Merge pull request 'init versions for release manifest 3.3' (#83) from dprodanov/Factory:release-manifest-3.3 into main

Reviewed-on: suse-edge/Factory#83
Reviewed-by: Ivo Petrov <ipetrov117@noreply.src.opensuse.org>

.gitattributes

@@ -2,3 +2,4 @@
 *.tar.gz filter=lfs diff=lfs merge=lfs -text
 *.tar.xz filter=lfs diff=lfs merge=lfs -text
 *.obscpio filter=lfs diff=lfs merge=lfs -text
+*.tar.bz2 filter=lfs diff=lfs merge=lfs -text

.gitea/workflows/pr_project.yaml

@@ -0,0 +1,62 @@
+name: Build PR in OBS
+on:
+  pull_request_target:
+    types:
+      - opened
+      - reopened
+      - synchronize
+      - closed
+    branches-ignore:
+      - "devel"
+
+concurrency:
+  group: ${{ gitea.workflow }}-${{ gitea.ref }}
+  cancel-in-progress: true
+
+jobs:
+  sync-pr-project:
+    name: "Build PR in OBS"
+    runs-on: tumbleweed
+    steps:
+      - name: Setup OSC
+        run: |
+          zypper in -y python3-jinja2
+          mkdir -p ~/.config/osc
+          cat >~/.config/osc/oscrc <<'EOF'
+          [general]
+          apiurl = https://api.opensuse.org
+
+          [https://api.opensuse.org]
+          user=${{ vars.OBS_USERNAME }}
+          pass=${{ secrets.OBS_PASSWORD }}
+          EOF
+    # Waiting on PR to get merged for support in upstream action/checkout action
+      - uses: 'https://github.com/yangskyboxlabs/action-checkout@sha256'
+        name: Checkout repository
+        with:
+          object-format: 'sha256'
+      - name: "[if PR is closed] Delete project in OBS"
+        run: |
+          if [ "${{ gitea.event.action }}" = "closed" ]; then
+          PROJECT="$(grep PROJECT .obs/common.py | sed 's/PROJECT = "\(.*\)"/\1/')"
+          osc rdelete -f -r -m "PR closed" "${PROJECT}:Staging:PR-${{ gitea.event.number }}"
+          fi
+      - name: "Setup PR project in OBS"
+        env:
+          SCM_URL: ${{ gitea.event.pull_request.head.repo.clone_url }}#${{ gitea.head_ref }}
+        run: |
+          if [ "${{ gitea.event.action }}" != "closed" ]; then
+          PROJECT="$(grep PROJECT .obs/common.py | sed 's/PROJECT = "\(.*\)"/\1/')"
+          python3 .obs/render_meta.py --pr ${{ gitea.event.number }} --scm-url "${SCM_URL}" | osc meta prj "${PROJECT}:Staging:PR-${{ gitea.event.number }}" -F -
+          echo "Project created ${PROJECT}:Staging:PR-${{ gitea.event.number }}"
+          echo "Follow build at: https://build.opensuse.org/project/monitor/${PROJECT}:Staging:PR-${{ gitea.event.number }}"
+          fi
+      - env:
+          GIT_SHA: ${{ gitea.event.pull_request.head.sha }}
+        name: "Wait for OBS to build the project"
+        run: |
+          if [ "${{ gitea.event.action }}" != "closed" ]; then
+          PROJECT="$(grep PROJECT .obs/common.py | sed 's/PROJECT = "\(.*\)"/\1/')"
+          export OBS_PROJECT="${PROJECT}:Staging:PR-${{ gitea.event.number }}"
+          python3 .obs/wait_obs.py
+          fi

.gitea/workflows/sync_config.yaml

@@ -0,0 +1,35 @@
+name: Synchronize Project Config
+on:
+  push:
+    branches-ignore:
+      - "devel"
+    paths:
+      - "_config"
+      - ".gitea/workflows/sync_config.yaml"
+
+jobs:
+  sync-prjconf:
+    name: "Update prjconf in OBS"
+    runs-on: tumbleweed
+    steps:
+      - name: Setup OSC
+        run: |
+          mkdir -p ~/.config/osc
+          cat >~/.config/osc/oscrc <<'EOF'
+          [general]
+          apiurl = https://api.opensuse.org
+
+          [https://api.opensuse.org]
+          user=${{ vars.OBS_USERNAME }}
+          pass=${{ secrets.OBS_PASSWORD }}
+          EOF
+    # Waiting on PR to get merged for support in upstream action/checkout action
+      - uses: 'https://github.com/yangskyboxlabs/action-checkout@sha256'
+        name: Checkout repository
+        with:
+          object-format: 'sha256'
+      - run: |
+          PROJECT="$(grep PROJECT .obs/common.py | sed 's/PROJECT = "\(.*\)"/\1/')"
+          if [ "$(osc meta prjconf "${PROJECT}" | sha256sum)" != "$(cat _config | sha256sum)" ] ; then
+            osc meta prjconf "${PROJECT}" -F _config
+          fi

.gitea/workflows/sync_meta.yaml

@@ -0,0 +1,45 @@
+name: Synchronize Project Metadata
+on:
+  push:
+    branches-ignore:
+      - "devel"
+    paths:
+      - "*" # Will trigger on new directories and changes to files in root of repository
+      - ".gitea/workflows/sync_meta.yaml"
+      - ".obs/common.py"
+
+jobs:
+  sync-prj-meta:
+    runs-on: tumbleweed
+    steps:
+      - name: Setup OSC
+        run: |
+          zypper in -y python3-jinja2
+          mkdir -p ~/.config/osc
+          cat >~/.config/osc/oscrc <<'EOF'
+          [general]
+          apiurl = https://api.opensuse.org
+
+          [https://api.opensuse.org]
+          user=${{ vars.OBS_USERNAME }}
+          pass=${{ secrets.OBS_PASSWORD }}
+          EOF
+    # Waiting on PR to get merged for support in upstream action/checkout action
+      - uses: 'https://github.com/yangskyboxlabs/action-checkout@sha256'
+        name: Checkout repository
+        with:
+          object-format: 'sha256'
+      - name: "Update or create OBS Project"
+        run: |
+          PROJECT="$(grep PROJECT .obs/common.py | sed 's/PROJECT = "\(.*\)"/\1/')"
+          set -o pipefail
+          if meta="$(osc meta prj "${PROJECT}" 2>/dev/null | sha256sum)"; then
+            new_meta="$(python3 .obs/render_meta.py)"
+            if [ "${meta}" != "$(echo "${new_meta}" | sha256sum)" ]; then
+              echo "${new_meta}" | osc meta prj "${PROJECT}" -F -
+            fi
+            python3 .obs/sync_packages.py
+          else
+            # Create the projects
+            bash .obs/create_projects.sh
+          fi

.gitea/workflows/trigger_devel.yaml

@@ -0,0 +1,30 @@
+name: Trigger Devel Packages
+on:
+  schedule:
+    - cron: "@daily"
+
+jobs:
+  sync-pr-project:
+    name: "Trigger source services for devel packages that changed"
+    runs-on: tumbleweed
+    steps:
+      - name: Setup OSC
+        run: |
+          mkdir -p ~/.config/osc
+          cat >~/.config/osc/oscrc <<'EOF'
+          [general]
+          apiurl = https://api.opensuse.org
+
+          [https://api.opensuse.org]
+          user=${{ vars.OBS_USERNAME }}
+          pass=${{ secrets.OBS_PASSWORD }}
+          EOF
+    # Waiting on PR to get merged for support in upstream action/checkout action
+      - uses: 'https://github.com/yangskyboxlabs/action-checkout@sha256'
+        name: Checkout repository
+        with:
+          object-format: 'sha256'
+          ref: 'devel'
+      - name: "Trigger packages"
+        run: |
+          python3 .obs/trigger_package.py

.gitmodules

@@ -4,3 +4,12 @@
 [submodule "cri-tools"]
 	path = cri-tools
 	url = https://src.opensuse.org/pool/cri-tools.git
+[submodule "fakeroot"]
+	path = fakeroot
+	url = https://src.opensuse.org/pool/fakeroot.git
+[submodule "crudini"]
+	path = crudini
+	url = https://src.opensuse.org/pool/crudini.git
+[submodule "autoconf"]
+	path = autoconf
+	url = https://src.opensuse.org/SLFO-pool/autoconf.git

.obs/add_package.py

@@ -1,5 +1,4 @@
 #!/usr/bin/env python3
-import yaml
 import subprocess
 import argparse
 import os
@@ -7,30 +6,6 @@ import os.path
 
 from common import PROJECT, REPOSITORY, BRANCH
 
-def add_package_to_workflow(name: str):
-    modified = False
-    with open(".obs/workflows.yml", "r") as wf_file:
-        workflows = yaml.safe_load(wf_file)
-    if not any(
-        x
-        for x in workflows["staging_build"]["steps"]
-        if x["branch_package"]["source_package"] == name
-    ):
-        workflows["staging_build"]["steps"].append(
-            {
-                "branch_package": {
-                    "source_project": PROJECT,
-                    "target_project": f"{PROJECT}:Staging",
-                    "source_package": name,
-                }
-            }
-        )
-        modified = True
-    if modified:
-        with open(".obs/workflows.yml", "w") as wf_file:
-            yaml.dump(workflows, wf_file)
-
-
 def add_package_to_project(name: str):
     package_meta = f"""<package name="{name}" project="{PROJECT}">
   <title/>
@@ -53,7 +28,6 @@ def add_package(package_name: str):
         os.exit(1)
 
     add_package_to_project(package_name)
-    add_package_to_workflow(package_name)
 
 
 def main():
@@ -65,7 +39,7 @@ def main():
     add_package(args.package)
     
 
-    print("Package created in OBS, you can now push the modified workflow file")
+    print("Package created in OBS !")
 
 
 if __name__ == '__main__':

.obs/create_projects.sh

@@ -0,0 +1,37 @@
+#!/bin/bash
+
+show_help() {
+    echo "Usage: $(basename $0) [--internal]"
+    echo "options:"
+    echo "-h, --help       display this help and exit"
+    echo "-i, --internal   create project as internal"
+    exit 0
+}
+
+while [[ "$#" -gt 0 ]]; do
+    case $1 in
+        -h|--help) show_help;;
+        -i|--internal) internal="--internal" ;;
+        *) echo "Unknown parameter passed: $1";show_help ;;
+    esac
+    shift
+done
+
+PROJECT="$(grep PROJECT .obs/common.py | sed 's/PROJECT = "\(.*\)"/\1/')"
+EXTRA_OSC_ARGS=""
+if [ -n "$internal" ]; then
+    PROJECT="ISV${PROJECT:3}"
+    EXTRA_OSC_ARGS="-A https://api.suse.de"
+
+    python3 .obs/render_meta.py ${internal} Snapshot | osc ${EXTRA_OSC_ARGS} meta prj "${PROJECT}:Snapshot" -F -
+    osc ${EXTRA_OSC_ARGS} meta prjconf "${PROJECT}:Snapshot" -F _config
+fi
+
+python3 .obs/render_meta.py ${internal} ToTest | osc ${EXTRA_OSC_ARGS} meta prj "${PROJECT}:ToTest" -F -
+python3 .obs/render_meta.py ${internal} | osc ${EXTRA_OSC_ARGS} meta prj "${PROJECT}" -F -
+osc ${EXTRA_OSC_ARGS} meta prjconf "${PROJECT}:ToTest" -F _config
+osc ${EXTRA_OSC_ARGS} meta prjconf "${PROJECT}" -F _config
+
+if [ -z "$internal" ]; then
+    python3 .obs/sync_packages.py
+fi

.obs/delete_package.py

@@ -1,5 +1,4 @@
 #!/usr/bin/env python3
-import yaml
 import subprocess
 import argparse
 import os
@@ -8,20 +7,8 @@ import os.path
 from common import PROJECT
 
 
-def delete_package_from_workflow(name: str):
-    with open(".obs/workflows.yml", "r") as wf_file:
-        workflows = yaml.safe_load(wf_file)
-    workflows["staging_build"]["steps"] = [
-        x
-        for x in workflows["staging_build"]["steps"]
-        if x["branch_package"]["source_package"] != name
-    ]
-    with open(".obs/workflows.yml", "w") as wf_file:
-        yaml.dump(workflows, wf_file)
-
-
 def delete_package_from_project(name: str):
-    p = subprocess.run(["osc", "rdelete", PROJECT, name], stdout=subprocess.PIPE)
+    p = subprocess.run(["osc", "rdelete", PROJECT, name, "-m \"Deleted via delete_package.py\"" ], stdout=subprocess.PIPE)
     print(p.stdout)
     print(p.stderr)
     p.check_returncode()
@@ -33,7 +20,6 @@ def delete_package(package_name: str):
         os.exit(1)
 
     delete_package_from_project(package_name)
-    delete_package_from_workflow(package_name)
 
 
 def main():

.obs/render_meta.py

@@ -0,0 +1,63 @@
+import argparse
+
+from jinja2 import Template
+from common import PROJECT
+
+def render(base_project, subproject, internal, scm_url=None):
+    version = base_project.rsplit(':', 1)[-1]
+    context = {
+        "base_project": subproject == "",
+        "title": f"SUSE Edge {version} {subproject}".rstrip(),
+        "ironic_base": "ISV:SUSE:Edge:Ironic" if internal else "Cloud:OpenStack",
+    }
+    if subproject == "ToTest":
+        context["project"] = f"{base_project}:ToTest"
+        context["description"] = (
+            f"This project doesn't build, it stores a snapshot of SUSE Edge {version} "
+            "project currently going through the automated test layer"
+        )
+        if "Factory" in base_project or internal:
+            context["release_project"] = f"{base_project}:Snapshot"
+    elif subproject == "Snapshot":
+        context["project"] = f"{base_project}:Snapshot"
+        context["release_project"] = f"{base_project.rsplit(':', 1)[0]}:Containers"
+        context["for_release"] = True
+        context["description"] = (
+            f"This project doesn't build, it stores a snapshot of SUSE Edge {version} "
+            "project that passed automated test layer"
+        )
+    elif subproject == "":
+        context["project"] = base_project
+        context["release_project"] = f"{base_project}:ToTest"
+    else: # PR case direct python call
+        context["base_project"] = True
+        context["project"] = f"{base_project}:{subproject}"
+        if scm_url is not None:
+            context["scm_url"] = scm_url
+
+    with open("_meta") as meta:
+        template = Template(meta.read())
+    return template.render(context)
+
+def main():
+    parser = argparse.ArgumentParser(
+                    prog='ProgramName',
+                    description='What the program does',
+                    epilog='Text at the bottom of help')
+    parser.add_argument("subproject", default="", choices=["", "ToTest", "Snapshot"], nargs="?")
+    parser.add_argument("--internal", action="store_true")
+    parser.add_argument("--pr")
+    parser.add_argument("--scm-url")
+    args = parser.parse_args()
+    base_project = PROJECT.replace("isv", "ISV", 1) if args.internal else PROJECT
+
+    print(render(
+        base_project=base_project,
+        subproject=args.subproject if args.pr is None else f"Staging:PR-{args.pr}",
+        internal=args.internal,
+        scm_url=args.scm_url,
+    ))
+
+
+if __name__ == "__main__":
+    main()

.obs/sync_packages.py

@@ -9,7 +9,7 @@ from common import PROJECT
 
 def get_obs_packages() -> Set[str]:
     packages = subprocess.run(["osc", "ls", PROJECT], encoding='utf-8' , capture_output=True)
-    return set(packages.stdout.splitlines())
+    return { p for p in packages.stdout.splitlines() if ":" not in p }
 
 def get_local_packages() -> Set[str]:
     p = pathlib.Path('.')

