update commit to latest

baremetal-operator-image/Dockerfile

@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%.0
+#!BuildTag: %%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%.1
-#!BuildTag: %%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%.0-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%.1-%RELEASE%
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 
@@ -18,7 +18,7 @@ LABEL org.opencontainers.image.version="%%baremetal-operator_version%%"
 LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%.0-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%.1-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"

baremetal-operator/_service

@@ -2,7 +2,7 @@
  <service name="obs_scm">
     <param name="url">https://github.com/metal3-io/baremetal-operator</param>
     <param name="scm">git</param>
-    <param name="revision">v0.10.2</param>
+    <param name="revision">v0.9.1</param>
     <param name="version">_auto_</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="changesgenerate">enable</param>

baremetal-operator/baremetal-operator.spec

@@ -17,14 +17,14 @@
 
 
 Name:           baremetal-operator
-Version:        0.10.2
+Version:        0.9.1
 Release:        0
 Summary:        Implements a Kubernetes API for managing bare metal hosts
 License:        Apache-2.0
 URL:            https://github.com/metal3-io/baremetal-operator
 Source:         baremetal-operator-%{version}.tar
 Source1:        vendor.tar.gz
-BuildRequires:  golang(API) = 1.24
+BuildRequires:  golang(API) = 1.23
 ExcludeArch:    s390
 ExcludeArch:    %{ix86}
 

ironic-image/Dockerfile

@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%ironic:29.0.4.1
+#!BuildTag: %%IMG_PREFIX%%ironic:29.0.4.0
-#!BuildTag: %%IMG_PREFIX%%ironic:29.0.4.1-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%ironic:29.0.4.0-%RELEASE%
 
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
@@ -19,11 +19,11 @@ RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes
 
 #!ArchExclusiveLine: x86_64
 RUN if [ "$(uname -m)" = "x86_64" ];then \
-      zypper --installroot /installroot --non-interactive install --no-recommends syslinux python311-devel python311 python311-pip python311-sushy-oem-idrac python311-proliantutils python311-sushy python311-pyinotify python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi ipcalc ipmitool iproute2 bind-utils procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic; \
+      zypper --installroot /installroot --non-interactive install --no-recommends syslinux python311-devel python311 python311-pip python311-sushy-oem-idrac python311-proliantutils python311-sushy python311-pyinotify python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic; \
     fi
 #!ArchExclusiveLine: aarch64
 RUN if [ "$(uname -m)" = "aarch64" ];then \
-      zypper --installroot /installroot --non-interactive install --no-recommends python311-devel python311 python311-pip python311-sushy-oem-idrac python311-proliantutils python311-sushy python311-pyinotify python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi ipcalc ipmitool iproute2 bind-utils procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic; \
+      zypper --installroot /installroot --non-interactive install --no-recommends python311-devel python311 python311-pip python311-sushy-oem-idrac python311-proliantutils python311-sushy python311-pyinotify python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic; \
     fi
     
 # DATABASE
@@ -41,8 +41,8 @@ LABEL org.opencontainers.image.description="Openstack Ironic based on the SLE Ba
 LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opencontainers.image.version="29.0.4.1"
+LABEL org.opencontainers.image.version="29.0.4.0"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:29.0.4.1-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:29.0.4.0-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"

ironic-image/configure-nonroot.sh

@@ -45,10 +45,10 @@ chown -R "${IRONIC_USER}":"${IRONIC_GROUP}" /run
 
 # ironic and httpd related changes
 mkdir -p /etc/httpd/conf.d
-chown -R "${IRONIC_USER}":"${IRONIC_GROUP}" /etc/ironic /etc/httpd/conf /etc/httpd/conf.d /etc/httpd/conf.modules.d/
+chown -R "${IRONIC_USER}":"${IRONIC_GROUP}" /etc/ironic /etc/httpd/conf /etc/httpd/conf.d
-chmod 2775 /etc/ironic /etc/httpd/conf /etc/httpd/conf.d /etc/httpd/conf.modules.d/
+chmod 2775 /etc/ironic /etc/httpd/conf /etc/httpd/conf.d
 #chmod 664 /etc/ironic/* /etc/httpd/conf/* /etc/httpd/conf.d/*
-chmod 664 /etc/ironic/* /etc/httpd/conf/* /etc/httpd/conf.modules.d/*
+chmod 664 /etc/ironic/* /etc/httpd/conf/*
 
 chown -R "${IRONIC_USER}":"${IRONIC_GROUP}" /var/lib/ironic
 chmod 2775 /var/lib/ironic

ironic-image/ironic-config/apache2-ipxe.conf.j2

@@ -1,5 +1,4 @@
-Listen 0.0.0.0:{{ env.IPXE_TLS_PORT }}
+Listen {{ env.IPXE_TLS_PORT }}
-Listen [::]:{{ env.IPXE_TLS_PORT }}
 
 <VirtualHost *:{{ env.IPXE_TLS_PORT }}>
     ErrorLog /dev/stderr

ironic-image/ironic-config/apache2-vmedia.conf.j2

@@ -1,5 +1,4 @@
-Listen 0.0.0.0:{{ env.VMEDIA_TLS_PORT }}
+Listen {{ env.VMEDIA_TLS_PORT }}
-Listen [::]:{{ env.VMEDIA_TLS_PORT }}
 
 <VirtualHost *:{{ env.VMEDIA_TLS_PORT }}>
     ErrorLog /dev/stderr
@@ -11,15 +10,13 @@ Listen [::]:{{ env.VMEDIA_TLS_PORT }}
     SSLCertificateFile {{ env.IRONIC_VMEDIA_CERT_FILE }}
     SSLCertificateKeyFile {{ env.IRONIC_VMEDIA_KEY_FILE }}
 
-    <Directory "/shared/html/">
+    <Directory ~ "/shared/html">
-        Options Indexes FollowSymLinks
+         Order deny,allow
-        AllowOverride None
+         deny from all
-        Require all granted
     </Directory>
     <Directory ~ "/shared/html/(redfish|ilo)/">
-        Options Indexes FollowSymLinks
+         Order allow,deny
-        AllowOverride None
+         allow from all
-        Require all granted
     </Directory>
 </VirtualHost>
 

ironic-image/ironic-config/httpd-ironic-api.conf.j2

@@ -12,21 +12,11 @@
 
 
 {% if env.LISTEN_ALL_INTERFACES | lower == "true" %}
-Listen 0.0.0.0:{{ env.IRONIC_LISTEN_PORT }}
+Listen {{ env.IRONIC_LISTEN_PORT }}
-Listen [::]:{{ env.IRONIC_LISTEN_PORT }}
  <VirtualHost *:{{ env.IRONIC_LISTEN_PORT }}>
 {% else %}
-{% if env.ENABLE_IPV4 %}
+Listen {{ env.IRONIC_URL_HOST }}:{{ env.IRONIC_LISTEN_PORT }}
-Listen {{ env.IRONIC_IP }}:{{ env.IRONIC_LISTEN_PORT }}
+ <VirtualHost {{ env.IRONIC_URL_HOST }}:{{ env.IRONIC_LISTEN_PORT }}>
-{% endif %}
-{% if env.ENABLE_IPV6 %}
-Listen [{{ env.IRONIC_IPV6 }}]:{{ env.IRONIC_LISTEN_PORT }}
-{% endif %}
-{% if env.IRONIC_URL_HOSTNAME is defined and env.IRONIC_URL_HOSTNAME|length %}
-<VirtualHost {{ env.IRONIC_URL_HOSTNAME }}:{{ env.IRONIC_LISTEN_PORT }}>
-{% else %}
-<VirtualHost {% if env.ENABLE_IPV4 %}{{ env.IRONIC_IP }}:{{ env.IRONIC_LISTEN_PORT }}{% endif %} {% if env.ENABLE_IPV6 %}[{{ env.IRONIC_IPV6 }}]:{{ env.IRONIC_LISTEN_PORT }}{% endif %}>
-{% endif %}
 {% endif %}
 
