Build "master" images in "main" (#1090)
Signed-off-by: Mohammed Naser <mnaser@vexxhost.com>
diff --git a/Dockerfile b/Dockerfile
index 9c8e06b..e336f12 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,161 +1,27 @@
-FROM ubuntu:jammy-20240227 AS ubuntu
-LABEL org.opencontainers.image.source=https://github.com/vexxhost/atmosphere
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
-FROM ubuntu AS helm
-ARG TARGETOS
-ARG TARGETARCH
-ARG HELM_VERSION=3.14.0
-ADD https://get.helm.sh/helm-v${HELM_VERSION}-${TARGETOS}-${TARGETARCH}.tar.gz /helm.tar.gz
-RUN tar -xzf /helm.tar.gz
-RUN mv /${TARGETOS}-${TARGETARCH}/helm /usr/bin/helm
+FROM golang:1.21 AS go-builder
+COPY go.mod go.sum /src/
+WORKDIR /src
+RUN go mod download
-FROM ubuntu AS ubuntu-cloud-archive
-ADD --chmod=644 https://git.launchpad.net/ubuntu/+source/ubuntu-keyring/plain/keyrings/ubuntu-cloud-keyring.gpg /etc/apt/trusted.gpg.d/ubuntu-cloud-keyring.gpg
-ARG RELEASE
-RUN <<EOF bash -xe
-source /etc/os-release
-if [ "\${VERSION_CODENAME}" = "jammy" ]; then \
- if [ "${RELEASE}" = "yoga" ]; then \
- # NOTE: Yoga shipped with 22.04, so no need to add an extra repository.
- echo "" > /etc/apt/sources.list.d/cloudarchive.list; \
- elif [ "${RELEASE}" = "zed" ]; then \
- echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu \${VERSION_CODENAME}-updates/${RELEASE} main" > /etc/apt/sources.list.d/cloudarchive.list; \
- elif [ "${RELEASE}" = "2023.1" ]; then \
- echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu \${VERSION_CODENAME}-updates/antelope main" > /etc/apt/sources.list.d/cloudarchive.list; \
- elif [ "${RELEASE}" = "2023.2" ]; then \
- echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu \${VERSION_CODENAME}-updates/bobcat main" > /etc/apt/sources.list.d/cloudarchive.list; \
- elif [ "${RELEASE}" = "master" ]; then \
- echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu \${VERSION_CODENAME}-updates/caracal main" > /etc/apt/sources.list.d/cloudarchive.list; \
- else \
- echo "${RELEASE} is not supported on \${VERSION_CODENAME}"; \
- exit 1; \
- fi; \
-else
- echo "Unsupported release"; \
- exit 1; \
-fi
-EOF
+FROM go-builder AS libvirt-tls-sidecar-builder
+COPY cmd/ /src/cmd/
+COPY internal/ /src/internal/
+RUN go build -o main ./cmd/libvirt-tls-sidecar/main.go
-FROM alpine/git AS requirements
-ARG BRANCH
-ADD https://opendev.org/openstack/requirements.git#${BRANCH} /src
-RUN <<EOF sh -xe
-sed -i 's/cryptography===36.0.2/cryptography===42.0.4/' /src/upper-constraints.txt
-sed -i 's/cryptography===40.0.2/cryptography===42.0.4/' /src/upper-constraints.txt
-sed -i 's/cryptography===41.0.7/cryptography===42.0.4/' /src/upper-constraints.txt
-sed -i 's/Django===3.2.18/Django===3.2.24/' /src/upper-constraints.txt
-sed -i 's/Flask===2.2.3/Flask===2.2.5/' /src/upper-constraints.txt
-sed -i 's/Jinja2===3.1.2/Jinja2===3.1.3/' /src/upper-constraints.txt
-sed -i 's/oauthlib===3.2.0/oauthlib===3.2.2/' /src/upper-constraints.txt
-sed -i 's/paramiko===2.11.0/paramiko===3.4.0/' /src/upper-constraints.txt
-sed -i 's/paramiko===3.1.0/paramiko===3.4.0/' /src/upper-constraints.txt
-sed -i 's/protobuf===4.21.5/protobuf===4.21.6/' /src/upper-constraints.txt
-sed -i 's/pyOpenSSL===22.0.0/pyOpenSSL===24.0.0/' /src/upper-constraints.txt
-sed -i 's/pyOpenSSL===23.1.1/pyOpenSSL===24.0.0/' /src/upper-constraints.txt
-sed -i 's/requests===2.28.1/requests===2.31.0/' /src/upper-constraints.txt
-sed -i 's/requests===2.28.2/requests===2.31.0/' /src/upper-constraints.txt
-sed -i 's/sqlparse===0.4.2/sqlparse===0.4.4/' /src/upper-constraints.txt
-sed -i 's/urllib3===1.26.12/urllib3===1.26.18/' /src/upper-constraints.txt
-sed -i 's/urllib3===1.26.15/urllib3===1.26.18/' /src/upper-constraints.txt
-sed -i 's/Werkzeug===2.2.2/Werkzeug===2.3.8/' /src/upper-constraints.txt
-sed -i 's/Werkzeug===2.2.3/Werkzeug===2.3.8/' /src/upper-constraints.txt
-sed -i 's/zstd===1.5.2.5/zstd===1.5.4.0/' /src/upper-constraints.txt
-sed -i '/glance-store/d' /src/upper-constraints.txt
-sed -i '/horizon/d' /src/upper-constraints.txt
-EOF
-
-FROM ubuntu-cloud-archive AS openstack-venv-builder
-RUN <<EOF bash -xe
-apt-get update -qq
-apt-get install -qq -y --no-install-recommends \
- build-essential \
- git \
- libldap2-dev \
- libpcre3-dev \
- libsasl2-dev \
- libssl-dev \
- lsb-release \
- openssh-client \
- python3 \
- python3-dev \
- python3-pip \
- python3-venv
-EOF
-RUN <<EOF bash -xe
-python3 -m venv --upgrade-deps --system-site-packages /var/lib/openstack
-EOF
-ENV PATH=/var/lib/openstack/bin:$PATH
-COPY --link --from=requirements /src/upper-constraints.txt /upper-constraints.txt
-RUN <<EOF bash -xe
-pip3 install \
- --constraint /upper-constraints.txt \
- cryptography \
- pymysql \
- python-binary-memcached \
- python-memcached \
- uwsgi
-EOF
-
-FROM ubuntu-cloud-archive AS openstack-runtime
-RUN <<EOF bash -xe
-apt-get update -qq
-apt-get install -qq -y --no-install-recommends \
- ca-certificates \
- libpython3.10 \
- lsb-release \
- python3-distutils \
- sudo
-EOF
-ARG PROJECT
-ARG SHELL=/usr/sbin/nologin
-RUN \
- groupadd -g 42424 ${PROJECT} && \
- useradd -u 42424 -g 42424 -M -d /var/lib/${PROJECT} -s ${SHELL} -c "${PROJECT} User" ${PROJECT} && \
- mkdir -p /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/cache/${PROJECT} && \
- chown -Rv ${PROJECT}:${PROJECT} /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/cache/${PROJECT}
-ENV PATH=/var/lib/openstack/bin:$PATH
-
-FROM alpine/git AS barbican-src
-ARG BARBICAN_GIT_REF
-ADD --keep-git-dir=true https://opendev.org/openstack/barbican.git#${BARBICAN_GIT_REF} /src
-RUN git -C /src fetch --unshallow
-
-FROM openstack-venv-builder AS barbican-build
-COPY --from=barbican-src --link /src /src/barbican
-RUN <<EOF bash -xe
-pip3 install \
- --constraint /upper-constraints.txt \
- /src/barbican \
- pykmip
-EOF
-
-FROM openstack-runtime AS barbican
-COPY --from=barbican-build --link /var/lib/openstack /var/lib/openstack
-
-FROM alpine/git AS magnum-src
-ARG MAGNUM_GIT_REF
-ADD --keep-git-dir=true https://opendev.org/openstack/magnum.git#${MAGNUM_GIT_REF} /src
-RUN git -C /src fetch --unshallow
-ARG RELEASE
-COPY patches/${RELEASE}/magnum /patches
-RUN if [ -n "$(ls -A /patches/*.patch)" ]; then git -C /src apply --verbose /patches/*; fi
-
-FROM openstack-venv-builder AS magnum-build
-COPY --from=magnum-src --link /src /src/magnum
-RUN <<EOF bash -xe
-pip3 install \
- --constraint /upper-constraints.txt \
- /src/magnum \
- magnum-cluster-api==0.16.0
-EOF
-
-FROM openstack-runtime AS magnum
-RUN <<EOF bash -xe
-apt-get update -qq
-apt-get install -qq -y --no-install-recommends \
- haproxy
-apt-get clean
-rm -rf /var/lib/apt/lists/*
-EOF
-COPY --from=helm --link /usr/bin/helm /usr/local/bin/helm
-COPY --from=magnum-build --link /var/lib/openstack /var/lib/openstack
+FROM registry.atmosphere.dev/library/ubuntu:main AS libvirt-tls-sidecar
+COPY --from=libvirt-tls-sidecar-builder /src/main /usr/bin/libvirt-tls-sidecar
+ENTRYPOINT ["/usr/bin/libvirt-tls-sidecar"]
diff --git a/Earthfile b/Earthfile
index 44adc0a..24a1027 100644
--- a/Earthfile
+++ b/Earthfile
@@ -36,47 +36,23 @@
SAVE ARTIFACT /src/junit-go.xml AS LOCAL junit-go.xml
END
+builder:
+ FROM ubuntu:jammy
+ RUN apt-get update -qq
+ RUN \
+ apt-get install -qq -y --no-install-recommends \
+ build-essential git python3-dev python3-pip python3-venv
+ ARG POETRY_VERSION=1.4.2
+ RUN pip3 install --no-cache-dir poetry==${POETRY_VERSION}
+
build.collection:
FROM registry.gitlab.com/pipeline-components/ansible-lint:latest
COPY . /src
RUN ansible-galaxy collection build /src
SAVE ARTIFACT /code/*.tar.gz AS LOCAL dist/
-go.build:
- FROM golang:1.21
- WORKDIR /src
- ARG GOOS=linux
- ARG GOARCH=amd64
- ARG VARIANT
- COPY --dir go.mod go.sum ./
- RUN go mod download
-
-libvirt-tls-sidecar.build:
- FROM +go.build
- ARG GOOS=linux
- ARG GOARCH=amd64
- ARG VARIANT
- COPY --dir cmd internal ./
- RUN GOARM=${VARIANT#"v"} go build -o main cmd/libvirt-tls-sidecar/main.go
- SAVE ARTIFACT ./main
-
-libvirt-tls-sidecar.platform-image:
- ARG TARGETPLATFORM
- ARG TARGETARCH
- ARG TARGETVARIANT
- FROM --platform=$TARGETPLATFORM ./images/base+image
- COPY \
- --platform=linux/amd64 \
- (+libvirt-tls-sidecar.build/main --GOARCH=$TARGETARCH --VARIANT=$TARGETVARIANT) /usr/bin/libvirt-tls-sidecar
- ENTRYPOINT ["/usr/bin/libvirt-tls-sidecar"]
- ARG REGISTRY=ghcr.io/vexxhost/atmosphere
- SAVE IMAGE --push ${REGISTRY}/libvirt-tls-sidecar:latest
-
-libvirt-tls-sidecar.image:
- BUILD --platform=linux/amd64 --platform=linux/arm64 +libvirt-tls-sidecar.platform-image
-
build.wheels:
- FROM ./images/builder+image
+ FROM +builder
COPY pyproject.toml poetry.lock ./
ARG --required only
RUN poetry export --only=${only} -f requirements.txt --without-hashes > requirements.txt
@@ -110,10 +86,14 @@
SAVE IMAGE --cache-hint
image:
- ARG RELEASE=2023.1
- FROM ./images/cloud-archive-base+image --RELEASE ${RELEASE}
+ FROM ubuntu:jammy
ENV ANSIBLE_PIPELINING=True
- DO ./images+APT_INSTALL --PACKAGES "rsync openssh-client"
+ RUN \
+ apt-get update -qq && \
+ apt-get install -qq -y --no-install-recommends \
+ rsync openssh-client && \
+ apt-get clean && \
+ rm -rf /var/lib/apt/lists/*
COPY +build.venv.runtime/venv /venv
ENV PATH=/venv/bin:$PATH
COPY +build.collections/ /usr/share/ansible
@@ -121,60 +101,6 @@
ARG REGISTRY=ghcr.io/vexxhost/atmosphere
SAVE IMAGE --push ${REGISTRY}:${tag}
-images:
- ARG REGISTRY=ghcr.io/vexxhost/atmosphere
- BUILD +libvirt-tls-sidecar.image --REGISTRY=${REGISTRY}
- BUILD ./images/cinder+image --REGISTRY=${REGISTRY}
- BUILD ./images/cluster-api-provider-openstack+image --REGISTRY=${REGISTRY}
- BUILD ./images/designate+image --REGISTRY=${REGISTRY}
- BUILD ./images/glance+image --REGISTRY=${REGISTRY}
- BUILD ./images/heat+image --REGISTRY=${REGISTRY}
- BUILD ./images/horizon+image --REGISTRY=${REGISTRY}
- BUILD ./images/ironic+image --REGISTRY=${REGISTRY}
- BUILD ./images/keystone+image --REGISTRY=${REGISTRY}
- BUILD ./images/kubernetes-entrypoint+image --REGISTRY=${REGISTRY}
- BUILD ./images/libvirtd+image --REGISTRY=${REGISTRY}
- BUILD ./images/magnum+image --REGISTRY=${REGISTRY}
- BUILD ./images/manila+image --REGISTRY=${REGISTRY}
- BUILD ./images/netoffload+image --REGISTRY=${REGISTRY}
- BUILD ./images/neutron+image --REGISTRY=${REGISTRY}
- BUILD ./images/nova-ssh+image --REGISTRY=${REGISTRY}
- BUILD ./images/nova+image --REGISTRY=${REGISTRY}
- BUILD ./images/octavia+image --REGISTRY=${REGISTRY}
- BUILD ./images/openvswitch+image --REGISTRY=${REGISTRY}
- BUILD ./images/ovn+images --REGISTRY=${REGISTRY}
- BUILD ./images/placement+image --REGISTRY=${REGISTRY}
- BUILD ./images/senlin+image --REGISTRY=${REGISTRY}
- BUILD ./images/staffeln+image --REGISTRY=${REGISTRY}
- BUILD ./images/tempest+image --REGISTRY=${REGISTRY}
-
-SCAN_IMAGE:
- FUNCTION
- ARG --required IMAGE
- # TODO(mnaser): Include secret scanning when it's more reliable.
- RUN \
- trivy image \
- --skip-db-update \
- --skip-java-db-update \
- --scanners vuln \
- --exit-code 1 \
- --ignore-unfixed \
- --timeout 10m \
- ${IMAGE}
-
-scan-image:
- FROM ./images/trivy+image
- ARG --required IMAGE
- DO +SCAN_IMAGE --IMAGE ${IMAGE}
-
-scan-images:
- FROM ./images/trivy+image
- COPY roles/defaults/vars/main.yml /defaults.yml
- # TODO(mnaser): Scan all images eventually
- FOR IMAGE IN $(cat /defaults.yml | egrep -E 'ghcr.io/vexxhost|registry.atmosphere.dev' | cut -d' ' -f4 | sort | uniq)
- BUILD +scan-image --IMAGE ${IMAGE}
- END
-
gh:
FROM alpine:3
RUN apk add --no-cache github-cli
diff --git a/charts/horizon/templates/bin/_django.wsgi.tpl b/charts/horizon/templates/bin/_django.wsgi.tpl
index 4626f21..cbf87fb 100644
--- a/charts/horizon/templates/bin/_django.wsgi.tpl
+++ b/charts/horizon/templates/bin/_django.wsgi.tpl
@@ -22,8 +22,6 @@
import sys
import pymysql
-
-pymysql.version_info = (1, 4, 0, "final", 0)
pymysql.install_as_MySQLdb()
from django.core.wsgi import get_wsgi_application
diff --git a/charts/horizon/templates/bin/_manage.py.tpl b/charts/horizon/templates/bin/_manage.py.tpl
index 105a32c..1b21cfc 100644
--- a/charts/horizon/templates/bin/_manage.py.tpl
+++ b/charts/horizon/templates/bin/_manage.py.tpl
@@ -23,7 +23,6 @@
import sys
import pymysql
-pymysql.version_info = (1, 4, 0, "final", 0)
pymysql.install_as_MySQLdb()
from django.core.management import execute_from_command_line
diff --git a/charts/horizon/values.yaml b/charts/horizon/values.yaml
index 8cfaf5b..36de4ee 100644
--- a/charts/horizon/values.yaml
+++ b/charts/horizon/values.yaml
@@ -253,7 +253,7 @@
template: |
import os
- from django.utils.translation import ugettext_lazy as _
+ from django.utils.translation import gettext_lazy as _
from openstack_dashboard import exceptions
@@ -385,7 +385,7 @@
CACHES = {
'default': {
- 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
+ 'BACKEND': 'django.core.cache.backends.memcached.PyMemcacheCache',
'LOCATION': '{{ tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }}',
}
}
diff --git a/charts/neutron/values.yaml b/charts/neutron/values.yaml
index 747baa5..8d5e944 100644
--- a/charts/neutron/values.yaml
+++ b/charts/neutron/values.yaml
@@ -2316,7 +2316,7 @@
user_domain_name: default
project_domain_name: default
neutron:
- role: admin
+ role: admin,service
region_name: RegionOne
username: neutron
password: password
diff --git a/charts/senlin/values.yaml b/charts/senlin/values.yaml
index 48bf86a..5631c58 100644
--- a/charts/senlin/values.yaml
+++ b/charts/senlin/values.yaml
@@ -98,7 +98,7 @@
- network: public
paste:
pipeline:senlin-api:
- pipeline: request_id faultwrap ssl versionnegotiation webhook authtoken context trust apiv1app
+ pipeline: cors http_proxy_to_wsgi request_id faultwrap versionnegotiation osprofiler webhook authtoken context trust apiv1app
app:apiv1app:
paste.app_factory: senlin.api.common.wsgi:app_factory
senlin.app_factory: senlin.api.openstack.v1.router:API
@@ -110,8 +110,7 @@
filter:context:
paste.filter_factory: senlin.api.common.wsgi:filter_factory
senlin.filter_factory: senlin.api.middleware:context_filter
- filter:ssl:
- paste.filter_factory: oslo_middleware.ssl:SSLMiddleware.factory
+ oslo_config_project: senlin
filter:versionnegotiation:
paste.filter_factory: senlin.api.common.wsgi:filter_factory
senlin.filter_factory: senlin.api.middleware:version_filter
@@ -121,8 +120,16 @@
filter:webhook:
paste.filter_factory: senlin.api.common.wsgi:filter_factory
senlin.filter_factory: senlin.api.middleware:webhook_filter
+ filter:http_proxy_to_wsgi:
+ paste.filter_factory: oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory
+ oslo_config_project: senlin
filter:authtoken:
paste.filter_factory: keystonemiddleware.auth_token:filter_factory
+ filter:osprofiler:
+ paste.filter_factory: osprofiler.web:WsgiMiddleware.factory
+ filter:cors:
+ paste.filter_factory: oslo_middleware.cors:filter_factory
+ oslo_config_project: senlin
policy: {}
senlin:
DEFAULT:
diff --git a/docker-bake.hcl b/docker-bake.hcl
deleted file mode 100644
index 7237361..0000000
--- a/docker-bake.hcl
+++ /dev/null
@@ -1,98 +0,0 @@
-variable "REGISTRY" {
- default = "registry.atmosphere.dev/library"
-}
-
-variable "CACHE_REGISTRY" {
- default = "registry.atmosphere.dev/cache"
-}
-
-variable "PUSH_TO_CACHE" {
- default = false
-}
-
-function "cache_from" {
- params = [image]
- result = ["type=registry,ref=${CACHE_REGISTRY}/${image}"]
-}
-
-function "cache_to" {
- params = [image]
- result = PUSH_TO_CACHE ? [format("%s,%s", cache_from(image)[0], "mode=max,image-manifest=true,oci-mediatypes=true,compression=zstd")] : []
-}
-
-target "barbican" {
- name = "barbican-${release.tgt}"
-
- context = "."
- target = "barbican"
-
- cache-from = cache_from("barbican:${release.name}")
- cache-to = cache_to("barbican:${release.name}")
-
- tags = [
- "${REGISTRY}/barbican:${release.name}",
- "${REGISTRY}/barbican:${release.ref}"
- ]
-
- matrix = {
- release = [
- {
- tgt = "bobcat",
- name = "2023.2",
- ref = "a00fcade4138ffc52cd9c84b5999297966f019b5"
- }
- ]
- }
-
- args = {
- RELEASE = release.name
- BRANCH = format("stable/%s", release.name)
- PROJECT = "barbican"
- BARBICAN_GIT_REF = release.ref
- }
-}
-
-target "magnum" {
- name = "magnum-${release.tgt}"
-
- context = "."
- target = "magnum"
-
- cache-from = cache_from("magnum:${release.name}")
- cache-to = cache_to("magnum:${release.name}")
-
- tags = [
- "${REGISTRY}/magnum:${release.name}",
- "${REGISTRY}/magnum:${release.ref}"
- ]
-
- matrix = {
- release = [
- {
- tgt = "zed",
- name = "zed",
- ref = "0ee979099a01ae2c8b1b5d6757897a8993e4e34c"
- },
- {
- tgt = "bobcat",
- name = "2023.2",
- ref = "5f921a72d22d7e96fb3584c4906a39de9a085a41"
- }
- ]
- }
-
- args = {
- RELEASE = release.name
- BRANCH = format("stable/%s", release.name)
- PROJECT = "magnum"
- MAGNUM_GIT_REF = release.ref
- }
-}
-
-
-group "default" {
- targets = [
- "barbican",
- "magnum"
- ]
-}
diff --git a/images/Earthfile b/images/Earthfile
deleted file mode 100644
index 32cab4a..0000000
--- a/images/Earthfile
+++ /dev/null
@@ -1,52 +0,0 @@
-VERSION 0.8
-
-APT_INSTALL:
- FUNCTION
- ARG PACKAGES
- RUN \
- apt-get update && \
- DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y ${PACKAGES} && \
- apt-get clean && \
- rm -rf /var/lib/apt/lists/*
-
-DNF_INSTALL:
- FUNCTION
- ARG PACKAGES
- RUN \
- dnf -y install \
- ${PACKAGES} \
- --setopt=install_weak_deps=False \
- --setopt=tsflags=nodocs && \
- dnf -y clean all && \
- rm -rf /var/cache/dnf
-
-CREATE_PROJECT_USER:
- FUNCTION
- ARG PROJECT
- ARG SHELL=/usr/sbin/nologin
- RUN \
- groupadd -g 42424 ${PROJECT} && \
- useradd -u 42424 -g 42424 -M -d /var/lib/${PROJECT} -s ${SHELL} -c "${PROJECT} User" ${PROJECT} && \
- mkdir -p /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/cache/${PROJECT} && \
- chown -Rv ${PROJECT}:${PROJECT} /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/cache/${PROJECT}
-
-fetch-gerrit-patch:
- FROM ./base+image
- DO +APT_INSTALL --PACKAGES "ca-certificates curl git jq"
- ARG --required IMAGE
- ARG PROJECT=${IMAGE}
- ARG --required CHANGE
- ARG PROJECT_REF=master
- DO ./openstack-service+GIT_CHECKOUT \
- --PROJECT=${PROJECT} \
- --PROJECT_REF=${PROJECT_REF}
- ARG REF=$(curl "https://review.opendev.org/changes/?q=${CHANGE}&o=CURRENT_REVISION" | tail -1 | jq -r '.[0].revisions[].ref')
- COPY ${IMAGE}/patches/${PROJECT} /patches
- RUN \
- git fetch https://review.opendev.org/openstack/${PROJECT} ${REF} && \
- git format-patch -1 --output-directory /gerrit FETCH_HEAD
- ARG PATCH_ID=$(ls -1 /patches | wc -l | xargs printf "%04d")
- RUN \
- cp /gerrit/0001-* \
- /patches/${PATCH_ID}-$(basename /gerrit/*.patch | sed 's/0001-//')
- SAVE ARTIFACT /patches AS LOCAL ${IMAGE}/patches/${PROJECT}
diff --git a/images/barbican/Dockerfile b/images/barbican/Dockerfile
new file mode 100644
index 0000000..28de6ab
--- /dev/null
+++ b/images/barbican/Dockerfile
@@ -0,0 +1,27 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+FROM registry.atmosphere.dev/library/openstack-venv-builder:main AS build
+ARG BARBICAN_GIT_REF=ca57ef5436e20e90cf6cd6853efe3c89a9afd986
+ADD --keep-git-dir=true https://opendev.org/openstack/barbican.git#${BARBICAN_GIT_REF} /src/barbican
+RUN git -C /src/barbican fetch --unshallow
+RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private <<EOF bash -xe
+pip3 install \
+ --constraint /upper-constraints.txt \
+ /src/barbican \
+ pykmip
+EOF
+
+FROM registry.atmosphere.dev/library/openstack-python-runtime:main
+COPY --from=build --link /var/lib/openstack /var/lib/openstack
diff --git a/images/base/Earthfile b/images/base/Earthfile
deleted file mode 100644
index 8b7b2df..0000000
--- a/images/base/Earthfile
+++ /dev/null
@@ -1,7 +0,0 @@
-VERSION 0.7
-
-image:
- FROM ubuntu:jammy-20240212
- LABEL org.opencontainers.image.source=https://github.com/vexxhost/atmosphere
- # CVE-2023-4641
- DO ../+APT_INSTALL --PACKAGES "login=1:4.8.1-2ubuntu2.2 passwd=1:4.8.1-2ubuntu2.2"
diff --git a/images/build.sh b/images/build.sh
deleted file mode 100755
index d93f853..0000000
--- a/images/build.sh
+++ /dev/null
@@ -1,43 +0,0 @@
-#!/bin/bash -xe
-
-TARGET=""
-PUSH=false
-
-while [[ $# -gt 0 ]]; do
- key="$1"
-
- case $key in
- --push)
- PUSH=true
- shift
- ;;
- *)
- if [ -z "$TARGET" ]; then
- TARGET="$1"
- else
- echo "Invalid argument: $1"
- exit 1
- fi
- shift
- ;;
- esac
-done
-
-if [ -z "$TARGET" ]; then
- echo "Usage: $0 [--push] <target>"
- exit 1
-fi
-
-docker buildx create --name=atmosphere --driver=docker-container || true
-
-if [ "$PUSH" = true ]; then
- docker buildx bake --builder=atmosphere --provenance --sbom=true --push $TARGET
-
- # Sign all images
- export COSIGN_PASSWORD=""
- for IMAGE in $(docker buildx bake --print ${TARGET} | jq -r '.target[].tags | select(. != null)[]'); do
- cosign sign -y --recursive --key cosign.key ${IMAGE}
- done
-else
- docker buildx bake --builder=atmosphere --provenance --sbom=true $TARGET
-fi
diff --git a/images/builder/Earthfile b/images/builder/Earthfile
deleted file mode 100644
index f4e92d3..0000000
--- a/images/builder/Earthfile
+++ /dev/null
@@ -1,7 +0,0 @@
-VERSION 0.7
-
-image:
- FROM ../base+image
- DO ../+APT_INSTALL --PACKAGES "build-essential git python3-dev python3-pip python3-venv"
- ARG POETRY_VERSION=1.4.2
- RUN pip3 install --no-cache-dir poetry==${POETRY_VERSION}
diff --git a/images/cinder/Dockerfile b/images/cinder/Dockerfile
new file mode 100644
index 0000000..4f0fbb5
--- /dev/null
+++ b/images/cinder/Dockerfile
@@ -0,0 +1,37 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+FROM registry.atmosphere.dev/library/openstack-venv-builder:main AS build
+ARG CINDER_GIT_REF=b0f0b9015b9dfa228dff98eeee5116d8eca1c3cc
+ADD --keep-git-dir=true https://opendev.org/openstack/cinder.git#${CINDER_GIT_REF} /src/cinder
+RUN git -C /src/cinder fetch --unshallow
+COPY patches/cinder /patches/cinder
+RUN git -C /src/cinder apply --verbose /patches/cinder/*
+RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private <<EOF bash -xe
+pip3 install \
+ --constraint /upper-constraints.txt \
+ /src/cinder \
+ purestorage
+EOF
+
+FROM registry.atmosphere.dev/library/openstack-python-runtime:main
+RUN <<EOF bash -xe
+apt-get update -qq
+apt-get install -qq -y --no-install-recommends \
+ ceph-common lsscsi nvme-cli python3-rados python3-rbd qemu-utils sysfsutils udev util-linux
+apt-get clean
+rm -rf /var/lib/apt/lists/*
+EOF
+ADD --chmod=755 https://dl.k8s.io/release/v1.29.3/bin/linux/amd64/kubectl /usr/local/bin/kubectl
+COPY --from=build --link /var/lib/openstack /var/lib/openstack
diff --git a/images/cinder/Earthfile b/images/cinder/Earthfile
deleted file mode 100644
index 79561e7..0000000
--- a/images/cinder/Earthfile
+++ /dev/null
@@ -1,23 +0,0 @@
-VERSION 0.7
-
-ARG --global PROJECT=cinder
-ARG --global RELEASE=2023.2
-ARG --global PROJECT_REF=6abf43c220029bd47ec446971e14e293c9be2f78
-
-build:
- FROM ../openstack-service+builder --RELEASE=${RELEASE}
- DO ../openstack-service+BUILD_VENV \
- --PROJECT=${PROJECT} \
- --PROJECT_REF=${PROJECT_REF} \
- --PIP_PACKAGES="purestorage"
-
-image:
- FROM ../openstack-service+image --RELEASE ${RELEASE} --PROJECT ${PROJECT}
- COPY +build/venv /var/lib/openstack
- COPY ../kubernetes+image/kubectl /usr/local/bin/kubectl
- DO ../+APT_INSTALL \
- --PACKAGES "ceph-common lsscsi nvme-cli python3-rados python3-rbd qemu-utils sysfsutils udev util-linux"
- ARG REGISTRY=ghcr.io/vexxhost/atmosphere
- SAVE IMAGE --push \
- ${REGISTRY}/${PROJECT}:${RELEASE} \
- ${REGISTRY}/${PROJECT}:${PROJECT_REF}
diff --git a/images/cinder/patches/cinder/0001-Create-encrypted-volumes-directly-to-RBD.patch b/images/cinder/patches/cinder/0001-Create-encrypted-volumes-directly-to-RBD.patch
new file mode 100644
index 0000000..6993ab3
--- /dev/null
+++ b/images/cinder/patches/cinder/0001-Create-encrypted-volumes-directly-to-RBD.patch
@@ -0,0 +1,145 @@
+From 5ffb50d2873c48998491950138c848a9feef07fc Mon Sep 17 00:00:00 2001
+From: ricolin <ricolin@ricolky.com>
+Date: Fri, 1 Mar 2024 13:50:13 +0800
+Subject: [PATCH 1/3] Create encrypted volumes directly to RBD
+
+This fix slow on create encrypted volumes with temp file import.
+Encrypted volume create is now directly upload to RBD with qemu-img
+command without temprory image file generated.
+
+Closes-Bug: #2055517
+Change-Id: If7a72a4acd5600de1350289a9d9c38017d42659e
+---
+ cinder/tests/unit/volume/drivers/test_rbd.py | 9 +--
+ cinder/volume/drivers/rbd.py | 62 +++++++++----------
+ ...ate-encrypted-volume-c1bb6b44b85c0242.yaml | 7 +++
+ 3 files changed, 40 insertions(+), 38 deletions(-)
+ create mode 100644 releasenotes/notes/improve-create-encrypted-volume-c1bb6b44b85c0242.yaml
+
+diff --git a/cinder/tests/unit/volume/drivers/test_rbd.py b/cinder/tests/unit/volume/drivers/test_rbd.py
+index f1ffeb89e..cf768df06 100644
+--- a/cinder/tests/unit/volume/drivers/test_rbd.py
++++ b/cinder/tests/unit/volume/drivers/test_rbd.py
+@@ -3247,7 +3247,6 @@ class RBDTestCase(test.TestCase):
+ self.__dict__ = d
+
+ mock_temp_file.return_value.__enter__.side_effect = [
+- DictObj({'name': '/imgfile'}),
+ DictObj({'name': '/passfile'})]
+
+ key_mgr = fake_keymgr.fake_api()
+@@ -3268,15 +3267,13 @@ class RBDTestCase(test.TestCase):
+ self.context)
+ mock_open.assert_called_with('/passfile', 'w')
+
+- mock_exec.assert_any_call(
++ mock_exec.assert_called_with(
+ 'qemu-img', 'create', '-f', 'luks', '-o',
+ 'cipher-alg=aes-256,cipher-mode=xts,ivgen-alg=essiv',
+ '--object',
+ 'secret,id=luks_sec,format=raw,file=/passfile',
+- '-o', 'key-secret=luks_sec', '/imgfile', '12288M')
+- mock_exec.assert_any_call(
+- 'rbd', 'import', '--dest-pool', 'rbd', '--order', 22,
+- '/imgfile', self.volume_c.name)
++ '-o', 'key-secret=luks_sec', 'rbd:rbd/%s' % self.volume_c.name,
++ '12288M')
+
+ @mock.patch('cinder.objects.Volume.get_by_id')
+ @mock.patch('cinder.db.volume_glance_metadata_get', return_value={})
+diff --git a/cinder/volume/drivers/rbd.py b/cinder/volume/drivers/rbd.py
+index 1f4dac8d9..aace801f3 100644
+--- a/cinder/volume/drivers/rbd.py
++++ b/cinder/volume/drivers/rbd.py
+@@ -1089,8 +1089,8 @@ class RBDDriver(driver.CloneableImageVD, driver.MigrateVD,
+ context: context.RequestContext) -> None:
+ """Create an encrypted volume.
+
+- This works by creating an encrypted image locally,
+- and then uploading it to the volume.
++ This works by creating an encrypted image and
++ then uploading it to the volume directly.
+ """
+ encryption = volume_utils.check_encryption_provider(volume, context)
+
+@@ -1102,37 +1102,35 @@ class RBDDriver(driver.CloneableImageVD, driver.MigrateVD,
+ # create a file
+ tmp_dir = volume_utils.image_conversion_dir()
+
+- with tempfile.NamedTemporaryFile(dir=tmp_dir) as tmp_image:
+- with tempfile.NamedTemporaryFile(dir=tmp_dir) as tmp_key:
+- with open(tmp_key.name, 'w') as f:
+- f.write(passphrase)
+-
+- cipher_spec = image_utils.decode_cipher(encryption['cipher'],
+- encryption['key_size'])
+-
+- create_cmd = (
+- 'qemu-img', 'create', '-f', 'luks',
+- '-o', 'cipher-alg=%(cipher_alg)s,'
+- 'cipher-mode=%(cipher_mode)s,'
+- 'ivgen-alg=%(ivgen_alg)s' % cipher_spec,
+- '--object', 'secret,id=luks_sec,'
+- 'format=raw,file=%(passfile)s' % {'passfile':
+- tmp_key.name},
+- '-o', 'key-secret=luks_sec',
+- tmp_image.name,
+- '%sM' % (volume.size * 1024))
+- self._execute(*create_cmd)
+-
+- # Copy image into RBD
+- chunk_size = self.configuration.rbd_store_chunk_size * units.Mi
+- order = int(math.log(chunk_size, 2))
++ with tempfile.NamedTemporaryFile(dir=tmp_dir) as tmp_key:
++ with open(tmp_key.name, 'w') as f:
++ f.write(passphrase)
+
+- cmd = ['rbd', 'import',
+- '--dest-pool', self.configuration.rbd_pool,
+- '--order', order,
+- tmp_image.name, volume.name]
+- cmd.extend(self._ceph_args())
+- self._execute(*cmd)
++ cipher_spec = image_utils.decode_cipher(encryption['cipher'],
++ encryption['key_size'])
++
++ _, conf, user_id, _ = self._get_config_tuple()
++ rbd_options = ''
++ if user_id:
++ rbd_options += ':id=%(user_id)s' % {'user_id': user_id}
++ if conf:
++ rbd_options += ':conf=%(conf)s' % {'conf': conf}
++ create_cmd = (
++ 'qemu-img', 'create', '-f', 'luks',
++ '-o', 'cipher-alg=%(cipher_alg)s,'
++ 'cipher-mode=%(cipher_mode)s,'
++ 'ivgen-alg=%(ivgen_alg)s' % cipher_spec,
++ '--object', 'secret,id=luks_sec,'
++ 'format=raw,file=%(passfile)s' % {'passfile':
++ tmp_key.name},
++ '-o', 'key-secret=luks_sec',
++ 'rbd:%(pool_name)s/%(image_name)s%(rbd_options)s' % {
++ 'pool_name': self.configuration.rbd_pool,
++ 'image_name': volume.name,
++ 'rbd_options': rbd_options
++ },
++ '%sM' % (volume.size * 1024))
++ self._execute(*create_cmd)
+
+ def create_volume(self, volume: Volume) -> dict[str, Any]:
+ """Creates a logical volume."""
+diff --git a/releasenotes/notes/improve-create-encrypted-volume-c1bb6b44b85c0242.yaml b/releasenotes/notes/improve-create-encrypted-volume-c1bb6b44b85c0242.yaml
+new file mode 100644
+index 000000000..8bdff6746
+--- /dev/null
++++ b/releasenotes/notes/improve-create-encrypted-volume-c1bb6b44b85c0242.yaml
+@@ -0,0 +1,7 @@
++---
++fixes:
++ - |
++ [Bug 255517](https://bugs.launchpad.net/cinder/+bug/2055517): Fix slow
++ on create encrypted volumes with temp file import. Encrypted volume create
++ is now directly upload to rbd with qemu-img command without temprory image
++ file generated.
+--
+2.34.1
diff --git a/images/cinder/patches/cinder/0002-Allow-clone-encrypted-image-to-encrypted-volume.patch b/images/cinder/patches/cinder/0002-Allow-clone-encrypted-image-to-encrypted-volume.patch
new file mode 100644
index 0000000..db47071
--- /dev/null
+++ b/images/cinder/patches/cinder/0002-Allow-clone-encrypted-image-to-encrypted-volume.patch
@@ -0,0 +1,129 @@
+From c47fb9f0209076182787f06b306f30c3e1948592 Mon Sep 17 00:00:00 2001
+From: ricolin <rlin@vexxhost.com>
+Date: Sat, 16 Mar 2024 00:35:12 +0800
+Subject: [PATCH 2/3] Allow clone encrypted image to encrypted volume
+
+Exactly like what we did in copy-and-import image when create encrypted
+volume from encrypted image. If the image is encrypted, we will copy
+`cinder_encryption_key_id` from image metadata to volume. That means we
+should be safe to try directly clone from encrypted image.
+
+Related-Bug: #2055517
+Change-Id: Id6a1452c2c197a58677bf181470f54565fbd263b
+---
+ .../volume/flows/test_create_volume_flow.py | 46 +++++++++++++++++++
+ cinder/volume/flows/manager/create_volume.py | 9 +++-
+ ...clone-encryped-image-6961ca1439825dc4.yaml | 8 ++++
+ 3 files changed, 61 insertions(+), 2 deletions(-)
+ create mode 100644 releasenotes/notes/allow-clone-encryped-image-6961ca1439825dc4.yaml
+
+diff --git a/cinder/tests/unit/volume/flows/test_create_volume_flow.py b/cinder/tests/unit/volume/flows/test_create_volume_flow.py
+index ad5735596..6ff97aaa0 100644
+--- a/cinder/tests/unit/volume/flows/test_create_volume_flow.py
++++ b/cinder/tests/unit/volume/flows/test_create_volume_flow.py
+@@ -1203,6 +1203,7 @@ class CreateVolumeFlowManagerTestCase(test.TestCase):
+ encryption_key_id=fakes.ENCRYPTION_KEY_ID,
+ host='host@backend#pool')
+
++ fake_driver.clone_image.return_value = (None, False)
+ fake_image_service = fake_image.FakeImageService()
+ image_meta = {}
+ image_id = fakes.IMAGE_ID
+@@ -1219,6 +1220,7 @@ class CreateVolumeFlowManagerTestCase(test.TestCase):
+ image_meta, fake_image_service)
+
+ fake_driver.create_volume.assert_called_once_with(volume)
++ fake_driver.clone_image.assert_called_once()
+ fake_driver.copy_image_to_encrypted_volume.assert_not_called()
+ fake_driver.copy_image_to_volume.assert_called_once_with(
+ self.ctxt, volume, fake_image_service, image_id,
+@@ -1228,6 +1230,50 @@ class CreateVolumeFlowManagerTestCase(test.TestCase):
+ image_meta=image_meta)
+ mock_cleanup_cg.assert_called_once_with(volume)
+
++ @mock.patch('cinder.volume.flows.manager.create_volume.'
