Merge "bifrost/kolla-toolbox: Bump ansible-core to 2.20"

Set inject_facts_as_vars to False to match what we do in
Kolla-Ansible (and this option will default to False in 2.24)

Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/972696

Change-Id: Iae2b70ca62fd68400bde9296edcda8e53f14a896
Signed-off-by: Michal Nasiadka <mnasiadka@gmail.com>

.ansible-lint

@@ -0,0 +1,13 @@
+---
+exclude_paths:
+  - .cache/  # implicit unless exclude_paths is defined in config
+  - zuul.d/
+  - kolla/template/repos.yaml
+offline: true
+parseable: true
+profile: basic
+skip_list:
+  - package-latest
+  - role-name
+strict: true
+use_default_rules: true

.codespell-ignore

@@ -0,0 +1 @@
+solum

.coveragerc

@@ -0,0 +1,2 @@
+[run]
+omit = kolla/tests/*

.yamllint

@@ -1,10 +0,0 @@
----
-extends: default
-ignore: |
-  .tox/
-
-rules:
-  line-length: disable
-  truthy: disable
-  braces:
-    max-spaces-inside: 1

.zuul.d/base.yaml

@@ -1,123 +0,0 @@
----
-- secret:
-    name: kolla_dockerhub_creds
-    data:
-      password: !encrypted/pkcs1-oaep
-        - QLe52Ymma5HJg3K2kgeSEMp7TwarkH8AbEiwcnDTqZ276BUF9wrt+5gPJRfVU1BYty2lq
-          CCzhawJJ09TV0WU2SEUKlicWoXQ/hcbYWNlOHVL6/gm9UxZP/GC8d1eyQfbCS7UUHfiHF
-          BP5Vbrn5vmK6DHhaVc9cEdXpcrA9cghLINpH6EeLE6ujD9gH5Apol30Qvj0IcpildWCYC
-          1rJqc8e/6BwOcLiPhli+A/bbpWxUzJgnFqogEiHLPvUTRyHDA8aCLv9Q6uryzaA0pzt7I
-          VY4JcNeM3J43QSTa6G7FxCGDiNOhEDvS31EyoxGZCdDAsN3Yh2nWPCfqr2X8vDk1Sbou7
-          ouiU+fKV+sv0f2+2fWNh+bLUOcOpp2gKvFKxpIxt7j5Zm6KBpHRxZelp4wVEPyEyecDN1
-          /fV7H4Z4QzH+Lah1F3H19IPvz1FPPaEFdrK5HWsbxa1aS9AY2hn+Th9TPJQSn/jxQvn8D
-          IT1GtO+Lr1SNUzrJJXzAdLmnyD9iVFOujzGsVfEbFpMlSetoBTNJl0MxrsYp6cJOqMRSS
-          sQZ56jPLxjCBTXoof2E81wbatOXWTLBpBzI5mtTfbcJnWfO93ZB9z2or6PMkWmTtYVji8
-          J1xFe2GTCHuPYjrETCPj5k0eCT3DS0PJ71N2mvRnPv5mKJKjhKBokhWscpuq1k=
-      user: !encrypted/pkcs1-oaep
-        - oRkTqW+FpsUy89wPVYJYk0ZU92yt5C6BKJr7ixVZo9ybcXfYwKDeZCoOeugYNkewJo1hV
-          ksCtqbqMc4v2r1cblJK003XCWkXroU5Vx5h/rzFjhxtDK59xUIYS8GzG2OThduqabzyKz
-          xm883COjULKPMEL8Q8OxmOvOJ4FcdJnToRWJO9lBQJKLaKleKCor6aadslkSACkDXIcC3
-          INIn0t02MZCL96VSBI9RtXaQ5VeyZDzv5QBIquouKYP8/j/yNUb4ilNXJKCJa8kYgo8O8
-          sEDtzITJuHorIYxTUc1syzAs9v1BlJF7SUqxTvR2YMFMlV6VADa7r8X4iyyWPmFL5O9c7
-          aN9JZhLNGgFLLAK4FISyOsNLZQS/JRjjGT5h9rsslZJsbco4q/Wwj51ezb78NJFhNY7lM
-          IpjKWByqSjg2k+1rEXpo6msgZskwYIHPi3xH3njP76127o3adeZQCT72LSnc4LIV6en/G
-          tIDqK72tkJpuwiA6u6ti764xXmIhl8Njfhn49cm6Fex9F8YieqPOj3t9mxMzdEZ7gd4Go
-          Oz6nUZlML6sEyT0vilbDpo1RRweinE5J8mU+8joxeDpCHXBUYekFmgXDlpg58XmSp96fM
-          C/rWcxTKlGJjjlVFZfhRHHy6gWBYH/SoozkbpkWbk0g43SLSxAuITy7nqLggOU=
-
-- secret:
-    name: kolla_quay_io_creds
-    data:
-      username: !encrypted/pkcs1-oaep
-        - VsvMvV5wOUfl5B2HJboWfN8mta/Tuk7PXcJf5RfKk4uXP6qYGM4dcMB9EdoJNhMCi7FeA
-          NrTZaxf/AjLAkgKlRhz7sPKhmR95+jrFRgEzedpcCamdPkCa+wNQEMNMd0rTwioYUEWm4
-          Y+Oa2mIswy5LcUViz38MPQhf0725U5sYtH2qkuhMbU8u8vzYhSk749xtAN6I1T8ziTKKB
-          3FBowFc2rSRJUQPsLLZjTxBHbrk+00p/DPoHLOz9/9Jf5U//jkqx4ziE2w1a4+x/kWlYT
-          BPXuRL9wWN9ci2uKuoDRRd6QHJzPIJerKG07YU4PAcS3M245rbjjUQC3n3SQJs3u4kKI8
-          rZrxfbmtbfjkzRQXnhnhPk47PebpjnpEUNw6+scnQ+ELdQ0QYGsVRM4x4/ywe5CeFYVDR
-          whQQ1iG21FOs3iv592I7P7l4cEKqKFyx9qiV4t2fyLrHgtU+L/05iENH9igGJ0tDCQ5zT
-          2F2laUWGtzUh76txuFDjpBxR3qS62g825dZXaTegkA+v6c1az23lrYTqbTRf63cuAQyYX
-          APPRC5QU0URXBoIbWb0ry3O5lr/uudI1ZCLN8SSJhpmZAIlviOfaxrKu9fg2YY9e0xpz9
-          CMEWQ/n1EsUyL34Wv189Rvpq4M4GTvozEKsRsjY3u0ygwEUXcH2lEXGOrs+hms=
-      password: !encrypted/pkcs1-oaep
-        - dR2beX9Bn7O8iCqNHtWo1FWX71vy+CwffDk5rafUh5yew2OVNcVtVjVOPvHwb5zZv1LCd
-          MVcgIJe513dM5tQkn2H/HvN/seVu/CfHA6lg6Tj+ueW9VdUH6KiBPr+NCgQWX+Xt3sXbt
-          sPzfNGpvTw1ZCUp0nnudZEKPZ2jn83baNMumW8E8xPb4s2kePzINsb8sGvqy6BOk5rUIo
-          7DaEwWrNnq9TTnMcWGIF+fLP5Pin7+fmvnLkT6qRN4v5FszpHYm8YCpv02nzqI1/F9HeM
-          P3GtkUdIPxa1+3VwZ/DSA9BWi4VG15jDtaxeZFVGQuMqQAiCx8Jqvd+xX2qugAq1m+U7W
-          JobDbaeTYrUmJ1zUaspPZ16RTSf9UGCTaejoSVKM9lJHv6ixtsX7UWkgFvceVrlkt7TtH
-          2mqhBnXvwB6VD5d311WRUfNXz7gb60otisB5G2k/UnRnv1Mu33TPVT7XOFDpVnAvRS3lt
-          haJ34N7AWnDIsllvzcmVWTw3wf/6LLfOQrW2Z+vNambyR4Oc+LVUTbEvZVIU65LpOTIn3
-          LfDhCLDD3VtnVOrj4UxZsjzmPbday1fziua/7f+CXsShC5erz0ZM65rMCwkjWeI6Kc63A
-          0M27tl+OWHO3KkfFR4tWc3dws3r1kYjQeds0adBHyYD0eL8SJfwZkbtojAQ1JM=
-
-- nodeset:
-    name: kolla-centos8-stream
-    nodes:
-      - name: primary
-        label: centos-8-stream
-
-- nodeset:
-    name: kolla-ubuntu-focal
-    nodes:
-      - name: primary
-        label: ubuntu-focal
-
-- nodeset:
-    name: kolla-debian-bullseye
-    nodes:
-      - name: primary
-        label: debian-bullseye
-
-- nodeset:
-    name: kolla-centos8-stream-aarch64
-    nodes:
-      - name: primary
-        label: centos-8-stream-arm64
-
-- nodeset:
-    name: kolla-debian-bullseye-aarch64
-    nodes:
-      - name: primary
-        label: debian-bullseye-arm64
-
-- nodeset:
-    name: kolla-ubuntu-focal-aarch64
-    nodes:
-      - name: primary
-        label: ubuntu-focal-arm64
-
-- job:
-    name: kolla-base
-    parent: base
-    timeout: 10800
-    post-timeout: 10800
-    pre-run: tests/playbooks/pre.yml
-    run: tests/playbooks/run.yml
-    post-run: tests/playbooks/post.yml
-    attempts: 5
-    irrelevant-files:
-      - ^.*\.rst$
-      - ^doc/.*
-      - ^etc/.*
-      - ^releasenotes/.*$
-      - ^specs/.*$
-      - ^test-requirements.txt$
-      - ^\.zuul\.d/
-      - ^\..+
-      - ^contrib/
-      - ^LICENSE$
-      - ^tox\.ini$
-    vars:
-      publisher: false
-    extra-vars:
-      kolla_logs_dir: "{{ zuul_output_dir }}/logs/kolla"
-      kolla_build_logs_dir: "{{ kolla_logs_dir }}/build"
-      kolla_work_dir: "{{ kolla_logs_dir }}"
-      virtualenv_path: "/tmp/kolla-virtualenv"
-
-- job:
-    name: kolla-build-no-infra-wheels-base
-    parent: kolla-base
-    vars:
-      use_infra_wheels_mirror: false

.zuul.d/centos.yaml

@@ -1,131 +0,0 @@
----
-- project:
-    check:
-      jobs:
-        - kolla-build-centos8s-binary
-        - kolla-build-centos8s-source
-        - kolla-ansible-centos8s-source
-        - kolla-ansible-centos8s-binary
-        - kolla-ansible-centos8s-source-upgrade
-    check-arm64:
-      jobs:
-        - kolla-build-centos8s-source-aarch64
-    gate:
-      queue: kolla
-      jobs:
-        - kolla-build-centos8s-source
-        - kolla-ansible-centos8s-source
-        - kolla-ansible-centos8s-source-upgrade
-    periodic:
-      jobs:
-        - kolla-publish-centos8s-source-quay
-        - kolla-publish-centos8s-binary-quay
-    periodic-weekly:
-      jobs:
-        - kolla-publish-centos8s-source-dockerhub
-        - kolla-publish-centos8s-binary-dockerhub
-    experimental:
-      jobs:
-        - kolla-build-no-infra-wheels-centos8s-source
-        - kolla-ansible-centos8s-source-bifrost:
-            files: ^docker\/(base|bifrost|openstack-base)\/.*
-        # Test rabbitmq & mariadb changes in multinode ceph jobs.
-        - kolla-ansible-centos8s-source-cephadm:
-            files: ^docker\/(base|cinder|glance|mariadb|openstack-base|rabbitmq)\/.*
-        - kolla-ansible-centos8s-source-upgrade-cephadm:
-            files: ^docker\/(base|cinder|glance|mariadb|openstack-base|rabbitmq)\/.*
-        - kolla-ansible-centos8s-source-zun:
-            files: ^docker\/(base|cinder|etcd|iscsid|kuryr|openstack-base|zun)\/.*
-        - kolla-ansible-centos8s-source-scenario-nfv:
-            files: ^docker\/(base|barbican|heat|mistral|openstack-base|redis|tacker)\/.*
-        - kolla-ansible-centos8s-source-ironic:
-            files: ^docker\/(base|dnsmasq|ironic|ironic-inspector|iscsid|openstack-base)\/.*
-        - kolla-ansible-centos8s-source-swift:
-            files: ^docker/(base|openstack-base|glance|swift)/
-        - kolla-ansible-centos8s-source-mariadb:
-            files: ^docker/(base|mariadb)/
-        - kolla-ansible-centos8s-source-masakari:
-            files: ^docker/(base|masakari)/
-        - kolla-ansible-centos8s-source-octavia:
-            files: ^docker/(base|neutron|octavia|openstack-base|openvswitch|ovn)/
-        - kolla-ansible-centos8s-source-ovn:
-            files: ^docker/(base|neutron|openstack-base|openvswitch|ovn)/
-        - kolla-ansible-centos8s-source-prometheus-efk:
-            files: ^docker/(base|elasticsearch|fluentd|grafana|kibana|prometheus)/
-        - kolla-ansible-centos8s-source-kvm:
-            files: ^docker/nova/
-
-- job:
-    name: kolla-build-centos8s-binary
-    parent: kolla-base
-    nodeset: kolla-centos8-stream
-    voting: false
-    vars:
-      base_distro: centos
-      install_type: binary
-
-- job:
-    name: kolla-publish-centos8s-binary-dockerhub
-    parent: kolla-build-centos8s-binary
-    post-run: tests/playbooks/publish.yml
-    vars:
-      publisher: true
-      kolla_registry: dockerhub
-      kolla_namespace: kolla
-    secrets:
-      - kolla_dockerhub_creds
-
-- job:
-    name: kolla-publish-centos8s-binary-quay
-    parent: kolla-build-centos8s-binary
-    post-run: tests/playbooks/publish.yml
-    vars:
-      publisher: true
-      kolla_registry: quay.io
-      kolla_namespace: openstack.kolla
-    secrets:
-      - kolla_quay_io_creds
-
-- job:
-    name: kolla-build-centos8s-source
-    parent: kolla-base
-    nodeset: kolla-centos8-stream
-    vars:
-      base_distro: centos
-      install_type: source
-
-- job:
-    name: kolla-build-centos8s-source-aarch64
-    parent: kolla-build-centos8s-source
-    nodeset: kolla-centos8-stream-aarch64
-    voting: false
-
-- job:
-    name: kolla-publish-centos8s-source-dockerhub
-    parent: kolla-build-centos8s-source
-    post-run: tests/playbooks/publish.yml
-    vars:
-      publisher: true
-      kolla_registry: dockerhub
-      kolla_namespace: kolla
-    secrets:
-      - kolla_dockerhub_creds
-
-- job:
-    name: kolla-publish-centos8s-source-quay
-    parent: kolla-build-centos8s-source
-    post-run: tests/playbooks/publish.yml
-    vars:
-      publisher: true
-      kolla_registry: quay.io
-      kolla_namespace: openstack.kolla
-    secrets:
-      - kolla_quay_io_creds
-
-- job:
-    name: kolla-build-no-infra-wheels-centos8s-source
-    parent: kolla-build-no-infra-wheels-base
-    nodeset: kolla-centos8-stream
-    vars:
-      base_distro: centos
-      install_type: source

.zuul.d/debian.yaml

@@ -1,127 +0,0 @@
----
-- project:
-    check:
-      jobs:
-        - kolla-build-debian-source
-        - kolla-build-debian-binary
-        - kolla-ansible-debian-source
-        - kolla-ansible-debian-source-upgrade
-    check-arm64:
-      jobs:
-        - kolla-build-debian-source-aarch64
-        - kolla-ansible-debian-source-aarch64
-    gate:
-      queue: kolla
-      jobs:
-        - kolla-build-debian-source
-        - kolla-ansible-debian-source
-        - kolla-ansible-debian-source-upgrade
-    periodic:
-      jobs:
-        - kolla-publish-debian-source-quay
-        - kolla-publish-debian-source-aarch64-quay
-    periodic-weekly:
-      jobs:
-        - kolla-publish-debian-source-dockerhub
-        - kolla-publish-debian-source-aarch64-dockerhub
-    experimental:
-      jobs:
-        - kolla-build-no-infra-wheels-debian-source
-        - kolla-ansible-debian-source-ironic:
-            files: ^docker\/(base|dnsmasq|ironic|ironic-inspector|iscsid|openstack-base)\/.*
-
-- job:
-    name: kolla-build-debian-source
-    parent: kolla-base
-    nodeset: kolla-debian-bullseye
-    vars:
-      base_distro: debian
-      install_type: source
-
-- job:
-    name: kolla-build-debian-source-aarch64
-    parent: kolla-build-debian-source
-    nodeset: kolla-debian-bullseye-aarch64
-
-- job:
-    name: kolla-build-debian-binary
-    parent: kolla-base
-    nodeset: kolla-debian-bullseye
-    voting: false
-    vars:
-      base_distro: debian
-      install_type: binary
-
-- job:
-    name: kolla-publish-debian-binary-dockerhub
-    parent: kolla-build-debian-binary
-    post-run: tests/playbooks/publish.yml
-    vars:
-      publisher: true
-      kolla_registry: dockerhub
-      kolla_namespace: kolla
-    secrets:
-      - kolla_dockerhub_creds
-
-- job:
-    name: kolla-publish-debian-binary-quay
-    parent: kolla-build-debian-binary
-    post-run: tests/playbooks/publish.yml
-    vars:
-      publisher: true
-      kolla_registry: quay.io
-      kolla_namespace: openstack.kolla
-    secrets:
-      - kolla_quay_io_creds
-
-- job:
-    name: kolla-publish-debian-source-dockerhub
-    parent: kolla-build-debian-source
-    post-run: tests/playbooks/publish.yml
-    vars:
-      publisher: true
-      kolla_registry: dockerhub
-      kolla_namespace: kolla
-    secrets:
-      - kolla_dockerhub_creds
-
-- job:
-    name: kolla-publish-debian-source-quay
-    parent: kolla-build-debian-source
-    post-run: tests/playbooks/publish.yml
-    vars:
-      publisher: true
-      kolla_registry: quay.io
-      kolla_namespace: openstack.kolla
-    secrets:
-      - kolla_quay_io_creds
-
-- job:
-    name: kolla-publish-debian-source-aarch64-dockerhub
-    parent: kolla-build-debian-source-aarch64
-    post-run: tests/playbooks/publish.yml
-    vars:
-      publisher: true
-      kolla_registry: dockerhub
-      kolla_namespace: kolla
-    secrets:
-      - kolla_dockerhub_creds
-
-- job:
-    name: kolla-publish-debian-source-aarch64-quay
-    parent: kolla-build-debian-source-aarch64
-    post-run: tests/playbooks/publish.yml
-    vars:
-      publisher: true
-      kolla_registry: quay.io
-      kolla_namespace: openstack.kolla
-    secrets:
-      - kolla_quay_io_creds
-
-- job:
-    name: kolla-build-no-infra-wheels-debian-source
-    parent: kolla-build-no-infra-wheels-base
-    nodeset: kolla-debian-bullseye
-    vars:
-      base_distro: debian
-      install_type: source

.zuul.d/project.yaml

@@ -1,9 +0,0 @@
----
-- project:
-    templates:
-      - openstack-python3-yoga-jobs
-      - openstack-python3-yoga-jobs-arm64
-      - check-requirements
-      - publish-openstack-docs-pti
-      - release-notes-jobs-python3
-      - periodic-stable-jobs

.zuul.d/ubuntu.yaml

@@ -1,129 +0,0 @@
----
-- project:
-    check:
-      jobs:
-        - kolla-build-ubuntu-binary
-        - kolla-build-ubuntu-source
-        - kolla-ansible-ubuntu-source
-        - kolla-ansible-ubuntu-binary
-        - kolla-ansible-ubuntu-source-upgrade
-    check-arm64:
-      jobs:
-        - kolla-build-ubuntu-source-aarch64
-    gate:
-      queue: kolla
-      jobs:
-        - kolla-build-ubuntu-source
-        - kolla-ansible-ubuntu-source
-        - kolla-ansible-ubuntu-source-upgrade
-    periodic:
-      jobs:
-        - kolla-publish-ubuntu-source-quay
-        - kolla-publish-ubuntu-binary-quay
-    periodic-weekly:
-      jobs:
-        - kolla-publish-ubuntu-source-dockerhub
-        - kolla-publish-ubuntu-binary-dockerhub
-    experimental:
-      jobs:
-        - kolla-build-no-infra-wheels-ubuntu-source
-        # Test rabbitmq and mariadb in multinode ceph jobs.
-        - kolla-ansible-ubuntu-source-cephadm:
-            files: ^docker\/(base|cinder|glance|mariadb|openstack-base|rabbitmq)\/.*
-        - kolla-ansible-ubuntu-source-upgrade-cephadm:
-            files: ^docker\/(base|cinder|glance|mariadb|openstack-base|rabbitmq)\/.*
-        - kolla-ansible-ubuntu-source-zun:
-            files: ^docker\/(base|cinder|etcd|iscsid|kuryr|openstack-base|zun)\/.*
-        - kolla-ansible-ubuntu-source-ironic:
-            files: ^docker\/(base|dnsmasq|ironic|ironic-inspector|iscsid|openstack-base)\/.*
-        - kolla-ansible-ubuntu-source-swift:
-            files: ^docker/(base|openstack-base|glance|swift)/
-        - kolla-ansible-ubuntu-source-mariadb:
-            files: ^docker/(base|mariadb)/
-        - kolla-ansible-ubuntu-source-masakari:
-            files: ^docker/(base|masakari|openstack-base)/
-        - kolla-ansible-ubuntu-source-linuxbridge:
-            files: ^docker/(base|neutron|openstack-base)/
-        - kolla-ansible-ubuntu-source-octavia:
-            files: ^docker/(base|neutron|octavia|openstack-base|openvswitch|ovn)/
-        - kolla-ansible-ubuntu-source-ovn:
-            files: ^docker/(base|neutron|openstack-base|openvswitch|ovn)/
-        - kolla-ansible-ubuntu-source-prometheus-efk:
-            files: ^docker/(base|elasticsearch|fluentd|grafana|kibana|prometheus)/
-        - kolla-ansible-ubuntu-source-kvm:
-            files: ^docker/nova/
-
-- job:
-    name: kolla-build-ubuntu-binary
-    parent: kolla-base
-    nodeset: kolla-ubuntu-focal
-    voting: false
-    vars:
-      base_distro: ubuntu
-      install_type: binary
-
-- job:
-    name: kolla-publish-ubuntu-binary-dockerhub
-    parent: kolla-build-ubuntu-binary
-    post-run: tests/playbooks/publish.yml
-    vars:
-      publisher: true
-      kolla_registry: dockerhub
-      kolla_namespace: kolla
-    secrets:
-      - kolla_dockerhub_creds
-
-- job:
-    name: kolla-publish-ubuntu-binary-quay
-    parent: kolla-build-ubuntu-binary
-    post-run: tests/playbooks/publish.yml
-    vars:
-      publisher: true
-      kolla_registry: quay.io
-      kolla_namespace: openstack.kolla
-    secrets:
-      - kolla_quay_io_creds
-
-- job:
-    name: kolla-build-ubuntu-source
-    parent: kolla-base
-    nodeset: kolla-ubuntu-focal
-    vars:
-      base_distro: ubuntu
-      install_type: source
-
-- job:
-    name: kolla-build-ubuntu-source-aarch64
-    parent: kolla-build-ubuntu-source
-    nodeset: kolla-ubuntu-focal-aarch64
-    voting: false
-
-- job:
-    name: kolla-publish-ubuntu-source-dockerhub
-    parent: kolla-build-ubuntu-source
-    post-run: tests/playbooks/publish.yml
-    vars:
-      publisher: true
-      kolla_registry: dockerhub
-      kolla_namespace: kolla
-    secrets:
-      - kolla_dockerhub_creds
-
-- job:
-    name: kolla-publish-ubuntu-source-quay
-    parent: kolla-build-ubuntu-source
-    post-run: tests/playbooks/publish.yml
-    vars:
-      publisher: true
-      kolla_registry: quay.io
-      kolla_namespace: openstack.kolla
-    secrets:
-      - kolla_quay_io_creds
-
-- job:
-    name: kolla-build-no-infra-wheels-ubuntu-source
-    parent: kolla-build-no-infra-wheels-base
-    nodeset: kolla-ubuntu-focal
-    vars:
-      base_distro: ubuntu
-      install_type: source

README.rst

@@ -77,7 +77,6 @@ Kolla provides images to deploy the following OpenStack projects:
 - `CloudKitty <https://docs.openstack.org/cloudkitty/latest/>`__
 - `Cyborg <https://docs.openstack.org/cyborg/latest/>`__
 - `Designate <https://docs.openstack.org/designate/latest/>`__
-- `Freezer <https://docs.openstack.org/freezer/latest/>`__
 - `Glance <https://docs.openstack.org/glance/latest/>`__
 - `Heat <https://docs.openstack.org/heat/latest/>`__
 - `Horizon <https://docs.openstack.org/horizon/latest/>`__
@@ -89,17 +88,12 @@ Kolla provides images to deploy the following OpenStack projects:
 - `Masakari <https://docs.openstack.org/masakari/latest/>`__
 - `Mistral <https://docs.openstack.org/mistral/latest/>`__
 - `Monasca <https://docs.openstack.org/monasca-api/latest/>`__
-- `Murano <https://docs.openstack.org/murano/latest/>`__
 - `Neutron <https://docs.openstack.org/neutron/latest/>`__
 - `Nova <https://docs.openstack.org/nova/latest/>`__
 - `Octavia <https://docs.openstack.org/octavia/latest/>`__
-- `Sahara <https://docs.openstack.org/sahara/latest/>`__
-- `Senlin <https://docs.openstack.org/senlin/latest/>`__
-- `Solum <https://docs.openstack.org/solum/latest/>`__
-- `Swift <https://docs.openstack.org/swift/latest/>`__
+- Skyline (`APIServer <https://docs.openstack.org/skyline-apiserver/latest/>`__ and `Console <https://docs.openstack.org/skyline-console/latest/>`__)
 - `Tacker <https://docs.openstack.org/tacker/latest/>`__
 - `Trove <https://docs.openstack.org/trove/latest/>`__
-- `Vitrage <https://docs.openstack.org/vitrage/latest/>`__
 - `Watcher <https://docs.openstack.org/watcher/latest/>`__
 - `Zun <https://docs.openstack.org/zun/latest/>`__
 
@@ -130,7 +124,7 @@ Kolla provides images to deploy the following infrastructure components:
 - `MariaDB and Galera Cluster <https://mariadb.com/kb/en/library/galera-cluster/>`__
   for highly available MySQL databases.
 - `Memcached <https://www.memcached.org/>`__ a distributed memory object caching system.
-- `Open vSwitch <https://www.openvswitch.org/>`__ and Linuxbridge back ends for Neutron.
+- `Open vSwitch <https://www.openvswitch.org/>`__ for use with Neutron.
 - MariaDB Backup A tool which provides a method of performing a hot backup of your MySQL data while the
   system is running.
 - `Prometheus <https://prometheus.io/>`__ an open-source systems monitoring
@@ -139,7 +133,7 @@ Kolla provides images to deploy the following infrastructure components:
   direct messaging back end for communication between services.
 - `RabbitMQ <https://www.rabbitmq.com/>`__ as a broker messaging back end for
   communication between services.
-- `Redis Sentinel <https://redis.io/topics/sentinel>`__ provides high availability for redis
+- `Valkey Sentinel <https://valkey.io/topics/sentinel>`__ provides high availability for valkey
   along with collateral tasks such as monitoring, notification and acts as configuration
   provider for clients.
 - `Telegraf <https://www.docs.influxdata.com/telegraf/>`__ as a plugin-driven server
@@ -185,9 +179,9 @@ Contributors
 ============
 
 Check out who is `contributing
-code <https://stackalytics.com/?module=kolla-group&metric=commits>`__ and
+code <https://stackalytics.io/?module=kolla-group&metric=commits>`__ and
 `contributing
-reviews <https://stackalytics.com/?module=kolla-group&metric=marks>`__.
+reviews <https://stackalytics.io/?module=kolla-group&metric=marks>`__.
 
