diff --git a/README.rst b/README.rst
index 71a4073b29..4af919296e 100644
--- a/README.rst
+++ b/README.rst
@@ -94,7 +94,6 @@ Kolla provides images to deploy the following OpenStack projects:
- Skyline (`APIServer `__ and `Console `__)
- `Tacker `__
- `Trove `__
-- `Venus `__
- `Watcher `__
- `Zun `__
diff --git a/docker/base/Dockerfile.j2 b/docker/base/Dockerfile.j2
index 45e7f9c03b..5ba1d5a874 100644
--- a/docker/base/Dockerfile.j2
+++ b/docker/base/Dockerfile.j2
@@ -115,11 +115,6 @@ RUN {{ macros.install_packages(base_centos_yum_repo_packages | customizable("cen
{% block base_centos_repo_overrides_post_yum %}{% endblock -%}
&& {{ macros.rpm_security_update(clean_package_cache) }}
-{# NOTE(mnasiadka): dumb-init is only in EPEL10.1 onwards and RHEL/Rocky/clones use the same #}
-{# EPEL release as the installed distro release #}
-{# TODO: Remove it when Rocky 10.1 is out #}
-RUN dnf config-manager --save --setopt=*.metalink="https://mirrors.fedoraproject.org/metalink?repo=epel-z-10.1&arch=\$basearch" epel
-
#### END REPO ENABLEMENT
{# We are back to the basic if conditional here which is:
@@ -243,7 +238,7 @@ COPY apt_preferences /etc/apt/preferences.d/kolla-custom
{% set base_apt_keys = [
{'name': 'erlang-ppa', 'keyid': 'F77F1EDA57EBB1CC'},
- {'name': 'rabbitmq', 'keyid': '9F4587F226208342'},
+ {'name': 'rabbitmq', 'keyid': '6B73A36E6026DFCA'},
{'name': 'haproxy', 'keyid': 'CFFB779AADC995E4F350A060505D97A41C61B9CD'},
] %}
diff --git a/docker/bifrost/bifrost-base/Dockerfile.j2 b/docker/bifrost/bifrost-base/Dockerfile.j2
index dc62aaf2a4..e31a12b326 100644
--- a/docker/bifrost/bifrost-base/Dockerfile.j2
+++ b/docker/bifrost/bifrost-base/Dockerfile.j2
@@ -67,7 +67,7 @@ RUN apt-get --error-on=any update && \
{%- else %}
RUN echo " " && \
{%- endif %}
- bash -c '$VENV/bin/pip install "ansible>=11,<12" && \
+ bash -c '$VENV/bin/pip install "ansible>=12,<13" && \
$VENV/bin/ansible-galaxy collection install -r /bifrost/ansible-collections-requirements.yml && \
$VENV/bin/ansible-playbook -vvvv -i /bifrost/playbooks/inventory/target \
/bifrost/playbooks/install.yaml \
diff --git a/docker/horizon/Dockerfile.j2 b/docker/horizon/Dockerfile.j2
index d73e5702d4..f2cb0b4336 100644
--- a/docker/horizon/Dockerfile.j2
+++ b/docker/horizon/Dockerfile.j2
@@ -51,7 +51,6 @@ COPY extend_start.sh /usr/local/bin/kolla_extend_start
# know to which path symlink should point to.
# NOTE(mnasiadka): pinning setuptools due to https://bugs.launchpad.net/horizon/+bug/2007574
RUN ln -s horizon-source/* horizon \
- && {{ macros.install_pip(['setuptools==67.2.*']) }} \
&& {{ macros.upper_constraints_remove("horizon") }} \
&& {{ macros.install_pip(horizon_pip_packages | customizable("pip_packages")) }} \
&& mkdir -p /etc/openstack-dashboard \
diff --git a/docker/horizon/extend_start.sh b/docker/horizon/extend_start.sh
index 41695a9d57..dae3ae2db8 100644
--- a/docker/horizon/extend_start.sh
+++ b/docker/horizon/extend_start.sh
@@ -172,14 +172,6 @@ function config_trove_dashboard {
done
}
-function config_venus_dashboard {
- for file in ${SITE_PACKAGES}/venus_dashboard/enabled/_*[^__].py; do
- config_dashboard "${ENABLE_VENUS:-no}" \
- "${SITE_PACKAGES}/venus_dashboard/enabled/${file##*/}" \
- "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}"
- done
-}
-
function config_watcher_dashboard {
for file in ${SITE_PACKAGES}/watcher_dashboard/local/enabled/_*[^__].py; do
config_dashboard "${ENABLE_WATCHER:-no}" \
@@ -236,7 +228,6 @@ config_neutron_vpnaas_dashboard
config_octavia_dashboard
config_tacker_dashboard
config_trove_dashboard
-config_venus_dashboard
config_watcher_dashboard
config_zun_dashboard
diff --git a/docker/httpd/Dockerfile.j2 b/docker/httpd/Dockerfile.j2
new file mode 100644
index 0000000000..2b58e7b127
--- /dev/null
+++ b/docker/httpd/Dockerfile.j2
@@ -0,0 +1,45 @@
+FROM {{ namespace }}/{{ image_prefix }}base:{{ tag }}
+{% block labels %}
+LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build_date }}"
+{% endblock %}
+
+{% block apache_header %}{% endblock %}
+
+{% import "macros.j2" as macros with context %}
+
+{% if base_package_type == 'rpm' %}
+{# NOTE(mnasiadka): mod_auth_mellon missing in CentOS 10 Stream - temporarily from Kolla COPR #}
+{{ macros.enable_extra_repos(['epel', 'kolla_el10']) }}
+ {% set apache_packages = [
+ 'httpd',
+ 'mod_ssl',
+ 'mod_auth_mellon',
+ 'mod_auth_openidc',
+ 'mod_proxy_uwsgi'
+ ] %}
+{% elif base_package_type == 'deb' %}
+ {% set apache_packages = [
+ 'apache2',
+ 'ca-certificates',
+ 'libapache2-mod-auth-mellon',
+ 'libapache2-mod-auth-openidc',
+ 'libapache2-mod-proxy-uwsgi'
+ ] %}
+{% endif %}
+
+{{ macros.install_packages(apache_packages | customizable("packages")) }}
+
+{% if base_package_type == 'rpm' %}
+RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \
+ && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
+{% elif base_package_type == 'deb' %}
+RUN echo > /etc/apache2/ports.conf
+{% endif %}
+
+COPY extend_start.sh /usr/local/bin/kolla_extend_start
+RUN chmod 644 /usr/local/bin/kolla_extend_start
+
+USER root
+
+{% block apache_footer %}{% endblock %}
+
diff --git a/docker/httpd/extend_start.sh b/docker/httpd/extend_start.sh
new file mode 100644
index 0000000000..d47af64b96
--- /dev/null
+++ b/docker/httpd/extend_start.sh
@@ -0,0 +1 @@
+. /usr/local/bin/kolla_httpd_setup
diff --git a/docker/kolla-toolbox/Dockerfile.j2 b/docker/kolla-toolbox/Dockerfile.j2
index b53b45da28..9f97ed3866 100644
--- a/docker/kolla-toolbox/Dockerfile.j2
+++ b/docker/kolla-toolbox/Dockerfile.j2
@@ -96,7 +96,7 @@ RUN mkdir -p /requirements \
ENV PATH {{ venv_path }}/bin:$PATH
{% set kolla_toolbox_pip_packages = [
- 'ansible-core==2.18.*',
+ 'ansible-core==2.19.*',
'cmd2',
'influxdb',
'openstacksdk',
diff --git a/docker/mariadb/mariadb-server/Dockerfile.j2 b/docker/mariadb-server/Dockerfile.j2
similarity index 89%
rename from docker/mariadb/mariadb-server/Dockerfile.j2
rename to docker/mariadb-server/Dockerfile.j2
index 15b9e48a4e..8d17ff4ff9 100644
--- a/docker/mariadb/mariadb-server/Dockerfile.j2
+++ b/docker/mariadb-server/Dockerfile.j2
@@ -1,4 +1,4 @@
-FROM {{ namespace }}/{{ image_prefix }}mariadb-base:{{ tag }}
+FROM {{ namespace }}/{{ image_prefix }}base:{{ tag }}
{% block labels %}
LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build_date }}"
{% endblock %}
@@ -18,6 +18,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
{% set mariadb_packages = [
'expect',
+ 'mariadb',
'mariadb-backup',
'mariadb-server',
'mariadb-server-galera',
@@ -34,12 +35,19 @@ RUN ln -s /usr/lib64/galera-4 /usr/lib64/galera
{% set mariadb_packages = [
'expect',
'mariadb-backup',
+ 'mariadb-client',
'mariadb-server'
] %}
{% endif %}
{{ macros.install_packages(mariadb_packages | customizable("packages")) }}
+{% block mariadb_healthcheck %}
+ENV MARIADB_VERSION=11.4
+ADD plugins-archive /
+RUN install -m 755 /plugins/mariadb-server-plugin-mariadb-docker-archive*/$MARIADB_VERSION/healthcheck.sh /usr/bin/healthcheck.sh
+{% endblock %}
+
COPY mariadb_sudoers /etc/sudoers.d/kolla_mariadb_sudoers
COPY extend_start.sh /usr/local/bin/kolla_extend_start
COPY security_reset.expect /usr/local/bin/kolla_security_reset
diff --git a/docker/mariadb/mariadb-server/backup.sh b/docker/mariadb-server/backup.sh
similarity index 100%
rename from docker/mariadb/mariadb-server/backup.sh
rename to docker/mariadb-server/backup.sh
diff --git a/docker/mariadb/mariadb-server/backup_replica.sh b/docker/mariadb-server/backup_replica.sh
similarity index 95%
rename from docker/mariadb/mariadb-server/backup_replica.sh
rename to docker/mariadb-server/backup_replica.sh
index ebdcbf6b0b..fe10bc61b1 100644
--- a/docker/mariadb/mariadb-server/backup_replica.sh
+++ b/docker/mariadb-server/backup_replica.sh
@@ -8,6 +8,7 @@ DEFAULT_MY_CNF="/etc/mysql/my.cnf"
REPLICA_MY_CNF="$(mktemp)"
RETRY_INTERVAL=5 # Interval between retries (in seconds)
MAX_RETRIES=12 # Max retries (12 retries * 5 seconds = 60 seconds)
