Adding nessie to factory (#244)

Adding nessie to factory.
This aims to test the theory of conflict if there's same package and branch name, as was the case in #243

Authored-by: George <george_agriogiannis@yahoo.com>
Reviewed-on: suse-edge/Factory#244
Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>

ironic-image/Dockerfile

@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%ironic:29.0.4.0
+#!BuildTag: %%IMG_PREFIX%%ironic:29.0.4.1
-#!BuildTag: %%IMG_PREFIX%%ironic:29.0.4.0-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%ironic:29.0.4.1-%RELEASE%
 
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
@@ -19,11 +19,11 @@ RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes
 
 #!ArchExclusiveLine: x86_64
 RUN if [ "$(uname -m)" = "x86_64" ];then \
-      zypper --installroot /installroot --non-interactive install --no-recommends syslinux python311-devel python311 python311-pip python311-sushy-oem-idrac python311-proliantutils python311-sushy python311-pyinotify python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic; \
+      zypper --installroot /installroot --non-interactive install --no-recommends syslinux python311-devel python311 python311-pip python311-sushy-oem-idrac python311-proliantutils python311-sushy python311-pyinotify python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi ipcalc ipmitool iproute2 bind-utils procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic; \
     fi
 #!ArchExclusiveLine: aarch64
 RUN if [ "$(uname -m)" = "aarch64" ];then \
-      zypper --installroot /installroot --non-interactive install --no-recommends python311-devel python311 python311-pip python311-sushy-oem-idrac python311-proliantutils python311-sushy python311-pyinotify python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic; \
+      zypper --installroot /installroot --non-interactive install --no-recommends python311-devel python311 python311-pip python311-sushy-oem-idrac python311-proliantutils python311-sushy python311-pyinotify python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi ipcalc ipmitool iproute2 bind-utils procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic; \
     fi
     
 # DATABASE
@@ -41,8 +41,8 @@ LABEL org.opencontainers.image.description="Openstack Ironic based on the SLE Ba
 LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opencontainers.image.version="29.0.4.0"
+LABEL org.opencontainers.image.version="29.0.4.1"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:29.0.4.0-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:29.0.4.1-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"

ironic-image/configure-nonroot.sh

@@ -45,10 +45,10 @@ chown -R "${IRONIC_USER}":"${IRONIC_GROUP}" /run
 
 # ironic and httpd related changes
 mkdir -p /etc/httpd/conf.d
-chown -R "${IRONIC_USER}":"${IRONIC_GROUP}" /etc/ironic /etc/httpd/conf /etc/httpd/conf.d
+chown -R "${IRONIC_USER}":"${IRONIC_GROUP}" /etc/ironic /etc/httpd/conf /etc/httpd/conf.d /etc/httpd/conf.modules.d/
-chmod 2775 /etc/ironic /etc/httpd/conf /etc/httpd/conf.d
+chmod 2775 /etc/ironic /etc/httpd/conf /etc/httpd/conf.d /etc/httpd/conf.modules.d/
 #chmod 664 /etc/ironic/* /etc/httpd/conf/* /etc/httpd/conf.d/*
-chmod 664 /etc/ironic/* /etc/httpd/conf/*
+chmod 664 /etc/ironic/* /etc/httpd/conf/* /etc/httpd/conf.modules.d/*
 
 chown -R "${IRONIC_USER}":"${IRONIC_GROUP}" /var/lib/ironic
 chmod 2775 /var/lib/ironic

ironic-image/ironic-config/apache2-ipxe.conf.j2

@@ -1,4 +1,5 @@
-Listen {{ env.IPXE_TLS_PORT }}
+Listen 0.0.0.0:{{ env.IPXE_TLS_PORT }}
+Listen [::]:{{ env.IPXE_TLS_PORT }}
 
 <VirtualHost *:{{ env.IPXE_TLS_PORT }}>
     ErrorLog /dev/stderr

ironic-image/ironic-config/apache2-vmedia.conf.j2

@@ -1,4 +1,5 @@
-Listen {{ env.VMEDIA_TLS_PORT }}
+Listen 0.0.0.0:{{ env.VMEDIA_TLS_PORT }}
+Listen [::]:{{ env.VMEDIA_TLS_PORT }}
 
 <VirtualHost *:{{ env.VMEDIA_TLS_PORT }}>
     ErrorLog /dev/stderr
@@ -10,13 +11,15 @@ Listen {{ env.VMEDIA_TLS_PORT }}
     SSLCertificateFile {{ env.IRONIC_VMEDIA_CERT_FILE }}
     SSLCertificateKeyFile {{ env.IRONIC_VMEDIA_KEY_FILE }}
 
-    <Directory ~ "/shared/html">
+    <Directory "/shared/html/">
-         Order deny,allow
+        Options Indexes FollowSymLinks
-         deny from all
+        AllowOverride None
+        Require all granted
     </Directory>
     <Directory ~ "/shared/html/(redfish|ilo)/">
-         Order allow,deny
+        Options Indexes FollowSymLinks
-         allow from all
+        AllowOverride None
+        Require all granted
     </Directory>
 </VirtualHost>
 

ironic-image/ironic-config/httpd-ironic-api.conf.j2

@@ -12,11 +12,21 @@
 
 
 {% if env.LISTEN_ALL_INTERFACES | lower == "true" %}
-Listen {{ env.IRONIC_LISTEN_PORT }}
+Listen 0.0.0.0:{{ env.IRONIC_LISTEN_PORT }}
+Listen [::]:{{ env.IRONIC_LISTEN_PORT }}
  <VirtualHost *:{{ env.IRONIC_LISTEN_PORT }}>
 {% else %}
-Listen {{ env.IRONIC_URL_HOST }}:{{ env.IRONIC_LISTEN_PORT }}
+{% if env.ENABLE_IPV4 %}
- <VirtualHost {{ env.IRONIC_URL_HOST }}:{{ env.IRONIC_LISTEN_PORT }}>
+Listen {{ env.IRONIC_IP }}:{{ env.IRONIC_LISTEN_PORT }}
+{% endif %}
+{% if env.ENABLE_IPV6 %}
+Listen [{{ env.IRONIC_IPV6 }}]:{{ env.IRONIC_LISTEN_PORT }}
+{% endif %}
+{% if env.IRONIC_URL_HOSTNAME is defined and env.IRONIC_URL_HOSTNAME|length %}
+<VirtualHost {{ env.IRONIC_URL_HOSTNAME }}:{{ env.IRONIC_LISTEN_PORT }}>
+{% else %}
+<VirtualHost {% if env.ENABLE_IPV4 %}{{ env.IRONIC_IP }}:{{ env.IRONIC_LISTEN_PORT }}{% endif %} {% if env.ENABLE_IPV6 %}[{{ env.IRONIC_IPV6 }}]:{{ env.IRONIC_LISTEN_PORT }}{% endif %}>
+{% endif %}
 {% endif %}
 
