Let Apache use separate IPv4 and IPv6 sockets for listening to any

Enable the use of two separate sockets for IPv4 and IPv6 when LISTEN_ALL_INTERFACES is set to true. While desirable, on Linux Apache uses IPv4-mapped IPv6 addresses by default, thus leveraging a single IPv6 socket for IPv4 connections as well. This behaviour is far from being desirable and can be disabled at compile time via the "--disable-v4-mapped" flag, so make sure both an ANY address Listen directive is present for both IPv4 and IPv6. When Apache is compiled with "--enable-v4-mapped", the IPv4 socket will be simply ignored. Please see https://httpd.apache.org/docs/2.4/bind.html for more information. Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
Update httpd.conf to bind to IPv4 and/or IPv6 sockets
2025-07-29 19:15:25 +00:00 · 2025-07-29 19:15:25 +00:00 · 2025-07-29 19:15:25 +00:00 · 2025-07-29 19:15:25 +00:00 · 2025-07-29 19:15:25 +00:00 · 2025-07-29 19:15:25 +00:00
43 changed files with 122 additions and 437 deletions
--- a/edge-image-builder-image/Dockerfile
+++ b/edge-image-builder-image/Dockerfile
@@ -1,5 +1,5 @@
-#!BuildTag: %%IMG_PREFIX%%edge-image-builder:latest
-#!BuildTag: %%IMG_PREFIX%%edge-image-builder:latest-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.2.1
+#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.2.1-%RELEASE%
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-base:$SLE_VERSION
 MAINTAINER SUSE LLC (https://www.suse.com/)
@@ -14,11 +14,11 @@ RUN zypper --non-interactive install --no-recommends edge-image-builder qemu-x86
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SLE edge-image-builder Container Image"
 LABEL org.opencontainers.image.description="edge-image-builder based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="latest"
+LABEL org.opencontainers.image.version="1.2.1"
 LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:latest-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:1.2.1-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
--- a/edge-image-builder/_service
+++ b/edge-image-builder/_service
@@ -3,11 +3,11 @@
    <param name="url">https://github.com/suse-edge/edge-image-builder.git</param>
    <param name="scm">git</param>
    <param name="exclude">.git</param>
-    <param name="revision">1bfee6bb5bd0dc1ed18e2d09820750f9987c96c9</param>
+    <param name="revision">v1.2.1</param>
    <!-- Uncomment and set this For Pre-Release Version -->
    <!-- <param name="version">1.2.0~rc1</param> -->
    <!-- Uncomment and this for regular version -->
-    <param name="versionformat">%h</param>
+    <param name="versionformat">@PARENT_TAG@</param>
    <param name="versionrewrite-pattern">v(\d+).(\d+).(\d+)</param>
    <param name="versionrewrite-replacement">\1.\2.\3</param>
    <param name="changesgenerate">enable</param>
--- a/edge-image-builder/edge-image-builder.spec
+++ b/edge-image-builder/edge-image-builder.spec
@@ -17,7 +17,7 @@


 Name:           edge-image-builder
-Version:        latest
+Version:        1.2.1
 Release:        0
 Summary:        Edge Image Builder
 License:        Apache-2.0
--- a/ironic-image/Dockerfile
+++ b/ironic-image/Dockerfile
@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%ironic:29.0.4.1
-#!BuildTag: %%IMG_PREFIX%%ironic:29.0.4.1-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%ironic:29.0.4.0
+#!BuildTag: %%IMG_PREFIX%%ironic:29.0.4.0-%RELEASE%

 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
@@ -41,8 +41,8 @@ LABEL org.opencontainers.image.description="Openstack Ironic based on the SLE Ba
 LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opencontainers.image.version="29.0.4.1"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:29.0.4.1-%RELEASE%"
+LABEL org.opencontainers.image.version="29.0.4.0"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:29.0.4.0-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
--- a/ironic-image/configure-nonroot.sh
+++ b/ironic-image/configure-nonroot.sh
@@ -45,10 +45,10 @@ chown -R "${IRONIC_USER}":"${IRONIC_GROUP}" /run

 # ironic and httpd related changes
 mkdir -p /etc/httpd/conf.d
-chown -R "${IRONIC_USER}":"${IRONIC_GROUP}" /etc/ironic /etc/httpd/conf /etc/httpd/conf.d /etc/httpd/conf.modules.d/
-chmod 2775 /etc/ironic /etc/httpd/conf /etc/httpd/conf.d /etc/httpd/conf.modules.d/
+chown -R "${IRONIC_USER}":"${IRONIC_GROUP}" /etc/ironic /etc/httpd/conf /etc/httpd/conf.d
+chmod 2775 /etc/ironic /etc/httpd/conf /etc/httpd/conf.d
 #chmod 664 /etc/ironic/* /etc/httpd/conf/* /etc/httpd/conf.d/*
-chmod 664 /etc/ironic/* /etc/httpd/conf/* /etc/httpd/conf.modules.d/*
+chmod 664 /etc/ironic/* /etc/httpd/conf/*

 chown -R "${IRONIC_USER}":"${IRONIC_GROUP}" /var/lib/ironic
 chmod 2775 /var/lib/ironic
--- a/ironic-image/ironic-config/apache2-vmedia.conf.j2
+++ b/ironic-image/ironic-config/apache2-vmedia.conf.j2
@@ -11,15 +11,13 @@ Listen [::]:{{ env.VMEDIA_TLS_PORT }}
    SSLCertificateFile {{ env.IRONIC_VMEDIA_CERT_FILE }}
    SSLCertificateKeyFile {{ env.IRONIC_VMEDIA_KEY_FILE }}

-    <Directory "/shared/html/">
-        Options Indexes FollowSymLinks
-        AllowOverride None
-        Require all granted
+    <Directory ~ "/shared/html">
+         Order deny,allow
+         deny from all
    </Directory>
    <Directory ~ "/shared/html/(redfish|ilo)/">
-        Options Indexes FollowSymLinks
-        AllowOverride None
-        Require all granted
+         Order allow,deny
+         allow from all
    </Directory>
 </VirtualHost>