.obs/wait_obs.py

@@ -0,0 +1,83 @@
+import xml.etree.ElementTree as ET
+import subprocess
+import time
+import os
+import sys
+
+from collections import Counter
+
+def get_buildstatus(project: str) -> ET.Element:
+    for _ in range(5):
+        try:
+            output = subprocess.check_output(["osc", "pr", "--xml", project])
+            return ET.fromstring(output)
+        except subprocess.CalledProcessError:
+            continue
+    print("Failed to get buildstatus from OBS")
+
+def do_wait(project:str, commit:str) -> ET.Element:
+    last_state = None
+    while True:
+        time.sleep(5)
+        status = get_buildstatus(project)
+        if last_state == status.get("state"):
+            continue
+        else:
+            last_state = status.get("state")
+
+        scminfo = { e.text for e in status.findall(".//scminfo") }
+        if len(scminfo) != 1 or scminfo.pop() != commit:
+            print("Waiting for OBS to sync with SCM")
+            continue
+
+        if not all([ e.get('state') == "published" and e.get('dirty') is None for e in status.findall("./result")]):
+            print("Waiting for OBS to finish building")
+            continue
+
+        return status
+        
+def print_results(status: ET.Element) -> bool:
+    results = {}
+    failed = []
+    for e in status.findall("./result"):
+        repo = results.get(e.get("repository"), {})
+        repo[e.get("arch")] = e
+        results[e.get("repository")] = repo
+    
+    for repo in results.keys():
+        print(f"{repo}:")
+        depth=1
+        for arch in results[repo].keys():
+            counts = Counter()
+            if repo != "charts":
+                print(f"\t{arch}:")
+                depth=2
+            for package in results[repo][arch].findall("./status"):
+                if package.get("code") in ["excluded", "disabled"]:
+                    continue
+                if package.get("code") in ["failed", "unresolvable", "broken"]:
+                    details = package.findtext("details")
+                    if details:
+                        failed.append(f"{package.get('package')} ({arch}): {details}")
+                    else:
+                        failed.append(f"{package.get('package')} ({arch})")
+                counts[package.get("code")] += 1
+            for (code, count) in counts.items():
+                print("\t"*depth, f"{code}: {count}")
+    
+    failed.sort()
+    if failed:
+        print("\nPackages failing: ")
+    for fail in failed:
+        print("\t", fail)
+    return len(failed)
+
+def main():
+    project = os.environ.get("OBS_PROJECT")
+    sha = os.environ.get("GIT_SHA")
+    print(f"Waiting for OBS to build {project} for commit {sha}")
+    status = do_wait(project, sha)
+    sys.exit(print_results(status))
+
+if __name__ == "__main__":
+    main()

.obs/workflows.yml

@@ -1,200 +0,0 @@
-staging_build:
-  filters:
-    event: pull_request
-  steps:
-  - branch_package:
-      source_package: endpoint-copier-operator
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: endpoint-copier-operator-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: endpoint-copier-operator-chart
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: akri
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: akri-agent-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: akri-chart
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: akri-controller-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: akri-dashboard-extension-chart
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: akri-debug-echo-discovery-handler-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: akri-onvif-discovery-handler-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: akri-opcua-discovery-handler-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: akri-udev-discovery-handler-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: akri-webhook-configuration-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: obs-service-set_version
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: cosign
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: frr-k8s
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: cluster-api
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: cluster-api-operator
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: kubectl
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: upgrade-controller
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: cluster-api-provider-rke2
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: nm-configurator
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: kube-rbac-proxy
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: edge-image-builder
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: metallb
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: hauler
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: ip-address-manager
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: baremetal-operator
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: cluster-api-provider-metal3
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: cdi-chart
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: cluster-api-controller-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: cluster-api-provider-metal3-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: metallb-chart
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: cluster-api-operator-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: sriov-crd-chart
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: upgrade-controller-chart
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: edge-image-builder-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: ironic-ipa-downloader-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: cluster-api-provider-rke2-controlplane-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: upgrade-controller-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: metal3-chart
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: baremetal-operator-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: cluster-api-provider-rke2-bootstrap-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: sriov-network-operator-chart
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: metallb-controller-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: ip-address-manager-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: metallb-speaker-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: venv
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: ironic-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging

README.md

@@ -5,11 +5,23 @@ Contains the definition of the packages built on OBS for the SUSE Edge Solution
 This repository is linked to an OBS project: <https://build.opensuse.org/project/show/isv:SUSE:Edge:Factory>
 Every directory in this repository represents a package in that OBS project, those should be synced automatically from this repository.
 
-## Adding a package
+## Testing a fork or a development branch
 
-To add a package, first create a directory with your package as you intend it in OBS.
+You can create a project in your home space in OBS, use the same prjconf as the one of "isv:SUSE:Edge:Factory", and copy the repositories part of the metadata (adjust self references).
+Then add a scmsync stanza to your metadata like this (adjust repository path and branch):
 
-Then run the `.obs/add_package.py` script to create the package in the OBS project and add the required elements to the synchronization workflow.
-This script is using the `osc` command behind the scenes, so ensure you have it installed and correctly configured, as well as you have the correct permissions to create a new package in the project.
+```xml
+<scmsync>https://src.opensuse.org/suse-edge/Factory#main</scmsync>
+```
 
-You will then get asked to push your changes.
+This is done automatically for any PR filed against this repository.
+
+## Cutting a release version branch
+
+1. Do the appropriate git branch command
+2. Change the project path in `.obs/common.py` file (e.g. from `isv:SUSE:Edge:Factory` to `isv:SUSE:Edge:3.2`)
+3. Change the branch reference in `.obs/common.py` file (e.g. from `main` to `3.2`)
+5. Commit those changes to the new branch and push the new branch
+9. Go take a few cups of coffee/tea/mate/... while waiting for OBS to build everything
+10. Once built do an `osc release` of the project for it to be copied over in the `ToTest` section
+11. Hand over to QA to test whatever is in `ToTest`. (You can continue to work on the base branch if needed meanwhile)

_config

@@ -0,0 +1,125 @@
+Prefer: -libqpid-proton10 -python311-urllib3_1
+
+Macros:
+%__python3 /usr/bin/python3.11
+%registry_url %(echo %{vendor} | cut -d '/' -f 3 | sed 's/build/registry/')
+:Macros
+
+%if "%{sub %{lower %_project} 1 14}" != "isv:suse:edge:" || "%{sub %_project 15 21}" == "Factory"
+    # Here we are in Factory like project so set chart major version to 999
+Macros:
+%chart_major 999
+:Macros
+%else
+    # Here we are in version branch, so set the image prefix and chart major accordingly
+Macros:
+%project_branch %(echo %{_project} | cut -d ':' -f 4)
+%img_prefix %{project_branch}/
+%chart_major %(echo %{project_branch} | awk '{split($1,a,"."); print a[1]*100 + a[2]}')
+:Macros
+%endif
+
+%if %{sub %_project 1 3} == ISV
+Macros:
+%img_repo registry.suse.com/edge
+%chart_repo oci://registry.suse.com/edge
+%manifest_repo registry.suse.com/edge
+%support_level l3
+:Macros
+%else
+Macros:
+%img_repo registry.opensuse.org/isv/suse/edge/containers/images
+%manifest_repo registry.opensuse.org/isv/suse/edge/containers/images
+%chart_repo oci://registry.opensuse.org/isv/suse/edge/containers/charts
+%support_level techpreview
+:Macros
+%endif
+
+%if "%_repository" == "charts" || "%_repository" == "test_manifest_images"
+Macros:
+%img_repo %(echo %{registry_url}:%{_project}:images | tr ":" "/" | tr '[:upper:]' '[:lower:]')
+%manifest_repo %(echo %{registry_url}:%{_project}:test_manifest_images | tr ":" "/" | tr '[:upper:]' '[:lower:]')
+%chart_repo oci://%(echo %{registry_url}:%{_project}:charts | tr ":" "/" | tr '[:upper:]' '[:lower:]')
+:Macros
+%endif
+
+# Missing deps for testsuite
+BuildFlags: excludebuild:autoconf:el
+BuildFlags: excludebuild:autoconf:testsuite
+
+# Only build manifest embedding images here
+%if "%_repository" == "test_manifest_images"
+BuildFlags: onlybuild:edge-image-builder-image
+BuildFlags: onlybuild:release-manifest-image
+  # Exclude the images selected by the following section
+  # as the standard repository is a dependency
+  %ifarch aarch64
+    BuildFlags: excludebuild:baremetal-operator-image
+    BuildFlags: excludebuild:endpoint-copier-operator-image
+    BuildFlags: excludebuild:ironic-image
+    BuildFlags: excludebuild:ironic-ipa-downloader-image
+    BuildFlags: excludebuild:kube-rbac-proxy-image
+    BuildFlags: excludebuild:metallb-controller-image
+    BuildFlags: excludebuild:metallb-speaker-image
+  %endif
+%else
+# Only a subset of stack is arm64 ready
+  %ifarch aarch64
+    BuildFlags: onlybuild:autoconf
+    BuildFlags: onlybuild:baremetal-operator
+    BuildFlags: onlybuild:baremetal-operator-image
+    BuildFlags: onlybuild:ca-certificates-suse
+    BuildFlags: onlybuild:cosign
+    BuildFlags: onlybuild:crudini
+    BuildFlags: onlybuild:edge-image-builder
+    BuildFlags: onlybuild:edge-image-builder-image
+    BuildFlags: onlybuild:endpoint-copier-operator
+    BuildFlags: onlybuild:endpoint-copier-operator-image
+    BuildFlags: onlybuild:fakeroot
+    BuildFlags: onlybuild:hauler
+    BuildFlags: onlybuild:ipcalc
+    BuildFlags: onlybuild:ironic-image
+    BuildFlags: onlybuild:ironic-ipa-downloader-image
+    BuildFlags: onlybuild:ironic-ipa-ramdisk
+    BuildFlags: onlybuild:kube-rbac-proxy
+    BuildFlags: onlybuild:kube-rbac-proxy-image
+    BuildFlags: onlybuild:metallb
+    BuildFlags: onlybuild:metallb-controller-image
+    BuildFlags: onlybuild:metallb-speaker-image
+    BuildFlags: onlybuild:nm-configurator
+  %endif
+%endif
+
+%if "%_repository" == "images" || "%_repository" == "test_manifest_images"
+    Prefer: container:sles15-image
+    Type: docker
+    Repotype: none
+    Patterntype: none
+    BuildEngine: podman
+    Prefer: sles-release
+    BuildFlags: dockerarg:SLE_VERSION=15.6
+
+    # Publish multi-arch container images only once all archs have been built
+    PublishFlags: archsync
+%endif
+
+%if "%_repository" == "charts" || "%_repository" == "phantomcharts" || "%_repository" == "releasecharts"
+    Type: helm
+    Repotype: helm
+    Patterntype: none
+    Required: perl-YAML-LibYAML
+%endif
+
+%if "%_repository" == "standard"
+    # for build openstack-ironic-image
+    BuildFlags: allowrootforbuild
+%endif
+
+# Enable reproducible builds
+# https://en.opensuse.org/openSUSE:Reproducible_Builds\#With_OBS
+Macros:
+%source_date_epoch_from_changelog Y
+%clamp_mtime_to_source_date_epoch Y
+%use_source_date_epoch_as_buildtime Y
+%_buildhost reproducible
+:Macros

_meta

@@ -0,0 +1,69 @@
+{#- 
+  This template is rendered by the render_meta.py script
+  it is not automatically enforced by OBS
+-#}
+{%- set maintainers = [
+    "edge-engineering",
+] -%}
+<project name="{{ project }}">
+  <title>{{ title }}</title>
+  {%- if description is defined %}
+  <description>{{ description }}</description>
+  {%- else %}
+  <description/>
+  {%- endif %}
+  {%- if scm_url is defined %}
+  <scmsync>{{ scm_url }}</scmsync>
+  {%- endif %}
+{%- for maintainer in maintainers %}
+  <person userid="{{ maintainer }}" role="maintainer"/>
+{%- endfor %}
+{%- if not base_project %}
+  <build>
+    <disable/>
+    <enable repository="charts"/>
+    <enable repository="test_manifest_images"/>
+  </build>
+  <publish>
+    <disable repository="phantomcharts"/>
+  </publish>
+  <repository name="phantomcharts">
+    <arch>x86_64</arch>
+  </repository>
+{%- endif %}
+{%- for repository in ["images", "test_manifest_images"] %}
+  <repository name="{{ repository }}">
+    {%- if release_project is defined and repository == "images" %}
+    <releasetarget project="{{ release_project }}" repository="images" trigger="manual"/>
+    {%- endif %}
+    <path project="SUSE:Registry" repository="standard"/>
+    <path project="SUSE:CA" repository="SLE_15_SP6"/>
+    <path project="{{ project }}" repository="standard"/>
+    <arch>x86_64</arch>
+    <arch>aarch64</arch>
+  </repository>
+{%- endfor %}
+  <repository name="standard" block="local">
+    {%- if release_project is defined and not for_release %}
+    <releasetarget project="{{ release_project }}" repository="standard" trigger="manual"/>
+    {%- endif %}
+    <path project="{{ ironic_base }}:2024.2" repository="15.6"/>
+    <path project="SUSE:SLE-15-SP6:Update" repository="standard"/>
+    <arch>x86_64</arch>
+    <arch>aarch64</arch>
+  </repository>
+  <repository name="charts"{{ ' rebuild="local"' if not base_project }}>
+    {%- if release_project is defined and not for_release %}
+    <releasetarget project="{{ release_project }}" repository="phantomcharts" trigger="manual"/>
+    {%- endif %}
+    <path project="{{ project }}" repository="standard"/>
+    <arch>x86_64</arch>
+  </repository>
+  {%- if for_release %}
+  <repository name="releasecharts" rebuild="local">
+    <releasetarget project="{{ release_project }}" repository="charts" trigger="manual"/>
+    <path project="{{ project }}" repository="standard"/>
+    <arch>x86_64</arch>
+  </repository>
+  {%- endif %}
+</project>

akri-agent-image/Dockerfile

@@ -20,7 +20,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
 LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%akri-agent:v%PACKAGE_VERSION%-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="techpreview"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
 LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
 LABEL com.suse.image-type="application"

akri-agent-image/_service

@@ -13,5 +13,7 @@
     <param name="var">IMG_PREFIX</param>
     <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
     <param name="var">IMG_REPO</param>
+    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
+    <param name="var">SUPPORT_LEVEL</param>
   </service>
 </services>

