[stable/2023.2] Build all images (#1361)

Depends-On: #1410
diff --git a/Dockerfile b/Dockerfile
index b623571..3f77bd8 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
 # SPDX-License-Identifier: Apache-2.0
-# Atmosphere-Rebuild-Time: 2024-05-30T20:29:01Z
+# Atmosphere-Rebuild-Time: 2024-06-17T13:34:17Z
 
 ARG RELEASE
 
diff --git a/images/barbican/Dockerfile b/images/barbican/Dockerfile
index 367c97c..5326a86 100644
--- a/images/barbican/Dockerfile
+++ b/images/barbican/Dockerfile
@@ -1,10 +1,10 @@
 # SPDX-License-Identifier: Apache-2.0
-# Atmosphere-Rebuild-Time: 2024-05-30T20:29:01Z
+# Atmosphere-Rebuild-Time: 2024-06-17T13:34:17Z
 
 ARG RELEASE
 
 FROM registry.atmosphere.dev/library/openstack-venv-builder:${RELEASE} AS build
-ARG BARBICAN_GIT_REF=ca57ef5436e20e90cf6cd6853efe3c89a9afd986
+ARG BARBICAN_GIT_REF=00274b2f07d050c5b4571bfc0f4e5698acf678f1
 ADD --keep-git-dir=true https://opendev.org/openstack/barbican.git#${BARBICAN_GIT_REF} /src/barbican
 RUN git -C /src/barbican fetch --unshallow
 RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private <<EOF bash -xe
diff --git a/images/cinder/Dockerfile b/images/cinder/Dockerfile
index c2cfdfe..9861758 100644
--- a/images/cinder/Dockerfile
+++ b/images/cinder/Dockerfile
@@ -1,10 +1,10 @@
 # SPDX-License-Identifier: Apache-2.0
-# Atmosphere-Rebuild-Time: 2024-05-30T20:29:01Z
+# Atmosphere-Rebuild-Time: 2024-06-17T13:34:17Z
 
 ARG RELEASE
 
 FROM registry.atmosphere.dev/library/openstack-venv-builder:${RELEASE} AS build
-ARG CINDER_GIT_REF=b0f0b9015b9dfa228dff98eeee5116d8eca1c3cc
+ARG CINDER_GIT_REF=4e00f1b2c1ebf8c819a90c254f62f2552919da7b
 ADD --keep-git-dir=true https://opendev.org/openstack/cinder.git#${CINDER_GIT_REF} /src/cinder
 RUN git -C /src/cinder fetch --unshallow
 COPY patches/cinder /patches/cinder
@@ -18,10 +18,10 @@
         storpool.spopenstack
 EOF
 ADD --chmod=644 \
-    https://github.com/storpool/storpool-openstack-integration/raw/master/drivers/cinder/openstack/bobcat/storpool.py \
+    https://github.com/storpool/storpool-openstack-integration/raw/master/drivers/cinder/openstack/antelope/storpool.py \
     /var/lib/openstack/lib/python3.10/site-packages/cinder/volume/drivers/storpool.py
 ADD --chmod=644 \
-    https://github.com/storpool/storpool-openstack-integration/raw/master/drivers/os_brick/openstack/bobcat/storpool.py \
+    https://github.com/storpool/storpool-openstack-integration/raw/master/drivers/os_brick/openstack/antelope/storpool.py \
     /var/lib/openstack/lib/python3.10/site-packages/os_brick/initiator/connectors/storpool.py
 
 FROM registry.atmosphere.dev/library/openstack-python-runtime:${RELEASE}
diff --git a/images/cluster-api-provider-openstack/Dockerfile b/images/cluster-api-provider-openstack/Dockerfile
index 7ab4e84..6eb7bfd 100644
--- a/images/cluster-api-provider-openstack/Dockerfile
+++ b/images/cluster-api-provider-openstack/Dockerfile
@@ -1,5 +1,5 @@
 # SPDX-License-Identifier: Apache-2.0
-# Atmosphere-Rebuild-Time: 2024-05-30T20:29:01Z
+# Atmosphere-Rebuild-Time: 2024-06-17T13:34:17Z
 
 FROM alpine/git:2.43.0 AS src
 ARG CAPO_VERSION=v0.9.0
diff --git a/images/designate/Dockerfile b/images/designate/Dockerfile
index 149eeb2..71ec26b 100644
--- a/images/designate/Dockerfile
+++ b/images/designate/Dockerfile
@@ -1,10 +1,10 @@
 # SPDX-License-Identifier: Apache-2.0
-# Atmosphere-Rebuild-Time: 2024-05-30T20:29:01Z
+# Atmosphere-Rebuild-Time: 2024-06-17T13:34:17Z
 
 ARG RELEASE
 
 FROM registry.atmosphere.dev/library/openstack-venv-builder:${RELEASE} AS build
-ARG DESIGNATE_GIT_REF=097ffc6df181290eba1bcd7c492b1b505bc15434
+ARG DESIGNATE_GIT_REF=2c817b3d7f01de44023f195c6e8de8853683a54a
 ADD --keep-git-dir=true https://opendev.org/openstack/designate.git#${DESIGNATE_GIT_REF} /src/designate
 RUN git -C /src/designate fetch --unshallow
 COPY patches/designate /patches/designate
diff --git a/images/glance/Dockerfile b/images/glance/Dockerfile
index 4156b50..3e12d5b 100644
--- a/images/glance/Dockerfile
+++ b/images/glance/Dockerfile
@@ -1,13 +1,13 @@
 # SPDX-License-Identifier: Apache-2.0
-# Atmosphere-Rebuild-Time: 2024-05-30T20:29:01Z
+# Atmosphere-Rebuild-Time: 2024-06-17T13:34:17Z
 
