From d28fbaf1cc2da77fd9b80414d7c28106cc99f5a1 Mon Sep 17 00:00:00 2001 From: Mohammed Naser Date: Mon, 8 Apr 2024 17:15:00 -0400 Subject: [PATCH] build: build all images + run tests using them (#1069) TODO Add patches Figure out why cache misses for Git clone (or something else) --- Dockerfile | 188 ++------- Earthfile | 108 +----- docker-bake.hcl | 98 ----- images/Earthfile | 52 --- images/barbican/Dockerfile | 27 ++ images/base/Earthfile | 7 - images/build.sh | 43 --- images/builder/Earthfile | 7 - images/cinder/Dockerfile | 35 ++ images/cinder/Earthfile | 23 -- images/cloud-archive-base/Earthfile | 23 -- .../cluster-api-provider-openstack/Dockerfile | 32 ++ .../cluster-api-provider-openstack/Earthfile | 18 - .../0001-chore-bump-k8s-api-for-cve.patch | 185 +++------ images/curl/Earthfile | 5 - images/designate/Dockerfile | 33 ++ images/designate/Earthfile | 21 - images/glance/Dockerfile | 39 ++ images/glance/Earthfile | 32 -- images/heat/Dockerfile | 33 ++ images/heat/Earthfile | 21 - images/helm/Earthfile | 11 - images/horizon/Dockerfile | 61 +++ images/horizon/Earthfile | 38 -- images/ironic/Dockerfile | 35 ++ images/ironic/Earthfile | 22 -- images/keystone/Dockerfile | 49 +++ images/keystone/Earthfile | 34 -- images/kubernetes-entrypoint/Dockerfile | 24 ++ images/kubernetes-entrypoint/Earthfile | 35 -- images/kubernetes/Earthfile | 9 - images/libvirtd/Dockerfile | 26 ++ images/libvirtd/Earthfile | 21 - images/libvirtd/keyrings/ceph.gpg | Bin 1143 -> 0 bytes images/magnum/Dockerfile | 45 +++ images/magnum/Earthfile | 23 -- ...flect-breaking-change-in-helm-v3-5-2.patch | 28 -- ...01-Fix-Trust-token-scope-for-drivers.patch | 0 images/manila/Dockerfile | 35 ++ images/manila/Earthfile | 21 - images/netoffload/Dockerfile | 29 ++ images/netoffload/Earthfile | 28 -- images/neutron/Dockerfile | 38 ++ images/neutron/Earthfile | 25 -- ...-netns-deletion-of-broken-namespaces.patch | 144 ------- ...vn-set-mtu-in-external_ids-correctly.patch | 38 ++ images/nova-ssh/Dockerfile | 26 ++ images/nova-ssh/Earthfile | 18 - images/nova/Dockerfile | 33 ++ images/nova/Earthfile | 25 -- ...-Stop-unconditionally-enabling-evmcs.patch | 66 ---- ...bling-hyperv-feature-reenlightenment.patch | 52 --- images/octavia/Dockerfile | 36 ++ images/octavia/Earthfile | 22 -- ...fy-endpoint-info.-for-neutron-client.patch | 37 -- images/openstack-runtime/Dockerfile | 23 ++ images/openstack-service/Earthfile | 99 ----- images/openstack-venv-builder/Dockerfile | 62 +++ images/openvswitch/Dockerfile | 25 ++ images/openvswitch/Earthfile | 17 - images/ovn/Dockerfile | 44 +++ images/ovn/Earthfile | 47 --- images/placement/Dockerfile | 26 ++ images/placement/Earthfile | 19 - images/python-base/Dockerfile | 26 ++ images/senlin/Dockerfile | 26 ++ images/senlin/Earthfile | 19 - images/staffeln/Dockerfile | 26 ++ images/staffeln/Earthfile | 20 - images/tempest/Dockerfile | 60 +++ images/tempest/Earthfile | 49 --- images/trivy/.trivyignore | 17 - images/trivy/Earthfile | 8 - .../ubuntu-cloud-archive/Dockerfile | 11 +- .../trusted.gpg.d/ubuntu-cloud-keyring.gpg | Bin 0 -> 1201 bytes .../pre.yml => images/ubuntu/Dockerfile | 6 +- molecule/keycloak/create.yml | 1 + molecule/keycloak/group_vars | 1 + molecule/keycloak/host_vars | 1 + molecule/keycloak/molecule.yml | 2 +- molecule/keycloak/prepare.yml | 7 +- patches/2023.2/magnum/.gitkeep | 0 roles/defaults/vars/main.yml | 364 +++++++++--------- zuul.d/container-images/barbican.yaml | 80 ++++ zuul.d/container-images/base.yaml | 65 ++++ zuul.d/container-images/cinder.yaml | 80 ++++ .../cluster-api-provider-openstack.yaml | 51 +++ zuul.d/container-images/designate.yaml | 80 ++++ zuul.d/container-images/glance.yaml | 80 ++++ zuul.d/container-images/heat.yaml | 80 ++++ zuul.d/container-images/horizon.yaml | 80 ++++ zuul.d/container-images/ironic.yaml | 80 ++++ zuul.d/container-images/keystone.yaml | 80 ++++ .../kubernetes-entrypoint.yaml | 51 +++ .../container-images/libvirt-tls-sidecar.yaml | 56 +++ zuul.d/container-images/libvirtd.yaml | 69 ++++ zuul.d/container-images/magnum.yaml | 80 ++++ zuul.d/container-images/manila.yaml | 80 ++++ zuul.d/container-images/netoffload.yaml | 51 +++ zuul.d/container-images/neutron.yaml | 80 ++++ zuul.d/container-images/nova-ssh.yaml | 70 ++++ zuul.d/container-images/nova.yaml | 80 ++++ zuul.d/container-images/octavia.yaml | 80 ++++ .../openstack-python-runtime.yaml | 70 ++++ .../container-images/openstack-runtime.yaml | 63 +++ .../openstack-venv-builder.yaml | 68 ++++ zuul.d/container-images/openvswitch.yaml | 51 +++ zuul.d/container-images/ovn.yaml | 68 ++++ zuul.d/container-images/placement.yaml | 80 ++++ zuul.d/container-images/python-base.yaml | 63 +++ zuul.d/container-images/senlin.yaml | 80 ++++ zuul.d/container-images/staffeln.yaml | 80 ++++ zuul.d/container-images/tempest.yaml | 80 ++++ .../ubuntu-cloud-archive.yaml | 58 +++ zuul.d/container-images/ubuntu.yaml | 51 +++ zuul.d/jobs.yaml | 40 +- zuul.d/playbooks/buildset-registry/run.yml | 159 -------- zuul.d/playbooks/molecule/pre.yml | 11 +- zuul.d/project.yaml | 130 ++++++- zuul.d/secrets.yaml | 27 +- 120 files changed, 3716 insertions(+), 2086 deletions(-) delete mode 100644 docker-bake.hcl delete mode 100644 images/Earthfile create mode 100644 images/barbican/Dockerfile delete mode 100644 images/base/Earthfile delete mode 100755 images/build.sh delete mode 100644 images/builder/Earthfile create mode 100644 images/cinder/Dockerfile delete mode 100644 images/cinder/Earthfile delete mode 100644 images/cloud-archive-base/Earthfile create mode 100644 images/cluster-api-provider-openstack/Dockerfile delete mode 100644 images/cluster-api-provider-openstack/Earthfile delete mode 100644 images/curl/Earthfile create mode 100644 images/designate/Dockerfile delete mode 100644 images/designate/Earthfile create mode 100644 images/glance/Dockerfile delete mode 100644 images/glance/Earthfile create mode 100644 images/heat/Dockerfile delete mode 100644 images/heat/Earthfile delete mode 100644 images/helm/Earthfile create mode 100644 images/horizon/Dockerfile delete mode 100644 images/horizon/Earthfile create mode 100644 images/ironic/Dockerfile delete mode 100644 images/ironic/Earthfile create mode 100644 images/keystone/Dockerfile delete mode 100644 images/keystone/Earthfile create mode 100644 images/kubernetes-entrypoint/Dockerfile delete mode 100644 images/kubernetes-entrypoint/Earthfile delete mode 100644 images/kubernetes/Earthfile create mode 100644 images/libvirtd/Dockerfile delete mode 100644 images/libvirtd/Earthfile delete mode 100644 images/libvirtd/keyrings/ceph.gpg create mode 100644 images/magnum/Dockerfile delete mode 100644 images/magnum/Earthfile delete mode 100644 images/magnum/patches/magnum/0000-update-chart-metadata-version-to-reflect-breaking-change-in-helm-v3-5-2.patch rename patches/zed/magnum/0000-Fix-Trust-token-scope-for-drivers.patch => images/magnum/patches/magnum/0001-Fix-Trust-token-scope-for-drivers.patch (100%) create mode 100644 images/manila/Dockerfile delete mode 100644 images/manila/Earthfile create mode 100644 images/netoffload/Dockerfile delete mode 100644 images/netoffload/Earthfile create mode 100644 images/neutron/Dockerfile delete mode 100644 images/neutron/Earthfile delete mode 100644 images/neutron/patches/neutron/0000-fix-netns-deletion-of-broken-namespaces.patch create mode 100644 images/neutron/patches/neutron/0001-fix-ovn-set-mtu-in-external_ids-correctly.patch create mode 100644 images/nova-ssh/Dockerfile delete mode 100644 images/nova-ssh/Earthfile create mode 100644 images/nova/Dockerfile delete mode 100644 images/nova/Earthfile delete mode 100644 images/nova/patches/nova/0000-libvirt-Stop-unconditionally-enabling-evmcs.patch delete mode 100644 images/nova/patches/nova/0001-libvirt-stop-enabling-hyperv-feature-reenlightenment.patch create mode 100644 images/octavia/Dockerfile delete mode 100644 images/octavia/Earthfile delete mode 100644 images/octavia/patches/octavia/0000-fix-specify-endpoint-info.-for-neutron-client.patch create mode 100644 images/openstack-runtime/Dockerfile delete mode 100644 images/openstack-service/Earthfile create mode 100644 images/openstack-venv-builder/Dockerfile create mode 100644 images/openvswitch/Dockerfile delete mode 100644 images/openvswitch/Earthfile create mode 100644 images/ovn/Dockerfile delete mode 100644 images/ovn/Earthfile create mode 100644 images/placement/Dockerfile delete mode 100644 images/placement/Earthfile create mode 100644 images/python-base/Dockerfile create mode 100644 images/senlin/Dockerfile delete mode 100644 images/senlin/Earthfile create mode 100644 images/staffeln/Dockerfile delete mode 100644 images/staffeln/Earthfile create mode 100644 images/tempest/Dockerfile delete mode 100644 images/tempest/Earthfile delete mode 100644 images/trivy/.trivyignore delete mode 100644 images/trivy/Earthfile rename zuul.d/playbooks/buildset-registry/pre.yml => images/ubuntu-cloud-archive/Dockerfile (68%) create mode 100644 images/ubuntu-cloud-archive/trusted.gpg.d/ubuntu-cloud-keyring.gpg rename zuul.d/playbooks/molecule-keycloak/pre.yml => images/ubuntu/Dockerfile (84%) create mode 120000 molecule/keycloak/create.yml create mode 120000 molecule/keycloak/group_vars create mode 120000 molecule/keycloak/host_vars delete mode 100644 patches/2023.2/magnum/.gitkeep create mode 100644 zuul.d/container-images/barbican.yaml create mode 100644 zuul.d/container-images/base.yaml create mode 100644 zuul.d/container-images/cinder.yaml create mode 100644 zuul.d/container-images/cluster-api-provider-openstack.yaml create mode 100644 zuul.d/container-images/designate.yaml create mode 100644 zuul.d/container-images/glance.yaml create mode 100644 zuul.d/container-images/heat.yaml create mode 100644 zuul.d/container-images/horizon.yaml create mode 100644 zuul.d/container-images/ironic.yaml create mode 100644 zuul.d/container-images/keystone.yaml create mode 100644 zuul.d/container-images/kubernetes-entrypoint.yaml create mode 100644 zuul.d/container-images/libvirt-tls-sidecar.yaml create mode 100644 zuul.d/container-images/libvirtd.yaml create mode 100644 zuul.d/container-images/magnum.yaml create mode 100644 zuul.d/container-images/manila.yaml create mode 100644 zuul.d/container-images/netoffload.yaml create mode 100644 zuul.d/container-images/neutron.yaml create mode 100644 zuul.d/container-images/nova-ssh.yaml create mode 100644 zuul.d/container-images/nova.yaml create mode 100644 zuul.d/container-images/octavia.yaml create mode 100644 zuul.d/container-images/openstack-python-runtime.yaml create mode 100644 zuul.d/container-images/openstack-runtime.yaml create mode 100644 zuul.d/container-images/openstack-venv-builder.yaml create mode 100644 zuul.d/container-images/openvswitch.yaml create mode 100644 zuul.d/container-images/ovn.yaml create mode 100644 zuul.d/container-images/placement.yaml create mode 100644 zuul.d/container-images/python-base.yaml create mode 100644 zuul.d/container-images/senlin.yaml create mode 100644 zuul.d/container-images/staffeln.yaml create mode 100644 zuul.d/container-images/tempest.yaml create mode 100644 zuul.d/container-images/ubuntu-cloud-archive.yaml create mode 100644 zuul.d/container-images/ubuntu.yaml delete mode 100644 zuul.d/playbooks/buildset-registry/run.yml diff --git a/Dockerfile b/Dockerfile index 9c8e06b7d..4b74bee9b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,161 +1,27 @@ -FROM ubuntu:jammy-20240227 AS ubuntu -LABEL org.opencontainers.image.source=https://github.com/vexxhost/atmosphere - -FROM ubuntu AS helm -ARG TARGETOS -ARG TARGETARCH -ARG HELM_VERSION=3.14.0 -ADD https://get.helm.sh/helm-v${HELM_VERSION}-${TARGETOS}-${TARGETARCH}.tar.gz /helm.tar.gz -RUN tar -xzf /helm.tar.gz -RUN mv /${TARGETOS}-${TARGETARCH}/helm /usr/bin/helm - -FROM ubuntu AS ubuntu-cloud-archive -ADD --chmod=644 https://git.launchpad.net/ubuntu/+source/ubuntu-keyring/plain/keyrings/ubuntu-cloud-keyring.gpg /etc/apt/trusted.gpg.d/ubuntu-cloud-keyring.gpg -ARG RELEASE -RUN < /etc/apt/sources.list.d/cloudarchive.list; \ - elif [ "${RELEASE}" = "zed" ]; then \ - echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu \${VERSION_CODENAME}-updates/${RELEASE} main" > /etc/apt/sources.list.d/cloudarchive.list; \ - elif [ "${RELEASE}" = "2023.1" ]; then \ - echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu \${VERSION_CODENAME}-updates/antelope main" > /etc/apt/sources.list.d/cloudarchive.list; \ - elif [ "${RELEASE}" = "2023.2" ]; then \ - echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu \${VERSION_CODENAME}-updates/bobcat main" > /etc/apt/sources.list.d/cloudarchive.list; \ - elif [ "${RELEASE}" = "master" ]; then \ - echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu \${VERSION_CODENAME}-updates/caracal main" > /etc/apt/sources.list.d/cloudarchive.list; \ - else \ - echo "${RELEASE} is not supported on \${VERSION_CODENAME}"; \ - exit 1; \ - fi; \ -else - echo "Unsupported release"; \ - exit 1; \ -fi -EOF - -FROM alpine/git AS requirements -ARG BRANCH -ADD https://opendev.org/openstack/requirements.git#${BRANCH} /src -RUN < requirements.txt @@ -114,10 +90,14 @@ build.collections: SAVE IMAGE --cache-hint image: - ARG RELEASE=2023.1 - FROM ./images/cloud-archive-base+image --RELEASE ${RELEASE} + FROM ubuntu:jammy ENV ANSIBLE_PIPELINING=True - DO ./images+APT_INSTALL --PACKAGES "rsync openssh-client" + RUN \ + apt-get update -qq && \ + apt-get install -qq -y --no-install-recommends \ + rsync openssh-client && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* COPY +build.venv.runtime/venv /venv ENV PATH=/venv/bin:$PATH COPY +build.collections/ /usr/share/ansible @@ -125,60 +105,6 @@ image: ARG REGISTRY=ghcr.io/vexxhost/atmosphere SAVE IMAGE --push ${REGISTRY}:${tag} -images: - ARG REGISTRY=ghcr.io/vexxhost/atmosphere - BUILD +libvirt-tls-sidecar.image --REGISTRY=${REGISTRY} - BUILD ./images/cinder+image --REGISTRY=${REGISTRY} - BUILD ./images/cluster-api-provider-openstack+image --REGISTRY=${REGISTRY} - BUILD ./images/designate+image --REGISTRY=${REGISTRY} - BUILD ./images/glance+image --REGISTRY=${REGISTRY} - BUILD ./images/heat+image --REGISTRY=${REGISTRY} - BUILD ./images/horizon+image --REGISTRY=${REGISTRY} - BUILD ./images/ironic+image --REGISTRY=${REGISTRY} - BUILD ./images/keystone+image --REGISTRY=${REGISTRY} - BUILD ./images/kubernetes-entrypoint+image --REGISTRY=${REGISTRY} - BUILD ./images/libvirtd+image --REGISTRY=${REGISTRY} - BUILD ./images/magnum+image --REGISTRY=${REGISTRY} - BUILD ./images/manila+image --REGISTRY=${REGISTRY} - BUILD ./images/netoffload+image --REGISTRY=${REGISTRY} - BUILD ./images/neutron+image --REGISTRY=${REGISTRY} - BUILD ./images/nova-ssh+image --REGISTRY=${REGISTRY} - BUILD ./images/nova+image --REGISTRY=${REGISTRY} - BUILD ./images/octavia+image --REGISTRY=${REGISTRY} - BUILD ./images/openvswitch+image --REGISTRY=${REGISTRY} - BUILD ./images/ovn+images --REGISTRY=${REGISTRY} - BUILD ./images/placement+image --REGISTRY=${REGISTRY} - BUILD ./images/senlin+image --REGISTRY=${REGISTRY} - BUILD ./images/staffeln+image --REGISTRY=${REGISTRY} - BUILD ./images/tempest+image --REGISTRY=${REGISTRY} - -SCAN_IMAGE: - FUNCTION - ARG --required IMAGE - # TODO(mnaser): Include secret scanning when it's more reliable. - RUN \ - trivy image \ - --skip-db-update \ - --skip-java-db-update \ - --scanners vuln \ - --exit-code 1 \ - --ignore-unfixed \ - --timeout 10m \ - ${IMAGE} - -scan-image: - FROM ./images/trivy+image - ARG --required IMAGE - DO +SCAN_IMAGE --IMAGE ${IMAGE} - -scan-images: - FROM ./images/trivy+image - COPY roles/defaults/vars/main.yml /defaults.yml - # TODO(mnaser): Scan all images eventually - FOR IMAGE IN $(cat /defaults.yml | egrep -E 'ghcr.io/vexxhost|registry.atmosphere.dev' | cut -d' ' -f4 | sort | uniq) - BUILD +scan-image --IMAGE ${IMAGE} - END - pin-images: FROM +build.venv.dev COPY roles/defaults/vars/main.yml /defaults.yml diff --git a/docker-bake.hcl b/docker-bake.hcl deleted file mode 100644 index 7237361c9..000000000 --- a/docker-bake.hcl +++ /dev/null @@ -1,98 +0,0 @@ -variable "REGISTRY" { - default = "registry.atmosphere.dev/library" -} - -variable "CACHE_REGISTRY" { - default = "registry.atmosphere.dev/cache" -} - -variable "PUSH_TO_CACHE" { - default = false -} - -function "cache_from" { - params = [image] - result = ["type=registry,ref=${CACHE_REGISTRY}/${image}"] -} - -function "cache_to" { - params = [image] - result = PUSH_TO_CACHE ? [format("%s,%s", cache_from(image)[0], "mode=max,image-manifest=true,oci-mediatypes=true,compression=zstd")] : [] -} - -target "barbican" { - name = "barbican-${release.tgt}" - - context = "." - target = "barbican" - - cache-from = cache_from("barbican:${release.name}") - cache-to = cache_to("barbican:${release.name}") - - tags = [ - "${REGISTRY}/barbican:${release.name}", - "${REGISTRY}/barbican:${release.ref}" - ] - - matrix = { - release = [ - { - tgt = "bobcat", - name = "2023.2", - ref = "a00fcade4138ffc52cd9c84b5999297966f019b5" - } - ] - } - - args = { - RELEASE = release.name - BRANCH = format("stable/%s", release.name) - PROJECT = "barbican" - BARBICAN_GIT_REF = release.ref - } -} - -target "magnum" { - name = "magnum-${release.tgt}" - - context = "." - target = "magnum" - - cache-from = cache_from("magnum:${release.name}") - cache-to = cache_to("magnum:${release.name}") - - tags = [ - "${REGISTRY}/magnum:${release.name}", - "${REGISTRY}/magnum:${release.ref}" - ] - - matrix = { - release = [ - { - tgt = "zed", - name = "zed", - ref = "0ee979099a01ae2c8b1b5d6757897a8993e4e34c" - }, - { - tgt = "bobcat", - name = "2023.2", - ref = "5f921a72d22d7e96fb3584c4906a39de9a085a41" - } - ] - } - - args = { - RELEASE = release.name - BRANCH = format("stable/%s", release.name) - PROJECT = "magnum" - MAGNUM_GIT_REF = release.ref - } -} - - -group "default" { - targets = [ - "barbican", - "magnum" - ] -} diff --git a/images/Earthfile b/images/Earthfile deleted file mode 100644 index 32cab4a2f..000000000 --- a/images/Earthfile +++ /dev/null @@ -1,52 +0,0 @@ -VERSION 0.8 - -APT_INSTALL: - FUNCTION - ARG PACKAGES - RUN \ - apt-get update && \ - DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y ${PACKAGES} && \ - apt-get clean && \ - rm -rf /var/lib/apt/lists/* - -DNF_INSTALL: - FUNCTION - ARG PACKAGES - RUN \ - dnf -y install \ - ${PACKAGES} \ - --setopt=install_weak_deps=False \ - --setopt=tsflags=nodocs && \ - dnf -y clean all && \ - rm -rf /var/cache/dnf - -CREATE_PROJECT_USER: - FUNCTION - ARG PROJECT - ARG SHELL=/usr/sbin/nologin - RUN \ - groupadd -g 42424 ${PROJECT} && \ - useradd -u 42424 -g 42424 -M -d /var/lib/${PROJECT} -s ${SHELL} -c "${PROJECT} User" ${PROJECT} && \ - mkdir -p /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/cache/${PROJECT} && \ - chown -Rv ${PROJECT}:${PROJECT} /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/cache/${PROJECT} - -fetch-gerrit-patch: - FROM ./base+image - DO +APT_INSTALL --PACKAGES "ca-certificates curl git jq" - ARG --required IMAGE - ARG PROJECT=${IMAGE} - ARG --required CHANGE - ARG PROJECT_REF=master - DO ./openstack-service+GIT_CHECKOUT \ - --PROJECT=${PROJECT} \ - --PROJECT_REF=${PROJECT_REF} - ARG REF=$(curl "https://review.opendev.org/changes/?q=${CHANGE}&o=CURRENT_REVISION" | tail -1 | jq -r '.