++ 'CreateVolumeFromSpecTask.'
++ '_handle_bootable_volume_glance_meta')
++ @mock.patch('cinder.image.image_utils.TemporaryImages.fetch')
++ @mock.patch('cinder.image.image_utils.qemu_img_info')
++ @mock.patch('cinder.image.image_utils.check_virtual_size')
++ def test_create_encrypted_volume_from_enc_image_clone(
++ self, mock_check_size, mock_qemu_img,
++ mock_fetch_img, mock_handle_bootable
++ ):
++ fake_db = mock.MagicMock()
++ fake_driver = mock.MagicMock()
++ fake_volume_manager = mock.MagicMock()
++ fake_manager = create_volume_manager.CreateVolumeFromSpecTask(
++ fake_volume_manager, fake_db, fake_driver)
++ volume = fake_volume.fake_volume_obj(
++ self.ctxt,
++ encryption_key_id=fakes.ENCRYPTION_KEY_ID,
++ host='host@backend#pool')
++
++ fake_driver.clone_image.return_value = (None, True)
++ fake_image_service = fake_image.FakeImageService()
++ image_meta = {}
++ image_id = fakes.IMAGE_ID
++ image_meta['id'] = image_id
++ image_meta['status'] = 'active'
++ image_meta['size'] = 1
++ image_meta['cinder_encryption_key_id'] = \
++ '00000000-0000-0000-0000-000000000000'
++ image_location = 'abc'
++
++ fake_db.volume_update.return_value = volume
++ fake_manager._create_from_image(self.ctxt, volume,
++ image_location, image_id,
++ image_meta, fake_image_service)
++
++ fake_driver.create_volume.assert_not_called()
++ fake_driver.clone_image.assert_called_once()
++ fake_driver.copy_image_to_encrypted_volume.assert_not_called()
++ fake_driver.copy_image_to_volume.assert_not_called()
++ mock_handle_bootable.assert_called_once_with(self.ctxt, volume,
++ image_id=image_id,
++ image_meta=image_meta)
++
+ @ddt.data({'driver_error': True},
+ {'driver_error': False})
+ @mock.patch('cinder.backup.api.API.get_available_backup_service_host')
+diff --git a/cinder/volume/flows/manager/create_volume.py b/cinder/volume/flows/manager/create_volume.py
+index ac09ed898..549a49b00 100644
+--- a/cinder/volume/flows/manager/create_volume.py
++++ b/cinder/volume/flows/manager/create_volume.py
+@@ -1087,11 +1087,16 @@ class CreateVolumeFromSpecTask(flow_utils.CinderTask):
+ # dict containing provider_location for cloned volume
+ # and clone status.
+ # NOTE (lixiaoy1): Currently all images are raw data, we can't
+- # use clone_image to copy data if new volume is encrypted.
++ # use clone_image to copy data if new volume is encrypted
++ # NOTE (ricolin): If the image provided an encryption key, we have
++ # already cloned it to the volume's key in
++ # _get_encryption_key_id, so we can do a direct clone.
++ image_encryption_key = image_meta.get('cinder_encryption_key_id')
+ volume_is_encrypted = volume.encryption_key_id is not None
+ cloned = False
+ model_update = None
+- if not volume_is_encrypted:
++ if not volume_is_encrypted or (
++ volume_is_encrypted and image_encryption_key):
+ model_update, cloned = self.driver.clone_image(context,
+ volume,
+ image_location,
+diff --git a/releasenotes/notes/allow-clone-encryped-image-6961ca1439825dc4.yaml b/releasenotes/notes/allow-clone-encryped-image-6961ca1439825dc4.yaml
+new file mode 100644
+index 000000000..d6c7e8eb8
+--- /dev/null
++++ b/releasenotes/notes/allow-clone-encryped-image-6961ca1439825dc4.yaml
+@@ -0,0 +1,8 @@
++---
++features:
++ - |
++ Allow clone encrypted image when create encrypted volume from image.
++ Exactly like what we did in copy-and-import image when create encrypted
++ volume from encrypted image. If the image is encrypted, we will copy
++ `cinder_encryption_key_id` from image metadata to volume. That means we
++ should be safe to try directly clone from encrypted image.
+--
+2.34.1
diff --git a/images/cinder/patches/cinder/0003-Allow-encrypted-volume-clone-from-Glance-image.patch b/images/cinder/patches/cinder/0003-Allow-encrypted-volume-clone-from-Glance-image.patch
new file mode 100644
index 0000000..f436449
--- /dev/null
+++ b/images/cinder/patches/cinder/0003-Allow-encrypted-volume-clone-from-Glance-image.patch
@@ -0,0 +1,319 @@
+From 97953c8bd8c7d61a3f68c3e829ff79290315ec5b Mon Sep 17 00:00:00 2001
+From: ricolin <rlin@vexxhost.com>
+Date: Fri, 15 Mar 2024 23:26:14 +0800
+Subject: [PATCH 3/3] Allow encrypted volume clone from Glance image
+
+Allow clone image when creating encrypted volume from Glance image if both
+stored in RBD.
+Previously, Glance image clone is not supported for encrypted volume
+creation. The old process is to download image to local disk, encrypt the
+local file, and import it back to RBD. This not just slow, but also
+protentially take large amount of local disk space from hosts that runs
+Cinder volume service.
+The new process is to try and clone from Glance image (if it's also stored
+in RBD), flatten it, and encrypting new image in RBD for volume. And If
+Glance image source is not clonable, will continue with copy-and-import
+method as previous flow.
+In above flow, If clone from Glance image is appliable. Even it still
+requires to clone and flatten RBD image might took some time, but should
+still be a lot faster than copy-and-import. And also no local disk will
+be used to store raw image in this case.
+This also introduced driver method `clone_image_and_encrypt` for drivers
+that seperate the clone process from non-encrypted volume so the create
+flow won't be affected.
+
+Related-Bug: #2055517
+Change-Id: Ia023646d8bc9468bf5cc8955f7013299b2a3a460
+---
+ .../volume/flows/test_create_volume_flow.py | 49 ++++++++++
+ cinder/volume/driver.py | 11 +++
+ cinder/volume/drivers/rbd.py | 95 ++++++++++++++++---
+ cinder/volume/flows/manager/create_volume.py | 8 +-
+ ...for-encrypted-volume-de477647e9016b8b.yaml | 21 ++++
+ 5 files changed, 167 insertions(+), 17 deletions(-)
+ create mode 100644 releasenotes/notes/allow-clone-image-for-encrypted-volume-de477647e9016b8b.yaml
+
+diff --git a/cinder/tests/unit/volume/flows/test_create_volume_flow.py b/cinder/tests/unit/volume/flows/test_create_volume_flow.py
+index 6ff97aaa0..a85bf7eec 100644
+--- a/cinder/tests/unit/volume/flows/test_create_volume_flow.py
++++ b/cinder/tests/unit/volume/flows/test_create_volume_flow.py
+@@ -1164,6 +1164,7 @@ class CreateVolumeFlowManagerTestCase(test.TestCase):
+ image_location = 'abc'
+
+ fake_db.volume_update.return_value = volume
++ fake_driver.clone_image_and_encrypt.return_value = (None, False)
+ fake_manager._create_from_image(self.ctxt, volume,
+ image_location, image_id,
+ image_meta, fake_image_service)
+@@ -1178,6 +1179,54 @@ class CreateVolumeFlowManagerTestCase(test.TestCase):
+ image_meta=image_meta)
+ mock_cleanup_cg.assert_called_once_with(volume)
+
++ @mock.patch('cinder.volume.flows.manager.create_volume.'
++ 'CreateVolumeFromSpecTask.'
++ '_prepare_image_cache_entry')
++ @mock.patch('cinder.volume.flows.manager.create_volume.'
++ 'CreateVolumeFromSpecTask.'
++ '_handle_bootable_volume_glance_meta')
++ @mock.patch('cinder.image.image_utils.TemporaryImages.fetch')
++ @mock.patch('cinder.image.image_utils.qemu_img_info')
++ @mock.patch('cinder.image.image_utils.check_virtual_size')
++ def test_create_encrypted_volume_from_image_clone(
++ self, mock_check_size, mock_qemu_img, mock_fetch_img,
++ mock_handle_bootable, mock_prepare_image_cache
++ ):
++ fake_db = mock.MagicMock()
++ fake_driver = mock.MagicMock()
++ fake_volume_manager = mock.MagicMock()
++ fake_cache = mock.MagicMock()
++ fake_manager = create_volume_manager.CreateVolumeFromSpecTask(
++ fake_volume_manager, fake_db, fake_driver, fake_cache)
++ volume = fake_volume.fake_volume_obj(
++ self.ctxt,
++ encryption_key_id=fakes.ENCRYPTION_KEY_ID,
++ host='host@backend#pool')
++
++ fake_image_service = fake_image.FakeImageService()
++ image_meta = {}
++ image_id = fakes.IMAGE_ID
++ image_meta['id'] = image_id
++ image_meta['status'] = 'active'
++ image_meta['size'] = 1
++ image_location = 'abc'
++
++ fake_db.volume_update.return_value = volume
++ fake_driver.clone_image_and_encrypt.return_value = (None, True)
++ fake_manager._create_from_image(self.ctxt, volume,
++ image_location, image_id,
++ image_meta, fake_image_service)
++
++ mock_prepare_image_cache.assert_not_called()
++ fake_driver.create_volume.assert_not_called()
++ fake_driver.clone_image.assert_not_called()
++ fake_driver.clone_image_and_encrypt.assert_called_once()
++ fake_driver.copy_image_to_encrypted_volume.assert_not_called()
++ fake_driver.copy_image_to_volume.assert_not_called()
++ mock_handle_bootable.assert_called_once_with(self.ctxt, volume,
++ image_id=image_id,
++ image_meta=image_meta)
++
+ @mock.patch('cinder.volume.flows.manager.create_volume.'
+ 'CreateVolumeFromSpecTask.'
+ '_cleanup_cg_in_volume')
+diff --git a/cinder/volume/driver.py b/cinder/volume/driver.py
+index 2ff27564b..030b4a8dd 100644
+--- a/cinder/volume/driver.py
++++ b/cinder/volume/driver.py
+@@ -1192,6 +1192,17 @@ class BaseVD(object, metaclass=abc.ABCMeta):
+ """
+ return None, False
+
++ def clone_image_and_encrypt(
++ self, context, volume, image_location, image_meta, image_service
++ ):
++ """Create and encrypt a volume efficiently from an existing image.
++
++ Refer to
++ :obj:`cinder.interface.volume_driver.VolumeDriverCore.clone_image`
++ for additional information.
++ """
++ return None, False
++
+ def backup_use_temp_snapshot(self):
+ """Get the configured setting for backup from snapshot.
+
+diff --git a/cinder/volume/drivers/rbd.py b/cinder/volume/drivers/rbd.py
+index aace801f3..ad0eea9d5 100644
+--- a/cinder/volume/drivers/rbd.py
++++ b/cinder/volume/drivers/rbd.py
+@@ -141,6 +141,13 @@ CONF.register_opts(RBD_OPTS, group=configuration.SHARED_CONF_GROUP)
+ EXTRA_SPECS_REPL_ENABLED = "replication_enabled"
+ EXTRA_SPECS_MULTIATTACH = "multiattach"
+
++# Note(ricolin): Reference ceph site for more information:
++# https://github.com/ceph/ceph/blob/main/src/include/rbd/librbd.h
++RBD_ENCRYPTION_ALG = {
++ 'aes-128': 0,
++ 'aes-256': 1
++}
++
+ QOS_KEY_MAP = {
+ 'total_iops_sec': {
+ 'ceph_key': 'rbd_qos_iops_limit',
+@@ -1190,6 +1197,20 @@ class RBDDriver(driver.CloneableImageVD, driver.MigrateVD,
+
+ return max(image_stripe_unit, default_stripe_unit)
+
++ def _encrypt_volume(self,
++ context: context.RequestContext,
++ volume: Volume,
++ passphrase: str,
++ cipher_spec: dict
++ ) -> None:
++ LOG.debug("Encrypting volume $s", volume.name)
++ with RBDVolumeProxy(self, volume.name) as vol:
++ vol.encryption_format(
++ 0,
++ passphrase,
++ RBD_ENCRYPTION_ALG[cipher_spec['cipher_alg']]
++ )
++
+ def _clone(self,
+ volume: Volume,
+ src_pool: str,
+@@ -1873,6 +1894,37 @@ class RBDDriver(driver.CloneableImageVD, driver.MigrateVD,
+ image_location: Optional[list],
+ image_meta: dict,
+ image_service) -> tuple[dict, bool]:
++ return self._clone_image(context, volume, image_location,
++ image_meta, image_service)
++
++ def clone_image_and_encrypt(
++ self,
++ context: context.RequestContext,
++ volume: Volume,
++ image_location: Optional[list],
++ image_meta: dict,
++ image_service
++ ) -> tuple[dict, bool]:
++
++ # Note(ricolin): method `encryption_format` added after Ceph Pacific
++ # release (>=16.1.0).
++ if self.rbd and hasattr(
++ self.rbd.Image, 'encryption_format') and callable(
++ self.rbd.Image.encryption_format):
++ return self._clone_image(
++ context, volume, image_location,
++ image_meta, image_service, is_encrypt=True)
++ else:
++ return {}, False
++
++ def _clone_image(self,
++ context: context.RequestContext,
++ volume: Volume,
++ image_location: Optional[list],
++ image_meta: dict,
++ image_service,
++ is_encrypt: Optional[bool] = False
++ ) -> tuple[dict, bool]:
+ if image_location:
+ # Note: image_location[0] is glance image direct_url.
+ # image_location[1] contains the list of all locations (including
+@@ -1890,12 +1942,41 @@ class RBDDriver(driver.CloneableImageVD, driver.MigrateVD,
+ url_location, image_meta):
+ _prefix, pool, image, snapshot = \
+ self._parse_location(url_location)
++ if is_encrypt:
++ passphrase, cipher_spec = self._fetch_encryption_info(
++ context, volume)
++ if cipher_spec['cipher_alg'] not in RBD_ENCRYPTION_ALG:
++ LOG.debug(
++ "Skip clone. Cipher spec: %s not supported "
++ "for encrypt volume directly from RBD.",
++ cipher_spec)
++ return ({}, False)
+ volume_update = self._clone(volume, pool, image, snapshot)
++ if is_encrypt:
++ self._flatten(self.configuration.rbd_pool, volume.name)
++ self._encrypt_volume(
++ context, volume, passphrase, cipher_spec)
+ volume_update['provider_location'] = None
+ self._resize(volume)
+ return volume_update, True
+ return ({}, False)
+
++ def _fetch_encryption_info(self,
++ context: context.RequestContext,
++ volume: Volume) -> tuple[str, dict]:
++ encryption = volume_utils.check_encryption_provider(
++ volume,
++ context)
++ # Fetch the key associated with the volume and decode the passphrase
++ keymgr = key_manager.API(CONF)
++ key = keymgr.get(context, encryption['encryption_key_id'])
++ passphrase = binascii.hexlify(key.get_encoded()).decode('utf-8')
++
++ # Decode the dm-crypt style cipher spec into something qemu-img can use
++ cipher_spec = image_utils.decode_cipher(encryption['cipher'],
++ encryption['key_size'])
++ return passphrase, cipher_spec
++
+ def copy_image_to_encrypted_volume(self,
+ context: context.RequestContext,
+ volume: Volume,
+@@ -1920,18 +2001,8 @@ class RBDDriver(driver.CloneableImageVD, driver.MigrateVD,
+ volume: Volume,
+ tmp_dir: str,
+ src_image_path: Any) -> None:
+- encryption = volume_utils.check_encryption_provider(
+- volume,
+- context)
+-
+- # Fetch the key associated with the volume and decode the passphrase
+- keymgr = key_manager.API(CONF)
+- key = keymgr.get(context, encryption['encryption_key_id'])
+- passphrase = binascii.hexlify(key.get_encoded()).decode('utf-8')
+-
+- # Decode the dm-crypt style cipher spec into something qemu-img can use
+- cipher_spec = image_utils.decode_cipher(encryption['cipher'],
+- encryption['key_size'])
++ passphrase, cipher_spec = self._fetch_encryption_info(
++ context, volume)
+
+ tmp_dir = volume_utils.image_conversion_dir()
+
+diff --git a/cinder/volume/flows/manager/create_volume.py b/cinder/volume/flows/manager/create_volume.py
+index 549a49b00..8ea4c0fe1 100644
+--- a/cinder/volume/flows/manager/create_volume.py
++++ b/cinder/volume/flows/manager/create_volume.py
+@@ -1086,11 +1086,6 @@ class CreateVolumeFromSpecTask(flow_utils.CinderTask):
+ # NOTE (singn): two params need to be returned
+ # dict containing provider_location for cloned volume
+ # and clone status.
+- # NOTE (lixiaoy1): Currently all images are raw data, we can't
+- # use clone_image to copy data if new volume is encrypted
+- # NOTE (ricolin): If the image provided an encryption key, we have
+- # already cloned it to the volume's key in
+- # _get_encryption_key_id, so we can do a direct clone.
+ image_encryption_key = image_meta.get('cinder_encryption_key_id')
+ volume_is_encrypted = volume.encryption_key_id is not None
+ cloned = False
+@@ -1102,6 +1097,9 @@ class CreateVolumeFromSpecTask(flow_utils.CinderTask):
+ image_location,
+ image_meta,
+ image_service)
++ else:
++ model_update, cloned = self.driver.clone_image_and_encrypt(
++ context, volume, image_location, image_meta, image_service)
+
+ # Try and clone the image if we have it set as a glance location.
+ if not cloned and 'cinder' in CONF.allowed_direct_url_schemes:
+diff --git a/releasenotes/notes/allow-clone-image-for-encrypted-volume-de477647e9016b8b.yaml b/releasenotes/notes/allow-clone-image-for-encrypted-volume-de477647e9016b8b.yaml
+new file mode 100644
+index 000000000..63d1f38cd
+--- /dev/null
++++ b/releasenotes/notes/allow-clone-image-for-encrypted-volume-de477647e9016b8b.yaml
+@@ -0,0 +1,21 @@
++---
++features:
++ - |
++ Allow clone image when creating encrypted volume from Glance image if both
++ stored in RBD.
++ Previously, Glance image clone is not supported for encrypted volume
++ creation. The old process is to download image to local disk, encrypt the
++ local file, and import it back to RBD. This not just slow, but also
++ protentially take large amount of local disk space from hosts that runs
++ Cinder volume service.
++ The new process is to try and clone from Glance image (if it's also stored
++ in RBD), flatten it, and encrypting new image in RBD for volume. And If
++ Glance image source is not clonable, will continue with copy-and-import
++ method as previous flow.
++ In above flow, If clone from Glance image is appliable. Even it still
++ requires to clone and flatten RBD image might took some time, but should
++ still be a lot faster than copy-and-import. And also no local disk will
++ be used to store raw image in this case.
++ This also introduced driver method `clone_image_and_encrypt` for drivers
++ that seperate the clone process from non-encrypted volume so the create
++ flow won't be affected.
+--
+2.34.1
diff --git a/images/cloud-archive-base/Earthfile b/images/cloud-archive-base/Earthfile
deleted file mode 100644
index 473d5d8..0000000
--- a/images/cloud-archive-base/Earthfile
+++ /dev/null
@@ -1,23 +0,0 @@
-VERSION 0.7
-
-image:
- FROM ../base+image
- DO ../+APT_INSTALL --PACKAGES "ca-certificates libpython3.10 lsb-release python3-distutils sudo ubuntu-cloud-keyring"
- ARG RELEASE
- IF [ "$(lsb_release -sc)" = "jammy" ]
- IF [ "${RELEASE}" = "yoga" ]
- # NOTE: Yoga shipped with 22.04, so no need to add an extra repository.
- RUN echo "" > /etc/apt/sources.list.d/cloudarchive.list
- ELSE IF [ "${RELEASE}" = "zed" ]
- RUN echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu $(lsb_release -sc)-updates/${RELEASE} main" > /etc/apt/sources.list.d/cloudarchive.list
- ELSE IF [ "${RELEASE}" = "2023.1" ]
- RUN echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu $(lsb_release -sc)-updates/antelope main" > /etc/apt/sources.list.d/cloudarchive.list
- ELSE IF [ "${RELEASE}" = "2023.2" ]
- RUN echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu $(lsb_release -sc)-updates/bobcat main" > /etc/apt/sources.list.d/cloudarchive.list
- ELSE IF [ "${RELEASE}" = "master" ]
- RUN echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu $(lsb_release -sc)-updates/caracal main" > /etc/apt/sources.list.d/cloudarchive.list
- ELSE
- RUN echo "${RELEASE} is not supported on $(lsb_release -sc)"
- RUN exit 1
- END
- END
diff --git a/images/cluster-api-provider-openstack/Dockerfile b/images/cluster-api-provider-openstack/Dockerfile
new file mode 100644
index 0000000..aa05489
--- /dev/null
+++ b/images/cluster-api-provider-openstack/Dockerfile
@@ -0,0 +1,32 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+FROM alpine/git:2.43.0 AS src
+ARG CAPO_VERSION=v0.9.0
+ADD https://github.com/kubernetes-sigs/cluster-api-provider-openstack.git#${CAPO_VERSION} /src
+WORKDIR /src
+COPY /patches /patches
+RUN git apply /patches/*.patch
+
+FROM golang:1.20 AS builder
+COPY --from=src --link /src /src
+WORKDIR /src
+ARG ARCH
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=${ARCH} \
+ go build -ldflags "-extldflags '-static'" -o manager ${package}
+
+FROM gcr.io/distroless/static:nonroot
+COPY --from=builder /src/manager /manager
+USER 65532
+ENTRYPOINT ["/manager"]
diff --git a/images/cluster-api-provider-openstack/Earthfile b/images/cluster-api-provider-openstack/Earthfile
deleted file mode 100644
index 111f465..0000000
--- a/images/cluster-api-provider-openstack/Earthfile
+++ /dev/null
@@ -1,18 +0,0 @@
-VERSION 0.7
-
-ARG --global CAPO_VERSION=v0.8.0
-ARG --global EPOCH=2
-
-clone:
- FROM ../builder+image
- GIT CLONE --branch ${CAPO_VERSION} https://github.com/kubernetes-sigs/cluster-api-provider-openstack /workspace/src
- WORKDIR /workspace/src
- COPY patches /workspace/patches
- RUN git apply --verbose /workspace/patches/*.patch
- SAVE ARTIFACT /workspace/src
-
-image:
- FROM DOCKERFILE -f +clone/src/Dockerfile +clone/src/*
- LABEL org.opencontainers.image.source=https://github.com/vexxhost/atmosphere
- ARG REGISTRY=ghcr.io/vexxhost/atmosphere
- SAVE IMAGE --push ${REGISTRY}/capi-openstack-controller:${CAPO_VERSION}-${EPOCH}
diff --git a/images/cluster-api-provider-openstack/patches/0001-chore-bump-k8s-api-for-cve.patch b/images/cluster-api-provider-openstack/patches/0001-chore-bump-k8s-api-for-cve.patch
index 2812ac5..cd99927 100644
--- a/images/cluster-api-provider-openstack/patches/0001-chore-bump-k8s-api-for-cve.patch
+++ b/images/cluster-api-provider-openstack/patches/0001-chore-bump-k8s-api-for-cve.patch
@@ -1,158 +1,89 @@
-From 139a57e7b0d4c57033e281b061e459039a5e21d3 Mon Sep 17 00:00:00 2001
+From eed5b5cc2a6cf48c0c9e0245695d0ac143150186 Mon Sep 17 00:00:00 2001
From: Mohammed Naser <mnaser@vexxhost.com>
-Date: Mon, 22 Jan 2024 16:22:52 -0500
-Subject: [PATCH 2/2] chore: bump k8s api for cve
+Date: Tue, 12 Mar 2024 18:18:25 -0400
+Subject: [PATCH] chore: bump k8s api for cve
---
- go.mod | 17 +++++++++--------
- go.sum | 36 +++++++++++++++++++-----------------
- 2 files changed, 28 insertions(+), 25 deletions(-)
+ go.mod | 8 ++++----
+ go.sum | 16 ++++++++--------
+ 2 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/go.mod b/go.mod
-index db4a954a..49d2f7cf 100644
+index 997f8354..d6c300cc 100644
--- a/go.mod
+++ b/go.mod
-@@ -15,8 +15,8 @@ require (
- github.com/onsi/gomega v1.27.8
- github.com/prometheus/client_golang v1.16.0
+@@ -15,7 +15,7 @@ require (
+ github.com/onsi/gomega v1.30.0
+ github.com/prometheus/client_golang v1.17.0
github.com/spf13/pflag v1.0.5
-- golang.org/x/crypto v0.11.0
-- golang.org/x/text v0.11.0
-+ golang.org/x/crypto v0.14.0
-+ golang.org/x/text v0.13.0
+- golang.org/x/crypto v0.15.0
++ golang.org/x/crypto v0.17.0
+ golang.org/x/text v0.14.0
gopkg.in/ini.v1 v1.67.0
- k8s.io/api v0.27.2
- k8s.io/apiextensions-apiserver v0.27.2
+ k8s.io/api v0.28.4
@@ -24,7 +24,7 @@ require (
- k8s.io/client-go v0.27.2
- k8s.io/component-base v0.27.2
- k8s.io/klog/v2 v2.90.1
-- k8s.io/kubernetes v1.27.2
-+ k8s.io/kubernetes v1.27.8
- k8s.io/utils v0.0.0-20230313181309-38a27ef9d749
- sigs.k8s.io/cluster-api v1.5.1
- sigs.k8s.io/cluster-api/test v1.5.1
-@@ -113,15 +113,16 @@ require (
- go.uber.org/multierr v1.11.0 // indirect
- go.uber.org/zap v1.24.0 // indirect
- golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect
-- golang.org/x/net v0.13.0 // indirect
-+ golang.org/x/net v0.17.0 // indirect
- golang.org/x/oauth2 v0.10.0 // indirect
-- golang.org/x/sys v0.10.0 // indirect
-- golang.org/x/term v0.10.0 // indirect
-+ golang.org/x/sys v0.13.0 // indirect
-+ golang.org/x/term v0.13.0 // indirect
+ k8s.io/client-go v0.28.4
+ k8s.io/component-base v0.28.4
+ k8s.io/klog/v2 v2.100.1
+- k8s.io/kubernetes v1.28.3
++ k8s.io/kubernetes v1.28.4
+ k8s.io/utils v0.0.0-20230406110748-d93618cff8a2
+ sigs.k8s.io/cluster-api v1.6.0
+ sigs.k8s.io/cluster-api/test v1.6.0
+@@ -139,8 +139,8 @@ require (
+ golang.org/x/net v0.18.0 // indirect
+ golang.org/x/oauth2 v0.14.0 // indirect
+ golang.org/x/sync v0.4.0 // indirect
+- golang.org/x/sys v0.14.0 // indirect
+- golang.org/x/term v0.14.0 // indirect
++ golang.org/x/sys v0.15.0 // indirect
++ golang.org/x/term v0.15.0 // indirect
golang.org/x/time v0.3.0 // indirect
-- golang.org/x/tools v0.9.3 // indirect
-+ golang.org/x/tools v0.12.0 // indirect
- gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect
- google.golang.org/appengine v1.6.7 // indirect
-- google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
-+ google.golang.org/genproto/googleapis/api v0.0.0-20230525234020-1aefcd67740a // indirect
-+ google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19 // indirect
- google.golang.org/protobuf v1.31.0 // indirect
- gopkg.in/inf.v0 v0.9.1 // indirect
- gopkg.in/yaml.v2 v2.4.0 // indirect
+ golang.org/x/tools v0.14.0 // indirect
+ gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
diff --git a/go.sum b/go.sum
-index 66bd8109..f18ece49 100644
+index e3d46fdc..f5767735 100644
--- a/go.sum
+++ b/go.sum
-@@ -516,8 +516,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y
+@@ -460,8 +460,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y
golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
--golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA=
--golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio=
-+golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
-+golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
+-golang.org/x/crypto v0.15.0 h1:frVn1TEaCEaZcn3Tmd7Y2b5KKPaZ+I32Q2OA3kYp5TA=
+-golang.org/x/crypto v0.15.0/go.mod h1:4ChreQoLWfG3xLDer1WdlH5NdlQ3+mwnQq1YTKY+72g=
++golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
++golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
-@@ -555,7 +555,7 @@ golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
- golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
- golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
- golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
--golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk=
-+golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc=
- golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
- golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
- golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-@@ -596,8 +596,8 @@ golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qx
- golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
- golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
- golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
--golang.org/x/net v0.13.0 h1:Nvo8UFsZ8X3BhAC9699Z1j7XQ3rsZnUUm7jfBEk1ueY=
--golang.org/x/net v0.13.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
-+golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
-+golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
- golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
- golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
- golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-@@ -673,13 +673,13 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc
- golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+@@ -609,13 +609,13 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
--golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA=
--golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-+golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
-+golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+-golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q=
+-golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
++golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
++golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
--golang.org/x/term v0.10.0 h1:3R7pNqamzBraeqj/Tj8qt1aQ2HpmlC+Cx/qL/7hn4/c=
--golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o=
-+golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek=
-+golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
+-golang.org/x/term v0.14.0 h1:LGK9IlZ8T9jvdy6cTdfKUCltatMFOehAQo9SRC46UQ8=
+-golang.org/x/term v0.14.0/go.mod h1:TySc+nGkYR6qt8km8wUhuFRTVSMIX3XPR58y2lC8vww=
++golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4=
++golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-@@ -690,8 +690,8 @@ golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
- golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
- golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
- golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
--golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4=
--golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
-+golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
-+golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
- golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
- golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
- golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-@@ -752,8 +752,8 @@ golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
- golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
- golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
- golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
--golang.org/x/tools v0.9.3 h1:Gn1I8+64MsuTb/HpH+LmQtNas23LhUVr3rYZ0eKuaMM=
--golang.org/x/tools v0.9.3/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc=
-+golang.org/x/tools v0.12.0 h1:YW6HUoUmYBpwSgyaGaZq1fHjrBjX1rlpZ54T6mu2kss=
-+golang.org/x/tools v0.12.0/go.mod h1:Sc0INKfu04TlqNoRA1hgpFZbhYXHPr4V5DzpSBTPqQM=
- golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
- golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
- golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-@@ -825,8 +825,10 @@ google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6D
- google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
- google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
- google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
--google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A=
--google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU=
-+google.golang.org/genproto/googleapis/api v0.0.0-20230525234020-1aefcd67740a h1:HiYVD+FGJkTo+9zj1gqz0anapsa1JxjiSrN+BJKyUmE=
-+google.golang.org/genproto/googleapis/api v0.0.0-20230525234020-1aefcd67740a/go.mod h1:ts19tUU+Z0ZShN1y3aPyq2+O3d5FUNNgT6FtOzmrNn8=
-+google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19 h1:0nDDozoAU19Qb2HwhXadU8OcsiO/09cnTqhUtq2MEOM=
-+google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA=
- google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
- google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
- google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
-@@ -914,8 +916,8 @@ k8s.io/klog/v2 v2.90.1 h1:m4bYOKall2MmOiRaR1J+We67Do7vm9KiQVlT96lnHUw=
- k8s.io/klog/v2 v2.90.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
- k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5FJ2kxm1WrQFanWchyKuqGg=
- k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3ebc/QwanvYwhuMWF6yz2F8uwW8eg=
--k8s.io/kubernetes v1.27.2 h1:g4v9oY6u7vBUDEuq4FvC50Bbw2K7GZuvM00IIESWVf4=
--k8s.io/kubernetes v1.27.2/go.mod h1:U8ZXeKBAPxeb4J4/HOaxjw1A9K6WfSH+fY2SS7CR6IM=
-+k8s.io/kubernetes v1.27.8 h1:K848lTo/D0jvrxUlTvw4nNADixbhXLHgKNDP/KlFGy8=
-+k8s.io/kubernetes v1.27.8/go.mod h1:PUXXrx0IhAi+kI9BMDqNJHUnLndVv9W0DkriqyjuJOs=
- k8s.io/utils v0.0.0-20230313181309-38a27ef9d749 h1:xMMXJlJbsU8w3V5N2FLDQ8YgU8s1EoULdbQBcAeNJkY=
- k8s.io/utils v0.0.0-20230313181309-38a27ef9d749/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+@@ -841,8 +841,8 @@ k8s.io/kms v0.28.4 h1:PMgY/3CQTWP9eIKmNQiTgjLIZ0ns6O+voagzD2/4mSg=
+ k8s.io/kms v0.28.4/go.mod h1:HL4/lR/bhjAJPbqycKtfhWiKh1Sp21cpHOL8P4oo87w=
+ k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 h1:LyMgNKD2P8Wn1iAwQU5OhxCKlKJy0sHc+PcDwFB24dQ=
+ k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9/go.mod h1:wZK2AVp1uHCp4VamDVgBP2COHZjqD1T68Rf0CM3YjSM=
+-k8s.io/kubernetes v1.28.3 h1:XTci6gzk+JR51UZuZQCFJ4CsyUkfivSjLI4O1P9z6LY=
+-k8s.io/kubernetes v1.28.3/go.mod h1:NhAysZWvHtNcJFFHic87ofxQN7loylCQwg3ZvXVDbag=
++k8s.io/kubernetes v1.28.4 h1:aRNxs5jb8FVTtlnxeA4FSDBVKuFwA8Gw40/U2zReBYA=
++k8s.io/kubernetes v1.28.4/go.mod h1:BTzDCKYAlu6LL9ITbfjwgwIrJ30hlTgbv0eXDoA/WoA=
+ k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 h1:qY1Ad8PODbnymg2pRbkyMT/ylpTrCM8P2RJ0yroCyIk=
+ k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
--
2.43.0
-
diff --git a/images/curl/Earthfile b/images/curl/Earthfile
deleted file mode 100644
index 06d3d8e..0000000
--- a/images/curl/Earthfile
+++ /dev/null
@@ -1,5 +0,0 @@
-VERSION 0.7
-
-image:
- FROM curlimages/curl:7.78.0
- WORKDIR /tmp
diff --git a/images/designate/Dockerfile b/images/designate/Dockerfile
new file mode 100644
index 0000000..c5430ad
--- /dev/null
+++ b/images/designate/Dockerfile
@@ -0,0 +1,33 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+FROM registry.atmosphere.dev/library/openstack-venv-builder:main AS build
+ARG DESIGNATE_GIT_REF=097ffc6df181290eba1bcd7c492b1b505bc15434
+ADD --keep-git-dir=true https://opendev.org/openstack/designate.git#${DESIGNATE_GIT_REF} /src/designate
+RUN git -C /src/designate fetch --unshallow
+RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private <<EOF bash -xe
+pip3 install \
+ --constraint /upper-constraints.txt \
+ /src/designate
+EOF
+
+FROM registry.atmosphere.dev/library/openstack-python-runtime:main
+RUN <<EOF bash -xe
+apt-get update -qq
+apt-get install -qq -y --no-install-recommends \
+ bind9utils
+apt-get clean
+rm -rf /var/lib/apt/lists/*
+EOF
+COPY --from=build --link /var/lib/openstack /var/lib/openstack
diff --git a/images/designate/Earthfile b/images/designate/Earthfile
deleted file mode 100644
index 65e5af8..0000000
--- a/images/designate/Earthfile
+++ /dev/null
@@ -1,21 +0,0 @@
-VERSION 0.7
-
-ARG --global PROJECT=designate
-ARG --global RELEASE=2023.2
-ARG --global PROJECT_REF=2c817b3d7f01de44023f195c6e8de8853683a54a
-
-build:
- FROM ../openstack-service+builder --RELEASE=${RELEASE}
- DO ../openstack-service+BUILD_VENV \
- --PROJECT=${PROJECT} \
- --PROJECT_REF=${PROJECT_REF}
-
-image:
- FROM ../openstack-service+image --RELEASE ${RELEASE} --PROJECT ${PROJECT}
- COPY +build/venv /var/lib/openstack
- DO ../+APT_INSTALL \
- --PACKAGES "bind9utils"
- ARG REGISTRY=ghcr.io/vexxhost/atmosphere
- SAVE IMAGE --push \
- ${REGISTRY}/${PROJECT}:${RELEASE} \
- ${REGISTRY}/${PROJECT}:${PROJECT_REF}
diff --git a/images/glance/Dockerfile b/images/glance/Dockerfile
new file mode 100644
index 0000000..f408dfc
--- /dev/null
+++ b/images/glance/Dockerfile
@@ -0,0 +1,37 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+FROM registry.atmosphere.dev/library/openstack-venv-builder:main AS build
+ARG GLANCE_GIT_REF=0bcd6cd71c09917c6734421374fd598d73e8d0cc
+ADD --keep-git-dir=true https://opendev.org/openstack/glance.git#${GLANCE_GIT_REF} /src/glance
+RUN git -C /src/glance fetch --unshallow
+ADD --keep-git-dir=true https://opendev.org/openstack/glance_store.git#master /src/glance_store
+RUN git -C /src/glance_store fetch --unshallow
+RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private <<EOF bash -xe
+pip3 install \
+ --constraint /upper-constraints.txt \
+ /src/glance \
+ /src/glance_store[cinder]
+EOF
+
+FROM registry.atmosphere.dev/library/openstack-python-runtime:main
+RUN <<EOF bash -xe
+apt-get update -qq
+apt-get install -qq -y --no-install-recommends \
+ ceph-common lsscsi nvme-cli python3-rados python3-rbd qemu-utils sysfsutils udev util-linux
+apt-get clean
+rm -rf /var/lib/apt/lists/*
+EOF
+ADD --chmod=755 https://dl.k8s.io/release/v1.29.3/bin/linux/amd64/kubectl /usr/local/bin/kubectl
+COPY --from=build --link /var/lib/openstack /var/lib/openstack
diff --git a/images/glance/Earthfile b/images/glance/Earthfile
deleted file mode 100644
index 2646670..0000000
--- a/images/glance/Earthfile
+++ /dev/null
@@ -1,32 +0,0 @@
-VERSION 0.7
-
-ARG --global PROJECT=glance
-ARG --global RELEASE=2023.2
-ARG --global PROJECT_REF=9a4a3067b5c7c7f8ee9363bd939a3d86b260d660
-
-build.plugin:
- ARG PLUGIN
- FROM ../openstack-service+builder --RELEASE=${RELEASE}
- DO ../openstack-service+GIT_CHECKOUT \
- --PROJECT=${PLUGIN} \
- --PROJECT_REF=stable/${RELEASE}
- SAVE ARTIFACT /src
-
-build:
- FROM ../openstack-service+builder --RELEASE=${RELEASE}
- COPY (+build.plugin/src --PLUGIN=glance_store) /glance_store
- DO ../openstack-service+BUILD_VENV \
- --PROJECT=${PROJECT} \
- --PROJECT_REF=${PROJECT_REF} \
- --PIP_PACKAGES="/glance_store[cinder]"
-
-image:
- FROM ../openstack-service+image --RELEASE ${RELEASE} --PROJECT ${PROJECT}
- COPY +build/venv /var/lib/openstack
- COPY ../kubernetes+image/kubectl /usr/local/bin/kubectl
- DO ../+APT_INSTALL \
- --PACKAGES "ceph-common lsscsi nvme-cli python3-rados python3-rbd qemu-utils sysfsutils udev util-linux"
- ARG REGISTRY=ghcr.io/vexxhost/atmosphere
- SAVE IMAGE --push \
- ${REGISTRY}/${PROJECT}:${RELEASE} \
- ${REGISTRY}/${PROJECT}:${PROJECT_REF}
diff --git a/images/glance/patches/glance_store/0000-rbd-compute-appropriate-resize-amount-before-resizin.patch b/images/glance/patches/glance_store/0000-rbd-compute-appropriate-resize-amount-before-resizin.patch
deleted file mode 100644
index 3f482cb..0000000
--- a/images/glance/patches/glance_store/0000-rbd-compute-appropriate-resize-amount-before-resizin.patch
+++ /dev/null
@@ -1,145 +0,0 @@
-From fa43561078bbee531ccc8acf2e185b3fc6d98b2a Mon Sep 17 00:00:00 2001
-From: Andrew Bogott <abogott@wikimedia.org>
-Date: Thu, 8 Jun 2023 07:54:16 -0500
-Subject: [PATCH] rbd: compute appropriate resize amount before resizing image
-
-Resolves a bug introduced in
-
-https://opendev.org/openstack/glance_store/commit/c43f19e8456b9e20f03709773fb2ffdb94807a0a
-
-This issue is only in evidence when glance is behind a proxy where the
-client buffer size can be lower (for haproxy: bufsize = 16384) which
-can cause unaligned reads
-
-(https://github.com/openstack/glance/blob/master/glance/common/wsgi.py#L1028).
