rancher-turtles-airgap-resources: update to 0.13 release

rancher-turtles: Update to 0.13 upstream version
Aligns with https://github.com/suse-edge/charts/pull/166
2024-11-14 18:17:20 +00:00 · 2024-11-14 18:14:20 +00:00 · 2024-11-13 14:08:10 +00:00 · 2024-11-13 14:05:38 +00:00 · 2024-11-13 12:34:23 +00:00 · 2024-11-13 10:29:19 +01:00
109 changed files with 1530 additions and 405 deletions
--- a/.obs/delete_package.py
+++ b/.obs/delete_package.py
@@ -21,7 +21,7 @@ def delete_package_from_workflow(name: str):
 def delete_package_from_project(name: str):
-    p = subprocess.run(["osc", "rdelete", PROJECT, name], stdout=subprocess.PIPE)
+    p = subprocess.run(["osc", "rdelete", PROJECT, name, "-m \"Deleted via delete_package.py\"" ], stdout=subprocess.PIPE)
    print(p.stdout)
    print(p.stderr)
    p.check_returncode()
--- a/.obs/workflows.yml
+++ b/.obs/workflows.yml
@@ -194,3 +194,39 @@ staging_build:
      source_package: ironic-image
      source_project: isv:SUSE:Edge:Factory
      target_project: isv:SUSE:Edge:Factory:Staging
  - branch_package:
      source_package: cri-tools
      source_project: isv:SUSE:Edge:Factory
      target_project: isv:SUSE:Edge:Factory:Staging
  - branch_package:
      source_package: crudini
      source_project: isv:SUSE:Edge:Factory
      target_project: isv:SUSE:Edge:Factory:Staging
  - branch_package:
      source_package: fakeroot
      source_project: isv:SUSE:Edge:Factory
      target_project: isv:SUSE:Edge:Factory:Staging
  - branch_package:
      source_package: ipcalc
      source_project: isv:SUSE:Edge:Factory
      target_project: isv:SUSE:Edge:Factory:Staging
  - branch_package:
      source_package: autoconf
      source_project: isv:SUSE:Edge:Factory
      target_project: isv:SUSE:Edge:Factory:Staging
  - branch_package:
      source_package: rancher-turtles-airgap-resources-chart
      source_project: isv:SUSE:Edge:Factory
      target_project: isv:SUSE:Edge:Factory:Staging
  - branch_package:
      source_package: rancher-turtles-chart
      source_project: isv:SUSE:Edge:Factory
      target_project: isv:SUSE:Edge:Factory:Staging
  - branch_package:
      source_package: kube-rbac-proxy-image
      source_project: isv:SUSE:Edge:Factory
      target_project: isv:SUSE:Edge:Factory:Staging
  - branch_package:
      source_package: ironic-ipa-ramdisk
      source_project: isv:SUSE:Edge:Factory
      target_project: isv:SUSE:Edge:Factory:Staging
--- a/README.md
+++ b/README.md
@@ -13,3 +13,26 @@ Then run the `.obs/add_package.py` script to create the package in the OBS proje
 This script is using the `osc` command behind the scenes, so ensure you have it installed and correctly configured, as well as you have the correct permissions to create a new package in the project.
 You will then get asked to push your changes.
 ## Testing a fork or a development branch
 You can create a project in your home space in OBS, use the same prjconf as the one of "isv:SUSE:Edge:Factory", and copy the repositories part of the metadata (adjust self references).
 Then add a scmsync stanza to your metadata like this (adjust repository path and branch):
 ```xml
 <scmsync>https://src.opensuse.org/suse-edge/Factory#main</scmsync>
 ```
 ## Cutting a release version branch
 1. Do the appropriate git branch command
 2. Change the project path in `.obs/common.py` file (e.g. from `isv:SUSE:Edge:Factory` to `isv:SUSE:Edge:3.2`)
 3. Change the branch reference in `.obs/common.py` file (e.g. from `main` to `3.2`)
 4. Edit the `.obs/workflows.yml` file to change the references to the correct projects
 5. Commit those changes to the new branch and push the new branch
 6. Create the base and to-test projects (e.g. `isv:SUSE:Edge:3.2` and `isv:SUSE:Edge:3.2:ToTest`), use the `isv:SUSE:Edge:Factory` projects as example for metadata part
 7. Use the prjconf of Factory in all those projects
 8. Run the `.obs/sync_packages.py` script to create all the packages in the base project
 9. Go take a few cups of coffee/tea/mate/... while waiting for OBS to build everything
 10. Once built do an `osc release` of the project for it to be copied over in the `ToTest` section
 11. Hand over to QA to test whatever is in `ToTest`. (You can continue to work on the base branch if needed meanwhile)
--- a/akri-agent-image/Dockerfile
+++ b/akri-agent-image/Dockerfile
@@ -20,7 +20,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
 LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%akri-agent:v%PACKAGE_VERSION%-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="techpreview"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
 LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
 LABEL com.suse.image-type="application"
--- a/akri-agent-image/_service
+++ b/akri-agent-image/_service
@@ -13,5 +13,7 @@
    <param name="var">IMG_PREFIX</param>
    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
    <param name="var">IMG_REPO</param>
    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
    <param name="var">SUPPORT_LEVEL</param>
  </service>
 </services>
--- a/akri-controller-image/Dockerfile
+++ b/akri-controller-image/Dockerfile
@@ -20,7 +20,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
 LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%akri-controller:v%PACKAGE_VERSION%-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="techpreview"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
 LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
 LABEL com.suse.image-type="application"
--- a/akri-controller-image/_service
+++ b/akri-controller-image/_service
@@ -13,5 +13,7 @@
    <param name="var">IMG_PREFIX</param>
    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
    <param name="var">IMG_REPO</param>
    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
    <param name="var">SUPPORT_LEVEL</param>
  </service>
 </services>
--- a/akri-debug-echo-discovery-handler-image/Dockerfile
+++ b/akri-debug-echo-discovery-handler-image/Dockerfile
@@ -20,7 +20,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
 LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%akri-debug-echo-discovery-handler:v%PACKAGE_VERSION%-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="techpreview"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
 LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
 LABEL com.suse.image-type="application"
--- a/akri-debug-echo-discovery-handler-image/_service
+++ b/akri-debug-echo-discovery-handler-image/_service
@@ -13,5 +13,7 @@
    <param name="var">IMG_PREFIX</param>
    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
    <param name="var">IMG_REPO</param>
    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
    <param name="var">SUPPORT_LEVEL</param>
  </service>
 </services>
--- a/akri-onvif-discovery-handler-image/Dockerfile
+++ b/akri-onvif-discovery-handler-image/Dockerfile
@@ -20,7 +20,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
 LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%akri-onvif-discovery-handler:v%PACKAGE_VERSION%-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="techpreview"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
 LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
 LABEL com.suse.image-type="application"
--- a/akri-onvif-discovery-handler-image/_service
+++ b/akri-onvif-discovery-handler-image/_service
@@ -13,5 +13,7 @@
    <param name="var">IMG_PREFIX</param>
    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
    <param name="var">IMG_REPO</param>
    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
    <param name="var">SUPPORT_LEVEL</param>
  </service>
 </services>
--- a/akri-opcua-discovery-handler-image/Dockerfile
+++ b/akri-opcua-discovery-handler-image/Dockerfile
@@ -20,7 +20,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
 LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%akri-opcua-discovery-handler:v%PACKAGE_VERSION%-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="techpreview"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
 LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
 LABEL com.suse.image-type="application"
--- a/akri-opcua-discovery-handler-image/_service
+++ b/akri-opcua-discovery-handler-image/_service
@@ -13,5 +13,7 @@
    <param name="var">IMG_PREFIX</param>
    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
    <param name="var">IMG_REPO</param>
    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
    <param name="var">SUPPORT_LEVEL</param>
  </service>
 </services>
--- a/akri-udev-discovery-handler-image/Dockerfile
+++ b/akri-udev-discovery-handler-image/Dockerfile
@@ -20,7 +20,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
 LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%akri-udev-discovery-handler:v%PACKAGE_VERSION%-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="techpreview"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
 LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
 LABEL com.suse.image-type="application"
--- a/akri-udev-discovery-handler-image/_service
+++ b/akri-udev-discovery-handler-image/_service
@@ -13,5 +13,7 @@
    <param name="var">IMG_PREFIX</param>
    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
    <param name="var">IMG_REPO</param>
    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
    <param name="var">SUPPORT_LEVEL</param>
  </service>
 </services>
--- a/akri-webhook-configuration-image/Dockerfile
+++ b/akri-webhook-configuration-image/Dockerfile
@@ -20,7 +20,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
 LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%akri-webhook-configuration:v%PACKAGE_VERSION%-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="techpreview"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
 LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
 LABEL com.suse.image-type="application"
--- a/akri-webhook-configuration-image/_service
+++ b/akri-webhook-configuration-image/_service
@@ -13,5 +13,7 @@
    <param name="var">IMG_PREFIX</param>
    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
    <param name="var">IMG_REPO</param>
    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
    <param name="var">SUPPORT_LEVEL</param>
  </service>
 </services>
--- a/baremetal-operator-image/Dockerfile
+++ b/baremetal-operator-image/Dockerfile
@@ -21,7 +21,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
 LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="l3"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
 LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
 LABEL com.suse.image-type="application"
--- a/baremetal-operator-image/_service
+++ b/baremetal-operator-image/_service
@@ -13,5 +13,7 @@
    <param name="var">IMG_PREFIX</param>
    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
    <param name="var">IMG_REPO</param>
    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
    <param name="var">SUPPORT_LEVEL</param>
  </service>
 </services>
--- a/baremetal-operator/_service
+++ b/baremetal-operator/_service
@@ -2,7 +2,7 @@
 <service name="obs_scm">
    <param name="url">https://github.com/metal3-io/baremetal-operator</param>
    <param name="scm">git</param>
-    <param name="revision">v0.6.1</param>
+    <param name="revision">v0.8.0</param>
    <param name="version">_auto_</param>
    <param name="versionformat">@PARENT_TAG@</param>
    <param name="changesgenerate">enable</param>
--- a/baremetal-operator/baremetal-operator.spec
+++ b/baremetal-operator/baremetal-operator.spec
@@ -17,14 +17,14 @@
 Name:           baremetal-operator
-Version:        0.6.1
+Version:        0.8.0
-Release:        0.6.1
+Release:        0.8.0
 Summary:        Implements a Kubernetes API for managing bare metal hosts
 License:        Apache-2.0
 URL:            https://github.com/metal3-io/baremetal-operator
 Source:         baremetal-operator-%{version}.tar.gz
 Source1:        vendor.tar.gz
-BuildRequires:  golang(API) = 1.21
+BuildRequires:  golang(API) = 1.22
 ExcludeArch:    s390
 ExcludeArch:    %{ix86}
--- a/cluster-api-controller-image/Dockerfile
+++ b/cluster-api-controller-image/Dockerfile
@@ -22,7 +22,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
 LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api:%%cluster-api_version%%-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="l3"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
 LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
 LABEL com.suse.image-type="application"
--- a/cluster-api-controller-image/_service
+++ b/cluster-api-controller-image/_service
@@ -13,5 +13,7 @@
    <param name="var">IMG_PREFIX</param>
    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
    <param name="var">IMG_REPO</param>
    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
    <param name="var">SUPPORT_LEVEL</param>
  </service>
 </services>
--- a/cluster-api-operator-image/Dockerfile
+++ b/cluster-api-operator-image/Dockerfile
@@ -21,7 +21,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
 LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-operator:%%cluster-api-operator_version%%-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="l3"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
 LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
 LABEL com.suse.image-type="application"
--- a/cluster-api-operator-image/_service
+++ b/cluster-api-operator-image/_service
@@ -13,5 +13,7 @@
    <param name="var">IMG_PREFIX</param>
    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
    <param name="var">IMG_REPO</param>
    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
    <param name="var">SUPPORT_LEVEL</param>
  </service>
 </services>
--- a/cluster-api-provider-metal3-image/Dockerfile
+++ b/cluster-api-provider-metal3-image/Dockerfile
@@ -22,7 +22,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
 LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-provider-metal3:%%cluster-api-provider-metal3_version%%-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="l3"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
 LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
 LABEL com.suse.image-type="application"
--- a/cluster-api-provider-metal3-image/_service
+++ b/cluster-api-provider-metal3-image/_service
