merge upstream

[3.3.1] - bump kube rbac proxy version
2025-08-18 11:41:04 +02:00 · 2025-06-11 16:35:02 +03:00
307 changed files with 34465 additions and 8891 deletions
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,170 +1,15 @@
 [submodule "obs-service-set_version"]
 	path = obs-service-set_version
 	url = https://src.opensuse.org/SLFO-pool/obs-service-set_version.git
 [submodule "cri-tools"]
 	path = cri-tools
 	url = https://src.opensuse.org/pool/cri-tools.git
 [submodule "fakeroot"]
 	path = fakeroot
 	url = https://src.opensuse.org/pool/fakeroot.git
 [submodule "crudini"]
 	path = crudini
 	url = https://src.opensuse.org/pool/crudini.git
-[submodule "cni-plugins"]
+[submodule "autoconf"]
-	path = cni-plugins
+	path = autoconf
-	url = https://src.opensuse.org/pool/cni-plugins
+	url = https://src.opensuse.org/SLFO-pool/autoconf.git
 [submodule "python-kubernetes"]
 	path = python-kubernetes
 	url = https://src.opensuse.org/pool/python-kubernetes
 	branch = leap-16.0
 [submodule "python-durationpy"]
 	path = python-durationpy
 	url = https://src.opensuse.org/pool/python-durationpy
 	branch = leap-16.0
 [submodule "python-recommonmark"]
 	path = python-recommonmark
 	url = https://src.opensuse.org/pool/python-recommonmark
 	branch = leap-16.0
 [submodule "python-iniparse"]
 	path = python-iniparse
 	url = https://src.opensuse.org/pool/python-iniparse
 	branch = leap-16.0
 [submodule "python-commonmark"]
 	path = python-commonmark
 	url = https://src.opensuse.org/pool/python-commonmark
 	branch = leap-16.0
 [submodule "cni"]
 	path = cni
 	url = https://src.opensuse.org/pool/cni
 [submodule "python-tenacity"]
 	path = python-tenacity
 	url = https://src.opensuse.org/pool/python-tenacity
 [submodule "python-pint"]
 	path = python-pint
 	url = https://src.opensuse.org/pool/python-pint
 	branch = leap-16.0
 [submodule "python-flexcache"]
 	path = python-flexcache
 	url = https://src.opensuse.org/pool/python-flexcache
 	branch = leap-16.0
 [submodule "python-flexparser"]
 	path = python-flexparser
 	url = https://src.opensuse.org/pool/python-flexparser
 	branch = leap-16.0
 [submodule "python-uncertainties"]
 	path = python-uncertainties
 	url = https://src.opensuse.org/pool/python-uncertainties
 	branch = leap-16.0
 [submodule "python-dogpile.cache"]
 	path = python-dogpile.cache
 	url = https://src.opensuse.org/pool/python-dogpile.cache
 	branch = leap-16.0
 [submodule "python-pytest-mpl"]
 	path = python-pytest-mpl
 	url = https://src.opensuse.org/pool/python-pytest-mpl
 	branch = leap-16.0
 [submodule "python-zeroconf"]
 	path = python-zeroconf
 	url = https://src.opensuse.org/pool/python-zeroconf
 	branch = leap-16.0
 [submodule "python-ifaddr"]
 	path = python-ifaddr
 	url = https://src.opensuse.org/pool/python-ifaddr
 	branch = leap-16.0
 [submodule "python-yappi"]
 	path = python-yappi
 	url = https://src.opensuse.org/pool/python-yappi
 [submodule "python-routes"]
 	path = python-routes
 	url = https://src.opensuse.org/pool/python-routes
 	branch = leap-16.0
 [submodule "python-repoze.lru"]
 	path = python-repoze.lru
 	url = https://src.opensuse.org/pool/python-repoze.lru
 	branch = leap-16.0
 [submodule "ipxe"]
 	path = ipxe
 	url = https://src.opensuse.org/pool/ipxe
 	branch = leap-16.0
 [submodule "python-setproctitle"]
 	path = python-setproctitle
 	url = https://src.opensuse.org/pool/python-setproctitle
 	branch = leap-16.0
 [submodule "python-requests-kerberos"]
 	path = python-requests-kerberos
 	url = https://src.opensuse.org/pool/python-requests-kerberos
 	branch = leap-16.0
 [submodule "python-pecan"]
 	path = python-pecan
 	url = https://src.opensuse.org/pool/python-pecan
 	branch = leap-16.0
 [submodule "python-pycdlib"]
 	path = python-pycdlib
 	url = https://src.opensuse.org/pool/python-pycdlib
 [submodule "python-cliff"]
 	path = python-cliff
 	url = https://src.opensuse.org/pool/python-cliff
 [submodule "python-autopage"]
 	path = python-autopage
 	url = https://src.opensuse.org/pool/python-autopage
 [submodule "python-cmd2"]
 	path = python-cmd2
 	url = https://src.opensuse.org/pool/python-cmd2
 	branch = leap-16.0
 [submodule "uwsgi"]
 	path = uwsgi
 	url = https://src.opensuse.org/pool/uwsgi
 	branch = leap-16.0
 [submodule "python-requestsexceptions"]
 	path = python-requestsexceptions
 	url = https://src.opensuse.org/pool/python-requestsexceptions
 [submodule "python-python-memcached"]
 	path = python-python-memcached
 	url = https://src.opensuse.org/pool/python-python-memcached
 [submodule "python-kombu"]
 	path = python-kombu
 	url = https://src.opensuse.org/pool/python-kombu
 [submodule "python-amqp"]
 	path = python-amqp
 	url = https://src.opensuse.org/pool/python-amqp
 	branch = leap-16.0
 [submodule "python-statsd"]
 	path = python-statsd
 	url = https://src.opensuse.org/pool/python-statsd
 [submodule "python-warlock"]
 	path = python-warlock
 	url = https://src.opensuse.org/pool/python-warlock
 [submodule "python-case"]
 	path = python-case
 	url = https://src.opensuse.org/pool/python-case
 	branch = leap-16.0
 [submodule "python-vine"]
 	path = python-vine
 	url = https://src.opensuse.org/pool/python-vine
 	branch = leap-16.0
 [submodule "python-Pyro5"]
 	path = python-Pyro5
 	url = https://src.opensuse.org/pool/python-Pyro5
 	branch = leap-16.0
 [submodule "python-pre-commit"]
 	path = python-pre-commit
 	url = https://src.opensuse.org/pool/python-pre-commit
 [submodule "python-serpent"]
 	path = python-serpent
 	url = https://src.opensuse.org/pool/python-serpent
 	branch = leap-16.0
 [submodule "python-google-cloud-monitoring"]
 	path = python-google-cloud-monitoring
 	url = https://src.opensuse.org/pool/python-google-cloud-monitoring
 [submodule "python-google-cloud-pubsub"]
 	path = python-google-cloud-pubsub
 	url = https://src.opensuse.org/pool/python-google-cloud-pubsub
 [submodule "python-cfgv"]
 	path = python-cfgv
 	url = https://src.opensuse.org/pool/python-cfgv
 [submodule "python-identify"]
 	path = python-identify
 	url = https://src.opensuse.org/pool/python-identify
 [submodule "python-pandas"]
 	path = python-pandas
 	url = https://src.opensuse.org/pool/python-pandas
 [submodule "python-grpc-google-iam-v1"]
 	path = python-grpc-google-iam-v1
 	url = https://src.opensuse.org/pool/python-grpc-google-iam-v1
 [submodule "python-editdistance"]
 	path = python-editdistance
 	url = https://src.opensuse.org/pool/python-editdistance
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -3,7 +3,7 @@ repos:
    hooks:
      - id: check-manifest
        name: "Check release-manifest"
-        entry: python3 .obs/manifest-check.py
+        entry: .obs/manifest-check.py
        language: python
        additional_dependencies: ['ruamel.yaml']
        pass_filenames: false
--- a/126
+++ b/126
@@ -1,11 +1,8 @@
-Prefer: -libqpid-proton10 -python313-urllib3_1
+Prefer: -libqpid-proton10 -python311-urllib3_1
-Prefer: -cargo1.58 -cargo1.57 cargo1.89
+Prefer: -cargo1.58 -cargo1.57 cargo1.88
 Prefer: chrony-pool-suse
 Prefer: -postgresql17-devel-mini
 BuildFlags: excludebuild:python-pandas:test-py313
 Macros:
 %__python3 /usr/bin/python3.11
 %registry_url %(echo %{vendor} | cut -d '/' -f 3 | sed 's/build/registry/')
 :Macros
@@ -49,43 +46,67 @@ Macros:
 :Macros
 %endif
 # Missing deps for testsuite
 BuildFlags: excludebuild:autoconf:el
 BuildFlags: excludebuild:autoconf:testsuite
 # Only build manifest embedding images here
 %if "%_repository" == "test_manifest_images"
 BuildFlags: onlybuild:edge-image-builder-image
 BuildFlags: onlybuild:release-manifest-image
-%else
+  # Exclude the images selected by the following section
-# Only a subset of stack is arm64 ready exclude what is not ready
+  # as the standard repository is a dependency
  %ifarch aarch64
-    # Akri
+    BuildFlags: excludebuild:baremetal-operator-image
-    BuildFlags: excludebuild:akri
+    BuildFlags: excludebuild:endpoint-copier-operator-image
-    BuildFlags: excludebuild:akri-agent-image
+    BuildFlags: excludebuild:ironic-image
-    BuildFlags: excludebuild:akri-controller-image
+    BuildFlags: excludebuild:ironic-ipa-downloader-image
-    BuildFlags: excludebuild:akri-debug-echo-discovery-handler-image
+    BuildFlags: excludebuild:kiwi-builder-image
-    BuildFlags: excludebuild:akri-onvif-discovery-handler-image
+    BuildFlags: excludebuild:kubectl-image
-    BuildFlags: excludebuild:akri-opcua-discovery-handler-image
+    BuildFlags: excludebuild:kube-rbac-proxy-image
-    BuildFlags: excludebuild:akri-udev-discovery-handler-image
+    BuildFlags: excludebuild:metallb-controller-image
-    BuildFlags: excludebuild:akri-webhook-configuration-image
+    BuildFlags: excludebuild:metallb-speaker-image
-    BuildFlags: excludebuild:cri-tools
+  %endif
-
+%else
-    # FRR
+# Only a subset of stack is arm64 ready
-    BuildFlags: excludebuild:frr-image
+  %ifarch aarch64
-    BuildFlags: excludebuild:frr-k8s
+    BuildFlags: onlybuild:autoconf
-    BuildFlags: excludebuild:frr-k8s-image
+    BuildFlags: onlybuild:baremetal-operator
-    
+    BuildFlags: onlybuild:baremetal-operator-image
-    # Upgrade controller
+    BuildFlags: onlybuild:ca-certificates-suse
-    BuildFlags: excludebuild:release-manifest-image
+    BuildFlags: onlybuild:container-build-checks
-    BuildFlags: excludebuild:upgrade-controller
+    BuildFlags: onlybuild:crudini
-    BuildFlags: excludebuild:upgrade-controller-image 
+    BuildFlags: onlybuild:edge-build-checks
    BuildFlags: onlybuild:edge-image-builder
    BuildFlags: onlybuild:edge-image-builder-image
    BuildFlags: onlybuild:endpoint-copier-operator
    BuildFlags: onlybuild:endpoint-copier-operator-image
    BuildFlags: onlybuild:fakeroot
    BuildFlags: onlybuild:hauler
    BuildFlags: onlybuild:ipcalc
    BuildFlags: onlybuild:ironic-image
    BuildFlags: onlybuild:ironic-ipa-downloader-image
    BuildFlags: onlybuild:ironic-ipa-ramdisk
    BuildFlags: onlybuild:kubectl
    BuildFlags: onlybuild:kubectl-image
    BuildFlags: onlybuild:kube-rbac-proxy
    BuildFlags: onlybuild:kube-rbac-proxy-image
    BuildFlags: onlybuild:metallb
    BuildFlags: onlybuild:metallb-controller-image
    BuildFlags: onlybuild:metallb-speaker-image
    BuildFlags: onlybuild:nm-configurator
    BuildFlags: onlybuild:shim-noarch
  %endif
 %endif
 %if "%_repository" == "images" || "%_repository" == "test_manifest_images"
    Prefer: container:sles15-image
    Type: docker
    Repotype: none
    Patterntype: none
    BuildEngine: podman
-    Prefer: SLES-release
+    Prefer: sles-release
-    BuildFlags: dockerarg:SLE_VERSION=16.0
+    BuildFlags: dockerarg:SLE_VERSION=15.7
    # Publish multi-arch container images only once all archs have been built
    PublishFlags: archsync
@@ -100,6 +121,45 @@ BuildFlags: onlybuild:release-manifest-image
 %endif
 %if "%_repository" == "images_16.0"
    Prefer: container:sles15-image
    Type: docker
    BuildEngine: podman
    Repotype: none
    Patterntype: none
    BuildFlags: dockerarg:SLE_VERSION=16.0
    BuildFlags: onlybuild:kiwi-builder-image
    Substitute: system-packages:podman podman buildah createrepo_c release-compare skopeo umoci
    # Publish multi-arch container images only once all archs have been built
    PublishFlags: archsync
    # Exclude the images selected by the aarch64 section
    %ifarch aarch64
      BuildFlags: excludebuild:baremetal-operator-image
      BuildFlags: excludebuild:edge-image-builder-image
      BuildFlags: excludebuild:endpoint-copier-operator-image
      BuildFlags: excludebuild:ironic-image
      BuildFlags: excludebuild:ironic-ipa-downloader-image
      BuildFlags: excludebuild:kubectl-image
      BuildFlags: excludebuild:kube-rbac-proxy-image
      BuildFlags: excludebuild:metallb-controller-image
      BuildFlags: excludebuild:metallb-speaker-image
    %endif
 %else
    %if "%{sub %{reverse %_project} 1 7}" != "%{reverse :ToTest}" && "%{sub %{reverse %_project} 1 9}" != "%{reverse :Snapshot}"
      BuildFlags: excludebuild:kiwi-builder-image
    %else
      %ifarch aarch64
        BuildFlags: onlybuild:kiwi-builder-image
      %endif
    %endif
 %endif
 %if "%_repository" == "charts" || "%_repository" == "phantomcharts" || "%_repository" == "releasecharts"
    Type: helm
    Repotype: helm
@@ -116,16 +176,12 @@ BuildFlags: onlybuild:release-manifest-image
    # ironic-ipa-ramdisk are noarch packages that need to be availble to both archs
    ExportFilter: ^ironic-ipa-ramdisk-.*\.noarch\.rpm$ aarch64 x86_64
    ExportFilter: ^grub2-.*-efi-.*\.noarch\.rpm$ aarch64 x86_64
 %endif
 %if "%_repository" != "standard"
    BuildFlags: excludebuild:grub-aggregate 
 %endif
 # Enable reproducible builds
 # https://en.opensuse.org/openSUSE:Reproducible_Builds\#With_OBS
 Macros:
-%source_date_epoch_from_changelog N
+%source_date_epoch_from_changelog Y
 %clamp_mtime_to_source_date_epoch Y
 %use_source_date_epoch_as_buildtime Y
 %_buildhost reproducible
--- a/16
+++ b/16
@@ -34,15 +34,20 @@
    <arch>x86_64</arch>
  </repository>
 {%- endif %}
-{%- for repository in ["images", "test_manifest_images"] %}
+{%- for repository in ["images", "images_16.0", "test_manifest_images"] %}
  <repository name="{{ repository }}">
    {%- if release_project is defined and repository != "test_manifest_images" %}
    <releasetarget project="{{ release_project }}" repository="images" trigger="manual"/>
    {%- endif %}
    <path project="SUSE:Registry" repository="standard"/>
-    <path project="{{ ironic_base }}:Factory" repository="16.0"/>
+    {%- if repository == "images_16.0" %}
-    <path project="SUSE:CA" repository="openSUSE_Tumbleweed"/>
+      <path project="SUSE:CA" repository="16.0"/>
      <path project="SUSE:SLFO:Products:SLES:16.0" repository="standard"/>
      <path project="SUSE:SLFO:Main:Build" repository="standard"/>
    {%- else %}
      <path project="SUSE:CA" repository="SLE_15_SP7"/>
      <path project="{{ project }}" repository="standard"/>
    {%- endif %}
    <arch>x86_64</arch>
    <arch>aarch64</arch>
  </repository>
@@ -51,9 +56,8 @@
    {%- if release_project is defined and not for_release %}
    <releasetarget project="{{ release_project }}" repository="standard" trigger="manual"/>
    {%- endif %}
-    <path project="{{ ironic_base }}:Factory" repository="16.0"/>
+    <path project="{{ ironic_base }}:2025.1" repository="15.7"/>
-    <path project="SUSE:SLFO:Products:SLES:16.0" repository="standard"/>
+    <path project="SUSE:SLE-15-SP7:Update" repository="standard"/>
    <path project="SUSE:SLFO:1.2" repository="standard"/>
    <arch>x86_64</arch>
    <arch>aarch64</arch>
  </repository>
--- a/akri-dashboard-extension-chart/Chart.yaml
+++ b/akri-dashboard-extension-chart/Chart.yaml
@@ -1,5 +1,5 @@
-#!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.4_up1.3.2
+#!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.2_up1.3.1
-#!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.4_up1.3.2-%RELEASE%
+#!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.2_up1.3.1-%RELEASE%
 annotations:
  catalog.cattle.io/certified: rancher
  catalog.cattle.io/namespace: cattle-ui-plugin-system
@@ -12,10 +12,10 @@ annotations:
  catalog.cattle.io/ui-extensions-version: '>= 3.0.2 < 4.0.0'
  catalog.cattle.io/kube-version: '>= v1.26.0-0'
 apiVersion: v2
-appVersion: 1.3.2
+appVersion: 303.0.2+up1.3.1
 description: 'SUSE Edge: Akri extension for Rancher Dashboard'
 name: akri-dashboard-extension
 type: application
-version: "%%CHART_MAJOR%%.0.4+up1.3.2"
+version: "%%CHART_MAJOR%%.0.2+up1.3.1"
 icon: >-
  https://raw.githubusercontent.com/cncf/artwork/main/projects/akri/icon/color/akri-icon-color.svg
--- a/akri-dashboard-extension-chart/templates/cr.yaml
+++ b/akri-dashboard-extension-chart/templates/cr.yaml
@@ -8,7 +8,7 @@ spec:
  plugin:
    name: {{ include "extension-server.fullname" . }}
    version: {{ (semver (default .Chart.AppVersion .Values.plugin.versionOverride)).Original }}
-    endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/akri-dashboard-extension/1.3.2
+    endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/akri-dashboard-extension/303.0.2+up1.3.1
    noCache: {{ .Values.plugin.noCache }}
    noAuth: {{ .Values.plugin.noAuth }}
    metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }}
--- a/1
+++ b/1
--- a/baremetal-operator-image/Dockerfile
+++ b/baremetal-operator-image/Dockerfile
@@ -1,12 +1,12 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%.0
+#!BuildTag: %%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%.1
-#!BuildTag: %%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%.0-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%.1-%RELEASE%
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
 COPY --from=micro / /installroot/
-RUN zypper --installroot /installroot --non-interactive install --no-recommends baremetal-operator python3-watchdog procps iproute2 bind-utils vim shadow; zypper -n clean; rm -rf /var/log/*
+RUN zypper --installroot /installroot --non-interactive install --no-recommends baremetal-operator inotify-tools procps iproute2 bind-utils vim shadow; zypper -n clean; rm -rf /var/log/*
 FROM micro AS final
 # Define labels according to https://en.opensuse.org/Building_derived_containers
--- a/baremetal-operator-image/bmo-run
+++ b/baremetal-operator-image/bmo-run
@@ -3,11 +3,10 @@ export RESTART_CONTAINER_CERTIFICATE_UPDATED=${RESTART_CONTAINER_CERTIFICATE_UPD
 export IRONIC_CACERT_FILE=${IRONIC_CACERT_FILE:-"/opt/metal3/certs/ca/tls.crt"}
 if [[ "${RESTART_CONTAINER_CERTIFICATE_UPDATED}" == "true" ]]; then
-     watchmedo shell-command \
+    # shellcheck disable=SC2034
-            --patterns="$(basename "${IRONIC_CACERT_FILE}")" \
+    inotifywait -m -e delete_self "${IRONIC_CACERT_FILE}" | while read -r file event; do
-            --ignore-directories \
+        kill $(pgrep baremetal-opera)
-            --command='if [[ "${watch_event_type}" == "deleted" ]]; then pkill -TERM baremetal-opera; fi' \
+    done &
            "$(dirname "${IRONIC_CACERT_FILE}")" &
 fi
 exec /usr/bin/baremetal-operator $@
--- a/baremetal-operator/_service
+++ b/baremetal-operator/_service
@@ -2,7 +2,7 @@
 <service name="obs_scm">
    <param name="url">https://github.com/metal3-io/baremetal-operator</param>
    <param name="scm">git</param>
-    <param name="revision">v0.11.2</param>
+    <param name="revision">v0.9.1</param>
    <param name="version">_auto_</param>
    <param name="versionformat">@PARENT_TAG@</param>
    <param name="changesgenerate">enable</param>
--- a/baremetal-operator/baremetal-operator.spec
+++ b/baremetal-operator/baremetal-operator.spec
@@ -17,15 +17,14 @@
 Name:           baremetal-operator
-Version:        0.11.2
+Version:        0.9.1
 Release:        0
 Summary:        Implements a Kubernetes API for managing bare metal hosts
 License:        Apache-2.0
 URL:            https://github.com/metal3-io/baremetal-operator
 Source:         baremetal-operator-%{version}.tar
 Source1:        vendor.tar.gz
-
+BuildRequires:  golang(API) = 1.23
 BuildRequires:  golang(API) = 1.24
 ExcludeArch:    s390
 ExcludeArch:    %{ix86}
--- a/cdi-chart/Chart.yaml
+++ b/cdi-chart/Chart.yaml
@@ -1,9 +1,9 @@
-#!BuildTag: %%CHART_PREFIX%%cdi:%%CHART_MAJOR%%.0.1_up0.6.0
+#!BuildTag: %%CHART_PREFIX%%cdi:%%CHART_MAJOR%%.0.0_up0.5.0
-#!BuildTag: %%CHART_PREFIX%%cdi:%%CHART_MAJOR%%.0.1_up0.6.0-%RELEASE%
+#!BuildTag: %%CHART_PREFIX%%cdi:%%CHART_MAJOR%%.0.0_up0.5.0-%RELEASE%
 apiVersion: v2
-appVersion: 1.62.0
+appVersion: 1.61.0
 description: A Helm chart for Containerized Data Importer (CDI)
 icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/kubevirt/icon/color/kubevirt-icon-color.svg
 name: cdi
 type: application
-version: "%%CHART_MAJOR%%.0.1+up0.6.0"
+version: "%%CHART_MAJOR%%.0.0+up0.5.0"
--- a/cdi-chart/crds/cdi.yaml
+++ b/cdi-chart/crds/cdi.yaml
@@ -109,9 +109,9 @@ spec:
                  description: CDIConfig at CDI level
                  properties:
                    dataVolumeTTLSeconds:
-                      description: |-
+                      description: DataVolumeTTLSeconds is the time in seconds after
-                        DataVolumeTTLSeconds is the time in seconds after DataVolume completion it can be garbage collected. Disabled by default.
+                        DataVolume completion it can be garbage collected. Disabled
-                        Deprecated: Removed in v1.62.
+                        by default.
                      format: int32
                      type: integer
                    featureGates:
@@ -2641,9 +2641,9 @@ spec:
                  description: CDIConfig at CDI level
                  properties:
                    dataVolumeTTLSeconds:
-                      description: |-
+                      description: DataVolumeTTLSeconds is the time in seconds after
-                        DataVolumeTTLSeconds is the time in seconds after DataVolume completion it can be garbage collected. Disabled by default.
+                        DataVolume completion it can be garbage collected. Disabled
-                        Deprecated: Removed in v1.62.
