fix(ovn): pin host names (#863)

diff --git a/Earthfile b/Earthfile
index 7dbaa88..b85b9ca 100644
--- a/Earthfile
+++ b/Earthfile
@@ -59,14 +59,18 @@
   BUILD ./images/horizon+image
   BUILD ./images/ironic+image
   BUILD ./images/keystone+image
+  BUILD ./images/libvirtd+image
   BUILD ./images/magnum+image
   BUILD ./images/manila+image
   BUILD ./images/neutron+image
   BUILD ./images/nova-ssh+image
   BUILD ./images/nova+image
   BUILD ./images/octavia+image
+  BUILD ./images/openvswitch+image
+  BUILD ./images/ovn+images
   BUILD ./images/placement+image
   BUILD ./images/senlin+image
+  BUILD ./images/tempest+image
 
 pin-images:
   FROM +build.venv.dev
diff --git a/charts/ovn/templates/bin/_ovn-controller-init.sh.tpl b/charts/ovn/templates/bin/_ovn-controller-init.sh.tpl
index 44bd8fe..77e1e68 100644
--- a/charts/ovn/templates/bin/_ovn-controller-init.sh.tpl
+++ b/charts/ovn/templates/bin/_ovn-controller-init.sh.tpl
@@ -14,6 +14,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+ANNOTATION_KEY="atmosphere.cloud/ovn-system-id"
+
 function get_ip_address_from_interface {
   local interface=$1
   local ip=$(ip -4 -o addr s "${interface}" | awk '{ print $4; exit }' | awk -F '/' '{print $1}')
@@ -75,6 +77,19 @@
   set -e
 }
 
+function get_current_system_id {
+  ovs-vsctl --if-exists get Open_vSwitch . external_ids:system-id | tr -d '"'
+}
+
+function get_stored_system_id {
+  kubectl get node "$NODE_NAME" -o "jsonpath={.metadata.annotations.atmosphere\.cloud/ovn-system-id}"
+}
+
+function store_system_id() {
+  local system_id=$1
+  kubectl annotate node "$NODE_NAME" "$ANNOTATION_KEY=$system_id"
+}
+
 # Detect tunnel interface
 tunnel_interface="{{- .Values.network.interface.tunnel -}}"
 if [ -z "${tunnel_interface}" ] ; then
@@ -89,13 +104,25 @@
 fi
 ovs-vsctl set open . external_ids:ovn-encap-ip="$(get_ip_address_from_interface ${tunnel_interface})"
 
-# Configure system ID
-set +e
-ovs-vsctl get open . external-ids:system-id
-if [ $? -eq 1 ]; then
-  ovs-vsctl set open . external-ids:system-id="$(uuidgen)"
+# Get the stored system-id from the Kubernetes node annotation
+stored_system_id=$(get_stored_system_id)
+
+# Get the current system-id set in OVS
+current_system_id=$(get_current_system_id)
+
+if [ -n "$stored_system_id" ] && [ "$stored_system_id" != "$current_system_id" ]; then
+  # If the annotation exists and does not match the current system-id, set the system-id to the stored one
+  ovs-vsctl set Open_vSwitch . external_ids:system-id="$stored_system_id"
+elif [ -z "$current_system_id" ]; then
+  # If no current system-id is set, generate a new one
+  current_system_id=$(uuidgen)
+  ovs-vsctl set Open_vSwitch . external_ids:system-id="$current_system_id"
+  # Store the new system-id in the Kubernetes node annotation
+  store_system_id "$current_system_id"
+elif [ -z "$stored_system_id" ]; then
+  # If there is no stored system-id, store the current one