+VERIFY_DB_SERVER_CERT="${VERIFY_DB_SERVER_CERT:=FALSE}"
# Cleanup function to remove the REPLICA_MY_CNF file
cleanup() {
@@ -74,7 +75,7 @@ retry_mysql_query() {
local attempt=1
while [ ${attempt} -le ${MAX_RETRIES} ]; do
- result=$(mysql -h "${HOST}" -u "${USER}" -p"${PASS}" -s -N -e "${query}" 2>/dev/null || true)
+ result=$(mariadb --ssl-verify-server-cert="${VERIFY_DB_SERVER_CERT}" -h "${HOST}" -u "${USER}" -p"${PASS}" -s -N -e "${query}" 2>/dev/null || true)
if [ -n "${result}" ]; then
echo "${result}"
return 0
diff --git a/docker/mariadb/mariadb-server/extend_start.sh b/docker/mariadb-server/extend_start.sh
similarity index 68%
rename from docker/mariadb/mariadb-server/extend_start.sh
rename to docker/mariadb-server/extend_start.sh
index 53a54557d6..f14c859492 100644
--- a/docker/mariadb/mariadb-server/extend_start.sh
+++ b/docker/mariadb-server/extend_start.sh
@@ -3,7 +3,7 @@
: ${MARIADB_LOG_DIR:=/var/log/kolla/mariadb}
function bootstrap_db {
- mysqld_safe --wsrep-new-cluster --skip-networking --wsrep-on=OFF --pid-file=/var/lib/mysql/mariadb.pid &
+ mariadbd-safe --wsrep-new-cluster --skip-networking --wsrep-on=OFF --pid-file=/var/lib/mysql/mariadb.pid &
# Wait for the mariadb server to be "Ready" before starting the security reset with a max timeout
# NOTE(huikang): the location of mysql's socket file varies depending on the OS distributions.
# Querying the cluster status has to be executed after the existence of mysql.sock and mariadb.pid.
@@ -22,9 +22,9 @@ function bootstrap_db {
sudo -E kolla_security_reset
set +o xtrace
- mysql -u root --password="${DB_ROOT_PASSWORD}" -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY '${DB_ROOT_PASSWORD}' WITH GRANT OPTION;"
- mysql -u root --password="${DB_ROOT_PASSWORD}" -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '${DB_ROOT_PASSWORD}' WITH GRANT OPTION;"
- mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" shutdown
+ mariadb -u root --password="${DB_ROOT_PASSWORD}" -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY '${DB_ROOT_PASSWORD}' WITH GRANT OPTION;"
+ mariadb -u root --password="${DB_ROOT_PASSWORD}" -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '${DB_ROOT_PASSWORD}' WITH GRANT OPTION;"
+ mariadb-admin -uroot -p"${DB_ROOT_PASSWORD}" shutdown
set -o xtrace
}
@@ -38,21 +38,21 @@ fi
# This catches all cases of the BOOTSTRAP variable being set, including empty
if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
- mysql_install_db 2>&1 | tee -a ${MARIADB_LOG_DIR}/mariadb-bootstrap.log
+ mariadb-install-db 2>&1 | tee -a ${MARIADB_LOG_DIR}/mariadb-bootstrap.log
bootstrap_db 2>&1 | tee -a ${MARIADB_LOG_DIR}/mariadb-bootstrap.log
exit 0
fi
# This catches all cases of the KOLLA_UPGRADE variable being set, including empty
if [[ "${!KOLLA_UPGRADE[@]}" ]]; then
- # The mysql_upgrade command treats any directories under /var/lib/mysql as
+ # The mariadb-upgrade command treats any directories under /var/lib/mysql as
# databases. Somehow we can end up with a .pki directory, which causes the
# command to fail with this error:
# Incorrect database name '#mysql50#.pki' when selecting the database
# There doesn't seem to be anything in the directory, so remove it.
rm -rf /var/lib/mysql/.pki
- mysql_upgrade --host=${DB_HOST} --port=${DB_PORT} --user=root --password="${DB_ROOT_PASSWORD}" 2>&1 | tee -a ${MARIADB_LOG_DIR}/mariadb-upgrade.log
+ mariadb-upgrade --host=${DB_HOST} --port=${DB_PORT} --user=root --password="${DB_ROOT_PASSWORD}" 2>&1 | tee -a ${MARIADB_LOG_DIR}/mariadb-upgrade.log
exit 0
fi
diff --git a/docker/mariadb/mariadb-server/healthcheck_mariadb b/docker/mariadb-server/healthcheck_mariadb
similarity index 100%
rename from docker/mariadb/mariadb-server/healthcheck_mariadb
rename to docker/mariadb-server/healthcheck_mariadb
diff --git a/docker/mariadb/mariadb-server/mariadb_sudoers b/docker/mariadb-server/mariadb_sudoers
similarity index 100%
rename from docker/mariadb/mariadb-server/mariadb_sudoers
rename to docker/mariadb-server/mariadb_sudoers
diff --git a/docker/mariadb/mariadb-server/security_reset.expect b/docker/mariadb-server/security_reset.expect
similarity index 100%
rename from docker/mariadb/mariadb-server/security_reset.expect
rename to docker/mariadb-server/security_reset.expect
diff --git a/docker/mariadb/mariadb-base/Dockerfile.j2 b/docker/mariadb/mariadb-base/Dockerfile.j2
deleted file mode 100644
index 51cdadb29f..0000000000
--- a/docker/mariadb/mariadb-base/Dockerfile.j2
+++ /dev/null
@@ -1,44 +0,0 @@
-FROM {{ namespace }}/{{ image_prefix }}base:{{ tag }}
-{% block labels %}
-LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build_date }}"
-{% endblock %}
-
-{% block mariadb_base_header %}{% endblock %}
-
-{% import "macros.j2" as macros with context %}
-
-{{ macros.configure_user(name='mysql') }}
-
-{# NOTE(mnasiadka): Using AppStream packages on CS10 for now #}
-{% if base_package_type == 'rpm' %}
- {% set mariadb_base_packages = [
- 'mariadb',
- ] %}
-
-{% elif base_package_type == 'deb' %}
-{{ macros.enable_extra_repos(['mariadb']) }}
- {% set mariadb_base_packages = [
- 'mariadb-client',
- ] %}
-{% endif %}
-
-{{ macros.install_packages(mariadb_base_packages | customizable("packages")) }}
-
-{# NOTE(mnasiadka): Latest clustercheck version as of May 2023 is 10.9 #}
-{% block mariadb_clustercheck_version %}
-ARG mariadb_clustercheck_version=10.9
-ARG mariadb_clustercheck_url=https://src.fedoraproject.org/rpms/mariadb/raw/${mariadb_clustercheck_version}/f/clustercheck.sh
-{% endblock %}
-
-RUN curl -o /usr/bin/clustercheck ${mariadb_clustercheck_url} \
- && chmod 755 /usr/bin/clustercheck
-
-{% block mariadb_healthcheck %}
-ENV MARIADB_VERSION=10.11
-ADD plugins-archive /
-RUN install -m 755 /plugins/mariadb-base-plugin-mariadb-docker-archive*/$MARIADB_VERSION/healthcheck.sh /usr/bin/healthcheck.sh
-{% endblock %}
-
-{{ macros.kolla_patch_sources() }}
-
-{% block mariadb_base_footer %}{% endblock %}
diff --git a/docker/mariadb/mariadb-clustercheck/Dockerfile.j2 b/docker/mariadb/mariadb-clustercheck/Dockerfile.j2
deleted file mode 100644
index 7aee4ef055..0000000000
--- a/docker/mariadb/mariadb-clustercheck/Dockerfile.j2
+++ /dev/null
@@ -1,19 +0,0 @@
-FROM {{ namespace }}/{{ image_prefix }}mariadb-base:{{ tag }}
-{% block labels %}
-LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build_date }}"
-{% endblock %}
-
-{% block mariadb_clustercheck_header %}{% endblock %}
-
-{% import "macros.j2" as macros with context %}
-
-COPY extend_start.sh /usr/local/bin/kolla_extend_start
-COPY socat_wrapper.sh /usr/local/bin/socat_wrapper
-
-RUN chmod 644 /usr/local/bin/kolla_extend_start && \
- chmod 755 /usr/local/bin/socat_wrapper
-
-{{ macros.kolla_patch_sources() }}
-
-{% block mariadb_clustercheck_footer %}{% endblock %}
-{% block footer %}{% endblock %}
diff --git a/docker/mariadb/mariadb-clustercheck/extend_start.sh b/docker/mariadb/mariadb-clustercheck/extend_start.sh
deleted file mode 100644
index 7379abddc6..0000000000
--- a/docker/mariadb/mariadb-clustercheck/extend_start.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/bash
-
-: ${MARIADB_LOG_DIR:=/var/log/kolla/mariadb}
-
-# Create log directory, with appropriate permissions
-if [[ ! -d "${MARIADB_LOG_DIR}" ]]; then
- mkdir -p ${MARIADB_LOG_DIR}
-fi
-if [[ $(stat -c %a ${MARIADB_LOG_DIR}) != "755" ]]; then
- chmod 755 ${MARIADB_LOG_DIR}
-fi
diff --git a/docker/mariadb/mariadb-clustercheck/socat_wrapper.sh b/docker/mariadb/mariadb-clustercheck/socat_wrapper.sh
deleted file mode 100644
index bf562e3d5d..0000000000
--- a/docker/mariadb/mariadb-clustercheck/socat_wrapper.sh
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/usr/bin/env bash
-
-catch_term() {
- kill -TERM "$child" 2>/dev/null
- exit 0
-}
-
-catch_quit() {
- kill -QUIT "$child" 2>/dev/null
- exit 0
-}
-
-trap catch_term SIGTERM
-trap catch_quit SIGQUIT
-
-socat "$@" &
-
-child=$!