+                        by default.
                      format: int32
                      type: integer
                    featureGates:
--- a/cdi-chart/templates/cdi-operator.yaml
+++ b/cdi-chart/templates/cdi-operator.yaml
@@ -599,8 +599,6 @@ spec:
  strategy: {}
  template:
    metadata:
      annotations:
        openshift.io/required-scc: restricted-v2
      labels:
        cdi.kubevirt.io: cdi-operator
        name: cdi-operator
--- a/cdi-chart/templates/cdi.yaml
+++ b/cdi-chart/templates/cdi.yaml
@@ -19,7 +19,3 @@ spec:
  workload:
  {{- toYaml . | nindent 4 }}
  {{- end }}
  {{- with .Values.cdi.customizeComponents }}
  customizeComponents:
  {{- toYaml . | nindent 4 }}
  {{- end }}
--- a/cdi-chart/values.yaml
+++ b/cdi-chart/values.yaml
@@ -1,12 +1,12 @@
 deployment:
-  version: 1.62.0-150700.9.3.1
+  version: 1.61.0-150600.3.12.1
-  operatorImage: registry.suse.com/suse/sles/15.7/cdi-operator
+  operatorImage: registry.suse.com/suse/sles/15.6/cdi-operator
-  controllerImage: registry.suse.com/suse/sles/15.7/cdi-controller
+  controllerImage: registry.suse.com/suse/sles/15.6/cdi-controller
-  importerImage: registry.suse.com/suse/sles/15.7/cdi-importer
+  importerImage: registry.suse.com/suse/sles/15.6/cdi-importer
-  clonerImage: registry.suse.com/suse/sles/15.7/cdi-cloner
+  clonerImage: registry.suse.com/suse/sles/15.6/cdi-cloner
-  apiserverImage: registry.suse.com/suse/sles/15.7/cdi-apiserver
+  apiserverImage: registry.suse.com/suse/sles/15.6/cdi-apiserver
-  uploadserverImage: registry.suse.com/suse/sles/15.7/cdi-uploadserver
+  uploadserverImage: registry.suse.com/suse/sles/15.6/cdi-uploadserver
-  uploadproxyImage: registry.suse.com/suse/sles/15.7/cdi-uploadproxy
+  uploadproxyImage: registry.suse.com/suse/sles/15.6/cdi-uploadproxy
  pullPolicy: IfNotPresent
  affinity:
    podAffinity:
@@ -30,7 +30,6 @@ cdi:
    featureGates:
      - HonorWaitForFirstConsumer
  imagePullPolicy: "IfNotPresent"
  customizeComponents: {}
  infra:
    nodeSelector:
      kubernetes.io/os: linux
@@ -42,7 +41,7 @@ cdi:
    nodeSelector:
      kubernetes.io/os: linux
-hookImage: registry.rancher.com/rancher/kubectl:v1.33.1
+hookImage: registry.rancher.com/rancher/kubectl:v1.30.10
 hookRestartPolicy: OnFailure
 hookSecurityContext:
  seccompProfile:
--- a/1
+++ b/1
--- a/1
+++ b/1
--- a/2
+++ b/2
--- a/2
+++ b/2
--- a/edge-image-builder-image/Dockerfile
+++ b/edge-image-builder-image/Dockerfile
@@ -1,5 +1,5 @@
-#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.3.1
+#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.2.1
-#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.3.1-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.2.1-%RELEASE%
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-base:$SLE_VERSION
 MAINTAINER SUSE LLC (https://www.suse.com/)
@@ -7,18 +7,18 @@ MAINTAINER SUSE LLC (https://www.suse.com/)
 COPY artifacts.yaml artifacts.yaml
 RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
-RUN zypper --non-interactive install --no-recommends edge-image-builder qemu-x86 qemu-uefi-aarch64 cni-plugins pigz zstd cpio && zypper -n clean && rm -rf /var/log/*
+RUN zypper --non-interactive install --no-recommends edge-image-builder qemu-x86 qemu-uefi-aarch64 cni-plugins; zypper -n clean; rm -rf /var/log/*
 # Define labels according to https://en.opensuse.org/Building_derived_containers
 # labelprefix=com.suse.application.edge-image-builder
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SLE edge-image-builder Container Image"
 LABEL org.opencontainers.image.description="edge-image-builder based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="1.3.1"
+LABEL org.opencontainers.image.version="1.2.1"
 LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:1.3.1-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:1.2.1-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -32,7 +32,8 @@ LABEL com.suse.release-stage="released"
 # and also expects the boot kernel to be a portable executable (PE), not ELF.
 RUN mkdir -p /usr/share/edk2/aarch64 && \
  cp /usr/share/qemu/aavmf-aarch64-code.bin /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw && \
-  cp /usr/share/qemu/aavmf-aarch64-vars.bin /usr/share/edk2/aarch64/vars-template-pflash.raw
+  cp /usr/share/qemu/aavmf-aarch64-vars.bin /usr/share/edk2/aarch64/vars-template-pflash.raw && \
  mv /boot/vmlinux* /boot/backup-vmlinux
 ENTRYPOINT ["/usr/bin/eib"]
--- a/edge-image-builder-image/artifacts.yaml
+++ b/edge-image-builder-image/artifacts.yaml
@@ -1,7 +1,7 @@
 metallb:
  chart: metallb
  repository: "%%CHART_REPO%%/%%CHART_PREFIX%%"
-  version: "%%CHART_MAJOR%%.0.1+up0.15.2"
+  version: "%%CHART_MAJOR%%.0.0+up0.14.9"
 endpoint-copier-operator:
  chart: endpoint-copier-operator
  repository: "%%CHART_REPO%%/%%CHART_PREFIX%%"
@@ -10,10 +10,6 @@ kubernetes:
  k3s:
    selinuxPackage: k3s-selinux-1.6-1.slemicro.noarch
    selinuxRepository: https://rpm.rancher.io/k3s/stable/common/slemicro/noarch
    selinuxRepositoryPriority: 1
    releaseURL: https://github.com/k3s-io/k3s/releases/download/
  rke2:
    selinuxPackage: rke2-selinux
    selinuxRepository: https://rpm.rancher.io/rke2/stable/common/slemicro/noarch
    selinuxRepositoryPriority: 1
    releaseURL: https://github.com/rancher/rke2/releases/download/
--- a/edge-image-builder/_service
+++ b/edge-image-builder/_service
@@ -3,9 +3,9 @@
    <param name="url">https://github.com/suse-edge/edge-image-builder.git</param>
    <param name="scm">git</param>
    <param name="exclude">.git</param>
-    <param name="revision">v1.3.1</param>
+    <param name="revision">v1.2.1</param>
    <!-- Uncomment and set this For Pre-Release Version -->
-    <!-- <param name="version">1.3.1</param> -->
+    <!-- <param name="version">1.2.0~rc1</param> -->
    <!-- Uncomment and this for regular version -->
    <param name="versionformat">@PARENT_TAG@</param>
    <param name="versionrewrite-pattern">v(\d+).(\d+).(\d+)</param>
--- a/edge-image-builder/edge-image-builder.spec
+++ b/edge-image-builder/edge-image-builder.spec
@@ -17,7 +17,7 @@
 Name:           edge-image-builder
-Version:        1.3.1
+Version:        1.2.1
 Release:        0
 Summary:        Edge Image Builder
 License:        Apache-2.0
@@ -52,7 +52,7 @@ Requires: ca-certificates-suse
 Tool for creating and configuring a set of images to automate the deployment of Edge environments
 %prep
-%autosetup -a1 -n edge-image-builder-%{version} -p1
+%autosetup -a1 -n edge-image-builder-%{version}
 %build
 tar -xf %{SOURCE1}
--- a/1
+++ b/1
--- a/frr-image/Dockerfile
+++ b/frr-image/Dockerfile
@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: MIT
-#!BuildTag: %%IMG_PREFIX%%frr:10.2.1
+#!BuildTag: %%IMG_PREFIX%%frr:8.5.6
-#!BuildTag: %%IMG_PREFIX%%frr:10.2.1-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%frr:8.5.6-%RELEASE%
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
@@ -14,11 +14,11 @@ FROM micro AS final
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="FRR Container Image"
 LABEL org.opencontainers.image.description="frr based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="10.2.1"
+LABEL org.opencontainers.image.version="8.5.6"
 LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%frr:10.2.1-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%frr:8.5.6-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
--- a/frr-k8s/_service
+++ b/frr-k8s/_service
@@ -2,7 +2,7 @@
 <service name="obs_scm">
    <param name="url">https://github.com/metallb/frr-k8s</param>
    <param name="scm">git</param>
-    <param name="revision">v0.0.20</param>
+    <param name="revision">v0.0.16</param>
    <param name="version">_auto_</param>
    <param name="versionformat">@PARENT_TAG@</param>
    <param name="changesgenerate">enable</param>
--- a/frr-k8s/frr-k8s.spec
+++ b/frr-k8s/frr-k8s.spec
@@ -17,14 +17,14 @@
 Name:           frr-k8s
-Version:        0.0.20
+Version:        0.0.16
-Release:        0.0.20
+Release:        0.0.16
 Summary:        A kubernetes based daemonset that exposes a subset of the FRR API in a kubernetes compliant manner.
 License:        Apache-2.0
 URL:            https://github.com/metallb/frr-k8s
 Source:         frr-k8s-%{version}.tar
 Source1:        vendor.tar.gz
-BuildRequires:  golang(API) = 1.24
+BuildRequires:  golang(API) = 1.22
 ExcludeArch:    s390
 ExcludeArch:    %{ix86}
--- a/grub-aggregate/_aggregate
+++ b/grub-aggregate/_aggregate
@@ -1,7 +0,0 @@
 <aggregatelist>
  <aggregate project="SUSE:SLFO:1.2" >
    <binary>grub2-x86_64-efi</binary>
    <binary>grub2-arm64-efi</binary>
    <repository target="standard" source="standard" />
  </aggregate>
 </aggregatelist>
--- a/hauler/_service
+++ b/hauler/_service
@@ -4,7 +4,7 @@
    <param name="versionformat">@PARENT_TAG@</param>
    <param name="scm">git</param>
    <param name="exclude">.get</param>
-    <param name="revision">v1.2.5</param>
+    <param name="revision">v1.2.1</param>
    <param name="versionrewrite-pattern">v(.*)</param>
    <param name="changesgenerate">enable</param>
  </service>
--- a/hauler/hauler.spec
+++ b/hauler/hauler.spec
@@ -18,7 +18,7 @@
 %define project github.com/hauler-dev/hauler
 Name:           hauler
-Version:        1.2.5
+Version:        1.2.1
 Release:        0
 Summary:        Airgap Swiss Army Knife
 License:        Apache-2.0
--- a/ib-sriov-cni-image/Dockerfile
+++ b/ib-sriov-cni-image/Dockerfile
@@ -1,33 +0,0 @@
 # SPDX-License-Identifier: Apache-2.0
 #!BuildTag: %%IMG_PREFIX%%ib-sriov-cni:v%%ib-sriov-cni_version%%
 #!BuildTag: %%IMG_PREFIX%%ib-sriov-cni:v%%ib-sriov-cni_version%%-%RELEASE%
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
 COPY --from=micro / /installroot/
 RUN zypper --installroot /installroot --non-interactive install --no-recommends ib-sriov-cni gawk which; \
    zypper -n clean; \
    rm -rf /var/log/*
 FROM micro AS final
 # Define labels according to https://en.opensuse.org/Building_derived_containers
 # labelprefix=com.suse.application.ib-sriov-cni
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SLE ib-sriov-cni Container Image"
 LABEL org.opencontainers.image.description="ib-sriov-cni based on the SLE Base Container Image."
 LABEL org.opencontainers.image.version="%%ib-sriov-cni_version%%"
 LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
 LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ib-sriov-cni:%%ib-sriov-cni_version%%-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
 LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
 LABEL com.suse.image-type="application"
 LABEL com.suse.release-stage="released"
 # endlabelprefix
 COPY --from=base /installroot /
 ENTRYPOINT ["/entrypoint.sh"]
--- a/ib-sriov-cni-image/_service
+++ b/ib-sriov-cni-image/_service
@@ -1,19 +0,0 @@
 <services>
  <service name="kiwi_metainfo_helper" mode="buildtime"/>
  <service name="docker_label_helper" mode="buildtime"/>
  <service name="replace_using_package_version" mode="buildtime">
    <param name="file">Dockerfile</param>
    <param name="regex">%%ib-sriov-cni_version%%</param>
    <param name="package">ib-sriov-cni</param>
    <param name="parse-version">patch</param>
  </service>
  <service name="replace_using_env" mode="buildtime">
    <param name="file">Dockerfile</param>
    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
    <param name="var">IMG_PREFIX</param>
    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
    <param name="var">IMG_REPO</param>
    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
    <param name="var">SUPPORT_LEVEL</param>
  </service>
 </services>
--- a/ib-sriov-cni/_service
+++ b/ib-sriov-cni/_service
@@ -1,25 +0,0 @@
 <services>
 <service name="obs_scm">
    <param name="url">https://github.com/k8snetworkplumbingwg/ib-sriov-cni</param>
    <param name="scm">git</param>
    <param name="revision">v1.3.0</param>
    <param name="version">_auto_</param>
    <param name="versionformat">@PARENT_TAG@</param>
    <param name="changesgenerate">enable</param>
    <param name="changesauthor">antonio.alarcon@suse.com</param>
    <param name="match-tag">v*</param>
    <param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
    <param name="without-version">yes</param>
    <param name="versionrewrite-replacement">\1</param>
  </service>
  <service mode="buildtime" name="tar">
    <param name="obsinfo">ib-sriov-cni.obsinfo</param>
  </service>
  <service name="go_modules" />
  <service mode="buildtime" name="set_version" />
  <service name="replace_using_env" mode="buildtime">
    <param name="file">ib-sriov-cni.spec</param>
    <param name="var">SOURCE_COMMIT</param>
    <param name="eval">SOURCE_COMMIT=$(grep commit ib-sriov-cni.obsinfo | cut -d" " -f2)</param>
  </service>
 </services>
--- a/ib-sriov-cni/ib-sriov-cni.spec
+++ b/ib-sriov-cni/ib-sriov-cni.spec
@@ -1,64 +0,0 @@
 #
 # spec file for package ib-sriov-cni
 #
 # Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
 # upon. The license for this file, and modifications and additions to the
 # file, is the same license as for the pristine package itself (unless the
 # license for the pristine package is not an Open Source License, in which
 # case the license is the MIT License). An "Open Source License" is a
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 # Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 Name:           ib-sriov-cni
 Version:        0
 Release:        0
 Summary:        Implements a Kubernetes CNI plugin operator for Infiniband SRIOV VFs
 License:        Apache-2.0
 URL:            https://github.com/k8snetworkplumbingwg/ib-sriov-cni
 Source:         %{name}-%{version}.tar
 Source1:        vendor.tar.gz
 BuildRequires:  golang(API) = 1.24
 ExcludeArch:    s390
 ExcludeArch:    %{ix86}
 %description
 Network Interface Cards (NICs) with SR-IOV capabilities are managed through physical functions (PFs) and virtual functions (VFs).
 A PF is used by the host and usually represents a single NIC port. VF configurations are applied through the PF.
 The SR-IOV CNI allows each VF to be treated as a separate network interface, assigned to a container, and configured with its own
 MAC, VLAN, IP and more.
 Infiniband SR-IOV CNI plugin works with Infiniband SR-IOV device plugin for VF allocation in Kubernetes. A CNI metaplugin such as Multus
 gets the allocated VF's deviceID(PCI address) and is responsible for invoking the Infiniband SR-IOV CNI plugin with that deviceID.
 %prep
 %autosetup -a1 -n %{name}-%{version} -p1
 %build
 # CGO is disabled by default in upstream Makefile:
 %define cgoenabled "0"
 # go build constrain (aka tag) "no_openssl" is set by default in upstream Makefile
 %define gotags "no_openssl"
 %define buildtime %(date +%%Y-%%m-%%dT%%H:%%M:%%S%%z)
 %define buildcommit %%SOURCE_COMMIT%%
 %define buildldflags "-X main.version=%{version} -X main.commit=%{buildcommit}% -X main.date=%{buildtime}%"
 CGO_ENABLED=%{cgoenabled} go build -mod=vendor -buildmode=pie -tags %{gotags} -ldflags %{buildldflags} -o ib-sriov cmd/ib-sriov-cni/main.go
 %install
 install -D -m0755 ib-sriov %{buildroot}%{_bindir}/ib-sriov
 install -D -m0755 images/entrypoint.sh %{buildroot}/entrypoint.sh
 %files
 %license LICENSE
 %doc README.md
 %{_bindir}/ib-sriov
 /entrypoint.sh
 %changelog
--- a/1
+++ b/1
--- a/ironic-image/Dockerfile
+++ b/ironic-image/Dockerfile
@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%ironic:32.0.0.0
+#!BuildTag: %%IMG_PREFIX%%ironic:29.0.4.1
-#!BuildTag: %%IMG_PREFIX%%ironic:32.0.0.0-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%ironic:29.0.4.1-%RELEASE%
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
@@ -17,19 +17,13 @@ RUN /bin/prepare-efi.sh
 COPY --from=micro / /installroot/
 RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
 RUN zypper --installroot /installroot --non-interactive install --no-recommends \
    python3-devel python3 python3-pip \
    python313-sushy \
    python3-watchdog python313-ironicclient \
    git curl sles-release tar gzip vim gawk \
    dnsmasq dosfstools apache2 ipcalc ipmitool iproute2 \
    bind-utils procps qemu-tools sqlite3 util-linux xorriso \
    tftp ipxe-bootimgs crudini \
    openstack-ironic
 #!ArchExclusiveLine: x86_64
 RUN if [ "$(uname -m)" = "x86_64" ];then \
-      zypper --installroot /installroot --non-interactive install --no-recommends syslinux  ; \
+      zypper --installroot /installroot --non-interactive install --no-recommends syslinux python311-devel python311 python311-pip python311-sushy-oem-idrac python311-proliantutils python311-sushy python311-pyinotify python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi ipcalc ipmitool iproute2 bind-utils procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic; \
    fi
 #!ArchExclusiveLine: aarch64
 RUN if [ "$(uname -m)" = "aarch64" ];then \
      zypper --installroot /installroot --non-interactive install --no-recommends python311-devel python311 python311-pip python311-sushy-oem-idrac python311-proliantutils python311-sushy python311-pyinotify python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi ipcalc ipmitool iproute2 bind-utils procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic; \
    fi
 # DATABASE
@@ -47,8 +41,8 @@ LABEL org.opencontainers.image.description="Openstack Ironic based on the SLE Ba
 LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opencontainers.image.version="29.0.4.4"
+LABEL org.opencontainers.image.version="29.0.4.1"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:29.0.4.4-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:29.0.4.1-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -59,8 +53,8 @@ LABEL com.suse.release-stage="released"
 COPY --from=base /installroot /
-RUN set -euo pipefail; ln -s /usr/bin/python3.13 /usr/local/bin/python3; \
+RUN set -euo pipefail; ln -s /usr/bin/python3.11 /usr/local/bin/python3; \
-    ln -s /usr/bin/pydoc3.13 /usr/local/bin/pydoc
+    ln -s /usr/bin/pydoc3.11 /usr/local/bin/pydoc
 ENV GRUB_DIR=/tftpboot/boot/grub
@@ -81,7 +75,7 @@ RUN cp /bin/ironic-readiness /bin/ironic-liveness
 COPY ironic-config/inspector.ipxe.j2 ironic-config/httpd-ironic-api.conf.j2 \
     ironic-config/ipxe_config.template ironic-config/dnsmasq.conf.j2 \
-     /templates/
+     /tmp/
 # IRONIC #
 RUN cp /usr/share/ipxe/undionly.kpxe /tftpboot/undionly.kpxe
@@ -94,7 +88,8 @@ RUN if [ "$(uname -m)" = "aarch64" ]; then\
      cp /usr/share/ipxe/snp-arm64.efi /tftpboot/ipxe.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp-arm64.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp.efi ;\
    fi
-COPY --from=base /tmp/uefi_esp_*.img /templates/
+COPY --from=base /tmp/esp-x86_64.img /tmp/uefi_esp-x86_64.img
 COPY --from=base /tmp/esp-aarch64.img /tmp/uefi_esp-arm64.img
 COPY ironic-config/ironic.conf.j2 ironic-config/network-data-schema-empty.json /etc/ironic/
@@ -105,8 +100,8 @@ RUN rm /etc/ironic/ironic.conf.d/010-ironic.conf
 # Custom httpd config, removes all but the bare minimum needed modules
 COPY ironic-config/httpd.conf.j2 /etc/httpd/conf/
 COPY ironic-config/httpd-modules.conf /etc/httpd/conf.modules.d/
-COPY ironic-config/apache2-vmedia.conf.j2 /templates/httpd-vmedia.conf.j2
+COPY ironic-config/apache2-vmedia.conf.j2 /tmp/httpd-vmedia.conf.j2
-COPY ironic-config/apache2-ipxe.conf.j2 /templates/httpd-ipxe.conf.j2
+COPY ironic-config/apache2-ipxe.conf.j2 /tmp/httpd-ipxe.conf.j2
 # configure non-root user and set relevant permissions
 RUN configure-nonroot.sh && rm -f /bin/configure-nonroot.sh
--- a/ironic-image/ironic-config/apache2-ipxe.conf.j2
+++ b/ironic-image/ironic-config/apache2-ipxe.conf.j2
@@ -11,17 +11,26 @@ Listen [::]:{{ env.IPXE_TLS_PORT }}
    SSLCertificateFile {{ env.IPXE_CERT_FILE }}
    SSLCertificateKeyFile {{ env.IPXE_KEY_FILE }}
    DocumentRoot "/shared/html"
    <Directory "/shared/html">
-        Options Indexes FollowSymLinks
+        Order Allow,Deny
-        Require all granted
+        Allow from all
    </Directory>
-    <Directory ~ "/shared/html/(redfish|ilo|images)/">
+    <Directory "/shared/html/(redfish|ilo|images)/">
-        Require all denied
+        Order Deny,Allow
        Deny from all
    </Directory>
    <Location ~ "^/.*">
        SSLRequireSSL
    </Location>
 </VirtualHost>
 <Location ~ "^/grub.*/">
    SSLRequireSSL
 </Location>
 <Location ~ "^/pxelinux.cfg/">
    SSLRequireSSL
 </Location>
 <Location ~ "^/.*\.conf/">
    SSLRequireSSL
 </Location>
 <Location ~ "^/(([0-9]|[a-z]).*-){4}([0-9]|[a-z]).*/">
    SSLRequireSSL
 </Location>
--- a/ironic-image/ironic-config/apache2-vmedia.conf.j2
+++ b/ironic-image/ironic-config/apache2-vmedia.conf.j2
@@ -11,29 +11,18 @@ Listen [::]:{{ env.VMEDIA_TLS_PORT }}
    SSLCertificateFile {{ env.IRONIC_VMEDIA_CERT_FILE }}
    SSLCertificateKeyFile {{ env.IRONIC_VMEDIA_KEY_FILE }}
-    {% if "IRONIC_VMEDIA_TLS_12_CIPHERS" in env and env.IRONIC_VMEDIA_TLS_12_CIPHERS %}
+    <Directory "/shared/html/">
-    SSLCipherSuite {{ env.IRONIC_VMEDIA_TLS_12_CIPHERS }}
+        Options Indexes FollowSymLinks
-    {% endif %}
+        AllowOverride None
-    {% if "IRONIC_VMEDIA_TLS_13_CIPHERS" in env and env.IRONIC_VMEDIA_TLS_13_CIPHERS %}
