From d645009db26aa50697279cdbb33ef1e7e8c10231 Mon Sep 17 00:00:00 2001 From: Mohammed Naser Date: Sat, 6 Apr 2024 14:53:42 -0400 Subject: [PATCH] zed: build all images + run tests using them Signed-off-by: Mohammed Naser --- Dockerfile | 188 +---- Earthfile | 112 +-- docker-bake.hcl | 648 ++++++++++++++++-- images/Earthfile | 52 -- images/barbican/Dockerfile | 27 + images/base/Earthfile | 7 - images/build.sh | 43 -- images/builder/Earthfile | 7 - images/cinder/Dockerfile | 37 + images/cinder/Earthfile | 23 - ...te-encrypted-volumes-directly-to-RBD.patch | 145 ++++ ...-encrypted-image-to-encrypted-volume.patch | 129 ++++ ...ypted-volume-clone-from-Glance-image.patch | 319 +++++++++ images/cloud-archive-base/Earthfile | 23 - .../cluster-api-provider-openstack/Dockerfile | 32 + .../cluster-api-provider-openstack/Earthfile | 18 - .../0001-chore-bump-k8s-api-for-cve.patch | 185 ++--- images/curl/Earthfile | 5 - images/designate/Dockerfile | 33 + images/designate/Earthfile | 21 - images/glance/Dockerfile | 40 ++ images/glance/Earthfile | 32 - images/heat/Dockerfile | 33 + images/heat/Earthfile | 21 - images/helm/Earthfile | 11 - images/horizon/Dockerfile | 62 ++ images/horizon/Earthfile | 38 - images/ironic/Dockerfile | 35 + images/ironic/Earthfile | 22 - images/keystone/Dockerfile | 49 ++ images/keystone/Earthfile | 34 - images/kubernetes-entrypoint/Dockerfile | 24 + images/kubernetes-entrypoint/Earthfile | 35 - images/kubernetes/Earthfile | 9 - images/libvirtd/Dockerfile | 26 + images/libvirtd/Earthfile | 21 - images/libvirtd/keyrings/ceph.gpg | Bin 1143 -> 0 bytes images/magnum/Dockerfile | 45 ++ images/magnum/Earthfile | 23 - ...01-Fix-Trust-token-scope-for-drivers.patch | 0 images/manila/Dockerfile | 35 + images/manila/Earthfile | 21 - images/netoffload/Dockerfile | 29 + images/netoffload/Earthfile | 28 - images/neutron/Dockerfile | 39 ++ images/neutron/Earthfile | 25 - ...-netns-deletion-of-broken-namespaces.patch | 144 ---- ...vn-set-mtu-in-external_ids-correctly.patch | 38 + images/nova-ssh/Dockerfile | 26 + images/nova-ssh/Earthfile | 18 - images/nova/Dockerfile | 35 + images/nova/Earthfile | 25 - images/octavia/Dockerfile | 39 ++ images/octavia/Earthfile | 22 - images/openstack-runtime/Dockerfile | 22 + images/openstack-service/Earthfile | 99 --- images/openstack-venv-builder/Dockerfile | 81 +++ images/openvswitch/Dockerfile | 25 + images/openvswitch/Earthfile | 17 - images/ovn/Dockerfile | 44 ++ images/ovn/Earthfile | 47 -- images/placement/Dockerfile | 26 + images/placement/Earthfile | 19 - images/python-base/Dockerfile | 26 + images/senlin/Dockerfile | 26 + images/senlin/Earthfile | 19 - images/staffeln/Dockerfile | 26 + images/staffeln/Earthfile | 20 - images/tempest/Dockerfile | 59 ++ images/tempest/Earthfile | 49 -- images/trivy/.trivyignore | 17 - images/trivy/Earthfile | 8 - images/ubuntu-cloud-archive/Dockerfile | 20 + .../trusted.gpg.d/ubuntu-cloud-keyring.gpg | Bin 0 -> 1201 bytes images/ubuntu/Dockerfile | 16 + patches/2023.2/magnum/.gitkeep | 0 roles/defaults/vars/main.yml | 364 +++++----- tools/build-docker-bake.py | 102 +++ zuul.d/docker-images/base.yaml | 37 + zuul.d/docker-images/ubuntu.yaml | 49 ++ zuul.d/jobs.yaml | 17 +- zuul.d/playbooks/buildset-registry/run.yml | 21 +- zuul.d/playbooks/molecule/pre.yml | 4 +- zuul.d/project.yaml | 4 - 84 files changed, 2752 insertions(+), 1650 deletions(-) delete mode 100644 images/Earthfile create mode 100644 images/barbican/Dockerfile delete mode 100644 images/base/Earthfile delete mode 100755 images/build.sh delete mode 100644 images/builder/Earthfile create mode 100644 images/cinder/Dockerfile delete mode 100644 images/cinder/Earthfile create mode 100644 images/cinder/patches/cinder/0001-Create-encrypted-volumes-directly-to-RBD.patch create mode 100644 images/cinder/patches/cinder/0002-Allow-clone-encrypted-image-to-encrypted-volume.patch create mode 100644 images/cinder/patches/cinder/0003-Allow-encrypted-volume-clone-from-Glance-image.patch delete mode 100644 images/cloud-archive-base/Earthfile create mode 100644 images/cluster-api-provider-openstack/Dockerfile delete mode 100644 images/cluster-api-provider-openstack/Earthfile delete mode 100644 images/curl/Earthfile create mode 100644 images/designate/Dockerfile delete mode 100644 images/designate/Earthfile create mode 100644 images/glance/Dockerfile delete mode 100644 images/glance/Earthfile create mode 100644 images/heat/Dockerfile delete mode 100644 images/heat/Earthfile delete mode 100644 images/helm/Earthfile create mode 100644 images/horizon/Dockerfile delete mode 100644 images/horizon/Earthfile create mode 100644 images/ironic/Dockerfile delete mode 100644 images/ironic/Earthfile create mode 100644 images/keystone/Dockerfile delete mode 100644 images/keystone/Earthfile create mode 100644 images/kubernetes-entrypoint/Dockerfile delete mode 100644 images/kubernetes-entrypoint/Earthfile delete mode 100644 images/kubernetes/Earthfile create mode 100644 images/libvirtd/Dockerfile delete mode 100644 images/libvirtd/Earthfile delete mode 100644 images/libvirtd/keyrings/ceph.gpg create mode 100644 images/magnum/Dockerfile delete mode 100644 images/magnum/Earthfile rename patches/zed/magnum/0000-Fix-Trust-token-scope-for-drivers.patch => images/magnum/patches/magnum/0001-Fix-Trust-token-scope-for-drivers.patch (100%) create mode 100644 images/manila/Dockerfile delete mode 100644 images/manila/Earthfile create mode 100644 images/netoffload/Dockerfile delete mode 100644 images/netoffload/Earthfile create mode 100644 images/neutron/Dockerfile delete mode 100644 images/neutron/Earthfile delete mode 100644 images/neutron/patches/neutron/0000-fix-netns-deletion-of-broken-namespaces.patch create mode 100644 images/neutron/patches/neutron/0001-fix-ovn-set-mtu-in-external_ids-correctly.patch create mode 100644 images/nova-ssh/Dockerfile delete mode 100644 images/nova-ssh/Earthfile create mode 100644 images/nova/Dockerfile delete mode 100644 images/nova/Earthfile create mode 100644 images/octavia/Dockerfile delete mode 100644 images/octavia/Earthfile create mode 100644 images/openstack-runtime/Dockerfile delete mode 100644 images/openstack-service/Earthfile create mode 100644 images/openstack-venv-builder/Dockerfile create mode 100644 images/openvswitch/Dockerfile delete mode 100644 images/openvswitch/Earthfile create mode 100644 images/ovn/Dockerfile delete mode 100644 images/ovn/Earthfile create mode 100644 images/placement/Dockerfile delete mode 100644 images/placement/Earthfile create mode 100644 images/python-base/Dockerfile create mode 100644 images/senlin/Dockerfile delete mode 100644 images/senlin/Earthfile create mode 100644 images/staffeln/Dockerfile delete mode 100644 images/staffeln/Earthfile create mode 100644 images/tempest/Dockerfile delete mode 100644 images/tempest/Earthfile delete mode 100644 images/trivy/.trivyignore delete mode 100644 images/trivy/Earthfile create mode 100644 images/ubuntu-cloud-archive/Dockerfile create mode 100644 images/ubuntu-cloud-archive/trusted.gpg.d/ubuntu-cloud-keyring.gpg create mode 100644 images/ubuntu/Dockerfile delete mode 100644 patches/2023.2/magnum/.gitkeep create mode 100644 tools/build-docker-bake.py create mode 100644 zuul.d/docker-images/base.yaml create mode 100644 zuul.d/docker-images/ubuntu.yaml diff --git a/Dockerfile b/Dockerfile index 9c8e06b7d..cfdb33256 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,161 +1,27 @@ -FROM ubuntu:jammy-20240227 AS ubuntu -LABEL org.opencontainers.image.source=https://github.com/vexxhost/atmosphere - -FROM ubuntu AS helm -ARG TARGETOS -ARG TARGETARCH -ARG HELM_VERSION=3.14.0 -ADD https://get.helm.sh/helm-v${HELM_VERSION}-${TARGETOS}-${TARGETARCH}.tar.gz /helm.tar.gz -RUN tar -xzf /helm.tar.gz -RUN mv /${TARGETOS}-${TARGETARCH}/helm /usr/bin/helm - -FROM ubuntu AS ubuntu-cloud-archive -ADD --chmod=644 https://git.launchpad.net/ubuntu/+source/ubuntu-keyring/plain/keyrings/ubuntu-cloud-keyring.gpg /etc/apt/trusted.gpg.d/ubuntu-cloud-keyring.gpg -ARG RELEASE -RUN < /etc/apt/sources.list.d/cloudarchive.list; \ - elif [ "${RELEASE}" = "zed" ]; then \ - echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu \${VERSION_CODENAME}-updates/${RELEASE} main" > /etc/apt/sources.list.d/cloudarchive.list; \ - elif [ "${RELEASE}" = "2023.1" ]; then \ - echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu \${VERSION_CODENAME}-updates/antelope main" > /etc/apt/sources.list.d/cloudarchive.list; \ - elif [ "${RELEASE}" = "2023.2" ]; then \ - echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu \${VERSION_CODENAME}-updates/bobcat main" > /etc/apt/sources.list.d/cloudarchive.list; \ - elif [ "${RELEASE}" = "master" ]; then \ - echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu \${VERSION_CODENAME}-updates/caracal main" > /etc/apt/sources.list.d/cloudarchive.list; \ - else \ - echo "${RELEASE} is not supported on \${VERSION_CODENAME}"; \ - exit 1; \ - fi; \ -else - echo "Unsupported release"; \ - exit 1; \ -fi -EOF - -FROM alpine/git AS requirements -ARG BRANCH -ADD https://opendev.org/openstack/requirements.git#${BRANCH} /src -RUN < requirements.txt @@ -114,10 +93,15 @@ build.collections: SAVE IMAGE --cache-hint image: - ARG RELEASE=2023.1 - FROM ./images/cloud-archive-base+image --RELEASE ${RELEASE} + FROM ubuntu:jammy ENV ANSIBLE_PIPELINING=True - DO ./images+APT_INSTALL --PACKAGES "rsync openssh-client" + RUN <" - exit 1 -fi - -docker buildx create --name=atmosphere --driver=docker-container || true - -if [ "$PUSH" = true ]; then - docker buildx bake --builder=atmosphere --provenance --sbom=true --push $TARGET - - # Sign all images - export COSIGN_PASSWORD="" - for IMAGE in $(docker buildx bake --print ${TARGET} | jq -r '.target[].tags | select(. != null)[]'); do - cosign sign -y --recursive --key cosign.key ${IMAGE} - done -else - docker buildx bake --builder=atmosphere --provenance --sbom=true $TARGET -fi diff --git a/images/builder/Earthfile b/images/builder/Earthfile deleted file mode 100644 index f4e92d3fa..000000000 --- a/images/builder/Earthfile +++ /dev/null @@ -1,7 +0,0 @@ -VERSION 0.7 - -image: - FROM ../base+image - DO ../+APT_INSTALL --PACKAGES "build-essential git python3-dev python3-pip python3-venv" - ARG POETRY_VERSION=1.4.2 - RUN pip3 install --no-cache-dir poetry==${POETRY_VERSION} diff --git a/images/cinder/Dockerfile b/images/cinder/Dockerfile new file mode 100644 index 000000000..ed59f4670 --- /dev/null +++ b/images/cinder/Dockerfile @@ -0,0 +1,37 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +FROM openstack-venv-builder AS build +ARG CINDER_GIT_REF +ADD --keep-git-dir=true https://opendev.org/openstack/cinder.git#${CINDER_GIT_REF} /src/cinder +RUN git -C /src/cinder fetch --unshallow +# COPY patches/cinder /patches/cinder +# RUN git -C /src/cinder apply --verbose /patches/cinder/* +RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private < +Date: Fri, 1 Mar 2024 13:50:13 +0800 +Subject: [PATCH 1/3] Create encrypted volumes directly to RBD + +This fix slow on create encrypted volumes with temp file import. +Encrypted volume create is now directly upload to RBD with qemu-img +command without temprory image file generated. + +Closes-Bug: #2055517 +Change-Id: If7a72a4acd5600de1350289a9d9c38017d42659e +--- + cinder/tests/unit/volume/drivers/test_rbd.py | 9 +-- + cinder/volume/drivers/rbd.py | 62 +++++++++---------- + ...ate-encrypted-volume-c1bb6b44b85c0242.yaml | 7 +++ + 3 files changed, 40 insertions(+), 38 deletions(-) + create mode 100644 releasenotes/notes/improve-create-encrypted-volume-c1bb6b44b85c0242.yaml + +diff --git a/cinder/tests/unit/volume/drivers/test_rbd.py b/cinder/tests/unit/volume/drivers/test_rbd.py +index f1ffeb89e..cf768df06 100644 +--- a/cinder/tests/unit/volume/drivers/test_rbd.py ++++ b/cinder/tests/unit/volume/drivers/test_rbd.py +@@ -3247,7 +3247,6 @@ class RBDTestCase(test.TestCase): + self.__dict__ = d + + mock_temp_file.return_value.