From 9d9c922c51bec2f18ff64399d8feb55157d2959a Mon Sep 17 00:00:00 2001 From: Bartosz Bezak Date: Fri, 9 Jan 2026 13:18:01 +0100 Subject: [PATCH 1/4] CI: rotate zuul secrets and store COPR webhook URLs as list Change-Id: Ic75619db8c4b4f02bc51f4bfa6ae067acd1ba7e8 Signed-off-by: Bartosz Bezak --- zuul.d/debian.yaml | 8 +-- zuul.d/periodics/copr.yaml | 3 +- zuul.d/rocky.yaml | 4 +- zuul.d/secrets.yaml | 110 +++++++++++++++++++------------------ zuul.d/ubuntu.yaml | 4 +- 5 files changed, 66 insertions(+), 63 deletions(-) diff --git a/zuul.d/debian.yaml b/zuul.d/debian.yaml index d40f10fc08..8296ac8292 100644 --- a/zuul.d/debian.yaml +++ b/zuul.d/debian.yaml @@ -24,8 +24,8 @@ kolla_registry: quay.io kolla_namespace: openstack.kolla secrets: - - kolla_quay_io_creds - - kolla_quay_io_api_oct_2025 + - kolla_quay_io_creds_jan_2026 + - kolla_quay_io_api_jan_2026 - job: name: kolla-publish-debian-trixie-arm64-quay @@ -36,8 +36,8 @@ kolla_registry: quay.io kolla_namespace: openstack.kolla secrets: - - kolla_quay_io_creds - - kolla_quay_io_api_oct_2025 + - kolla_quay_io_creds_jan_2026 + - kolla_quay_io_api_jan_2026 - job: name: kolla-build-debian-trixie-no-infra-wheels diff --git a/zuul.d/periodics/copr.yaml b/zuul.d/periodics/copr.yaml index 77b99cf0f3..5b0f9f6440 100644 --- a/zuul.d/periodics/copr.yaml +++ b/zuul.d/periodics/copr.yaml @@ -6,7 +6,8 @@ timeout: 3600 run: tests/playbooks/copr-erlang-update.yml secrets: - - kolla_copr_webhooks + - name: kolla_copr_webhooks + secret: kolla_copr_webhooks_jan_2026 - project-template: name: kolla-periodic-copr diff --git a/zuul.d/rocky.yaml b/zuul.d/rocky.yaml index 1306998e9a..85dcc64282 100644 --- a/zuul.d/rocky.yaml +++ b/zuul.d/rocky.yaml @@ -29,8 +29,8 @@ kolla_registry: quay.io kolla_namespace: openstack.kolla secrets: - - kolla_quay_io_creds - - kolla_quay_io_api_oct_2025 + - kolla_quay_io_creds_jan_2026 + - kolla_quay_io_api_jan_2026 - project-template: name: kolla-build-rocky diff --git a/zuul.d/secrets.yaml b/zuul.d/secrets.yaml index fd3fffc4e4..973350100c 100644 --- a/zuul.d/secrets.yaml +++ b/zuul.d/secrets.yaml @@ -1,66 +1,68 @@ --- - secret: - name: kolla_quay_io_creds + name: kolla_quay_io_creds_jan_2026 data: username: !encrypted/pkcs1-oaep - - VsvMvV5wOUfl5B2HJboWfN8mta/Tuk7PXcJf5RfKk4uXP6qYGM4dcMB9EdoJNhMCi7FeA - NrTZaxf/AjLAkgKlRhz7sPKhmR95+jrFRgEzedpcCamdPkCa+wNQEMNMd0rTwioYUEWm4 - Y+Oa2mIswy5LcUViz38MPQhf0725U5sYtH2qkuhMbU8u8vzYhSk749xtAN6I1T8ziTKKB - 3FBowFc2rSRJUQPsLLZjTxBHbrk+00p/DPoHLOz9/9Jf5U//jkqx4ziE2w1a4+x/kWlYT - BPXuRL9wWN9ci2uKuoDRRd6QHJzPIJerKG07YU4PAcS3M245rbjjUQC3n3SQJs3u4kKI8 - rZrxfbmtbfjkzRQXnhnhPk47PebpjnpEUNw6+scnQ+ELdQ0QYGsVRM4x4/ywe5CeFYVDR - whQQ1iG21FOs3iv592I7P7l4cEKqKFyx9qiV4t2fyLrHgtU+L/05iENH9igGJ0tDCQ5zT - 2F2laUWGtzUh76txuFDjpBxR3qS62g825dZXaTegkA+v6c1az23lrYTqbTRf63cuAQyYX - APPRC5QU0URXBoIbWb0ry3O5lr/uudI1ZCLN8SSJhpmZAIlviOfaxrKu9fg2YY9e0xpz9 - CMEWQ/n1EsUyL34Wv189Rvpq4M4GTvozEKsRsjY3u0ygwEUXcH2lEXGOrs+hms= + - ErjFWydLer2Pxmg9lZi+Ru2y26IT1BtfdKtueWwNM6UFb52vlbN0KTlDLMqBT9gb60KHw + pp+bUnlj0mG+LNVH9Sa93Ux7+g2j+2sh7JovPYLf4N67U+J6DgYeEqavU8KVYo/5eSr5x + ZP+YtfEg/pjhROJQW+I7FA+q3YkOHCcvX9GdiszjWhgQdGAXxPhzFsfrwZ2p7yXWoY6If + uro0SyPAFvfs9aq8s5rU4YFhCk2ToUwXz2UyJpOI6OmJCNYFZkRwi7Ot0uBBJXnKl2uSl + mq5PmliG5qWkjGCB5W+IJrlnHBQGJFuIL2mbWSASL8HdCg/X/sc6DcVjFYylAYm/nfHr8 + mM2wz9fs7mFGNcpdYnHmcJXkDV7iIOO1zNJASykR2TTSEljGI5ImlgSD2t/3ZfNExtw8o + bOZYcnHjfTjmwAymQ0mBerc8d5SaHgm3JOZ/YKrQJllR7SDRMIMnIwTzMNGbqoJ3Or9ir + v6J3u3h6AWSZhkdOYc5dnTic5VBiFgbhmyVv0j3W9CpORZMrnzpbFMaCVbgvyMZ3OYBGa + 112khOQOA7xazMTfoTOB+MSl5QeHvHJKbHYsphmPYPtjVCBAAs4PxaSAAFGLoGvG268rx + rXb2FFYk1Yb4PdYzxOByEL/1PwWTFPtjSHhYSlKQfGF45T8LvWJmgYlqTgK1c8= password: !encrypted/pkcs1-oaep - - dR2beX9Bn7O8iCqNHtWo1FWX71vy+CwffDk5rafUh5yew2OVNcVtVjVOPvHwb5zZv1LCd - MVcgIJe513dM5tQkn2H/HvN/seVu/CfHA6lg6Tj+ueW9VdUH6KiBPr+NCgQWX+Xt3sXbt - sPzfNGpvTw1ZCUp0nnudZEKPZ2jn83baNMumW8E8xPb4s2kePzINsb8sGvqy6BOk5rUIo - 7DaEwWrNnq9TTnMcWGIF+fLP5Pin7+fmvnLkT6qRN4v5FszpHYm8YCpv02nzqI1/F9HeM - P3GtkUdIPxa1+3VwZ/DSA9BWi4VG15jDtaxeZFVGQuMqQAiCx8Jqvd+xX2qugAq1m+U7W - JobDbaeTYrUmJ1zUaspPZ16RTSf9UGCTaejoSVKM9lJHv6ixtsX7UWkgFvceVrlkt7TtH - 2mqhBnXvwB6VD5d311WRUfNXz7gb60otisB5G2k/UnRnv1Mu33TPVT7XOFDpVnAvRS3lt - haJ34N7AWnDIsllvzcmVWTw3wf/6LLfOQrW2Z+vNambyR4Oc+LVUTbEvZVIU65LpOTIn3 - LfDhCLDD3VtnVOrj4UxZsjzmPbday1fziua/7f+CXsShC5erz0ZM65rMCwkjWeI6Kc63A - 0M27tl+OWHO3KkfFR4tWc3dws3r1kYjQeds0adBHyYD0eL8SJfwZkbtojAQ1JM= + - bDvuushT06Xz//YFxAaIM1AWRm8oPNGTm12kRhmuXnpvb7cANH7IjO/z5C2OvSpvNEOhl + 5IkBNcnWMI5hhS/uI41l4dBmue5QI9/SlLIIQ9XJrZFqGwbYmbvTioIBkBcvwCDU23dy6 + pr8n8xBoO6eNvRUDjN0wnFyiq5+vgD+fdsXtQAUHdh67q6WwYIkIbKSSVJAc8C9b1Fx52 + JhTGlhMFLP+8KwufwBUs1udHuGxIKdqQ2nj+3S+a7codZg20rtEqImmhecSHZ3XzxlNSE + hSMwfgrAULHtWX3lqn09n841wejnSx6R6gG2tJ3QrUr8NuZMMMlffwc/95imPtYliIvOC + MmYcBO5jDz5mvbZpl4DAGzs3Q8LcBVrsIhoVeMXW5Z/DH4cDldcXzagUR8TbWB16My9GR + jm54zuxDX0tIO1tHa+s3SftQf32fEbJSqjEszQYw81DQEoqpNauOugfP+j/5YfWTEv7im + Z8WKIkgxv7dnxOxpu6d5DfmarUHIIDyA7Pd3UprQWVPXnTpff9x8zcGhiRYfBWefhCFIM + D+ujFoYgbSO9PguPuGFMwHtt2GHSd/gkqoypz/9mLYeY83dcW6YsrpnEQRIJYyeGr54ko + 0obnRaoKKlJ9O6am06D01lNhiiG8NhreNONZTbY7h8nvJXyMfYTo0zqHTJhHiY= - secret: - name: kolla_quay_io_api_oct_2025 + name: kolla_quay_io_api_jan_2026 data: token: !encrypted/pkcs1-oaep - - oFB1aOCzcHVFgcSj/P6ZC3tEyz2QkzXOQ9T5mDSRligunVNccvMPp/l4jsku5tT5PMq7u - hGmT8EhLcEOTLUg/ABRHqeb3Kg+HdaJFoubqbZwde92miHuB+vs+BlXX9sTOusa8wvuzd - XeYfJh2hEMgEVC121GTa8gi0hmGJkuQCjoGFwtQeGCI4eqQNqiyfl5pL7x8woQGv4mb2s - B+IdGyEKTyD3G6yB7JOBHvawxH7SRh7pJayA5ihsazMCNHjwMKhPX2KjGB59CLW+ewrZW - L5ecnXP3WsSFqK+bMu4vRuwdcOaSyGK1gqlo3VH0hXG3cUOCo4Y8cNwOMK6i6SUsmcdga - c3sk7fKAyn9SNHMeSMZBjNU/bqNRMsppwftYW5ll0qHkPjzYo/6pQijv/OQ3Y30eDAQhb - SGJAfS/SLeVrO4HMR0OoEtpvnepOylKw6vv+d8nKSJ1NaCLY9aA+r71VADyauAiz0tmJQ - egZ5DrJKwr7ZNb1BqW3LgN3vDDRWqFg0hctN0e0+bypuhIbxQnR5whLuzVeAAdypQCwZB - 9vigCETV/l1aujlY6puQjoqAjqjUOSz25LvB6bUDbFbjWNDCMfy5+rccUK3O7s5MLaTd9 - xGjgEKxofFQXiJo+QRacOk6s+1DndR+g3N667UXj8o+e8yx33ipBmeS94L8DLc= + - I11kiXYFewlPo2Wujs/t8dcMMuqS52rb30WizTQBuJOi4sghsHASzgY3k5li/dwW/EYos + TmdyEfWyjrgv5y9Wi7TVYtXrXVpE5ya9ggdgMhOz1HXr3GybePlvzTqJo4kVcza3dMpIC + 6UchgV88d2DwTbCY+iropdEfh+DEZPA3nf8WQigoJM5ENTS2Fq017WjBQ5WEBDCUMkp2d + ZbNn4M1yJnfusxFKjY5BuZazVN2DNrnLA+JiaCu9+jitr1QumGN1N/6DPv4c3dr/JiBuT + 3Dd68CRJKlavfHllkGhOnzoSz9Kabo36QAyxuHd9MC2DBdIaXq2sopAv8adPq8J1uoGJ6 + GaTrlVUMhUMZIXtnO3PwvrFp10K0pia9IM7II6CdKFi9BHfiNI0G8DWqnG2JqvYBEiQWs + f22IDPoqAPGdx02U1j3DxjYJzjOl+7KDOFlRXoGs5b3Fhy8sRtpXI6vCs9oCMXZYPq8kg + aj9/tCe/QulQ6v5MQpsweaUkDVThE8oki3vhN1BQg6Ft74l+MuDMTJdDSSObXJThbmLEg + Pe47ijg8lK5Vo14pLBqUVr2lKlv4H4DgBtz8h76Cr5S2CJ7n0VoYLojWgB/KoI+A/w/7u + Eck+aULrPnRwIMaA7PU8y0vigUgP62tQh/osB9TmGpi5jDFB/mB00YUnHtJBp4= - secret: - name: kolla_copr_webhooks + name: kolla_copr_webhooks_jan_2026 data: - urls: !encrypted/pkcs1-oaep - - HVzZktKoHuCElzSojsc4u+Edrz8pKKngHVuiRKO0STX5pGbQ40QkfLJbOykMjfpE5d9q+ - wH57Vh/zFG6lYxRfHTdCYoPayaREyx9Y9isBNZTg5kKmUdpwavU1WmlaR7lAaGoy3VjgZ - UA5m0fp7nwuESex7Wi0oj3HPgYGfoMd9OIBgdXPKwo/StNVm903lOwieiTj+vx5rVf0It - ZYYT6q0+L7U5v7kE2TSrl71RDPyMEo7KpQdEgvR4inF7DVRVLUK7Usb7X/eKCqPnNTqfg - sSmQ4KWaqUIIpp1xo/Zbwm1nwweRGPadU+mIFgnmT9HMKfRy5GsNOXPn8KGc/NvgJhPlU - o5zNhfDlK7SHEja/XLjzAptnFmFJa8cYBXXL3wwRNOd+Pg8zi4WpB4pj3nEXJ7eAJP/AZ - 7IItGuUJUYm367Lt84txgc15lOSAHD0yp/wY1BH9ww01K8Ir7RldV2TnIoSpReLy6oZK6 - 9LlisAwgMr6V+Z3b+xJI/ekSyl9SKaomrQhcV3oJLsUbgexmuDVPpbhXLjnK950pQRbo1 - DxDg5cOn3oP3NUUyGanlWj4S/8UosILueXcqKqqVr9nv74phVYCSfvl6VS6ASBdp8I6Yi - q69eYtc68f5d4GQuz3BVaUWFni/ehlz98wuyyMoi0MiDK1DTIC4POqBUFJ05zw= - - H4gyRfIDNeZUaP9VDw9Ho0SA/nuoay5jY7lBZou+yVFD1UAPI7+rfz8WI04T+9zz2Wy2+ - 9CTSxTxdrBOI4ydaB41FMw48DnPYtbgtqnWKPB6da3+N4mWiAu6OoZHYxQTbc+T5z/wFG - 7wLr/701fYsiJwHFKGDcoDrigpayTyi/2mrgwKyKxZrmRFk9Bm/3I8yAjcT4VSIHR7AT+ - LqV6m/zP3nJCbIZcYhBf+COEXLuZUNaFXrixCUcCkKmGBK0pmdgUlfwq9wh9c18M/kOzr - HWrzAe33e0FDQM7o44uAzJOYmt+4UVMmgHxjJJMuq6MFX4jGgCWT1cBVoNCEcfETYl6LL - 05GVVkPGxpNraBXAgQxsYkQ0VwJWB51/NR0JkOA7Q15wp5yMWiqPxIYqnw8Pyc6eQlXAL - TP9oeNMZV6U7PhhT0BqBADindcESpvDLyov/3ssR5/KsjyLe0siSm6txOspkgMNdJIM5t - vOcjgITfjJwmkzhmBC+jkPBlIKK/T2RHnDoxnnE85tde/6s4s3bm+UAJadyFU0uf4vOad - MgN23hyNjtcBY0lbw4vx9VjngQxs99HBw7MleypvU6xIpzGhHi7N/wLhFVnMrzDSPH9hn - AmIY5AigVeUjCGK0SQ5zph0bWIqcek0te8vO13hG37rvAAD+s+qUMwLEOaHTCk= + urls: + - !encrypted/pkcs1-oaep | + bDxYK2BjxCkgskAeAHZyxXEJkomgp5k9rNEjmR2QA3ddSiI2j2C/o3FZii369X4pfH2Y6 + QAW5vieKURmkXjVbiHMjxUGlezXpiUYA0TVdpGOmVfmzz2vy42BdQZArO5Xt1TIg+aPao + aGGxF355LIGIAr1RMrD3f3ex3oLROxsmgivKGJPpetHZNOFxIfJT+54tCSL/DvEJJYORp + S1UeSB9R9MR7Dpp0WSy1FZLrzwPvMx9Tx3HY0QTrK2+T1ooFplMo7HJnvpL3Km5XykK77 + GaPmu3Irz5IGOyLZLdqaFepblMU0Xj/3/EvsaQsUA1VfR0mGoAIZTJmbdljtiBZ0nSLMn + /RrHoCk8JPM+qHtrCXglnQxzGbSzrMGbAxxIsy4CRpl2qjElxqh+nW0eimO3PVHsQfdc1 + OULS6F37G9WuTZ2jt5kiQp+aDcDlANSSUcLppvaKvlvXTUicFWF/rZZtK8/HaefaAfSwB + OWxEdC1zJnFMs5puzpvCUfJt4AaP17UCPyDdTcHwCSOdM2gaX18JgKrLoV7YXX6SEGNMX + 6nq8hNKvICsW3DHG6HEVhLZuCRhZNWEpRLv4ihuweuFAxXUcGyvysbT/3XFMEyYJ8Smvn + 3ZPd5Zk5hZKZD0V0pQocHs5d/uIfwKAb/QCZ8qtsVs+bERjSFhf9fJFguVJKFg= + - !encrypted/pkcs1-oaep | + FagelGYHE9xesRXrYBbLWwlBcM0I1NoQEPoLQ/DS4+c8aJoc//uJaW8/e/37djcYs5f8r + SU4KvyzZrQpKGA7aHEfvM6jwODF79nNwbFjfC1mQtiVJcCsYGG7KbQLrBZp9QtFdbpHvF + l5dBeE+mW7HeO+T8UifbGupgORcOPHNti/yhC8ApV8tqKZh89y7+ziKMbluvAVbCwraau + tE5NquigzMDqqAqJHUtNSIouBGE2kWIFV8Uo6gks/XGDxab49z6wY20o2BfGr/biYHCOF + F4nQ8r061T6I57GhInSNlYeS2kz1TEdT37k7u1w7WwJlRgQvqJVp802AARbiPeYEC64W+ + bK/rNOqBd+iVjEK8xKn4VsDGsU/QYMBSK6euo0Ki0G4L5ZUw8CmFiz902nS+WW1UsR9Re + 6v1T+Ir1UMiI1KQ5lJg52uzCKZpJ92UshMBxmRoRVXPrudYR+p1Fq3z22pw8vMkmWmLuk + lw2vQsUg39UwROimyApTHsXRS/pbyEvZNcuBgD3L95YofiONHYWraYJPfcuBbOrqESCjd + sHzJOC+DBHjgMUnEQs40KxaIVvSA9lIyRYTSKReUHzsJz8t6m9CARVTNrzt2OJjHignpI + lX7v5sXi1ZgUTeWaWYyzdTU71YYL5SBcCma2TJDrWo2B1JKvDRzBrIzaVewpVM= diff --git a/zuul.d/ubuntu.yaml b/zuul.d/ubuntu.yaml index 28a6ac3bbc..cfc0350364 100644 --- a/zuul.d/ubuntu.yaml +++ b/zuul.d/ubuntu.yaml @@ -24,8 +24,8 @@ kolla_registry: quay.io kolla_namespace: openstack.kolla secrets: - - kolla_quay_io_creds - - kolla_quay_io_api_oct_2025 + - kolla_quay_io_creds_jan_2026 + - kolla_quay_io_api_jan_2026 - job: name: kolla-build-ubuntu-noble-no-infra-wheels From b852b8ce32a53cd747d8385e6185d2ad521dee5d Mon Sep 17 00:00:00 2001 From: Michael Still Date: Wed, 7 Jan 2026 20:55:56 +1100 Subject: [PATCH 2/4] Update repo GPG key for influxdata. According to https://www.influxdata.com/blog/package-signing-key-rotation the preferred signing key for influxdata package repositories changed in early 2026. Update to the new preferred key. Closes-Bug: #2138095 Change-Id: I77d38e713678ea653ded3b14fd0541d3ec0ebee6 Signed-off-by: Michael Still --- docker/base/Dockerfile.j2 | 2 +- kolla/template/repos.yaml | 2 +- .../notes/influxdb-repo-gpg-key-04eb924f249e54a5.yaml | 6 ++++++ 3 files changed, 8 insertions(+), 2 deletions(-) create mode 100644 releasenotes/notes/influxdb-repo-gpg-key-04eb924f249e54a5.yaml diff --git a/docker/base/Dockerfile.j2 b/docker/base/Dockerfile.j2 index 53ef731cc9..6c758207af 100644 --- a/docker/base/Dockerfile.j2 +++ b/docker/base/Dockerfile.j2 @@ -247,7 +247,7 @@ COPY apt_preferences /etc/apt/preferences.d/kolla-custom {'name': 'docker-ce', 'url': 'https://download.docker.com/linux/debian/gpg'}, {'name': 'fluentd', 'url': 'https://fluentd.cdn.cncf.io/GPG-KEY-fluent-package'}, {'name': 'grafana', 'url': 'https://rpm.grafana.com/gpg.key'}, - {'name': 'influxdb', 'url': 'https://repos.influxdata.com/influxdata-archive_compat.key'}, + {'name': 'influxdb', 'url': 'https://repos.influxdata.com/influxdata-archive.key'}, {'name': 'mariadb', 'url': 'https://downloads.mariadb.com/MariaDB/mariadb-keyring-2019.gpg', 'type': 'gpg'}, {'name': 'opensearch', 'url': 'https://artifacts.opensearch.org/publickeys/opensearch-release.pgp'}, {'name': 'proxysql', 'url': 'https://repo.proxysql.com/ProxySQL/proxysql-3.0.x/repo_pub_key'}, diff --git a/kolla/template/repos.yaml b/kolla/template/repos.yaml index efdb15376b..a5c66d34a8 100644 --- a/kolla/template/repos.yaml +++ b/kolla/template/repos.yaml @@ -147,7 +147,7 @@ rpm: distro: true influxdb: baseurl: "https://repos.influxdata.com/rhel/9/$basearch/stable" - gpgkey: "https://repos.influxdata.com/influxdata-archive_compat.key" + gpgkey: "https://repos.influxdata.com/influxdata-archive.key" name: "influxdb" kolla_el10: baseurl: "https://download.copr.fedorainfracloud.org/results/@openstack-kolla/el10-missing/epel-10-$basearch/" diff --git a/releasenotes/notes/influxdb-repo-gpg-key-04eb924f249e54a5.yaml b/releasenotes/notes/influxdb-repo-gpg-key-04eb924f249e54a5.yaml new file mode 100644 index 0000000000..07b865f2cd --- /dev/null +++ b/releasenotes/notes/influxdb-repo-gpg-key-04eb924f249e54a5.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Updates the InfluxDB repository GPG key from the expired + ``influxdata-archive_compat.key`` to the recommended + ``influxdata-archive.key`` as per https://repos.influxdata.com. From 5a47700917e51ce4f3fe5bc4b4197f09bf0fce32 Mon Sep 17 00:00:00 2001 From: Bartosz Bezak Date: Mon, 12 Jan 2026 11:56:15 +0100 Subject: [PATCH 3/4] CI: Fix publish job secret aliases Change-Id: Ib7c2d8419932e049db871053c3b4faad791c3566 Signed-off-by: Bartosz Bezak --- tests/playbooks/publish.yml | 2 +- zuul.d/debian.yaml | 12 ++++++++---- zuul.d/rocky.yaml | 6 ++++-- zuul.d/ubuntu.yaml | 6 ++++-- 4 files changed, 17 insertions(+), 9 deletions(-) diff --git a/tests/playbooks/publish.yml b/tests/playbooks/publish.yml index aaa451b751..7c217fa376 100644 --- a/tests/playbooks/publish.yml +++ b/tests/playbooks/publish.yml @@ -37,7 +37,7 @@ url: "https://quay.io/api/v1/repository/{{ item.RepoTags.0 }}/changevisibility" method: POST headers: - Authorization: "Bearer {{ kolla_quay_io_api_oct_2025.token | trim }}" + Authorization: "Bearer {{ kolla_quay_io_api.token | trim }}" body: '{"visibility": "public"}' body_format: json loop: "{{ docker_host_info.images }}" diff --git a/zuul.d/debian.yaml b/zuul.d/debian.yaml index 8296ac8292..bebea13b7c 100644 --- a/zuul.d/debian.yaml +++ b/zuul.d/debian.yaml @@ -24,8 +24,10 @@ kolla_registry: quay.io kolla_namespace: openstack.kolla secrets: - - kolla_quay_io_creds_jan_2026 - - kolla_quay_io_api_jan_2026 + - name: kolla_quay_io_creds + secret: kolla_quay_io_creds_jan_2026 + - name: kolla_quay_io_api + secret: kolla_quay_io_api_jan_2026 - job: name: kolla-publish-debian-trixie-arm64-quay @@ -36,8 +38,10 @@ kolla_registry: quay.io kolla_namespace: openstack.kolla secrets: - - kolla_quay_io_creds_jan_2026 - - kolla_quay_io_api_jan_2026 + - name: kolla_quay_io_creds + secret: kolla_quay_io_creds_jan_2026 + - name: kolla_quay_io_api + secret: kolla_quay_io_api_jan_2026 - job: name: kolla-build-debian-trixie-no-infra-wheels diff --git a/zuul.d/rocky.yaml b/zuul.d/rocky.yaml index 85dcc64282..52dedb8dd5 100644 --- a/zuul.d/rocky.yaml +++ b/zuul.d/rocky.yaml @@ -29,8 +29,10 @@ kolla_registry: quay.io kolla_namespace: openstack.kolla secrets: - - kolla_quay_io_creds_jan_2026 - - kolla_quay_io_api_jan_2026 + - name: kolla_quay_io_creds + secret: kolla_quay_io_creds_jan_2026 + - name: kolla_quay_io_api + secret: kolla_quay_io_api_jan_2026 - project-template: name: kolla-build-rocky diff --git a/zuul.d/ubuntu.yaml b/zuul.d/ubuntu.yaml index cfc0350364..c40e0b936f 100644 --- a/zuul.d/ubuntu.yaml +++ b/zuul.d/ubuntu.yaml @@ -24,8 +24,10 @@ kolla_registry: quay.io kolla_namespace: openstack.kolla secrets: - - kolla_quay_io_creds_jan_2026 - - kolla_quay_io_api_jan_2026 + - name: kolla_quay_io_creds + secret: kolla_quay_io_creds_jan_2026 + - name: kolla_quay_io_api + secret: kolla_quay_io_api_jan_2026 - job: name: kolla-build-ubuntu-noble-no-infra-wheels From b59312e36cedb3bc0da1a94278ce81e3fcfdf296 Mon Sep 17 00:00:00 2001 From: Michal Nasiadka Date: Thu, 8 Jan 2026 12:01:37 +0000 Subject: [PATCH 4/4] bifrost/kolla-toolbox: Bump ansible-core to 2.20 Set inject_facts_as_vars to False to match what we do in Kolla-Ansible (and this option will default to False in 2.24) Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/972696 Change-Id: Iae2b70ca62fd68400bde9296edcda8e53f14a896 Signed-off-by: Michal Nasiadka --- docker/bifrost/bifrost-base/Dockerfile.j2 | 16 ++-------------- docker/kolla-toolbox/Dockerfile.j2 | 2 +- docker/kolla-toolbox/ansible.cfg | 3 ++- docker/kolla-toolbox/requirements.yml | 6 +++--- .../ansible-core-2-20-bd912e1767d5f197.yaml | 5 +++++ 5 files changed, 13 insertions(+), 19 deletions(-) create mode 100644 releasenotes/notes/ansible-core-2-20-bd912e1767d5f197.yaml diff --git a/docker/bifrost/bifrost-base/Dockerfile.j2 b/docker/bifrost/bifrost-base/Dockerfile.j2 index e31a12b326..27e3455e94 100644 --- a/docker/bifrost/bifrost-base/Dockerfile.j2 +++ b/docker/bifrost/bifrost-base/Dockerfile.j2 @@ -28,13 +28,6 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {{ macros.install_packages(bifrost_base_packages | customizable("packages")) }} -{# Ensure we use Python 3.12 on RPM-based systems #} -{% if base_package_type == 'rpm' %} -RUN cd /usr/bin && \ - rm -f python3 && \ - ln -s python3.12 python3 -{% endif %} - ENV VENV {{ venv_path }} {% set bifrost_base_pip_packages = [ @@ -47,12 +40,7 @@ COPY build_arg.yml /tmp/build_arg.yml RUN mkdir -p /requirements \ && curl -o /requirements/upper-constraints.txt ${UPPER_CONSTRAINTS_FILE:-https://releases.openstack.org/constraints/upper/{{ openstack_release }}} \ && python3 -m venv --system-site-packages {{ venv_path }} \ - && KOLLA_DISTRO_PYTHON_VERSION=$(/usr/bin/python3 -c "import sys; print('{}.{}'.format(sys.version_info.major, sys.version_info.minor))") \ - && cd {{ venv_path }}/lib \ - && rm -f python3 \ - && ln -s python${KOLLA_DISTRO_PYTHON_VERSION} python3 - -RUN ln -s bifrost-base-source/* bifrost \ + && ln -s bifrost-base-source/* bifrost \ && {{ macros.install_pip(['pip', 'wheel', 'setuptools']) }} \ && {{ macros.install_pip(bifrost_base_pip_packages | customizable("pip_packages")) }} @@ -67,7 +55,7 @@ RUN apt-get --error-on=any update && \ {%- else %} RUN echo " " && \ {%- endif %} - bash -c '$VENV/bin/pip install "ansible>=12,<13" && \ + bash -c '$VENV/bin/pip install "ansible>=12,<14" && \ $VENV/bin/ansible-galaxy collection install -r /bifrost/ansible-collections-requirements.yml && \ $VENV/bin/ansible-playbook -vvvv -i /bifrost/playbooks/inventory/target \ /bifrost/playbooks/install.yaml \ diff --git a/docker/kolla-toolbox/Dockerfile.j2 b/docker/kolla-toolbox/Dockerfile.j2 index 9f97ed3866..6a0796bfbe 100644 --- a/docker/kolla-toolbox/Dockerfile.j2 +++ b/docker/kolla-toolbox/Dockerfile.j2 @@ -96,7 +96,7 @@ RUN mkdir -p /requirements \ ENV PATH {{ venv_path }}/bin:$PATH {% set kolla_toolbox_pip_packages = [ - 'ansible-core==2.19.*', + 'ansible-core==2.20.*', 'cmd2', 'influxdb', 'openstacksdk', diff --git a/docker/kolla-toolbox/ansible.cfg b/docker/kolla-toolbox/ansible.cfg index 53708de396..ec505f4a47 100644 --- a/docker/kolla-toolbox/ansible.cfg +++ b/docker/kolla-toolbox/ansible.cfg @@ -1,3 +1,4 @@ [defaults] -remote_tmp = /tmp +inject_facts_as_vars = False log_path = /var/log/kolla/ansible.log +remote_tmp = /tmp diff --git a/docker/kolla-toolbox/requirements.yml b/docker/kolla-toolbox/requirements.yml index 0c4025d018..83c7951429 100644 --- a/docker/kolla-toolbox/requirements.yml +++ b/docker/kolla-toolbox/requirements.yml @@ -1,11 +1,11 @@ --- collections: - name: ansible.posix - version: '<2' + version: '<3' - name: community.general - version: '<4' + version: '<13' - name: community.mysql - version: '<3' + version: '<5' - name: community.rabbitmq version: '<2' - name: openstack.cloud diff --git a/releasenotes/notes/ansible-core-2-20-bd912e1767d5f197.yaml b/releasenotes/notes/ansible-core-2-20-bd912e1767d5f197.yaml new file mode 100644 index 0000000000..bf7ac0e7d7 --- /dev/null +++ b/releasenotes/notes/ansible-core-2-20-bd912e1767d5f197.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + Version of ``ansible-core`` in ``kolla-toolbox`` has been updated to + ``2.20``.