[0].revisions[].ref') - COPY ${IMAGE}/patches/${PROJECT} /patches - RUN \ - git fetch https://review.opendev.org/openstack/${PROJECT} ${REF} && \ - git format-patch -1 --output-directory /gerrit FETCH_HEAD - ARG PATCH_ID=$(ls -1 /patches | wc -l | xargs printf "%04d") - RUN \ - cp /gerrit/0001-* \ - /patches/${PATCH_ID}-$(basename /gerrit/*.patch | sed 's/0001-//') - SAVE ARTIFACT /patches AS LOCAL ${IMAGE}/patches/${PROJECT} diff --git a/images/barbican/Dockerfile b/images/barbican/Dockerfile new file mode 100644 index 000000000..e12147859 --- /dev/null +++ b/images/barbican/Dockerfile @@ -0,0 +1,27 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +FROM registry.atmosphere.dev/library/openstack-venv-builder:zed AS build +ARG BARBICAN_GIT_REF=7d6749fcb1ad16a3350de82cd8e523d5b55306f8 +ADD --keep-git-dir=true https://opendev.org/openstack/barbican.git#${BARBICAN_GIT_REF} /src/barbican +RUN git -C /src/barbican fetch --unshallow +RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private <" - exit 1 -fi - -docker buildx create --name=atmosphere --driver=docker-container || true - -if [ "$PUSH" = true ]; then - docker buildx bake --builder=atmosphere --provenance --sbom=true --push $TARGET - - # Sign all images - export COSIGN_PASSWORD="" - for IMAGE in $(docker buildx bake --print ${TARGET} | jq -r '.target[].tags | select(. != null)[]'); do - cosign sign -y --recursive --key cosign.key ${IMAGE} - done -else - docker buildx bake --builder=atmosphere --provenance --sbom=true $TARGET -fi diff --git a/images/builder/Earthfile b/images/builder/Earthfile deleted file mode 100644 index f4e92d3fa..000000000 --- a/images/builder/Earthfile +++ /dev/null @@ -1,7 +0,0 @@ -VERSION 0.7 - -image: - FROM ../base+image - DO ../+APT_INSTALL --PACKAGES "build-essential git python3-dev python3-pip python3-venv" - ARG POETRY_VERSION=1.4.2 - RUN pip3 install --no-cache-dir poetry==${POETRY_VERSION} diff --git a/images/cinder/Dockerfile b/images/cinder/Dockerfile new file mode 100644 index 000000000..4c8f153ce --- /dev/null +++ b/images/cinder/Dockerfile @@ -0,0 +1,35 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +FROM registry.atmosphere.dev/library/openstack-venv-builder:zed AS build +ARG CINDER_GIT_REF=f74e2729554bee01b0a3e631a8001bb39e540433 +ADD --keep-git-dir=true https://opendev.org/openstack/cinder.git#${CINDER_GIT_REF} /src/cinder +RUN git -C /src/cinder fetch --unshallow +RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private < /etc/apt/sources.list.d/cloudarchive.list - ELSE IF [ "${RELEASE}" = "zed" ] - RUN echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu $(lsb_release -sc)-updates/${RELEASE} main" > /etc/apt/sources.list.d/cloudarchive.list - ELSE IF [ "${RELEASE}" = "2023.1" ] - RUN echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu $(lsb_release -sc)-updates/antelope main" > /etc/apt/sources.list.d/cloudarchive.list - ELSE IF [ "${RELEASE}" = "2023.2" ] - RUN echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu $(lsb_release -sc)-updates/bobcat main" > /etc/apt/sources.list.d/cloudarchive.list - ELSE IF [ "${RELEASE}" = "master" ] - RUN echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu $(lsb_release -sc)-updates/caracal main" > /etc/apt/sources.list.d/cloudarchive.list - ELSE - RUN echo "${RELEASE} is not supported on $(lsb_release -sc)" - RUN exit 1 - END - END diff --git a/images/cluster-api-provider-openstack/Dockerfile b/images/cluster-api-provider-openstack/Dockerfile new file mode 100644 index 000000000..aa05489a9 --- /dev/null +++ b/images/cluster-api-provider-openstack/Dockerfile @@ -0,0 +1,32 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +FROM alpine/git:2.43.0 AS src +ARG CAPO_VERSION=v0.9.0 +ADD https://github.com/kubernetes-sigs/cluster-api-provider-openstack.git#${CAPO_VERSION} /src +WORKDIR /src +COPY /patches /patches +RUN git apply /patches/*.patch + +FROM golang:1.20 AS builder +COPY --from=src --link /src /src +WORKDIR /src +ARG ARCH +RUN CGO_ENABLED=0 GOOS=linux GOARCH=${ARCH} \ + go build -ldflags "-extldflags '-static'" -o manager ${package} + +FROM gcr.io/distroless/static:nonroot +COPY --from=builder /src/manager /manager +USER 65532 +ENTRYPOINT ["/manager"] diff --git a/images/cluster-api-provider-openstack/Earthfile b/images/cluster-api-provider-openstack/Earthfile deleted file mode 100644 index 111f465e0..000000000 --- a/images/cluster-api-provider-openstack/Earthfile +++ /dev/null @@ -1,18 +0,0 @@ -VERSION 0.7 - -ARG --global CAPO_VERSION=v0.8.0 -ARG --global EPOCH=2 - -clone: - FROM ../builder+image - GIT CLONE --branch ${CAPO_VERSION} https://github.com/kubernetes-sigs/cluster-api-provider-openstack /workspace/src - WORKDIR /workspace/src - COPY patches /workspace/patches - RUN git apply --verbose /workspace/patches/*.patch - SAVE ARTIFACT /workspace/src - -image: - FROM DOCKERFILE -f +clone/src/Dockerfile +clone/src/* - LABEL org.opencontainers.image.source=https://github.com/vexxhost/atmosphere - ARG REGISTRY=ghcr.io/vexxhost/atmosphere - SAVE IMAGE --push ${REGISTRY}/capi-openstack-controller:${CAPO_VERSION}-${EPOCH} diff --git a/images/cluster-api-provider-openstack/patches/0001-chore-bump-k8s-api-for-cve.patch b/images/cluster-api-provider-openstack/patches/0001-chore-bump-k8s-api-for-cve.patch index 2812ac502..cd99927fe 100644 --- a/images/cluster-api-provider-openstack/patches/0001-chore-bump-k8s-api-for-cve.patch +++ b/images/cluster-api-provider-openstack/patches/0001-chore-bump-k8s-api-for-cve.patch @@ -1,158 +1,89 @@ -From 139a57e7b0d4c57033e281b061e459039a5e21d3 Mon Sep 17 00:00:00 2001 +From eed5b5cc2a6cf48c0c9e0245695d0ac143150186 Mon Sep 17 00:00:00 2001 From: Mohammed Naser -Date: Mon, 22 Jan 2024 16:22:52 -0500 -Subject: [PATCH 2/2] chore: bump k8s api for cve +Date: Tue, 12 Mar 2024 18:18:25 -0400 +Subject: [PATCH] chore: bump k8s api for cve --- - go.mod | 17 +++++++++-------- - go.sum | 36 +++++++++++++++++++----------------- - 2 files changed, 28 insertions(+), 25 deletions(-) + go.mod | 8 ++++---- + go.sum | 16 ++++++++-------- + 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod -index db4a954a..49d2f7cf 100644 +index 997f8354..d6c300cc 100644 --- a/go.mod +++ b/go.mod -@@ -15,8 +15,8 @@ require ( - github.com/onsi/gomega v1.27.8 - github.com/prometheus/client_golang v1.16.0 +@@ -15,7 +15,7 @@ require ( + github.com/onsi/gomega v1.30.0 + github.com/prometheus/client_golang v1.17.0 github.com/spf13/pflag v1.0.5 -- golang.org/x/crypto v0.11.0 -- golang.org/x/text v0.11.0 -+ golang.org/x/crypto v0.14.0 -+ golang.org/x/text v0.13.0 +- golang.org/x/crypto v0.15.0 ++ golang.org/x/crypto v0.17.0 + golang.org/x/text v0.14.0 gopkg.in/ini.v1 v1.67.0 - k8s.io/api v0.27.2 - k8s.io/apiextensions-apiserver v0.27.2 + k8s.io/api v0.28.4 @@ -24,7 +24,7 @@ require ( - k8s.io/client-go v0.27.2 - k8s.io/component-base v0.27.2 - k8s.io/klog/v2 v2.90.1 -- k8s.io/kubernetes v1.27.2 -+ k8s.io/kubernetes v1.27.8 - k8s.io/utils v0.0.0-20230313181309-38a27ef9d749 - sigs.k8s.io/cluster-api v1.5.1 - sigs.k8s.io/cluster-api/test v1.5.1 -@@ -113,15 +113,16 @@ require ( - go.uber.org/multierr v1.11.0 // indirect - go.uber.org/zap v1.24.0 // indirect - golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect -- golang.org/x/net v0.13.0 // indirect -+ golang.org/x/net v0.17.0 // indirect - golang.org/x/oauth2 v0.10.0 // indirect -- golang.org/x/sys v0.10.0 // indirect -- golang.org/x/term v0.10.0 // indirect -+ golang.org/x/sys v0.13.0 // indirect -+ golang.org/x/term v0.13.0 // indirect + k8s.io/client-go v0.28.4 + k8s.io/component-base v0.28.4 + k8s.io/klog/v2 v2.100.1 +- k8s.io/kubernetes v1.28.3 ++ k8s.io/kubernetes v1.28.4 + k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 + sigs.k8s.io/cluster-api v1.6.0 + sigs.k8s.io/cluster-api/test v1.6.0 +@@ -139,8 +139,8 @@ require ( + golang.org/x/net v0.18.0 // indirect + golang.org/x/oauth2 v0.14.0 // indirect + golang.org/x/sync v0.4.0 // indirect +- golang.org/x/sys v0.14.0 // indirect +- golang.org/x/term v0.14.0 // indirect ++ golang.org/x/sys v0.15.0 // indirect ++ golang.org/x/term v0.15.0 // indirect golang.org/x/time v0.3.0 // indirect -- golang.org/x/tools v0.9.3 // indirect -+ golang.org/x/tools v0.12.0 // indirect - gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect - google.golang.org/appengine v1.6.7 // indirect -- google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect -+ google.golang.org/genproto/googleapis/api v0.0.0-20230525234020-1aefcd67740a // indirect -+ google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19 // indirect - google.golang.org/protobuf v1.31.0 // indirect - gopkg.in/inf.v0 v0.9.1 // indirect - gopkg.in/yaml.v2 v2.4.0 // indirect + golang.org/x/tools v0.14.0 // indirect + gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect diff --git a/go.sum b/go.sum -index 66bd8109..f18ece49 100644 +index e3d46fdc..f5767735 100644 --- a/go.sum +++ b/go.sum -@@ -516,8 +516,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y +@@ -460,8 +460,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= --golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA= --golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio= -+golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc= -+golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= +-golang.org/x/crypto v0.15.0 h1:frVn1TEaCEaZcn3Tmd7Y2b5KKPaZ+I32Q2OA3kYp5TA= +-golang.org/x/crypto v0.15.0/go.mod h1:4ChreQoLWfG3xLDer1WdlH5NdlQ3+mwnQq1YTKY+72g= ++golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= ++golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= -@@ -555,7 +555,7 @@ golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= - golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= - golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= - golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= --golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk= -+golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc= - golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= - golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= - golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -@@ -596,8 +596,8 @@ golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qx - golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= - golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= - golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= --golang.org/x/net v0.13.0 h1:Nvo8UFsZ8X3BhAC9699Z1j7XQ3rsZnUUm7jfBEk1ueY= --golang.org/x/net v0.13.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= -+golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= -+golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= - golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= - golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= - golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -@@ -673,13 +673,13 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc - golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +@@ -609,13 +609,13 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= --golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA= --golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -+golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= -+golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= + golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +-golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q= +-golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= ++golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= ++golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= --golang.org/x/term v0.10.0 h1:3R7pNqamzBraeqj/Tj8qt1aQ2HpmlC+Cx/qL/7hn4/c= --golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o= -+golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek= -+golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= +-golang.org/x/term v0.14.0 h1:LGK9IlZ8T9jvdy6cTdfKUCltatMFOehAQo9SRC46UQ8= +-golang.org/x/term v0.14.0/go.mod h1:TySc+nGkYR6qt8km8wUhuFRTVSMIX3XPR58y2lC8vww= ++golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4= ++golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -@@ -690,8 +690,8 @@ golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= - golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= --golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4= --golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -+golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= -+golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= - golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -@@ -752,8 +752,8 @@ golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= - golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= - golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= - golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= --golang.org/x/tools v0.9.3 h1:Gn1I8+64MsuTb/HpH+LmQtNas23LhUVr3rYZ0eKuaMM= --golang.org/x/tools v0.9.3/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc= -+golang.org/x/tools v0.12.0 h1:YW6HUoUmYBpwSgyaGaZq1fHjrBjX1rlpZ54T6mu2kss= -+golang.org/x/tools v0.12.0/go.mod h1:Sc0INKfu04TlqNoRA1hgpFZbhYXHPr4V5DzpSBTPqQM= - golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= - golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= - golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -@@ -825,8 +825,10 @@ google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6D - google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= - google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= - google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= --google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A= --google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU= -+google.golang.org/genproto/googleapis/api v0.0.0-20230525234020-1aefcd67740a h1:HiYVD+FGJkTo+9zj1gqz0anapsa1JxjiSrN+BJKyUmE= -+google.golang.org/genproto/googleapis/api v0.0.0-20230525234020-1aefcd67740a/go.mod h1:ts19tUU+Z0ZShN1y3aPyq2+O3d5FUNNgT6FtOzmrNn8= -+google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19 h1:0nDDozoAU19Qb2HwhXadU8OcsiO/09cnTqhUtq2MEOM= -+google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= - google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= - google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= - google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= -@@ -914,8 +916,8 @@ k8s.io/klog/v2 v2.90.1 h1:m4bYOKall2MmOiRaR1J+We67Do7vm9KiQVlT96lnHUw= - k8s.io/klog/v2 v2.90.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= - k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5FJ2kxm1WrQFanWchyKuqGg= - k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3ebc/QwanvYwhuMWF6yz2F8uwW8eg= --k8s.io/kubernetes v1.27.2 h1:g4v9oY6u7vBUDEuq4FvC50Bbw2K7GZuvM00IIESWVf4= --k8s.io/kubernetes v1.27.2/go.mod h1:U8ZXeKBAPxeb4J4/HOaxjw1A9K6WfSH+fY2SS7CR6IM= -+k8s.io/kubernetes v1.27.8 h1:K848lTo/D0jvrxUlTvw4nNADixbhXLHgKNDP/KlFGy8= -+k8s.io/kubernetes v1.27.8/go.mod h1:PUXXrx0IhAi+kI9BMDqNJHUnLndVv9W0DkriqyjuJOs= - k8s.io/utils v0.0.0-20230313181309-38a27ef9d749 h1:xMMXJlJbsU8w3V5N2FLDQ8YgU8s1EoULdbQBcAeNJkY= - k8s.io/utils v0.0.0-20230313181309-38a27ef9d749/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +@@ -841,8 +841,8 @@ k8s.io/kms v0.28.4 h1:PMgY/3CQTWP9eIKmNQiTgjLIZ0ns6O+voagzD2/4mSg= + k8s.io/kms v0.28.4/go.mod h1:HL4/lR/bhjAJPbqycKtfhWiKh1Sp21cpHOL8P4oo87w= + k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 h1:LyMgNKD2P8Wn1iAwQU5OhxCKlKJy0sHc+PcDwFB24dQ= + k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9/go.mod h1:wZK2AVp1uHCp4VamDVgBP2COHZjqD1T68Rf0CM3YjSM= +-k8s.io/kubernetes v1.28.3 h1:XTci6gzk+JR51UZuZQCFJ4CsyUkfivSjLI4O1P9z6LY= +-k8s.io/kubernetes v1.28.3/go.mod h1:NhAysZWvHtNcJFFHic87ofxQN7loylCQwg3ZvXVDbag= ++k8s.io/kubernetes v1.28.4 h1:aRNxs5jb8FVTtlnxeA4FSDBVKuFwA8Gw40/U2zReBYA= ++k8s.io/kubernetes v1.28.4/go.mod h1:BTzDCKYAlu6LL9ITbfjwgwIrJ30hlTgbv0eXDoA/WoA= + k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 h1:qY1Ad8PODbnymg2pRbkyMT/ylpTrCM8P2RJ0yroCyIk= + k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= -- 2.43.0 - diff --git a/images/curl/Earthfile b/images/curl/Earthfile deleted file mode 100644 index 06d3d8e1a..000000000 --- a/images/curl/Earthfile +++ /dev/null @@ -1,5 +0,0 @@ -VERSION 0.7 - -image: - FROM curlimages/curl:7.78.0 - WORKDIR /tmp diff --git a/images/designate/Dockerfile b/images/designate/Dockerfile new file mode 100644 index 000000000..e1610c8d2 --- /dev/null +++ b/images/designate/Dockerfile @@ -0,0 +1,33 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +FROM registry.atmosphere.dev/library/openstack-venv-builder:zed AS build +ARG DESIGNATE_GIT_REF=d247267823034c5e656f74e91b50475aa54d3fa6 +ADD --keep-git-dir=true https://opendev.org/openstack/designate.git#${DESIGNATE_GIT_REF} /src/designate +RUN git -C /src/designate fetch --unshallow +RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private < /etc/apt/sources.list.d/ceph.list - ELSE IF [ "$(lsb_release -sc)" = "jammy" ] - RUN echo "deb http://download.ceph.com/debian-reef/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/ceph.list - ELSE - RUN echo "${RELEASE} is not supported on $(lsb_release -sc)" - RUN exit 1 - END - DO ../+APT_INSTALL --PACKAGES="ceph-common cgroup-tools dmidecode ebtables iproute2 ipxe-qemu kmod libvirt-clients libvirt-daemon-system openssh-client openvswitch-switch ovmf pm-utils qemu-block-extra qemu-efi qemu-kvm seabios" - DO ../+CREATE_PROJECT_USER --PROJECT=nova - ARG REGISTRY=ghcr.io/vexxhost/atmosphere - SAVE IMAGE --push ${REGISTRY}/libvirtd:${RELEASE} - -image: - BUILD --platform linux/amd64 --platform linux/arm64 +platform-image diff --git a/images/libvirtd/keyrings/ceph.gpg b/images/libvirtd/keyrings/ceph.gpg deleted file mode 100644 index c5d8bd399481b290ab5da94b87bd860a33a998ee..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1143 zcmV--1c>{Y0u2OJ_=X7q5CF@nevbJ;Y5AM5al>VI3*qGa#K5Hwm2!_RG#_465sD38 zmXL=NLCNO`29zsUcXOrn|9+`WxR5h*eY-hs=XvlKgzqt0XNxo>!;HCEyQjioviTGX z^63AwMTc%);z$XmJLkgYyK`nM1CAhp7WF|reYxYAEUs_~4Q5B}26ndxL?Y|$Cver? z+Ak9m`0ngIQ{q$*^Y!*xlNj-t_r%K}ODaaT?*Dqdu%y^KW0` zS6ZrG;)BP!1)?WS`!>M&$0zQz>J5}1&X7`S)dDqhl(43rss_qx06btgIkE2bedIgK z;xG~&^jzqnT9NUuM4z@q&^f(3x^B&MdjnVbuzE8k)(4)w_9NhYi0H9|H7&%3I2aEb zh+q>nquudzb_uOvKITzY;vyJtM-HU~wRly1j%tlK+D;M`D%KzpMT}47p0{w%J|&ag z`%O4cbnWhhSU^G^3k166X92k`)Mx`N5%~SD@}t(xyk<&8q|`J0Q(hA}UIj{x-8%<| z0)_&zqylwwJA`^hL=$>tqdyAJt<5pl;fJECl3s| zLE5}_)s5UcL0JG10RRECDnn&(Xf9)KZ6GLeWo%_(b7dfFWqBzeJac7Zb#iHRc|c=j zaA+=LZ*4w_0yqQ{0RjLb1p-z0h6w^20|pBT2nPcK1{DYb2?`4Y76JnS0v-VZ7k~f? z2@vQ?!oWrkIh0+}5CD%DJ;qE0XK&-rYVa)amGnqOoyNcMzwjac5aBU$X%%PBW>k6L z3D6G=<^q??a9MD*mjZ4qFl~`Thg{o{=i*$KoW(gzrFN}Hzst1V_~#iu>_a{YPUJt&wDrHV^U72%DSq=FIzI>(lJk(k^-4(U`{P77CyD0%bq>ih zZBB+Kwrh5L1y&6*F39>os1BoYq>c-<=+D;}#zj`0g9`;rl3rwz((Gm4pRg-QOdCnE z{s#VPSsvu@5RJh(cGcL-DgN-d^tmU(lfkmllZx7il#QTWeuJ+xp#6a@O21agV0i zaTeo!x%2r>B-Too>JJHr2)h%LYsHAn939f>LsAFu -Date: Fri, 31 Mar 2023 23:41:43 +1100 -Subject: [PATCH] Update chart.metadata.version to reflect breaking change in - helm v3.5.2 - -https: //github.com/helm/helm/issues/9342 -Change-Id: I1dbe7b0b85380e713ebb5dcdd7ecbfc6a438b852 -(cherry picked from commit ebee3263b6b3d3fa213ea8f837911b89785a4700) ---- - .../templates/kubernetes/fragments/install-helm-modules.sh | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/magnum/drivers/common/templates/kubernetes/fragments/install-helm-modules.sh b/magnum/drivers/common/templates/kubernetes/fragments/install-helm-modules.sh -index 475e8dbf6c..a0b3f4bc75 100644 ---- a/magnum/drivers/common/templates/kubernetes/fragments/install-helm-modules.sh -+++ b/magnum/drivers/common/templates/kubernetes/fragments/install-helm-modules.sh -@@ -72,8 +72,8 @@ else - cat << EOF > Chart.yaml - apiVersion: v1 - name: magnum --version: metachart --appVersion: metachart -+version: 1.0.0 -+appVersion: v1.0.0 - description: Magnum Helm Charts - EOF - sed -i '1i\dependencies:' requirements.yaml diff --git a/patches/zed/magnum/0000-Fix-Trust-token-scope-for-drivers.patch b/images/magnum/patches/magnum/0001-Fix-Trust-token-scope-for-drivers.patch similarity index 100% rename from patches/zed/magnum/0000-Fix-Trust-token-scope-for-drivers.patch rename to images/magnum/patches/magnum/0001-Fix-Trust-token-scope-for-drivers.patch diff --git a/images/manila/Dockerfile b/images/manila/Dockerfile new file mode 100644 index 000000000..4a222e083 --- /dev/null +++ b/images/manila/Dockerfile @@ -0,0 +1,35 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +FROM registry.atmosphere.dev/library/openstack-venv-builder:zed AS build +ARG MANILA_GIT_REF=c0fc23a39f87629b59fae7bbf46f70e3e1b459cd +ADD --keep-git-dir=true https://opendev.org/openstack/manila.git#${MANILA_GIT_REF} /src/manila +RUN git -C /src/manila fetch --unshallow +COPY patches/manila /patches/manila +RUN git -C /src/manila apply --verbose /patches/manila/* +RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private < -Date: Fri, 22 Sep 2023 16:25:10 +0200 -Subject: [PATCH] fix netns deletion of broken namespaces - -normal network namespaces are bind-mounted to files under -/var/run/netns. If a process deleting a network namespace gets killed -during that operation there is the chance that the bind mount to the -netns has been removed, but the file under /var/run/netns still exists. - -When the neutron-ovn-metadata-agent tries to clean up such network -namespaces it first tires to validate that the network namespace is -empty. For the cases described above this fails, as this network -namespace no longer really exists, but is just a stray file laying -around. - -To fix this we treat network namespaces where we get an `OSError` with -errno 22 (Invalid Argument) as empty. The calls to pyroute2 to delete -the namespace will then clean up the file. - -Additionally we add a guard to teardown_datapath to continue even if -this fails. failing to remove a datapath is not critical and leaves in -the worst case a process and a network namespace running, however -previously it would have also prevented the creation of new datapaths -which is critical for VM startup. - -Closes-Bug: #2037102 -Change-Id: I7c43812fed5903f98a2e491076c24a8d926a59b4 -(cherry picked from commit 566fea3fed837b0130023303c770aade391d3d61) ---- - neutron/agent/linux/ip_lib.py | 17 ++++++++++++- - neutron/agent/ovn/metadata/agent.py | 5 +++- - neutron/tests/unit/agent/linux/test_ip_lib.py | 15 +++++++++++ - .../unit/agent/ovn/metadata/test_agent.py | 25 +++++++++++++++++++ - 4 files changed, 60 insertions(+), 2 deletions(-) - -diff --git a/neutron/agent/linux/ip_lib.py b/neutron/agent/linux/ip_lib.py -index 10bd33d9e1..5d2593da47 100644 ---- a/neutron/agent/linux/ip_lib.py -+++ b/neutron/agent/linux/ip_lib.py -@@ -259,7 +259,22 @@ class IPWrapper(SubProcessBase): - return ip - - def namespace_is_empty(self): -- return not self.get_devices() -+ try: -+ return not self.get_devices() -+ except OSError as e: -+ # This can happen if we previously got terminated in the middle of -+ # removing this namespace. In this case the bind mount of the -+ # namespace under /var/run/netns will be removed, but the namespace -+ # file is still there. As the bind mount is gone we can no longer -+ # access the namespace to validate that it is empty. But since it -+ # should have already been removed we are sure that the check has -+ # passed the last time and since the namespace is unuseable that -+ # can not have changed. -+ # Future calls to pyroute2 to remove that namespace will clean up -+ # the leftover file. -+ if e.errno == errno.EINVAL: -+ return True -+ raise e - - def garbage_collect_namespace(self): - """Conditionally destroy the namespace if it is empty.""" -diff --git a/neutron/agent/ovn/metadata/agent.py b/neutron/agent/ovn/metadata/agent.py -index 1745239701..861715d8e1 100644 ---- a/neutron/agent/ovn/metadata/agent.py -+++ b/neutron/agent/ovn/metadata/agent.py -@@ -430,7 +430,10 @@ class MetadataAgent(object): - ns.startswith(NS_PREFIX) and - ns not in metadata_namespaces] - for ns in unused_namespaces: -- self.teardown_datapath(self._get_datapath_name(ns)) -+ try: -+ self.teardown_datapath(self._get_datapath_name(ns)) -+ except Exception: -+ LOG.exception('Error unable to destroy namespace: %s', ns) - - # resync all network namespaces based on the associated datapaths, - # even those that are already running. This is to make sure -diff --git a/neutron/tests/unit/agent/linux/test_ip_lib.py b/neutron/tests/unit/agent/linux/test_ip_lib.py -index d1c74fb3f7..159cafdb8e 100644 ---- a/neutron/tests/unit/agent/linux/test_ip_lib.py -+++ b/neutron/tests/unit/agent/linux/test_ip_lib.py -@@ -357,6 +357,21 @@ class TestIpWrapper(base.BaseTestCase): - self.assertNotIn(mock.call().delete('ns'), - ip_ns_cmd_cls.mock_calls) - -+ def test_garbage_collect_namespace_existing_broken(self): -+ with mock.patch.object(ip_lib, 'IpNetnsCommand') as ip_ns_cmd_cls: -+ ip_ns_cmd_cls.return_value.exists.return_value = True -+ -+ ip = ip_lib.IPWrapper(namespace='ns') -+ -+ with mock.patch.object(ip, 'get_devices', -+ side_effect=OSError(errno.EINVAL, None) -+ ) as mock_get_devices: -+ self.assertTrue(ip.garbage_collect_namespace()) -+ -+ mock_get_devices.assert_called_once_with() -+ expected = [mock.call().delete('ns')] -+ ip_ns_cmd_cls.assert_has_calls(expected) -+ - @mock.patch.object(priv_lib, 'create_interface') - def test_add_vlan(self, create): - retval = ip_lib.IPWrapper().add_vlan('eth0.1', 'eth0', '1') -diff --git a/neutron/tests/unit/agent/ovn/metadata/test_agent.py b/neutron/tests/unit/agent/ovn/metadata/test_agent.py -index 6df7da702d..9bf9f0db52 100644 ---- a/neutron/tests/unit/agent/ovn/metadata/test_agent.py -+++ b/neutron/tests/unit/agent/ovn/metadata/test_agent.py -@@ -134,6 +134,31 @@ class TestMetadataAgent(base.BaseTestCase): - lnn.assert_called_once_with() - tdp.assert_called_once_with('3') - -+ def test_sync_teardown_namespace_does_not_crash_on_error(self): -+ """Test that sync tears down unneeded metadata namespaces. -+ Even if that fails it continues to provision other datapaths -+ """ -+ with mock.patch.object( -+ self.agent, 'provision_datapath') as pdp,\ -+ mock.patch.object( -+ ip_lib, 'list_network_namespaces', -+ return_value=['ovnmeta-1', 'ovnmeta-2', 'ovnmeta-3', -+ 'ns1', 'ns2']) as lnn,\ -+ mock.patch.object( -+ self.agent, 'teardown_datapath', -+ side_effect=Exception()) as tdp: -+ self.agent.sync() -+ -+ pdp.assert_has_calls( -+ [ -+ mock.call(p.datapath) -+ for p in self.ports -+ ], -+ any_order=True -+ ) -+ lnn.assert_called_once_with() -+ tdp.assert_called_once_with('3') -+ - def test_get_networks_datapaths(self): - """Test get_networks_datapaths returns only datapath objects for the - networks containing vif ports of type ''(blank) and 'external'. --- -2.34.1 diff --git a/images/neutron/patches/neutron/0001-fix-ovn-set-mtu-in-external_ids-correctly.patch b/images/neutron/patches/neutron/0001-fix-ovn-set-mtu-in-external_ids-correctly.patch new file mode 100644 index 000000000..260532499 --- /dev/null +++ b/images/neutron/patches/neutron/0001-fix-ovn-set-mtu-in-external_ids-correctly.patch @@ -0,0 +1,38 @@ +From f8ec437329510ef59c81084712dbfe49528ef56d Mon Sep 17 00:00:00 2001 +From: Mohammed Naser +Date: Thu, 28 Mar 2024 14:38:43 -0400 +Subject: [PATCH] fix(ovn): set mtu in external_ids correctly + +In the previous patch, we did account for the MTU showing up +in the external IDs however the code only sets it if it's using +a remote managed port binding. This code instead sets the binding +for all the inerface types instead. + +Related-Change-Id: I7ff300e9634e5e3fc68d70540392109fd8b9babc +Closes-Bug: 2053274 +Change-Id: I0653c83c5fb595847bb61182223db39b2f7e98c6 +--- + .../plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py b/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py +index 3e7bc5c01f..6f9e90afde 100644 +--- a/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py ++++ b/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py +@@ -480,11 +480,13 @@ class OVNClient(object): + # HA Chassis Group will bind the port to the highest + # priority Chassis + if port_type != ovn_const.LSP_TYPE_EXTERNAL: ++ port_net = self._plugin.get_network( ++ context, port['network_id']) ++ mtu = str(port_net['mtu']) + if (vnic_type == portbindings.VNIC_REMOTE_MANAGED and + ovn_const.VIF_DETAILS_PF_MAC_ADDRESS in binding_prof): + port_net = self._plugin.get_network( + context, port['network_id']) +- mtu = str(port_net['mtu']) + options.update({ + ovn_const.LSP_OPTIONS_VIF_PLUG_TYPE_KEY: 'representor', + ovn_const.LSP_OPTIONS_VIF_PLUG_MTU_REQUEST_KEY: mtu, +-- +2.34.1 diff --git a/images/nova-ssh/Dockerfile b/images/nova-ssh/Dockerfile new file mode 100644 index 000000000..84f6889a9 --- /dev/null +++ b/images/nova-ssh/Dockerfile @@ -0,0 +1,26 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +FROM registry.atmosphere.dev/library/openstack-runtime:zed +RUN < -Date: Tue, 31 Oct 2023 22:52:50 -0400 -Subject: [PATCH] libvirt: Stop unconditionally enabling evmcs - -In I008841988547573878c4e06e82f0fa55084e51b5 we started enabling a -bunch of libvirt enlightenments for Windows unconditionally. Turns -out, the `evmcs` enlightenment only works on Intel hosts, and we broke -the ability to run Windows guests on AMD machines. Until we become -smarter about conditionally enabling evmcs (with something like traits -for host CPU features), just stop enabling it at all. - -Change-Id: I2ff4fdecd9dc69de283f0e52e07df1aeaf0a9048 -Closes-bug: 2009280 ---- - nova/tests/unit/virt/libvirt/test_driver.py | 5 ++++- - nova/virt/libvirt/driver.py | 1 - - ...p-unconditionally-enabling-evmcs-993a825641c4b9f3.yaml | 8 ++++++++ - 3 files changed, 12 insertions(+), 2 deletions(-) - create mode 100644 releasenotes/notes/libvirt-enlightenments-stop-unconditionally-enabling-evmcs-993a825641c4b9f3.yaml - -diff --git a/nova/tests/unit/virt/libvirt/test_driver.py b/nova/tests/unit/virt/libvirt/test_driver.py -index d01b9c2677..ebba604ffa 100644 ---- a/nova/tests/unit/virt/libvirt/test_driver.py -+++ b/nova/tests/unit/virt/libvirt/test_driver.py -@@ -27972,7 +27972,10 @@ class LibvirtDriverTestCase(test.NoDBTestCase, TraitsComparisonMixin): - self.assertTrue(hv.reenlightenment) - self.assertTrue(hv.tlbflush) - self.assertTrue(hv.ipi) -- self.assertTrue(hv.evmcs) -+ # NOTE(artom) evmcs only works on Intel hosts, so we can't enable it -+ # unconditionally. Until we become smarter about it, just don't enable -+ # it at all. See bug 2009280. -+ self.assertFalse(hv.evmcs) - - - class LibvirtVolumeUsageTestCase(test.NoDBTestCase): -diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py -index d03dc5fd67..1b28e50355 100644 ---- a/nova/virt/libvirt/driver.py -+++ b/nova/virt/libvirt/driver.py -@@ -6234,7 +6234,6 @@ class LibvirtDriver(driver.ComputeDriver): - hv.reenlightenment = True - hv.tlbflush = True - hv.ipi = True -- hv.evmcs = True - - # NOTE(kosamara): Spoofing the vendor_id aims to allow the nvidia - # driver to work on windows VMs. At the moment, the nvidia driver -diff --git a/releasenotes/notes/libvirt-enlightenments-stop-unconditionally-enabling-evmcs-993a825641c4b9f3.yaml b/releasenotes/notes/libvirt-enlightenments-stop-unconditionally-enabling-evmcs-993a825641c4b9f3.yaml -new file mode 100644 -index 0000000000..31609f2a2d ---- /dev/null -+++ b/releasenotes/notes/libvirt-enlightenments-stop-unconditionally-enabling-evmcs-993a825641c4b9f3.yaml -@@ -0,0 +1,8 @@ -+--- -+fixes: -+ - | -+ Bug 2009280 has been fixed by no longer enabling the evmcs enlightenment in -+ the libvirt driver. evmcs only works on Intel CPUs, and domains with that -+ enlightenment cannot be started on AMD hosts. There is a possible future -+ feature to enable support for generating this enlightenment only when -+ running on Intel hosts. --- -2.34.1 - diff --git a/images/nova/patches/nova/0001-libvirt-stop-enabling-hyperv-feature-reenlightenment.patch b/images/nova/patches/nova/0001-libvirt-stop-enabling-hyperv-feature-reenlightenment.patch deleted file mode 100644 index 88ea6312a..000000000 --- a/images/nova/patches/nova/0001-libvirt-stop-enabling-hyperv-feature-reenlightenment.patch +++ /dev/null @@ -1,52 +0,0 @@ -From e618e78edc6293d248a5fa2eb63b3fa636250fca Mon Sep 17 00:00:00 2001 -From: songjie -Date: Mon, 25 Dec 2023 16:59:36 +0800 -Subject: [PATCH] libvirt: stop enabling hyperv feature reenlightenment -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The 'reenlightenment' hyperv enlightenment will cause -instances live-migration to fail (KVM currently doesn’t -fully support reenlightenment notifications, see -www.qemu.org/docs/master/system/i386/hyperv.html), -so don't enable it now. - -Change-Id: I6821819450bc96e4304125ea3b76a0e462e6e33f -Closes-Bug: #2046549 -Related-Bug: #2009280 ---- - nova/tests/unit/virt/libvirt/test_driver.py | 4 +++- - nova/virt/libvirt/driver.py | 1 - - 2 files changed, 3 insertions(+), 2 deletions(-) - -diff --git a/nova/tests/unit/virt/libvirt/test_driver.py b/nova/tests/unit/virt/libvirt/test_driver.py -index 868e024370..2e1d089898 100644 ---- a/nova/tests/unit/virt/libvirt/test_driver.py -+++ b/nova/tests/unit/virt/libvirt/test_driver.py -@@ -28048,7 +28048,9 @@ class LibvirtDriverTestCase(test.NoDBTestCase, TraitsComparisonMixin): - self.assertTrue(hv.synic) - self.assertTrue(hv.reset) - self.assertTrue(hv.frequencies) -- self.assertTrue(hv.reenlightenment) -+ # NOTE(jie) reenlightenment will cause instances live-migration -+ # failure, so don't enable it now. See bug 2046549. -+ self.assertFalse(hv.reenlightenment) - self.assertTrue(hv.tlbflush) - self.assertTrue(hv.ipi) - # NOTE(artom) evmcs only works on Intel hosts, so we can't enable it -diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py -index 7f5f48c047..f8e3353110 100644 ---- a/nova/virt/libvirt/driver.py -+++ b/nova/virt/libvirt/driver.py -@@ -6262,7 +6262,6 @@ class LibvirtDriver(driver.ComputeDriver): - hv.synic = True - hv.reset = True - hv.frequencies = True -- hv.reenlightenment = True - hv.tlbflush = True - hv.ipi = True - --- -2.34.1 - diff --git a/images/octavia/Dockerfile b/images/octavia/Dockerfile new file mode 100644 index 000000000..bf8d7e7f5 --- /dev/null +++ b/images/octavia/Dockerfile @@ -0,0 +1,36 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +FROM registry.atmosphere.dev/library/openstack-venv-builder:zed AS build +ARG OCTAVIA_GIT_REF=000b577f3e9c9ff7cb893e9f6e635753017a78c6 +ADD --keep-git-dir=true https://opendev.org/openstack/octavia.git#${OCTAVIA_GIT_REF} /src/octavia +RUN git -C /src/octavia fetch --unshallow +ADD --keep-git-dir=true https://opendev.org/openstack/ovn-octavia-provider.git#stable/zed /src/ovn-octavia-provider +RUN git -C /src/ovn-octavia-provider fetch --unshallow +RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private < -Date: Tue, 16 Jan 2024 17:13:19 -0500 -Subject: [PATCH] fix: specify endpoint info. for neutron client - -Closes bug: #2049551 - -Change-Id: I80a266e500958415a70d462ddfe57e9e03e6ef13 ---- - octavia/common/clients.py | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/octavia/common/clients.py b/octavia/common/clients.py -index b13642bb..2abcc67b 100644 ---- a/octavia/common/clients.py -+++ b/octavia/common/clients.py -@@ -80,10 +80,16 @@ class NeutronAuth(object): - if not cls.neutron_client: - sess = ksession.get_session() - -- kwargs = {} -+ kwargs = { -+ 'region_name': CONF.neutron.region_name, -+ 'interface': CONF.neutron.valid_interfaces -+ } - if CONF.neutron.endpoint_override: - kwargs['network_endpoint_override'] = ( - CONF.neutron.endpoint_override) -+ if CONF.neutron.endpoint_override.startswith("https"): -+ kwargs['insecure'] = CONF.neutron.insecure -+ kwargs['cacert'] = CONF.neutron.cafile - - conn = openstack.connection.Connection( - session=sess, **kwargs) --- -2.34.1 - diff --git a/images/openstack-runtime/Dockerfile b/images/openstack-runtime/Dockerfile new file mode 100644 index 000000000..3cf9ae45f --- /dev/null +++ b/images/openstack-runtime/Dockerfile @@ -0,0 +1,23 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +ARG FROM=registry.atmosphere.dev/library/ubuntu-cloud-archive:zed +FROM ${FROM} +ONBUILD ARG PROJECT +ONBUILD ARG SHELL=/usr/sbin/nologin +ONBUILD RUN \ + groupadd -g 42424 ${PROJECT} && \ + useradd -u 42424 -g 42424 -M -d /var/lib/${PROJECT} -s ${SHELL} -c "${PROJECT} User" ${PROJECT} && \ + mkdir -p /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/cache/${PROJECT} && \ + chown -Rv ${PROJECT}:${PROJECT} /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/cache/${PROJECT} diff --git a/images/openstack-service/Earthfile b/images/openstack-service/Earthfile deleted file mode 100644 index ae4ab494d..000000000 --- a/images/openstack-service/Earthfile +++ /dev/null @@ -1,99 +0,0 @@ -VERSION 0.8 - -PIP_INSTALL: - FUNCTION - ARG PACKAGES - RUN --mount=type=cache,target=/root/.cache \ - /var/lib/openstack/bin/pip3 install \ - --constraint /upper-constraints.txt \ - ${PACKAGES} - -GIT_CHECKOUT: - FUNCTION - ARG PROJECT - ARG PROJECT_REPO=https://github.com/openstack/${PROJECT} - ARG PROJECT_REF - GIT CLONE --branch ${PROJECT_REF} ${PROJECT_REPO} /src - WORKDIR /src - RUN \ - git remote set-url origin ${PROJECT_REPO} && \ - git fetch --unshallow - COPY --if-exists patches/${PROJECT} /patches - IF [ -d /patches ] - RUN git apply --verbose /patches/*.patch - END - -BUILD_VENV: - FUNCTION - ARG PROJECT - ARG PROJECT_REPO=https://github.com/openstack/${PROJECT} - ARG PROJECT_REF - DO +GIT_CHECKOUT \ - --PROJECT=${PROJECT} \ - --PROJECT_REPO=${PROJECT_REPO} \ - --PROJECT_REF=${PROJECT_REF} - ARG EXTRAS="" - ARG PIP_PACKAGES="" - DO +PIP_INSTALL --PACKAGES "/src${EXTRAS} ${PIP_PACKAGES}" - SAVE ARTIFACT /var/lib/openstack venv - -requirements: - FROM ../base+image - ARG RELEASE - IF [ "${RELEASE}" = "master" ] - ARG BRANCH=master - ELSE - ARG BRANCH=stable/${RELEASE} - END - GIT CLONE --branch ${BRANCH} https://github.com/openstack/requirements /src - RUN \ - sed -i 's/cryptography===36.0.2/cryptography===42.0.4/' /src/upper-constraints.txt && \ - sed -i 's/cryptography===40.0.2/cryptography===42.0.4/' /src/upper-constraints.txt && \ - sed -i 's/cryptography===41.0.7/cryptography===42.0.4/' /src/upper-constraints.txt && \ - sed -i 's/Django===3.2.18/Django===3.2.24/' /src/upper-constraints.txt && \ - sed -i 's/Flask===2.2.3/Flask===2.2.5/' /src/upper-constraints.txt && \ - sed -i 's/Jinja2===3.1.2/Jinja2===3.1.3/' /src/upper-constraints.txt && \ - sed -i 's/paramiko===2.11.0/paramiko===3.4.0/' /src/upper-constraints.txt && \ - sed -i 's/paramiko===3.1.0/paramiko===3.4.0/' /src/upper-constraints.txt && \ - sed -i 's/pyOpenSSL===22.0.0/pyOpenSSL===24.0.0/' /src/upper-constraints.txt && \ - sed -i 's/pyOpenSSL===23.1.1/pyOpenSSL===24.0.0/' /src/upper-constraints.txt && \ - sed -i 's/requests===2.28.1/requests===2.31.0/' /src/upper-constraints.txt && \ - sed -i 's/requests===2.28.2/requests===2.31.0/' /src/upper-constraints.txt && \ - sed -i 's/sqlparse===0.4.2/sqlparse===0.4.4/' /src/upper-constraints.txt && \ - sed -i 's/urllib3===1.26.12/urllib3===1.26.18/' /src/upper-constraints.txt && \ - sed -i 