-
-The response length can be bigger than the store_chunk_size for the
-first time, so at the end the RBD write will fail because it wants
-to write more data than the actual RBD image size after the first
-resize.
-
-Thanks to Robert Varjasi for investigating this issue!
-
-Fixes-Bug: 1916482
-Change-Id: Ie03693c2cb8b096978fb156231c3b1cab695470f
----
- glance_store/_drivers/rbd.py | 6 ++--
- glance_store/tests/unit/test_rbd_store.py | 38 ++++++++++++++---------
- 2 files changed, 26 insertions(+), 18 deletions(-)
-
-diff --git a/glance_store/_drivers/rbd.py b/glance_store/_drivers/rbd.py
-index ba2defa..e53baef 100644
---- a/glance_store/_drivers/rbd.py
-+++ b/glance_store/_drivers/rbd.py
-@@ -535,12 +535,12 @@ class Store(driver.Store):
- """Handle the rbd resize when needed."""
- if image_size != 0 or self.size >= bytes_written + chunk_length:
- return self.size
-- new_size = self.size + self.resize_amount
-- LOG.debug("resizing image to %s KiB" % (new_size / units.Ki))
-- image.resize(new_size)
- # Note(jokke): We double how much we grow the image each time
- # up to 8gigs to avoid resizing for each write on bigger images
- self.resize_amount = min(self.resize_amount * 2, 8 * units.Gi)
-+ new_size = self.size + self.resize_amount
-+ LOG.debug("resizing image to %s KiB" % (new_size / units.Ki))
-+ image.resize(new_size)
- return new_size
-
- @driver.back_compat_add
-diff --git a/glance_store/tests/unit/test_rbd_store.py b/glance_store/tests/unit/test_rbd_store.py
-index 4f24c26..fb6522a 100644
---- a/glance_store/tests/unit/test_rbd_store.py
-+++ b/glance_store/tests/unit/test_rbd_store.py
-@@ -213,10 +213,10 @@ class TestReSize(base.StoreBaseTest,
- data_len_temp = data_len
- resize_amount = self.store.WRITE_CHUNKSIZE
- while data_len_temp > 0:
-+ resize_amount *= 2
- expected_calls.append(resize_amount + (data_len -
- data_len_temp))
- data_len_temp -= resize_amount
-- resize_amount *= 2
- expected += 1
- self.assertEqual(expected, resize.call_count)
- resize.assert_has_calls([mock.call(call) for call in
-@@ -244,7 +244,7 @@ class TestReSize(base.StoreBaseTest,
- # Current size is smaller than we need
- self.store.size = 8
- ret = self.store._resize_on_write(image, 0, 16, 16)
-- self.assertEqual(8 + self.store.WRITE_CHUNKSIZE, ret)
-+ self.assertEqual(8 + self.store.WRITE_CHUNKSIZE * 2, ret)
- self.assertEqual(self.store.WRITE_CHUNKSIZE * 2,
- self.store.resize_amount)
- image.resize.assert_called_once_with(ret)
-@@ -253,47 +253,55 @@ class TestReSize(base.StoreBaseTest,
- image.resize.reset_mock()
- self.store.size = ret
- ret = self.store._resize_on_write(image, 0, 64, 16)
-- self.assertEqual(8 + self.store.WRITE_CHUNKSIZE, ret)
-+ self.assertEqual(8 + self.store.WRITE_CHUNKSIZE * 2, ret)
- image.resize.assert_not_called()
-
- # Read past the limit triggers another resize
- ret = self.store._resize_on_write(image, 0, ret + 1, 16)
-- self.assertEqual(8 + self.store.WRITE_CHUNKSIZE * 3, ret)
-+ self.assertEqual(8 + self.store.WRITE_CHUNKSIZE * 6, ret)
- image.resize.assert_called_once_with(ret)
- self.assertEqual(self.store.WRITE_CHUNKSIZE * 4,
- self.store.resize_amount)
-
- # Check that we do not resize past the 8G ceiling.
-
-- # Start with resize_amount at 4G, 1G read so far
-+ # Start with resize_amount at 2G, 1G read so far
- image.resize.reset_mock()
-- self.store.resize_amount = 4 * units.Gi
-+ self.store.resize_amount = 2 * units.Gi
- self.store.size = 1 * units.Gi
-
-- # First resize happens and we get the 4G,
-- # resize_amount goes to limit of 8G
-+ # First resize happens and we get to 5G,
-+ # resize_amount goes to limit of 4G
- ret = self.store._resize_on_write(image, 0, 4097 * units.Mi, 16)
-- self.assertEqual(5 * units.Gi, ret)
-- self.assertEqual(8 * units.Gi, self.store.resize_amount)
-+ self.assertEqual(4 * units.Gi, self.store.resize_amount)
-+ self.assertEqual((1 + 4) * units.Gi, ret)
- self.store.size = ret
-
-- # Second resize happens and we get to 13G,
-+ # Second resize happens and we stay at 13, no resize
- # resize amount stays at limit of 8G
- ret = self.store._resize_on_write(image, 0, 6144 * units.Mi, 16)
-- self.assertEqual((5 + 8) * units.Gi, ret)
- self.assertEqual(8 * units.Gi, self.store.resize_amount)
-+ self.assertEqual((1 + 4 + 8) * units.Gi, ret)
- self.store.size = ret
-
-- # Third resize happens and we get to 21G,
-+ # Third resize happens and we get to 21,
- # resize amount stays at limit of 8G
- ret = self.store._resize_on_write(image, 0, 14336 * units.Mi, 16)
-- self.assertEqual((5 + 8 + 8) * units.Gi, ret)
- self.assertEqual(8 * units.Gi, self.store.resize_amount)
-+ self.assertEqual((1 + 4 + 8 + 8) * units.Gi, ret)
-+ self.store.size = ret
-+
-+ # Fourth resize happens and we get to 29,
-+ # resize amount stays at limit of 8G
-+ ret = self.store._resize_on_write(image, 0, 22528 * units.Mi, 16)
-+ self.assertEqual(8 * units.Gi, self.store.resize_amount)
-+ self.assertEqual((1 + 4 + 8 + 8 + 8) * units.Gi, ret)
-
- image.resize.assert_has_calls([
- mock.call(5 * units.Gi),
- mock.call(13 * units.Gi),
-- mock.call(21 * units.Gi)])
-+ mock.call(21 * units.Gi),
-+ mock.call(29 * units.Gi)])
-
-
- class TestStore(base.StoreBaseTest,
---
-2.34.1
diff --git a/images/heat/Dockerfile b/images/heat/Dockerfile
new file mode 100644
index 0000000..d2f088c
--- /dev/null
+++ b/images/heat/Dockerfile
@@ -0,0 +1,33 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+FROM registry.atmosphere.dev/library/openstack-venv-builder:main AS build
+ARG HEAT_GIT_REF=80eea85194825773d1b60ecc4386b2d5ba52a066
+ADD --keep-git-dir=true https://opendev.org/openstack/heat.git#${HEAT_GIT_REF} /src/heat
+RUN git -C /src/heat fetch --unshallow
+RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private <<EOF bash -xe
+pip3 install \
+ --constraint /upper-constraints.txt \
+ /src/heat
+EOF
+
+FROM registry.atmosphere.dev/library/openstack-python-runtime:main
+RUN <<EOF bash -xe
+apt-get update -qq
+apt-get install -qq -y --no-install-recommends \
+ curl jq
+apt-get clean
+rm -rf /var/lib/apt/lists/*
+EOF
+COPY --from=build --link /var/lib/openstack /var/lib/openstack
diff --git a/images/heat/Earthfile b/images/heat/Earthfile
deleted file mode 100644
index 8c3ebcd..0000000
--- a/images/heat/Earthfile
+++ /dev/null
@@ -1,21 +0,0 @@
-VERSION 0.7
-
-ARG --global PROJECT=heat
-ARG --global RELEASE=2023.2
-ARG --global PROJECT_REF=d1363cc17646893054f9e8daf40de67699078e7c
-
-build:
- FROM ../openstack-service+builder --RELEASE=${RELEASE}
- DO ../openstack-service+BUILD_VENV \
- --PROJECT=${PROJECT} \
- --PROJECT_REF=${PROJECT_REF}
-
-image:
- FROM ../openstack-service+image --RELEASE ${RELEASE} --PROJECT ${PROJECT}
- COPY +build/venv /var/lib/openstack
- DO ../+APT_INSTALL \
- --PACKAGES "curl jq"
- ARG REGISTRY=ghcr.io/vexxhost/atmosphere
- SAVE IMAGE --push \
- ${REGISTRY}/${PROJECT}:${RELEASE} \
- ${REGISTRY}/${PROJECT}:${PROJECT_REF}
diff --git a/images/helm/Earthfile b/images/helm/Earthfile
deleted file mode 100644
index d0b5155..0000000
--- a/images/helm/Earthfile
+++ /dev/null
@@ -1,11 +0,0 @@
-VERSION 0.7
-
-binary:
- FROM ../curl+image
- ARG TARGETOS
- ARG TARGETARCH
- ARG VERSION=3.14.0
- RUN curl -LO https://get.helm.sh/helm-v3.14.0-${TARGETOS}-${TARGETARCH}.tar.gz
- RUN tar -zxvf /tmp/helm-v3.14.0-${TARGETOS}-${TARGETARCH}.tar.gz
- RUN ${TARGETOS}-${TARGETARCH}/helm version
- SAVE ARTIFACT ${TARGETOS}-${TARGETARCH}/helm
diff --git a/images/horizon/Dockerfile b/images/horizon/Dockerfile
new file mode 100644
index 0000000..2f80436
--- /dev/null
+++ b/images/horizon/Dockerfile
@@ -0,0 +1,60 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+FROM registry.atmosphere.dev/library/openstack-venv-builder:main AS build
+ARG HORIZON_GIT_REF=3f1f1d46e6e47a3dbe46fb023fe69ff25d6a601b
+ADD --keep-git-dir=true https://opendev.org/openstack/horizon.git#${HORIZON_GIT_REF} /src/horizon
+RUN git -C /src/horizon fetch --unshallow
+ADD --keep-git-dir=true https://opendev.org/openstack/designate-dashboard.git#master /src/designate-dashboard
+RUN git -C /src/designate-dashboard fetch --unshallow
+ADD --keep-git-dir=true https://opendev.org/openstack/heat-dashboard.git#master /src/heat-dashboard
+RUN git -C /src/heat-dashboard fetch --unshallow
+ADD --keep-git-dir=true https://opendev.org/openstack/ironic-ui.git#master /src/ironic-ui
+RUN git -C /src/ironic-ui fetch --unshallow
+ADD --keep-git-dir=true https://opendev.org/openstack/magnum-ui.git#master /src/magnum-ui
+RUN git -C /src/magnum-ui fetch --unshallow
+ADD --keep-git-dir=true https://opendev.org/openstack/manila-ui.git#master /src/manila-ui
+RUN git -C /src/manila-ui fetch --unshallow
+ADD --keep-git-dir=true https://opendev.org/openstack/neutron-vpnaas-dashboard.git#master /src/neutron-vpnaas-dashboard
+RUN git -C /src/neutron-vpnaas-dashboard fetch --unshallow
+ADD --keep-git-dir=true https://opendev.org/openstack/octavia-dashboard.git#master /src/octavia-dashboard
+RUN git -C /src/octavia-dashboard fetch --unshallow
+ADD --keep-git-dir=true https://opendev.org/openstack/senlin-dashboard.git#master /src/senlin-dashboard
+RUN git -C /src/senlin-dashboard fetch --unshallow
+COPY patches/magnum-ui /patches/magnum-ui
+RUN git -C /src/magnum-ui apply --verbose /patches/magnum-ui/*
+RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private <<EOF bash -xe
+pip3 install \
+ --constraint /upper-constraints.txt \
+ /src/designate-dashboard \
+ /src/heat-dashboard \
+ /src/horizon \
+ /src/ironic-ui \
+ /src/magnum-ui \
+ /src/manila-ui \
+ /src/neutron-vpnaas-dashboard \
+ /src/octavia-dashboard \
+ /src/senlin-dashboard \
+ pymemcache
+EOF
+
+FROM registry.atmosphere.dev/library/openstack-python-runtime:main
+RUN <<EOF bash -xe
+apt-get update -qq
+apt-get install -qq -y --no-install-recommends \
+ apache2 gettext libapache2-mod-wsgi-py3
+apt-get clean
+rm -rf /var/lib/apt/lists/*
+EOF
+COPY --from=build --link /var/lib/openstack /var/lib/openstack
diff --git a/images/horizon/Earthfile b/images/horizon/Earthfile
deleted file mode 100644
index 4a895ce..0000000
--- a/images/horizon/Earthfile
+++ /dev/null
@@ -1,38 +0,0 @@
-VERSION 0.7
-
-ARG --global PROJECT=horizon
-ARG --global RELEASE=2023.2
-ARG --global PROJECT_REF=4de36bb649c514f50d2a958c9277097a08b23cec
-
-build.plugin:
- ARG PLUGIN
- FROM ../openstack-service+builder --RELEASE=${RELEASE}
- DO ../openstack-service+GIT_CHECKOUT \
- --PROJECT=${PLUGIN} \
- --PROJECT_REF=stable/${RELEASE}
- SAVE ARTIFACT /src
-
-build:
- FROM ../openstack-service+builder --RELEASE=${RELEASE}
- COPY (+build.plugin/src --PLUGIN=designate-dashboard) /designate-dashboard
- COPY (+build.plugin/src --PLUGIN=heat-dashboard) /heat-dashboard
- COPY (+build.plugin/src --PLUGIN=ironic-ui) /ironic-ui
- COPY (+build.plugin/src --PLUGIN=magnum-ui) /magnum-ui
- COPY (+build.plugin/src --PLUGIN=manila-ui) /manila-ui
- COPY (+build.plugin/src --PLUGIN=neutron-vpnaas-dashboard) /neutron-vpnaas-dashboard
- COPY (+build.plugin/src --PLUGIN=octavia-dashboard) /octavia-dashboard
- COPY (+build.plugin/src --PLUGIN=senlin-dashboard) /senlin-dashboard
- DO ../openstack-service+BUILD_VENV \
- --PROJECT=${PROJECT} \
- --PROJECT_REF=${PROJECT_REF} \
- --PIP_PACKAGES "/designate-dashboard /heat-dashboard /ironic-ui /magnum-ui /neutron-vpnaas-dashboard /octavia-dashboard /senlin-dashboard /manila-ui"
-
-image:
- FROM ../openstack-service+image --RELEASE ${RELEASE} --PROJECT ${PROJECT}
- COPY +build/venv /var/lib/openstack
- DO ../+APT_INSTALL \
- --PACKAGES "apache2 gettext libapache2-mod-wsgi-py3"
- ARG REGISTRY=ghcr.io/vexxhost/atmosphere
- SAVE IMAGE --push \
- ${REGISTRY}/${PROJECT}:${RELEASE} \
- ${REGISTRY}/${PROJECT}:${PROJECT_REF}
diff --git a/images/horizon/patches/horizon/0000-fix-ignore-errors-when-flavors-are-deleted.patch b/images/horizon/patches/horizon/0000-fix-ignore-errors-when-flavors-are-deleted.patch
deleted file mode 100644
index 93fbfcd..0000000
--- a/images/horizon/patches/horizon/0000-fix-ignore-errors-when-flavors-are-deleted.patch
+++ /dev/null
@@ -1,108 +0,0 @@
-From aa21f4baa38fc70549b1c7341361519de6362d9b Mon Sep 17 00:00:00 2001
-From: okozachenko <okozachenko1203@gmail.com>
-Date: Thu, 2 Nov 2023 01:27:20 +1100
-Subject: [PATCH] fix: ignore errors when flavors are deleted
-
-The code used to list flavors when in the admin
-or project side was not consistent and raised
-alerts if viewing in the admin side but not in the
-project side.
-
-This patch moves their behaviour to be consistent
-and refactors the code to use the same code-base.
-
-Closes-Bug: #2042362
-Change-Id: I37cc02102285b1e83ec1343b710a57fb5ac4ba15
----
- .../dashboards/admin/instances/tests.py | 4 ----
- .../dashboards/admin/instances/views.py | 17 +++++------------
- .../dashboards/project/instances/tests.py | 1 +
- .../dashboards/project/instances/views.py | 11 +++--------
- 4 files changed, 9 insertions(+), 24 deletions(-)
-
-diff --git a/openstack_dashboard/dashboards/admin/instances/tests.py b/openstack_dashboard/dashboards/admin/instances/tests.py
-index 3630cb79a..c6cf65e5d 100644
---- a/openstack_dashboard/dashboards/admin/instances/tests.py
-+++ b/openstack_dashboard/dashboards/admin/instances/tests.py
-@@ -133,10 +133,6 @@ class InstanceViewTest(test.BaseAdminViewTests):
- res = self.client.get(INDEX_URL)
- instances = res.context['table'].data
- self.assertTemplateUsed(res, INDEX_TEMPLATE)
-- # Since error messages produced for each instance are identical,
-- # there will be only one error message for all instances
-- # (messages de-duplication).
-- self.assertMessageCount(res, error=1)
- self.assertCountEqual(instances, servers)
-
- self.assertEqual(self.mock_image_list_detailed.call_count, 4)
-diff --git a/openstack_dashboard/dashboards/admin/instances/views.py b/openstack_dashboard/dashboards/admin/instances/views.py
-index c35527fe4..efa28dd76 100644
---- a/openstack_dashboard/dashboards/admin/instances/views.py
-+++ b/openstack_dashboard/dashboards/admin/instances/views.py
-@@ -33,6 +33,8 @@ from openstack_dashboard.dashboards.admin.instances \
- from openstack_dashboard.dashboards.admin.instances \
- import tables as project_tables
- from openstack_dashboard.dashboards.admin.instances import tabs
-+from openstack_dashboard.dashboards.project.instances \
-+ import utils as instance_utils
- from openstack_dashboard.dashboards.project.instances import views
- from openstack_dashboard.dashboards.project.instances.workflows \
- import update_instance
-@@ -215,18 +217,9 @@ class AdminIndexView(tables.PagedTableMixin, tables.DataTableView):
- else:
- inst.image['name'] = _("-")
-
-- flavor_id = inst.flavor["id"]
-- try:
-- if flavor_id in flavor_dict:
-- inst.full_flavor = flavor_dict[flavor_id]
-- else:
-- # If the flavor_id is not in flavor_dict list,
-- # gets it via nova api.
-- inst.full_flavor = api.nova.flavor_get(
-- self.request, flavor_id)
-- except Exception:
-- msg = _('Unable to retrieve instance size information.')
-- exceptions.handle(self.request, msg)
-+ inst.full_flavor = instance_utils.resolve_flavor(self.request,
-+ inst, flavor_dict)
-+
- tenant = tenant_dict.get(inst.tenant_id, None)
- inst.tenant_name = getattr(tenant, "name", None)
- return instances
-diff --git a/openstack_dashboard/dashboards/project/instances/tests.py b/openstack_dashboard/dashboards/project/instances/tests.py
-index 5ab1b4a48..fe2f58c46 100644
---- a/openstack_dashboard/dashboards/project/instances/tests.py
-+++ b/openstack_dashboard/dashboards/project/instances/tests.py
-@@ -316,6 +316,7 @@ class InstanceTableTests(InstanceTestBase, InstanceTableTestMixin):
- self.mock_is_feature_available.return_value = True
- self.mock_server_list_paged.return_value = [servers, False, False]
- self.mock_servers_update_addresses.return_value = None
-+ self.mock_flavor_get.side_effect = self.exceptions.nova
- self.mock_flavor_list.side_effect = self.exceptions.nova
- self.mock_image_list_detailed.return_value = (self.images.list(),
- False, False)
-diff --git a/openstack_dashboard/dashboards/project/instances/views.py b/openstack_dashboard/dashboards/project/instances/views.py
-index badf540b8..b848f6fff 100644
---- a/openstack_dashboard/dashboards/project/instances/views.py
-+++ b/openstack_dashboard/dashboards/project/instances/views.py
-@@ -171,14 +171,9 @@ class IndexView(tables.PagedTableMixin, tables.DataTableView):
- for instance in instances:
- self._populate_image_info(instance, image_dict, volume_dict)
-
-- flavor_id = instance.flavor["id"]
-- if flavor_id in flavor_dict:
-- instance.full_flavor = flavor_dict[flavor_id]
-- else:
-- # If the flavor_id is not in flavor_dict,
-- # put info in the log file.
-- LOG.info('Unable to retrieve flavor "%s" for instance "%s".',
-- flavor_id, instance.id)
-+ instance.full_flavor = instance_utils.resolve_flavor(self.request,
-+ instance,
-+ flavor_dict)
-
- return instances
-
---
-2.34.1
diff --git a/images/horizon/patches/horizon/0001-Fixing-Incorrect-URL-when-browsing-Swift-containers.patch b/images/horizon/patches/horizon/0001-Fixing-Incorrect-URL-when-browsing-Swift-containers.patch
deleted file mode 100644
index 58eafd8..0000000
--- a/images/horizon/patches/horizon/0001-Fixing-Incorrect-URL-when-browsing-Swift-containers.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 4aa347fe196b7b18ff0bf5f4d4f076a6c14cf12e Mon Sep 17 00:00:00 2001
-From: jeremy-boyle <jeremyboylet@gmail.com>
-Date: Sat, 24 Jun 2023 16:59:11 +0000
-Subject: [PATCH] Fixing Incorrect URL when browsing Swift containers
-
-This patch fixes a bug identified in the code that generates the URL for
-the Swift container object. The bug caused the forward slashes (/) in the
-folder parameter to be encoded as %2F instead of being included as '/' in the
-resulting URL.
-
-To resolve this issue, the code has been updated by adding a replace() method
-to replace the %2F sequences with forward slashes. The updated code ensures
-that the URL generated for the folder parameter contains the correct forward
-slash (/) representation.
-
-Closes-Bug: #2009724
-Signed-off-by: jeremy-boyle <jeremyboylet@gmail.com>
-
-Change-Id: I5837e74ddcc71cda6b4686e586dbb8b1386a9cd3
----
- .../static/dashboard/project/containers/objects.controller.js | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/openstack_dashboard/dashboards/project/static/dashboard/project/containers/objects.controller.js b/openstack_dashboard/dashboards/project/static/dashboard/project/containers/objects.controller.js
-index 55262a1fa..c14128cbf 100644
---- a/openstack_dashboard/dashboards/project/static/dashboard/project/containers/objects.controller.js
-+++ b/openstack_dashboard/dashboards/project/static/dashboard/project/containers/objects.controller.js
-@@ -60,7 +60,8 @@
- ctrl.containerURL = containerRoute + encodeURIComponent($routeParams.container) +
- ctrl.model.DELIMETER;
- if (angular.isDefined($routeParams.folder)) {
-- ctrl.currentURL = ctrl.containerURL + encodeURIComponent($routeParams.folder) +
-+ ctrl.currentURL = ctrl.containerURL +
-+ encodeURIComponent($routeParams.folder).replace(/%2F/g, '/') +
- ctrl.model.DELIMETER;
- } else {
- ctrl.currentURL = ctrl.containerURL;
---
-2.34.1
diff --git a/images/ironic/Dockerfile b/images/ironic/Dockerfile
new file mode 100644
index 0000000..8361034
--- /dev/null
+++ b/images/ironic/Dockerfile
@@ -0,0 +1,35 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+FROM registry.atmosphere.dev/library/openstack-venv-builder:main AS build
+ARG IRONIC_GIT_REF=22aa29b864eecd00bfb7c67cc2075030da1eb1d0
+ADD --keep-git-dir=true https://opendev.org/openstack/ironic.git#${IRONIC_GIT_REF} /src/ironic
+RUN git -C /src/ironic fetch --unshallow
+RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private <<EOF bash -xe
+pip3 install \
+ --constraint /upper-constraints.txt \
+ /src/ironic \
+ python-dracclient \
+ sushy
+EOF
+
+FROM registry.atmosphere.dev/library/openstack-python-runtime:main
+RUN <<EOF bash -xe
+apt-get update -qq
+apt-get install -qq -y --no-install-recommends \
+ ethtool ipmitool iproute2 ipxe lshw qemu-utils tftpd-hpa
+apt-get clean
+rm -rf /var/lib/apt/lists/*
+EOF
+COPY --from=build --link /var/lib/openstack /var/lib/openstack
diff --git a/images/ironic/Earthfile b/images/ironic/Earthfile
deleted file mode 100644
index 0f775a4..0000000
--- a/images/ironic/Earthfile
+++ /dev/null
@@ -1,22 +0,0 @@
-VERSION 0.7
-
-ARG --global PROJECT=ironic
-ARG --global RELEASE=zed
-ARG --global PROJECT_REF=e38735cb95263b0c54f2fd719ff6b714efbddbb3
-
-build:
- FROM ../openstack-service+builder --RELEASE=${RELEASE}
- DO ../openstack-service+BUILD_VENV \
- --PROJECT=${PROJECT} \
- --PROJECT_REF=${PROJECT_REF} \
- --PIP_PACKAGES "python-dracclient sushy"
-
-image:
- FROM ../openstack-service+image --RELEASE ${RELEASE} --PROJECT ${PROJECT}
- COPY +build/venv /var/lib/openstack
- DO ../+APT_INSTALL \
- --PACKAGES "ethtool ipmitool iproute2 ipxe lshw qemu-utils tftpd-hpa"
- ARG REGISTRY=ghcr.io/vexxhost/atmosphere
- SAVE IMAGE --push \
- ${REGISTRY}/${PROJECT}:${RELEASE} \
- ${REGISTRY}/${PROJECT}:${PROJECT_REF}
diff --git a/images/keystone/Dockerfile b/images/keystone/Dockerfile
new file mode 100644
index 0000000..a589dca
--- /dev/null
+++ b/images/keystone/Dockerfile
@@ -0,0 +1,47 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+FROM registry.atmosphere.dev/library/openstack-venv-builder:main AS build
+ARG KEYSTONE_GIT_REF=8ca73f758bb613a57815fbe4ae78e3d2afa4af49
+ADD --keep-git-dir=true https://opendev.org/openstack/keystone.git#${KEYSTONE_GIT_REF} /src/keystone
+RUN git -C /src/keystone fetch --unshallow
+RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private <<EOF bash -xe
+pip3 install \
+ --constraint /upper-constraints.txt \
+ /src/keystone[ldap] \
+ keystone-keycloak-backend==0.1.8
+EOF
+
+FROM registry.atmosphere.dev/library/openstack-python-runtime:main
+RUN <<EOF bash -xe
+apt-get update -qq
+apt-get install -qq -y --no-install-recommends \
+ apache2 libapache2-mod-wsgi-py3
+apt-get clean
+rm -rf /var/lib/apt/lists/*
+EOF
+ARG MOD_AUTH_OPENIDC_VERSION=2.4.12.1
+ARG TARGETARCH
+RUN <<EOF bash -xe
+apt-get update -qq
+apt-get install -qq -y --no-install-recommends \
+ curl
+curl -LO https://github.com/OpenIDC/mod_auth_openidc/releases/download/v${MOD_AUTH_OPENIDC_VERSION}/libapache2-mod-auth-openidc_${MOD_AUTH_OPENIDC_VERSION}-1.$(lsb_release -sc)_${TARGETARCH}.deb
+apt-get install -y --no-install-recommends ./libapache2-mod-auth-openidc_${MOD_AUTH_OPENIDC_VERSION}-1.$(lsb_release -sc)_${TARGETARCH}.deb
+a2enmod auth_openidc
+apt-get purge -y --auto-remove curl
+apt-get clean
+rm -rfv /var/lib/apt/lists/* libapache2-mod-auth-openidc_${MOD_AUTH_OPENIDC_VERSION}-1.$(lsb_release -sc)_${TARGETARCH}.deb
+EOF
+COPY --from=build --link /var/lib/openstack /var/lib/openstack
diff --git a/images/keystone/Earthfile b/images/keystone/Earthfile
deleted file mode 100644
index 014401a..0000000
--- a/images/keystone/Earthfile
+++ /dev/null
@@ -1,34 +0,0 @@
-VERSION 0.7
-
-ARG --global RELEASE=2023.2
-ARG --global PROJECT=keystone
-ARG --global PROJECT_REF=5a55e9de15c7f390e43addc5f3ff1a4809ec1a5b
-
-build:
- FROM ../openstack-service+builder --RELEASE=${RELEASE}
- DO ../openstack-service+BUILD_VENV \
- --PROJECT=${PROJECT} \
- --PROJECT_REF=${PROJECT_REF} \
- --EXTRAS "[ldap]" \
- --PIP_PACKAGES "keystone-keycloak-backend==0.1.8"
-
-image:
- FROM ../openstack-service+image --RELEASE ${RELEASE} --PROJECT ${PROJECT}
- COPY +build/venv /var/lib/openstack
- DO ../+APT_INSTALL \
- --PACKAGES "apache2 libapache2-mod-wsgi-py3"
- ARG MOD_AUTH_OPENIDC_VERSION=2.4.12.1
- ARG TARGETARCH
- RUN \
- apt-get update && \
- apt-get install -y --no-install-recommends curl && \
- curl -LO https://github.com/OpenIDC/mod_auth_openidc/releases/download/v${MOD_AUTH_OPENIDC_VERSION}/libapache2-mod-auth-openidc_${MOD_AUTH_OPENIDC_VERSION}-1.$(lsb_release -sc)_${TARGETARCH}.deb && \
- apt-get install -y --no-install-recommends ./libapache2-mod-auth-openidc_${MOD_AUTH_OPENIDC_VERSION}-1.$(lsb_release -sc)_${TARGETARCH}.deb && \
- a2enmod auth_openidc && \
- apt-get purge -y --auto-remove curl && \
- apt-get clean && \
- rm -rfv /var/lib/apt/lists/* libapache2-mod-auth-openidc_${MOD_AUTH_OPENIDC_VERSION}-1.$(lsb_release -sc)_${TARGETARCH}.deb
- ARG REGISTRY=ghcr.io/vexxhost/atmosphere
- SAVE IMAGE --push \
- ${REGISTRY}/${PROJECT}:${RELEASE} \
- ${REGISTRY}/${PROJECT}:${PROJECT_REF}
diff --git a/images/keystone/patches/keystone/0000-Ensure-application-credentials-take-account-of-impli.patch b/images/keystone/patches/keystone/0000-Ensure-application-credentials-take-account-of-impli.patch
deleted file mode 100644
index 2d0841e..0000000
--- a/images/keystone/patches/keystone/0000-Ensure-application-credentials-take-account-of-impli.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 6ee7ea0d63fed272beb3806d722c2dd3585e8212 Mon Sep 17 00:00:00 2001
-From: Andrew Bonney <andrew.bonney@bbc.co.uk>
-Date: Tue, 5 Sep 2023 14:56:51 +0100
-Subject: [PATCH] Ensure application credentials take account of implied roles
-
-Related-Bug: #2030061
-Change-Id: I2aea0b89987b24cf5ddaadeecbd06c32ad81a9bc
----
- keystone/models/token_model.py | 13 +++++++++++--
- 1 file changed, 11 insertions(+), 2 deletions(-)
-
-diff --git a/keystone/models/token_model.py b/keystone/models/token_model.py
-index 78146295d..b152d97c2 100644
---- a/keystone/models/token_model.py
-+++ b/keystone/models/token_model.py
-@@ -429,7 +429,13 @@ class TokenModel(object):
-
- def _get_application_credential_roles(self):
- roles = []
-+ roles_added = list()
- app_cred_roles = self.application_credential['roles']
-+ app_cred_roles = [{'role_id': r['id']} for r in app_cred_roles]
-+ effective_app_cred_roles = (
-+ PROVIDERS.assignment_api.add_implied_roles(app_cred_roles)
-+ )
-+
- assignment_list = PROVIDERS.assignment_api.list_role_assignments(
- user_id=self.user_id,
- project_id=self.project_id,
-@@ -437,9 +443,12 @@ class TokenModel(object):
- effective=True)
- user_roles = list(set([x['role_id'] for x in assignment_list]))
-
-- for role in app_cred_roles:
-- if role['id'] in user_roles:
-+ for role in effective_app_cred_roles:
-+ if role['role_id'] in user_roles and \
-+ role['role_id'] not in roles_added:
-+ role = PROVIDERS.role_api.get_role(role['role_id'])
- roles.append({'id': role['id'], 'name': role['name']})
-+ roles_added.append(role['id'])
-
- return roles
-
---
-2.34.1
diff --git a/zuul.d/playbooks/buildset-registry/pre.yml b/images/kubernetes-entrypoint/Dockerfile
