From 1ed1a75e48619d8dc3c6bacc5d3a0023cedbb14b Mon Sep 17 00:00:00 2001 From: Chris Breu Date: Wed, 15 Oct 2025 19:07:09 -0500 Subject: [PATCH 01/15] fix: CVE-2025-58068 eventlet --- scripts/barbican-cve-patching.sh | 4 ++-- scripts/cinder-cve-patching.sh | 5 +++-- scripts/cloudkitty-cve-patching.sh | 4 ++-- scripts/designate-cve-patching.sh | 4 ++-- scripts/glance-cve-patching.sh | 3 ++- scripts/heat-cve-patching.sh | 4 ++-- scripts/horizon-cve-patching.sh | 2 +- scripts/ironic-cve-patching.sh | 4 ++-- scripts/keystone-cve-patching.sh | 4 ++-- scripts/magnum-cve-patching.sh | 4 ++-- scripts/masakari-cve-patching.sh | 4 ++-- scripts/masakari-monitors-cve-patching.sh | 4 ++-- scripts/neutron-cve-patching.sh | 5 +++-- scripts/nova-cve-patching.sh | 4 ++-- scripts/octavia-cve-patching.sh | 4 ++-- scripts/placement-cve-patching.sh | 4 ++-- 16 files changed, 33 insertions(+), 30 deletions(-) diff --git a/scripts/barbican-cve-patching.sh b/scripts/barbican-cve-patching.sh index 41f95c9..4cb2aa2 100644 --- a/scripts/barbican-cve-patching.sh +++ b/scripts/barbican-cve-patching.sh @@ -7,14 +7,14 @@ if [ ${OS_VERSION:-master} = "stable/2025.1" ]; then "requests==2.32.4" elif [ ${OS_VERSION:-master} = "stable/2024.1" ]; then # CVE fixes CVE-2024-36039,CVE-2024-56326,CVE-2024-56201,CVE-2024-47081,CVE-2024-37891,CVE-2024-35195,CVE-2025-27516,CVE-2024-42353 - # GHSA-h4gh-qq45-vh27,CVE-2023-29483,CVE-2024-3651,CVE-2024-34064 + # GHSA-h4gh-qq45-vh27,CVE-2023-29483,CVE-2024-3651,CVE-2024-34064,CVE-2025-58068 /var/lib/openstack/bin/pip install --upgrade \ "Jinja2==3.1.6" \ "PyMySQL==1.1.1" \ "WebOb==1.8.8" \ "cryptography==44.0.1" \ "dnspython==2.6.1" \ - "eventlet==0.35.2" \ + "eventlet==0.40.3" \ "idna==3.7" \ "requests==2.32.4" \ "urllib3==1.26.20" diff --git a/scripts/cinder-cve-patching.sh b/scripts/cinder-cve-patching.sh index 7733dd4..ee720ac 100644 --- a/scripts/cinder-cve-patching.sh +++ b/scripts/cinder-cve-patching.sh @@ -9,14 +9,15 @@ if [ ${OS_VERSION:-master} = "stable/2025.1" ]; then "urllib3==1.26.20" elif [ ${OS_VERSION:-master} = "stable/2024.1" ]; then # CVE fixes CVE-2024-34064,CVE-2024-56201,CVE-2024-56326,CVE-2025-27516,CVE-2024-36039,CVE-2024-42353,GHSA-h4gh-qq45-vh27, - # CVE-2023-29483,CVE-2024-3651,CVE-2024-35195,CVE-2024-37891,CVE-2024-12797,CVE-2024-47081,CVE-2025-4565 + # CVE-2023-29483,CVE-2024-3651,CVE-2024-35195,CVE-2024-37891,CVE-2024-12797,CVE-2024-47081,CVE-2025-4565, + # CVE-2025-58068 /var/lib/openstack/bin/pip install --upgrade \ "Jinja2==3.1.6" \ "PyMySQL==1.1.1" \ "WebOb==1.8.8" \ "cryptography==44.0.1" \ "dnspython==2.6.1" \ - "eventlet==0.35.2" \ + "eventlet==0.40.3" \ "idna==3.7" \ "protobuf==4.25.8" \ "requests==2.32.4" \ diff --git a/scripts/cloudkitty-cve-patching.sh b/scripts/cloudkitty-cve-patching.sh index 22ae663..3b4130c 100644 --- a/scripts/cloudkitty-cve-patching.sh +++ b/scripts/cloudkitty-cve-patching.sh @@ -9,14 +9,14 @@ if [ ${OS_VERSION:-master} = "stable/2025.1" ]; then elif [ ${OS_VERSION:-master} = "stable/2024.1" ]; then # CVE fixes CVE-2024-34064,CVE-2024-56201,CVE-2024-56326,CVE-2025-27516,CVE-2024-36039,CVE-2024-42353,GHSA-h4gh-qq45-vh27, # CVE-2023-29483,CVE-2024-3651,CVE-2024-35195,CVE-2024-37891,CVE-2024-12797,CVE-2024-47081,CVE-2024-5569, - # CVE-2024-49766,CVE-2024-49767 + # CVE-2024-49766,CVE-2024-49767,CVE-2025-58068 /var/lib/openstack/bin/pip install --upgrade \ "Jinja2==3.1.6" \ "PyMySQL==1.1.1" \ "WebOb==1.8.8" \ "cryptography==44.0.1" \ "dnspython==2.6.1" \ - "eventlet==0.35.2" \ + "eventlet==0.40.3" \ "idna==3.7" \ "requests==2.32.4" \ "urllib3==1.26.20" \ diff --git a/scripts/designate-cve-patching.sh b/scripts/designate-cve-patching.sh index c2d784c..ce29002 100644 --- a/scripts/designate-cve-patching.sh +++ b/scripts/designate-cve-patching.sh @@ -9,7 +9,7 @@ if [ ${OS_VERSION:-master} = "stable/2025.1" ]; then elif [ ${OS_VERSION:-master} = "stable/2024.1" ]; then # CVE fixes CVE-2024-34064,CVE-2024-56201,CVE-2024-56326,CVE-2025-27516,CVE-2024-36039,CVE-2024-42353,GHSA-h4gh-qq45-vh27, # CVE-2023-29483,CVE-2024-3651,CVE-2024-35195,CVE-2024-37891,CVE-2024-12797,CVE-2024-47081,CVE-2024-49767,CVE-2024-34069 - # CVE-2024-49766 + # CVE-2024-4976,CVE-2025-580686 /var/lib/openstack/bin/pip install --upgrade \ "Jinja2==3.1.6" \ "PyMySQL==1.1.1" \ @@ -17,7 +17,7 @@ elif [ ${OS_VERSION:-master} = "stable/2024.1" ]; then "Werkzeug==3.0.6" \ "cryptography==44.0.1" \ "dnspython==2.6.1" \ - "eventlet==0.35.2" \ + "eventlet==0.40.3" \ "idna==3.7" \ "requests==2.32.4" \ "urllib3==1.26.20" diff --git a/scripts/glance-cve-patching.sh b/scripts/glance-cve-patching.sh index 90bdb7c..32205d7 100644 --- a/scripts/glance-cve-patching.sh +++ b/scripts/glance-cve-patching.sh @@ -9,13 +9,14 @@ if [ ${OS_VERSION:-master} = "stable/2025.1" ]; then elif [ ${OS_VERSION:-master} = "stable/2024.1" ]; then # CVE fixes CVE-2024-34064,CVE-2024-56201,CVE-2024-56326,CVE-2025-27516,CVE-2024-36039,CVE-2024-42353,GHSA-h4gh-qq45-vh27, # CVE-2023-29483,CVE-2024-3651,CVE-2024-35195,CVE-2024-4340,CVE-2024-37891,CVE-2024-5569,CVE-2024-12797,CVE-2024-47081 + # CVE-2025-58068 /var/lib/openstack/bin/pip install --upgrade \ "Jinja2==3.1.6" \ "PyMySQL>=1.1.1,<1.2" \ "WebOb==1.8.8" \ "cryptography==44.0.1" \ "dnspython>=2.6.1,<2.7" \ - "eventlet>=0.35.2,<0.36" \ + "eventlet>=0.35.2" \ "idna>=3.7,<3.8" \ "requests==2.32.4" \ "sqlparse>=0.5.0,<0.6" \ diff --git a/scripts/heat-cve-patching.sh b/scripts/heat-cve-patching.sh index a02d85e..c78bc8f 100644 --- a/scripts/heat-cve-patching.sh +++ b/scripts/heat-cve-patching.sh @@ -8,14 +8,14 @@ if [ ${OS_VERSION:-master} = "stable/2025.1" ]; then "urllib3==1.26.20" elif [ ${OS_VERSION:-master} = "stable/2024.1" ]; then # CVE fixes CVE-2024-34064,CVE-2024-56201,CVE-2024-56326,CVE-2025-27516,CVE-2024-36039,CVE-2024-42353,GHSA-h4gh-qq45-vh27, - # CVE-2023-29483,CVE-2024-3651,CVE-2024-35195,CVE-2024-37891,CVE-2024-12797,CVE-2024-47081 + # CVE-2023-29483,CVE-2024-3651,CVE-2024-35195,CVE-2024-37891,CVE-2024-12797,CVE-2024-47081,CVE-2025-58068 /var/lib/openstack/bin/pip install --upgrade \ "Jinja2==3.1.6" \ "PyMySQL==1.1.1" \ "WebOb==1.8.8" \ "cryptography==44.0.1" \ "dnspython==2.6.1" \ - "eventlet==0.35.2" \ + "eventlet==0.40.3" \ "idna==3.7" \ "requests==2.32.4" \ "urllib3==1.26.20" diff --git a/scripts/horizon-cve-patching.sh b/scripts/horizon-cve-patching.sh index 5bf5292..a7102ac 100644 --- a/scripts/horizon-cve-patching.sh +++ b/scripts/horizon-cve-patching.sh @@ -18,7 +18,7 @@ elif [ ${OS_VERSION:-master} = "stable/2024.1" ]; then "WebOb==1.8.8" \ "cryptography==44.0.1" \ "dnspython==2.6.1" \ - "eventlet==0.35.2" \ + "eventlet==0.40.3" \ "idna==3.7" \ "pymongo==4.6.3" \ "requests==2.32.4" \ diff --git a/scripts/ironic-cve-patching.sh b/scripts/ironic-cve-patching.sh index c2d784c..41ba640 100644 --- a/scripts/ironic-cve-patching.sh +++ b/scripts/ironic-cve-patching.sh @@ -9,7 +9,7 @@ if [ ${OS_VERSION:-master} = "stable/2025.1" ]; then elif [ ${OS_VERSION:-master} = "stable/2024.1" ]; then # CVE fixes CVE-2024-34064,CVE-2024-56201,CVE-2024-56326,CVE-2025-27516,CVE-2024-36039,CVE-2024-42353,GHSA-h4gh-qq45-vh27, # CVE-2023-29483,CVE-2024-3651,CVE-2024-35195,CVE-2024-37891,CVE-2024-12797,CVE-2024-47081,CVE-2024-49767,CVE-2024-34069 - # CVE-2024-49766 + # CVE-2024-49766,CVE-2025-58068 /var/lib/openstack/bin/pip install --upgrade \ "Jinja2==3.1.6" \ "PyMySQL==1.1.1" \ @@ -17,7 +17,7 @@ elif [ ${OS_VERSION:-master} = "stable/2024.1" ]; then "Werkzeug==3.0.6" \ "cryptography==44.0.1" \ "dnspython==2.6.1" \ - "eventlet==0.35.2" \ + "eventlet==0.40.3" \ "idna==3.7" \ "requests==2.32.4" \ "urllib3==1.26.20" diff --git a/scripts/keystone-cve-patching.sh b/scripts/keystone-cve-patching.sh index b3f960f..e887264 100644 --- a/scripts/keystone-cve-patching.sh +++ b/scripts/keystone-cve-patching.sh @@ -10,7 +10,7 @@ if [ ${OS_VERSION:-master} = "stable/2025.1" ]; then elif [ ${OS_VERSION:-master} = "stable/2024.1" ]; then # CVE fixes CVE-2024-34064,CVE-2024-56201,CVE-2024-56326,CVE-2025-27516,CVE-2024-36039,CVE-2024-42353,CVE-2024-34069, # CVE-2024-49766,CVE-2024-49767,GHSA-h4gh-qq45-vh27,CVE-2023-29483,CVE-2024-3651,CVE-2024-35195,CVE-2024-37891, - # CVE-2024-12797,CVE-2025-47278,CVE-2024-47081,CVE-2025-61912 + # CVE-2024-12797,CVE-2025-47278,CVE-2024-47081,CVE-2025-61912,CVE-2025-58068 /var/lib/openstack/bin/pip install --upgrade \ "Flask==3.1.1" \ "Jinja2==3.1.6" \ @@ -19,7 +19,7 @@ elif [ ${OS_VERSION:-master} = "stable/2024.1" ]; then "Werkzeug>=3.0.6,<3.2" \ "cryptography==44.0.1" \ "dnspython>=2.6.1,<2.7" \ - "eventlet>=0.35.2,<0.36" \ + "eventlet>=0.35.2" \ "idna>=3.7,<3.8" \ "requests==2.32.4" \ "urllib3==1.26.20" \ diff --git a/scripts/magnum-cve-patching.sh b/scripts/magnum-cve-patching.sh index 22ae663..3b4130c 100644 --- a/scripts/magnum-cve-patching.sh +++ b/scripts/magnum-cve-patching.sh @@ -9,14 +9,14 @@ if [ ${OS_VERSION:-master} = "stable/2025.1" ]; then elif [ ${OS_VERSION:-master} = "stable/2024.1" ]; then # CVE fixes CVE-2024-34064,CVE-2024-56201,CVE-2024-56326,CVE-2025-27516,CVE-2024-36039,CVE-2024-42353,GHSA-h4gh-qq45-vh27, # CVE-2023-29483,CVE-2024-3651,CVE-2024-35195,CVE-2024-37891,CVE-2024-12797,CVE-2024-47081,CVE-2024-5569, - # CVE-2024-49766,CVE-2024-49767 + # CVE-2024-49766,CVE-2024-49767,CVE-2025-58068 /var/lib/openstack/bin/pip install --upgrade \ "Jinja2==3.1.6" \ "PyMySQL==1.1.1" \ "WebOb==1.8.8" \ "cryptography==44.0.1" \ "dnspython==2.6.1" \ - "eventlet==0.35.2" \ + "eventlet==0.40.3" \ "idna==3.7" \ "requests==2.32.4" \ "urllib3==1.26.20" \ diff --git a/scripts/masakari-cve-patching.sh b/scripts/masakari-cve-patching.sh index 94b7939..b4a456d 100644 --- a/scripts/masakari-cve-patching.sh +++ b/scripts/masakari-cve-patching.sh @@ -6,14 +6,14 @@ if [ ${OS_VERSION:-master} = "stable/2025.1" ]; then "Jinja2==3.1.6" \ "requests==2.32.4" elif [ ${OS_VERSION:-master} = "stable/2024.1" ]; then - # CVE fixes CVE-2024-36039,CVE-2024-56326,CVE-2024-56201,CVE-2025-27516,CVE-2024-47081 + # CVE fixes CVE-2024-36039,CVE-2024-56326,CVE-2024-56201,CVE-2025-27516,CVE-2024-47081,CVE-2025-58068 /var/lib/openstack/bin/pip install --upgrade \ "Jinja2==3.1.6" \ "PyMySQL==1.1.1" \ "WebOb==1.8.8" \ "cryptography==44.0.1" \ "dnspython==2.6.1" \ - "eventlet==0.35.2" \ + "eventlet==0.40.3" \ "idna==3.7" \ "requests==2.32.4" \ "urllib3==1.26.20" diff --git a/scripts/masakari-monitors-cve-patching.sh b/scripts/masakari-monitors-cve-patching.sh index 94b7939..b4a456d 100644 --- a/scripts/masakari-monitors-cve-patching.sh +++ b/scripts/masakari-monitors-cve-patching.sh @@ -6,14 +6,14 @@ if [ ${OS_VERSION:-master} = "stable/2025.1" ]; then "Jinja2==3.1.6" \ "requests==2.32.4" elif [ ${OS_VERSION:-master} = "stable/2024.1" ]; then - # CVE fixes CVE-2024-36039,CVE-2024-56326,CVE-2024-56201,CVE-2025-27516,CVE-2024-47081 + # CVE fixes CVE-2024-36039,CVE-2024-56326,CVE-2024-56201,CVE-2025-27516,CVE-2024-47081,CVE-2025-58068 /var/lib/openstack/bin/pip install --upgrade \ "Jinja2==3.1.6" \ "PyMySQL==1.1.1" \ "WebOb==1.8.8" \ "cryptography==44.0.1" \ "dnspython==2.6.1" \ - "eventlet==0.35.2" \ + "eventlet==0.40.3" \ "idna==3.7" \ "requests==2.32.4" \ "urllib3==1.26.20" diff --git a/scripts/neutron-cve-patching.sh b/scripts/neutron-cve-patching.sh index 361d1d7..a28de33 100644 --- a/scripts/neutron-cve-patching.sh +++ b/scripts/neutron-cve-patching.sh @@ -6,14 +6,15 @@ if [ ${OS_VERSION:-master} = "stable/2025.1" ]; then "Jinja2==3.1.6" \ "requests==2.32.4" elif [ ${OS_VERSION:-master} = "stable/2024.1" ]; then - # CVE fixes CVE-2024-36039,CVE-2025-27516,CVE-2024-42353,GHSA-h4gh-qq45-vh27,CVE-2024-47081,CVE-2024-56201,CVE-2024-56326 + # CVE fixes CVE-2024-36039,CVE-2025-27516,CVE-2024-42353,GHSA-h4gh-qq45-vh27,CVE-2024-47081,CVE-2024-56201,CVE-2024-56326, + # CVE-2024-35195,CVE-2024-37891,CVE-2024-12797,CVE-2024-3651,CVE-2025-58068 /var/lib/openstack/bin/pip install --upgrade \ "Jinja2==3.1.6" \ "PyMySQL==1.1.1" \ "WebOb==1.8.8" \ "cryptography==43.0.1" \ "dnspython==2.6.1" \ - "eventlet==0.35.2" \ + "eventlet==0.40.3" \ "idna==3.7" \ "requests==2.32.4" \ "urllib3==1.26.20" diff --git a/scripts/nova-cve-patching.sh b/scripts/nova-cve-patching.sh index bbe2450..f13d91c 100644 --- a/scripts/nova-cve-patching.sh +++ b/scripts/nova-cve-patching.sh @@ -7,14 +7,14 @@ if [ ${OS_VERSION:-master} = "stable/2025.1" ]; then "requests==2.32.4" elif [ ${OS_VERSION:-master} = "stable/2024.1" ]; then # CVE fixes CVE-2024-36039,CVE-2024-34064,CVE-2025-27516,CVE-2024-42353,GHSA-h4gh-qq45-vh27,CVE-2023-29483,CVE-2024-3651,CVE-2024-35195, - #. CVE-2024-37891,CVE-2024-47081,CVE-2024-28102 + # CVE-2024-37891,CVE-2024-47081,CVE-2024-28102,CVE-2025-58068 /var/lib/openstack/bin/pip install --upgrade \ "Jinja2==3.1.6" \ "PyMySQL==1.1.1" \ "WebOb==1.8.8" \ "cryptography==43.0.1" \ "dnspython==2.6.1" \ - "eventlet==0.35.2" \ + "eventlet==0.40.3" \ "idna==3.7" \ "jwcrypto==1.5.6" \ "requests==2.32.4" \ diff --git a/scripts/octavia-cve-patching.sh b/scripts/octavia-cve-patching.sh index 2d66162..6f23223 100644 --- a/scripts/octavia-cve-patching.sh +++ b/scripts/octavia-cve-patching.sh @@ -9,7 +9,7 @@ if [ ${OS_VERSION:-master} = "stable/2025.1" ]; then elif [ ${OS_VERSION:-master} = "stable/2024.1" ]; then # CVE fixes CVE-2024-36039,CVE-2024-6827,CVE-2024-1135,CVE-2024-49767,CVE-2024-34069,CVE-2024-56326,CVE-2024-56326,CVE-2024-56201 # CVE-2024-35195,CVE-2024-37891,CVE-2024-3651,CVE-2023-29483,CVE-2024-49766,CVE-2024-42353,CVE-2025-27516,CVE-2024-34064 - # CVE-2024-12797,CVE-2024-47081 + # CVE-2024-12797,CVE-2024-47081,CVE-2025-58068 /var/lib/openstack/bin/pip install --upgrade \ "Jinja2==3.1.6" \ "PyMySQL==1.1.1" \ @@ -17,7 +17,7 @@ elif [ ${OS_VERSION:-master} = "stable/2024.1" ]; then "Werkzeug==3.0.6" \ "cryptography==44.0.1" \ "dnspython==2.6.1" \ - "eventlet==0.35.2" \ + "eventlet==0.40.3" \ "gunicorn==23.0.0" \ "idna==3.7" \ "pyopenssl==24.3.0" \ diff --git a/scripts/placement-cve-patching.sh b/scripts/placement-cve-patching.sh index 87f723c..0e46625 100644 --- a/scripts/placement-cve-patching.sh +++ b/scripts/placement-cve-patching.sh @@ -7,14 +7,14 @@ if [ ${OS_VERSION:-master} = "stable/2025.1" ]; then "requests==2.32.4" elif [ ${OS_VERSION:-master} = "stable/2024.1" ]; then # CVE fixes CVE-2024-36039,CVE-2025-27516,CVE-2024-42353,GHSA-h4gh-qq45-vh27,CVE-2024-47081,CVE-2024-56201,CVE-2024-56326, - # CVE-2024-37891,CVE-2024-35195,CVE-2024-3651,CVE-2024-34064 + # CVE-2024-37891,CVE-2024-35195,CVE-2024-3651,CVE-2024-34064,CVE-2025-58068 /var/lib/openstack/bin/pip install --upgrade \ "Jinja2==3.1.6" \ "PyMySQL==1.1.1" \ "WebOb==1.8.8" \ "cryptography==43.0.1" \ "dnspython==2.6.1" \ - "eventlet==0.35.2" \ + "eventlet==0.40.3" \ "idna==3.7" \ "requests==2.32.4" \ "urllib3==1.26.20" From d20e806594f72e0ce6d4057c4bea2eec95623b31 Mon Sep 17 00:00:00 2001 From: Kevin Carter Date: Wed, 15 Oct 2025 18:44:47 -0500 Subject: [PATCH 02/15] chore: patch base packages that must be done Signed-off-by: Kevin Carter --- scripts/barbican-cve-patching.sh | 11 +++++++---- scripts/blazar-cve-patching.sh | 22 ++++++++++++++++++++-- 2 files changed, 27 insertions(+), 6 deletions(-) diff --git a/scripts/barbican-cve-patching.sh b/scripts/barbican-cve-patching.sh index 41f95c9..ecef45f 100644 --- a/scripts/barbican-cve-patching.sh +++ b/scripts/barbican-cve-patching.sh @@ -1,21 +1,24 @@ #!/usr/bin/env bash if [ ${OS_VERSION:-master} = "stable/2025.1" ]; then - # CVE fixes CVE-2025-27516,CVE-2024-47081 + # CVE fixes CVE-2025-27516,CVE-2024-47081,CVE-2025-58068 /var/lib/openstack/bin/pip install --upgrade \ "Jinja2==3.1.6" \ + "eventlet==0.40.3" \ "requests==2.32.4" elif [ ${OS_VERSION:-master} = "stable/2024.1" ]; then # CVE fixes CVE-2024-36039,CVE-2024-56326,CVE-2024-56201,CVE-2024-47081,CVE-2024-37891,CVE-2024-35195,CVE-2025-27516,CVE-2024-42353 - # GHSA-h4gh-qq45-vh27,CVE-2023-29483,CVE-2024-3651,CVE-2024-34064 + # GHSA-h4gh-qq45-vh27,CVE-2023-29483,CVE-2024-3651,CVE-2024-34064,CVE-2025-58068 /var/lib/openstack/bin/pip install --upgrade \ "Jinja2==3.1.6" \ "PyMySQL==1.1.1" \ "WebOb==1.8.8" \ + "Werkzeug==3.0.6" \ "cryptography==44.0.1" \ "dnspython==2.6.1" \ - "eventlet==0.35.2" \ + "eventlet==0.40.3" \ "idna==3.7" \ "requests==2.32.4" \ - "urllib3==1.26.20" + "urllib3==1.26.20" \ + "zipp==3.19.1" fi diff --git a/scripts/blazar-cve-patching.sh b/scripts/blazar-cve-patching.sh index fc5bdf7..86fd28d 100644 --- a/scripts/blazar-cve-patching.sh +++ b/scripts/blazar-cve-patching.sh @@ -1,7 +1,25 @@ #!/usr/bin/env bash if [ ${OS_VERSION:-master} = "stable/2025.1" ]; then - echo "No CVE patches available for stable/2025.1" + # CVE fixes CVE-2025-27516,CVE-2024-47081 + /var/lib/openstack/bin/pip install --upgrade \ + "Jinja2==3.1.6" \ + "eventlet==0.40.3" \ + "requests==2.32.4" \ + "urllib3==1.26.20" elif [ ${OS_VERSION:-master} = "stable/2024.1" ]; then - echo "No CVE patches available for stable/2024.1" + # CVE fixes CVE-2024-34064,CVE-2024-56201,CVE-2024-56326,CVE-2025-27516,CVE-2024-36039,CVE-2024-42353,GHSA-h4gh-qq45-vh27, + # CVE-2023-29483,CVE-2024-3651,CVE-2024-35195,CVE-2024-37891,CVE-2024-12797,CVE-2024-47081 + /var/lib/openstack/bin/pip install --upgrade \ + "Jinja2==3.1.6" \ + "PyMySQL==1.1.1" \ + "WebOb==1.8.8" \ + "Werkzeug==3.0.6" \ + "cryptography==44.0.1" \ + "dnspython==2.6.1" \ + "eventlet==0.40.3" \ + "idna==3.7" \ + "requests==2.32.4" \ + "urllib3==1.26.20" \ + "zipp==3.19.1" fi From 039370f1e08e50077511724bf17e7781bc67a1ed Mon Sep 17 00:00:00 2001 From: Chris Breu Date: Wed, 15 Oct 2025 19:24:17 -0500 Subject: [PATCH 03/15] Update eventlet version to 0.40.3 --- scripts/glance-cve-patching.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/glance-cve-patching.sh b/scripts/glance-cve-patching.sh index 32205d7..4b8f4ab 100644 --- a/scripts/glance-cve-patching.sh +++ b/scripts/glance-cve-patching.sh @@ -16,7 +16,7 @@ elif [ ${OS_VERSION:-master} = "stable/2024.1" ]; then "WebOb==1.8.8" \ "cryptography==44.0.1" \ "dnspython>=2.6.1,<2.7" \ - "eventlet>=0.35.2" \ + "eventlet==0.40.3" \ "idna>=3.7,<3.8" \ "requests==2.32.4" \ "sqlparse>=0.5.0,<0.6" \ From ffef14f84f5fef35932197cfa1fb7ee7d4a1bc18 Mon Sep 17 00:00:00 2001 From: Gaurav Tomar Date: Wed, 15 Oct 2025 16:21:10 +0530 Subject: [PATCH 04/15] fix: Private key issue with autobahn package It removes autobahn entries from container file and cve-patching script. Also it skip file path which were giving false positive to cve scanner about private key. The autobahn package contains private key for demonstration purpose within code comment of cryptosign.py module. Signed-off-by: Gaurav Tomar --- .github/workflows/container-build-zaqar.yaml | 2 ++ ContainerFiles/zaqar | 3 +-- scripts/zaqar-cve-patching.sh | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/container-build-zaqar.yaml b/.github/workflows/container-build-zaqar.yaml index 1276321..3612761 100644 --- a/.github/workflows/container-build-zaqar.yaml +++ b/.github/workflows/container-build-zaqar.yaml @@ -113,6 +113,7 @@ jobs: output: 'trivy-results.sarif' ignore-unfixed: true severity: 'CRITICAL,HIGH' + skip-files: '**/autobahn/wamp/cryptosign.py' - name: Upload Trivy scan results to GitHub Security tab continue-on-error: true if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} @@ -128,6 +129,7 @@ jobs: output: trivy.txt ignore-unfixed: true severity: 'CRITICAL,HIGH' + skip-files: '**/autobahn/wamp/cryptosign.py' - name: Create trivy output file in markdown format if: ${{ github.event_name == 'pull_request' }} run: | diff --git a/ContainerFiles/zaqar b/ContainerFiles/zaqar index 4c7a872..741f824 100644 --- a/ContainerFiles/zaqar +++ b/ContainerFiles/zaqar @@ -37,8 +37,7 @@ RUN /var/lib/openstack/bin/pip install --constraint https://opendev.org/openstac PyMySQL \ python-memcached \ uwsgi \ - redis \ - 'autobahn[encryption]' + redis COPY scripts/zaqar-cve-patching.sh /opt/ RUN bash /opt/zaqar-cve-patching.sh diff --git a/scripts/zaqar-cve-patching.sh b/scripts/zaqar-cve-patching.sh index f935cb9..298739b 100644 --- a/scripts/zaqar-cve-patching.sh +++ b/scripts/zaqar-cve-patching.sh @@ -5,5 +5,5 @@ if [ ${OS_VERSION:-master} = "stable/2025.1" ]; then "jinja2==3.1.6" \ "requests==2.32.4" \ "eventlet==0.40.3" \ - "autobahn[encryption]" + "cryptography==44.0.1" fi From efe0d3a54d58dae18520450317cde1ad3848a77c Mon Sep 17 00:00:00 2001 From: Anand Nande Date: Fri, 17 Oct 2025 12:10:55 +0530 Subject: [PATCH 05/15] Update image with 2025.1 and fix cve dependencies Signed-off-by: Anand Nande --- .github/workflows/container-build-freezer.yaml | 6 +++--- scripts/freezer-cve-patching.sh | 11 +++++++---- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/.github/workflows/container-build-freezer.yaml b/.github/workflows/container-build-freezer.yaml index a8cb717..848c4fb 100644 --- a/.github/workflows/container-build-freezer.yaml +++ b/.github/workflows/container-build-freezer.yaml @@ -26,7 +26,7 @@ on: type: choice options: - master - - stable/2025.2 + - stable/2025.1 project-version: description: 'Version of OpenStack freezer to build, defaults to openstack-constraints if unspecified' required: false @@ -37,7 +37,7 @@ env: IMAGE_NAME: ${{ github.repository }}/freezer project_version: ${{ github.event.inputs.project-version }} openstack_constraints: > - ["stable/2025.2"] + ["stable/2025.1"] jobs: init: @@ -157,4 +157,4 @@ jobs: build-args: | OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} - CACHEBUST=${{ github.sha }} \ No newline at end of file + CACHEBUST=${{ github.sha }} diff --git a/scripts/freezer-cve-patching.sh b/scripts/freezer-cve-patching.sh index 2151bba..02ec17c 100644 --- a/scripts/freezer-cve-patching.sh +++ b/scripts/freezer-cve-patching.sh @@ -1,7 +1,10 @@ #!