[ATMOSPHERE-385] chore: sync vendor charts (#1752)



Reviewed-by: Mohammed Naser <mnaser@vexxhost.com>
Reviewed-by: Yaguang Tang <heut2008@gmail.com>
Reviewed-by: Oleksandr K.
diff --git a/.charts.yml b/.charts.yml
index 23be363..ee1b799 100644
--- a/.charts.yml
+++ b/.charts.yml
@@ -86,9 +86,13 @@
     repository:
       url: https://kubernetes.github.io/ingress-nginx
   - name: ironic
-    version: 0.2.14
+    version: 0.2.17
     repository: *openstack_helm_repository
     dependencies: *openstack_helm_dependencies
+    patches:
+      gerrit:
+        review.opendev.org:
+          - 925931
   - name: keycloak
     version: 21.4.1
     repository:
diff --git a/charts/ironic/Chart.yaml b/charts/ironic/Chart.yaml
index 9a1a847..d5a1192 100644
--- a/charts/ironic/Chart.yaml
+++ b/charts/ironic/Chart.yaml
@@ -9,4 +9,4 @@
 sources:
 - https://opendev.org/openstack/ironic
 - https://opendev.org/openstack/openstack-helm
-version: 0.2.14
+version: 0.2.17
diff --git a/charts/ironic/charts/helm-toolkit/Chart.yaml b/charts/ironic/charts/helm-toolkit/Chart.yaml
index e827e99..d4c0ea2 100644
--- a/charts/ironic/charts/helm-toolkit/Chart.yaml
+++ b/charts/ironic/charts/helm-toolkit/Chart.yaml
@@ -9,4 +9,4 @@
 sources:
 - https://opendev.org/openstack/openstack-helm-infra
 - https://opendev.org/openstack/openstack-helm
-version: 0.2.64
+version: 0.2.69
diff --git a/charts/ironic/charts/helm-toolkit/templates/endpoints/_authenticated_endpoint_uri_lookup.tpl b/charts/ironic/charts/helm-toolkit/templates/endpoints/_authenticated_endpoint_uri_lookup.tpl
index 12b84de..d7390d8 100644
--- a/charts/ironic/charts/helm-toolkit/templates/endpoints/_authenticated_endpoint_uri_lookup.tpl
+++ b/charts/ironic/charts/helm-toolkit/templates/endpoints/_authenticated_endpoint_uri_lookup.tpl
@@ -50,7 +50,7 @@
 {{- $endpointScheme := tuple $type $endpoint $port $context | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" }}
 {{- $userMap := index $context.Values.endpoints ( $type | replace "-" "_" ) "auth" $userclass }}
 {{- $endpointUser := index $userMap "username" }}
-{{- $endpointPass := index $userMap "password" }}
+{{- $endpointPass := index $userMap "password" | urlquery }}
 {{- $endpointHost := tuple $type $endpoint $context | include "helm-toolkit.endpoints.endpoint_host_lookup" }}
 {{- $endpointPort := tuple $type $endpoint $port $context | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
 {{- $endpointPath := tuple $type $endpoint $port $context | include "helm-toolkit.endpoints.keystone_endpoint_path_lookup" }}
diff --git a/charts/ironic/charts/helm-toolkit/templates/endpoints/_authenticated_transport_endpoint_uri_lookup.tpl b/charts/ironic/charts/helm-toolkit/templates/endpoints/_authenticated_transport_endpoint_uri_lookup.tpl
index b7cf287..b9ac9d9 100644
--- a/charts/ironic/charts/helm-toolkit/templates/endpoints/_authenticated_transport_endpoint_uri_lookup.tpl
+++ b/charts/ironic/charts/helm-toolkit/templates/endpoints/_authenticated_transport_endpoint_uri_lookup.tpl
@@ -100,7 +100,7 @@
 {{-   $ssMap := index $context.Values.endpoints ( $type | replace "-" "_" ) "statefulset" | default false}}
 {{-   $hostFqdnOverride := index $context.Values.endpoints ( $type | replace "-" "_" ) "host_fqdn_override" }}
 {{-   $endpointUser := index $userMap "username" }}
-{{-   $endpointPass := index $userMap "password" }}
+{{-   $endpointPass := index $userMap "password" | urlquery }}
 {{-   $endpointHostSuffix := tuple $type $endpoint $context | include "helm-toolkit.endpoints.endpoint_host_lookup" }}
 {{-   $endpointPort := tuple $type $endpoint $port $context | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