+        Require all granted
-    SSLCipherSuite TLSv1.3 {{ env.IRONIC_VMEDIA_TLS_13_CIPHERS }}
+    </Directory>
-    {% endif %}
+    <Directory ~ "/shared/html/(redfish|ilo)/">
-    {% if "IRONIC_VMEDIA_CURVES" in env and env.IRONIC_VMEDIA_CURVES %}
+        Options Indexes FollowSymLinks
-    SSLOpenSSLConfCmd Curves {{ env.IRONIC_VMEDIA_CURVES }}
+        AllowOverride None
    {% endif %}
    {% if env.IRONIC_VMEDIA_TLS_ENFORCE_SERVER_CIPHER_ORDER | lower == "true" %}
    SSLHonorCipherOrder on
    {% endif %}
    <Directory ~ "/shared/html">
        Require all denied
    </Directory>
    <Directory ~ "/shared/html/(redfish|ilo)/">
        Require all granted
    </Directory>
    <Location ~ "^/.*">
        SSLRequireSSL
    </Location>
 </VirtualHost>
 <Location ~ "^/(redfish|ilo)/">
    SSLRequireSSL
 </Location>
--- a/ironic-image/ironic-config/dnsmasq.conf.j2
+++ b/ironic-image/ironic-config/dnsmasq.conf.j2
@@ -11,8 +11,14 @@ port={{ env.DNS_PORT }}
 {%- if env.DHCP_RANGE | length %}
 log-dhcp
 dhcp-range={{ env.DHCP_RANGE }}
 {% endif %}
 # It can be used when setting DNS or GW variables.
 {%- if env["GATEWAY_IP"] is undefined %}
 # Disable default router(s)
 dhcp-option=3
 {% else %}
 dhcp-option=option{% if ":" in env["GATEWAY_IP"] %}6{% endif %}:router,{{ env["GATEWAY_IP"] }}
 {% endif %}
 {%- if env["DNS_IP"] is undefined %}
 # Disable DNS over provisioning network
 dhcp-option=6
@@ -20,31 +26,31 @@ dhcp-option=6
 dhcp-option=option{% if ":" in env["DNS_IP"] %}6{% endif %}:dns-server,{{ env["DNS_IP"] }}
 {% endif %}
 {# Network boot options for IPv4 and IPv6 #}
 {%- if env.IPV == "4" or env.IPV is undefined %}
 # IPv4 Configuration:
 dhcp-match=ipxe,175
-
+# Client is already running iPXE; move to next stage of chainloading
-{# Set the router or disable it. Setting router is IPv4 specific, in v6 there #}
+{%- if env.IPXE_TLS_SETUP == "true"  %}
-{# are router advertisements that do the same thing. #}
+# iPXE with (U)EFI
-{%- if env["GATEWAY_IP"] is undefined %}
+dhcp-boot=tag:efi,tag:ipxe,{{ env.IRONIC_HTTP_URL }}/custom-ipxe/snponly.efi
-# Disable default router(s)
+# iPXE with BIOS
-dhcp-option=3
+dhcp-boot=tag:ipxe,{{ env.IRONIC_HTTP_URL }}/custom-ipxe/undionly.kpxe
 {% else %}
-dhcp-option=option:router,{{ env["GATEWAY_IP"] }}
+dhcp-boot=tag:ipxe,{{ env.IRONIC_HTTP_URL }}/boot.ipxe
 {% endif %}
 # Note: Need to test EFI booting
 dhcp-match=set:efi,option:client-arch,7
 dhcp-match=set:efi,option:client-arch,9
 dhcp-match=set:efi,option:client-arch,11
-# Client is (i)PXE booting on EFI machine
+# Client is PXE booting over EFI without iPXE ROM; send EFI version of iPXE chainloader do the same also if iPXE ROM boots but TLS is enabled
-dhcp-boot=tag:efi,/snponly.efi,{{ env.IRONIC_IP }}
+{%- if env.IPXE_TLS_SETUP == "true"  %}
-# Client is running (i)PXE on BIOS machine
+dhcp-boot=tag:efi,tag:ipxe,snponly.efi
 dhcp-boot=tag:!efi,/undionly.kpxe,{{ env.IRONIC_IP }}
 {%- if env.IPXE_TLS_SETUP != "true" %}
 dhcp-boot=tag:ipxe,http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/boot.ipxe
 {% endif %}
 dhcp-boot=tag:efi,tag:!ipxe,snponly.efi
 # Client is running PXE over BIOS; send BIOS version of iPXE chainloader
 dhcp-boot=/undionly.kpxe,{{ env.IRONIC_IP }}
 {% endif %}
 {% if env.IPV == "6" %}
@@ -54,12 +60,22 @@ ra-param={{ env.PROVISIONING_INTERFACE }},0,0
 dhcp-vendorclass=set:pxe6,enterprise:343,PXEClient
 dhcp-userclass=set:ipxe6,iPXE
-# Client is (i)PXE booting on EFI machine
+dhcp-option=tag:pxe6,option6:bootfile-url,{{ env.IRONIC_TFTP_URL }}/snponly.efi
 dhcp-option=tag:efi,option6:bootfile-url,{{ env.IRONIC_URL_HOST }}/snponly.efi
 # Client is running (i)PXE on BIOS machine
 dhcp-option=tag:!efi,option6:bootfile-url,{{ env.IRONIC_URL_HOST }}/undionly.kpxe
 {%- if env.IPXE_TLS_SETUP != "true" %}
 dhcp-option=tag:ipxe6,option6:bootfile-url,{{ env.IRONIC_HTTP_URL }}/boot.ipxe
 # It can be used when setting DNS or GW variables.
 {%- if env["GATEWAY_IP"] is undefined %}
 # Disable default router(s)
 dhcp-option=3
 {% else %}
 dhcp-option=3,{{ env["GATEWAY_IP"] }}
 {% endif %}
 {%- if env["DNS_IP"] is undefined %}
 # Disable DNS over provisioning network
 dhcp-option=6
 {% else %}
 dhcp-option=6,{{ env["DNS_IP"] }}
 {% endif %}
 {% endif %}
 {% endif %}
--- a/ironic-image/ironic-config/httpd-ironic-api.conf.j2
+++ b/ironic-image/ironic-config/httpd-ironic-api.conf.j2
@@ -29,20 +29,6 @@ Listen [{{ env.IRONIC_IPV6 }}]:{{ env.IRONIC_LISTEN_PORT }}
 {% endif %}
 {% endif %}
    DocumentRoot "/shared/html"
    <Directory "/shared/html">
        Require all denied
    </Directory>
    <Directory "/shared/html/images">
        Require all granted
    </Directory>
    # Exclude /images from proxying
    ProxyPass        "/images" !
    ProxyPassReverse "/images" !
    {% if env.IRONIC_PRIVATE_PORT == "unix" %}
    ProxyPass "/"  "unix:/shared/ironic.sock|http://127.0.0.1/"
    ProxyPassReverse "/"  "unix:/shared/ironic.sock|http://127.0.0.1/"
@@ -65,7 +51,6 @@ Listen [{{ env.IRONIC_IPV6 }}]:{{ env.IRONIC_LISTEN_PORT }}
    SSLCertificateKeyFile {{ env.IRONIC_KEY_FILE }}
 {% endif %}
    <Location />
         {% if "IRONIC_HTPASSWD" in env and env.IRONIC_HTPASSWD | length %}
            AuthType Basic
@@ -82,9 +67,4 @@ Listen [{{ env.IRONIC_IPV6 }}]:{{ env.IRONIC_LISTEN_PORT }}
    <Location ~ "^/(v1/)?(lookup|heartbeat|continue_inspection)" >
        Require all granted
    </Location>
    <Location ~ "^/images(/.*)?$">
        Require all granted
    </Location>
 </VirtualHost>
--- a/ironic-image/ironic-config/httpd-modules.conf
+++ b/ironic-image/ironic-config/httpd-modules.conf
@@ -8,6 +8,8 @@ LoadModule authz_core_module /usr/lib64/apache2/mod_authz_core.so
 LoadModule ssl_module /usr/lib64/apache2/mod_ssl.so
 LoadModule env_module /usr/lib64/apache2/mod_env.so
 LoadModule proxy_module /usr/lib64/apache2/mod_proxy.so
 LoadModule proxy_ajp_module /usr/lib64/apache2/mod_proxy_ajp.so
 LoadModule proxy_balancer_module /usr/lib64/apache2/mod_proxy_balancer.so
 LoadModule proxy_http_module /usr/lib64/apache2/mod_proxy_http.so
 LoadModule slotmem_shm_module /usr/lib64/apache2/mod_slotmem_shm.so
 LoadModule headers_module /usr/lib64/apache2/mod_headers.so
--- a/ironic-image/ironic-config/httpd.conf.j2
+++ b/ironic-image/ironic-config/httpd.conf.j2
@@ -22,43 +22,18 @@ Group ironic-suse
 DocumentRoot "/shared/html"
 <Directory "/shared/html">
 {%- if env.IPXE_TLS_SETUP | lower == "true" %}
    Options Indexes FollowSymLinks
    Require all denied
 {%- else %}
    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted
 {%- endif %}
 </Directory>
-<Directory ~ "/shared/html/(redfish|ilo)/">
+{%- if env.HTTPD_SERVE_NODE_IMAGES | lower == "true" %}
 {%- if env.IRONIC_VMEDIA_TLS_SETUP | lower == "true" %}
    Require all denied
 {%- else %}
    Require all granted
 {%- endif %}
 </Directory>
 {%- set serve_img = env.HTTPD_SERVE_NODE_IMAGES | lower %}
 {%- set image_tls = env.IRONIC_TLS_SETUP | lower %}
 <Directory "/shared/html/images">
    Options Indexes FollowSymLinks
    AllowOverride None
 {%- if serve_img == "true" and image_tls != "true" %}
    Require all granted
 {%- else %}
    Require all denied
 {%- endif %}
    <FilesMatch "^ironic.*">
 {%- if env.IPXE_TLS_SETUP | lower == "true" %}
        Require all denied
 {%- else %}
        Require all granted
 {%- endif %}
    </FilesMatch>
 </Directory>
-
+{% endif %}
 <IfModule dir_module>
    DirectoryIndex index.html
@@ -95,7 +70,7 @@ AddDefaultCharset UTF-8
    MIMEMagicFile conf/magic
 </IfModule>
-PidFile {{ env.IRONIC_TMP_DATA_DIR }}/httpd.pid
+PidFile /var/tmp/httpd.pid
 # EnableSendfile directive could speed up deployments but it could also cause
 # issues depending on the underlying file system, to learn more:
--- a/ironic-image/ironic-config/ironic.conf.j2
+++ b/ironic-image/ironic-config/ironic.conf.j2
@@ -4,19 +4,19 @@ debug = true
 default_deploy_interface = direct
 default_inspect_interface = agent
 default_network_interface = noop
-enabled_bios_interfaces = no-bios,redfish,idrac-redfish,irmc
+enabled_bios_interfaces = no-bios,redfish,idrac-redfish,irmc,ilo
-enabled_boot_interfaces = ipxe,pxe,fake,redfish-virtual-media,idrac-redfish-virtual-media,redfish-https
+enabled_boot_interfaces = ipxe,ilo-ipxe,pxe,ilo-pxe,fake,redfish-virtual-media,idrac-redfish-virtual-media,ilo-virtual-media,redfish-https
 enabled_deploy_interfaces = direct,fake,ramdisk,custom-agent
 enabled_firmware_interfaces = no-firmware,fake,redfish
 # NOTE(dtantsur): when changing this, make sure to update the driver
 # dependencies in Dockerfile.
-enabled_hardware_types = ipmi,idrac,irmc,fake-hardware,redfish,manual-management
+enabled_hardware_types = ipmi,idrac,irmc,fake-hardware,redfish,manual-management,ilo,ilo5
-enabled_inspect_interfaces = agent,irmc,fake,redfish
+enabled_inspect_interfaces = agent,irmc,fake,redfish,ilo
-enabled_management_interfaces = ipmitool,irmc,fake,redfish,idrac-redfish,noop
+enabled_management_interfaces = ipmitool,irmc,fake,redfish,idrac-redfish,ilo,ilo5,noop
 enabled_network_interfaces = noop
-enabled_power_interfaces = ipmitool,irmc,fake,redfish,idrac-redfish
+enabled_power_interfaces = ipmitool,irmc,fake,redfish,idrac-redfish,ilo
-enabled_raid_interfaces = no-raid,irmc,agent,fake,redfish,idrac-redfish
+enabled_raid_interfaces = no-raid,irmc,agent,fake,redfish,idrac-redfish,ilo5
-enabled_vendor_interfaces = no-vendor,ipmitool,idrac-redfish,redfish,fake
+enabled_vendor_interfaces = no-vendor,ipmitool,idrac-redfish,redfish,ilo,fake
 {% if env.IRONIC_EXPOSE_JSON_RPC | lower == "true" %}
 rpc_transport = json-rpc
 {% else %}
@@ -33,6 +33,7 @@ my_ipv6 = {{ env.IRONIC_IPV6 }}
 {% endif %}
 host = {{ env.IRONIC_CONDUCTOR_HOST }}
 tempdir = {{ env.IRONIC_TMP_DATA_DIR }}
 # If a path to a certificate is defined, use that first for webserver
 {% if env.WEBSERVER_CACERT_FILE %}
@@ -47,10 +48,6 @@ isolinux_bin = /usr/share/syslinux/isolinux.bin
 # the ESP provided in [conductor]bootloader.
 grub_config_path = EFI/BOOT/grub.cfg
 # NOTE(hroyrh): updating the default temp directory to fix device cross links
 # errors when hard linking
 tempdir = /shared/tmp
 [agent]
 deploy_logs_collect = always
 deploy_logs_local_path = /shared/log/ironic/deploy
@@ -89,30 +86,30 @@ network_data_schema = /etc/ironic/network-data-schema-empty.json
 automated_clean = {{ env.IRONIC_AUTOMATED_CLEAN }}
 # NOTE(dtantsur): keep aligned with [pxe]boot_retry_timeout below.
 deploy_callback_timeout = 4800
-bootloader_by_arch = {{ env.BOOTLOADER_BY_ARCH }}
+send_sensor_data = {{ env.SEND_SENSOR_DATA }}
 # NOTE(TheJulia): Do not lower this value below 120 seconds.
 # Power state is checked every 60 seconds and BMC activity should
 # be avoided more often than once every sixty seconds.
 send_sensor_data_interval = 160
 {% if env.VMEDIA_TLS_PORT %}
 bootloader = {{ env.IRONIC_HTTPS_VMEDIA_URL }}/uefi_esp-{{ env.DEPLOY_ARCHITECTURE }}.img
 {% else %}
 bootloader = {{ env.IRONIC_HTTP_URL }}/uefi_esp-{{ env.DEPLOY_ARCHITECTURE }}.img
 {% endif %}
 verify_step_priority_override = management.clear_job_queue:90
 # We don't use this feature, and it creates an additional load on the database
 node_history = False
 # Provide for a timeout longer than 60 seconds for certain vendor's hardware
 power_state_change_timeout = 120
-{% if env.DEPLOY_KERNEL_URL is defined %}
+{% if env.IRONIC_DEFAULT_KERNEL is defined %}
-deploy_kernel = {{ env.DEPLOY_KERNEL_URL }}
+deploy_kernel = file://{{ env.IRONIC_DEFAULT_KERNEL }}
 {% endif %}
-{% if env.DEPLOY_KERNEL_BY_ARCH is defined %}
+{% if env.IRONIC_DEFAULT_RAMDISK is defined %}
-deploy_kernel_by_arch = {{ env.DEPLOY_KERNEL_BY_ARCH }}
+deploy_ramdisk = file://{{ env.IRONIC_DEFAULT_RAMDISK }}
 {% endif %}
 {% if env.DEPLOY_RAMDISK_URL is defined %}
 deploy_ramdisk = {{ env.DEPLOY_RAMDISK_URL }}
 {% endif %}
 {% if env.DEPLOY_RAMDISK_BY_ARCH is defined %}
 deploy_ramdisk_by_arch = {{ env.DEPLOY_RAMDISK_BY_ARCH }}
 {% endif %}
 {% if env.DISABLE_DEEP_IMAGE_INSPECTION | lower == "true" %}
 disable_deep_image_inspection = True
 {% endif %}
 # Allowed path for file:// links: ipa-downloader uses /shared/html/images,
 # while the bootloader configuration above refers to /templates.
 file_url_allowed_paths = /shared/html/images,/templates
 [database]
 {% if env.IRONIC_USE_MARIADB | lower == "true" %}
@@ -132,7 +129,6 @@ erase_devices_priority = 0
 http_root = /shared/html/
 http_url = {% if env.VMEDIA_TLS_PORT %}{{ env.IRONIC_HTTPS_VMEDIA_URL }}{% else %}{{ env.IRONIC_HTTP_URL }}{% endif %}
 fast_track = {{ env.IRONIC_FAST_TRACK }}
 iso_master_path = /shared/html/master_iso_images
 {% if env.IRONIC_BOOT_ISO_SOURCE %}
 ramdisk_image_download_source = {{ env.IRONIC_BOOT_ISO_SOURCE }}
 {% endif %}
@@ -196,7 +192,6 @@ cipher_suite_versions = 3,17
 auth_strategy = http_basic
 http_basic_auth_user_file = {{ env.IRONIC_RPC_HTPASSWD_FILE }}
 host_ip = {{ env.IRONIC_HOST_IP }}
 port = {{ env.IRONIC_JSON_RPC_PORT }}
 {% if env.IRONIC_TLS_SETUP == "true" %}
 use_ssl = true
 cafile = {{ env.IRONIC_CACERT_FILE }}
@@ -207,26 +202,6 @@ insecure = {{ env.IRONIC_INSECURE }}
 [nova]
 send_power_notifications = false
 # Sections (oslo_messaging_notifications, sensor_data, metrics) required for sensor data collection using ironic-prometheus-exporter (IPE):
 {% if env.SEND_SENSOR_DATA | lower == "true" %}
 [oslo_messaging_notifications]
 driver = prometheus_exporter
 location = /shared/ironic_prometheus_exporter
 transport_url = fake://
 [sensor_data]
 send_sensor_data = {{ env.SEND_SENSOR_DATA }}
 # NOTE(TheJulia): Do not lower this value below 120 seconds.
 # Power state is checked every 60 seconds and BMC activity should
 # be avoided more often than once every sixty seconds.
 interval = 160
 # Additional sensor_data options can be configured via OS_ environment variables:
 # https://docs.openstack.org/ironic/latest/configuration/config.html#sensor-data
 [metrics]
 backend = collector
 {% endif %}
 [pxe]
 # NOTE(dtantsur): keep this value at least 3x lower than
 # [conductor]deploy_callback_timeout so that at least some retries happen.
@@ -236,7 +211,7 @@ images_path = /shared/html/tmp
 instance_master_path = /shared/html/master_images
 tftp_master_path = /shared/tftpboot/master_images
 tftp_root = /shared/tftpboot
-kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.ENABLE_FIPS_IPA %}fips={{ env.ENABLE_FIPS_IPA|trim }}{% endif %} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes net.ifnames={{ '0' if env.PREDICTABLE_NIC_NAMES == 'false' else '1' }}
+kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.ENABLE_FIPS_IPA %}fips={{ env.ENABLE_FIPS_IPA|trim }}{% endif %} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes
 # This makes networking boot templates generated even for nodes using local
 # boot (the default), ensuring that they boot correctly even if they start
 # netbooting for some reason (e.g. with the noop management interface).
@@ -244,22 +219,19 @@ enable_netboot_fallback = true
 # Enable the fallback path to in-band inspection
 ipxe_fallback_script = inspector.ipxe
 {% if env.IPXE_TLS_SETUP | lower == "true" %}
-ipxe_config_template = /templates/ipxe_config.template
+ipxe_config_template = /tmp/ipxe_config.template
 {% endif %}
 [redfish]
 use_swift = false
-kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.ENABLE_FIPS_IPA %}fips={{ env.ENABLE_FIPS_IPA|trim }}{% endif %} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes net.ifnames={{ '0' if env.PREDICTABLE_NIC_NAMES == 'false' else '1' }}
+kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.ENABLE_FIPS_IPA %}fips={{ env.ENABLE_FIPS_IPA|trim }}{% endif %} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes
-{% if env.BMC_TLS_ENABLED == "true" %}
+
-# idrac uses the same options as the redfish driver
+[ilo]
-verify_ca = {{ env.BMC_CACERT_FILE }}
+kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.ENABLE_FIPS_IPA %}fips={{ env.ENABLE_FIPS_IPA|trim }}{% endif %} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes
-{% endif %}
+use_web_server_for_images = true
 [irmc]
-kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.ENABLE_FIPS_IPA %}fips={{ env.ENABLE_FIPS_IPA|trim }}{% endif %} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes net.ifnames={{ '0' if env.PREDICTABLE_NIC_NAMES == 'false' else '1' }}
+kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.ENABLE_FIPS_IPA %}fips={{ env.ENABLE_FIPS_IPA|trim }}{% endif %} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes
 {% if env.BMC_TLS_ENABLED == "true" %}
 verify_ca = {{ env.BMC_CACERT_FILE }}
 {% endif %}
 [service_catalog]
 endpoint_override = {{ env.IRONIC_BASE_URL }}
@@ -269,8 +241,3 @@ endpoint_override = {{ env.IRONIC_BASE_URL }}
 cert_file = {{ env.IRONIC_CERT_FILE }}
 key_file = {{ env.IRONIC_KEY_FILE }}
 {% endif %}
 [oci]
 {% if env.IRONIC_OCI_AUTH_CONFIG is defined %}
 authentication_config = {{ env.IRONIC_OCI_AUTH_CONFIG }}
 {% endif %}
--- a/ironic-image/prepare-efi.sh
+++ b/ironic-image/prepare-efi.sh
@@ -9,7 +9,7 @@ declare -A efi_arch=(
 for arch in "${!efi_arch[@]}"; do
-  DEST=/tmp/uefi_esp_${arch}.img
+  DEST=/tmp/esp-${arch}.img
  dd bs=1024 count=6400 if=/dev/zero of=$DEST
  mkfs.msdos -F 12 -n 'ESP_IMAGE' $DEST
--- a/ironic-image/scripts/auth-common.sh
+++ b/ironic-image/scripts/auth-common.sh
@@ -40,10 +40,6 @@ fi
 IRONIC_CONFIG="${IRONIC_CONF_DIR}/ironic.conf"
 if [[ -z "${IRONIC_OCI_AUTH_CONFIG:-}" ]] && [[ -f "/auth/oci.json" ]]; then
    export IRONIC_OCI_AUTH_CONFIG="/auth/oci.json"
 fi
 configure_json_rpc_auth()
 {
    if [[ "${IRONIC_EXPOSE_JSON_RPC}" != "true" ]]; then
--- a/ironic-image/scripts/configure-ironic.sh
+++ b/ironic-image/scripts/configure-ironic.sh
@@ -18,6 +18,8 @@ export IRONIC_ENABLE_VLAN_INTERFACES=${IRONIC_ENABLE_VLAN_INTERFACES:-${IRONIC_I
 # shellcheck disable=SC1091
 . /bin/auth-common.sh
 export HTTP_PORT=${HTTP_PORT:-80}
 if [[ "${IRONIC_USE_MARIADB}" == true ]]; then
    if [[ -z "${MARIADB_PASSWORD:-}" ]]; then
        echo "FATAL: IRONIC_USE_MARIADB requires password, mount a secret under /auth/mariadb"
@@ -74,41 +76,10 @@ if [[ -n "$IRONIC_EXTERNAL_IP" ]]; then
    fi
 fi
-IMAGE_CACHE_PREFIX="/shared/html/images/ironic-python-agent"
+IMAGE_CACHE_PREFIX="/shared/html/images/ironic-python-agent-${DEPLOY_ARCHITECTURE}"
-if [[ -z "${DEPLOY_KERNEL_URL:-}" ]] && [[ -z "${DEPLOY_RAMDISK_URL:-}" ]] && \
+if [[ -f "${IMAGE_CACHE_PREFIX}.kernel" ]] && [[ -f "${IMAGE_CACHE_PREFIX}.initramfs" ]]; then
-       [[ -f "${IMAGE_CACHE_PREFIX}.kernel" ]] && [[ -f "${IMAGE_CACHE_PREFIX}.initramfs" ]]; then
+    export IRONIC_DEFAULT_KERNEL="${IMAGE_CACHE_PREFIX}.kernel"
-    export DEPLOY_KERNEL_URL="file://${IMAGE_CACHE_PREFIX}.kernel"
+    export IRONIC_DEFAULT_RAMDISK="${IMAGE_CACHE_PREFIX}.initramfs"
    export DEPLOY_RAMDISK_URL="file://${IMAGE_CACHE_PREFIX}.initramfs"
 fi
 declare -A detected_arch
 for var_arch in "${!DEPLOY_KERNEL_URL_@}"; do
    IPA_ARCH="${var_arch#DEPLOY_KERNEL_URL}"
    detected_arch["${IPA_ARCH,,}"]=1
 done
 for file_arch in "${IMAGE_CACHE_PREFIX}"_*.kernel; do
    if [[ -f "${file_arch}" ]]; then
        IPA_ARCH="$(basename "${file_arch#"${IMAGE_CACHE_PREFIX}"_}" .kernel)"
        detected_arch["${IPA_ARCH}"]=1
    fi
 done
 DEPLOY_KERNEL_BY_ARCH=""
 DEPLOY_RAMDISK_BY_ARCH=""
 for IPA_ARCH in "${!detected_arch[@]}"; do
    kernel_var="DEPLOY_KERNEL_URL_${IPA_ARCH^^}"
    ramdisk_var="DEPLOY_RAMDISK_URL_${IPA_ARCH^^}"
    if [[ -z "${!kernel_var:-}" ]] && [[ -z "${!ramdisk_var:-}" ]] && \
        [[ -f "${IMAGE_CACHE_PREFIX}_${IPA_ARCH}.kernel" ]] && [[ -f "${IMAGE_CACHE_PREFIX}_${IPA_ARCH}.initramfs" ]]; then
      export "${kernel_var}"="file://${IMAGE_CACHE_PREFIX}_${IPA_ARCH}.kernel"
      export "${ramdisk_var}"="file://${IMAGE_CACHE_PREFIX}_${IPA_ARCH}.initramfs"
    fi
    DEPLOY_KERNEL_BY_ARCH+="${!kernel_var:+${IPA_ARCH}:${!kernel_var},}"
    DEPLOY_RAMDISK_BY_ARCH+="${!ramdisk_var:+${IPA_ARCH}:${!ramdisk_var},}"
 done
 if [[ -n "${DEPLOY_KERNEL_BY_ARCH}" ]] && [[ -n "${DEPLOY_RAMDISK_BY_ARCH}" ]]; then
    export DEPLOY_KERNEL_BY_ARCH="${DEPLOY_KERNEL_BY_ARCH%?}"
    export DEPLOY_RAMDISK_BY_ARCH="${DEPLOY_RAMDISK_BY_ARCH%?}"
 fi
 if [[ -f "${IRONIC_CONF_DIR}/ironic.conf" ]]; then
@@ -116,20 +87,11 @@ if [[ -f "${IRONIC_CONF_DIR}/ironic.conf" ]]; then
    cp "${IRONIC_CONF_DIR}/ironic.conf" "${IRONIC_CONF_DIR}/ironic.conf.orig"
 fi
 BOOTLOADER_BY_ARCH=""
 for bootloader in /templates/uefi_esp_*.img; do
    BOOTLOADER_ARCH="$(basename "${bootloader#/templates/uefi_esp_}" .img)"
    BOOTLOADER_BY_ARCH+="${BOOTLOADER_ARCH}:file://${bootloader},"
 done
 export BOOTLOADER_BY_ARCH="${BOOTLOADER_BY_ARCH%?}"
 # oslo.config also supports Config Opts From Environment, log them to stdout
 echo 'Options set from Environment variables'
 env | grep "^OS_" || true
 mkdir -p /shared/html
 mkdir -p /shared/tmp
 mkdir -p /shared/ironic_prometheus_exporter
 if [[ -f /proc/sys/crypto/fips_enabled ]]; then
    ENABLE_FIPS_IPA=$(cat /proc/sys/crypto/fips_enabled)
--- a/ironic-image/scripts/ironic-common.sh
+++ b/ironic-image/scripts/ironic-common.sh
@@ -25,11 +25,6 @@ export IRONIC_GEN_CERT_DIR="${CUSTOM_DATA_DIR}/auto_gen_certs"
 export IRONIC_TMP_DATA_DIR="${CUSTOM_DATA_DIR}/tmp"
 export PROBE_CONF_DIR="${CUSTOM_CONFIG_DIR}/probes"
 export HTTP_PORT=${HTTP_PORT:-80}
 # NOTE(elfosardo): the default port for json_rpc in ironic is 8089, but
 # we need to use a different port to avoid conflicts with other services
 export IRONIC_JSON_RPC_PORT=${IRONIC_JSON_RPC_PORT:-6189}
 mkdir -p "${IRONIC_CONF_DIR}" "${PROBE_CONF_DIR}" "${HTTPD_CONF_DIR}" \
    "${HTTPD_CONF_DIR_D}" "${DNSMASQ_CONF_DIR}" "${DNSMASQ_TEMP_DIR}" \
    "${IRONIC_DB_DIR}" "${IRONIC_GEN_CERT_DIR}" "${DNSMASQ_DATA_DIR}" \
@@ -267,7 +262,7 @@ wait_for_interface_or_ip()
 render_j2_config()
 {
-    python3.13 -c 'import os; import sys; import jinja2; sys.stdout.write(jinja2.Template(sys.stdin.read()).render(env=os.environ))' < "$1" > "$2"
+    python3.11 -c 'import os; import sys; import jinja2; sys.stdout.write(jinja2.Template(sys.stdin.read()).render(env=os.environ))' < "$1" > "$2"
 }
 run_ironic_dbsync()
--- a/ironic-image/scripts/rundnsmasq
+++ b/ironic-image/scripts/rundnsmasq
@@ -7,6 +7,7 @@ set -eux
 # shellcheck disable=SC1091
 . /bin/tls-common.sh
 export HTTP_PORT=${HTTP_PORT:-80}
 DNSMASQ_EXCEPT_INTERFACE=${DNSMASQ_EXCEPT_INTERFACE:-lo}
 export DNS_PORT=${DNS_PORT:-0}
@@ -35,7 +36,7 @@ fi
 # Template and write dnsmasq.conf
 # we template via /tmp as sed otherwise creates temp files in /etc directory
 # where we can't write
-python3.13 -c 'import os; import sys; import jinja2; sys.stdout.write(jinja2.Template(sys.stdin.read()).render(env=os.environ))' <"/templates/dnsmasq.conf.j2" >"${DNSMASQ_TEMP_DIR}/dnsmasq_temp.conf"
+python3.11 -c 'import os; import sys; import jinja2; sys.stdout.write(jinja2.Template(sys.stdin.read()).render(env=os.environ))' <"/tmp/dnsmasq.conf.j2" >"${DNSMASQ_TEMP_DIR}/dnsmasq_temp.conf"
