ironic-image: Update to 26.1.2.0

To align with isv:SUSE:Edge:Metal3:Ironic:2024.2

.obs/delete_package.py

@@ -21,7 +21,7 @@ def delete_package_from_workflow(name: str):
 
 
 def delete_package_from_project(name: str):
-    p = subprocess.run(["osc", "rdelete", PROJECT, name, "-m \"Deleted via delete_package.py\"" ], stdout=subprocess.PIPE)
+    p = subprocess.run(["osc", "rdelete", PROJECT, name], stdout=subprocess.PIPE)
     print(p.stdout)
     print(p.stderr)
     p.check_returncode()

.obs/workflows.yml

@@ -198,6 +198,10 @@ staging_build:
       source_package: cri-tools
       source_project: isv:SUSE:Edge:Factory
       target_project: isv:SUSE:Edge:Factory:Staging
+  - branch_package:
+      source_package: openstack-ironic-image
+      source_project: isv:SUSE:Edge:Factory
+      target_project: isv:SUSE:Edge:Factory:Staging
   - branch_package:
       source_package: crudini
       source_project: isv:SUSE:Edge:Factory

ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi

@@ -128,7 +128,7 @@
         <package name="kernel-firmware"/>
         <package name="kernel-default"/>
         <package name="NetworkManager"/>
-        <package name="nm-configurator"/>
+        <package name="nm-configurator-030"/>
         <package name="timezone"/>
         <package name="haveged"/>
         <!-- ironic-python-agent specific -->

ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec

@@ -87,7 +87,7 @@ BuildRequires:  wpa_supplicant
 BuildRequires:  dhcp-client
 BuildRequires:  which
 BuildRequires:  NetworkManager
-BuildRequires:  nm-configurator
+BuildRequires:  nm-configurator-030
 BuildRequires:  logrotate
 BuildRequires:  plymouth-dracut
 BuildRequires:  plymouth-theme-bgrt

kube-rbac-proxy/kube-rbac-proxy.spec

@@ -24,7 +24,7 @@ License:        Apache-2.0
 URL:            https://github.com/brancz/kube-rbac-proxy
 Source:         kube-rbac-proxy-%{version}.tar.gz
 Source1:        vendor.tar.gz
-BuildRequires:  golang(API) = 1.23
+BuildRequires:  golang(API) = 1.22
 ExcludeArch:    s390
 ExcludeArch:    %{ix86}
 

metal3-chart/Chart.yaml

@@ -1,18 +1,17 @@
-#!BuildTag: %%IMG_PREFIX%%metal3-chart:302.0.0_up0.9.0
+#!BuildTag: %%IMG_PREFIX%%metal3-chart:0.8.1
-#!BuildTag: %%IMG_PREFIX%%metal3-chart:302.0.0_up0.9.0-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%metal3-chart:0.8.1-%RELEASE%
 apiVersion: v2
-appVersion: 0.9.0
+appVersion: 1.16.0
 dependencies:
 - alias: metal3-baremetal-operator
   name: baremetal-operator
   repository: file://./charts/baremetal-operator
-  version: 0.6.0
+  version: 0.5.0
 - alias: metal3-ironic
   name: ironic
   repository: file://./charts/ironic
-  version: 0.8.0
+  version: 0.7.0
 - alias: metal3-mariadb
-  condition: global.enable_mariadb
   name: mariadb
   repository: file://./charts/mariadb
   version: 0.5.4
@@ -20,9 +19,9 @@ dependencies:
   condition: global.enable_metal3_media_server
   name: media
   repository: file://./charts/media
-  version: 0.6.0
+  version: 0.5.0
 description: A Helm chart that installs all of the dependencies needed for Metal3
 icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg
 name: metal3
 type: application
-version: 302.0.0+up0.9.0
+version: 0.8.1

metal3-chart/charts/baremetal-operator/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
-appVersion: 0.8.0
+appVersion: 0.6.1
 description: A Helm chart for baremetal-operator, used by Metal3
 name: baremetal-operator
 type: application
-version: 0.6.0
+version: 0.5.0

metal3-chart/charts/baremetal-operator/crds/customresource-baremetalhosts.yaml

@@ -39,6 +39,11 @@ spec:
       name: BMC
       priority: 1
       type: string
+    - description: The type of hardware detected
+      jsonPath: .status.hardwareProfile
+      name: Hardware_Profile
+      priority: 1
+      type: string
     - description: Whether the host is online or not
       jsonPath: .spec.online
       name: Online
@@ -735,7 +740,6 @@ spec:
                 type: object
               hardwareProfile:
                 description: The name of the profile matching the hardware details.
-                  Hardware profiles are deprecated and should not be relied on.
                 type: string
               lastUpdated:
                 description: LastUpdated identifies when this status was last observed.
@@ -1132,6 +1136,7 @@ spec:
             required:
             - errorCount
             - errorMessage
+            - hardwareProfile
             - operationalStatus
             - poweredOn
             - provisioning

metal3-chart/charts/baremetal-operator/templates/configmap-ironic.yaml

@@ -3,12 +3,14 @@
   {{- $protocol := ternary "https" "http" $enableTLS }}
   {{- $ironicIP := .Values.global.ironicIP | default "" }}
   {{- $ironicApiHost := print $ironicIP ":6385" }}
+  {{- $ironicInspectorHost := print $ironicIP ":5050" }}
   {{- $ironicBootHost := print $ironicIP ":6180" }}
   {{- $ironicCacheHost := print $ironicIP ":6180" }}
 