/usr/bin/env bash -if [ ${OS_VERSION:-master} = "stable/2025.2" ]; then - # CVE fixes CVE-2025-50181 +if [ ${OS_VERSION:-master} = "stable/2025.1" ]; then + # CVE fixes CVE-2025-50181,CVE-2025-27516,CVE-2024-47081 /var/lib/openstack/bin/pip install --upgrade \ - "urllib3==2.5.0" -fi \ No newline at end of file + "Jinja2==3.1.6" \ + "eventlet==0.40.3" \ + "requests==2.32.4" \ + "urllib3==1.26.20" +fi From 730c73dc50928f8fd8f9d20429e5bbc3c3f0d094 Mon Sep 17 00:00:00 2001 From: Chris Breu Date: Wed, 22 Oct 2025 14:30:04 -0500 Subject: [PATCH 06/15] Install curl in alert-proxy Dockerfile Added curl installation to alert-proxy Dockerfile. --- ContainerFiles/alert-proxy | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ContainerFiles/alert-proxy b/ContainerFiles/alert-proxy index 1547044..026a329 100644 --- a/ContainerFiles/alert-proxy +++ b/ContainerFiles/alert-proxy @@ -12,7 +12,8 @@ RUN export DEBIAN_FRONTEND=noninteractive \ && apt-get update && apt-get upgrade -y \ && apt-get install --no-install-recommends -y \ build-essential \ - git + git \ + curl RUN git clone https://github.com/rackerlabs/alert-proxy.git /opt/alert-proxy RUN /var/lib/openstack/bin/pip install -r /opt/alert-proxy/requirements.txt From 77c8e659f0a0f0e8bdcae6a6d66df21400372dc8 Mon Sep 17 00:00:00 2001 From: Chris Breu Date: Wed, 22 Oct 2025 14:32:08 -0500 Subject: [PATCH 07/15] Remove curl from alert-proxy installation Removed 'curl' from the installation list in the Dockerfile. --- ContainerFiles/alert-proxy | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ContainerFiles/alert-proxy b/ContainerFiles/alert-proxy index 026a329..1547044 100644 --- a/ContainerFiles/alert-proxy +++ b/ContainerFiles/alert-proxy @@ -12,8 +12,7 @@ RUN export DEBIAN_FRONTEND=noninteractive \ && apt-get update && apt-get upgrade -y \ && apt-get install --no-install-recommends -y \ build-essential \ - git \ - curl + git RUN git clone https://github.com/rackerlabs/alert-proxy.git /opt/alert-proxy RUN /var/lib/openstack/bin/pip install -r /opt/alert-proxy/requirements.txt From 1856e79f35c3f7f8d477cf5e6044abf00ad1100c Mon Sep 17 00:00:00 2001 From: Chris Breu Date: Fri, 24 Oct 2025 13:27:03 -0500 Subject: [PATCH 08/15] feat: add qemu-block-extra package nova-efi container --- .../workflows/container-build-nova-ceph.yaml | 180 ++++++++++++++++++ ContainerFiles/nova-ceph | 76 ++++++++ scripts/nova-ceph-cve-patching.sh | 22 +++ 3 files changed, 278 insertions(+) create mode 100644 .github/workflows/container-build-nova-ceph.yaml create mode 100644 ContainerFiles/nova-ceph create mode 100644 scripts/nova-ceph-cve-patching.sh diff --git a/.github/workflows/container-build-nova-ceph.yaml b/.github/workflows/container-build-nova-ceph.yaml new file mode 100644 index 0000000..659d588 --- /dev/null +++ b/.github/workflows/container-build-nova-ceph.yaml @@ -0,0 +1,180 @@ +--- +name: Create and publish a nova-ceph image + +permissions: + actions: read + contents: read + id-token: write + packages: write + pull-requests: write + security-events: write + +on: + pull_request: + paths: + - .github/workflows/container-build-nova-ceph.yaml + - ContainerFiles/nova-ceph + - scripts/nova-ceph-cve-patching.sh + schedule: + - cron: '0 0 * * 0' # Run Weekly at midnight UTC + workflow_dispatch: + inputs: + openstack-constraints: + description: 'Version of OpenStack Constraints to use' + required: true + default: "master" + type: choice + options: + - master + - stable/2024.1 + - stable/2025.1 + novnc-version: + description: 'Version of novnc to use' + required: true + default: " v1.6.0" + type: choice + options: + - "master" + - "v1.6.0" + project-version: + description: 'Version of OpenStack nova-ceph to build, defaults to openstack-constraints if unspecified' + required: false + type: string + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }}/nova-ceph + project_version: ${{ github.event.inputs.project-version }} + # NOTE(cloudnull): This is used to parse the workflow_dispatch inputs, sadly the inputs are not available in the + # workflow_dispatch event, so they're being stored in the environment variables. This is a + # workaround until there's a better way to handle this. + openstack_constraints: > + ["stable/2024.1", "stable/2025.1"] + novnc_version: > + ["v1.6.0"] + +jobs: + init: + runs-on: ubuntu-latest + outputs: + openstack-constraints: ${{ steps.generate-matrix.outputs.openstack_constraints }} + novnc-version: ${{ steps.generate-matrix.outputs.novnc_version }} + steps: + - name: generate-matrix + id: generate-matrix + run: | + if [ "${{ github.event_name == 'workflow_dispatch' }}" = "true" ]; then + openstack_constraints="$(echo '${{ github.event.inputs.openstack-constraints }}' | jq -R '[select(length>0)]' | jq -c '.')" + novnc_version="$(echo '${{ github.event.inputs.novnc-version }}' | jq -R '[select(length>0)]' | jq -c '.')" + fi + echo "openstack_constraints=${openstack_constraints:-${{ env.openstack_constraints }}}" >> $GITHUB_OUTPUT + echo "novnc_version=${novnc_version:-${{ env.novnc_version }}}" >> $GITHUB_OUTPUT + build-and-push-image: + needs: + - init + strategy: + matrix: + openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints)}} + novnc-version: ${{ fromJSON(needs.init.outputs.novnc-version) }} + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Dynamically set MY_DATE environment variable + run: echo "MY_DATE=$(date +%s)" >> $GITHUB_ENV + - name: Dynamically set OS_VERSION_PARSE environment variable + run: | + VERSION=$(echo -n "${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }}" | awk -F'/' '{($2=="" ? x=$1 : x=$2); print x}') + echo "OS_VERSION_PARSE=${VERSION}" >> $GITHUB_ENV + NAME=$(echo -n "${{ env.IMAGE_NAME }}" | awk -F'/' '{print $NF}') + echo "CATEGORY_NAME=${VERSION}-${NAME}" >> $GITHUB_ENV + - name: Log in to the Container registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + - name: Build and push Docker image + uses: docker/build-push-action@v6 + with: + context: . + file: ContainerFiles/nova-ceph + push: false + load: true + cache-from: type=gha + cache-to: type=gha,mode=max + tags: | + ${{ env.IMAGE_NAME }}:local + labels: ${{ steps.meta.outputs.labels }} + build-args: | + OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} + OS_CONSTRAINTS=${{ matrix.openstack-constraints }} + NOVNC_VERSION=${{ matrix.novnc-version }} + CACHEBUST=${{ github.sha }} + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@0.28.0 + if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} + with: + image-ref: '${{ env.IMAGE_NAME }}:local' + format: 'sarif' + output: 'trivy-results.sarif' + ignore-unfixed: true + severity: 'CRITICAL,HIGH' + - name: Upload Trivy scan results to GitHub Security tab + continue-on-error: true + if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: 'trivy-results.sarif' + category: "${{ env.CATEGORY_NAME }}" + - name: Run Trivy scanner + uses: aquasecurity/trivy-action@0.28.0 + if: ${{ github.event_name == 'pull_request' }} + with: + image-ref: '${{ env.IMAGE_NAME }}:local' + output: trivy.txt + ignore-unfixed: true + severity: 'CRITICAL,HIGH' + - name: Create trivy output file in markdown format + if: ${{ github.event_name == 'pull_request' }} + run: | + if [[ -s trivy.txt ]]; then + echo "### Security Output" > trivy-output.txt + echo '```terraform' >> trivy-output.txt + cat trivy.txt >> trivy-output.txt + echo '```' >> trivy-output.txt + fi + - name: Publish Trivy Output to Summary + if: ${{ github.event_name == 'pull_request' }} + run: | + if [[ -s trivy-output.txt ]]; then + { + cat trivy-output.txt + } >> $GITHUB_STEP_SUMMARY + fi + - name: Build and push Docker image + uses: docker/build-push-action@v6 + with: + context: . + file: ContainerFiles/nova-ceph + push: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} + cache-from: type=gha + cache-to: type=gha,mode=max + tags: | + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.OS_VERSION_PARSE }}-latest + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.OS_VERSION_PARSE }}-${{ env.MY_DATE }} + labels: ${{ steps.meta.outputs.labels }} + build-args: | + OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} + OS_CONSTRAINTS=${{ matrix.openstack-constraints }} + NOVNC_VERSION=${{ matrix.novnc-version }} + CACHEBUST=${{ github.sha }} diff --git a/ContainerFiles/nova-ceph b/ContainerFiles/nova-ceph new file mode 100644 index 0000000..2a784f2 --- /dev/null +++ b/ContainerFiles/nova-ceph @@ -0,0 +1,76 @@ +# syntax = docker/dockerfile:1 +# This Dockerfile uses multi-stage build to customize DEV and PROD images: +# https://docs.docker.com/develop/develop-images/multistage-build/ + +ARG VENV_TAG=3.12-latest + +FROM quay.io/rackspace/rackerlabs-nova-efi:2024.1-ubuntu_jammy-1737928811 AS dependency_build +ARG CACHEBUST=0 +ARG OS_VERSION=master +ARG OS_CONSTRAINTS=master +RUN export DEBIAN_FRONTEND=noninteractive \ + && apt-get update && apt-get upgrade -y \ + && apt-get install --no-install-recommends -y \ + build-essential + +COPY scripts/nova-ceph-cve-patching.sh /opt/ +RUN bash /opt/nova-ceph-cve-patching.sh + +RUN find / -name '*.pyc' -delete \ + && find / -name '*.pyo' -delete \ + && find / -name '__pycache__' -delete \ + && find / -name '*.whl' -delete \ + && rm -f /var/lib/openstack/lib/python*/site-packages/slapdtest/certs/client.key \ + && rm -f /var/lib/openstack/lib/python*/site-packages/slapdtest/certs/server.key + +FROM python:3.12-slim-bookworm +LABEL maintainer="Rackspace" +LABEL vendor="Rackspace OpenStack Team" +LABEL org.opencontainers.image.name="nova-ceph" +LABEL org.opencontainers.image.description="Nova container with ceph built for the enterprise." +COPY --from=dependency_build /var/lib/openstack /var/lib/openstack +RUN export DEBIAN_FRONTEND=noninteractive \ + && apt-get update && apt-get upgrade -y \ + && apt-get install --no-install-recommends -y dosfstools \ + cryptsetup \ + genisoimage \ + gir1.2-libosinfo-1.0 \ + iptables \ + kpartx \ + ksmtuned \ + libgirepository-1.0-1 \ + libguestfs0 \ + libosinfo-bin \ + libxml2 \ + multipath-tools \ + netcat-openbsd \ + nfs-common \ + nvme-cli \ + lsscsi \ + open-iscsi \ + ovmf \ + sysfsutils \ + sudo \ + ssh \ + qemu-block-extra \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + && apt-get clean -y \ + && rm -rf /var/lib/apt/lists/* \ + && rm -rf /etc/ssh/ssh_host_*_key \ + && find / -name '*.pyc' -delete \ + && find / -name '*.pyo' -delete \ + && find / -name '__pycache__' -delete \ + && groupadd --system --gid 42424 nova \ + && useradd --system --gid 42424 --uid 42424 --shell /bin/bash --create-home --home /var/lib/nova nova \ + && mkdir -p /var/lib/openstack/etc/nova \ + && ln -s /var/lib/openstack/etc/nova /etc/nova \ + && chown nova:nova -h /etc/nova \ + && chown -R nova:nova /var/lib/openstack/etc/nova +# Set the environment variables for the nova venv +ENV PATH="/var/lib/openstack/bin:$PATH" +# Set the working directory +WORKDIR /var/lib/openstack +# Set the user and group to match the original build +USER 42424:42424 +# Set the entrypoint to the nova-manage command +ENTRYPOINT ["/var/lib/openstack/bin/nova-manage"] diff --git a/scripts/nova-ceph-cve-patching.sh b/scripts/nova-ceph-cve-patching.sh new file mode 100644 index 0000000..fe9cf9f --- /dev/null +++ b/scripts/nova-ceph-cve-patching.sh @@ -0,0 +1,22 @@ +#!