+  store_system_id "$current_system_id"
 fi
-set -e
 
 # Configure OVN remote
 {{- if empty .Values.conf.ovn_remote -}}
diff --git a/charts/ovn/templates/clusterrole-controller.yaml b/charts/ovn/templates/clusterrole-controller.yaml
new file mode 100644
index 0000000..8291f65
--- /dev/null
+++ b/charts/ovn/templates/clusterrole-controller.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: ovn-controller
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  verbs:
+  - get
+  - patch
diff --git a/charts/ovn/templates/clusterrolebinding-controller.yaml b/charts/ovn/templates/clusterrolebinding-controller.yaml
new file mode 100644
index 0000000..c95ef5e
--- /dev/null
+++ b/charts/ovn/templates/clusterrolebinding-controller.yaml
@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: ovn-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: ovn-controller
+subjects:
+- kind: ServiceAccount
+  name: ovn-controller
+  namespace: {{ .Release.Namespace }}
+- kind: ServiceAccount
+  name: ovn-controller-gw
+  namespace: {{ .Release.Namespace }}
diff --git a/charts/ovn/templates/daemonset-controller-gw.yaml b/charts/ovn/templates/daemonset-controller-gw.yaml
index 6307bba..5701a87 100644
--- a/charts/ovn/templates/daemonset-controller-gw.yaml
+++ b/charts/ovn/templates/daemonset-controller-gw.yaml
@@ -59,6 +59,10 @@
           env:
             - name: OVN_CMS_OPTIONS
               value: {{ .Values.conf.gw_ovn_cms_options | quote }}
+            - name: NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
           volumeMounts:
             - name: ovn-bin
               mountPath: /tmp/ovn-controller-init.sh
diff --git a/charts/ovn/templates/daemonset-controller.yaml b/charts/ovn/templates/daemonset-controller.yaml
index 85daf70..580d5ae 100644
--- a/charts/ovn/templates/daemonset-controller.yaml
+++ b/charts/ovn/templates/daemonset-controller.yaml
@@ -59,6 +59,10 @@
           env:
             - name: OVN_CMS_OPTIONS
               value: {{ .Values.conf.ovn_cms_options | quote }}
+            - name: NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
           volumeMounts:
             - name: ovn-bin
               mountPath: /tmp/ovn-controller-init.sh
diff --git a/images/Earthfile b/images/Earthfile
index 4c0e423..f5ff111 100644
--- a/images/Earthfile
+++ b/images/Earthfile
@@ -9,6 +9,17 @@
     apt-get clean && \
     rm -rf /var/lib/apt/lists/*
 
+DNF_INSTALL:
+  COMMAND
+  ARG PACKAGES
+  RUN \
+    dnf -y install \
+      ${PACKAGES} \
+      --setopt=install_weak_deps=False \
+      --setopt=tsflags=nodocs && \
+    dnf -y clean all && \
+    rm -rf /var/cache/dnf
+
 CREATE_PROJECT_USER:
   COMMAND
   ARG PROJECT
diff --git a/images/cloud-archive-base/Earthfile b/images/cloud-archive-base/Earthfile
index ab0f46a..473d5d8 100644
--- a/images/cloud-archive-base/Earthfile
+++ b/images/cloud-archive-base/Earthfile
@@ -14,6 +14,8 @@