@@ -13,5 +13,7 @@
    <param name="var">IMG_PREFIX</param>
    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
    <param name="var">IMG_REPO</param>
    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
    <param name="var">SUPPORT_LEVEL</param>
  </service>
 </services>
--- a/cluster-api-provider-metal3/cluster-api-provider-metal3.spec
+++ b/cluster-api-provider-metal3/cluster-api-provider-metal3.spec
@@ -24,7 +24,7 @@ License:        Apache-2.0
 URL:            https://github.com/metal3-io/cluster-api-provider-metal3
 Source:         cluster-api-provider-metal3-%{version}.tar.gz
 Source1:        vendor.tar.gz
-BuildRequires:  golang(API) = 1.21
+BuildRequires:  golang(API) = 1.22
 ExcludeArch:    s390
 ExcludeArch:    %{ix86}
--- a/cluster-api-provider-rke2-bootstrap-image/Dockerfile
+++ b/cluster-api-provider-rke2-bootstrap-image/Dockerfile
@@ -22,7 +22,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
 LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-provider-rke2-bootstrap:%%cluster-api-provider-rke2_version%%-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="l3"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
 LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
 LABEL com.suse.image-type="application"
--- a/cluster-api-provider-rke2-bootstrap-image/_service
+++ b/cluster-api-provider-rke2-bootstrap-image/_service
@@ -13,5 +13,7 @@
    <param name="var">IMG_PREFIX</param>
    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
    <param name="var">IMG_REPO</param>
    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
    <param name="var">SUPPORT_LEVEL</param>
  </service>
 </services>
--- a/cluster-api-provider-rke2-controlplane-image/Dockerfile
+++ b/cluster-api-provider-rke2-controlplane-image/Dockerfile
@@ -22,7 +22,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
 LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-provider-rke2-controlplane:%%cluster-api-provider-rke2_version%%-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="l3"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
 LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
 LABEL com.suse.image-type="application"
--- a/cluster-api-provider-rke2-controlplane-image/_service
+++ b/cluster-api-provider-rke2-controlplane-image/_service
@@ -13,5 +13,7 @@
    <param name="var">IMG_PREFIX</param>
    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
    <param name="var">IMG_REPO</param>
    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
    <param name="var">SUPPORT_LEVEL</param>
  </service>
 </services>
--- a/cluster-api-provider-rke2/cluster-api-provider-rke2.spec
+++ b/cluster-api-provider-rke2/cluster-api-provider-rke2.spec
@@ -24,7 +24,7 @@ License:        Apache-2.0
 URL:            https://github.com/rancher-sandbox/cluster-api-provider-rke2
 Source:         cluster-api-provider-rke2-%{version}.tar.gz
 Source1:        vendor.tar.gz
-BuildRequires:  golang(API) = 1.21
+BuildRequires:  golang(API) = 1.22
 ExcludeArch:    s390
 ExcludeArch:    %{ix86}
--- a/cluster-api/cluster-api.spec
+++ b/cluster-api/cluster-api.spec
@@ -24,7 +24,7 @@ License:        Apache-2.0
 URL:            https://github.com/kubernetes-sigs/cluster-api
 Source:         cluster-api-%{version}.tar.gz
 Source1:        vendor.tar.gz
-BuildRequires:  golang(API) = 1.21
+BuildRequires:  golang(API) = 1.22
 ExcludeArch:    s390
 ExcludeArch:    %{ix86}
--- a/edge-image-builder-image/Dockerfile
+++ b/edge-image-builder-image/Dockerfile
@@ -21,7 +21,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
 LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:1.1.0-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="l3"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
 LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
 LABEL com.suse.image-type="application"
--- a/edge-image-builder-image/_service
+++ b/edge-image-builder-image/_service
@@ -9,6 +9,8 @@
    <param name="file">artifacts.yaml</param>
    <param name="eval">CHART_REPO=$(rpm --macros=/root/.rpmmacros -E %chart_repo)</param>
    <param name="var">CHART_REPO</param>
    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
    <param name="var">SUPPORT_LEVEL</param>
  </service>
 </services>
--- a/endpoint-copier-operator-image/Dockerfile
+++ b/endpoint-copier-operator-image/Dockerfile
@@ -21,7 +21,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
 LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%endpoint-copier-operator:%%endpoint-copier-operator_version%%-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="l3"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
 LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
 LABEL com.suse.image-type="application"
--- a/endpoint-copier-operator-image/_service
+++ b/endpoint-copier-operator-image/_service
@@ -13,5 +13,7 @@
    <param name="var">IMG_PREFIX</param>
    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
    <param name="var">IMG_REPO</param>
    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
    <param name="var">SUPPORT_LEVEL</param>
  </service>
 </services>
--- a/ip-address-manager-image/Dockerfile
+++ b/ip-address-manager-image/Dockerfile
@@ -22,7 +22,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
 LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ip-address-manager:%%ip-address-manager_version%%-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="l3"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
 LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
 LABEL com.suse.image-type="application"
--- a/ip-address-manager-image/_service
+++ b/ip-address-manager-image/_service
@@ -13,5 +13,7 @@
    <param name="var">IMG_PREFIX</param>
    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
    <param name="var">IMG_REPO</param>
    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
    <param name="var">SUPPORT_LEVEL</param>
  </service>
 </services>
--- a/ip-address-manager/ip-address-manager.spec
+++ b/ip-address-manager/ip-address-manager.spec
@@ -24,7 +24,7 @@ License:        Apache-2.0
 URL:            https://github.com/metal3-io/ip-address-manager
 Source:         ip-address-manager-%{version}.tar.gz
 Source1:        vendor.tar.gz
-BuildRequires:  golang(API) = 1.21
+BuildRequires:  golang(API) = 1.22
 ExcludeArch:    s390
 ExcludeArch:    %{ix86}
--- a/ironic-image/Dockerfile
+++ b/ironic-image/Dockerfile
@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%ironic:24.1.2.0
+#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.0
-#!BuildTag: %%IMG_PREFIX%%ironic:24.1.2.0-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.0-%RELEASE%
 #!BuildVersion: 15.6
 ARG SLE_VERSION
@@ -16,7 +16,12 @@ RUN /bin/prepare-efi.sh
 COPY --from=micro / /installroot/
 RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
-RUN zypper --installroot /installroot --non-interactive install --no-recommends python311-devel python311 python311-pip python-dracclient python311-sushy-oem-idrac python311-proliantutils python311-sushy python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi inotify-tools ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp syslinux ipxe-bootimgs python311-sushy-tools crudini openstack-ironic openstack-ironic-inspector-api
+RUN zypper --installroot /installroot --non-interactive install --no-recommends python311-devel python311 python311-pip python-dracclient python311-sushy-oem-idrac python311-proliantutils python311-sushy python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 inotify-tools ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp syslinux ipxe-bootimgs crudini openstack-ironic
 # DATABASE
 RUN mkdir -p /installroot/var/lib/ironic && \
  /installroot/usr/bin/sqlite3 /installroot/var/lib/ironic/ironic.sqlite "pragma journal_mode=wal" && \
  zypper --installroot /installroot --non-interactive remove sqlite3
 FROM micro AS final
 MAINTAINER SUSE LLC (https://www.suse.com/)
@@ -26,10 +31,10 @@ LABEL org.opencontainers.image.description="Openstack Ironic based on the SLE Ba
 LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opencontainers.image.version="24.1.2.0"
+LABEL org.opencontainers.image.version="26.1.2.0"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:24.1.2.0-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:26.1.2.0-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="l3"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
 LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
 LABEL com.suse.image-type="application"
@@ -48,8 +53,8 @@ RUN echo 'alias mkisofs="xorriso -as mkisofs"' >> ~/.bashrc
 COPY mkisofs_wrapper /usr/bin/mkisofs
 RUN set -euo pipefail; chmod +x /usr/bin/mkisofs
-COPY auth-common.sh configure-ironic.sh ironic-common.sh rundnsmasq runhttpd runironic runironic-api runironic-conductor runironic-exporter runironic-inspector runlogwatch.sh tls-common.sh configure-nonroot.sh /bin/
+COPY auth-common.sh configure-ironic.sh ironic-common.sh rundnsmasq runhttpd runironic runlogwatch.sh tls-common.sh configure-nonroot.sh ironic-probe.j2 /bin/
-RUN set -euo pipefail; chmod +x /bin/auth-common.sh; chmod +x /bin/configure-ironic.sh; chmod +x /bin/ironic-common.sh; chmod +x /bin/rundnsmasq; chmod +x /bin/runhttpd; chmod +x /bin/runironic; chmod +x /bin/runironic-api; chmod +x /bin/runironic-conductor; chmod +x /bin/runironic-exporter; chmod +x /bin/runironic-inspector; chmod +x /bin/runlogwatch.sh; chmod +x /bin/tls-common.sh; chmod +x /bin/configure-nonroot.sh;
+RUN set -euo pipefail; chmod +x /bin/auth-common.sh; chmod +x /bin/configure-ironic.sh; chmod +x /bin/ironic-common.sh; chmod +x /bin/rundnsmasq; chmod +x /bin/runhttpd; chmod +x /bin/runironic; chmod +x /bin/runlogwatch.sh; chmod +x /bin/tls-common.sh; chmod +x /bin/configure-nonroot.sh;
 RUN mkdir -p /tftpboot
 RUN mkdir -p $GRUB_DIR
@@ -63,7 +68,7 @@ RUN cp /usr/share/ipxe/ipxe-x86_64.efi /tftpboot/ipxe.efi
 COPY --from=base /tmp/esp.img /tmp/uefi_esp.img
 COPY ironic.conf.j2 /etc/ironic/
-COPY inspector.ipxe.j2 httpd-ironic-api.conf.j2 /tmp/
+COPY inspector.ipxe.j2 httpd-ironic-api.conf.j2 ipxe_config.template /tmp/
 COPY network-data-schema-empty.json /etc/ironic/
 # DNSMASQ
@@ -73,14 +78,7 @@ COPY dnsmasq.conf.j2 /etc/
 COPY httpd.conf.j2 /etc/httpd/conf/
 COPY httpd-modules.conf /etc/httpd/conf.modules.d/
 COPY apache2-vmedia.conf.j2 /etc/httpd-vmedia.conf.j2
-
+COPY apache2-ipxe.conf.j2 /etc/httpd-ipxe.conf.j2
 # IRONIC-INSPECTOR #
 RUN mkdir -p /var/lib/ironic /var/lib/ironic-inspector && \
  sqlite3 /var/lib/ironic/ironic.db "pragma journal_mode=wal" && \
  sqlite3 /var/lib/ironic-inspector/ironic-inspector.db "pragma journal_mode=wal"
 COPY ironic-inspector.conf.j2 /etc/ironic-inspector/
 COPY inspector-apache.conf.j2 /etc/httpd/conf.d/
 # Workaround
 # Removing the 010-ironic.conf file that comes with the package 
--- a/ironic-image/_service
+++ b/ironic-image/_service
@@ -13,5 +13,7 @@
    <param name="var">IMG_PREFIX</param>
    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
    <param name="var">IMG_REPO</param>
    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
    <param name="var">SUPPORT_LEVEL</param>
  </service>
 </services>
--- a/ironic-image/apache2-ipxe.conf.j2
+++ b/ironic-image/apache2-ipxe.conf.j2
@@ -0,0 +1,35 @@
 Listen {{ env.IPXE_TLS_PORT }}
 <VirtualHost *:{{ env.IPXE_TLS_PORT }}>
    ErrorLog /dev/stderr
    LogLevel debug
    CustomLog /dev/stdout combined
    SSLEngine on
    SSLProtocol {{ env.IPXE_SSL_PROTOCOL }}
    SSLCertificateFile {{ env.IPXE_CERT_FILE }}
    SSLCertificateKeyFile {{ env.IPXE_KEY_FILE }}
    <Directory "/shared/html">
        Order Allow,Deny
        Allow from all
    </Directory>
    <Directory "/shared/html/(redfish|ilo|images)/">
        Order Deny,Allow
        Deny from all
    </Directory>
 </VirtualHost>
 <Location ~ "^/grub.*/">
    SSLRequireSSL
 </Location>
 <Location ~ "^/pxelinux.cfg/">
    SSLRequireSSL
 </Location>
 <Location ~ "^/.*\.conf/">
    SSLRequireSSL
 </Location>
 <Location ~ "^/(([0-9]|[a-z]).*-){4}([0-9]|[a-z]).*/">
    SSLRequireSSL
 </Location>
--- a/ironic-image/apache2-vmedia.conf.j2
+++ b/ironic-image/apache2-vmedia.conf.j2
@@ -9,16 +9,18 @@ Listen {{ env.VMEDIA_TLS_PORT }}
    SSLProtocol {{ env.IRONIC_VMEDIA_SSL_PROTOCOL }}
    SSLCertificateFile {{ env.IRONIC_VMEDIA_CERT_FILE }}
    SSLCertificateKeyFile {{ env.IRONIC_VMEDIA_KEY_FILE }}
    <Directory "/shared">
        AllowOverride None
        Require all granted
    </Directory>
-    <Directory "/shared/html">
+    <Directory ~ "/shared/html">
-        Options Indexes FollowSymLinks
+         Order deny,allow
-        AllowOverride None
+         deny from all
-        Require all granted
+    </Directory>
    <Directory ~ "/shared/html/(redfish|ilo)/">
         Order allow,deny
         allow from all
    </Directory>
    <Directory ~ "/shared/html/images/">
         Order allow,deny
         allow from all
    </Directory>
 </VirtualHost>
--- a/ironic-image/auth-common.sh
+++ b/ironic-image/auth-common.sh
@@ -2,36 +2,39 @@
 set -euxo pipefail
 export IRONIC_HTPASSWD=${IRONIC_HTPASSWD:-${HTTP_BASIC_HTPASSWD:-}}
 export INSPECTOR_HTPASSWD=${INSPECTOR_HTPASSWD:-${HTTP_BASIC_HTPASSWD:-}}
 export IRONIC_DEPLOYMENT="${IRONIC_DEPLOYMENT:-}"
 export IRONIC_REVERSE_PROXY_SETUP=${IRONIC_REVERSE_PROXY_SETUP:-false}
-export INSPECTOR_REVERSE_PROXY_SETUP=${INSPECTOR_REVERSE_PROXY_SETUP:-false}
+
 # Backward compatibility
 if [[ "${IRONIC_DEPLOYMENT:-}" == "Conductor" ]]; then
    export IRONIC_EXPOSE_JSON_RPC=true
 else
    export IRONIC_EXPOSE_JSON_RPC="${IRONIC_EXPOSE_JSON_RPC:-false}"
 fi
 IRONIC_HTPASSWD_FILE=/etc/ironic/htpasswd
-INSPECTOR_HTPASSWD_FILE=/etc/ironic-inspector/htpasswd
+if [[ -f "/auth/ironic/htpasswd" ]]; then
    IRONIC_HTPASSWD=$(</auth/ironic/htpasswd)
 fi
 export IRONIC_HTPASSWD=${IRONIC_HTPASSWD:-${HTTP_BASIC_HTPASSWD:-}}
 configure_client_basic_auth()
 {
    local auth_config_file="/auth/$1/auth-config"
    local dest="${2:-/etc/ironic/ironic.conf}"
    if [[ -f "${auth_config_file}" ]]; then
-        # Merge configurations in the "auth" directory into the default ironic configuration file because there is no way to choose the configuration file
+        # Merge configurations in the "auth" directory into the default ironic configuration file