 apiVersion: v1
 data:
   IRONIC_ENDPOINT: "{{ $protocol }}://{{ $ironicApiHost }}/v1/"
+  IRONIC_INSPECTOR_ENDPOINT: "{{ $protocol }}://{{ $ironicInspectorHost }}/v1/"
   RESTART_CONTAINER_CERTIFICATE_UPDATED: "false"
   # Switch VMedia to HTTP if enable_vmedia_tls is false
   {{- if and $enableTLS $enableVMediaTLS }}

metal3-chart/charts/baremetal-operator/templates/deployment.yaml

@@ -78,6 +78,14 @@ spec:
           mountPath: "/opt/metal3/auth/ironic/password"
           subPath: password
           readOnly: true
+        - name: ironic-inspector-basic-auth
+          mountPath: "/opt/metal3/auth/ironic-inspector/username"
+          subPath: username
+          readOnly: true
+        - name: ironic-inspector-basic-auth
+          mountPath: "/opt/metal3/auth/ironic-inspector/password"
+          subPath: password
+          readOnly: true
         {{- end }}
         {{- if .Values.global.enable_tls }}
         - name: cacert
@@ -108,6 +116,9 @@ spec:
       - name: ironic-basic-auth
         secret:
           secretName: ironic-basic-auth
+      - name: ironic-inspector-basic-auth
+        secret:
+          secretName: ironic-inspector-basic-auth
       {{- end }}
       {{- if .Values.global.enable_tls }}
       - name: cacert

metal3-chart/charts/baremetal-operator/values.yaml

@@ -28,11 +28,11 @@ images:
   baremetalOperator:
     repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/baremetal-operator
     pullPolicy: IfNotPresent
-    tag: "0.8.0"
+    tag: "0.6.1"
   rbacProxy:
     repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/kube-rbac-proxy
     pullPolicy: IfNotPresent
-    tag: "0.18.1"
+    tag: "v0.14.2"
 
 imagePullSecrets: []
 nameOverride: "manger"

metal3-chart/charts/ironic/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
-appVersion: 26.1.2
+appVersion: 24.1.2
 description: A Helm chart for Ironic, used by Metal3
 name: ironic
 type: application
-version: 0.8.0
+version: 0.7.0

metal3-chart/charts/ironic/templates/_helpers.tpl

@@ -77,6 +77,9 @@ Get ironic CA volumeMounts
 - name: cert-ironic-ca
   mountPath: "/certs/ca/ironic"
   readOnly: true
+- name: cert-ironic-inspector-ca
+  mountPath: "/certs/ca/ironic-inspector"
+  readOnly: true
 {{- if .Values.global.enable_vmedia_tls }}
 - name: cert-ironic-vmedia-ca
   mountPath: "/certs/ca/vmedia"

metal3-chart/charts/ironic/templates/certificates.yaml

@@ -25,6 +25,19 @@ spec:
     kind: Issuer
     name: ca-issuer
   secretName: ironic-cert
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: ironic-inspector-cert
+spec:
+  commonName: ironic-inspector-cert
+  ipAddresses:
+  - {{ .Values.global.ironicIP }}
+  issuerRef:
+    kind: Issuer
+    name: ca-issuer
+  secretName: ironic-inspector-cert
 {{- if .Values.global.enable_vmedia_tls }}
 ---
 apiVersion: cert-manager.io/v1

metal3-chart/charts/ironic/templates/configmap.yaml

@@ -10,6 +10,7 @@ data:
   {{- $protocol := ternary "https" "http" $enableTLS }}
   {{- $ironicIP := .Values.global.ironicIP | default "" }}
   {{- $ironicApiHost := print $ironicIP ":6385" }}
+  {{- $ironicInspectorHost := print $ironicIP ":5050" }}
   {{- $ironicBootHost := print $ironicIP ":6180" }}
   {{- $ironicCacheHost := print $ironicIP ":6180" }}
 
@@ -24,11 +25,15 @@ data:
   {{- end }}
   HTTP_PORT: "6180"
   PREDICTABLE_NIC_NAMES: "{{ .Values.global.predictableNicNames }}"
-  USE_IRONIC_INSPECTOR: "false"
+  USE_IRONIC_INSPECTOR: "true"
   IRONIC_API_BASE_URL: {{ $protocol }}://{{ $ironicApiHost }}
   IRONIC_API_HOST: {{ $ironicApiHost }}
   IRONIC_API_HTTPD_SERVER_NAME: {{ $ironicApiHost }}
   IRONIC_ENDPOINT: {{ $protocol }}://{{ $ironicApiHost }}/v1/
+  IRONIC_INSPECTOR_BASE_URL: {{ $protocol }}://{{ $ironicInspectorHost }}
+  IRONIC_INSPECTOR_ENDPOINT: {{ $protocol }}://{{ $ironicInspectorHost }}/v1/
+  IRONIC_INSPECTOR_HOST: {{ $ironicInspectorHost }}
+  IRONIC_INSPECTOR_HTTPD_SERVER_NAME: {{ $ironicInspectorHost }}
   # Switch VMedia to HTTP if enable_vmedia_tls is false
   {{- if and $enableTLS $enableVMediaTLS }}
     {{- $ironicBootHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
@@ -50,9 +55,11 @@ data:
   {{- if .Values.global.provisioningIP }}
   PROVISIONING_IP: {{ .Values.global.provisioningIP }}
   {{- end }}
+  IRONIC_INSPECTOR_VLAN_INTERFACES: all
   IRONIC_ILO_USE_SWIFT: "false"
   IRONIC_ILO_USE_WEB_SERVER_FOR_IMAGES: "true"
   IRONIC_FAST_TRACK: "true"
+  IRONIC_USE_MARIADB: "true"
   LISTEN_ALL_INTERFACES: "true"
   {{- if .Values.global.ironicIP }}
   IRONIC_IP: {{ .Values.global.ironicIP }}
@@ -62,6 +69,7 @@ data:
   IRONIC_KERNEL_PARAMS: {{ .Values.global.ironicKernelParams }} tls.enabled=true
   IPA_INSECURE: "0"
   IRONIC_REVERSE_PROXY_SETUP: "true"
+  INSPECTOR_REVERSE_PROXY_SETUP: "true"
   {{- if  ( .Values.global.enable_vmedia_tls ) }}
   VMEDIA_TLS_PORT: "{{ .Values.global.vmediaTLSPort }}"
   {{- end }}
@@ -73,10 +81,6 @@ data:
   {{- end }}
   {{- if  ( .Values.global.enable_basicAuth ) }}
   AUTH_STRATEGY: "http_basic"
+  INSPECTOR_AUTH_STRATEGY: "http_basic"
   {{- end }}
-  {{- if .Values.global.enable_mariadb }}
   MARIADB_HOST: {{ .Values.global.databaseServiceName }}.{{ .Release.Namespace }}.svc.cluster.local
-  IRONIC_USE_MARIADB: "true"
-  {{- else }}
-  IRONIC_USE_MARIADB: "false"
-  {{- end }}