 {{-   $local := dict "endpointCredsAndHosts" list -}}
diff --git a/charts/ironic/charts/helm-toolkit/templates/scripts/_db-drop.py.tpl b/charts/ironic/charts/helm-toolkit/templates/scripts/_db-drop.py.tpl
index 03884fa..1e28da9 100644
--- a/charts/ironic/charts/helm-toolkit/templates/scripts/_db-drop.py.tpl
+++ b/charts/ironic/charts/helm-toolkit/templates/scripts/_db-drop.py.tpl
@@ -124,7 +124,12 @@
 
 # Delete DB
 try:
-    root_engine.execute("DROP DATABASE IF EXISTS {0}".format(database))
+    with root_engine.connect() as connection:
+        connection.execute("DROP DATABASE IF EXISTS {0}".format(database))
+        try:
+            connection.commit()
+        except AttributeError:
+            pass
     logger.info("Deleted database {0}".format(database))
 except:
     logger.critical("Could not drop database {0}".format(database))
@@ -132,7 +137,12 @@
 
 # Delete DB User
 try:
-    root_engine.execute("DROP USER IF EXISTS {0}".format(user))
+    with root_engine.connect() as connection:
+        connection.execute("DROP USER IF EXISTS {0}".format(user))
+        try:
+            connection.commit()
+        except AttributeError:
+            pass
     logger.info("Deleted user {0}".format(user))
 except:
     logger.critical("Could not delete user {0}".format(user))
diff --git a/charts/ironic/charts/helm-toolkit/templates/scripts/_db-init.py.tpl b/charts/ironic/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
index 6027b95..110cd98 100644
--- a/charts/ironic/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
+++ b/charts/ironic/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
@@ -124,7 +124,12 @@
 
 # Create DB
 try:
-    root_engine.execute("CREATE DATABASE IF NOT EXISTS {0}".format(database))
+    with root_engine.connect() as connection:
+        connection.execute("CREATE DATABASE IF NOT EXISTS {0}".format(database))
+        try:
+            connection.commit()
+        except AttributeError:
+            pass
     logger.info("Created database {0}".format(database))
 except:
     logger.critical("Could not create database {0}".format(database))
@@ -132,11 +137,16 @@
 
 # Create DB User
 try:
-    root_engine.execute(
-        "CREATE USER IF NOT EXISTS \'{0}\'@\'%%\' IDENTIFIED BY \'{1}\' {2}".format(
-            user, password, mysql_x509))
-    root_engine.execute(
-        "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\'".format(database, user))
+    with root_engine.connect() as connection:
+        connection.execute(
+            "CREATE USER IF NOT EXISTS \'{0}\'@\'%%\' IDENTIFIED BY \'{1}\' {2}".format(
+                user, password, mysql_x509))
+        connection.execute(
+            "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\'".format(database, user))
+        try:
+            connection.commit()
+        except AttributeError:
+            pass
     logger.info("Created user {0} for {1}".format(user, database))
 except:
     logger.critical("Could not create user {0} for {1}".format(user, database))
diff --git a/charts/ironic/charts/helm-toolkit/templates/snippets/_image.tpl b/charts/ironic/charts/helm-toolkit/templates/snippets/_image.tpl
index 029c93d..678b844 100644
--- a/charts/ironic/charts/helm-toolkit/templates/snippets/_image.tpl
+++ b/charts/ironic/charts/helm-toolkit/templates/snippets/_image.tpl
@@ -19,7 +19,7 @@
   images:
     tags:
       test_image: docker.io/port/test:version-foo
-      image_foo: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
+      image_foo: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal
     pull_policy: IfNotPresent
     local_registry:
       active: true