       RUN echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu $(lsb_release -sc)-updates/antelope main" > /etc/apt/sources.list.d/cloudarchive.list
     ELSE IF [ "${RELEASE}" = "2023.2" ]
       RUN echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu $(lsb_release -sc)-updates/bobcat main" > /etc/apt/sources.list.d/cloudarchive.list
+    ELSE IF [ "${RELEASE}" = "master" ]
+      RUN echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu $(lsb_release -sc)-updates/caracal main" > /etc/apt/sources.list.d/cloudarchive.list
     ELSE
       RUN echo "${RELEASE} is not supported on $(lsb_release -sc)"
       RUN exit 1
diff --git a/images/libvirtd/Earthfile b/images/libvirtd/Earthfile
new file mode 100644
index 0000000..07c358f
--- /dev/null
+++ b/images/libvirtd/Earthfile
@@ -0,0 +1,21 @@
+VERSION 0.7
+
+platform-image:
+  ARG RELEASE=zed
+  FROM ../cloud-archive-base+image --RELEASE=${RELEASE}
+  LABEL org.opencontainers.image.source=https://github.com/vexxhost/atmosphere
+  COPY keyrings/ceph.gpg /etc/apt/trusted.gpg.d/
+  IF [ "$(lsb_release -sc)" = "focal" ]
+    RUN echo "deb http://download.ceph.com/debian-quincy/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/ceph.list
+  ELSE IF [ "$(lsb_release -sc)" = "jammy" ]
+    RUN echo "deb http://download.ceph.com/debian-reef/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/ceph.list
+  ELSE
+    RUN echo "${RELEASE} is not supported on $(lsb_release -sc)"
+    RUN exit 1
+  END
+  DO ../+APT_INSTALL --PACKAGES="ceph-common cgroup-tools dmidecode ebtables iproute2 ipxe-qemu kmod libvirt-clients libvirt-daemon-system openssh-client openvswitch-switch ovmf pm-utils qemu-block-extra qemu-efi qemu-kvm seabios"
+  DO ../+CREATE_PROJECT_USER --PROJECT=nova
+  SAVE IMAGE --push ghcr.io/vexxhost/atmosphere/libvirtd:${RELEASE}
+
+image:
+  BUILD --platform linux/amd64 --platform linux/arm64 +platform-image
diff --git a/images/libvirtd/keyrings/ceph.gpg b/images/libvirtd/keyrings/ceph.gpg
new file mode 100644
index 0000000..c5d8bd3
--- /dev/null
+++ b/images/libvirtd/keyrings/ceph.gpg
Binary files differ
diff --git a/images/manila/patches/0000-fix-stop-using-batch_op-for-rename_table.patch b/images/manila/patches/0000-fix-stop-using-batch_op-for-rename_table.patch
new file mode 100644
index 0000000..a55e4e6
--- /dev/null
+++ b/images/manila/patches/0000-fix-stop-using-batch_op-for-rename_table.patch
@@ -0,0 +1,26 @@
+From eb7f03c667261557d7f809f7851bad6b3eea4646 Mon Sep 17 00:00:00 2001
+From: Mohammed Naser <mnaser@vexxhost.com>
+Date: Mon, 08 Jan 2024 14:00:37 -0500
+Subject: [PATCH] fix: Stop using batch_op for rename_table
+
+For migrations that rename tables, batch_op is not needed, which
+is also even causing issues with newer versions of Alembic.
+
+Change-Id: Ib43f5a24c497f7d97cb2d852b99489b0c3bd75fb
+---
+
+diff --git a/manila/db/migrations/alembic/versions/5077ffcc5f1c_add_share_instances.py b/manila/db/migrations/alembic/versions/5077ffcc5f1c_add_share_instances.py
