Merge "bifrost/kolla-toolbox: Bump ansible-core to 2.20"

Set inject_facts_as_vars to False to match what we do in
Kolla-Ansible (and this option will default to False in 2.24)

Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/972696

Change-Id: Iae2b70ca62fd68400bde9296edcda8e53f14a896
Signed-off-by: Michal Nasiadka <mnasiadka@gmail.com>

.ansible-lint

@@ -0,0 +1,13 @@
+---
+exclude_paths:
+  - .cache/  # implicit unless exclude_paths is defined in config
+  - zuul.d/
+  - kolla/template/repos.yaml
+offline: true
+parseable: true
+profile: basic
+skip_list:
+  - package-latest
+  - role-name
+strict: true
+use_default_rules: true

.yamllint

@@ -1,10 +0,0 @@
----
-extends: default
-ignore: |
-  .tox/
-
-rules:
-  line-length: disable
-  truthy: disable
-  braces:
-    max-spaces-inside: 1

.zuul.d/base.yaml

@@ -1,160 +0,0 @@
----
-- project:
-    queue: kolla
-
-- secret:
-    name: kolla_dockerhub_credentials
-    data:
-      username: !encrypted/pkcs1-oaep
-        - LgqBUH6EMZT5mKJMoXsaMAv9CSbiAgoqxU98QjeoDX84K/y6NmFF/ZhficQD0+JT7NfpB
-          2pPAEKeILn63Toeu6ZFkGeUHo5Gf6cIzbXJjqdWIvnwpxV+zUWqM8C2uf8JZjc3mIVOXp
-          yShDzmCCVkeX/x1n69pwuURabR1p5N15CbroT4l1eK7HGiMAcQwhRaCgDpgxsX5yKP07A
-          jIn9M3xwJdjSPxQ7dp1ean3CGPtEHkRuOHjezXfQfdIB7ZMNkGkDaQKTwof56UKDT+MMN
-          L0QT0PntUd0QwTYfUeCPGRd2TI8EFq+iuEy+6945OxLN9WcZmBza3HTVRyPQ8Hx1hXfaP
-          yth8F56SIchc5HQP+zHRZg9KQlb5wPNdKwoIkhDVBZW5Zb1mZmRJF/LR45o+NT0DT7+SE
-          6JshLSOHChD7JfQE19Gi/Rrf9VZS4wd5TfHQSOQH1u8pZzC71sBOkeSnsQsqWePoyERN2
-          gr0uvfB6yX7y2WHfuZRs2a+5HfYjAR+CQPA87nJYOQf8AfQ++9RGVFCSCpaAmTU2tGcjs
-          /J/khnpd0iNNimT3+oXqtBnvi5WCWZ+t/yDfsa3HQ5qRtbXepGoFDibOfhACZ8K7jaFGV
-          lBF6StAFCCOz+MXUyn/a+Vo19k43CRe3kdIpOcca0bcrjOx8fqBnc4zmnuhgQQ=
-      password: !encrypted/pkcs1-oaep
-        - najtUY1DOo18hXxnz8L+FdJo2gW5jyZbJhnMOK1qu9/N94N+K+S72hgvusFMewq4rq9Es
-          fsSe98ZCBmMUT1ZUVs9LymSgzaQSxSXkyETlaEjauF/DLahEHCCWW249l5pQ7lZXiaBAM
-          edlZCdTth+wSFLMcF4jhoFlftAcFv8ue10HrH3vTG7lYfhL8u1ueGKsauVcxzAiT/F1Wd
-          xACZrT5vGoHlv9fALK39JC9OuNNNLPAkqecsP+/abjttyX5OR/ZQ2amM3hWoC1cFIxsYR
-          Gfakq0yLEewnErV8ryaTSzgvpT8bB1wJk8Ti/iU6xuaNO13x7VpHtMErHcN0BrOadPJdb
-          B/xFqkIdX0km6ioffZUELsxrEonSD8tAS8vdn5+KUBFkg9f/KJdCAaR3LmZvF975U9QdI
-          0BnA0XcjOBm+HZqWvcnkIUmoTqzK0vdjRJ2lRPqTvTBTc/i82mTMiChf0G85CV7kTGdjG
-          D9O5sYvy2fQobg28DCXXTxA7YV03nVFPJ56VhB6TmbKCZXqlKNXIbWy5RSNZ8d4cfC7qF
-          kOrdp8oW6+KidWKFYrJaqFhGfpfg+j1nv8BIzGqmspN7PsUo9Q/svCVy+d5FaDs7rxz+j
-          b7jPyuV0g5760TUHjsqIlamYegGSz1ZhGkp2Gl1VzQRjo2/6Tr6Gk546DMlZDI=
-
-- secret:
-    name: kolla_quay_io_creds
-    data:
-      username: !encrypted/pkcs1-oaep
-        - VsvMvV5wOUfl5B2HJboWfN8mta/Tuk7PXcJf5RfKk4uXP6qYGM4dcMB9EdoJNhMCi7FeA
-          NrTZaxf/AjLAkgKlRhz7sPKhmR95+jrFRgEzedpcCamdPkCa+wNQEMNMd0rTwioYUEWm4
-          Y+Oa2mIswy5LcUViz38MPQhf0725U5sYtH2qkuhMbU8u8vzYhSk749xtAN6I1T8ziTKKB
-          3FBowFc2rSRJUQPsLLZjTxBHbrk+00p/DPoHLOz9/9Jf5U//jkqx4ziE2w1a4+x/kWlYT
-          BPXuRL9wWN9ci2uKuoDRRd6QHJzPIJerKG07YU4PAcS3M245rbjjUQC3n3SQJs3u4kKI8
-          rZrxfbmtbfjkzRQXnhnhPk47PebpjnpEUNw6+scnQ+ELdQ0QYGsVRM4x4/ywe5CeFYVDR
-          whQQ1iG21FOs3iv592I7P7l4cEKqKFyx9qiV4t2fyLrHgtU+L/05iENH9igGJ0tDCQ5zT
-          2F2laUWGtzUh76txuFDjpBxR3qS62g825dZXaTegkA+v6c1az23lrYTqbTRf63cuAQyYX
-          APPRC5QU0URXBoIbWb0ry3O5lr/uudI1ZCLN8SSJhpmZAIlviOfaxrKu9fg2YY9e0xpz9
-          CMEWQ/n1EsUyL34Wv189Rvpq4M4GTvozEKsRsjY3u0ygwEUXcH2lEXGOrs+hms=
-      password: !encrypted/pkcs1-oaep
-        - dR2beX9Bn7O8iCqNHtWo1FWX71vy+CwffDk5rafUh5yew2OVNcVtVjVOPvHwb5zZv1LCd
-          MVcgIJe513dM5tQkn2H/HvN/seVu/CfHA6lg6Tj+ueW9VdUH6KiBPr+NCgQWX+Xt3sXbt
-          sPzfNGpvTw1ZCUp0nnudZEKPZ2jn83baNMumW8E8xPb4s2kePzINsb8sGvqy6BOk5rUIo
-          7DaEwWrNnq9TTnMcWGIF+fLP5Pin7+fmvnLkT6qRN4v5FszpHYm8YCpv02nzqI1/F9HeM
-          P3GtkUdIPxa1+3VwZ/DSA9BWi4VG15jDtaxeZFVGQuMqQAiCx8Jqvd+xX2qugAq1m+U7W
-          JobDbaeTYrUmJ1zUaspPZ16RTSf9UGCTaejoSVKM9lJHv6ixtsX7UWkgFvceVrlkt7TtH
-          2mqhBnXvwB6VD5d311WRUfNXz7gb60otisB5G2k/UnRnv1Mu33TPVT7XOFDpVnAvRS3lt
-          haJ34N7AWnDIsllvzcmVWTw3wf/6LLfOQrW2Z+vNambyR4Oc+LVUTbEvZVIU65LpOTIn3
-          LfDhCLDD3VtnVOrj4UxZsjzmPbday1fziua/7f+CXsShC5erz0ZM65rMCwkjWeI6Kc63A
-          0M27tl+OWHO3KkfFR4tWc3dws3r1kYjQeds0adBHyYD0eL8SJfwZkbtojAQ1JM=
-
-- secret:
-    name: kolla_quay_io_api
-    data:
-      token: !encrypted/pkcs1-oaep
-        - uGqaFVfPP2HdAELtq12FTGstT7Y7/TCz4IwAgrGtB+2ZUXgCTYrkzhImRLFG3OQMqzx4d
-          oO6ChFxPGI9hX06mg4MbPBVYXCyh+opxxeaVrgtu03IOB1V8bMlGfVgPSJO8mEp/00poY
-          hMtut/12FWMhjNO+Um2XaKtRmDZKYYoPmuO4BDauJTaTAl1+Elhm5qjrkFOuklb4jP07c
-          9OIex5KiSIqMCmSzduGzVK60BoByzl4u2KPDheEAcohIpjrkm9c6VBe13hZw5llXiDRf2
-          LqHPu/IXIFlT9bnPp49rP8+Gm3z1/sdNsN+TKk1VSWGlUudvaBO9Cdejwo+NMWKMAqwGi
-          drzt/YcCDCQ1SFzkhWk5EdEN5qyrH3jF3I5YzcQ1dKXgr9NOoQSwNLxL5oNL88sH7tqPT
-          xN+EKz+AGG+ib3S9efhYFkFkqs9z4ia8mIM+2/lH5V5gy7iVVMHmxPr+JJ+5sq5lsHrS5
-          No+QrCyeZWWH2qnToQo8S73i9yISzDAML6u5NlKfIJ/nAqsxBOqpCq8xqgI3PLD86lmfL
-          7xlK/HOqvgMubcqzR33mRoSnkcnFpD50O9k41ZsF9SPKHMGmk9LyI05vkL6bcc3ypLBQY
-          BTdg70hF/5m6rHFbVCsNDPlVykcEzsW6D4qqxh/5b3LHbPYbe7ciXcc+PTnYb8=
-
-- nodeset:
-    name: kolla-centos-9-stream
-    nodes:
-      - name: primary
-        label: centos-9-stream
-
-- nodeset:
-    name: kolla-rockylinux-9
-    nodes:
-      - name: primary
-        label: rockylinux-9
-
-- nodeset:
-    name: kolla-ubuntu-jammy
-    nodes:
-      - name: primary
-        label: ubuntu-jammy
-
-- nodeset:
-    name: kolla-debian-bookworm
-    nodes:
-      - name: primary
-        label: debian-bookworm
-
-- nodeset:
-    name: kolla-centos-9-stream-aarch64
-    nodes:
-      - name: primary
-        label: centos-9-stream-arm64
-
-- nodeset:
-    name: kolla-debian-bookworm-aarch64
-    nodes:
-      - name: primary
-        label: debian-bookworm-arm64
-
-- nodeset:
-    name: kolla-rockylinux-9-aarch64
-    nodes:
-      - name: primary
-        label: rockylinux-9-arm64
-
-- nodeset:
-    name: kolla-ubuntu-jammy-aarch64
-    nodes:
-      - name: primary
-        label: ubuntu-jammy-arm64
-
-- job:
-    name: kolla-base
-    parent: base
-    timeout: 10800
-    post-timeout: 10800
-    pre-run: tests/playbooks/pre.yml
-    run: tests/playbooks/run.yml
-    post-run: tests/playbooks/post.yml
-    attempts: 5
-    irrelevant-files:
-      - ^.*\.rst$
-      - ^doc/.*
-      - ^etc/.*
-      - ^releasenotes/.*$
-      - ^specs/.*$
-      - ^test-requirements.txt$
-      - ^\.zuul\.d/
-      - ^\..+
-      - ^contrib/
-      - ^LICENSE$
-      - ^tox\.ini$
-    vars:
-      publisher: false
-      container_engine: "docker"
-    extra-vars:
-      kolla_logs_dir: "{{ zuul_output_dir }}/logs/kolla"
-      kolla_build_logs_dir: "{{ kolla_logs_dir }}/build"
-      virtualenv_path: "/tmp/kolla-virtualenv"
-
-- job:
-    name: kolla-base-podman
-    parent: kolla-base
-    vars:
-      container_engine: "podman"
-      configure_ephemeral_mountpoint: "/var/lib/containers"
-
-- job:
-    name: kolla-build-no-infra-wheels-base
-    parent: kolla-base
-    vars:
-      use_infra_wheels_mirror: false

.zuul.d/centos.yaml

@@ -1,33 +0,0 @@
----
-- project:
-    check:
-      jobs:
-        - kolla-build-centos9s
-        - kolla-ansible-centos9s
-    check-arm64:
-      jobs:
-        - kolla-build-centos9s-aarch64
-    experimental:
-      jobs:
-        - kolla-build-no-infra-wheels-centos9s
-
-- job:
-    name: kolla-build-centos9s
-    parent: kolla-base
-    nodeset: kolla-centos-9-stream
-    vars:
-      base_distro: centos
-    voting: false
-
-- job:
-    name: kolla-build-centos9s-aarch64
-    parent: kolla-build-centos9s
-    nodeset: kolla-centos-9-stream-aarch64
-    voting: false
-
-- job:
-    name: kolla-build-no-infra-wheels-centos9s
-    parent: kolla-build-no-infra-wheels-base
-    nodeset: kolla-centos-9-stream
-    vars:
-      base_distro: centos

.zuul.d/debian.yaml

@@ -1,106 +0,0 @@
----
-- project:
-    check:
-      jobs:
-        - kolla-build-debian
-        - kolla-build-debian-podman
-        - kolla-ansible-debian
-        - kolla-ansible-debian-upgrade
-    check-arm64:
-      jobs:
-        - kolla-build-debian-aarch64
-        - kolla-ansible-debian-aarch64
-    gate:
-      jobs:
-        - kolla-build-debian
-        - kolla-build-debian-podman
-        - kolla-ansible-debian
-        - kolla-ansible-debian-upgrade
-    periodic:
-      jobs:
-        - kolla-publish-debian-quay
-        - kolla-publish-debian-aarch64-quay
-    periodic-weekly:
-      jobs:
-        - kolla-publish-debian-dockerhub
-        - kolla-publish-debian-aarch64-dockerhub
-    experimental:
-      jobs:
-        - kolla-build-no-infra-wheels-debian
-        - kolla-ansible-debian-ironic:
-            files: ^docker\/(base|dnsmasq|ironic|ironic-inspector|iscsid|openstack-base)\/.*
-
-- job:
-    name: kolla-build-debian
-    parent: kolla-base
-    nodeset: kolla-debian-bookworm
-    vars:
-      base_distro: debian
-      base_distro_version: bookworm
-
-- job:
-    name: kolla-build-debian-podman
-    parent: kolla-base-podman
-    nodeset: kolla-debian-bookworm
-    vars:
-      base_distro: debian
-      base_distro_version: bookworm
-
-- job:
-    name: kolla-build-debian-aarch64
-    parent: kolla-build-debian
-    nodeset: kolla-debian-bookworm-aarch64
-    voting: false
-
-- job:
-    name: kolla-publish-debian-dockerhub
-    parent: kolla-build-debian
-    post-run: tests/playbooks/publish.yml
-    vars:
-      publisher: true
-      kolla_registry: dockerhub
-      kolla_namespace: kolla
-    secrets:
-      - kolla_dockerhub_credentials
-
-- job:
-    name: kolla-publish-debian-quay
-    parent: kolla-build-debian
-    post-run: tests/playbooks/publish.yml
-    vars:
-      publisher: true
-      kolla_registry: quay.io
-      kolla_namespace: openstack.kolla
-    secrets:
-      - kolla_quay_io_creds
-      - kolla_quay_io_api
-
-- job:
-    name: kolla-publish-debian-aarch64-dockerhub
-    parent: kolla-build-debian-aarch64
-    post-run: tests/playbooks/publish.yml
-    vars:
-      publisher: true
-      kolla_registry: dockerhub
-      kolla_namespace: kolla
-    secrets:
-      - kolla_dockerhub_credentials
-
-- job:
-    name: kolla-publish-debian-aarch64-quay
-    parent: kolla-build-debian-aarch64
-    post-run: tests/playbooks/publish.yml
-    vars:
-      publisher: true
-      kolla_registry: quay.io
-      kolla_namespace: openstack.kolla
-    secrets:
-      - kolla_quay_io_creds
-      - kolla_quay_io_api
-
-- job:
-    name: kolla-build-no-infra-wheels-debian
-    parent: kolla-build-no-infra-wheels-base
-    nodeset: kolla-debian-bookworm
-    vars:
-      base_distro: debian

.zuul.d/project.yaml

@@ -1,10 +0,0 @@
----
-- project:
-    templates:
-      - openstack-python3-jobs
-      - openstack-python3-jobs-arm64
-      - openstack-cover-jobs
-      - check-requirements
-      - publish-openstack-docs-pti
-      - release-notes-jobs-python3
-      - periodic-stable-jobs