        # when running the api as a WSGI app.
        crudini --merge "${dest}" < "${auth_config_file}"
    fi
 }
 configure_json_rpc_auth()
 {
-    export JSON_RPC_AUTH_STRATEGY="noauth"
+    if [[ "${IRONIC_EXPOSE_JSON_RPC}" == "true" ]]; then
-    if [[ -n "${IRONIC_HTPASSWD}" ]]; then
+        if [[ -z "${IRONIC_HTPASSWD}" ]]; then
-        if [[ "${IRONIC_DEPLOYMENT}" == "Conductor" ]]; then
+            echo "FATAL: enabling JSON RPC requires authentication"
-            export JSON_RPC_AUTH_STRATEGY="http_basic"
+            exit 1
            printf "%s\n" "${IRONIC_HTPASSWD}" > "${IRONIC_HTPASSWD_FILE}-rpc"
        else
            printf "%s\n" "${IRONIC_HTPASSWD}" > "${IRONIC_HTPASSWD_FILE}"
        fi
        printf "%s\n" "${IRONIC_HTPASSWD}" > "${IRONIC_HTPASSWD_FILE}-rpc"
    fi
 }
@@ -48,24 +51,9 @@ configure_ironic_auth()
    fi
 }
 configure_inspector_auth()
 {
    local config=/etc/ironic-inspector/ironic-inspector.conf
    if [[ -n "${INSPECTOR_HTPASSWD}" ]]; then
        printf "%s\n" "${INSPECTOR_HTPASSWD}" > "${INSPECTOR_HTPASSWD_FILE}"
        if [[ "${INSPECTOR_REVERSE_PROXY_SETUP}" == "false" ]]; then
            crudini --set "${config}" DEFAULT auth_strategy http_basic
            crudini --set "${config}" DEFAULT http_basic_auth_user_file "${INSPECTOR_HTPASSWD_FILE}"
        fi
    fi
 }
 write_htpasswd_files()
 {
    if [[ -n "${IRONIC_HTPASSWD:-}" ]]; then
        printf "%s\n" "${IRONIC_HTPASSWD}" > "${IRONIC_HTPASSWD_FILE}"
    fi
    if [[ -n "${INSPECTOR_HTPASSWD:-}" ]]; then
        printf "%s\n" "${INSPECTOR_HTPASSWD}" > "${INSPECTOR_HTPASSWD_FILE}"
    fi
 }
--- a/ironic-image/configure-ironic.sh
+++ b/ironic-image/configure-ironic.sh
@@ -2,14 +2,13 @@
 set -euxo pipefail
 IRONIC_DEPLOYMENT="${IRONIC_DEPLOYMENT:-}"
 IRONIC_EXTERNAL_IP="${IRONIC_EXTERNAL_IP:-}"
 # Define the VLAN interfaces to be included in introspection report, e.g.
 #   all - all VLANs on all interfaces using LLDP information
 #   <interface> - all VLANs on a particular interface using LLDP information
 #   <interface.vlan> - a particular VLAN on an interface, not relying on LLDP
-export IRONIC_INSPECTOR_VLAN_INTERFACES=${IRONIC_INSPECTOR_VLAN_INTERFACES:-all}
+export IRONIC_ENABLE_VLAN_INTERFACES=${IRONIC_ENABLE_VLAN_INTERFACES:-${IRONIC_INSPECTOR_VLAN_INTERFACES:-all}}
 # shellcheck disable=SC1091
 . /bin/tls-common.sh
@@ -20,13 +19,17 @@ export IRONIC_INSPECTOR_VLAN_INTERFACES=${IRONIC_INSPECTOR_VLAN_INTERFACES:-all}
 export HTTP_PORT=${HTTP_PORT:-80}
-MARIADB_PASSWORD=${MARIADB_PASSWORD}
+export IRONIC_USE_MARIADB=${IRONIC_USE_MARIADB:-true}
-MARIADB_DATABASE=${MARIADB_DATABASE:-ironic}
+
-MARIADB_USER=${MARIADB_USER:-ironic}
+if [[ "$IRONIC_USE_MARIADB" == "true" ]]; then
-MARIADB_HOST=${MARIADB_HOST:-127.0.0.1}
+    MARIADB_PASSWORD=${MARIADB_PASSWORD}
-export MARIADB_CONNECTION="mysql+pymysql://${MARIADB_USER}:${MARIADB_PASSWORD}@${MARIADB_HOST}/${MARIADB_DATABASE}?charset=utf8"
+    MARIADB_DATABASE=${MARIADB_DATABASE:-ironic}
-if [[ "$MARIADB_TLS_ENABLED" == "true" ]]; then
+    MARIADB_USER=${MARIADB_USER:-ironic}
-    export MARIADB_CONNECTION="${MARIADB_CONNECTION}&ssl=on&ssl_ca=${MARIADB_CACERT_FILE}"
+    MARIADB_HOST=${MARIADB_HOST:-127.0.0.1}
    export MARIADB_CONNECTION="mysql+pymysql://${MARIADB_USER}:${MARIADB_PASSWORD}@${MARIADB_HOST}/${MARIADB_DATABASE}?charset=utf8"
    if [[ "$MARIADB_TLS_ENABLED" == "true" ]]; then
        export MARIADB_CONNECTION="${MARIADB_CONNECTION}&ssl=on&ssl_ca=${MARIADB_CACERT_FILE}"
    fi
 fi
 # TODO(dtantsur): remove the explicit default once we get
@@ -37,9 +40,6 @@ if [[ "$NUMPROC" -lt 4 ]]; then
 fi
 export NUMWORKERS=${NUMWORKERS:-$NUMPROC}
 export IRONIC_USE_MARIADB=${IRONIC_USE_MARIADB:-true}
 export IRONIC_EXPOSE_JSON_RPC=${IRONIC_EXPOSE_JSON_RPC:-true}
 # Whether to enable fast_track provisioning or not
 export IRONIC_FAST_TRACK=${IRONIC_FAST_TRACK:-true}
@@ -58,16 +58,14 @@ wait_for_interface_or_ip
 export IRONIC_CONDUCTOR_HOST=${IRONIC_CONDUCTOR_HOST:-${IRONIC_URL_HOST}}
 export IRONIC_BASE_URL=${IRONIC_BASE_URL:-"${IRONIC_SCHEME}://${IRONIC_URL_HOST}:${IRONIC_ACCESS_PORT}"}
 export IRONIC_INSPECTOR_BASE_URL=${IRONIC_INSPECTOR_BASE_URL:-"${IRONIC_INSPECTOR_SCHEME}://${IRONIC_URL_HOST}:${IRONIC_INSPECTOR_ACCESS_PORT}"}
 if [[ -n "$IRONIC_EXTERNAL_IP" ]]; then
-    export IRONIC_EXTERNAL_CALLBACK_URL="${IRONIC_SCHEME}://${IRONIC_EXTERNAL_IP}:${IRONIC_ACCESS_PORT}"
+    export IRONIC_EXTERNAL_CALLBACK_URL=${IRONIC_EXTERNAL_CALLBACK_URL:-"${IRONIC_SCHEME}://${IRONIC_EXTERNAL_IP}:${IRONIC_ACCESS_PORT}"}
    if [[ "$IRONIC_VMEDIA_TLS_SETUP" == "true" ]]; then
-        export IRONIC_EXTERNAL_HTTP_URL="https://${IRONIC_EXTERNAL_IP}:${VMEDIA_TLS_PORT}"
+        export IRONIC_EXTERNAL_HTTP_URL=${IRONIC_EXTERNAL_HTTP_URL:-"https://${IRONIC_EXTERNAL_IP}:${VMEDIA_TLS_PORT}"}
    else
-        export IRONIC_EXTERNAL_HTTP_URL="http://${IRONIC_EXTERNAL_IP}:${HTTP_PORT}"
+        export IRONIC_EXTERNAL_HTTP_URL=${IRONIC_EXTERNAL_HTTP_URL:-"http://${IRONIC_EXTERNAL_IP}:${HTTP_PORT}"}
    fi
    export IRONIC_INSPECTOR_CALLBACK_ENDPOINT_OVERRIDE="https://${IRONIC_EXTERNAL_IP}:${IRONIC_INSPECTOR_ACCESS_PORT}"
 fi
 IMAGE_CACHE_PREFIX=/shared/html/images/ironic-python-agent
@@ -90,13 +88,32 @@ mkdir -p /shared/ironic_prometheus_exporter
 configure_json_rpc_auth
 if [[ -f /proc/sys/crypto/fips_enabled ]]; then
    ENABLE_FIPS_IPA=$(cat /proc/sys/crypto/fips_enabled)
    export ENABLE_FIPS_IPA
 fi
 # The original ironic.conf is empty, and can be found in ironic.conf_orig
 render_j2_config /etc/ironic/ironic.conf.j2 /etc/ironic/ironic.conf
 if [[ "${USE_IRONIC_INSPECTOR}" == "true" ]]; then
    configure_client_basic_auth ironic-inspector
 fi
 configure_client_basic_auth ironic-rpc
 # Make sure ironic traffic bypasses any proxies
 export NO_PROXY="${NO_PROXY:-},$IRONIC_IP"
 PROBE_CURL_ARGS=
 if [[ "${IRONIC_REVERSE_PROXY_SETUP}" == "true" ]]; then
    if [[ "${IRONIC_PRIVATE_PORT}" == "unix" ]]; then
        PROBE_URL="http://127.0.0.1:6385"
        PROBE_CURL_ARGS="--unix-socket /shared/ironic.sock"
    else
        PROBE_URL="http://127.0.0.1:${IRONIC_PRIVATE_PORT}"
    fi
 else
        PROBE_URL="${IRONIC_BASE_URL}"
 fi
 export PROBE_CURL_ARGS
 export PROBE_URL
 PROBE_KIND=readiness render_j2_config /bin/ironic-probe.j2 /bin/ironic-readiness
 PROBE_KIND=liveness render_j2_config /bin/ironic-probe.j2 /bin/ironic-liveness
--- a/ironic-image/configure-nonroot.sh
+++ b/ironic-image/configure-nonroot.sh
@@ -10,12 +10,12 @@ useradd -r -g ${NONROOT_GID} \
           -d /var/lib/ironic \
           -s /sbin/nologin \
           ${USER}
-           
+
 # create ironic's http_root directory
 mkdir -p /shared/html
 chown "${NONROOT_UID}":"${NONROOT_GID}" /shared/html
-# we'll bind mount shared ca and ironic/inspector certificate dirs here
+# we'll bind mount shared ca and ironic certificate dirs here
 # that need to have correct ownership as the entire ironic in BMO
 # deployment shares a single fsGroup in manifest's securityContext
 mkdir -p /certs/ca
@@ -26,17 +26,15 @@ chmod 2775 /certs{,/ca}
 chown -R "${NONROOT_UID}":"${NONROOT_GID}" /etc/apache2
 chown -R "${NONROOT_UID}":"${NONROOT_GID}" /run
-# ironic, inspector and httpd related changes
+# ironic and httpd related changes
 mkdir -p /etc/httpd/conf.d
 chown -R "${NONROOT_UID}":"${NONROOT_GID}" /etc/ironic /etc/httpd /etc/httpd
 chown -R "${NONROOT_UID}":"${NONROOT_GID}" /etc/ironic-inspector
 chown -R "${NONROOT_UID}":"${NONROOT_GID}" /var/log
-chmod 2775 /etc/ironic /etc/ironic-inspector /etc/httpd/conf /etc/httpd/conf.d
+chmod 2775 /etc/ironic /etc/httpd/conf /etc/httpd/conf.d
-chmod 664 /etc/ironic/* /etc/ironic-inspector/* /etc/httpd/conf/* /etc/httpd/conf.d/*
+chmod 664 /etc/ironic/* /etc/httpd/conf/* /etc/httpd/conf.d/*
 chown -R "${NONROOT_UID}":"${NONROOT_GID}" /var/lib/ironic
-chown -R "${NONROOT_UID}":"${NONROOT_GID}" /var/lib/ironic-inspector
+chmod 664 /var/lib/ironic/ironic.sqlite
 chmod 2775 /var/lib/ironic /var/lib/ironic-inspector
 chmod 664 /var/lib/ironic/ironic.db /var/lib/ironic-inspector/ironic-inspector.db
 # dnsmasq, and the capabilities required to run it as non-root user
 chown -R "${NONROOT_UID}":"${NONROOT_GID}" /etc/dnsmasq.conf /var/lib/dnsmasq
@@ -48,3 +46,8 @@ chmod 664 /etc/dnsmasq.conf /var/lib/dnsmasq/dnsmasq.leases
 touch /var/lib/ca-certificates/ca-bundle.pem.new
 chown -R "${NONROOT_UID}":"${NONROOT_GID}" /var/lib/ca-certificates/
 chmod -R +w /var/lib/ca-certificates/
 # probes that are created before start
 touch /bin/ironic-{readi,live}ness
 chown root:"${NONROOT_GID}" /bin/ironic-{readi,live}ness
 chmod 775 /bin/ironic-{readi,live}ness
--- a/ironic-image/dnsmasq.conf.j2
+++ b/ironic-image/dnsmasq.conf.j2
@@ -29,13 +29,23 @@ dhcp-option=option{% if ":" in env["DNS_IP"] %}6{% endif %}:dns-server,{{ env["D
 # IPv4 Configuration:
 dhcp-match=ipxe,175
 # Client is already running iPXE; move to next stage of chainloading
 {%- if env.IPXE_TLS_SETUP == "true"  %}
 # iPXE with (U)EFI
 dhcp-boot=tag:efi,tag:ipxe,http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/custom-ipxe/snponly.efi
 # iPXE with BIOS
 dhcp-boot=tag:ipxe,http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/custom-ipxe/undionly.kpxe
 {% else %}
 dhcp-boot=tag:ipxe,http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/boot.ipxe
 {% endif %}
 # Note: Need to test EFI booting
 dhcp-match=set:efi,option:client-arch,7
 dhcp-match=set:efi,option:client-arch,9
 dhcp-match=set:efi,option:client-arch,11