diff --git a/charts/ironic/charts/helm-toolkit/templates/snippets/_kubernetes_entrypoint_init_container.tpl b/charts/ironic/charts/helm-toolkit/templates/snippets/_kubernetes_entrypoint_init_container.tpl
index bed712e..ad628da 100644
--- a/charts/ironic/charts/helm-toolkit/templates/snippets/_kubernetes_entrypoint_init_container.tpl
+++ b/charts/ironic/charts/helm-toolkit/templates/snippets/_kubernetes_entrypoint_init_container.tpl
@@ -19,7 +19,7 @@
 values: |
   images:
     tags:
-      dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
+      dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal
     pull_policy: IfNotPresent
     local_registry:
       active: true
@@ -76,7 +76,7 @@
   {{ tuple . "calico_node" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" }}
 return: |
   - name: init
-    image: "quay.io/airshipit/kubernetes-entrypoint:v1.0.0"
+    image: "quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal"
     imagePullPolicy: IfNotPresent
     securityContext:
       allowPrivilegeEscalation: false
diff --git a/charts/ironic/requirements.lock b/charts/ironic/requirements.lock
index 43aa382..7fc06bc 100644
--- a/charts/ironic/requirements.lock
+++ b/charts/ironic/requirements.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: helm-toolkit
   repository: https://tarballs.openstack.org/openstack-helm-infra
-  version: 0.2.64
-digest: sha256:4c00b9bfa1d3dc0426a82ec22f51b440e838c55cbd1f81dbf7de5b28471f6141
+  version: 0.2.69
+digest: sha256:f971f98746c97193da5ff7a44d2401ae7d91201a49ed9f23d52359a1b6e9d0ef
 generated: '0001-01-01T00:00:00Z'
diff --git a/charts/ironic/requirements.yaml b/charts/ironic/requirements.yaml
index ddafbfc..b3d5dcf 100644
--- a/charts/ironic/requirements.yaml
+++ b/charts/ironic/requirements.yaml
@@ -1,4 +1,4 @@
 dependencies:
 - name: helm-toolkit
   repository: https://tarballs.openstack.org/openstack-helm-infra
-  version: 0.2.64
+  version: 0.2.69
diff --git a/charts/ironic/templates/bin/_ironic-conductor-http-init.sh.tpl b/charts/ironic/templates/bin/_ironic-conductor-http-init.sh.tpl
deleted file mode 100644
index 7acce1a..0000000
--- a/charts/ironic/templates/bin/_ironic-conductor-http-init.sh.tpl
+++ /dev/null
@@ -1,37 +0,0 @@
-#!/bin/bash
-
-{{/*
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-   http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-set -ex
-
-if [ "x" == "x${PROVISIONER_INTERFACE}" ]; then
-  echo "Provisioner interface is not set"
-  exit 1
-fi
-
-function net_pxe_addr {
- ip addr | awk "/inet / && /${PROVISIONER_INTERFACE}/{print \$2; exit }"
-}
-function net_pxe_ip {
- echo $(net_pxe_addr) | awk -F '/' '{ print $1; exit }'
-}
-PXE_IP=$(net_pxe_ip)
-
-if [ "x" == "x${PXE_IP}" ]; then
-  echo "Could not find IP for pxe to bind to"
-  exit 1
-fi
-
-sed "s|OSH_PXE_IP|${PXE_IP}|g" /etc/nginx/nginx.conf > /tmp/pod-shared/nginx.conf
diff --git a/charts/ironic/templates/bin/_ironic-conductor-http.sh.tpl b/charts/ironic/templates/bin/_ironic-conductor-http.sh.tpl
deleted file mode 100644
index 6a97b41..0000000
--- a/charts/ironic/templates/bin/_ironic-conductor-http.sh.tpl
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-
-{{/*
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-   http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-set -ex
-
-mkdir -p /var/lib/openstack-helm/httpboot
-cp -v /tmp/pod-shared/nginx.conf /etc/nginx/nginx.conf
-exec nginx -g 'daemon off;'
diff --git a/charts/ironic/templates/bin/_ironic-conductor-pxe-init.sh.tpl b/charts/ironic/templates/bin/_ironic-conductor-pxe-init.sh.tpl
deleted file mode 100644
index c70a2f0..0000000
--- a/charts/ironic/templates/bin/_ironic-conductor-pxe-init.sh.tpl
+++ /dev/null
@@ -1,60 +0,0 @@
