f9a269e