metal3-chart/charts/ironic/templates/deployment.yaml

@@ -41,7 +41,10 @@ spec:
             name: ironic-bmo
         livenessProbe:
           exec:
-            command: ["sh", "-c", "curl -sSfk https://127.0.0.1:6385"]
+            command:
+            - /bin/sh
+            - -c
+            - curl {{ if and .Values.global.enable_tls .Values.global.enable_vmedia_tls }}-sSfk https://127.0.0.1:{{ .Values.global.vmediaTLSPort }}/boot.ipxe {{ else }}-sSf http://127.0.0.1:6180/boot.ipxe{{ end }}
           failureThreshold: 10
           initialDelaySeconds: 30
           periodSeconds: 30
@@ -59,7 +62,10 @@ spec:
         {{- end }}
         readinessProbe:
           exec:
-            command: ["sh", "-c", "curl -sSfk https://127.0.0.1:6385"]
+            command:
+            - /bin/sh
+            - -c
+            - curl {{ if and .Values.global.enable_tls .Values.global.enable_vmedia_tls }}-sSfk https://127.0.0.1:{{ .Values.global.vmediaTLSPort }}/boot.ipxe {{ else }}-sSf http://127.0.0.1:6180/boot.ipxe{{ end }}
           failureThreshold: 10
           initialDelaySeconds: 30
           periodSeconds: 30
@@ -72,6 +78,9 @@ spec:
           - name: cert-ironic
             mountPath: "/certs/ironic"
             readOnly: true
+          - name: cert-ironic-inspector
+            mountPath: "/certs/ironic-inspector"
+            readOnly: true
           {{- if .Values.global.enable_vmedia_tls }}
           - name: cert-ironic-vmedia
             mountPath: "/certs/vmedia"
@@ -81,6 +90,73 @@ spec:
             name: cert-ironic-ca
             readOnly: true
         {{- end }}
+      - name: ironic-inspector
+        image: {{ .Values.images.ironic.repository }}:{{ .Values.images.ironic.tag }}
+        imagePullPolicy: {{ .Values.images.ironic.pullPolicy }}
+        securityContext:
+          {{- toYaml .Values.securityContext | nindent 10 }}
+        command:
+        - /bin/runironic-inspector
+        envFrom:
+        - configMapRef:
+            name: ironic-bmo
+        env:
+        {{- if .Values.global.enable_basicAuth }}
+        - name: INSPECTOR_HTPASSWD
+          valueFrom:
+            secretKeyRef:
+              name: ironic-inspector-basic-auth
+              key: htpasswd
+        {{- end }}
+        - name: MARIADB_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              key: password
+              name: ironic-mariadb
+        livenessProbe:
+          exec:
+            command:
+            - /bin/sh
+            - -c
+            - curl -sSf http://127.0.0.1:{{ if .Values.global.enable_tls }}5049{{ else }}5050{{ end }}
+          failureThreshold: 10
+          initialDelaySeconds: 30
+          periodSeconds: 30
+          successThreshold: 1
+          timeoutSeconds: 10
+        ports:
+        - containerPort: 5050
+          name: inspector
+          protocol: TCP
+        readinessProbe:
+          exec:
+            command:
+            - /bin/sh
+            - -c
+            - curl -sSf http://127.0.0.1:{{ if .Values.global.enable_tls }}5049{{ else }}5050{{ end }}
+          failureThreshold: 10
+          initialDelaySeconds: 30
+          periodSeconds: 30
+          successThreshold: 1
+          timeoutSeconds: 10
+        volumeMounts:
+          {{- include "ironic.sharedVolumeMount" . | nindent 10 }}
+        {{- if .Values.global.enable_basicAuth }}
+          - mountPath: "/auth/ironic/auth-config"
+            name: ironic-basic-auth
+            subPath: auth-config
+            readOnly: true
+          - mountPath: "/auth/ironic-inspector/auth-config"
+            name: ironic-inspector-basic-auth
+            subPath: auth-config
+            readOnly: true
+        {{- end }}
+        {{- if .Values.global.enable_tls }}
+          {{- include "ironic.CAVolumeMounts" . | nindent 10 }}
+          - name: cert-ironic-inspector
+            mountPath: "/certs/ironic-inspector"
+            readOnly: true
+        {{- end }}
       - name: ironic-log-watch
         image: {{ .Values.images.ironic.repository }}:{{ .Values.images.ironic.tag }}
         imagePullPolicy: {{ .Values.images.ironic.pullPolicy }}
@@ -108,33 +184,37 @@ spec:
               name: ironic-basic-auth
               key: htpasswd
         {{- end }}
-        {{- if .Values.global.enable_mariadb }}
         - name: MARIADB_PASSWORD
           valueFrom:
             secretKeyRef:
               key: password
               name: ironic-mariadb
-        {{- end }}
         livenessProbe:
           exec:
-            command: ["/bin/ironic-liveness"]
+            command:
+            - /bin/sh
+            - -c
+            - curl -sSf http://127.0.0.1:{{ if .Values.global.enable_tls }}6388{{ else }}6385{{ end }}
+          failureThreshold: 10
           initialDelaySeconds: 30
           periodSeconds: 30
-          timeoutSeconds: 10
           successThreshold: 1
-          failureThreshold: 10
+          timeoutSeconds: 10
         ports:
         - containerPort: 6385
           name: api
           protocol: TCP
         readinessProbe:
           exec:
-            command: ["/bin/ironic-readiness"]
+            command:
+            - /bin/sh
+            - -c
+            - curl -sSf http://127.0.0.1:{{ if .Values.global.enable_tls }}6388{{ else }}6385{{ end }}
+          failureThreshold: 10
           initialDelaySeconds: 30
           periodSeconds: 30
-          timeoutSeconds: 10
           successThreshold: 1
-          failureThreshold: 10
+          timeoutSeconds: 10
         volumeMounts:
           {{- include "ironic.sharedVolumeMount" . | nindent 10 }}
           {{- if .Values.global.enable_basicAuth }}
@@ -142,6 +222,10 @@ spec:
             name: ironic-basic-auth
             subPath: auth-config
             readOnly: true
+          - mountPath: "/auth/ironic-inspector/auth-config"
+            name: ironic-inspector-basic-auth
+            subPath: auth-config
+            readOnly: true
           {{- end }}
           {{- if .Values.global.enable_tls }}
           {{- include "ironic.CAVolumeMounts" . | nindent 10 }}
@@ -224,16 +308,15 @@ spec:
         {{- end }}
       volumes:
       - name: ironic-data-volume
-      {{- if .Values.persistence.ironic.size }}
         persistentVolumeClaim:
           claimName: ironic-shared-volume
-      {{- else }}
-        emptyDir: {}
-      {{- end }}
       {{- if .Values.global.enable_basicAuth }}
       - name: ironic-basic-auth
         secret:
           secretName: ironic-basic-auth
+      - name: ironic-inspector-basic-auth
+        secret:
+          secretName: ironic-inspector-basic-auth
       {{- if .Values.global.enable_tls }}
       - name: trusted-certs
         projected:
@@ -250,6 +333,12 @@ spec:
       - name: cert-ironic
         secret:
           secretName: ironic-cert
+      - name: cert-ironic-inspector-ca
+        secret:
+          secretName: ironic-cacert
+      - name: cert-ironic-inspector
+        secret:
+          secretName: ironic-inspector-cert
       {{- if .Values.global.enable_vmedia_tls }}
       - name: cert-ironic-vmedia-ca
         secret:

