1
0
forked from suse-edge/Factory

156 Commits
3.2 ... devel

Author SHA256 Message Date
b1dfe698ff Merge pull request 'update-devel' (#141) from nbelouin/Factory:update-devel into devel
Reviewed-on: suse-edge/Factory#141
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
2025-05-07 10:19:14 +02:00
9581e030ce Merge branch 'main' into update-devel 2025-05-06 16:04:05 +02:00
e71339ae00 Merge pull request 'Updates for EIB 1.2.0-rc1' (#126) from dbekhit/Factory:main into main
Reviewed-on: suse-edge/Factory#126
Reviewed-by: Fatih Degirmenci <fdegirmenci@noreply.src.opensuse.org>
2025-05-06 14:36:44 +02:00
f32718b5e4 Merge pull request 'Enable kubectl image on aarch64' (#140) from nbelouin/Factory:kubect-aarch64 into main
Reviewed-on: suse-edge/Factory#140
Reviewed-by: Steven Hardy <steven.hardy@noreply.src.opensuse.org>
Reviewed-by: Fatih Degirmenci <fdegirmenci@noreply.src.opensuse.org>
2025-05-06 14:33:40 +02:00
c81f5057ce Enable kubectl image on aarch64
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
2025-05-06 14:18:52 +02:00
6b8109c772 Merge pull request 'Remove extra slash in image reference' (#139) from nbelouin/Factory:fix-slash-typo into main
Reviewed-on: suse-edge/Factory#139
Reviewed-by: Fatih Degirmenci <fdegirmenci@noreply.src.opensuse.org>
2025-05-06 14:10:04 +02:00
8b383c15fa Remove extra slash in image reference
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
2025-05-06 13:39:45 +02:00
2013caec19 Merge pull request 'Add checks (lint) for helm charts and images' (#128) from nbelouin/Factory:lint into main
Reviewed-on: suse-edge/Factory#128
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
2025-05-06 10:00:12 +02:00
4259b167fd update to v1.2.0-rc1 2025-05-02 11:16:43 -04:00
652fc553b9 Remove -chart suffixes
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
2025-04-30 16:42:54 +02:00
1048591769 Fix charts and images
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
2025-04-30 16:42:54 +02:00
8a9717c266 Add initial checks
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
2025-04-30 16:42:54 +02:00
49405f41f9 EIB v1.2.0-rc0 needs golang 1.124 2025-04-30 16:26:27 +02:00
be29dbba41 Fix the _service file to use the defined pre-release version 2025-04-30 16:26:27 +02:00
a2c817259f modify '-' to '~' 2025-04-30 16:26:27 +02:00
dfe4892f4c changes for EIB 1.2.0-rc0 2025-04-30 16:26:27 +02:00
ef68dbfd92 Merge pull request 'Fix some issue with dependency projects ordering, make _config only build wanted packages' (#137) from nbelouin/Factory:fix-meta-config into main
Reviewed-on: suse-edge/Factory#137
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
2025-04-30 15:27:09 +02:00
6c1db68da8 Fix some issue with dependency projects ordering, make _config only build wanted packages
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
2025-04-30 14:51:17 +02:00
376ec896fe Add kubevirt-dashboard-extension-chart version 303.0.1+up1.3.1 2025-04-29 17:41:05 +02:00
a473d935f9 Merge pull request 'Add support for uEFI aarch64 images without rpi config as default' (#135) from roxenham/Factory:aarch64-uefi into main
Reviewed-on: suse-edge/Factory#135
Reviewed-by: Alberto Morgante Medina <amorgante@noreply.src.opensuse.org>
Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>
2025-04-29 16:33:27 +02:00
27aa096244 Add support for uEFI aarch64 images without rpi config as default
Previously, the default model for aarch64 raw disk images assumes that
you're deploying on Raspberry Pi, and not standard aarch64 systems. This
meant that all raw disk images were built with RPi firmware, and an MBR
boot record, which made it incompatible with systems that require uEFI/GPT
compatibility, especially with Edge Image Builder and Metal3/CAPI deployment
usage.

This PR introduces the following changes:

* Introduces new `Default-RPi` and `Base-RPi` profiles for compatibility with RPi users
* Forces `Base` and `Base-RT` profiles to use GPT based images (not MBR)
* Introduces a new `Base-RT-RPi` profile for kernel-rt on RPi (with MBR)
* Removes Raspberry Pi firmware packages from anything other than RPi profiles
* Modifies the `editbootinstall_rpi.sh` script to support container builds
* Adds policycoreutils-python-utils to the list of packages (for semanage)

See: https://bugzilla.suse.com/show_bug.cgi?id=1240619
2025-04-29 14:54:54 +01:00
3f968b0a06 Add akri-dashboard-extension-chart version 303.0.1+up1.3.0 2025-04-29 15:18:11 +02:00
481d7e90b4 Merge pull request 'update kiwi-builder to use kiwi version as build macro' (#129) from dirkmueller/Factory:main into main
Reviewed-on: suse-edge/Factory#129
Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>
Reviewed-by: Steven Hardy <steven.hardy@noreply.src.opensuse.org>
2025-04-28 16:08:49 +02:00
Dirk Müller
cb70d25886 Remove MAINTAINER statement
this is deprecated and already in oci.authors
2025-04-23 19:10:50 +02:00
Dirk Müller
04937b90b7 build the kiwi-image in an images_16.0 repository 2025-04-23 19:10:50 +02:00
Dirk Müller
ef256bc1d7 make version mismatches fatal 2025-04-23 19:10:50 +02:00
Dirk Müller
437b0fdc41 update README as well
Although this file seems to be unused?
2025-04-23 19:10:50 +02:00
Dirk Müller
0dbc0f8b52 Ensure kiwi versions and build tags actually align 2025-04-23 19:10:47 +02:00
Dirk Müller
3adc816d98 Remove no longer necessary workaround 2025-04-22 17:58:10 +02:00
5883bf7549 Merge pull request '[3.3] - bump nm configurator rpm to 0.3.2' (#122) from dprodanov/Factory:nm-configurator-0-3-2 into main
Reviewed-on: suse-edge/Factory#122
Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>
2025-04-15 13:50:00 +02:00
ba5ed09bd8 Merge pull request '[3.3.0] kubevirt update to 0.5.0' (#116) from dprodanov/Factory:kubevirt-0-5-0 into main
Reviewed-on: suse-edge/Factory#116
Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>
2025-04-15 13:49:44 +02:00
b91c34b6c3 [3.3] - bump nm configurator rpm to 0.3.2
[3.3] - bump nm config to 0.3.2

use lfs
2025-04-15 11:05:35 +03:00
b2e4b5e259 Merge pull request 'Enable aarch64 build for kiwi-builder-image' (#120) from nbelouin/Factory:enable-kiwi-arm into main
Reviewed-on: suse-edge/Factory#120
Reviewed-by: Fatih Degirmenci <fdegirmenci@noreply.src.opensuse.org>
2025-04-09 13:16:51 +02:00
e3f36b74d9 Enable aarch64 build for kiwi-builder-image
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
2025-04-09 11:13:58 +02:00
2b020e9bd7 Merge pull request 'Install both ramdisks in the ipa downloader' (#84) from nbelouin/Factory:multi-arch-ipa into main
Reviewed-on: suse-edge/Factory#84
Reviewed-by: Alberto Morgante Medina <amorgante@noreply.src.opensuse.org>
2025-04-03 15:36:01 +02:00
98fa8835f7 Install both ramdisks in the ipa downloader
- Make the different ipa-ramdisk packages installable side by side
- Clean the ipa-downloader Dockerfile from what seems to be unneeded
- Get both images in
- Use zstd instead of xz for better speed
- Check sums before redoing certs integration
- Add value to metal3 chart to select between architectures
- Get the two ESP available as well

Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
2025-04-03 15:34:29 +02:00
5f52392aa3 Merge pull request 'Change trigger_devel workflow to midday every week day' (#94) from fdegirmenci/suse-edge-factory:trigger-devel-midday-weekdays into main
Reviewed-on: suse-edge/Factory#94
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
Reviewed-by: Steven Hardy <steven.hardy@noreply.src.opensuse.org>
Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>
2025-03-31 09:33:19 +02:00
083c753a0d [3.3.0] kubevirt update to 0.5.0 2025-03-24 15:46:23 +02:00
48472176f2 metal3-chart: Remove stale files
I missed this in #88 - we need to remove these template files to align with
00421ca826
2025-03-24 13:32:49 +00:00
53f09dd00f Update kubevirt-dashboard-extension-chart to v302.0.0+up1.2.1 2025-03-24 12:09:44 +01:00
c610436551 Fix IPA Downloader version, bump to 3.0.2
Update the Dockerfile to be aligned with the IPA ramdisk and metal3
Chart.

Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
2025-03-24 09:09:32 +00:00
3d1a70e87a rancher-turtles-chart: remove stale file
This was removed in the 0.17.0 chart but I didn't notice when rebasing
2025-03-21 17:24:45 +01:00
e439f489ca Bump Metal3 version
Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
2025-03-21 14:05:19 +00:00
8e56e1edd3 Update the IPA ramdisk to 3.0.2
Force nmc to run before NetworkManager to avoid race conditions
that can lead to undetermined network configuration.

Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
2025-03-21 14:05:19 +00:00
2a3c37b31d release-manifest: update rancher-turtles version
Update to 0.17.0 chart
2025-03-21 14:38:06 +01:00
eacabe4d71 rancher-turtles-chart: Update to 0.17.0
Aligns with https://github.com/suse-edge/charts/pull/193
2025-03-21 14:38:06 +01:00
d57078f9d9 rancher-turtles-airgap-resources-chart: Update to 0.17.0
Aligns with: https://github.com/suse-edge/charts/pull/193
2025-03-21 14:38:06 +01:00
fef712e4e8 Update akri-dashboard-extension-chart to v302.0.0+up1.2.1 2025-03-21 14:36:49 +01:00
2b194211ee Upgrade Hauler to v1.2.1 and add version to build (#92)
Reviewed-on: suse-edge/Factory#92
Reviewed-by: Steven Hardy <steven.hardy@noreply.src.opensuse.org>
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
Co-authored-by: dbw7 <danial.bekhit@suse.com>
Co-committed-by: dbw7 <danial.bekhit@suse.com>
2025-03-20 20:28:44 +01:00
a3fda4c5c0 Merge pull request 'Fix FRR-k8s versiobn' (#105) from kzhelyazkov/Factory:fix-frr-rbac-image into main
Reviewed-on: suse-edge/Factory#105
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
2025-03-20 15:31:37 +01:00
3c08af8a28 Fix FRR-k8s versiobn 2025-03-20 16:30:17 +02:00
a1583230bd Merge pull request 'Add metallb-chart build tags' (#103) from kzhelyazkov/Factory:add-metallb-build-tag into main
Reviewed-on: suse-edge/Factory#103
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
2025-03-20 15:09:59 +01:00
c8c20ce47a Add metallb-chart build tags 2025-03-20 16:08:09 +02:00
b30ece6b61 Merge pull request 'Update MetalLB and all other packages around it' (#98) from kzhelyazkov/Factory:update-metallb into main
Reviewed-on: suse-edge/Factory#98
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
Reviewed-by: Steven Hardy <steven.hardy@noreply.src.opensuse.org>
2025-03-20 13:25:13 +01:00
54c0850acf Update MetalLB and all other packages around it 2025-03-19 18:52:41 +02:00
ab92525cbe Merge pull request 'Bump Metal3 and Turles RM versions' (#96) from kzhelyazkov/Factory:bump-metal3-to-0.10.0 into main
Reviewed-on: suse-edge/Factory#96
Reviewed-by: Fatih Degirmenci <fdegirmenci@noreply.src.opensuse.org>
2025-03-19 14:06:13 +01:00
75ae14da78 Bump Metal3 and Turles RM versions 2025-03-19 11:56:54 +02:00
20de7cd994 Merge pull request '3.3.0: Bump rke2 to v1.32.2+rke2r1 in release-manifest' (#95) from fdegirmenci/suse-edge-factory:update-release-manifest-3.3.0 into main
Reviewed-on: suse-edge/Factory#95
Reviewed-by: Kristian Zhelyazkov <kzhelyazkov@noreply.src.opensuse.org>
2025-03-18 17:25:13 +01:00
ca510a470a 3.3.0: Bump rke2 to v1.32.2+rke2r1 in release-manifest 2025-03-18 17:21:11 +01:00
c68c882d35 metal3-chart: update to 0.10.0
Aligns with https://github.com/suse-edge/charts/pull/191
2025-03-17 15:43:38 +01:00
e83a9cea3c baremetal-operator: update to 0.9.0 2025-03-17 15:43:38 +01:00
ea8a9c590a Merge pull request 'Bump Rancher, RKE2, and k3s versions in release-manifest' (#93) from fdegirmenci/suse-edge-factory:update-release-manifest-3.3.0 into main
Reviewed-on: suse-edge/Factory#93
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
2025-03-17 13:29:27 +01:00
fb896ffe62 Change trigger_devel workflow to midday every week day
Cron is configured to run every night on a daily basis which is
great. However, this has potential to break all the SV pipelines
as a commit that gets merged to EIB will result in a new image
build without the SV team have chance to validate and reflect the
change to SV.

This commit configures trigger_devel workflow to run midday every
week day so the SV team can make the necessary validations and
updates accordingly.

Please note that this should be considered as a temporary fix and
an automated way to bring new EIB versions to SV should be developed
collaboratively.
2025-03-17 13:16:07 +01:00
dc19c71706 Update Helm Chart versions for traefik and traefik-crd 2025-03-17 12:48:50 +01:00
5db4c3bc79 Bump Rancher, RKE2, and k3s versions in release-manifest
This PR bumps Rancher, RKE2, and k3s versions to align them with
SV baseline to ensure the upgrade validation is done using the
correct versions.

Versions for traefik and traefik-crd Helm Charts are still
pending to be verified.
2025-03-17 12:40:54 +01:00
389f19f7b9 Merge pull request 'longhorn-1-7-3' (#89) from dprodanov/Factory:longhorn-1-7-3 into main
Reviewed-on: suse-edge/Factory#89
Reviewed-by: Steven Hardy <steven.hardy@noreply.src.opensuse.org>
2025-03-14 10:54:25 +01:00
78a681a3a3 remove accidental push of .idea 2025-03-14 11:47:25 +02:00
da3b39573b update longhorn version to 1.7.3 2025-03-14 11:45:31 +02:00
6531575f1b metal3-chart: update to 0.9.4
Aligns with https://github.com/suse-edge/charts/pull/192
2025-03-12 09:38:29 +00:00
d59f3540a2 metal3-chart: update to 0.9.3
Aligns with https://github.com/suse-edge/charts/pull/189
2025-03-05 19:10:38 +01:00
43c764e69c ironic-image: update to 26.1.2.3
Aligns with https://github.com/suse-edge/charts/pull/189
Also see:
https://build.opensuse.org/package/rdiff/isv:SUSE:Edge:Metal3:Ironic:2024.2/ironic-image?linkrev=base&rev=11
2025-03-05 19:06:06 +01:00
0b306a3e7a Merge pull request 'init versions for release manifest 3.3' (#83) from dprodanov/Factory:release-manifest-3.3 into main
Reviewed-on: suse-edge/Factory#83
Reviewed-by: Ivo Petrov <ipetrov117@noreply.src.opensuse.org>
2025-02-28 18:19:08 +01:00
c744e56218 Merge pull request 'Ironic dependency is located in different project when in internal obs' (#82) from nbelouin/Factory:ironic-meta into main
Reviewed-on: suse-edge/Factory#82
Reviewed-by: Steven Hardy <steven.hardy@noreply.src.opensuse.org>
2025-02-28 12:36:10 +01:00
ddabc54ac8 init versions for release manifest 3.3 2025-02-28 11:52:41 +02:00
0cb039a9df Ironic dependency is located in different project when in internal obs
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
2025-02-26 10:36:10 +01:00
76036c2dd8 Merge pull request 'update-devel' (#81) from nbelouin/Factory:update-devel into devel
Reviewed-on: suse-edge/Factory#81
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
2025-02-25 15:37:18 +01:00
eff9a9b0c5 rancher-turtles-chart: Update to 0.16.0
Align with https://github.com/suse-edge/charts/pull/186
2025-02-25 15:31:46 +01:00
8d336f380b rancher-turtles-airgap-resources-chart: Update to 0.16.0
Align with https://github.com/suse-edge/charts/pull/186
2025-02-25 15:31:46 +01:00
5947d531ab Merge pull request 'Add scheduled workflow for devel branch' (#80) from nbelouin/Factory:trigger-devel-refresh into main
Reviewed-on: suse-edge/Factory#80
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
2025-02-25 15:08:57 +01:00
0c6db5d5cc Merge branch 'main' into devel 2025-02-25 14:32:32 +01:00
15362e9536 Add scheduled workflow for devel branch
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
2025-02-25 13:26:41 +01:00
0b03d14cee Merge pull request 'Add a script to trigger refresh on packages that need one' (#79) from nbelouin/Factory:devel-trigger into devel
Reviewed-on: suse-edge/Factory#79
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
2025-02-25 13:10:39 +01:00
9f2dc045e9 Add a script to trigger refresh on packages that need one
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
2025-02-25 11:35:43 +01:00
8f20b3433e Fix PR closed workflow
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
2025-02-24 15:44:23 +01:00
704eec6875 Merge pull request 'Fix obsinfo tar issues' (#77) from nbelouin/Factory:fix_packages_tar into main
Reviewed-on: suse-edge/Factory#77
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
2025-02-24 15:32:13 +01:00
98c4be017d Add ipcalc, crudini and fakeroot for aarch64 build
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
2025-02-24 13:50:10 +01:00
dccf206a98 Fix obsinfo tar issues
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
2025-02-24 11:21:52 +01:00
9e41ee25d9 Make wait_obs correctly fail
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
2025-02-24 11:21:31 +01:00
d97e434fce PR sha is the wrong one, fix it
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
2025-02-24 11:16:34 +01:00
3dea69443d Add more output to wait_obs
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
2025-02-24 10:47:26 +01:00
331f08255c Fix gitea not supporting if expressions
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
2025-02-21 15:38:13 +01:00
4a99805fde Fix typos in workflows
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
2025-02-21 15:17:59 +01:00
6b8a623372 Merge pull request 'Synchronize metadata from template' (#76) from nbelouin/Factory:sync_meta into main
Reviewed-on: suse-edge/Factory#76
Reviewed-by: Steven Hardy <steven.hardy@noreply.src.opensuse.org>
2025-02-21 15:04:45 +01:00
34687fb5e9 Reduce number of maintainers to avoid spam
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
2025-02-21 09:33:48 +01:00
5a73d61002 Fix issue with bash being annoying
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
2025-02-20 15:57:08 +01:00
4c6d7dea17 Updating Kiwi builder for SL Micro 6.1 builds 2025-02-20 15:38:31 +01:00
531bb91d27 Merge pull request 'Add metal3 images to ARM allowlist' (#74) from steven.hardy/Factory:arm_config into main
Reviewed-on: suse-edge/Factory#74
Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>
2025-02-20 15:34:51 +01:00
0d3c83fca1 Fix create_project for internal
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
2025-02-20 14:13:37 +01:00
4d824b71cc Remove need for workflow
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
2025-02-20 14:01:04 +01:00
7f93226cd3 Fix akri tar step
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
2025-02-20 11:15:35 +01:00
d6d501ad99 Sync metadata, revamp PR jobs
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
2025-02-20 11:05:47 +01:00
f61bb1e0e6 Add metal3 images to ARM allowlist
We need to ensure these build to enable usage of the metal3 chart on ARM
2025-02-20 09:36:23 +00:00
a510134ed4 Fix sync action typo
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
2025-02-14 14:40:43 +01:00
54e0941879 Trigger workflow when it changes
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
2025-02-14 14:36:16 +01:00
c04b2af72b Fix typo in sync_config action workflow
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
2025-02-14 14:34:44 +01:00
c57aa3344d Merge pull request 'Add project config to git' (#72) from nbelouin/Factory:add_config into main
Reviewed-on: suse-edge/Factory#72
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
Reviewed-by: Steven Hardy <steven.hardy@noreply.src.opensuse.org>
2025-02-14 14:31:37 +01:00
c86d724e92 Add project config to git
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
2025-02-14 14:31:09 +01:00
9d97e8a56d metal3-chart: Update to 0.9.2
Align with https://github.com/suse-edge/charts/pull/182
2025-02-12 09:12:49 +00:00
b912f9d68a ironic-image: update to 26.1.2.2
Align with:
https://build.opensuse.org/package/rdiff/isv:SUSE:Edge:Metal3:Ironic:2024.2/ironic-image?linkrev=base&rev=10
https://github.com/suse-edge/charts/pull/182