similarity index 60%
copy from zuul.d/playbooks/buildset-registry/pre.yml
copy to images/kubernetes-entrypoint/Dockerfile
index 81304bb..e7d0bc5 100644
--- a/zuul.d/playbooks/buildset-registry/pre.yml
+++ b/images/kubernetes-entrypoint/Dockerfile
@@ -12,9 +12,13 @@
# License for the specific language governing permissions and limitations
# under the License.
-- name: Prepare host for building images
- hosts: all
- roles:
- - ensure-docker
- - run-buildset-registry
- - use-buildset-registry
+FROM golang:1.21 AS build
+ARG KUBERNETES_ENTRYPOINT_GIT_REF=4fbcf7ce324dc66e78480f73035e31434cfea1e8
+ADD https://opendev.org/airship/kubernetes-entrypoint.git#${KUBERNETES_ENTRYPOINT_GIT_REF} /src
+WORKDIR /src
+RUN CGO_ENABLED=0 GOOS=linux go build -o /main
+
+FROM scratch
+COPY --from=build /main /kubernetes-entrypoint
+USER 65534
+ENTRYPOINT ["/kubernetes-entrypoint"]
diff --git a/images/kubernetes-entrypoint/Earthfile b/images/kubernetes-entrypoint/Earthfile
deleted file mode 100644
index 03617f2..0000000
--- a/images/kubernetes-entrypoint/Earthfile
+++ /dev/null
@@ -1,35 +0,0 @@
-VERSION 0.7
-
-ARG --global COMMIT=e8c2b17e1261c6a1b0fed1fcd5e1c337fc014219
-
-build:
- FROM golang:1.21.5-bookworm
- DO ../+APT_INSTALL --PACKAGES "patch"
- GIT CLONE --branch ${COMMIT} https://opendev.org/airship/kubernetes-entrypoint /src
- WORKDIR /src
- RUN \
- curl https://review.opendev.org/changes/airship%2Fkubernetes-entrypoint~904537/revisions/1/patch?download | \
- base64 --decode | \
- patch -p1
- ARG GOARCH
- RUN \
- --mount=type=cache,target=/root/.cache/go-build \
- --mount=type=cache,target=/go/pkg/mod \
- CGO_ENABLED=0 GOOS=linux go build -o /main
- SAVE ARTIFACT /main
-
-platform-image:
- FROM scratch
- ARG TARGETARCH
- COPY \
- --platform=linux/amd64 \
- (+build/main --GOARCH=$TARGETARCH) /kubernetes-entrypoint
- USER 65534
- ENTRYPOINT ["/kubernetes-entrypoint"]
- ARG REGISTRY=ghcr.io/vexxhost/atmosphere
- SAVE IMAGE --push \
- ${REGISTRY}/kubernetes-entrypoint:${COMMIT} \
- ${REGISTRY}/kubernetes-entrypoint:latest
-
-image:
- BUILD --platform linux/amd64 --platform linux/arm64 +platform-image
diff --git a/images/kubernetes/Earthfile b/images/kubernetes/Earthfile
deleted file mode 100644
index d31c1e0..0000000
--- a/images/kubernetes/Earthfile
+++ /dev/null
@@ -1,9 +0,0 @@
-VERSION 0.7
-
-image:
- FROM ../curl+image
- ARG TARGETOS
- ARG TARGETARCH
- RUN curl -L "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/${TARGETOS}/${TARGETARCH}/kubectl" -o /tmp/kubectl
- RUN chmod +x /tmp/kubectl && /tmp/kubectl version --client=true
- SAVE ARTIFACT /tmp/kubectl kubectl
diff --git a/images/libvirtd/Dockerfile b/images/libvirtd/Dockerfile
new file mode 100644
index 0000000..5654edf
--- /dev/null
+++ b/images/libvirtd/Dockerfile
@@ -0,0 +1,26 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+FROM registry.atmosphere.dev/library/openstack-runtime:main
+ADD --chmod=644 https://download.ceph.com/keys/release.gpg /etc/apt/trusted.gpg.d/ceph.gpg
+COPY <<EOF /etc/apt/sources.list.d/ceph.list
+deb http://download.ceph.com/debian-reef/ jammy main
+EOF
+RUN <<EOF bash -xe
+apt-get update -qq
+apt-get install -qq -y --no-install-recommends \
+ ceph-common cgroup-tools dmidecode ebtables iproute2 ipxe-qemu kmod libvirt-clients libvirt-daemon-system openssh-client openvswitch-switch ovmf pm-utils qemu-block-extra qemu-efi qemu-kvm seabios
+apt-get clean
+rm -rf /var/lib/apt/lists/*
+EOF
diff --git a/images/libvirtd/Earthfile b/images/libvirtd/Earthfile
deleted file mode 100644
index 13e6aeb..0000000
--- a/images/libvirtd/Earthfile
+++ /dev/null
@@ -1,21 +0,0 @@
-VERSION 0.7
-
-platform-image:
- ARG RELEASE=zed
- FROM ../cloud-archive-base+image --RELEASE=${RELEASE}
- COPY keyrings/ceph.gpg /etc/apt/trusted.gpg.d/
- IF [ "$(lsb_release -sc)" = "focal" ]
- RUN echo "deb http://download.ceph.com/debian-quincy/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/ceph.list
- ELSE IF [ "$(lsb_release -sc)" = "jammy" ]
- RUN echo "deb http://download.ceph.com/debian-reef/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/ceph.list
- ELSE
- RUN echo "${RELEASE} is not supported on $(lsb_release -sc)"
- RUN exit 1
- END
- DO ../+APT_INSTALL --PACKAGES="ceph-common cgroup-tools dmidecode ebtables iproute2 ipxe-qemu kmod libvirt-clients libvirt-daemon-system openssh-client openvswitch-switch ovmf pm-utils qemu-block-extra qemu-efi qemu-kvm seabios"
- DO ../+CREATE_PROJECT_USER --PROJECT=nova
- ARG REGISTRY=ghcr.io/vexxhost/atmosphere
- SAVE IMAGE --push ${REGISTRY}/libvirtd:${RELEASE}
-
-image:
- BUILD --platform linux/amd64 --platform linux/arm64 +platform-image
diff --git a/images/libvirtd/keyrings/ceph.gpg b/images/libvirtd/keyrings/ceph.gpg
deleted file mode 100644
index c5d8bd3..0000000
--- a/images/libvirtd/keyrings/ceph.gpg
+++ /dev/null
Binary files differ
diff --git a/images/magnum/Dockerfile b/images/magnum/Dockerfile
new file mode 100644
index 0000000..eca883d
--- /dev/null
+++ b/images/magnum/Dockerfile
@@ -0,0 +1,43 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+FROM registry.atmosphere.dev/library/ubuntu:main AS helm
+ARG TARGETOS
+ARG TARGETARCH
+ARG HELM_VERSION=3.14.0
+ADD https://get.helm.sh/helm-v${HELM_VERSION}-${TARGETOS}-${TARGETARCH}.tar.gz /helm.tar.gz
+RUN tar -xzf /helm.tar.gz
+RUN mv /${TARGETOS}-${TARGETARCH}/helm /usr/bin/helm
+
+FROM registry.atmosphere.dev/library/openstack-venv-builder:main AS build
+ARG MAGNUM_GIT_REF=c613ea4e419edc0086116da07e93cf19206746e1
+ADD --keep-git-dir=true https://opendev.org/openstack/magnum.git#${MAGNUM_GIT_REF} /src/magnum
+RUN git -C /src/magnum fetch --unshallow
+RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private <<EOF bash -xe
+pip3 install \
+ --constraint /upper-constraints.txt \
+ /src/magnum \
+ magnum-cluster-api==0.16.0
+EOF
+
+FROM registry.atmosphere.dev/library/openstack-python-runtime:main
+RUN <<EOF bash -xe
+apt-get update -qq
+apt-get install -qq -y --no-install-recommends \
+ haproxy
+apt-get clean
+rm -rf /var/lib/apt/lists/*
+EOF
+COPY --from=helm --link /usr/bin/helm /usr/local/bin/helm
+COPY --from=build --link /var/lib/openstack /var/lib/openstack
diff --git a/images/magnum/Earthfile b/images/magnum/Earthfile
deleted file mode 100644
index ba8ed33..0000000
--- a/images/magnum/Earthfile
+++ /dev/null
@@ -1,23 +0,0 @@
-VERSION 0.7
-
-ARG --global PROJECT=magnum
-ARG --global RELEASE=2023.2
-ARG --global PROJECT_REF=272fd686d8c8bf5954e9e7d3bc991ff27e46184d
-
-build:
- FROM ../openstack-service+builder --RELEASE=${RELEASE}
- DO ../openstack-service+BUILD_VENV \
- --PROJECT=${PROJECT} \
- --PROJECT_REF=${PROJECT_REF} \
- --PIP_PACKAGES="magnum-cluster-api==0.13.4"
-
-image:
- FROM ../openstack-service+image --RELEASE ${RELEASE} --PROJECT ${PROJECT}
- COPY +build/venv /var/lib/openstack
- DO ../+APT_INSTALL \
- --PACKAGES "haproxy"
- COPY ../helm+binary/helm /usr/local/bin/helm
- ARG REGISTRY=ghcr.io/vexxhost/atmosphere
- SAVE IMAGE --push \
- ${REGISTRY}/${PROJECT}:${RELEASE} \
- ${REGISTRY}/${PROJECT}:${PROJECT_REF}
diff --git a/images/magnum/patches/magnum/0000-update-chart-metadata-version-to-reflect-breaking-change-in-helm-v3-5-2.patch b/images/magnum/patches/magnum/0000-update-chart-metadata-version-to-reflect-breaking-change-in-helm-v3-5-2.patch
deleted file mode 100644
index 9bee808..0000000
--- a/images/magnum/patches/magnum/0000-update-chart-metadata-version-to-reflect-breaking-change-in-helm-v3-5-2.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 61592d46e7fc5644c4b5148c7ca6bf767131e504 Mon Sep 17 00:00:00 2001
-From: okozachenko1203 <okozachenko1203@gmail.com>
-Date: Fri, 31 Mar 2023 23:41:43 +1100
-Subject: [PATCH] Update chart.metadata.version to reflect breaking change in
- helm v3.5.2
-
-https: //github.com/helm/helm/issues/9342
-Change-Id: I1dbe7b0b85380e713ebb5dcdd7ecbfc6a438b852
-(cherry picked from commit ebee3263b6b3d3fa213ea8f837911b89785a4700)
----
- .../templates/kubernetes/fragments/install-helm-modules.sh | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/magnum/drivers/common/templates/kubernetes/fragments/install-helm-modules.sh b/magnum/drivers/common/templates/kubernetes/fragments/install-helm-modules.sh
-index 475e8dbf6c..a0b3f4bc75 100644
---- a/magnum/drivers/common/templates/kubernetes/fragments/install-helm-modules.sh
-+++ b/magnum/drivers/common/templates/kubernetes/fragments/install-helm-modules.sh
-@@ -72,8 +72,8 @@ else
- cat << EOF > Chart.yaml
- apiVersion: v1
- name: magnum
--version: metachart
--appVersion: metachart
-+version: 1.0.0
-+appVersion: v1.0.0
- description: Magnum Helm Charts
- EOF
- sed -i '1i\dependencies:' requirements.yaml
diff --git a/images/manila/Dockerfile b/images/manila/Dockerfile
new file mode 100644
index 0000000..cbf63ec
--- /dev/null
+++ b/images/manila/Dockerfile
@@ -0,0 +1,33 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+FROM registry.atmosphere.dev/library/openstack-venv-builder:main AS build
+ARG MANILA_GIT_REF=d8987589ae88ae9b2769fbe6f26d5b6994098038
+ADD --keep-git-dir=true https://opendev.org/openstack/manila.git#${MANILA_GIT_REF} /src/manila
+RUN git -C /src/manila fetch --unshallow
+RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private <<EOF bash -xe
+pip3 install \
+ --constraint /upper-constraints.txt \
+ /src/manila
+EOF
+
+FROM registry.atmosphere.dev/library/openstack-python-runtime:main
+RUN <<EOF bash -xe
+apt-get update -qq
+apt-get install -qq -y --no-install-recommends \
+ iproute2 openvswitch-switch
+apt-get clean
+rm -rf /var/lib/apt/lists/*
+EOF
+COPY --from=build --link /var/lib/openstack /var/lib/openstack
diff --git a/images/manila/Earthfile b/images/manila/Earthfile
deleted file mode 100644
index be2bccb..0000000
--- a/images/manila/Earthfile
+++ /dev/null
@@ -1,21 +0,0 @@
-VERSION 0.7
-
-ARG --global PROJECT=manila
-ARG --global RELEASE=2023.2
-ARG --global PROJECT_REF=a9cea65b45f0c0bf148b6ac9db0a8141c74fa2a6
-
-build:
- FROM ../openstack-service+builder --RELEASE=${RELEASE}
- DO ../openstack-service+BUILD_VENV \
- --PROJECT=${PROJECT} \
- --PROJECT_REF=${PROJECT_REF}
-
-image:
- FROM ../openstack-service+image --RELEASE ${RELEASE} --PROJECT ${PROJECT}
- COPY +build/venv /var/lib/openstack
- DO ../+APT_INSTALL \
- --PACKAGES "iproute2 openvswitch-switch"
- ARG REGISTRY=ghcr.io/vexxhost/atmosphere
- SAVE IMAGE --push \
- ${REGISTRY}/${PROJECT}:${RELEASE} \
- ${REGISTRY}/${PROJECT}:${PROJECT_REF}
diff --git a/images/manila/patches/manila/0000-fix-stop-using-batch_op-for-rename_table.patch b/images/manila/patches/manila/0000-fix-stop-using-batch_op-for-rename_table.patch
deleted file mode 100644
index c1f2306..0000000
--- a/images/manila/patches/manila/0000-fix-stop-using-batch_op-for-rename_table.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From eb7f03c667261557d7f809f7851bad6b3eea4646 Mon Sep 17 00:00:00 2001
-From: Mohammed Naser <mnaser@vexxhost.com>
-Date: Mon, 8 Jan 2024 14:00:37 -0500
-Subject: [PATCH] fix: Stop using batch_op for rename_table
-
-For migrations that rename tables, batch_op is not needed, which
-is also even causing issues with newer versions of Alembic.
-
-Change-Id: Ib43f5a24c497f7d97cb2d852b99489b0c3bd75fb
----
- .../alembic/versions/5077ffcc5f1c_add_share_instances.py | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/manila/db/migrations/alembic/versions/5077ffcc5f1c_add_share_instances.py b/manila/db/migrations/alembic/versions/5077ffcc5f1c_add_share_instances.py
-index 42d26b75e..373e308d0 100644
---- a/manila/db/migrations/alembic/versions/5077ffcc5f1c_add_share_instances.py
-+++ b/manila/db/migrations/alembic/versions/5077ffcc5f1c_add_share_instances.py
-@@ -245,8 +245,8 @@ def upgrade_export_locations_table(connection):
- with op.batch_alter_table("share_export_locations") as batch_op:
- batch_op.drop_constraint('sel_id_fk', type_='foreignkey')
- batch_op.drop_column('share_id')
-- batch_op.rename_table('share_export_locations',
-- 'share_instance_export_locations')
-+ op.rename_table('share_export_locations',
-+ 'share_instance_export_locations')
-
-
- def downgrade_export_locations_table(connection):
---
-2.34.1
diff --git a/images/netoffload/Dockerfile b/images/netoffload/Dockerfile
new file mode 100644
index 0000000..93df492
--- /dev/null
+++ b/images/netoffload/Dockerfile
@@ -0,0 +1,29 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+FROM golang:1.20 AS build
+ARG NETOFFLOAD_GIT_REF=94b8c0fdb0b83bd1b7e14b9a58077a047c78a800
+ADD https://github.com/vexxhost/netoffload.git#${NETOFFLOAD_GIT_REF} /src
+WORKDIR /src
+RUN go build -v -o offloadctl ./cmd/offloadctl/main.go
+
+FROM registry.atmosphere.dev/library/ubuntu:main
+RUN <<EOF bash -xe
+apt-get update -qq
+apt-get install -qq -y --no-install-recommends \
+ jq mstflint
+apt-get clean
+rm -rf /var/lib/apt/lists/*
+EOF
+COPY --from=build --link /src/offloadctl /usr/local/bin/offloadctl
diff --git a/images/netoffload/Earthfile b/images/netoffload/Earthfile
deleted file mode 100644
index d3a04be..0000000
--- a/images/netoffload/Earthfile
+++ /dev/null
@@ -1,28 +0,0 @@
-VERSION 0.7
-
-ARG --global PROJECT=netoffload
-ARG --global RELEASE=main
-ARG --global PROJECT_REF=94b8c0fdb0b83bd1b7e14b9a58077a047c78a800
-
-build:
- FROM golang:1.20
- WORKDIR /src
- GIT CLONE --branch ${PROJECT_REF} https://github.com/vexxhost/netoffload /src
- RUN \
- --mount=type=cache,target=/root/.cache/go-build \
- --mount=type=cache,target=/go/pkg/mod \
- go build -v -o offloadctl cmd/offloadctl/main.go
- SAVE ARTIFACT offloadctl
-
-platform-image:
- FROM ../base+image
- DO ../+APT_INSTALL --PACKAGES="jq mstflint"
- COPY +build/offloadctl /usr/local/bin/offloadctl
- ENTRYPOINT ["/usr/local/bin/offloadctl"]
- ARG REGISTRY=ghcr.io/vexxhost/atmosphere
- SAVE IMAGE --push \
- ${REGISTRY}/${PROJECT}:${RELEASE} \
- ${REGISTRY}/${PROJECT}:${PROJECT_REF}
-
-image:
- BUILD --platform linux/amd64 --platform linux/arm64 +platform-image
diff --git a/images/neutron/Dockerfile b/images/neutron/Dockerfile
new file mode 100644
index 0000000..716aa1d
--- /dev/null
+++ b/images/neutron/Dockerfile
@@ -0,0 +1,36 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+FROM registry.atmosphere.dev/library/openstack-venv-builder:main AS build
+ARG NEUTRON_GIT_REF=019294c71d94b788c14b23dc1da3c21f51bcdb0b
+ADD --keep-git-dir=true https://opendev.org/openstack/neutron.git#${NEUTRON_GIT_REF} /src/neutron
+RUN git -C /src/neutron fetch --unshallow
+ADD --keep-git-dir=true https://opendev.org/openstack/neutron-vpnaas.git#master /src/neutron-vpnaas
+RUN git -C /src/neutron-vpnaas fetch --unshallow
+RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private <<EOF bash -xe
+pip3 install \
+ --constraint /upper-constraints.txt \
+ /src/neutron \
+ /src/neutron-vpnaas
+EOF
+
+FROM registry.atmosphere.dev/library/openstack-python-runtime:main
+RUN <<EOF bash -xe
+apt-get update -qq
+apt-get install -qq -y --no-install-recommends \
+ conntrack dnsmasq dnsmasq-utils ebtables ethtool haproxy iproute2 ipset iptables iputils-arping jq keepalived lshw openvswitch-switch strongswan uuid-runtime
+apt-get clean
+rm -rf /var/lib/apt/lists/*
+EOF
+COPY --from=build --link /var/lib/openstack /var/lib/openstack
diff --git a/images/neutron/Earthfile b/images/neutron/Earthfile
deleted file mode 100644
index bfff1e2..0000000
--- a/images/neutron/Earthfile
+++ /dev/null
@@ -1,25 +0,0 @@
-VERSION 0.7
-
-ARG --global PROJECT=neutron
-ARG --global RELEASE=zed
-ARG --global PROJECT_REF=b9e3818b6e8905f5717d9888014f7e42141aacf0
-
-build:
- FROM ../openstack-service+builder --RELEASE=${RELEASE}
- DO ../openstack-service+BUILD_VENV \
- --PROJECT=${PROJECT} \
- --PROJECT_REF=${PROJECT_REF} \
- --PIP_PACKAGES="git+https://github.com/openstack/neutron-vpnaas.git@256464aea691f8b4957ba668a117963353f34e4c"
-
-platform-image:
- FROM ../openstack-service+image --RELEASE ${RELEASE} --PROJECT ${PROJECT}
- COPY +build/venv /var/lib/openstack
- DO ../+APT_INSTALL \
- --PACKAGES "conntrack dnsmasq dnsmasq-utils ebtables ethtool haproxy iproute2 ipset iptables iputils-arping jq keepalived lshw openvswitch-switch strongswan uuid-runtime"
- ARG REGISTRY=ghcr.io/vexxhost/atmosphere
- SAVE IMAGE --push \
- ${REGISTRY}/${PROJECT}:${RELEASE} \
- ${REGISTRY}/${PROJECT}:${PROJECT_REF}
-
-image:
- BUILD --platform linux/amd64 --platform linux/arm64 +platform-image
diff --git a/images/neutron/patches/neutron/0000-fix-netns-deletion-of-broken-namespaces.patch b/images/neutron/patches/neutron/0000-fix-netns-deletion-of-broken-namespaces.patch
deleted file mode 100644
index efa4798..0000000
--- a/images/neutron/patches/neutron/0000-fix-netns-deletion-of-broken-namespaces.patch
+++ /dev/null
@@ -1,144 +0,0 @@
-From 69c49c4ef24648f97d895bfaacd7336917634565 Mon Sep 17 00:00:00 2001
-From: Felix Huettner <felix.huettner@mail.schwarz>
-Date: Fri, 22 Sep 2023 16:25:10 +0200
-Subject: [PATCH] fix netns deletion of broken namespaces
-
-normal network namespaces are bind-mounted to files under
-/var/run/netns. If a process deleting a network namespace gets killed
-during that operation there is the chance that the bind mount to the
-netns has been removed, but the file under /var/run/netns still exists.
-
-When the neutron-ovn-metadata-agent tries to clean up such network
-namespaces it first tires to validate that the network namespace is
-empty. For the cases described above this fails, as this network
-namespace no longer really exists, but is just a stray file laying
-around.
-
-To fix this we treat network namespaces where we get an `OSError` with
-errno 22 (Invalid Argument) as empty. The calls to pyroute2 to delete
-the namespace will then clean up the file.
-
-Additionally we add a guard to teardown_datapath to continue even if
-this fails. failing to remove a datapath is not critical and leaves in
-the worst case a process and a network namespace running, however
-previously it would have also prevented the creation of new datapaths
-which is critical for VM startup.
-
-Closes-Bug: #2037102
-Change-Id: I7c43812fed5903f98a2e491076c24a8d926a59b4
-(cherry picked from commit 566fea3fed837b0130023303c770aade391d3d61)
----
- neutron/agent/linux/ip_lib.py | 17 ++++++++++++-
- neutron/agent/ovn/metadata/agent.py | 5 +++-
- neutron/tests/unit/agent/linux/test_ip_lib.py | 15 +++++++++++
- .../unit/agent/ovn/metadata/test_agent.py | 25 +++++++++++++++++++
- 4 files changed, 60 insertions(+), 2 deletions(-)
-
-diff --git a/neutron/agent/linux/ip_lib.py b/neutron/agent/linux/ip_lib.py
-index 10bd33d9e1..5d2593da47 100644
---- a/neutron/agent/linux/ip_lib.py
-+++ b/neutron/agent/linux/ip_lib.py
-@@ -259,7 +259,22 @@ class IPWrapper(SubProcessBase):
- return ip
-
- def namespace_is_empty(self):
-- return not self.get_devices()
-+ try:
-+ return not self.get_devices()
-+ except OSError as e:
-+ # This can happen if we previously got terminated in the middle of
-+ # removing this namespace. In this case the bind mount of the
-+ # namespace under /var/run/netns will be removed, but the namespace
-+ # file is still there. As the bind mount is gone we can no longer
-+ # access the namespace to validate that it is empty. But since it
-+ # should have already been removed we are sure that the check has
-+ # passed the last time and since the namespace is unuseable that
-+ # can not have changed.
-+ # Future calls to pyroute2 to remove that namespace will clean up
-+ # the leftover file.
-+ if e.errno == errno.EINVAL:
-+ return True
-+ raise e
-
- def garbage_collect_namespace(self):
- """Conditionally destroy the namespace if it is empty."""
-diff --git a/neutron/agent/ovn/metadata/agent.py b/neutron/agent/ovn/metadata/agent.py
-index 1745239701..861715d8e1 100644
---- a/neutron/agent/ovn/metadata/agent.py
-+++ b/neutron/agent/ovn/metadata/agent.py
-@@ -430,7 +430,10 @@ class MetadataAgent(object):
- ns.startswith(NS_PREFIX) and
- ns not in metadata_namespaces]
- for ns in unused_namespaces:
-- self.teardown_datapath(self._get_datapath_name(ns))
-+ try:
-+ self.teardown_datapath(self._get_datapath_name(ns))
-+ except Exception:
-+ LOG.exception('Error unable to destroy namespace: %s', ns)
-
- # resync all network namespaces based on the associated datapaths,
- # even those that are already running. This is to make sure
-diff --git a/neutron/tests/unit/agent/linux/test_ip_lib.py b/neutron/tests/unit/agent/linux/test_ip_lib.py
-index d1c74fb3f7..159cafdb8e 100644
---- a/neutron/tests/unit/agent/linux/test_ip_lib.py
-+++ b/neutron/tests/unit/agent/linux/test_ip_lib.py
-@@ -357,6 +357,21 @@ class TestIpWrapper(base.BaseTestCase):
- self.assertNotIn(mock.call().delete('ns'),
- ip_ns_cmd_cls.mock_calls)
-
-+ def test_garbage_collect_namespace_existing_broken(self):
-+ with mock.patch.object(ip_lib, 'IpNetnsCommand') as ip_ns_cmd_cls:
-+ ip_ns_cmd_cls.return_value.exists.return_value = True
-+
-+ ip = ip_lib.IPWrapper(namespace='ns')
-+
-+ with mock.patch.object(ip, 'get_devices',
-+ side_effect=OSError(errno.EINVAL, None)
-+ ) as mock_get_devices:
-+ self.assertTrue(ip.garbage_collect_namespace())
-+
-+ mock_get_devices.assert_called_once_with()
-+ expected = [mock.call().delete('ns')]
-+ ip_ns_cmd_cls.assert_has_calls(expected)
-+
- @mock.patch.object(priv_lib, 'create_interface')
- def test_add_vlan(self, create):
- retval = ip_lib.IPWrapper().add_vlan('eth0.1', 'eth0', '1')
-diff --git a/neutron/tests/unit/agent/ovn/metadata/test_agent.py b/neutron/tests/unit/agent/ovn/metadata/test_agent.py
-index 6df7da702d..9bf9f0db52 100644
---- a/neutron/tests/unit/agent/ovn/metadata/test_agent.py
-+++ b/neutron/tests/unit/agent/ovn/metadata/test_agent.py
-@@ -134,6 +134,31 @@ class TestMetadataAgent(base.BaseTestCase):
- lnn.assert_called_once_with()
- tdp.assert_called_once_with('3')
-
-+ def test_sync_teardown_namespace_does_not_crash_on_error(self):
-+ """Test that sync tears down unneeded metadata namespaces.
-+ Even if that fails it continues to provision other datapaths
-+ """
-+ with mock.patch.object(
-+ self.agent, 'provision_datapath') as pdp,\
-+ mock.patch.object(
-+ ip_lib, 'list_network_namespaces',
-+ return_value=['ovnmeta-1', 'ovnmeta-2', 'ovnmeta-3',
-+ 'ns1', 'ns2']) as lnn,\
-+ mock.patch.object(
-+ self.agent, 'teardown_datapath',
-+ side_effect=Exception()) as tdp:
-+ self.agent.sync()
-+
-+ pdp.assert_has_calls(
-+ [
-+ mock.call(p.datapath)
-+ for p in self.ports
-+ ],
-+ any_order=True
-+ )
-+ lnn.assert_called_once_with()
-+ tdp.assert_called_once_with('3')
-+
- def test_get_networks_datapaths(self):
- """Test get_networks_datapaths returns only datapath objects for the
- networks containing vif ports of type ''(blank) and 'external'.
---
-2.34.1
diff --git a/zuul.d/playbooks/buildset-registry/pre.yml b/images/nova-ssh/Dockerfile
similarity index 66%
copy from zuul.d/playbooks/buildset-registry/pre.yml
copy to images/nova-ssh/Dockerfile
index 81304bb..dd59388 100644
--- a/zuul.d/playbooks/buildset-registry/pre.yml
+++ b/images/nova-ssh/Dockerfile
@@ -12,9 +12,15 @@
# License for the specific language governing permissions and limitations
# under the License.
-- name: Prepare host for building images
- hosts: all
- roles:
- - ensure-docker
- - run-buildset-registry
- - use-buildset-registry
+FROM registry.atmosphere.dev/library/openstack-runtime:main
+RUN <<EOF bash -xe
+apt-get update -qq
+apt-get install -qq -y --no-install-recommends \
+ openssh-server \
+ openssh-client
+EOF
+RUN <<EOF bash -xe
+chown -R nova: /etc/ssh
+mkdir /var/run/sshd
+chmod 0755 /var/run/sshd
+EOF
diff --git a/images/nova-ssh/Earthfile b/images/nova-ssh/Earthfile
deleted file mode 100644
index 1b8df66..0000000
--- a/images/nova-ssh/Earthfile
+++ /dev/null
@@ -1,18 +0,0 @@
-VERSION 0.7
-
-platform-image:
- FROM ../base+image
- DO ../+CREATE_PROJECT_USER \
- --PROJECT=nova \
- --SHELL=/bin/bash
- DO ../+APT_INSTALL \
- --PACKAGES "openssh-server openssh-client"
- RUN \
- chown -R nova: /etc/ssh && \
- mkdir /var/run/sshd && \
- chmod 0755 /var/run/sshd
- ARG REGISTRY=ghcr.io/vexxhost/atmosphere
- SAVE IMAGE --push ${REGISTRY}/nova-ssh:latest
-
-image:
- BUILD --platform linux/amd64 --platform linux/arm64 +platform-image
diff --git a/images/nova/Dockerfile b/images/nova/Dockerfile
new file mode 100644
index 0000000..c626858
--- /dev/null
+++ b/images/nova/Dockerfile
@@ -0,0 +1,34 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+FROM registry.atmosphere.dev/library/openstack-venv-builder:main AS build
+ARG NOVA_GIT_REF=c199becf52267ba37c5191f6f82e29bb5232b607
+ADD --keep-git-dir=true https://opendev.org/openstack/nova.git#${NOVA_GIT_REF} /src/nova
+RUN git -C /src/nova fetch --unshallow
+RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private <<EOF bash -xe
+pip3 install \
+ --constraint /upper-constraints.txt \
+ /src/nova
+EOF
+
+FROM registry.atmosphere.dev/library/openstack-python-runtime:main
+ADD https://github.com/novnc/noVNC.git#v1.4.0 /usr/share/novnc
+RUN <<EOF bash -xe
+apt-get update -qq
+apt-get install -qq -y --no-install-recommends \
+ ceph-common genisoimage iproute2 libosinfo-bin lsscsi ndctl nvme-cli openssh-client ovmf python3-libvirt python3-rados python3-rbd qemu-efi-aarch64 qemu-utils sysfsutils udev util-linux
+apt-get clean
+rm -rf /var/lib/apt/lists/*
+EOF
+COPY --from=build --link /var/lib/openstack /var/lib/openstack
diff --git a/images/nova/Earthfile b/images/nova/Earthfile
deleted file mode 100644
index 9e1cc3d..0000000
--- a/images/nova/Earthfile
+++ /dev/null
@@ -1,25 +0,0 @@
-VERSION 0.7
-
-ARG --global PROJECT=nova
-ARG --global RELEASE=zed
-ARG --global PROJECT_REF=226f3e95c1cdadd1845c7adee55f5c5f29f3a7a8
-
-build:
- FROM ../openstack-service+builder --RELEASE=${RELEASE}
- DO ../openstack-service+BUILD_VENV \
- --PROJECT=${PROJECT} \
- --PROJECT_REF=${PROJECT_REF}
-
-platform-image:
- FROM ../openstack-service+image --RELEASE ${RELEASE} --PROJECT ${PROJECT}
- COPY +build/venv /var/lib/openstack
- DO ../+APT_INSTALL \
- --PACKAGES "ceph-common genisoimage iproute2 libosinfo-bin lsscsi ndctl nvme-cli openssh-client ovmf python3-libvirt python3-rados python3-rbd qemu-efi-aarch64 qemu-utils sysfsutils udev util-linux"
- GIT CLONE --branch v1.4.0 https://github.com/novnc/noVNC.git /usr/share/novnc
- ARG REGISTRY=ghcr.io/vexxhost/atmosphere
- SAVE IMAGE --push \
- ${REGISTRY}/${PROJECT}:${RELEASE} \
- ${REGISTRY}/${PROJECT}:${PROJECT_REF}
-
-image:
- BUILD --platform linux/amd64 --platform linux/arm64 +platform-image
diff --git a/images/nova/patches/nova/0000-libvirt-Stop-unconditionally-enabling-evmcs.patch b/images/nova/patches/nova/0000-libvirt-Stop-unconditionally-enabling-evmcs.patch
deleted file mode 100644
index 1191af1..0000000
--- a/images/nova/patches/nova/0000-libvirt-Stop-unconditionally-enabling-evmcs.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-From 86a35e97d286cbb6e23f8cc7bec5a05f022da0cb Mon Sep 17 00:00:00 2001
-From: Artom Lifshitz <alifshit@redhat.com>
-Date: Tue, 31 Oct 2023 22:52:50 -0400
-Subject: [PATCH] libvirt: Stop unconditionally enabling evmcs
-
-In I008841988547573878c4e06e82f0fa55084e51b5 we started enabling a
-bunch of libvirt enlightenments for Windows unconditionally. Turns
-out, the `evmcs` enlightenment only works on Intel hosts, and we broke
-the ability to run Windows guests on AMD machines. Until we become
-smarter about conditionally enabling evmcs (with something like traits
-for host CPU features), just stop enabling it at all.
-
-Change-Id: I2ff4fdecd9dc69de283f0e52e07df1aeaf0a9048
-Closes-bug: 2009280
----
- nova/tests/unit/virt/libvirt/test_driver.py | 5 ++++-
- nova/virt/libvirt/driver.py | 1 -
- ...p-unconditionally-enabling-evmcs-993a825641c4b9f3.yaml | 8 ++++++++
- 3 files changed, 12 insertions(+), 2 deletions(-)
- create mode 100644 releasenotes/notes/libvirt-enlightenments-stop-unconditionally-enabling-evmcs-993a825641c4b9f3.yaml
-
-diff --git a/nova/tests/unit/virt/libvirt/test_driver.py b/nova/tests/unit/virt/libvirt/test_driver.py
-index d01b9c2677..ebba604ffa 100644
---- a/nova/tests/unit/virt/libvirt/test_driver.py
-+++ b/nova/tests/unit/virt/libvirt/test_driver.py
-@@ -27972,7 +27972,10 @@ class LibvirtDriverTestCase(test.NoDBTestCase, TraitsComparisonMixin):
- self.assertTrue(hv.reenlightenment)
- self.assertTrue(hv.tlbflush)
- self.assertTrue(hv.ipi)
-- self.assertTrue(hv.evmcs)
-+ # NOTE(artom) evmcs only works on Intel hosts, so we can't enable it
-+ # unconditionally. Until we become smarter about it, just don't enable
-+ # it at all. See bug 2009280.
-+ self.assertFalse(hv.evmcs)
-
-
- class LibvirtVolumeUsageTestCase(test.NoDBTestCase):
-diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py
-index d03dc5fd67..1b28e50355 100644
---- a/nova/virt/libvirt/driver.py
-+++ b/nova/virt/libvirt/driver.py
-@@ -6234,7 +6234,6 @@ class LibvirtDriver(driver.ComputeDriver):
- hv.reenlightenment = True
- hv.tlbflush = True
- hv.ipi = True
-- hv.evmcs = True
-
- # NOTE(kosamara): Spoofing the vendor_id aims to allow the nvidia
- # driver to work on windows VMs. At the moment, the nvidia driver
-diff --git a/releasenotes/notes/libvirt-enlightenments-stop-unconditionally-enabling-evmcs-993a825641c4b9f3.yaml b/releasenotes/notes/libvirt-enlightenments-stop-unconditionally-enabling-evmcs-993a825641c4b9f3.yaml
-new file mode 100644
-index 0000000000..31609f2a2d
---- /dev/null
-+++ b/releasenotes/notes/libvirt-enlightenments-stop-unconditionally-enabling-evmcs-993a825641c4b9f3.yaml
-@@ -0,0 +1,8 @@
-+---
-+fixes:
-+ - |
-+ Bug 2009280 has been fixed by no longer enabling the evmcs enlightenment in
-+ the libvirt driver. evmcs only works on Intel CPUs, and domains with that
-+ enlightenment cannot be started on AMD hosts. There is a possible future
-+ feature to enable support for generating this enlightenment only when
-+ running on Intel hosts.
---
-2.34.1
-
diff --git a/images/nova/patches/nova/0001-libvirt-stop-enabling-hyperv-feature-reenlightenment.patch b/images/nova/patches/nova/0001-libvirt-stop-enabling-hyperv-feature-reenlightenment.patch
deleted file mode 100644
index 88ea631..0000000
--- a/images/nova/patches/nova/0001-libvirt-stop-enabling-hyperv-feature-reenlightenment.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From e618e78edc6293d248a5fa2eb63b3fa636250fca Mon Sep 17 00:00:00 2001
-From: songjie <songjie_yewu@cmss.chinamobile.com>
-Date: Mon, 25 Dec 2023 16:59:36 +0800
-Subject: [PATCH] libvirt: stop enabling hyperv feature reenlightenment
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The 'reenlightenment' hyperv enlightenment will cause
-instances live-migration to fail (KVM currently doesn’t
-fully support reenlightenment notifications, see
-www.qemu.org/docs/master/system/i386/hyperv.html),
-so don't enable it now.
-
-Change-Id: I6821819450bc96e4304125ea3b76a0e462e6e33f
-Closes-Bug: #2046549
-Related-Bug: #2009280
----
- nova/tests/unit/virt/libvirt/test_driver.py | 4 +++-
- nova/virt/libvirt/driver.py | 1 -
- 2 files changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/nova/tests/unit/virt/libvirt/test_driver.py b/nova/tests/unit/virt/libvirt/test_driver.py
-index 868e024370..2e1d089898 100644
---- a/nova/tests/unit/virt/libvirt/test_driver.py
-+++ b/nova/tests/unit/virt/libvirt/test_driver.py
-@@ -28048,7 +28048,9 @@ class LibvirtDriverTestCase(test.NoDBTestCase, TraitsComparisonMixin):
- self.assertTrue(hv.synic)
- self.assertTrue(hv.reset)
- self.assertTrue(hv.frequencies)
-- self.assertTrue(hv.reenlightenment)
-+ # NOTE(jie) reenlightenment will cause instances live-migration
-+ # failure, so don't enable it now. See bug 2046549.