 for iface in $(echo "$DNSMASQ_EXCEPT_INTERFACE" | tr ',' ' '); do
    sed -i -e "/^interface=.*/ a\except-interface=${iface}" "${DNSMASQ_TEMP_DIR}/dnsmasq_temp.conf"
--- a/ironic-image/scripts/runhttpd
+++ b/ironic-image/scripts/runhttpd
@@ -5,6 +5,7 @@
 . /bin/ironic-common.sh
 . /bin/auth-common.sh
 export HTTP_PORT=${HTTP_PORT:-80}
 export VMEDIA_TLS_PORT=${VMEDIA_TLS_PORT:-8083}
 export IRONIC_REVERSE_PROXY_SETUP=${IRONIC_REVERSE_PROXY_SETUP:-false}
@@ -35,7 +36,8 @@ fi
 export INSPECTOR_EXTRA_ARGS
 # Copy files to shared mount
-render_j2_config /templates/inspector.ipxe.j2 /shared/html/inspector.ipxe
+render_j2_config /tmp/inspector.ipxe.j2 /shared/html/inspector.ipxe
 cp /tmp/uefi_esp*.img /shared/html/
 # cp -r /etc/httpd/* "${HTTPD_DIR}"
 if [[ -f "${HTTPD_CONF_DIR}/httpd.conf" ]]; then
    mv "${HTTPD_CONF_DIR}/httpd.conf" "${HTTPD_CONF_DIR}/httpd.conf.example"
@@ -47,7 +49,7 @@ render_j2_config "/etc/httpd/conf/httpd.conf.j2" \
 if [[ "$IRONIC_TLS_SETUP" == "true" ]]; then
    if [[ "${IRONIC_REVERSE_PROXY_SETUP}" == "true" ]]; then
-        render_j2_config "/templates/httpd-ironic-api.conf.j2" \
+        render_j2_config "/tmp/httpd-ironic-api.conf.j2" \
            "${HTTPD_CONF_DIR_D}/ironic.conf"
    fi
 else
@@ -58,7 +60,7 @@ write_htpasswd_files
 # Render httpd TLS configuration for /shared/html/<redifsh;ilo>
 if [[ "$IRONIC_VMEDIA_TLS_SETUP" == "true" ]]; then
-    render_j2_config "/templates/httpd-vmedia.conf.j2" \
+    render_j2_config "/tmp/httpd-vmedia.conf.j2" \
        "${HTTPD_CONF_DIR_D}/vmedia.conf"
 fi
@@ -66,7 +68,7 @@ fi
 if [[ "$IPXE_TLS_SETUP" == "true" ]]; then
    mkdir -p /shared/html/custom-ipxe
    chmod 0777 /shared/html/custom-ipxe
-    render_j2_config "/templates/httpd-ipxe.conf.j2" "${HTTPD_CONF_DIR_D}/ipxe.conf"
+    render_j2_config "/tmp/httpd-ipxe.conf.j2" "${HTTPD_CONF_DIR_D}/ipxe.conf"
    cp "${IPXE_CUSTOM_FIRMWARE_DIR}/undionly.kpxe" \
       "${IPXE_CUSTOM_FIRMWARE_DIR}/snponly.efi" \
       "/shared/html/custom-ipxe"
--- a/ironic-image/scripts/runironic
+++ b/ironic-image/scripts/runironic
@@ -15,13 +15,4 @@ configure_restart_on_certificate_update "${IRONIC_TLS_SETUP}" ironic "${IRONIC_C
 configure_ironic_auth
 if [[ -d "${BMC_CACERTS_PATH}" ]]; then
    # shellcheck disable=SC2034
    watchmedo shell-command \
        --patterns="*" \
        --ignore-directories \
        --command='cat "${BMC_CACERTS_PATH}"/* > "${BMC_CACERT_FILE}"' \
        "${BMC_CACERTS_PATH}" &
 fi
 exec /usr/bin/ironic --config-dir "${IRONIC_CONF_DIR}"
--- a/ironic-image/scripts/runironic-exporter
+++ b/ironic-image/scripts/runironic-exporter
@@ -1,20 +0,0 @@
 #!/usr/bin/bash
 # Set dummy provisioning IP to avoid interface detection issues (not needed to run IPE to service `/metrics`)
 export PROVISIONING_IP="127.0.0.1"
 # Set to true since running this script implies sensor data metrics are needed
 # ironic-prometheus-exporter (IPE) needs to read from oslo_messaging_notifications.location (i.e content under /shared) where Ironic writes to
 export SEND_SENSOR_DATA=true
 # shellcheck disable=SC1091
 . /bin/configure-ironic.sh
 # shellcheck disable=SC1091
 . /bin/ironic-common.sh
 FLASK_RUN_HOST=${FLASK_RUN_HOST:-0.0.0.0}
 FLASK_RUN_PORT=${FLASK_RUN_PORT:-9608}
 export IRONIC_CONFIG="${IRONIC_CONF_DIR}/ironic.conf"
 exec gunicorn -b "${FLASK_RUN_HOST}:${FLASK_RUN_PORT}" -w 4 \
    ironic_prometheus_exporter.app.wsgi:application
--- a/ironic-image/scripts/runlogwatch.sh
+++ b/ironic-image/scripts/runlogwatch.sh
@@ -1,32 +1,17 @@
 #!/usr/bin/bash
 # Ramdisk logs path
-export LOG_DIR="/shared/log/ironic/deploy"
+LOG_DIR="/shared/log/ironic/deploy"
 mkdir -p "${LOG_DIR}"
-# Function to process log files
+# shellcheck disable=SC2034
-process_log_file() {
+python3.11 -m pyinotify --raw-format -e IN_CLOSE_WRITE -v "${LOG_DIR}" |
-    local FILEPATH="$1"
+    while read -r event dir mask maskname filename filepath pathname wd; do
-    # shellcheck disable=SC2155
+        #NOTE(elfosardo): a pyinotify event looks like this:
-    local FILENAME=$(basename "${FILEPATH}")
+        # <Event dir=False mask=0x8 maskname=IN_CLOSE_WRITE name=mylogs.gzip path=/shared/log/ironic/deploy pathname=/shared/log/ironic/deploy/mylogs.gzip wd=1 >
-
+        FILENAME=$(echo "${filename}" | cut -d'=' -f2-)
        echo "************ Contents of ${LOG_DIR}/${FILENAME} ramdisk log file bundle **************"
-    tar -tzf "${FILEPATH}" | while read -r entry; do
+        tar -xOzvvf "${LOG_DIR}/${FILENAME}" | sed -e "s/^/${FILENAME}: /"
-        echo "${FILENAME}: **** Entry: ${entry} ****"
+        rm -f "${LOG_DIR}/${FILENAME}"
        tar -xOzf "${FILEPATH}" "${entry}" | sed -e "s/^/${FILENAME}: /"
        echo
    done
    rm -f "${FILEPATH}"
 }
 # Export the function so watchmedo can use it
 export -f process_log_file
 # Use watchmedo to monitor for file close events
 # shellcheck disable=SC2016
 watchmedo shell-command \
    --patterns="*" \
    --ignore-directories \
    --command='if [[ "${watch_event_type}" == "closed" ]]; then process_log_file "${watch_src_path}"; fi' \
    "${LOG_DIR}"
--- a/ironic-image/scripts/tls-common.sh
+++ b/ironic-image/scripts/tls-common.sh
@@ -1,14 +1,13 @@
 #!/bin/bash
 export IRONIC_CERT_FILE=/certs/ironic/tls.crt
 export IRONIC_KEY_FILE=/certs/ironic/tls.key
 export IRONIC_CACERT_FILE=/certs/ca/ironic/tls.crt
 export IRONIC_INSECURE=${IRONIC_INSECURE:-false}
 export IRONIC_SSL_PROTOCOL=${IRONIC_SSL_PROTOCOL:-"-ALL +TLSv1.2 +TLSv1.3"}
 export IPXE_SSL_PROTOCOL=${IPXE_SSL_PROTOCOL:-"-ALL +TLSv1.2 +TLSv1.3"}
 export IRONIC_VMEDIA_SSL_PROTOCOL=${IRONIC_VMEDIA_SSL_PROTOCOL:-"ALL"}
 # Node image storage is using the same cert and port as the API
 export IRONIC_CERT_FILE=/certs/ironic/tls.crt
 export IRONIC_KEY_FILE=/certs/ironic/tls.key
 export IRONIC_VMEDIA_CERT_FILE=/certs/vmedia/tls.crt
 export IRONIC_VMEDIA_KEY_FILE=/certs/vmedia/tls.key
@@ -17,15 +16,15 @@ export IPXE_KEY_FILE=/certs/ipxe/tls.key
 export RESTART_CONTAINER_CERTIFICATE_UPDATED=${RESTART_CONTAINER_CERTIFICATE_UPDATED:-"false"}
 # By default every cert has to be signed with Ironic's
 # CA otherwise node image and IPA verification would fail
 export MARIADB_CACERT_FILE=/certs/ca/mariadb/tls.crt
 export BMC_CACERTS_PATH=/certs/ca/bmc
 export BMC_CACERT_FILE=/conf/bmc-tls.pem
 export IRONIC_CACERT_FILE=/certs/ca/ironic/tls.crt
 export IPXE_TLS_PORT="${IPXE_TLS_PORT:-8084}"
 mkdir -p /certs/ironic
 mkdir -p /certs/ca/ironic
 mkdir -p /certs/ipxe
 mkdir -p /certs/vmedia
 if [[ -f "$IRONIC_CERT_FILE" ]] && [[ ! -f "$IRONIC_KEY_FILE" ]]; then
    echo "Missing TLS Certificate key file $IRONIC_KEY_FILE"
    exit 1
@@ -70,7 +69,6 @@ if [[ -f "$IRONIC_CERT_FILE" ]] || [[ -f "$IRONIC_CACERT_FILE" ]]; then
    export IRONIC_TLS_SETUP="true"
    export IRONIC_SCHEME="https"
    if [[ ! -f "$IRONIC_CACERT_FILE" ]]; then
        mkdir -p "$(dirname "${IRONIC_CACERT_FILE}")"
        copy_atomic "$IRONIC_CERT_FILE" "$IRONIC_CACERT_FILE"
    fi
 else
@@ -107,23 +105,11 @@ configure_restart_on_certificate_update()
    if [[ "${enabled}" == "true" ]] && [[ "${RESTART_CONTAINER_CERTIFICATE_UPDATED}" == "true" ]]; then
        if [[ "${service}" == httpd ]]; then
            # shellcheck disable=SC2034
            signal="WINCH"
        fi
-
+        python3 -m pyinotify --raw-format -e IN_DELETE_SELF -v "${cert_file}" |
-        # Use watchmedo to monitor certificate file deletion
+            while read -r; do
-        # shellcheck disable=SC2016
+                pkill "-${signal}" "${service}"
-        watchmedo shell-command \
+            done &
            --patterns="$(basename "${cert_file}")" \
            --ignore-directories \
            --command='if [[ "${watch_event_type}" == "deleted" ]]; then pkill -'"${signal}"' '"${service}"'; fi' \
            "$(dirname "${cert_file}")" &
    fi
 }
 if [ -d "${BMC_CACERTS_PATH}" ]; then
    export BMC_TLS_ENABLED="true"
    cat "${BMC_CACERTS_PATH}"/* > "${BMC_CACERT_FILE}"
 else
    export BMC_TLS_ENABLED="false"
 fi
--- a/ironic-ipa-downloader-image/Dockerfile
+++ b/ironic-ipa-downloader-image/Dockerfile
@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.10
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.8
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.10-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.8-%RELEASE%
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
@@ -9,6 +9,8 @@ COPY --from=micro / /installroot/
 RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
 RUN zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-x86_64 ironic-ipa-ramdisk-aarch64 tar gawk curl xz zstd shadow cpio findutils
 RUN cp /usr/bin/getopt /installroot/
 FROM micro AS final
 # Define labels according to https://en.opensuse.org/Building_derived_containers
@@ -16,11 +18,11 @@ FROM micro AS final
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
 LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="3.0.10"
+LABEL org.opencontainers.image.version="3.0.8"
 LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.10-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.8-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -30,6 +32,7 @@ LABEL com.suse.release-stage="released"
 # endlabelprefix
 COPY --from=base /installroot /
 RUN cp /getopt /usr/bin/
 RUN sha256sum /srv/tftpboot/openstack-ironic-image/initrd*.zst /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel > /tmp/images.sha256
 # configure non-root user
 COPY configure-nonroot.sh /bin/
--- a/ironic-ipa-downloader-image/Dockerfile.aarch64
+++ b/ironic-ipa-downloader-image/Dockerfile.aarch64
@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.10
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.8
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.10-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.8-%RELEASE%
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
@@ -9,6 +9,8 @@ COPY --from=micro / /installroot/
 RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
 RUN zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-aarch64 tar gawk curl xz zstd shadow cpio findutils
 RUN cp /usr/bin/getopt /installroot/
 FROM micro AS final
 # Define labels according to https://en.opensuse.org/Building_derived_containers
@@ -16,11 +18,11 @@ FROM micro AS final
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
 LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="3.0.10"
+LABEL org.opencontainers.image.version="3.0.8"
 LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.10-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.8-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -30,6 +32,7 @@ LABEL com.suse.release-stage="released"
 # endlabelprefix
 COPY --from=base /installroot /
 RUN cp /getopt /usr/bin/
 RUN sha256sum /srv/tftpboot/openstack-ironic-image/initrd*.zst /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel > /tmp/images.sha256
 # configure non-root user
 COPY configure-nonroot.sh /bin/
--- a/ironic-ipa-downloader-image/Dockerfile.x86_64
+++ b/ironic-ipa-downloader-image/Dockerfile.x86_64
@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.10
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.8
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.10-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.8-%RELEASE%
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
@@ -9,6 +9,8 @@ COPY --from=micro / /installroot/
 RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
 RUN zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-x86_64 tar gawk curl xz zstd shadow cpio findutils
 RUN cp /usr/bin/getopt /installroot/
 FROM micro AS final
 # Define labels according to https://en.opensuse.org/Building_derived_containers
@@ -16,11 +18,11 @@ FROM micro AS final
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
 LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="3.0.10"
+LABEL org.opencontainers.image.version="3.0.8"
 LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.10-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.8-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -30,6 +32,7 @@ LABEL com.suse.release-stage="released"
 # endlabelprefix
 COPY --from=base /installroot /
 RUN cp /getopt /usr/bin/
 RUN sha256sum /srv/tftpboot/openstack-ironic-image/initrd*.zst /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel > /tmp/images.sha256
 # configure non-root user
 COPY configure-nonroot.sh /bin/
--- a/ironic-ipa-downloader-image/get-resource.sh
+++ b/ironic-ipa-downloader-image/get-resource.sh
@@ -29,12 +29,13 @@ if [ -z "${IPA_BASEURI}" ]; then
  # SLES BASED IPA - ironic-ipa-ramdisk-x86_64 and ironic-ipa-ramdisk-aarch64 packages
  mkdir -p /shared/html/images
  if [ -f ${IMAGES_BASE_PATH}/initrd-x86_64.zst ]; then
-    cp ${IMAGES_BASE_PATH}/initrd-x86_64.zst /shared/html/images/ironic-python-agent_x86_64.initramfs
+    cp ${IMAGES_BASE_PATH}/initrd-x86_64.zst /shared/html/images/ironic-python-agent-x86_64.initramfs
-    cp ${IMAGES_BASE_PATH}/openstack-ironic-image.x86_64*.kernel /shared/html/images/ironic-python-agent_x86_64.kernel
+    cp ${IMAGES_BASE_PATH}/openstack-ironic-image.x86_64*.kernel /shared/html/images/ironic-python-agent-x86_64.kernel
  fi
  # Use arm64 as destination for iPXE compatibility
  if [ -f ${IMAGES_BASE_PATH}/initrd-aarch64.zst ]; then
-    cp ${IMAGES_BASE_PATH}/initrd-aarch64.zst /shared/html/images/ironic-python-agent_aarch64.initramfs
+    cp ${IMAGES_BASE_PATH}/initrd-aarch64.zst /shared/html/images/ironic-python-agent-arm64.initramfs
-    cp ${IMAGES_BASE_PATH}/openstack-ironic-image.aarch64*.kernel /shared/html/images/ironic-python-agent_aarch64.kernel
+    cp ${IMAGES_BASE_PATH}/openstack-ironic-image.aarch64*.kernel /shared/html/images/ironic-python-agent-arm64.kernel
  fi
  cp /tmp/images.sha256 /shared/images.sha256
@@ -86,8 +87,8 @@ else
      chmod 755 "$TMPDIR"
      mv "$TMPDIR" "$FILENAME-$ETAG"
      ln -sf "$FILENAME-$ETAG/$FFILENAME.headers" "$FFILENAME.headers"
-      ln -sf "$FILENAME-$ETAG/$FILENAME.initramfs" "${FILENAME}_${ARCH,,}.initramfs"
+      ln -sf "$FILENAME-$ETAG/$FILENAME.initramfs" "$FILENAME-${ARCH,,}.initramfs"
-      ln -sf "$FILENAME-$ETAG/$FILENAME.kernel" "${FILENAME}_${ARCH,,}.kernel"
+      ln -sf "$FILENAME-$ETAG/$FILENAME.kernel" "$FILENAME-${ARCH,,}.kernel"
      IMAGE_CHANGED=1
  else
@@ -99,7 +100,7 @@ if [ "${CERTS_CHANGED:-0}" = "1" ] || [ "${IMAGE_CHANGED:-0}" = "1" ]; then
  mkdir -p /tmp/ca/tmp-initrd && cd /tmp/ca/tmp-initrd
  mkdir -p etc/ironic-python-agent.d/ca-certs
  cp /tmp/ironic-certificates/* etc/ironic-python-agent.d/ca-certs/
-  for initramfs in /shared/html/images/ironic-python-agent_*.initramfs; do
+  for initramfs in /shared/html/images/ironic-python-agent-*.initramfs; do
    find . | cpio -o -H newc --reproducible | zstd -c >> "${initramfs}"
  done
  cp /tmp/certificates.sha256 /shared/certificates.sha256
--- a/ironic-ipa-ramdisk/config.sh
+++ b/ironic-ipa-ramdisk/config.sh
@@ -16,7 +16,7 @@ baseSetupBuildDay
 #==========================================
 # remove unneded kernel files
 #------------------------------------------
-#suseStripKernel
+suseStripKernel
 baseStripLocales en_US.utf-8 C.utf8
 #======================================
--- a/ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi
+++ b/ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi
@@ -28,6 +28,68 @@
      <source path="dir:///.build.binaries"/>
    </repository>
    <drivers>
        <file name="crypto/*"/>
        <file name="drivers/acpi/*"/>
        <file name="drivers/acpi/dock.ko"/>
        <file name="drivers/ata/*"/>
        <file name="drivers/block/brd.ko"/>
        <file name="drivers/block/cciss.ko"/>
        <file name="drivers/block/loop.ko"/>
        <file name="drivers/block/virtio_blk.ko"/>
        <file name="drivers/cdrom/*"/>
        <file name="drivers/char/hw_random/virtio-rng.ko"/>
        <file name="drivers/char/lp.ko"/>
        <file name="drivers/char/ipmi/*"/>
        <file name="drivers/firmware/iscsi_ibft.ko"/>
        <file name="drivers/firmware/edd.ko"/>
        <file name="drivers/gpu/drm/*"/>
        <file name="drivers/hid/*"/>
        <file name="drivers/hv/*"/>
        <file name="drivers/hwmon/*"/>
        <file name="drivers/ide/*"/>
        <file name="drivers/input/keyboard/*"/>
        <file name="drivers/input/mouse/*"/>
        <file name="drivers/md/*"/>
        <file name="drivers/message/fusion/*"/>
        <file name="drivers/misc/hpilo.ko"/>
        <file name="drivers/net/*"/>
        <file name="drivers/parport/*"/>
        <file name="drivers/scsi/*"/>
        <file name="drivers/staging/hv/*"/>
        <file name="drivers/target/*"/>
        <file name="drivers/thermal/*"/>
        <file name="drivers/usb/*"/>
        <file name="drivers/virtio/*"/>
        <file name="fs/binfmt_aout.ko"/>
        <file name="fs/binfmt_misc.ko"/>
        <file name="fs/overlayfs/*"/>
        <file name="fs/btrfs/*"/>
        <file name="fs/exportfs/*"/>
        <file name="fs/ext4/*"/>
        <file name="fs/fat/*"/>
        <file name="fs/fuse/*"/>
        <file name="fs/hfs/*"/>
        <file name="fs/jbd2/*"/>
        <file name="fs/nfs/*"/>
        <file name="fs/mbcache.ko"/>
        <file name="fs/nls/nls_cp437.ko"/>
        <file name="fs/nls/nls_iso8859-1.ko"/>
        <file name="fs/nls/nls_utf8.ko"/>
        <file name="fs/quota_v1.ko"/>
        <file name="fs/quota_v2.ko"/>
        <file name="fs/squashfs/*"/>
        <file name="fs/udf/*"/>
        <file name="fs/vfat/*"/>
        <file name="fs/xfs/*"/>
        <file name="fs/isofs/*"/>
        <file name="lib/crc-t10dif.ko"/>
        <file name="lib/crc16.ko"/>
        <file name="lib/libcrc32c.ko"/>
        <file name="lib/zlib_deflate/zlib_deflate.ko"/>
        <file name="net/packet/*"/>
    </drivers>
    <packages type="delete">
        <package name="gpg2"/>
        <package name="libcairo2"/>
@@ -76,7 +138,6 @@
        <package name="grub2-i386-pc" arch="x86_64"/>
        <package name="grub2-x86_64-efi" arch="x86_64"/>
        <package name="grub2"/>
        <package name="gettext-runtime"/>
        <package name="iproute2"/>
        <package name="iputils"/>
        <package name="kernel-default"/>
@@ -88,7 +149,6 @@
        <package name="timezone"/>
        <package name="which"/>
        <!-- ironic-python-agent specific -->
        <package name="chrony"/>
        <package name="dmidecode"/>
        <package name="efibootmgr"/>
        <package name="gptfdisk"/>
@@ -97,14 +157,15 @@
        <package name="ipmitool"/>
        <package name="iputils"/>
        <package name="kbd"/>
        <package name="krb5"/>
        <package name="lshw"/>
        <package name="lvm2"/>
        <package name="net-tools"/>
        <package name="ntp"/>
        <package name="open-iscsi"/>
        <package name="openstack-ironic-python-agent"/>
        <package name="parted"/>
        <package name="psmisc"/>
        <package name="python311-proliantutils"/>
        <package name="qemu-tools"/>
        <package name="timezone"/>
        <package name="which"/>
--- a/ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec
+++ b/ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec
@@ -19,7 +19,7 @@
 Name:           ironic-ipa-ramdisk
-Version:        3.0.8
+Version:        3.0.7
 Release:        0
 Summary:        Kernel and ramdisk image for OpenStack Ironic
 License:        SUSE-EULA
@@ -29,12 +29,12 @@ Source0:        config.sh
 Source10:       ironic-ipa-ramdisk.kiwi
 Source20:       root
 #!BuildIgnore:  systemd-mini
 BuildRequires: systemd
 BuildRequires:  -post-build-checks
 BuildRequires:  bash
 BuildRequires:  kiwi
 BuildRequires:  kiwi-tools
 BuildRequires:  zypper
 BuildArch:      noarch
 BuildRequires:  checkmedia
 BuildRequires:  acl
@@ -55,6 +55,7 @@ BuildRequires:  grub2-x86_64-efi
 %ifarch aarch64
 BuildRequires:  grub2-arm64-efi
 %endif
 BuildRequires:  haveged
 BuildRequires:  hdparm
 BuildRequires:  hwinfo
 BuildRequires:  ipmitool
@@ -64,7 +65,7 @@ BuildRequires:  kernel-default
 BuildRequires:  kernel-firmware-all
 BuildRequires:  lvm2
 BuildRequires:  net-tools
-BuildRequires:  chrony
+BuildRequires:  ntp
 BuildRequires:  open-iscsi
 BuildRequires:  openssh
 BuildRequires:  openstack-ironic-python-agent
@@ -76,6 +77,7 @@ BuildRequires:  pkgconfig
 BuildRequires:  Mesa-gallium
 BuildRequires:  plymouth
 BuildRequires:  plymouth-scripts
 BuildRequires:  python311-proliantutils
 BuildRequires:  psmisc
 BuildRequires:  qemu-tools
 BuildRequires:  sg3_utils
@@ -103,9 +105,6 @@ BuildRequires:  lshw
 BuildRequires:  kbd
 BuildRequires:  dmidecode
 BuildRequires:  efibootmgr
 BuildRequires:  glibc-locale
 BuildRequires:  krb5
 BuildRequires:  gettext-runtime
 %ifarch x86_64
 BuildRequires:  syslinux
 %endif
@@ -114,9 +113,10 @@ BuildRequires:  syslinux
 Kernel and ramdisk image for use with Metal3
 %package %{_arch}
 BuildArch:      noarch
 Summary:        Kernel and ramdisk image for Metal3
 Group:          System/Management
 Provides:       openstack-ironic-python-agent = %{version}
 Obsoletes:      openstack-ironic-python-agent < %{version}
 %description %{_arch}
 Kernel and ramdisk image for use with Metal3
--- a/kiwi-builder-image/Dockerfile
+++ b/kiwi-builder-image/Dockerfile
@@ -1,8 +1,8 @@
-#!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.2.29.1-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.2.12.0-%RELEASE%
-#!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.2.29.1
+#!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.2.12.0
 # Base image version, should match the tag above
-ARG KIWIVERSION="10.2.29"
+ARG KIWIVERSION="10.2.12"
 FROM registry.suse.com/bci/kiwi:${KIWIVERSION}
 ARG KIWIVERSION
@@ -33,6 +33,4 @@ RUN mkdir -p /micro-sdk/defs
 ADD SL-Micro.kiwi /micro-sdk/defs
 ADD SL-Micro.kiwi.4096 /micro-sdk/defs
 ADD config.sh /micro-sdk/defs
 ADD disk.sh /micro-sdk/defs
 ADD editbootinstall_rpi.sh /micro-sdk/defs
 ADD editbootinstall_pine64.sh /micro-sdk/defs
--- a/kiwi-builder-image/README.build.md
+++ b/kiwi-builder-image/README.build.md
@@ -1,28 +0,0 @@
 The following files are coming from _upstream_ https://build.opensuse.org/package/show/SUSE:SLFO:Products:SL-Micro:6.2/SL-Micro :
 * SL-Micro.kiwi
 * disk.sh
 * config.sh
 * editbootinstall_pine64.sh
 * editbootinstall_rpi.sh
 Those can be downloaded as:
 ```
 curl -LO https://src.suse.de/products/SL-Micro/raw/branch/6.2/SL-Micro/SL-Micro.kiwi
 ```
 The SL-Micro.kiwi file needs to be modified to append a few packages on the bootstrap stanza to be able to generate images with no SSL errors:
 ```
     <packages type="bootstrap">
         <package name="filesystem"/>
 +        <package name="coreutils"/>
 +        <package name="ca-certificates"/>
 +        <package name="ca-certificates-mozilla"/>
     </packages>
 ```
 The SL-Micro.kiwi.4096 file needs to be modified to modify the `target_blocksize="4096"` where appropiate.