.zuul.d/rocky.yaml

@@ -1,104 +0,0 @@
----
-- project:
-    check:
-      jobs:
-        - kolla-build-rocky9
-        - kolla-build-rocky9-podman
-        - kolla-ansible-rocky9
-        - kolla-ansible-rocky9-upgrade
-        # Test rabbitmq and mariadb in multinode ceph jobs.
-        - kolla-ansible-rocky9-cephadm:
-            files: ^docker\/(base|cinder|glance|mariadb|openstack-base|rabbitmq)\/.*
-        - kolla-ansible-rocky9-upgrade-cephadm:
-            files: ^docker\/(base|cinder|glance|mariadb|openstack-base|rabbitmq)\/.*
-        - kolla-ansible-rocky9-ironic:
-            files: ^docker\/(base|dnsmasq|ironic|ironic-inspector|iscsid|openstack-base)\/.*
-        - kolla-ansible-rocky9-swift:
-            files: ^docker/(base|openstack-base|glance|swift)/
-        - kolla-ansible-rocky9-mariadb:
-            files: ^docker/(base|mariadb)/
-        - kolla-ansible-rocky9-masakari:
-            files: ^docker/(base|masakari|openstack-base)/
-        - kolla-ansible-rocky9-octavia:
-            files: ^docker/(base|neutron|octavia|openstack-base|openvswitch|ovn)/
-        - kolla-ansible-rocky9-ovn:
-            files: ^docker/(base|neutron|openstack-base|openvswitch|ovn)/
-        - kolla-ansible-rocky9-prometheus-opensearch:
-            files: ^docker/(base|opensearch|fluentd|grafana|prometheus)/
-        - kolla-ansible-rocky9-kvm:
-            files: ^docker/nova/
-        - kolla-ansible-rocky9-cells:
-            files: ^docker/proxysql/
-        - kolla-ansible-rocky9-bifrost:
-            files: ^docker/bifrost/
-    check-arm64:
-      jobs:
-        - kolla-build-rocky9-aarch64
-    gate:
-      jobs:
-        - kolla-build-rocky9
-        - kolla-build-rocky9-podman
-        - kolla-ansible-rocky9
-        - kolla-ansible-rocky9-upgrade
-    periodic:
-      jobs:
-        - kolla-publish-rocky9-quay
-    periodic-weekly:
-      jobs:
-        - kolla-publish-rocky9-dockerhub
-    experimental:
-      jobs:
-        - kolla-build-no-infra-wheels-rocky9
-
-- job:
-    name: kolla-build-rocky9
-    parent: kolla-base
-    nodeset: kolla-rockylinux-9
-    vars:
-      base_distro: rocky
-      base_distro_version: 9
-
-- job:
-    name: kolla-build-rocky9-podman
-    parent: kolla-base-podman
-    nodeset: kolla-rockylinux-9
-    vars:
-      base_distro: rocky
-      base_distro_version: 9
-
-- job:
-    name: kolla-build-rocky9-aarch64
-    parent: kolla-build-rocky9
-    nodeset: kolla-rockylinux-9-aarch64
-    voting: false
-
-- job:
-    name: kolla-build-no-infra-wheels-rocky9
-    parent: kolla-build-no-infra-wheels-base
-    nodeset: kolla-rockylinux-9
-    vars:
-      base_distro: rocky
-      base_distro_version: 9
-
-- job:
-    name: kolla-publish-rocky9-dockerhub
-    parent: kolla-build-rocky9
-    post-run: tests/playbooks/publish.yml
-    vars:
-      publisher: true
-      kolla_registry: dockerhub
-      kolla_namespace: kolla
-    secrets:
-      - kolla_dockerhub_credentials
-
-- job:
-    name: kolla-publish-rocky9-quay
-    parent: kolla-build-rocky9
-    post-run: tests/playbooks/publish.yml
-    vars:
-      publisher: true
-      kolla_registry: quay.io
-      kolla_namespace: openstack.kolla
-    secrets:
-      - kolla_quay_io_creds
-      - kolla_quay_io_api

.zuul.d/ubuntu.yaml

@@ -1,103 +0,0 @@
----
-- project:
-    check:
-      jobs:
-        - kolla-build-ubuntu
-        - kolla-build-ubuntu-podman
-        - kolla-ansible-ubuntu
-        - kolla-ansible-ubuntu-upgrade
-        # Test rabbitmq and mariadb in multinode ceph jobs.
-        - kolla-ansible-ubuntu-cephadm:
-            files: ^docker\/(base|cinder|glance|mariadb|openstack-base|rabbitmq)\/.*
-        - kolla-ansible-ubuntu-upgrade-cephadm:
-            files: ^docker\/(base|cinder|glance|mariadb|openstack-base|rabbitmq)\/.*
-        - kolla-ansible-ubuntu-ironic:
-            files: ^docker\/(base|dnsmasq|ironic|ironic-inspector|iscsid|openstack-base)\/.*
-        - kolla-ansible-ubuntu-swift:
-            files: ^docker/(base|openstack-base|glance|swift)/
-        - kolla-ansible-ubuntu-mariadb:
-            files: ^docker/(base|mariadb)/
-        - kolla-ansible-ubuntu-masakari:
-            files: ^docker/(base|masakari|openstack-base)/
-        - kolla-ansible-ubuntu-octavia:
-            files: ^docker/(base|neutron|octavia|openstack-base|openvswitch|ovn)/
-        - kolla-ansible-ubuntu-ovn:
-            files: ^docker/(base|neutron|openstack-base|openvswitch|ovn)/
-        - kolla-ansible-ubuntu-prometheus-opensearch:
-            files: ^docker/(base|opensearch|fluentd|grafana|prometheus)/
-        - kolla-ansible-ubuntu-kvm:
-            files: ^docker/nova/
-        - kolla-ansible-ubuntu-cells:
-            files: ^docker/proxysql/
-        - kolla-ansible-ubuntu-bifrost:
-            files: ^docker/bifrost/
-    check-arm64:
-      jobs:
-        - kolla-build-ubuntu-aarch64
-    gate:
-      jobs:
-        - kolla-build-ubuntu
-        - kolla-build-ubuntu-podman
-        - kolla-ansible-ubuntu
-        - kolla-ansible-ubuntu-upgrade
-    periodic:
-      jobs:
-        - kolla-publish-ubuntu-quay
-    periodic-weekly:
-      jobs:
-        - kolla-publish-ubuntu-dockerhub
-    experimental:
-      jobs:
-        - kolla-build-no-infra-wheels-ubuntu
-
-- job:
-    name: kolla-build-ubuntu
-    parent: kolla-base
-    nodeset: kolla-ubuntu-jammy
-    vars:
-      base_distro: ubuntu
-      base_distro_version: jammy
-
-- job:
-    name: kolla-build-ubuntu-podman
-    parent: kolla-base-podman
-    nodeset: kolla-ubuntu-jammy
-    vars:
-      base_distro: ubuntu
-      base_distro_version: jammy
-
-- job:
-    name: kolla-build-ubuntu-aarch64
-    parent: kolla-build-ubuntu
-    nodeset: kolla-ubuntu-jammy-aarch64
-    voting: false
-
-- job:
-    name: kolla-publish-ubuntu-dockerhub
-    parent: kolla-build-ubuntu
-    post-run: tests/playbooks/publish.yml
-    vars:
-      publisher: true
-      kolla_registry: dockerhub
-      kolla_namespace: kolla
-    secrets:
-      - kolla_dockerhub_credentials
-
-- job:
-    name: kolla-publish-ubuntu-quay
-    parent: kolla-build-ubuntu
-    post-run: tests/playbooks/publish.yml
-    vars:
-      publisher: true
-      kolla_registry: quay.io
-      kolla_namespace: openstack.kolla
-    secrets:
-      - kolla_quay_io_creds
-      - kolla_quay_io_api
-
-- job:
-    name: kolla-build-no-infra-wheels-ubuntu
-    parent: kolla-build-no-infra-wheels-base
-    nodeset: kolla-ubuntu-jammy
-    vars:
-      base_distro: ubuntu

README.rst

@@ -92,10 +92,8 @@ Kolla provides images to deploy the following OpenStack projects:
 - `Nova <https://docs.openstack.org/nova/latest/>`__
 - `Octavia <https://docs.openstack.org/octavia/latest/>`__
 - Skyline (`APIServer <https://docs.openstack.org/skyline-apiserver/latest/>`__ and `Console <https://docs.openstack.org/skyline-console/latest/>`__)
-- `Swift <https://docs.openstack.org/swift/latest/>`__
 - `Tacker <https://docs.openstack.org/tacker/latest/>`__
 - `Trove <https://docs.openstack.org/trove/latest/>`__
-- `Venus <https://docs.openstack.org/venus/latest/>`__
 - `Watcher <https://docs.openstack.org/watcher/latest/>`__
 - `Zun <https://docs.openstack.org/zun/latest/>`__
 
@@ -135,7 +133,7 @@ Kolla provides images to deploy the following infrastructure components:
   direct messaging back end for communication between services.
 - `RabbitMQ <https://www.rabbitmq.com/>`__ as a broker messaging back end for
   communication between services.
-- `Redis Sentinel <https://redis.io/topics/sentinel>`__ provides high availability for redis
+- `Valkey Sentinel <https://valkey.io/topics/sentinel>`__ provides high availability for valkey
   along with collateral tasks such as monitoring, notification and acts as configuration
   provider for clients.
 - `Telegraf <https://www.docs.influxdata.com/telegraf/>`__ as a plugin-driven server

doc/source/admin/image-building.rst

@@ -298,16 +298,144 @@ To remove a package from that list, say ``locales``, one would do:
    # Horizon
    {% set horizon_packages_remove = ['locales'] %}
 
+An example of this is the Grafana plugins, which are mentioned in the next
+section.
+
+Grafana plugins
+^^^^^^^^^^^^^^^
+
+Additional Grafana plugins can be installed by adding the plugin name to the
+``grafana_plugins_append`` list. Plugins can also be removed by adding the
+plugin name to the ``grafana_plugins_remove`` list. Additionally the entire
+list can be overridden by setting the ``grafana_plugins_override`` variable.
+
+.. code-block:: ini
+
+   grafana_plugins_append:
+      - grafana-piechart-panel
+      - vonage-status-panel
+
+Patching customization
+----------------------
+
+Kolla provides functionality to apply patches to Docker images during the build
+process. This allows users to modify existing files or add new ones as part of
+the image creation.
+
+You need to define a ``patches_path`` in the ``[DEFAULT]`` section of
+the ``/etc/kolla/kolla-build.conf`` file. This directory will be used to store
+patches for the images.
+
+.. path etc/kolla/kolla-build.conf
+.. code-block:: ini
+
+  [DEFAULT]
+  patches_path = /path/to/your/patches
+
+Create a directory for each image you want to patch, following a directory
+structure similar to the Debian patch quilt format. Refer to
+`quilt documentation <https://linux.die.net/man/1/quilt>`_. for more details.
+
+- ``<patches_path>/image_name/`` : The directory for the specific image.
+- ``<patches_path>/image_name/some-patch`` : Contains the patch content.
+- ``<patches_path>/image_name/another-patch`` : Contains the patch content.
+- ``<patches_path>/image_name/series`` : Lists the order in which the patches
+  will be applied.
+
+For example, if you want to patch the ``nova-api`` image, the structure would
+look like this:
+
+.. code-block:: console
+
+   /path/to/your/patches/nova-api/some-patch
+   /path/to/your/patches/nova-api/another-patch
+   /path/to/your/patches/nova-api/series
+
+The ``series`` file should list the patches in the order they should be
+applied:
+
+.. code-block:: console
+
+   some-patch
+   another-patch
+
+When the images are built using ``kolla-build``, the patches defined in the
+``patches_path`` will automatically be applied to the corresponding images.
+
+After the patches are applied, Kolla stores information about the applied
+patches in ``/etc/kolla/patched``. The patch files themselves are stored
+in the ``/patches`` directory within the image. This allows you to track
+which patches have been applied to each image for debugging or
+verification purposes.
+
 Python packages build options
 -----------------------------
 
 The block ``base_pip_conf`` in the ``base`` Dockerfile can be used to provide
 the PyPI build customisation options via the standard environment variables
-like ``PIP_INDEX_URL``, ``PIP_TRUSTED_HOST``, etc. Also here can be provided
-the standard environment variable ``UPPER_CONSTRAINTS_FILE`` used for building
-the ``bifrost_deploy`` container when PyPI upper-constraints needs to be
-overridden. Also this variable would be used in the ``kolla-toolbox`` if
-provided instead of the defaults.
+like ``PIP_INDEX_URL``, ``PIP_TRUSTED_HOST``, etc.
+
+To override PYPI upper-constraints of all OpenStack images, you can
+define the source location of openstack-base. in ``kolla-build.conf``.
+
+Upstream repository of `openstack-base (requirements) <https://opendev.org/openstack/requirements>`__
+has a source of
+`upper constraints file <https://opendev.org/openstack/requirements/src/branch/master/upper-constraints.txt>`__.
+
+Make a fork or clone the repository then customise ``upper-constraints.txt``
+and define the location of ``openstack-base`` in ``kolla_build.conf``.
+
+.. path /etc/kolla/kolla-build.conf
+.. code-block:: ini
+
+   # These examples use upstream openstack-base as a demonstration
+   # To use custom openstack-base, make changes accordingly
+
+   # Using git source
+   [openstack-base]
+   type = git
+   location = https://opendev.org/openstack/requirements
+   reference = master
+
+   # Using URL source
+   [openstack-base]
+   type = url
+   location = https://tarballs.opendev.org/openstack/requirements/requirements-master.tar.gz
+
+   # Using local source
+   [openstack-base]
+   type = local
+   location = /home/kolla/src/requirements
+
+To remove or change the version of specific Python packages in
+``openstack-base`` upper-constraints, you can use the block
+``openstack_base_override_upper_constraints`` in your template file,
+for example, ``template-overrides.j2``:
+
+.. code-block:: jinja
+
+   {% block openstack_base_override_upper_constraints %}
+   RUN {{ macros.upper_constraints_version_change("sqlparse", "0.4.4", "0.5.0") }}
+   RUN {{ macros.upper_constraints_remove("reno") }}
+   {% endblock %}
+
+``kolla-toolbox`` image needs different approach as it does not uses
+``openstack-base`` as a base image.
+A variable ``UPPER_CONSTRAINTS_FILE`` is set in the
+Dockerfile of ``kolla-toolbox``.
+To change variable, add the following contents to the
+``kolla_toolbox_pip_conf`` block in your template file, for example,
+``template-overrides.j2``:
+
+.. code-block:: jinja
+
+   {% block kolla_toolbox_pip_conf %}
+   ENV UPPER_CONSTRAINTS_FILE=https://releases.openstack.org/constraints/upper/master
+   {% endblock %}
+
+.. note::
+
+   ``UPPER_CONSTRAINTS_FILE`` must be a valid URL to the file
 
 Plugin functionality
 --------------------
@@ -401,6 +529,7 @@ Some of these plugins used to be enabled by default but, due to
 their release characteristic, have been excluded from the default builds.
 Please read the included ``README.rst`` to learn how to apply them.
 
+
 Additions functionality
 -----------------------
 
@@ -454,6 +583,98 @@ The template becomes now:
    RUN cp /additions/jenkins/jenkins.json /jenkins.json
    {% endblock %}
 
+Custom docker templates
+-----------------------
+
+In order to unify the process of managing OpenStack-related projects, Kolla
+provides a way of building images for external 'non-built-in' projects.
+
+If the template for a 'non-built-in' project meets Kolla template standards,
+an operator can provide a root directory with a template via the
+``--docker-dir`` CLI option (can be specified multiple times).
+
+All Kolla's jinja2 macros should be available the same as for built-in
+projects with some notes:
+
+- The ``configure_user`` macro. As the 'non-built-in' user is unknown to Kolla,
+  there are no default values for user ID and group ID to use.
+  To use this macro, an operator should specify "non-default" user details
+  with ``<custom_user_name>-user`` configuration section and include info
+  for ``uid`` and ``gid`` at least.
+
+Let's look into how an operator can build an image for an in-house project
+with Kolla using `openstack/releases <https://opendev.org/openstack/releases>`_
+project.
+
+First, create a ``Dockerfile.j2`` template for the project.
+
+.. path /home/kolla/custom-kolla-docker-templates/releaser/Dockerfile.j2
+.. code-block:: jinja
+
+   FROM {{ namespace }}/{{ image_prefix }}openstack-base:{{ tag }}
+
+   {% block labels %}
+   LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build_date }}"
+   {% endblock %}
+
+   {% block releaser_header %}{% endblock %}
+
+   {% import "macros.j2" as macros with context %}
+
+   {{ macros.configure_user(name='releaser') }}
+
+   RUN ln -s releaser-source/* /releaser \
+       && {{ macros.install_pip(['/releaser-source']  | customizable("pip_packages")) }} \
+       && mkdir -p /etc/releaser \
+       && chown -R releaser: /etc/releaser \
+       && chmod 750 /etc/sudoers.d \
+       && touch /usr/local/bin/kolla_releaser_extend_start \
+       && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_releaser_extend_start
+
+   {% block footer %}{% endblock %}
+
+Suggested directory structure:
+
+.. code-block:: console
+
+   custom-kolla-docker-templates
+   |__ releaser
+       |__ Dockerfile.j2
+
+Then, modify Kolla's configuration so the engine can download sources and
+configure users.
+
+.. path /etc/kolla/kolla-build.conf
+.. code-block:: ini
+
+   [releaser]
+   type = git
+   location = https://opendev.org/openstack/releases
+   reference = master
+
+   [releaser-user]
+   uid = 53001
+   gid = 53001
+
+Last pre-check before building a new image - ensure that the new template
+is visible for Kolla:
+
+.. code-block:: console
+
+   $ kolla-build --list-images --docker-dir custom-kolla-docker-templates "^releaser$"
+   1 : base
+   2 : releaser
+   3 : openstack-base
+
+And finally, build the ``releaser`` image, passing the ``--docker-dir``
+argument:
+
+.. code-block:: console
+
+   kolla-build --docker-dir custom-kolla-docker-templates "^releaser$"
+
+Can I use the ``--template-override`` option for custom templates? Yes!
+
 Custom repos
 ------------
 
@@ -462,23 +683,16 @@ Red Hat
 
 Kolla allows the operator to build containers using custom repos.
 The repos are accepted as a list of comma separated values and can be in the
-form of ``.repo``, ``.rpm``, or a url. See examples below.
-
-To use current RDO packages (aka Delorean or DLRN), update ``rpm_setup_config``
-in ``kolla-build.conf``:
-
-.. path /etc/kolla/kolla-build.conf
-.. code-block:: ini
-
-   rpm_setup_config = https://trunk.rdoproject.org/centos8/current/delorean.repo,https://trunk.rdoproject.org/centos8/delorean-deps.repo
+form of ``.repo``, ``.rpm``, or a url.
 
 If specifying a ``.repo`` file, each ``.repo`` file will need to exist in the
-same directory as the base Dockerfile (``kolla/docker/base``):
+same directory as the base Dockerfile (``kolla/docker/base``) or you need to
+specify a url:
 
 .. path kolla/docker/base
 .. code-block:: ini
 
-   rpm_setup_config = epel.repo,delorean.repo,delorean-deps.repo
+   rpm_setup_config = epel.repo,https://remote-server.com/your-repo.repo
 
 Debian / Ubuntu
 ^^^^^^^^^^^^^^^

doc/source/admin/kolla_api.rst

@@ -65,6 +65,9 @@ The `kolla_set_configs`_ script understands the following attributes:
     Must be passed in the numeric octal form.
   * **recurse**: whether to apply the change recursively over the target
     directory. Boolean, defaults to ``false``.
+  * **exclude**: array of names of the directories or files to be excluded when
+    ``recurse`` is set to ``true``. Supports Python regular expressions.
+    Defaults to empty array.
 
 Here is an example configuration file:
 
@@ -85,7 +88,8 @@ Here is an example configuration file:
             {
                 "path": "/var/log/kolla/trove",
                 "owner": "trove:trove",
-                "recurse": true
+                "recurse": true,
+                "exclude": ["/var/log/^snapshot.*"]
             }
         ]
     }

doc/source/ceph_versions.csv

@@ -1,5 +1,5 @@
 Distro,Ceph,
 ,Source, Release
-Rocky Linux,CentOS Storage SIG,Reef
-Ubuntu,Ubuntu,Reef
+Rocky Linux,CentOS Storage SIG,Squid
+Ubuntu,Ubuntu,Squid
 Debian,Debian,Pacific

doc/source/contributor/adding-a-new-image.rst

@@ -56,8 +56,8 @@ provided, copy its Dockerfile structure and amend it to new needs.
 Distribution support
 ====================
 
-By default, every new image should support all supported distributions (CentOS,
-Debian, Ubuntu) and both x86-64 and aarch64 architectures. Sometimes it is not
+By default, every new image should support all supported distributions (Debian,
+Ubuntu, Rocky) and both x86-64 and aarch64 architectures. Sometimes it is not
 doable so we have list of `unbuildable images` for that.
 
 Unbuildable images

doc/source/contributor/contributing.rst

@@ -27,7 +27,7 @@ IRC Channel
     ``#openstack-kolla`` (`channel logs`_) on `OFTC <http://oftc.net>`_
 
 Weekly Meetings
-    On Wednesdays at 14:00 UTC in the IRC channel (`meetings logs`_)
+    In the IRC channel (`meeting information`_)
 
 Mailing list (prefix subjects with ``[kolla]``)
     https://lists.openstack.org/pipermail/openstack-discuss/
@@ -41,43 +41,51 @@ Whiteboard (etherpad)
     https://etherpad.openstack.org/p/KollaWhiteBoard
 
 .. _channel logs: https://meetings.opendev.org/irclogs/%23openstack-kolla/
-.. _meetings logs:  https://meetings.opendev.org/meetings/kolla/
+.. _meeting information: https://meetings.opendev.org/#Kolla_Team_Meeting
 
 Contacting the Core Team
 ~~~~~~~~~~~~~~~~~~~~~~~~
 
 In general it is suggested to use the above mentioned public communication
-channels, but if you find the you need to contact someone from the Core team
+channels, but if you find that you need to contact someone from the Core team
 directly, you can find the lists in Gerrit:
 
-- kolla-core https://review.opendev.org/admin/groups/28d5dccfccc125b3963f76ab67e256501565d52b,members
-- kolla-ansible-core https://review.opendev.org/admin/groups/cfd61289b70f00206797b035aa0bd7adfccf4be2,members
-- kayobe-core https://review.opendev.org/admin/groups/361e28280e3a06be2997a5aa47a8a11d3a8fb9b9,members
+- `Kolla core team <https://review.opendev.org/admin/groups/kolla-core,members>`__
+- `Kayobe core team <https://review.opendev.org/admin/groups/kayobe-core,members>`__
 
 New Feature Planning
 ~~~~~~~~~~~~~~~~~~~~
 
-New features are discussed via IRC or mailing list (with [kolla] prefix).
-Kolla project keeps blueprints in `Launchpad <https://blueprints.launchpad.net/kolla>`__.
-Specs are welcome but not strictly required.
+New features are discussed on PTG, via IRC or mailing list (with [kolla]
+prefix).
 
 Task Tracking
 ~~~~~~~~~~~~~
 
-Kolla project tracks tasks in `Launchpad <https://bugs.launchpad.net/kolla>`__.
-Note this is the same place as for bugs.
+Kolla family projects track tasks and bugs in Launchpad:
+
+- `Kolla <https://bugs.launchpad.net/kolla>`__
+- `Kolla Ansible <https://bugs.launchpad.net/kolla-ansible>`__
+- `Ansible Collection Kolla <https://bugs.launchpad.net/ansible-collection-kolla>`__
+- `Kayobe <https://bugs.launchpad.net/kayobe>`__
 
 If you're looking for some smaller, easier work item to pick up and get started
-on, search for the 'low-hanging-fruit' tag.
+on, search for the 'low-hanging-fruit' tag in the relevant project.
 
 A more lightweight task tracking is done via etherpad - `Whiteboard <https://etherpad.openstack.org/p/KollaWhiteBoard>`__.
 
 Reporting a Bug
 ~~~~~~~~~~~~~~~
 
-You found an issue and want to make sure we are aware of it? You can do so
-on `Launchpad <https://bugs.launchpad.net/kolla>`__.
-Note this is the same place as for tasks.
+You found an issue and want to make sure we are aware of it?
+Please report it in the appropriate Launchpad project:
+
+- `Kolla <https://bugs.launchpad.net/kolla>`__
+- `Kolla Ansible <https://bugs.launchpad.net/kolla-ansible>`__
+- `Ansible Collection Kolla <https://bugs.launchpad.net/ansible-collection-kolla>`__
+- `Kayobe <https://bugs.launchpad.net/kayobe>`__
+
+Note these are also used for task tracking.
 
 Getting Your Patch Merged
 ~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -89,6 +97,22 @@ is described in :ref:`its own section <release-notes>`.
 
 Significant changes should have documentation and testing provided with them.
 
+To see an overview of in-progress patches, sorted into useful sections, you can
+view the:
+
+- `Kolla Review Dashboard <https://review.opendev.org/dashboard/?title=Kolla+Review+Dashboard&foreach=project%3Aopenstack%2Fkolla+status%3Aopen+NOT+label%3AWorkflow%3C%3D%2D1+NOT+label%3ACode%2DReview%3C%3D%2D2&High+priority+changes=label%3AReview%2DPriority%3D2&Priority+changes=label%3AReview%2DPriority%3D1&Feature+freeze=label%3AReview%2DPriority%3D%2D1&Stable+branch+backports=branch%3A%5Estable%2F.%2A+status%3Aopen+NOT+label%3AReview%2DPriority%3D%2D1&Small+things+%28%3C25+LOC%2C+limit+25%29+on+master+branch=delta%3A%3C%3D25+limit%3A25+NOT+label%3ACode%2DReview%2D1+label%3AVerified%3E%3D1%2Czuul+NOT+label%3AReview%2DPriority%3D%2D1+branch%3Amaster&Needs+Final+Approval+%28to+land+on+master+branch%29=NOT+label%3AWorkflow%3E%3D1+NOT+label%3AWorkflow%3C%3D%2D1+NOT+owner%3Aself+label%3ACode%2DReview%3E%3D2+label%3AVerified%3E%3D1%2Czuul+NOT+label%3AReview%2DPriority%3D%2D1+branch%3Amaster&Needs+revisit+%28You+were+a+reviewer+but+haven%27t+voted+in+the+current+revision%29=reviewer%3Aself+limit%3A50&Newer+%28%3C1wk%29+Open+Patches+%28limit+25%29+on+master+branch=%2Dage%3A1week+limit%3A25+NOT+label%3AWorkflow%3E%3D1+label%3AVerified%3E%3D1%2Czuul+NOT+label%3ACode%2DReview%3E%3D2+NOT+label%3AReview%2DPriority%3D%2D1+branch%3Amaster&Older+%28%3E1wk%29+Open+Patches+Passing+Zuul+Tests+%28limit+50%29+on+master+branch=age%3A1week+limit%3A50+NOT+label%3AWorkflow%3E%3D1+NOT+label%3ACode%2DReview%3C%3D%2D1+NOT+label%3ACode%2DReview%3E%3D1+label%3AVerified%3E%3D1%2Czuul+NOT+label%3AReview%2DPriority%3D%2D1+branch%3Amaster>`__
+
+- `Kolla Ansible Review Dashboard <https://review.opendev.org/dashboard/?title=Kolla%2DAnsible+Review+Dashboard&foreach=project%3Aopenstack%2Fkolla%2Dansible+status%3Aopen+NOT+label%3AWorkflow%3C%3D%2D1+NOT+label%3ACode%2DReview%3C%3D%2D2&High+priority+changes=label%3AReview%2DPriority%3D2&Priority+changes=label%3AReview%2DPriority%3D1&Feature+freeze=label%3AReview%2DPriority%3D%2D1&Stable+branch+backports=branch%3A%5Estable%2F.%2A+status%3Aopen+NOT+label%3AReview%2DPriority%3D%2D1&Small+things+%28%3C25+LOC%2C+limit+25%29+on+master+branch=delta%3A%3C%3D25+limit%3A25+NOT+label%3ACode%2DReview%2D1+label%3AVerified%3E%3D1%2Czuul+NOT+label%3AReview%2DPriority%3D%2D1+branch%3Amaster&Needs+Final+Approval+%28to+land+on+master+branch%29=NOT+label%3AWorkflow%3E%3D1+NOT+label%3AWorkflow%3C%3D%2D1+NOT+owner%3Aself+label%3ACode%2DReview%3E%3D2+label%3AVerified%3E%3D1%2Czuul+NOT+label%3AReview%2DPriority%3D%2D1+branch%3Amaster&Needs+revisit+%28You+were+a+reviewer+but+haven%27t+voted+in+the+current+revision%29=reviewer%3Aself+limit%3A50&Newer+%28%3C1wk%29+Open+Patches+%28limit+25%29+on+master+branch=%2Dage%3A1week+limit%3A25+NOT+label%3AWorkflow%3E%3D1+label%3AVerified%3E%3D1%2Czuul+NOT+label%3ACode%2DReview%3E%3D2+NOT+label%3AReview%2DPriority%3D%2D1+branch%3Amaster&Older+%28%3E1wk%29+Open+Patches+Passing+Zuul+Tests+%28limit+50%29+on+master+branch=age%3A1week+limit%3A50+NOT+label%3AWorkflow%3E%3D1+NOT+label%3ACode%2DReview%3C%3D%2D1+NOT+label%3ACode%2DReview%3E%3D1+label%3AVerified%3E%3D1%2Czuul+NOT+label%3AReview%2DPriority%3D%2D1+branch%3Amaster>`__
+
+- `Ansible Collection Kolla Review Dashboard <https://review.opendev.org/dashboard/?title=ansible%2Dcollection%2Dkolla+Review+Dashboard&foreach=project%3Aopenstack%2Fansible%2Dcollection%2Dkolla+status%3Aopen+NOT+label%3AWorkflow%3C%3D%2D1+NOT+label%3ACode%2DReview%3C%3D%2D2&High+priority+changes=label%3AReview%2DPriority%3D2&Priority+changes=label%3AReview%2DPriority%3D1&Feature+freeze=label%3AReview%2DPriority%3D%2D1&Stable+branch+backports=branch%3A%5Estable%2F.%2A+status%3Aopen+NOT+label%3AReview%2DPriority%3D%2D1&Small+things+%28%3C25+LOC%2C+limit+25%29+on+master+branch=delta%3A%3C%3D25+limit%3A25+NOT+label%3ACode%2DReview%2D1+label%3AVerified%3E%3D1%2Czuul+NOT+label%3AReview%2DPriority%3D%2D1+branch%3Amaster&Needs+Final+Approval+%28to+land+on+master+branch%29=NOT+label%3AWorkflow%3E%3D1+NOT+label%3AWorkflow%3C%3D%2D1+NOT+owner%3Aself+label%3ACode%2DReview%3E%3D2+label%3AVerified%3E%3D1%2Czuul+NOT+label%3AReview%2DPriority%3D%2D1+branch%3Amaster&Needs+revisit+%28You+were+a+reviewer+but+haven%27t+voted+in+the+current+revision%29=reviewer%3Aself+limit%3A50&Newer+%28%3C1wk%29+Open+Patches+%28limit+25%29+on+master+branch=%2Dage%3A1week+limit%3A25+NOT+label%3AWorkflow%3E%3D1+label%3AVerified%3E%3D1%2Czuul+NOT+label%3ACode%2DReview%3E%3D2+NOT+label%3AReview%2DPriority%3D%2D1+branch%3Amaster&Older+%28%3E1wk%29+Open+Patches+Passing+Zuul+Tests+%28limit+50%29+on+master+branch=age%3A1week+limit%3A50+NOT+label%3AWorkflow%3E%3D1+NOT+label%3ACode%2DReview%3C%3D%2D1+NOT+label%3ACode%2DReview%3E%3D1+label%3AVerified%3E%3D1%2Czuul+NOT+label%3AReview%2DPriority%3D%2D1+branch%3Amaster>`__
+
+- `Kayobe Review Dashboard <https://review.opendev.org/dashboard/?title=Kayobe+Review+Dashboard&foreach=%28project%3Aopenstack%2Fkayobe+OR+project%3Aopenstack%2Fkayobe%2Dconfig+OR+project%3Aopenstack%2Fkayobe%2Dconfig%2Ddev%29+status%3Aopen+NOT+label%3ACode%2DReview%3C%3D%2D2+NOT+label%3AWorkflow%3C%3D%2D1&High+priority+changes=label%3AReview%2DPriority%3D2&Priority+changes=label%3AReview%2DPriority%3D1&Feature+freeze=label%3AReview%2DPriority%3D%2D1&Stable+branch+backports=branch%3A%5Estable%2F.%2A+status%3Aopen+NOT+label%3AReview%2DPriority%3D%2D1&Small+things+%28%3C25+LOC%2C+limit+25%29+on+master+branch=delta%3A%3C%3D25+limit%3A25+NOT+label%3ACode%2DReview%2D1+label%3AVerified%3E%3D1%2Czuul+NOT+label%3AReview%2DPriority%3D%2D1+branch%3Amaster&Needs+Final+Approval+%28to+land+on+master+branch%29=NOT+label%3AWorkflow%3E%3D1+NOT+label%3AWorkflow%3C%3D%2D1+NOT+owner%3Aself+label%3ACode%2DReview%3E%3D2+label%3AVerified%3E%3D1%2Czuul+NOT+label%3AReview%2DPriority%3D%2D1+branch%3Amaster&Needs+revisit+%28You+were+a+reviewer+but+haven%27t+voted+in+the+current+revision%29=reviewer%3Aself+limit%3A50&Newer+%28%3C1wk%29+Open+Patches+%28limit+25%29+on+master+branch=%2Dage%3A1week+limit%3A25+NOT+label%3AWorkflow%3E%3D1+label%3AVerified%3E%3D1%2Czuul+NOT+label%3ACode%2DReview%3E%3D2+NOT+label%3AReview%2DPriority%3D%2D1+branch%3Amaster&Older+%28%3E1wk%29+Open+Patches+Passing+Zuul+Tests+%28limit+50%29+on+master+branch=age%3A1week+limit%3A50+NOT+label%3AWorkflow%3E%3D1+NOT+label%3ACode%2DReview%3C%3D%2D1+NOT+label%3ACode%2DReview%3E%3D1+label%3AVerified%3E%3D1%2Czuul+NOT+label%3AReview%2DPriority%3D%2D1+branch%3Amaster>`__
+
+.. note::
+
+   If you feel that your change is getting overlooked, reach out via
+   :ref:`preferred communication methods <communication>` to let us know.
+
 Project Team Lead Duties
 ~~~~~~~~~~~~~~~~~~~~~~~~
 

doc/source/contributor/ptl-guide.rst

@@ -99,7 +99,7 @@ Day to Day
 
 * Be available in IRC to help new and existing contributors
 
-* Keep track of the progress of cycle priorites
+* Keep track of the progress of cycle priorities
 
 * Monitor the core team membership, mentor potential cores
 

doc/source/contributor/release-management.rst

@@ -87,6 +87,8 @@ This needs to be done for each of the following projects:
 
 * https://launchpad.net/ansible-collection-kolla
 
+* https://launchpad.net/kayobe
+
 At the beginning of a cycle, ensure a named series exists for the cycle in each
 project. If not, create one via the project landing page (e.g.
 https://launchpad.net/kolla) - in the "Series and milestones" section click in
@@ -94,8 +96,6 @@ https://launchpad.net/kolla) - in the "Series and milestones" section click in
 milestones, including the final release. Series can be marked as "Active
 Development" or "Current Stable Release" as necessary.
 
-Kayobe uses Storyboard, which does not track series or milestones.
-
 Milestones
 ----------
 
@@ -152,11 +152,6 @@ R-8: Switch images to current release
 .. note:: Debian does not provide repositories for the in-development release
           until much later in the cycle.
 
-* [kolla] Switch CentOS images to use the current in-development release
-  master RDO Delorean repository
-
-  * example: https://review.opendev.org/c/openstack/kolla/+/804269
-
 * [kolla] Switch Ubuntu images to use the current in-development release
   Ubuntu Cloud Archive (UCA) repository
 
@@ -237,11 +232,6 @@ Prior to creating an RC1 release candidate:
 
   * example: TODO
 
-* [kolla] Switch CentOS images to use the current in-development release
-  stable RDO Delorean repository
-
-  * example: https://review.opendev.org/c/openstack/kolla/+/787339
-
 R-0: Kolla & Kolla Ansible RC1 & stable branch creation
 -------------------------------------------------------
 
@@ -407,13 +397,6 @@ Several tasks are required to finalise the stable branch for release.
 
   * example: https://review.opendev.org/c/openstack/kolla-ansible/+/788292
 
-* [kolla] Switch CentOS images to use the CentOS Cloud SIG repository for the
-  new release
-
-  .. note:: This needs to be done on the stable branch.
-
-  * example: https://review.opendev.org/c/openstack/kolla/+/788490
-
 * [kolla] Switch Debian images to use the Debian OpenStack repository
   for the new release
 
@@ -434,6 +417,10 @@ bugs against it.
 
   * example: https://review.opendev.org/c/openstack/releases/+/769328
 
+* [all] Update openstack-manuals project-data for kolla + kolla-ansible
+
+  * example: https://review.opendev.org/c/openstack/openstack-manuals/+/934349
+
 After final release, projects enter the :ref:`stable-branch-lifecycle` with a
 status of Maintained.
 

doc/source/contributor/running-in-development.rst

@@ -7,23 +7,15 @@ Running Kolla Build in development
 The recommended way to run in development
 -----------------------------------------
 
-The preferred way to run kolla-build for development is using ``tox``.
-Run the following from inside the repository:
-
-.. code-block:: console
-
-    tox -e venv -- kolla-build ...
-
-The alternative way to run in development
------------------------------------------
-
-Sometimes, developers prefer to manage their venvs themselves. This is also
-possible. Remember to install in editable mode (``-e``). Run the following from
-inside the repository:
+To clone the repository and install the package
+in development mode, run the following commands:
+
 
 .. code-block:: console
 
+    git clone https://opendev.org/openstack/kolla.git
+    cd kolla
     python3 -m venv ~/path/to/venv
     source ~/path/to/venv/bin/activate
-    python3 -m pip install -e .
+    python3 -m pip install --editable .
     kolla-build ...

doc/source/contributor/versions.rst

@@ -10,7 +10,7 @@ For each component used we list version used at branch release and provide
 information about package sources.
 
 .. note::
-    When table mentions 'CentOS' it means both CentOS Stream 9 and Rocky Linux 9.
+    When table mentions 'CentOS' it means both CentOS Stream 10 and Rocky Linux 10.
 
 ==============  ================  =============================================
  Name           Version           Package source information
@@ -21,19 +21,19 @@ information about package sources.
  Logstash       7.x                `Logstash install guide`_
  MariaDB        10.11 (LTS)        `MariaDB Community downloads`_
  Galera         26.4 (LTS)         `MariaDB Community downloads`_
- OpenSearch     2.x                `OpenSearch install guide`_
- ProxySQL       2.6.x              `ProxySQL repository`_
- Rabbitmq       3.10.x             - CentOS:
-                                     `Team RabbitMQ 'PackageCloud' repository`_
+ OpenSearch     3.x                `OpenSearch install guide`_
+ ProxySQL       2.7.x              `ProxySQL repository`_
+ Rabbitmq       4.1.x              - CentOS/Rocky:
+                                     `Team RabbitMQ 'Cloudsmith' repo (RPM)`_
                                    - Debian/Ubuntu:
-                                     `Team RabbitMQ 'Cloudsmith' repository`_
- Erlang         25.x               - CentOS aarch64:
-                                     `Hrw's COPR`_
-                                   - CentOS x86-64:
-                                     `Team RabbitMQ 'PackageCloud' repository`_
+                                     `Team RabbitMQ 'Cloudsmith' repo (Deb)`_
+ Erlang         27.X               - CentOS/Rocky aarch64:
+                                     `openstack-kolla COPR`_
+                                   - CentOS/Rocky x86-64:
+                                     `Team RabbitMQ 'Cloudsmith' repo (RPM)`_
                                    - Debian/Ubuntu:
                                      `Team RabbitMQ 'Modern Erlang' PPA`_
- TD Agent       4.4.x              `TreasureData install guide`_
+ Fluentd        6.x (LTS)          `Fluentd install guide`_
  Telegraf       1.24.x             `InfluxDB upstream repo`_
 ==============  ================  =============================================
 
@@ -41,13 +41,13 @@ information about package sources.
 .. _`OpenSearch install guide`: https://opensearch.org/downloads.html
 .. _`Kibana install guide`: https://www.elastic.co/guide/en/kibana/7.10/install.html
 .. _`Logstash install guide`: https://www.elastic.co/guide/en/logstash/7.9/installing-logstash.html
-.. _`TreasureData install guide`: https://www.fluentd.org/download
-.. _`ProxySQL repository`: https://repo.proxysql.com/ProxySQL/proxysql-2.6.x/
+.. _`Fluentd install guide`: https://www.fluentd.org/download
+.. _`ProxySQL repository`: https://repo.proxysql.com/ProxySQL/proxysql-3.0.x/
 
-.. _`Team RabbitMQ 'Cloudsmith' repository`: https://www.rabbitmq.com/install-debian.html#apt-cloudsmith
+.. _`Team RabbitMQ 'Cloudsmith' repo (Deb)`: https://www.rabbitmq.com/install-debian.html#apt-cloudsmith
 .. _`Team RabbitMQ 'Modern Erlang' PPA`: https://launchpad.net/~rabbitmq/+archive/ubuntu/rabbitmq-erlang
-.. _`Team RabbitMQ 'PackageCloud' repository`: https://www.rabbitmq.com/install-rpm.html#package-cloud
-.. _`Hrw's COPR`: https://copr.fedorainfracloud.org/coprs/hrw/erlang-for-rabbitmq/
+.. _`Team RabbitMQ 'Cloudsmith' repo (RPM)`: https://www.rabbitmq.com/docs/install-rpm#cloudsmith
+.. _`openstack-kolla COPR`: https://copr.fedorainfracloud.org/coprs/g/openstack-kolla/rabbitmq-erlang-27/
 
 .. _`Grafana install guide`: https://grafana.com/grafana/download?platform=linux&edition=oss
 .. _`MariaDB Community downloads`: https://mariadb.com/downloads/community/

doc/source/matrix_aarch64.csv

@@ -46,12 +46,11 @@ ovsdpdk,N,U,U
 placement,U,U,U
 prometheus,U,U,U
 rabbitmq,U,U,U
-redis,U,U,U
 skyline,U,U,U
-swift,U,U,U
 tacker,U,U,U
 telegraf,N,N,N
 tgtd,U,U,U
 trove,U,U,U
+valkey,U,U,U
 watcher,U,U,U
 zun,U,U,U

doc/source/matrix_x86.csv

@@ -47,12 +47,12 @@ ovsdpdk,N,U,U
 placement,T,T,T
 prometheus,U,U,U
 rabbitmq,T,T,T
-redis,T,U,U
 skyline,U,U,U
 swift,T,T,U
 tacker,T,U,U
 telegraf,U,U,U
 tgtd,N,T,U
 trove,U,U,U
+valkey,T,U,U
 watcher,U,U,U
 zun,T,T,U

doc/source/support_matrix.rst

@@ -17,9 +17,9 @@ The following base container images are supported:
 ================== =============================== ================
 Distribution       Default base                    Default base tag
 ================== =============================== ================
-Rocky Linux        quay.io/rockylinux/rockylinux   9
-Debian Bullseye    debian                          bullseye
-Ubuntu Jammy       ubuntu                          22.04
+Rocky Linux        quay.io/rockylinux/rockylinux   10
+Debian Trixie      debian                          trixie
+Ubuntu Noble       ubuntu                          24.04
 ================== =============================== ================
 
 The remainder of this document outlines which images are supported on which of
@@ -59,6 +59,11 @@ N - Not Available/Unknown
 Not available *(e.g. not buildable)*.
 Please see :ref:`unbuildable-images-list`
 
+Deprecations
+============
+
+None
+
 x86_64 images
 =============
 

docker/aodh/aodh-api/Dockerfile.j2

@@ -10,5 +10,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 COPY extend_start.sh /usr/local/bin/kolla_aodh_extend_start
 RUN chmod 644 /usr/local/bin/kolla_aodh_extend_start
 
+{{ macros.kolla_patch_sources() }}
+
 {% block aodh_api_footer %}{% endblock %}
 {% block footer %}{% endblock %}

docker/aodh/aodh-base/Dockerfile.j2

@@ -28,10 +28,14 @@ RUN ln -s aodh-base-source/* aodh \
     && {{ macros.install_pip(aodh_base_pip_packages | customizable("pip_packages")) }} \
     && mkdir -p /etc/aodh /var/www/cgi-bin/aodh \
     && cp /aodh/aodh/api/app.wsgi /var/www/cgi-bin/aodh \
+    && cp /aodh/aodh/api/api-paste.ini /etc/aodh/ \
+    && chmod 644 /etc/aodh/api-paste.ini \
     && chmod 750 /etc/sudoers.d \
     && chmod 640 /etc/sudoers.d/kolla_aodh_sudoers \
     && chmod 755 /var/www/cgi-bin/aodh \
     && touch /usr/local/bin/kolla_aodh_extend_start \
     && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_aodh_extend_start
 
+{{ macros.kolla_patch_sources() }}
+
 {% block aodh_base_footer %}{% endblock %}

docker/aodh/aodh-evaluator/Dockerfile.j2

@@ -7,6 +7,8 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% import "macros.j2" as macros with context %}
 
+{{ macros.kolla_patch_sources() }}
+
 {% block aodh_evaluator_footer %}{% endblock %}
 {% block footer %}{% endblock %}
 

docker/aodh/aodh-expirer/Dockerfile.j2

@@ -7,6 +7,8 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% import "macros.j2" as macros with context %}
 
+{{ macros.kolla_patch_sources() }}
+
 {% block aodh_expirer_footer %}{% endblock %}
 {% block footer %}{% endblock %}
 

docker/aodh/aodh-listener/Dockerfile.j2

@@ -7,6 +7,8 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% import "macros.j2" as macros with context %}
 
+{{ macros.kolla_patch_sources() }}
+
 {% block aodh_listener_footer %}{% endblock %}
 {% block footer %}{% endblock %}
 

docker/aodh/aodh-notifier/Dockerfile.j2

@@ -7,6 +7,8 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% import "macros.j2" as macros with context %}
 
+{{ macros.kolla_patch_sources() }}
+
 {% block aodh_notifier_footer %}{% endblock %}
 {% block footer %}{% endblock %}
 

docker/barbican/barbican-api/Dockerfile.j2

@@ -11,6 +11,8 @@ COPY extend_start.sh /usr/local/bin/kolla_barbican_extend_start
 
 RUN chmod 644 /usr/local/bin/kolla_barbican_extend_start
 
+{{ macros.kolla_patch_sources() }}
+
 {% block barbican_api_footer %}{% endblock %}
 {% block footer %}{% endblock %}
 

docker/barbican/barbican-base/Dockerfile.j2

@@ -7,13 +7,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% import "macros.j2" as macros with context %}
 
-{{ macros.configure_user(name='barbican', groups='nfast') }}
-
-{% if base_package_type == 'rpm' %}
-    {% set barbican_base_packages = ['uwsgi-plugin-python3'] %}
-{% elif base_package_type == 'deb' %}
-    {% set barbican_base_packages = ['uwsgi-plugin-python3'] %}
-{% endif %}
+{{ macros.configure_user(name='barbican', groups='nfast,hsmusers') }}
 
 {{ macros.install_packages(barbican_base_packages | customizable("packages")) }}
 
@@ -21,7 +15,6 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
     '/barbican',
     'pastedeploy',
     'python-barbicanclient',
-    'uwsgi'
 ] %}
 
 ADD barbican-base-archive /barbican-base-source
@@ -38,4 +31,6 @@ RUN ln -s barbican-base-source/* barbican \
     && touch /usr/local/bin/kolla_barbican_extend_start \
     && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_barbican_extend_start
 
+{{ macros.kolla_patch_sources() }}
+
 {% block barbican_base_footer %}{% endblock %}

docker/barbican/barbican-keystone-listener/Dockerfile.j2

@@ -7,6 +7,8 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% import "macros.j2" as macros with context %}
 
+{{ macros.kolla_patch_sources() }}
+
 {% block barbican_keystone_listener_footer %}{% endblock %}
 {% block footer %}{% endblock %}
 

docker/barbican/barbican-worker/Dockerfile.j2

@@ -7,6 +7,8 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% import "macros.j2" as macros with context %}
 
+{{ macros.kolla_patch_sources() }}
+
 {% block barbican_worker_footer %}{% endblock %}
 {% block footer %}{% endblock %}
 

docker/base/Dockerfile.j2

@@ -23,10 +23,8 @@ LABEL kolla_version="{{ kolla_version }}"
 {% block base_header %}{% endblock %}
 
 ENV KOLLA_BASE_DISTRO={{ base_distro }} \
-    KOLLA_DISTRO_PYTHON_VERSION={{ distro_python_version }} \
     KOLLA_BASE_ARCH={{ base_arch }}
 
-
 #### Customize PS1 to be used with bash shell
 COPY kolla_bashrc /tmp/
 RUN cat /tmp/kolla_bashrc >> /etc/skel/.bashrc \
@@ -41,6 +39,9 @@ ENV PS1="$(tput bold)($(printenv KOLLA_SERVICE_NAME))$(tput sgr0)[$(id -un)@$(ho
 # enables to provide repo overrides at a later date in a simple fashion if we
 # desire such functionality.  I think we will :)
 
+ENV KOLLA_RPM_OVS_VERSION=3.5 \
+    KOLLA_RPM_OVN_VERSION=25.03
+
 RUN cat /tmp/kolla_bashrc >> /etc/bashrc \
     && sed -i 's|^\(override_install_langs=.*\)|# \1|' /etc/dnf/dnf.conf
 
@@ -53,44 +54,12 @@ COPY dnf.conf /etc/dnf/dnf.conf
 {% endblock %}
 
 #### BEGIN REPO ENABLEMENT
-{% set base_yum_repo_files = [
-    'grafana.repo',
-    'influxdb.repo',
-    'mariadb.repo',
-    'opensearch.repo',
-    'proxysql.repo',
-    'rabbitmq_rabbitmq-server.repo',
-    'td.repo',
-] %}
-
 {% set base_yum_url_packages = [
 ] %}
 
 {% set base_yum_repo_keys = [
 ] %}
 
-{% if base_arch == 'x86_64' %}
-    {% set base_yum_repo_files = base_yum_repo_files + [
-        'rabbitmq_rabbitmq-erlang.repo',
-    ] %}
-
-{% elif base_arch == 'aarch64' %}
-    {% set base_yum_repo_files = base_yum_repo_files + [
-        'hrw-copr-erlang-for-rabbitmq.repo',
-    ] %}
-
-{#
-SHA1 keys are not supported in RHEL9: https://github.com/rpm-software-management/rpm/issues/1977
-        'https://packages.erlang-solutions.com/rpm/erlang_solutions.asc',
- #}
-    {% set base_yum_repo_keys = base_yum_repo_keys + [
-    ] %}
-{% endif %}
-
-{%- for repo_file in base_yum_repo_files | customizable('yum_repo_files') %}
-COPY {{ repo_file }} /etc/yum.repos.d/{{ repo_file }}
-{%- endfor %}
-
 {% block base_centos_repo_overrides_post_copy %}{% endblock %}
 
 # Install what is needed for en_US.UTF-8
@@ -130,9 +99,8 @@ RUN rm -f /etc/rpm/macros.image-language-conf \
 ] %}
 
 {% set base_centos_yum_repo_packages = [
-    'centos-release-ceph-reef',
+    'centos-release-ceph-squid',
     'centos-release-nfv-openvswitch',
-    'centos-release-opstools',
     'epel-release',
 ] %}
 
@@ -140,40 +108,9 @@ RUN rm -f /etc/rpm/macros.image-language-conf \
 {% set base_centos_yum_repo_packages = base_centos_yum_repo_packages + [
     'dnf-plugins-core'
 ] %}
-{% set base_centos_yum_repos_to_enable = [
-] %}
-
-# FIXME(hrw): entries not starting with 'centos-' (and 'centos-nfv-ovs') are
-# from delorean or rdo-release-* package
-# https://review.rdoproject.org/r/c/rdo-infra/ansible-role-dlrn/+/33241
-{% set base_centos_yum_repos_to_disable = [
-    'centos-ceph-reef',
-    'centos-nfv-openvswitch',
-    'centos-opstools',
-    'centos9-nfv-ovs',
-    'centos9-opstools',
-    'centos9-rabbitmq',
-    'centos9-storage',
-    'epel',
-    'influxdb',
-    'opensearch-2.x',
-    'opensearch-dashboards-2.x',
-] %}
-
-{% if base_arch == 'aarch64' %}
-
-{# NOTE(hrw): delorean-deps.repo may force x86-64 repos #}
-
-RUN sed -i -e "s/x86_64/aarch64/g" /etc/yum.repos.d/delorean-deps.repo
-
-{% endif %}
 
 RUN {{ macros.install_packages(base_centos_yum_repo_packages | customizable("centos_yum_repo_packages"), chain=True, clean=False) }}
 
-{%- for repo in base_centos_yum_repos_to_enable | customizable('centos_yum_repos_to_enable') %} && dnf config-manager --enable {{ repo }} {% endfor -%}
-
-{%- for repo in base_centos_yum_repos_to_disable | customizable('centos_yum_repos_to_disable') %} && dnf config-manager --disable {{ repo }} {% endfor -%}
-
 {%- for key in base_centos_yum_repo_keys | customizable('centos_yum_repo_keys') %} && rpm --import {{ key }} {% endfor %} \
 {% block base_centos_repo_overrides_post_yum %}{% endblock -%}
     && {{ macros.rpm_security_update(clean_package_cache) }}
@@ -197,6 +134,7 @@ RUN {{ macros.install_packages(base_centos_yum_repo_packages | customizable("cen
         'lsof',
         'lvm2',
         'ncurses',
+        'openssl',
         'procps-ng',
         'python3',
         'python3-pip',
@@ -205,11 +143,13 @@ RUN {{ macros.install_packages(base_centos_yum_repo_packages | customizable("cen
         'tar',
         'util-linux',
         'util-linux-user',
-        'which'
+        'which',
+        'patch'
 ] %}
 
 # Install base packages
-{{ macros.install_packages( base_centos_packages | customizable("centos_packages") | customizable("centos_binary_packages") | customizable("centos_source_packages") ) }}
+{{ macros.enable_extra_repos(['epel']) }}
+{{ macros.install_packages(base_centos_packages | customizable("centos_packages") | customizable("centos_binary_packages") | customizable("centos_source_packages")) }}
 
 {# endif for base_package_type rpm #}
 {% elif base_package_type == 'deb' %}
@@ -247,12 +187,12 @@ RUN cat /tmp/kolla_bashrc >> /etc/bash.bashrc \
     && sed -i -e s/#*LAST_SYSTEM_UID=999/LAST_SYSTEM_UID=59999/g \
               -e s/#*LAST_SYSTEM_GID=999/LAST_SYSTEM_GID=59999/g /etc/adduser.conf
 
+{# NOTE(mnasiadka): Ubuntu arm64 uses ports.ubuntu.com #}
 {% block base_ubuntu_package_sources_list %}
-{% if base_distro == 'debian' or ( base_distro == 'ubuntu' and base_arch == 'x86_64' ) %}
-RUN rm -f /etc/apt/sources.list.d/debian.sources
-COPY sources.list.{{ base_distro }} /etc/apt/sources.list
+{% if base_distro == "ubuntu" and base_arch == 'aarch64' %}
+COPY {{ base_distro }}.sources.arm64 /etc/apt/sources.list.d/{{ base_distro }}.sources
 {% else %}
-COPY sources.list.{{ base_distro }}.{{ base_arch }} /etc/apt/sources.list
+COPY {{ base_distro }}.sources /etc/apt/sources.list.d/
 {% endif %}
 COPY sources.list /etc/apt/sources.list.d/kolla-custom.list
 {% endblock %}
@@ -264,7 +204,7 @@ COPY sources.list /etc/apt/sources.list.d/kolla-custom.list
 
 RUN apt update \
  && apt install -y --no-install-recommends extrepo \
- && extrepo enable openstack_caracal \
+ && extrepo enable openstack_{{ openstack_release_codename | lower }} \
  && apt purge -y extrepo \
  && apt --purge autoremove -y \
  && apt clean
@@ -279,6 +219,7 @@ COPY apt_preferences /etc/apt/preferences.d/kolla-custom
 {% set base_apt_packages = [
    'apt-utils',
    'dumb-init',
+   'systemd-standalone-sysusers',
    'gawk',
    'iproute2',
    'kmod',
@@ -291,23 +232,25 @@ COPY apt_preferences /etc/apt/preferences.d/kolla-custom
    'python3-pip',
    'socat',
    'sudo',
-   'tgt'
+   'tgt',
+   'patch'
 ] %}
 
 {% set base_apt_keys = [
    {'name': 'erlang-ppa', 'keyid': 'F77F1EDA57EBB1CC'},
-   {'name': 'rabbitmq',   'keyid': '9F4587F226208342'},
+   {'name': 'rabbitmq',   'keyid': '6B73A36E6026DFCA'},
    {'name': 'haproxy',    'keyid': 'CFFB779AADC995E4F350A060505D97A41C61B9CD'},
 ] %}
 
 {# NOTE(hrw): type field defaults to 'asc' which is used for single keys #}
 {% set base_remote_apt_keys = [
+   {'name': 'docker-ce', 'url': 'https://download.docker.com/linux/debian/gpg'},
+   {'name': 'fluentd', 'url': 'https://fluentd.cdn.cncf.io/GPG-KEY-fluent-package'},
    {'name': 'grafana', 'url': 'https://rpm.grafana.com/gpg.key'},
-   {'name': 'influxdb', 'url': 'https://repos.influxdata.com/influxdata-archive_compat.key'},
+   {'name': 'influxdb', 'url': 'https://repos.influxdata.com/influxdata-archive.key'},
    {'name': 'mariadb', 'url': 'https://downloads.mariadb.com/MariaDB/mariadb-keyring-2019.gpg', 'type': 'gpg'},
-   {'name': 'opensearch', 'url': 'https://artifacts.opensearch.org/publickeys/opensearch.pgp'},
-   {'name': 'proxysql', 'url': 'https://repo.proxysql.com/ProxySQL/proxysql-2.6.x/repo_pub_key'},
-   {'name': 'treasuredata', 'url': 'https://packages.treasuredata.com/GPG-KEY-td-agent'},
+   {'name': 'opensearch', 'url': 'https://artifacts.opensearch.org/publickeys/opensearch-release.pgp'},
+   {'name': 'proxysql', 'url': 'https://repo.proxysql.com/ProxySQL/proxysql-3.0.x/repo_pub_key'},
 ] %}
 
 {% block base_ubuntu_package_installation %}
@@ -334,7 +277,9 @@ RUN apt-get --error-on=any update \
     && locale-gen "$LANG" \
     && apt-get -y upgrade \
     && apt-get -y dist-upgrade \
-    && {{ macros.install_packages(base_apt_packages | customizable('apt_packages'), True) }}
+    && {{ macros.install_packages(base_apt_packages | customizable('apt_packages'), True) }} \
+    # NOTE: python3-pip installs dependent tzdata package and blocks mount in docker - 2091161
+    && unlink /etc/localtime
 
 {% endblock %}
 
@@ -358,7 +303,9 @@ RUN sed -ri '/-session(\s+)optional(\s+)pam_systemd.so/d' /etc/pam.d/system-auth
 COPY set_configs.py /usr/local/bin/kolla_set_configs
 COPY start.sh /usr/local/bin/kolla_start
 COPY copy_cacerts.sh /usr/local/bin/kolla_copy_cacerts
+COPY install_projects.sh /usr/local/bin/kolla_install_projects
 COPY httpd_setup.sh /usr/local/bin/kolla_httpd_setup
+COPY kolla_patch.sh /usr/local/bin/kolla_patch
 COPY sudoers /etc/sudoers
 
 {% if use_dumb_init %}
@@ -375,7 +322,11 @@ RUN chmod 755 /usr/local/bin/healthcheck_*
 {% endif %}
 
 RUN touch /usr/local/bin/kolla_extend_start \
-    && chmod 755 /usr/local/bin/kolla_start /usr/local/bin/kolla_set_configs /usr/local/bin/kolla_copy_cacerts \
+    && chmod 755 /usr/local/bin/kolla_start \
+                 /usr/local/bin/kolla_set_configs \
+                 /usr/local/bin/kolla_copy_cacerts \
+                 /usr/local/bin/kolla_install_projects \
+                 /usr/local/bin/kolla_patch \
     && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_httpd_setup \
     && chmod 440 /etc/sudoers \
     && mkdir -p /var/log/kolla \
@@ -387,8 +338,9 @@ RUN touch /usr/local/bin/kolla_extend_start \
 # the variables like PIP_INDEX_URL, PIP_EXTRA_INDEX_URL, PIP_TRUSTED_HOST etc. should be defined here.
 # ENV PIP_INDEX_URL=https://pypi.python.org/simple
 # ENV PIP_TRUSTED_HOST=pypi.python.org
-# ENV UPPER_CONSTRAINTS_FILE=https://releases.openstack.org/constraints/upper/{{ openstack_release }}
 {% endblock %}
 
+{{ macros.kolla_patch_sources() }}
+
 {% block base_footer %}{% endblock %}
 CMD ["kolla_start"]

docker/base/apt_preferences.debian

@@ -1,4 +1,4 @@
 # NOTE(hrw): we do not want backports unless requested
 Package: *
-Pin: release n=bookworm-backports
+Pin: release n=trixie-backports
 Pin-Priority: -1000

docker/base/ci-centos.repo

@@ -1,6 +1,6 @@
 [baseos]
 name=(OpenDev mirror) CentOS Stream $releasever - BaseOS
-baseurl=http://MIRROR/centos-stream/9-stream/BaseOS/$basearch/os/
+baseurl=http://MIRROR/centos-stream/$stream/BaseOS/$basearch/os/
 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
 gpgcheck=1
 repo_gpgcheck=0
@@ -8,7 +8,7 @@ enabled=1
 
 [appstream]
 name=(OpenDev mirror) CentOS Stream $releasever - AppStream
-baseurl=http://MIRROR/centos-stream/9-stream/AppStream/$basearch/os/
+baseurl=http://MIRROR/centos-stream/$stream/AppStream/$basearch/os/
 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
 gpgcheck=1
 repo_gpgcheck=0
@@ -16,7 +16,7 @@ enabled=1
 
 [extras-common]
 name=(OpenDev mirror) CentOS Stream $releasever - Extras packages
-baseurl=http://MIRROR/centos-stream/SIGs/9-stream/extras/$basearch/extras-common/
+baseurl=http://MIRROR/centos-stream/SIGs/$stream/extras/$basearch/extras-common/
 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Extras-SHA512
 gpgcheck=1
 repo_gpgcheck=0
@@ -24,7 +24,7 @@ enabled=1
 
 [crb]
 name=(OpenDev mirror) CentOS Stream $releasever - CRB
-baseurl=http://MIRROR/centos-stream/9-stream/CRB/$basearch/os/
+baseurl=http://MIRROR/centos-stream/$stream/CRB/$basearch/os/
 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
 gpgcheck=1
 repo_gpgcheck=0
@@ -32,7 +32,7 @@ enabled=0
 
 [highavailability]
 name=(OpenDev mirror) CentOS Stream $releasever - HighAvailability
-baseurl=http://MIRROR/centos-stream/9-stream/HighAvailability/$basearch/os/
+baseurl=http://MIRROR/centos-stream/$stream/HighAvailability/$basearch/os/
 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
 gpgcheck=1
 repo_gpgcheck=0

docker/base/ci-rocky.repo

@@ -1,35 +0,0 @@
-[centos-ceph-reef]
-name=(OpenDev mirror) CentOS-$stream - Ceph Reef
-baseurl=http://MIRROR/centos-stream/SIGs/$stream/storage/$basearch/ceph-reef/
-gpgcheck=1
-enabled=0
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Storage
-
-[centos-nfv-openvswitch]
-name=(OpenDev mirror) CentOS Stream $releasever - NFV OpenvSwitch
-baseurl=http://MIRROR/centos-stream/SIGs/$stream/nfv/$basearch/openvswitch-2/
-gpgcheck=1
-enabled=0
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-NFV
-module_hotfixes=1
-
-[centos-opstools]
-name=(OpenDev mirror) CentOS Stream $releasever - OpsTools - collectd
-baseurl=http://MIRROR/centos-stream/SIGs/$stream/opstools/$basearch/collectd-5/
-gpgcheck=1
-enabled=0
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-OpsTools
-
-[centos-rabbitmq-38]
-name=(OpenDev mirror) CentOS-9 - RabbitMQ 38
-baseurl=http://MIRROR/centos-stream/SIGs/$stream/messaging/$basearch/rabbitmq-38
-gpgcheck=1
-enabled=0
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Messaging
-
-[epel]
-name=(OpenDev mirror) Extra Packages for Enterprise Linux $releasever - $basearch
-baseurl=http://MIRROR/epel/$releasever/Everything/$basearch/
-enabled=0
-gpgcheck=1
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-$releasever

docker/base/copy_cacerts.sh

@@ -3,25 +3,46 @@
 # Copy custom CA certificates to system trusted CA certificates folder
 # and run CA update utility
 
-# Remove old certificates
-rm -f /usr/local/share/ca-certificates/kolla-customca-* \
-        /etc/pki/ca-trust/source/anchors/kolla-customca-*
-
-if [[ -d /var/lib/kolla/config_files/ca-certificates ]] && \
-        [[ ! -z "$(ls -A /var/lib/kolla/config_files/ca-certificates/)" ]]; then
-    if [[ -e /etc/debian_version ]]; then
-        # Debian, Ubuntu
-        for cert in /var/lib/kolla/config_files/ca-certificates/*; do
-            file=$(basename "$cert")
-            cp $cert "/usr/local/share/ca-certificates/kolla-customca-$file"
-        done
-        update-ca-certificates
-    elif [[ -e /etc/redhat-release ]]; then
-        # CentOS
-        for cert in /var/lib/kolla/config_files/ca-certificates/*; do
-            file=$(basename "$cert")
-            cp $cert "/etc/pki/ca-trust/source/anchors/kolla-customca-$file"
-        done
-        update-ca-trust
-    fi
+if [[ -e "/etc/debian_version" ]]; then
+    ca_dst_path="/usr/local/share/ca-certificates"
+    update_command="update-ca-certificates"
+elif [[ -e "/etc/redhat-release" ]]; then
+    ca_dst_path="/etc/pki/ca-trust/source/anchors"
+    update_command="update-ca-trust"
+else
+    echo "Unsupported OS"
+    exit 1
+fi
+
+# Initialize update_needed variable
+update_needed="false"
+
+# Remove old certificates
+if find /etc/ssl/certs/ \
+        /usr/local/share/ca-certificates/ \
+        /etc/pki/ca-trust/source/anchors/ \
+        -name 'kolla*' -exec rm -f {} + 2>/dev/null; then
+    update_needed="true"
+fi
+
+# Determine source path for CA certificates
+if grep -q '"source": "/var/lib/kolla/share/ca-certificates"' /etc/kolla/defaults/state; then
+    ca_src_path="/var/lib/kolla/share/ca-certificates"
+else
+    ca_src_path="/var/lib/kolla/config_files/ca-certificates"
+fi
+
+# Check if the source path exists and is not empty
+if [[ -d ${ca_src_path} && $(ls -A "${ca_src_path}" 2>/dev/null) ]]; then
+    # Copy certificates and update CA
+    for cert in "${ca_src_path}"/*; do
+        file=$(basename "${cert}")
+        cp ${cert} ${ca_dst_path}/kolla-customca-${file}
+        update_needed="true"
+    done
+fi
+
+# Run the update command if needed
+if [[ "${update_needed}" == "true" ]]; then
+    ${update_command}
 fi

docker/base/debian.sources

@@ -0,0 +1,13 @@
+Types: deb
+# http://snapshot.debian.org/archive/debian/20251020T000000Z
+URIs: http://deb.debian.org/debian
+Suites: trixie trixie-updates trixie-backports
+Components: main
+Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
+
+Types: deb
+# http://snapshot.debian.org/archive/debian-security/20251020T000000Z
+URIs: http://deb.debian.org/debian-security
+Suites: trixie-security
+Components: main
+Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

docker/base/grafana.repo

@@ -1,8 +0,0 @@
-[grafana]
-name=grafana
-baseurl=https://rpm.grafana.com
-enabled=0
-gpgcheck=1
-gpgkey=https://rpm.grafana.com/gpg.key
-sslverify=1
-sslcacert=/etc/pki/tls/certs/ca-bundle.crt

docker/base/hrw-copr-erlang-for-rabbitmq.repo

@@ -1,11 +0,0 @@
-# NOTE(hrw): this repository contains rebuild of Erlang package from RabbitMQ team
-# from https://github.com/rabbitmq/erlang-rpm/
-# Thanks to COPR we have aarch64 packages for CentOS Stream 8/9
-
-[copr-hrw-erlang-for-rabbitmq]
-name=Hrw's COPR with Erlang build for RabbitMQ
-baseurl=https://download.copr.fedorainfracloud.org/results/hrw/erlang-for-rabbitmq/centos-stream-$releasever-$basearch/
-gpgcheck=1
-enabled=0
-gpgkey=https://download.copr.fedorainfracloud.org/results/hrw/erlang-for-rabbitmq/pubkey.gpg
-repo_gpgcheck=0

docker/base/httpd_setup.sh

@@ -39,3 +39,13 @@ EOF
         /usr/libexec/httpd-ssl-gencerts
     fi
 fi
+
+# The default system locale with unicode support
+LANG=C.UTF-8
+
+# Override the default locale if configured
+if [[ "${KOLLA_BASE_DISTRO}" =~ debian|ubuntu ]]; then
+    [ -f /etc/default/locale ] && . /etc/default/locale
+else
+    [ -f /etc/locale.conf ] && . /etc/locale.conf
+fi

docker/base/influxdb.repo

@@ -1,6 +0,0 @@
-[influxdb]
-name = InfluxDB Repository - RHEL $releasever
-baseurl = https://repos.influxdata.com/rhel/$releasever/$basearch/stable
-enabled = 0
-gpgcheck = 1
-gpgkey = https://repos.influxdata.com/influxdata-archive_compat.key

docker/base/install_projects.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+# This script finds all projects in /dev-mode folder and
+# installs them using pip
+# The projects are mounted there when dev mode is enabled for them
+# in kolla-ansible
+
+if [ -d "/dev-mode" ]; then
+    for project in /dev-mode/*; do
+        pip install -U "$project"
+    done
+fi

docker/base/kolla_patch.sh

@@ -0,0 +1,55 @@
+#!/bin/bash
+
+# This script works as debian quilt patch.
+# So, patch files included in /patches/series
+# are applied and information what was applied
+# is stored in /etc/kolla/patched.
+#
+# No more, no less :)
+
+cd /
+
+# If exist /patches/series
+# let's try to apply patches
+if [ -e "/patches/series" ]; then
+    # If there is /patches/series.applied
+    # then it means previous run already applied
+    # some patches - from another intermediate container
+    #
+    # So, let's add patches again to /patches/series
+    # and let's script to handle it
+    if [ -e "/patches/series.applied" ]; then
+        grep -v '^#' /patches/series.applied > /tmp/series.tmp
+        grep -v '^#' /patches/series >> /tmp/series.tmp
+        rm -f /patches/series
+        mv /tmp/series.tmp /patches/series
+    fi
+    touch /etc/kolla/patched
+    for patchfile in $(grep -v '^#' /patches/series); do
+        # If patch is not applied, try to apply it, otherwise
+        # inform user that patchfile is already applied
+        if ! grep -q "$patchfile" /etc/kolla/patched; then
+            echo "[i] Applying /patches/${patchfile}"
+            patch -p0 --fuzz=0 --ignore-whitespace < /patches/${i}/${patchfile}
+            # If apply patch was successful inform user,
+            # otherwise fail build process and inform user
+            # to check/fix patch
+            if [ $? -eq 0 ]; then
+                echo "[i] Applied /patches/${patchfile}" >> /etc/kolla/patched
+            else
+                echo "[i] Patch /patches/${patchfile} failed, please fix your patchfiles."
+                exit 1
+            fi
+        else
+            echo "[i] /patches/${patchfile} already applied."
+        fi
+    done
+    # Ignore files which are commented and move
+    # to /patches/series.applied as /patch/series
+    # can be potentially replaced by another files
+    # from different intermediate container
+    grep -v '^#' /patches/series > /patches/series.applied
+    rm -f /patches/series
+else
+    echo "[i] No series file found, nothing to patch."
+fi

docker/base/mariadb.repo

@@ -1,7 +0,0 @@
-[mariadb]
-name = MariaDB Server
-baseurl = https://dlm.mariadb.com/repo/mariadb-server/10.11/yum/rhel/$releasever/$basearch
-gpgcheck = 1
-enabled = 0
-module_hotfixes = 1
-gpgkey = https://downloads.mariadb.com/MariaDB/RPM-GPG-KEY-MariaDB

docker/base/opensearch.repo

@@ -1,19 +0,0 @@
-[opensearch-2.x]
-name=OpenSearch 2.x
-baseurl=https://artifacts.opensearch.org/releases/bundle/opensearch/2.x/yum
-enabled=0
-repo_gpgcheck=1
-gpgcheck=1
-gpgkey=https://artifacts.opensearch.org/publickeys/opensearch.pgp
-autorefresh=1
-type=rpm-md
-
-[opensearch-dashboards-2.x]
-name=OpenSearch Dashboards 2.x
-baseurl=https://artifacts.opensearch.org/releases/bundle/opensearch-dashboards/2.x/yum
-enabled=0
-repo_gpgcheck=1
-gpgcheck=1
-gpgkey=https://artifacts.opensearch.org/publickeys/opensearch.pgp
-autorefresh=1
-type=rpm-md

docker/base/proxysql.repo

@@ -1,6 +0,0 @@
-[proxysql]
-name = ProxySQL
-baseurl = https://repo.proxysql.com/ProxySQL/proxysql-2.6.x/almalinux/$releasever
-gpgkey = https://repo.proxysql.com/ProxySQL/proxysql-2.6.x/repo_pub_key
-gpgcheck = 1
-enabled = 0

docker/base/rabbitmq_rabbitmq-erlang.repo

@@ -1,6 +0,0 @@
-[rabbitmq_rabbitmq-erlang]
-name=rabbitmq_rabbitmq-erlang
-baseurl=https://packagecloud.io/rabbitmq/erlang/el/9/$basearch
-gpgcheck=1
-enabled=0
-gpgkey = https://github.com/rabbitmq/signing-keys/releases/download/2.0/rabbitmq-release-signing-key.asc

docker/base/rabbitmq_rabbitmq-server.repo

@@ -1,6 +0,0 @@
-[rabbitmq_rabbitmq-server]
-name=rabbitmq_rabbitmq-server
-baseurl=https://packagecloud.io/rabbitmq/rabbitmq-server/el/9/$basearch
-gpgcheck=1
-enabled=0
-gpgkey = https://github.com/rabbitmq/signing-keys/releases/download/2.0/rabbitmq-release-signing-key.asc

docker/base/set_configs.py

@@ -19,16 +19,24 @@ import json
 import logging
 import os
 import pwd
+import re
 import shutil
 import stat
 import sys
 
 
 # TODO(rhallisey): add docstring.
-logging.basicConfig()
+logging.basicConfig(
+    format='%(asctime)s.%(msecs)03d %(levelname)s %(message)s',
+    level=logging.INFO,
+    datefmt='%Y-%m-%d %H:%M:%S'
+)
 LOG = logging.getLogger(__name__)
 LOG.setLevel(logging.INFO)
 
+KOLLA_DEFAULTS = "/etc/kolla/defaults"
+KOLLA_DEFAULTS_STATE = KOLLA_DEFAULTS + '/' + 'state'
+
 
 class ExitingException(Exception):
     def __init__(self, message, exit_code=1):
@@ -56,6 +64,14 @@ class ConfigFileBadState(ExitingException):
     pass
 
 
+class ConfigFileCommandDiffers(ExitingException):
+    pass
+
+
+class StateMismatch(ExitingException):
+    pass
+
+
 class ConfigFile(object):
 
     def __init__(self, source, dest, owner=None, perm=None, optional=False,
@@ -334,6 +350,7 @@ def handle_permissions(config):
         owner = permission.get('owner')
         recurse = permission.get('recurse', False)
         perm = permission.get('perm')
+        exclude = permission.get('exclude', [])
 
         desired_user, desired_group = user_group(owner)
         uid = pwd.getpwnam(desired_user).pw_uid
@@ -373,20 +390,177 @@ def handle_permissions(config):
                     LOG.exception('Failed to set permission of %s to %s',
                                   path, perm)
 
+        def handle_exclusion(root, path_suffix):
+            full_path = os.path.join(root, path_suffix)
+            LOG.debug("Checking for exclusion: %s" % full_path)
+            if exclude:
+                for exclude_ in exclude:
+                    if not re.search(exclude_, full_path):
+                        set_perms(full_path, uid, gid, perm)
+            else:
+                set_perms(full_path, uid, gid, perm)
+
         for dest in glob.glob(path):
             set_perms(dest, uid, gid, perm)
             if recurse and os.path.isdir(dest):
                 for root, dirs, files in os.walk(dest):
                     for dir_ in dirs:
-                        set_perms(os.path.join(root, dir_), uid, gid, perm)
+                        handle_exclusion(root, dir_)
                     for file_ in files:
-                        set_perms(os.path.join(root, file_), uid, gid, perm)
+                        handle_exclusion(root, file_)
+
+
+def get_defaults_state():
+    """Retrieve the saved default configuration state from default state file.
+
+    This function creates the directory for Kolla defaults if it does not
+    exist, and then attempts to read the current configuration state from
+    a JSON file. If the file exists, it reads and returns the content.
+    If not, it returns an empty dictionary.
+
+    Simply said, when the container starts for the first time, the state file
+    doesn't exist, and it returns an empty dictionary.
+    However, if it has already been started before, it will contain the state
+    as it was when it first ran.
+
+    Returns:
+        dict: The configuration state stored in the Kolla defaults state file.
+
+    Example:
+        {
+            "/etc/cinder/cinder.conf": {
+                "source": "/etc/cinder/cinder.conf",
+                "preserve_properties": true,
+                "dest": null
+            },
+            "/etc/apache2/conf-enabled/cinder-wsgi.conf": {
+                "source": "/etc/apache2/conf-enabled/cinder-wsgi.conf",
+                "preserve_properties": true,
+                "dest": null
+            },
+            "/etc/cinder/cinder_audit_map.conf": {
+                "source": "/etc/cinder/cinder_audit_map.conf",
+                "preserve_properties": true,
+                "dest": "/etc/kolla/defaults/etc/cinder/cinder_audit_map.conf"
+            }
+        }
+
+        From above example:
+        /etc/cinder/cinder.conf didn't exist
+        /etc/apache2/conf-enabled/cinder-wsgi.conf didn't exist
+        /etc/cinder/cinder_audit_map.conf exists and saved
+    """
+    os.makedirs(KOLLA_DEFAULTS, exist_ok=True)
+    if os.path.exists(KOLLA_DEFAULTS_STATE):
+        with open(KOLLA_DEFAULTS_STATE, 'r') as f:
+            return json.load(f)
+    else:
+        return {}
+
+
+def set_defaults_state(state):
+    """Save the provided configuration state to the defaults state file.
+
+    This function writes the provided state (a dictionary) to a JSON file at
+    the specified Kolla defaults state location, ensuring that it is properly
+    formatted with indentation for readability.
+
+    Args:
+        state (dict): The configuration state to save to the Kolla defaults
+        state file.
+    """
+    with open(KOLLA_DEFAULTS_STATE, 'w') as f:
+        json.dump(state, f, indent=4)
+
+
+def remove_or_restore_configs(state):
+    """Remove or restore configuration files based on their current state.
+
+    This function iterates over the configuration files in the provided state.
+    If the destination is `None`, it removes the file or directory. Otherwise,
+    it swaps the source and destination, restoring the configuration file
+    by copying it back to its original location.
+
+    Args:
+        state (dict): The current default state of configuration files, mapping
+        file paths to their source and destination information.
+    """
+    for k, v in state.items():
+        if v['dest'] is None:
+            if os.path.exists(k):
+                if os.path.isfile(k):
+                    os.remove(k)
+                else:
+                    shutil.rmtree(k)
+        else:
+            v['source'], v['dest'] = v['dest'], v['source']
+            config_file = ConfigFile(**v)
+            config_file.copy()
+
+
+def backup_configs(config, state):
+    """Back up new configuration files and update the default state.
+
+    This function processes new configuration files provided in the
+    input `config`. For each file, it checks if the destination exists in the
+    current state. If not, it backs up the file by copying it to the default
+    directory. It then updates the state with the new configuration file's
+    information.
+
+    Args:
+        config (dict): The input configuration containing a list of config
+                       files.
+        state (dict): The current default state to be updated with the new
+                      config files.
+    """
+    if 'config_files' in config:
+        for data in config['config_files']:
+            if data['dest'] in state.keys():
+                continue
+            src = data['source']
+            if data['dest'].endswith('/'):
+                dst = data['dest'] + data['source'].split('/')[-1]
+            else:
+                dst = data['dest']
+            default = KOLLA_DEFAULTS + dst
+            if os.path.exists(src):
+                copy = {'source': dst, 'preserve_properties': True}
+                if os.path.exists(dst):
+                    copy['dest'] = default
+                    if dst not in state:
+                        config_file = ConfigFile(**copy)
+                        config_file.copy()
+                        state[dst] = copy
+                else:
+                    copy['dest'] = None
+                    if dst not in state:
+                        state[dst] = copy
+
+
+def handle_defaults(config):
+    """Handle the default config files by copying/removing them as needed.
+
+    This function loads the current default state and manages the configuration
+    files. It first processes existing configuration files in the default
+    state, either removing or restoring them based on their destination status.
+    It then backs up any new configuration files from the input config,
+    updating the default state accordingly.
+
+    Args:
+        config (dict): A dictionary containing the list of configuration files
+        to be handled.
+    """
+    state = get_defaults_state()
+    remove_or_restore_configs(state)
+    backup_configs(config, state)
+    set_defaults_state(state)
 
 
 def execute_config_strategy(config):
     config_strategy = os.environ.get("KOLLA_CONFIG_STRATEGY")
     LOG.info("Kolla config strategy set to: %s", config_strategy)
     if config_strategy == "COPY_ALWAYS":
+        handle_defaults(config)
         copy_config(config)
         handle_permissions(config)
     elif config_strategy == "COPY_ONCE":
@@ -395,6 +569,7 @@ def execute_config_strategy(config):
                 "The config strategy prevents copying new configs",
                 exit_code=0)
         else:
+            handle_defaults(config)
             copy_config(config)
             handle_permissions(config)
             os.mknod('/configured')
@@ -402,7 +577,66 @@ def execute_config_strategy(config):
         raise InvalidConfig('KOLLA_CONFIG_STRATEGY is not set properly')
 
 
+def execute_command_check(config):
+    cmd = config.get('command')
+    with open("/run_command", "r") as f:
+        cmd_running = f.read()
+    if cmd != cmd_running:
+        msg = "Running command differs. " + cmd + " != " + cmd_running
+        raise ConfigFileCommandDiffers(msg)
+
+
 def execute_config_check(config):
+    """Check configuration state consistency and validate config file entries.
+
+    This function compares the current config file destinations from the
+    provided config dictionary with those stored in the defaults state file.
+    If any destinations are found in the state file but not in the config,
+    a StateMismatch exception is raised. These missing files would otherwise
+    be restored or removed depending on their backup state.
+
+    After validating consistency, the function performs standard checks on
+    each declared configuration file, including content, permissions, and
+    ownership validation.
+
+    Args:
+        config (dict): The configuration dictionary containing 'config_files'
+        entries as expected by Kolla.
+
+    Raises:
+        StateMismatch: If there are entries in the defaults state not present
+        in the provided config.
+    """
+    state = get_defaults_state()
+
+    # Build a set of all current destination paths from config.json
+    # If the destination is a directory, we append the
+    # basename of the source
+    current_dests = {
+        entry['dest'] if not entry['dest'].endswith('/') else
+        os.path.join(entry['dest'], os.path.basename(entry['source']))
+        for entry in config.get('config_files', [])
+        if entry.get('dest')
+    }
+
+    # Detect any paths that are present in the state file but
+    # missing from config.json.
+    # These would be either restored (if state[dest] has a backup)
+    # or removed (if dest is null)
+    removed_dests = [
+        path for path in state.keys()
+        if path not in current_dests
+    ]
+
+    if removed_dests:
+        raise StateMismatch(
+            f"The following config files are tracked in state but missing "
+            f"from config.json. "
+            f"They would be restored or removed: {sorted(removed_dests)}"
+        )
+
+    # Perform the regular content, permissions, and ownership
+    # checks on the declared files
     for data in config.get('config_files', []):
         config_file = ConfigFile(**data)
         config_file.check()
@@ -419,6 +653,7 @@ def main():
         config = load_config()
 
         if args.check:
+            execute_command_check(config)
             execute_config_check(config)
         else:
             execute_config_strategy(config)

docker/base/sources.list.debian

@@ -1,11 +0,0 @@
-# Default repos
-deb http://deb.debian.org/debian bookworm main
-
-# debian security updates
-deb http://deb.debian.org/debian-security bookworm-security main
-
-# debian updates
-deb http://deb.debian.org/debian bookworm-updates main
-
-# debian backports
-deb http://deb.debian.org/debian bookworm-backports main

docker/base/sources.list.ubuntu

@@ -1,17 +0,0 @@
-# For non-x86 architectures we use sources.list.ubuntu.<arch>
-
-# Default repos
-deb mirror://mirrors.ubuntu.com/mirrors.txt jammy main universe
-deb mirror://mirrors.ubuntu.com/mirrors.txt jammy-updates main universe
-deb mirror://mirrors.ubuntu.com/mirrors.txt jammy-security main universe
-
-# Backports have a lower priority and must be explicitly installed to be used
-deb http://archive.ubuntu.com/ubuntu/ jammy-backports main universe
-
-# We need to add the repo for the updated packages they provide. The main ones
-# are qemu, libvirt, and openvswitch.
-deb http://ubuntu-cloud.archive.canonical.com/ubuntu jammy-updates/caracal main
-
-# NOTE(hrw): extra repositories are added into image when they are needed as
-# separate files in /etc/apt/sources.list.d/ directory. For that purpose they
-# are defined in kolla/template/repos.yaml file.

docker/base/sources.list.ubuntu.aarch64

@@ -1,15 +0,0 @@
-# Default repos
-deb http://ports.ubuntu.com/ jammy main universe
-deb http://ports.ubuntu.com/ jammy-updates main universe
-deb http://ports.ubuntu.com/ jammy-security main universe
-
-# Backports have a lower priority and must be explicitly installed to be used
-deb http://ports.ubuntu.com/ jammy-backports main universe
-
-# We need to add the repo for the updated packages they provide. The main ones
-# are qemu, libvirt, and openvswitch.
-deb http://ubuntu-cloud.archive.canonical.com/ubuntu jammy-updates/caracal main
-
-# NOTE(hrw): extra repositories are added into image when they are needed as
-# separate files in /etc/apt/sources.list.d/ directory. For that purpose they
-# are defined in kolla/template/repos.yaml file.

docker/base/start.sh

@@ -15,6 +15,9 @@ ARGS=""
 # Install/remove custom CA certificates
 sudo kolla_copy_cacerts
 
+# Install projects that are in /dev-mode
+sudo kolla_install_projects
+
 if [[ ! "${!KOLLA_SKIP_EXTEND_START[@]}" ]]; then
     # Run additional commands if present
     . kolla_extend_start

docker/base/sudoers

@@ -20,4 +20,7 @@ root ALL=(ALL) ALL
 # Copy custom CA certificates to containers
 %kolla ALL=(root) NOPASSWD: /usr/local/bin/kolla_copy_cacerts
 
+# Install projects in dev-mode
+%kolla ALL=(root) NOPASSWD: /usr/local/bin/kolla_install_projects
+
 #includedir /etc/sudoers.d

docker/base/td.repo

@@ -1,6 +0,0 @@
-[fluent-package-lts]
-name=Fluentd Project
-baseurl=https://packages.treasuredata.com/lts/5/redhat/$releasever/$basearch
-gpgcheck=1
-gpgkey=https://packages.treasuredata.com/GPG-KEY-td-agent
-enabled=0

docker/base/ubuntu.sources

@@ -0,0 +1,24 @@
+Types: deb
+URIs: http://archive.ubuntu.com/ubuntu/
+Suites: noble noble-updates noble-backports
+Components: main universe
+Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
+
+## Ubuntu security updates. Aside from URIs and Suites,
+## this should mirror your choices in the previous section.
+Types: deb
+URIs: http://security.ubuntu.com/ubuntu/
+Suites: noble-security
+Components: main universe
+Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
+
+## Ubuntu Cloud Archive
+Types: deb
+URIs: http://ubuntu-cloud.archive.canonical.com/ubuntu
+Suites: noble-updates/flamingo
+Components: main
+Signed-By: /usr/share/keyrings/ubuntu-cloud-keyring.gpg
+
+# NOTE(hrw): extra repositories are added into image when they are needed as
+# separate files in /etc/apt/sources.list.d/ directory. For that purpose they
+# are defined in kolla/template/repos.yaml file.

docker/base/ubuntu.sources.arm64

@@ -0,0 +1,24 @@
+Types: deb
+URIs: http://ports.ubuntu.com/ubuntu-ports/
+Suites: noble noble-updates noble-backports
+Components: main universe
+Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
+
+## Ubuntu security updates. Aside from URIs and Suites,
+## this should mirror your choices in the previous section.
+Types: deb
+URIs: http://ports.ubuntu.com/ubuntu-ports/
+Suites: noble-security
+Components: main universe
+Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
+
+## Ubuntu Cloud Archive
+Types: deb
+URIs: http://ubuntu-cloud.archive.canonical.com/ubuntu
+Suites: noble-updates/flamingo
+Components: main
+Signed-By: /usr/share/keyrings/ubuntu-cloud-keyring.gpg
+
+# NOTE(hrw): extra repositories are added into image when they are needed as
+# separate files in /etc/apt/sources.list.d/ directory. For that purpose they
+# are defined in kolla/template/repos.yaml file.

docker/bifrost/bifrost-base/Dockerfile.j2

@@ -7,18 +7,28 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% import "macros.j2" as macros with context %}
 
+{% set venv_path='/var/lib/kolla/venv' %}
+
 {{ macros.configure_user(name='bifrost') }}
 
+{% set bifrost_base_packages = [
+    'cpio'
+] %}
+
+{% if base_package_type == 'rpm' %}
+
 {# NOTE(mgoddard): EPEL required for nginx #}
 {{ macros.enable_extra_repos(['epel']) }}
 
-{% set bifrost_base_packages = [
-    'cpio',
-] %}
+    {% set bifrost_base_packages = bifrost_base_packages + [
+        'python3.12',
+        'python3.12-devel'
+    ] %}
+{% endif %}
 
 {{ macros.install_packages(bifrost_base_packages | customizable("packages")) }}
 
-ENV VENV /var/lib/kolla/venv
+ENV VENV {{ venv_path }}
 
 {% set bifrost_base_pip_packages = [
     '/bifrost'
@@ -26,7 +36,12 @@ ENV VENV /var/lib/kolla/venv
 
 ADD bifrost-base-archive /bifrost-base-source
 COPY build_arg.yml /tmp/build_arg.yml
-RUN ln -s bifrost-base-source/* bifrost \
+
+RUN mkdir -p /requirements \
+    && curl -o /requirements/upper-constraints.txt ${UPPER_CONSTRAINTS_FILE:-https://releases.openstack.org/constraints/upper/{{ openstack_release }}} \
+    && python3 -m venv --system-site-packages {{ venv_path }} \
+    && ln -s bifrost-base-source/* bifrost \
+    && {{ macros.install_pip(['pip', 'wheel', 'setuptools']) }} \
     && {{ macros.install_pip(bifrost_base_pip_packages | customizable("pip_packages")) }}
 
 WORKDIR /bifrost
@@ -40,14 +55,13 @@ RUN apt-get --error-on=any update && \
 {%- else %}
 RUN echo " " && \
 {%- endif %}
-    bash -c 'export VENV=/var/lib/kolla/venv && \
-    $VENV/bin/pip install "ansible>=6,<7" && \
+    bash -c '$VENV/bin/pip install "ansible>=12,<14" && \
     $VENV/bin/ansible-galaxy collection install -r /bifrost/ansible-collections-requirements.yml && \
-    ansible-playbook -vvvv -i /bifrost/playbooks/inventory/target \
+    $VENV/bin/ansible-playbook -vvvv -i /bifrost/playbooks/inventory/target \
     /bifrost/playbooks/install.yaml \
+    -e upper_constraints_file="/requirements/upper-constraints.txt" \
     -e git_branch={{ openstack_branch_slashed }} \
     -e ipa_upstream_release={{ openstack_branch }} \
-    -e enable_inspector=true \
     -e @/tmp/build_arg.yml && \
 {%- if base_package_type == 'deb' %}
     apt-get clean && rm -rf /var/lib/apt/lists/*'
@@ -62,4 +76,6 @@ RUN chmod 750 /etc/sudoers.d \
     && chmod 440 /etc/sudoers.d/kolla_bifrost_sudoers \
     && chown -R bifrost:bifrost /bifrost
 
+{{ macros.kolla_patch_sources() }}
+
 {% block bifrost_base_footer %}{% endblock %}

docker/bifrost/bifrost-deploy/Dockerfile.j2

@@ -29,5 +29,7 @@ RUN rm -f $(find /lib/systemd/system/sysinit.target.wants/ ! -name systemd-tmpfi
 ENTRYPOINT []
 CMD [ "/sbin/init" ]
 
+{{ macros.kolla_patch_sources() }}
+
 {% block bifrost_deploy_footer %}{% endblock %}
 {% block footer %}{% endblock %}

docker/blazar/blazar-api/Dockerfile.j2

@@ -5,9 +5,13 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% block blazar_api_header %}{% endblock %}
 
+{% import "macros.j2" as macros with context %}
+
 COPY extend_start.sh /usr/local/bin/kolla_blazar_extend_start
 RUN chmod 644 /usr/local/bin/kolla_blazar_extend_start
 
+{{ macros.kolla_patch_sources() }}
+
 {% block blazar_api_footer %}{% endblock %}
 {% block footer %}{% endblock %}
 

docker/blazar/blazar-base/Dockerfile.j2

@@ -24,4 +24,6 @@ RUN ln -s blazar-base-source/* blazar \
     && touch /usr/local/bin/kolla_blazar_extend_start \
     && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_blazar_extend_start
 
+{{ macros.kolla_patch_sources() }}
+
 {% block blazar_base_footer %}{% endblock %}

docker/blazar/blazar-manager/Dockerfile.j2

@@ -5,6 +5,10 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% block blazar_manager_header %}{% endblock %}
 
+{% import "macros.j2" as macros with context %}
+
+{{ macros.kolla_patch_sources() }}
+
 {% block blazar_manager_footer %}{% endblock %}
 {% block footer %}{% endblock %}
 

docker/ceilometer/ceilometer-base/Dockerfile.j2

@@ -29,7 +29,6 @@ RUN ln -s ceilometer-base-source/* ceilometer \
     && {{ macros.install_pip(ceilometer_base_pip_packages | customizable("pip_packages")) }} \
     && mkdir -p /etc/ceilometer \
     && cp -r /ceilometer/etc/ceilometer/* /etc/ceilometer/ \
-    && cp /etc/pycadf/ceilometer_api_audit_map.conf /etc/ceilometer/ \
     && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/ceilometer/rootwrap.conf \
     && if [ "$(ls /plugins)" ]; then \
         {{ macros.install_pip(ceilometer_base_plugins_pip_packages) }}; \
@@ -39,4 +38,6 @@ RUN ln -s ceilometer-base-source/* ceilometer \
     && touch /usr/local/bin/kolla_ceilometer_extend_start \
     && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_ceilometer_extend_start
 
+{{ macros.kolla_patch_sources() }}
+
 {% block ceilometer_base_footer %}{% endblock %}

docker/ceilometer/ceilometer-central/Dockerfile.j2

@@ -7,6 +7,8 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% import "macros.j2" as macros with context %}
 
+{{ macros.kolla_patch_sources() }}
+
 {% block ceilometer_central_footer %}{% endblock %}
 {% block footer %}{% endblock %}
 

docker/ceilometer/ceilometer-compute/Dockerfile.j2

@@ -24,6 +24,8 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 RUN {{ macros.install_pip(ceilometer_compute_pip_packages | customizable("pip_packages")) }}
 
+{{ macros.kolla_patch_sources() }}
+
 {% block ceilometer_compute_footer %}{% endblock %}
 {% block footer %}{% endblock %}
 

docker/ceilometer/ceilometer-ipmi/Dockerfile.j2

@@ -19,6 +19,8 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {{ macros.install_packages(ceilometer_ipmi_packages | customizable("packages")) }}
 
+{{ macros.kolla_patch_sources() }}
+
 {% block ceilometer_ipmi_footer %}{% endblock %}
 {% block footer %}{% endblock %}
 

docker/ceilometer/ceilometer-notification/Dockerfile.j2

@@ -10,6 +10,8 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 COPY extend_start.sh /usr/local/bin/kolla_ceilometer_extend_start
 RUN chmod 644 /usr/local/bin/kolla_ceilometer_extend_start
 
+{{ macros.kolla_patch_sources() }}
+
 {% block ceilometer_notification_footer %}{% endblock %}
 {% block footer %}{% endblock %}
 

docker/cinder/cinder-api/Dockerfile.j2

@@ -14,10 +14,9 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 COPY extend_start.sh /usr/local/bin/kolla_cinder_extend_start
 
-RUN mkdir -p /var/www/cgi-bin/cinder \
-    && cp -a /var/lib/kolla/venv/bin/cinder-wsgi /var/www/cgi-bin/cinder/cinder-wsgi \
-    && chmod 644 /usr/local/bin/kolla_cinder_extend_start \
-    && chmod 755 /var/www/cgi-bin/cinder/cinder-wsgi
+RUN chmod 644 /usr/local/bin/kolla_cinder_extend_start
+
+{{ macros.kolla_patch_sources() }}
 
 {% block cinder_api_footer %}{% endblock %}
 {% block footer %}{% endblock %}

docker/cinder/cinder-backup/Dockerfile.j2

@@ -10,17 +10,23 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 {% if base_package_type == 'rpm' %}
     {% set cinder_backup_packages = [
         'device-mapper-multipath',
-        'nfs-utils'
+        'lsscsi',
+        'nfs-utils',
+        'sysfsutils'
     ] %}
 {% elif base_package_type == 'deb' %}
     {% set cinder_backup_packages = [
+        'lsscsi',
         'multipath-tools',
-        'nfs-common'
+        'nfs-common',
+        'sysfsutils'
     ] %}
 {% endif %}
 
 {{ macros.install_packages(cinder_backup_packages | customizable("packages")) }}
 
+{{ macros.kolla_patch_sources() }}
+
 {% block cinder_backup_footer %}{% endblock %}
 {% block footer %}{% endblock %}
 

docker/cinder/cinder-base/Dockerfile.j2

@@ -9,20 +9,23 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {{ macros.configure_user(name='cinder') }}
 
+{% if base_package_type == 'rpm' %}
+
 {{ macros.enable_extra_repos(['ceph', 'epel']) }}
 
-{% if base_package_type == 'rpm' %}
     {% set cinder_base_packages = [
         'ceph-common',
         'cryptsetup',
         'lvm2',
+        'nvme-cli',
         'qemu-img'
     ] %}
 {% elif base_package_type == 'deb' %}
     {% set cinder_base_packages = [
         'ceph-common',
-        'lvm2',
         'cryptsetup',
+        'lvm2',
+        'nvme-cli',
         'python3-cephfs',
         'python3-rados',
         'python3-rbd',
@@ -44,11 +47,13 @@ RUN ln -s cinder-base-source/* cinder \
     && {{ macros.install_pip(cinder_base_pip_packages | customizable("pip_packages")) }} \
     && mkdir -p /etc/cinder \
     && cp -r /cinder/etc/cinder/* /etc/cinder/ \
-    && cp /etc/pycadf/cinder_api_audit_map.conf /etc/cinder/ \
+    && cp /var/lib/kolla/venv/etc/pycadf/cinder_api_audit_map.conf /etc/cinder/ \
     && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/cinder/rootwrap.conf \
     && chmod 750 /etc/sudoers.d \
     && chmod 440 /etc/sudoers.d/kolla_cinder_sudoers \
     && touch /usr/local/bin/kolla_cinder_extend_start \
     && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_cinder_extend_start
 
+{{ macros.kolla_patch_sources() }}
+
 {% block cinder_base_footer %}{% endblock %}

docker/cinder/cinder-base/extend_start.sh

@@ -3,6 +3,9 @@
 if [[ ! -d "/var/log/kolla/cinder" ]]; then
     mkdir -p /var/log/kolla/cinder
 fi
+if [[ $(stat -c %U:%G /var/log/kolla/cinder) != "cinder:kolla" ]]; then
+    chown -R cinder:kolla /var/log/kolla/cinder
+fi
 if [[ $(stat -c %a /var/log/kolla/cinder) != "755" ]]; then
     chmod 755 /var/log/kolla/cinder
 fi

docker/cinder/cinder-scheduler/Dockerfile.j2

@@ -7,6 +7,8 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% import "macros.j2" as macros with context %}
 
+{{ macros.kolla_patch_sources() }}
+
 {% block cinder_scheduler_footer %}{% endblock %}
 {% block footer %}{% endblock %}
 

docker/cinder/cinder-volume/Dockerfile.j2

@@ -12,7 +12,6 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
         'lsscsi',
         'device-mapper-multipath',
         'nfs-utils',
-        'nvme-cli',
         'nvmetcli',
         'sysfsutils',
         'targetcli'
@@ -22,7 +21,6 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
         'lsscsi',
         'multipath-tools',
         'nfs-common',
-        'nvme-cli',
         'sysfsutils',
         'targetcli-fb',
         'thin-provisioning-tools',
@@ -52,6 +50,8 @@ RUN chmod 750 /etc/sudoers.d \
     && chmod 440 /etc/sudoers.d/kolla_cinder_volume_sudoers \
     && chmod 644 /usr/local/bin/kolla_cinder_extend_start
 
+{{ macros.kolla_patch_sources() }}
+
 {% block cinder_volume_footer %}{% endblock %}
 {% block footer %}{% endblock %}
 

docker/cloudkitty/cloudkitty-api/Dockerfile.j2

@@ -15,5 +15,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 COPY extend_start.sh /usr/local/bin/kolla_cloudkitty_extend_start
 RUN chmod 644 /usr/local/bin/kolla_cloudkitty_extend_start
 
+{{ macros.kolla_patch_sources() }}
+
 {% block cloudkitty_api_footer %}{% endblock %}
 {% block footer %}{% endblock %}

docker/cloudkitty/cloudkitty-base/Dockerfile.j2

@@ -24,4 +24,6 @@ RUN ln -s cloudkitty-base-source/* cloudkitty \
     && touch /usr/local/bin/kolla_cloudkitty_extend_start \
     && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_cloudkitty_extend_start
 
+{{ macros.kolla_patch_sources() }}
+
 {% block cloudkitty_base_footer %}{% endblock %}

docker/cloudkitty/cloudkitty-processor/Dockerfile.j2

@@ -12,6 +12,8 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {{ macros.install_packages(cloudkitty_processor_packages | customizable("packages")) }}
 
+{{ macros.kolla_patch_sources() }}
+
 {% block cloudkitty_processor_footer %}{% endblock %}
 {% block footer %}{% endblock %}
 

docker/collectd/Dockerfile.j2

@@ -9,13 +9,14 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {{ macros.configure_user(name='collectd') }}
 
-{{ macros.enable_extra_repos(['opstools']) }}
-
 {% set collectd_packages = [
     'collectd'
 ] %}
 
 {% if base_package_type == 'rpm' %}
+
+{{ macros.enable_extra_repos(['opstools']) }}
+
   {% set collectd_packages = collectd_packages + [
       'collectd-amqp',
       'collectd-amqp1',
@@ -72,6 +73,8 @@ RUN chmod 644 /usr/local/bin/kolla_extend_start \
     && chown -R collectd /var/lib/collectd \
     && chown -R collectd /var/run/
 
+{{ macros.kolla_patch_sources() }}
+
 {% block collectd_footer %}{% endblock %}
 {% block footer %}{% endblock %}
 

docker/cron/Dockerfile.j2

@@ -29,5 +29,7 @@ COPY logrotate /etc/cron.daily/logrotate
 COPY extend_start.sh /usr/local/bin/kolla_extend_start
 RUN chmod 644 /usr/local/bin/kolla_extend_start
 
+{{ macros.kolla_patch_sources() }}
+
 {% block cron_footer %}{% endblock %}
 {% block footer %}{% endblock %}

docker/cyborg/cyborg-agent/Dockerfile.j2

@@ -16,5 +16,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 RUN {{ macros.install_pip(cyborg_agent_pip_packages | customizable("pip_packages")) }}
 
+{{ macros.kolla_patch_sources() }}
+
 {% block cyborg_agent_footer %}{% endblock %}
 {% block footer %}{% endblock %}

docker/cyborg/cyborg-api/Dockerfile.j2

@@ -13,5 +13,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 COPY extend_start.sh /usr/local/bin/kolla_cyborg_extend_start
 RUN chmod 644 /usr/local/bin/kolla_cyborg_extend_start
 
+{{ macros.kolla_patch_sources() }}
+
 {% block cyborg_api_footer %}{% endblock %}
 {% block footer %}{% endblock %}

docker/cyborg/cyborg-base/Dockerfile.j2

@@ -26,4 +26,6 @@ RUN ln -s cyborg-base-source/* cyborg \
     && touch /usr/local/bin/kolla_cyborg_extend_start \
     && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_cyborg_extend_start
 
+{{ macros.kolla_patch_sources() }}
+
 {% block cyborg_footer %}{% endblock %}

docker/cyborg/cyborg-conductor/Dockerfile.j2

@@ -5,5 +5,9 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% block cyborg_conductor_header %}{% endblock %}
 
+{% import "macros.j2" as macros with context %}
+
+{{ macros.kolla_patch_sources() }}
+
 {% block cyborg_conductor_footer %}{% endblock %}
 {% block footer %}{% endblock %}

docker/designate/designate-api/Dockerfile.j2

@@ -7,6 +7,8 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% import "macros.j2" as macros with context %}
 
+{{ macros.kolla_patch_sources() }}
+
 {% block designate_api_footer %}{% endblock %}
 {% block footer %}{% endblock %}
 

docker/designate/designate-backend-bind9/Dockerfile.j2

@@ -25,5 +25,7 @@ RUN mkdir -p /var/lib/kolla/ /var/lib/{{ designate_backend_bind_name }}/ /run/{{
      && chown -R root: /var/lib/{{ designate_backend_bind_name }} /run/{{ designate_backend_bind_name }} \
      && chmod 755 /run/{{ designate_backend_bind_name }}
 
+{{ macros.kolla_patch_sources() }}
+
 {% block designate_backend_bind9_footer %}{% endblock %}
 {% block footer %}{% endblock %}

docker/designate/designate-base/Dockerfile.j2

@@ -22,11 +22,12 @@ RUN ln -s designate-base-source/* designate \
     && {{ macros.install_pip(designate_base_pip_packages | customizable("pip_packages")) }} \
     && mkdir -p /etc/designate \
     && cp -r /designate/etc/designate/* /etc/designate/ \
-    && mv /etc/designate/rootwrap.conf.sample /etc/designate/rootwrap.conf \
     && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/designate/rootwrap.conf \
     && chmod 750 /etc/sudoers.d \
     && chmod 640 /etc/sudoers.d/kolla_designate_sudoers \
     && touch /usr/local/bin/kolla_designate_extend_start \
     && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_designate_extend_start
 
+{{ macros.kolla_patch_sources() }}
+
 {% block designate_base_footer %}{% endblock %}

docker/designate/designate-central/Dockerfile.j2

@@ -10,6 +10,8 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 COPY extend_start.sh /usr/local/bin/kolla_designate_extend_start
 RUN chmod 644 /usr/local/bin/kolla_designate_extend_start
 
+{{ macros.kolla_patch_sources() }}
+
 {% block designate_central_footer %}{% endblock %}
 {% block footer %}{% endblock %}
 

docker/designate/designate-mdns/Dockerfile.j2

@@ -7,6 +7,8 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% import "macros.j2" as macros with context %}
 
+{{ macros.kolla_patch_sources() }}
+
 {% block designate_mdns_footer %}{% endblock %}
 {% block footer %}{% endblock %}
 

docker/designate/designate-producer/Dockerfile.j2

@@ -7,6 +7,8 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% import "macros.j2" as macros with context %}
 
+{{ macros.kolla_patch_sources() }}
+
 {% block designate_producer_footer %}{% endblock %}
 {% block footer %}{% endblock %}
 

docker/designate/designate-sink/Dockerfile.j2

@@ -7,6 +7,8 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% import "macros.j2" as macros with context %}
 
+{{ macros.kolla_patch_sources() }}
+
 {% block designate_sink_footer %}{% endblock %}
 {% block footer %}{% endblock %}
 

docker/designate/designate-worker/Dockerfile.j2

@@ -19,6 +19,8 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 {% endif %}
 {{ macros.install_packages(designate_worker_packages | customizable("packages")) }}
 
+{{ macros.kolla_patch_sources() }}
+
 {% block designate_worker_footer %}{% endblock %}
 {% block footer %}{% endblock %}
 

docker/dnsmasq/Dockerfile.j2

@@ -10,5 +10,10 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 {% set dnsmasq_packages = ['dnsmasq'] %}
 {{ macros.install_packages(dnsmasq_packages| customizable("packages")) }}
 
+{{ macros.kolla_patch_sources() }}
+
+COPY extend_start.sh /usr/local/bin/kolla_extend_start
+RUN chmod 644 /usr/local/bin/kolla_extend_start
+
 {% block dnsmasq_footer %}{% endblock %}
 {% block footer %}{% endblock %}

docker/dnsmasq/extend_start.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+
+DNSMASQ_PIDFILE=${DNSMASQ_PIDFILE:-/run/ironic/dnsmasq.pid}
+DNSMASQ_PIDFILE_DIR="$(dirname $DNSMASQ_PIDFILE)"
+
+if [[ ! -d "/var/log/kolla/ironic" ]]; then
+    mkdir -p /var/log/kolla/ironic
+fi
+if [[ $(stat -c %a /var/log/kolla/ironic) != "755" ]]; then
+    chmod 755 /var/log/kolla/ironic
+fi
+if [[ ! -r "/var/log/kolla/ironic/dnsmasq.log" ]]; then
+    touch /var/log/kolla/ironic/dnsmasq.log
+    chown ironic:ironic /var/log/kolla/ironic/dnsmasq.log
+fi
+
+if [[ ! -d "$DNSMASQ_PIDFILE_DIR" ]]; then
+    mkdir -p "$DNSMASQ_PIDFILE_DIR"
+fi
+
+# NOTE(wszumski): This writes the PID of dnsmasq out to a file. The PIDFILE can be used in
+# another container to send a signal to dnsmasq to reload its config (providing that the two
+# containers share a PID namespace). The concrete use case is for the Ironic PXE filter to
+# clean up stale host entries on startup as documented in:
+#
+# https://docs.openstack.org/ironic/latest/admin/inspection/pxe_filter.html
+#
+# We cannot use the pid-file option in dnsmasq, since it will only write the PIDFILE if you
+# run dnsmasq in its non-forking mode i.e you do use the --no-daemon or --keep-in-foreground
+# options.
+echo $$ > "$DNSMASQ_PIDFILE"

docker/etcd/Dockerfile.j2

@@ -23,6 +23,8 @@ RUN chmod 644 /usr/local/bin/kolla_extend_start \
     && chmod 750 /etc/sudoers.d \
     && chmod 440 /etc/sudoers.d/kolla_etcd_sudoers
 
+{{ macros.kolla_patch_sources() }}
+
 {% block etcd_footer %}{% endblock %}
 {% block footer %}{% endblock %}
 

docker/fluentd/Dockerfile.j2

@@ -54,6 +54,8 @@ COPY extend_start.sh /usr/local/bin/kolla_extend_start
 
 {% endblock %}
 
+{{ macros.kolla_patch_sources() }}
+
 {% block fluentd_footer %}{% endblock %}
 {% block footer %}{% endblock %}
 

docker/glance/glance-api/Dockerfile.j2

@@ -9,11 +9,13 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% if base_package_type == 'rpm' %}
     {% set glance_api_packages = [
+        'lsscsi',
         'device-mapper-multipath',
         'qemu-img'
     ] %}
 {% elif base_package_type == 'deb' %}
     {% set glance_api_packages = [
+        'lsscsi',
         'multipath-tools',
         'nfs-common',
         'qemu-utils'
@@ -25,6 +27,8 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 COPY extend_start.sh /usr/local/bin/kolla_glance_extend_start
 RUN chmod 644 /usr/local/bin/kolla_glance_extend_start
 
+{{ macros.kolla_patch_sources() }}
+
 {% block glance_api_footer %}{% endblock %}
 {% block footer %}{% endblock %}
 

docker/glance/glance-base/Dockerfile.j2

@@ -9,9 +9,10 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {{ macros.configure_user(name='glance') }}
 
-{{ macros.enable_extra_repos(['ceph']) }}
-
 {% if base_package_type == 'rpm' %}
+
+{{ macros.enable_extra_repos(['ceph', 'epel']) }}
+
     {% set glance_base_packages = [
         'python3-rados',
         'python3-rbd'
@@ -41,11 +42,13 @@ RUN ln -s glance-base-source/* glance \
     && {{ macros.install_pip(glance_base_pip_packages | customizable("pip_packages")) }} \
     && mkdir -p /etc/glance \
     && cp -r /glance/etc/* /etc/glance/ \
-    && cp /etc/pycadf/glance_api_audit_map.conf /etc/glance/ \
+    && cp /var/lib/kolla/venv/etc/pycadf/glance_api_audit_map.conf /etc/glance/ \
     && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/glance/rootwrap.conf \
     && chmod 750 /etc/sudoers.d \
     && chmod 440 /etc/sudoers.d/kolla_glance_sudoers \
     && touch /usr/local/bin/kolla_glance_extend_start \
     && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_glance_extend_start
 
+{{ macros.kolla_patch_sources() }}
+
 {% block glance_base_footer %}{% endblock %}

docker/gnocchi/gnocchi-api/Dockerfile.j2

@@ -10,5 +10,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 COPY extend_start.sh /usr/local/bin/kolla_gnocchi_extend_start
 RUN chmod 644 /usr/local/bin/kolla_gnocchi_extend_start
 
+{{ macros.kolla_patch_sources() }}
+
 {% block gnocchi_api_footer %}{% endblock %}
 {% block footer %}{% endblock %}

docker/gnocchi/gnocchi-base/Dockerfile.j2

@@ -9,10 +9,10 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {{ macros.configure_user(name='gnocchi') }}
 
-{{ macros.enable_extra_repos(['ceph']) }}
-
 {% if base_package_type == 'rpm' %}
 
+{{ macros.enable_extra_repos(['ceph', 'epel']) }}
+
     {% set gnocchi_base_packages = [
         'librados2-devel',
         'python3-rados',
@@ -46,10 +46,12 @@ RUN {{ macros.upper_constraints_version_change("Werkzeug", "3.0.1", "2.2.3") }}
 RUN ln -s gnocchi-base-source/* gnocchi \
     && {{ macros.install_pip(gnocchi_base_pip_packages | customizable("pip_packages")) }} \
     && mkdir -p /etc/gnocchi \
-    && cp /etc/pycadf/gnocchi_api_audit_map.conf /etc/gnocchi/ \
+    && cp /var/lib/kolla/venv/etc/pycadf/gnocchi_api_audit_map.conf /etc/gnocchi/ \
     && chmod 750 /etc/sudoers.d \
     && chmod 640 /etc/sudoers.d/kolla_gnocchi_sudoers \
     && touch /usr/local/bin/kolla_gnocchi_extend_start \
     && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_gnocchi_extend_start
 
+{{ macros.kolla_patch_sources() }}
+
 {% block gnocchi_base_footer %}{% endblock %}

docker/gnocchi/gnocchi-metricd/Dockerfile.j2

@@ -7,6 +7,8 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% import "macros.j2" as macros with context %}
 
+{{ macros.kolla_patch_sources() }}
+
 {% block gnocchi_metricd_footer %}{% endblock %}
 {% block footer %}{% endblock %}
 

docker/gnocchi/gnocchi-statsd/Dockerfile.j2

@@ -7,6 +7,8 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% import "macros.j2" as macros with context %}
 
+{{ macros.kolla_patch_sources() }}
+
 {% block gnocchi_statsd_footer %}{% endblock %}
 {% block footer %}{% endblock %}