Merge pull request 'Use manifest_repo var to allow for release manifest in separate repo' (#57) from nbelouin/Factory:manifest-repo-var into main

Reviewed-on: suse-edge/Factory#57
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>

.obs/delete_package.py

@@ -21,7 +21,7 @@ def delete_package_from_workflow(name: str):
 
 
 def delete_package_from_project(name: str):
-    p = subprocess.run(["osc", "rdelete", PROJECT, name], stdout=subprocess.PIPE)
+    p = subprocess.run(["osc", "rdelete", PROJECT, name, "-m \"Deleted via delete_package.py\"" ], stdout=subprocess.PIPE)
     print(p.stdout)
     print(p.stderr)
     p.check_returncode()

.obs/workflows.yml

@@ -66,14 +66,6 @@ staging_build:
       source_package: frr-k8s
       source_project: isv:SUSE:Edge:Factory
       target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: cluster-api
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: cluster-api-operator
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
   - branch_package:
       source_package: kubectl
       source_project: isv:SUSE:Edge:Factory
@@ -82,10 +74,6 @@ staging_build:
       source_package: upgrade-controller
       source_project: isv:SUSE:Edge:Factory
       target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: cluster-api-provider-rke2
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
   - branch_package:
       source_package: nm-configurator
       source_project: isv:SUSE:Edge:Factory
@@ -106,38 +94,18 @@ staging_build:
       source_package: hauler
       source_project: isv:SUSE:Edge:Factory
       target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: ip-address-manager
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
   - branch_package:
       source_package: baremetal-operator
       source_project: isv:SUSE:Edge:Factory
       target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: cluster-api-provider-metal3
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
   - branch_package:
       source_package: cdi-chart
       source_project: isv:SUSE:Edge:Factory
       target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: cluster-api-controller-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: cluster-api-provider-metal3-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
   - branch_package:
       source_package: metallb-chart
       source_project: isv:SUSE:Edge:Factory
       target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: cluster-api-operator-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
   - branch_package:
       source_package: sriov-crd-chart
       source_project: isv:SUSE:Edge:Factory
@@ -154,10 +122,6 @@ staging_build:
       source_package: ironic-ipa-downloader-image
       source_project: isv:SUSE:Edge:Factory
       target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: cluster-api-provider-rke2-controlplane-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
   - branch_package:
       source_package: upgrade-controller-image
       source_project: isv:SUSE:Edge:Factory
@@ -170,10 +134,6 @@ staging_build:
       source_package: baremetal-operator-image
       source_project: isv:SUSE:Edge:Factory
       target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: cluster-api-provider-rke2-bootstrap-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
   - branch_package:
       source_package: sriov-network-operator-chart
       source_project: isv:SUSE:Edge:Factory
@@ -182,10 +142,6 @@ staging_build:
       source_package: metallb-controller-image
       source_project: isv:SUSE:Edge:Factory
       target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: ip-address-manager-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
   - branch_package:
       source_package: metallb-speaker-image
       source_project: isv:SUSE:Edge:Factory
@@ -198,10 +154,6 @@ staging_build:
       source_package: cri-tools
       source_project: isv:SUSE:Edge:Factory
       target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: openstack-ironic-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
   - branch_package:
       source_package: crudini
       source_project: isv:SUSE:Edge:Factory
@@ -234,3 +186,27 @@ staging_build:
       source_package: ironic-ipa-ramdisk
       source_project: isv:SUSE:Edge:Factory
       target_project: isv:SUSE:Edge:Factory:Staging
+  - branch_package:
+      source_package: kubevirt-dashboard-extension-chart
+      source_project: isv:SUSE:Edge:Factory
+      target_project: isv:SUSE:Edge:Factory:Staging
+  - branch_package:
+      source_package: kiwi-builder-image
+      source_project: isv:SUSE:Edge:Factory
+      target_project: isv:SUSE:Edge:Factory:Staging
+  - branch_package:
+      source_package: kubevirt-chart
+      source_project: isv:SUSE:Edge:Factory
+      target_project: isv:SUSE:Edge:Factory:Staging
+  - branch_package:
+      source_package: release-manifest-image
+      source_project: isv:SUSE:Edge:Factory
+      target_project: isv:SUSE:Edge:Factory:Staging
+  - branch_package:
+      source_package: frr-image
+      source_project: isv:SUSE:Edge:Factory
+      target_project: isv:SUSE:Edge:Factory:Staging
+  - branch_package:
+      source_package: kubectl-image
+      source_project: isv:SUSE:Edge:Factory
+      target_project: isv:SUSE:Edge:Factory:Staging

akri-chart/Chart.yaml

@@ -1,5 +1,5 @@
-#!BuildTag: %%IMG_PREFIX%%akri-chart:0.12.20
-#!BuildTag: %%IMG_PREFIX%%akri-chart:0.12.20-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%akri-chart:%%CHART_MAJOR%%.0.0_up0.12.20
+#!BuildTag: %%IMG_PREFIX%%akri-chart:%%CHART_MAJOR%%.0.0_up0.12.20-%RELEASE%
 annotations:
   catalog.cattle.io/display-name: Akri
 apiVersion: v2
@@ -8,4 +8,4 @@ description: A Helm chart for Akri
 icon: https://raw.githubusercontent.com/project-akri/akri-docs/main/art/icon/akri-icon-light.svg
 name: akri
 type: application
-version: 0.12.20
+version: "%%CHART_MAJOR%%.0.0+up0.12.20"

akri-chart/_service

@@ -11,5 +11,7 @@
     <param name="file">Chart.yaml</param>
     <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
     <param name="var">IMG_PREFIX</param>
+    <param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
+    <param name="var">CHART_MAJOR</param>
   </service>
 </services>

akri-dashboard-extension-chart/Chart.yaml

@@ -1,20 +1,20 @@
-#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:1.1.0
-#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:1.1.0-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.1
+#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.1-%RELEASE%
 annotations:
   catalog.cattle.io/certified: rancher
   catalog.cattle.io/display-name: Akri
-  catalog.cattle.io/kube-version: '>= v1.26.0-0'
+  catalog.cattle.io/kube-version: ">= v1.26.0-0"
   catalog.cattle.io/namespace: cattle-ui-plugin-system
   catalog.cattle.io/os: linux
   catalog.cattle.io/permits-os: linux, windows
-  catalog.cattle.io/rancher-version: '>= v2.9.0'
+  catalog.cattle.io/rancher-version: ">= 2.10.0-0"
   catalog.cattle.io/scope: management
   catalog.cattle.io/ui-component: plugins
-  catalog.cattle.io/ui-extensions-version: '>= 2.0.1'
+  catalog.cattle.io/ui-extensions-version: ">= 3.0.0 < 4.0.0"
 apiVersion: v2
-appVersion: 1.1.0
-description: 'SUSE Edge: Akri extension for Rancher Dashboard'
+appVersion: 1.2.1
+description: "SUSE Edge: Akri extension for Rancher Dashboard"
 icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/akri/icon/color/akri-icon-color.svg
 name: akri-dashboard-extension
 type: application
-version: 1.1.0
+version: "%%CHART_MAJOR%%.0.0+up1.2.1"

akri-dashboard-extension-chart/_service

@@ -11,5 +11,7 @@
     <param name="file">Chart.yaml</param>
     <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
     <param name="var">IMG_PREFIX</param>
+    <param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
+    <param name="var">CHART_MAJOR</param>
   </service>
 </services>

akri-dashboard-extension-chart/templates/_helpers.tpl

@@ -60,4 +60,4 @@ Pkg annotations
 {{ $key }}: {{ $value | quote }}
 {{- end }}
 {{- end }}
-{{- end }}
+{{- end }}

akri-dashboard-extension-chart/templates/cr.yaml

@@ -8,7 +8,7 @@ spec:
   plugin:
     name: {{ include "extension-server.fullname" . }}
     version: {{ (semver (default .Chart.AppVersion .Values.plugin.versionOverride)).Original }}
-    endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/akri-dashboard-extension/1.1.0
+    endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/akri-dashboard-extension/1.2.1
     noCache: {{ .Values.plugin.noCache }}
     noAuth: {{ .Values.plugin.noAuth }}
-    metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }}
+    metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }}

akri-dashboard-extension-chart/values.yaml

@@ -7,6 +7,6 @@ plugin:
   noAuth: false
   metadata:
     catalog.cattle.io/display-name: Akri
-    catalog.cattle.io/rancher-version: ">= v2.9.0"
-    catalog.cattle.io/ui-extensions-version: ">= 2.0.1"
+    catalog.cattle.io/rancher-version: ">= 2.10.0-0"
+    catalog.cattle.io/ui-extensions-version: ">= 3.0.0 < 4.0.0"
     catalog.cattle.io/kube-version: ">= v1.26.0-0"

cdi-chart/Chart.yaml

@@ -1,9 +1,9 @@
-#!BuildTag: %%IMG_PREFIX%%cdi-chart:0.4.0
-#!BuildTag: %%IMG_PREFIX%%cdi-chart:0.4.0-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%cdi-chart:%%CHART_MAJOR%%.0.0_up0.4.0
+#!BuildTag: %%IMG_PREFIX%%cdi-chart:%%CHART_MAJOR%%.0.0_up0.4.0-%RELEASE%
 apiVersion: v2
 appVersion: 1.60.1
 description: A Helm chart for Containerized Data Importer (CDI)
 icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/kubevirt/icon/color/kubevirt-icon-color.svg
 name: cdi
 type: application
-version: 0.4.0
+version: "%%CHART_MAJOR%%.0.0+up0.4.0"

cdi-chart/_service

@@ -4,5 +4,7 @@
     <param name="file">Chart.yaml</param>
     <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
     <param name="var">IMG_PREFIX</param>
+    <param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
+    <param name="var">CHART_MAJOR</param>
   </service>
 </services>

cluster-api-controller-image/Dockerfile

@@ -1,36 +0,0 @@
-# SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%cluster-api-controller:v%%cluster-api_version%%
-#!BuildTag: %%IMG_PREFIX%%cluster-api-controller:%%cluster-api_version%%
-#!BuildTag: %%IMG_PREFIX%%cluster-api-controller:%%cluster-api_version%%-%RELEASE%
-#!BuildVersion: 15.6
-ARG SLE_VERSION
-FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
-
-FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
-COPY --from=micro / /installroot/
-RUN zypper --installroot /installroot --non-interactive install --no-recommends cluster-api shadow; zypper -n clean; rm -rf /var/log/*
-
-FROM micro AS final
-# Define labels according to https://en.opensuse.org/Building_derived_containers
-# labelprefix=com.suse.application.cluster-api
-LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
-LABEL org.opencontainers.image.title="SLE cluster-api Container Image"
-LABEL org.opencontainers.image.description="cluster-api based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="%%cluster-api_version%%"
-LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
-LABEL org.opencontainers.image.created="%BUILDTIME%"
-LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api:%%cluster-api_version%%-%RELEASE%"
-LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
-LABEL com.suse.eula="SUSE Combined EULA February 2024"
-LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
-LABEL com.suse.image-type="application"
-LABEL com.suse.release-stage="released"
-# endlabelprefix
-
-COPY --from=base /installroot /
-RUN mv /usr/bin/cluster-api-controller /manager
-# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
-USER 65532
-ENTRYPOINT [ "/manager" ]

cluster-api-operator-image/Dockerfile

@@ -1,35 +0,0 @@
-# SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%cluster-api-operator:%%cluster-api-operator_version%%
-#!BuildTag: %%IMG_PREFIX%%cluster-api-operator:%%cluster-api-operator_version%%-%RELEASE%
-#!BuildVersion: 15.6
-ARG SLE_VERSION
-FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
-
-FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
-COPY --from=micro / /installroot/
-RUN zypper --installroot /installroot --non-interactive install --no-recommends cluster-api-operator shadow; zypper -n clean; rm -rf /var/log/*
-
-FROM micro AS final
-# Define labels according to https://en.opensuse.org/Building_derived_containers
-# labelprefix=com.suse.application.cluster-api-operator
-LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
-LABEL org.opencontainers.image.title="SLE cluster-api-operator Container Image"
-LABEL org.opencontainers.image.description="cluster-api-operator based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="%%cluster-api-operator_version%%"
-LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
-LABEL org.opencontainers.image.created="%BUILDTIME%"
-LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-operator:%%cluster-api-operator_version%%-%RELEASE%"
-LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
-LABEL com.suse.eula="SUSE Combined EULA February 2024"
-LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
-LABEL com.suse.image-type="application"
-LABEL com.suse.release-stage="released"
-# endlabelprefix
-
-COPY --from=base /installroot /
-RUN mv /usr/bin/cluster-api-operator-controller /manager
-# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
-USER 65532
-ENTRYPOINT [ "/manager" ]

cluster-api-operator-image/_service

@@ -1,19 +0,0 @@
-<services>
-  <service mode="buildtime" name="kiwi_metainfo_helper"/>
-  <service mode="buildtime" name="docker_label_helper"/>
-  <service name="replace_using_package_version" mode="buildtime">
-    <param name="file">Dockerfile</param>
-    <param name="regex">%%cluster-api-operator_version%%</param>
-    <param name="package">cluster-api-operator</param>
-    <param name="parse-version">patch</param>
-  </service>
-  <service name="replace_using_env" mode="buildtime">
-    <param name="file">Dockerfile</param>
-    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
-    <param name="var">IMG_PREFIX</param>
-    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
-    <param name="var">IMG_REPO</param>
-    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
-    <param name="var">SUPPORT_LEVEL</param>
-  </service>
-</services>

cluster-api-operator/_service

@@ -1,23 +0,0 @@
-<services>
- <service name="obs_scm">
-    <param name="url">https://github.com/kubernetes-sigs/cluster-api-operator</param>
-    <param name="scm">git</param>
-    <param name="revision">v0.12.0</param>
-    <param name="version">_auto_</param>
-    <param name="versionformat">@PARENT_TAG@</param>
-    <param name="changesgenerate">enable</param>
-    <param name="changesauthor">steven.hardy@suse.com</param>
-    <param name="match-tag">v*</param>
-    <param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
-    <param name="without-version">yes</param>
-    <param name="versionrewrite-replacement">\1</param>
-  </service>
-  <service mode="buildtime" name="tar" />
-  <service mode="buildtime" name="recompress">
-    <param name="file">*.tar</param>
-    <param name="compression">gz</param>
-  </service>
-  <service name="go_modules">
-  </service>
-  <service mode="buildtime" name="set_version" />
-</services>

cluster-api-operator/cluster-api-operator.spec

@@ -1,52 +0,0 @@
-#
-# spec file for package cluster-api-operator
-#
-# Copyright (c) 2023 SUSE LLC
-#
-# All modifications and additions to the file contributed by third parties
-# remain the property of their copyright owners, unless otherwise agreed
-# upon. The license for this file, and modifications and additions to the
-# file, is the same license as for the pristine package itself (unless the
-# license for the pristine package is not an Open Source License, in which
-# case the license is the MIT License). An "Open Source License" is a
-# license that conforms to the Open Source Definition (Version 1.9)
-# published by the Open Source Initiative.
-
-# Please submit bugfixes or comments via https://bugs.opensuse.org/
-#
-
-
-Name:           cluster-api-operator
-Version:        0.12.0
-Release:        0
-Summary:        Cluster API Core Controller
-License:        Apache-2.0
-URL:            https://github.com/kubernetes-sigs/cluster-api-operator
-Source:         cluster-api-operator-%{version}.tar.gz
-Source1:        vendor.tar.gz
-BuildRequires:  golang(API) = 1.21
-ExcludeArch:    s390
-ExcludeArch:    %{ix86}
-
-%description
-
-Cluster API operator
-
-%prep
-%autosetup -a1 -n cluster-api-operator-%{version}
-
-%build
-go build \
-   -mod=vendor \
-   -buildmode=pie \
-   -o cluster-api-operator cmd/main.go
-
-%install
-install -D -m0755 cluster-api-operator %{buildroot}%{_bindir}/cluster-api-operator-controller
-
-%files
-%license LICENSE
-%doc README.md
-%{_bindir}/cluster-api-operator-controller
-
-%changelog

cluster-api-provider-metal3-image/Dockerfile

@@ -1,36 +0,0 @@
-# SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-metal3:v%%cluster-api-provider-metal3_version%%
-#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-metal3:%%cluster-api-provider-metal3_version%%
-#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-metal3:%%cluster-api-provider-metal3_version%%-%RELEASE%
-#!BuildVersion: 15.6
-ARG SLE_VERSION
-FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
-
-FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
-COPY --from=micro / /installroot/
-RUN zypper --installroot /installroot --non-interactive install --no-recommends cluster-api-provider-metal3 shadow; zypper -n clean; rm -rf /var/log/*
-
-FROM micro AS final
-# Define labels according to https://en.opensuse.org/Building_derived_containers
-# labelprefix=com.suse.application.cluster-api-provider-metal3
-LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
-LABEL org.opencontainers.image.title="SLE cluster-api-provider-metal3 Container Image"
-LABEL org.opencontainers.image.description="cluster-api-provider-metal3 based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="%%cluster-api-provider-metal3_version%%"
-LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
-LABEL org.opencontainers.image.created="%BUILDTIME%"
-LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-provider-metal3:%%cluster-api-provider-metal3_version%%-%RELEASE%"
-LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
-LABEL com.suse.eula="SUSE Combined EULA February 2024"
-LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
-LABEL com.suse.image-type="application"
-LABEL com.suse.release-stage="released"
-# endlabelprefix
-
-COPY --from=base /installroot /
-RUN mv /usr/bin/cluster-api-provider-metal3 /manager
-# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
-USER 65532
-ENTRYPOINT [ "/manager" ]

cluster-api-provider-metal3/_service

@@ -1,23 +0,0 @@
-<services>
- <service name="obs_scm">
-    <param name="url">https://github.com/metal3-io/cluster-api-provider-metal3</param>
-    <param name="scm">git</param>
-    <param name="revision">v1.8.2</param>
-    <param name="version">_auto_</param>
-    <param name="versionformat">@PARENT_TAG@</param>
-    <param name="changesgenerate">enable</param>
-    <param name="changesauthor">steven.hardy@suse.com</param>
-    <param name="match-tag">v*</param>
-    <param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
-    <param name="without-version">yes</param>
-    <param name="versionrewrite-replacement">\1</param>
-  </service>
-  <service mode="buildtime" name="tar" />
-  <service mode="buildtime" name="recompress">
-    <param name="file">*.tar</param>
-    <param name="compression">gz</param>
-  </service>
-   <service name="go_modules">
-  </service>
-  <service mode="buildtime" name="set_version" />
-</services>

cluster-api-provider-metal3/cluster-api-provider-metal3.spec

@@ -1,54 +0,0 @@
-#
-# spec file for package cluster-api-provider-metal3
-#
-# Copyright (c) 2023 SUSE LLC
-#
-# All modifications and additions to the file contributed by third parties
-# remain the property of their copyright owners, unless otherwise agreed
-# upon. The license for this file, and modifications and additions to the
-# file, is the same license as for the pristine package itself (unless the
-# license for the pristine package is not an Open Source License, in which
-# case the license is the MIT License). An "Open Source License" is a
-# license that conforms to the Open Source Definition (Version 1.9)
-# published by the Open Source Initiative.
-
-# Please submit bugfixes or comments via https://bugs.opensuse.org/
-#
-
-
-Name:           cluster-api-provider-metal3
-Version:        1.8.2
-Release:        0
-Summary:        Cluster API Infrastructure Provider for Metal3
-License:        Apache-2.0
-URL:            https://github.com/metal3-io/cluster-api-provider-metal3
-Source:         cluster-api-provider-metal3-%{version}.tar.gz
-Source1:        vendor.tar.gz
-BuildRequires:  golang(API) = 1.22
-ExcludeArch:    s390
-ExcludeArch:    %{ix86}
-
-%description
-
-Cluster API Provider Metal3 is one of the providers for Cluster API and enables
-users to deploy a Cluster API based cluster on top of bare metal infrastructure
-using Metal3.
-
-%prep
-%autosetup -a1 -n cluster-api-provider-metal3-%{version}
-
-%build
-go build \
-   -mod=vendor \
-   -buildmode=pie \
-   -a -ldflags '-extldflags "-static"'
-
-%install
-install -D -m0755 cluster-api-provider-metal3 %{buildroot}%{_bindir}/cluster-api-provider-metal3
-
-%files
-%license LICENSE
-%doc README.md
-%{_bindir}/cluster-api-provider-metal3
-
-%changelog

cluster-api-provider-rke2-bootstrap-image/Dockerfile

@@ -1,36 +0,0 @@
-# SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-rke2-bootstrap:v%%cluster-api-provider-rke2_version%%
-#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-rke2-bootstrap:%%cluster-api-provider-rke2_version%%
-#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-rke2-bootstrap:%%cluster-api-provider-rke2_version%%-%RELEASE%
-#!BuildVersion: 15.6
-ARG SLE_VERSION
-FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
-
-FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
-COPY --from=micro / /installroot/
-RUN zypper --installroot /installroot --non-interactive install --no-recommends cluster-api-provider-rke2-bootstrap shadow; zypper -n clean; rm -rf /var/log/*
-
-FROM micro AS final
-# Define labels according to https://en.opensuse.org/Building_derived_containers
-# labelprefix=com.suse.application.cluster-api-provider-rke2
-LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
-LABEL org.opencontainers.image.title="SLE cluster-api-provider-rke2 Container Image"
-LABEL org.opencontainers.image.description="cluster-api-provider-rke2 based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="%%cluster-api-provider-rke2_version%%"
-LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
-LABEL org.opencontainers.image.created="%BUILDTIME%"
-LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-provider-rke2-bootstrap:%%cluster-api-provider-rke2_version%%-%RELEASE%"
-LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
-LABEL com.suse.eula="SUSE Combined EULA February 2024"
-LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
-LABEL com.suse.image-type="application"
-LABEL com.suse.release-stage="released"
-# endlabelprefix
-
-COPY --from=base /installroot /
-RUN mv /usr/bin/rke2-bootstrap-manager /manager
-# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
-USER 65532
-ENTRYPOINT [ "/manager" ]