 All the other files are used verbatim.
--- a/kiwi-builder-image/SL-Micro.kiwi
+++ b/kiwi-builder-image/SL-Micro.kiwi
@@ -30,13 +30,16 @@
        <profile name="x86-self_install" description="Raw disk for x86_64 - uEFI" arch="x86_64">
            <requires profile="bootloader"/>
        </profile>
        <profile name="aarch64" description="Raw disk for aarch64 - uEFI" arch="aarch64">
            <requires profile="bootloader"/>
        </profile>
        <profile name="aarch64-self_install" description="Raw disk for aarch64" arch="aarch64">
            <requires profile="bootloader"/>
        </profile>
        <profile name="aarch64-rt" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
            <requires profile="bootloader"/>
        </profile>
-        <profile name="aarch64-rt-encrypted" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
+        <profile name="aarch64-rt-rpi" description="Raw disk for aarch64 with RT kernel on Raspberry Pi" arch="aarch64">
            <requires profile="bootloader"/>
        </profile>
        <profile name="aarch64-rt-self_install" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
@@ -57,15 +60,6 @@
        <profile name="rpi" description="Raw disk for Raspberry Pi" arch="aarch64">
            <requires profile="bootloader"/>
        </profile>
        <profile name="rpi-self_install" description="Raw disk for Raspberry Pi" arch="aarch64">
            <requires profile="bootloader"/>
        </profile>
        <profile name="aarch64" description="Raw disk for Raspberry Pi" arch="aarch64">
            <requires profile="bootloader"/>
        </profile>
        <profile name="aarch64-encrypted" description="Raw disk for Raspberry Pi" arch="aarch64">
            <requires profile="bootloader"/>
        </profile>
        <profile name="x86-qcow" description="qcow2 for x86_64 - uEFI" arch="x86_64">
            <requires profile="bootloader"/>
        </profile>
@@ -96,15 +90,6 @@
        <profile name="ppc64le-4096ss-self_install" description="Raw disk for PPc64 - 4096 sector size" arch="ppc64le">
            <requires profile="bootloader"/>
        </profile>
       	<profile name="aarch64-64kb" description="Build 64K page size aarch64 images" arch="aarch64">
            <requires profile="bootloader"/>
        </profile>
       	<profile name="aarch64-64kb-encrypted" description="Build 64K page size aarch64 images" arch="aarch64">
            <requires profile="bootloader"/>
        </profile>
       	<profile name="aarch64-64kb-self_install" description="Build 64K page size aarch64 images" arch="aarch64">
            <requires profile="bootloader"/>
        </profile>
        <!-- Images (flavor + platform) -->
        <profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
            <requires profile="full"/>
@@ -169,10 +154,18 @@
            <requires profile="full"/>
            <requires profile="aarch64"/>
        </profile>
        <profile name="Default-RPi" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="aarch64">
            <requires profile="full"/>
            <requires profile="rpi"/>
        </profile>
        <profile name="Base" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
            <requires profile="container-host"/>
            <requires profile="aarch64"/>
        </profile>
        <profile name="Base-RPi" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
            <requires profile="container-host"/>
            <requires profile="rpi"/>
        </profile>
        <profile name="Base-RT" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
            <requires profile="container-host"/>
            <requires profile="x86-rt"/>
@@ -186,6 +179,10 @@
            <requires profile="container-host"/>
            <requires profile="aarch64-rt"/>
        </profile>
        <profile name="Base-RT-RPi" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
            <requires profile="container-host"/>
            <requires profile="aarch64-rt-rpi"/>
        </profile>
        <profile name="Base-RT-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="aarch64">
            <requires profile="container-host"/>
            <requires profile="aarch64-rt-self_install"/>
@@ -280,42 +277,10 @@
            <requires profile="ppc64le-4096ss-self_install"/>
            <requires profile="self_install"/>
        </profile>
 	<profile name="Default-64kb-SelfInstall" description="SL Micro with 64K page size images" arch="aarch64">
            <requires profile="full"/>
            <requires profile="aarch64-64kb-self_install"/>
        </profile>
 	<profile name="Base-64kb-SelfInstall" description="SL Micro with 64K page size images" arch="aarch64">
            <requires profile="container-host"/>
            <requires profile="aarch64-64kb-self_install"/>
        </profile>
 	<profile name="Default-64kb" description="SL Micro with 64K page size images" arch="aarch64">
            <requires profile="full"/>
            <requires profile="aarch64-64kb"/>
        </profile>
 	<profile name="Base-64kb" description="SL Micro with 64K page size images" arch="aarch64">
            <requires profile="container-host"/>
            <requires profile="aarch64-64kb"/>
        </profile>
 	<profile name="Default-64kb-encrypted" description="SL Micro with 64K page size images" arch="aarch64">
            <requires profile="full"/>
            <requires profile="aarch64-64kb-encrypted"/>
        </profile>
 	<profile name="Base-64kb-encrypted" description="SL Micro with 64K page size images" arch="aarch64">
            <requires profile="container-host"/>
            <requires profile="aarch64-64kb-encrypted"/>
        </profile>
 	<profile name="RaspberryPi-SelfInstall" description="SL Micro for Rapsberry Pi" arch="aarch64">
            <requires profile="full"/>
            <requires profile="rpi-self_install"/>
        </profile>
 	<profile name="RaspberryPi" description="SL Micro for Raspberry Pi" arch="aarch64">
            <requires profile="full"/>
            <requires profile="rpi"/>
        </profile>
    </profiles>
    <preferences profiles="x86-encrypted,x86-rt-encrypted">
-        <version>6.2</version>
+        <version>6.1</version>
        <packagemanager>zypper</packagemanager>
        <bootsplash-theme>SLE</bootsplash-theme>
        <bootloader-theme>SLE</bootloader-theme>
@@ -326,8 +291,7 @@
            initrd_system="dracut"
            filesystem="btrfs"
            firmware="uefi"
-            efipartsize="512"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 rd.kiwi.oem.luks.reencrypt rd.kiwi.oem.luks.reencrypt_randompass quiet systemd.show_status=1"
            bootpartition="false"
            bootkernel="custom"
            devicepersistency="by-uuid"
@@ -359,7 +323,7 @@
        </type>
    </preferences>
    <preferences profiles="x86,x86-rt">
-        <version>6.2</version>
+        <version>6.1</version>
        <packagemanager>zypper</packagemanager>
        <bootsplash-theme>SLE</bootsplash-theme>
        <bootloader-theme>SLE</bootloader-theme>
@@ -370,8 +334,7 @@
            initrd_system="dracut"
            filesystem="btrfs"
            firmware="uefi"
-            efipartsize="512"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1"
            bootpartition="false"
            bootkernel="custom"
            devicepersistency="by-uuid"
@@ -396,7 +359,7 @@
    </preferences>
    <preferences profiles="x86-self_install,x86-rt-self_install">
-        <version>6.2</version>
+        <version>6.1</version>
        <packagemanager>zypper</packagemanager>
        <bootsplash-theme>SLE</bootsplash-theme>
        <bootloader-theme>SLE</bootloader-theme>
@@ -411,8 +374,7 @@
            installboot="install"
            install_continue_on_timeout="false"
            firmware="uefi"
-            efipartsize="512"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1"
            bootpartition="false"
            bootkernel="custom"
            devicepersistency="by-uuid"
@@ -435,8 +397,9 @@
            </systemdisk>
        </type>
    </preferences>
-    <preferences profiles="aarch64,aarch64-rt,aarch64-64kb">
+
-        <version>6.2</version>
+    <preferences profiles="rpi,aarch64-rt-rpi">
        <version>6.1</version>
        <packagemanager>zypper</packagemanager>
        <bootsplash-theme>SLE</bootsplash-theme>
        <bootloader-theme>SLE</bootloader-theme>
@@ -451,96 +414,11 @@
            install_continue_on_timeout="false"
            fsmountoptions="noatime"
            firmware="uefi"
-            efipartsize="512"
+            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1"
            bootpartition="false"
            devicepersistency="by-uuid"
            btrfs_root_is_snapshot="true"
            btrfs_root_is_readonly_snapshot="true"
            btrfs_quota_groups="false"
            disk_start_sector="8192"
        >
            <bootloader name="grub2" console="gfxterm" timeout="3" />
            <systemdisk>
                <volume name="home"/>
                <volume name="root"/>
                <!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
                <volume name="opt"/>
                <volume name="srv"/>
                <volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
                <volume name="boot/writable"/>
                <volume name="usr/local"/>
                <volume name="var" copy_on_write="false"/>
            </systemdisk>
        </type>
    </preferences>
    <preferences profiles="aarch64-encrypted,aarch64-rt-encrypted,aarch64-64kb-encrypted">
        <version>6.2</version>
        <packagemanager>zypper</packagemanager>
        <bootsplash-theme>SLE</bootsplash-theme>
        <bootloader-theme>SLE</bootloader-theme>
        <rpm-excludedocs>true</rpm-excludedocs>
        <locale>en_US</locale>
        <type
            image="oem"
            initrd_system="dracut"
            installiso="true"
            filesystem="btrfs"
            installboot="install"
            install_continue_on_timeout="false"
            fsmountoptions="noatime"
            firmware="uefi"
            efipartsize="512"
            kernelcmdline="security=selinux selinux=1 rd.kiwi.oem.luks.reencrypt rd.kiwi.oem.luks.reencrypt_randompass quiet systemd.show_status=1"
            bootpartition="false"
            devicepersistency="by-uuid"
            btrfs_root_is_snapshot="true"
            btrfs_root_is_readonly_snapshot="true"
            btrfs_quota_groups="false"
            disk_start_sector="8192"
            luks_version="luks2"
            luks="1234"
 	    luks_randomize="false"
 	    luks_pbkdf="pbkdf2"
        >
            <luksformat>
                <option name="--cipher" value="aes-xts-plain64"/>
            </luksformat>
            <bootloader name="grub2" console="gfxterm" use_disk_password="true" timeout="3" />
            <systemdisk>
                <volume name="home"/>
                <volume name="root"/>
                <!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
                <volume name="opt"/>
                <volume name="srv"/>
                <volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
                <volume name="boot/writable"/>
                <volume name="usr/local"/>
                <volume name="var" copy_on_write="false"/>
            </systemdisk>
        </type>
    </preferences>
    <preferences profiles="rpi">
        <version>6.2</version>
        <packagemanager>zypper</packagemanager>
        <bootsplash-theme>SLE</bootsplash-theme>
        <bootloader-theme>SLE</bootloader-theme>
        <rpm-excludedocs>true</rpm-excludedocs>
        <locale>en_US</locale>
        <type
            image="oem"
            initrd_system="dracut"
            installiso="true"
            filesystem="btrfs"
            installboot="install"
            install_continue_on_timeout="false"
            fsmountoptions="noatime"
            firmware="uefi"
            efipartsize="512"
            kernelcmdline="console=ttyS0,115200n8 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1"
            bootpartition="false"
            devicepersistency="by-uuid"
            btrfs_root_is_snapshot="true"
            efipartsize="128"
            editbootinstall="editbootinstall_rpi.sh"
            btrfs_root_is_readonly_snapshot="true"
            btrfs_quota_groups="false"
@@ -560,8 +438,9 @@
            </systemdisk>
        </type>
    </preferences>
-    <preferences profiles="aarch64-self_install,aarch64-rt-self_install,aarch64-64kb-self_install">
+
-        <version>6.2</version>
+    <preferences profiles="aarch64,aarch64-rt">
        <version>6.1</version>
        <packagemanager>zypper</packagemanager>
        <bootsplash-theme>SLE</bootsplash-theme>
        <bootloader-theme>SLE</bootloader-theme>
@@ -571,20 +450,19 @@
            image="oem"
            initrd_system="dracut"
            installiso="true"
            installpxe="true"
            filesystem="btrfs"
            installboot="install"
            install_continue_on_timeout="false"
            fsmountoptions="noatime"
            firmware="uefi"
-            efipartsize="512"
+            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1"
            bootpartition="false"
            bootkernel="custom"
            devicepersistency="by-uuid"
            btrfs_root_is_snapshot="true"
            efipartsize="128"
            btrfs_root_is_readonly_snapshot="true"
-            btrfs_quota_groups="true"
+            btrfs_quota_groups="false"
-            disk_start_sector="8192"
+            disk_start_sector="4096"
        >
            <bootloader name="grub2" console="gfxterm" timeout="3" />
            <systemdisk>
@@ -600,8 +478,8 @@
            </systemdisk>
        </type>
    </preferences>
-    <preferences profiles="rpi-self_install">
+    <preferences profiles="aarch64-self_install,aarch64-rt-self_install">
-        <version>6.2</version>
+        <version>6.1</version>
        <packagemanager>zypper</packagemanager>
        <bootsplash-theme>SLE</bootsplash-theme>
        <bootloader-theme>SLE</bootloader-theme>
@@ -616,14 +494,13 @@
            installboot="install"
            install_continue_on_timeout="false"
            firmware="uefi"
-            efipartsize="512"
+            efipartsize="128"
-            kernelcmdline="console=ttyS0,115200n8 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1"
+            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
            bootpartition="false"
            bootkernel="custom"
            devicepersistency="by-uuid"
            btrfs_root_is_snapshot="true"
            btrfs_root_is_readonly_snapshot="true"
            editbootinstall="editbootinstall_rpi.sh"
            btrfs_quota_groups="true"
            disk_start_sector="4096"
        >
@@ -643,7 +520,7 @@
    </preferences>
    <preferences profiles="s390-kvm">
-        <version>6.2</version>
+        <version>6.1</version>
        <packagemanager>zypper</packagemanager>
        <bootsplash-theme>SLE</bootsplash-theme>
        <bootloader-theme>SLE</bootloader-theme>
@@ -681,7 +558,7 @@
    <preferences profiles="s390-dasd">
-        <version>6.2</version>
+        <version>6.1</version>
        <packagemanager>zypper</packagemanager>
        <bootsplash-theme>SLE</bootsplash-theme>
        <bootloader-theme>SLE</bootloader-theme>
@@ -719,7 +596,7 @@
    <preferences profiles="s390-fba">
-        <version>6.2</version>
+        <version>6.1</version>
        <packagemanager>zypper</packagemanager>
        <bootsplash-theme>SLE</bootsplash-theme>
        <bootloader-theme>SLE</bootloader-theme>
@@ -754,7 +631,7 @@
    </preferences>
    <preferences profiles="s390-fcp">
-        <version>6.2</version>
+        <version>6.1</version>
        <packagemanager>zypper</packagemanager>
        <bootsplash-theme>SLE</bootsplash-theme>
        <bootloader-theme>SLE</bootloader-theme>
@@ -793,7 +670,7 @@
    </preferences>
    <preferences profiles="x86-vmware">
-        <version>6.2</version>
+        <version>6.1</version>
        <packagemanager>zypper</packagemanager>
        <bootsplash-theme>SLE</bootsplash-theme>
        <bootloader-theme>SLE</bootloader-theme>
@@ -804,7 +681,6 @@
            filesystem="btrfs"
            format="vmdk"
            firmware="uefi"
            efipartsize="512"
            bootpartition="false"
            bootkernel="custom"
            devicepersistency="by-uuid"
@@ -825,11 +701,11 @@
                <volume name="var" copy_on_write="false"/>
            </systemdisk>
            <size unit="G">24</size>
-            <machine memory="1024" HWversion="17" guestOS="suse-64"/>
+            <machine memory="1024" HWversion="10" guestOS="suse-64"/>
        </type>
    </preferences>
    <preferences profiles="x86-qcow">
-        <version>6.2</version>
+        <version>6.1</version>
        <packagemanager>zypper</packagemanager>
        <bootsplash-theme>SLE</bootsplash-theme>
        <bootloader-theme>SLE</bootloader-theme>
@@ -840,8 +716,7 @@
            format="qcow2"
            filesystem="btrfs"
            firmware="uefi"
-            efipartsize="512"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=qemu"
            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=qemu"
            bootpartition="false"
            bootkernel="custom"
            devicepersistency="by-uuid"
@@ -867,7 +742,7 @@
    </preferences>
    <preferences profiles="aarch64-qcow">
-        <version>6.2</version>
+        <version>6.1</version>
        <packagemanager>zypper</packagemanager>
        <bootsplash-theme>SLE</bootsplash-theme>
        <bootloader-theme>SLE</bootloader-theme>
@@ -878,8 +753,8 @@
            format="qcow2"
            filesystem="btrfs"
            firmware="uefi"
-            efipartsize="512"     
+            efipartsize="128"
-            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=qemu"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=qemu"
            bootpartition="false"
            bootkernel="custom"
            devicepersistency="by-uuid"
@@ -902,7 +777,7 @@
    </preferences>
    <preferences profiles="ppc64le-512ss">
-        <version>6.2</version>
+        <version>6.1</version>
        <packagemanager>zypper</packagemanager>
        <bootsplash-theme>SLE</bootsplash-theme>
        <bootloader-theme>SLE</bootloader-theme>
@@ -913,7 +788,7 @@
            image="oem"
            filesystem="btrfs"
            firmware="ofw"
-            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=metal"
+            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
            bootpartition="false"
            bootkernel="custom"
            devicepersistency="by-uuid"
@@ -935,7 +810,7 @@
        </type>
    </preferences>
    <preferences profiles="ppc64le-4096ss">
-        <version>6.2</version>
+        <version>6.1</version>
        <packagemanager>zypper</packagemanager>
        <bootsplash-theme>SLE</bootsplash-theme>
        <bootloader-theme>SLE</bootloader-theme>
@@ -949,7 +824,7 @@
            target_blocksize="4096"
            filesystem="btrfs"
            firmware="ofw"
-            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=metal"
+            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
            bootpartition="false"
            bootkernel="custom"
            devicepersistency="by-uuid"
@@ -972,7 +847,7 @@
    </preferences>
    <preferences profiles="ppc64le-512ss-self_install">
-        <version>6.2</version>
+        <version>6.1</version>
        <packagemanager>zypper</packagemanager>
        <bootsplash-theme>SLE</bootsplash-theme>
        <bootloader-theme>SLE</bootloader-theme>
@@ -985,7 +860,7 @@
            installpxe="true"
            filesystem="btrfs"
            firmware="ofw"
-            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet ignition.platform.id=metal"
+            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=metal"
            bootpartition="false"
            bootkernel="custom"
            devicepersistency="by-uuid"
@@ -1012,7 +887,7 @@
        </type>
    </preferences>
    <preferences profiles="ppc64le-4096ss-self_install">
-        <version>6.2</version>
+        <version>6.1</version>
        <packagemanager>zypper</packagemanager>
        <bootsplash-theme>SLE</bootsplash-theme>
        <bootloader-theme>SLE</bootloader-theme>
@@ -1028,7 +903,7 @@
            target_blocksize="4096"
            filesystem="btrfs"
            firmware="ofw"
-            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=metal"
+            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
            bootpartition="false"
            bootkernel="custom"
            devicepersistency="by-uuid"
@@ -1061,17 +936,20 @@
    </repository>
    <packages type="image" profiles="full">
-        <namedCollection name="transactional_base"/>
+        <namedCollection name="base_transactional"/>
-        <package name="patterns-base-transactional_base"/>
+        <package name="patterns-base-transactional"/>
        <namedCollection name="salt_minion"/>
 	<package name="patterns-base-salt_minion"/>
        <namedCollection name="kvm_host"/>
-	<package name="patterns-micro-kvm_host"/>
+	<package name="patterns-base-kvm_host"/>
 	<package name="lzop"/>
        <namedCollection name="container_runtime_podman"/>
        <package name="patterns-container-runtime_podman"/>
        <namedCollection name="cockpit"/>
-        <package name="patterns-cockpit"/>
+        <package name="patterns-base-cockpit"/>
        <namedCollection name="selinux"/>
        <package name="patterns-base-selinux"/>
        <package name="policycoreutils-python-utils"/>
        <package name="suseconnect-ng"/>
        <package name="SL-Micro-release"/>
        <package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
@@ -1081,7 +959,7 @@
 	<package name="libpwquality-tools"/>
    </packages>
-    <packages type="image" profiles="x86-encrypted,x86-rt-encrypted,aarch64-encrypted,aarch64-rt-encrypted,aarch64-64kb-encrypted">
+    <packages type="image" profiles="x86-encrypted,x86-rt-encrypted">
        <!-- full disk encryption stuff -->
        <package name="device-mapper"/>
        <package name="cryptsetup"/>
@@ -1094,12 +972,13 @@
    </packages>
    <packages type="image" profiles="container-host">
-        <namedCollection name="transactional_base"/>
+        <namedCollection name="base_transactional"/>
-        <package name="patterns-base-transactional_base"/>
+        <package name="patterns-base-transactional"/>
        <namedCollection name="container_runtime_podman"/>
        <package name="patterns-container-runtime_podman"/>
        <namedCollection name="selinux"/>
        <package name="patterns-base-selinux"/>
        <package name="policycoreutils-python-utils"/>
        <package name="suseconnect-ng"/>
        <package name="SL-Micro-release"/>
        <package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
@@ -1123,16 +1002,16 @@
 	<package name="jeos-firstboot"/>
    </packages>
-    <packages type="image" profiles="x86-qcow,x86-vmware,aarch64-qcow,ppc64le-512ss,ppc64le-4096ss,s390-dasd,s390-fcp">
+    <packages type="image" profiles="x86-qcow,x86-vmware,aarch64-qcow">
        <package name="cloud-init"/>
        <package name="cloud-init-config-suse"/>
    </packages>
    <packages type="image">
-        <namedCollection name="transactional_base"/>
+        <namedCollection name="base_transactional"/>
-        <package name="patterns-base-transactional_base"/>
+        <package name="patterns-base-transactional"/>
        <namedCollection name="hardware"/>
-        <package name="patterns-micro-hardware"/>
+        <package name="patterns-base-hardware"/>
        <package name="grub2"/>
        <package name="glibc-locale-base"/>
        <package name="ca-certificates"/>
@@ -1154,7 +1033,6 @@
 	<!-- FIXME does not build without control file which is obsolete
 	<package name="live-add-yast-repos"/> -->
 	<package name="parted"/> <!-- seems missing to deploy the image -->
 	<package name="iptables"/> <!-- needed by RKE2 -->
    </packages>
    <packages type="image" profiles="bootloader">
@@ -1171,15 +1049,11 @@
 	    <package name="kpartx" arch="s390x"/>--> <!-- previous releases picked it always, now kiwi picks partx instead -->
    </packages>
    <!-- rpi kernel-default-base does not provide all necessary drivers -->