--- a/ironic-image/ironic-config/httpd-modules.conf
+++ b/ironic-image/ironic-config/httpd-modules.conf
@@ -17,4 +17,4 @@ LoadModule authn_core_module /usr/lib64/apache2/mod_authn_core.so
 LoadModule auth_basic_module /usr/lib64/apache2/mod_auth_basic.so
 LoadModule authn_file_module /usr/lib64/apache2/mod_authn_file.so
 LoadModule authz_user_module /usr/lib64/apache2/mod_authz_user.so
-#LoadModule access_compat_module /usr/lib64/apache2/mod_access_compat.so
+LoadModule access_compat_module /usr/lib64/apache2/mod_access_compat.so
--- a/ironic-image/ironic-config/ironic.conf.j2
+++ b/ironic-image/ironic-config/ironic.conf.j2
@@ -91,11 +91,7 @@ send_sensor_data = {{ env.SEND_SENSOR_DATA }}
 # Power state is checked every 60 seconds and BMC activity should
 # be avoided more often than once every sixty seconds.
 send_sensor_data_interval = 160
-{% if env.VMEDIA_TLS_PORT %}
-bootloader = {{ env.IRONIC_HTTPS_VMEDIA_URL }}/uefi_esp-{{ env.DEPLOY_ARCHITECTURE }}.img
-{% else %}
 bootloader = {{ env.IRONIC_HTTP_URL }}/uefi_esp-{{ env.DEPLOY_ARCHITECTURE }}.img
-{% endif %}
 verify_step_priority_override = management.clear_job_queue:90
 # We don't use this feature, and it creates an additional load on the database
 node_history = False
@@ -127,15 +123,15 @@ default_boot_option = local
 erase_devices_metadata_priority = 10
 erase_devices_priority = 0
 http_root = /shared/html/
-http_url = {% if env.VMEDIA_TLS_PORT %}{{ env.IRONIC_HTTPS_VMEDIA_URL }}{% else %}{{ env.IRONIC_HTTP_URL }}{% endif %}
+http_url = {{ env.IRONIC_HTTP_URL }}
 fast_track = {{ env.IRONIC_FAST_TRACK }}
 {% if env.IRONIC_BOOT_ISO_SOURCE %}
 ramdisk_image_download_source = {{ env.IRONIC_BOOT_ISO_SOURCE }}
 {% endif %}
 {% if env.IRONIC_EXTERNAL_HTTP_URL %}
 external_http_url = {{ env.IRONIC_EXTERNAL_HTTP_URL }}
-{% elif env.VMEDIA_TLS_PORT %}
-external_http_url = {{ env.IRONIC_HTTPS_VMEDIA_URL }}
+{% elif env.IRONIC_VMEDIA_TLS_SETUP == "true" %}
+external_http_url = https://{{ env.IRONIC_URL_HOST }}:{{ env.VMEDIA_TLS_PORT }}
 {% endif %}
 {% if env.IRONIC_EXTERNAL_CALLBACK_URL %}
 external_callback_url = {{ env.IRONIC_EXTERNAL_CALLBACK_URL }}
--- a/ironic-image/scripts/configure-ironic.sh
+++ b/ironic-image/scripts/configure-ironic.sh
@@ -3,7 +3,6 @@
 set -euxo pipefail

 IRONIC_EXTERNAL_IP="${IRONIC_EXTERNAL_IP:-}"
-export VMEDIA_TLS_PORT="${VMEDIA_TLS_PORT:-}"

 # Define the VLAN interfaces to be included in introspection report, e.g.
 #   all - all VLANs on all interfaces using LLDP information
@@ -54,16 +53,12 @@ wait_for_interface_or_ip

 if [[ "$(echo "$LISTEN_ALL_INTERFACES" | tr '[:upper:]' '[:lower:]')" == "true" ]]; then
 export IRONIC_HOST_IP="::"
-elif [[ -n "${ENABLE_IPV6}" ]]; then
+elif [[ -n env.ENABLE_IPV6 ]]; then
 export IRONIC_HOST_IP="$IRONIC_IPV6"
 else
 export IRONIC_HOST_IP="$IRONIC_IP"
 fi

-if [[ "${VMEDIA_TLS_PORT}" ]]; then
-   export IRONIC_HTTPS_VMEDIA_URL="https://${IRONIC_URL_HOST}:${VMEDIA_TLS_PORT}"
-fi
-
 # Hostname to use for the current conductor instance.
 export IRONIC_CONDUCTOR_HOST=${IRONIC_CONDUCTOR_HOST:-${IRONIC_URL_HOST}}

--- a/ironic-image/scripts/ironic-common.sh
+++ b/ironic-image/scripts/ironic-common.sh
@@ -5,7 +5,7 @@ set -euxo pipefail
 # Export IRONIC_IP to avoid needing to lean on IRONIC_URL_HOST for consumption in
 # e.g. dnsmasq configuration
 export IRONIC_IP="${IRONIC_IP:-}"
-IRONIC_IPV6="${IRONIC_IPV6:-}"
+export IRONIC_IPV6="${IRONIC_IPV6:-}"
 PROVISIONING_INTERFACE="${PROVISIONING_INTERFACE:-}"
 PROVISIONING_IP="${PROVISIONING_IP:-}"
 PROVISIONING_MACS="${PROVISIONING_MACS:-}"
@@ -55,7 +55,7 @@ get_ip_of_hostname()

    local HOSTNAME=$1

-    echo $(nslookup -type=${QUERY} "${HOSTNAME}" | tail -n2 | grep -w "Address:" | cut -d " " -f2)
+    echo "$(nslookup -type=${QUERY} $HOSTNAME | tail -n2 | grep -w "Address:" | cut -d " " -f2)"
 }

 get_interface_of_ip()
@@ -85,7 +85,7 @@ get_interface_of_ip()
    # For IPv6 addresses, this will give the short-form address
    IP_ADDR="$(ipcalc "${IP_ADDR}" | grep "^Address:" | awk '{print $2}')"

-    echo $(ip ${IP_VERS} -br addr show scope global | grep -i " ${IP_ADDR}/" | cut -f 1 -d ' ' | cut -f 1 -d '@')
+    echo "$(ip $IP_VERS -br addr show scope global | grep -i " ${IP_ADDR}/" | cut -f 1 -d ' ' | cut -f 1 -d '@')"
 }

 get_ip_of_interface()
@@ -111,7 +111,7 @@ get_ip_of_interface()

    local IFACE=$1

-    echo $(ip ${IP_VERS} -br addr show scope global up dev ${IFACE} | awk '{print $3}' | sed -e 's%/.*%%' | head -n 1)
+    echo "$(ip $IP_VERS -br addr show scope global up dev $IFACE | awk '{print $3}' | sed -e 's%/.*%%' | head -n 1)"
 }

 get_provisioning_interface()
@@ -150,7 +150,7 @@ wait_for_interface_or_ip()

        until [[ -n "$IFACE_OF_IP" ]]; do
            echo "Waiting for ${PROVISIONING_IP} to be configured on an interface..."
-            IFACE_OF_IP="$(get_interface_of_ip "${PROVISIONING_IP}")"
+            IFACE_OF_IP="$(get_interface_of_ip $PROVISIONING_IP)"
            sleep 1
        done

@@ -160,33 +160,25 @@ wait_for_interface_or_ip()
 	# If the IP contains a colon, then it's an IPv6 address
        if [[ "$PROVISIONING_IP" =~ .*:.* ]]; then
            export IRONIC_IPV6="$PROVISIONING_IP"
-            export IRONIC_IP=""
        else
            export IRONIC_IP="$PROVISIONING_IP"
        fi
-    elif [[ -n "${IRONIC_IP}" ]]; then
-        if [[ "$IRONIC_IP" =~ .*:.* ]]; then
-            export IRONIC_IPV6="$IRONIC_IP"
-            export IRONIC_IP=""
-        fi
    elif [[ -n "${PROVISIONING_INTERFACE}" ]]; then
        until [[ -n "$IRONIC_IPV6" ]] || [[ -n "$IRONIC_IP" ]]; do
            echo "Waiting for ${PROVISIONING_INTERFACE} interface to be configured..."

-            IRONIC_IPV6="$(get_ip_of_interface "${PROVISIONING_INTERFACE}" 6)"
+            export IRONIC_IPV6="$(get_ip_of_interface $PROVISIONING_INTERFACE 6)"
            sleep 1

-            IRONIC_IP="$(get_ip_of_interface "${PROVISIONING_INTERFACE}" 4)"
+            export IRONIC_IP="$(get_ip_of_interface $PROVISIONING_INTERFACE 4)"
            sleep 1
        done

        if [[ -n "$IRONIC_IPV6" ]]; then
            echo "Found $IRONIC_IPV6 on interface \"${PROVISIONING_INTERFACE}\"!"
-	    export IRONIC_IPV6
        fi
        if [[ -n "$IRONIC_IP" ]]; then
            echo "Found $IRONIC_IP on interface \"${PROVISIONING_INTERFACE}\"!"
-	    export IRONIC_IP
        fi
    elif [[ -n "$IRONIC_URL_HOSTNAME" ]]; then
        local IPV6_IFACE=""
@@ -197,21 +189,21 @@ wait_for_interface_or_ip()
            local IPV6_RECORD=""
            local IPV4_RECORD=""

-            IPV6_RECORD="$(get_ip_of_hostname "${IRONIC_URL_HOSTNAME}" 6)"
-            IPV4_RECORD="$(get_ip_of_hostname "${IRONIC_URL_HOSTNAME}" 4)"
+            IPV6_RECORD="$(get_ip_of_hostname $IRONIC_URL_HOSTNAME 6)"
+            IPV4_RECORD="$(get_ip_of_hostname $IRONIC_URL_HOSTNAME 4)"

            # We couldn't get any IP
            if [[ -z "$IPV4_RECORD" ]] && [[ -z "$IPV6_RECORD" ]]; then
-                echo "${FUNCNAME}: no valid IP found for hostname ${IRONIC_URL_HOSTNAME}" >&2
+                echo "${FUNCNAME}: no valid IP found for hostname $IRONIC_URL_HOSTNAME" >&2
                return 1
            fi

            echo "Waiting for ${IPV6_RECORD} to be configured on an interface"
-            IPV6_IFACE="$(get_interface_of_ip "${IPV6_RECORD}" 6)"
+            IPV6_IFACE="$(get_interface_of_ip $IPV6_RECORD 6)"
            sleep 1

            echo "Waiting for ${IPV4_RECORD} to be configured on an interface"
-            IPV4_IFACE="$(get_interface_of_ip "${IPV4_RECORD}" 4)"
+            IPV4_IFACE="$(get_interface_of_ip $IPV4_RECORD 4)"
            sleep 1
        done

@@ -244,7 +236,7 @@ wait_for_interface_or_ip()
    fi
    if [[ -n "$IRONIC_IPV6" ]]; then
        export ENABLE_IPV6=yes
-        export IRONIC_URL_HOST="[${IRONIC_IPV6}]" # The HTTP host needs surrounding with brackets
+        export IRONIC_URL_HOST="[$IRONIC_IPV6]" # The HTTP host needs surrounding with brackets
    fi

    # Once determined if we have IPv4 and/or IPv6, override the hostname if provided
--- a/kubectl-image/Dockerfile
+++ b/kubectl-image/Dockerfile
@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%kubectl:1.33.4
-#!BuildTag: %%IMG_PREFIX%%kubectl:1.33.4-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%kubectl:1.32.4
+#!BuildTag: %%IMG_PREFIX%%kubectl:1.32.4-%RELEASE%
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro

@@ -15,11 +15,11 @@ FROM micro AS final
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SLE kubectl image"
 LABEL org.opencontainers.image.description="kubectl on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="1.33.4"
+LABEL org.opencontainers.image.version="1.32.4"
 LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.33.4-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.32.4-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
--- a/kubectl/kubectl.spec
+++ b/kubectl/kubectl.spec
@@ -1,7 +1,7 @@
 %global debug_package %{nil}

 Name: kubectl
-Version: 1.33.4
+Version: 1.32.4
 Release: 0
 Summary: Command-line utility for interacting with a Kubernetes cluster

--- a/kubectl/kubectl_1.32.4.orig.tar.gz
+++ b/kubectl/kubectl_1.32.4.orig.tar.gz
--- a/kubectl/kubectl_1.33.4.orig.tar.gz
+++ b/kubectl/kubectl_1.33.4.orig.tar.gz
--- a/metal3-chart/Chart.yaml
+++ b/metal3-chart/Chart.yaml
@@ -1,28 +1,28 @@
-#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.12_up0.12.2
-#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.12_up0.12.2-%RELEASE%
+#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.10_up0.12.0
+#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.10_up0.12.0-%RELEASE%
 apiVersion: v2
-appVersion: 0.12.2
+appVersion: 0.12.0
 dependencies:
 - alias: metal3-baremetal-operator
  name: baremetal-operator
  repository: file://./charts/baremetal-operator
-  version: 0.9.4
+  version: 0.9.2
 - alias: metal3-ironic
  name: ironic
  repository: file://./charts/ironic
-  version: 0.11.2
+  version: 0.11.0
 - alias: metal3-mariadb
  condition: global.enable_mariadb
  name: mariadb
  repository: file://./charts/mariadb
-  version: 0.6.1
+  version: 0.6.0
 - alias: metal3-media
  condition: global.enable_metal3_media_server
  name: media
  repository: file://./charts/media
-  version: 0.6.5
+  version: 0.6.4
 description: A Helm chart that installs all of the dependencies needed for Metal3
 icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg
 name: metal3
 type: application
-version: "%%CHART_MAJOR%%.0.12+up0.12.2"
+version: "%%CHART_MAJOR%%.0.10+up0.12.0"
--- a/metal3-chart/charts/baremetal-operator/Chart.yaml
+++ b/metal3-chart/charts/baremetal-operator/Chart.yaml
@@ -3,4 +3,4 @@ appVersion: 0.9.1
 description: A Helm chart for baremetal-operator, used by Metal3
 name: baremetal-operator
 type: application
-version: 0.9.4
+version: 0.9.2
--- a/metal3-chart/charts/baremetal-operator/templates/_helpers.tpl
+++ b/metal3-chart/charts/baremetal-operator/templates/_helpers.tpl
@@ -61,19 +61,3 @@ Create the name of the service account to use
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
-
-{{/*
-Create the URL to use for connecting to the Ironic servers (e.g. API, cache)
-*/}}
-{{- define "baremetal-operator.ironicHttpHost" -}}
-{{- $hostIP := include "metal3.hostIP" . -}}
-{{- with .Values.global }}
-{{- if .provisioningHostname }}
-{{- .provisioningHostname }}
-{{- else if regexMatch ".*:.*" $hostIP}}
-{{- print "[" $hostIP "]" }}
-{{- else }}
-{{- $hostIP }}
-{{- end }}
-{{- end }}
-{{- end }}
--- a/metal3-chart/charts/baremetal-operator/templates/configmap-ironic.yaml
+++ b/metal3-chart/charts/baremetal-operator/templates/configmap-ironic.yaml
@@ -1,10 +1,10 @@
  {{- $enableTLS := .Values.global.enable_tls }}
  {{- $enableVMediaTLS := .Values.global.enable_vmedia_tls }}
  {{- $protocol := ternary "https" "http" $enableTLS }}
-  {{- $ironicHost := include "baremetal-operator.ironicHttpHost" . | required "Missing host information for BMO to connect to Ironic" }}
-  {{- $ironicApiHost := print $ironicHost ":6385" }}
-  {{- $ironicBootHost := print $ironicHost ":6180" }}
-  {{- $ironicCacheHost := print $ironicHost ":6180" }}
+  {{- $ironicIP := .Values.global.ironicIP | default "" }}
+  {{- $ironicApiHost := print $ironicIP ":6385" }}
+  {{- $ironicBootHost := print $ironicIP ":6180" }}
+  {{- $ironicCacheHost := print $ironicIP ":6180" }}
  {{- $deployArch := .Values.global.deployArchitecture }}

 apiVersion: v1
@@ -12,8 +12,8 @@ data:
  IRONIC_ENDPOINT: "{{ $protocol }}://{{ $ironicApiHost }}/v1/"
  # Switch VMedia to HTTP if enable_vmedia_tls is false
  {{- if and $enableTLS $enableVMediaTLS }}
-    {{- $ironicBootHost = print $ironicHost ":" .Values.global.vmediaTLSPort }}
-    {{- $ironicCacheHost = print $ironicHost ":" .Values.global.vmediaTLSPort }}
+    {{- $ironicBootHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
+    {{- $ironicCacheHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
    {{- $protocol = "https" }}
  RESTART_CONTAINER_CERTIFICATE_UPDATED: "true"
  {{- else }}
--- a/metal3-chart/charts/baremetal-operator/templates/metrics_service.yaml
+++ b/metal3-chart/charts/baremetal-operator/templates/metrics_service.yaml
@@ -6,7 +6,6 @@ metadata:
    control-plane: controller-manager
  name: {{ include "baremetal-operator.fullname" . }}-controller-manager-metrics-service
 spec:
-  ipFamilyPolicy: PreferDualStack
  ports:
  - name: https
    port: 8443
--- a/metal3-chart/charts/baremetal-operator/templates/service-webhook.yaml
+++ b/metal3-chart/charts/baremetal-operator/templates/service-webhook.yaml
@@ -5,7 +5,6 @@ metadata:
    {{- include "baremetal-operator.labels" . | nindent 4 }}
  name: {{ include "baremetal-operator.fullname" . }}-webhook-service
 spec:
-  ipFamilyPolicy: PreferDualStack
  ports:
  - port: 443
    targetPort: 9443
--- a/metal3-chart/charts/ironic/Chart.yaml
+++ b/metal3-chart/charts/ironic/Chart.yaml
@@ -3,4 +3,4 @@ appVersion: 29.0.4
 description: A Helm chart for Ironic, used by Metal3
 name: ironic
 type: application
-version: 0.11.2
+version: 0.11.0
--- a/metal3-chart/charts/ironic/templates/_helpers.tpl
+++ b/metal3-chart/charts/ironic/templates/_helpers.tpl
@@ -83,50 +83,3 @@ Get ironic CA volumeMounts
  readOnly: true
 {{- end }}
 {{- end }}
-
-{{/*
-Get the formatted "External" hostname or IP based URL
-*/}}
-{{- define "ironic.externalHttpUrl" }}
-{{- $host := ternary (include "metal3.hostIP" .) .Values.global.externalHttpHost (empty .Values.global.externalHttpHost) }}
-{{- if regexMatch ".*:.*" $host }}
-{{- $host = print "[" $host "]" }}
-{{- end }}
-{{- $protocol := "http" }}
-{{- $port := "6180" }}
-{{- if .Values.global.enable_vmedia_tls }}
-{{- $protocol = "https" }}
-{{- $port = .Values.global.vmediaTLSPort | default "6185" }}
-{{- end }}
-{{- print $protocol "://" $host ":" $port }}
-{{- end }}
-
-{{/*
-Get the command to use for Liveness and Readiness probes
-*/}}
-{{- define "ironic.probeCommand" }}
-{{- $host := "127.0.0.1" }}
-{{- if eq .Values.listenOnAll false }}
-{{- $host = coalesce .Values.global.provisioningIP .Values.global.ironicIP .Values.global.provisioningHostname }}
-{{- if regexMatch ".*:.*" $host }}
-{{- $host = print "[" $host "]" }}
-{{- end }}
-{{- end }}
-{{- print "curl -sSfk https://" $host ":6385" }}
-{{- end }}
-
-{{/*
-Create the subjectAltNames section to be set on the Certificate
-*/}}
-{{- define "ironic.subjectAltNames" -}}
-{{- with .Values.global }}
-{{- if .provisioningHostname }}
-dnsNames:
- {{ .provisioningHostname }}
-{{- end -}}
-{{- if or .ironicIP .provisioningIP }}
-ipAddresses:
-  - {{ coalesce .provisioningIP .ironicIP }}
-{{- end }}
-{{- end }}
-{{- end }}
--- a/metal3-chart/charts/ironic/templates/certificates.yaml
+++ b/metal3-chart/charts/ironic/templates/certificates.yaml
@@ -6,7 +6,8 @@ metadata:
 spec:
  commonName: ironic-ca
  isCA: true
-  {{- include "ironic.subjectAltNames" . | indent 2 }}
+  ipAddresses:
+  - {{ .Values.global.ironicIP }}
  issuerRef:
    kind: Issuer
    name: selfsigned-issuer
@@ -18,7 +19,8 @@ metadata:
  name: ironic-cert
 spec:
  commonName: ironic-cert
-  {{- include "ironic.subjectAltNames" . | indent 2 }}
+  ipAddresses:
+  - {{ .Values.global.ironicIP }}
  issuerRef:
    kind: Issuer
    name: ca-issuer
@@ -31,7 +33,8 @@ metadata:
  name: ironic-vmedia-cert
 spec:
  commonName: ironic-vmedia-cert
-  {{- include "ironic.subjectAltNames" . | indent 2 }}
+  ipAddresses:
+  - {{ .Values.global.ironicIP }}
  issuerRef:
    kind: Issuer
    name: ca-issuer
--- a/metal3-chart/charts/ironic/templates/configmap.yaml
+++ b/metal3-chart/charts/ironic/templates/configmap.yaml
@@ -5,9 +5,16 @@ metadata:
  labels:
    {{- include "ironic.labels" . | nindent 4 }}
 data:
+  {{- $enableTLS := .Values.global.enable_tls }}
+  {{- $enableVMediaTLS := .Values.global.enable_vmedia_tls }}
+  {{- $protocol := ternary "https" "http" $enableTLS }}
+  {{- $ironicIP := .Values.global.ironicIP | default "" }}
+  {{- $ironicBootHost := print $ironicIP ":6180" }}
+  {{- $ironicCacheHost := print $ironicIP ":6180" }}
  {{- $deployArch := .Values.global.deployArchitecture }}