__enter__.side_effect = [ +- DictObj({'name': '/imgfile'}), + DictObj({'name': '/passfile'})] + + key_mgr = fake_keymgr.fake_api() +@@ -3268,15 +3267,13 @@ class RBDTestCase(test.TestCase): + self.context) + mock_open.assert_called_with('/passfile', 'w') + +- mock_exec.assert_any_call( ++ mock_exec.assert_called_with( + 'qemu-img', 'create', '-f', 'luks', '-o', + 'cipher-alg=aes-256,cipher-mode=xts,ivgen-alg=essiv', + '--object', + 'secret,id=luks_sec,format=raw,file=/passfile', +- '-o', 'key-secret=luks_sec', '/imgfile', '12288M') +- mock_exec.assert_any_call( +- 'rbd', 'import', '--dest-pool', 'rbd', '--order', 22, +- '/imgfile', self.volume_c.name) ++ '-o', 'key-secret=luks_sec', 'rbd:rbd/%s' % self.volume_c.name, ++ '12288M') + + @mock.patch('cinder.objects.Volume.get_by_id') + @mock.patch('cinder.db.volume_glance_metadata_get', return_value={}) +diff --git a/cinder/volume/drivers/rbd.py b/cinder/volume/drivers/rbd.py +index 1f4dac8d9..aace801f3 100644 +--- a/cinder/volume/drivers/rbd.py ++++ b/cinder/volume/drivers/rbd.py +@@ -1089,8 +1089,8 @@ class RBDDriver(driver.CloneableImageVD, driver.MigrateVD, + context: context.RequestContext) -> None: + """Create an encrypted volume. + +- This works by creating an encrypted image locally, +- and then uploading it to the volume. ++ This works by creating an encrypted image and ++ then uploading it to the volume directly. + """ + encryption = volume_utils.check_encryption_provider(volume, context) + +@@ -1102,37 +1102,35 @@ class RBDDriver(driver.CloneableImageVD, driver.MigrateVD, + # create a file + tmp_dir = volume_utils.image_conversion_dir() + +- with tempfile.NamedTemporaryFile(dir=tmp_dir) as tmp_image: +- with tempfile.NamedTemporaryFile(dir=tmp_dir) as tmp_key: +- with open(tmp_key.name, 'w') as f: +- f.write(passphrase) +- +- cipher_spec = image_utils.decode_cipher(encryption['cipher'], +- encryption['key_size']) +- +- create_cmd = ( +- 'qemu-img', 'create', '-f', 'luks', +- '-o', 'cipher-alg=%(cipher_alg)s,' +- 'cipher-mode=%(cipher_mode)s,' +- 'ivgen-alg=%(ivgen_alg)s' % cipher_spec, +- '--object', 'secret,id=luks_sec,' +- 'format=raw,file=%(passfile)s' % {'passfile': +- tmp_key.name}, +- '-o', 'key-secret=luks_sec', +- tmp_image.name, +- '%sM' % (volume.size * 1024)) +- self._execute(*create_cmd) +- +- # Copy image into RBD +- chunk_size = self.configuration.rbd_store_chunk_size * units.Mi +- order = int(math.log(chunk_size, 2)) ++ with tempfile.NamedTemporaryFile(dir=tmp_dir) as tmp_key: ++ with open(tmp_key.name, 'w') as f: ++ f.write(passphrase) + +- cmd = ['rbd', 'import', +- '--dest-pool', self.configuration.rbd_pool, +- '--order', order, +- tmp_image.name, volume.name] +- cmd.extend(self._ceph_args()) +- self._execute(*cmd) ++ cipher_spec = image_utils.decode_cipher(encryption['cipher'], ++ encryption['key_size']) ++ ++ _, conf, user_id, _ = self._get_config_tuple() ++ rbd_options = '' ++ if user_id: ++ rbd_options += ':id=%(user_id)s' % {'user_id': user_id} ++ if conf: ++ rbd_options += ':conf=%(conf)s' % {'conf': conf} ++ create_cmd = ( ++ 'qemu-img', 'create', '-f', 'luks', ++ '-o', 'cipher-alg=%(cipher_alg)s,' ++ 'cipher-mode=%(cipher_mode)s,' ++ 'ivgen-alg=%(ivgen_alg)s' % cipher_spec, ++ '--object', 'secret,id=luks_sec,' ++ 'format=raw,file=%(passfile)s' % {'passfile': ++ tmp_key.name}, ++ '-o', 'key-secret=luks_sec', ++ 'rbd:%(pool_name)s/%(image_name)s%(rbd_options)s' % { ++ 'pool_name': self.configuration.rbd_pool, ++ 'image_name': volume.name, ++ 'rbd_options': rbd_options ++ }, ++ '%sM' % (volume.size * 1024)) ++ self._execute(*create_cmd) + + def create_volume(self, volume: Volume) -> dict[str, Any]: + """Creates a logical volume.""" +diff --git a/releasenotes/notes/improve-create-encrypted-volume-c1bb6b44b85c0242.yaml b/releasenotes/notes/improve-create-encrypted-volume-c1bb6b44b85c0242.yaml +new file mode 100644 +index 000000000..8bdff6746 +--- /dev/null ++++ b/releasenotes/notes/improve-create-encrypted-volume-c1bb6b44b85c0242.yaml +@@ -0,0 +1,7 @@ ++--- ++fixes: ++ - | ++ [Bug 255517](https://bugs.launchpad.net/cinder/+bug/2055517): Fix slow ++ on create encrypted volumes with temp file import. Encrypted volume create ++ is now directly upload to rbd with qemu-img command without temprory image ++ file generated. +-- +2.34.1 diff --git a/images/cinder/patches/cinder/0002-Allow-clone-encrypted-image-to-encrypted-volume.patch b/images/cinder/patches/cinder/0002-Allow-clone-encrypted-image-to-encrypted-volume.patch new file mode 100644 index 000000000..db47071c3 --- /dev/null +++ b/images/cinder/patches/cinder/0002-Allow-clone-encrypted-image-to-encrypted-volume.patch @@ -0,0 +1,129 @@ +From c47fb9f0209076182787f06b306f30c3e1948592 Mon Sep 17 00:00:00 2001 +From: ricolin +Date: Sat, 16 Mar 2024 00:35:12 +0800 +Subject: [PATCH 2/3] Allow clone encrypted image to encrypted volume + +Exactly like what we did in copy-and-import image when create encrypted +volume from encrypted image. If the image is encrypted, we will copy +`cinder_encryption_key_id` from image metadata to volume. That means we +should be safe to try directly clone from encrypted image. + +Related-Bug: #2055517 +Change-Id: Id6a1452c2c197a58677bf181470f54565fbd263b +--- + .../volume/flows/test_create_volume_flow.py | 46 +++++++++++++++++++ + cinder/volume/flows/manager/create_volume.py | 9 +++- + ...clone-encryped-image-6961ca1439825dc4.yaml | 8 ++++ + 3 files changed, 61 insertions(+), 2 deletions(-) + create mode 100644 releasenotes/notes/allow-clone-encryped-image-6961ca1439825dc4.yaml + +diff --git a/cinder/tests/unit/volume/flows/test_create_volume_flow.py b/cinder/tests/unit/volume/flows/test_create_volume_flow.py +index ad5735596..6ff97aaa0 100644 +--- a/cinder/tests/unit/volume/flows/test_create_volume_flow.py ++++ b/cinder/tests/unit/volume/flows/test_create_volume_flow.py +@@ -1203,6 +1203,7 @@ class CreateVolumeFlowManagerTestCase(test.TestCase): + encryption_key_id=fakes.ENCRYPTION_KEY_ID, + host='host@backend#pool') + ++ fake_driver.clone_image.return_value = (None, False) + fake_image_service = fake_image.FakeImageService() + image_meta = {} + image_id = fakes.IMAGE_ID +@@ -1219,6 +1220,7 @@ class CreateVolumeFlowManagerTestCase(test.TestCase): + image_meta, fake_image_service) + + fake_driver.create_volume.assert_called_once_with(volume) ++ fake_driver.clone_image.assert_called_once() + fake_driver.copy_image_to_encrypted_volume.assert_not_called() + fake_driver.copy_image_to_volume.assert_called_once_with( + self.ctxt, volume, fake_image_service, image_id, +@@ -1228,6 +1230,50 @@ class CreateVolumeFlowManagerTestCase(test.TestCase): + image_meta=image_meta) + mock_cleanup_cg.assert_called_once_with(volume) + ++ @mock.patch('cinder.volume.flows.manager.create_volume.' ++ 'CreateVolumeFromSpecTask.' ++ '_handle_bootable_volume_glance_meta') ++ @mock.patch('cinder.image.image_utils.TemporaryImages.fetch') ++ @mock.patch('cinder.image.image_utils.qemu_img_info') ++ @mock.patch('cinder.image.image_utils.check_virtual_size') ++ def test_create_encrypted_volume_from_enc_image_clone( ++ self, mock_check_size, mock_qemu_img, ++ mock_fetch_img, mock_handle_bootable ++ ): ++ fake_db = mock.MagicMock() ++ fake_driver = mock.MagicMock() ++ fake_volume_manager = mock.MagicMock() ++ fake_manager = create_volume_manager.CreateVolumeFromSpecTask( ++ fake_volume_manager, fake_db, fake_driver) ++ volume = fake_volume.fake_volume_obj( ++ self.ctxt, ++ encryption_key_id=fakes.ENCRYPTION_KEY_ID, ++ host='host@backend#pool') ++ ++ fake_driver.clone_image.return_value = (None, True) ++ fake_image_service = fake_image.FakeImageService() ++ image_meta = {} ++ image_id = fakes.IMAGE_ID ++ image_meta['id'] = image_id ++ image_meta['status'] = 'active' ++ image_meta['size'] = 1 ++ image_meta['cinder_encryption_key_id'] = \ ++ '00000000-0000-0000-0000-000000000000' ++ image_location = 'abc' ++ ++ fake_db.volume_update.return_value = volume ++ fake_manager._create_from_image(self.ctxt, volume, ++ image_location, image_id, ++ image_meta, fake_image_service) ++ ++ fake_driver.create_volume.assert_not_called() ++ fake_driver.clone_image.assert_called_once() ++ fake_driver.copy_image_to_encrypted_volume.assert_not_called() ++ fake_driver.copy_image_to_volume.assert_not_called() ++ mock_handle_bootable.assert_called_once_with(self.ctxt, volume, ++ image_id=image_id, ++ image_meta=image_meta) ++ + @ddt.data({'driver_error': True}, + {'driver_error': False}) + @mock.patch('cinder.backup.api.API.get_available_backup_service_host') +diff --git a/cinder/volume/flows/manager/create_volume.py b/cinder/volume/flows/manager/create_volume.py +index ac09ed898..549a49b00 100644 +--- a/cinder/volume/flows/manager/create_volume.py ++++ b/cinder/volume/flows/manager/create_volume.py +@@ -1087,11 +1087,16 @@ class CreateVolumeFromSpecTask(flow_utils.CinderTask): + # dict containing provider_location for cloned volume + # and clone status. + # NOTE (lixiaoy1): Currently all images are raw data, we can't +- # use clone_image to copy data if new volume is encrypted. ++ # use clone_image to copy data if new volume is encrypted ++ # NOTE (ricolin): If the image provided an encryption key, we have ++ # already cloned it to the volume's key in ++ # _get_encryption_key_id, so we can do a direct clone. ++ image_encryption_key = image_meta.get('cinder_encryption_key_id') + volume_is_encrypted = volume.encryption_key_id is not None + cloned = False + model_update = None +- if not volume_is_encrypted: ++ if not volume_is_encrypted or ( ++ volume_is_encrypted and image_encryption_key): + model_update, cloned = self.driver.clone_image(context, + volume, + image_location, +diff --git a/releasenotes/notes/allow-clone-encryped-image-6961ca1439825dc4.yaml b/releasenotes/notes/allow-clone-encryped-image-6961ca1439825dc4.yaml +new file mode 100644 +index 000000000..d6c7e8eb8 +--- /dev/null ++++ b/releasenotes/notes/allow-clone-encryped-image-6961ca1439825dc4.yaml +@@ -0,0 +1,8 @@ ++--- ++features: ++ - | ++ Allow clone encrypted image when create encrypted volume from image. ++ Exactly like what we did in copy-and-import image when create encrypted ++ volume from encrypted image. If the image is encrypted, we will copy ++ `cinder_encryption_key_id` from image metadata to volume. That means we ++ should be safe to try directly clone from encrypted image. +-- +2.34.1 diff --git a/images/cinder/patches/cinder/0003-Allow-encrypted-volume-clone-from-Glance-image.patch b/images/cinder/patches/cinder/0003-Allow-encrypted-volume-clone-from-Glance-image.patch new file mode 100644 index 000000000..f43644989 --- /dev/null +++ b/images/cinder/patches/cinder/0003-Allow-encrypted-volume-clone-from-Glance-image.patch @@ -0,0 +1,319 @@ +From 97953c8bd8c7d61a3f68c3e829ff79290315ec5b Mon Sep 17 00:00:00 2001 +From: ricolin +Date: Fri, 15 Mar 2024 23:26:14 +0800 +Subject: [PATCH 3/3] Allow encrypted volume clone from Glance image + +Allow clone image when creating encrypted volume from Glance image if both +stored in RBD. +Previously, Glance image clone is not supported for encrypted volume +creation. The old process is to download image to local disk, encrypt the +local file, and import it back to RBD. This not just slow, but also +protentially take large amount of local disk space from hosts that runs +Cinder volume service. +The new process is to try and clone from Glance image (if it's also stored +in RBD), flatten it, and encrypting new image in RBD for volume. And If +Glance image source is not clonable, will continue with copy-and-import +method as previous flow. +In above flow, If clone from Glance image is appliable. Even it still +requires to clone and flatten RBD image might took some time, but should +still be a lot faster than copy-and-import. And also no local disk will +be used to store raw image in this case. +This also introduced driver method `clone_image_and_encrypt` for drivers +that seperate the clone process from non-encrypted volume so the create +flow won't be affected. + +Related-Bug: #2055517 +Change-Id: Ia023646d8bc9468bf5cc8955f7013299b2a3a460 +--- + .../volume/flows/test_create_volume_flow.py | 49 ++++++++++ + cinder/volume/driver.py | 11 +++ + cinder/volume/drivers/rbd.py | 95 ++++++++++++++++--- + cinder/volume/flows/manager/create_volume.py | 8 +- + ...for-encrypted-volume-de477647e9016b8b.yaml | 21 ++++ + 5 files changed, 167 insertions(+), 17 deletions(-) + create mode 100644 releasenotes/notes/allow-clone-image-for-encrypted-volume-de477647e9016b8b.yaml + +diff --git a/cinder/tests/unit/volume/flows/test_create_volume_flow.py b/cinder/tests/unit/volume/flows/test_create_volume_flow.py +index 6ff97aaa0..a85bf7eec 100644 +--- a/cinder/tests/unit/volume/flows/test_create_volume_flow.py ++++ b/cinder/tests/unit/volume/flows/test_create_volume_flow.py +@@ -1164,6 +1164,7 @@ class CreateVolumeFlowManagerTestCase(test.TestCase): + image_location = 'abc' + + fake_db.volume_update.return_value = volume ++ fake_driver.clone_image_and_encrypt.return_value = (None, False) + fake_manager._create_from_image(self.ctxt, volume, + image_location, image_id, + image_meta, fake_image_service) +@@ -1178,6 +1179,54 @@ class CreateVolumeFlowManagerTestCase(test.TestCase): + image_meta=image_meta) + mock_cleanup_cg.assert_called_once_with(volume) + ++ @mock.patch('cinder.volume.flows.manager.create_volume.' ++ 'CreateVolumeFromSpecTask.' ++ '_prepare_image_cache_entry') ++ @mock.patch('cinder.volume.flows.manager.create_volume.' ++ 'CreateVolumeFromSpecTask.' ++ '_handle_bootable_volume_glance_meta') ++ @mock.patch('cinder.image.image_utils.TemporaryImages.fetch') ++ @mock.patch('cinder.image.image_utils.qemu_img_info') ++ @mock.patch('cinder.image.image_utils.check_virtual_size') ++ def test_create_encrypted_volume_from_image_clone( ++ self, mock_check_size, mock_qemu_img, mock_fetch_img, ++ mock_handle_bootable, mock_prepare_image_cache ++ ): ++ fake_db = mock.MagicMock() ++ fake_driver = mock.MagicMock() ++ fake_volume_manager = mock.MagicMock() ++ fake_cache = mock.MagicMock() ++ fake_manager = create_volume_manager.CreateVolumeFromSpecTask( ++ fake_volume_manager, fake_db, fake_driver, fake_cache) ++ volume = fake_volume.fake_volume_obj( ++ self.ctxt, ++ encryption_key_id=fakes.ENCRYPTION_KEY_ID, ++ host='host@backend#pool') ++ ++ fake_image_service = fake_image.FakeImageService() ++ image_meta = {} ++ image_id = fakes.IMAGE_ID ++ image_meta['id'] = image_id ++ image_meta['status'] = 'active' ++ image_meta['size'] = 1 ++ image_location = 'abc' ++ ++ fake_db.volume_update.return_value = volume ++ fake_driver.clone_image_and_encrypt.return_value = (None, True) ++ fake_manager._create_from_image(self.ctxt, volume, ++ image_location, image_id, ++ image_meta, fake_image_service) ++ ++ mock_prepare_image_cache.assert_not_called() ++ fake_driver.create_volume.assert_not_called() ++ fake_driver.clone_image.assert_not_called() ++ fake_driver.clone_image_and_encrypt.assert_called_once() ++ fake_driver.copy_image_to_encrypted_volume.assert_not_called() ++ fake_driver.copy_image_to_volume.assert_not_called() ++ mock_handle_bootable.assert_called_once_with(self.ctxt, volume, ++ image_id=image_id, ++ image_meta=image_meta) ++ + @mock.patch('cinder.volume.flows.manager.create_volume.' + 'CreateVolumeFromSpecTask.' + '_cleanup_cg_in_volume') +diff --git a/cinder/volume/driver.py b/cinder/volume/driver.py +index 2ff27564b..030b4a8dd 100644 +--- a/cinder/volume/driver.py ++++ b/cinder/volume/driver.py +@@ -1192,6 +1192,17 @@ class BaseVD(object, metaclass=abc.ABCMeta): + """ + return None, False + ++ def clone_image_and_encrypt( ++ self, context, volume, image_location, image_meta, image_service ++ ): ++ """Create and encrypt a volume efficiently from an existing image. ++ ++ Refer to ++ :obj:`cinder.interface.volume_driver.VolumeDriverCore.clone_image` ++ for additional information. ++ """ ++ return None, False ++ + def backup_use_temp_snapshot(self): + """Get the configured setting for backup from snapshot. + +diff --git a/cinder/volume/drivers/rbd.py b/cinder/volume/drivers/rbd.py +index aace801f3..ad0eea9d5 100644 +--- a/cinder/volume/drivers/rbd.py ++++ b/cinder/volume/drivers/rbd.py +@@ -141,6 +141,13 @@ CONF.register_opts(RBD_OPTS, group=configuration.SHARED_CONF_GROUP) + EXTRA_SPECS_REPL_ENABLED = "replication_enabled" + EXTRA_SPECS_MULTIATTACH = "multiattach" + ++# Note(ricolin): Reference ceph site for more information: ++# https://github.com/ceph/ceph/blob/main/src/include/rbd/librbd.h ++RBD_ENCRYPTION_ALG = { ++ 'aes-128': 0, ++ 'aes-256': 1 ++} ++ + QOS_KEY_MAP = { + 'total_iops_sec': { + 'ceph_key': 'rbd_qos_iops_limit', +@@ -1190,6 +1197,20 @@ class RBDDriver(driver.CloneableImageVD, driver.MigrateVD, + + return max(image_stripe_unit, default_stripe_unit) + ++ def _encrypt_volume(self, ++ context: context.RequestContext, ++ volume: Volume, ++ passphrase: str, ++ cipher_spec: dict ++ ) -> None: ++ LOG.debug("Encrypting volume $s", volume.name) ++ with RBDVolumeProxy(self, volume.name) as vol: ++ vol.encryption_format( ++ 0, ++ passphrase, ++ RBD_ENCRYPTION_ALG[cipher_spec['cipher_alg']] ++ ) ++ + def _clone(self, + volume: Volume, + src_pool: str, +@@ -1873,6 +1894,37 @@ class RBDDriver(driver.CloneableImageVD, driver.MigrateVD, + image_location: Optional[list], + image_meta: dict, + image_service) -> tuple[dict, bool]: ++ return self._clone_image(context, volume, image_location, ++ image_meta, image_service) ++ ++ def clone_image_and_encrypt( ++ self, ++ context: context.RequestContext, ++ volume: Volume, ++ image_location: Optional[list], ++ image_meta: dict, ++ image_service ++ ) -> tuple[dict, bool]: ++ ++ # Note(ricolin): method `encryption_format` added after Ceph Pacific ++ # release (>=16.1.0). ++ if self.rbd and hasattr( ++ self.rbd.Image, 'encryption_format') and callable( ++ self.rbd.Image.encryption_format): ++ return self._clone_image( ++ context, volume, image_location, ++ image_meta, image_service, is_encrypt=True) ++ else: ++ return {}, False ++ ++ def _clone_image(self, ++ context: context.RequestContext, ++ volume: Volume, ++ image_location: Optional[list], ++ image_meta: dict, ++ image_service, ++ is_encrypt: Optional[bool] = False ++ ) -> tuple[dict, bool]: + if image_location: + # Note: image_location[0] is glance image direct_url. + # image_location[1] contains the list of all locations (including +@@ -1890,12 +1942,41 @@ class RBDDriver(driver.CloneableImageVD, driver.MigrateVD, + url_location, image_meta): + _prefix, pool, image, snapshot = \ + self._parse_location(url_location) ++ if is_encrypt: ++ passphrase, cipher_spec = self._fetch_encryption_info( ++ context, volume) ++ if cipher_spec['cipher_alg'] not in RBD_ENCRYPTION_ALG: ++ LOG.debug( ++ "Skip clone. Cipher spec: %s not supported " ++ "for encrypt volume directly from RBD.", ++ cipher_spec) ++ return ({}, False) + volume_update = self._clone(volume, pool, image, snapshot) ++ if is_encrypt: ++ self._flatten(self.configuration.rbd_pool, volume.name) ++ self._encrypt_volume( ++ context, volume, passphrase, cipher_spec) + volume_update['provider_location'] = None + self._resize(volume) + return volume_update, True + return ({}, False) + ++ def _fetch_encryption_info(self, ++ context: context.RequestContext, ++ volume: Volume) -> tuple[str, dict]: ++ encryption = volume_utils.check_encryption_provider( ++ volume, ++ context) ++ # Fetch the key associated with the volume and decode the passphrase ++ keymgr = key_manager.API(CONF) ++ key = keymgr.get(context, encryption['encryption_key_id']) ++ passphrase = binascii.hexlify(key.get_encoded()).decode('utf-8') ++ ++ # Decode the dm-crypt style cipher spec into something qemu-img can use ++ cipher_spec = image_utils.decode_cipher(encryption['cipher'], ++ encryption['key_size']) ++ return passphrase, cipher_spec ++ + def copy_image_to_encrypted_volume(self, + context: context.RequestContext, + volume: Volume, +@@ -1920,18 +2001,8 @@ class RBDDriver(driver.CloneableImageVD, driver.MigrateVD, + volume: Volume, + tmp_dir: str, + src_image_path: Any) -> None: +- encryption = volume_utils.check_encryption_provider( +- volume, +- context) +- +- # Fetch the key associated with the volume and decode the passphrase +- keymgr = key_manager.API(CONF) +- key = keymgr.get(context, encryption['encryption_key_id']) +- passphrase = binascii.hexlify(key.get_encoded()).decode('utf-8') +- +- # Decode the dm-crypt style cipher spec into something qemu-img can use +- cipher_spec = image_utils.decode_cipher(encryption['cipher'], +- encryption['key_size']) ++ passphrase, cipher_spec = self._fetch_encryption_info( ++ context, volume) + + tmp_dir = volume_utils.image_conversion_dir() + +diff --git a/cinder/volume/flows/manager/create_volume.py b/cinder/volume/flows/manager/create_volume.py +index 549a49b00..8ea4c0fe1 100644 +--- a/cinder/volume/flows/manager/create_volume.py ++++ b/cinder/volume/flows/manager/create_volume.py +@@ -1086,11 +1086,6 @@ class CreateVolumeFromSpecTask(flow_utils.CinderTask): + # NOTE (singn): two params need to be returned + # dict containing provider_location for cloned volume + # and clone status. +- # NOTE (lixiaoy1): Currently all images are raw data, we can't +- # use clone_image to copy data if new volume is encrypted +- # NOTE (ricolin): If the image provided an encryption key, we have +- # already cloned it to the volume's key in +- # _get_encryption_key_id, so we can do a direct clone. + image_encryption_key = image_meta.get('cinder_encryption_key_id') + volume_is_encrypted = volume.encryption_key_id is not None + cloned = False +@@ -1102,6 +1097,9 @@ class CreateVolumeFromSpecTask(flow_utils.CinderTask): + image_location, + image_meta, + image_service) ++ else: ++ model_update, cloned = self.driver.clone_image_and_encrypt( ++ context, volume, image_location, image_meta, image_service) + + # Try and clone the image if we have it set as a glance location. + if not cloned and 'cinder' in CONF.allowed_direct_url_schemes: +diff --git a/releasenotes/notes/allow-clone-image-for-encrypted-volume-de477647e9016b8b.yaml b/releasenotes/notes/allow-clone-image-for-encrypted-volume-de477647e9016b8b.yaml +new file mode 100644 +index 000000000..63d1f38cd +--- /dev/null ++++ b/releasenotes/notes/allow-clone-image-for-encrypted-volume-de477647e9016b8b.yaml +@@ -0,0 +1,21 @@ ++--- ++features: ++ - | ++ Allow clone image when creating encrypted volume from Glance image if both ++ stored in RBD. ++ Previously, Glance image clone is not supported for encrypted volume ++ creation. The old process is to download image to local disk, encrypt the ++ local file, and import it back to RBD. This not just slow, but also ++ protentially take large amount of local disk space from hosts that runs ++ Cinder volume service. ++ The new process is to try and clone from Glance image (if it's also stored ++ in RBD), flatten it, and encrypting new image in RBD for volume. And If ++ Glance image source is not clonable, will continue with copy-and-import ++ method as previous flow. ++ In above flow, If clone from Glance image is appliable. Even it still ++ requires to clone and flatten RBD image might took some time, but should ++ still be a lot faster than copy-and-import. And also no local disk will ++ be used to store raw image in this case. ++ This also introduced driver method `clone_image_and_encrypt` for drivers ++ that seperate the clone process from non-encrypted volume so the create ++ flow won't be affected. +-- +2.34.1 diff --git a/images/cloud-archive-base/Earthfile b/images/cloud-archive-base/Earthfile deleted file mode 100644 index 473d5d890..000000000 --- a/images/cloud-archive-base/Earthfile +++ /dev/null @@ -1,23 +0,0 @@ -VERSION 0.7 - -image: - FROM ../base+image - DO ../+APT_INSTALL --PACKAGES "ca-certificates libpython3.10 lsb-release python3-distutils sudo ubuntu-cloud-keyring" - ARG RELEASE - IF [ "$(lsb_release -sc)" = "jammy" ] - IF [ "${RELEASE}" = "yoga" ] - # NOTE: Yoga shipped with 22.04, so no need to add an extra repository. - RUN echo "" > /etc/apt/sources.list.d/cloudarchive.list - ELSE IF [ "${RELEASE}" = "zed" ] - RUN echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu $(lsb_release -sc)-updates/${RELEASE} main" > /etc/apt/sources.list.d/cloudarchive.list - ELSE IF [ "${RELEASE}" = "2023.1" ] - RUN echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu $(lsb_release -sc)-updates/antelope main" > /etc/apt/sources.list.d/cloudarchive.list - ELSE IF [ "${RELEASE}" = "2023.2" ] - RUN echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu $(lsb_release -sc)-updates/bobcat main" > /etc/apt/sources.list.d/cloudarchive.list - ELSE IF [ "${RELEASE}" = "master" ] - RUN echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu $(lsb_release -sc)-updates/caracal main" > /etc/apt/sources.list.d/cloudarchive.list - ELSE - RUN echo "${RELEASE} is not supported on $(lsb_release -sc)" - RUN exit 1 - END - END diff --git a/images/cluster-api-provider-openstack/Dockerfile b/images/cluster-api-provider-openstack/Dockerfile new file mode 100644 index 000000000..83baff569 --- /dev/null +++ b/images/cluster-api-provider-openstack/Dockerfile @@ -0,0 +1,32 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +FROM git AS src +ARG CAPO_VERSION +ADD https://github.com/kubernetes-sigs/cluster-api-provider-openstack.git#${CAPO_VERSION} /src +WORKDIR /src +COPY /patches /patches +RUN git apply /patches/*.patch + +FROM golang AS builder +COPY --from=src --link /src /src +WORKDIR /src +ARG ARCH +RUN CGO_ENABLED=0 GOOS=linux GOARCH=${ARCH} \ + go build -ldflags "-extldflags '-static'" -o manager ${package} + +FROM gcr.io/distroless/static:nonroot +COPY --from=builder /src/manager /manager +USER 65532 +ENTRYPOINT ["/manager"] diff --git a/images/cluster-api-provider-openstack/Earthfile b/images/cluster-api-provider-openstack/Earthfile deleted file mode 100644 index 111f465e0..000000000 --- a/images/cluster-api-provider-openstack/Earthfile +++ /dev/null @@ -1,18 +0,0 @@ -VERSION 0.7 - -ARG --global CAPO_VERSION=v0.8.0 -ARG --global EPOCH=2 - -clone: - FROM ../builder+image - GIT CLONE --branch ${CAPO_VERSION} https://github.com/kubernetes-sigs/cluster-api-provider-openstack /workspace/src - WORKDIR /workspace/src - COPY patches /workspace/patches - RUN git apply --verbose /workspace/patches/*.patch - SAVE ARTIFACT /workspace/src - -image: - FROM DOCKERFILE -f +clone/src/Dockerfile +clone/src/* - LABEL org.opencontainers.image.source=https://github.com/vexxhost/atmosphere - ARG REGISTRY=ghcr.io/vexxhost/atmosphere - SAVE IMAGE --push ${REGISTRY}/capi-openstack-controller:${CAPO_VERSION}-${EPOCH} diff --git a/images/cluster-api-provider-openstack/patches/0001-chore-bump-k8s-api-for-cve.patch b/images/cluster-api-provider-openstack/patches/0001-chore-bump-k8s-api-for-cve.patch index 2812ac502..cd99927fe 100644 --- a/images/cluster-api-provider-openstack/patches/0001-chore-bump-k8s-api-for-cve.patch +++ b/images/cluster-api-provider-openstack/patches/0001-chore-bump-k8s-api-for-cve.patch @@ -1,158 +1,89 @@ -From 139a57e7b0d4c57033e281b061e459039a5e21d3 Mon Sep 17 00:00:00 2001 +From eed5b5cc2a6cf48c0c9e0245695d0ac143150186 Mon