-    <packages type="image" profiles="aarch64,rpi,rpi-self_install,aarch64-self_install,x86,x86-encrypted,aarch64-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64-qcow,s390-kvm,s390-dasd,s390-fba,s390-fcp,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
+    <packages type="image" profiles="rpi,aarch64-self_install,x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64,aarch64-qcow,s390-kvm,s390-dasd,s390-fba,s390-fcp,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
        <package name="kernel-default"/>
        <package name="kernel-firmware-all"/>
    </packages>
-    <packages type="image" profiles="aarch64-64kb,aarch64-64kb-encrypted,aarch64-64kb-self_install">
+    <packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install">
        <package name="kernel-64kb"/>
        <package name="kernel-firmware-all"/>
    </packages>
    <packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted,aarch64-rt,aarch64-rt-encrypted,aarch64-rt-self_install">
        <package name="kernel-rt"/>
        <package name="kernel-firmware-all"/>
 	<!-- FIXME intentionally removed from ALP code stream
@@ -1194,18 +1068,17 @@
    <packages type="image" profiles="s390-fcp">
        <package name="multipath-tools"/>
    </packages>
-    <!-- "oem" images uses kiwi for partition/fs resize (-repart) and SelfInstall images in addition for deployment (-dump). -->
+    <packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64,aarch64-qcow,rpi,aarch64-self_install,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
    <packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64-qcow,aarch64,aarch64-encrypted,aarch64-64kb-encrypted,rpi,rpi-self_install,aarch64-self_install,aarch64-64kb,aarch64-64kb-self_install,aarch64-rt,aarch64-rt-self_install,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
        <package name="dracut-kiwi-oem-repart"/>
        <package name="dracut-kiwi-oem-dump"/>
    </packages>
-    <packages type="image" profiles="rpi,rpi-self_install">
+    <packages type="image" profiles="rpi,aarch64-self_install,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install">
        <package name="raspberrypi-firmware" arch="aarch64"/>
        <package name="raspberrypi-firmware-config" arch="aarch64"/>
        <package name="raspberrypi-firmware-dt" arch="aarch64"/>
        <package name="u-boot-rpiarm64" arch="aarch64"/>
    </packages>
-    <packages type="image" profiles="aarch64,rpi,rpi-self_install,aarch64-self_install,aarch64-rt,aarch64-64kb,aarch64-rt-self_install,aarch64-encrypted,aarch64-rt-encrypted,aarchte-64kb-encrypted">
+    <packages type="image" profiles="rpi,aarch64-self_install,aarch64-rt,aarch64-rt-self_install">
        <package name="dracut-kiwi-oem-repart"/>
        <package name="bcm43xx-firmware"/>
        <package name="wireless-regdb"/>
@@ -1213,7 +1086,6 @@
        <package name="wpa_supplicant"/>
        <package name="grub2-arm64-efi"/>
    </packages>
    <!-- NOTE(edge): Added coreutils, ca-certificates and ca-certificates-mozilla to prevent SSL errors when building the images -->
    <packages type="bootstrap">
        <package name="filesystem"/>
        <package name="coreutils"/>
@@ -1232,13 +1104,12 @@
    </packages>
    <!-- jsc#PED-8599 -->
-    <packages type="image" profiles="Base,Base-encrypted,Base-RT,Base-RT-encrypted,Base-fba,Base-dasd,Base-fcp,Base-512,Base-4096,Default,Default-encrypted,Default-fba,Default-dasd,Default-fcp,Default-512,Default-4096,Base-64kb-encrypted,Default-64kb-encrypted">
+    <packages type="image" profiles="Base,Base-encrypted,Base-RT,Base-RT-encrypted,Base-fba,Base-dasd,Base-fcp,Base-512,Base-4096,Default,Default-encrypted,Default-fba,Default-dasd,Default-fcp,Default-512,Default-4096">
        <package name="usbguard"/>
    </packages>
    <!-- jsc#PED-8788 -->
-    <packages type="image" profiles="Base-RT,Base-RT-encrypted,x86-rt-encrypted,x86-rt,x86-rt-self_install,aarch64-rt,aarch64-rt-encrypted,aarch64-rt-self_install">
+    <packages type="image" profiles="Base-RT,Base-RT-encrypted,x86-rt-encrypted,x86-rt,x86-rt-self_install,aarch64-rt,aarch64-rt-self_install">
        <package name="stalld"/>
    </packages>
 </image>
--- a/kiwi-builder-image/SL-Micro.kiwi.4096
+++ b/kiwi-builder-image/SL-Micro.kiwi.4096
@@ -30,13 +30,16 @@
        <profile name="x86-self_install" description="Raw disk for x86_64 - uEFI" arch="x86_64">
            <requires profile="bootloader"/>
        </profile>
        <profile name="aarch64" description="Raw disk for aarch64 - uEFI" arch="aarch64">
            <requires profile="bootloader"/>
        </profile>
        <profile name="aarch64-self_install" description="Raw disk for aarch64" arch="aarch64">
            <requires profile="bootloader"/>
        </profile>
        <profile name="aarch64-rt" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
            <requires profile="bootloader"/>
        </profile>
-        <profile name="aarch64-rt-encrypted" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
+        <profile name="aarch64-rt-rpi" description="Raw disk for aarch64 with RT kernel on Raspberry Pi" arch="aarch64">
            <requires profile="bootloader"/>
        </profile>
        <profile name="aarch64-rt-self_install" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
@@ -57,15 +60,6 @@
        <profile name="rpi" description="Raw disk for Raspberry Pi" arch="aarch64">
            <requires profile="bootloader"/>
        </profile>
        <profile name="rpi-self_install" description="Raw disk for Raspberry Pi" arch="aarch64">
            <requires profile="bootloader"/>
        </profile>
        <profile name="aarch64" description="Raw disk for Raspberry Pi" arch="aarch64">
            <requires profile="bootloader"/>
        </profile>
        <profile name="aarch64-encrypted" description="Raw disk for Raspberry Pi" arch="aarch64">
            <requires profile="bootloader"/>
        </profile>
        <profile name="x86-qcow" description="qcow2 for x86_64 - uEFI" arch="x86_64">
            <requires profile="bootloader"/>
        </profile>
@@ -96,15 +90,6 @@
        <profile name="ppc64le-4096ss-self_install" description="Raw disk for PPc64 - 4096 sector size" arch="ppc64le">
            <requires profile="bootloader"/>
        </profile>
       	<profile name="aarch64-64kb" description="Build 64K page size aarch64 images" arch="aarch64">
            <requires profile="bootloader"/>
        </profile>
       	<profile name="aarch64-64kb-encrypted" description="Build 64K page size aarch64 images" arch="aarch64">
            <requires profile="bootloader"/>
        </profile>
       	<profile name="aarch64-64kb-self_install" description="Build 64K page size aarch64 images" arch="aarch64">
            <requires profile="bootloader"/>
        </profile>
        <!-- Images (flavor + platform) -->
        <profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
            <requires profile="full"/>
@@ -169,10 +154,18 @@
            <requires profile="full"/>
            <requires profile="aarch64"/>
        </profile>
        <profile name="Default-RPi" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="aarch64">
            <requires profile="full"/>
            <requires profile="rpi"/>
        </profile>
        <profile name="Base" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
            <requires profile="container-host"/>
            <requires profile="aarch64"/>
        </profile>
        <profile name="Base-RPi" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
            <requires profile="container-host"/>
            <requires profile="rpi"/>
        </profile>
        <profile name="Base-RT" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
            <requires profile="container-host"/>
            <requires profile="x86-rt"/>
@@ -186,6 +179,10 @@
            <requires profile="container-host"/>
            <requires profile="aarch64-rt"/>
        </profile>
        <profile name="Base-RT-RPi" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
            <requires profile="container-host"/>
            <requires profile="aarch64-rt-rpi"/>
        </profile>
        <profile name="Base-RT-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="aarch64">
            <requires profile="container-host"/>
            <requires profile="aarch64-rt-self_install"/>
@@ -280,55 +277,21 @@
            <requires profile="ppc64le-4096ss-self_install"/>
            <requires profile="self_install"/>
        </profile>
 	<profile name="Default-64kb-SelfInstall" description="SL Micro with 64K page size images" arch="aarch64">
            <requires profile="full"/>
            <requires profile="aarch64-64kb-self_install"/>
        </profile>
 	<profile name="Base-64kb-SelfInstall" description="SL Micro with 64K page size images" arch="aarch64">
            <requires profile="container-host"/>
            <requires profile="aarch64-64kb-self_install"/>
        </profile>
 	<profile name="Default-64kb" description="SL Micro with 64K page size images" arch="aarch64">
            <requires profile="full"/>
            <requires profile="aarch64-64kb"/>
        </profile>
 	<profile name="Base-64kb" description="SL Micro with 64K page size images" arch="aarch64">
            <requires profile="container-host"/>
            <requires profile="aarch64-64kb"/>
        </profile>
 	<profile name="Default-64kb-encrypted" description="SL Micro with 64K page size images" arch="aarch64">
            <requires profile="full"/>
            <requires profile="aarch64-64kb-encrypted"/>
        </profile>
 	<profile name="Base-64kb-encrypted" description="SL Micro with 64K page size images" arch="aarch64">
            <requires profile="container-host"/>
            <requires profile="aarch64-64kb-encrypted"/>
        </profile>
 	<profile name="RaspberryPi-SelfInstall" description="SL Micro for Rapsberry Pi" arch="aarch64">
            <requires profile="full"/>
            <requires profile="rpi-self_install"/>
        </profile>
 	<profile name="RaspberryPi" description="SL Micro for Raspberry Pi" arch="aarch64">
            <requires profile="full"/>
            <requires profile="rpi"/>
        </profile>
    </profiles>
    <preferences profiles="x86-encrypted,x86-rt-encrypted">
-        <version>6.2</version>
+        <version>6.1</version>
        <packagemanager>zypper</packagemanager>
        <bootsplash-theme>SLE</bootsplash-theme>
        <bootloader-theme>SLE</bootloader-theme>
        <rpm-excludedocs>true</rpm-excludedocs>
        <locale>en_US</locale>
        <!--  NOTE: Added 4096 support here -->
        <type
            image="oem"
            initrd_system="dracut"
            filesystem="btrfs"
            firmware="uefi"
-            efipartsize="512"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 rd.kiwi.oem.luks.reencrypt rd.kiwi.oem.luks.reencrypt_randompass quiet systemd.show_status=1"
            bootpartition="false"
            bootkernel="custom"
            devicepersistency="by-uuid"
@@ -340,6 +303,7 @@
 	    luks_randomize="false"
 	    luks_pbkdf="pbkdf2"
            target_blocksize="4096"
            efipartsize="200"
        >
            <luksformat>
                <option name="--cipher" value="aes-xts-plain64"/>
@@ -361,20 +325,18 @@
        </type>
    </preferences>
    <preferences profiles="x86,x86-rt">
-        <version>6.2</version>
+        <version>6.1</version>
        <packagemanager>zypper</packagemanager>
        <bootsplash-theme>SLE</bootsplash-theme>
        <bootloader-theme>SLE</bootloader-theme>
        <rpm-excludedocs>true</rpm-excludedocs>
        <locale>en_US</locale>
        <!--  NOTE: Added 4096 support here -->
        <type
            image="oem"
            initrd_system="dracut"
            filesystem="btrfs"
            firmware="uefi"
-            efipartsize="512"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1"
            bootpartition="false"
            bootkernel="custom"
            devicepersistency="by-uuid"
@@ -382,6 +344,7 @@
            btrfs_root_is_readonly_snapshot="true"
            btrfs_quota_groups="true"
            target_blocksize="4096"
            efipartsize="200"
        >
    	    <bootloader name="grub2" console="gfxterm" timeout="3"/>
            <systemdisk>
@@ -400,13 +363,12 @@
    </preferences>
    <preferences profiles="x86-self_install,x86-rt-self_install">
-        <version>6.2</version>
+        <version>6.1</version>
        <packagemanager>zypper</packagemanager>
        <bootsplash-theme>SLE</bootsplash-theme>
        <bootloader-theme>SLE</bootloader-theme>
        <rpm-excludedocs>true</rpm-excludedocs>
        <locale>en_US</locale>
        <!--  NOTE: Added 4096 support here -->
        <type
            image="oem"
            initrd_system="dracut"
@@ -416,8 +378,7 @@
            installboot="install"
            install_continue_on_timeout="false"
            firmware="uefi"
-            efipartsize="512"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1"
            bootpartition="false"
            bootkernel="custom"
            devicepersistency="by-uuid"
@@ -425,6 +386,7 @@
            btrfs_root_is_readonly_snapshot="true"
            btrfs_quota_groups="true"
            target_blocksize="4096"
            efipartsize="200"
        >
            <bootloader name="grub2" console="gfxterm" timeout="3" />
            <systemdisk>
@@ -441,97 +403,9 @@
            </systemdisk>
        </type>
    </preferences>
-    <preferences profiles="aarch64,aarch64-rt,aarch64-64kb">
+
-        <version>6.2</version>
+    <preferences profiles="rpi,aarch64-rt-rpi">
-        <packagemanager>zypper</packagemanager>
+        <version>6.1</version>
        <bootsplash-theme>SLE</bootsplash-theme>
        <bootloader-theme>SLE</bootloader-theme>
        <rpm-excludedocs>true</rpm-excludedocs>
        <locale>en_US</locale>
        <!--  NOTE: Added 4096 support here -->
        <type
            image="oem"
            initrd_system="dracut"
            installiso="true"
            filesystem="btrfs"
            installboot="install"
            install_continue_on_timeout="false"
            fsmountoptions="noatime"
            firmware="uefi"
            efipartsize="512"
            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1"
            bootpartition="false"
            devicepersistency="by-uuid"
            btrfs_root_is_snapshot="true"
            btrfs_root_is_readonly_snapshot="true"
            btrfs_quota_groups="false"
            disk_start_sector="8192"
            target_blocksize="4096"
        >
            <bootloader name="grub2" console="gfxterm" timeout="3" />
            <systemdisk>
                <volume name="home"/>
                <volume name="root"/>
                <!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
                <volume name="opt"/>
                <volume name="srv"/>
                <volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
                <volume name="boot/writable"/>
                <volume name="usr/local"/>
                <volume name="var" copy_on_write="false"/>
            </systemdisk>
        </type>
    </preferences>
    <preferences profiles="aarch64-encrypted,aarch64-rt-encrypted,aarch64-64kb-encrypted">
        <version>6.2</version>
        <packagemanager>zypper</packagemanager>
        <bootsplash-theme>SLE</bootsplash-theme>
        <bootloader-theme>SLE</bootloader-theme>
        <rpm-excludedocs>true</rpm-excludedocs>
        <locale>en_US</locale>
        <!--  NOTE: Added 4096 support here -->
        <type
            image="oem"
            initrd_system="dracut"
            installiso="true"
            filesystem="btrfs"
            installboot="install"
            install_continue_on_timeout="false"
            fsmountoptions="noatime"
            firmware="uefi"
            efipartsize="512"
            kernelcmdline="security=selinux selinux=1 rd.kiwi.oem.luks.reencrypt rd.kiwi.oem.luks.reencrypt_randompass quiet systemd.show_status=1"
            bootpartition="false"
            devicepersistency="by-uuid"
            btrfs_root_is_snapshot="true"
            btrfs_root_is_readonly_snapshot="true"
            btrfs_quota_groups="false"
            disk_start_sector="8192"
            luks_version="luks2"
            luks="1234"
 	    luks_randomize="false"
 	    luks_pbkdf="pbkdf2"
            target_blocksize="4096"
        >
            <luksformat>
                <option name="--cipher" value="aes-xts-plain64"/>
            </luksformat>
            <bootloader name="grub2" console="gfxterm" use_disk_password="true" timeout="3" />
            <systemdisk>
                <volume name="home"/>
                <volume name="root"/>
                <!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
                <volume name="opt"/>
                <volume name="srv"/>
                <volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
                <volume name="boot/writable"/>
                <volume name="usr/local"/>
                <volume name="var" copy_on_write="false"/>
            </systemdisk>
        </type>
    </preferences>
    <preferences profiles="rpi">
        <version>6.2</version>
        <packagemanager>zypper</packagemanager>
        <bootsplash-theme>SLE</bootsplash-theme>
        <bootloader-theme>SLE</bootloader-theme>
@@ -546,11 +420,11 @@
            install_continue_on_timeout="false"
            fsmountoptions="noatime"
            firmware="uefi"
-            efipartsize="512"
+            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
            kernelcmdline="console=ttyS0,115200n8 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1"
            bootpartition="false"
            devicepersistency="by-uuid"
            btrfs_root_is_snapshot="true"
            efipartsize="128"
            editbootinstall="editbootinstall_rpi.sh"
            btrfs_root_is_readonly_snapshot="true"
            btrfs_quota_groups="false"
@@ -570,33 +444,31 @@
            </systemdisk>
        </type>
    </preferences>
-    <preferences profiles="aarch64-self_install,aarch64-rt-self_install,aarch64-64kb-self_install">
+
-        <version>6.2</version>
+    <preferences profiles="aarch64,aarch64-rt">
        <version>6.1</version>
        <packagemanager>zypper</packagemanager>
        <bootsplash-theme>SLE</bootsplash-theme>
        <bootloader-theme>SLE</bootloader-theme>
        <rpm-excludedocs>true</rpm-excludedocs>
        <locale>en_US</locale>
        <!--  NOTE: Added 4096 support here -->
        <type
            image="oem"
            initrd_system="dracut"
            installiso="true"
            installpxe="true"
            filesystem="btrfs"
            installboot="install"
            install_continue_on_timeout="false"
            fsmountoptions="noatime"
            firmware="uefi"
-            efipartsize="512"
+            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1"
            bootpartition="false"
            bootkernel="custom"
            devicepersistency="by-uuid"
            btrfs_root_is_snapshot="true"
            efipartsize="128"
            btrfs_root_is_readonly_snapshot="true"
-            btrfs_quota_groups="true"
+            btrfs_quota_groups="false"
-            disk_start_sector="8192"
+            disk_start_sector="4096"
            target_blocksize="4096"
        >
            <bootloader name="grub2" console="gfxterm" timeout="3" />
            <systemdisk>
@@ -612,8 +484,8 @@
            </systemdisk>
        </type>
    </preferences>
-    <preferences profiles="rpi-self_install">
+    <preferences profiles="aarch64-self_install,aarch64-rt-self_install">
-        <version>6.2</version>
+        <version>6.1</version>
        <packagemanager>zypper</packagemanager>
        <bootsplash-theme>SLE</bootsplash-theme>
        <bootloader-theme>SLE</bootloader-theme>
@@ -628,14 +500,13 @@
            installboot="install"
            install_continue_on_timeout="false"
            firmware="uefi"
-            efipartsize="512"
+            efipartsize="128"
-            kernelcmdline="console=ttyS0,115200n8 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1"
+            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
            bootpartition="false"
            bootkernel="custom"
            devicepersistency="by-uuid"
            btrfs_root_is_snapshot="true"
            btrfs_root_is_readonly_snapshot="true"
            editbootinstall="editbootinstall_rpi.sh"
            btrfs_quota_groups="true"
            disk_start_sector="4096"
        >
@@ -655,7 +526,7 @@
    </preferences>
    <preferences profiles="s390-kvm">
-        <version>6.2</version>
+        <version>6.1</version>
        <packagemanager>zypper</packagemanager>
        <bootsplash-theme>SLE</bootsplash-theme>
        <bootloader-theme>SLE</bootloader-theme>
@@ -693,7 +564,7 @@
    <preferences profiles="s390-dasd">
-        <version>6.2</version>
+        <version>6.1</version>
        <packagemanager>zypper</packagemanager>
        <bootsplash-theme>SLE</bootsplash-theme>
        <bootloader-theme>SLE</bootloader-theme>
@@ -731,7 +602,7 @@
    <preferences profiles="s390-fba">
-        <version>6.2</version>
+        <version>6.1</version>
        <packagemanager>zypper</packagemanager>
        <bootsplash-theme>SLE</bootsplash-theme>
        <bootloader-theme>SLE</bootloader-theme>
@@ -766,7 +637,7 @@
    </preferences>
    <preferences profiles="s390-fcp">
-        <version>6.2</version>
+        <version>6.1</version>
        <packagemanager>zypper</packagemanager>
        <bootsplash-theme>SLE</bootsplash-theme>
        <bootloader-theme>SLE</bootloader-theme>
@@ -805,7 +676,7 @@
    </preferences>
    <preferences profiles="x86-vmware">
-        <version>6.2</version>
+        <version>6.1</version>
        <packagemanager>zypper</packagemanager>
        <bootsplash-theme>SLE</bootsplash-theme>
        <bootloader-theme>SLE</bootloader-theme>
@@ -816,7 +687,6 @@
            filesystem="btrfs"
            format="vmdk"
            firmware="uefi"
            efipartsize="512"
            bootpartition="false"
            bootkernel="custom"
            devicepersistency="by-uuid"
@@ -837,11 +707,11 @@
                <volume name="var" copy_on_write="false"/>
            </systemdisk>
            <size unit="G">24</size>
-            <machine memory="1024" HWversion="17" guestOS="suse-64"/>
+            <machine memory="1024" HWversion="10" guestOS="suse-64"/>
        </type>
    </preferences>
    <preferences profiles="x86-qcow">
-        <version>6.2</version>
+        <version>6.1</version>
        <packagemanager>zypper</packagemanager>
        <bootsplash-theme>SLE</bootsplash-theme>
        <bootloader-theme>SLE</bootloader-theme>
@@ -852,14 +722,15 @@
            format="qcow2"
            filesystem="btrfs"
            firmware="uefi"
-            efipartsize="512"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=qemu"
            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=qemu"
            bootpartition="false"
            bootkernel="custom"
            devicepersistency="by-uuid"
            btrfs_root_is_snapshot="true"
            btrfs_root_is_readonly_snapshot="true"
            btrfs_quota_groups="true"
            target_blocksize="4096"
            efipartsize="200"
        >
            <bootloader name="grub2" console="gfxterm" timeout="3" />
            <systemdisk>
@@ -879,7 +750,7 @@
    </preferences>
    <preferences profiles="aarch64-qcow">
-        <version>6.2</version>
+        <version>6.1</version>
        <packagemanager>zypper</packagemanager>
        <bootsplash-theme>SLE</bootsplash-theme>
        <bootloader-theme>SLE</bootloader-theme>
@@ -890,8 +761,8 @@
            format="qcow2"
            filesystem="btrfs"
            firmware="uefi"
-            efipartsize="512"     
+            efipartsize="128"
-            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=qemu"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=qemu"
            bootpartition="false"
            bootkernel="custom"
            devicepersistency="by-uuid"
@@ -914,7 +785,7 @@
    </preferences>
    <preferences profiles="ppc64le-512ss">
-        <version>6.2</version>
+        <version>6.1</version>
        <packagemanager>zypper</packagemanager>
        <bootsplash-theme>SLE</bootsplash-theme>
        <bootloader-theme>SLE</bootloader-theme>