+index 42d26b7..373e308 100644
+--- a/manila/db/migrations/alembic/versions/5077ffcc5f1c_add_share_instances.py
++++ b/manila/db/migrations/alembic/versions/5077ffcc5f1c_add_share_instances.py
+@@ -245,8 +245,8 @@
+     with op.batch_alter_table("share_export_locations") as batch_op:
+         batch_op.drop_constraint('sel_id_fk', type_='foreignkey')
+         batch_op.drop_column('share_id')
+-        batch_op.rename_table('share_export_locations',
+-                              'share_instance_export_locations')
++    op.rename_table('share_export_locations',
++                            'share_instance_export_locations')
+ 
+ 
+ def downgrade_export_locations_table(connection):
diff --git a/images/openvswitch/Earthfile b/images/openvswitch/Earthfile
new file mode 100644
index 0000000..d53786f
--- /dev/null
+++ b/images/openvswitch/Earthfile
@@ -0,0 +1,16 @@
+VERSION 0.7
+
+ARG --global SERIES=3.1
+ARG --global VERSION=3.1.0-65
+
+platform-image:
+  FROM quay.io/centos/centos:stream9
+  LABEL org.opencontainers.image.source=https://github.com/vexxhost/atmosphere
+  DO ../+DNF_INSTALL --PACKAGES "centos-release-nfv-openvswitch.noarch"
+  DO ../+DNF_INSTALL --PACKAGES "openvswitch${SERIES}-${VERSION}.el9s iptables"
+  SAVE IMAGE --push \
+    ghcr.io/vexxhost/atmosphere/openvswitch:${SERIES} \
+    ghcr.io/vexxhost/atmosphere/openvswitch:${VERSION}
+
+image:
+  BUILD --platform linux/amd64 --platform linux/arm64 +platform-image
diff --git a/images/ovn/Earthfile b/images/ovn/Earthfile
new file mode 100644
index 0000000..436535a
--- /dev/null
+++ b/images/ovn/Earthfile
@@ -0,0 +1,26 @@
+VERSION 0.7
+
+ARG --global SERIES=23.03
+ARG --global VERSION=23.03.0-69
+
+component-image:
+  FROM ../openvswitch+platform-image
+  DO ../+DNF_INSTALL --PACKAGES "firewalld-filesystem hostname ovn${SERIES}-${VERSION}.el9s procps-ng"
+  ARG --required NAME
+  DO ../+DNF_INSTALL --PACKAGES "ovn${SERIES}-${NAME}-${VERSION}.el9s"
+  IF [ "${NAME}" = "host" ]
+    COPY ../kubernetes+image/kubectl /usr/local/bin/kubectl
+  END
+  SAVE IMAGE --push \
+    ghcr.io/vexxhost/atmosphere/ovn-${NAME}:${SERIES} \
+    ghcr.io/vexxhost/atmosphere/ovn-${NAME}:${VERSION}
+
+central:
+  BUILD +component-image --NAME central
+
+host:
+  BUILD +component-image --NAME host
+
+images:
+  BUILD +central
+  BUILD --platform linux/amd64 --platform linux/arm64 +host
diff --git a/images/tempest/Earthfile b/images/tempest/Earthfile
new file mode 100644
index 0000000..062d82a
--- /dev/null
+++ b/images/tempest/Earthfile
@@ -0,0 +1,18 @@
+VERSION 0.7
+
+image:
+  ARG PROJECT=tempest
+  ARG RELEASE=master
+  ARG REF=699749ec27897efe9bd7824664237c16c3339c03
+  FROM ../openstack-service+image \
+    --PROJECT ${PROJECT} \
+    --RELEASE ${RELEASE} \
+    --PROJECT_REF ${REF} \
+    --PIP_PACKAGES "git+https://github.com/openstack/barbican-tempest-plugin.git git+https://github.com/openstack/cinder-tempest-plugin.git git+https://github.com/openstack/heat-tempest-plugin.git git+https://github.com/openstack/keystone-tempest-plugin.git git+https://github.com/openstack/neutron-tempest-plugin.git"