's/urllib3===1.26.15/urllib3===1.26.18/' /src/upper-constraints.txt && \ - sed -i 's/Werkzeug===2.2.3/Werkzeug===2.3.8/' /src/upper-constraints.txt && \ - sed -i '/glance-store/d' /src/upper-constraints.txt && \ - sed -i '/horizon/d' /src/upper-constraints.txt - SAVE ARTIFACT /src/upper-constraints.txt - -builder: - ARG RELEASE - FROM ../cloud-archive-base+image --RELEASE=${RELEASE} - DO ../+APT_INSTALL --PACKAGES "\ - build-essential \ - curl \ - git \ - libldap2-dev \ - libpcre3-dev \ - libsasl2-dev \ - libssl-dev \ - lsb-release \ - openssh-client \ - python3 \ - python3-dev \ - python3-pip \ - python3-venv" - RUN --mount type=cache,target=/root/.cache \ - python3 -m venv --upgrade-deps --system-site-packages /var/lib/openstack - COPY \ - (+requirements/upper-constraints.txt --RELEASE=${RELEASE}) \ - /upper-constraints.txt - DO +PIP_INSTALL --PACKAGES "cryptography pymysql python-binary-memcached python-memcached uwsgi" - -image: - ARG --required RELEASE - FROM ../cloud-archive-base+image --RELEASE=${RELEASE} - ENV PATH=/var/lib/openstack/bin:$PATH - ARG --required PROJECT - DO ../+CREATE_PROJECT_USER --PROJECT=${PROJECT} diff --git a/images/openstack-venv-builder/Dockerfile b/images/openstack-venv-builder/Dockerfile new file mode 100644 index 000000000..2b154cf4d --- /dev/null +++ b/images/openstack-venv-builder/Dockerfile @@ -0,0 +1,62 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +FROM registry.atmosphere.dev/library/ubuntu-cloud-archive:zed AS requirements +ADD https://releases.openstack.org/constraints/upper/zed /upper-constraints.txt +RUN < 23.0.1.dev6 therefore -# we ignore those old CVEs. -CVE-2012-3542 -CVE-2012-4413 -CVE-2013-2256 -CVE-2013-4179 -CVE-2014-3517 -CVE-2014-3608 -CVE-2014-3641 -CVE-2014-3708 -CVE-2015-0259 -CVE-2015-3221 -CVE-2015-3280 -CVE-2015-5251 -CVE-2015-5286 -CVE-2015-7713 diff --git a/images/trivy/Earthfile b/images/trivy/Earthfile deleted file mode 100644 index 8f6862546..000000000 --- a/images/trivy/Earthfile +++ /dev/null @@ -1,8 +0,0 @@ -VERSION 0.7 - -image: - FROM aquasec/trivy:0.48.3 - COPY .trivyignore /.trivyignore - # TODO(mnaser): Add automatic updates - RUN trivy image --download-db-only - RUN trivy image --download-java-db-only diff --git a/zuul.d/playbooks/buildset-registry/pre.yml b/images/ubuntu-cloud-archive/Dockerfile similarity index 68% rename from zuul.d/playbooks/buildset-registry/pre.yml rename to images/ubuntu-cloud-archive/Dockerfile index 81304bb42..43d3a1a47 100644 --- a/zuul.d/playbooks/buildset-registry/pre.yml +++ b/images/ubuntu-cloud-archive/Dockerfile @@ -12,9 +12,8 @@ # License for the specific language governing permissions and limitations # under the License. -- name: Prepare host for building images - hosts: all - roles: - - ensure-docker - - run-buildset-registry - - use-buildset-registry +FROM registry.atmosphere.dev/library/ubuntu:zed +COPY trusted.gpg.d/ubuntu-cloud-keyring.gpg /etc/apt/trusted.gpg.d/ubuntu-cloud-keyring.gpg +COPY <6743a04p4H8L#ar*?5jSEDDVt~VbVqPmmRddU&PZtyV)C6k<(@a}BvYB0^A z#lq<^%2jUxN;=`uqk%4%ZRy@n2<@-QY;fz5N;9rTI>y)2c4vV@%(&~KI6=^6k9$=i z_N5?xFW`4~&~%>-(49{zWXaz8byi@u5nd38#Vhsx9sNms$3_BZML|cry_$+8YoE^z zj;F(0UPl%cNpNF@xB!`*5H$QsldDRNqj9r|1Gt+TnTvMQRK9E&0AgWpZX#MFKBp4w zRgB-iDvZ`)INW*?aS^aWVg-p9y2|k|LySkck{$d_`5l-D;W>~f~|mwtCLNb2svGYt4p_b`t_2ukcCLydno@ffn~bb7H9@QK}P|ue3*zS zzmc4Paq(I@SKfXtyJSrCN!}{)V-y=LO*kmZ;Gh=1;%-~){i7D*F-Za<8=5%RSywa( zP=6*;>dX>fQVOo%!_30-ZO_4R6FiE*vr;m6%K{wc zm--`n^JCOtLGrpI<=L?8^sbkhK&cK&O{Mdfs0lZl%n_W<;?XD?)M*1x#!V&2mCS!g zX%s7;rK!{iG2D`$#>kmYmFlq4pyr76g@$6mL9?s-n&LA(8r3W<3;75L;zRFhA2TkYcZ0-4N31yJ;YJ3|4@B#w! z8`D2zycQ=IIPen^=#g5^%Ab8xSS_N$%n>L;l}2N9ecEpQL)|hdGN9YNvoKjl8{|X> zvxjw|c%F<~p=N{Eez`G8q84rDq1~qz8sWFDH;JC`v2;z0;Cx2KPp173qB2Zc6VSJ+ Pum%7FXK-f#umS)BeJLzU literal 0 HcmV?d00001 diff --git a/zuul.d/playbooks/molecule-keycloak/pre.yml b/images/ubuntu/Dockerfile similarity index 84% rename from zuul.d/playbooks/molecule-keycloak/pre.yml rename to images/ubuntu/Dockerfile index ab0c6e184..1ad0fc5d6 100644 --- a/zuul.d/playbooks/molecule-keycloak/pre.yml +++ b/images/ubuntu/Dockerfile @@ -12,7 +12,5 @@ # License for the specific language governing permissions and limitations # under the License. -- name: Prepare host for Keycloak tests - hosts: all - roles: - - ensure-docker +FROM ubuntu:jammy-20240227 +LABEL org.opencontainers.image.source=https://github.com/vexxhost/atmosphere diff --git a/molecule/keycloak/create.yml b/molecule/keycloak/create.yml new file mode 120000 index 000000000..5e5dbdcb1 --- /dev/null +++ b/molecule/keycloak/create.yml @@ -0,0 +1 @@ +../aio/create.yml \ No newline at end of file diff --git a/molecule/keycloak/group_vars b/molecule/keycloak/group_vars new file mode 120000 index 000000000..6a6b2f1c2 --- /dev/null +++ b/molecule/keycloak/group_vars @@ -0,0 +1 @@ +../aio/group_vars \ No newline at end of file diff --git a/molecule/keycloak/host_vars b/molecule/keycloak/host_vars new file mode 120000 index 000000000..6dd61d6cd --- /dev/null +++ b/molecule/keycloak/host_vars @@ -0,0 +1 @@ +../aio/host_vars \ No newline at end of file diff --git a/molecule/keycloak/molecule.yml b/molecule/keycloak/molecule.yml index 6446c65aa..d1e43469d 120000 --- a/molecule/keycloak/molecule.yml +++ b/molecule/keycloak/molecule.yml @@ -1 +1 @@ -../shared/molecule.yml \ No newline at end of file +../aio/molecule.yml \ No newline at end of file diff --git a/molecule/keycloak/prepare.yml b/molecule/keycloak/prepare.yml index b94b2edf5..5edf407c2 100644 --- a/molecule/keycloak/prepare.yml +++ b/molecule/keycloak/prepare.yml @@ -12,8 +12,11 @@ # License for the specific language governing permissions and limitations # under the License. -- import_playbook: ../shared/prepare/base.yml -- import_playbook: ../shared/prepare/kubernetes.yml +- name: Install Kubernetes + ansible.builtin.import_playbook: vexxhost.atmosphere.kubernetes + +- name: Install CSI + ansible.builtin.import_playbook: vexxhost.atmosphere.csi - hosts: controllers become: true diff --git a/patches/2023.2/magnum/.gitkeep b/patches/2023.2/magnum/.gitkeep deleted file mode 100644 index e69de29bb..000000000 diff --git a/roles/defaults/vars/main.yml b/roles/defaults/vars/main.yml index dfb9d58f8..0b3860eb6 100644 --- a/roles/defaults/vars/main.yml +++ b/roles/defaults/vars/main.yml @@ -13,189 +13,189 @@ # under the License. _atmosphere_images: - alertmanager: quay.io/prometheus/alertmanager:v0.26.0@sha256:361db356b33041437517f1cd298462055580585f26555c317df1a3caf2868552 - barbican_api: registry.atmosphere.dev/library/barbican:2023.2@sha256:836d31f3d9b88d7da006478b9d0cd79390b5726042e31d27824599c7fe97acc9 - barbican_db_sync: registry.atmosphere.dev/library/barbican:2023.2@sha256:836d31f3d9b88d7da006478b9d0cd79390b5726042e31d27824599c7fe97acc9 - bootstrap: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - ceph_config_helper: ghcr.io/vexxhost/atmosphere/libvirtd:zed@sha256:5f349c9842535c27edbf94be42e4b5c07aa0ff62358cec4b61b1357554e9cf9c - ceph: quay.io/ceph/ceph:v16.2.11@sha256:1b9803c8984bef8b82f05e233e8fe8ed8f0bba8e5cc2c57f6efaccbeea682add - cert_manager_cainjector: quay.io/jetstack/cert-manager-cainjector:v1.7.1@sha256:985743eeed2b62f68ee06e583f1d5a371e1c35af4b1980a1b2571d29174cce47 - cert_manager_cli: quay.io/jetstack/cert-manager-ctl:v1.7.1@sha256:af84513925d86d2de456b5d67dbccd2a34d93aa6fd4e1c8fe9f84182fef1b1b1 - cert_manager_controller: quay.io/jetstack/cert-manager-controller:v1.7.1@sha256:51027a4cc4d30e197e3506daf3a4fa2d2a0bc2826469f8a87848dfd279e031c0 - cert_manager_webhook: quay.io/jetstack/cert-manager-webhook:v1.7.1@sha256:a926d60b6f23553ca5d11ac9cd66bcc692136e838613c8bc0d60c6c35a3cbcfc - cilium_node: quay.io/cilium/cilium:v1.14.8@sha256:7fca3ba4b04af066e8b086b5c1a52e30f52db01ffc642e7db0a439514aed3ada - cilium_operator: quay.io/cilium/operator-generic:v1.14.8@sha256:56d373c12483c09964a00a29246595917603a077a298aa90a98e4de32c86b7dc - cinder_api: ghcr.io/vexxhost/atmosphere/cinder:2023.2@sha256:33fa168ec380d7f7f9aa144df2c63004403575c547462ab83198b31ddbbef73e - cinder_backup_storage_init: ghcr.io/vexxhost/atmosphere/cinder:2023.2@sha256:33fa168ec380d7f7f9aa144df2c63004403575c547462ab83198b31ddbbef73e - cinder_backup: ghcr.io/vexxhost/atmosphere/cinder:2023.2@sha256:33fa168ec380d7f7f9aa144df2c63004403575c547462ab83198b31ddbbef73e - cinder_db_sync: ghcr.io/vexxhost/atmosphere/cinder:2023.2@sha256:33fa168ec380d7f7f9aa144df2c63004403575c547462ab83198b31ddbbef73e - cinder_scheduler: ghcr.io/vexxhost/atmosphere/cinder:2023.2@sha256:33fa168ec380d7f7f9aa144df2c63004403575c547462ab83198b31ddbbef73e - cinder_storage_init: ghcr.io/vexxhost/atmosphere/cinder:2023.2@sha256:33fa168ec380d7f7f9aa144df2c63004403575c547462ab83198b31ddbbef73e - cinder_volume_usage_audit: ghcr.io/vexxhost/atmosphere/cinder:2023.2@sha256:33fa168ec380d7f7f9aa144df2c63004403575c547462ab83198b31ddbbef73e - cinder_volume: ghcr.io/vexxhost/atmosphere/cinder:2023.2@sha256:33fa168ec380d7f7f9aa144df2c63004403575c547462ab83198b31ddbbef73e - cluster_api_controller: registry.k8s.io/cluster-api/cluster-api-controller:v1.6.0@sha256:211632c5b695212bce78e0d35da5eb7b7672a3b2ff598883f8c60ebb557a7185 - cluster_api_kubeadm_bootstrap_controller: registry.k8s.io/cluster-api/kubeadm-bootstrap-controller:v1.6.0@sha256:956876ee8825038b12133352686d86585afa2feb22ca3bf9e437659862db2d43 - cluster_api_kubeadm_control_plane_controller: registry.k8s.io/cluster-api/kubeadm-control-plane-controller:v1.6.0@sha256:2c4ee52a70e19a0d2b55783bc72d6a63fca84f5da76a9dd1aef2630491277e6f - cluster_api_openstack_controller: registry.k8s.io/capi-openstack/capi-openstack-controller:v0.9.0@sha256:d5d5df3695d8b8785ac4ef00497ce0b969ff7dc291cb1647581bd2265b85cf51 - csi_node_driver_registrar: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.4.0@sha256:0174bf20d7ad8e9f131a045802ef1c43b4592a2ebc18ba07972b1ce8858d9cb7 - csi_rbd_attacher: registry.k8s.io/sig-storage/csi-attacher:v3.4.0@sha256:adc2922c98c539f680c02af99042d968114746f973a49b529785d6b402134bbf - csi_rbd_plugin: quay.io/cephcsi/cephcsi:v3.5.1@sha256:28a674af1df2325fea415e32a7f93f083fce1f9c474912c45f025427fdc0aa10 - csi_rbd_provisioner: registry.k8s.io/sig-storage/csi-provisioner:v3.1.0@sha256:92107bb668a9de58a09247596c337bc5b46a1d145685eb55ef489ae16952f5bd - csi_rbd_resizer: registry.k8s.io/sig-storage/csi-resizer:v1.3.0@sha256:35ec0c736ec8266bd4a46f9e942315f148f3139beed99879d0ad8b8e5074d641 - csi_rbd_snapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v4.2.0@sha256:bd7dafbd0d4fe81f23f01c9a7432de067bdf085f70d61492f5ffddd9c5264358 - db_drop: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - db_init: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - dep_check: ghcr.io/vexxhost/atmosphere/kubernetes-entrypoint:latest@sha256:0c986164554331d5361f100a505695a45d9a7f63f8fb40f29a5ee026ce28b8b2 - designate_api: ghcr.io/vexxhost/atmosphere/designate:2023.2@sha256:cddae1e127cb570e8db3e155559b89307cdb7a5b65ace986c12fe3610ea03d9a - designate_central: ghcr.io/vexxhost/atmosphere/designate:2023.2@sha256:cddae1e127cb570e8db3e155559b89307cdb7a5b65ace986c12fe3610ea03d9a - designate_db_sync: ghcr.io/vexxhost/atmosphere/designate:2023.2@sha256:cddae1e127cb570e8db3e155559b89307cdb7a5b65ace986c12fe3610ea03d9a - designate_mdns: ghcr.io/vexxhost/atmosphere/designate:2023.2@sha256:cddae1e127cb570e8db3e155559b89307cdb7a5b65ace986c12fe3610ea03d9a - designate_producer: ghcr.io/vexxhost/atmosphere/designate:2023.2@sha256:cddae1e127cb570e8db3e155559b89307cdb7a5b65ace986c12fe3610ea03d9a - designate_sink: ghcr.io/vexxhost/atmosphere/designate:2023.2@sha256:cddae1e127cb570e8db3e155559b89307cdb7a5b65ace986c12fe3610ea03d9a - designate_worker: ghcr.io/vexxhost/atmosphere/designate:2023.2@sha256:cddae1e127cb570e8db3e155559b89307cdb7a5b65ace986c12fe3610ea03d9a - glance_api: ghcr.io/vexxhost/atmosphere/glance:2023.2@sha256:1b127d8bb8f5384050d0acabe623fa8fdb0bba7b6d31a43be68402916723fb1b - glance_db_sync: ghcr.io/vexxhost/atmosphere/glance:2023.2@sha256:1b127d8bb8f5384050d0acabe623fa8fdb0bba7b6d31a43be68402916723fb1b - glance_metadefs_load: ghcr.io/vexxhost/atmosphere/glance:2023.2@sha256:1b127d8bb8f5384050d0acabe623fa8fdb0bba7b6d31a43be68402916723fb1b - glance_registry: ghcr.io/vexxhost/atmosphere/glance:2023.2@sha256:1b127d8bb8f5384050d0acabe623fa8fdb0bba7b6d31a43be68402916723fb1b - glance_storage_init: ghcr.io/vexxhost/atmosphere/glance:2023.2@sha256:1b127d8bb8f5384050d0acabe623fa8fdb0bba7b6d31a43be68402916723fb1b - grafana_sidecar: quay.io/kiwigrid/k8s-sidecar:1.25.2@sha256:cb4c638ffb1fa1eb49678e0f0423564b39254533f63f4ca6a6c24260472e0c4f - grafana: docker.io/grafana/grafana:10.3.3@sha256:f8f7d338b2ecd278599e7f1cfc84a0a7bd4f549312218a54696edb38d709100d - haproxy: docker.io/library/haproxy:2.5@sha256:489dcc4385fd45813f3e9252b2f1f440db5749e4845d560250ce5083cc45eeb0 - heat_api: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - heat_cfn: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - heat_cloudwatch: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - heat_db_sync: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - heat_engine_cleaner: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - heat_engine: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - heat_purge_deleted: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - horizon_db_sync: ghcr.io/vexxhost/atmosphere/horizon:2023.2@sha256:8b8cae26a00725c110bc597840925b66d942e2dd31335334dd8fb9ef3591f494 - horizon: ghcr.io/vexxhost/atmosphere/horizon:2023.2@sha256:8b8cae26a00725c110bc597840925b66d942e2dd31335334dd8fb9ef3591f494 - ingress_nginx_controller: registry.k8s.io/ingress-nginx/controller:v1.1.1@sha256:e16123f3932f44a2bba8bc3cf1c109cea4495ee271d6d16ab99228b58766d3ab - ingress_nginx_default_backend: registry.k8s.io/defaultbackend-amd64:1.5@sha256:4dc5e07c8ca4e23bddb3153737d7b8c556e5fb2f29c4558b7cd6e6df99c512c7 - ingress_nginx_kube_webhook_certgen: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:23a03c9c381fba54043d0f6148efeaf4c1ca2ed176e43455178b5c5ebf15ad70 # noqa: yaml[line-length] - keepalived: us-docker.pkg.dev/vexxhost-infra/openstack/keepalived:2.0.19@sha256:4fe20cd5c200e301e1a790c9aca8c3fc651c8461afea9d37c56a462d3bfa48bb - keycloak: quay.io/keycloak/keycloak:22.0.1-0@sha256:5b872e841ea9e394d89bdf250146434532d9c2001404540d46621d60f87494e7 - keystone_api: ghcr.io/vexxhost/atmosphere/keystone:2023.2@sha256:edb33b454d1dd0514c5f72613dddec2505e6b103aa7d5e56cb5e9eade119a33a - keystone_credential_cleanup: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - keystone_credential_rotate: ghcr.io/vexxhost/atmosphere/keystone:2023.2@sha256:edb33b454d1dd0514c5f72613dddec2505e6b103aa7d5e56cb5e9eade119a33a - keystone_credential_setup: ghcr.io/vexxhost/atmosphere/keystone:2023.2@sha256:edb33b454d1dd0514c5f72613dddec2505e6b103aa7d5e56cb5e9eade119a33a - keystone_db_sync: ghcr.io/vexxhost/atmosphere/keystone:2023.2@sha256:edb33b454d1dd0514c5f72613dddec2505e6b103aa7d5e56cb5e9eade119a33a - keystone_domain_manage: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - keystone_fernet_rotate: ghcr.io/vexxhost/atmosphere/keystone:2023.2@sha256:edb33b454d1dd0514c5f72613dddec2505e6b103aa7d5e56cb5e9eade119a33a - keystone_fernet_setup: ghcr.io/vexxhost/atmosphere/keystone:2023.2@sha256:edb33b454d1dd0514c5f72613dddec2505e6b103aa7d5e56cb5e9eade119a33a - ks_endpoints: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - ks_service: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - ks_user: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - kube_apiserver: registry.k8s.io/kube-apiserver:v1.22.17@sha256:d88d1c8f972e10ff4b4176f3185434e2832d3805c457fa9e8816f1da2fdf3b93 - kube_controller_manager: registry.k8s.io/kube-controller-manager:v1.22.17@sha256:c3e041c8c8c9ffd33d421c8c1de1f42da52b616bfcf61880498e9efc9ec88005 - kube_coredns: registry.k8s.io/coredns/coredns:v1.8.4@sha256:10683d82b024a58cc248c468c2632f9d1b260500f7cd9bb8e73f751048d7d6d4 - kube_etcd: registry.k8s.io/etcd:3.5.6-0@sha256:b0fdb657c0bd10d8c96ed2ce762842384709a9fc54d532220d5252f1f99b4d1d - kube_proxy: registry.k8s.io/kube-proxy:v1.22.17@sha256:614ec43f14e16e077173afa61ee355f8a5d1cc5b1c5e8030766781dc5ccde171 - kube_scheduler: registry.k8s.io/kube-scheduler:v1.22.17@sha256:f85dda445b7c8da197b8e39b0ca2b125b1e97a4a365d45c04d2759aefe935974 - kube_state_metrics: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.10.1@sha256:50502264dbee17136b48d19404ce40d6e57ef9d38aafd95ceb1d977cc92e9519 - kubectl: docker.io/bitnami/kubectl:1.27.3@sha256:876cebc2d9272d9eb42c2128c9a08c7e7715dbfe4f2eb2f0b3612df977fdd6b7 - libvirt: ghcr.io/vexxhost/atmosphere/libvirtd:zed@sha256:5f349c9842535c27edbf94be42e4b5c07aa0ff62358cec4b61b1357554e9cf9c - libvirt_tls_sidecar: ghcr.io/vexxhost/atmosphere/libvirt-tls-sidecar:latest@sha256:32dab069c0c70e46a6bff5f0fd75ca646af4c4b46c83947c31804c30e8befec6 - libvirt_exporter: docker.io/vexxhost/libvirtd-exporter:latest@sha256:1a0fdf89f80060bfdbb8cf45213295c5d9fb1f7ea7dbfe2b331f0649cc98df8e - local_path_provisioner_helper: docker.io/library/busybox:1.36.0@sha256:086417a48026173aaadca4ce43a1e4b385e8e62cc738ba79fc6637049674cac0 - local_path_provisioner: docker.io/rancher/local-path-provisioner:v0.0.24@sha256:b7dea5221f06f6feed7788db0ad6b024a433c8f55533bd6cc792dc2079ff9ad2 - loki_gateway: docker.io/nginxinc/nginx-unprivileged:1.19-alpine@sha256:bbd46452aae30a7cc7bc438f267af812c7a2b0f3b5bcd4cc55eb99669cea3f28 - loki: docker.io/grafana/loki:2.7.3@sha256:8e3abbd89173066721fa07bddfee1c1a7a8fe59bed5b00a2fa09d2b3cef8758c - magnum_api: registry.atmosphere.dev/library/magnum:2023.2@sha256:5cc8854c18d5590238f9bfa28b8a4c9a07e0b1c9e69e9a9874fe78fef58454ff - magnum_cluster_api_proxy: registry.atmosphere.dev/library/magnum:2023.2@sha256:5cc8854c18d5590238f9bfa28b8a4c9a07e0b1c9e69e9a9874fe78fef58454ff - magnum_conductor: registry.atmosphere.dev/library/magnum:2023.2@sha256:5cc8854c18d5590238f9bfa28b8a4c9a07e0b1c9e69e9a9874fe78fef58454ff - magnum_db_sync: registry.atmosphere.dev/library/magnum:2023.2@sha256:5cc8854c18d5590238f9bfa28b8a4c9a07e0b1c9e69e9a9874fe78fef58454ff - magnum_registry: quay.io/vexxhost/magnum-cluster-api-registry:latest@sha256:caba380e193264f047651728cbc7905e87d7eee846d8576778b5e7d824ec609d - manila_api: ghcr.io/vexxhost/atmosphere/manila:2023.2@sha256:c14e65aca5d474fede5be312ce8bdb2d8bedb9841ac138f53bad5882f3f0f31c - manila_data: ghcr.io/vexxhost/atmosphere/manila:2023.2@sha256:c14e65aca5d474fede5be312ce8bdb2d8bedb9841ac138f53bad5882f3f0f31c - manila_db_sync: ghcr.io/vexxhost/atmosphere/manila:2023.2@sha256:c14e65aca5d474fede5be312ce8bdb2d8bedb9841ac138f53bad5882f3f0f31c - manila_scheduler: ghcr.io/vexxhost/atmosphere/manila:2023.2@sha256:c14e65aca5d474fede5be312ce8bdb2d8bedb9841ac138f53bad5882f3f0f31c - manila_share: ghcr.io/vexxhost/atmosphere/manila:2023.2@sha256:c14e65aca5d474fede5be312ce8bdb2d8bedb9841ac138f53bad5882f3f0f31c - memcached: docker.io/library/memcached:1.6.17@sha256:db45886d2d48f143be64f2d46407e224b0b61df3b0056b9d5b03e8bc6a7cd74e - netoffload: ghcr.io/vexxhost/atmosphere/netoffload:main@sha256:136b37811a4352ddb2d2aeeb52c1ee403cc043511ec59afda2c65f1a33a80e18 - neutron_bagpipe_bgp: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7 - neutron_bgp_dragent: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7 - neutron_coredns: docker.io/coredns/coredns:1.9.3@sha256:bdb36ee882c13135669cfc2bb91c808a33926ad1a411fee07bd2dc344bb8f782 - neutron_db_sync: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7 - neutron_dhcp: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7 - neutron_ironic_agent: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7 - neutron_l2gw: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7 - neutron_l3: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7 - neutron_linuxbridge_agent: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7 - neutron_metadata: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7 - neutron_netns_cleanup_cron: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7 - neutron_openvswitch_agent: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7 - neutron_ovn_metadata: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7 - neutron_server: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7 - neutron_sriov_agent_init: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7 - neutron_sriov_agent: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7 - node_feature_discovery: registry.k8s.io/nfd/node-feature-discovery:v0.11.2@sha256:24b2abfb5956b6a2a9a0f4248232838d02235d65044078c43d8bdcf29344f141 - nova_api: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b - nova_archive_deleted_rows: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b - nova_cell_setup_init: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - nova_cell_setup: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b - nova_compute_ironic: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b - nova_compute_ssh: ghcr.io/vexxhost/atmosphere/nova-ssh:latest@sha256:5ba950e9bd6aa07adae0befeb94a9f31cc088cc396e4e02e81c30fe5fd90a8b8 - nova_compute: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b - nova_conductor: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b - nova_consoleauth: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b - nova_db_sync: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b - nova_novncproxy_assets: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b - nova_novncproxy: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b - nova_placement: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b - nova_scheduler: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b - nova_service_cleaner: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - nova_spiceproxy_assets: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b - nova_spiceproxy: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b - oauth2_proxy: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0@sha256:dcb6ff8dd21bf3058f6a22c6fa385fa5b897a9cd3914c88a2cc2bb0a85f8065d - octavia_api: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:13ce44f4277e69e3ea3e2341d42378c9470fb5618329e87ca6f58cdee9c84d15 - octavia_db_sync: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:13ce44f4277e69e3ea3e2341d42378c9470fb5618329e87ca6f58cdee9c84d15 - octavia_health_manager_init: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - octavia_health_manager: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:13ce44f4277e69e3ea3e2341d42378c9470fb5618329e87ca6f58cdee9c84d15 - octavia_housekeeping: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:13ce44f4277e69e3ea3e2341d42378c9470fb5618329e87ca6f58cdee9c84d15 - octavia_worker: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:13ce44f4277e69e3ea3e2341d42378c9470fb5618329e87ca6f58cdee9c84d15 - openvswitch_db_server: ghcr.io/vexxhost/atmosphere/openvswitch:3.1.0-65@sha256:f017715f72dc0a48c8cc8ff9a1da9cb2c17879065ffd6c377ffabd2cff28148a - openvswitch_vswitchd: ghcr.io/vexxhost/atmosphere/openvswitch:3.1.0-65@sha256:f017715f72dc0a48c8cc8ff9a1da9cb2c17879065ffd6c377ffabd2cff28148a - ovn_controller: ghcr.io/vexxhost/atmosphere/ovn-host:23.03.0-69@sha256:2eeeb70a7cd745e3fdbdd396f611cb2bd090228a6551b1b4b9b01d0ac6a8a121 - ovn_northd: ghcr.io/vexxhost/atmosphere/ovn-central:23.03.0-69@sha256:171a020d3db924c25c3521844a309d5007316d07cd155111670ee291d6ffe39d - ovn_ovsdb_nb: ghcr.io/vexxhost/atmosphere/ovn-central:23.03.0-69@sha256:171a020d3db924c25c3521844a309d5007316d07cd155111670ee291d6ffe39d - ovn_ovsdb_sb: ghcr.io/vexxhost/atmosphere/ovn-central:23.03.0-69@sha256:171a020d3db924c25c3521844a309d5007316d07cd155111670ee291d6ffe39d - pause: registry.k8s.io/pause:3.9@sha256:7031c1b283388d2c2e09b57badb803c05ebed362dc88d84b480cc47f72a21097 - percona_xtradb_cluster_haproxy: docker.io/percona/percona-xtradb-cluster-operator:1.13.0-haproxy@sha256:f04e4fea548bfc7cb0bfc73c75c7f2c64d299cf04125a07a8101a55f0f734fed - percona_xtradb_cluster_operator: docker.io/percona/percona-xtradb-cluster-operator:1.13.0@sha256:c674d63242f1af521edfbaffae2ae02fb8d010c0557a67a9c42d2b4a50db5243 - percona_xtradb_cluster: docker.io/percona/percona-xtradb-cluster:8.0.32-24.2@sha256:1f978ab8912e1b5fc66570529cb7e7a4ec6a38adbfce1ece78159b0fcfa7d47a - percona_version_service: docker.io/perconalab/version-service:main-3325140@sha256:b7928130fca1e35ce7feaeec326fef836229a8b4de2f6f6ea5b6d2c7a48cd071 - placement_db_sync: ghcr.io/vexxhost/atmosphere/placement:2023.2@sha256:c5bf2b2db697db1966c2fee0c6358dc79b6bac3542c619db5fb8002d666b16d3 - placement: ghcr.io/vexxhost/atmosphere/placement:2023.2@sha256:c5bf2b2db697db1966c2fee0c6358dc79b6bac3542c619db5fb8002d666b16d3 - prometheus_config_reloader: quay.io/prometheus-operator/prometheus-config-reloader:v0.71.2@sha256:9f0c16b8c95c908f761d45f95bc04da9dd6482adc8dc0d88dcbc24ceeb5879a1 - prometheus_ipmi_exporter: us-docker.pkg.dev/vexxhost-infra/openstack/ipmi-exporter:1.4.0@sha256:4898da9cc11961a56363e8b3f3437d0f45b46585b20c79e33e97fbe7232e05d2 - prometheus_memcached_exporter: quay.io/prometheus/memcached-exporter:v0.10.0@sha256:fa5a2de1a4744da66fb369bee81232f5ea52208bc643e409a60f66d699ac27b2 - prometheus_mysqld_exporter: quay.io/prometheus/mysqld-exporter:v0.14.0@sha256:eb6fe170738bf9181c51f5bc89f93adb26672ec49ffdcb22f55c24834003b45d - prometheus_node_exporter: quay.io/prometheus/node-exporter:v1.7.0@sha256:4cb2b9019f1757be8482419002cb7afe028fdba35d47958829e4cfeaf6246d80 - prometheus_openstack_database_exporter: ghcr.io/vexxhost/openstack-database-exporter:v0.2.0@sha256:286573f63840f961a6861982f7b3e8007b9a93eed77ec4476810af3286cb7fd9 - prometheus_openstack_exporter: ghcr.io/openstack-exporter/openstack-exporter:1.7.0@sha256:e5146a7dd5153c035fd8060899e3504b25557756ef4a4d85860a409247404f97 - prometheus_operator_kube_webhook_certgen: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20221220-controller-v1.5.1-58-g787ea74b6@sha256:5e6fdb9b2c74ad2576dd835b389d00d18ccfee21b547d1a79efb881009664099 - prometheus_operator: quay.io/prometheus-operator/prometheus-operator:v0.71.2@sha256:bbf3c671e65b0c115d2196bbe7fed0bcdc59f44b7c93868cd40d1c90cbd3806e - prometheus_pushgateway: docker.io/prom/pushgateway:v1.4.2@sha256:f74ff5b7ad0b8fb60c24b77eaeab025d659e46ec15f32430adb976544305c01f - prometheus: quay.io/prometheus/prometheus:v2.49.1@sha256:beb5e30ffba08d9ae8a7961b9a2145fc8af6296ff2a4f463df7cd722fcbfc789 - rabbit_init: docker.io/library/rabbitmq:3.10.2-management@sha256:350ab6d773e3af45183466488fe3259df36cd6ade437b4366a59e8052458cc3a - rabbitmq_cluster_operator: docker.io/rabbitmqoperator/cluster-operator:1.13.1@sha256:84ce21e9e2d6ceb8b93d9daf0b7cc1550b6ed86be5b3acd8b0816eddc1b87dc2 - rabbitmq_credential_updater: docker.io/rabbitmqoperator/default-user-credential-updater:1.0.2@sha256:563908dd8d6b6ce768e463a2d9d7a9b9b4adbcd258fed02c0a8746395cfa3f0d - rabbitmq_server: docker.io/library/rabbitmq:3.10.2-management@sha256:350ab6d773e3af45183466488fe3259df36cd6ade437b4366a59e8052458cc3a - rabbitmq_topology_operator: docker.io/rabbitmqoperator/messaging-topology-operator:1.6.0@sha256:5052e8bdb26996c62315f0707c6fb291fd84492e360cca7351e2c3fdf659be43 - rook_ceph: docker.io/rook/ceph:v1.10.10@sha256:2a65f6678c3f4e368046ee10695dce2c265cc81cd6bfd6258fc670dd18fbad5b + alertmanager: quay.io/prometheus/alertmanager:v0.26.0 + barbican_api: registry.atmosphere.dev/library/barbican:zed + barbican_db_sync: registry.atmosphere.dev/library/barbican:zed + bootstrap: registry.atmosphere.dev/library/heat:zed + ceph_config_helper: registry.atmosphere.dev/library/libvirtd:zed + ceph: quay.io/ceph/ceph:v16.2.11 + cert_manager_cainjector: quay.io/jetstack/cert-manager-cainjector:v1.7.1 + cert_manager_cli: quay.io/jetstack/cert-manager-ctl:v1.7.1 + cert_manager_controller: quay.io/jetstack/cert-manager-controller:v1.7.1 + cert_manager_webhook: quay.io/jetstack/cert-manager-webhook:v1.7.1 + cilium_node: quay.io/cilium/cilium:v1.14.8 + cilium_operator: quay.io/cilium/operator-generic:v1.14.8 + cinder_api: registry.atmosphere.dev/library/cinder:zed + cinder_backup_storage_init: registry.atmosphere.dev/library/cinder:zed + cinder_backup: registry.atmosphere.dev/library/cinder:zed + cinder_db_sync: registry.atmosphere.dev/library/cinder:zed + cinder_scheduler: registry.atmosphere.dev/library/cinder:zed + cinder_storage_init: registry.atmosphere.dev/library/cinder:zed + cinder_volume_usage_audit: registry.atmosphere.dev/library/cinder:zed + cinder_volume: registry.atmosphere.dev/library/cinder:zed + cluster_api_controller: registry.k8s.io/cluster-api/cluster-api-controller:v1.6.0 + cluster_api_kubeadm_bootstrap_controller: registry.k8s.io/cluster-api/kubeadm-bootstrap-controller:v1.6.0 + cluster_api_kubeadm_control_plane_controller: registry.k8s.io/cluster-api/kubeadm-control-plane-controller:v1.6.0 + cluster_api_openstack_controller: registry.k8s.io/capi-openstack/capi-openstack-controller:v0.9.0 + csi_node_driver_registrar: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.4.0 + csi_rbd_attacher: registry.k8s.io/sig-storage/csi-attacher:v3.4.0 + csi_rbd_plugin: quay.io/cephcsi/cephcsi:v3.5.1 + csi_rbd_provisioner: registry.k8s.io/sig-storage/csi-provisioner:v3.1.0 + csi_rbd_resizer: registry.k8s.io/sig-storage/csi-resizer:v1.3.0 + csi_rbd_snapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v4.2.0 + db_drop: registry.atmosphere.dev/library/heat:zed + db_init: registry.atmosphere.dev/library/heat:zed + dep_check: registry.atmosphere.dev/library/kubernetes-entrypoint:zed + designate_api: registry.atmosphere.dev/library/designate:zed + designate_central: registry.atmosphere.dev/library/designate:zed + designate_db_sync: registry.atmosphere.dev/library/designate:zed + designate_mdns: registry.atmosphere.dev/library/designate:zed + designate_producer: registry.atmosphere.dev/library/designate:zed + designate_sink: registry.atmosphere.dev/library/designate:zed + designate_worker: registry.atmosphere.dev/library/designate:zed + glance_api: registry.atmosphere.dev/library/glance:zed + glance_db_sync: registry.atmosphere.dev/library/glance:zed + glance_metadefs_load: registry.atmosphere.dev/library/glance:zed + glance_registry: registry.atmosphere.dev/library/glance:zed + glance_storage_init: registry.atmosphere.dev/library/glance:zed + grafana_sidecar: quay.io/kiwigrid/k8s-sidecar:1.25.2 + grafana: docker.io/grafana/grafana:10.3.3 + haproxy: docker.io/library/haproxy:2.5 + heat_api: registry.atmosphere.dev/library/heat:zed + heat_cfn: registry.atmosphere.dev/library/heat:zed + heat_cloudwatch: registry.atmosphere.dev/library/heat:zed + heat_db_sync: registry.atmosphere.dev/library/heat:zed + heat_engine_cleaner: registry.atmosphere.dev/library/heat:zed + heat_engine: registry.atmosphere.dev/library/heat:zed + heat_purge_deleted: registry.atmosphere.dev/library/heat:zed + horizon_db_sync: registry.atmosphere.dev/library/horizon:zed + horizon: registry.atmosphere.dev/library/horizon:zed + ingress_nginx_controller: registry.k8s.io/ingress-nginx/controller:v1.1.1 + ingress_nginx_default_backend: registry.k8s.io/defaultbackend-amd64:1.5 + ingress_nginx_kube_webhook_certgen: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1 + keepalived: us-docker.pkg.dev/vexxhost-infra/openstack/keepalived:2.0.19 + keycloak: quay.io/keycloak/keycloak:22.0.1-0 + keystone_api: registry.atmosphere.dev/library/keystone:zed + keystone_credential_cleanup: registry.atmosphere.dev/library/heat:zed + keystone_credential_rotate: registry.atmosphere.dev/library/keystone:zed + keystone_credential_setup: registry.atmosphere.dev/library/keystone:zed + keystone_db_sync: registry.atmosphere.dev/library/keystone:zed + keystone_domain_manage: registry.atmosphere.dev/library/heat:zed + keystone_fernet_rotate: registry.atmosphere.dev/library/keystone:zed + keystone_fernet_setup: registry.atmosphere.dev/library/keystone:zed + ks_endpoints: registry.atmosphere.dev/library/heat:zed + ks_service: registry.atmosphere.dev/library/heat:zed + ks_user: registry.atmosphere.dev/library/heat:zed + kube_apiserver: registry.k8s.io/kube-apiserver:v1.22.17 + kube_controller_manager: registry.k8s.io/kube-controller-manager:v1.22.17 + kube_coredns: registry.k8s.io/coredns/coredns:v1.8.4 + kube_etcd: registry.k8s.io/etcd:3.5.6-0 + kube_proxy: registry.k8s.io/kube-proxy:v1.22.17 + kube_scheduler: registry.k8s.io/kube-scheduler:v1.22.17 + kube_state_metrics: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.10.1 + kubectl: docker.io/bitnami/kubectl:1.27.3 + libvirt: registry.atmosphere.dev/library/libvirtd:zed + libvirt_tls_sidecar: registry.atmosphere.dev/library/libvirt-tls-sidecar:zed + libvirt_exporter: docker.io/vexxhost/libvirtd-exporter:latest + local_path_provisioner_helper: docker.io/library/busybox:1.36.0 + local_path_provisioner: docker.io/rancher/local-path-provisioner:v0.0.24 + loki_gateway: docker.io/nginxinc/nginx-unprivileged:1.19-alpine + loki: docker.io/grafana/loki:2.7.3 + magnum_api: registry.atmosphere.dev/library/magnum:zed + magnum_cluster_api_proxy: registry.atmosphere.dev/library/magnum:zed + magnum_conductor: registry.atmosphere.dev/library/magnum:zed + magnum_db_sync: registry.atmosphere.dev/library/magnum:zed + magnum_registry: quay.io/vexxhost/magnum-cluster-api-registry:latest + manila_api: registry.atmosphere.dev/library/manila:zed + manila_data: registry.atmosphere.dev/library/manila:zed + manila_db_sync: registry.atmosphere.dev/library/manila:zed + manila_scheduler: registry.atmosphere.dev/library/manila:zed + manila_share: registry.atmosphere.dev/library/manila:zed + memcached: docker.io/library/memcached:1.6.17 + netoffload: registry.atmosphere.dev/library/netoffload:zed + neutron_bagpipe_bgp: registry.atmosphere.dev/library/neutron:zed + neutron_bgp_dragent: registry.atmosphere.dev/library/neutron:zed + neutron_coredns: docker.io/coredns/coredns:1.9.3 + neutron_db_sync: registry.atmosphere.dev/library/neutron:zed + neutron_dhcp: registry.atmosphere.dev/library/neutron:zed + neutron_ironic_agent: registry.atmosphere.dev/library/neutron:zed + neutron_l2gw: registry.atmosphere.dev/library/neutron:zed + neutron_l3: registry.atmosphere.dev/library/neutron:zed + neutron_linuxbridge_agent: registry.atmosphere.dev/library/neutron:zed + neutron_metadata: registry.atmosphere.dev/library/neutron:zed + neutron_netns_cleanup_cron: registry.atmosphere.dev/library/neutron:zed + neutron_openvswitch_agent: registry.atmosphere.dev/library/neutron:zed + neutron_ovn_metadata: registry.atmosphere.dev/library/neutron:zed + neutron_server: registry.atmosphere.dev/library/neutron:zed + neutron_sriov_agent_init: registry.atmosphere.dev/library/neutron:zed + neutron_sriov_agent: registry.atmosphere.dev/library/neutron:zed + node_feature_discovery: registry.k8s.io/nfd/node-feature-discovery:v0.11.2 + nova_api: registry.atmosphere.dev/library/nova:zed + nova_archive_deleted_rows: registry.atmosphere.dev/library/nova:zed + nova_cell_setup_init: registry.atmosphere.dev/library/heat:zed + nova_cell_setup: registry.atmosphere.dev/library/nova:zed + nova_compute_ironic: registry.atmosphere.dev/library/nova:zed + nova_compute_ssh: registry.atmosphere.dev/library/nova-ssh:zed + nova_compute: registry.atmosphere.dev/library/nova:zed + nova_conductor: registry.atmosphere.dev/library/nova:zed + nova_consoleauth: registry.atmosphere.dev/library/nova:zed + nova_db_sync: registry.atmosphere.dev/library/nova:zed + nova_novncproxy_assets: registry.atmosphere.dev/library/nova:zed + nova_novncproxy: registry.atmosphere.dev/library/nova:zed + nova_placement: registry.atmosphere.dev/library/nova:zed + nova_scheduler: registry.atmosphere.dev/library/nova:zed + nova_service_cleaner: registry.atmosphere.dev/library/heat:zed + nova_spiceproxy_assets: registry.atmosphere.dev/library/nova:zed + nova_spiceproxy: registry.atmosphere.dev/library/nova:zed + oauth2_proxy: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0 + octavia_api: registry.atmosphere.dev/library/octavia:zed + octavia_db_sync: registry.atmosphere.dev/library/octavia:zed + octavia_health_manager_init: registry.atmosphere.dev/library/heat:zed + octavia_health_manager: registry.atmosphere.dev/library/octavia:zed + octavia_housekeeping: registry.atmosphere.dev/library/octavia:zed + octavia_worker: registry.atmosphere.dev/library/octavia:zed + openvswitch_db_server: registry.atmosphere.dev/library/openvswitch:zed + openvswitch_vswitchd: registry.atmosphere.dev/library/openvswitch:zed + ovn_controller: registry.atmosphere.dev/library/ovn-host:zed + ovn_northd: registry.atmosphere.dev/library/ovn-central:zed + ovn_ovsdb_nb: registry.atmosphere.dev/library/ovn-central:zed + ovn_ovsdb_sb: registry.atmosphere.dev/library/ovn-central:zed + pause: registry.k8s.io/pause:3.9 + percona_xtradb_cluster_haproxy: docker.io/percona/percona-xtradb-cluster-operator:1.13.0-haproxy + percona_xtradb_cluster_operator: docker.io/percona/percona-xtradb-cluster-operator:1.13.0 + percona_xtradb_cluster: docker.io/percona/percona-xtradb-cluster:8.0.32-24.2 + percona_version_service: docker.io/perconalab/version-service:main-3325140 + placement_db_sync: registry.atmosphere.dev/library/placement:zed + placement: registry.atmosphere.dev/library/placement:zed + prometheus_config_reloader: quay.io/prometheus-operator/prometheus-config-reloader:v0.71.2 + prometheus_ipmi_exporter: us-docker.pkg.dev/vexxhost-infra/openstack/ipmi-exporter:1.4.0 + prometheus_memcached_exporter: quay.io/prometheus/memcached-exporter:v0.10.0 + prometheus_mysqld_exporter: quay.io/prometheus/mysqld-exporter:v0.14.0 + prometheus_node_exporter: quay.io/prometheus/node-exporter:v1.7.0 + prometheus_openstack_database_exporter: ghcr.io/vexxhost/openstack-database-exporter:v0.2.0 + prometheus_openstack_exporter: ghcr.io/openstack-exporter/openstack-exporter:1.7.0 + prometheus_operator_kube_webhook_certgen: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20221220-controller-v1.5.1-58-g787ea74b6 + prometheus_operator: quay.io/prometheus-operator/prometheus-operator:v0.71.2 + prometheus_pushgateway: docker.io/prom/pushgateway:v1.4.2 + prometheus: quay.io/prometheus/prometheus:v2.49.1 + rabbit_init: docker.io/library/rabbitmq:3.10.2-management + rabbitmq_cluster_operator: docker.io/rabbitmqoperator/cluster-operator:1.13.1 + rabbitmq_credential_updater: docker.io/rabbitmqoperator/default-user-credential-updater:1.0.2 + rabbitmq_server: docker.io/library/rabbitmq:3.10.2-management + rabbitmq_topology_operator: docker.io/rabbitmqoperator/messaging-topology-operator:1.6.0 + rook_ceph: docker.io/rook/ceph:v1.10.10 secretgen_controller: ghcr.io/carvel-dev/secretgen-controller@sha256:59ec05ce5847bfd70c8e04f08b5195e918c8f6fbb947ffc91b456494a2958fd5 - senlin_api: ghcr.io/vexxhost/atmosphere/senlin:2023.2@sha256:fe825c07a9e4fb17282b47f978c3d3254e990352d55e359f51dd3d7f198b4f55 - senlin_conductor: ghcr.io/vexxhost/atmosphere/senlin:2023.2@sha256:fe825c07a9e4fb17282b47f978c3d3254e990352d55e359f51dd3d7f198b4f55 - senlin_db_sync: ghcr.io/vexxhost/atmosphere/senlin:2023.2@sha256:fe825c07a9e4fb17282b47f978c3d3254e990352d55e359f51dd3d7f198b4f55 - senlin_engine_cleaner: ghcr.io/vexxhost/atmosphere/senlin:2023.2@sha256:fe825c07a9e4fb17282b47f978c3d3254e990352d55e359f51dd3d7f198b4f55 - senlin_engine: ghcr.io/vexxhost/atmosphere/senlin:2023.2@sha256:fe825c07a9e4fb17282b47f978c3d3254e990352d55e359f51dd3d7f198b4f55 - senlin_health_manager: ghcr.io/vexxhost/atmosphere/senlin:2023.2@sha256:fe825c07a9e4fb17282b47f978c3d3254e990352d55e359f51dd3d7f198b4f55 - staffeln_db_sync: ghcr.io/vexxhost/atmosphere/staffeln:v2.2.3@sha256:9e6e65c11c6722a6fb76d876fac408570f6dc5d78eb6112d9a90b4f6bb88242c - staffeln_conductor: ghcr.io/vexxhost/atmosphere/staffeln:v2.2.3@sha256:9e6e65c11c6722a6fb76d876fac408570f6dc5d78eb6112d9a90b4f6bb88242c - staffeln_api: ghcr.io/vexxhost/atmosphere/staffeln:v2.2.3@sha256:9e6e65c11c6722a6fb76d876fac408570f6dc5d78eb6112d9a90b4f6bb88242c - tempest_run_tests: ghcr.io/vexxhost/atmosphere/tempest:master@sha256:fb60541043884a5f5850ad225a3ff989bf667edc034ab5767f15109afc00b5dc - vector: docker.io/timberio/vector:0.27.0-debian@sha256:29f23dab76fa306b67b10eac3e9decdb01c906f8aa3b00a2f5b2e8ae088b84e0 + senlin_api: registry.atmosphere.dev/library/senlin:zed + senlin_conductor: registry.atmosphere.dev/library/senlin:zed + senlin_db_sync: registry.atmosphere.dev/library/senlin:zed + senlin_engine_cleaner: registry.atmosphere.dev/library/senlin:zed + senlin_engine: registry.atmosphere.dev/library/senlin:zed + senlin_health_manager: registry.atmosphere.dev/library/senlin:zed + staffeln_db_sync: registry.atmosphere.dev/library/staffeln:zed + staffeln_conductor: registry.atmosphere.dev/library/staffeln:zed + staffeln_api: registry.atmosphere.dev/library/staffeln:zed + tempest_run_tests: registry.atmosphere.dev/library/tempest:zed + vector: docker.io/timberio/vector:0.27.0-debian atmosphere_images: '{{ _atmosphere_images | combine(atmosphere_image_overrides, recursive=True) }}' diff --git a/zuul.d/container-images/barbican.yaml b/zuul.d/container-images/barbican.yaml new file mode 100644 index 000000000..15c371c40 --- /dev/null +++ b/zuul.d/container-images/barbican.yaml @@ -0,0 +1,80 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-barbican + gate: + jobs: + - atmosphere-upload-container-image-barbican + promote: + jobs: + - atmosphere-promote-container-image-barbican + +- job: + name: atmosphere-build-container-image-barbican + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-build-container-image-python-base + soft: true + - name: atmosphere-build-container-image-openstack-venv-builder + soft: true + - name: atmosphere-build-container-image-openstack-python-runtime + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-barbican + container_images: + - context: images/barbican + repository: registry.atmosphere.dev/library/barbican + arch: + - linux/amd64 + build_args: + - PROJECT=barbican + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/python-base/.* + - images/openstack-venv-builder/.* + - images/openstack-python-runtime/.* + - images/barbican/.* + +- job: + name: atmosphere-upload-container-image-barbican + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-upload-container-image-python-base + soft: true + - name: atmosphere-upload-container-image-openstack-venv-builder + soft: true + - name: atmosphere-upload-container-image-openstack-python-runtime + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-barbican + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/base.yaml b/zuul.d/container-images/base.yaml new file mode 100644 index 000000000..6e33526a9 --- /dev/null +++ b/zuul.d/container-images/base.yaml @@ -0,0 +1,65 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-buildset-registry + gate: + jobs: + - atmosphere-buildset-registry + +- job: + name: atmosphere-buildset-registry + parent: ci-buildset-registry + +- job: + name: atmosphere-build-container-image + parent: ci-build-container-image + abstract: true + dependencies: + - name: atmosphere-buildset-registry + soft: false + vars: &image_vars + container_command: docker + promote_container_image_method: intermediate-registry + buildset_registry_namespaces: + - ['docker.io', 'https://registry-1.docker.io'] + - ['quay.io', 'https://quay.io'] + - ['gcr.io', 'https://gcr.io'] + - ['registry.atmosphere.dev', 'https://registry.atmosphere.dev'] + +- job: + name: atmosphere-upload-container-image + parent: ci-upload-container-image + abstract: true + dependencies: + - name: atmosphere-buildset-registry + soft: false + secrets: + name: container_registry_credentials + secret: atmosphere-registry-credentials + pass-to-parent: true + vars: *image_vars + +- job: + name: atmosphere-promote-container-image + parent: ci-promote-container-image + secrets: + name: container_registry_credentials + secret: atmosphere-registry-credentials + pass-to-parent: true + nodeset: + nodes: [] + vars: *image_vars diff --git a/zuul.d/container-images/cinder.yaml b/zuul.d/container-images/cinder.yaml new file mode 100644 index 000000000..3878407f6 --- /dev/null +++ b/zuul.d/container-images/cinder.yaml @@ -0,0 +1,80 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-cinder + gate: + jobs: + - atmosphere-upload-container-image-cinder + promote: + jobs: + - atmosphere-promote-container-image-cinder + +- job: + name: atmosphere-build-container-image-cinder + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-build-container-image-python-base + soft: true + - name: atmosphere-build-container-image-openstack-venv-builder + soft: true + - name: atmosphere-build-container-image-openstack-python-runtime + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-cinder + container_images: + - context: images/cinder + repository: registry.atmosphere.dev/library/cinder + arch: + - linux/amd64 + build_args: + - PROJECT=cinder + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/python-base/.* + - images/openstack-venv-builder/.* + - images/openstack-python-runtime/.* + - images/cinder/.* + +- job: + name: atmosphere-upload-container-image-cinder + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-upload-container-image-python-base + soft: true + - name: atmosphere-upload-container-image-openstack-venv-builder + soft: true + - name: atmosphere-upload-container-image-openstack-python-runtime + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-cinder + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/cluster-api-provider-openstack.yaml b/zuul.d/container-images/cluster-api-provider-openstack.yaml new file mode 100644 index 000000000..5788c886f --- /dev/null +++ b/zuul.d/container-images/cluster-api-provider-openstack.yaml @@ -0,0 +1,51 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-cluster-api-provider-openstack + gate: + jobs: + - atmosphere-upload-container-image-cluster-api-provider-openstack + promote: + jobs: + - atmosphere-promote-container-image-cluster-api-provider-openstack + +- job: + name: atmosphere-build-container-image-cluster-api-provider-openstack + parent: atmosphere-build-container-image + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-cluster-api-provider-openstack + container_images: + - context: images/cluster-api-provider-openstack + repository: registry.atmosphere.dev/library/capi-openstack-controller + arch: + - linux/amd64 + tags: + - zed + files: &container_image_files + - images/cluster-api-provider-openstack/.* + +- job: + name: atmosphere-upload-container-image-cluster-api-provider-openstack + parent: atmosphere-upload-container-image + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-cluster-api-provider-openstack + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/designate.yaml b/zuul.d/container-images/designate.yaml new file mode 100644 index 000000000..eeb2fd199 --- /dev/null +++ b/zuul.d/container-images/designate.yaml @@ -0,0 +1,80 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-designate + gate: + jobs: + - atmosphere-upload-container-image-designate + promote: + jobs: + - atmosphere-promote-container-image-designate + +- job: + name: atmosphere-build-container-image-designate + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-build-container-image-python-base + soft: true + - name: atmosphere-build-container-image-openstack-venv-builder + soft: true + - name: atmosphere-build-container-image-openstack-python-runtime + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-designate + container_images: + - context: images/designate + repository: registry.atmosphere.dev/library/designate + arch: + - linux/amd64 + build_args: + - PROJECT=designate + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/python-base/.* + - images/openstack-venv-builder/.* + - images/openstack-python-runtime/.* + - images/designate/.* + +- job: + name: atmosphere-upload-container-image-designate + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-upload-container-image-python-base + soft: true + - name: atmosphere-upload-container-image-openstack-venv-builder + soft: true + - name: atmosphere-upload-container-image-openstack-python-runtime + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-designate + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/glance.yaml b/zuul.d/container-images/glance.yaml new file mode 100644 index 000000000..e2ec62c7e --- /dev/null +++ b/zuul.d/container-images/glance.yaml @@ -0,0 +1,80 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-glance + gate: + jobs: + - atmosphere-upload-container-image-glance + promote: + jobs: + - atmosphere-promote-container-image-glance + +- job: + name: atmosphere-build-container-image-glance + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-build-container-image-python-base + soft: true + - name: atmosphere-build-container-image-openstack-venv-builder + soft: true + - name: atmosphere-build-container-image-openstack-python-runtime + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-glance + container_images: + - context: images/glance + repository: registry.atmosphere.dev/library/glance + arch: + - linux/amd64 + build_args: + - PROJECT=glance + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/python-base/.* + - images/openstack-venv-builder/.* + - images/openstack-python-runtime/.* + - images/glance/.* + +- job: + name: atmosphere-upload-container-image-glance + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-upload-container-image-python-base + soft: true + - name: atmosphere-upload-container-image-openstack-venv-builder + soft: true + - name: atmosphere-upload-container-image-openstack-python-runtime + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-glance + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/heat.yaml b/zuul.d/container-images/heat.yaml new file mode 100644 index 000000000..549035691 --- /dev/null +++ b/zuul.d/container-images/heat.yaml @@ -0,0 +1,80 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-heat + gate: + jobs: + - atmosphere-upload-container-image-heat + promote: + jobs: + - atmosphere-promote-container-image-heat + +- job: + name: atmosphere-build-container-image-heat + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-build-container-image-python-base + soft: true + - name: atmosphere-build-container-image-openstack-venv-builder + soft: true + - name: atmosphere-build-container-image-openstack-python-runtime + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-heat + container_images: + - context: images/heat + repository: registry.atmosphere.dev/library/heat + arch: + - linux/amd64 + build_args: + - PROJECT=heat + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/python-base/.* + - images/openstack-venv-builder/.* + - images/openstack-python-runtime/.* + - images/heat/.* + +- job: + name: atmosphere-upload-container-image-heat + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-upload-container-image-python-base + soft: true + - name: atmosphere-upload-container-image-openstack-venv-builder + soft: true + - name: atmosphere-upload-container-image-openstack-python-runtime + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-heat + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/horizon.yaml b/zuul.d/container-images/horizon.yaml new file mode 100644 index 000000000..096d510cd --- /dev/null +++ b/zuul.d/container-images/horizon.yaml @@ -0,0 +1,80 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-horizon + gate: + jobs: + - atmosphere-upload-container-image-horizon + promote: + jobs: + - atmosphere-promote-container-image-horizon + +- job: + name: atmosphere-build-container-image-horizon + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-build-container-image-python-base + soft: true + - name: atmosphere-build-container-image-openstack-venv-builder + soft: true + - name: atmosphere-build-container-image-openstack-python-runtime + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-horizon + container_images: + - context: images/horizon + repository: registry.atmosphere.dev/library/horizon + arch: + - linux/amd64 + build_args: + - PROJECT=horizon + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/python-base/.* + - images/openstack-venv-builder/.* + - images/openstack-python-runtime/.* + - images/horizon/.* + +- job: + name: atmosphere-upload-container-image-horizon + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-upload-container-image-python-base + soft: true + - name: atmosphere-upload-container-image-openstack-venv-builder + soft: true + - name: atmosphere-upload-container-image-openstack-python-runtime + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-horizon + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/ironic.yaml b/zuul.d/container-images/ironic.yaml new file mode 100644 index 000000000..872780787 --- /dev/null +++ b/zuul.d/container-images/ironic.yaml @@ -0,0 +1,80 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-ironic + gate: + jobs: + - atmosphere-upload-container-image-ironic + promote: + jobs: + - atmosphere-promote-container-image-ironic + +- job: + name: atmosphere-build-container-image-ironic + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-build-container-image-python-base + soft: true + - name: atmosphere-build-container-image-openstack-venv-builder + soft: true + - name: atmosphere-build-container-image-openstack-python-runtime + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-ironic + container_images: + - context: images/ironic + repository: registry.atmosphere.dev/library/ironic + arch: + - linux/amd64 + build_args: + - PROJECT=ironic + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/python-base/.* + - images/openstack-venv-builder/.* + - images/openstack-python-runtime/.* + - images/ironic/.* + +- job: + name: atmosphere-upload-container-image-ironic + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-upload-container-image-python-base + soft: true + - name: atmosphere-upload-container-image-openstack-venv-builder + soft: true + - name: atmosphere-upload-container-image-openstack-python-runtime + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-ironic + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/keystone.yaml b/zuul.d/container-images/keystone.yaml new file mode 100644 index 000000000..2c832231a --- /dev/null +++ b/zuul.d/container-images/keystone.yaml @@ -0,0 +1,80 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-keystone + gate: + jobs: + - atmosphere-upload-container-image-keystone + promote: + jobs: + - atmosphere-promote-container-image-keystone + +- job: + name: atmosphere-build-container-image-keystone + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-build-container-image-python-base + soft: true + - name: atmosphere-build-container-image-openstack-venv-builder + soft: true + - name: atmosphere-build-container-image-openstack-python-runtime + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-keystone + container_images: + - context: images/keystone + repository: registry.atmosphere.dev/library/keystone + arch: + - linux/amd64 + build_args: + - PROJECT=keystone + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/python-base/.* + - images/openstack-venv-builder/.* + - images/openstack-python-runtime/.* + - images/keystone/.* + +- job: + name: atmosphere-upload-container-image-keystone + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-upload-container-image-python-base + soft: true + - name: atmosphere-upload-container-image-openstack-venv-builder + soft: true + - name: atmosphere-upload-container-image-openstack-python-runtime + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-keystone + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/kubernetes-entrypoint.yaml b/zuul.d/container-images/kubernetes-entrypoint.yaml new file mode 100644 index 000000000..40ec23a63 --- /dev/null +++ b/zuul.d/container-images/kubernetes-entrypoint.yaml @@ -0,0 +1,51 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-kubernetes-entrypoint + gate: + jobs: + - atmosphere-upload-container-image-kubernetes-entrypoint + promote: + jobs: + - atmosphere-promote-container-image-kubernetes-entrypoint + +- job: + name: atmosphere-build-container-image-kubernetes-entrypoint + parent: atmosphere-build-container-image + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-kubernetes-entrypoint + container_images: + - context: images/kubernetes-entrypoint + repository: registry.atmosphere.dev/library/kubernetes-entrypoint + arch: + - linux/amd64 + tags: + - zed + files: &container_image_files + - images/kubernetes-entrypoint/.* + +- job: + name: atmosphere-upload-container-image-kubernetes-entrypoint + parent: atmosphere-upload-container-image + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-kubernetes-entrypoint + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/libvirt-tls-sidecar.yaml b/zuul.d/container-images/libvirt-tls-sidecar.yaml new file mode 100644 index 000000000..a3e475762 --- /dev/null +++ b/zuul.d/container-images/libvirt-tls-sidecar.yaml @@ -0,0 +1,56 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-libvirt-tls-sidecar + gate: + jobs: + - atmosphere-upload-container-image-libvirt-tls-sidecar + promote: + jobs: + - atmosphere-promote-container-image-libvirt-tls-sidecar + +- job: + name: atmosphere-build-container-image-libvirt-tls-sidecar + parent: atmosphere-build-container-image + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-libvirt-tls-sidecar + container_images: + - context: . + target: libvirt-tls-sidecar + repository: registry.atmosphere.dev/library/libvirt-tls-sidecar + arch: + - linux/amd64 + tags: + - zed + files: &container_image_files + - go.mod + - go.sum + - cmd/.* + - internal/.* + - Dockerfile + +- job: + name: atmosphere-upload-container-image-libvirt-tls-sidecar + parent: atmosphere-upload-container-image + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-libvirt-tls-sidecar + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/libvirtd.yaml b/zuul.d/container-images/libvirtd.yaml new file mode 100644 index 000000000..6713e4ba9 --- /dev/null +++ b/zuul.d/container-images/libvirtd.yaml @@ -0,0 +1,69 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-libvirtd + gate: + jobs: + - atmosphere-upload-container-image-libvirtd + promote: + jobs: + - atmosphere-promote-container-image-libvirtd + +- job: + name: atmosphere-build-container-image-libvirtd + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-build-container-image-openstack-runtime + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-libvirtd + container_images: + - context: images/libvirtd + repository: registry.atmosphere.dev/library/libvirtd + arch: + - linux/amd64 + build_args: + - PROJECT=nova + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/openstack-runtime/.* + +- job: + name: atmosphere-upload-container-image-libvirtd + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-upload-container-image-openstack-runtime + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-libvirtd + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/magnum.yaml b/zuul.d/container-images/magnum.yaml new file mode 100644 index 000000000..96eb257a3 --- /dev/null +++ b/zuul.d/container-images/magnum.yaml @@ -0,0 +1,80 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-magnum + gate: + jobs: + - atmosphere-upload-container-image-magnum + promote: + jobs: + - atmosphere-promote-container-image-magnum + +- job: + name: atmosphere-build-container-image-magnum + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-build-container-image-python-base + soft: true + - name: atmosphere-build-container-image-openstack-venv-builder + soft: true + - name: atmosphere-build-container-image-openstack-python-runtime + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-magnum + container_images: + - context: images/magnum + repository: registry.atmosphere.dev/library/magnum + arch: + - linux/amd64 + build_args: + - PROJECT=magnum + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/python-base/.* + - images/openstack-venv-builder/.* + - images/openstack-python-runtime/.* + - images/magnum/.* + +- job: + name: atmosphere-upload-container-image-magnum + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-upload-container-image-python-base + soft: true + - name: atmosphere-upload-container-image-openstack-venv-builder + soft: true + - name: atmosphere-upload-container-image-openstack-python-runtime + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-magnum + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/manila.yaml b/zuul.d/container-images/manila.yaml new file mode 100644 index 000000000..11bca9364 --- /dev/null +++ b/zuul.d/container-images/manila.yaml @@ -0,0 +1,80 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-manila + gate: + jobs: + - atmosphere-upload-container-image-manila + promote: + jobs: + - atmosphere-promote-container-image-manila + +- job: + name: atmosphere-build-container-image-manila + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-build-container-image-python-base + soft: true + - name: atmosphere-build-container-image-openstack-venv-builder + soft: true + - name: atmosphere-build-container-image-openstack-python-runtime + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-manila + container_images: + - context: images/manila + repository: registry.atmosphere.dev/library/manila + arch: + - linux/amd64 + build_args: + - PROJECT=manila + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/python-base/.* + - images/openstack-venv-builder/.* + - images/openstack-python-runtime/.* + - images/manila/.* + +- job: + name: atmosphere-upload-container-image-manila + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-upload-container-image-python-base + soft: true + - name: atmosphere-upload-container-image-openstack-venv-builder + soft: true + - name: atmosphere-upload-container-image-openstack-python-runtime + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-manila + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/netoffload.yaml b/zuul.d/container-images/netoffload.yaml new file mode 100644 index 000000000..0d8fde1c2 --- /dev/null +++ b/zuul.d/container-images/netoffload.yaml @@ -0,0 +1,51 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-netoffload + gate: + jobs: + - atmosphere-upload-container-image-netoffload + promote: + jobs: + - atmosphere-promote-container-image-netoffload + +- job: + name: atmosphere-build-container-image-netoffload + parent: atmosphere-build-container-image + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-netoffload + container_images: + - context: images/netoffload + repository: registry.atmosphere.dev/library/netoffload + arch: + - linux/amd64 + tags: + - zed + files: &container_image_files + - images/netoffload/.* + +- job: + name: atmosphere-upload-container-image-netoffload + parent: atmosphere-upload-container-image + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-netoffload + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/neutron.yaml b/zuul.d/container-images/neutron.yaml new file mode 100644 index 000000000..2c46f2adb --- /dev/null +++ b/zuul.d/container-images/neutron.yaml @@ -0,0 +1,80 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-neutron + gate: + jobs: + - atmosphere-upload-container-image-neutron + promote: + jobs: + - atmosphere-promote-container-image-neutron + +- job: + name: atmosphere-build-container-image-neutron + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-build-container-image-python-base + soft: true + - name: atmosphere-build-container-image-openstack-venv-builder + soft: true + - name: atmosphere-build-container-image-openstack-python-runtime + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-neutron + container_images: + - context: images/neutron + repository: registry.atmosphere.dev/library/neutron + arch: + - linux/amd64 + build_args: + - PROJECT=neutron + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/python-base/.* + - images/openstack-venv-builder/.* + - images/openstack-python-runtime/.* + - images/neutron/.* + +- job: + name: atmosphere-upload-container-image-neutron + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-upload-container-image-python-base + soft: true + - name: atmosphere-upload-container-image-openstack-venv-builder + soft: true + - name: atmosphere-upload-container-image-openstack-python-runtime + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-neutron + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/nova-ssh.yaml b/zuul.d/container-images/nova-ssh.yaml new file mode 100644 index 000000000..68a40c7f2 --- /dev/null +++ b/zuul.d/container-images/nova-ssh.yaml @@ -0,0 +1,70 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-nova-ssh + gate: + jobs: + - atmosphere-upload-container-image-nova-ssh + promote: + jobs: + - atmosphere-promote-container-image-nova-ssh + +- job: + name: atmosphere-build-container-image-nova-ssh + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-build-container-image-openstack-runtime + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-nova-ssh + container_images: + - context: images/nova-ssh + repository: registry.atmosphere.dev/library/nova-ssh + arch: + - linux/amd64 + build_args: + - PROJECT=nova + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/openstack-runtime/.* + - images/nova-ssh/.* + +- job: + name: atmosphere-upload-container-image-nova-ssh + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-upload-container-image-openstack-runtime + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-nova-ssh + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/nova.yaml b/zuul.d/container-images/nova.yaml new file mode 100644 index 000000000..b78c251d8 --- /dev/null +++ b/zuul.d/container-images/nova.yaml @@ -0,0 +1,80 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-nova + gate: + jobs: + - atmosphere-upload-container-image-nova + promote: + jobs: + - atmosphere-promote-container-image-nova + +- job: + name: atmosphere-build-container-image-nova + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-build-container-image-python-base + soft: true + - name: atmosphere-build-container-image-openstack-venv-builder + soft: true + - name: atmosphere-build-container-image-openstack-python-runtime + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-nova + container_images: + - context: images/nova + repository: registry.atmosphere.dev/library/nova + arch: + - linux/amd64 + build_args: + - PROJECT=nova + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/python-base/.* + - images/openstack-venv-builder/.* + - images/openstack-python-runtime/.* + - images/nova/.* + +- job: + name: atmosphere-upload-container-image-nova + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-upload-container-image-python-base + soft: true + - name: atmosphere-upload-container-image-openstack-venv-builder + soft: true + - name: atmosphere-upload-container-image-openstack-python-runtime + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-nova + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/octavia.yaml b/zuul.d/container-images/octavia.yaml new file mode 100644 index 000000000..1fc3a46bf --- /dev/null +++ b/zuul.d/container-images/octavia.yaml @@ -0,0 +1,80 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-octavia + gate: + jobs: + - atmosphere-upload-container-image-octavia + promote: + jobs: + - atmosphere-promote-container-image-octavia + +- job: + name: atmosphere-build-container-image-octavia + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-build-container-image-python-base + soft: true + - name: atmosphere-build-container-image-openstack-venv-builder + soft: true + - name: atmosphere-build-container-image-openstack-python-runtime + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-octavia + container_images: + - context: images/octavia + repository: registry.atmosphere.dev/library/octavia + arch: + - linux/amd64 + build_args: + - PROJECT=octavia + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/python-base/.* + - images/openstack-venv-builder/.* + - images/openstack-python-runtime/.* + - images/octavia/.* + +- job: + name: atmosphere-upload-container-image-octavia + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-upload-container-image-python-base + soft: true + - name: atmosphere-upload-container-image-openstack-venv-builder + soft: true + - name: atmosphere-upload-container-image-openstack-python-runtime + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-octavia + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/openstack-python-runtime.yaml b/zuul.d/container-images/openstack-python-runtime.yaml new file mode 100644 index 000000000..efb1efa3e --- /dev/null +++ b/zuul.d/container-images/openstack-python-runtime.yaml @@ -0,0 +1,70 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-openstack-python-runtime + gate: + jobs: + - atmosphere-upload-container-image-openstack-python-runtime + promote: + jobs: + - atmosphere-promote-container-image-openstack-python-runtime + +- job: + name: atmosphere-build-container-image-openstack-python-runtime + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-build-container-image-python-base + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-openstack-python-runtime + container_images: + - context: images/openstack-runtime + repository: registry.atmosphere.dev/library/openstack-python-runtime + arch: + - linux/amd64 + build_args: + - FROM=registry.atmosphere.dev/library/python-base:zed + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/python-base/.* + - images/openstack-runtime/.* + +- job: + name: atmosphere-upload-container-image-openstack-python-runtime + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-upload-container-image-python-base + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-openstack-python-runtime + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/openstack-runtime.yaml b/zuul.d/container-images/openstack-runtime.yaml new file mode 100644 index 000000000..379074ae6 --- /dev/null +++ b/zuul.d/container-images/openstack-runtime.yaml @@ -0,0 +1,63 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-openstack-runtime + gate: + jobs: + - atmosphere-upload-container-image-openstack-runtime + promote: + jobs: + - atmosphere-promote-container-image-openstack-runtime + +- job: + name: atmosphere-build-container-image-openstack-runtime + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-openstack-runtime + container_images: + - context: images/openstack-runtime + repository: registry.atmosphere.dev/library/openstack-runtime + arch: + - linux/amd64 + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/openstack-runtime/.* + +- job: + name: atmosphere-upload-container-image-openstack-runtime + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-openstack-runtime + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/openstack-venv-builder.yaml b/zuul.d/container-images/openstack-venv-builder.yaml new file mode 100644 index 000000000..376d68e38 --- /dev/null +++ b/zuul.d/container-images/openstack-venv-builder.yaml @@ -0,0 +1,68 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-openstack-venv-builder + gate: + jobs: + - atmosphere-upload-container-image-openstack-venv-builder + promote: + jobs: + - atmosphere-promote-container-image-openstack-venv-builder + +- job: + name: atmosphere-build-container-image-openstack-venv-builder + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-build-container-image-python-base + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-openstack-venv-builder + container_images: + - context: images/openstack-venv-builder + repository: registry.atmosphere.dev/library/openstack-venv-builder + arch: + - linux/amd64 + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/python-base/.* + - images/openstack-venv-builder/.* + +- job: + name: atmosphere-upload-container-image-openstack-venv-builder + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-upload-container-image-python-base + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-openstack-venv-builder + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/openvswitch.yaml b/zuul.d/container-images/openvswitch.yaml new file mode 100644 index 000000000..29383813f --- /dev/null +++ b/zuul.d/container-images/openvswitch.yaml @@ -0,0 +1,51 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-openvswitch + gate: + jobs: + - atmosphere-upload-container-image-openvswitch + promote: + jobs: + - atmosphere-promote-container-image-openvswitch + +- job: + name: atmosphere-build-container-image-openvswitch + parent: atmosphere-build-container-image + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-openvswitch + container_images: + - context: images/openvswitch + repository: registry.atmosphere.dev/library/openvswitch + arch: + - linux/amd64 + tags: + - zed + files: &container_image_files + - images/openvswitch/.* + +- job: + name: atmosphere-upload-container-image-openvswitch + parent: atmosphere-upload-container-image + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-openvswitch + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/ovn.yaml b/zuul.d/container-images/ovn.yaml new file mode 100644 index 000000000..6650af8a8 --- /dev/null +++ b/zuul.d/container-images/ovn.yaml @@ -0,0 +1,68 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-ovn + gate: + jobs: + - atmosphere-upload-container-image-ovn + promote: + jobs: + - atmosphere-promote-container-image-ovn + +- job: + name: atmosphere-build-container-image-ovn + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-openvswitch + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-ovn + container_images: + - context: images/ovn + repository: registry.atmosphere.dev/library/ovn-central + arch: + - linux/amd64 + build_args: + - OVN_COMPONENT=central + tags: + - zed + - context: images/ovn + repository: registry.atmosphere.dev/library/ovn-host + arch: + - linux/amd64 + build_args: + - OVN_COMPONENT=host + tags: + - zed + files: &container_image_files + - images/openvswitch/.* + - images/ovn/.* + +- job: + name: atmosphere-upload-container-image-ovn + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-openvswitch + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-ovn + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/placement.yaml b/zuul.d/container-images/placement.yaml new file mode 100644 index 000000000..f4fbd800b --- /dev/null +++ b/zuul.d/container-images/placement.yaml @@ -0,0 +1,80 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-placement + gate: + jobs: + - atmosphere-upload-container-image-placement + promote: + jobs: + - atmosphere-promote-container-image-placement + +- job: + name: atmosphere-build-container-image-placement + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-build-container-image-python-base + soft: true + - name: atmosphere-build-container-image-openstack-venv-builder + soft: true + - name: atmosphere-build-container-image-openstack-python-runtime + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-placement + container_images: + - context: images/placement + repository: registry.atmosphere.dev/library/placement + arch: + - linux/amd64 + build_args: + - PROJECT=placement + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/python-base/.* + - images/openstack-venv-builder/.* + - images/openstack-python-runtime/.* + - images/placement/.* + +- job: + name: atmosphere-upload-container-image-placement + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-upload-container-image-python-base + soft: true + - name: atmosphere-upload-container-image-openstack-venv-builder + soft: true + - name: atmosphere-upload-container-image-openstack-python-runtime + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-placement + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/python-base.yaml b/zuul.d/container-images/python-base.yaml new file mode 100644 index 000000000..22fef491f --- /dev/null +++ b/zuul.d/container-images/python-base.yaml @@ -0,0 +1,63 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-python-base + gate: + jobs: + - atmosphere-upload-container-image-python-base + promote: + jobs: + - atmosphere-promote-container-image-python-base + +- job: + name: atmosphere-build-container-image-python-base + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-python-base + container_images: + - context: images/python-base + repository: registry.atmosphere.dev/library/python-base + arch: + - linux/amd64 + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/python-base/.* + +- job: + name: atmosphere-upload-container-image-python-base + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-python-base + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/senlin.yaml b/zuul.d/container-images/senlin.yaml new file mode 100644 index 000000000..fb77c5d4c --- /dev/null +++ b/zuul.d/container-images/senlin.yaml @@ -0,0 +1,80 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-senlin + gate: + jobs: + - atmosphere-upload-container-image-senlin + promote: + jobs: + - atmosphere-promote-container-image-senlin + +- job: + name: atmosphere-build-container-image-senlin + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-build-container-image-python-base + soft: true + - name: atmosphere-build-container-image-openstack-venv-builder + soft: true + - name: atmosphere-build-container-image-openstack-python-runtime + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-senlin + container_images: + - context: images/senlin + repository: registry.atmosphere.dev/library/senlin + arch: + - linux/amd64 + build_args: + - PROJECT=senlin + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/python-base/.* + - images/openstack-venv-builder/.* + - images/openstack-python-runtime/.* + - images/senlin/.* + +- job: + name: atmosphere-upload-container-image-senlin + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-upload-container-image-python-base + soft: true + - name: atmosphere-upload-container-image-openstack-venv-builder + soft: true + - name: atmosphere-upload-container-image-openstack-python-runtime + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-senlin + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/staffeln.yaml b/zuul.d/container-images/staffeln.yaml new file mode 100644 index 000000000..5cf8deedf --- /dev/null +++ b/zuul.d/container-images/staffeln.yaml @@ -0,0 +1,80 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-staffeln + gate: + jobs: + - atmosphere-upload-container-image-staffeln + promote: + jobs: + - atmosphere-promote-container-image-staffeln + +- job: + name: atmosphere-build-container-image-staffeln + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-build-container-image-python-base + soft: true + - name: atmosphere-build-container-image-openstack-venv-builder + soft: true + - name: atmosphere-build-container-image-openstack-python-runtime + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-staffeln + container_images: + - context: images/staffeln + repository: registry.atmosphere.dev/library/staffeln + arch: + - linux/amd64 + build_args: + - PROJECT=staffeln + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/python-base/.* + - images/openstack-venv-builder/.* + - images/openstack-python-runtime/.* + - images/staffeln/.* + +- job: + name: atmosphere-upload-container-image-staffeln + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-upload-container-image-python-base + soft: true + - name: atmosphere-upload-container-image-openstack-venv-builder + soft: true + - name: atmosphere-upload-container-image-openstack-python-runtime + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-staffeln + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/tempest.yaml b/zuul.d/container-images/tempest.yaml new file mode 100644 index 000000000..86cf038e1 --- /dev/null +++ b/zuul.d/container-images/tempest.yaml @@ -0,0 +1,80 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-tempest + gate: + jobs: + - atmosphere-upload-container-image-tempest + promote: + jobs: + - atmosphere-promote-container-image-tempest + +- job: + name: atmosphere-build-container-image-tempest + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-build-container-image-python-base + soft: true + - name: atmosphere-build-container-image-openstack-venv-builder + soft: true + - name: atmosphere-build-container-image-openstack-python-runtime + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-tempest + container_images: + - context: images/tempest + repository: registry.atmosphere.dev/library/tempest + arch: + - linux/amd64 + build_args: + - PROJECT=tempest + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/python-base/.* + - images/openstack-venv-builder/.* + - images/openstack-python-runtime/.* + - images/tempest/.* + +- job: + name: atmosphere-upload-container-image-tempest + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-upload-container-image-python-base + soft: true + - name: atmosphere-upload-container-image-openstack-venv-builder + soft: true + - name: atmosphere-upload-container-image-openstack-python-runtime + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-tempest + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/ubuntu-cloud-archive.yaml b/zuul.d/container-images/ubuntu-cloud-archive.yaml new file mode 100644 index 000000000..fc10eab4d --- /dev/null +++ b/zuul.d/container-images/ubuntu-cloud-archive.yaml @@ -0,0 +1,58 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-ubuntu-cloud-archive + gate: + jobs: + - atmosphere-upload-container-image-ubuntu-cloud-archive + promote: + jobs: + - atmosphere-promote-container-image-ubuntu-cloud-archive + +- job: + name: atmosphere-build-container-image-ubuntu-cloud-archive + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-ubuntu-cloud-archive + container_images: + - context: images/ubuntu-cloud-archive + repository: registry.atmosphere.dev/library/ubuntu-cloud-archive + arch: + - linux/amd64 + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + +- job: + name: atmosphere-upload-container-image-ubuntu-cloud-archive + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-ubuntu-cloud-archive + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/ubuntu.yaml b/zuul.d/container-images/ubuntu.yaml new file mode 100644 index 000000000..466079ad3 --- /dev/null +++ b/zuul.d/container-images/ubuntu.yaml @@ -0,0 +1,51 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-ubuntu + gate: + jobs: + - atmosphere-upload-container-image-ubuntu + promote: + jobs: + - atmosphere-promote-container-image-ubuntu + +- job: + name: atmosphere-build-container-image-ubuntu + parent: atmosphere-build-container-image + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-ubuntu + container_images: + - context: images/ubuntu + repository: registry.atmosphere.dev/library/ubuntu + arch: + - linux/amd64 + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + +- job: + name: atmosphere-upload-container-image-ubuntu + parent: atmosphere-upload-container-image + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-ubuntu + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml index 9a3382883..0ba4adb06 100644 --- a/zuul.d/jobs.yaml +++ b/zuul.d/jobs.yaml @@ -12,20 +12,6 @@ # License for the specific language governing permissions and limitations # under the License. -- job: - name: atmosphere-buildset-registry - pre-run: zuul.d/playbooks/buildset-registry/pre.yml - run: zuul.d/playbooks/buildset-registry/run.yml - ansible-split-streams: true - -- job: - name: atmosphere-upload-images - parent: atmosphere-buildset-registry - run: zuul.d/playbooks/buildset-registry/run.yml - secrets: - - registry_credentials - - cosign_key - - job: name: atmosphere-molecule parent: tox @@ -33,15 +19,6 @@ pre-run: zuul.d/playbooks/molecule/pre.yml run: zuul.d/playbooks/molecule/run.yml post-run: zuul.d/playbooks/molecule/post.yml - dependencies: - - atmosphere-buildset-registry - -- job: - name: atmosphere-molecule-keycloak - parent: atmosphere-molecule - pre-run: zuul.d/playbooks/molecule-keycloak/pre.yml - vars: - tox_envlist: molecule-keycloak - job: name: atmosphere-molecule-csi @@ -64,11 +41,22 @@ name: atmosphere-molecule-aio parent: atmosphere-molecule abstract: true - timeout: 7200 pre-run: zuul.d/playbooks/molecule-aio/pre.yml post-run: zuul.d/playbooks/molecule-aio/post.yml roles: - zuul: openstack/openstack-helm-infra + +- job: + name: atmosphere-molecule-aio-keycloak + parent: atmosphere-molecule-aio + vars: + tox_envlist: molecule-keycloak + +- job: + name: atmosphere-molecule-aio-full + parent: atmosphere-molecule-aio + abstract: true + timeout: 7200 nodeset: nodes: - name: ubuntu-jammy @@ -76,13 +64,13 @@ - job: name: atmosphere-molecule-aio-openvswitch - parent: atmosphere-molecule-aio + parent: atmosphere-molecule-aio-full vars: tox_envlist: molecule-aio-openvswitch - job: name: atmosphere-molecule-aio-ovn - parent: atmosphere-molecule-aio + parent: atmosphere-molecule-aio-full # NOTE(mnaser): https://github.com/vexxhost/atmosphere/issues/662 voting: false vars: diff --git a/zuul.d/playbooks/buildset-registry/run.yml b/zuul.d/playbooks/buildset-registry/run.yml deleted file mode 100644 index 7f8118c21..000000000 --- a/zuul.d/playbooks/buildset-registry/run.yml +++ /dev/null @@ -1,159 +0,0 @@ -# Copyright (c) 2024 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Build images - hosts: all - tasks: - # NOTE(mnaser): This can be removed once the following merges - # https://review.opendev.org/c/zuul/zuul-jobs/+/915025 - - name: Load "buildset_registry" fact - block: - - name: Check for results.json - stat: - path: "{{ zuul.executor.result_data_file }}" - register: result_json_stat - delegate_to: localhost - - name: Load information from zuul_return - no_log: true - set_fact: - buildset_registry: "{{ (lookup('file', zuul.executor.result_data_file) | from_json)['secret_data']['buildset_registry'] }}" - when: - - buildset_registry is not defined - - result_json_stat.stat.exists - - result_json_stat.stat.size > 0 - - "'buildset_registry' in (lookup('file', zuul.executor.result_data_file) | from_json).get('secret_data')" - - - name: Configure Buildkit certificates - when: buildset_registry is defined and buildset_registry.cert - become: true - block: - - name: Create a folder for the certificates - ansible.builtin.file: - path: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}" - state: directory - - name: Copy the certificate - ansible.builtin.copy: - content: "{{ buildset_registry.cert }}" - dest: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/ca.crt" - - name: Create a buildkitd.toml file - ansible.builtin.copy: - dest: /etc/buildkitd.toml - content: | - [registry."{{ buildset_registry.host }}:{{ buildset_registry.port }}"] - ca=["/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/ca.crt"] - - - name: Create builder - ansible.builtin.shell: docker buildx create --name=atmosphere --driver=docker-container {% if buildset_registry.cert %}--config /etc/buildkitd.toml{% endif %} - - - name: Point registry to Atmosphere if in post pipeline - when: zuul.pipeline == 'post' - no_log: true - ansible.builtin.set_fact: - buildset_registry: - host: registry.atmosphere.dev - port: 443 - username: "{{ registry_credentials.username }}" - password: "{{ registry_credentials.password }}" - - - name: Log into registry - docker_login: - registry: "{{ buildset_registry.host }}{% if buildset_registry.port != 443 %}:{{ buildset_registry.port }}{% endif %}" - username: "{{ buildset_registry.username }}" - password: "{{ buildset_registry.password }}" - - - name: Build images - ansible.builtin.shell: | - docker buildx bake --builder=atmosphere --provenance --sbom=true --push - args: - chdir: "{{ zuul.project.src_dir }}" - environment: - REGISTRY: "{{ buildset_registry.host }}{% if buildset_registry.port != 443 %}:{{ buildset_registry.port }}{% endif %}/library" - PUSH_TO_CACHE: "{{ zuul.pipeline == 'post' }}" - - - name: Get list of images built - ansible.builtin.shell: docker buildx bake --print - args: - chdir: "{{ zuul.project.src_dir }}" - environment: - REGISTRY: "{{ buildset_registry.host }}{% if buildset_registry.port != 443 %}:{{ buildset_registry.port }}{% endif %}/library" - register: images_built_json - - - name: Set fact with list of images - set_fact: - images_built: "{{ images_built_json.stdout | from_json | json_query('target.*.tags[?@] | []') }}" - - - name: Sign images - when: zuul.pipeline == 'post' - block: - - name: Download cosign binary - become: true - ansible.builtin.get_url: - url: https://github.com/sigstore/cosign/releases/latest/download/cosign-linux-amd64 - dest: /usr/local/bin/cosign - mode: 0755 - - - name: Determine the digest for the images - ansible.builtin.shell: | - cosign triangulate --type=digest {{ item }} - loop: "{{ images_built }}" - register: cosign_digest - - - name: Copy the cosign public key - copy: - content: "{{ cosign_key.public }}" - dest: cosign.pub - - - name: Verify which images are signed - ignore_errors: true - ansible.builtin.shell: | - cosign verify --key cosign.pub --output json {{ item }} - loop: "{{ cosign_digest.results | map(attribute='stdout') | list | unique }}" - register: cosign_verify - - - name: Copy the cosign private key - copy: - content: "{{ cosign_key.private }}" - dest: cosign.key - - - name: Sign images - ansible.builtin.shell: | - cosign sign -y --recursive --key cosign.key {{ item }} - loop: "{{ cosign_verify.results | selectattr('failed', 'equalto', true) | map(attribute='item') | list }}" - - - name: Delete the cosign private key - file: - path: cosign.key - state: absent - - - name: Return Zuul artifacts for images - zuul_return: - data: - zuul: - artifacts: - - name: "{{ item }}" - url: "docker://{{ item }}" - metadata: - type: container_image - repository: "{{ item.split(':')[0] }}" - tag: "{{ item.split(':')[1] }}" - loop: "{{ images_built }}" - -- name: Yield to other jobs - hosts: localhost - tasks: - - name: Pause the job - zuul_return: - data: - zuul: - pause: true diff --git a/zuul.d/playbooks/molecule/pre.yml b/zuul.d/playbooks/molecule/pre.yml index f9f221336..a4bc6922b 100644 --- a/zuul.d/playbooks/molecule/pre.yml +++ b/zuul.d/playbooks/molecule/pre.yml @@ -59,8 +59,15 @@ - name: Replace the registry in image manifest ansible.builtin.replace: path: "{{ zuul.project.src_dir }}/roles/defaults/vars/main.yml" - regexp: "registry.atmosphere.dev/library/([^@]*)@sha256:[a-fA-F0-9]{64}" - replace: '{{ buildset_registry.host }}:{{ buildset_registry.port }}/library/\1' + regexp: "{{ repo }}:{{ tag }}" + replace: '{{ buildset_registry.host }}:{{ buildset_registry.port }}/{{ repo }}:{{ tag }}' + loop: "{{ zuul.artifacts | default([]) }}" + loop_control: + loop_var: zj_zuul_artifact + when: "'metadata' in zj_zuul_artifact and zj_zuul_artifact.metadata.type | default('') == 'container_image'" + vars: + repo: "{{ zj_zuul_artifact.metadata.repository }}" + tag: "{{ zj_zuul_artifact.metadata.tag }}" # TODO(mnaser): Drop this when we move to PBR - name: Add current folder to Git's safe directories diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml index 55e21fa8d..51aba1ab9 100644 --- a/zuul.d/project.yaml +++ b/zuul.d/project.yaml @@ -13,14 +13,128 @@ # under the License. - project: + merge-mode: squash-merge check: jobs: - - atmosphere-buildset-registry - - atmosphere-molecule-aio-openvswitch - - atmosphere-molecule-aio-ovn - - atmosphere-molecule-csi-local-path-provisioner - - atmosphere-molecule-csi-rbd - - atmosphere-molecule-keycloak - post: + - atmosphere-molecule-aio-keycloak: + dependencies: &molecule_check_dependencies + - name: atmosphere-build-container-image-barbican + soft: true + - name: atmosphere-build-container-image-cinder + soft: true + - name: atmosphere-build-container-image-cluster-api-provider-openstack + soft: true + - name: atmosphere-build-container-image-designate + soft: true + - name: atmosphere-build-container-image-glance + soft: true + - name: atmosphere-build-container-image-heat + soft: true + - name: atmosphere-build-container-image-horizon + soft: true + - name: atmosphere-build-container-image-ironic + soft: true + - name: atmosphere-build-container-image-keystone + soft: true + - name: atmosphere-build-container-image-kubernetes-entrypoint + soft: true + - name: atmosphere-build-container-image-libvirt-tls-sidecar + soft: true + - name: atmosphere-build-container-image-libvirtd + soft: true + - name: atmosphere-build-container-image-magnum + soft: true + - name: atmosphere-build-container-image-manila + soft: true + - name: atmosphere-build-container-image-netoffload + soft: true + - name: atmosphere-build-container-image-neutron + soft: true + - name: atmosphere-build-container-image-nova + soft: true + - name: atmosphere-build-container-image-nova-ssh + soft: true + - name: atmosphere-build-container-image-octavia + soft: true + - name: atmosphere-build-container-image-openvswitch + soft: true + - name: atmosphere-build-container-image-ovn + soft: true + - name: atmosphere-build-container-image-placement + soft: true + - name: atmosphere-build-container-image-senlin + soft: true + - name: atmosphere-build-container-image-staffeln + soft: true + - name: atmosphere-build-container-image-tempest + soft: true + - atmosphere-molecule-aio-openvswitch: + dependencies: *molecule_check_dependencies + - atmosphere-molecule-aio-ovn: + dependencies: *molecule_check_dependencies + - atmosphere-molecule-csi-local-path-provisioner: + dependencies: *molecule_check_dependencies + - atmosphere-molecule-csi-rbd: + dependencies: *molecule_check_dependencies + gate: jobs: - - atmosphere-upload-images + - atmosphere-molecule-aio-keycloak: + dependencies: &molecule_gate_dependencies + - name: atmosphere-upload-container-image-barbican + soft: true + - name: atmosphere-upload-container-image-cinder + soft: true + - name: atmosphere-upload-container-image-cluster-api-provider-openstack + soft: true + - name: atmosphere-upload-container-image-designate + soft: true + - name: atmosphere-upload-container-image-glance + soft: true + - name: atmosphere-upload-container-image-heat + soft: true + - name: atmosphere-upload-container-image-horizon + soft: true + - name: atmosphere-upload-container-image-ironic + soft: true + - name: atmosphere-upload-container-image-keystone + soft: true + - name: atmosphere-upload-container-image-kubernetes-entrypoint + soft: true + - name: atmosphere-upload-container-image-libvirt-tls-sidecar + soft: true + - name: atmosphere-upload-container-image-libvirtd + soft: true + - name: atmosphere-upload-container-image-magnum + soft: true + - name: atmosphere-upload-container-image-manila + soft: true + - name: atmosphere-upload-container-image-netoffload + soft: true + - name: atmosphere-upload-container-image-neutron + soft: true + - name: atmosphere-upload-container-image-nova + soft: true + - name: atmosphere-upload-container-image-nova-ssh + soft: true + - name: atmosphere-upload-container-image-octavia + soft: true + - name: atmosphere-upload-container-image-openvswitch + soft: true + - name: atmosphere-upload-container-image-ovn + soft: true + - name: atmosphere-upload-container-image-placement + soft: true + - name: atmosphere-upload-container-image-senlin + soft: true + - name: atmosphere-upload-container-image-staffeln + soft: true + - name: atmosphere-upload-container-image-tempest + soft: true + - atmosphere-molecule-aio-openvswitch: + dependencies: *molecule_gate_dependencies + - atmosphere-molecule-aio-ovn: + dependencies: *molecule_gate_dependencies + - atmosphere-molecule-csi-local-path-provisioner: + dependencies: *molecule_gate_dependencies + - atmosphere-molecule-csi-rbd: + dependencies: *molecule_gate_dependencies diff --git a/zuul.d/secrets.yaml b/zuul.d/secrets.yaml index 9cbc36264..5208efbb5 100644 --- a/zuul.d/secrets.yaml +++ b/zuul.d/secrets.yaml @@ -13,20 +13,21 @@ # under the License. - secret: - name: registry_credentials + name: atmosphere-registry-credentials data: - username: robot$zuul - password: !encrypted/pkcs1-oaep - - OOykjodZE21qsYYLpzplp+PV0QbsKQ1B3+kI7bY97VQI/d5RlewqlNABc10eQnyYFSDvq - z2gSigSHxaVcV5qKJLTNVDgzSBHBj349OaTh6dXsxplvoArehfYMMZGuNmFlucoeN8K6w - yLRViN7tCS39CAYdjeNX1X7mQ7gBC61jUQ++JB+R5MhXmALJxzPfQRl9jsYmjx9ZXjEwE - tjKLSyQifQU20eXbhZOUW2nr+ItTikS3AOSo6Ja6jCI1c9lj6mJtUOorGsuxfdhEigPws - Qnz539imGcyqySSxvbJvgoEYxhE3dHFV5cJkomoHHHwLH0wbjAgBQtCMX3CvpxNX8sBfJ - MxvUkxY8VWt3CtJkdq+/eaCovCRn6GN5enI5tlUJgpAyV+PO6PvkTan6yC8lHMM5pD4jX - Hdo6gt6m9WyA5VxUHdoYYMaDO/rvCxxrUevzPn8do5I96madr9S9lFARqw74mgXG5I6pZ - M7zDXnorUFyv9dUIB2rOZrp7o0OC2thujjDTKXb4qfmfXGOwlkNmtCLo6BaDo9pSdRN8p - k0YnUAItZ64qUR7paEUKGy4rzsZjDYvIj7DrCFvLL2CXcyjPGcmcblpSHe5vJ15CFVH8X - o39FIIhSmehvrYJziGYUgf4JY1B6ktBtFc9l78WeoJRHNce+viSSkBj1fhbUaI= + registry.atmosphere.dev: + username: robot$zuul + password: !encrypted/pkcs1-oaep + - OOykjodZE21qsYYLpzplp+PV0QbsKQ1B3+kI7bY97VQI/d5RlewqlNABc10eQnyYFSDvq + z2gSigSHxaVcV5qKJLTNVDgzSBHBj349OaTh6dXsxplvoArehfYMMZGuNmFlucoeN8K6w + yLRViN7tCS39CAYdjeNX1X7mQ7gBC61jUQ++JB+R5MhXmALJxzPfQRl9jsYmjx9ZXjEwE + tjKLSyQifQU20eXbhZOUW2nr+ItTikS3AOSo6Ja6jCI1c9lj6mJtUOorGsuxfdhEigPws + Qnz539imGcyqySSxvbJvgoEYxhE3dHFV5cJkomoHHHwLH0wbjAgBQtCMX3CvpxNX8sBfJ + MxvUkxY8VWt3CtJkdq+/eaCovCRn6GN5enI5tlUJgpAyV+PO6PvkTan6yC8lHMM5pD4jX + Hdo6gt6m9WyA5VxUHdoYYMaDO/rvCxxrUevzPn8do5I96madr9S9lFARqw74mgXG5I6pZ + M7zDXnorUFyv9dUIB2rOZrp7o0OC2thujjDTKXb4qfmfXGOwlkNmtCLo6BaDo9pSdRN8p + k0YnUAItZ64qUR7paEUKGy4rzsZjDYvIj7DrCFvLL2CXcyjPGcmcblpSHe5vJ15CFVH8X + o39FIIhSmehvrYJziGYUgf4JY1B6ktBtFc9l78WeoJRHNce+viSSkBj1fhbUaI= - secret: name: cosign_key