cluster-api-provider-rke2-controlplane-image/Dockerfile

@@ -1,36 +0,0 @@
-# SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-rke2-controlplane:v%%cluster-api-provider-rke2_version%%
-#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-rke2-controlplane:%%cluster-api-provider-rke2_version%%
-#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-rke2-controlplane:%%cluster-api-provider-rke2_version%%-%RELEASE%
-#!BuildVersion: 15.6
-ARG SLE_VERSION
-FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
-
-FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
-COPY --from=micro / /installroot/
-RUN zypper --installroot /installroot --non-interactive install --no-recommends cluster-api-provider-rke2-control-plane shadow; zypper -n clean; rm -rf /var/log/*
-
-FROM micro AS final
-# Define labels according to https://en.opensuse.org/Building_derived_containers
-# labelprefix=com.suse.application.cluster-api-provider-rke2
-LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
-LABEL org.opencontainers.image.title="SLE cluster-api-provider-rke2 Container Image"
-LABEL org.opencontainers.image.description="cluster-api-provider-rke2 based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="%%cluster-api-provider-rke2_version%%"
-LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
-LABEL org.opencontainers.image.created="%BUILDTIME%"
-LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-provider-rke2-controlplane:%%cluster-api-provider-rke2_version%%-%RELEASE%"
-LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
-LABEL com.suse.eula="SUSE Combined EULA February 2024"
-LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
-LABEL com.suse.image-type="application"
-LABEL com.suse.release-stage="released"
-# endlabelprefix
-
-COPY --from=base /installroot /
-RUN mv /usr/bin/rke2-control-plane-manager /manager
-# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
-USER 65532
-ENTRYPOINT [ "/manager" ]

cluster-api-provider-rke2-controlplane-image/_service

@@ -1,19 +0,0 @@
-<services>
-  <service mode="buildtime" name="kiwi_metainfo_helper"/>
-  <service mode="buildtime" name="docker_label_helper"/>
-  <service name="replace_using_package_version" mode="buildtime">
-    <param name="file">Dockerfile</param>
-    <param name="regex">%%cluster-api-provider-rke2_version%%</param>
-    <param name="package">cluster-api-provider-rke2-control-plane</param>
-    <param name="parse-version">patch</param>
-  </service>
-  <service name="replace_using_env" mode="buildtime">
-    <param name="file">Dockerfile</param>
-    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
-    <param name="var">IMG_PREFIX</param>
-    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
-    <param name="var">IMG_REPO</param>
-    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
-    <param name="var">SUPPORT_LEVEL</param>
-  </service>
-</services>

cluster-api-provider-rke2/_service

@@ -1,23 +0,0 @@
-<services>
- <service name="obs_scm">
-    <param name="url">https://github.com/rancher-sandbox/cluster-api-provider-rke2</param>
-    <param name="scm">git</param>
-    <param name="revision">v0.8.0</param>
-    <param name="version">_auto_</param>
-    <param name="versionformat">@PARENT_TAG@</param>
-    <param name="changesgenerate">enable</param>
-    <param name="changesauthor">steven.hardy@suse.com</param>
-    <param name="match-tag">v*</param>
-    <param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
-    <param name="without-version">yes</param>
-    <param name="versionrewrite-replacement">\1</param>
-  </service>
-  <service mode="buildtime" name="tar" />
-  <service mode="buildtime" name="recompress">
-    <param name="file">*.tar</param>
-    <param name="compression">gz</param>
-  </service>
-   <service name="go_modules">
-  </service>
-  <service mode="buildtime" name="set_version" />
-</services>

cluster-api-provider-rke2/cluster-api-provider-rke2.spec

@@ -1,61 +0,0 @@
-#
-# spec file for package cluster-api-provider-rke2
-#
-# Copyright (c) 2023 SUSE LLC
-#
-# All modifications and additions to the file contributed by third parties
-# remain the property of their copyright owners, unless otherwise agreed
-# upon. The license for this file, and modifications and additions to the
-# file, is the same license as for the pristine package itself (unless the
-# license for the pristine package is not an Open Source License, in which
-# case the license is the MIT License). An "Open Source License" is a
-# license that conforms to the Open Source Definition (Version 1.9)
-# published by the Open Source Initiative.
-
-# Please submit bugfixes or comments via https://bugs.opensuse.org/
-#
-
-
-Name:           cluster-api-provider-rke2
-Version:        0.8.0
-Release:        0
-Summary:        Cluster API provider for RKE2
-License:        Apache-2.0
-URL:            https://github.com/rancher-sandbox/cluster-api-provider-rke2
-Source:         cluster-api-provider-rke2-%{version}.tar.gz
-Source1:        vendor.tar.gz
-BuildRequires:  golang(API) = 1.22
-ExcludeArch:    s390
-ExcludeArch:    %{ix86}
-
-%description
-
-Cluster API provider for RKE2
-
-%package bootstrap
-Summary: Cluster API bootstrap controller for RKE2
-%description bootstrap
-Cluster API bootstrap controller for RKE2
-
-%package control-plane
-Summary: Cluster API control-plane controller for RKE2
-%description control-plane
-Cluster API control-plane controller for RKE2
-
-%prep
-%autosetup -a1 -n cluster-api-provider-rke2-%{version}
-
-%build
-make managers
-
-%install
-install -D -m0755 bin/rke2-bootstrap-manager %{buildroot}%{_bindir}/rke2-bootstrap-manager
-install -D -m0755 bin/rke2-control-plane-manager %{buildroot}%{_bindir}/rke2-control-plane-manager
-
-%files bootstrap
-%{_bindir}/rke2-bootstrap-manager
-
-%files control-plane
-%{_bindir}/rke2-control-plane-manager
-
-%changelog

cluster-api/_service

@@ -1,23 +0,0 @@
-<services>
- <service name="obs_scm">
-    <param name="url">https://github.com/kubernetes-sigs/cluster-api</param>
-    <param name="scm">git</param>
-    <param name="revision">v1.8.4</param>
-    <param name="version">_auto_</param>
-    <param name="versionformat">@PARENT_TAG@</param>
-    <param name="changesgenerate">enable</param>
-    <param name="changesauthor">steven.hardy@suse.com</param>
-    <param name="match-tag">v*</param>
-    <param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
-    <param name="without-version">yes</param>
-    <param name="versionrewrite-replacement">\1</param>
-  </service>
-  <service mode="buildtime" name="tar" />
-  <service mode="buildtime" name="recompress">
-    <param name="file">*.tar</param>
-    <param name="compression">gz</param>
-  </service>
-  <service name="go_modules">
-  </service>
-  <service mode="buildtime" name="set_version" />
-</services>

cluster-api/cluster-api.spec

@@ -1,51 +0,0 @@
-#
-# spec file for package cluster-api
-#
-# Copyright (c) 2023 SUSE LLC
-#
-# All modifications and additions to the file contributed by third parties
-# remain the property of their copyright owners, unless otherwise agreed
-# upon. The license for this file, and modifications and additions to the
-# file, is the same license as for the pristine package itself (unless the
-# license for the pristine package is not an Open Source License, in which
-# case the license is the MIT License). An "Open Source License" is a
-# license that conforms to the Open Source Definition (Version 1.9)
-# published by the Open Source Initiative.
-
-# Please submit bugfixes or comments via https://bugs.opensuse.org/
-#
-
-
-Name:           cluster-api
-Version:        1.8.4
-Release:        0
-Summary:        Cluster API Core Controller
-License:        Apache-2.0
-URL:            https://github.com/kubernetes-sigs/cluster-api
-Source:         cluster-api-%{version}.tar.gz
-Source1:        vendor.tar.gz
-BuildRequires:  golang(API) = 1.22
-ExcludeArch:    s390
-ExcludeArch:    %{ix86}
-
-%description
-
-Cluster API core controller
-
-%prep
-%autosetup -a1 -n cluster-api-%{version}
-
-%build
-go build \
-   -mod=vendor \
-   -buildmode=pie \
-
-%install
-install -D -m0755 cluster-api %{buildroot}%{_bindir}/cluster-api-controller
-
-%files
-%license LICENSE
-%doc README.md
-%{_bindir}/cluster-api-controller
-
-%changelog

edge-image-builder-image/_service

@@ -7,10 +7,14 @@
     <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
     <param name="var">IMG_REPO</param>
     <param name="file">artifacts.yaml</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
+    <param name="var">IMG_PREFIX</param>
     <param name="eval">CHART_REPO=$(rpm --macros=/root/.rpmmacros -E %chart_repo)</param>
     <param name="var">CHART_REPO</param>
     <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
     <param name="var">SUPPORT_LEVEL</param>
+    <param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
+    <param name="var">CHART_MAJOR</param>
   </service>
 </services>
 

edge-image-builder-image/artifacts.yaml

@@ -1,11 +1,11 @@
 metallb:
   chart: metallb-chart
-  repository: %%CHART_REPO%%/3.1
-  version: 0.14.9
+  repository: "%%CHART_REPO%%/%%IMG_PREFIX%%"
+  version: "%%CHART_MAJOR%%.0.0+up0.14.9"
 endpoint-copier-operator:
   chart: endpoint-copier-operator-chart
-  repository: %%CHART_REPO%%/3.1
-  version: 0.2.1
+  repository: "%%CHART_REPO%%/%%IMG_PREFIX%%"
+  version: "%%CHART_MAJOR%%.0.0+up0.2.1"
 kubernetes:
   k3s:
     selinuxPackage: k3s-selinux-1.6-1.slemicro.noarch
@@ -13,4 +13,3 @@ kubernetes:
   rke2:
     selinuxPackage: rke2-selinux
     selinuxRepository: https://rpm.rancher.io/rke2/stable/common/slemicro/noarch
-

endpoint-copier-operator-chart/Chart.yaml

@@ -1,8 +1,8 @@
-#!BuildTag: %%IMG_PREFIX%%endpoint-copier-operator-chart:0.2.1
-#!BuildTag: %%IMG_PREFIX%%endpoint-copier-operator-chart:0.2.1-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%endpoint-copier-operator-chart:%%CHART_MAJOR%%.0.0_up0.2.1
+#!BuildTag: %%IMG_PREFIX%%endpoint-copier-operator-chart:%%CHART_MAJOR%%.0.0_up0.2.1-%RELEASE%
 apiVersion: v2
 appVersion: v0.2.0
 description: A Helm chart for Kubernetes
 name: endpoint-copier-operator
 type: application
-version: 0.2.1
+version: "%%CHART_MAJOR%%.0.0+up0.2.1"

endpoint-copier-operator-chart/_service

@@ -11,5 +11,7 @@
     <param name="file">Chart.yaml</param>
     <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
     <param name="var">IMG_PREFIX</param>
+    <param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
+    <param name="var">CHART_MAJOR</param>
   </service>
 </services>

frr-image/Dockerfile

@@ -0,0 +1,58 @@
+# SPDX-License-Identifier: MIT
+#!BuildTag: %%IMG_PREFIX%%frr:8.4
+#!BuildTag: %%IMG_PREFIX%%frr:8.4-%RELEASE%
+#!BuildVersion: 15.5
+ARG SLE_VERSION
+FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
+
+FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
+COPY --from=micro / /installroot/
+RUN zypper --installroot /installroot --non-interactive install --no-recommends tcpdump libpcap-devel iproute2 iputils strace socat frr python3 catatonit sed util-linux; zypper -n clean; rm -rf /var/log/*
+
+FROM micro AS final
+# Define labels according to https://en.opensuse.org/Building_derived_containers
+# labelprefix=com.suse.application.frr
+LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
+LABEL org.opencontainers.image.title="FRR Container Image"
+LABEL org.opencontainers.image.description="frr based on the SLE Base Container Image."
+LABEL org.opencontainers.image.version="8.4"
+LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
+LABEL org.opencontainers.image.created="%BUILDTIME%"
+LABEL org.opencontainers.image.vendor="SUSE LLC"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%frr:8.4-%RELEASE%"
+LABEL org.openbuildservice.disturl="%DISTURL%"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
+LABEL com.suse.eula="SUSE Combined EULA February 2024"
+LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
+LABEL com.suse.image-type="application"
+LABEL com.suse.release-stage="released"
+# endlabelprefix
+
+COPY --from=base /installroot /
+
+#Install frr
+USER root
+
+ENV PYTHONDONTWRITEBYTECODE yes
+
+# frr.sh is the entry point. This script examines environment
+# variables to direct operation and configure ovn
+ADD frr.sh /root/
+ADD daemons /etc/frr
+ADD frr.conf /etc/frr
+ADD vtysh.conf /etc/frr
+
+RUN chown frr:frr /etc/frr/daemons /etc/frr/frr.conf
+
+RUN ln -s /usr/bin/catatonit /sbin/tini
+RUN usermod -a -G frrvty frr
+
+COPY docker-start /usr/libexec/frr/docker-start
+RUN cp -r /usr/libexec/frr /usr/lib/ # required because of the different path on rhel
+
+WORKDIR /root
+ENTRYPOINT ["/sbin/tini", "--"]
+
+COPY docker-start /usr/lib/frr/docker-start
+RUN chmod +x /usr/lib/frr/docker-start
+CMD ["/usr/lib/frr/docker-start"]

frr-image/_service

@@ -1,12 +1,6 @@
 <services>
   <service mode="buildtime" name="kiwi_metainfo_helper"/>
   <service mode="buildtime" name="docker_label_helper"/>
-  <service name="replace_using_package_version" mode="buildtime">
-    <param name="file">Dockerfile</param>
-    <param name="regex">%%cluster-api_version%%</param>
-    <param name="package">cluster-api</param>
-    <param name="parse-version">patch</param>
-  </service>
   <service name="replace_using_env" mode="buildtime">
     <param name="file">Dockerfile</param>
     <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>

frr-image/daemons

@@ -0,0 +1,82 @@
+# This file tells the frr package which daemons to start.
+#
+# Entries are in the format: <daemon>=(yes|no|priority)
+#   0, "no"  = disabled
+#   1, "yes" = highest priority
+#   2 .. 10  = lower priorities
+#
+# For daemons which support multiple instances, a 2nd line listing
+# the instances can be added. Eg for ospfd:
+#   ospfd=yes
+#   ospfd_instances="1,2"
+#
+# Priorities were suggested by Dancer <dancer@zeor.simegen.com>.
+# They're used to start the FRR daemons in more than one step
+# (for example start one or two at network initialization and the
+# rest later). The number of FRR daemons being small, priorities
+# must be between 1 and 9, inclusive (or the initscript has to be
+# changed). /etc/init.d/frr then can be started as
+#
+#   /etc/init.d/frr <start|stop|restart|<priority>>
+#
+# where priority 0 is the same as 'stop', priority 10 or 'start'
+# means 'start all'
+#
+# Sample configurations for these daemons can be found in
+# /usr/share/doc/frr/examples/.
+#
+# ATTENTION:
+#
+# When activation a daemon at the first time, a config file, even if it is
+# empty, has to be present *and* be owned by the user and group "frr", else
+# the daemon will not be started by /etc/init.d/frr. The permissions should
+# be u=rw,g=r,o=.
+# When using "vtysh" such a config file is also needed. It should be owned by
+# group "frrvty" and set to ug=rw,o= though. Check /etc/pam.d/frr, too.
+#
+watchfrr_enable=yes
+watchfrr_options="-r '/usr/lib/frr/frr restart %s' -s '/usr/lib/frr/frr start %s' -k '/usr/lib/frr/frr stop %s'"
+#
+zebra=yes
+bgpd=yes
+ospfd=no
+ospf6d=no
+ripd=no
+ripngd=no
+isisd=no
+pimd=no
+nhrpd=no
+eigrpd=no
+sharpd=no
+pbrd=no
+staticd=yes
+bfdd=yes
+fabricd=no
+
+#
+# Command line options for the daemons
+#
+zebra_options=("-A 127.0.0.1")
+bgpd_options=("-A 127.0.0.1")
+ospfd_options=("-A 127.0.0.1")
+ospf6d_options=("-A ::1")
+ripd_options=("-A 127.0.0.1")
+ripngd_options=("-A ::1")
+isisd_options=("-A 127.0.0.1")
+pimd_options=("-A 127.0.0.1")
+nhrpd_options=("-A 127.0.0.1")
+eigrpd_options=("-A 127.0.0.1")
+sharpd_options=("-A 127.0.0.1")
+pbrd_options=("-A 127.0.0.1")
+staticd_options=("-A 127.0.0.1")
+bfdd_options=("-A 127.0.0.1")
+fabricd_options=("-A 127.0.0.1")
+
+#
+# If the vtysh_enable is yes, then the unified config is read
+# and applied if it exists.  If no unified frr.conf exists
+# then the per-daemon <daemon>.conf files are used)
+# If vtysh_enable is no or non-existant, the frr.conf is ignored.
+# it is highly suggested to have this set to yes
+vtysh_enable=yes
+

frr-image/docker-start

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+source /usr/lib/frr/frrcommon.sh
+/usr/lib/frr/watchfrr $(daemon_list)

frr-image/frr.conf

@@ -0,0 +1,53 @@
+frr defaults traditional
+log file /var/log/frr/frr.log
+log syslog informational
+log stdout debugging
+ipv6 forwarding
+service integrated-vtysh-config
+!
+debug bgp updates in
+debug bgp updates out
+debug bgp zebra
+!
+interface eth0
+ no ipv6 nd suppress-ra
+ ipv6 nd ra-interval 10
+!
+router bgp OCPASN
+ bgp router-id OCPROUTERID
+ bgp bestpath as-path multipath-relax
+ bgp bestpath compare-routerid
+!
+ neighbor OCPnodes peer-group
+ neighbor OCPnodes description Internal OCP Nodes
+ neighbor OCPnodes remote-as OCPASN
+ neighbor OCPnodes bfd
+ neighbor OCPnodes capability extended-nexthop 
+ !neighbor eth0 interface peer-group OCPnodes
+ !neighbor OCPPEER remote-as OCPASN peer-group OCPnodes
+ neighbor OCPPEER peer-group OCPnodes
+ !
+ address-family ipv4 unicast
+  redistribute connected
+  neighbor OCPnodes activate
+ exit-address-family
+ !
+ address-family ipv6 unicast
+  redistribute connected
+  neighbor OCPnodes activate
+  neighbor OCPnodes nexthop-local unchanged
+ exit-address-family
+ !
+!
+bfd
+ peer OCPPEER vrf default interface eth0
+   receive-interval 2000
+   transmit-interval 2000
+   echo-mode
+   echo-interval 3000
+   no shutdown
+ exit
+!
+line vty
+!
+

frr-image/frr.sh

@@ -0,0 +1,124 @@
+#!/bin/bash
+#set -euo pipefail
+
+# Enable verbose shell output if FRR_SH_VERBOSE is set to 'true'
+if [[ "${FRR_SH_VERBOSE:-}" == "true" ]]; then
+  set -x
+fi
+
+# The argument to the command is the operation to be performed
+# frr-node display display_env 
+# a cmd must be provided, there is no default
+cmd=${1:-""}
+
+# The frr user id, by default it is going to be frr:frr
+frr_user_id=${FRR_USER_ID:-""}
+
+# frr options
+frr_options=${FRR_OPTIONS:-""}
+
+# This script is the entrypoint to the image.
+# frr.sh version (update when API between daemonset and script changes - v.x.y)
+frr_version="3"
+
+# The daemonset version must be compatible with this script.
+# The default when FRR_DAEMONSET_VERSION is not set is version 3
+frr_daemonset_version=${FRR_DAEMONSET_VERSION:-"3"}
+
+# hostname is the host's hostname when using host networking,
+# This is useful on the master
+# otherwise it is the container ID (useful for debugging).
+frr_pod_host=${K8S_NODE:-$(hostname)}
+
+# The ovs user id, by default it is going to be root:root
+frr_user_id=${FRR_USER_ID:-""}
+
+# frr options
+frr_options=${FRR_OPTIONS:-""}
+
+# frr.conf variables
+ocp_asn=${OCPASN:-65000}
+ocp_routerid=${OCPROUTERID:-"10.10.10.1"}
+ocp_peer=${OCPPEER:-"10.10.10.1"}
+
+FRR_ETCDIR=/etc/frr
+FRR_RUNDIR=/var/run/frr
+FRR_LOGDIR=/var/log/frr
+
+# =========================================
+
+setup_frr_permissions() {
+    chown -R ${frr_user_id} ${FRR_RUNDIR}
+    chown -R ${frr_user_id} ${FRR_LOGDIR}
+    chown -R ${frr_user_id} ${FRR_ETCDIR}
+}
+
+# =========================================
+
+display_version() {
+  echo " =================== hostname: ${frr_pod_host}"
+  echo " =================== daemonset version ${frr_daemonset_version}"
+  if [[ -f /root/git_info ]]; then
+    disp_ver=$(cat /root/git_info)
+    return
+  fi
+}
+
+display_env() {
+  echo FRR_USER_ID ${frr_user_id}
+  echo FRR_OPTIONS ${frr_options}
+  echo frr.sh version ${frr_version}
+  echo ocp_asn ${ocp_asn}
+  echo ocp_routerid ${ocp_routerid}
+  echo ocp_peer ${ocp_peer}
+}
+
+# frr-node - all nodes
+frr-node() {
+  trap 'kill $(jobs -p) ; exit 0' TERM
+  rm -f ${FRR_RUNDIR}/frr.pid
+  echo "=============== frr-node ========== update frr.conf"
+  sed -i "s/OCPASN/$ocp_asn/" /etc/frr/frr.conf
+  sed -i "s/OCPPEER/$ocp_peer/" /etc/frr/frr.conf
+  sed -i "s/OCPROUTERID/$ocp_routerid/" /etc/frr/frr.conf
+
+  #chown -R frr:frr /etc/frr
+  chown -R frr:frr ${FRR_RUNDIR}
+  echo "=============== frr-node ========== starting"
+  # /usr/lib/frr/frrinit.sh start
+  # bash -x /usr/lib/frr/frrinit.sh start
+  bash -x 
+  /usr/lib/frr/frrinit.sh start
+  frrResult=$?
+  echo "=============== frrinit result is ${frrResult} " 
+ 
+  # Sleep forever
+  exec tail -f /dev/null
+}
+
+echo "================== frr.sh --- version: ${frr_version} ================"
+
+display_version
+
+display_env
+
+case ${cmd} in
+"frr-node") 
+  frr-node
+  ;;
+"display_env")
+  display_env
+  exit 0
+  ;;
+"display")
+  display
+  exit 0
+  ;;
+*)
+  echo "invalid command ${cmd}"
+  echo "valid v3 commands: frr-node display_env display " 
+  exit 0
+  ;;
+esac
+
+exit 0