@@ -925,7 +796,7 @@
            image="oem"
            filesystem="btrfs"
            firmware="ofw"
-            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=metal"
+            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
            bootpartition="false"
            bootkernel="custom"
            devicepersistency="by-uuid"
@@ -947,7 +818,7 @@
        </type>
    </preferences>
    <preferences profiles="ppc64le-4096ss">
-        <version>6.2</version>
+        <version>6.1</version>
        <packagemanager>zypper</packagemanager>
        <bootsplash-theme>SLE</bootsplash-theme>
        <bootloader-theme>SLE</bootloader-theme>
@@ -961,7 +832,7 @@
            target_blocksize="4096"
            filesystem="btrfs"
            firmware="ofw"
-            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=metal"
+            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
            bootpartition="false"
            bootkernel="custom"
            devicepersistency="by-uuid"
@@ -984,7 +855,7 @@
    </preferences>
    <preferences profiles="ppc64le-512ss-self_install">
-        <version>6.2</version>
+        <version>6.1</version>
        <packagemanager>zypper</packagemanager>
        <bootsplash-theme>SLE</bootsplash-theme>
        <bootloader-theme>SLE</bootloader-theme>
@@ -997,7 +868,7 @@
            installpxe="true"
            filesystem="btrfs"
            firmware="ofw"
-            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet ignition.platform.id=metal"
+            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=metal"
            bootpartition="false"
            bootkernel="custom"
            devicepersistency="by-uuid"
@@ -1024,7 +895,7 @@
        </type>
    </preferences>
    <preferences profiles="ppc64le-4096ss-self_install">
-        <version>6.2</version>
+        <version>6.1</version>
        <packagemanager>zypper</packagemanager>
        <bootsplash-theme>SLE</bootsplash-theme>
        <bootloader-theme>SLE</bootloader-theme>
@@ -1040,7 +911,7 @@
            target_blocksize="4096"
            filesystem="btrfs"
            firmware="ofw"
-            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=metal"
+            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
            bootpartition="false"
            bootkernel="custom"
            devicepersistency="by-uuid"
@@ -1073,17 +944,20 @@
    </repository>
    <packages type="image" profiles="full">
-        <namedCollection name="transactional_base"/>
+        <namedCollection name="base_transactional"/>
-        <package name="patterns-base-transactional_base"/>
+        <package name="patterns-base-transactional"/>
        <namedCollection name="salt_minion"/>
 	<package name="patterns-base-salt_minion"/>
        <namedCollection name="kvm_host"/>
-	<package name="patterns-micro-kvm_host"/>
+	<package name="patterns-base-kvm_host"/>
 	<package name="lzop"/>
        <namedCollection name="container_runtime_podman"/>
        <package name="patterns-container-runtime_podman"/>
        <namedCollection name="cockpit"/>
-        <package name="patterns-cockpit"/>
+        <package name="patterns-base-cockpit"/>
        <namedCollection name="selinux"/>
        <package name="patterns-base-selinux"/>
        <package name="policycoreutils-python-utils"/>
        <package name="suseconnect-ng"/>
        <package name="SL-Micro-release"/>
        <package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
@@ -1093,7 +967,7 @@
 	<package name="libpwquality-tools"/>
    </packages>
-    <packages type="image" profiles="x86-encrypted,x86-rt-encrypted,aarch64-encrypted,aarch64-rt-encrypted,aarch64-64kb-encrypted">
+    <packages type="image" profiles="x86-encrypted,x86-rt-encrypted">
        <!-- full disk encryption stuff -->
        <package name="device-mapper"/>
        <package name="cryptsetup"/>
@@ -1106,12 +980,13 @@
    </packages>
    <packages type="image" profiles="container-host">
-        <namedCollection name="transactional_base"/>
+        <namedCollection name="base_transactional"/>
-        <package name="patterns-base-transactional_base"/>
+        <package name="patterns-base-transactional"/>
        <namedCollection name="container_runtime_podman"/>
        <package name="patterns-container-runtime_podman"/>
        <namedCollection name="selinux"/>
        <package name="patterns-base-selinux"/>
        <package name="policycoreutils-python-utils"/>
        <package name="suseconnect-ng"/>
        <package name="SL-Micro-release"/>
        <package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
@@ -1135,16 +1010,16 @@
 	<package name="jeos-firstboot"/>
    </packages>
-    <packages type="image" profiles="x86-qcow,x86-vmware,aarch64-qcow,ppc64le-512ss,ppc64le-4096ss,s390-dasd,s390-fcp">
+    <packages type="image" profiles="x86-qcow,x86-vmware,aarch64-qcow">
        <package name="cloud-init"/>
        <package name="cloud-init-config-suse"/>
    </packages>
    <packages type="image">
-        <namedCollection name="transactional_base"/>
+        <namedCollection name="base_transactional"/>
-        <package name="patterns-base-transactional_base"/>
+        <package name="patterns-base-transactional"/>
        <namedCollection name="hardware"/>
-        <package name="patterns-micro-hardware"/>
+        <package name="patterns-base-hardware"/>
        <package name="grub2"/>
        <package name="glibc-locale-base"/>
        <package name="ca-certificates"/>
@@ -1166,7 +1041,6 @@
 	<!-- FIXME does not build without control file which is obsolete
 	<package name="live-add-yast-repos"/> -->
 	<package name="parted"/> <!-- seems missing to deploy the image -->
 	<package name="iptables"/> <!-- needed by RKE2 -->
    </packages>
    <packages type="image" profiles="bootloader">
@@ -1183,15 +1057,11 @@
 	    <package name="kpartx" arch="s390x"/>--> <!-- previous releases picked it always, now kiwi picks partx instead -->
    </packages>
    <!-- rpi kernel-default-base does not provide all necessary drivers -->
-    <packages type="image" profiles="aarch64,rpi,rpi-self_install,aarch64-self_install,x86,x86-encrypted,aarch64-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64-qcow,s390-kvm,s390-dasd,s390-fba,s390-fcp,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
+    <packages type="image" profiles="rpi,aarch64-self_install,x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64,aarch64-qcow,s390-kvm,s390-dasd,s390-fba,s390-fcp,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
        <package name="kernel-default"/>
        <package name="kernel-firmware-all"/>
    </packages>
-    <packages type="image" profiles="aarch64-64kb,aarch64-64kb-encrypted,aarch64-64kb-self_install">
+    <packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install">
        <package name="kernel-64kb"/>
        <package name="kernel-firmware-all"/>
    </packages>
    <packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted,aarch64-rt,aarch64-rt-encrypted,aarch64-rt-self_install">
        <package name="kernel-rt"/>
        <package name="kernel-firmware-all"/>
 	<!-- FIXME intentionally removed from ALP code stream
@@ -1206,18 +1076,17 @@
    <packages type="image" profiles="s390-fcp">
        <package name="multipath-tools"/>
    </packages>
-    <!-- "oem" images uses kiwi for partition/fs resize (-repart) and SelfInstall images in addition for deployment (-dump). -->
+    <packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64,aarch64-qcow,rpi,aarch64-self_install,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
    <packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64-qcow,aarch64,aarch64-encrypted,aarch64-64kb-encrypted,rpi,rpi-self_install,aarch64-self_install,aarch64-64kb,aarch64-64kb-self_install,aarch64-rt,aarch64-rt-self_install,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
        <package name="dracut-kiwi-oem-repart"/>
        <package name="dracut-kiwi-oem-dump"/>
    </packages>
-    <packages type="image" profiles="rpi,rpi-self_install">
+    <packages type="image" profiles="rpi,aarch64-self_install,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install">
        <package name="raspberrypi-firmware" arch="aarch64"/>
        <package name="raspberrypi-firmware-config" arch="aarch64"/>
        <package name="raspberrypi-firmware-dt" arch="aarch64"/>
        <package name="u-boot-rpiarm64" arch="aarch64"/>
    </packages>
-    <packages type="image" profiles="aarch64,rpi,rpi-self_install,aarch64-self_install,aarch64-rt,aarch64-64kb,aarch64-rt-self_install,aarch64-encrypted,aarch64-rt-encrypted,aarchte-64kb-encrypted">
+    <packages type="image" profiles="rpi,aarch64-self_install,aarch64-rt,aarch64-rt-self_install">
        <package name="dracut-kiwi-oem-repart"/>
        <package name="bcm43xx-firmware"/>
        <package name="wireless-regdb"/>
@@ -1225,7 +1094,6 @@
        <package name="wpa_supplicant"/>
        <package name="grub2-arm64-efi"/>
    </packages>
    <!-- NOTE(edge): Added coreutils, ca-certificates and ca-certificates-mozilla to prevent SSL errors when building the images -->
    <packages type="bootstrap">
        <package name="filesystem"/>
        <package name="coreutils"/>
@@ -1244,13 +1112,12 @@
    </packages>
    <!-- jsc#PED-8599 -->
-    <packages type="image" profiles="Base,Base-encrypted,Base-RT,Base-RT-encrypted,Base-fba,Base-dasd,Base-fcp,Base-512,Base-4096,Default,Default-encrypted,Default-fba,Default-dasd,Default-fcp,Default-512,Default-4096,Base-64kb-encrypted,Default-64kb-encrypted">
+    <packages type="image" profiles="Base,Base-encrypted,Base-RT,Base-RT-encrypted,Base-fba,Base-dasd,Base-fcp,Base-512,Base-4096,Default,Default-encrypted,Default-fba,Default-dasd,Default-fcp,Default-512,Default-4096">
        <package name="usbguard"/>
    </packages>
    <!-- jsc#PED-8788 -->
-    <packages type="image" profiles="Base-RT,Base-RT-encrypted,x86-rt-encrypted,x86-rt,x86-rt-self_install,aarch64-rt,aarch64-rt-encrypted,aarch64-rt-self_install">
+    <packages type="image" profiles="Base-RT,Base-RT-encrypted,x86-rt-encrypted,x86-rt,x86-rt-self_install,aarch64-rt,aarch64-rt-self_install">
        <package name="stalld"/>
    </packages>
 </image>
--- a/kiwi-builder-image/build-image.sh
+++ b/kiwi-builder-image/build-image.sh
@@ -28,7 +28,7 @@ LARGEBLOCK=false
 usage(){
  cat <<-EOF
  =====================================
-  SUSE Linux Micro 6.2 Kiwi SDK Builder
+  SUSE Linux Micro 6.1 Kiwi SDK Builder
  =====================================
  Usage: ${0} [-p <profile>] [-b]
@@ -36,12 +36,13 @@ usage(){
  Profile Options (-p):
  * Default: RAW Disk Image with default packages (incl. Podman & KVM)
  * Default-SelfInstall: SelfInstall ISO with default packages
  * Default-RPi: RAW Disk Image for Raspberry Pi (aarch64 only with MBR)
  * Base: RAW Disk Image with reduced package set (no KVM)
  * Base-SelfInstall: SelfInstall ISO with reduced packages
  * Base-RT: RAW Disk Image with reduced packages and kernel-rt
  * Base-RT-SelfInstall: SelfInstall ISO with reduced packages and kernel-rt
-  * RaspberryPi: RAW Disk Image for Raspberry Pi with default packages (aarch64 only with MBR)
+  * Base-RT-RPi: RAW Disk image for Raspberry Pi with kernel-rt (aarch64 only with MBR)
-  * RaspberryPi-SelfInstall: SelfInstall ISO for Raspberry Pi with default packages (aarch64 only with MBR)
+  * Base-RPi: RAW Disk Image for Raspberry Pi with reduced packages (aarch64 only with MBR)
  4096 Blocksize (-b): If specified, use a 4096 blocksize (rather than 512) when generating the image.
@@ -82,34 +83,14 @@ if $LARGEBLOCK; then
  mv /micro-sdk/defs/SL-Micro.kiwi.4096 /micro-sdk/defs/SL-Micro.kiwi
 fi
 # Create temporary directory that supports seclabel
 dir=$(mktemp -d)
 mkdir -p /tmp/output/tmp-dir
 mount -t tmpfs $dir /tmp/output/tmp-dir
 # Build the image
-kiwi-ng --temp-dir /tmp/output/tmp-dir --debug --profile $PROFILE \
+kiwi-ng --debug --profile $PROFILE system build \
-    system build --description /micro-sdk/defs --target-dir /tmp/output \
+    --description /micro-sdk/defs --target-dir /tmp/output --ignore-repos-used-for-build $REPOS
    --ignore-repos-used-for-build $REPOS
 # Print output
 RESULT=$?
 if [ $RESULT -eq 0 ]; then
  echo -e "\n\nINFO: Image build successful, generated images are available in the 'output' directory."
  # The -n flag is being used to avoid the \n at the end of the line
  echo -n "INFO: Generating sha256 checksum file... " && {
  # This returns the iso or raw image from the kiwi.result.json file, preferring iso
  FILE_PATH=$(python3 -c 'import json, sys; data = json.load(sys.stdin); iso = data.get("installation_image", {}).get("filename"); raw = data.get("disk_image", {}).get("filename"); print(iso if iso else raw)' < /tmp/output/kiwi.result.json)
  # Generate the checksum if the file path was successfully extracted
  if [ -n "$FILE_PATH" ]; then
    # The sed trims the full path to just the filename (e.g., "sum filename")
    sha256sum "$FILE_PATH" | sed -E 's/\s+.*\/([^/]+)$/  \1/' > "$FILE_PATH.sha256" && echo "done"
  else
    # Or fail if it is not there
    echo "ERROR: Neither ISO nor RAW file path found in JSON."
  fi
  # Catch-all just in case something fails inside the block
  } || echo "ERROR: Command failed during processing."
 else
  echo -e "\n\nERROR: Failed to build the image, please see above logs."
 fi
--- a/kiwi-builder-image/config.sh
+++ b/kiwi-builder-image/config.sh
@@ -188,6 +188,7 @@ cat >/etc/fstab.script <<"EOF"
 #!/bin/sh
 set -eux
 /usr/sbin/setup-fstab-for-overlayfs
 # If /var is on a different partition than /...
 if [ "$(findmnt -snT / -o SOURCE)" != "$(findmnt -snT /var -o SOURCE)" ]; then
 	# ... set options for autoexpanding /var
--- a/kiwi-builder-image/disk.sh
+++ b/kiwi-builder-image/disk.sh
@@ -1,24 +0,0 @@
 #!/bin/bash
 # Copyright (c) 2025 SUSE LLC
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
 # in the Software without restriction, including without limitation the rights
 # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 # copies of the Software, and to permit persons to whom the Software is
 # furnished to do so, subject to the following conditions:
 # 
 # The above copyright notice and this permission notice shall be included in
 # all copies or substantial portions of the Software.
 # 
 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 # SOFTWARE.
 set -euxo pipefail
 /usr/libexec/setup-etc-subvol
--- a/kiwi-builder-image/editbootinstall_pine64.sh
+++ b/kiwi-builder-image/editbootinstall_pine64.sh
@@ -1,40 +0,0 @@
 #!/bin/bash
 set -euxo pipefail
 diskname=$1
 devname="$2"
 loopname="${devname%*p?}"
 loopdev=/dev/${loopname#/dev/mapper/*}
 #==========================================
 # The GPT spans the first 33 sectors, but we need to write our
 # at sector 16. Shrink the GPT to only span 5 sectors
 # (16 partitions) to give us some space.
 #------------------------------------------
 # echo -e 'x\ns\n16\nw\ny' > gdisk.tmp
 # Shrink GPT does not work anymore, so let's use legacy MBR for now
 cat > gdisk.tmp <<-'EOF'
 		x
 		r
 		g
 		t
 		1
 		c
 		w
 		y
 	EOF
 dd if=$loopdev of=mbrid.bin bs=1 skip=440 count=4
 gdisk $loopdev < gdisk.tmp
 dd of=$loopdev if=mbrid.bin bs=1 seek=440 count=4
 rm -f mbrid.bin
 rm -f gdisk.tmp
 #==========================================
 # Installing All-in-one U-Boot/SPL
 #------------------------------------------
 echo "Installing All-in-one U-Boot/SPL..."
 if ! dd if=boot/u-boot-sunxi-with-spl.bin of=$diskname bs=1024 seek=8 conv=notrunc; then
 	echo "Couldn't install SPL on $diskname"
 	exit 1
 fi
--- a/kiwi-builder-image/editbootinstall_rpi.sh
+++ b/kiwi-builder-image/editbootinstall_rpi.sh
@@ -3,9 +3,12 @@ set -euxo pipefail
 diskname=$1
 devname="$2"
 loopname="${devname%*p?}"
 loopdev=/dev/${loopname#/dev/*}
 if [ ! -f $loopdev ]; then loopdev=/dev/${loopdev#/dev/mapper/}; fi
 #==========================================
 # copy Raspberry Pi firmware to EFI partition
 #------------------------------------------
--- a/kube-rbac-proxy/_service
+++ b/kube-rbac-proxy/_service
@@ -2,7 +2,7 @@
 <service name="obs_scm">
    <param name="url">https://github.com/brancz/kube-rbac-proxy</param>
    <param name="scm">git</param>
-    <param name="revision">v0.19.1</param>
+    <param name="revision">v0.18.2</param>
    <param name="version">_auto_</param>
    <param name="versionformat">@PARENT_TAG@</param>
    <param name="changesgenerate">enable</param>
--- a/kube-rbac-proxy/kube-rbac-proxy.spec
+++ b/kube-rbac-proxy/kube-rbac-proxy.spec
@@ -17,14 +17,14 @@
 Name:           kube-rbac-proxy
-Version:        0.19.1
+Version:        0.18.2
-Release:        0.19.1
+Release:        0.18.2
 Summary:        The kube-rbac-proxy is a small HTTP proxy for a single upstream
 License:        Apache-2.0
 URL:            https://github.com/brancz/kube-rbac-proxy
 Source:         kube-rbac-proxy-%{version}.tar
 Source1:        vendor.tar.gz
-BuildRequires:  golang(API) = 1.24
+BuildRequires:  golang(API) = 1.23
 ExcludeArch:    s390
 ExcludeArch:    %{ix86}
--- a/kubectl-image/Dockerfile
+++ b/kubectl-image/Dockerfile
@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%kubectl:1.34.2
+#!BuildTag: %%IMG_PREFIX%%kubectl:1.32.4
-#!BuildTag: %%IMG_PREFIX%%kubectl:1.34.2-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%kubectl:1.32.4-%RELEASE%
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
@@ -15,11 +15,11 @@ FROM micro AS final
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SLE kubectl image"
 LABEL org.opencontainers.image.description="kubectl on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="1.34.2"
+LABEL org.opencontainers.image.version="1.32.4"
 LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.34.2-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.32.4-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
--- a/kubectl/kubectl.spec
+++ b/kubectl/kubectl.spec
@@ -1,7 +1,7 @@
 %global debug_package %{nil}
 Name: kubectl
-Version: 1.34.2
+Version: 1.32.4
 Release: 0
 Summary: Command-line utility for interacting with a Kubernetes cluster
--- a/kubectl/kubectl_1.32.4.orig.tar.gz
+++ b/kubectl/kubectl_1.32.4.orig.tar.gz
--- a/kubectl/kubectl_1.34.2.orig.tar.gz
+++ b/kubectl/kubectl_1.34.2.orig.tar.gz
--- a/kubevirt-chart/Chart.yaml
+++ b/kubevirt-chart/Chart.yaml
@@ -1,9 +1,9 @@
-#!BuildTag: %%CHART_PREFIX%%kubevirt:%%CHART_MAJOR%%.0.1_up0.6.0-%RELEASE%
+#!BuildTag: %%CHART_PREFIX%%kubevirt:%%CHART_MAJOR%%.0.0_up0.5.0-%RELEASE%
-#!BuildTag: %%CHART_PREFIX%%kubevirt:%%CHART_MAJOR%%.0.1_up0.6.0
+#!BuildTag: %%CHART_PREFIX%%kubevirt:%%CHART_MAJOR%%.0.0_up0.5.0
 apiVersion: v2
-appVersion: 1.5.2
+appVersion: 1.4.0
 description: A Helm chart for KubeVirt
 icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/kubevirt/icon/color/kubevirt-icon-color.svg
 name: kubevirt
 type: application
-version: "%%CHART_MAJOR%%.0.1+up0.6.0"
+version: "%%CHART_MAJOR%%.0.0+up0.5.0"
--- a/kubevirt-chart/crds/kubevirt.yaml
+++ b/kubevirt-chart/crds/kubevirt.yaml
@@ -593,13 +593,6 @@ spec:
                            If set to true, migrations will still start in pre-copy, but switch to post-copy when
                            CompletionTimeoutPerGiB triggers. Defaults to false
                          type: boolean
                        allowWorkloadDisruption:
                          description: |-
                            AllowWorkloadDisruption indicates that the migration shouldn't be
                            canceled after acceptableCompletionTime is exceeded. Instead, if
                            permitted, migration will be switched to post-copy or the VMI will be
                            paused to allow the migration to complete
                          type: boolean
                        bandwidthPerMigration:
                          anyOf:
                            - type: integer
@@ -612,8 +605,8 @@ spec:
                        completionTimeoutPerGiB:
                          description: |-
                            CompletionTimeoutPerGiB is the maximum number of seconds per GiB a migration is allowed to take.
-                            If the timeout is reached, the migration will be either paused, switched
+                            If a live-migration takes longer to migrate than this value multiplied by the size of the VMI,
-                            to post-copy or cancelled depending on other settings. Defaults to 150
+                            the migration will be cancelled, unless AllowPostCopy is true. Defaults to 150
                          format: int64
                          type: integer
                        disableTLS:
@@ -971,17 +964,17 @@ spec:
                          type: object
                      type: object
                    vmRolloutStrategy:
-                      description: |-
+                      description: VMRolloutStrategy defines how changes to a VM object
-                        VMRolloutStrategy defines how live-updatable fields, like CPU sockets, memory,
+                        propagate to its VMI
                        tolerations, and affinity, are propagated from a VM to its VMI.
                      enum:
                        - Stage
                        - LiveUpdate
                      nullable: true
                      type: string
                    vmStateStorageClass:
-                      description: VMStateStorageClass is the name of the storage class
+                      description: |-
-                        to use for the PVCs created to preserve VM state, like TPM.
+                        VMStateStorageClass is the name of the storage class to use for the PVCs created to preserve VM state, like TPM.
                        The storage class must support RWX in filesystem mode.
                      type: string
                    webhookConfiguration:
                      description: |-
@@ -3857,13 +3850,6 @@ spec:
                            If set to true, migrations will still start in pre-copy, but switch to post-copy when
                            CompletionTimeoutPerGiB triggers. Defaults to false
                          type: boolean
                        allowWorkloadDisruption:
                          description: |-
                            AllowWorkloadDisruption indicates that the migration shouldn't be
                            canceled after acceptableCompletionTime is exceeded. Instead, if
                            permitted, migration will be switched to post-copy or the VMI will be
                            paused to allow the migration to complete
                          type: boolean
                        bandwidthPerMigration:
                          anyOf:
                            - type: integer
@@ -3876,8 +3862,8 @@ spec:
                        completionTimeoutPerGiB:
                          description: |-
                            CompletionTimeoutPerGiB is the maximum number of seconds per GiB a migration is allowed to take.
-                            If the timeout is reached, the migration will be either paused, switched
+                            If a live-migration takes longer to migrate than this value multiplied by the size of the VMI,
-                            to post-copy or cancelled depending on other settings. Defaults to 150
+                            the migration will be cancelled, unless AllowPostCopy is true. Defaults to 150
                          format: int64
                          type: integer
                        disableTLS:
@@ -4235,17 +4221,17 @@ spec:
                          type: object
                      type: object
                    vmRolloutStrategy:
-                      description: |-
+                      description: VMRolloutStrategy defines how changes to a VM object
-                        VMRolloutStrategy defines how live-updatable fields, like CPU sockets, memory,
+                        propagate to its VMI
                        tolerations, and affinity, are propagated from a VM to its VMI.
                      enum:
                        - Stage
                        - LiveUpdate
                      nullable: true
                      type: string
                    vmStateStorageClass:
-                      description: VMStateStorageClass is the name of the storage class
+                      description: |-
-                        to use for the PVCs created to preserve VM state, like TPM.