Fixes a pod restart caused by the runlogwatch.sh script
2025-02-12 09:06:45 +00:00
45443d5b5f ironic-ipa-downloader-image: remove unused _service entry
This is hard-coded to x86_64 so won't work for ARM, aligns with:
https://build.opensuse.org/package/rdiff/isv:SUSE:Edge:Metal3:Ironic:2024.2/ironic-ipa-downloader-image?linkrev=base&rev=6
2025-02-07 11:25:21 +00:00
ac32110ac1 ironic-ipa-ramdisk: migrate tarball to git-lfs 2025-02-06 16:38:13 +00:00
5d20bc38e3 metal3-chart: update to 0.9.1
Align with https://github.com/suse-edge/charts/pull/173 which
added some fixes to enable deployment on aarch64
2025-02-06 16:36:07 +00:00
e085a97d98 ironic-ipa-downloader-image: update to 3.0.1
Update to the latest version from
https://build.opensuse.org/package/show/isv:SUSE:Edge:Metal3:Ironic:2024.2/ironic-ipa-downloader-image
2025-02-06 16:36:04 +00:00
58c8be887a ironic-ipa-ramdisk: update to 3.0.1
Update to the latest version from
https://build.opensuse.org/package/show/isv:SUSE:Edge:Metal3:Ironic:2024.2/ironic-ipa-ramdisk
2025-02-06 16:35:57 +00:00
0d59ad920e ironic-image: update to 26.1.2.1
Align with latest 26.1.2.1 version from
https://build.opensuse.org/package/show/isv:SUSE:Edge:Metal3:Ironic:2024.2/ironic-image
2025-02-05 15:58:26 +00:00
Denislav Prodanov
f90f614746 update eib image to use package version 2025-01-31 14:59:32 +02:00
35f06da226 Update edge-image-builder/_service 2025-01-29 09:52:25 +01:00
8dd6d7d9d7 Update edge-image-builder/edge-image-builder.spec 2025-01-28 13:54:58 +01:00
f9c5a29a9f Update edge-image-builder/_service 2025-01-28 13:54:39 +01:00
1b83b54b58 Update edge-image-builder/_service 2025-01-28 13:47:41 +01:00
c6b64a252f Update edge-image-builder/edge-image-builder.spec 2025-01-28 13:43:23 +01:00
689c80ffcc Update edge-image-builder/_service 2025-01-28 13:39:56 +01:00
d8745fe060 Update edge-image-builder/_service 2025-01-28 13:35:25 +01:00
9e39bdcf7f Update edge-image-builder/edge-image-builder.spec 2025-01-28 13:30:15 +01:00
9e376ffb74 Update edge-image-builder/_service 2025-01-28 13:29:50 +01:00
0fc166ff06 Add _config 2025-01-28 11:37:52 +01:00
74133c22f6 Fix service file for frr-k8s-image
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
2025-01-17 09:44:56 +01:00
e85da96001 Merge pull request 'Import missing package: frr-k8s-image' (#67) from nbelouin/Factory:import-frr-k8s-image into main
Reviewed-on: suse-edge/Factory#67
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
2025-01-17 09:31:28 +01:00
dab7f36e0b Add package to workflow
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
2025-01-17 09:31:10 +01:00
5490ffcde2 Import missing package: frr-k8s-image
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
2025-01-17 09:24:32 +01:00
04b9c07dd5 Merge pull request 'Add an additional tag without the _up suffix to please Rancher for dashboard extensions' (#65) from nbelouin/Factory:add-no-up-tag-extensions into main
Reviewed-on: suse-edge/Factory#65
Reviewed-by: Jiří Tomášek <jtomasek@noreply.src.opensuse.org>
2025-01-16 15:47:33 +01:00
25de5df782 Add an additional tag without the _up suffix to please Rancher for dashboard extensions
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
2025-01-16 15:35:46 +01:00
3f9b8c9e22 Merge pull request 'Use manifest_repo var to allow for release manifest in separate repo' (#57) from nbelouin/Factory:manifest-repo-var into main
Reviewed-on: suse-edge/Factory#57
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
2024-12-23 12:11:01 +01:00
2a993e342e Use manifest_repo var to allow for release manifest in separate repo
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
2024-12-23 11:33:04 +01:00
cab6fe1bcb release-manifest: Update to Rancher prime 2.10.1
2.10.1 was released so update to the prime version
2024-12-20 09:28:38 +00:00
fde506f9ef Release manifest updates in relation to corner case use-cases (#60)
Changes:

- Rancher version convention was changed from `v2.10.0` to `2.10.0` to better map to the actual version in the upstream helm chart repo which is without the `v` prefix.

- Rancher's `postDelete` hook has been disabled - done to ensure that we will not hit a corner case where:

   1. The Rancher helm chart upgrade fails, because of a core component not yet being ready
   2. The `helm-controller` schedules a `helm uninstall` which deletes the Rancher Helm release and triggers the `postDelete` hook.
   3. The problematic core component is up and running, so `helm-controller` schedules a `helm install` with the new version.
   4. Due to insufficient resources, or network connection (or other unforeseen problems), the `postDelete` hook is still running and it wrongly removes the new Rancher installation resulting in a missing rancher from the cluster after an upgrade.

The `postDelete` hook ensures that no accidental delete of the Rancher application will happen during an upgrade over a machine with fewer resources.

Reviewed-on: suse-edge/Factory#60
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>
Reviewed-by: Atanas Dinov <atanasdinov@noreply.src.opensuse.org>
Co-authored-by: Ivo Petrov <ivo.petrov@suse.com>
Co-committed-by: Ivo Petrov <ivo.petrov@suse.com>
2024-12-19 12:27:23 +01:00
f49e6be155 Bump K8s version in the release manifest (#58)
- Bumps both RKE2 and K3s versions to the `1.31.3` version that is expected by Rancher `v2.10.1`.

- Bumps the K8s core component versions to the `1.31.3` expected versions.

RKE2 core component versions have been checked against the `Chart Versions` table of the said [release](https://github.com/rancher/rke2/releases/tag/v1.31.3%2Brke2r1).
K3s core component versions have been checked agains the [manifests](https://github.com/k3s-io/k3s/tree/v1.31.3%2Bk3s1/manifests) directory of said release.

Reviewed-on: suse-edge/Factory#58
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
Co-authored-by: Ivo Petrov <ivo.petrov@suse.com>
Co-committed-by: Ivo Petrov <ivo.petrov@suse.com>
2024-12-17 09:06:03 +01:00
e820e98a2f Add missing Elemental dashboard chart (#55)
Reviewed-on: suse-edge/Factory#55
Reviewed-by: Atanas Dinov <atanasdinov@noreply.src.opensuse.org>
Co-authored-by: Ivo Petrov <ivo.petrov@suse.com>
Co-committed-by: Ivo Petrov <ivo.petrov@suse.com>
2024-12-12 11:20:22 +01:00
8c31073506 Merge pull request 'Bump upgrade-controller to v0.1.1' (#53) from upgrade-controller-v0.1.1 into main
Reviewed-on: suse-edge/Factory#53
Reviewed-by: Ivo Petrov <ipetrov117@noreply.src.opensuse.org>
Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
2024-12-11 18:35:11 +01:00
4bba5fd3f2 Bump chart version 2024-12-11 18:35:11 +01:00
383705e9a3 Bump container image version 2024-12-11 18:35:11 +01:00
a752a25191 Bump RPM version 2024-12-11 18:35:11 +01:00
83fec09683 Introduce K8s distribution core component list (#52)
Introduces the K8s distribution core component list that the upgrade-controller will follow in order to make sure that a specific Kubernetes upgrade has completed successfully.

Relates to the [#116](https://github.com/suse-edge/upgrade-controller/pull/116) upgrade-controller PR.

Reviewed-on: suse-edge/Factory#52
Reviewed-by: Atanas Dinov <atanasdinov@noreply.src.opensuse.org>
Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>
Co-authored-by: Ivo Petrov <ivo.petrov@suse.com>
Co-committed-by: Ivo Petrov <ivo.petrov@suse.com>
2024-12-11 15:45:28 +01:00
32519595dc IPA ramdisk git LFS fix
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
2024-12-10 14:01:55 +01:00
87c7e1be88 Update akri-dashboard-extension-chart to v1.2.1 2024-12-06 09:47:40 +01:00
568d5d1590 Update kubevirt-dashboard-extension-chart to v1.2.1 2024-12-06 09:30:28 +01:00
fbd596290a release-manifest: Update rancher-turtles chart
Fix the rancher-turtles-chart version to align with #44
2024-12-05 17:35:46 +00:00
ec6c4745ea Remove CAPM3/IPAM images
These are now provided by the rancher registry since #44
2024-12-05 13:11:00 +00:00
856ec2ac8e rancher-turtles-airgap-resources-chart: Update to 0.14.1 upstream release
Aligns with https://github.com/suse-edge/charts/pull/174 which
rebases to 0.14.1, which is marked as compatible with Rancher 2.10
2024-12-05 11:35:05 +00:00
7721c66ab0 rancher-turtles-chart: Update to 0.14.1 upstream release
Aligns with https://github.com/suse-edge/charts/pull/174 which
rebases to 0.14.1, which is marked as compatible with Rancher 2.10
2024-12-05 11:31:40 +00:00
cf6abb24fb Merge pull request 'fixed versions in eib artifacts' (#42) from dprodanov/Factory:fix-eib-versions into main
Reviewed-on: suse-edge/Factory#42
Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>
2024-12-04 16:00:26 +01:00
602249c98d fixed versions in eib artifacts 2024-12-04 16:02:41 +02:00
8a93aae7c5 kiwi-builder-image: Align with OBS latest version
Aligns with the latest fixes in isv:SUSE:Edge:KiwiBuilder/kiwi-builder-10
2024-12-02 18:19:04 +00:00
aba448b275 Merge pull request 'updated longhorn and neuvector to latest 105 charts' (#38) from dprodanov/Factory:update-release-manifests into main
Reviewed-on: suse-edge/Factory#38
Reviewed-by: Ivo Petrov <ipetrov117@noreply.src.opensuse.org>
2024-11-28 16:05:04 +01:00
09954e5818 updated longhorn and neuvector to latest 105 charts 2024-11-28 16:57:54 +02:00
636493adba rancher-turtles: Fix issue in 0.4.0 chart
The previous import was based on a pre-merge copy of the following PR
- an issue was discovered during SV validation which required an
additional change to ensure CRDs are created before creating the
ClusterctlConfig CR

https://github.com/suse-edge/charts/pull/166
2024-11-27 08:23:32 +00:00
195 changed files with 8565 additions and 3556 deletions

View File

@@ -1,23 +0,0 @@
name: Check Release Manifest Local Charts Versions
on:
pull_request:
branches-ignore:
- "devel"
jobs:
sync-pr-project:
name: "Check Release Manifest Local Charts Versions"
runs-on: tumbleweed
steps:
# Waiting on PR to get merged for support in upstream action/checkout action
- uses: 'https://github.com/yangskyboxlabs/action-checkout@sha256'
name: Checkout repository
with:
object-format: 'sha256'
- name: Setup dependencies
run: |
zypper in -y python3-ruamel.yaml
- name: Check release manifest
run: |
python3 .obs/manifest-check.py --check

View File

@@ -0,0 +1,31 @@
name: Trigger Devel Packages
on:
# NOTE (fdegir): Cron is set to run midday every weekday
schedule:
- cron: "0 12 * * 1-5
jobs:
sync-pr-project:
name: "Trigger source services for devel packages that changed"
runs-on: tumbleweed
steps:
- name: Setup OSC
run: |
mkdir -p ~/.config/osc
cat >~/.config/osc/oscrc <<'EOF'
[general]
apiurl = https://api.opensuse.org
[https://api.opensuse.org]
user=${{ vars.OBS_USERNAME }}
pass=${{ secrets.OBS_PASSWORD }}
EOF
# Waiting on PR to get merged for support in upstream action/checkout action
- uses: 'https://github.com/yangskyboxlabs/action-checkout@sha256'
name: Checkout repository
with:
object-format: 'sha256'
ref: 'devel'
- name: "Trigger packages"
run: |
python3 .obs/trigger_package.py

1
.gitignore vendored
View File

@@ -1,3 +1,4 @@
*/.osc
*/__pycache__
.venv/
.idea/

View File

@@ -1,3 +1,3 @@
PROJECT = "isv:SUSE:Edge:3.2"
PROJECT = "isv:SUSE:Edge:Factory:Devel"
REPOSITORY = "https://src.opensuse.org/suse-edge/Factory"
BRANCH = "3.2"
BRANCH = "devel"

View File

@@ -1,84 +0,0 @@
#!/usr/bin/python3
import ruamel.yaml
import pathlib
import argparse
import sys
yaml = ruamel.yaml.YAML()
def get_chart_version(chart_name: str) -> str:
with open(f"./{chart_name}/Chart.yaml") as f:
chart = yaml.load(f)
return chart["version"]
def get_charts(chart):
if not chart["chart"].startswith("%%CHART_REPO%%"):
# Not a locally managed chart
return {}
chart_name = chart["chart"][len("%%CHART_REPO%%/%%IMG_PREFIX%%"):]
charts = { chart_name: chart["version"] }
for child_chart in chart.get("dependencyCharts", []) + chart.get("addonCharts", []):
charts.update(get_charts(child_chart))
return charts
def get_charts_list():
with open("./release-manifest-image/release_manifest.yaml") as f:
manifest = yaml.load(f)
charts = {}
for chart in manifest["spec"]["components"]["workloads"]["helm"]:
charts.update(get_charts(chart))
return charts
def check_charts(fix: bool) -> bool:
success = True
charts = get_charts_list()
to_fix = {}
for chart in charts:
expected_version = get_chart_version(chart)
if expected_version != charts[chart]:
success = False
to_fix[f'%%CHART_REPO%%/%%IMG_PREFIX%%{chart}'] = expected_version
print(f"{chart}: Expected: {expected_version}, Got: {charts[chart]}")
if fix and not success:
fix_charts(to_fix)
return True
return success
def fix_charts(to_fix):
manifest_path = pathlib.Path("./release-manifest-image/release_manifest.yaml")
manifest = yaml.load(manifest_path)
yaml.indent(mapping=2, sequence=4, offset=2)
yaml.width = 4096
for chart_index, chart in enumerate(manifest["spec"]["components"]["workloads"]["helm"]):
changed = False
if chart["chart"] in to_fix.keys():
changed = True
chart["version"] = to_fix[chart["chart"]]
for subchart_index, subchart in enumerate(chart.get("addonCharts", [])):
if subchart["chart"] in to_fix.keys():
changed = True
subchart["version"] = to_fix[subchart["chart"]]
chart["addonCharts"][subchart_index] = subchart
for subchart_index, subchart in enumerate(chart.get("dependencyCharts", [])):
if subchart["chart"] in to_fix.keys():
changed = True
subchart["version"] = to_fix[subchart["chart"]]
chart["dependencyCharts"][subchart_index] = subchart
if changed:
manifest["spec"]["components"]["workloads"]["helm"][chart_index] = chart
yaml.dump(manifest, manifest_path)
def main():
print("Checking charts versions in release manifest")
parser = argparse.ArgumentParser()
parser.add_argument('-c', '--check', action='store_true')
args = parser.parse_args()
if not check_charts(not args.check):
sys.exit(1)
else:
print("All local charts in release manifest are using the right version")
if __name__ == "__main__":
main()

View File

@@ -8,6 +8,7 @@ def render(base_project, subproject, internal, scm_url=None):
context = {
"base_project": subproject == "",
"title": f"SUSE Edge {version} {subproject}".rstrip(),
"ironic_base": "ISV:SUSE:Edge:Ironic" if internal else "Cloud:OpenStack",
}
if subproject == "ToTest":
context["project"] = f"{base_project}:ToTest"

65
.obs/trigger_package.py Normal file
View File

@@ -0,0 +1,65 @@
import xml.etree.ElementTree as ET
import subprocess
from sync_packages import get_local_packages
from common import PROJECT
def get_service_repo(package):
with open(f"{package}/_service") as service:
root = ET.parse(service).getroot()
for service in root.findall("service"):
if service.get("mode") in ["manual", "disabled"]:
continue
if service.get("name") not in ["obs_scm", "tar_scm"]:
continue
ref = service.find("param[@name='revision']").text
repo = service.find("param[@name='url']").text
return (repo, ref)
return None
def get_remote_ref(project, package):
files = subprocess.run(["osc", "ls", "-e", project, package], encoding='utf-8' , capture_output=True).stdout.splitlines()
for filename in files:
if filename.startswith("_service") and filename.endswith(".obsinfo"):
obsinfo = subprocess.run(["osc", "cat", project, package, filename], encoding='utf-8' , capture_output=True).stdout.splitlines()
for line in obsinfo:
if line.startswith("commit:"):
return line.split(':')[-1].strip()
def get_upstream_ref(repo, ref):
refs = subprocess.run(["git", "ls-remote", repo, ref, f"{ref}^{{}}"], encoding='utf-8' , capture_output=True).stdout.splitlines()
refpath = ref.split('/')
best = None
for rref in refs:
value = rref.split('\t')
(sha, name) = (value[0].strip(), value[1].strip())
namepath = name.split('/')
if len(namepath) == len(refpath) or len(namepath) - 2 == len(refpath):
if name.endswith(ref) and best is None:
best = sha
if name.endswith("^{}"):
best = sha
return best
def trigger_service(project, package):
subprocess.run(["osc", "service", "remoterun", project, package], encoding="utf-8",check=True)
def main():
packages = get_local_packages()
for package in packages:
try:
(repo, ref) = get_service_repo(package)
print(f"{package} uses {repo} at {ref}")
except: # Package is not using server side scm service
continue
remote_ref = get_remote_ref(PROJECT, package)
upstream_ref = get_upstream_ref(repo, ref)
if upstream_ref != remote_ref:
print(f"\t{package} needs a refresh")
print(f"\tOBS ref is {remote_ref}")
print(f"\tgit ref is {upstream_ref}")
trigger_service(PROJECT, package)
if __name__ == "__main__":
main()

View File

@@ -1,10 +0,0 @@
repos:
- repo: local
hooks:
- id: check-manifest
name: "Check release-manifest"
entry: python3 .obs/manifest-check.py
language: python
additional_dependencies: ['ruamel.yaml']
pass_filenames: false
always_run: true

22
_config
View File

@@ -23,6 +23,7 @@ Macros:
Macros:
%img_repo registry.suse.com/edge
%chart_repo oci://registry.suse.com/edge
%chart_prefix charts/
%manifest_repo registry.suse.com/edge
%support_level l3
:Macros
@@ -40,6 +41,7 @@ Macros:
%img_repo %(echo %{registry_url}:%{_project}:images | tr ":" "/" | tr '[:upper:]' '[:lower:]')
%manifest_repo %(echo %{registry_url}:%{_project}:test_manifest_images | tr ":" "/" | tr '[:upper:]' '[:lower:]')
%chart_repo oci://%(echo %{registry_url}:%{_project}:charts | tr ":" "/" | tr '[:upper:]' '[:lower:]')
%chart_prefix %(echo "")
:Macros
%endif
@@ -58,6 +60,7 @@ BuildFlags: onlybuild:release-manifest-image
BuildFlags: excludebuild:endpoint-copier-operator-image
BuildFlags: excludebuild:ironic-image
BuildFlags: excludebuild:ironic-ipa-downloader-image
BuildFlags: excludebuild:kubectl-image
BuildFlags: excludebuild:kube-rbac-proxy-image
BuildFlags: excludebuild:metallb-controller-image
BuildFlags: excludebuild:metallb-speaker-image
@@ -69,8 +72,9 @@ BuildFlags: onlybuild:release-manifest-image
BuildFlags: onlybuild:baremetal-operator
BuildFlags: onlybuild:baremetal-operator-image
BuildFlags: onlybuild:ca-certificates-suse
BuildFlags: onlybuild:cosign
BuildFlags: onlybuild:container-build-checks
BuildFlags: onlybuild:crudini
BuildFlags: onlybuild:edge-build-checks
BuildFlags: onlybuild:edge-image-builder
BuildFlags: onlybuild:edge-image-builder-image
BuildFlags: onlybuild:endpoint-copier-operator
@@ -81,12 +85,15 @@ BuildFlags: onlybuild:release-manifest-image
BuildFlags: onlybuild:ironic-image
BuildFlags: onlybuild:ironic-ipa-downloader-image
BuildFlags: onlybuild:ironic-ipa-ramdisk
BuildFlags: onlybuild:kubectl
BuildFlags: onlybuild:kubectl-image
BuildFlags: onlybuild:kube-rbac-proxy
BuildFlags: onlybuild:kube-rbac-proxy-image
BuildFlags: onlybuild:metallb
BuildFlags: onlybuild:metallb-controller-image
BuildFlags: onlybuild:metallb-speaker-image
BuildFlags: onlybuild:nm-configurator
BuildFlags: onlybuild:shim-noarch
%endif
%endif
@@ -101,9 +108,13 @@ BuildFlags: onlybuild:release-manifest-image
# Publish multi-arch container images only once all archs have been built
PublishFlags: archsync
# skopeo and umoci are used by build scripts to list packages
Substitute: system-packages:podman podman buildah createrepo_c release-compare edge-build-checks skopeo umoci
%endif
%if "%_repository" == "images_6.0"
%if "%_repository" == "images_16.0"
Prefer: container:sles15-image
Type: docker
BuildEngine: podman
@@ -122,6 +133,7 @@ BuildFlags: onlybuild:release-manifest-image
BuildFlags: excludebuild:endpoint-copier-operator-image
BuildFlags: excludebuild:ironic-image
BuildFlags: excludebuild:ironic-ipa-downloader-image
BuildFlags: excludebuild:kubectl-image
BuildFlags: excludebuild:kube-rbac-proxy-image
BuildFlags: excludebuild:metallb-controller-image
BuildFlags: excludebuild:metallb-speaker-image
@@ -138,11 +150,17 @@ BuildFlags: onlybuild:release-manifest-image
Repotype: helm
Patterntype: none
Required: perl-YAML-LibYAML
# include edge-build-checks here
Support: edge-build-checks
%endif
%if "%_repository" == "standard"
# for build openstack-ironic-image
BuildFlags: allowrootforbuild
# ironic-ipa-ramdisk are noarch packages that need to be availble to both archs
ExportFilter: ^ironic-ipa-ramdisk-.*\.noarch\.rpm$ aarch64 x86_64
%endif
# Enable reproducible builds