+  DO \
+    ../+APT_INSTALL \
+    --PACKAGES "iputils-ping"
+  DO ../+APPLY_PATCHES
+  SAVE IMAGE --push \
+    ghcr.io/vexxhost/atmosphere/${PROJECT}:${RELEASE} \
+    ghcr.io/vexxhost/atmosphere/${PROJECT}:${REF}
diff --git a/roles/defaults/vars/main.yml b/roles/defaults/vars/main.yml
index 26a22d7..36b4712 100644
--- a/roles/defaults/vars/main.yml
+++ b/roles/defaults/vars/main.yml
@@ -17,7 +17,7 @@
   barbican_api: ghcr.io/vexxhost/atmosphere/barbican:zed@sha256:e4e078de4e4b050a969ad813b9736cc7e63585556dc9274d40ba59aa0c4922a2
   barbican_db_sync: ghcr.io/vexxhost/atmosphere/barbican:zed@sha256:e4e078de4e4b050a969ad813b9736cc7e63585556dc9274d40ba59aa0c4922a2
   bootstrap: ghcr.io/vexxhost/atmosphere/heat:zed@sha256:33a311d1108e5487de775829ef9713b86611dbe70eaac9154640e857fa3c3846
-  ceph_config_helper: quay.io/vexxhost/libvirtd:zed@sha256:480d8736954cdc01c1d6f0c625ba147935ce4e5af25828f6d3fbcd18e6dc283a
+  ceph_config_helper: ghcr.io/vexxhost/atmosphere/libvirtd@sha256:68274a76b635cf78a513e0b9324e49efdc653714bf974161e5940ddfda206114
   ceph: quay.io/ceph/ceph:v16.2.11@sha256:1b9803c8984bef8b82f05e233e8fe8ed8f0bba8e5cc2c57f6efaccbeea682add
   cert_manager_cainjector: quay.io/jetstack/cert-manager-cainjector:v1.7.1@sha256:985743eeed2b62f68ee06e583f1d5a371e1c35af4b1980a1b2571d29174cce47
   cert_manager_cli: quay.io/jetstack/cert-manager-ctl:v1.7.1@sha256:af84513925d86d2de456b5d67dbccd2a34d93aa6fd4e1c8fe9f84182fef1b1b1
@@ -94,7 +94,7 @@
   kube_scheduler: registry.k8s.io/kube-scheduler:v1.22.17@sha256:f85dda445b7c8da197b8e39b0ca2b125b1e97a4a365d45c04d2759aefe935974
   kube_state_metrics: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.9.2@sha256:c30cae7072ffb03f3e7934516db89b3be6c9e5521c0d04d5bbc6e115c9bfa3a7
   kubectl: docker.io/bitnami/kubectl:1.27.3@sha256:876cebc2d9272d9eb42c2128c9a08c7e7715dbfe4f2eb2f0b3612df977fdd6b7
-  libvirt: quay.io/vexxhost/libvirtd:zed@sha256:480d8736954cdc01c1d6f0c625ba147935ce4e5af25828f6d3fbcd18e6dc283a
+  libvirt: ghcr.io/vexxhost/atmosphere/libvirtd@sha256:68274a76b635cf78a513e0b9324e49efdc653714bf974161e5940ddfda206114
   libvirt_exporter: docker.io/vexxhost/libvirtd-exporter:latest@sha256:1a0fdf89f80060bfdbb8cf45213295c5d9fb1f7ea7dbfe2b331f0649cc98df8e
   local_path_provisioner_helper: docker.io/library/busybox:1.36.0@sha256:9e2bbca079387d7965c3a9cee6d0c53f4f4e63ff7637877a83c4c05f2a666112
   local_path_provisioner: docker.io/rancher/local-path-provisioner:v0.0.24@sha256:5bb33992a4ec3034c28b5e0b3c4c2ac35d3613b25b79455eb4b1a95adc82cdc0
@@ -105,11 +105,11 @@
   magnum_conductor: ghcr.io/vexxhost/atmosphere/magnum:zed@sha256:1706093c67cd1450c670e3202d0f90d84e538f82888d1a8d6b341a4919c8fdf2
   magnum_db_sync: ghcr.io/vexxhost/atmosphere/magnum:zed@sha256:1706093c67cd1450c670e3202d0f90d84e538f82888d1a8d6b341a4919c8fdf2
