suse-edge/Factory
SHA256
17
0
Fork 18
Code Issues Pull Requests 4 Actions Packages Projects Releases Wiki Activity

Dual-stack support #213

Merged
mchiappero merged 12 commits from mchiappero/Factory:dual-stack into main 2025-08-05 17:35:27 +02:00
Conversation 4 Commits 12 Files Changed 8 +223 -38
mchiappero commented 2025-07-24 13:46:17 +02:00
Owner
Copy Link

Dual stack changes, opening mainly as I need some automated build.

Dual stack changes, opening mainly as I need some automated build.
mchiappero added 14 commits 2025-07-24 13:46:18 +02:00
Align to v29.0.0 6c6544a608 
Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
Use correct paths and modules for Apache df4fce4388 
Correct the path of the Apache modules for a SUSE image.

Also keep a couple of modules disabled.

Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
Use ironic-suse user/group in Apache for media cc08766fdf 
Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
Use ironic-suse user/group in Apache for API dc68a1d44b 
Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
Change GRUB path in ironic.conf 37a92b02c4 
Correct path for grub.cfg on a SUSE system.

Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
Use arch named IPA file in IMAGE_CACHE_PREFIX db28299e63 
Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
Use arch specific file for IPA 728354e926 
Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
Use arch specific ESP img 589be0a21f 
Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
Disable the network schema check to allow for nmstate definitions 909aa27611 
Bypass the OpenStack network-data format validation, to allow for the
nmstate based one we instead use (which would otherwise fail).

Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
Update the destination path of Jinjia templates 7da89fbe2b 
Previously .j2 files used to be copied to /etc before being
instantiated. In order to make the image potentially read only,
move the templates to /tmp.

Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
Force the use of Python 3.11 58f9552a26 
SLE 15.6 provides Python 3.11, make sure it's enforced.

Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
Remove unused prometheus exporter 16d2670d54 
The Prometheus exporter is effectively, not only unused, but
unusable, due to missing dependencies. Since currently we
don't have use case for it, opt for dropping the exporter
entirely from the image.

Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
Make the new scripts executable 5b8cbc57e1 
v29.0.0 add a couple of new scripts, such as ironic-probe.sh; make sure
they have the 'executable' flag.

Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
Align configure-nonroot.sh
All checks were successful
Check Release Manifest Local Charts Versions / Check Release Manifest Local Charts Versions (pull_request) Successful in 8s
Details
Build PR in OBS / Build PR in OBS (pull_request_target) Successful in 4m3s
Details
05aa1341a9 
Try to reuse as much as possible of the upstream configure-nonroot.sh

Co-authored-by: Nicolas Belouin <nicolas.belouin@suse.com>
Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
mchiappero force-pushed dual-stack from 0bc2daef56 to 412c22c5dc 2025-07-24 14:12:24 +02:00 Compare
mchiappero force-pushed dual-stack from 412c22c5dc to 5488424be6 2025-07-24 16:35:49 +02:00 Compare
mchiappero force-pushed dual-stack from 81f7820063 to 84c10d362d 2025-07-25 12:28:00 +02:00 Compare
mchiappero force-pushed dual-stack from 84c10d362d to 64dbd45461 2025-07-25 12:43:36 +02:00 Compare
mchiappero force-pushed dual-stack from c508493bd6 to 39cc72476a 2025-07-25 18:24:27 +02:00 Compare
mchiappero force-pushed dual-stack from 39cc72476a to 3075872a0c 2025-07-25 18:35:32 +02:00 Compare
mchiappero force-pushed dual-stack from 3075872a0c to e6481eb220 2025-07-25 22:28:40 +02:00 Compare
mchiappero force-pushed dual-stack from e6481eb220 to 653a8e5b2c 2025-07-26 00:19:03 +02:00 Compare
mchiappero force-pushed dual-stack from 653a8e5b2c to 1eb9fd6318 2025-07-28 11:02:27 +02:00 Compare
mchiappero force-pushed dual-stack from 1eb9fd6318 to f98d3d5c1e 2025-07-28 11:28:32 +02:00 Compare
mchiappero force-pushed dual-stack from f98d3d5c1e to a3096005fa 2025-07-28 15:13:02 +02:00 Compare
mchiappero force-pushed dual-stack from a3096005fa to 84174e428c 2025-07-28 16:21:57 +02:00 Compare
mchiappero force-pushed dual-stack from 84174e428c to 8630cca617 2025-07-28 22:25:41 +02:00 Compare
mchiappero force-pushed dual-stack from 8630cca617 to dbc8e0975b 2025-07-28 23:08:16 +02:00 Compare
mchiappero force-pushed dual-stack from dbc8e0975b to bb815874ae 2025-07-29 07:45:46 +02:00 Compare
mchiappero force-pushed dual-stack from 9c526f084e to f260540edb 2025-07-29 10:29:13 +02:00 Compare
mchiappero force-pushed dual-stack from f260540edb to 3b51a9d144 2025-07-29 11:03:52 +02:00 Compare
mchiappero changed title from WIP: dual-stack to dual-stack 2025-07-29 11:08:30 +02:00
mchiappero requested review from amorgante 2025-07-29 11:08:46 +02:00
mchiappero requested review from nbelouin 2025-07-29 11:08:46 +02:00
mchiappero requested review from steven.hardy 2025-07-29 11:08:46 +02:00
mchiappero commented 2025-07-29 11:18:07 +02:00
Author
Owner
Copy Link

Okay, I think it's good to go now, if you could PTAL... There are only a couple of things I would like to explore, that is, 1) the use of IRONIC_URL_HOSTNAME in ironic.conf for CONDUCTOR_HOST and host_ip when available 2) the use of ::1 when we have IRONIC_IPV6 for ProxyPass in Apache.

Other than that, I have a few manual tests I would like to run before being reasonably safe it's all right, but it's starting to look good to me, so take a look and let me know if there is anything that doesn't look good to you.

On a side note, setting the LISTEN_ALL_INTERFACES to false requires a change for the liveness and readiness probes... I wonder if we should let the user choose if to bind on localhost in addition to the provisioning/hostname IP(s). What do you think?

Okay, I think it's good to go now, if you could PTAL... There are only a couple of things I would like to explore, that is, 1) the use of IRONIC_URL_HOSTNAME in ironic.conf for CONDUCTOR_HOST and host_ip when available 2) the use of ::1 when we have IRONIC_IPV6 for ProxyPass in Apache. Other than that, I have a few manual tests I would like to run before being reasonably safe it's all right, but it's starting to look good to me, so take a look and let me know if there is anything that doesn't look good to you. On a side note, setting the LISTEN_ALL_INTERFACES to false requires a change for the liveness and readiness probes... I wonder if we should let the user choose if to bind on localhost in addition to the provisioning/hostname IP(s). What do you think?
mchiappero commented 2025-07-29 11:19:19 +02:00
Author
Owner
Copy Link

Oh, and need to reword a few commit messages.

Oh, and need to reword a few commit messages.
mchiappero force-pushed dual-stack from 3b51a9d144 to 54357a748a 2025-07-29 18:46:44 +02:00 Compare
mchiappero force-pushed dual-stack from 54357a748a to 6dd551f7db 2025-07-29 18:55:35 +02:00 Compare
mchiappero force-pushed dual-stack from 6dd551f7db to e5f765ec69 2025-07-30 10:09:32 +02:00 Compare
nbelouin reviewed 2025-07-30 10:38:36 +02:00
nbelouin left a comment
Owner
Copy Link

LGTM overall, few things need attention, would be nice to have a matching PR upstream, so that we keep in sync as much as possible.

LGTM overall, few things need attention, would be nice to have a matching PR upstream, so that we keep in sync as much as possible.
ironic-image/Dockerfile Outdated
@@ -24,3 +24,3 @@
#!ArchExclusiveLine: aarch64
RUN if [ "$(uname -m)" = "aarch64" ];then \
zypper --installroot /installroot --non-interactive install --no-recommends python311-devel python311 python311-pip python311-sushy-oem-idrac python311-proliantutils python311-sushy python311-pyinotify python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic; \
zypper --installroot /installroot --non-interactive install --no-recommends python311-devel python311 python311-pip python311-sushy-oem-idrac python311-proliantutils python311-sushy python311-pyinotify python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi ipcalc ipmitool iproute2 bind-utils procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic; \
nbelouin commented 2025-07-30 10:30:10 +02:00
Owner
Copy Link

nit: might be easier to maintain by having a first RUN instruction with all packages common for the two architectures, then a RUN line for each architecture with arch-specific items

nit: might be easier to maintain by having a first RUN instruction with all packages common for the two architectures, then a RUN line for each architecture with arch-specific items
👍 1
mchiappero commented 2025-07-30 10:59:55 +02:00
Author
Owner
Copy Link

Or a variable pulled by both, to avoid unnecessary layers in the container.

Or a variable pulled by both, to avoid unnecessary layers in the container.
nbelouin commented 2025-07-30 11:31:51 +02:00
Owner
Copy Link

The layers here are in first stage container, and OBS will not be able to follow a variable here, so better split in two here

The layers here are in first stage container, and OBS will not be able to follow a variable here, so better split in two here
👍 1
ironic-image/scripts/ironic-common.sh Outdated
@@ -43,4 +124,1 @@
local interface="provisioning"
if [[ -n "${PROVISIONING_IP}" ]]; then
nbelouin commented 2025-07-30 10:36:49 +02:00
Owner
Copy Link

We may want to keep this kind of behavior of setting the interface from the IP as this information is used by PXE setup.

We may want to keep this kind of behavior of setting the interface from the IP as this information is used by PXE setup.
mchiappero commented 2025-07-30 10:46:54 +02:00
Author
Owner
Copy Link

It still works that way, the interface name is derived at wait_for_interface_or_ip now from the PROVISIONING_IP (fixing a lookup at a point where the IP might not be present anyway) and set into PROVISIONING_INTERFACE . What changes is the use of "provisioning" as default value, which will result in an obscure error when looking it up on the system: it's best to fail cleanly.

That being said, since PROVISIONING_INTERFACE is an input, it should not be changed, it's one of the many hints of how little design and thinking it has gone through these scripts.

It still works that way, the interface name is derived at wait_for_interface_or_ip now from the PROVISIONING_IP (fixing a lookup at a point where the IP might not be present anyway) and set into PROVISIONING_INTERFACE . What changes is the use of "provisioning" as default value, which will result in an obscure error when looking it up on the system: it's best to fail cleanly. That being said, since PROVISIONING_INTERFACE is an input, it should not be changed, it's one of the many hints of how little design and thinking it has gone through these scripts.
mchiappero commented 2025-07-30 14:28:31 +02:00
Author
Owner
Copy Link

@nbelouin @steven.hardy Regarding the VirtualHost directive for the Ironic API, I wonder if it shouldn't include any IRONIC_EXTERNAL_IP or IRONIC_EXTERNAL_HTTP_URL. If so... it has always been buggy then?

Edit: I mean, listen to ALL, but Ironic API that should be reachable by both the provisioning network (either by hostname or IPs) and the BMC one (either by hostname or IPs). Unfortunately Ironic can have many different combinations and corner cases...

@nbelouin @steven.hardy Regarding the VirtualHost directive for the Ironic API, I wonder if it shouldn't include any IRONIC_EXTERNAL_IP or IRONIC_EXTERNAL_HTTP_URL. If so... it has always been buggy then? Edit: I mean, listen to ALL, but Ironic API that should be reachable by both the provisioning network (either by hostname or IPs) and the BMC one (either by hostname or IPs). Unfortunately Ironic can have many different combinations and corner cases...
mchiappero changed title from dual-stack to Dual-stack support 2025-08-04 16:45:01 +02:00
mchiappero force-pushed dual-stack from e5f765ec69 to e2d38a867c 2025-08-04 16:48:22 +02:00 Compare
mchiappero merged commit e2d38a867c into main 2025-08-05 17:35:27 +02:00
mchiappero deleted branch dual-stack 2025-08-05 17:35:27 +02:00
Sign in to join this conversation.
Reviewers
No Reviewers
amorgante
steven.hardy
nbelouin
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
amorgante antaloala atanasdinov atrendafilov dbekhit dprodanov eminguez fdegirmenci geoagriogiannis ipetrov117 jarndt jtomasek kzhelyazkov mchiappero mkrutov nbelouin roxenham steven.hardy
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: suse-edge/Factory#213
Delete Branch "mchiappero/Factory:dual-stack"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?