-#!/bin/bash
-
-{{/*
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-   http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-set -ex
-
-. /etc/os-release
-HOST_OS=${HOST_OS:="${ID}"}
-FILEPATH=${FILEPATH:-/usr/lib/ipxe}
-
-if [ "x$ID" == "xubuntu" ]; then
-  #NOTE(portdirect): this works around a limitation in Kolla images
-  if ! dpkg -l ipxe; then
-    apt-get update
-    apt-get install ipxe -y
-  fi
-
-  FILEPATH=/usr/lib/ipxe
-
-elif [ "x$ID" == "xcentos" ]; then
-
-  if ! yum list installed ipxe-bootimgs >/dev/null 2>&1; then
-    yum update --nogpgcheck -y
-    yum install ipxe-bootimgs syslinux-tftpboot --nogpgcheck -y
-  fi
-
-  FILEPATH=/usr/share/ipxe
-
-fi
-
-mkdir -p /var/lib/openstack-helm/tftpboot
-mkdir -p /var/lib/openstack-helm/tftpboot/master_images
-
-for FILE in undionly.kpxe ipxe.efi pxelinux.0 snponly.efi; do
-  if [ -f /usr/lib/ipxe/$FILE ]; then
-    cp -v /usr/lib/ipxe/$FILE /var/lib/openstack-helm/tftpboot
-  fi
-
-  # ipxe and pxe support for CentOS
-  if [ "x$ID" == "xcentos" ]; then
-    if [ -f /var/lib/tftpboot/$FILE ]; then
-      cp -v /var/lib/tftpboot/$FILE /var/lib/openstack-helm/tftpboot
-    fi
-    if [ -f /usr/share/ipxe/$FILE ]; then
-      cp -v /usr/share/ipxe/$FILE /var/lib/openstack-helm/tftpboot
-    fi
-  fi
-done
diff --git a/charts/ironic/templates/bin/_ironic-conductor-pxe.sh.tpl b/charts/ironic/templates/bin/_ironic-conductor-pxe.sh.tpl
deleted file mode 100644
index 19451ab..0000000
--- a/charts/ironic/templates/bin/_ironic-conductor-pxe.sh.tpl
+++ /dev/null
@@ -1,37 +0,0 @@
-#!/bin/bash
-
-{{/*
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-   http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-set -ex
-function net_pxe_addr {
- ip addr | awk "/inet / && /${PROVISIONER_INTERFACE}/{print \$2; exit }"
-}
-function net_pxe_ip {
- echo $(net_pxe_addr) | awk -F '/' '{ print $1; exit }'
-}
-PXE_IP=$(net_pxe_ip)
-
-if [ "x" == "x${PXE_IP}" ]; then
-  echo "Could not find IP for pxe to bind to"
-  exit 1
-fi
-
-ln -s /var/lib/openstack-helm/tftpboot /tftpboot
-exec /usr/sbin/in.tftpd \
-  --verbose \
-  --foreground \
-  --user root \
-  --address ${PXE_IP}:69 \
-  --map-file /tftp-map-file /tftpboot
diff --git a/charts/ironic/templates/configmap-bin.yaml b/charts/ironic/templates/configmap-bin.yaml
index e2c6de2..9666803 100644
--- a/charts/ironic/templates/configmap-bin.yaml
+++ b/charts/ironic/templates/configmap-bin.yaml
@@ -52,14 +52,14 @@
 {{ tuple "bin/_ironic-conductor.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
   ironic-conductor-init.sh: |
 {{ tuple "bin/_ironic-conductor-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
-  ironic-conductor-pxe.sh: |
-{{ tuple "bin/_ironic-conductor-pxe.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
-  ironic-conductor-pxe-init.sh: |
-{{ tuple "bin/_ironic-conductor-pxe-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
-  ironic-conductor-http.sh: |
-{{ tuple "bin/_ironic-conductor-http.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
-  ironic-conductor-http-init.sh: |
-{{ tuple "bin/_ironic-conductor-http-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+{{- if .Values.conductor.pxe.enabled }}
+{{ include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conductor.pxe.script "key" "ironic-conductor-pxe.sh") | indent 2 }}
+{{ include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conductor.pxe.init_script "key" "ironic-conductor-pxe-init.sh") | indent 2 }}
+{{ end }}
+{{- if .Values.conductor.http.enabled }}
+{{ include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conductor.http.script "key" "ironic-conductor-http.sh") | indent 2 }}
