stackhpc · priteau · Dec 1, 2025 · Sep 12, 2025 · Oct 9, 2025 · Oct 13, 2025
@@ -94,7 +94,6 @@ Kolla provides images to deploy the following OpenStack projects:
 - Skyline (`APIServer <https://docs.openstack.org/skyline-apiserver/latest/>`__ and `Console <https://docs.openstack.org/skyline-console/latest/>`__)
 - `Tacker <https://docs.openstack.org/tacker/latest/>`__
 - `Trove <https://docs.openstack.org/trove/latest/>`__
-- `Venus <https://docs.openstack.org/venus/latest/>`__
 - `Watcher <https://docs.openstack.org/watcher/latest/>`__
 - `Zun <https://docs.openstack.org/zun/latest/>`__
 

@@ -115,11 +115,6 @@ RUN {{ macros.install_packages(base_centos_yum_repo_packages | customizable("cen
 {% block base_centos_repo_overrides_post_yum %}{% endblock -%}
     && {{ macros.rpm_security_update(clean_package_cache) }}
 
-{# NOTE(mnasiadka): dumb-init is only in EPEL10.1 onwards and RHEL/Rocky/clones use the same #}
-{#                    EPEL release as the installed distro release #}
-{# TODO: Remove it when Rocky 10.1 is out #}
-RUN dnf config-manager --save --setopt=*.metalink="https://mirrors.fedoraproject.org/metalink?repo=epel-z-10.1&arch=\$basearch" epel
-
 #### END REPO ENABLEMENT
 
 {# We are back to the basic if conditional here which is:
@@ -243,7 +238,7 @@ COPY apt_preferences /etc/apt/preferences.d/kolla-custom
 
 {% set base_apt_keys = [
    {'name': 'erlang-ppa', 'keyid': 'F77F1EDA57EBB1CC'},
-   {'name': 'rabbitmq',   'keyid': '9F4587F226208342'},
+   {'name': 'rabbitmq',   'keyid': '6B73A36E6026DFCA'},
    {'name': 'haproxy',    'keyid': 'CFFB779AADC995E4F350A060505D97A41C61B9CD'},
 ] %}
 

@@ -67,7 +67,7 @@ RUN apt-get --error-on=any update && \
 {%- else %}
 RUN echo " " && \
 {%- endif %}
-    bash -c '$VENV/bin/pip install "ansible>=11,<12" && \
+    bash -c '$VENV/bin/pip install "ansible>=12,<13" && \
     $VENV/bin/ansible-galaxy collection install -r /bifrost/ansible-collections-requirements.yml && \
     $VENV/bin/ansible-playbook -vvvv -i /bifrost/playbooks/inventory/target \
     /bifrost/playbooks/install.yaml \

@@ -51,7 +51,6 @@ COPY extend_start.sh /usr/local/bin/kolla_extend_start
 # know to which path symlink should point to.
 # NOTE(mnasiadka): pinning setuptools due to https://bugs.launchpad.net/horizon/+bug/2007574
 RUN ln -s horizon-source/* horizon \
-    && {{ macros.install_pip(['setuptools==67.2.*']) }} \
     && {{ macros.upper_constraints_remove("horizon") }} \
     && {{ macros.install_pip(horizon_pip_packages | customizable("pip_packages")) }} \
     && mkdir -p /etc/openstack-dashboard \

@@ -172,14 +172,6 @@ function config_trove_dashboard {
     done
 }
 
-function config_venus_dashboard {
-    for file in ${SITE_PACKAGES}/venus_dashboard/enabled/_*[^__].py; do
-        config_dashboard "${ENABLE_VENUS:-no}" \
-            "${SITE_PACKAGES}/venus_dashboard/enabled/${file##*/}" \
-            "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}"
-    done
-}
-
 function config_watcher_dashboard {
     for file in ${SITE_PACKAGES}/watcher_dashboard/local/enabled/_*[^__].py; do
         config_dashboard "${ENABLE_WATCHER:-no}" \
@@ -236,7 +228,6 @@ config_neutron_vpnaas_dashboard
 config_octavia_dashboard
 config_tacker_dashboard
 config_trove_dashboard
-config_venus_dashboard
 config_watcher_dashboard
 config_zun_dashboard
 