/usr/bin/env bash + +#if [ ${OS_VERSION:-master} = "stable/2025.1" ]; then + # CVE fixes CVE-2025-27516,CVE-2024-47081 +# /var/lib/openstack/bin/pip install --upgrade \ +# "Jinja2==3.1.6" \ +# "requests==2.32.4" +#elif [ ${OS_VERSION:-master} = "stable/2024.1" ]; then + # CVE fixes CVE-2024-36039,CVE-2024-34064,CVE-2025-27516,CVE-2024-42353,GHSA-h4gh-qq45-vh27,CVE-2023-29483,CVE-2024-3651,CVE-2024-35195, + # CVE-2024-37891,CVE-2024-47081,CVE-2024-28102,CVE-2025-58068 +# /var/lib/openstack/bin/pip install --upgrade \ +# "Jinja2==3.1.6" \ +# "PyMySQL==1.1.1" \ +# "WebOb==1.8.8" \ +# "cryptography==43.0.1" \ +# "dnspython==2.6.1" \ +# "eventlet==0.40.3" \ +# "idna==3.7" \ +# "jwcrypto==1.5.6" \ +# "requests==2.32.4" \ +# "urllib3==1.26.20" +#fi From 2eb278b45098b4d6def1a92ebb43b66f1abc7119 Mon Sep 17 00:00:00 2001 From: Kevin Carter Date: Fri, 24 Oct 2025 13:22:07 -0500 Subject: [PATCH 09/15] chore: upgrade to trixie Signed-off-by: Kevin Carter --- ContainerFiles/alert-proxy | 2 +- ContainerFiles/apache | 2 +- ContainerFiles/barbican | 2 +- ContainerFiles/blazar | 2 +- ContainerFiles/cinder | 4 ++-- ContainerFiles/cloudkitty | 2 +- ContainerFiles/designate | 2 +- ContainerFiles/freezer | 2 +- ContainerFiles/glance | 2 +- ContainerFiles/heat | 4 ++-- ContainerFiles/ironic-api | 2 +- ContainerFiles/ironic-conductor | 2 +- ContainerFiles/ironic-inspector | 2 +- ContainerFiles/ironic-pxe | 2 +- ContainerFiles/kube-ovn | 2 +- ContainerFiles/kubectl | 2 +- ContainerFiles/kubernetes-entrypoint | 2 +- ContainerFiles/libguestfs | 2 +- ContainerFiles/magnum | 2 +- ContainerFiles/manila | 2 +- ContainerFiles/masakari | 2 +- ContainerFiles/masakari-monitors | 2 +- ContainerFiles/octavia | 2 +- ContainerFiles/openstack-client | 8 ++++---- ContainerFiles/openstack-exporter | 2 +- ContainerFiles/openstack-venv | 2 +- ContainerFiles/ovs | 2 +- ContainerFiles/placement | 2 +- ContainerFiles/skyline | 2 +- ContainerFiles/zaqar | 2 +- docs/containers/openstack-venv.md | 4 ++-- 31 files changed, 37 insertions(+), 37 deletions(-) diff --git a/ContainerFiles/alert-proxy b/ContainerFiles/alert-proxy index 1547044..b768e86 100644 --- a/ContainerFiles/alert-proxy +++ b/ContainerFiles/alert-proxy @@ -26,7 +26,7 @@ RUN find / -name '*.pyc' -delete \ && rm -f /var/lib/openstack/lib/python*/site-packages/slapdtest/certs/client.key \ && rm -f /var/lib/openstack/lib/python*/site-packages/slapdtest/certs/server.key -FROM python:3.12-slim-bookworm +FROM python:3.12-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="alert-proxy" diff --git a/ContainerFiles/apache b/ContainerFiles/apache index ed8fc56..0c0248d 100644 --- a/ContainerFiles/apache +++ b/ContainerFiles/apache @@ -39,7 +39,7 @@ RUN find / -name '*.pyc' -delete \ && rm -f /var/lib/openstack/lib/python*/site-packages/slapdtest/certs/server.key -FROM python:3.12-slim-bookworm +FROM python:3.12-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="Apache2 with mod_wsgi ${MOD_WSGI_VERSION}" diff --git a/ContainerFiles/barbican b/ContainerFiles/barbican index b9094e2..d024bda 100644 --- a/ContainerFiles/barbican +++ b/ContainerFiles/barbican @@ -52,7 +52,7 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-bookworm +FROM python:3.12-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="barbican" diff --git a/ContainerFiles/blazar b/ContainerFiles/blazar index ab724a8..f191281 100644 --- a/ContainerFiles/blazar +++ b/ContainerFiles/blazar @@ -51,7 +51,7 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-bookworm +FROM python:3.12-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="blazar" diff --git a/ContainerFiles/cinder b/ContainerFiles/cinder index 97fcb6c..c826fd4 100644 --- a/ContainerFiles/cinder +++ b/ContainerFiles/cinder @@ -55,7 +55,7 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-bookworm +FROM python:3.12-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="cinder" @@ -63,7 +63,7 @@ LABEL org.opencontainers.image.description="OpenStack Service (cinder) built for COPY --from=dependency_build /var/lib/openstack /var/lib/openstack RUN export DEBIAN_FRONTEND=noninteractive \ && apt-get update && apt-get upgrade -y \ - && apt-get install --no-install-recommends -y libxml2 multipath-tools open-iscsi qemu-block-extra qemu-utils systemctl lsscsi nvme-cli sudo nfs-common \ + && apt-get install --no-install-recommends -y libxml2 multipath-tools open-iscsi qemu-block-extra qemu-utils systemd lsscsi nvme-cli sudo nfs-common \ && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ && apt-get clean -y \ && rm -rf /var/lib/apt/lists/* \ diff --git a/ContainerFiles/cloudkitty b/ContainerFiles/cloudkitty index 12c5dcc..992ec52 100644 --- a/ContainerFiles/cloudkitty +++ b/ContainerFiles/cloudkitty @@ -49,7 +49,7 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-bookworm +FROM python:3.12-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="cloudkitty" diff --git a/ContainerFiles/designate b/ContainerFiles/designate index a4929f6..7102fc9 100644 --- a/ContainerFiles/designate +++ b/ContainerFiles/designate @@ -49,7 +49,7 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-bookworm +FROM python:3.12-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="designate" diff --git a/ContainerFiles/freezer b/ContainerFiles/freezer index 6cf98e0..41ab12d 100644 --- a/ContainerFiles/freezer +++ b/ContainerFiles/freezer @@ -51,7 +51,7 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-bookworm +FROM python:3.12-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="freezer" diff --git a/ContainerFiles/glance b/ContainerFiles/glance index 756ef92..6448a4e 100644 --- a/ContainerFiles/glance +++ b/ContainerFiles/glance @@ -55,7 +55,7 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-bookworm +FROM python:3.12-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="glance" diff --git a/ContainerFiles/heat b/ContainerFiles/heat index 5e28cf8..5957ec8 100644 --- a/ContainerFiles/heat +++ b/ContainerFiles/heat @@ -50,7 +50,7 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-bookworm +FROM python:3.12-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="heat" @@ -61,7 +61,7 @@ RUN export DEBIAN_FRONTEND=noninteractive \ && apt-get install --no-install-recommends -y curl \ libxml2 \ libxslt1.1 \ - libopenmpi3 \ + libopenmpi40 \ && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ && apt-get clean -y \ && rm -rf /var/lib/apt/lists/* \ diff --git a/ContainerFiles/ironic-api b/ContainerFiles/ironic-api index 383c8d5..e95512d 100644 --- a/ContainerFiles/ironic-api +++ b/ContainerFiles/ironic-api @@ -49,7 +49,7 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-bookworm +FROM python:3.12-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="ironic-api" diff --git a/ContainerFiles/ironic-conductor b/ContainerFiles/ironic-conductor index c5baa5e..d2a1548 100644 --- a/ContainerFiles/ironic-conductor +++ b/ContainerFiles/ironic-conductor @@ -50,7 +50,7 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-bookworm +FROM python:3.12-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="ironic-conductor" diff --git a/ContainerFiles/ironic-inspector b/ContainerFiles/ironic-inspector index a87903b..f0ab7ed 100644 --- a/ContainerFiles/ironic-inspector +++ b/ContainerFiles/ironic-inspector @@ -49,7 +49,7 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-bookworm +FROM python:3.12-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="ironic-inspector" diff --git a/ContainerFiles/ironic-pxe b/ContainerFiles/ironic-pxe index 5b5d781..b78e9f0 100644 --- a/ContainerFiles/ironic-pxe +++ b/ContainerFiles/ironic-pxe @@ -49,7 +49,7 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-bookworm +FROM python:3.12-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="ironic-pxe" diff --git a/ContainerFiles/kube-ovn b/ContainerFiles/kube-ovn index 5795d4e..59ecb75 100644 --- a/ContainerFiles/kube-ovn +++ b/ContainerFiles/kube-ovn @@ -3,7 +3,7 @@ # https://docs.docker.com/develop/develop-images/multistage-build/ ARG KUBE_OVN_VERSION=v1.14.4 -FROM golang:1.25-bookworm AS dependency_build +FROM golang:1.25-trixie AS dependency_build ARG KUBE_OVN_VERSION_ENV=v1.14.4 ARG CACHEBUST=0 RUN export DEBIAN_FRONTEND=noninteractive \ diff --git a/ContainerFiles/kubectl b/ContainerFiles/kubectl index 97681c4..0deb985 100644 --- a/ContainerFiles/kubectl +++ b/ContainerFiles/kubectl @@ -1,5 +1,5 @@ # Simple, reliable kubectl container for Velero operations -FROM debian:bookworm-slim +FROM debian:trixie-slim # Set kubectl version ARG KUBECTL_VERSION=v1.34.1 ARG TARGETARCH=amd64 diff --git a/ContainerFiles/kubernetes-entrypoint b/ContainerFiles/kubernetes-entrypoint index 5fc9ed1..b6f93d8 100644 --- a/ContainerFiles/kubernetes-entrypoint +++ b/ContainerFiles/kubernetes-entrypoint @@ -2,7 +2,7 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -FROM golang:1.24-bookworm AS dependency_build +FROM golang:1.24-trixie AS dependency_build RUN export DEBIAN_FRONTEND=noninteractive \ && apt-get update && apt-get upgrade -y \ && apt-get install --no-install-recommends -y \ diff --git a/ContainerFiles/libguestfs b/ContainerFiles/libguestfs index 63a0f24..bf8988f 100644 --- a/ContainerFiles/libguestfs +++ b/ContainerFiles/libguestfs @@ -97,7 +97,7 @@ RUN PROC="$([ nproc > 4 ] && echo 4 || nproc)" make -j $PROC RUN make INSTALLDIRS=vendor REALLY_INSTALL=yes install -FROM python:3.12-slim-bookworm +FROM python:3.12-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="libguestfs" diff --git a/ContainerFiles/magnum b/ContainerFiles/magnum index 2475a41..080518a 100644 --- a/ContainerFiles/magnum +++ b/ContainerFiles/magnum @@ -51,7 +51,7 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-bookworm +FROM python:3.12-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="magnum" diff --git a/ContainerFiles/manila b/ContainerFiles/manila index f7127fa..49a749e 100644 --- a/ContainerFiles/manila +++ b/ContainerFiles/manila @@ -51,7 +51,7 @@ RUN find / -name '*.pyc' -delete \ && rm -f /var/lib/openstack/lib/python*/site-packages/slapdtest/certs/server.key \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-bookworm +FROM python:3.12-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="manila" diff --git a/ContainerFiles/masakari b/ContainerFiles/masakari index c20a796..ba846a3 100644 --- a/ContainerFiles/masakari +++ b/ContainerFiles/masakari @@ -49,7 +49,7 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-bookworm +FROM python:3.12-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="masakari" diff --git a/ContainerFiles/masakari-monitors b/ContainerFiles/masakari-monitors index 9531e22..8431e19 100644 --- a/ContainerFiles/masakari-monitors +++ b/ContainerFiles/masakari-monitors @@ -49,7 +49,7 @@ RUN find / -name '*.pyc' -delete \ && rm -f /var/lib/openstack/lib/python*/site-packages/slapdtest/certs/server.key \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-bookworm +FROM python:3.12-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="masakari-monitors" diff --git a/ContainerFiles/octavia b/ContainerFiles/octavia index fe7ecd0..4e26f72 100644 --- a/ContainerFiles/octavia +++ b/ContainerFiles/octavia @@ -55,7 +55,7 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-bookworm +FROM python:3.12-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="octavia" diff --git a/ContainerFiles/openstack-client b/ContainerFiles/openstack-client index c2dce59..588cd9a 100644 --- a/ContainerFiles/openstack-client +++ b/ContainerFiles/openstack-client @@ -17,7 +17,7 @@ RUN export DEBIAN_FRONTEND=noninteractive \ git \ libffi-dev \ pkg-config \ - ssl-cert + ssl-cert # package list pulled from here: https://opendev.org/openstack/heat/src/branch/master/requirements.txt RUN /var/lib/openstack/bin/pip install --constraint https://opendev.org/openstack/requirements/raw/branch/${OS_CONSTRAINTS}/upper-constraints.txt \ pbr \ @@ -28,7 +28,7 @@ RUN /var/lib/openstack/bin/pip install --constraint https://opendev.org/openstac keystoneauth1 \ keystonemiddleware \ lxml> \ - netaddr \ + netaddr \ neutron-lib \ openstacksdk \ oslo.cache\ @@ -94,7 +94,7 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python3.12/site-packages/PyJWT-2.10.1.dist-info/METADATA -FROM python:3.12-slim-bookworm +FROM python:3.12-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="openstack-client" @@ -106,7 +106,7 @@ RUN export DEBIAN_FRONTEND=noninteractive \ iputils-ping \ libxml2 \ libxslt1.1 \ - libopenmpi3 \ + libopenmpi40 \ netcat-openbsd \ mariadb-client \ && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ diff --git a/ContainerFiles/openstack-exporter b/ContainerFiles/openstack-exporter index 4b7d369..2da3dad 100644 --- a/ContainerFiles/openstack-exporter +++ b/ContainerFiles/openstack-exporter @@ -13,7 +13,7 @@ RUN find / -name '*.pyc' -delete \ && find / -name '*.pyo' -delete \ && find / -name '__pycache__' -delete -FROM python:3.12-slim-bookworm +FROM python:3.12-slim-trixie LABEL maintainer="Rackspace" LABEL org.opencontainers.image.name="openstack-exporter" LABEL org.opencontainers.image.description="OpenStack Exporter for Prometheus" diff --git a/ContainerFiles/openstack-venv b/ContainerFiles/openstack-venv index 16000bf..619b8d6 100644 --- a/ContainerFiles/openstack-venv +++ b/ContainerFiles/openstack-venv @@ -3,7 +3,7 @@ # https://docs.docker.com/develop/develop-images/multistage-build/ ARG PYTHON_VERSION=3.12 -ARG OS_RELEASE=bookworm +ARG OS_RELEASE=trixie FROM python:${PYTHON_VERSION}-${OS_RELEASE} ARG CACHEBUST=0 RUN python3 -m venv /var/lib/openstack diff --git a/ContainerFiles/ovs b/ContainerFiles/ovs index e368b6f..9ae198a 100644 --- a/ContainerFiles/ovs +++ b/ContainerFiles/ovs @@ -40,7 +40,7 @@ RUN ./boot.sh RUN ./configure --sysconfdir=/etc --localstatedir=/var RUN PROC="$([ nproc > 4 ] && echo 4 || nproc)" make -j $PROC && make install -FROM python:3.12-slim-bookworm +FROM python:3.12-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="ovs" diff --git a/ContainerFiles/placement b/ContainerFiles/placement index ed05bce..1f2a77b 100644 --- a/ContainerFiles/placement +++ b/ContainerFiles/placement @@ -49,7 +49,7 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-bookworm +FROM python:3.12-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="placement" diff --git a/ContainerFiles/skyline b/ContainerFiles/skyline index 095a891..7b72e89 100644 --- a/ContainerFiles/skyline +++ b/ContainerFiles/skyline @@ -39,7 +39,7 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/*.dist-info/METADATA -FROM python:3.12-slim-bookworm +FROM python:3.12-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="skyline" diff --git a/ContainerFiles/zaqar b/ContainerFiles/zaqar index 741f824..efa0efd 100644 --- a/ContainerFiles/zaqar +++ b/ContainerFiles/zaqar @@ -51,7 +51,7 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-bookworm +FROM python:3.12-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="zaqar" diff --git a/docs/containers/openstack-venv.md b/docs/containers/openstack-venv.md index 9b7e43f..21e54b7 100644 --- a/docs/containers/openstack-venv.md +++ b/docs/containers/openstack-venv.md @@ -24,7 +24,7 @@ graph LR | Argument | Default | | --- | --- | | PYTHON_VERSION | 3.12 | -| OS_RELEASE | bookworm | +| OS_RELEASE | trixie | | CACHEBUST | 0 | ??? example "Build Command" @@ -32,7 +32,7 @@ graph LR ``` bash docker build \ --build-arg PYTHON_VERSION=3.12 \ - --build-arg OS_RELEASE=bookworm \ + --build-arg OS_RELEASE=trixie \ --build-arg CACHEBUST=0 \ -f ContainerFiles/openstack-venv \ -t openstack-venv:local \ From cc785271a19bbd3f8ae3dca88fc76667039c11ca Mon Sep 17 00:00:00 2001 From: Chris Breu Date: Fri, 24 Oct 2025 13:59:47 -0500 Subject: [PATCH 10/15] fix: add ceph packages to nova container --- ContainerFiles/nova | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ContainerFiles/nova b/ContainerFiles/nova index f95fe52..32e2e60 100644 --- a/ContainerFiles/nova +++ b/ContainerFiles/nova @@ -93,6 +93,11 @@ RUN export DEBIAN_FRONTEND=noninteractive \ sysfsutils \ sudo \ ssh \ + ceph-common \ + libcephfs2 \ + python3-ceph-argparse \ + python3-ceph-common \ + python3-cephfs \ && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ && apt-get clean -y \ && rm -rf /var/lib/apt/lists/* \ From 5796c1d5909216ef1676be433a4c426e498f6042 Mon Sep 17 00:00:00 2001 From: Chris Breu Date: Fri, 24 Oct 2025 15:14:52 -0500 Subject: [PATCH 11/15] Revert "fix: add ceph packages to nova container" --- ContainerFiles/nova | 5 ----- 1 file changed, 5 deletions(-) diff --git a/ContainerFiles/nova b/ContainerFiles/nova index 32e2e60..f95fe52 100644 --- a/ContainerFiles/nova +++ b/ContainerFiles/nova @@ -93,11 +93,6 @@ RUN export DEBIAN_FRONTEND=noninteractive \ sysfsutils \ sudo \ ssh \ - ceph-common \ - libcephfs2 \ - python3-ceph-argparse \ - python3-ceph-common \ - python3-cephfs \ && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ && apt-get clean -y \ && rm -rf /var/lib/apt/lists/* \ From eda523a6c017ddfa8837cf264692f2972b7411ff Mon Sep 17 00:00:00 2001 From: Kevin Carter Date: Fri, 24 Oct 2025 15:18:48 -0500 Subject: [PATCH 12/15] chore: add missing package Signed-off-by: Kevin Carter --- ContainerFiles/libguestfs | 1 + 1 file changed, 1 insertion(+) diff --git a/ContainerFiles/libguestfs b/ContainerFiles/libguestfs index bf8988f..802c5ce 100644 --- a/ContainerFiles/libguestfs +++ b/ContainerFiles/libguestfs @@ -43,6 +43,7 @@ RUN export DEBIAN_FRONTEND=noninteractive \ libsasl2-dev \ libssl-dev \ libsystemd-dev \ + libtirpc-dev \ libtsk-dev \ libtsk-dev \ libvirt-dev \ From 207f533b9b165bb62f27413c26012b1e67205395 Mon Sep 17 00:00:00 2001 From: Chris Breu Date: Fri, 24 Oct 2025 15:21:30 -0500 Subject: [PATCH 13/15] fix: next try --- ContainerFiles/nova-ceph | 54 +++------------------------------------- 1 file changed, 4 insertions(+), 50 deletions(-) diff --git a/ContainerFiles/nova-ceph b/ContainerFiles/nova-ceph index 2a784f2..6e2543a 100644 --- a/ContainerFiles/nova-ceph +++ b/ContainerFiles/nova-ceph @@ -4,68 +4,22 @@ ARG VENV_TAG=3.12-latest -FROM quay.io/rackspace/rackerlabs-nova-efi:2024.1-ubuntu_jammy-1737928811 AS dependency_build -ARG CACHEBUST=0 -ARG OS_VERSION=master -ARG OS_CONSTRAINTS=master -RUN export DEBIAN_FRONTEND=noninteractive \ - && apt-get update && apt-get upgrade -y \ - && apt-get install --no-install-recommends -y \ - build-essential - -COPY scripts/nova-ceph-cve-patching.sh /opt/ -RUN bash /opt/nova-ceph-cve-patching.sh - -RUN find / -name '*.pyc' -delete \ - && find / -name '*.pyo' -delete \ - && find / -name '__pycache__' -delete \ - && find / -name '*.whl' -delete \ - && rm -f /var/lib/openstack/lib/python*/site-packages/slapdtest/certs/client.key \ - && rm -f /var/lib/openstack/lib/python*/site-packages/slapdtest/certs/server.key - -FROM python:3.12-slim-bookworm +FROM quay.io/rackspace/rackerlabs-nova-efi:2024.1-ubuntu_jammy-1737928811 LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="nova-ceph" LABEL org.opencontainers.image.description="Nova container with ceph built for the enterprise." -COPY --from=dependency_build /var/lib/openstack /var/lib/openstack + RUN export DEBIAN_FRONTEND=noninteractive \ && apt-get update && apt-get upgrade -y \ - && apt-get install --no-install-recommends -y dosfstools \ - cryptsetup \ - genisoimage \ - gir1.2-libosinfo-1.0 \ - iptables \ - kpartx \ - ksmtuned \ - libgirepository-1.0-1 \ - libguestfs0 \ - libosinfo-bin \ - libxml2 \ - multipath-tools \ - netcat-openbsd \ - nfs-common \ - nvme-cli \ - lsscsi \ - open-iscsi \ - ovmf \ - sysfsutils \ - sudo \ - ssh \ - qemu-block-extra \ + && apt-get install --no-install-recommends -y qemu-block-extra \ && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ && apt-get clean -y \ && rm -rf /var/lib/apt/lists/* \ && rm -rf /etc/ssh/ssh_host_*_key \ && find / -name '*.pyc' -delete \ && find / -name '*.pyo' -delete \ - && find / -name '__pycache__' -delete \ - && groupadd --system --gid 42424 nova \ - && useradd --system --gid 42424 --uid 42424 --shell /bin/bash --create-home --home /var/lib/nova nova \ - && mkdir -p /var/lib/openstack/etc/nova \ - && ln -s /var/lib/openstack/etc/nova /etc/nova \ - && chown nova:nova -h /etc/nova \ - && chown -R nova:nova /var/lib/openstack/etc/nova + && find / -name '__pycache__' -delete # Set the environment variables for the nova venv ENV PATH="/var/lib/openstack/bin:$PATH" # Set the working directory From 7320d4f6a8421e5cc6e268fb3cab7ee5300508c1 Mon Sep 17 00:00:00 2001 From: Kevin Carter Date: Fri, 24 Oct 2025 16:24:47 -0500 Subject: [PATCH 14/15] chore: move openstack-venv to 313 Signed-off-by: Kevin Carter --- .github/workflows/container-build-openstack-venv.yaml | 2 +- ContainerFiles/openstack-venv | 2 +- docs/containers/openstack-venv.md | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/container-build-openstack-venv.yaml b/.github/workflows/container-build-openstack-venv.yaml index b1321d9..a17cbf9 100644 --- a/.github/workflows/container-build-openstack-venv.yaml +++ b/.github/workflows/container-build-openstack-venv.yaml @@ -21,7 +21,7 @@ on: env: REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }}/openstack-venv - PYTHON_VERSION: 3.12 + PYTHON_VERSION: 3.13 CATEGORY_NAME: openstack-venv jobs: diff --git a/ContainerFiles/openstack-venv b/ContainerFiles/openstack-venv index 619b8d6..e86cc34 100644 --- a/ContainerFiles/openstack-venv +++ b/ContainerFiles/openstack-venv @@ -2,7 +2,7 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG PYTHON_VERSION=3.12 +ARG PYTHON_VERSION=3.13 ARG OS_RELEASE=trixie FROM python:${PYTHON_VERSION}-${OS_RELEASE} ARG CACHEBUST=0 diff --git a/docs/containers/openstack-venv.md b/docs/containers/openstack-venv.md index 21e54b7..c71009d 100644 --- a/docs/containers/openstack-venv.md +++ b/docs/containers/openstack-venv.md @@ -23,7 +23,7 @@ graph LR | Argument | Default | | --- | --- | -| PYTHON_VERSION | 3.12 | +| PYTHON_VERSION | 3.13 | | OS_RELEASE | trixie | | CACHEBUST | 0 | @@ -31,7 +31,7 @@ graph LR ``` bash docker build \ - --build-arg PYTHON_VERSION=3.12 \ + --build-arg PYTHON_VERSION=3.13 \ --build-arg OS_RELEASE=trixie \ --build-arg CACHEBUST=0 \ -f ContainerFiles/openstack-venv \ From a27861be3bc19954e4e0f8de68c14e2ba9f5def0 Mon Sep 17 00:00:00 2001 From: Kevin Carter Date: Fri, 24 