Bump ironic-image and metal3-chart

Ironic image has been updated to v29.0.0, bump the version on the Helm
Charts too.

Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>

.gitea/workflows/check_manifest.yaml

@@ -17,7 +17,7 @@ jobs:
           object-format: 'sha256'
       - name: Setup dependencies
         run: |
-          zypper in -y python3-ruamel.yaml
+          zypper in -y python3-PyYAML
       - name: Check release manifest
         run: |
-          python3 .obs/manifest-check.py --check
+          python3 .obs/manifest-check.py

.obs/manifest-check.py

@@ -1,15 +1,11 @@
 #!/usr/bin/python3
 
-import ruamel.yaml
+import yaml
-import pathlib
-import argparse
 import sys
 
-yaml = ruamel.yaml.YAML()
-
 def get_chart_version(chart_name: str) -> str:
     with open(f"./{chart_name}-chart/Chart.yaml") as f:
-        chart = yaml.load(f)
+        chart = yaml.safe_load(f)
         return chart["version"]
 
 def get_charts(chart):
@@ -25,57 +21,22 @@ def get_charts(chart):
 
 def get_charts_list():
     with open("./release-manifest-image/release_manifest.yaml") as f:
-        manifest = yaml.load(f)
+        manifest = yaml.safe_load(f)
     charts = {}
     for chart in manifest["spec"]["components"]["workloads"]["helm"]:
         charts.update(get_charts(chart))
     return charts
 
-def check_charts(fix: bool) -> bool:
+def main():
+    print("Checking charts versions in release manifest")
     success = True
     charts = get_charts_list()
-    to_fix = {}
     for chart in charts:
         expected_version = get_chart_version(chart)
         if expected_version != charts[chart]:
             success = False
-            to_fix[f'%%CHART_REPO%%/%%CHART_PREFIX%%{chart}'] = expected_version
             print(f"{chart}: Expected: {expected_version}, Got: {charts[chart]}")
-    if fix and not success:
+    if not success:
-        fix_charts(to_fix)
-        return True
-    return success
-
-def fix_charts(to_fix):
-    manifest_path = pathlib.Path("./release-manifest-image/release_manifest.yaml")
-    manifest = yaml.load(manifest_path)
-    yaml.indent(mapping=2, sequence=4, offset=2)
-    yaml.width = 4096
-    for chart_index, chart in enumerate(manifest["spec"]["components"]["workloads"]["helm"]):
-        changed = False
-        if chart["chart"] in to_fix.keys():
-            changed = True
-            chart["version"] = to_fix[chart["chart"]]
-        for subchart_index, subchart in enumerate(chart.get("addonCharts", [])):
-            if subchart["chart"] in to_fix.keys():
-                changed = True
-                subchart["version"] = to_fix[subchart["chart"]]
-                chart["addonCharts"][subchart_index] = subchart
-        for subchart_index, subchart in enumerate(chart.get("dependencyCharts", [])):
-            if subchart["chart"] in to_fix.keys():
-                changed = True
-                subchart["version"] = to_fix[subchart["chart"]]
-                chart["dependencyCharts"][subchart_index] = subchart
-        if changed:
-            manifest["spec"]["components"]["workloads"]["helm"][chart_index] = chart
-    yaml.dump(manifest, manifest_path)
-
-def main():
-    print("Checking charts versions in release manifest")
-    parser = argparse.ArgumentParser()
-    parser.add_argument('-c', '--check', action='store_true')
-    args = parser.parse_args()
-    if not check_charts(not args.check):
         sys.exit(1)
     else:
         print("All local charts in release manifest are using the right version")

.pre-commit-config.yaml

@@ -1,10 +0,0 @@
-repos:
-  - repo: local
-    hooks:
-      - id: check-manifest
-        name: "Check release-manifest"
-        entry: python3 .obs/manifest-check.py
-        language: python
-        additional_dependencies: ['ruamel.yaml']
-        pass_filenames: false
-        always_run: true

_config

@@ -1,5 +1,4 @@
 Prefer: -libqpid-proton10 -python311-urllib3_1
-Prefer: -cargo1.58 -cargo1.57 cargo1.88
 
 Macros:
 %__python3 /usr/bin/python3.11
@@ -106,7 +105,7 @@ BuildFlags: onlybuild:release-manifest-image
     Patterntype: none
     BuildEngine: podman
     Prefer: sles-release
-    BuildFlags: dockerarg:SLE_VERSION=15.7
+    BuildFlags: dockerarg:SLE_VERSION=15.6
 
     # Publish multi-arch container images only once all archs have been built
     PublishFlags: archsync

_meta

@@ -45,7 +45,7 @@
       <path project="SUSE:SLFO:Products:SLES:16.0" repository="standard"/>
       <path project="SUSE:SLFO:Main:Build" repository="standard"/>
     {%- else %}
-      <path project="SUSE:CA" repository="SLE_15_SP7"/>
+      <path project="SUSE:CA" repository="SLE_15_SP6"/>
       <path project="{{ project }}" repository="standard"/>
     {%- endif %}
     <arch>x86_64</arch>
@@ -56,8 +56,8 @@
     {%- if release_project is defined and not for_release %}
     <releasetarget project="{{ release_project }}" repository="standard" trigger="manual"/>
     {%- endif %}
-    <path project="{{ ironic_base }}:2025.1" repository="15.7"/>
+    <path project="{{ ironic_base }}:2024.2" repository="15.6"/>
-    <path project="SUSE:SLE-15-SP7:Update" repository="standard"/>
+    <path project="SUSE:SLE-15-SP6:Update" repository="standard"/>
     <arch>x86_64</arch>
     <arch>aarch64</arch>
   </repository>

baremetal-operator-image/Dockerfile

@@ -1,6 +1,7 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%.0
+#!BuildTag: %%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%.1
-#!BuildTag: %%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%.0-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%.1-%RELEASE%
+#!BuildVersion: 15.6
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 
@@ -18,7 +19,7 @@ LABEL org.opencontainers.image.version="%%baremetal-operator_version%%"
 LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%.0-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%.1-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"

baremetal-operator/_service

@@ -2,7 +2,7 @@
  <service name="obs_scm">
     <param name="url">https://github.com/metal3-io/baremetal-operator</param>
     <param name="scm">git</param>
-    <param name="revision">v0.10.2</param>
+    <param name="revision">v0.9.1</param>
     <param name="version">_auto_</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="changesgenerate">enable</param>

baremetal-operator/baremetal-operator.spec

@@ -17,14 +17,14 @@
 
 
 Name:           baremetal-operator
-Version:        0.10.2
+Version:        0.9.1
 Release:        0
 Summary:        Implements a Kubernetes API for managing bare metal hosts
 License:        Apache-2.0
 URL:            https://github.com/metal3-io/baremetal-operator
 Source:         baremetal-operator-%{version}.tar
 Source1:        vendor.tar.gz
-BuildRequires:  golang(API) = 1.24
+BuildRequires:  golang(API) = 1.23
 ExcludeArch:    s390
 ExcludeArch:    %{ix86}
 

cdi-chart/Chart.yaml

@@ -1,9 +1,9 @@
-#!BuildTag: %%CHART_PREFIX%%cdi:%%CHART_MAJOR%%.0.1_up0.6.0
+#!BuildTag: %%CHART_PREFIX%%cdi:%%CHART_MAJOR%%.0.0_up0.5.0
-#!BuildTag: %%CHART_PREFIX%%cdi:%%CHART_MAJOR%%.0.1_up0.6.0-%RELEASE%
+#!BuildTag: %%CHART_PREFIX%%cdi:%%CHART_MAJOR%%.0.0_up0.5.0-%RELEASE%
 apiVersion: v2
-appVersion: 1.62.0
+appVersion: 1.61.0
 description: A Helm chart for Containerized Data Importer (CDI)
 icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/kubevirt/icon/color/kubevirt-icon-color.svg
 name: cdi
 type: application
-version: "%%CHART_MAJOR%%.0.1+up0.6.0"
+version: "%%CHART_MAJOR%%.0.0+up0.5.0"

cdi-chart/crds/cdi.yaml

@@ -109,9 +109,9 @@ spec:
                   description: CDIConfig at CDI level
                   properties:
                     dataVolumeTTLSeconds:
-                      description: |-
+                      description: DataVolumeTTLSeconds is the time in seconds after
-                        DataVolumeTTLSeconds is the time in seconds after DataVolume completion it can be garbage collected. Disabled by default.
+                        DataVolume completion it can be garbage collected. Disabled
-                        Deprecated: Removed in v1.62.
+                        by default.
                       format: int32
                       type: integer
                     featureGates:
@@ -2641,9 +2641,9 @@ spec:
                   description: CDIConfig at CDI level
                   properties:
                     dataVolumeTTLSeconds:
-                      description: |-
+                      description: DataVolumeTTLSeconds is the time in seconds after
-                        DataVolumeTTLSeconds is the time in seconds after DataVolume completion it can be garbage collected. Disabled by default.
+                        DataVolume completion it can be garbage collected. Disabled
-                        Deprecated: Removed in v1.62.
+                        by default.
                       format: int32
                       type: integer
                     featureGates:

cdi-chart/templates/cdi-operator.yaml

@@ -599,8 +599,6 @@ spec:
   strategy: {}
   template:
     metadata:
-      annotations:
-        openshift.io/required-scc: restricted-v2
       labels:
         cdi.kubevirt.io: cdi-operator
         name: cdi-operator

cdi-chart/templates/cdi.yaml

@@ -19,7 +19,3 @@ spec:
   workload:
   {{- toYaml . | nindent 4 }}
   {{- end }}
-  {{- with .Values.cdi.customizeComponents }}
-  customizeComponents:
-  {{- toYaml . | nindent 4 }}
-  {{- end }}

cdi-chart/values.yaml

@@ -1,12 +1,12 @@
 deployment:
-  version: 1.62.0-150700.9.3.1
+  version: 1.61.0-150600.3.12.1
-  operatorImage: registry.suse.com/suse/sles/15.7/cdi-operator
+  operatorImage: registry.suse.com/suse/sles/15.6/cdi-operator
-  controllerImage: registry.suse.com/suse/sles/15.7/cdi-controller
+  controllerImage: registry.suse.com/suse/sles/15.6/cdi-controller
-  importerImage: registry.suse.com/suse/sles/15.7/cdi-importer
+  importerImage: registry.suse.com/suse/sles/15.6/cdi-importer
-  clonerImage: registry.suse.com/suse/sles/15.7/cdi-cloner
+  clonerImage: registry.suse.com/suse/sles/15.6/cdi-cloner
-  apiserverImage: registry.suse.com/suse/sles/15.7/cdi-apiserver
+  apiserverImage: registry.suse.com/suse/sles/15.6/cdi-apiserver
-  uploadserverImage: registry.suse.com/suse/sles/15.7/cdi-uploadserver
+  uploadserverImage: registry.suse.com/suse/sles/15.6/cdi-uploadserver
-  uploadproxyImage: registry.suse.com/suse/sles/15.7/cdi-uploadproxy
+  uploadproxyImage: registry.suse.com/suse/sles/15.6/cdi-uploadproxy
   pullPolicy: IfNotPresent
   affinity:
     podAffinity:
@@ -30,7 +30,6 @@ cdi:
     featureGates:
       - HonorWaitForFirstConsumer
   imagePullPolicy: "IfNotPresent"
-  customizeComponents: {}
   infra:
     nodeSelector:
       kubernetes.io/os: linux
@@ -42,7 +41,7 @@ cdi:
     nodeSelector:
       kubernetes.io/os: linux
 
-hookImage: registry.rancher.com/rancher/kubectl:v1.33.1
+hookImage: registry.rancher.com/rancher/kubectl:v1.30.10
 hookRestartPolicy: OnFailure
 hookSecurityContext:
   seccompProfile:

edge-image-builder-image/Dockerfile

@@ -1,5 +1,6 @@
-#!BuildTag: %%IMG_PREFIX%%edge-image-builder:latest
+#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.2.1
-#!BuildTag: %%IMG_PREFIX%%edge-image-builder:latest-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.2.1-%RELEASE%
+#!BuildVersion: 15.6
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-base:$SLE_VERSION
 MAINTAINER SUSE LLC (https://www.suse.com/)
@@ -14,11 +15,11 @@ RUN zypper --non-interactive install --no-recommends edge-image-builder qemu-x86
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SLE edge-image-builder Container Image"
 LABEL org.opencontainers.image.description="edge-image-builder based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="latest"
+LABEL org.opencontainers.image.version="1.2.1"
 LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:latest-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:1.2.1-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"

edge-image-builder-image/artifacts.yaml

@@ -10,8 +10,6 @@ kubernetes:
   k3s:
     selinuxPackage: k3s-selinux-1.6-1.slemicro.noarch
     selinuxRepository: https://rpm.rancher.io/k3s/stable/common/slemicro/noarch
-    releaseURL: https://github.com/k3s-io/k3s/releases/download/
   rke2:
     selinuxPackage: rke2-selinux
     selinuxRepository: https://rpm.rancher.io/rke2/stable/common/slemicro/noarch
-    releaseURL: https://github.com/rancher/rke2/releases/download/

edge-image-builder/_service

@@ -3,11 +3,11 @@
     <param name="url">https://github.com/suse-edge/edge-image-builder.git</param>
     <param name="scm">git</param>
     <param name="exclude">.git</param>
-    <param name="revision">1bfee6bb5bd0dc1ed18e2d09820750f9987c96c9</param>
+    <param name="revision">v1.2.1</param>
     <!-- Uncomment and set this For Pre-Release Version -->
     <!-- <param name="version">1.2.0~rc1</param> -->
     <!-- Uncomment and this for regular version -->
-    <param name="versionformat">%h</param>
+    <param name="versionformat">@PARENT_TAG@</param>
     <param name="versionrewrite-pattern">v(\d+).(\d+).(\d+)</param>
     <param name="versionrewrite-replacement">\1.\2.\3</param>
     <param name="changesgenerate">enable</param>

edge-image-builder/edge-image-builder.spec

@@ -17,7 +17,7 @@
 
 
 Name:           edge-image-builder
-Version:        latest
+Version:        1.2.1
 Release:        0
 Summary:        Edge Image Builder
 License:        Apache-2.0

endpoint-copier-operator-image/Dockerfile

@@ -1,6 +1,7 @@
 # SPDX-License-Identifier: Apache-2.0
 #!BuildTag: %%IMG_PREFIX%%endpoint-copier-operator:%%endpoint-copier-operator_version%%
 #!BuildTag: %%IMG_PREFIX%%endpoint-copier-operator:%%endpoint-copier-operator_version%%-%RELEASE%
+#!BuildVersion: 15.6
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 

frr-image/Dockerfile

@@ -1,6 +1,7 @@
 # SPDX-License-Identifier: MIT
 #!BuildTag: %%IMG_PREFIX%%frr:8.5.6
 #!BuildTag: %%IMG_PREFIX%%frr:8.5.6-%RELEASE%
+#!BuildVersion: 15.6
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 

frr-k8s-image/Dockerfile

@@ -1,6 +1,7 @@
 # SPDX-License-Identifier: Apache-2.0
 #!BuildTag: %%IMG_PREFIX%%frr-k8s:v%%frr-k8s_version%%
 #!BuildTag: %%IMG_PREFIX%%frr-k8s:v%%frr-k8s_version%%-%RELEASE%
+#!BuildVersion: 15.6
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 

ironic-image/Dockerfile

@@ -1,6 +1,7 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%ironic:29.0.4.1
+#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.5
-#!BuildTag: %%IMG_PREFIX%%ironic:29.0.4.1-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.5-%RELEASE%
+#!BuildVersion: 15.6
 
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
@@ -19,11 +20,11 @@ RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes
 
 #!ArchExclusiveLine: x86_64
 RUN if [ "$(uname -m)" = "x86_64" ];then \
-      zypper --installroot /installroot --non-interactive install --no-recommends syslinux python311-devel python311 python311-pip python311-sushy-oem-idrac python311-proliantutils python311-sushy python311-pyinotify python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi ipcalc ipmitool iproute2 bind-utils procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic; \
+      zypper --installroot /installroot --non-interactive install --no-recommends syslinux python311-devel python311 python311-pip python-dracclient python311-sushy-oem-idrac python311-proliantutils python311-sushy python311-pyinotify python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic openstack-ironic-inspector-api; \
     fi
 #!ArchExclusiveLine: aarch64
 RUN if [ "$(uname -m)" = "aarch64" ];then \
-      zypper --installroot /installroot --non-interactive install --no-recommends python311-devel python311 python311-pip python311-sushy-oem-idrac python311-proliantutils python311-sushy python311-pyinotify python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi ipcalc ipmitool iproute2 bind-utils procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic; \
+      zypper --installroot /installroot --non-interactive install --no-recommends python311-devel python311 python311-pip python-dracclient python311-sushy-oem-idrac python311-proliantutils python311-sushy python311-pyinotify python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic openstack-ironic-inspector-api; \
     fi
     
 # DATABASE
@@ -41,8 +42,8 @@ LABEL org.opencontainers.image.description="Openstack Ironic based on the SLE Ba
 LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opencontainers.image.version="29.0.4.1"
+LABEL org.opencontainers.image.version="26.1.2.5"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:29.0.4.1-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:26.1.2.5-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -70,9 +71,6 @@ COPY scripts/ /bin/
 COPY configure-nonroot.sh /bin/
 RUN set -euo pipefail; chmod +x /bin/configure-ironic.sh /bin/ironic-probe.sh /bin/rundatabase-upgrade /bin/rundnsmasq /bin/runhttpd /bin/runironic /bin/runlogwatch.sh /bin/runonline-data-migrations /bin/configure-nonroot.sh
 
-RUN mv /bin/ironic-probe.sh /bin/ironic-readiness
-RUN cp /bin/ironic-readiness /bin/ironic-liveness
-
 COPY ironic-config/inspector.ipxe.j2 ironic-config/httpd-ironic-api.conf.j2 \
      ironic-config/ipxe_config.template ironic-config/dnsmasq.conf.j2 \
      /tmp/

ironic-image/configure-nonroot.sh

@@ -45,10 +45,10 @@ chown -R "${IRONIC_USER}":"${IRONIC_GROUP}" /run
 
 # ironic and httpd related changes
 mkdir -p /etc/httpd/conf.d
-chown -R "${IRONIC_USER}":"${IRONIC_GROUP}" /etc/ironic /etc/httpd/conf /etc/httpd/conf.d /etc/httpd/conf.modules.d/
+chown -R "${IRONIC_USER}":"${IRONIC_GROUP}" /etc/ironic /etc/httpd/conf /etc/httpd/conf.d
-chmod 2775 /etc/ironic /etc/httpd/conf /etc/httpd/conf.d /etc/httpd/conf.modules.d/
+chmod 2775 /etc/ironic /etc/httpd/conf /etc/httpd/conf.d
 #chmod 664 /etc/ironic/* /etc/httpd/conf/* /etc/httpd/conf.d/*
-chmod 664 /etc/ironic/* /etc/httpd/conf/* /etc/httpd/conf.modules.d/*
+chmod 664 /etc/ironic/* /etc/httpd/conf/*
 
 chown -R "${IRONIC_USER}":"${IRONIC_GROUP}" /var/lib/ironic
 chmod 2775 /var/lib/ironic

ironic-image/ironic-config/apache2-ipxe.conf.j2

@@ -1,5 +1,4 @@
-Listen 0.0.0.0:{{ env.IPXE_TLS_PORT }}
+Listen {{ env.IPXE_TLS_PORT }}
-Listen [::]:{{ env.IPXE_TLS_PORT }}
 
 <VirtualHost *:{{ env.IPXE_TLS_PORT }}>
     ErrorLog /dev/stderr

ironic-image/ironic-config/apache2-vmedia.conf.j2

@@ -1,5 +1,4 @@
-Listen 0.0.0.0:{{ env.VMEDIA_TLS_PORT }}
+Listen {{ env.VMEDIA_TLS_PORT }}
-Listen [::]:{{ env.VMEDIA_TLS_PORT }}
 
 <VirtualHost *:{{ env.VMEDIA_TLS_PORT }}>
     ErrorLog /dev/stderr
@@ -11,15 +10,13 @@ Listen [::]:{{ env.VMEDIA_TLS_PORT }}
     SSLCertificateFile {{ env.IRONIC_VMEDIA_CERT_FILE }}
     SSLCertificateKeyFile {{ env.IRONIC_VMEDIA_KEY_FILE }}
 
-    <Directory "/shared/html/">
+    <Directory ~ "/shared/html">
-        Options Indexes FollowSymLinks
+         Order deny,allow
-        AllowOverride None
+         deny from all
-        Require all granted
     </Directory>
     <Directory ~ "/shared/html/(redfish|ilo)/">
-        Options Indexes FollowSymLinks
+         Order allow,deny
-        AllowOverride None
+         allow from all
-        Require all granted
     </Directory>
 </VirtualHost>
 

ironic-image/ironic-config/httpd-ironic-api.conf.j2

@@ -12,21 +12,11 @@
 
 
 {% if env.LISTEN_ALL_INTERFACES | lower == "true" %}
-Listen 0.0.0.0:{{ env.IRONIC_LISTEN_PORT }}
+Listen {{ env.IRONIC_LISTEN_PORT }}
-Listen [::]:{{ env.IRONIC_LISTEN_PORT }}
  <VirtualHost *:{{ env.IRONIC_LISTEN_PORT }}>
 {% else %}
-{% if env.ENABLE_IPV4 %}
+Listen {{ env.IRONIC_URL_HOST }}:{{ env.IRONIC_LISTEN_PORT }}
-Listen {{ env.IRONIC_IP }}:{{ env.IRONIC_LISTEN_PORT }}
+ <VirtualHost {{ env.IRONIC_URL_HOST }}:{{ env.IRONIC_LISTEN_PORT }}>
-{% endif %}
-{% if env.ENABLE_IPV6 %}
-Listen [{{ env.IRONIC_IPV6 }}]:{{ env.IRONIC_LISTEN_PORT }}
-{% endif %}
-{% if env.IRONIC_URL_HOSTNAME is defined and env.IRONIC_URL_HOSTNAME|length %}
-<VirtualHost {{ env.IRONIC_URL_HOSTNAME }}:{{ env.IRONIC_LISTEN_PORT }}>
-{% else %}
-<VirtualHost {% if env.ENABLE_IPV4 %}{{ env.IRONIC_IP }}:{{ env.IRONIC_LISTEN_PORT }}{% endif %} {% if env.ENABLE_IPV6 %}[{{ env.IRONIC_IPV6 }}]:{{ env.IRONIC_LISTEN_PORT }}{% endif %}>
-{% endif %}
 {% endif %}
 
     {% if env.IRONIC_PRIVATE_PORT == "unix" %}

ironic-image/ironic-config/httpd-modules.conf

@@ -17,4 +17,4 @@ LoadModule authn_core_module /usr/lib64/apache2/mod_authn_core.so
 LoadModule auth_basic_module /usr/lib64/apache2/mod_auth_basic.so
 LoadModule authn_file_module /usr/lib64/apache2/mod_authn_file.so
 LoadModule authz_user_module /usr/lib64/apache2/mod_authz_user.so
-#LoadModule access_compat_module /usr/lib64/apache2/mod_access_compat.so
+LoadModule access_compat_module /usr/lib64/apache2/mod_access_compat.so

ironic-image/ironic-config/httpd.conf.j2

@@ -1,14 +1,8 @@
 ServerRoot {{ env.HTTPD_DIR }}
 {%- if env.LISTEN_ALL_INTERFACES | lower == "true" %}
-Listen 0.0.0.0:{{ env.HTTP_PORT }}
+Listen {{ env.HTTP_PORT }}
-Listen [::]:{{ env.HTTP_PORT }}
 {% else %}
-{% if env.ENABLE_IPV4 %}
+Listen {{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}
-Listen {{ env.IRONIC_IP }}:{{ env.HTTP_PORT }}
-{% endif %}
-{% if env.ENABLE_IPV6 %}
-Listen [{{ env.IRONIC_IPV6 }}]:{{ env.HTTP_PORT }}
-{% endif %}
 {% endif %}
 Include /etc/httpd/conf.modules.d/*.conf
 User ironic-suse

ironic-image/ironic-config/inspector.ipxe.j2

@@ -5,6 +5,6 @@ echo In inspector.ipxe
 imgfree
 # NOTE(dtantsur): keep inspection kernel params in [mdns]params in
 # ironic-inspector-image and configuration in configure-ironic.sh
-kernel --timeout 60000 {{ env.IRONIC_HTTP_URL }}/images/ironic-python-agent-${buildarch}.kernel ipa-insecure={{ env.IPA_INSECURE }} ipa-inspection-collectors={{ env.IRONIC_IPA_COLLECTORS }} systemd.journald.forward_to_console=yes BOOTIF=${mac} ipa-debug=1 ipa-enable-vlan-interfaces={{ env.IRONIC_ENABLE_VLAN_INTERFACES }} ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 {{ env.INSPECTOR_EXTRA_ARGS }} initrd=ironic-python-agent-${buildarch}.initramfs {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} || goto retry_boot
+kernel --timeout 60000 {{ env.IRONIC_HTTP_URL }}/images/ironic-python-agent-${buildarch}.kernel ipa-insecure=1 ipa-inspection-collectors={{ env.IRONIC_IPA_COLLECTORS }} systemd.journald.forward_to_console=yes BOOTIF=${mac} ipa-debug=1 ipa-enable-vlan-interfaces={{ env.IRONIC_ENABLE_VLAN_INTERFACES }} ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 {{ env.INSPECTOR_EXTRA_ARGS }} initrd=ironic-python-agent-${buildarch}.initramfs {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} || goto retry_boot
 initrd --timeout 60000 {{ env.IRONIC_HTTP_URL }}/images/ironic-python-agent-${buildarch}.initramfs || goto retry_boot
 boot

ironic-image/ironic-config/ironic.conf.j2

@@ -25,13 +25,7 @@ rpc_transport = none
 use_stderr = true
 # NOTE(dtantsur): the default md5 is not compatible with FIPS mode
 hash_ring_algorithm = sha256
-{% if env.ENABLE_IPV4 %}
 my_ip = {{ env.IRONIC_IP }}
-{% endif %}
-{% if env.ENABLE_IPV6 %}
-my_ipv6 = {{ env.IRONIC_IPV6 }}
-{% endif %}
-
 host = {{ env.IRONIC_CONDUCTOR_HOST }}
 tempdir = {{ env.IRONIC_TMP_DATA_DIR }}
 
@@ -71,7 +65,7 @@ port = {{ env.IRONIC_PRIVATE_PORT }}
 {% endif %}
 public_endpoint = {{ env.IRONIC_BASE_URL }}
 {% else %}
-host_ip = {{ env.IRONIC_HOST_IP }}
+host_ip = {% if env.LISTEN_ALL_INTERFACES | lower == "true" %}::{% else %}{{ env.IRONIC_IP }}{% endif %}
 port = {{ env.IRONIC_LISTEN_PORT }}
 {% if env.IRONIC_TLS_SETUP == "true" %}
 enable_ssl_api = true
@@ -91,11 +85,7 @@ send_sensor_data = {{ env.SEND_SENSOR_DATA }}
 # Power state is checked every 60 seconds and BMC activity should
 # be avoided more often than once every sixty seconds.
 send_sensor_data_interval = 160
-{% if env.VMEDIA_TLS_PORT %}
-bootloader = {{ env.IRONIC_HTTPS_VMEDIA_URL }}/uefi_esp-{{ env.DEPLOY_ARCHITECTURE }}.img
-{% else %}
 bootloader = {{ env.IRONIC_HTTP_URL }}/uefi_esp-{{ env.DEPLOY_ARCHITECTURE }}.img
-{% endif %}
 verify_step_priority_override = management.clear_job_queue:90
 # We don't use this feature, and it creates an additional load on the database
 node_history = False
@@ -127,15 +117,15 @@ default_boot_option = local
 erase_devices_metadata_priority = 10
 erase_devices_priority = 0
 http_root = /shared/html/
-http_url = {% if env.VMEDIA_TLS_PORT %}{{ env.IRONIC_HTTPS_VMEDIA_URL }}{% else %}{{ env.IRONIC_HTTP_URL }}{% endif %}
+http_url = {{ env.IRONIC_HTTP_URL }}
 fast_track = {{ env.IRONIC_FAST_TRACK }}
 {% if env.IRONIC_BOOT_ISO_SOURCE %}
 ramdisk_image_download_source = {{ env.IRONIC_BOOT_ISO_SOURCE }}
 {% endif %}
 {% if env.IRONIC_EXTERNAL_HTTP_URL %}
 external_http_url = {{ env.IRONIC_EXTERNAL_HTTP_URL }}
-{% elif env.VMEDIA_TLS_PORT %}
+{% elif env.IRONIC_VMEDIA_TLS_SETUP == "true" %}
-external_http_url = {{ env.IRONIC_HTTPS_VMEDIA_URL }}
+external_http_url = https://{{ env.IRONIC_URL_HOST }}:{{ env.VMEDIA_TLS_PORT }}
 {% endif %}
 {% if env.IRONIC_EXTERNAL_CALLBACK_URL %}
 external_callback_url = {{ env.IRONIC_EXTERNAL_CALLBACK_URL }}
@@ -191,7 +181,7 @@ cipher_suite_versions = 3,17
 # containers are in host networking.
 auth_strategy = http_basic
 http_basic_auth_user_file = {{ env.IRONIC_RPC_HTPASSWD_FILE }}
-host_ip = {{ env.IRONIC_HOST_IP }}
+host_ip = {% if env.LISTEN_ALL_INTERFACES | lower == "true" %}::{% else %}{{ env.IRONIC_IP }}{% endif %}
 {% if env.IRONIC_TLS_SETUP == "true" %}
 use_ssl = true
 cafile = {{ env.IRONIC_CACERT_FILE }}
@@ -211,7 +201,7 @@ images_path = /shared/html/tmp
 instance_master_path = /shared/html/master_images
 tftp_master_path = /shared/tftpboot/master_images
 tftp_root = /shared/tftpboot
-kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.ENABLE_FIPS_IPA %}fips={{ env.ENABLE_FIPS_IPA|trim }}{% endif %} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes
+kernel_append_params = nofb nomodeset vga=normal ipa-insecure=1 {% if env.ENABLE_FIPS_IPA %}fips={{ env.ENABLE_FIPS_IPA|trim }}{% endif %} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes
 # This makes networking boot templates generated even for nodes using local
 # boot (the default), ensuring that they boot correctly even if they start
 # netbooting for some reason (e.g. with the noop management interface).
@@ -224,14 +214,14 @@ ipxe_config_template = /tmp/ipxe_config.template
 
 [redfish]
 use_swift = false
-kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.ENABLE_FIPS_IPA %}fips={{ env.ENABLE_FIPS_IPA|trim }}{% endif %} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes
+kernel_append_params = nofb nomodeset vga=normal ipa-insecure=1 {% if env.ENABLE_FIPS_IPA %}fips={{ env.ENABLE_FIPS_IPA|trim }}{% endif %} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes
 
 [ilo]
-kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.ENABLE_FIPS_IPA %}fips={{ env.ENABLE_FIPS_IPA|trim }}{% endif %} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes
+kernel_append_params = nofb nomodeset vga=normal ipa-insecure=1 {% if env.ENABLE_FIPS_IPA %}fips={{ env.ENABLE_FIPS_IPA|trim }}{% endif %} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes
 use_web_server_for_images = true
 
 [irmc]
-kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.ENABLE_FIPS_IPA %}fips={{ env.ENABLE_FIPS_IPA|trim }}{% endif %} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes
+kernel_append_params = nofb nomodeset vga=normal ipa-insecure=1 {% if env.ENABLE_FIPS_IPA %}fips={{ env.ENABLE_FIPS_IPA|trim }}{% endif %} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes
 