@@ -0,0 +1,45 @@
+FROM {{ namespace }}/{{ image_prefix }}base:{{ tag }}
+{% block labels %}
+LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build_date }}"
+{% endblock %}
+
+{% block apache_header %}{% endblock %}
+
+{% import "macros.j2" as macros with context %}
+
+{% if base_package_type == 'rpm' %}
+{# NOTE(mnasiadka): mod_auth_mellon missing in CentOS 10 Stream - temporarily from Kolla COPR #}
+{{ macros.enable_extra_repos(['epel', 'kolla_el10']) }}
+    {% set apache_packages = [
+        'httpd',
+        'mod_ssl',
+        'mod_auth_mellon',
+        'mod_auth_openidc',
+        'mod_proxy_uwsgi'
+    ] %}
+{% elif base_package_type == 'deb' %}
+    {% set apache_packages = [
+        'apache2',
+        'ca-certificates',
+        'libapache2-mod-auth-mellon',
+        'libapache2-mod-auth-openidc',
+        'libapache2-mod-proxy-uwsgi'
+    ] %}
+{% endif %}
+
+{{ macros.install_packages(apache_packages | customizable("packages")) }}
+
+{% if base_package_type == 'rpm' %}
+RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \
+    && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
+{% elif base_package_type == 'deb' %}
+RUN echo > /etc/apache2/ports.conf
+{% endif %}
+
+COPY extend_start.sh /usr/local/bin/kolla_extend_start
+RUN chmod 644 /usr/local/bin/kolla_extend_start
+
+USER root
+
+{% block apache_footer %}{% endblock %}
+
@@ -0,0 +1 @@
+. /usr/local/bin/kolla_httpd_setup
@@ -96,7 +96,7 @@ RUN mkdir -p /requirements \
 ENV PATH {{ venv_path }}/bin:$PATH
 
 {% set kolla_toolbox_pip_packages = [
-        'ansible-core==2.18.*',
+        'ansible-core==2.19.*',
         'cmd2',
         'influxdb',
         'openstacksdk',

@@ -1,4 +1,4 @@
-FROM {{ namespace }}/{{ image_prefix }}mariadb-base:{{ tag }}
+FROM {{ namespace }}/{{ image_prefix }}base:{{ tag }}
 {% block labels %}
 LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build_date }}"
 {% endblock %}
@@ -18,6 +18,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
     {% set mariadb_packages = [
         'expect',
+        'mariadb',
         'mariadb-backup',
         'mariadb-server',
         'mariadb-server-galera',
@@ -34,12 +35,19 @@ RUN ln -s /usr/lib64/galera-4 /usr/lib64/galera
     {% set mariadb_packages = [
         'expect',
         'mariadb-backup',
+        'mariadb-client',
         'mariadb-server'
     ] %}
 {% endif %}
 
 {{ macros.install_packages(mariadb_packages | customizable("packages")) }}
 
+{% block mariadb_healthcheck %}
+ENV MARIADB_VERSION=11.4
+ADD plugins-archive /
+RUN install -m 755 /plugins/mariadb-server-plugin-mariadb-docker-archive*/$MARIADB_VERSION/healthcheck.sh /usr/bin/healthcheck.sh
+{% endblock %}
+
 COPY mariadb_sudoers /etc/sudoers.d/kolla_mariadb_sudoers
 COPY extend_start.sh /usr/local/bin/kolla_extend_start
 COPY security_reset.expect /usr/local/bin/kolla_security_reset

@@ -8,6 +8,7 @@ DEFAULT_MY_CNF="/etc/mysql/my.cnf"
 REPLICA_MY_CNF="$(mktemp)"
 RETRY_INTERVAL=5  # Interval between retries (in seconds)
 MAX_RETRIES=12    # Max retries (12 retries * 5 seconds = 60 seconds)
+VERIFY_DB_SERVER_CERT="${VERIFY_DB_SERVER_CERT:=FALSE}"
 
 # Cleanup function to remove the REPLICA_MY_CNF file
 cleanup() {
@@ -74,7 +75,7 @@ retry_mysql_query() {
     local attempt=1
 
     while [ ${attempt} -le ${MAX_RETRIES} ]; do
-        result=$(mysql -h "${HOST}" -u "${USER}" -p"${PASS}" -s -N -e "${query}" 2>/dev/null || true)
+        result=$(mariadb --ssl-verify-server-cert="${VERIFY_DB_SERVER_CERT}" -h "${HOST}" -u "${USER}" -p"${PASS}" -s -N -e "${query}" 2>/dev/null || true)
         if [ -n "${result}" ]; then
             echo "${result}"
             return 0