 ARG RELEASE
 
 FROM registry.atmosphere.dev/library/openstack-venv-builder:${RELEASE} AS build
-ARG GLANCE_GIT_REF=0bcd6cd71c09917c6734421374fd598d73e8d0cc
+ARG GLANCE_GIT_REF=5e2acc91a4fcc834e3faea3ddb2d0ea13e2af606
 ADD --keep-git-dir=true https://opendev.org/openstack/glance.git#${GLANCE_GIT_REF} /src/glance
 RUN git -C /src/glance fetch --unshallow
-ADD --keep-git-dir=true https://opendev.org/openstack/glance_store.git#master /src/glance_store
+ADD --keep-git-dir=true https://opendev.org/openstack/glance_store.git#stable/2023.2 /src/glance_store
 RUN git -C /src/glance_store fetch --unshallow
 RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private <<EOF bash -xe
 pip3 install \
@@ -18,7 +18,7 @@
         storpool.spopenstack
 EOF
 ADD --chmod=644 \
-    https://github.com/storpool/storpool-openstack-integration/raw/master/drivers/os_brick/openstack/bobcat/storpool.py \
+    https://github.com/storpool/storpool-openstack-integration/raw/master/drivers/os_brick/openstack/antelope/storpool.py \
     /var/lib/openstack/lib/python3.10/site-packages/os_brick/initiator/connectors/storpool.py
 
 FROM registry.atmosphere.dev/library/openstack-python-runtime:${RELEASE}
diff --git a/images/heat/Dockerfile b/images/heat/Dockerfile
index e9b2331..14561b5 100644
--- a/images/heat/Dockerfile
+++ b/images/heat/Dockerfile
@@ -1,10 +1,10 @@
 # SPDX-License-Identifier: Apache-2.0
-# Atmosphere-Rebuild-Time: 2024-05-30T20:29:01Z
+# Atmosphere-Rebuild-Time: 2024-06-17T13:34:17Z
 
 ARG RELEASE
 
 FROM registry.atmosphere.dev/library/openstack-venv-builder:${RELEASE} AS build
-ARG HEAT_GIT_REF=80eea85194825773d1b60ecc4386b2d5ba52a066
+ARG HEAT_GIT_REF=39eca5de2e193f652792e4f7be2e5eb96dd3d853
 ADD --keep-git-dir=true https://opendev.org/openstack/heat.git#${HEAT_GIT_REF} /src/heat
 RUN git -C /src/heat fetch --unshallow
 RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private <<EOF bash -xe
diff --git a/images/horizon/Dockerfile b/images/horizon/Dockerfile
index 81d695d..9282e98 100644
--- a/images/horizon/Dockerfile
+++ b/images/horizon/Dockerfile
@@ -1,26 +1,28 @@
 # SPDX-License-Identifier: Apache-2.0
-# Atmosphere-Rebuild-Time: 2024-05-30T20:29:01Z
+# Atmosphere-Rebuild-Time: 2024-06-17T13:34:17Z
 