  {{- if  ( .Values.global.enable_dnsmasq ) }}
+  DNSMASQ_BOOT_SERVER_ADDRESS: {{ $ironicBootHost }}
  DNSMASQ_DNS_SERVER_ADDRESS: {{ .Values.global.dnsmasqDNSServer }}
  DNSMASQ_DEFAULT_ROUTER: {{ .Values.global.dnsmasqDefaultRouter }}
  DHCP_RANGE: {{ .Values.global.dhcpRange }}
@@ -17,21 +24,29 @@ data:
  {{- end }}
  HTTP_PORT: "6180"
  PREDICTABLE_NIC_NAMES: "{{ .Values.global.predictableNicNames }}"
-  IRONIC_EXTERNAL_HTTP_URL: {{ include "ironic.externalHttpUrl" . }}
+  # Switch VMedia to HTTP if enable_vmedia_tls is false
+  {{- if and $enableTLS $enableVMediaTLS }}
+    {{- $ironicBootHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
+    {{- $ironicCacheHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
+    {{- $protocol = "https" }}
+  {{- else }}
+    {{- $protocol = "http" }}
+  {{- end }}
+  IRONIC_EXTERNAL_HTTP_URL: {{ $protocol }}://{{ $ironicCacheHost }}
  DEPLOY_ARCHITECTURE: {{ $deployArch }}
+  IRONIC_BOOT_BASE_URL: {{ $protocol }}://{{ $ironicBootHost }}
  ENABLE_PXE_BOOT: "{{ .Values.global.enable_pxe_boot }}"
  {{- if .Values.global.provisioningInterface }}
  PROVISIONING_INTERFACE: {{ .Values.global.provisioningInterface }}
  {{- end }}
  {{- if .Values.global.provisioningIP }}
-  PROVISIONING_IP: {{ include "metal3.hostIP" . }}
-  {{- else if .Values.global.ironicIP }}
-  IRONIC_IP: {{ include "metal3.hostIP" . }}
-  {{- else if .Values.global.provisioningHostname }}
-  IRONIC_URL_HOSTNAME: {{ .Values.global.provisioningHostname }}
+  PROVISIONING_IP: {{ .Values.global.provisioningIP }}
  {{- end }}
  IRONIC_FAST_TRACK: "true"
-  LISTEN_ALL_INTERFACES: "{{ .Values.listenOnAll }}"
+  LISTEN_ALL_INTERFACES: "true"
+  {{- if .Values.global.ironicIP }}
+  IRONIC_IP: {{ .Values.global.ironicIP }}
+  {{- end }}
  {{- if  ( .Values.global.enable_tls ) }}
  RESTART_CONTAINER_CERTIFICATE_UPDATED: "true"
  IRONIC_KERNEL_PARAMS: {{ .Values.global.ironicKernelParams }} tls.enabled=true
--- a/metal3-chart/charts/ironic/templates/deployment.yaml
+++ b/metal3-chart/charts/ironic/templates/deployment.yaml
@@ -42,7 +42,7 @@ spec:
            name: ironic
        livenessProbe:
          exec:
-            command: ["sh", "-c", "{{ include "ironic.probeCommand" . }}"]
+            command: ["sh", "-c", "curl -sSfk https://127.0.0.1:6385"]
          failureThreshold: 10
          initialDelaySeconds: 30
          periodSeconds: 30
@@ -60,7 +60,7 @@ spec:
        {{- end }}
        readinessProbe:
          exec:
-            command: ["sh", "-c", "{{ include "ironic.probeCommand" . }}"]
+            command: ["sh", "-c", "curl -sSfk https://127.0.0.1:6385"]
          failureThreshold: 10
          initialDelaySeconds: 30
          periodSeconds: 30
--- a/metal3-chart/charts/ironic/templates/service.yaml
+++ b/metal3-chart/charts/ironic/templates/service.yaml
@@ -10,7 +10,6 @@ metadata:
  {{- end }}
 spec:
  type: {{ .Values.service.type }}
-  ipFamilyPolicy: PreferDualStack
  ports:
  {{- $enableTLS := .Values.global.enable_tls }}
  {{- $enableVMediaTLS := .Values.global.enable_vmedia_tls }}
--- a/metal3-chart/charts/ironic/values.yaml
+++ b/metal3-chart/charts/ironic/values.yaml
@@ -32,12 +32,6 @@ global:
  # IP Address assigned to network interface on provisioning network
  provisioningIP: ""

-  # Fully Qualified Domain Name used by Ironic for both binding (to the
-  # associated IPv4 and/or IPv6 addresses) and exposing the API, dnsmask and
-  # media, also used by BMO. Note, this is the only way to enable a fully
-  # working dual-stack configuration.
-  provisioningHostname: ""
-
  # Whether the NIC names should be predictable or not
  predictableNicNames: "true"

@@ -58,13 +52,11 @@ global:

 replicaCount: 1

-listenOnAll: true
-
 images:
  ironic:
    repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
    pullPolicy: IfNotPresent
-    tag: 29.0.4.1
+    tag: 29.0.4.0
  ironicIPADownloader:
    repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic-ipa-downloader
    pullPolicy: IfNotPresent
--- a/metal3-chart/charts/mariadb/Chart.yaml
+++ b/metal3-chart/charts/mariadb/Chart.yaml
@@ -3,4 +3,4 @@ appVersion: "10.11"
 description: A Helm chart for MariaDB, used by Metal3
 name: mariadb
 type: application
-version: 0.6.1
+version: 0.6.0
--- a/metal3-chart/charts/mariadb/templates/service.yaml
+++ b/metal3-chart/charts/mariadb/templates/service.yaml
@@ -5,11 +5,10 @@ metadata:
  labels:
    {{- include "mariadb.labels" . | nindent 4 }}
 spec:
-  ipFamilyPolicy: PreferDualStack
  type: {{ .Values.service.type }}
  selector:
    {{- include "mariadb.selectorLabels" . | nindent 4 }}
  ports:
  {{- with .Values.service.ports }}
    {{- toYaml . | nindent 2 }}
-  {{- end }}
+  {{- end }}
--- a/metal3-chart/charts/media/Chart.yaml
+++ b/metal3-chart/charts/media/Chart.yaml
@@ -3,4 +3,4 @@ appVersion: 1.16.0
 description: A Helm chart for Media, used by Metal3
 name: media
 type: application
-version: 0.6.5
+version: 0.6.4
--- a/metal3-chart/charts/media/templates/service.yaml
+++ b/metal3-chart/charts/media/templates/service.yaml
@@ -5,7 +5,6 @@ metadata:
  labels:
    {{- include "media.labels" . | nindent 4 }}
 spec:
-  ipFamilyPolicy: PreferDualStack
  type: {{ .Values.service.type }}
  ports:
    - port: {{ .Values.service.port }}
--- a/metal3-chart/charts/media/values.yaml
+++ b/metal3-chart/charts/media/values.yaml
@@ -24,7 +24,7 @@ replicaCount: 1
 image:
  repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
  pullPolicy: IfNotPresent
-  tag: 29.0.4.1
+  tag: 29.0.4.0

 imagePullSecrets: []
 nameOverride: ""
--- a/metal3-chart/templates/_helpers.tpl
+++ b/metal3-chart/templates/_helpers.tpl
@@ -60,18 +60,3 @@ Create the name of the service account to use
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
-
-{{/*
-Produce the correct IP or hostname for Ironic provisioning
-*/}}
-{{- define "metal3.hostIP" -}}
-{{- with .Values.global }}
-{{- if and .provisioningHostname (or .provisioningIP .ironicIP) }}
-{{  fail "Please provide either provisioningHostname or provisioningIP or ironicIP" }}
-{{- end }}
-{{- if and .provisioningIP .ironicIP }}
-{{  fail "Please provide either ironicIP or provisioningIP" }}
-{{- end }}
-{{- coalesce .provisioningIP .ironicIP }}
-{{- end }}
-{{- end }}
--- a/metal3-chart/values.yaml
+++ b/metal3-chart/values.yaml
@@ -60,15 +60,6 @@ global:
  # IP Address assigned to network interface on provisioning network
  provisioningIP: ""

-  # Fully Qualified Domain Name used by Ironic for both binding (to the 
-  # associated IPv4 and/or IPv6 addresses) and exposing the API, dnsmask and
-  # media, also used by BMO. Note, this is the only way to enable a fully
-  # working dual-stack configuration.
-  provisioningHostname: ""
-
-  # Hostname or IP for accessing the Ironic API server from a non-provisioning network
-  externalHttpHost: ""
-
  # Name for the MariaDB service
  databaseServiceName: metal3-mariadb

--- a/nessie-image/Dockerfile
+++ b/nessie-image/Dockerfile
@@ -1,31 +0,0 @@
-# SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%nessie:%%nessie_version%%
-#!BuildTag: %%IMG_PREFIX%%nessie:%%nessie_version%%-%RELEASE%
-
-ARG SLE_VERSION
-FROM registry.suse.com/bci/bci-base:$SLE_VERSION
-
-# labelprefix=com.suse.application.nessie
-LABEL org.opencontainers.image.title="nessie"
-LABEL org.opencontainers.image.description="Nessie diagnostic tool for SUSE Kubernetes environments"
-LABEL org.opencontainers.image.version="%%nessie_version%%"
-LABEL org.opencontainers.image.authors="George Agriogiannis <george.agriogiannis2@suse.com>"
-LABEL org.opencontainers.image.url="https://github.com/suse-edge/support-tools/tree/main/nessie"
-LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opencontainers.image.created="%BUILDTIME%"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%nessie:%%nessie_version%%-%RELEASE%"
-LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
-LABEL com.suse.eula="SUSE Combined EULA February 2024"
-LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
-LABEL com.suse.image-type="application"
-LABEL com.suse.release-stage="released"
-# endlabelprefix
-
-RUN zypper --non-interactive refresh && \
-    zypper --non-interactive install --no-recommends nessie && \
-    zypper clean
-
-WORKDIR /tmp
-
-ENTRYPOINT ["/usr/bin/nessie"]
--- a/nessie-image/_service
+++ b/nessie-image/_service
@@ -1,19 +0,0 @@
-<services>
-  <service mode="buildtime" name="kiwi_metainfo_helper"/>
-  <service mode="buildtime" name="docker_label_helper"/>
-  <service name="replace_using_package_version" mode="buildtime">
-    <param name="file">Dockerfile</param>
-    <param name="regex">%%nessie_version%%</param>
-    <param name="package">nessie</param>
-    <param name="parse-version">patch</param>
-  </service>
-  <service name="replace_using_env" mode="buildtime">
-    <param name="file">Dockerfile</param>
-    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
-    <param name="var">IMG_PREFIX</param>
-    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
-    <param name="var">IMG_REPO</param>
-    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
-    <param name="var">SUPPORT_LEVEL</param>
-  </service>
-</services>
--- a/nessie/_service
+++ b/nessie/_service
@@ -1,26 +0,0 @@
-<services>
-  <service name="obs_scm">
-    <param name="url">https://github.com/suse-edge/support-tools</param>
-    <param name="scm">git</param>
-    <param name="revision">nessie-v1.0.0</param>
-    <param name="version">_auto_</param>
-    <param name="versionformat">@PARENT_TAG@</param>
-    <param name="changesgenerate">enable</param>
-    <param name="changesauthor">george.agriogiannis2@suse.com</param>
-    <param name="match-tag">nessie-v*</param>
-    <param name="versionrewrite-pattern">nessie-v(\d+\.\d+\.\d+)</param>
-    <param name="versionrewrite-replacement">\1</param>
-    <param name="subdir">nessie</param>
-    <param name="exclude">.git</param>
-    <param name="without-version">yes</param>
-    <param name="filename">nessie</param>
-  </service>
-  <service mode="buildtime" name="tar">
-    <param name="obsinfo">nessie.obsinfo</param>
-  </service>
-  <service mode="buildtime" name="recompress">
-    <param name="file">*.tar</param>
-    <param name="compression">gz</param>
-  </service>
-  <service mode="buildtime" name="set_version" />
-</services>
--- a/nessie/nessie.spec
+++ b/nessie/nessie.spec
@@ -1,80 +0,0 @@
-#
-# spec file for package nessie
-#
-# Copyright (c) 2024 SUSE LLC
-#
-# All modifications and additions to the file contributed by third parties
-# remain the property of their copyright owners, unless otherwise agreed
-# upon. The license for this file, and modifications and additions to the
-# file, is the same license as for the pristine package itself (unless the
-# license for the pristine package is not an Open Source License, in which
-# case the license is the MIT License). An "Open Source License" is a
-# license that conforms to the Open Source Definition (Version 1.9)
-# published by the Open Source Initiative.
-
-# Please submit bugfixes or comments via https://bugs.opensuse.org/
-#
-
-Name:           nessie
-# Version will be set automatically by factory's set_version service
-Version:        1.0.0
-Release:        0
-Summary:        Node Environment Support Script for Inspection and Export
-License:        Apache-2.0
-Group:          System/Management
-URL:            https://github.com/suse-edge/support-tools/tree/main/nessie
-Source0:        %{name}-%{version}.tar.gz
-BuildArch:      noarch
-
-# Build dependencies
-BuildRequires:  python3-devel
-
-# Runtime dependencies
-Requires:       python3
-Requires:       python3-kubernetes
-Requires:       python3-PyYAML
-Requires:       helm
-Requires:       systemd
-
-# Optional dependencies for enhanced functionality
-Recommends:     util-linux
-
-%description
-Nessie (Node Environment Support Script for Inspection and Export) is a
-comprehensive diagnostic tool for SUSE Kubernetes environments. It collects
-logs, configurations, and system information from Kubernetes clusters for
-troubleshooting and support purposes.
-
-Key features:
- Collects system service logs and Kubernetes pod logs
- Gathers cluster configurations and Helm releases
- Retrieves node metrics and component versions
- Supports RKE2 and K3s environments
- Fault-tolerant with configurable options
- Can be run directly or as a container
-
-The tool is designed specifically for SUSE Edge environments and integrates
-well with SUSE Linux Micro, RKE2, and K3s distributions.
-
-%prep
-%autosetup
-
-%build
-# Validate Python syntax
-python3 -m py_compile nessie.py
-
-%install
-# Install the main script
-install -D -m 0755 nessie.py %{buildroot}%{_bindir}/nessie
-
-# Install documentation files
-install -D -m 0644 README.md %{buildroot}%{_docdir}/%{name}/README.md
-install -D -m 0644 LICENSE %{buildroot}%{_docdir}/%{name}/LICENSE
-
-%files
-%{_bindir}/nessie
-%dir %{_docdir}/%{name}
-%doc %{_docdir}/%{name}/README.md
-%license %{_docdir}/%{name}/LICENSE
-
-%changelog
--- a/python-pyhelm3/_service
+++ b/python-pyhelm3/_service
@@ -1,3 +0,0 @@
-<services>
-<service name="download_assets"></service>
-</services>
--- a/python-pyhelm3/pyhelm3.spec
+++ b/python-pyhelm3/pyhelm3.spec
@@ -1,55 +0,0 @@
-#
-# spec file for package python-pyhelm3
-#
-# Copyright (c) 2025 SUSE LLC
-#
-# All modifications and additions to the file contributed by third parties
-# remain the property of their copyright owners, unless otherwise agreed
-# upon. The license for this file, and modifications and additions to the
-# file, is the same license as for the pristine package itself (unless the
-# license for the pristine package is not an Open Source License, in which
-# case the license is the MIT License). An "Open Source License" is a
-# license that conforms to the Open Source Definition (Version 1.9)
-# published by the Open Source Initiative.
-
-# Please submit bugfixes or comments via https://bugs.opensuse.org/
-
-Name:           python-pyhelm3
-Version:        0.4.0
-Release:        0
-Summary:        Python library for managing Helm releases using Helm 3
-License:        Apache-2.0
-URL:            https://github.com/azimuth-cloud/pyhelm3
-#!RemoteAsset
-Source:         https://files.pythonhosted.org/packages/source/p/pyhelm3/pyhelm3-%{version}.tar.gz
-BuildRequires:  python-rpm-macros
-BuildRequires:  %{python_module pip}
-BuildRequires:  %{python_module setuptools >= 42}
-BuildRequires:  %{python_module setuptools_scm >= 3.4}
-BuildRequires:  %{python_module wheel}
-BuildRequires:  fdupes
-Requires:       %{python_module pydantic}
-Requires:       %{python_module PyYAML}
-BuildArch:      noarch
-%python_subpackages
-
-%description
-Python library for managing Helm releases using Helm 3.
-
-%prep
-%autosetup -p1 -n pyhelm3-%{version}
-
-%build
-%pyproject_wheel
-
-%install
-%pyproject_install
-%python_expand %fdupes %{buildroot}%{$python_sitelib}
-
-%files %{python_files}
-%doc README.md
-%license LICENSE
-%{python_sitelib}/pyhelm3
-%{python_sitelib}/pyhelm3-%{version}.dist-info
-
-%changelog
--- a/rancher-turtles-chart/values.yaml
+++ b/rancher-turtles-chart/values.yaml
@@ -22,7 +22,7 @@ rancherTurtles:
  # rancherInstalled: True if Rancher already installed is in the cluster, this is the preferred installation way.
  rancherInstalled: false
  # kubectlImage: Image for kubectl tasks.
-  kubectlImage: "%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.33.4"
+  kubectlImage: "%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.32.4"
  # features: Optional and experimental features.
  features:
    # day2operations: Alpha feature.
--- a/release-manifest-image/release_manifest.yaml
+++ b/release-manifest-image/release_manifest.yaml
@@ -7,7 +7,7 @@ spec:
  components:
    kubernetes:
      k3s:
-        version: v1.33.3+k3s1
+        version: v1.32.4+k3s1
        coreComponents:
          - name: traefik-crd
            version: 34.2.1+up34.2.0
@@ -31,46 +31,46 @@ spec:
                image: rancher/mirrored-metrics-server:v0.7.2
            type: Deployment
      rke2:
-        version: v1.33.3+rke2r1
+        version: v1.32.4+rke2r1
        coreComponents:
          - name: rke2-cilium
-            version: 1.17.600
+            version: 1.17.300
            type: HelmChart
          - name: rke2-canal
-            version: v3.30.2-build2025071100
+            version: v3.29.3-build2025040801
            type: HelmChart
          - name: rke2-calico-crd
-            version: v3.30.100
+            version: v3.29.101
            type: HelmChart
          - name: rke2-calico
-            version: v3.30.100
+            version: v3.29.300
            type: HelmChart
          - name: rke2-coredns
-            version: 1.42.302
+            version: 1.39.201
            type: HelmChart
          - name: rke2-ingress-nginx
-            version: 4.12.401
+            version: 4.12.101
            type: HelmChart
          - name: rke2-metrics-server
-            version: 3.12.203
+            version: 3.12.200
            type: HelmChart
          - name: rancher-vsphere-csi
-            version: 3.3.1-rancher1000
+            version: 3.3.1-rancher900
            type: HelmChart
          - name: rancher-vsphere-cpi
-            version: 1.11.000
+            version: 1.10.000
            type: HelmChart
          - name: harvester-cloud-provider
-            version: 0.2.1000
+            version: 0.2.900
            type: HelmChart
          - name: harvester-csi-driver
-            version: 0.1.2400
+            version: 0.1.2300
            type: HelmChart
          - name: rke2-snapshot-controller-crd
-            version: 4.0.003
+            version: 4.0.002
            type: HelmChart
          - name: rke2-snapshot-controller
-            version: 4.0.003
+            version: 4.0.002
            type: HelmChart
          # Deprecated this empty chart addon can be removed in v1.34
          - name: rke2-snapshot-validation-webhook
@@ -89,20 +89,20 @@ spec:
        - prettyName: Rancher
          releaseName: rancher
          chart: rancher
-          version: 2.12.1-alpha1
-          repository: https://releases.rancher.com/server-charts/alpha
+          version: 2.11.2
+          repository: https://charts.rancher.com/server-charts/prime
          values:
            postDelete:
              enabled: false
        - prettyName: Longhorn
          releaseName: longhorn
          chart: longhorn
-          version: 106.2.1+up1.8.2
+          version: 106.2.0+up1.8.1
          repository: https://charts.rancher.io
          dependencyCharts:
            - releaseName: longhorn-crd
              chart: longhorn-crd
-              version: 106.2.1+up1.8.2
+              version: 106.2.0+up1.8.1
              repository: https://charts.rancher.io
        - prettyName: MetalLB
          releaseName: metallb
@@ -123,12 +123,12 @@ spec:
        - prettyName: NeuVector
          releaseName: neuvector
          chart: neuvector
-          version: 107.0.0+up2.8.7
+          version: 106.0.1+up2.8.6
          repository: https://charts.rancher.io
          dependencyCharts:
            - releaseName: neuvector-crd
              chart: neuvector-crd
-              version: 107.0.0+up2.8.7
+              version: 106.0.1+up2.8.6
              repository: https://charts.rancher.io
          addonCharts:
            - releaseName: neuvector-ui-ext
@@ -142,11 +142,11 @@ spec:
        - prettyName: Elemental
          releaseName: elemental-operator
          chart: oci://registry.suse.com/rancher/elemental-operator-chart
-          version: 1.7.3
+          version: 1.6.8
          dependencyCharts:
            - releaseName: elemental-operator-crds
              chart: oci://registry.suse.com/rancher/elemental-operator-crds-chart
-              version: 1.7.3
+              version: 1.6.8
          addonCharts:
            - releaseName: elemental
              chart: elemental
@@ -171,7 +171,7 @@ spec:
        - prettyName: Metal3
          releaseName: metal3
          chart: '%%CHART_REPO%%/%%CHART_PREFIX%%metal3'
-          version: '%%CHART_MAJOR%%.0.12+up0.12.2'
+          version: '%%CHART_MAJOR%%.0.10+up0.12.0'
        - prettyName: RancherTurtles
          releaseName: rancher-turtles
          chart: '%%CHART_REPO%%/%%CHART_PREFIX%%rancher-turtles'
--- a/upgrade-controller-chart/values.yaml
+++ b/upgrade-controller-chart/values.yaml
@@ -15,7 +15,7 @@ env:
    image: %%MANIFEST_REPO%%/%%IMG_PREFIX%%release-manifest
  kubectl:
    image: %%IMG_REPO%%/%%IMG_PREFIX%%kubectl
-    version: 1.33.4
+    version: 1.32.4

 imagePullSecrets: []
 nameOverride: ""
Author	SHA256	Message	Date
Marco Chiappero	e5f765ec69	Let Apache use separate IPv4 and IPv6 sockets for listening to any All checks were successful Check Release Manifest Local Charts Versions / Check Release Manifest Local Charts Versions (pull_request) Successful in -6s Details Build PR in OBS / Build PR in OBS (pull_request_target) Successful in 3m25s Details Enable the use of two separate sockets for IPv4 and IPv6 when LISTEN_ALL_INTERFACES is set to true. While desirable, on Linux Apache uses IPv4-mapped IPv6 addresses by default, thus leveraging a single IPv6 socket for IPv4 connections as well. This behaviour is far from being desirable and can be disabled at compile time via the "--disable-v4-mapped" flag, so make sure both an ANY address Listen directive is present for both IPv4 and IPv6. When Apache is compiled with "--enable-v4-mapped", the IPv4 socket will be simply ignored. Please see https://httpd.apache.org/docs/2.4/bind.html for more information. Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>	2025-07-29 19:15:25 +00:00
Marco Chiappero	2d83191e53	Update httpd.conf to bind to IPv4 and/or IPv6 sockets Enable the use of individual IPv4 and IPv6 sockets when the respective IP is detected and LISTEN_ALL_INTERFACES is not set to true. This allows to correctly bind to both the IPv4 and IPv6 addresses found and not just one of them. Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>	2025-07-29 19:15:25 +00:00
Marco Chiappero	11cd6f8ebe	Let Ironic API use IPv4 and IPv6 sockets when possible When LISTEN_ALL_INTERFACES is not set, Apache should make Ironic API avaiable on either or both IPv4 and IPv6 sockets, depending on the addresses requested or found on the system. Make sure to set the "Listen" directive according to ENABLE_IPV4 and ENABLE_IPV4, and the VirtualHost when IRONIC_URL_HOSTNAME is present. Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>	2025-07-29 19:15:25 +00:00
Marco Chiappero	ad68f891f5	Set host_ip to an IPv6 address when found Prioritize IPv6 over IPv4 when available to set host_ip in ironic.conf when LISTEN_ALL_INTERFACES is not set to true. Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>	2025-07-29 19:15:25 +00:00
Marco Chiappero	e155a809b8	Use my_ipv6 when IRONIC_IPV6 is defined in ironic.conf As per the Ironic documentation: "This field [my_ip] does accept an IPv6 address as an override for templates and URLs, however it is recommended that [DEFAULT]my_ipv6 is used along with DNS names for service URLs for dual-stack environments." Fill my_ipv6 when an IPv6 address has been found for binding. Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>	2025-07-29 19:15:25 +00:00
Marco Chiappero	8b6d7e409c	Allow binding on the provisioning network via a hostname In a dual-stack scenario, especially when deploying in direct mode via virtual media, it might be useful to 1) use a hostname to enable "dual IP" URLs 2) have ironic bind to those two addresses, if found on the system. To make this possible, this commit introduces: - a new user environment variable named IRONIC_URL_HOSTNAME, to be used as immutable external only input, to derive IRONIC_URL_HOST and the IP addresses to bind on - a new utility function named "get_ip_of_hostname" to help look up the A and AAAA records - additional logic to look for the returned address on the system, for binding the processes; this new logic has lower priority than PROVISIONING_IP (which can then be used to enforce one specific IP version) and PROVISIONING_INTERFACE Note, while IRONIC_URL_HOSTNAME and PROVISIONING_IP are considered to be mutually exclusive, IRONIC_URL_HOSTNAME and PROVISIONING_INTERFACE are not. Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>	2025-07-29 19:15:25 +00:00
Marco Chiappero	e6700bd732	Introduce IRONIC_IPV6 to bind on IPv6 sockets The ironic scripts either use PROVISIONING_IP as an input or try to determine an IP address to bind the sockets to. This results in IRONIC_IP being defined once the process is complete, and it can carry either an IPv4 or an IPv6 address. Likely, the assumption is that on Linux, by default, IPv4-mapped IPv6 addresses can be leveraged to serve both IPv4 and IPv6 through a single socket. However this is not a good practice and two separate sockets should be used instead, whenever possible. This change modifies such logic by - introducing the variable IRONIC_IPV6 alongside the existing - matching IRONIC_IP and attempting to populate both variables Please note that hostname based URLs, with both A and AAAA records, are also required for a fully working dual-stack configuration. Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>	2025-07-29 19:15:25 +00:00
Marco Chiappero	a1ee32b951	Revert 2742439 being now redundant Commit 2742439 added logic to tentatively identify the interface name in get_provisioning_interface if the PROVISIONING_IP is provided. However the same process in then repeated in wait_for_interface_or_ip. Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>	2025-07-29 19:15:25 +00:00
Marco Chiappero	250635e51c	Leverage get_interface_of_ip to look PROVISIONING_IP up Use the previously introduced get_interface_of_ip, to determine if the PROVISIONING_IP address is actually present on a network interface. This improves the code readability and enables additional debugging output. Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>	2025-07-29 19:15:25 +00:00
Marco Chiappero	f5676b293c	Add two new utility functions for later refactoring The way the ironic-image processes are bound to internet sockets is mainly by PROVISIONING_IP or PROVISIONING_INTERFACE, that is, by looking up a specific address on an interface, or a specific interface for a workable address. Introduce two new utility functions in ironic-common.sh for these two purposes: get_interface_of_ip: returns the name of the interface where the IP address provided as argument is found get_ip_of_interface: returns the first IP associated to the interface provided as argument These two functions will be put into use in subsequent commits. Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>	2025-07-29 19:15:23 +00:00
Marco Chiappero	1f98a15d26	Remove PROVISIONING_INTERFACE default for better validation Whenever PROVISIONING_INTERFACE is not set by the user, function get_provisioning_interface attempts to determine one, or provide "provisionign" as default value. However this can cause confusing errors down the line. Remove this default value and fail gracefully, with proper logging, if the PROVISIONING_INTERFACE value is not detected. Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>	2025-07-29 17:38:30 +00:00
Marco Chiappero	783a3fd5c2	Simplify the setting of host_ip in ironic.conf The value of host_ip is determined twice within the ironic.conf.j2 template file, by means of a relatively hard to read set of conditions. Avoid this duplication and improve readability by exporting the correct value once in scripts/configure-ironic.sh. This also leave more room for more complex evaluations should these be needed in the future. Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>	2025-07-29 17:38:30 +00:00