diff --git a/doc/source/support_matrix.rst b/doc/source/support_matrix.rst index 2cce5c99a8..bec1aa0bd1 100644 --- a/doc/source/support_matrix.rst +++ b/doc/source/support_matrix.rst @@ -106,3 +106,12 @@ Currently unbuildable images For a list of currently unbuildable images please look into ``kolla/image/unbuildable.py`` file - ``UNBUILDABLE_IMAGES`` dictionary. + +SPICE limitations +================= + +The new OpenStack Compute console type ``spice-direct`` requires that +SPICE support be compiled into the qemu running the instance. Sadly, +Red Hat chose to remove SPICE support from qemu in RHEL9, and Rocky +Linux has followed along. You therefore _must_ run the Debian or Ubuntu +container images if you wish to use the ``spice-direct`` console type. diff --git a/docker/httpd/Dockerfile.j2 b/docker/httpd/Dockerfile.j2 index 03b4e688b1..98f012f2a8 100644 --- a/docker/httpd/Dockerfile.j2 +++ b/docker/httpd/Dockerfile.j2 @@ -8,8 +8,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% import "macros.j2" as macros with context %} {% if base_package_type == 'rpm' %} -{# NOTE(mnasiadka): mod_auth_mellon missing in CentOS 10 Stream - temporarily from Kolla COPR #} -{{ macros.enable_extra_repos(['epel', 'kolla_el10']) }} +{{ macros.enable_extra_repos(['epel']) }} {% set apache_packages = [ 'httpd', 'mod_ssl', diff --git a/docker/kerbside/kerbside-api/Dockerfile.j2 b/docker/kerbside/kerbside-api/Dockerfile.j2 new file mode 100644 index 0000000000..4e5e1f7a16 --- /dev/null +++ b/docker/kerbside/kerbside-api/Dockerfile.j2 @@ -0,0 +1,9 @@ +FROM {{ namespace }}/{{ image_prefix }}kerbside-base:{{ tag }} +{% block labels %} +LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build_date }}" +{% endblock %} + +COPY extend_start.sh /usr/local/bin/kolla_extend_start +RUN chmod 644 /usr/local/bin/kolla_extend_start + +USER kerbside diff --git a/docker/kerbside/kerbside-api/extend_start.sh b/docker/kerbside/kerbside-api/extend_start.sh new file mode 100644 index 0000000000..92ef80a22f --- /dev/null +++ b/docker/kerbside/kerbside-api/extend_start.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +# Make the log directory +mkdir -p /var/log/kolla/kerbside diff --git a/docker/kerbside/kerbside-base/Dockerfile.j2 b/docker/kerbside/kerbside-base/Dockerfile.j2 new file mode 100644 index 0000000000..d2e31ca0e2 --- /dev/null +++ b/docker/kerbside/kerbside-base/Dockerfile.j2 @@ -0,0 +1,38 @@ +FROM {{ namespace }}/{{ image_prefix }}openstack-base:{{ tag }} +{% block labels %} +LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build_date }}" +{% endblock %} + +{% block kerbside_base_header %}{% endblock %} + +{% import "macros.j2" as macros with context %} + +{{ macros.configure_user(name='kerbside', groups='kerbside') }} + +{% if base_package_type == 'rpm' %} + {% set kerbside_packages = [ + 'mariadb-devel', + 'pkgconfig' + ] %} +{% elif base_package_type == 'deb' %} + {% set kerbside_packages = [ + 'libmariadb-dev-compat', + 'pkg-config' + ] %} +{% endif %} + +{{ macros.install_packages(kerbside_packages | customizable("packages")) }} + +{% set kerbside_pip_packages = [ + '/kerbside' +] %} + +ADD kerbside-base-archive /kerbside-source +RUN ln -s kerbside-source/* kerbside \ + && if [ "$(ls /plugins)" ]; then \ + {{ macros.install_pip(kerbside_plugins_pip_packages) }}; \ + fi \ + && {{ macros.install_pip(kerbside_pip_packages | customizable("pip_packages"), false) }} \ + && rm -f /etc/machine-id + +{% block kerbside_base_footer %}{% endblock %} diff --git a/docker/kerbside/kerbside-proxy/Dockerfile.j2 b/docker/kerbside/kerbside-proxy/Dockerfile.j2 new file mode 100644 index 0000000000..4e5e1f7a16 --- /dev/null +++ b/docker/kerbside/kerbside-proxy/Dockerfile.j2 @@ -0,0 +1,9 @@ +FROM {{ namespace }}/{{ image_prefix }}kerbside-base:{{ tag }} +{% block labels %} +LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build_date }}" +{% endblock %} + +COPY extend_start.sh /usr/local/bin/kolla_extend_start +RUN chmod 644 /usr/local/bin/kolla_extend_start + +USER kerbside diff --git a/docker/kerbside/kerbside-proxy/extend_start.sh b/docker/kerbside/kerbside-proxy/extend_start.sh new file mode 100644 index 0000000000..92ef80a22f --- /dev/null +++ b/docker/kerbside/kerbside-proxy/extend_start.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +# Make the log directory +mkdir -p /var/log/kolla/kerbside diff --git a/docker/keystone/keystone-base/Dockerfile.j2 b/docker/keystone/keystone-base/Dockerfile.j2 index 36d793a2e7..47b37983c0 100644 --- a/docker/keystone/keystone-base/Dockerfile.j2 +++ b/docker/keystone/keystone-base/Dockerfile.j2 @@ -11,8 +11,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% if base_package_type == 'rpm' %} -{# NOTE(mnasiadka): mod_auth_mellon missing in CentOS 10 Stream - temporarily from Kolla COPR #} -{{ macros.enable_extra_repos(['epel', 'kolla_el10']) }} +{{ macros.enable_extra_repos(['epel']) }} {% set keystone_base_packages = [ 'cyrus-sasl-devel', diff --git a/docker/masakari/masakari-monitors/masakari_monitors_sudoers b/docker/masakari/masakari-monitors/masakari_monitors_sudoers index 6cc823d78d..be3867b5ca 100644 --- a/docker/masakari/masakari-monitors/masakari_monitors_sudoers +++ b/docker/masakari/masakari-monitors/masakari_monitors_sudoers @@ -1,3 +1,5 @@ masakari ALL=(root) NOPASSWD: /var/lib/kolla/venv/bin/privsep-helper masakari ALL=(root) NOPASSWD: /usr/sbin/tcpdump * masakari ALL=(root) NOPASSWD: /usr/sbin/crm_mon -X +masakari ALL=(root) NOPASSWD: /usr/sbin/crmadmin * +masakari ALL=(root) NOPASSWD: /usr/sbin/cibadmin --query diff --git a/kolla/common/config.py b/kolla/common/config.py index 8a80e1f88f..c4ebcbf3bb 100644 --- a/kolla/common/config.py +++ b/kolla/common/config.py @@ -38,7 +38,7 @@ 'ubuntu': 'Ubuntu 24.04.* LTS', } -OPENSTACK_RELEASE = '2026.1' +OPENSTACK_RELEASE = 'master' OPENSTACK_RELEASE_CODENAME = 'Gazpacho' # TODO(mandre) check for file integrity instead of downloading from an HTTPS @@ -88,6 +88,7 @@ 'designate', 'gnocchi', 'ironic', + 'kerbside', 'magnum', 'manila', 'masakari', diff --git a/kolla/common/sources.py b/kolla/common/sources.py index 97edec1b18..08c4a4639b 100644 --- a/kolla/common/sources.py +++ b/kolla/common/sources.py @@ -152,6 +152,10 @@ 'type': 'url', 'location': ('$tarballs_base/openstack/keystone/' 'keystone-${openstack_branch}.tar.gz')}, + 'kerbside-base': { + 'type': 'git', + 'reference': 'develop', + 'location': ('https://github.com/shakenfist/kerbside')}, 'kolla-toolbox': { 'type': 'url', 'location': ('$tarballs_base/openstack/requirements/' diff --git a/kolla/common/users.py b/kolla/common/users.py index cd0a666607..19ebde20fe 100644 --- a/kolla/common/users.py +++ b/kolla/common/users.py @@ -350,4 +350,8 @@ 'uid': 42494, 'gid': 42494, }, + 'kerbside-user': { + 'uid': 42495, + 'gid': 42495, + } } diff --git a/kolla/template/repos.yaml b/kolla/template/repos.yaml index 92402bcddc..f23c18eed3 100644 --- a/kolla/template/repos.yaml +++ b/kolla/template/repos.yaml @@ -140,10 +140,6 @@ rpm: hacluster: name: "highavailability" distro: true - kolla_el10: - baseurl: "https://download.copr.fedorainfracloud.org/results/@openstack-kolla/el10-missing/epel-10-$basearch/" - gpgkey: "https://download.copr.fedorainfracloud.org/results/@openstack-kolla/el10-missing/pubkey.gpg" - name: "kolla_el10" mariadb: baseurl: "https://dlm.mariadb.com/repo/mariadb-server/11.4/yum/rhel/$releasever/$basearch" gpgkey: "https://downloads.mariadb.com/MariaDB/RPM-GPG-KEY-MariaDB" diff --git a/releasenotes/notes/add-kerbside-images-04d28d7e76e5bc1f.yaml b/releasenotes/notes/add-kerbside-images-04d28d7e76e5bc1f.yaml new file mode 100644 index 0000000000..78be07bb99 --- /dev/null +++ b/releasenotes/notes/add-kerbside-images-04d28d7e76e5bc1f.yaml @@ -0,0 +1,9 @@ +--- +features: + - | + This release adds images for Kerbside. Kerbside is a SPICE protocol + native proxy used to expose the new spice-direct console type provided + by Openstack Compute. This allows high fidelity virtual desktop + experiences without requiring transcoding of the console into HTML5 + in Horizon, or allowing users direct access to the console ports on + your hypervisors.