 ARG RELEASE
 
 FROM registry.atmosphere.dev/library/openstack-venv-builder:${RELEASE} AS build
-ARG HORIZON_GIT_REF=3f1f1d46e6e47a3dbe46fb023fe69ff25d6a601b
+ARG HORIZON_GIT_REF=593ef9b56191676d0a85b55bd152c0c757fad2de
 ADD --keep-git-dir=true https://opendev.org/openstack/horizon.git#${HORIZON_GIT_REF} /src/horizon
 RUN git -C /src/horizon fetch --unshallow
-ADD --keep-git-dir=true https://opendev.org/openstack/designate-dashboard.git#master /src/designate-dashboard
+ADD --keep-git-dir=true https://opendev.org/openstack/designate-dashboard.git#stable/2023.2 /src/designate-dashboard
 RUN git -C /src/designate-dashboard fetch --unshallow
-ADD --keep-git-dir=true https://opendev.org/openstack/heat-dashboard.git#master /src/heat-dashboard
+ADD --keep-git-dir=true https://opendev.org/openstack/heat-dashboard.git#stable/2023.2 /src/heat-dashboard
 RUN git -C /src/heat-dashboard fetch --unshallow
-ADD --keep-git-dir=true https://opendev.org/openstack/ironic-ui.git#master /src/ironic-ui
+ADD --keep-git-dir=true https://opendev.org/openstack/ironic-ui.git#stable/2023.2 /src/ironic-ui
 RUN git -C /src/ironic-ui fetch --unshallow
-ADD --keep-git-dir=true https://opendev.org/openstack/magnum-ui.git#master /src/magnum-ui
+ADD --keep-git-dir=true https://opendev.org/openstack/magnum-ui.git#stable/2023.2 /src/magnum-ui
 RUN git -C /src/magnum-ui fetch --unshallow
-ADD --keep-git-dir=true https://opendev.org/openstack/manila-ui.git#master /src/manila-ui
+ADD --keep-git-dir=true https://opendev.org/openstack/manila-ui.git#stable/2023.2 /src/manila-ui
 RUN git -C /src/manila-ui fetch --unshallow
-ADD --keep-git-dir=true https://opendev.org/openstack/neutron-vpnaas-dashboard.git#master /src/neutron-vpnaas-dashboard
+ADD --keep-git-dir=true https://opendev.org/openstack/neutron-vpnaas-dashboard.git#stable/2023.2 /src/neutron-vpnaas-dashboard
 RUN git -C /src/neutron-vpnaas-dashboard fetch --unshallow
-ADD --keep-git-dir=true https://opendev.org/openstack/octavia-dashboard.git#master /src/octavia-dashboard
+ADD --keep-git-dir=true https://opendev.org/openstack/octavia-dashboard.git#stable/2023.2 /src/octavia-dashboard
 RUN git -C /src/octavia-dashboard fetch --unshallow
+COPY patches/horizon /patches/horizon
+RUN git -C /src/horizon apply --verbose /patches/horizon/*
 COPY patches/magnum-ui /patches/magnum-ui
 RUN git -C /src/magnum-ui apply --verbose /patches/magnum-ui/*
 RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private <<EOF bash -xe
diff --git a/images/horizon/patches/horizon/0000-fix-ignore-errors-when-flavors-are-deleted.patch b/images/horizon/patches/horizon/0000-fix-ignore-errors-when-flavors-are-deleted.patch
new file mode 100644
index 0000000..93fbfcd
--- /dev/null
+++ b/images/horizon/patches/horizon/0000-fix-ignore-errors-when-flavors-are-deleted.patch
@@ -0,0 +1,108 @@
+From aa21f4baa38fc70549b1c7341361519de6362d9b Mon Sep 17 00:00:00 2001
+From: okozachenko <okozachenko1203@gmail.com>
+Date: Thu, 2 Nov 2023 01:27:20 +1100
+Subject: [PATCH] fix: ignore errors when flavors are deleted
+
+The code used to list flavors when in the admin
+or project side was not consistent and raised
+alerts if viewing in the admin side but not in the
+project side.
+
+This patch moves their behaviour to be consistent
+and refactors the code to use the same code-base.
+
+Closes-Bug: #2042362
+Change-Id: I37cc02102285b1e83ec1343b710a57fb5ac4ba15
+---
+ .../dashboards/admin/instances/tests.py         |  4 ----
+ .../dashboards/admin/instances/views.py         | 17 +++++------------
+ .../dashboards/project/instances/tests.py       |  1 +
+ .../dashboards/project/instances/views.py       | 11 +++--------
+ 4 files changed, 9 insertions(+), 24 deletions(-)
+
+diff --git a/openstack_dashboard/dashboards/admin/instances/tests.py b/openstack_dashboard/dashboards/admin/instances/tests.py
+index 3630cb79a..c6cf65e5d 100644
+--- a/openstack_dashboard/dashboards/admin/instances/tests.py
++++ b/openstack_dashboard/dashboards/admin/instances/tests.py
+@@ -133,10 +133,6 @@ class InstanceViewTest(test.BaseAdminViewTests):
+         res = self.client.get(INDEX_URL)
+         instances = res.context['table'].data
+         self.assertTemplateUsed(res, INDEX_TEMPLATE)
+-        # Since error messages produced for each instance are identical,
+-        # there will be only one error message for all instances
+-        # (messages de-duplication).
+-        self.assertMessageCount(res, error=1)
+         self.assertCountEqual(instances, servers)
+ 
+         self.assertEqual(self.mock_image_list_detailed.call_count, 4)
+diff --git a/openstack_dashboard/dashboards/admin/instances/views.py b/openstack_dashboard/dashboards/admin/instances/views.py
+index c35527fe4..efa28dd76 100644
+--- a/openstack_dashboard/dashboards/admin/instances/views.py
++++ b/openstack_dashboard/dashboards/admin/instances/views.py
+@@ -33,6 +33,8 @@ from openstack_dashboard.dashboards.admin.instances \
+ from openstack_dashboard.dashboards.admin.instances \
+     import tables as project_tables
+ from openstack_dashboard.dashboards.admin.instances import tabs
++from openstack_dashboard.dashboards.project.instances \
++    import utils as instance_utils
+ from openstack_dashboard.dashboards.project.instances import views
+ from openstack_dashboard.dashboards.project.instances.workflows \
+     import update_instance
+@@ -215,18 +217,9 @@ class AdminIndexView(tables.PagedTableMixin, tables.DataTableView):
+                 else:
+                     inst.image['name'] = _("-")
+ 
+-            flavor_id = inst.flavor["id"]
+-            try:
+-                if flavor_id in flavor_dict:
+-                    inst.full_flavor = flavor_dict[flavor_id]
+-                else:
+-                    # If the flavor_id is not in flavor_dict list,
+-                    # gets it via nova api.
+-                    inst.full_flavor = api.nova.flavor_get(
+-                        self.request, flavor_id)
+-            except Exception:
+-                msg = _('Unable to retrieve instance size information.')
+-                exceptions.handle(self.request, msg)
++            inst.full_flavor = instance_utils.resolve_flavor(self.request,
++                                                             inst, flavor_dict)
++
+             tenant = tenant_dict.get(inst.tenant_id, None)
+             inst.tenant_name = getattr(tenant, "name", None)
+         return instances
+diff --git a/openstack_dashboard/dashboards/project/instances/tests.py b/openstack_dashboard/dashboards/project/instances/tests.py
+index 5ab1b4a48..fe2f58c46 100644
+--- a/openstack_dashboard/dashboards/project/instances/tests.py
++++ b/openstack_dashboard/dashboards/project/instances/tests.py
+@@ -316,6 +316,7 @@ class InstanceTableTests(InstanceTestBase, InstanceTableTestMixin):
+         self.mock_is_feature_available.return_value = True
+         self.mock_server_list_paged.return_value = [servers, False, False]
+         self.mock_servers_update_addresses.return_value = None
++        self.mock_flavor_get.side_effect = self.exceptions.nova
+         self.mock_flavor_list.side_effect = self.exceptions.nova
+         self.mock_image_list_detailed.return_value = (self.images.list(),
+                                                       False, False)
+diff --git a/openstack_dashboard/dashboards/project/instances/views.py b/openstack_dashboard/dashboards/project/instances/views.py
+index badf540b8..b848f6fff 100644
+--- a/openstack_dashboard/dashboards/project/instances/views.py
++++ b/openstack_dashboard/dashboards/project/instances/views.py
+@@ -171,14 +171,9 @@ class IndexView(tables.PagedTableMixin, tables.DataTableView):
+         for instance in instances:
+             self._populate_image_info(instance, image_dict, volume_dict)
+ 
+-            flavor_id = instance.flavor["id"]
+-            if flavor_id in flavor_dict:
+-                instance.full_flavor = flavor_dict[flavor_id]
+-            else:
+-                # If the flavor_id is not in flavor_dict,
+-                # put info in the log file.
+-                LOG.info('Unable to retrieve flavor "%s" for instance "%s".',
+-                         flavor_id, instance.id)
++            instance.full_flavor = instance_utils.resolve_flavor(self.request,
++                                                                 instance,
++                                                                 flavor_dict)
+ 
+         return instances
+ 
+-- 
+2.34.1
diff --git a/images/horizon/patches/horizon/0001-Fixing-Incorrect-URL-when-browsing-Swift-containers.patch b/images/horizon/patches/horizon/0001-Fixing-Incorrect-URL-when-browsing-Swift-containers.patch
new file mode 100644
index 0000000..58eafd8
--- /dev/null
+++ b/images/horizon/patches/horizon/0001-Fixing-Incorrect-URL-when-browsing-Swift-containers.patch
@@ -0,0 +1,39 @@
+From 4aa347fe196b7b18ff0bf5f4d4f076a6c14cf12e Mon Sep 17 00:00:00 2001
+From: jeremy-boyle <jeremyboylet@gmail.com>
+Date: Sat, 24 Jun 2023 16:59:11 +0000
+Subject: [PATCH] Fixing Incorrect URL when browsing Swift containers
+
+This patch fixes a bug identified in the code that generates the URL for
+the Swift container object. The bug caused the forward slashes (/) in the
+folder parameter to be encoded as %2F instead of being included as '/' in the
+resulting URL.
+
+To resolve this issue, the code has been updated by adding a replace() method
+to replace the %2F sequences with forward slashes. The updated code ensures
+that the URL generated for the folder parameter contains the correct forward
+slash (/) representation.
+
+Closes-Bug: #2009724
+Signed-off-by: jeremy-boyle <jeremyboylet@gmail.com>
+
+Change-Id: I5837e74ddcc71cda6b4686e586dbb8b1386a9cd3
+---
+ .../static/dashboard/project/containers/objects.controller.js  | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/openstack_dashboard/dashboards/project/static/dashboard/project/containers/objects.controller.js b/openstack_dashboard/dashboards/project/static/dashboard/project/containers/objects.controller.js
+index 55262a1fa..c14128cbf 100644
+--- a/openstack_dashboard/dashboards/project/static/dashboard/project/containers/objects.controller.js
++++ b/openstack_dashboard/dashboards/project/static/dashboard/project/containers/objects.controller.js
+@@ -60,7 +60,8 @@
+     ctrl.containerURL = containerRoute + encodeURIComponent($routeParams.container) +
+       ctrl.model.DELIMETER;
+     if (angular.isDefined($routeParams.folder)) {
+-      ctrl.currentURL = ctrl.containerURL + encodeURIComponent($routeParams.folder) +
++      ctrl.currentURL = ctrl.containerURL +
++        encodeURIComponent($routeParams.folder).replace(/%2F/g, '/') +
+         ctrl.model.DELIMETER;
+     } else {
+       ctrl.currentURL = ctrl.containerURL;
+-- 
+2.34.1
diff --git a/images/ironic/Dockerfile b/images/ironic/Dockerfile
index 66eb671..8c6475d 100644
--- a/images/ironic/Dockerfile
+++ b/images/ironic/Dockerfile
@@ -1,10 +1,10 @@
 # SPDX-License-Identifier: Apache-2.0
-# Atmosphere-Rebuild-Time: 2024-05-30T20:29:01Z
+# Atmosphere-Rebuild-Time: 2024-06-17T13:34:17Z
 