+{{ include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conductor.http.init_script "key" "ironic-conductor-http-init.sh") | indent 2 }}
+{{ end }}
   rabbit-init.sh: |
 {{- include "helm-toolkit.scripts.rabbit_init" . | indent 4 }}
 {{- end }}
diff --git a/charts/ironic/templates/configmap-etc.yaml b/charts/ironic/templates/configmap-etc.yaml
index 395a2a4..8b25336 100644
--- a/charts/ironic/templates/configmap-etc.yaml
+++ b/charts/ironic/templates/configmap-etc.yaml
@@ -47,6 +47,32 @@
 {{- $_ := set .Values.conf.ironic.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
 {{- end -}}
 
+{{- if .Values.conf.ironic.service_user.send_service_user_token -}}
+
+{{- if empty .Values.conf.ironic.service_user.auth_url -}}
+{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.ironic.service_user "auth_url" -}}
+{{- end -}}
+{{- if empty .Values.conf.ironic.service_user.region_name -}}
+{{- $_ := set .Values.conf.ironic.service_user "region_name" .Values.endpoints.identity.auth.ironic.region_name -}}
+{{- end -}}
+{{- if empty .Values.conf.ironic.service_user.project_name -}}
+{{- $_ := set .Values.conf.ironic.service_user "project_name" .Values.endpoints.identity.auth.ironic.project_name -}}
+{{- end -}}
+{{- if empty .Values.conf.ironic.service_user.project_domain_name -}}
+{{- $_ := set .Values.conf.ironic.service_user "project_domain_name" .Values.endpoints.identity.auth.ironic.project_domain_name -}}
+{{- end -}}
+{{- if empty .Values.conf.ironic.service_user.user_domain_name -}}
+{{- $_ := set .Values.conf.ironic.service_user "user_domain_name" .Values.endpoints.identity.auth.ironic.user_domain_name -}}
+{{- end -}}
+{{- if empty .Values.conf.ironic.service_user.username -}}
+{{- $_ := set .Values.conf.ironic.service_user "username" .Values.endpoints.identity.auth.ironic.username -}}
+{{- end -}}
+{{- if empty .Values.conf.ironic.service_user.password -}}
+{{- $_ := set .Values.conf.ironic.service_user "password" .Values.endpoints.identity.auth.ironic.password -}}
+{{- end -}}
+
+{{- end -}}
+
 {{- if empty .Values.conf.ironic.database.connection -}}
 {{- $_ := tuple "oslo_db" "internal" "ironic" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ironic.database "connection" -}}
 {{- end -}}
diff --git a/charts/ironic/templates/statefulset-conductor.yaml b/charts/ironic/templates/statefulset-conductor.yaml
index 43be977..bcf6238 100644
--- a/charts/ironic/templates/statefulset-conductor.yaml
+++ b/charts/ironic/templates/statefulset-conductor.yaml
@@ -54,11 +54,16 @@
 {{ end }}
       securityContext:
         runAsUser: 0
+{{ if .Values.pod.useHostNetwork.conductor }}
       hostNetwork: True
-      hostIPC: True
       dnsPolicy: ClusterFirstWithHostNet
+{{ end }}
+{{ if .Values.pod.useHostIPC.conductor }}
+      hostIPC: True
+{{ end }}
       initContainers:
 {{ tuple $envAll "conductor" $mounts_ironic_conductor_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{- if $envAll.Values.conductor.pxe.enabled }}
         - name: ironic-conductor-pxe-init
 {{ tuple $envAll "ironic_pxe_init" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.conductor | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
@@ -73,6 +78,7 @@
               readOnly: true
             - name: pod-data
               mountPath: /var/lib/openstack-helm
+{{- end }}
         - name: ironic-conductor-init
 {{ tuple $envAll "ironic_conductor" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.conductor | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
@@ -90,6 +96,7 @@
               readOnly: true
             - name: pod-shared
               mountPath: /tmp/pod-shared
+{{- if $envAll.Values.conductor.http.enabled }}