 Notices
 =======

bindep.txt

@@ -1,8 +0,0 @@
-libffi-dev [platform:dpkg]
-libffi-devel [platform:rpm]
-gcc [platform:rpm]
-gcc [platform:dpkg]
-python3-dev [platform:dpkg]
-python3-devel [platform:rpm]
-openssl-devel [platform:rpm]
-libssl-dev [platform:dpkg]

doc/source/admin/image-building.rst

@@ -2,11 +2,16 @@
 Building Container Images
 =========================
 
-Firstly, ensure ``kolla`` is installed.
+Firstly, ensure ``kolla`` and the container engine of your choice is installed.
+
+Currently supported container engines are ``docker`` and ``podman``.
 
 .. code-block:: console
 
    python3 -m pip install kolla
+   #only one of these is needed:
+   python3 -m pip install podman
+   python3 -m pip install docker
 
 Then, the :command:`kolla-build` command is available for building
 Docker images.
@@ -114,21 +119,6 @@ To push images to a :kolla-ansible-doc:`local registry
 Build OpenStack from source
 ===========================
 
-When building images, there are two methods of the OpenStack install. One is
-``binary``. Another is ``source``. The ``binary`` means that OpenStack will be
-installed from apt/dnf. And the ``source`` means that OpenStack will be
-installed from upstream sources. The default method of the OpenStack install is
-``source``. It can be changed to ``binary`` using the ``-t`` option:
-
-.. code-block:: console
-
-   kolla-build -t binary
-
-.. note::
-
-   Building of binary images is deprecated in Yoga. Please switch to source
-   ones.
-
 The locations of OpenStack source code are written in ``kolla-build.conf``.
 The source's ``type`` supports ``url``, ``git`` and ``local``. The
 ``location`` of the ``local`` source type can point to either a directory
@@ -164,6 +154,19 @@ The ``kolla-build.conf`` file could look like this:
    Note that the name of the section should exactly match the image name
    you are trying to change source location for.
 
+If using the ``local`` source type, the ``--locals-base`` flag can be used to
+define a path prefix, which you can reference in the config.
+
+.. path etc/kolla/kolla-build.conf
+.. code-block:: ini
+
+  [DEFAULTS]
+  locals_base = /home/kolla/src
+
+  [heat-base]
+  type = local
+  location = $locals_base/heat
+
 .. _dockerfile-customisation:
 
 Dockerfile customisation
@@ -211,7 +214,7 @@ First, create a file to contain the customisations, for example:
    {% extends parent_template %}
 
    # Horizon
-   {% block horizon_redhat_binary_setup %}
+   {% block horizon_ubuntu_source_setup %}
    RUN useradd --user-group myuser
    {% endblock %}
 
@@ -249,10 +252,10 @@ Packages customisation
 
 Packages installed as part of an image build can be overridden, appended to,
 and deleted. Taking the Horizon example, the following packages are installed
-as part of a binary install type build (among others):
+as part of a package install (among others):
 
-* ``openstack-dashboard``
-* ``openstack-magnum-ui``
+* ``gettext``
+* ``locales``
 
 To add a package to this list, say, ``iproute``, first create a file,
 for example, ``template-overrides.j2``. In it place the following:
@@ -286,25 +289,153 @@ append
 remove
     Remove a package from the default list.
 
-To remove a package from that list, say ``openstack-magnum-ui``, one would do:
+To remove a package from that list, say ``locales``, one would do:
 
 .. code-block:: jinja
 
    {% extends parent_template %}
 
    # Horizon
-   {% set horizon_packages_remove = ['openstack-magnum-ui'] %}
+   {% set horizon_packages_remove = ['locales'] %}
+
+An example of this is the Grafana plugins, which are mentioned in the next
+section.
+
+Grafana plugins
+^^^^^^^^^^^^^^^
+
+Additional Grafana plugins can be installed by adding the plugin name to the
+``grafana_plugins_append`` list. Plugins can also be removed by adding the
+plugin name to the ``grafana_plugins_remove`` list. Additionally the entire
+list can be overridden by setting the ``grafana_plugins_override`` variable.
+
+.. code-block:: ini
+
+   grafana_plugins_append:
+      - grafana-piechart-panel
+      - vonage-status-panel
+
+Patching customization
+----------------------
+
+Kolla provides functionality to apply patches to Docker images during the build
+process. This allows users to modify existing files or add new ones as part of
+the image creation.
+
+You need to define a ``patches_path`` in the ``[DEFAULT]`` section of
+the ``/etc/kolla/kolla-build.conf`` file. This directory will be used to store
+patches for the images.
+
+.. path etc/kolla/kolla-build.conf
+.. code-block:: ini
+
+  [DEFAULT]
+  patches_path = /path/to/your/patches
+
+Create a directory for each image you want to patch, following a directory
+structure similar to the Debian patch quilt format. Refer to
+`quilt documentation <https://linux.die.net/man/1/quilt>`_. for more details.
+
+- ``<patches_path>/image_name/`` : The directory for the specific image.
+- ``<patches_path>/image_name/some-patch`` : Contains the patch content.
+- ``<patches_path>/image_name/another-patch`` : Contains the patch content.
+- ``<patches_path>/image_name/series`` : Lists the order in which the patches
+  will be applied.
+
+For example, if you want to patch the ``nova-api`` image, the structure would
+look like this:
+
+.. code-block:: console
+
+   /path/to/your/patches/nova-api/some-patch
+   /path/to/your/patches/nova-api/another-patch
+   /path/to/your/patches/nova-api/series
+
+The ``series`` file should list the patches in the order they should be
+applied:
+
+.. code-block:: console
+
+   some-patch
+   another-patch
+
+When the images are built using ``kolla-build``, the patches defined in the
+``patches_path`` will automatically be applied to the corresponding images.
+
+After the patches are applied, Kolla stores information about the applied
+patches in ``/etc/kolla/patched``. The patch files themselves are stored
+in the ``/patches`` directory within the image. This allows you to track
+which patches have been applied to each image for debugging or
+verification purposes.
 
 Python packages build options
 -----------------------------
 
 The block ``base_pip_conf`` in the ``base`` Dockerfile can be used to provide
 the PyPI build customisation options via the standard environment variables
-like ``PIP_INDEX_URL``, ``PIP_TRUSTED_HOST``, etc. Also here can be provided
-the standard environment variable ``UPPER_CONSTRAINTS_FILE`` used for building
-the ``bifrost_deploy`` container when PyPI upper-constraints needs to be
-overridden. Also this variable would be used in the ``kolla-toolbox`` if
-provided instead of the defaults.
+like ``PIP_INDEX_URL``, ``PIP_TRUSTED_HOST``, etc.
+
+To override PYPI upper-constraints of all OpenStack images, you can
+define the source location of openstack-base. in ``kolla-build.conf``.
+
+Upstream repository of `openstack-base (requirements) <https://opendev.org/openstack/requirements>`__
+has a source of
+`upper constraints file <https://opendev.org/openstack/requirements/src/branch/master/upper-constraints.txt>`__.
+
+Make a fork or clone the repository then customise ``upper-constraints.txt``
+and define the location of ``openstack-base`` in ``kolla_build.conf``.
+
+.. path /etc/kolla/kolla-build.conf
+.. code-block:: ini
+
+   # These examples use upstream openstack-base as a demonstration
+   # To use custom openstack-base, make changes accordingly
+
+   # Using git source
+   [openstack-base]
+   type = git
+   location = https://opendev.org/openstack/requirements
+   reference = master
+
+   # Using URL source
+   [openstack-base]
+   type = url
+   location = https://tarballs.opendev.org/openstack/requirements/requirements-master.tar.gz
+
+   # Using local source
+   [openstack-base]
+   type = local
+   location = /home/kolla/src/requirements
+
+To remove or change the version of specific Python packages in
+``openstack-base`` upper-constraints, you can use the block
+``openstack_base_override_upper_constraints`` in your template file,
+for example, ``template-overrides.j2``:
+
+.. code-block:: jinja
+
+   {% block openstack_base_override_upper_constraints %}
+   RUN {{ macros.upper_constraints_version_change("sqlparse", "0.4.4", "0.5.0") }}
+   RUN {{ macros.upper_constraints_remove("reno") }}
+   {% endblock %}
+
+``kolla-toolbox`` image needs different approach as it does not uses
+``openstack-base`` as a base image.
+A variable ``UPPER_CONSTRAINTS_FILE`` is set in the
+Dockerfile of ``kolla-toolbox``.
+To change variable, add the following contents to the
+``kolla_toolbox_pip_conf`` block in your template file, for example,
+``template-overrides.j2``:
+
+.. code-block:: jinja
+
+   {% block kolla_toolbox_pip_conf %}
+   ENV UPPER_CONSTRAINTS_FILE=https://releases.openstack.org/constraints/upper/master
+   {% endblock %}
+
+.. note::
+
+   ``UPPER_CONSTRAINTS_FILE`` must be a valid URL to the file
 
 Plugin functionality
 --------------------
@@ -338,10 +469,6 @@ repository may be missed on subsequent builds. To solve this, the
 time, which will be automatically made available to the build, within an
 archive named ``plugins-archive``.
 
-.. note::
-
-   The following is available for source build types only.
-
 To use this, add a section to ``kolla-build.conf`` in the following format:
 
 .. path /etc/kolla/kolla-build.conf
@@ -402,6 +529,7 @@ Some of these plugins used to be enabled by default but, due to
 their release characteristic, have been excluded from the default builds.
 Please read the included ``README.rst`` to learn how to apply them.
 
+
 Additions functionality
 -----------------------
 
@@ -417,10 +545,6 @@ difference between ``plugins-archive`` and ``additions-archive`` is that
 install available plugins while ``additions-archive`` processing is left solely
 to the Kolla user.
 
-.. note::
-
-   The following is available for source build types only.
-
 To use this, add a section to ``kolla-build.conf`` in the following format:
 
 .. path /etc/kolla/kolla-build.conf
@@ -450,10 +574,6 @@ structure:
    |__ additions
        |__jenkins
 
-Alternatively, it is also possible to create an ``additions-archive.tar`` file
-yourself bypasssing ``kolla-build.conf`` in order to work with binary build
-type.
-
 The template becomes now:
 
 .. code-block:: jinja
@@ -463,6 +583,98 @@ The template becomes now:
    RUN cp /additions/jenkins/jenkins.json /jenkins.json
    {% endblock %}
 
+Custom docker templates
+-----------------------
+
+In order to unify the process of managing OpenStack-related projects, Kolla
+provides a way of building images for external 'non-built-in' projects.
+
+If the template for a 'non-built-in' project meets Kolla template standards,
+an operator can provide a root directory with a template via the
+``--docker-dir`` CLI option (can be specified multiple times).
+
+All Kolla's jinja2 macros should be available the same as for built-in
+projects with some notes:
+
+- The ``configure_user`` macro. As the 'non-built-in' user is unknown to Kolla,
+  there are no default values for user ID and group ID to use.
+  To use this macro, an operator should specify "non-default" user details
+  with ``<custom_user_name>-user`` configuration section and include info
+  for ``uid`` and ``gid`` at least.
+
+Let's look into how an operator can build an image for an in-house project
+with Kolla using `openstack/releases <https://opendev.org/openstack/releases>`_
+project.
+
+First, create a ``Dockerfile.j2`` template for the project.
+
+.. path /home/kolla/custom-kolla-docker-templates/releaser/Dockerfile.j2
+.. code-block:: jinja
+
+   FROM {{ namespace }}/{{ image_prefix }}openstack-base:{{ tag }}
+
+   {% block labels %}
+   LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build_date }}"
+   {% endblock %}
+
+   {% block releaser_header %}{% endblock %}
+
+   {% import "macros.j2" as macros with context %}
+
+   {{ macros.configure_user(name='releaser') }}
+
+   RUN ln -s releaser-source/* /releaser \
+       && {{ macros.install_pip(['/releaser-source']  | customizable("pip_packages")) }} \
+       && mkdir -p /etc/releaser \
+       && chown -R releaser: /etc/releaser \
+       && chmod 750 /etc/sudoers.d \
+       && touch /usr/local/bin/kolla_releaser_extend_start \
+       && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_releaser_extend_start
+
+   {% block footer %}{% endblock %}
+
+Suggested directory structure:
+
+.. code-block:: console
+
+   custom-kolla-docker-templates
+   |__ releaser
+       |__ Dockerfile.j2
+
+Then, modify Kolla's configuration so the engine can download sources and
+configure users.
+
+.. path /etc/kolla/kolla-build.conf
+.. code-block:: ini
+
+   [releaser]
+   type = git
+   location = https://opendev.org/openstack/releases
+   reference = master
+
+   [releaser-user]
+   uid = 53001
+   gid = 53001
+
+Last pre-check before building a new image - ensure that the new template
+is visible for Kolla:
+
+.. code-block:: console
+
+   $ kolla-build --list-images --docker-dir custom-kolla-docker-templates "^releaser$"
+   1 : base
+   2 : releaser
+   3 : openstack-base
+
+And finally, build the ``releaser`` image, passing the ``--docker-dir``
+argument:
+
+.. code-block:: console
+
+   kolla-build --docker-dir custom-kolla-docker-templates "^releaser$"
+
+Can I use the ``--template-override`` option for custom templates? Yes!
+
 Custom repos
 ------------
 
@@ -471,23 +683,16 @@ Red Hat
 
 Kolla allows the operator to build containers using custom repos.
 The repos are accepted as a list of comma separated values and can be in the
-form of ``.repo``, ``.rpm``, or a url. See examples below.
-
-To use current RDO packages (aka Delorean or DLRN), update ``rpm_setup_config``
-in ``kolla-build.conf``:
-
-.. path /etc/kolla/kolla-build.conf
-.. code-block:: ini
-
-   rpm_setup_config = https://trunk.rdoproject.org/centos8/current/delorean.repo,https://trunk.rdoproject.org/centos8/delorean-deps.repo
+form of ``.repo``, ``.rpm``, or a url.
 
 If specifying a ``.repo`` file, each ``.repo`` file will need to exist in the
-same directory as the base Dockerfile (``kolla/docker/base``):
+same directory as the base Dockerfile (``kolla/docker/base``) or you need to
+specify a url:
 
 .. path kolla/docker/base
 .. code-block:: ini
 
-   rpm_setup_config = epel.repo,delorean.repo,delorean-deps.repo
+   rpm_setup_config = epel.repo,https://remote-server.com/your-repo.repo
 
 Debian / Ubuntu
 ^^^^^^^^^^^^^^^
@@ -535,6 +740,28 @@ variables that will be picked up from the user env:
 Also these variables could be overwritten using ``--build-args``, which have
 precedence.
 
+Cross-compiling
+---------------
+
+It is possible to cross-compile container images in order to, e.g., build
+``aarch64`` images on a ``x86_64`` machine.
+
+To build ``ARM`` images on ``x86_64`` platform, pass the ``--base-arch`` and
+``--platform`` arguments:
+
+.. code-block:: console
+
+   kolla-build --platform linux/arm64 --base-arch aarch64
+
+.. note::
+
+   To make this work on x86_64 platform you can use tools like: `qemu-user-static
+   <https://github.com/multiarch/qemu-user-static>`_ or `binfmt
+   <https://github.com/tonistiigi/binfmt>`_.
+
+   To make this work on Apple Silicon you can use Docker Desktop or Podman
+   Desktop to build ``x86_64`` or native ``ARM`` images.
+
 Known issues
 ============
 

doc/source/admin/kolla_api.rst

@@ -65,6 +65,9 @@ The `kolla_set_configs`_ script understands the following attributes:
     Must be passed in the numeric octal form.
   * **recurse**: whether to apply the change recursively over the target
     directory. Boolean, defaults to ``false``.
+  * **exclude**: array of names of the directories or files to be excluded when
+    ``recurse`` is set to ``true``. Supports Python regular expressions.
+    Defaults to empty array.
 
 Here is an example configuration file:
 
@@ -85,7 +88,8 @@ Here is an example configuration file:
             {
                 "path": "/var/log/kolla/trove",
                 "owner": "trove:trove",
-                "recurse": true
+                "recurse": true,
+                "exclude": ["/var/log/^snapshot.*"]
             }
         ]
     }
@@ -93,27 +97,17 @@ Here is an example configuration file:
 Passing the configuration file to the container
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-The configuration can be either passed via the ``KOLLA_CONFIG`` environment
-variable or as a file bind-mounted into the container. When bind-mounting the
-configuration file, the ``KOLLA_CONFIG_FILE`` environment variable controls
-where the file is located in the container, the default path being
+The configuration to the container can be passed through a dedicated path:
 ``/var/lib/kolla/config_files/config.json``.
-
-Passing the configuration file as environment variable:
-
-.. code-block:: console
-
-   docker run -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS \
-       -e KOLLA_CONFIG='{ "command": "...", "permissions": [ { "path": "...", } ] }' \
-       kolla-image
+It is advised to ensure this path is mounted read-only for security reasons.
 
 Mounting the configuration file in the container:
 
 .. code-block:: console
 
    docker run -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS \
-       -e KOLLA_CONFIG_FILE=/config.json \
-       -v /path/to/config.json:/config.json kolla-image
+       -v /path/to/config.json:/var/lib/kolla/config_files/config.json:ro \
+       kolla-image
 
 .. _kolla_api_environment_variables:
 
@@ -126,10 +120,6 @@ Variables to pass to the containers
 The Kolla containers also understand some environment variables to change their
 behavior at runtime:
 
-* **KOLLA_CONFIG**: load kolla config from the environment, takes precedence
-  over ``KOLLA_CONFIG_FILE``.
-* **KOLLA_CONFIG_FILE**: path to kolla json config file, defaults to
-  ``/var/lib/kolla/config_files/config.json``.
 * **KOLLA_CONFIG_STRATEGY** (required): Defines how the :ref:`kolla_start
   script <kolla_api_external_config>` copies the configuration file. Must be
   one of:
@@ -149,6 +139,10 @@ behavior at runtime:
   code defined in the images ``extend_start.sh`` scripts. Not set by default.
 * **KOLLA_UPGRADE**: if set, and supported by the image, runs the upgrade code
   defined in the images ``extend_start.sh`` scripts. Not set by default.
+* **KOLLA_UPGRADE_CHECK**: if set, and supported by the image, runs the
+  ``<service>-status upgrade check`` command, defined in the images
+  ``extend_start.sh`` scripts. Currently, this is hard-coded to just
+  ``nova-status upgrade check``. Not set by default.
 * **KOLLA_OSM**: if set, and supported by the image, runs the online database
   migration code defined in the images ``extend_start.sh`` scripts. Not set by
   default.
@@ -168,5 +162,3 @@ scripts:
 
 * **KOLLA_BASE_DISTRO**: ``base_distro`` used to build the image (e.g. centos,
   ubuntu)
-* **KOLLA_INSTALL_TYPE**: ``install_type`` used to build the image (binary,
-  source)

doc/source/ceph_versions.csv

@@ -1,5 +1,5 @@
 Distro,Ceph,
 ,Source, Release
-CentOS,CentOS Storage SIG,Pacific
-Ubuntu,Ubuntu Cloud Archive,Pacific
-Debian,Debian,Nautilus
+Rocky Linux,CentOS Storage SIG,Squid
+Ubuntu,Ubuntu,Squid
+Debian,Debian,Pacific

doc/source/contributor/adding-a-new-image.rst

@@ -3,7 +3,7 @@ Adding a new image
 ==================
 
 Kolla follows `Best practices for writing Dockerfiles
-<https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/>`__
+<https://docs.docker.com/develop/develop-images/dockerfile_best-practices/>`__
 where at all possible.
 
 We use ``jinja2`` templating syntax to help manage the volume and complexity
@@ -40,10 +40,6 @@ OpenStack project base image is as follows:
 
    {% import "macros.j2" as macros with context %}
 
-   << binary specific steps >>
-
-   << source specific steps >>
-
    << common steps >>
 
    {% block << service >>_footer %}{% endblock %}
@@ -60,34 +56,31 @@ provided, copy its Dockerfile structure and amend it to new needs.
 Distribution support
 ====================
 
-By default, every new image should support all supported distributions (CentOS,
-Debian, Ubuntu) and both x86-64 and aarch64 architectures. Sometimes it is not
+By default, every new image should support all supported distributions (Debian,
+Ubuntu, Rocky) and both x86-64 and aarch64 architectures. Sometimes it is not
 doable so we have list of `unbuildable images` for that.
 