-wait "$child"
diff --git a/docker/neutron/neutron-linuxbridge-agent/Dockerfile.j2 b/docker/neutron/neutron-linuxbridge-agent/Dockerfile.j2
deleted file mode 100644
index 471325548a..0000000000
--- a/docker/neutron/neutron-linuxbridge-agent/Dockerfile.j2
+++ /dev/null
@@ -1,21 +0,0 @@
-FROM {{ namespace }}/{{ image_prefix }}neutron-base:{{ tag }}
-{% block labels %}
-LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build_date }}"
-{% endblock %}
-
-{% block neutron_linuxbridge_agent_header %}{% endblock %}
-
-{% import "macros.j2" as macros with context %}
-
-{% set neutron_linuxbridge_agent_packages = [
- 'ebtables'
-] %}
-
-{{ macros.install_packages(neutron_linuxbridge_agent_packages | customizable("packages")) }}
-
-{{ macros.kolla_patch_sources() }}
-
-{% block neutron_linuxbridge_agent_footer %}{% endblock %}
-{% block footer %}{% endblock %}
-
-USER neutron
diff --git a/docker/neutron/neutron-metadata-agent/Dockerfile.j2 b/docker/neutron/neutron-metadata-agent/Dockerfile.j2
index 676ee1a850..91c3084051 100644
--- a/docker/neutron/neutron-metadata-agent/Dockerfile.j2
+++ b/docker/neutron/neutron-metadata-agent/Dockerfile.j2
@@ -14,6 +14,8 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
{{ macros.kolla_patch_sources() }}
+COPY extend_start.sh /usr/local/bin/kolla_extend_start
+
{% block neutron_metadata_agent_footer %}{% endblock %}
{% block footer %}{% endblock %}
diff --git a/docker/neutron/neutron-metadata-agent/extend_start.sh b/docker/neutron/neutron-metadata-agent/extend_start.sh
new file mode 100644
index 0000000000..001898f68e
--- /dev/null
+++ b/docker/neutron/neutron-metadata-agent/extend_start.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+if [[ ! -d "/var/log/kolla/neutron" ]]; then
+ mkdir -p /var/log/kolla/neutron
+fi
+if [[ $(stat -c %a /var/log/kolla/neutron) != "755" ]]; then
+ chmod 755 /var/log/kolla/neutron
+fi
+
+if [[ "${KOLLA_NEUTRON_WRAPPERS:-false}" == "true" ]]; then
+ echo "Copying neutron agent wrappers to /usr/local/bin"
+ sudo -E /usr/local/lib/neutron-wrappers/copy-wrappers
+else
+ echo "Removing neutron agent wrappers from /usr/local/bin"
+ sudo -E /usr/local/lib/neutron-wrappers/delete-wrappers
+fi
+
+. /usr/local/bin/kolla_neutron_extend_start
diff --git a/docker/valkey/valkey-base/Dockerfile.j2 b/docker/valkey/valkey-base/Dockerfile.j2
new file mode 100644
index 0000000000..7d4e6da9a0
--- /dev/null
+++ b/docker/valkey/valkey-base/Dockerfile.j2
@@ -0,0 +1,17 @@
+FROM {{ namespace }}/{{ image_prefix }}base:{{ tag }}
+{% block labels %}
+LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build_date }}"
+{% endblock %}
+
+{% block valkey_base_header %}{% endblock %}
+
+{% import "macros.j2" as macros with context %}
+
+{{ macros.configure_user(name='valkey', homedir='/run/valkey') }}
+
+COPY extend_start.sh /usr/local/bin/kolla_extend_start
+RUN chmod 644 /usr/local/bin/kolla_extend_start
+
+{{ macros.kolla_patch_sources() }}
+
+{% block valkey_base_footer %}{% endblock %}
diff --git a/docker/valkey/valkey-base/extend_start.sh b/docker/valkey/valkey-base/extend_start.sh
new file mode 100644
index 0000000000..3a3a321d4e
--- /dev/null
+++ b/docker/valkey/valkey-base/extend_start.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+if [[ ! -d "/var/log/kolla/valkey" ]]; then
+ mkdir -p /var/log/kolla/valkey
+fi
+
+if [[ $(stat -c %a /var/log/kolla/valkey) != "755" ]]; then
+ chmod 755 /var/log/kolla/valkey
+fi
diff --git a/docker/valkey/valkey-sentinel/Dockerfile.j2 b/docker/valkey/valkey-sentinel/Dockerfile.j2
new file mode 100644
index 0000000000..e3045d2fe9
--- /dev/null
+++ b/docker/valkey/valkey-sentinel/Dockerfile.j2
@@ -0,0 +1,30 @@
+FROM {{ namespace }}/{{ image_prefix }}valkey-base:{{ tag }}
+{% block labels %}
+LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build_date }}"
+{% endblock %}
+
+{% block valkey_sentinel_header %}{% endblock %}
+
+{% import "macros.j2" as macros with context %}
+
+{% if base_package_type == 'rpm' %}
+{{ macros.enable_extra_repos(['epel']) }}
+ {% set valkey_sentinel_packages = ['valkey'] %}
+{% elif base_package_type == 'deb' %}
+ {% if base_distro == 'debian' %}
+ {% set valkey_sentinel_packages = ['valkey-sentinel/bookworm-backports'] %}
+ {% else %}
+ {% set valkey_sentinel_packages = ['valkey-sentinel'] %}
+ {% endif %}
+{% endif %}
+{{ macros.install_packages(valkey_sentinel_packages | customizable("packages")) }}
+
+COPY extend_start.sh /usr/local/bin/kolla_extend_start
+RUN chmod 644 /usr/local/bin/kolla_extend_start
+
+{{ macros.kolla_patch_sources() }}
+
+{% block valkey_sentinel_footer %}{% endblock %}
+{% block footer %}{% endblock %}
+
+USER valkey
diff --git a/docker/valkey/valkey-sentinel/extend_start.sh b/docker/valkey/valkey-sentinel/extend_start.sh
new file mode 100644
index 0000000000..e6af42ef6b
--- /dev/null
+++ b/docker/valkey/valkey-sentinel/extend_start.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+
+if [[ ! -d "/var/log/kolla/valkey" ]]; then
+ mkdir -p /var/log/kolla/valkey
+fi
+
+if [[ $(stat -c %a /var/log/kolla/valkey) != "755" ]]; then
+ chmod 755 /var/log/kolla/valkey
+fi
+
+# The CONFIG REWRITE command rewrites the valkey.conf
+# file the server was started with, applying the minimal
+# changes needed to make it reflect the configuration
+# currently used by the server, which may be different
+# compared to the original one because of the use of
+# the CONFIG SET command.
+#
+# https://valkey.io/commands/config-rewrite/
+#
+# Because of above behaviour it's needed to
+# hack kolla's CMD.
+#
+# Without this hack
+# /usr/local/bin/kolla_set_configs --check
+# is always reporting changed.
+#
+# Therefore valkey-sentinel is always restarted
+# even if configuration is not changed from
+# kolla-ansible side.
