From f789ed2f1b2a2d55e8c5b40b2bdbdfc700d64dfd Mon Sep 17 00:00:00 2001 From: Bartosz Bezak Date: Tue, 28 Apr 2026 11:39:01 +0200 Subject: [PATCH 1/7] Bump OVN to 26.03 in Rocky Linux 10 images Change-Id: I3f0dab4b7d612d3e3f3057c1db8c36e3905cec75 Signed-off-by: Bartosz Bezak --- doc/source/ovn_versions.csv | 2 +- docker/base/Dockerfile.j2 | 2 +- releasenotes/notes/rocky-ovn-25.09-345468aec8cc8073.yaml | 4 ---- releasenotes/notes/rocky-ovn-26.03-006064cd2ea0a432.yaml | 4 ++++ 4 files changed, 6 insertions(+), 6 deletions(-) delete mode 100644 releasenotes/notes/rocky-ovn-25.09-345468aec8cc8073.yaml create mode 100644 releasenotes/notes/rocky-ovn-26.03-006064cd2ea0a432.yaml diff --git a/doc/source/ovn_versions.csv b/doc/source/ovn_versions.csv index f0a8c52102..cc5b54fc47 100644 --- a/doc/source/ovn_versions.csv +++ b/doc/source/ovn_versions.csv @@ -1,5 +1,5 @@ Distro,OVN, ,Source,Release -Rocky Linux,CentOS NFV SIG,25.09 +Rocky Linux,CentOS NFV SIG,26.03 Ubuntu,UCA,25.09 Debian,DEB,25.03 diff --git a/docker/base/Dockerfile.j2 b/docker/base/Dockerfile.j2 index 0503098dff..c137011f60 100644 --- a/docker/base/Dockerfile.j2 +++ b/docker/base/Dockerfile.j2 @@ -40,7 +40,7 @@ ENV PS1="$(tput bold)($(printenv KOLLA_SERVICE_NAME))$(tput sgr0)[$(id -un)@$(ho # desire such functionality. I think we will :) ENV KOLLA_RPM_OVS_VERSION=3.5 \ - KOLLA_RPM_OVN_VERSION=25.09 + KOLLA_RPM_OVN_VERSION=26.03 RUN cat /tmp/kolla_bashrc >> /etc/bashrc \ && sed -i 's|^\(override_install_langs=.*\)|# \1|' /etc/dnf/dnf.conf diff --git a/releasenotes/notes/rocky-ovn-25.09-345468aec8cc8073.yaml b/releasenotes/notes/rocky-ovn-25.09-345468aec8cc8073.yaml deleted file mode 100644 index 5af6125309..0000000000 --- a/releasenotes/notes/rocky-ovn-25.09-345468aec8cc8073.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - | - Updates OVN to version 25.09 on Rocky Linux 10. diff --git a/releasenotes/notes/rocky-ovn-26.03-006064cd2ea0a432.yaml b/releasenotes/notes/rocky-ovn-26.03-006064cd2ea0a432.yaml new file mode 100644 index 0000000000..ea4ac2b29a --- /dev/null +++ b/releasenotes/notes/rocky-ovn-26.03-006064cd2ea0a432.yaml @@ -0,0 +1,4 @@ +--- +features: + - | + Updates OVN to version 26.03 on Rocky Linux 10. From 655991d734af3d44c44e1fb4e47b7a850807258f Mon Sep 17 00:00:00 2001 From: Piotr Milewski Date: Mon, 27 Apr 2026 19:04:17 +0200 Subject: [PATCH 2/7] Update Prometheus to version 3.5.3 This release fixes multiple security issues [1]. [1] https://github.com/prometheus/prometheus/releases/tag/v3.5.3 Change-Id: I9f4243a40d0907639324308d84d8a860c1e54941 Signed-off-by: Piotr Milewski --- kolla/common/sources.py | 6 +++--- .../update-prometheus-server-3.5.2-e23a9826b25573a8.yaml | 4 ---- .../update-prometheus-server-3.5.3-89627b5d4e0ad4fb.yaml | 4 ++++ 3 files changed, 7 insertions(+), 7 deletions(-) delete mode 100644 releasenotes/notes/update-prometheus-server-3.5.2-e23a9826b25573a8.yaml create mode 100644 releasenotes/notes/update-prometheus-server-3.5.3-89627b5d4e0ad4fb.yaml diff --git a/kolla/common/sources.py b/kolla/common/sources.py index 9da7ccf8b8..97edec1b18 100644 --- a/kolla/common/sources.py +++ b/kolla/common/sources.py @@ -384,11 +384,11 @@ 'openstack-network-exporter' '-linux-${debian_arch}')}, 'prometheus-server': { - 'version': '3.5.2', + 'version': '3.5.3', 'type': 'url', 'sha256': { - 'amd64': '552c6d701e27d3c77983bb8a76e61953cb60021f6e10f17a929546a6dedc436a', # noqa: E501 - 'arm64': '06a77b3f580b0db0f41e1c52274503b609db58660e44577facb0ee53e4ff8b27'}, # noqa: E501 + 'amd64': '8c30b9d99664e39b0363c0ba54fab30a7958e9d3de27246bf26ed85e6cfb8946', # noqa: E501 + 'arm64': '11457bc76cab34f5ac05ba05fb80cfca1e8be7e4b31ae7c054879ce1066cb9a5'}, # noqa: E501 'location': ('https://github.com/' 'prometheus/prometheus/' 'releases/download/v${version}/' diff --git a/releasenotes/notes/update-prometheus-server-3.5.2-e23a9826b25573a8.yaml b/releasenotes/notes/update-prometheus-server-3.5.2-e23a9826b25573a8.yaml deleted file mode 100644 index 5d15be9033..0000000000 --- a/releasenotes/notes/update-prometheus-server-3.5.2-e23a9826b25573a8.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - | - Updates Prometheus to version 3.5.2. diff --git a/releasenotes/notes/update-prometheus-server-3.5.3-89627b5d4e0ad4fb.yaml b/releasenotes/notes/update-prometheus-server-3.5.3-89627b5d4e0ad4fb.yaml new file mode 100644 index 0000000000..5e2accea76 --- /dev/null +++ b/releasenotes/notes/update-prometheus-server-3.5.3-89627b5d4e0ad4fb.yaml @@ -0,0 +1,4 @@ +--- +features: + - | + Updates Prometheus to version 3.5.3. From 45ef3acc79d3f6603d648b094732369c41954dfc Mon Sep 17 00:00:00 2001 From: Pierre Riteau Date: Wed, 29 Apr 2026 14:27:47 +0200 Subject: [PATCH 3/7] Remove Babel from openstack-base The Babel dependency was removed from most OpenStack projects years ago. Change-Id: I21fc99f42b0fbfa45ff2d9366ea603866e6682d4 Signed-off-by: Pierre Riteau --- docker/openstack-base/Dockerfile.j2 | 1 - 1 file changed, 1 deletion(-) diff --git a/docker/openstack-base/Dockerfile.j2 b/docker/openstack-base/Dockerfile.j2 index f07b6a3cfa..eaa010396e 100644 --- a/docker/openstack-base/Dockerfile.j2 +++ b/docker/openstack-base/Dockerfile.j2 @@ -61,7 +61,6 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {{ macros.install_packages(openstack_base_packages | customizable("packages")) }} {% set openstack_base_pip_packages = [ - 'Babel', 'Mako', 'MarkupSafe', 'Paste', From 33c0e26e8a0290f0b6d647bb67e18a4f500907fc Mon Sep 17 00:00:00 2001 From: Michal Nasiadka Date: Mon, 27 Apr 2026 15:28:17 +0200 Subject: [PATCH 4/7] set_configs: Add support for creating directories and setting perms Change-Id: Id63c035fafaa68a9004c65161c5a3a3ad5544f02 Signed-off-by: Michal Nasiadka --- doc/source/admin/kolla_api.rst | 17 +++ docker/base/set_configs.py | 22 ++++ ...s-create-directories-a1b2c3d4e5f6a7b8.yaml | 5 + tests/test_set_config.py | 107 ++++++++++++++++++ 4 files changed, 151 insertions(+) create mode 100644 releasenotes/notes/set-configs-create-directories-a1b2c3d4e5f6a7b8.yaml diff --git a/doc/source/admin/kolla_api.rst b/doc/source/admin/kolla_api.rst index 2d0a17a0fd..b1fd6b1407 100644 --- a/doc/source/admin/kolla_api.rst +++ b/doc/source/admin/kolla_api.rst @@ -54,6 +54,16 @@ The `kolla_set_configs`_ script understands the following attributes: * **merge**: merges the source directory into the target directory instead of replacing it. Boolean, defaults to ``false``. +* **directories**: create directories inside the container if they do not + exist, and set their ownership and permissions. A list of dicts, each + containing the following attributes: + + * **path** (required): the path to the directory to create. + * **owner** (required): the ``user:group`` to change ownership to. ``user`` + is synonymous to ``user:user``. Must be user and group names, not uid/gid. + * **perm** (required): the unix permissions to set to the directory. + Must be passed in the numeric octal form. + * **permissions**: change the permissions and/or ownership of files or directories inside the container. A list of dicts, each containing the following attributes: @@ -84,6 +94,13 @@ Here is an example configuration file: "optional": false } ], + "directories": [ + { + "path": "/var/lib/trove", + "owner": "trove", + "perm": "0755" + } + ], "permissions": [ { "path": "/var/log/kolla/trove", diff --git a/docker/base/set_configs.py b/docker/base/set_configs.py index 80c32e5077..1a80bd8771 100644 --- a/docker/base/set_configs.py +++ b/docker/base/set_configs.py @@ -257,6 +257,7 @@ def check(self): def validate_config(config): required_keys = {'source', 'dest'} + required_dir_keys = {'path', 'owner', 'perm'} if 'command' not in config: raise InvalidConfig('Config is missing required "command" key') @@ -272,6 +273,12 @@ def validate_config(config): raise InvalidConfig( 'Config needs preserve_properties or owner and perm') + for data in config.get('directories', list()): + if not set(data.keys()) >= required_dir_keys: + message = ('directories config is missing required keys: %s' + % (required_dir_keys - set(data.keys()))) + raise InvalidConfig(message) + def validate_source(data): source = data.get('source') @@ -334,6 +341,19 @@ def copy_config(config): LOG.exception('Failed to set permission of %s to 0o644', cmd) +def create_directories(config): + if 'directories' not in config: + return + LOG.info('Creating directories') + for data in config['directories']: + path = data['path'] + try: + os.makedirs(path, exist_ok=True) + except Exception: + raise OSError("Can't create destination directory (%s)" % (path)) + handle_permissions({'permissions': [data]}) + + def user_group(owner): if ':' in owner: user, group = owner.split(':', 1) @@ -560,6 +580,7 @@ def execute_config_strategy(config): config_strategy = os.environ.get("KOLLA_CONFIG_STRATEGY") LOG.info("Kolla config strategy set to: %s", config_strategy) if config_strategy == "COPY_ALWAYS": + create_directories(config) handle_defaults(config) copy_config(config) handle_permissions(config) @@ -569,6 +590,7 @@ def execute_config_strategy(config): "The config strategy prevents copying new configs", exit_code=0) else: + create_directories(config) handle_defaults(config) copy_config(config) handle_permissions(config) diff --git a/releasenotes/notes/set-configs-create-directories-a1b2c3d4e5f6a7b8.yaml b/releasenotes/notes/set-configs-create-directories-a1b2c3d4e5f6a7b8.yaml new file mode 100644 index 0000000000..4ffba3b105 --- /dev/null +++ b/releasenotes/notes/set-configs-create-directories-a1b2c3d4e5f6a7b8.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + Adds support for a ``directories`` section in ``config.json`` processed by + ``kolla_set_configs``. diff --git a/tests/test_set_config.py b/tests/test_set_config.py index f29650504a..6e3ddf5e3e 100644 --- a/tests/test_set_config.py +++ b/tests/test_set_config.py @@ -894,6 +894,113 @@ def test_handle_defaults_state_exist_config_restored( mock_set_defaults_state.assert_called_once_with(expected_state) +class ValidateConfigDirectoriesTest(base.BaseTestCase): + + def test_validate_config_directories_missing_path(self): + config = { + 'command': '/bin/true', + 'directories': [{'owner': 'myuser', 'perm': '0755'}] + } + self.assertRaises(set_configs.InvalidConfig, + set_configs.validate_config, config) + + def test_validate_config_directories_missing_owner(self): + config = { + 'command': '/bin/true', + 'directories': [{'path': '/var/log/foo', 'perm': '0755'}] + } + self.assertRaises(set_configs.InvalidConfig, + set_configs.validate_config, config) + + def test_validate_config_directories_missing_perm(self): + config = { + 'command': '/bin/true', + 'directories': [{'path': '/var/log/foo', 'owner': 'myuser'}] + } + self.assertRaises(set_configs.InvalidConfig, + set_configs.validate_config, config) + + def test_validate_config_directories_valid(self): + config = { + 'command': '/bin/true', + 'directories': [ + {'path': '/var/log/foo', 'owner': 'myuser', 'perm': '0755'} + ] + } + set_configs.validate_config(config) + + +class CreateDirectoriesTest(base.BaseTestCase): + + @mock.patch.object(set_configs, 'handle_permissions') + @mock.patch('os.makedirs') + @mock.patch('os.path.exists', return_value=False) + def test_create_directory_not_exists(self, mock_exists, mock_makedirs, + mock_handle_permissions): + config = { + 'directories': [ + {'path': '/var/log/foo', 'owner': 'myuser', 'perm': '0755'} + ] + } + set_configs.create_directories(config) + + mock_makedirs.assert_called_once_with('/var/log/foo', exist_ok=True) + mock_handle_permissions.assert_called_once_with( + {'permissions': [ + {'path': '/var/log/foo', 'owner': 'myuser', 'perm': '0755'} + ]} + ) + + @mock.patch.object(set_configs, 'handle_permissions') + @mock.patch('os.makedirs') + @mock.patch('os.path.exists', return_value=True) + def test_create_directory_already_exists(self, mock_exists, mock_makedirs, + mock_handle_permissions): + config = { + 'directories': [ + {'path': '/var/log/foo', 'owner': 'myuser', 'perm': '0755'} + ] + } + set_configs.create_directories(config) + + mock_makedirs.assert_called_once_with('/var/log/foo', exist_ok=True) + mock_handle_permissions.assert_called_once_with( + {'permissions': [ + {'path': '/var/log/foo', 'owner': 'myuser', 'perm': '0755'} + ]} + ) + + @mock.patch.object(set_configs, 'handle_permissions') + @mock.patch('os.makedirs') + @mock.patch('os.path.exists', return_value=False) + def test_create_directories_no_directories_key( + self, mock_exists, mock_makedirs, mock_handle_permissions): + config = {'command': '/bin/true'} + set_configs.create_directories(config) + + mock_exists.assert_not_called() + mock_makedirs.assert_not_called() + mock_handle_permissions.assert_not_called() + + @mock.patch.object(set_configs, 'handle_permissions') + @mock.patch('os.makedirs') + @mock.patch('os.path.exists', return_value=False) + def test_create_multiple_directories(self, mock_exists, mock_makedirs, + mock_handle_permissions): + config = { + 'directories': [ + {'path': '/var/log/foo', 'owner': 'user1', 'perm': '0755'}, + {'path': '/var/log/bar', 'owner': 'user2', 'perm': '0750'}, + ] + } + set_configs.create_directories(config) + + self.assertEqual(mock_makedirs.call_args_list, + [mock.call('/var/log/foo', exist_ok=True), + mock.call('/var/log/bar', exist_ok=True)]) + self.assertEqual(mock_handle_permissions.call_count, 2) + + class ExecuteConfigCheckStateMismatchTest(base.BaseTestCase): @mock.patch.object(set_configs, 'get_defaults_state') From 610eef2089c186c6e698bb1781501ee8c696f7d5 Mon Sep 17 00:00:00 2001 From: Michal Nasiadka Date: Fri, 24 Apr 2026 19:25:00 +0200 Subject: [PATCH 5/7] Drop apache installation outside of httpd container Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/986483 Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/986352 Change-Id: Ia66dde09bbbad2a5a9e67a8c642f3223ca38be43 Signed-off-by: Michal Nasiadka --- docker/base/Dockerfile.j2 | 3 +- docker/horizon/Dockerfile.j2 | 4 --- docker/httpd/Dockerfile.j2 | 5 ++- docker/{base => httpd}/httpd_setup.sh | 0 .../ironic-prometheus-exporter/Dockerfile.j2 | 21 ------------ docker/keystone/keystone-base/Dockerfile.j2 | 4 --- docker/keystone/keystone/Dockerfile.j2 | 2 -- .../letsencrypt-webserver/Dockerfile.j2 | 34 ------------------- .../letsencrypt-webserver/extend_start.sh | 3 -- docker/openstack-base/Dockerfile.j2 | 8 ----- ...de-of-http-container-46ee0394e484c1f5.yaml | 8 +++++ 11 files changed, 11 insertions(+), 81 deletions(-) rename docker/{base => httpd}/httpd_setup.sh (100%) delete mode 100644 docker/letsencrypt/letsencrypt-webserver/Dockerfile.j2 delete mode 100644 docker/letsencrypt/letsencrypt-webserver/extend_start.sh create mode 100644 releasenotes/notes/drop-apache-installation-outside-of-http-container-46ee0394e484c1f5.yaml diff --git a/docker/base/Dockerfile.j2 b/docker/base/Dockerfile.j2 index c137011f60..46d8222c6a 100644 --- a/docker/base/Dockerfile.j2 +++ b/docker/base/Dockerfile.j2 @@ -304,7 +304,6 @@ COPY set_configs.py /usr/local/bin/kolla_set_configs COPY start.sh /usr/local/bin/kolla_start COPY copy_cacerts.sh /usr/local/bin/kolla_copy_cacerts COPY install_projects.sh /usr/local/bin/kolla_install_projects -COPY httpd_setup.sh /usr/local/bin/kolla_httpd_setup COPY kolla_patch.sh /usr/local/bin/kolla_patch COPY sudoers /etc/sudoers @@ -327,7 +326,7 @@ RUN touch /usr/local/bin/kolla_extend_start \ /usr/local/bin/kolla_copy_cacerts \ /usr/local/bin/kolla_install_projects \ /usr/local/bin/kolla_patch \ - && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_httpd_setup \ + && chmod 644 /usr/local/bin/kolla_extend_start \ && chmod 440 /etc/sudoers \ && mkdir -p /var/log/kolla \ && chown :kolla /var/log/kolla \ diff --git a/docker/horizon/Dockerfile.j2 b/docker/horizon/Dockerfile.j2 index c7d6f8aa21..bd661fcad7 100644 --- a/docker/horizon/Dockerfile.j2 +++ b/docker/horizon/Dockerfile.j2 @@ -26,10 +26,6 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {{ macros.install_packages(horizon_packages | customizable("packages")) }} -{% block horizon_ubuntu_source_setup %} -RUN ln -s ../mods-available/headers.load /etc/apache2/mods-enabled/headers.load -{% endblock %} - {% endif %} ADD horizon-archive /horizon-source diff --git a/docker/httpd/Dockerfile.j2 b/docker/httpd/Dockerfile.j2 index a414656611..03b4e688b1 100644 --- a/docker/httpd/Dockerfile.j2 +++ b/docker/httpd/Dockerfile.j2 @@ -36,9 +36,8 @@ RUN echo > /etc/apache2/ports.conf {% endif %} COPY extend_start.sh /usr/local/bin/kolla_extend_start -RUN chmod 644 /usr/local/bin/kolla_extend_start - +COPY httpd_setup.sh /usr/local/bin/kolla_httpd_setup +RUN chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_httpd_setup USER root {% block apache_footer %}{% endblock %} - diff --git a/docker/base/httpd_setup.sh b/docker/httpd/httpd_setup.sh similarity index 100% rename from docker/base/httpd_setup.sh rename to docker/httpd/httpd_setup.sh diff --git a/docker/ironic/ironic-prometheus-exporter/Dockerfile.j2 b/docker/ironic/ironic-prometheus-exporter/Dockerfile.j2 index 3fdf78167e..52a8655987 100644 --- a/docker/ironic/ironic-prometheus-exporter/Dockerfile.j2 +++ b/docker/ironic/ironic-prometheus-exporter/Dockerfile.j2 @@ -9,27 +9,6 @@ USER root {% import "macros.j2" as macros with context %} -{% if base_package_type == 'rpm' %} - - {% set ironic_prometheus_exporter_packages = [ - 'httpd', - 'mod_ssl', - ] %} - -{{ macros.install_packages(ironic_prometheus_exporter_packages | customizable("packages")) }} -RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \ - && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf - -{% elif base_package_type == 'deb' %} - {% set ironic_prometheus_exporter_packages = [ - 'apache2', - ] %} - -{{ macros.install_packages(ironic_prometheus_exporter_packages | customizable("packages")) }} -RUN echo > /etc/apache2/ports.conf - -{% endif %} - ENV IRONIC_CONFIG /etc/ironic/ironic.conf {{ macros.kolla_patch_sources() }} diff --git a/docker/keystone/keystone-base/Dockerfile.j2 b/docker/keystone/keystone-base/Dockerfile.j2 index e1e8588bfe..36d793a2e7 100644 --- a/docker/keystone/keystone-base/Dockerfile.j2 +++ b/docker/keystone/keystone-base/Dockerfile.j2 @@ -16,15 +16,11 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% set keystone_base_packages = [ 'cyrus-sasl-devel', - 'mod_auth_mellon', - 'mod_auth_openidc', 'openldap-devel', ] %} {% elif base_package_type == 'deb' %} {% set keystone_base_packages = [ - 'libapache2-mod-auth-mellon', - 'libapache2-mod-auth-openidc', 'libldap-common', 'libldap2-dev', 'libsasl2-dev', diff --git a/docker/keystone/keystone/Dockerfile.j2 b/docker/keystone/keystone/Dockerfile.j2 index 26af6932e0..46d60330ef 100644 --- a/docker/keystone/keystone/Dockerfile.j2 +++ b/docker/keystone/keystone/Dockerfile.j2 @@ -10,11 +10,9 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% if base_package_type == 'rpm' %} {% set keystone_packages = [ 'krb5-devel', - 'mod_auth_gssapi', ] %} {% elif base_package_type == 'deb' %} {% set keystone_packages = [ - 'libapache2-mod-auth-gssapi', 'libkrb5-dev', ] %} {% endif %} diff --git a/docker/letsencrypt/letsencrypt-webserver/Dockerfile.j2 b/docker/letsencrypt/letsencrypt-webserver/Dockerfile.j2 deleted file mode 100644 index d4be0153f3..0000000000 --- a/docker/letsencrypt/letsencrypt-webserver/Dockerfile.j2 +++ /dev/null @@ -1,34 +0,0 @@ -FROM {{ namespace }}/{{ image_prefix }}letsencrypt-base:{{ tag }} -{% block labels %} -LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build_date }}" -{% endblock %} - -{% block letsencrypt_webserver_header %}{% endblock %} - -{% import "macros.j2" as macros with context %} - -{% if base_package_type == 'rpm' %} - {% set letsencrypt_webserver_packages = [ - 'httpd', - 'mod_ssl' - ] %} -{% elif base_package_type == 'deb' %} - {% set letsencrypt_webserver_packages = [ - 'apache2' - ] %} -{% endif %} -{{ macros.install_packages(letsencrypt_webserver_packages | customizable("packages")) }} - -{% if base_package_type == 'rpm' %} -RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \ - && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf -{% elif base_package_type == 'deb' %} -RUN echo > /etc/apache2/ports.conf -{% endif %} - -COPY extend_start.sh /usr/local/bin/kolla_letsencrypt_extend_start - -{{ macros.kolla_patch_sources() }} - -{% block letsencrypt_webserver_footer %}{% endblock %} -{% block footer %}{% endblock %} diff --git a/docker/letsencrypt/letsencrypt-webserver/extend_start.sh b/docker/letsencrypt/letsencrypt-webserver/extend_start.sh deleted file mode 100644 index c55f0b1995..0000000000 --- a/docker/letsencrypt/letsencrypt-webserver/extend_start.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -. /usr/local/bin/kolla_httpd_setup diff --git a/docker/openstack-base/Dockerfile.j2 b/docker/openstack-base/Dockerfile.j2 index eaa010396e..6c53fe5878 100644 --- a/docker/openstack-base/Dockerfile.j2 +++ b/docker/openstack-base/Dockerfile.j2 @@ -37,7 +37,6 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% elif base_package_type == 'deb' %} {% set openstack_base_packages = [ - 'apache2', 'build-essential', 'ca-certificates', 'git', @@ -209,13 +208,6 @@ ENV PATH /var/lib/kolla/venv/bin:$PATH RUN {{ macros.install_pip(['pip', 'wheel', 'setuptools']) }} \ && {{ macros.install_pip(openstack_base_pip_packages | customizable("pip_packages")) }} -{% if base_package_type == 'rpm' %} -RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \ - && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf -{% elif base_package_type == 'deb' %} -RUN echo > /etc/apache2/ports.conf -{% endif %} - {{ macros.kolla_patch_sources() }} {% block openstack_base_footer %}{% endblock %} diff --git a/releasenotes/notes/drop-apache-installation-outside-of-http-container-46ee0394e484c1f5.yaml b/releasenotes/notes/drop-apache-installation-outside-of-http-container-46ee0394e484c1f5.yaml new file mode 100644 index 0000000000..9c74bc8744 --- /dev/null +++ b/releasenotes/notes/drop-apache-installation-outside-of-http-container-46ee0394e484c1f5.yaml @@ -0,0 +1,8 @@ +--- +upgrade: + - | + ``apache2`` installation has been dropped from ``keystone-base`` and + ``ironic-prometheus-exporter`` and ``openstack-base`` container images. + - | + ``letsencrypt-webserver`` container image has been dropped, + because it was replaced with ``httpd``. From 5df2cc1252265bacef4d1dee30355d1ff5464709 Mon Sep 17 00:00:00 2001 From: Michal Nasiadka Date: Fri, 8 May 2026 08:16:21 +0200 Subject: [PATCH 6/7] ironic-pxe: Remove httpd setup call We're not using ironic-pxe as ironic-http anymore and kolla_httpd_setup has been removed from base. Change-Id: Id25e39cee9fd64d147301a39528aa8525bd682c2 Signed-off-by: Michal Nasiadka --- docker/ironic/ironic-pxe/extend_start.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/docker/ironic/ironic-pxe/extend_start.sh b/docker/ironic/ironic-pxe/extend_start.sh index 7377198e2f..06a8312b42 100644 --- a/docker/ironic/ironic-pxe/extend_start.sh +++ b/docker/ironic/ironic-pxe/extend_start.sh @@ -101,5 +101,3 @@ fi # Template out a TFTP map file, using the TFTPBOOT_PATH variable. envsubst < /map-file-template > /map-file - -. /usr/local/bin/kolla_httpd_setup From 83b8161b12bb1a32b8b872c46533cfa6a2fe9d7f Mon Sep 17 00:00:00 2001 From: Michal Nasiadka Date: Fri, 8 May 2026 07:52:59 +0200 Subject: [PATCH 7/7] Remove influxdb from repos.yaml It was ommitted in the original influxdb removal patch [1]. [1]: https://review.opendev.org/c/openstack/kolla/+/973051 Change-Id: Ie28d1cc615cc09f013438285b4dcbc2dbab0f4b5 Signed-off-by: Michal Nasiadka --- doc/source/contributor/versions.rst | 1 - docker/base/Dockerfile.j2 | 1 - kolla/template/repos.yaml | 9 --------- 3 files changed, 11 deletions(-) diff --git a/doc/source/contributor/versions.rst b/doc/source/contributor/versions.rst index b549f19a25..12e58c00d6 100644 --- a/doc/source/contributor/versions.rst +++ b/doc/source/contributor/versions.rst @@ -33,7 +33,6 @@ information about package sources. Fluentd 6.x (LTS) `Fluentd install guide`_ ============== ================ ============================================= -.. _`InfluxDB upstream repo`: https://repos.influxdata.com/ .. _`OpenSearch install guide`: https://opensearch.org/downloads.html .. _`Fluentd install guide`: https://www.fluentd.org/download .. _`ProxySQL repository`: https://repo.proxysql.com/ProxySQL/proxysql-3.0.x/ diff --git a/docker/base/Dockerfile.j2 b/docker/base/Dockerfile.j2 index 46d8222c6a..a4255f98c1 100644 --- a/docker/base/Dockerfile.j2 +++ b/docker/base/Dockerfile.j2 @@ -247,7 +247,6 @@ COPY apt_preferences /etc/apt/preferences.d/kolla-custom {'name': 'docker-ce', 'url': 'https://download.docker.com/linux/debian/gpg'}, {'name': 'fluentd', 'url': 'https://fluentd.cdn.cncf.io/GPG-KEY-fluent-package'}, {'name': 'grafana', 'url': 'https://rpm.grafana.com/gpg.key'}, - {'name': 'influxdb', 'url': 'https://repos.influxdata.com/influxdata-archive.key'}, {'name': 'mariadb', 'url': 'https://downloads.mariadb.com/MariaDB/mariadb-keyring-2019.gpg', 'type': 'gpg'}, {'name': 'opensearch', 'url': 'https://artifacts.opensearch.org/publickeys/opensearch-release.pgp'}, {'name': 'proxysql', 'url': 'https://repo.proxysql.com/ProxySQL/proxysql-3.0.x/repo_pub_key'}, diff --git a/kolla/template/repos.yaml b/kolla/template/repos.yaml index d559f6f092..92402bcddc 100644 --- a/kolla/template/repos.yaml +++ b/kolla/template/repos.yaml @@ -8,11 +8,6 @@ deb: suite: "stable" component: "main" gpg_key: "grafana.asc" - influxdb: - url: "https://repos.influxdata.com/ubuntu" - suite: "jammy" - component: "stable" - gpg_key: "influxdb.asc" opensearch: url: "https://artifacts.opensearch.org/releases/bundle/opensearch/3.x/apt/" suite: "stable" @@ -145,10 +140,6 @@ rpm: hacluster: name: "highavailability" distro: true - influxdb: - baseurl: "https://repos.influxdata.com/rhel/9/$basearch/stable" - gpgkey: "https://repos.influxdata.com/influxdata-archive.key" - name: "influxdb" kolla_el10: baseurl: "https://download.copr.fedorainfracloud.org/results/@openstack-kolla/el10-missing/epel-10-$basearch/" gpgkey: "https://download.copr.fedorainfracloud.org/results/@openstack-kolla/el10-missing/pubkey.gpg"