 ARG RELEASE
 
 FROM registry.atmosphere.dev/library/openstack-venv-builder:${RELEASE} AS build
-ARG IRONIC_GIT_REF=22aa29b864eecd00bfb7c67cc2075030da1eb1d0
+ARG IRONIC_GIT_REF=aa479f4426afe599a4494d57904daea6321ca4c7
 ADD --keep-git-dir=true https://opendev.org/openstack/ironic.git#${IRONIC_GIT_REF} /src/ironic
 RUN git -C /src/ironic fetch --unshallow
 RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private <<EOF bash -xe
diff --git a/images/keepalived/Dockerfile b/images/keepalived/Dockerfile
index f958c3d..799e99a 100644
--- a/images/keepalived/Dockerfile
+++ b/images/keepalived/Dockerfile
@@ -1,5 +1,5 @@
 # SPDX-License-Identifier: Apache-2.0
-# Atmosphere-Rebuild-Time: 2024-05-30T20:29:01Z
+# Atmosphere-Rebuild-Time: 2024-06-17T13:34:17Z
 
 ARG RELEASE
 
diff --git a/images/keystone/Dockerfile b/images/keystone/Dockerfile
index e1534f4..acb462a 100644
--- a/images/keystone/Dockerfile
+++ b/images/keystone/Dockerfile
@@ -1,12 +1,14 @@
 # SPDX-License-Identifier: Apache-2.0
-# Atmosphere-Rebuild-Time: 2024-05-30T20:29:01Z
+# Atmosphere-Rebuild-Time: 2024-06-17T13:34:17Z
 
