Bump versions

Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>

ironic-image/Dockerfile

@@ -20,11 +20,11 @@ RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes
 
 #!ArchExclusiveLine: x86_64
 RUN if [ "$(uname -m)" = "x86_64" ];then \
-      zypper --installroot /installroot --non-interactive install --no-recommends syslinux python311-devel python311 python311-pip python-dracclient python311-sushy-oem-idrac python311-proliantutils python311-sushy python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi inotify-tools ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic openstack-ironic-inspector-api; \
+      zypper --installroot /installroot --non-interactive install --no-recommends syslinux python311-devel python311 python311-pip python-dracclient python311-sushy-oem-idrac python311-proliantutils python311-sushy python311-pyinotify python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic openstack-ironic-inspector-api; \
     fi
 #!ArchExclusiveLine: aarch64
 RUN if [ "$(uname -m)" = "aarch64" ];then \
-      zypper --installroot /installroot --non-interactive install --no-recommends python311-devel python311 python311-pip python-dracclient python311-sushy-oem-idrac python311-proliantutils python311-sushy python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi inotify-tools ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic openstack-ironic-inspector-api; \
+      zypper --installroot /installroot --non-interactive install --no-recommends python311-devel python311 python311-pip python-dracclient python311-sushy-oem-idrac python311-proliantutils python311-sushy python311-pyinotify python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic openstack-ironic-inspector-api; \
     fi
     
 # DATABASE
@@ -32,7 +32,9 @@ RUN mkdir -p /installroot/var/lib/ironic && \
   /installroot/usr/bin/sqlite3 /installroot/var/lib/ironic/ironic.sqlite "pragma journal_mode=wal" && \
   zypper --installroot /installroot --non-interactive remove sqlite3
 
+# build actual image
 FROM micro AS final
+
 MAINTAINER SUSE LLC (https://www.suse.com/)
 # Define labels according to https://en.opensuse.org/Building_derived_containers
 LABEL org.opencontainers.image.title="SLE Openstack Ironic Container Image"
@@ -62,14 +64,15 @@ RUN echo 'alias mkisofs="xorriso -as mkisofs"' >> ~/.bashrc
 COPY mkisofs_wrapper /usr/bin/mkisofs
 RUN set -euo pipefail; chmod +x /usr/bin/mkisofs
 
-COPY auth-common.sh configure-ironic.sh ironic-common.sh rundnsmasq runhttpd runironic runlogwatch.sh tls-common.sh configure-nonroot.sh ironic-probe.j2 /bin/
-RUN set -euo pipefail; chmod +x /bin/auth-common.sh; chmod +x /bin/configure-ironic.sh; chmod +x /bin/ironic-common.sh; chmod +x /bin/rundnsmasq; chmod +x /bin/runhttpd; chmod +x /bin/runironic; chmod +x /bin/runlogwatch.sh; chmod +x /bin/tls-common.sh; chmod +x /bin/configure-nonroot.sh;
 RUN mkdir -p /tftpboot
 RUN mkdir -p $GRUB_DIR
 
-# No need to support the Legacy BIOS boot
-#RUN cp /usr/share/syslinux/pxelinux.0 /tftpboot
-#RUN cp /usr/share/syslinux/chain.c32 /tftpboot/
+COPY scripts/ /bin/
+COPY configure-nonroot.sh /bin/
+RUN set -euo pipefail; chmod +x /bin/configure-ironic.sh /bin/rundnsmasq /bin/runhttpd /bin/runironic /bin/runlogwatch.sh /bin/configure-nonroot.sh
+
+COPY ironic-config/inspector.ipxe.j2 ironic-config/httpd-ironic-api.conf.j2 \
+     ironic-config/ipxe_config.template /tmp/
 
 # IRONIC #
 RUN cp /usr/share/ipxe/undionly.kpxe /tftpboot/undionly.kpxe
@@ -77,31 +80,29 @@ RUN cp /usr/share/ipxe/undionly.kpxe /tftpboot/undionly.kpxe
 RUN if [ "$(uname -m)" = "x86_64" ];then \
       cp /usr/share/ipxe/ipxe-x86_64.efi /tftpboot/ipxe.efi ;\
     fi
-#!ArchExclusiveLine: x86_64
+#!ArchExclusiveLine: aarch64 
 RUN if [ "$(uname -m)" = "aarch64" ]; then\ 
-     cp /usr/share/ipxe/snp-arm64.efi /tftpboot/ipxe.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp-arm64.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp.efi ;\
+      cp /usr/share/ipxe/snp-arm64.efi /tftpboot/ipxe.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp-arm64.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp.efi ;\
     fi
     
 COPY --from=base /tmp/esp-x86_64.img /tmp/uefi_esp-x86_64.img
 COPY --from=base /tmp/esp-aarch64.img /tmp/uefi_esp-arm64.img
 
-COPY ironic.conf.j2 /etc/ironic/
-COPY inspector.ipxe.j2 httpd-ironic-api.conf.j2 ipxe_config.template /tmp/
-COPY network-data-schema-empty.json /etc/ironic/
+COPY ironic-config/ironic.conf.j2 /etc/ironic/
+COPY ironic-config/network-data-schema-empty.json /etc/ironic/
 
 # DNSMASQ
-COPY dnsmasq.conf.j2 /etc/
-
-# Custom httpd config, removes all but the bare minimum needed modules
-COPY httpd.conf.j2 /etc/httpd/conf/
-COPY httpd-modules.conf /etc/httpd/conf.modules.d/
-COPY apache2-vmedia.conf.j2 /etc/httpd-vmedia.conf.j2
-COPY apache2-ipxe.conf.j2 /etc/httpd-ipxe.conf.j2
+COPY ironic-config/dnsmasq.conf.j2 /etc/
 
 # Workaround
 # Removing the 010-ironic.conf file that comes with the package 
 RUN rm /etc/ironic/ironic.conf.d/010-ironic.conf
 
+# Custom httpd config, removes all but the bare minimum needed modules
+COPY ironic-config/httpd.conf.j2 /etc/httpd/conf/
+COPY ironic-config/httpd-modules.conf /etc/httpd/conf.modules.d/
+COPY ironic-config/apache2-vmedia.conf.j2 /etc/httpd-vmedia.conf.j2
+COPY ironic-config/apache2-ipxe.conf.j2 /etc/httpd-ipxe.conf.j2
+
 # configure non-root user and set relevant permissions
-RUN configure-nonroot.sh && \
-  rm -f /bin/configure-nonroot.sh
+RUN configure-nonroot.sh && rm -f /bin/configure-nonroot.sh

ironic-image/ironic-config/ironic.conf.j2

@@ -187,11 +187,6 @@ insecure = {{ env.IRONIC_INSECURE }}
 [nova]
 send_power_notifications = false
 
-[oslo_messaging_notifications]
-driver = prometheus_exporter
-location = /shared/ironic_prometheus_exporter
-transport_url = fake://
-
 [pxe]
 # NOTE(dtantsur): keep this value at least 3x lower than
 # [conductor]deploy_callback_timeout so that at least some retries happen.

ironic-image/runironic-exporter

@@ -1,12 +0,0 @@
-#!/usr/bin/bash
-
-# shellcheck disable=SC1091
-. /bin/configure-ironic.sh
-
-FLASK_RUN_HOST=${FLASK_RUN_HOST:-0.0.0.0}
-FLASK_RUN_PORT=${FLASK_RUN_PORT:-9608}
-
-export IRONIC_CONFIG="/etc/ironic/ironic.conf"
-
-exec gunicorn -b "${FLASK_RUN_HOST}:${FLASK_RUN_PORT}" -w 4 \
-    ironic_prometheus_exporter.app.wsgi:application

ironic-image/scripts/configure-ironic.sh

@@ -84,7 +84,6 @@ echo 'Options set from Environment variables'
 env | grep "^OS_" || true
 
 mkdir -p /shared/html
-mkdir -p /shared/ironic_prometheus_exporter
 
 configure_json_rpc_auth
 

ironic-image/scripts/runhttpd

@@ -72,7 +72,7 @@ fi
 # Set up inotify to kill the container (restart) whenever cert files for ironic api change
 if [[ "$IRONIC_TLS_SETUP" == "true" ]] && [[ "${RESTART_CONTAINER_CERTIFICATE_UPDATED}" == "true" ]]; then
     # shellcheck disable=SC2034
-    inotifywait -m -e delete_self "${IRONIC_CERT_FILE}" | while read -r file event; do
+    python3.11 -m pyinotify --raw-format -e IN_DELETE_SELF -v "${IRONIC_CERT_FILE}" | while read -r file event; do
         kill -WINCH $(pgrep httpd)
     done &
 fi
@@ -80,7 +80,7 @@ fi
 # Set up inotify to kill the container (restart) whenever cert of httpd for /shared/html/<redifsh;ilo> path change
 if [[ "$IRONIC_VMEDIA_TLS_SETUP" == "true" ]] && [[ "${RESTART_CONTAINER_CERTIFICATE_UPDATED}" == "true" ]]; then
     # shellcheck disable=SC2034
-    inotifywait -m -e delete_self "${IRONIC_VMEDIA_CERT_FILE}" | while read -r file event; do
+    python3.11 -m pyinotify --raw-format -e IN_DELETE_SELF -v "${IRONIC_VMEDIA_CERT_FILE}" | while read -r file event; do
         kill -WINCH $(pgrep httpd)
     done &
 fi

ironic-image/scripts/runironic

@@ -13,7 +13,7 @@ run_ironic_dbsync
 
 if [[ "$IRONIC_TLS_SETUP" == "true" ]] && [[ "${RESTART_CONTAINER_CERTIFICATE_UPDATED}" == "true" ]]; then
     # shellcheck disable=SC2034
-    inotifywait -m -e delete_self "${IRONIC_CERT_FILE}" | while read -r file event; do
+    python3.11 -m pyinotify --raw-format -e IN_DELETE_SELF -v "${IRONIC_CERT_FILE}" | while read -r file event; do
         kill $(pgrep ironic)
     done &
 fi

ironic-image/scripts/runlogwatch.sh

@@ -11,7 +11,7 @@ while [ ! -d "${LOG_DIR}" ]; do
   sleep 5
 done
 
-inotifywait -m "${LOG_DIR}" -e close_write |
+python3.11 -m pyinotify --raw-format -e IN_CLOSE_WRITE -v "${LOG_DIR}" |
     while read -r path _action file; do
         echo "************ Contents of ${path}/${file} ramdisk log file bundle **************"
         tar -xOzvvf "${path}/${file}" | sed -e "s/^/${file}: /"

ironic-ipa-downloader-image/Dockerfile

@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.7
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.7-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.8
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.8-%RELEASE%
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 
@@ -33,8 +33,6 @@ LABEL com.suse.release-stage="released"
 
 COPY --from=base /installroot /
 RUN cp /getopt /usr/bin/
-RUN cp /srv/tftpboot/openstack-ironic-image/initrd*.zst /tmp
-RUN cp /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel /tmp
 RUN sha256sum /srv/tftpboot/openstack-ironic-image/initrd*.zst /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel > /tmp/images.sha256
 # configure non-root user
 COPY configure-nonroot.sh /bin/

ironic-ipa-downloader-image/Dockerfile.aarch64

@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.7
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.7-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.8
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.8-%RELEASE%
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 
@@ -33,8 +33,6 @@ LABEL com.suse.release-stage="released"
 
 COPY --from=base /installroot /
 RUN cp /getopt /usr/bin/
-RUN cp /srv/tftpboot/openstack-ironic-image/initrd*.zst /tmp
-RUN cp /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel /tmp
 RUN sha256sum /srv/tftpboot/openstack-ironic-image/initrd*.zst /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel > /tmp/images.sha256
 # configure non-root user
 COPY configure-nonroot.sh /bin/

ironic-ipa-downloader-image/Dockerfile.x86_64

@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.7
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.7-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.8
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.8-%RELEASE%
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 
@@ -33,8 +33,6 @@ LABEL com.suse.release-stage="released"
 
 COPY --from=base /installroot /
 RUN cp /getopt /usr/bin/
-RUN cp /srv/tftpboot/openstack-ironic-image/initrd*.zst /tmp
-RUN cp /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel /tmp
 RUN sha256sum /srv/tftpboot/openstack-ironic-image/initrd*.zst /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel > /tmp/images.sha256
 # configure non-root user
 COPY configure-nonroot.sh /bin/

ironic-ipa-downloader-image/get-resource.sh

@@ -6,6 +6,8 @@ export http_proxy=${http_proxy:-$HTTP_PROXY}
 export https_proxy=${https_proxy:-$HTTPS_PROXY}
 export no_proxy=${no_proxy:-$NO_PROXY}
 
+IMAGES_BASE_PATH="/srv/tftpboot/openstack-ironic-image"
+
 if [ -d "/tmp/ironic-certificates" ]; then
   sha256sum /tmp/ironic-certificates/* > /tmp/certificates.sha256
   if cmp "/shared/certificates.sha256" "/tmp/certificates.sha256"; then
@@ -27,13 +29,13 @@ if [ -z "${IPA_BASEURI}" ]; then
   # SLES BASED IPA - ironic-ipa-ramdisk-x86_64 and ironic-ipa-ramdisk-aarch64 packages
   mkdir -p /shared/html/images
   if [ -f /tmp/initrd-x86_64.zst ]; then
-    cp /tmp/initrd-x86_64.zst /shared/html/images/ironic-python-agent-x86_64.initramfs
-    cp /tmp/openstack-ironic-image.x86_64*.kernel /shared/html/images/ironic-python-agent-x86_64.kernel
+    cp ${IMAGES_BASE_PATH}/initrd-x86_64.zst /shared/html/images/ironic-python-agent-x86_64.initramfs
+    cp ${IMAGES_BASE_PATH}/openstack-ironic-image.x86_64*.kernel /shared/html/images/ironic-python-agent-x86_64.kernel
   fi
   # Use arm64 as destination for iPXE compatibility
   if [ -f /tmp/initrd-aarch64.zst ]; then
-    cp /tmp/initrd-aarch64.zst /shared/html/images/ironic-python-agent-arm64.initramfs
-    cp /tmp/openstack-ironic-image.aarch64*.kernel /shared/html/images/ironic-python-agent-arm64.kernel
+    cp ${IMAGES_BASE_PATH}/initrd-aarch64.zst /shared/html/images/ironic-python-agent-arm64.initramfs
+    cp ${IMAGES_BASE_PATH}/openstack-ironic-image.aarch64*.kernel /shared/html/images/ironic-python-agent-arm64.kernel
   fi
 
   cp /tmp/images.sha256 /shared/images.sha256

metal3-chart/charts/ironic/values.yaml

@@ -60,7 +60,7 @@ images:
   ironicIPADownloader:
     repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic-ipa-downloader
     pullPolicy: IfNotPresent
-    tag: 3.0.7
+    tag: 3.0.8
 
 nameOverride: ""
 fullnameOverride: ""