 Unbuildable images
 ~~~~~~~~~~~~~~~~~~
 
-In ``kolla/image/build.py`` source file we keep a list of images which cannot
-be built for some distribution/architecture/build-type combinations.
+In ``kolla/image/unbuildable.py`` source file we keep a list of images which
+cannot be built for some distribution/architecture/build-type combinations.
 
 .. code-block:: python
 
+   # Note: These are just examples, find the current list at
+   # https://opendev.org/openstack/kolla/src/branch/master/kolla/image/unbuildable.py
    UNBUILDABLE_IMAGES = {
        'aarch64': {
-           "bifrost-base",      # someone need to get upstream working first
+           "bifrost-base",    # someone need to get upstream working first
        },
 
-       'binary': {
-           "bifrost-base",
-           "blazar-base",
-       },
-
-       'ubuntu': {
-          "qdrouterd",  # There is no qdrouterd package for ubuntu bionic
+       'centos': {
+           "hacluster-pcs",   # Missing crmsh package
        },
 
        'ubuntu+aarch64': {
-           "kibana",        # no binary package
+           "kibana",          # no binary package
        },
    }
 

doc/source/contributor/contributing.rst

@@ -18,6 +18,8 @@ The source repository for this project can be found at:
 
    https://opendev.org/openstack/kolla
 
+.. _communication:
+
 Communication
 ~~~~~~~~~~~~~
 
@@ -25,10 +27,10 @@ IRC Channel
     ``#openstack-kolla`` (`channel logs`_) on `OFTC <http://oftc.net>`_
 
 Weekly Meetings
-    On Wednesdays at 15:00 UTC in the IRC channel (`meetings logs`_)
+    In the IRC channel (`meeting information`_)
 
 Mailing list (prefix subjects with ``[kolla]``)
-    http://lists.openstack.org/pipermail/openstack-discuss/
+    https://lists.openstack.org/pipermail/openstack-discuss/
 
 Meeting Agenda
     :ref:`Meeting agenda <meeting-agenda>`
@@ -38,89 +40,79 @@ Whiteboard (etherpad)
     planning and feature development status.
     https://etherpad.openstack.org/p/KollaWhiteBoard
 
-.. _channel logs: http://eavesdrop.openstack.org/irclogs/%23openstack-kolla/
-.. _meetings logs:  http://eavesdrop.openstack.org/meetings/kolla/
+.. _channel logs: https://meetings.opendev.org/irclogs/%23openstack-kolla/
+.. _meeting information: https://meetings.opendev.org/#Kolla_Team_Meeting
 
 Contacting the Core Team
 ~~~~~~~~~~~~~~~~~~~~~~~~
 
-The list in alphabetical order (on first name):
+In general it is suggested to use the above mentioned public communication
+channels, but if you find that you need to contact someone from the Core team
+directly, you can find the lists in Gerrit:
 
-+-----------------------+---------------+------------------------------------+
-| Name                  | IRC nick      | Email address                      |
-+=======================+===============+====================================+
-| `Christian Berendt`_  | berendt       | berendt@betacloud-solutions.de     |
-+-----------------------+---------------+------------------------------------+
-| `Dincer Celik`_       | osmanlicilegi | hello@dincercelik.com              |
-+-----------------------+---------------+------------------------------------+
-| `Eduardo Gonzalez`_   | egonzalez     | dabarren@gmail.com                 |
-+-----------------------+---------------+------------------------------------+
-| `Jeffrey Zhang`_      | Jeffrey4l     | jeffrey.zhang@99cloud.net          |
-+-----------------------+---------------+------------------------------------+
-| `Marcin Juszkiewicz`_ | hrw           | marcin.juszkiewicz@linaro.org      |
-+-----------------------+---------------+------------------------------------+
-| `Mark Goddard`_       | mgoddard      | mark@stackhpc.com                  |
-+-----------------------+---------------+------------------------------------+
-| `Michał Nasiadka`_    | mnasiadka     | mnasiadka@gmail.com                |
-+-----------------------+---------------+------------------------------------+
-| `Radosław Piliszek`_  | yoctozepto    | radoslaw.piliszek@gmail.com        |
-+-----------------------+---------------+------------------------------------+
-| `Surya Prakash`_      | spsurya       | singh.surya64mnnit@gmail.com       |
-+-----------------------+---------------+------------------------------------+
-| `Cao Yuan`_           | caoyuan       | cao.yuan@99cloud.net               |
-+-----------------------+---------------+------------------------------------+
-| `wu.chunyang`_        | wuchunyang    | wuchunyang@yovole.com              |
-+-----------------------+---------------+------------------------------------+
-
-.. _Christian Berendt: https://launchpad.net/~berendt
-.. _Dincer Celik: https://launchpad.net/~osmanlicilegi
-.. _Eduardo Gonzalez: https://launchpad.net/~egonzalez90
-.. _Jeffrey Zhang: https://launchpad.net/~jeffrey4l
-.. _Marcin Juszkiewicz: https://launchpad.net/~hrw
-.. _Mark Goddard: https://launchpad.net/~mgoddard
-.. _Michał Nasiadka: https://launchpad.net/~mnasiadka
-.. _Radosław Piliszek: https://launchpad.net/~yoctozepto
-.. _Surya Prakash: https://launchpad.net/~confisurya
-.. _Cao Yuan: https://launchpad.net/~caoi-yuan
-.. _wu.chunyang: https://launchpad.net/~wuchunyang
-
-The current effective list is also available from Gerrit:
-https://review.opendev.org/#/admin/groups/460,members
+- `Kolla core team <https://review.opendev.org/admin/groups/kolla-core,members>`__
+- `Kayobe core team <https://review.opendev.org/admin/groups/kayobe-core,members>`__
 
 New Feature Planning
 ~~~~~~~~~~~~~~~~~~~~
 
-New features are discussed via IRC or mailing list (with [kolla] prefix).
-Kolla project keeps blueprints in `Launchpad <https://blueprints.launchpad.net/kolla>`__.
-Specs are welcome but not strictly required.
+New features are discussed on PTG, via IRC or mailing list (with [kolla]
+prefix).
 
 Task Tracking
 ~~~~~~~~~~~~~
 
-Kolla project tracks tasks in `Launchpad <https://bugs.launchpad.net/kolla>`__.
-Note this is the same place as for bugs.
+Kolla family projects track tasks and bugs in Launchpad:
+
+- `Kolla <https://bugs.launchpad.net/kolla>`__
+- `Kolla Ansible <https://bugs.launchpad.net/kolla-ansible>`__
+- `Ansible Collection Kolla <https://bugs.launchpad.net/ansible-collection-kolla>`__
+- `Kayobe <https://bugs.launchpad.net/kayobe>`__
 
 If you're looking for some smaller, easier work item to pick up and get started
-on, search for the 'low-hanging-fruit' tag.
+on, search for the 'low-hanging-fruit' tag in the relevant project.
 
 A more lightweight task tracking is done via etherpad - `Whiteboard <https://etherpad.openstack.org/p/KollaWhiteBoard>`__.
 
 Reporting a Bug
 ~~~~~~~~~~~~~~~
 
-You found an issue and want to make sure we are aware of it? You can do so
-on `Launchpad <https://bugs.launchpad.net/kolla>`__.
-Note this is the same place as for tasks.
+You found an issue and want to make sure we are aware of it?
+Please report it in the appropriate Launchpad project:
+
+- `Kolla <https://bugs.launchpad.net/kolla>`__
+- `Kolla Ansible <https://bugs.launchpad.net/kolla-ansible>`__
+- `Ansible Collection Kolla <https://bugs.launchpad.net/ansible-collection-kolla>`__
+- `Kayobe <https://bugs.launchpad.net/kayobe>`__
+
+Note these are also used for task tracking.
 
 Getting Your Patch Merged
 ~~~~~~~~~~~~~~~~~~~~~~~~~
 
 Most changes proposed to Kolla require two +2 votes from core reviewers before
-+W. A release note is required on most changes as well. Release notes policy
+being approved and sent to the gate queue for merging. A release note is
+required on most changes as well. Release notes policy
 is described in :ref:`its own section <release-notes>`.
 
 Significant changes should have documentation and testing provided with them.
 
+To see an overview of in-progress patches, sorted into useful sections, you can
+view the:
+
+- `Kolla Review Dashboard <https://review.opendev.org/dashboard/?title=Kolla+Review+Dashboard&foreach=project%3Aopenstack%2Fkolla+status%3Aopen+NOT+label%3AWorkflow%3C%3D%2D1+NOT+label%3ACode%2DReview%3C%3D%2D2&High+priority+changes=label%3AReview%2DPriority%3D2&Priority+changes=label%3AReview%2DPriority%3D1&Feature+freeze=label%3AReview%2DPriority%3D%2D1&Stable+branch+backports=branch%3A%5Estable%2F.%2A+status%3Aopen+NOT+label%3AReview%2DPriority%3D%2D1&Small+things+%28%3C25+LOC%2C+limit+25%29+on+master+branch=delta%3A%3C%3D25+limit%3A25+NOT+label%3ACode%2DReview%2D1+label%3AVerified%3E%3D1%2Czuul+NOT+label%3AReview%2DPriority%3D%2D1+branch%3Amaster&Needs+Final+Approval+%28to+land+on+master+branch%29=NOT+label%3AWorkflow%3E%3D1+NOT+label%3AWorkflow%3C%3D%2D1+NOT+owner%3Aself+label%3ACode%2DReview%3E%3D2+label%3AVerified%3E%3D1%2Czuul+NOT+label%3AReview%2DPriority%3D%2D1+branch%3Amaster&Needs+revisit+%28You+were+a+reviewer+but+haven%27t+voted+in+the+current+revision%29=reviewer%3Aself+limit%3A50&Newer+%28%3C1wk%29+Open+Patches+%28limit+25%29+on+master+branch=%2Dage%3A1week+limit%3A25+NOT+label%3AWorkflow%3E%3D1+label%3AVerified%3E%3D1%2Czuul+NOT+label%3ACode%2DReview%3E%3D2+NOT+label%3AReview%2DPriority%3D%2D1+branch%3Amaster&Older+%28%3E1wk%29+Open+Patches+Passing+Zuul+Tests+%28limit+50%29+on+master+branch=age%3A1week+limit%3A50+NOT+label%3AWorkflow%3E%3D1+NOT+label%3ACode%2DReview%3C%3D%2D1+NOT+label%3ACode%2DReview%3E%3D1+label%3AVerified%3E%3D1%2Czuul+NOT+label%3AReview%2DPriority%3D%2D1+branch%3Amaster>`__
+
+- `Kolla Ansible Review Dashboard <https://review.opendev.org/dashboard/?title=Kolla%2DAnsible+Review+Dashboard&foreach=project%3Aopenstack%2Fkolla%2Dansible+status%3Aopen+NOT+label%3AWorkflow%3C%3D%2D1+NOT+label%3ACode%2DReview%3C%3D%2D2&High+priority+changes=label%3AReview%2DPriority%3D2&Priority+changes=label%3AReview%2DPriority%3D1&Feature+freeze=label%3AReview%2DPriority%3D%2D1&Stable+branch+backports=branch%3A%5Estable%2F.%2A+status%3Aopen+NOT+label%3AReview%2DPriority%3D%2D1&Small+things+%28%3C25+LOC%2C+limit+25%29+on+master+branch=delta%3A%3C%3D25+limit%3A25+NOT+label%3ACode%2DReview%2D1+label%3AVerified%3E%3D1%2Czuul+NOT+label%3AReview%2DPriority%3D%2D1+branch%3Amaster&Needs+Final+Approval+%28to+land+on+master+branch%29=NOT+label%3AWorkflow%3E%3D1+NOT+label%3AWorkflow%3C%3D%2D1+NOT+owner%3Aself+label%3ACode%2DReview%3E%3D2+label%3AVerified%3E%3D1%2Czuul+NOT+label%3AReview%2DPriority%3D%2D1+branch%3Amaster&Needs+revisit+%28You+were+a+reviewer+but+haven%27t+voted+in+the+current+revision%29=reviewer%3Aself+limit%3A50&Newer+%28%3C1wk%29+Open+Patches+%28limit+25%29+on+master+branch=%2Dage%3A1week+limit%3A25+NOT+label%3AWorkflow%3E%3D1+label%3AVerified%3E%3D1%2Czuul+NOT+label%3ACode%2DReview%3E%3D2+NOT+label%3AReview%2DPriority%3D%2D1+branch%3Amaster&Older+%28%3E1wk%29+Open+Patches+Passing+Zuul+Tests+%28limit+50%29+on+master+branch=age%3A1week+limit%3A50+NOT+label%3AWorkflow%3E%3D1+NOT+label%3ACode%2DReview%3C%3D%2D1+NOT+label%3ACode%2DReview%3E%3D1+label%3AVerified%3E%3D1%2Czuul+NOT+label%3AReview%2DPriority%3D%2D1+branch%3Amaster>`__
+
+- `Ansible Collection Kolla Review Dashboard <https://review.opendev.org/dashboard/?title=ansible%2Dcollection%2Dkolla+Review+Dashboard&foreach=project%3Aopenstack%2Fansible%2Dcollection%2Dkolla+status%3Aopen+NOT+label%3AWorkflow%3C%3D%2D1+NOT+label%3ACode%2DReview%3C%3D%2D2&High+priority+changes=label%3AReview%2DPriority%3D2&Priority+changes=label%3AReview%2DPriority%3D1&Feature+freeze=label%3AReview%2DPriority%3D%2D1&Stable+branch+backports=branch%3A%5Estable%2F.%2A+status%3Aopen+NOT+label%3AReview%2DPriority%3D%2D1&Small+things+%28%3C25+LOC%2C+limit+25%29+on+master+branch=delta%3A%3C%3D25+limit%3A25+NOT+label%3ACode%2DReview%2D1+label%3AVerified%3E%3D1%2Czuul+NOT+label%3AReview%2DPriority%3D%2D1+branch%3Amaster&Needs+Final+Approval+%28to+land+on+master+branch%29=NOT+label%3AWorkflow%3E%3D1+NOT+label%3AWorkflow%3C%3D%2D1+NOT+owner%3Aself+label%3ACode%2DReview%3E%3D2+label%3AVerified%3E%3D1%2Czuul+NOT+label%3AReview%2DPriority%3D%2D1+branch%3Amaster&Needs+revisit+%28You+were+a+reviewer+but+haven%27t+voted+in+the+current+revision%29=reviewer%3Aself+limit%3A50&Newer+%28%3C1wk%29+Open+Patches+%28limit+25%29+on+master+branch=%2Dage%3A1week+limit%3A25+NOT+label%3AWorkflow%3E%3D1+label%3AVerified%3E%3D1%2Czuul+NOT+label%3ACode%2DReview%3E%3D2+NOT+label%3AReview%2DPriority%3D%2D1+branch%3Amaster&Older+%28%3E1wk%29+Open+Patches+Passing+Zuul+Tests+%28limit+50%29+on+master+branch=age%3A1week+limit%3A50+NOT+label%3AWorkflow%3E%3D1+NOT+label%3ACode%2DReview%3C%3D%2D1+NOT+label%3ACode%2DReview%3E%3D1+label%3AVerified%3E%3D1%2Czuul+NOT+label%3AReview%2DPriority%3D%2D1+branch%3Amaster>`__
+
+- `Kayobe Review Dashboard <https://review.opendev.org/dashboard/?title=Kayobe+Review+Dashboard&foreach=%28project%3Aopenstack%2Fkayobe+OR+project%3Aopenstack%2Fkayobe%2Dconfig+OR+project%3Aopenstack%2Fkayobe%2Dconfig%2Ddev%29+status%3Aopen+NOT+label%3ACode%2DReview%3C%3D%2D2+NOT+label%3AWorkflow%3C%3D%2D1&High+priority+changes=label%3AReview%2DPriority%3D2&Priority+changes=label%3AReview%2DPriority%3D1&Feature+freeze=label%3AReview%2DPriority%3D%2D1&Stable+branch+backports=branch%3A%5Estable%2F.%2A+status%3Aopen+NOT+label%3AReview%2DPriority%3D%2D1&Small+things+%28%3C25+LOC%2C+limit+25%29+on+master+branch=delta%3A%3C%3D25+limit%3A25+NOT+label%3ACode%2DReview%2D1+label%3AVerified%3E%3D1%2Czuul+NOT+label%3AReview%2DPriority%3D%2D1+branch%3Amaster&Needs+Final+Approval+%28to+land+on+master+branch%29=NOT+label%3AWorkflow%3E%3D1+NOT+label%3AWorkflow%3C%3D%2D1+NOT+owner%3Aself+label%3ACode%2DReview%3E%3D2+label%3AVerified%3E%3D1%2Czuul+NOT+label%3AReview%2DPriority%3D%2D1+branch%3Amaster&Needs+revisit+%28You+were+a+reviewer+but+haven%27t+voted+in+the+current+revision%29=reviewer%3Aself+limit%3A50&Newer+%28%3C1wk%29+Open+Patches+%28limit+25%29+on+master+branch=%2Dage%3A1week+limit%3A25+NOT+label%3AWorkflow%3E%3D1+label%3AVerified%3E%3D1%2Czuul+NOT+label%3ACode%2DReview%3E%3D2+NOT+label%3AReview%2DPriority%3D%2D1+branch%3Amaster&Older+%28%3E1wk%29+Open+Patches+Passing+Zuul+Tests+%28limit+50%29+on+master+branch=age%3A1week+limit%3A50+NOT+label%3AWorkflow%3E%3D1+NOT+label%3ACode%2DReview%3C%3D%2D1+NOT+label%3ACode%2DReview%3E%3D1+label%3AVerified%3E%3D1%2Czuul+NOT+label%3AReview%2DPriority%3D%2D1+branch%3Amaster>`__
+
+.. note::
+
+   If you feel that your change is getting overlooked, reach out via
+   :ref:`preferred communication methods <communication>` to let us know.
+
 Project Team Lead Duties
 ~~~~~~~~~~~~~~~~~~~~~~~~
 

doc/source/contributor/index.rst

@@ -13,6 +13,7 @@ We welcome everyone to join our project!
    :maxdepth: 2
 
    contributing
+   kolla-design-philosophy
    running-in-development
    adding-a-new-image
    genconfig
@@ -24,3 +25,4 @@ We welcome everyone to join our project!
    release-management
    meeting
    ci
+   versions

doc/source/contributor/kolla-design-philosophy.rst

@@ -0,0 +1,47 @@
+=======================
+Kolla design philosophy
+=======================
+
+This page aims to explain the design choices that have been made
+in the Kolla projects (the main Kolla project for building the images
+as well as all subprojects aimed at deploying them).
+
+It is written down mostly for potential contributors but may be a good
+guideline for anyone using and integrating with Kolla projects as it gives
+an overview of what the preferred approach is. As noted, this is of great
+interest to contributors because it might explain why certain changes will
+get rejected and why some others will need a remake in order to be
+accepted.
+
+This page is likely an always-in-progress, living document.
+Please reach out to the team via the mailing list or the IRC channel to
+discuss the rules noted here, see our docs on
+:ref:`communication <communication>` for details.
+
+Do not own the deployed services' config defaults (unless necessary)
+--------------------------------------------------------------------
+
+In Kolla, we try not to own service config and its defaults.
+We believe the upstream services know best what works for them by default.
+
+This rule is overridden when a certain config option needs to be orchestrated
+among multiple services or otherwise needs to agree with certain other
+assumptions made in the environment. The notable exceptions here are the
+basic addressing of services and Keystone credentials.
+
+Prefer documented configuration via config overrides
+----------------------------------------------------
+
+... as opposed to new in-Ansible variables.
+
+This plays nicely with the config overrides capabilities of Kolla Ansible
+which let users easily customise the services' config to their hearts'
+contents regardless of what Kolla Ansible offers via Ansible variables.
+
+The reasoning behind this rule is that it lowers the maintenance burden
+yet it does not handicap the users - they can control every last detail
+of their config.
+
+One of the (not necessarily planned) side-effects of this is that users'
+config overrides are not locked-in for Kolla Ansible and can relatively
+easily be reused in other configuration systems.

doc/source/contributor/meeting.rst

@@ -4,9 +4,10 @@
 Weekly Kolla team meeting
 =========================
 
-Meeting time: Wednesdays at 15:00 UTC in #openstack-kolla (`OFTC`_).
+The Kolla project meets every Wednesday in #openstack-kolla (`OFTC`_).
 
-More info on how to join: https://meetings.opendev.org/#Kolla_Team_Meeting
+More info on how to join, including the meeting time:
+https://meetings.opendev.org/#Kolla_Team_Meeting
 
 We track CI, release, and feature status in the `whiteboard`_.
 
@@ -23,6 +24,7 @@ The regular agenda for the weekly meeting is as follows::
     * Review action items from the last meeting
     * CI status
     * Release tasks
+    * Regular stable releases (first meeting in a month)
     * Current cycle planning
     * Additional agenda (from whiteboard)
     * Open discussion

doc/source/contributor/ptl-guide.rst

@@ -99,7 +99,7 @@ Day to Day
 
 * Be available in IRC to help new and existing contributors
 
-* Keep track of the progress of cycle priorites
+* Keep track of the progress of cycle priorities
 
 * Monitor the core team membership, mentor potential cores
 

doc/source/contributor/release-management.rst

@@ -87,6 +87,8 @@ This needs to be done for each of the following projects:
 
 * https://launchpad.net/ansible-collection-kolla
 
+* https://launchpad.net/kayobe
+
 At the beginning of a cycle, ensure a named series exists for the cycle in each
 project. If not, create one via the project landing page (e.g.
 https://launchpad.net/kolla) - in the "Series and milestones" section click in
@@ -94,8 +96,6 @@ https://launchpad.net/kolla) - in the "Series and milestones" section click in
 milestones, including the final release. Series can be marked as "Active
 Development" or "Current Stable Release" as necessary.
 
-Kayobe uses Storyboard, which does not track series or milestones.
-
 Milestones
 ----------
 
@@ -146,18 +146,13 @@ R-17: Switch source images to current release
 
   * example: https://review.opendev.org/c/openstack/kayobe/+/763375
 
-R-8: Switch binary images to current release
---------------------------------------------
+R-8: Switch images to current release
+-------------------------------------
 
 .. note:: Debian does not provide repositories for the in-development release
           until much later in the cycle.
 
-* [kolla] Switch CentOS images to use the current in-development release
-  master RDO Delorean repository
-
-  * example: https://review.opendev.org/c/openstack/kolla/+/804269
-
-* [kolla] Switch Ubuntu binary images to use the current in-development release
+* [kolla] Switch Ubuntu images to use the current in-development release
   Ubuntu Cloud Archive (UCA) repository
 
   * example: https://review.opendev.org/c/openstack/kolla/+/782308
@@ -172,6 +167,18 @@ R-5: Cycle highlights deadline
 
   * example: https://review.opendev.org/c/openstack/releases/+/779482
 
+* [all] Check for new versions of infrastructure components
+
+  * ansible (incl. kolla-toolbox)
+  * ceph client libraries
+  * fluentd (td-agent)
+  * grafana
+  * mariadb
+  * opensearch
+  * openvswitch/OVN
+  * prometheus (incl. exporters)
+  * rabbitmq/erlang
+
 R-2: Feature freeze
 -------------------
 
@@ -225,11 +232,6 @@ Prior to creating an RC1 release candidate:
 
   * example: TODO
 
-* [kolla] Switch CentOS images to use the current in-development release
-  stable RDO Delorean repository
-
-  * example: https://review.opendev.org/c/openstack/kolla/+/787339
-
 R-0: Kolla & Kolla Ansible RC1 & stable branch creation
 -------------------------------------------------------
 
@@ -338,7 +340,7 @@ Prior to creating an RC1 release candidate:
 
   .. code-block:: console
 
-     cp -aR kayobe/etc/kayobe/* kayobe-config/etc/kayobe
+     rsync -a --delete kayobe/etc/kayobe/ kayobe-config/etc/kayobe
 
   Commit the changes and submit for review.
 
@@ -395,14 +397,7 @@ Several tasks are required to finalise the stable branch for release.
 
   * example: https://review.opendev.org/c/openstack/kolla-ansible/+/788292
 
-* [kolla] Switch CentOS images to use the CentOS Cloud SIG repository for the
-  new release
-
-  .. note:: This needs to be done on the stable branch.
-
-  * example: https://review.opendev.org/c/openstack/kolla/+/788490
-
-* [kolla] Switch Debian binary images to use the Debian OpenStack repository
+* [kolla] Switch Debian images to use the Debian OpenStack repository
   for the new release
 
   .. note:: This needs to be done on the master branch and stable branch.
@@ -422,6 +417,10 @@ bugs against it.
 
   * example: https://review.opendev.org/c/openstack/releases/+/769328
 
+* [all] Update openstack-manuals project-data for kolla + kolla-ansible
+
+  * example: https://review.opendev.org/c/openstack/openstack-manuals/+/934349
+
 After final release, projects enter the :ref:`stable-branch-lifecycle` with a
 status of Maintained.
 
@@ -441,19 +440,26 @@ Maintained
 ----------
 
 Releases should be made periodically for each maintained stable branch, no less
-than once every 45 days.
+than once every 45 days. We try to make one release per month by having
+a recurring topic for that in the first Kolla meeting each month.
 
 * Create stable releases by submitting patches to the releases repository
 
-  * follow SemVer guidelines
+  * follow SemVer guidelines, for simplicity consider always making minor
+    version bumps
 
-  * example (kolla): https://review.opendev.org/650411
+  * you can use the tooling from the requirements team to prepare the patches::
 
-  * example (kolla-ansible): https://review.opendev.org/650412
+      git checkout -b kolla-stable-monthly
+      for project in ansible-collection-kolla kayobe kolla kolla-ansible; do
+          for rel in zed antelope bobcat; do
+              tox -e venv -- new-release $rel $project feature
+          done
+      done
+      git commit -am "Tag monthly kolla stable releases"
+      git review -f
 
-* Mark milestones on Launchpad as released
-
-* Create new milestones on Launchpad for the next stable releases
+  * example release patch: https://review.opendev.org/c/openstack/releases/+/860521
 
 Extended Maintenance (EM)
 -------------------------

doc/source/contributor/release-notes.rst

@@ -22,9 +22,12 @@ Kolla uses the following release notes sections:
 - ``prelude`` --- filled in by the PTL before each release or RC.
 