Sep 17 00:00:00 2001 From: Mohammed Naser -Date: Mon, 22 Jan 2024 16:22:52 -0500 -Subject: [PATCH 2/2] chore: bump k8s api for cve +Date: Tue, 12 Mar 2024 18:18:25 -0400 +Subject: [PATCH] chore: bump k8s api for cve --- - go.mod | 17 +++++++++-------- - go.sum | 36 +++++++++++++++++++----------------- - 2 files changed, 28 insertions(+), 25 deletions(-) + go.mod | 8 ++++---- + go.sum | 16 ++++++++-------- + 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod -index db4a954a..49d2f7cf 100644 +index 997f8354..d6c300cc 100644 --- a/go.mod +++ b/go.mod -@@ -15,8 +15,8 @@ require ( - github.com/onsi/gomega v1.27.8 - github.com/prometheus/client_golang v1.16.0 +@@ -15,7 +15,7 @@ require ( + github.com/onsi/gomega v1.30.0 + github.com/prometheus/client_golang v1.17.0 github.com/spf13/pflag v1.0.5 -- golang.org/x/crypto v0.11.0 -- golang.org/x/text v0.11.0 -+ golang.org/x/crypto v0.14.0 -+ golang.org/x/text v0.13.0 +- golang.org/x/crypto v0.15.0 ++ golang.org/x/crypto v0.17.0 + golang.org/x/text v0.14.0 gopkg.in/ini.v1 v1.67.0 - k8s.io/api v0.27.2 - k8s.io/apiextensions-apiserver v0.27.2 + k8s.io/api v0.28.4 @@ -24,7 +24,7 @@ require ( - k8s.io/client-go v0.27.2 - k8s.io/component-base v0.27.2 - k8s.io/klog/v2 v2.90.1 -- k8s.io/kubernetes v1.27.2 -+ k8s.io/kubernetes v1.27.8 - k8s.io/utils v0.0.0-20230313181309-38a27ef9d749 - sigs.k8s.io/cluster-api v1.5.1 - sigs.k8s.io/cluster-api/test v1.5.1 -@@ -113,15 +113,16 @@ require ( - go.uber.org/multierr v1.11.0 // indirect - go.uber.org/zap v1.24.0 // indirect - golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect -- golang.org/x/net v0.13.0 // indirect -+ golang.org/x/net v0.17.0 // indirect - golang.org/x/oauth2 v0.10.0 // indirect -- golang.org/x/sys v0.10.0 // indirect -- golang.org/x/term v0.10.0 // indirect -+ golang.org/x/sys v0.13.0 // indirect -+ golang.org/x/term v0.13.0 // indirect + k8s.io/client-go v0.28.4 + k8s.io/component-base v0.28.4 + k8s.io/klog/v2 v2.100.1 +- k8s.io/kubernetes v1.28.3 ++ k8s.io/kubernetes v1.28.4 + k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 + sigs.k8s.io/cluster-api v1.6.0 + sigs.k8s.io/cluster-api/test v1.6.0 +@@ -139,8 +139,8 @@ require ( + golang.org/x/net v0.18.0 // indirect + golang.org/x/oauth2 v0.14.0 // indirect + golang.org/x/sync v0.4.0 // indirect +- golang.org/x/sys v0.14.0 // indirect +- golang.org/x/term v0.14.0 // indirect ++ golang.org/x/sys v0.15.0 // indirect ++ golang.org/x/term v0.15.0 // indirect golang.org/x/time v0.3.0 // indirect -- golang.org/x/tools v0.9.3 // indirect -+ golang.org/x/tools v0.12.0 // indirect - gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect - google.golang.org/appengine v1.6.7 // indirect -- google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect -+ google.golang.org/genproto/googleapis/api v0.0.0-20230525234020-1aefcd67740a // indirect -+ google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19 // indirect - google.golang.org/protobuf v1.31.0 // indirect - gopkg.in/inf.v0 v0.9.1 // indirect - gopkg.in/yaml.v2 v2.4.0 // indirect + golang.org/x/tools v0.14.0 // indirect + gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect diff --git a/go.sum b/go.sum -index 66bd8109..f18ece49 100644 +index e3d46fdc..f5767735 100644 --- a/go.sum +++ b/go.sum -@@ -516,8 +516,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y +@@ -460,8 +460,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= --golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA= --golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio= -+golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc= -+golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= +-golang.org/x/crypto v0.15.0 h1:frVn1TEaCEaZcn3Tmd7Y2b5KKPaZ+I32Q2OA3kYp5TA= +-golang.org/x/crypto v0.15.0/go.mod h1:4ChreQoLWfG3xLDer1WdlH5NdlQ3+mwnQq1YTKY+72g= ++golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= ++golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= -@@ -555,7 +555,7 @@ golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= - golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= - golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= - golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= --golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk= -+golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc= - golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= - golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= - golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -@@ -596,8 +596,8 @@ golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qx - golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= - golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= - golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= --golang.org/x/net v0.13.0 h1:Nvo8UFsZ8X3BhAC9699Z1j7XQ3rsZnUUm7jfBEk1ueY= --golang.org/x/net v0.13.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= -+golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= -+golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= - golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= - golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= - golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -@@ -673,13 +673,13 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc - golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +@@ -609,13 +609,13 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= --golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA= --golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -+golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= -+golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= + golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +-golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q= +-golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= ++golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= ++golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= --golang.org/x/term v0.10.0 h1:3R7pNqamzBraeqj/Tj8qt1aQ2HpmlC+Cx/qL/7hn4/c= --golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o= -+golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek= -+golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= +-golang.org/x/term v0.14.0 h1:LGK9IlZ8T9jvdy6cTdfKUCltatMFOehAQo9SRC46UQ8= +-golang.org/x/term v0.14.0/go.mod h1:TySc+nGkYR6qt8km8wUhuFRTVSMIX3XPR58y2lC8vww= ++golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4= ++golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -@@ -690,8 +690,8 @@ golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= - golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= --golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4= --golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -+golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= -+golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= - golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -@@ -752,8 +752,8 @@ golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= - golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= - golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= - golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= --golang.org/x/tools v0.9.3 h1:Gn1I8+64MsuTb/HpH+LmQtNas23LhUVr3rYZ0eKuaMM= --golang.org/x/tools v0.9.3/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc= -+golang.org/x/tools v0.12.0 h1:YW6HUoUmYBpwSgyaGaZq1fHjrBjX1rlpZ54T6mu2kss= -+golang.org/x/tools v0.12.0/go.mod h1:Sc0INKfu04TlqNoRA1hgpFZbhYXHPr4V5DzpSBTPqQM= - golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= - golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= - golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -@@ -825,8 +825,10 @@ google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6D - google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= - google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= - google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= --google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A= --google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU= -+google.golang.org/genproto/googleapis/api v0.0.0-20230525234020-1aefcd67740a h1:HiYVD+FGJkTo+9zj1gqz0anapsa1JxjiSrN+BJKyUmE= -+google.golang.org/genproto/googleapis/api v0.0.0-20230525234020-1aefcd67740a/go.mod h1:ts19tUU+Z0ZShN1y3aPyq2+O3d5FUNNgT6FtOzmrNn8= -+google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19 h1:0nDDozoAU19Qb2HwhXadU8OcsiO/09cnTqhUtq2MEOM= -+google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= - google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= - google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= - google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= -@@ -914,8 +916,8 @@ k8s.io/klog/v2 v2.90.1 h1:m4bYOKall2MmOiRaR1J+We67Do7vm9KiQVlT96lnHUw= - k8s.io/klog/v2 v2.90.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= - k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5FJ2kxm1WrQFanWchyKuqGg= - k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3ebc/QwanvYwhuMWF6yz2F8uwW8eg= --k8s.io/kubernetes v1.27.2 h1:g4v9oY6u7vBUDEuq4FvC50Bbw2K7GZuvM00IIESWVf4= --k8s.io/kubernetes v1.27.2/go.mod h1:U8ZXeKBAPxeb4J4/HOaxjw1A9K6WfSH+fY2SS7CR6IM= -+k8s.io/kubernetes v1.27.8 h1:K848lTo/D0jvrxUlTvw4nNADixbhXLHgKNDP/KlFGy8= -+k8s.io/kubernetes v1.27.8/go.mod h1:PUXXrx0IhAi+kI9BMDqNJHUnLndVv9W0DkriqyjuJOs= - k8s.io/utils v0.0.0-20230313181309-38a27ef9d749 h1:xMMXJlJbsU8w3V5N2FLDQ8YgU8s1EoULdbQBcAeNJkY= - k8s.io/utils v0.0.0-20230313181309-38a27ef9d749/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +@@ -841,8 +841,8 @@ k8s.io/kms v0.28.4 h1:PMgY/3CQTWP9eIKmNQiTgjLIZ0ns6O+voagzD2/4mSg= + k8s.io/kms v0.28.4/go.mod h1:HL4/lR/bhjAJPbqycKtfhWiKh1Sp21cpHOL8P4oo87w= + k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 h1:LyMgNKD2P8Wn1iAwQU5OhxCKlKJy0sHc+PcDwFB24dQ= + k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9/go.mod h1:wZK2AVp1uHCp4VamDVgBP2COHZjqD1T68Rf0CM3YjSM= +-k8s.io/kubernetes v1.28.3 h1:XTci6gzk+JR51UZuZQCFJ4CsyUkfivSjLI4O1P9z6LY= +-k8s.io/kubernetes v1.28.3/go.mod h1:NhAysZWvHtNcJFFHic87ofxQN7loylCQwg3ZvXVDbag= ++k8s.io/kubernetes v1.28.4 h1:aRNxs5jb8FVTtlnxeA4FSDBVKuFwA8Gw40/U2zReBYA= ++k8s.io/kubernetes v1.28.4/go.mod h1:BTzDCKYAlu6LL9ITbfjwgwIrJ30hlTgbv0eXDoA/WoA= + k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 h1:qY1Ad8PODbnymg2pRbkyMT/ylpTrCM8P2RJ0yroCyIk= + k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= -- 2.43.0 - diff --git a/images/curl/Earthfile b/images/curl/Earthfile deleted file mode 100644 index 06d3d8e1a..000000000 --- a/images/curl/Earthfile +++ /dev/null @@ -1,5 +0,0 @@ -VERSION 0.7 - -image: - FROM curlimages/curl:7.78.0 - WORKDIR /tmp diff --git a/images/designate/Dockerfile b/images/designate/Dockerfile new file mode 100644 index 000000000..677b5c937 --- /dev/null +++ b/images/designate/Dockerfile @@ -0,0 +1,33 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +FROM openstack-venv-builder AS build +ARG DESIGNATE_GIT_REF +ADD --keep-git-dir=true https://opendev.org/openstack/designate.git#${DESIGNATE_GIT_REF} /src/designate +RUN git -C /src/designate fetch --unshallow +RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private < /etc/apt/sources.list.d/ceph.list - ELSE IF [ "$(lsb_release -sc)" = "jammy" ] - RUN echo "deb http://download.ceph.com/debian-reef/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/ceph.list - ELSE - RUN echo "${RELEASE} is not supported on $(lsb_release -sc)" - RUN exit 1 - END - DO ../+APT_INSTALL --PACKAGES="ceph-common cgroup-tools dmidecode ebtables iproute2 ipxe-qemu kmod libvirt-clients libvirt-daemon-system openssh-client openvswitch-switch ovmf pm-utils qemu-block-extra qemu-efi qemu-kvm seabios" - DO ../+CREATE_PROJECT_USER --PROJECT=nova - ARG REGISTRY=ghcr.io/vexxhost/atmosphere - SAVE IMAGE --push ${REGISTRY}/libvirtd:${RELEASE} - -image: - BUILD --platform linux/amd64 --platform linux/arm64 +platform-image diff --git a/images/libvirtd/keyrings/ceph.gpg b/images/libvirtd/keyrings/ceph.gpg deleted file mode 100644 index c5d8bd399481b290ab5da94b87bd860a33a998ee..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1143 zcmV--1c>{Y0u2OJ_=X7q5CF@nevbJ;Y5AM5al>VI3*qGa#K5Hwm2!_RG#_465sD38 zmXL=NLCNO`29zsUcXOrn|9+`WxR5h*eY-hs=XvlKgzqt0XNxo>!;HCEyQjioviTGX z^63AwMTc%);z$XmJLkgYyK`nM1CAhp7WF|reYxYAEUs_~4Q5B}26ndxL?Y|$Cver? z+Ak9m`0ngIQ{q$*^Y!*xlNj-t_r%K}ODaaT?*Dqdu%y^KW0` zS6ZrG;)BP!1)?WS`!>M&$0zQz>J5}1&X7`S)dDqhl(43rss_qx06btgIkE2bedIgK z;xG~&^jzqnT9NUuM4z@q&^f(3x^B&MdjnVbuzE8k)(4)w_9NhYi0H9|H7&%3I2aEb zh+q>nquudzb_uOvKITzY;vyJtM-HU~wRly1j%tlK+D;M`D%KzpMT}47p0{w%J|&ag z`%O4cbnWhhSU^G^3k166X92k`)Mx`N5%~SD@}t(xyk<&8q|`J0Q(hA}UIj{x-8%<| z0)_&zqylwwJA`^hL=$>tqdyAJt<5pl;fJECl3s| zLE5}_)s5UcL0JG10RRECDnn&(Xf9)KZ6GLeWo%_(b7dfFWqBzeJac7Zb#iHRc|c=j zaA+=LZ*4w_0yqQ{0RjLb1p-z0h6w^20|pBT2nPcK1{DYb2?`4Y76JnS0v-VZ7k~f? z2@vQ?!oWrkIh0+}5CD%DJ;qE0XK&-rYVa)amGnqOoyNcMzwjac5aBU$X%%PBW>k6L z3D6G=<^q??a9MD*mjZ4qFl~`Thg{o{=i*$KoW(gzrFN}Hzst1V_~#iu>_a{YPUJt&wDrHV^U72%DSq=FIzI>(lJk(k^-4(U`{P77CyD0%bq>ih zZBB+Kwrh5L1y&6*F39>os1BoYq>c-<=+D;}#zj`0g9`;rl3rwz((Gm4pRg-QOdCnE z{s#VPSsvu@5RJh(cGcL-DgN-d^tmU(lfkmllZx7il#QTWeuJ+xp#6a@O21agV0i zaTeo!x%2r>B-Too>JJHr2)h%LYsHAn939f>LsAFu -Date: Fri, 22 Sep 2023 16:25:10 +0200 -Subject: [PATCH] fix netns deletion of broken namespaces - -normal network namespaces are bind-mounted to files under -/var/run/netns. If a process deleting a network namespace gets killed -during that operation there is the chance that the bind mount to the -netns has been removed, but the file under /var/run/netns still exists. - -When the neutron-ovn-metadata-agent tries to clean up such network -namespaces it first tires to validate that the network namespace is -empty. For the cases described above this fails, as this network -namespace no longer really exists, but is just a stray file laying -around. - -To fix this we treat network namespaces where we get an `OSError` with -errno 22 (Invalid Argument) as empty. The calls to pyroute2 to delete -the namespace will then clean up the file. - -Additionally we add a guard to teardown_datapath to continue even if -this fails. failing to remove a datapath is not critical and leaves in -the worst case a process and a network namespace running, however -previously it would have also prevented the creation of new datapaths -which is critical for VM startup. - -Closes-Bug: #2037102 -Change-Id: I7c43812fed5903f98a2e491076c24a8d926a59b4 -(cherry picked from commit 566fea3fed837b0130023303c770aade391d3d61) ---- - neutron/agent/linux/ip_lib.py | 17 ++++++++++++- - neutron/agent/ovn/metadata/agent.py | 5 +++- - neutron/tests/unit/agent/linux/test_ip_lib.py | 15 +++++++++++ - .../unit/agent/ovn/metadata/test_agent.py | 25 +++++++++++++++++++ - 4 files changed, 60 insertions(+), 2 deletions(-) - -diff --git a/neutron/agent/linux/ip_lib.py b/neutron/agent/linux/ip_lib.py -index 10bd33d9e1..5d2593da47 100644 ---- a/neutron/agent/linux/ip_lib.py -+++ b/neutron/agent/linux/ip_lib.py -@@ -259,7 +259,22 @@ class IPWrapper(SubProcessBase): - return ip - - def namespace_is_empty(self): -- return not self.get_devices() -+ try: -+ return not self.get_devices() -+ except OSError as e: -+ # This can happen if we previously got terminated in the middle of -+ # removing this namespace. In this case the bind mount of the -+ # namespace under /var/run/netns will be removed, but the namespace -+ # file is still there. As the bind mount is gone we can no longer -+ # access the namespace to validate that it is empty. But since it -+ # should have already been removed we are sure that the check has -+ # passed the last time and since the namespace is unuseable that -+ # can not have changed. -+ # Future calls to pyroute2 to remove that namespace will clean up -+ # the leftover file. -+ if e.errno == errno.EINVAL: -+ return True -+ raise e - - def garbage_collect_namespace(self): - """Conditionally destroy the namespace if it is empty.""" -diff --git a/neutron/agent/ovn/metadata/agent.py b/neutron/agent/ovn/metadata/agent.py -index 1745239701..861715d8e1 100644 ---- a/neutron/agent/ovn/metadata/agent.py -+++ b/neutron/agent/ovn/metadata/agent.py -@@ -430,7 +430,10 @@ class MetadataAgent(object): - ns.startswith(NS_PREFIX) and - ns not in metadata_namespaces] - for ns in unused_namespaces: -- self.teardown_datapath(self._get_datapath_name(ns)) -+ try: -+ self.teardown_datapath(self._get_datapath_name(ns)) -+ except Exception: -+ LOG.exception('Error unable to destroy namespace: %s', ns) - - # resync all network namespaces based on the associated datapaths, - # even those that are already running. This is to make sure -diff --git a/neutron/tests/unit/agent/linux/test_ip_lib.py b/neutron/tests/unit/agent/linux/test_ip_lib.py -index d1c74fb3f7..159cafdb8e 100644 ---- a/neutron/tests/unit/agent/linux/test_ip_lib.py -+++ b/neutron/tests/unit/agent/linux/test_ip_lib.py -@@ -357,6 +357,21 @@ class TestIpWrapper(base.BaseTestCase): - self.assertNotIn(mock.call().delete('ns'), - ip_ns_cmd_cls.mock_calls) - -+ def test_garbage_collect_namespace_existing_broken(self): -+ with mock.patch.object(ip_lib, 'IpNetnsCommand') as ip_ns_cmd_cls: -+ ip_ns_cmd_cls.return_value.exists.return_value = True -+ -+ ip = ip_lib.IPWrapper(namespace='ns') -+ -+ with mock.patch.object(ip, 'get_devices', -+ side_effect=OSError(errno.EINVAL, None) -+ ) as mock_get_devices: -+ self.assertTrue(ip.garbage_collect_namespace()) -+ -+ mock_get_devices.assert_called_once_with() -+ expected = [mock.call().delete('ns')] -+ ip_ns_cmd_cls.assert_has_calls(expected) -+ - @mock.patch.object(priv_lib, 'create_interface') - def test_add_vlan(self, create): - retval = ip_lib.IPWrapper().add_vlan('eth0.1', 'eth0', '1') -diff --git a/neutron/tests/unit/agent/ovn/metadata/test_agent.py b/neutron/tests/unit/agent/ovn/metadata/test_agent.py -index 6df7da702d..9bf9f0db52 100644 ---- a/neutron/tests/unit/agent/ovn/metadata/test_agent.py -+++ b/neutron/tests/unit/agent/ovn/metadata/test_agent.py -@@ -134,6 +134,31 @@ class TestMetadataAgent(base.BaseTestCase): - lnn.assert_called_once_with() - tdp.assert_called_once_with('3') - -+ def test_sync_teardown_namespace_does_not_crash_on_error(self): -+ """Test that sync tears down unneeded metadata namespaces. -+ Even if that fails it continues to provision other datapaths -+ """ -+ with mock.patch.object( -+ self.agent, 'provision_datapath') as pdp,\ -+ mock.patch.object( -+ ip_lib, 'list_network_namespaces', -+ return_value=['ovnmeta-1', 'ovnmeta-2', 'ovnmeta-3', -+ 'ns1', 'ns2']) as lnn,\ -+ mock.patch.object( -+ self.agent, 'teardown_datapath', -+ side_effect=Exception()) as tdp: -+ self.agent.sync() -+ -+ pdp.assert_has_calls( -+ [ -+ mock.call(p.datapath) -+ for p in self.ports -+ ], -+ any_order=True -+ ) -+ lnn.assert_called_once_with() -+ tdp.assert_called_once_with('3') -+ - def test_get_networks_datapaths(self): - """Test get_networks_datapaths returns only datapath objects for the - networks containing vif ports of type ''(blank) and 'external'. --- -2.34.1 diff --git a/images/neutron/patches/neutron/0001-fix-ovn-set-mtu-in-external_ids-correctly.patch b/images/neutron/patches/neutron/0001-fix-ovn-set-mtu-in-external_ids-correctly.patch new file mode 100644 index 000000000..260532499 --- /dev/null +++ b/images/neutron/patches/neutron/0001-fix-ovn-set-mtu-in-external_ids-correctly.patch @@ -0,0 +1,38 @@ +From f8ec437329510ef59c81084712dbfe49528ef56d Mon Sep 17 00:00:00 2001 +From: Mohammed Naser +Date: Thu, 28 Mar 2024 14:38:43 -0400 +Subject: [PATCH] fix(ovn): set mtu in external_ids correctly + +In the previous patch, we did account for the MTU showing up +in the external IDs however the code only sets it if it's using +a remote managed port binding. This code instead sets the binding +for all the inerface types instead. + +Related-Change-Id: I7ff300e9634e5e3fc68d70540392109fd8b9babc +Closes-Bug: 2053274 +Change-Id: I0653c83c5fb595847bb61182223db39b2f7e98c6 +--- + .../plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py b/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py +index 3e7bc5c01f..6f9e90afde 100644 +--- a/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py ++++ b/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py +@@ -480,11 +480,13 @@ class OVNClient(object): + # HA Chassis Group will bind the port to the highest + # priority Chassis + if port_type != ovn_const.LSP_TYPE_EXTERNAL: ++ port_net = self._plugin.get_network( ++ context, port['network_id']) ++ mtu = str(port_net['mtu']) + if (vnic_type == portbindings.VNIC_REMOTE_MANAGED and + ovn_const.VIF_DETAILS_PF_MAC_ADDRESS in binding_prof): + port_net = self._plugin.get_network( + context, port['network_id']) +- mtu = str(port_net['mtu']) + options.update({ + ovn_const.LSP_OPTIONS_VIF_PLUG_TYPE_KEY: 'representor', + ovn_const.LSP_OPTIONS_VIF_PLUG_MTU_REQUEST_KEY: mtu, +-- +2.34.1 diff --git a/images/nova-ssh/Dockerfile b/images/nova-ssh/Dockerfile new file mode 100644 index 000000000..a51353018 --- /dev/null +++ b/images/nova-ssh/Dockerfile @@ -0,0 +1,26 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +FROM openstack-runtime +RUN < 23.0.1.dev6 therefore -# we ignore those old CVEs. -CVE-2012-3542 -CVE-2012-4413 -CVE-2013-2256 -CVE-2013-4179 -CVE-2014-3517 -CVE-2014-3608 -CVE-2014-3641 -CVE-2014-3708 -CVE-2015-0259 -CVE-2015-3221 -CVE-2015-3280 -CVE-2015-5251 -CVE-2015-5286 -CVE-2015-7713 diff --git a/images/trivy/Earthfile b/images/trivy/Earthfile deleted file mode 100644 index 8f6862546..000000000 --- a/images/trivy/Earthfile +++ /dev/null @@ -1,8 +0,0 @@ -VERSION 0.7 - -image: - FROM aquasec/trivy:0.48.3 - COPY .trivyignore /.trivyignore - # TODO(mnaser): Add automatic updates - RUN trivy image --download-db-only - RUN trivy image --download-java-db-only diff --git a/images/ubuntu-cloud-archive/Dockerfile b/images/ubuntu-cloud-archive/Dockerfile new file mode 100644 index 000000000..cffeaac6e --- /dev/null +++ b/images/ubuntu-cloud-archive/Dockerfile @@ -0,0 +1,20 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +FROM ubuntu +COPY trusted.gpg.d/ubuntu-cloud-keyring.gpg /etc/apt/trusted.gpg.d/ubuntu-cloud-keyring.gpg +ARG RELEASE +COPY <6743a04p4H8L#ar*?5jSEDDVt~VbVqPmmRddU&PZtyV)C6k<(@a}BvYB0^A z#lq<^%2jUxN;=`uqk%4%ZRy@n2<@-QY;fz5N;9rTI>y)2c4vV@%(&~KI6=^6k9$=i z_N5?xFW`4~&~%>-(49{zWXaz8byi@u5nd38#Vhsx9sNms$3_BZML|cry_$+8YoE^z zj;F(0UPl%cNpNF@xB!`*5H$QsldDRNqj9r|1Gt+TnTvMQRK9E&0AgWpZX#MFKBp4w zRgB-iDvZ`)INW*?aS^aWVg-p9y2|k|LySkck{$d_`5l-D;W>~f~|mwtCLNb2svGYt4p_b`t_2ukcCLydno@ffn~bb7H9@QK}P|ue3*zS zzmc4Paq(I@SKfXtyJSrCN!}{)V-y=LO*kmZ;Gh=1;%-~){i7D*F-Za<8=5%RSywa( zP=6*;>dX>fQVOo%!_30-ZO_4R6FiE*vr;m6%K{wc zm--`n^JCOtLGrpI<=L?8^sbkhK&cK&O{Mdfs0lZl%n_W<;?XD?)M*1x#!V&2mCS!g zX%s7;rK!{iG2D`$#>kmYmFlq4pyr76g@$6mL9?s-n&LA(8r3W<3;75L;zRFhA2TkYcZ0-4N31yJ;YJ3|4@B#w! z8`D2zycQ=IIPen^=#g5^%Ab8xSS_N$%n>L;l}2N9ecEpQL)|hdGN9YNvoKjl8{|X> zvxjw|c%F<~p=N{Eez`G8q84rDq1~qz8sWFDH;JC`v2;z0;Cx2KPp173qB2Zc6VSJ+ Pum%7FXK-f#umS)BeJLzU literal 0 HcmV?d00001 diff --git a/images/ubuntu/Dockerfile b/images/ubuntu/Dockerfile new file mode 100644 index 000000000..1ad0fc5d6 --- /dev/null +++ b/images/ubuntu/Dockerfile @@ -0,0 +1,16 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +FROM ubuntu:jammy-20240227 +LABEL org.opencontainers.image.source=https://github.com/vexxhost/atmosphere diff --git a/patches/2023.2/magnum/.gitkeep b/patches/2023.2/magnum/.gitkeep deleted file mode 100644 index e69de29bb..000000000 diff --git a/roles/defaults/vars/main.yml b/roles/defaults/vars/main.yml index dfb9d58f8..72311d746 100644 --- a/roles/defaults/vars/main.yml +++ b/roles/defaults/vars/main.yml @@ -13,189 +13,189 @@ # under the License. _atmosphere_images: - alertmanager: quay.io/prometheus/alertmanager:v0.26.0@sha256:361db356b33041437517f1cd298462055580585f26555c317df1a3caf2868552 - barbican_api: registry.atmosphere.dev/library/barbican:2023.2@sha256:836d31f3d9b88d7da006478b9d0cd79390b5726042e31d27824599c7fe97acc9 - barbican_db_sync: registry.atmosphere.dev/library/barbican:2023.2@sha256:836d31f3d9b88d7da006478b9d0cd79390b5726042e31d27824599c7fe97acc9 - bootstrap: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - ceph_config_helper: ghcr.io/vexxhost/atmosphere/libvirtd:zed@sha256:5f349c9842535c27edbf94be42e4b5c07aa0ff62358cec4b61b1357554e9cf9c - ceph: quay.io/ceph/ceph:v16.2.11@sha256:1b9803c8984bef8b82f05e233e8fe8ed8f0bba8e5cc2c57f6efaccbeea682add - cert_manager_cainjector: quay.io/jetstack/cert-manager-cainjector:v1.7.1@sha256:985743eeed2b62f68ee06e583f1d5a371e1c35af4b1980a1b2571d29174cce47 - cert_manager_cli: quay.io/jetstack/cert-manager-ctl:v1.7.1@sha256:af84513925d86d2de456b5d67dbccd2a34d93aa6fd4e1c8fe9f84182fef1b1b1 - cert_manager_controller: quay.io/jetstack/cert-manager-controller:v1.7.1@sha256:51027a4cc4d30e197e3506daf3a4fa2d2a0bc2826469f8a87848dfd279e031c0 - cert_manager_webhook: quay.io/jetstack/cert-manager-webhook:v1.7.1@sha256:a926d60b6f23553ca5d11ac9cd66bcc692136e838613c8bc0d60c6c35a3cbcfc - cilium_node: quay.io/cilium/cilium:v1.14.8@sha256:7fca3ba4b04af066e8b086b5c1a52e30f52db01ffc642e7db0a439514aed3ada - cilium_operator: quay.io/cilium/operator-generic:v1.14.8@sha256:56d373c12483c09964a00a29246595917603a077a298aa90a98e4de32c86b7dc - cinder_api: ghcr.io/vexxhost/atmosphere/cinder:2023.2@sha256:33fa168ec380d7f7f9aa144df2c63004403575c547462ab83198b31ddbbef73e - cinder_backup_storage_init: ghcr.io/vexxhost/atmosphere/cinder:2023.2@sha256:33fa168ec380d7f7f9aa144df2c63004403575c547462ab83198b31ddbbef73e - cinder_backup: ghcr.io/vexxhost/atmosphere/cinder:2023.2@sha256:33fa168ec380d7f7f9aa144df2c63004403575c547462ab83198b31ddbbef73e - cinder_db_sync: ghcr.io/vexxhost/atmosphere/cinder:2023.2@sha256:33fa168ec380d7f7f9aa144df2c63004403575c547462ab83198b31ddbbef73e - cinder_scheduler: ghcr.io/vexxhost/atmosphere/cinder:2023.2@sha256:33fa168ec380d7f7f9aa144df2c63004403575c547462ab83198b31ddbbef73e - cinder_storage_init: ghcr.io/vexxhost/atmosphere/cinder:2023.2@sha256:33fa168ec380d7f7f9aa144df2c63004403575c547462ab83198b31ddbbef73e - cinder_volume_usage_audit: ghcr.io/vexxhost/atmosphere/cinder:2023.2@sha256:33fa168ec380d7f7f9aa144df2c63004403575c547462ab83198b31ddbbef73e - cinder_volume: ghcr.io/vexxhost/atmosphere/cinder:2023.2@sha256:33fa168ec380d7f7f9aa144df2c63004403575c547462ab83198b31ddbbef73e - cluster_api_controller: registry.k8s.io/cluster-api/cluster-api-controller:v1.6.0@sha256:211632c5b695212bce78e0d35da5eb7b7672a3b2ff598883f8c60ebb557a7185 - cluster_api_kubeadm_bootstrap_controller: registry.k8s.io/cluster-api/kubeadm-bootstrap-controller:v1.6.0@sha256:956876ee8825038b12133352686d86585afa2feb22ca3bf9e437659862db2d43 - cluster_api_kubeadm_control_plane_controller: registry.k8s.io/cluster-api/kubeadm-control-plane-controller:v1.6.0@sha256:2c4ee52a70e19a0d2b55783bc72d6a63fca84f5da76a9dd1aef2630491277e6f - cluster_api_openstack_controller: registry.k8s.io/capi-openstack/capi-openstack-controller:v0.9.0@sha256:d5d5df3695d8b8785ac4ef00497ce0b969ff7dc291cb1647581bd2265b85cf51 - csi_node_driver_registrar: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.4.0@sha256:0174bf20d7ad8e9f131a045802ef1c43b4592a2ebc18ba07972b1ce8858d9cb7 - csi_rbd_attacher: registry.k8s.io/sig-storage/csi-attacher:v3.4.0@sha256:adc2922c98c539f680c02af99042d968114746f973a49b529785d6b402134bbf - csi_rbd_plugin: quay.io/cephcsi/cephcsi:v3.5.1@sha256:28a674af1df2325fea415e32a7f93f083fce1f9c474912c45f025427fdc0aa10 - csi_rbd_provisioner: registry.k8s.io/sig-storage/csi-provisioner:v3.1.0@sha256:92107bb668a9de58a09247596c337bc5b46a1d145685eb55ef489ae16952f5bd - csi_rbd_resizer: registry.k8s.io/sig-storage/csi-resizer:v1.3.0@sha256:35ec0c736ec8266bd4a46f9e942315f148f3139beed99879d0ad8b8e5074d641 - csi_rbd_snapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v4.2.0@sha256:bd7dafbd0d4fe81f23f01c9a7432de067bdf085f70d61492f5ffddd9c5264358 - db_drop: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - db_init: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - dep_check: ghcr.io/vexxhost/atmosphere/kubernetes-entrypoint:latest@sha256:0c986164554331d5361f100a505695a45d9a7f63f8fb40f29a5ee026ce28b8b2 - designate_api: ghcr.io/vexxhost/atmosphere/designate:2023.2@sha256:cddae1e127cb570e8db3e155559b89307cdb7a5b65ace986c12fe3610ea03d9a - designate_central: ghcr.io/vexxhost/atmosphere/designate:2023.2@sha256:cddae1e127cb570e8db3e155559b89307cdb7a5b65ace986c12fe3610ea03d9a - designate_db_sync: ghcr.io/vexxhost/atmosphere/designate:2023.2@sha256:cddae1e127cb570e8db3e155559b89307cdb7a5b65ace986c12fe3610ea03d9a - designate_mdns: ghcr.io/vexxhost/atmosphere/designate:2023.2@sha256:cddae1e127cb570e8db3e155559b89307cdb7a5b65ace986c12fe3610ea03d9a - designate_producer: ghcr.io/vexxhost/atmosphere/designate:2023.2@sha256:cddae1e127cb570e8db3e155559b89307cdb7a5b65ace986c12fe3610ea03d9a - designate_sink: ghcr.io/vexxhost/atmosphere/designate:2023.2@sha256:cddae1e127cb570e8db3e155559b89307cdb7a5b65ace986c12fe3610ea03d9a - designate_worker: ghcr.io/vexxhost/atmosphere/designate:2023.2@sha256:cddae1e127cb570e8db3e155559b89307cdb7a5b65ace986c12fe3610ea03d9a - glance_api: ghcr.io/vexxhost/atmosphere/glance:2023.2@sha256:1b127d8bb8f5384050d0acabe623fa8fdb0bba7b6d31a43be68402916723fb1b - glance_db_sync: ghcr.io/vexxhost/atmosphere/glance:2023.2@sha256:1b127d8bb8f5384050d0acabe623fa8fdb0bba7b6d31a43be68402916723fb1b - glance_metadefs_load: ghcr.io/vexxhost/atmosphere/glance:2023.2@sha256:1b127d8bb8f5384050d0acabe623fa8fdb0bba7b6d31a43be68402916723fb1b - glance_registry: ghcr.io/vexxhost/atmosphere/glance:2023.2@sha256:1b127d8bb8f5384050d0acabe623fa8fdb0bba7b6d31a43be68402916723fb1b - glance_storage_init: ghcr.io/vexxhost/atmosphere/glance:2023.2@sha256:1b127d8bb8f5384050d0acabe623fa8fdb0bba7b6d31a43be68402916723fb1b - grafana_sidecar: quay.io/kiwigrid/k8s-sidecar:1.25.2@sha256:cb4c638ffb1fa1eb49678e0f0423564b39254533f63f4ca6a6c24260472e0c4f - grafana: docker.io/grafana/grafana:10.3.3@sha256:f8f7d338b2ecd278599e7f1cfc84a0a7bd4f549312218a54696edb38d709100d - haproxy: docker.io/library/haproxy:2.5@sha256:489dcc4385fd45813f3e9252b2f1f440db5749e4845d560250ce5083cc45eeb0 - heat_api: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - heat_cfn: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - heat_cloudwatch: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - heat_db_sync: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - heat_engine_cleaner: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - heat_engine: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - heat_purge_deleted: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - horizon_db_sync: ghcr.io/vexxhost/atmosphere/horizon:2023.2@sha256:8b8cae26a00725c110bc597840925b66d942e2dd31335334dd8fb9ef3591f494 - horizon: ghcr.io/vexxhost/atmosphere/horizon:2023.2@sha256:8b8cae26a00725c110bc597840925b66d942e2dd31335334dd8fb9ef3591f494 - ingress_nginx_controller: registry.k8s.io/ingress-nginx/controller:v1.1.1@sha256:e16123f3932f44a2bba8bc3cf1c109cea4495ee271d6d16ab99228b58766d3ab - ingress_nginx_default_backend: registry.k8s.io/defaultbackend-amd64:1.5@sha256:4dc5e07c8ca4e23bddb3153737d7b8c556e5fb2f29c4558b7cd6e6df99c512c7 - ingress_nginx_kube_webhook_certgen: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:23a03c9c381fba54043d0f6148efeaf4c1ca2ed176e43455178b5c5ebf15ad70 # noqa: yaml[line-length] - keepalived: us-docker.pkg.dev/vexxhost-infra/openstack/keepalived:2.0.19@sha256:4fe20cd5c200e301e1a790c9aca8c3fc651c8461afea9d37c56a462d3bfa48bb - keycloak: quay.io/keycloak/keycloak:22.0.1-0@sha256:5b872e841ea9e394d89bdf250146434532d9c2001404540d46621d60f87494e7 - keystone_api: ghcr.io/vexxhost/atmosphere/keystone:2023.2@sha256:edb33b454d1dd0514c5f72613dddec2505e6b103aa7d5e56cb5e9eade119a33a - keystone_credential_cleanup: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - keystone_credential_rotate: ghcr.io/vexxhost/atmosphere/keystone:2023.2@sha256:edb33b454d1dd0514c5f72613dddec2505e6b103aa7d5e56cb5e9eade119a33a - keystone_credential_setup: ghcr.io/vexxhost/atmosphere/keystone:2023.2@sha256:edb33b454d1dd0514c5f72613dddec2505e6b103aa7d5e56cb5e9eade119a33a - keystone_db_sync: ghcr.io/vexxhost/atmosphere/keystone:2023.2@sha256:edb33b454d1dd0514c5f72613dddec2505e6b103aa7d5e56cb5e9eade119a33a - keystone_domain_manage: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - keystone_fernet_rotate: ghcr.io/vexxhost/atmosphere/keystone:2023.2@sha256:edb33b454d1dd0514c5f72613dddec2505e6b103aa7d5e56cb5e9eade119a33a - keystone_fernet_setup: ghcr.io/vexxhost/atmosphere/keystone:2023.2@sha256:edb33b454d1dd0514c5f72613dddec2505e6b103aa7d5e56cb5e9eade119a33a - ks_endpoints: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - ks_service: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - ks_user: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - kube_apiserver: registry.k8s.io/kube-apiserver:v1.22.17@sha256:d88d1c8f972e10ff4b4176f3185434e2832d3805c457fa9e8816f1da2fdf3b93 - kube_controller_manager: registry.k8s.io/kube-controller-manager:v1.22.17@sha256:c3e041c8c8c9ffd33d421c8c1de1f42da52b616bfcf61880498e9efc9ec88005 - kube_coredns: registry.k8s.io/coredns/coredns:v1.8.4@sha256:10683d82b024a58cc248c468c2632f9d1b260500f7cd9bb8e73f751048d7d6d4 - kube_etcd: registry.k8s.io/etcd:3.5.6-0@sha256:b0fdb657c0bd10d8c96ed2ce762842384709a9fc54d532220d5252f1f99b4d1d - kube_proxy: registry.k8s.io/kube-proxy:v1.22.17@sha256:614ec43f14e16e077173afa61ee355f8a5d1cc5b1c5e8030766781dc5ccde171 - kube_scheduler: registry.k8s.io/kube-scheduler:v1.22.17@sha256:f85dda445b7c8da197b8e39b0ca2b125b1e97a4a365d45c04d2759aefe935974 - kube_state_metrics: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.10.1@sha256:50502264dbee17136b48d19404ce40d6e57ef9d38aafd95ceb1d977cc92e9519 - kubectl: docker.io/bitnami/kubectl:1.27.3@sha256:876cebc2d9272d9eb42c2128c9a08c7e7715dbfe4f2eb2f0b3612df977fdd6b7 - libvirt: ghcr.io/vexxhost/atmosphere/libvirtd:zed@sha256:5f349c9842535c27edbf94be42e4b5c07aa0ff62358cec4b61b1357554e9cf9c - libvirt_tls_sidecar: ghcr.io/vexxhost/atmosphere/libvirt-tls-sidecar:latest@sha256:32dab069c0c70e46a6bff5f0fd75ca646af4c4b46c83947c31804c30e8befec6 - libvirt_exporter: docker.io/vexxhost/libvirtd-exporter:latest@sha256:1a0fdf89f80060bfdbb8cf45213295c5d9fb1f7ea7dbfe2b331f0649cc98df8e - local_path_provisioner_helper: docker.io/library/busybox:1.36.0@sha256:086417a48026173aaadca4ce43a1e4b385e8e62cc738ba79fc6637049674cac0 - local_path_provisioner: docker.io/rancher/local-path-provisioner:v0.0.24@sha256:b7dea5221f06f6feed7788db0ad6b024a433c8f55533bd6cc792dc2079ff9ad2 - loki_gateway: docker.io/nginxinc/nginx-unprivileged:1.19-alpine@sha256:bbd46452aae30a7cc7bc438f267af812c7a2b0f3b5bcd4cc55eb99669cea3f28 - loki: docker.io/grafana/loki:2.7.3@sha256:8e3abbd89173066721fa07bddfee1c1a7a8fe59bed5b00a2fa09d2b3cef8758c - magnum_api: registry.atmosphere.dev/library/magnum:2023.2@sha256:5cc8854c18d5590238f9bfa28b8a4c9a07e0b1c9e69e9a9874fe78fef58454ff - magnum_cluster_api_proxy: registry.atmosphere.dev/library/magnum:2023.2@sha256:5cc8854c18d5590238f9bfa28b8a4c9a07e0b1c9e69e9a9874fe78fef58454ff - magnum_conductor: registry.atmosphere.dev/library/magnum:2023.2@sha256:5cc8854c18d5590238f9bfa28b8a4c9a07e0b1c9e69e9a9874fe78fef58454ff - magnum_db_sync: registry.atmosphere.dev/library/magnum:2023.2@sha256:5cc8854c18d5590238f9bfa28b8a4c9a07e0b1c9e69e9a9874fe78fef58454ff - magnum_registry: quay.io/vexxhost/magnum-cluster-api-registry:latest@sha256:caba380e193264f047651728cbc7905e87d7eee846d8576778b5e7d824ec609d - manila_api: ghcr.io/vexxhost/atmosphere/manila:2023.2@sha256:c14e65aca5d474fede5be312ce8bdb2d8bedb9841ac138f53bad5882f3f0f31c - manila_data: ghcr.io/vexxhost/atmosphere/manila:2023.2@sha256:c14e65aca5d474fede5be312ce8bdb2d8bedb9841ac138f53bad5882f3f0f31c - manila_db_sync: ghcr.io/vexxhost/atmosphere/manila:2023.2@sha256:c14e65aca5d474fede5be312ce8bdb2d8bedb9841ac138f53bad5882f3f0f31c - manila_scheduler: ghcr.io/vexxhost/atmosphere/manila:2023.2@sha256:c14e65aca5d474fede5be312ce8bdb2d8bedb9841ac138f53bad5882f3f0f31c - manila_share: ghcr.io/vexxhost/atmosphere/manila:2023.2@sha256:c14e65aca5d474fede5be312ce8bdb2d8bedb9841ac138f53bad5882f3f0f31c - memcached: docker.io/library/memcached:1.6.17@sha256:db45886d2d48f143be64f2d46407e224b0b61df3b0056b9d5b03e8bc6a7cd74e - netoffload: ghcr.io/vexxhost/atmosphere/netoffload:main@sha256:136b37811a4352ddb2d2aeeb52c1ee403cc043511ec59afda2c65f1a33a80e18 - neutron_bagpipe_bgp: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7 - neutron_bgp_dragent: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7 - neutron_coredns: docker.io/coredns/coredns:1.9.3@sha256:bdb36ee882c13135669cfc2bb91c808a33926ad1a411fee07bd2dc344bb8f782 - neutron_db_sync: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7 - neutron_dhcp: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7 - neutron_ironic_agent: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7 - neutron_l2gw: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7 - neutron_l3: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7 - neutron_linuxbridge_agent: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7 - neutron_metadata: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7 - neutron_netns_cleanup_cron: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7 - neutron_openvswitch_agent: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7 - neutron_ovn_metadata: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7 - neutron_server: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7 - neutron_sriov_agent_init: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7 - neutron_sriov_agent: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7 - node_feature_discovery: registry.k8s.io/nfd/node-feature-discovery:v0.11.2@sha256:24b2abfb5956b6a2a9a0f4248232838d02235d65044078c43d8bdcf29344f141 - nova_api: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b - nova_archive_deleted_rows: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b - nova_cell_setup_init: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - nova_cell_setup: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b - nova_compute_ironic: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b - nova_compute_ssh: ghcr.io/vexxhost/atmosphere/nova-ssh:latest@sha256:5ba950e9bd6aa07adae0befeb94a9f31cc088cc396e4e02e81c30fe5fd90a8b8 - nova_compute: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b - nova_conductor: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b - nova_consoleauth: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b - nova_db_sync: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b - nova_novncproxy_assets: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b - nova_novncproxy: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b - nova_placement: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b - nova_scheduler: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b - nova_service_cleaner: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - nova_spiceproxy_assets: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b - nova_spiceproxy: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b - oauth2_proxy: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0@sha256:dcb6ff8dd21bf3058f6a22c6fa385fa5b897a9cd3914c88a2cc2bb0a85f8065d - octavia_api: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:13ce44f4277e69e3ea3e2341d42378c9470fb5618329e87ca6f58cdee9c84d15 - octavia_db_sync: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:13ce44f4277e69e3ea3e2341d42378c9470fb5618329e87ca6f58cdee9c84d15 - octavia_health_manager_init: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - octavia_health_manager: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:13ce44f4277e69e3ea3e2341d42378c9470fb5618329e87ca6f58cdee9c84d15 - octavia_housekeeping: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:13ce44f4277e69e3ea3e2341d42378c9470fb5618329e87ca6f58cdee9c84d15 - octavia_worker: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:13ce44f4277e69e3ea3e2341d42378c9470fb5618329e87ca6f58cdee9c84d15 - openvswitch_db_server: ghcr.io/vexxhost/atmosphere/openvswitch:3.1.0-65@sha256:f017715f72dc0a48c8cc8ff9a1da9cb2c17879065ffd6c377ffabd2cff28148a - openvswitch_vswitchd: ghcr.io/vexxhost/atmosphere/openvswitch:3.1.0-65@sha256:f017715f72dc0a48c8cc8ff9a1da9cb2c17879065ffd6c377ffabd2cff28148a - ovn_controller: ghcr.io/vexxhost/atmosphere/ovn-host:23.03.0-69@sha256:2eeeb70a7cd745e3fdbdd396f611cb2bd090228a6551b1b4b9b01d0ac6a8a121 - ovn_northd: ghcr.io/vexxhost/atmosphere/ovn-central:23.03.0-69@sha256:171a020d3db924c25c3521844a309d5007316d07cd155111670ee291d6ffe39d - ovn_ovsdb_nb: ghcr.io/vexxhost/atmosphere/ovn-central:23.03.0-69@sha256:171a020d3db924c25c3521844a309d5007316d07cd155111670ee291d6ffe39d - ovn_ovsdb_sb: ghcr.io/vexxhost/atmosphere/ovn-central:23.03.0-69@sha256:171a020d3db924c25c3521844a309d5007316d07cd155111670ee291d6ffe39d - pause: registry.k8s.io/pause:3.9@sha256:7031c1b283388d2c2e09b57badb803c05ebed362dc88d84b480cc47f72a21097 - percona_xtradb_cluster_haproxy: docker.io/percona/percona-xtradb-cluster-operator:1.13.0-haproxy@sha256:f04e4fea548bfc7cb0bfc73c75c7f2c64d299cf04125a07a8101a55f0f734fed - percona_xtradb_cluster_operator: docker.io/percona/percona-xtradb-cluster-operator:1.13.0@sha256:c674d63242f1af521edfbaffae2ae02fb8d010c0557a67a9c42d2b4a50db5243 - percona_xtradb_cluster: docker.io/percona/percona-xtradb-cluster:8.0.32-24.2@sha256:1f978ab8912e1b5fc66570529cb7e7a4ec6a38adbfce1ece78159b0fcfa7d47a - percona_version_service: docker.io/perconalab/version-service:main-3325140@sha256:b7928130fca1e35ce7feaeec326fef836229a8b4de2f6f6ea5b6d2c7a48cd071 - placement_db_sync: ghcr.io/vexxhost/atmosphere/placement:2023.2@sha256:c5bf2b2db697db1966c2fee0c6358dc79b6bac3542c619db5fb8002d666b16d3 - placement: ghcr.io/vexxhost/atmosphere/placement:2023.2@sha256:c5bf2b2db697db1966c2fee0c6358dc79b6bac3542c619db5fb8002d666b16d3 - prometheus_config_reloader: quay.io/prometheus-operator/prometheus-config-reloader:v0.71.2@sha256:9f0c16b8c95c908f761d45f95bc04da9dd6482adc8dc0d88dcbc24ceeb5879a1 - prometheus_ipmi_exporter: us-docker.pkg.dev/vexxhost-infra/openstack/ipmi-exporter:1.4.0@sha256:4898da9cc11961a56363e8b3f3437d0f45b46585b20c79e33e97fbe7232e05d2 - prometheus_memcached_exporter: quay.io/prometheus/memcached-exporter:v0.10.0@sha256:fa5a2de1a4744da66fb369bee81232f5ea52208bc643e409a60f66d699ac27b2 - prometheus_mysqld_exporter: quay.io/prometheus/mysqld-exporter:v0.14.0@sha256:eb6fe170738bf9181c51f5bc89f93adb26672ec49ffdcb22f55c24834003b45d - prometheus_node_exporter: quay.io/prometheus/node-exporter:v1.7.0@sha256:4cb2b9019f1757be8482419002cb7afe028fdba35d47958829e4cfeaf6246d80 - prometheus_openstack_database_exporter: ghcr.io/vexxhost/openstack-database-exporter:v0.2.0@sha256:286573f63840f961a6861982f7b3e8007b9a93eed77ec4476810af3286cb7fd9 - prometheus_openstack_exporter: ghcr.io/openstack-exporter/openstack-exporter:1.7.0@sha256:e5146a7dd5153c035fd8060899e3504b25557756ef4a4d85860a409247404f97 - prometheus_operator_kube_webhook_certgen: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20221220-controller-v1.5.1-58-g787ea74b6@sha256:5e6fdb9b2c74ad2576dd835b389d00d18ccfee21b547d1a79efb881009664099 - prometheus_operator: quay.io/prometheus-operator/prometheus-operator:v0.71.2@sha256:bbf3c671e65b0c115d2196bbe7fed0bcdc59f44b7c93868cd40d1c90cbd3806e - prometheus_pushgateway: docker.io/prom/pushgateway:v1.4.2@sha256:f74ff5b7ad0b8fb60c24b77eaeab025d659e46ec15f32430adb976544305c01f - prometheus: quay.io/prometheus/prometheus:v2.49.1@sha256:beb5e30ffba08d9ae8a7961b9a2145fc8af6296ff2a4f463df7cd722fcbfc789 - rabbit_init: docker.io/library/rabbitmq:3.10.2-management@sha256:350ab6d773e3af45183466488fe3259df36cd6ade437b4366a59e8052458cc3a - rabbitmq_cluster_operator: docker.io/rabbitmqoperator/cluster-operator:1.13.1@sha256:84ce21e9e2d6ceb8b93d9daf0b7cc1550b6ed86be5b3acd8b0816eddc1b87dc2 - rabbitmq_credential_updater: docker.io/rabbitmqoperator/default-user-credential-updater:1.0.2@sha256:563908dd8d6b6ce768e463a2d9d7a9b9b4adbcd258fed02c0a8746395cfa3f0d - rabbitmq_server: docker.io/library/rabbitmq:3.10.2-management@sha256:350ab6d773e3af45183466488fe3259df36cd6ade437b4366a59e8052458cc3a - rabbitmq_topology_operator: docker.io/rabbitmqoperator/messaging-topology-operator:1.6.0@sha256:5052e8bdb26996c62315f0707c6fb291fd84492e360cca7351e2c3fdf659be43 - rook_ceph: docker.io/rook/ceph:v1.10.10@sha256:2a65f6678c3f4e368046ee10695dce2c265cc81cd6bfd6258fc670dd18fbad5b + alertmanager: quay.io/prometheus/alertmanager:v0.26.0 + barbican_api: registry.atmosphere.dev/library/barbican:zed + barbican_db_sync: registry.atmosphere.dev/library/barbican:zed + bootstrap: registry.atmosphere.dev/library/heat:zed + ceph_config_helper: registry.atmosphere.dev/library/libvirtd:zed + ceph: quay.io/ceph/ceph:v16.2.11 + cert_manager_cainjector: quay.io/jetstack/cert-manager-cainjector:v1.7.1 + cert_manager_cli: quay.io/jetstack/cert-manager-ctl:v1.7.1 + cert_manager_controller: quay.io/jetstack/cert-manager-controller:v1.7.1 + cert_manager_webhook: quay.io/jetstack/cert-manager-webhook:v1.7.1 + cilium_node: quay.io/cilium/cilium:v1.14.8 + cilium_operator: quay.io/cilium/operator-generic:v1.14.8 + cinder_api: registry.atmosphere.dev/library/cinder:zed + cinder_backup_storage_init: registry.atmosphere.dev/library/cinder:zed + cinder_backup: registry.atmosphere.dev/library/cinder:zed + cinder_db_sync: registry.atmosphere.dev/library/cinder:zed + cinder_scheduler: registry.atmosphere.dev/library/cinder:zed + cinder_storage_init: registry.atmosphere.dev/library/cinder:zed + cinder_volume_usage_audit: registry.atmosphere.dev/library/cinder:zed + cinder_volume: registry.atmosphere.dev/library/cinder:zed + cluster_api_controller: registry.k8s.io/cluster-api/cluster-api-controller:v1.6.0 + cluster_api_kubeadm_bootstrap_controller: registry.k8s.io/cluster-api/kubeadm-bootstrap-controller:v1.6.0 + cluster_api_kubeadm_control_plane_controller: registry.k8s.io/cluster-api/kubeadm-control-plane-controller:v1.6.0 + cluster_api_openstack_controller: registry.k8s.io/capi-openstack/capi-openstack-controller:v0.9.0 + csi_node_driver_registrar: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.4.0 + csi_rbd_attacher: registry.k8s.io/sig-storage/csi-attacher:v3.4.0 + csi_rbd_plugin: quay.io/cephcsi/cephcsi:v3.5.1 + csi_rbd_provisioner: registry.k8s.io/sig-storage/csi-provisioner:v3.1.0 + csi_rbd_resizer: registry.k8s.io/sig-storage/csi-resizer:v1.3.0 + csi_rbd_snapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v4.2.0 + db_drop: registry.atmosphere.dev/library/heat:zed + db_init: registry.atmosphere.dev/library/heat:zed + dep_check: registry.atmosphere.dev/library/kubernetes-entrypoint:zed + designate_api: registry.atmosphere.dev/library/designate:zed + designate_central: registry.atmosphere.dev/library/designate:zed + designate_db_sync: registry.atmosphere.dev/library/designate:zed + designate_mdns: registry.atmosphere.dev/library/designate:zed + designate_producer: registry.atmosphere.dev/library/designate:zed + designate_sink: registry.atmosphere.dev/library/designate:zed + designate_worker: registry.atmosphere.dev/library/designate:zed + glance_api: registry.atmosphere.dev/library/glance:zed + glance_db_sync: registry.atmosphere.dev/library/glance:zed + glance_metadefs_load: registry.atmosphere.dev/library/glance:zed + glance_registry: registry.atmosphere.dev/library/glance:zed + glance_storage_init: registry.atmosphere.dev/library/glance:zed + grafana_sidecar: quay.io/kiwigrid/k8s-sidecar:1.25.2 + grafana: docker.io/grafana/grafana:10.3.3 + haproxy: docker.io/library/haproxy:2.5 + heat_api: registry.atmosphere.dev/library/heat:zed + heat_cfn: registry.atmosphere.dev/library/heat:zed + heat_cloudwatch: registry.atmosphere.dev/library/heat:zed + heat_db_sync: registry.atmosphere.dev/library/heat:zed + heat_engine_cleaner: registry.atmosphere.dev/library/heat:zed + heat_engine: registry.atmosphere.dev/library/heat:zed + heat_purge_deleted: registry.atmosphere.dev/library/heat:zed + horizon_db_sync: registry.atmosphere.dev/library/horizon:zed + horizon: registry.atmosphere.dev/library/horizon:zed + ingress_nginx_controller: registry.k8s.io/ingress-nginx/controller:v1.1.1 + ingress_nginx_default_backend: registry.k8s.io/defaultbackend-amd64:1.5 + ingress_nginx_kube_webhook_certgen: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1 + keepalived: us-docker.pkg.dev/vexxhost-infra/openstack/keepalived:2.0.19 + keycloak: quay.io/keycloak/keycloak:22.0.1-0 + keystone_api: registry.atmosphere.dev/library/keystone:zed + keystone_credential_cleanup: registry.atmosphere.dev/library/heat:zed + keystone_credential_rotate: registry.atmosphere.dev/library/keystone:zed + keystone_credential_setup: registry.atmosphere.dev/library/keystone:zed + keystone_db_sync: registry.atmosphere.dev/library/keystone:zed + keystone_domain_manage: registry.atmosphere.dev/library/heat:zed + keystone_fernet_rotate: registry.atmosphere.dev/library/keystone:zed + keystone_fernet_setup: registry.atmosphere.dev/library/keystone:zed + ks_endpoints: registry.atmosphere.dev/library/heat:zed + ks_service: registry.atmosphere.dev/library/heat:zed + ks_user: registry.atmosphere.dev/library/heat:zed + kube_apiserver: registry.k8s.io/kube-apiserver:v1.22.17 + kube_controller_manager: registry.k8s.io/kube-controller-manager:v1.22.17 + kube_coredns: registry.k8s.io/coredns/coredns:v1.8.4 + kube_etcd: registry.k8s.io/etcd:3.5.6-0 + kube_proxy: registry.k8s.io/kube-proxy:v1.22.17 + kube_scheduler: registry.k8s.io/kube-scheduler:v1.22.17 + kube_state_metrics: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.10.1 + kubectl: docker.io/bitnami/kubectl:1.27.3 + libvirt: registry.atmosphere.dev/library/libvirtd:zed + libvirt_tls_sidecar: registry.atmosphere.dev/library/libvirt-tls-sidecar:zed + libvirt_exporter: docker.io/vexxhost/libvirtd-exporter:latest + local_path_provisioner_helper: docker.io/library/busybox:1.36.0 + local_path_provisioner: docker.io/rancher/local-path-provisioner:v0.0.24 + loki_gateway: docker.io/nginxinc/nginx-unprivileged:1.19-alpine + loki: docker.io/grafana/loki:2.7.3 + magnum_api: registry.atmosphere.dev/library/magnum:zed + magnum_cluster_api_proxy: registry.atmosphere.dev/library/magnum:zed + magnum_conductor: registry.atmosphere.dev/library/magnum:zed + magnum_db_sync: registry.atmosphere.dev/library/magnum:zed + magnum_registry: quay.io/vexxhost/magnum-cluster-api-registry:latest + manila_api: registry.atmosphere.dev/library/manila:zed + manila_data: registry.atmosphere.dev/library/manila:zed + manila_db_sync: registry.atmosphere.dev/library/manila:zed + manila_scheduler: registry.atmosphere.dev/library/manila:zed + manila_share: registry.atmosphere.dev/library/manila:zed + memcached: docker.io/library/memcached:1.6.17 + netoffload: registry.atmosphere.dev/library/netoffload:main + neutron_bagpipe_bgp: registry.atmosphere.dev/library/neutron:zed + neutron_bgp_dragent: registry.atmosphere.dev/library/neutron:zed + neutron_coredns: docker.io/coredns/coredns:1.9.3 + neutron_db_sync: registry.atmosphere.dev/library/neutron:zed + neutron_dhcp: registry.atmosphere.dev/library/neutron:zed + neutron_ironic_agent: registry.atmosphere.dev/library/neutron:zed + neutron_l2gw: registry.atmosphere.dev/library/neutron:zed + neutron_l3: registry.atmosphere.dev/library/neutron:zed + neutron_linuxbridge_agent: registry.atmosphere.dev/library/neutron:zed + neutron_metadata: registry.atmosphere.dev/library/neutron:zed + neutron_netns_cleanup_cron: registry.atmosphere.dev/library/neutron:zed + neutron_openvswitch_agent: registry.atmosphere.dev/library/neutron:zed + neutron_ovn_metadata: registry.atmosphere.dev/library/neutron:zed + neutron_server: registry.atmosphere.dev/library/neutron:zed + neutron_sriov_agent_init: registry.atmosphere.dev/library/neutron:zed + neutron_sriov_agent: registry.atmosphere.dev/library/neutron:zed + node_feature_discovery: registry.k8s.io/nfd/node-feature-discovery:v0.11.2 + nova_api: registry.atmosphere.dev/library/nova:zed + nova_archive_deleted_rows: registry.atmosphere.dev/library/nova:zed + nova_cell_setup_init: registry.atmosphere.dev/library/heat:zed + nova_cell_setup: registry.atmosphere.dev/library/nova:zed + nova_compute_ironic: registry.atmosphere.dev/library/nova:zed + nova_compute_ssh: registry.atmosphere.dev/library/nova-ssh:zed + nova_compute: registry.atmosphere.dev/library/nova:zed + nova_conductor: registry.atmosphere.dev/library/nova:zed + nova_consoleauth: registry.atmosphere.dev/library/nova:zed + nova_db_sync: registry.atmosphere.dev/library/nova:zed + nova_novncproxy_assets: registry.atmosphere.dev/library/nova:zed + nova_novncproxy: registry.atmosphere.dev/library/nova:zed + nova_placement: registry.atmosphere.dev/library/nova:zed + nova_scheduler: registry.atmosphere.dev/library/nova:zed + nova_service_cleaner: registry.atmosphere.dev/library/heat:zed + nova_spiceproxy_assets: registry.atmosphere.dev/library/nova:zed + nova_spiceproxy: registry.atmosphere.dev/library/nova:zed + oauth2_proxy: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0 + octavia_api: registry.atmosphere.dev/library/octavia:zed + octavia_db_sync: registry.atmosphere.dev/library/octavia:zed + octavia_health_manager_init: registry.atmosphere.dev/library/heat:zed + octavia_health_manager: registry.atmosphere.dev/library/octavia:zed + octavia_housekeeping: registry.atmosphere.dev/library/octavia:zed + octavia_worker: registry.atmosphere.dev/library/octavia:zed + openvswitch_db_server: registry.atmosphere.dev/library/openvswitch:3.1.0-65 + openvswitch_vswitchd: registry.atmosphere.dev/library/openvswitch:3.1.0-65 + ovn_controller: registry.atmosphere.dev/library/ovn-host:23.03.0-69 + ovn_northd: registry.atmosphere.dev/library/ovn-central:23.03.0-69 + ovn_ovsdb_nb: registry.atmosphere.dev/library/ovn-central:23.03.0-69 + ovn_ovsdb_sb: registry.atmosphere.dev/library/ovn-central:23.03.0-69 + pause: registry.k8s.io/pause:3.9 + percona_xtradb_cluster_haproxy: docker.io/percona/percona-xtradb-cluster-operator:1.13.0-haproxy + percona_xtradb_cluster_operator: docker.io/percona/percona-xtradb-cluster-operator:1.13.0 + percona_xtradb_cluster: docker.io/percona/percona-xtradb-cluster:8.0.32-24.2 + percona_version_service: docker.io/perconalab/version-service:main-3325140 + placement_db_sync: registry.atmosphere.dev/library/placement:zed + placement: registry.atmosphere.dev/library/placement:zed + prometheus_config_reloader: quay.io/prometheus-operator/prometheus-config-reloader:v0.71.2 + prometheus_ipmi_exporter: us-docker.pkg.dev/vexxhost-infra/openstack/ipmi-exporter:1.4.0 + prometheus_memcached_exporter: quay.io/prometheus/memcached-exporter:v0.10.0 + prometheus_mysqld_exporter: quay.io/prometheus/mysqld-exporter:v0.14.0 + prometheus_node_exporter: quay.io/prometheus/node-exporter:v1.7.0 + prometheus_openstack_database_exporter: ghcr.io/vexxhost/openstack-database-exporter:v0.2.0 + prometheus_openstack_exporter: ghcr.io/openstack-exporter/openstack-exporter:1.7.0 + prometheus_operator_kube_webhook_certgen: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20221220-controller-v1.5.1-58-g787ea74b6 + prometheus_operator: quay.io/prometheus-operator/prometheus-operator:v0.71.2 + prometheus_pushgateway: docker.io/prom/pushgateway:v1.4.2 + prometheus: quay.io/prometheus/prometheus:v2.49.1 + rabbit_init: docker.io/library/rabbitmq:3.10.2-management + rabbitmq_cluster_operator: docker.io/rabbitmqoperator/cluster-operator:1.13.1 + rabbitmq_credential_updater: docker.io/rabbitmqoperator/default-user-credential-updater:1.0.2 + rabbitmq_server: docker.io/library/rabbitmq:3.10.2-management + rabbitmq_topology_operator: docker.io/rabbitmqoperator/messaging-topology-operator:1.6.0 + rook_ceph: docker.io/rook/ceph:v1.10.10 secretgen_controller: ghcr.io/carvel-dev/secretgen-controller@sha256:59ec05ce5847bfd70c8e04f08b5195e918c8f6fbb947ffc91b456494a2958fd5 - senlin_api: ghcr.io/vexxhost/atmosphere/senlin:2023.2@sha256:fe825c07a9e4fb17282b47f978c3d3254e990352d55e359f51dd3d7f198b4f55 - senlin_conductor: ghcr.io/vexxhost/atmosphere/senlin:2023.2@sha256:fe825c07a9e4fb17282b47f978c3d3254e990352d55e359f51dd3d7f198b4f55 - senlin_db_sync: ghcr.io/vexxhost/atmosphere/senlin:2023.2@sha256:fe825c07a9e4fb17282b47f978c3d3254e990352d55e359f51dd3d7f198b4f55 - senlin_engine_cleaner: ghcr.io/vexxhost/atmosphere/senlin:2023.2@sha256:fe825c07a9e4fb17282b47f978c3d3254e990352d55e359f51dd3d7f198b4f55 - senlin_engine: ghcr.io/vexxhost/atmosphere/senlin:2023.2@sha256:fe825c07a9e4fb17282b47f978c3d3254e990352d55e359f51dd3d7f198b4f55 - senlin_health_manager: ghcr.io/vexxhost/atmosphere/senlin:2023.2@sha256:fe825c07a9e4fb17282b47f978c3d3254e990352d55e359f51dd3d7f198b4f55 - staffeln_db_sync: ghcr.io/vexxhost/atmosphere/staffeln:v2.2.3@sha256:9e6e65c11c6722a6fb76d876fac408570f6dc5d78eb6112d9a90b4f6bb88242c - staffeln_conductor: ghcr.io/vexxhost/atmosphere/staffeln:v2.2.3@sha256:9e6e65c11c6722a6fb76d876fac408570f6dc5d78eb6112d9a90b4f6bb88242c - staffeln_api: ghcr.io/vexxhost/atmosphere/staffeln:v2.2.3@sha256:9e6e65c11c6722a6fb76d876fac408570f6dc5d78eb6112d9a90b4f6bb88242c - tempest_run_tests: ghcr.io/vexxhost/atmosphere/tempest:master@sha256:fb60541043884a5f5850ad225a3ff989bf667edc034ab5767f15109afc00b5dc - vector: docker.io/timberio/vector:0.27.0-debian@sha256:29f23dab76fa306b67b10eac3e9decdb01c906f8aa3b00a2f5b2e8ae088b84e0 + senlin_api: registry.atmosphere.dev/library/senlin:zed + senlin_conductor: registry.atmosphere.dev/library/senlin:zed + senlin_db_sync: registry.atmosphere.dev/library/senlin:zed + senlin_engine_cleaner: registry.atmosphere.dev/library/senlin:zed + senlin_engine: registry.atmosphere.dev/library/senlin:zed + senlin_health_manager: registry.atmosphere.dev/library/senlin:zed + staffeln_db_sync: registry.atmosphere.dev/library/staffeln:zed + staffeln_conductor: registry.atmosphere.dev/library/staffeln:zed + staffeln_api: registry.atmosphere.dev/library/staffeln:zed + tempest_run_tests: registry.atmosphere.dev/library/tempest:zed + vector: docker.io/timberio/vector:0.27.0-debian atmosphere_images: '{{ _atmosphere_images | combine(atmosphere_image_overrides, recursive=True) }}' diff --git a/tools/build-docker-bake.py b/tools/build-docker-bake.py new file mode 100644 index 000000000..320f51124 --- /dev/null +++ b/tools/build-docker-bake.py @@ -0,0 +1,102 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import jinja2 +import requests + +BRANCH = "stable/zed" +OPENSTACK_PROJECTS = [ + "barbican", + "cinder", + "designate", + "glance", + "heat", + "horizon", + "ironic", + "keystone", + "magnum", + "manila", + "neutron", + "nova", + "octavia", + "placement", + "senlin", + "tempest", +] + +TEMPLATE = """\ +target "{{ project }}" { + inherits = ["_openstack"] + context = "./images/{{ project }}" + + cache-from = cache_from("{{ project }}:${target._openstack.args.RELEASE}") + cache-to = cache_to("{{ project }}:${target._openstack.args.RELEASE}") + + tags = [ + "${REGISTRY}/{{ project }}:${RELEASE}", + "${REGISTRY}/{{ project }}:${target.{{ project }}.args.{{ project | upper }}_GIT_REF}" + ] + +{%- if project == 'tempest' %} + + contexts = { + golang = "docker-image://golang:1.18.5" + } +{%- endif %} + + args = { +{%- if project == 'tempest' %} + UCA_RELEASE = "zed" +{%- endif %} +{%- if branch == 'master' %} + RELEASE = "master"{% endif %} + PROJECT = "{{ project }}" + {{ project | upper }}_GIT_REF = "{{ git_ref }}" + } +} + +""" + + +def get_latest_commit(project: str, branch: str) -> str: + response = requests.get( + f"https://opendev.org/api/v1/repos/openstack/{project}/commits", + params={"sha": branch, "limit": 1}, + ) + response.raise_for_status() + + return response.json()[0]["sha"] + + +def main(): + tmpl = jinja2.Template(TEMPLATE) + + for project in OPENSTACK_PROJECTS: + branch = BRANCH + if project == "tempest": + branch = "master" + + print( + tmpl.render( + { + "project": project, + "branch": branch, + "git_ref": get_latest_commit(project, branch), + } + ) + ) + + +if __name__ == "__main__": + main() diff --git a/zuul.d/docker-images/base.yaml b/zuul.d/docker-images/base.yaml new file mode 100644 index 000000000..809ef47fe --- /dev/null +++ b/zuul.d/docker-images/base.yaml @@ -0,0 +1,37 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-buildset-registry + # gate: + # jobs: + # - atmosphere-buildset-registry + # promote: + # jobs: + # - atmosphere-buildset-registry + +- job: + name: atmosphere-buildset-registry + parent: ci-buildset-registry + +- job: + name: atmosphere-build-container-image + parent: ci-build-container-image + abstract: true + dependencies: + - name: atmosphere-buildset-registry + vars: + promote_container_image_method: intermediate-registry diff --git a/zuul.d/docker-images/ubuntu.yaml b/zuul.d/docker-images/ubuntu.yaml new file mode 100644 index 000000000..5b4757f8c --- /dev/null +++ b/zuul.d/docker-images/ubuntu.yaml @@ -0,0 +1,49 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-ubuntu + # gate: + # jobs: + # - atmosphere-upload-container-image-ubuntu + # promote: + # jobs: + # - atmosphere-promote-container-image-ubuntu + +- job: + name: atmosphere-build-container-image-ubuntu + parent: atmosphere-build-container-image + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-ubuntu + container_images: + - context: images/ubuntu + repository: registry.atmosphere.dev/library/ubuntu + tags: + - "zed" + - "zed-{{ ansible_date_time.epoch }}" + files: &container_image_files + - images/ubuntu/.* + +# - job: +# name: atmosphere-upload-docker-image-ubuntu +# vars: *docker_image_vars +# files: *docker_image_files + +# - job: +# name: atmosphere-promote-docker-image-ubuntu +# parent: atmosphere-promote-docker-image +# vars: *docker_image_vars +# files: *docker_image_files diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml index 9a3382883..5e9f419e3 100644 --- a/zuul.d/jobs.yaml +++ b/zuul.d/jobs.yaml @@ -12,20 +12,6 @@ # License for the specific language governing permissions and limitations # under the License. -- job: - name: atmosphere-buildset-registry - pre-run: zuul.d/playbooks/buildset-registry/pre.yml - run: zuul.d/playbooks/buildset-registry/run.yml - ansible-split-streams: true - -- job: - name: atmosphere-upload-images - parent: atmosphere-buildset-registry - run: zuul.d/playbooks/buildset-registry/run.yml - secrets: - - registry_credentials - - cosign_key - - job: name: atmosphere-molecule parent: tox @@ -34,7 +20,8 @@ run: zuul.d/playbooks/molecule/run.yml post-run: zuul.d/playbooks/molecule/post.yml dependencies: - - atmosphere-buildset-registry + - name: atmosphere-build-docker-image-ubuntu + soft: true - job: name: atmosphere-molecule-keycloak diff --git a/zuul.d/playbooks/buildset-registry/run.yml b/zuul.d/playbooks/buildset-registry/run.yml index 7f8118c21..98d50e157 100644 --- a/zuul.d/playbooks/buildset-registry/run.yml +++ b/zuul.d/playbooks/buildset-registry/run.yml @@ -53,8 +53,27 @@ [registry."{{ buildset_registry.host }}:{{ buildset_registry.port }}"] ca=["/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/ca.crt"] + # NOTE(mnaser): https://www.augmentedmind.de/2023/11/19/advanced-buildkit-caching/ + - name: Tune Buildkit for more aggressive caching + become: true + ansible.builtin.blockinfile: + create: yes + path: /etc/buildkitd.toml + block: | + [worker.oci] + enabled = true + gc = true + + [[worker.oci.gcpolicy]] + filters = ["type==source.local", "type==exec.cachemount", "type==source.git.checkout"] + keepBytes = 37580963840 # 35 GB, expressed in bytes + + [[worker.oci.gcpolicy]] + all = true + keepBytes = 64424509440 # 60 GB, expressed in bytes + - name: Create builder - ansible.builtin.shell: docker buildx create --name=atmosphere --driver=docker-container {% if buildset_registry.cert %}--config /etc/buildkitd.toml{% endif %} + ansible.builtin.shell: docker buildx create --name=atmosphere --driver=docker-container --config /etc/buildkitd.toml - name: Point registry to Atmosphere if in post pipeline when: zuul.pipeline == 'post' diff --git a/zuul.d/playbooks/molecule/pre.yml b/zuul.d/playbooks/molecule/pre.yml index f9f221336..56429e716 100644 --- a/zuul.d/playbooks/molecule/pre.yml +++ b/zuul.d/playbooks/molecule/pre.yml @@ -59,8 +59,8 @@ - name: Replace the registry in image manifest ansible.builtin.replace: path: "{{ zuul.project.src_dir }}/roles/defaults/vars/main.yml" - regexp: "registry.atmosphere.dev/library/([^@]*)@sha256:[a-fA-F0-9]{64}" - replace: '{{ buildset_registry.host }}:{{ buildset_registry.port }}/library/\1' + regexp: "registry.atmosphere.dev/library/" + replace: '{{ buildset_registry.host }}:{{ buildset_registry.port }}/library/' # TODO(mnaser): Drop this when we move to PBR - name: Add current folder to Git's safe directories diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml index 55e21fa8d..a94f6dcda 100644 --- a/zuul.d/project.yaml +++ b/zuul.d/project.yaml @@ -15,12 +15,8 @@ - project: check: jobs: - - atmosphere-buildset-registry - atmosphere-molecule-aio-openvswitch - atmosphere-molecule-aio-ovn - atmosphere-molecule-csi-local-path-provisioner - atmosphere-molecule-csi-rbd - atmosphere-molecule-keycloak - post: - jobs: - - atmosphere-upload-images