+if [ ! -z "${VALKEY_CONF}" ] && [ ! -z ${VALKEY_GEN_CONF} ]; then
+ cp ${VALKEY_CONF} ${VALKEY_GEN_CONF}
+fi
diff --git a/docker/valkey/valkey-server/Dockerfile.j2 b/docker/valkey/valkey-server/Dockerfile.j2
new file mode 100644
index 0000000000..7b989f66b4
--- /dev/null
+++ b/docker/valkey/valkey-server/Dockerfile.j2
@@ -0,0 +1,27 @@
+FROM {{ namespace }}/{{ image_prefix }}valkey-base:{{ tag }}
+{% block labels %}
+LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build_date }}"
+{% endblock %}
+
+{% block valkey_server_header %}{% endblock %}
+
+{% import "macros.j2" as macros with context %}
+
+{% if base_package_type == 'rpm' %}
+{{ macros.enable_extra_repos(['epel']) }}
+ {% set valkey_server_packages = ['valkey'] %}
+{% elif base_package_type == 'deb' %}
+ {% if base_distro == 'debian' %}
+ {% set valkey_server_packages = ['valkey/bookworm-backports'] %}
+ {% else %}
+ {% set valkey_server_packages = ['valkey'] %}
+ {% endif %}
+{% endif %}
+{{ macros.install_packages(valkey_server_packages | customizable("packages")) }}
+
+{{ macros.kolla_patch_sources() }}
+
+{% block valkey_server_footer %}{% endblock %}
+{% block footer %}{% endblock %}
+
+USER valkey
diff --git a/docker/venus/venus-api/Dockerfile.j2 b/docker/venus/venus-api/Dockerfile.j2
deleted file mode 100644
index 35ac69dca2..0000000000
--- a/docker/venus/venus-api/Dockerfile.j2
+++ /dev/null
@@ -1,18 +0,0 @@
-FROM {{ namespace }}/{{ image_prefix }}venus-base:{{ tag }}
-{% block labels %}
-LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build_date }}"
-{% endblock %}
-
-{% block venus_api_header %}{% endblock %}
-
-{% import "macros.j2" as macros with context %}
-
-COPY extend_start.sh /usr/local/bin/kolla_venus_extend_start
-RUN chmod 644 /usr/local/bin/kolla_venus_extend_start
-
-{{ macros.kolla_patch_sources() }}
-
-{% block venus_api_footer %}{% endblock %}
-{% block footer %}{% endblock %}
-
-USER venus
diff --git a/docker/venus/venus-api/extend_start.sh b/docker/venus/venus-api/extend_start.sh
deleted file mode 100644
index bbe03bbbcc..0000000000
--- a/docker/venus/venus-api/extend_start.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/bash
-
-# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases
-# of the KOLLA_BOOTSTRAP variable being set, including empty.
-if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
- venus_manager db sync
- exit 0
-fi
diff --git a/docker/venus/venus-base/Dockerfile.j2 b/docker/venus/venus-base/Dockerfile.j2
deleted file mode 100644
index 729ae6bd4d..0000000000
--- a/docker/venus/venus-base/Dockerfile.j2
+++ /dev/null
@@ -1,29 +0,0 @@
-FROM {{ namespace }}/{{ image_prefix }}openstack-base:{{ tag }}
-{% block labels %}
-LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build_date }}"
-{% endblock %}
-
-{% block venus_base_header %}{% endblock %}
-
-{% import "macros.j2" as macros with context %}
-
-{{ macros.configure_user(name='venus') }}
-
-ADD venus-base-archive /venus-base-source
-
-{% set venus_base_pip_packages = [
- '/venus'
-] %}
-
-COPY extend_start.sh /usr/local/bin/kolla_extend_start
-
-RUN ln -s venus-base-source/* venus \
- && {{ macros.install_pip(venus_base_pip_packages | customizable("pip_packages")) }} \
- && mkdir -p /etc/venus \
- && cp -r /venus/etc/venus/* /etc/venus/ \
- && touch /usr/local/bin/kolla_venus_extend_start \
- && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_venus_extend_start
-
-{{ macros.kolla_patch_sources() }}
-
-{% block venus_base_footer %}{% endblock %}
diff --git a/docker/venus/venus-base/extend_start.sh b/docker/venus/venus-base/extend_start.sh
deleted file mode 100644
index fa7bbe54b0..0000000000
--- a/docker/venus/venus-base/extend_start.sh
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/bash
-
-if [[ ! -d "/var/log/kolla/venus" ]]; then
- mkdir -p /var/log/kolla/venus
-fi
-if [[ $(stat -c %a /var/log/kolla/venus) != "755" ]]; then
- chmod 755 /var/log/kolla/venus
-fi
-
-. /usr/local/bin/kolla_venus_extend_start
diff --git a/docker/venus/venus-manager/Dockerfile.j2 b/docker/venus/venus-manager/Dockerfile.j2
deleted file mode 100644
index 35575adb64..0000000000
--- a/docker/venus/venus-manager/Dockerfile.j2
+++ /dev/null
@@ -1,15 +0,0 @@
-FROM {{ namespace }}/{{ image_prefix }}venus-base:{{ tag }}
-{% block labels %}
-LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build_date }}"
-{% endblock %}
-
-{% block venus_manager_header %}{% endblock %}
-
-{% import "macros.j2" as macros with context %}
-
-{{ macros.kolla_patch_sources() }}
-
-{% block venus_manager_footer %}{% endblock %}
-{% block footer %}{% endblock %}
-
-USER venus
diff --git a/kolla/common/sources.py b/kolla/common/sources.py
index ea8df7c570..d999335da7 100644
--- a/kolla/common/sources.py
+++ b/kolla/common/sources.py
@@ -54,11 +54,11 @@
'etcd': {
# NOTE(wszumski): Upgrade one minor version at a time:
# https://etcd.io/docs/v3.6/upgrades/upgrade_3_6/
- 'version': '3.6.4',
+ 'version': '3.6.5',
'type': 'url',
'sha256': {
- 'amd64': '4d5f3101daa534e45ccaf3eec8d21c19b7222db377bcfd5e5a9144155238c105', # noqa: E501
- 'arm64': '323421fa279f4f3d7da4c7f2dfa17d9e49529cb2b4cdf40899a7416bccdde42d'}, # noqa: E501
+ 'amd64': '66bad39ed920f6fc15fd74adcb8bfd38ba9a6412f8c7852d09eb11670e88cac3', # noqa: E501
+ 'arm64': '7010161787077b07de29b15b76825ceacbbcedcb77fe2e6832f509be102cab6b'}, # noqa: E501
'location': ('https://github.com/etcd-io/etcd/'
'releases/download/v${version}'
'/etcd-v${version}-linux-${debian_arch}.tar.gz')},
@@ -135,10 +135,6 @@
'type': 'url',
'location': ('$tarballs_base/openstack/trove-dashboard/'
'trove-dashboard-${openstack_branch}.tar.gz')},
- 'horizon-plugin-venus-dashboard': {
- 'type': 'url',
- 'location': ('$tarballs_base/openstack/venus-dashboard/'
- 'venus-dashboard-${openstack_branch}.tar.gz')},
'horizon-plugin-watcher-dashboard': {
'type': 'url',
'location': ('$tarballs_base/openstack/watcher-dashboard/'
@@ -169,11 +165,11 @@
'location': ('$tarballs_base/openstack/kuryr-libnetwork/'
'kuryr-libnetwork-${openstack_branch}.tar.gz')},
'letsencrypt-lego': {
- 'version': 'v4.25.2',
+ 'version': 'v4.27.0',
'type': 'url',
'sha256': {
- 'amd64': '6022cf99bdc310ebba21c059fcbf1cb5939e17b2f95dade6bb6f878f9590a961', # noqa: E501
- 'arm64': '3dc4bc343b265a66bb174d3dd03b769bc40c326d680b240b948d12e97ddd4bf8'}, # noqa: E501
+ 'amd64': '898b58bbbca4282d706b4f204593cb94fc2ed13232777236c06dc20259bbcd02', # noqa: E501
+ 'arm64': '2973b412d37e5d652a91bda1a6bf7642491e316bc0f855a614e2c996249014dc'}, # noqa: E501
'location': ('https://github.com/go-acme/lego/'
'releases/download/${version}/'
'lego_${version}_linux_${debian_arch}.tar.gz')},
@@ -182,18 +178,18 @@
'location': ('$tarballs_base/openstack/magnum/'
'magnum-${openstack_branch}.tar.gz')},
'magnum-conductor-plugin-helm': {
- 'version': 'v3.16.3',
+ 'version': 'v3.19.0',
'type': 'url',
'sha256': {
- 'amd64': 'f5355c79190951eed23c5432a3b920e071f4c00a64f75e077de0dd4cb7b294ea', # noqa: E501
- 'arm64': '5bd34ed774df6914b323ff84a0a156ea6ff2ba1eaf0113962fa773f3f9def798'}, # noqa: E501
+ 'amd64': 'a7f81ce08007091b86d8bd696eb4d86b8d0f2e1b9f6c714be62f82f96a594496', # noqa: E501
+ 'arm64': '440cf7add0aee27ebc93fada965523c1dc2e0ab340d4348da2215737fc0d76ad'}, # noqa: E501
'location': ('https://get.helm.sh/helm'
'-${version}-linux-${debian_arch}.tar.gz')},
'manila-base': {
'type': 'url',
'location': ('$tarballs_base/openstack/manila/'
'manila-${openstack_branch}.tar.gz')},
- 'mariadb-base-plugin-mariadb-docker': {
+ 'mariadb-server-plugin-mariadb-docker': {
# NOTE(seunghun1ee): This repo is needed to get MariaDB healthcheck.sh
'type': 'git',
'reference': 'master',
@@ -415,10 +411,6 @@
'type': 'url',
'location': ('$tarballs_base/openstack/trove/'
'trove-${openstack_branch}.tar.gz')},
- 'venus-base': {
- 'type': 'url',
- 'location': ('$tarballs_base/openstack/venus/'
- 'venus-${openstack_branch}.tar.gz')},
'watcher-base': {
'type': 'url',
'location': ('$tarballs_base/openstack/watcher/'
diff --git a/kolla/common/users.py b/kolla/common/users.py
index 95aefa4b6e..de8fc315cd 100644
--- a/kolla/common/users.py
+++ b/kolla/common/users.py
@@ -326,7 +326,7 @@
'uid': 42488,
'gid': 42488,
},
- 'venus-user': {
+ 'venus-user': { # unused user (venus dropped)
'uid': 42489,
'gid': 42489,
},
@@ -345,5 +345,9 @@
'hsmusers-user': {
'uid': 42493, # This is not used, but the group ID is required.