-+ self.assertFalse(hv.reenlightenment)
- self.assertTrue(hv.tlbflush)
- self.assertTrue(hv.ipi)
- # NOTE(artom) evmcs only works on Intel hosts, so we can't enable it
-diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py
-index 7f5f48c047..f8e3353110 100644
---- a/nova/virt/libvirt/driver.py
-+++ b/nova/virt/libvirt/driver.py
-@@ -6262,7 +6262,6 @@ class LibvirtDriver(driver.ComputeDriver):
- hv.synic = True
- hv.reset = True
- hv.frequencies = True
-- hv.reenlightenment = True
- hv.tlbflush = True
- hv.ipi = True
-
---
-2.34.1
-
diff --git a/images/octavia/Dockerfile b/images/octavia/Dockerfile
new file mode 100644
index 0000000..d4dd8d3
--- /dev/null
+++ b/images/octavia/Dockerfile
@@ -0,0 +1,36 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+FROM registry.atmosphere.dev/library/openstack-venv-builder:main AS build
+ARG OCTAVIA_GIT_REF=824b51a1dad80292b7a8ad5d61bf3ce706b1fb29
+ADD --keep-git-dir=true https://opendev.org/openstack/octavia.git#${OCTAVIA_GIT_REF} /src/octavia
+RUN git -C /src/octavia fetch --unshallow
+ADD --keep-git-dir=true https://opendev.org/openstack/ovn-octavia-provider.git#master /src/ovn-octavia-provider
+RUN git -C /src/ovn-octavia-provider fetch --unshallow
+RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private <<EOF bash -xe
+pip3 install \
+ --constraint /upper-constraints.txt \
+ /src/octavia \
+ /src/ovn-octavia-provider
+EOF
+
+FROM registry.atmosphere.dev/library/openstack-python-runtime:main
+RUN <<EOF bash -xe
+apt-get update -qq
+apt-get install -qq -y --no-install-recommends \
+ isc-dhcp-client openssh-client
+apt-get clean
+rm -rf /var/lib/apt/lists/*
+EOF
+COPY --from=build --link /var/lib/openstack /var/lib/openstack
diff --git a/images/octavia/Earthfile b/images/octavia/Earthfile
deleted file mode 100644
index 0fcb0d5..0000000
--- a/images/octavia/Earthfile
+++ /dev/null
@@ -1,22 +0,0 @@
-VERSION 0.7
-
-ARG --global PROJECT=octavia
-ARG --global RELEASE=2023.2
-ARG --global PROJECT_REF=3f31a50f264c0e58691b1be7e90d324c13588b63
-
-build:
- FROM ../openstack-service+builder --RELEASE=${RELEASE}
- DO ../openstack-service+BUILD_VENV \
- --PROJECT=${PROJECT} \
- --PROJECT_REF=${PROJECT_REF} \
- --PIP_PACKAGES="ovn-octavia-provider"
-
-image:
- FROM ../openstack-service+image --RELEASE ${RELEASE} --PROJECT ${PROJECT}
- COPY +build/venv /var/lib/openstack
- DO ../+APT_INSTALL \
- --PACKAGES "isc-dhcp-client openssh-client"
- ARG REGISTRY=ghcr.io/vexxhost/atmosphere
- SAVE IMAGE --push \
- ${REGISTRY}/${PROJECT}:${RELEASE} \
- ${REGISTRY}/${PROJECT}:${PROJECT_REF}
diff --git a/images/octavia/patches/octavia/0000-fix-specify-endpoint-info.-for-neutron-client.patch b/images/octavia/patches/octavia/0000-fix-specify-endpoint-info.-for-neutron-client.patch
deleted file mode 100644
index f113d64..0000000
--- a/images/octavia/patches/octavia/0000-fix-specify-endpoint-info.-for-neutron-client.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From efd289b950b32d3e6ad160b7c7f2901bca7c7e55 Mon Sep 17 00:00:00 2001
-From: Mohammed Naser <mnaser@vexxhost.com>
-Date: Tue, 16 Jan 2024 17:13:19 -0500
-Subject: [PATCH] fix: specify endpoint info. for neutron client
-
-Closes bug: #2049551
-
-Change-Id: I80a266e500958415a70d462ddfe57e9e03e6ef13
----
- octavia/common/clients.py | 8 +++++++-
- 1 file changed, 7 insertions(+), 1 deletion(-)
-
-diff --git a/octavia/common/clients.py b/octavia/common/clients.py
-index b13642bb..2abcc67b 100644
---- a/octavia/common/clients.py
-+++ b/octavia/common/clients.py
-@@ -80,10 +80,16 @@ class NeutronAuth(object):
- if not cls.neutron_client:
- sess = ksession.get_session()
-
-- kwargs = {}
-+ kwargs = {
-+ 'region_name': CONF.neutron.region_name,
-+ 'interface': CONF.neutron.valid_interfaces
-+ }
- if CONF.neutron.endpoint_override:
- kwargs['network_endpoint_override'] = (
- CONF.neutron.endpoint_override)
-+ if CONF.neutron.endpoint_override.startswith("https"):
-+ kwargs['insecure'] = CONF.neutron.insecure
-+ kwargs['cacert'] = CONF.neutron.cafile
-
- conn = openstack.connection.Connection(
- session=sess, **kwargs)
---
-2.34.1
-
diff --git a/images/openstack-runtime/Dockerfile b/images/openstack-runtime/Dockerfile
new file mode 100644
index 0000000..b5bbf82
--- /dev/null
+++ b/images/openstack-runtime/Dockerfile
@@ -0,0 +1,23 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+ARG FROM=registry.atmosphere.dev/library/ubuntu-cloud-archive:main
+FROM ${FROM}
+ONBUILD ARG PROJECT
+ONBUILD ARG SHELL=/usr/sbin/nologin
+ONBUILD RUN \
+ groupadd -g 42424 ${PROJECT} && \
+ useradd -u 42424 -g 42424 -M -d /var/lib/${PROJECT} -s ${SHELL} -c "${PROJECT} User" ${PROJECT} && \
+ mkdir -p /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/cache/${PROJECT} && \
+ chown -Rv ${PROJECT}:${PROJECT} /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/cache/${PROJECT}
diff --git a/images/openstack-service/Earthfile b/images/openstack-service/Earthfile
deleted file mode 100644
index ae4ab49..0000000
--- a/images/openstack-service/Earthfile
+++ /dev/null
@@ -1,99 +0,0 @@
-VERSION 0.8
-
-PIP_INSTALL:
- FUNCTION
- ARG PACKAGES
- RUN --mount=type=cache,target=/root/.cache \
- /var/lib/openstack/bin/pip3 install \
- --constraint /upper-constraints.txt \
- ${PACKAGES}
-
-GIT_CHECKOUT:
- FUNCTION
- ARG PROJECT
- ARG PROJECT_REPO=https://github.com/openstack/${PROJECT}
- ARG PROJECT_REF
- GIT CLONE --branch ${PROJECT_REF} ${PROJECT_REPO} /src
- WORKDIR /src
- RUN \
- git remote set-url origin ${PROJECT_REPO} && \
- git fetch --unshallow
- COPY --if-exists patches/${PROJECT} /patches
- IF [ -d /patches ]
- RUN git apply --verbose /patches/*.patch
- END
-
-BUILD_VENV:
- FUNCTION
- ARG PROJECT
- ARG PROJECT_REPO=https://github.com/openstack/${PROJECT}
- ARG PROJECT_REF
- DO +GIT_CHECKOUT \
- --PROJECT=${PROJECT} \
- --PROJECT_REPO=${PROJECT_REPO} \
- --PROJECT_REF=${PROJECT_REF}
- ARG EXTRAS=""
- ARG PIP_PACKAGES=""
- DO +PIP_INSTALL --PACKAGES "/src${EXTRAS} ${PIP_PACKAGES}"
- SAVE ARTIFACT /var/lib/openstack venv
-
-requirements:
- FROM ../base+image
- ARG RELEASE
- IF [ "${RELEASE}" = "master" ]
- ARG BRANCH=master
- ELSE
- ARG BRANCH=stable/${RELEASE}
- END
- GIT CLONE --branch ${BRANCH} https://github.com/openstack/requirements /src
- RUN \
- sed -i 's/cryptography===36.0.2/cryptography===42.0.4/' /src/upper-constraints.txt && \
- sed -i 's/cryptography===40.0.2/cryptography===42.0.4/' /src/upper-constraints.txt && \
- sed -i 's/cryptography===41.0.7/cryptography===42.0.4/' /src/upper-constraints.txt && \
- sed -i 's/Django===3.2.18/Django===3.2.24/' /src/upper-constraints.txt && \
- sed -i 's/Flask===2.2.3/Flask===2.2.5/' /src/upper-constraints.txt && \
- sed -i 's/Jinja2===3.1.2/Jinja2===3.1.3/' /src/upper-constraints.txt && \
- sed -i 's/paramiko===2.11.0/paramiko===3.4.0/' /src/upper-constraints.txt && \
- sed -i 's/paramiko===3.1.0/paramiko===3.4.0/' /src/upper-constraints.txt && \
- sed -i 's/pyOpenSSL===22.0.0/pyOpenSSL===24.0.0/' /src/upper-constraints.txt && \
- sed -i 's/pyOpenSSL===23.1.1/pyOpenSSL===24.0.0/' /src/upper-constraints.txt && \
- sed -i 's/requests===2.28.1/requests===2.31.0/' /src/upper-constraints.txt && \
- sed -i 's/requests===2.28.2/requests===2.31.0/' /src/upper-constraints.txt && \
- sed -i 's/sqlparse===0.4.2/sqlparse===0.4.4/' /src/upper-constraints.txt && \
- sed -i 's/urllib3===1.26.12/urllib3===1.26.18/' /src/upper-constraints.txt && \
- sed -i 's/urllib3===1.26.15/urllib3===1.26.18/' /src/upper-constraints.txt && \
- sed -i 's/Werkzeug===2.2.3/Werkzeug===2.3.8/' /src/upper-constraints.txt && \
- sed -i '/glance-store/d' /src/upper-constraints.txt && \
- sed -i '/horizon/d' /src/upper-constraints.txt
- SAVE ARTIFACT /src/upper-constraints.txt
-
-builder:
- ARG RELEASE
- FROM ../cloud-archive-base+image --RELEASE=${RELEASE}
- DO ../+APT_INSTALL --PACKAGES "\
- build-essential \
- curl \
- git \
- libldap2-dev \
- libpcre3-dev \
- libsasl2-dev \
- libssl-dev \
- lsb-release \
- openssh-client \
- python3 \
- python3-dev \
- python3-pip \
- python3-venv"
- RUN --mount type=cache,target=/root/.cache \
- python3 -m venv --upgrade-deps --system-site-packages /var/lib/openstack
- COPY \
- (+requirements/upper-constraints.txt --RELEASE=${RELEASE}) \
- /upper-constraints.txt
- DO +PIP_INSTALL --PACKAGES "cryptography pymysql python-binary-memcached python-memcached uwsgi"
-
-image:
- ARG --required RELEASE
- FROM ../cloud-archive-base+image --RELEASE=${RELEASE}
- ENV PATH=/var/lib/openstack/bin:$PATH
- ARG --required PROJECT
- DO ../+CREATE_PROJECT_USER --PROJECT=${PROJECT}
diff --git a/images/openstack-venv-builder/Dockerfile b/images/openstack-venv-builder/Dockerfile
new file mode 100644
index 0000000..057af96
--- /dev/null
+++ b/images/openstack-venv-builder/Dockerfile
@@ -0,0 +1,49 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+FROM registry.atmosphere.dev/library/ubuntu-cloud-archive:main AS requirements
+ADD https://releases.openstack.org/constraints/upper/master /upper-constraints.txt
+RUN <<EOF sh -xe
+sed -i '/glance-store/d' /upper-constraints.txt
+sed -i '/horizon/d' /upper-constraints.txt
+EOF
+
+FROM registry.atmosphere.dev/library/python-base:main
+RUN <<EOF bash -xe
+apt-get update -qq
+apt-get install -qq -y --no-install-recommends \
+ build-essential \
+ git \
+ libldap2-dev \
+ libpcre3-dev \
+ libsasl2-dev \
+ libssl-dev \
+ lsb-release \
+ openssh-client \
+ python3 \
+ python3-dev \
+ python3-pip \
+ python3-venv
+apt-get clean
+rm -rf /var/lib/apt/lists/*
+EOF
+RUN python3 -m venv --upgrade-deps --system-site-packages /var/lib/openstack
+COPY --from=requirements --link /upper-constraints.txt /upper-constraints.txt
+RUN pip3 install \
+ --constraint /upper-constraints.txt \
+ cryptography \
+ pymysql \
+ python-binary-memcached \
+ python-memcached \
+ uwsgi
diff --git a/images/openvswitch/Dockerfile b/images/openvswitch/Dockerfile
new file mode 100644
index 0000000..2b360ea
--- /dev/null
+++ b/images/openvswitch/Dockerfile
@@ -0,0 +1,25 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+FROM quay.io/centos/centos:stream9
+ARG OVS_SERIES=3.1
+ARG OVS_VERSION=${OVS_SERIES}.0-65
+RUN <<EOF sh -xe
+dnf -y --setopt=install_weak_deps=False --setopt=tsflags=nodocs install \
+ centos-release-nfv-openvswitch.noarch
+dnf -y --setopt=install_weak_deps=False --setopt=tsflags=nodocs install \
+ openvswitch${OVS_SERIES}-${OVS_VERSION}.el9s iptables
+dnf -y clean all
+rm -rf /var/cache/dnf
+EOF
diff --git a/images/openvswitch/Earthfile b/images/openvswitch/Earthfile
deleted file mode 100644
index 35c3b2e..0000000
--- a/images/openvswitch/Earthfile
+++ /dev/null
@@ -1,17 +0,0 @@
-VERSION 0.7
-
-ARG --global SERIES=3.1
-ARG --global VERSION=3.1.0-65
-
-platform-image:
- FROM quay.io/centos/centos:stream9
- LABEL org.opencontainers.image.source=https://github.com/vexxhost/atmosphere
- DO ../+DNF_INSTALL --PACKAGES "centos-release-nfv-openvswitch.noarch"
- DO ../+DNF_INSTALL --PACKAGES "openvswitch${SERIES}-${VERSION}.el9s iptables"
- ARG REGISTRY=ghcr.io/vexxhost/atmosphere
- SAVE IMAGE --push \
- ${REGISTRY}/openvswitch:${SERIES} \
- ${REGISTRY}/openvswitch:${VERSION}
-
-image:
- BUILD --platform linux/amd64 --platform linux/arm64 +platform-image
diff --git a/images/ovn/Dockerfile b/images/ovn/Dockerfile
new file mode 100644
index 0000000..3f99847
--- /dev/null
+++ b/images/ovn/Dockerfile
@@ -0,0 +1,44 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+FROM golang:1.20 AS ovn-kubernetes
+ARG OVN_KUBERNETES_REF=cbff639b83af00e4887b540fc06b880108662780
+ADD https://github.com/ovn-org/ovn-kubernetes.git#${OVN_KUBERNETES_REF} /src
+COPY patches/ovn-kubernetes /patches/ovn-kubernetes
+RUN git -C /src apply --verbose /patches/ovn-kubernetes/*
+RUN <<EOF bash -xe
+cd /src/go-controller
+go build -o /usr/bin/ovn-kube-util ./cmd/ovn-kube-util
+EOF
+
+FROM registry.atmosphere.dev/library/openvswitch:main
+ADD --chmod=755 https://dl.k8s.io/release/v1.29.3/bin/linux/amd64/kubectl /usr/local/bin/kubectl
+ARG OVN_SERIES=23.03
+ARG OVN_VERSION=${OVN_SERIES}.0-69
+RUN <<EOF sh -xe
+dnf -y --setopt=install_weak_deps=False --setopt=tsflags=nodocs install \
+ firewalld-filesystem hostname ovn${OVN_SERIES}-${OVN_VERSION}.el9s procps-ng
+dnf -y clean all
+rm -rf /var/cache/dnf
+EOF
+ARG OVN_COMPONENT
+RUN <<EOF sh -xe
+dnf -y --setopt=install_weak_deps=False --setopt=tsflags=nodocs install \
+ ovn${OVN_SERIES}-${OVN_COMPONENT}-${OVN_VERSION}.el9s
+dnf -y clean all
+rm -rf /var/cache/dnf
+EOF
+COPY --from=ovn-kubernetes --link /src/dist/images/ovndb-raft-functions.sh /root/ovndb-raft-functions.sh
+COPY --from=ovn-kubernetes --link /src/dist/images/ovnkube.sh /root/ovnkube.sh
+COPY --from=ovn-kubernetes --link /usr/bin/ovn-kube-util /usr/bin/ovn-kube-util
diff --git a/images/ovn/Earthfile b/images/ovn/Earthfile
deleted file mode 100644
index 327d73a..0000000
--- a/images/ovn/Earthfile
+++ /dev/null
@@ -1,47 +0,0 @@
-VERSION 0.7
-
-ARG --global SERIES=23.03
-ARG --global VERSION=23.03.0-69
-ARG --global PROJECT_REF=cbff639b83af00e4887b540fc06b880108662780
-
-ovn-kubernetes:
- FROM --platform=linux/amd64 golang:1.20
- GIT CLONE --branch ${PROJECT_REF} https://github.com/ovn-org/ovn-kubernetes /src
- WORKDIR /src
- COPY patches/ovn-kubernetes /patches
- DO ../+APT_INSTALL --PACKAGES "git"
- RUN git apply --verbose /patches/*.patch
- SAVE ARTIFACT /src/dist/images/ovndb-raft-functions.sh
- SAVE ARTIFACT /src/dist/images/ovnkube.sh
- ARG GOOS=linux
- ARG GOARCH=amd64
- RUN \
- cd /src/go-controller && \
- go build -o /build/ovn-kube-util ./cmd/ovn-kube-util
- SAVE ARTIFACT /build/ovn-kube-util
-
-component-image:
- FROM ../openvswitch+platform-image
- DO ../+DNF_INSTALL --PACKAGES "firewalld-filesystem hostname ovn${SERIES}-${VERSION}.el9s procps-ng"
- ARG --required NAME
- DO ../+DNF_INSTALL --PACKAGES "ovn${SERIES}-${NAME}-${VERSION}.el9s"
- COPY ../kubernetes+image/kubectl /usr/local/bin/kubectl
- COPY +ovn-kubernetes/ovndb-raft-functions.sh /root
- COPY +ovn-kubernetes/ovnkube.sh /root
- ARG TARGETARCH
- ARG TARGETVARIANT
- COPY (+ovn-kubernetes/ovn-kube-util --GOARCH=$TARGETARCH --VARIANT=$TARGETVARIANT) /usr/bin
- ARG REGISTRY=ghcr.io/vexxhost/atmosphere
- SAVE IMAGE --push \
- ${REGISTRY}/ovn-${NAME}:${SERIES} \
- ${REGISTRY}/ovn-${NAME}:${VERSION}
-
-central:
- BUILD +component-image --NAME central
-
-host:
- BUILD +component-image --NAME host
-
-images:
- BUILD +central
- BUILD --platform linux/amd64 --platform linux/arm64 +host
diff --git a/images/placement/Dockerfile b/images/placement/Dockerfile
new file mode 100644
index 0000000..d729d15
--- /dev/null
+++ b/images/placement/Dockerfile
@@ -0,0 +1,26 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+FROM registry.atmosphere.dev/library/openstack-venv-builder:main AS build
+ARG PLACEMENT_GIT_REF=96a9aeb3b4a6ffff5bbf247b213409395239fc7a
+ADD --keep-git-dir=true https://opendev.org/openstack/placement.git#${PLACEMENT_GIT_REF} /src/placement
+RUN git -C /src/placement fetch --unshallow
+RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private <<EOF bash -xe
+pip3 install \
+ --constraint /upper-constraints.txt \
+ /src/placement
+EOF
+
+FROM registry.atmosphere.dev/library/openstack-python-runtime:main
+COPY --from=build --link /var/lib/openstack /var/lib/openstack
diff --git a/images/placement/Earthfile b/images/placement/Earthfile
deleted file mode 100644
index 5719453..0000000
--- a/images/placement/Earthfile
+++ /dev/null
@@ -1,19 +0,0 @@
-VERSION 0.7
-
-ARG --global PROJECT=placement
-ARG --global RELEASE=2023.2
-ARG --global PROJECT_REF=a361622d749d3b24aad638ec1b03a7d7124a87b3
-
-build:
- FROM ../openstack-service+builder --RELEASE=${RELEASE}
- DO ../openstack-service+BUILD_VENV \
- --PROJECT=${PROJECT} \
- --PROJECT_REF=${PROJECT_REF}
-
-image:
- FROM ../openstack-service+image --RELEASE ${RELEASE} --PROJECT ${PROJECT}
- COPY +build/venv /var/lib/openstack
- ARG REGISTRY=ghcr.io/vexxhost/atmosphere
- SAVE IMAGE --push \
- ${REGISTRY}/${PROJECT}:${RELEASE} \
- ${REGISTRY}/${PROJECT}:${PROJECT_REF}
diff --git a/zuul.d/playbooks/buildset-registry/pre.yml b/images/python-base/Dockerfile
similarity index 61%
copy from zuul.d/playbooks/buildset-registry/pre.yml
copy to images/python-base/Dockerfile
index 81304bb..c098401 100644
--- a/zuul.d/playbooks/buildset-registry/pre.yml
+++ b/images/python-base/Dockerfile
@@ -12,9 +12,15 @@
# License for the specific language governing permissions and limitations
# under the License.
-- name: Prepare host for building images
- hosts: all
- roles:
- - ensure-docker
- - run-buildset-registry
- - use-buildset-registry
+FROM registry.atmosphere.dev/library/ubuntu-cloud-archive:main
+ENV PATH=/var/lib/openstack/bin:$PATH
+RUN \
+ apt-get update -qq && \
+ apt-get install -qq -y --no-install-recommends \
+ ca-certificates \
+ libpython3.10 \
+ lsb-release \
+ python3-distutils \
+ sudo && \
+ apt-get clean && \
+ rm -rf /var/lib/apt/lists/*
diff --git a/images/senlin/Dockerfile b/images/senlin/Dockerfile
new file mode 100644
index 0000000..3f5490b
--- /dev/null
+++ b/images/senlin/Dockerfile
@@ -0,0 +1,26 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+FROM registry.atmosphere.dev/library/openstack-venv-builder:main AS build
+ARG SENLIN_GIT_REF=ec5fae997686c64c3c1192b231b2434e6a6aeb1c
+ADD --keep-git-dir=true https://opendev.org/openstack/senlin.git#${SENLIN_GIT_REF} /src/senlin
+RUN git -C /src/senlin fetch --unshallow
+RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private <<EOF bash -xe
+pip3 install \
+ --constraint /upper-constraints.txt \
+ /src/senlin
+EOF
+
+FROM registry.atmosphere.dev/library/openstack-python-runtime:main
+COPY --from=build --link /var/lib/openstack /var/lib/openstack
diff --git a/images/senlin/Earthfile b/images/senlin/Earthfile
deleted file mode 100644
index 6d0e3de..0000000
--- a/images/senlin/Earthfile
+++ /dev/null
@@ -1,19 +0,0 @@
-VERSION 0.7
-
-ARG --global PROJECT=senlin
-ARG --global RELEASE=2023.2
-ARG --global PROJECT_REF=5382259276d6be6807634c58c7b69b03b57ad6f5
-
-build:
- FROM ../openstack-service+builder --RELEASE=${RELEASE}
- DO ../openstack-service+BUILD_VENV \
- --PROJECT=${PROJECT} \
- --PROJECT_REF=${PROJECT_REF}
-
-image:
- FROM ../openstack-service+image --RELEASE ${RELEASE} --PROJECT ${PROJECT}
- COPY +build/venv /var/lib/openstack
- ARG REGISTRY=ghcr.io/vexxhost/atmosphere
- SAVE IMAGE --push \
- ${REGISTRY}/${PROJECT}:${RELEASE} \
- ${REGISTRY}/${PROJECT}:${PROJECT_REF}
diff --git a/images/staffeln/Dockerfile b/images/staffeln/Dockerfile
new file mode 100644
index 0000000..167c978
--- /dev/null
+++ b/images/staffeln/Dockerfile
@@ -0,0 +1,26 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+FROM registry.atmosphere.dev/library/openstack-venv-builder:main AS build
+ARG STAFFELN_GIT_REF=v2.2.3
+ADD --keep-git-dir=true https://github.com/vexxhost/staffeln.git#${STAFFELN_GIT_REF} /src/staffeln
+RUN git -C /src/staffeln fetch --unshallow
+RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private <<EOF bash -xe
+pip3 install \
+ --constraint /upper-constraints.txt \
+ /src/staffeln
+EOF
+
+FROM registry.atmosphere.dev/library/openstack-python-runtime:main
+COPY --from=build --link /var/lib/openstack /var/lib/openstack
diff --git a/images/staffeln/Earthfile b/images/staffeln/Earthfile
deleted file mode 100644
index 8cef127..0000000
--- a/images/staffeln/Earthfile
+++ /dev/null
@@ -1,20 +0,0 @@
-VERSION 0.7
-
-ARG --global PROJECT=staffeln
-ARG --global RELEASE=master
-ARG --global PROJECT_REF=v2.2.3
-
-build:
- FROM ../openstack-service+builder --RELEASE=${RELEASE}
- DO ../openstack-service+BUILD_VENV \
- --PROJECT=${PROJECT} \
- --PROJECT_REPO=https://github.com/vexxhost/${PROJECT} \
- --PROJECT_REF=${PROJECT_REF}
-
-image:
- FROM ../openstack-service+image --RELEASE ${RELEASE} --PROJECT ${PROJECT}
- COPY +build/venv /var/lib/openstack
- ARG REGISTRY=ghcr.io/vexxhost/atmosphere
- SAVE IMAGE --push \
- ${REGISTRY}/${PROJECT}:${RELEASE} \
- ${REGISTRY}/${PROJECT}:${PROJECT_REF}
diff --git a/images/tempest/Dockerfile b/images/tempest/Dockerfile
new file mode 100644
index 0000000..5c40c75
--- /dev/null
+++ b/images/tempest/Dockerfile
@@ -0,0 +1,60 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+FROM golang:1.18 AS octavia-test-server
+ADD --keep-git-dir=true https://opendev.org/openstack/octavia-tempest-plugin.git#master /src
+RUN GO111MODULE=off CGO_ENABLED=0 GOOS=linux go build \
+ -a -ldflags '-s -w -extldflags -static' \
+ -o /build/test_server.bin \
+ /src/octavia_tempest_plugin/contrib/test_server/test_server.go
+
+FROM registry.atmosphere.dev/library/openstack-venv-builder:main AS build
+ARG TEMPEST_GIT_REF=c0da6e843a74c2392c8e87e8ff36d2fea12949c4
+ADD --keep-git-dir=true https://opendev.org/openstack/tempest.git#${TEMPEST_GIT_REF} /src/tempest
+RUN git -C /src/tempest fetch --unshallow
+ADD --keep-git-dir=true https://opendev.org/openstack/barbican-tempest-plugin.git#master /src/barbican-tempest-plugin
+RUN git -C /src/barbican-tempest-plugin fetch --unshallow
+ADD --keep-git-dir=true https://opendev.org/openstack/cinder-tempest-plugin.git#master /src/cinder-tempest-plugin
+RUN git -C /src/cinder-tempest-plugin fetch --unshallow
+ADD --keep-git-dir=true https://opendev.org/openstack/heat-tempest-plugin.git#master /src/heat-tempest-plugin
+RUN git -C /src/heat-tempest-plugin fetch --unshallow
+ADD --keep-git-dir=true https://opendev.org/openstack/keystone-tempest-plugin.git#master /src/keystone-tempest-plugin
+RUN git -C /src/keystone-tempest-plugin fetch --unshallow
+ADD --keep-git-dir=true https://opendev.org/openstack/neutron-tempest-plugin.git#master /src/neutron-tempest-plugin
+RUN git -C /src/neutron-tempest-plugin fetch --unshallow
+ADD --keep-git-dir=true https://opendev.org/openstack/octavia-tempest-plugin.git#master /src/octavia-tempest-plugin
+RUN git -C /src/octavia-tempest-plugin fetch --unshallow
+ADD https://releases.openstack.org/constraints/upper/master /upper-constraints.txt
+RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private <<EOF bash -xe
+pip3 install \
+ --constraint /upper-constraints.txt \
+ /src/tempest \
+ /src/barbican-tempest-plugin \
+ /src/cinder-tempest-plugin \
+ /src/heat-tempest-plugin \
+ /src/keystone-tempest-plugin \
+ /src/neutron-tempest-plugin \
+ /src/octavia-tempest-plugin
+EOF
+
+FROM registry.atmosphere.dev/library/openstack-python-runtime:main
+RUN <<EOF bash -xe
+apt-get update -qq
+apt-get install -qq -y --no-install-recommends \
+ iputils-ping openssh-client
+apt-get clean
+rm -rf /var/lib/apt/lists/*
+EOF
+COPY --from=octavia-test-server --link /build/test_server.bin /opt/octavia-tempest-plugin/test_server.bin
+COPY --from=build --link /var/lib/openstack /var/lib/openstack
diff --git a/images/tempest/Earthfile b/images/tempest/Earthfile
deleted file mode 100644
index 02866ca..0000000
--- a/images/tempest/Earthfile
+++ /dev/null
@@ -1,49 +0,0 @@
-VERSION 0.7
-
-ARG --global PROJECT=tempest
-ARG --global RELEASE=master
-ARG --global PROJECT_REF=699749ec27897efe9bd7824664237c16c3339c03
-
-build.plugin:
- ARG PLUGIN
- FROM ../openstack-service+builder --RELEASE=${RELEASE}
- DO ../openstack-service+GIT_CHECKOUT \
- --PROJECT=${PLUGIN} \
- --PROJECT_REF=${RELEASE}
- SAVE ARTIFACT /src
-
-octavia-test-server:
- FROM golang:1.18
- COPY (+build.plugin/src --PLUGIN=octavia-tempest-plugin) /src
- ENV GO111MODULE=off
- ENV CGO_ENABLED=0
- ENV GOOS=linux
- RUN go build \
- -a -ldflags '-s -w -extldflags -static' \
- -o /build/test_server.bin \
- /src/octavia_tempest_plugin/contrib/test_server/test_server.go
- SAVE ARTIFACT /build/test_server.bin
-
-build:
- FROM ../openstack-service+builder --RELEASE=${RELEASE}
- COPY (+build.plugin/src --PLUGIN=barbican-tempest-plugin) /barbican-tempest-plugin
- COPY (+build.plugin/src --PLUGIN=cinder-tempest-plugin) /cinder-tempest-plugin
- COPY (+build.plugin/src --PLUGIN=heat-tempest-plugin) /heat-tempest-plugin
- COPY (+build.plugin/src --PLUGIN=keystone-tempest-plugin) /keystone-tempest-plugin
- COPY (+build.plugin/src --PLUGIN=neutron-tempest-plugin) /neutron-tempest-plugin
- COPY (+build.plugin/src --PLUGIN=octavia-tempest-plugin) /octavia-tempest-plugin
- DO ../openstack-service+BUILD_VENV \
- --PROJECT=${PROJECT} \
- --PROJECT_REF=${PROJECT_REF} \
- --PIP_PACKAGES="/barbican-tempest-plugin /cinder-tempest-plugin /heat-tempest-plugin /keystone-tempest-plugin /neutron-tempest-plugin /octavia-tempest-plugin junitxml"
-
-image:
- FROM ../openstack-service+image --RELEASE ${RELEASE} --PROJECT ${PROJECT}
- COPY +octavia-test-server/test_server.bin /opt/octavia-tempest-plugin/test_server.bin
- COPY +build/venv /var/lib/openstack
- DO ../+APT_INSTALL \
- --PACKAGES "iputils-ping openssh-client"
- ARG REGISTRY=ghcr.io/vexxhost/atmosphere
- SAVE IMAGE --push \
- ${REGISTRY}/${PROJECT}:${RELEASE} \
- ${REGISTRY}/${PROJECT}:${PROJECT_REF}
diff --git a/images/trivy/.trivyignore b/images/trivy/.trivyignore
deleted file mode 100644
index 5057f16..0000000
--- a/images/trivy/.trivyignore
+++ /dev/null
@@ -1,17 +0,0 @@
-# NOTE(mnaser): OpenStack used to be versioned based on years and Trivy gets
-# confused since something like 2014.1.3 > 23.0.1.dev6 therefore
-# we ignore those old CVEs.
-CVE-2012-3542
-CVE-2012-4413
-CVE-2013-2256
-CVE-2013-4179
-CVE-2014-3517
-CVE-2014-3608
-CVE-2014-3641
-CVE-2014-3708
-CVE-2015-0259
-CVE-2015-3221
-CVE-2015-3280
-CVE-2015-5251
-CVE-2015-5286
-CVE-2015-7713
diff --git a/images/trivy/Earthfile b/images/trivy/Earthfile
deleted file mode 100644
index 8f68625..0000000
--- a/images/trivy/Earthfile
+++ /dev/null
@@ -1,8 +0,0 @@
-VERSION 0.7
-
-image:
- FROM aquasec/trivy:0.48.3
- COPY .trivyignore /.trivyignore
- # TODO(mnaser): Add automatic updates
- RUN trivy image --download-db-only
- RUN trivy image --download-java-db-only
diff --git a/zuul.d/playbooks/buildset-registry/pre.yml b/images/ubuntu-cloud-archive/Dockerfile
similarity index 67%
copy from zuul.d/playbooks/buildset-registry/pre.yml
copy to images/ubuntu-cloud-archive/Dockerfile
index 81304bb..ed2ec3a 100644
--- a/zuul.d/playbooks/buildset-registry/pre.yml
+++ b/images/ubuntu-cloud-archive/Dockerfile
@@ -12,9 +12,8 @@
# License for the specific language governing permissions and limitations
# under the License.
-- name: Prepare host for building images
- hosts: all
- roles:
- - ensure-docker
- - run-buildset-registry
- - use-buildset-registry
+FROM registry.atmosphere.dev/library/ubuntu:main
+COPY trusted.gpg.d/ubuntu-cloud-keyring.gpg /etc/apt/trusted.gpg.d/ubuntu-cloud-keyring.gpg
+COPY <<EOF /etc/apt/sources.list.d/cloudarchive.list
+deb http://ubuntu-cloud.archive.canonical.com/ubuntu jammy-updates/caracal main
+EOF
diff --git a/images/ubuntu-cloud-archive/trusted.gpg.d/ubuntu-cloud-keyring.gpg b/images/ubuntu-cloud-archive/trusted.gpg.d/ubuntu-cloud-keyring.gpg
new file mode 100644
index 0000000..b59c283
--- /dev/null
+++ b/images/ubuntu-cloud-archive/trusted.gpg.d/ubuntu-cloud-keyring.gpg
Binary files differ
diff --git a/zuul.d/playbooks/buildset-registry/pre.yml b/images/ubuntu/Dockerfile
similarity index 79%
rename from zuul.d/playbooks/buildset-registry/pre.yml
rename to images/ubuntu/Dockerfile
index 81304bb..1ad0fc5 100644
--- a/zuul.d/playbooks/buildset-registry/pre.yml
+++ b/images/ubuntu/Dockerfile
@@ -12,9 +12,5 @@
# License for the specific language governing permissions and limitations
# under the License.
-- name: Prepare host for building images
- hosts: all
- roles:
- - ensure-docker
- - run-buildset-registry
- - use-buildset-registry
+FROM ubuntu:jammy-20240227
+LABEL org.opencontainers.image.source=https://github.com/vexxhost/atmosphere
diff --git a/patches/2023.2/magnum/.gitkeep b/patches/2023.2/magnum/.gitkeep
deleted file mode 100644
index e69de29..0000000
--- a/patches/2023.2/magnum/.gitkeep
+++ /dev/null
diff --git a/patches/zed/magnum/0000-Fix-Trust-token-scope-for-drivers.patch b/patches/zed/magnum/0000-Fix-Trust-token-scope-for-drivers.patch
deleted file mode 100644
index 1a61a5c..0000000
--- a/patches/zed/magnum/0000-Fix-Trust-token-scope-for-drivers.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-From 258fbb75be8a004d2ab092502f58508c95de6e84 Mon Sep 17 00:00:00 2001
-From: ricolin <rlin@vexxhost.com>
-Date: Fri, 21 Jul 2023 10:54:23 +0800
-Subject: [PATCH] Fix Trust token scope for drivers
-
-This fix driver token scope to make sure we use correct token
-scope from Trust.
-
-Change-Id: If5b31951959c7a141dc1cae5fefcabe4ebf438b3
-(cherry picked from commit eca79453c0097b0f63019821d3c2e9ecacebf784)
----
-
-diff --git a/magnum/drivers/common/templates/kubernetes/fragments/make-cert-client.sh b/magnum/drivers/common/templates/kubernetes/fragments/make-cert-client.sh
-index 1e4cf14..e7debbc 100644
---- a/magnum/drivers/common/templates/kubernetes/fragments/make-cert-client.sh
-+++ b/magnum/drivers/common/templates/kubernetes/fragments/make-cert-client.sh
-@@ -62,6 +62,11 @@
- "password": "$TRUSTEE_PASSWORD"
- }
- }
-+ },
-+ "scope": {
-+ "OS-TRUST:trust": {
-+ "id": "$TRUST_ID"
-+ }
- }
- }
- }
-diff --git a/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh b/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh
-index 84bf839..d28149b 100644
---- a/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh
-+++ b/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh
-@@ -98,6 +98,11 @@
- "password": "$TRUSTEE_PASSWORD"
- }
- }
-+ },
-+ "scope": {
-+ "OS-TRUST:trust": {
-+ "id": "$TRUST_ID"
-+ }
- }
- }
- }
-diff --git a/magnum/drivers/common/templates/swarm/fragments/make-cert.py b/magnum/drivers/common/templates/swarm/fragments/make-cert.py
-index bd8cbd7..258ae6a 100644
---- a/magnum/drivers/common/templates/swarm/fragments/make-cert.py
-+++ b/magnum/drivers/common/templates/swarm/fragments/make-cert.py
-@@ -161,6 +161,11 @@
- "password": "%(trustee_password)s"
- }
- }
-+ },
-+ "scope": {
-+ "OS-TRUST:trust": {
-+ "id": "$(trust_id)s"
-+ }
- }
- }
- }
-@@ -168,6 +173,7 @@
- params = {
- 'trustee_user_id': config['TRUSTEE_USER_ID'],
- 'trustee_password': config['TRUSTEE_PASSWORD'],
-+ 'trust_id': config['TRUST_ID'],
- }
- creds = creds_str % params
- headers = {'Content-Type': 'application/json'}
-diff --git a/magnum/drivers/k8s_coreos_v1/templates/fragments/make-cert-client.yaml b/magnum/drivers/k8s_coreos_v1/templates/fragments/make-cert-client.yaml
-index dc910bf..846f49b 100644
---- a/magnum/drivers/k8s_coreos_v1/templates/fragments/make-cert-client.yaml
-+++ b/magnum/drivers/k8s_coreos_v1/templates/fragments/make-cert-client.yaml
-@@ -73,6 +73,11 @@
- "password": "$TRUSTEE_PASSWORD"
- }
- }
-+ },
-+ "scope": {
-+ "OS-TRUST:trust": {
-+ "id": "$TRUST_ID"
-+ }
- }
- }
- }
-diff --git a/magnum/drivers/k8s_coreos_v1/templates/fragments/make-cert.yaml b/magnum/drivers/k8s_coreos_v1/templates/fragments/make-cert.yaml
-index 8ef1128..d9191bd 100644
---- a/magnum/drivers/k8s_coreos_v1/templates/fragments/make-cert.yaml
-+++ b/magnum/drivers/k8s_coreos_v1/templates/fragments/make-cert.yaml
-@@ -104,6 +104,11 @@
- "password": "$TRUSTEE_PASSWORD"
- }
- }
-+ },
-+ "scope": {
-+ "OS-TRUST:trust": {
-+ "id": "$TRUST_ID"