 ARG RELEASE
 
 FROM registry.atmosphere.dev/library/openstack-venv-builder:${RELEASE} AS build
-ARG KEYSTONE_GIT_REF=8ca73f758bb613a57815fbe4ae78e3d2afa4af49
+ARG KEYSTONE_GIT_REF=7697140fc23cee66b17050651813ebe902671256
 ADD --keep-git-dir=true https://opendev.org/openstack/keystone.git#${KEYSTONE_GIT_REF} /src/keystone
 RUN git -C /src/keystone fetch --unshallow
+COPY patches/keystone /patches/keystone
+RUN git -C /src/keystone apply --verbose /patches/keystone/*
 RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private <<EOF bash -xe
 pip3 install \
     --constraint /upper-constraints.txt \
diff --git a/images/keystone/patches/keystone/0000-Ensure-application-credentials-take-account-of-impli.patch b/images/keystone/patches/keystone/0000-Ensure-application-credentials-take-account-of-impli.patch
new file mode 100644
index 0000000..2d0841e
--- /dev/null
+++ b/images/keystone/patches/keystone/0000-Ensure-application-credentials-take-account-of-impli.patch
@@ -0,0 +1,46 @@
+From 6ee7ea0d63fed272beb3806d722c2dd3585e8212 Mon Sep 17 00:00:00 2001
+From: Andrew Bonney <andrew.bonney@bbc.co.uk>
+Date: Tue, 5 Sep 2023 14:56:51 +0100
+Subject: [PATCH] Ensure application credentials take account of implied roles
+
+Related-Bug: #2030061
+Change-Id: I2aea0b89987b24cf5ddaadeecbd06c32ad81a9bc
+---
+ keystone/models/token_model.py | 13 +++++++++++--
+ 1 file changed, 11 insertions(+), 2 deletions(-)
+
+diff --git a/keystone/models/token_model.py b/keystone/models/token_model.py
+index 78146295d..b152d97c2 100644
+--- a/keystone/models/token_model.py
++++ b/keystone/models/token_model.py
+@@ -429,7 +429,13 @@ class TokenModel(object):
+ 
+     def _get_application_credential_roles(self):
+         roles = []
++        roles_added = list()
+         app_cred_roles = self.application_credential['roles']
++        app_cred_roles = [{'role_id': r['id']} for r in app_cred_roles]
++        effective_app_cred_roles = (
++            PROVIDERS.assignment_api.add_implied_roles(app_cred_roles)
++        )
++
+         assignment_list = PROVIDERS.assignment_api.list_role_assignments(
+             user_id=self.user_id,
+             project_id=self.project_id,
+@@ -437,9 +443,12 @@ class TokenModel(object):
+             effective=True)
+         user_roles = list(set([x['role_id'] for x in assignment_list]))
+ 
+-        for role in app_cred_roles:
+-            if role['id'] in user_roles:
++        for role in effective_app_cred_roles:
++            if role['role_id'] in user_roles and \
++                    role['role_id'] not in roles_added:
++                role = PROVIDERS.role_api.get_role(role['role_id'])
+                 roles.append({'id': role['id'], 'name': role['name']})
++                roles_added.append(role['id'])
+ 
+         return roles
+ 
+-- 
+2.34.1
diff --git a/images/kubernetes-entrypoint/Dockerfile b/images/kubernetes-entrypoint/Dockerfile
index 53df53a..1fb841c 100644
--- a/images/kubernetes-entrypoint/Dockerfile
+++ b/images/kubernetes-entrypoint/Dockerfile
@@ -1,5 +1,5 @@
 # SPDX-License-Identifier: Apache-2.0
-# Atmosphere-Rebuild-Time: 2024-05-30T20:29:01Z
+# Atmosphere-Rebuild-Time: 2024-06-17T13:34:17Z
 
 FROM golang:1.21 AS build
 ARG KUBERNETES_ENTRYPOINT_GIT_REF=4fbcf7ce324dc66e78480f73035e31434cfea1e8
diff --git a/images/libvirtd/Dockerfile b/images/libvirtd/Dockerfile
index 14d7d70..77b2165 100644
--- a/images/libvirtd/Dockerfile
+++ b/images/libvirtd/Dockerfile
@@ -1,5 +1,5 @@
 # SPDX-License-Identifier: Apache-2.0
-# Atmosphere-Rebuild-Time: 2024-05-30T20:29:01Z
+# Atmosphere-Rebuild-Time: 2024-06-17T13:34:17Z
 
 ARG RELEASE
 
diff --git a/images/magnum/Dockerfile b/images/magnum/Dockerfile
index f0fa7a2..6ec5426 100644
--- a/images/magnum/Dockerfile
+++ b/images/magnum/Dockerfile
@@ -1,5 +1,5 @@
 # SPDX-License-Identifier: Apache-2.0
-# Atmosphere-Rebuild-Time: 2024-05-30T20:29:01Z
+# Atmosphere-Rebuild-Time: 2024-06-17T13:34:17Z
 
 ARG RELEASE
 
@@ -12,7 +12,7 @@
 RUN mv /${TARGETOS}-${TARGETARCH}/helm /usr/bin/helm
 
 FROM registry.atmosphere.dev/library/openstack-venv-builder:${RELEASE} AS build
-ARG MAGNUM_GIT_REF=c613ea4e419edc0086116da07e93cf19206746e1
+ARG MAGNUM_GIT_REF=f3cfcfd8f1d472950642e7103ab59853f5ee63da
 ADD --keep-git-dir=true https://opendev.org/openstack/magnum.git#${MAGNUM_GIT_REF} /src/magnum
 RUN git -C /src/magnum fetch --unshallow
 RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private <<EOF bash -xe
diff --git a/images/manila/Dockerfile b/images/manila/Dockerfile
index e0a05dd..31c1d97 100644
--- a/images/manila/Dockerfile
+++ b/images/manila/Dockerfile
@@ -1,12 +1,14 @@
 # SPDX-License-Identifier: Apache-2.0
-# Atmosphere-Rebuild-Time: 2024-05-30T20:29:01Z
+# Atmosphere-Rebuild-Time: 2024-06-17T13:34:17Z
 
 ARG RELEASE
 
 FROM registry.atmosphere.dev/library/openstack-venv-builder:${RELEASE} AS build
-ARG MANILA_GIT_REF=d8987589ae88ae9b2769fbe6f26d5b6994098038
+ARG MANILA_GIT_REF=ed585103e4c26478b60b397b0bb064b50dc1acb5
 ADD --keep-git-dir=true https://opendev.org/openstack/manila.git#${MANILA_GIT_REF} /src/manila
 RUN git -C /src/manila fetch --unshallow
+COPY patches/manila /patches/manila
+RUN git -C /src/manila apply --verbose /patches/manila/*
 RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private <<EOF bash -xe
 pip3 install \
     --constraint /upper-constraints.txt \
diff --git a/images/manila/patches/manila/0000-fix-stop-using-batch_op-for-rename_table.patch b/images/manila/patches/manila/0000-fix-stop-using-batch_op-for-rename_table.patch
new file mode 100644
index 0000000..c1f2306
--- /dev/null
+++ b/images/manila/patches/manila/0000-fix-stop-using-batch_op-for-rename_table.patch
@@ -0,0 +1,30 @@
+From eb7f03c667261557d7f809f7851bad6b3eea4646 Mon Sep 17 00:00:00 2001
+From: Mohammed Naser <mnaser@vexxhost.com>
+Date: Mon, 8 Jan 2024 14:00:37 -0500
+Subject: [PATCH] fix: Stop using batch_op for rename_table
+
+For migrations that rename tables, batch_op is not needed, which
+is also even causing issues with newer versions of Alembic.
+
+Change-Id: Ib43f5a24c497f7d97cb2d852b99489b0c3bd75fb
+---
+ .../alembic/versions/5077ffcc5f1c_add_share_instances.py      | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/manila/db/migrations/alembic/versions/5077ffcc5f1c_add_share_instances.py b/manila/db/migrations/alembic/versions/5077ffcc5f1c_add_share_instances.py
+index 42d26b75e..373e308d0 100644
+--- a/manila/db/migrations/alembic/versions/5077ffcc5f1c_add_share_instances.py
++++ b/manila/db/migrations/alembic/versions/5077ffcc5f1c_add_share_instances.py
+@@ -245,8 +245,8 @@ def upgrade_export_locations_table(connection):
+     with op.batch_alter_table("share_export_locations") as batch_op:
+         batch_op.drop_constraint('sel_id_fk', type_='foreignkey')
+         batch_op.drop_column('share_id')
+-        batch_op.rename_table('share_export_locations',
+-                              'share_instance_export_locations')
++    op.rename_table('share_export_locations',
++                            'share_instance_export_locations')
+ 
+ 
+ def downgrade_export_locations_table(connection):
+-- 
+2.34.1
diff --git a/images/netoffload/Dockerfile b/images/netoffload/Dockerfile
index c72f357..8cdab70 100644
--- a/images/netoffload/Dockerfile
+++ b/images/netoffload/Dockerfile
@@ -1,5 +1,5 @@
 # SPDX-License-Identifier: Apache-2.0
-# Atmosphere-Rebuild-Time: 2024-05-30T20:29:01Z
+# Atmosphere-Rebuild-Time: 2024-06-17T13:34:17Z
 