     {% if env.IRONIC_PRIVATE_PORT == "unix" %}

ironic-image/ironic-config/httpd-modules.conf

@@ -17,4 +17,4 @@ LoadModule authn_core_module /usr/lib64/apache2/mod_authn_core.so
 LoadModule auth_basic_module /usr/lib64/apache2/mod_auth_basic.so
 LoadModule authn_file_module /usr/lib64/apache2/mod_authn_file.so
 LoadModule authz_user_module /usr/lib64/apache2/mod_authz_user.so
-#LoadModule access_compat_module /usr/lib64/apache2/mod_access_compat.so
+LoadModule access_compat_module /usr/lib64/apache2/mod_access_compat.so

ironic-image/ironic-config/httpd.conf.j2

@@ -1,14 +1,8 @@
 ServerRoot {{ env.HTTPD_DIR }}
 {%- if env.LISTEN_ALL_INTERFACES | lower == "true" %}
-Listen 0.0.0.0:{{ env.HTTP_PORT }}
+Listen {{ env.HTTP_PORT }}
-Listen [::]:{{ env.HTTP_PORT }}
 {% else %}
-{% if env.ENABLE_IPV4 %}
+Listen {{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}
-Listen {{ env.IRONIC_IP }}:{{ env.HTTP_PORT }}
-{% endif %}
-{% if env.ENABLE_IPV6 %}
-Listen [{{ env.IRONIC_IPV6 }}]:{{ env.HTTP_PORT }}
-{% endif %}
 {% endif %}
 Include /etc/httpd/conf.modules.d/*.conf
 User ironic-suse

ironic-image/ironic-config/ironic.conf.j2

@@ -25,13 +25,7 @@ rpc_transport = none
 use_stderr = true
 # NOTE(dtantsur): the default md5 is not compatible with FIPS mode
 hash_ring_algorithm = sha256
-{% if env.ENABLE_IPV4 %}
 my_ip = {{ env.IRONIC_IP }}
-{% endif %}
-{% if env.ENABLE_IPV6 %}
-my_ipv6 = {{ env.IRONIC_IPV6 }}
-{% endif %}
-
 host = {{ env.IRONIC_CONDUCTOR_HOST }}
 tempdir = {{ env.IRONIC_TMP_DATA_DIR }}
 
@@ -71,7 +65,7 @@ port = {{ env.IRONIC_PRIVATE_PORT }}
 {% endif %}
 public_endpoint = {{ env.IRONIC_BASE_URL }}
 {% else %}
-host_ip = {{ env.IRONIC_HOST_IP }}
+host_ip = {% if env.LISTEN_ALL_INTERFACES | lower == "true" %}::{% else %}{{ env.IRONIC_IP }}{% endif %}
 port = {{ env.IRONIC_LISTEN_PORT }}
 {% if env.IRONIC_TLS_SETUP == "true" %}
 enable_ssl_api = true
@@ -91,11 +85,7 @@ send_sensor_data = {{ env.SEND_SENSOR_DATA }}
 # Power state is checked every 60 seconds and BMC activity should
 # be avoided more often than once every sixty seconds.
 send_sensor_data_interval = 160
-{% if env.VMEDIA_TLS_PORT %}
-bootloader = {{ env.IRONIC_HTTPS_VMEDIA_URL }}/uefi_esp-{{ env.DEPLOY_ARCHITECTURE }}.img
-{% else %}
 bootloader = {{ env.IRONIC_HTTP_URL }}/uefi_esp-{{ env.DEPLOY_ARCHITECTURE }}.img
-{% endif %}
 verify_step_priority_override = management.clear_job_queue:90
 # We don't use this feature, and it creates an additional load on the database
 node_history = False
@@ -127,15 +117,15 @@ default_boot_option = local
 erase_devices_metadata_priority = 10
 erase_devices_priority = 0
 http_root = /shared/html/
-http_url = {% if env.VMEDIA_TLS_PORT %}{{ env.IRONIC_HTTPS_VMEDIA_URL }}{% else %}{{ env.IRONIC_HTTP_URL }}{% endif %}
+http_url = {{ env.IRONIC_HTTP_URL }}
 fast_track = {{ env.IRONIC_FAST_TRACK }}
 {% if env.IRONIC_BOOT_ISO_SOURCE %}
 ramdisk_image_download_source = {{ env.IRONIC_BOOT_ISO_SOURCE }}
 {% endif %}
 {% if env.IRONIC_EXTERNAL_HTTP_URL %}
 external_http_url = {{ env.IRONIC_EXTERNAL_HTTP_URL }}
-{% elif env.VMEDIA_TLS_PORT %}
+{% elif env.IRONIC_VMEDIA_TLS_SETUP == "true" %}
-external_http_url = {{ env.IRONIC_HTTPS_VMEDIA_URL }}
+external_http_url = https://{{ env.IRONIC_URL_HOST }}:{{ env.VMEDIA_TLS_PORT }}
 {% endif %}
 {% if env.IRONIC_EXTERNAL_CALLBACK_URL %}
 external_callback_url = {{ env.IRONIC_EXTERNAL_CALLBACK_URL }}
@@ -191,7 +181,7 @@ cipher_suite_versions = 3,17
 # containers are in host networking.
 auth_strategy = http_basic
 http_basic_auth_user_file = {{ env.IRONIC_RPC_HTPASSWD_FILE }}
-host_ip = {{ env.IRONIC_HOST_IP }}
+host_ip = {% if env.LISTEN_ALL_INTERFACES | lower == "true" %}::{% else %}{{ env.IRONIC_IP }}{% endif %}
 {% if env.IRONIC_TLS_SETUP == "true" %}
 use_ssl = true
 cafile = {{ env.IRONIC_CACERT_FILE }}

ironic-image/scripts/configure-ironic.sh

@@ -3,7 +3,6 @@
 set -euxo pipefail
 
 IRONIC_EXTERNAL_IP="${IRONIC_EXTERNAL_IP:-}"
-export VMEDIA_TLS_PORT="${VMEDIA_TLS_PORT:-}"
 
