forked from suse-edge/Factory
Compare commits
16 Commits
document-b
...
turtles_01
| Author | SHA256 | Date | |
|---|---|---|---|
f38d3486d1
|
|||
|
8209fa1064
|
|||
|
6bd4999fe8
|
|||
|
784cd801cd
|
|||
|
fc9325ccf9
|
|||
| 5d2b779c68 | |||
| 2151ada687 | |||
| 8247b33a98 | |||
| 9d927c2af8 | |||
|
ff0e5f2b33
|
|||
| cf76ed917b | |||
|
eee07009bb
|
|||
|
a52af83ddd
|
|||
| 1492cfce52 | |||
| f3728884d9 | |||
| 8549134ddf |
@@ -21,7 +21,7 @@ def delete_package_from_workflow(name: str):
|
||||
|
||||
|
||||
def delete_package_from_project(name: str):
|
||||
p = subprocess.run(["osc", "rdelete", PROJECT, name], stdout=subprocess.PIPE)
|
||||
p = subprocess.run(["osc", "rdelete", PROJECT, name, "-m \"Deleted via delete_package.py\"" ], stdout=subprocess.PIPE)
|
||||
print(p.stdout)
|
||||
print(p.stderr)
|
||||
p.check_returncode()
|
||||
|
||||
@@ -198,10 +198,6 @@ staging_build:
|
||||
source_package: cri-tools
|
||||
source_project: isv:SUSE:Edge:Factory
|
||||
target_project: isv:SUSE:Edge:Factory:Staging
|
||||
- branch_package:
|
||||
source_package: openstack-ironic-image
|
||||
source_project: isv:SUSE:Edge:Factory
|
||||
target_project: isv:SUSE:Edge:Factory:Staging
|
||||
- branch_package:
|
||||
source_package: crudini
|
||||
source_project: isv:SUSE:Edge:Factory
|
||||
@@ -226,3 +222,11 @@ staging_build:
|
||||
source_package: rancher-turtles-chart
|
||||
source_project: isv:SUSE:Edge:Factory
|
||||
target_project: isv:SUSE:Edge:Factory:Staging
|
||||
- branch_package:
|
||||
source_package: kube-rbac-proxy-image
|
||||
source_project: isv:SUSE:Edge:Factory
|
||||
target_project: isv:SUSE:Edge:Factory:Staging
|
||||
- branch_package:
|
||||
source_package: ironic-ipa-ramdisk
|
||||
source_project: isv:SUSE:Edge:Factory
|
||||
target_project: isv:SUSE:Edge:Factory:Staging
|
||||
|
||||
@@ -20,7 +20,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
|
||||
LABEL org.opencontainers.image.vendor="SUSE LLC"
|
||||
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%akri-agent:v%PACKAGE_VERSION%-%RELEASE%"
|
||||
LABEL org.openbuildservice.disturl="%DISTURL%"
|
||||
LABEL com.suse.supportlevel="techpreview"
|
||||
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
|
||||
LABEL com.suse.eula="SUSE Combined EULA February 2024"
|
||||
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
|
||||
LABEL com.suse.image-type="application"
|
||||
|
||||
@@ -13,5 +13,7 @@
|
||||
<param name="var">IMG_PREFIX</param>
|
||||
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
|
||||
<param name="var">IMG_REPO</param>
|
||||
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
|
||||
<param name="var">SUPPORT_LEVEL</param>
|
||||
</service>
|
||||
</services>
|
||||
|
||||
@@ -20,7 +20,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
|
||||
LABEL org.opencontainers.image.vendor="SUSE LLC"
|
||||
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%akri-controller:v%PACKAGE_VERSION%-%RELEASE%"
|
||||
LABEL org.openbuildservice.disturl="%DISTURL%"
|
||||
LABEL com.suse.supportlevel="techpreview"
|
||||
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
|
||||
LABEL com.suse.eula="SUSE Combined EULA February 2024"
|
||||
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
|
||||
LABEL com.suse.image-type="application"
|
||||
|
||||
@@ -13,5 +13,7 @@
|
||||
<param name="var">IMG_PREFIX</param>
|
||||
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
|
||||
<param name="var">IMG_REPO</param>
|
||||
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
|
||||
<param name="var">SUPPORT_LEVEL</param>
|
||||
</service>
|
||||
</services>
|
||||
|
||||
@@ -20,7 +20,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
|
||||
LABEL org.opencontainers.image.vendor="SUSE LLC"
|
||||
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%akri-debug-echo-discovery-handler:v%PACKAGE_VERSION%-%RELEASE%"
|
||||
LABEL org.openbuildservice.disturl="%DISTURL%"
|
||||
LABEL com.suse.supportlevel="techpreview"
|
||||
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
|
||||
LABEL com.suse.eula="SUSE Combined EULA February 2024"
|
||||
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
|
||||
LABEL com.suse.image-type="application"
|
||||
|
||||
@@ -13,5 +13,7 @@
|
||||
<param name="var">IMG_PREFIX</param>
|
||||
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
|
||||
<param name="var">IMG_REPO</param>
|
||||
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
|
||||
<param name="var">SUPPORT_LEVEL</param>
|
||||
</service>
|
||||
</services>
|
||||
|
||||
@@ -20,7 +20,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
|
||||
LABEL org.opencontainers.image.vendor="SUSE LLC"
|
||||
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%akri-onvif-discovery-handler:v%PACKAGE_VERSION%-%RELEASE%"
|
||||
LABEL org.openbuildservice.disturl="%DISTURL%"
|
||||
LABEL com.suse.supportlevel="techpreview"
|
||||
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
|
||||
LABEL com.suse.eula="SUSE Combined EULA February 2024"
|
||||
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
|
||||
LABEL com.suse.image-type="application"
|
||||
|
||||
@@ -13,5 +13,7 @@
|
||||
<param name="var">IMG_PREFIX</param>
|
||||
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
|
||||
<param name="var">IMG_REPO</param>
|
||||
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
|
||||
<param name="var">SUPPORT_LEVEL</param>
|
||||
</service>
|
||||
</services>
|
||||
|
||||
@@ -20,7 +20,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
|
||||
LABEL org.opencontainers.image.vendor="SUSE LLC"
|
||||
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%akri-opcua-discovery-handler:v%PACKAGE_VERSION%-%RELEASE%"
|
||||
LABEL org.openbuildservice.disturl="%DISTURL%"
|
||||
LABEL com.suse.supportlevel="techpreview"
|
||||
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
|
||||
LABEL com.suse.eula="SUSE Combined EULA February 2024"
|
||||
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
|
||||
LABEL com.suse.image-type="application"
|
||||
|
||||
@@ -13,5 +13,7 @@
|
||||
<param name="var">IMG_PREFIX</param>
|
||||
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
|
||||
<param name="var">IMG_REPO</param>
|
||||
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
|
||||
<param name="var">SUPPORT_LEVEL</param>
|
||||
</service>
|
||||
</services>
|
||||
|
||||
@@ -20,7 +20,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
|
||||
LABEL org.opencontainers.image.vendor="SUSE LLC"
|
||||
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%akri-udev-discovery-handler:v%PACKAGE_VERSION%-%RELEASE%"
|
||||
LABEL org.openbuildservice.disturl="%DISTURL%"
|
||||
LABEL com.suse.supportlevel="techpreview"
|
||||
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
|
||||
LABEL com.suse.eula="SUSE Combined EULA February 2024"
|
||||
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
|
||||
LABEL com.suse.image-type="application"
|
||||
|
||||
@@ -13,5 +13,7 @@
|
||||
<param name="var">IMG_PREFIX</param>
|
||||
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
|
||||
<param name="var">IMG_REPO</param>
|
||||
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
|
||||
<param name="var">SUPPORT_LEVEL</param>
|
||||
</service>
|
||||
</services>
|
||||
|
||||
@@ -20,7 +20,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
|
||||
LABEL org.opencontainers.image.vendor="SUSE LLC"
|
||||
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%akri-webhook-configuration:v%PACKAGE_VERSION%-%RELEASE%"
|
||||
LABEL org.openbuildservice.disturl="%DISTURL%"
|
||||
LABEL com.suse.supportlevel="techpreview"
|
||||
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
|
||||
LABEL com.suse.eula="SUSE Combined EULA February 2024"
|
||||
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
|
||||
LABEL com.suse.image-type="application"
|
||||
|
||||
@@ -13,5 +13,7 @@
|
||||
<param name="var">IMG_PREFIX</param>
|
||||
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
|
||||
<param name="var">IMG_REPO</param>
|
||||
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
|
||||
<param name="var">SUPPORT_LEVEL</param>
|
||||
</service>
|
||||
</services>
|
||||
|
||||
@@ -21,7 +21,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
|
||||
LABEL org.opencontainers.image.vendor="SUSE LLC"
|
||||
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%-%RELEASE%"
|
||||
LABEL org.openbuildservice.disturl="%DISTURL%"
|
||||
LABEL com.suse.supportlevel="l3"
|
||||
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
|
||||
LABEL com.suse.eula="SUSE Combined EULA February 2024"
|
||||
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
|
||||
LABEL com.suse.image-type="application"
|
||||
|
||||
@@ -13,5 +13,7 @@
|
||||
<param name="var">IMG_PREFIX</param>
|
||||
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
|
||||
<param name="var">IMG_REPO</param>
|
||||
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
|
||||
<param name="var">SUPPORT_LEVEL</param>
|
||||
</service>
|
||||
</services>
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
<service name="obs_scm">
|
||||
<param name="url">https://github.com/metal3-io/baremetal-operator</param>
|
||||
<param name="scm">git</param>
|
||||
<param name="revision">v0.6.1</param>
|
||||
<param name="revision">v0.8.0</param>
|
||||
<param name="version">_auto_</param>
|
||||
<param name="versionformat">@PARENT_TAG@</param>
|
||||
<param name="changesgenerate">enable</param>
|
||||
|
||||
@@ -17,14 +17,14 @@
|
||||
|
||||
|
||||
Name: baremetal-operator
|
||||
Version: 0.6.1
|
||||
Release: 0.6.1
|
||||
Version: 0.8.0
|
||||
Release: 0.8.0
|
||||
Summary: Implements a Kubernetes API for managing bare metal hosts
|
||||
License: Apache-2.0
|
||||
URL: https://github.com/metal3-io/baremetal-operator
|
||||
Source: baremetal-operator-%{version}.tar.gz
|
||||
Source1: vendor.tar.gz
|
||||
BuildRequires: golang(API) = 1.21
|
||||
BuildRequires: golang(API) = 1.22
|
||||
ExcludeArch: s390
|
||||
ExcludeArch: %{ix86}
|
||||
|
||||
|
||||
@@ -22,7 +22,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
|
||||
LABEL org.opencontainers.image.vendor="SUSE LLC"
|
||||
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api:%%cluster-api_version%%-%RELEASE%"
|
||||
LABEL org.openbuildservice.disturl="%DISTURL%"
|
||||
LABEL com.suse.supportlevel="l3"
|
||||
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
|
||||
LABEL com.suse.eula="SUSE Combined EULA February 2024"
|
||||
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
|
||||
LABEL com.suse.image-type="application"
|
||||
|
||||
@@ -13,5 +13,7 @@
|
||||
<param name="var">IMG_PREFIX</param>
|
||||
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
|
||||
<param name="var">IMG_REPO</param>
|
||||
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
|
||||
<param name="var">SUPPORT_LEVEL</param>
|
||||
</service>
|
||||
</services>
|
||||
|
||||
@@ -21,7 +21,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
|
||||
LABEL org.opencontainers.image.vendor="SUSE LLC"
|
||||
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-operator:%%cluster-api-operator_version%%-%RELEASE%"
|
||||
LABEL org.openbuildservice.disturl="%DISTURL%"
|
||||
LABEL com.suse.supportlevel="l3"
|
||||
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
|
||||
LABEL com.suse.eula="SUSE Combined EULA February 2024"
|
||||
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
|
||||
LABEL com.suse.image-type="application"
|
||||
|
||||
@@ -13,5 +13,7 @@
|
||||
<param name="var">IMG_PREFIX</param>
|
||||
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
|
||||
<param name="var">IMG_REPO</param>
|
||||
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
|
||||
<param name="var">SUPPORT_LEVEL</param>
|
||||
</service>
|
||||
</services>
|
||||
|
||||
@@ -22,7 +22,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
|
||||
LABEL org.opencontainers.image.vendor="SUSE LLC"
|
||||
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-provider-metal3:%%cluster-api-provider-metal3_version%%-%RELEASE%"
|
||||
LABEL org.openbuildservice.disturl="%DISTURL%"
|
||||
LABEL com.suse.supportlevel="l3"
|
||||
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
|
||||
LABEL com.suse.eula="SUSE Combined EULA February 2024"
|
||||
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
|
||||
LABEL com.suse.image-type="application"
|
||||
|
||||
@@ -13,5 +13,7 @@
|
||||
<param name="var">IMG_PREFIX</param>
|
||||
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
|
||||
<param name="var">IMG_REPO</param>
|
||||
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
|
||||
<param name="var">SUPPORT_LEVEL</param>
|
||||
</service>
|
||||
</services>
|
||||
|
||||
@@ -22,7 +22,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
|
||||
LABEL org.opencontainers.image.vendor="SUSE LLC"
|
||||
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-provider-rke2-bootstrap:%%cluster-api-provider-rke2_version%%-%RELEASE%"
|
||||
LABEL org.openbuildservice.disturl="%DISTURL%"
|
||||
LABEL com.suse.supportlevel="l3"
|
||||
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
|
||||
LABEL com.suse.eula="SUSE Combined EULA February 2024"
|
||||
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
|
||||
LABEL com.suse.image-type="application"
|
||||
|
||||
@@ -13,5 +13,7 @@
|
||||
<param name="var">IMG_PREFIX</param>
|
||||
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
|
||||
<param name="var">IMG_REPO</param>
|
||||
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
|
||||
<param name="var">SUPPORT_LEVEL</param>
|
||||
</service>
|
||||
</services>
|
||||
|
||||
@@ -22,7 +22,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
|
||||
LABEL org.opencontainers.image.vendor="SUSE LLC"
|
||||
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-provider-rke2-controlplane:%%cluster-api-provider-rke2_version%%-%RELEASE%"
|
||||
LABEL org.openbuildservice.disturl="%DISTURL%"
|
||||
LABEL com.suse.supportlevel="l3"
|
||||
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
|
||||
LABEL com.suse.eula="SUSE Combined EULA February 2024"
|
||||
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
|
||||
LABEL com.suse.image-type="application"
|
||||
|
||||
@@ -13,5 +13,7 @@
|
||||
<param name="var">IMG_PREFIX</param>
|
||||
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
|
||||
<param name="var">IMG_REPO</param>
|
||||
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
|
||||
<param name="var">SUPPORT_LEVEL</param>
|
||||
</service>
|
||||
</services>
|
||||
|
||||
@@ -21,7 +21,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
|
||||
LABEL org.opencontainers.image.vendor="SUSE LLC"
|
||||
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:1.1.0-%RELEASE%"
|
||||
LABEL org.openbuildservice.disturl="%DISTURL%"
|
||||
LABEL com.suse.supportlevel="l3"
|
||||
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
|
||||
LABEL com.suse.eula="SUSE Combined EULA February 2024"
|
||||
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
|
||||
LABEL com.suse.image-type="application"
|
||||
|
||||
@@ -9,6 +9,8 @@
|
||||
<param name="file">artifacts.yaml</param>
|
||||
<param name="eval">CHART_REPO=$(rpm --macros=/root/.rpmmacros -E %chart_repo)</param>
|
||||
<param name="var">CHART_REPO</param>
|
||||
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
|
||||
<param name="var">SUPPORT_LEVEL</param>
|
||||
</service>
|
||||
</services>
|
||||
|
||||
|
||||
@@ -21,7 +21,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
|
||||
LABEL org.opencontainers.image.vendor="SUSE LLC"
|
||||
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%endpoint-copier-operator:%%endpoint-copier-operator_version%%-%RELEASE%"
|
||||
LABEL org.openbuildservice.disturl="%DISTURL%"
|
||||
LABEL com.suse.supportlevel="l3"
|
||||
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
|
||||
LABEL com.suse.eula="SUSE Combined EULA February 2024"
|
||||
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
|
||||
LABEL com.suse.image-type="application"
|
||||
|
||||
@@ -13,5 +13,7 @@
|
||||
<param name="var">IMG_PREFIX</param>
|
||||
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
|
||||
<param name="var">IMG_REPO</param>
|
||||
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
|
||||
<param name="var">SUPPORT_LEVEL</param>
|
||||
</service>
|
||||
</services>
|
||||
@@ -22,7 +22,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
|
||||
LABEL org.opencontainers.image.vendor="SUSE LLC"
|
||||
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ip-address-manager:%%ip-address-manager_version%%-%RELEASE%"
|
||||
LABEL org.openbuildservice.disturl="%DISTURL%"
|
||||
LABEL com.suse.supportlevel="l3"
|
||||
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
|
||||
LABEL com.suse.eula="SUSE Combined EULA February 2024"
|
||||
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
|
||||
LABEL com.suse.image-type="application"
|
||||
|
||||
@@ -13,5 +13,7 @@
|
||||
<param name="var">IMG_PREFIX</param>
|
||||
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
|
||||
<param name="var">IMG_REPO</param>
|
||||
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
|
||||
<param name="var">SUPPORT_LEVEL</param>
|
||||
</service>
|
||||
</services>
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
#!BuildTag: %%IMG_PREFIX%%ironic:24.1.2.0
|
||||
#!BuildTag: %%IMG_PREFIX%%ironic:24.1.2.0-%RELEASE%
|
||||
#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.0
|
||||
#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.0-%RELEASE%
|
||||
#!BuildVersion: 15.6
|
||||
|
||||
ARG SLE_VERSION
|
||||
@@ -16,7 +16,12 @@ RUN /bin/prepare-efi.sh
|
||||
|
||||
COPY --from=micro / /installroot/
|
||||
RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
|
||||
RUN zypper --installroot /installroot --non-interactive install --no-recommends python311-devel python311 python311-pip python-dracclient python311-sushy-oem-idrac python311-proliantutils python311-sushy python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi inotify-tools ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp syslinux ipxe-bootimgs python311-sushy-tools crudini openstack-ironic openstack-ironic-inspector-api
|
||||
RUN zypper --installroot /installroot --non-interactive install --no-recommends python311-devel python311 python311-pip python-dracclient python311-sushy-oem-idrac python311-proliantutils python311-sushy python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 inotify-tools ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp syslinux ipxe-bootimgs crudini openstack-ironic
|
||||
|
||||
# DATABASE
|
||||
RUN mkdir -p /installroot/var/lib/ironic && \
|
||||
/installroot/usr/bin/sqlite3 /installroot/var/lib/ironic/ironic.sqlite "pragma journal_mode=wal" && \
|
||||
zypper --installroot /installroot --non-interactive remove sqlite3
|
||||
|
||||
FROM micro AS final
|
||||
MAINTAINER SUSE LLC (https://www.suse.com/)
|
||||
@@ -26,10 +31,10 @@ LABEL org.opencontainers.image.description="Openstack Ironic based on the SLE Ba
|
||||
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
|
||||
LABEL org.opencontainers.image.created="%BUILDTIME%"
|
||||
LABEL org.opencontainers.image.vendor="SUSE LLC"
|
||||
LABEL org.opencontainers.image.version="24.1.2.0"
|
||||
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:24.1.2.0-%RELEASE%"
|
||||
LABEL org.opencontainers.image.version="26.1.2.0"
|
||||
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:26.1.2.0-%RELEASE%"
|
||||
LABEL org.openbuildservice.disturl="%DISTURL%"
|
||||
LABEL com.suse.supportlevel="l3"
|
||||
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
|
||||
LABEL com.suse.eula="SUSE Combined EULA February 2024"
|
||||
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
|
||||
LABEL com.suse.image-type="application"
|
||||
@@ -48,8 +53,8 @@ RUN echo 'alias mkisofs="xorriso -as mkisofs"' >> ~/.bashrc
|
||||
COPY mkisofs_wrapper /usr/bin/mkisofs
|
||||
RUN set -euo pipefail; chmod +x /usr/bin/mkisofs
|
||||
|
||||
COPY auth-common.sh configure-ironic.sh ironic-common.sh rundnsmasq runhttpd runironic runironic-api runironic-conductor runironic-exporter runironic-inspector runlogwatch.sh tls-common.sh configure-nonroot.sh /bin/
|
||||
RUN set -euo pipefail; chmod +x /bin/auth-common.sh; chmod +x /bin/configure-ironic.sh; chmod +x /bin/ironic-common.sh; chmod +x /bin/rundnsmasq; chmod +x /bin/runhttpd; chmod +x /bin/runironic; chmod +x /bin/runironic-api; chmod +x /bin/runironic-conductor; chmod +x /bin/runironic-exporter; chmod +x /bin/runironic-inspector; chmod +x /bin/runlogwatch.sh; chmod +x /bin/tls-common.sh; chmod +x /bin/configure-nonroot.sh;
|
||||
COPY auth-common.sh configure-ironic.sh ironic-common.sh rundnsmasq runhttpd runironic runlogwatch.sh tls-common.sh configure-nonroot.sh ironic-probe.j2 /bin/
|
||||
RUN set -euo pipefail; chmod +x /bin/auth-common.sh; chmod +x /bin/configure-ironic.sh; chmod +x /bin/ironic-common.sh; chmod +x /bin/rundnsmasq; chmod +x /bin/runhttpd; chmod +x /bin/runironic; chmod +x /bin/runlogwatch.sh; chmod +x /bin/tls-common.sh; chmod +x /bin/configure-nonroot.sh;
|
||||
RUN mkdir -p /tftpboot
|
||||
RUN mkdir -p $GRUB_DIR
|
||||
|
||||
@@ -63,7 +68,7 @@ RUN cp /usr/share/ipxe/ipxe-x86_64.efi /tftpboot/ipxe.efi
|
||||
COPY --from=base /tmp/esp.img /tmp/uefi_esp.img
|
||||
|
||||
COPY ironic.conf.j2 /etc/ironic/
|
||||
COPY inspector.ipxe.j2 httpd-ironic-api.conf.j2 /tmp/
|
||||
COPY inspector.ipxe.j2 httpd-ironic-api.conf.j2 ipxe_config.template /tmp/
|
||||
COPY network-data-schema-empty.json /etc/ironic/
|
||||
|
||||
# DNSMASQ
|
||||
@@ -73,14 +78,7 @@ COPY dnsmasq.conf.j2 /etc/
|
||||
COPY httpd.conf.j2 /etc/httpd/conf/
|
||||
COPY httpd-modules.conf /etc/httpd/conf.modules.d/
|
||||
COPY apache2-vmedia.conf.j2 /etc/httpd-vmedia.conf.j2
|
||||
|
||||
# IRONIC-INSPECTOR #
|
||||
RUN mkdir -p /var/lib/ironic /var/lib/ironic-inspector && \
|
||||
sqlite3 /var/lib/ironic/ironic.db "pragma journal_mode=wal" && \
|
||||
sqlite3 /var/lib/ironic-inspector/ironic-inspector.db "pragma journal_mode=wal"
|
||||
|
||||
COPY ironic-inspector.conf.j2 /etc/ironic-inspector/
|
||||
COPY inspector-apache.conf.j2 /etc/httpd/conf.d/
|
||||
COPY apache2-ipxe.conf.j2 /etc/httpd-ipxe.conf.j2
|
||||
|
||||
# Workaround
|
||||
# Removing the 010-ironic.conf file that comes with the package
|
||||
|
||||
@@ -13,5 +13,7 @@
|
||||
<param name="var">IMG_PREFIX</param>
|
||||
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
|
||||
<param name="var">IMG_REPO</param>
|
||||
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
|
||||
<param name="var">SUPPORT_LEVEL</param>
|
||||
</service>
|
||||
</services>
|
||||
|
||||
35
ironic-image/apache2-ipxe.conf.j2
Normal file
35
ironic-image/apache2-ipxe.conf.j2
Normal file
@@ -0,0 +1,35 @@
|
||||
Listen {{ env.IPXE_TLS_PORT }}
|
||||
|
||||
<VirtualHost *:{{ env.IPXE_TLS_PORT }}>
|
||||
ErrorLog /dev/stderr
|
||||
LogLevel debug
|
||||
CustomLog /dev/stdout combined
|
||||
|
||||
SSLEngine on
|
||||
SSLProtocol {{ env.IPXE_SSL_PROTOCOL }}
|
||||
SSLCertificateFile {{ env.IPXE_CERT_FILE }}
|
||||
SSLCertificateKeyFile {{ env.IPXE_KEY_FILE }}
|
||||
|
||||
<Directory "/shared/html">
|
||||
Order Allow,Deny
|
||||
Allow from all
|
||||
</Directory>
|
||||
<Directory "/shared/html/(redfish|ilo|images)/">
|
||||
Order Deny,Allow
|
||||
Deny from all
|
||||
</Directory>
|
||||
</VirtualHost>
|
||||
|
||||
<Location ~ "^/grub.*/">
|
||||
SSLRequireSSL
|
||||
</Location>
|
||||
<Location ~ "^/pxelinux.cfg/">
|
||||
SSLRequireSSL
|
||||
</Location>
|
||||
<Location ~ "^/.*\.conf/">
|
||||
SSLRequireSSL
|
||||
</Location>
|
||||
<Location ~ "^/(([0-9]|[a-z]).*-){4}([0-9]|[a-z]).*/">
|
||||
SSLRequireSSL
|
||||
</Location>
|
||||
|
||||
@@ -9,16 +9,18 @@ Listen {{ env.VMEDIA_TLS_PORT }}
|
||||
SSLProtocol {{ env.IRONIC_VMEDIA_SSL_PROTOCOL }}
|
||||
SSLCertificateFile {{ env.IRONIC_VMEDIA_CERT_FILE }}
|
||||
SSLCertificateKeyFile {{ env.IRONIC_VMEDIA_KEY_FILE }}
|
||||
|
||||
<Directory "/shared">
|
||||
AllowOverride None
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
<Directory "/shared/html">
|
||||
Options Indexes FollowSymLinks
|
||||
AllowOverride None
|
||||
Require all granted
|
||||
<Directory ~ "/shared/html">
|
||||
Order deny,allow
|
||||
deny from all
|
||||
</Directory>
|
||||
<Directory ~ "/shared/html/(redfish|ilo)/">
|
||||
Order allow,deny
|
||||
allow from all
|
||||
</Directory>
|
||||
<Directory ~ "/shared/html/images/">
|
||||
Order allow,deny
|
||||
allow from all
|
||||
</Directory>
|
||||
</VirtualHost>
|
||||
|
||||
|
||||
@@ -2,36 +2,39 @@
|
||||
|
||||
set -euxo pipefail
|
||||
|
||||
export IRONIC_HTPASSWD=${IRONIC_HTPASSWD:-${HTTP_BASIC_HTPASSWD:-}}
|
||||
export INSPECTOR_HTPASSWD=${INSPECTOR_HTPASSWD:-${HTTP_BASIC_HTPASSWD:-}}
|
||||
export IRONIC_DEPLOYMENT="${IRONIC_DEPLOYMENT:-}"
|
||||
export IRONIC_REVERSE_PROXY_SETUP=${IRONIC_REVERSE_PROXY_SETUP:-false}
|
||||
export INSPECTOR_REVERSE_PROXY_SETUP=${INSPECTOR_REVERSE_PROXY_SETUP:-false}
|
||||
|
||||
# Backward compatibility
|
||||
if [[ "${IRONIC_DEPLOYMENT:-}" == "Conductor" ]]; then
|
||||
export IRONIC_EXPOSE_JSON_RPC=true
|
||||
else
|
||||
export IRONIC_EXPOSE_JSON_RPC="${IRONIC_EXPOSE_JSON_RPC:-false}"
|
||||
fi
|
||||
|
||||
IRONIC_HTPASSWD_FILE=/etc/ironic/htpasswd
|
||||
INSPECTOR_HTPASSWD_FILE=/etc/ironic-inspector/htpasswd
|
||||
if [[ -f "/auth/ironic/htpasswd" ]]; then
|
||||
IRONIC_HTPASSWD=$(</auth/ironic/htpasswd)
|
||||
fi
|
||||
export IRONIC_HTPASSWD=${IRONIC_HTPASSWD:-${HTTP_BASIC_HTPASSWD:-}}
|
||||
|
||||
configure_client_basic_auth()
|
||||
{
|
||||
local auth_config_file="/auth/$1/auth-config"
|
||||
local dest="${2:-/etc/ironic/ironic.conf}"
|
||||
if [[ -f "${auth_config_file}" ]]; then
|
||||
# Merge configurations in the "auth" directory into the default ironic configuration file because there is no way to choose the configuration file
|
||||
# when running the api as a WSGI app.
|
||||
# Merge configurations in the "auth" directory into the default ironic configuration file
|
||||
crudini --merge "${dest}" < "${auth_config_file}"
|
||||
fi
|
||||
}
|
||||
|
||||
configure_json_rpc_auth()
|
||||
{
|
||||
export JSON_RPC_AUTH_STRATEGY="noauth"
|
||||
if [[ -n "${IRONIC_HTPASSWD}" ]]; then
|
||||
if [[ "${IRONIC_DEPLOYMENT}" == "Conductor" ]]; then
|
||||
export JSON_RPC_AUTH_STRATEGY="http_basic"
|
||||
printf "%s\n" "${IRONIC_HTPASSWD}" > "${IRONIC_HTPASSWD_FILE}-rpc"
|
||||
else
|
||||
printf "%s\n" "${IRONIC_HTPASSWD}" > "${IRONIC_HTPASSWD_FILE}"
|
||||
if [[ "${IRONIC_EXPOSE_JSON_RPC}" == "true" ]]; then
|
||||
if [[ -z "${IRONIC_HTPASSWD}" ]]; then
|
||||
echo "FATAL: enabling JSON RPC requires authentication"
|
||||
exit 1
|
||||
fi
|
||||
printf "%s\n" "${IRONIC_HTPASSWD}" > "${IRONIC_HTPASSWD_FILE}-rpc"
|
||||
fi
|
||||
}
|
||||
|
||||
@@ -48,24 +51,9 @@ configure_ironic_auth()
|
||||
fi
|
||||
}
|
||||
|
||||
configure_inspector_auth()
|
||||
{
|
||||
local config=/etc/ironic-inspector/ironic-inspector.conf
|
||||
if [[ -n "${INSPECTOR_HTPASSWD}" ]]; then
|
||||
printf "%s\n" "${INSPECTOR_HTPASSWD}" > "${INSPECTOR_HTPASSWD_FILE}"
|
||||
if [[ "${INSPECTOR_REVERSE_PROXY_SETUP}" == "false" ]]; then
|
||||
crudini --set "${config}" DEFAULT auth_strategy http_basic
|
||||
crudini --set "${config}" DEFAULT http_basic_auth_user_file "${INSPECTOR_HTPASSWD_FILE}"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
write_htpasswd_files()
|
||||
{
|
||||
if [[ -n "${IRONIC_HTPASSWD:-}" ]]; then
|
||||
printf "%s\n" "${IRONIC_HTPASSWD}" > "${IRONIC_HTPASSWD_FILE}"
|
||||
fi
|
||||
if [[ -n "${INSPECTOR_HTPASSWD:-}" ]]; then
|
||||
printf "%s\n" "${INSPECTOR_HTPASSWD}" > "${INSPECTOR_HTPASSWD_FILE}"
|
||||
fi
|
||||
}
|
||||
|
||||
@@ -2,14 +2,13 @@
|
||||
|
||||
set -euxo pipefail
|
||||
|
||||
IRONIC_DEPLOYMENT="${IRONIC_DEPLOYMENT:-}"
|
||||
IRONIC_EXTERNAL_IP="${IRONIC_EXTERNAL_IP:-}"
|
||||
|
||||
# Define the VLAN interfaces to be included in introspection report, e.g.
|
||||
# all - all VLANs on all interfaces using LLDP information
|
||||
# <interface> - all VLANs on a particular interface using LLDP information
|
||||
# <interface.vlan> - a particular VLAN on an interface, not relying on LLDP
|
||||
export IRONIC_INSPECTOR_VLAN_INTERFACES=${IRONIC_INSPECTOR_VLAN_INTERFACES:-all}
|
||||
export IRONIC_ENABLE_VLAN_INTERFACES=${IRONIC_ENABLE_VLAN_INTERFACES:-${IRONIC_INSPECTOR_VLAN_INTERFACES:-all}}
|
||||
|
||||
# shellcheck disable=SC1091
|
||||
. /bin/tls-common.sh
|
||||
@@ -20,13 +19,17 @@ export IRONIC_INSPECTOR_VLAN_INTERFACES=${IRONIC_INSPECTOR_VLAN_INTERFACES:-all}
|
||||
|
||||
export HTTP_PORT=${HTTP_PORT:-80}
|
||||
|
||||
MARIADB_PASSWORD=${MARIADB_PASSWORD}
|
||||
MARIADB_DATABASE=${MARIADB_DATABASE:-ironic}
|
||||
MARIADB_USER=${MARIADB_USER:-ironic}
|
||||
MARIADB_HOST=${MARIADB_HOST:-127.0.0.1}
|
||||
export MARIADB_CONNECTION="mysql+pymysql://${MARIADB_USER}:${MARIADB_PASSWORD}@${MARIADB_HOST}/${MARIADB_DATABASE}?charset=utf8"
|
||||
if [[ "$MARIADB_TLS_ENABLED" == "true" ]]; then
|
||||
export MARIADB_CONNECTION="${MARIADB_CONNECTION}&ssl=on&ssl_ca=${MARIADB_CACERT_FILE}"
|
||||
export IRONIC_USE_MARIADB=${IRONIC_USE_MARIADB:-true}
|
||||
|
||||
if [[ "$IRONIC_USE_MARIADB" == "true" ]]; then
|
||||
MARIADB_PASSWORD=${MARIADB_PASSWORD}
|
||||
MARIADB_DATABASE=${MARIADB_DATABASE:-ironic}
|
||||
MARIADB_USER=${MARIADB_USER:-ironic}
|
||||
MARIADB_HOST=${MARIADB_HOST:-127.0.0.1}
|
||||
export MARIADB_CONNECTION="mysql+pymysql://${MARIADB_USER}:${MARIADB_PASSWORD}@${MARIADB_HOST}/${MARIADB_DATABASE}?charset=utf8"
|
||||
if [[ "$MARIADB_TLS_ENABLED" == "true" ]]; then
|
||||
export MARIADB_CONNECTION="${MARIADB_CONNECTION}&ssl=on&ssl_ca=${MARIADB_CACERT_FILE}"
|
||||
fi
|
||||
fi
|
||||
|
||||
# TODO(dtantsur): remove the explicit default once we get
|
||||
@@ -37,9 +40,6 @@ if [[ "$NUMPROC" -lt 4 ]]; then
|
||||
fi
|
||||
export NUMWORKERS=${NUMWORKERS:-$NUMPROC}
|
||||
|
||||
export IRONIC_USE_MARIADB=${IRONIC_USE_MARIADB:-true}
|
||||
export IRONIC_EXPOSE_JSON_RPC=${IRONIC_EXPOSE_JSON_RPC:-true}
|
||||
|
||||
# Whether to enable fast_track provisioning or not
|
||||
export IRONIC_FAST_TRACK=${IRONIC_FAST_TRACK:-true}
|
||||
|
||||
@@ -58,16 +58,14 @@ wait_for_interface_or_ip
|
||||
export IRONIC_CONDUCTOR_HOST=${IRONIC_CONDUCTOR_HOST:-${IRONIC_URL_HOST}}
|
||||
|
||||
export IRONIC_BASE_URL=${IRONIC_BASE_URL:-"${IRONIC_SCHEME}://${IRONIC_URL_HOST}:${IRONIC_ACCESS_PORT}"}
|
||||
export IRONIC_INSPECTOR_BASE_URL=${IRONIC_INSPECTOR_BASE_URL:-"${IRONIC_INSPECTOR_SCHEME}://${IRONIC_URL_HOST}:${IRONIC_INSPECTOR_ACCESS_PORT}"}
|
||||
|
||||
if [[ -n "$IRONIC_EXTERNAL_IP" ]]; then
|
||||
export IRONIC_EXTERNAL_CALLBACK_URL="${IRONIC_SCHEME}://${IRONIC_EXTERNAL_IP}:${IRONIC_ACCESS_PORT}"
|
||||
export IRONIC_EXTERNAL_CALLBACK_URL=${IRONIC_EXTERNAL_CALLBACK_URL:-"${IRONIC_SCHEME}://${IRONIC_EXTERNAL_IP}:${IRONIC_ACCESS_PORT}"}
|
||||
if [[ "$IRONIC_VMEDIA_TLS_SETUP" == "true" ]]; then
|
||||
export IRONIC_EXTERNAL_HTTP_URL="https://${IRONIC_EXTERNAL_IP}:${VMEDIA_TLS_PORT}"
|
||||
export IRONIC_EXTERNAL_HTTP_URL=${IRONIC_EXTERNAL_HTTP_URL:-"https://${IRONIC_EXTERNAL_IP}:${VMEDIA_TLS_PORT}"}
|
||||
else
|
||||
export IRONIC_EXTERNAL_HTTP_URL="http://${IRONIC_EXTERNAL_IP}:${HTTP_PORT}"
|
||||
export IRONIC_EXTERNAL_HTTP_URL=${IRONIC_EXTERNAL_HTTP_URL:-"http://${IRONIC_EXTERNAL_IP}:${HTTP_PORT}"}
|
||||
fi
|
||||
export IRONIC_INSPECTOR_CALLBACK_ENDPOINT_OVERRIDE="https://${IRONIC_EXTERNAL_IP}:${IRONIC_INSPECTOR_ACCESS_PORT}"
|
||||
fi
|
||||
|
||||
IMAGE_CACHE_PREFIX=/shared/html/images/ironic-python-agent
|
||||
@@ -90,13 +88,32 @@ mkdir -p /shared/ironic_prometheus_exporter
|
||||
|
||||
configure_json_rpc_auth
|
||||
|
||||
if [[ -f /proc/sys/crypto/fips_enabled ]]; then
|
||||
ENABLE_FIPS_IPA=$(cat /proc/sys/crypto/fips_enabled)
|
||||
export ENABLE_FIPS_IPA
|
||||
fi
|
||||
|
||||
# The original ironic.conf is empty, and can be found in ironic.conf_orig
|
||||
render_j2_config /etc/ironic/ironic.conf.j2 /etc/ironic/ironic.conf
|
||||
|
||||
if [[ "${USE_IRONIC_INSPECTOR}" == "true" ]]; then
|
||||
configure_client_basic_auth ironic-inspector
|
||||
fi
|
||||
configure_client_basic_auth ironic-rpc
|
||||
|
||||
# Make sure ironic traffic bypasses any proxies
|
||||
export NO_PROXY="${NO_PROXY:-},$IRONIC_IP"
|
||||
|
||||
PROBE_CURL_ARGS=
|
||||
if [[ "${IRONIC_REVERSE_PROXY_SETUP}" == "true" ]]; then
|
||||
if [[ "${IRONIC_PRIVATE_PORT}" == "unix" ]]; then
|
||||
PROBE_URL="http://127.0.0.1:6385"
|
||||
PROBE_CURL_ARGS="--unix-socket /shared/ironic.sock"
|
||||
else
|
||||
PROBE_URL="http://127.0.0.1:${IRONIC_PRIVATE_PORT}"
|
||||
fi
|
||||
else
|
||||
PROBE_URL="${IRONIC_BASE_URL}"
|
||||
fi
|
||||
export PROBE_CURL_ARGS
|
||||
export PROBE_URL
|
||||
|
||||
PROBE_KIND=readiness render_j2_config /bin/ironic-probe.j2 /bin/ironic-readiness
|
||||
PROBE_KIND=liveness render_j2_config /bin/ironic-probe.j2 /bin/ironic-liveness
|
||||
|
||||
@@ -10,12 +10,12 @@ useradd -r -g ${NONROOT_GID} \
|
||||
-d /var/lib/ironic \
|
||||
-s /sbin/nologin \
|
||||
${USER}
|
||||
|
||||
|
||||
# create ironic's http_root directory
|
||||
mkdir -p /shared/html
|
||||
chown "${NONROOT_UID}":"${NONROOT_GID}" /shared/html
|
||||
|
||||
# we'll bind mount shared ca and ironic/inspector certificate dirs here
|
||||
# we'll bind mount shared ca and ironic certificate dirs here
|
||||
# that need to have correct ownership as the entire ironic in BMO
|
||||
# deployment shares a single fsGroup in manifest's securityContext
|
||||
mkdir -p /certs/ca
|
||||
@@ -26,17 +26,15 @@ chmod 2775 /certs{,/ca}
|
||||
chown -R "${NONROOT_UID}":"${NONROOT_GID}" /etc/apache2
|
||||
chown -R "${NONROOT_UID}":"${NONROOT_GID}" /run
|
||||
|
||||
# ironic, inspector and httpd related changes
|
||||
# ironic and httpd related changes
|
||||
mkdir -p /etc/httpd/conf.d
|
||||
chown -R "${NONROOT_UID}":"${NONROOT_GID}" /etc/ironic /etc/httpd /etc/httpd
|
||||
chown -R "${NONROOT_UID}":"${NONROOT_GID}" /etc/ironic-inspector
|
||||
chown -R "${NONROOT_UID}":"${NONROOT_GID}" /var/log
|
||||
chmod 2775 /etc/ironic /etc/ironic-inspector /etc/httpd/conf /etc/httpd/conf.d
|
||||
chmod 664 /etc/ironic/* /etc/ironic-inspector/* /etc/httpd/conf/* /etc/httpd/conf.d/*
|
||||
chmod 2775 /etc/ironic /etc/httpd/conf /etc/httpd/conf.d
|
||||
chmod 664 /etc/ironic/* /etc/httpd/conf/* /etc/httpd/conf.d/*
|
||||
|
||||
chown -R "${NONROOT_UID}":"${NONROOT_GID}" /var/lib/ironic
|
||||
chown -R "${NONROOT_UID}":"${NONROOT_GID}" /var/lib/ironic-inspector
|
||||
chmod 2775 /var/lib/ironic /var/lib/ironic-inspector
|
||||
chmod 664 /var/lib/ironic/ironic.db /var/lib/ironic-inspector/ironic-inspector.db
|
||||
chmod 664 /var/lib/ironic/ironic.sqlite
|
||||
|
||||
# dnsmasq, and the capabilities required to run it as non-root user
|
||||
chown -R "${NONROOT_UID}":"${NONROOT_GID}" /etc/dnsmasq.conf /var/lib/dnsmasq
|
||||
@@ -48,3 +46,8 @@ chmod 664 /etc/dnsmasq.conf /var/lib/dnsmasq/dnsmasq.leases
|
||||
touch /var/lib/ca-certificates/ca-bundle.pem.new
|
||||
chown -R "${NONROOT_UID}":"${NONROOT_GID}" /var/lib/ca-certificates/
|
||||
chmod -R +w /var/lib/ca-certificates/
|
||||
|
||||
# probes that are created before start
|
||||
touch /bin/ironic-{readi,live}ness
|
||||
chown root:"${NONROOT_GID}" /bin/ironic-{readi,live}ness
|
||||
chmod 775 /bin/ironic-{readi,live}ness
|
||||
|
||||
@@ -29,13 +29,23 @@ dhcp-option=option{% if ":" in env["DNS_IP"] %}6{% endif %}:dns-server,{{ env["D
|
||||
# IPv4 Configuration:
|
||||
dhcp-match=ipxe,175
|
||||
# Client is already running iPXE; move to next stage of chainloading
|
||||
{%- if env.IPXE_TLS_SETUP == "true" %}
|
||||
# iPXE with (U)EFI
|
||||
dhcp-boot=tag:efi,tag:ipxe,http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/custom-ipxe/snponly.efi
|
||||
# iPXE with BIOS
|
||||
dhcp-boot=tag:ipxe,http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/custom-ipxe/undionly.kpxe
|
||||
{% else %}
|
||||
dhcp-boot=tag:ipxe,http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/boot.ipxe
|
||||
{% endif %}
|
||||
|
||||
# Note: Need to test EFI booting
|
||||
dhcp-match=set:efi,option:client-arch,7
|
||||
dhcp-match=set:efi,option:client-arch,9
|
||||
dhcp-match=set:efi,option:client-arch,11
|
||||
# Client is PXE booting over EFI without iPXE ROM; send EFI version of iPXE chainloader
|
||||
# Client is PXE booting over EFI without iPXE ROM; send EFI version of iPXE chainloader do the same also if iPXE ROM boots but TLS is enabled
|
||||
{%- if env.IPXE_TLS_SETUP == "true" %}
|
||||
dhcp-boot=tag:efi,tag:ipxe,snponly.efi
|
||||
{% endif %}
|
||||
dhcp-boot=tag:efi,tag:!ipxe,snponly.efi
|
||||
|
||||
# Client is running PXE over BIOS; send BIOS version of iPXE chainloader
|
||||
|
||||
@@ -19,8 +19,6 @@ Listen {{ env.IRONIC_URL_HOST }}:{{ env.IRONIC_LISTEN_PORT }}
|
||||
<VirtualHost {{ env.IRONIC_URL_HOST }}:{{ env.IRONIC_LISTEN_PORT }}>
|
||||
{% endif %}
|
||||
|
||||
{% if env.IRONIC_REVERSE_PROXY_SETUP | lower == "true" %}
|
||||
|
||||
{% if env.IRONIC_PRIVATE_PORT == "unix" %}
|
||||
ProxyPass "/" "unix:/shared/ironic.sock|http://127.0.0.1/"
|
||||
ProxyPassReverse "/" "unix:/shared/ironic.sock|http://127.0.0.1/"
|
||||
@@ -29,14 +27,8 @@ Listen {{ env.IRONIC_URL_HOST }}:{{ env.IRONIC_LISTEN_PORT }}
|
||||
ProxyPassReverse "/" "http://127.0.0.1:{{ env.IRONIC_PRIVATE_PORT }}/"
|
||||
{% endif %}
|
||||
|
||||
{% else %}
|
||||
WSGIDaemonProcess ironic user=ironic group=ironic threads=10 display-name=%{GROUP}
|
||||
WSGIScriptAlias / /usr/bin/ironic-api-wsgi
|
||||
{% endif %}
|
||||
|
||||
SetEnv APACHE_RUN_USER ironic-suse
|
||||
SetEnv APACHE_RUN_GROUP ironic-suse
|
||||
WSGIProcessGroup ironic-suse
|
||||
|
||||
ErrorLog /dev/stderr
|
||||
LogLevel debug
|
||||
@@ -49,7 +41,6 @@ Listen {{ env.IRONIC_URL_HOST }}:{{ env.IRONIC_LISTEN_PORT }}
|
||||
SSLCertificateKeyFile {{ env.IRONIC_KEY_FILE }}
|
||||
{% endif %}
|
||||
|
||||
{% if env.IRONIC_REVERSE_PROXY_SETUP | lower == "true" %}
|
||||
<Location />
|
||||
{% if "IRONIC_HTPASSWD" in env and env.IRONIC_HTPASSWD | length %}
|
||||
AuthType Basic
|
||||
@@ -58,22 +49,6 @@ Listen {{ env.IRONIC_URL_HOST }}:{{ env.IRONIC_LISTEN_PORT }}
|
||||
Require valid-user
|
||||
{% endif %}
|
||||
</Location>
|
||||
{% else %}
|
||||
<Directory /usr/bin >
|
||||
WSGIProcessGroup ironic
|
||||
WSGIApplicationGroup %{GLOBAL}
|
||||
AllowOverride None
|
||||
|
||||
{% if "IRONIC_HTPASSWD" in env and env.IRONIC_HTPASSWD | length %}
|
||||
AuthType Basic
|
||||
AuthName "Restricted WSGI area"
|
||||
AuthUserFile "/etc/ironic/htpasswd"
|
||||
Require valid-user
|
||||
{% else %}
|
||||
Require all granted
|
||||
{% endif %}
|
||||
</Directory>
|
||||
{% endif %}
|
||||
|
||||
<Location ~ "^/(v1/?)?$" >
|
||||
Require all granted
|
||||
|
||||
@@ -5,7 +5,6 @@ LoadModule dir_module /usr/lib64/apache2/mod_dir.so
|
||||
LoadModule authz_core_module /usr/lib64/apache2/mod_authz_core.so
|
||||
#LoadModule unixd_module modules/mod_unixd.so
|
||||
#LoadModule mpm_event_module modules/mod_mpm_event.so
|
||||
LoadModule wsgi_module /usr/lib64/apache2/mod_wsgi.so
|
||||
LoadModule ssl_module /usr/lib64/apache2/mod_ssl.so
|
||||
LoadModule env_module /usr/lib64/apache2/mod_env.so
|
||||
LoadModule proxy_module /usr/lib64/apache2/mod_proxy.so
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
ServerRoot "/etc/httpd"
|
||||
{%- if env.LISTEN_ALL_INTERFACES | lower == "true" %}
|
||||
Listen [::]:{{ env.HTTP_PORT }}
|
||||
Listen {{ env.HTTP_PORT }}
|
||||
{% else %}
|
||||
Listen {{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}
|
||||
{% endif %}
|
||||
|
||||
@@ -5,6 +5,6 @@ echo In inspector.ipxe
|
||||
imgfree
|
||||
# NOTE(dtantsur): keep inspection kernel params in [mdns]params in
|
||||
# ironic-inspector-image and configuration in configure-ironic.sh
|
||||
kernel --timeout 60000 http://{{ env.IRONIC_IP }}:{{ env.HTTP_PORT }}/images/ironic-python-agent.kernel ipa-insecure=1 ipa-inspection-collectors={{ env.IRONIC_IPA_COLLECTORS }} systemd.journald.forward_to_console=yes BOOTIF=${mac} ipa-debug=1 ipa-enable-vlan-interfaces={{ env.IRONIC_INSPECTOR_VLAN_INTERFACES }} ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 {{ env.INSPECTOR_EXTRA_ARGS }} initrd=ironic-python-agent.initramfs {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} || goto retry_boot
|
||||
initrd --timeout 60000 http://{{ env.IRONIC_IP }}:{{ env.HTTP_PORT }}/images/ironic-python-agent.initramfs || goto retry_boot
|
||||
kernel --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent.kernel ipa-insecure=1 ipa-inspection-collectors={{ env.IRONIC_IPA_COLLECTORS }} systemd.journald.forward_to_console=yes BOOTIF=${mac} ipa-debug=1 ipa-enable-vlan-interfaces={{ env.IRONIC_ENABLE_VLAN_INTERFACES }} ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 {{ env.INSPECTOR_EXTRA_ARGS }} initrd=ironic-python-agent.initramfs {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} || goto retry_boot
|
||||
initrd --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent.initramfs || goto retry_boot
|
||||
boot
|
||||
|
||||
81
ironic-image/ipxe_config.template
Normal file
81
ironic-image/ipxe_config.template
Normal file
@@ -0,0 +1,81 @@
|
||||
#!ipxe
|
||||
|
||||
set attempts:int32 10
|
||||
set i:int32 0
|
||||
|
||||
goto deploy
|
||||
|
||||
:deploy
|
||||
imgfree
|
||||
{%- if pxe_options.deployment_aki_path %}
|
||||
{%- set aki_path_https_elements = pxe_options.deployment_aki_path.split(':') %}
|
||||
{%- set aki_port_and_path = aki_path_https_elements[2].split('/') %}
|
||||
{%- set aki_afterport = aki_port_and_path[1:]|join('/') %}
|
||||
{%- set aki_path_https = ['https:', aki_path_https_elements[1], ':8084/', aki_afterport]|join %}
|
||||
{%- endif %}
|
||||
{%- if pxe_options.deployment_ari_path %}
|
||||
{%- set ari_path_https_elements = pxe_options.deployment_ari_path.split(':') %}
|
||||
{%- set ari_port_and_path = ari_path_https_elements[2].split('/') %}
|
||||
{%- set ari_afterport = ari_port_and_path[1:]|join('/') %}
|
||||
{%- set ari_path_https = ['https:', ari_path_https_elements[1], ':8084/', ari_afterport]|join %}
|
||||
{%- endif %}
|
||||
kernel {% if pxe_options.ipxe_timeout > 0 %}--timeout {{ pxe_options.ipxe_timeout }} {% endif %}{{ aki_path_https }} selinux=0 troubleshoot=0 text {{ pxe_options.pxe_append_params|default("", true) }} BOOTIF=${mac} initrd={{ pxe_options.initrd_filename|default("deploy_ramdisk", true) }} || goto retry
|
||||
|
||||
initrd {% if pxe_options.ipxe_timeout > 0 %}--timeout {{ pxe_options.ipxe_timeout }} {% endif %}{{ ari_path_https }} || goto retry
|
||||
boot
|
||||
|
||||
:retry
|
||||
iseq ${i} ${attempts} && goto fail ||
|
||||
inc i
|
||||
echo No response, retrying in ${i} seconds.
|
||||
sleep ${i}
|
||||
goto deploy
|
||||
|
||||
:fail
|
||||
echo Failed to get a response after ${attempts} attempts
|
||||
echo Powering off in 30 seconds.
|
||||
sleep 30
|
||||
poweroff
|
||||
|
||||
:boot_anaconda
|
||||
imgfree
|
||||
kernel {% if pxe_options.ipxe_timeout > 0 %}--timeout {{ pxe_options.ipxe_timeout }} {% endif %}{{ aki_path_https }} text {{ pxe_options.pxe_append_params|default("", true) }} inst.ks={{ pxe_options.ks_cfg_url }} {% if pxe_options.repo_url %}inst.repo={{ pxe_options.repo_url }}{% else %}inst.stage2={{ pxe_options.stage2_url }}{% endif %} initrd=ramdisk || goto boot_anaconda
|
||||
initrd {% if pxe_options.ipxe_timeout > 0 %}--timeout {{ pxe_options.ipxe_timeout }} {% endif %}{{ ari_path_https }} || goto boot_anaconda
|
||||
boot
|
||||
|
||||
:boot_ramdisk
|
||||
imgfree
|
||||
{%- if pxe_options.boot_iso_url %}
|
||||
sanboot {{ pxe_options.boot_iso_url }}
|
||||
{%- else %}
|
||||
kernel {% if pxe_options.ipxe_timeout > 0 %}--timeout {{ pxe_options.ipxe_timeout }} {% endif %}{{ aki_path_https }} root=/dev/ram0 text {{ pxe_options.pxe_append_params|default("", true) }} {{ pxe_options.ramdisk_opts|default('', true) }} initrd=ramdisk || goto boot_ramdisk
|
||||
initrd {% if pxe_options.ipxe_timeout > 0 %}--timeout {{ pxe_options.ipxe_timeout }} {% endif %}{{ ari_path_https }} || goto boot_ramdisk
|
||||
boot
|
||||
{%- endif %}
|
||||
|
||||
{%- if pxe_options.boot_from_volume %}
|
||||
|
||||
:boot_iscsi
|
||||
imgfree
|
||||
{% if pxe_options.username %}set username {{ pxe_options.username }}{% endif %}
|
||||
{% if pxe_options.password %}set password {{ pxe_options.password }}{% endif %}
|
||||
{% if pxe_options.iscsi_initiator_iqn %}set initiator-iqn {{ pxe_options.iscsi_initiator_iqn }}{% endif %}
|
||||
sanhook --drive 0x80 {{ pxe_options.iscsi_boot_url }} || goto fail_iscsi_retry
|
||||
{%- if pxe_options.iscsi_volumes %}{% for i, volume in enumerate(pxe_options.iscsi_volumes) %}
|
||||
set username {{ volume.username }}
|
||||
set password {{ volume.password }}
|
||||
{%- set drive_id = 129 + i %}
|
||||
sanhook --drive {{ '0x%x' % drive_id }} {{ volume.url }} || goto fail_iscsi_retry
|
||||
{%- endfor %}{% endif %}
|
||||
{% if pxe_options.iscsi_volumes %}set username {{ pxe_options.username }}{% endif %}
|
||||
{% if pxe_options.iscsi_volumes %}set password {{ pxe_options.password }}{% endif %}
|
||||
sanboot --no-describe || goto fail_iscsi_retry
|
||||
|
||||
:fail_iscsi_retry
|
||||
echo Failed to attach iSCSI volume(s), retrying in 10 seconds.
|
||||
sleep 10
|
||||
goto boot_iscsi
|
||||
{%- endif %}
|
||||
|
||||
:boot_whole_disk
|
||||
sanboot --no-describe || exit 0
|
||||
@@ -6,6 +6,7 @@ IRONIC_IP="${IRONIC_IP:-}"
|
||||
PROVISIONING_INTERFACE="${PROVISIONING_INTERFACE:-}"
|
||||
PROVISIONING_IP="${PROVISIONING_IP:-}"
|
||||
PROVISIONING_MACS="${PROVISIONING_MACS:-}"
|
||||
IPXE_CUSTOM_FIRMWARE_DIR="${IPXE_CUSTOM_FIRMWARE_DIR:-/shared/custom_ipxe_firmware}"
|
||||
|
||||
get_provisioning_interface()
|
||||
{
|
||||
@@ -72,7 +73,10 @@ wait_for_interface_or_ip()
|
||||
|
||||
render_j2_config()
|
||||
{
|
||||
ls $1 # DEBUG
|
||||
python3 -c 'import os; import sys; import jinja2; sys.stdout.write(jinja2.Template(sys.stdin.read()).render(env=os.environ))' < "$1"
|
||||
python3 -c 'import os; import sys; import jinja2; sys.stdout.write(jinja2.Template(sys.stdin.read()).render(env=os.environ))' < "$1" > "$2"
|
||||
ls $2 # DEBUG
|
||||
}
|
||||
|
||||
run_ironic_dbsync()
|
||||
@@ -86,25 +90,18 @@ run_ironic_dbsync()
|
||||
done
|
||||
else
|
||||
# SQLite does not support some statements. Fortunately, we can just create
|
||||
# the schema in one go instead of going through an upgrade.
|
||||
ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema
|
||||
# the schema in one go if not already created, instead of going through an upgrade
|
||||
DB_VERSION="$(ironic-dbsync --config-file /etc/ironic/ironic.conf version)"
|
||||
if [[ "${DB_VERSION}" == "None" ]]; then
|
||||
ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
# Use the special value "unix" for unix sockets
|
||||
export IRONIC_PRIVATE_PORT=${IRONIC_PRIVATE_PORT:-6388}
|
||||
export IRONIC_INSPECTOR_PRIVATE_PORT=${IRONIC_INSPECTOR_PRIVATE_PORT:-5049}
|
||||
export IRONIC_PRIVATE_PORT=${IRONIC_PRIVATE_PORT:-unix}
|
||||
|
||||
export IRONIC_ACCESS_PORT=${IRONIC_ACCESS_PORT:-6385}
|
||||
export IRONIC_LISTEN_PORT=${IRONIC_LISTEN_PORT:-$IRONIC_ACCESS_PORT}
|
||||
|
||||
export IRONIC_INSPECTOR_ACCESS_PORT=${IRONIC_INSPECTOR_ACCESS_PORT:-5050}
|
||||
export IRONIC_INSPECTOR_LISTEN_PORT=${IRONIC_INSPECTOR_LISTEN_PORT:-$IRONIC_INSPECTOR_ACCESS_PORT}
|
||||
|
||||
# If this is false, built-in inspection is used.
|
||||
export USE_IRONIC_INSPECTOR=${USE_IRONIC_INSPECTOR:-true}
|
||||
export IRONIC_INSPECTOR_ENABLE_DISCOVERY=${IRONIC_INSPECTOR_ENABLE_DISCOVERY:-false}
|
||||
if [[ "${USE_IRONIC_INSPECTOR}" != "true" ]] && [[ "${IRONIC_INSPECTOR_ENABLE_DISCOVERY}" == "true" ]]; then
|
||||
echo "Discovery is only supported with ironic-inspector at this point"
|
||||
exit 1
|
||||
fi
|
||||
export IRONIC_ENABLE_DISCOVERY=${IRONIC_ENABLE_DISCOVERY:-${IRONIC_INSPECTOR_ENABLE_DISCOVERY:-false}}
|
||||
|
||||
9
ironic-image/ironic-probe.j2
Normal file
9
ironic-image/ironic-probe.j2
Normal file
@@ -0,0 +1,9 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -eu -o pipefail
|
||||
|
||||
curl -sSf {{ env.PROBE_CURL_ARGS }} "{{ env.PROBE_URL }}"
|
||||
|
||||
# TODO(dtantsur): when PROBE_KIND==readiness, try the conductor and driver API
|
||||
# to make sure the conductor is ready. This requires having access to secrets
|
||||
# since these endpoints are authenticated.
|
||||
@@ -1,28 +1,22 @@
|
||||
[DEFAULT]
|
||||
{% if env.AUTH_STRATEGY is defined %}
|
||||
auth_strategy = {{ env.AUTH_STRATEGY }}
|
||||
{% if env.AUTH_STRATEGY == "http_basic" %}
|
||||
http_basic_auth_user_file=/etc/ironic/htpasswd
|
||||
{% endif %}
|
||||
{% else %}
|
||||
auth_strategy = noauth
|
||||
{% endif %}
|
||||
debug = true
|
||||
default_deploy_interface = direct
|
||||
default_inspect_interface = {% if env.USE_IRONIC_INSPECTOR == "true" %}inspector{% else %}agent{% endif %}
|
||||
default_inspect_interface = agent
|
||||
default_network_interface = noop
|
||||
enabled_bios_interfaces = idrac-wsman,no-bios,redfish,idrac-redfish,irmc,ilo
|
||||
enabled_boot_interfaces = ipxe,ilo-ipxe,pxe,ilo-pxe,fake,redfish-virtual-media,idrac-redfish-virtual-media,ilo-virtual-media
|
||||
enabled_bios_interfaces = no-bios,redfish,idrac-redfish,irmc,ilo
|
||||
enabled_boot_interfaces = ipxe,ilo-ipxe,pxe,ilo-pxe,fake,redfish-virtual-media,idrac-redfish-virtual-media,ilo-virtual-media,redfish-https
|
||||
enabled_deploy_interfaces = direct,fake,ramdisk,custom-agent
|
||||
enabled_firmware_interfaces = no-firmware,fake,redfish
|
||||
# NOTE(dtantsur): when changing this, make sure to update the driver
|
||||
# dependencies in Dockerfile.
|
||||
enabled_hardware_types = ipmi,idrac,irmc,fake-hardware,redfish,manual-management,ilo,ilo5
|
||||
enabled_inspect_interfaces = {% if env.USE_IRONIC_INSPECTOR == "true" %}inspector{% else %}agent{% endif %},idrac-wsman,irmc,fake,redfish,ilo
|
||||
enabled_management_interfaces = ipmitool,idrac-wsman,irmc,fake,redfish,idrac-redfish,ilo,ilo5,noop
|
||||
enabled_power_interfaces = ipmitool,idrac-wsman,irmc,fake,redfish,idrac-redfish,ilo
|
||||
enabled_raid_interfaces = no-raid,irmc,agent,fake,idrac-wsman,redfish,idrac-redfish,ilo5
|
||||
enabled_vendor_interfaces = no-vendor,ipmitool,idrac-wsman,idrac-redfish,redfish,ilo,fake
|
||||
enabled_firmware_interfaces = no-firmware,fake,redfish
|
||||
enabled_inspect_interfaces = agent,irmc,fake,redfish,ilo
|
||||
enabled_management_interfaces = ipmitool,irmc,fake,redfish,idrac-redfish,ilo,ilo5,noop
|
||||
enabled_network_interfaces = noop
|
||||
enabled_power_interfaces = ipmitool,irmc,fake,redfish,idrac-redfish,ilo
|
||||
enabled_raid_interfaces = no-raid,irmc,agent,fake,redfish,idrac-redfish,ilo5
|
||||
enabled_vendor_interfaces = no-vendor,ipmitool,idrac-redfish,redfish,ilo,fake
|
||||
{% if env.IRONIC_EXPOSE_JSON_RPC | lower == "true" %}
|
||||
rpc_transport = json-rpc
|
||||
{% else %}
|
||||
@@ -32,14 +26,7 @@ use_stderr = true
|
||||
# NOTE(dtantsur): the default md5 is not compatible with FIPS mode
|
||||
hash_ring_algorithm = sha256
|
||||
my_ip = {{ env.IRONIC_IP }}
|
||||
{% if env.IRONIC_DEPLOYMENT == "Conductor" and env.JSON_RPC_AUTH_STRATEGY == "noauth" %}
|
||||
# if access is unauthenticated, we bind only to localhost - use that as the
|
||||
# host name also, so that the client can find the server
|
||||
# If we run both API and conductor in the same pod, use localhost
|
||||
host = localhost
|
||||
{% else %}
|
||||
host = {{ env.IRONIC_CONDUCTOR_HOST }}
|
||||
{% endif %}
|
||||
|
||||
# If a path to a certificate is defined, use that first for webserver
|
||||
{% if env.WEBSERVER_CACERT_FILE %}
|
||||
@@ -96,7 +83,7 @@ send_sensor_data = {{ env.SEND_SENSOR_DATA }}
|
||||
# Power state is checked every 60 seconds and BMC activity should
|
||||
# be avoided more often than once every sixty seconds.
|
||||
send_sensor_data_interval = 160
|
||||
bootloader = {{ env.IRONIC_BOOT_BASE_URL }}/uefi_esp.img
|
||||
bootloader = http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/uefi_esp.img
|
||||
verify_step_priority_override = management.clear_job_queue:90
|
||||
# We don't use this feature, and it creates an additional load on the database
|
||||
node_history = False
|
||||
@@ -125,7 +112,7 @@ default_boot_option = local
|
||||
erase_devices_metadata_priority = 10
|
||||
erase_devices_priority = 0
|
||||
http_root = /shared/html/
|
||||
http_url = {{ env.IRONIC_BOOT_BASE_URL }}
|
||||
http_url = http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}
|
||||
fast_track = {{ env.IRONIC_FAST_TRACK }}
|
||||
{% if env.IRONIC_BOOT_ISO_SOURCE %}
|
||||
ramdisk_image_download_source = {{ env.IRONIC_BOOT_ISO_SOURCE }}
|
||||
@@ -143,26 +130,22 @@ external_callback_url = {{ env.IRONIC_EXTERNAL_CALLBACK_URL }}
|
||||
dhcp_provider = none
|
||||
|
||||
[inspector]
|
||||
# NOTE(dtantsur): we properly configure the "unmanaged" inspection boot (i.e.
|
||||
# booting IPA through a separate inspector.ipxe rather than the driver's boot
|
||||
# interface), so managed boot is not required.
|
||||
require_managed_boot = False
|
||||
power_off = {{ false if env.IRONIC_FAST_TRACK == "true" else true }}
|
||||
# NOTE(dtantsur): keep inspection arguments synchronized with inspector.ipxe
|
||||
# Also keep in mind that only parameters unique for inspection go here.
|
||||
# No need to duplicate pxe_append_params/kernel_append_params.
|
||||
extra_kernel_params = ipa-inspection-collectors={{ env.IRONIC_IPA_COLLECTORS }} ipa-enable-vlan-interfaces={{ env.IRONIC_INSPECTOR_VLAN_INTERFACES }} ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 net.ifnames={{ '0' if env.PREDICTABLE_NIC_NAMES == 'false' else '1' }}
|
||||
|
||||
{% if env.USE_IRONIC_INSPECTOR == "true" %}
|
||||
endpoint_override = {{ env.IRONIC_INSPECTOR_BASE_URL }}
|
||||
{% if env.IRONIC_INSPECTOR_TLS_SETUP == "true" %}
|
||||
cafile = {{ env.IRONIC_INSPECTOR_CACERT_FILE }}
|
||||
insecure = {{ env.IRONIC_INSPECTOR_INSECURE }}
|
||||
{% endif %}
|
||||
{% if env.IRONIC_INSPECTOR_CALLBACK_ENDPOINT_OVERRIDE %}
|
||||
callback_endpoint_override = {{ env.IRONIC_INSPECTOR_CALLBACK_ENDPOINT_OVERRIDE }}
|
||||
{% endif %}
|
||||
{% else %}
|
||||
extra_kernel_params = ipa-inspection-collectors={{ env.IRONIC_IPA_COLLECTORS }} ipa-enable-vlan-interfaces={{ env.IRONIC_ENABLE_VLAN_INTERFACES }} ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1
|
||||
hooks = $default_hooks,parse-lldp
|
||||
add_ports = all
|
||||
keep_ports = present
|
||||
{% endif %}
|
||||
|
||||
[auto_discovery]
|
||||
enabled = {{ env.IRONIC_ENABLE_DISCOVERY }}
|
||||
driver = ipmi
|
||||
|
||||
[ipmi]
|
||||
# use_ipmitool_retries transfers the responsibility of retrying to ipmitool
|
||||
@@ -191,15 +174,9 @@ cipher_suite_versions = 3,17
|
||||
# authentication over localhost, using the same credentials as API, to prevent
|
||||
# unauthenticated connections from other processes in the same host since the
|
||||
# containers are in host networking.
|
||||
auth_strategy = {{ env.JSON_RPC_AUTH_STRATEGY }}
|
||||
auth_strategy = http_basic
|
||||
http_basic_auth_user_file = /etc/ironic/htpasswd-rpc
|
||||
{% if env.IRONIC_DEPLOYMENT == "Conductor" and env.JSON_RPC_AUTH_STRATEGY == "noauth" %}
|
||||
# if access is unauthenticated, we bind only to localhost - use that as the
|
||||
# host name also, so that the client can find the server
|
||||
host_ip = localhost
|
||||
{% else %}
|
||||
host_ip = {% if env.LISTEN_ALL_INTERFACES | lower == "true" %}::{% else %}{{ env.IRONIC_IP }}{% endif %}
|
||||
{% endif %}
|
||||
{% if env.IRONIC_TLS_SETUP == "true" %}
|
||||
use_ssl = true
|
||||
cafile = {{ env.IRONIC_CACERT_FILE }}
|
||||
@@ -224,24 +201,27 @@ images_path = /shared/html/tmp
|
||||
instance_master_path = /shared/html/master_images
|
||||
tftp_master_path = /shared/tftpboot/master_images
|
||||
tftp_root = /shared/tftpboot
|
||||
kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes
|
||||
kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.ENABLE_FIPS_IPA %}fips={{ env.ENABLE_FIPS_IPA|trim }}{% endif %} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes net.ifnames={{ '0' if env.PREDICTABLE_NIC_NAMES == 'false' else '1' }}
|
||||
# This makes networking boot templates generated even for nodes using local
|
||||
# boot (the default), ensuring that they boot correctly even if they start
|
||||
# netbooting for some reason (e.g. with the noop management interface).
|
||||
enable_netboot_fallback = true
|
||||
# Enable the fallback path to in-band inspection
|
||||
ipxe_fallback_script = inspector.ipxe
|
||||
{% if env.IPXE_TLS_SETUP | lower == "true" %}
|
||||
ipxe_config_template = /tmp/ipxe_config.template
|
||||
{% endif %}
|
||||
|
||||
[redfish]
|
||||
use_swift = false
|
||||
kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes
|
||||
kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.ENABLE_FIPS_IPA %}fips={{ env.ENABLE_FIPS_IPA|trim }}{% endif %} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes net.ifnames={{ '0' if env.PREDICTABLE_NIC_NAMES == 'false' else '1' }}
|
||||
|
||||
[ilo]
|
||||
kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes
|
||||
kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.ENABLE_FIPS_IPA %}fips={{ env.ENABLE_FIPS_IPA|trim }}{% endif %} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes net.ifnames={{ '0' if env.PREDICTABLE_NIC_NAMES == 'false' else '1' }}
|
||||
use_web_server_for_images = true
|
||||
|
||||
[irmc]
|
||||
kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes
|
||||
kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.ENABLE_FIPS_IPA %}fips={{ env.ENABLE_FIPS_IPA|trim }}{% endif %} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes net.ifnames={{ '0' if env.PREDICTABLE_NIC_NAMES == 'false' else '1' }}
|
||||
|
||||
[service_catalog]
|
||||
endpoint_override = {{ env.IRONIC_BASE_URL }}
|
||||
|
||||
@@ -4,6 +4,8 @@ set -eux
|
||||
|
||||
# shellcheck disable=SC1091
|
||||
. /bin/ironic-common.sh
|
||||
# shellcheck disable=SC1091
|
||||
. /bin/tls-common.sh
|
||||
|
||||
export HTTP_PORT=${HTTP_PORT:-80}
|
||||
DNSMASQ_EXCEPT_INTERFACE=${DNSMASQ_EXCEPT_INTERFACE:-lo}
|
||||
@@ -19,7 +21,13 @@ mkdir -p /shared/html/images
|
||||
mkdir -p /shared/html/pxelinux.cfg
|
||||
|
||||
# Copy files to shared mount
|
||||
cp /tftpboot/undionly.kpxe /tftpboot/snponly.efi /shared/tftpboot
|
||||
if [[ -r "${IPXE_CUSTOM_FIRMWARE_DIR}" ]]; then
|
||||
cp "${IPXE_CUSTOM_FIRMWARE_DIR}/undionly.kpxe" \
|
||||
"${IPXE_CUSTOM_FIRMWARE_DIR}/snponly.efi" \
|
||||
"/shared/tftpboot"
|
||||
else
|
||||
cp /tftpboot/undionly.kpxe /tftpboot/snponly.efi /shared/tftpboot
|
||||
fi
|
||||
|
||||
# Template and write dnsmasq.conf
|
||||
# we template via /tmp as sed otherwise creates temp files in /etc directory
|
||||
|
||||
@@ -8,10 +8,7 @@
|
||||
export HTTP_PORT=${HTTP_PORT:-80}
|
||||
export VMEDIA_TLS_PORT=${VMEDIA_TLS_PORT:-8083}
|
||||
|
||||
INSPECTOR_ORIG_HTTPD_CONFIG=/etc/httpd/conf.d/inspector-apache.conf.j2
|
||||
INSPECTOR_RESULT_HTTPD_CONFIG=/etc/httpd/conf.d/ironic-inspector.conf
|
||||
export IRONIC_REVERSE_PROXY_SETUP=${IRONIC_REVERSE_PROXY_SETUP:-false}
|
||||
export INSPECTOR_REVERSE_PROXY_SETUP=${INSPECTOR_REVERSE_PROXY_SETUP:-false}
|
||||
|
||||
# In Metal3 context they are called node images in Ironic context they are
|
||||
# called user images.
|
||||
@@ -33,11 +30,7 @@ chmod 0777 /shared/html
|
||||
|
||||
IRONIC_BASE_URL="${IRONIC_SCHEME}://${IRONIC_URL_HOST}"
|
||||
|
||||
if [[ "${USE_IRONIC_INSPECTOR}" == "true" ]]; then
|
||||
INSPECTOR_EXTRA_ARGS=" ipa-inspection-callback-url=${IRONIC_BASE_URL}:${IRONIC_INSPECTOR_ACCESS_PORT}/v1/continue"
|
||||
else
|
||||
INSPECTOR_EXTRA_ARGS=" ipa-inspection-callback-url=${IRONIC_BASE_URL}:${IRONIC_ACCESS_PORT}/v1/continue_inspection"
|
||||
fi
|
||||
INSPECTOR_EXTRA_ARGS=" ipa-inspection-callback-url=${IRONIC_BASE_URL}:${IRONIC_ACCESS_PORT}/v1/continue_inspection"
|
||||
|
||||
if [[ "$IRONIC_FAST_TRACK" == "true" ]]; then
|
||||
INSPECTOR_EXTRA_ARGS+=" ipa-api-url=${IRONIC_BASE_URL}:${IRONIC_ACCESS_PORT}"
|
||||
@@ -51,14 +44,6 @@ cp /tmp/uefi_esp.img /shared/html/uefi_esp.img
|
||||
# Render the core httpd config
|
||||
render_j2_config /etc/httpd/conf/httpd.conf.j2 /etc/httpd/conf/httpd.conf
|
||||
|
||||
if [[ "$USE_IRONIC_INSPECTOR" == "true" ]] && [[ "$IRONIC_INSPECTOR_TLS_SETUP" == "true" ]]; then
|
||||
if [[ "${INSPECTOR_REVERSE_PROXY_SETUP}" == "true" ]]; then
|
||||
render_j2_config "$INSPECTOR_ORIG_HTTPD_CONFIG" "$INSPECTOR_RESULT_HTTPD_CONFIG"
|
||||
fi
|
||||
else
|
||||
export INSPECTOR_REVERSE_PROXY_SETUP="false" # If TLS is not used, we have no reason to use the reverse proxy
|
||||
fi
|
||||
|
||||
if [[ "$IRONIC_TLS_SETUP" == "true" ]]; then
|
||||
if [[ "${IRONIC_REVERSE_PROXY_SETUP}" == "true" ]]; then
|
||||
render_j2_config /tmp/httpd-ironic-api.conf.j2 /etc/httpd/conf.d/ironic.conf
|
||||
@@ -74,12 +59,14 @@ if [[ "$IRONIC_VMEDIA_TLS_SETUP" == "true" ]]; then
|
||||
render_j2_config /etc/httpd-vmedia.conf.j2 /etc/httpd/conf.d/vmedia.conf
|
||||
fi
|
||||
|
||||
# Set up inotify to kill the container (restart) whenever cert files for ironic inspector change
|
||||
if [[ "$IRONIC_INSPECTOR_TLS_SETUP" == "true" ]] && [[ "${RESTART_CONTAINER_CERTIFICATE_UPDATED}" == "true" ]]; then
|
||||
# shellcheck disable=SC2034
|
||||
inotifywait -m -e delete_self "${IRONIC_INSPECTOR_CERT_FILE}" | while read -r file event; do
|
||||
kill -WINCH $(pgrep httpd)
|
||||
done &
|
||||
# Render httpd TLS configuration for /shared/html
|
||||
if [[ "$IPXE_TLS_SETUP" == "true" ]]; then
|
||||
mkdir -p /shared/html/custom-ipxe
|
||||
chmod 0777 /shared/html/custom-ipxe
|
||||
render_j2_config "/etc/httpd-ipxe.conf.j2" "/etc/httpd/conf.d/ipxe.conf"
|
||||
cp "${IPXE_CUSTOM_FIRMWARE_DIR}/undionly.kpxe" \
|
||||
"${IPXE_CUSTOM_FIRMWARE_DIR}/snponly.efi" \
|
||||
"/shared/html/custom-ipxe"
|
||||
fi
|
||||
|
||||
# Set up inotify to kill the container (restart) whenever cert files for ironic api change
|
||||
|
||||
@@ -1,9 +1,7 @@
|
||||
#!/usr/bin/bash
|
||||
|
||||
# These settings must go before configure-ironic since it has different
|
||||
# defaults.
|
||||
# This setting must go before configure-ironic since it has different defaults.
|
||||
export IRONIC_USE_MARIADB=${IRONIC_USE_MARIADB:-false}
|
||||
export IRONIC_EXPOSE_JSON_RPC=${IRONIC_EXPOSE_JSON_RPC:-false}
|
||||
|
||||
# shellcheck disable=SC1091
|
||||
. /bin/configure-ironic.sh
|
||||
|
||||
@@ -1,20 +1,11 @@
|
||||
#!/usr/bin/bash
|
||||
|
||||
# Ramdisk logs path
|
||||
LOG_DIRS=("/shared/log/ironic/deploy" "/shared/log/ironic-inspector/ramdisk")
|
||||
LOG_DIR="/shared/log/ironic/deploy"
|
||||
|
||||
while :; do
|
||||
for LOG_DIR in "${LOG_DIRS[@]}"; do
|
||||
if ! ls "${LOG_DIR}"/*.tar.gz 1> /dev/null 2>&1; then
|
||||
continue
|
||||
fi
|
||||
|
||||
for fn in "${LOG_DIR}"/*.tar.gz; do
|
||||
echo "************ Contents of $fn ramdisk log file bundle **************"
|
||||
tar -xOzvvf "$fn" | sed -e "s/^/$(basename "$fn"): /"
|
||||
rm -f "$fn"
|
||||
done
|
||||
inotifywait -m "${LOG_DIR}" -e close_write |
|
||||
while read -r path _action file; do
|
||||
echo "************ Contents of ${path}/${file} ramdisk log file bundle **************"
|
||||
tar -xOzvvf "${path}/${file}" | sed -e "s/^/${file}: /"
|
||||
rm -f "${path}/${file}"
|
||||
done
|
||||
|
||||
sleep 5
|
||||
done
|
||||
|
||||
@@ -5,24 +5,25 @@ export IRONIC_KEY_FILE=/certs/ironic/tls.key
|
||||
export IRONIC_CACERT_FILE=/certs/ca/ironic/tls.crt
|
||||
export IRONIC_INSECURE=${IRONIC_INSECURE:-false}
|
||||
export IRONIC_SSL_PROTOCOL=${IRONIC_SSL_PROTOCOL:-"-ALL +TLSv1.2 +TLSv1.3"}
|
||||
export IPXE_SSL_PROTOCOL=${IPXE_SSL_PROTOCOL:-"-ALL +TLSv1.2 +TLSv1.3"}
|
||||
export IRONIC_VMEDIA_SSL_PROTOCOL=${IRONIC_VMEDIA_SSL_PROTOCOL:-"ALL"}
|
||||
|
||||
export IRONIC_INSPECTOR_CERT_FILE=/certs/ironic-inspector/tls.crt
|
||||
export IRONIC_INSPECTOR_KEY_FILE=/certs/ironic-inspector/tls.key
|
||||
export IRONIC_INSPECTOR_CACERT_FILE=/certs/ca/ironic-inspector/tls.crt
|
||||
export IRONIC_INSPECTOR_INSECURE=${IRONIC_INSPECTOR_INSECURE:-$IRONIC_INSECURE}
|
||||
|
||||
export IRONIC_VMEDIA_CERT_FILE=/certs/vmedia/tls.crt
|
||||
export IRONIC_VMEDIA_KEY_FILE=/certs/vmedia/tls.key
|
||||
|
||||
export IPXE_CERT_FILE=/certs/ipxe/tls.crt
|
||||
export IPXE_KEY_FILE=/certs/ipxe/tls.key
|
||||
|
||||
export RESTART_CONTAINER_CERTIFICATE_UPDATED=${RESTART_CONTAINER_CERTIFICATE_UPDATED:-"false"}
|
||||
|
||||
export MARIADB_CACERT_FILE=/certs/ca/mariadb/tls.crt
|
||||
|
||||
export IPXE_TLS_PORT="${IPXE_TLS_PORT:-8084}"
|
||||
|
||||
mkdir -p /certs/ironic
|
||||
mkdir -p /certs/ironic-inspector
|
||||
mkdir -p /certs/ca/ironic
|
||||
mkdir -p /certs/ca/ironic-inspector
|
||||
mkdir -p /certs/ipxe
|
||||
mkdir -p /certs/vmedia
|
||||
|
||||
if [[ -f "$IRONIC_CERT_FILE" ]] && [[ ! -f "$IRONIC_KEY_FILE" ]]; then
|
||||
echo "Missing TLS Certificate key file $IRONIC_KEY_FILE"
|
||||
@@ -33,15 +34,6 @@ if [[ ! -f "$IRONIC_CERT_FILE" ]] && [[ -f "$IRONIC_KEY_FILE" ]]; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ -f "$IRONIC_INSPECTOR_CERT_FILE" ]] && [[ ! -f "$IRONIC_INSPECTOR_KEY_FILE" ]]; then
|
||||
echo "Missing TLS Certificate key file $IRONIC_INSPECTOR_KEY_FILE"
|
||||
exit 1
|
||||
fi
|
||||
if [[ ! -f "$IRONIC_INSPECTOR_CERT_FILE" ]] && [[ -f "$IRONIC_INSPECTOR_KEY_FILE" ]]; then
|
||||
echo "Missing TLS Certificate file $IRONIC_INSPECTOR_CERT_FILE"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ -f "$IRONIC_VMEDIA_CERT_FILE" ]] && [[ ! -f "$IRONIC_VMEDIA_KEY_FILE" ]]; then
|
||||
echo "Missing TLS Certificate key file $IRONIC_VMEDIA_KEY_FILE"
|
||||
exit 1
|
||||
@@ -51,6 +43,15 @@ if [[ ! -f "$IRONIC_VMEDIA_CERT_FILE" ]] && [[ -f "$IRONIC_VMEDIA_KEY_FILE" ]];
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ -f "$IPXE_CERT_FILE" ]] && [[ ! -f "$IPXE_KEY_FILE" ]]; then
|
||||
echo "Missing TLS Certificate key file $IPXE_KEY_FILE"
|
||||
exit 1
|
||||
fi
|
||||
if [[ ! -f "$IPXE_CERT_FILE" ]] && [[ -f "$IPXE_KEY_FILE" ]]; then
|
||||
echo "Missing TLS Certificate file $IPXE_CERT_FILE"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
copy_atomic()
|
||||
{
|
||||
local src="$1"
|
||||
@@ -75,25 +76,20 @@ else
|
||||
export IRONIC_SCHEME="http"
|
||||
fi
|
||||
|
||||
if [[ -f "$IRONIC_INSPECTOR_CERT_FILE" ]] || [[ -f "$IRONIC_INSPECTOR_CACERT_FILE" ]]; then
|
||||
export IRONIC_INSPECTOR_TLS_SETUP="true"
|
||||
export IRONIC_INSPECTOR_SCHEME="https"
|
||||
if [[ ! -f "$IRONIC_INSPECTOR_CACERT_FILE" ]]; then
|
||||
copy_atomic "$IRONIC_INSPECTOR_CERT_FILE" "$IRONIC_INSPECTOR_CACERT_FILE"
|
||||
fi
|
||||
else
|
||||
export IRONIC_INSPECTOR_TLS_SETUP="false"
|
||||
export IRONIC_INSPECTOR_SCHEME="http"
|
||||
fi
|
||||
|
||||
if [[ -f "$IRONIC_VMEDIA_CERT_FILE" ]]; then
|
||||
export IRONIC_VMEDIA_SCHEME="https"
|
||||
export IRONIC_VMEDIA_TLS_SETUP="true"
|
||||
else
|
||||
export IRONIC_VMEDIA_SCHEME="http"
|
||||
export IRONIC_VMEDIA_TLS_SETUP="false"
|
||||
fi
|
||||
|
||||
if [[ -f "$IPXE_CERT_FILE" ]]; then
|
||||
export IPXE_SCHEME="https"
|
||||
export IPXE_TLS_SETUP="true"
|
||||
else
|
||||
export IPXE_SCHEME="http"
|
||||
export IPXE_TLS_SETUP="false"
|
||||
fi
|
||||
|
||||
if [[ -f "$MARIADB_CACERT_FILE" ]]; then
|
||||
export MARIADB_TLS_ENABLED="true"
|
||||
else
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:2.0.0
|
||||
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:2.0.0-%RELEASE%
|
||||
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.0
|
||||
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.0-%RELEASE%
|
||||
#!BuildVersion: 15.6
|
||||
ARG SLE_VERSION
|
||||
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
|
||||
@@ -8,7 +8,7 @@ FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
|
||||
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
|
||||
COPY --from=micro / /installroot/
|
||||
RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
|
||||
RUN zypper --installroot /installroot --non-interactive install --no-recommends openstack-ironic-image-x86_64 python311-devel python311 python311-pip tar gawk git curl xz fakeroot shadow sed cpio; zypper -n clean; rm -rf /var/log/*
|
||||
RUN zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-x86_64 python311-devel python311 python311-pip tar gawk git curl xz fakeroot shadow sed cpio; zypper -n clean; rm -rf /var/log/*
|
||||
#RUN zypper --installroot /installroot --non-interactive install --no-recommends sles-release;
|
||||
RUN cp /usr/bin/getopt /installroot/
|
||||
|
||||
@@ -19,13 +19,13 @@ FROM micro AS final
|
||||
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
|
||||
LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
|
||||
LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
|
||||
LABEL org.opencontainers.image.version="2.0.0"
|
||||
LABEL org.opencontainers.image.version="3.0.0"
|
||||
LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
|
||||
LABEL org.opencontainers.image.created="%BUILDTIME%"
|
||||
LABEL org.opencontainers.image.vendor="SUSE LLC"
|
||||
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:2.0.0-%RELEASE%"
|
||||
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.0-%RELEASE%"
|
||||
LABEL org.openbuildservice.disturl="%DISTURL%"
|
||||
LABEL com.suse.supportlevel="l3"
|
||||
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
|
||||
LABEL com.suse.eula="SUSE Combined EULA February 2024"
|
||||
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
|
||||
LABEL com.suse.image-type="application"
|
||||
|
||||
@@ -3,8 +3,8 @@
|
||||
<service mode="buildtime" name="docker_label_helper"/>
|
||||
<service name="replace_using_package_version" mode="buildtime">
|
||||
<param name="file">Dockerfile</param>
|
||||
<param name="regex">%%openstack-ironic-image-x86_64_version%%</param>
|
||||
<param name="package">openstack-ironic-image-x86_64</param>
|
||||
<param name="regex">%%ironic-ipa-ramdisk-x86_64_version%%</param>
|
||||
<param name="package">ironic-ipa-ramdisk-x86_64</param>
|
||||
<param name="parse-version">patch</param>
|
||||
</service>
|
||||
<service name="replace_using_env" mode="buildtime">
|
||||
@@ -13,5 +13,7 @@
|
||||
<param name="var">IMG_PREFIX</param>
|
||||
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
|
||||
<param name="var">IMG_REPO</param>
|
||||
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
|
||||
<param name="var">SUPPORT_LEVEL</param>
|
||||
</service>
|
||||
</services>
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<image schemaversion="7.4" name="openstack-ironic-image">
|
||||
<image schemaversion="7.4" name="openstack-ironic-image-201">
|
||||
<description type="system">
|
||||
<author>Cloud developers</author>
|
||||
<contact>cloud-devel@suse.de</contact>
|
||||
@@ -18,15 +18,15 @@
|
||||
# needsbinariesforbuild
|
||||
|
||||
|
||||
Name: openstack-ironic-image
|
||||
Version: 2.0.0
|
||||
Name: ironic-ipa-ramdisk
|
||||
Version: 3.0.0
|
||||
Release: 0
|
||||
Summary: Kernel and ramdisk image for OpenStack Ironic
|
||||
License: SUSE-EULA
|
||||
Group: System/Management
|
||||
URL: https://github.com/SUSE-Cloud/
|
||||
Source0: config.sh
|
||||
Source10: openstack-ironic-image.kiwi
|
||||
Source10: ironic-ipa-ramdisk.kiwi
|
||||
Source20: root.tar.bz2
|
||||
|
||||
BuildRequires: -post-build-checks
|
||||
BIN
ironic-ipa-ramdisk/root.tar.bz2
Normal file
BIN
ironic-ipa-ramdisk/root.tar.bz2
Normal file
Binary file not shown.
35
kube-rbac-proxy-image/Dockerfile
Normal file
35
kube-rbac-proxy-image/Dockerfile
Normal file
@@ -0,0 +1,35 @@
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
#!BuildTag: %%IMG_PREFIX%%kube-rbac-proxy:%%kube-rbac-proxy_version%%
|
||||
#!BuildTag: %%IMG_PREFIX%%kube-rbac-proxy:%%kube-rbac-proxy_version%%-%RELEASE%
|
||||
#!BuildVersion: 15.6
|
||||
ARG SLE_VERSION
|
||||
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
|
||||
|
||||
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
|
||||
COPY --from=micro / /installroot/
|
||||
RUN zypper --installroot /installroot --non-interactive install --no-recommends kube-rbac-proxy; zypper -n clean; rm -rf /var/log/*
|
||||
|
||||
FROM micro AS final
|
||||
# Define labels according to https://en.opensuse.org/Building_derived_containers
|
||||
# labelprefix=com.suse.application.kube-rbac-proxy
|
||||
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
|
||||
LABEL org.opencontainers.image.title="SLE kube-rbac-proxy Container Image"
|
||||
LABEL org.opencontainers.image.description="kube-rbac-proxy based on the SLE Base Container Image."
|
||||
LABEL org.opencontainers.image.version="%%kube-rbac-proxy_version%%"
|
||||
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
|
||||
LABEL org.opencontainers.image.created="%BUILDTIME%"
|
||||
LABEL org.opencontainers.image.vendor="SUSE LLC"
|
||||
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kube-rbac-proxy:%%kube-rbac-proxy_version%%-%RELEASE%"
|
||||
LABEL org.openbuildservice.disturl="%DISTURL%"
|
||||
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
|
||||
LABEL com.suse.eula="SUSE Combined EULA February 2024"
|
||||
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
|
||||
LABEL com.suse.image-type="application"
|
||||
LABEL com.suse.release-stage="released"
|
||||
# endlabelprefix
|
||||
|
||||
COPY --from=base /installroot /
|
||||
#Install kube-rbac-proxy
|
||||
EXPOSE 8080
|
||||
USER 65532:65532
|
||||
ENTRYPOINT ["/kube-rbac-proxy"]
|
||||
19
kube-rbac-proxy-image/_service
Normal file
19
kube-rbac-proxy-image/_service
Normal file
@@ -0,0 +1,19 @@
|
||||
<services>
|
||||
<service mode="buildtime" name="kiwi_metainfo_helper"/>
|
||||
<service mode="buildtime" name="docker_label_helper"/>
|
||||
<service name="replace_using_package_version" mode="buildtime">
|
||||
<param name="file">Dockerfile</param>
|
||||
<param name="regex">%%kube-rbac-proxy_version%%</param>
|
||||
<param name="package">kube-rbac-proxy</param>
|
||||
<param name="parse-version">patch</param>
|
||||
</service>
|
||||
<service name="replace_using_env" mode="buildtime">
|
||||
<param name="file">Dockerfile</param>
|
||||
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
|
||||
<param name="var">IMG_PREFIX</param>
|
||||
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
|
||||
<param name="var">IMG_REPO</param>
|
||||
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
|
||||
<param name="var">SUPPORT_LEVEL</param>
|
||||
</service>
|
||||
</services>
|
||||
@@ -2,7 +2,7 @@
|
||||
<service name="obs_scm">
|
||||
<param name="url">https://github.com/brancz/kube-rbac-proxy</param>
|
||||
<param name="scm">git</param>
|
||||
<param name="revision">v0.18.0</param>
|
||||
<param name="revision">v0.18.1</param>
|
||||
<param name="version">_auto_</param>
|
||||
<param name="versionformat">@PARENT_TAG@</param>
|
||||
<param name="changesgenerate">enable</param>
|
||||
@@ -20,4 +20,4 @@
|
||||
<service name="go_modules">
|
||||
</service>
|
||||
<service mode="buildtime" name="set_version" />
|
||||
</services>
|
||||
</services>
|
||||
|
||||
@@ -17,14 +17,14 @@
|
||||
|
||||
|
||||
Name: kube-rbac-proxy
|
||||
Version: 0.18.0
|
||||
Release: 0.18.0
|
||||
Version: 0.18.1
|
||||
Release: 0.18.1
|
||||
Summary: The kube-rbac-proxy is a small HTTP proxy for a single upstream
|
||||
License: Apache-2.0
|
||||
URL: https://github.com/brancz/kube-rbac-proxy
|
||||
Source: kube-rbac-proxy-%{version}.tar.gz
|
||||
Source1: vendor.tar.gz
|
||||
BuildRequires: golang(API) = 1.22
|
||||
BuildRequires: golang(API) = 1.23
|
||||
ExcludeArch: s390
|
||||
ExcludeArch: %{ix86}
|
||||
|
||||
|
||||
@@ -59,7 +59,7 @@ prometheus:
|
||||
# the image to be used for the kuberbacproxy container
|
||||
rbacProxy:
|
||||
repository: "%%IMG_REPO%%/%%IMG_PREFIX%%kube-rbac-proxy"
|
||||
tag: "v0.18.0"
|
||||
tag: "0.18.1"
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
# Prometheus Operator PodMonitors
|
||||
|
||||
@@ -21,7 +21,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
|
||||
LABEL org.opencontainers.image.vendor="SUSE LLC"
|
||||
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%metallb-controller:v%%metallb-controller_version%%-%RELEASE%"
|
||||
LABEL org.openbuildservice.disturl="%DISTURL%"
|
||||
LABEL com.suse.supportlevel="l3"
|
||||
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
|
||||
LABEL com.suse.eula="SUSE Combined EULA February 2024"
|
||||
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
|
||||
LABEL com.suse.image-type="application"
|
||||
|
||||
@@ -13,5 +13,7 @@
|
||||
<param name="var">IMG_PREFIX</param>
|
||||
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
|
||||
<param name="var">IMG_REPO</param>
|
||||
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
|
||||
<param name="var">SUPPORT_LEVEL</param>
|
||||
</service>
|
||||
</services>
|
||||
@@ -21,7 +21,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
|
||||
LABEL org.opencontainers.image.vendor="SUSE LLC"
|
||||
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%metallb-speaker:v%%metallb-speaker_version%%-%RELEASE%"
|
||||
LABEL org.openbuildservice.disturl="%DISTURL%"
|
||||
LABEL com.suse.supportlevel="l3"
|
||||
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
|
||||
LABEL com.suse.eula="SUSE Combined EULA February 2024"
|
||||
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
|
||||
LABEL com.suse.image-type="application"
|
||||
|
||||
@@ -13,5 +13,7 @@
|
||||
<param name="var">IMG_PREFIX</param>
|
||||
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
|
||||
<param name="var">IMG_REPO</param>
|
||||
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
|
||||
<param name="var">SUPPORT_LEVEL</param>
|
||||
</service>
|
||||
</services>
|
||||
BIN
openstack-ironic-image/root.tar.bz2
(Stored with Git LFS)
BIN
openstack-ironic-image/root.tar.bz2
(Stored with Git LFS)
Binary file not shown.
@@ -1,10 +1,10 @@
|
||||
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:0.3.3
|
||||
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:0.3.3-%RELEASE%
|
||||
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:302.0.0_up0.13.0
|
||||
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:302.0.0_up0.13.0
|
||||
apiVersion: v2
|
||||
appVersion: 0.11.0
|
||||
appVersion: 0.13.0
|
||||
description: Rancher Turtles utility chart for airgap scenarios
|
||||
home: https://github.com/rancher/turtles/
|
||||
icon: https://raw.githubusercontent.com/rancher/turtles/main/logos/capi.svg
|
||||
name: rancher-turtles-airgap-resources
|
||||
type: application
|
||||
version: 0.3.3
|
||||
version: 302.0.0+up0.13.0
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
<service mode="buildtime" name="kiwi_metainfo_helper"/>
|
||||
<service name="replace_using_env" mode="buildtime">
|
||||
<param name="file">Chart.yaml</param>
|
||||
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %img_prefix)</param>
|
||||
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
|
||||
<param name="var">IMG_PREFIX</param>
|
||||
</service>
|
||||
</services>
|
||||
|
||||
File diff suppressed because one or more lines are too long
@@ -3647,7 +3647,7 @@ data:
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: capm3-capm3fasttrack-configmap
|
||||
image: quay.io/metal3-io/cluster-api-provider-metal3:v1.7.1
|
||||
image: quay.io/metal3-io/cluster-api-provider-metal3:v1.7.2
|
||||
imagePullPolicy: IfNotPresent
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
@@ -3731,7 +3731,7 @@ data:
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
image: quay.io/metal3-io/ip-address-manager:v1.7.1
|
||||
image: quay.io/metal3-io/ip-address-manager:v1.7.2
|
||||
imagePullPolicy: IfNotPresent
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
@@ -4384,7 +4384,7 @@ data:
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: v1.7.1
|
||||
name: v1.7.2
|
||||
namespace: capm3-system
|
||||
labels:
|
||||
provider-components: metal3
|
||||
|
||||
@@ -868,6 +868,11 @@ data:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
podSecurityAdmissionConfigFile:
|
||||
description: |-
|
||||
PodSecurityPolicyConfigFile contains the path to the PodSecurityPolicy configuration file. The file can be passed through
|
||||
spec.Files field.
|
||||
type: string
|
||||
protectKernelDefaults:
|
||||
description: |-
|
||||
ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults.
|
||||
@@ -2050,6 +2055,11 @@ data:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
podSecurityAdmissionConfigFile:
|
||||
description: |-
|
||||
PodSecurityPolicyConfigFile contains the path to the PodSecurityPolicy configuration file. The file can be passed through
|
||||
spec.Files field.
|
||||
type: string
|
||||
protectKernelDefaults:
|
||||
description: |-
|
||||
ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults.
|
||||
@@ -2535,7 +2545,7 @@ data:
|
||||
- --insecure-diagnostics=${CAPRKE2_INSECURE_DIAGNOSTICS:=false}
|
||||
command:
|
||||
- /manager
|
||||
image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.7.1
|
||||
image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.8.0
|
||||
imagePullPolicy: IfNotPresent
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
@@ -2742,10 +2752,13 @@ data:
|
||||
- major: 0
|
||||
minor: 7
|
||||
contract: v1beta1
|
||||
- major: 0
|
||||
minor: 8
|
||||
contract: v1beta1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: v0.7.1
|
||||
name: v0.8.0
|
||||
namespace: rke2-bootstrap-system
|
||||
labels:
|
||||
provider-components: rke2-bootstrap
|
||||
|
||||
@@ -1513,6 +1513,11 @@ data:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
podSecurityAdmissionConfigFile:
|
||||
description: |-
|
||||
PodSecurityPolicyConfigFile contains the path to the PodSecurityPolicy configuration file. The file can be passed through
|
||||
spec.Files field.
|
||||
type: string
|
||||
protectKernelDefaults:
|
||||
description: |-
|
||||
ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults.
|
||||
@@ -2926,6 +2931,11 @@ data:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
podSecurityAdmissionConfigFile:
|
||||
description: |-
|
||||
PodSecurityPolicyConfigFile contains the path to the PodSecurityPolicy configuration file. The file can be passed through
|
||||
spec.Files field.
|
||||
type: string
|
||||
protectKernelDefaults:
|
||||
description: |-
|
||||
ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults.
|
||||
@@ -4285,7 +4295,7 @@ data:
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.uid
|
||||
image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.7.1
|
||||
image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.8.0
|
||||
imagePullPolicy: IfNotPresent
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
@@ -4499,10 +4509,13 @@ data:
|
||||
- major: 0
|
||||
minor: 7
|
||||
contract: v1beta1
|
||||
- major: 0
|
||||
minor: 8
|
||||
contract: v1beta1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: v0.7.1
|
||||
name: v0.8.0
|
||||
namespace: rke2-control-plane-system
|
||||
labels:
|
||||
provider-components: rke2-control-plane
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
dependencies:
|
||||
- name: cluster-api-operator
|
||||
repository: https://kubernetes-sigs.github.io/cluster-api-operator
|
||||
version: 0.12.0
|
||||
digest: sha256:c167c074ca89ef7a520ec18a5afd380b9edaee513810aa3ac0e0bda51db9c526
|
||||
generated: "2024-08-22T14:23:18.589443298Z"
|
||||
version: 0.14.0
|
||||
digest: sha256:9e9e851dbab3212c279efec06bcf0da147228ea1590470f3a8cbbb5806a250d4
|
||||
generated: "2024-10-28T11:44:34.392387979Z"
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:0.3.3
|
||||
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:0.3.3-%RELEASE%
|
||||
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:302.0.0_up0.13.0
|
||||
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:302.0.0_up0.13.0-%RELEASE%
|
||||
annotations:
|
||||
catalog.cattle.io/certified: rancher
|
||||
catalog.cattle.io/display-name: Rancher Turtles - the Cluster API Extension
|
||||
@@ -12,12 +12,12 @@ annotations:
|
||||
catalog.cattle.io/scope: management
|
||||
catalog.cattle.io/type: cluster-tool
|
||||
apiVersion: v2
|
||||
appVersion: 0.11.0
|
||||
appVersion: 0.13.0
|
||||
dependencies:
|
||||
- condition: cluster-api-operator.enabled
|
||||
name: cluster-api-operator
|
||||
repository: file://./charts/cluster-api-operator
|
||||
version: 0.12.0
|
||||
version: 0.14.0
|
||||
description: Rancher Turtles is an extension to Rancher that brings full Cluster API
|
||||
integration to Rancher.
|
||||
home: https://github.com/rancher/turtles/
|
||||
@@ -29,4 +29,4 @@ keywords:
|
||||
- provisioning
|
||||
name: rancher-turtles
|
||||
type: application
|
||||
version: 0.3.3+up0.11.0
|
||||
version: 302.0.0+up0.13.0
|
||||
|
||||
@@ -1,6 +1,4 @@
|
||||
## Changes since test/v0.11.0
|
||||
---
|
||||
## :chart_with_upwards_trend: Overview
|
||||
|
||||
|
||||
_Thanks to all our contributors!_ 😊
|
||||
gh: To use GitHub CLI in a GitHub Actions workflow, set the GH_TOKEN environment variable. Example:
|
||||
env:
|
||||
GH_TOKEN: ${{ github.token }}
|
||||
: exit status 4
|
||||
|
||||
@@ -2,14 +2,14 @@
|
||||
<service mode="buildtime" name="kiwi_metainfo_helper"/>
|
||||
<service name="replace_using_env" mode="buildtime">
|
||||
<param name="file">values.yaml</param>
|
||||
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %img_prefix)</param>
|
||||
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
|
||||
<param name="var">IMG_PREFIX</param>
|
||||
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
|
||||
<param name="var">IMG_REPO</param>
|
||||
</service>
|
||||
<service name="replace_using_env" mode="buildtime">
|
||||
<param name="file">Chart.yaml</param>
|
||||
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %img_prefix)</param>
|
||||
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
|
||||
<param name="var">IMG_PREFIX</param>
|
||||
</service>
|
||||
</services>
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
apiVersion: v2
|
||||
appVersion: 0.12.0
|
||||
appVersion: 0.14.0
|
||||
description: Cluster API Operator
|
||||
name: cluster-api-operator
|
||||
type: application
|
||||
version: 0.12.0
|
||||
version: 0.14.0
|
||||
|
||||
@@ -26,7 +26,7 @@ apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
annotations:
|
||||
"helm.sh/hook": "post-install"
|
||||
"helm.sh/hook": "post-install,post-upgrade"
|
||||
"helm.sh/hook-weight": "1"
|
||||
"argocd.argoproj.io/sync-wave": "1"
|
||||
name: {{ $addonNamespace }}
|
||||
@@ -37,7 +37,7 @@ metadata:
|
||||
name: {{ $addonName }}
|
||||
namespace: {{ $addonNamespace }}
|
||||
annotations:
|
||||
"helm.sh/hook": "post-install"
|
||||
"helm.sh/hook": "post-install,post-upgrade"
|
||||
"helm.sh/hook-weight": "2"
|
||||
"argocd.argoproj.io/sync-wave": "2"
|
||||
{{- if or $addonVersion $.Values.secretName }}
|
||||
|
||||
@@ -26,7 +26,7 @@ apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
annotations:
|
||||
"helm.sh/hook": "post-install"
|
||||
"helm.sh/hook": "post-install,post-upgrade"
|
||||
"helm.sh/hook-weight": "1"
|
||||
name: {{ $bootstrapNamespace }}
|
||||
---
|
||||
@@ -36,7 +36,7 @@ metadata:
|
||||
name: {{ $bootstrapName }}
|
||||
namespace: {{ $bootstrapNamespace }}
|
||||
annotations:
|
||||
"helm.sh/hook": "post-install"
|
||||
"helm.sh/hook": "post-install,post-upgrade"
|
||||
"helm.sh/hook-weight": "2"
|
||||
{{- if or $bootstrapVersion $.Values.configSecret.name }}
|
||||
spec:
|
||||
|
||||
@@ -26,7 +26,7 @@ apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
annotations:
|
||||
"helm.sh/hook": "post-install"
|
||||
"helm.sh/hook": "post-install,post-upgrade"
|
||||
"helm.sh/hook-weight": "1"
|
||||
name: {{ $controlPlaneNamespace }}
|
||||
---
|
||||
@@ -36,7 +36,7 @@ metadata:
|
||||
name: {{ $controlPlaneName }}
|
||||
namespace: {{ $controlPlaneNamespace }}
|
||||
annotations:
|
||||
"helm.sh/hook": "post-install"
|
||||
"helm.sh/hook": "post-install,post-upgrade"
|
||||
"helm.sh/hook-weight": "2"
|
||||
{{- if or $controlPlaneVersion $.Values.configSecret.name }}
|
||||
spec:
|
||||
|
||||
@@ -6,7 +6,7 @@ apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
annotations:
|
||||
"helm.sh/hook": "post-install"
|
||||
"helm.sh/hook": "post-install,post-upgrade"
|
||||
"helm.sh/hook-weight": "1"
|
||||
name: capi-system
|
||||
---
|
||||
@@ -16,7 +16,7 @@ metadata:
|
||||
name: cluster-api
|
||||
namespace: capi-system
|
||||
annotations:
|
||||
"helm.sh/hook": "post-install"
|
||||
"helm.sh/hook": "post-install,post-upgrade"
|
||||
"helm.sh/hook-weight": "2"
|
||||
{{- with .Values.configSecret }}
|
||||
spec:
|
||||
|
||||
@@ -25,7 +25,7 @@ apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
annotations:
|
||||
"helm.sh/hook": "post-install"
|
||||
"helm.sh/hook": "post-install,post-upgrade"
|
||||
"helm.sh/hook-weight": "1"
|
||||
name: {{ $coreNamespace }}
|
||||
---
|
||||
@@ -35,7 +35,7 @@ metadata:
|
||||
name: {{ $coreName }}
|
||||
namespace: {{ $coreNamespace }}
|
||||
annotations:
|
||||
"helm.sh/hook": "post-install"
|
||||
"helm.sh/hook": "post-install,post-upgrade"
|
||||
"helm.sh/hook-weight": "2"
|
||||
"argocd.argoproj.io/sync-wave": "2"
|
||||
{{- if or $coreVersion $.Values.configSecret.name }}
|
||||
|
||||
@@ -74,6 +74,9 @@ spec:
|
||||
{{- if .Values.insecureDiagnostics }}
|
||||
- --insecure-diagnostics={{ .Values.insecureDiagnostics }}
|
||||
{{- end }}
|
||||
{{- if .Values.watchConfigSecret }}
|
||||
- --watch-configsecret
|
||||
{{- end }}
|
||||
{{- with .Values.leaderElection }}
|
||||
- --leader-elect={{ .enabled }}
|
||||
{{- if .leaseDuration }}
|
||||
|
||||
@@ -7,7 +7,7 @@ apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
annotations:
|
||||
"helm.sh/hook": "post-install"
|
||||
"helm.sh/hook": "post-install,post-upgrade"
|
||||
"helm.sh/hook-weight": "1"
|
||||
"argocd.argoproj.io/sync-wave": "1"
|
||||
name: capi-kubeadm-bootstrap-system
|
||||
@@ -18,7 +18,7 @@ metadata:
|
||||
name: kubeadm
|
||||
namespace: capi-kubeadm-bootstrap-system
|
||||
annotations:
|
||||
"helm.sh/hook": "post-install"
|
||||
"helm.sh/hook": "post-install,post-upgrade"
|
||||
"helm.sh/hook-weight": "2"
|
||||
"argocd.argoproj.io/sync-wave": "2"
|
||||
{{- with .Values.configSecret }}
|
||||
@@ -37,7 +37,7 @@ apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
annotations:
|
||||
"helm.sh/hook": "post-install"
|
||||
"helm.sh/hook": "post-install,post-upgrade"
|
||||
"helm.sh/hook-weight": "1"
|
||||
"argocd.argoproj.io/sync-wave": "1"
|
||||
name: capi-kubeadm-control-plane-system
|
||||
@@ -48,7 +48,7 @@ metadata:
|
||||
name: kubeadm
|
||||
namespace: capi-kubeadm-control-plane-system
|
||||
annotations:
|
||||
"helm.sh/hook": "post-install"
|
||||
"helm.sh/hook": "post-install,post-upgrade"
|
||||
"helm.sh/hook-weight": "2"
|
||||
"argocd.argoproj.io/sync-wave": "2"
|
||||
{{- with .Values.configSecret }}
|
||||
|
||||
@@ -1,13 +1,3 @@
|
||||
{{- define "recursivePrinter" }}
|
||||
{{- range $key, $value := . }}
|
||||
{{- if kindIs "map" $value }}
|
||||
{{ $key }}:
|
||||
{{- include "recursivePrinter" $value | indent 2 }}
|
||||
{{- else }}
|
||||
{{ $key }}: {{ $value }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
# Infrastructure providers
|
||||
{{- if .Values.infrastructure }}
|
||||
{{- $infrastructures := split ";" .Values.infrastructure }}
|
||||
@@ -36,7 +26,7 @@ apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
annotations:
|
||||
"helm.sh/hook": "post-install"
|
||||
"helm.sh/hook": "post-install,post-upgrade"
|
||||
"helm.sh/hook-weight": "1"
|
||||
"argocd.argoproj.io/sync-wave": "1"
|
||||
name: {{ $infrastructureNamespace }}
|
||||
@@ -47,7 +37,7 @@ metadata:
|
||||
name: {{ $infrastructureName }}
|
||||
namespace: {{ $infrastructureNamespace }}
|
||||
annotations:
|
||||
"helm.sh/hook": "post-install"
|
||||
"helm.sh/hook": "post-install,post-upgrade"
|
||||
"helm.sh/hook-weight": "2"
|
||||
"argocd.argoproj.io/sync-wave": "2"
|
||||
{{- if or $infrastructureVersion $.Values.configSecret.name $.Values.manager $.Values.additionalDeployments }}
|
||||
@@ -77,8 +67,7 @@ spec:
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if $.Values.additionalDeployments }}
|
||||
additionalDeployments:
|
||||
{{- include "recursivePrinter" $.Values.additionalDeployments | indent 2 }}
|
||||
additionalDeployments: {{ toYaml $.Values.additionalDeployments | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
@@ -13,7 +13,6 @@ spec:
|
||||
strategy: Webhook
|
||||
webhook:
|
||||
clientConfig:
|
||||
caBundle: Cg==
|
||||
service:
|
||||
name: capi-operator-webhook-service
|
||||
namespace: '{{ .Release.Namespace }}'
|
||||
@@ -3023,7 +3022,6 @@ spec:
|
||||
strategy: Webhook
|
||||
webhook:
|
||||
clientConfig:
|
||||
caBundle: Cg==
|
||||
service:
|
||||
name: capi-operator-webhook-service
|
||||
namespace: '{{ .Release.Namespace }}'
|
||||
@@ -7618,7 +7616,6 @@ spec:
|
||||
strategy: Webhook
|
||||
webhook:
|
||||
clientConfig:
|
||||
caBundle: Cg==
|
||||
service:
|
||||
name: capi-operator-webhook-service
|
||||
namespace: '{{ .Release.Namespace }}'
|
||||
@@ -12216,7 +12213,6 @@ spec:
|
||||
strategy: Webhook
|
||||
webhook:
|
||||
clientConfig:
|
||||
caBundle: Cg==
|
||||
service:
|
||||
name: capi-operator-webhook-service
|
||||
namespace: '{{ .Release.Namespace }}'
|
||||
@@ -16811,7 +16807,6 @@ spec:
|
||||
strategy: Webhook
|
||||
webhook:
|
||||
clientConfig:
|
||||
caBundle: Cg==
|
||||
service:
|
||||
name: capi-operator-webhook-service
|
||||
namespace: '{{ .Release.Namespace }}'
|
||||
@@ -21409,7 +21404,6 @@ spec:
|
||||
strategy: Webhook
|
||||
webhook:
|
||||
clientConfig:
|
||||
caBundle: Cg==
|
||||
service:
|
||||
name: capi-operator-webhook-service
|
||||
namespace: '{{ .Release.Namespace }}'
|
||||
@@ -24419,7 +24413,6 @@ spec:
|
||||
strategy: Webhook
|
||||
webhook:
|
||||
clientConfig:
|
||||
caBundle: Cg==
|
||||
service:
|
||||
name: capi-operator-webhook-service
|
||||
namespace: '{{ .Release.Namespace }}'
|
||||
|
||||
@@ -19,7 +19,7 @@ leaderElection:
|
||||
image:
|
||||
manager:
|
||||
repository: registry.k8s.io/capi-operator/cluster-api-operator
|
||||
tag: v0.12.0
|
||||
tag: v0.14.0
|
||||
pullPolicy: IfNotPresent
|
||||
env:
|
||||
manager: []
|
||||
@@ -27,6 +27,7 @@ healthAddr: ":8081"
|
||||
metricsBindAddr: "127.0.0.1:8080"
|
||||
diagnosticsAddress: "8443"
|
||||
insecureDiagnostics: false
|
||||
watchConfigSecret: false
|
||||
imagePullSecrets: {}
|
||||
resources:
|
||||
manager:
|
||||
|
||||
@@ -0,0 +1,66 @@
|
||||
{{- if index .Values "rancherTurtles" "features" "rancher-webhook" "cleanup" }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: pre-upgrade-job
|
||||
namespace: '{{ .Values.rancherTurtles.namespace }}'
|
||||
annotations:
|
||||
"helm.sh/hook": "post-delete, pre-upgrade"
|
||||
"helm.sh/hook-weight": "-2"
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: pre-upgrade-job-delete-clusterctl-configmap
|
||||
annotations:
|
||||
"helm.sh/hook": "post-delete, pre-upgrade"
|
||||
"helm.sh/hook-weight": "-2"
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- configmaps
|
||||
verbs:
|
||||
- list
|
||||
- delete
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: pre-upgrade-job-clusterctl-configmap-cleanup
|
||||
annotations:
|
||||
"helm.sh/hook": "post-delete, pre-upgrade"
|
||||
"helm.sh/hook-weight": "-2"
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: pre-upgrade-job
|
||||
namespace: '{{ .Values.rancherTurtles.namespace }}'
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: pre-upgrade-job-delete-clusterctl-configmap
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: rancher-clusterctl-configmap-cleanup
|
||||
namespace: '{{ .Values.rancherTurtles.namespace }}'
|
||||
annotations:
|
||||
"helm.sh/hook": "post-delete, pre-upgrade"
|
||||
"helm.sh/hook-weight": "-1"
|
||||
spec:
|
||||
ttlSecondsAfterFinished: 300
|
||||
template:
|
||||
spec:
|
||||
serviceAccountName: pre-upgrade-job
|
||||
containers:
|
||||
- name: rancher-clusterctl-configmap-cleanup
|
||||
image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }}
|
||||
args:
|
||||
- delete
|
||||
- configmap
|
||||
- --namespace={{ .Values.rancherTurtles.namespace }}
|
||||
- clusterctl-config
|
||||
- --ignore-not-found=true
|
||||
restartPolicy: Never
|
||||
{{- end }}
|
||||
@@ -26,7 +26,7 @@ spec:
|
||||
containers:
|
||||
- args:
|
||||
- --leader-elect
|
||||
- --feature-gates=etcd-snapshot-restore={{ index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "enabled"}},propagate-labels={{ index .Values "rancherTurtles" "features" "propagate-labels" "enabled"}},managementv3-cluster={{ index .Values "rancherTurtles" "features" "managementv3-cluster" "enabled"}},rancher-kube-secret-patch={{ index .Values "rancherTurtles" "features" "rancher-kubeconfigs" "label"}}
|
||||
- --feature-gates=propagate-labels={{ index .Values "rancherTurtles" "features" "propagate-labels" "enabled"}},managementv3-cluster={{ index .Values "rancherTurtles" "features" "managementv3-cluster" "enabled"}},rancher-kube-secret-patch={{ index .Values "rancherTurtles" "features" "rancher-kubeconfigs" "label"}}
|
||||
{{- range .Values.rancherTurtles.managerArguments }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
|
||||
@@ -2,6 +2,17 @@
|
||||
{{- $namespace := index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "namespace" }}
|
||||
{{- if not (lookup "v1" "Namespace" "" $namespace) }}
|
||||
---
|
||||
apiVersion: turtles-capi.cattle.io/v1alpha1
|
||||
kind: ClusterctlConfig
|
||||
metadata:
|
||||
name: clusterctl-config
|
||||
namespace: rancher-turtles-system
|
||||
spec:
|
||||
providers:
|
||||
- name: metal3
|
||||
url: "https://github.com/metal3-io/cluster-api-provider-metal3/releases/v1.7.2/infrastructure-components.yaml"
|
||||
type: InfrastructureProvider
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
{{- if index .Values "rancherTurtles" "features" "embedded-capi" "disabled" }}
|
||||
{{- if index .Values "rancherTurtles" "rancherInstalled"}}
|
||||
---
|
||||
apiVersion: management.cattle.io/v3
|
||||
kind: Feature
|
||||
@@ -10,6 +11,7 @@ metadata:
|
||||
spec:
|
||||
value: false
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if index .Values "rancherTurtles" "features" "rancher-webhook" "cleanup" }}
|
||||
---
|
||||
apiVersion: v1
|
||||
|
||||
@@ -18,7 +18,7 @@ spec:
|
||||
- jsonPath: .spec.type
|
||||
name: Type
|
||||
type: string
|
||||
- jsonPath: .spec.name
|
||||
- jsonPath: .status.name
|
||||
name: ProviderName
|
||||
type: string
|
||||
- jsonPath: .status.installedVersion
|
||||
@@ -2979,15 +2979,7 @@ spec:
|
||||
type: string
|
||||
type:
|
||||
description: Type is the type of the provider to enable
|
||||
enum:
|
||||
- infrastructure
|
||||
- core
|
||||
- controlPlane
|
||||
- bootstrap
|
||||
- addon
|
||||
- runtimeextension
|
||||
- ipam
|
||||
example: infrastructure
|
||||
example: InfrastructureProvider
|
||||
type: string
|
||||
variables:
|
||||
additionalProperties:
|
||||
@@ -3073,6 +3065,10 @@ spec:
|
||||
description: InstalledVersion is the version of the provider that
|
||||
is installed.
|
||||
type: string
|
||||
name:
|
||||
description: Name reflects actual provider name, which will be visible
|
||||
to users in 'kubectl get capiproviders -A -o wide'
|
||||
type: string
|
||||
observedGeneration:
|
||||
description: ObservedGeneration is the latest generation observed
|
||||
by the controller.
|
||||
@@ -3102,6 +3098,104 @@ spec:
|
||||
subresources:
|
||||
status: {}
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.14.0
|
||||
helm.sh/resource-policy: keep
|
||||
name: clusterctlconfigs.turtles-capi.cattle.io
|
||||
spec:
|
||||
group: turtles-capi.cattle.io
|
||||
names:
|
||||
kind: ClusterctlConfig
|
||||
listKind: ClusterctlConfigList
|
||||
plural: clusterctlconfigs
|
||||
singular: clusterctlconfig
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: ClusterctlConfig is the Schema for the CAPI Clusterctl config
|
||||
API.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
type: string
|
||||
kind:
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: ClusterctlConfigSpec defines the user overrides for images
|
||||
and known providers with sources
|
||||
properties:
|
||||
images:
|
||||
description: Images is a list of image overrided for specified providers
|
||||
items:
|
||||
description: Image allows to define transformations to apply to
|
||||
the image contained in the YAML manifests.
|
||||
properties:
|
||||
name:
|
||||
description: Name of the provider image override
|
||||
example: all
|
||||
type: string
|
||||
repository:
|
||||
description: Repository sets the container registry override
|
||||
to pull images from.
|
||||
example: my-registry/my-org
|
||||
type: string
|
||||
tag:
|
||||
description: Tag allows to specify a tag for the images.
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
providers:
|
||||
description: Provider overrides
|
||||
items:
|
||||
description: Provider allows to define providers with known URLs
|
||||
to pull the components.
|
||||
properties:
|
||||
name:
|
||||
description: Name of the provider
|
||||
type: string
|
||||
type:
|
||||
description: Type is the type of the provider
|
||||
example: InfrastructureProvider
|
||||
type: string
|
||||
url:
|
||||
description: URL of the provider components. Will be used unless
|
||||
and override is specified
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
- type
|
||||
- url
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-validations:
|
||||
- message: Clusterctl Config should be named clusterctl-config.
|
||||
rule: self.metadata.name == 'clusterctl-config'
|
||||
served: true
|
||||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
@@ -3277,6 +3371,8 @@ rules:
|
||||
resources:
|
||||
- capiproviders
|
||||
- capiproviders/status
|
||||
- clusterctlconfigs
|
||||
- clusterctlconfigs/status
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user