'gid': 42493,
- }
+ },
+ 'valkey-user': {
+ 'uid': 42494,
+ 'gid': 42494,
+ },
}
diff --git a/kolla/template/methods.py b/kolla/template/methods.py
index 53e0da95b2..42b7399bbc 100644
--- a/kolla/template/methods.py
+++ b/kolla/template/methods.py
@@ -126,8 +126,9 @@ def handle_repos(context, reponames, mode):
commands = ''
try:
- repo_list = repo_data[base_distro] | \
- repo_data['%s-%s' % (base_distro, base_arch)]
+ repo_list = repo_data.get(base_package_type, dict()) | \
+ repo_data.get(base_distro, dict()) | \
+ repo_data.get('%s-%s' % (base_distro, base_arch), dict())
except KeyError:
# NOTE(hrw): Fallback to distro list
repo_list = repo_data[base_distro]
diff --git a/kolla/template/repos.yaml b/kolla/template/repos.yaml
index c9ba633b89..7d9d7ec71a 100644
--- a/kolla/template/repos.yaml
+++ b/kolla/template/repos.yaml
@@ -1,107 +1,8 @@
---
-centos:
- ceph:
- gpgkey: "https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Storage"
- metalink: "https://mirrors.centos.org/metalink?repo=centos-storage-sig-ceph-squid-9-stream&arch=$basearch"
- name: "centos-ceph-squid"
- crb:
- distro: True
- name: "crb"
- docker-ce:
- gpgkey: "https://download.docker.com/linux/centos/gpg"
- baseurl: "https://download.docker.com/linux/centos/$releasever/$basearch/stable"
- name: "docker-ce"
- epel:
- gpgkey: "https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-$releasever"
- metalink: "https://mirrors.fedoraproject.org/metalink?repo=epel-$releasever&arch=$basearch&infra=$infra&content=$contentdir"
- name: "epel"
- erlang:
- baseurl: |
- https://yum1.rabbitmq.com/erlang/el/9/$basearch
- https://yum2.rabbitmq.com/erlang/el/9/$basearch
- gpgkey: "https://github.com/rabbitmq/signing-keys/releases/download/3.0/cloudsmith.rabbitmq-erlang.E495BB49CC4BBE5B.key"
- name: "rabbitmq_rabbitmq-erlang"
- extras:
- distro: True
- name: "extras"
- fluentd:
- baseurl: "https://fluentd.cdn.cncf.io/lts/6/redhat/$releasever/$basearch"
- gpgkey: "https://fluentd.cdn.cncf.io/GPG-KEY-fluent-package"
- name: "fluent-package-lts"
- grafana:
- baseurl: "https://rpm.grafana.com"
- gpgkey: "https://rpm.grafana.com/gpg.key"
- name: "grafana"
- hacluster:
- name: "highavailability"
- distro: true
- influxdb:
- baseurl: "https://repos.influxdata.com/rhel/9/$basearch/stable"
- gpgkey: "https://repos.influxdata.com/influxdata-archive_compat.key"
- name: "influxdb"
- kolla_el10:
- baseurl: "https://download.copr.fedorainfracloud.org/results/@openstack-kolla/el10-missing/epel-10-$basearch/"
- gpgkey: "https://download.copr.fedorainfracloud.org/results/@openstack-kolla/el10-missing/pubkey.gpg"
- name: "kolla_el10"
- mariadb:
- baseurl: "https://dlm.mariadb.com/repo/mariadb-server/10.11/yum/rhel/$releasever/$basearch"
- gpgkey: "https://downloads.mariadb.com/MariaDB/RPM-GPG-KEY-MariaDB"
- name: "mariadb"
- opensearch:
- baseurl: "https://artifacts.opensearch.org/releases/bundle/opensearch/3.x/yum"
- gpgkey: "https://artifacts.opensearch.org/publickeys/opensearch-release.pgp"
- repo_gpgcheck: 1
- name: "opensearch32.x"
- opensearch-dashboards:
- baseurl: "https://artifacts.opensearch.org/releases/bundle/opensearch-dashboards/3.x/yum"
- gpgkey: "https://artifacts.opensearch.org/publickeys/opensearch-release.pgp"
- repo_gpgcheck: 1
- name: "opensearch-dashboards-3.x"
- openvswitch:
- gpgkey: "https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-NFV"
- metalink: "https://mirrors.centos.org/metalink?repo=centos-nfv-sig-openvswitch-2-$stream&arch=$basearch&protocol=https,http"
- name: "centos-nfv-openvswitch"
- opstools:
- distro: True
- name: "opstools"
- proxysql:
- baseurl: "https://repo.proxysql.com/ProxySQL/proxysql-3.0.x/almalinux/9"
- gpgkey: "https://repo.proxysql.com/ProxySQL/proxysql-3.0.x/repo_pub_key"
- name: "proxysql"
- rabbitmq:
- baseurl: |
- https://yum1.rabbitmq.com/rabbitmq/el/9/noarch
- https://yum2.rabbitmq.com/rabbitmq/el/9/noarch
- gpgkey: |
- https://github.com/rabbitmq/signing-keys/releases/download/3.0/cloudsmith.rabbitmq-server.9F4587F226208342.key
- https://github.com/rabbitmq/signing-keys/releases/download/3.0/rabbitmq-release-signing-key.asc
- name: "rabbitmq_rabbitmq-server"
-
-centos-aarch64:
- erlang:
- baseurl: "https://download.copr.fedorainfracloud.org/results/@openstack-kolla/rabbitmq-erlang-27/rhel-$releasever-aarch64/"
- gpgkey: "https://download.copr.fedorainfracloud.org/results/@openstack-kolla/rabbitmq-erlang-27/pubkey.gpg"
- name: "copr-rabbitmq-erlang"
-
# NOTE(mnasiadka): For RabbitMQ Debuntu suite names is following:
# https://www.rabbitmq.com/install-debian.html#apt-cloudsmith
-debian:
- docker-ce:
- url: "https://download.docker.com/linux/debian"
- suite: "bookworm"
- component: "stable"
- gpg_key: "docker-ce.asc"
- erlang:
- url: "https://ppa.launchpadcontent.net/rabbitmq/rabbitmq-erlang/ubuntu"
- suite: "jammy"
- component: "main"
- gpg_key: "erlang-ppa.gpg"
- fluentd:
- url: "https://fluentd.cdn.cncf.io/lts/6/debian/bookworm"
- suite: "bookworm"
- component: "contrib"
- gpg_key: "fluentd.asc"
+deb:
grafana:
url: "https://apt.grafana.com"
suite: "stable"
@@ -112,11 +13,6 @@ debian:
suite: "jammy"
component: "stable"
gpg_key: "influxdb.asc"
- mariadb:
- url: "https://dlm.mariadb.com/repo/mariadb-server/10.11/repo/debian"
- suite: "bookworm"
- component: "main"
- gpg_key: "mariadb.gpg"
opensearch:
url: "https://artifacts.opensearch.org/releases/bundle/opensearch/3.x/apt/"
suite: "stable"
@@ -127,20 +23,42 @@ debian:
suite: "stable"
component: "main"
gpg_key: "opensearch.asc"
+
+debian:
+ erlang:
+ url: "https://ppa.launchpadcontent.net/rabbitmq/rabbitmq-erlang/ubuntu"
+ suite: "jammy"
+ component: "main"
+ gpg_key: "erlang-ppa.gpg"
+ docker-ce:
+ url: "https://download.docker.com/linux/debian"
+ suite: "bookworm"
+ component: "stable"
+ gpg_key: "docker-ce.asc"
+ fluentd:
+ url: "https://fluentd.cdn.cncf.io/lts/6/debian/bookworm"
+ suite: "bookworm"
+ component: "contrib"
+ gpg_key: "fluentd.asc"
+ mariadb:
+ url: "https://dlm.mariadb.com/repo/mariadb-server/11.4/repo/debian"
+ suite: "bookworm"
+ component: "main"
+ gpg_key: "mariadb.gpg"
proxysql:
url: "https://repo.proxysql.com/ProxySQL/proxysql-3.0.x/bookworm/"
suite: "./"
component: ""
gpg_key: "proxysql.asc"
rabbitmq:
- url: "https://ppa1.rabbitmq.com/rabbitmq/rabbitmq-server/deb/debian"
+ url: "https://deb1.rabbitmq.com/rabbitmq-server/debian/bookworm"
suite: "bookworm"
component: "main"
gpg_key: "rabbitmq.gpg"
debian-aarch64:
rabbitmq:
- url: "https://ppa1.rabbitmq.com/rabbitmq/rabbitmq-server/deb/debian"
+ url: "https://deb1.rabbitmq.com/rabbitmq-server/debian/bookworm"
suite: "bookworm"
component: "main"
# NOTE(mnasiadka): Since rabbitmq is really noarch and community mirror is not
@@ -148,7 +66,49 @@ debian-aarch64:
arch: "amd64"
gpg_key: "rabbitmq.gpg"
-rocky:
+ubuntu:
+ erlang:
+ url: "https://ppa.launchpadcontent.net/rabbitmq/rabbitmq-erlang/ubuntu"
+ suite: "noble"
+ component: "main"
+ gpg_key: "erlang-ppa.gpg"
+ docker-ce:
+ url: "https://download.docker.com/linux/ubuntu"
+ suite: "noble"
+ component: "stable"
+ gpg_key: "docker-ce.asc"
+ fluentd:
+ url: "https://fluentd.cdn.cncf.io/lts/6/ubuntu/noble"
+ suite: "noble"
+ component: "contrib"
+ gpg_key: "fluentd.asc"
+ mariadb:
+ url: "https://dlm.mariadb.com/repo/mariadb-server/11.4/repo/ubuntu"
+ suite: "noble"
+ component: "main"
+ gpg_key: "mariadb.gpg"
+ proxysql:
+ url: "https://repo.proxysql.com/ProxySQL/proxysql-3.0.x/noble/"
+ suite: "./"
+ component: ""
+ gpg_key: "proxysql.asc"
+ rabbitmq:
+ url: "https://deb1.rabbitmq.com/rabbitmq-server/ubuntu/noble"
+ suite: "noble"
+ component: "main"
+ gpg_key: "rabbitmq.gpg"
+
+ubuntu-aarch64:
+ rabbitmq:
+ url: "https://deb1.rabbitmq.com/rabbitmq-server/ubuntu/noble"
+ suite: "noble"
+ component: "main"
+ # NOTE(mnasiadka): Since rabbitmq is really noarch and community mirror is not
+ # syncing binary-aarch64 - we're using amd64 here.