 # Define the VLAN interfaces to be included in introspection report, e.g.
 #   all - all VLANs on all interfaces using LLDP information
@@ -52,18 +51,6 @@ export IRONIC_IPA_COLLECTORS=${IRONIC_IPA_COLLECTORS:-default,logs}
 
 wait_for_interface_or_ip
 
-if [[ "$(echo "$LISTEN_ALL_INTERFACES" | tr '[:upper:]' '[:lower:]')" == "true" ]]; then
-export IRONIC_HOST_IP="::"
-elif [[ -n "${ENABLE_IPV6}" ]]; then
-export IRONIC_HOST_IP="$IRONIC_IPV6"
-else
-export IRONIC_HOST_IP="$IRONIC_IP"
-fi
-
-if [[ "${VMEDIA_TLS_PORT}" ]]; then
-   export IRONIC_HTTPS_VMEDIA_URL="https://${IRONIC_URL_HOST}:${VMEDIA_TLS_PORT}"
-fi
-
 # Hostname to use for the current conductor instance.
 export IRONIC_CONDUCTOR_HOST=${IRONIC_CONDUCTOR_HOST:-${IRONIC_URL_HOST}}
 
@@ -105,11 +92,4 @@ render_j2_config "/etc/ironic/ironic.conf.j2" \
 configure_json_rpc_auth
 
 # Make sure ironic traffic bypasses any proxies
-export NO_PROXY="${NO_PROXY:-}"
+export NO_PROXY="${NO_PROXY:-},$IRONIC_IP"
-
-if [[ -n "$IRONIC_IPV6" ]]; then
-export NO_PROXY="${NO_PROXY},${IRONIC_IPV6}"
-fi
-if [[ -n "$IRONIC_IP" ]]; then
-export NO_PROXY="${NO_PROXY},${IRONIC_IP}"
-fi

ironic-image/scripts/ironic-common.sh

@@ -5,11 +5,9 @@ set -euxo pipefail
 # Export IRONIC_IP to avoid needing to lean on IRONIC_URL_HOST for consumption in
 # e.g. dnsmasq configuration
 export IRONIC_IP="${IRONIC_IP:-}"
-IRONIC_IPV6="${IRONIC_IPV6:-}"
 PROVISIONING_INTERFACE="${PROVISIONING_INTERFACE:-}"
 PROVISIONING_IP="${PROVISIONING_IP:-}"
 PROVISIONING_MACS="${PROVISIONING_MACS:-}"
-IRONIC_URL_HOSTNAME="${IRONIC_URL_HOSTNAME:-}"
 IPXE_CUSTOM_FIRMWARE_DIR="${IPXE_CUSTOM_FIRMWARE_DIR:-/shared/custom_ipxe_firmware}"
 CUSTOM_CONFIG_DIR="${CUSTOM_CONFIG_DIR:-/conf}"
 CUSTOM_DATA_DIR="${CUSTOM_DATA_DIR:-/data}"
@@ -35,85 +33,6 @@ export LOCAL_DB_URI="sqlite:///${IRONIC_DB_DIR}/ironic.sqlite"
 
 export IRONIC_USE_MARIADB=${IRONIC_USE_MARIADB:-false}
 
-
-get_ip_of_hostname()
-{
-    if [[ "$#" -ne 2 ]]; then
-        echo "${FUNCNAME}: two parameters required, $# provided" >&2
-        return 1
-    fi
-
-    case $2 in
-        4)
-            QUERY="a";;
-        6)
-            QUERY="aaaa";;
-        *)
-            echo "${FUNCNAME}: the second parameter should be [a|aaaa] for A and AAAA records"
-            return 1;;
-    esac
-
-    local HOSTNAME=$1
-
-    echo $(nslookup -type=${QUERY} "${HOSTNAME}" | tail -n2 | grep -w "Address:" | cut -d " " -f2)
-}
-
-get_interface_of_ip()
-{
-    local IP_VERS=""
-
-    if [[ "$#" -gt 2 ]]; then
-        echo "${FUNCNAME}: too many parameters" >&2
-        return 1
-    fi
-
-    if [[ "$#" -eq 2 ]]; then
-        case $2 in
-        4|6)
-            local IP_VERS="-${2}"
-            ;;
-        *)
-            echo "${FUNCNAME}: the second parameter should be [4|6] (or missing for both)" >&2
-            return 2
-            ;;
-        esac
-    fi
-
-    local IP_ADDR=$1
-
-    # Convert the address using ipcalc which strips out the subnet.
-    # For IPv6 addresses, this will give the short-form address
-    IP_ADDR="$(ipcalc "${IP_ADDR}" | grep "^Address:" | awk '{print $2}')"
-
-    echo $(ip ${IP_VERS} -br addr show scope global | grep -i " ${IP_ADDR}/" | cut -f 1 -d ' ' | cut -f 1 -d '@')
-}
-
-get_ip_of_interface()
-{
-    local IP_VERS=""
-
-    if [[ "$#" -gt 2 ]]; then
-        echo "${FUNCNAME}: too many parameters" >&2
-        return 1
-    fi
-
-    if [[ "$#" -eq 2 ]]; then
-        case $2 in
-        4|6)
-            local IP_VERS="-${2}"
-            ;;
-        *)
-            echo "${FUNCNAME}: the second parameter should be [4|6] (or missing for both)" >&2
-            return 2
-            ;;
-        esac
-    fi
-
-    local IFACE=$1
-
-    echo $(ip ${IP_VERS} -br addr show scope global up dev ${IFACE} | awk '{print $3}' | sed -e 's%/.*%%' | head -n 1)
-}
-
 get_provisioning_interface()
 {
     if [[ -n "$PROVISIONING_INTERFACE" ]]; then
@@ -122,7 +41,13 @@ get_provisioning_interface()
         return
     fi
 
-    local interface=""
+    local interface="provisioning"
+
+    if [[ -n "${PROVISIONING_IP}" ]]; then
+        if ip -br addr show | grep -i " ${PROVISIONING_IP}/" &>/dev/null; then
+            interface="$(ip -br addr show | grep -i " ${PROVISIONING_IP}/" | cut -f 1 -d ' ' | cut -f 1 -d '@')"
+        fi
+    fi
 
