mchiappero/Factory
SHA256
1
0
Fork 0
forked from suse-edge/Factory
Code Pull Requests Activity

Compare commits

base: mchiappero:chart-ironic_v29.0.0
Branches Tags
mchiappero:main mchiappero:metal3-external-v6 mchiappero:dual-stack-upstream mchiappero:alignment-v29.0.0 mchiappero:chart-ironic_v29.0.0 mchiappero:alignment-v30.0.0 suse-edge:main suse-edge:3.3 suse-edge:3.2 suse-edge:devel
..
compare: mchiappero:alignment-v29.0.0
Branches Tags
mchiappero:metal3-external-v6 mchiappero:main mchiappero:dual-stack-upstream mchiappero:alignment-v29.0.0 mchiappero:chart-ironic_v29.0.0 mchiappero:alignment-v30.0.0 suse-edge:main suse-edge:3.3 suse-edge:3.2 suse-edge:devel

18 Commits
chart-iron ... alignment-

Author SHA256 Message Date
Marco Chiappero
62f9faf144 Align configure-nonroot.sh 
Try to reuse as much as possible of the upstream configure-nonroot.sh

Co-authored-by: Nicolas Belouin <nicolas.belouin@suse.com>
Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
 2025-07-28 10:36:37 +00:00
Marco Chiappero
8164b5f125 Adopt the new readiness/liveness probes 
Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
 2025-07-28 10:36:37 +00:00
Marco Chiappero
5f6e0185f5 Make the new scripts executable 
v29.0.0 add a couple of new scripts, such as ironic-probe.sh; make sure
they have the 'executable' flag.

Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
 2025-07-28 10:36:37 +00:00
Marco Chiappero
57dca6f0a4 Remove unused prometheus exporter 
The Prometheus exporter is effectively, not only unused, but
unusable, due to missing dependencies. Since currently we
don't have use case for it, opt for dropping the exporter
entirely from the image.

Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
 2025-07-28 10:36:37 +00:00
Marco Chiappero
54bf2edf7b Force the use of Python 3.11 
SLE 15.6 provides Python 3.11, make sure it's enforced.

Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
 2025-07-28 10:36:37 +00:00
Marco Chiappero
9c60855914 Update the destination path of Jinjia templates 
Previously .j2 files used to be copied to /etc before being
instantiated. In order to make the image potentially read only,
move the templates to /tmp.

Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
 2025-07-28 10:36:37 +00:00
Marco Chiappero
bc1d924cc6 Disable the network schema check to allow for nmstate definitions 
Bypass the OpenStack network-data format validation, to allow for the
nmstate based one we instead use (which would otherwise fail).

Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
 2025-07-28 10:36:37 +00:00
Marco Chiappero
2f4f94238f Do not force ipa-insecure=1, use env variable instead 
Allow the use of https, force it to 1 via the IPA_INSECURE environment
variable only TLS is disabled.

Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
 2025-07-28 10:36:36 +00:00
Marco Chiappero
dae0b33326 Use arch specific ESP img 
Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
 2025-07-28 09:26:00 +00:00
Marco Chiappero
4e4231b39e Use arch specific file for IPA 
Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
 2025-07-28 09:26:00 +00:00
Marco Chiappero
c9f13a514a Use arch named IPA file in IMAGE_CACHE_PREFIX 
Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
 2025-07-28 09:26:00 +00:00
Marco Chiappero
f8f730087f Change GRUB path in ironic.conf 
Correct path for grub.cfg on a SUSE system.

Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
 2025-07-28 09:26:00 +00:00
Marco Chiappero
7c0423ee04 Use ironic-suse user/group in Apache for API 
Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
 2025-07-28 09:26:00 +00:00
Marco Chiappero
0358093370 Use ironic-suse user/group in Apache for media 
Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
 2025-07-28 09:26:00 +00:00
Marco Chiappero
a69e54a6df Use correct paths and modules for Apache 
Correct the path of the Apache modules for a SUSE image.

Also keep a couple of modules disabled.

Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
 2025-07-28 09:26:00 +00:00
Marco Chiappero
65201fd575 Align to v29.0.0 
Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
 2025-07-28 09:26:00 +00:00
Alberto Morgante Medina
ed4448d7a6 Merge pull request 'add release images file to the release container' (#212) from amorgante/Factory:add-release-images into main 
Reviewed-on: suse-edge/Factory#212
Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>
 2025-07-24 16:32:52 +02:00
Alberto Morgante Medina
f9df52a457 add release images file to the release container 2025-07-24 09:32:28 +02:00
9 changed files with 80 additions and 8 deletions
Expand all files Collapse all files

3
ironic-image/Dockerfile
View File

@@ -71,6 +71,9 @@ COPY scripts/ /bin/
COPY configure-nonroot.sh /bin/
RUN set -euo pipefail; chmod +x /bin/configure-ironic.sh /bin/ironic-probe.sh /bin/rundatabase-upgrade /bin/rundnsmasq /bin/runhttpd /bin/runironic /bin/runlogwatch.sh /bin/runonline-data-migrations /bin/configure-nonroot.sh
RUN mv /bin/ironic-probe.sh /bin/ironic-readiness
RUN cp /bin/ironic-readiness /bin/ironic-liveness
COPY ironic-config/inspector.ipxe.j2 ironic-config/httpd-ironic-api.conf.j2 \
ironic-config/ipxe_config.template ironic-config/dnsmasq.conf.j2 \
/tmp/

2
ironic-image/ironic-config/inspector.ipxe.j2
View File

@@ -5,6 +5,6 @@ echo In inspector.ipxe
imgfree
# NOTE(dtantsur): keep inspection kernel params in [mdns]params in
# ironic-inspector-image and configuration in configure-ironic.sh
kernel --timeout 60000 {{ env.IRONIC_HTTP_URL }}/images/ironic-python-agent-${buildarch}.kernel ipa-insecure=1 ipa-inspection-collectors={{ env.IRONIC_IPA_COLLECTORS }} systemd.journald.forward_to_console=yes BOOTIF=${mac} ipa-debug=1 ipa-enable-vlan-interfaces={{ env.IRONIC_ENABLE_VLAN_INTERFACES }} ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 {{ env.INSPECTOR_EXTRA_ARGS }} initrd=ironic-python-agent-${buildarch}.initramfs {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} || goto retry_boot
kernel --timeout 60000 {{ env.IRONIC_HTTP_URL }}/images/ironic-python-agent-${buildarch}.kernel ipa-insecure={{ env.IPA_INSECURE }} ipa-inspection-collectors={{ env.IRONIC_IPA_COLLECTORS }} systemd.journald.forward_to_console=yes BOOTIF=${mac} ipa-debug=1 ipa-enable-vlan-interfaces={{ env.IRONIC_ENABLE_VLAN_INTERFACES }} ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 {{ env.INSPECTOR_EXTRA_ARGS }} initrd=ironic-python-agent-${buildarch}.initramfs {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} || goto retry_boot
initrd --timeout 60000 {{ env.IRONIC_HTTP_URL }}/images/ironic-python-agent-${buildarch}.initramfs || goto retry_boot
boot

8
ironic-image/ironic-config/ironic.conf.j2
View File

@@ -201,7 +201,7 @@ images_path = /shared/html/tmp
instance_master_path = /shared/html/master_images
tftp_master_path = /shared/tftpboot/master_images
tftp_root = /shared/tftpboot
kernel_append_params = nofb nomodeset vga=normal ipa-insecure=1 {% if env.ENABLE_FIPS_IPA %}fips={{ env.ENABLE_FIPS_IPA|trim }}{% endif %} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes
kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.ENABLE_FIPS_IPA %}fips={{ env.ENABLE_FIPS_IPA|trim }}{% endif %} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes
# This makes networking boot templates generated even for nodes using local
# boot (the default), ensuring that they boot correctly even if they start
# netbooting for some reason (e.g. with the noop management interface).
@@ -214,14 +214,14 @@ ipxe_config_template = /tmp/ipxe_config.template
[redfish]
use_swift = false
kernel_append_params = nofb nomodeset vga=normal ipa-insecure=1 {% if env.ENABLE_FIPS_IPA %}fips={{ env.ENABLE_FIPS_IPA|trim }}{% endif %} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes
kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.ENABLE_FIPS_IPA %}fips={{ env.ENABLE_FIPS_IPA|trim }}{% endif %} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes
[ilo]
kernel_append_params = nofb nomodeset vga=normal ipa-insecure=1 {% if env.ENABLE_FIPS_IPA %}fips={{ env.ENABLE_FIPS_IPA|trim }}{% endif %} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes
kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.ENABLE_FIPS_IPA %}fips={{ env.ENABLE_FIPS_IPA|trim }}{% endif %} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes
use_web_server_for_images = true
[irmc]
kernel_append_params = nofb nomodeset vga=normal ipa-insecure=1 {% if env.ENABLE_FIPS_IPA %}fips={{ env.ENABLE_FIPS_IPA|trim }}{% endif %} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes
kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.ENABLE_FIPS_IPA %}fips={{ env.ENABLE_FIPS_IPA|trim }}{% endif %} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes
[service_catalog]
endpoint_override = {{ env.IRONIC_BASE_URL }}

2
metal3-chart/Chart.yaml
View File

@@ -10,7 +10,7 @@ dependencies:
- alias: metal3-ironic
name: ironic
repository: file://./charts/ironic
version: 0.11.0
version: 0.10.6
- alias: metal3-mariadb
condition: global.enable_mariadb
name: mariadb

2
metal3-chart/charts/ironic/Chart.yaml
View File

@@ -3,4 +3,4 @@ appVersion: 26.1.2
description: A Helm chart for Ironic, used by Metal3
name: ironic
type: application
version: 0.11.0
version: 0.10.6

2
release-manifest-image/Dockerfile
View File

@@ -20,4 +20,4 @@ LABEL com.suse.image-type="release-manifest"
LABEL com.suse.release-stage="released"
# endlabelprefix
COPY release_manifest.yaml release_manifest.yaml
COPY release_manifest.yaml release_images.yaml ./

1
release-manifest-image/_service
View File

@@ -2,6 +2,7 @@
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service name="replace_using_env" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="file">release_images.yaml</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %manifest_repo)</param>

64
release-manifest-image/release_images.yaml Normal file
View File

@@ -0,0 +1,64 @@
images:
- name: quay.io/jetstack/cert-manager-cainjector:v1.14.2
- name: quay.io/jetstack/cert-manager-controller:v1.14.2
- name: quay.io/jetstack/cert-manager-webhook:v1.14.2
- name: registry.rancher.com/rancher/hardened-cluster-autoscaler:v1.10.2-build20250507
- name: registry.rancher.com/rancher/hardened-cni-plugins:v1.7.1-build20250509
- name: registry.rancher.com/rancher/hardened-coredns:v1.12.1-build20250507
- name: registry.rancher.com/rancher/hardened-etcd:v3.5.21-k3s1-build20250411
- name: registry.rancher.com/rancher/hardened-k8s-metrics-server:v0.7.2-build20250507
- name: registry.rancher.com/rancher/hardened-kubernetes:v1.32.5-rke2r1-build20250515
- name: registry.rancher.com/rancher/hardened-multus-cni:v4.2.0-build20250326
- name: registry.rancher.com/rancher/klipper-helm:v0.9.5-build20250306
- name: registry.rancher.com/rancher/mirrored-cilium-cilium:v1.17.3
- name: registry.rancher.com/rancher/mirrored-cilium-operator-generic:v1.17.3
- name: registry.rancher.com/rancher/mirrored-longhornio-csi-attacher:v4.8.1
- name: registry.rancher.com/rancher/mirrored-longhornio-csi-node-driver-registrar:v2.13.0
- name: registry.rancher.com/rancher/mirrored-longhornio-csi-provisioner:v5.2.0
- name: registry.rancher.com/rancher/mirrored-longhornio-csi-resizer:v1.13.2
- name: registry.rancher.com/rancher/mirrored-longhornio-csi-snapshotter:v8.2.0
- name: registry.rancher.com/rancher/mirrored-longhornio-livenessprobe:v2.15.0
- name: registry.rancher.com/rancher/mirrored-longhornio-longhorn-engine:v1.8.1
- name: registry.rancher.com/rancher/mirrored-longhornio-longhorn-instance-manager:v1.8.1
- name: registry.rancher.com/rancher/mirrored-longhornio-longhorn-manager:v1.8.1
- name: registry.rancher.com/rancher/mirrored-longhornio-longhorn-share-manager:v1.8.1
- name: registry.rancher.com/rancher/mirrored-longhornio-longhorn-ui:v1.8.1
- name: registry.rancher.com/rancher/mirrored-sig-storage-snapshot-controller:v8.2.0