metal3-chart/charts/ironic/templates/pvc.yaml

@@ -1,4 +1,3 @@
-{{- if .Values.persistence.ironic.size }}
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
@@ -23,4 +22,3 @@ spec:
   storageClassName: {{ .Values.persistence.ironic.storageClass }}
   {{- end }}
   volumeMode: Filesystem
-{{- end }}

metal3-chart/charts/ironic/templates/secrets-basic-auth.yaml

@@ -29,5 +29,34 @@ data:
   htpasswd: {{ b64enc (htpasswd $ironicUsername $ironicPassword) }}
   auth-config: |
   {{- printf "[ironic]\nauth_type=http_basic\nusername: %s\npassword: %s" $ironicUsername $ironicPassword | b64enc | nindent 4 }}
+---
+{{- $ironicInspectorUsername := "" -}}
+{{- $ironicInspectorPassword := "" -}}
+{{- $inspectorSecretName := "ironic-inspector-basic-auth" -}}
 
+# Check if the secret is deployed and has a password
+{{- $oldInspectorSecret := lookup "v1" "Secret" .Release.Namespace $inspectorSecretName }}
+{{- if and $oldInspectorSecret (index $oldInspectorSecret.data "username") (index $oldInspectorSecret.data "password") }}
+{{- $ironicInspectorUsername = b64dec (index $oldInspectorSecret.data "username" | toString) -}}
+{{- $ironicInspectorPassword = b64dec (index $oldInspectorSecret.data "password" | toString) -}}
+# If not, check if a username and password are provided in values.yaml
+{{- else if and (.Values.global.auth.ironicInspectorUsername) (.Values.global.auth.ironicInspectorPassword) }}
+{{- $ironicInspectorUsername = .Values.global.auth.ironicInspectorUsername -}}
+{{- $ironicInspectorPassword = .Values.global.auth.ironicInspectorPassword -}}
+{{- else }}
+# If no username and password are provided in values.yaml, generate new ones
+{{- $ironicInspectorUsername = "ironic" -}}
+{{- $ironicInspectorPassword = (randAlphaNum 20) -}}
+{{- end }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $inspectorSecretName }}
+type: Opaque
+data:
+  username: {{ $ironicInspectorUsername | b64enc }}
+  password: {{ $ironicInspectorPassword | b64enc }}
+  htpasswd: {{ b64enc (htpasswd $ironicInspectorUsername  $ironicInspectorPassword) }}
+  auth-config: |
+  {{- printf "[inspector]\nauth_type=http_basic\nusername: %s\npassword: %s" $ironicInspectorUsername $ironicInspectorPassword | b64enc | nindent 4 }}
 {{- end }}

metal3-chart/charts/ironic/values.yaml

@@ -56,11 +56,11 @@ images:
   ironic:
     repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
     pullPolicy: IfNotPresent
-    tag: 26.1.2.0
+    tag: 24.1.2.0
   ironicIPADownloader:
     repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic-ipa-downloader
     pullPolicy: IfNotPresent
-    tag: 3.0.0
+    tag: 2.0.0
 
 nameOverride: ""
 fullnameOverride: ""
@@ -102,6 +102,10 @@ service:
     port: 6185
     protocol: TCP
     targetPort: 6185
+  - name: inspector
+    port: 5050
+    protocol: TCP
+    targetPort: 5050
   - name: api
     port: 6385
     protocol: TCP
@@ -140,9 +144,8 @@ persistence:
     # storageClass for the ironic shared volume
     # Ensure the storageClass is defined
     storageClass: ""
-    # size of the ironic shared volume e.g "1Gi"
+    # size of the ironic shared volume
-    # When unset persistent storage is disabled and emptyDir is enabled
+    size: "1Gi"
-    size: ""
     # accessMode of the ironic shared volume PVC
     # If empty defaults to ReadWriteOnce when replicaCount=1 otherwise ReadWriteMany
     accessMode: ""

metal3-chart/charts/media/Chart.yaml

@@ -3,4 +3,4 @@ appVersion: 1.16.0
 description: A Helm chart for Media, used by Metal3
 name: media
 type: application
-version: 0.6.0
+version: 0.5.0

metal3-chart/charts/media/values.yaml

@@ -24,7 +24,7 @@ replicaCount: 1
 image:
   repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
   pullPolicy: IfNotPresent
-  tag: 26.1.2.0
+  tag: 24.1.2.0
 
 imagePullSecrets: []
 nameOverride: ""

metal3-chart/values.yaml

@@ -6,9 +6,6 @@ global:
   # IP on which the Ironic services will be exposed
   ironicIP: ""
 
-  # whether to enable mariadb (default is sqlite)
-  enable_mariadb: false
-
   # whether to enable media server.
   enable_metal3_media_server: false
 
@@ -31,6 +28,8 @@ global:
   auth:
     ironicUsername: ""
     ironicPassword: ""
+    ironicInspectorUsername: ""
+    ironicInspectorPassword: ""
 
   # whether to have additional trusted CA
   # NOTE: If enabled, a secret with name tls-ca-additional should be deployed
@@ -126,4 +125,6 @@ metal3-baremetal-operator:
       repository: "%%IMG_REPO%%/%%IMG_PREFIX%%baremetal-operator"
     rbacProxy:
       repository: "%%IMG_REPO%%/%%IMG_PREFIX%%kube-rbac-proxy"
+      tag: "v0.18.0"
+
 

metallb-chart/values.yaml

@@ -59,7 +59,7 @@ prometheus:
   # the image to be used for the kuberbacproxy container
   rbacProxy:
     repository: "%%IMG_REPO%%/%%IMG_PREFIX%%kube-rbac-proxy"
-    tag: "0.18.1"
+    tag: "v0.18.0"
     pullPolicy: IfNotPresent
 
   # Prometheus Operator PodMonitors

openstack-ironic-image/_constraints

@@ -0,0 +1,8 @@
+<constraints>
+    <hardware>
+        <processors>4</processors>
+        <disk>
+            <size unit="G">12</size>
+        </disk>
+    </hardware>
+</constraints>