-+ }
- }
- }
- }
diff --git a/roles/defaults/vars/main.yml b/roles/defaults/vars/main.yml
index 85daadf..e77fe86 100644
--- a/roles/defaults/vars/main.yml
+++ b/roles/defaults/vars/main.yml
@@ -13,189 +13,189 @@
# under the License.
_atmosphere_images:
- alertmanager: quay.io/prometheus/alertmanager:v0.27.0@sha256:e13b6ed5cb929eeaee733479dce55e10eb3bc2e9c4586c705a4e8da41e5eacf5
- barbican_api: registry.atmosphere.dev/library/barbican:2023.2@sha256:836d31f3d9b88d7da006478b9d0cd79390b5726042e31d27824599c7fe97acc9
- barbican_db_sync: registry.atmosphere.dev/library/barbican:2023.2@sha256:836d31f3d9b88d7da006478b9d0cd79390b5726042e31d27824599c7fe97acc9
- bootstrap: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a
- ceph_config_helper: ghcr.io/vexxhost/atmosphere/libvirtd:zed@sha256:5f349c9842535c27edbf94be42e4b5c07aa0ff62358cec4b61b1357554e9cf9c
- ceph: quay.io/ceph/ceph:v16.2.11@sha256:1b9803c8984bef8b82f05e233e8fe8ed8f0bba8e5cc2c57f6efaccbeea682add
- cert_manager_cainjector: quay.io/jetstack/cert-manager-cainjector:v1.7.1@sha256:985743eeed2b62f68ee06e583f1d5a371e1c35af4b1980a1b2571d29174cce47
- cert_manager_cli: quay.io/jetstack/cert-manager-ctl:v1.7.1@sha256:af84513925d86d2de456b5d67dbccd2a34d93aa6fd4e1c8fe9f84182fef1b1b1
- cert_manager_controller: quay.io/jetstack/cert-manager-controller:v1.7.1@sha256:51027a4cc4d30e197e3506daf3a4fa2d2a0bc2826469f8a87848dfd279e031c0
- cert_manager_webhook: quay.io/jetstack/cert-manager-webhook:v1.7.1@sha256:a926d60b6f23553ca5d11ac9cd66bcc692136e838613c8bc0d60c6c35a3cbcfc
- cilium_node: quay.io/cilium/cilium:v1.14.8@sha256:7fca3ba4b04af066e8b086b5c1a52e30f52db01ffc642e7db0a439514aed3ada
- cilium_operator: quay.io/cilium/operator-generic:v1.14.8@sha256:56d373c12483c09964a00a29246595917603a077a298aa90a98e4de32c86b7dc
- cinder_api: ghcr.io/vexxhost/atmosphere/cinder:2023.2@sha256:33fa168ec380d7f7f9aa144df2c63004403575c547462ab83198b31ddbbef73e
- cinder_backup_storage_init: ghcr.io/vexxhost/atmosphere/cinder:2023.2@sha256:33fa168ec380d7f7f9aa144df2c63004403575c547462ab83198b31ddbbef73e
- cinder_backup: ghcr.io/vexxhost/atmosphere/cinder:2023.2@sha256:33fa168ec380d7f7f9aa144df2c63004403575c547462ab83198b31ddbbef73e
- cinder_db_sync: ghcr.io/vexxhost/atmosphere/cinder:2023.2@sha256:33fa168ec380d7f7f9aa144df2c63004403575c547462ab83198b31ddbbef73e
- cinder_scheduler: ghcr.io/vexxhost/atmosphere/cinder:2023.2@sha256:33fa168ec380d7f7f9aa144df2c63004403575c547462ab83198b31ddbbef73e
- cinder_storage_init: ghcr.io/vexxhost/atmosphere/cinder:2023.2@sha256:33fa168ec380d7f7f9aa144df2c63004403575c547462ab83198b31ddbbef73e
- cinder_volume_usage_audit: ghcr.io/vexxhost/atmosphere/cinder:2023.2@sha256:33fa168ec380d7f7f9aa144df2c63004403575c547462ab83198b31ddbbef73e
- cinder_volume: ghcr.io/vexxhost/atmosphere/cinder:2023.2@sha256:33fa168ec380d7f7f9aa144df2c63004403575c547462ab83198b31ddbbef73e
- cluster_api_controller: registry.k8s.io/cluster-api/cluster-api-controller:v1.6.0@sha256:211632c5b695212bce78e0d35da5eb7b7672a3b2ff598883f8c60ebb557a7185
- cluster_api_kubeadm_bootstrap_controller: registry.k8s.io/cluster-api/kubeadm-bootstrap-controller:v1.6.0@sha256:956876ee8825038b12133352686d86585afa2feb22ca3bf9e437659862db2d43
- cluster_api_kubeadm_control_plane_controller: registry.k8s.io/cluster-api/kubeadm-control-plane-controller:v1.6.0@sha256:2c4ee52a70e19a0d2b55783bc72d6a63fca84f5da76a9dd1aef2630491277e6f
- cluster_api_openstack_controller: registry.k8s.io/capi-openstack/capi-openstack-controller:v0.9.0@sha256:d5d5df3695d8b8785ac4ef00497ce0b969ff7dc291cb1647581bd2265b85cf51
- csi_node_driver_registrar: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.4.0@sha256:0174bf20d7ad8e9f131a045802ef1c43b4592a2ebc18ba07972b1ce8858d9cb7
- csi_rbd_attacher: registry.k8s.io/sig-storage/csi-attacher:v3.4.0@sha256:adc2922c98c539f680c02af99042d968114746f973a49b529785d6b402134bbf
- csi_rbd_plugin: quay.io/cephcsi/cephcsi:v3.5.1@sha256:28a674af1df2325fea415e32a7f93f083fce1f9c474912c45f025427fdc0aa10
- csi_rbd_provisioner: registry.k8s.io/sig-storage/csi-provisioner:v3.1.0@sha256:92107bb668a9de58a09247596c337bc5b46a1d145685eb55ef489ae16952f5bd
- csi_rbd_resizer: registry.k8s.io/sig-storage/csi-resizer:v1.3.0@sha256:35ec0c736ec8266bd4a46f9e942315f148f3139beed99879d0ad8b8e5074d641
- csi_rbd_snapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v4.2.0@sha256:bd7dafbd0d4fe81f23f01c9a7432de067bdf085f70d61492f5ffddd9c5264358
- db_drop: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a
- db_init: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a
- dep_check: ghcr.io/vexxhost/atmosphere/kubernetes-entrypoint:latest@sha256:0c986164554331d5361f100a505695a45d9a7f63f8fb40f29a5ee026ce28b8b2
- designate_api: ghcr.io/vexxhost/atmosphere/designate:2023.2@sha256:cddae1e127cb570e8db3e155559b89307cdb7a5b65ace986c12fe3610ea03d9a
- designate_central: ghcr.io/vexxhost/atmosphere/designate:2023.2@sha256:cddae1e127cb570e8db3e155559b89307cdb7a5b65ace986c12fe3610ea03d9a
- designate_db_sync: ghcr.io/vexxhost/atmosphere/designate:2023.2@sha256:cddae1e127cb570e8db3e155559b89307cdb7a5b65ace986c12fe3610ea03d9a
- designate_mdns: ghcr.io/vexxhost/atmosphere/designate:2023.2@sha256:cddae1e127cb570e8db3e155559b89307cdb7a5b65ace986c12fe3610ea03d9a
- designate_producer: ghcr.io/vexxhost/atmosphere/designate:2023.2@sha256:cddae1e127cb570e8db3e155559b89307cdb7a5b65ace986c12fe3610ea03d9a
- designate_sink: ghcr.io/vexxhost/atmosphere/designate:2023.2@sha256:cddae1e127cb570e8db3e155559b89307cdb7a5b65ace986c12fe3610ea03d9a
- designate_worker: ghcr.io/vexxhost/atmosphere/designate:2023.2@sha256:cddae1e127cb570e8db3e155559b89307cdb7a5b65ace986c12fe3610ea03d9a
- glance_api: ghcr.io/vexxhost/atmosphere/glance:2023.2@sha256:1b127d8bb8f5384050d0acabe623fa8fdb0bba7b6d31a43be68402916723fb1b
- glance_db_sync: ghcr.io/vexxhost/atmosphere/glance:2023.2@sha256:1b127d8bb8f5384050d0acabe623fa8fdb0bba7b6d31a43be68402916723fb1b
- glance_metadefs_load: ghcr.io/vexxhost/atmosphere/glance:2023.2@sha256:1b127d8bb8f5384050d0acabe623fa8fdb0bba7b6d31a43be68402916723fb1b
- glance_registry: ghcr.io/vexxhost/atmosphere/glance:2023.2@sha256:1b127d8bb8f5384050d0acabe623fa8fdb0bba7b6d31a43be68402916723fb1b
- glance_storage_init: ghcr.io/vexxhost/atmosphere/glance:2023.2@sha256:1b127d8bb8f5384050d0acabe623fa8fdb0bba7b6d31a43be68402916723fb1b
- grafana_sidecar: quay.io/kiwigrid/k8s-sidecar:1.26.1@sha256:b8d5067137fec093cf48670dc3a1dbb38f9e734f3a6683015c2e89a45db5fd16
- grafana: docker.io/grafana/grafana:10.4.0@sha256:f9811e4e687ffecf1a43adb9b64096c50bc0d7a782f8608530f478b6542de7d5
- haproxy: docker.io/library/haproxy:2.5@sha256:489dcc4385fd45813f3e9252b2f1f440db5749e4845d560250ce5083cc45eeb0
- heat_api: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a
- heat_cfn: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a
- heat_cloudwatch: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a
- heat_db_sync: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a
- heat_engine_cleaner: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a
- heat_engine: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a
- heat_purge_deleted: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a
- horizon_db_sync: ghcr.io/vexxhost/atmosphere/horizon:2023.2@sha256:8b8cae26a00725c110bc597840925b66d942e2dd31335334dd8fb9ef3591f494
- horizon: ghcr.io/vexxhost/atmosphere/horizon:2023.2@sha256:8b8cae26a00725c110bc597840925b66d942e2dd31335334dd8fb9ef3591f494
- ingress_nginx_controller: registry.k8s.io/ingress-nginx/controller:v1.1.1@sha256:e16123f3932f44a2bba8bc3cf1c109cea4495ee271d6d16ab99228b58766d3ab
- ingress_nginx_default_backend: registry.k8s.io/defaultbackend-amd64:1.5@sha256:4dc5e07c8ca4e23bddb3153737d7b8c556e5fb2f29c4558b7cd6e6df99c512c7
- ingress_nginx_kube_webhook_certgen: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:23a03c9c381fba54043d0f6148efeaf4c1ca2ed176e43455178b5c5ebf15ad70 # noqa: yaml[line-length]
- keepalived: us-docker.pkg.dev/vexxhost-infra/openstack/keepalived:2.0.19@sha256:4fe20cd5c200e301e1a790c9aca8c3fc651c8461afea9d37c56a462d3bfa48bb
- keycloak: quay.io/keycloak/keycloak:22.0.1-0@sha256:5b872e841ea9e394d89bdf250146434532d9c2001404540d46621d60f87494e7
- keystone_api: ghcr.io/vexxhost/atmosphere/keystone:2023.2@sha256:edb33b454d1dd0514c5f72613dddec2505e6b103aa7d5e56cb5e9eade119a33a
- keystone_credential_cleanup: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a
- keystone_credential_rotate: ghcr.io/vexxhost/atmosphere/keystone:2023.2@sha256:edb33b454d1dd0514c5f72613dddec2505e6b103aa7d5e56cb5e9eade119a33a
- keystone_credential_setup: ghcr.io/vexxhost/atmosphere/keystone:2023.2@sha256:edb33b454d1dd0514c5f72613dddec2505e6b103aa7d5e56cb5e9eade119a33a
- keystone_db_sync: ghcr.io/vexxhost/atmosphere/keystone:2023.2@sha256:edb33b454d1dd0514c5f72613dddec2505e6b103aa7d5e56cb5e9eade119a33a
- keystone_domain_manage: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a
- keystone_fernet_rotate: ghcr.io/vexxhost/atmosphere/keystone:2023.2@sha256:edb33b454d1dd0514c5f72613dddec2505e6b103aa7d5e56cb5e9eade119a33a
- keystone_fernet_setup: ghcr.io/vexxhost/atmosphere/keystone:2023.2@sha256:edb33b454d1dd0514c5f72613dddec2505e6b103aa7d5e56cb5e9eade119a33a
- ks_endpoints: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a
- ks_service: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a
- ks_user: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a
- kube_apiserver: registry.k8s.io/kube-apiserver:v1.22.17@sha256:d88d1c8f972e10ff4b4176f3185434e2832d3805c457fa9e8816f1da2fdf3b93
- kube_controller_manager: registry.k8s.io/kube-controller-manager:v1.22.17@sha256:c3e041c8c8c9ffd33d421c8c1de1f42da52b616bfcf61880498e9efc9ec88005
- kube_coredns: registry.k8s.io/coredns/coredns:v1.8.4@sha256:10683d82b024a58cc248c468c2632f9d1b260500f7cd9bb8e73f751048d7d6d4
- kube_etcd: registry.k8s.io/etcd:3.5.6-0@sha256:b0fdb657c0bd10d8c96ed2ce762842384709a9fc54d532220d5252f1f99b4d1d
- kube_proxy: registry.k8s.io/kube-proxy:v1.22.17@sha256:614ec43f14e16e077173afa61ee355f8a5d1cc5b1c5e8030766781dc5ccde171
- kube_scheduler: registry.k8s.io/kube-scheduler:v1.22.17@sha256:f85dda445b7c8da197b8e39b0ca2b125b1e97a4a365d45c04d2759aefe935974
- kube_state_metrics: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.12.0@sha256:b401fae262a5decf83c4311083f8efb4d6ca7b6a733e57b95344cb8dccd14e11
- kubectl: docker.io/bitnami/kubectl:1.27.3@sha256:876cebc2d9272d9eb42c2128c9a08c7e7715dbfe4f2eb2f0b3612df977fdd6b7
- libvirt: ghcr.io/vexxhost/atmosphere/libvirtd:zed@sha256:5f349c9842535c27edbf94be42e4b5c07aa0ff62358cec4b61b1357554e9cf9c
- libvirt_tls_sidecar: ghcr.io/vexxhost/atmosphere/libvirt-tls-sidecar:latest@sha256:32dab069c0c70e46a6bff5f0fd75ca646af4c4b46c83947c31804c30e8befec6
- libvirt_exporter: docker.io/vexxhost/libvirtd-exporter:latest@sha256:1a0fdf89f80060bfdbb8cf45213295c5d9fb1f7ea7dbfe2b331f0649cc98df8e
- local_path_provisioner_helper: docker.io/library/busybox:1.36.0@sha256:086417a48026173aaadca4ce43a1e4b385e8e62cc738ba79fc6637049674cac0
- local_path_provisioner: docker.io/rancher/local-path-provisioner:v0.0.24@sha256:b7dea5221f06f6feed7788db0ad6b024a433c8f55533bd6cc792dc2079ff9ad2
- loki_gateway: docker.io/nginxinc/nginx-unprivileged:1.24-alpine@sha256:862228ca29402123e1dfae2704b14a6939326a3a7a5582a7cfbc3552f4a4987b
- loki: docker.io/grafana/loki:2.9.6@sha256:6ca6e2cd3b6f45e0eb298da2920610fde63ecd8ab6c595d9c941c8559d1d9407
- magnum_api: registry.atmosphere.dev/library/magnum:2023.2@sha256:5cc8854c18d5590238f9bfa28b8a4c9a07e0b1c9e69e9a9874fe78fef58454ff
- magnum_cluster_api_proxy: registry.atmosphere.dev/library/magnum:2023.2@sha256:5cc8854c18d5590238f9bfa28b8a4c9a07e0b1c9e69e9a9874fe78fef58454ff
- magnum_conductor: registry.atmosphere.dev/library/magnum:2023.2@sha256:5cc8854c18d5590238f9bfa28b8a4c9a07e0b1c9e69e9a9874fe78fef58454ff
- magnum_db_sync: registry.atmosphere.dev/library/magnum:2023.2@sha256:5cc8854c18d5590238f9bfa28b8a4c9a07e0b1c9e69e9a9874fe78fef58454ff
- magnum_registry: quay.io/vexxhost/magnum-cluster-api-registry:latest@sha256:caba380e193264f047651728cbc7905e87d7eee846d8576778b5e7d824ec609d
- manila_api: ghcr.io/vexxhost/atmosphere/manila:2023.2@sha256:c14e65aca5d474fede5be312ce8bdb2d8bedb9841ac138f53bad5882f3f0f31c
- manila_data: ghcr.io/vexxhost/atmosphere/manila:2023.2@sha256:c14e65aca5d474fede5be312ce8bdb2d8bedb9841ac138f53bad5882f3f0f31c
- manila_db_sync: ghcr.io/vexxhost/atmosphere/manila:2023.2@sha256:c14e65aca5d474fede5be312ce8bdb2d8bedb9841ac138f53bad5882f3f0f31c
- manila_scheduler: ghcr.io/vexxhost/atmosphere/manila:2023.2@sha256:c14e65aca5d474fede5be312ce8bdb2d8bedb9841ac138f53bad5882f3f0f31c
- manila_share: ghcr.io/vexxhost/atmosphere/manila:2023.2@sha256:c14e65aca5d474fede5be312ce8bdb2d8bedb9841ac138f53bad5882f3f0f31c
- memcached: docker.io/library/memcached:1.6.17@sha256:db45886d2d48f143be64f2d46407e224b0b61df3b0056b9d5b03e8bc6a7cd74e
- netoffload: ghcr.io/vexxhost/atmosphere/netoffload:main@sha256:136b37811a4352ddb2d2aeeb52c1ee403cc043511ec59afda2c65f1a33a80e18
- neutron_bagpipe_bgp: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7
- neutron_bgp_dragent: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7
- neutron_coredns: docker.io/coredns/coredns:1.9.3@sha256:bdb36ee882c13135669cfc2bb91c808a33926ad1a411fee07bd2dc344bb8f782
- neutron_db_sync: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7
- neutron_dhcp: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7
- neutron_ironic_agent: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7
- neutron_l2gw: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7
- neutron_l3: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7
- neutron_linuxbridge_agent: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7
- neutron_metadata: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7
- neutron_netns_cleanup_cron: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7
- neutron_openvswitch_agent: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7
- neutron_ovn_metadata: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7
- neutron_server: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7
- neutron_sriov_agent_init: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7
- neutron_sriov_agent: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7
- node_feature_discovery: registry.k8s.io/nfd/node-feature-discovery:v0.11.2@sha256:24b2abfb5956b6a2a9a0f4248232838d02235d65044078c43d8bdcf29344f141
- nova_api: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b
- nova_archive_deleted_rows: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b
- nova_cell_setup_init: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a
- nova_cell_setup: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b
- nova_compute_ironic: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b
- nova_compute_ssh: ghcr.io/vexxhost/atmosphere/nova-ssh:latest@sha256:5ba950e9bd6aa07adae0befeb94a9f31cc088cc396e4e02e81c30fe5fd90a8b8
- nova_compute: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b
- nova_conductor: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b
- nova_consoleauth: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b
- nova_db_sync: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b
- nova_novncproxy_assets: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b
- nova_novncproxy: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b
- nova_placement: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b
- nova_scheduler: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b
- nova_service_cleaner: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a
- nova_spiceproxy_assets: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b
- nova_spiceproxy: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b
- oauth2_proxy: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0@sha256:dcb6ff8dd21bf3058f6a22c6fa385fa5b897a9cd3914c88a2cc2bb0a85f8065d
- octavia_api: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:13ce44f4277e69e3ea3e2341d42378c9470fb5618329e87ca6f58cdee9c84d15
- octavia_db_sync: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:13ce44f4277e69e3ea3e2341d42378c9470fb5618329e87ca6f58cdee9c84d15
- octavia_health_manager_init: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a
- octavia_health_manager: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:13ce44f4277e69e3ea3e2341d42378c9470fb5618329e87ca6f58cdee9c84d15
- octavia_housekeeping: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:13ce44f4277e69e3ea3e2341d42378c9470fb5618329e87ca6f58cdee9c84d15
- octavia_worker: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:13ce44f4277e69e3ea3e2341d42378c9470fb5618329e87ca6f58cdee9c84d15
- openvswitch_db_server: ghcr.io/vexxhost/atmosphere/openvswitch:3.1.0-65@sha256:f017715f72dc0a48c8cc8ff9a1da9cb2c17879065ffd6c377ffabd2cff28148a
- openvswitch_vswitchd: ghcr.io/vexxhost/atmosphere/openvswitch:3.1.0-65@sha256:f017715f72dc0a48c8cc8ff9a1da9cb2c17879065ffd6c377ffabd2cff28148a
- ovn_controller: ghcr.io/vexxhost/atmosphere/ovn-host:23.03.0-69@sha256:2eeeb70a7cd745e3fdbdd396f611cb2bd090228a6551b1b4b9b01d0ac6a8a121
- ovn_northd: ghcr.io/vexxhost/atmosphere/ovn-central:23.03.0-69@sha256:171a020d3db924c25c3521844a309d5007316d07cd155111670ee291d6ffe39d
- ovn_ovsdb_nb: ghcr.io/vexxhost/atmosphere/ovn-central:23.03.0-69@sha256:171a020d3db924c25c3521844a309d5007316d07cd155111670ee291d6ffe39d
- ovn_ovsdb_sb: ghcr.io/vexxhost/atmosphere/ovn-central:23.03.0-69@sha256:171a020d3db924c25c3521844a309d5007316d07cd155111670ee291d6ffe39d
- pause: registry.k8s.io/pause:3.9@sha256:7031c1b283388d2c2e09b57badb803c05ebed362dc88d84b480cc47f72a21097
- percona_xtradb_cluster_haproxy: docker.io/percona/percona-xtradb-cluster-operator:1.13.0-haproxy@sha256:f04e4fea548bfc7cb0bfc73c75c7f2c64d299cf04125a07a8101a55f0f734fed
- percona_xtradb_cluster_operator: docker.io/percona/percona-xtradb-cluster-operator:1.13.0@sha256:c674d63242f1af521edfbaffae2ae02fb8d010c0557a67a9c42d2b4a50db5243
- percona_xtradb_cluster: docker.io/percona/percona-xtradb-cluster:8.0.32-24.2@sha256:1f978ab8912e1b5fc66570529cb7e7a4ec6a38adbfce1ece78159b0fcfa7d47a
- percona_version_service: docker.io/perconalab/version-service:main-3325140@sha256:b7928130fca1e35ce7feaeec326fef836229a8b4de2f6f6ea5b6d2c7a48cd071
- placement_db_sync: ghcr.io/vexxhost/atmosphere/placement:2023.2@sha256:c5bf2b2db697db1966c2fee0c6358dc79b6bac3542c619db5fb8002d666b16d3
- placement: ghcr.io/vexxhost/atmosphere/placement:2023.2@sha256:c5bf2b2db697db1966c2fee0c6358dc79b6bac3542c619db5fb8002d666b16d3
- prometheus_config_reloader: quay.io/prometheus-operator/prometheus-config-reloader:v0.73.0@sha256:d0e5f8d12f8be6223c93bd13b6d2729ed8f1ae13a61ace8cd1eea3d165666140
- prometheus_ipmi_exporter: us-docker.pkg.dev/vexxhost-infra/openstack/ipmi-exporter:1.4.0@sha256:4898da9cc11961a56363e8b3f3437d0f45b46585b20c79e33e97fbe7232e05d2
- prometheus_memcached_exporter: quay.io/prometheus/memcached-exporter:v0.10.0@sha256:fa5a2de1a4744da66fb369bee81232f5ea52208bc643e409a60f66d699ac27b2
- prometheus_mysqld_exporter: quay.io/prometheus/mysqld-exporter:v0.14.0@sha256:eb6fe170738bf9181c51f5bc89f93adb26672ec49ffdcb22f55c24834003b45d
- prometheus_node_exporter: quay.io/prometheus/node-exporter:v1.7.0@sha256:4cb2b9019f1757be8482419002cb7afe028fdba35d47958829e4cfeaf6246d80
- prometheus_openstack_database_exporter: ghcr.io/vexxhost/openstack-database-exporter:v0.2.0@sha256:286573f63840f961a6861982f7b3e8007b9a93eed77ec4476810af3286cb7fd9
- prometheus_openstack_exporter: ghcr.io/openstack-exporter/openstack-exporter:1.7.0@sha256:e5146a7dd5153c035fd8060899e3504b25557756ef4a4d85860a409247404f97
- prometheus_operator_kube_webhook_certgen: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20221220-controller-v1.5.1-58-g787ea74b6@sha256:5e6fdb9b2c74ad2576dd835b389d00d18ccfee21b547d1a79efb881009664099
- prometheus_operator: quay.io/prometheus-operator/prometheus-operator:v0.73.0@sha256:949be3cfd4e1a1db3010d04a66bb53f4eca9c0d26b9afe0b680c2cf3ee2d934e
- prometheus_pushgateway: docker.io/prom/pushgateway:v1.4.2@sha256:f74ff5b7ad0b8fb60c24b77eaeab025d659e46ec15f32430adb976544305c01f
- prometheus: quay.io/prometheus/prometheus:v2.51.1@sha256:dec2018ae55885fed717f25c289b8c9cff0bf5fbb9e619fb49b6161ac493c016
- rabbit_init: docker.io/library/rabbitmq:3.10.2-management@sha256:350ab6d773e3af45183466488fe3259df36cd6ade437b4366a59e8052458cc3a
- rabbitmq_cluster_operator: docker.io/rabbitmqoperator/cluster-operator:1.13.1@sha256:84ce21e9e2d6ceb8b93d9daf0b7cc1550b6ed86be5b3acd8b0816eddc1b87dc2
- rabbitmq_credential_updater: docker.io/rabbitmqoperator/default-user-credential-updater:1.0.2@sha256:563908dd8d6b6ce768e463a2d9d7a9b9b4adbcd258fed02c0a8746395cfa3f0d
- rabbitmq_server: docker.io/library/rabbitmq:3.10.2-management@sha256:350ab6d773e3af45183466488fe3259df36cd6ade437b4366a59e8052458cc3a
- rabbitmq_topology_operator: docker.io/rabbitmqoperator/messaging-topology-operator:1.6.0@sha256:5052e8bdb26996c62315f0707c6fb291fd84492e360cca7351e2c3fdf659be43
- rook_ceph: docker.io/rook/ceph:v1.10.10@sha256:2a65f6678c3f4e368046ee10695dce2c265cc81cd6bfd6258fc670dd18fbad5b
+ alertmanager: quay.io/prometheus/alertmanager:v0.27.0
+ barbican_api: registry.atmosphere.dev/library/barbican:main
+ barbican_db_sync: registry.atmosphere.dev/library/barbican:main
+ bootstrap: registry.atmosphere.dev/library/heat:main
+ ceph_config_helper: registry.atmosphere.dev/library/libvirtd:main
+ ceph: quay.io/ceph/ceph:v16.2.11
+ cert_manager_cainjector: quay.io/jetstack/cert-manager-cainjector:v1.7.1
+ cert_manager_cli: quay.io/jetstack/cert-manager-ctl:v1.7.1
+ cert_manager_controller: quay.io/jetstack/cert-manager-controller:v1.7.1
+ cert_manager_webhook: quay.io/jetstack/cert-manager-webhook:v1.7.1
+ cilium_node: quay.io/cilium/cilium:v1.14.8
+ cilium_operator: quay.io/cilium/operator-generic:v1.14.8
+ cinder_api: registry.atmosphere.dev/library/cinder:main
+ cinder_backup_storage_init: registry.atmosphere.dev/library/cinder:main
+ cinder_backup: registry.atmosphere.dev/library/cinder:main
+ cinder_db_sync: registry.atmosphere.dev/library/cinder:main
+ cinder_scheduler: registry.atmosphere.dev/library/cinder:main
+ cinder_storage_init: registry.atmosphere.dev/library/cinder:main
+ cinder_volume_usage_audit: registry.atmosphere.dev/library/cinder:main
+ cinder_volume: registry.atmosphere.dev/library/cinder:main
+ cluster_api_controller: registry.k8s.io/cluster-api/cluster-api-controller:v1.6.0
+ cluster_api_kubeadm_bootstrap_controller: registry.k8s.io/cluster-api/kubeadm-bootstrap-controller:v1.6.0
+ cluster_api_kubeadm_control_plane_controller: registry.k8s.io/cluster-api/kubeadm-control-plane-controller:v1.6.0
+ cluster_api_openstack_controller: registry.k8s.io/capi-openstack/capi-openstack-controller:v0.9.0
+ csi_node_driver_registrar: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.4.0
+ csi_rbd_attacher: registry.k8s.io/sig-storage/csi-attacher:v3.4.0
+ csi_rbd_plugin: quay.io/cephcsi/cephcsi:v3.5.1
+ csi_rbd_provisioner: registry.k8s.io/sig-storage/csi-provisioner:v3.1.0
+ csi_rbd_resizer: registry.k8s.io/sig-storage/csi-resizer:v1.3.0
+ csi_rbd_snapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v4.2.0
+ db_drop: registry.atmosphere.dev/library/heat:main
+ db_init: registry.atmosphere.dev/library/heat:main
+ dep_check: registry.atmosphere.dev/library/kubernetes-entrypoint:main
+ designate_api: registry.atmosphere.dev/library/designate:main
+ designate_central: registry.atmosphere.dev/library/designate:main
+ designate_db_sync: registry.atmosphere.dev/library/designate:main
+ designate_mdns: registry.atmosphere.dev/library/designate:main
+ designate_producer: registry.atmosphere.dev/library/designate:main
+ designate_sink: registry.atmosphere.dev/library/designate:main
+ designate_worker: registry.atmosphere.dev/library/designate:main
+ glance_api: registry.atmosphere.dev/library/glance:main
+ glance_db_sync: registry.atmosphere.dev/library/glance:main
+ glance_metadefs_load: registry.atmosphere.dev/library/glance:main
+ glance_registry: registry.atmosphere.dev/library/glance:main
+ glance_storage_init: registry.atmosphere.dev/library/glance:main
+ grafana_sidecar: quay.io/kiwigrid/k8s-sidecar:1.26.1
+ grafana: docker.io/grafana/grafana:10.4.0
+ haproxy: docker.io/library/haproxy:2.5
+ heat_api: registry.atmosphere.dev/library/heat:main
+ heat_cfn: registry.atmosphere.dev/library/heat:main
+ heat_cloudwatch: registry.atmosphere.dev/library/heat:main
+ heat_db_sync: registry.atmosphere.dev/library/heat:main
+ heat_engine_cleaner: registry.atmosphere.dev/library/heat:main
+ heat_engine: registry.atmosphere.dev/library/heat:main
+ heat_purge_deleted: registry.atmosphere.dev/library/heat:main
+ horizon_db_sync: registry.atmosphere.dev/library/horizon:main
+ horizon: registry.atmosphere.dev/library/horizon:main
+ ingress_nginx_controller: registry.k8s.io/ingress-nginx/controller:v1.1.1
+ ingress_nginx_default_backend: registry.k8s.io/defaultbackend-amd64:1.5
+ ingress_nginx_kube_webhook_certgen: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1
+ keepalived: us-docker.pkg.dev/vexxhost-infra/openstack/keepalived:2.0.19
+ keycloak: quay.io/keycloak/keycloak:22.0.1-0
+ keystone_api: registry.atmosphere.dev/library/keystone:main
+ keystone_credential_cleanup: registry.atmosphere.dev/library/heat:main
+ keystone_credential_rotate: registry.atmosphere.dev/library/keystone:main
+ keystone_credential_setup: registry.atmosphere.dev/library/keystone:main
+ keystone_db_sync: registry.atmosphere.dev/library/keystone:main
+ keystone_domain_manage: registry.atmosphere.dev/library/heat:main
+ keystone_fernet_rotate: registry.atmosphere.dev/library/keystone:main
+ keystone_fernet_setup: registry.atmosphere.dev/library/keystone:main
+ ks_endpoints: registry.atmosphere.dev/library/heat:main
+ ks_service: registry.atmosphere.dev/library/heat:main
+ ks_user: registry.atmosphere.dev/library/heat:main
+ kube_apiserver: registry.k8s.io/kube-apiserver:v1.22.17
+ kube_controller_manager: registry.k8s.io/kube-controller-manager:v1.22.17
+ kube_coredns: registry.k8s.io/coredns/coredns:v1.8.4
+ kube_etcd: registry.k8s.io/etcd:3.5.6-0
+ kube_proxy: registry.k8s.io/kube-proxy:v1.22.17
+ kube_scheduler: registry.k8s.io/kube-scheduler:v1.22.17
+ kube_state_metrics: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.12.0
+ kubectl: docker.io/bitnami/kubectl:1.27.3
+ libvirt: registry.atmosphere.dev/library/libvirtd:main
+ libvirt_tls_sidecar: registry.atmosphere.dev/library/libvirt-tls-sidecar:main
+ libvirt_exporter: docker.io/vexxhost/libvirtd-exporter:latest
+ local_path_provisioner_helper: docker.io/library/busybox:1.36.0
+ local_path_provisioner: docker.io/rancher/local-path-provisioner:v0.0.24
+ loki_gateway: docker.io/nginxinc/nginx-unprivileged:1.24-alpine
+ loki: docker.io/grafana/loki:2.9.6
+ magnum_api: registry.atmosphere.dev/library/magnum:main
+ magnum_cluster_api_proxy: registry.atmosphere.dev/library/magnum:main
+ magnum_conductor: registry.atmosphere.dev/library/magnum:main
+ magnum_db_sync: registry.atmosphere.dev/library/magnum:main
+ magnum_registry: quay.io/vexxhost/magnum-cluster-api-registry:latest
+ manila_api: registry.atmosphere.dev/library/manila:main
+ manila_data: registry.atmosphere.dev/library/manila:main
+ manila_db_sync: registry.atmosphere.dev/library/manila:main
+ manila_scheduler: registry.atmosphere.dev/library/manila:main
+ manila_share: registry.atmosphere.dev/library/manila:main
+ memcached: docker.io/library/memcached:1.6.17
+ netoffload: registry.atmosphere.dev/library/netoffload:main
+ neutron_bagpipe_bgp: registry.atmosphere.dev/library/neutron:main
+ neutron_bgp_dragent: registry.atmosphere.dev/library/neutron:main
+ neutron_coredns: docker.io/coredns/coredns:1.9.3
+ neutron_db_sync: registry.atmosphere.dev/library/neutron:main
+ neutron_dhcp: registry.atmosphere.dev/library/neutron:main
+ neutron_ironic_agent: registry.atmosphere.dev/library/neutron:main
+ neutron_l2gw: registry.atmosphere.dev/library/neutron:main
+ neutron_l3: registry.atmosphere.dev/library/neutron:main
+ neutron_linuxbridge_agent: registry.atmosphere.dev/library/neutron:main
+ neutron_metadata: registry.atmosphere.dev/library/neutron:main
+ neutron_netns_cleanup_cron: registry.atmosphere.dev/library/neutron:main
+ neutron_openvswitch_agent: registry.atmosphere.dev/library/neutron:main
+ neutron_ovn_metadata: registry.atmosphere.dev/library/neutron:main
+ neutron_server: registry.atmosphere.dev/library/neutron:main
+ neutron_sriov_agent_init: registry.atmosphere.dev/library/neutron:main
+ neutron_sriov_agent: registry.atmosphere.dev/library/neutron:main
+ node_feature_discovery: registry.k8s.io/nfd/node-feature-discovery:v0.11.2
+ nova_api: registry.atmosphere.dev/library/nova:main
+ nova_archive_deleted_rows: registry.atmosphere.dev/library/nova:main
+ nova_cell_setup_init: registry.atmosphere.dev/library/heat:main
+ nova_cell_setup: registry.atmosphere.dev/library/nova:main
+ nova_compute_ironic: registry.atmosphere.dev/library/nova:main
+ nova_compute_ssh: registry.atmosphere.dev/library/nova-ssh:main
+ nova_compute: registry.atmosphere.dev/library/nova:main
+ nova_conductor: registry.atmosphere.dev/library/nova:main
+ nova_consoleauth: registry.atmosphere.dev/library/nova:main
+ nova_db_sync: registry.atmosphere.dev/library/nova:main
+ nova_novncproxy_assets: registry.atmosphere.dev/library/nova:main
+ nova_novncproxy: registry.atmosphere.dev/library/nova:main
+ nova_placement: registry.atmosphere.dev/library/nova:main
+ nova_scheduler: registry.atmosphere.dev/library/nova:main
+ nova_service_cleaner: registry.atmosphere.dev/library/heat:main
+ nova_spiceproxy_assets: registry.atmosphere.dev/library/nova:main
+ nova_spiceproxy: registry.atmosphere.dev/library/nova:main
+ oauth2_proxy: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0
+ octavia_api: registry.atmosphere.dev/library/octavia:main
+ octavia_db_sync: registry.atmosphere.dev/library/octavia:main
+ octavia_health_manager_init: registry.atmosphere.dev/library/heat:main
+ octavia_health_manager: registry.atmosphere.dev/library/octavia:main
+ octavia_housekeeping: registry.atmosphere.dev/library/octavia:main
+ octavia_worker: registry.atmosphere.dev/library/octavia:main
+ openvswitch_db_server: registry.atmosphere.dev/library/openvswitch:main
+ openvswitch_vswitchd: registry.atmosphere.dev/library/openvswitch:main
+ ovn_controller: registry.atmosphere.dev/library/ovn-host:main
+ ovn_northd: registry.atmosphere.dev/library/ovn-central:main
+ ovn_ovsdb_nb: registry.atmosphere.dev/library/ovn-central:main
+ ovn_ovsdb_sb: registry.atmosphere.dev/library/ovn-central:main
+ pause: registry.k8s.io/pause:3.9
+ percona_xtradb_cluster_haproxy: docker.io/percona/percona-xtradb-cluster-operator:1.13.0-haproxy
+ percona_xtradb_cluster_operator: docker.io/percona/percona-xtradb-cluster-operator:1.13.0
+ percona_xtradb_cluster: docker.io/percona/percona-xtradb-cluster:8.0.32-24.2
+ percona_version_service: docker.io/perconalab/version-service:main-3325140
+ placement_db_sync: registry.atmosphere.dev/library/placement:main
+ placement: registry.atmosphere.dev/library/placement:main
+ prometheus_config_reloader: quay.io/prometheus-operator/prometheus-config-reloader:v0.73.0
+ prometheus_ipmi_exporter: us-docker.pkg.dev/vexxhost-infra/openstack/ipmi-exporter:1.4.0
+ prometheus_memcached_exporter: quay.io/prometheus/memcached-exporter:v0.10.0
+ prometheus_mysqld_exporter: quay.io/prometheus/mysqld-exporter:v0.14.0
+ prometheus_node_exporter: quay.io/prometheus/node-exporter:v1.7.0
+ prometheus_openstack_database_exporter: ghcr.io/vexxhost/openstack-database-exporter:v0.2.0
+ prometheus_openstack_exporter: ghcr.io/openstack-exporter/openstack-exporter:1.7.0
+ prometheus_operator_kube_webhook_certgen: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20221220-controller-v1.5.1-58-g787ea74b6
+ prometheus_operator: quay.io/prometheus-operator/prometheus-operator:v0.73.0
+ prometheus_pushgateway: docker.io/prom/pushgateway:v1.4.2
+ prometheus: quay.io/prometheus/prometheus:v2.51.1
+ rabbit_init: docker.io/library/rabbitmq:3.10.2-management
+ rabbitmq_cluster_operator: docker.io/rabbitmqoperator/cluster-operator:1.13.1
+ rabbitmq_credential_updater: docker.io/rabbitmqoperator/default-user-credential-updater:1.0.2
+ rabbitmq_server: docker.io/library/rabbitmq:3.10.2-management
+ rabbitmq_topology_operator: docker.io/rabbitmqoperator/messaging-topology-operator:1.6.0
+ rook_ceph: docker.io/rook/ceph:v1.10.10
secretgen_controller: ghcr.io/carvel-dev/secretgen-controller@sha256:59ec05ce5847bfd70c8e04f08b5195e918c8f6fbb947ffc91b456494a2958fd5
- senlin_api: ghcr.io/vexxhost/atmosphere/senlin:2023.2@sha256:fe825c07a9e4fb17282b47f978c3d3254e990352d55e359f51dd3d7f198b4f55
- senlin_conductor: ghcr.io/vexxhost/atmosphere/senlin:2023.2@sha256:fe825c07a9e4fb17282b47f978c3d3254e990352d55e359f51dd3d7f198b4f55
- senlin_db_sync: ghcr.io/vexxhost/atmosphere/senlin:2023.2@sha256:fe825c07a9e4fb17282b47f978c3d3254e990352d55e359f51dd3d7f198b4f55
- senlin_engine_cleaner: ghcr.io/vexxhost/atmosphere/senlin:2023.2@sha256:fe825c07a9e4fb17282b47f978c3d3254e990352d55e359f51dd3d7f198b4f55
- senlin_engine: ghcr.io/vexxhost/atmosphere/senlin:2023.2@sha256:fe825c07a9e4fb17282b47f978c3d3254e990352d55e359f51dd3d7f198b4f55
- senlin_health_manager: ghcr.io/vexxhost/atmosphere/senlin:2023.2@sha256:fe825c07a9e4fb17282b47f978c3d3254e990352d55e359f51dd3d7f198b4f55
- staffeln_db_sync: ghcr.io/vexxhost/atmosphere/staffeln:v2.2.3@sha256:9e6e65c11c6722a6fb76d876fac408570f6dc5d78eb6112d9a90b4f6bb88242c
- staffeln_conductor: ghcr.io/vexxhost/atmosphere/staffeln:v2.2.3@sha256:9e6e65c11c6722a6fb76d876fac408570f6dc5d78eb6112d9a90b4f6bb88242c
- staffeln_api: ghcr.io/vexxhost/atmosphere/staffeln:v2.2.3@sha256:9e6e65c11c6722a6fb76d876fac408570f6dc5d78eb6112d9a90b4f6bb88242c
- tempest_run_tests: ghcr.io/vexxhost/atmosphere/tempest:master@sha256:fb60541043884a5f5850ad225a3ff989bf667edc034ab5767f15109afc00b5dc
- vector: docker.io/timberio/vector:0.37.0-debian@sha256:a5b5af9f6d3e89e03aef357cc2dfc75a38075061d978078bfb5ccd67bd9af249
+ senlin_api: registry.atmosphere.dev/library/senlin:main
+ senlin_conductor: registry.atmosphere.dev/library/senlin:main
+ senlin_db_sync: registry.atmosphere.dev/library/senlin:main
+ senlin_engine_cleaner: registry.atmosphere.dev/library/senlin:main
+ senlin_engine: registry.atmosphere.dev/library/senlin:main
+ senlin_health_manager: registry.atmosphere.dev/library/senlin:main
+ staffeln_db_sync: registry.atmosphere.dev/library/staffeln:main
+ staffeln_conductor: registry.atmosphere.dev/library/staffeln:main
+ staffeln_api: registry.atmosphere.dev/library/staffeln:main
+ tempest_run_tests: registry.atmosphere.dev/library/tempest:main
+ vector: docker.io/timberio/vector:0.37.0-debian
atmosphere_images: '{{ _atmosphere_images | combine(atmosphere_image_overrides, recursive=True)
}}'
diff --git a/roles/nova/vars/main.yml b/roles/nova/vars/main.yml
index b7a93c2..7f8317d 100644
--- a/roles/nova/vars/main.yml
+++ b/roles/nova/vars/main.yml
@@ -77,7 +77,6 @@
max_pool_size: 1
filter_scheduler:
enabled_filters:
- AvailabilityZoneFilter,
ComputeFilter,
AggregateTypeAffinityFilter,
ComputeCapabilitiesFilter,
diff --git a/tests/unit/plugins/filter/test_openstack_helm_image_tags.py b/tests/unit/plugins/filter/test_openstack_helm_image_tags.py
index 625af35..8820fc7 100644
--- a/tests/unit/plugins/filter/test_openstack_helm_image_tags.py
+++ b/tests/unit/plugins/filter/test_openstack_helm_image_tags.py
@@ -46,15 +46,15 @@
def test_openstack_helm_image_tags_for_magnum(atmosphere_images):
assert openstack_helm_image_tags(atmosphere_images, "magnum") == {
- "bootstrap": "ghcr.io/vexxhost/atmosphere/heat:zed",
- "db_drop": "ghcr.io/vexxhost/atmosphere/heat:zed",
- "db_init": "ghcr.io/vexxhost/atmosphere/heat:zed",
+ "bootstrap": "ghcr.io/vexxhost/atmosphere/heat:main",
+ "db_drop": "ghcr.io/vexxhost/atmosphere/heat:main",
+ "db_init": "ghcr.io/vexxhost/atmosphere/heat:main",
"dep_check": "quay.io/vexxhost/kubernetes-entrypoint:latest",
- "ks_endpoints": "ghcr.io/vexxhost/atmosphere/heat:zed",
- "ks_service": "ghcr.io/vexxhost/atmosphere/heat:zed",
- "ks_user": "ghcr.io/vexxhost/atmosphere/heat:zed",
- "magnum_api": "quay.io/vexxhost/magnum:zed",
- "magnum_conductor": "quay.io/vexxhost/magnum:zed",
- "magnum_db_sync": "quay.io/vexxhost/magnum:zed",
+ "ks_endpoints": "ghcr.io/vexxhost/atmosphere/heat:main",
+ "ks_service": "ghcr.io/vexxhost/atmosphere/heat:main",
+ "ks_user": "ghcr.io/vexxhost/atmosphere/heat:main",
+ "magnum_api": "quay.io/vexxhost/magnum:main",
+ "magnum_conductor": "quay.io/vexxhost/magnum:main",
+ "magnum_db_sync": "quay.io/vexxhost/magnum:main",
"rabbit_init": "docker.io/library/rabbitmq:3.10.2-management",
}
diff --git a/zuul.d/container-images/barbican.yaml b/zuul.d/container-images/barbican.yaml
new file mode 100644
index 0000000..e1059da
--- /dev/null
+++ b/zuul.d/container-images/barbican.yaml
@@ -0,0 +1,81 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- project:
+ check:
+ jobs:
+ - atmosphere-build-container-image-barbican
+ gate:
+ jobs:
+ - atmosphere-upload-container-image-barbican
+ promote:
+ jobs:
+ - atmosphere-promote-container-image-barbican
+
+- job:
+ name: atmosphere-build-container-image-barbican
+ parent: atmosphere-build-container-image
+ dependencies:
+ - name: atmosphere-build-container-image-ubuntu
+ soft: true
+ - name: atmosphere-build-container-image-ubuntu-cloud-archive
+ soft: true
+ - name: atmosphere-build-container-image-python-base
+ soft: true
+ - name: atmosphere-build-container-image-openstack-venv-builder
+ soft: true
+ - name: atmosphere-build-container-image-openstack-python-runtime
+ soft: true
+ vars: &container_image_vars
+ promote_container_image_job: atmosphere-upload-container-image-barbican
+ container_images:
+ - context: images/barbican
+ registry: registry.atmosphere.dev
+ repository: registry.atmosphere.dev/library/barbican
+ arch:
+ - linux/amd64
+ build_args:
+ - PROJECT=barbican
+ tags:
+ - main
+ files: &container_image_files
+ - images/ubuntu/.*
+ - images/ubuntu-cloud-archive/.*
+ - images/python-base/.*
+ - images/openstack-venv-builder/.*
+ - images/openstack-python-runtime/.*
+ - images/barbican/.*
+
+- job:
+ name: atmosphere-upload-container-image-barbican
+ parent: atmosphere-upload-container-image
+ dependencies:
+ - name: atmosphere-upload-container-image-ubuntu
+ soft: true
+ - name: atmosphere-upload-container-image-ubuntu-cloud-archive
+ soft: true
+ - name: atmosphere-upload-container-image-python-base
+ soft: true
+ - name: atmosphere-upload-container-image-openstack-venv-builder
+ soft: true
+ - name: atmosphere-upload-container-image-openstack-python-runtime
+ soft: true
+ vars: *container_image_vars
+ files: *container_image_files
+
+- job:
+ name: atmosphere-promote-container-image-barbican
+ parent: atmosphere-promote-container-image
+ vars: *container_image_vars
+ files: *container_image_files
diff --git a/zuul.d/container-images/base.yaml b/zuul.d/container-images/base.yaml
new file mode 100644
index 0000000..6e33526
--- /dev/null
+++ b/zuul.d/container-images/base.yaml
@@ -0,0 +1,65 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- project:
+ check:
+ jobs:
+ - atmosphere-buildset-registry
+ gate:
+ jobs:
+ - atmosphere-buildset-registry
+
+- job:
+ name: atmosphere-buildset-registry
+ parent: ci-buildset-registry
+
+- job:
+ name: atmosphere-build-container-image
+ parent: ci-build-container-image
+ abstract: true
+ dependencies:
+ - name: atmosphere-buildset-registry
+ soft: false
+ vars: &image_vars
+ container_command: docker
+ promote_container_image_method: intermediate-registry
+ buildset_registry_namespaces:
+ - ['docker.io', 'https://registry-1.docker.io']
+ - ['quay.io', 'https://quay.io']
+ - ['gcr.io', 'https://gcr.io']
+ - ['registry.atmosphere.dev', 'https://registry.atmosphere.dev']
+
+- job:
+ name: atmosphere-upload-container-image
+ parent: ci-upload-container-image
+ abstract: true
+ dependencies:
+ - name: atmosphere-buildset-registry
+ soft: false
+ secrets:
+ name: container_registry_credentials
+ secret: atmosphere-registry-credentials
+ pass-to-parent: true
+ vars: *image_vars
+
+- job:
+ name: atmosphere-promote-container-image
+ parent: ci-promote-container-image
+ secrets:
+ name: container_registry_credentials
+ secret: atmosphere-registry-credentials
+ pass-to-parent: true
+ nodeset:
+ nodes: []
+ vars: *image_vars
diff --git a/zuul.d/container-images/cinder.yaml b/zuul.d/container-images/cinder.yaml
new file mode 100644
index 0000000..ec6dd7f
--- /dev/null
+++ b/zuul.d/container-images/cinder.yaml
@@ -0,0 +1,81 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- project:
+ check:
+ jobs:
+ - atmosphere-build-container-image-cinder
+ gate:
+ jobs:
+ - atmosphere-upload-container-image-cinder
+ promote:
+ jobs:
+ - atmosphere-promote-container-image-cinder
+
+- job:
+ name: atmosphere-build-container-image-cinder
+ parent: atmosphere-build-container-image
+ dependencies:
+ - name: atmosphere-build-container-image-ubuntu
+ soft: true
+ - name: atmosphere-build-container-image-ubuntu-cloud-archive
+ soft: true
+ - name: atmosphere-build-container-image-python-base
+ soft: true
+ - name: atmosphere-build-container-image-openstack-venv-builder
+ soft: true
+ - name: atmosphere-build-container-image-openstack-python-runtime
+ soft: true
+ vars: &container_image_vars
+ promote_container_image_job: atmosphere-upload-container-image-cinder
+ container_images:
+ - context: images/cinder
+ registry: registry.atmosphere.dev
+ repository: registry.atmosphere.dev/library/cinder
+ arch:
+ - linux/amd64
+ build_args:
+ - PROJECT=cinder
+ tags:
+ - main
+ files: &container_image_files
+ - images/ubuntu/.*
+ - images/ubuntu-cloud-archive/.*
+ - images/python-base/.*
+ - images/openstack-venv-builder/.*
+ - images/openstack-python-runtime/.*
+ - images/cinder/.*
+
+- job:
+ name: atmosphere-upload-container-image-cinder
+ parent: atmosphere-upload-container-image
+ dependencies:
+ - name: atmosphere-upload-container-image-ubuntu
+ soft: true
+ - name: atmosphere-upload-container-image-ubuntu-cloud-archive
+ soft: true
+ - name: atmosphere-upload-container-image-python-base
+ soft: true
+ - name: atmosphere-upload-container-image-openstack-venv-builder
+ soft: true
+ - name: atmosphere-upload-container-image-openstack-python-runtime
+ soft: true
+ vars: *container_image_vars
+ files: *container_image_files
+
+- job:
+ name: atmosphere-promote-container-image-cinder
+ parent: atmosphere-promote-container-image
+ vars: *container_image_vars
+ files: *container_image_files
diff --git a/zuul.d/container-images/cluster-api-provider-openstack.yaml b/zuul.d/container-images/cluster-api-provider-openstack.yaml
new file mode 100644
index 0000000..16777dd
--- /dev/null
+++ b/zuul.d/container-images/cluster-api-provider-openstack.yaml
@@ -0,0 +1,52 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- project:
+ check:
+ jobs:
+ - atmosphere-build-container-image-cluster-api-provider-openstack
+ gate:
+ jobs:
+ - atmosphere-upload-container-image-cluster-api-provider-openstack
+ promote:
+ jobs:
+ - atmosphere-promote-container-image-cluster-api-provider-openstack
+
+- job:
+ name: atmosphere-build-container-image-cluster-api-provider-openstack
+ parent: atmosphere-build-container-image
+ vars: &container_image_vars
+ promote_container_image_job: atmosphere-upload-container-image-cluster-api-provider-openstack
+ container_images:
+ - context: images/cluster-api-provider-openstack
+ registry: registry.atmosphere.dev
+ repository: registry.atmosphere.dev/library/capi-openstack-controller
+ arch:
+ - linux/amd64
+ tags:
+ - main
+ files: &container_image_files
+ - images/cluster-api-provider-openstack/.*
+
+- job:
+ name: atmosphere-upload-container-image-cluster-api-provider-openstack
+ parent: atmosphere-upload-container-image
+ vars: *container_image_vars
+ files: *container_image_files
+
+- job:
+ name: atmosphere-promote-container-image-cluster-api-provider-openstack
+ parent: atmosphere-promote-container-image
+ vars: *container_image_vars
+ files: *container_image_files
diff --git a/zuul.d/container-images/designate.yaml b/zuul.d/container-images/designate.yaml
new file mode 100644
index 0000000..be2943c
--- /dev/null
+++ b/zuul.d/container-images/designate.yaml
@@ -0,0 +1,81 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- project:
+ check:
+ jobs:
+ - atmosphere-build-container-image-designate
+ gate:
+ jobs:
+ - atmosphere-upload-container-image-designate
+ promote:
+ jobs:
+ - atmosphere-promote-container-image-designate
+
+- job:
+ name: atmosphere-build-container-image-designate
+ parent: atmosphere-build-container-image
+ dependencies:
+ - name: atmosphere-build-container-image-ubuntu
+ soft: true
+ - name: atmosphere-build-container-image-ubuntu-cloud-archive
+ soft: true
+ - name: atmosphere-build-container-image-python-base
+ soft: true
+ - name: atmosphere-build-container-image-openstack-venv-builder
+ soft: true
+ - name: atmosphere-build-container-image-openstack-python-runtime
+ soft: true
+ vars: &container_image_vars
+ promote_container_image_job: atmosphere-upload-container-image-designate
+ container_images:
+ - context: images/designate
+ registry: registry.atmosphere.dev
+ repository: registry.atmosphere.dev/library/designate
+ arch:
+ - linux/amd64
+ build_args:
+ - PROJECT=designate
+ tags:
+ - main
+ files: &container_image_files
+ - images/ubuntu/.*
+ - images/ubuntu-cloud-archive/.*
+ - images/python-base/.*
+ - images/openstack-venv-builder/.*
+ - images/openstack-python-runtime/.*
+ - images/designate/.*
+
+- job:
+ name: atmosphere-upload-container-image-designate
+ parent: atmosphere-upload-container-image
+ dependencies:
+ - name: atmosphere-upload-container-image-ubuntu
+ soft: true
+ - name: atmosphere-upload-container-image-ubuntu-cloud-archive
+ soft: true
+ - name: atmosphere-upload-container-image-python-base
+ soft: true
+ - name: atmosphere-upload-container-image-openstack-venv-builder
+ soft: true
+ - name: atmosphere-upload-container-image-openstack-python-runtime
+ soft: true
+ vars: *container_image_vars
+ files: *container_image_files
+
+- job:
+ name: atmosphere-promote-container-image-designate
+ parent: atmosphere-promote-container-image
+ vars: *container_image_vars
+ files: *container_image_files
diff --git a/zuul.d/container-images/glance.yaml b/zuul.d/container-images/glance.yaml
new file mode 100644
index 0000000..d59f887
--- /dev/null
+++ b/zuul.d/container-images/glance.yaml
@@ -0,0 +1,81 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- project:
+ check:
+ jobs:
+ - atmosphere-build-container-image-glance
+ gate:
+ jobs:
+ - atmosphere-upload-container-image-glance
+ promote:
+ jobs:
+ - atmosphere-promote-container-image-glance
+
+- job:
+ name: atmosphere-build-container-image-glance
+ parent: atmosphere-build-container-image
+ dependencies:
+ - name: atmosphere-build-container-image-ubuntu
+ soft: true
+ - name: atmosphere-build-container-image-ubuntu-cloud-archive
+ soft: true
+ - name: atmosphere-build-container-image-python-base
+ soft: true
+ - name: atmosphere-build-container-image-openstack-venv-builder
+ soft: true
+ - name: atmosphere-build-container-image-openstack-python-runtime
+ soft: true
+ vars: &container_image_vars
+ promote_container_image_job: atmosphere-upload-container-image-glance
+ container_images:
+ - context: images/glance
+ registry: registry.atmosphere.dev
+ repository: registry.atmosphere.dev/library/glance
+ arch:
+ - linux/amd64
+ build_args:
+ - PROJECT=glance
+ tags:
+ - main
+ files: &container_image_files
+ - images/ubuntu/.*
+ - images/ubuntu-cloud-archive/.*
+ - images/python-base/.*
+ - images/openstack-venv-builder/.*
+ - images/openstack-python-runtime/.*
+ - images/glance/.*
+
+- job:
+ name: atmosphere-upload-container-image-glance
+ parent: atmosphere-upload-container-image
+ dependencies:
+ - name: atmosphere-upload-container-image-ubuntu
+ soft: true
+ - name: atmosphere-upload-container-image-ubuntu-cloud-archive
+ soft: true
+ - name: atmosphere-upload-container-image-python-base
+ soft: true
+ - name: atmosphere-upload-container-image-openstack-venv-builder
+ soft: true
+ - name: atmosphere-upload-container-image-openstack-python-runtime
+ soft: true
+ vars: *container_image_vars
+ files: *container_image_files
+
+- job:
+ name: atmosphere-promote-container-image-glance
+ parent: atmosphere-promote-container-image
+ vars: *container_image_vars
+ files: *container_image_files
diff --git a/zuul.d/container-images/heat.yaml b/zuul.d/container-images/heat.yaml
new file mode 100644
index 0000000..61b462d
--- /dev/null
+++ b/zuul.d/container-images/heat.yaml
@@ -0,0 +1,81 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- project:
+ check:
+ jobs:
+ - atmosphere-build-container-image-heat
+ gate:
+ jobs:
+ - atmosphere-upload-container-image-heat
+ promote:
+ jobs:
+ - atmosphere-promote-container-image-heat
+
+- job:
+ name: atmosphere-build-container-image-heat
+ parent: atmosphere-build-container-image
+ dependencies:
+ - name: atmosphere-build-container-image-ubuntu
+ soft: true
+ - name: atmosphere-build-container-image-ubuntu-cloud-archive
+ soft: true
+ - name: atmosphere-build-container-image-python-base
+ soft: true
+ - name: atmosphere-build-container-image-openstack-venv-builder
+ soft: true
+ - name: atmosphere-build-container-image-openstack-python-runtime
+ soft: true
+ vars: &container_image_vars
+ promote_container_image_job: atmosphere-upload-container-image-heat
+ container_images:
+ - context: images/heat
+ registry: registry.atmosphere.dev
+ repository: registry.atmosphere.dev/library/heat
+ arch:
+ - linux/amd64
+ build_args:
+ - PROJECT=heat
+ tags:
+ - main
+ files: &container_image_files
+ - images/ubuntu/.*
+ - images/ubuntu-cloud-archive/.*
+ - images/python-base/.*
+ - images/openstack-venv-builder/.*
+ - images/openstack-python-runtime/.*
+ - images/heat/.*
+
+- job:
+ name: atmosphere-upload-container-image-heat
+ parent: atmosphere-upload-container-image
+ dependencies:
+ - name: atmosphere-upload-container-image-ubuntu
+ soft: true
+ - name: atmosphere-upload-container-image-ubuntu-cloud-archive
+ soft: true
+ - name: atmosphere-upload-container-image-python-base
+ soft: true
+ - name: atmosphere-upload-container-image-openstack-venv-builder
+ soft: true
+ - name: atmosphere-upload-container-image-openstack-python-runtime
+ soft: true
+ vars: *container_image_vars
+ files: *container_image_files
+
+- job:
+ name: atmosphere-promote-container-image-heat
+ parent: atmosphere-promote-container-image
+ vars: *container_image_vars
+ files: *container_image_files
diff --git a/zuul.d/container-images/horizon.yaml b/zuul.d/container-images/horizon.yaml
new file mode 100644
index 0000000..1db9b83
--- /dev/null
+++ b/zuul.d/container-images/horizon.yaml
@@ -0,0 +1,81 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- project:
+ check:
+ jobs:
+ - atmosphere-build-container-image-horizon
+ gate:
+ jobs:
+ - atmosphere-upload-container-image-horizon
+ promote:
+ jobs:
+ - atmosphere-promote-container-image-horizon
+
+- job:
+ name: atmosphere-build-container-image-horizon
+ parent: atmosphere-build-container-image
+ dependencies:
+ - name: atmosphere-build-container-image-ubuntu
+ soft: true
+ - name: atmosphere-build-container-image-ubuntu-cloud-archive
+ soft: true
+ - name: atmosphere-build-container-image-python-base
+ soft: true
+ - name: atmosphere-build-container-image-openstack-venv-builder
+ soft: true
+ - name: atmosphere-build-container-image-openstack-python-runtime
+ soft: true
+ vars: &container_image_vars
+ promote_container_image_job: atmosphere-upload-container-image-horizon
+ container_images:
+ - context: images/horizon
+ registry: registry.atmosphere.dev
+ repository: registry.atmosphere.dev/library/horizon
+ arch:
+ - linux/amd64
+ build_args:
+ - PROJECT=horizon
+ tags:
+ - main
+ files: &container_image_files
+ - images/ubuntu/.*
+ - images/ubuntu-cloud-archive/.*
+ - images/python-base/.*
+ - images/openstack-venv-builder/.*
+ - images/openstack-python-runtime/.*
+ - images/horizon/.*
+
+- job:
+ name: atmosphere-upload-container-image-horizon
+ parent: atmosphere-upload-container-image
+ dependencies:
+ - name: atmosphere-upload-container-image-ubuntu
+ soft: true
+ - name: atmosphere-upload-container-image-ubuntu-cloud-archive
+ soft: true
+ - name: atmosphere-upload-container-image-python-base
+ soft: true
+ - name: atmosphere-upload-container-image-openstack-venv-builder
+ soft: true
+ - name: atmosphere-upload-container-image-openstack-python-runtime
+ soft: true
+ vars: *container_image_vars
+ files: *container_image_files
+
+- job:
+ name: atmosphere-promote-container-image-horizon
+ parent: atmosphere-promote-container-image
+ vars: *container_image_vars
+ files: *container_image_files
diff --git a/zuul.d/container-images/ironic.yaml b/zuul.d/container-images/ironic.yaml
new file mode 100644
index 0000000..8e1cbe7
--- /dev/null
+++ b/zuul.d/container-images/ironic.yaml
@@ -0,0 +1,81 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- project:
+ check:
+ jobs:
+ - atmosphere-build-container-image-ironic
+ gate:
+ jobs:
+ - atmosphere-upload-container-image-ironic
+ promote:
+ jobs:
+ - atmosphere-promote-container-image-ironic
+
+- job:
+ name: atmosphere-build-container-image-ironic
+ parent: atmosphere-build-container-image
+ dependencies:
+ - name: atmosphere-build-container-image-ubuntu
+ soft: true
+ - name: atmosphere-build-container-image-ubuntu-cloud-archive
+ soft: true
+ - name: atmosphere-build-container-image-python-base
+ soft: true
+ - name: atmosphere-build-container-image-openstack-venv-builder
+ soft: true
+ - name: atmosphere-build-container-image-openstack-python-runtime
+ soft: true
+ vars: &container_image_vars
+ promote_container_image_job: atmosphere-upload-container-image-ironic
+ container_images:
+ - context: images/ironic
+ registry: registry.atmosphere.dev
+ repository: registry.atmosphere.dev/library/ironic
+ arch:
+ - linux/amd64
+ build_args:
+ - PROJECT=ironic
+ tags:
+ - main
+ files: &container_image_files
+ - images/ubuntu/.*
+ - images/ubuntu-cloud-archive/.*
+ - images/python-base/.*
+ - images/openstack-venv-builder/.*
+ - images/openstack-python-runtime/.*
+ - images/ironic/.*
+
+- job:
+ name: atmosphere-upload-container-image-ironic
+ parent: atmosphere-upload-container-image
+ dependencies:
+ - name: atmosphere-upload-container-image-ubuntu
+ soft: true
+ - name: atmosphere-upload-container-image-ubuntu-cloud-archive
+ soft: true
+ - name: atmosphere-upload-container-image-python-base
+ soft: true
+ - name: atmosphere-upload-container-image-openstack-venv-builder
+ soft: true
+ - name: atmosphere-upload-container-image-openstack-python-runtime
+ soft: true
+ vars: *container_image_vars
+ files: *container_image_files
+
+- job:
+ name: atmosphere-promote-container-image-ironic
+ parent: atmosphere-promote-container-image
+ vars: *container_image_vars
+ files: *container_image_files
diff --git a/zuul.d/container-images/keystone.yaml b/zuul.d/container-images/keystone.yaml
new file mode 100644
index 0000000..e65eaa4
--- /dev/null
+++ b/zuul.d/container-images/keystone.yaml
@@ -0,0 +1,81 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- project:
+ check:
+ jobs:
+ - atmosphere-build-container-image-keystone
+ gate:
+ jobs:
+ - atmosphere-upload-container-image-keystone
+ promote:
+ jobs:
+ - atmosphere-promote-container-image-keystone
+
+- job:
+ name: atmosphere-build-container-image-keystone
+ parent: atmosphere-build-container-image
+ dependencies:
+ - name: atmosphere-build-container-image-ubuntu
+ soft: true
+ - name: atmosphere-build-container-image-ubuntu-cloud-archive
+ soft: true
+ - name: atmosphere-build-container-image-python-base
+ soft: true
+ - name: atmosphere-build-container-image-openstack-venv-builder
+ soft: true
+ - name: atmosphere-build-container-image-openstack-python-runtime
+ soft: true
+ vars: &container_image_vars
+ promote_container_image_job: atmosphere-upload-container-image-keystone
+ container_images:
+ - context: images/keystone
+ registry: registry.atmosphere.dev
+ repository: registry.atmosphere.dev/library/keystone
+ arch:
+ - linux/amd64
+ build_args:
+ - PROJECT=keystone
+ tags:
+ - main
+ files: &container_image_files
+ - images/ubuntu/.*
+ - images/ubuntu-cloud-archive/.*
+ - images/python-base/.*
+ - images/openstack-venv-builder/.*
+ - images/openstack-python-runtime/.*
+ - images/keystone/.*
+
+- job:
+ name: atmosphere-upload-container-image-keystone
+ parent: atmosphere-upload-container-image
+ dependencies:
+ - name: atmosphere-upload-container-image-ubuntu
+ soft: true
+ - name: atmosphere-upload-container-image-ubuntu-cloud-archive
+ soft: true
+ - name: atmosphere-upload-container-image-python-base
+ soft: true
+ - name: atmosphere-upload-container-image-openstack-venv-builder
+ soft: true
+ - name: atmosphere-upload-container-image-openstack-python-runtime
+ soft: true
+ vars: *container_image_vars
+ files: *container_image_files
+
+- job:
+ name: atmosphere-promote-container-image-keystone
+ parent: atmosphere-promote-container-image
+ vars: *container_image_vars
+ files: *container_image_files
diff --git a/zuul.d/container-images/kubernetes-entrypoint.yaml b/zuul.d/container-images/kubernetes-entrypoint.yaml
new file mode 100644
index 0000000..3b3e147
--- /dev/null
+++ b/zuul.d/container-images/kubernetes-entrypoint.yaml
@@ -0,0 +1,52 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- project:
+ check:
+ jobs:
+ - atmosphere-build-container-image-kubernetes-entrypoint
+ gate:
+ jobs:
+ - atmosphere-upload-container-image-kubernetes-entrypoint
+ promote:
+ jobs:
+ - atmosphere-promote-container-image-kubernetes-entrypoint
+
+- job:
+ name: atmosphere-build-container-image-kubernetes-entrypoint
+ parent: atmosphere-build-container-image
+ vars: &container_image_vars
+ promote_container_image_job: atmosphere-upload-container-image-kubernetes-entrypoint
+ container_images:
+ - context: images/kubernetes-entrypoint
+ registry: registry.atmosphere.dev
+ repository: registry.atmosphere.dev/library/kubernetes-entrypoint
+ arch:
+ - linux/amd64
+ tags:
+ - main
+ files: &container_image_files
+ - images/kubernetes-entrypoint/.*
+
+- job:
+ name: atmosphere-upload-container-image-kubernetes-entrypoint
+ parent: atmosphere-upload-container-image
+ vars: *container_image_vars
+ files: *container_image_files
+
+- job:
+ name: atmosphere-promote-container-image-kubernetes-entrypoint
+ parent: atmosphere-promote-container-image
+ vars: *container_image_vars
+ files: *container_image_files
diff --git a/zuul.d/container-images/libvirt-tls-sidecar.yaml b/zuul.d/container-images/libvirt-tls-sidecar.yaml
new file mode 100644
index 0000000..eae34a9
--- /dev/null
+++ b/zuul.d/container-images/libvirt-tls-sidecar.yaml
@@ -0,0 +1,64 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- project:
+ check:
+ jobs:
+ - atmosphere-build-container-image-libvirt-tls-sidecar
+ gate:
+ jobs:
+ - atmosphere-upload-container-image-libvirt-tls-sidecar
+ promote:
+ jobs:
+ - atmosphere-promote-container-image-libvirt-tls-sidecar
+
+- job:
+ name: atmosphere-build-container-image-libvirt-tls-sidecar
+ parent: atmosphere-build-container-image
+ dependencies:
+ - name: atmosphere-build-container-image-ubuntu
+ soft: true
+ vars: &container_image_vars
+ promote_container_image_job: atmosphere-upload-container-image-libvirt-tls-sidecar
+ container_images:
+ - context: .
+ target: libvirt-tls-sidecar
+ registry: registry.atmosphere.dev
+ repository: registry.atmosphere.dev/library/libvirt-tls-sidecar
+ arch:
+ - linux/amd64
+ tags:
+ - main
+ files: &container_image_files
+ - images/ubuntu/.*
+ - cmd/.*
+ - internal/.*
+ - Dockerfile
+ - go.mod
+ - go.sum
+
+- job:
+ name: atmosphere-upload-container-image-libvirt-tls-sidecar
+ parent: atmosphere-upload-container-image
+ dependencies:
+ - name: atmosphere-upload-container-image-ubuntu
+ soft: true
+ vars: *container_image_vars
+ files: *container_image_files
+
+- job:
+ name: atmosphere-promote-container-image-libvirt-tls-sidecar
+ parent: atmosphere-promote-container-image
+ vars: *container_image_vars
+ files: *container_image_files
diff --git a/zuul.d/container-images/libvirtd.yaml b/zuul.d/container-images/libvirtd.yaml
new file mode 100644
index 0000000..23f53d0
--- /dev/null
+++ b/zuul.d/container-images/libvirtd.yaml
@@ -0,0 +1,70 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- project:
+ check:
+ jobs:
+ - atmosphere-build-container-image-libvirtd
+ gate:
+ jobs:
+ - atmosphere-upload-container-image-libvirtd
+ promote:
+ jobs:
+ - atmosphere-promote-container-image-libvirtd
+
+- job:
+ name: atmosphere-build-container-image-libvirtd
+ parent: atmosphere-build-container-image
+ dependencies:
+ - name: atmosphere-build-container-image-ubuntu
+ soft: true
+ - name: atmosphere-build-container-image-ubuntu-cloud-archive
+ soft: true
+ - name: atmosphere-build-container-image-openstack-runtime
+ soft: true
+ vars: &container_image_vars
+ promote_container_image_job: atmosphere-upload-container-image-libvirtd
+ container_images:
+ - context: images/libvirtd
+ registry: registry.atmosphere.dev
+ repository: registry.atmosphere.dev/library/libvirtd
+ arch:
+ - linux/amd64
+ build_args:
+ - PROJECT=nova
+ tags:
+ - main
+ files: &container_image_files
+ - images/ubuntu/.*
+ - images/ubuntu-cloud-archive/.*
+ - images/openstack-runtime/.*
+
+- job:
+ name: atmosphere-upload-container-image-libvirtd
+ parent: atmosphere-upload-container-image
+ dependencies:
+ - name: atmosphere-upload-container-image-ubuntu
+ soft: true
+ - name: atmosphere-upload-container-image-ubuntu-cloud-archive
+ soft: true
+ - name: atmosphere-upload-container-image-openstack-runtime
+ soft: true
+ vars: *container_image_vars
+ files: *container_image_files
+
+- job:
+ name: atmosphere-promote-container-image-libvirtd
+ parent: atmosphere-promote-container-image
+ vars: *container_image_vars
+ files: *container_image_files
diff --git a/zuul.d/container-images/magnum.yaml b/zuul.d/container-images/magnum.yaml
new file mode 100644
index 0000000..b1f9c88
--- /dev/null
+++ b/zuul.d/container-images/magnum.yaml
@@ -0,0 +1,81 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- project:
+ check:
+ jobs:
+ - atmosphere-build-container-image-magnum
+ gate:
+ jobs:
+ - atmosphere-upload-container-image-magnum
+ promote:
+ jobs:
+ - atmosphere-promote-container-image-magnum
+
+- job:
+ name: atmosphere-build-container-image-magnum
+ parent: atmosphere-build-container-image
+ dependencies:
+ - name: atmosphere-build-container-image-ubuntu
+ soft: true
+ - name: atmosphere-build-container-image-ubuntu-cloud-archive
+ soft: true
+ - name: atmosphere-build-container-image-python-base
+ soft: true
+ - name: atmosphere-build-container-image-openstack-venv-builder
+ soft: true
+ - name: atmosphere-build-container-image-openstack-python-runtime
+ soft: true
+ vars: &container_image_vars
+ promote_container_image_job: atmosphere-upload-container-image-magnum
+ container_images:
+ - context: images/magnum
+ registry: registry.atmosphere.dev
+ repository: registry.atmosphere.dev/library/magnum
+ arch:
+ - linux/amd64
+ build_args:
+ - PROJECT=magnum
+ tags:
+ - main
+ files: &container_image_files
+ - images/ubuntu/.*
+ - images/ubuntu-cloud-archive/.*
+ - images/python-base/.*
+ - images/openstack-venv-builder/.*
+ - images/openstack-python-runtime/.*
+ - images/magnum/.*
+
+- job:
+ name: atmosphere-upload-container-image-magnum
+ parent: atmosphere-upload-container-image
+ dependencies:
+ - name: atmosphere-upload-container-image-ubuntu
+ soft: true
+ - name: atmosphere-upload-container-image-ubuntu-cloud-archive
+ soft: true
+ - name: atmosphere-upload-container-image-python-base
+ soft: true
+ - name: atmosphere-upload-container-image-openstack-venv-builder
+ soft: true
+ - name: atmosphere-upload-container-image-openstack-python-runtime
+ soft: true
+ vars: *container_image_vars
+ files: *container_image_files
+
+- job:
+ name: atmosphere-promote-container-image-magnum
+ parent: atmosphere-promote-container-image
+ vars: *container_image_vars
+ files: *container_image_files
diff --git a/zuul.d/container-images/manila.yaml b/zuul.d/container-images/manila.yaml
new file mode 100644
index 0000000..b907129
--- /dev/null
+++ b/zuul.d/container-images/manila.yaml
@@ -0,0 +1,81 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- project:
+ check:
+ jobs:
+ - atmosphere-build-container-image-manila
+ gate:
+ jobs:
+ - atmosphere-upload-container-image-manila
+ promote:
+ jobs:
+ - atmosphere-promote-container-image-manila
+
+- job:
+ name: atmosphere-build-container-image-manila
+ parent: atmosphere-build-container-image
+ dependencies:
+ - name: atmosphere-build-container-image-ubuntu
+ soft: true
+ - name: atmosphere-build-container-image-ubuntu-cloud-archive
+ soft: true
+ - name: atmosphere-build-container-image-python-base
+ soft: true
+ - name: atmosphere-build-container-image-openstack-venv-builder
+ soft: true
+ - name: atmosphere-build-container-image-openstack-python-runtime
+ soft: true
+ vars: &container_image_vars
+ promote_container_image_job: atmosphere-upload-container-image-manila
+ container_images:
+ - context: images/manila
+ registry: registry.atmosphere.dev
+ repository: registry.atmosphere.dev/library/manila
+ arch:
+ - linux/amd64
+ build_args:
+ - PROJECT=manila
+ tags:
+ - main
+ files: &container_image_files
+ - images/ubuntu/.*
+ - images/ubuntu-cloud-archive/.*
+ - images/python-base/.*
+ - images/openstack-venv-builder/.*
+ - images/openstack-python-runtime/.*
+ - images/manila/.*
+
+- job:
+ name: atmosphere-upload-container-image-manila
+ parent: atmosphere-upload-container-image
+ dependencies:
+ - name: atmosphere-upload-container-image-ubuntu
+ soft: true
+ - name: atmosphere-upload-container-image-ubuntu-cloud-archive
+ soft: true
+ - name: atmosphere-upload-container-image-python-base
+ soft: true
+ - name: atmosphere-upload-container-image-openstack-venv-builder
+ soft: true
+ - name: atmosphere-upload-container-image-openstack-python-runtime
+ soft: true
+ vars: *container_image_vars
+ files: *container_image_files
+
+- job:
+ name: atmosphere-promote-container-image-manila
+ parent: atmosphere-promote-container-image
+ vars: *container_image_vars
+ files: *container_image_files
diff --git a/zuul.d/container-images/netoffload.yaml b/zuul.d/container-images/netoffload.yaml
new file mode 100644
index 0000000..40aa81f
--- /dev/null
+++ b/zuul.d/container-images/netoffload.yaml
@@ -0,0 +1,59 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- project:
+ check:
+ jobs:
+ - atmosphere-build-container-image-netoffload
+ gate:
+ jobs:
+ - atmosphere-upload-container-image-netoffload
+ promote:
+ jobs:
+ - atmosphere-promote-container-image-netoffload
+
+- job:
+ name: atmosphere-build-container-image-netoffload
+ parent: atmosphere-build-container-image
+ dependencies:
+ - name: atmosphere-build-container-image-ubuntu
+ soft: true
+ vars: &container_image_vars
+ promote_container_image_job: atmosphere-upload-container-image-netoffload
+ container_images:
+ - context: images/netoffload
+ registry: registry.atmosphere.dev
+ repository: registry.atmosphere.dev/library/netoffload
+ arch:
+ - linux/amd64
+ tags:
+ - main
+ files: &container_image_files
+ - images/ubuntu/.*
+ - images/netoffload/.*
+
+- job:
+ name: atmosphere-upload-container-image-netoffload
+ parent: atmosphere-upload-container-image
+ dependencies:
+ - name: atmosphere-upload-container-image-ubuntu
+ soft: true
+ vars: *container_image_vars
+ files: *container_image_files
+
+- job:
+ name: atmosphere-promote-container-image-netoffload
+ parent: atmosphere-promote-container-image
+ vars: *container_image_vars
+ files: *container_image_files
diff --git a/zuul.d/container-images/neutron.yaml b/zuul.d/container-images/neutron.yaml
new file mode 100644
index 0000000..101490a
--- /dev/null
+++ b/zuul.d/container-images/neutron.yaml
@@ -0,0 +1,81 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- project:
+ check:
+ jobs:
+ - atmosphere-build-container-image-neutron
+ gate:
+ jobs:
+ - atmosphere-upload-container-image-neutron
+ promote:
+ jobs:
+ - atmosphere-promote-container-image-neutron
+
+- job:
+ name: atmosphere-build-container-image-neutron
+ parent: atmosphere-build-container-image
+ dependencies:
+ - name: atmosphere-build-container-image-ubuntu
+ soft: true
+ - name: atmosphere-build-container-image-ubuntu-cloud-archive
+ soft: true
+ - name: atmosphere-build-container-image-python-base
+ soft: true
+ - name: atmosphere-build-container-image-openstack-venv-builder
+ soft: true
+ - name: atmosphere-build-container-image-openstack-python-runtime
+ soft: true
+ vars: &container_image_vars
+ promote_container_image_job: atmosphere-upload-container-image-neutron
+ container_images:
+ - context: images/neutron
+ registry: registry.atmosphere.dev
+ repository: registry.atmosphere.dev/library/neutron
+ arch:
+ - linux/amd64
+ build_args:
+ - PROJECT=neutron
+ tags:
+ - main
+ files: &container_image_files
+ - images/ubuntu/.*
+ - images/ubuntu-cloud-archive/.*
+ - images/python-base/.*
+ - images/openstack-venv-builder/.*
+ - images/openstack-python-runtime/.*
+ - images/neutron/.*
+
+- job:
+ name: atmosphere-upload-container-image-neutron
+ parent: atmosphere-upload-container-image
+ dependencies:
+ - name: atmosphere-upload-container-image-ubuntu
+ soft: true
+ - name: atmosphere-upload-container-image-ubuntu-cloud-archive
+ soft: true
+ - name: atmosphere-upload-container-image-python-base
+ soft: true
+ - name: atmosphere-upload-container-image-openstack-venv-builder
+ soft: true
+ - name: atmosphere-upload-container-image-openstack-python-runtime
+ soft: true
+ vars: *container_image_vars
+ files: *container_image_files
+
+- job:
+ name: atmosphere-promote-container-image-neutron
+ parent: atmosphere-promote-container-image
+ vars: *container_image_vars
+ files: *container_image_files
diff --git a/zuul.d/container-images/nova-ssh.yaml b/zuul.d/container-images/nova-ssh.yaml
new file mode 100644
index 0000000..4b5502d
--- /dev/null
+++ b/zuul.d/container-images/nova-ssh.yaml
@@ -0,0 +1,71 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- project:
+ check:
+ jobs:
+ - atmosphere-build-container-image-nova-ssh
+ gate:
+ jobs:
+ - atmosphere-upload-container-image-nova-ssh
+ promote:
+ jobs:
+ - atmosphere-promote-container-image-nova-ssh
+
+- job:
+ name: atmosphere-build-container-image-nova-ssh
+ parent: atmosphere-build-container-image
+ dependencies:
+ - name: atmosphere-build-container-image-ubuntu
+ soft: true
+ - name: atmosphere-build-container-image-ubuntu-cloud-archive
+ soft: true
+ - name: atmosphere-build-container-image-openstack-runtime
+ soft: true
+ vars: &container_image_vars
+ promote_container_image_job: atmosphere-upload-container-image-nova-ssh
+ container_images:
+ - context: images/nova-ssh
+ registry: registry.atmosphere.dev
+ repository: registry.atmosphere.dev/library/nova-ssh
+ arch:
+ - linux/amd64
+ build_args:
+ - PROJECT=nova
+ tags:
+ - main
+ files: &container_image_files
+ - images/ubuntu/.*
+ - images/ubuntu-cloud-archive/.*
+ - images/openstack-runtime/.*
+ - images/nova-ssh/.*
+
+- job:
+ name: atmosphere-upload-container-image-nova-ssh
+ parent: atmosphere-upload-container-image
+ dependencies:
+ - name: atmosphere-upload-container-image-ubuntu
+ soft: true
+ - name: atmosphere-upload-container-image-ubuntu-cloud-archive
+ soft: true
+ - name: atmosphere-upload-container-image-openstack-runtime
+ soft: true
+ vars: *container_image_vars
+ files: *container_image_files
+
+- job:
+ name: atmosphere-promote-container-image-nova-ssh
+ parent: atmosphere-promote-container-image
+ vars: *container_image_vars
+ files: *container_image_files
diff --git a/zuul.d/container-images/nova.yaml b/zuul.d/container-images/nova.yaml
new file mode 100644
index 0000000..35f7e0a
--- /dev/null
+++ b/zuul.d/container-images/nova.yaml
@@ -0,0 +1,81 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- project:
+ check:
+ jobs:
+ - atmosphere-build-container-image-nova
+ gate:
+ jobs:
+ - atmosphere-upload-container-image-nova
+ promote:
+ jobs:
+ - atmosphere-promote-container-image-nova
+
+- job:
+ name: atmosphere-build-container-image-nova
+ parent: atmosphere-build-container-image
+ dependencies:
+ - name: atmosphere-build-container-image-ubuntu
+ soft: true
+ - name: atmosphere-build-container-image-ubuntu-cloud-archive
+ soft: true
+ - name: atmosphere-build-container-image-python-base
+ soft: true
+ - name: atmosphere-build-container-image-openstack-venv-builder
+ soft: true
+ - name: atmosphere-build-container-image-openstack-python-runtime
+ soft: true
+ vars: &container_image_vars
+ promote_container_image_job: atmosphere-upload-container-image-nova
+ container_images:
+ - context: images/nova
+ registry: registry.atmosphere.dev
+ repository: registry.atmosphere.dev/library/nova
+ arch:
+ - linux/amd64
+ build_args:
+ - PROJECT=nova
+ tags:
+ - main
+ files: &container_image_files
+ - images/ubuntu/.*
+ - images/ubuntu-cloud-archive/.*
+ - images/python-base/.*
+ - images/openstack-venv-builder/.*
+ - images/openstack-python-runtime/.*
+ - images/nova/.*
+
+- job:
+ name: atmosphere-upload-container-image-nova
+ parent: atmosphere-upload-container-image
+ dependencies:
+ - name: atmosphere-upload-container-image-ubuntu
+ soft: true
+ - name: atmosphere-upload-container-image-ubuntu-cloud-archive
+ soft: true
+ - name: atmosphere-upload-container-image-python-base
+ soft: true
+ - name: atmosphere-upload-container-image-openstack-venv-builder
+ soft: true
+ - name: atmosphere-upload-container-image-openstack-python-runtime
+ soft: true
+ vars: *container_image_vars
+ files: *container_image_files
+
+- job:
+ name: atmosphere-promote-container-image-nova
+ parent: atmosphere-promote-container-image
+ vars: *container_image_vars
+ files: *container_image_files
diff --git a/zuul.d/container-images/octavia.yaml b/zuul.d/container-images/octavia.yaml
new file mode 100644
index 0000000..4cb7f6b
--- /dev/null
+++ b/zuul.d/container-images/octavia.yaml
@@ -0,0 +1,81 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- project:
+ check:
+ jobs:
+ - atmosphere-build-container-image-octavia