 Other release note types may be applied per common sense.
-Each change should include a release note unless being a ``TrivialFix``
-change or affecting only docs or CI. Such changes should `not` include
-a release note to avoid confusion.
+
+When a release note is required:
+
+- ``feature`` - best included with docs change (if separate from the code)
+- ``user impacting`` - to improve visibility of the change for users
+
 Remember release notes are mostly for end users which, in case of Kolla,
 are OpenStack administrators/operators.
 In case of doubt, the core team will let you know what is required.

doc/source/contributor/running-in-development.rst

@@ -7,23 +7,15 @@ Running Kolla Build in development
 The recommended way to run in development
 -----------------------------------------
 
-The preferred way to run kolla-build for development is using ``tox``.
-Run the following from inside the repository:
-
-.. code-block:: console
-
-    tox -e venv -- kolla-build ...
-
-The alternative way to run in development
------------------------------------------
-
-Sometimes, developers prefer to manage their venvs themselves. This is also
-possible. Remember to install in editable mode (``-e``). Run the following from
-inside the repository:
+To clone the repository and install the package
+in development mode, run the following commands:
+
 
 .. code-block:: console
 
+    git clone https://opendev.org/openstack/kolla.git
+    cd kolla
     python3 -m venv ~/path/to/venv
     source ~/path/to/venv/bin/activate
-    python3 -m pip install -e .
+    python3 -m pip install --editable .
     kolla-build ...

doc/source/contributor/versions.rst

@@ -0,0 +1,53 @@
+===========================
+Versions of used components
+===========================
+
+Kolla project images cover several distributions on multiple architectures. Not
+all packages come from distribution repositories. Table below tries to provide
+information about those which come from 3rdparty sources.
+
+For each component used we list version used at branch release and provide
+information about package sources.
+
+.. note::
+    When table mentions 'CentOS' it means both CentOS Stream 10 and Rocky Linux 10.
+
+==============  ================  =============================================
+ Name           Version           Package source information
+==============  ================  =============================================
+ Grafana        9.x                `Grafana install guide`_
+ InfluxDB       1.8.x              `InfluxDB upstream repo`_
+ Kibana         7.x                `Kibana install guide`_
+ Logstash       7.x                `Logstash install guide`_
+ MariaDB        10.11 (LTS)        `MariaDB Community downloads`_
+ Galera         26.4 (LTS)         `MariaDB Community downloads`_
+ OpenSearch     3.x                `OpenSearch install guide`_
+ ProxySQL       2.7.x              `ProxySQL repository`_
+ Rabbitmq       4.1.x              - CentOS/Rocky:
+                                     `Team RabbitMQ 'Cloudsmith' repo (RPM)`_
+                                   - Debian/Ubuntu:
+                                     `Team RabbitMQ 'Cloudsmith' repo (Deb)`_
+ Erlang         27.X               - CentOS/Rocky aarch64:
+                                     `openstack-kolla COPR`_
+                                   - CentOS/Rocky x86-64:
+                                     `Team RabbitMQ 'Cloudsmith' repo (RPM)`_
+                                   - Debian/Ubuntu:
+                                     `Team RabbitMQ 'Modern Erlang' PPA`_
+ Fluentd        6.x (LTS)          `Fluentd install guide`_
+ Telegraf       1.24.x             `InfluxDB upstream repo`_
+==============  ================  =============================================
+
+.. _`InfluxDB upstream repo`: https://repos.influxdata.com/
+.. _`OpenSearch install guide`: https://opensearch.org/downloads.html
+.. _`Kibana install guide`: https://www.elastic.co/guide/en/kibana/7.10/install.html
+.. _`Logstash install guide`: https://www.elastic.co/guide/en/logstash/7.9/installing-logstash.html
+.. _`Fluentd install guide`: https://www.fluentd.org/download
+.. _`ProxySQL repository`: https://repo.proxysql.com/ProxySQL/proxysql-3.0.x/
+
+.. _`Team RabbitMQ 'Cloudsmith' repo (Deb)`: https://www.rabbitmq.com/install-debian.html#apt-cloudsmith
+.. _`Team RabbitMQ 'Modern Erlang' PPA`: https://launchpad.net/~rabbitmq/+archive/ubuntu/rabbitmq-erlang
+.. _`Team RabbitMQ 'Cloudsmith' repo (RPM)`: https://www.rabbitmq.com/docs/install-rpm#cloudsmith
+.. _`openstack-kolla COPR`: https://copr.fedorainfracloud.org/coprs/g/openstack-kolla/rabbitmq-erlang-27/
+
+.. _`Grafana install guide`: https://grafana.com/grafana/download?platform=linux&edition=oss
+.. _`MariaDB Community downloads`: https://mariadb.com/downloads/community/

doc/source/matrix_aarch64.csv

@@ -1,71 +1,56 @@
-Image,CentOS,,Ubuntu,,Debian
-,Binary,Source,Binary,Source,Binary,Source
-aodh,C,C,C,C,N,C
-barbican,C,C,C,C,N,C
-bifrost,N,N,N,N,N,N
-blazar,N,C,N,C,N,C
-ceilometer,C,C,C,C,N,C
-cinder,C,C,C,C,N,C
-cloudkitty,C,C,N,C,N,C
-collectd,C,C,C,C,N,C
-cron,C,C,C,C,N,C
-cyborg,N,C,N,C,N,C
-designate,C,C,C,C,N,C
-dnsmasq,C,C,C,C,N,C
-elasticsearch,N,N,C,C,N,C
-etcd,C,C,C,C,N,C
-fluentd,C,C,C,C,N,C
-freezer,N,C,N,C,N,C
-glance,C,C,C,C,N,C
-gnocchi,C,C,C,C,N,C
-grafana,C,C,C,C,N,C
-hacluster,N,N,C,C,N,C
-haproxy,C,C,C,C,N,C
-heat,C,C,C,C,N,C
-horizon,C,C,C,C,N,C
-influxdb,N,N,C,C,N,C
-ironic,C,C,C,C,N,C
-iscsid,C,C,C,C,N,C
-kafka,C,C,C,C,N,C
-keepalived,C,C,C,C,N,C
-keystone,C,C,C,C,N,C
-kibana,N,N,N,N,N,C
-kolla-toolbox,C,C,C,C,N,C
-kuryr,N,C,N,C,N,C
-logstash,C,C,C,C,N,C
-magnum,C,C,C,C,N,C
-manila,C,C,C,C,N,C
-mariadb,C,C,C,C,N,C
-masakari,N,C,C,C,N,C
-memcached,C,C,C,C,N,C
-mistral,C,C,C,C,N,C
-monasca,N,N,N,N,N,C
-multipathd,C,C,C,C,N,C
-murano,C,C,C,C,N,C
-neutron,C,C,C,C,N,C
-neutron-mlnx-agent,C,C,N,C,N,C
-nova,C,C,C,C,N,C
-nova-spicehtml5proxy,N,N,C,C,N,C
-octavia,C,C,N,C,N,C
-openvswitch,C,C,C,C,N,C
-ovn,C,C,C,C,C,C
-ovsdpdk,N,N,C,C,N,C
-placement,C,C,N,C,N,C
-prometheus,C,C,C,C,N,C
-qdrouterd,C,C,C,C,N,N
-rabbitmq,C,C,C,C,N,C
-redis,C,C,C,C,N,C
-sahara,C,C,C,C,N,C
-senlin,C,C,C,C,N,C
-skydive,N,N,N,N,N,N
-solum,N,C,N,C,N,C
-storm,C,C,C,C,N,C
-swift,C,C,C,C,N,C
-tacker,C,C,N,C,N,C
-telegraf,N,N,N,N,N,N
-tgtd,C,C,C,C,N,C
-trove,C,C,N,C,N,C
-vitrage,C,C,N,C,N,C
-watcher,C,C,C,C,N,C
-zookeeper,C,C,C,C,N,C
-zun,N,C,N,C,N,C
+Image,Rocky Linux,Ubuntu,Debian
+aodh,U,U,U
+barbican,U,U,U
+bifrost,N,N,N
+blazar,U,U,U
+ceilometer,U,U,U
+cinder,U,U,U
+cloudkitty,U,U,U
+collectd,U,U,U
+cron,U,U,U
+cyborg,U,U,U
+designate,U,U,U
+dnsmasq,U,U,U
+etcd,U,U,U
+fluentd,U,U,U
+glance,U,U,U
+gnocchi,U,U,U
+grafana,U,U,U
+hacluster,N,U,U
+haproxy,U,U,U
+heat,U,U,U
+horizon,U,U,U
+influxdb,N,U,U
+ironic,U,U,U
+iscsid,U,U,U
+keepalived,U,U,U
+keystone,U,U,U
+kolla-toolbox,U,U,U
+kuryr,U,U,U
+magnum,U,U,U
+manila,U,U,U
+mariadb,U,U,U
+masakari,U,U,U
+memcached,U,U,U
+mistral,U,U,U
+multipathd,U,U,U
+neutron,U,U,U
+neutron-mlnx-agent,U,U,U
+nova,U,U,U
+nova-spicehtml5proxy,N,U,U
+octavia,U,U,U
+openvswitch,U,U,U
+opensearch,U,U,U
+ovn,U,U,U
+ovsdpdk,N,U,U
+placement,U,U,U
+prometheus,U,U,U
+rabbitmq,U,U,U
+skyline,U,U,U
+tacker,U,U,U
+telegraf,N,N,N
+tgtd,U,U,U
+trove,U,U,U
+valkey,U,U,U
+watcher,U,U,U
+zun,U,U,U

doc/source/matrix_x86.csv

@@ -1,72 +1,58 @@
-Image,CentOS,,Ubuntu,,Debian
-,Binary,Source,Binary,Source,Binary,Source
-aodh,C,C,C,C,C,C
-barbican,C,T,C,C,C,C
-bifrost,N,T,N,C,N,C
-blazar,N,C,N,C,N,C
-ceilometer,C,C,C,C,C,C
-cinder,C,T,C,T,C,C
-cloudkitty,C,C,N,C,N,C
-collectd,C,C,C,C,C,C
-cron,T,T,T,T,C,T
-cyborg,N,C,N,C,N,C
-designate,C,C,C,C,C,C
-dnsmasq,T,T,C,T,C,C
-elasticsearch,C,C,C,C,C,C
-etcd,C,T,C,T,C,C
-fluentd,T,T,T,T,C,T
-freezer,N,C,N,C,N,C
-glance,T,T,T,T,C,T
-gnocchi,C,C,C,C,C,C
-grafana,C,C,C,C,C,C
-hacluster,C,C,C,C,C,C
-hacluster-pcs,N,N,C,C,C,C
-haproxy,T,T,T,T,C,C
-heat,T,T,N,T,C,T
-horizon,T,T,T,T,C,T
-influxdb,C,C,C,C,C,C
-ironic,T,T,C,T,C,C
-iscsid,T,T,T,T,C,C
-kafka,C,C,C,C,C,C
-keepalived,T,T,T,T,C,C
-keystone,T,T,T,T,C,T
-kibana,C,C,C,C,C,C
-kolla-toolbox,T,T,T,T,C,T
-kuryr,N,T,N,T,N,C
-logstash,C,C,C,C,C,C
-magnum,C,C,C,C,C,C
-manila,C,C,C,C,C,C
-mariadb,T,T,T,T,C,T
-masakari,N,T,C,T,C,C
-memcached,T,T,T,T,C,C
-mistral,C,T,N,C,C,C
-monasca,N,C,N,C,N,N
-multipathd,C,C,C,C,C,C
-murano,C,C,C,C,C,C
-neutron,T,T,T,T,C,T
-neutron-mlnx-agent,C,C,N,C,C,C
-nova,T,T,T,T,C,T
-nova-spicehtml5proxy,N,N,T,T,C,T
-octavia,C,C,N,C,C,C
-openvswitch,T,T,T,T,C,T
-ovn,C,C,C,C,C,C
-ovsdpdk,N,N,C,C,C,C
-placement,T,T,T,T,C,T
-prometheus,C,C,C,C,C,C
-qdrouterd,C,C,N,N,N,N
-rabbitmq,T,T,T,T,C,T
-redis,C,T,C,C,C,C
-sahara,C,C,C,C,C,C
-senlin,C,C,C,C,C,C
-skydive,C,C,C,C,C,C
-solum,N,C,N,C,N,C
-storm,C,C,C,C,C,C
-swift,C,T,C,T,C,C
-tacker,C,T,N,C,N,C
-telegraf,C,C,C,C,C,N
-tgtd,N,N,C,T,C,C
-trove,C,C,C,C,N,C
-vitrage,C,C,N,C,C,C
-watcher,C,C,C,C,C,C
-zookeeper,C,C,C,C,C,C
-zun,N,T,N,T,N,C
+Image,Rocky Linux,Ubuntu,Debian
+aodh,U,U,U
+barbican,T,U,U
+bifrost,T,U,U
+blazar,U,U,U
+ceilometer,U,U,U
+cinder,T,T,U
+cloudkitty,U,U,U
+collectd,U,U,U
+cron,T,T,T
+cyborg,U,U,U
+designate,U,U,U
+dnsmasq,T,T,U
+etcd,T,T,U
+fluentd,T,T,T
+glance,T,T,T
+gnocchi,U,U,U
+grafana,U,U,U
+hacluster,U,U,U
+hacluster-pcs,N,U,U
+haproxy,T,T,U
+heat,T,T,T
+horizon,T,T,T
+influxdb,U,U,U
+ironic,T,T,U
+iscsid,T,T,U
+keepalived,T,T,U
+keystone,T,T,T
+kolla-toolbox,T,T,T
+kuryr,T,T,U
+magnum,U,U,U
+manila,U,U,U
+mariadb,T,T,T
+masakari,T,T,U
+memcached,T,T,U
+mistral,T,U,U
+multipathd,U,U,U
+neutron,T,T,T
+neutron-mlnx-agent,U,U,U
+nova,T,T,T
+nova-spicehtml5proxy,N,T,T
+octavia,U,U,U
+opensearch,T,T,U
+openvswitch,T,T,T
+ovn,U,U,U
+ovsdpdk,N,U,U
+placement,T,T,T
+prometheus,U,U,U
+rabbitmq,T,T,T
+skyline,U,U,U
+swift,T,T,U
+tacker,T,U,U
+telegraf,U,U,U
+tgtd,N,T,U
+trove,U,U,U
+valkey,T,U,U
+watcher,U,U,U
+zun,T,T,U

doc/source/support_matrix.rst

@@ -17,9 +17,9 @@ The following base container images are supported:
 ================== =============================== ================
 Distribution       Default base                    Default base tag
 ================== =============================== ================
-CentOS Stream 8    quay.io/centos/centos           stream8
-Debian Bullseye    debian                          bullseye
-Ubuntu Focal       ubuntu                          20.04
+Rocky Linux        quay.io/rockylinux/rockylinux   10
+Debian Trixie      debian                          trixie
+Ubuntu Noble       ubuntu                          24.04
 ================== =============================== ================
 
 The remainder of this document outlines which images are supported on which of
@@ -44,12 +44,14 @@ Coverage:
 * CI in ``kolla-ansible`` is testing that images are functional
 * kolla core team is maintaining versions
 
-C - Community maintained
-------------------------
+U - Untested
+------------
 
 Coverage:
 
-* supported by the broader community (not core team) or not supported at all
+* CI in ``kolla-ansible`` is *NOT* testing that images are functional
+* Many untested services are working fine, but the kolla core team cannot
+  guarantee that they are all functional
 
 N - Not Available/Unknown
 -------------------------
@@ -57,20 +59,27 @@ N - Not Available/Unknown
 Not available *(e.g. not buildable)*.
 Please see :ref:`unbuildable-images-list`
 
+Deprecations
+============
+
+None
+
 x86_64 images
 =============
 
 .. csv-table:: x86_64 images
-   :header-rows: 2
+   :header-rows: 1
    :stub-columns: 1
+   :widths: auto
    :file: ./matrix_x86.csv
 
 aarch64 images
 ==============
 
 .. csv-table:: aarch64 images
-   :header-rows: 2
+   :header-rows: 1
    :stub-columns: 1
+   :widths: auto
    :file: ./matrix_aarch64.csv
 
 .. _unbuildable-images-list:
@@ -79,4 +88,4 @@ Currently unbuildable images
 ============================
 
 For a list of currently unbuildable images please look into
-``kolla/image/build.py`` file - ``UNBUILDABLE_IMAGES`` dictionary.
+``kolla/image/unbuildable.py`` file - ``UNBUILDABLE_IMAGES`` dictionary.

docker/aodh/aodh-api/Dockerfile.j2

@@ -7,21 +7,10 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% import "macros.j2" as macros with context %}
 
-{% if install_type == 'binary' %}
-    {% if base_package_type == 'rpm' %}
-       {% set aodh_api_packages = ['openstack-aodh-api'] %}
-    {% elif base_package_type == 'deb' %}
-        {% set aodh_api_packages = ['aodh-api'] %}
-    {% endif %}
-{{ macros.install_packages(aodh_api_packages | customizable("packages")) }}
-
-    {% if base_package_type == 'deb' %}
-RUN rm -rf /etc/apache2/sites-enabled/aodh-api.conf
-    {% endif %}
-{% endif %}
-
 COPY extend_start.sh /usr/local/bin/kolla_aodh_extend_start
-RUN chmod 755 /usr/local/bin/kolla_aodh_extend_start
+RUN chmod 644 /usr/local/bin/kolla_aodh_extend_start
+
+{{ macros.kolla_patch_sources() }}
 
 {% block aodh_api_footer %}{% endblock %}
 {% block footer %}{% endblock %}

docker/aodh/aodh-base/Dockerfile.j2

@@ -9,34 +9,8 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {{ macros.configure_user(name='aodh') }}
 
-{% if install_type == 'binary' %}
-    {% if base_package_type == 'rpm' %}
-
-       {# NOTE(aschultz): added api because the common package doesn't include the wsgi file. I think this needs fixing #}
-       {% set aodh_base_packages = [
-            'openstack-aodh-api',
-            'openstack-aodh-common',
-        ] %}
-
-{{ macros.install_packages(aodh_base_packages | customizable("packages")) }}
-RUN mkdir -p /var/www/cgi-bin/aodh \
-    && cp -a /usr/bin/aodh-api /var/www/cgi-bin/aodh/
-    {% elif base_package_type == 'deb' %}
-
-       {% set aodh_base_packages = [
-            'aodh-common',
-            'python3-aodh',
-        ] %}
-
-{{ macros.install_packages(aodh_base_packages | customizable("packages")) }}
-RUN mkdir -p /var/www/cgi-bin/aodh \
-    && cp -a /usr/lib/python3/dist-packages/aodh/api/app.wsgi /var/www/cgi-bin/aodh/
-    {% endif %}
-
-{% elif install_type == 'source' %}
-
-   {% set aodh_base_packages = [
-    ] %}
+{% set aodh_base_packages = [
+] %}
 
 {{ macros.install_packages(aodh_base_packages | customizable("packages")) }}
 RUN mkdir -p /var/www/cgi-bin/aodh
@@ -47,21 +21,21 @@ ADD aodh-base-archive /aodh-base-source
     '/aodh',
 ] %}
 
+COPY extend_start.sh /usr/local/bin/kolla_extend_start
+COPY aodh_sudoers /etc/sudoers.d/kolla_aodh_sudoers
+
 RUN ln -s aodh-base-source/* aodh \
     && {{ macros.install_pip(aodh_base_pip_packages | customizable("pip_packages")) }} \
     && mkdir -p /etc/aodh /var/www/cgi-bin/aodh \
     && cp /aodh/aodh/api/app.wsgi /var/www/cgi-bin/aodh \
-    && chown -R aodh: /etc/aodh /var/www/cgi-bin/aodh
-
-{% endif %}
-
-COPY extend_start.sh /usr/local/bin/kolla_extend_start
-COPY aodh_sudoers /etc/sudoers.d/kolla_aodh_sudoers
-
-RUN chmod 750 /etc/sudoers.d \
+    && cp /aodh/aodh/api/api-paste.ini /etc/aodh/ \
+    && chmod 644 /etc/aodh/api-paste.ini \
+    && chmod 750 /etc/sudoers.d \
     && chmod 640 /etc/sudoers.d/kolla_aodh_sudoers \
     && chmod 755 /var/www/cgi-bin/aodh \
     && touch /usr/local/bin/kolla_aodh_extend_start \
-    && chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_aodh_extend_start
+    && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_aodh_extend_start
+
+{{ macros.kolla_patch_sources() }}
 
 {% block aodh_base_footer %}{% endblock %}

docker/aodh/aodh-evaluator/Dockerfile.j2

@@ -7,15 +7,8 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% import "macros.j2" as macros with context %}
 
-{% if install_type == 'binary' %}
-    {% if base_package_type == 'rpm' %}
-       {% set aodh_evaluator_packages = ['openstack-aodh-evaluator'] %}
-    {% elif base_package_type == 'deb' %}
-        {% set aodh_evaluator_packages = ['aodh-evaluator'] %}
-    {% endif %}
-{{ macros.install_packages(aodh_evaluator_packages | customizable("packages")) }}
+{{ macros.kolla_patch_sources() }}
 
-{% endif %}
 {% block aodh_evaluator_footer %}{% endblock %}
 {% block footer %}{% endblock %}
 

docker/aodh/aodh-expirer/Dockerfile.j2

@@ -7,15 +7,8 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% import "macros.j2" as macros with context %}
 
-{% if install_type == 'binary' %}
-    {% if base_package_type == 'rpm' %}
-       {% set aodh_expirer_packages = ['openstack-aodh-expirer'] %}
-    {% elif base_package_type == 'deb' %}
-        {% set aodh_expirer_packages = ['aodh-expirer'] %}
-    {% endif %}
-{{ macros.install_packages(aodh_expirer_packages | customizable("packages")) }}
+{{ macros.kolla_patch_sources() }}
 
-{% endif %}
 {% block aodh_expirer_footer %}{% endblock %}
 {% block footer %}{% endblock %}
 

docker/aodh/aodh-listener/Dockerfile.j2

@@ -7,15 +7,8 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% import "macros.j2" as macros with context %}
 
-{% if install_type == 'binary' %}
-    {% if base_package_type == 'rpm' %}
-       {% set aodh_listener_packages = ['openstack-aodh-listener'] %}
-    {% elif base_package_type == 'deb' %}
-        {% set aodh_listener_packages = ['aodh-listener'] %}
-    {% endif %}
-{{ macros.install_packages(aodh_listener_packages | customizable("packages")) }}
+{{ macros.kolla_patch_sources() }}
 
-{% endif %}
 {% block aodh_listener_footer %}{% endblock %}
 {% block footer %}{% endblock %}
 

docker/aodh/aodh-notifier/Dockerfile.j2

@@ -7,15 +7,8 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% import "macros.j2" as macros with context %}
 
-{% if install_type == 'binary' %}
-    {% if base_package_type == 'rpm' %}
-       {% set aodh_notifier_packages = ['openstack-aodh-notifier'] %}
-    {% elif base_package_type == 'deb' %}
-        {% set aodh_notifier_packages = ['aodh-notifier'] %}
-    {% endif %}
-{{ macros.install_packages(aodh_notifier_packages | customizable("packages")) }}
+{{ macros.kolla_patch_sources() }}
 
-{% endif %}
 {% block aodh_notifier_footer %}{% endblock %}
 {% block footer %}{% endblock %}
 

docker/barbican/barbican-api/Dockerfile.j2

@@ -7,30 +7,11 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% import "macros.j2" as macros with context %}
 
-{% if install_type == 'binary' %}
-    {% if base_package_type == 'rpm' %}
-       {% set barbican_api_packages = [
-                'openstack-barbican-api',
-                'uwsgi-plugin-python3'
-       ] %}
-
-{{ macros.install_packages(barbican_api_packages | customizable("packages")) }}
-
-    {% elif base_package_type == 'deb' %}
-        {% set barbican_api_packages = [
-                'barbican-api',
-                'uwsgi-plugin-python3'
-        ] %}
-
-{{ macros.install_packages(barbican_api_packages | customizable("packages")) }}
-
-    {% endif %}
-
-{% endif %}
-
 COPY extend_start.sh /usr/local/bin/kolla_barbican_extend_start
 
-RUN chmod 755 /usr/local/bin/kolla_barbican_extend_start
+RUN chmod 644 /usr/local/bin/kolla_barbican_extend_start
+
+{{ macros.kolla_patch_sources() }}
 
 {% block barbican_api_footer %}{% endblock %}
 {% block footer %}{% endblock %}

docker/barbican/barbican-base/Dockerfile.j2

@@ -7,23 +7,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% import "macros.j2" as macros with context %}
 
-{{ macros.configure_user(name='barbican', groups='nfast') }}
-
-{% if install_type == 'binary' %}
-    {% if base_package_type == 'rpm' %}
-        {% set barbican_base_packages = ['openstack-barbican-common'] %}
-    {% elif base_package_type == 'deb' %}
-        {% set barbican_base_packages = ['barbican-common'] %}
-    {% endif %}
-
-{{ macros.install_packages(barbican_base_packages | customizable("packages")) }}
-
-{% elif install_type == 'source' %}
-    {% if base_package_type == 'rpm' %}
-        {% set barbican_base_packages = ['uwsgi-plugin-python3'] %}
-    {% elif base_package_type == 'deb' %}
-        {% set barbican_base_packages = ['uwsgi-plugin-python3'] %}
-    {% endif %}
+{{ macros.configure_user(name='barbican', groups='nfast,hsmusers') }}
 
 {{ macros.install_packages(barbican_base_packages | customizable("packages")) }}
 
@@ -31,24 +15,22 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
     '/barbican',
     'pastedeploy',
     'python-barbicanclient',
-    'uwsgi'
 ] %}
 
 ADD barbican-base-archive /barbican-base-source
-RUN ln -s barbican-base-source/* barbican \
-    && {{ macros.install_pip(barbican_base_pip_packages | customizable("pip_packages")) }} \
-    && mkdir -p /etc/barbican \
-    && cp -r /barbican/etc/barbican/* /etc/barbican/ \
-    && chown -R barbican: /etc/barbican
-
-{% endif %}
 
 COPY barbican_sudoers /etc/sudoers.d/kolla_barbican_sudoers
 COPY extend_start.sh /usr/local/bin/kolla_extend_start
 
-RUN chmod 750 /etc/sudoers.d \
+RUN ln -s barbican-base-source/* barbican \
+    && {{ macros.install_pip(barbican_base_pip_packages | customizable("pip_packages")) }} \
+    && mkdir -p /etc/barbican \
+    && cp -r /barbican/etc/barbican/* /etc/barbican/ \
+    && chmod 750 /etc/sudoers.d \
     && chmod 640 /etc/sudoers.d/kolla_barbican_sudoers \
     && touch /usr/local/bin/kolla_barbican_extend_start \
-    && chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_barbican_extend_start
+    && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_barbican_extend_start
+
+{{ macros.kolla_patch_sources() }}
 
 {% block barbican_base_footer %}{% endblock %}

docker/barbican/barbican-keystone-listener/Dockerfile.j2

@@ -7,16 +7,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% import "macros.j2" as macros with context %}
 
-{% if install_type == 'binary' %}
-    {% if base_package_type == 'rpm' %}
-       {% set barbican_keystone_listener_packages = ['openstack-barbican-keystone-listener'] %}
-    {% elif base_package_type == 'deb' %}
-       {% set barbican_keystone_listener_packages = ['barbican-keystone-listener'] %}
-    {% endif %}
-
-{{ macros.install_packages(barbican_keystone_listener_packages | customizable("packages")) }}
-
-{% endif %}
+{{ macros.kolla_patch_sources() }}
 
 {% block barbican_keystone_listener_footer %}{% endblock %}
 {% block footer %}{% endblock %}

docker/barbican/barbican-worker/Dockerfile.j2

@@ -7,16 +7,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% import "macros.j2" as macros with context %}
 
-{% if install_type == 'binary' %}
-    {% if base_package_type == 'rpm' %}
-       {% set barbican_worker_packages = ['openstack-barbican-worker'] %}
-    {% elif base_package_type == 'deb' %}
-       {% set barbican_worker_packages = ['barbican-worker'] %}
-    {% endif %}
-
-{{ macros.install_packages(barbican_worker_packages | customizable("packages")) }}
-
-{% endif %}
+{{ macros.kolla_patch_sources() }}
 
 {% block barbican_worker_footer %}{% endblock %}
 {% block footer %}{% endblock %}

docker/base/Dockerfile.j2

@@ -17,28 +17,14 @@ COPY curlrc /root/.curlrc
 ENV LANG en_US.UTF-8
 {% endblock %}
 
-{# NOTE(SamYaple): Avoid uid/gid conflicts by creating each user/group up front. #}
-{# Specifics required such as homedir or shell are configured within the service specific image #}
-{%- for name, user in users | dictsort() %}
-{% if loop.first -%}RUN {% else %}    && {% endif -%}
-    groupadd --gid {{ user.gid }} {{ user.group }} \
-    && useradd -l -M --shell /usr/sbin/nologin --uid {{ user.uid }} --gid {{ user.gid }} {{ name }}
-        {%- if not loop.last %} \{% endif -%}
-{%- endfor %}
-
 LABEL kolla_version="{{ kolla_version }}"
 
 {% import "macros.j2" as macros with context %}
 {% block base_header %}{% endblock %}
 
 ENV KOLLA_BASE_DISTRO={{ base_distro }} \
-    KOLLA_DISTRO_PYTHON_VERSION={{ distro_python_version }} \
     KOLLA_BASE_ARCH={{ base_arch }}
 
-{# NOTE(frickler): sledgehammer workaround until pkgs are updated to build with setuptools==60.0.0 properly #}
-ENV SETUPTOOLS_USE_DISTUTILS=stdlib
-
-
 #### Customize PS1 to be used with bash shell
 COPY kolla_bashrc /tmp/
 RUN cat /tmp/kolla_bashrc >> /etc/skel/.bashrc \
@@ -53,6 +39,9 @@ ENV PS1="$(tput bold)($(printenv KOLLA_SERVICE_NAME))$(tput sgr0)[$(id -un)@$(ho
 # enables to provide repo overrides at a later date in a simple fashion if we
 # desire such functionality.  I think we will :)
 
+ENV KOLLA_RPM_OVS_VERSION=3.5 \
+    KOLLA_RPM_OVN_VERSION=25.03
+
 RUN cat /tmp/kolla_bashrc >> /etc/bashrc \
     && sed -i 's|^\(override_install_langs=.*\)|# \1|' /etc/dnf/dnf.conf
 
@@ -65,53 +54,12 @@ COPY dnf.conf /etc/dnf/dnf.conf
 {% endblock %}
 
 #### BEGIN REPO ENABLEMENT
-{% set base_yum_repo_files = [
-    'elasticsearch.repo',
-    'grafana.repo',
-    'proxysql.repo',
-    'rabbitmq_rabbitmq-server.repo',
-    'td.repo',
-] %}
-
 {% set base_yum_url_packages = [
 ] %}
 
 {% set base_yum_repo_keys = [
-    'https://artifacts.elastic.co/GPG-KEY-elasticsearch',
-    'https://packages.grafana.com/gpg.key',
-    'https://downloads.mariadb.com/MariaDB/RPM-GPG-KEY-MariaDB',
-    'https://repo.proxysql.com/ProxySQL/repo_pub_key',
-    'https://github.com/rabbitmq/signing-keys/releases/download/2.0/rabbitmq-release-signing-key.asc',
-    'https://packages.treasuredata.com/GPG-KEY-td-agent',
 ] %}
 
-{% if base_arch == 'x86_64' %}
-    {% set base_yum_repo_files = base_yum_repo_files + [
-        'influxdb.repo',
-        'mariadb.repo',
-        'rabbitmq_rabbitmq-erlang.repo',
-    ] %}
-    # FIXME(mgoddard): Not available for CentOS 8 yet.
-    #   'crmsh.repo',
-
-    {% set base_yum_repo_keys = base_yum_repo_keys + [
-        'https://repos.influxdata.com/influxdb.key',
-    ] %}
-{% elif base_arch == 'aarch64' %}
-    {% set base_yum_repo_files = base_yum_repo_files + [
-        'erlang-solutions.repo',
-        'mariadb-aarch64.repo',
-    ] %}
-
-    {% set base_yum_repo_keys = base_yum_repo_keys + [
-        'https://packages.erlang-solutions.com/rpm/erlang_solutions.asc',
-    ] %}
-{% endif %}
-
-{%- for repo_file in base_yum_repo_files | customizable('yum_repo_files') %}
-COPY {{ repo_file }} /etc/yum.repos.d/{{ repo_file }}
-{%- endfor %}
-
 {% block base_centos_repo_overrides_post_copy %}{% endblock %}
 
 # Install what is needed for en_US.UTF-8
@@ -138,14 +86,12 @@ RUN rm -f /etc/rpm/macros.image-language-conf \
 {%- if not loop.last %} \{% endif %}
 {% endfor -%}
 
-{% for cmd in rpm_setup %}
+{% for cmd in rpm_setup %}
 {{ cmd }}
-{% endfor %}
+{% endfor %}
 
 {% block base_centos_repo_overrides_post_rpm %}{% endblock %}
 
-    {% if base_distro == 'centos' %}
-
 {% block base_centos_gpg_key_import %}
 {% endblock %}
 
@@ -153,10 +99,8 @@ RUN rm -f /etc/rpm/macros.image-language-conf \
 ] %}
 
 {% set base_centos_yum_repo_packages = [
-    'centos-release-ceph-pacific',
-    'centos-release-nfv-extras',
+    'centos-release-ceph-squid',
     'centos-release-nfv-openvswitch',
-    'centos-release-opstools',
     'epel-release',
 ] %}
 
@@ -164,42 +108,13 @@ RUN rm -f /etc/rpm/macros.image-language-conf \
 {% set base_centos_yum_repo_packages = base_centos_yum_repo_packages + [
     'dnf-plugins-core'
 ] %}
-{% set base_centos_yum_repos_to_enable = [
-] %}
-
-# FIXME(hrw): entries not starting with 'centos-' (and 'centos-nfv-ovs') are
-# from delorean or rdo-release-* package
-# https://review.rdoproject.org/r/c/rdo-infra/ansible-role-dlrn/+/33241
-{% set base_centos_yum_repos_to_disable = [
-    'advanced-virtualization',
-    'centos-nfv-extras',
-    'centos-nfv-ovs',
-    'centos-ceph-pacific',
-    'centos-nfv-openvswitch',
-    'centos-opstools',
-    'epel',
-    'epel-modular',
-] %}
-
-{% if base_arch == 'x86_64' %}
-    {% set base_centos_yum_repos_to_disable = base_centos_yum_repos_to_disable + [
-        'influxdb',
-    ] %}
-{% endif %}
 
 RUN {{ macros.install_packages(base_centos_yum_repo_packages | customizable("centos_yum_repo_packages"), chain=True, clean=False) }}
 
-{%- for repo in base_centos_yum_repos_to_enable | customizable('centos_yum_repos_to_enable') %} && dnf config-manager --enable {{ repo }} {% endfor -%}
-
-{%- for repo in base_centos_yum_repos_to_disable | customizable('centos_yum_repos_to_disable') %} && dnf config-manager --disable {{ repo }} {% endfor -%}
-
 {%- for key in base_centos_yum_repo_keys | customizable('centos_yum_repo_keys') %} && rpm --import {{ key }} {% endfor %} \
 {% block base_centos_repo_overrides_post_yum %}{% endblock -%}
     && {{ macros.rpm_security_update(clean_package_cache) }}
 
-    {%- endif %}
-    {# Endif for base_distro centos #}
-
 #### END REPO ENABLEMENT
 
 {# We are back to the basic if conditional here which is:
@@ -207,9 +122,10 @@ RUN {{ macros.install_packages(base_centos_yum_repo_packages | customizable("cen
 
 {% block base_redhat_binary_versionlock %}{% endblock %}
 
+{# NOTE(hrw): CentOS Stream 9 has curl-minimal, Rocky Linux 9 has curl so we do not install any #}
 {% set base_centos_packages = [
         'ca-certificates',
-        'curl',
+        'crypto-policies-scripts',
         'dumb-init',
         'findutils',
         'hostname',
@@ -218,31 +134,25 @@ RUN {{ macros.install_packages(base_centos_yum_repo_packages | customizable("cen
         'lsof',
         'lvm2',
         'ncurses',
+        'openssl',
         'procps-ng',
         'python3',
         'python3-pip',
         'socat',
         'sudo',
         'tar',
+        'util-linux',
         'util-linux-user',
-        'which'
+        'which',
+        'patch'
 ] %}
 
 # Install base packages
-{{ macros.install_packages( base_centos_packages | customizable("centos_packages") | customizable("centos_binary_packages") | customizable("centos_source_packages") ) }}
+{{ macros.enable_extra_repos(['epel']) }}
+{{ macros.install_packages(base_centos_packages | customizable("centos_packages") | customizable("centos_binary_packages") | customizable("centos_source_packages")) }}
 
 {# endif for base_package_type rpm #}
 {% elif base_package_type == 'deb' %}
-# Customize PS1 bash shell
-# - enlarge 'system users' range so 'haproxy' package will not complain
-#   see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939470
-# - enlarge 'system groups' range so 'hacluster' user added in
-#   https://review.opendev.org/c/openstack/kolla/+/802671
-#   can be in 'haclient' group with same high uid
-RUN cat /tmp/kolla_bashrc >> /etc/bash.bashrc \
-    && sed -i -e s/LAST_SYSTEM_UID=999/LAST_SYSTEM_UID=59999/g \
-              -e s/LAST_SYSTEM_GID=999/LAST_SYSTEM_GID=59999/g /etc/adduser.conf
-
 # This will prevent questions from being asked during the install
 ENV DEBIAN_FRONTEND noninteractive
 
@@ -253,6 +163,7 @@ COPY dpkg_reducing_disk_footprint /etc/dpkg/dpkg.cfg.d/dpkg_reducing_disk_footpr
 # curl and ca-certificates to fetch remote keys via http
 # gnupg to fetch keys directly from keyserver
 {% set base_ubuntu_package_pre_packages = [
+    'adduser',
     'ca-certificates',
     'curl',
     'gnupg'
@@ -266,11 +177,22 @@ COPY dpkg_reducing_disk_footprint /etc/dpkg/dpkg.cfg.d/dpkg_reducing_disk_footpr
 {{ macros.install_packages(base_ubuntu_package_pre_packages | customizable("base_ubuntu_package_pre_packages")) }}
 {% endblock %}
 
+# Customize PS1 bash shell
+# - enlarge 'system users' range so 'haproxy' package will not complain
+#   see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939470
+# - enlarge 'system groups' range so 'hacluster' user added in
+#   https://review.opendev.org/c/openstack/kolla/+/802671
+#   can be in 'haclient' group with same high uid
+RUN cat /tmp/kolla_bashrc >> /etc/bash.bashrc \
+    && sed -i -e s/#*LAST_SYSTEM_UID=999/LAST_SYSTEM_UID=59999/g \
+              -e s/#*LAST_SYSTEM_GID=999/LAST_SYSTEM_GID=59999/g /etc/adduser.conf
+
+{# NOTE(mnasiadka): Ubuntu arm64 uses ports.ubuntu.com #}
 {% block base_ubuntu_package_sources_list %}
-{% if base_distro == 'debian' or ( base_distro == 'ubuntu' and base_arch == 'x86_64' ) %}
-COPY sources.list.{{ base_distro }} /etc/apt/sources.list
+{% if base_distro == "ubuntu" and base_arch == 'aarch64' %}
+COPY {{ base_distro }}.sources.arm64 /etc/apt/sources.list.d/{{ base_distro }}.sources
 {% else %}
-COPY sources.list.{{ base_distro }}.{{ base_arch }} /etc/apt/sources.list
+COPY {{ base_distro }}.sources /etc/apt/sources.list.d/
 {% endif %}
 COPY sources.list /etc/apt/sources.list.d/kolla-custom.list
 {% endblock %}
@@ -282,7 +204,7 @@ COPY sources.list /etc/apt/sources.list.d/kolla-custom.list
 
 RUN apt update \
  && apt install -y --no-install-recommends extrepo \
- && extrepo enable openstack_yoga \
+ && extrepo enable openstack_{{ openstack_release_codename | lower }} \
  && apt purge -y extrepo \
  && apt --purge autoremove -y \
  && apt clean
@@ -297,6 +219,7 @@ COPY apt_preferences /etc/apt/preferences.d/kolla-custom
 {% set base_apt_packages = [
    'apt-utils',
    'dumb-init',
+   'systemd-standalone-sysusers',
    'gawk',
    'iproute2',
    'kmod',
@@ -309,23 +232,25 @@ COPY apt_preferences /etc/apt/preferences.d/kolla-custom
    'python3-pip',
    'socat',
    'sudo',
-   'tgt'
+   'tgt',
+   'patch'
 ] %}
 
 {% set base_apt_keys = [
-   {'name': 'erlang',   'keyid': 'F77F1EDA57EBB1CC'},
-   {'name': 'rabbitmq', 'keyid': 'F6609E60DC62814E'},
-   {'name': 'haproxy',  'keyid': 'CFFB779AADC995E4F350A060505D97A41C61B9CD'},
+   {'name': 'erlang-ppa', 'keyid': 'F77F1EDA57EBB1CC'},
+   {'name': 'rabbitmq',   'keyid': '6B73A36E6026DFCA'},
+   {'name': 'haproxy',    'keyid': 'CFFB779AADC995E4F350A060505D97A41C61B9CD'},
 ] %}
 
 {# NOTE(hrw): type field defaults to 'asc' which is used for single keys #}
 {% set base_remote_apt_keys = [
-   {'name': 'elasticsearch', 'url': 'https://artifacts.elastic.co/GPG-KEY-elasticsearch'},
-   {'name': 'grafana', 'url': 'https://packages.grafana.com/gpg.key'},
-   {'name': 'influxdb', 'url': 'https://repos.influxdata.com/influxdb.key'},
+   {'name': 'docker-ce', 'url': 'https://download.docker.com/linux/debian/gpg'},
+   {'name': 'fluentd', 'url': 'https://fluentd.cdn.cncf.io/GPG-KEY-fluent-package'},
+   {'name': 'grafana', 'url': 'https://rpm.grafana.com/gpg.key'},
+   {'name': 'influxdb', 'url': 'https://repos.influxdata.com/influxdata-archive.key'},
    {'name': 'mariadb', 'url': 'https://downloads.mariadb.com/MariaDB/mariadb-keyring-2019.gpg', 'type': 'gpg'},
-   {'name': 'proxysql', 'url': 'https://repo.proxysql.com/ProxySQL/repo_pub_key'},
-   {'name': 'treasuredata', 'url': 'https://packages.treasuredata.com/GPG-KEY-td-agent'},
+   {'name': 'opensearch', 'url': 'https://artifacts.opensearch.org/publickeys/opensearch-release.pgp'},
+   {'name': 'proxysql', 'url': 'https://repo.proxysql.com/ProxySQL/proxysql-3.0.x/repo_pub_key'},
 ] %}
 
 {% block base_ubuntu_package_installation %}
@@ -346,19 +271,30 @@ COPY apt_preferences /etc/apt/preferences.d/kolla-custom
             {% endif -%}
         {% endfor %}
     {% endblock %}
-RUN apt-get update \
+RUN apt-get --error-on=any update \
     && apt-get -y install locales \
     && sed -e "s/# $LANG UTF-8/$LANG UTF-8/g" /etc/locale.gen -i \
     && locale-gen "$LANG" \
     && apt-get -y upgrade \
     && apt-get -y dist-upgrade \
-    && {{ macros.install_packages(base_apt_packages | customizable('apt_packages'), True) }}
+    && {{ macros.install_packages(base_apt_packages | customizable('apt_packages'), True) }} \
+    # NOTE: python3-pip installs dependent tzdata package and blocks mount in docker - 2091161
+    && unlink /etc/localtime
 
 {% endblock %}
 
 {# endif base_package_type deb #}
 {% endif %}
 
+{# NOTE(SamYaple): Avoid uid/gid conflicts by creating each user/group up front. #}
+{# Specifics required such as homedir or shell are configured within the service specific image #}
+{%- for name, user in users | dictsort() %}
+{% if loop.first -%}RUN {% else %}    && {% endif -%}
+    groupadd --gid {{ user.gid }} {{ user.group }} \
+    && useradd -l -M --shell /usr/sbin/nologin --uid {{ user.uid }} --gid {{ user.gid }} {{ name }}
+        {%- if not loop.last %} \{% endif -%}
+{%- endfor %}
+
 {% if base_distro == 'centos' %}
 RUN sed -ri '/-session(\s+)optional(\s+)pam_systemd.so/d' /etc/pam.d/system-auth \
     && sed -ri '/^[^#]/ s/systemd//g' /etc/nsswitch.conf
@@ -367,7 +303,9 @@ RUN sed -ri '/-session(\s+)optional(\s+)pam_systemd.so/d' /etc/pam.d/system-auth
 COPY set_configs.py /usr/local/bin/kolla_set_configs
 COPY start.sh /usr/local/bin/kolla_start
 COPY copy_cacerts.sh /usr/local/bin/kolla_copy_cacerts
+COPY install_projects.sh /usr/local/bin/kolla_install_projects
 COPY httpd_setup.sh /usr/local/bin/kolla_httpd_setup
+COPY kolla_patch.sh /usr/local/bin/kolla_patch
 COPY sudoers /etc/sudoers
 
 {% if use_dumb_init %}
@@ -384,7 +322,12 @@ RUN chmod 755 /usr/local/bin/healthcheck_*
 {% endif %}
 
 RUN touch /usr/local/bin/kolla_extend_start \
-    && chmod 755 /usr/local/bin/kolla_start /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_set_configs /usr/local/bin/kolla_copy_cacerts /usr/local/bin/kolla_httpd_setup \
+    && chmod 755 /usr/local/bin/kolla_start \
+                 /usr/local/bin/kolla_set_configs \
+                 /usr/local/bin/kolla_copy_cacerts \
+                 /usr/local/bin/kolla_install_projects \
+                 /usr/local/bin/kolla_patch \
+    && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_httpd_setup \
     && chmod 440 /etc/sudoers \
     && mkdir -p /var/log/kolla \
     && chown :kolla /var/log/kolla \
@@ -395,8 +338,9 @@ RUN touch /usr/local/bin/kolla_extend_start \
 # the variables like PIP_INDEX_URL, PIP_EXTRA_INDEX_URL, PIP_TRUSTED_HOST etc. should be defined here.
 # ENV PIP_INDEX_URL=https://pypi.python.org/simple
 # ENV PIP_TRUSTED_HOST=pypi.python.org
-# ENV UPPER_CONSTRAINTS_FILE=https://releases.openstack.org/constraints/upper/{{ openstack_release }}
 {% endblock %}
 
+{{ macros.kolla_patch_sources() }}
+
 {% block base_footer %}{% endblock %}
 CMD ["kolla_start"]

docker/base/apt_preferences.debian

@@ -1,32 +1,4 @@
-Package: rabbitmq-server
-Pin: version 3.9.*
-Pin-Priority: 1000
-
-Package: erlang*
-Pin: version 1:24.*
-Pin-Priority: 1000
-
-# NOTE(mgoddard): logstash 7.9.x is the last version that supports
-# Elasticsearch OSS.
-Package: logstash-oss
-Pin: version 7.9.*
-Pin-Priority: 1000
-
 # NOTE(hrw): we do not want backports unless requested
 Package: *
-Pin: release n=bullseye-backports
+Pin: release n=trixie-backports
 Pin-Priority: -1000
-
-# NOTE(hrw): let us list some backports
-# - openvswitch 2.15
-# - ovn 21.06
-# - libvirt 8
-# - qemu 6.2
-Package: openvswitch* python3-openvswitch ovn-* libvirt* qemu-*
-Pin: release n=bullseye-backports
-Pin-Priority: 1024
-
-# NOTE(hrw): Debian OpenStack Team repo has some backports we do not want
-Package: git*
-Pin: release n=bullseye
-Pin-Priority: 1024

docker/base/apt_preferences.ubuntu

@@ -1,13 +1,3 @@
-Package: rabbitmq-server
-Pin: version 3.9.*
-Pin-Priority: 1000
-
-Package: erlang*
-Pin: version 1:24.*
-Pin-Priority: 1000
-
-# NOTE(mgoddard): logstash 7.9.x is the last version that supports
-# Elasticsearch OSS.
-Package: logstash-oss
-Pin: version 7.9.*
+Package: *
+Pin: origin dlm.mariadb.com
 Pin-Priority: 1000

docker/base/ci-centos.repo

@@ -0,0 +1,75 @@
+[baseos]
+name=(OpenDev mirror) CentOS Stream $releasever - BaseOS
+baseurl=http://MIRROR/centos-stream/$stream/BaseOS/$basearch/os/
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
+gpgcheck=1
+repo_gpgcheck=0
+enabled=1
+
+[appstream]
+name=(OpenDev mirror) CentOS Stream $releasever - AppStream
+baseurl=http://MIRROR/centos-stream/$stream/AppStream/$basearch/os/
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
+gpgcheck=1
+repo_gpgcheck=0
+enabled=1
+
+[extras-common]
+name=(OpenDev mirror) CentOS Stream $releasever - Extras packages
+baseurl=http://MIRROR/centos-stream/SIGs/$stream/extras/$basearch/extras-common/
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Extras-SHA512
+gpgcheck=1
+repo_gpgcheck=0
+enabled=1
+
+[crb]
+name=(OpenDev mirror) CentOS Stream $releasever - CRB
+baseurl=http://MIRROR/centos-stream/$stream/CRB/$basearch/os/
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
+gpgcheck=1
+repo_gpgcheck=0
+enabled=0
+
+[highavailability]
+name=(OpenDev mirror) CentOS Stream $releasever - HighAvailability
+baseurl=http://MIRROR/centos-stream/$stream/HighAvailability/$basearch/os/
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
+gpgcheck=1
+repo_gpgcheck=0
+enabled=0
+
+[centos-ceph-reef]
+name=(OpenDev mirror) CentOS-$stream - Ceph Reef
+baseurl=http://MIRROR/centos-stream/SIGs/$stream/storage/$basearch/ceph-reef/
+gpgcheck=1
+enabled=0
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Storage
+
+[centos-nfv-openvswitch]
+name=(OpenDev mirror) CentOS Stream $releasever - NFV OpenvSwitch
+baseurl=http://MIRROR/centos-stream/SIGs/$stream/nfv/$basearch/openvswitch-2/
+gpgcheck=1
+enabled=0
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-NFV
+module_hotfixes=1
+
+[centos-opstools]
+name=(OpenDev mirror) CentOS Stream $releasever - OpsTools - collectd
+baseurl=http://MIRROR/centos-stream/SIGs/$stream/opstools/$basearch/collectd-5/
+gpgcheck=1
+enabled=0
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-OpsTools
+
+[centos-rabbitmq-38]
+name=(OpenDev mirror) CentOS-9 - RabbitMQ 38
+baseurl=http://MIRROR/centos-stream/SIGs/$stream/messaging/$basearch/rabbitmq-38
+gpgcheck=1
+enabled=0
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Messaging
+
+[epel]
+name=(OpenDev mirror) Extra Packages for Enterprise Linux $releasever - $basearch
+baseurl=http://MIRROR/epel/$releasever/Everything/$basearch/
+enabled=0
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-$releasever

docker/base/copy_cacerts.sh

@@ -3,25 +3,46 @@
 # Copy custom CA certificates to system trusted CA certificates folder
 # and run CA update utility
 
-# Remove old certificates
-rm -f /usr/local/share/ca-certificates/kolla-customca-* \
-        /etc/pki/ca-trust/source/anchors/kolla-customca-*
-
-if [[ -d /var/lib/kolla/config_files/ca-certificates ]] && \
-        [[ ! -z "$(ls -A /var/lib/kolla/config_files/ca-certificates/)" ]]; then
-    if [[ -e /etc/debian_version ]]; then
-        # Debian, Ubuntu
-        for cert in /var/lib/kolla/config_files/ca-certificates/*; do
-            file=$(basename "$cert")
-            cp $cert "/usr/local/share/ca-certificates/kolla-customca-$file"
-        done
-        update-ca-certificates
-    elif [[ -e /etc/redhat-release ]]; then
-        # CentOS
-        for cert in /var/lib/kolla/config_files/ca-certificates/*; do
-            file=$(basename "$cert")
-            cp $cert "/etc/pki/ca-trust/source/anchors/kolla-customca-$file"
-        done
-        update-ca-trust
-    fi
+if [[ -e "/etc/debian_version" ]]; then
+    ca_dst_path="/usr/local/share/ca-certificates"
+    update_command="update-ca-certificates"
+elif [[ -e "/etc/redhat-release" ]]; then
+    ca_dst_path="/etc/pki/ca-trust/source/anchors"
+    update_command="update-ca-trust"
+else
+    echo "Unsupported OS"
+    exit 1
+fi
+
+# Initialize update_needed variable
+update_needed="false"
+
+# Remove old certificates
+if find /etc/ssl/certs/ \
+        /usr/local/share/ca-certificates/ \
+        /etc/pki/ca-trust/source/anchors/ \
+        -name 'kolla*' -exec rm -f {} + 2>/dev/null; then
+    update_needed="true"
+fi
+
+# Determine source path for CA certificates
+if grep -q '"source": "/var/lib/kolla/share/ca-certificates"' /etc/kolla/defaults/state; then
+    ca_src_path="/var/lib/kolla/share/ca-certificates"
+else
+    ca_src_path="/var/lib/kolla/config_files/ca-certificates"
+fi
+
+# Check if the source path exists and is not empty
+if [[ -d ${ca_src_path} && $(ls -A "${ca_src_path}" 2>/dev/null) ]]; then
+    # Copy certificates and update CA
+    for cert in "${ca_src_path}"/*; do
+        file=$(basename "${cert}")
+        cp ${cert} ${ca_dst_path}/kolla-customca-${file}
+        update_needed="true"
+    done
+fi
+
+# Run the update command if needed
+if [[ "${update_needed}" == "true" ]]; then
+    ${update_command}
 fi

docker/base/crmsh.repo

@@ -1,7 +0,0 @@
-[network_ha-clustering_Stable]
-name=Stable High Availability/Clustering packages (CentOS_CentOS-7)
-type=rpm-md
-baseurl=http://download.opensuse.org/repositories/network:/ha-clustering:/Stable/CentOS_CentOS-7/
-gpgcheck=1
-gpgkey=http://download.opensuse.org/repositories/network:/ha-clustering:/Stable/CentOS_CentOS-7/repodata/repomd.xml.key
-enabled=0

docker/base/curlrc

@@ -1,6 +1,8 @@
 # curl default options
 --fail
 --location
+--retry 5
+--retry-all-errors
 --silent
 --show-error
 --write-out "curl (%{url_effective}): response: %{http_code}, time: %{time_total}, size: %{size_download}\n"

docker/base/debian.sources

@@ -0,0 +1,13 @@
+Types: deb
+# http://snapshot.debian.org/archive/debian/20251020T000000Z
+URIs: http://deb.debian.org/debian
+Suites: trixie trixie-updates trixie-backports
+Components: main
+Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
+
+Types: deb
+# http://snapshot.debian.org/archive/debian-security/20251020T000000Z
+URIs: http://deb.debian.org/debian-security
+Suites: trixie-security
+Components: main
+Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

docker/base/dnf.conf

@@ -9,4 +9,4 @@ installonly_limit=0
 skip_missing_names_on_install=False
 clean_requirements_on_remove=True
 tsflags=nodocs
-install_weak_deps=False
+install_weak_deps=False

docker/base/elasticsearch.repo

@@ -1,6 +0,0 @@
-[elasticsearch-kibana-logstash-7.x]
-name=ELK repository for 7.x packages
-baseurl=https://artifacts.elastic.co/packages/oss-7.x/yum
-gpgcheck=1
-gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
-enabled=0

docker/base/erlang-solutions.repo

@@ -1,6 +0,0 @@
-[erlang-solutions]
-name=erlang-solutions
-baseurl=https://packages.erlang-solutions.com/rpm/centos/$releasever/$basearch
-gpgcheck=1
-gpgkey=https://packages.erlang-solutions.com/rpm/erlang_solutions.asc
-enabled=0

docker/base/grafana.repo

@@ -1,8 +0,0 @@
-[grafana]
-name=grafana
-baseurl=https://packages.grafana.com/oss/rpm
-enabled=0
-gpgcheck=1
-gpgkey=https://packages.grafana.com/gpg.key
-sslverify=1
-sslcacert=/etc/pki/tls/certs/ca-bundle.crt

docker/base/httpd_setup.sh

@@ -17,14 +17,35 @@ if [[ "$(whoami)" == 'root' ]]; then
         rm -rf /var/run/apache2/*
     else
         rm -rf /var/run/httpd/* /run/httpd/* /tmp/httpd*
+        # NOTE(mmalchuk): This added to make Rocky/Centos similar to Ubuntu/Debian
+        # to provide /server-status handler for local monitoring of the Apache.
+        # The module already loaded in the /etc/httpd/conf.modules.d/00-base.conf.
+        cat << EOF >/etc/httpd/conf.modules.d/99-server-status.conf
+<Location "/server-status">
+    SetHandler server-status
+    Require local
+</Location>
+EOF
     fi
 
-    # CentOS 8 has an issue with mod_ssl which produces an invalid Apache
+    # CentOS/Rocky have an issue with mod_ssl which produces an invalid Apache
     # configuration in /etc/httpd/conf.d/ssl.conf. This causes the following error
     # on startup:
     #   SSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt' does not exist or is empty
     # Work around this by generating certificates manually.
-    if [[ ${KOLLA_BASE_DISTRO} = centos ]] && [[ ! -e /etc/pki/tls/certs/localhost.crt ]]; then
+    # NOTE(mnasiadka): in EL9 upgrade jobs gencerts is failing on wrong permissions to dhparams.pem
+    if [[ "${KOLLA_BASE_DISTRO}" =~ centos|rocky ]] && [[ ! -e /etc/pki/tls/certs/localhost.crt ]]; then
+        rm -f /tmp/dhparams.pem
         /usr/libexec/httpd-ssl-gencerts
     fi
 fi
+
+# The default system locale with unicode support
+LANG=C.UTF-8
+
+# Override the default locale if configured
+if [[ "${KOLLA_BASE_DISTRO}" =~ debian|ubuntu ]]; then
+    [ -f /etc/default/locale ] && . /etc/default/locale
+else
+    [ -f /etc/locale.conf ] && . /etc/locale.conf
+fi

docker/base/influxdb.repo

@@ -1,6 +0,0 @@
-[influxdb]
-name = InfluxDB Repository - RHEL $releasever
-baseurl = https://repos.influxdata.com/rhel/$releasever/$basearch/stable
-enabled = 0
-gpgcheck = 1
-gpgkey = https://repos.influxdata.com/influxdb.key

docker/base/install_projects.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+# This script finds all projects in /dev-mode folder and
+# installs them using pip
+# The projects are mounted there when dev mode is enabled for them
+# in kolla-ansible
+
+if [ -d "/dev-mode" ]; then
+    for project in /dev-mode/*; do
+        pip install -U "$project"
+    done
+fi

docker/base/kolla_patch.sh

@@ -0,0 +1,55 @@
+#!/bin/bash
+
+# This script works as debian quilt patch.
+# So, patch files included in /patches/series
+# are applied and information what was applied
+# is stored in /etc/kolla/patched.
+#
+# No more, no less :)
+
+cd /
+
+# If exist /patches/series
+# let's try to apply patches
+if [ -e "/patches/series" ]; then
+    # If there is /patches/series.applied
+    # then it means previous run already applied
+    # some patches - from another intermediate container
+    #
+    # So, let's add patches again to /patches/series
+    # and let's script to handle it
+    if [ -e "/patches/series.applied" ]; then
+        grep -v '^#' /patches/series.applied > /tmp/series.tmp
+        grep -v '^#' /patches/series >> /tmp/series.tmp
+        rm -f /patches/series
+        mv /tmp/series.tmp /patches/series
+    fi
+    touch /etc/kolla/patched
+    for patchfile in $(grep -v '^#' /patches/series); do
+        # If patch is not applied, try to apply it, otherwise
+        # inform user that patchfile is already applied
+        if ! grep -q "$patchfile" /etc/kolla/patched; then
+            echo "[i] Applying /patches/${patchfile}"
+            patch -p0 --fuzz=0 --ignore-whitespace < /patches/${i}/${patchfile}
+            # If apply patch was successful inform user,
+            # otherwise fail build process and inform user
+            # to check/fix patch
+            if [ $? -eq 0 ]; then
+                echo "[i] Applied /patches/${patchfile}" >> /etc/kolla/patched
+            else
+                echo "[i] Patch /patches/${patchfile} failed, please fix your patchfiles."
+                exit 1
+            fi
+        else
+            echo "[i] /patches/${patchfile} already applied."
+        fi
+    done
+    # Ignore files which are commented and move
+    # to /patches/series.applied as /patch/series
+    # can be potentially replaced by another files
+    # from different intermediate container
+    grep -v '^#' /patches/series > /patches/series.applied
+    rm -f /patches/series
+else
+    echo "[i] No series file found, nothing to patch."
+fi

docker/base/mariadb-aarch64.repo

@@ -1,6 +0,0 @@
-[mariadb]
-name = MariaDB
-baseurl = https://downloads.mariadb.com/MariaDB/mariadb-10.6/yum/centos8-aarch64
-module_hotfixes = 1
-gpgcheck = 1
-enabled = 0

docker/base/mariadb.repo

@@ -1,6 +0,0 @@
-[mariadb]
-name = MariaDB
-baseurl = https://downloads.mariadb.com/MariaDB/mariadb-10.6/yum/centos8-amd64
-module_hotfixes = 1
-gpgcheck = 1
-enabled = 0

docker/base/proxysql.repo

@@ -1,6 +0,0 @@
-[proxysql]
-name = ProxySQL
-baseurl = https://repo.proxysql.com/ProxySQL/proxysql-2.3.x/centos/$releasever
-gpgkey = https://repo.proxysql.com/ProxySQL/repo_pub_key
-gpgcheck = 1
-enabled = 0

docker/base/rabbitmq_rabbitmq-erlang.repo

@@ -1,5 +0,0 @@
-[rabbitmq_rabbitmq-erlang]
-name=rabbitmq_rabbitmq-erlang
-baseurl=https://packagecloud.io/rabbitmq/erlang/el/8/$basearch
-gpgcheck=1
-enabled=0

docker/base/rabbitmq_rabbitmq-server.repo

@@ -1,5 +0,0 @@
-[rabbitmq_rabbitmq-server]
-name=rabbitmq_rabbitmq-server
-baseurl=https://packagecloud.io/rabbitmq/rabbitmq-server/el/8/$basearch
-gpgcheck=1
-enabled=0

docker/base/set_configs.py

@@ -19,16 +19,24 @@ import json
 import logging
 import os
 import pwd
+import re
 import shutil
 import stat
 import sys
 
 
 # TODO(rhallisey): add docstring.
-logging.basicConfig()
+logging.basicConfig(
+    format='%(asctime)s.%(msecs)03d %(levelname)s %(message)s',
+    level=logging.INFO,
+    datefmt='%Y-%m-%d %H:%M:%S'
+)
 LOG = logging.getLogger(__name__)
 LOG.setLevel(logging.INFO)
 
+KOLLA_DEFAULTS = "/etc/kolla/defaults"
+KOLLA_DEFAULTS_STATE = KOLLA_DEFAULTS + '/' + 'state'
+
 
 class ExitingException(Exception):
     def __init__(self, message, exit_code=1):
@@ -56,6 +64,14 @@ class ConfigFileBadState(ExitingException):
     pass
 
 
+class ConfigFileCommandDiffers(ExitingException):
+    pass
+
+
+class StateMismatch(ExitingException):
+    pass
+
+
 class ConfigFile(object):
 
     def __init__(self, source, dest, owner=None, perm=None, optional=False,
@@ -160,11 +176,13 @@ class ConfigFile(object):
                 raise
 
     def _cmp_file(self, source, dest):
-        # check exsit
+        # check exist
         if (os.path.exists(source) and
-                not self.optional and
                 not os.path.exists(dest)):
             return False
+        if (os.path.exists(dest) and
+                not os.path.exists(source)):
+            return False
         # check content
         with open(source, 'rb') as f1, open(dest, 'rb') as f2:
             if f1.read() != f2.read():
@@ -272,21 +290,8 @@ def validate_source(data):
 
 
 def load_config():
-    def load_from_env():
-        config_raw = os.environ.get("KOLLA_CONFIG")
-        if config_raw is None:
-            return None
-
-        # Attempt to read config
-        try:
-            return json.loads(config_raw)
-        except ValueError:
-            raise InvalidConfig('Invalid json for Kolla config')
-
     def load_from_file():
-        config_file = os.environ.get("KOLLA_CONFIG_FILE")
-        if not config_file:
-            config_file = '/var/lib/kolla/config_files/config.json'
+        config_file = '/var/lib/kolla/config_files/config.json'
         LOG.info("Loading config file at %s", config_file)
 
         # Attempt to read config file
@@ -300,9 +305,7 @@ def load_config():
                 raise InvalidConfig(
                     "Could not read file %s: %r" % (config_file, e))
 
-    config = load_from_env()
-    if config is None:
-        config = load_from_file()
+    config = load_from_file()
 
     LOG.info('Validating config file')
     validate_config(config)
@@ -347,6 +350,7 @@ def handle_permissions(config):
         owner = permission.get('owner')
         recurse = permission.get('recurse', False)
         perm = permission.get('perm')
+        exclude = permission.get('exclude', [])
 
         desired_user, desired_group = user_group(owner)
         uid = pwd.getpwnam(desired_user).pw_uid
@@ -386,20 +390,177 @@ def handle_permissions(config):
                     LOG.exception('Failed to set permission of %s to %s',
                                   path, perm)
 
+        def handle_exclusion(root, path_suffix):
+            full_path = os.path.join(root, path_suffix)
+            LOG.debug("Checking for exclusion: %s" % full_path)
+            if exclude:
+                for exclude_ in exclude:
+                    if not re.search(exclude_, full_path):
+                        set_perms(full_path, uid, gid, perm)
+            else:
+                set_perms(full_path, uid, gid, perm)
+
         for dest in glob.glob(path):
             set_perms(dest, uid, gid, perm)
             if recurse and os.path.isdir(dest):
                 for root, dirs, files in os.walk(dest):
                     for dir_ in dirs:
-                        set_perms(os.path.join(root, dir_), uid, gid, perm)
+                        handle_exclusion(root, dir_)
                     for file_ in files:
-                        set_perms(os.path.join(root, file_), uid, gid, perm)
+                        handle_exclusion(root, file_)
+
+
+def get_defaults_state():
+    """Retrieve the saved default configuration state from default state file.
+
+    This function creates the directory for Kolla defaults if it does not
+    exist, and then attempts to read the current configuration state from
+    a JSON file. If the file exists, it reads and returns the content.
+    If not, it returns an empty dictionary.
+
+    Simply said, when the container starts for the first time, the state file
+    doesn't exist, and it returns an empty dictionary.
+    However, if it has already been started before, it will contain the state
+    as it was when it first ran.
+
+    Returns:
+        dict: The configuration state stored in the Kolla defaults state file.
+
+    Example:
+        {
+            "/etc/cinder/cinder.conf": {
+                "source": "/etc/cinder/cinder.conf",
+                "preserve_properties": true,
+                "dest": null
+            },
+            "/etc/apache2/conf-enabled/cinder-wsgi.conf": {
+                "source": "/etc/apache2/conf-enabled/cinder-wsgi.conf",
+                "preserve_properties": true,
+                "dest": null
+            },
+            "/etc/cinder/cinder_audit_map.conf": {
+                "source": "/etc/cinder/cinder_audit_map.conf",
+                "preserve_properties": true,
+                "dest": "/etc/kolla/defaults/etc/cinder/cinder_audit_map.conf"
+            }
+        }
+
+        From above example:
+        /etc/cinder/cinder.conf didn't exist
+        /etc/apache2/conf-enabled/cinder-wsgi.conf didn't exist
+        /etc/cinder/cinder_audit_map.conf exists and saved
+    """
+    os.makedirs(KOLLA_DEFAULTS, exist_ok=True)
+    if os.path.exists(KOLLA_DEFAULTS_STATE):
+        with open(KOLLA_DEFAULTS_STATE, 'r') as f:
+            return json.load(f)
+    else:
+        return {}
+
+
+def set_defaults_state(state):
+    """Save the provided configuration state to the defaults state file.
+
+    This function writes the provided state (a dictionary) to a JSON file at
+    the specified Kolla defaults state location, ensuring that it is properly
+    formatted with indentation for readability.
+
+    Args:
+        state (dict): The configuration state to save to the Kolla defaults
+        state file.
+    """
+    with open(KOLLA_DEFAULTS_STATE, 'w') as f:
+        json.dump(state, f, indent=4)
+
+
+def remove_or_restore_configs(state):
+    """Remove or restore configuration files based on their current state.
+
+    This function iterates over the configuration files in the provided state.
+    If the destination is `None`, it removes the file or directory. Otherwise,
+    it swaps the source and destination, restoring the configuration file
+    by copying it back to its original location.
+
+    Args:
+        state (dict): The current default state of configuration files, mapping
+        file paths to their source and destination information.
+    """
+    for k, v in state.items():
+        if v['dest'] is None:
+            if os.path.exists(k):
+                if os.path.isfile(k):
+                    os.remove(k)
+                else:
+                    shutil.rmtree(k)
+        else:
+            v['source'], v['dest'] = v['dest'], v['source']
+            config_file = ConfigFile(**v)
+            config_file.copy()
+
+
+def backup_configs(config, state):
+    """Back up new configuration files and update the default state.
+
+    This function processes new configuration files provided in the
+    input `config`. For each file, it checks if the destination exists in the
+    current state. If not, it backs up the file by copying it to the default
+    directory. It then updates the state with the new configuration file's
+    information.
+
+    Args:
+        config (dict): The input configuration containing a list of config
+                       files.
+        state (dict): The current default state to be updated with the new
+                      config files.
+    """
+    if 'config_files' in config:
+        for data in config['config_files']:
+            if data['dest'] in state.keys():
+                continue
+            src = data['source']
+            if data['dest'].endswith('/'):
+                dst = data['dest'] + data['source'].split('/')[-1]
+            else:
+                dst = data['dest']
+            default = KOLLA_DEFAULTS + dst
+            if os.path.exists(src):
+                copy = {'source': dst, 'preserve_properties': True}
+                if os.path.exists(dst):
+                    copy['dest'] = default
+                    if dst not in state:
+                        config_file = ConfigFile(**copy)
+                        config_file.copy()
+                        state[dst] = copy
+                else:
+                    copy['dest'] = None
+                    if dst not in state:
+                        state[dst] = copy
+
+
+def handle_defaults(config):
+    """Handle the default config files by copying/removing them as needed.
+
+    This function loads the current default state and manages the configuration
+    files. It first processes existing configuration files in the default
+    state, either removing or restoring them based on their destination status.
+    It then backs up any new configuration files from the input config,
+    updating the default state accordingly.
+
+    Args:
+        config (dict): A dictionary containing the list of configuration files
+        to be handled.
+    """
+    state = get_defaults_state()
+    remove_or_restore_configs(state)
+    backup_configs(config, state)
+    set_defaults_state(state)
 
 
 def execute_config_strategy(config):
     config_strategy = os.environ.get("KOLLA_CONFIG_STRATEGY")
     LOG.info("Kolla config strategy set to: %s", config_strategy)
     if config_strategy == "COPY_ALWAYS":
+        handle_defaults(config)
         copy_config(config)
         handle_permissions(config)
     elif config_strategy == "COPY_ONCE":
@@ -408,6 +569,7 @@ def execute_config_strategy(config):
                 "The config strategy prevents copying new configs",
                 exit_code=0)
         else:
+            handle_defaults(config)
             copy_config(config)
             handle_permissions(config)
             os.mknod('/configured')
@@ -415,7 +577,66 @@ def execute_config_strategy(config):
         raise InvalidConfig('KOLLA_CONFIG_STRATEGY is not set properly')
 
 
+def execute_command_check(config):
+    cmd = config.get('command')
+    with open("/run_command", "r") as f:
+        cmd_running = f.read()
+    if cmd != cmd_running:
+        msg = "Running command differs. " + cmd + " != " + cmd_running
+        raise ConfigFileCommandDiffers(msg)
+
+
 def execute_config_check(config):
+    """Check configuration state consistency and validate config file entries.
+
+    This function compares the current config file destinations from the
+    provided config dictionary with those stored in the defaults state file.
+    If any destinations are found in the state file but not in the config,
+    a StateMismatch exception is raised. These missing files would otherwise
+    be restored or removed depending on their backup state.
+
+    After validating consistency, the function performs standard checks on
+    each declared configuration file, including content, permissions, and
+    ownership validation.
+
+    Args:
+        config (dict): The configuration dictionary containing 'config_files'
+        entries as expected by Kolla.
+
+    Raises:
+        StateMismatch: If there are entries in the defaults state not present
+        in the provided config.
+    """
+    state = get_defaults_state()
+
+    # Build a set of all current destination paths from config.json
+    # If the destination is a directory, we append the
+    # basename of the source
+    current_dests = {
+        entry['dest'] if not entry['dest'].endswith('/') else
+        os.path.join(entry['dest'], os.path.basename(entry['source']))
+        for entry in config.get('config_files', [])
+        if entry.get('dest')
+    }
+
+    # Detect any paths that are present in the state file but
+    # missing from config.json.
+    # These would be either restored (if state[dest] has a backup)
+    # or removed (if dest is null)
+    removed_dests = [
+        path for path in state.keys()
+        if path not in current_dests
+    ]
+
+    if removed_dests:
+        raise StateMismatch(
+            f"The following config files are tracked in state but missing "
+            f"from config.json. "
+            f"They would be restored or removed: {sorted(removed_dests)}"
+        )
+
+    # Perform the regular content, permissions, and ownership
+    # checks on the declared files
     for data in config.get('config_files', []):
         config_file = ConfigFile(**data)
         config_file.check()
@@ -432,6 +653,7 @@ def main():
         config = load_config()
 
         if args.check:
+            execute_command_check(config)
             execute_config_check(config)
         else:
             execute_config_strategy(config)

docker/base/sources.list.debian

@@ -1,11 +0,0 @@
-# Default repos
-deb http://deb.debian.org/debian bullseye main
-
-# debian security updates
-deb http://deb.debian.org/debian-security bullseye-security main
-
-# debian updates
-deb http://deb.debian.org/debian bullseye-updates main
-
-# debian backports
-deb http://deb.debian.org/debian bullseye-backports main

docker/base/sources.list.ubuntu

@@ -1,17 +0,0 @@
-# For non-x86 architectures we use sources.list.ubuntu.<arch>
-
-# Default repos
-deb mirror://mirrors.ubuntu.com/mirrors.txt focal main universe
-deb mirror://mirrors.ubuntu.com/mirrors.txt focal-updates main universe
-deb mirror://mirrors.ubuntu.com/mirrors.txt focal-security main universe
-
-# Backports have a lower priority and must be explicitly installed to be used
-deb http://archive.ubuntu.com/ubuntu/ focal-backports main universe
-
-# We need to add the repo for the updated packages they provide. The main ones
-# are qemu, libvirt, and openvswitch.
-deb http://ubuntu-cloud.archive.canonical.com/ubuntu focal-updates/yoga main
-
-# NOTE(hrw): extra repositories are added into image when they are needed as
-# separate files in /etc/apt/sources.list.d/ directory. For that purpose they
-# are defined in kolla/template/repos.yaml file.

docker/base/sources.list.ubuntu.aarch64

@@ -1,15 +0,0 @@
-# Default repos
-deb http://ports.ubuntu.com/ focal main universe
-deb http://ports.ubuntu.com/ focal-updates main universe
-deb http://ports.ubuntu.com/ focal-security main universe
-
-# Backports have a lower priority and must be explicitly installed to be used
-deb http://ports.ubuntu.com/ focal-backports main universe
-
-# We need to add the repo for the updated packages they provide. The main ones
-# are qemu, libvirt, and openvswitch.
-deb http://ubuntu-cloud.archive.canonical.com/ubuntu focal-updates/yoga main
-
-# NOTE(hrw): extra repositories are added into image when they are needed as
-# separate files in /etc/apt/sources.list.d/ directory. For that purpose they
-# are defined in kolla/template/repos.yaml file.

docker/base/start.sh

@@ -15,6 +15,9 @@ ARGS=""
 # Install/remove custom CA certificates
 sudo kolla_copy_cacerts
 
+# Install projects that are in /dev-mode
+sudo kolla_install_projects
+
 if [[ ! "${!KOLLA_SKIP_EXTEND_START[@]}" ]]; then
     # Run additional commands if present
     . kolla_extend_start

docker/base/sudoers

@@ -6,6 +6,8 @@
 # anyone in the kolla group may sudo -E (set the environment)
 Defaults: %kolla setenv
 
+Defaults secure_path="/var/lib/kolla/venv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+
 # root may run any commands via sudo as the network seervice user.  This is
 # neededfor database migrations of existing services which have not been
 # converted to run as a non-root user, but instead do that via sudo -E glance
@@ -18,4 +20,7 @@ root ALL=(ALL) ALL
 # Copy custom CA certificates to containers
 %kolla ALL=(root) NOPASSWD: /usr/local/bin/kolla_copy_cacerts
 
+# Install projects in dev-mode
+%kolla ALL=(root) NOPASSWD: /usr/local/bin/kolla_install_projects
+
 #includedir /etc/sudoers.d

docker/base/td.repo

@@ -1,6 +0,0 @@
-[treasuredata]
-name=TreasureData
-baseurl=http://packages.treasuredata.com/4/redhat/$releasever/$basearch
-gpgcheck=1
-gpgkey=https://packages.treasuredata.com/GPG-KEY-td-agent
-enabled=0

docker/base/ubuntu.sources

@@ -0,0 +1,24 @@
+Types: deb
+URIs: http://archive.ubuntu.com/ubuntu/
+Suites: noble noble-updates noble-backports
+Components: main universe
+Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
+
+## Ubuntu security updates. Aside from URIs and Suites,
+## this should mirror your choices in the previous section.
+Types: deb
+URIs: http://security.ubuntu.com/ubuntu/
+Suites: noble-security
+Components: main universe
+Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
+
+## Ubuntu Cloud Archive
+Types: deb
+URIs: http://ubuntu-cloud.archive.canonical.com/ubuntu
+Suites: noble-updates/flamingo
+Components: main
+Signed-By: /usr/share/keyrings/ubuntu-cloud-keyring.gpg
+
+# NOTE(hrw): extra repositories are added into image when they are needed as
+# separate files in /etc/apt/sources.list.d/ directory. For that purpose they
+# are defined in kolla/template/repos.yaml file.

docker/base/ubuntu.sources.arm64

@@ -0,0 +1,24 @@
+Types: deb
+URIs: http://ports.ubuntu.com/ubuntu-ports/
+Suites: noble noble-updates noble-backports
+Components: main universe
+Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
+
+## Ubuntu security updates. Aside from URIs and Suites,
+## this should mirror your choices in the previous section.
+Types: deb
+URIs: http://ports.ubuntu.com/ubuntu-ports/
+Suites: noble-security
+Components: main universe
+Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
+
+## Ubuntu Cloud Archive
+Types: deb
+URIs: http://ubuntu-cloud.archive.canonical.com/ubuntu
+Suites: noble-updates/flamingo
+Components: main
+Signed-By: /usr/share/keyrings/ubuntu-cloud-keyring.gpg
+
+# NOTE(hrw): extra repositories are added into image when they are needed as
+# separate files in /etc/apt/sources.list.d/ directory. For that purpose they
+# are defined in kolla/template/repos.yaml file.

docker/bifrost/bifrost-base/Dockerfile.j2

@@ -7,18 +7,28 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% import "macros.j2" as macros with context %}
 
+{% set venv_path='/var/lib/kolla/venv' %}
+
 {{ macros.configure_user(name='bifrost') }}
 
+{% set bifrost_base_packages = [
+    'cpio'
+] %}
+
+{% if base_package_type == 'rpm' %}
+
 {# NOTE(mgoddard): EPEL required for nginx #}
 {{ macros.enable_extra_repos(['epel']) }}
 
-{% if install_type == 'binary' %}
+    {% set bifrost_base_packages = bifrost_base_packages + [
+        'python3.12',
+        'python3.12-devel'
+    ] %}
+{% endif %}
 
-RUN echo '{{ install_type }} not yet available for {{ base_distro }}' && /bin/false
+{{ macros.install_packages(bifrost_base_packages | customizable("packages")) }}
 
-{% elif install_type == 'source' %}
-
-ENV VENV /var/lib/kolla/venv
+ENV VENV {{ venv_path }}
 
 {% set bifrost_base_pip_packages = [
     '/bifrost'
@@ -26,7 +36,12 @@ ENV VENV /var/lib/kolla/venv
 
 ADD bifrost-base-archive /bifrost-base-source
 COPY build_arg.yml /tmp/build_arg.yml
-RUN ln -s bifrost-base-source/* bifrost \
+
+RUN mkdir -p /requirements \
+    && curl -o /requirements/upper-constraints.txt ${UPPER_CONSTRAINTS_FILE:-https://releases.openstack.org/constraints/upper/{{ openstack_release }}} \
+    && python3 -m venv --system-site-packages {{ venv_path }} \
+    && ln -s bifrost-base-source/* bifrost \
+    && {{ macros.install_pip(['pip', 'wheel', 'setuptools']) }} \
     && {{ macros.install_pip(bifrost_base_pip_packages | customizable("pip_packages")) }}
 
 WORKDIR /bifrost
@@ -36,12 +51,17 @@ ENV ANSIBLE_GATHER_TIMEOUT=30
 
 {% block bifrost_ansible_install %}
 {%- if base_package_type == 'deb' %}
-RUN apt-get update && \
+RUN apt-get --error-on=any update && \
 {%- else %}
 RUN echo " " && \
 {%- endif %}
-    bash -c './scripts/env-setup.sh && \
-    ansible-playbook -vvvv -i /bifrost/playbooks/inventory/target /bifrost/playbooks/install.yaml \
+    bash -c '$VENV/bin/pip install "ansible>=12,<14" && \
+    $VENV/bin/ansible-galaxy collection install -r /bifrost/ansible-collections-requirements.yml && \
+    $VENV/bin/ansible-playbook -vvvv -i /bifrost/playbooks/inventory/target \
+    /bifrost/playbooks/install.yaml \
+    -e upper_constraints_file="/requirements/upper-constraints.txt" \
+    -e git_branch={{ openstack_branch_slashed }} \
+    -e ipa_upstream_release={{ openstack_branch }} \
     -e @/tmp/build_arg.yml && \
 {%- if base_package_type == 'deb' %}
     apt-get clean && rm -rf /var/lib/apt/lists/*'
@@ -49,7 +69,6 @@ RUN echo " " && \
     dnf clean all && rm -rf /var/dnf/cache'
 {%- endif %}
 {% endblock %}
-{% endif %}
 
 COPY bifrost_sudoers /etc/sudoers.d/kolla_bifrost_sudoers
 
@@ -57,4 +76,6 @@ RUN chmod 750 /etc/sudoers.d \
     && chmod 440 /etc/sudoers.d/kolla_bifrost_sudoers \
     && chown -R bifrost:bifrost /bifrost
 
+{{ macros.kolla_patch_sources() }}
+
 {% block bifrost_base_footer %}{% endblock %}

docker/bifrost/bifrost-deploy/Dockerfile.j2

@@ -29,5 +29,7 @@ RUN rm -f $(find /lib/systemd/system/sysinit.target.wants/ ! -name systemd-tmpfi
 ENTRYPOINT []
 CMD [ "/sbin/init" ]
 
+{{ macros.kolla_patch_sources() }}
+
 {% block bifrost_deploy_footer %}{% endblock %}
 {% block footer %}{% endblock %}

docker/blazar/blazar-api/Dockerfile.j2

@@ -5,15 +5,12 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% block blazar_api_header %}{% endblock %}
 
-{% if install_type == 'binary' %}
-
-RUN echo '{{ install_type }} not yet available for {{ base_distro }}' \
-    && /bin/false
-
-{% endif %}
+{% import "macros.j2" as macros with context %}
 
 COPY extend_start.sh /usr/local/bin/kolla_blazar_extend_start
-RUN chmod 755 /usr/local/bin/kolla_blazar_extend_start
+RUN chmod 644 /usr/local/bin/kolla_blazar_extend_start
+
+{{ macros.kolla_patch_sources() }}
 
 {% block blazar_api_footer %}{% endblock %}
 {% block footer %}{% endblock %}

docker/blazar/blazar-base/Dockerfile.j2

@@ -9,30 +9,21 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {{ macros.configure_user(name='blazar') }}
 
-{% if install_type == 'binary' %}
-
-RUN echo '{{ install_type }} not yet available for {{ base_distro }}' \
-    && /bin/false
-
-{% elif install_type == 'source' %}
-
 ADD blazar-base-archive /blazar-base-source
 
 {% set blazar_base_pip_packages = [
     '/blazar'
 ] %}
 
+COPY extend_start.sh /usr/local/bin/kolla_extend_start
+
 RUN ln -s blazar-base-source/* blazar \
     && {{ macros.install_pip(blazar_base_pip_packages | customizable("pip_packages")) }} \
     && mkdir -p /etc/blazar \
     && cp -r /blazar/etc/blazar/* /etc/blazar \
-    && chown -R blazar: /etc/blazar
+    && touch /usr/local/bin/kolla_blazar_extend_start \
+    && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_blazar_extend_start
 
-{% endif %}
-
-COPY extend_start.sh /usr/local/bin/kolla_extend_start
-
-RUN touch /usr/local/bin/kolla_blazar_extend_start \
-    && chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_blazar_extend_start
+{{ macros.kolla_patch_sources() }}
 
 {% block blazar_base_footer %}{% endblock %}

docker/blazar/blazar-manager/Dockerfile.j2

@@ -5,12 +5,9 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% block blazar_manager_header %}{% endblock %}
 
-{% if install_type == 'binary' %}
+{% import "macros.j2" as macros with context %}
 
-RUN echo '{{ install_type }} not yet available for {{ base_distro }}' \
-    && /bin/false
-
-{% endif %}
+{{ macros.kolla_patch_sources() }}
 
 {% block blazar_manager_footer %}{% endblock %}
 {% block footer %}{% endblock %}

docker/ceilometer/ceilometer-base/Dockerfile.j2

@@ -9,25 +9,6 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {{ macros.configure_user(name='ceilometer') }}
 
-{% if install_type == 'binary' %}
-    {% if base_package_type == 'rpm' %}
-        {% set ceilometer_base_packages = [
-            'openstack-ceilometer-common',
-            'python3-gnocchiclient',
-            'python3-oslo-db',
-            'python3-tooz'
-         ] %}
-    {% elif base_package_type == 'deb' %}
-        {% set ceilometer_base_packages = [
-            'ceilometer-common',
-            'python3-gnocchiclient',
-         ] %}
-    {% endif %}
-
-{{ macros.install_packages(ceilometer_base_packages | customizable("packages")) }}
-
-{% elif install_type == 'source' %}
-
 {% set ceilometer_base_pip_packages = [
     '/ceilometer'
 ] %}
@@ -38,26 +19,25 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 ADD ceilometer-base-archive /ceilometer-base-source
 ADD plugins-archive /
-# NOTE(egonzalez): Remove ceilometer from constraint or will fail.
-RUN ln -s ceilometer-base-source/* ceilometer \
-    && sed -i 's|^ceilometer===.*$||g' requirements/upper-constraints.txt \
-    && {{ macros.install_pip(ceilometer_base_pip_packages | customizable("pip_packages")) }} \
-    && mkdir -p /etc/ceilometer \
-    && cp -r /ceilometer/etc/ceilometer/* /etc/ceilometer/ \
-    && chown -R ceilometer: /etc/ceilometer \
-    && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/ceilometer/rootwrap.conf \
-    && if [ "$(ls /plugins)" ]; then \
-        {{ macros.install_pip(ceilometer_base_plugins_pip_packages) }}; \
-    fi
-
-{% endif %}
 
 COPY ceilometer_sudoers /etc/sudoers.d/kolla_ceilometer_sudoers
 COPY extend_start.sh /usr/local/bin/kolla_extend_start
 
-RUN chmod 750 /etc/sudoers.d \
+# NOTE(egonzalez): Remove ceilometer from constraint or will fail.
+RUN ln -s ceilometer-base-source/* ceilometer \
+    && {{ macros.upper_constraints_remove("ceilometer") }} \
+    && {{ macros.install_pip(ceilometer_base_pip_packages | customizable("pip_packages")) }} \
+    && mkdir -p /etc/ceilometer \
+    && cp -r /ceilometer/etc/ceilometer/* /etc/ceilometer/ \
+    && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/ceilometer/rootwrap.conf \
+    && if [ "$(ls /plugins)" ]; then \
+        {{ macros.install_pip(ceilometer_base_plugins_pip_packages) }}; \
+    fi \
+    && chmod 750 /etc/sudoers.d \
     && chmod 440 /etc/sudoers.d/kolla_ceilometer_sudoers \
     && touch /usr/local/bin/kolla_ceilometer_extend_start \
-    && chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_ceilometer_extend_start
+    && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_ceilometer_extend_start
+
+{{ macros.kolla_patch_sources() }}
 
 {% block ceilometer_base_footer %}{% endblock %}

docker/ceilometer/ceilometer-central/Dockerfile.j2

@@ -7,16 +7,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% import "macros.j2" as macros with context %}
 
-{% if install_type == 'binary' %}
-    {% if base_package_type == 'rpm' %}
-        {% set ceilometer_central_packages = ['openstack-ceilometer-central'] %}
-    {% elif base_package_type == 'deb' %}
-        {% set ceilometer_central_packages = ['ceilometer-agent-central'] %}
-    {% endif %}
-
-{{ macros.install_packages(ceilometer_central_packages | customizable("packages")) }}
-
-{% endif %}
+{{ macros.kolla_patch_sources() }}
 
 {% block ceilometer_central_footer %}{% endblock %}
 {% block footer %}{% endblock %}

docker/ceilometer/ceilometer-compute/Dockerfile.j2

@@ -7,31 +7,15 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% import "macros.j2" as macros with context %}
 
-{{ macros.enable_extra_repos(['libvirt']) }}
-
-{% if install_type == 'binary' %}
-    {% if base_package_type == 'rpm' %}
-        {% set ceilometer_compute_packages = [
-            'openstack-ceilometer-compute',
-         ] %}
-    {% elif base_package_type == 'deb' %}
-        {% set ceilometer_compute_packages = [
-            'ceilometer-agent-compute',
-            'python3-libvirt'
-         ] %}
-    {% endif %}
-{{ macros.install_packages(ceilometer_compute_packages | customizable("packages")) }}
-
-{% elif install_type == 'source' %}
-    {% if base_package_type == 'rpm' %}
-        {% set ceilometer_compute_packages = [
-            'python3-libvirt'
-         ] %}
-    {% elif base_package_type == 'deb' %}
-        {% set ceilometer_compute_packages = [
-            'python3-libvirt'
-         ] %}
-    {% endif %}
+{% if base_package_type == 'rpm' %}
+    {% set ceilometer_compute_packages = [
+        'python3-libvirt'
+    ] %}
+{% elif base_package_type == 'deb' %}
+    {% set ceilometer_compute_packages = [
+        'python3-libvirt'
+    ] %}
+{% endif %}
 
 {{ macros.install_packages(ceilometer_compute_packages | customizable("packages")) }}
 
@@ -40,7 +24,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 RUN {{ macros.install_pip(ceilometer_compute_pip_packages | customizable("pip_packages")) }}
 
-{% endif %}
+{{ macros.kolla_patch_sources() }}
 
 {% block ceilometer_compute_footer %}{% endblock %}
 {% block footer %}{% endblock %}

docker/ceilometer/ceilometer-ipmi/Dockerfile.j2

@@ -7,32 +7,20 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% import "macros.j2" as macros with context %}
 
-{% if install_type == 'binary' %}
-    {% if base_package_type == 'rpm' %}
-        {% set ceilometer_ipmi_packages = [
-            'openstack-ceilometer-ipmi'
-        ] %}
-    {% elif base_package_type == 'deb' %}
-        {% set ceilometer_ipmi_packages = [
-            'ceilometer-agent-ipmi'
-        ] %}
-    {% endif %}
-
-{% elif install_type == 'source' %}
-    {% if base_package_type == 'rpm' %}
-        {% set ceilometer_ipmi_packages = [
-            'ipmitool'
-         ] %}
-    {% elif base_package_type == 'deb' %}
-        {% set ceilometer_ipmi_packages = [
-            'ipmitool'
-         ] %}
-    {% endif %}
-
+{% if base_package_type == 'rpm' %}
+    {% set ceilometer_ipmi_packages = [
+        'ipmitool'
+    ] %}
+{% elif base_package_type == 'deb' %}
+    {% set ceilometer_ipmi_packages = [
+        'ipmitool'
+    ] %}
 {% endif %}
 
 {{ macros.install_packages(ceilometer_ipmi_packages | customizable("packages")) }}
 
+{{ macros.kolla_patch_sources() }}
+
 {% block ceilometer_ipmi_footer %}{% endblock %}
 {% block footer %}{% endblock %}
 

docker/ceilometer/ceilometer-notification/Dockerfile.j2

@@ -7,19 +7,10 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% import "macros.j2" as macros with context %}
 
-{% if install_type == 'binary' %}
-    {% if base_package_type == 'rpm' %}
-        {% set ceilometer_notification_packages = ['openstack-ceilometer-notification'] %}
-    {% elif base_package_type == 'deb' %}
-        {% set ceilometer_notification_packages = ['ceilometer-agent-notification'] %}
-    {% endif %}
-
-{{ macros.install_packages(ceilometer_notification_packages | customizable("packages")) }}
-
-{% endif %}
-
 COPY extend_start.sh /usr/local/bin/kolla_ceilometer_extend_start
-RUN chmod 755 /usr/local/bin/kolla_ceilometer_extend_start
+RUN chmod 644 /usr/local/bin/kolla_ceilometer_extend_start
+
+{{ macros.kolla_patch_sources() }}
 
 {% block ceilometer_notification_footer %}{% endblock %}
 {% block footer %}{% endblock %}

docker/cinder/cinder-api/Dockerfile.j2

@@ -7,34 +7,16 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% import "macros.j2" as macros with context %}
 
-{% if install_type == 'binary' %}
-    {% if base_package_type == 'rpm' %}
-        {% set cinder_api_packages = [
-        ] %}
-    {% elif base_package_type == 'deb' %}
-        {% set cinder_api_packages = [
-                'cinder-api'
-        ] %}
-    {% endif %}
-{{ macros.install_packages(cinder_api_packages | customizable("packages")) }}
-RUN mkdir -p /var/www/cgi-bin/cinder \
-    && cp -a /usr/bin/cinder-wsgi /var/www/cgi-bin/cinder/cinder-wsgi
-
-{% elif install_type == 'source' %}
-        {% set cinder_api_packages = [
-        ] %}
+{% set cinder_api_packages = [
+] %}
 
 {{ macros.install_packages(cinder_api_packages | customizable("packages")) }}
 
-RUN mkdir -p /var/www/cgi-bin/cinder \
-    && cp -a /var/lib/kolla/venv/bin/cinder-wsgi /var/www/cgi-bin/cinder/cinder-wsgi
-
-{% endif %}
-
 COPY extend_start.sh /usr/local/bin/kolla_cinder_extend_start
-RUN chmod 755 /usr/local/bin/kolla_cinder_extend_start \
-    && chown -R cinder: /var/www/cgi-bin/cinder \
-    && chmod 755 /var/www/cgi-bin/cinder/cinder-wsgi
+
+RUN chmod 644 /usr/local/bin/kolla_cinder_extend_start
+
+{{ macros.kolla_patch_sources() }}
 
 {% block cinder_api_footer %}{% endblock %}
 {% block footer %}{% endblock %}

docker/cinder/cinder-backup/Dockerfile.j2

@@ -7,33 +7,26 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% import "macros.j2" as macros with context %}
 
-{% if install_type == 'binary' %}
-    {% if base_package_type == 'rpm' %}
-        {% set cinder_backup_packages = [
-                'nfs-utils'
-        ] %}
-    {% elif base_package_type == 'deb' %}
-        {% set cinder_backup_packages = [
-                'cinder-backup',
-                'nfs-common'
-        ] %}
-    {% endif %}
-
-{% elif install_type == 'source' %}
-    {% if base_package_type == 'rpm' %}
-        {% set cinder_backup_packages = [
-                'nfs-utils'
-        ] %}
-     {% elif base_package_type == 'deb' %}
-        {% set cinder_backup_packages = [
-                'nfs-common'
-        ] %}
-    {% endif %}
-
+{% if base_package_type == 'rpm' %}
+    {% set cinder_backup_packages = [
+        'device-mapper-multipath',
+        'lsscsi',
+        'nfs-utils',
+        'sysfsutils'
+    ] %}
+{% elif base_package_type == 'deb' %}
+    {% set cinder_backup_packages = [
+        'lsscsi',
+        'multipath-tools',
+        'nfs-common',
+        'sysfsutils'
+    ] %}
 {% endif %}
 
 {{ macros.install_packages(cinder_backup_packages | customizable("packages")) }}
 
+{{ macros.kolla_patch_sources() }}
+
 {% block cinder_backup_footer %}{% endblock %}
 {% block footer %}{% endblock %}
 

docker/cinder/cinder-base/Dockerfile.j2

@@ -9,51 +9,29 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {{ macros.configure_user(name='cinder') }}
 
-{{ macros.enable_extra_repos(['ceph']) }}
+{% if base_package_type == 'rpm' %}
 
-{% if install_type == 'binary' %}
-    {% if base_package_type == 'rpm' %}
-        {% set cinder_base_packages = [
-                'ceph-common',
-                'lvm2',
-                'cryptsetup',
-                'openstack-cinder',
-                'python3-automaton',
-                'python3-oslo-vmware'
-        ] %}
-    {% elif base_package_type == 'deb' %}
-        {% set cinder_base_packages = [
-                'ceph-common',
-                'cinder-common',
-                'lvm2',
-                'cryptsetup',
-                'python3-cephfs',
-                'python3-oslo.vmware',
-                'python3-rados',
-                'python3-rbd'
-        ] %}
-    {% endif %}
-{{ macros.install_packages(cinder_base_packages | customizable("packages")) }}
+{{ macros.enable_extra_repos(['ceph', 'epel']) }}
 
-{% elif install_type == 'source' %}
-    {% if base_package_type == 'rpm' %}
-        {% set cinder_base_packages = [
-                'ceph-common',
-                'cryptsetup',
-                'lvm2',
-                'qemu-img'
-        ] %}
-    {% elif base_package_type == 'deb' %}
-        {% set cinder_base_packages = [
-                'ceph-common',
-                'lvm2',
-                'cryptsetup',
-                'python3-cephfs',
-                'python3-rados',
-                'python3-rbd',
-                'qemu-utils'
-        ] %}
-    {% endif %}
+    {% set cinder_base_packages = [
+        'ceph-common',
+        'cryptsetup',
+        'lvm2',
+        'nvme-cli',
+        'qemu-img'
+    ] %}
+{% elif base_package_type == 'deb' %}
+    {% set cinder_base_packages = [
+        'ceph-common',
+        'cryptsetup',
+        'lvm2',
+        'nvme-cli',
+        'python3-cephfs',
+        'python3-rados',
+        'python3-rbd',
+        'qemu-utils'
+    ] %}
+{% endif %}
 {{ macros.install_packages(cinder_base_packages | customizable("packages")) }}
 
 {% set cinder_base_pip_packages = [
@@ -61,21 +39,21 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 ] %}
 
 ADD cinder-base-archive /cinder-base-source
-RUN ln -s cinder-base-source/* cinder \
-    && {{ macros.install_pip(cinder_base_pip_packages | customizable("pip_packages")) }} \
-    && mkdir -p /etc/cinder \
-    && cp -r /cinder/etc/cinder/* /etc/cinder/ \
-    && chown -R cinder: /etc/cinder \
-    && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/cinder/rootwrap.conf
-
-{% endif %}
 
 COPY cinder_sudoers /etc/sudoers.d/kolla_cinder_sudoers
 COPY extend_start.sh /usr/local/bin/kolla_extend_start
 
-RUN chmod 750 /etc/sudoers.d \
+RUN ln -s cinder-base-source/* cinder \
+    && {{ macros.install_pip(cinder_base_pip_packages | customizable("pip_packages")) }} \
+    && mkdir -p /etc/cinder \
+    && cp -r /cinder/etc/cinder/* /etc/cinder/ \
+    && cp /var/lib/kolla/venv/etc/pycadf/cinder_api_audit_map.conf /etc/cinder/ \
+    && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/cinder/rootwrap.conf \
+    && chmod 750 /etc/sudoers.d \
     && chmod 440 /etc/sudoers.d/kolla_cinder_sudoers \
     && touch /usr/local/bin/kolla_cinder_extend_start \
-    && chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_cinder_extend_start
+    && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_cinder_extend_start
+
+{{ macros.kolla_patch_sources() }}
 
 {% block cinder_base_footer %}{% endblock %}

docker/cinder/cinder-base/extend_start.sh

@@ -3,6 +3,9 @@
 if [[ ! -d "/var/log/kolla/cinder" ]]; then
     mkdir -p /var/log/kolla/cinder
 fi
+if [[ $(stat -c %U:%G /var/log/kolla/cinder) != "cinder:kolla" ]]; then
+    chown -R cinder:kolla /var/log/kolla/cinder
+fi
 if [[ $(stat -c %a /var/log/kolla/cinder) != "755" ]]; then
     chmod 755 /var/log/kolla/cinder
 fi

docker/cinder/cinder-scheduler/Dockerfile.j2

@@ -7,16 +7,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% import "macros.j2" as macros with context %}
 
-{% if install_type == 'binary' %}
-    {% if base_package_type == 'deb' %}
-        {% set cinder_scheduler_packages = [
-                'cinder-scheduler'
-        ] %}
-
-{{ macros.install_packages(cinder_scheduler_packages | customizable("packages")) }}
-
-    {% endif %}
-{% endif %}
+{{ macros.kolla_patch_sources() }}
 
 {% block cinder_scheduler_footer %}{% endblock %}
 {% block footer %}{% endblock %}

docker/cinder/cinder-volume/Dockerfile.j2

@@ -9,34 +9,23 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% if base_package_type == 'rpm' %}
     {% set cinder_volume_packages = [
-            'nfs-utils',
-            'nvmetcli',
-            'sysfsutils',
-            'targetcli'
+        'lsscsi',
+        'device-mapper-multipath',
+        'nfs-utils',
+        'nvmetcli',
+        'sysfsutils',
+        'targetcli'
     ] %}
-    {% if install_type == 'binary' %}
-        {% set cinder_volume_packages = cinder_volume_packages + [
-            'python3-rtslib'
-        ] %}
-    {% endif %}
-
 {% elif base_package_type == 'deb' %}
     {% set cinder_volume_packages = [
-            'lsscsi',
-            'nfs-common',
-            'nvme-cli',
-            'sysfsutils',
-            'targetcli-fb',
-            'thin-provisioning-tools',
-            'tgt'
+        'lsscsi',
+        'multipath-tools',
+        'nfs-common',
+        'sysfsutils',
+        'targetcli-fb',
+        'thin-provisioning-tools',
+        'tgt'
     ] %}
-    {% if install_type == 'binary' %}
-        {% set cinder_volume_packages = cinder_volume_packages + [
-            'cinder-volume',
-            'python3-rtslib-fb'
-        ] %}
-    {% endif %}
-
 {% endif %}
 
 {{ macros.install_packages(cinder_volume_packages | customizable("packages")) }}
@@ -59,7 +48,9 @@ COPY extend_start.sh /usr/local/bin/kolla_cinder_extend_start
 
 RUN chmod 750 /etc/sudoers.d \
     && chmod 440 /etc/sudoers.d/kolla_cinder_volume_sudoers \
-    && chmod 755 /usr/local/bin/kolla_cinder_extend_start
+    && chmod 644 /usr/local/bin/kolla_cinder_extend_start
+
+{{ macros.kolla_patch_sources() }}
 
 {% block cinder_volume_footer %}{% endblock %}
 {% block footer %}{% endblock %}

docker/cloudkitty/cloudkitty-api/Dockerfile.j2

@@ -7,28 +7,15 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% import "macros.j2" as macros with context %}
 
-{% if install_type == 'binary' %}
-    {% if base_package_type == 'rpm' %}
-
-        {% set cloudkitty_api_packages = [
-                'openstack-cloudkitty-api'
-        ] %}
-    {% elif base_package_type == 'deb' %}
-
-        {% set cloudkitty_api_packages = [
-                'cloudkitty-api'
-        ] %}
-
-    {% endif %}
-{% elif install_type == 'source' %}
-        {% set cloudkitty_api_packages = [
-        ] %}
-{% endif %}
+{% set cloudkitty_api_packages = [
+] %}
 
 {{ macros.install_packages(cloudkitty_api_packages | customizable("packages")) }}
 
 COPY extend_start.sh /usr/local/bin/kolla_cloudkitty_extend_start
-RUN chmod 755 /usr/local/bin/kolla_cloudkitty_extend_start
+RUN chmod 644 /usr/local/bin/kolla_cloudkitty_extend_start
+
+{{ macros.kolla_patch_sources() }}
 
 {% block cloudkitty_api_footer %}{% endblock %}
 {% block footer %}{% endblock %}

docker/cloudkitty/cloudkitty-base/Dockerfile.j2

@@ -9,41 +9,21 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {{ macros.configure_user(name='cloudkitty') }}
 
-{% if install_type == 'binary' %}
-    {% if base_package_type == 'rpm' %}
-
-        {% set cloudkitty_base_packages = [
-                'openstack-cloudkitty-common',
-        ] %}
-
-    {% elif base_package_type == 'deb' %}
-
-        {% set cloudkitty_base_packages = [
-                'cloudkitty-common',
-        ] %}
-
-    {% endif %}
-
-{{ macros.install_packages(cloudkitty_base_packages | customizable("packages")) }}
-
-{% elif install_type == 'source' %}
-
 {% set cloudkitty_base_pip_packages = [
     '/cloudkitty'
 ] %}
 
 ADD cloudkitty-base-archive /cloudkitty-base-source
+
+COPY extend_start.sh /usr/local/bin/kolla_extend_start
+
 RUN ln -s cloudkitty-base-source/* cloudkitty \
     && {{ macros.install_pip(cloudkitty_base_pip_packages | customizable("pip_packages")) }} \
     && mkdir -p /etc/cloudkitty  \
     && cp -r /cloudkitty/etc/cloudkitty/* /etc/cloudkitty/ \
-    && chown -R cloudkitty: /etc/cloudkitty
+    && touch /usr/local/bin/kolla_cloudkitty_extend_start \
+    && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_cloudkitty_extend_start
 
-{% endif %}
-
-COPY extend_start.sh /usr/local/bin/kolla_extend_start
-
-RUN touch /usr/local/bin/kolla_cloudkitty_extend_start \
-    && chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_cloudkitty_extend_start
+{{ macros.kolla_patch_sources() }}
 
 {% block cloudkitty_base_footer %}{% endblock %}

docker/cloudkitty/cloudkitty-processor/Dockerfile.j2

@@ -7,25 +7,13 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% import "macros.j2" as macros with context %}
 
-{% if install_type == 'binary' %}
-    {% if base_package_type == 'rpm' %}
-
-        {% set cloudkitty_processor_packages = [
-                'openstack-cloudkitty-processor',
-        ] %}
-
-    {% elif base_package_type == 'deb' %}
-
-        {% set cloudkitty_processor_packages = [
-                'cloudkitty-processor',
-        ] %}
-
-    {% endif %}
-
-{% endif %}
+{% set cloudkitty_processor_packages = [
+] %}
 
 {{ macros.install_packages(cloudkitty_processor_packages | customizable("packages")) }}
 
+{{ macros.kolla_patch_sources() }}
+
 {% block cloudkitty_processor_footer %}{% endblock %}
 {% block footer %}{% endblock %}
 

docker/collectd/Dockerfile.j2

@@ -9,13 +9,14 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {{ macros.configure_user(name='collectd') }}
 
-{{ macros.enable_extra_repos(['opstools']) }}
-
 {% set collectd_packages = [
     'collectd'
 ] %}
 
 {% if base_package_type == 'rpm' %}
+
+{{ macros.enable_extra_repos(['opstools']) }}
+
   {% set collectd_packages = collectd_packages + [
       'collectd-amqp',
       'collectd-amqp1',
@@ -30,12 +31,9 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
       'collectd-dbi',
       'collectd-disk',
       'collectd-dns',
-      'collectd-generic-jmx',
       'collectd-ipmi',
-      'collectd-log_logstash',
       'collectd-logparser',
       'collectd-mcelog',
-      'collectd-memcachec',
       'collectd-mysql',
       'collectd-netlink',
       'collectd-openldap',
@@ -59,7 +57,6 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
   {% if base_arch =='x86_64' %}
       {% set collectd_packages = collectd_packages + [
         'collectd-hugepages',
-        'collectd-iptables',
         'collectd-pcie-errors',
         'collectd-pmu',
         'collectd-rdt',
@@ -72,11 +69,12 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 {{ macros.install_packages(collectd_packages | customizable("packages")) }}
 
 COPY extend_start.sh /usr/local/bin/kolla_extend_start
-RUN chmod 755 /usr/local/bin/kolla_extend_start \
+RUN chmod 644 /usr/local/bin/kolla_extend_start \
     && chown -R collectd /var/lib/collectd \
-    && chown -R collectd /etc/collectd* \
     && chown -R collectd /var/run/
 
+{{ macros.kolla_patch_sources() }}
+
 {% block collectd_footer %}{% endblock %}
 {% block footer %}{% endblock %}
 

docker/cron/Dockerfile.j2

@@ -1,4 +1,4 @@
-FROM {{ namespace }}/{{ infra_image_prefix }}base:{{ tag }}
+FROM {{ namespace }}/{{ image_prefix }}base:{{ tag }}
 {% block labels %}
 LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build_date }}"
 {% endblock %}
@@ -12,6 +12,11 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
         'cronie',
         'logrotate'
     ] %}
+
+# NOTE(hrw): In RHEL 9 family it is done by systemd timer, we want cron to
+# handle it.
+COPY logrotate /etc/cron.daily/logrotate
+
 {% elif base_package_type == 'deb' %}
     {% set cron_packages = [
         'cron',
@@ -22,7 +27,9 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 {{ macros.install_packages(cron_packages | customizable("packages")) }}
 
 COPY extend_start.sh /usr/local/bin/kolla_extend_start
-RUN chmod 755 /usr/local/bin/kolla_extend_start
+RUN chmod 644 /usr/local/bin/kolla_extend_start
+
+{{ macros.kolla_patch_sources() }}
 
 {% block cron_footer %}{% endblock %}
 {% block footer %}{% endblock %}

docker/cron/extend_start.sh

@@ -3,15 +3,19 @@
 CRON_LOGROTATE_CURRENT_PATH="$(find /etc/cron* -name logrotate)"
 CRON_LOGROTATE_CURRENT_SCHEDULE=$(echo "${CRON_LOGROTATE_CURRENT_PATH}" | sed -r 's/(.*)(hourly|daily|weekly|monthly)(.*)/\2/g')
 
-# Pass only for hourly|daily|weekly|monthly
-if [[ "${KOLLA_LOGROTATE_SCHEDULE:-undefined}" =~ hourly|daily|weekly|monthly ]]; then
+if [ -z $CRON_LOGROTATE_CURRENT_PATH ]; then
+    echo "logrotate is not handled by cron"
+else
+    # Pass only for hourly|daily|weekly|monthly
+    if [[ "${KOLLA_LOGROTATE_SCHEDULE:-undefined}" =~ hourly|daily|weekly|monthly ]]; then
 
-    CRON_LOGROTATE_DESIRED_PATH="/etc/cron.${KOLLA_LOGROTATE_SCHEDULE}/logrotate"
+        CRON_LOGROTATE_DESIRED_PATH="/etc/cron.${KOLLA_LOGROTATE_SCHEDULE}/logrotate"
 
-    if [[ "${CRON_LOGROTATE_CURRENT_PATH}" != "${CRON_LOGROTATE_DESIRED_PATH}" ]]; then
-        mv ${CRON_LOGROTATE_CURRENT_PATH} ${CRON_LOGROTATE_DESIRED_PATH}
-        CRON_LOGROTATE_CURRENT_SCHEDULE="${KOLLA_LOGROTATE_SCHEDULE}"
+        if [[ "${CRON_LOGROTATE_CURRENT_PATH}" != "${CRON_LOGROTATE_DESIRED_PATH}" ]]; then
+            mv ${CRON_LOGROTATE_CURRENT_PATH} ${CRON_LOGROTATE_DESIRED_PATH}
+            CRON_LOGROTATE_CURRENT_SCHEDULE="${KOLLA_LOGROTATE_SCHEDULE}"
+        fi
     fi
-fi
 
-echo "[i] Cron schedule for logrotate is currently set to: ${CRON_LOGROTATE_CURRENT_SCHEDULE}."
+    echo "[i] Cron schedule for logrotate is currently set to: ${CRON_LOGROTATE_CURRENT_SCHEDULE}."
+fi

docker/cron/logrotate

@@ -0,0 +1,18 @@
+#!/bin/sh
+
+# skip in favour of systemd timer
+if [ -d /run/systemd/system ]; then
+    exit 0
+fi
+
+# this cronjob persists removals (but not purges)
+if [ ! -x /usr/sbin/logrotate ]; then
+    exit 0
+fi
+
+/usr/sbin/logrotate /etc/logrotate.conf
+EXITVALUE=$?
+if [ $EXITVALUE != 0 ]; then
+    /usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]"
+fi
+exit $EXITVALUE

docker/cyborg/cyborg-agent/Dockerfile.j2

@@ -12,13 +12,11 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {{ macros.install_packages(cyborg_agent_packages | customizable("packages")) }}
 
-{% if install_type == 'source' %}
-
 {% set cyborg_agent_pip_packages = [ ] %}
 
 RUN {{ macros.install_pip(cyborg_agent_pip_packages | customizable("pip_packages")) }}
 
-{% endif %}
+{{ macros.kolla_patch_sources() }}
 
 {% block cyborg_agent_footer %}{% endblock %}
 {% block footer %}{% endblock %}

docker/cyborg/cyborg-api/Dockerfile.j2

@@ -6,20 +6,14 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 {% block cyborg_api_header %}{% endblock %}
 {% import "macros.j2" as macros with context %}
 
-{% if install_type == 'binary' %}
-
-RUN echo '{{ install_type }} not yet available for {{ base_distro }}'  \
-    && /bin/false
-
-{% elif install_type == 'source' %}
-
-    {% set cyborg_api_packages = [
-    ] %}
+{% set cyborg_api_packages = [
+] %}
 {{ macros.install_packages(cyborg_api_packages | customizable("packages")) }}
-{% endif %}
 
 COPY extend_start.sh /usr/local/bin/kolla_cyborg_extend_start
-RUN chmod 755 /usr/local/bin/kolla_cyborg_extend_start
+RUN chmod 644 /usr/local/bin/kolla_cyborg_extend_start
+
+{{ macros.kolla_patch_sources() }}
 
 {% block cyborg_api_footer %}{% endblock %}
 {% block footer %}{% endblock %}

docker/cyborg/cyborg-base/Dockerfile.j2

@@ -9,31 +9,23 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {{ macros.configure_user(name='cyborg') }}
 
-{% if install_type == 'binary' %}
-
-RUN echo '{{ install_type }} not yet available for {{ base_distro }}' \
-    && /bin/false
-
-{% elif install_type == 'source' %}
-
 ADD cyborg-base-archive /cyborg-base-source
 
 {% set cyborg_base_pip_packages = [
     '/cyborg'
 ] %}
 
-RUN ln -s cyborg-base-source/* cyborg \
-    && {{ macros.install_pip(cyborg_base_pip_packages | customizable("pip_packages")) }} \
-    && mkdir -p /etc/cyborg/ \
-    && cp -r /cyborg/etc/cyborg/* /etc/cyborg/
-
-{% endif %}
-
 COPY extend_start.sh /usr/local/bin/kolla_extend_start
 COPY cyborg_sudoers /etc/sudoers.d/kolla_cyborg_sudoers
 
-RUN chmod 750 /etc/sudoers.d \
+RUN ln -s cyborg-base-source/* cyborg \
+    && {{ macros.install_pip(cyborg_base_pip_packages | customizable("pip_packages")) }} \
+    && mkdir -p /etc/cyborg/ \
+    && cp -r /cyborg/etc/cyborg/* /etc/cyborg/ \
+    && chmod 750 /etc/sudoers.d \
     && touch /usr/local/bin/kolla_cyborg_extend_start \
-    && chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_cyborg_extend_start
+    && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_cyborg_extend_start
+
+{{ macros.kolla_patch_sources() }}
 
 {% block cyborg_footer %}{% endblock %}

docker/cyborg/cyborg-conductor/Dockerfile.j2

@@ -5,5 +5,9 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% block cyborg_conductor_header %}{% endblock %}
 
+{% import "macros.j2" as macros with context %}
+
+{{ macros.kolla_patch_sources() }}
+
 {% block cyborg_conductor_footer %}{% endblock %}
 {% block footer %}{% endblock %}

docker/designate/designate-api/Dockerfile.j2

@@ -7,14 +7,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% import "macros.j2" as macros with context %}
 
-{% if install_type == 'binary' %}
-    {% if base_package_type == 'rpm' %}
-       {% set designate_api_packages = ['openstack-designate-api'] %}
-    {% elif base_package_type == 'deb' %}
-       {% set designate_api_packages = ['designate-api'] %}
-    {% endif %}
-{{ macros.install_packages(designate_api_packages | customizable("packages")) }}
-{% endif %}
+{{ macros.kolla_patch_sources() }}
 
 {% block designate_api_footer %}{% endblock %}
 {% block footer %}{% endblock %}

docker/designate/designate-backend-bind9/Dockerfile.j2

@@ -25,5 +25,7 @@ RUN mkdir -p /var/lib/kolla/ /var/lib/{{ designate_backend_bind_name }}/ /run/{{
      && chown -R root: /var/lib/{{ designate_backend_bind_name }} /run/{{ designate_backend_bind_name }} \
      && chmod 755 /run/{{ designate_backend_bind_name }}
 
+{{ macros.kolla_patch_sources() }}
+
 {% block designate_backend_bind9_footer %}{% endblock %}
 {% block footer %}{% endblock %}

docker/designate/designate-base/Dockerfile.j2

@@ -9,47 +9,25 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {{ macros.configure_user(name='designate') }}
 
-{% if install_type == 'binary' %}
-    {% if base_package_type == 'rpm' %}
-       {% set designate_base_packages = [
-            'openstack-designate-common',
-            'python3-oslo-reports',
-            'python3-suds',
-            'python3-tooz'
-        ] %}
-
-{{ macros.install_packages(designate_base_packages | customizable("packages")) }}
-    {% elif base_package_type == 'deb' %}
-       {% set designate_base_packages = [
-            'designate-common',
-            'python3-tooz'
-        ] %}
-
-{{ macros.install_packages(designate_base_packages | customizable("packages")) }}
-
-    {% endif %}
-{% elif install_type == 'source' %}
-
 {% set designate_base_pip_packages = [
     '/designate'
 ] %}
 
 ADD designate-base-archive /designate-base-source
-RUN ln -s designate-base-source/* designate \
-    && {{ macros.install_pip(designate_base_pip_packages | customizable("pip_packages")) }} \
-    && mkdir -p /etc/designate \
-    && cp -r /designate/etc/designate/* /etc/designate/ \
-    && mv /etc/designate/rootwrap.conf.sample /etc/designate/rootwrap.conf \
-    && chown -R designate: /etc/designate \
-    && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/designate/rootwrap.conf
-{% endif %}
 
 COPY designate_sudoers /etc/sudoers.d/kolla_designate_sudoers
 COPY extend_start.sh /usr/local/bin/kolla_extend_start
 
-RUN chmod 750 /etc/sudoers.d \
+RUN ln -s designate-base-source/* designate \
+    && {{ macros.install_pip(designate_base_pip_packages | customizable("pip_packages")) }} \
+    && mkdir -p /etc/designate \
+    && cp -r /designate/etc/designate/* /etc/designate/ \
+    && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/designate/rootwrap.conf \
+    && chmod 750 /etc/sudoers.d \
     && chmod 640 /etc/sudoers.d/kolla_designate_sudoers \
     && touch /usr/local/bin/kolla_designate_extend_start \
-    && chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_designate_extend_start
+    && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_designate_extend_start
+
+{{ macros.kolla_patch_sources() }}
 
 {% block designate_base_footer %}{% endblock %}

docker/designate/designate-central/Dockerfile.j2

@@ -7,17 +7,10 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% import "macros.j2" as macros with context %}
 
-{% if install_type == 'binary' %}
-    {% if base_package_type == 'rpm' %}
-       {% set designate_central_packages = ['openstack-designate-central'] %}
-    {% elif base_package_type == 'deb'%}
-       {% set designate_central_packages = ['designate-central'] %}
-    {% endif %}
-{{ macros.install_packages(designate_central_packages | customizable("packages")) }}
-{% endif %}
-
 COPY extend_start.sh /usr/local/bin/kolla_designate_extend_start
-RUN chmod 755 /usr/local/bin/kolla_designate_extend_start
+RUN chmod 644 /usr/local/bin/kolla_designate_extend_start
+
+{{ macros.kolla_patch_sources() }}
 
 {% block designate_central_footer %}{% endblock %}
 {% block footer %}{% endblock %}

docker/designate/designate-mdns/Dockerfile.j2

@@ -7,14 +7,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% import "macros.j2" as macros with context %}
 
-{% if install_type == 'binary' %}
-    {% if base_package_type == 'rpm' %}
-       {% set designate_mdns_packages = ['openstack-designate-mdns'] %}
-    {% elif base_package_type == 'deb' %}
-       {% set designate_mdns_packages = ['designate-mdns'] %}
-    {% endif %}
-{{ macros.install_packages(designate_mdns_packages | customizable("packages")) }}
-{% endif %}
+{{ macros.kolla_patch_sources() }}
 
 {% block designate_mdns_footer %}{% endblock %}
 {% block footer %}{% endblock %}

docker/designate/designate-producer/Dockerfile.j2

@@ -7,14 +7,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% import "macros.j2" as macros with context %}
 
-{% if install_type == 'binary' %}
-    {% if base_package_type == 'rpm' %}
-       {% set designate_producer_packages = ['openstack-designate-producer'] %}
-    {% elif base_package_type == 'deb' %}
-       {% set designate_producer_packages = ['designate-producer'] %}
-    {% endif %}
-{{ macros.install_packages(designate_producer_packages | customizable("packages")) }}
-{% endif %}
+{{ macros.kolla_patch_sources() }}
 
 {% block designate_producer_footer %}{% endblock %}
 {% block footer %}{% endblock %}