9
_meta
View File

@@ -31,15 +31,16 @@
<arch>x86_64</arch>
</repository>
{%- endif %}
{%- for repository in ["images", "images_6.0", "test_manifest_images"] %}
{%- for repository in ["images", "images_16.0", "test_manifest_images"] %}
<repository name="{{ repository }}">
{%- if release_project is defined and repository != "test_manifest_images" %}
<releasetarget project="{{ release_project }}" repository="images" trigger="manual"/>
{%- endif %}
<path project="SUSE:Registry" repository="standard"/>
{%- if repository == "images_6.0" %}
{%- if repository == "images_16.0" %}
<path project="SUSE:CA" repository="16.0"/>
<path project="SUSE:ALP:Products:Marble:6.0" repository="standard"/>
<path project="SUSE:SLFO:Products:SLES:16.0" repository="standard"/>
<path project="SUSE:SLFO:Main:Build" repository="standard"/>
{%- else %}
<path project="SUSE:CA" repository="SLE_15_SP6"/>
<path project="{{ project }}" repository="standard"/>
@@ -52,7 +53,7 @@
{%- if release_project is defined and not for_release %}
<releasetarget project="{{ release_project }}" repository="standard" trigger="manual"/>
{%- endif %}
<path project="Cloud:OpenStack:2024.2" repository="15.6"/>
<path project="{{ ironic_base }}:2024.2" repository="15.6"/>
<path project="SUSE:SLE-15-SP6:Update" repository="standard"/>
<arch>x86_64</arch>
<arch>aarch64</arch>

View File

@@ -1,5 +1,5 @@
#!BuildTag: %%IMG_PREFIX%%akri-chart:%%CHART_MAJOR%%.0.0_up0.12.20
#!BuildTag: %%IMG_PREFIX%%akri-chart:%%CHART_MAJOR%%.0.0_up0.12.20-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%akri:%%CHART_MAJOR%%.0.0_up0.12.20
#!BuildTag: %%CHART_PREFIX%%akri:%%CHART_MAJOR%%.0.0_up0.12.20-%RELEASE%
annotations:
catalog.cattle.io/display-name: Akri
apiVersion: v2

View File

@@ -9,8 +9,8 @@
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Chart.yaml</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix})</param>
<param name="var">CHART_PREFIX</param>
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
<param name="var">CHART_MAJOR</param>
</service>

View File

@@ -853,7 +853,7 @@ webhookConfiguration:
pullPolicy: Always
certImage:
# reference is the webhook-certgen image reference
reference: registry.k8s.io/ingress-nginx/kube-webhook-certgen
reference: registry.rancher.com/rancher/mirrored-ingress-nginx-kube-webhook-certgen
# tag is the webhook-certgen image tag
tag: v1.1.1
# pullPolicy is the webhook-certgen pull policy

View File

@@ -1,21 +1,22 @@
#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:%%CHART_MAJOR%%.0.0
#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.1
#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.1-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.1
#!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.1_up1.3.0
#!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.1_up1.3.0-%RELEASE%
annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/display-name: Akri
catalog.cattle.io/kube-version: ">= v1.26.0-0"
catalog.cattle.io/namespace: cattle-ui-plugin-system
catalog.cattle.io/os: linux
catalog.cattle.io/permits-os: linux, windows
catalog.cattle.io/rancher-version: ">= 2.10.0-0"
catalog.cattle.io/scope: management
catalog.cattle.io/ui-component: plugins
catalog.cattle.io/ui-extensions-version: ">= 3.0.0 < 4.0.0"
catalog.cattle.io/display-name: Akri
catalog.cattle.io/rancher-version: '>= 2.11.0-0'
catalog.cattle.io/ui-extensions-version: '>= 3.0.4 < 4.0.0'
catalog.cattle.io/kube-version: '>= v1.26.0-0'
apiVersion: v2
appVersion: 302.0.0+up1.2.1
appVersion: 303.0.1+up1.3.0
description: 'SUSE Edge: Akri extension for Rancher Dashboard'
name: akri-dashboard-extension
type: application
version: "%%CHART_MAJOR%%.0.0+up1.2.1"
icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/akri/icon/color/akri-icon-color.svg
version: "%%CHART_MAJOR%%.0.1+up1.3.0"
icon: >-
https://raw.githubusercontent.com/cncf/artwork/main/projects/akri/icon/color/akri-icon-color.svg

View File

@@ -9,8 +9,8 @@
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Chart.yaml</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix})</param>
<param name="var">CHART_PREFIX</param>
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
<param name="var">CHART_MAJOR</param>
</service>

View File

@@ -8,7 +8,7 @@ spec:
plugin:
name: {{ include "extension-server.fullname" . }}
version: {{ (semver (default .Chart.AppVersion .Values.plugin.versionOverride)).Original }}
endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/akri-dashboard-extension/302.0.0+up1.2.1
endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/akri-dashboard-extension/303.0.1+up1.3.0
noCache: {{ .Values.plugin.noCache }}
noAuth: {{ .Values.plugin.noAuth }}
metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }}

View File

@@ -7,6 +7,6 @@ plugin:
noAuth: false
metadata:
catalog.cattle.io/display-name: Akri
catalog.cattle.io/rancher-version: ">= 2.10.0-0"
catalog.cattle.io/ui-extensions-version: ">= 3.0.0 < 4.0.0"
catalog.cattle.io/rancher-version: ">= 2.11.0-0"
catalog.cattle.io/ui-extensions-version: ">= 3.0.4 < 4.0.0"
catalog.cattle.io/kube-version: ">= v1.26.0-0"

View File

@@ -2,7 +2,7 @@
<service name="obs_scm">
<param name="url">https://github.com/metal3-io/baremetal-operator</param>
<param name="scm">git</param>
<param name="revision">v0.8.0</param>
<param name="revision">v0.9.1</param>
<param name="version">_auto_</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>

View File

@@ -17,14 +17,14 @@
Name: baremetal-operator
Version: 0.8.0
Release: 0.8.0
Version: 0.9.1
Release: 0
Summary: Implements a Kubernetes API for managing bare metal hosts
License: Apache-2.0
URL: https://github.com/metal3-io/baremetal-operator
Source: baremetal-operator-%{version}.tar
Source1: vendor.tar.gz
BuildRequires: golang(API) = 1.22
BuildRequires: golang(API) = 1.23
ExcludeArch: s390
ExcludeArch: %{ix86}

View File

@@ -1,5 +1,5 @@
#!BuildTag: %%IMG_PREFIX%%cdi-chart:%%CHART_MAJOR%%.0.0_up0.4.0
#!BuildTag: %%IMG_PREFIX%%cdi-chart:%%CHART_MAJOR%%.0.0_up0.4.0-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%cdi:%%CHART_MAJOR%%.0.0_up0.4.0
#!BuildTag: %%CHART_PREFIX%%cdi:%%CHART_MAJOR%%.0.0_up0.4.0-%RELEASE%
apiVersion: v2
appVersion: 1.60.1
description: A Helm chart for Containerized Data Importer (CDI)

View File

@@ -2,8 +2,8 @@
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service name="replace_using_env" mode="buildtime">
<param name="file">Chart.yaml</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix})</param>
<param name="var">CHART_PREFIX</param>
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
<param name="var">CHART_MAJOR</param>
</service>

View File

@@ -25,7 +25,7 @@ cdi:
nodeSelector:
kubernetes.io/os: linux
hookImage: rancher/kubectl:v1.30.2
hookImage: registry.rancher.com/rancher/kubectl:v1.30.10
hookRestartPolicy: OnFailure
hookSecurityContext:
seccompProfile:

23
container-build-checks/.gitattributes vendored Normal file
View File

@@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

View File

@@ -0,0 +1,39 @@
From 982cfa8500250c9704448880a779ade06cc8f976 Mon Sep 17 00:00:00 2001
From: Nicolas Belouin <nicolas.belouin@suse.com>
Date: Thu, 3 Apr 2025 16:53:49 +0200
Subject: [PATCH] Allow slash prefixes in registry
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
---
container-build-checks.py | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/container-build-checks.py b/container-build-checks.py
index b8c873c..d862f33 100755
--- a/container-build-checks.py
+++ b/container-build-checks.py
@@ -82,13 +82,17 @@ def verify_reference(image, result, value):
return
(registry, repo, tag) = reference_match.groups()
- allowed_registries: list[str] = config["General"].getlist("Registry")
- if len(allowed_registries) and registry not in allowed_registries:
+ raw_allowed_registries: list[str] = config["General"].getlist("Registry")
+ allowed_registries: dict[str, str] = {v[0]: v[2] for v in map(lambda a: a.partition("/"), raw_allowed_registries)}
+
+ if len(allowed_registries) and (registry not in allowed_registries.keys() or not repo.startswith(allowed_registries[registry])):
result.warn(
f"The org.opensuse.reference label ({value}) does not use an "
- f"allowed registry: {','.join(allowed_registries)}")
+ f"allowed registry: {','.join(raw_allowed_registries)}")
+
+ prefix = allowed_registries[registry]
- if f"{repo}:{tag}" not in image.containerinfo["tags"]:
+ if f"{repo[len(prefix)+1:]}:{tag}" not in image.containerinfo["tags"]:
tags = ", ".join(image.containerinfo["tags"])
result.warn(f"The org.opensuse.reference label ({value}) does not refer to an existing tag ({tags})")
elif "release" in image.containerinfo and image.containerinfo["release"] not in tag:
--
2.49.0

View File

@@ -0,0 +1,4 @@
[General]
Vendor=com.suse
Registry=registry.suse.com
Registry+=dp.apps.rancher.io

View File

@@ -0,0 +1,15 @@
<services>
<service mode="manual" name="obs_scm">
<param name="url">https://github.com/openSUSE/container-build-checks.git</param>
<param name="scm">git</param>
<param name="changesgenerate">enable</param>
</service>
<service mode="manual" name="set_version" />
<service mode="buildtime" name="tar">
<param name="obsinfo">container-build-checks.obsinfo</param>
</service>
<service mode="buildtime" name="recompress">
<param name="file">*.tar</param>
<param name="compression">xz</param>
</service>
</services>

View File

@@ -0,0 +1,4 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/openSUSE/container-build-checks.git</param>
<param name="changesrevision">412e7f60c08221a549b0f00dfcc4bee7694193ab</param></service></servicedata>

Binary file not shown.

View File

@@ -0,0 +1,101 @@
-------------------------------------------------------------------
Mon Aug 12 11:33:57 UTC 2024 - Fabian Vogt <fvogt@suse.com>
- Update to version 1723452932.412e7f6:
* add test for missing substitutions
* Reject labels that are missing a substitution
-------------------------------------------------------------------
Mon Jul 22 13:43:57 UTC 2024 - Dirk Müller <dmueller@suse.com>
- update SUSE.conf: allow dp.rancher.apps.io
-------------------------------------------------------------------
Mon Jul 22 13:08:23 UTC 2024 - Fabian Vogt <fvogt@suse.com>
- Switch _service to mode="manual"
- Update to version 1721653643.19092fe:
* Use generic name for the python setup step
* Allow specifying more than one registry
* Use Pathlib for resolving containerinfo
* Switch to test Python 3.11
-------------------------------------------------------------------
Fri Apr 28 09:23:53 UTC 2023 - Fabian Vogt <fvogt@suse.com>
- Update to version 1682595397.5ce6d2f:
* Handle OCI style images as well
* Makefile: Add missing dependency of broken-derived on proper-base
* GitHub workflow: Update action versions
* GitHub workflow: Test python 3.6 and 3.10
-------------------------------------------------------------------
Mon Aug 8 11:37:19 UTC 2022 - Fabian Vogt <fvogt@suse.com>
- Make the URL point to GitHub
-------------------------------------------------------------------
Thu Jul 7 13:42:05 UTC 2022 - Fabian Vogt <fvogt@suse.com>
- openSUSE.conf: Allow bci/* as prefix
-------------------------------------------------------------------
Wed Apr 20 14:26:26 UTC 2022 - Fabian Vogt <fvogt@suse.com>
- Update to version 1650464301.a198cf9:
* Detect and treat local builds specially
-------------------------------------------------------------------
Mon Mar 7 09:23:46 UTC 2022 - Silvio Moioli <moio@suse.com>
- Adding Uyuni prefix for https://www.uyuni-project.org/
-------------------------------------------------------------------
Thu Feb 03 07:44:23 UTC 2022 - fvogt@suse.com
- Update to version 1643874076.3d0e13c:
* Avoid crash on local builds
-------------------------------------------------------------------
Tue Dec 14 13:49:12 UTC 2021 - fvogt@suse.com
- Update to version 1639489705.a4c5a3ab2a75:
* Don't error out when the release field is empty
* Add simple gitpod configuration
-------------------------------------------------------------------
Tue Jun 1 09:06:12 UTC 2021 - Fabian Vogt <fvogt@suse.com>
- Drop obsolete Requires: grep jq
-------------------------------------------------------------------
Fri May 28 13:57:34 UTC 2021 - Fabian Vogt <fvogt@suse.com>
- Update to version 1622209785.4616f4f:
* README.md: Point badge to new location
-------------------------------------------------------------------
Fri May 28 12:47:42 UTC 2021 - Fabian Vogt <fvogt@suse.com>
- Update to version 1622204213.c8ecb9f:
* Add options to allow and block specific tags
-------------------------------------------------------------------
Thu May 27 15:09:59 UTC 2021 - Fabian Vogt <fvogt@suse.com>
- Update to version 1622127842.b548dd8:
* Update README.md
* Add README.md
* Add broken-derived test
* Verify prefix of the image specific label prefix
* Add some comments in the Makefile
* Always check the tag used in org.opensuse.reference
* Add github workflow
* Use bash explicitly
* Make lint
* Less noise in Makefile
-------------------------------------------------------------------
Fri Apr 30 10:04:09 UTC 2021 - Fabian Vogt <fvogt@suse.com>
- Initial commit

View File

@@ -0,0 +1,4 @@
name: container-build-checks
version: 1723452932.412e7f6
mtime: 1723452932
commit: 412e7f60c08221a549b0f00dfcc4bee7694193ab

View File

@@ -0,0 +1,95 @@
#
# spec file for package container-build-checks
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: container-build-checks
Version: 1723452932.412e7f6
Release: 0
Summary: Scripts to validate built container images
License: GPL-2.0-or-later
Group: Development/Tools/Building
URL: https://github.com/openSUSE/container-build-checks
Patch0: 0001-Allow-slash-prefixes-in-registry.patch
Source0: %{name}-%{version}.tar.xz
Source1: openSUSE.conf
Source2: SUSE.conf
Requires: %{name}-vendor
BuildArch: noarch
%package vendor-openSUSE
Summary: openSUSE configuration for %{name}
Group: Development/Tools/Building
Requires: %{name} = %{version}
Provides: %{name}-vendor
Conflicts: %{name}-vendor
%description vendor-openSUSE
openSUSE configuration for %{name}
%package vendor-SUSE
Summary: SUSE configuration for %{name}
Group: Development/Tools/Building
Requires: %{name} = %{version}
Provides: %{name}-vendor
Conflicts: %{name}-vendor
%description vendor-SUSE
SUSE configuration for %{name}
%package strict
Summary: Strict configuration for %{name}
Group: Development/Tools/Building
%description strict
Strict configuration for %{name}
%description
This tool checks that built container images conform to the openSUSE container
image policies (https://en.opensuse.org/Building_derived_containers).
%prep
%autosetup -p1
%build
%make_build
%install
%make_install
mkdir -p %{buildroot}%{_datadir}/container-build-checks/
install -m0644 %{SOURCE1} %{buildroot}%{_datadir}/container-build-checks/openSUSE.conf
install -m0644 %{SOURCE2} %{buildroot}%{_datadir}/container-build-checks/SUSE.conf
echo -e "[General]\nFatalWarnings=true" > %{buildroot}%{_datadir}/container-build-checks/strict.conf
%files
#%doc README
%license LICENSE
%dir %{_datadir}/container-build-checks
%dir %{_prefix}/lib/build/
%dir %{_prefix}/lib/build/post-build-checks/
%{_prefix}/lib/build/post-build-checks/container-build-checks
%files vendor-openSUSE
%{_datadir}/container-build-checks/openSUSE.conf
%files vendor-SUSE
%{_datadir}/container-build-checks/SUSE.conf
%files strict
%{_datadir}/container-build-checks/strict.conf
%changelog

View File

@@ -0,0 +1,10 @@
[General]
Vendor=org.opensuse
Registry=registry.opensuse.org
[Tags]
# To avoid conflicts with other stuff on the registry and
# avoid ambiguities with images on other registries.
Allowed+=opensuse/*,kubic/*,kubevirt/*,uyuni/*,bci/*
# Those are images, not available as namespaces
Blocked+=opensuse/tumbleweed/*,opensuse/leap/*

View File

@@ -1,18 +0,0 @@
<services>
<service name="obs_scm">
<param name="url">https://github.com/rancher-government-carbide/cosign.git</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="scm">git</param>
<param name="exclude">.get</param>
<param name="revision">v2.2.3+carbide.2</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="changesgenerate">enable</param>
</service>
<service mode="buildtime" name="tar">
<param name="obsinfo">cosign.obsinfo</param>
</service>
<service mode="buildtime" name="set_version" />
<service name="go_modules">
<param name="compression">gz</param>
</service>
</services>

View File

@@ -1,55 +0,0 @@
#
# spec file for package cosign-rgs
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define project https://github.com/hauler-dev/cosign
%define revision 49542360ffb5de63f9d2f5856b658651d5538e40
Name: cosign
Version: 0
Release: 0
Summary: Container Signing, Verification and Storage in an OCI registry
License: Apache-2.0
URL: https://github.com/rancher-government-carbide/cosign
Source: cosign-%{version}.tar
Source1: vendor.tar.gz
BuildRequires: golang-packaging
%description
%prep
%setup -q -a1 -n cosign-%{version}
%build
%goprep %{project}
DATE_FMT="+%%Y-%%m-%%dT%%H:%%M:%%SZ"
BUILD_DATE=$(date -u -d "@${SOURCE_DATE_EPOCH}" "${DATE_FMT}" 2>/dev/null || date -u -r "${SOURCE_DATE_EPOCH}" "${DATE_FMT}" 2>/dev/null || date -u "${DATE_FMT}")
CLI_PKG=sigs.k8s.io/release-utils/version
CLI_LDFLAGS="-X ${CLI_PKG}.gitVersion=%{version} -X ${CLI_PKG}.gitCommit=%{revision} -X ${CLI_PKG}.gitTreeState=release -X ${CLI_PKG}.buildDate=${BUILD_DATE}"
CGO_ENABLED=0 go build -mod=vendor -buildmode=pie -trimpath -ldflags "${CLI_LDFLAGS}" -o cosign ./cmd/cosign
%install
install -D -m 0755 cosign %{buildroot}%{_bindir}/cosign
%files
%license LICENSE
%doc *.md
%{_bindir}/cosign
%changelog

View File

@@ -0,0 +1,12 @@
#!/bin/bash
HELM="/usr/bin/helm"
TOPDIR=/usr/src/packages/HELM
failed=0
if [ -x $HELM ]; then
$HELM lint "$TOPDIR"/*.tgz
failed=$?
fi
exit $failed

View File

@@ -0,0 +1,158 @@
#!/usr/bin/python3
import os
import glob
import subprocess
import yaml
import sys
import pprint
AUTHORIZED_REPOS = [
"registry.suse.com/suse/sles/",
"registry.rancher.com",
]
EXTRA_CONFIG = None
class CheckResult:
"""Class to track count of issues"""
def __init__(self):
self.hints = 0
self.warnings = 0
self.errors = 0
def hint(self, msg):
print(f"Hint: {msg}")
self.hints += 1
def warn(self, msg):
print(f"Warning: {msg}")
self.warnings += 1
def error(self, msg):
print(f"Error: {msg}")
self.errors += 1
def tarballs():
"""Return a list of .helminfo files to check."""
if "BUILD_ROOT" not in os.environ:
# Not running in an OBS build container
return glob.glob("*.tgz")
# Running in an OBS build container
buildroot = os.environ["BUILD_ROOT"]
topdir = "/usr/src/packages"
if os.path.isdir(buildroot + "/.build.packages"):
topdir = "/.build.packages"
if os.path.islink(buildroot + "/.build.packages"):
topdir = "/" + os.readlink(buildroot + "/.build.packages")
return glob.glob(f"{buildroot}{topdir}/HELM/*.tgz")
def get_extra_config():
global EXTRA_CONFIG
if EXTRA_CONFIG is not None:
return EXTRA_CONFIG
if "BUILD_ROOT" not in os.environ:
file_path = "./.checks_helm.yaml"
else:
buildroot = os.environ["BUILD_ROOT"]
topdir = "/usr/src/packages"
file_path = f"{buildroot}{topdir}/SOURCES/.checks_helm.yaml"
try:
with open(file_path) as config_file:
EXTRA_CONFIG = yaml.safe_load(config_file)
if EXTRA_CONFIG is None: # No document in stream
EXTRA_CONFIG = {}
except OSError:
EXTRA_CONFIG = {}
return EXTRA_CONFIG
def get_extra_params():
config = get_extra_config()
args = []
for api in config.get('extra_apis', []):
args.extend(['-a', api])
return args
def is_exception(image):
config = get_extra_config()
exceptions = config.get('image_exceptions', [])
(namespace, _, _) = image.partition(':')
return namespace in exceptions
def get_template(tarball_path):
raw_templates = subprocess.check_output(
[
"helm",
"template",
tarball_path,
] + get_extra_params()
).decode()
return yaml.safe_load_all(raw_templates)
def extract_key(key, var):
if hasattr(var, "items"): # hasattr(var,'items') for python 3
for k, v in var.items(): # var.items() for python 3
if k == key:
yield v
if isinstance(v, dict):
for result in extract_key(key, v):
yield result
elif isinstance(v, list):
for d in v:
for result in extract_key(key, d):
yield result
def check_template(result, template):
if template["kind"] not in [
"Pod",
"Deployment",
"StatefulSet",
"DaemonSet",
"ReplicaSet",
"Job",
"CronJob",
]:
return
for image in extract_key("image", template):
if not image.startswith(tuple(AUTHORIZED_REPOS)) and not is_exception(image):
result.error(f"{image} is not from authorized source")
pass
def main():
result = CheckResult()
img_repo = subprocess.check_output(
[
"rpm",
"--macros=/root/.rpmmacros",
"-E",
"%{?img_repo}",
]
).strip()
if img_repo:
result.hint(f"Adding '{img_repo.decode()}' to authorized repo")
AUTHORIZED_REPOS.append(img_repo.decode())
else:
result.warn("img_repo macro not defined, will not add extra authorized repo")
for tarball in tarballs():
print(f"Looking at {tarball}")
for template in get_template(tarball):
if template: # Exclude empty templates
check_template(result, template)
ret = 0
if result.errors > 0:
print("Fatal errors found.")
ret = 1
sys.exit(ret)
if __name__ == "__main__":
main()

View File

@@ -0,0 +1,92 @@
#!/usr/bin/python3
import json
import os
import glob
import sys
import re
class CheckResult:
"""Class to track count of issues"""
def __init__(self):
self.hints = 0
self.warnings = 0
self.errors = 0
def hint(self, msg):
print(f"Hint: {msg}")
self.hints += 1
def warn(self, msg):
print(f"Warning: {msg}")
self.warnings += 1
def error(self, msg):
print(f"Error: {msg}")
self.errors += 1
TAG_RE = re.compile(r"(.*\/)?([^:]+):([^:]+)")
def check_tags(helminfo, result):
release_tag_found = False
version_tag_found = False
for tag in helminfo["tags"]:
(tag_prefix, tag_name, tag_version) = TAG_RE.fullmatch(tag).groups()
if tag_name != helminfo.get("name"):
result.warn(
f"Tag ({tag}) doesn't use the chart name ({helminfo.get('name')})"
)
if "release" in helminfo and helminfo["release"] in tag_version:
release_tag_found = True
if tag_version.replace("_", "+") == helminfo["version"]:
version_tag_found = True
if not release_tag_found:
result.error(
"None of the tags are unique to a specific build of the image.\n"
+ "Make sure that at least one tag contains the release."
)
if not version_tag_found:
result.error(
"None of the tags is the equivalent of the chart's version.\n"
+ "Make sure that one of the tag is the chart version."
)
def helminfos():
"""Return a list of .helminfo files to check."""
if "BUILD_ROOT" not in os.environ:
# Not running in an OBS build container
return glob.glob("*.helminfo")
# Running in an OBS build container
buildroot = os.environ["BUILD_ROOT"]
topdir = "/usr/src/packages"
if os.path.isdir(buildroot + "/.build.packages"):
topdir = "/.build.packages"
if os.path.islink(buildroot + "/.build.packages"):
topdir = "/" + os.readlink(buildroot + "/.build.packages")
return glob.glob(f"{buildroot}{topdir}/HELM/*.helminfo")
def main():
result = CheckResult()
for helminfo in helminfos():
print(f"Looking at {helminfo}")
with open(helminfo, "rb") as cifile:
ci_dict = json.load(cifile)
check_tags(ci_dict, result)
ret = 0
if result.errors > 0:
print("Fatal errors found.")
ret = 1
sys.exit(ret)
if __name__ == "__main__":
main()

340
edge-build-checks/COPYING Normal file
View File

@@ -0,0 +1,340 @@
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Library General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Library General
Public License instead of this License.

View File

@@ -0,0 +1,6 @@
[General]
Vendor=com.suse
Registry=%%IMG_REPO%%
[Tags]
Allowed=%%IMG_PREFIX%%*

View File

@@ -0,0 +1,9 @@
<services>
<service name="replace_using_env" mode="buildtime">
<param name="file">SUSE-Edge.conf</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
<param name="var">IMG_REPO</param>
</service>
</services>

View File

@@ -0,0 +1,59 @@
#
# spec file for package edge-build-checks
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: edge-build-checks
Summary: post checks for build after charts and images are created
License: GPL-2.0-or-later
Group: Development/Tools/Building
Version: 0.0.1
Release: 0
Source0: COPYING
Source1: 20-helm-images
Source2: 10-helm-lint
Source3: SUSE-Edge.conf
Source4: 20-helm-tags
BuildArch: noarch
Requires: container-build-checks
Requires: python3-PyYAML
Provides: container-build-checks-vendor
%description
some scripts to check for problems in edge related helm charts and images after their creation
in OBS.
%prep
cp %{SOURCE0} .
%build
%define _lto_cflags %{nil}
# nothing to do
%install
install -d $RPM_BUILD_ROOT/usr/lib/build/post-build-checks
install -m 755 %{SOURCE1} $RPM_BUILD_ROOT/usr/lib/build/post-build-checks
install -m 755 %{SOURCE2} $RPM_BUILD_ROOT/usr/lib/build/post-build-checks
install -m 755 %{SOURCE4} $RPM_BUILD_ROOT/usr/lib/build/post-build-checks
install -d %{buildroot}%{_datadir}/container-build-checks
install -m 644 %{SOURCE3} %{buildroot}%{_datadir}/container-build-checks/SUSE-Edge.conf
%files
%license COPYING
%{_datadir}/container-build-checks
/usr/lib/build
%changelog

View File

@@ -1,5 +1,5 @@
#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.1.2-rc1
#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.1.2-rc1-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%edge-image-builder:%PACKAGE_VERSION%
#!BuildTag: %%IMG_PREFIX%%edge-image-builder:%PACKAGE_VERSION%-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-base:$SLE_VERSION
@@ -15,11 +15,11 @@ RUN zypper --non-interactive install --no-recommends edge-image-builder qemu-x86
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE edge-image-builder Container Image"
LABEL org.opencontainers.image.description="edge-image-builder based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="1.1.2-rc1"
LABEL org.opencontainers.image.version="%PACKAGE_VERSION%"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:1.1.2-rc1-%RELEASE%"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:%PACKAGE_VERSION%-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"

View File

@@ -1,5 +1,10 @@
<services>
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service name="replace_using_package_version" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="regex">%PACKAGE_VERSION%</param>
<param name="package">edge-image-builder</param>
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
@@ -7,8 +12,8 @@
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
<param name="var">IMG_REPO</param>
<param name="file">artifacts.yaml</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix})</param>
<param name="var">CHART_PREFIX</param>
<param name="eval">CHART_REPO=$(rpm --macros=/root/.rpmmacros -E %chart_repo)</param>
<param name="var">CHART_REPO</param>
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
@@ -17,4 +22,3 @@
<param name="var">CHART_MAJOR</param>
</service>
</services>

View File

@@ -1,10 +1,10 @@
metallb:
chart: metallb-chart
repository: "%%CHART_REPO%%/%%IMG_PREFIX%%"
version: "%%CHART_MAJOR%%.0.1+up0.14.9"
chart: metallb
repository: "%%CHART_REPO%%/%%CHART_PREFIX%%"
version: "%%CHART_MAJOR%%.0.0+up0.14.9"
endpoint-copier-operator:
chart: endpoint-copier-operator-chart
repository: "%%CHART_REPO%%/%%IMG_PREFIX%%"
chart: endpoint-copier-operator
repository: "%%CHART_REPO%%/%%CHART_PREFIX%%"
version: "%%CHART_MAJOR%%.0.0+up0.2.1"
kubernetes:
k3s:

View File

@@ -1,15 +1,12 @@
<services>
<service name="obs_scm">
<param name="url">https://github.com/suse-edge/edge-image-builder.git</param>
<param name="versionformat">@PARENT_TAG@_%h.%ad</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
<param name="revision">v1.1.2-rc1</param>
<!-- Uncomment and set this For Pre-Release Version -->
<param name="version">1.1.2~rc0</param>
<!-- Uncomment and this for regular version -->
<!-- <param name="versionformat">@PARENT_TAG@</param> -->
<param name="versionrewrite-pattern">v(\d+).(\d+).(\d+)</param>
<param name="versionrewrite-replacement">\1.\2.\3</param>
<param name="revision">main</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="versionrewrite-replacement">\1</param>
<param name="changesgenerate">enable</param>
</service>
<service mode="buildtime" name="tar">

View File

@@ -17,14 +17,14 @@
Name: edge-image-builder
Version: 1.1.2~rc1
Version: 0
Release: 0
Summary: Edge Image Builder
License: Apache-2.0
URL: https://github.com/suse-edge/edge-image-builder
Source: edge-image-builder-%{version}.tar
Source1: vendor.tar.gz
BuildRequires: golang(API) go1.22
BuildRequires: golang(API) go1.24
BuildRequires: golang-packaging
BuildRequires: gpgme-devel
BuildRequires: device-mapper-devel

View File

@@ -1,5 +1,5 @@
#!BuildTag: %%IMG_PREFIX%%endpoint-copier-operator-chart:%%CHART_MAJOR%%.0.0_up0.2.1
#!BuildTag: %%IMG_PREFIX%%endpoint-copier-operator-chart:%%CHART_MAJOR%%.0.0_up0.2.1-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%endpoint-copier-operator:%%CHART_MAJOR%%.0.0_up0.2.1
#!BuildTag: %%CHART_PREFIX%%endpoint-copier-operator:%%CHART_MAJOR%%.0.0_up0.2.1-%RELEASE%
apiVersion: v2
appVersion: v0.2.0
description: A Helm chart for Kubernetes

View File

@@ -9,8 +9,8 @@
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Chart.yaml</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix})</param>
<param name="var">CHART_PREFIX</param>
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
<param name="var">CHART_MAJOR</param>
</service>

View File

@@ -1,7 +1,7 @@
# SPDX-License-Identifier: MIT
#!BuildTag: %%IMG_PREFIX%%frr:8.4
#!BuildTag: %%IMG_PREFIX%%frr:8.4-%RELEASE%
#!BuildVersion: 15.5
#!BuildTag: %%IMG_PREFIX%%frr:8.5.6
#!BuildTag: %%IMG_PREFIX%%frr:8.5.6-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
@@ -15,11 +15,11 @@ FROM micro AS final
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="FRR Container Image"
LABEL org.opencontainers.image.description="frr based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="8.4"
LABEL org.opencontainers.image.version="8.5.6"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%frr:8.4-%RELEASE%"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%frr:8.5.6-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"

View File

@@ -2,7 +2,7 @@
<service name="obs_scm">
<param name="url">https://github.com/metallb/frr-k8s</param>
<param name="scm">git</param>
<param name="revision">v0.0.14</param>
<param name="revision">v0.0.16</param>
<param name="version">_auto_</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>

View File

@@ -17,8 +17,8 @@
Name: frr-k8s
Version: 0.0.14
Release: 0.0.14
Version: 0.0.16
Release: 0.0.16
Summary: A kubernetes based daemonset that exposes a subset of the FRR API in a kubernetes compliant manner.
License: Apache-2.0
URL: https://github.com/metallb/frr-k8s

View File

@@ -4,7 +4,7 @@
<param name="versionformat">@PARENT_TAG@</param>
<param name="scm">git</param>
<param name="exclude">.get</param>
<param name="revision">v1.0.7</param>
<param name="revision">v1.2.1</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="changesgenerate">enable</param>
</service>
@@ -15,4 +15,13 @@
<service name="go_modules">
<param name="compression">gz</param>
</service>
<service mode="buildtime" name="replace_using_env">
<param name="file">hauler.spec</param>
<param name="var">SOURCE_COMMIT</param>
<param name="eval">
SOURCE_COMMIT=$(grep commit hauler.obsinfo | cut -d" " -f2)
</param>
<param name="verbose">1</param>
</service>
<service mode="buildtime" name="set_version" />
</services>

View File

@@ -18,7 +18,7 @@
%define project github.com/hauler-dev/hauler
Name: hauler
Version: 1.0.7
Version: 1.2.1
Release: 0
Summary: Airgap Swiss Army Knife
License: Apache-2.0
@@ -26,7 +26,6 @@ URL: https://github.com/hauler-dev/hauler
Source: hauler-%{version}.tar
Source1: vendor.tar.gz
BuildRequires: golang-packaging
BuildRequires: cosign
%description
@@ -38,10 +37,18 @@ BuildRequires: cosign
tar -xf %{SOURCE1}
mkdir cmd/hauler/binaries
cp `which cosign` cmd/hauler/binaries/cosign-linux-%{go_arch}
MODULE=hauler.dev/go/hauler
%define buildtime %(date +%%Y-%%m-%%dT%%H:%%M:%%S%%z)
%define buildcommit %%SOURCE_COMMIT%%
go build -mod=vendor -buildmode=pie -o hauler ./cmd/hauler
go build \
-mod=vendor \
-buildmode=pie \
-o hauler \
-ldflags \
"-X $MODULE/internal/version.gitVersion=v%{version} -X $MODULE/internal/version.gitCommit=%{buildcommit} -X $MODULE/internal/version.buildDate=%{buildtime}" \
./cmd/hauler
%install

View File

@@ -1,6 +1,6 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.3
#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.3-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.4
#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.4-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
@@ -8,14 +8,8 @@ FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
#!ArchExclusiveLine: x86_64
RUN if [ "$(uname -m)" = "x86_64" ];then \
zypper -n in --no-recommends gcc git make xz-devel shim dosfstools mtools glibc-extra grub2-x86_64-efi grub2; zypper -n clean; rm -rf /var/log/*; \
fi
#!ArchExclusiveLine: aarch64
RUN if [ "$(uname -m)" = "aarch64" ];then \
zypper -n rm kubic-locale-archive-2.31-10.36.noarch openssl-1_1-1.1.1l-150500.17.37.1.aarch64; zypper -n in --no-recommends gcc git make xz-devel openssl-3 mokutil shim dosfstools mtools glibc glibc-extra grub2 grub2-arm64-efi; zypper -n clean; rm -rf /var/log/* ;\
fi
RUN zypper -n in --no-recommends shim-x86_64 shim-aarch64 grub2-x86_64-efi grub2-arm64-efi dosfstools mtools
WORKDIR /tmp
COPY prepare-efi.sh /bin/
RUN set -euo pipefail; chmod +x /bin/prepare-efi.sh
@@ -46,8 +40,8 @@ LABEL org.opencontainers.image.description="Openstack Ironic based on the SLE Ba
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opencontainers.image.version="26.1.2.3"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:26.1.2.3-%RELEASE%"
LABEL org.opencontainers.image.version="26.1.2.4"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:26.1.2.4-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -88,7 +82,8 @@ RUN if [ "$(uname -m)" = "aarch64" ]; then\
cp /usr/share/ipxe/snp-arm64.efi /tftpboot/ipxe.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp-arm64.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp.efi ;\
fi
COPY --from=base /tmp/esp.img /tmp/uefi_esp.img
COPY --from=base /tmp/esp-x86_64.img /tmp/uefi_esp-x86_64.img
COPY --from=base /tmp/esp-aarch64.img /tmp/uefi_esp-arm64.img
COPY ironic.conf.j2 /etc/ironic/
COPY inspector.ipxe.j2 httpd-ironic-api.conf.j2 ipxe_config.template /tmp/

View File

@@ -68,7 +68,7 @@ if [[ -n "$IRONIC_EXTERNAL_IP" ]]; then
fi
fi
IMAGE_CACHE_PREFIX=/shared/html/images/ironic-python-agent
IMAGE_CACHE_PREFIX="/shared/html/images/ironic-python-agent-${DEPLOY_ARCHITECTURE}"
if [[ -f "${IMAGE_CACHE_PREFIX}.kernel" ]] && [[ -f "${IMAGE_CACHE_PREFIX}.initramfs" ]]; then
export IRONIC_DEFAULT_KERNEL="${IMAGE_CACHE_PREFIX}.kernel"
export IRONIC_DEFAULT_RAMDISK="${IMAGE_CACHE_PREFIX}.initramfs"

View File

@@ -5,6 +5,6 @@ echo In inspector.ipxe
imgfree
# NOTE(dtantsur): keep inspection kernel params in [mdns]params in
# ironic-inspector-image and configuration in configure-ironic.sh
kernel --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent.kernel ipa-insecure=1 ipa-inspection-collectors={{ env.IRONIC_IPA_COLLECTORS }} systemd.journald.forward_to_console=yes BOOTIF=${mac} ipa-debug=1 ipa-enable-vlan-interfaces={{ env.IRONIC_ENABLE_VLAN_INTERFACES }} ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 {{ env.INSPECTOR_EXTRA_ARGS }} initrd=ironic-python-agent.initramfs {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} || goto retry_boot
initrd --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent.initramfs || goto retry_boot
kernel --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent-${buildarch}.kernel ipa-insecure=1 ipa-inspection-collectors={{ env.IRONIC_IPA_COLLECTORS }} systemd.journald.forward_to_console=yes BOOTIF=${mac} ipa-debug=1 ipa-enable-vlan-interfaces={{ env.IRONIC_ENABLE_VLAN_INTERFACES }} ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 {{ env.INSPECTOR_EXTRA_ARGS }} initrd=ironic-python-agent.initramfs {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} || goto retry_boot
initrd --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent-${buildarch}.initramfs || goto retry_boot
boot

View File

@@ -83,7 +83,7 @@ send_sensor_data = {{ env.SEND_SENSOR_DATA }}
# Power state is checked every 60 seconds and BMC activity should
# be avoided more often than once every sixty seconds.
send_sensor_data_interval = 160
bootloader = {{ env.IRONIC_BOOT_BASE_URL }}/uefi_esp.img
bootloader = {{ env.IRONIC_BOOT_BASE_URL }}/uefi_esp-{{ env.DEPLOY_ARCHITECTURE }}.img
verify_step_priority_override = management.clear_job_queue:90
# We don't use this feature, and it creates an additional load on the database
node_history = False

View File

@@ -2,41 +2,26 @@
set -euxo pipefail
ARCH=$(uname -m)
DEST=${2:-/tmp/esp.img}
OS=${1:-sles}
declare -A efi_arch=(
["x86_64"]="X64"
["aarch64"]="AA64"
)
if [ $ARCH = "aarch64" ]; then
BOOTEFI=BOOTAA64.EFI
GRUBEFI=grubaa64.efi
else
BOOTEFI=BOOTX64.efi
GRUBEFI=grubx64.efi
fi
for arch in "${!efi_arch[@]}"; do
dd bs=1024 count=6400 if=/dev/zero of=$DEST
mkfs.msdos -F 12 -n 'ESP_IMAGE' $DEST
DEST=/tmp/esp-${arch}.img
dd bs=1024 count=6400 if=/dev/zero of=$DEST
mkfs.msdos -F 12 -n 'ESP_IMAGE' $DEST
mmd -i $DEST EFI
mmd -i $DEST EFI/BOOT
mcopy -i $DEST -v /usr/share/efi/${arch}/shim.efi ::EFI/BOOT/BOOT${efi_arch[$arch]}.EFI
mcopy -i $DEST -v /usr/share/efi/${arch}/grub.efi ::EFI/BOOT/GRUB.EFI
mdir -i $DEST ::EFI/BOOT;
done
mkdir -p /boot/efi/EFI/BOOT
mkdir -p /boot/efi/EFI/$OS
if [ $ARCH = "aarch64" ]; then
cp -L /usr/share/efi/aarch64/shim.efi /boot/efi/EFI/BOOT/$BOOTEFI
cp -L /usr/share/efi/aarch64/grub.efi /boot/efi/EFI/BOOT/grub.efi
cp /usr/share/grub2/arm64-efi/grub.efi /boot/efi/EFI/$OS/grubaa64.efi
else
cp -L /usr/lib64/efi/shim.efi /boot/efi/EFI/BOOT/$BOOTEFI
#cp /usr/share/grub2/x86_64-efi/grub.efi /boot/efi/EFI/$OS/$GRUBEFI
cp /usr/share/grub2/x86_64-efi/grub.efi /boot/efi/EFI/$OS/grub.efi
fi
mmd -i $DEST EFI
mmd -i $DEST EFI/BOOT
mcopy -i $DEST -v /boot/efi/EFI/BOOT/$BOOTEFI ::EFI/BOOT
if [ $ARCH = "aarch64" ]; then
mcopy -i $DEST -v /boot/efi/EFI/BOOT/grub.efi ::EFI/BOOT
mcopy -i $DEST -v /boot/efi/EFI/$OS/$GRUBEFI ::EFI/BOOT
else
mcopy -i $DEST -v /boot/efi/EFI/$OS/grub.efi ::EFI/BOOT
fi
mdir -i $DEST ::EFI/BOOT;

View File

@@ -39,7 +39,7 @@ export INSPECTOR_EXTRA_ARGS
# Copy files to shared mount
render_j2_config /tmp/inspector.ipxe.j2 /shared/html/inspector.ipxe
cp /tmp/uefi_esp.img /shared/html/uefi_esp.img
cp /tmp/uefi_esp*.img /shared/html/
# Render the core httpd config
render_j2_config /etc/httpd/conf/httpd.conf.j2 /etc/httpd/conf/httpd.conf

View File

@@ -1,6 +1,6 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.1
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.1-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.3
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.3-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
@@ -8,15 +8,8 @@ FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
#!ArchExclusiveLine: x86_64
RUN if [ "$(uname -m)" = "x86_64" ];then \
zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-x86_64 python311-devel python311 python311-pip tar gawk git curl xz fakeroot shadow sed cpio; zypper -n clean; rm -rf /var/log/*; \
fi
#!ArchExclusiveLine: aarch64
RUN if [ "$(uname -m)" = "aarch64" ];then \
zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-aarch64 python311-devel python311 python311-pip tar gawk git curl xz fakeroot shadow sed cpio; zypper -n clean; rm -rf /var/log/*; \
fi
#RUN zypper --installroot /installroot --non-interactive install --no-recommends sles-release;
RUN zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-x86_64 ironic-ipa-ramdisk-aarch64 tar gawk curl xz zstd shadow cpio findutils
RUN cp /usr/bin/getopt /installroot/
FROM micro AS final
@@ -26,11 +19,11 @@ FROM micro AS final
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="3.0.1"
LABEL org.opencontainers.image.version="3.0.3"
LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.1-%RELEASE%"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.3-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -41,8 +34,9 @@ LABEL com.suse.release-stage="released"
COPY --from=base /installroot /
RUN cp /getopt /usr/bin/
RUN cp /srv/tftpboot/openstack-ironic-image/initrd.xz /tmp
RUN cp /srv/tftpboot/openstack-ironic-image/initrd*.zst /tmp
RUN cp /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel /tmp
RUN sha256sum /srv/tftpboot/openstack-ironic-image/initrd*.zst /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel > /tmp/images.sha256
# configure non-root user
COPY configure-nonroot.sh /bin/
RUN set -euo pipefail; chmod +x /bin/configure-nonroot.sh

View File

@@ -6,12 +6,33 @@ export http_proxy=${http_proxy:-$HTTP_PROXY}
export https_proxy=${https_proxy:-$HTTPS_PROXY}
export no_proxy=${no_proxy:-$NO_PROXY}
if [ -d "/tmp/ironic-certificates" ]; then
sha256sum /tmp/ironic-certificates/* > /tmp/certificates.sha256
if cmp "/shared/certificates.sha256" "/tmp/certificates.sha256"; then
CERTS_CHANGED=0
else
CERTS_CHANGED=1
fi
fi
# Which image should we use
if [ -z "${IPA_BASEURI}" ]; then
# SLES BASED IPA - ironic-ipa-ramdisk-x86_64 package
if cmp "/shared/images.sha256" "/tmp/images.sha256"; then
if [ "${CERTS_CHANGED:-0}" = "0" ]; then
# everything is the same exit early
exit 0
fi
fi
IMAGE_CHANGED=1
# SLES BASED IPA - ironic-ipa-ramdisk-x86_64 and ironic-ipa-ramdisk-aarch64 packages
mkdir -p /shared/html/images
cp /tmp/initrd.xz /shared/html/images/ironic-python-agent.initramfs
cp /tmp/openstack-ironic-image*.kernel /shared/html/images/ironic-python-agent.kernel
cp /tmp/initrd-x86_64.zst /shared/html/images/ironic-python-agent-x86_64.initramfs
cp /tmp/openstack-ironic-image.x86_64*.kernel /shared/html/images/ironic-python-agent-x86_64.kernel
# Use arm64 as destination for iPXE compatibility
cp /tmp/initrd-aarch64.zst /shared/html/images/ironic-python-agent-arm64.initramfs
cp /tmp/openstack-ironic-image.aarch64*.kernel /shared/html/images/ironic-python-agent-arm64.kernel
cp /tmp/images.sha256 /shared/images.sha256
else
FILENAME=ironic-python-agent
FILENAME_EXT=.tar
@@ -25,47 +46,56 @@ else
# If we have a CACHEURL and nothing has yet been downloaded
# get header info from the cache
ls -l
if [ -n "$CACHEURL" -a ! -e $FFILENAME.headers ] ; then
if [ -n "$CACHEURL" ] && [ ! -e $FFILENAME.headers ] ; then
curl -g --verbose --fail -O "$CACHEURL/$FFILENAME.headers" || true
fi
# Download the most recent version of IPA
if [ -e $FFILENAME.headers ] ; then
ETAG=$(awk '/ETag:/ {print $2}' $FFILENAME.headers | tr -d "\r")
cd $TMPDIR
curl -g --verbose --dump-header $FFILENAME.headers -O $IPA_BASEURI/$FFILENAME --header "If-None-Match: $ETAG" || cp /shared/html/images/$FFILENAME.headers .
cd "$TMPDIR"
curl -g --verbose --dump-header $FFILENAME.headers -O "$IPA_BASEURI/$FFILENAME" --header "If-None-Match: $ETAG" || cp /shared/html/images/$FFILENAME.headers .
# curl didn't download anything because we have the ETag already
# but we don't have it in the images directory
# Its in the cache, go get it
ETAG=$(awk '/ETag:/ {print $2}' $FFILENAME.headers | tr -d "\"\r")
if [ ! -s $FFILENAME -a ! -e /shared/html/images/$FILENAME-$ETAG/$FFILENAME ] ; then
if [ ! -s $FFILENAME ] && [ ! -e "/shared/html/images/$FILENAME-$ETAG/$FFILENAME" ] ; then
mv /shared/html/images/$FFILENAME.headers .
curl -g --verbose -O "$CACHEURL/$FILENAME-$ETAG/$FFILENAME"
fi
else
cd $TMPDIR
curl -g --verbose --dump-header $FFILENAME.headers -O $IPA_BASEURI/$FFILENAME
cd "$TMPDIR"
curl -g --verbose --dump-header $FFILENAME.headers -O "$IPA_BASEURI/$FFILENAME"
fi
if [ -s $FFILENAME ] ; then
tar -xf $FFILENAME
xz -d -c -k --fast $FILENAME.initramfs | zstd -c > $FILENAME.initramfs.zstd
mv $FILENAME.initramfs.zstd $FILENAME.initramfs
ARCH=$(file -b ${FILENAME}.kernel | cut -d ' ' -f 3)
if [ "$ARCH" = "x86" ]; then
ARCH="x86_64"
fi
ETAG=$(awk '/ETag:/ {print $2}' $FFILENAME.headers | tr -d "\"\r")
cd -
chmod 755 $TMPDIR
mv $TMPDIR $FILENAME-$ETAG
ln -sf $FILENAME-$ETAG/$FFILENAME.headers $FFILENAME.headers
ln -sf $FILENAME-$ETAG/$FILENAME.initramfs $FILENAME.initramfs
ln -sf $FILENAME-$ETAG/$FILENAME.kernel $FILENAME.kernel
chmod 755 "$TMPDIR"
mv "$TMPDIR" "$FILENAME-$ETAG"
ln -sf "$FILENAME-$ETAG/$FFILENAME.headers" "$FFILENAME.headers"
ln -sf "$FILENAME-$ETAG/$FILENAME.initramfs" "$FILENAME-${ARCH,,}.initramfs"
ln -sf "$FILENAME-$ETAG/$FILENAME.kernel" "$FILENAME-${ARCH,,}.kernel"
IMAGE_CHANGED=1
else
rm -rf $TMPDIR
rm -rf "$TMPDIR"
fi
fi
if [ -d "/tmp/ironic-certificates" ]; then
if [ "${CERTS_CHANGED:-0}" = "1" ] || [ "${IMAGE_CHANGED:-0}" = "1" ]; then
mkdir -p /tmp/ca/tmp-initrd && cd /tmp/ca/tmp-initrd
xz -d -c -k --fast /shared/html/images/ironic-python-agent.initramfs | fakeroot -s ../initrd.fakeroot cpio -i
mkdir -p etc/ironic-python-agent.d/ca-certs
cp /tmp/ironic-certificates/* etc/ironic-python-agent.d/ca-certs/
find . | fakeroot -i ../initrd.fakeroot cpio -o -H newc | xz --check=crc32 --x86 --lzma2 --fast > /shared/html/images/ironic-python-agent.initramfs
for initramfs in /shared/html/images/ironic-python-agent-*.initramfs; do
find . | cpio -o -H newc --reproducible | zstd -c >> "${initramfs}"
done
cp /tmp/certificates.sha256 /shared/certificates.sha256
fi

View File

@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<image schemaversion="7.4" name="openstack-ironic-image-301">
<image schemaversion="7.4" name="openstack-ironic-image">
<description type="system">
<author>Cloud developers</author>
<contact>cloud-devel@suse.de</contact>

View File

@@ -19,7 +19,7 @@
Name: ironic-ipa-ramdisk
Version: 3.0.1
Version: 3.0.3
Release: 0
Summary: Kernel and ramdisk image for OpenStack Ironic
License: SUSE-EULA
@@ -148,10 +148,8 @@ TDIR=`mktemp -d /tmp/openstack-ironic-image.XXXXX`
cd /tmp/openstack-ironic-image/img/build/image-root
find . | cpio --create --format=newc --quiet > $TDIR/initrdtmp
cd $TDIR
gzip -9 -f initrdtmp
INITRDGZ=`ls *.gz | head -1`
gzip -cd $INITRDGZ | xz --check=crc32 -c9 > initrd.xz
INITRD=`ls *.xz | head -1`
zstd initrdtmp -o initrd-%{_arch}.zst
INITRD=`ls *.zst | head -1`
ls /tmp/openstack-ironic-image/img/openstack-ironic-image*
KERNEL=`ls /tmp/openstack-ironic-image/img/openstack-ironic-image*default*kernel | head -1`

BIN
ironic-ipa-ramdisk/root.tar.bz2 (Stored with Git LFS)

Binary file not shown.

View File

@@ -1,12 +1,12 @@
#!BuildTag: %%IMG_PREFIX%%kiwi-builder:%%kiwi_version%%.1-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%kiwi-builder:%%kiwi_version%%.1
#!BuildTag: %%IMG_PREFIX%%kiwi-builder:%%kiwi_version%%.0-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%kiwi-builder:%%kiwi_version%%.0
ARG KIWIVERSION="10.2.12"
FROM registry.suse.com/bci/kiwi:${KIWIVERSION}
ARG KIWIVERSION
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.akri
# labelprefix=com.suse.application.kiwi
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE Kiwi Builder Container Image"
LABEL org.opencontainers.image.description="kiwi-builder based on the SLE Base Container Image."
@@ -14,7 +14,7 @@ LABEL org.opencontainers.image.version="%%kiwi_version%%"
LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kiwi-builder:%%kiwi_version%%.1-%RELEASE%"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kiwi-builder:%%kiwi_version%%.0-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -35,3 +35,4 @@ RUN mkdir -p /micro-sdk/defs
ADD SL-Micro.kiwi /micro-sdk/defs
ADD SL-Micro.kiwi.4096 /micro-sdk/defs
ADD config.sh /micro-sdk/defs
ADD editbootinstall_rpi.sh /micro-sdk/defs

View File

@@ -2,13 +2,13 @@
Kiwi SDK Image Instructions
###########################
Please ensure that you're running this on a registered SLE Micro 6.0 system, and make sure that SELinux is disabled:
Please ensure that you're running this on a registered SUSE Linux Micro 6.1 system, and make sure that SELinux is disabled:
# setenforce 0
Next, download the podman image:
# podman pull %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.1
# podman pull %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.0
Make a local output directory (where the images will reside):
@@ -16,40 +16,40 @@ Make a local output directory (where the images will reside):
Then, to build a standard "Base" image, run the following in podman:
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.1 build-image
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.0 build-image
To build a "Base" SelfInstall ISO, you can add additional flags, for example:
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.1 build-image -p Base-SelfInstall
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.0 build-image -p Base-SelfInstall
Then, to build a standard "Default" image, run the following in podman:
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.1 build-image -p Default
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.0 build-image -p Default
To build a "Default" SelfInstall ISO, you can add additional flags, for example:
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.1 build-image -p Default-SelfInstall
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.0 build-image -p Default-SelfInstall
To build an image with a RealTime kernel, e.g. a RAW disk image ("Default"), use the following:
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.1 build-image -p Base-RT
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.0 build-image -p Base-RT
To build an image that supports a large block/sectorsize (4096), use the "-b" flag, for example:
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.1 build-image -p Default-SelfInstall -b
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.0 build-image -p Default-SelfInstall -b
# mkdir mydefs/
# cp /path/to/SL-Micro.kiwi mydefs/
# cp /path/to/config.sh mydefs/
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -v ./mydefs/:/micro-sdk/defs/ -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.1 build-image
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -v ./mydefs/:/micro-sdk/defs/ -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.0 build-image
All output will be in the local $(pwd)/output directory, for example:
# ls -1 output/
SL-Micro.x86_64-6.0.changes
SL-Micro.x86_64-6.0.packages
SL-Micro.x86_64-6.0.raw
SL-Micro.x86_64-6.0.verified
SL-Micro.x86_64-6.1.changes
SL-Micro.x86_64-6.1.packages
SL-Micro.x86_64-6.1.raw
SL-Micro.x86_64-6.1.verified
build
kiwi.result
kiwi.result.json

View File

@@ -30,9 +30,21 @@
<profile name="x86-self_install" description="Raw disk for x86_64 - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64" description="Raw disk for aarch64 - uEFI" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-self_install" description="Raw disk for aarch64" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-rt" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-rt-rpi" description="Raw disk for aarch64 with RT kernel on Raspberry Pi" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-rt-self_install" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-legacy" description="Raw disk for x86_64 - legacy boot" arch="x86_64">
<requires profile="bootloader"/>
</profile>
@@ -63,6 +75,21 @@
<profile name="s390-fba" description="Raw disk for s390 - DASD" arch="s390x">
<requires profile="bootloader"/>
</profile>
<profile name="s390-fcp" description="Raw disk for s390 - SCSI" arch="s390x">
<requires profile="bootloader"/>
</profile>
<profile name="ppc64le-512ss" description="Raw disk for PPc64 - 512 sector size" arch="ppc64le">
<requires profile="bootloader"/>
</profile>
<profile name="ppc64le-4096ss" description="Raw disk for PPc64 - 4096 sector size" arch="ppc64le">
<requires profile="bootloader"/>
</profile>
<profile name="ppc64le-512ss-self_install" description="Raw disk for PPc64 - 512 sector size" arch="ppc64le">
<requires profile="bootloader"/>
</profile>
<profile name="ppc64le-4096ss-self_install" description="Raw disk for PPc64 - 4096 sector size" arch="ppc64le">
<requires profile="bootloader"/>
</profile>
<!-- Images (flavor + platform) -->
<profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
<requires profile="full"/>
@@ -124,10 +151,18 @@
<requires profile="self_install"/>
</profile>
<profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="aarch64">
<requires profile="full"/>
<requires profile="aarch64"/>
</profile>
<profile name="Default-RPi" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="aarch64">
<requires profile="full"/>
<requires profile="rpi"/>
</profile>
<profile name="Base" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64"/>
</profile>
<profile name="Base-RPi" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
<requires profile="container-host"/>
<requires profile="rpi"/>
</profile>
@@ -140,6 +175,19 @@
<requires profile="x86-rt-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Base-RT" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-rt"/>
</profile>
<profile name="Base-RT-RPi" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-rt-rpi"/>
</profile>
<profile name="Base-RT-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-rt-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Default-qcow" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x">
<requires profile="full"/>
<requires profile="s390-kvm"/>
@@ -164,6 +212,14 @@
<requires profile="container-host"/>
<requires profile="s390-fba"/>
</profile>
<profile name="Default-fcp" description="SL Micro with Podman and KVM as raw image for zFCP on System z" arch="s390x">
<requires profile="full"/>
<requires profile="s390-fcp"/>
</profile>
<profile name="Base-fcp" description="SL Micro with Podman as raw image for zFCP on System z" arch="s390x">
<requires profile="container-host"/>
<requires profile="s390-fcp"/>
</profile>
<profile name="Default-legacy" description="SL Micro with Podman as raw image with legacy boot" arch="x86_64">
<requires profile="full"/>
<requires profile="x86-legacy"/>
@@ -184,10 +240,47 @@
<requires profile="container-host"/>
<requires profile="aarch64-qcow"/>
</profile>
<profile name="Base-512" description="SL Micro with Podman as raw image for ppc64le with 512b sector size" arch="ppc64le">
<requires profile="container-host"/>
<requires profile="ppc64le-512ss"/>
</profile>
<profile name="Base-4096" description="SL Micro with Podman as raw image for ppc64le with 4096b sector size" arch="ppc64le">
<requires profile="container-host"/>
<requires profile="ppc64le-4096ss"/>
</profile>
<profile name="Base-512-SelfInstall" description="SL Micro with Podman as self-install image for ppc64le with 512b sector size" arch="ppc64le">
<requires profile="container-host"/>
<requires profile="ppc64le-512ss-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Base-4096-SelfInstall" description="SL Micro with Podman as self-install image for ppc64le with 512b sector size" arch="ppc64le">
<requires profile="container-host"/>
<requires profile="ppc64le-4096ss-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Default-512" description="SL Micro with Podman and KVM as raw image for ppc64le with 512b sector size" arch="ppc64le">
<requires profile="full"/>
<requires profile="ppc64le-512ss"/>
</profile>
<profile name="Default-4096" description="SL Micro with Podman and KVM as raw image for ppc64le with 4096b sector size" arch="ppc64le">
<requires profile="full"/>
<requires profile="ppc64le-4096ss"/>
</profile>
<profile name="Default-512-SelfInstall" description="SL Micro with Podman and KVM as self-install image for ppc64le with 512b sector size" arch="ppc64le">
<requires profile="full"/>
<requires profile="ppc64le-512ss-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Default-4096-SelfInstall" description="SL Micro with Podman and KVM as self-install image for ppc64le with 512b sector size" arch="ppc64le">
<requires profile="full"/>
<requires profile="ppc64le-4096ss-self_install"/>
<requires profile="self_install"/>
</profile>
</profiles>
<preferences profiles="x86-encrypted,x86-rt-encrypted">
<version>6.0</version>
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -198,7 +291,7 @@
initrd_system="dracut"
filesystem="btrfs"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -211,7 +304,7 @@
luks_pbkdf="pbkdf2"
>
<luksformat>
<option name="--cipher" value="aes"/>
<option name="--cipher" value="aes-xts-plain64"/>
</luksformat>
<bootloader name="grub2" console="gfxterm" use_disk_password="true" />
<systemdisk>
@@ -230,7 +323,7 @@
</type>
</preferences>
<preferences profiles="x86,x86-rt">
<version>6.0</version>
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -241,7 +334,7 @@
initrd_system="dracut"
filesystem="btrfs"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -266,7 +359,7 @@
</preferences>
<preferences profiles="x86-self_install,x86-rt-self_install">
<version>6.0</version>
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -276,11 +369,12 @@
image="oem"
initrd_system="dracut"
installiso="true"
installpxe="true"
filesystem="btrfs"
installboot="install"
install_continue_on_timeout="false"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -304,8 +398,8 @@
</type>
</preferences>
<preferences profiles="rpi">
<version>6.0</version>
<preferences profiles="rpi,aarch64-rt-rpi">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -320,7 +414,7 @@
install_continue_on_timeout="false"
fsmountoptions="noatime"
firmware="uefi"
kernelcmdline="console=ttyS0,115200n8 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
bootpartition="false"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
@@ -344,8 +438,9 @@
</systemdisk>
</type>
</preferences>
<preferences profiles="aarch64-self_install">
<version>6.0</version>
<preferences profiles="aarch64,aarch64-rt">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -358,9 +453,49 @@
filesystem="btrfs"
installboot="install"
install_continue_on_timeout="false"
fsmountoptions="noatime"
firmware="uefi"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
bootpartition="false"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
efipartsize="128"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="false"
disk_start_sector="4096"
>
<bootloader name="grub2" console="gfxterm" timeout="3" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="aarch64-self_install,aarch64-rt-self_install">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
initrd_system="dracut"
installiso="true"
installpxe="true"
filesystem="btrfs"
installboot="install"
install_continue_on_timeout="false"
firmware="uefi"
efipartsize="128"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -385,22 +520,22 @@
</preferences>
<preferences profiles="s390-kvm">
<version>6.0</version>
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
<type
image="oem"
filesystem="btrfs"
bootpartition="true"
bootpartsize="300"
bootfilesystem="ext2"
bootfilesystem="ext4"
initrd_system="dracut"
format="qcow2"
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=metal"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
@@ -423,7 +558,7 @@
<preferences profiles="s390-dasd">
<version>6.0</version>
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -434,9 +569,9 @@
filesystem="btrfs"
bootpartition="true"
bootpartsize="300"
bootfilesystem="ext2"
bootfilesystem="ext4"
initrd_system="dracut"
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet systemd.show_status=1"
devicepersistency="by-uuid"
target_blocksize="4096"
btrfs_root_is_snapshot="true"
@@ -461,7 +596,7 @@
<preferences profiles="s390-fba">
<version>6.0</version>
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -472,9 +607,9 @@
filesystem="btrfs"
bootpartition="true"
bootpartsize="300"
bootfilesystem="ext2"
bootfilesystem="ext4"
initrd_system="dracut"
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet systemd.show_status=1"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
@@ -495,9 +630,47 @@
</type>
</preferences>
<preferences profiles="s390-fcp">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
filesystem="btrfs"
installpxe="true"
bootpartition="true"
bootpartsize="300"
bootfilesystem="ext4"
initrd_system="dracut"
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet systemd.show_status=1"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<oemconfig>
<oem-multipath-scan>true</oem-multipath-scan>
</oemconfig>
<bootloader name="grub2_s390x_emu" console="serial" timeout="3" targettype="SCSI"/>
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/s390x-emu" mountpoint="boot/grub2/s390x-emu"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
<size unit="G">5</size>
</type>
</preferences>
<preferences profiles="x86-vmware">
<version>6.0</version>
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -532,7 +705,7 @@
</type>
</preferences>
<preferences profiles="x86-qcow">
<version>6.0</version>
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -543,7 +716,7 @@
format="qcow2"
filesystem="btrfs"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=qemu"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -569,7 +742,7 @@
</preferences>
<preferences profiles="aarch64-qcow">
<version>6.0</version>
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -581,7 +754,7 @@
filesystem="btrfs"
firmware="uefi"
efipartsize="128"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=qemu"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -592,7 +765,7 @@
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<volume name="opt"/>
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
<volume name="boot/writable"/>
@@ -603,6 +776,161 @@
</type>
</preferences>
<preferences profiles="ppc64le-512ss">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
<type
image="oem"
filesystem="btrfs"
firmware="ofw"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/powerpc-ieee1275"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="ppc64le-4096ss">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<!-- TODO: supposedly this is needed as type attribute, but kiwi needs patching
disk_start_sector="256" -->
<!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
<type
image="oem"
target_blocksize="4096"
filesystem="btrfs"
firmware="ofw"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/powerpc-ieee1275"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="ppc64le-512ss-self_install">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
<type
image="oem"
installiso="true"
installpxe="true"
filesystem="btrfs"
firmware="ofw"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=metal"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<installmedia>
<initrd action="omit">
<dracut module="drm"/>
</initrd>
</installmedia>
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/powerpc-ieee1275"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="ppc64le-4096ss-self_install">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<!-- TODO: supposedly this is needed as type attribute, but kiwi needs patching
disk_start_sector="256" -->
<!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
<type
image="oem"
installiso="true"
installpxe="true"
target_blocksize="4096"
filesystem="btrfs"
firmware="ofw"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<installmedia>
<initrd action="omit">
<dracut module="drm"/>
</initrd>
</installmedia>
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/powerpc-ieee1275"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<repository type="rpm-md" >
<source path='obsrepositories:/'/>
</repository>
@@ -621,6 +949,7 @@
<package name="patterns-base-cockpit"/>
<namedCollection name="selinux"/>
<package name="patterns-base-selinux"/>
<package name="policycoreutils-python-utils"/>
<package name="suseconnect-ng"/>
<package name="SL-Micro-release"/>
<package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
@@ -628,7 +957,6 @@
<package name="firewalld"/>
<package name="wpa_supplicant" arch="x86_64,aarch64"/>
<package name="libpwquality-tools"/>
<!-- <package name="k3s-install"/> -->
</packages>
<packages type="image" profiles="x86-encrypted,x86-rt-encrypted">
@@ -648,10 +976,9 @@
<package name="patterns-base-transactional"/>
<namedCollection name="container_runtime_podman"/>
<package name="patterns-container-runtime_podman"/>
<namedCollection name="cockpit"/>
<package name="patterns-base-cockpit"/>
<namedCollection name="selinux"/>
<package name="patterns-base-selinux"/>
<package name="policycoreutils-python-utils"/>
<package name="suseconnect-ng"/>
<package name="SL-Micro-release"/>
<package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
@@ -713,7 +1040,8 @@
<package name="grub2-x86_64-efi" arch="x86_64"/>
<package name="grub2-arm64-efi" arch="aarch64"/>
<package name="grub2-s390x-emu" arch="s390x"/>
<package name="grub2-branding-SLE" bootinclude="true" arch="x86_64,aarch64"/>
<package name="grub2-powerpc-ieee1275" arch="ppc64le"/>
<package name="grub2-branding-SLE" bootinclude="true" arch="x86_64,aarch64,ppc64le"/>
<package name="grub2-snapper-plugin"/>
<package name="shim" arch="x86_64,aarch64"/>
<package name="mokutil" arch="x86_64,aarch64"/>
@@ -721,46 +1049,46 @@
<package name="kpartx" arch="s390x"/>--> <!-- previous releases picked it always, now kiwi picks partx instead -->
</packages>
<!-- rpi kernel-default-base does not provide all necessary drivers -->
<packages type="image" profiles="x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64-qcow,s390-kvm,s390-dasd,s390-fba">
<packages type="image" profiles="rpi,aarch64-self_install,x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64,aarch64-qcow,s390-kvm,s390-dasd,s390-fba,s390-fcp,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
<package name="kernel-default"/>
<package name="kernel-firmware-all"/>
</packages>
<packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted">
<packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install">
<package name="kernel-rt"/>
<package name="kernel-firmware-all"/>
<package name="kernel-firmware-all"/>
<!-- FIXME intentionally removed from ALP code stream
<package name="cpuset"/> -->
<package name="cpuset"/> -->
</packages>
<!-- makes the image build, but also include kernel-default
<packages type="image" profiles="x86-rt-encrypted">
<package name="kernel-default-extra"/>
</packages> -->
<packages type="image" profiles="s390-kvm,s390-dasd,s390-fba">
<packages type="image" profiles="s390-kvm,s390-dasd,s390-fba,s390-fcp">
<package name="dracut-kiwi-oem-dump"/>
<package name="dracut-kiwi-oem-repart"/>
<package name="blog"/>
</packages>
<packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64-qcow,rpi,aarch64-self_install">
<!-- FCP is usually used multipathed. -->
<packages type="image" profiles="s390-fcp">
<package name="multipath-tools"/>
</packages>
<packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64,aarch64-qcow,rpi,aarch64-self_install,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
<package name="dracut-kiwi-oem-repart"/>
<package name="dracut-kiwi-oem-dump"/>
</packages>
<packages type="image" profiles="rpi,aarch64-self_install">
<packages type="image" profiles="rpi,aarch64-self_install,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install">
<package name="raspberrypi-firmware" arch="aarch64"/>
<package name="raspberrypi-firmware-config" arch="aarch64"/>
<package name="raspberrypi-firmware-dt" arch="aarch64"/>
<package name="u-boot-rpiarm64" arch="aarch64"/>
</packages>
<packages type="image" profiles="rpi,aarch64-self_install,aarch64-rt,aarch64-rt-self_install">
<package name="dracut-kiwi-oem-repart"/>
<package name="bcm43xx-firmware"/>
<package name="kernel-firmware-all"/><!-- Fix choice between kernel-firmware and kernel-firmware-all -->
<package name="wireless-regdb"/>
<package name="wireless-tools"/>
<package name="wpa_supplicant"/>
<package name="grub2-arm64-efi"/>
<!-- kernel-default-base does not have all required drivers -->
<package name="kernel-default"/>
</packages>
<packages type="bootstrap">
<package name="coreutils"/>
<package name="filesystem"/>
<package name="coreutils"/>
<package name="ca-certificates"/>
<package name="ca-certificates-mozilla"/>
</packages>
@@ -774,4 +1102,14 @@
<packages type="image" profiles="x86-qcow,aarch64-qcow">
<package name="qemu-guest-agent"/>
</packages>
<!-- jsc#PED-8599 -->
<packages type="image" profiles="Base,Base-encrypted,Base-RT,Base-RT-encrypted,Base-fba,Base-dasd,Base-fcp,Base-512,Base-4096,Default,Default-encrypted,Default-fba,Default-dasd,Default-fcp,Default-512,Default-4096">
<package name="usbguard"/>
</packages>
<!-- jsc#PED-8788 -->
<packages type="image" profiles="Base-RT,Base-RT-encrypted,x86-rt-encrypted,x86-rt,x86-rt-self_install,aarch64-rt,aarch64-rt-self_install">
<package name="stalld"/>
</packages>
</image>

View File

@@ -30,9 +30,21 @@
<profile name="x86-self_install" description="Raw disk for x86_64 - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64" description="Raw disk for aarch64 - uEFI" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-self_install" description="Raw disk for aarch64" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-rt" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-rt-rpi" description="Raw disk for aarch64 with RT kernel on Raspberry Pi" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-rt-self_install" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-legacy" description="Raw disk for x86_64 - legacy boot" arch="x86_64">
<requires profile="bootloader"/>
</profile>
@@ -63,6 +75,21 @@
<profile name="s390-fba" description="Raw disk for s390 - DASD" arch="s390x">
<requires profile="bootloader"/>
</profile>
<profile name="s390-fcp" description="Raw disk for s390 - SCSI" arch="s390x">
<requires profile="bootloader"/>
</profile>
<profile name="ppc64le-512ss" description="Raw disk for PPc64 - 512 sector size" arch="ppc64le">
<requires profile="bootloader"/>
</profile>
<profile name="ppc64le-4096ss" description="Raw disk for PPc64 - 4096 sector size" arch="ppc64le">
<requires profile="bootloader"/>
</profile>
<profile name="ppc64le-512ss-self_install" description="Raw disk for PPc64 - 512 sector size" arch="ppc64le">
<requires profile="bootloader"/>
</profile>
<profile name="ppc64le-4096ss-self_install" description="Raw disk for PPc64 - 4096 sector size" arch="ppc64le">
<requires profile="bootloader"/>
</profile>
<!-- Images (flavor + platform) -->
<profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
<requires profile="full"/>
@@ -124,10 +151,18 @@
<requires profile="self_install"/>
</profile>
<profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="aarch64">
<requires profile="full"/>
<requires profile="aarch64"/>
</profile>
<profile name="Default-RPi" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="aarch64">
<requires profile="full"/>
<requires profile="rpi"/>
</profile>
<profile name="Base" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64"/>
</profile>
<profile name="Base-RPi" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
<requires profile="container-host"/>
<requires profile="rpi"/>
</profile>
@@ -140,6 +175,19 @@
<requires profile="x86-rt-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Base-RT" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-rt"/>
</profile>
<profile name="Base-RT-RPi" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-rt-rpi"/>
</profile>
<profile name="Base-RT-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-rt-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Default-qcow" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x">
<requires profile="full"/>
<requires profile="s390-kvm"/>
@@ -164,6 +212,14 @@
<requires profile="container-host"/>
<requires profile="s390-fba"/>
</profile>
<profile name="Default-fcp" description="SL Micro with Podman and KVM as raw image for zFCP on System z" arch="s390x">
<requires profile="full"/>
<requires profile="s390-fcp"/>
</profile>
<profile name="Base-fcp" description="SL Micro with Podman as raw image for zFCP on System z" arch="s390x">
<requires profile="container-host"/>
<requires profile="s390-fcp"/>
</profile>
<profile name="Default-legacy" description="SL Micro with Podman as raw image with legacy boot" arch="x86_64">
<requires profile="full"/>
<requires profile="x86-legacy"/>
@@ -184,10 +240,47 @@
<requires profile="container-host"/>
<requires profile="aarch64-qcow"/>
</profile>
<profile name="Base-512" description="SL Micro with Podman as raw image for ppc64le with 512b sector size" arch="ppc64le">
<requires profile="container-host"/>
<requires profile="ppc64le-512ss"/>
</profile>
<profile name="Base-4096" description="SL Micro with Podman as raw image for ppc64le with 4096b sector size" arch="ppc64le">
<requires profile="container-host"/>
<requires profile="ppc64le-4096ss"/>
</profile>
<profile name="Base-512-SelfInstall" description="SL Micro with Podman as self-install image for ppc64le with 512b sector size" arch="ppc64le">
<requires profile="container-host"/>
<requires profile="ppc64le-512ss-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Base-4096-SelfInstall" description="SL Micro with Podman as self-install image for ppc64le with 512b sector size" arch="ppc64le">
<requires profile="container-host"/>
<requires profile="ppc64le-4096ss-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Default-512" description="SL Micro with Podman and KVM as raw image for ppc64le with 512b sector size" arch="ppc64le">
<requires profile="full"/>
<requires profile="ppc64le-512ss"/>
</profile>
<profile name="Default-4096" description="SL Micro with Podman and KVM as raw image for ppc64le with 4096b sector size" arch="ppc64le">
<requires profile="full"/>
<requires profile="ppc64le-4096ss"/>
</profile>
<profile name="Default-512-SelfInstall" description="SL Micro with Podman and KVM as self-install image for ppc64le with 512b sector size" arch="ppc64le">
<requires profile="full"/>
<requires profile="ppc64le-512ss-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Default-4096-SelfInstall" description="SL Micro with Podman and KVM as self-install image for ppc64le with 512b sector size" arch="ppc64le">
<requires profile="full"/>
<requires profile="ppc64le-4096ss-self_install"/>
<requires profile="self_install"/>
</profile>
</profiles>
<preferences profiles="x86-encrypted,x86-rt-encrypted">
<version>6.0</version>
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -198,7 +291,7 @@
initrd_system="dracut"
filesystem="btrfs"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -213,7 +306,7 @@
efipartsize="200"
>
<luksformat>
<option name="--cipher" value="aes"/>
<option name="--cipher" value="aes-xts-plain64"/>
</luksformat>
<bootloader name="grub2" console="gfxterm" use_disk_password="true" />
<systemdisk>
@@ -232,7 +325,7 @@
</type>
</preferences>
<preferences profiles="x86,x86-rt">
<version>6.0</version>
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -243,7 +336,7 @@
initrd_system="dracut"
filesystem="btrfs"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -270,7 +363,7 @@
</preferences>
<preferences profiles="x86-self_install,x86-rt-self_install">
<version>6.0</version>
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -280,11 +373,12 @@
image="oem"
initrd_system="dracut"
installiso="true"
installpxe="true"
filesystem="btrfs"
installboot="install"
install_continue_on_timeout="false"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -310,8 +404,8 @@
</type>
</preferences>
<preferences profiles="rpi">
<version>6.0</version>
<preferences profiles="rpi,aarch64-rt-rpi">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -326,7 +420,7 @@
install_continue_on_timeout="false"
fsmountoptions="noatime"
firmware="uefi"
kernelcmdline="console=ttyS0,115200n8 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
bootpartition="false"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
@@ -350,8 +444,9 @@
</systemdisk>
</type>
</preferences>
<preferences profiles="aarch64-self_install">
<version>6.0</version>
<preferences profiles="aarch64,aarch64-rt">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -364,9 +459,49 @@
filesystem="btrfs"
installboot="install"
install_continue_on_timeout="false"
fsmountoptions="noatime"
firmware="uefi"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
bootpartition="false"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
efipartsize="128"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="false"
disk_start_sector="4096"
>
<bootloader name="grub2" console="gfxterm" timeout="3" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="aarch64-self_install,aarch64-rt-self_install">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
initrd_system="dracut"
installiso="true"
installpxe="true"
filesystem="btrfs"
installboot="install"
install_continue_on_timeout="false"
firmware="uefi"
efipartsize="128"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -391,22 +526,22 @@
</preferences>
<preferences profiles="s390-kvm">
<version>6.0</version>
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
<type
image="oem"
filesystem="btrfs"
bootpartition="true"
bootpartsize="300"
bootfilesystem="ext2"
bootfilesystem="ext4"
initrd_system="dracut"
format="qcow2"
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=metal"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
@@ -429,7 +564,7 @@
<preferences profiles="s390-dasd">
<version>6.0</version>
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -440,9 +575,9 @@
filesystem="btrfs"
bootpartition="true"
bootpartsize="300"
bootfilesystem="ext2"
bootfilesystem="ext4"
initrd_system="dracut"
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet systemd.show_status=1"
devicepersistency="by-uuid"
target_blocksize="4096"
btrfs_root_is_snapshot="true"
@@ -467,7 +602,7 @@
<preferences profiles="s390-fba">
<version>6.0</version>
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -478,9 +613,9 @@
filesystem="btrfs"
bootpartition="true"
bootpartsize="300"
bootfilesystem="ext2"
bootfilesystem="ext4"
initrd_system="dracut"
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet systemd.show_status=1"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
@@ -501,9 +636,47 @@
</type>
</preferences>
<preferences profiles="s390-fcp">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
filesystem="btrfs"
installpxe="true"
bootpartition="true"
bootpartsize="300"
bootfilesystem="ext4"
initrd_system="dracut"
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet systemd.show_status=1"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<oemconfig>
<oem-multipath-scan>true</oem-multipath-scan>
</oemconfig>
<bootloader name="grub2_s390x_emu" console="serial" timeout="3" targettype="SCSI"/>
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/s390x-emu" mountpoint="boot/grub2/s390x-emu"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
<size unit="G">5</size>
</type>
</preferences>
<preferences profiles="x86-vmware">
<version>6.0</version>
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -538,7 +711,7 @@
</type>
</preferences>
<preferences profiles="x86-qcow">
<version>6.0</version>
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -549,7 +722,7 @@
format="qcow2"
filesystem="btrfs"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=qemu"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -577,7 +750,7 @@
</preferences>
<preferences profiles="aarch64-qcow">
<version>6.0</version>
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -589,7 +762,7 @@
filesystem="btrfs"
firmware="uefi"
efipartsize="128"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=qemu"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -600,7 +773,7 @@
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<volume name="opt"/>
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
<volume name="boot/writable"/>
@@ -611,6 +784,161 @@
</type>
</preferences>
<preferences profiles="ppc64le-512ss">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
<type
image="oem"
filesystem="btrfs"
firmware="ofw"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/powerpc-ieee1275"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="ppc64le-4096ss">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<!-- TODO: supposedly this is needed as type attribute, but kiwi needs patching
disk_start_sector="256" -->
<!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
<type
image="oem"
target_blocksize="4096"
filesystem="btrfs"
firmware="ofw"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/powerpc-ieee1275"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="ppc64le-512ss-self_install">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
<type
image="oem"
installiso="true"
installpxe="true"
filesystem="btrfs"
firmware="ofw"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=metal"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<installmedia>
<initrd action="omit">
<dracut module="drm"/>
</initrd>
</installmedia>
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/powerpc-ieee1275"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="ppc64le-4096ss-self_install">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<!-- TODO: supposedly this is needed as type attribute, but kiwi needs patching
disk_start_sector="256" -->
<!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
<type
image="oem"
installiso="true"
installpxe="true"
target_blocksize="4096"
filesystem="btrfs"
firmware="ofw"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<installmedia>
<initrd action="omit">
<dracut module="drm"/>
</initrd>
</installmedia>
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/powerpc-ieee1275"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<repository type="rpm-md" >
<source path='obsrepositories:/'/>
</repository>
@@ -629,6 +957,7 @@
<package name="patterns-base-cockpit"/>
<namedCollection name="selinux"/>
<package name="patterns-base-selinux"/>
<package name="policycoreutils-python-utils"/>
<package name="suseconnect-ng"/>
<package name="SL-Micro-release"/>
<package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
@@ -655,10 +984,9 @@
<package name="patterns-base-transactional"/>
<namedCollection name="container_runtime_podman"/>
<package name="patterns-container-runtime_podman"/>
<namedCollection name="cockpit"/>
<package name="patterns-base-cockpit"/>
<namedCollection name="selinux"/>
<package name="patterns-base-selinux"/>
<package name="policycoreutils-python-utils"/>
<package name="suseconnect-ng"/>
<package name="SL-Micro-release"/>
<package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
@@ -720,7 +1048,8 @@
<package name="grub2-x86_64-efi" arch="x86_64"/>
<package name="grub2-arm64-efi" arch="aarch64"/>
<package name="grub2-s390x-emu" arch="s390x"/>
<package name="grub2-branding-SLE" bootinclude="true" arch="x86_64,aarch64"/>
<package name="grub2-powerpc-ieee1275" arch="ppc64le"/>
<package name="grub2-branding-SLE" bootinclude="true" arch="x86_64,aarch64,ppc64le"/>
<package name="grub2-snapper-plugin"/>
<package name="shim" arch="x86_64,aarch64"/>
<package name="mokutil" arch="x86_64,aarch64"/>
@@ -728,46 +1057,46 @@
<package name="kpartx" arch="s390x"/>--> <!-- previous releases picked it always, now kiwi picks partx instead -->
</packages>
<!-- rpi kernel-default-base does not provide all necessary drivers -->
<packages type="image" profiles="x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64-qcow,s390-kvm,s390-dasd,s390-fba">
<packages type="image" profiles="rpi,aarch64-self_install,x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64,aarch64-qcow,s390-kvm,s390-dasd,s390-fba,s390-fcp,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
<package name="kernel-default"/>
<package name="kernel-firmware-all"/>
</packages>
<packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted">
<packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install">
<package name="kernel-rt"/>
<package name="kernel-firmware-all"/>
<package name="kernel-firmware-all"/>
<!-- FIXME intentionally removed from ALP code stream
<package name="cpuset"/> -->
<package name="cpuset"/> -->
</packages>
<!-- makes the image build, but also include kernel-default
<packages type="image" profiles="x86-rt-encrypted">
<package name="kernel-default-extra"/>
</packages> -->
<packages type="image" profiles="s390-kvm,s390-dasd,s390-fba">
<packages type="image" profiles="s390-kvm,s390-dasd,s390-fba,s390-fcp">
<package name="dracut-kiwi-oem-dump"/>
<package name="dracut-kiwi-oem-repart"/>
<package name="blog"/>
</packages>
<packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64-qcow,rpi,aarch64-self_install">
<!-- FCP is usually used multipathed. -->
<packages type="image" profiles="s390-fcp">
<package name="multipath-tools"/>
</packages>
<packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64,aarch64-qcow,rpi,aarch64-self_install,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
<package name="dracut-kiwi-oem-repart"/>
<package name="dracut-kiwi-oem-dump"/>
</packages>
<packages type="image" profiles="rpi,aarch64-self_install">
<packages type="image" profiles="rpi,aarch64-self_install,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install">
<package name="raspberrypi-firmware" arch="aarch64"/>
<package name="raspberrypi-firmware-config" arch="aarch64"/>
<package name="raspberrypi-firmware-dt" arch="aarch64"/>
<package name="u-boot-rpiarm64" arch="aarch64"/>
</packages>
<packages type="image" profiles="rpi,aarch64-self_install,aarch64-rt,aarch64-rt-self_install">
<package name="dracut-kiwi-oem-repart"/>
<package name="bcm43xx-firmware"/>
<package name="kernel-firmware-all"/><!-- Fix choice between kernel-firmware and kernel-firmware-all -->
<package name="wireless-regdb"/>
<package name="wireless-tools"/>
<package name="wpa_supplicant"/>
<package name="grub2-arm64-efi"/>
<!-- kernel-default-base does not have all required drivers -->
<package name="kernel-default"/>
</packages>
<packages type="bootstrap">
<package name="coreutils"/>
<package name="filesystem"/>
<package name="coreutils"/>
<package name="ca-certificates"/>
<package name="ca-certificates-mozilla"/>
</packages>
@@ -781,4 +1110,14 @@
<packages type="image" profiles="x86-qcow,aarch64-qcow">
<package name="qemu-guest-agent"/>
</packages>
<!-- jsc#PED-8599 -->
<packages type="image" profiles="Base,Base-encrypted,Base-RT,Base-RT-encrypted,Base-fba,Base-dasd,Base-fcp,Base-512,Base-4096,Default,Default-encrypted,Default-fba,Default-dasd,Default-fcp,Default-512,Default-4096">
<package name="usbguard"/>
</packages>
<!-- jsc#PED-8788 -->
<packages type="image" profiles="Base-RT,Base-RT-encrypted,x86-rt-encrypted,x86-rt,x86-rt-self_install,aarch64-rt,aarch64-rt-self_install">
<package name="stalld"/>
</packages>
</image>