     {% if env.IRONIC_PRIVATE_PORT == "unix" %}

ironic-image/ironic-config/httpd-modules.conf

@@ -17,4 +17,4 @@ LoadModule authn_core_module /usr/lib64/apache2/mod_authn_core.so
 LoadModule auth_basic_module /usr/lib64/apache2/mod_auth_basic.so
 LoadModule authn_file_module /usr/lib64/apache2/mod_authn_file.so
 LoadModule authz_user_module /usr/lib64/apache2/mod_authz_user.so
-LoadModule access_compat_module /usr/lib64/apache2/mod_access_compat.so
+#LoadModule access_compat_module /usr/lib64/apache2/mod_access_compat.so

ironic-image/ironic-config/httpd.conf.j2

@@ -1,8 +1,14 @@
 ServerRoot {{ env.HTTPD_DIR }}
 {%- if env.LISTEN_ALL_INTERFACES | lower == "true" %}
-Listen {{ env.HTTP_PORT }}
+Listen 0.0.0.0:{{ env.HTTP_PORT }}
+Listen [::]:{{ env.HTTP_PORT }}
 {% else %}
-Listen {{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}
+{% if env.ENABLE_IPV4 %}
+Listen {{ env.IRONIC_IP }}:{{ env.HTTP_PORT }}
+{% endif %}
+{% if env.ENABLE_IPV6 %}
+Listen [{{ env.IRONIC_IPV6 }}]:{{ env.HTTP_PORT }}
+{% endif %}
 {% endif %}
 Include /etc/httpd/conf.modules.d/*.conf
 User ironic-suse

ironic-image/ironic-config/ironic.conf.j2

@@ -25,7 +25,13 @@ rpc_transport = none
 use_stderr = true
 # NOTE(dtantsur): the default md5 is not compatible with FIPS mode
 hash_ring_algorithm = sha256
+{% if env.ENABLE_IPV4 %}
 my_ip = {{ env.IRONIC_IP }}
+{% endif %}
+{% if env.ENABLE_IPV6 %}
+my_ipv6 = {{ env.IRONIC_IPV6 }}
+{% endif %}
+
 host = {{ env.IRONIC_CONDUCTOR_HOST }}
 tempdir = {{ env.IRONIC_TMP_DATA_DIR }}
 
@@ -65,7 +71,7 @@ port = {{ env.IRONIC_PRIVATE_PORT }}
 {% endif %}
 public_endpoint = {{ env.IRONIC_BASE_URL }}
 {% else %}
-host_ip = {% if env.LISTEN_ALL_INTERFACES | lower == "true" %}::{% else %}{{ env.IRONIC_IP }}{% endif %}
+host_ip = {{ env.IRONIC_HOST_IP }}
 port = {{ env.IRONIC_LISTEN_PORT }}
 {% if env.IRONIC_TLS_SETUP == "true" %}
 enable_ssl_api = true
@@ -85,7 +91,11 @@ send_sensor_data = {{ env.SEND_SENSOR_DATA }}
 # Power state is checked every 60 seconds and BMC activity should
 # be avoided more often than once every sixty seconds.
 send_sensor_data_interval = 160
+{% if env.VMEDIA_TLS_PORT %}
+bootloader = {{ env.IRONIC_HTTPS_VMEDIA_URL }}/uefi_esp-{{ env.DEPLOY_ARCHITECTURE }}.img
+{% else %}
 bootloader = {{ env.IRONIC_HTTP_URL }}/uefi_esp-{{ env.DEPLOY_ARCHITECTURE }}.img
+{% endif %}
 verify_step_priority_override = management.clear_job_queue:90
 # We don't use this feature, and it creates an additional load on the database
 node_history = False
@@ -117,15 +127,15 @@ default_boot_option = local
 erase_devices_metadata_priority = 10
 erase_devices_priority = 0
 http_root = /shared/html/
-http_url = {{ env.IRONIC_HTTP_URL }}
+http_url = {% if env.VMEDIA_TLS_PORT %}{{ env.IRONIC_HTTPS_VMEDIA_URL }}{% else %}{{ env.IRONIC_HTTP_URL }}{% endif %}
 fast_track = {{ env.IRONIC_FAST_TRACK }}
 {% if env.IRONIC_BOOT_ISO_SOURCE %}
 ramdisk_image_download_source = {{ env.IRONIC_BOOT_ISO_SOURCE }}
 {% endif %}
 {% if env.IRONIC_EXTERNAL_HTTP_URL %}
 external_http_url = {{ env.IRONIC_EXTERNAL_HTTP_URL }}
-{% elif env.IRONIC_VMEDIA_TLS_SETUP == "true" %}
+{% elif env.VMEDIA_TLS_PORT %}
-external_http_url = https://{{ env.IRONIC_URL_HOST }}:{{ env.VMEDIA_TLS_PORT }}
+external_http_url = {{ env.IRONIC_HTTPS_VMEDIA_URL }}
 {% endif %}
 {% if env.IRONIC_EXTERNAL_CALLBACK_URL %}
 external_callback_url = {{ env.IRONIC_EXTERNAL_CALLBACK_URL }}
@@ -181,7 +191,7 @@ cipher_suite_versions = 3,17
 # containers are in host networking.
 auth_strategy = http_basic
 http_basic_auth_user_file = {{ env.IRONIC_RPC_HTPASSWD_FILE }}
-host_ip = {% if env.LISTEN_ALL_INTERFACES | lower == "true" %}::{% else %}{{ env.IRONIC_IP }}{% endif %}
+host_ip = {{ env.IRONIC_HOST_IP }}
 {% if env.IRONIC_TLS_SETUP == "true" %}
 use_ssl = true
 cafile = {{ env.IRONIC_CACERT_FILE }}

ironic-image/scripts/configure-ironic.sh

@@ -3,6 +3,7 @@
 set -euxo pipefail
 
 IRONIC_EXTERNAL_IP="${IRONIC_EXTERNAL_IP:-}"
+export VMEDIA_TLS_PORT="${VMEDIA_TLS_PORT:-}"
 
 # Define the VLAN interfaces to be included in introspection report, e.g.
 #   all - all VLANs on all interfaces using LLDP information
@@ -51,6 +52,18 @@ export IRONIC_IPA_COLLECTORS=${IRONIC_IPA_COLLECTORS:-default,logs}
 
 wait_for_interface_or_ip
 
+if [[ "$(echo "$LISTEN_ALL_INTERFACES" | tr '[:upper:]' '[:lower:]')" == "true" ]]; then
+export IRONIC_HOST_IP="::"
+elif [[ -n "${ENABLE_IPV6}" ]]; then
+export IRONIC_HOST_IP="$IRONIC_IPV6"
+else
+export IRONIC_HOST_IP="$IRONIC_IP"
+fi
+
+if [[ "${VMEDIA_TLS_PORT}" ]]; then
+   export IRONIC_HTTPS_VMEDIA_URL="https://${IRONIC_URL_HOST}:${VMEDIA_TLS_PORT}"
+fi
+
 # Hostname to use for the current conductor instance.
 export IRONIC_CONDUCTOR_HOST=${IRONIC_CONDUCTOR_HOST:-${IRONIC_URL_HOST}}
 