   magnum_registry: quay.io/vexxhost/magnum-cluster-api-registry:main@sha256:0716680b280b2a723fd72740539419e7b1ae13efefe06651b08b88cca1129792
-  manila_api: ghcr.io/vexxhost/atmosphere/manila:zed@sha256:b9b146a9a046e6609439e103403203a19af972c4c6a297f82a23794bd90fdc86
-  manila_data: ghcr.io/vexxhost/atmosphere/manila:zed@sha256:b9b146a9a046e6609439e103403203a19af972c4c6a297f82a23794bd90fdc86
-  manila_db_sync: ghcr.io/vexxhost/atmosphere/manila:zed@sha256:b9b146a9a046e6609439e103403203a19af972c4c6a297f82a23794bd90fdc86
-  manila_scheduler: ghcr.io/vexxhost/atmosphere/manila:zed@sha256:b9b146a9a046e6609439e103403203a19af972c4c6a297f82a23794bd90fdc86
-  manila_share: ghcr.io/vexxhost/atmosphere/manila:zed@sha256:b9b146a9a046e6609439e103403203a19af972c4c6a297f82a23794bd90fdc86
+  manila_api: ghcr.io/vexxhost/atmosphere/manila:zed@sha256:df4d9d0b173c06b43f50b1fb9326bd21eb1e31988383f457f33e8b6ffca3b433
+  manila_data: ghcr.io/vexxhost/atmosphere/manila:zed@sha256:df4d9d0b173c06b43f50b1fb9326bd21eb1e31988383f457f33e8b6ffca3b433
+  manila_db_sync: ghcr.io/vexxhost/atmosphere/manila:zed@sha256:df4d9d0b173c06b43f50b1fb9326bd21eb1e31988383f457f33e8b6ffca3b433
+  manila_scheduler: ghcr.io/vexxhost/atmosphere/manila:zed@sha256:df4d9d0b173c06b43f50b1fb9326bd21eb1e31988383f457f33e8b6ffca3b433
+  manila_share: ghcr.io/vexxhost/atmosphere/manila:zed@sha256:df4d9d0b173c06b43f50b1fb9326bd21eb1e31988383f457f33e8b6ffca3b433
   memcached: docker.io/library/memcached:1.6.17@sha256:d20c577c08863b09b21ecd21d0384d0a800f39d82f37045b3608f677a0a9400f
   netoffload: ghcr.io/vexxhost/netoffload:v1.0.1@sha256:60f092e5d5f156c2f933c199ea72274f80eb758d3e0dc2f2b1be62174c3f7183
   neutron_bagpipe_bgp: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:e4b51997412d159ceac09b8899eee6ba58565aca0e27d39b57a3ddd56b1c9a9e
@@ -152,12 +152,12 @@
   octavia_health_manager: ghcr.io/vexxhost/atmosphere/octavia:zed@sha256:7d10682bc5565c7412c8b04e0bd009af251a2cc7bdc4da5d98a0d9d499fd87e0
   octavia_housekeeping: ghcr.io/vexxhost/atmosphere/octavia:zed@sha256:7d10682bc5565c7412c8b04e0bd009af251a2cc7bdc4da5d98a0d9d499fd87e0
   octavia_worker: ghcr.io/vexxhost/atmosphere/octavia:zed@sha256:7d10682bc5565c7412c8b04e0bd009af251a2cc7bdc4da5d98a0d9d499fd87e0
-  openvswitch_db_server: quay.io/vexxhost/openvswitch:3.1.0-55atmosphere1@sha256:b56cbb97d9216fdc14e4ce223c1a511c624f92eb463672620e86906c2f866bd9
-  openvswitch_vswitchd: quay.io/vexxhost/openvswitch:3.1.0-55atmosphere1@sha256:b56cbb97d9216fdc14e4ce223c1a511c624f92eb463672620e86906c2f866bd9
-  ovn_controller: quay.io/vexxhost/ovn-host:23.03.0@sha256:aa0e91ff1d7224e3aa7ae0e8b7b770410f9abdb15b7421cf060d3c231fbe23e5
-  ovn_northd: quay.io/vexxhost/ovn-central:23.03.0@sha256:2061a2b8a5128c7c01cc005a15122ec0c1a83a270a23e2cf74f71ac46b9d103e
-  ovn_ovsdb_nb: quay.io/vexxhost/ovn-central:23.03.0@sha256:2061a2b8a5128c7c01cc005a15122ec0c1a83a270a23e2cf74f71ac46b9d103e
