stfc · DavidFair · Jun 1, 2026 · May 12, 2026 · May 12, 2026 · May 13, 2026
@@ -1,5 +1,5 @@
 {
     "kubernetes_series": "v1.33",
-    "kubernetes_semver": "v1.33.10",
-    "kubernetes_deb_version": "1.33.10-1.1"
-}
+    "kubernetes_semver": "v1.33.12",
+    "kubernetes_deb_version": "1.33.12-1.1"
+}
@@ -1,5 +1,5 @@
 {
     "kubernetes_series": "v1.34",
-    "kubernetes_semver": "v1.34.6",
-    "kubernetes_deb_version": "1.34.6-1.1"
-}
+    "kubernetes_semver": "v1.34.8",
+    "kubernetes_deb_version": "1.34.8-1.1"
+}
@@ -1,5 +1,4 @@
-# Newer Ansible versions do not support the Python 3.6 interpreter used by Rocky 8
-ansible==9.13.0
-ansible-core==2.16.16
+ansible==11.13.0
+ansible-core==2.18.16
 # The most compatible OpenStack CLI version with OpenStack Yoga
 python-openstackclient==5.8.0
@@ -9,39 +9,39 @@
 # https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/1849563/comments/16
 
 - name: Ensure grub command line has 'pci=nocrs,realloc' for NVIDIA PCI BAR fix
-  when: ansible_os_family == "Debian"
+  when: ansible_facts['os_family']  == "Debian"
   become: true
   block:
-  - name: Ensure grub2-common is installed for default grub file
-    ansible.builtin.apt:
-      name: grub2-common
-      state: present
-      update_cache: yes
-  - name: Restore default grub file
-    # As we incrementally build images theres a mixture of grub files with some subtle bugs
-    # we should restore the default file to ensure we have a clean base to work from
-    # then use the /etc/default/grub.d/ to add our custom settings
-    ansible.builtin.copy:
-      src: /usr/share/grub/default/grub
-      dest: /etc/default/grub
-      remote_src: true
-      owner: root
-      group: root
-      mode: '0644'
+    - name: Ensure grub2-common is installed for default grub file
+      ansible.builtin.apt:
+        name: grub2-common
+        state: present
+        update_cache: yes
+    - name: Restore default grub file
+      # As we incrementally build images theres a mixture of grub files with some subtle bugs
+      # we should restore the default file to ensure we have a clean base to work from
+      # then use the /etc/default/grub.d/ to add our custom settings
+      ansible.builtin.copy:
+        src: /usr/share/grub/default/grub
+        dest: /etc/default/grub
+        remote_src: true
+        owner: root
+        group: root
+        mode: "0644"
 
-  - name: Ensure pcie=nocrs,realloc is in the grub cmdline
-    ansible.builtin.copy:
-      # Need to be higher than 50 to override the cloud image default settings from Canonical
-      # which discards any GRUB cmdline settings in 50-cloudimg-settings.cfg
-      dest: /etc/default/grub.d/60-nvidia-pci-bar.cfg
-      content: |
-         # Added to fix NVIDIA PCI BAR I/O region error on OVMF firmware
-         # This file is managed by the STFC Cloud Team
-         GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT pcie=nocrs,realloc"
-      owner: root
-      group: root
-      mode: '0644'
-    register: grub_updated
+    - name: Ensure pcie=nocrs,realloc is in the grub cmdline
+      ansible.builtin.copy:
+        # Need to be higher than 50 to override the cloud image default settings from Canonical
+        # which discards any GRUB cmdline settings in 50-cloudimg-settings.cfg
+        dest: /etc/default/grub.d/60-nvidia-pci-bar.cfg
+        content: |
+          # Added to fix NVIDIA PCI BAR I/O region error on OVMF firmware
+          # This file is managed by the STFC Cloud Team
+          GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT pcie=nocrs,realloc"
+        owner: root
+        group: root
+        mode: "0644"
+      register: grub_updated
 
 - name: Check if machine supports UEFI boot
   become: true
@@ -64,20 +64,19 @@
   register: in_container
 
 - name: Update grub configuration
-  when: ansible_os_family == "Debian" and in_container.stdout != "0::/"
+  when: ansible_facts['os_family']  == "Debian" and in_container.stdout != "0::/"
   become: true
   block:
-  - name: Update grub configuration for Debian BIOS boot
-    ansible.builtin.command: "grub-mkconfig -o /boot/grub/grub.cfg"
-    when: grub_updated.changed and bios_dir.stat.exists
+    - name: Update grub configuration for Debian BIOS boot
+      ansible.builtin.command: "grub-mkconfig -o /boot/grub/grub.cfg"
+      when: grub_updated.changed and bios_dir.stat.exists
 
-  - name: Update grub configuration for Debian UEFI boot
-    ansible.builtin.command: "grub-mkconfig -o /boot/efi/EFI/{{ ansible_distribution | lower }}/grub.cfg"
-    when: grub_updated.changed and efi_dir.stat.exists
+    - name: Update grub configuration for Debian UEFI boot
+      ansible.builtin.command: "grub-mkconfig -o /boot/efi/EFI/{{ ansible_facts['distribution'] | lower }}/grub.cfg"
+      when: grub_updated.changed and efi_dir.stat.exists
 
 - name: Update grub configuration for RedHat based systems
   become: true
   # We could be on EFI or BIOS so need to find the correct grub config location
   ansible.builtin.shell: 'grub2-mkconfig -o "$(readlink -e /etc/grub2.conf)"'
-  when: grub_updated.changed and ansible_os_family == "RedHat" and in_container.stdout != "0::/"
-
+  when: grub_updated.changed and ansible_facts['os_family']  == "RedHat" and in_container.stdout != "0::/"
@@ -7,7 +7,7 @@
     name: dnsutils
     state: present
     update_cache: true
-  when: ansible_distribution == "Rocky"
+  when: ansible_facts['distribution'] == "Rocky"
   become: true
 
 - name: Copy in nubes-bootcontext script

@@ -4,12 +4,12 @@
     shell: "dpkg --list | egrep -i 'linux-image|linux-headers|linux-modules' | cut -d ' ' -f 3 | grep -v $(uname -r) | grep -v 'linux-headers-generic' | grep -v 'linux-headers-virtual' | grep -v 'linux-image-virtual' | xargs apt-get remove -y"
     become: true
     when: ( ansible_facts.packages['linux-image'] | length > 1)
-  when: ansible_distribution == "Ubuntu" and "linux-image" in ansible_facts.packages
+  when: ansible_facts['distribution'] == "Ubuntu" and "linux-image" in ansible_facts.packages
 
 - name: Cleanup old kernels Rocky
   block:
   - name: cleanup old kernels
     command:
       cmd: "dnf remove --oldinstallonly kernel -y"
     when: ( ansible_facts.packages['kernel'] | length > 1)
-  when: ansible_distribution == "Rocky" and "kernel" in ansible_facts.packages
+  when: ansible_facts['distribution'] == "Rocky" and "kernel" in ansible_facts.packages
@@ -10,9 +10,9 @@
 
 - name: clean yum/dnf
   command: yum clean all
-  when: ansible_distribution == "Rocky"
+  when: ansible_facts['distribution'] == "Rocky"
 
 - name: clean apt cache
   ansible.builtin.apt:
     clean: yes
-  when: ansible_distribution == "Ubuntu"
+  when: ansible_facts['distribution'] == "Ubuntu"
@@ -22,4 +22,4 @@
       ansible.builtin.command:
         cmd: "systemctl stop ncm-cdispd.service"
       when: ccm_conf_exists
-  when: ansible_distribution == "Rocky" 
+  when: ansible_facts['distribution'] == "Rocky"
@@ -2,7 +2,7 @@
   block:
   - name: Clear Audit log
     shell: "/bin/cat /dev/null > /var/log/audit/audit.log"
-  when: ansible_distribution == "Rocky"
+  when: ansible_facts['distribution'] == "Rocky"
 
 - name: Clear Audit log
   shell: "/bin/cat /dev/null > /var/log/wtmp"
@@ -11,4 +11,4 @@
   block:
   - name: Clear Audit log
     shell: "/bin/cat /dev/null > /var/log/auth.log"
-  when: ansible_distribution == "Ubuntu"
+  when: ansible_facts['distribution'] == "Ubuntu"
@@ -2,14 +2,13 @@
   file:
     path: "/etc/logrotate.d/btmp"
     state: absent
-  when: ansible_distribution == "Rocky" 
+  when: ansible_facts['distribution'] == "Rocky"
 
 - name: Remove duplicate /etc/logrotate.d/wtmp
   file:
     path: "/etc/logrotate.d/wtmp"
     state: absent
-  when: ansible_distribution == "Rocky" 
-
+  when: ansible_facts['distribution'] == "Rocky"
 
 - name: Clear Audit log
   shell: "sudo logrotate -f /etc/logrotate.conf"

@@ -2,7 +2,7 @@
 
 - include_tasks: get_package_facts.yml
 - include_tasks: run_quattor.yml
-  when: ansible_distribution == "Rocky" 
+  when: ansible_facts['distribution'] == "Rocky"
 - include_tasks: get_package_facts.yml
 - include_tasks: cleanout_tmp.yml
 - include_tasks: cleanout_rc_directories.yml
@@ -11,7 +11,7 @@
 - include_tasks: set_locale.yml
 - include_tasks: wazuh.yml
 - include_tasks: cleanup_quattor.yml
-  when: ansible_distribution == "Rocky" 
+  when: ansible_facts['distribution'] == "Rocky"
 - include_tasks: run_pakiti.yml
 - include_tasks: cleanup_users.yml
 - include_tasks: cleanup_old_kernels.yml

@@ -1,4 +1,4 @@
 - name: run quattor
   shell: "sudo quattor-fetch && sudo quattor-configure --all --verbose"
   ignore_errors: true
-  when: ansible_distribution == "Rocky" 
+  when: ansible_facts['distribution'] == "Rocky"
@@ -41,13 +41,11 @@
 
 - name: Set locale keymap
   command: localectl set-keymap gb
-  when: ansible_distribution == "Rocky"
+  when: ansible_facts['distribution'] == "Rocky"
 
 - name: Set locale keymap
   command: loadkeys uk
-  when: ansible_distribution == "Ubuntu"
-
-
+  when: ansible_facts['distribution'] == "Ubuntu"
 # - name: Set locale x11 keymap
 #   command: localeclt set-x11-keymap gb
-#   when: ansible_distribution == "Rocky"
+#   when: ansible_facts['distribution'] == "Rocky"
@@ -4,7 +4,7 @@
     shell: "dpkg --list | egrep -i 'linux-image|linux-headers|linux-modules' | cut -d ' ' -f 3 | grep -v $(uname -r) | grep -v 'linux-headers-generic' | grep -v 'linux-headers-virtual' | grep -v 'linux-image-virtual' | xargs apt-get remove -y"
     become: true
     when: ( ansible_facts.packages['linux-image'] | length > 1)
-  when: ansible_distribution == "Ubuntu" and "linux-image" in ansible_facts.packages
+  when: ansible_facts['distribution'] == "Ubuntu" and "linux-image" in ansible_facts.packages
 
 - name: Cleanup old kernels Rocky
   block:
@@ -13,4 +13,4 @@
       cmd: "dnf remove --oldinstallonly kernel -y"
     when: ( ansible_facts.packages['kernel'] | length > 1)
     become: true
-  when: ansible_distribution == "Rocky" and "kernel" in ansible_facts.packages
+  when: ansible_facts['distribution'] == "Rocky" and "kernel" in ansible_facts.packages
@@ -12,11 +12,11 @@
 
 - name: clean yum/dnf
   command: yum clean all
-  when: ansible_distribution == "Rocky"
+  when: ansible_facts['distribution'] == "Rocky"
   become: true
 
 - name: clean apt cache
   ansible.builtin.apt:
     clean: yes
-  when: ansible_distribution == "Ubuntu"
+  when: ansible_facts['distribution'] == "Ubuntu"
   become: true
@@ -22,5 +22,5 @@
       ansible.builtin.command:
         cmd: "systemctl stop ncm-cdispd.service"
       when: ccm_conf_exists.stat.exists
-  when: ansible_distribution == "Rocky" 
+  when: ansible_facts['distribution'] == "Rocky"
   become: true
@@ -3,7 +3,7 @@
   - name: Clear Audit log
     shell: "/bin/cat /dev/null > /var/log/audit/audit.log"
   ignore_errors: true
-  when: ansible_distribution == "Rocky"
+  when: ansible_facts['distribution'] == "Rocky"
   become: true
 
 - name: Clear Audit log
@@ -14,5 +14,5 @@
   block:
   - name: Clear Audit log
     shell: "/bin/cat /dev/null > /var/log/auth.log"
-  when: ansible_distribution == "Ubuntu"
+  when: ansible_facts['distribution'] == "Ubuntu"
   become: true
@@ -2,17 +2,16 @@
   file:
     path: "/etc/logrotate.d/btmp"
     state: absent
-  when: ansible_distribution == "Rocky" 
+  when: ansible_facts['distribution'] == "Rocky"
   become: true
 
 - name: Remove duplicate /etc/logrotate.d/wtmp
   file:
     path: "/etc/logrotate.d/wtmp"
     state: absent
-  when: ansible_distribution == "Rocky" 
+  when: ansible_facts['distribution'] == "Rocky"
   become: true
 
-
 - name: Clear Audit log
   shell: "logrotate -f /etc/logrotate.conf"
   become: true

@@ -18,15 +18,15 @@
 
 - include_tasks: get_package_facts.yml
 - include_tasks: run_quattor.yml
-  when: ansible_distribution == "Rocky"
+  when: ansible_facts['distribution'] == "Rocky"
 - include_tasks: get_package_facts.yml
 - include_tasks: cleanout_tmp.yml
 - include_tasks: cleanout_rc_directories.yml
 - include_tasks: cleanup_network_conf.yml
 - include_tasks: set_locale.yml
 - include_tasks: wazuh.yml
 - include_tasks: cleanup_quattor.yml
-  when: ansible_distribution == "Rocky"
+  when: ansible_facts['distribution'] == "Rocky"
 - include_tasks: run_pakiti.yml
 - include_tasks: cleanup_users.yml
 - include_tasks: cleanup_old_kernels.yml

@@ -1,5 +1,5 @@
 - name: run quattor
   shell: "quattor-fetch && quattor-configure --all --verbose"
   ignore_errors: true
-  when: ansible_distribution == "Rocky" 
+  when: ansible_facts['distribution'] == "Rocky"
   become: true
@@ -54,15 +54,13 @@
 
     - name: Set locale keymap
       command: localectl set-keymap gb
-      when: ansible_distribution == "Rocky"
+      when: ansible_facts['distribution'] == "Rocky"
       become: true
   when: in_container
-
 # - name: Set locale keymap
 #   command: loadkeys uk
-#   when: ansible_distribution == "Ubuntu"
-
+#   when: ansible_facts['distribution'] == "Ubuntu"
 
 # - name: Set locale x11 keymap
 #   command: localeclt set-x11-keymap gb
-#   when: ansible_distribution == "Rocky"
+#   when: ansible_facts['distribution'] == "Rocky"
@@ -4,19 +4,19 @@
     state: present
     update_cache: true
   become: true
-  when: ansible_distribution == "Ubuntu" and ansible_distribution_major_version == "22"
+  when: ansible_facts['distribution'] == "Ubuntu" and ansible_facts["distribution_major_version"]== "22"
 
 - name: Install pwquality on Ubuntu 24.04
   ansible.builtin.apt:
     name: libpwquality-tools
     state: present
     update_cache: true
   become: true
-  when: ansible_distribution == "Ubuntu" and ansible_distribution_major_version == "24"
+  when: ansible_facts['distribution'] == "Ubuntu" and ansible_facts["distribution_major_version"]== "24"
 
 - name: Update pam-auth
   ansible.builtin.command: pam-auth-update --enable capability systemd unix pwquality
-  when: ansible_distribution == "Ubuntu"
+  when: ansible_facts['distribution'] == "Ubuntu"
   become: true
 
 - name: Copy over pwquality.conf
@@ -25,5 +25,5 @@
     dest: /etc/security/pwquality.conf
     owner: root
     group: root
-    mode: '0644'
+    mode: "0644"
   become: true