- name: registry.rancher.com/rancher/neuvector-compliance-config:1.0.4
- name: registry.rancher.com/rancher/neuvector-controller:5.4.3
- name: registry.rancher.com/rancher/neuvector-enforcer:5.4.3
- name: registry.rancher.com/rancher/nginx-ingress-controller:v1.12.1-hardened6
- name: registry.rancher.com/rancher/rke2-cloud-provider:v1.32.0-rc3.0.20241220224140-68fbd1a6b543-build20250101
- name: %%IMG_REPO%%/%%IMG_PREFIX%%baremetal-operator:0.9.1.1
- name: %%IMG_REPO%%/%%IMG_PREFIX%%endpoint-copier-operator:0.3.0
- name: %%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.8
- name: %%IMG_REPO%%/%%IMG_PREFIX%%ironic:26.1.2.5
- name: %%IMG_REPO%%/%%IMG_PREFIX%%metallb-controller:v0.14.9
- name: %%IMG_REPO%%/%%IMG_PREFIX%%metallb-speaker:v0.14.9
- name: %%IMG_REPO%%/%%IMG_PREFIX%%upgrade-controller:0.1.1
- name: registry.rancher.com/rancher/cluster-api-operator:v0.17.0
- name: registry.rancher.com/rancher/fleet-agent:v0.12.3
- name: registry.rancher.com/rancher/fleet:v0.12.3
- name: registry.rancher.com/rancher/hardened-node-feature-discovery:v0.15.7-build20250425
- name: registry.rancher.com/rancher/rancher-webhook:v0.7.2
- name: registry.rancher.com/rancher/rancher/turtles:v0.20.0
- name: registry.rancher.com/rancher/rancher:v2.11.2
- name: registry.rancher.com/rancher/shell:v0.4.1
- name: registry.rancher.com/rancher/system-upgrade-controller:v0.15.2
- name: registry.suse.com/rancher/cluster-api-addon-provider-fleet:v0.10.0
- name: registry.suse.com/rancher/cluster-api-controller:v1.9.5
- name: registry.suse.com/rancher/cluster-api-provider-metal3:v1.9.3
- name: registry.suse.com/rancher/cluster-api-provider-rke2-bootstrap:v0.16.1
- name: registry.suse.com/rancher/cluster-api-provider-rke2-controlplane:v0.16.1
- name: registry.suse.com/rancher/elemental-operator:1.6.8
- name: registry.suse.com/rancher/hardened-sriov-network-operator:v1.5.0-build20250425
- name: registry.suse.com/rancher/ip-address-manager:v1.9.4
- name: registry.suse.com/suse/sles/15.6/cdi-apiserver:1.61.0-150600.3.12.1
- name: registry.suse.com/suse/sles/15.6/cdi-controller:1.61.0-150600.3.12.1
- name: registry.suse.com/suse/sles/15.6/cdi-operator:1.61.0-150600.3.12.1
- name: registry.suse.com/suse/sles/15.6/cdi-uploadproxy:1.61.0-150600.3.12.1
- name: registry.suse.com/suse/sles/15.6/virt-api:1.4.0-150600.5.15.1
- name: registry.suse.com/suse/sles/15.6/virt-controller:1.4.0-150600.5.15.1
- name: registry.suse.com/suse/sles/15.6/virt-handler:1.4.0-150600.5.15.1
- name: registry.suse.com/suse/sles/15.6/virt-launcher:1.4.0-150600.5.15.1
- name: registry.suse.com/suse/sles/15.6/virt-operator:1.4.0-150600.5.15.1

4
release-manifest-image/release_manifest.yaml
View File

@@ -176,3 +176,7 @@ spec:
releaseName: rancher-turtles
chart: "%%CHART_REPO%%/%%CHART_PREFIX%%rancher-turtles"
version: "%%CHART_MAJOR%%.0.4+up0.20.0"
- prettyName: RancherTurtlesAirgapResources
releaseName: rancher-turtles-airgap-resources
chart: "%%CHART_REPO%%/%%CHART_PREFIX%%rancher-turtles-airgap-resources"
version: "%%CHART_MAJOR%%.0.4+up0.20.0"