+ arch: "amd64"
+ gpg_key: "rabbitmq.gpg"
+
+rpm:
ceph:
gpgkey: "https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Storage"
metalink: "https://mirrors.centos.org/metalink?repo=centos-storage-sig-ceph-squid-9-stream&arch=$basearch"
@@ -193,7 +153,7 @@ rocky:
gpgkey: "https://download.copr.fedorainfracloud.org/results/@openstack-kolla/el10-missing/pubkey.gpg"
name: "kolla_el10"
mariadb:
- baseurl: "https://dlm.mariadb.com/repo/mariadb-server/10.11/yum/rhel/$releasever/$basearch"
+ baseurl: "https://dlm.mariadb.com/repo/mariadb-server/11.4/yum/rhel/$releasever/$basearch"
gpgkey: "https://downloads.mariadb.com/MariaDB/RPM-GPG-KEY-MariaDB"
name: "mariadb"
opensearch:
@@ -226,71 +186,14 @@ rocky:
https://github.com/rabbitmq/signing-keys/releases/download/3.0/rabbitmq-release-signing-key.asc
name: "rabbitmq_rabbitmq-server"
-rocky-aarch64:
+centos-aarch64:
erlang:
baseurl: "https://download.copr.fedorainfracloud.org/results/@openstack-kolla/rabbitmq-erlang-27/rhel-$releasever-aarch64/"
gpgkey: "https://download.copr.fedorainfracloud.org/results/@openstack-kolla/rabbitmq-erlang-27/pubkey.gpg"
name: "copr-rabbitmq-erlang"
-ubuntu:
- docker-ce:
- url: "https://download.docker.com/linux/ubuntu"
- suite: "noble"
- component: "stable"
- gpg_key: "docker-ce.asc"
+rocky-aarch64:
erlang:
- url: "https://ppa.launchpadcontent.net/rabbitmq/rabbitmq-erlang/ubuntu"
- suite: "noble"
- component: "main"
- gpg_key: "erlang-ppa.gpg"
- fluentd:
- url: "https://fluentd.cdn.cncf.io/lts/6/ubuntu/noble"
- suite: "noble"
- component: "contrib"
- gpg_key: "fluentd.asc"
- grafana:
- url: "https://apt.grafana.com"
- suite: "stable"
- component: "main"
- gpg_key: "grafana.asc"
- influxdb:
- url: "https://repos.influxdata.com/ubuntu"
- # TODO(mnasiadka): Switch to noble when available
- suite: "jammy"
- component: "stable"
- gpg_key: "influxdb.asc"
- mariadb:
- url: "https://dlm.mariadb.com/repo/mariadb-server/10.11/repo/ubuntu"
- suite: "noble"
- component: "main"
- gpg_key: "mariadb.gpg"
- opensearch:
- url: "https://artifacts.opensearch.org/releases/bundle/opensearch/3.x/apt/"
- suite: "stable"
- component: "main"
- gpg_key: "opensearch.asc"
- opensearch-dashboards:
- url: "https://artifacts.opensearch.org/releases/bundle/opensearch-dashboards/3.x/apt/"
- suite: "stable"
- component: "main"
- gpg_key: "opensearch.asc"
- proxysql:
- url: "https://repo.proxysql.com/ProxySQL/proxysql-3.0.x/noble/"
- suite: "./"
- component: ""
- gpg_key: "proxysql.asc"
- rabbitmq:
- url: "https://ppa1.rabbitmq.com/rabbitmq/rabbitmq-server/deb/ubuntu"
- suite: "noble"
- component: "main"
- gpg_key: "rabbitmq.gpg"
-
-ubuntu-aarch64:
- rabbitmq:
- url: "https://ppa1.rabbitmq.com/rabbitmq/rabbitmq-server/deb/debian"
- suite: "noble"
- component: "main"
- # NOTE(mnasiadka): Since rabbitmq is really noarch and community mirror is not
- # syncing binary-aarch64 - we're using amd64 here.
- arch: "amd64"
- gpg_key: "rabbitmq.gpg"
+ baseurl: "https://download.copr.fedorainfracloud.org/results/@openstack-kolla/rabbitmq-erlang-27/rhel-$releasever-aarch64/"
+ gpgkey: "https://download.copr.fedorainfracloud.org/results/@openstack-kolla/rabbitmq-erlang-27/pubkey.gpg"
+ name: "copr-rabbitmq-erlang"
diff --git a/kolla/tests/test_methods.py b/kolla/tests/test_methods.py
index 6559c5d4de..2d2fdd3edc 100644
--- a/kolla/tests/test_methods.py
+++ b/kolla/tests/test_methods.py
@@ -191,7 +191,7 @@ def test_enable_repos_debian_arch(self):
}
result = methods.handle_repos(template_vars, ["rabbitmq"], "enable")
- expectCmd = "RUN echo 'Uris: https://ppa1.rabbitmq.com/rabbitmq/rabbitmq-server/deb/debian' " # noqa: E501
+ expectCmd = "RUN echo 'Uris: https://deb1.rabbitmq.com/rabbitmq-server/debian/bookworm' " # noqa: E501
expectCmd += ">/etc/apt/sources.list.d/rabbitmq.sources && "
expectCmd += "echo 'Components: main' "
expectCmd += ">>/etc/apt/sources.list.d/rabbitmq.sources && "
@@ -236,7 +236,7 @@ def test_enable_repos_debian_multiple(self):
expectCmd += ">>/etc/apt/sources.list.d/grafana.sources && "
expectCmd += "echo 'Uris: "
- expectCmd += "https://ppa1.rabbitmq.com/rabbitmq/rabbitmq-server/deb/debian' " # noqa: E501
+ expectCmd += "https://deb1.rabbitmq.com/rabbitmq-server/debian/bookworm' " # noqa: E501
expectCmd += ">/etc/apt/sources.list.d/rabbitmq.sources && "
expectCmd += "echo 'Components: main' "
expectCmd += ">>/etc/apt/sources.list.d/rabbitmq.sources && "
diff --git a/releasenotes/notes/deprecate-collectd-8ba94052bdc9424b.yaml b/releasenotes/notes/deprecate-collectd-8ba94052bdc9424b.yaml
deleted file mode 100644
index c41b720f96..0000000000
--- a/releasenotes/notes/deprecate-collectd-8ba94052bdc9424b.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
----
-deprecations:
- - |
- Deprecates support for building ``collectd`` images.
diff --git a/releasenotes/notes/deprecate-telegraf-db2b0b9f30591552.yaml b/releasenotes/notes/deprecate-telegraf-db2b0b9f30591552.yaml
index 7aa96baff9..0667f571d6 100644
--- a/releasenotes/notes/deprecate-telegraf-db2b0b9f30591552.yaml
+++ b/releasenotes/notes/deprecate-telegraf-db2b0b9f30591552.yaml
@@ -1,4 +1,4 @@
---
deprecations:
- |
- Deprecates support for building ``telegraf`` images.
+ Deprecates support for building ``collectd`` and ``telegraf`` images.
diff --git a/releasenotes/notes/drop-neutron-linuxbridge-agent-5c4596f148c143ed.yaml b/releasenotes/notes/drop-neutron-linuxbridge-agent-5c4596f148c143ed.yaml
new file mode 100644
index 0000000000..e4d951f539
--- /dev/null
+++ b/releasenotes/notes/drop-neutron-linuxbridge-agent-5c4596f148c143ed.yaml
@@ -0,0 +1,5 @@
+---
+upgrade:
+ - |
+ Support for building ``neutron-linuxbridge-agent`` container image has
+ been dropped following removal in Neutron.
diff --git a/releasenotes/notes/drop-venus-435234b3bff7f209.yaml b/releasenotes/notes/drop-venus-435234b3bff7f209.yaml
new file mode 100644
index 0000000000..b6d2218421
--- /dev/null
+++ b/releasenotes/notes/drop-venus-435234b3bff7f209.yaml
@@ -0,0 +1,5 @@
+---
+upgrade:
+ - |
+ Support for building ``Venus`` container images has been dropped due to the
+ project's inactivity and the Horizon plugin build failures it caused.
diff --git a/releasenotes/notes/flamingo-prelude-b72f2599ed9d25d5.yaml b/releasenotes/notes/flamingo-prelude-b72f2599ed9d25d5.yaml
new file mode 100644
index 0000000000..c0b40675aa
--- /dev/null
+++ b/releasenotes/notes/flamingo-prelude-b72f2599ed9d25d5.yaml
@@ -0,0 +1,24 @@
+---
+prelude: |
+ The Kolla ``21.0.0`` (Flamingo) release modernises the base operating
+ systems and core infrastructure shipped by the containers. Highlights
+ include:
+
+ * Rocky Linux 10 replaces Rocky Linux 9 as the only supported Rocky base
+ image, removing the Delorean/CentOS Cloud SIG dependency and tightening RPM
+ repository handling via ``repos.yaml`` (including a new versioned Erlang
+ source for aarch64).
+ * Data-plane services received major upgrades: ``MariaDB`` now tracks the
+ 11.4 LTS series with the upstream health check script and the legacy
+ clustercheck image removed, ``ProxySQL`` moves to 3.x, ``Bifrost`` consumes
+ Ansible 11, ``RabbitMQ`` advances to 4.1, and ``Gnocchi`` is updated to
+ 4.7.0.
+ * Observability components were refreshed with ``Fluentd`` 6.x LTS,
+ ``OpenSearch``/``OpenSearch Dashboards`` 3.x, broad ``Prometheus`` exporter
+ and infrastructure bumps (``etcd``, ``helm``, ``letsencrypt-lego``), and the
+ retirement of the ``collectd``, ``telegraf``, and ``prometheus-ovn-exporter``
+ images.
+ * The container portfolio was streamlined: support landed for the
+ ``ironic-pxe-filter`` image and ``neutron-metadata-agent`` wrapper scripts,
+ while dormant services such as ``ironic-inspector`` and ``Venus`` were
+ dropped.
diff --git a/releasenotes/notes/fluentd-update-8db10e760b2dc4d5.yaml b/releasenotes/notes/fluentd-update-8db10e760b2dc4d5.yaml
index 6ecb744c02..7ac12764b0 100644
--- a/releasenotes/notes/fluentd-update-8db10e760b2dc4d5.yaml
+++ b/releasenotes/notes/fluentd-update-8db10e760b2dc4d5.yaml
@@ -1,4 +1,4 @@
---
upgrade:
- |
- Update Fluentd to version 6.x LTS.
+ Updates ``Fluentd`` to the 6.x LTS series.
diff --git a/releasenotes/notes/handle-deprecated-rabbitmq-package-archive-47548e7a41baa68b.yaml b/releasenotes/notes/handle-deprecated-rabbitmq-package-archive-47548e7a41baa68b.yaml
new file mode 100644
index 0000000000..b24cc3cdc0
--- /dev/null
+++ b/releasenotes/notes/handle-deprecated-rabbitmq-package-archive-47548e7a41baa68b.yaml
@@ -0,0 +1,7 @@
+---
+fixes:
+ - |
+ `As announced in July 2025 `__,
+ the RabbitMQ project has changed the location and signing key for their Debian and
+ Ubuntu packages. The repository configuration has been updated accordingly.
+ `LP#2131736 `__
diff --git a/releasenotes/notes/mariadb-11.4-b66b5baf9f5e6cd0.yaml b/releasenotes/notes/mariadb-11.4-b66b5baf9f5e6cd0.yaml
new file mode 100644
index 0000000000..9fa74e899c
--- /dev/null
+++ b/releasenotes/notes/mariadb-11.4-b66b5baf9f5e6cd0.yaml
@@ -0,0 +1,5 @@
+---
+upgrade:
+ - |
+ Updates ``MariaDB`` to the ``11.4`` LTS release, which is supported until
+ 29 May 2029.
diff --git a/releasenotes/notes/neutron-metadata-agent-wrapper-scripts-d6163080d169ea14.yaml b/releasenotes/notes/neutron-metadata-agent-wrapper-scripts-d6163080d169ea14.yaml
new file mode 100644
index 0000000000..8155aa5683
--- /dev/null
+++ b/releasenotes/notes/neutron-metadata-agent-wrapper-scripts-d6163080d169ea14.yaml
@@ -0,0 +1,7 @@
+---
+features:
+ - |
+ The neutron wrapper scripts, which were introduced in
+ I679ac66186d457ae53f89469fe22c5662089019a, are now included in the
+ ``neutron-metadata-agent`` container, making it possible to run
+ haproxy processes as separate containers.
diff --git a/releasenotes/notes/opensearch-upgrade-9e263a65f015a376.yaml b/releasenotes/notes/opensearch-upgrade-9e263a65f015a376.yaml
index d7e00e3315..9c3f5a300a 100644
--- a/releasenotes/notes/opensearch-upgrade-9e263a65f015a376.yaml
+++ b/releasenotes/notes/opensearch-upgrade-9e263a65f015a376.yaml
@@ -1,4 +1,4 @@
---
upgrade:
- |
- Update OpenSearch and OpenSearch Dashboards to version 3.x.
+ Updates ``OpenSearch`` and ``OpenSearch Dashboards`` to version 3.x.
diff --git a/releasenotes/notes/rabbitmq-41-d881d0b6bbf46446.yaml b/releasenotes/notes/rabbitmq-41-d881d0b6bbf46446.yaml
index 8046fc722e..2456bcf661 100644
--- a/releasenotes/notes/rabbitmq-41-d881d0b6bbf46446.yaml
+++ b/releasenotes/notes/rabbitmq-41-d881d0b6bbf46446.yaml
@@ -1,4 +1,4 @@
---
upgrade:
- |
- ``rabbitmq`` version has been updated to ``4.1``.
+ Updates ``RabbitMQ`` to version ``4.1``.
diff --git a/releasenotes/notes/remove-mariadb-clustercheck-427a6cfb3f39c508.yaml b/releasenotes/notes/remove-mariadb-clustercheck-427a6cfb3f39c508.yaml
new file mode 100644
index 0000000000..2a6fcadba0
--- /dev/null
+++ b/releasenotes/notes/remove-mariadb-clustercheck-427a6cfb3f39c508.yaml
@@ -0,0 +1,5 @@
+---
+upgrade:
+ - |
+ Dropped support for building MariaDB clustercheck container image as it
+ will not be compatible with MariaDB 11.4 (the next LTS version).
diff --git a/releasenotes/notes/remove-prometheus-ovn-exporter-c5f5005b4d1a4b12.yaml b/releasenotes/notes/remove-prometheus-ovn-exporter-c5f5005b4d1a4b12.yaml
index 6bac399014..04382375e1 100644
--- a/releasenotes/notes/remove-prometheus-ovn-exporter-c5f5005b4d1a4b12.yaml
+++ b/releasenotes/notes/remove-prometheus-ovn-exporter-c5f5005b4d1a4b12.yaml
@@ -1,5 +1,5 @@
---
-deprecations:
+upgrade:
- |
- The OVN exporter has been removed with immediate effect since 1) it isn't
- used in Kolla Ansible and 2) the source repo was archived in Dec 2024.
+ Removes the ``prometheus-ovn-exporter`` image because it is unused by
+ Kolla Ansible and the upstream repository was archived in December 2024.
diff --git a/releasenotes/notes/rocky-10-4111fa0160be14ab.yaml b/releasenotes/notes/rocky-10-4111fa0160be14ab.yaml
index 2fccba7963..98ef21f289 100644
--- a/releasenotes/notes/rocky-10-4111fa0160be14ab.yaml
+++ b/releasenotes/notes/rocky-10-4111fa0160be14ab.yaml
@@ -1,12 +1,12 @@
---
features:
- |
- Adds support for Rocky 10 as a base container image. This is the only major
- version of Rocky supported from the 2025.2 release.
+ Adds support for Rocky Linux 10 as a base container image. From the 2025.2
+ release onward, Rocky Linux 10 is the only supported Rocky Linux major version.
upgrade:
- |
- Rocky 9 is no longer supported as a base container image. Rocky users
- should migrate to Rocky 10.
+ Rocky Linux 9 is no longer supported as a base container image, so
+ deployments using Rocky Linux should migrate to Rocky Linux 10.
- |
- The following images were supported by Rocky 9 but lack suitable packages
- in Rocky, and are no longer supported for Rocky: ``telegraf``.
+ The ``telegraf`` image relied on Rocky Linux 9-only packages and is therefore
+ unavailable for Rocky Linux-based builds.
diff --git a/releasenotes/notes/update-packages-071d1863639fe3e3.yaml b/releasenotes/notes/update-packages-071d1863639fe3e3.yaml
index 8f30730d09..efe10a9605 100644
--- a/releasenotes/notes/update-packages-071d1863639fe3e3.yaml
+++ b/releasenotes/notes/update-packages-071d1863639fe3e3.yaml
@@ -1,11 +1,13 @@
---
upgrade:
- |
- Update monitoring and key infrastructure components to their latest versions.
- This upgrade includes several prometheus-related services, as well as Etcd and Lego.
+ Updates monitoring and key infrastructure components to their latest
+ supported versions. This covers several Prometheus exporters as well as
+ ``etcd``, ``helm``, and ``letsencrypt-lego``.
- * etcd: 3.5.16 -> 3.6.4
- * letsencrypt-lego: 4.20.4 -> 4.25.2
+ * etcd: 3.5.16 -> 3.6.5
+ * helm: 3.16.3 -> 3.19.0
+ * letsencrypt-lego: 4.20.4 -> 4.27.0
* prometheus-blackbox-exporter: 0.25.0 -> 0.27.0
* prometheus-cadvisor: 0.49.2 -> 0.53.0
* prometheus-elasticsearch-exporter: 1.8.0 -> 1.9.0
@@ -14,5 +16,5 @@ upgrade:
* prometheus-node-exporter: 1.8.2 -> 1.9.1
* prometheus-server: 3.2.1 -> 3.5.0 (LTS)
- Additionally, Prometheus-server has been switched to its Long-Term Support (LTS)
- version to ensure greater stability and extended support.
+ Additionally, ``prometheus-server`` now tracks the Long-Term Support (LTS)
+ channel to provide longer maintenance windows.
diff --git a/releasenotes/source/2024.1.rst b/releasenotes/source/2024.1.rst
index 4977a4f1a0..6896656be6 100644
--- a/releasenotes/source/2024.1.rst
+++ b/releasenotes/source/2024.1.rst
@@ -3,4 +3,4 @@
===========================
.. release-notes::
- :branch: stable/2024.1
+ :branch: unmaintained/2024.1
diff --git a/releasenotes/source/2025.2.rst b/releasenotes/source/2025.2.rst
new file mode 100644
index 0000000000..4dae18d869
--- /dev/null
+++ b/releasenotes/source/2025.2.rst
@@ -0,0 +1,6 @@
+===========================
+2025.2 Series Release Notes
+===========================
+
+.. release-notes::
+ :branch: stable/2025.2
diff --git a/releasenotes/source/index.rst b/releasenotes/source/index.rst
index 30aeae854f..690c29a49d 100644
--- a/releasenotes/source/index.rst
+++ b/releasenotes/source/index.rst
@@ -9,6 +9,7 @@ Contents
:maxdepth: 2
unreleased
+ 2025.2
2025.1
2024.2
2024.1
diff --git a/roles/kolla-build-config/defaults/main.yml b/roles/kolla-build-config/defaults/main.yml
index e8c6f7841f..81313edaf5 100644
--- a/roles/kolla-build-config/defaults/main.yml
+++ b/roles/kolla-build-config/defaults/main.yml
@@ -58,7 +58,6 @@ kolla_build_sources:
- tacker-base
- mistral-base-plugin-tacker
openstack/trove: trove-base
- openstack/venus: venus-base
openstack/watcher: watcher-base
openstack/zun: zun-base
@@ -77,6 +76,5 @@ kolla_build_sources:
openstack/octavia-dashboard: horizon-plugin-octavia-dashboard
openstack/tacker-horizon: horizon-plugin-tacker-dashboard
openstack/trove-dashboard: horizon-plugin-trove-dashboard
- openstack/venus-dashboard: horizon-plugin-venus-dashboard
openstack/watcher-dashboard: horizon-plugin-watcher-dashboard
openstack/zun-ui: horizon-plugin-zun-ui
diff --git a/test-requirements.txt b/test-requirements.txt
index 30c980fb33..7e3178bd66 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -1,4 +1,6 @@
-ansible-core>=2.17,<2.19 # GPLv3
+# NOTE(mnasiadka): Keeping 2.17 to satisfy py310 job
+ansible-core>=2.17; python_version < '3.11' # GPLv3
+ansible-core>=2.18,<2.20; python_version >= '3.11' # GPLv3
ansible-lint<26 # MIT
bandit!=1.6.0,>=1.1.0 # Apache-2.0
bashate>=0.5.1 # Apache-2.0
diff --git a/zuul.d/debian.yaml b/zuul.d/debian.yaml
index 66b0badacf..847a0b4d17 100644
--- a/zuul.d/debian.yaml
+++ b/zuul.d/debian.yaml
@@ -25,7 +25,7 @@
kolla_namespace: openstack.kolla
secrets:
- kolla_quay_io_creds
- - kolla_quay_io_api
+ - kolla_quay_io_api_oct_2025
- job:
name: kolla-publish-debian-bookworm-arm64-quay
@@ -37,7 +37,7 @@
kolla_namespace: openstack.kolla
secrets:
- kolla_quay_io_creds
- - kolla_quay_io_api
+ - kolla_quay_io_api_oct_2025
- job:
name: kolla-build-debian-bookworm-no-infra-wheels
diff --git a/zuul.d/rocky.yaml b/zuul.d/rocky.yaml
index f854cca6e2..1306998e9a 100644
--- a/zuul.d/rocky.yaml
+++ b/zuul.d/rocky.yaml
@@ -30,7 +30,7 @@
kolla_namespace: openstack.kolla
secrets:
- kolla_quay_io_creds
- - kolla_quay_io_api
+ - kolla_quay_io_api_oct_2025
- project-template:
name: kolla-build-rocky
diff --git a/zuul.d/scenarios/cephadm.yaml b/zuul.d/scenarios/cephadm.yaml
index 1a56c81ff9..93578439ae 100644
--- a/zuul.d/scenarios/cephadm.yaml
+++ b/zuul.d/scenarios/cephadm.yaml
@@ -6,10 +6,10 @@
check:
jobs:
- kolla-ansible-debian-bookworm-cephadm:
- files: ^docker\/(base|cinder|glance|mariadb|openstack-base|rabbitmq)\/.*
+ files: ^docker\/(base|cinder|glance|mariadb-server|openstack-base|rabbitmq)\/.*
- kolla-ansible-debian-bookworm-cephadm-upgrade:
- files: ^docker\/(base|cinder|glance|mariadb|openstack-base|rabbitmq)\/.*
+ files: ^docker\/(base|cinder|glance|mariadb-server|openstack-base|rabbitmq)\/.*
- kolla-ansible-ubuntu-noble-cephadm:
- files: ^docker\/(base|cinder|glance|mariadb|openstack-base|rabbitmq)\/.*
+ files: ^docker\/(base|cinder|glance|mariadb-server|openstack-base|rabbitmq)\/.*
- kolla-ansible-ubuntu-noble-cephadm-upgrade:
- files: ^docker\/(base|cinder|glance|mariadb|openstack-base|rabbitmq)\/.*
+ files: ^docker\/(base|cinder|glance|mariadb-server|openstack-base|rabbitmq)\/.*
diff --git a/zuul.d/scenarios/mariadb.yaml b/zuul.d/scenarios/mariadb.yaml
index 42b4535dfa..3627e11a4a 100644
--- a/zuul.d/scenarios/mariadb.yaml
+++ b/zuul.d/scenarios/mariadb.yaml
@@ -6,6 +6,6 @@
check:
jobs:
- kolla-ansible-debian-bookworm-mariadb:
- files: ^docker/(base|mariadb)/
+ files: ^docker/(base|mariadb-server)/
- kolla-ansible-ubuntu-noble-mariadb:
- files: ^docker/(base|mariadb)/
+ files: ^docker/(base|mariadb-server)/
diff --git a/zuul.d/ubuntu.yaml b/zuul.d/ubuntu.yaml
index 258b98f6c7..28a6ac3bbc 100644
--- a/zuul.d/ubuntu.yaml
+++ b/zuul.d/ubuntu.yaml
@@ -25,7 +25,7 @@
kolla_namespace: openstack.kolla
secrets:
- kolla_quay_io_creds
- - kolla_quay_io_api
+ - kolla_quay_io_api_oct_2025
- job:
name: kolla-build-ubuntu-noble-no-infra-wheels