 [service_catalog]
 endpoint_override = {{ env.IRONIC_BASE_URL }}

ironic-image/scripts/configure-ironic.sh

@@ -3,7 +3,6 @@
 set -euxo pipefail
 
 IRONIC_EXTERNAL_IP="${IRONIC_EXTERNAL_IP:-}"
-export VMEDIA_TLS_PORT="${VMEDIA_TLS_PORT:-}"
 
 # Define the VLAN interfaces to be included in introspection report, e.g.
 #   all - all VLANs on all interfaces using LLDP information
@@ -52,18 +51,6 @@ export IRONIC_IPA_COLLECTORS=${IRONIC_IPA_COLLECTORS:-default,logs}
 
 wait_for_interface_or_ip
 
-if [[ "$(echo "$LISTEN_ALL_INTERFACES" | tr '[:upper:]' '[:lower:]')" == "true" ]]; then
-export IRONIC_HOST_IP="::"
-elif [[ -n "${ENABLE_IPV6}" ]]; then
-export IRONIC_HOST_IP="$IRONIC_IPV6"
-else
-export IRONIC_HOST_IP="$IRONIC_IP"
-fi
-
-if [[ "${VMEDIA_TLS_PORT}" ]]; then
-   export IRONIC_HTTPS_VMEDIA_URL="https://${IRONIC_URL_HOST}:${VMEDIA_TLS_PORT}"
-fi
-
 # Hostname to use for the current conductor instance.
 export IRONIC_CONDUCTOR_HOST=${IRONIC_CONDUCTOR_HOST:-${IRONIC_URL_HOST}}
 
@@ -105,11 +92,4 @@ render_j2_config "/etc/ironic/ironic.conf.j2" \
 configure_json_rpc_auth
 
 # Make sure ironic traffic bypasses any proxies
-export NO_PROXY="${NO_PROXY:-}"
+export NO_PROXY="${NO_PROXY:-},$IRONIC_IP"
-
-if [[ -n "$IRONIC_IPV6" ]]; then
-export NO_PROXY="${NO_PROXY},${IRONIC_IPV6}"
-fi
-if [[ -n "$IRONIC_IP" ]]; then
-export NO_PROXY="${NO_PROXY},${IRONIC_IP}"
-fi

ironic-image/scripts/ironic-common.sh

@@ -5,11 +5,9 @@ set -euxo pipefail
 # Export IRONIC_IP to avoid needing to lean on IRONIC_URL_HOST for consumption in
 # e.g. dnsmasq configuration
 export IRONIC_IP="${IRONIC_IP:-}"
-IRONIC_IPV6="${IRONIC_IPV6:-}"
 PROVISIONING_INTERFACE="${PROVISIONING_INTERFACE:-}"
 PROVISIONING_IP="${PROVISIONING_IP:-}"
 PROVISIONING_MACS="${PROVISIONING_MACS:-}"
-IRONIC_URL_HOSTNAME="${IRONIC_URL_HOSTNAME:-}"
 IPXE_CUSTOM_FIRMWARE_DIR="${IPXE_CUSTOM_FIRMWARE_DIR:-/shared/custom_ipxe_firmware}"
 CUSTOM_CONFIG_DIR="${CUSTOM_CONFIG_DIR:-/conf}"
 CUSTOM_DATA_DIR="${CUSTOM_DATA_DIR:-/data}"
@@ -35,85 +33,6 @@ export LOCAL_DB_URI="sqlite:///${IRONIC_DB_DIR}/ironic.sqlite"
 
 export IRONIC_USE_MARIADB=${IRONIC_USE_MARIADB:-false}
 
-
-get_ip_of_hostname()
-{
-    if [[ "$#" -ne 2 ]]; then
-        echo "${FUNCNAME}: two parameters required, $# provided" >&2
-        return 1
-    fi
-
-    case $2 in
-        4)
-            QUERY="a";;
-        6)
-            QUERY="aaaa";;
-        *)
-            echo "${FUNCNAME}: the second parameter should be [a|aaaa] for A and AAAA records"
-            return 1;;
-    esac
-
-    local HOSTNAME=$1
-
-    echo $(nslookup -type=${QUERY} "${HOSTNAME}" | tail -n2 | grep -w "Address:" | cut -d " " -f2)
-}
-
-get_interface_of_ip()
-{
-    local IP_VERS=""
-
-    if [[ "$#" -gt 2 ]]; then
-        echo "${FUNCNAME}: too many parameters" >&2
-        return 1
-    fi
-
-    if [[ "$#" -eq 2 ]]; then
-        case $2 in
-        4|6)
-            local IP_VERS="-${2}"
-            ;;
-        *)
-            echo "${FUNCNAME}: the second parameter should be [4|6] (or missing for both)" >&2
-            return 2
-            ;;
-        esac
-    fi
-
-    local IP_ADDR=$1
-
-    # Convert the address using ipcalc which strips out the subnet.
-    # For IPv6 addresses, this will give the short-form address
-    IP_ADDR="$(ipcalc "${IP_ADDR}" | grep "^Address:" | awk '{print $2}')"
-
-    echo $(ip ${IP_VERS} -br addr show scope global | grep -i " ${IP_ADDR}/" | cut -f 1 -d ' ' | cut -f 1 -d '@')
-}
-
-get_ip_of_interface()
-{
-    local IP_VERS=""
-
-    if [[ "$#" -gt 2 ]]; then
-        echo "${FUNCNAME}: too many parameters" >&2
-        return 1
-    fi
-
-    if [[ "$#" -eq 2 ]]; then
-        case $2 in
-        4|6)
-            local IP_VERS="-${2}"
-            ;;
-        *)
-            echo "${FUNCNAME}: the second parameter should be [4|6] (or missing for both)" >&2
-            return 2
-            ;;
-        esac
-    fi
-
-    local IFACE=$1
-
-    echo $(ip ${IP_VERS} -br addr show scope global up dev ${IFACE} | awk '{print $3}' | sed -e 's%/.*%%' | head -n 1)
-}
-
 get_provisioning_interface()
 {
     if [[ -n "$PROVISIONING_INTERFACE" ]]; then
@@ -122,7 +41,13 @@ get_provisioning_interface()
         return
     fi
 
-    local interface=""
+    local interface="provisioning"
+
+    if [[ -n "${PROVISIONING_IP}" ]]; then
+        if ip -br addr show | grep -i " ${PROVISIONING_IP}/" &>/dev/null; then
+            interface="$(ip -br addr show | grep -i " ${PROVISIONING_IP}/" | cut -f 1 -d ' ' | cut -f 1 -d '@')"
+        fi
+    fi
 
     for mac in ${PROVISIONING_MACS//,/ }; do
         if ip -br link show up | grep -i "$mac" &>/dev/null; then
@@ -146,111 +71,32 @@ wait_for_interface_or_ip()
     # available on an interface, otherwise we look at $PROVISIONING_INTERFACE
     # for an IP
     if [[ -n "${PROVISIONING_IP}" ]]; then
-        local IFACE_OF_IP=""
+        # Convert the address using ipcalc which strips out the subnet.
-
+        # For IPv6 addresses, this will give the short-form address
-        until [[ -n "$IFACE_OF_IP" ]]; do
+        IRONIC_IP="$(ipcalc "${PROVISIONING_IP}" | grep "^Address:" | awk '{print $2}')"
-            echo "Waiting for ${PROVISIONING_IP} to be configured on an interface..."
+        export IRONIC_IP
-            IFACE_OF_IP="$(get_interface_of_ip "${PROVISIONING_IP}")"
+        until grep -F " ${IRONIC_IP}/" <(ip -br addr show); do
+            echo "Waiting for ${IRONIC_IP} to be configured on an interface"
             sleep 1
         done
-
-        echo "Found $PROVISIONING_IP on interface \"${IFACE_OF_IP}\"!"
-
-        export PROVISIONING_INTERFACE="$IFACE_OF_IP"
-	# If the IP contains a colon, then it's an IPv6 address
-        if [[ "$PROVISIONING_IP" =~ .*:.* ]]; then
-            export IRONIC_IPV6="$PROVISIONING_IP"
-            export IRONIC_IP=""
-        else
-            export IRONIC_IP="$PROVISIONING_IP"
-        fi
-    elif [[ -n "${IRONIC_IP}" ]]; then
-        if [[ "$IRONIC_IP" =~ .*:.* ]]; then
-            export IRONIC_IPV6="$IRONIC_IP"
-            export IRONIC_IP=""
-        fi
-    elif [[ -n "${PROVISIONING_INTERFACE}" ]]; then
-        until [[ -n "$IRONIC_IPV6" ]] || [[ -n "$IRONIC_IP" ]]; do
-            echo "Waiting for ${PROVISIONING_INTERFACE} interface to be configured..."
-
-            IRONIC_IPV6="$(get_ip_of_interface "${PROVISIONING_INTERFACE}" 6)"
-            sleep 1
-
-            IRONIC_IP="$(get_ip_of_interface "${PROVISIONING_INTERFACE}" 4)"
-            sleep 1
-        done
-
-        if [[ -n "$IRONIC_IPV6" ]]; then
-            echo "Found $IRONIC_IPV6 on interface \"${PROVISIONING_INTERFACE}\"!"
-	    export IRONIC_IPV6
-        fi
-        if [[ -n "$IRONIC_IP" ]]; then
-            echo "Found $IRONIC_IP on interface \"${PROVISIONING_INTERFACE}\"!"
-	    export IRONIC_IP
-        fi
-    elif [[ -n "$IRONIC_URL_HOSTNAME" ]]; then
-        local IPV6_IFACE=""
-        local IPV4_IFACE=""
-        
-        # we should get at least one IP address
-        until [[ -n "$IPV6_IFACE" ]] || [[ -n "$IPV4_IFACE" ]]; do
-            local IPV6_RECORD=""
-            local IPV4_RECORD=""
-
-            IPV6_RECORD="$(get_ip_of_hostname "${IRONIC_URL_HOSTNAME}" 6)"
-            IPV4_RECORD="$(get_ip_of_hostname "${IRONIC_URL_HOSTNAME}" 4)"
-
-            # We couldn't get any IP
-            if [[ -z "$IPV4_RECORD" ]] && [[ -z "$IPV6_RECORD" ]]; then
-                echo "${FUNCNAME}: no valid IP found for hostname ${IRONIC_URL_HOSTNAME}" >&2
-                return 1
-            fi
-
-            echo "Waiting for ${IPV6_RECORD} to be configured on an interface"
-            IPV6_IFACE="$(get_interface_of_ip "${IPV6_RECORD}" 6)"
-            sleep 1
-
-            echo "Waiting for ${IPV4_RECORD} to be configured on an interface"
-            IPV4_IFACE="$(get_interface_of_ip "${IPV4_RECORD}" 4)"
-            sleep 1
-        done
-
-        # Add some debugging output
-        if [[ -n "$IPV6_IFACE" ]]; then
-            echo "Found $IPV6_RECORD on interface \"${IPV6_IFACE}\"!"
-            export IRONIC_IPV6="$IPV6_RECORD"
-        fi
-        if [[ -n "$IPV4_IFACE" ]]; then
-            echo "Found $IPV4_RECORD on interface \"${IPV4_IFACE}\"!"
-            export IRONIC_IP="$IPV4_RECORD"
-        fi
-
-        # Make sure both IPs are asigned to the same interface
-        if [[ -n "$IPV6_IFACE" ]] && [[ -n "$IPV4_IFACE" ]] && [[ "$IPV6_IFACE" != "$IPV4_IFACE" ]]; then
-            echo "Warning, the IPv4 and IPv6 addresses from \"${HOSTNAME}\" are assigned to different " \
-            "interfaces (\"${IPV6_IFACE}\" and \"${IPV4_IFACE}\")" >&2
-        fi
-
     else
-        echo "Cannot determine an interface or an IP for binding and creating URLs"
+        until [[ -n "$IRONIC_IP" ]]; do
-        return 1
+            echo "Waiting for ${PROVISIONING_INTERFACE} interface to be configured"
+            IRONIC_IP="$(ip -br add show scope global up dev "${PROVISIONING_INTERFACE}" | awk '{print $3}' | sed -e 's%/.*%%' | head -n 1)"
+            export IRONIC_IP
+            sleep 1
+        done
     fi
 
-    # Define the URLs based on the what we have found,
+    # If the IP contains a colon, then it's an IPv6 address, and the HTTP
-    # prioritize IPv6 for IRONIC_URL_HOST
+    # host needs surrounding with brackets
-    if [[ -n "$IRONIC_IP" ]]; then
+    if [[ "$IRONIC_IP" =~ .*:.* ]]; then
-        export ENABLE_IPV4=yes
+        export IPV=6
+        export IRONIC_URL_HOST="[$IRONIC_IP]"
+    else
+        export IPV=4
         export IRONIC_URL_HOST="$IRONIC_IP"
     fi
-    if [[ -n "$IRONIC_IPV6" ]]; then
-        export ENABLE_IPV6=yes
-        export IRONIC_URL_HOST="[${IRONIC_IPV6}]" # The HTTP host needs surrounding with brackets
-    fi
-
-    # Once determined if we have IPv4 and/or IPv6, override the hostname if provided
-    if [[ -n "$IRONIC_URL_HOSTNAME" ]]; then
-        IRONIC_URL_HOST=$IRONIC_URL_HOSTNAME
-    fi
 
     # Avoid having to construct full URL multiple times while allowing
     # the override of IRONIC_HTTP_URL for environments in which IRONIC_IP

kube-rbac-proxy-image/Dockerfile

@@ -1,6 +1,7 @@
 # SPDX-License-Identifier: Apache-2.0
 #!BuildTag: %%IMG_PREFIX%%kube-rbac-proxy:%%kube-rbac-proxy_version%%
 #!BuildTag: %%IMG_PREFIX%%kube-rbac-proxy:%%kube-rbac-proxy_version%%-%RELEASE%
+#!BuildVersion: 15.6
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 

kubectl-image/Dockerfile

@@ -1,6 +1,7 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%kubectl:1.33.4
+#!BuildTag: %%IMG_PREFIX%%kubectl:1.32.4
-#!BuildTag: %%IMG_PREFIX%%kubectl:1.33.4-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%kubectl:1.32.4-%RELEASE%
+#!BuildVersion: 15.6
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 
@@ -15,11 +16,11 @@ FROM micro AS final
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SLE kubectl image"
 LABEL org.opencontainers.image.description="kubectl on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="1.33.4"
+LABEL org.opencontainers.image.version="1.32.4"
 LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.33.4-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.32.4-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"

kubectl/kubectl.spec

@@ -1,7 +1,7 @@
 %global debug_package %{nil}
 
 Name: kubectl
-Version: 1.33.4
+Version: 1.32.4
 Release: 0
 Summary: Command-line utility for interacting with a Kubernetes cluster
 

kubevirt-chart/Chart.yaml

@@ -1,9 +1,9 @@
-#!BuildTag: %%CHART_PREFIX%%kubevirt:%%CHART_MAJOR%%.0.1_up0.6.0-%RELEASE%
+#!BuildTag: %%CHART_PREFIX%%kubevirt:%%CHART_MAJOR%%.0.0_up0.5.0-%RELEASE%
-#!BuildTag: %%CHART_PREFIX%%kubevirt:%%CHART_MAJOR%%.0.1_up0.6.0
+#!BuildTag: %%CHART_PREFIX%%kubevirt:%%CHART_MAJOR%%.0.0_up0.5.0
 apiVersion: v2
-appVersion: 1.5.2
+appVersion: 1.4.0
 description: A Helm chart for KubeVirt
 icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/kubevirt/icon/color/kubevirt-icon-color.svg
 name: kubevirt
 type: application
-version: "%%CHART_MAJOR%%.0.1+up0.6.0"
+version: "%%CHART_MAJOR%%.0.0+up0.5.0"