@@ -92,4 +105,11 @@ render_j2_config "/etc/ironic/ironic.conf.j2" \
 configure_json_rpc_auth
 
 # Make sure ironic traffic bypasses any proxies
-export NO_PROXY="${NO_PROXY:-},$IRONIC_IP"
+export NO_PROXY="${NO_PROXY:-}"
+
+if [[ -n "$IRONIC_IPV6" ]]; then
+export NO_PROXY="${NO_PROXY},${IRONIC_IPV6}"
+fi
+if [[ -n "$IRONIC_IP" ]]; then
+export NO_PROXY="${NO_PROXY},${IRONIC_IP}"
+fi

ironic-image/scripts/ironic-common.sh

@@ -5,9 +5,11 @@ set -euxo pipefail
 # Export IRONIC_IP to avoid needing to lean on IRONIC_URL_HOST for consumption in
 # e.g. dnsmasq configuration
 export IRONIC_IP="${IRONIC_IP:-}"
+IRONIC_IPV6="${IRONIC_IPV6:-}"
 PROVISIONING_INTERFACE="${PROVISIONING_INTERFACE:-}"
 PROVISIONING_IP="${PROVISIONING_IP:-}"
 PROVISIONING_MACS="${PROVISIONING_MACS:-}"
+IRONIC_URL_HOSTNAME="${IRONIC_URL_HOSTNAME:-}"
 IPXE_CUSTOM_FIRMWARE_DIR="${IPXE_CUSTOM_FIRMWARE_DIR:-/shared/custom_ipxe_firmware}"
 CUSTOM_CONFIG_DIR="${CUSTOM_CONFIG_DIR:-/conf}"
 CUSTOM_DATA_DIR="${CUSTOM_DATA_DIR:-/data}"
@@ -33,6 +35,85 @@ export LOCAL_DB_URI="sqlite:///${IRONIC_DB_DIR}/ironic.sqlite"
 
 export IRONIC_USE_MARIADB=${IRONIC_USE_MARIADB:-false}
 
+
+get_ip_of_hostname()
+{
+    if [[ "$#" -ne 2 ]]; then
+        echo "${FUNCNAME}: two parameters required, $# provided" >&2
+        return 1
+    fi
+
+    case $2 in
+        4)
+            QUERY="a";;
+        6)
+            QUERY="aaaa";;
+        *)
+            echo "${FUNCNAME}: the second parameter should be [a|aaaa] for A and AAAA records"
+            return 1;;
+    esac
+
+    local HOSTNAME=$1
+
+    echo $(nslookup -type=${QUERY} "${HOSTNAME}" | tail -n2 | grep -w "Address:" | cut -d " " -f2)
+}
+
+get_interface_of_ip()
+{
+    local IP_VERS=""
+
+    if [[ "$#" -gt 2 ]]; then
+        echo "${FUNCNAME}: too many parameters" >&2
+        return 1
+    fi
+
+    if [[ "$#" -eq 2 ]]; then
+        case $2 in
+        4|6)
+            local IP_VERS="-${2}"
+            ;;
+        *)
+            echo "${FUNCNAME}: the second parameter should be [4|6] (or missing for both)" >&2
+            return 2
+            ;;
+        esac
+    fi
+
+    local IP_ADDR=$1
+
+    # Convert the address using ipcalc which strips out the subnet.
+    # For IPv6 addresses, this will give the short-form address
+    IP_ADDR="$(ipcalc "${IP_ADDR}" | grep "^Address:" | awk '{print $2}')"
+
+    echo $(ip ${IP_VERS} -br addr show scope global | grep -i " ${IP_ADDR}/" | cut -f 1 -d ' ' | cut -f 1 -d '@')
+}
+
+get_ip_of_interface()
+{
+    local IP_VERS=""
+
+    if [[ "$#" -gt 2 ]]; then
+        echo "${FUNCNAME}: too many parameters" >&2
+        return 1
+    fi
+
+    if [[ "$#" -eq 2 ]]; then
+        case $2 in
+        4|6)
+            local IP_VERS="-${2}"
+            ;;
+        *)
+            echo "${FUNCNAME}: the second parameter should be [4|6] (or missing for both)" >&2
+            return 2
+            ;;
+        esac
+    fi
+
+    local IFACE=$1
+
+    echo $(ip ${IP_VERS} -br addr show scope global up dev ${IFACE} | awk '{print $3}' | sed -e 's%/.*%%' | head -n 1)
+}
+
 get_provisioning_interface()
 {
     if [[ -n "$PROVISIONING_INTERFACE" ]]; then
@@ -41,13 +122,7 @@ get_provisioning_interface()
         return
     fi
 
-    local interface="provisioning"
+    local interface=""
-
-    if [[ -n "${PROVISIONING_IP}" ]]; then
-        if ip -br addr show | grep -i " ${PROVISIONING_IP}/" &>/dev/null; then
-            interface="$(ip -br addr show | grep -i " ${PROVISIONING_IP}/" | cut -f 1 -d ' ' | cut -f 1 -d '@')"
-        fi
-    fi
 