         - name: ironic-conductor-http-init
 {{ tuple $envAll "ironic_conductor" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.conductor | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
@@ -111,6 +118,7 @@
               readOnly: true
             - name: pod-shared
               mountPath: /tmp/pod-shared
+{{- end }}
 {{- if and (.Values.bootstrap.object_store.enabled) (.Values.bootstrap.object_store.openstack.enabled) }}
         - name: ironic-retrive-swift-config
 {{ tuple $envAll "ironic_retrive_swift_config" | include "helm-toolkit.snippets.image" | indent 10 }}
@@ -198,6 +206,7 @@
             - name: pod-data
               mountPath: /var/lib/openstack-helm
 {{ if $mounts_ironic_conductor.volumeMounts }}{{ toYaml $mounts_ironic_conductor.volumeMounts | indent 12 }}{{ end }}
+{{- if $envAll.Values.conductor.pxe.enabled }}
         - name: ironic-conductor-pxe
 {{ tuple $envAll "ironic_pxe" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.conductor | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
@@ -221,6 +230,8 @@
               readOnly: true
             - name: pod-data
               mountPath: /var/lib/openstack-helm
+{{- end }}
+{{- if $envAll.Values.conductor.http.enabled }}
         - name: ironic-conductor-http
 {{ tuple $envAll "ironic_pxe_http" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.conductor | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
@@ -239,6 +250,7 @@
             - name: pod-data
               mountPath: /var/lib/openstack-helm
 {{ if $mounts_ironic_conductor.volumeMounts }}{{ toYaml $mounts_ironic_conductor.volumeMounts | indent 12 }}{{ end }}
+{{- end }}
       volumes:
         - name: pod-tmp
           emptyDir: {}
diff --git a/charts/ironic/values.yaml b/charts/ironic/values.yaml
index 07f5c0a..a94bc3f 100644
--- a/charts/ironic/values.yaml
+++ b/charts/ironic/values.yaml
@@ -50,7 +50,7 @@
     ironic_pxe: docker.io/openstackhelm/ironic:2024.1-ubuntu_jammy
     ironic_pxe_init: docker.io/openstackhelm/ironic:2024.1-ubuntu_jammy
     ironic_pxe_http: docker.io/nginx:1.13.3
-    dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
+    dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal
     image_repo_sync: docker.io/docker:17.07.0
   pull_policy: "IfNotPresent"
   local_registry:
@@ -119,6 +119,8 @@
     inspector:
       auth_type: password
     keystone_authtoken:
+      service_token_roles: service
+      service_token_roles_required: true
       auth_type: password
       auth_version: v3
     neutron:
@@ -136,6 +138,9 @@
       ipxe_enabled: true
     service_catalog:
       auth_type: password
+    service_user:
+      auth_type: password
+      send_service_user_token: true
     swift:
       auth_url: null
     oslo_policy:
@@ -201,6 +206,79 @@
       format: "%(message)s"
       datefmt: "%Y-%m-%d %H:%M:%S"
 
+conductor:
+  http:
+    enabled: true
+    init_script: |
+      #!/bin/bash
+      set -ex
+      if [ "x" == "x${PROVISIONER_INTERFACE}" ]; then
+        echo "Provisioner interface is not set"
+        exit 1
+      fi
+
+      function net_pxe_addr {
+       ip addr | awk "/inet / && /${PROVISIONER_INTERFACE}/{print \$2; exit }"
+      }
+      function net_pxe_ip {
+       echo $(net_pxe_addr) | awk -F '/' '{ print $1; exit }'
+      }
+      PXE_IP=$(net_pxe_ip)
+
+      if [ "x" == "x${PXE_IP}" ]; then
+        echo "Could not find IP for pxe to bind to"
+        exit 1
+      fi
+
+      sed "s|OSH_PXE_IP|${PXE_IP}|g" /etc/nginx/nginx.conf > /tmp/pod-shared/nginx.conf
+    script: |
+      #!/bin/bash
+      set -ex
+      mkdir -p /var/lib/openstack-helm/httpboot
+      cp -v /tmp/pod-shared/nginx.conf /etc/nginx/nginx.conf