akri-chart/Chart.yaml

@@ -1,5 +1,5 @@
-#!BuildTag: %%IMG_PREFIX%%akri-chart:0.12.20
-#!BuildTag: %%IMG_PREFIX%%akri-chart:0.12.20-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%akri-chart:%%CHART_MAJOR%%.0.0_up0.12.20
+#!BuildTag: %%IMG_PREFIX%%akri-chart:%%CHART_MAJOR%%.0.0_up0.12.20-%RELEASE%
 annotations:
   catalog.cattle.io/display-name: Akri
 apiVersion: v2
@@ -8,4 +8,4 @@ description: A Helm chart for Akri
 icon: https://raw.githubusercontent.com/project-akri/akri-docs/main/art/icon/akri-icon-light.svg
 name: akri
 type: application
-version: 0.12.20
+version: "%%CHART_MAJOR%%.0.0+up0.12.20"

akri-chart/_service

@@ -2,14 +2,16 @@
   <service mode="buildtime" name="kiwi_metainfo_helper"/>
   <service name="replace_using_env" mode="buildtime">
     <param name="file">values.yaml</param>
-    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %img_prefix)</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
     <param name="var">IMG_PREFIX</param>
     <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
     <param name="var">IMG_REPO</param>
   </service>
   <service name="replace_using_env" mode="buildtime">
     <param name="file">Chart.yaml</param>
-    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %img_prefix)</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
     <param name="var">IMG_PREFIX</param>
+    <param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
+    <param name="var">CHART_MAJOR</param>
   </service>
 </services>

akri-controller-image/Dockerfile

@@ -20,7 +20,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
 LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%akri-controller:v%PACKAGE_VERSION%-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="techpreview"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
 LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
 LABEL com.suse.image-type="application"

akri-controller-image/_service

@@ -9,9 +9,11 @@
   </service>
   <service name="replace_using_env" mode="buildtime">
     <param name="file">Dockerfile</param>
-    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %img_prefix)</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
     <param name="var">IMG_PREFIX</param>
     <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
     <param name="var">IMG_REPO</param>
+    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
+    <param name="var">SUPPORT_LEVEL</param>
   </service>
 </services>

akri-dashboard-extension-chart/Chart.yaml

@@ -1,20 +1,21 @@
-#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:1.1.0
-#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:1.1.0-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:%%CHART_MAJOR%%.0.0
+#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.1
+#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.1-%RELEASE%
 annotations:
   catalog.cattle.io/certified: rancher
   catalog.cattle.io/display-name: Akri
-  catalog.cattle.io/kube-version: '>= v1.26.0-0'
+  catalog.cattle.io/kube-version: ">= v1.26.0-0"
   catalog.cattle.io/namespace: cattle-ui-plugin-system
   catalog.cattle.io/os: linux
   catalog.cattle.io/permits-os: linux, windows
-  catalog.cattle.io/rancher-version: '>= v2.9.0'
+  catalog.cattle.io/rancher-version: ">= 2.10.0-0"
   catalog.cattle.io/scope: management
   catalog.cattle.io/ui-component: plugins
-  catalog.cattle.io/ui-extensions-version: '>= 2.0.1'
+  catalog.cattle.io/ui-extensions-version: ">= 3.0.0 < 4.0.0"
 apiVersion: v2
-appVersion: 1.1.0
-description: 'SUSE Edge: Akri extension for Rancher Dashboard'
+appVersion: 1.2.1
+description: "SUSE Edge: Akri extension for Rancher Dashboard"
 icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/akri/icon/color/akri-icon-color.svg
 name: akri-dashboard-extension
 type: application
-version: 1.1.0
+version: "%%CHART_MAJOR%%.0.0+up1.2.1"

akri-dashboard-extension-chart/_service

@@ -2,14 +2,16 @@
   <service mode="buildtime" name="kiwi_metainfo_helper"/>
   <service name="replace_using_env" mode="buildtime">
     <param name="file">values.yaml</param>
-    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %img_prefix)</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
     <param name="var">IMG_PREFIX</param>
     <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
     <param name="var">IMG_REPO</param>
   </service>
   <service name="replace_using_env" mode="buildtime">
     <param name="file">Chart.yaml</param>
-    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %img_prefix)</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
     <param name="var">IMG_PREFIX</param>
+    <param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
+    <param name="var">CHART_MAJOR</param>
   </service>
 </services>

akri-dashboard-extension-chart/templates/_helpers.tpl

@@ -60,4 +60,4 @@ Pkg annotations
 {{ $key }}: {{ $value | quote }}
 {{- end }}
 {{- end }}
-{{- end }}
+{{- end }}

akri-dashboard-extension-chart/templates/cr.yaml

@@ -8,7 +8,7 @@ spec:
   plugin:
     name: {{ include "extension-server.fullname" . }}
     version: {{ (semver (default .Chart.AppVersion .Values.plugin.versionOverride)).Original }}
-    endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/akri-dashboard-extension/1.1.0
+    endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/akri-dashboard-extension/1.2.1
     noCache: {{ .Values.plugin.noCache }}
     noAuth: {{ .Values.plugin.noAuth }}
-    metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }}
+    metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }}

akri-dashboard-extension-chart/values.yaml

@@ -7,6 +7,6 @@ plugin:
   noAuth: false
   metadata:
     catalog.cattle.io/display-name: Akri
-    catalog.cattle.io/rancher-version: ">= v2.9.0"
-    catalog.cattle.io/ui-extensions-version: ">= 2.0.1"
+    catalog.cattle.io/rancher-version: ">= 2.10.0-0"
+    catalog.cattle.io/ui-extensions-version: ">= 3.0.0 < 4.0.0"
     catalog.cattle.io/kube-version: ">= v1.26.0-0"

akri-debug-echo-discovery-handler-image/Dockerfile

@@ -20,7 +20,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
 LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%akri-debug-echo-discovery-handler:v%PACKAGE_VERSION%-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="techpreview"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
 LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
 LABEL com.suse.image-type="application"

akri-debug-echo-discovery-handler-image/_service

@@ -9,9 +9,11 @@
   </service>
   <service name="replace_using_env" mode="buildtime">
     <param name="file">Dockerfile</param>
-    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %img_prefix)</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
     <param name="var">IMG_PREFIX</param>
     <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
     <param name="var">IMG_REPO</param>
+    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
+    <param name="var">SUPPORT_LEVEL</param>
   </service>
 </services>

akri-onvif-discovery-handler-image/Dockerfile

@@ -20,7 +20,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
 LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%akri-onvif-discovery-handler:v%PACKAGE_VERSION%-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="techpreview"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
 LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
 LABEL com.suse.image-type="application"

akri-onvif-discovery-handler-image/_service

@@ -9,9 +9,11 @@
   </service>
   <service name="replace_using_env" mode="buildtime">
     <param name="file">Dockerfile</param>
-    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %img_prefix)</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
     <param name="var">IMG_PREFIX</param>
     <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
     <param name="var">IMG_REPO</param>
+    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
+    <param name="var">SUPPORT_LEVEL</param>
   </service>
 </services>

akri-opcua-discovery-handler-image/Dockerfile

@@ -20,7 +20,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
 LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%akri-opcua-discovery-handler:v%PACKAGE_VERSION%-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="techpreview"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
 LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
 LABEL com.suse.image-type="application"

akri-opcua-discovery-handler-image/_service

@@ -9,9 +9,11 @@
   </service>
   <service name="replace_using_env" mode="buildtime">
     <param name="file">Dockerfile</param>
-    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %img_prefix)</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
     <param name="var">IMG_PREFIX</param>
     <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
     <param name="var">IMG_REPO</param>
+    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
+    <param name="var">SUPPORT_LEVEL</param>
   </service>
 </services>

akri-udev-discovery-handler-image/Dockerfile

@@ -20,7 +20,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
 LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%akri-udev-discovery-handler:v%PACKAGE_VERSION%-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="techpreview"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
 LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
 LABEL com.suse.image-type="application"

akri-udev-discovery-handler-image/_service

@@ -9,9 +9,11 @@
   </service>
   <service name="replace_using_env" mode="buildtime">
     <param name="file">Dockerfile</param>
-    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %img_prefix)</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
     <param name="var">IMG_PREFIX</param>
     <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
     <param name="var">IMG_REPO</param>
+    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
+    <param name="var">SUPPORT_LEVEL</param>
   </service>
 </services>

akri-webhook-configuration-image/Dockerfile

@@ -20,7 +20,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
 LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%akri-webhook-configuration:v%PACKAGE_VERSION%-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="techpreview"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
 LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
 LABEL com.suse.image-type="application"

akri-webhook-configuration-image/_service

@@ -9,9 +9,11 @@
   </service>
   <service name="replace_using_env" mode="buildtime">
     <param name="file">Dockerfile</param>
-    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %img_prefix)</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
     <param name="var">IMG_PREFIX</param>
     <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
     <param name="var">IMG_REPO</param>
+    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
+    <param name="var">SUPPORT_LEVEL</param>
   </service>
 </services>

akri/_service

@@ -10,7 +10,9 @@
 	<service name="cargo_vendor" mode="manual">
 		<param name="srcdir">akri</param>
 	</service>
-	<service name="tar" mode="buildtime" />
+	<service name="tar" mode="buildtime">
+		<param name="obsinfo">akri.obsinfo</param>
+	</service>
 	<service name="set_version" mode="buildtime" >
 		<param name="fromfile">version.txt</param>
 		<param name="regex">^(.*)$</param>

autoconf

@@ -0,0 +1 @@
+Subproject commit 015427056954e149061e5c176e72f6067ebe4fb010fb697aba7bcfbb0e6d5568

baremetal-operator-image/Dockerfile

@@ -21,7 +21,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
 LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="l3"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
 LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
 LABEL com.suse.image-type="application"

baremetal-operator-image/_service

@@ -9,9 +9,11 @@
   </service>
   <service name="replace_using_env" mode="buildtime">
     <param name="file">Dockerfile</param>
-    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %img_prefix)</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
     <param name="var">IMG_PREFIX</param>
     <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
     <param name="var">IMG_REPO</param>
+    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
+    <param name="var">SUPPORT_LEVEL</param>
   </service>
 </services>

baremetal-operator/_service

@@ -2,7 +2,7 @@
  <service name="obs_scm">
     <param name="url">https://github.com/metal3-io/baremetal-operator</param>
     <param name="scm">git</param>
-    <param name="revision">v0.6.1</param>
+    <param name="revision">v0.8.0</param>
     <param name="version">_auto_</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="changesgenerate">enable</param>
@@ -12,10 +12,8 @@
     <param name="without-version">yes</param>
     <param name="versionrewrite-replacement">\1</param>
   </service>
-  <service mode="buildtime" name="tar" />
-  <service mode="buildtime" name="recompress">
-    <param name="file">*.tar</param>
-    <param name="compression">gz</param>
+  <service mode="buildtime" name="tar">
+    <param name="obsinfo">baremetal-operator.obsinfo</param>
   </service>
    <service name="go_modules">
   </service>
@@ -23,7 +21,7 @@
     <param name="file">baremetal-operator.spec</param>
     <param name="var">SOURCE_COMMIT</param>
     <param name="eval">
-      SOURCE_COMMIT=$(grep commit *.obsinfo | cut -d" " -f2)
+      SOURCE_COMMIT=$(grep commit baremetal-operator.obsinfo | cut -d" " -f2)
     </param>
     <param name="verbose">1</param>
   </service>

baremetal-operator/baremetal-operator.spec

@@ -17,14 +17,14 @@
 
 
 Name:           baremetal-operator
-Version:        0.6.1
-Release:        0.6.1
+Version:        0.8.0
+Release:        0.8.0
 Summary:        Implements a Kubernetes API for managing bare metal hosts
 License:        Apache-2.0
 URL:            https://github.com/metal3-io/baremetal-operator
-Source:         baremetal-operator-%{version}.tar.gz
+Source:         baremetal-operator-%{version}.tar
 Source1:        vendor.tar.gz
-BuildRequires:  golang(API) = 1.21
+BuildRequires:  golang(API) = 1.22
 ExcludeArch:    s390
 ExcludeArch:    %{ix86}
 

cdi-chart/Chart.yaml

@@ -1,9 +1,9 @@
-#!BuildTag: %%IMG_PREFIX%%cdi-chart:0.4.0
-#!BuildTag: %%IMG_PREFIX%%cdi-chart:0.4.0-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%cdi-chart:%%CHART_MAJOR%%.0.0_up0.4.0
+#!BuildTag: %%IMG_PREFIX%%cdi-chart:%%CHART_MAJOR%%.0.0_up0.4.0-%RELEASE%
 apiVersion: v2
 appVersion: 1.60.1
 description: A Helm chart for Containerized Data Importer (CDI)
 icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/kubevirt/icon/color/kubevirt-icon-color.svg
 name: cdi
 type: application
-version: 0.4.0
+version: "%%CHART_MAJOR%%.0.0+up0.4.0"

cdi-chart/_service

@@ -2,7 +2,9 @@
   <service mode="buildtime" name="kiwi_metainfo_helper"/>
   <service name="replace_using_env" mode="buildtime">
     <param name="file">Chart.yaml</param>
-    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %img_prefix)</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
     <param name="var">IMG_PREFIX</param>
+    <param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
+    <param name="var">CHART_MAJOR</param>
   </service>
 </services>

cluster-api-operator/_service

@@ -1,23 +0,0 @@
-<services>
- <service name="obs_scm">
-    <param name="url">https://github.com/kubernetes-sigs/cluster-api-operator</param>
-    <param name="scm">git</param>
-    <param name="revision">v0.12.0</param>
-    <param name="version">_auto_</param>
-    <param name="versionformat">@PARENT_TAG@</param>
-    <param name="changesgenerate">enable</param>
-    <param name="changesauthor">steven.hardy@suse.com</param>
-    <param name="match-tag">v*</param>
-    <param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
-    <param name="without-version">yes</param>
-    <param name="versionrewrite-replacement">\1</param>
-  </service>
-  <service mode="buildtime" name="tar" />
-  <service mode="buildtime" name="recompress">
-    <param name="file">*.tar</param>
-    <param name="compression">gz</param>
-  </service>
-  <service name="go_modules">
-  </service>
-  <service mode="buildtime" name="set_version" />
-</services>