kubevirt-chart/crds/kubevirt.yaml

@@ -593,13 +593,6 @@ spec:
                             If set to true, migrations will still start in pre-copy, but switch to post-copy when
                             CompletionTimeoutPerGiB triggers. Defaults to false
                           type: boolean
-                        allowWorkloadDisruption:
-                          description: |-
-                            AllowWorkloadDisruption indicates that the migration shouldn't be
-                            canceled after acceptableCompletionTime is exceeded. Instead, if
-                            permitted, migration will be switched to post-copy or the VMI will be
-                            paused to allow the migration to complete
-                          type: boolean
                         bandwidthPerMigration:
                           anyOf:
                             - type: integer
@@ -612,8 +605,8 @@ spec:
                         completionTimeoutPerGiB:
                           description: |-
                             CompletionTimeoutPerGiB is the maximum number of seconds per GiB a migration is allowed to take.
-                            If the timeout is reached, the migration will be either paused, switched
+                            If a live-migration takes longer to migrate than this value multiplied by the size of the VMI,
-                            to post-copy or cancelled depending on other settings. Defaults to 150
+                            the migration will be cancelled, unless AllowPostCopy is true. Defaults to 150
                           format: int64
                           type: integer
                         disableTLS:
@@ -971,17 +964,17 @@ spec:
                           type: object
                       type: object
                     vmRolloutStrategy:
-                      description: |-
+                      description: VMRolloutStrategy defines how changes to a VM object
-                        VMRolloutStrategy defines how live-updatable fields, like CPU sockets, memory,
+                        propagate to its VMI
-                        tolerations, and affinity, are propagated from a VM to its VMI.
                       enum:
                         - Stage
                         - LiveUpdate
                       nullable: true
                       type: string
                     vmStateStorageClass:
-                      description: VMStateStorageClass is the name of the storage class
+                      description: |-
-                        to use for the PVCs created to preserve VM state, like TPM.
+                        VMStateStorageClass is the name of the storage class to use for the PVCs created to preserve VM state, like TPM.
+                        The storage class must support RWX in filesystem mode.
                       type: string
                     webhookConfiguration:
                       description: |-
@@ -3857,13 +3850,6 @@ spec:
                             If set to true, migrations will still start in pre-copy, but switch to post-copy when
                             CompletionTimeoutPerGiB triggers. Defaults to false
                           type: boolean
-                        allowWorkloadDisruption:
-                          description: |-
-                            AllowWorkloadDisruption indicates that the migration shouldn't be
-                            canceled after acceptableCompletionTime is exceeded. Instead, if
-                            permitted, migration will be switched to post-copy or the VMI will be
-                            paused to allow the migration to complete
-                          type: boolean
                         bandwidthPerMigration:
                           anyOf:
                             - type: integer
@@ -3876,8 +3862,8 @@ spec:
                         completionTimeoutPerGiB:
                           description: |-
                             CompletionTimeoutPerGiB is the maximum number of seconds per GiB a migration is allowed to take.
-                            If the timeout is reached, the migration will be either paused, switched
+                            If a live-migration takes longer to migrate than this value multiplied by the size of the VMI,
-                            to post-copy or cancelled depending on other settings. Defaults to 150
+                            the migration will be cancelled, unless AllowPostCopy is true. Defaults to 150
                           format: int64
                           type: integer
                         disableTLS:
@@ -4235,17 +4221,17 @@ spec:
                           type: object
                       type: object
                     vmRolloutStrategy:
-                      description: |-
+                      description: VMRolloutStrategy defines how changes to a VM object
-                        VMRolloutStrategy defines how live-updatable fields, like CPU sockets, memory,
+                        propagate to its VMI
-                        tolerations, and affinity, are propagated from a VM to its VMI.
                       enum:
                         - Stage
                         - LiveUpdate
                       nullable: true
                       type: string
                     vmStateStorageClass:
-                      description: VMStateStorageClass is the name of the storage class
+                      description: |-
-                        to use for the PVCs created to preserve VM state, like TPM.
+                        VMStateStorageClass is the name of the storage class to use for the PVCs created to preserve VM state, like TPM.
+                        The storage class must support RWX in filesystem mode.
                       type: string
                     webhookConfiguration:
                       description: |-

kubevirt-chart/templates/kubevirt-operator.yaml

@@ -608,7 +608,6 @@ rules:
     resources:
       - virtualmachinesnapshots
       - virtualmachinesnapshots/status
-      - virtualmachinesnapshots/finalizers
       - virtualmachinesnapshotcontents
       - virtualmachinesnapshotcontents/status
       - virtualmachinesnapshotcontents/finalizers
@@ -661,18 +660,15 @@ rules:
       - kubevirt.io
     resources:
       - virtualmachines/finalizers
-      - virtualmachineinstances/finalizers
     verbs:
       - update
   - apiGroups:
       - subresources.kubevirt.io
     resources:
-      - virtualmachines/stop
       - virtualmachineinstances/addvolume
       - virtualmachineinstances/removevolume
       - virtualmachineinstances/freeze
       - virtualmachineinstances/unfreeze
-      - virtualmachineinstances/reset
       - virtualmachineinstances/softreboot
       - virtualmachineinstances/sev/setupsession
       - virtualmachineinstances/sev/injectlaunchsecret
@@ -776,14 +772,6 @@ rules:
     verbs:
       - list
       - watch
-  - apiGroups:
-      - batch
-    resources:
-      - jobs
-    verbs:
-      - create
-      - get
-      - delete
   - apiGroups:
       - kubevirt.io
     resources:
@@ -895,7 +883,6 @@ rules:
       - virtualmachineinstances/freeze
       - virtualmachineinstances/unfreeze
       - virtualmachineinstances/softreboot
-      - virtualmachineinstances/reset
       - virtualmachineinstances/sev/setupsession
       - virtualmachineinstances/sev/injectlaunchsecret
     verbs:
@@ -915,6 +902,7 @@ rules:
       - virtualmachines/restart
       - virtualmachines/addvolume
       - virtualmachines/removevolume
+      - virtualmachines/migrate
       - virtualmachines/memorydump
     verbs:
       - update
@@ -931,6 +919,7 @@ rules:
       - virtualmachineinstances
       - virtualmachineinstancepresets
       - virtualmachineinstancereplicasets
+      - virtualmachineinstancemigrations
     verbs:
       - get
       - delete
@@ -940,14 +929,6 @@ rules:
       - list
       - watch
       - deletecollection
-  - apiGroups:
-      - kubevirt.io
-    resources:
-      - virtualmachineinstancemigrations
-    verbs:
-      - get
-      - list
-      - watch
   - apiGroups:
       - snapshot.kubevirt.io
     resources:
@@ -1051,7 +1032,6 @@ rules:
       - virtualmachineinstances/freeze
       - virtualmachineinstances/unfreeze
       - virtualmachineinstances/softreboot
-      - virtualmachineinstances/reset
       - virtualmachineinstances/sev/setupsession
       - virtualmachineinstances/sev/injectlaunchsecret
     verbs:
@@ -1071,6 +1051,7 @@ rules:
       - virtualmachines/restart
       - virtualmachines/addvolume
       - virtualmachines/removevolume
+      - virtualmachines/migrate
       - virtualmachines/memorydump
     verbs:
       - update
@@ -1087,6 +1068,7 @@ rules:
       - virtualmachineinstances
       - virtualmachineinstancepresets
       - virtualmachineinstancereplicasets
+      - virtualmachineinstancemigrations
     verbs:
       - get
       - delete
@@ -1095,14 +1077,6 @@ rules:
       - patch
       - list
       - watch
-  - apiGroups:
-      - kubevirt.io
-    resources:
-      - virtualmachineinstancemigrations
-    verbs:
-      - get
-      - list
-      - watch
   - apiGroups:
       - snapshot.kubevirt.io
     resources:
@@ -1281,25 +1255,6 @@ rules:
       - get
       - list
       - watch
-  - apiGroups:
-      - subresources.kubevirt.io
-    resources:
-      - virtualmachines/migrate
-    verbs:
-      - update
-  - apiGroups:
-      - kubevirt.io
-    resources:
-      - virtualmachineinstancemigrations
-    verbs:
-      - get
-      - delete
-      - create
-      - update
-      - patch
-      - list
-      - watch
-      - deletecollection
   - apiGroups:
       - authentication.k8s.io
     resources:
@@ -1345,8 +1300,6 @@ spec:
     type: RollingUpdate
   template:
     metadata:
-      annotations:
-        openshift.io/required-scc: restricted-v2
       labels:
         kubevirt.io: virt-operator
         name: virt-operator

kubevirt-chart/values.yaml

@@ -1,6 +1,6 @@
 operator:
-  image: registry.suse.com/suse/sles/15.7/virt-operator
+  image: registry.suse.com/suse/sles/15.6/virt-operator
-  version: 1.5.2-150700.3.5.2
+  version: 1.4.0-150600.5.15.1
   replicas: 2
   pullPolicy: IfNotPresent
   affinity:
@@ -40,7 +40,7 @@ kubevirt:
   monitorAccount: ""
   monitorNamespace: ""
 
-hookImage: registry.rancher.com/rancher/kubectl:v1.33.1
+hookImage: registry.rancher.com/rancher/kubectl:v1.30.10
 hookRestartPolicy: OnFailure
 hookSecurityContext:
   seccompProfile:

metal3-chart/Chart.yaml

@@ -1,28 +1,28 @@
-#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.13_up0.12.3
+#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.9_up0.11.7
-#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.13_up0.12.3-%RELEASE%
+#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.9_up0.11.7-%RELEASE%
 apiVersion: v2
-appVersion: 0.12.3
+appVersion: 0.11.7
 dependencies:
 - alias: metal3-baremetal-operator
   name: baremetal-operator
   repository: file://./charts/baremetal-operator
-  version: 0.10.2
+  version: 0.9.2
 - alias: metal3-ironic
   name: ironic
   repository: file://./charts/ironic
-  version: 0.11.2
+  version: 0.11.0
 - alias: metal3-mariadb
   condition: global.enable_mariadb
   name: mariadb
   repository: file://./charts/mariadb
-  version: 0.6.1
+  version: 0.6.0
 - alias: metal3-media
   condition: global.enable_metal3_media_server
   name: media
   repository: file://./charts/media
-  version: 0.6.5
+  version: 0.6.3
 description: A Helm chart that installs all of the dependencies needed for Metal3
 icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg
 name: metal3
 type: application
-version: "%%CHART_MAJOR%%.0.13+up0.12.3"
+version: "%%CHART_MAJOR%%.0.9+up0.11.7"

metal3-chart/charts/baremetal-operator/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
-appVersion: 0.10.2
+appVersion: 0.9.1
 description: A Helm chart for baremetal-operator, used by Metal3
 name: baremetal-operator
 type: application
-version: 0.10.2
+version: 0.9.2

metal3-chart/charts/baremetal-operator/crds/customresource-baremetalhosts.yaml

@@ -202,11 +202,6 @@ spec:
                 description: Description is a human-entered text used to help identify
                   the host.
                 type: string
-              disablePowerOff:
-                description: |-
-                  When set to true, power off of the node will be disabled,
-                  instead, a reboot will be used in place of power on/off
-                type: boolean
               externallyProvisioned:
                 description: |-
                   ExternallyProvisioned means something else has provisioned the

metal3-chart/charts/baremetal-operator/templates/_helpers.tpl

@@ -61,19 +61,3 @@ Create the name of the service account to use
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
-
-{{/*
-Create the URL to use for connecting to the Ironic servers (e.g. API, cache)
-*/}}
-{{- define "baremetal-operator.ironicHttpHost" -}}
-{{- $hostIP := include "metal3.hostIP" . -}}
-{{- with .Values.global }}
-{{- if .provisioningHostname }}
-{{- .provisioningHostname }}
-{{- else if regexMatch ".*:.*" $hostIP}}
-{{- print "[" $hostIP "]" }}
-{{- else }}
-{{- $hostIP }}
-{{- end }}
-{{- end }}
-{{- end }}

metal3-chart/charts/baremetal-operator/templates/configmap-ironic.yaml

@@ -1,10 +1,10 @@
   {{- $enableTLS := .Values.global.enable_tls }}
   {{- $enableVMediaTLS := .Values.global.enable_vmedia_tls }}
   {{- $protocol := ternary "https" "http" $enableTLS }}
-  {{- $ironicHost := include "baremetal-operator.ironicHttpHost" . | required "Missing host information for BMO to connect to Ironic" }}
+  {{- $ironicIP := .Values.global.ironicIP | default "" }}
-  {{- $ironicApiHost := print $ironicHost ":6385" }}
+  {{- $ironicApiHost := print $ironicIP ":6385" }}
-  {{- $ironicBootHost := print $ironicHost ":6180" }}
+  {{- $ironicBootHost := print $ironicIP ":6180" }}
-  {{- $ironicCacheHost := print $ironicHost ":6180" }}
+  {{- $ironicCacheHost := print $ironicIP ":6180" }}
   {{- $deployArch := .Values.global.deployArchitecture }}
 
 apiVersion: v1
@@ -12,8 +12,8 @@ data:
   IRONIC_ENDPOINT: "{{ $protocol }}://{{ $ironicApiHost }}/v1/"
   # Switch VMedia to HTTP if enable_vmedia_tls is false
   {{- if and $enableTLS $enableVMediaTLS }}
-    {{- $ironicBootHost = print $ironicHost ":" .Values.global.vmediaTLSPort }}
+    {{- $ironicBootHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
-    {{- $ironicCacheHost = print $ironicHost ":" .Values.global.vmediaTLSPort }}
+    {{- $ironicCacheHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
     {{- $protocol = "https" }}
   RESTART_CONTAINER_CERTIFICATE_UPDATED: "true"
   {{- else }}

metal3-chart/charts/baremetal-operator/templates/metrics_service.yaml

@@ -6,7 +6,6 @@ metadata:
     control-plane: controller-manager
   name: {{ include "baremetal-operator.fullname" . }}-controller-manager-metrics-service
 spec:
-  ipFamilyPolicy: PreferDualStack
   ports:
   - name: https
     port: 8443

metal3-chart/charts/baremetal-operator/templates/service-webhook.yaml

@@ -5,7 +5,6 @@ metadata:
     {{- include "baremetal-operator.labels" . | nindent 4 }}
   name: {{ include "baremetal-operator.fullname" . }}-webhook-service
 spec:
-  ipFamilyPolicy: PreferDualStack
   ports:
   - port: 443
     targetPort: 9443

metal3-chart/charts/baremetal-operator/values.yaml

@@ -28,7 +28,7 @@ images:
   baremetalOperator:
     repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/baremetal-operator
     pullPolicy: IfNotPresent
-    tag: "0.10.2.0"
+    tag: "0.9.1.1"
 
 imagePullSecrets: []
 nameOverride: "manger"

metal3-chart/charts/ironic/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
-appVersion: 29.0.4
+appVersion: 26.1.2
 description: A Helm chart for Ironic, used by Metal3
 name: ironic
 type: application
-version: 0.11.2
+version: 0.11.0

metal3-chart/charts/ironic/templates/_helpers.tpl

@@ -83,50 +83,3 @@ Get ironic CA volumeMounts
   readOnly: true
 {{- end }}
 {{- end }}
-
-{{/*
-Get the formatted "External" hostname or IP based URL
-*/}}
-{{- define "ironic.externalHttpUrl" }}
-{{- $host := ternary (include "metal3.hostIP" .) .Values.global.externalHttpHost (empty .Values.global.externalHttpHost) }}
-{{- if regexMatch ".*:.*" $host }}
-{{- $host = print "[" $host "]" }}
-{{- end }}
-{{- $protocol := "http" }}
-{{- $port := "6180" }}
-{{- if .Values.global.enable_vmedia_tls }}
-{{- $protocol = "https" }}
-{{- $port = .Values.global.vmediaTLSPort | default "6185" }}
-{{- end }}
-{{- print $protocol "://" $host ":" $port }}
-{{- end }}
-
-{{/*
-Get the command to use for Liveness and Readiness probes
-*/}}
-{{- define "ironic.probeCommand" }}
-{{- $host := "127.0.0.1" }}
-{{- if eq .Values.listenOnAll false }}
-{{- $host = coalesce .Values.global.provisioningIP .Values.global.ironicIP .Values.global.provisioningHostname }}
-{{- if regexMatch ".*:.*" $host }}
-{{- $host = print "[" $host "]" }}
-{{- end }}
-{{- end }}
-{{- print "curl -sSfk https://" $host ":6385" }}
-{{- end }}
-
-{{/*
-Create the subjectAltNames section to be set on the Certificate
-*/}}
-{{- define "ironic.subjectAltNames" -}}
-{{- with .Values.global }}
-{{- if .provisioningHostname }}
-dnsNames:
-- {{ .provisioningHostname }}
-{{- end -}}
-{{- if or .ironicIP .provisioningIP }}
-ipAddresses:
-  - {{ coalesce .provisioningIP .ironicIP }}
-{{- end }}
-{{- end }}
-{{- end }}