@@ -3,7 +3,7 @@
 : ${MARIADB_LOG_DIR:=/var/log/kolla/mariadb}
 
 function bootstrap_db {
-    mysqld_safe --wsrep-new-cluster --skip-networking --wsrep-on=OFF --pid-file=/var/lib/mysql/mariadb.pid &
+    mariadbd-safe --wsrep-new-cluster --skip-networking --wsrep-on=OFF --pid-file=/var/lib/mysql/mariadb.pid &
     # Wait for the mariadb server to be "Ready" before starting the security reset with a max timeout
     # NOTE(huikang): the location of mysql's socket file varies depending on the OS distributions.
     # Querying the cluster status has to be executed after the existence of mysql.sock and mariadb.pid.
@@ -22,9 +22,9 @@ function bootstrap_db {
     sudo -E kolla_security_reset
 
     set +o xtrace
-    mysql -u root --password="${DB_ROOT_PASSWORD}" -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY '${DB_ROOT_PASSWORD}' WITH GRANT OPTION;"
-    mysql -u root --password="${DB_ROOT_PASSWORD}" -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '${DB_ROOT_PASSWORD}' WITH GRANT OPTION;"
-    mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" shutdown
+    mariadb -u root --password="${DB_ROOT_PASSWORD}" -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY '${DB_ROOT_PASSWORD}' WITH GRANT OPTION;"
+    mariadb -u root --password="${DB_ROOT_PASSWORD}" -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '${DB_ROOT_PASSWORD}' WITH GRANT OPTION;"
+    mariadb-admin -uroot -p"${DB_ROOT_PASSWORD}" shutdown
     set -o xtrace
 }
 
@@ -38,21 +38,21 @@ fi
 
 # This catches all cases of the BOOTSTRAP variable being set, including empty
 if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
-    mysql_install_db 2>&1 | tee -a ${MARIADB_LOG_DIR}/mariadb-bootstrap.log
+    mariadb-install-db 2>&1 | tee -a ${MARIADB_LOG_DIR}/mariadb-bootstrap.log
     bootstrap_db 2>&1 | tee -a ${MARIADB_LOG_DIR}/mariadb-bootstrap.log
     exit 0
 fi
 
 # This catches all cases of the KOLLA_UPGRADE variable being set, including empty
 if [[ "${!KOLLA_UPGRADE[@]}" ]]; then
-    # The mysql_upgrade command treats any directories under /var/lib/mysql as
+    # The mariadb-upgrade command treats any directories under /var/lib/mysql as
     # databases. Somehow we can end up with a .pki directory, which causes the
     # command to fail with this error:
     # Incorrect database name '#mysql50#.pki' when selecting the database
     # There doesn't seem to be anything in the directory, so remove it.
     rm -rf /var/lib/mysql/.pki
 
-    mysql_upgrade --host=${DB_HOST} --port=${DB_PORT} --user=root --password="${DB_ROOT_PASSWORD}" 2>&1 | tee -a ${MARIADB_LOG_DIR}/mariadb-upgrade.log
+    mariadb-upgrade --host=${DB_HOST} --port=${DB_PORT} --user=root --password="${DB_ROOT_PASSWORD}" 2>&1 | tee -a ${MARIADB_LOG_DIR}/mariadb-upgrade.log
     exit 0
 fi
 

@@ -14,6 +14,8 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {{ macros.kolla_patch_sources() }}
 
+COPY extend_start.sh /usr/local/bin/kolla_extend_start
+
 {% block neutron_metadata_agent_footer %}{% endblock %}
 {% block footer %}{% endblock %}
 

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+if [[ ! -d "/var/log/kolla/neutron" ]]; then
+    mkdir -p /var/log/kolla/neutron
+fi
+if [[ $(stat -c %a /var/log/kolla/neutron) != "755" ]]; then
+    chmod 755 /var/log/kolla/neutron
+fi
+
+if [[ "${KOLLA_NEUTRON_WRAPPERS:-false}" == "true" ]]; then
+    echo "Copying neutron agent wrappers to /usr/local/bin"
+    sudo -E /usr/local/lib/neutron-wrappers/copy-wrappers
+else
+    echo "Removing neutron agent wrappers from /usr/local/bin"
+    sudo -E /usr/local/lib/neutron-wrappers/delete-wrappers
+fi
+
+. /usr/local/bin/kolla_neutron_extend_start
@@ -0,0 +1,17 @@
+FROM {{ namespace }}/{{ image_prefix }}base:{{ tag }}
+{% block labels %}
+LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build_date }}"
+{% endblock %}
+
+{% block valkey_base_header %}{% endblock %}
+
+{% import "macros.j2" as macros with context %}
+
+{{ macros.configure_user(name='valkey', homedir='/run/valkey') }}
+
+COPY extend_start.sh /usr/local/bin/kolla_extend_start
+RUN chmod 644 /usr/local/bin/kolla_extend_start
+
+{{ macros.kolla_patch_sources() }}
+
+{% block valkey_base_footer %}{% endblock %}
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+if [[ ! -d "/var/log/kolla/valkey" ]]; then
+    mkdir -p /var/log/kolla/valkey
+fi
+
+if [[ $(stat -c %a /var/log/kolla/valkey) != "755" ]]; then
+    chmod 755 /var/log/kolla/valkey
+fi