 ARG RELEASE
 
diff --git a/images/neutron/Dockerfile b/images/neutron/Dockerfile
index 908afe7..ed57f6e 100644
--- a/images/neutron/Dockerfile
+++ b/images/neutron/Dockerfile
@@ -1,13 +1,13 @@
 # SPDX-License-Identifier: Apache-2.0
-# Atmosphere-Rebuild-Time: 2024-05-30T20:29:01Z
+# Atmosphere-Rebuild-Time: 2024-06-17T13:34:17Z
 
 ARG RELEASE
 
 FROM registry.atmosphere.dev/library/openstack-venv-builder:${RELEASE} AS build
-ARG NEUTRON_GIT_REF=019294c71d94b788c14b23dc1da3c21f51bcdb0b
+ARG NEUTRON_GIT_REF=81c8fd369b5ba58e53b4af21afbb95e2897dc42e
 ADD --keep-git-dir=true https://opendev.org/openstack/neutron.git#${NEUTRON_GIT_REF} /src/neutron
 RUN git -C /src/neutron fetch --unshallow
-ADD --keep-git-dir=true https://opendev.org/openstack/neutron-vpnaas.git#master /src/neutron-vpnaas
+ADD --keep-git-dir=true https://opendev.org/openstack/neutron-vpnaas.git#stable/2023.2 /src/neutron-vpnaas
 RUN git -C /src/neutron-vpnaas fetch --unshallow
 RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private <<EOF bash -xe
 pip3 install \
diff --git a/images/neutron/patches/neutron/0001-fix-ovn-set-mtu-in-external_ids-correctly.patch b/images/neutron/patches/neutron/0001-fix-ovn-set-mtu-in-external_ids-correctly.patch
new file mode 100644
index 0000000..a0ef434
--- /dev/null
+++ b/images/neutron/patches/neutron/0001-fix-ovn-set-mtu-in-external_ids-correctly.patch
@@ -0,0 +1,38 @@
+From f8ec437329510ef59c81084712dbfe49528ef56d Mon Sep 17 00:00:00 2001
+From: Mohammed Naser <mnaser@vexxhost.com>
+Date: Thu, 28 Mar 2024 14:38:43 -0400
+Subject: [PATCH] fix(ovn): set mtu in external_ids correctly
+
+In the previous patch, we did account for the MTU showing up
+in the external IDs however the code only sets it if it's using
+a remote managed port binding.  This code instead sets the binding
+for all the inerface types instead.
+
+Related-Change-Id: I7ff300e9634e5e3fc68d70540392109fd8b9babc
+Closes-Bug: 2053274
+Change-Id: I0653c83c5fb595847bb61182223db39b2f7e98c6
+---
+ .../plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py   | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py b/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py
+index 3e7bc5c01f..6f9e90afde 100644
+--- a/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py
++++ b/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py
+@@ -419,11 +419,11 @@ class OVNClient(object):
+         # HA Chassis Group will bind the port to the highest
+         # priority Chassis
+         if port_type != ovn_const.LSP_TYPE_EXTERNAL:
++            port_net = self._plugin.get_network(
++                context, port['network_id'])
++            mtu = str(port_net['mtu'])
+             if (bp_info.vnic_type == portbindings.VNIC_REMOTE_MANAGED and
+                     ovn_const.VIF_DETAILS_PF_MAC_ADDRESS in bp_info.bp_param):
+-                port_net = self._plugin.get_network(
+-                    context, port['network_id'])
+-                mtu = str(port_net['mtu'])
+                 options.update({
+                     ovn_const.LSP_OPTIONS_VIF_PLUG_TYPE_KEY: 'representor',
+                     ovn_const.LSP_OPTIONS_VIF_PLUG_MTU_REQUEST_KEY: mtu,
+-- 
+2.34.1
diff --git a/images/nova-ssh/Dockerfile b/images/nova-ssh/Dockerfile
index 5b6b56b..91d5866 100644
--- a/images/nova-ssh/Dockerfile
+++ b/images/nova-ssh/Dockerfile
@@ -1,5 +1,5 @@
 # SPDX-License-Identifier: Apache-2.0
-# Atmosphere-Rebuild-Time: 2024-05-30T20:29:01Z
+# Atmosphere-Rebuild-Time: 2024-06-17T13:34:17Z
 
 ARG RELEASE
 
diff --git a/images/nova/Dockerfile b/images/nova/Dockerfile
index a7b972f..a85ad42 100644
--- a/images/nova/Dockerfile
+++ b/images/nova/Dockerfile
@@ -1,10 +1,10 @@
 # SPDX-License-Identifier: Apache-2.0
-# Atmosphere-Rebuild-Time: 2024-05-30T20:29:01Z
+# Atmosphere-Rebuild-Time: 2024-06-17T13:34:17Z
 
 ARG RELEASE
 
 FROM registry.atmosphere.dev/library/openstack-venv-builder:${RELEASE} AS build
-ARG NOVA_GIT_REF=c199becf52267ba37c5191f6f82e29bb5232b607
+ARG NOVA_GIT_REF=386ab56ed5bde2bc21cbf9a1361cb3700dad8d81
 ADD --keep-git-dir=true https://opendev.org/openstack/nova.git#${NOVA_GIT_REF} /src/nova
 RUN git -C /src/nova fetch --unshallow
 RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private <<EOF bash -xe
@@ -16,7 +16,7 @@
         storpool.spopenstack
 EOF
 ADD --chmod=644 \
-    https://github.com/storpool/storpool-openstack-integration/raw/master/drivers/os_brick/openstack/bobcat/storpool.py \
+    https://github.com/storpool/storpool-openstack-integration/raw/master/drivers/os_brick/openstack/antelope/storpool.py \
     /var/lib/openstack/lib/python3.10/site-packages/os_brick/initiator/connectors/storpool.py
 
 FROM registry.atmosphere.dev/library/openstack-python-runtime:${RELEASE}
diff --git a/images/octavia/Dockerfile b/images/octavia/Dockerfile
index 068573b..33f46d9 100644
--- a/images/octavia/Dockerfile
+++ b/images/octavia/Dockerfile
@@ -1,13 +1,13 @@
 # SPDX-License-Identifier: Apache-2.0
-# Atmosphere-Rebuild-Time: 2024-05-30T20:29:01Z
+# Atmosphere-Rebuild-Time: 2024-06-17T13:34:17Z
 
 ARG RELEASE
 
 FROM registry.atmosphere.dev/library/openstack-venv-builder:${RELEASE} AS build
-ARG OCTAVIA_GIT_REF=824b51a1dad80292b7a8ad5d61bf3ce706b1fb29
+ARG OCTAVIA_GIT_REF=8832cefaa0e5b6ec1e2db8fe77c3995adce0ca6a
 ADD --keep-git-dir=true https://opendev.org/openstack/octavia.git#${OCTAVIA_GIT_REF} /src/octavia
 RUN git -C /src/octavia fetch --unshallow
-ADD --keep-git-dir=true https://opendev.org/openstack/ovn-octavia-provider.git#master /src/ovn-octavia-provider
+ADD --keep-git-dir=true https://opendev.org/openstack/ovn-octavia-provider.git#stable/2023.2 /src/ovn-octavia-provider
 RUN git -C /src/ovn-octavia-provider fetch --unshallow
 RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private <<EOF bash -xe
 pip3 install \
diff --git a/images/openstack-runtime/Dockerfile b/images/openstack-runtime/Dockerfile
index 3a3d961..d80c029 100644
--- a/images/openstack-runtime/Dockerfile
+++ b/images/openstack-runtime/Dockerfile
@@ -1,5 +1,5 @@
 # SPDX-License-Identifier: Apache-2.0
-# Atmosphere-Rebuild-Time: 2024-05-30T20:29:01Z
+# Atmosphere-Rebuild-Time: 2024-06-17T13:34:17Z
 
 ARG RELEASE
 
diff --git a/images/openstack-venv-builder/Dockerfile b/images/openstack-venv-builder/Dockerfile
index 8c5e50b..49acc09 100644
--- a/images/openstack-venv-builder/Dockerfile
+++ b/images/openstack-venv-builder/Dockerfile
@@ -1,12 +1,12 @@
 # SPDX-License-Identifier: Apache-2.0
-# Atmosphere-Rebuild-Time: 2024-05-30T20:29:01Z
+# Atmosphere-Rebuild-Time: 2024-06-17T13:34:17Z
 
 # Build
 
 ARG RELEASE
 
 FROM registry.atmosphere.dev/library/ubuntu-cloud-archive:${RELEASE} AS requirements
-ARG REQUIREMENTS_GIT_REF=18098b9abacbd8d7257bebc1b302294f634441ab
+ARG REQUIREMENTS_GIT_REF=b14cdf8aeba6b7fba4ed85ae4e140d1f52a4038c
 ADD --keep-git-dir=true https://opendev.org/openstack/requirements.git#${REQUIREMENTS_GIT_REF} /src/requirements
 RUN cp /src/requirements/upper-constraints.txt /upper-constraints.txt
 RUN <<EOF sh -xe
diff --git a/images/openvswitch/Dockerfile b/images/openvswitch/Dockerfile
index 8fe375a..896923f 100644
--- a/images/openvswitch/Dockerfile
+++ b/images/openvswitch/Dockerfile
@@ -1,5 +1,5 @@
 # SPDX-License-Identifier: Apache-2.0
-# Atmosphere-Rebuild-Time: 2024-05-30T20:29:01Z
+# Atmosphere-Rebuild-Time: 2024-06-17T13:34:17Z
 
 FROM quay.io/centos/centos:stream9
 ARG OVS_SERIES=3.2
diff --git a/images/ovn/Dockerfile b/images/ovn/Dockerfile
index ac67d54..598e5aa 100644
--- a/images/ovn/Dockerfile
+++ b/images/ovn/Dockerfile
@@ -1,5 +1,5 @@
 # SPDX-License-Identifier: Apache-2.0
-# Atmosphere-Rebuild-Time: 2024-05-30T20:29:01Z
+# Atmosphere-Rebuild-Time: 2024-06-17T13:34:17Z
 
 ARG RELEASE
 
diff --git a/images/placement/Dockerfile b/images/placement/Dockerfile
index 7d58e3d..61387a5 100644
--- a/images/placement/Dockerfile
+++ b/images/placement/Dockerfile
@@ -1,10 +1,10 @@
 # SPDX-License-Identifier: Apache-2.0
-# Atmosphere-Rebuild-Time: 2024-05-30T20:29:01Z
+# Atmosphere-Rebuild-Time: 2024-06-17T13:34:17Z
 
 ARG RELEASE
 
 FROM registry.atmosphere.dev/library/openstack-venv-builder:${RELEASE} AS build
-ARG PLACEMENT_GIT_REF=96a9aeb3b4a6ffff5bbf247b213409395239fc7a
+ARG PLACEMENT_GIT_REF=a361622d749d3b24aad638ec1b03a7d7124a87b3
 ADD --keep-git-dir=true https://opendev.org/openstack/placement.git#${PLACEMENT_GIT_REF} /src/placement
 RUN git -C /src/placement fetch --unshallow
 RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private <<EOF bash -xe
diff --git a/images/python-base/Dockerfile b/images/python-base/Dockerfile
index ba45b02..ffd685e 100644
--- a/images/python-base/Dockerfile
+++ b/images/python-base/Dockerfile
@@ -1,5 +1,5 @@
 # SPDX-License-Identifier: Apache-2.0
-# Atmosphere-Rebuild-Time: 2024-05-30T20:29:01Z
+# Atmosphere-Rebuild-Time: 2024-06-17T13:34:17Z
 
 ARG RELEASE
 
diff --git a/images/python-openstackclient/Dockerfile b/images/python-openstackclient/Dockerfile
index de9a92c..613c91c 100644
--- a/images/python-openstackclient/Dockerfile
+++ b/images/python-openstackclient/Dockerfile
@@ -1,5 +1,5 @@
 # SPDX-License-Identifier: Apache-2.0
-# Atmosphere-Rebuild-Time: 2024-05-30T20:29:01Z
+# Atmosphere-Rebuild-Time: 2024-06-17T13:34:17Z
 
 ARG RELEASE
 
diff --git a/images/staffeln/Dockerfile b/images/staffeln/Dockerfile
index 765b1df..792c23b 100644
--- a/images/staffeln/Dockerfile
+++ b/images/staffeln/Dockerfile
@@ -1,5 +1,5 @@
 # SPDX-License-Identifier: Apache-2.0
-# Atmosphere-Rebuild-Time: 2024-05-30T20:29:01Z
+# Atmosphere-Rebuild-Time: 2024-06-17T13:34:17Z
 
 ARG RELEASE
 
diff --git a/images/tempest/Dockerfile b/images/tempest/Dockerfile
index 0959c02..3b336f2 100644
--- a/images/tempest/Dockerfile
+++ b/images/tempest/Dockerfile
@@ -1,5 +1,5 @@
 # SPDX-License-Identifier: Apache-2.0
-# Atmosphere-Rebuild-Time: 2024-05-30T20:29:01Z
+# Atmosphere-Rebuild-Time: 2024-06-17T13:34:17Z
 
 ARG RELEASE
 
diff --git a/images/ubuntu-cloud-archive/Dockerfile b/images/ubuntu-cloud-archive/Dockerfile
index 2be3cdb..db1d0bf 100644
--- a/images/ubuntu-cloud-archive/Dockerfile
+++ b/images/ubuntu-cloud-archive/Dockerfile
@@ -1,10 +1,10 @@
 # SPDX-License-Identifier: Apache-2.0
-# Atmosphere-Rebuild-Time: 2024-05-30T20:29:01Z
+# Atmosphere-Rebuild-Time: 2024-06-17T13:34:17Z
 
 ARG RELEASE
 
 FROM registry.atmosphere.dev/library/ubuntu:${RELEASE}
 COPY trusted.gpg.d/ubuntu-cloud-keyring.gpg /etc/apt/trusted.gpg.d/ubuntu-cloud-keyring.gpg
 COPY <<EOF /etc/apt/sources.list.d/cloudarchive.list
-deb http://ubuntu-cloud.archive.canonical.com/ubuntu jammy-updates/caracal main
+deb http://ubuntu-cloud.archive.canonical.com/ubuntu jammy-updates/bobcat main
 EOF
diff --git a/images/ubuntu/Dockerfile b/images/ubuntu/Dockerfile
index e1694f9..2a5d0d9 100644
--- a/images/ubuntu/Dockerfile
+++ b/images/ubuntu/Dockerfile
@@ -1,5 +1,5 @@
 # SPDX-License-Identifier: Apache-2.0
-# Atmosphere-Rebuild-Time: 2024-05-30T20:29:01Z
+# Atmosphere-Rebuild-Time: 2024-06-17T13:34:17Z
 
 FROM ubuntu:jammy-20240227
 LABEL org.opencontainers.image.source=https://github.com/vexxhost/atmosphere
diff --git a/roles/defaults/vars/main.yml b/roles/defaults/vars/main.yml
index ec0a590..fa337ee 100644
--- a/roles/defaults/vars/main.yml
+++ b/roles/defaults/vars/main.yml
@@ -12,7 +12,7 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 
-atmosphere_release: main
+atmosphere_release: "2023.2"
 
 _atmosphere_images:
   alertmanager: quay.io/prometheus/alertmanager:v0.27.0
diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml
index 9fab7da..90d4a43 100644
--- a/zuul.d/jobs.yaml
+++ b/zuul.d/jobs.yaml
@@ -80,7 +80,5 @@
 - job:
     name: atmosphere-molecule-aio-ovn
     parent: atmosphere-molecule-aio-full
-    # NOTE(mnaser): https://github.com/vexxhost/atmosphere/issues/662
-    voting: false
     vars:
       tox_envlist: molecule-aio-ovn
diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml
index 82e5de5..d83fbfc 100644
--- a/zuul.d/project.yaml
+++ b/zuul.d/project.yaml
@@ -65,6 +65,8 @@
                 soft: true
               - name: atmosphere-build-container-image-placement
                 soft: true
+              - name: atmosphere-build-container-image-python-openstackclient
+                soft: true
               - name: atmosphere-build-container-image-staffeln
                 soft: true
               - name: atmosphere-build-container-image-tempest
@@ -130,6 +132,8 @@
                 soft: true
               - name: atmosphere-upload-container-image-placement
                 soft: true
+              - name: atmosphere-upload-container-image-python-openstackclient
+                soft: true
               - name: atmosphere-upload-container-image-staffeln
                 soft: true
               - name: atmosphere-upload-container-image-tempest