metal3-chart/charts/ironic/templates/certificates.yaml

@@ -6,7 +6,8 @@ metadata:
 spec:
   commonName: ironic-ca
   isCA: true
-  {{- include "ironic.subjectAltNames" . | indent 2 }}
+  ipAddresses:
+  - {{ .Values.global.ironicIP }}
   issuerRef:
     kind: Issuer
     name: selfsigned-issuer
@@ -18,7 +19,8 @@ metadata:
   name: ironic-cert
 spec:
   commonName: ironic-cert
-  {{- include "ironic.subjectAltNames" . | indent 2 }}
+  ipAddresses:
+  - {{ .Values.global.ironicIP }}
   issuerRef:
     kind: Issuer
     name: ca-issuer
@@ -31,7 +33,8 @@ metadata:
   name: ironic-vmedia-cert
 spec:
   commonName: ironic-vmedia-cert
-  {{- include "ironic.subjectAltNames" . | indent 2 }}
+  ipAddresses:
+  - {{ .Values.global.ironicIP }}
   issuerRef:
     kind: Issuer
     name: ca-issuer

metal3-chart/charts/ironic/templates/configmap.yaml

@@ -5,9 +5,16 @@ metadata:
   labels:
     {{- include "ironic.labels" . | nindent 4 }}
 data:
+  {{- $enableTLS := .Values.global.enable_tls }}
+  {{- $enableVMediaTLS := .Values.global.enable_vmedia_tls }}
+  {{- $protocol := ternary "https" "http" $enableTLS }}
+  {{- $ironicIP := .Values.global.ironicIP | default "" }}
+  {{- $ironicBootHost := print $ironicIP ":6180" }}
+  {{- $ironicCacheHost := print $ironicIP ":6180" }}
   {{- $deployArch := .Values.global.deployArchitecture }}
 
   {{- if  ( .Values.global.enable_dnsmasq ) }}
+  DNSMASQ_BOOT_SERVER_ADDRESS: {{ $ironicBootHost }}
   DNSMASQ_DNS_SERVER_ADDRESS: {{ .Values.global.dnsmasqDNSServer }}
   DNSMASQ_DEFAULT_ROUTER: {{ .Values.global.dnsmasqDefaultRouter }}
   DHCP_RANGE: {{ .Values.global.dhcpRange }}
@@ -17,21 +24,29 @@ data:
   {{- end }}
   HTTP_PORT: "6180"
   PREDICTABLE_NIC_NAMES: "{{ .Values.global.predictableNicNames }}"
-  IRONIC_EXTERNAL_HTTP_URL: {{ include "ironic.externalHttpUrl" . }}
+  # Switch VMedia to HTTP if enable_vmedia_tls is false
+  {{- if and $enableTLS $enableVMediaTLS }}
+    {{- $ironicBootHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
+    {{- $ironicCacheHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
+    {{- $protocol = "https" }}
+  {{- else }}
+    {{- $protocol = "http" }}
+  {{- end }}
+  IRONIC_EXTERNAL_HTTP_URL: {{ $protocol }}://{{ $ironicCacheHost }}
   DEPLOY_ARCHITECTURE: {{ $deployArch }}
+  IRONIC_BOOT_BASE_URL: {{ $protocol }}://{{ $ironicBootHost }}
   ENABLE_PXE_BOOT: "{{ .Values.global.enable_pxe_boot }}"
   {{- if .Values.global.provisioningInterface }}
   PROVISIONING_INTERFACE: {{ .Values.global.provisioningInterface }}
   {{- end }}
   {{- if .Values.global.provisioningIP }}
-  PROVISIONING_IP: {{ include "metal3.hostIP" . }}
+  PROVISIONING_IP: {{ .Values.global.provisioningIP }}
-  {{- else if .Values.global.ironicIP }}
-  IRONIC_IP: {{ include "metal3.hostIP" . }}
-  {{- else if .Values.global.provisioningHostname }}
-  IRONIC_URL_HOSTNAME: {{ .Values.global.provisioningHostname }}
   {{- end }}
   IRONIC_FAST_TRACK: "true"
-  LISTEN_ALL_INTERFACES: "{{ .Values.listenOnAll }}"
+  LISTEN_ALL_INTERFACES: "true"
+  {{- if .Values.global.ironicIP }}
+  IRONIC_IP: {{ .Values.global.ironicIP }}
+  {{- end }}
   {{- if  ( .Values.global.enable_tls ) }}
   RESTART_CONTAINER_CERTIFICATE_UPDATED: "true"
   IRONIC_KERNEL_PARAMS: {{ .Values.global.ironicKernelParams }} tls.enabled=true

metal3-chart/charts/ironic/templates/deployment.yaml

@@ -42,7 +42,7 @@ spec:
             name: ironic
         livenessProbe:
           exec:
-            command: ["sh", "-c", "{{ include "ironic.probeCommand" . }}"]
+            command: ["sh", "-c", "curl -sSfk https://127.0.0.1:6385"]
           failureThreshold: 10
           initialDelaySeconds: 30
           periodSeconds: 30
@@ -60,7 +60,7 @@ spec:
         {{- end }}
         readinessProbe:
           exec:
-            command: ["sh", "-c", "{{ include "ironic.probeCommand" . }}"]
+            command: ["sh", "-c", "curl -sSfk https://127.0.0.1:6385"]
           failureThreshold: 10
           initialDelaySeconds: 30
           periodSeconds: 30

metal3-chart/charts/ironic/templates/service.yaml

@@ -10,7 +10,6 @@ metadata:
   {{- end }}
 spec:
   type: {{ .Values.service.type }}
-  ipFamilyPolicy: PreferDualStack
   ports:
   {{- $enableTLS := .Values.global.enable_tls }}
   {{- $enableVMediaTLS := .Values.global.enable_vmedia_tls }}

metal3-chart/charts/ironic/values.yaml

@@ -32,12 +32,6 @@ global:
   # IP Address assigned to network interface on provisioning network
   provisioningIP: ""
 
-  # Fully Qualified Domain Name used by Ironic for both binding (to the
-  # associated IPv4 and/or IPv6 addresses) and exposing the API, dnsmask and
-  # media, also used by BMO. Note, this is the only way to enable a fully
-  # working dual-stack configuration.
-  provisioningHostname: ""
-
   # Whether the NIC names should be predictable or not
   predictableNicNames: "true"
 
@@ -58,13 +52,11 @@ global:
 
 replicaCount: 1
 
-listenOnAll: true
-
 images:
   ironic:
     repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
     pullPolicy: IfNotPresent
-    tag: 29.0.4.1
+    tag: 26.1.2.5
   ironicIPADownloader:
     repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic-ipa-downloader
     pullPolicy: IfNotPresent

metal3-chart/charts/mariadb/Chart.yaml

@@ -3,4 +3,4 @@ appVersion: "10.11"
 description: A Helm chart for MariaDB, used by Metal3
 name: mariadb
 type: application
-version: 0.6.1
+version: 0.6.0

metal3-chart/charts/mariadb/templates/service.yaml

@@ -5,7 +5,6 @@ metadata:
   labels:
     {{- include "mariadb.labels" . | nindent 4 }}
 spec:
-  ipFamilyPolicy: PreferDualStack
   type: {{ .Values.service.type }}
   selector:
     {{- include "mariadb.selectorLabels" . | nindent 4 }}

metal3-chart/charts/media/Chart.yaml

@@ -3,4 +3,4 @@ appVersion: 1.16.0
 description: A Helm chart for Media, used by Metal3
 name: media
 type: application
-version: 0.6.5
+version: 0.6.3

metal3-chart/charts/media/templates/service.yaml

@@ -5,7 +5,6 @@ metadata:
   labels:
     {{- include "media.labels" . | nindent 4 }}
 spec:
-  ipFamilyPolicy: PreferDualStack
   type: {{ .Values.service.type }}
   ports:
     - port: {{ .Values.service.port }}

metal3-chart/charts/media/values.yaml

@@ -24,7 +24,7 @@ replicaCount: 1
 image:
   repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
   pullPolicy: IfNotPresent
-  tag: 29.0.4.1
+  tag: 26.1.2.5
 
 imagePullSecrets: []
 nameOverride: ""

metal3-chart/templates/_helpers.tpl

@@ -60,18 +60,3 @@ Create the name of the service account to use
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
-
-{{/*
-Produce the correct IP or hostname for Ironic provisioning
-*/}}
-{{- define "metal3.hostIP" -}}
-{{- with .Values.global }}
-{{- if and .provisioningHostname (or .provisioningIP .ironicIP) }}
-{{  fail "Please provide either provisioningHostname or provisioningIP or ironicIP" }}
-{{- end }}
-{{- if and .provisioningIP .ironicIP }}
-{{  fail "Please provide either ironicIP or provisioningIP" }}
-{{- end }}
-{{- coalesce .provisioningIP .ironicIP }}
-{{- end }}
-{{- end }}

metal3-chart/values.yaml

@@ -60,15 +60,6 @@ global:
   # IP Address assigned to network interface on provisioning network
   provisioningIP: ""
 
-  # Fully Qualified Domain Name used by Ironic for both binding (to the 
-  # associated IPv4 and/or IPv6 addresses) and exposing the API, dnsmask and
-  # media, also used by BMO. Note, this is the only way to enable a fully
-  # working dual-stack configuration.
-  provisioningHostname: ""
-
-  # Hostname or IP for accessing the Ironic API server from a non-provisioning network
-  externalHttpHost: ""
-
   # Name for the MariaDB service
   databaseServiceName: metal3-mariadb
 

metallb-controller-image/Dockerfile

@@ -1,6 +1,7 @@
 # SPDX-License-Identifier: Apache-2.0
 #!BuildTag: %%IMG_PREFIX%%metallb-controller:v%%metallb-controller_version%%
 #!BuildTag: %%IMG_PREFIX%%metallb-controller:v%%metallb-controller_version%%-%RELEASE%
+#!BuildVersion: 15.6
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 

metallb-speaker-image/Dockerfile

@@ -1,6 +1,7 @@
 # SPDX-License-Identifier: Apache-2.0
 #!BuildTag: %%IMG_PREFIX%%metallb-speaker:v%%metallb-speaker_version%%
 #!BuildTag: %%IMG_PREFIX%%metallb-speaker:v%%metallb-speaker_version%%-%RELEASE%
+#!BuildVersion: 15.6
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 

nessie-image/Dockerfile

@@ -1,31 +0,0 @@
-# SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%nessie:%%nessie_version%%
-#!BuildTag: %%IMG_PREFIX%%nessie:%%nessie_version%%-%RELEASE%
-
-ARG SLE_VERSION
-FROM registry.suse.com/bci/bci-base:$SLE_VERSION
-
-# labelprefix=com.suse.application.nessie
-LABEL org.opencontainers.image.title="nessie"
-LABEL org.opencontainers.image.description="Nessie diagnostic tool for SUSE Kubernetes environments"
-LABEL org.opencontainers.image.version="%%nessie_version%%"
-LABEL org.opencontainers.image.authors="George Agriogiannis <george.agriogiannis2@suse.com>"
-LABEL org.opencontainers.image.url="https://github.com/suse-edge/support-tools/tree/main/nessie"
-LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opencontainers.image.created="%BUILDTIME%"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%nessie:%%nessie_version%%-%RELEASE%"
-LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
-LABEL com.suse.eula="SUSE Combined EULA February 2024"
-LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
-LABEL com.suse.image-type="application"
-LABEL com.suse.release-stage="released"
-# endlabelprefix
-
-RUN zypper --non-interactive refresh && \
-    zypper --non-interactive install --no-recommends nessie && \
-    zypper clean
-
-WORKDIR /tmp
-
-ENTRYPOINT ["/usr/bin/nessie"]

nessie-image/_service

@@ -1,19 +0,0 @@
-<services>
-  <service mode="buildtime" name="kiwi_metainfo_helper"/>
-  <service mode="buildtime" name="docker_label_helper"/>
-  <service name="replace_using_package_version" mode="buildtime">
-    <param name="file">Dockerfile</param>
-    <param name="regex">%%nessie_version%%</param>
-    <param name="package">nessie</param>
-    <param name="parse-version">patch</param>
-  </service>
-  <service name="replace_using_env" mode="buildtime">
-    <param name="file">Dockerfile</param>
-    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
-    <param name="var">IMG_PREFIX</param>
-    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
-    <param name="var">IMG_REPO</param>
-    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
-    <param name="var">SUPPORT_LEVEL</param>
-  </service>
-</services>

nessie/_service

@@ -1,26 +0,0 @@
-<services>
-  <service name="obs_scm">
-    <param name="url">https://github.com/suse-edge/support-tools</param>
-    <param name="scm">git</param>
-    <param name="revision">nessie-v1.0.0</param>
-    <param name="version">_auto_</param>
-    <param name="versionformat">@PARENT_TAG@</param>
-    <param name="changesgenerate">enable</param>
-    <param name="changesauthor">george.agriogiannis2@suse.com</param>
-    <param name="match-tag">nessie-v*</param>
-    <param name="versionrewrite-pattern">nessie-v(\d+\.\d+\.\d+)</param>
-    <param name="versionrewrite-replacement">\1</param>
-    <param name="subdir">nessie</param>
-    <param name="exclude">.git</param>
-    <param name="without-version">yes</param>
-    <param name="filename">nessie</param>
-  </service>
-  <service mode="buildtime" name="tar">
-    <param name="obsinfo">nessie.obsinfo</param>
-  </service>
-  <service mode="buildtime" name="recompress">
-    <param name="file">*.tar</param>
-    <param name="compression">gz</param>
-  </service>
-  <service mode="buildtime" name="set_version" />
-</services>

nessie/nessie.spec

@@ -1,80 +0,0 @@
-#
-# spec file for package nessie
-#
-# Copyright (c) 2024 SUSE LLC
-#
-# All modifications and additions to the file contributed by third parties
-# remain the property of their copyright owners, unless otherwise agreed
-# upon. The license for this file, and modifications and additions to the
-# file, is the same license as for the pristine package itself (unless the
-# license for the pristine package is not an Open Source License, in which
-# case the license is the MIT License). An "Open Source License" is a
-# license that conforms to the Open Source Definition (Version 1.9)
-# published by the Open Source Initiative.
-
-# Please submit bugfixes or comments via https://bugs.opensuse.org/
-#
-
-Name:           nessie
-# Version will be set automatically by factory's set_version service
-Version:        1.0.0
-Release:        0
-Summary:        Node Environment Support Script for Inspection and Export
-License:        Apache-2.0
-Group:          System/Management
-URL:            https://github.com/suse-edge/support-tools/tree/main/nessie
-Source0:        %{name}-%{version}.tar.gz
-BuildArch:      noarch
-
-# Build dependencies
-BuildRequires:  python3-devel
-
-# Runtime dependencies
-Requires:       python3
-Requires:       python3-kubernetes
-Requires:       python3-PyYAML
-Requires:       helm
-Requires:       systemd
-
-# Optional dependencies for enhanced functionality
-Recommends:     util-linux
-
-%description
-Nessie (Node Environment Support Script for Inspection and Export) is a
-comprehensive diagnostic tool for SUSE Kubernetes environments. It collects
-logs, configurations, and system information from Kubernetes clusters for
-troubleshooting and support purposes.
-
-Key features:
-- Collects system service logs and Kubernetes pod logs
-- Gathers cluster configurations and Helm releases
-- Retrieves node metrics and component versions
-- Supports RKE2 and K3s environments
-- Fault-tolerant with configurable options
-- Can be run directly or as a container
-
-The tool is designed specifically for SUSE Edge environments and integrates
-well with SUSE Linux Micro, RKE2, and K3s distributions.
-
-%prep
-%autosetup
-
-%build
-# Validate Python syntax
-python3 -m py_compile nessie.py
-
-%install
-# Install the main script
-install -D -m 0755 nessie.py %{buildroot}%{_bindir}/nessie
-
-# Install documentation files
-install -D -m 0644 README.md %{buildroot}%{_docdir}/%{name}/README.md
-install -D -m 0644 LICENSE %{buildroot}%{_docdir}/%{name}/LICENSE
-
-%files
-%{_bindir}/nessie
-%dir %{_docdir}/%{name}
-%doc %{_docdir}/%{name}/README.md
-%license %{_docdir}/%{name}/LICENSE
-
-%changelog

python-pyhelm3/_service

@@ -1,3 +0,0 @@
-<services>
-<service name="download_assets"></service>
-</services>

python-pyhelm3/pyhelm3.spec

@@ -1,55 +0,0 @@
-#
-# spec file for package python-pyhelm3
-#
-# Copyright (c) 2025 SUSE LLC
-#
-# All modifications and additions to the file contributed by third parties
-# remain the property of their copyright owners, unless otherwise agreed
-# upon. The license for this file, and modifications and additions to the
-# file, is the same license as for the pristine package itself (unless the
-# license for the pristine package is not an Open Source License, in which
-# case the license is the MIT License). An "Open Source License" is a
-# license that conforms to the Open Source Definition (Version 1.9)
-# published by the Open Source Initiative.
-
-# Please submit bugfixes or comments via https://bugs.opensuse.org/
-
-Name:           python-pyhelm3
-Version:        0.4.0
-Release:        0
-Summary:        Python library for managing Helm releases using Helm 3
-License:        Apache-2.0
-URL:            https://github.com/azimuth-cloud/pyhelm3
-#!RemoteAsset
-Source:         https://files.pythonhosted.org/packages/source/p/pyhelm3/pyhelm3-%{version}.tar.gz
-BuildRequires:  python-rpm-macros
-BuildRequires:  %{python_module pip}
-BuildRequires:  %{python_module setuptools >= 42}
-BuildRequires:  %{python_module setuptools_scm >= 3.4}
-BuildRequires:  %{python_module wheel}
-BuildRequires:  fdupes
-Requires:       %{python_module pydantic}
-Requires:       %{python_module PyYAML}
-BuildArch:      noarch
-%python_subpackages
-
-%description
-Python library for managing Helm releases using Helm 3.
-
-%prep
-%autosetup -p1 -n pyhelm3-%{version}
-
-%build
-%pyproject_wheel
-
-%install
-%pyproject_install
-%python_expand %fdupes %{buildroot}%{$python_sitelib}
-
-%files %{python_files}
-%doc README.md
-%license LICENSE
-%{python_sitelib}/pyhelm3
-%{python_sitelib}/pyhelm3-%{version}.dist-info
-
-%changelog

rancher-turtles-airgap-resources-chart/Chart.yaml

@@ -1,10 +1,10 @@
-#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.5_up0.21.0
+#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.4_up0.20.0
-#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.5_up0.21.0-%RELEASE%
+#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.4_up0.20.0-%RELEASE%
 apiVersion: v2
-appVersion: 0.21.0
+appVersion: 0.20.0
 description: Rancher Turtles utility chart for airgap scenarios
 home: https://github.com/rancher/turtles/
 icon: https://raw.githubusercontent.com/rancher/turtles/main/logos/capi.svg
 name: rancher-turtles-airgap-resources
 type: application
-version: "%%CHART_MAJOR%%.0.5+up0.21.0"
+version: "%%CHART_MAJOR%%.0.4+up0.20.0"

rancher-turtles-airgap-resources-chart/templates/airgap-cm-fleet-addon.yaml

@@ -656,8 +656,12 @@ data:
       - list
       - get
       - watch
+    - apiGroups:
+      - ""
+      resources:
+      - namespaces
+      verbs:
       - create
-      - patch
     - apiGroups:
       - events.k8s.io
       resources:
@@ -813,7 +817,7 @@ data:
             control-plane: controller-manager
         spec:
           containers:
-          - image: ghcr.io/rancher-sandbox/cluster-api-addon-provider-fleet:v0.11.0
+          - image: ghcr.io/rancher-sandbox/cluster-api-addon-provider-fleet:v0.10.0
             imagePullPolicy: IfNotPresent
             name: manager
             ports:
@@ -835,7 +839,7 @@ data:
                 memory: 100Mi
           - args:
             - --helm-install
-            image: ghcr.io/rancher-sandbox/cluster-api-addon-provider-fleet:v0.11.0
+            image: ghcr.io/rancher-sandbox/cluster-api-addon-provider-fleet:v0.10.0
             name: helm-manager
             resources:
               limits:
@@ -887,13 +891,10 @@ data:
       - major: 0
         minor: 10
         contract: v1beta1
-      - major: 0
-        minor: 11
-        contract: v1beta1
 kind: ConfigMap
 metadata:
   creationTimestamp: null
-  name: v0.11.0
+  name: v0.10.0
   namespace: rancher-turtles-system
   labels:
     provider-components: fleet

rancher-turtles-airgap-resources-chart/templates/airgap-cm-metal3.yaml

@@ -3734,7 +3734,7 @@ data:
             envFrom:
             - configMapRef:
                 name: capm3-capm3fasttrack-configmap
-            image: registry.rancher.com/rancher/cluster-api-provider-metal3:v1.9.4
+            image: registry.rancher.com/rancher/cluster-api-provider-metal3:v1.9.3
             imagePullPolicy: IfNotPresent
             livenessProbe:
               httpGet:
@@ -3820,7 +3820,7 @@ data:
               valueFrom:
                 fieldRef:
                   fieldPath: metadata.namespace
-            image: quay.io/metal3-io/ip-address-manager:v1.9.5
+            image: quay.io/metal3-io/ip-address-manager:v1.9.4
             imagePullPolicy: IfNotPresent
             livenessProbe:
               httpGet:
@@ -4524,7 +4524,7 @@ data:
 kind: ConfigMap
 metadata:
   creationTimestamp: null
-  name: v1.9.4
+  name: v1.9.3
   namespace: capm3-system
   labels:
     provider-components: metal3

rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-bootstrap.yaml

@@ -985,9 +985,6 @@ data:
                       - path
                       type: object
                     type: array
-                  gzipUserData:
-                    description: GzipUserData specifies if the user data should be gzipped.
-                    type: boolean
                   postRKE2Commands:
                     description: PostRKE2Commands specifies extra commands to run after
                       rke2 setup runs.
@@ -2167,10 +2164,6 @@ data:
                               - path
                               type: object
                             type: array
-                          gzipUserData:
-                            description: GzipUserData specifies if the user data should
-                              be gzipped.
-                            type: boolean
                           postRKE2Commands:
                             description: PostRKE2Commands specifies extra commands to
                               run after rke2 setup runs.
@@ -2532,12 +2525,11 @@ data:
             - --leader-elect
             - --diagnostics-address=${CAPRKE2_DIAGNOSTICS_ADDRESS:=:8443}
             - --insecure-diagnostics=${CAPRKE2_INSECURE_DIAGNOSTICS:=false}
+            - --feature-gates=MachinePool=${EXP_MACHINE_POOL:=true}
             - --v=${CAPRKE2_DEBUG_LEVEL:=0}
-            - --feature-gates=MachinePool=${EXP_MACHINE_POOL:=true},ClusterTopology=${CLUSTER_TOPOLOGY:=true}
-            - --concurrency=${CONCURRENCY_NUMBER:=10}
             command:
             - /manager
-            image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.18.0
+            image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.16.1
             imagePullPolicy: IfNotPresent
             livenessProbe:
               httpGet:
@@ -2772,16 +2764,10 @@ data:
       - major: 0
         minor: 16
         contract: v1beta1
-      - major: 0
-        minor: 17
-        contract: v1beta1
-      - major: 0
-        minor: 18
-        contract: v1beta1
 kind: ConfigMap
 metadata:
   creationTimestamp: null
-  name: v0.18.0
+  name: v0.16.1
   namespace: rke2-bootstrap-system
   labels:
     provider-components: rke2-bootstrap

rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-control-plane.yaml

@@ -1624,9 +1624,6 @@ data:
                       - path
                       type: object
                     type: array
-                  gzipUserData:
-                    description: GzipUserData specifies if the user data should be gzipped.
-                    type: boolean
                   infrastructureRef:
                     description: |-
                       InfrastructureRef is a required reference to a custom resource
@@ -2437,51 +2434,6 @@ data:
                               if value is false, ETCD metrics will NOT be exposed
                             type: boolean
                         type: object
-                      externalDatastoreSecret:
-                        description: |-
-                          ExternalDatastoreSecret is a reference to a Secret that contains configuration about connecting to an external datastore.
-                          The secret must contain a key named "endpoint" that contains the connection string for the external datastore.
-                        properties:
-                          apiVersion:
-                            description: API version of the referent.
-                            type: string
-                          fieldPath:
-                            description: |-
-                              If referring to a piece of an object instead of an entire object, this string
-                              should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                              For example, if the object reference is to a container within a pod, this would take on a value like:
-                              "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                              the event) or if no container name is specified "spec.containers[2]" (container with
-                              index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                              referencing a part of an object.
-                            type: string
-                          kind:
-                            description: |-
-                              Kind of the referent.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                            type: string
-                          name:
-                            description: |-
-                              Name of the referent.
-                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                            type: string
-                          namespace:
-                            description: |-
-                              Namespace of the referent.
-                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                            type: string
-                          resourceVersion:
-                            description: |-
-                              Specific resourceVersion to which this reference is made, if any.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                            type: string
-                          uid:
-                            description: |-
-                              UID of the referent.
-                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                            type: string
-                        type: object
-                        x-kubernetes-map-type: atomic
                       kubeAPIServer:
                         description: KubeAPIServer defines optional custom configuration
                           of the Kube API Server.
@@ -3173,10 +3125,6 @@ data:
                               - path
                               type: object
                             type: array
-                          gzipUserData:
-                            description: GzipUserData specifies if the user data should
-                              be gzipped.
-                            type: boolean
                           infrastructureRef:
                             description: |-
                               InfrastructureRef is a required reference to a custom resource
@@ -4002,51 +3950,6 @@ data:
                                       if value is false, ETCD metrics will NOT be exposed
                                     type: boolean
                                 type: object
-                              externalDatastoreSecret:
-                                description: |-
-                                  ExternalDatastoreSecret is a reference to a Secret that contains configuration about connecting to an external datastore.
-                                  The secret must contain a key named "endpoint" that contains the connection string for the external datastore.
-                                properties:
-                                  apiVersion:
-                                    description: API version of the referent.
-                                    type: string
-                                  fieldPath:
-                                    description: |-
-                                      If referring to a piece of an object instead of an entire object, this string
-                                      should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                                      For example, if the object reference is to a container within a pod, this would take on a value like:
-                                      "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                                      the event) or if no container name is specified "spec.containers[2]" (container with
-                                      index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                                      referencing a part of an object.
-                                    type: string
-                                  kind:
-                                    description: |-
-                                      Kind of the referent.
-                                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                                    type: string
-                                  name:
-                                    description: |-
-                                      Name of the referent.
-                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                    type: string
-                                  namespace:
-                                    description: |-
-                                      Namespace of the referent.
-                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                                    type: string
-                                  resourceVersion:
-                                    description: |-
-                                      Specific resourceVersion to which this reference is made, if any.
-                                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                                    type: string
-                                  uid:
-                                    description: |-
-                                      UID of the referent.
-                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                                    type: string
-                                type: object
-                                x-kubernetes-map-type: atomic
                               kubeAPIServer:
                                 description: KubeAPIServer defines optional custom configuration
                                   of the Kube API Server.
@@ -4543,7 +4446,6 @@ data:
             - --diagnostics-address=${CAPRKE2_DIAGNOSTICS_ADDRESS:=:8443}
             - --insecure-diagnostics=${CAPRKE2_INSECURE_DIAGNOSTICS:=false}
             - --v=${CAPRKE2_DEBUG_LEVEL:=0}
-            - --concurrency=${CONCURRENCY_NUMBER:=10}
             command:
             - /manager
             env:
@@ -4559,7 +4461,7 @@ data:
               valueFrom:
                 fieldRef:
                   fieldPath: metadata.uid
-            image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.18.0
+            image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.16.1
             imagePullPolicy: IfNotPresent
             livenessProbe:
               httpGet:
@@ -4801,16 +4703,10 @@ data:
       - major: 0
         minor: 16
         contract: v1beta1
-      - major: 0
-        minor: 17
-        contract: v1beta1
-      - major: 0
-        minor: 18
-        contract: v1beta1
 kind: ConfigMap
 metadata:
   creationTimestamp: null
-  name: v0.18.0
+  name: v0.16.1
   namespace: rke2-control-plane-system
   labels:
     provider-components: rke2-control-plane

rancher-turtles-chart/Chart.lock

@@ -3,4 +3,4 @@ dependencies:
   repository: https://kubernetes-sigs.github.io/cluster-api-operator
   version: 0.18.1
 digest: sha256:7ad59ce8888c32723b4ef1ae5f334fdff00a8aba87e6f1de76d605f134bff354
-generated: "2025-06-30T13:10:01.066923702Z"
+generated: "2025-05-29T09:13:16.863770955Z"

rancher-turtles-chart/Chart.yaml

@@ -1,5 +1,5 @@
-#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.5_up0.21.0
+#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.4_up0.20.0
-#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.5_up0.21.0-%RELEASE%
+#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.4_up0.20.0-%RELEASE%
 annotations:
   catalog.cattle.io/certified: rancher
   catalog.cattle.io/display-name: Rancher Turtles - the Cluster API Extension
@@ -12,12 +12,12 @@ annotations:
   catalog.cattle.io/scope: management
   catalog.cattle.io/type: cluster-tool
 apiVersion: v2
-appVersion: 0.21.0
+appVersion: 0.20.0
 dependencies:
 - condition: cluster-api-operator.enabled
   name: cluster-api-operator
   repository: file://./charts/cluster-api-operator
-  version: 0.18.1
+  version: 0.17.0
 description: Rancher Turtles is an extension to Rancher that brings full Cluster API
   integration to Rancher.
 home: https://github.com/rancher/turtles/
@@ -29,4 +29,4 @@ keywords:
 - provisioning
 name: rancher-turtles
 type: application
-version: "%%CHART_MAJOR%%.0.5+up0.21.0"
+version: "%%CHART_MAJOR%%.0.4+up0.20.0"

rancher-turtles-chart/RELEASE_NOTES.md

@@ -1,4 +1,4 @@
-## Changes since examples/v0.21.0
+## Changes since v0.20.0-rc.0
 ---
 ## :chart_with_upwards_trend: Overview
 

rancher-turtles-chart/charts/cluster-api-operator/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
-appVersion: 0.18.1
+appVersion: 0.17.0
 description: Cluster API Operator
 name: cluster-api-operator
 type: application
-version: 0.18.1
+version: 0.17.0

rancher-turtles-chart/charts/cluster-api-operator/templates/addon.yaml

@@ -26,10 +26,8 @@ apiVersion: v1
 kind: Namespace
 metadata:
   annotations:
-    {{- if $.Values.enableHelmHook }}
     "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "1"
-    {{- end }}
     "argocd.argoproj.io/sync-wave": "1"
   name: {{ $addonNamespace }}
 ---
@@ -39,10 +37,8 @@ metadata:
   name: {{ $addonName }}
   namespace: {{ $addonNamespace }}
   annotations:
-    {{- if $.Values.enableHelmHook }}
     "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "2"
-    {{- end }}
     "argocd.argoproj.io/sync-wave": "2"
 {{- if or $addonVersion $.Values.secretName }}
 spec:

rancher-turtles-chart/charts/cluster-api-operator/templates/bootstrap.yaml

@@ -26,11 +26,8 @@ apiVersion: v1
 kind: Namespace
 metadata:
   annotations:
-    {{- if $.Values.enableHelmHook }}
     "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "1"
-    {{- end }}
-    "argocd.argoproj.io/sync-wave": "1"
   name: {{ $bootstrapNamespace }}
 ---
 apiVersion: operator.cluster.x-k8s.io/v1alpha2
@@ -39,11 +36,8 @@ metadata:
   name: {{ $bootstrapName }}
   namespace: {{ $bootstrapNamespace }}
   annotations:
-    {{- if $.Values.enableHelmHook }}
     "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "2"
-    {{- end }}
-    "argocd.argoproj.io/sync-wave": "2"
 {{- if or $bootstrapVersion $.Values.configSecret.name }}
 spec:
 {{- end}}

rancher-turtles-chart/charts/cluster-api-operator/templates/control-plane.yaml

@@ -26,11 +26,8 @@ apiVersion: v1
 kind: Namespace
 metadata:
   annotations:
-    {{- if $.Values.enableHelmHook }}
     "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "1"
-    {{- end }}
-    "argocd.argoproj.io/sync-wave": "1"
   name: {{ $controlPlaneNamespace }}
 ---
 apiVersion: operator.cluster.x-k8s.io/v1alpha2
@@ -39,11 +36,8 @@ metadata:
   name: {{ $controlPlaneName }}
   namespace: {{ $controlPlaneNamespace }}
   annotations:
-    {{- if $.Values.enableHelmHook }}
     "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "2"
-    {{- end }}
-    "argocd.argoproj.io/sync-wave": "2"
 {{- if or $controlPlaneVersion $.Values.configSecret.name $.Values.manager }}
 spec:
 {{- end}}

rancher-turtles-chart/charts/cluster-api-operator/templates/core-conditions.yaml

@@ -1,4 +1,4 @@
-{{- if or .Values.addon .Values.bootstrap .Values.controlPlane .Values.infrastructure .Values.ipam }}
+{{- if or .Values.addon .Values.bootstrap .Values.controlPlane .Values.infrastructure }}
 # Deploy core components if not specified
 {{- if not .Values.core }}
 ---
@@ -6,11 +6,8 @@ apiVersion: v1
 kind: Namespace
 metadata:
   annotations:
-    {{- if $.Values.enableHelmHook }}
     "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "1"
-    {{- end }}
-    "argocd.argoproj.io/sync-wave": "1"
   name: capi-system
 ---
 apiVersion: operator.cluster.x-k8s.io/v1alpha2
@@ -19,11 +16,8 @@ metadata:
   name: cluster-api
   namespace: capi-system
   annotations:
-    {{- if $.Values.enableHelmHook }}
     "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "2"
-    {{- end }}
-    "argocd.argoproj.io/sync-wave": "2"
 {{- with .Values.configSecret }}
 spec:
   configSecret:
@@ -34,3 +28,4 @@ spec:
 {{- end }}
 {{- end }}
 {{- end }}
+

rancher-turtles-chart/charts/cluster-api-operator/templates/core.yaml

@@ -25,11 +25,8 @@ apiVersion: v1
 kind: Namespace
 metadata:
   annotations:
-    {{- if $.Values.enableHelmHook }}
     "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "1"
-    {{- end }}
-    "argocd.argoproj.io/sync-wave": "1"
   name: {{ $coreNamespace }}
 ---
 apiVersion: operator.cluster.x-k8s.io/v1alpha2
@@ -38,10 +35,8 @@ metadata:
   name: {{ $coreName }}
   namespace: {{ $coreNamespace }}
   annotations:
-    {{- if $.Values.enableHelmHook }}
     "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "2"
-    {{- end }}
     "argocd.argoproj.io/sync-wave": "2"
 {{- if or $coreVersion $.Values.configSecret.name $.Values.manager }}
 spec:
@@ -50,8 +45,8 @@ spec:
   version: {{ $coreVersion }}
 {{- end }}
 {{- if $.Values.manager }}
-{{- if and $.Values.manager.featureGates $.Values.manager.featureGates.core }}
   manager:
+{{- if and $.Values.manager.featureGates $.Values.manager.featureGates.core }}
     featureGates:
     {{- range $key, $value := $.Values.manager.featureGates.core }}
       {{ $key }}: {{ $value }}

rancher-turtles-chart/charts/cluster-api-operator/templates/infra-conditions.yaml

@@ -7,10 +7,8 @@ apiVersion: v1
 kind: Namespace
 metadata:
   annotations:
-    {{- if $.Values.enableHelmHook }}
     "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "1"
-    {{- end }}
     "argocd.argoproj.io/sync-wave": "1"
   name: capi-kubeadm-bootstrap-system
 ---
@@ -20,10 +18,8 @@ metadata:
   name: kubeadm
   namespace: capi-kubeadm-bootstrap-system
   annotations:
-    {{- if $.Values.enableHelmHook }}
     "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "2"
-    {{- end }}
     "argocd.argoproj.io/sync-wave": "2"
 {{- with .Values.configSecret }}
 spec:
@@ -41,10 +37,8 @@ apiVersion: v1
 kind: Namespace
 metadata:
   annotations:
-    {{- if $.Values.enableHelmHook }}
     "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "1"
-    {{- end }}
     "argocd.argoproj.io/sync-wave": "1"
   name: capi-kubeadm-control-plane-system
 ---
@@ -54,16 +48,14 @@ metadata:
   name: kubeadm
   namespace: capi-kubeadm-control-plane-system
   annotations:
-    {{- if $.Values.enableHelmHook }}
     "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "2"
-    {{- end }}
     "argocd.argoproj.io/sync-wave": "2"
 {{- with .Values.configSecret }}
 spec:
 {{- if $.Values.manager }}
-{{- if and $.Values.manager.featureGates $.Values.manager.featureGates.kubeadm }}
   manager:
+{{- if and $.Values.manager.featureGates $.Values.manager.featureGates.kubeadm }}
     featureGates:
     {{- range $key, $value := $.Values.manager.featureGates.kubeadm }}
       {{ $key }}: {{ $value }}

rancher-turtles-chart/charts/cluster-api-operator/templates/infra.yaml

@@ -26,10 +26,8 @@ apiVersion: v1
 kind: Namespace
 metadata:
   annotations:
-    {{- if $.Values.enableHelmHook }}
     "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "1"
-    {{- end }}
     "argocd.argoproj.io/sync-wave": "1"
   name: {{ $infrastructureNamespace }}
 ---
@@ -39,10 +37,8 @@ metadata:
   name: {{ $infrastructureName }}
   namespace: {{ $infrastructureNamespace }}
   annotations:
-    {{- if $.Values.enableHelmHook }}
     "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "2"
-    {{- end }}
     "argocd.argoproj.io/sync-wave": "2"
 {{- if or $infrastructureVersion $.Values.configSecret.name $.Values.manager $.Values.additionalDeployments }}
 spec:
@@ -51,8 +47,8 @@ spec:
   version: {{ $infrastructureVersion }}
 {{- end }}
 {{- if $.Values.manager }}
-{{- if and (kindIs "map" $.Values.manager.featureGates) (hasKey $.Values.manager.featureGates $infrastructureName) }}
   manager:
+{{- if and (kindIs "map" $.Values.manager.featureGates) (hasKey $.Values.manager.featureGates $infrastructureName) }}
 {{- range $key, $value := $.Values.manager.featureGates }}
   {{- if eq $key $infrastructureName }}
     featureGates:

rancher-turtles-chart/charts/cluster-api-operator/templates/ipam.yaml

@@ -26,10 +26,8 @@ apiVersion: v1
 kind: Namespace
 metadata:
   annotations:
-    {{- if $.Values.enableHelmHook }}
     "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "1"
-    {{- end }}
     "argocd.argoproj.io/sync-wave": "1"
   name: {{ $ipamNamespace }}
 ---
@@ -39,10 +37,8 @@ metadata:
   name: {{ $ipamName }}
   namespace: {{ $ipamNamespace }}
   annotations:
-    {{- if $.Values.enableHelmHook }}
     "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "2"
-    {{- end }}
     "argocd.argoproj.io/sync-wave": "2"
 {{- if or $ipamVersion $.Values.configSecret.name $.Values.manager $.Values.additionalDeployments }}
 spec:
@@ -51,8 +47,8 @@ spec:
   version: {{ $ipamVersion }}
 {{- end }}
 {{- if $.Values.manager }}
-{{- if and (kindIs "map" $.Values.manager.featureGates) (hasKey $.Values.manager.featureGates $ipamName) }}
   manager:
+{{- if and (kindIs "map" $.Values.manager.featureGates) (hasKey $.Values.manager.featureGates $ipamName) }}
 {{- range $key, $value := $.Values.manager.featureGates }}
   {{- if eq $key $ipamName }}
     featureGates:

rancher-turtles-chart/charts/cluster-api-operator/values.yaml

@@ -21,7 +21,7 @@ leaderElection:
 image:
   manager:
     repository: registry.k8s.io/capi-operator/cluster-api-operator
-    tag: v0.18.1
+    tag: v0.17.0
     pullPolicy: IfNotPresent
 env:
   manager: []
@@ -69,4 +69,3 @@ volumeMounts:
     - mountPath: /tmp/k8s-webhook-server/serving-certs
       name: cert
       readOnly: true
-enableHelmHook: true

rancher-turtles-chart/questions.yml

@@ -36,7 +36,7 @@ questions:
         label: Enable Agent TLS Mode
         group: "Rancher Turtles Features Settings"
       - variable: rancherTurtles.kubectlImage
-        default: "registry.suse.com/edge/3.3/kubectl:1.32.4"
+        default: "registry.suse.com/edge/3.2/kubectl:1.32.4"
         description: "Specify the image to use when running kubectl in jobs."
         type: string
         label: Kubectl Image

rancher-turtles-chart/values.yaml

@@ -9,8 +9,8 @@ turtlesUI:
 rancherTurtles:
   # image: registry.rancher.com/rancher/rancher/turtles
   image: registry.rancher.com/rancher/rancher/turtles
-  # imageVersion: v0.21.0
+  # imageVersion: v0.20.0
-  imageVersion: v0.21.0
+  imageVersion: v0.20.0
   # imagePullPolicy: IfNotPresent
   imagePullPolicy: IfNotPresent
   # namespace: Select namespace for Turtles to run.
@@ -22,7 +22,7 @@ rancherTurtles:
   # rancherInstalled: True if Rancher already installed is in the cluster, this is the preferred installation way.
   rancherInstalled: false
   # kubectlImage: Image for kubectl tasks.
-  kubectlImage: "%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.33.4"
+  kubectlImage: "%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.32.4"
   # features: Optional and experimental features.
   features:
     # day2operations: Alpha feature.
@@ -31,8 +31,8 @@ rancherTurtles:
       enabled: false
       # image: registry.rancher.com/rancher/rancher/turtles
       image: registry.rancher.com/rancher/rancher/turtles
-      # imageVersion: v0.21.0
+      # imageVersion: v0.20.0
-      imageVersion: v0.21.0
+      imageVersion: v0.20.0
       # imagePullPolicy: IfNotPresent
       imagePullPolicy: IfNotPresent
       # etcdBackupRestore: Alpha feature. Manages etcd backup/restore.
@@ -49,8 +49,8 @@ rancherTurtles:
       enabled: false
       # image: registry.rancher.com/rancher/rancher/turtles
       image: registry.rancher.com/rancher/rancher/turtles
-      # imageVersion: v0.21.0
+      # imageVersion: v0.20.0
-      imageVersion: v0.21.0
+      imageVersion: v0.20.0
       # imagePullPolicy: IfNotPresent
       imagePullPolicy: IfNotPresent
 
@@ -127,7 +127,7 @@ cluster-api-operator:
       # enabled: Turn on or off.
       enabled: true
       # version: RKE2 version.
-      version: "v0.18.0"
+      version: "v0.16.1"
       # bootstrap: RKE2 bootstrap provider.
       bootstrap:
         # namespace: Bootstrap namespace.
@@ -154,10 +154,10 @@ cluster-api-operator:
           selector: ""
     metal3:
       enabled: true
-      version: "v1.9.4"
+      version: "v1.9.3"
       infrastructure:
         namespace: capm3-system
-        imageUrl: "registry.suse.com/rancher/cluster-api-provider-metal3:v1.9.4"
+        imageUrl: "registry.suse.com/rancher/cluster-api-provider-metal3:v1.9.3"
         fetchConfig:
           url: ""
           selector: ""

release-manifest-image/Dockerfile

@@ -20,4 +20,4 @@ LABEL com.suse.image-type="release-manifest"
 LABEL com.suse.release-stage="released"
 # endlabelprefix
 
-COPY release_manifest.yaml release_images.yaml ./
+COPY release_manifest.yaml release_manifest.yaml

release-manifest-image/_service

@@ -2,7 +2,6 @@
   <service mode="buildtime" name="kiwi_metainfo_helper"/>
   <service name="replace_using_env" mode="buildtime">
     <param name="file">Dockerfile</param>
-    <param name="file">release_images.yaml</param>
     <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
     <param name="var">IMG_PREFIX</param>
     <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %manifest_repo)</param>

release-manifest-image/release_images.yaml

@@ -1,64 +0,0 @@
-images:
-  - name: quay.io/jetstack/cert-manager-cainjector:v1.14.2
-  - name: quay.io/jetstack/cert-manager-controller:v1.14.2
-  - name: quay.io/jetstack/cert-manager-webhook:v1.14.2
-  - name: registry.rancher.com/rancher/hardened-cluster-autoscaler:v1.10.2-build20250507
-  - name: registry.rancher.com/rancher/hardened-cni-plugins:v1.7.1-build20250509
-  - name: registry.rancher.com/rancher/hardened-coredns:v1.12.1-build20250507
-  - name: registry.rancher.com/rancher/hardened-etcd:v3.5.21-k3s1-build20250411
-  - name: registry.rancher.com/rancher/hardened-k8s-metrics-server:v0.7.2-build20250507
-  - name: registry.rancher.com/rancher/hardened-kubernetes:v1.32.5-rke2r1-build20250515
-  - name: registry.rancher.com/rancher/hardened-multus-cni:v4.2.0-build20250326
-  - name: registry.rancher.com/rancher/klipper-helm:v0.9.5-build20250306
-  - name: registry.rancher.com/rancher/mirrored-cilium-cilium:v1.17.3
-  - name: registry.rancher.com/rancher/mirrored-cilium-operator-generic:v1.17.3
-  - name: registry.rancher.com/rancher/mirrored-longhornio-csi-attacher:v4.8.1
-  - name: registry.rancher.com/rancher/mirrored-longhornio-csi-node-driver-registrar:v2.13.0
-  - name: registry.rancher.com/rancher/mirrored-longhornio-csi-provisioner:v5.2.0
-  - name: registry.rancher.com/rancher/mirrored-longhornio-csi-resizer:v1.13.2
-  - name: registry.rancher.com/rancher/mirrored-longhornio-csi-snapshotter:v8.2.0
-  - name: registry.rancher.com/rancher/mirrored-longhornio-livenessprobe:v2.15.0
-  - name: registry.rancher.com/rancher/mirrored-longhornio-longhorn-engine:v1.8.1
-  - name: registry.rancher.com/rancher/mirrored-longhornio-longhorn-instance-manager:v1.8.1
-  - name: registry.rancher.com/rancher/mirrored-longhornio-longhorn-manager:v1.8.1
-  - name: registry.rancher.com/rancher/mirrored-longhornio-longhorn-share-manager:v1.8.1
-  - name: registry.rancher.com/rancher/mirrored-longhornio-longhorn-ui:v1.8.1
-  - name: registry.rancher.com/rancher/mirrored-sig-storage-snapshot-controller:v8.2.0
-  - name: registry.rancher.com/rancher/neuvector-compliance-config:1.0.4
-  - name: registry.rancher.com/rancher/neuvector-controller:5.4.3
-  - name: registry.rancher.com/rancher/neuvector-enforcer:5.4.3
-  - name: registry.rancher.com/rancher/nginx-ingress-controller:v1.12.1-hardened6
-  - name: registry.rancher.com/rancher/rke2-cloud-provider:v1.32.0-rc3.0.20241220224140-68fbd1a6b543-build20250101
-  - name: %%IMG_REPO%%/%%IMG_PREFIX%%baremetal-operator:0.9.1.1
-  - name: %%IMG_REPO%%/%%IMG_PREFIX%%endpoint-copier-operator:0.3.0
-  - name: %%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.8
-  - name: %%IMG_REPO%%/%%IMG_PREFIX%%ironic:26.1.2.5
-  - name: %%IMG_REPO%%/%%IMG_PREFIX%%metallb-controller:v0.14.9
-  - name: %%IMG_REPO%%/%%IMG_PREFIX%%metallb-speaker:v0.14.9
-  - name: %%IMG_REPO%%/%%IMG_PREFIX%%upgrade-controller:0.1.1
-  - name: registry.rancher.com/rancher/cluster-api-operator:v0.17.0
-  - name: registry.rancher.com/rancher/fleet-agent:v0.12.3
-  - name: registry.rancher.com/rancher/fleet:v0.12.3
-  - name: registry.rancher.com/rancher/hardened-node-feature-discovery:v0.15.7-build20250425
-  - name: registry.rancher.com/rancher/rancher-webhook:v0.7.2
-  - name: registry.rancher.com/rancher/rancher/turtles:v0.20.0
-  - name: registry.rancher.com/rancher/rancher:v2.11.2
-  - name: registry.rancher.com/rancher/shell:v0.4.1
-  - name: registry.rancher.com/rancher/system-upgrade-controller:v0.15.2
-  - name: registry.suse.com/rancher/cluster-api-addon-provider-fleet:v0.10.0
-  - name: registry.suse.com/rancher/cluster-api-controller:v1.9.5
-  - name: registry.suse.com/rancher/cluster-api-provider-metal3:v1.9.3
-  - name: registry.suse.com/rancher/cluster-api-provider-rke2-bootstrap:v0.16.1
-  - name: registry.suse.com/rancher/cluster-api-provider-rke2-controlplane:v0.16.1
-  - name: registry.suse.com/rancher/elemental-operator:1.6.8
-  - name: registry.suse.com/rancher/hardened-sriov-network-operator:v1.5.0-build20250425
-  - name: registry.suse.com/rancher/ip-address-manager:v1.9.4
-  - name: registry.suse.com/suse/sles/15.6/cdi-apiserver:1.61.0-150600.3.12.1
-  - name: registry.suse.com/suse/sles/15.6/cdi-controller:1.61.0-150600.3.12.1
-  - name: registry.suse.com/suse/sles/15.6/cdi-operator:1.61.0-150600.3.12.1
-  - name: registry.suse.com/suse/sles/15.6/cdi-uploadproxy:1.61.0-150600.3.12.1
-  - name: registry.suse.com/suse/sles/15.6/virt-api:1.4.0-150600.5.15.1
-  - name: registry.suse.com/suse/sles/15.6/virt-controller:1.4.0-150600.5.15.1
-  - name: registry.suse.com/suse/sles/15.6/virt-handler:1.4.0-150600.5.15.1
-  - name: registry.suse.com/suse/sles/15.6/virt-launcher:1.4.0-150600.5.15.1
-  - name: registry.suse.com/suse/sles/15.6/virt-operator:1.4.0-150600.5.15.1

release-manifest-image/release_manifest.yaml

@@ -7,89 +7,89 @@ spec:
   components:
     kubernetes:
       k3s:
-        version: v1.33.3+k3s1
+        version: v1.32.4+k3s1
         coreComponents:
-          - name: traefik-crd
+        - name: traefik-crd
-            version: 34.2.1+up34.2.0
+          version: 34.2.1+up34.2.0
-            type: HelmChart
+          type: HelmChart
-          - name: traefik
+        - name: traefik
-            version: 34.2.1+up34.2.0
+          version: 34.2.1+up34.2.0
-            type: HelmChart
+          type: HelmChart
+        - name: local-path-provisioner
+          containers:
           - name: local-path-provisioner
-            containers:
+            image: rancher/local-path-provisioner:v0.0.31
-              - name: local-path-provisioner
+          type: Deployment
-                image: rancher/local-path-provisioner:v0.0.31
+        - name: coredns
-            type: Deployment
+          containers:
           - name: coredns
-            containers:
+            image: rancher/mirrored-coredns-coredns:1.12.1
-              - name: coredns
+          type: Deployment
-                image: rancher/mirrored-coredns-coredns:1.12.1
+        - name: metrics-server
-            type: Deployment
+          containers:
           - name: metrics-server
-            containers:
+            image: rancher/mirrored-metrics-server:v0.7.2
-              - name: metrics-server
+          type: Deployment
-                image: rancher/mirrored-metrics-server:v0.7.2
-            type: Deployment
       rke2:
-        version: v1.33.3+rke2r1
+        version: v1.32.4+rke2r1
         coreComponents:
-          - name: rke2-cilium
+        - name: rke2-cilium
-            version: 1.17.600
+          version: 1.17.300
-            type: HelmChart
+          type: HelmChart
-          - name: rke2-canal
+        - name: rke2-canal
-            version: v3.30.2-build2025071100
+          version: v3.29.3-build2025040801
-            type: HelmChart
+          type: HelmChart
-          - name: rke2-calico-crd
+        - name: rke2-calico-crd
-            version: v3.30.100
+          version: v3.29.101
-            type: HelmChart
+          type: HelmChart
-          - name: rke2-calico
+        - name: rke2-calico
-            version: v3.30.100
+          version: v3.29.300
-            type: HelmChart
+          type: HelmChart
-          - name: rke2-coredns
+        - name: rke2-coredns
-            version: 1.42.302
+          version: 1.39.201
-            type: HelmChart
+          type: HelmChart
-          - name: rke2-ingress-nginx
+        - name: rke2-ingress-nginx
-            version: 4.12.401
+          version: 4.12.101
-            type: HelmChart
+          type: HelmChart
-          - name: rke2-metrics-server
+        - name: rke2-metrics-server
-            version: 3.12.203
+          version: 3.12.200
-            type: HelmChart
+          type: HelmChart
-          - name: rancher-vsphere-csi
+        - name: rancher-vsphere-csi
-            version: 3.3.1-rancher1000
+          version: 3.3.1-rancher900
-            type: HelmChart
+          type: HelmChart
-          - name: rancher-vsphere-cpi
+        - name: rancher-vsphere-cpi
-            version: 1.11.000
+          version: 1.10.000
-            type: HelmChart
+          type: HelmChart
-          - name: harvester-cloud-provider
+        - name: harvester-cloud-provider
-            version: 0.2.1000
+          version: 0.2.900
-            type: HelmChart
+          type: HelmChart
-          - name: harvester-csi-driver
+        - name: harvester-csi-driver
-            version: 0.1.2400
+          version: 0.1.2300
-            type: HelmChart
+          type: HelmChart
-          - name: rke2-snapshot-controller-crd
+        - name: rke2-snapshot-controller-crd
-            version: 4.0.003
+          version: 4.0.002
-            type: HelmChart
+          type: HelmChart
-          - name: rke2-snapshot-controller
+        - name: rke2-snapshot-controller
-            version: 4.0.003
+          version: 4.0.002
-            type: HelmChart
+          type: HelmChart
-          # Deprecated this empty chart addon can be removed in v1.34
+        # Deprecated this empty chart addon can be removed in v1.34
-          - name: rke2-snapshot-validation-webhook
+        - name: rke2-snapshot-validation-webhook
-            version: 0.0.0
+          version: 0.0.0
-            type: HelmChart
+          type: HelmChart
     operatingSystem:
-      version: '6.1'
+      version: "6.1"
-      zypperID: SL-Micro
+      zypperID: "SL-Micro"
-      cpeScheme: cpe:/o:suse:sl-micro:6.1
+      cpeScheme: "cpe:/o:suse:sl-micro:6.1"
-      prettyName: SUSE Linux Micro 6.1
+      prettyName: "SUSE Linux Micro 6.1"
       supportedArchs:
-        - x86_64
+        - "x86_64"
-        - aarch64
+        - "aarch64"
     workloads:
       helm:
         - prettyName: Rancher
           releaseName: rancher
           chart: rancher
-          version: 2.12.1
+          version: 2.11.2
           repository: https://charts.rancher.com/server-charts/prime
           values:
             postDelete:
@@ -97,38 +97,38 @@ spec:
         - prettyName: Longhorn
           releaseName: longhorn
           chart: longhorn
-          version: 107.0.0+up1.9.1
+          version: 106.2.0+up1.8.1
           repository: https://charts.rancher.io
           dependencyCharts:
             - releaseName: longhorn-crd
               chart: longhorn-crd
-              version: 107.0.0+up1.9.1
+              version: 106.2.0+up1.8.1
               repository: https://charts.rancher.io
         - prettyName: MetalLB
           releaseName: metallb
-          chart: '%%CHART_REPO%%/%%CHART_PREFIX%%metallb'
+          chart: "%%CHART_REPO%%/%%CHART_PREFIX%%metallb"
-          version: '%%CHART_MAJOR%%.0.0+up0.14.9'
+          version: "%%CHART_MAJOR%%.0.0+up0.14.9"
         - prettyName: CDI
           releaseName: cdi
-          chart: '%%CHART_REPO%%/%%CHART_PREFIX%%cdi'
+          chart: "%%CHART_REPO%%/%%CHART_PREFIX%%cdi"
-          version: '%%CHART_MAJOR%%.0.1+up0.6.0'
+          version: "%%CHART_MAJOR%%.0.0+up0.5.0"
         - prettyName: KubeVirt
           releaseName: kubevirt
-          chart: '%%CHART_REPO%%/%%CHART_PREFIX%%kubevirt'
+          chart: "%%CHART_REPO%%/%%CHART_PREFIX%%kubevirt"
-          version: '%%CHART_MAJOR%%.0.1+up0.6.0'
+          version: "%%CHART_MAJOR%%.0.0+up0.5.0"
           addonCharts:
             - releaseName: kubevirt-dashboard-extension
-              chart: '%%CHART_REPO%%/%%CHART_PREFIX%%kubevirt-dashboard-extension'
+              chart: "%%CHART_REPO%%/%%CHART_PREFIX%%kubevirt-dashboard-extension"
-              version: '%%CHART_MAJOR%%.0.2+up1.3.2'
+              version: "%%CHART_MAJOR%%.0.2+up1.3.2"
         - prettyName: NeuVector
           releaseName: neuvector
           chart: neuvector
-          version: 107.0.0+up2.8.7
+          version: 106.0.1+up2.8.6
           repository: https://charts.rancher.io
           dependencyCharts:
             - releaseName: neuvector-crd
               chart: neuvector-crd
-              version: 107.0.0+up2.8.7
+              version: 106.0.1+up2.8.6
               repository: https://charts.rancher.io
           addonCharts:
             - releaseName: neuvector-ui-ext
@@ -137,16 +137,16 @@ spec:
               version: 2.1.3
         - prettyName: EndpointCopierOperator
           releaseName: endpoint-copier-operator
-          chart: '%%CHART_REPO%%/%%CHART_PREFIX%%endpoint-copier-operator'
+          chart: "%%CHART_REPO%%/%%CHART_PREFIX%%endpoint-copier-operator"
-          version: '%%CHART_MAJOR%%.0.1+up0.3.0'
+          version: "%%CHART_MAJOR%%.0.1+up0.3.0"
         - prettyName: Elemental
           releaseName: elemental-operator
           chart: oci://registry.suse.com/rancher/elemental-operator-chart
-          version: 1.7.3
+          version: 1.6.8
           dependencyCharts:
             - releaseName: elemental-operator-crds
               chart: oci://registry.suse.com/rancher/elemental-operator-crds-chart
-              version: 1.7.3
+              version: 1.6.8
           addonCharts:
             - releaseName: elemental
               chart: elemental
@@ -154,29 +154,25 @@ spec:
               version: 3.0.0
         - prettyName: SRIOV
           releaseName: sriov-network-operator
-          chart: '%%CHART_REPO%%/%%CHART_PREFIX%%sriov-network-operator'
+          chart: "%%CHART_REPO%%/%%CHART_PREFIX%%sriov-network-operator"
-          version: '%%CHART_MAJOR%%.0.2+up1.5.0'
+          version: "%%CHART_MAJOR%%.0.2+up1.5.0"
           dependencyCharts:
             - releaseName: sriov-crd
-              chart: '%%CHART_REPO%%/%%CHART_PREFIX%%sriov-crd'
+              chart: "%%CHART_REPO%%/%%CHART_PREFIX%%sriov-crd"
-              version: '%%CHART_MAJOR%%.0.2+up1.5.0'
+              version: "%%CHART_MAJOR%%.0.2+up1.5.0"
         - prettyName: Akri
           releaseName: akri
-          chart: '%%CHART_REPO%%/%%CHART_PREFIX%%akri'
+          chart: "%%CHART_REPO%%/%%CHART_PREFIX%%akri"
-          version: '%%CHART_MAJOR%%.0.0+up0.12.20'
+          version: "%%CHART_MAJOR%%.0.0+up0.12.20"
           addonCharts:
             - releaseName: akri-dashboard-extension
-              chart: '%%CHART_REPO%%/%%CHART_PREFIX%%akri-dashboard-extension'
+              chart: "%%CHART_REPO%%/%%CHART_PREFIX%%akri-dashboard-extension"
-              version: '%%CHART_MAJOR%%.0.2+up1.3.1'
+              version: "%%CHART_MAJOR%%.0.2+up1.3.1"
         - prettyName: Metal3
           releaseName: metal3
-          chart: '%%CHART_REPO%%/%%CHART_PREFIX%%metal3'
+          chart: "%%CHART_REPO%%/%%CHART_PREFIX%%metal3"
-          version: '%%CHART_MAJOR%%.0.13+up0.12.3'
+          version: "%%CHART_MAJOR%%.0.9+up0.11.7"
         - prettyName: RancherTurtles
           releaseName: rancher-turtles
-          chart: '%%CHART_REPO%%/%%CHART_PREFIX%%rancher-turtles'
+          chart: "%%CHART_REPO%%/%%CHART_PREFIX%%rancher-turtles"
-          version: '%%CHART_MAJOR%%.0.5+up0.21.0'
+          version: "%%CHART_MAJOR%%.0.4+up0.20.0"
-        - prettyName: RancherTurtlesAirgapResources
-          releaseName: rancher-turtles-airgap-resources
-          chart: '%%CHART_REPO%%/%%CHART_PREFIX%%rancher-turtles-airgap-resources'
-          version: '%%CHART_MAJOR%%.0.5+up0.21.0'

upgrade-controller-chart/values.yaml

@@ -15,7 +15,7 @@ env:
     image: %%MANIFEST_REPO%%/%%IMG_PREFIX%%release-manifest
   kubectl:
     image: %%IMG_REPO%%/%%IMG_PREFIX%%kubectl
-    version: 1.33.4
+    version: 1.32.4
 
 imagePullSecrets: []
 nameOverride: ""

upgrade-controller-image/Dockerfile

@@ -1,6 +1,7 @@
 # SPDX-License-Identifier: Apache-2.0
 #!BuildTag: %%IMG_PREFIX%%upgrade-controller:0.1.1
 #!BuildTag: %%IMG_PREFIX%%upgrade-controller:0.1.1-%RELEASE%
+#!BuildVersion: 15.6
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro