stackhpc · Alex-Welsh · May 11, 2026 · Apr 28, 2026 · Apr 27, 2026 · May 4, 2026
@@ -54,6 +54,16 @@ The `kolla_set_configs`_ script understands the following attributes:
   * **merge**: merges the source directory into the target directory instead of
     replacing it. Boolean, defaults to ``false``.
 
+* **directories**: create directories inside the container if they do not
+  exist, and set their ownership and permissions. A list of dicts, each
+  containing the following attributes:
+
+  * **path** (required): the path to the directory to create.
+  * **owner** (required): the ``user:group`` to change ownership to. ``user``
+    is synonymous to ``user:user``. Must be user and group names, not uid/gid.
+  * **perm** (required): the unix permissions to set to the directory.
+    Must be passed in the numeric octal form.
+
 * **permissions**: change the permissions and/or ownership of files or
   directories inside the container. A list of dicts, each containing the
   following attributes:
@@ -84,6 +94,13 @@ Here is an example configuration file:
                 "optional": false
             }
         ],
+        "directories": [
+            {
+                "path": "/var/lib/trove",
+                "owner": "trove",
+                "perm": "0755"
+            }
+        ],
         "permissions": [
             {
                 "path": "/var/log/kolla/trove",

@@ -33,7 +33,6 @@ information about package sources.
  Fluentd        6.x (LTS)          `Fluentd install guide`_
 ==============  ================  =============================================
 
-.. _`InfluxDB upstream repo`: https://repos.influxdata.com/
 .. _`OpenSearch install guide`: https://opensearch.org/downloads.html
 .. _`Fluentd install guide`: https://www.fluentd.org/download
 .. _`ProxySQL repository`: https://repo.proxysql.com/ProxySQL/proxysql-3.0.x/

@@ -1,5 +1,5 @@
 Distro,OVN,
 ,Source,Release
-Rocky Linux,CentOS NFV SIG,25.09
+Rocky Linux,CentOS NFV SIG,26.03
 Ubuntu,UCA,25.09
 Debian,DEB,25.03
@@ -40,7 +40,7 @@ ENV PS1="$(tput bold)($(printenv KOLLA_SERVICE_NAME))$(tput sgr0)[$(id -un)@$(ho
 # desire such functionality.  I think we will :)
 
 ENV KOLLA_RPM_OVS_VERSION=3.5 \
-    KOLLA_RPM_OVN_VERSION=25.09
+    KOLLA_RPM_OVN_VERSION=26.03
 
 RUN cat /tmp/kolla_bashrc >> /etc/bashrc \
     && sed -i 's|^\(override_install_langs=.*\)|# \1|' /etc/dnf/dnf.conf
@@ -247,7 +247,6 @@ COPY apt_preferences /etc/apt/preferences.d/kolla-custom
    {'name': 'docker-ce', 'url': 'https://download.docker.com/linux/debian/gpg'},
    {'name': 'fluentd', 'url': 'https://fluentd.cdn.cncf.io/GPG-KEY-fluent-package'},
    {'name': 'grafana', 'url': 'https://rpm.grafana.com/gpg.key'},
-   {'name': 'influxdb', 'url': 'https://repos.influxdata.com/influxdata-archive.key'},
    {'name': 'mariadb', 'url': 'https://downloads.mariadb.com/MariaDB/mariadb-keyring-2019.gpg', 'type': 'gpg'},
    {'name': 'opensearch', 'url': 'https://artifacts.opensearch.org/publickeys/opensearch-release.pgp'},
    {'name': 'proxysql', 'url': 'https://repo.proxysql.com/ProxySQL/proxysql-3.0.x/repo_pub_key'},
@@ -304,7 +303,6 @@ COPY set_configs.py /usr/local/bin/kolla_set_configs
 COPY start.sh /usr/local/bin/kolla_start
 COPY copy_cacerts.sh /usr/local/bin/kolla_copy_cacerts
 COPY install_projects.sh /usr/local/bin/kolla_install_projects
-COPY httpd_setup.sh /usr/local/bin/kolla_httpd_setup
 COPY kolla_patch.sh /usr/local/bin/kolla_patch
 COPY sudoers /etc/sudoers
 
@@ -327,7 +325,7 @@ RUN touch /usr/local/bin/kolla_extend_start \
                  /usr/local/bin/kolla_copy_cacerts \
                  /usr/local/bin/kolla_install_projects \
                  /usr/local/bin/kolla_patch \
-    && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_httpd_setup \
+    && chmod 644 /usr/local/bin/kolla_extend_start \
     && chmod 440 /etc/sudoers \
     && mkdir -p /var/log/kolla \
     && chown :kolla /var/log/kolla \

@@ -257,6 +257,7 @@ def check(self):
 
 def validate_config(config):
     required_keys = {'source', 'dest'}
+    required_dir_keys = {'path', 'owner', 'perm'}
 
     if 'command' not in config:
         raise InvalidConfig('Config is missing required "command" key')
@@ -272,6 +273,12 @@ def validate_config(config):
             raise InvalidConfig(
                 'Config needs preserve_properties or owner and perm')
 
+    for data in config.get('directories', list()):
+        if not set(data.keys()) >= required_dir_keys:
+            message = ('directories config is missing required keys: %s'
+                       % (required_dir_keys - set(data.keys())))
+            raise InvalidConfig(message)
+
 
 def validate_source(data):
     source = data.get('source')
@@ -334,6 +341,19 @@ def copy_config(config):
         LOG.exception('Failed to set permission of %s to 0o644', cmd)
 
 
+def create_directories(config):
+    if 'directories' not in config:
+        return
+    LOG.info('Creating directories')
+    for data in config['directories']:
+        path = data['path']
+        try:
+            os.makedirs(path, exist_ok=True)
+        except Exception:
+            raise OSError("Can't create destination directory (%s)" % (path))
+        handle_permissions({'permissions': [data]})
+
+
 def user_group(owner):
     if ':' in owner:
         user, group = owner.split(':', 1)
@@ -560,6 +580,7 @@ def execute_config_strategy(config):
     config_strategy = os.environ.get("KOLLA_CONFIG_STRATEGY")
     LOG.info("Kolla config strategy set to: %s", config_strategy)
     if config_strategy == "COPY_ALWAYS":
+        create_directories(config)
         handle_defaults(config)
         copy_config(config)
         handle_permissions(config)
@@ -569,6 +590,7 @@ def execute_config_strategy(config):
                 "The config strategy prevents copying new configs",
                 exit_code=0)
         else:
+            create_directories(config)
             handle_defaults(config)
             copy_config(config)
             handle_permissions(config)

@@ -26,10 +26,6 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {{ macros.install_packages(horizon_packages | customizable("packages")) }}
 
-{% block horizon_ubuntu_source_setup %}
-RUN ln -s ../mods-available/headers.load  /etc/apache2/mods-enabled/headers.load
-{% endblock %}
-
 {% endif %}
 
 ADD horizon-archive /horizon-source

@@ -36,9 +36,8 @@ RUN echo > /etc/apache2/ports.conf
 {% endif %}
 
 COPY extend_start.sh /usr/local/bin/kolla_extend_start
-RUN chmod 644 /usr/local/bin/kolla_extend_start
-
+COPY httpd_setup.sh /usr/local/bin/kolla_httpd_setup
+RUN chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_httpd_setup
 USER root
 
 {% block apache_footer %}{% endblock %}
-
@@ -9,27 +9,6 @@ USER root
 
 {% import "macros.j2" as macros with context %}
 
-{% if base_package_type == 'rpm' %}
-
-    {% set ironic_prometheus_exporter_packages = [
-        'httpd',
-        'mod_ssl',
-    ] %}
-
-{{ macros.install_packages(ironic_prometheus_exporter_packages | customizable("packages")) }}
-RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \
-    && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
-
-{% elif base_package_type == 'deb' %}
-    {% set ironic_prometheus_exporter_packages = [
-        'apache2',
-    ] %}
-
-{{ macros.install_packages(ironic_prometheus_exporter_packages | customizable("packages")) }}
-RUN echo > /etc/apache2/ports.conf
-
-{% endif %}
-
 ENV IRONIC_CONFIG /etc/ironic/ironic.conf
 
 {{ macros.kolla_patch_sources() }}

@@ -101,5 +101,3 @@ fi
 
 # Template out a TFTP map file, using the TFTPBOOT_PATH variable.
 envsubst < /map-file-template > /map-file
-
-. /usr/local/bin/kolla_httpd_setup
@@ -16,15 +16,11 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
     {% set keystone_base_packages = [
         'cyrus-sasl-devel',
-        'mod_auth_mellon',
-        'mod_auth_openidc',
         'openldap-devel',
     ] %}
 
 {% elif base_package_type == 'deb' %}
     {% set keystone_base_packages = [
-        'libapache2-mod-auth-mellon',
-        'libapache2-mod-auth-openidc',
         'libldap-common',
         'libldap2-dev',
         'libsasl2-dev',

@@ -10,11 +10,9 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 {% if base_package_type == 'rpm' %}
     {% set keystone_packages = [
         'krb5-devel',
-        'mod_auth_gssapi',
     ] %}
 {% elif base_package_type == 'deb' %}
     {% set keystone_packages = [
-        'libapache2-mod-auth-gssapi',
         'libkrb5-dev',
     ] %}
 {% endif %}

@@ -37,7 +37,6 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% elif base_package_type == 'deb' %}
     {% set openstack_base_packages = [
-        'apache2',
         'build-essential',
         'ca-certificates',
         'git',
@@ -61,7 +60,6 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 {{ macros.install_packages(openstack_base_packages | customizable("packages")) }}
 
 {% set openstack_base_pip_packages = [
-        'Babel',
         'Mako',
         'MarkupSafe',
         'Paste',
@@ -210,13 +208,6 @@ ENV PATH /var/lib/kolla/venv/bin:$PATH
 RUN {{ macros.install_pip(['pip', 'wheel', 'setuptools']) }} \
     && {{ macros.install_pip(openstack_base_pip_packages | customizable("pip_packages")) }}
 
-{% if base_package_type == 'rpm' %}
-RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \
-    && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
-{% elif base_package_type == 'deb' %}
-RUN echo > /etc/apache2/ports.conf
-{% endif %}
-
 {{ macros.kolla_patch_sources() }}
 
 {% block openstack_base_footer %}{% endblock %}
@@ -384,11 +384,11 @@
                      'openstack-network-exporter'
                      '-linux-${debian_arch}')},
     'prometheus-server': {
-        'version': '3.5.2',
+        'version': '3.5.3',
         'type': 'url',
         'sha256': {
-            'amd64': '552c6d701e27d3c77983bb8a76e61953cb60021f6e10f17a929546a6dedc436a',  # noqa: E501
-            'arm64': '06a77b3f580b0db0f41e1c52274503b609db58660e44577facb0ee53e4ff8b27'},  # noqa: E501
+            'amd64': '8c30b9d99664e39b0363c0ba54fab30a7958e9d3de27246bf26ed85e6cfb8946',  # noqa: E501
+            'arm64': '11457bc76cab34f5ac05ba05fb80cfca1e8be7e4b31ae7c054879ce1066cb9a5'},  # noqa: E501
         'location': ('https://github.com/'
                      'prometheus/prometheus/'
                      'releases/download/v${version}/'

@@ -8,11 +8,6 @@ deb:
     suite: "stable"
     component: "main"
     gpg_key: "grafana.asc"
-  influxdb:
-    url: "https://repos.influxdata.com/ubuntu"
-    suite: "jammy"
-    component: "stable"
-    gpg_key: "influxdb.asc"
   opensearch:
     url: "https://artifacts.opensearch.org/releases/bundle/opensearch/3.x/apt/"
     suite: "stable"
@@ -145,10 +140,6 @@ rpm:
   hacluster:
     name: "highavailability"
     distro: true
-  influxdb:
-    baseurl: "https://repos.influxdata.com/rhel/9/$basearch/stable"
-    gpgkey: "https://repos.influxdata.com/influxdata-archive.key"
-    name: "influxdb"
   kolla_el10:
     baseurl: "https://download.copr.fedorainfracloud.org/results/@openstack-kolla/el10-missing/epel-10-$basearch/"
     gpgkey: "https://download.copr.fedorainfracloud.org/results/@openstack-kolla/el10-missing/pubkey.gpg"

@@ -0,0 +1,8 @@
+---
+upgrade:
+  - |
+    ``apache2`` installation has been dropped from ``keystone-base`` and
+    ``ironic-prometheus-exporter`` and ``openstack-base`` container images.
+  - |
+    ``letsencrypt-webserver`` container image has been dropped,
+    because it was replaced with ``httpd``.
@@ -0,0 +1,4 @@
+---
+features:
+  - |
+    Updates OVN to version 26.03 on Rocky Linux 10.
@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Adds support for a ``directories`` section in ``config.json`` processed by
+    ``kolla_set_configs``.
@@ -0,0 +1,4 @@
+---
+features:
+  - |
+    Updates Prometheus to version 3.5.3.
Original file line number	Diff line number	Diff line change
Expand Up		@@ -101,5 +101,3 @@ fi

		# Template out a TFTP map file, using the TFTPBOOT_PATH variable.
		envsubst < /map-file-template > /map-file

		. /usr/local/bin/kolla_httpd_setup