+                        VMStateStorageClass is the name of the storage class to use for the PVCs created to preserve VM state, like TPM.
                        The storage class must support RWX in filesystem mode.
                      type: string
                    webhookConfiguration:
                      description: |-
--- a/kubevirt-chart/templates/kubevirt-operator.yaml
+++ b/kubevirt-chart/templates/kubevirt-operator.yaml
@@ -608,7 +608,6 @@ rules:
    resources:
      - virtualmachinesnapshots
      - virtualmachinesnapshots/status
      - virtualmachinesnapshots/finalizers
      - virtualmachinesnapshotcontents
      - virtualmachinesnapshotcontents/status
      - virtualmachinesnapshotcontents/finalizers
@@ -661,18 +660,15 @@ rules:
      - kubevirt.io
    resources:
      - virtualmachines/finalizers
      - virtualmachineinstances/finalizers
    verbs:
      - update
  - apiGroups:
      - subresources.kubevirt.io
    resources:
      - virtualmachines/stop
      - virtualmachineinstances/addvolume
      - virtualmachineinstances/removevolume
      - virtualmachineinstances/freeze
      - virtualmachineinstances/unfreeze
      - virtualmachineinstances/reset
      - virtualmachineinstances/softreboot
      - virtualmachineinstances/sev/setupsession
      - virtualmachineinstances/sev/injectlaunchsecret
@@ -776,14 +772,6 @@ rules:
    verbs:
      - list
      - watch
  - apiGroups:
      - batch
    resources:
      - jobs
    verbs:
      - create
      - get
      - delete
  - apiGroups:
      - kubevirt.io
    resources:
@@ -895,7 +883,6 @@ rules:
      - virtualmachineinstances/freeze
      - virtualmachineinstances/unfreeze
      - virtualmachineinstances/softreboot
      - virtualmachineinstances/reset
      - virtualmachineinstances/sev/setupsession
      - virtualmachineinstances/sev/injectlaunchsecret
    verbs:
@@ -915,6 +902,7 @@ rules:
      - virtualmachines/restart
      - virtualmachines/addvolume
      - virtualmachines/removevolume
      - virtualmachines/migrate
      - virtualmachines/memorydump
    verbs:
      - update
@@ -931,6 +919,7 @@ rules:
      - virtualmachineinstances
      - virtualmachineinstancepresets
      - virtualmachineinstancereplicasets
      - virtualmachineinstancemigrations
    verbs:
      - get
      - delete
@@ -940,14 +929,6 @@ rules:
      - list
      - watch
      - deletecollection
  - apiGroups:
      - kubevirt.io
    resources:
      - virtualmachineinstancemigrations
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - snapshot.kubevirt.io
    resources:
@@ -1051,7 +1032,6 @@ rules:
      - virtualmachineinstances/freeze
      - virtualmachineinstances/unfreeze
      - virtualmachineinstances/softreboot
      - virtualmachineinstances/reset
      - virtualmachineinstances/sev/setupsession
      - virtualmachineinstances/sev/injectlaunchsecret
    verbs:
@@ -1071,6 +1051,7 @@ rules:
      - virtualmachines/restart
      - virtualmachines/addvolume
      - virtualmachines/removevolume
      - virtualmachines/migrate
      - virtualmachines/memorydump
    verbs:
      - update
@@ -1087,6 +1068,7 @@ rules:
      - virtualmachineinstances
      - virtualmachineinstancepresets
      - virtualmachineinstancereplicasets
      - virtualmachineinstancemigrations
    verbs:
      - get
      - delete
@@ -1095,14 +1077,6 @@ rules:
      - patch
      - list
      - watch
  - apiGroups:
      - kubevirt.io
    resources:
      - virtualmachineinstancemigrations
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - snapshot.kubevirt.io
    resources:
@@ -1281,25 +1255,6 @@ rules:
      - get
      - list
      - watch
  - apiGroups:
      - subresources.kubevirt.io
    resources:
      - virtualmachines/migrate
    verbs:
      - update
  - apiGroups:
      - kubevirt.io
    resources:
      - virtualmachineinstancemigrations
    verbs:
      - get
      - delete
      - create
      - update
      - patch
      - list
      - watch
      - deletecollection
  - apiGroups:
      - authentication.k8s.io
    resources:
@@ -1345,8 +1300,6 @@ spec:
    type: RollingUpdate
  template:
    metadata:
      annotations:
        openshift.io/required-scc: restricted-v2
      labels:
        kubevirt.io: virt-operator
        name: virt-operator
--- a/kubevirt-chart/values.yaml
+++ b/kubevirt-chart/values.yaml
@@ -1,6 +1,6 @@
 operator:
-  image: registry.suse.com/suse/sles/15.7/virt-operator
+  image: registry.suse.com/suse/sles/15.6/virt-operator
-  version: 1.5.2-150700.3.5.2
+  version: 1.4.0-150600.5.15.1
  replicas: 2
  pullPolicy: IfNotPresent
  affinity:
@@ -40,7 +40,7 @@ kubevirt:
  monitorAccount: ""
  monitorNamespace: ""
-hookImage: registry.rancher.com/rancher/kubectl:v1.33.1
+hookImage: registry.rancher.com/rancher/kubectl:v1.30.10
 hookRestartPolicy: OnFailure
 hookSecurityContext:
  seccompProfile:
--- a/kubevirt-dashboard-extension-chart/Chart.yaml
+++ b/kubevirt-dashboard-extension-chart/Chart.yaml
@@ -1,5 +1,5 @@
-#!BuildTag: %%CHART_PREFIX%%kubevirt-dashboard-extension:%%CHART_MAJOR%%.0.4_up1.3.3
+#!BuildTag: %%CHART_PREFIX%%kubevirt-dashboard-extension:%%CHART_MAJOR%%.0.2_up1.3.2
-#!BuildTag: %%CHART_PREFIX%%kubevirt-dashboard-extension:%%CHART_MAJOR%%.0.4_up1.3.3-%RELEASE%
+#!BuildTag: %%CHART_PREFIX%%kubevirt-dashboard-extension:%%CHART_MAJOR%%.0.2_up1.3.2-%RELEASE%
 annotations:
  catalog.cattle.io/certified: rancher
  catalog.cattle.io/namespace: cattle-ui-plugin-system
@@ -12,10 +12,10 @@ annotations:
  catalog.cattle.io/ui-extensions-version: '>= 3.0.2 < 4.0.0'
  catalog.cattle.io/kube-version: '>= v1.26.0-0'
 apiVersion: v2
-appVersion: 1.3.3
+appVersion: 303.0.2+up1.3.2
 description: 'SUSE Edge: KubeVirt extension for Rancher Dashboard'
 name: kubevirt-dashboard-extension
 type: application
-version: "%%CHART_MAJOR%%.0.4+up1.3.3"
+version: "%%CHART_MAJOR%%.0.2+up1.3.2"
 icon: >-
  https://raw.githubusercontent.com/cncf/artwork/master/projects/kubevirt/icon/color/kubevirt-icon-color.svg
--- a/kubevirt-dashboard-extension-chart/templates/cr.yaml
+++ b/kubevirt-dashboard-extension-chart/templates/cr.yaml
@@ -8,7 +8,7 @@ spec:
  plugin:
    name: {{ include "extension-server.fullname" . }}
    version: {{ (semver (default .Chart.AppVersion .Values.plugin.versionOverride)).Original }}
-    endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/kubevirt-dashboard-extension/1.3.3
+    endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/kubevirt-dashboard-extension/303.0.2+up1.3.2
    noCache: {{ .Values.plugin.noCache }}
    noAuth: {{ .Values.plugin.noAuth }}
    metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }}
--- a/metal3-chart/Chart.yaml
+++ b/metal3-chart/Chart.yaml
@@ -1,28 +1,28 @@
-#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.20_up0.13.0
+#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.12_up0.12.2
-#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.20_up0.13.0-%RELEASE%
+#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.12_up0.12.2-%RELEASE%
 apiVersion: v2
-appVersion: 0.13.0
+appVersion: 0.12.2
 dependencies:
 - alias: metal3-baremetal-operator
  name: baremetal-operator
  repository: file://./charts/baremetal-operator
-  version: 0.11.2
+  version: 0.9.4
 - alias: metal3-ironic
  name: ironic
  repository: file://./charts/ironic
-  version: 0.12.0
+  version: 0.11.2
 - alias: metal3-mariadb
  condition: global.enable_mariadb
  name: mariadb
  repository: file://./charts/mariadb
-  version: 0.6.2
+  version: 0.6.1
 - alias: metal3-media
  condition: global.enable_metal3_media_server
  name: media
  repository: file://./charts/media
-  version: 0.7.1
+  version: 0.6.5
 description: A Helm chart that installs all of the dependencies needed for Metal3
 icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg
 name: metal3
 type: application
-version: "%%CHART_MAJOR%%.0.20+up0.13.0"
+version: "%%CHART_MAJOR%%.0.12+up0.12.2"
--- a/metal3-chart/charts/baremetal-operator/Chart.yaml
+++ b/metal3-chart/charts/baremetal-operator/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
-appVersion: 0.11.2
+appVersion: 0.9.1
 description: A Helm chart for baremetal-operator, used by Metal3
 name: baremetal-operator
 type: application
-version: 0.11.2
+version: 0.9.4
--- a/metal3-chart/charts/baremetal-operator/crds/customresource-baremetalhosts.yaml
+++ b/metal3-chart/charts/baremetal-operator/crds/customresource-baremetalhosts.yaml
@@ -202,11 +202,6 @@ spec:
                description: Description is a human-entered text used to help identify
                  the host.
                type: string
              disablePowerOff:
                description: |-
                  When set to true, power off of the node will be disabled,
                  instead, a reboot will be used in place of power on/off
                type: boolean
              externallyProvisioned:
                description: |-
                  ExternallyProvisioned means something else has provisioned the
@@ -291,15 +286,6 @@ spec:
                required:
                - url
                type: object
              inspectionMode:
                description: |-
                  Specifies the mode for host inspection.
                  "disabled" - no inspection will be performed
                  "agent" - normal agent-based inspection will run
                enum:
                - disabled
                - agent
                type: string
              metaData:
                description: |-
                  MetaData holds the reference to the Secret containing host metadata
@@ -587,8 +573,9 @@ spec:
                      description: Required. The taint key to be applied to a node.
                      type: string
                    timeAdded:
-                      description: TimeAdded represents the time at which the taint
+                      description: |-
-                        was added.
+                        TimeAdded represents the time at which the taint was added.
                        It is only written for NoExecute taints.
                      format: date-time
                      type: string
                    value:
@@ -718,19 +705,6 @@ spec:
                            if one is present.  If both IPv4 and IPv6 addresses are present in a
                            dual-stack environment, two nics will be output, one with each IP.
                          type: string
                        lldp:
                          description: LLDP data for this interface
                          properties:
                            portID:
                              description: The switch port ID from LLDP
                              type: string
                            switchID:
                              description: The switch chassis ID from LLDP
                              type: string
                            switchSystemName:
                              description: The switch system name from LLDP
                              type: string
                          type: object
                        mac:
                          description: The device MAC address
                          pattern: '[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}'
--- a/metal3-chart/charts/baremetal-operator/crds/customresource-hardwaredata.yaml
+++ b/metal3-chart/charts/baremetal-operator/crds/customresource-hardwaredata.yaml
@@ -99,19 +99,6 @@ spec:
                            if one is present.  If both IPv4 and IPv6 addresses are present in a
                            dual-stack environment, two nics will be output, one with each IP.
                          type: string
                        lldp:
                          description: LLDP data for this interface
                          properties:
                            portID:
                              description: The switch port ID from LLDP
                              type: string
                            switchID:
                              description: The switch chassis ID from LLDP
                              type: string
                            switchSystemName:
                              description: The switch system name from LLDP
                              type: string
                          type: object
                        mac:
                          description: The device MAC address
                          pattern: '[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}'
--- a/metal3-chart/charts/baremetal-operator/templates/configmap-ironic.yaml
+++ b/metal3-chart/charts/baremetal-operator/templates/configmap-ironic.yaml
@@ -5,6 +5,7 @@
  {{- $ironicApiHost := print $ironicHost ":6385" }}
  {{- $ironicBootHost := print $ironicHost ":6180" }}
  {{- $ironicCacheHost := print $ironicHost ":6180" }}
  {{- $deployArch := .Values.global.deployArchitecture }}
 apiVersion: v1
 data:
@@ -20,10 +21,9 @@ data:
  RESTART_CONTAINER_CERTIFICATE_UPDATED: "false"
  {{- end }}
  CACHEURL: "{{ $protocol }}://{{ $ironicCacheHost }}/images"
-  {{- if .Values.baremetaloperator.externalHttpIPv6 }}
+  DEPLOY_KERNEL_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.kernel"
-  {{- $port := ternary .Values.global.vmediaTLSPort .Values.baremetaloperator.httpPort $enableVMediaTLS }}
+  DEPLOY_RAMDISK_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.initramfs"
-  IRONIC_EXTERNAL_URL_V6: "{{ $protocol }}://[{{ .Values.baremetaloperator.externalHttpIPv6 }}]:{{ $port }}"
+  DEPLOY_ARCHITECTURE: "{{ $deployArch }}"
  {{- end }}
 kind: ConfigMap
 metadata:
  name: baremetal-operator-ironic
--- a/metal3-chart/charts/baremetal-operator/values.yaml
+++ b/metal3-chart/charts/baremetal-operator/values.yaml
@@ -28,7 +28,7 @@ images:
  baremetalOperator:
    repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/baremetal-operator
    pullPolicy: IfNotPresent
-    tag: "0.11.2.0"
+    tag: "0.9.1.1"
 imagePullSecrets: []
 nameOverride: "manger"
@@ -84,8 +84,3 @@ affinity: {}
 baremetaloperator:
  httpPort: "6180"
  # IPv6 used for accessing the Ironic HTTP server for BMCs with an IPv6 only address.
  # It should not be used in conjunction with 'provisioningHostname' unless BMCs do not
  # support hostnames.
  externalHttpIPv6: ""
--- a/metal3-chart/charts/ironic/Chart.yaml
+++ b/metal3-chart/charts/ironic/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
-appVersion: 32.0.0
+appVersion: 29.0.4
 description: A Helm chart for Ironic, used by Metal3
 name: ironic
 type: application
-version: 0.12.0
+version: 0.11.2
--- a/metal3-chart/charts/ironic/templates/configmap.yaml
+++ b/metal3-chart/charts/ironic/templates/configmap.yaml
@@ -5,6 +5,8 @@ metadata:
  labels:
    {{- include "ironic.labels" . | nindent 4 }}
 data:
  {{- $deployArch := .Values.global.deployArchitecture }}
  {{- if  ( .Values.global.enable_dnsmasq ) }}
  DNSMASQ_DNS_SERVER_ADDRESS: {{ .Values.global.dnsmasqDNSServer }}
  DNSMASQ_DEFAULT_ROUTER: {{ .Values.global.dnsmasqDefaultRouter }}
@@ -16,6 +18,7 @@ data:
  HTTP_PORT: "6180"
  PREDICTABLE_NIC_NAMES: "{{ .Values.global.predictableNicNames }}"
  IRONIC_EXTERNAL_HTTP_URL: {{ include "ironic.externalHttpUrl" . }}
  DEPLOY_ARCHITECTURE: {{ $deployArch }}
  ENABLE_PXE_BOOT: "{{ .Values.global.enable_pxe_boot }}"
  {{- if .Values.global.provisioningInterface }}
  PROVISIONING_INTERFACE: {{ .Values.global.provisioningInterface }}
@@ -52,6 +55,3 @@ data:
  {{- else }}
  IRONIC_USE_MARIADB: "false"
  {{- end }}
  {{- with .Values.ironicExtraEnv -}}
  {{ toYaml . | nindent 2 }}
  {{- end -}}
--- a/metal3-chart/charts/ironic/templates/deployment.yaml
+++ b/metal3-chart/charts/ironic/templates/deployment.yaml
@@ -160,7 +160,12 @@ spec:
        image: {{ .Values.images.ironic.repository }}:{{ .Values.images.ironic.tag }}
        imagePullPolicy: {{ .Values.images.ironic.pullPolicy }}
        securityContext:
-          {{- merge .Values.securityContext .Values.dnsmasqSecurityContext | toYaml | nindent 10 }}
+          {{- toYaml .Values.securityContext | nindent 10 }}
        securityContext:
          capabilities:
            add:
            - NET_ADMIN
            - NET_RAW
        command:
        - /bin/rundnsmasq
        envFrom:
--- a/metal3-chart/charts/ironic/values.yaml
+++ b/metal3-chart/charts/ironic/values.yaml
@@ -64,11 +64,11 @@ images:
  ironic:
    repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
    pullPolicy: IfNotPresent
-    tag: 32.0.0.0
+    tag: 29.0.4.1
  ironicIPADownloader:
    repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic-ipa-downloader
    pullPolicy: IfNotPresent
-    tag: 3.0.10
+    tag: 3.0.8
 nameOverride: ""
 fullnameOverride: ""
@@ -97,12 +97,6 @@ securityContext:
    type: RuntimeDefault
  runAsNonRoot: true
 dnsmasqSecurityContext:
  capabilities:
    add:
    - NET_ADMIN
    - NET_RAW
 service:
  type: LoadBalancer
  annotations: {}
@@ -144,8 +138,6 @@ baremetaloperator:
 debug:
  ironicRamdiskSshKey: ""
 ironicExtraEnv: {}
 tlscerts:
  cacert: ""
  key: ""
--- a/metal3-chart/charts/mariadb/Chart.yaml
+++ b/metal3-chart/charts/mariadb/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
-appVersion: "11.8"
+appVersion: "10.11"
 description: A Helm chart for MariaDB, used by Metal3
 name: mariadb
 type: application
-version: 0.6.2
+version: 0.6.1
--- a/metal3-chart/charts/mariadb/values.yaml
+++ b/metal3-chart/charts/mariadb/values.yaml
@@ -14,7 +14,7 @@ service:
 image:
  repository: registry.suse.com/suse/mariadb
  pullPolicy: IfNotPresent
-  tag: 11.8
+  tag: 10.11
 nameOverride: ""
 fullnameOverride: ""
--- a/metal3-chart/charts/media/Chart.yaml
+++ b/metal3-chart/charts/media/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
-appVersion: 1.21.0
+appVersion: 1.16.0
 description: A Helm chart for Media, used by Metal3
 name: media
 type: application
-version: 0.7.1
+version: 0.6.5
--- a/metal3-chart/charts/media/templates/deployment.yaml
+++ b/metal3-chart/charts/media/templates/deployment.yaml
@@ -34,9 +34,13 @@ spec:
      {{- end }}
      containers:
        - name: {{ .Chart.Name }}
          command:
          - /usr/sbin/httpd
          args:
          - -DFOREGROUND
          securityContext:
            {{- toYaml .Values.securityContext | nindent 12 }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          ports:
            - name: http
--- a/metal3-chart/charts/media/values.yaml
+++ b/metal3-chart/charts/media/values.yaml
@@ -22,9 +22,9 @@ global:
 replicaCount: 1
 image:
-  repository: registry.suse.com/suse/nginx
+  repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
  pullPolicy: IfNotPresent
-  tag: 1.21
+  tag: 29.0.4.1
 imagePullSecrets: []
 nameOverride: ""
@@ -42,8 +42,8 @@ serviceAccount:
 podAnnotations: {}
 podSecurityContext:
-  runAsUser: 499
+  runAsUser: 10475
-  fsGroup: 486
+  fsGroup: 10475
 securityContext:
  allowPrivilegeEscalation: false
@@ -102,16 +102,11 @@ volumes:
  - name: assets
    persistentVolumeClaim:
      claimName: media
  - name: run
    emptyDir:
      sizeLimit: 10Mi
 # volume mounts
 volumeMounts:
  - mountPath: /srv/www/htdocs
    name: assets
  - mountPath: /run
    name: run
 # media volume settings
 mediaVolume:
--- a/metal3-chart/values.yaml
+++ b/metal3-chart/values.yaml
@@ -72,6 +72,9 @@ global:
  # Name for the MariaDB service
  databaseServiceName: metal3-mariadb
  # Architecture for deployed nodes (either x86_64 or arm64)
  deployArchitecture: x86_64
  # In a multi-node cluster use the node selector to ensure the pods
  # all run on the same host where the dnsmasqDNSServer and provisioningIP
  # and /opt/media exist. Uncomment the nodeSelector and update the
@@ -89,6 +92,8 @@ metal3-media:
  # available to the Ironic deployment services.
  mediaVolume:
    hostPath: /opt/media
  image:
    repository: "%%IMG_REPO%%/%%IMG_PREFIX%%ironic"
 #
 # ironic service
--- a/metallb-chart/Chart.yaml
+++ b/metallb-chart/Chart.yaml
@@ -1,17 +1,17 @@
-#!BuildTag: %%CHART_PREFIX%%metallb:%%CHART_MAJOR%%.0.1_up0.15.2
+#!BuildTag: %%CHART_PREFIX%%metallb:%%CHART_MAJOR%%.0.0_up0.14.9
-#!BuildTag: %%CHART_PREFIX%%metallb:%%CHART_MAJOR%%.0.1_up0.15.2-%RELEASE%
+#!BuildTag: %%CHART_PREFIX%%metallb:%%CHART_MAJOR%%.0.0_up0.14.9-%RELEASE%
 apiVersion: v2
-appVersion: v0.15.2
+appVersion: v0.14.9
 dependencies:
 - condition: crds.enabled
  name: crds
  repository: file://./charts/crds
-  version: 0.15.2
+  version: 0.14.9
 - alias: metallb-frr-k8s
  condition: frrk8s.enabled
  name: frr-k8s
  repository: file://./charts/frr-k8s
-  version: 0.0.20
+  version: 0.0.16
 description: A network load-balancer implementation for Kubernetes using standard
  routing protocols
 home: https://metallb.universe.tf
@@ -21,4 +21,4 @@ name: metallb
 sources:
 - https://github.com/metallb/metallb
 type: application
-version: "%%CHART_MAJOR%%.0.1+up0.15.2"
+version: "%%CHART_MAJOR%%.0.0+up0.14.9"
--- a/metallb-chart/README.md
+++ b/metallb-chart/README.md
@@ -1,6 +1,6 @@
 # metallb
-![Version: 0.15.2](https://img.shields.io/badge/Version-0.15.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.15.2](https://img.shields.io/badge/AppVersion-v0.15.2-informational?style=flat-square)
+![Version: 0.14.9](https://img.shields.io/badge/Version-0.14.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.14.9](https://img.shields.io/badge/AppVersion-v0.14.9-informational?style=flat-square)
 A network load-balancer implementation for Kubernetes using standard routing protocols
@@ -16,8 +16,8 @@ Kubernetes: `>= 1.19.0-0`
 | Repository | Name | Version |
 |------------|------|---------|
-|  | crds | 0.15.2 |
+|  | crds | 0.14.9 |
-| https://metallb.github.io/frr-k8s | frr-k8s | 0.0.20 |
+| https://metallb.github.io/frr-k8s | frr-k8s | 0.0.16 |
 ## Values
@@ -99,7 +99,7 @@ Kubernetes: `>= 1.19.0-0`
 | prometheus.rbacPrometheus | bool | `true` |  |
 | prometheus.rbacProxy.pullPolicy | string | `nil` |  |
 | prometheus.rbacProxy.repository | string | `"registry.opensuse.org/isv/suse/edge/metallb/images/kube-rbac-proxy"` |  |
-| prometheus.rbacProxy.tag | string | `"v0.19.1"` |  |
+| prometheus.rbacProxy.tag | string | `"v0.18.0"` |  |
 | prometheus.scrapeAnnotations | bool | `false` |  |
 | prometheus.serviceAccount | string | `""` |  |
 | prometheus.serviceMonitor.controller.additionalLabels | object | `{}` |  |
@@ -122,7 +122,7 @@ Kubernetes: `>= 1.19.0-0`
 | speaker.frr.enabled | bool | `true` |  |
 | speaker.frr.image.pullPolicy | string | `nil` |  |
 | speaker.frr.image.repository | string | `"registry.opensuse.org/isv/suse/edge/metallb/images/frr"` |  |
-| speaker.frr.image.tag | string | `"10.2.1"` |  |
+| speaker.frr.image.tag | string | `"8.5.6"` |  |
 | speaker.frr.metricsPort | int | `7473` |  |
 | speaker.frr.resources | object | `{}` |  |
 | speaker.frrMetrics.resources | object | `{}` |  |
--- a/Show More
+++ b/Show More
Author	SHA256	Message	Date
Denislav Prodanov	86065a61ae	merge upstream	2025-08-18 11:41:04 +02:00
Denislav Prodanov	e5da642203	[3.3.1] - bump kube rbac proxy version Some checks failed Check Release Manifest Local Charts Versions / Check Release Manifest Local Charts Versions (pull_request) Successful in 9s Details Build PR in OBS / Build PR in OBS (pull_request_target) Failing after 34m35s Details	2025-06-11 16:35:02 +03:00