ip-address-manager-image/Dockerfile

@@ -1,36 +0,0 @@
-# SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%ip-address-manager:v%%ip-address-manager_version%%
-#!BuildTag: %%IMG_PREFIX%%ip-address-manager:%%ip-address-manager_version%%
-#!BuildTag: %%IMG_PREFIX%%ip-address-manager:%%ip-address-manager_version%%-%RELEASE%
-#!BuildVersion: 15.6
-ARG SLE_VERSION
-FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
-
-FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
-COPY --from=micro / /installroot/
-RUN zypper --installroot /installroot --non-interactive install --no-recommends ip-address-manager shadow; zypper -n clean; rm -rf /var/log/*
-
-FROM micro AS final
-# Define labels according to https://en.opensuse.org/Building_derived_containers
-# labelprefix=com.suse.application.ip-address-manager
-LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
-LABEL org.opencontainers.image.title="SLE ip-address-manager Container Image"
-LABEL org.opencontainers.image.description="ip-address-manager based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="%%ip-address-manager_version%%"
-LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
-LABEL org.opencontainers.image.created="%BUILDTIME%"
-LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ip-address-manager:%%ip-address-manager_version%%-%RELEASE%"
-LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
-LABEL com.suse.eula="SUSE Combined EULA February 2024"
-LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
-LABEL com.suse.image-type="application"
-LABEL com.suse.release-stage="released"
-# endlabelprefix
-
-COPY --from=base /installroot /
-RUN mv /usr/bin/ip-address-manager /manager
-# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
-USER 65532
-ENTRYPOINT [ "/manager" ]

ip-address-manager/_service

@@ -1,23 +0,0 @@
-<services>
- <service name="obs_scm">
-    <param name="url">https://github.com/metal3-io/ip-address-manager</param>
-    <param name="scm">git</param>
-    <param name="revision">v1.8.1</param>
-    <param name="version">_auto_</param>
-    <param name="versionformat">@PARENT_TAG@</param>
-    <param name="changesgenerate">enable</param>
-    <param name="changesauthor">steven.hardy@suse.com</param>
-    <param name="match-tag">v*</param>
-    <param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
-    <param name="without-version">yes</param>
-    <param name="versionrewrite-replacement">\1</param>
-  </service>
-  <service mode="buildtime" name="tar" />
-  <service mode="buildtime" name="recompress">
-    <param name="file">*.tar</param>
-    <param name="compression">gz</param>
-  </service>
-   <service name="go_modules">
-  </service>
-  <service mode="buildtime" name="set_version" />
-</services>

ip-address-manager/ip-address-manager.spec

@@ -1,51 +0,0 @@
-#
-# spec file for package ip-address-manager
-#
-# Copyright (c) 2023 SUSE LLC
-#
-# All modifications and additions to the file contributed by third parties
-# remain the property of their copyright owners, unless otherwise agreed
-# upon. The license for this file, and modifications and additions to the
-# file, is the same license as for the pristine package itself (unless the
-# license for the pristine package is not an Open Source License, in which
-# case the license is the MIT License). An "Open Source License" is a
-# license that conforms to the Open Source Definition (Version 1.9)
-# published by the Open Source Initiative.
-
-# Please submit bugfixes or comments via https://bugs.opensuse.org/
-#
-
-
-Name:           ip-address-manager
-Version:        1.8.1
-Release:        0
-Summary:        Metal3 IPAM controller
-License:        Apache-2.0
-URL:            https://github.com/metal3-io/ip-address-manager
-Source:         ip-address-manager-%{version}.tar.gz
-Source1:        vendor.tar.gz
-BuildRequires:  golang(API) = 1.22
-ExcludeArch:    s390
-ExcludeArch:    %{ix86}
-
-%description
-
-Metal3 IPAM controller
-
-%prep
-%autosetup -a1 -n ip-address-manager-%{version}
-
-%build
-go build \
-   -mod=vendor \
-   -buildmode=pie \
-
-%install
-install -D -m0755 ip-address-manager %{buildroot}%{_bindir}/ip-address-manager
-
-%files
-%license LICENSE
-%doc README.md
-%{_bindir}/ip-address-manager
-
-%changelog

ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi

@@ -128,7 +128,7 @@
         <package name="kernel-firmware"/>
         <package name="kernel-default"/>
         <package name="NetworkManager"/>
-        <package name="nm-configurator-030"/>
+        <package name="nm-configurator"/>
         <package name="timezone"/>
         <package name="haveged"/>
         <!-- ironic-python-agent specific -->

ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec

@@ -87,7 +87,7 @@ BuildRequires:  wpa_supplicant
 BuildRequires:  dhcp-client
 BuildRequires:  which
 BuildRequires:  NetworkManager
-BuildRequires:  nm-configurator-030
+BuildRequires:  nm-configurator
 BuildRequires:  logrotate
 BuildRequires:  plymouth-dracut
 BuildRequires:  plymouth-theme-bgrt

kiwi-builder-image/Dockerfile

@@ -0,0 +1,35 @@
+#!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.1.16.0
+#!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.1.16.0-%RELEASE%
+FROM registry.suse.com/bci/kiwi:10.1.16
+MAINTAINER SUSE LLC (https://www.suse.com/)
+
+# Define labels according to https://en.opensuse.org/Building_derived_containers
+# labelprefix=com.suse.application.akri
+LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
+LABEL org.opencontainers.image.title="SLE Kiwi Builder Container Image"
+LABEL org.opencontainers.image.description="kiwi-builder based on the SLE Base Container Image."
+LABEL org.opencontainers.image.version="%PACKAGE_VERSION%"
+LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
+LABEL org.opencontainers.image.created="%BUILDTIME%"
+LABEL org.opencontainers.image.vendor="SUSE LLC"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kiwi-builder:10.1.16.0"
+LABEL org.openbuildservice.disturl="%DISTURL%"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
+LABEL com.suse.eula="SUSE Combined EULA February 2024"
+LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
+LABEL com.suse.image-type="application"
+LABEL com.suse.release-stage="released"
+# endlabelprefix
+
+# Configure Kiwi to use kpartx
+RUN echo -e "mapper:\n  - part_mapper: kpartx" > /etc/kiwi.yml
+
+# Copy build script into image and make it executable
+ADD build-image.sh /usr/bin/build-image
+RUN chmod a+x /usr/bin/build-image
+
+# Make a directory for the standard SL Micro Kiwi definition and config file and copy them in
+RUN mkdir -p /micro-sdk/defs
+ADD SL-Micro.kiwi /micro-sdk/defs
+ADD SL-Micro.kiwi.4096 /micro-sdk/defs
+ADD config.sh /micro-sdk/defs

kiwi-builder-image/README

@@ -0,0 +1,59 @@
+###########################
+Kiwi SDK Image Instructions
+###########################
+
+Please ensure that you're running this on a registered SLE Micro 6.0 system, and make sure that SELinux is disabled:
+
+# setenforce 0
+
+Next, download the podman image:
+
+# podman pull %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.0
+
+Make a local output directory (where the images will reside):
+
+# mkdir output
+
+Then, to build a standard "Base" image, run the following in podman:
+
+# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.0 build-image
+
+To build a "Base" SelfInstall ISO, you can add additional flags, for example:
+
+# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.0 build-image -p Base-SelfInstall
+
+Then, to build a standard "Default" image, run the following in podman:
+
+# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.0 build-image -p Default
+
+To build a "Default" SelfInstall ISO, you can add additional flags, for example:
+
+# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.0 build-image -p Default-SelfInstall
+
+To build an image with a RealTime kernel, e.g. a RAW disk image ("Default"), use the following:
+
+# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.0 build-image -p Base-RT
+
+To build an image that supports a large block/sectorsize (4096), use the "-b" flag, for example:
+
+# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.0 build-image -p Default-SelfInstall -b
+
+# mkdir mydefs/
+# cp /path/to/SL-Micro.kiwi mydefs/
+# cp /path/to/config.sh mydefs/
+# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -v ./mydefs/:/micro-sdk/defs/ -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.0 build-image
+
+All output will be in the local $(pwd)/output directory, for example:
+
+# ls -1 output/
+SLE-Micro.x86_64-6.0.changes
+SLE-Micro.x86_64-6.0.packages
+SLE-Micro.x86_64-6.0.raw
+SLE-Micro.x86_64-6.0.verified
+build
+kiwi.result
+kiwi.result.json
+
+Note, if you want to rebuild the image, you'll need to empty the output directory, or Kiwi will error due to existing output files:
+
+# rm -rf output/*

kiwi-builder-image/SL-Micro.kiwi

@@ -0,0 +1,777 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- OBS-Profiles: @BUILD_FLAVOR@ -->
+<!-- OBS-Milestone: %current_milestone -->
+<!-- OBS-BcntSyncTag: SL-Micro -->
+<image schemaversion="7.5" name="SL-Micro" displayname="SL Micro">
+    <description type="system">
+        <author>SUSE</author>
+        <contact>crc@suse.com</contact>
+        <specification>SL Micro</specification>
+    </description>
+    <profiles>
+        <!-- Profiles used as dependencies of actual image profiles -->
+        <!-- Flavors -->
+        <profile name="full" description="SL Micro as KVM and Container host"/>
+        <profile name="container-host" description="SL Micro as Container host"/>
+        <profile name="ecs_anywhere" description="Amazon ECS Anywhere support"/>
+        <!-- Platforms - support profiles -->
+        <profile name="bootloader" description="Bootloader files for x86_64 and aarch64"/>
+        <profile name="self_install" description="Self Installing ISO media"/>
+        <!-- Platforms -->
+        <profile name="x86" description="Raw disk for x86_64 - uEFI" arch="x86_64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="x86-vmware" description="Raw disk for x86_64 - uEFI" arch="x86_64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="x86-encrypted" description="Raw disk for x86_64 - uEFI" arch="x86_64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="x86-self_install" description="Raw disk for x86_64 - uEFI" arch="x86_64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="aarch64-self_install" description="Raw disk for aarch64" arch="aarch64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="x86-legacy" description="Raw disk for x86_64 - legacy boot" arch="x86_64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="x86-rt" description="Raw disk for x86_64 with RT kernel - uEFI" arch="x86_64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="x86-rt-encrypted" description="Raw disk for x86_64 with RT kernel - uEFI" arch="x86_64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="x86-rt-self_install" description="Raw disk for x86_64 with RT kernel - uEFI" arch="x86_64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="rpi" description="Raw disk for Raspberry Pi" arch="aarch64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="x86-qcow" description="qcow2 for x86_64 - uEFI" arch="x86_64">
+            <requires profile="bootloader"/>
+        </profile>
+	<profile name="aarch64-qcow" description="qcow2 for aarch64 - uEFI" arch="aarch64">
+	  <requires profile="bootloader"/>
+	</profile>
+        <profile name="s390-kvm" description="Raw disk for s390 - DASD" arch="s390x">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="s390-dasd" description="Raw disk for s390 - DASD" arch="s390x">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="s390-fba" description="Raw disk for s390 - DASD" arch="s390x">
+            <requires profile="bootloader"/>
+        </profile>
+        <!-- Images (flavor + platform) -->
+        <profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
+            <requires profile="full"/>
+            <requires profile="x86"/>
+        </profile>
+        <profile name="Base" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
+            <requires profile="container-host"/>
+            <requires profile="x86"/>
+        </profile>
+        <profile name="Default-VMware" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
+            <requires profile="full"/>
+            <requires profile="x86-vmware"/>
+        </profile>
+        <profile name="Base-VMware" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
+            <requires profile="container-host"/>
+	    <requires profile="x86-vmware"/>
+        </profile>
+        <profile name="Default-encrypted" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
+            <requires profile="full"/>
+            <requires profile="x86-encrypted"/>
+        </profile>
+        <profile name="Base-encrypted" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
+            <requires profile="container-host"/>
+            <requires profile="x86-encrypted"/>
+        </profile>
+        <profile name="Base-RT-encrypted" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
+            <requires profile="container-host"/>
+            <requires profile="x86-rt-encrypted"/>
+        </profile>
+        <profile name="Default-SelfInstall" description="SL Micro with Podman and KVM as raw image with uEFI boot - SelfInstall" arch="x86_64">
+            <requires profile="full"/>
+            <requires profile="x86-self_install"/>
+            <requires profile="self_install"/>
+        </profile>
+        <profile name="Base-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="x86_64">
+            <requires profile="container-host"/>
+            <requires profile="x86-self_install"/>
+            <requires profile="self_install"/>
+        </profile>
+        <profile name="Default-SelfInstall" description="SL Micro with Podman and KVM as raw image with uEFI boot - SelfInstall" arch="aarch64">
+            <requires profile="full"/>
+            <requires profile="aarch64-self_install"/>
+            <requires profile="self_install"/>
+        </profile>
+        <profile name="Base-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="aarch64">
+            <requires profile="container-host"/>
+            <requires profile="aarch64-self_install"/>
+            <requires profile="self_install"/>
+        </profile>
+        <profile name="ECS-Anywhere" description="SL Micro with Podman and ECS Anywhere packagesas raw image with uEFI boot" arch="x86_64">
+            <requires profile="full"/>
+            <requires profile="ecs_anywhere"/>
+            <requires profile="x86"/>
+        </profile>
+        <profile name="ECS-Anywhere-SelfInstall" description="SL Micro with Podman and ECS Anywhere packages as raw image with uEFI boot - SelfInstall" arch="x86_64">
+            <requires profile="full"/>
+            <requires profile="ecs_anywhere"/>
+            <requires profile="x86-self_install"/>
+            <requires profile="self_install"/>
+        </profile>
+        <profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="aarch64">
+            <requires profile="full"/>
+            <requires profile="rpi"/>
+        </profile>
+        <profile name="Base" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
+            <requires profile="container-host"/>
+            <requires profile="rpi"/>
+        </profile>
+        <profile name="Base-RT" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
+            <requires profile="container-host"/>
+            <requires profile="x86-rt"/>
+        </profile>
+        <profile name="Base-RT-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="x86_64">
+            <requires profile="container-host"/>
+            <requires profile="x86-rt-self_install"/>
+            <requires profile="self_install"/>
+        </profile>
+        <profile name="Default-qcow" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x">
+            <requires profile="full"/>
+            <requires profile="s390-kvm"/>
+        </profile>
+        <profile name="Base-qcow" description="SL Micro with Podman as raw image for KVM on System z" arch="s390x">
+            <requires profile="container-host"/>
+            <requires profile="s390-kvm"/>
+        </profile>
+        <profile name="Default-dasd" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x">
+            <requires profile="full"/>
+            <requires profile="s390-dasd"/>
+        </profile>
+        <profile name="Base-dasd" description="SL Micro with Podman as raw image for KVM on System z" arch="s390x">
+            <requires profile="container-host"/>
+            <requires profile="s390-dasd"/>
+        </profile>
+        <profile name="Default-fba" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x">
+            <requires profile="full"/>
+            <requires profile="s390-fba"/>
+        </profile>
+        <profile name="Base-fba" description="SL Micro with Podman as raw image for KVM on System z" arch="s390x">
+            <requires profile="container-host"/>
+            <requires profile="s390-fba"/>
+        </profile>
+        <profile name="Default-legacy" description="SL Micro with Podman as raw image with legacy boot" arch="x86_64">
+            <requires profile="full"/>
+            <requires profile="x86-legacy"/>
+        </profile>
+        <profile name="Default-qcow" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
+            <requires profile="full"/>
+            <requires profile="x86-qcow"/>
+        </profile>
+        <profile name="Base-qcow" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
+            <requires profile="container-host"/>
+            <requires profile="x86-qcow"/>
+        </profile>
+	<profile name="Default-qcow" description="SL Micro with Podman and KMV as raw image with uEFI boot" arch="aarch64">
+	    <requires profile="full"/>
+	    <requires profile="aarch64-qcow"/>
+        </profile>
+	<profile name="Base-qcow" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
+	    <requires profile="container-host"/>
+	    <requires profile="aarch64-qcow"/>
+        </profile>
+    </profiles>
+
+    <preferences profiles="x86-encrypted,x86-rt-encrypted">
+        <version>6.0</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <type
+            image="oem"
+            initrd_system="dracut"
+            filesystem="btrfs"
+            firmware="uefi"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
+            bootpartition="false"
+            bootkernel="custom"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+            luks_version="luks2"
+            luks="1234"
+	    luks_randomize="false"
+	    luks_pbkdf="pbkdf2"
+        >
+            <luksformat>
+                <option name="--cipher" value="aes"/>
+            </luksformat>
+            <bootloader name="grub2" console="gfxterm" use_disk_password="true" />
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+                <!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/i386-pc"/>
+                <volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
+                <volume name="boot/writable"/>
+                <volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+            <size unit="G">4</size>
+        </type>
+    </preferences>
+    <preferences profiles="x86,x86-rt">
+        <version>6.0</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <type
+            image="oem"
+            initrd_system="dracut"
+            filesystem="btrfs"
+            firmware="uefi"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
+            bootpartition="false"
+            bootkernel="custom"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+        >
+    	    <bootloader name="grub2" console="gfxterm" timeout="3"/>
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+                <!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/i386-pc"/>
+                <volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
+                <volume name="boot/writable"/>
+                <volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+        </type>
+    </preferences>
+
+    <preferences profiles="x86-self_install,x86-rt-self_install">
+        <version>6.0</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <type
+            image="oem"
+            initrd_system="dracut"
+            installiso="true"
+            filesystem="btrfs"
+            installboot="install"
+            install_continue_on_timeout="false"
+            firmware="uefi"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
+            bootpartition="false"
+            bootkernel="custom"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+        >
+            <bootloader name="grub2" console="gfxterm" timeout="3" />
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+                <!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/i386-pc"/>
+                <volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
+                <volume name="boot/writable"/>
+                <volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+        </type>
+    </preferences>
+
+    <preferences profiles="rpi">
+        <version>6.0</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <type
+            image="oem"
+            initrd_system="dracut"
+            installiso="true"
+            filesystem="btrfs"
+            installboot="install"
+            install_continue_on_timeout="false"
+            fsmountoptions="noatime"
+            firmware="uefi"
+            kernelcmdline="console=ttyS0,115200n8 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
+            bootpartition="false"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            efipartsize="128"     
+            editbootinstall="editbootinstall_rpi.sh"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="false"
+            disk_start_sector="4096"
+        >
+            <bootloader name="grub2" console="gfxterm" timeout="3" />
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+                <!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
+                <volume name="boot/writable"/>
+                <volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+        </type>
+    </preferences>
+    <preferences profiles="aarch64-self_install">
+        <version>6.0</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <type
+            image="oem"
+            initrd_system="dracut"
+            installiso="true"
+            filesystem="btrfs"
+            installboot="install"
+            install_continue_on_timeout="false"
+            firmware="uefi"
+            efipartsize="128"     
+	    kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
+            bootpartition="false"
+            bootkernel="custom"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+            disk_start_sector="4096"
+        >
+            <bootloader name="grub2" console="gfxterm" timeout="3" />
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+                <!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
+                <volume name="boot/writable"/>
+                <volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+        </type>
+    </preferences>
+
+    <preferences profiles="s390-kvm">
+        <version>6.0</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+
+        <type
+            image="oem"
+            filesystem="btrfs"
+            bootpartition="true"
+            bootpartsize="300"
+            bootfilesystem="ext2"
+        initrd_system="dracut"
+        format="qcow2"
+            kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
+        devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+    >
+            <bootloader name="grub2_s390x_emu" timeout="3" />
+              <systemdisk>
+                  <volume name="home"/>
+                  <volume name="root"/>
+                  <volume name="opt"/>
+                  <volume name="srv"/>
+          <volume name="boot/grub2/s390x-emu" mountpoint="boot/grub2/s390x-emu"/>
+                  <volume name="boot/writable"/>
+                  <volume name="usr/local"/>
+                  <volume name="var" copy_on_write="false"/>
+               </systemdisk>
+           <size unit="G">32</size>
+      </type>
+    </preferences>
+
+
+    <preferences profiles="s390-dasd">
+        <version>6.0</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <type
+          image="oem"
+          filesystem="btrfs"
+          bootpartition="true"
+          bootpartsize="300"
+          bootfilesystem="ext2"
+          initrd_system="dracut"
+          kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
+          devicepersistency="by-uuid"
+          target_blocksize="4096"
+          btrfs_root_is_snapshot="true"
+          btrfs_root_is_readonly_snapshot="true"
+          btrfs_quota_groups="true"
+      >
+            <bootloader name="grub2_s390x_emu" console="serial" timeout="3" targettype="CDL" />
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/s390x-emu" mountpoint="boot/grub2/s390x-emu"/>
+                <volume name="boot/writable"/>
+                <volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+            <size unit="G">5</size>
+      </type>
+    </preferences>
+
+
+
+    <preferences profiles="s390-fba">
+        <version>6.0</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <type
+          image="oem"
+          filesystem="btrfs"
+          bootpartition="true"
+          bootpartsize="300"
+          bootfilesystem="ext2"
+          initrd_system="dracut"
+          kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
+          devicepersistency="by-uuid"
+          btrfs_root_is_snapshot="true"
+          btrfs_root_is_readonly_snapshot="true"
+          btrfs_quota_groups="true"
+        >
+            <bootloader name="grub2_s390x_emu" console="serial" timeout="3" targettype="FBA"/>
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/s390x-emu" mountpoint="boot/grub2/s390x-emu"/>
+                <volume name="boot/writable"/>
+                <volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+            <size unit="G">5</size>
+        </type>
+    </preferences>
+
+
+    <preferences profiles="x86-vmware">
+        <version>6.0</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <type
+            image="oem"
+            filesystem="btrfs"
+            format="vmdk"
+            firmware="uefi"
+            bootpartition="false"
+            bootkernel="custom"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+        >
+            <bootloader name="grub2" console="gfxterm" />
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/i386-pc"/>
+                <volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
+                <volume name="boot/writable"/>
+                <volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+            <size unit="G">24</size>
+            <machine memory="1024" HWversion="10" guestOS="suse-64"/>
+        </type>
+    </preferences>
+    <preferences profiles="x86-qcow">
+        <version>6.0</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <type
+            image="oem"
+            format="qcow2"
+            filesystem="btrfs"
+            firmware="uefi"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
+            bootpartition="false"
+            bootkernel="custom"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+        >
+            <bootloader name="grub2" console="gfxterm" timeout="3" />
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+                <!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/i386-pc"/>
+                <volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
+                <volume name="boot/writable"/>
+                <volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+            <size unit="G">32</size>
+        </type>
+    </preferences>
+ 
+    <preferences profiles="aarch64-qcow">
+        <version>6.0</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+	<locale>en_US</locale>
+        <type
+            image="oem"
+            format="qcow2"
+            filesystem="btrfs"
+            firmware="uefi"
+            efipartsize="128"     
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
+            bootpartition="false"
+            bootkernel="custom"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+        >
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+ 		<volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
+                <volume name="boot/writable"/>
+		<volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+            <size unit="G">20</size>
+        </type>
+    </preferences>
+
+   <repository type="rpm-md" >
+        <source path='obsrepositories:/'/>
+    </repository>
+
+    <packages type="image" profiles="full">
+        <namedCollection name="base_transactional"/>
+        <package name="patterns-base-transactional"/>
+        <namedCollection name="salt_minion"/>
+	<package name="patterns-base-salt_minion"/>
+        <namedCollection name="kvm_host"/>
+	<package name="patterns-base-kvm_host"/>
+	<package name="lzop"/>
+        <namedCollection name="container_runtime_podman"/>
+        <package name="patterns-container-runtime_podman"/> 
+        <namedCollection name="cockpit"/>
+        <package name="patterns-base-cockpit"/>
+        <namedCollection name="selinux"/>
+        <package name="patterns-base-selinux"/>
+        <package name="suseconnect-ng"/>
+        <package name="SL-Micro-release"/>
+        <package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
+        <package name="systemd-default-settings-branding-SLE-Micro"/>
+        <package name="firewalld"/>
+        <package name="wpa_supplicant" arch="x86_64,aarch64"/>
+	<package name="libpwquality-tools"/>
+        <!-- <package name="k3s-install"/> -->
+    </packages>
+
+    <packages type="image" profiles="x86-encrypted,x86-rt-encrypted">
+        <!-- full disk encryption stuff -->
+        <package name="device-mapper"/>
+        <package name="cryptsetup"/>
+        <package name="system-user-tss"/>
+        <package name="libtss2-fapi1"/>
+        <package name="libtss2-tcti-device0"/>
+        <package name="tpm2.0-tools"/>
+        <package name="tpm2-0-tss"/>
+        <package name="fde-firstboot"/>
+    </packages>
+
+    <packages type="image" profiles="container-host">
+        <namedCollection name="base_transactional"/>
+        <package name="patterns-base-transactional"/>
+        <namedCollection name="container_runtime_podman"/>
+        <package name="patterns-container-runtime_podman"/> 
+        <namedCollection name="cockpit"/>
+        <package name="patterns-base-cockpit"/>
+        <namedCollection name="selinux"/>
+        <package name="patterns-base-selinux"/>
+        <package name="suseconnect-ng"/>
+        <package name="SL-Micro-release"/>
+        <package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
+        <package name="systemd-default-settings-branding-SLE-Micro"/>
+        <package name="firewalld"/>
+	<package name="libpwquality-tools"/>
+    </packages>
+
+    <packages type="image" profiles="ecs_anywhere">
+        <package name="amazon-ssm-agent"/>
+        <package name="amazon-ecs-init"/>
+        <package name="aws-cli"/>
+        <package name="docker"/>
+    </packages>
+
+    <!-- Ignition / Combustion everywhere, cloud-init only in selected images
+    <packages type="image" profiles="aarch64-self_install,rpi,s390-dasd,s390-fba,s390-kvm,x86,x86-encrypted,x86-legacy,x86-rt,x86-rt-encrypted,x86-rt-self_install,x86-self_install"> -->
+    <packages type="image">
+        <package name="ignition"/>
+        <package name="combustion &gt;= 1.2"/> <!-- New firstboot mechanism -->
+	<package name="jeos-firstboot"/>
+    </packages>
+
+    <packages type="image" profiles="x86-qcow,x86-vmware,aarch64-qcow">
+        <package name="cloud-init"/>
+        <package name="cloud-init-config-suse"/>
+    </packages>
+
+    <packages type="image">
+        <namedCollection name="base_transactional"/>
+        <package name="patterns-base-transactional"/>
+        <namedCollection name="hardware"/>
+        <package name="patterns-base-hardware"/>
+        <package name="grub2"/>
+        <package name="glibc-locale-base"/>
+        <package name="ca-certificates"/>
+	<package name="SL-Micro-release"/>
+        <package name="systemd-default-settings-branding-SLE-Micro"/>
+        <package name="firewalld"/>
+	<package name="NetworkManager-tui"/>
+        <package name="growpart-generator"/>
+        <package name="suse-build-key"/>
+        <!-- for debugging -->
+        <package name="less"/>
+        <package name="vim-small"/>
+
+        <namedCollection name="micro_defaults"/>
+        <package name="patterns-micro-defaults"/>
+        <package name="NetworkManager"/>
+        <package name="NetworkManager-branding-SLE"/>
+	<package name="ModemManager"/>
+	<!-- FIXME does not build without control file which is obsolete 
+	<package name="live-add-yast-repos"/> -->
+	<package name="parted"/> <!-- seems missing to deploy the image -->
+    </packages>
+
+    <packages type="image" profiles="bootloader">
+        <package name="grub2-i386-pc" arch="x86_64"/>
+        <package name="grub2-x86_64-efi" arch="x86_64"/>
+        <package name="grub2-arm64-efi" arch="aarch64"/>
+        <package name="grub2-s390x-emu" arch="s390x"/>
+        <package name="grub2-branding-SLE" bootinclude="true" arch="x86_64,aarch64"/>
+        <package name="grub2-snapper-plugin"/>
+        <package name="shim" arch="x86_64,aarch64"/>
+	<package name="mokutil" arch="x86_64,aarch64"/>
+	<!-- obsoleted by kiwi-settings
+	    <package name="kpartx" arch="s390x"/>--> <!-- previous releases picked it always, now kiwi picks partx instead -->
+    </packages>
+    <!-- rpi kernel-default-base does not provide all necessary drivers -->
+    <packages type="image" profiles="x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64-qcow,s390-kvm,s390-dasd,s390-fba">
+        <package name="kernel-default"/>
+        <package name="kernel-firmware-all"/>
+    </packages>
+    <packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted">
+        <package name="kernel-rt"/>
+	<package name="kernel-firmware-all"/>
+	<!-- FIXME intentionally removed from ALP code stream 
+	<package name="cpuset"/> -->
+    </packages>
+    <!-- makes the image build, but also include kernel-default
+    <packages type="image" profiles="x86-rt-encrypted">
+        <package name="kernel-default-extra"/>
+    </packages> -->
+    <packages type="image" profiles="s390-kvm,s390-dasd,s390-fba">
+        <package name="dracut-kiwi-oem-repart"/>
+        <package name="blog"/>
+    </packages>
+    <packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64-qcow,rpi,aarch64-self_install">
+        <package name="dracut-kiwi-oem-repart"/>
+        <package name="dracut-kiwi-oem-dump"/>
+    </packages>
+    <packages type="image" profiles="rpi,aarch64-self_install">
+        <package name="raspberrypi-firmware" arch="aarch64"/>
+        <package name="raspberrypi-firmware-config" arch="aarch64"/>
+        <package name="raspberrypi-firmware-dt" arch="aarch64"/>
+        <package name="u-boot-rpiarm64" arch="aarch64"/>
+        <package name="dracut-kiwi-oem-repart"/>
+        <package name="bcm43xx-firmware"/>
+        <package name="kernel-firmware-all"/><!-- Fix choice between kernel-firmware and kernel-firmware-all -->
+        <package name="wireless-regdb"/>
+        <package name="wireless-tools"/>
+        <package name="wpa_supplicant"/>
+        <package name="grub2-arm64-efi"/>
+        <!-- kernel-default-base does not have all required drivers -->
+        <package name="kernel-default"/>
+    </packages>
+    <packages type="bootstrap">
+        <package name="coreutils"/>
+        <package name="filesystem"/>
+        <package name="ca-certificates"/>
+        <package name="ca-certificates-mozilla"/>
+    </packages>
+
+    <!-- bsc#1221936 -->
+    <packages type="image" profiles="x86-vmware">
+        <package name="open-vm-tools"/>
+    </packages>
+
+    <!-- bsc#1221727-->
+    <packages type="image" profiles="x86-qcow,aarch64-qcow">
+        <package name="qemu-guest-agent"/>
+    </packages>
+</image>