+ gate:
+ jobs:
+ - atmosphere-upload-container-image-octavia
+ promote:
+ jobs:
+ - atmosphere-promote-container-image-octavia
+
+- job:
+ name: atmosphere-build-container-image-octavia
+ parent: atmosphere-build-container-image
+ dependencies:
+ - name: atmosphere-build-container-image-ubuntu
+ soft: true
+ - name: atmosphere-build-container-image-ubuntu-cloud-archive
+ soft: true
+ - name: atmosphere-build-container-image-python-base
+ soft: true
+ - name: atmosphere-build-container-image-openstack-venv-builder
+ soft: true
+ - name: atmosphere-build-container-image-openstack-python-runtime
+ soft: true
+ vars: &container_image_vars
+ promote_container_image_job: atmosphere-upload-container-image-octavia
+ container_images:
+ - context: images/octavia
+ registry: registry.atmosphere.dev
+ repository: registry.atmosphere.dev/library/octavia
+ arch:
+ - linux/amd64
+ build_args:
+ - PROJECT=octavia
+ tags:
+ - main
+ files: &container_image_files
+ - images/ubuntu/.*
+ - images/ubuntu-cloud-archive/.*
+ - images/python-base/.*
+ - images/openstack-venv-builder/.*
+ - images/openstack-python-runtime/.*
+ - images/octavia/.*
+
+- job:
+ name: atmosphere-upload-container-image-octavia
+ parent: atmosphere-upload-container-image
+ dependencies:
+ - name: atmosphere-upload-container-image-ubuntu
+ soft: true
+ - name: atmosphere-upload-container-image-ubuntu-cloud-archive
+ soft: true
+ - name: atmosphere-upload-container-image-python-base
+ soft: true
+ - name: atmosphere-upload-container-image-openstack-venv-builder
+ soft: true
+ - name: atmosphere-upload-container-image-openstack-python-runtime
+ soft: true
+ vars: *container_image_vars
+ files: *container_image_files
+
+- job:
+ name: atmosphere-promote-container-image-octavia
+ parent: atmosphere-promote-container-image
+ vars: *container_image_vars
+ files: *container_image_files
diff --git a/zuul.d/container-images/openstack-python-runtime.yaml b/zuul.d/container-images/openstack-python-runtime.yaml
new file mode 100644
index 0000000..d4119ef
--- /dev/null
+++ b/zuul.d/container-images/openstack-python-runtime.yaml
@@ -0,0 +1,71 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- project:
+ check:
+ jobs:
+ - atmosphere-build-container-image-openstack-python-runtime
+ gate:
+ jobs:
+ - atmosphere-upload-container-image-openstack-python-runtime
+ promote:
+ jobs:
+ - atmosphere-promote-container-image-openstack-python-runtime
+
+- job:
+ name: atmosphere-build-container-image-openstack-python-runtime
+ parent: atmosphere-build-container-image
+ dependencies:
+ - name: atmosphere-build-container-image-ubuntu
+ soft: true
+ - name: atmosphere-build-container-image-ubuntu-cloud-archive
+ soft: true
+ - name: atmosphere-build-container-image-python-base
+ soft: true
+ vars: &container_image_vars
+ promote_container_image_job: atmosphere-upload-container-image-openstack-python-runtime
+ container_images:
+ - context: images/openstack-runtime
+ registry: registry.atmosphere.dev
+ repository: registry.atmosphere.dev/library/openstack-python-runtime
+ arch:
+ - linux/amd64
+ build_args:
+ - FROM=registry.atmosphere.dev/library/python-base:main
+ tags:
+ - main
+ files: &container_image_files
+ - images/ubuntu/.*
+ - images/ubuntu-cloud-archive/.*
+ - images/python-base/.*
+ - images/openstack-runtime/.*
+
+- job:
+ name: atmosphere-upload-container-image-openstack-python-runtime
+ parent: atmosphere-upload-container-image
+ dependencies:
+ - name: atmosphere-upload-container-image-ubuntu
+ soft: true
+ - name: atmosphere-upload-container-image-ubuntu-cloud-archive
+ soft: true
+ - name: atmosphere-upload-container-image-python-base
+ soft: true
+ vars: *container_image_vars
+ files: *container_image_files
+
+- job:
+ name: atmosphere-promote-container-image-openstack-python-runtime
+ parent: atmosphere-promote-container-image
+ vars: *container_image_vars
+ files: *container_image_files
diff --git a/zuul.d/container-images/openstack-runtime.yaml b/zuul.d/container-images/openstack-runtime.yaml
new file mode 100644
index 0000000..8b6be30
--- /dev/null
+++ b/zuul.d/container-images/openstack-runtime.yaml
@@ -0,0 +1,64 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- project:
+ check:
+ jobs:
+ - atmosphere-build-container-image-openstack-runtime
+ gate:
+ jobs:
+ - atmosphere-upload-container-image-openstack-runtime
+ promote:
+ jobs:
+ - atmosphere-promote-container-image-openstack-runtime
+
+- job:
+ name: atmosphere-build-container-image-openstack-runtime
+ parent: atmosphere-build-container-image
+ dependencies:
+ - name: atmosphere-build-container-image-ubuntu
+ soft: true
+ - name: atmosphere-build-container-image-ubuntu-cloud-archive
+ soft: true
+ vars: &container_image_vars
+ promote_container_image_job: atmosphere-upload-container-image-openstack-runtime
+ container_images:
+ - context: images/openstack-runtime
+ registry: registry.atmosphere.dev
+ repository: registry.atmosphere.dev/library/openstack-runtime
+ arch:
+ - linux/amd64
+ tags:
+ - main
+ files: &container_image_files
+ - images/ubuntu/.*
+ - images/ubuntu-cloud-archive/.*
+ - images/openstack-runtime/.*
+
+- job:
+ name: atmosphere-upload-container-image-openstack-runtime
+ parent: atmosphere-upload-container-image
+ dependencies:
+ - name: atmosphere-upload-container-image-ubuntu
+ soft: true
+ - name: atmosphere-upload-container-image-ubuntu-cloud-archive
+ soft: true
+ vars: *container_image_vars
+ files: *container_image_files
+
+- job:
+ name: atmosphere-promote-container-image-openstack-runtime
+ parent: atmosphere-promote-container-image
+ vars: *container_image_vars
+ files: *container_image_files
diff --git a/zuul.d/container-images/openstack-venv-builder.yaml b/zuul.d/container-images/openstack-venv-builder.yaml
new file mode 100644
index 0000000..ad0792b
--- /dev/null
+++ b/zuul.d/container-images/openstack-venv-builder.yaml
@@ -0,0 +1,69 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- project:
+ check:
+ jobs:
+ - atmosphere-build-container-image-openstack-venv-builder
+ gate:
+ jobs:
+ - atmosphere-upload-container-image-openstack-venv-builder
+ promote:
+ jobs:
+ - atmosphere-promote-container-image-openstack-venv-builder
+
+- job:
+ name: atmosphere-build-container-image-openstack-venv-builder
+ parent: atmosphere-build-container-image
+ dependencies:
+ - name: atmosphere-build-container-image-ubuntu
+ soft: true
+ - name: atmosphere-build-container-image-ubuntu-cloud-archive
+ soft: true
+ - name: atmosphere-build-container-image-python-base
+ soft: true
+ vars: &container_image_vars
+ promote_container_image_job: atmosphere-upload-container-image-openstack-venv-builder
+ container_images:
+ - context: images/openstack-venv-builder
+ registry: registry.atmosphere.dev
+ repository: registry.atmosphere.dev/library/openstack-venv-builder
+ arch:
+ - linux/amd64
+ tags:
+ - main
+ files: &container_image_files
+ - images/ubuntu/.*
+ - images/ubuntu-cloud-archive/.*
+ - images/python-base/.*
+ - images/openstack-venv-builder/.*
+
+- job:
+ name: atmosphere-upload-container-image-openstack-venv-builder
+ parent: atmosphere-upload-container-image
+ dependencies:
+ - name: atmosphere-upload-container-image-ubuntu
+ soft: true
+ - name: atmosphere-upload-container-image-ubuntu-cloud-archive
+ soft: true
+ - name: atmosphere-upload-container-image-python-base
+ soft: true
+ vars: *container_image_vars
+ files: *container_image_files
+
+- job:
+ name: atmosphere-promote-container-image-openstack-venv-builder
+ parent: atmosphere-promote-container-image
+ vars: *container_image_vars
+ files: *container_image_files
diff --git a/zuul.d/container-images/openvswitch.yaml b/zuul.d/container-images/openvswitch.yaml
new file mode 100644
index 0000000..090f51c
--- /dev/null
+++ b/zuul.d/container-images/openvswitch.yaml
@@ -0,0 +1,52 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- project:
+ check:
+ jobs:
+ - atmosphere-build-container-image-openvswitch
+ gate:
+ jobs:
+ - atmosphere-upload-container-image-openvswitch
+ promote:
+ jobs:
+ - atmosphere-promote-container-image-openvswitch
+
+- job:
+ name: atmosphere-build-container-image-openvswitch
+ parent: atmosphere-build-container-image
+ vars: &container_image_vars
+ promote_container_image_job: atmosphere-upload-container-image-openvswitch
+ container_images:
+ - context: images/openvswitch
+ registry: registry.atmosphere.dev
+ repository: registry.atmosphere.dev/library/openvswitch
+ arch:
+ - linux/amd64
+ tags:
+ - main
+ files: &container_image_files
+ - images/openvswitch/.*
+
+- job:
+ name: atmosphere-upload-container-image-openvswitch
+ parent: atmosphere-upload-container-image
+ vars: *container_image_vars
+ files: *container_image_files
+
+- job:
+ name: atmosphere-promote-container-image-openvswitch
+ parent: atmosphere-promote-container-image
+ vars: *container_image_vars
+ files: *container_image_files
diff --git a/zuul.d/container-images/ovn.yaml b/zuul.d/container-images/ovn.yaml
new file mode 100644
index 0000000..67eaaec
--- /dev/null
+++ b/zuul.d/container-images/ovn.yaml
@@ -0,0 +1,70 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- project:
+ check:
+ jobs:
+ - atmosphere-build-container-image-ovn
+ gate:
+ jobs:
+ - atmosphere-upload-container-image-ovn
+ promote:
+ jobs:
+ - atmosphere-promote-container-image-ovn
+
+- job:
+ name: atmosphere-build-container-image-ovn
+ parent: atmosphere-build-container-image
+ dependencies:
+ - name: atmosphere-build-container-image-openvswitch
+ soft: true
+ vars: &container_image_vars
+ promote_container_image_job: atmosphere-upload-container-image-ovn
+ container_images:
+ - context: images/ovn
+ registry: registry.atmosphere.dev
+ repository: registry.atmosphere.dev/library/ovn-central
+ arch:
+ - linux/amd64
+ build_args:
+ - OVN_COMPONENT=central
+ tags:
+ - main
+ - context: images/ovn
+ registry: registry.atmosphere.dev
+ repository: registry.atmosphere.dev/library/ovn-host
+ arch:
+ - linux/amd64
+ build_args:
+ - OVN_COMPONENT=host
+ tags:
+ - main
+ files: &container_image_files
+ - images/openvswitch/.*
+ - images/ovn/.*
+
+- job:
+ name: atmosphere-upload-container-image-ovn
+ parent: atmosphere-upload-container-image
+ dependencies:
+ - name: atmosphere-upload-container-image-openvswitch
+ soft: true
+ vars: *container_image_vars
+ files: *container_image_files
+
+- job:
+ name: atmosphere-promote-container-image-ovn
+ parent: atmosphere-promote-container-image
+ vars: *container_image_vars
+ files: *container_image_files
diff --git a/zuul.d/container-images/placement.yaml b/zuul.d/container-images/placement.yaml
new file mode 100644
index 0000000..1902aa5
--- /dev/null
+++ b/zuul.d/container-images/placement.yaml
@@ -0,0 +1,81 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- project:
+ check:
+ jobs:
+ - atmosphere-build-container-image-placement
+ gate:
+ jobs:
+ - atmosphere-upload-container-image-placement
+ promote:
+ jobs:
+ - atmosphere-promote-container-image-placement
+
+- job:
+ name: atmosphere-build-container-image-placement
+ parent: atmosphere-build-container-image
+ dependencies:
+ - name: atmosphere-build-container-image-ubuntu
+ soft: true
+ - name: atmosphere-build-container-image-ubuntu-cloud-archive
+ soft: true
+ - name: atmosphere-build-container-image-python-base
+ soft: true
+ - name: atmosphere-build-container-image-openstack-venv-builder
+ soft: true
+ - name: atmosphere-build-container-image-openstack-python-runtime
+ soft: true
+ vars: &container_image_vars
+ promote_container_image_job: atmosphere-upload-container-image-placement
+ container_images:
+ - context: images/placement
+ registry: registry.atmosphere.dev
+ repository: registry.atmosphere.dev/library/placement
+ arch:
+ - linux/amd64
+ build_args:
+ - PROJECT=placement
+ tags:
+ - main
+ files: &container_image_files
+ - images/ubuntu/.*
+ - images/ubuntu-cloud-archive/.*
+ - images/python-base/.*
+ - images/openstack-venv-builder/.*
+ - images/openstack-python-runtime/.*
+ - images/placement/.*
+
+- job:
+ name: atmosphere-upload-container-image-placement
+ parent: atmosphere-upload-container-image
+ dependencies:
+ - name: atmosphere-upload-container-image-ubuntu
+ soft: true
+ - name: atmosphere-upload-container-image-ubuntu-cloud-archive
+ soft: true
+ - name: atmosphere-upload-container-image-python-base
+ soft: true
+ - name: atmosphere-upload-container-image-openstack-venv-builder
+ soft: true
+ - name: atmosphere-upload-container-image-openstack-python-runtime
+ soft: true
+ vars: *container_image_vars
+ files: *container_image_files
+
+- job:
+ name: atmosphere-promote-container-image-placement
+ parent: atmosphere-promote-container-image
+ vars: *container_image_vars
+ files: *container_image_files
diff --git a/zuul.d/container-images/python-base.yaml b/zuul.d/container-images/python-base.yaml
new file mode 100644
index 0000000..8eb63c4
--- /dev/null
+++ b/zuul.d/container-images/python-base.yaml
@@ -0,0 +1,64 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- project:
+ check:
+ jobs:
+ - atmosphere-build-container-image-python-base
+ gate:
+ jobs:
+ - atmosphere-upload-container-image-python-base
+ promote:
+ jobs:
+ - atmosphere-promote-container-image-python-base
+
+- job:
+ name: atmosphere-build-container-image-python-base
+ parent: atmosphere-build-container-image
+ dependencies:
+ - name: atmosphere-build-container-image-ubuntu
+ soft: true
+ - name: atmosphere-build-container-image-ubuntu-cloud-archive
+ soft: true
+ vars: &container_image_vars
+ promote_container_image_job: atmosphere-upload-container-image-python-base
+ container_images:
+ - context: images/python-base
+ registry: registry.atmosphere.dev
+ repository: registry.atmosphere.dev/library/python-base
+ arch:
+ - linux/amd64
+ tags:
+ - main
+ files: &container_image_files
+ - images/ubuntu/.*
+ - images/ubuntu-cloud-archive/.*
+ - images/python-base/.*
+
+- job:
+ name: atmosphere-upload-container-image-python-base
+ parent: atmosphere-upload-container-image
+ dependencies:
+ - name: atmosphere-upload-container-image-ubuntu
+ soft: true
+ - name: atmosphere-upload-container-image-ubuntu-cloud-archive
+ soft: true
+ vars: *container_image_vars
+ files: *container_image_files
+
+- job:
+ name: atmosphere-promote-container-image-python-base
+ parent: atmosphere-promote-container-image
+ vars: *container_image_vars
+ files: *container_image_files
diff --git a/zuul.d/container-images/senlin.yaml b/zuul.d/container-images/senlin.yaml
new file mode 100644
index 0000000..225823a
--- /dev/null
+++ b/zuul.d/container-images/senlin.yaml
@@ -0,0 +1,81 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- project:
+ check:
+ jobs:
+ - atmosphere-build-container-image-senlin
+ gate:
+ jobs:
+ - atmosphere-upload-container-image-senlin
+ promote:
+ jobs:
+ - atmosphere-promote-container-image-senlin
+
+- job:
+ name: atmosphere-build-container-image-senlin
+ parent: atmosphere-build-container-image
+ dependencies:
+ - name: atmosphere-build-container-image-ubuntu
+ soft: true
+ - name: atmosphere-build-container-image-ubuntu-cloud-archive
+ soft: true
+ - name: atmosphere-build-container-image-python-base
+ soft: true
+ - name: atmosphere-build-container-image-openstack-venv-builder
+ soft: true
+ - name: atmosphere-build-container-image-openstack-python-runtime
+ soft: true
+ vars: &container_image_vars
+ promote_container_image_job: atmosphere-upload-container-image-senlin
+ container_images:
+ - context: images/senlin
+ registry: registry.atmosphere.dev
+ repository: registry.atmosphere.dev/library/senlin
+ arch:
+ - linux/amd64
+ build_args:
+ - PROJECT=senlin
+ tags:
+ - main
+ files: &container_image_files
+ - images/ubuntu/.*
+ - images/ubuntu-cloud-archive/.*
+ - images/python-base/.*
+ - images/openstack-venv-builder/.*
+ - images/openstack-python-runtime/.*
+ - images/senlin/.*
+
+- job:
+ name: atmosphere-upload-container-image-senlin
+ parent: atmosphere-upload-container-image
+ dependencies:
+ - name: atmosphere-upload-container-image-ubuntu
+ soft: true
+ - name: atmosphere-upload-container-image-ubuntu-cloud-archive
+ soft: true
+ - name: atmosphere-upload-container-image-python-base
+ soft: true
+ - name: atmosphere-upload-container-image-openstack-venv-builder
+ soft: true
+ - name: atmosphere-upload-container-image-openstack-python-runtime
+ soft: true
+ vars: *container_image_vars
+ files: *container_image_files
+
+- job:
+ name: atmosphere-promote-container-image-senlin
+ parent: atmosphere-promote-container-image
+ vars: *container_image_vars
+ files: *container_image_files
diff --git a/zuul.d/container-images/staffeln.yaml b/zuul.d/container-images/staffeln.yaml
new file mode 100644
index 0000000..93e6845
--- /dev/null
+++ b/zuul.d/container-images/staffeln.yaml
@@ -0,0 +1,81 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- project:
+ check:
+ jobs:
+ - atmosphere-build-container-image-staffeln
+ gate:
+ jobs:
+ - atmosphere-upload-container-image-staffeln
+ promote:
+ jobs:
+ - atmosphere-promote-container-image-staffeln
+
+- job:
+ name: atmosphere-build-container-image-staffeln
+ parent: atmosphere-build-container-image
+ dependencies:
+ - name: atmosphere-build-container-image-ubuntu
+ soft: true
+ - name: atmosphere-build-container-image-ubuntu-cloud-archive
+ soft: true
+ - name: atmosphere-build-container-image-python-base
+ soft: true
+ - name: atmosphere-build-container-image-openstack-venv-builder
+ soft: true
+ - name: atmosphere-build-container-image-openstack-python-runtime
+ soft: true
+ vars: &container_image_vars
+ promote_container_image_job: atmosphere-upload-container-image-staffeln
+ container_images:
+ - context: images/staffeln
+ registry: registry.atmosphere.dev
+ repository: registry.atmosphere.dev/library/staffeln
+ arch:
+ - linux/amd64
+ build_args:
+ - PROJECT=staffeln
+ tags:
+ - main
+ files: &container_image_files
+ - images/ubuntu/.*
+ - images/ubuntu-cloud-archive/.*
+ - images/python-base/.*
+ - images/openstack-venv-builder/.*
+ - images/openstack-python-runtime/.*
+ - images/staffeln/.*
+
+- job:
+ name: atmosphere-upload-container-image-staffeln
+ parent: atmosphere-upload-container-image
+ dependencies:
+ - name: atmosphere-upload-container-image-ubuntu
+ soft: true
+ - name: atmosphere-upload-container-image-ubuntu-cloud-archive
+ soft: true
+ - name: atmosphere-upload-container-image-python-base
+ soft: true
+ - name: atmosphere-upload-container-image-openstack-venv-builder
+ soft: true
+ - name: atmosphere-upload-container-image-openstack-python-runtime
+ soft: true
+ vars: *container_image_vars
+ files: *container_image_files
+
+- job:
+ name: atmosphere-promote-container-image-staffeln
+ parent: atmosphere-promote-container-image
+ vars: *container_image_vars
+ files: *container_image_files
diff --git a/zuul.d/container-images/tempest.yaml b/zuul.d/container-images/tempest.yaml
new file mode 100644
index 0000000..a9f5dc6
--- /dev/null
+++ b/zuul.d/container-images/tempest.yaml
@@ -0,0 +1,81 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- project:
+ check:
+ jobs:
+ - atmosphere-build-container-image-tempest
+ gate:
+ jobs:
+ - atmosphere-upload-container-image-tempest
+ promote:
+ jobs:
+ - atmosphere-promote-container-image-tempest
+
+- job:
+ name: atmosphere-build-container-image-tempest
+ parent: atmosphere-build-container-image
+ dependencies:
+ - name: atmosphere-build-container-image-ubuntu
+ soft: true
+ - name: atmosphere-build-container-image-ubuntu-cloud-archive
+ soft: true
+ - name: atmosphere-build-container-image-python-base
+ soft: true
+ - name: atmosphere-build-container-image-openstack-venv-builder
+ soft: true
+ - name: atmosphere-build-container-image-openstack-python-runtime
+ soft: true
+ vars: &container_image_vars
+ promote_container_image_job: atmosphere-upload-container-image-tempest
+ container_images:
+ - context: images/tempest
+ registry: registry.atmosphere.dev
+ repository: registry.atmosphere.dev/library/tempest
+ arch:
+ - linux/amd64
+ build_args:
+ - PROJECT=tempest
+ tags:
+ - main
+ files: &container_image_files
+ - images/ubuntu/.*
+ - images/ubuntu-cloud-archive/.*
+ - images/python-base/.*
+ - images/openstack-venv-builder/.*
+ - images/openstack-python-runtime/.*
+ - images/tempest/.*
+
+- job:
+ name: atmosphere-upload-container-image-tempest
+ parent: atmosphere-upload-container-image
+ dependencies:
+ - name: atmosphere-upload-container-image-ubuntu
+ soft: true
+ - name: atmosphere-upload-container-image-ubuntu-cloud-archive
+ soft: true
+ - name: atmosphere-upload-container-image-python-base
+ soft: true
+ - name: atmosphere-upload-container-image-openstack-venv-builder
+ soft: true
+ - name: atmosphere-upload-container-image-openstack-python-runtime
+ soft: true
+ vars: *container_image_vars
+ files: *container_image_files
+
+- job:
+ name: atmosphere-promote-container-image-tempest
+ parent: atmosphere-promote-container-image
+ vars: *container_image_vars
+ files: *container_image_files
diff --git a/zuul.d/container-images/ubuntu-cloud-archive.yaml b/zuul.d/container-images/ubuntu-cloud-archive.yaml
new file mode 100644
index 0000000..1f0a4ef
--- /dev/null
+++ b/zuul.d/container-images/ubuntu-cloud-archive.yaml
@@ -0,0 +1,59 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- project:
+ check:
+ jobs:
+ - atmosphere-build-container-image-ubuntu-cloud-archive
+ gate:
+ jobs:
+ - atmosphere-upload-container-image-ubuntu-cloud-archive
+ promote:
+ jobs:
+ - atmosphere-promote-container-image-ubuntu-cloud-archive
+
+- job:
+ name: atmosphere-build-container-image-ubuntu-cloud-archive
+ parent: atmosphere-build-container-image
+ dependencies:
+ - name: atmosphere-build-container-image-ubuntu
+ soft: true
+ vars: &container_image_vars
+ promote_container_image_job: atmosphere-upload-container-image-ubuntu-cloud-archive
+ container_images:
+ - context: images/ubuntu-cloud-archive
+ registry: registry.atmosphere.dev
+ repository: registry.atmosphere.dev/library/ubuntu-cloud-archive
+ arch:
+ - linux/amd64
+ tags:
+ - main
+ files: &container_image_files
+ - images/ubuntu/.*
+ - images/ubuntu-cloud-archive/.*
+
+- job:
+ name: atmosphere-upload-container-image-ubuntu-cloud-archive
+ parent: atmosphere-upload-container-image
+ dependencies:
+ - name: atmosphere-upload-container-image-ubuntu
+ soft: true
+ vars: *container_image_vars
+ files: *container_image_files
+
+- job:
+ name: atmosphere-promote-container-image-ubuntu-cloud-archive
+ parent: atmosphere-promote-container-image
+ vars: *container_image_vars
+ files: *container_image_files
diff --git a/zuul.d/container-images/ubuntu.yaml b/zuul.d/container-images/ubuntu.yaml
new file mode 100644
index 0000000..e7966a0
--- /dev/null
+++ b/zuul.d/container-images/ubuntu.yaml
@@ -0,0 +1,52 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- project:
+ check:
+ jobs:
+ - atmosphere-build-container-image-ubuntu
+ gate:
+ jobs:
+ - atmosphere-upload-container-image-ubuntu
+ promote:
+ jobs:
+ - atmosphere-promote-container-image-ubuntu
+
+- job:
+ name: atmosphere-build-container-image-ubuntu
+ parent: atmosphere-build-container-image
+ vars: &container_image_vars
+ promote_container_image_job: atmosphere-upload-container-image-ubuntu
+ container_images:
+ - context: images/ubuntu
+ registry: registry.atmosphere.dev
+ repository: registry.atmosphere.dev/library/ubuntu
+ arch:
+ - linux/amd64
+ tags:
+ - main
+ files: &container_image_files
+ - images/ubuntu/.*
+
+- job:
+ name: atmosphere-upload-container-image-ubuntu
+ parent: atmosphere-upload-container-image
+ vars: *container_image_vars
+ files: *container_image_files
+
+- job:
+ name: atmosphere-promote-container-image-ubuntu
+ parent: atmosphere-promote-container-image
+ vars: *container_image_vars
+ files: *container_image_files
diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml
index 38af45f..31fcd3e 100644
--- a/zuul.d/jobs.yaml
+++ b/zuul.d/jobs.yaml
@@ -25,28 +25,12 @@
- ansible_galaxy_info
- job:
- name: atmosphere-buildset-registry
- pre-run: zuul.d/playbooks/buildset-registry/pre.yml
- run: zuul.d/playbooks/buildset-registry/run.yml
- ansible-split-streams: true
-
-- job:
- name: atmosphere-upload-images
- parent: atmosphere-buildset-registry
- run: zuul.d/playbooks/buildset-registry/run.yml
- secrets:
- - registry_credentials
- - cosign_key
-
-- job:
name: atmosphere-molecule
parent: tox
abstract: true
pre-run: zuul.d/playbooks/molecule/pre.yml
run: zuul.d/playbooks/molecule/run.yml
post-run: zuul.d/playbooks/molecule/post.yml
- dependencies:
- - atmosphere-buildset-registry
- job:
name: atmosphere-molecule-csi
diff --git a/zuul.d/playbooks/buildset-registry/run.yml b/zuul.d/playbooks/buildset-registry/run.yml
deleted file mode 100644
index 7f8118c..0000000
--- a/zuul.d/playbooks/buildset-registry/run.yml
+++ /dev/null
@@ -1,159 +0,0 @@
-# Copyright (c) 2024 VEXXHOST, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-- name: Build images
- hosts: all
- tasks:
- # NOTE(mnaser): This can be removed once the following merges
- # https://review.opendev.org/c/zuul/zuul-jobs/+/915025
- - name: Load "buildset_registry" fact
- block:
- - name: Check for results.json
- stat:
- path: "{{ zuul.executor.result_data_file }}"
- register: result_json_stat
- delegate_to: localhost
- - name: Load information from zuul_return
- no_log: true
- set_fact:
- buildset_registry: "{{ (lookup('file', zuul.executor.result_data_file) | from_json)['secret_data']['buildset_registry'] }}"
- when:
- - buildset_registry is not defined
- - result_json_stat.stat.exists
- - result_json_stat.stat.size > 0
- - "'buildset_registry' in (lookup('file', zuul.executor.result_data_file) | from_json).get('secret_data')"
-
- - name: Configure Buildkit certificates
- when: buildset_registry is defined and buildset_registry.cert
- become: true
- block:
- - name: Create a folder for the certificates
- ansible.builtin.file:
- path: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}"
- state: directory
- - name: Copy the certificate
- ansible.builtin.copy:
- content: "{{ buildset_registry.cert }}"
- dest: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/ca.crt"
- - name: Create a buildkitd.toml file
- ansible.builtin.copy:
- dest: /etc/buildkitd.toml
- content: |
- [registry."{{ buildset_registry.host }}:{{ buildset_registry.port }}"]
- ca=["/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/ca.crt"]
-
- - name: Create builder
- ansible.builtin.shell: docker buildx create --name=atmosphere --driver=docker-container {% if buildset_registry.cert %}--config /etc/buildkitd.toml{% endif %}
-
- - name: Point registry to Atmosphere if in post pipeline
- when: zuul.pipeline == 'post'
- no_log: true
- ansible.builtin.set_fact:
- buildset_registry:
- host: registry.atmosphere.dev
- port: 443
- username: "{{ registry_credentials.username }}"
- password: "{{ registry_credentials.password }}"
-
- - name: Log into registry
- docker_login:
- registry: "{{ buildset_registry.host }}{% if buildset_registry.port != 443 %}:{{ buildset_registry.port }}{% endif %}"
- username: "{{ buildset_registry.username }}"
- password: "{{ buildset_registry.password }}"
-
- - name: Build images
- ansible.builtin.shell: |
- docker buildx bake --builder=atmosphere --provenance --sbom=true --push
- args:
- chdir: "{{ zuul.project.src_dir }}"
- environment:
- REGISTRY: "{{ buildset_registry.host }}{% if buildset_registry.port != 443 %}:{{ buildset_registry.port }}{% endif %}/library"
- PUSH_TO_CACHE: "{{ zuul.pipeline == 'post' }}"
-
- - name: Get list of images built
- ansible.builtin.shell: docker buildx bake --print
- args:
- chdir: "{{ zuul.project.src_dir }}"
- environment:
- REGISTRY: "{{ buildset_registry.host }}{% if buildset_registry.port != 443 %}:{{ buildset_registry.port }}{% endif %}/library"
- register: images_built_json
-
- - name: Set fact with list of images
- set_fact:
- images_built: "{{ images_built_json.stdout | from_json | json_query('target.*.tags[?@] | []') }}"
-
- - name: Sign images
- when: zuul.pipeline == 'post'
- block:
- - name: Download cosign binary
- become: true
- ansible.builtin.get_url:
- url: https://github.com/sigstore/cosign/releases/latest/download/cosign-linux-amd64
- dest: /usr/local/bin/cosign
- mode: 0755
-
- - name: Determine the digest for the images
- ansible.builtin.shell: |
- cosign triangulate --type=digest {{ item }}
- loop: "{{ images_built }}"
- register: cosign_digest
-
- - name: Copy the cosign public key
- copy:
- content: "{{ cosign_key.public }}"
- dest: cosign.pub
-
- - name: Verify which images are signed
- ignore_errors: true
- ansible.builtin.shell: |
- cosign verify --key cosign.pub --output json {{ item }}
- loop: "{{ cosign_digest.results | map(attribute='stdout') | list | unique }}"
- register: cosign_verify
-
- - name: Copy the cosign private key
- copy:
- content: "{{ cosign_key.private }}"
- dest: cosign.key
-
- - name: Sign images
- ansible.builtin.shell: |
- cosign sign -y --recursive --key cosign.key {{ item }}
- loop: "{{ cosign_verify.results | selectattr('failed', 'equalto', true) | map(attribute='item') | list }}"
-
- - name: Delete the cosign private key
- file:
- path: cosign.key
- state: absent
-
- - name: Return Zuul artifacts for images
- zuul_return:
- data:
- zuul:
- artifacts:
- - name: "{{ item }}"
- url: "docker://{{ item }}"
- metadata:
- type: container_image
- repository: "{{ item.split(':')[0] }}"
- tag: "{{ item.split(':')[1] }}"
- loop: "{{ images_built }}"
-
-- name: Yield to other jobs
- hosts: localhost
- tasks:
- - name: Pause the job
- zuul_return:
- data:
- zuul:
- pause: true
diff --git a/zuul.d/playbooks/molecule/pre.yml b/zuul.d/playbooks/molecule/pre.yml
index f9f2213..a4bc692 100644
--- a/zuul.d/playbooks/molecule/pre.yml
+++ b/zuul.d/playbooks/molecule/pre.yml
@@ -59,8 +59,15 @@
- name: Replace the registry in image manifest
ansible.builtin.replace:
path: "{{ zuul.project.src_dir }}/roles/defaults/vars/main.yml"
- regexp: "registry.atmosphere.dev/library/([^@]*)@sha256:[a-fA-F0-9]{64}"
- replace: '{{ buildset_registry.host }}:{{ buildset_registry.port }}/library/\1'
+ regexp: "{{ repo }}:{{ tag }}"
+ replace: '{{ buildset_registry.host }}:{{ buildset_registry.port }}/{{ repo }}:{{ tag }}'
+ loop: "{{ zuul.artifacts | default([]) }}"
+ loop_control:
+ loop_var: zj_zuul_artifact
+ when: "'metadata' in zj_zuul_artifact and zj_zuul_artifact.metadata.type | default('') == 'container_image'"
+ vars:
+ repo: "{{ zj_zuul_artifact.metadata.repository }}"
+ tag: "{{ zj_zuul_artifact.metadata.tag }}"
# TODO(mnaser): Drop this when we move to PBR
- name: Add current folder to Git's safe directories
diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml
index e0038b9..7089996 100644
--- a/zuul.d/project.yaml
+++ b/zuul.d/project.yaml
@@ -17,18 +17,129 @@
check:
jobs:
- atmosphere-build-collection
- - atmosphere-buildset-registry
- - atmosphere-molecule-aio-keycloak
- - atmosphere-molecule-aio-openvswitch
- - atmosphere-molecule-aio-ovn
- - atmosphere-molecule-csi-local-path-provisioner
- - atmosphere-molecule-csi-rbd
+ - atmosphere-molecule-aio-keycloak:
+ dependencies: &molecule_check_dependencies
+ - name: atmosphere-build-container-image-barbican
+ soft: true
+ - name: atmosphere-build-container-image-cinder
+ soft: true
+ - name: atmosphere-build-container-image-cluster-api-provider-openstack
+ soft: true
+ - name: atmosphere-build-container-image-designate
+ soft: true
+ - name: atmosphere-build-container-image-glance
+ soft: true
+ - name: atmosphere-build-container-image-heat
+ soft: true
+ - name: atmosphere-build-container-image-horizon
+ soft: true
+ - name: atmosphere-build-container-image-ironic
+ soft: true
+ - name: atmosphere-build-container-image-keystone
+ soft: true
+ - name: atmosphere-build-container-image-kubernetes-entrypoint
+ soft: true
+ - name: atmosphere-build-container-image-libvirt-tls-sidecar
+ soft: true
+ - name: atmosphere-build-container-image-libvirtd
+ soft: true
+ - name: atmosphere-build-container-image-magnum
+ soft: true
+ - name: atmosphere-build-container-image-manila
+ soft: true
+ - name: atmosphere-build-container-image-netoffload
+ soft: true
+ - name: atmosphere-build-container-image-neutron
+ soft: true
+ - name: atmosphere-build-container-image-nova
+ soft: true
+ - name: atmosphere-build-container-image-nova-ssh
+ soft: true
+ - name: atmosphere-build-container-image-octavia
+ soft: true
+ - name: atmosphere-build-container-image-openvswitch
+ soft: true
+ - name: atmosphere-build-container-image-ovn
+ soft: true
+ - name: atmosphere-build-container-image-placement
+ soft: true
+ - name: atmosphere-build-container-image-senlin
+ soft: true
+ - name: atmosphere-build-container-image-staffeln
+ soft: true
+ - name: atmosphere-build-container-image-tempest
+ soft: true
+ - atmosphere-molecule-aio-openvswitch:
+ dependencies: *molecule_check_dependencies
+ - atmosphere-molecule-aio-ovn:
+ dependencies: *molecule_check_dependencies
+ - atmosphere-molecule-csi-local-path-provisioner:
+ dependencies: *molecule_check_dependencies
+ - atmosphere-molecule-csi-rbd:
+ dependencies: *molecule_check_dependencies
gate:
jobs:
- atmosphere-build-collection
- post:
- jobs:
- - atmosphere-upload-images
+ - atmosphere-molecule-aio-keycloak:
+ dependencies: &molecule_gate_dependencies
+ - name: atmosphere-upload-container-image-barbican
+ soft: true
+ - name: atmosphere-upload-container-image-cinder
+ soft: true
+ - name: atmosphere-upload-container-image-cluster-api-provider-openstack
+ soft: true
+ - name: atmosphere-upload-container-image-designate
+ soft: true
+ - name: atmosphere-upload-container-image-glance
+ soft: true
+ - name: atmosphere-upload-container-image-heat
+ soft: true
+ - name: atmosphere-upload-container-image-horizon
+ soft: true
+ - name: atmosphere-upload-container-image-ironic
+ soft: true
+ - name: atmosphere-upload-container-image-keystone
+ soft: true
+ - name: atmosphere-upload-container-image-kubernetes-entrypoint
+ soft: true
+ - name: atmosphere-upload-container-image-libvirt-tls-sidecar
+ soft: true
+ - name: atmosphere-upload-container-image-libvirtd
+ soft: true
+ - name: atmosphere-upload-container-image-magnum
+ soft: true
+ - name: atmosphere-upload-container-image-manila
+ soft: true
+ - name: atmosphere-upload-container-image-netoffload
+ soft: true
+ - name: atmosphere-upload-container-image-neutron
+ soft: true
+ - name: atmosphere-upload-container-image-nova
+ soft: true
+ - name: atmosphere-upload-container-image-nova-ssh
+ soft: true
+ - name: atmosphere-upload-container-image-octavia
+ soft: true
+ - name: atmosphere-upload-container-image-openvswitch
+ soft: true
+ - name: atmosphere-upload-container-image-ovn
+ soft: true
+ - name: atmosphere-upload-container-image-placement
+ soft: true
+ - name: atmosphere-upload-container-image-senlin
+ soft: true
+ - name: atmosphere-upload-container-image-staffeln
+ soft: true
+ - name: atmosphere-upload-container-image-tempest
+ soft: true
+ - atmosphere-molecule-aio-openvswitch:
+ dependencies: *molecule_gate_dependencies
+ - atmosphere-molecule-aio-ovn:
+ dependencies: *molecule_gate_dependencies
+ - atmosphere-molecule-csi-local-path-provisioner:
+ dependencies: *molecule_gate_dependencies
+ - atmosphere-molecule-csi-rbd:
+ dependencies: *molecule_gate_dependencies
release:
jobs:
- atmosphere-publish-collection
diff --git a/zuul.d/secrets.yaml b/zuul.d/secrets.yaml
index 047edda..0c59229 100644
--- a/zuul.d/secrets.yaml
+++ b/zuul.d/secrets.yaml
@@ -13,20 +13,21 @@
# under the License.
- secret:
- name: registry_credentials
+ name: atmosphere-registry-credentials
data:
- username: robot$zuul
- password: !encrypted/pkcs1-oaep
- - OOykjodZE21qsYYLpzplp+PV0QbsKQ1B3+kI7bY97VQI/d5RlewqlNABc10eQnyYFSDvq
- z2gSigSHxaVcV5qKJLTNVDgzSBHBj349OaTh6dXsxplvoArehfYMMZGuNmFlucoeN8K6w
- yLRViN7tCS39CAYdjeNX1X7mQ7gBC61jUQ++JB+R5MhXmALJxzPfQRl9jsYmjx9ZXjEwE
- tjKLSyQifQU20eXbhZOUW2nr+ItTikS3AOSo6Ja6jCI1c9lj6mJtUOorGsuxfdhEigPws
- Qnz539imGcyqySSxvbJvgoEYxhE3dHFV5cJkomoHHHwLH0wbjAgBQtCMX3CvpxNX8sBfJ
- MxvUkxY8VWt3CtJkdq+/eaCovCRn6GN5enI5tlUJgpAyV+PO6PvkTan6yC8lHMM5pD4jX
- Hdo6gt6m9WyA5VxUHdoYYMaDO/rvCxxrUevzPn8do5I96madr9S9lFARqw74mgXG5I6pZ
- M7zDXnorUFyv9dUIB2rOZrp7o0OC2thujjDTKXb4qfmfXGOwlkNmtCLo6BaDo9pSdRN8p
- k0YnUAItZ64qUR7paEUKGy4rzsZjDYvIj7DrCFvLL2CXcyjPGcmcblpSHe5vJ15CFVH8X
- o39FIIhSmehvrYJziGYUgf4JY1B6ktBtFc9l78WeoJRHNce+viSSkBj1fhbUaI=
+ registry.atmosphere.dev:
+ username: robot$zuul
+ password: !encrypted/pkcs1-oaep
+ - OOykjodZE21qsYYLpzplp+PV0QbsKQ1B3+kI7bY97VQI/d5RlewqlNABc10eQnyYFSDvq
+ z2gSigSHxaVcV5qKJLTNVDgzSBHBj349OaTh6dXsxplvoArehfYMMZGuNmFlucoeN8K6w
+ yLRViN7tCS39CAYdjeNX1X7mQ7gBC61jUQ++JB+R5MhXmALJxzPfQRl9jsYmjx9ZXjEwE
+ tjKLSyQifQU20eXbhZOUW2nr+ItTikS3AOSo6Ja6jCI1c9lj6mJtUOorGsuxfdhEigPws
+ Qnz539imGcyqySSxvbJvgoEYxhE3dHFV5cJkomoHHHwLH0wbjAgBQtCMX3CvpxNX8sBfJ
+ MxvUkxY8VWt3CtJkdq+/eaCovCRn6GN5enI5tlUJgpAyV+PO6PvkTan6yC8lHMM5pD4jX
+ Hdo6gt6m9WyA5VxUHdoYYMaDO/rvCxxrUevzPn8do5I96madr9S9lFARqw74mgXG5I6pZ
+ M7zDXnorUFyv9dUIB2rOZrp7o0OC2thujjDTKXb4qfmfXGOwlkNmtCLo6BaDo9pSdRN8p
+ k0YnUAItZ64qUR7paEUKGy4rzsZjDYvIj7DrCFvLL2CXcyjPGcmcblpSHe5vJ15CFVH8X
+ o39FIIhSmehvrYJziGYUgf4JY1B6ktBtFc9l78WeoJRHNce+viSSkBj1fhbUaI=
- secret:
name: ansible_galaxy_info