-# Client is PXE booting over EFI without iPXE ROM; send EFI version of iPXE chainloader
+# Client is PXE booting over EFI without iPXE ROM; send EFI version of iPXE chainloader do the same also if iPXE ROM boots but TLS is enabled
 {%- if env.IPXE_TLS_SETUP == "true"  %}
 dhcp-boot=tag:efi,tag:ipxe,snponly.efi
 {% endif %}
 dhcp-boot=tag:efi,tag:!ipxe,snponly.efi
 # Client is running PXE over BIOS; send BIOS version of iPXE chainloader
--- a/ironic-image/httpd-ironic-api.conf.j2
+++ b/ironic-image/httpd-ironic-api.conf.j2
@@ -19,8 +19,6 @@ Listen {{ env.IRONIC_URL_HOST }}:{{ env.IRONIC_LISTEN_PORT }}
 <VirtualHost {{ env.IRONIC_URL_HOST }}:{{ env.IRONIC_LISTEN_PORT }}>
 {% endif %}
    {% if env.IRONIC_REVERSE_PROXY_SETUP | lower == "true" %}
    {% if env.IRONIC_PRIVATE_PORT == "unix" %}
    ProxyPass "/"  "unix:/shared/ironic.sock|http://127.0.0.1/"
    ProxyPassReverse "/"  "unix:/shared/ironic.sock|http://127.0.0.1/"
@@ -29,14 +27,8 @@ Listen {{ env.IRONIC_URL_HOST }}:{{ env.IRONIC_LISTEN_PORT }}
    ProxyPassReverse "/"  "http://127.0.0.1:{{ env.IRONIC_PRIVATE_PORT }}/"
    {% endif %}
    {% else %}
    WSGIDaemonProcess ironic user=ironic group=ironic threads=10 display-name=%{GROUP}
    WSGIScriptAlias / /usr/bin/ironic-api-wsgi
    {% endif %}
    SetEnv APACHE_RUN_USER ironic-suse
    SetEnv APACHE_RUN_GROUP ironic-suse
    WSGIProcessGroup ironic-suse
    ErrorLog /dev/stderr
    LogLevel debug
@@ -49,7 +41,6 @@ Listen {{ env.IRONIC_URL_HOST }}:{{ env.IRONIC_LISTEN_PORT }}
    SSLCertificateKeyFile {{ env.IRONIC_KEY_FILE }}
 {% endif %}
    {% if env.IRONIC_REVERSE_PROXY_SETUP | lower == "true" %}
    <Location />
         {% if "IRONIC_HTPASSWD" in env and env.IRONIC_HTPASSWD | length %}
            AuthType Basic
@@ -58,22 +49,6 @@ Listen {{ env.IRONIC_URL_HOST }}:{{ env.IRONIC_LISTEN_PORT }}
            Require valid-user
         {% endif %}
    </Location>
    {% else %}
    <Directory /usr/bin >
        WSGIProcessGroup ironic
        WSGIApplicationGroup %{GLOBAL}
        AllowOverride None
        {% if "IRONIC_HTPASSWD" in env and env.IRONIC_HTPASSWD | length %}
        AuthType Basic
        AuthName "Restricted WSGI area"
        AuthUserFile "/etc/ironic/htpasswd"
        Require valid-user
        {% else %}
        Require all granted
        {% endif %}
    </Directory>
    {% endif %}
    <Location ~ "^/(v1/?)?$" >
        Require all granted
--- a/ironic-image/httpd-modules.conf
+++ b/ironic-image/httpd-modules.conf
@@ -5,7 +5,6 @@ LoadModule dir_module /usr/lib64/apache2/mod_dir.so
 LoadModule authz_core_module /usr/lib64/apache2/mod_authz_core.so
 #LoadModule unixd_module modules/mod_unixd.so
 #LoadModule mpm_event_module modules/mod_mpm_event.so
 LoadModule wsgi_module /usr/lib64/apache2/mod_wsgi.so
 LoadModule ssl_module /usr/lib64/apache2/mod_ssl.so
 LoadModule env_module /usr/lib64/apache2/mod_env.so
 LoadModule proxy_module /usr/lib64/apache2/mod_proxy.so
--- a/ironic-image/httpd.conf.j2
+++ b/ironic-image/httpd.conf.j2
@@ -1,6 +1,6 @@
 ServerRoot "/etc/httpd"
 {%- if env.LISTEN_ALL_INTERFACES | lower == "true" %}
-Listen [::]:{{ env.HTTP_PORT }}
+Listen {{ env.HTTP_PORT }}
 {% else %}
 Listen {{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}
 {% endif %}
--- a/ironic-image/inspector.ipxe.j2
+++ b/ironic-image/inspector.ipxe.j2
@@ -5,6 +5,6 @@ echo In inspector.ipxe
 imgfree
 # NOTE(dtantsur): keep inspection kernel params in [mdns]params in
 # ironic-inspector-image and configuration in configure-ironic.sh
-kernel --timeout 60000 http://{{ env.IRONIC_IP }}:{{ env.HTTP_PORT }}/images/ironic-python-agent.kernel ipa-insecure=1 ipa-inspection-collectors={{ env.IRONIC_IPA_COLLECTORS }} systemd.journald.forward_to_console=yes BOOTIF=${mac} ipa-debug=1 ipa-enable-vlan-interfaces={{ env.IRONIC_INSPECTOR_VLAN_INTERFACES }} ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 {{ env.INSPECTOR_EXTRA_ARGS }} initrd=ironic-python-agent.initramfs {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} || goto retry_boot
+kernel --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent.kernel ipa-insecure=1 ipa-inspection-collectors={{ env.IRONIC_IPA_COLLECTORS }} systemd.journald.forward_to_console=yes BOOTIF=${mac} ipa-debug=1 ipa-enable-vlan-interfaces={{ env.IRONIC_ENABLE_VLAN_INTERFACES }} ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 {{ env.INSPECTOR_EXTRA_ARGS }} initrd=ironic-python-agent.initramfs {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} || goto retry_boot
-initrd --timeout 60000 http://{{ env.IRONIC_IP }}:{{ env.HTTP_PORT }}/images/ironic-python-agent.initramfs || goto retry_boot
+initrd --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent.initramfs || goto retry_boot
 boot
--- a/ironic-image/ipxe_config.template
+++ b/ironic-image/ipxe_config.template
@@ -0,0 +1,81 @@
 #!ipxe
 set attempts:int32 10
 set i:int32 0
 goto deploy
 :deploy
 imgfree
 {%- if pxe_options.deployment_aki_path %}
 {%- set aki_path_https_elements = pxe_options.deployment_aki_path.split(':') %}
 {%- set aki_port_and_path = aki_path_https_elements[2].split('/') %}
 {%- set aki_afterport = aki_port_and_path[1:]|join('/') %}
 {%- set aki_path_https = ['https:', aki_path_https_elements[1], ':8084/', aki_afterport]|join %}
 {%- endif %}
 {%- if pxe_options.deployment_ari_path %}
 {%- set ari_path_https_elements = pxe_options.deployment_ari_path.split(':') %}
 {%- set ari_port_and_path = ari_path_https_elements[2].split('/') %}
 {%- set ari_afterport = ari_port_and_path[1:]|join('/') %}
 {%- set ari_path_https = ['https:', ari_path_https_elements[1], ':8084/', ari_afterport]|join %}
 {%- endif %}
 kernel {% if pxe_options.ipxe_timeout > 0 %}--timeout {{ pxe_options.ipxe_timeout }} {% endif %}{{ aki_path_https }} selinux=0 troubleshoot=0 text {{ pxe_options.pxe_append_params|default("", true) }} BOOTIF=${mac} initrd={{ pxe_options.initrd_filename|default("deploy_ramdisk", true) }} || goto retry
 initrd {% if pxe_options.ipxe_timeout > 0 %}--timeout {{ pxe_options.ipxe_timeout }} {% endif %}{{ ari_path_https }} || goto retry
 boot
 :retry
 iseq ${i} ${attempts} && goto fail ||
 inc i
 echo No response, retrying in ${i} seconds.
 sleep ${i}
 goto deploy
 :fail
 echo Failed to get a response after ${attempts} attempts
 echo Powering off in 30 seconds.
 sleep 30
 poweroff
 :boot_anaconda
 imgfree
 kernel {% if pxe_options.ipxe_timeout > 0 %}--timeout {{ pxe_options.ipxe_timeout }} {% endif %}{{ aki_path_https }} text {{ pxe_options.pxe_append_params|default("", true) }} inst.ks={{ pxe_options.ks_cfg_url }} {% if pxe_options.repo_url %}inst.repo={{ pxe_options.repo_url }}{% else %}inst.stage2={{ pxe_options.stage2_url }}{% endif %} initrd=ramdisk || goto boot_anaconda
 initrd {% if pxe_options.ipxe_timeout > 0 %}--timeout {{ pxe_options.ipxe_timeout }} {% endif %}{{ ari_path_https }} || goto boot_anaconda
 boot
 :boot_ramdisk
 imgfree
 {%- if pxe_options.boot_iso_url %}
 sanboot {{ pxe_options.boot_iso_url }}
 {%- else %}
 kernel {% if pxe_options.ipxe_timeout > 0 %}--timeout {{ pxe_options.ipxe_timeout }} {% endif %}{{ aki_path_https }} root=/dev/ram0 text {{ pxe_options.pxe_append_params|default("", true) }} {{ pxe_options.ramdisk_opts|default('', true) }} initrd=ramdisk || goto boot_ramdisk
 initrd {% if pxe_options.ipxe_timeout > 0 %}--timeout {{ pxe_options.ipxe_timeout }} {% endif %}{{ ari_path_https }} || goto boot_ramdisk
 boot
 {%- endif %}
 {%- if pxe_options.boot_from_volume %}
 :boot_iscsi
 imgfree
 {% if pxe_options.username %}set username {{ pxe_options.username }}{% endif %}
 {% if pxe_options.password %}set password {{ pxe_options.password }}{% endif %}
 {% if pxe_options.iscsi_initiator_iqn %}set initiator-iqn {{ pxe_options.iscsi_initiator_iqn }}{% endif %}
 sanhook --drive 0x80 {{ pxe_options.iscsi_boot_url }} || goto fail_iscsi_retry
 {%- if pxe_options.iscsi_volumes %}{% for i, volume in enumerate(pxe_options.iscsi_volumes) %}
 set username {{ volume.username }}
 set password {{ volume.password }}
 {%- set drive_id = 129 + i %}
 sanhook --drive {{ '0x%x' % drive_id }} {{ volume.url }} || goto fail_iscsi_retry
 {%- endfor %}{% endif %}
 {% if pxe_options.iscsi_volumes %}set username {{ pxe_options.username }}{% endif %}
 {% if pxe_options.iscsi_volumes %}set password {{ pxe_options.password }}{% endif %}
 sanboot --no-describe || goto fail_iscsi_retry
 :fail_iscsi_retry
 echo Failed to attach iSCSI volume(s), retrying in 10 seconds.
 sleep 10
 goto boot_iscsi
 {%- endif %}
 :boot_whole_disk
 sanboot --no-describe || exit 0
--- a/ironic-image/ironic-common.sh
+++ b/ironic-image/ironic-common.sh
@@ -6,6 +6,7 @@ IRONIC_IP="${IRONIC_IP:-}"
 PROVISIONING_INTERFACE="${PROVISIONING_INTERFACE:-}"
 PROVISIONING_IP="${PROVISIONING_IP:-}"
 PROVISIONING_MACS="${PROVISIONING_MACS:-}"
 IPXE_CUSTOM_FIRMWARE_DIR="${IPXE_CUSTOM_FIRMWARE_DIR:-/shared/custom_ipxe_firmware}"
 get_provisioning_interface()
 {
@@ -72,7 +73,10 @@ wait_for_interface_or_ip()
 render_j2_config()
 {
    ls $1 # DEBUG
    python3 -c 'import os; import sys; import jinja2; sys.stdout.write(jinja2.Template(sys.stdin.read()).render(env=os.environ))' < "$1"
    python3 -c 'import os; import sys; import jinja2; sys.stdout.write(jinja2.Template(sys.stdin.read()).render(env=os.environ))' < "$1" > "$2"
    ls $2 # DEBUG
 }
 run_ironic_dbsync()
@@ -86,25 +90,18 @@ run_ironic_dbsync()
        done
    else
        # SQLite does not support some statements. Fortunately, we can just create
-        # the schema in one go instead of going through an upgrade.