kiwi-builder-image/SL-Micro.kiwi.4096

@@ -0,0 +1,784 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- OBS-Profiles: @BUILD_FLAVOR@ -->
+<!-- OBS-Milestone: %current_milestone -->
+<!-- OBS-BcntSyncTag: SL-Micro -->
+<image schemaversion="7.5" name="SL-Micro" displayname="SL Micro">
+    <description type="system">
+        <author>SUSE</author>
+        <contact>crc@suse.com</contact>
+        <specification>SL Micro</specification>
+    </description>
+    <profiles>
+        <!-- Profiles used as dependencies of actual image profiles -->
+        <!-- Flavors -->
+        <profile name="full" description="SL Micro as KVM and Container host"/>
+        <profile name="container-host" description="SL Micro as Container host"/>
+        <profile name="ecs_anywhere" description="Amazon ECS Anywhere support"/>
+        <!-- Platforms - support profiles -->
+        <profile name="bootloader" description="Bootloader files for x86_64 and aarch64"/>
+        <profile name="self_install" description="Self Installing ISO media"/>
+        <!-- Platforms -->
+        <profile name="x86" description="Raw disk for x86_64 - uEFI" arch="x86_64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="x86-vmware" description="Raw disk for x86_64 - uEFI" arch="x86_64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="x86-encrypted" description="Raw disk for x86_64 - uEFI" arch="x86_64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="x86-self_install" description="Raw disk for x86_64 - uEFI" arch="x86_64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="aarch64-self_install" description="Raw disk for aarch64" arch="aarch64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="x86-legacy" description="Raw disk for x86_64 - legacy boot" arch="x86_64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="x86-rt" description="Raw disk for x86_64 with RT kernel - uEFI" arch="x86_64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="x86-rt-encrypted" description="Raw disk for x86_64 with RT kernel - uEFI" arch="x86_64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="x86-rt-self_install" description="Raw disk for x86_64 with RT kernel - uEFI" arch="x86_64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="rpi" description="Raw disk for Raspberry Pi" arch="aarch64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="x86-qcow" description="qcow2 for x86_64 - uEFI" arch="x86_64">
+            <requires profile="bootloader"/>
+        </profile>
+	<profile name="aarch64-qcow" description="qcow2 for aarch64 - uEFI" arch="aarch64">
+	  <requires profile="bootloader"/>
+	</profile>
+        <profile name="s390-kvm" description="Raw disk for s390 - DASD" arch="s390x">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="s390-dasd" description="Raw disk for s390 - DASD" arch="s390x">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="s390-fba" description="Raw disk for s390 - DASD" arch="s390x">
+            <requires profile="bootloader"/>
+        </profile>
+        <!-- Images (flavor + platform) -->
+        <profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
+            <requires profile="full"/>
+            <requires profile="x86"/>
+        </profile>
+        <profile name="Base" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
+            <requires profile="container-host"/>
+            <requires profile="x86"/>
+        </profile>
+        <profile name="Default-VMware" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
+            <requires profile="full"/>
+            <requires profile="x86-vmware"/>
+        </profile>
+        <profile name="Base-VMware" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
+            <requires profile="container-host"/>
+	    <requires profile="x86-vmware"/>
+        </profile>
+        <profile name="Default-encrypted" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
+            <requires profile="full"/>
+            <requires profile="x86-encrypted"/>
+        </profile>
+        <profile name="Base-encrypted" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
+            <requires profile="container-host"/>
+            <requires profile="x86-encrypted"/>
+        </profile>
+        <profile name="Base-RT-encrypted" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
+            <requires profile="container-host"/>
+            <requires profile="x86-rt-encrypted"/>
+        </profile>
+        <profile name="Default-SelfInstall" description="SL Micro with Podman and KVM as raw image with uEFI boot - SelfInstall" arch="x86_64">
+            <requires profile="full"/>
+            <requires profile="x86-self_install"/>
+            <requires profile="self_install"/>
+        </profile>
+        <profile name="Base-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="x86_64">
+            <requires profile="container-host"/>
+            <requires profile="x86-self_install"/>
+            <requires profile="self_install"/>
+        </profile>
+        <profile name="Default-SelfInstall" description="SL Micro with Podman and KVM as raw image with uEFI boot - SelfInstall" arch="aarch64">
+            <requires profile="full"/>
+            <requires profile="aarch64-self_install"/>
+            <requires profile="self_install"/>
+        </profile>
+        <profile name="Base-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="aarch64">
+            <requires profile="container-host"/>
+            <requires profile="aarch64-self_install"/>
+            <requires profile="self_install"/>
+        </profile>
+        <profile name="ECS-Anywhere" description="SL Micro with Podman and ECS Anywhere packagesas raw image with uEFI boot" arch="x86_64">
+            <requires profile="full"/>
+            <requires profile="ecs_anywhere"/>
+            <requires profile="x86"/>
+        </profile>
+        <profile name="ECS-Anywhere-SelfInstall" description="SL Micro with Podman and ECS Anywhere packages as raw image with uEFI boot - SelfInstall" arch="x86_64">
+            <requires profile="full"/>
+            <requires profile="ecs_anywhere"/>
+            <requires profile="x86-self_install"/>
+            <requires profile="self_install"/>
+        </profile>
+        <profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="aarch64">
+            <requires profile="full"/>
+            <requires profile="rpi"/>
+        </profile>
+        <profile name="Base" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
+            <requires profile="container-host"/>
+            <requires profile="rpi"/>
+        </profile>
+        <profile name="Base-RT" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
+            <requires profile="container-host"/>
+            <requires profile="x86-rt"/>
+        </profile>
+        <profile name="Base-RT-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="x86_64">
+            <requires profile="container-host"/>
+            <requires profile="x86-rt-self_install"/>
+            <requires profile="self_install"/>
+        </profile>
+        <profile name="Default-qcow" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x">
+            <requires profile="full"/>
+            <requires profile="s390-kvm"/>
+        </profile>
+        <profile name="Base-qcow" description="SL Micro with Podman as raw image for KVM on System z" arch="s390x">
+            <requires profile="container-host"/>
+            <requires profile="s390-kvm"/>
+        </profile>
+        <profile name="Default-dasd" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x">
+            <requires profile="full"/>
+            <requires profile="s390-dasd"/>
+        </profile>
+        <profile name="Base-dasd" description="SL Micro with Podman as raw image for KVM on System z" arch="s390x">
+            <requires profile="container-host"/>
+            <requires profile="s390-dasd"/>
+        </profile>
+        <profile name="Default-fba" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x">
+            <requires profile="full"/>
+            <requires profile="s390-fba"/>
+        </profile>
+        <profile name="Base-fba" description="SL Micro with Podman as raw image for KVM on System z" arch="s390x">
+            <requires profile="container-host"/>
+            <requires profile="s390-fba"/>
+        </profile>
+        <profile name="Default-legacy" description="SL Micro with Podman as raw image with legacy boot" arch="x86_64">
+            <requires profile="full"/>
+            <requires profile="x86-legacy"/>
+        </profile>
+        <profile name="Default-qcow" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
+            <requires profile="full"/>
+            <requires profile="x86-qcow"/>
+        </profile>
+        <profile name="Base-qcow" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
+            <requires profile="container-host"/>
+            <requires profile="x86-qcow"/>
+        </profile>
+	<profile name="Default-qcow" description="SL Micro with Podman and KMV as raw image with uEFI boot" arch="aarch64">
+	    <requires profile="full"/>
+	    <requires profile="aarch64-qcow"/>
+        </profile>
+	<profile name="Base-qcow" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
+	    <requires profile="container-host"/>
+	    <requires profile="aarch64-qcow"/>
+        </profile>
+    </profiles>
+
+    <preferences profiles="x86-encrypted,x86-rt-encrypted">
+        <version>6.0</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <type
+            image="oem"
+            initrd_system="dracut"
+            filesystem="btrfs"
+            firmware="uefi"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
+            bootpartition="false"
+            bootkernel="custom"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+            luks_version="luks2"
+            luks="1234"
+	    luks_randomize="false"
+	    luks_pbkdf="pbkdf2"
+            target_blocksize="4096"
+            efipartsize="200"
+        >
+            <luksformat>
+                <option name="--cipher" value="aes"/>
+            </luksformat>
+            <bootloader name="grub2" console="gfxterm" use_disk_password="true" />
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+                <!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/i386-pc"/>
+                <volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
+                <volume name="boot/writable"/>
+                <volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+            <size unit="G">4</size>
+        </type>
+    </preferences>
+    <preferences profiles="x86,x86-rt">
+        <version>6.0</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <type
+            image="oem"
+            initrd_system="dracut"
+            filesystem="btrfs"
+            firmware="uefi"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
+            bootpartition="false"
+            bootkernel="custom"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+            target_blocksize="4096"
+            efipartsize="200"
+        >
+    	    <bootloader name="grub2" console="gfxterm" timeout="3"/>
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+                <!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/i386-pc"/>
+                <volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
+                <volume name="boot/writable"/>
+                <volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+        </type>
+    </preferences>
+
+    <preferences profiles="x86-self_install,x86-rt-self_install">
+        <version>6.0</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <type
+            image="oem"
+            initrd_system="dracut"
+            installiso="true"
+            filesystem="btrfs"
+            installboot="install"
+            install_continue_on_timeout="false"
+            firmware="uefi"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
+            bootpartition="false"
+            bootkernel="custom"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+            target_blocksize="4096"
+            efipartsize="200"
+        >
+            <bootloader name="grub2" console="gfxterm" timeout="3" />
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+                <!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/i386-pc"/>
+                <volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
+                <volume name="boot/writable"/>
+                <volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+        </type>
+    </preferences>
+
+    <preferences profiles="rpi">
+        <version>6.0</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <type
+            image="oem"
+            initrd_system="dracut"
+            installiso="true"
+            filesystem="btrfs"
+            installboot="install"
+            install_continue_on_timeout="false"
+            fsmountoptions="noatime"
+            firmware="uefi"
+            kernelcmdline="console=ttyS0,115200n8 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
+            bootpartition="false"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            efipartsize="128"
+            editbootinstall="editbootinstall_rpi.sh"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="false"
+            disk_start_sector="4096"
+        >
+            <bootloader name="grub2" console="gfxterm" timeout="3" />
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+                <!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
+                <volume name="boot/writable"/>
+                <volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+        </type>
+    </preferences>
+    <preferences profiles="aarch64-self_install">
+        <version>6.0</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <type
+            image="oem"
+            initrd_system="dracut"
+            installiso="true"
+            filesystem="btrfs"
+            installboot="install"
+            install_continue_on_timeout="false"
+            firmware="uefi"
+            efipartsize="128"
+	    kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
+            bootpartition="false"
+            bootkernel="custom"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+            disk_start_sector="4096"
+        >
+            <bootloader name="grub2" console="gfxterm" timeout="3" />
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+                <!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
+                <volume name="boot/writable"/>
+                <volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+        </type>
+    </preferences>
+
+    <preferences profiles="s390-kvm">
+        <version>6.0</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+
+        <type
+            image="oem"
+            filesystem="btrfs"
+            bootpartition="true"
+            bootpartsize="300"
+            bootfilesystem="ext2"
+        initrd_system="dracut"
+        format="qcow2"
+            kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
+        devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+    >
+            <bootloader name="grub2_s390x_emu" timeout="3" />
+              <systemdisk>
+                  <volume name="home"/>
+                  <volume name="root"/>
+                  <volume name="opt"/>
+                  <volume name="srv"/>
+          <volume name="boot/grub2/s390x-emu" mountpoint="boot/grub2/s390x-emu"/>
+                  <volume name="boot/writable"/>
+                  <volume name="usr/local"/>
+                  <volume name="var" copy_on_write="false"/>
+               </systemdisk>
+           <size unit="G">32</size>
+      </type>
+    </preferences>
+
+
+    <preferences profiles="s390-dasd">
+        <version>6.0</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <type
+          image="oem"
+          filesystem="btrfs"
+          bootpartition="true"
+          bootpartsize="300"
+          bootfilesystem="ext2"
+          initrd_system="dracut"
+          kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
+          devicepersistency="by-uuid"
+          target_blocksize="4096"
+          btrfs_root_is_snapshot="true"
+          btrfs_root_is_readonly_snapshot="true"
+          btrfs_quota_groups="true"
+      >
+            <bootloader name="grub2_s390x_emu" console="serial" timeout="3" targettype="CDL" />
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/s390x-emu" mountpoint="boot/grub2/s390x-emu"/>
+                <volume name="boot/writable"/>
+                <volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+            <size unit="G">5</size>
+      </type>
+    </preferences>
+
+
+
+    <preferences profiles="s390-fba">
+        <version>6.0</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <type
+          image="oem"
+          filesystem="btrfs"
+          bootpartition="true"
+          bootpartsize="300"
+          bootfilesystem="ext2"
+          initrd_system="dracut"
+          kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
+          devicepersistency="by-uuid"
+          btrfs_root_is_snapshot="true"
+          btrfs_root_is_readonly_snapshot="true"
+          btrfs_quota_groups="true"
+        >
+            <bootloader name="grub2_s390x_emu" console="serial" timeout="3" targettype="FBA"/>
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/s390x-emu" mountpoint="boot/grub2/s390x-emu"/>
+                <volume name="boot/writable"/>
+                <volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+            <size unit="G">5</size>
+        </type>
+    </preferences>
+
+
+    <preferences profiles="x86-vmware">
+        <version>6.0</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <type
+            image="oem"
+            filesystem="btrfs"
+            format="vmdk"
+            firmware="uefi"
+            bootpartition="false"
+            bootkernel="custom"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+        >
+            <bootloader name="grub2" console="gfxterm" />
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/i386-pc"/>
+                <volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
+                <volume name="boot/writable"/>
+                <volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+            <size unit="G">24</size>
+            <machine memory="1024" HWversion="10" guestOS="suse-64"/>
+        </type>
+    </preferences>
+    <preferences profiles="x86-qcow">
+        <version>6.0</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <type
+            image="oem"
+            format="qcow2"
+            filesystem="btrfs"
+            firmware="uefi"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
+            bootpartition="false"
+            bootkernel="custom"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+            target_blocksize="4096"
+            efipartsize="200"
+        >
+            <bootloader name="grub2" console="gfxterm" timeout="3" />
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+                <!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/i386-pc"/>
+                <volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
+                <volume name="boot/writable"/>
+                <volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+            <size unit="G">32</size>
+        </type>
+    </preferences>
+
+    <preferences profiles="aarch64-qcow">
+        <version>6.0</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+	<locale>en_US</locale>
+        <type
+            image="oem"
+            format="qcow2"
+            filesystem="btrfs"
+            firmware="uefi"
+            efipartsize="128"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
+            bootpartition="false"
+            bootkernel="custom"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+        >
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+ 		<volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
+                <volume name="boot/writable"/>
+		<volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+            <size unit="G">20</size>
+        </type>
+    </preferences>
+
+   <repository type="rpm-md" >
+        <source path='obsrepositories:/'/>
+    </repository>
+
+    <packages type="image" profiles="full">
+        <namedCollection name="base_transactional"/>
+        <package name="patterns-base-transactional"/>
+        <namedCollection name="salt_minion"/>
+	<package name="patterns-base-salt_minion"/>
+        <namedCollection name="kvm_host"/>
+	<package name="patterns-base-kvm_host"/>
+	<package name="lzop"/>
+        <namedCollection name="container_runtime_podman"/>
+        <package name="patterns-container-runtime_podman"/>
+        <namedCollection name="cockpit"/>
+        <package name="patterns-base-cockpit"/>
+        <namedCollection name="selinux"/>
+        <package name="patterns-base-selinux"/>
+        <package name="suseconnect-ng"/>
+        <package name="SL-Micro-release"/>
+        <package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
+        <package name="systemd-default-settings-branding-SLE-Micro"/>
+        <package name="firewalld"/>
+        <package name="wpa_supplicant" arch="x86_64,aarch64"/>
+	<package name="libpwquality-tools"/>
+    </packages>
+
+    <packages type="image" profiles="x86-encrypted,x86-rt-encrypted">
+        <!-- full disk encryption stuff -->
+        <package name="device-mapper"/>
+        <package name="cryptsetup"/>
+        <package name="system-user-tss"/>
+        <package name="libtss2-fapi1"/>
+        <package name="libtss2-tcti-device0"/>
+        <package name="tpm2.0-tools"/>
+        <package name="tpm2-0-tss"/>
+        <package name="fde-firstboot"/>
+    </packages>
+
+    <packages type="image" profiles="container-host">
+        <namedCollection name="base_transactional"/>
+        <package name="patterns-base-transactional"/>
+        <namedCollection name="container_runtime_podman"/>
+        <package name="patterns-container-runtime_podman"/>
+        <namedCollection name="cockpit"/>
+        <package name="patterns-base-cockpit"/>
+        <namedCollection name="selinux"/>
+        <package name="patterns-base-selinux"/>
+        <package name="suseconnect-ng"/>
+        <package name="SL-Micro-release"/>
+        <package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
+        <package name="systemd-default-settings-branding-SLE-Micro"/>
+        <package name="firewalld"/>
+	<package name="libpwquality-tools"/>
+    </packages>
+
+    <packages type="image" profiles="ecs_anywhere">
+        <package name="amazon-ssm-agent"/>
+        <package name="amazon-ecs-init"/>
+        <package name="aws-cli"/>
+        <package name="docker"/>
+    </packages>
+
+    <!-- Ignition / Combustion everywhere, cloud-init only in selected images
+    <packages type="image" profiles="aarch64-self_install,rpi,s390-dasd,s390-fba,s390-kvm,x86,x86-encrypted,x86-legacy,x86-rt,x86-rt-encrypted,x86-rt-self_install,x86-self_install"> -->
+    <packages type="image">
+        <package name="ignition"/>
+        <package name="combustion &gt;= 1.2"/> <!-- New firstboot mechanism -->
+	<package name="jeos-firstboot"/>
+    </packages>
+
+    <packages type="image" profiles="x86-qcow,x86-vmware,aarch64-qcow">
+        <package name="cloud-init"/>
+        <package name="cloud-init-config-suse"/>
+    </packages>
+
+    <packages type="image">
+        <namedCollection name="base_transactional"/>
+        <package name="patterns-base-transactional"/>
+        <namedCollection name="hardware"/>
+        <package name="patterns-base-hardware"/>
+        <package name="grub2"/>
+        <package name="glibc-locale-base"/>
+        <package name="ca-certificates"/>
+	<package name="SL-Micro-release"/>
+        <package name="systemd-default-settings-branding-SLE-Micro"/>
+        <package name="firewalld"/>
+	<package name="NetworkManager-tui"/>
+        <package name="growpart-generator"/>
+        <package name="suse-build-key"/>
+        <!-- for debugging -->
+        <package name="less"/>
+        <package name="vim-small"/>
+
+        <namedCollection name="micro_defaults"/>
+        <package name="patterns-micro-defaults"/>
+        <package name="NetworkManager"/>
+        <package name="NetworkManager-branding-SLE"/>
+	<package name="ModemManager"/>
+	<!-- FIXME does not build without control file which is obsolete
+	<package name="live-add-yast-repos"/> -->
+	<package name="parted"/> <!-- seems missing to deploy the image -->
+    </packages>
+
+    <packages type="image" profiles="bootloader">
+        <package name="grub2-i386-pc" arch="x86_64"/>
+        <package name="grub2-x86_64-efi" arch="x86_64"/>
+        <package name="grub2-arm64-efi" arch="aarch64"/>
+        <package name="grub2-s390x-emu" arch="s390x"/>
+        <package name="grub2-branding-SLE" bootinclude="true" arch="x86_64,aarch64"/>
+        <package name="grub2-snapper-plugin"/>
+        <package name="shim" arch="x86_64,aarch64"/>
+	<package name="mokutil" arch="x86_64,aarch64"/>
+	<!-- obsoleted by kiwi-settings
+	    <package name="kpartx" arch="s390x"/>--> <!-- previous releases picked it always, now kiwi picks partx instead -->
+    </packages>
+    <!-- rpi kernel-default-base does not provide all necessary drivers -->
+    <packages type="image" profiles="x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64-qcow,s390-kvm,s390-dasd,s390-fba">
+        <package name="kernel-default"/>
+        <package name="kernel-firmware-all"/>
+    </packages>
+    <packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted">
+        <package name="kernel-rt"/>
+	<package name="kernel-firmware-all"/>
+	<!-- FIXME intentionally removed from ALP code stream
+	<package name="cpuset"/> -->
+    </packages>
+    <!-- makes the image build, but also include kernel-default
+    <packages type="image" profiles="x86-rt-encrypted">
+        <package name="kernel-default-extra"/>
+    </packages> -->
+    <packages type="image" profiles="s390-kvm,s390-dasd,s390-fba">
+        <package name="dracut-kiwi-oem-repart"/>
+        <package name="blog"/>
+    </packages>
+    <packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64-qcow,rpi,aarch64-self_install">
+        <package name="dracut-kiwi-oem-repart"/>
+        <package name="dracut-kiwi-oem-dump"/>
+    </packages>
+    <packages type="image" profiles="rpi,aarch64-self_install">
+        <package name="raspberrypi-firmware" arch="aarch64"/>
+        <package name="raspberrypi-firmware-config" arch="aarch64"/>
+        <package name="raspberrypi-firmware-dt" arch="aarch64"/>
+        <package name="u-boot-rpiarm64" arch="aarch64"/>
+        <package name="dracut-kiwi-oem-repart"/>
+        <package name="bcm43xx-firmware"/>
+        <package name="kernel-firmware-all"/><!-- Fix choice between kernel-firmware and kernel-firmware-all -->
+        <package name="wireless-regdb"/>
+        <package name="wireless-tools"/>
+        <package name="wpa_supplicant"/>
+        <package name="grub2-arm64-efi"/>
+        <!-- kernel-default-base does not have all required drivers -->
+        <package name="kernel-default"/>
+    </packages>
+    <packages type="bootstrap">
+        <package name="coreutils"/>
+        <package name="filesystem"/>
+        <package name="ca-certificates"/>
+        <package name="ca-certificates-mozilla"/>
+    </packages>
+
+    <!-- bsc#1221936 -->
+    <packages type="image" profiles="x86-vmware">
+        <package name="open-vm-tools"/>
+    </packages>
+
+    <!-- bsc#1221727-->
+    <packages type="image" profiles="x86-qcow,aarch64-qcow">
+        <package name="qemu-guest-agent"/>
+    </packages>
+</image>

kiwi-builder-image/_service

@@ -1,11 +1,11 @@
 <services>
   <service mode="buildtime" name="kiwi_metainfo_helper"/>
-  <service mode="buildtime" name="docker_label_helper"/>
-  <service name="replace_using_package_version" mode="buildtime">
-    <param name="file">Dockerfile</param>
-    <param name="regex">%%cluster-api-provider-rke2_version%%</param>
-    <param name="package">cluster-api-provider-rke2-bootstrap</param>
-    <param name="parse-version">patch</param>
+  <service name="replace_using_env" mode="buildtime">
+    <param name="file">README</param>
+    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
+    <param name="var">IMG_REPO</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
+    <param name="var">IMG_PREFIX</param>
   </service>
   <service name="replace_using_env" mode="buildtime">
     <param name="file">Dockerfile</param>

kiwi-builder-image/build-image.sh

@@ -0,0 +1,93 @@
+#!/usr/bin/env bash
+# Copyright (c) 2024 SUSE LLC
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+#
+
+# Set image build defaults, blocksize is an empty string
+PROFILE="Base"
+LARGEBLOCK=false
+
+# Print usage
+usage(){
+  cat <<-EOF
+  ==============================
+  SLE Micro 6.0 Kiwi SDK Builder
+  ==============================
+
+  Usage: ${0} [-p <profile>] [-b]
+
+  Profile Options (-p):
+  * Base: RAW Disk Image with podman
+  * Base-SelfInstall: SelfInstall ISO with podman
+  * Default: RAW Disk Image with podman and kvm
+  * Default-SelfInstall: SelfInstall ISO with podman and kvm
+  * Base-RT: RAW Disk Image with kernel-rt
+  * Base-RT-SelfInstall: SelfInstall ISO with kernel-rt
+
+  4096 Blocksize (-b): If specified, use a 4096 blocksize (rather than 512) when generating the image.
+
+  NOTE: If both options are omitted, the "Base" profile with a standard "512" blocksize is used.
+EOF
+}
+
+# Grab CLI options and handle
+while getopts 'p:bh' OPTION; do
+  case "${OPTION}" in
+    p)
+      PROFILE="${OPTARG}"
+      ;;
+    b)
+      LARGEBLOCK=true
+      ;;
+    ?)
+      usage && exit 2
+      ;;
+  esac
+done
+
+# To avoid wasting time, perform the loop creation test first, and exit with a warning to re-run.
+# This only happens when the container hasn't been ran on the host before, and is avoided by mounting /dev/ into the image.
+qemu-img create /tmp/output/test.img 1M
+if LOOP=$(losetup -f --show /tmp/output/test.img); then
+  rm -f /tmp/output/test.img
+  losetup -d $LOOP
+else
+  echo -e "\nERROR: Early loop device test failed, please retry the container run."
+  exit 1
+fi
+
+# Grab local SLE Micro repos and create a list to use as part of the image build
+REPOS=`for i in $(cat /micro-sdk/repos/*.repo | awk '/baseurl/ {split($0,string,"="); print string[2]}'); do echo -n "--add-repo $i "; done`
+
+if $LARGEBLOCK; then
+  mv /micro-sdk/defs/SL-Micro.kiwi.4096 /micro-sdk/defs/SL-Micro.kiwi
+fi
+
+# Build the image
+kiwi-ng --debug --profile $PROFILE system build \
+    --description /micro-sdk/defs --target-dir /tmp/output --ignore-repos-used-for-build $REPOS
+
+# Print output
+RESULT=$?
+if [ $RESULT -eq 0 ]; then
+  echo -e "\n\nINFO: Image build successful, generated images are available in the 'output' directory."
+else
+  echo -e "\n\nERROR: Failed to build the image, please see above logs."
+fi

kiwi-builder-image/config.sh

@@ -0,0 +1,317 @@
+#!/bin/bash
+# Copyright (c) 2023 SUSE LLC
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+# 
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+# 
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# 
+#======================================
+# Functions...
+#--------------------------------------
+
+test -f /.kconfig && . /.kconfig
+test -f /.profile && . /.profile
+
+set -euxo pipefail
+
+mkdir /var/lib/misc/reconfig_system
+
+#======================================
+# Greeting...
+#--------------------------------------
+echo "Configure image: [$kiwi_iname]-[$kiwi_profiles]..."
+
+#======================================
+# This is a workaround - someone,
+# somewhere needs to load the xts crypto
+# module, otherwise luksOpen will fail while
+# creating the image.
+#--------------------------------------
+modprobe xts || true
+
+#======================================
+# add missing fonts
+#--------------------------------------
+CONSOLE_FONT="eurlatgr.psfu"
+
+#======================================
+# prepare for setting root pw, timezone
+#--------------------------------------
+echo ** "reset machine settings"
+sed -i 's/^root:[^:]*:/root:*:/' /etc/shadow
+rm /etc/machine-id
+rm /var/lib/zypp/AnonymousUniqueId
+
+#======================================
+# Setup baseproduct link
+#--------------------------------------
+suseSetupProduct
+
+#======================================
+# Specify default runlevel
+#--------------------------------------
+baseSetRunlevel 3
+
+#======================================
+# Add missing gpg keys to rpm
+#--------------------------------------
+suseImportBuildKey
+
+#======================================
+# If SELinux is installed, configure it like transactional-update setup-selinux
+#--------------------------------------
+if [[ -e /etc/selinux/config ]]; then
+	# Check if we don't have selinux already enabled.
+	grep ^GRUB_CMDLINE_LINUX_DEFAULT /etc/default/grub | grep -q security=selinux || \
+	    sed -i -e 's|\(^GRUB_CMDLINE_LINUX_DEFAULT=.*\)"|\1 security=selinux selinux=1"|g' "/etc/default/grub"
+
+	# Adjust selinux config
+	sed -i -e 's|^SELINUX=.*|SELINUX=enforcing|g' \
+	    -e 's|^SELINUXTYPE=.*|SELINUXTYPE=targeted|g' \
+	    "/etc/selinux/config"
+
+	# Move an /.autorelabel file from initial installation to writeable location
+	test -f /.autorelabel && mv /.autorelabel /etc/selinux/.autorelabel
+fi
+
+##======================================
+## Enable DHCP on eth0
+##--------------------------------------
+#cat >/etc/sysconfig/network/ifcfg-eth0 <<EOF
+#BOOTPROTO='dhcp'
+#MTU=''
+#REMOTE_IPADDR=''
+#STARTMODE='auto'
+#ETHTOOL_OPTIONS=''
+#USERCONTROL='no'
+#EOF
+
+systemctl enable NetworkManager
+systemctl enable ModemManager
+
+#======================================
+# Enable cloud-init
+#--------------------------------------
+suseInsertService cloud-init-local
+suseInsertService cloud-init
+suseInsertService cloud-config
+suseInsertService cloud-final
+
+# Enable chrony
+suseInsertService chronyd
+
+#======================================
+# Sysconfig Update
+#--------------------------------------
+echo '** Update sysconfig entries...'
+
+echo FONT="$CONSOLE_FONT" >> /etc/vconsole.conf
+
+# fix security level (boo#1171174)
+sed -e '/^PERMISSION_SECURITY=s/easy/paranoid/' /etc/sysconfig/security
+chkstat --set --system
+
+#======================================
+# SSL Certificates Configuration
+#--------------------------------------
+echo '** Rehashing SSL Certificates...'
+update-ca-certificates
+
+#======================================
+# Import trusted rpm keys
+#--------------------------------------
+for i in /usr/lib/rpm/gnupg/keys/gpg-pubkey*asc; do
+    # importing can fail if it already exists
+    rpm --import $i || true
+done
+
+# Temporary workaround for bsc#1212187
+echo "techpreview.ZYPP_MEDIANETWORK=1" >> /etc/zypp/zypp.conf
+
+#======================================
+# Enable kubelet if installed
+#--------------------------------------
+if [ -e /usr/lib/systemd/system/kubelet.service ]; then
+	suseInsertService kubelet
+fi
+
+# Adjust zypp conf
+# https://github.com/openSUSE/libzypp/issues/212
+# in yast that's done in packager/cfa/zypp_conf.rb
+sed -i 's/.*solver.onlyRequires.*/solver.onlyRequires = true/g' /etc/zypp/zypp.conf
+sed -i 's/.*rpm.install.excludedocs.*/rpm.install.excludedocs = yes/g' /etc/zypp/zypp.conf
+sed -i 's/^multiversion =.*/multiversion =/g' /etc/zypp/zypp.conf
+
+#=====================================
+# Configure snapper
+#-------------------------------------
+if [ "${kiwi_btrfs_root_is_snapshot-false}" = 'true' ]; then
+        echo "creating initial snapper config ..."
+        cp /usr/share/snapper/config-templates/default /etc/snapper/configs/root
+        baseUpdateSysConfig /etc/sysconfig/snapper SNAPPER_CONFIGS root
+
+	# Adjust parameters
+	sed -i'' 's/^TIMELINE_CREATE=.*$/TIMELINE_CREATE="no"/g' /etc/snapper/configs/root
+	sed -i'' 's/^NUMBER_LIMIT=.*$/NUMBER_LIMIT="2-10"/g' /etc/snapper/configs/root
+	sed -i'' 's/^NUMBER_LIMIT_IMPORTANT=.*$/NUMBER_LIMIT_IMPORTANT="4-10"/g' /etc/snapper/configs/root
+fi
+
+# Enable jeos-firstboot if installed, disabled by combustion/ignition
+if rpm -q --whatprovides jeos-firstboot >/dev/null; then
+        mkdir -p /var/lib/YaST2
+        touch /var/lib/YaST2/reconfig_system
+        systemctl enable jeos-firstboot.service
+fi
+
+# Enable cloud-init if installed
+if rpm -q --whatprovides cloud-init >/dev/null; then
+	systemctl enable cloud-init
+	systemctl enable cloud-init-local
+fi
+
+# The %post script can't edit /etc/fstab sys due to https://github.com/OSInside/kiwi/issues/945
+# so use the kiwi custom hack
+cat >/etc/fstab.script <<"EOF"
+#!/bin/sh
+set -eux
+
+/usr/sbin/setup-fstab-for-overlayfs
+# If /var is on a different partition than /...
+if [ "$(findmnt -snT / -o SOURCE)" != "$(findmnt -snT /var -o SOURCE)" ]; then
+	# ... set options for autoexpanding /var
+	gawk -i inplace '$2 == "/var" { $4 = $4",x-growpart.grow,x-systemd.growfs" } { print $0 }' /etc/fstab
+fi
+EOF
+chmod a+x /etc/fstab.script
+
+# To make x-systemd.growfs work from inside the initrd
+cat >/etc/dracut.conf.d/50-microos-growfs.conf <<"EOF"
+install_items+=" /usr/lib/systemd/systemd-growfs "
+EOF
+
+#======================================
+# Add repos from control.xml
+#--------------------------------------
+if [ -x /usr/sbin/add-yast-repos ]; then
+	add-yast-repos
+	zypper --non-interactive rm -u live-add-yast-repos
+fi
+
+#======================================
+# Configure SelfInstall specifics
+#--------------------------------------
+if [[ "$kiwi_profiles" == *"SelfInstall"* ]]; then
+	cat > /etc/systemd/system/selfinstallbootloader.service <<-EOF
+	[Unit]
+	Description=
+	After=systemd-machine-id-commit.service
+	Before=jeos-firstboot.service
+	
+	[Service]
+	Type=oneshot
+	ExecStart=rm /etc/systemd/system/selfinstallbootloader.service
+	ExecStart=rm /etc/systemd/system/default.target.wants/selfinstallbootloader.service
+	ExecStart=/sbin/transactional-update bootloader
+	ExecStart=/sbin/transactional-update apply
+
+	[Install]
+	WantedBy=default.target
+	EOF
+	ln -s /etc/systemd/system/selfinstallbootloader.service /etc/systemd/system/default.target.wants/selfinstallbootloader.service
+fi
+
+#======================================
+# Boot TimeOut Configuration for iSCSI
+#--------------------------------------
+cat > /etc/systemd/system/iscsi-init-delay.service <<-EOF
+[Unit]
+# Workaround for boo#1198457 delay gen-initiatorname after local-fs
+Description=One time delay for the iscsid.service
+ConditionPathExists=!/etc/iscsi/initiatorname.iscsi
+ConditionPathExists=/sbin/iscsi-gen-initiatorname
+DefaultDependencies=no
+RequiresMountsFor=/etc/iscsi
+After=local-fs.target
+Before=iscsi-init.service
+
+[Install]
+WantedBy=default.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=no
+ExecStart=/sbin/iscsi-gen-initiatorname
+EOF
+ln -s /etc/systemd/system/iscsi-init-delay.service /etc/systemd/system/default.target.wants/iscsi-init-delay.service
+
+#======================================
+# Configure Pine64 specifics
+#--------------------------------------
+if [[ "$kiwi_profiles" == *"Pine64" ]]; then
+    echo 'add_drivers+=" fixed sunxi-mmc axp20x-regulator axp20x-rsb "' > /etc/dracut.conf.d/sunxi_modules.conf
+fi
+
+#======================================
+# Configure Raspberry Pi specifics
+#--------------------------------------
+if [[ "$kiwi_profiles" == *"RaspberryPi"* ]]; then
+	# Add necessary kernel modules to initrd (will disappear with bsc#1084272)
+	echo 'add_drivers+=" bcm2835_dma dwc2 "' > /etc/dracut.conf.d/raspberrypi_modules.conf
+
+	# Add necessary kernel modules to initrd (will disappear with boo#1162669)
+	echo 'add_drivers+=" pcie-brcmstb "' >> /etc/dracut.conf.d/raspberrypi_modules.conf
+
+	# Work around network issues
+  	cat > /etc/modprobe.d/50-rpi3.conf <<-EOF
+		# Prevent too many page allocations (bsc#1012449)
+		options smsc95xx turbo_mode=N
+	EOF
+
+	cat > /usr/lib/sysctl.d/50-rpi3.conf <<-EOF
+		# Avoid running out of DMA pages for smsc95xx (bsc#1012449)
+		vm.min_free_kbytes = 2048
+	EOF
+fi
+
+#======================================
+# Configure Vagrant specifics
+#--------------------------------------
+if [[ "$kiwi_profiles" == *"Vagrant"* ]]; then
+        # create vagrant user
+        useradd vagrant
+        # allow password-less sudo
+        echo "vagrant ALL=(ALL)NOPASSWD:ALL" > /etc/sudoers.d/vagrant
+        # add vagrant's insecure key
+        mkdir -p /home/vagrant/.ssh
+        chmod 0700 /home/vagrant/.ssh
+        cat > /home/vagrant/.ssh/authorized_keys << EOF
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key
+EOF
+        chmod 0600 /home/vagrant/.ssh/authorized_keys
+        chown -R vagrant /home/vagrant
+fi
+
+#======================================
+# cloud-init specific settings
+#--------------------------------------
+# We do not want cloud-init to run in an environment when there is no data
+# source found. bsc#1222113
+if [[ "$kiwi_profiles" =~ ^(x86-qcow|x86-vmware|aarch64-qcow)$ ]]; then
+    echo "policy: search,found=all,maybe=disabled,notfound=disabled" > /etc/cloud/ds-identify.cfg
+fi
+
+exit 0

kube-rbac-proxy/kube-rbac-proxy.spec

@@ -24,7 +24,7 @@ License:        Apache-2.0
 URL:            https://github.com/brancz/kube-rbac-proxy
 Source:         kube-rbac-proxy-%{version}.tar.gz
 Source1:        vendor.tar.gz
-BuildRequires:  golang(API) = 1.22
+BuildRequires:  golang(API) = 1.23
 ExcludeArch:    s390
 ExcludeArch:    %{ix86}
 

kubectl-image/Dockerfile

@@ -0,0 +1,34 @@
+# SPDX-License-Identifier: Apache-2.0
+#!BuildTag: %%IMG_PREFIX%%kubectl:1.30.3
+#!BuildTag: %%IMG_PREFIX%%kubectl:1.30.3-%RELEASE%
+#!BuildVersion: 15.6
+ARG SLE_VERSION
+FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
+
+FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
+COPY --from=micro / /installroot/
+RUN zypper --installroot /installroot --non-interactive install --no-recommends kubectl; zypper -n clean; rm -rf /var/log/*
+
+FROM micro AS final
+
+# Define labels according to https://en.opensuse.org/Building_derived_containers
+# labelprefix=com.suse.application.kubectl
+LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
+LABEL org.opencontainers.image.title="SLE kubectl image"
+LABEL org.opencontainers.image.description="kubectl on the SLE Base Container Image."
+LABEL org.opencontainers.image.version="1.30.3"
+LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
+LABEL org.opencontainers.image.created="%BUILDTIME%"
+LABEL org.opencontainers.image.vendor="SUSE LLC"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.30.3-%RELEASE%"
+LABEL org.openbuildservice.disturl="%DISTURL%"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
+LABEL com.suse.eula="SUSE Combined EULA February 2024"
+LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
+LABEL com.suse.image-type="application"
+LABEL com.suse.release-stage="released"
+# endlabelprefix
+
+COPY --from=base /installroot /
+
+ENTRYPOINT ["/usr/bin/kubectl"]

kubectl-image/_service

@@ -1,12 +1,5 @@
 <services>
   <service mode="buildtime" name="kiwi_metainfo_helper"/>
-  <service mode="buildtime" name="docker_label_helper"/>
-  <service name="replace_using_package_version" mode="buildtime">
-    <param name="file">Dockerfile</param>
-    <param name="regex">%%ip-address-manager_version%%</param>
-    <param name="package">ip-address-manager</param>
-    <param name="parse-version">patch</param>
-  </service>
   <service name="replace_using_env" mode="buildtime">
     <param name="file">Dockerfile</param>
     <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>

kubectl/kubectl.spec

@@ -1,6 +1,6 @@
 %global debug_package %{nil}
 
-Name: kubectl-1303
+Name: kubectl
 Version: 1.30.3
 Release: 0
 Summary: Command-line utility for interacting with a Kubernetes cluster

kubevirt-chart/Chart.yaml

@@ -0,0 +1,9 @@
+#!BuildTag: %%IMG_PREFIX%%kubevirt-chart:%%CHART_MAJOR%%.0.0_up0.4.0-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%kubevirt-chart:%%CHART_MAJOR%%.0.0_up0.4.0
+apiVersion: v2
+appVersion: 1.3.1
+description: A Helm chart for KubeVirt
+icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/kubevirt/icon/color/kubevirt-icon-color.svg
+name: kubevirt
+type: application
+version: "%%CHART_MAJOR%%.0.0+up0.4.0"

kubevirt-chart/_service

@@ -0,0 +1,10 @@
+<services>
+  <service mode="buildtime" name="kiwi_metainfo_helper"/>
+  <service name="replace_using_env" mode="buildtime">
+    <param name="file">Chart.yaml</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
+    <param name="var">IMG_PREFIX</param>
+    <param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
+    <param name="var">CHART_MAJOR</param>
+  </service>
+</services>

kubevirt-chart/app-readme.md

@@ -0,0 +1 @@
+KubeVirt is a virtual machine management add-on for Kubernetes. The aim is to provide a common ground for virtualization solutions on top of Kubernetes.

kubevirt-chart/templates/NOTES.txt

@@ -0,0 +1,2 @@
+Verify that all KubeVirt components are installed correctly:
+  kubectl get all -n {{ .Release.Namespace }}

kubevirt-chart/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "kubevirt.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "kubevirt.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "kubevirt.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "kubevirt.labels" -}}
+helm.sh/chart: {{ include "kubevirt.chart" . }}
+{{ include "kubevirt.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "kubevirt.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "kubevirt.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "kubevirt.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "kubevirt.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

kubevirt-chart/templates/_hooks.tpl

@@ -0,0 +1,47 @@
+{{/* Hook annotations */}}
+{{- define "kubevirt.hook.annotations" -}}
+  annotations:
+    "helm.sh/hook": {{ .hookType }}
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+    "helm.sh/hook-weight": {{ .hookWeight | quote }}
+{{- end -}}
+
+{{/* Namespace modifying hook annotations */}}
+{{- define "kubevirt.namespaceHook.annotations" -}}
+{{ template "kubevirt.hook.annotations" merge (dict "hookType" "pre-install") . }}
+{{- end -}}
+
+{{/* CRD upgrading hook annotations */}}
+{{- define "kubevirt.crdUpgradeHook.annotations" -}}
+{{ template "kubevirt.hook.annotations" merge (dict "hookType" "pre-upgrade") . }}
+{{- end -}}
+
+{{/* Custom resource uninstalling hook annotations */}}
+{{- define "kubevirt.crUninstallHook.annotations" -}}
+{{ template "kubevirt.hook.annotations" merge (dict "hookType" "pre-delete") . }}
+{{- end -}}
+
+{{/* CRD uninstalling hook annotations */}}
+{{- define "kubevirt.crdUninstallHook.annotations" -}}
+{{ template "kubevirt.hook.annotations" merge (dict "hookType" "post-delete") . }}
+{{- end -}}
+
+{{/* Namespace modifying hook name */}}
+{{- define "kubevirt.namespaceHook.name" -}}
+{{ include "kubevirt.fullname" . }}-namespace-modify
+{{- end }}
+
+{{/* CRD upgrading hook name */}}
+{{- define "kubevirt.crdUpgradeHook.name" -}}
+{{ include "kubevirt.fullname" . }}-crd-upgrade
+{{- end }}
+
+{{/* Custom resource uninstalling hook name */}}
+{{- define "kubevirt.crUninstallHook.name" -}}
+{{ include "kubevirt.fullname" . }}-uninstall
+{{- end }}
+
+{{/* CRD uninstalling hook name */}}
+{{- define "kubevirt.crdUninstallHook.name" -}}
+{{ include "kubevirt.fullname" . }}-crd-uninstall
+{{- end }}

kubevirt-chart/templates/crd-uninstall-hooks.yaml

@@ -0,0 +1,55 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "kubevirt.crdUninstallHook.name" . }}
+  {{ template "kubevirt.crdUninstallHook.annotations" (dict "hookWeight" 1) }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "kubevirt.crdUninstallHook.name" . }}
+  {{ template "kubevirt.crdUninstallHook.annotations" (dict "hookWeight" 1) }}
+rules:
+  - apiGroups: [ "apiextensions.k8s.io" ]
+    resources: [ "customresourcedefinitions" ]
+    resourceNames:
+      - "kubevirts.kubevirt.io"
+    verbs: [ "delete" ]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "kubevirt.crdUninstallHook.name" . }}
+  {{ template "kubevirt.crdUninstallHook.annotations" (dict "hookWeight" 2) }}
+subjects:
+  - kind: ServiceAccount
+    namespace: {{ .Release.Namespace }}
+    name: {{ template "kubevirt.crdUninstallHook.name" . }}
+roleRef:
+  kind: ClusterRole
+  name: {{ template "kubevirt.crdUninstallHook.name" . }}
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "kubevirt.crdUninstallHook.name" . }}
+  {{ template "kubevirt.crdUninstallHook.annotations" (dict "hookWeight" 3) }}
+spec:
+  template:
+    metadata:
+      name: {{ template "kubevirt.crdUninstallHook.name" . }}
+    spec:
+      serviceAccountName: {{ template "kubevirt.crdUninstallHook.name" . }}
+      restartPolicy: {{ .Values.hookRestartPolicy }}
+      containers:
+        - name: {{ template "kubevirt.crdUninstallHook.name" . }}
+          image: {{ .Values.hookImage }}
+          args:
+            - delete
+            - customresourcedefinitions
+            - kubevirts.kubevirt.io
+          securityContext:
+            {{- toYaml .Values.hookSecurityContext | nindent 12 }}

kubevirt-chart/templates/crd-upgrade-hooks.yaml

@@ -0,0 +1,80 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: kubevirt-crd-manifest
+  {{ template "kubevirt.crdUpgradeHook.annotations" (dict "hookWeight" 1) }}
+data:
+  crd: |-
+    {{ $.Files.Get "crds/kubevirt.yaml" | nindent 4 }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "kubevirt.crdUpgradeHook.name" . }}
+  {{ template "kubevirt.crdUpgradeHook.annotations" (dict "hookWeight" 2) }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "kubevirt.crdUpgradeHook.name" . }}
+  {{ template "kubevirt.crdUpgradeHook.annotations" (dict "hookWeight" 2) }}
+rules:
+  - apiGroups: [ "" ]
+    resources: [ "configmaps" ]
+    resourceNames:
+      - "kubevirt-crd-manifest"
+    verbs: [ "get" ]
+  - apiGroups: [ "apiextensions.k8s.io" ]
+    resources: [ "customresourcedefinitions" ]
+    resourceNames:
+      - "kubevirts.kubevirt.io"
+    verbs: [ "get", "patch" ]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "kubevirt.crdUpgradeHook.name" . }}
+  {{ template "kubevirt.crdUpgradeHook.annotations" (dict "hookWeight" 3) }}
+subjects:
+  - kind: ServiceAccount
+    namespace: {{ .Release.Namespace }}
+    name: {{ template "kubevirt.crdUpgradeHook.name" . }}
+roleRef:
+  kind: ClusterRole
+  name: {{ template "kubevirt.crdUpgradeHook.name" . }}
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "kubevirt.crdUpgradeHook.name" . }}
+  {{ template "kubevirt.crdUpgradeHook.annotations" (dict "hookWeight" 4) }}
+spec:
+  template:
+    metadata:
+      name: {{ template "kubevirt.crdUpgradeHook.name" . }}
+    spec:
+      serviceAccountName: {{ template "kubevirt.crdUpgradeHook.name" . }}
+      restartPolicy: {{ .Values.hookRestartPolicy }}
+      containers:
+        - name: {{ template "kubevirt.crdUpgradeHook.name" . }}
+          securityContext:
+            {{- toYaml .Values.hookSecurityContext | nindent 12 }}
+          image: {{ .Values.hookImage }}
+          args:
+            - apply
+            - -f
+            - /etc/manifests/crd.yaml
+          volumeMounts:
+            - name: crd-volume
+              mountPath: /etc/manifests
+      volumes:
+        - name: crd-volume
+          configMap:
+            name: kubevirt-crd-manifest
+            items:
+              - key: crd
+                path: crd.yaml

kubevirt-chart/templates/kubevirt-uninstall-hooks.yaml

@@ -0,0 +1,71 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "kubevirt.crUninstallHook.name" . }}
+  {{ template "kubevirt.crUninstallHook.annotations" (dict "hookWeight" 1) }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "kubevirt.crUninstallHook.name" . }}
+  {{ template "kubevirt.crUninstallHook.annotations" (dict "hookWeight" 1) }}
+rules:
+  - apiGroups: [ "kubevirt.io" ]
+    resources: [ "kubevirts" ]
+    resourceNames:
+      - "kubevirt"
+    verbs: [ "get", "list", "delete" ]
+  - apiGroups: [ "apps" ]
+    resources: [ "deployments", "daemonsets" ]
+    verbs: [ "get", "list" ]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "kubevirt.crUninstallHook.name" . }}
+  {{ template "kubevirt.crUninstallHook.annotations" (dict "hookWeight" 2) }}
+subjects:
+  - kind: ServiceAccount
+    namespace: {{ .Release.Namespace }}
+    name: {{ template "kubevirt.crUninstallHook.name" . }}
+roleRef:
+  kind: Role
+  name: {{ template "kubevirt.crUninstallHook.name" . }}
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "kubevirt.crUninstallHook.name" . }}
+  {{ template "kubevirt.crUninstallHook.annotations" (dict "hookWeight" 3) }}
+spec:
+  template:
+    metadata:
+      name: {{ template "kubevirt.crUninstallHook.name" . }}
+    spec:
+      serviceAccountName: {{ template "kubevirt.crUninstallHook.name" . }}
+      restartPolicy: {{ .Values.hookRestartPolicy }}
+      containers:
+        - name: {{ template "kubevirt.crUninstallHook.name" . }}
+          image: {{ .Values.hookImage }}
+          securityContext:
+            {{- toYaml .Values.hookSecurityContext | nindent 12 }}
+          args:
+            - delete
+            - kubevirt
+            - kubevirt
+        - name: {{ template "kubevirt.crUninstallHook.name" . }}-cleanup
+          image: {{ .Values.hookImage }}
+          securityContext:
+            {{- toYaml .Values.hookSecurityContext | nindent 12 }}
+          args:
+            - wait
+            - --for=delete
+            - deployments/virt-api
+            - deployments/virt-controller
+            - daemonsets/virt-handler
+            - --timeout=60s

kubevirt-chart/templates/kubevirt.yaml

@@ -0,0 +1,32 @@
+apiVersion: kubevirt.io/v1
+kind: KubeVirt
+metadata:
+  name: kubevirt
+  namespace: {{ .Release.Namespace }}
+spec:
+  {{- with .Values.kubevirt.configuration }}
+  configuration:
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.kubevirt.customizeComponents }}
+  customizeComponents:
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
+  imagePullPolicy: {{ .Values.kubevirt.imagePullPolicy }}
+  {{- with .Values.kubevirt.infra }}
+  infra:
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- if .Values.kubevirt.uninstallStrategy }}
+  uninstallStrategy: {{ .Values.kubevirt.uninstallStrategy }}
+  {{- end }}
+  {{- with .Values.kubevirt.workloadUpdateStrategy }}
+  workloadUpdateStrategy:
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- if .Values.kubevirt.monitorNamespace }}
+  monitorNamespace: {{ .Values.kubevirt.monitorNamespace }}
+  {{- end }}
+  {{- if .Values.kubevirt.monitorAccount }}
+  monitorAccount: {{ .Values.kubevirt.monitorAccount }}
+  {{- end }}

kubevirt-chart/templates/namespace-hooks.yaml

@@ -0,0 +1,60 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "kubevirt.namespaceHook.name" . }}
+  {{ template "kubevirt.namespaceHook.annotations" (dict "hookWeight" 1) }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "kubevirt.namespaceHook.name" . }}
+  {{ template "kubevirt.namespaceHook.annotations" (dict "hookWeight" 1) }}
+rules:
+  - apiGroups: [ "" ]
+    resources: [ "namespaces" ]
+    resourceNames:
+      - {{ .Release.Namespace | quote }}
+    verbs: [ "get", "patch" ]
+  - apiGroups: [ "management.cattle.io" ] # Rancher
+    resources: [ "projects" ]
+    verbs: [ "updatepsa" ]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "kubevirt.namespaceHook.name" . }}
+  {{ template "kubevirt.namespaceHook.annotations" (dict "hookWeight" 2) }}
+subjects:
+  - kind: ServiceAccount
+    namespace: {{ .Release.Namespace }}
+    name: {{ template "kubevirt.namespaceHook.name" . }}
+roleRef:
+  kind: ClusterRole
+  name: {{ template "kubevirt.namespaceHook.name" . }}
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "kubevirt.namespaceHook.name" . }}
+  {{ template "kubevirt.namespaceHook.annotations" (dict "hookWeight" 3) }}
+spec:
+  template:
+    metadata:
+      name: {{ template "kubevirt.namespaceHook.name" . }}
+    spec:
+      serviceAccountName: {{ template "kubevirt.namespaceHook.name" . }}
+      restartPolicy: {{ .Values.hookRestartPolicy }}
+      containers:
+        - name: {{ template "kubevirt.namespaceHook.name" . }}
+          securityContext:
+            {{- toYaml .Values.hookSecurityContext | nindent 12 }}
+          image: {{ .Values.hookImage }}
+          args:
+            - label
+            - namespace
+            - {{ .Release.Namespace }}
+            - kubevirt.io=
+            - pod-security.kubernetes.io/enforce=privileged

kubevirt-chart/values.yaml

@@ -0,0 +1,34 @@
+operator:
+  image: registry.suse.com/suse/sles/15.6/virt-operator
+  version: 1.3.1-150600.5.9.1
+  pullPolicy: IfNotPresent
+
+kubevirt:
+  # Holds kubevirt configurations. Same as the virt-configMap.
+  configuration: {}
+  customizeComponents: {}
+  # The ImagePullPolicy to use.
+  imagePullPolicy: IfNotPresent
+  # Selectors and tolerations that should apply to KubeVirt infrastructure components.
+  infra: {}
+  # Specifies if KubeVirt can be deleted if workloads are still present.
+  # This is mainly a precaution to avoid accidental data loss.
+  uninstallStrategy: ""
+  # WorkloadUpdateStrategy defines at the cluster level how to handle automated workload updates.
+  workloadUpdateStrategy: {}
+  # Optionally enable ServiceMonitor for prometheus, see
+  # https://kubevirt.io/user-guide/user_workloads/component_monitoring/
+  monitorAccount: ""
+  monitorNamespace: ""
+
+hookImage: rancher/kubectl:v1.30.2
+hookRestartPolicy: OnFailure
+hookSecurityContext:
+  seccompProfile:
+    type: RuntimeDefault
+  runAsNonRoot: true
+  runAsUser: 1000
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+      - ALL

kubevirt-dashboard-extension-chart/Chart.yaml

@@ -0,0 +1,20 @@
+#!BuildTag: %%IMG_PREFIX%%kubevirt-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.1
+#!BuildTag: %%IMG_PREFIX%%kubevirt-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.1-%RELEASE%
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: KubeVirt
+  catalog.cattle.io/kube-version: '>= v1.26.0-0'
+  catalog.cattle.io/namespace: cattle-ui-plugin-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux, windows
+  catalog.cattle.io/rancher-version: '>= 2.10.0-0'
+  catalog.cattle.io/scope: management
+  catalog.cattle.io/ui-component: plugins
+  catalog.cattle.io/ui-extensions-version: ">= 3.0.0 < 4.0.0"
+apiVersion: v2
+appVersion: 1.2.1
+description: 'SUSE Edge: KubeVirt extension for Rancher Dashboard'
+icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/kubevirt/icon/color/kubevirt-icon-color.svg
+name: kubevirt-dashboard-extension
+type: application
+version: "%%CHART_MAJOR%%.0.0+up1.2.1"

kubevirt-dashboard-extension-chart/README.md

@@ -0,0 +1,6 @@
+# SUSE Edge: KubeVirt extension for Rancher Dashboard
+
+An Edge focused extension for Rancher Dashboard allowing to monitor and interact virtual machine based workloads.
+
+For more information on SUSE Edge see https://suse-edge.github.io/ \
+For more information on Kubevirt see https://kubevirt.io/

kubevirt-dashboard-extension-chart/_service

@@ -0,0 +1,17 @@
+<services>
+  <service mode="buildtime" name="kiwi_metainfo_helper"/>
+  <service name="replace_using_env" mode="buildtime">
+    <param name="file">values.yaml</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
+    <param name="var">IMG_PREFIX</param>
+    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
+    <param name="var">IMG_REPO</param>
+  </service>
+  <service name="replace_using_env" mode="buildtime">
+    <param name="file">Chart.yaml</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
+    <param name="var">IMG_PREFIX</param>
+    <param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
+    <param name="var">CHART_MAJOR</param>
+  </service>
+</services>

kubevirt-dashboard-extension-chart/templates/_helpers.tpl

@@ -0,0 +1,63 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "extension-server.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "extension-server.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "extension-server.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "extension-server.labels" -}}
+helm.sh/chart: {{ include "extension-server.chart" . }}
+{{ include "extension-server.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "extension-server.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "extension-server.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Pkg annotations
+*/}}
+{{- define "extension-server.pluginMetadata" -}}
+{{- with .Values.plugin.metadata }}
+{{- range $key, $value := . }}
+{{ $key }}: {{ $value | quote }}
+{{- end }}
+{{- end }}
+{{- end }}

kubevirt-dashboard-extension-chart/templates/cr.yaml

@@ -0,0 +1,14 @@
+apiVersion: catalog.cattle.io/v1
+kind: UIPlugin
+metadata:
+  name: {{ include "extension-server.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels: {{ include "extension-server.labels" . | nindent 4 }}
+spec:
+  plugin:
+    name: {{ include "extension-server.fullname" . }}
+    version: {{ (semver (default .Chart.AppVersion .Values.plugin.versionOverride)).Original }}
+    endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/kubevirt-dashboard-extension/1.2.1
+    noCache: {{ .Values.plugin.noCache }}
+    noAuth: {{ .Values.plugin.noAuth }}
+    metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }}

kubevirt-dashboard-extension-chart/values.yaml

@@ -0,0 +1,12 @@
+nameOverride: ""
+fullnameOverride: ""
+plugin:
+  enabled: true
+  versionOverride: ""
+  noCache: false
+  noAuth: false
+  metadata:
+    catalog.cattle.io/display-name: KubeVirt
+    catalog.cattle.io/rancher-version: ">= 2.10.0-0"
+    catalog.cattle.io/ui-extensions-version: ">= 3.0.0 < 4.0.0"
+    catalog.cattle.io/kube-version: ">= v1.26.0-0"

metal3-chart/Chart.yaml

@@ -1,17 +1,18 @@
-#!BuildTag: %%IMG_PREFIX%%metal3-chart:0.8.1
-#!BuildTag: %%IMG_PREFIX%%metal3-chart:0.8.1-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.0_up0.9.0
+#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.0_up0.9.0-%RELEASE%
 apiVersion: v2
-appVersion: 1.16.0
+appVersion: 0.9.0
 dependencies:
 - alias: metal3-baremetal-operator
   name: baremetal-operator
   repository: file://./charts/baremetal-operator
-  version: 0.5.0
+  version: 0.6.0
 - alias: metal3-ironic
   name: ironic
   repository: file://./charts/ironic
-  version: 0.7.0
+  version: 0.8.0
 - alias: metal3-mariadb
+  condition: global.enable_mariadb
   name: mariadb
   repository: file://./charts/mariadb
   version: 0.5.4
@@ -19,9 +20,9 @@ dependencies:
   condition: global.enable_metal3_media_server
   name: media
   repository: file://./charts/media
-  version: 0.5.0
+  version: 0.6.0
 description: A Helm chart that installs all of the dependencies needed for Metal3
 icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg
 name: metal3
 type: application
-version: 0.8.1
+version: "%%CHART_MAJOR%%.0.0+up0.9.0"

metal3-chart/_service

@@ -11,5 +11,7 @@
     <param name="file">Chart.yaml</param>
     <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
     <param name="var">IMG_PREFIX</param>
+    <param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
+    <param name="var">CHART_MAJOR</param>
   </service>
 </services>

metal3-chart/charts/baremetal-operator/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
-appVersion: 0.6.1
+appVersion: 0.8.0
 description: A Helm chart for baremetal-operator, used by Metal3
 name: baremetal-operator
 type: application
-version: 0.5.0
+version: 0.6.0

metal3-chart/charts/baremetal-operator/crds/customresource-baremetalhosts.yaml

@@ -39,11 +39,6 @@ spec:
       name: BMC
       priority: 1
       type: string
-    - description: The type of hardware detected
-      jsonPath: .status.hardwareProfile
-      name: Hardware_Profile
-      priority: 1
-      type: string
     - description: Whether the host is online or not
       jsonPath: .spec.online
       name: Online
@@ -740,6 +735,7 @@ spec:
                 type: object
               hardwareProfile:
                 description: The name of the profile matching the hardware details.
+                  Hardware profiles are deprecated and should not be relied on.
                 type: string
               lastUpdated:
                 description: LastUpdated identifies when this status was last observed.
@@ -1136,7 +1132,6 @@ spec:
             required:
             - errorCount
             - errorMessage
-            - hardwareProfile
             - operationalStatus
             - poweredOn
             - provisioning

metal3-chart/charts/baremetal-operator/templates/configmap-ironic.yaml

@@ -3,14 +3,12 @@
   {{- $protocol := ternary "https" "http" $enableTLS }}
   {{- $ironicIP := .Values.global.ironicIP | default "" }}
   {{- $ironicApiHost := print $ironicIP ":6385" }}
-  {{- $ironicInspectorHost := print $ironicIP ":5050" }}
   {{- $ironicBootHost := print $ironicIP ":6180" }}
   {{- $ironicCacheHost := print $ironicIP ":6180" }}
 
 apiVersion: v1
 data:
   IRONIC_ENDPOINT: "{{ $protocol }}://{{ $ironicApiHost }}/v1/"
-  IRONIC_INSPECTOR_ENDPOINT: "{{ $protocol }}://{{ $ironicInspectorHost }}/v1/"
   RESTART_CONTAINER_CERTIFICATE_UPDATED: "false"
   # Switch VMedia to HTTP if enable_vmedia_tls is false
   {{- if and $enableTLS $enableVMediaTLS }}

metal3-chart/charts/baremetal-operator/templates/deployment.yaml

@@ -78,14 +78,6 @@ spec:
           mountPath: "/opt/metal3/auth/ironic/password"
           subPath: password
           readOnly: true
-        - name: ironic-inspector-basic-auth
-          mountPath: "/opt/metal3/auth/ironic-inspector/username"
-          subPath: username
-          readOnly: true
-        - name: ironic-inspector-basic-auth
-          mountPath: "/opt/metal3/auth/ironic-inspector/password"
-          subPath: password
-          readOnly: true
         {{- end }}
         {{- if .Values.global.enable_tls }}
         - name: cacert
@@ -116,9 +108,6 @@ spec:
       - name: ironic-basic-auth
         secret:
           secretName: ironic-basic-auth
-      - name: ironic-inspector-basic-auth
-        secret:
-          secretName: ironic-inspector-basic-auth
       {{- end }}
       {{- if .Values.global.enable_tls }}
       - name: cacert

metal3-chart/charts/baremetal-operator/values.yaml

@@ -28,11 +28,11 @@ images:
   baremetalOperator:
     repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/baremetal-operator
     pullPolicy: IfNotPresent
-    tag: "0.6.1"
+    tag: "0.8.0"
   rbacProxy:
     repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/kube-rbac-proxy
     pullPolicy: IfNotPresent
-    tag: "v0.14.2"
+    tag: "0.18.1"
 
 imagePullSecrets: []
 nameOverride: "manger"

metal3-chart/charts/ironic/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
-appVersion: 24.1.2
+appVersion: 26.1.2
 description: A Helm chart for Ironic, used by Metal3
 name: ironic
 type: application
-version: 0.7.0
+version: 0.8.0

metal3-chart/charts/ironic/templates/_helpers.tpl

@@ -77,9 +77,6 @@ Get ironic CA volumeMounts
 - name: cert-ironic-ca
   mountPath: "/certs/ca/ironic"
   readOnly: true
-- name: cert-ironic-inspector-ca
-  mountPath: "/certs/ca/ironic-inspector"
-  readOnly: true
 {{- if .Values.global.enable_vmedia_tls }}
 - name: cert-ironic-vmedia-ca
   mountPath: "/certs/ca/vmedia"

metal3-chart/charts/ironic/templates/certificates.yaml

@@ -25,19 +25,6 @@ spec:
     kind: Issuer
     name: ca-issuer
   secretName: ironic-cert
----
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: ironic-inspector-cert
-spec:
-  commonName: ironic-inspector-cert
-  ipAddresses:
-  - {{ .Values.global.ironicIP }}
-  issuerRef:
-    kind: Issuer
-    name: ca-issuer
-  secretName: ironic-inspector-cert
 {{- if .Values.global.enable_vmedia_tls }}
 ---
 apiVersion: cert-manager.io/v1

metal3-chart/charts/ironic/templates/configmap.yaml

@@ -10,7 +10,6 @@ data:
   {{- $protocol := ternary "https" "http" $enableTLS }}
   {{- $ironicIP := .Values.global.ironicIP | default "" }}
   {{- $ironicApiHost := print $ironicIP ":6385" }}
-  {{- $ironicInspectorHost := print $ironicIP ":5050" }}
   {{- $ironicBootHost := print $ironicIP ":6180" }}
   {{- $ironicCacheHost := print $ironicIP ":6180" }}
 
@@ -25,15 +24,11 @@ data:
   {{- end }}
   HTTP_PORT: "6180"
   PREDICTABLE_NIC_NAMES: "{{ .Values.global.predictableNicNames }}"
-  USE_IRONIC_INSPECTOR: "true"
+  USE_IRONIC_INSPECTOR: "false"
   IRONIC_API_BASE_URL: {{ $protocol }}://{{ $ironicApiHost }}
   IRONIC_API_HOST: {{ $ironicApiHost }}
   IRONIC_API_HTTPD_SERVER_NAME: {{ $ironicApiHost }}
   IRONIC_ENDPOINT: {{ $protocol }}://{{ $ironicApiHost }}/v1/
-  IRONIC_INSPECTOR_BASE_URL: {{ $protocol }}://{{ $ironicInspectorHost }}
-  IRONIC_INSPECTOR_ENDPOINT: {{ $protocol }}://{{ $ironicInspectorHost }}/v1/
-  IRONIC_INSPECTOR_HOST: {{ $ironicInspectorHost }}
-  IRONIC_INSPECTOR_HTTPD_SERVER_NAME: {{ $ironicInspectorHost }}
   # Switch VMedia to HTTP if enable_vmedia_tls is false
   {{- if and $enableTLS $enableVMediaTLS }}
     {{- $ironicBootHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
@@ -55,11 +50,9 @@ data:
   {{- if .Values.global.provisioningIP }}
   PROVISIONING_IP: {{ .Values.global.provisioningIP }}
   {{- end }}
-  IRONIC_INSPECTOR_VLAN_INTERFACES: all
   IRONIC_ILO_USE_SWIFT: "false"
   IRONIC_ILO_USE_WEB_SERVER_FOR_IMAGES: "true"
   IRONIC_FAST_TRACK: "true"
-  IRONIC_USE_MARIADB: "true"
   LISTEN_ALL_INTERFACES: "true"
   {{- if .Values.global.ironicIP }}
   IRONIC_IP: {{ .Values.global.ironicIP }}
@@ -69,7 +62,6 @@ data:
   IRONIC_KERNEL_PARAMS: {{ .Values.global.ironicKernelParams }} tls.enabled=true
   IPA_INSECURE: "0"
   IRONIC_REVERSE_PROXY_SETUP: "true"
-  INSPECTOR_REVERSE_PROXY_SETUP: "true"
   {{- if  ( .Values.global.enable_vmedia_tls ) }}
   VMEDIA_TLS_PORT: "{{ .Values.global.vmediaTLSPort }}"
   {{- end }}
@@ -81,6 +73,10 @@ data:
   {{- end }}
   {{- if  ( .Values.global.enable_basicAuth ) }}
   AUTH_STRATEGY: "http_basic"
-  INSPECTOR_AUTH_STRATEGY: "http_basic"
   {{- end }}
+  {{- if .Values.global.enable_mariadb }}
   MARIADB_HOST: {{ .Values.global.databaseServiceName }}.{{ .Release.Namespace }}.svc.cluster.local
+  IRONIC_USE_MARIADB: "true"
+  {{- else }}
+  IRONIC_USE_MARIADB: "false"
+  {{- end }}

metal3-chart/charts/ironic/templates/deployment.yaml

@@ -41,10 +41,7 @@ spec:
             name: ironic-bmo
         livenessProbe:
           exec:
-            command:
-            - /bin/sh
-            - -c
-            - curl {{ if and .Values.global.enable_tls .Values.global.enable_vmedia_tls }}-sSfk https://127.0.0.1:{{ .Values.global.vmediaTLSPort }}/boot.ipxe {{ else }}-sSf http://127.0.0.1:6180/boot.ipxe{{ end }}
+            command: ["sh", "-c", "curl -sSfk https://127.0.0.1:6385"]
           failureThreshold: 10
           initialDelaySeconds: 30
           periodSeconds: 30
@@ -62,10 +59,7 @@ spec:
         {{- end }}
         readinessProbe:
           exec:
-            command:
-            - /bin/sh
-            - -c
-            - curl {{ if and .Values.global.enable_tls .Values.global.enable_vmedia_tls }}-sSfk https://127.0.0.1:{{ .Values.global.vmediaTLSPort }}/boot.ipxe {{ else }}-sSf http://127.0.0.1:6180/boot.ipxe{{ end }}
+            command: ["sh", "-c", "curl -sSfk https://127.0.0.1:6385"]
           failureThreshold: 10
           initialDelaySeconds: 30
           periodSeconds: 30
@@ -78,9 +72,6 @@ spec:
           - name: cert-ironic
             mountPath: "/certs/ironic"
             readOnly: true
-          - name: cert-ironic-inspector
-            mountPath: "/certs/ironic-inspector"
-            readOnly: true
           {{- if .Values.global.enable_vmedia_tls }}
           - name: cert-ironic-vmedia
             mountPath: "/certs/vmedia"
@@ -90,73 +81,6 @@ spec:
             name: cert-ironic-ca
             readOnly: true
         {{- end }}
-      - name: ironic-inspector
-        image: {{ .Values.images.ironic.repository }}:{{ .Values.images.ironic.tag }}
-        imagePullPolicy: {{ .Values.images.ironic.pullPolicy }}
-        securityContext:
-          {{- toYaml .Values.securityContext | nindent 10 }}
-        command:
-        - /bin/runironic-inspector
-        envFrom:
-        - configMapRef:
-            name: ironic-bmo
-        env:
-        {{- if .Values.global.enable_basicAuth }}
-        - name: INSPECTOR_HTPASSWD
-          valueFrom:
-            secretKeyRef:
-              name: ironic-inspector-basic-auth
-              key: htpasswd
-        {{- end }}
-        - name: MARIADB_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              key: password
-              name: ironic-mariadb
-        livenessProbe:
-          exec:
-            command:
-            - /bin/sh
-            - -c
-            - curl -sSf http://127.0.0.1:{{ if .Values.global.enable_tls }}5049{{ else }}5050{{ end }}
-          failureThreshold: 10
-          initialDelaySeconds: 30
-          periodSeconds: 30
-          successThreshold: 1
-          timeoutSeconds: 10
-        ports:
-        - containerPort: 5050
-          name: inspector
-          protocol: TCP
-        readinessProbe:
-          exec:
-            command:
-            - /bin/sh
-            - -c
-            - curl -sSf http://127.0.0.1:{{ if .Values.global.enable_tls }}5049{{ else }}5050{{ end }}
-          failureThreshold: 10
-          initialDelaySeconds: 30
-          periodSeconds: 30
-          successThreshold: 1
-          timeoutSeconds: 10
-        volumeMounts:
-          {{- include "ironic.sharedVolumeMount" . | nindent 10 }}
-        {{- if .Values.global.enable_basicAuth }}
-          - mountPath: "/auth/ironic/auth-config"
-            name: ironic-basic-auth
-            subPath: auth-config
-            readOnly: true
-          - mountPath: "/auth/ironic-inspector/auth-config"
-            name: ironic-inspector-basic-auth
-            subPath: auth-config
-            readOnly: true
-        {{- end }}
-        {{- if .Values.global.enable_tls }}
-          {{- include "ironic.CAVolumeMounts" . | nindent 10 }}
-          - name: cert-ironic-inspector
-            mountPath: "/certs/ironic-inspector"
-            readOnly: true
-        {{- end }}
       - name: ironic-log-watch
         image: {{ .Values.images.ironic.repository }}:{{ .Values.images.ironic.tag }}
         imagePullPolicy: {{ .Values.images.ironic.pullPolicy }}
@@ -184,37 +108,33 @@ spec:
               name: ironic-basic-auth
               key: htpasswd
         {{- end }}
+        {{- if .Values.global.enable_mariadb }}
         - name: MARIADB_PASSWORD
           valueFrom:
             secretKeyRef:
               key: password
               name: ironic-mariadb
+        {{- end }}
         livenessProbe:
           exec:
-            command:
-            - /bin/sh
-            - -c
-            - curl -sSf http://127.0.0.1:{{ if .Values.global.enable_tls }}6388{{ else }}6385{{ end }}
-          failureThreshold: 10
+            command: ["/bin/ironic-liveness"]
           initialDelaySeconds: 30
           periodSeconds: 30
-          successThreshold: 1
           timeoutSeconds: 10
+          successThreshold: 1
+          failureThreshold: 10
         ports:
         - containerPort: 6385
           name: api
           protocol: TCP
         readinessProbe:
           exec:
-            command:
-            - /bin/sh
-            - -c
-            - curl -sSf http://127.0.0.1:{{ if .Values.global.enable_tls }}6388{{ else }}6385{{ end }}
-          failureThreshold: 10
+            command: ["/bin/ironic-readiness"]
           initialDelaySeconds: 30
           periodSeconds: 30
-          successThreshold: 1
           timeoutSeconds: 10
+          successThreshold: 1
+          failureThreshold: 10
         volumeMounts:
           {{- include "ironic.sharedVolumeMount" . | nindent 10 }}
           {{- if .Values.global.enable_basicAuth }}
@@ -222,10 +142,6 @@ spec:
             name: ironic-basic-auth
             subPath: auth-config
             readOnly: true
-          - mountPath: "/auth/ironic-inspector/auth-config"
-            name: ironic-inspector-basic-auth
-            subPath: auth-config
-            readOnly: true
           {{- end }}
           {{- if .Values.global.enable_tls }}
           {{- include "ironic.CAVolumeMounts" . | nindent 10 }}
@@ -308,15 +224,16 @@ spec:
         {{- end }}
       volumes:
       - name: ironic-data-volume
+      {{- if .Values.persistence.ironic.size }}
         persistentVolumeClaim:
           claimName: ironic-shared-volume
+      {{- else }}
+        emptyDir: {}
+      {{- end }}
       {{- if .Values.global.enable_basicAuth }}
       - name: ironic-basic-auth
         secret:
           secretName: ironic-basic-auth
-      - name: ironic-inspector-basic-auth
-        secret:
-          secretName: ironic-inspector-basic-auth
       {{- if .Values.global.enable_tls }}
       - name: trusted-certs
         projected:
@@ -333,12 +250,6 @@ spec:
       - name: cert-ironic
         secret:
           secretName: ironic-cert
-      - name: cert-ironic-inspector-ca
-        secret:
-          secretName: ironic-cacert
-      - name: cert-ironic-inspector
-        secret:
-          secretName: ironic-inspector-cert
       {{- if .Values.global.enable_vmedia_tls }}
       - name: cert-ironic-vmedia-ca
         secret:

metal3-chart/charts/ironic/templates/pvc.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.persistence.ironic.size }}
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
@@ -22,3 +23,4 @@ spec:
   storageClassName: {{ .Values.persistence.ironic.storageClass }}
   {{- end }}
   volumeMode: Filesystem
+{{- end }}

metal3-chart/charts/ironic/templates/secrets-basic-auth.yaml

@@ -29,34 +29,5 @@ data:
   htpasswd: {{ b64enc (htpasswd $ironicUsername $ironicPassword) }}
   auth-config: |
   {{- printf "[ironic]\nauth_type=http_basic\nusername: %s\npassword: %s" $ironicUsername $ironicPassword | b64enc | nindent 4 }}
----
-{{- $ironicInspectorUsername := "" -}}
-{{- $ironicInspectorPassword := "" -}}
-{{- $inspectorSecretName := "ironic-inspector-basic-auth" -}}
 
-# Check if the secret is deployed and has a password
-{{- $oldInspectorSecret := lookup "v1" "Secret" .Release.Namespace $inspectorSecretName }}
-{{- if and $oldInspectorSecret (index $oldInspectorSecret.data "username") (index $oldInspectorSecret.data "password") }}
-{{- $ironicInspectorUsername = b64dec (index $oldInspectorSecret.data "username" | toString) -}}
-{{- $ironicInspectorPassword = b64dec (index $oldInspectorSecret.data "password" | toString) -}}
-# If not, check if a username and password are provided in values.yaml
-{{- else if and (.Values.global.auth.ironicInspectorUsername) (.Values.global.auth.ironicInspectorPassword) }}
-{{- $ironicInspectorUsername = .Values.global.auth.ironicInspectorUsername -}}
-{{- $ironicInspectorPassword = .Values.global.auth.ironicInspectorPassword -}}
-{{- else }}
-# If no username and password are provided in values.yaml, generate new ones
-{{- $ironicInspectorUsername = "ironic" -}}
-{{- $ironicInspectorPassword = (randAlphaNum 20) -}}
-{{- end }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ $inspectorSecretName }}
-type: Opaque
-data:
-  username: {{ $ironicInspectorUsername | b64enc }}
-  password: {{ $ironicInspectorPassword | b64enc }}
-  htpasswd: {{ b64enc (htpasswd $ironicInspectorUsername  $ironicInspectorPassword) }}
-  auth-config: |
-  {{- printf "[inspector]\nauth_type=http_basic\nusername: %s\npassword: %s" $ironicInspectorUsername $ironicInspectorPassword | b64enc | nindent 4 }}
 {{- end }}

metal3-chart/charts/ironic/values.yaml

@@ -56,11 +56,11 @@ images:
   ironic:
     repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
     pullPolicy: IfNotPresent
-    tag: 24.1.2.0
+    tag: 26.1.2.0
   ironicIPADownloader:
     repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic-ipa-downloader
     pullPolicy: IfNotPresent
-    tag: 2.0.0
+    tag: 3.0.0
 
 nameOverride: ""
 fullnameOverride: ""
@@ -102,10 +102,6 @@ service:
     port: 6185
     protocol: TCP
     targetPort: 6185
-  - name: inspector
-    port: 5050
-    protocol: TCP
-    targetPort: 5050
   - name: api
     port: 6385
     protocol: TCP
@@ -144,8 +140,9 @@ persistence:
     # storageClass for the ironic shared volume
     # Ensure the storageClass is defined
     storageClass: ""
-    # size of the ironic shared volume
-    size: "1Gi"
+    # size of the ironic shared volume e.g "1Gi"
+    # When unset persistent storage is disabled and emptyDir is enabled
+    size: ""
     # accessMode of the ironic shared volume PVC
     # If empty defaults to ReadWriteOnce when replicaCount=1 otherwise ReadWriteMany
     accessMode: ""

metal3-chart/charts/media/Chart.yaml

@@ -3,4 +3,4 @@ appVersion: 1.16.0
 description: A Helm chart for Media, used by Metal3
 name: media
 type: application
-version: 0.5.0
+version: 0.6.0

metal3-chart/charts/media/values.yaml

@@ -24,7 +24,7 @@ replicaCount: 1
 image:
   repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
   pullPolicy: IfNotPresent
-  tag: 24.1.2.0
+  tag: 26.1.2.0
 
 imagePullSecrets: []
 nameOverride: ""

metal3-chart/values.yaml

@@ -6,6 +6,9 @@ global:
   # IP on which the Ironic services will be exposed
   ironicIP: ""
 
+  # whether to enable mariadb (default is sqlite)
+  enable_mariadb: false
+
   # whether to enable media server.
   enable_metal3_media_server: false
 
@@ -28,8 +31,6 @@ global:
   auth:
     ironicUsername: ""
     ironicPassword: ""
-    ironicInspectorUsername: ""
-    ironicInspectorPassword: ""
 
   # whether to have additional trusted CA
   # NOTE: If enabled, a secret with name tls-ca-additional should be deployed
@@ -125,6 +126,4 @@ metal3-baremetal-operator:
       repository: "%%IMG_REPO%%/%%IMG_PREFIX%%baremetal-operator"
     rbacProxy:
       repository: "%%IMG_REPO%%/%%IMG_PREFIX%%kube-rbac-proxy"
-      tag: "v0.18.0"
-
 

metallb-chart/Chart.yaml

@@ -1,5 +1,5 @@
-#!BuildTag: %%IMG_PREFIX%%metallb-chart:0.14.9
-#!BuildTag: %%IMG_PREFIX%%metallb-chart:0.14.9-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%metallb-chart:%%CHART_MAJOR%%.0.0_up0.14.9
+#!BuildTag: %%IMG_PREFIX%%metallb-chart:%%CHART_MAJOR%%.0.0_up0.14.9-%RELEASE%
 apiVersion: v2
 appVersion: v0.14.3
 dependencies:
@@ -20,4 +20,4 @@ name: metallb
 sources:
 - https://github.com/metallb/metallb
 type: application
-version: 0.14.9
+version: "%%CHART_MAJOR%%.0.0+up0.14.9"

metallb-chart/_service

@@ -11,5 +11,7 @@
     <param name="file">Chart.yaml</param>
     <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
     <param name="var">IMG_PREFIX</param>
+    <param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
+    <param name="var">CHART_MAJOR</param>
   </service>
 </services>

metallb-chart/values.yaml

@@ -59,7 +59,7 @@ prometheus:
   # the image to be used for the kuberbacproxy container
   rbacProxy:
     repository: "%%IMG_REPO%%/%%IMG_PREFIX%%kube-rbac-proxy"
-    tag: "v0.18.0"
+    tag: "0.18.1"
     pullPolicy: IfNotPresent
 
   # Prometheus Operator PodMonitors

openstack-ironic-image/_constraints

@@ -1,8 +0,0 @@
-<constraints>
-    <hardware>
-        <processors>4</processors>
-        <disk>
-            <size unit="G">12</size>
-        </disk>
-    </hardware>
-</constraints>

openstack-ironic-image/config.sh

@@ -1,105 +0,0 @@
-#!/bin/bash
-
-test -f /.kconfig && . /.kconfig
-test -f /.profile && . /.profile
-
-#======================================
-# Greeting...
-#--------------------------------------
-echo "Configure image: [$kiwi_iname]..."
-
-#==========================================
-# setup build day
-#------------------------------------------
-baseSetupBuildDay
-
-#======================================
-# Mount system filesystems
-#--------------------------------------
-#baseMount
-
-#==========================================
-# remove unneded kernel files
-#------------------------------------------
-suseStripKernel
-baseStripLocales en_US.utf-8 C.utf8
-
-#======================================
-# Setup baseproduct link
-#--------------------------------------
-suseSetupProduct
-
-#======================================
-# Add missing gpg keys to rpm
-#--------------------------------------
-suseImportBuildKey
-
-#======================================
-# Activate services
-#--------------------------------------
-baseInsertService openstack-ironic-python-agent
-baseInsertService suse-ironic-image-setup
-baseInsertService suse-network-setup
-baseInsertService sshd
-baseInsertService NetworkManager
-#suseInsertService sshd
-#suseInsertService openstack-ironic-python-agent
-#suseInsertService suse-ironic-image-setup
-
-echo 'DEFAULT_TIMEZONE="UTC"' >> /etc/sysconfig/clock
-baseUpdateSysConfig /etc/sysconfig/clock HWCLOCK "-u"
-baseUpdateSysConfig /etc/sysconfig/clock TIMEZONE UTC
-baseUpdateSysConfig /etc/sysconfig/network/dhcp DHCLIENT_SET_HOSTNAME no
-baseUpdateSysConfig /etc/sysconfig/network/dhcp WRITE_HOSTNAME_TO_HOSTS no
-
-#==========================================
-# generate autologin@ service
-# based on getty@ service
-#------------------------------------------
-#sed 's/^ExecStart=.*/\0 --autologin root/' /usr/lib/systemd/system/getty@.service > /etc/systemd/system/autologin\@.service
-sed -E 's/^(ExecStart=.*\/agetty).*(--noclear.*)/\1 \2 --autologin root/' /usr/lib/systemd/system/getty@.service > /etc/systemd/system/autologin\@.service
-
-#==========================================
-# add fstab entry for tmpfs based /tmp
-#------------------------------------------
-echo 'tmpfs /tmp tmpfs size=3G 0 0' >> /etc/fstab
-
-#==========================================
-# remove package docs and manuals
-#------------------------------------------
-#baseStripDocs
-#baseStripMans
-#baseStripInfos
-
-#======================================
-# only basic version of vim is
-# installed; no syntax highlighting
-#--------------------------------------
-sed -i -e's/^syntax on/" syntax on/' /etc/vimrc
-
-#======================================
-# Remove yast if not in use
-#--------------------------------------
-#suseRemoveYaST
-
-#======================================
-# Remove package manager
-#--------------------------------------
-#suseStripPackager
-
-#rm -f usr/lib/perl5/*/*/auto/Encode/??/??.so # 9MB
-
-#======================================
-# Umount kernel filesystems
-#--------------------------------------
-#baseCleanMount
-
-ln -s /sbin/init /init
-
-#==========================================
-# umount
-#------------------------------------------
-umount /proc >/dev/null 2>&1
-
-exit 0
-

openstack-ironic-image/openstack-ironic-image.kiwi

@@ -1,173 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<image schemaversion="7.4" name="openstack-ironic-image">
-    <description type="system">
-        <author>Cloud developers</author>
-        <contact>cloud-devel@suse.de</contact>
-        <specification>kernel and ramdisk image for metal3</specification>
-    </description>
-    <profiles>
-        <profile name="default" description="Booting default profile" import="true"/>
-    </profiles>
-    <preferences>
-        <locale>en_US</locale>
-        <packagemanager>zypper</packagemanager>
-        <rpm-check-signatures>false</rpm-check-signatures>
-        <timezone>UTC</timezone>
-        <version>1.0.0</version> 
-    </preferences>	
-    <preferences profiles="default">
-        <type image="kis" initrd_system="none" compressed="false"/>
-    </preferences>
-
-    <users>
-        <user password="*" home="/root" name="root" groups="root"/>
-    </users>
-
-    <repository alias="build-binaries" type="rpm-md" priority="99">
-      <source path="dir:///.build.binaries"/>
-    </repository>
-
-    <drivers>
-        <file name="crypto/*"/>
-        <file name="drivers/acpi/*"/>
-        <file name="drivers/acpi/dock.ko"/>
-        <file name="drivers/ata/*"/>
-        <file name="drivers/block/brd.ko"/>
-        <file name="drivers/block/cciss.ko"/>
-        <file name="drivers/block/loop.ko"/>
-        <file name="drivers/block/virtio_blk.ko"/>
-        <file name="drivers/cdrom/*"/>
-        <file name="drivers/char/hw_random/virtio-rng.ko"/>
-        <file name="drivers/char/lp.ko"/>
-        <file name="drivers/char/ipmi/*"/>
-        <file name="drivers/firmware/iscsi_ibft.ko"/>
-        <file name="drivers/firmware/edd.ko"/>
-        <file name="drivers/gpu/drm/*"/>
-        <file name="drivers/hid/*"/>
-        <file name="drivers/hv/*"/>
-        <file name="drivers/hwmon/*"/>
-        <file name="drivers/ide/*"/>
-        <file name="drivers/input/keyboard/*"/>
-        <file name="drivers/input/mouse/*"/>
-        <file name="drivers/md/*"/>
-        <file name="drivers/message/fusion/*"/>
-        <file name="drivers/misc/hpilo.ko"/>
-        <file name="drivers/net/*"/>
-        <file name="drivers/parport/*"/>
-        <file name="drivers/scsi/*"/>
-        <file name="drivers/staging/hv/*"/>
-        <file name="drivers/target/*"/>
-        <file name="drivers/thermal/*"/>
-        <file name="drivers/usb/*"/>
-        <file name="drivers/virtio/*"/>
-        <file name="fs/binfmt_aout.ko"/>
-        <file name="fs/binfmt_misc.ko"/>
-        <file name="fs/overlayfs/*"/>
-        <file name="fs/btrfs/*"/>
-        <file name="fs/exportfs/*"/>
-        <file name="fs/ext4/*"/>
-        <file name="fs/fat/*"/>
-        <file name="fs/fuse/*"/>
-        <file name="fs/hfs/*"/>
-        <file name="fs/jbd2/*"/>
-        <file name="fs/nfs/*"/>
-        <file name="fs/mbcache.ko"/>
-        <file name="fs/nls/nls_cp437.ko"/>
-        <file name="fs/nls/nls_iso8859-1.ko"/>
-        <file name="fs/nls/nls_utf8.ko"/>
-        <file name="fs/quota_v1.ko"/>
-        <file name="fs/quota_v2.ko"/>
-        <file name="fs/squashfs/*"/>
-        <file name="fs/udf/*"/>
-        <file name="fs/vfat/*"/>
-        <file name="fs/xfs/*"/>
-        <file name="fs/isofs/*"/>
-        <file name="lib/crc-t10dif.ko"/>
-        <file name="lib/crc16.ko"/>
-        <file name="lib/libcrc32c.ko"/>
-        <file name="lib/zlib_deflate/zlib_deflate.ko"/>
-        <file name="net/packet/*"/>
-    </drivers>
-
-    <packages type="delete">
-        <package name="gpg2"/>
-        <package name="libcairo2"/>
-        <package name="libpango-1_0-0"/>
-        <package name="libX11-6"/>
-        <package name="libXext6"/>
-        <package name="libXft2"/>
-        <package name="libXrender1"/>
-        <package name="libX11-data"/>
-        <package name="libXau6"/>
-        <package name="libxcb-render0"/>
-        <package name="libxcb-shm0"/>
-        <package name="libxcb1"/>
-        <package name="plymouth"/>
-        <package name="plymouth-branding-SLE"/>
-    </packages>
-
-    <packages type="image">
-        <package name="checkmedia"/>
-        <package name="plymouth-branding-SLE"/>
-        <package name="plymouth-dracut"/>
-        <package name="plymouth-theme-bgrt"/>
-        <package name="grub2-branding-SLE"/>
-        <package name="iputils"/>
-        <package name="vim"/>
-        <package name="grub2"/>
-        <package name="grub2-x86_64-efi" arch="x86_64"/>
-        <package name="grub2-i386-pc"/>
-        <package name="syslinux"/>
-        <package name="lvm2"/>
-        <package name="plymouth"/>
-        <package name="fontconfig"/>
-        <package name="fonts-config"/>
-        <package name="openssh"/>
-        <package name="iproute2"/>
-        <package name="which"/>
-        <package name="kernel-firmware"/>
-        <package name="kernel-default"/>
-        <package name="NetworkManager"/>
-        <package name="nm-configurator"/>
-        <package name="timezone"/>
-        <package name="haveged"/>
-        <!-- ironic-python-agent specific -->
-        <package name="openstack-ironic-python-agent"/>
-        <package name="hdparm"/>
-        <package name="qemu-tools"/>
-        <package name="python311-proliantutils" arch="x86_64"/>
-        <package name="lshw"/>
-        <package name="dmidecode" arch="aarch64"/>
-        <package name="dmidecode" arch="x86_64"/>
-        <package name="efibootmgr" arch="aarch64" />
-        <package name="efibootmgr" arch="x86_64" />
-        <package name="gptfdisk"/>
-        <package name="open-iscsi"/>
-        <package name="hwinfo"/>
-        <package name="ipmitool"/>
-        <package name="iputils"/>
-        <package name="lvm2"/>
-        <package name="net-tools"/>
-        <package name="ntp"/>
-        <package name="parted"/>
-        <package name="psmisc"/>
-        <package name="timezone"/>
-        <package name="which"/>
-        <package name="kbd"/>
-    </packages>
-
-    <packages type="kis">
-        <package name="gfxboot-branding-SLE"/>
-        <package name="dracut-kiwi-oem-repart"/>
-        <package name="dracut-kiwi-oem-dump"/>
-    </packages> 
-
-    <packages type="bootstrap">
-        <package name="glibc-locale"/>
-        <package name="udev"/>
-        <package name="filesystem"/>
-        <package name="cracklib-dict-full"/>
-        <package name="ca-certificates"/>
-        <package name="sles-release"/>
-    </packages>
-</image>

openstack-ironic-image/openstack-ironic-image.spec

@@ -1,167 +0,0 @@
-#
-# spec file for package openstack-ironic-image
-#
-# Copyright (c) 2023 SUSE LLC
-#
-# All modifications and additions to the file contributed by third parties
-# remain the property of their copyright owners, unless otherwise agreed
-# upon. The license for this file, and modifications and additions to the
-# file, is the same license as for the pristine package itself (unless the
-# license for the pristine package is not an Open Source License, in which
-# case the license is the MIT License). An "Open Source License" is a
-# license that conforms to the Open Source Definition (Version 1.9)
-# published by the Open Source Initiative.
-
-# Please submit bugfixes or comments via https://bugs.opensuse.org/
-#
-# needsrootforbuild
-# needsbinariesforbuild
-
-
-Name:           openstack-ironic-image
-Version:        2.0.0
-Release:        0
-Summary:        Kernel and ramdisk image for OpenStack Ironic
-License:        SUSE-EULA
-Group:          System/Management
-URL:            https://github.com/SUSE-Cloud/
-Source0:        config.sh
-Source10:       openstack-ironic-image.kiwi
-Source20:       root.tar.bz2
-
-BuildRequires:  -post-build-checks
-BuildRequires:  bash
-BuildRequires:  kiwi
-BuildRequires:  kiwi-tools
-BuildRequires:  zypper
-BuildArch:      noarch
-
-BuildRequires:  checkmedia
-BuildRequires:  acl
-BuildRequires:  ca-certificates
-BuildRequires:  cracklib-dict-full
-BuildRequires:  cron
-BuildRequires:  dbus-1
-BuildRequires:  elfutils
-BuildRequires:  filesystem
-BuildRequires:  fipscheck
-BuildRequires:  fontconfig
-BuildRequires:  fonts-config
-BuildRequires:  gptfdisk
-BuildRequires:  grub2
-BuildRequires:  grub2-x86_64-efi
-BuildRequires:  haveged
-BuildRequires:  hdparm
-BuildRequires:  hwinfo
-BuildRequires:  ipmitool
-BuildRequires:  iproute2
-BuildRequires:  iputils
-BuildRequires:  kernel-default
-BuildRequires:  kernel-firmware
-BuildRequires:  lvm2
-BuildRequires:  net-tools
-BuildRequires:  ntp
-BuildRequires:  open-iscsi
-BuildRequires:  openssh
-BuildRequires:  openstack-ironic-python-agent
-BuildRequires:  pam-config
-BuildRequires:  parted
-BuildRequires:  patterns-base-minimal_base
-BuildRequires:  pinentry
-BuildRequires:  pkgconfig
-BuildRequires:  Mesa-gallium
-BuildRequires:  plymouth
-BuildRequires:  plymouth-scripts
-BuildRequires:  python311-proliantutils
-BuildRequires:  psmisc
-BuildRequires:  qemu-tools
-BuildRequires:  sg3_utils
-BuildRequires:  sles-release
-BuildRequires:  sudo
-BuildRequires:  suse-build-key
-BuildRequires:  systemd-presets-branding-SLE
-BuildRequires:  timezone
-BuildRequires:  udev
-BuildRequires:  vim
-BuildRequires:  wpa_supplicant
-BuildRequires:  dhcp-client
-BuildRequires:  which
-BuildRequires:  NetworkManager
-BuildRequires:  nm-configurator
-BuildRequires:  logrotate
-BuildRequires:  plymouth-dracut
-BuildRequires:  plymouth-theme-bgrt
-BuildRequires:  dracut-kiwi-oem-dump
-BuildRequires:  dracut-kiwi-oem-repart
-BuildRequires:  gfxboot-branding-SLE
-BuildRequires:  grub2-branding-SLE
-BuildRequires:  open-iscsi
-BuildRequires:  plymouth-branding-SLE
-BuildRequires:  lshw
-BuildRequires:  kbd
-%ifarch aarch64
-BuildRequires:  dmidecode
-BuildRequires:  efibootmgr
-%endif
-%ifarch x86_64
-BuildRequires:  dmidecode
-BuildRequires:  efibootmgr
-BuildRequires:  syslinux
-%endif
-
-%description
-Kernel and ramdisk image for use with Metal3
-
-%package %{_arch}
-Summary:        Kernel and ramdisk image for Metal3
-Group:          System/Management
-Provides:       openstack-ironic-python-agent = %{version}
-Obsoletes:      openstack-ironic-python-agent < %{version}
-
-%description %{_arch}
-Kernel and ramdisk image for use with Metal3
-For %{_arch}
-
-%prep
-mkdir -p /tmp/openstack-ironic-image/build /tmp/openstack-ironic-image/root /tmp/openstack-ironic-image/img
-
-cp -a %{SOURCE0} /tmp/openstack-ironic-image/config.sh
-
-cp -a %{SOURCE10} /tmp/openstack-ironic-image/config.kiwi
-
-tar -xC /tmp/openstack-ironic-image/root -f %{SOURCE20}
-
-%build
-if ! which kiwi; then
-    cat <<EOF >&2
-kiwi not found in \$PATH; most likely this build was missing
-the --userootforbuild option.  If you are invoking osc build
-manually, please use 'make buildlocal' instead.
-EOF
-    exit 1
-fi
-
-kiwi-ng --debug --profile default system build --description /tmp/openstack-ironic-image --target-dir /tmp/openstack-ironic-image/img
-
-%install
-TDIR=`mktemp -d /tmp/openstack-ironic-image.XXXXX`
-cd /tmp/openstack-ironic-image/img/build/image-root 
-find . | cpio --create --format=newc --quiet > $TDIR/initrdtmp
-cd $TDIR
-gzip -9 -f initrdtmp
-INITRDGZ=`ls *.gz | head -1`
-gzip -cd $INITRDGZ | xz --check=crc32 -c9 > initrd.xz
-INITRD=`ls *.xz | head -1`
-
-ls /tmp/openstack-ironic-image/img/openstack-ironic-image*
-KERNEL=`ls /tmp/openstack-ironic-image/img/openstack-ironic-image*default*kernel | head -1`
-
-mkdir -p %{buildroot}/srv/tftpboot/openstack-ironic-image
-install -p -m 644 $KERNEL $INITRD %{buildroot}/srv/tftpboot/openstack-ironic-image/
-
-%files %{_arch}
-%defattr(644,root,root)
-%dir %attr(755, root, root) /srv/tftpboot/openstack-ironic-image
-%attr(644, root, root) /srv/tftpboot/openstack-ironic-image/*
-
-%changelog