     for mac in ${PROVISIONING_MACS//,/ }; do
         if ip -br link show up | grep -i "$mac" &>/dev/null; then
@@ -146,111 +71,32 @@ wait_for_interface_or_ip()
     # available on an interface, otherwise we look at $PROVISIONING_INTERFACE
     # for an IP
     if [[ -n "${PROVISIONING_IP}" ]]; then
-        local IFACE_OF_IP=""
+        # Convert the address using ipcalc which strips out the subnet.
-
+        # For IPv6 addresses, this will give the short-form address
-        until [[ -n "$IFACE_OF_IP" ]]; do
+        IRONIC_IP="$(ipcalc "${PROVISIONING_IP}" | grep "^Address:" | awk '{print $2}')"
-            echo "Waiting for ${PROVISIONING_IP} to be configured on an interface..."
+        export IRONIC_IP
-            IFACE_OF_IP="$(get_interface_of_ip "${PROVISIONING_IP}")"
+        until grep -F " ${IRONIC_IP}/" <(ip -br addr show); do
+            echo "Waiting for ${IRONIC_IP} to be configured on an interface"
             sleep 1
         done
-
-        echo "Found $PROVISIONING_IP on interface \"${IFACE_OF_IP}\"!"
-
-        export PROVISIONING_INTERFACE="$IFACE_OF_IP"
-	# If the IP contains a colon, then it's an IPv6 address
-        if [[ "$PROVISIONING_IP" =~ .*:.* ]]; then
-            export IRONIC_IPV6="$PROVISIONING_IP"
-            export IRONIC_IP=""
-        else
-            export IRONIC_IP="$PROVISIONING_IP"
-        fi
-    elif [[ -n "${IRONIC_IP}" ]]; then
-        if [[ "$IRONIC_IP" =~ .*:.* ]]; then
-            export IRONIC_IPV6="$IRONIC_IP"
-            export IRONIC_IP=""
-        fi
-    elif [[ -n "${PROVISIONING_INTERFACE}" ]]; then
-        until [[ -n "$IRONIC_IPV6" ]] || [[ -n "$IRONIC_IP" ]]; do
-            echo "Waiting for ${PROVISIONING_INTERFACE} interface to be configured..."
-
-            IRONIC_IPV6="$(get_ip_of_interface "${PROVISIONING_INTERFACE}" 6)"
-            sleep 1
-
-            IRONIC_IP="$(get_ip_of_interface "${PROVISIONING_INTERFACE}" 4)"
-            sleep 1
-        done
-
-        if [[ -n "$IRONIC_IPV6" ]]; then
-            echo "Found $IRONIC_IPV6 on interface \"${PROVISIONING_INTERFACE}\"!"
-	    export IRONIC_IPV6
-        fi
-        if [[ -n "$IRONIC_IP" ]]; then
-            echo "Found $IRONIC_IP on interface \"${PROVISIONING_INTERFACE}\"!"
-	    export IRONIC_IP
-        fi
-    elif [[ -n "$IRONIC_URL_HOSTNAME" ]]; then
-        local IPV6_IFACE=""
-        local IPV4_IFACE=""
-        
-        # we should get at least one IP address
-        until [[ -n "$IPV6_IFACE" ]] || [[ -n "$IPV4_IFACE" ]]; do
-            local IPV6_RECORD=""
-            local IPV4_RECORD=""
-
-            IPV6_RECORD="$(get_ip_of_hostname "${IRONIC_URL_HOSTNAME}" 6)"
-            IPV4_RECORD="$(get_ip_of_hostname "${IRONIC_URL_HOSTNAME}" 4)"
-
-            # We couldn't get any IP
-            if [[ -z "$IPV4_RECORD" ]] && [[ -z "$IPV6_RECORD" ]]; then
-                echo "${FUNCNAME}: no valid IP found for hostname ${IRONIC_URL_HOSTNAME}" >&2
-                return 1
-            fi
-
-            echo "Waiting for ${IPV6_RECORD} to be configured on an interface"
-            IPV6_IFACE="$(get_interface_of_ip "${IPV6_RECORD}" 6)"
-            sleep 1
-
-            echo "Waiting for ${IPV4_RECORD} to be configured on an interface"
-            IPV4_IFACE="$(get_interface_of_ip "${IPV4_RECORD}" 4)"
-            sleep 1
-        done
-
-        # Add some debugging output
-        if [[ -n "$IPV6_IFACE" ]]; then
-            echo "Found $IPV6_RECORD on interface \"${IPV6_IFACE}\"!"
-            export IRONIC_IPV6="$IPV6_RECORD"
-        fi
-        if [[ -n "$IPV4_IFACE" ]]; then
-            echo "Found $IPV4_RECORD on interface \"${IPV4_IFACE}\"!"
-            export IRONIC_IP="$IPV4_RECORD"
-        fi
-
-        # Make sure both IPs are asigned to the same interface
-        if [[ -n "$IPV6_IFACE" ]] && [[ -n "$IPV4_IFACE" ]] && [[ "$IPV6_IFACE" != "$IPV4_IFACE" ]]; then
-            echo "Warning, the IPv4 and IPv6 addresses from \"${HOSTNAME}\" are assigned to different " \
-            "interfaces (\"${IPV6_IFACE}\" and \"${IPV4_IFACE}\")" >&2
-        fi
-
     else
-        echo "Cannot determine an interface or an IP for binding and creating URLs"
+        until [[ -n "$IRONIC_IP" ]]; do
-        return 1
+            echo "Waiting for ${PROVISIONING_INTERFACE} interface to be configured"
+            IRONIC_IP="$(ip -br add show scope global up dev "${PROVISIONING_INTERFACE}" | awk '{print $3}' | sed -e 's%/.*%%' | head -n 1)"
+            export IRONIC_IP
+            sleep 1
+        done
     fi
 
-    # Define the URLs based on the what we have found,
+    # If the IP contains a colon, then it's an IPv6 address, and the HTTP
-    # prioritize IPv6 for IRONIC_URL_HOST
+    # host needs surrounding with brackets
-    if [[ -n "$IRONIC_IP" ]]; then
+    if [[ "$IRONIC_IP" =~ .*:.* ]]; then
-        export ENABLE_IPV4=yes
+        export IPV=6
+        export IRONIC_URL_HOST="[$IRONIC_IP]"
+    else
+        export IPV=4
         export IRONIC_URL_HOST="$IRONIC_IP"
     fi
-    if [[ -n "$IRONIC_IPV6" ]]; then
-        export ENABLE_IPV6=yes
-        export IRONIC_URL_HOST="[${IRONIC_IPV6}]" # The HTTP host needs surrounding with brackets
-    fi
-
-    # Once determined if we have IPv4 and/or IPv6, override the hostname if provided
-    if [[ -n "$IRONIC_URL_HOSTNAME" ]]; then
-        IRONIC_URL_HOST=$IRONIC_URL_HOSTNAME
-    fi
 
     # Avoid having to construct full URL multiple times while allowing
     # the override of IRONIC_HTTP_URL for environments in which IRONIC_IP

kubectl-image/Dockerfile

@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%kubectl:1.33.4
+#!BuildTag: %%IMG_PREFIX%%kubectl:1.32.4
-#!BuildTag: %%IMG_PREFIX%%kubectl:1.33.4-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%kubectl:1.32.4-%RELEASE%
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 
@@ -15,11 +15,11 @@ FROM micro AS final
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SLE kubectl image"
 LABEL org.opencontainers.image.description="kubectl on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="1.33.4"
+LABEL org.opencontainers.image.version="1.32.4"
 LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.33.4-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.32.4-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"

kubectl/kubectl.spec

@@ -1,7 +1,7 @@
 %global debug_package %{nil}
 
 Name: kubectl
-Version: 1.33.4
+Version: 1.32.4
 Release: 0
 Summary: Command-line utility for interacting with a Kubernetes cluster
 

metal3-chart/Chart.yaml

@@ -1,28 +1,28 @@
-#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.13_up0.12.3
+#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.10_up0.12.0
-#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.13_up0.12.3-%RELEASE%
+#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.10_up0.12.0-%RELEASE%
 apiVersion: v2
-appVersion: 0.12.3
+appVersion: 0.12.0
 dependencies:
 - alias: metal3-baremetal-operator
   name: baremetal-operator
   repository: file://./charts/baremetal-operator
-  version: 0.10.2
+  version: 0.9.2
 - alias: metal3-ironic
   name: ironic
   repository: file://./charts/ironic
-  version: 0.11.2
+  version: 0.11.0
 - alias: metal3-mariadb
   condition: global.enable_mariadb
   name: mariadb
   repository: file://./charts/mariadb
-  version: 0.6.1
+  version: 0.6.0
 - alias: metal3-media
   condition: global.enable_metal3_media_server
   name: media
   repository: file://./charts/media
-  version: 0.6.5
+  version: 0.6.4
 description: A Helm chart that installs all of the dependencies needed for Metal3
 icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg
 name: metal3
 type: application
-version: "%%CHART_MAJOR%%.0.13+up0.12.3"
+version: "%%CHART_MAJOR%%.0.10+up0.12.0"

metal3-chart/charts/baremetal-operator/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
-appVersion: 0.10.2
+appVersion: 0.9.1
 description: A Helm chart for baremetal-operator, used by Metal3
 name: baremetal-operator
 type: application
-version: 0.10.2
+version: 0.9.2

metal3-chart/charts/baremetal-operator/crds/customresource-baremetalhosts.yaml

@@ -202,11 +202,6 @@ spec:
                 description: Description is a human-entered text used to help identify
                   the host.
                 type: string
-              disablePowerOff:
-                description: |-
-                  When set to true, power off of the node will be disabled,
-                  instead, a reboot will be used in place of power on/off
-                type: boolean
               externallyProvisioned:
                 description: |-
                   ExternallyProvisioned means something else has provisioned the

metal3-chart/charts/baremetal-operator/templates/_helpers.tpl

@@ -61,19 +61,3 @@ Create the name of the service account to use
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
-
-{{/*
-Create the URL to use for connecting to the Ironic servers (e.g. API, cache)
-*/}}
-{{- define "baremetal-operator.ironicHttpHost" -}}
-{{- $hostIP := include "metal3.hostIP" . -}}
-{{- with .Values.global }}
-{{- if .provisioningHostname }}
-{{- .provisioningHostname }}
-{{- else if regexMatch ".*:.*" $hostIP}}
-{{- print "[" $hostIP "]" }}
-{{- else }}
-{{- $hostIP }}
-{{- end }}
-{{- end }}
-{{- end }}

metal3-chart/charts/baremetal-operator/templates/configmap-ironic.yaml

@@ -1,10 +1,10 @@
   {{- $enableTLS := .Values.global.enable_tls }}
   {{- $enableVMediaTLS := .Values.global.enable_vmedia_tls }}
   {{- $protocol := ternary "https" "http" $enableTLS }}
-  {{- $ironicHost := include "baremetal-operator.ironicHttpHost" . | required "Missing host information for BMO to connect to Ironic" }}
+  {{- $ironicIP := .Values.global.ironicIP | default "" }}
-  {{- $ironicApiHost := print $ironicHost ":6385" }}
+  {{- $ironicApiHost := print $ironicIP ":6385" }}
-  {{- $ironicBootHost := print $ironicHost ":6180" }}
+  {{- $ironicBootHost := print $ironicIP ":6180" }}
-  {{- $ironicCacheHost := print $ironicHost ":6180" }}
+  {{- $ironicCacheHost := print $ironicIP ":6180" }}
   {{- $deployArch := .Values.global.deployArchitecture }}
 
 apiVersion: v1
@@ -12,8 +12,8 @@ data:
   IRONIC_ENDPOINT: "{{ $protocol }}://{{ $ironicApiHost }}/v1/"
   # Switch VMedia to HTTP if enable_vmedia_tls is false
   {{- if and $enableTLS $enableVMediaTLS }}
-    {{- $ironicBootHost = print $ironicHost ":" .Values.global.vmediaTLSPort }}
+    {{- $ironicBootHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
-    {{- $ironicCacheHost = print $ironicHost ":" .Values.global.vmediaTLSPort }}
+    {{- $ironicCacheHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
     {{- $protocol = "https" }}
   RESTART_CONTAINER_CERTIFICATE_UPDATED: "true"
   {{- else }}

metal3-chart/charts/baremetal-operator/templates/metrics_service.yaml

@@ -6,7 +6,6 @@ metadata:
     control-plane: controller-manager
   name: {{ include "baremetal-operator.fullname" . }}-controller-manager-metrics-service
 spec:
-  ipFamilyPolicy: PreferDualStack
   ports:
   - name: https
     port: 8443

metal3-chart/charts/baremetal-operator/templates/service-webhook.yaml

@@ -5,7 +5,6 @@ metadata:
     {{- include "baremetal-operator.labels" . | nindent 4 }}
   name: {{ include "baremetal-operator.fullname" . }}-webhook-service
 spec:
-  ipFamilyPolicy: PreferDualStack
   ports:
   - port: 443
     targetPort: 9443

metal3-chart/charts/baremetal-operator/values.yaml

@@ -28,7 +28,7 @@ images:
   baremetalOperator:
     repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/baremetal-operator
     pullPolicy: IfNotPresent
-    tag: "0.10.2.0"
+    tag: "0.9.1.1"
 
 imagePullSecrets: []
 nameOverride: "manger"

metal3-chart/charts/ironic/Chart.yaml

@@ -3,4 +3,4 @@ appVersion: 29.0.4
 description: A Helm chart for Ironic, used by Metal3
 name: ironic
 type: application
-version: 0.11.2
+version: 0.11.0

metal3-chart/charts/ironic/templates/_helpers.tpl

@@ -83,50 +83,3 @@ Get ironic CA volumeMounts
   readOnly: true
 {{- end }}
 {{- end }}
-
-{{/*
-Get the formatted "External" hostname or IP based URL
-*/}}
-{{- define "ironic.externalHttpUrl" }}
-{{- $host := ternary (include "metal3.hostIP" .) .Values.global.externalHttpHost (empty .Values.global.externalHttpHost) }}
-{{- if regexMatch ".*:.*" $host }}
-{{- $host = print "[" $host "]" }}
-{{- end }}
-{{- $protocol := "http" }}
-{{- $port := "6180" }}
-{{- if .Values.global.enable_vmedia_tls }}
-{{- $protocol = "https" }}
-{{- $port = .Values.global.vmediaTLSPort | default "6185" }}
-{{- end }}
-{{- print $protocol "://" $host ":" $port }}
-{{- end }}
-
-{{/*
-Get the command to use for Liveness and Readiness probes
-*/}}
-{{- define "ironic.probeCommand" }}
-{{- $host := "127.0.0.1" }}
-{{- if eq .Values.listenOnAll false }}
-{{- $host = coalesce .Values.global.provisioningIP .Values.global.ironicIP .Values.global.provisioningHostname }}
-{{- if regexMatch ".*:.*" $host }}
-{{- $host = print "[" $host "]" }}
-{{- end }}
-{{- end }}
-{{- print "curl -sSfk https://" $host ":6385" }}
-{{- end }}
-
-{{/*
-Create the subjectAltNames section to be set on the Certificate
-*/}}
-{{- define "ironic.subjectAltNames" -}}
-{{- with .Values.global }}
-{{- if .provisioningHostname }}
-dnsNames:
-- {{ .provisioningHostname }}
-{{- end -}}
-{{- if or .ironicIP .provisioningIP }}
-ipAddresses:
-  - {{ coalesce .provisioningIP .ironicIP }}
-{{- end }}
-{{- end }}
-{{- end }}

metal3-chart/charts/ironic/templates/certificates.yaml

@@ -6,7 +6,8 @@ metadata:
 spec:
   commonName: ironic-ca
   isCA: true
-  {{- include "ironic.subjectAltNames" . | indent 2 }}
+  ipAddresses:
+  - {{ .Values.global.ironicIP }}
   issuerRef:
     kind: Issuer
     name: selfsigned-issuer
@@ -18,7 +19,8 @@ metadata:
   name: ironic-cert
 spec:
   commonName: ironic-cert
-  {{- include "ironic.subjectAltNames" . | indent 2 }}
+  ipAddresses:
+  - {{ .Values.global.ironicIP }}
   issuerRef:
     kind: Issuer
     name: ca-issuer
@@ -31,7 +33,8 @@ metadata:
   name: ironic-vmedia-cert
 spec:
   commonName: ironic-vmedia-cert
-  {{- include "ironic.subjectAltNames" . | indent 2 }}
+  ipAddresses:
+  - {{ .Values.global.ironicIP }}
   issuerRef:
     kind: Issuer
     name: ca-issuer

metal3-chart/charts/ironic/templates/configmap.yaml

@@ -5,9 +5,16 @@ metadata:
   labels:
     {{- include "ironic.labels" . | nindent 4 }}
 data:
+  {{- $enableTLS := .Values.global.enable_tls }}
+  {{- $enableVMediaTLS := .Values.global.enable_vmedia_tls }}
+  {{- $protocol := ternary "https" "http" $enableTLS }}
+  {{- $ironicIP := .Values.global.ironicIP | default "" }}
+  {{- $ironicBootHost := print $ironicIP ":6180" }}
+  {{- $ironicCacheHost := print $ironicIP ":6180" }}
   {{- $deployArch := .Values.global.deployArchitecture }}
 
   {{- if  ( .Values.global.enable_dnsmasq ) }}
+  DNSMASQ_BOOT_SERVER_ADDRESS: {{ $ironicBootHost }}
   DNSMASQ_DNS_SERVER_ADDRESS: {{ .Values.global.dnsmasqDNSServer }}
   DNSMASQ_DEFAULT_ROUTER: {{ .Values.global.dnsmasqDefaultRouter }}
   DHCP_RANGE: {{ .Values.global.dhcpRange }}
@@ -17,21 +24,29 @@ data:
   {{- end }}
   HTTP_PORT: "6180"
   PREDICTABLE_NIC_NAMES: "{{ .Values.global.predictableNicNames }}"
-  IRONIC_EXTERNAL_HTTP_URL: {{ include "ironic.externalHttpUrl" . }}
+  # Switch VMedia to HTTP if enable_vmedia_tls is false
+  {{- if and $enableTLS $enableVMediaTLS }}
+    {{- $ironicBootHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
+    {{- $ironicCacheHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
+    {{- $protocol = "https" }}
+  {{- else }}
+    {{- $protocol = "http" }}
+  {{- end }}
+  IRONIC_EXTERNAL_HTTP_URL: {{ $protocol }}://{{ $ironicCacheHost }}
   DEPLOY_ARCHITECTURE: {{ $deployArch }}
+  IRONIC_BOOT_BASE_URL: {{ $protocol }}://{{ $ironicBootHost }}
   ENABLE_PXE_BOOT: "{{ .Values.global.enable_pxe_boot }}"
   {{- if .Values.global.provisioningInterface }}
   PROVISIONING_INTERFACE: {{ .Values.global.provisioningInterface }}
   {{- end }}
   {{- if .Values.global.provisioningIP }}
-  PROVISIONING_IP: {{ include "metal3.hostIP" . }}
+  PROVISIONING_IP: {{ .Values.global.provisioningIP }}
-  {{- else if .Values.global.ironicIP }}
-  IRONIC_IP: {{ include "metal3.hostIP" . }}
-  {{- else if .Values.global.provisioningHostname }}
-  IRONIC_URL_HOSTNAME: {{ .Values.global.provisioningHostname }}
   {{- end }}
   IRONIC_FAST_TRACK: "true"
-  LISTEN_ALL_INTERFACES: "{{ .Values.listenOnAll }}"
+  LISTEN_ALL_INTERFACES: "true"
+  {{- if .Values.global.ironicIP }}
+  IRONIC_IP: {{ .Values.global.ironicIP }}
+  {{- end }}
   {{- if  ( .Values.global.enable_tls ) }}
   RESTART_CONTAINER_CERTIFICATE_UPDATED: "true"
   IRONIC_KERNEL_PARAMS: {{ .Values.global.ironicKernelParams }} tls.enabled=true

metal3-chart/charts/ironic/templates/deployment.yaml

@@ -42,7 +42,7 @@ spec:
             name: ironic
         livenessProbe:
           exec:
-            command: ["sh", "-c", "{{ include "ironic.probeCommand" . }}"]
+            command: ["sh", "-c", "curl -sSfk https://127.0.0.1:6385"]
           failureThreshold: 10
           initialDelaySeconds: 30
           periodSeconds: 30
@@ -60,7 +60,7 @@ spec:
         {{- end }}
         readinessProbe:
           exec:
-            command: ["sh", "-c", "{{ include "ironic.probeCommand" . }}"]
+            command: ["sh", "-c", "curl -sSfk https://127.0.0.1:6385"]
           failureThreshold: 10
           initialDelaySeconds: 30
           periodSeconds: 30

metal3-chart/charts/ironic/templates/service.yaml

@@ -10,7 +10,6 @@ metadata:
   {{- end }}
 spec:
   type: {{ .Values.service.type }}
-  ipFamilyPolicy: PreferDualStack
   ports:
   {{- $enableTLS := .Values.global.enable_tls }}
   {{- $enableVMediaTLS := .Values.global.enable_vmedia_tls }}

metal3-chart/charts/ironic/values.yaml

@@ -32,12 +32,6 @@ global:
   # IP Address assigned to network interface on provisioning network
   provisioningIP: ""
 
-  # Fully Qualified Domain Name used by Ironic for both binding (to the
-  # associated IPv4 and/or IPv6 addresses) and exposing the API, dnsmask and
-  # media, also used by BMO. Note, this is the only way to enable a fully
-  # working dual-stack configuration.
-  provisioningHostname: ""
-
   # Whether the NIC names should be predictable or not
   predictableNicNames: "true"
 
@@ -58,13 +52,11 @@ global:
 
 replicaCount: 1
 
-listenOnAll: true
-
 images:
   ironic:
     repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
     pullPolicy: IfNotPresent
-    tag: 29.0.4.1
+    tag: 29.0.4.0
   ironicIPADownloader:
     repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic-ipa-downloader
     pullPolicy: IfNotPresent

metal3-chart/charts/mariadb/Chart.yaml

@@ -3,4 +3,4 @@ appVersion: "10.11"
 description: A Helm chart for MariaDB, used by Metal3
 name: mariadb
 type: application
-version: 0.6.1
+version: 0.6.0

metal3-chart/charts/mariadb/templates/service.yaml

@@ -5,7 +5,6 @@ metadata:
   labels:
     {{- include "mariadb.labels" . | nindent 4 }}
 spec:
-  ipFamilyPolicy: PreferDualStack
   type: {{ .Values.service.type }}
   selector:
     {{- include "mariadb.selectorLabels" . | nindent 4 }}

metal3-chart/charts/media/Chart.yaml

@@ -3,4 +3,4 @@ appVersion: 1.16.0
 description: A Helm chart for Media, used by Metal3
 name: media
 type: application
-version: 0.6.5
+version: 0.6.4

metal3-chart/charts/media/templates/service.yaml

@@ -5,7 +5,6 @@ metadata:
   labels:
     {{- include "media.labels" . | nindent 4 }}
 spec:
-  ipFamilyPolicy: PreferDualStack
   type: {{ .Values.service.type }}
   ports:
     - port: {{ .Values.service.port }}

metal3-chart/charts/media/values.yaml

@@ -24,7 +24,7 @@ replicaCount: 1
 image:
   repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
   pullPolicy: IfNotPresent
-  tag: 29.0.4.1
+  tag: 29.0.4.0
 
 imagePullSecrets: []
 nameOverride: ""

metal3-chart/templates/_helpers.tpl

@@ -60,18 +60,3 @@ Create the name of the service account to use
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
-
-{{/*
-Produce the correct IP or hostname for Ironic provisioning
-*/}}
-{{- define "metal3.hostIP" -}}
-{{- with .Values.global }}
-{{- if and .provisioningHostname (or .provisioningIP .ironicIP) }}
-{{  fail "Please provide either provisioningHostname or provisioningIP or ironicIP" }}
-{{- end }}
-{{- if and .provisioningIP .ironicIP }}
-{{  fail "Please provide either ironicIP or provisioningIP" }}
-{{- end }}
-{{- coalesce .provisioningIP .ironicIP }}
-{{- end }}
-{{- end }}

metal3-chart/values.yaml

@@ -60,15 +60,6 @@ global:
   # IP Address assigned to network interface on provisioning network
   provisioningIP: ""
 
-  # Fully Qualified Domain Name used by Ironic for both binding (to the 
-  # associated IPv4 and/or IPv6 addresses) and exposing the API, dnsmask and
-  # media, also used by BMO. Note, this is the only way to enable a fully
-  # working dual-stack configuration.
-  provisioningHostname: ""
-
-  # Hostname or IP for accessing the Ironic API server from a non-provisioning network
-  externalHttpHost: ""
-
   # Name for the MariaDB service
   databaseServiceName: metal3-mariadb
 

nessie-image/Dockerfile

@@ -1,31 +0,0 @@
-# SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%nessie:%%nessie_version%%
-#!BuildTag: %%IMG_PREFIX%%nessie:%%nessie_version%%-%RELEASE%
-
-ARG SLE_VERSION
-FROM registry.suse.com/bci/bci-base:$SLE_VERSION
-
-# labelprefix=com.suse.application.nessie
-LABEL org.opencontainers.image.title="nessie"
-LABEL org.opencontainers.image.description="Nessie diagnostic tool for SUSE Kubernetes environments"
-LABEL org.opencontainers.image.version="%%nessie_version%%"
-LABEL org.opencontainers.image.authors="George Agriogiannis <george.agriogiannis2@suse.com>"
-LABEL org.opencontainers.image.url="https://github.com/suse-edge/support-tools/tree/main/nessie"
-LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opencontainers.image.created="%BUILDTIME%"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%nessie:%%nessie_version%%-%RELEASE%"
-LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
-LABEL com.suse.eula="SUSE Combined EULA February 2024"
-LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
-LABEL com.suse.image-type="application"
-LABEL com.suse.release-stage="released"
-# endlabelprefix
-
-RUN zypper --non-interactive refresh && \
-    zypper --non-interactive install --no-recommends nessie && \
-    zypper clean
-
-WORKDIR /tmp
-
-ENTRYPOINT ["/usr/bin/nessie"]

nessie-image/_service

@@ -1,19 +0,0 @@
-<services>
-  <service mode="buildtime" name="kiwi_metainfo_helper"/>
-  <service mode="buildtime" name="docker_label_helper"/>
-  <service name="replace_using_package_version" mode="buildtime">
-    <param name="file">Dockerfile</param>
-    <param name="regex">%%nessie_version%%</param>
-    <param name="package">nessie</param>
-    <param name="parse-version">patch</param>
-  </service>
-  <service name="replace_using_env" mode="buildtime">
-    <param name="file">Dockerfile</param>
-    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
-    <param name="var">IMG_PREFIX</param>
-    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
-    <param name="var">IMG_REPO</param>
-    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
-    <param name="var">SUPPORT_LEVEL</param>
-  </service>
-</services>

nessie/_service

@@ -1,26 +0,0 @@
-<services>
-  <service name="obs_scm">
-    <param name="url">https://github.com/suse-edge/support-tools</param>
-    <param name="scm">git</param>
-    <param name="revision">nessie-v1.0.0</param>
-    <param name="version">_auto_</param>
-    <param name="versionformat">@PARENT_TAG@</param>
-    <param name="changesgenerate">enable</param>
-    <param name="changesauthor">george.agriogiannis2@suse.com</param>
-    <param name="match-tag">nessie-v*</param>
-    <param name="versionrewrite-pattern">nessie-v(\d+\.\d+\.\d+)</param>
-    <param name="versionrewrite-replacement">\1</param>
-    <param name="subdir">nessie</param>
-    <param name="exclude">.git</param>
-    <param name="without-version">yes</param>
-    <param name="filename">nessie</param>
-  </service>
-  <service mode="buildtime" name="tar">
-    <param name="obsinfo">nessie.obsinfo</param>
-  </service>
-  <service mode="buildtime" name="recompress">
-    <param name="file">*.tar</param>
-    <param name="compression">gz</param>
-  </service>
-  <service mode="buildtime" name="set_version" />
-</services>

nessie/nessie.spec

@@ -1,80 +0,0 @@
-#
-# spec file for package nessie
-#
-# Copyright (c) 2024 SUSE LLC
-#
-# All modifications and additions to the file contributed by third parties
-# remain the property of their copyright owners, unless otherwise agreed
-# upon. The license for this file, and modifications and additions to the
-# file, is the same license as for the pristine package itself (unless the
-# license for the pristine package is not an Open Source License, in which
-# case the license is the MIT License). An "Open Source License" is a
-# license that conforms to the Open Source Definition (Version 1.9)
-# published by the Open Source Initiative.
-
-# Please submit bugfixes or comments via https://bugs.opensuse.org/
-#
-
-Name:           nessie
-# Version will be set automatically by factory's set_version service
-Version:        1.0.0
-Release:        0
-Summary:        Node Environment Support Script for Inspection and Export
-License:        Apache-2.0
-Group:          System/Management
-URL:            https://github.com/suse-edge/support-tools/tree/main/nessie
-Source0:        %{name}-%{version}.tar.gz
-BuildArch:      noarch
-
-# Build dependencies
-BuildRequires:  python3-devel
-
-# Runtime dependencies
-Requires:       python3
-Requires:       python3-kubernetes
-Requires:       python3-PyYAML
-Requires:       helm
-Requires:       systemd
-
-# Optional dependencies for enhanced functionality
-Recommends:     util-linux
-
-%description
-Nessie (Node Environment Support Script for Inspection and Export) is a
-comprehensive diagnostic tool for SUSE Kubernetes environments. It collects
-logs, configurations, and system information from Kubernetes clusters for
-troubleshooting and support purposes.
-
-Key features:
-- Collects system service logs and Kubernetes pod logs
-- Gathers cluster configurations and Helm releases
-- Retrieves node metrics and component versions
-- Supports RKE2 and K3s environments
-- Fault-tolerant with configurable options
-- Can be run directly or as a container
-
-The tool is designed specifically for SUSE Edge environments and integrates
-well with SUSE Linux Micro, RKE2, and K3s distributions.
-
-%prep
-%autosetup
-
-%build
-# Validate Python syntax
-python3 -m py_compile nessie.py
-
-%install
-# Install the main script
-install -D -m 0755 nessie.py %{buildroot}%{_bindir}/nessie
-
-# Install documentation files
-install -D -m 0644 README.md %{buildroot}%{_docdir}/%{name}/README.md
-install -D -m 0644 LICENSE %{buildroot}%{_docdir}/%{name}/LICENSE
-
-%files
-%{_bindir}/nessie
-%dir %{_docdir}/%{name}
-%doc %{_docdir}/%{name}/README.md
-%license %{_docdir}/%{name}/LICENSE
-
-%changelog

rancher-turtles-chart/values.yaml

@@ -22,7 +22,7 @@ rancherTurtles:
   # rancherInstalled: True if Rancher already installed is in the cluster, this is the preferred installation way.
   rancherInstalled: false
   # kubectlImage: Image for kubectl tasks.
-  kubectlImage: "%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.33.4"
+  kubectlImage: "%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.32.4"
   # features: Optional and experimental features.
   features:
     # day2operations: Alpha feature.

release-manifest-image/release_manifest.yaml

@@ -7,7 +7,7 @@ spec:
   components:
     kubernetes:
       k3s:
-        version: v1.33.3+k3s1
+        version: v1.32.4+k3s1
         coreComponents:
           - name: traefik-crd
             version: 34.2.1+up34.2.0
@@ -31,46 +31,46 @@ spec:
                 image: rancher/mirrored-metrics-server:v0.7.2
             type: Deployment
       rke2:
-        version: v1.33.3+rke2r1
+        version: v1.32.4+rke2r1
         coreComponents:
           - name: rke2-cilium
-            version: 1.17.600
+            version: 1.17.300
             type: HelmChart
           - name: rke2-canal
-            version: v3.30.2-build2025071100
+            version: v3.29.3-build2025040801
             type: HelmChart
           - name: rke2-calico-crd
-            version: v3.30.100
+            version: v3.29.101
             type: HelmChart
           - name: rke2-calico
-            version: v3.30.100
+            version: v3.29.300
             type: HelmChart
           - name: rke2-coredns
-            version: 1.42.302
+            version: 1.39.201
             type: HelmChart
           - name: rke2-ingress-nginx
-            version: 4.12.401
+            version: 4.12.101
             type: HelmChart
           - name: rke2-metrics-server
-            version: 3.12.203
+            version: 3.12.200
             type: HelmChart
           - name: rancher-vsphere-csi
-            version: 3.3.1-rancher1000
+            version: 3.3.1-rancher900
             type: HelmChart
           - name: rancher-vsphere-cpi
-            version: 1.11.000
+            version: 1.10.000
             type: HelmChart
           - name: harvester-cloud-provider
-            version: 0.2.1000
+            version: 0.2.900
             type: HelmChart
           - name: harvester-csi-driver
-            version: 0.1.2400
+            version: 0.1.2300
             type: HelmChart
           - name: rke2-snapshot-controller-crd
-            version: 4.0.003
+            version: 4.0.002
             type: HelmChart
           - name: rke2-snapshot-controller
-            version: 4.0.003
+            version: 4.0.002
             type: HelmChart
           # Deprecated this empty chart addon can be removed in v1.34
           - name: rke2-snapshot-validation-webhook
@@ -89,20 +89,20 @@ spec:
         - prettyName: Rancher
           releaseName: rancher
           chart: rancher
-          version: 2.12.1-alpha1
+          version: 2.11.2
-          repository: https://releases.rancher.com/server-charts/alpha
+          repository: https://charts.rancher.com/server-charts/prime
           values:
             postDelete:
               enabled: false
         - prettyName: Longhorn
           releaseName: longhorn
           chart: longhorn
-          version: 106.2.1+up1.8.2
+          version: 106.2.0+up1.8.1
           repository: https://charts.rancher.io
           dependencyCharts:
             - releaseName: longhorn-crd
               chart: longhorn-crd
-              version: 106.2.1+up1.8.2
+              version: 106.2.0+up1.8.1
               repository: https://charts.rancher.io
         - prettyName: MetalLB
           releaseName: metallb
@@ -123,12 +123,12 @@ spec:
         - prettyName: NeuVector
           releaseName: neuvector
           chart: neuvector
-          version: 107.0.0+up2.8.7
+          version: 106.0.1+up2.8.6
           repository: https://charts.rancher.io
           dependencyCharts:
             - releaseName: neuvector-crd
               chart: neuvector-crd
-              version: 107.0.0+up2.8.7
+              version: 106.0.1+up2.8.6
               repository: https://charts.rancher.io
           addonCharts:
             - releaseName: neuvector-ui-ext
@@ -142,11 +142,11 @@ spec:
         - prettyName: Elemental
           releaseName: elemental-operator
           chart: oci://registry.suse.com/rancher/elemental-operator-chart
-          version: 1.7.3
+          version: 1.6.8
           dependencyCharts:
             - releaseName: elemental-operator-crds
               chart: oci://registry.suse.com/rancher/elemental-operator-crds-chart
-              version: 1.7.3
+              version: 1.6.8
           addonCharts:
             - releaseName: elemental
               chart: elemental
@@ -171,7 +171,7 @@ spec:
         - prettyName: Metal3
           releaseName: metal3
           chart: '%%CHART_REPO%%/%%CHART_PREFIX%%metal3'
-          version: '%%CHART_MAJOR%%.0.13+up0.12.3'
+          version: '%%CHART_MAJOR%%.0.10+up0.12.0'
         - prettyName: RancherTurtles
           releaseName: rancher-turtles
           chart: '%%CHART_REPO%%/%%CHART_PREFIX%%rancher-turtles'

upgrade-controller-chart/values.yaml

@@ -15,7 +15,7 @@ env:
     image: %%MANIFEST_REPO%%/%%IMG_PREFIX%%release-manifest
   kubectl:
     image: %%IMG_REPO%%/%%IMG_PREFIX%%kubectl
-    version: 1.33.4
+    version: 1.32.4
 
 imagePullSecrets: []
 nameOverride: ""