View File

@@ -1,5 +1,6 @@
<services>
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service name="docker_label_helper" mode="buildtime"/>
<service name="replace_using_env" mode="buildtime">
<param name="file">README</param>
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>

View File

@@ -1,5 +1,5 @@
#!/usr/bin/env bash
# Copyright (c) 2024 SUSE LLC
# Copyright (c) 2025 SUSE LLC
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
@@ -27,19 +27,22 @@ LARGEBLOCK=false
# Print usage
usage(){
cat <<-EOF
==============================
SLE Micro 6.0 Kiwi SDK Builder
==============================
=====================================
SUSE Linux Micro 6.1 Kiwi SDK Builder
=====================================
Usage: ${0} [-p <profile>] [-b]
Profile Options (-p):
* Base: RAW Disk Image with podman
* Base-SelfInstall: SelfInstall ISO with podman
* Default: RAW Disk Image with podman and kvm
* Default-SelfInstall: SelfInstall ISO with podman and kvm
* Base-RT: RAW Disk Image with kernel-rt
* Base-RT-SelfInstall: SelfInstall ISO with kernel-rt
* Default: RAW Disk Image with default packages (incl. Podman & KVM)
* Default-SelfInstall: SelfInstall ISO with default packages
* Default-RPi: RAW Disk Image for Raspberry Pi (aarch64 only with MBR)
* Base: RAW Disk Image with reduced package set (no KVM)
* Base-SelfInstall: SelfInstall ISO with reduced packages
* Base-RT: RAW Disk Image with reduced packages and kernel-rt
* Base-RT-SelfInstall: SelfInstall ISO with reduced packages and kernel-rt
* Base-RT-RPi: RAW Disk image for Raspberry Pi with kernel-rt (aarch64 only with MBR)
* Base-RPi: RAW Disk Image for Raspberry Pi with reduced packages (aarch64 only with MBR)
4096 Blocksize (-b): If specified, use a 4096 blocksize (rather than 512) when generating the image.

View File

@@ -35,14 +35,6 @@ mkdir /var/lib/misc/reconfig_system
#--------------------------------------
echo "Configure image: [$kiwi_iname]-[$kiwi_profiles]..."
#======================================
# This is a workaround - someone,
# somewhere needs to load the xts crypto
# module, otherwise luksOpen will fail while
# creating the image.
#--------------------------------------
modprobe xts || true
#======================================
# add missing fonts
#--------------------------------------
@@ -139,9 +131,6 @@ for i in /usr/lib/rpm/gnupg/keys/gpg-pubkey*asc; do
rpm --import $i || true
done
# Temporary workaround for bsc#1212187
echo "techpreview.ZYPP_MEDIANETWORK=1" >> /etc/zypp/zypp.conf
#======================================
# Enable kubelet if installed
#--------------------------------------
@@ -170,8 +159,18 @@ if [ "${kiwi_btrfs_root_is_snapshot-false}" = 'true' ]; then
sed -i'' 's/^NUMBER_LIMIT_IMPORTANT=.*$/NUMBER_LIMIT_IMPORTANT="4-10"/g' /etc/snapper/configs/root
fi
# Enable jeos-firstboot if installed, disabled by combustion/ignition
if rpm -q --whatprovides jeos-firstboot >/dev/null; then
# Enable multipathd for MP images
if [ "${kiwi_oemmultipath_scan-false}" = 'true' ]; then
systemctl enable multipathd.service
fi
# On those s390 targets the console is not capable of running jeos-firstboot,
# use systemd-firstboot as minimal alternative.
if [[ "$kiwi_profiles" =~ s390-(dasd|fba|fcp) ]]; then
systemctl enable systemd-firstboot
# Enable prompting for the root password
echo 'root:!unprovisioned' | chpasswd -e
elif rpm -q --whatprovides jeos-firstboot >/dev/null; then
mkdir -p /var/lib/YaST2
touch /var/lib/YaST2/reconfig_system
systemctl enable jeos-firstboot.service
@@ -281,7 +280,7 @@ if [[ "$kiwi_profiles" == *"RaspberryPi"* ]]; then
options smsc95xx turbo_mode=N
EOF
cat > /usr/lib/sysctl.d/50-rpi3.conf <<-EOF
cat > /etc/sysctl.d/50-rpi3.conf <<-EOF
# Avoid running out of DMA pages for smsc95xx (bsc#1012449)
vm.min_free_kbytes = 2048
EOF

View File

@@ -0,0 +1,47 @@
#!/bin/bash
set -euxo pipefail
diskname=$1
devname="$2"
loopname="${devname%*p?}"
loopdev=/dev/${loopname#/dev/*}
if [ ! -f $loopdev ]; then loopdev=/dev/${loopdev#/dev/mapper/}; fi
#==========================================
# copy Raspberry Pi firmware to EFI partition
#------------------------------------------
echo "RPi EFI system, installing firmware on ESP"
mkdir -p ./mnt-pi
mount ${loopname}p1 ./mnt-pi
( cd boot/vc; tar c . ) | ( cd ./mnt-pi/; tar x )
umount ./mnt-pi
rmdir ./mnt-pi
#==========================================
# Change partition label type to MBR
#------------------------------------------
#
# The target system doesn't support GPT, so let's move it to
# MBR partition layout instead.
#
# Also make sure to set the ESP partition to type 0xc so that
# broken firmware (Rpi) detects it as FAT.
#
# Use tabs, "<<-" strips tabs, but no other whitespace!
cat > gdisk.tmp <<-'EOF'
x
r
g
t
1
c
w
y
EOF
dd if=$loopdev of=mbrid.bin bs=1 skip=440 count=4
gdisk $loopdev < gdisk.tmp
dd of=$loopdev if=mbrid.bin bs=1 seek=440 count=4
rm -f mbrid.bin
rm -f gdisk.tmp

View File

@@ -1,9 +1,9 @@
#!BuildTag: %%IMG_PREFIX%%kubevirt-chart:%%CHART_MAJOR%%.0.0_up0.4.0-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%kubevirt-chart:%%CHART_MAJOR%%.0.0_up0.4.0
#!BuildTag: %%CHART_PREFIX%%kubevirt:%%CHART_MAJOR%%.0.0_up0.5.0-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%kubevirt:%%CHART_MAJOR%%.0.0_up0.5.0
apiVersion: v2
appVersion: 1.3.1
appVersion: 1.4.0
description: A Helm chart for KubeVirt
icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/kubevirt/icon/color/kubevirt-icon-color.svg
name: kubevirt
type: application
version: "%%CHART_MAJOR%%.0.0+up0.4.0"
version: "%%CHART_MAJOR%%.0.0+up0.5.0"

View File

@@ -2,8 +2,8 @@
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service name="replace_using_env" mode="buildtime">
<param name="file">Chart.yaml</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix})</param>
<param name="var">CHART_PREFIX</param>
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
<param name="var">CHART_MAJOR</param>
</service>

View File

@@ -231,6 +231,17 @@ spec:
type: object
type: object
x-kubernetes-map-type: atomic
commonInstancetypesDeployment:
description: CommonInstancetypesDeployment controls the deployment
of common-instancetypes resources
nullable: true
properties:
enabled:
description: Enabled controls the deployment of common-instancetypes
resources, defaults to True.
nullable: true
type: boolean
type: object
controllerConfiguration:
description: |-
ReloadableComponentConfiguration holds all generic k8s configuration options which can
@@ -412,6 +423,23 @@ spec:
description: PullPolicy describes a policy for if/when to pull
a container image
type: string
instancetype:
description: Instancetype configuration
nullable: true
properties:
referencePolicy:
description: |-
ReferencePolicy defines how an instance type or preference should be referenced by the VM after submission, supported values are:
reference (default) - Where a copy of the original object is stashed in a ControllerRevision and referenced by the VM.
expand - Where the instance type or preference are expanded into the VM if no revisionNames have been populated.
expandAll - Where the instance type or preference are expanded into the VM regardless of revisionNames previously being populated.
enum:
- reference
- expand
- expandAll
nullable: true
type: string
type: object
ksmConfiguration:
description: KSMConfiguration holds the information regarding
the enabling the KSM in the nodes (if available).
@@ -470,8 +498,9 @@ spec:
features
properties:
maxCpuSockets:
description: MaxCpuSockets holds the maximum amount of sockets
that can be hotplugged
description: |-
MaxCpuSockets provides a MaxSockets value for VMs that do not provide their own.
For VMs with more sockets than maximum the MaxSockets will be set to equal number of sockets.
format: int32
type: integer
maxGuest:
@@ -577,7 +606,7 @@ spec:
description: |-
CompletionTimeoutPerGiB is the maximum number of seconds per GiB a migration is allowed to take.
If a live-migration takes longer to migrate than this value multiplied by the size of the VMI,
the migration will be cancelled, unless AllowPostCopy is true. Defaults to 800
the migration will be cancelled, unless AllowPostCopy is true. Defaults to 150
format: int64
type: integer
disableTLS:
@@ -640,34 +669,6 @@ spec:
ComputeResourceOverhead specifies the resource overhead that should be added to the compute container when using the binding.
version: v1alphav1
properties:
claims:
description: |-
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
This field is immutable. It can only be set for containers.
items:
description: ResourceClaim references one entry
in PodSpec.ResourceClaims.
properties:
name:
description: |-
Name must match the name of one entry in pod.spec.resourceClaims of
the Pod where this field is used. It makes that resource available
inside a container.
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits:
additionalProperties:
anyOf:
@@ -696,7 +697,7 @@ spec:
domainAttachmentType:
description: |-
DomainAttachmentType is a standard domain network attachment method kubevirt supports.
Supported values: "tap".
Supported values: "tap", "managedTap" (since v1.4).
The standard domain attachment can be used instead or in addition to the sidecarImage.
version: 1alphav1
type: string
@@ -874,37 +875,10 @@ spec:
usually idle and don't require a lot of memory or cpu.
properties:
resources:
description: ResourceRequirements describes the compute
resource requirements.
description: |-
ResourceRequirementsWithoutClaims describes the compute resource requirements.
This struct was taken from the k8s.ResourceRequirements and cleaned up the 'Claims' field.
properties:
claims:
description: |-
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
This field is immutable. It can only be set for containers.
items:
description: ResourceClaim references one entry in
PodSpec.ResourceClaims.
properties:
name:
description: |-
Name must match the name of one entry in pod.spec.resourceClaims of
the Pod where this field is used. It makes that resource available
inside a container.
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits:
additionalProperties:
anyOf:
@@ -958,10 +932,8 @@ spec:
MinTLSVersion is a way to specify the minimum protocol version that is acceptable for TLS connections.
Protocol versions are based on the following most common TLS configurations:
https://ssl-config.mozilla.org/
Note that SSLv3.0 is not a supported protocol version due to well known
vulnerabilities such as POODLE: https://en.wikipedia.org/wiki/POODLE
enum:
@@ -1091,10 +1063,13 @@ spec:
referenced object inside the same namespace.
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
type: object
x-kubernetes-map-type: atomic
@@ -1411,7 +1386,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -1426,7 +1401,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -1594,7 +1569,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -1609,7 +1584,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -1775,7 +1750,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -1790,7 +1765,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -1958,7 +1933,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -1973,7 +1948,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -2164,7 +2139,6 @@ spec:
BatchEvictionInterval Represents the interval to wait before issuing the next
batch of shutdowns
Defaults to 1 minute
type: string
batchEvictionSize:
@@ -2172,7 +2146,6 @@ spec:
BatchEvictionSize Represents the number of VMIs that can be forced updated per
the BatchShutdownInteral interval
Defaults to 10
type: integer
workloadUpdateMethods:
@@ -2183,7 +2156,6 @@ spec:
precedence over more disruptive methods. For example if both LiveMigrate and Shutdown
methods are listed, only VMs which are not live migratable will be restarted/shutdown
An empty list defaults to no automated workload updating
items:
type: string
@@ -2491,7 +2463,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -2506,7 +2478,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -2674,7 +2646,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -2689,7 +2661,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -2855,7 +2827,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -2870,7 +2842,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -3038,7 +3010,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -3053,7 +3025,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -3516,6 +3488,17 @@ spec:
type: object
type: object
x-kubernetes-map-type: atomic
commonInstancetypesDeployment:
description: CommonInstancetypesDeployment controls the deployment
of common-instancetypes resources
nullable: true
properties:
enabled:
description: Enabled controls the deployment of common-instancetypes
resources, defaults to True.
nullable: true
type: boolean
type: object
controllerConfiguration:
description: |-
ReloadableComponentConfiguration holds all generic k8s configuration options which can
@@ -3697,6 +3680,23 @@ spec:
description: PullPolicy describes a policy for if/when to pull
a container image
type: string
instancetype:
description: Instancetype configuration
nullable: true
properties:
referencePolicy:
description: |-
ReferencePolicy defines how an instance type or preference should be referenced by the VM after submission, supported values are:
reference (default) - Where a copy of the original object is stashed in a ControllerRevision and referenced by the VM.
expand - Where the instance type or preference are expanded into the VM if no revisionNames have been populated.
expandAll - Where the instance type or preference are expanded into the VM regardless of revisionNames previously being populated.
enum:
- reference
- expand
- expandAll
nullable: true
type: string
type: object
ksmConfiguration:
description: KSMConfiguration holds the information regarding
the enabling the KSM in the nodes (if available).
@@ -3755,8 +3755,9 @@ spec:
features
properties:
maxCpuSockets:
description: MaxCpuSockets holds the maximum amount of sockets
that can be hotplugged
description: |-
MaxCpuSockets provides a MaxSockets value for VMs that do not provide their own.
For VMs with more sockets than maximum the MaxSockets will be set to equal number of sockets.
format: int32
type: integer
maxGuest:
@@ -3862,7 +3863,7 @@ spec:
description: |-
CompletionTimeoutPerGiB is the maximum number of seconds per GiB a migration is allowed to take.
If a live-migration takes longer to migrate than this value multiplied by the size of the VMI,
the migration will be cancelled, unless AllowPostCopy is true. Defaults to 800
the migration will be cancelled, unless AllowPostCopy is true. Defaults to 150
format: int64
type: integer
disableTLS:
@@ -3925,34 +3926,6 @@ spec:
ComputeResourceOverhead specifies the resource overhead that should be added to the compute container when using the binding.
version: v1alphav1
properties:
claims:
description: |-
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
This field is immutable. It can only be set for containers.
items:
description: ResourceClaim references one entry
in PodSpec.ResourceClaims.
properties:
name:
description: |-
Name must match the name of one entry in pod.spec.resourceClaims of
the Pod where this field is used. It makes that resource available
inside a container.
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits:
additionalProperties:
anyOf:
@@ -3981,7 +3954,7 @@ spec:
domainAttachmentType:
description: |-
DomainAttachmentType is a standard domain network attachment method kubevirt supports.
Supported values: "tap".
Supported values: "tap", "managedTap" (since v1.4).
The standard domain attachment can be used instead or in addition to the sidecarImage.
version: 1alphav1
type: string
@@ -4159,37 +4132,10 @@ spec:
usually idle and don't require a lot of memory or cpu.
properties:
resources:
description: ResourceRequirements describes the compute
resource requirements.
description: |-
ResourceRequirementsWithoutClaims describes the compute resource requirements.
This struct was taken from the k8s.ResourceRequirements and cleaned up the 'Claims' field.
properties:
claims:
description: |-
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
This field is immutable. It can only be set for containers.
items:
description: ResourceClaim references one entry in
PodSpec.ResourceClaims.
properties:
name:
description: |-
Name must match the name of one entry in pod.spec.resourceClaims of
the Pod where this field is used. It makes that resource available
inside a container.
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits:
additionalProperties:
anyOf:
@@ -4243,10 +4189,8 @@ spec:
MinTLSVersion is a way to specify the minimum protocol version that is acceptable for TLS connections.
Protocol versions are based on the following most common TLS configurations:
https://ssl-config.mozilla.org/
Note that SSLv3.0 is not a supported protocol version due to well known
vulnerabilities such as POODLE: https://en.wikipedia.org/wiki/POODLE
enum:
@@ -4376,10 +4320,13 @@ spec:
referenced object inside the same namespace.
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
type: object
x-kubernetes-map-type: atomic
@@ -4696,7 +4643,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -4711,7 +4658,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -4879,7 +4826,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -4894,7 +4841,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -5060,7 +5007,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -5075,7 +5022,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -5243,7 +5190,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -5258,7 +5205,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -5449,7 +5396,6 @@ spec:
BatchEvictionInterval Represents the interval to wait before issuing the next
batch of shutdowns
Defaults to 1 minute
type: string
batchEvictionSize:
@@ -5457,7 +5403,6 @@ spec:
BatchEvictionSize Represents the number of VMIs that can be forced updated per
the BatchShutdownInteral interval
Defaults to 10
type: integer
workloadUpdateMethods:
@@ -5468,7 +5413,6 @@ spec:
precedence over more disruptive methods. For example if both LiveMigrate and Shutdown
methods are listed, only VMs which are not live migratable will be restarted/shutdown
An empty list defaults to no automated workload updating
items:
type: string
@@ -5776,7 +5720,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -5791,7 +5735,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -5959,7 +5903,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -5974,7 +5918,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -6140,7 +6084,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -6155,7 +6099,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -6323,7 +6267,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -6338,7 +6282,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array

View File

@@ -606,15 +606,35 @@ rules:
- apiGroups:
- snapshot.kubevirt.io
resources:
- '*'
- virtualmachinesnapshots
- virtualmachinesnapshots/status
- virtualmachinesnapshotcontents
- virtualmachinesnapshotcontents/status
- virtualmachinesnapshotcontents/finalizers
- virtualmachinerestores
- virtualmachinerestores/status
verbs:
- '*'
- get
- list
- watch
- create
- update
- delete
- patch
- apiGroups:
- export.kubevirt.io
resources:
- '*'
- virtualmachineexports
- virtualmachineexports/status
- virtualmachineexports/finalizers
verbs:
- '*'
- get
- list
- watch
- create
- update
- delete
- patch
- apiGroups:
- pool.kubevirt.io
resources:
@@ -636,6 +656,12 @@ rules:
- '*'
verbs:
- '*'
- apiGroups:
- kubevirt.io
resources:
- virtualmachines/finalizers
verbs:
- update
- apiGroups:
- subresources.kubevirt.io
resources:
@@ -844,6 +870,7 @@ rules:
- virtualmachineinstances/userlist
- virtualmachineinstances/sev/fetchcertchain
- virtualmachineinstances/sev/querylaunchmeasurement
- virtualmachineinstances/usbredir
verbs:
- get
- apiGroups:
@@ -992,6 +1019,7 @@ rules:
- virtualmachineinstances/userlist
- virtualmachineinstances/sev/fetchcertchain
- virtualmachineinstances/sev/querylaunchmeasurement
- virtualmachineinstances/usbredir
verbs:
- get
- apiGroups:
@@ -1264,7 +1292,7 @@ metadata:
name: virt-operator
namespace: {{ .Release.Namespace }}
spec:
replicas: 2
replicas: {{ .Values.operator.replicas }}
selector:
matchLabels:
kubevirt.io: virt-operator
@@ -1279,17 +1307,7 @@ spec:
name: virt-operator
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: kubevirt.io
operator: In
values:
- virt-operator
topologyKey: kubernetes.io/hostname
weight: 1
{{- .Values.operator.affinity | toYaml | nindent 8 }}
containers:
- args:
- --port
@@ -1325,9 +1343,7 @@ spec:
initialDelaySeconds: 5
timeoutSeconds: 10
resources:
requests:
cpu: 10m
memory: 450Mi
{{- .Values.operator.resources | toYaml | nindent 12 }}
securityContext:
allowPrivilegeEscalation: false
capabilities:

View File

@@ -20,6 +20,10 @@ spec:
{{- if .Values.kubevirt.uninstallStrategy }}
uninstallStrategy: {{ .Values.kubevirt.uninstallStrategy }}
{{- end }}
{{- with .Values.kubevirt.workloads }}
workloads:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.kubevirt.workloadUpdateStrategy }}
workloadUpdateStrategy:
{{- toYaml . | nindent 4 }}

View File

@@ -1,7 +1,24 @@
operator:
image: registry.suse.com/suse/sles/15.6/virt-operator
version: 1.3.1-150600.5.9.1
version: 1.4.0-150600.5.15.1
replicas: 2
pullPolicy: IfNotPresent
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: kubevirt.io
operator: In
values:
- virt-operator
topologyKey: kubernetes.io/hostname
weight: 1
resources:
requests:
cpu: 10m
memory: 450Mi
kubevirt:
# Holds kubevirt configurations. Same as the virt-configMap.
@@ -14,6 +31,8 @@ kubevirt:
# Specifies if KubeVirt can be deleted if workloads are still present.
# This is mainly a precaution to avoid accidental data loss.
uninstallStrategy: ""
# Selectors and tolerations that should apply to KubeVirt workloads.
workloads: {}
# WorkloadUpdateStrategy defines at the cluster level how to handle automated workload updates.
workloadUpdateStrategy: {}
# Optionally enable ServiceMonitor for prometheus, see
@@ -21,7 +40,7 @@ kubevirt:
monitorAccount: ""
monitorNamespace: ""
hookImage: rancher/kubectl:v1.30.2
hookImage: registry.rancher.com/rancher/kubectl:v1.30.10
hookRestartPolicy: OnFailure
hookSecurityContext:
seccompProfile:

View File

@@ -1,22 +1,22 @@
#!BuildTag: %%IMG_PREFIX%%kubevirt-dashboard-extension-chart:%%CHART_MAJOR%%.0.0
#!BuildTag: %%IMG_PREFIX%%kubevirt-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.1
#!BuildTag: %%IMG_PREFIX%%kubevirt-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.1-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%kubevirt-dashboard-extension:%%CHART_MAJOR%%.0.1
#!BuildTag: %%CHART_PREFIX%%kubevirt-dashboard-extension:%%CHART_MAJOR%%.0.1_up1.3.1
#!BuildTag: %%CHART_PREFIX%%kubevirt-dashboard-extension:%%CHART_MAJOR%%.0.1_up1.3.1-%RELEASE%
annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/display-name: KubeVirt
catalog.cattle.io/kube-version: '>= v1.26.0-0'
catalog.cattle.io/namespace: cattle-ui-plugin-system
catalog.cattle.io/os: linux
catalog.cattle.io/permits-os: linux, windows
catalog.cattle.io/rancher-version: '>= 2.10.0-0'
catalog.cattle.io/scope: management
catalog.cattle.io/ui-component: plugins
catalog.cattle.io/ui-extensions-version: ">= 3.0.0 < 4.0.0"
catalog.cattle.io/display-name: KubeVirt
catalog.cattle.io/rancher-version: '>= 2.11.0-0'
catalog.cattle.io/ui-extensions-version: '>= 3.0.4 < 4.0.0'
catalog.cattle.io/kube-version: '>= v1.26.0-0'
apiVersion: v2
appVersion: 302.0.0+up1.2.1
appVersion: 303.0.1+up1.3.1
description: 'SUSE Edge: KubeVirt extension for Rancher Dashboard'
name: kubevirt-dashboard-extension
type: application
version: "%%CHART_MAJOR%%.0.0+up1.2.1"
version: "%%CHART_MAJOR%%.0.1+up1.3.1"
icon: >-
https://raw.githubusercontent.com/cncf/artwork/master/projects/kubevirt/icon/color/kubevirt-icon-color.svg

View File

@@ -9,8 +9,8 @@
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Chart.yaml</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix})</param>
<param name="var">CHART_PREFIX</param>
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
<param name="var">CHART_MAJOR</param>
</service>

View File

@@ -8,7 +8,7 @@ spec:
plugin:
name: {{ include "extension-server.fullname" . }}
version: {{ (semver (default .Chart.AppVersion .Values.plugin.versionOverride)).Original }}
endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/kubevirt-dashboard-extension/302.0.0+up1.2.1
endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/kubevirt-dashboard-extension/303.0.1+up1.3.1
noCache: {{ .Values.plugin.noCache }}
noAuth: {{ .Values.plugin.noAuth }}
metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }}

View File

@@ -7,6 +7,6 @@ plugin:
noAuth: false
metadata:
catalog.cattle.io/display-name: KubeVirt
catalog.cattle.io/rancher-version: ">= 2.10.0-0"
catalog.cattle.io/ui-extensions-version: ">= 3.0.0 < 4.0.0"
catalog.cattle.io/rancher-version: ">= 2.11.0-0"
catalog.cattle.io/ui-extensions-version: ">= 3.0.4 < 4.0.0"
catalog.cattle.io/kube-version: ">= v1.26.0-0"

View File

@@ -1,16 +1,16 @@
#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.1_up0.9.4
#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.1_up0.9.4-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.2_up0.11.0
#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.2_up0.11.0-%RELEASE%
apiVersion: v2
appVersion: 0.9.4
appVersion: 0.11.0
dependencies:
- alias: metal3-baremetal-operator
name: baremetal-operator
repository: file://./charts/baremetal-operator
version: 0.6.1
version: 0.9.1
- alias: metal3-ironic
name: ironic
repository: file://./charts/ironic
version: 0.9.3
version: 0.10.0
- alias: metal3-mariadb
condition: global.enable_mariadb
name: mariadb
@@ -25,4 +25,4 @@ description: A Helm chart that installs all of the dependencies needed for Metal
icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg
name: metal3
type: application
version: "%%CHART_MAJOR%%.0.1+up0.9.4"
version: "%%CHART_MAJOR%%.0.2+up0.11.0"

View File

@@ -9,8 +9,8 @@
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Chart.yaml</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix})</param>
<param name="var">CHART_PREFIX</param>
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
<param name="var">CHART_MAJOR</param>
</service>

View File

@@ -1,6 +1,6 @@
apiVersion: v2
appVersion: 0.8.0
appVersion: 0.9.1
description: A Helm chart for baremetal-operator, used by Metal3
name: baremetal-operator
type: application
version: 0.6.1
version: 0.9.1

View File

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.1
controller-gen.kubebuilder.io/version: v0.16.5
labels:
clusterctl.cluster.x-k8s.io: ""
name: bmceventsubscriptions.metal3.io
@@ -34,14 +34,19 @@ spec:
description: BMCEventSubscription is the Schema for the fast eventing API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@@ -57,8 +62,9 @@ spec:
description: A reference to a BareMetalHost
type: string
httpHeadersRef:
description: A secret containing HTTP headers which should be passed
along to the Destination when making a request
description: |-
A secret containing HTTP headers which should be passed along to the Destination
when making a request
properties:
name:
description: name is unique within a namespace to reference a

View File

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.1
controller-gen.kubebuilder.io/version: v0.16.5
name: dataimages.metal3.io
spec:
group: metal3.io
@@ -20,14 +20,19 @@ spec:
description: DataImage is the Schema for the dataimages API.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@@ -35,7 +40,8 @@ spec:
description: DataImageSpec defines the desired state of DataImage.
properties:
url:
description: Url is the address of the dataImage that we want to attach
description: |-
Url is the address of the dataImage that we want to attach
to a BareMetalHost
type: string
required:

View File

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.1
controller-gen.kubebuilder.io/version: v0.16.5
labels:
clusterctl.cluster.x-k8s.io: ""
name: firmwareschemas.metal3.io
@@ -22,14 +22,19 @@ spec:
description: FirmwareSchema is the Schema for the firmwareschemas API.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@@ -73,8 +78,9 @@ spec:
description: Whether or not this setting is read only.
type: boolean
unique:
description: Whether or not this setting's value is unique to
this node, e.g. a serial number.
description: |-
Whether or not this setting's value is unique to this node, e.g.
a serial number.
type: boolean
upper_bound:
description: The highest value for an Integer type setting.

View File

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.1
controller-gen.kubebuilder.io/version: v0.16.5
labels:
clusterctl.cluster.x-k8s.io: ""
name: hardwaredata.metal3.io
@@ -29,14 +29,19 @@ spec:
description: HardwareData is the Schema for the hardwaredata API.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@@ -47,7 +52,7 @@ spec:
description: The hardware discovered on the host during its inspection.
properties:
cpu:
description: CPU describes one processor on the host.
description: Details of the CPU(s) in the system.
properties:
arch:
type: string
@@ -65,7 +70,7 @@ spec:
type: string
type: object
firmware:
description: Firmware describes the firmware on the host.
description: System firmware information.
properties:
bios:
description: The BIOS for this firmware
@@ -84,14 +89,15 @@ spec:
hostname:
type: string
nics:
description: List of network interfaces for the host.
items:
description: NIC describes one network interface on the host.
properties:
ip:
description: The IP address of the interface. This will
be an IPv4 or IPv6 address if one is present. If both
IPv4 and IPv6 addresses are present in a dual-stack environment,
two nics will be output, one with each IP.
description: |-
The IP address of the interface. This will be an IPv4 or IPv6 address
if one is present. If both IPv4 and IPv6 addresses are present in a
dual-stack environment, two nics will be output, one with each IP.
type: string
mac:
description: The device MAC address
@@ -134,16 +140,20 @@ spec:
type: object
type: array
ramMebibytes:
description: The host's amount of memory in Mebibytes.
type: integer
storage:
description: List of storage (disk, SSD, etc.) available to the
host.
items:
description: Storage describes one storage device (disk, SSD,
etc.) on the host.
properties:
alternateNames:
description: A list of alternate Linux device names of the
disk, e.g. "/dev/sda". Note that this list is not exhaustive,
and names may not be stable across reboots.
description: |-
A list of alternate Linux device names of the disk, e.g. "/dev/sda".
Note that this list is not exhaustive, and names may not be stable
across reboots.
items:
type: string
type: array
@@ -154,15 +164,17 @@ spec:
description: Hardware model
type: string
name:
description: A Linux device name of the disk, e.g. "/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0".
This will be a name that is stable across reboots if one
is available.
description: |-
A Linux device name of the disk, e.g.
"/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0". This will be a name
that is stable across reboots if one is available.
type: string
rotational:
description: Whether this disk represents rotational storage.
This field is not recommended for usage, please prefer
using 'Type' field instead, this field will be deprecated
eventually.
description: |-
Whether this disk represents rotational storage.
This field is not recommended for usage, please
prefer using 'Type' field instead, this field
will be deprecated eventually.
type: boolean
serialNumber:
description: The serial number of the device
@@ -193,8 +205,7 @@ spec:
type: object
type: array
systemVendor:
description: HardwareSystemVendor stores details about the whole
hardware system.
description: System vendor information.
properties:
manufacturer:
type: string

View File

@@ -3,7 +3,9 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.1
controller-gen.kubebuilder.io/version: v0.16.5
labels:
clusterctl.cluster.x-k8s.io: ""
name: hostfirmwarecomponents.metal3.io
spec:
group: metal3.io
@@ -21,14 +23,19 @@ spec:
API.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@@ -82,43 +89,35 @@ spec:
description: Track whether updates stored in the spec are valid based
on the schema
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
// +listType=map // +listMapKey=type Conditions []metav1.Condition
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
@@ -133,10 +132,6 @@ spec:
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -156,8 +151,9 @@ spec:
format: date-time
type: string
updates:
description: Updates is the list of all firmware components that should
be updated they are specified via name and url fields.
description: |-
Updates is the list of all firmware components that should be updated
they are specified via name and url fields.
items:
description: FirmwareUpdate defines a firmware update specification.
properties:

View File

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.1
controller-gen.kubebuilder.io/version: v0.16.5
labels:
clusterctl.cluster.x-k8s.io: ""
name: hostfirmwaresettings.metal3.io
@@ -25,14 +25,19 @@ spec:
API.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@@ -59,43 +64,35 @@ spec:
description: Track whether settings stored in the spec are valid based
on the schema
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
// +listType=map // +listMapKey=type Conditions []metav1.Condition
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
@@ -110,10 +107,6 @@ spec:
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -133,8 +126,9 @@ spec:
format: date-time
type: string
schema:
description: FirmwareSchema is a reference to the Schema used to describe
each FirmwareSetting. By default, this will be a Schema in the same
description: |-
FirmwareSchema is a reference to the Schema used to describe each
FirmwareSetting. By default, this will be a Schema in the same
Namespace as the settings but it can be overwritten in the Spec
properties:
name:

View File

@@ -0,0 +1,62 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
labels:
clusterctl.cluster.x-k8s.io: ""
name: hostupdatepolicies.metal3.io
spec:
group: metal3.io
names:
kind: HostUpdatePolicy
listKind: HostUpdatePolicyList
plural: hostupdatepolicies
singular: hostupdatepolicy
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: HostUpdatePolicy is the Schema for the hostupdatepolicy API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: HostUpdatePolicySpec defines the desired state of HostUpdatePolicy.
properties:
firmwareSettings:
description: Defines policy for changing firmware settings
enum:
- onPreparing
- onReboot
type: string
firmwareUpdates:
description: Defines policy for updating firmware
enum:
- onPreparing
- onReboot
type: string
type: object
status:
description: HostUpdatePolicyStatus defines the observed state of HostUpdatePolicy.
type: object
type: object
served: true
storage: true

View File

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.1
controller-gen.kubebuilder.io/version: v0.16.5
labels:
clusterctl.cluster.x-k8s.io: ""
name: preprovisioningimages.metal3.io
@@ -34,14 +34,19 @@ spec:
API.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@@ -62,8 +67,9 @@ spec:
to build the image.
type: string
networkDataName:
description: networkDataName is the name of a Secret in the local
namespace that contains network data to build in to the image.
description: |-
networkDataName is the name of a Secret in the local namespace that
contains network data to build in to the image.
type: string
type: object
status:
@@ -77,43 +83,35 @@ spec:
conditions:
description: conditions describe the state of the built image
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
// +listType=map // +listMapKey=type Conditions []metav1.Condition
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
@@ -128,10 +126,6 @@ spec:
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -147,13 +141,14 @@ spec:
- type
x-kubernetes-list-type: map
extraKernelParams:
description: extraKernelParams is a string with extra parameters to
pass to the kernel when booting the image over network. Only makes
sense for initrd images.
description: |-
extraKernelParams is a string with extra parameters to pass to the
kernel when booting the image over network. Only makes sense for initrd images.
type: string
format:
description: 'format is the type of image that is available at the
download url: either iso or initrd.'
description: |-
format is the type of image that is available at the download url:
either iso or initrd.
enum:
- iso
- initrd
@@ -163,12 +158,14 @@ spec:
downloaded.
type: string
kernelUrl:
description: kernelUrl is the URL from which the kernel of the image
can be downloaded. Only makes sense for initrd images.
description: |-
kernelUrl is the URL from which the kernel of the image can be downloaded.
Only makes sense for initrd images.
type: string
networkData:
description: networkData is a reference to the version of the Secret
containing the network data used to build the image.
description: |-
networkData is a reference to the version of the Secret containing the
network data used to build the image.
properties:
name:
type: string

View File

@@ -184,3 +184,23 @@ rules:
- get
- patch
- update
- apiGroups:
- metal3.io
resources:
- hostupdatepolicies
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- metal3.io
resources:
- hostupdatepolicies/status
verbs:
- get
- patch
- update

View File

@@ -5,6 +5,7 @@
{{- $ironicApiHost := print $ironicIP ":6385" }}
{{- $ironicBootHost := print $ironicIP ":6180" }}
{{- $ironicCacheHost := print $ironicIP ":6180" }}
{{- $deployArch := .Values.global.deployArchitecture }}
apiVersion: v1
data:
@@ -19,8 +20,9 @@ data:
{{- $protocol = "http" }}
{{- end }}
CACHEURL: "{{ $protocol }}://{{ $ironicCacheHost }}/images"
DEPLOY_KERNEL_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent.kernel"
DEPLOY_RAMDISK_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent.initramfs"
DEPLOY_KERNEL_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.kernel"
DEPLOY_RAMDISK_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.initramfs"
DEPLOY_ARCHITECTURE: "{{ $deployArch }}"
kind: ConfigMap
metadata:
name: baremetal-operator-ironic

View File

@@ -24,8 +24,8 @@ spec:
spec:
containers:
- args:
- --metrics-addr=127.0.0.1:8085
- --enable-leader-election
- --tls-min-version=TLS13
env:
- name: POD_NAME
valueFrom:
@@ -56,6 +56,9 @@ spec:
- containerPort: 9443
name: webhook-server
protocol: TCP
- containerPort: 8443
protocol: TCP
name: https
readinessProbe:
failureThreshold: 10
httpGet:
@@ -84,19 +87,6 @@ spec:
mountPath: "/opt/metal3/certs/ca"
readOnly: true
{{- end }}
- args:
- --secure-listen-address=0.0.0.0:8443
- --upstream=http://127.0.0.1:8085/
- --logtostderr=true
- --v=10
image: "{{ .Values.images.rbacProxy.repository }}:{{ .Values.images.rbacProxy.tag }}"
imagePullPolicy: {{ .Values.images.rbacProxy.pullPolicy }}
securityContext:
{{- toYaml .Values.securityContext | nindent 10 }}
name: kube-rbac-proxy
ports:
- containerPort: 8443
name: https
serviceAccountName: {{ include "baremetal-operator.serviceAccountName" . }}
terminationGracePeriodSeconds: 10
volumes:

View File

@@ -1,7 +1,7 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "baremetal-operator.fullname" . }}-proxy-role
name: {{ include "baremetal-operator.fullname" . }}-metrics-auth-role
labels:
{{- include "baremetal-operator.labels" . | nindent 4 }}
rules:

View File

@@ -1,13 +1,13 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "baremetal-operator.fullname" . }}-proxy-rolebinding
name: {{ include "baremetal-operator.fullname" . }}-metrics-auth-rolebinding
labels:
{{- include "baremetal-operator.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "baremetal-operator.fullname" . }}-proxy-role
name: {{ include "baremetal-operator.fullname" . }}-metrics-auth-role
subjects:
- kind: ServiceAccount
name: {{ include "baremetal-operator.serviceAccountName" . }}

View File

@@ -6,6 +6,6 @@ metadata:
{{- include "baremetal-operator.labels" . | nindent 4 }}
rules:
- nonResourceURLs:
- /metrics
- "/metrics"
verbs:
- get

Some files were not shown because too many files have changed in this diff Show More