openstack-ironic-image/config.sh

@@ -0,0 +1,105 @@
+#!/bin/bash
+
+test -f /.kconfig && . /.kconfig
+test -f /.profile && . /.profile
+
+#======================================
+# Greeting...
+#--------------------------------------
+echo "Configure image: [$kiwi_iname]..."
+
+#==========================================
+# setup build day
+#------------------------------------------
+baseSetupBuildDay
+
+#======================================
+# Mount system filesystems
+#--------------------------------------
+#baseMount
+
+#==========================================
+# remove unneded kernel files
+#------------------------------------------
+suseStripKernel
+baseStripLocales en_US.utf-8 C.utf8
+
+#======================================
+# Setup baseproduct link
+#--------------------------------------
+suseSetupProduct
+
+#======================================
+# Add missing gpg keys to rpm
+#--------------------------------------
+suseImportBuildKey
+
+#======================================
+# Activate services
+#--------------------------------------
+baseInsertService openstack-ironic-python-agent
+baseInsertService suse-ironic-image-setup
+baseInsertService suse-network-setup
+baseInsertService sshd
+baseInsertService NetworkManager
+#suseInsertService sshd
+#suseInsertService openstack-ironic-python-agent
+#suseInsertService suse-ironic-image-setup
+
+echo 'DEFAULT_TIMEZONE="UTC"' >> /etc/sysconfig/clock
+baseUpdateSysConfig /etc/sysconfig/clock HWCLOCK "-u"
+baseUpdateSysConfig /etc/sysconfig/clock TIMEZONE UTC
+baseUpdateSysConfig /etc/sysconfig/network/dhcp DHCLIENT_SET_HOSTNAME no
+baseUpdateSysConfig /etc/sysconfig/network/dhcp WRITE_HOSTNAME_TO_HOSTS no
+
+#==========================================
+# generate autologin@ service
+# based on getty@ service
+#------------------------------------------
+#sed 's/^ExecStart=.*/\0 --autologin root/' /usr/lib/systemd/system/getty@.service > /etc/systemd/system/autologin\@.service
+sed -E 's/^(ExecStart=.*\/agetty).*(--noclear.*)/\1 \2 --autologin root/' /usr/lib/systemd/system/getty@.service > /etc/systemd/system/autologin\@.service
+
+#==========================================
+# add fstab entry for tmpfs based /tmp
+#------------------------------------------
+echo 'tmpfs /tmp tmpfs size=3G 0 0' >> /etc/fstab
+
+#==========================================
+# remove package docs and manuals
+#------------------------------------------
+#baseStripDocs
+#baseStripMans
+#baseStripInfos
+
+#======================================
+# only basic version of vim is
+# installed; no syntax highlighting
+#--------------------------------------
+sed -i -e's/^syntax on/" syntax on/' /etc/vimrc
+
+#======================================
+# Remove yast if not in use
+#--------------------------------------
+#suseRemoveYaST
+
+#======================================
+# Remove package manager
+#--------------------------------------
+#suseStripPackager
+
+#rm -f usr/lib/perl5/*/*/auto/Encode/??/??.so # 9MB
+
+#======================================
+# Umount kernel filesystems
+#--------------------------------------
+#baseCleanMount
+
+ln -s /sbin/init /init
+
+#==========================================
+# umount
+#------------------------------------------
+umount /proc >/dev/null 2>&1
+
+exit 0
+

openstack-ironic-image/openstack-ironic-image.kiwi

@@ -0,0 +1,173 @@
+<?xml version="1.0" encoding="utf-8"?>
+<image schemaversion="7.4" name="openstack-ironic-image">
+    <description type="system">
+        <author>Cloud developers</author>
+        <contact>cloud-devel@suse.de</contact>
+        <specification>kernel and ramdisk image for metal3</specification>
+    </description>
+    <profiles>
+        <profile name="default" description="Booting default profile" import="true"/>
+    </profiles>
+    <preferences>
+        <locale>en_US</locale>
+        <packagemanager>zypper</packagemanager>
+        <rpm-check-signatures>false</rpm-check-signatures>
+        <timezone>UTC</timezone>
+        <version>1.0.0</version> 
+    </preferences>	
+    <preferences profiles="default">
+        <type image="kis" initrd_system="none" compressed="false"/>
+    </preferences>
+
+    <users>
+        <user password="*" home="/root" name="root" groups="root"/>
+    </users>
+
+    <repository alias="build-binaries" type="rpm-md" priority="99">
+      <source path="dir:///.build.binaries"/>
+    </repository>
+
+    <drivers>
+        <file name="crypto/*"/>
+        <file name="drivers/acpi/*"/>
+        <file name="drivers/acpi/dock.ko"/>
+        <file name="drivers/ata/*"/>
+        <file name="drivers/block/brd.ko"/>
+        <file name="drivers/block/cciss.ko"/>
+        <file name="drivers/block/loop.ko"/>
+        <file name="drivers/block/virtio_blk.ko"/>
+        <file name="drivers/cdrom/*"/>
+        <file name="drivers/char/hw_random/virtio-rng.ko"/>
+        <file name="drivers/char/lp.ko"/>
+        <file name="drivers/char/ipmi/*"/>
+        <file name="drivers/firmware/iscsi_ibft.ko"/>
+        <file name="drivers/firmware/edd.ko"/>
+        <file name="drivers/gpu/drm/*"/>
+        <file name="drivers/hid/*"/>
+        <file name="drivers/hv/*"/>
+        <file name="drivers/hwmon/*"/>
+        <file name="drivers/ide/*"/>
+        <file name="drivers/input/keyboard/*"/>
+        <file name="drivers/input/mouse/*"/>
+        <file name="drivers/md/*"/>
+        <file name="drivers/message/fusion/*"/>
+        <file name="drivers/misc/hpilo.ko"/>
+        <file name="drivers/net/*"/>
+        <file name="drivers/parport/*"/>
+        <file name="drivers/scsi/*"/>
+        <file name="drivers/staging/hv/*"/>
+        <file name="drivers/target/*"/>
+        <file name="drivers/thermal/*"/>
+        <file name="drivers/usb/*"/>
+        <file name="drivers/virtio/*"/>
+        <file name="fs/binfmt_aout.ko"/>
+        <file name="fs/binfmt_misc.ko"/>
+        <file name="fs/overlayfs/*"/>
+        <file name="fs/btrfs/*"/>
+        <file name="fs/exportfs/*"/>
+        <file name="fs/ext4/*"/>
+        <file name="fs/fat/*"/>
+        <file name="fs/fuse/*"/>
+        <file name="fs/hfs/*"/>
+        <file name="fs/jbd2/*"/>
+        <file name="fs/nfs/*"/>
+        <file name="fs/mbcache.ko"/>
+        <file name="fs/nls/nls_cp437.ko"/>
+        <file name="fs/nls/nls_iso8859-1.ko"/>
+        <file name="fs/nls/nls_utf8.ko"/>
+        <file name="fs/quota_v1.ko"/>
+        <file name="fs/quota_v2.ko"/>
+        <file name="fs/squashfs/*"/>
+        <file name="fs/udf/*"/>
+        <file name="fs/vfat/*"/>
+        <file name="fs/xfs/*"/>
+        <file name="fs/isofs/*"/>
+        <file name="lib/crc-t10dif.ko"/>
+        <file name="lib/crc16.ko"/>
+        <file name="lib/libcrc32c.ko"/>
+        <file name="lib/zlib_deflate/zlib_deflate.ko"/>
+        <file name="net/packet/*"/>
+    </drivers>
+
+    <packages type="delete">
+        <package name="gpg2"/>
+        <package name="libcairo2"/>
+        <package name="libpango-1_0-0"/>
+        <package name="libX11-6"/>
+        <package name="libXext6"/>
+        <package name="libXft2"/>
+        <package name="libXrender1"/>
+        <package name="libX11-data"/>
+        <package name="libXau6"/>
+        <package name="libxcb-render0"/>
+        <package name="libxcb-shm0"/>
+        <package name="libxcb1"/>
+        <package name="plymouth"/>
+        <package name="plymouth-branding-SLE"/>
+    </packages>
+
+    <packages type="image">
+        <package name="checkmedia"/>
+        <package name="plymouth-branding-SLE"/>
+        <package name="plymouth-dracut"/>
+        <package name="plymouth-theme-bgrt"/>
+        <package name="grub2-branding-SLE"/>
+        <package name="iputils"/>
+        <package name="vim"/>
+        <package name="grub2"/>
+        <package name="grub2-x86_64-efi" arch="x86_64"/>
+        <package name="grub2-i386-pc"/>
+        <package name="syslinux"/>
+        <package name="lvm2"/>
+        <package name="plymouth"/>
+        <package name="fontconfig"/>
+        <package name="fonts-config"/>
+        <package name="openssh"/>
+        <package name="iproute2"/>
+        <package name="which"/>
+        <package name="kernel-firmware"/>
+        <package name="kernel-default"/>
+        <package name="NetworkManager"/>
+        <package name="nm-configurator"/>
+        <package name="timezone"/>
+        <package name="haveged"/>
+        <!-- ironic-python-agent specific -->
+        <package name="openstack-ironic-python-agent"/>
+        <package name="hdparm"/>
+        <package name="qemu-tools"/>
+        <package name="python311-proliantutils" arch="x86_64"/>
+        <package name="lshw"/>
+        <package name="dmidecode" arch="aarch64"/>
+        <package name="dmidecode" arch="x86_64"/>
+        <package name="efibootmgr" arch="aarch64" />
+        <package name="efibootmgr" arch="x86_64" />
+        <package name="gptfdisk"/>
+        <package name="open-iscsi"/>
+        <package name="hwinfo"/>
+        <package name="ipmitool"/>
+        <package name="iputils"/>
+        <package name="lvm2"/>
+        <package name="net-tools"/>
+        <package name="ntp"/>
+        <package name="parted"/>
+        <package name="psmisc"/>
+        <package name="timezone"/>
+        <package name="which"/>
+        <package name="kbd"/>
+    </packages>
+
+    <packages type="kis">
+        <package name="gfxboot-branding-SLE"/>
+        <package name="dracut-kiwi-oem-repart"/>
+        <package name="dracut-kiwi-oem-dump"/>
+    </packages> 
+
+    <packages type="bootstrap">
+        <package name="glibc-locale"/>
+        <package name="udev"/>
+        <package name="filesystem"/>
+        <package name="cracklib-dict-full"/>
+        <package name="ca-certificates"/>
+        <package name="sles-release"/>
+    </packages>
+</image>

openstack-ironic-image/openstack-ironic-image.spec

@@ -0,0 +1,167 @@
+#
+# spec file for package openstack-ironic-image
+#
+# Copyright (c) 2023 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+# needsrootforbuild
+# needsbinariesforbuild
+
+
+Name:           openstack-ironic-image
+Version:        2.0.0
+Release:        0
+Summary:        Kernel and ramdisk image for OpenStack Ironic
+License:        SUSE-EULA
+Group:          System/Management
+URL:            https://github.com/SUSE-Cloud/
+Source0:        config.sh
+Source10:       openstack-ironic-image.kiwi
+Source20:       root.tar.bz2
+
+BuildRequires:  -post-build-checks
+BuildRequires:  bash
+BuildRequires:  kiwi
+BuildRequires:  kiwi-tools
+BuildRequires:  zypper
+BuildArch:      noarch
+
+BuildRequires:  checkmedia
+BuildRequires:  acl
+BuildRequires:  ca-certificates
+BuildRequires:  cracklib-dict-full
+BuildRequires:  cron
+BuildRequires:  dbus-1
+BuildRequires:  elfutils
+BuildRequires:  filesystem
+BuildRequires:  fipscheck
+BuildRequires:  fontconfig
+BuildRequires:  fonts-config
+BuildRequires:  gptfdisk
+BuildRequires:  grub2
+BuildRequires:  grub2-x86_64-efi
+BuildRequires:  haveged
+BuildRequires:  hdparm
+BuildRequires:  hwinfo
+BuildRequires:  ipmitool
+BuildRequires:  iproute2
+BuildRequires:  iputils
+BuildRequires:  kernel-default
+BuildRequires:  kernel-firmware
+BuildRequires:  lvm2
+BuildRequires:  net-tools
+BuildRequires:  ntp
+BuildRequires:  open-iscsi
+BuildRequires:  openssh
+BuildRequires:  openstack-ironic-python-agent
+BuildRequires:  pam-config
+BuildRequires:  parted
+BuildRequires:  patterns-base-minimal_base
+BuildRequires:  pinentry
+BuildRequires:  pkgconfig
+BuildRequires:  Mesa-gallium
+BuildRequires:  plymouth
+BuildRequires:  plymouth-scripts
+BuildRequires:  python311-proliantutils
+BuildRequires:  psmisc
+BuildRequires:  qemu-tools
+BuildRequires:  sg3_utils
+BuildRequires:  sles-release
+BuildRequires:  sudo
+BuildRequires:  suse-build-key
+BuildRequires:  systemd-presets-branding-SLE
+BuildRequires:  timezone
+BuildRequires:  udev
+BuildRequires:  vim
+BuildRequires:  wpa_supplicant
+BuildRequires:  dhcp-client
+BuildRequires:  which
+BuildRequires:  NetworkManager
+BuildRequires:  nm-configurator
+BuildRequires:  logrotate
+BuildRequires:  plymouth-dracut
+BuildRequires:  plymouth-theme-bgrt
+BuildRequires:  dracut-kiwi-oem-dump
+BuildRequires:  dracut-kiwi-oem-repart
+BuildRequires:  gfxboot-branding-SLE
+BuildRequires:  grub2-branding-SLE
+BuildRequires:  open-iscsi
+BuildRequires:  plymouth-branding-SLE
+BuildRequires:  lshw
+BuildRequires:  kbd
+%ifarch aarch64
+BuildRequires:  dmidecode
+BuildRequires:  efibootmgr
+%endif
+%ifarch x86_64
+BuildRequires:  dmidecode
+BuildRequires:  efibootmgr
+BuildRequires:  syslinux
+%endif
+
+%description
+Kernel and ramdisk image for use with Metal3
+
+%package %{_arch}
+Summary:        Kernel and ramdisk image for Metal3
+Group:          System/Management
+Provides:       openstack-ironic-python-agent = %{version}
+Obsoletes:      openstack-ironic-python-agent < %{version}
+
+%description %{_arch}
+Kernel and ramdisk image for use with Metal3
+For %{_arch}
+
+%prep
+mkdir -p /tmp/openstack-ironic-image/build /tmp/openstack-ironic-image/root /tmp/openstack-ironic-image/img
+
+cp -a %{SOURCE0} /tmp/openstack-ironic-image/config.sh
+
+cp -a %{SOURCE10} /tmp/openstack-ironic-image/config.kiwi
+
+tar -xC /tmp/openstack-ironic-image/root -f %{SOURCE20}
+
+%build
+if ! which kiwi; then
+    cat <<EOF >&2
+kiwi not found in \$PATH; most likely this build was missing
+the --userootforbuild option.  If you are invoking osc build
+manually, please use 'make buildlocal' instead.
+EOF
+    exit 1
+fi
+
+kiwi-ng --debug --profile default system build --description /tmp/openstack-ironic-image --target-dir /tmp/openstack-ironic-image/img
+
+%install
+TDIR=`mktemp -d /tmp/openstack-ironic-image.XXXXX`
+cd /tmp/openstack-ironic-image/img/build/image-root 
+find . | cpio --create --format=newc --quiet > $TDIR/initrdtmp
+cd $TDIR
+gzip -9 -f initrdtmp
+INITRDGZ=`ls *.gz | head -1`
+gzip -cd $INITRDGZ | xz --check=crc32 -c9 > initrd.xz
+INITRD=`ls *.xz | head -1`
+
+ls /tmp/openstack-ironic-image/img/openstack-ironic-image*
+KERNEL=`ls /tmp/openstack-ironic-image/img/openstack-ironic-image*default*kernel | head -1`
+
+mkdir -p %{buildroot}/srv/tftpboot/openstack-ironic-image
+install -p -m 644 $KERNEL $INITRD %{buildroot}/srv/tftpboot/openstack-ironic-image/
+
+%files %{_arch}
+%defattr(644,root,root)
+%dir %attr(755, root, root) /srv/tftpboot/openstack-ironic-image
+%attr(644, root, root) /srv/tftpboot/openstack-ironic-image/*
+
+%changelog

rancher-turtles-airgap-resources-chart/_service

@@ -2,7 +2,7 @@
   <service mode="buildtime" name="kiwi_metainfo_helper"/>
   <service name="replace_using_env" mode="buildtime">
     <param name="file">Chart.yaml</param>
-    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %img_prefix)</param>
     <param name="var">IMG_PREFIX</param>
   </service>
 </services>

rancher-turtles-chart/_service

@@ -2,14 +2,14 @@
   <service mode="buildtime" name="kiwi_metainfo_helper"/>
   <service name="replace_using_env" mode="buildtime">
     <param name="file">values.yaml</param>
-    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %img_prefix)</param>
     <param name="var">IMG_PREFIX</param>
     <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
     <param name="var">IMG_REPO</param>
   </service>
   <service name="replace_using_env" mode="buildtime">
     <param name="file">Chart.yaml</param>
-    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %img_prefix)</param>
     <param name="var">IMG_PREFIX</param>
   </service>
 </services>