Oct 2025 16:20:54 -0500 Subject: [PATCH 15/15] chore: update to py 3.13 Signed-off-by: Kevin Carter --- ContainerFiles/alert-proxy | 4 ++-- ContainerFiles/apache | 4 ++-- ContainerFiles/barbican | 6 +++--- ContainerFiles/blazar | 4 ++-- ContainerFiles/ceph-libs | 4 ++-- ContainerFiles/cinder | 4 ++-- ContainerFiles/cloudkitty | 4 ++-- ContainerFiles/designate | 4 ++-- ContainerFiles/freezer | 4 ++-- ContainerFiles/glance | 4 ++-- ContainerFiles/heat | 4 ++-- ContainerFiles/horizon | 2 +- ContainerFiles/ironic-api | 4 ++-- ContainerFiles/ironic-conductor | 4 ++-- ContainerFiles/ironic-inspector | 4 ++-- ContainerFiles/ironic-pxe | 4 ++-- ContainerFiles/keystone | 2 +- ContainerFiles/libguestfs | 12 ++---------- ContainerFiles/magnum | 4 ++-- ContainerFiles/manila | 4 ++-- ContainerFiles/masakari | 4 ++-- ContainerFiles/masakari-monitors | 4 ++-- ContainerFiles/octavia | 4 ++-- ContainerFiles/openstack-client | 6 +++--- ContainerFiles/openstack-exporter | 4 ++-- ContainerFiles/ovs | 4 ++-- ContainerFiles/placement | 4 ++-- ContainerFiles/skyline | 4 ++-- ContainerFiles/zaqar | 4 ++-- docs/containers/alert-proxy.md | 4 ++-- docs/containers/apache.md | 4 ++-- docs/containers/barbican.md | 4 ++-- docs/containers/blazar.md | 4 ++-- docs/containers/ceph-libs.md | 4 ++-- docs/containers/cinder.md | 4 ++-- docs/containers/cloudkitty.md | 4 ++-- docs/containers/designate.md | 4 ++-- docs/containers/freezer.md | 4 ++-- docs/containers/glance.md | 4 ++-- docs/containers/heat.md | 4 ++-- docs/containers/horizon.md | 4 ++-- docs/containers/ironic-api.md | 4 ++-- docs/containers/ironic-conductor.md | 4 ++-- docs/containers/ironic-inspector.md | 4 ++-- docs/containers/ironic-pxe.md | 4 ++-- docs/containers/keystone.md | 4 ++-- docs/containers/libguestfs.md | 4 ++-- docs/containers/magnum.md | 4 ++-- docs/containers/manila.md | 4 ++-- docs/containers/masakari-monitors.md | 4 ++-- docs/containers/masakari.md | 4 ++-- docs/containers/octavia.md | 4 ++-- docs/containers/openstack-client.md | 4 ++-- docs/containers/ovs.md | 4 ++-- docs/containers/placement.md | 4 ++-- docs/containers/skyline.md | 4 ++-- docs/containers/zaqar.md | 4 ++-- 57 files changed, 114 insertions(+), 122 deletions(-) diff --git a/ContainerFiles/alert-proxy b/ContainerFiles/alert-proxy index b768e86..d3879da 100644 --- a/ContainerFiles/alert-proxy +++ b/ContainerFiles/alert-proxy @@ -2,7 +2,7 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest +ARG VENV_TAG=3.13-latest FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build ARG CACHEBUST=0 @@ -26,7 +26,7 @@ RUN find / -name '*.pyc' -delete \ && rm -f /var/lib/openstack/lib/python*/site-packages/slapdtest/certs/client.key \ && rm -f /var/lib/openstack/lib/python*/site-packages/slapdtest/certs/server.key -FROM python:3.12-slim-trixie +FROM python:3.13-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="alert-proxy" diff --git a/ContainerFiles/apache b/ContainerFiles/apache index 0c0248d..161901c 100644 --- a/ContainerFiles/apache +++ b/ContainerFiles/apache @@ -2,7 +2,7 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest +ARG VENV_TAG=3.13-latest FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build ARG CACHEBUST=0 LABEL maintainer="Rackspace" @@ -39,7 +39,7 @@ RUN find / -name '*.pyc' -delete \ && rm -f /var/lib/openstack/lib/python*/site-packages/slapdtest/certs/server.key -FROM python:3.12-slim-trixie +FROM python:3.13-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="Apache2 with mod_wsgi ${MOD_WSGI_VERSION}" diff --git a/ContainerFiles/barbican b/ContainerFiles/barbican index d024bda..38bbd59 100644 --- a/ContainerFiles/barbican +++ b/ContainerFiles/barbican @@ -2,7 +2,7 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest +ARG VENV_TAG=3.13-latest FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build ARG CACHEBUST=0 ARG OS_VERSION=master @@ -46,13 +46,13 @@ RUN find / -name '*.pyc' -delete \ && find / -name '*.pyo' -delete \ && find / -name '__pycache__' -delete \ && find / -name '*.whl' -delete \ - && rm -f /var/lib/openstack/lib/python3.12/site-packages/kmip/demos/certs/server.key \ + && rm -f /var/lib/openstack/lib/python3.13/site-packages/kmip/demos/certs/server.key \ && rm -f /var/lib/openstack/lib/python*/site-packages/slapdtest/certs/client.key \ && rm -f /var/lib/openstack/lib/python*/site-packages/slapdtest/certs/server.key \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-trixie +FROM python:3.13-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="barbican" diff --git a/ContainerFiles/blazar b/ContainerFiles/blazar index f191281..7ed8b90 100644 --- a/ContainerFiles/blazar +++ b/ContainerFiles/blazar @@ -2,7 +2,7 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest +ARG VENV_TAG=3.13-latest FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build ARG CACHEBUST=0 ARG OS_VERSION=master @@ -51,7 +51,7 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-trixie +FROM python:3.13-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="blazar" diff --git a/ContainerFiles/ceph-libs b/ContainerFiles/ceph-libs index 13bf5cd..0da84e4 100644 --- a/ContainerFiles/ceph-libs +++ b/ContainerFiles/ceph-libs @@ -2,7 +2,7 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest +ARG VENV_TAG=3.13-latest FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build ARG CACHEBUST=0 ARG CEPH_VERSION=main @@ -102,7 +102,7 @@ WORKDIR /opt/ceph/build RUN ninja rbd rados cephfs RUN ninja install -FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:3.12-latest +FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:3.13-latest LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="ceph-libs" diff --git a/ContainerFiles/cinder b/ContainerFiles/cinder index c826fd4..9743283 100644 --- a/ContainerFiles/cinder +++ b/ContainerFiles/cinder @@ -2,7 +2,7 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest +ARG VENV_TAG=3.13-latest FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build ARG CACHEBUST=0 ARG OS_VERSION=master @@ -55,7 +55,7 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-trixie +FROM python:3.13-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="cinder" diff --git a/ContainerFiles/cloudkitty b/ContainerFiles/cloudkitty index 992ec52..0214486 100644 --- a/ContainerFiles/cloudkitty +++ b/ContainerFiles/cloudkitty @@ -2,7 +2,7 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest +ARG VENV_TAG=3.13-latest FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build ARG CACHEBUST=0 ARG OS_VERSION=master @@ -49,7 +49,7 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-trixie +FROM python:3.13-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="cloudkitty" diff --git a/ContainerFiles/designate b/ContainerFiles/designate index 7102fc9..4175b11 100644 --- a/ContainerFiles/designate +++ b/ContainerFiles/designate @@ -2,7 +2,7 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest +ARG VENV_TAG=3.13-latest FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build ARG CACHEBUST=0 ARG OS_VERSION=master @@ -49,7 +49,7 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-trixie +FROM python:3.13-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="designate" diff --git a/ContainerFiles/freezer b/ContainerFiles/freezer index 41ab12d..bae1c02 100644 --- a/ContainerFiles/freezer +++ b/ContainerFiles/freezer @@ -2,7 +2,7 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest +ARG VENV_TAG=3.13-latest FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build ARG CACHEBUST=0 ARG OS_VERSION=master @@ -51,7 +51,7 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-trixie +FROM python:3.13-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="freezer" diff --git a/ContainerFiles/glance b/ContainerFiles/glance index 6448a4e..1d7cd0d 100644 --- a/ContainerFiles/glance +++ b/ContainerFiles/glance @@ -2,7 +2,7 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest +ARG VENV_TAG=3.13-latest FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build ARG CACHEBUST=0 ARG OS_VERSION=master @@ -55,7 +55,7 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-trixie +FROM python:3.13-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="glance" diff --git a/ContainerFiles/heat b/ContainerFiles/heat index 5957ec8..c1074cd 100644 --- a/ContainerFiles/heat +++ b/ContainerFiles/heat @@ -2,7 +2,7 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest +ARG VENV_TAG=3.13-latest FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build ARG CACHEBUST=0 ARG OS_VERSION=master @@ -50,7 +50,7 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-trixie +FROM python:3.13-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="heat" diff --git a/ContainerFiles/horizon b/ContainerFiles/horizon index a9463c2..21be045 100644 --- a/ContainerFiles/horizon +++ b/ContainerFiles/horizon @@ -2,7 +2,7 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest +ARG VENV_TAG=3.13-latest FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build ARG CACHEBUST=0 ARG OS_VERSION=master diff --git a/ContainerFiles/ironic-api b/ContainerFiles/ironic-api index e95512d..ed91521 100644 --- a/ContainerFiles/ironic-api +++ b/ContainerFiles/ironic-api @@ -2,7 +2,7 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest +ARG VENV_TAG=3.13-latest FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build ARG CACHEBUST=0 ARG OS_VERSION=master @@ -49,7 +49,7 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-trixie +FROM python:3.13-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="ironic-api" diff --git a/ContainerFiles/ironic-conductor b/ContainerFiles/ironic-conductor index d2a1548..fc992f0 100644 --- a/ContainerFiles/ironic-conductor +++ b/ContainerFiles/ironic-conductor @@ -2,7 +2,7 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest +ARG VENV_TAG=3.13-latest FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build ARG CACHEBUST=0 ARG OS_VERSION=master @@ -50,7 +50,7 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-trixie +FROM python:3.13-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="ironic-conductor" diff --git a/ContainerFiles/ironic-inspector b/ContainerFiles/ironic-inspector index f0ab7ed..d384eb3 100644 --- a/ContainerFiles/ironic-inspector +++ b/ContainerFiles/ironic-inspector @@ -2,7 +2,7 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest +ARG VENV_TAG=3.13-latest FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build ARG CACHEBUST=0 ARG OS_VERSION=master @@ -49,7 +49,7 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-trixie +FROM python:3.13-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="ironic-inspector" diff --git a/ContainerFiles/ironic-pxe b/ContainerFiles/ironic-pxe index b78e9f0..267a842 100644 --- a/ContainerFiles/ironic-pxe +++ b/ContainerFiles/ironic-pxe @@ -2,7 +2,7 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest +ARG VENV_TAG=3.13-latest FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build ARG CACHEBUST=0 ARG OS_VERSION=master @@ -49,7 +49,7 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-trixie +FROM python:3.13-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="ironic-pxe" diff --git a/ContainerFiles/keystone b/ContainerFiles/keystone index 516750a..a61659c 100644 --- a/ContainerFiles/keystone +++ b/ContainerFiles/keystone @@ -2,7 +2,7 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest +ARG VENV_TAG=3.13-latest FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build ARG CACHEBUST=0 ARG OS_VERSION=master diff --git a/ContainerFiles/libguestfs b/ContainerFiles/libguestfs index 802c5ce..1ea9df2 100644 --- a/ContainerFiles/libguestfs +++ b/ContainerFiles/libguestfs @@ -2,7 +2,7 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest +ARG VENV_TAG=3.13-latest FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build ARG GUESTFS_VERSION=master ARG GUESTFS_HIVEX_VERSION=master @@ -23,14 +23,11 @@ RUN export DEBIAN_FRONTEND=noninteractive \ git \ gperf \ libacl1-dev \ - libacl1-dev \ libaugeas-dev \ libbpf-dev \ libcap-dev \ - libcap-dev \ libcap-ng-dev \ libconfig-dev \ - libconfig-dev \ libffi-dev \ libfuse-dev \ libhivex-dev \ @@ -45,25 +42,20 @@ RUN export DEBIAN_FRONTEND=noninteractive \ libsystemd-dev \ libtirpc-dev \ libtsk-dev \ - libtsk-dev \ libvirt-dev \ libxdp-dev \ libxml2-dev \ libxslt1-dev \ libxslt1.1 \ libyara-dev \ - libyara-dev \ opam \ pkg-config \ qemu-block-extra \ - qemu-block-extra \ qemu-system \ qemu-utils \ - qemu-utils \ rsync \ ssl-cert \ supermin \ - supermin \ xmlsec1 \ xorriso \ zstd @@ -98,7 +90,7 @@ RUN PROC="$([ nproc > 4 ] && echo 4 || nproc)" make -j $PROC RUN make INSTALLDIRS=vendor REALLY_INSTALL=yes install -FROM python:3.12-slim-trixie +FROM python:3.13-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="libguestfs" diff --git a/ContainerFiles/magnum b/ContainerFiles/magnum index 080518a..eb40cfb 100644 --- a/ContainerFiles/magnum +++ b/ContainerFiles/magnum @@ -2,7 +2,7 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest +ARG VENV_TAG=3.13-latest FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build ARG CACHEBUST=0 ARG OS_VERSION=master @@ -51,7 +51,7 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-trixie +FROM python:3.13-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="magnum" diff --git a/ContainerFiles/manila b/ContainerFiles/manila index 49a749e..be39816 100644 --- a/ContainerFiles/manila +++ b/ContainerFiles/manila @@ -2,7 +2,7 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest +ARG VENV_TAG=3.13-latest FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build ARG CACHEBUST=0 ARG OS_VERSION=master @@ -51,7 +51,7 @@ RUN find / -name '*.pyc' -delete \ && rm -f /var/lib/openstack/lib/python*/site-packages/slapdtest/certs/server.key \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-trixie +FROM python:3.13-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="manila" diff --git a/ContainerFiles/masakari b/ContainerFiles/masakari index ba846a3..6d7931c 100644 --- a/ContainerFiles/masakari +++ b/ContainerFiles/masakari @@ -2,7 +2,7 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest +ARG VENV_TAG=3.13-latest FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build ARG CACHEBUST=0 ARG OS_VERSION=master @@ -49,7 +49,7 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-trixie +FROM python:3.13-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="masakari" diff --git a/ContainerFiles/masakari-monitors b/ContainerFiles/masakari-monitors index 8431e19..a45feba 100644 --- a/ContainerFiles/masakari-monitors +++ b/ContainerFiles/masakari-monitors @@ -2,7 +2,7 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest +ARG VENV_TAG=3.13-latest FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build ARG OS_VERSION=master ARG OS_CONSTRAINTS=master @@ -49,7 +49,7 @@ RUN find / -name '*.pyc' -delete \ && rm -f /var/lib/openstack/lib/python*/site-packages/slapdtest/certs/server.key \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-trixie +FROM python:3.13-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="masakari-monitors" diff --git a/ContainerFiles/octavia b/ContainerFiles/octavia index 4e26f72..7ba3bd3 100644 --- a/ContainerFiles/octavia +++ b/ContainerFiles/octavia @@ -2,7 +2,7 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest +ARG VENV_TAG=3.13-latest FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build ARG CACHEBUST=0 ARG OS_VERSION=master @@ -55,7 +55,7 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-trixie +FROM python:3.13-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="octavia" diff --git a/ContainerFiles/openstack-client b/ContainerFiles/openstack-client index 588cd9a..5aff658 100644 --- a/ContainerFiles/openstack-client +++ b/ContainerFiles/openstack-client @@ -2,7 +2,7 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest +ARG VENV_TAG=3.13-latest FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build ARG CACHEBUST=0 ARG OS_CONSTRAINTS=master @@ -91,10 +91,10 @@ RUN find / -name '*.pyc' -delete \ && find / -name '*.whl' -delete \ && rm -f /var/lib/openstack/lib/python*/site-packages/slapdtest/certs/client.key \ && rm -f /var/lib/openstack/lib/python*/site-packages/slapdtest/certs/server.key \ - && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python3.12/site-packages/PyJWT-2.10.1.dist-info/METADATA + && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python3.13/site-packages/PyJWT-2.10.1.dist-info/METADATA -FROM python:3.12-slim-trixie +FROM python:3.13-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="openstack-client" diff --git a/ContainerFiles/openstack-exporter b/ContainerFiles/openstack-exporter index 2da3dad..d727545 100644 --- a/ContainerFiles/openstack-exporter +++ b/ContainerFiles/openstack-exporter @@ -2,7 +2,7 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest +ARG VENV_TAG=3.13-latest FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build WORKDIR /app @@ -13,7 +13,7 @@ RUN find / -name '*.pyc' -delete \ && find / -name '*.pyo' -delete \ && find / -name '__pycache__' -delete -FROM python:3.12-slim-trixie +FROM python:3.13-slim-trixie LABEL maintainer="Rackspace" LABEL org.opencontainers.image.name="openstack-exporter" LABEL org.opencontainers.image.description="OpenStack Exporter for Prometheus" diff --git a/ContainerFiles/ovs b/ContainerFiles/ovs index 9ae198a..b3b75dc 100644 --- a/ContainerFiles/ovs +++ b/ContainerFiles/ovs @@ -2,7 +2,7 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest +ARG VENV_TAG=3.13-latest FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build ARG OVS_VERSION=main RUN export DEBIAN_FRONTEND=noninteractive \ @@ -40,7 +40,7 @@ RUN ./boot.sh RUN ./configure --sysconfdir=/etc --localstatedir=/var RUN PROC="$([ nproc > 4 ] && echo 4 || nproc)" make -j $PROC && make install -FROM python:3.12-slim-trixie +FROM python:3.13-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="ovs" diff --git a/ContainerFiles/placement b/ContainerFiles/placement index 1f2a77b..737a100 100644 --- a/ContainerFiles/placement +++ b/ContainerFiles/placement @@ -2,7 +2,7 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest +ARG VENV_TAG=3.13-latest FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build ARG CACHEBUST=0 ARG OS_VERSION=master @@ -49,7 +49,7 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-trixie +FROM python:3.13-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="placement" diff --git a/ContainerFiles/skyline b/ContainerFiles/skyline index 7b72e89..5458285 100644 --- a/ContainerFiles/skyline +++ b/ContainerFiles/skyline @@ -1,7 +1,7 @@ # syntax = docker/dockerfile:1 # This Dockerfile builds Skyline from the RackerLabs fork. -ARG VENV_TAG=3.12-latest +ARG VENV_TAG=3.13-latest FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build ARG CACHEBUST=0 ARG OS_CONSTRAINTS=master @@ -39,7 +39,7 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/*.dist-info/METADATA -FROM python:3.12-slim-trixie +FROM python:3.13-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="skyline" diff --git a/ContainerFiles/zaqar b/ContainerFiles/zaqar index efa0efd..1f10b86 100644 --- a/ContainerFiles/zaqar +++ b/ContainerFiles/zaqar @@ -2,7 +2,7 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest +ARG VENV_TAG=3.13-latest FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build ARG CACHEBUST=0 ARG OS_VERSION=master @@ -51,7 +51,7 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-trixie +FROM python:3.13-slim-trixie LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="zaqar" diff --git a/docs/containers/alert-proxy.md b/docs/containers/alert-proxy.md index 86e56e6..e0582c2 100644 --- a/docs/containers/alert-proxy.md +++ b/docs/containers/alert-proxy.md @@ -22,14 +22,14 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-latest | | CACHEBUST | 0 | ??? example "Build Command" ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-latest \ --build-arg CACHEBUST=0 \ -f ContainerFiles/alert-proxy \ -t alert-proxy:local \ diff --git a/docs/containers/apache.md b/docs/containers/apache.md index fd54546..452e3af 100644 --- a/docs/containers/apache.md +++ b/docs/containers/apache.md @@ -23,7 +23,7 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-latest | | CACHEBUST | 0 | | MOD_WSGI_VERSION | 5.0.2 | @@ -31,7 +31,7 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-latest \ --build-arg CACHEBUST=0 \ --build-arg MOD_WSGI_VERSION=5.0.2 \ -f ContainerFiles/apache \ diff --git a/docs/containers/barbican.md b/docs/containers/barbican.md index 041303f..4609b21 100644 --- a/docs/containers/barbican.md +++ b/docs/containers/barbican.md @@ -22,7 +22,7 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-latest | | CACHEBUST | 0 | | OS_VERSION | master | | OS_CONSTRAINTS | master | @@ -31,7 +31,7 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-latest \ --build-arg CACHEBUST=0 \ --build-arg OS_VERSION=master \ --build-arg OS_CONSTRAINTS=master \ diff --git a/docs/containers/blazar.md b/docs/containers/blazar.md index f2067a6..2c9fdca 100644 --- a/docs/containers/blazar.md +++ b/docs/containers/blazar.md @@ -22,7 +22,7 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-latest | | CACHEBUST | 0 | | OS_VERSION | master | | OS_CONSTRAINTS | master | @@ -31,7 +31,7 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-latest \ --build-arg CACHEBUST=0 \ --build-arg OS_VERSION=master \ --build-arg OS_CONSTRAINTS=master \ diff --git a/docs/containers/ceph-libs.md b/docs/containers/ceph-libs.md index 6c4f6c3..b964d81 100644 --- a/docs/containers/ceph-libs.md +++ b/docs/containers/ceph-libs.md @@ -23,7 +23,7 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-latest | | CACHEBUST | 0 | | CEPH_VERSION | main | @@ -31,7 +31,7 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-latest \ --build-arg CACHEBUST=0 \ --build-arg CEPH_VERSION=main \ -f ContainerFiles/ceph-libs \ diff --git a/docs/containers/cinder.md b/docs/containers/cinder.md index 23cd707..d0d2583 100644 --- a/docs/containers/cinder.md +++ b/docs/containers/cinder.md @@ -23,7 +23,7 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-latest | | CACHEBUST | 0 | | OS_VERSION | master | | OS_CONSTRAINTS | master | @@ -32,7 +32,7 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-latest \ --build-arg CACHEBUST=0 \ --build-arg OS_VERSION=master \ --build-arg OS_CONSTRAINTS=master \ diff --git a/docs/containers/cloudkitty.md b/docs/containers/cloudkitty.md index 14ba31f..db2674b 100644 --- a/docs/containers/cloudkitty.md +++ b/docs/containers/cloudkitty.md @@ -22,7 +22,7 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-latest | | CACHEBUST | 0 | | OS_VERSION | master | | OS_CONSTRAINTS | master | @@ -31,7 +31,7 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-latest \ --build-arg CACHEBUST=0 \ --build-arg OS_VERSION=master \ --build-arg OS_CONSTRAINTS=master \ diff --git a/docs/containers/designate.md b/docs/containers/designate.md index 205e833..f713902 100644 --- a/docs/containers/designate.md +++ b/docs/containers/designate.md @@ -22,7 +22,7 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-latest | | CACHEBUST | 0 | | OS_VERSION | master | | OS_CONSTRAINTS | master | @@ -31,7 +31,7 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-latest \ --build-arg CACHEBUST=0 \ --build-arg OS_VERSION=master \ --build-arg OS_CONSTRAINTS=master \ diff --git a/docs/containers/freezer.md b/docs/containers/freezer.md index 5ed33af..b4f3f13 100644 --- a/docs/containers/freezer.md +++ b/docs/containers/freezer.md @@ -22,7 +22,7 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-latest | | CACHEBUST | 0 | | OS_VERSION | master | | OS_CONSTRAINTS | master | @@ -31,7 +31,7 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-latest \ --build-arg CACHEBUST=0 \ --build-arg OS_VERSION=master \ --build-arg OS_CONSTRAINTS=master \ diff --git a/docs/containers/glance.md b/docs/containers/glance.md index 9c614cb..840a14c 100644 --- a/docs/containers/glance.md +++ b/docs/containers/glance.md @@ -22,7 +22,7 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-latest | | CACHEBUST | 0 | | OS_VERSION | master | | OS_CONSTRAINTS | master | @@ -31,7 +31,7 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-latest \ --build-arg CACHEBUST=0 \ --build-arg OS_VERSION=master \ --build-arg OS_CONSTRAINTS=master \ diff --git a/docs/containers/heat.md b/docs/containers/heat.md index a865eb0..7a22b78 100644 --- a/docs/containers/heat.md +++ b/docs/containers/heat.md @@ -21,7 +21,7 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-latest | | CACHEBUST | 0 | | OS_VERSION | master | | OS_CONSTRAINTS | master | @@ -30,7 +30,7 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-latest \ --build-arg CACHEBUST=0 \ --build-arg OS_VERSION=master \ --build-arg OS_CONSTRAINTS=master \ diff --git a/docs/containers/horizon.md b/docs/containers/horizon.md index 88c6e9b..b2158f9 100644 --- a/docs/containers/horizon.md +++ b/docs/containers/horizon.md @@ -23,7 +23,7 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-latest | | CACHEBUST | 0 | | OS_VERSION | master | | OS_CONSTRAINTS | master | @@ -32,7 +32,7 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-latest \ --build-arg CACHEBUST=0 \ --build-arg OS_VERSION=master \ --build-arg OS_CONSTRAINTS=master \ diff --git a/docs/containers/ironic-api.md b/docs/containers/ironic-api.md index 74dd021..e9eb9d1 100644 --- a/docs/containers/ironic-api.md +++ b/docs/containers/ironic-api.md @@ -22,7 +22,7 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-latest | | CACHEBUST | 0 | | OS_VERSION | master | | OS_CONSTRAINTS | master | @@ -31,7 +31,7 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-latest \ --build-arg CACHEBUST=0 \ --build-arg OS_VERSION=master \ --build-arg OS_CONSTRAINTS=master \ diff --git a/docs/containers/ironic-conductor.md b/docs/containers/ironic-conductor.md index eedd720..e048690 100644 --- a/docs/containers/ironic-conductor.md +++ b/docs/containers/ironic-conductor.md @@ -22,7 +22,7 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-latest | | CACHEBUST | 0 | | OS_VERSION | master | | OS_CONSTRAINTS | master | @@ -31,7 +31,7 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-latest \ --build-arg CACHEBUST=0 \ --build-arg OS_VERSION=master \ --build-arg OS_CONSTRAINTS=master \ diff --git a/docs/containers/ironic-inspector.md b/docs/containers/ironic-inspector.md index 4109e5e..997275b 100644 --- a/docs/containers/ironic-inspector.md +++ b/docs/containers/ironic-inspector.md @@ -22,7 +22,7 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-latest | | CACHEBUST | 0 | | OS_VERSION | master | | OS_CONSTRAINTS | master | @@ -31,7 +31,7 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-latest \ --build-arg CACHEBUST=0 \ --build-arg OS_VERSION=master \ --build-arg OS_CONSTRAINTS=master \ diff --git a/docs/containers/ironic-pxe.md b/docs/containers/ironic-pxe.md index 6398527..7068f53 100644 --- a/docs/containers/ironic-pxe.md +++ b/docs/containers/ironic-pxe.md @@ -22,7 +22,7 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-latest | | CACHEBUST | 0 | | OS_VERSION | master | | OS_CONSTRAINTS | master | @@ -31,7 +31,7 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-latest \ --build-arg CACHEBUST=0 \ --build-arg OS_VERSION=master \ --build-arg OS_CONSTRAINTS=master \ diff --git a/docs/containers/keystone.md b/docs/containers/keystone.md index ecbf3bc..ffd7927 100644 --- a/docs/containers/keystone.md +++ b/docs/containers/keystone.md @@ -23,7 +23,7 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-latest | | CACHEBUST | 0 | | OS_VERSION | master | | OS_CONSTRAINTS | master | @@ -34,7 +34,7 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-latest \ --build-arg CACHEBUST=0 \ --build-arg OS_VERSION=master \ --build-arg OS_CONSTRAINTS=master \ diff --git a/docs/containers/libguestfs.md b/docs/containers/libguestfs.md index a498102..8358e06 100644 --- a/docs/containers/libguestfs.md +++ b/docs/containers/libguestfs.md @@ -23,7 +23,7 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-latest | | GUESTFS_VERSION | master | | GUESTFS_HIVEX_VERSION | master | @@ -31,7 +31,7 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-latest \ --build-arg GUESTFS_VERSION=master \ --build-arg GUESTFS_HIVEX_VERSION=master \ -f ContainerFiles/libguestfs \ diff --git a/docs/containers/magnum.md b/docs/containers/magnum.md index 43b4c4d..c67c6d3 100644 --- a/docs/containers/magnum.md +++ b/docs/containers/magnum.md @@ -22,7 +22,7 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-latest | | CACHEBUST | 0 | | OS_VERSION | master | | OS_CONSTRAINTS | master | @@ -32,7 +32,7 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-latest \ --build-arg CACHEBUST=0 \ --build-arg OS_VERSION=master \ --build-arg OS_CONSTRAINTS=master \ diff --git a/docs/containers/manila.md b/docs/containers/manila.md index d3a67c9..16fa08b 100644 --- a/docs/containers/manila.md +++ b/docs/containers/manila.md @@ -22,7 +22,7 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-latest | | CACHEBUST | 0 | | OS_VERSION | master | | OS_CONSTRAINTS | master | @@ -31,7 +31,7 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-latest \ --build-arg CACHEBUST=0 \ --build-arg OS_VERSION=master \ --build-arg OS_CONSTRAINTS=master \ diff --git a/docs/containers/masakari-monitors.md b/docs/containers/masakari-monitors.md index b7254dc..c67bcc2 100644 --- a/docs/containers/masakari-monitors.md +++ b/docs/containers/masakari-monitors.md @@ -22,7 +22,7 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-latest | | CACHEBUST | 0 | | OS_VERSION | master | | OS_CONSTRAINTS | master | @@ -31,7 +31,7 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-latest \ --build-arg CACHEBUST=0 \ --build-arg OS_VERSION=master \ --build-arg OS_CONSTRAINTS=master \ diff --git a/docs/containers/masakari.md b/docs/containers/masakari.md index 83d7611..5b97e03 100644 --- a/docs/containers/masakari.md +++ b/docs/containers/masakari.md @@ -22,7 +22,7 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-latest | | CACHEBUST | 0 | | OS_VERSION | master | | OS_CONSTRAINTS | master | @@ -31,7 +31,7 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-latest \ --build-arg CACHEBUST=0 \ --build-arg OS_VERSION=master \ --build-arg OS_CONSTRAINTS=master \ diff --git a/docs/containers/octavia.md b/docs/containers/octavia.md index 7e8b5e8..fa72319 100644 --- a/docs/containers/octavia.md +++ b/docs/containers/octavia.md @@ -22,7 +22,7 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-latest | | CACHEBUST | 0 | | OS_VERSION | master | | OS_CONSTRAINTS | master | @@ -32,7 +32,7 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-latest \ --build-arg CACHEBUST=0 \ --build-arg OS_VERSION=master \ --build-arg OS_CONSTRAINTS=master \ diff --git a/docs/containers/openstack-client.md b/docs/containers/openstack-client.md index e4d3203..a9118f5 100644 --- a/docs/containers/openstack-client.md +++ b/docs/containers/openstack-client.md @@ -22,7 +22,7 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-latest | | CACHEBUST | 0 | | OS_CONSTRAINTS | master | @@ -30,7 +30,7 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-latest \ --build-arg CACHEBUST=0 \ -f ContainerFiles/openstack-client \ -t openstack-client:local \ diff --git a/docs/containers/ovs.md b/docs/containers/ovs.md index 0b57534..6700584 100644 --- a/docs/containers/ovs.md +++ b/docs/containers/ovs.md @@ -23,14 +23,14 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-latest | | OVS_VERSION | main | ??? example "Build Command" ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-latest \ --build-arg OVS_VERSION=main \ -f ContainerFiles/ovs \ -t ovs:local \ diff --git a/docs/containers/placement.md b/docs/containers/placement.md index ab80fd2..2a4764a 100644 --- a/docs/containers/placement.md +++ b/docs/containers/placement.md @@ -22,7 +22,7 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-latest | | CACHEBUST | 0 | | OS_VERSION | master | | OS_CONSTRAINTS | master | @@ -31,7 +31,7 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-latest \ --build-arg CACHEBUST=0 \ --build-arg OS_VERSION=master \ --build-arg OS_CONSTRAINTS=master \ diff --git a/docs/containers/skyline.md b/docs/containers/skyline.md index adf54de..8ac1b04 100644 --- a/docs/containers/skyline.md +++ b/docs/containers/skyline.md @@ -22,7 +22,7 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-latest | | CACHEBUST | 0 | | OS_CONSTRAINTS | master | @@ -30,7 +30,7 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-latest \ --build-arg CACHEBUST=0 \ --build-arg OS_CONSTRAINTS=master \ -f ContainerFiles/skyline \ diff --git a/docs/containers/zaqar.md b/docs/containers/zaqar.md index d7b4901..4658b88 100644 --- a/docs/containers/zaqar.md +++ b/docs/containers/zaqar.md @@ -22,7 +22,7 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-latest | | CACHEBUST | 0 | | OS_VERSION | master | | OS_CONSTRAINTS | master | @@ -31,7 +31,7 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-latest \ --build-arg CACHEBUST=0 \ --build-arg OS_VERSION=master \ --build-arg OS_CONSTRAINTS=master \