cluster-api-operator/cluster-api-operator.spec

@@ -1,52 +0,0 @@
-#
-# spec file for package cluster-api-operator
-#
-# Copyright (c) 2023 SUSE LLC
-#
-# All modifications and additions to the file contributed by third parties
-# remain the property of their copyright owners, unless otherwise agreed
-# upon. The license for this file, and modifications and additions to the
-# file, is the same license as for the pristine package itself (unless the
-# license for the pristine package is not an Open Source License, in which
-# case the license is the MIT License). An "Open Source License" is a
-# license that conforms to the Open Source Definition (Version 1.9)
-# published by the Open Source Initiative.
-
-# Please submit bugfixes or comments via https://bugs.opensuse.org/
-#
-
-
-Name:           cluster-api-operator
-Version:        0.12.0
-Release:        0
-Summary:        Cluster API Core Controller
-License:        Apache-2.0
-URL:            https://github.com/kubernetes-sigs/cluster-api-operator
-Source:         cluster-api-operator-%{version}.tar.gz
-Source1:        vendor.tar.gz
-BuildRequires:  golang(API) = 1.21
-ExcludeArch:    s390
-ExcludeArch:    %{ix86}
-
-%description
-
-Cluster API operator
-
-%prep
-%autosetup -a1 -n cluster-api-operator-%{version}
-
-%build
-go build \
-   -mod=vendor \
-   -buildmode=pie \
-   -o cluster-api-operator cmd/main.go
-
-%install
-install -D -m0755 cluster-api-operator %{buildroot}%{_bindir}/cluster-api-operator-controller
-
-%files
-%license LICENSE
-%doc README.md
-%{_bindir}/cluster-api-operator-controller
-
-%changelog

cluster-api-provider-metal3-image/Dockerfile

@@ -1,36 +0,0 @@
-# SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-metal3:v%%cluster-api-provider-metal3_version%%
-#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-metal3:%%cluster-api-provider-metal3_version%%
-#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-metal3:%%cluster-api-provider-metal3_version%%-%RELEASE%
-#!BuildVersion: 15.6
-ARG SLE_VERSION
-FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
-
-FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
-COPY --from=micro / /installroot/
-RUN zypper --installroot /installroot --non-interactive install --no-recommends cluster-api-provider-metal3 shadow; zypper -n clean; rm -rf /var/log/*
-
-FROM micro AS final
-# Define labels according to https://en.opensuse.org/Building_derived_containers
-# labelprefix=com.suse.application.cluster-api-provider-metal3
-LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
-LABEL org.opencontainers.image.title="SLE cluster-api-provider-metal3 Container Image"
-LABEL org.opencontainers.image.description="cluster-api-provider-metal3 based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="%%cluster-api-provider-metal3_version%%"
-LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
-LABEL org.opencontainers.image.created="%BUILDTIME%"
-LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-provider-metal3:%%cluster-api-provider-metal3_version%%-%RELEASE%"
-LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="l3"
-LABEL com.suse.eula="SUSE Combined EULA February 2024"
-LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
-LABEL com.suse.image-type="application"
-LABEL com.suse.release-stage="released"
-# endlabelprefix
-
-COPY --from=base /installroot /
-RUN mv /usr/bin/cluster-api-provider-metal3 /manager
-# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
-USER 65532
-ENTRYPOINT [ "/manager" ]

cluster-api-provider-metal3-image/_service

@@ -1,17 +0,0 @@
-<services>
-  <service mode="buildtime" name="kiwi_metainfo_helper"/>
-  <service mode="buildtime" name="docker_label_helper"/>
-  <service name="replace_using_package_version" mode="buildtime">
-    <param name="file">Dockerfile</param>
-    <param name="regex">%%cluster-api-provider-metal3_version%%</param>
-    <param name="package">cluster-api-provider-metal3</param>
-    <param name="parse-version">patch</param>
-  </service>
-  <service name="replace_using_env" mode="buildtime">
-    <param name="file">Dockerfile</param>
-    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %img_prefix)</param>
-    <param name="var">IMG_PREFIX</param>
-    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
-    <param name="var">IMG_REPO</param>
-  </service>
-</services>

cluster-api-provider-metal3/_service

@@ -1,23 +0,0 @@
-<services>
- <service name="obs_scm">
-    <param name="url">https://github.com/metal3-io/cluster-api-provider-metal3</param>
-    <param name="scm">git</param>
-    <param name="revision">v1.7.1</param>
-    <param name="version">_auto_</param>
-    <param name="versionformat">@PARENT_TAG@</param>
-    <param name="changesgenerate">enable</param>
-    <param name="changesauthor">steven.hardy@suse.com</param>
-    <param name="match-tag">v*</param>
-    <param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
-    <param name="without-version">yes</param>
-    <param name="versionrewrite-replacement">\1</param>
-  </service>
-  <service mode="buildtime" name="tar" />
-  <service mode="buildtime" name="recompress">
-    <param name="file">*.tar</param>
-    <param name="compression">gz</param>
-  </service>
-   <service name="go_modules">
-  </service>
-  <service mode="buildtime" name="set_version" />
-</services>

cluster-api-provider-metal3/cluster-api-provider-metal3.spec

@@ -1,54 +0,0 @@
-#
-# spec file for package cluster-api-provider-metal3
-#
-# Copyright (c) 2023 SUSE LLC
-#
-# All modifications and additions to the file contributed by third parties
-# remain the property of their copyright owners, unless otherwise agreed
-# upon. The license for this file, and modifications and additions to the
-# file, is the same license as for the pristine package itself (unless the
-# license for the pristine package is not an Open Source License, in which
-# case the license is the MIT License). An "Open Source License" is a
-# license that conforms to the Open Source Definition (Version 1.9)
-# published by the Open Source Initiative.
-
-# Please submit bugfixes or comments via https://bugs.opensuse.org/
-#
-
-
-Name:           cluster-api-provider-metal3
-Version:        1.7.1
-Release:        0
-Summary:        Cluster API Infrastructure Provider for Metal3
-License:        Apache-2.0
-URL:            https://github.com/metal3-io/cluster-api-provider-metal3
-Source:         cluster-api-provider-metal3-%{version}.tar.gz
-Source1:        vendor.tar.gz
-BuildRequires:  golang(API) = 1.21
-ExcludeArch:    s390
-ExcludeArch:    %{ix86}
-
-%description
-
-Cluster API Provider Metal3 is one of the providers for Cluster API and enables
-users to deploy a Cluster API based cluster on top of bare metal infrastructure
-using Metal3.
-
-%prep
-%autosetup -a1 -n cluster-api-provider-metal3-%{version}
-
-%build
-go build \
-   -mod=vendor \
-   -buildmode=pie \
-   -a -ldflags '-extldflags "-static"'
-
-%install
-install -D -m0755 cluster-api-provider-metal3 %{buildroot}%{_bindir}/cluster-api-provider-metal3
-
-%files
-%license LICENSE
-%doc README.md
-%{_bindir}/cluster-api-provider-metal3
-
-%changelog

cluster-api-provider-rke2-bootstrap-image/Dockerfile

@@ -1,36 +0,0 @@
-# SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-rke2-bootstrap:v%%cluster-api-provider-rke2_version%%
-#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-rke2-bootstrap:%%cluster-api-provider-rke2_version%%
-#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-rke2-bootstrap:%%cluster-api-provider-rke2_version%%-%RELEASE%
-#!BuildVersion: 15.6
-ARG SLE_VERSION
-FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
-
-FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
-COPY --from=micro / /installroot/
-RUN zypper --installroot /installroot --non-interactive install --no-recommends cluster-api-provider-rke2-bootstrap shadow; zypper -n clean; rm -rf /var/log/*
-
-FROM micro AS final
-# Define labels according to https://en.opensuse.org/Building_derived_containers
-# labelprefix=com.suse.application.cluster-api-provider-rke2
-LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
-LABEL org.opencontainers.image.title="SLE cluster-api-provider-rke2 Container Image"
-LABEL org.opencontainers.image.description="cluster-api-provider-rke2 based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="%%cluster-api-provider-rke2_version%%"
-LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
-LABEL org.opencontainers.image.created="%BUILDTIME%"
-LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-provider-rke2-bootstrap:%%cluster-api-provider-rke2_version%%-%RELEASE%"
-LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="l3"
-LABEL com.suse.eula="SUSE Combined EULA February 2024"
-LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
-LABEL com.suse.image-type="application"
-LABEL com.suse.release-stage="released"
-# endlabelprefix
-
-COPY --from=base /installroot /
-RUN mv /usr/bin/rke2-bootstrap-manager /manager
-# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
-USER 65532
-ENTRYPOINT [ "/manager" ]

cluster-api-provider-rke2-controlplane-image/Dockerfile

@@ -1,36 +0,0 @@
-# SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-rke2-controlplane:v%%cluster-api-provider-rke2_version%%
-#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-rke2-controlplane:%%cluster-api-provider-rke2_version%%
-#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-rke2-controlplane:%%cluster-api-provider-rke2_version%%-%RELEASE%
-#!BuildVersion: 15.6
-ARG SLE_VERSION
-FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
-
-FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
-COPY --from=micro / /installroot/
-RUN zypper --installroot /installroot --non-interactive install --no-recommends cluster-api-provider-rke2-control-plane shadow; zypper -n clean; rm -rf /var/log/*
-
-FROM micro AS final
-# Define labels according to https://en.opensuse.org/Building_derived_containers
-# labelprefix=com.suse.application.cluster-api-provider-rke2
-LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
-LABEL org.opencontainers.image.title="SLE cluster-api-provider-rke2 Container Image"
-LABEL org.opencontainers.image.description="cluster-api-provider-rke2 based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="%%cluster-api-provider-rke2_version%%"
-LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
-LABEL org.opencontainers.image.created="%BUILDTIME%"
-LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-provider-rke2-controlplane:%%cluster-api-provider-rke2_version%%-%RELEASE%"
-LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="l3"
-LABEL com.suse.eula="SUSE Combined EULA February 2024"
-LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
-LABEL com.suse.image-type="application"
-LABEL com.suse.release-stage="released"
-# endlabelprefix
-
-COPY --from=base /installroot /
-RUN mv /usr/bin/rke2-control-plane-manager /manager
-# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
-USER 65532
-ENTRYPOINT [ "/manager" ]

cluster-api-provider-rke2-controlplane-image/_service

@@ -1,17 +0,0 @@
-<services>
-  <service mode="buildtime" name="kiwi_metainfo_helper"/>
-  <service mode="buildtime" name="docker_label_helper"/>
-  <service name="replace_using_package_version" mode="buildtime">
-    <param name="file">Dockerfile</param>
-    <param name="regex">%%cluster-api-provider-rke2_version%%</param>
-    <param name="package">cluster-api-provider-rke2-control-plane</param>
-    <param name="parse-version">patch</param>
-  </service>
-  <service name="replace_using_env" mode="buildtime">
-    <param name="file">Dockerfile</param>
-    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %img_prefix)</param>
-    <param name="var">IMG_PREFIX</param>
-    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
-    <param name="var">IMG_REPO</param>
-  </service>
-</services>

cluster-api-provider-rke2/_service

@@ -1,23 +0,0 @@
-<services>
- <service name="obs_scm">
-    <param name="url">https://github.com/rancher-sandbox/cluster-api-provider-rke2</param>
-    <param name="scm">git</param>
-    <param name="revision">v0.7.0</param>
-    <param name="version">_auto_</param>
-    <param name="versionformat">@PARENT_TAG@</param>
-    <param name="changesgenerate">enable</param>
-    <param name="changesauthor">steven.hardy@suse.com</param>
-    <param name="match-tag">v*</param>
-    <param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
-    <param name="without-version">yes</param>
-    <param name="versionrewrite-replacement">\1</param>
-  </service>
-  <service mode="buildtime" name="tar" />
-  <service mode="buildtime" name="recompress">
-    <param name="file">*.tar</param>
-    <param name="compression">gz</param>
-  </service>
-   <service name="go_modules">
-  </service>
-  <service mode="buildtime" name="set_version" />
-</services>

cluster-api-provider-rke2/cluster-api-provider-rke2.spec

@@ -1,61 +0,0 @@
-#
-# spec file for package cluster-api-provider-rke2
-#
-# Copyright (c) 2023 SUSE LLC
-#
-# All modifications and additions to the file contributed by third parties
-# remain the property of their copyright owners, unless otherwise agreed
-# upon. The license for this file, and modifications and additions to the
-# file, is the same license as for the pristine package itself (unless the
-# license for the pristine package is not an Open Source License, in which
-# case the license is the MIT License). An "Open Source License" is a
-# license that conforms to the Open Source Definition (Version 1.9)
-# published by the Open Source Initiative.
-
-# Please submit bugfixes or comments via https://bugs.opensuse.org/
-#
-
-
-Name:           cluster-api-provider-rke2
-Version:        0.7.0
-Release:        0
-Summary:        Cluster API provider for RKE2
-License:        Apache-2.0
-URL:            https://github.com/rancher-sandbox/cluster-api-provider-rke2
-Source:         cluster-api-provider-rke2-%{version}.tar.gz
-Source1:        vendor.tar.gz
-BuildRequires:  golang(API) = 1.21
-ExcludeArch:    s390
-ExcludeArch:    %{ix86}
-
-%description
-
-Cluster API provider for RKE2
-
-%package bootstrap
-Summary: Cluster API bootstrap controller for RKE2
-%description bootstrap
-Cluster API bootstrap controller for RKE2
-
-%package control-plane
-Summary: Cluster API control-plane controller for RKE2
-%description control-plane
-Cluster API control-plane controller for RKE2
-
-%prep
-%autosetup -a1 -n cluster-api-provider-rke2-%{version}
-
-%build
-make managers
-
-%install
-install -D -m0755 bin/rke2-bootstrap-manager %{buildroot}%{_bindir}/rke2-bootstrap-manager
-install -D -m0755 bin/rke2-control-plane-manager %{buildroot}%{_bindir}/rke2-control-plane-manager
-
-%files bootstrap
-%{_bindir}/rke2-bootstrap-manager
-
-%files control-plane
-%{_bindir}/rke2-control-plane-manager
-
-%changelog

cluster-api/_service

@@ -1,23 +0,0 @@
-<services>
- <service name="obs_scm">
-    <param name="url">https://github.com/kubernetes-sigs/cluster-api</param>
-    <param name="scm">git</param>
-    <param name="revision">v1.7.5</param>
-    <param name="version">_auto_</param>
-    <param name="versionformat">@PARENT_TAG@</param>
-    <param name="changesgenerate">enable</param>
-    <param name="changesauthor">steven.hardy@suse.com</param>
-    <param name="match-tag">v*</param>
-    <param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
-    <param name="without-version">yes</param>
-    <param name="versionrewrite-replacement">\1</param>
-  </service>
-  <service mode="buildtime" name="tar" />
-  <service mode="buildtime" name="recompress">
-    <param name="file">*.tar</param>
-    <param name="compression">gz</param>
-  </service>
-  <service name="go_modules">
-  </service>
-  <service mode="buildtime" name="set_version" />
-</services>

cluster-api/cluster-api.spec

@@ -1,51 +0,0 @@
-#
-# spec file for package cluster-api
-#
-# Copyright (c) 2023 SUSE LLC
-#
-# All modifications and additions to the file contributed by third parties
-# remain the property of their copyright owners, unless otherwise agreed
-# upon. The license for this file, and modifications and additions to the
-# file, is the same license as for the pristine package itself (unless the
-# license for the pristine package is not an Open Source License, in which
-# case the license is the MIT License). An "Open Source License" is a
-# license that conforms to the Open Source Definition (Version 1.9)
-# published by the Open Source Initiative.
-
-# Please submit bugfixes or comments via https://bugs.opensuse.org/
-#
-
-
-Name:           cluster-api
-Version:        1.7.5
-Release:        0
-Summary:        Cluster API Core Controller
-License:        Apache-2.0
-URL:            https://github.com/kubernetes-sigs/cluster-api
-Source:         cluster-api-%{version}.tar.gz
-Source1:        vendor.tar.gz
-BuildRequires:  golang(API) = 1.21
-ExcludeArch:    s390
-ExcludeArch:    %{ix86}
-
-%description
-
-Cluster API core controller
-
-%prep
-%autosetup -a1 -n cluster-api-%{version}
-
-%build
-go build \
-   -mod=vendor \
-   -buildmode=pie \
-
-%install
-install -D -m0755 cluster-api %{buildroot}%{_bindir}/cluster-api-controller
-
-%files
-%license LICENSE
-%doc README.md
-%{_bindir}/cluster-api-controller
-
-%changelog