+      exec nginx -g 'daemon off;'
+  pxe:
+    enabled: true
+    init_script: |
+      #!/bin/bash
+      set -ex
+      # default to Ubuntu path
+      FILEPATH=${FILEPATH:-/usr/lib/ipxe}
+
+      mkdir -p /var/lib/openstack-helm/tftpboot
+      mkdir -p /var/lib/openstack-helm/tftpboot/master_images
+
+      for FILE in undionly.kpxe ipxe.efi pxelinux.0 snponly.efi; do
+        # copy in default file
+        if [ -f $FILEPATH/$FILE ]; then
+          cp -v $FILEPATH/$FILE /var/lib/openstack-helm/tftpboot
+        fi
+
+      done
+    script: |
+      #!/bin/bash
+      set -ex
+      function net_pxe_addr {
+       ip addr | awk "/inet / && /${PROVISIONER_INTERFACE}/{print \$2; exit }"
+      }
+      function net_pxe_ip {
+       echo $(net_pxe_addr) | awk -F '/' '{ print $1; exit }'
+      }
+      PXE_IP=$(net_pxe_ip)
+
+      if [ "x" == "x${PXE_IP}" ]; then
+        echo "Could not find IP for pxe to bind to"
+        exit 1
+      fi
+
+      ln -s /var/lib/openstack-helm/tftpboot /tftpboot
+      exec /usr/sbin/in.tftpd \
+        --verbose \
+        --foreground \
+        --user root \
+        --address ${PXE_IP}:69 \
+        --map-file /tftp-map-file /tftpboot
+
 network:
   pxe:
     device: ironic-pxe
@@ -398,7 +476,7 @@
         user_domain_name: default
         project_domain_name: default
       glance:
-        role: admin
+        role: admin,service
         region_name: RegionOne
         username: glance
         password: password
@@ -703,6 +781,10 @@
         limits:
           memory: "1024Mi"
           cpu: "2000m"
+  useHostNetwork:
+    conductor: true
+  useHostIPC:
+    conductor: true
 
 network_policy:
   ironic:
diff --git a/charts/libvirt/templates/daemonset-libvirt.yaml b/charts/libvirt/templates/daemonset-libvirt.yaml
index 34aebed..325f061 100644
--- a/charts/libvirt/templates/daemonset-libvirt.yaml
+++ b/charts/libvirt/templates/daemonset-libvirt.yaml
@@ -281,6 +281,8 @@
 {{ tuple $envAll "libvirt_exporter" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.libvirt_exporter | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
 {{ dict "envAll" $envAll "application" "libvirt" "container" "libvirt_exporter" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+          args:
+            - "--libvirt.nova"
           ports:
             - name: metrics
               protocol: TCP
@@ -299,8 +301,6 @@
               {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
               mountPropagation: Bidirectional
               {{- end }}
-          args:
-            - "--libvirt.nova"
         {{- end }}
       volumes:
         - name: etc-pki-qemu
diff --git a/charts/patches/libvirt/0002-enable-nova-metadata-parser.patch b/charts/patches/libvirt/0002-enable-nova-metadata-parser.patch
new file mode 100644
index 0000000..7a66aff
--- /dev/null
+++ b/charts/patches/libvirt/0002-enable-nova-metadata-parser.patch
@@ -0,0 +1,13 @@
+diff --git a/libvirt/templates/daemonset-libvirt.yaml b/libvirt/templates/daemonset-libvirt.yaml
+index 4a0b128..f8686d1 100644
+--- a/libvirt/templates/daemonset-libvirt.yaml
++++ b/libvirt/templates/daemonset-libvirt.yaml
+@@ -281,6 +281,8 @@
+ {{ tuple $envAll "libvirt_exporter" | include "helm-toolkit.snippets.image" | indent 10 }}
+ {{ tuple $envAll $envAll.Values.pod.resources.libvirt_exporter | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+ {{ dict "envAll" $envAll "application" "libvirt" "container" "libvirt_exporter" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
++          args:
++            - "--libvirt.nova"
+           ports:
+             - name: metrics
+               protocol: TCP