+        # the schema in one go if not already created, instead of going through an upgrade
-        ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema
+        DB_VERSION="$(ironic-dbsync --config-file /etc/ironic/ironic.conf version)"
        if [[ "${DB_VERSION}" == "None" ]]; then
            ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema
        fi
    fi
 }
 # Use the special value "unix" for unix sockets
-export IRONIC_PRIVATE_PORT=${IRONIC_PRIVATE_PORT:-6388}
+export IRONIC_PRIVATE_PORT=${IRONIC_PRIVATE_PORT:-unix}
 export IRONIC_INSPECTOR_PRIVATE_PORT=${IRONIC_INSPECTOR_PRIVATE_PORT:-5049}
 export IRONIC_ACCESS_PORT=${IRONIC_ACCESS_PORT:-6385}
 export IRONIC_LISTEN_PORT=${IRONIC_LISTEN_PORT:-$IRONIC_ACCESS_PORT}
-export IRONIC_INSPECTOR_ACCESS_PORT=${IRONIC_INSPECTOR_ACCESS_PORT:-5050}
+export IRONIC_ENABLE_DISCOVERY=${IRONIC_ENABLE_DISCOVERY:-${IRONIC_INSPECTOR_ENABLE_DISCOVERY:-false}}
 export IRONIC_INSPECTOR_LISTEN_PORT=${IRONIC_INSPECTOR_LISTEN_PORT:-$IRONIC_INSPECTOR_ACCESS_PORT}
 # If this is false, built-in inspection is used.
 export USE_IRONIC_INSPECTOR=${USE_IRONIC_INSPECTOR:-true}
 export IRONIC_INSPECTOR_ENABLE_DISCOVERY=${IRONIC_INSPECTOR_ENABLE_DISCOVERY:-false}
 if [[ "${USE_IRONIC_INSPECTOR}" != "true" ]] && [[ "${IRONIC_INSPECTOR_ENABLE_DISCOVERY}" == "true" ]]; then
    echo "Discovery is only supported with ironic-inspector at this point"
    exit 1
 fi
--- a/ironic-image/ironic-probe.j2
+++ b/ironic-image/ironic-probe.j2
@@ -0,0 +1,9 @@
 #!/bin/bash
 set -eu -o pipefail
 curl -sSf {{ env.PROBE_CURL_ARGS }} "{{ env.PROBE_URL }}"
 # TODO(dtantsur): when PROBE_KIND==readiness, try the conductor and driver API
 # to make sure the conductor is ready. This requires having access to secrets
 # since these endpoints are authenticated.
--- a/ironic-image/ironic.conf.j2
+++ b/ironic-image/ironic.conf.j2
@@ -1,28 +1,22 @@
 [DEFAULT]
 {% if env.AUTH_STRATEGY is defined %}
 auth_strategy = {{ env.AUTH_STRATEGY }}
 {% if env.AUTH_STRATEGY == "http_basic" %}
 http_basic_auth_user_file=/etc/ironic/htpasswd
 {% endif %}
 {% else %}
 auth_strategy = noauth
 {% endif %}
 debug = true
 default_deploy_interface = direct
-default_inspect_interface = {% if env.USE_IRONIC_INSPECTOR == "true" %}inspector{% else %}agent{% endif %}
+default_inspect_interface = agent
 default_network_interface = noop
-enabled_bios_interfaces = idrac-wsman,no-bios,redfish,idrac-redfish,irmc,ilo
+enabled_bios_interfaces = no-bios,redfish,idrac-redfish,irmc,ilo
-enabled_boot_interfaces = ipxe,ilo-ipxe,pxe,ilo-pxe,fake,redfish-virtual-media,idrac-redfish-virtual-media,ilo-virtual-media
+enabled_boot_interfaces = ipxe,ilo-ipxe,pxe,ilo-pxe,fake,redfish-virtual-media,idrac-redfish-virtual-media,ilo-virtual-media,redfish-https
 enabled_deploy_interfaces = direct,fake,ramdisk,custom-agent
 enabled_firmware_interfaces = no-firmware,fake,redfish
 # NOTE(dtantsur): when changing this, make sure to update the driver
 # dependencies in Dockerfile.
 enabled_hardware_types = ipmi,idrac,irmc,fake-hardware,redfish,manual-management,ilo,ilo5
-enabled_inspect_interfaces = {% if env.USE_IRONIC_INSPECTOR == "true" %}inspector{% else %}agent{% endif %},idrac-wsman,irmc,fake,redfish,ilo
+enabled_inspect_interfaces = agent,irmc,fake,redfish,ilo
-enabled_management_interfaces = ipmitool,idrac-wsman,irmc,fake,redfish,idrac-redfish,ilo,ilo5,noop
+enabled_management_interfaces = ipmitool,irmc,fake,redfish,idrac-redfish,ilo,ilo5,noop
-enabled_power_interfaces = ipmitool,idrac-wsman,irmc,fake,redfish,idrac-redfish,ilo
+enabled_network_interfaces = noop
-enabled_raid_interfaces = no-raid,irmc,agent,fake,idrac-wsman,redfish,idrac-redfish,ilo5
+enabled_power_interfaces = ipmitool,irmc,fake,redfish,idrac-redfish,ilo
-enabled_vendor_interfaces = no-vendor,ipmitool,idrac-wsman,idrac-redfish,redfish,ilo,fake
+enabled_raid_interfaces = no-raid,irmc,agent,fake,redfish,idrac-redfish,ilo5
-enabled_firmware_interfaces = no-firmware,fake,redfish
+enabled_vendor_interfaces = no-vendor,ipmitool,idrac-redfish,redfish,ilo,fake
 {% if env.IRONIC_EXPOSE_JSON_RPC | lower == "true" %}
 rpc_transport = json-rpc
 {% else %}
@@ -32,14 +26,7 @@ use_stderr = true
 # NOTE(dtantsur): the default md5 is not compatible with FIPS mode
 hash_ring_algorithm = sha256
 my_ip = {{ env.IRONIC_IP }}
 {% if env.IRONIC_DEPLOYMENT == "Conductor" and env.JSON_RPC_AUTH_STRATEGY == "noauth" %}
 # if access is unauthenticated, we bind only to localhost - use that as the
 # host name also, so that the client can find the server
 # If we run both API and conductor in the same pod, use localhost
 host = localhost
 {% else %}
 host = {{ env.IRONIC_CONDUCTOR_HOST }}
 {% endif %}
 # If a path to a certificate is defined, use that first for webserver
 {% if env.WEBSERVER_CACERT_FILE %}
@@ -96,7 +83,7 @@ send_sensor_data = {{ env.SEND_SENSOR_DATA }}
 # Power state is checked every 60 seconds and BMC activity should
 # be avoided more often than once every sixty seconds.
 send_sensor_data_interval = 160
-bootloader = {{ env.IRONIC_BOOT_BASE_URL }}/uefi_esp.img
+bootloader = http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/uefi_esp.img
 verify_step_priority_override = management.clear_job_queue:90
 # We don't use this feature, and it creates an additional load on the database
 node_history = False
@@ -125,7 +112,7 @@ default_boot_option = local
 erase_devices_metadata_priority = 10
 erase_devices_priority = 0
 http_root = /shared/html/
-http_url = {{ env.IRONIC_BOOT_BASE_URL }}
+http_url = http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}
 fast_track = {{ env.IRONIC_FAST_TRACK }}
 {% if env.IRONIC_BOOT_ISO_SOURCE %}
 ramdisk_image_download_source = {{ env.IRONIC_BOOT_ISO_SOURCE }}
@@ -143,26 +130,22 @@ external_callback_url = {{ env.IRONIC_EXTERNAL_CALLBACK_URL }}
 dhcp_provider = none
 [inspector]
 # NOTE(dtantsur): we properly configure the "unmanaged" inspection boot (i.e.
 # booting IPA through a separate inspector.ipxe rather than the driver's boot
 # interface), so managed boot is not required.
 require_managed_boot = False
 power_off = {{ false if env.IRONIC_FAST_TRACK == "true" else true }}
 # NOTE(dtantsur): keep inspection arguments synchronized with inspector.ipxe
 # Also keep in mind that only parameters unique for inspection go here.
 # No need to duplicate pxe_append_params/kernel_append_params.
-extra_kernel_params = ipa-inspection-collectors={{ env.IRONIC_IPA_COLLECTORS }} ipa-enable-vlan-interfaces={{ env.IRONIC_INSPECTOR_VLAN_INTERFACES }} ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 net.ifnames={{ '0' if env.PREDICTABLE_NIC_NAMES == 'false' else '1' }}
+extra_kernel_params = ipa-inspection-collectors={{ env.IRONIC_IPA_COLLECTORS }} ipa-enable-vlan-interfaces={{ env.IRONIC_ENABLE_VLAN_INTERFACES }} ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1
 {% if env.USE_IRONIC_INSPECTOR == "true" %}
 endpoint_override = {{ env.IRONIC_INSPECTOR_BASE_URL }}
 {% if env.IRONIC_INSPECTOR_TLS_SETUP == "true" %}
 cafile = {{ env.IRONIC_INSPECTOR_CACERT_FILE }}
 insecure = {{ env.IRONIC_INSPECTOR_INSECURE }}
 {% endif %}
 {% if env.IRONIC_INSPECTOR_CALLBACK_ENDPOINT_OVERRIDE %}
 callback_endpoint_override = {{ env.IRONIC_INSPECTOR_CALLBACK_ENDPOINT_OVERRIDE }}
 {% endif %}
 {% else %}
 hooks = $default_hooks,parse-lldp
 add_ports = all
 keep_ports = present
-{% endif %}
+
 [auto_discovery]
 enabled = {{ env.IRONIC_ENABLE_DISCOVERY }}
 driver = ipmi
 [ipmi]
 # use_ipmitool_retries transfers the responsibility of retrying to ipmitool
@@ -191,15 +174,9 @@ cipher_suite_versions = 3,17
 # authentication over localhost, using the same credentials as API, to prevent
 # unauthenticated connections from other processes in the same host since the
 # containers are in host networking.
-auth_strategy = {{ env.JSON_RPC_AUTH_STRATEGY }}
+auth_strategy = http_basic
 http_basic_auth_user_file = /etc/ironic/htpasswd-rpc
 {% if env.IRONIC_DEPLOYMENT == "Conductor" and env.JSON_RPC_AUTH_STRATEGY == "noauth" %}
 # if access is unauthenticated, we bind only to localhost - use that as the
 # host name also, so that the client can find the server
 host_ip = localhost
 {% else %}
 host_ip = {% if env.LISTEN_ALL_INTERFACES | lower == "true" %}::{% else %}{{ env.IRONIC_IP }}{% endif %}
 {% endif %}
 {% if env.IRONIC_TLS_SETUP == "true" %}
 use_ssl = true
 cafile = {{ env.IRONIC_CACERT_FILE }}
@@ -224,24 +201,27 @@ images_path = /shared/html/tmp
 instance_master_path = /shared/html/master_images
 tftp_master_path = /shared/tftpboot/master_images
 tftp_root = /shared/tftpboot
-kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes
+kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.ENABLE_FIPS_IPA %}fips={{ env.ENABLE_FIPS_IPA|trim }}{% endif %} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes net.ifnames={{ '0' if env.PREDICTABLE_NIC_NAMES == 'false' else '1' }}
 # This makes networking boot templates generated even for nodes using local
 # boot (the default), ensuring that they boot correctly even if they start
 # netbooting for some reason (e.g. with the noop management interface).
 enable_netboot_fallback = true
 # Enable the fallback path to in-band inspection
 ipxe_fallback_script = inspector.ipxe
 {% if env.IPXE_TLS_SETUP | lower == "true" %}
 ipxe_config_template = /tmp/ipxe_config.template
 {% endif %}
 [redfish]
 use_swift = false
-kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes
+kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.ENABLE_FIPS_IPA %}fips={{ env.ENABLE_FIPS_IPA|trim }}{% endif %} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes net.ifnames={{ '0' if env.PREDICTABLE_NIC_NAMES == 'false' else '1' }}
 [ilo]
-kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes
+kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.ENABLE_FIPS_IPA %}fips={{ env.ENABLE_FIPS_IPA|trim }}{% endif %} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes net.ifnames={{ '0' if env.PREDICTABLE_NIC_NAMES == 'false' else '1' }}
 use_web_server_for_images = true
 [irmc]
-kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes
+kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.ENABLE_FIPS_IPA %}fips={{ env.ENABLE_FIPS_IPA|trim }}{% endif %} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes net.ifnames={{ '0' if env.PREDICTABLE_NIC_NAMES == 'false' else '1' }}
 [service_catalog]
 endpoint_override = {{ env.IRONIC_BASE_URL }}
--- a/ironic-image/rundnsmasq
+++ b/ironic-image/rundnsmasq
@@ -4,6 +4,8 @@ set -eux
 # shellcheck disable=SC1091
 . /bin/ironic-common.sh
 # shellcheck disable=SC1091
 . /bin/tls-common.sh
 export HTTP_PORT=${HTTP_PORT:-80}
 DNSMASQ_EXCEPT_INTERFACE=${DNSMASQ_EXCEPT_INTERFACE:-lo}
@@ -19,7 +21,13 @@ mkdir -p /shared/html/images
 mkdir -p /shared/html/pxelinux.cfg
 # Copy files to shared mount
-cp /tftpboot/undionly.kpxe /tftpboot/snponly.efi /shared/tftpboot
+if [[ -r "${IPXE_CUSTOM_FIRMWARE_DIR}" ]]; then
    cp "${IPXE_CUSTOM_FIRMWARE_DIR}/undionly.kpxe" \
        "${IPXE_CUSTOM_FIRMWARE_DIR}/snponly.efi" \
        "/shared/tftpboot"
 else
    cp /tftpboot/undionly.kpxe /tftpboot/snponly.efi /shared/tftpboot
 fi
 # Template and write dnsmasq.conf
 # we template via /tmp as sed otherwise creates temp files in /etc directory
--- a/ironic-image/runhttpd
+++ b/ironic-image/runhttpd
@@ -8,10 +8,7 @@
 export HTTP_PORT=${HTTP_PORT:-80}
 export VMEDIA_TLS_PORT=${VMEDIA_TLS_PORT:-8083}
 INSPECTOR_ORIG_HTTPD_CONFIG=/etc/httpd/conf.d/inspector-apache.conf.j2
 INSPECTOR_RESULT_HTTPD_CONFIG=/etc/httpd/conf.d/ironic-inspector.conf
 export IRONIC_REVERSE_PROXY_SETUP=${IRONIC_REVERSE_PROXY_SETUP:-false}
 export INSPECTOR_REVERSE_PROXY_SETUP=${INSPECTOR_REVERSE_PROXY_SETUP:-false}
 # In Metal3 context they are called node images in Ironic context they are
 # called user images.
@@ -33,11 +30,7 @@ chmod 0777 /shared/html
 IRONIC_BASE_URL="${IRONIC_SCHEME}://${IRONIC_URL_HOST}"
-if [[ "${USE_IRONIC_INSPECTOR}" == "true" ]]; then
+INSPECTOR_EXTRA_ARGS=" ipa-inspection-callback-url=${IRONIC_BASE_URL}:${IRONIC_ACCESS_PORT}/v1/continue_inspection"
    INSPECTOR_EXTRA_ARGS=" ipa-inspection-callback-url=${IRONIC_BASE_URL}:${IRONIC_INSPECTOR_ACCESS_PORT}/v1/continue"
 else
    INSPECTOR_EXTRA_ARGS=" ipa-inspection-callback-url=${IRONIC_BASE_URL}:${IRONIC_ACCESS_PORT}/v1/continue_inspection"
 fi
 if [[ "$IRONIC_FAST_TRACK" == "true" ]]; then
    INSPECTOR_EXTRA_ARGS+=" ipa-api-url=${IRONIC_BASE_URL}:${IRONIC_ACCESS_PORT}"
@@ -51,14 +44,6 @@ cp /tmp/uefi_esp.img /shared/html/uefi_esp.img
 # Render the core httpd config
 render_j2_config /etc/httpd/conf/httpd.conf.j2 /etc/httpd/conf/httpd.conf
 if [[ "$USE_IRONIC_INSPECTOR" == "true" ]] && [[ "$IRONIC_INSPECTOR_TLS_SETUP" == "true" ]]; then
    if [[ "${INSPECTOR_REVERSE_PROXY_SETUP}" == "true" ]]; then
        render_j2_config "$INSPECTOR_ORIG_HTTPD_CONFIG" "$INSPECTOR_RESULT_HTTPD_CONFIG"
    fi
 else
    export INSPECTOR_REVERSE_PROXY_SETUP="false" # If TLS is not used, we have no reason to use the reverse proxy
 fi
 if [[ "$IRONIC_TLS_SETUP" == "true" ]]; then
    if [[ "${IRONIC_REVERSE_PROXY_SETUP}" == "true" ]]; then
        render_j2_config /tmp/httpd-ironic-api.conf.j2 /etc/httpd/conf.d/ironic.conf
@@ -74,12 +59,14 @@ if [[ "$IRONIC_VMEDIA_TLS_SETUP" == "true" ]]; then
    render_j2_config /etc/httpd-vmedia.conf.j2 /etc/httpd/conf.d/vmedia.conf
 fi
-# Set up inotify to kill the container (restart) whenever cert files for ironic inspector change
+# Render httpd TLS configuration for /shared/html
-if [[ "$IRONIC_INSPECTOR_TLS_SETUP" == "true" ]] && [[ "${RESTART_CONTAINER_CERTIFICATE_UPDATED}" == "true" ]]; then
+if [[ "$IPXE_TLS_SETUP" == "true" ]]; then
-    # shellcheck disable=SC2034
+    mkdir -p /shared/html/custom-ipxe
-    inotifywait -m -e delete_self "${IRONIC_INSPECTOR_CERT_FILE}" | while read -r file event; do
+    chmod 0777 /shared/html/custom-ipxe
-        kill -WINCH $(pgrep httpd)
+    render_j2_config "/etc/httpd-ipxe.conf.j2" "/etc/httpd/conf.d/ipxe.conf"
-    done &
+    cp "${IPXE_CUSTOM_FIRMWARE_DIR}/undionly.kpxe" \
       "${IPXE_CUSTOM_FIRMWARE_DIR}/snponly.efi" \
       "/shared/html/custom-ipxe"
 fi
 # Set up inotify to kill the container (restart) whenever cert files for ironic api change
--- a/ironic-image/runironic
+++ b/ironic-image/runironic
@@ -1,9 +1,7 @@
 #!/usr/bin/bash
-# These settings must go before configure-ironic since it has different
+# This setting must go before configure-ironic since it has different defaults.
 # defaults.
 export IRONIC_USE_MARIADB=${IRONIC_USE_MARIADB:-false}
 export IRONIC_EXPOSE_JSON_RPC=${IRONIC_EXPOSE_JSON_RPC:-false}
 # shellcheck disable=SC1091
 . /bin/configure-ironic.sh
--- a/ironic-image/runlogwatch.sh
+++ b/ironic-image/runlogwatch.sh
@@ -1,20 +1,11 @@
 #!/usr/bin/bash
 # Ramdisk logs path
-LOG_DIRS=("/shared/log/ironic/deploy" "/shared/log/ironic-inspector/ramdisk")
+LOG_DIR="/shared/log/ironic/deploy"
-while :; do
+inotifywait -m "${LOG_DIR}" -e close_write |
-    for LOG_DIR in "${LOG_DIRS[@]}"; do
+    while read -r path _action file; do
-        if ! ls "${LOG_DIR}"/*.tar.gz 1> /dev/null 2>&1; then
+        echo "************ Contents of ${path}/${file} ramdisk log file bundle **************"
-            continue
+        tar -xOzvvf "${path}/${file}" | sed -e "s/^/${file}: /"
-        fi
+        rm -f "${path}/${file}"
        for fn in "${LOG_DIR}"/*.tar.gz; do
            echo "************ Contents of $fn ramdisk log file bundle **************"
            tar -xOzvvf "$fn" | sed -e "s/^/$(basename "$fn"): /"
            rm -f "$fn"
        done
    done
    sleep 5
 done
--- a/ironic-image/tls-common.sh
+++ b/ironic-image/tls-common.sh
@@ -5,24 +5,25 @@ export IRONIC_KEY_FILE=/certs/ironic/tls.key
 export IRONIC_CACERT_FILE=/certs/ca/ironic/tls.crt
 export IRONIC_INSECURE=${IRONIC_INSECURE:-false}
 export IRONIC_SSL_PROTOCOL=${IRONIC_SSL_PROTOCOL:-"-ALL +TLSv1.2 +TLSv1.3"}
 export IPXE_SSL_PROTOCOL=${IPXE_SSL_PROTOCOL:-"-ALL +TLSv1.2 +TLSv1.3"}
 export IRONIC_VMEDIA_SSL_PROTOCOL=${IRONIC_VMEDIA_SSL_PROTOCOL:-"ALL"}
 export IRONIC_INSPECTOR_CERT_FILE=/certs/ironic-inspector/tls.crt
 export IRONIC_INSPECTOR_KEY_FILE=/certs/ironic-inspector/tls.key
 export IRONIC_INSPECTOR_CACERT_FILE=/certs/ca/ironic-inspector/tls.crt
 export IRONIC_INSPECTOR_INSECURE=${IRONIC_INSPECTOR_INSECURE:-$IRONIC_INSECURE}
 export IRONIC_VMEDIA_CERT_FILE=/certs/vmedia/tls.crt
 export IRONIC_VMEDIA_KEY_FILE=/certs/vmedia/tls.key
 export IPXE_CERT_FILE=/certs/ipxe/tls.crt
 export IPXE_KEY_FILE=/certs/ipxe/tls.key
 export RESTART_CONTAINER_CERTIFICATE_UPDATED=${RESTART_CONTAINER_CERTIFICATE_UPDATED:-"false"}
 export MARIADB_CACERT_FILE=/certs/ca/mariadb/tls.crt
 export IPXE_TLS_PORT="${IPXE_TLS_PORT:-8084}"
 mkdir -p /certs/ironic
 mkdir -p /certs/ironic-inspector
 mkdir -p /certs/ca/ironic
-mkdir -p /certs/ca/ironic-inspector
+mkdir -p /certs/ipxe
 mkdir -p /certs/vmedia
 if [[ -f "$IRONIC_CERT_FILE" ]] && [[ ! -f "$IRONIC_KEY_FILE" ]]; then
    echo "Missing TLS Certificate key file $IRONIC_KEY_FILE"
@@ -33,15 +34,6 @@ if [[ ! -f "$IRONIC_CERT_FILE" ]] && [[ -f "$IRONIC_KEY_FILE" ]]; then
    exit 1
 fi
 if [[ -f "$IRONIC_INSPECTOR_CERT_FILE" ]] && [[ ! -f "$IRONIC_INSPECTOR_KEY_FILE" ]]; then
    echo "Missing TLS Certificate key file $IRONIC_INSPECTOR_KEY_FILE"
    exit 1
 fi
 if [[ ! -f "$IRONIC_INSPECTOR_CERT_FILE" ]] && [[ -f "$IRONIC_INSPECTOR_KEY_FILE" ]]; then
    echo "Missing TLS Certificate file $IRONIC_INSPECTOR_CERT_FILE"
    exit 1
 fi
 if [[ -f "$IRONIC_VMEDIA_CERT_FILE" ]] && [[ ! -f "$IRONIC_VMEDIA_KEY_FILE" ]]; then
    echo "Missing TLS Certificate key file $IRONIC_VMEDIA_KEY_FILE"
    exit 1
@@ -51,6 +43,15 @@ if [[ ! -f "$IRONIC_VMEDIA_CERT_FILE" ]] && [[ -f "$IRONIC_VMEDIA_KEY_FILE" ]];
    exit 1
 fi
 if [[ -f "$IPXE_CERT_FILE" ]] && [[ ! -f "$IPXE_KEY_FILE" ]]; then
    echo "Missing TLS Certificate key file $IPXE_KEY_FILE"
    exit 1
 fi
 if [[ ! -f "$IPXE_CERT_FILE" ]] && [[ -f "$IPXE_KEY_FILE" ]]; then
    echo "Missing TLS Certificate file $IPXE_CERT_FILE"
    exit 1
 fi
 copy_atomic()
 {
    local src="$1"
@@ -75,25 +76,20 @@ else
    export IRONIC_SCHEME="http"
 fi
 if [[ -f "$IRONIC_INSPECTOR_CERT_FILE" ]] || [[ -f "$IRONIC_INSPECTOR_CACERT_FILE" ]]; then
    export IRONIC_INSPECTOR_TLS_SETUP="true"
    export IRONIC_INSPECTOR_SCHEME="https"
    if [[ ! -f "$IRONIC_INSPECTOR_CACERT_FILE" ]]; then
        copy_atomic "$IRONIC_INSPECTOR_CERT_FILE" "$IRONIC_INSPECTOR_CACERT_FILE"
    fi
 else
    export IRONIC_INSPECTOR_TLS_SETUP="false"
    export IRONIC_INSPECTOR_SCHEME="http"
 fi
 if [[ -f "$IRONIC_VMEDIA_CERT_FILE" ]]; then
    export IRONIC_VMEDIA_SCHEME="https"
    export IRONIC_VMEDIA_TLS_SETUP="true"
 else
    export IRONIC_VMEDIA_SCHEME="http"
    export IRONIC_VMEDIA_TLS_SETUP="false"
 fi
 if [[ -f "$IPXE_CERT_FILE" ]]; then
    export IPXE_SCHEME="https"
    export IPXE_TLS_SETUP="true"
 else
    export IPXE_SCHEME="http"
    export IPXE_TLS_SETUP="false"
 fi
 if [[ -f "$MARIADB_CACERT_FILE" ]]; then
    export MARIADB_TLS_ENABLED="true"
 else
--- a/ironic-ipa-downloader-image/Dockerfile
+++ b/ironic-ipa-downloader-image/Dockerfile
@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:2.0.0
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.0
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:2.0.0-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.0-%RELEASE%
 #!BuildVersion: 15.6
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
@@ -8,7 +8,7 @@ FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
 COPY --from=micro / /installroot/
 RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
-RUN zypper --installroot /installroot --non-interactive install --no-recommends openstack-ironic-image-x86_64 python311-devel python311 python311-pip tar gawk git curl xz fakeroot shadow sed cpio; zypper -n clean; rm -rf /var/log/*
+RUN zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-x86_64 python311-devel python311 python311-pip tar gawk git curl xz fakeroot shadow sed cpio; zypper -n clean; rm -rf /var/log/*
 #RUN zypper --installroot /installroot --non-interactive install --no-recommends sles-release;
 RUN cp /usr/bin/getopt /installroot/
@@ -19,13 +19,13 @@ FROM micro AS final
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
 LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="2.0.0"
+LABEL org.opencontainers.image.version="3.0.0"
 LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:2.0.0-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.0-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="l3"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
 LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
 LABEL com.suse.image-type="application"
--- a/ironic-ipa-downloader-image/_service
+++ b/ironic-ipa-downloader-image/_service
@@ -3,8 +3,8 @@
  <service mode="buildtime" name="docker_label_helper"/>
  <service name="replace_using_package_version" mode="buildtime">
    <param name="file">Dockerfile</param>
-    <param name="regex">%%openstack-ironic-image-x86_64_version%%</param>
+    <param name="regex">%%ironic-ipa-ramdisk-x86_64_version%%</param>
-    <param name="package">openstack-ironic-image-x86_64</param>
+    <param name="package">ironic-ipa-ramdisk-x86_64</param>
    <param name="parse-version">patch</param>
  </service>
  <service name="replace_using_env" mode="buildtime">
@@ -13,5 +13,7 @@
    <param name="var">IMG_PREFIX</param>
    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
    <param name="var">IMG_REPO</param>
    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
    <param name="var">SUPPORT_LEVEL</param>
  </service>
 </services>
--- a/openstack-ironic-image/_constraints
+++ b/openstack-ironic-image/_constraints
--- a/openstack-ironic-image/config.sh
+++ b/openstack-ironic-image/config.sh
--- a/openstack-ironic-image/openstack-ironic-image.kiwi
+++ b/openstack-ironic-image/openstack-ironic-image.kiwi
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<image schemaversion="7.4" name="openstack-ironic-image">
+<image schemaversion="7.4" name="openstack-ironic-image-201">
    <description type="system">
        <author>Cloud developers</author>
        <contact>cloud-devel@suse.de</contact>
--- a/openstack-ironic-image/openstack-ironic-image.spec
+++ b/openstack-ironic-image/openstack-ironic-image.spec
@@ -18,15 +18,15 @@
 # needsbinariesforbuild
-Name:           openstack-ironic-image
+Name:           ironic-ipa-ramdisk
-Version:        2.0.0
+Version:        3.0.0
 Release:        0
 Summary:        Kernel and ramdisk image for OpenStack Ironic
 License:        SUSE-EULA
 Group:          System/Management
 URL:            https://github.com/SUSE-Cloud/
 Source0:        config.sh
-Source10:       openstack-ironic-image.kiwi
+Source10:       ironic-ipa-ramdisk.kiwi
 Source20:       root.tar.bz2
 BuildRequires:  -post-build-checks
--- a/ironic-ipa-ramdisk/root.tar.bz2
+++ b/ironic-ipa-ramdisk/root.tar.bz2
--- a/kube-rbac-proxy-image/Dockerfile
+++ b/kube-rbac-proxy-image/Dockerfile
@@ -0,0 +1,35 @@
 # SPDX-License-Identifier: Apache-2.0
 #!BuildTag: %%IMG_PREFIX%%kube-rbac-proxy:%%kube-rbac-proxy_version%%
 #!BuildTag: %%IMG_PREFIX%%kube-rbac-proxy:%%kube-rbac-proxy_version%%-%RELEASE%
 #!BuildVersion: 15.6
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
 COPY --from=micro / /installroot/
 RUN zypper --installroot /installroot --non-interactive install --no-recommends kube-rbac-proxy; zypper -n clean; rm -rf /var/log/*
 FROM micro AS final
 # Define labels according to https://en.opensuse.org/Building_derived_containers
 # labelprefix=com.suse.application.kube-rbac-proxy
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SLE kube-rbac-proxy Container Image"
 LABEL org.opencontainers.image.description="kube-rbac-proxy based on the SLE Base Container Image."
 LABEL org.opencontainers.image.version="%%kube-rbac-proxy_version%%"
 LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
 LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kube-rbac-proxy:%%kube-rbac-proxy_version%%-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
 LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
 LABEL com.suse.image-type="application"
 LABEL com.suse.release-stage="released"
 # endlabelprefix
 COPY --from=base /installroot /
 #Install kube-rbac-proxy
 EXPOSE 8080
 USER 65532:65532
 ENTRYPOINT ["/kube-rbac-proxy"]
--- a/kube-rbac-proxy-image/_service
+++ b/kube-rbac-proxy-image/_service
@@ -0,0 +1,19 @@
 <services>
  <service mode="buildtime" name="kiwi_metainfo_helper"/>
  <service mode="buildtime" name="docker_label_helper"/>
  <service name="replace_using_package_version" mode="buildtime">
    <param name="file">Dockerfile</param>
    <param name="regex">%%kube-rbac-proxy_version%%</param>
    <param name="package">kube-rbac-proxy</param>
    <param name="parse-version">patch</param>
  </service>
  <service name="replace_using_env" mode="buildtime">
    <param name="file">Dockerfile</param>
    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
    <param name="var">IMG_PREFIX</param>
    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
    <param name="var">IMG_REPO</param>
    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
    <param name="var">SUPPORT_LEVEL</param>
  </service>
 </services>
--- a/kube-rbac-proxy/_service
+++ b/kube-rbac-proxy/_service
@@ -2,7 +2,7 @@
 <service name="obs_scm">
    <param name="url">https://github.com/brancz/kube-rbac-proxy</param>
    <param name="scm">git</param>
-    <param name="revision">v0.18.0</param>
+    <param name="revision">v0.18.1</param>
    <param name="version">_auto_</param>
    <param name="versionformat">@PARENT_TAG@</param>
    <param name="changesgenerate">enable</param>
@@ -20,4 +20,4 @@
  <service name="go_modules">
  </service>
  <service mode="buildtime" name="set_version" />
-</services>
+</services>
--- a/kube-rbac-proxy/kube-rbac-proxy.spec
+++ b/kube-rbac-proxy/kube-rbac-proxy.spec
@@ -17,14 +17,14 @@
 Name:           kube-rbac-proxy
-Version:        0.18.0
+Version:        0.18.1
-Release:        0.18.0
+Release:        0.18.1
 Summary:        The kube-rbac-proxy is a small HTTP proxy for a single upstream
 License:        Apache-2.0
 URL:            https://github.com/brancz/kube-rbac-proxy
 Source:         kube-rbac-proxy-%{version}.tar.gz
 Source1:        vendor.tar.gz
-BuildRequires:  golang(API) = 1.22
+BuildRequires:  golang(API) = 1.23
 ExcludeArch:    s390
 ExcludeArch:    %{ix86}
--- a/metallb-chart/values.yaml
+++ b/metallb-chart/values.yaml
@@ -59,7 +59,7 @@ prometheus:
  # the image to be used for the kuberbacproxy container
  rbacProxy:
    repository: "%%IMG_REPO%%/%%IMG_PREFIX%%kube-rbac-proxy"
-    tag: "v0.18.0"
+    tag: "0.18.1"
    pullPolicy: IfNotPresent
  # Prometheus Operator PodMonitors
--- a/metallb-controller-image/Dockerfile
+++ b/metallb-controller-image/Dockerfile
@@ -21,7 +21,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
 LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%metallb-controller:v%%metallb-controller_version%%-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="l3"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
 LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
 LABEL com.suse.image-type="application"
--- a/metallb-controller-image/_service
+++ b/metallb-controller-image/_service
@@ -13,5 +13,7 @@
    <param name="var">IMG_PREFIX</param>
    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
    <param name="var">IMG_REPO</param>
    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
    <param name="var">SUPPORT_LEVEL</param>
  </service>
 </services>
--- a/metallb-speaker-image/Dockerfile
+++ b/metallb-speaker-image/Dockerfile
@@ -21,7 +21,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
 LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%metallb-speaker:v%%metallb-speaker_version%%-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="l3"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
 LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
 LABEL com.suse.image-type="application"
--- a/metallb-speaker-image/_service
+++ b/metallb-speaker-image/_service
@@ -13,5 +13,7 @@
    <param name="var">IMG_PREFIX</param>
    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
    <param name="var">IMG_REPO</param>
    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
    <param name="var">SUPPORT_LEVEL</param>
  </service>
 </services>
--- a/openstack-ironic-image/root.tar.bz2
+++ b/openstack-ironic-image/root.tar.bz2
--- a/rancher-turtles-airgap-resources-chart/Chart.yaml
+++ b/rancher-turtles-airgap-resources-chart/Chart.yaml
@@ -1,10 +1,10 @@
-#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:0.3.3
+#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:302.0.0_up0.13.0
-#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:0.3.3-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:302.0.0_up0.13.0
 apiVersion: v2
-appVersion: 0.11.0
+appVersion: 0.13.0
 description: Rancher Turtles utility chart for airgap scenarios
 home: https://github.com/rancher/turtles/
 icon: https://raw.githubusercontent.com/rancher/turtles/main/logos/capi.svg
 name: rancher-turtles-airgap-resources
 type: application
-version: 0.3.3
+version: 302.0.0+up0.13.0
--- a/rancher-turtles-airgap-resources-chart/_service
+++ b/rancher-turtles-airgap-resources-chart/_service
@@ -2,7 +2,7 @@
  <service mode="buildtime" name="kiwi_metainfo_helper"/>
  <service name="replace_using_env" mode="buildtime">
    <param name="file">Chart.yaml</param>
-    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %img_prefix)</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
    <param name="var">IMG_PREFIX</param>
  </service>
 </services>
--- a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-core.yaml
+++ b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-core.yaml
--- a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-metal3.yaml
+++ b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-metal3.yaml
@@ -3647,7 +3647,7 @@ data:
            envFrom:
            - configMapRef:
                name: capm3-capm3fasttrack-configmap
-            image: quay.io/metal3-io/cluster-api-provider-metal3:v1.7.1
+            image: quay.io/metal3-io/cluster-api-provider-metal3:v1.7.2
            imagePullPolicy: IfNotPresent
            livenessProbe:
              httpGet:
@@ -3731,7 +3731,7 @@ data:
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
-            image: quay.io/metal3-io/ip-address-manager:v1.7.1
+            image: quay.io/metal3-io/ip-address-manager:v1.7.2
            imagePullPolicy: IfNotPresent
            livenessProbe:
              httpGet:
@@ -4384,7 +4384,7 @@ data:
 kind: ConfigMap
 metadata:
  creationTimestamp: null
-  name: v1.7.1
+  name: v1.7.2
  namespace: capm3-system
  labels:
    provider-components: metal3
--- a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-bootstrap.yaml
+++ b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-bootstrap.yaml
@@ -868,6 +868,11 @@ data:
                              type: string
                            type: array
                        type: object
                      podSecurityAdmissionConfigFile:
                        description: |-
                          PodSecurityPolicyConfigFile contains the path to the PodSecurityPolicy configuration file. The file can be passed through
                          spec.Files field.
                        type: string
                      protectKernelDefaults:
                        description: |-
                          ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults.
@@ -2050,6 +2055,11 @@ data:
                                      type: string
                                    type: array
                                type: object
                              podSecurityAdmissionConfigFile:
                                description: |-
                                  PodSecurityPolicyConfigFile contains the path to the PodSecurityPolicy configuration file. The file can be passed through
                                  spec.Files field.
                                type: string
                              protectKernelDefaults:
                                description: |-
                                  ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults.
@@ -2535,7 +2545,7 @@ data:
            - --insecure-diagnostics=${CAPRKE2_INSECURE_DIAGNOSTICS:=false}
            command:
            - /manager
-            image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.7.1
+            image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.8.0
            imagePullPolicy: IfNotPresent
            livenessProbe:
              httpGet:
@@ -2742,10 +2752,13 @@ data:
      - major: 0
        minor: 7
        contract: v1beta1
      - major: 0
        minor: 8
        contract: v1beta1
 kind: ConfigMap
 metadata:
  creationTimestamp: null
-  name: v0.7.1
+  name: v0.8.0
  namespace: rke2-bootstrap-system
  labels:
    provider-components: rke2-bootstrap
--- a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-control-plane.yaml
+++ b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-control-plane.yaml
@@ -1513,6 +1513,11 @@ data:
                              type: string
                            type: array
                        type: object
                      podSecurityAdmissionConfigFile:
                        description: |-
                          PodSecurityPolicyConfigFile contains the path to the PodSecurityPolicy configuration file. The file can be passed through
                          spec.Files field.
                        type: string
                      protectKernelDefaults:
                        description: |-
                          ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults.
@@ -2926,6 +2931,11 @@ data:
                                      type: string
                                    type: array
                                type: object
                              podSecurityAdmissionConfigFile:
                                description: |-
                                  PodSecurityPolicyConfigFile contains the path to the PodSecurityPolicy configuration file. The file can be passed through
                                  spec.Files field.
                                type: string
                              protectKernelDefaults:
                                description: |-
                                  ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults.
@@ -4285,7 +4295,7 @@ data:
              valueFrom:
                fieldRef:
                  fieldPath: metadata.uid
-            image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.7.1
+            image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.8.0
            imagePullPolicy: IfNotPresent
            livenessProbe:
              httpGet:
@@ -4499,10 +4509,13 @@ data:
      - major: 0
        minor: 7
        contract: v1beta1
      - major: 0
        minor: 8
        contract: v1beta1
 kind: ConfigMap
 metadata:
  creationTimestamp: null
-  name: v0.7.1
+  name: v0.8.0
  namespace: rke2-control-plane-system
  labels:
    provider-components: rke2-control-plane
--- a/rancher-turtles-chart/Chart.lock
+++ b/rancher-turtles-chart/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: cluster-api-operator
  repository: https://kubernetes-sigs.github.io/cluster-api-operator
-  version: 0.12.0
+  version: 0.14.0
-digest: sha256:c167c074ca89ef7a520ec18a5afd380b9edaee513810aa3ac0e0bda51db9c526
+digest: sha256:9e9e851dbab3212c279efec06bcf0da147228ea1590470f3a8cbbb5806a250d4
-generated: "2024-08-22T14:23:18.589443298Z"
+generated: "2024-10-28T11:44:34.392387979Z"
--- a/rancher-turtles-chart/Chart.yaml
+++ b/rancher-turtles-chart/Chart.yaml
@@ -1,5 +1,5 @@
-#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:0.3.3
+#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:302.0.0_up0.13.0
-#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:0.3.3-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:302.0.0_up0.13.0-%RELEASE%
 annotations:
  catalog.cattle.io/certified: rancher
  catalog.cattle.io/display-name: Rancher Turtles - the Cluster API Extension
@@ -12,12 +12,12 @@ annotations:
  catalog.cattle.io/scope: management
  catalog.cattle.io/type: cluster-tool
 apiVersion: v2
-appVersion: 0.11.0
+appVersion: 0.13.0
 dependencies:
 - condition: cluster-api-operator.enabled
  name: cluster-api-operator
  repository: file://./charts/cluster-api-operator
-  version: 0.12.0
+  version: 0.14.0
 description: Rancher Turtles is an extension to Rancher that brings full Cluster API
  integration to Rancher.
 home: https://github.com/rancher/turtles/
@@ -29,4 +29,4 @@ keywords:
 - provisioning
 name: rancher-turtles
 type: application
-version: 0.3.3+up0.11.0
+version: 302.0.0+up0.13.0
--- a/rancher-turtles-chart/RELEASE_NOTES.md
+++ b/rancher-turtles-chart/RELEASE_NOTES.md
@@ -1,6 +1,4 @@
-## Changes since test/v0.11.0
+gh: To use GitHub CLI in a GitHub Actions workflow, set the GH_TOKEN environment variable. Example:
---
+  env:
-## :chart_with_upwards_trend: Overview
+    GH_TOKEN: ${{ github.token }}
-
+: exit status 4
 _Thanks to all our contributors!_ 😊
--- a/rancher-turtles-chart/_service
+++ b/rancher-turtles-chart/_service
@@ -2,14 +2,14 @@
  <service mode="buildtime" name="kiwi_metainfo_helper"/>
  <service name="replace_using_env" mode="buildtime">
    <param name="file">values.yaml</param>
-    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %img_prefix)</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
    <param name="var">IMG_PREFIX</param>
    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
    <param name="var">IMG_REPO</param>
  </service>
  <service name="replace_using_env" mode="buildtime">
    <param name="file">Chart.yaml</param>
-    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %img_prefix)</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
    <param name="var">IMG_PREFIX</param>
  </service>
 </services>
--- a/rancher-turtles-chart/charts/cluster-api-operator/Chart.yaml
+++ b/rancher-turtles-chart/charts/cluster-api-operator/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
-appVersion: 0.12.0
+appVersion: 0.14.0
 description: Cluster API Operator
 name: cluster-api-operator
 type: application
-version: 0.12.0
+version: 0.14.0
--- a/rancher-turtles-chart/charts/cluster-api-operator/templates/addon.yaml
+++ b/rancher-turtles-chart/charts/cluster-api-operator/templates/addon.yaml
@@ -26,7 +26,7 @@ apiVersion: v1
 kind: Namespace
 metadata:
  annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "1"
    "argocd.argoproj.io/sync-wave": "1"
  name: {{ $addonNamespace }}
@@ -37,7 +37,7 @@ metadata:
  name: {{ $addonName }}
  namespace: {{ $addonNamespace }}
  annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "2"
    "argocd.argoproj.io/sync-wave": "2"
 {{- if or $addonVersion $.Values.secretName }}
--- a/rancher-turtles-chart/charts/cluster-api-operator/templates/bootstrap.yaml
+++ b/rancher-turtles-chart/charts/cluster-api-operator/templates/bootstrap.yaml
@@ -26,7 +26,7 @@ apiVersion: v1
 kind: Namespace
 metadata:
  annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "1"
  name: {{ $bootstrapNamespace }}
 ---
@@ -36,7 +36,7 @@ metadata:
  name: {{ $bootstrapName }}
  namespace: {{ $bootstrapNamespace }}
  annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "2"
 {{- if or $bootstrapVersion $.Values.configSecret.name }}
 spec:
--- a/rancher-turtles-chart/charts/cluster-api-operator/templates/control-plane.yaml
+++ b/rancher-turtles-chart/charts/cluster-api-operator/templates/control-plane.yaml
@@ -26,7 +26,7 @@ apiVersion: v1
 kind: Namespace
 metadata:
  annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "1"
  name: {{ $controlPlaneNamespace }}
 ---
@@ -36,7 +36,7 @@ metadata:
  name: {{ $controlPlaneName }}
  namespace: {{ $controlPlaneNamespace }}
  annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "2"
 {{- if or $controlPlaneVersion $.Values.configSecret.name }}
 spec:
--- a/rancher-turtles-chart/charts/cluster-api-operator/templates/core-conditions.yaml
+++ b/rancher-turtles-chart/charts/cluster-api-operator/templates/core-conditions.yaml
@@ -6,7 +6,7 @@ apiVersion: v1
 kind: Namespace
 metadata:
  annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "1"
  name: capi-system
 ---
@@ -16,7 +16,7 @@ metadata:
  name: cluster-api
  namespace: capi-system
  annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "2"
 {{- with .Values.configSecret }}
 spec:
--- a/rancher-turtles-chart/charts/cluster-api-operator/templates/core.yaml
+++ b/rancher-turtles-chart/charts/cluster-api-operator/templates/core.yaml
@@ -25,7 +25,7 @@ apiVersion: v1
 kind: Namespace
 metadata:
  annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "1"
  name: {{ $coreNamespace }}
 ---
@@ -35,7 +35,7 @@ metadata:
  name: {{ $coreName }}
  namespace: {{ $coreNamespace }}
  annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "2"
    "argocd.argoproj.io/sync-wave": "2"
 {{- if or $coreVersion $.Values.configSecret.name }}
--- a/rancher-turtles-chart/charts/cluster-api-operator/templates/deployment.yaml
+++ b/rancher-turtles-chart/charts/cluster-api-operator/templates/deployment.yaml
@@ -74,6 +74,9 @@ spec:
        {{- if .Values.insecureDiagnostics }}
        - --insecure-diagnostics={{ .Values.insecureDiagnostics }}
        {{- end }}
        {{- if .Values.watchConfigSecret }}
        - --watch-configsecret
        {{- end }}
        {{- with .Values.leaderElection }}
        - --leader-elect={{ .enabled }}
        {{- if .leaseDuration }}
--- a/rancher-turtles-chart/charts/cluster-api-operator/templates/infra-conditions.yaml
+++ b/rancher-turtles-chart/charts/cluster-api-operator/templates/infra-conditions.yaml
@@ -7,7 +7,7 @@ apiVersion: v1
 kind: Namespace
 metadata:
  annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "1"
    "argocd.argoproj.io/sync-wave": "1"
  name: capi-kubeadm-bootstrap-system
@@ -18,7 +18,7 @@ metadata:
  name: kubeadm
  namespace: capi-kubeadm-bootstrap-system
  annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "2"
    "argocd.argoproj.io/sync-wave": "2"
 {{- with .Values.configSecret }}
@@ -37,7 +37,7 @@ apiVersion: v1
 kind: Namespace
 metadata:
  annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "1"
    "argocd.argoproj.io/sync-wave": "1"
  name: capi-kubeadm-control-plane-system
@@ -48,7 +48,7 @@ metadata:
  name: kubeadm
  namespace: capi-kubeadm-control-plane-system
  annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "2"
    "argocd.argoproj.io/sync-wave": "2"
 {{- with .Values.configSecret }}
--- a/rancher-turtles-chart/charts/cluster-api-operator/templates/infra.yaml
+++ b/rancher-turtles-chart/charts/cluster-api-operator/templates/infra.yaml
@@ -1,13 +1,3 @@
 {{- define "recursivePrinter" }}
 {{- range $key, $value := . }}
 {{- if kindIs "map" $value }}
  {{ $key }}:
  {{- include "recursivePrinter" $value | indent 2 }}
 {{- else }}
  {{ $key }}: {{ $value }}
 {{- end }}
 {{- end }}
 {{- end }}
 # Infrastructure providers
 {{- if .Values.infrastructure }}
 {{- $infrastructures := split ";" .Values.infrastructure }}
@@ -36,7 +26,7 @@ apiVersion: v1
 kind: Namespace
 metadata:
  annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "1"
    "argocd.argoproj.io/sync-wave": "1"
  name: {{ $infrastructureNamespace }}
@@ -47,7 +37,7 @@ metadata:
  name: {{ $infrastructureName }}
  namespace: {{ $infrastructureNamespace }}
  annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "2"
    "argocd.argoproj.io/sync-wave": "2"
 {{- if or $infrastructureVersion $.Values.configSecret.name $.Values.manager $.Values.additionalDeployments }}
@@ -77,8 +67,7 @@ spec:
    {{- end }}
 {{- end }}
 {{- if $.Values.additionalDeployments }}
-  additionalDeployments:
+  additionalDeployments: {{ toYaml $.Values.additionalDeployments | nindent 4 }}
  {{- include "recursivePrinter" $.Values.additionalDeployments | indent 2 }}
 {{- end }}
 {{- end }}
 {{- end }}
--- a/rancher-turtles-chart/charts/cluster-api-operator/templates/operator-components.yaml
+++ b/rancher-turtles-chart/charts/cluster-api-operator/templates/operator-components.yaml
@@ -13,7 +13,6 @@ spec:
    strategy: Webhook
    webhook:
      clientConfig:
        caBundle: Cg==
        service:
          name: capi-operator-webhook-service
          namespace: '{{ .Release.Namespace }}'
@@ -3023,7 +3022,6 @@ spec:
    strategy: Webhook
    webhook:
      clientConfig:
        caBundle: Cg==
        service:
          name: capi-operator-webhook-service
          namespace: '{{ .Release.Namespace }}'
@@ -7618,7 +7616,6 @@ spec:
    strategy: Webhook
    webhook:
      clientConfig:
        caBundle: Cg==
        service:
          name: capi-operator-webhook-service
          namespace: '{{ .Release.Namespace }}'
@@ -12216,7 +12213,6 @@ spec:
    strategy: Webhook
    webhook:
      clientConfig:
        caBundle: Cg==
        service:
          name: capi-operator-webhook-service
          namespace: '{{ .Release.Namespace }}'
@@ -16811,7 +16807,6 @@ spec:
    strategy: Webhook
    webhook:
      clientConfig:
        caBundle: Cg==
        service:
          name: capi-operator-webhook-service
          namespace: '{{ .Release.Namespace }}'
@@ -21409,7 +21404,6 @@ spec:
    strategy: Webhook
    webhook:
      clientConfig:
        caBundle: Cg==
        service:
          name: capi-operator-webhook-service
          namespace: '{{ .Release.Namespace }}'
@@ -24419,7 +24413,6 @@ spec:
    strategy: Webhook
    webhook:
      clientConfig:
        caBundle: Cg==
        service:
          name: capi-operator-webhook-service
          namespace: '{{ .Release.Namespace }}'
--- a/rancher-turtles-chart/charts/cluster-api-operator/values.yaml
+++ b/rancher-turtles-chart/charts/cluster-api-operator/values.yaml
@@ -19,7 +19,7 @@ leaderElection:
 image:
  manager:
    repository: registry.k8s.io/capi-operator/cluster-api-operator
-    tag: v0.12.0
+    tag: v0.14.0
    pullPolicy: IfNotPresent
 env:
  manager: []
@@ -27,6 +27,7 @@ healthAddr: ":8081"
 metricsBindAddr: "127.0.0.1:8080"
 diagnosticsAddress: "8443"
 insecureDiagnostics: false
 watchConfigSecret: false
 imagePullSecrets: {}
 resources:
  manager:
--- a/Show More
+++ b/Show More
Author	SHA256	Message	Date
Steven Hardy	f38d3486d1	rancher-turtles-airgap-resources: update to 0.13 release	2024-11-14 18:17:20 +00:00
Steven Hardy	8209fa1064	rancher-turtles: Update to 0.13 upstream version Aligns with https://github.com/suse-edge/charts/pull/166	2024-11-14 18:14:20 +00:00
Steven Hardy	6bd4999fe8	Remove openstack-ironic-image This was replaced by ironic-ipa-ramdisk in #8	2024-11-13 14:08:10 +00:00
Steven Hardy	784cd801cd	delete_package.py: Fix command to add message Without this it launches an editor to interactively specify the message which doesn't seem to work from inside the python script	2024-11-13 14:05:38 +00:00
Steven Hardy	fc9325ccf9	ironic-ipa-ramdisk: fix nmc package name	2024-11-13 12:34:23 +00:00
Steven Hardy	5d2b779c68	ironic-image: Update to 26.1.2.0 To align with isv:SUSE:Edge:Metal3:Ironic:2024.2	2024-11-13 10:29:19 +01:00
Steven Hardy	2151ada687	ironic-ipa-downloader-image: Update to 3.0.0 Align with isv:SUSE:Edge:Metal3:Ironic:2024.2	2024-11-13 10:29:19 +01:00
Steven Hardy	8247b33a98	ironic-ipa-ramdisk: add new/renamed package To align with isv:SUSE:Edge:Metal3:Ironic:2024.2	2024-11-13 10:29:19 +01:00
Steven Hardy	9d927c2af8	baremetal-operator: update to 0.8.0	2024-11-13 10:29:19 +01:00
Steven Hardy	ff0e5f2b33	kube-rbac-proxy: bump go to 1.23	2024-11-13 09:27:37 +00:00
Steven Hardy	cf76ed917b	metallb-chart: update kube-rbac-proxy image version	2024-11-13 10:23:57 +01:00
Steven Hardy	eee07009bb	rancher-turtles: Fix IMG_PREFIX macros Currently the substitution is not working correctly	2024-11-12 19:00:22 +00:00
Steven Hardy	a52af83ddd	kube-rbac-proxy-image: fix _service file Add missing prefix and support level replacements	2024-11-12 18:11:56 +00:00
Steven Hardy	1492cfce52	Add kube-rbac-proxy-image	2024-11-12 17:38:22 +00:00
Steven Hardy	f3728884d9	Update kube-rbac-proxy to 0.18.1	2024-11-12 17:19:02 +00:00
Denislav Prodanov	8549134ddf	added macro to set support level l3	2024-11-11 15:45:18 +01:00
Nicolas Belouin	eae86c9ade	Document branch version Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>	2024-11-07 16:37:52 +01:00
Nicolas Belouin	39722e23e7	Update workflow with missing items Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>	2024-11-07 16:37:51 +01:00
Denislav Prodanov	85c7658ab0	updated go version to 1.22	2024-11-07 15:06:20 +02:00