cosign/_service

@@ -8,10 +8,8 @@
     <param name="versionrewrite-pattern">v(.*)</param>
     <param name="changesgenerate">enable</param>
   </service>
-  <service mode="buildtime" name="tar" />
-  <service mode="buildtime" name="recompress">
-    <param name="file">*.tar</param>
-    <param name="compression">gz</param>
+  <service mode="buildtime" name="tar">
+    <param name="obsinfo">cosign.obsinfo</param>
   </service>
   <service mode="buildtime" name="set_version" />
   <service name="go_modules">

cosign/cosign.spec

@@ -24,7 +24,7 @@ Release:        0
 Summary:        Container Signing, Verification and Storage in an OCI registry
 License:        Apache-2.0
 URL:            https://github.com/rancher-government-carbide/cosign
-Source:         cosign-%{version}.tar.gz
+Source:         cosign-%{version}.tar
 Source1:        vendor.tar.gz         
 BuildRequires:  golang-packaging
 

crudini

@@ -0,0 +1 @@
+Subproject commit c24bedd13bbd6ec8ac6edfc9b7495c94667e77af6dfbc681255650a392f4024c

edge-image-builder-image/Dockerfile

@@ -21,7 +21,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
 LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:1.1.0-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="l3"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
 LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
 LABEL com.suse.image-type="application"

edge-image-builder-image/_service

@@ -2,13 +2,19 @@
   <service mode="buildtime" name="kiwi_metainfo_helper"/>
   <service name="replace_using_env" mode="buildtime">
     <param name="file">Dockerfile</param>
-    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %img_prefix)</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
     <param name="var">IMG_PREFIX</param>
     <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
     <param name="var">IMG_REPO</param>
     <param name="file">artifacts.yaml</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
+    <param name="var">IMG_PREFIX</param>
     <param name="eval">CHART_REPO=$(rpm --macros=/root/.rpmmacros -E %chart_repo)</param>
     <param name="var">CHART_REPO</param>
+    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
+    <param name="var">SUPPORT_LEVEL</param>
+    <param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
+    <param name="var">CHART_MAJOR</param>
   </service>
 </services>
 

edge-image-builder-image/artifacts.yaml

@@ -1,11 +1,11 @@
 metallb:
   chart: metallb-chart
-  repository: %%CHART_REPO%%/3.1
-  version: 0.14.9
+  repository: "%%CHART_REPO%%/%%IMG_PREFIX%%"
+  version: "%%CHART_MAJOR%%.0.0+up0.14.9"
 endpoint-copier-operator:
   chart: endpoint-copier-operator-chart
-  repository: %%CHART_REPO%%/3.1
-  version: 0.2.1
+  repository: "%%CHART_REPO%%/%%IMG_PREFIX%%"
+  version: "%%CHART_MAJOR%%.0.0+up0.2.1"
 kubernetes:
   k3s:
     selinuxPackage: k3s-selinux-1.6-1.slemicro.noarch
@@ -13,4 +13,3 @@ kubernetes:
   rke2:
     selinuxPackage: rke2-selinux
     selinuxRepository: https://rpm.rancher.io/rke2/stable/common/slemicro/noarch
-

edge-image-builder/_service

@@ -9,10 +9,8 @@
     <param name="versionrewrite-replacement">\1.\2.\3</param>
     <param name="changesgenerate">enable</param>
   </service>
-  <service mode="buildtime" name="tar" />
-  <service mode="buildtime" name="recompress">
-    <param name="file">*.tar</param>
-    <param name="compression">gz</param>
+  <service mode="buildtime" name="tar">
+    <param name="obsinfo">edge-image-builder.obsinfo</param>
   </service>
   <service mode="buildtime" name="set_version" />
   <service name="go_modules">

edge-image-builder/edge-image-builder.spec

@@ -22,7 +22,7 @@ Release:        0
 Summary:        Edge Image Builder
 License:        Apache-2.0
 URL:            https://github.com/suse-edge/edge-image-builder
-Source:         edge-image-builder-%{version}.tar.gz
+Source:         edge-image-builder-%{version}.tar
 Source1:        vendor.tar.gz
 BuildRequires:  golang(API) go1.22
 BuildRequires:  golang-packaging

endpoint-copier-operator-chart/Chart.yaml

@@ -1,8 +1,8 @@
-#!BuildTag: %%IMG_PREFIX%%endpoint-copier-operator-chart:0.2.1
-#!BuildTag: %%IMG_PREFIX%%endpoint-copier-operator-chart:0.2.1-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%endpoint-copier-operator-chart:%%CHART_MAJOR%%.0.0_up0.2.1
+#!BuildTag: %%IMG_PREFIX%%endpoint-copier-operator-chart:%%CHART_MAJOR%%.0.0_up0.2.1-%RELEASE%
 apiVersion: v2
 appVersion: v0.2.0
 description: A Helm chart for Kubernetes
 name: endpoint-copier-operator
 type: application
-version: 0.2.1
+version: "%%CHART_MAJOR%%.0.0+up0.2.1"

endpoint-copier-operator-chart/_service

@@ -2,14 +2,16 @@
   <service mode="buildtime" name="kiwi_metainfo_helper"/>
   <service name="replace_using_env" mode="buildtime">
     <param name="file">values.yaml</param>
-    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %img_prefix)</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
     <param name="var">IMG_PREFIX</param>
     <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
     <param name="var">IMG_REPO</param>
   </service>
   <service name="replace_using_env" mode="buildtime">
     <param name="file">Chart.yaml</param>
-    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %img_prefix)</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
     <param name="var">IMG_PREFIX</param>
+    <param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
+    <param name="var">CHART_MAJOR</param>
   </service>
 </services>

endpoint-copier-operator-image/Dockerfile

@@ -21,7 +21,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
 LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%endpoint-copier-operator:%%endpoint-copier-operator_version%%-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="l3"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
 LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
 LABEL com.suse.image-type="application"

endpoint-copier-operator-image/_service

@@ -9,9 +9,11 @@
   </service>
   <service name="replace_using_env" mode="buildtime">
     <param name="file">Dockerfile</param>
-    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %img_prefix)</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
     <param name="var">IMG_PREFIX</param>
     <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
     <param name="var">IMG_REPO</param>
+    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
+    <param name="var">SUPPORT_LEVEL</param>
   </service>
 </services>

endpoint-copier-operator/_service

@@ -12,10 +12,8 @@
     <param name="without-version">yes</param>
     <param name="versionrewrite-replacement">\1</param>
   </service>
-  <service mode="buildtime" name="tar" />
-  <service mode="buildtime" name="recompress">
-    <param name="file">*.tar</param>
-    <param name="compression">gz</param>
+  <service mode="buildtime" name="tar">
+    <param name="obsinfo">endpoint-copier-operator.obsinfo</param>
   </service>
   <service name="go_modules">
   </service>

endpoint-copier-operator/endpoint-copier-operator.spec

@@ -22,7 +22,7 @@ Release:        0.2.0
 Summary:        Implements a Kubernetes API for copying endpoint resources
 License:        Apache-2.0
 URL:            https://github.com/suse-edge/endpoint-copier-operator
-Source:         endpoint-copier-operator-%{version}.tar.gz
+Source:         endpoint-copier-operator-%{version}.tar
 Source1:        vendor.tar.gz
 BuildRequires:  golang(API) = 1.20
 ExcludeArch:    s390

fakeroot

@@ -0,0 +1 @@
+Subproject commit a93afedfbd09dc0396c3f9edf415f3ad22cd24c7f0ff9ff72407d10c748ce0a5

frr-image/Dockerfile

@@ -0,0 +1,58 @@
+# SPDX-License-Identifier: MIT
+#!BuildTag: %%IMG_PREFIX%%frr:8.4
+#!BuildTag: %%IMG_PREFIX%%frr:8.4-%RELEASE%
+#!BuildVersion: 15.5
+ARG SLE_VERSION
+FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
+
+FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
+COPY --from=micro / /installroot/
+RUN zypper --installroot /installroot --non-interactive install --no-recommends tcpdump libpcap-devel iproute2 iputils strace socat frr python3 catatonit sed util-linux; zypper -n clean; rm -rf /var/log/*
+
+FROM micro AS final
+# Define labels according to https://en.opensuse.org/Building_derived_containers
+# labelprefix=com.suse.application.frr
+LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
+LABEL org.opencontainers.image.title="FRR Container Image"
+LABEL org.opencontainers.image.description="frr based on the SLE Base Container Image."
+LABEL org.opencontainers.image.version="8.4"
+LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
+LABEL org.opencontainers.image.created="%BUILDTIME%"
+LABEL org.opencontainers.image.vendor="SUSE LLC"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%frr:8.4-%RELEASE%"
+LABEL org.openbuildservice.disturl="%DISTURL%"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
+LABEL com.suse.eula="SUSE Combined EULA February 2024"
+LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
+LABEL com.suse.image-type="application"
+LABEL com.suse.release-stage="released"
+# endlabelprefix
+
+COPY --from=base /installroot /
+
+#Install frr
+USER root
+
+ENV PYTHONDONTWRITEBYTECODE yes
+
+# frr.sh is the entry point. This script examines environment
+# variables to direct operation and configure ovn
+ADD frr.sh /root/
+ADD daemons /etc/frr
+ADD frr.conf /etc/frr
+ADD vtysh.conf /etc/frr
+
+RUN chown frr:frr /etc/frr/daemons /etc/frr/frr.conf
+
+RUN ln -s /usr/bin/catatonit /sbin/tini
+RUN usermod -a -G frrvty frr
+
+COPY docker-start /usr/libexec/frr/docker-start
+RUN cp -r /usr/libexec/frr /usr/lib/ # required because of the different path on rhel
+
+WORKDIR /root
+ENTRYPOINT ["/sbin/tini", "--"]
+
+COPY docker-start /usr/lib/frr/docker-start
+RUN chmod +x /usr/lib/frr/docker-start
+CMD ["/usr/lib/frr/docker-start"]

frr-image/_service

@@ -1,17 +1,13 @@
 <services>
   <service mode="buildtime" name="kiwi_metainfo_helper"/>
   <service mode="buildtime" name="docker_label_helper"/>
-  <service name="replace_using_package_version" mode="buildtime">
-    <param name="file">Dockerfile</param>
-    <param name="regex">%%cluster-api_version%%</param>
-    <param name="package">cluster-api</param>
-    <param name="parse-version">patch</param>
-  </service>
   <service name="replace_using_env" mode="buildtime">
     <param name="file">Dockerfile</param>
-    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %img_prefix)</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
     <param name="var">IMG_PREFIX</param>
     <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
     <param name="var">IMG_REPO</param>
+    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
+    <param name="var">SUPPORT_LEVEL</param>
   </service>
 </services>

frr-image/daemons

@@ -0,0 +1,82 @@
+# This file tells the frr package which daemons to start.
+#
+# Entries are in the format: <daemon>=(yes|no|priority)
+#   0, "no"  = disabled
+#   1, "yes" = highest priority
+#   2 .. 10  = lower priorities
+#
+# For daemons which support multiple instances, a 2nd line listing
+# the instances can be added. Eg for ospfd:
+#   ospfd=yes
+#   ospfd_instances="1,2"
+#
+# Priorities were suggested by Dancer <dancer@zeor.simegen.com>.
+# They're used to start the FRR daemons in more than one step
+# (for example start one or two at network initialization and the
+# rest later). The number of FRR daemons being small, priorities
+# must be between 1 and 9, inclusive (or the initscript has to be
+# changed). /etc/init.d/frr then can be started as
+#
+#   /etc/init.d/frr <start|stop|restart|<priority>>
+#
+# where priority 0 is the same as 'stop', priority 10 or 'start'
+# means 'start all'
+#
+# Sample configurations for these daemons can be found in
+# /usr/share/doc/frr/examples/.
+#
+# ATTENTION:
+#
+# When activation a daemon at the first time, a config file, even if it is
+# empty, has to be present *and* be owned by the user and group "frr", else
+# the daemon will not be started by /etc/init.d/frr. The permissions should
+# be u=rw,g=r,o=.
+# When using "vtysh" such a config file is also needed. It should be owned by
+# group "frrvty" and set to ug=rw,o= though. Check /etc/pam.d/frr, too.
+#
+watchfrr_enable=yes
+watchfrr_options="-r '/usr/lib/frr/frr restart %s' -s '/usr/lib/frr/frr start %s' -k '/usr/lib/frr/frr stop %s'"
+#
+zebra=yes
+bgpd=yes
+ospfd=no
+ospf6d=no
+ripd=no
+ripngd=no
+isisd=no
+pimd=no
+nhrpd=no
+eigrpd=no
+sharpd=no
+pbrd=no
+staticd=yes
+bfdd=yes
+fabricd=no
+
+#
+# Command line options for the daemons
+#
+zebra_options=("-A 127.0.0.1")
+bgpd_options=("-A 127.0.0.1")
+ospfd_options=("-A 127.0.0.1")
+ospf6d_options=("-A ::1")
+ripd_options=("-A 127.0.0.1")
+ripngd_options=("-A ::1")
+isisd_options=("-A 127.0.0.1")
+pimd_options=("-A 127.0.0.1")
+nhrpd_options=("-A 127.0.0.1")
+eigrpd_options=("-A 127.0.0.1")
+sharpd_options=("-A 127.0.0.1")
+pbrd_options=("-A 127.0.0.1")
+staticd_options=("-A 127.0.0.1")
+bfdd_options=("-A 127.0.0.1")
+fabricd_options=("-A 127.0.0.1")
+
+#
+# If the vtysh_enable is yes, then the unified config is read
+# and applied if it exists.  If no unified frr.conf exists
+# then the per-daemon <daemon>.conf files are used)
+# If vtysh_enable is no or non-existant, the frr.conf is ignored.
+# it is highly suggested to have this set to yes
+vtysh_enable=yes
+

frr-image/docker-start

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+source /usr/lib/frr/frrcommon.sh
+/usr/lib/frr/watchfrr $(daemon_list)

frr-image/frr.conf

@@ -0,0 +1,53 @@
+frr defaults traditional
+log file /var/log/frr/frr.log
+log syslog informational
+log stdout debugging
+ipv6 forwarding
+service integrated-vtysh-config
+!
+debug bgp updates in
+debug bgp updates out
+debug bgp zebra
+!
+interface eth0
+ no ipv6 nd suppress-ra
+ ipv6 nd ra-interval 10
+!
+router bgp OCPASN
+ bgp router-id OCPROUTERID
+ bgp bestpath as-path multipath-relax
+ bgp bestpath compare-routerid
+!
+ neighbor OCPnodes peer-group
+ neighbor OCPnodes description Internal OCP Nodes
+ neighbor OCPnodes remote-as OCPASN
+ neighbor OCPnodes bfd
+ neighbor OCPnodes capability extended-nexthop 
+ !neighbor eth0 interface peer-group OCPnodes
+ !neighbor OCPPEER remote-as OCPASN peer-group OCPnodes
+ neighbor OCPPEER peer-group OCPnodes
+ !
+ address-family ipv4 unicast
+  redistribute connected
+  neighbor OCPnodes activate
+ exit-address-family
+ !
+ address-family ipv6 unicast
+  redistribute connected
+  neighbor OCPnodes activate
+  neighbor OCPnodes nexthop-local unchanged
+ exit-address-family
+ !
+!
+bfd
+ peer OCPPEER vrf default interface eth0
+   receive-interval 2000
+   transmit-interval 2000
+   echo-mode
+   echo-interval 3000
+   no shutdown
+ exit
+!
+line vty
+!
+

frr-image/frr.sh

@@ -0,0 +1,124 @@
+#!/bin/bash
+#set -euo pipefail
+
+# Enable verbose shell output if FRR_SH_VERBOSE is set to 'true'
+if [[ "${FRR_SH_VERBOSE:-}" == "true" ]]; then
+  set -x
+fi
+
+# The argument to the command is the operation to be performed
+# frr-node display display_env 
+# a cmd must be provided, there is no default
+cmd=${1:-""}
+
+# The frr user id, by default it is going to be frr:frr
+frr_user_id=${FRR_USER_ID:-""}
+
+# frr options
+frr_options=${FRR_OPTIONS:-""}
+
+# This script is the entrypoint to the image.
+# frr.sh version (update when API between daemonset and script changes - v.x.y)
+frr_version="3"
+
+# The daemonset version must be compatible with this script.
+# The default when FRR_DAEMONSET_VERSION is not set is version 3
+frr_daemonset_version=${FRR_DAEMONSET_VERSION:-"3"}
+
+# hostname is the host's hostname when using host networking,
+# This is useful on the master
+# otherwise it is the container ID (useful for debugging).
+frr_pod_host=${K8S_NODE:-$(hostname)}
+
+# The ovs user id, by default it is going to be root:root
+frr_user_id=${FRR_USER_ID:-""}
+
+# frr options
+frr_options=${FRR_OPTIONS:-""}
+
+# frr.conf variables
+ocp_asn=${OCPASN:-65000}
+ocp_routerid=${OCPROUTERID:-"10.10.10.1"}
+ocp_peer=${OCPPEER:-"10.10.10.1"}
+
+FRR_ETCDIR=/etc/frr
+FRR_RUNDIR=/var/run/frr
+FRR_LOGDIR=/var/log/frr
+
+# =========================================
+
+setup_frr_permissions() {
+    chown -R ${frr_user_id} ${FRR_RUNDIR}
+    chown -R ${frr_user_id} ${FRR_LOGDIR}
+    chown -R ${frr_user_id} ${FRR_ETCDIR}
+}
+
+# =========================================
+
+display_version() {
+  echo " =================== hostname: ${frr_pod_host}"
+  echo " =================== daemonset version ${frr_daemonset_version}"
+  if [[ -f /root/git_info ]]; then
+    disp_ver=$(cat /root/git_info)
+    return
+  fi
+}
+
+display_env() {
+  echo FRR_USER_ID ${frr_user_id}
+  echo FRR_OPTIONS ${frr_options}
+  echo frr.sh version ${frr_version}
+  echo ocp_asn ${ocp_asn}
+  echo ocp_routerid ${ocp_routerid}
+  echo ocp_peer ${ocp_peer}
+}
+
+# frr-node - all nodes
+frr-node() {
+  trap 'kill $(jobs -p) ; exit 0' TERM
+  rm -f ${FRR_RUNDIR}/frr.pid
+  echo "=============== frr-node ========== update frr.conf"
+  sed -i "s/OCPASN/$ocp_asn/" /etc/frr/frr.conf
+  sed -i "s/OCPPEER/$ocp_peer/" /etc/frr/frr.conf
+  sed -i "s/OCPROUTERID/$ocp_routerid/" /etc/frr/frr.conf
+
+  #chown -R frr:frr /etc/frr
+  chown -R frr:frr ${FRR_RUNDIR}
+  echo "=============== frr-node ========== starting"
+  # /usr/lib/frr/frrinit.sh start
+  # bash -x /usr/lib/frr/frrinit.sh start
+  bash -x 
+  /usr/lib/frr/frrinit.sh start
+  frrResult=$?
+  echo "=============== frrinit result is ${frrResult} " 
+ 
+  # Sleep forever
+  exec tail -f /dev/null
+}
+
+echo "================== frr.sh --- version: ${frr_version} ================"
+
+display_version
+
+display_env
+
+case ${cmd} in
+"frr-node") 
+  frr-node
+  ;;
+"display_env")
+  display_env
+  exit 0
+  ;;
+"display")
+  display
+  exit 0
+  ;;
+*)
+  echo "invalid command ${cmd}"
+  echo "valid v3 commands: frr-node display_env display " 
+  exit 0
+  ;;
+esac
+
+exit 0

frr-k8s-image/Dockerfile

@@ -1,36 +1,33 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%cluster-api-controller:v%%cluster-api_version%%
-#!BuildTag: %%IMG_PREFIX%%cluster-api-controller:%%cluster-api_version%%
-#!BuildTag: %%IMG_PREFIX%%cluster-api-controller:%%cluster-api_version%%-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%frr-k8s:v%%frr-k8s_version%%
+#!BuildTag: %%IMG_PREFIX%%frr-k8s:v%%frr-k8s_version%%-%RELEASE%
 #!BuildVersion: 15.6
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 
 FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
 COPY --from=micro / /installroot/
-RUN zypper --installroot /installroot --non-interactive install --no-recommends cluster-api shadow; zypper -n clean; rm -rf /var/log/*
+RUN zypper --installroot /installroot --non-interactive install --no-recommends frr-k8s; zypper -n clean; rm -rf /var/log/*
 
 FROM micro AS final
 # Define labels according to https://en.opensuse.org/Building_derived_containers
-# labelprefix=com.suse.application.cluster-api
+# labelprefix=com.suse.application.endpoint-copier-operator
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
-LABEL org.opencontainers.image.title="SLE cluster-api Container Image"
-LABEL org.opencontainers.image.description="cluster-api based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="%%cluster-api_version%%"
+LABEL org.opencontainers.image.title="SLE frr-k8s Container Image"
+LABEL org.opencontainers.image.description="frr-k8s based on the SLE Base Container Image."
+LABEL org.opencontainers.image.version="%%frr-k8s_version%%"
 LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api:%%cluster-api_version%%-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%frr-k8s:v%%frr-k8s_version%%-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="l3"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
 LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
 LABEL com.suse.image-type="application"
 LABEL com.suse.release-stage="released"
 # endlabelprefix
 
+#Install frr-k8s
 COPY --from=base /installroot /
-RUN mv /usr/bin/cluster-api-controller /manager
-# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
-USER 65532
-ENTRYPOINT [ "/manager" ]
+ENTRYPOINT ["/frr-k8s"]

frr-k8s-image/_service

@@ -3,15 +3,17 @@
   <service mode="buildtime" name="docker_label_helper"/>
   <service name="replace_using_package_version" mode="buildtime">
     <param name="file">Dockerfile</param>
-    <param name="regex">%%cluster-api-operator_version%%</param>
-    <param name="package">cluster-api-operator</param>
+    <param name="regex">%%frr-k8s_version%%</param>
+    <param name="package">frr-k8s</param>
     <param name="parse-version">patch</param>
   </service>
   <service name="replace_using_env" mode="buildtime">
     <param name="file">Dockerfile</param>
-    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %img_prefix)</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
     <param name="var">IMG_PREFIX</param>
     <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
     <param name="var">IMG_REPO</param>
+    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
+    <param name="var">SUPPORT_LEVEL</param>
   </service>
 </services>

frr-k8s/_service

@@ -12,10 +12,8 @@
     <param name="without-version">yes</param>
     <param name="versionrewrite-replacement">\1</param>
   </service>
-  <service mode="buildtime" name="tar" />
-  <service mode="buildtime" name="recompress">
-    <param name="file">*.tar</param>
-    <param name="compression">gz</param>
+  <service mode="buildtime" name="tar">
+    <param name="obsinfo">frr-k8s.obsinfo</param>
   </service>
   <service name="go_modules">
   </service>

frr-k8s/frr-k8s.spec

@@ -22,7 +22,7 @@ Release:        0.0.14
 Summary:        A kubernetes based daemonset that exposes a subset of the FRR API in a kubernetes compliant manner.
 License:        Apache-2.0
 URL:            https://github.com/metallb/frr-k8s
-Source:         frr-k8s-%{version}.tar.gz
+Source:         frr-k8s-%{version}.tar
 Source1:        vendor.tar.gz
 BuildRequires:  golang(API) = 1.22
 ExcludeArch:    s390

hauler/_service

@@ -8,10 +8,8 @@
     <param name="versionrewrite-pattern">v(.*)</param>
     <param name="changesgenerate">enable</param>
   </service>
-  <service mode="buildtime" name="tar" />
-  <service mode="buildtime" name="recompress">
-    <param name="file">*.tar</param>
-    <param name="compression">gz</param>
+  <service mode="buildtime" name="tar">
+    <param name="obsinfo">hauler.obsinfo</param>
   </service>
   <service mode="buildtime" name="set_version" />
   <service name="go_modules">

hauler/hauler.spec

@@ -23,7 +23,7 @@ Release:        0
 Summary:        Airgap Swiss Army Knife
 License:        Apache-2.0
 URL:            https://github.com/hauler-dev/hauler
-Source:         hauler-%{version}.tar.gz
+Source:         hauler-%{version}.tar
 Source1:        vendor.tar.gz
 BuildRequires:  golang-packaging
 BuildRequires:  cosign

ip-address-manager-image/Dockerfile

@@ -1,36 +0,0 @@
-# SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%ip-address-manager:v%%ip-address-manager_version%%
-#!BuildTag: %%IMG_PREFIX%%ip-address-manager:%%ip-address-manager_version%%
-#!BuildTag: %%IMG_PREFIX%%ip-address-manager:%%ip-address-manager_version%%-%RELEASE%
-#!BuildVersion: 15.6
-ARG SLE_VERSION
-FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
-
-FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
-COPY --from=micro / /installroot/
-RUN zypper --installroot /installroot --non-interactive install --no-recommends ip-address-manager shadow; zypper -n clean; rm -rf /var/log/*
-
-FROM micro AS final
-# Define labels according to https://en.opensuse.org/Building_derived_containers
-# labelprefix=com.suse.application.ip-address-manager
-LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
-LABEL org.opencontainers.image.title="SLE ip-address-manager Container Image"
-LABEL org.opencontainers.image.description="ip-address-manager based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="%%ip-address-manager_version%%"
-LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
-LABEL org.opencontainers.image.created="%BUILDTIME%"
-LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ip-address-manager:%%ip-address-manager_version%%-%RELEASE%"
-LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="l3"
-LABEL com.suse.eula="SUSE Combined EULA February 2024"
-LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
-LABEL com.suse.image-type="application"
-LABEL com.suse.release-stage="released"
-# endlabelprefix
-
-COPY --from=base /installroot /
-RUN mv /usr/bin/ip-address-manager /manager
-# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
-USER 65532
-ENTRYPOINT [ "/manager" ]

ip-address-manager/_service

@@ -1,23 +0,0 @@
-<services>
- <service name="obs_scm">
-    <param name="url">https://github.com/metal3-io/ip-address-manager</param>
-    <param name="scm">git</param>
-    <param name="revision">v1.7.1</param>
-    <param name="version">_auto_</param>
-    <param name="versionformat">@PARENT_TAG@</param>
-    <param name="changesgenerate">enable</param>
-    <param name="changesauthor">steven.hardy@suse.com</param>
-    <param name="match-tag">v*</param>
-    <param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
-    <param name="without-version">yes</param>
-    <param name="versionrewrite-replacement">\1</param>
-  </service>
-  <service mode="buildtime" name="tar" />
-  <service mode="buildtime" name="recompress">
-    <param name="file">*.tar</param>
-    <param name="compression">gz</param>
-  </service>
-   <service name="go_modules">
-  </service>
-  <service mode="buildtime" name="set_version" />
-</services>

ip-address-manager/ip-address-manager.spec

@@ -1,51 +0,0 @@
-#
-# spec file for package ip-address-manager
-#
-# Copyright (c) 2023 SUSE LLC
-#
-# All modifications and additions to the file contributed by third parties
-# remain the property of their copyright owners, unless otherwise agreed
-# upon. The license for this file, and modifications and additions to the
-# file, is the same license as for the pristine package itself (unless the
-# license for the pristine package is not an Open Source License, in which
-# case the license is the MIT License). An "Open Source License" is a
-# license that conforms to the Open Source Definition (Version 1.9)
-# published by the Open Source Initiative.
-
-# Please submit bugfixes or comments via https://bugs.opensuse.org/
-#
-
-
-Name:           ip-address-manager
-Version:        1.7.1
-Release:        0
-Summary:        Metal3 IPAM controller
-License:        Apache-2.0
-URL:            https://github.com/metal3-io/ip-address-manager
-Source:         ip-address-manager-%{version}.tar.gz
-Source1:        vendor.tar.gz
-BuildRequires:  golang(API) = 1.21
-ExcludeArch:    s390
-ExcludeArch:    %{ix86}
-
-%description
-
-Metal3 IPAM controller
-
-%prep
-%autosetup -a1 -n ip-address-manager-%{version}
-
-%build
-go build \
-   -mod=vendor \
-   -buildmode=pie \
-
-%install
-install -D -m0755 ip-address-manager %{buildroot}%{_bindir}/ip-address-manager
-
-%files
-%license LICENSE
-%doc README.md
-%{_bindir}/ip-address-manager
-
-%changelog

ipcalc/ipcalc-disable-network-tests.patch

@@ -0,0 +1,50 @@
+Index: ipcalc-1.0.0/tests/meson.build
+===================================================================
+--- ipcalc-1.0.0.orig/tests/meson.build
++++ ipcalc-1.0.0/tests/meson.build
+@@ -64,14 +64,6 @@ test('RandomIPv6Explicit',
+ 		ipcalc.full_path() + ' -6 -r 24' + '|grep Address'
+ 	]
+ )
+-test('HostnameIPv6Localhost',
+-	testrunner,
+-	args : [
+-		'--test-outfile',
+-		ipcalc.full_path() + ' -6 -o localhost',
+-		files('hostname-localhost-ipv6')
+-	]
+-)
+ test('HostnameIPv4Localhost',
+ 	testrunner,
+ 	args : [
+@@ -88,30 +80,6 @@ test('HostnameIPv4LocalhostJson',
+ 		files('hostname-localhost-ipv4-json')
+ 	]
+ )
+-test('IPIPv6Localhost',
+-	testrunner,
+-	args : [
+-		'--test-outfile',
+-		ipcalc.full_path() + ' -h ::1',
+-		files('ip-localhost-ipv6')
+-	]
+-)
+-test('IPIPv4Localhost',
+-	testrunner,
+-	args : [
+-		'--test-outfile',
+-		ipcalc.full_path() + ' -h 127.0.0.1',
+-		files('ip-localhost-ipv4')
+-	]
+-)
+-test('IPIPv4LocalhostJson',
+-	testrunner,
+-	args : [
+-		'--test-outfile',
+-		ipcalc.full_path() + ' -j -h 127.0.0.1',
+-		files('ip-localhost-ipv4-json')
+-	]
+-)
+ # --class-prefix tests
+ test('AssignClassPrefix12',
+ 	testrunner,

ipcalc/ipcalc.changes

@@ -0,0 +1,64 @@
+-------------------------------------------------------------------
+Tue Jun 27 15:11:20 UTC 2023 - Dirk Müller <dmueller@suse.com>
+
+- update to 1.0.3:
+  * When --no-decorate is given the default output will
+  * include no colors
+  * Correctly split networks with /31
+
+-------------------------------------------------------------------
+Mon Jan  2 20:43:13 UTC 2023 - Dirk Müller <dmueller@suse.com>
+
+- update to 1.0.2:
+  * Fix ULA prefix generator to use only defined ULA range
+  * Corrected manpage generation
+
+-------------------------------------------------------------------
+Sat Oct 16 15:16:34 UTC 2021 - Dirk Müller <dmueller@suse.com>
+
+- update to 1.0.1:
+  - The application will now build even without ronn
+  - Improved JSON output on single host input
+
+-------------------------------------------------------------------
+Sat Apr  3 20:54:10 UTC 2021 - Atri Bhattacharya <badshah400@gmail.com>
+
+- Update to version 1.0.0:
+  * Manpage was converted to markdown.
+- Switch to using meson for building; BuildRequires: meson >=
+  0.49.
+- Addtional BuildRequires now needed: pkgconfig(libmaxminddb),
+  rubygem(ronn).
+- Add ipcalc-disable-network-tests.patch: Disable tests requiring
+  network.
+- Run tests as part of %check section.
+- New upstream URL and Source URL.
+- Drop patch patch-queue: no longer needed.
+
+-------------------------------------------------------------------
+Tue Aug  4 10:07:35 UTC 2015 - mpluskal@suse.com
+
+- Cleanup spec file with spec-clenaer
+
+-------------------------------------------------------------------
+Sun Jun 26 22:24:37 UTC 2011 - lazy.kent@opensuse.org
+
+- refreshed patch to fix build in openSUSE >= 11.3
+- splitted off rpm changelog to changes
+- corrected License tag
+- added Authors
+- formatted spec
+
+-------------------------------------------------------------------
+Sun Nov 18 00:00:00 UTC 2007 - guru@unixtech.be
+
+- moved to openSUSE Build Service
+- added minor patch
+
+-------------------------------------------------------------------
+Sun Oct 22 00:00:00 UTC 2006 - guru@unixtech.be
+
+- new upstream version
+- rewrote spec file
+
+

ipcalc/ipcalc.spec

@@ -0,0 +1,61 @@
+#
+# spec file for package ipcalc
+#
+# Copyright (c) 2023 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+Name:           ipcalc
+Version:        1.0.3
+Release:        0
+Summary:        IPv4/IPv6 tool assisting in network calculations on the command line
+License:        GPL-2.0-or-later
+Group:          Productivity/Networking/System
+URL:            https://gitlab.com/ipcalc/ipcalc
+Source0:        https://gitlab.com/ipcalc/ipcalc/-/archive/%{version}/%{name}-%{version}.tar.bz2
+# PATCH-FEATURE-OPENSUSE ipcalc-disable-network-tests.patch badshah400@gmail.com -- Disable tests requiring network
+Patch0:         ipcalc-disable-network-tests.patch
+BuildRequires:  meson >= 0.49
+BuildRequires:  pkgconfig
+BuildRequires:  pkgconfig(libmaxminddb)
+Conflicts:      netcalc
+
+%description
+ipcalc is a modern tool to assist in network address calculations for IPv4 and
+IPv6. It acts both as a tool to output human readable information about a
+network or address, as well as a tool suitable to be used by scripts or other
+programs.  It supports printing a summary about the provided network address,
+multiple command line options per information to be printed, transparent IPv6
+support, and in addition it will use libGeoIP if available to provide
+geographic information.
+
+%prep
+%autosetup -p1
+
+%build
+%meson
+%meson_build
+
+%install
+%meson_install
+
+%check
+%meson_test
+
+%files
+%doc README.md NEWS
+%license COPYING
+%{_bindir}/ipcalc
+
+%changelog

ironic-image/Dockerfile

@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%ironic:24.1.2.0
-#!BuildTag: %%IMG_PREFIX%%ironic:24.1.2.0-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.2
+#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.2-%RELEASE%
 #!BuildVersion: 15.6
 
 ARG SLE_VERSION
@@ -8,7 +8,14 @@ FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 
 FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
 
-RUN set -euo pipefail; zypper -n  in --no-recommends gcc git make xz-devel shim dosfstools mtools glibc-extra grub2-x86_64-efi grub2; zypper -n clean; rm -rf /var/log/*
+#!ArchExclusiveLine: x86_64
+RUN if [ "$(uname -m)" = "x86_64" ];then \
+      zypper -n  in --no-recommends gcc git make xz-devel shim dosfstools mtools glibc-extra grub2-x86_64-efi grub2; zypper -n clean; rm -rf /var/log/*; \
+    fi
+#!ArchExclusiveLine: aarch64
+RUN if [ "$(uname -m)" = "aarch64" ];then \
+      zypper -n rm kubic-locale-archive-2.31-10.36.noarch openssl-1_1-1.1.1l-150500.17.37.1.aarch64; zypper -n in --no-recommends gcc git make xz-devel openssl-3 mokutil shim dosfstools mtools glibc glibc-extra grub2 grub2-arm64-efi; zypper -n clean; rm -rf /var/log/* ;\
+    fi
 WORKDIR /tmp
 COPY prepare-efi.sh /bin/
 RUN set -euo pipefail; chmod +x /bin/prepare-efi.sh
@@ -16,7 +23,20 @@ RUN /bin/prepare-efi.sh
 
 COPY --from=micro / /installroot/
 RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
-RUN zypper --installroot /installroot --non-interactive install --no-recommends python311-devel python311 python311-pip python-dracclient python311-sushy-oem-idrac python311-proliantutils python311-sushy python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi inotify-tools ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp syslinux ipxe-bootimgs python311-sushy-tools crudini openstack-ironic openstack-ironic-inspector-api
+
+#!ArchExclusiveLine: x86_64
+RUN if [ "$(uname -m)" = "x86_64" ];then \
+      zypper --installroot /installroot --non-interactive install --no-recommends syslinux python311-devel python311 python311-pip python-dracclient python311-sushy-oem-idrac python311-proliantutils python311-sushy python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi inotify-tools ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic openstack-ironic-inspector-api; \
+    fi
+#!ArchExclusiveLine: aarch64
+RUN if [ "$(uname -m)" = "aarch64" ];then \
+      zypper --installroot /installroot --non-interactive install --no-recommends python311-devel python311 python311-pip python-dracclient python311-sushy-oem-idrac python311-proliantutils python311-sushy python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi inotify-tools ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic openstack-ironic-inspector-api; \
+    fi
+    
+# DATABASE
+RUN mkdir -p /installroot/var/lib/ironic && \
+  /installroot/usr/bin/sqlite3 /installroot/var/lib/ironic/ironic.sqlite "pragma journal_mode=wal" && \
+  zypper --installroot /installroot --non-interactive remove sqlite3
 
 FROM micro AS final
 MAINTAINER SUSE LLC (https://www.suse.com/)
@@ -26,10 +46,10 @@ LABEL org.opencontainers.image.description="Openstack Ironic based on the SLE Ba
 LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opencontainers.image.version="24.1.2.0"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:24.1.2.0-%RELEASE%"
+LABEL org.opencontainers.image.version="26.1.2.2"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:26.1.2.2-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="l3"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
 LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
 LABEL com.suse.image-type="application"
@@ -48,8 +68,8 @@ RUN echo 'alias mkisofs="xorriso -as mkisofs"' >> ~/.bashrc
 COPY mkisofs_wrapper /usr/bin/mkisofs
 RUN set -euo pipefail; chmod +x /usr/bin/mkisofs
 
-COPY auth-common.sh configure-ironic.sh ironic-common.sh rundnsmasq runhttpd runironic runironic-api runironic-conductor runironic-exporter runironic-inspector runlogwatch.sh tls-common.sh configure-nonroot.sh /bin/
-RUN set -euo pipefail; chmod +x /bin/auth-common.sh; chmod +x /bin/configure-ironic.sh; chmod +x /bin/ironic-common.sh; chmod +x /bin/rundnsmasq; chmod +x /bin/runhttpd; chmod +x /bin/runironic; chmod +x /bin/runironic-api; chmod +x /bin/runironic-conductor; chmod +x /bin/runironic-exporter; chmod +x /bin/runironic-inspector; chmod +x /bin/runlogwatch.sh; chmod +x /bin/tls-common.sh; chmod +x /bin/configure-nonroot.sh;
+COPY auth-common.sh configure-ironic.sh ironic-common.sh rundnsmasq runhttpd runironic runlogwatch.sh tls-common.sh configure-nonroot.sh ironic-probe.j2 /bin/
+RUN set -euo pipefail; chmod +x /bin/auth-common.sh; chmod +x /bin/configure-ironic.sh; chmod +x /bin/ironic-common.sh; chmod +x /bin/rundnsmasq; chmod +x /bin/runhttpd; chmod +x /bin/runironic; chmod +x /bin/runlogwatch.sh; chmod +x /bin/tls-common.sh; chmod +x /bin/configure-nonroot.sh;
 RUN mkdir -p /tftpboot
 RUN mkdir -p $GRUB_DIR
 
@@ -59,11 +79,19 @@ RUN mkdir -p $GRUB_DIR
 
 # IRONIC #
 RUN cp /usr/share/ipxe/undionly.kpxe /tftpboot/undionly.kpxe
-RUN cp /usr/share/ipxe/ipxe-x86_64.efi /tftpboot/ipxe.efi
+#!ArchExclusiveLine: x86_64
+RUN if [ "$(uname -m)" = "x86_64" ];then \
+      cp /usr/share/ipxe/ipxe-x86_64.efi /tftpboot/ipxe.efi ;\
+    fi
+#!ArchExclusiveLine: x86_64
+RUN if [ "$(uname -m)" = "aarch64" ]; then\ 
+     cp /usr/share/ipxe/snp-arm64.efi /tftpboot/ipxe.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp-arm64.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp.efi ;\
+    fi
+    
 COPY --from=base /tmp/esp.img /tmp/uefi_esp.img
 
 COPY ironic.conf.j2 /etc/ironic/
-COPY inspector.ipxe.j2 httpd-ironic-api.conf.j2 /tmp/
+COPY inspector.ipxe.j2 httpd-ironic-api.conf.j2 ipxe_config.template /tmp/
 COPY network-data-schema-empty.json /etc/ironic/
 
 # DNSMASQ
@@ -73,14 +101,7 @@ COPY dnsmasq.conf.j2 /etc/
 COPY httpd.conf.j2 /etc/httpd/conf/
 COPY httpd-modules.conf /etc/httpd/conf.modules.d/
 COPY apache2-vmedia.conf.j2 /etc/httpd-vmedia.conf.j2
-
-# IRONIC-INSPECTOR #
-RUN mkdir -p /var/lib/ironic /var/lib/ironic-inspector && \
-  sqlite3 /var/lib/ironic/ironic.db "pragma journal_mode=wal" && \
-  sqlite3 /var/lib/ironic-inspector/ironic-inspector.db "pragma journal_mode=wal"
-
-COPY ironic-inspector.conf.j2 /etc/ironic-inspector/
-COPY inspector-apache.conf.j2 /etc/httpd/conf.d/
+COPY apache2-ipxe.conf.j2 /etc/httpd-ipxe.conf.j2
 
 # Workaround
 # Removing the 010-ironic.conf file that comes with the package 

ironic-image/_service

@@ -9,9 +9,11 @@
   </service>
   <service name="replace_using_env" mode="buildtime">
     <param name="file">Dockerfile</param>
-    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %img_prefix)</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
     <param name="var">IMG_PREFIX</param>
     <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
     <param name="var">IMG_REPO</param>
+    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
+    <param name="var">SUPPORT_LEVEL</param>
   </service>
 </services>

ironic-image/apache2-ipxe.conf.j2

@@ -0,0 +1,35 @@
+Listen {{ env.IPXE_TLS_PORT }}
+
+<VirtualHost *:{{ env.IPXE_TLS_PORT }}>
+    ErrorLog /dev/stderr
+    LogLevel debug
+    CustomLog /dev/stdout combined
+
+    SSLEngine on
+    SSLProtocol {{ env.IPXE_SSL_PROTOCOL }}
+    SSLCertificateFile {{ env.IPXE_CERT_FILE }}
+    SSLCertificateKeyFile {{ env.IPXE_KEY_FILE }}
+
+    <Directory "/shared/html">
+        Order Allow,Deny
+        Allow from all
+    </Directory>
+    <Directory "/shared/html/(redfish|ilo|images)/">
+        Order Deny,Allow
+        Deny from all
+    </Directory>
+</VirtualHost>
+
+<Location ~ "^/grub.*/">
+    SSLRequireSSL
+</Location>
+<Location ~ "^/pxelinux.cfg/">
+    SSLRequireSSL
+</Location>
+<Location ~ "^/.*\.conf/">
+    SSLRequireSSL
+</Location>
+<Location ~ "^/(([0-9]|[a-z]).*-){4}([0-9]|[a-z]).*/">
+    SSLRequireSSL
+</Location>
+

ironic-image/apache2-vmedia.conf.j2

@@ -9,16 +9,18 @@ Listen {{ env.VMEDIA_TLS_PORT }}
     SSLProtocol {{ env.IRONIC_VMEDIA_SSL_PROTOCOL }}
     SSLCertificateFile {{ env.IRONIC_VMEDIA_CERT_FILE }}
     SSLCertificateKeyFile {{ env.IRONIC_VMEDIA_KEY_FILE }}
-    
-    <Directory "/shared">
-        AllowOverride None
-        Require all granted
-    </Directory>
 
-    <Directory "/shared/html">
-        Options Indexes FollowSymLinks
-        AllowOverride None
-        Require all granted
+    <Directory ~ "/shared/html">
+         Order deny,allow
+         deny from all
+    </Directory>
+    <Directory ~ "/shared/html/(redfish|ilo)/">
+         Order allow,deny
+         allow from all
+    </Directory>
+    <Directory ~ "/shared/html/images/">
+         Order allow,deny
+         allow from all
     </Directory>
 </VirtualHost>
 

ironic-image/auth-common.sh

@@ -2,36 +2,39 @@
 
 set -euxo pipefail
 
-export IRONIC_HTPASSWD=${IRONIC_HTPASSWD:-${HTTP_BASIC_HTPASSWD:-}}
-export INSPECTOR_HTPASSWD=${INSPECTOR_HTPASSWD:-${HTTP_BASIC_HTPASSWD:-}}
-export IRONIC_DEPLOYMENT="${IRONIC_DEPLOYMENT:-}"
 export IRONIC_REVERSE_PROXY_SETUP=${IRONIC_REVERSE_PROXY_SETUP:-false}
-export INSPECTOR_REVERSE_PROXY_SETUP=${INSPECTOR_REVERSE_PROXY_SETUP:-false}
+
+# Backward compatibility
+if [[ "${IRONIC_DEPLOYMENT:-}" == "Conductor" ]]; then
+    export IRONIC_EXPOSE_JSON_RPC=true
+else
+    export IRONIC_EXPOSE_JSON_RPC="${IRONIC_EXPOSE_JSON_RPC:-false}"
+fi
 
 IRONIC_HTPASSWD_FILE=/etc/ironic/htpasswd
-INSPECTOR_HTPASSWD_FILE=/etc/ironic-inspector/htpasswd
+if [[ -f "/auth/ironic/htpasswd" ]]; then
+    IRONIC_HTPASSWD=$(</auth/ironic/htpasswd)
+fi
+export IRONIC_HTPASSWD=${IRONIC_HTPASSWD:-${HTTP_BASIC_HTPASSWD:-}}
 
 configure_client_basic_auth()
 {
     local auth_config_file="/auth/$1/auth-config"
     local dest="${2:-/etc/ironic/ironic.conf}"
     if [[ -f "${auth_config_file}" ]]; then
-        # Merge configurations in the "auth" directory into the default ironic configuration file because there is no way to choose the configuration file
-        # when running the api as a WSGI app.
+        # Merge configurations in the "auth" directory into the default ironic configuration file
         crudini --merge "${dest}" < "${auth_config_file}"
     fi
 }
 
 configure_json_rpc_auth()
 {
-    export JSON_RPC_AUTH_STRATEGY="noauth"
-    if [[ -n "${IRONIC_HTPASSWD}" ]]; then
-        if [[ "${IRONIC_DEPLOYMENT}" == "Conductor" ]]; then
-            export JSON_RPC_AUTH_STRATEGY="http_basic"
-            printf "%s\n" "${IRONIC_HTPASSWD}" > "${IRONIC_HTPASSWD_FILE}-rpc"
-        else
-            printf "%s\n" "${IRONIC_HTPASSWD}" > "${IRONIC_HTPASSWD_FILE}"
+    if [[ "${IRONIC_EXPOSE_JSON_RPC}" == "true" ]]; then
+        if [[ -z "${IRONIC_HTPASSWD}" ]]; then
+            echo "FATAL: enabling JSON RPC requires authentication"
+            exit 1
         fi
+        printf "%s\n" "${IRONIC_HTPASSWD}" > "${IRONIC_HTPASSWD_FILE}-rpc"
     fi
 }
 
@@ -48,24 +51,9 @@ configure_ironic_auth()
     fi
 }
 
-configure_inspector_auth()
-{
-    local config=/etc/ironic-inspector/ironic-inspector.conf
-    if [[ -n "${INSPECTOR_HTPASSWD}" ]]; then
-        printf "%s\n" "${INSPECTOR_HTPASSWD}" > "${INSPECTOR_HTPASSWD_FILE}"
-        if [[ "${INSPECTOR_REVERSE_PROXY_SETUP}" == "false" ]]; then
-            crudini --set "${config}" DEFAULT auth_strategy http_basic
-            crudini --set "${config}" DEFAULT http_basic_auth_user_file "${INSPECTOR_HTPASSWD_FILE}"
-        fi
-    fi
-}
-
 write_htpasswd_files()
 {
     if [[ -n "${IRONIC_HTPASSWD:-}" ]]; then
         printf "%s\n" "${IRONIC_HTPASSWD}" > "${IRONIC_HTPASSWD_FILE}"
     fi
-    if [[ -n "${INSPECTOR_HTPASSWD:-}" ]]; then
-        printf "%s\n" "${INSPECTOR_HTPASSWD}" > "${INSPECTOR_HTPASSWD_FILE}"
-    fi
 }

ironic-image/configure-ironic.sh

@@ -2,14 +2,13 @@
 
 set -euxo pipefail
 
-IRONIC_DEPLOYMENT="${IRONIC_DEPLOYMENT:-}"
 IRONIC_EXTERNAL_IP="${IRONIC_EXTERNAL_IP:-}"
 
 # Define the VLAN interfaces to be included in introspection report, e.g.
 #   all - all VLANs on all interfaces using LLDP information
 #   <interface> - all VLANs on a particular interface using LLDP information
 #   <interface.vlan> - a particular VLAN on an interface, not relying on LLDP
-export IRONIC_INSPECTOR_VLAN_INTERFACES=${IRONIC_INSPECTOR_VLAN_INTERFACES:-all}
+export IRONIC_ENABLE_VLAN_INTERFACES=${IRONIC_ENABLE_VLAN_INTERFACES:-${IRONIC_INSPECTOR_VLAN_INTERFACES:-all}}
 
 # shellcheck disable=SC1091
 . /bin/tls-common.sh
@@ -20,13 +19,17 @@ export IRONIC_INSPECTOR_VLAN_INTERFACES=${IRONIC_INSPECTOR_VLAN_INTERFACES:-all}
 
 export HTTP_PORT=${HTTP_PORT:-80}
 
-MARIADB_PASSWORD=${MARIADB_PASSWORD}
-MARIADB_DATABASE=${MARIADB_DATABASE:-ironic}
-MARIADB_USER=${MARIADB_USER:-ironic}
-MARIADB_HOST=${MARIADB_HOST:-127.0.0.1}
-export MARIADB_CONNECTION="mysql+pymysql://${MARIADB_USER}:${MARIADB_PASSWORD}@${MARIADB_HOST}/${MARIADB_DATABASE}?charset=utf8"
-if [[ "$MARIADB_TLS_ENABLED" == "true" ]]; then
-    export MARIADB_CONNECTION="${MARIADB_CONNECTION}&ssl=on&ssl_ca=${MARIADB_CACERT_FILE}"
+export IRONIC_USE_MARIADB=${IRONIC_USE_MARIADB:-true}
+
+if [[ "$IRONIC_USE_MARIADB" == "true" ]]; then
+    MARIADB_PASSWORD=${MARIADB_PASSWORD}
+    MARIADB_DATABASE=${MARIADB_DATABASE:-ironic}
+    MARIADB_USER=${MARIADB_USER:-ironic}
+    MARIADB_HOST=${MARIADB_HOST:-127.0.0.1}
+    export MARIADB_CONNECTION="mysql+pymysql://${MARIADB_USER}:${MARIADB_PASSWORD}@${MARIADB_HOST}/${MARIADB_DATABASE}?charset=utf8"
+    if [[ "$MARIADB_TLS_ENABLED" == "true" ]]; then
+        export MARIADB_CONNECTION="${MARIADB_CONNECTION}&ssl=on&ssl_ca=${MARIADB_CACERT_FILE}"
+    fi
 fi
 
 # TODO(dtantsur): remove the explicit default once we get
@@ -37,9 +40,6 @@ if [[ "$NUMPROC" -lt 4 ]]; then
 fi
 export NUMWORKERS=${NUMWORKERS:-$NUMPROC}
 
-export IRONIC_USE_MARIADB=${IRONIC_USE_MARIADB:-true}
-export IRONIC_EXPOSE_JSON_RPC=${IRONIC_EXPOSE_JSON_RPC:-true}
-
 # Whether to enable fast_track provisioning or not
 export IRONIC_FAST_TRACK=${IRONIC_FAST_TRACK:-true}
 
@@ -58,16 +58,14 @@ wait_for_interface_or_ip
 export IRONIC_CONDUCTOR_HOST=${IRONIC_CONDUCTOR_HOST:-${IRONIC_URL_HOST}}
 
 export IRONIC_BASE_URL=${IRONIC_BASE_URL:-"${IRONIC_SCHEME}://${IRONIC_URL_HOST}:${IRONIC_ACCESS_PORT}"}
-export IRONIC_INSPECTOR_BASE_URL=${IRONIC_INSPECTOR_BASE_URL:-"${IRONIC_INSPECTOR_SCHEME}://${IRONIC_URL_HOST}:${IRONIC_INSPECTOR_ACCESS_PORT}"}
 
 if [[ -n "$IRONIC_EXTERNAL_IP" ]]; then
-    export IRONIC_EXTERNAL_CALLBACK_URL="${IRONIC_SCHEME}://${IRONIC_EXTERNAL_IP}:${IRONIC_ACCESS_PORT}"
+    export IRONIC_EXTERNAL_CALLBACK_URL=${IRONIC_EXTERNAL_CALLBACK_URL:-"${IRONIC_SCHEME}://${IRONIC_EXTERNAL_IP}:${IRONIC_ACCESS_PORT}"}
     if [[ "$IRONIC_VMEDIA_TLS_SETUP" == "true" ]]; then
-        export IRONIC_EXTERNAL_HTTP_URL="https://${IRONIC_EXTERNAL_IP}:${VMEDIA_TLS_PORT}"
+        export IRONIC_EXTERNAL_HTTP_URL=${IRONIC_EXTERNAL_HTTP_URL:-"https://${IRONIC_EXTERNAL_IP}:${VMEDIA_TLS_PORT}"}
     else
-        export IRONIC_EXTERNAL_HTTP_URL="http://${IRONIC_EXTERNAL_IP}:${HTTP_PORT}"
+        export IRONIC_EXTERNAL_HTTP_URL=${IRONIC_EXTERNAL_HTTP_URL:-"http://${IRONIC_EXTERNAL_IP}:${HTTP_PORT}"}
     fi
-    export IRONIC_INSPECTOR_CALLBACK_ENDPOINT_OVERRIDE="https://${IRONIC_EXTERNAL_IP}:${IRONIC_INSPECTOR_ACCESS_PORT}"
 fi
 
 IMAGE_CACHE_PREFIX=/shared/html/images/ironic-python-agent
@@ -90,13 +88,32 @@ mkdir -p /shared/ironic_prometheus_exporter
 
 configure_json_rpc_auth
 
+if [[ -f /proc/sys/crypto/fips_enabled ]]; then
+    ENABLE_FIPS_IPA=$(cat /proc/sys/crypto/fips_enabled)
+    export ENABLE_FIPS_IPA
+fi
+
 # The original ironic.conf is empty, and can be found in ironic.conf_orig
 render_j2_config /etc/ironic/ironic.conf.j2 /etc/ironic/ironic.conf
 
-if [[ "${USE_IRONIC_INSPECTOR}" == "true" ]]; then
-    configure_client_basic_auth ironic-inspector
-fi
 configure_client_basic_auth ironic-rpc
 
 # Make sure ironic traffic bypasses any proxies
 export NO_PROXY="${NO_PROXY:-},$IRONIC_IP"
+
+PROBE_CURL_ARGS=
+if [[ "${IRONIC_REVERSE_PROXY_SETUP}" == "true" ]]; then
+    if [[ "${IRONIC_PRIVATE_PORT}" == "unix" ]]; then
+        PROBE_URL="http://127.0.0.1:6385"
+        PROBE_CURL_ARGS="--unix-socket /shared/ironic.sock"
+    else
+        PROBE_URL="http://127.0.0.1:${IRONIC_PRIVATE_PORT}"
+    fi
+else
+        PROBE_URL="${IRONIC_BASE_URL}"
+fi
+export PROBE_CURL_ARGS
+export PROBE_URL
+
+PROBE_KIND=readiness render_j2_config /bin/ironic-probe.j2 /bin/ironic-readiness
+PROBE_KIND=liveness render_j2_config /bin/ironic-probe.j2 /bin/ironic-liveness

ironic-image/configure-nonroot.sh

@@ -10,12 +10,12 @@ useradd -r -g ${NONROOT_GID} \
            -d /var/lib/ironic \
            -s /sbin/nologin \
            ${USER}
-           
+
 # create ironic's http_root directory
 mkdir -p /shared/html
 chown "${NONROOT_UID}":"${NONROOT_GID}" /shared/html
 
-# we'll bind mount shared ca and ironic/inspector certificate dirs here
+# we'll bind mount shared ca and ironic certificate dirs here
 # that need to have correct ownership as the entire ironic in BMO
 # deployment shares a single fsGroup in manifest's securityContext
 mkdir -p /certs/ca
@@ -26,17 +26,15 @@ chmod 2775 /certs{,/ca}
 chown -R "${NONROOT_UID}":"${NONROOT_GID}" /etc/apache2
 chown -R "${NONROOT_UID}":"${NONROOT_GID}" /run
 
-# ironic, inspector and httpd related changes
+# ironic and httpd related changes
+mkdir -p /etc/httpd/conf.d
 chown -R "${NONROOT_UID}":"${NONROOT_GID}" /etc/ironic /etc/httpd /etc/httpd
-chown -R "${NONROOT_UID}":"${NONROOT_GID}" /etc/ironic-inspector
 chown -R "${NONROOT_UID}":"${NONROOT_GID}" /var/log
-chmod 2775 /etc/ironic /etc/ironic-inspector /etc/httpd/conf /etc/httpd/conf.d
-chmod 664 /etc/ironic/* /etc/ironic-inspector/* /etc/httpd/conf/* /etc/httpd/conf.d/*
+chmod 2775 /etc/ironic /etc/httpd/conf /etc/httpd/conf.d
+chmod 664 /etc/ironic/* /etc/httpd/conf/* /etc/httpd/conf.d/*
 
 chown -R "${NONROOT_UID}":"${NONROOT_GID}" /var/lib/ironic
-chown -R "${NONROOT_UID}":"${NONROOT_GID}" /var/lib/ironic-inspector
-chmod 2775 /var/lib/ironic /var/lib/ironic-inspector
-chmod 664 /var/lib/ironic/ironic.db /var/lib/ironic-inspector/ironic-inspector.db
+chmod 664 /var/lib/ironic/ironic.sqlite
 
 # dnsmasq, and the capabilities required to run it as non-root user
 chown -R "${NONROOT_UID}":"${NONROOT_GID}" /etc/dnsmasq.conf /var/lib/dnsmasq
@@ -48,3 +46,8 @@ chmod 664 /etc/dnsmasq.conf /var/lib/dnsmasq/dnsmasq.leases
 touch /var/lib/ca-certificates/ca-bundle.pem.new
 chown -R "${NONROOT_UID}":"${NONROOT_GID}" /var/lib/ca-certificates/
 chmod -R +w /var/lib/ca-certificates/
+
+# probes that are created before start
+touch /bin/ironic-{readi,live}ness
+chown root:"${NONROOT_GID}" /bin/ironic-{readi,live}ness
+chmod 775 /bin/ironic-{readi,live}ness