     for mac in ${PROVISIONING_MACS//,/ }; do
         if ip -br link show up | grep -i "$mac" &>/dev/null; then
@@ -71,32 +146,111 @@ wait_for_interface_or_ip()
     # available on an interface, otherwise we look at $PROVISIONING_INTERFACE
     # for an IP
     if [[ -n "${PROVISIONING_IP}" ]]; then
-        # Convert the address using ipcalc which strips out the subnet.
+        local IFACE_OF_IP=""
-        # For IPv6 addresses, this will give the short-form address
+
-        IRONIC_IP="$(ipcalc "${PROVISIONING_IP}" | grep "^Address:" | awk '{print $2}')"
+        until [[ -n "$IFACE_OF_IP" ]]; do
-        export IRONIC_IP
+            echo "Waiting for ${PROVISIONING_IP} to be configured on an interface..."
-        until grep -F " ${IRONIC_IP}/" <(ip -br addr show); do
+            IFACE_OF_IP="$(get_interface_of_ip "${PROVISIONING_IP}")"
-            echo "Waiting for ${IRONIC_IP} to be configured on an interface"
             sleep 1
         done
+
+        echo "Found $PROVISIONING_IP on interface \"${IFACE_OF_IP}\"!"
+
+        export PROVISIONING_INTERFACE="$IFACE_OF_IP"
+	# If the IP contains a colon, then it's an IPv6 address
+        if [[ "$PROVISIONING_IP" =~ .*:.* ]]; then
+            export IRONIC_IPV6="$PROVISIONING_IP"
+            export IRONIC_IP=""
         else
-        until [[ -n "$IRONIC_IP" ]]; do
+            export IRONIC_IP="$PROVISIONING_IP"
-            echo "Waiting for ${PROVISIONING_INTERFACE} interface to be configured"
+        fi
-            IRONIC_IP="$(ip -br add show scope global up dev "${PROVISIONING_INTERFACE}" | awk '{print $3}' | sed -e 's%/.*%%' | head -n 1)"
+    elif [[ -n "${IRONIC_IP}" ]]; then
-            export IRONIC_IP
+        if [[ "$IRONIC_IP" =~ .*:.* ]]; then
+            export IRONIC_IPV6="$IRONIC_IP"
+            export IRONIC_IP=""
+        fi
+    elif [[ -n "${PROVISIONING_INTERFACE}" ]]; then
+        until [[ -n "$IRONIC_IPV6" ]] || [[ -n "$IRONIC_IP" ]]; do
+            echo "Waiting for ${PROVISIONING_INTERFACE} interface to be configured..."
+
+            IRONIC_IPV6="$(get_ip_of_interface "${PROVISIONING_INTERFACE}" 6)"
+            sleep 1
+
+            IRONIC_IP="$(get_ip_of_interface "${PROVISIONING_INTERFACE}" 4)"
             sleep 1
         done
+
+        if [[ -n "$IRONIC_IPV6" ]]; then
+            echo "Found $IRONIC_IPV6 on interface \"${PROVISIONING_INTERFACE}\"!"
+	    export IRONIC_IPV6
+        fi
+        if [[ -n "$IRONIC_IP" ]]; then
+            echo "Found $IRONIC_IP on interface \"${PROVISIONING_INTERFACE}\"!"
+	    export IRONIC_IP
+        fi
+    elif [[ -n "$IRONIC_URL_HOSTNAME" ]]; then
+        local IPV6_IFACE=""
+        local IPV4_IFACE=""
+        
+        # we should get at least one IP address
+        until [[ -n "$IPV6_IFACE" ]] || [[ -n "$IPV4_IFACE" ]]; do
+            local IPV6_RECORD=""
+            local IPV4_RECORD=""
+
+            IPV6_RECORD="$(get_ip_of_hostname "${IRONIC_URL_HOSTNAME}" 6)"
+            IPV4_RECORD="$(get_ip_of_hostname "${IRONIC_URL_HOSTNAME}" 4)"
+
+            # We couldn't get any IP
+            if [[ -z "$IPV4_RECORD" ]] && [[ -z "$IPV6_RECORD" ]]; then
+                echo "${FUNCNAME}: no valid IP found for hostname ${IRONIC_URL_HOSTNAME}" >&2
+                return 1
+            fi
+
+            echo "Waiting for ${IPV6_RECORD} to be configured on an interface"
+            IPV6_IFACE="$(get_interface_of_ip "${IPV6_RECORD}" 6)"
+            sleep 1
+
+            echo "Waiting for ${IPV4_RECORD} to be configured on an interface"
+            IPV4_IFACE="$(get_interface_of_ip "${IPV4_RECORD}" 4)"
+            sleep 1
+        done
+
+        # Add some debugging output
+        if [[ -n "$IPV6_IFACE" ]]; then
+            echo "Found $IPV6_RECORD on interface \"${IPV6_IFACE}\"!"
+            export IRONIC_IPV6="$IPV6_RECORD"
+        fi
+        if [[ -n "$IPV4_IFACE" ]]; then
+            echo "Found $IPV4_RECORD on interface \"${IPV4_IFACE}\"!"
+            export IRONIC_IP="$IPV4_RECORD"
+        fi
+
+        # Make sure both IPs are asigned to the same interface
+        if [[ -n "$IPV6_IFACE" ]] && [[ -n "$IPV4_IFACE" ]] && [[ "$IPV6_IFACE" != "$IPV4_IFACE" ]]; then
+            echo "Warning, the IPv4 and IPv6 addresses from \"${HOSTNAME}\" are assigned to different " \
+            "interfaces (\"${IPV6_IFACE}\" and \"${IPV4_IFACE}\")" >&2
         fi
 
-    # If the IP contains a colon, then it's an IPv6 address, and the HTTP
-    # host needs surrounding with brackets
-    if [[ "$IRONIC_IP" =~ .*:.* ]]; then
-        export IPV=6
-        export IRONIC_URL_HOST="[$IRONIC_IP]"
     else
-        export IPV=4
+        echo "Cannot determine an interface or an IP for binding and creating URLs"
+        return 1
+    fi
+
+    # Define the URLs based on the what we have found,
+    # prioritize IPv6 for IRONIC_URL_HOST
+    if [[ -n "$IRONIC_IP" ]]; then
+        export ENABLE_IPV4=yes
         export IRONIC_URL_HOST="$IRONIC_IP"
     fi
+    if [[ -n "$IRONIC_IPV6" ]]; then
+        export ENABLE_IPV6=yes
+        export IRONIC_URL_HOST="[${IRONIC_IPV6}]" # The HTTP host needs surrounding with brackets
+    fi
+
+    # Once determined if we have IPv4 and/or IPv6, override the hostname if provided
+    if [[ -n "$IRONIC_URL_HOSTNAME" ]]; then
+        IRONIC_URL_HOST=$IRONIC_URL_HOSTNAME
+    fi
 
     # Avoid having to construct full URL multiple times while allowing
     # the override of IRONIC_HTTP_URL for environments in which IRONIC_IP

kubectl-image/Dockerfile

@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%kubectl:1.32.4
+#!BuildTag: %%IMG_PREFIX%%kubectl:1.33.4
-#!BuildTag: %%IMG_PREFIX%%kubectl:1.32.4-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%kubectl:1.33.4-%RELEASE%
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 
@@ -15,11 +15,11 @@ FROM micro AS final
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SLE kubectl image"
 LABEL org.opencontainers.image.description="kubectl on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="1.32.4"
+LABEL org.opencontainers.image.version="1.33.4"
 LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.32.4-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.33.4-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"

kubectl/kubectl.spec

@@ -1,7 +1,7 @@
 %global debug_package %{nil}
 
 Name: kubectl
-Version: 1.32.4
+Version: 1.33.4
 Release: 0
 Summary: Command-line utility for interacting with a Kubernetes cluster
 

metal3-chart/Chart.yaml

@@ -1,28 +1,28 @@
-#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.10_up0.12.0
+#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.12_up0.12.2
-#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.10_up0.12.0-%RELEASE%
+#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.12_up0.12.2-%RELEASE%
 apiVersion: v2
-appVersion: 0.12.0
+appVersion: 0.12.2
 dependencies:
 - alias: metal3-baremetal-operator
   name: baremetal-operator
   repository: file://./charts/baremetal-operator
-  version: 0.9.2
+  version: 0.9.4
 - alias: metal3-ironic
   name: ironic
   repository: file://./charts/ironic
-  version: 0.11.0
+  version: 0.11.2
 - alias: metal3-mariadb
   condition: global.enable_mariadb
   name: mariadb
   repository: file://./charts/mariadb
-  version: 0.6.0
+  version: 0.6.1
 - alias: metal3-media
   condition: global.enable_metal3_media_server
   name: media
   repository: file://./charts/media
-  version: 0.6.4
+  version: 0.6.5
 description: A Helm chart that installs all of the dependencies needed for Metal3
 icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg
 name: metal3
 type: application
-version: "%%CHART_MAJOR%%.0.10+up0.12.0"
+version: "%%CHART_MAJOR%%.0.12+up0.12.2"

metal3-chart/charts/baremetal-operator/Chart.yaml

@@ -3,4 +3,4 @@ appVersion: 0.9.1
 description: A Helm chart for baremetal-operator, used by Metal3
 name: baremetal-operator
 type: application
-version: 0.9.2
+version: 0.9.4

metal3-chart/charts/baremetal-operator/templates/_helpers.tpl

@@ -61,3 +61,19 @@ Create the name of the service account to use
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
+
+{{/*
+Create the URL to use for connecting to the Ironic servers (e.g. API, cache)
+*/}}
+{{- define "baremetal-operator.ironicHttpHost" -}}
+{{- $hostIP := include "metal3.hostIP" . -}}
+{{- with .Values.global }}
+{{- if .provisioningHostname }}
+{{- .provisioningHostname }}
+{{- else if regexMatch ".*:.*" $hostIP}}
+{{- print "[" $hostIP "]" }}
+{{- else }}
+{{- $hostIP }}
+{{- end }}
+{{- end }}
+{{- end }}

metal3-chart/charts/baremetal-operator/templates/configmap-ironic.yaml

@@ -1,10 +1,10 @@
   {{- $enableTLS := .Values.global.enable_tls }}
   {{- $enableVMediaTLS := .Values.global.enable_vmedia_tls }}
   {{- $protocol := ternary "https" "http" $enableTLS }}
-  {{- $ironicIP := .Values.global.ironicIP | default "" }}
+  {{- $ironicHost := include "baremetal-operator.ironicHttpHost" . | required "Missing host information for BMO to connect to Ironic" }}
-  {{- $ironicApiHost := print $ironicIP ":6385" }}
+  {{- $ironicApiHost := print $ironicHost ":6385" }}
-  {{- $ironicBootHost := print $ironicIP ":6180" }}
+  {{- $ironicBootHost := print $ironicHost ":6180" }}
-  {{- $ironicCacheHost := print $ironicIP ":6180" }}
+  {{- $ironicCacheHost := print $ironicHost ":6180" }}
   {{- $deployArch := .Values.global.deployArchitecture }}
 
 apiVersion: v1
@@ -12,8 +12,8 @@ data:
   IRONIC_ENDPOINT: "{{ $protocol }}://{{ $ironicApiHost }}/v1/"
   # Switch VMedia to HTTP if enable_vmedia_tls is false
   {{- if and $enableTLS $enableVMediaTLS }}
-    {{- $ironicBootHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
+    {{- $ironicBootHost = print $ironicHost ":" .Values.global.vmediaTLSPort }}
-    {{- $ironicCacheHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
+    {{- $ironicCacheHost = print $ironicHost ":" .Values.global.vmediaTLSPort }}
     {{- $protocol = "https" }}
   RESTART_CONTAINER_CERTIFICATE_UPDATED: "true"
   {{- else }}

metal3-chart/charts/baremetal-operator/templates/metrics_service.yaml

@@ -6,6 +6,7 @@ metadata:
     control-plane: controller-manager
   name: {{ include "baremetal-operator.fullname" . }}-controller-manager-metrics-service
 spec:
+  ipFamilyPolicy: PreferDualStack
   ports:
   - name: https
     port: 8443

metal3-chart/charts/baremetal-operator/templates/service-webhook.yaml

@@ -5,6 +5,7 @@ metadata:
     {{- include "baremetal-operator.labels" . | nindent 4 }}
   name: {{ include "baremetal-operator.fullname" . }}-webhook-service
 spec:
+  ipFamilyPolicy: PreferDualStack
   ports:
   - port: 443
     targetPort: 9443

metal3-chart/charts/ironic/Chart.yaml

@@ -3,4 +3,4 @@ appVersion: 29.0.4
 description: A Helm chart for Ironic, used by Metal3
 name: ironic
 type: application
-version: 0.11.0
+version: 0.11.2

metal3-chart/charts/ironic/templates/_helpers.tpl

@@ -83,3 +83,50 @@ Get ironic CA volumeMounts
   readOnly: true
 {{- end }}
 {{- end }}
+
+{{/*
+Get the formatted "External" hostname or IP based URL
+*/}}
+{{- define "ironic.externalHttpUrl" }}
+{{- $host := ternary (include "metal3.hostIP" .) .Values.global.externalHttpHost (empty .Values.global.externalHttpHost) }}
+{{- if regexMatch ".*:.*" $host }}
+{{- $host = print "[" $host "]" }}
+{{- end }}
+{{- $protocol := "http" }}
+{{- $port := "6180" }}
+{{- if .Values.global.enable_vmedia_tls }}
+{{- $protocol = "https" }}
+{{- $port = .Values.global.vmediaTLSPort | default "6185" }}
+{{- end }}
+{{- print $protocol "://" $host ":" $port }}
+{{- end }}
+
+{{/*
+Get the command to use for Liveness and Readiness probes
+*/}}
+{{- define "ironic.probeCommand" }}
+{{- $host := "127.0.0.1" }}
+{{- if eq .Values.listenOnAll false }}
+{{- $host = coalesce .Values.global.provisioningIP .Values.global.ironicIP .Values.global.provisioningHostname }}
+{{- if regexMatch ".*:.*" $host }}
+{{- $host = print "[" $host "]" }}
+{{- end }}
+{{- end }}
+{{- print "curl -sSfk https://" $host ":6385" }}
+{{- end }}
+
+{{/*
+Create the subjectAltNames section to be set on the Certificate
+*/}}
+{{- define "ironic.subjectAltNames" -}}
+{{- with .Values.global }}
+{{- if .provisioningHostname }}
+dnsNames:
+- {{ .provisioningHostname }}
+{{- end -}}
+{{- if or .ironicIP .provisioningIP }}
+ipAddresses:
+  - {{ coalesce .provisioningIP .ironicIP }}
+{{- end }}
+{{- end }}
+{{- end }}

metal3-chart/charts/ironic/templates/certificates.yaml

@@ -6,8 +6,7 @@ metadata:
 spec:
   commonName: ironic-ca
   isCA: true
-  ipAddresses:
+  {{- include "ironic.subjectAltNames" . | indent 2 }}
-  - {{ .Values.global.ironicIP }}
   issuerRef:
     kind: Issuer
     name: selfsigned-issuer
@@ -19,8 +18,7 @@ metadata:
   name: ironic-cert
 spec:
   commonName: ironic-cert
-  ipAddresses:
+  {{- include "ironic.subjectAltNames" . | indent 2 }}
-  - {{ .Values.global.ironicIP }}
   issuerRef:
     kind: Issuer
     name: ca-issuer
@@ -33,8 +31,7 @@ metadata:
   name: ironic-vmedia-cert
 spec:
   commonName: ironic-vmedia-cert
-  ipAddresses:
+  {{- include "ironic.subjectAltNames" . | indent 2 }}
-  - {{ .Values.global.ironicIP }}
   issuerRef:
     kind: Issuer
     name: ca-issuer

metal3-chart/charts/ironic/templates/configmap.yaml

@@ -5,16 +5,9 @@ metadata:
   labels:
     {{- include "ironic.labels" . | nindent 4 }}
 data:
-  {{- $enableTLS := .Values.global.enable_tls }}
-  {{- $enableVMediaTLS := .Values.global.enable_vmedia_tls }}
-  {{- $protocol := ternary "https" "http" $enableTLS }}
-  {{- $ironicIP := .Values.global.ironicIP | default "" }}
-  {{- $ironicBootHost := print $ironicIP ":6180" }}
-  {{- $ironicCacheHost := print $ironicIP ":6180" }}
   {{- $deployArch := .Values.global.deployArchitecture }}
 
   {{- if  ( .Values.global.enable_dnsmasq ) }}
-  DNSMASQ_BOOT_SERVER_ADDRESS: {{ $ironicBootHost }}
   DNSMASQ_DNS_SERVER_ADDRESS: {{ .Values.global.dnsmasqDNSServer }}
   DNSMASQ_DEFAULT_ROUTER: {{ .Values.global.dnsmasqDefaultRouter }}
   DHCP_RANGE: {{ .Values.global.dhcpRange }}
@@ -24,29 +17,21 @@ data:
   {{- end }}
   HTTP_PORT: "6180"
   PREDICTABLE_NIC_NAMES: "{{ .Values.global.predictableNicNames }}"
-  # Switch VMedia to HTTP if enable_vmedia_tls is false
+  IRONIC_EXTERNAL_HTTP_URL: {{ include "ironic.externalHttpUrl" . }}
-  {{- if and $enableTLS $enableVMediaTLS }}
-    {{- $ironicBootHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
-    {{- $ironicCacheHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
-    {{- $protocol = "https" }}
-  {{- else }}
-    {{- $protocol = "http" }}
-  {{- end }}
-  IRONIC_EXTERNAL_HTTP_URL: {{ $protocol }}://{{ $ironicCacheHost }}
   DEPLOY_ARCHITECTURE: {{ $deployArch }}
-  IRONIC_BOOT_BASE_URL: {{ $protocol }}://{{ $ironicBootHost }}
   ENABLE_PXE_BOOT: "{{ .Values.global.enable_pxe_boot }}"
   {{- if .Values.global.provisioningInterface }}
   PROVISIONING_INTERFACE: {{ .Values.global.provisioningInterface }}
   {{- end }}
   {{- if .Values.global.provisioningIP }}
-  PROVISIONING_IP: {{ .Values.global.provisioningIP }}
+  PROVISIONING_IP: {{ include "metal3.hostIP" . }}
+  {{- else if .Values.global.ironicIP }}
+  IRONIC_IP: {{ include "metal3.hostIP" . }}
+  {{- else if .Values.global.provisioningHostname }}
+  IRONIC_URL_HOSTNAME: {{ .Values.global.provisioningHostname }}
   {{- end }}
   IRONIC_FAST_TRACK: "true"
-  LISTEN_ALL_INTERFACES: "true"
+  LISTEN_ALL_INTERFACES: "{{ .Values.listenOnAll }}"
-  {{- if .Values.global.ironicIP }}
-  IRONIC_IP: {{ .Values.global.ironicIP }}
-  {{- end }}
   {{- if  ( .Values.global.enable_tls ) }}
   RESTART_CONTAINER_CERTIFICATE_UPDATED: "true"
   IRONIC_KERNEL_PARAMS: {{ .Values.global.ironicKernelParams }} tls.enabled=true

metal3-chart/charts/ironic/templates/deployment.yaml

@@ -42,7 +42,7 @@ spec:
             name: ironic
         livenessProbe:
           exec:
-            command: ["sh", "-c", "curl -sSfk https://127.0.0.1:6385"]
+            command: ["sh", "-c", "{{ include "ironic.probeCommand" . }}"]
           failureThreshold: 10
           initialDelaySeconds: 30
           periodSeconds: 30
@@ -60,7 +60,7 @@ spec:
         {{- end }}
         readinessProbe:
           exec:
-            command: ["sh", "-c", "curl -sSfk https://127.0.0.1:6385"]
+            command: ["sh", "-c", "{{ include "ironic.probeCommand" . }}"]
           failureThreshold: 10
           initialDelaySeconds: 30
           periodSeconds: 30

metal3-chart/charts/ironic/templates/service.yaml

@@ -10,6 +10,7 @@ metadata:
   {{- end }}
 spec:
   type: {{ .Values.service.type }}
+  ipFamilyPolicy: PreferDualStack
   ports:
   {{- $enableTLS := .Values.global.enable_tls }}
   {{- $enableVMediaTLS := .Values.global.enable_vmedia_tls }}

metal3-chart/charts/ironic/values.yaml

@@ -32,6 +32,12 @@ global:
   # IP Address assigned to network interface on provisioning network
   provisioningIP: ""
 
+  # Fully Qualified Domain Name used by Ironic for both binding (to the
+  # associated IPv4 and/or IPv6 addresses) and exposing the API, dnsmask and
+  # media, also used by BMO. Note, this is the only way to enable a fully
+  # working dual-stack configuration.
+  provisioningHostname: ""
+
   # Whether the NIC names should be predictable or not
   predictableNicNames: "true"
 
@@ -52,11 +58,13 @@ global:
 
 replicaCount: 1
 
+listenOnAll: true
+
 images:
   ironic:
     repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
     pullPolicy: IfNotPresent
-    tag: 29.0.4.0
+    tag: 29.0.4.1
   ironicIPADownloader:
     repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic-ipa-downloader
     pullPolicy: IfNotPresent

metal3-chart/charts/mariadb/Chart.yaml

@@ -3,4 +3,4 @@ appVersion: "10.11"
 description: A Helm chart for MariaDB, used by Metal3
 name: mariadb
 type: application
-version: 0.6.0
+version: 0.6.1

metal3-chart/charts/mariadb/templates/service.yaml

@@ -5,6 +5,7 @@ metadata:
   labels:
     {{- include "mariadb.labels" . | nindent 4 }}
 spec:
+  ipFamilyPolicy: PreferDualStack
   type: {{ .Values.service.type }}
   selector:
     {{- include "mariadb.selectorLabels" . | nindent 4 }}

metal3-chart/charts/media/Chart.yaml

@@ -3,4 +3,4 @@ appVersion: 1.16.0
 description: A Helm chart for Media, used by Metal3
 name: media
 type: application
-version: 0.6.4
+version: 0.6.5

metal3-chart/charts/media/templates/service.yaml

@@ -5,6 +5,7 @@ metadata:
   labels:
     {{- include "media.labels" . | nindent 4 }}
 spec:
+  ipFamilyPolicy: PreferDualStack
   type: {{ .Values.service.type }}
   ports:
     - port: {{ .Values.service.port }}

metal3-chart/charts/media/values.yaml

@@ -24,7 +24,7 @@ replicaCount: 1
 image:
   repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
   pullPolicy: IfNotPresent
-  tag: 29.0.4.0
+  tag: 29.0.4.1
 
 imagePullSecrets: []
 nameOverride: ""

metal3-chart/templates/_helpers.tpl

@@ -60,3 +60,18 @@ Create the name of the service account to use
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
+
+{{/*
+Produce the correct IP or hostname for Ironic provisioning
+*/}}
+{{- define "metal3.hostIP" -}}
+{{- with .Values.global }}
+{{- if and .provisioningHostname (or .provisioningIP .ironicIP) }}
+{{  fail "Please provide either provisioningHostname or provisioningIP or ironicIP" }}
+{{- end }}
+{{- if and .provisioningIP .ironicIP }}
+{{  fail "Please provide either ironicIP or provisioningIP" }}
+{{- end }}
+{{- coalesce .provisioningIP .ironicIP }}
+{{- end }}
+{{- end }}

metal3-chart/values.yaml

@@ -60,6 +60,15 @@ global:
   # IP Address assigned to network interface on provisioning network
   provisioningIP: ""
 
+  # Fully Qualified Domain Name used by Ironic for both binding (to the 
+  # associated IPv4 and/or IPv6 addresses) and exposing the API, dnsmask and
+  # media, also used by BMO. Note, this is the only way to enable a fully
+  # working dual-stack configuration.
+  provisioningHostname: ""
+
+  # Hostname or IP for accessing the Ironic API server from a non-provisioning network
+  externalHttpHost: ""
+
   # Name for the MariaDB service
   databaseServiceName: metal3-mariadb
 

nessie-image/Dockerfile

@@ -0,0 +1,31 @@
+# SPDX-License-Identifier: Apache-2.0
+#!BuildTag: %%IMG_PREFIX%%nessie:%%nessie_version%%
+#!BuildTag: %%IMG_PREFIX%%nessie:%%nessie_version%%-%RELEASE%
+
+ARG SLE_VERSION
+FROM registry.suse.com/bci/bci-base:$SLE_VERSION
+
+# labelprefix=com.suse.application.nessie
+LABEL org.opencontainers.image.title="nessie"
+LABEL org.opencontainers.image.description="Nessie diagnostic tool for SUSE Kubernetes environments"
+LABEL org.opencontainers.image.version="%%nessie_version%%"
+LABEL org.opencontainers.image.authors="George Agriogiannis <george.agriogiannis2@suse.com>"
+LABEL org.opencontainers.image.url="https://github.com/suse-edge/support-tools/tree/main/nessie"
+LABEL org.opencontainers.image.vendor="SUSE LLC"
+LABEL org.opencontainers.image.created="%BUILDTIME%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%nessie:%%nessie_version%%-%RELEASE%"
+LABEL org.openbuildservice.disturl="%DISTURL%"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
+LABEL com.suse.eula="SUSE Combined EULA February 2024"
+LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
+LABEL com.suse.image-type="application"
+LABEL com.suse.release-stage="released"
+# endlabelprefix
+
+RUN zypper --non-interactive refresh && \
+    zypper --non-interactive install --no-recommends nessie && \
+    zypper clean
+
+WORKDIR /tmp
+
+ENTRYPOINT ["/usr/bin/nessie"]

nessie-image/_service

@@ -0,0 +1,19 @@
+<services>
+  <service mode="buildtime" name="kiwi_metainfo_helper"/>
+  <service mode="buildtime" name="docker_label_helper"/>
+  <service name="replace_using_package_version" mode="buildtime">
+    <param name="file">Dockerfile</param>
+    <param name="regex">%%nessie_version%%</param>
+    <param name="package">nessie</param>
+    <param name="parse-version">patch</param>
+  </service>
+  <service name="replace_using_env" mode="buildtime">
+    <param name="file">Dockerfile</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
+    <param name="var">IMG_PREFIX</param>
+    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
+    <param name="var">IMG_REPO</param>
+    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
+    <param name="var">SUPPORT_LEVEL</param>
+  </service>
+</services>

nessie/_service

@@ -0,0 +1,26 @@
+<services>
+  <service name="obs_scm">
+    <param name="url">https://github.com/suse-edge/support-tools</param>
+    <param name="scm">git</param>
+    <param name="revision">nessie-v1.0.0</param>
+    <param name="version">_auto_</param>
+    <param name="versionformat">@PARENT_TAG@</param>
+    <param name="changesgenerate">enable</param>
+    <param name="changesauthor">george.agriogiannis2@suse.com</param>
+    <param name="match-tag">nessie-v*</param>
+    <param name="versionrewrite-pattern">nessie-v(\d+\.\d+\.\d+)</param>
+    <param name="versionrewrite-replacement">\1</param>
+    <param name="subdir">nessie</param>
+    <param name="exclude">.git</param>
+    <param name="without-version">yes</param>
+    <param name="filename">nessie</param>
+  </service>
+  <service mode="buildtime" name="tar">
+    <param name="obsinfo">nessie.obsinfo</param>
+  </service>
+  <service mode="buildtime" name="recompress">
+    <param name="file">*.tar</param>
+    <param name="compression">gz</param>
+  </service>
+  <service mode="buildtime" name="set_version" />
+</services>

nessie/nessie.spec

@@ -0,0 +1,80 @@
+#
+# spec file for package nessie
+#
+# Copyright (c) 2024 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+Name:           nessie
+# Version will be set automatically by factory's set_version service
+Version:        1.0.0
+Release:        0
+Summary:        Node Environment Support Script for Inspection and Export
+License:        Apache-2.0
+Group:          System/Management
+URL:            https://github.com/suse-edge/support-tools/tree/main/nessie
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+# Build dependencies
+BuildRequires:  python3-devel
+
+# Runtime dependencies
+Requires:       python3
+Requires:       python3-kubernetes
+Requires:       python3-PyYAML
+Requires:       helm
+Requires:       systemd
+
+# Optional dependencies for enhanced functionality
+Recommends:     util-linux
+
+%description
+Nessie (Node Environment Support Script for Inspection and Export) is a
+comprehensive diagnostic tool for SUSE Kubernetes environments. It collects
+logs, configurations, and system information from Kubernetes clusters for
+troubleshooting and support purposes.
+
+Key features:
+- Collects system service logs and Kubernetes pod logs
+- Gathers cluster configurations and Helm releases
+- Retrieves node metrics and component versions
+- Supports RKE2 and K3s environments
+- Fault-tolerant with configurable options
+- Can be run directly or as a container
+
+The tool is designed specifically for SUSE Edge environments and integrates
+well with SUSE Linux Micro, RKE2, and K3s distributions.
+
+%prep
+%autosetup
+
+%build
+# Validate Python syntax
+python3 -m py_compile nessie.py
+
+%install
+# Install the main script
+install -D -m 0755 nessie.py %{buildroot}%{_bindir}/nessie
+
+# Install documentation files
+install -D -m 0644 README.md %{buildroot}%{_docdir}/%{name}/README.md
+install -D -m 0644 LICENSE %{buildroot}%{_docdir}/%{name}/LICENSE
+
+%files
+%{_bindir}/nessie
+%dir %{_docdir}/%{name}
+%doc %{_docdir}/%{name}/README.md
+%license %{_docdir}/%{name}/LICENSE
+
+%changelog

rancher-turtles-chart/values.yaml

@@ -22,7 +22,7 @@ rancherTurtles:
   # rancherInstalled: True if Rancher already installed is in the cluster, this is the preferred installation way.
   rancherInstalled: false
   # kubectlImage: Image for kubectl tasks.
-  kubectlImage: "%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.32.4"
+  kubectlImage: "%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.33.4"
   # features: Optional and experimental features.
   features:
     # day2operations: Alpha feature.

release-manifest-image/release_manifest.yaml

@@ -7,7 +7,7 @@ spec:
   components:
     kubernetes:
       k3s:
-        version: v1.32.4+k3s1
+        version: v1.33.3+k3s1
         coreComponents:
           - name: traefik-crd
             version: 34.2.1+up34.2.0
@@ -31,46 +31,46 @@ spec:
                 image: rancher/mirrored-metrics-server:v0.7.2
             type: Deployment
       rke2:
-        version: v1.32.4+rke2r1
+        version: v1.33.3+rke2r1
         coreComponents:
           - name: rke2-cilium
-            version: 1.17.300
+            version: 1.17.600
             type: HelmChart
           - name: rke2-canal
-            version: v3.29.3-build2025040801
+            version: v3.30.2-build2025071100
             type: HelmChart
           - name: rke2-calico-crd
-            version: v3.29.101
+            version: v3.30.100
             type: HelmChart
           - name: rke2-calico
-            version: v3.29.300
+            version: v3.30.100
             type: HelmChart
           - name: rke2-coredns
-            version: 1.39.201
+            version: 1.42.302
             type: HelmChart
           - name: rke2-ingress-nginx
-            version: 4.12.101
+            version: 4.12.401
             type: HelmChart
           - name: rke2-metrics-server
-            version: 3.12.200
+            version: 3.12.203
             type: HelmChart
           - name: rancher-vsphere-csi
-            version: 3.3.1-rancher900
+            version: 3.3.1-rancher1000
             type: HelmChart
           - name: rancher-vsphere-cpi
-            version: 1.10.000
+            version: 1.11.000
             type: HelmChart
           - name: harvester-cloud-provider
-            version: 0.2.900
+            version: 0.2.1000
             type: HelmChart
           - name: harvester-csi-driver
-            version: 0.1.2300
+            version: 0.1.2400
             type: HelmChart
           - name: rke2-snapshot-controller-crd
-            version: 4.0.002
+            version: 4.0.003
             type: HelmChart
           - name: rke2-snapshot-controller
-            version: 4.0.002
+            version: 4.0.003
             type: HelmChart
           # Deprecated this empty chart addon can be removed in v1.34
           - name: rke2-snapshot-validation-webhook
@@ -89,20 +89,20 @@ spec:
         - prettyName: Rancher
           releaseName: rancher
           chart: rancher
-          version: 2.11.2
+          version: 2.12.1-alpha1
-          repository: https://charts.rancher.com/server-charts/prime
+          repository: https://releases.rancher.com/server-charts/alpha
           values:
             postDelete:
               enabled: false
         - prettyName: Longhorn
           releaseName: longhorn
           chart: longhorn
-          version: 106.2.0+up1.8.1
+          version: 106.2.1+up1.8.2
           repository: https://charts.rancher.io
           dependencyCharts:
             - releaseName: longhorn-crd
               chart: longhorn-crd
-              version: 106.2.0+up1.8.1
+              version: 106.2.1+up1.8.2
               repository: https://charts.rancher.io
         - prettyName: MetalLB
           releaseName: metallb
@@ -123,12 +123,12 @@ spec:
         - prettyName: NeuVector
           releaseName: neuvector
           chart: neuvector
-          version: 106.0.1+up2.8.6
+          version: 107.0.0+up2.8.7
           repository: https://charts.rancher.io
           dependencyCharts:
             - releaseName: neuvector-crd
               chart: neuvector-crd
-              version: 106.0.1+up2.8.6
+              version: 107.0.0+up2.8.7
               repository: https://charts.rancher.io
           addonCharts:
             - releaseName: neuvector-ui-ext
@@ -142,11 +142,11 @@ spec:
         - prettyName: Elemental
           releaseName: elemental-operator
           chart: oci://registry.suse.com/rancher/elemental-operator-chart
-          version: 1.6.8
+          version: 1.7.3
           dependencyCharts:
             - releaseName: elemental-operator-crds
               chart: oci://registry.suse.com/rancher/elemental-operator-crds-chart
-              version: 1.6.8
+              version: 1.7.3
           addonCharts:
             - releaseName: elemental
               chart: elemental
@@ -171,7 +171,7 @@ spec:
         - prettyName: Metal3
           releaseName: metal3
           chart: '%%CHART_REPO%%/%%CHART_PREFIX%%metal3'
-          version: '%%CHART_MAJOR%%.0.10+up0.12.0'
+          version: '%%CHART_MAJOR%%.0.12+up0.12.2'
         - prettyName: RancherTurtles
           releaseName: rancher-turtles
           chart: '%%CHART_REPO%%/%%CHART_PREFIX%%rancher-turtles'

upgrade-controller-chart/values.yaml

@@ -15,7 +15,7 @@ env:
     image: %%MANIFEST_REPO%%/%%IMG_PREFIX%%release-manifest
   kubectl:
     image: %%IMG_REPO%%/%%IMG_PREFIX%%kubectl
-    version: 1.32.4
+    version: 1.33.4
 
 imagePullSecrets: []
 nameOverride: ""