-  ovn_ovsdb_sb: quay.io/vexxhost/ovn-central:23.03.0@sha256:2061a2b8a5128c7c01cc005a15122ec0c1a83a270a23e2cf74f71ac46b9d103e
+  openvswitch_db_server: ghcr.io/vexxhost/atmosphere/openvswitch:3.1.0-65@sha256:b783612bd2d5cc3e5c928867f6c2d68ea41e4ebe8e716e5d372244c6ff8394a7
+  openvswitch_vswitchd: ghcr.io/vexxhost/atmosphere/openvswitch:3.1.0-65@sha256:b783612bd2d5cc3e5c928867f6c2d68ea41e4ebe8e716e5d372244c6ff8394a7
+  ovn_controller: ghcr.io/vexxhost/atmosphere/ovn-host:23.03.0-69@sha256:77940ecdf2b4eef39ce7719091b0dee7e28fbfcb3acfb5a9af3009e3e1a10e55
+  ovn_northd: ghcr.io/vexxhost/atmosphere/ovn-central:23.03.0-69@sha256:aca0ccfbc8d88dda2595fc65534d8eeddec2ee6bc3b25251bfea7c76ff2506d5
+  ovn_ovsdb_nb: ghcr.io/vexxhost/atmosphere/ovn-central:23.03.0-69@sha256:aca0ccfbc8d88dda2595fc65534d8eeddec2ee6bc3b25251bfea7c76ff2506d5
+  ovn_ovsdb_sb: ghcr.io/vexxhost/atmosphere/ovn-central:23.03.0-69@sha256:aca0ccfbc8d88dda2595fc65534d8eeddec2ee6bc3b25251bfea7c76ff2506d5
   pause: registry.k8s.io/pause:3.8@sha256:f5944f2d1daf66463768a1503d0c8c5e8dde7c1674d3f85abc70cef9c7e32e95
   percona_xtradb_cluster_haproxy: docker.io/percona/percona-xtradb-cluster-operator:1.13.0-haproxy@sha256:f04e4fea548bfc7cb0bfc73c75c7f2c64d299cf04125a07a8101a55f0f734fed
   percona_xtradb_cluster_operator: docker.io/percona/percona-xtradb-cluster-operator:1.13.0@sha256:c674d63242f1af521edfbaffae2ae02fb8d010c0557a67a9c42d2b4a50db5243
@@ -190,7 +190,7 @@
   staffeln_db_sync: ghcr.io/vexxhost/staffeln:v2.2.3@sha256:ee3d8ab2c17d21b4a64a48abfb089df98700b6bc7cee5db36b5ef9c357317736
   staffeln_conductor: ghcr.io/vexxhost/staffeln:v2.2.3@sha256:ee3d8ab2c17d21b4a64a48abfb089df98700b6bc7cee5db36b5ef9c357317736
   staffeln_api: ghcr.io/vexxhost/staffeln:v2.2.3@sha256:ee3d8ab2c17d21b4a64a48abfb089df98700b6bc7cee5db36b5ef9c357317736
-  tempest_run_tests: us-docker.pkg.dev/vexxhost-infra/openstack/tempest:30.1.0-4@sha256:330c5291bb6a52261b5842e8e3a0447cc6cfeae233cd6fa214464197340bb1a5
+  tempest_run_tests: ghcr.io/vexxhost/atmosphere/tempest:master@sha256:f853245478162168d8e818070499e412a91958680122780c80ef8bf73ab01e35
   vector: docker.io/timberio/vector:0.27.0-debian@sha256:29f23dab76fa306b67b10eac3e9decdb01c906f8aa3b00a2f5b2e8ae088b84e0
 
 atmosphere_images: '{{ _atmosphere_images | combine(atmosphere_image_overrides, recursive=True)
diff --git a/roles/tempest/vars/main.yml b/roles/tempest/vars/main.yml
index d90ba02..c1eb848 100644
--- a/roles/tempest/vars/main.yml
+++ b/roles/tempest/vars/main.yml
@@ -34,6 +34,8 @@
         fixed_network_name: public
       dashboard:
         dashboard_url: "http://horizon-int.openstack.svc.cluster.local"
+      identity:
+        v3_endpoint_type: internal
       image:
         endpoint_type: internal
       network:
@@ -47,6 +49,7 @@
       volume:
         endpoint_type: internal
       object-storage:
+        build_timeout: 60
         endpoint_type: internal
         reseller_admin_role: admin
   pvc: