Merge OSH and OSH-I repos

As part of the ongoing effort to align STX-OpenStack with
the Epoxy release, the OSH and OSH-I packages must be merged.
This reflects the same consolidation performed in the upstream
repositories [1].

This change removes the openstack-helm and openstack-helm-infra
directories from the root of the repository and relocates all
relevant content to the new upstream/helm-charts/openstack-helm directory.

Additionally, the patches in the new OSH package now include
the patches originating from both deleted directories. These
patches have been reordered to preserve the original chronological
order in which they were introduced.

From the OSH package, patch 0014 was removed, as it is no longer required.
This patch modified the source used to retrieve helm-toolkit during the
OSH build process. Since helm-toolkit now resides in the same repository,
this behavior is implicit. Additionally, one Makefile-related patch was
dropped because identical patches were present in both original packages.

Finally, ChartMuseum was removed from the dependency list, as it is no
longer needed during the OSH build. Previously, ChartMuseum was used to
stage helm-toolkit from OSH-I while building OSH. With all charts now
consolidated into the OSH repository, this staging step is no longer necessary.

Test-Plan:
PASS - Build all packages and STX-O tarball
PASS - OSH-I package no longer exists
PASS - OSH package contains all the OSH Helm charts
PASS - STX-O upload and apply
PASS - Sanity runs on SX, DX and STD systems

[1] - b95bb67678

Story: 2011516
Task: 52980

Change-Id: I01bb2165f1a5c98e1c6cccd8301c2ac02f3028e6
Signed-off-by: Daniel Caires <DanielMarques.Caires@windriver.com>

README.rst

@@ -14,10 +14,10 @@ This repository is divided into the following sections:
   - Service clients
   - Docker images
 
-- Helm charts (openstack-helm, openstack-helm-infra and stx-openstack-helm-fluxcd)
+- Helm charts (upstream/helm-charts/openstack-helm, upstream/helm-charts/ingress-nginx-helm and stx-openstack-helm-fluxcd)
 
   - Openstack Helm (openstack-helm)
-  - Openstack Helm Infra (openstack-helm-infra)
+  - NGINX Ingress Helm chart (ingress-nginx-helm)
   - STX-Openstack specific helm charts (stx-openstack-helm-fluxcd)
 
 - FluxCD manifests (stx-openstack-helm-fluxcd)
@@ -130,14 +130,13 @@ Example stx-openstackclients_:
 Helm Charts
 -----------
 
-The OpenStack community provides two upstream repositories delivering helm-charts
-for its services (openstack-helm_) and for its required infrastructure
-(openstack-helm-infra_).
+The OpenStack community provides an upstream repository delivering Helm charts
+for OpenStack services and their required infrastructure (openstack-helm_).
 
-Both repositories are used by STX-Openstack. Since it might be needed to control
-the version of Helm charts we are using and/or apply specific patches to the Helm
-charts source, both repositories points to a fixed base commit SHA and are
-delivered as any other StarlignX Debian package.
+This repository is used by STX-Openstack. Since it might be necessary to control
+the version of Helm charts being used and/or apply specific patches to the Helm
+chart sources, the repository points to a fixed base commit SHA and is delivered
+as any other StarlingX Debian package.
 
 The common approach when developing a patch for such Helm charts is to first
 understand if it is a StarlingX specific patch (i.e., for STX-Openstack use case
@@ -146,19 +145,23 @@ patch is described on the `StarlingX Debian package build structure docs. <BUILD
 
 Whenever it is a generic code enhancement, the approach is to create the patch to
 quickly fix the STX-Openstack issue/feature but also propose it upstream to the
-openstack-helm and/or openstack-helm-infra community. If the change is accepted,
-later it will be available on a newest base commit SHA, and when STX-Openstack
-uprevs its base version for such packages, the patch can be deleted.
+openstack-helm community. If the change is accepted, later it will be available
+on a newest base commit SHA, and when STX-Openstack uprevs its base version for
+the package, the patch can be deleted.
 
 There are also cases when the issue can be solved by simply changing the Helm
 override values for the chart, in that case, you can go for the static overrides
 route described in the "FluxCD Manifests" section below.
 
-Additionally, not all the Helm charts used by STX-Openstack are delivered by the
-OpenStack community as part of openstack-helm and openstack-helm-infra repositories.
-Some charts are custom to the application and are therefore developed/maintained
-by the StarlingX community itself.
-Such helm-charts can be found under `the stx-openstack-helm-fluxcd folder <STX-CHARTS>`__.
+In addition to the OpenStack Helm charts, STX-Openstack also consumes the NGINX
+Ingress Controller Helm chart from its upstream community. This chart follows
+the same general principles regarding version pinning, patching, and override
+management when used within STX-Openstack.
+
+Additionally, not all Helm charts used by STX-Openstack are delivered by upstream
+communities. Some charts are custom to the application and are therefore
+developed/maintained by the StarlingX community itself. Such helm-charts can be
+found under `the stx-openstack-helm-fluxcd folder <STX-CHARTS>`__.
 Currently the list contains the following charts:
 
 - Clients
@@ -266,7 +269,7 @@ This directory contains a series of examples for YAML overrides in order to cust
 .. _BUILD: https://wiki.openstack.org/wiki/StarlingX/DebianBuildStructure
 .. _SALSA: https://salsa.debian.org/openstack-team
 .. _openstack-helm: https://opendev.org/openstack/openstack-helm
-.. _openstack-helm-infra: https://opendev.org/openstack/openstack-helm-infra
+.. _ingress-nginx-helm: https://github.com/kubernetes/ingress-nginx
 .. _STX-CHARTS: https://opendev.org/starlingx/openstack-armada-app/src/branch/master/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/helm-charts
 .. _STX-O-APP-METADATA: https://opendev.org/starlingx/openstack-armada-app/src/branch/master/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/files/metadata.yaml
 .. _STX-O-APP-KUSTOMIZATION: https://opendev.org/starlingx/openstack-armada-app/src/branch/master/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/kustomization.yaml

debian_pkg_dirs

@@ -1,7 +1,6 @@
-openstack-helm
-openstack-helm-infra
 python3-k8sapp-openstack
 stx-openstack-helm-fluxcd
+upstream/helm-charts/openstack-helm
 upstream/helm-charts/ingress-nginx-helm
 upstream/openstack/openstack-pkg-tools
 upstream/openstack/python-cinderclient

openstack-helm-infra/Readme.rst

@@ -1,8 +0,0 @@
-This repo is for https://github.com/openstack/openstack-helm-infra
-
-Changes to this repo are needed for StarlingX and those changes are
-not yet merged.
-Rather than clone and diverge the repo, the repo is extracted at a particular
-git SHA, and patches are applied on top.
-
-As those patches are merged, the SHA can be updated and the local patches removed.

openstack-helm-infra/debian/deb_folder/changelog

@@ -1,17 +0,0 @@
-openstack-helm-infra (1.2-0) unstable; urgency=medium
-
-  * Upversion to Epoxy release.
-
- --  Daniel Caires <DanielMarques.Caires@windriver.com>  Wed, 26 Nov 2025 00:00:00 +0000
-
-openstack-helm-infra (1.1-0) unstable; urgency=medium
-
-  * Upversion to Caracal release.
-
- --  Daniel Caires <DanielMarques.Caires@windriver.com>  Wed, 29 Jan 2025 08:50:31 +0000
-
-openstack-helm-infra (1.0-1) unstable; urgency=medium
-
-  * Initial release.
-
- --  Tracey Bogue <tracey.bogue@windriver.com>  Wed, 27 Oct 2021 13:42:42 +0000

openstack-helm-infra/debian/deb_folder/control

@@ -1,17 +0,0 @@
-Source: openstack-helm-infra
-Section: libs
-Priority: optional
-Maintainer: StarlingX Developers <starlingx-discuss@lists.starlingx.io>
-Build-Depends: debhelper-compat (= 13),
- helm,
- procps
-Standards-Version: 4.5.1
-Homepage: https://www.starlingx.io
-
-Package: openstack-helm-infra
-Section: libs
-Architecture: all
-Depends: ${misc:Depends}
-Description: StarlingX Openstack Helm Infrastructure
- This package contains a patched version of the openstack-helm-infra
- repo.

openstack-helm-infra/debian/deb_folder/copyright

@@ -1,41 +0,0 @@
-Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
-Upstream-Name: openstack-helm-infra
-Source: https://opendev.org/starlingx/openstack-armada-app/
-
-Files: *
-Copyright: (c) 2013-2025 Wind River Systems, Inc
-License: Apache-2
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- .
-    https://www.apache.org/licenses/LICENSE-2.0
- .
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- .
- On Debian-based systems the full text of the Apache version 2.0 license
- can be found in `/usr/share/common-licenses/Apache-2.0'.
-
-# If you want to use GPL v2 or later for the /debian/* files use
-# the following clauses, or change it to suit. Delete these two lines
-Files: debian/*
-Copyright: 2021-2025  Wind River Systems, Inc
-License: Apache-2
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- .
-    https://www.apache.org/licenses/LICENSE-2.0
- .
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- .
- On Debian-based systems the full text of the Apache version 2.0 license
- can be found in `/usr/share/common-licenses/Apache-2.0'.

openstack-helm-infra/debian/deb_folder/openstack-helm-infra.install

@@ -1 +0,0 @@
-usr/lib/helm/*

openstack-helm-infra/debian/deb_folder/patches/series

@@ -1,22 +0,0 @@
-0001-Add-imagePullSecrets-in-service-account.patch
-0002-Partial-revert-of-31e3469d28858d7b5eb6355e88b6f49fd6.patch
-0003-Fix-pod-restarts-on-all-workers-when-worker-added.patch
-0004-Add-io_thread_pool-for-rabbitmq.patch
-0005-Enable-override-of-mariadb-server-probe-parameters.patch
-0006-Add-mariadb-database-config-override-to-support-ipv6.patch
-0007-Allow-set-public-endpoint-url-for-all-openstack-types.patch
-0008-Add-GaleraDB-Secure-Replica-Traffic.patch
-0009-Fix-tls-in-openstack-helm-infra.patch
-0010-Remove-mariadb-tls.patch
-0011-Remove-rabbitmq-tls.patch
-0012-Update-libvirt-configuration-script-for-Debian.patch
-0013-Add-app.starlingx.io-component-label-to-pods.patch
-0014-Add-pre-apply-cleanup-Job-to-STX-O-Helm-charts.patch
-0015-Add-support-for-multiple-hosts-in-a-daemonset.patch
-0016-Fix-upversion-breaking-changes.patch
-0017-removed-section-to-add-default-daemonset-to-global-l.patch
-0018-Add-custom-pod-annotations-to-libvirt.patch
-0019-Update-ipFamilyPolicy-to-support-DualStack.patch
-0020-Add-cluster-host-ip-env-var-to-libvirt.patch
-0021-Update-makefile-to-build-env.patch
-0022-Add-volume-storage-class-priorities.patch

openstack-helm-infra/debian/deb_folder/rules

@@ -1,29 +0,0 @@
-#!/usr/bin/make -f
-export DH_VERBOSE = 1
-
-export ROOT = debian/tmp
-export HELM_FOLDER = $(ROOT)/usr/lib/helm
-
-%:
-	dh $@
-
-override_dh_auto_build:
-	# Create the chart TGZ files.
-	make SKIP_CHANGELOG=1 helm-toolkit
-	make SKIP_CHANGELOG=1 gnocchi
-	make SKIP_CHANGELOG=1 libvirt
-	make SKIP_CHANGELOG=1 mariadb
-	make SKIP_CHANGELOG=1 memcached
-	make SKIP_CHANGELOG=1 openvswitch
-	make SKIP_CHANGELOG=1 rabbitmq
-	make SKIP_CHANGELOG=1 ceph-rgw
-	make SKIP_CHANGELOG=1 prometheus-openstack-exporter
-
-override_dh_auto_install:
-	# Install the chart tar files.
-	install -d -m 755 $(HELM_FOLDER)
-	install -p -D -m 755 *.tgz $(HELM_FOLDER)
-
-override_dh_auto_test:
-
-override_dh_usrlocal:

openstack-helm-infra/debian/meta_data.yaml

@@ -1,16 +0,0 @@
----
-debname: openstack-helm-infra
-debver: 1.2-0
-dl_path:
-  name: openstack-helm-49c117443391cec75e0bd52bb4a9d033325927ad.tar.gz
-  url: https://github.com/openstack/openstack-helm/archive/49c117443391cec75e0bd52bb4a9d033325927ad.tar.gz
-  md5sum: 1c8332b1ee178a8c96bc5cb13822088c
-  sha256sum: 7d241c2900287827f8fdbce75e4cf18392e24a9ca4fb2527a113d8ef16f56d13
-src_files:
-  - files/repositories.yaml
-revision:
-  dist: $STX_DIST
-  PKG_GITREVCOUNT: true
-  GITREVCOUNT:
-    BASE_SRCREV: fbf8dd7772c43978d1b5a79c1358d64adf857c9e
-    SRC_DIR: ${MY_REPO}/stx/openstack-armada-app/openstack-helm-infra/files

openstack-helm-infra/files/repositories.yaml

@@ -1,12 +0,0 @@
----
-apiVersion: v1
-generated: 2019-01-02T15:19:36.215111369-06:00
-repositories:
-  - caFile: ""
-    cache: /builddir/.helm/repository/cache/local-index.yaml
-    certFile: ""
-    keyFile: ""
-    name: local
-    password: ""
-    url: http://127.0.0.1:8879/charts
-    username: ""

openstack-helm/debian/deb_folder/changelog

@@ -1,17 +0,0 @@
-openstack-helm (1.2-0) unstable; urgency=medium
-
-  * Upversion to Epoxy release.
-
- --  Daniel Caires <DanielMarques.Caires@windriver.com>  Wed, 26 Nov 2025 00:00:00 +0000
-
-openstack-helm (1.1-0) unstable; urgency=medium
-
-  * Upversion to Caracal release.
-
- --  Daniel Caires <DanielMarques.Caires@windriver.com>  Wed, 29 Jan 2025 15:31:20 +0000
-
-openstack-helm (1.0-1) unstable; urgency=medium
-
-  * Initial release.
-
- --  Tracey Bogue <tracey.bogue@windriver.com>  Mon, 1 Nov 2021 12:22:42 +0000

openstack-helm/debian/deb_folder/control

@@ -1,19 +0,0 @@
-Source: openstack-helm
-Section: libs
-Priority: optional
-Maintainer: StarlingX Developers <starlingx-discuss@lists.starlingx.io>
-Build-Depends: debhelper-compat (= 13),
- chartmuseum,
- helm,
- openstack-helm-infra,
- procps
-Standards-Version: 4.5.1
-Homepage: https://www.starlingx.io
-
-Package: openstack-helm
-Section: libs
-Architecture: all
-Depends: ${misc:Depends}, openstack-helm-infra
-Description: StarlingX Openstack Helm
- This package contains a patched version of the openstack-helm
- repo.

openstack-helm/debian/deb_folder/copyright

@@ -1,41 +0,0 @@
-Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
-Upstream-Name: openstack-helm
-Source: https://opendev.org/starlingx/openstack-armada-app/
-
-Files: *
-Copyright: (c) 2013-2025 Wind River Systems, Inc
-License: Apache-2
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- .
-    https://www.apache.org/licenses/LICENSE-2.0
- .
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- .
- On Debian-based systems the full text of the Apache version 2.0 license
- can be found in `/usr/share/common-licenses/Apache-2.0'.
-
-# If you want to use GPL v2 or later for the /debian/* files use
-# the following clauses, or change it to suit. Delete these two lines
-Files: debian/*
-Copyright: 2021-2025 Wind River Systems, Inc
-License: Apache-2
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- .
-    https://www.apache.org/licenses/LICENSE-2.0
- .
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- .
- On Debian-based systems the full text of the Apache version 2.0 license
- can be found in `/usr/share/common-licenses/Apache-2.0'.

openstack-helm/debian/deb_folder/openstack-helm.install

@@ -1 +0,0 @@
-usr/lib/helm/*

openstack-helm/debian/deb_folder/patches/0014-Update-charts-requirements-to-use-local-server.patch

@@ -1,190 +0,0 @@
-From 03cddb8c1dd8912e15b27e5a5c1cb8edcc9350b9 Mon Sep 17 00:00:00 2001
-From: Thales Elero Cervi <thaleselero.cervi@windriver.com>
-Date: Fri, 7 Jul 2023 09:28:49 -0300
-Subject: [PATCH] Update charts requirements to use local server
-
-This change reverts openstack/openstack-helm commit [1] for charts that
-the StarlingX OpenStack application is currently building.
-That change was removing the helm-toolkit chart dependency from a local
-server, since Helm v3 no longer supports "helm serve" [2], and pointing
-it to a given openstack-helm-infra directory in which the helm-toolkit
-chart should be placed.
-The stx-openstack application does not require this change while it is
-relying on chartmuseum for serving charts locally [3].
-Instead of changing our build instructions and our custom charts,
-including charts for other repositories [4], we simply reverts
-openstack-helm requirements to use local server again.
-
-[1] c20c1e4400f5935adf0afd0c65bef2bb12af598b
-[2] https://helm.sh/docs/topics/v2_v3_migration/
-[3] https://opendev.org/starlingx/openstack-armada-app/src/branch/r/
-    stx.8.0/stx-openstack-helm-fluxcd/debian/deb_folder/control#L6
-[4] https://opendev.org/starlingx/openstack-armada-app/src/branch/r/
-    stx.8.0/stx-openstack-helm-fluxcd/debian/meta_data.yaml#L7
-
-Signed-off-by: Thales Elero Cervi <thaleselero.cervi@windriver.com>
-Change-Id: Id2ab4adabb21201da229e4242fe06c1ba1bfd463
-[ Upversion to epoxy release ]
-Signed-off-by: Daniel Caires <DanielMarques.Caires@windriver.com>
----
- aodh/Chart.yaml       | 2 +-
- barbican/Chart.yaml   | 2 +-
- ceilometer/Chart.yaml | 2 +-
- cinder/Chart.yaml     | 2 +-
- glance/Chart.yaml     | 2 +-
- heat/Chart.yaml       | 2 +-
- horizon/Chart.yaml    | 2 +-
- ironic/Chart.yaml     | 2 +-
- keystone/Chart.yaml   | 2 +-
- neutron/Chart.yaml    | 2 +-
- nova/Chart.yaml       | 2 +-
- placement/Chart.yaml  | 2 +-
- 12 files changed, 12 insertions(+), 12 deletions(-)
-
-diff --git a/aodh/Chart.yaml b/aodh/Chart.yaml
-index a17e1b120..60003eedb 100644
---- a/aodh/Chart.yaml
-+++ b/aodh/Chart.yaml
-@@ -27,6 +27,6 @@ maintainers:
- 
- dependencies:
-   - name: helm-toolkit
--    repository: file://../helm-toolkit
-+    repository: http://localhost:8879/charts
-     version: ">= 0.1.0"
- ...
-diff --git a/barbican/Chart.yaml b/barbican/Chart.yaml
-index 32fce39e9..8c03673ad 100644
---- a/barbican/Chart.yaml
-+++ b/barbican/Chart.yaml
-@@ -26,6 +26,6 @@ maintainers:
- 
- dependencies:
-   - name: helm-toolkit
--    repository: file://../helm-toolkit
-+    repository: http://localhost:8879/charts
-     version: ">= 0.1.0"
- ...
-diff --git a/ceilometer/Chart.yaml b/ceilometer/Chart.yaml
-index 1fa2238bc..1e8480879 100644
---- a/ceilometer/Chart.yaml
-+++ b/ceilometer/Chart.yaml
-@@ -25,6 +25,6 @@ maintainers:
- 
- dependencies:
-   - name: helm-toolkit
--    repository: file://../helm-toolkit
-+    repository: http://localhost:8879/charts
-     version: ">= 0.1.0"
- ...
-diff --git a/cinder/Chart.yaml b/cinder/Chart.yaml
-index e446fed6a..aae0087be 100644
---- a/cinder/Chart.yaml
-+++ b/cinder/Chart.yaml
-@@ -26,6 +26,6 @@ maintainers:
- 
- dependencies:
-   - name: helm-toolkit
--    repository: file://../helm-toolkit
-+    repository: http://localhost:8879/charts
-     version: ">= 0.1.0"
- ...
-diff --git a/glance/Chart.yaml b/glance/Chart.yaml
-index afbb8bbb2..a1ae6612b 100644
---- a/glance/Chart.yaml
-+++ b/glance/Chart.yaml
-@@ -26,6 +26,6 @@ maintainers:
- 
- dependencies:
-   - name: helm-toolkit
--    repository: file://../helm-toolkit
-+    repository: http://localhost:8879/charts
-     version: ">= 0.1.0"
- ...
-diff --git a/heat/Chart.yaml b/heat/Chart.yaml
-index dc5f2627f..57e6ad178 100644
---- a/heat/Chart.yaml
-+++ b/heat/Chart.yaml
-@@ -26,6 +26,6 @@ maintainers:
- 
- dependencies:
-   - name: helm-toolkit
--    repository: file://../helm-toolkit
-+    repository: http://localhost:8879/charts
-     version: ">= 0.1.0"
- ...
-diff --git a/horizon/Chart.yaml b/horizon/Chart.yaml
-index 9e8b96780..6933d6be0 100644
---- a/horizon/Chart.yaml
-+++ b/horizon/Chart.yaml
-@@ -26,6 +26,6 @@ maintainers:
- 
- dependencies:
-   - name: helm-toolkit
--    repository: file://../helm-toolkit
-+    repository: http://localhost:8879/charts
-     version: ">= 0.1.0"
- ...
-diff --git a/ironic/Chart.yaml b/ironic/Chart.yaml
-index 77eab90d3..d361ba755 100644
---- a/ironic/Chart.yaml
-+++ b/ironic/Chart.yaml
-@@ -26,6 +26,6 @@ maintainers:
- 
- dependencies:
-   - name: helm-toolkit
--    repository: file://../helm-toolkit
-+    repository: http://localhost:8879/charts
-     version: ">= 0.1.0"
- ...
-diff --git a/keystone/Chart.yaml b/keystone/Chart.yaml
-index 66ccd42bb..62be05939 100644
---- a/keystone/Chart.yaml
-+++ b/keystone/Chart.yaml
-@@ -26,6 +26,6 @@ maintainers:
- 
- dependencies:
-   - name: helm-toolkit
--    repository: file://../helm-toolkit
-+    repository: http://localhost:8879/charts
-     version: ">= 0.1.0"
- ...
-diff --git a/neutron/Chart.yaml b/neutron/Chart.yaml
-index 01d4ceb4f..31c8c10df 100644
---- a/neutron/Chart.yaml
-+++ b/neutron/Chart.yaml
-@@ -26,6 +26,6 @@ maintainers:
- 
- dependencies:
-   - name: helm-toolkit
--    repository: file://../helm-toolkit
-+    repository: http://localhost:8879/charts
-     version: ">= 0.1.0"
- ...
-diff --git a/nova/Chart.yaml b/nova/Chart.yaml
-index b421379a3..62c4ba1bc 100644
---- a/nova/Chart.yaml
-+++ b/nova/Chart.yaml
-@@ -26,6 +26,6 @@ maintainers:
- 
- dependencies:
-   - name: helm-toolkit
--    repository: file://../helm-toolkit
-+    repository: http://localhost:8879/charts
-     version: ">= 0.1.0"
- ...
-diff --git a/placement/Chart.yaml b/placement/Chart.yaml
-index f0f2662a7..be4cc09d6 100644
---- a/placement/Chart.yaml
-+++ b/placement/Chart.yaml
-@@ -28,6 +28,6 @@ maintainers:
- 
- dependencies:
-   - name: helm-toolkit
--    repository: file://../helm-toolkit
-+    repository: http://localhost:8879/charts
-     version: ">= 0.1.0"
- ...
--- 
-2.34.1
-

openstack-helm/debian/deb_folder/patches/0028-Update-makefile-to-build-env.patch

@@ -1,32 +0,0 @@
-From 29770a771986e178069ba1ec809220584e96f25c Mon Sep 17 00:00:00 2001
-From: Daniel Caires <DanielMarques.Caires@windriver.com>
-Date: Wed, 26 Nov 2025 13:49:50 -0300
-Subject: [PATCH] Update makefile to build env
-
-The current makefile in the OSH repo, runs git commands
-inside the chart_version.sh file. Because the build env
-does not create a git repository when building the Helm charts
-it was necessary to remove the call to this script when building
-the Helm chart package.
-
-Change-Id: I73244001de9d50ce83de3653bef3ec297fe9c81f
----
- Makefile | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Makefile b/Makefile
-index 5823ba349..7c5cbfec4 100644
---- a/Makefile
-+++ b/Makefile
-@@ -76,7 +76,7 @@ lint-%: init-%
- 
- build-%: lint-% $(if $(filter-out 1,$(SKIP_CHANGELOG)),%/CHANGELOG.md)
- 	if [ -d $* ]; then \
--		$(HELM) package $* --version $$(tools/chart_version.sh $* $(BASE_VERSION)) $(PKG_ARGS); \
-+		$(HELM) package $* --version $(BASE_VERSION) $(PKG_ARGS); \
- 	fi
- 
- # This is used exclusively with helm3 building in the gate to publish
--- 
-2.34.1
-

openstack-helm/debian/deb_folder/patches/series

@@ -1,28 +0,0 @@
-0001-Remove-stale-Apache2-service-pids-when-a-POD-starts.patch
-0002-Support-ingress-creation-for-keystone-admin-endpoint.patch
-0003-Allow-set-public-endpoint-url-for-keystone-endpoints.patch
-0004-Wrong-usage-of-rbd_store_chunk_size.patch
-0005-Add-stx_admin-account.patch
-0006-Add-flavor-extra-spec-hw-pci_irq_affinity_mask.patch
-0007-Remove-TLS-from-openstack-services.patch
-0008-Remove-mariadb-and-rabbit-tls.patch
-0009-Fixing-cinder-helm-release-hooks-weights-helmv3.patch
-0010-Fixing-nova-helm-release-hooks-and-weights.patch
-0011-Fixing-keystone-helm-release-hooks-and-weights.patch
-0012-Update-user-in-cinder-related-pods.patch
-0013-Support-ceph-dev-version-during-pool-creation.patch
-0014-Update-charts-requirements-to-use-local-server.patch
-0015-Add-service-tokens-for-Cinder-auth.patch
-0016-Add-app.starlingx.io-component-label-to-pods.patch
-0017-Add-pre-apply-cleanup-Job-to-STX-O-Helm-charts.patch
-0018-Define-values-for-NetApp-volume-backend.patch
-0019-Add-cluster-host-ip-env-var-to-nova.patch
-0020-Change-uWSGI-socket-to-allow-IPv6-binding.patch
-0021-Enable-ceph-pool-creation-for-AIO-systems.patch
-0022-Add-IPv6-compatibility-to-neutron-openvswitch-agent.patch
-0023-Copy-host-UUID-into-Nova-s-config-dir.patch
-0024-Add-retry-to-hostname-reading-by-neutron-agents.patch
-0025-Allow-rook-ceph-auto-estimation.patch
-0026-Add-DEX-integration.patch
-0027-Add-Netapp-backend-support-to-Cinder.patch
-0028-Update-makefile-to-build-env.patch

openstack-helm/debian/deb_folder/rules

@@ -1,46 +0,0 @@
-#!/usr/bin/make -f
-# export DH_VERBOSE = 1
-
-export ROOT = debian/tmp
-export APP_FOLDER = $(ROOT)/usr/lib/helm
-
-export HELM_FOLDER=/usr/lib/helm
-export TOOLKIT_VERSION = 2025.1.0
-
-%:
-	dh $@
-
-override_dh_auto_build:
-	# Stage helm-toolkit in the local repo.
-	cp $(HELM_FOLDER)/helm-toolkit-$(TOOLKIT_VERSION).tgz .
-	# Host a server for the helm charts.
-	chartmuseum --debug --port=8879 --context-path='/charts' \
-		--storage="local" --storage-local-rootdir="." &
-	sleep 2
-	helm repo add local http://localhost:8879/charts
-	# Create the chart TGZ files.
-	make SKIP_CHANGELOG=1 aodh
-	make SKIP_CHANGELOG=1 barbican
-	make SKIP_CHANGELOG=1 ceilometer
-	make SKIP_CHANGELOG=1 cinder
-	make SKIP_CHANGELOG=1 glance
-	make SKIP_CHANGELOG=1 heat
-	make SKIP_CHANGELOG=1 horizon
-	make SKIP_CHANGELOG=1 ironic
-	make SKIP_CHANGELOG=1 keystone
-	make SKIP_CHANGELOG=1 neutron
-	make SKIP_CHANGELOG=1 nova
-	make SKIP_CHANGELOG=1 placement
-	# Terminate the helm chart server.
-	pkill chartmuseum
-	# Remove the helm-toolkit tarball
-	rm helm-toolkit-$(TOOLKIT_VERSION).tgz
-
-override_dh_auto_install:
-	# Install the chart tar files.
-	install -d -m 755 $(APP_FOLDER)
-	install -p -D -m 755 *.tgz $(APP_FOLDER)
-
-override_dh_auto_test:
-
-override_dh_usrlocal:

openstack-helm/debian/deb_folder/source/format

@@ -1 +0,0 @@
-3.0 (quilt)

openstack-helm/debian/meta_data.yaml

@@ -1,17 +0,0 @@
----
-debname: openstack-helm
-debver: 1.2-0
-dl_path:
-  name: openstack-helm-49c117443391cec75e0bd52bb4a9d033325927ad.tar.gz
-  url: https://github.com/openstack/openstack-helm/archive/49c117443391cec75e0bd52bb4a9d033325927ad.tar.gz
-  md5sum: 1c8332b1ee178a8c96bc5cb13822088c
-  sha256sum: 7d241c2900287827f8fdbce75e4cf18392e24a9ca4fb2527a113d8ef16f56d13
-src_files:
-  - files/index.yaml
-  - files/repositories.yaml
-revision:
-  dist: $STX_DIST
-  PKG_GITREVCOUNT: true
-  GITREVCOUNT:
-    BASE_SRCREV: 0a50ff4f895fb2d20122c23019f76d08d885a12f
-    SRC_DIR: ${MY_REPO}/stx/openstack-armada-app/openstack-helm/files

openstack-helm/files/index.yaml

@@ -1,4 +0,0 @@
----
-apiVersion: v1
-entries: {}
-generated: 2019-01-07T12:33:46.098166523-06:00

openstack-helm/files/repositories.yaml

@@ -1,12 +0,0 @@
----
-apiVersion: v1
-generated: 2019-01-02T15:19:36.215111369-06:00
-repositories:
-  - caFile: ""
-    cache: /builddir/.helm/repository/cache/local-index.yaml
-    certFile: ""
-    keyFile: ""
-    name: local
-    password: ""
-    url: http://127.0.0.1:8879/charts
-    username: ""

stx-openstack-helm-fluxcd/debian/deb_folder/control

@@ -5,7 +5,6 @@ Maintainer: StarlingX Developers <starlingx-discuss@lists.starlingx.io>
 Build-Depends: debhelper-compat (= 13),
  chartmuseum,
  helm,
- openstack-helm-infra,
  openstack-helm,
  procps,
  python3-k8sapp-openstack-wheels,
@@ -17,7 +16,6 @@ Package: stx-openstack-helm-fluxcd
 Section: libs
 Architecture: all
 Depends: ${misc:Depends},
- openstack-helm-infra,
  openstack-helm,
  python3-k8sapp-openstack-wheels,
  ingress-nginx-helm

stx-openstack-helm-fluxcd/debian/deb_folder/source/format

@@ -1 +1 @@
-3.0 (quilt)
+3.0 (quilt)

stx-openstack-helm-fluxcd/debian/meta_data.yaml

@@ -7,5 +7,5 @@ src_files:
 revision:
   dist: $STX_DIST
   GITREVCOUNT:
-    BASE_SRCREV: daef54697f354ca8fda128c46e50771f8ee7eb45
+    BASE_SRCREV: 10ebb85a976fe7c81c6cb75d3b0e60145d927e4d
     SRC_DIR: ${MY_REPO}/stx/openstack-armada-app/stx-openstack-helm-fluxcd

upstream/helm-charts/openstack-helm/debian/deb_folder/changelog

@@ -0,0 +1,17 @@
+openstack-helm (2025.1-0) unstable; urgency=medium
+
+  * Upversion to Epoxy release.
+
+ --  Daniel Caires <DanielMarques.Caires@windriver.com>  Wed, 26 Nov 2025 00:00:00 +0000
+
+openstack-helm (1.1-0) unstable; urgency=medium
+
+  * Upversion to Caracal release.
+
+ --  Daniel Caires <DanielMarques.Caires@windriver.com>  Wed, 29 Jan 2025 15:31:20 +0000
+
+openstack-helm (1.0-1) unstable; urgency=medium
+
+  * Initial release.
+
+ --  Tracey Bogue <tracey.bogue@windriver.com>  Mon, 1 Nov 2021 12:22:42 +0000

upstream/helm-charts/openstack-helm/debian/deb_folder/control

@@ -0,0 +1,17 @@
+Source: openstack-helm
+Section: libs
+Priority: optional
+Maintainer: StarlingX Developers <starlingx-discuss@lists.starlingx.io>
+Build-Depends: debhelper-compat (= 13),
+ helm,
+ procps
+Standards-Version: 4.5.1
+Homepage: https://www.starlingx.io
+
+Package: openstack-helm
+Section: libs
+Architecture: all
+Depends: ${misc:Depends}
+Description: StarlingX Openstack Helm
+ This package contains a patched version of the openstack-helm
+ repo.

upstream/helm-charts/openstack-helm/debian/deb_folder/copyright

@@ -0,0 +1,41 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: openstack-helm
+Source: https://opendev.org/starlingx/openstack-armada-app/
+
+Files: *
+Copyright: (c) 2013-2025 Wind River Systems, Inc
+License: Apache-2
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+    https://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ On Debian-based systems the full text of the Apache version 2.0 license
+ can be found in `/usr/share/common-licenses/Apache-2.0'.
+
+# If you want to use GPL v2 or later for the /debian/* files use
+# the following clauses, or change it to suit. Delete these two lines
+Files: debian/*
+Copyright: 2021-2025 Wind River Systems, Inc
+License: Apache-2
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+    https://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ On Debian-based systems the full text of the Apache version 2.0 license
+ can be found in `/usr/share/common-licenses/Apache-2.0'.

upstream/helm-charts/openstack-helm/debian/deb_folder/openstack-helm.install

@@ -0,0 +1 @@
+usr/lib/helm/*

upstream/helm-charts/openstack-helm/debian/deb_folder/patches/0047-Change-makefile.patch

@@ -1,13 +1,7 @@
 From 29770a771986e178069ba1ec809220584e96f25c Mon Sep 17 00:00:00 2001
 From: Daniel Caires <DanielMarques.Caires@windriver.com>
 Date: Wed, 26 Nov 2025 13:49:50 -0300
-Subject: [PATCH] Update makefile to build env
-
-The current makefile in the OSH repo, runs git commands
-inside the chart_version.sh file. Because the build env
-does not create a git repository when building the Helm charts
-it was necessary to remove the call to this script when building
-the Helm chart package.
+Subject: [PATCH] change makefile
 
 Change-Id: I73244001de9d50ce83de3653bef3ec297fe9c81f
 ---

upstream/helm-charts/openstack-helm/debian/deb_folder/patches/OSH-0001-Remove-stale-Apache2-service-pids-when-a-POD-starts.patch

@@ -1,57 +0,0 @@
-From 95bf3711a3f380a6b15916b348f9c2b8d670eac7 Mon Sep 17 00:00:00 2001
-From: Chris Friesen <chris.friesen@windriver.com>
-Date: Wed, 28 Nov 2018 01:33:39 -0500
-Subject: [PATCH] Remove stale Apache2 service pids when a POD starts.
-
-Stale Apache2 pids will prevent Apache2 from starting and will leave
-the POD in a crashed state.
-
-Note: the pid file is somewhat confusingly called
-/var/run/httpd/httpd.pid and /var/run/apache2 is just a symlink to
-/var/run/httpd.
-
-This is loosely based off the in-review upstream commit at
-https://review.openstack.org/#/c/619747
-
-Signed-off-by: Robert Church <robert.church@windriver.com>
-[ upversioned of changes to openstack-helm for epoxy release ]
-Signed-off-by: cfigueir <carlos.figueiredofelipe@windriver.com>
----
- ceilometer/templates/bin/_ceilometer-api.sh.tpl | 3 +++
- keystone/templates/bin/_keystone-api.sh.tpl     | 6 ++----
- 2 files changed, 5 insertions(+), 4 deletions(-)
-
-diff --git a/ceilometer/templates/bin/_ceilometer-api.sh.tpl b/ceilometer/templates/bin/_ceilometer-api.sh.tpl
-index 3ba90d998..4b7745294 100644
---- a/ceilometer/templates/bin/_ceilometer-api.sh.tpl
-+++ b/ceilometer/templates/bin/_ceilometer-api.sh.tpl
-@@ -40,6 +40,9 @@ function start () {
-     fi
-   fi
- 
-+  # Get rid of stale pid file if present.
-+  rm -f /var/run/apache2/*.pid
-+
-   # Start Apache2
-   exec {{ .Values.conf.software.apache2.binary }} {{ .Values.conf.software.apache2.start_parameters }}
- }
-diff --git a/keystone/templates/bin/_keystone-api.sh.tpl b/keystone/templates/bin/_keystone-api.sh.tpl
-index d7350674e..f6216df17 100644
---- a/keystone/templates/bin/_keystone-api.sh.tpl
-+++ b/keystone/templates/bin/_keystone-api.sh.tpl
-@@ -41,10 +41,8 @@ function start () {
-      source /etc/apache2/envvars
-   fi
- 
--  if [ -f /var/run/apache2/apache2.pid ]; then
--     # Remove the stale pid for debian/ubuntu images
--     rm -f /var/run/apache2/apache2.pid
--  fi
-+  # Get rid of stale pid, shared memory segment and wsgi sock files if present.
-+  rm -f /var/run/apache2/*
- 
-   # Start Apache2
-   exec {{ .Values.conf.software.apache2.binary }} {{ .Values.conf.software.apache2.start_parameters }}
--- 
-2.43.0
-

upstream/helm-charts/openstack-helm/debian/deb_folder/patches/OSH-0002-Support-ingress-creation-for-keystone-admin-endpoint.patch

@@ -1,37 +0,0 @@
-From cfbdacc308e0f1616bbb8c42541ae39ca5048f04 Mon Sep 17 00:00:00 2001
-From: Andy Ning <andy.ning@windriver.com>
-Date: Wed, 4 Dec 2019 13:35:44 -0500
-Subject: [PATCH] Support ingress creation for keystone admin endpoint
-
-This update added support to create ingress for custom keystone admin
-endpoint. It can be used by deployment to expose keytone admin endpoint
-to outside of the cluster by ingress.
-
-Story: 2006588
-Task: 37747
-Signed-off-by: Andy Ning <andy.ning@windriver.com>
-[ upversioned of changes to openstack-helm for epoxy release ]
-Signed-off-by: cfigueir <carlos.figueiredofelipe@windriver.com>
----
- keystone/templates/ingress-api.yaml | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/keystone/templates/ingress-api.yaml b/keystone/templates/ingress-api.yaml
-index 7bdcee60c..525c21215 100644
---- a/keystone/templates/ingress-api.yaml
-+++ b/keystone/templates/ingress-api.yaml
-@@ -21,3 +21,11 @@ limitations under the License.
- {{- end -}}
- {{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
- {{- end }}
-+{{- if and .Values.manifests.ingress_api .Values.network.api.ingress.admin }}
-+{{ $ingressNamePublic := tuple "identity" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
-+{{ $ingressNameAdmin := tuple "identity" "admin" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
-+{{- if not (eq $ingressNamePublic $ingressNameAdmin) }}
-+{{- $ingressOpts := dict "envAll" . "backendServiceType" "identity" "backendPort" "ks-pub" "endpoint" "admin" -}}
-+{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
-+{{- end }}
-+{{- end }}
--- 
-2.43.0
-

upstream/helm-charts/openstack-helm/debian/deb_folder/patches/OSH-0003-Allow-set-public-endpoint-url-for-keystone-endpoints.patch

@@ -1,38 +0,0 @@
-From a3e055e68227a0dc65864e887ba1f7e0ace12ffc Mon Sep 17 00:00:00 2001
-From: Angie Wang <angie.wang@windriver.com>
-Date: Tue, 1 Sep 2020 00:00:22 -0400
-Subject: [PATCH] Allow set public endpoint url for keystone endpoints
-
-[ Use public endpoint for admin url]
-Signed-off-by: Lucas de Ataides <lucas.deataidesbarreto@windriver.com>
-[ upversioned of changes to openstack-helm for epoxy release ]
-Signed-off-by: cfigueir <carlos.figueiredofelipe@windriver.com>
----
- keystone/templates/job-db-sync.yaml | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/keystone/templates/job-db-sync.yaml b/keystone/templates/job-db-sync.yaml
-index a4ff67d80..37db4464b 100644
---- a/keystone/templates/job-db-sync.yaml
-+++ b/keystone/templates/job-db-sync.yaml
-@@ -23,9 +23,17 @@ helm.sh/hook-weight: "-4"
- {{- $envAll := index . 0 -}}
- env:
-   - name: OS_BOOTSTRAP_ADMIN_URL
-+    {{- if and (hasKey $envAll.Values.endpoints.identity "force_public_endpoint") $envAll.Values.endpoints.identity.force_public_endpoint }}
-+    value: {{ tuple "identity" "public" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
-+    {{- else }}
-     value: {{ tuple "identity" "admin" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
-+    {{- end }}
-   - name: OS_BOOTSTRAP_INTERNAL_URL
-+    {{- if and (hasKey $envAll.Values.endpoints.identity "force_public_endpoint") $envAll.Values.endpoints.identity.force_public_endpoint }}
-+    value: {{ tuple "identity" "public" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
-+    {{- else }}
-     value: {{ tuple "identity" "internal" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
-+    {{- end }}
-   - name: OS_BOOTSTRAP_PUBLIC_URL
-     value: {{ tuple "identity" "public" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
-   - name: OPENSTACK_CONFIG_FILE
--- 
-2.43.0
-

upstream/helm-charts/openstack-helm/debian/deb_folder/patches/OSH-0004-Wrong-usage-of-rbd_store_chunk_size.patch

@@ -1,48 +0,0 @@
-From 7e003a418bb69c2c331a1c589c01afc5ad06b6a5 Mon Sep 17 00:00:00 2001
-From: Elena Taivan <elena.taivan@windriver.com>
-Date: Wed, 30 Sep 2020 14:14:32 +0000
-Subject: [PATCH] Wrong usage of 'rbd_store_chunk_size'
-
-'rbd_store_chunk_size' option represents the size of the chunks
-of the objects into which an image is chuncked.
-It does not represent the 'pg_num' value of 'images' ceph pool.
-
-Solution: replace 'rdb_store_chunk_size' with 'chunk_size' custom
-option.
-
-[ updated glance_store chunk_size for epoxy release ]
-Signed-off-by: cfigueir <carlos.figueiredofelipe@windriver.com>
----
- glance/templates/job-storage-init.yaml | 2 +-
- glance/values.yaml                     | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/glance/templates/job-storage-init.yaml b/glance/templates/job-storage-init.yaml
-index be9d2331b..d24a0cfb3 100644
---- a/glance/templates/job-storage-init.yaml
-+++ b/glance/templates/job-storage-init.yaml
-@@ -122,7 +122,7 @@ spec:
-             - name: RBD_POOL_CRUSH_RULE
-               value: {{ .Values.conf.glance.rbd.rbd_store_crush_rule | quote }}
-             - name: RBD_POOL_CHUNK_SIZE
--              value: {{ .Values.conf.glance.rbd.rbd_store_chunk_size | quote }}
-+              value: {{ .Values.conf.glance.glance_store.chunk_size | quote }}
-             - name: RBD_POOL_SECRET
-               value: {{ .Values.secrets.rbd | quote }}
-             {{ end }}
-diff --git a/glance/values.yaml b/glance/values.yaml
-index 8e1d1371b..d545e24b3 100644
---- a/glance/values.yaml
-+++ b/glance/values.yaml
-@@ -265,7 +265,7 @@ conf:
-       # This is for backward compatibility.
-       filesystem_store_datadir: /var/lib/glance/images
-       cinder_catalog_info: volumev3::internalURL
--      rbd_store_chunk_size: 8
-+      chunk_size: 8
-       rbd_store_replication: 3
-       rbd_store_crush_rule: replicated_rule
-       rbd_store_pool: glance.images
--- 
-2.43.0
-

upstream/helm-charts/openstack-helm/debian/deb_folder/patches/OSH-0005-Add-stx_admin-account.patch

@@ -1,122 +0,0 @@
-From 5bb4b3a5834b5111e4e93a1850aad97a46375f4b Mon Sep 17 00:00:00 2001
-From: Shuicheng Lin <shuicheng.lin@intel.com>
-Date: Wed, 28 Oct 2020 15:17:34 +0800
-Subject: [PATCH] Add stx_admin account for host to communicate with openstack
- app
-
-lcavalca: changed content to support tls keystone
-rvieiraf: added helm.sh/hook* annotations
-
-Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
-Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
-Signed-off-by: Rafael Falcao <rafael.vieirafalcao@windriver.com>
-Change-Id: Iedcd131578f4e33efd3c3d7c47cbef83331b143a
-[ upversioned of changes to openstack-helm for epoxy release ]
-Signed-off-by: cfigueir <carlos.figueiredofelipe@windriver.com>
----
- keystone/templates/job-ks-user.yaml     | 29 +++++++++++++++++++++++++
- keystone/templates/secret-keystone.yaml |  2 +-
- keystone/values.yaml                    | 17 +++++++++++++++
- 3 files changed, 47 insertions(+), 1 deletion(-)
- create mode 100644 keystone/templates/job-ks-user.yaml
-
-diff --git a/keystone/templates/job-ks-user.yaml b/keystone/templates/job-ks-user.yaml
-new file mode 100644
-index 000000000..71b9b3de5
---- /dev/null
-+++ b/keystone/templates/job-ks-user.yaml
-@@ -0,0 +1,29 @@
-+{{/*
-+Licensed under the Apache License, Version 2.0 (the "License");
-+you may not use this file except in compliance with the License.
-+You may obtain a copy of the License at
-+
-+   http://www.apache.org/licenses/LICENSE-2.0
-+
-+Unless required by applicable law or agreed to in writing, software
-+distributed under the License is distributed on an "AS IS" BASIS,
-+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+See the License for the specific language governing permissions and
-+limitations under the License.
-+*/}}
-+
-+{{- define "metadata.annotations.job.ks_user" }}
-+helm.sh/hook: post-install,post-upgrade
-+helm.sh/hook-weight: "5"
-+{{- end }}
-+
-+{{- if .Values.manifests.job_ks_user }}
-+{{- $ksUserJob := dict "envAll" . "serviceName" "keystone" "serviceUser" "stx_admin" "jobAnnotations" (include "metadata.annotations.job.ks_user" . | fromYaml) -}}
-+{{- if .Values.manifests.certificates -}}
-+{{- $_ := set $ksUserJob "tlsSecret" .Values.secrets.tls.identity.api.internal -}}
-+{{- end -}}
-+{{- if .Values.pod.tolerations.keystone.enabled -}}
-+{{- $_ := set $ksUserJob "tolerationsEnabled" true -}}
-+{{- end -}}
-+{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}
-+{{- end }}
-diff --git a/keystone/templates/secret-keystone.yaml b/keystone/templates/secret-keystone.yaml
-index 093a4b058..32e186fa1 100644
---- a/keystone/templates/secret-keystone.yaml
-+++ b/keystone/templates/secret-keystone.yaml
-@@ -14,7 +14,7 @@ limitations under the License.
- 
- {{- if .Values.manifests.secret_keystone }}
- {{- $envAll := . }}
--{{- range $key1, $userClass := tuple "admin" "test" }}
-+{{- range $key1, $userClass := tuple "admin" "test" "stx_admin" }}
- {{- $secretName := index $envAll.Values.secrets.identity $userClass }}
- ---
- apiVersion: v1
-diff --git a/keystone/values.yaml b/keystone/values.yaml
-index b7937a7ab..7d17cc425 100644
---- a/keystone/values.yaml
-+++ b/keystone/values.yaml
-@@ -140,6 +140,10 @@ dependencies:
-       services:
-         - endpoint: internal
-           service: oslo_db
-+    ks_user:
-+      services:
-+        - endpoint: internal
-+          service: identity
-     domain_manage:
-       services:
-         - endpoint: internal
-@@ -892,6 +896,7 @@ secrets:
-   identity:
-     admin: keystone-keystone-admin
-     test: keystone-keystone-test
-+    stx_admin: keystone-keystone-stxadmin
-   oslo_db:
-     admin: keystone-db-admin
-     keystone: keystone-db-user
-@@ -952,6 +957,17 @@ endpoints:
-         user_domain_name: default
-         project_domain_name: default
-         default_domain_id: default
-+      stx_admin:
-+        role:
-+          - admin
-+          - member
-+        region_name: RegionOne
-+        username: stx_admin
-+        password: password
-+        project_name: admin
-+        user_domain_name: default
-+        project_domain_name: default
-+        default_domain_id: default
-       test:
-         role: admin
-         region_name: RegionOne
-@@ -1117,6 +1133,7 @@ manifests:
-   job_domain_manage: true
-   job_fernet_setup: true
-   job_image_repo_sync: true
-+  job_ks_user: true
-   job_rabbit_init: true
-   pdb_api: true
-   pod_rally_test: true
--- 
-2.43.0
-

upstream/helm-charts/openstack-helm/debian/deb_folder/patches/OSH-0006-Add-flavor-extra-spec-hw-pci_irq_affinity_mask.patch

@@ -1,77 +0,0 @@
-From de15f3dc3046e55439edb89ce795a3f75a2ecdfc Mon Sep 17 00:00:00 2001
-From: rferraz <RogerioOliveira.Ferraz@windriver.com>
-Date: Wed, 17 Nov 2021 11:32:23 -0300
-Subject: [PATCH] Add-flavor-extra-spec-hw-pci_irq_affinity_mask
-
-[ upversioned of changes to openstack-helm for epoxy release ]
-Signed-off-by: cfigueir <carlos.figueiredofelipe@windriver.com>
----
- glance/templates/configmap-etc.yaml     | 3 +++
- glance/templates/deployment-api.yaml    | 6 ++++++
- glance/templates/job-metadefs-load.yaml | 6 ++++++
- glance/values.yaml                      | 1 +
- 4 files changed, 16 insertions(+)
-
-diff --git a/glance/templates/configmap-etc.yaml b/glance/templates/configmap-etc.yaml
-index 5fdb7a5ea..d4eeac2e4 100644
---- a/glance/templates/configmap-etc.yaml
-+++ b/glance/templates/configmap-etc.yaml
-@@ -151,6 +151,9 @@ data:
-   glance-api-uwsgi.ini: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.glance_api_uwsgi | b64enc }}
-   logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
-   glance-api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
-+{{- range $key, $val := .Values.conf.extra_metadata }}
-+  compute_{{ $key }}.json: {{ toJson $val | b64enc }}
-+{{- end }}
-   policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
-   api_audit_map.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.api_audit_map | b64enc }}
-   glance_sudoers: {{ $envAll.Values.conf.glance_sudoers | b64enc }}
-diff --git a/glance/templates/deployment-api.yaml b/glance/templates/deployment-api.yaml
-index 2bde3e59a..fcd4a628f 100644
---- a/glance/templates/deployment-api.yaml
-+++ b/glance/templates/deployment-api.yaml
-@@ -201,6 +201,12 @@ spec:
-               mountPath: /etc/glance/glance-api.conf
-               subPath: glance-api.conf
-               readOnly: true
-+            {{- range $key, $val := .Values.conf.extra_metadata }}
-+            - name: glance-etc
-+              mountPath: /var/lib/openstack/etc/glance/metadefs/compute_{{ $key }}.json
-+              subPath: compute_{{ $key }}.json
-+              readOnly: true
-+            {{- end }}
-             - name: glance-etc
-               mountPath: /etc/glance/glance-api-uwsgi.ini
-               subPath: glance-api-uwsgi.ini
-diff --git a/glance/templates/job-metadefs-load.yaml b/glance/templates/job-metadefs-load.yaml
-index 1c2efaaae..ca6081fbd 100644
---- a/glance/templates/job-metadefs-load.yaml
-+++ b/glance/templates/job-metadefs-load.yaml
-@@ -67,6 +67,12 @@ spec:
-               mountPath: /tmp/metadefs-load.sh
-               subPath: metadefs-load.sh
-               readOnly: true
-+            {{- range $key, $val := .Values.conf.extra_metadata }}
-+            - name: glance-etc
-+              mountPath: /var/lib/openstack/etc/glance/metadefs/compute_{{ $key }}.json
-+              subPath: compute_{{ $key }}.json
-+              readOnly: true
-+            {{- end }}
-             - name: etcglance
-               mountPath: /etc/glance
-             - name: glance-etc
-diff --git a/glance/values.yaml b/glance/values.yaml
-index d545e24b3..328abeaed 100644
---- a/glance/values.yaml
-+++ b/glance/values.yaml
-@@ -187,6 +187,7 @@ conf:
-       oslo_config_program: glance-api
-     filter:http_proxy_to_wsgi:
-       paste.filter_factory: oslo_middleware:HTTPProxyToWSGI.factory
-+  extra_metadata: {}
-   policy: {}
-   glance_sudoers: |
-     # This sudoers file supports rootwrap for both Kolla and LOCI Images.
--- 
-2.43.0
-

upstream/helm-charts/openstack-helm/debian/deb_folder/patches/OSH-0009-Fixing-cinder-helm-release-hooks-weights-helmv3.patch

@@ -1,75 +0,0 @@
-From 1809c974bdab9ca3d7ad2e1a4480e53b53bc65f6 Mon Sep 17 00:00:00 2001
-From: Thales Elero Cervi <thaleselero.cervi@windriver.com>
-Date: Wed, 21 Sep 2022 16:48:54 -0300
-Subject: [PATCH] Fixing cinder helm release hooks weights (helmv3)
-
-The relation of dependency for cinder release resources is not working
-with helmv3 since several jobs have post-install hooks and are
-dependencies of other jobs and deployments that have no hooks.
-
-The jobs/deployments without hooks are deployed during an installation
-phase that is never complete since the dependency jobs are hooked to be
-deployed on post-install phase.
-
-This change includes helm-hooks for the boostrap job and the api,
-scheduler and volume deployments. The weights will define the order each
-one will be deployed.
-
-Signed-off-by: Thales Elero Cervi <thaleselero.cervi@windriver.com>
-Change-Id: I74dd271d065a7b4668845accae7476d5cbd7d363
-[ upversioned of changes to openstack-helm for epoxy release ]
-Signed-off-by: cfigueir <carlos.figueiredofelipe@windriver.com>
----
- cinder/templates/deployment-api.yaml       | 4 ++++
- cinder/templates/deployment-scheduler.yaml | 4 ++++
- cinder/templates/deployment-volume.yaml    | 4 ++++
- 3 files changed, 12 insertions(+)
-
-diff --git a/cinder/templates/deployment-api.yaml b/cinder/templates/deployment-api.yaml
-index 571d71029..8d1a753d4 100644
---- a/cinder/templates/deployment-api.yaml
-+++ b/cinder/templates/deployment-api.yaml
-@@ -27,6 +27,10 @@ metadata:
-   name: cinder-api
-   annotations:
-     {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
-+{{- if .Values.helm3_hook }}
-+    helm.sh/hook: post-install,post-upgrade
-+    helm.sh/hook-weight: "1"
-+{{- end }}
-   labels:
- {{ tuple $envAll "cinder" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
- spec:
-diff --git a/cinder/templates/deployment-scheduler.yaml b/cinder/templates/deployment-scheduler.yaml
-index f43a68c23..d01200962 100644
---- a/cinder/templates/deployment-scheduler.yaml
-+++ b/cinder/templates/deployment-scheduler.yaml
-@@ -27,6 +27,10 @@ metadata:
-   name: cinder-scheduler
-   annotations:
-     {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
-+{{- if .Values.helm3_hook }}
-+    helm.sh/hook: post-install,post-upgrade
-+    helm.sh/hook-weight: "2"
-+{{- end }}
-   labels:
- {{ tuple $envAll "cinder" "scheduler" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
- spec:
-diff --git a/cinder/templates/deployment-volume.yaml b/cinder/templates/deployment-volume.yaml
-index 240204256..eb9b17bfd 100644
---- a/cinder/templates/deployment-volume.yaml
-+++ b/cinder/templates/deployment-volume.yaml
-@@ -29,6 +29,10 @@ metadata:
-   name: cinder-volume
-   annotations:
-     {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
-+{{- if .Values.helm3_hook }}
-+    helm.sh/hook: post-install,post-upgrade
-+    helm.sh/hook-weight: "2"
-+{{- end }}
-   labels:
- {{ tuple $envAll "cinder" "volume" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
- spec:
--- 
-2.43.0
-

upstream/helm-charts/openstack-helm/debian/deb_folder/patches/OSH-0010-Fixing-nova-helm-release-hooks-and-weights.patch

@@ -1,59 +0,0 @@
-From 4101e7a3a975d6385097cd9283e2ffe86627bbe1 Mon Sep 17 00:00:00 2001
-From: Thales Elero Cervi <thaleselero.cervi@windriver.com>
-Date: Wed, 21 Sep 2022 16:43:01 -0300
-Subject: [PATCH] Fixing nova helm release hooks and weights
-
-The relation of dependency for nova resources is not working
-with helmv3 since several jobs have post-install hooks and are
-dependencies of other jobs that have no hooks.
-
-The jobs without hooks are deployed during an installation phase
-that is never complete since the dependency jobs are hooked to be
-deployed on post-install phase.
-
-This change includes helm-hooks for the boostrap and cell-setup jobs.
-The weights will define the order each one will be deployed.
-
-Signed-off-by: Thales Elero Cervi <thaleselero.cervi@windriver.com>
-Change-Id: I924302b6fd41d4fe6fe7bae5577de7d6d590abb2
-[ upversioned of changes to openstack-helm for epoxy release ]
-Signed-off-by: cfigueir <carlos.figueiredofelipe@windriver.com>
----
- nova/templates/job-bootstrap.yaml  | 5 +++++
- nova/templates/job-cell-setup.yaml | 4 ++++
- 2 files changed, 9 insertions(+)
-
-diff --git a/nova/templates/job-bootstrap.yaml b/nova/templates/job-bootstrap.yaml
-index 2aa62d21d..cddc74439 100644
---- a/nova/templates/job-bootstrap.yaml
-+++ b/nova/templates/job-bootstrap.yaml
-@@ -30,6 +30,11 @@ metadata:
-   name: {{ $serviceAccountName | quote }}
-   labels:
- {{ tuple $envAll "nova" "bootstrap" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
-+  annotations:
-+{{- if .Values.helm3_hook }}
-+    helm.sh/hook: post-install,post-upgrade
-+    helm.sh/hook-weight: "2"
-+{{- end }}
- spec:
-   backoffLimit: {{ $backoffLimit }}
-   template:
-diff --git a/nova/templates/job-cell-setup.yaml b/nova/templates/job-cell-setup.yaml
-index f9d2e084a..0fd99e023 100644
---- a/nova/templates/job-cell-setup.yaml
-+++ b/nova/templates/job-cell-setup.yaml
-@@ -25,6 +25,10 @@ metadata:
-   labels:
- {{ tuple $envAll "nova" "cell-setup" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
-   annotations:
-+{{- if .Values.helm3_hook }}
-+    helm.sh/hook: post-install,post-upgrade
-+    helm.sh/hook-weight: "1"
-+{{- end }}
-     {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
- {{ tuple "nova_cell_setup" $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 }}
- spec:
--- 
-2.43.0
-

upstream/helm-charts/openstack-helm/debian/deb_folder/patches/OSH-0011-Fixing-keystone-helm-release-hooks-and-weights.patch

@@ -1,44 +0,0 @@
-From 072b5e851e19543c6cb1b076109ce1774d73cf69 Mon Sep 17 00:00:00 2001
-From: Luan Nunes Utimura <LuanNunes.Utimura@windriver.com>
-Date: Tue, 20 Dec 2022 14:07:19 -0300
-Subject: [PATCH] Fixing keystone helm release hooks and weights
-
-Change-Id: I2131b82c2ffdaec9931b63c98422dbdceb615475
-[ upversioned of changes to openstack-helm for epoxy release ]
-Signed-off-by: cfigueir <carlos.figueiredofelipe@windriver.com>
----
- keystone/templates/secret-credential-keys.yaml | 3 ++-
- keystone/templates/secret-fernet-keys.yaml     | 3 ++-
- 2 files changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/keystone/templates/secret-credential-keys.yaml b/keystone/templates/secret-credential-keys.yaml
-index 8a2c5eb5b..307bb72bd 100644
---- a/keystone/templates/secret-credential-keys.yaml
-+++ b/keystone/templates/secret-credential-keys.yaml
-@@ -21,7 +21,8 @@ metadata:
-   name: keystone-credential-keys
- {{- if .Values.helm3_hook }}
-   annotations:
--    "helm.sh/hook": pre-install
-+    "helm.sh/hook": pre-install,post-upgrade
-+    "helm.sh/hook-weight": "-6"
- {{- end }}
- type: Opaque
- data:
-diff --git a/keystone/templates/secret-fernet-keys.yaml b/keystone/templates/secret-fernet-keys.yaml
-index 8af097309..a7eddd14e 100644
---- a/keystone/templates/secret-fernet-keys.yaml
-+++ b/keystone/templates/secret-fernet-keys.yaml
-@@ -22,7 +22,8 @@ metadata:
-   name: keystone-fernet-keys
- {{- if .Values.helm3_hook }}
-   annotations:
--    "helm.sh/hook": pre-install
-+    "helm.sh/hook": pre-install,post-upgrade
-+    "helm.sh/hook-weight": "-6"
- {{- end }}
- type: Opaque
- data:
--- 
-2.43.0
-

upstream/helm-charts/openstack-helm/debian/deb_folder/patches/OSH-0012-Update-user-in-cinder-related-pods.patch

@@ -1,98 +0,0 @@
-From a3881b2e84539e009b4c19c33bce80eb23644325 Mon Sep 17 00:00:00 2001
-From: Rafael Falcao <rafael.vieirafalcao@windriver.com>
-Date: Tue, 18 Apr 2023 15:28:09 -0300
-Subject: [PATCH] Update user to execute commands in cinder related pods
-
-The cinder-volume container needs to be able to run qemu-img
-commands. The current user used to execute those commands
-(keystone) does not have the permissions to do that.
-We are updating the runAsUser parameter to execute all
-cinder related containers as cinder user. Doing that the
-user of the container will have the correct permissions
-to perform its operations.
-
-Signed-off-by: Rafael Falcao <rafael.vieirafalcao@windriver.com>
-Change-Id: I9bffd45208ab2992e380b2226c8e99639bc3f514
-[ upversioned of changes to openstack-helm for epoxy release ]
-Signed-off-by: cfigueir <carlos.figueiredofelipe@windriver.com>
----
- cinder/values.yaml | 16 ++++++++--------
- 1 file changed, 8 insertions(+), 8 deletions(-)
-
-diff --git a/cinder/values.yaml b/cinder/values.yaml
-index 6b335be17..a30e61f7d 100644
---- a/cinder/values.yaml
-+++ b/cinder/values.yaml
-@@ -79,14 +79,14 @@ pod:
-   security_context:
-     volume_usage_audit:
-       pod:
--        runAsUser: 42424
-+        runAsUser: 42425
-       container:
-         cinder_volume_usage_audit:
-           readOnlyRootFilesystem: true
-           allowPrivilegeEscalation: false
-     cinder_api:
-       pod:
--        runAsUser: 42424
-+        runAsUser: 42425
-       container:
-         ceph_coordination_volume_perms:
-           runAsUser: 0
-@@ -96,7 +96,7 @@ pod:
-           allowPrivilegeEscalation: false
-     cinder_backup:
-       pod:
--        runAsUser: 42424
-+        runAsUser: 42425
-       container:
-         ceph_backup_keyring_placement:
-           runAsUser: 0
-@@ -118,7 +118,7 @@ pod:
-           runAsUser: 0
-     cinder_scheduler:
-       pod:
--        runAsUser: 42424
-+        runAsUser: 42425
-       container:
-         ceph_coordination_volume_perms:
-           runAsUser: 0
-@@ -128,7 +128,7 @@ pod:
-           allowPrivilegeEscalation: false
-     cinder_volume:
-       pod:
--        runAsUser: 42424
-+        runAsUser: 42425
-       container:
-         ceph_keyring_placement:
-           runAsUser: 0
-@@ -146,7 +146,7 @@ pod:
-           readOnlyRootFilesystem: true
-     storage_init:
-       pod:
--        runAsUser: 42424
-+        runAsUser: 42425
-       container:
-         ceph_keyring_placement:
-           runAsUser: 0
-@@ -156,14 +156,14 @@ pod:
-           allowPrivilegeEscalation: false
-     clean:
-       pod:
--        runAsUser: 42424
-+        runAsUser: 42425
-       container:
-         cinder_volume_rbd_secret_clean:
-           readOnlyRootFilesystem: true
-           allowPrivilegeEscalation: false
-     create_internal_tenant:
-       pod:
--        runAsUser: 42424
-+        runAsUser: 42425
-       container:
-         create_internal_tenant:
-           readOnlyRootFilesystem: true
--- 
-2.43.0
-

upstream/helm-charts/openstack-helm/debian/deb_folder/patches/OSH-0013-Support-ceph-dev-version-during-pool-creation.patch

@@ -1,166 +0,0 @@
-From f471e056abe469a45f8af696f20457ae73c6ac53 Mon Sep 17 00:00:00 2001
-From: Luan Nunes Utimura <LuanNunes.Utimura@windriver.com>
-Date: Mon, 29 May 2023 20:15:58 -0300
-Subject: [PATCH] Support ceph dev version during pool creation
-
-It has been observed that, right after applying stx-openstack, an alarm
-related to Ceph is being triggered by the platform due to pools not
-being associated with the applications using them.
-
-According the official documentation, the pool/application association
-is mandatory for Ceph releases equal to or greater than the Luminous
-release (12.2.13).
-
-In theory, this is already handled in openstack-helm's helm charts, such
-as in Cinder's `storage-init` job. One can even see that it only
-performs the association for Ceph major versions >= 12, which matches
-the official documentation's requirements.
-
-However, the code in these `storage-init` jobs assumes that `ceph mgr
-versions` will always report a numeric version, e.g.:
-
-- `ceph version 14.2.15-2-g7407245e7b \
-    (7407245e7b329ac9d475f61e2cbf9f8c616505d6) nautilus (stable)`
-
-The problem is that this is not always the case, especially after the
-platform was migrated to Debian, which Ceph started to report:
-
-- `ceph version Development (no_version) nautilus (stable)`
-
-As a result, version checks like the one done in Cinder's `storage-init`
-job are failing and consequently pools are being created without the
-necessary associations.
-
-Therefore, this change updates the storage init scripts for Cinder and
-Glance to account for the scenario where a development version of Ceph
-is used.
-
-Signed-off-by: Luan Nunes Utimura <LuanNunes.Utimura@windriver.com>
-
-Change-Id: I464f8a1f8dcb0a5c6523647690723517dd1281b4
-[ upversioned of changes to openstack-helm for epoxy release ]
-Signed-off-by: cfigueir <carlos.figueiredofelipe@windriver.com>
----
- .../templates/bin/_backup-storage-init.sh.tpl | 26 +++++++++++++++++-
- cinder/templates/bin/_storage-init.sh.tpl     | 26 +++++++++++++++++-
- glance/templates/bin/_storage-init.sh.tpl     | 27 +++++++++++++++++--
- 3 files changed, 75 insertions(+), 4 deletions(-)
-
-diff --git a/cinder/templates/bin/_backup-storage-init.sh.tpl b/cinder/templates/bin/_backup-storage-init.sh.tpl
-index a50ecb74c..1601172a1 100644
---- a/cinder/templates/bin/_backup-storage-init.sh.tpl
-+++ b/cinder/templates/bin/_backup-storage-init.sh.tpl
-@@ -32,8 +32,32 @@ elif [[ $STORAGE_BACKEND =~ 'cinder.backup.drivers.ceph' ]]; then
-   ceph -s
-   function ensure_pool () {
-     ceph osd pool stats $1 || ceph osd pool create $1 $2
--    if [[ $(ceph mgr versions | awk '/version/{print $3}' | cut -d. -f1) -ge 12 ]]; then
-+
-+    # As of the Luminous release, it is mandatory to enable applications on pools.
-+    # To find out if the release is greater than (or equal to) Luminous, just check
-+    # if Ceph's major version is >= 12.
-+    CEPH_MAJOR_VERSION=$(ceph mgr versions | awk '/version/{print $3}' | cut -d. -f1)
-+    if [[ $CEPH_MAJOR_VERSION -ge 12 ]]; then
-+      ceph osd pool application enable $1 $3
-+    else
-+      # If Ceph's major version shows as "Development", there is chance that it is
-+      # still greater than (or equal to) Luminous. In this case, just check the
-+      # release name against the name of releases prior to Luminous.
-+      CEPH_RELEASE_NAME=$(ceph mgr versions | awk '/version/{print $5}')
-+      CEPH_RELEASES_PRIOR_TO_LUMINOUS=(
-+        kraken
-+        jewel
-+        infernalis
-+        hammer
-+        giant
-+        firefly
-+        emperor
-+        dumpling
-+      )
-+      if [[ $CEPH_MAJOR_VERSION -eq "Development" && \
-+            !(" ${CEPH_RELEASES_PRIOR_TO_LUMINOUS[*]} " =~ " $CEPH_RELEASE_NAME ") ]]; then
-         ceph osd pool application enable $1 $3
-+      fi
-     fi
-     size_protection=$(ceph osd pool get $1 nosizechange | cut -f2 -d: | tr -d '[:space:]')
-     ceph osd pool set $1 nosizechange 0
-diff --git a/cinder/templates/bin/_storage-init.sh.tpl b/cinder/templates/bin/_storage-init.sh.tpl
-index 4f945e2cd..4d1c28e4e 100644
---- a/cinder/templates/bin/_storage-init.sh.tpl
-+++ b/cinder/templates/bin/_storage-init.sh.tpl
-@@ -29,8 +29,32 @@ if [ "x$STORAGE_BACKEND" == "xcinder.volume.drivers.rbd.RBDDriver" ]; then
-   ceph -s
-   function ensure_pool () {
-     ceph osd pool stats $1 || ceph osd pool create $1 $2
--    if [[ $(ceph mgr versions | awk '/version/{print $3}' | cut -d. -f1) -ge 12 ]]; then
-+
-+    # As of the Luminous release, it is mandatory to enable applications on pools.
-+    # To find out if the release is greater than (or equal to) Luminous, just check
-+    # if Ceph's major version is >= 12.
-+    CEPH_MAJOR_VERSION=$(ceph mgr versions | awk '/version/{print $3}' | cut -d. -f1)
-+    if [[ $CEPH_MAJOR_VERSION -ge 12 ]]; then
-+      ceph osd pool application enable $1 $3
-+    else
-+      # If Ceph's major version shows as "Development", there is chance that it is
-+      # still greater than (or equal to) Luminous. In this case, just check the
-+      # release name against the name of releases prior to Luminous.
-+      CEPH_RELEASE_NAME=$(ceph mgr versions | awk '/version/{print $5}')
-+      CEPH_RELEASES_PRIOR_TO_LUMINOUS=(
-+        kraken
-+        jewel
-+        infernalis
-+        hammer
-+        giant
-+        firefly
-+        emperor
-+        dumpling
-+      )
-+      if [[ $CEPH_MAJOR_VERSION -eq "Development" && \
-+            !(" ${CEPH_RELEASES_PRIOR_TO_LUMINOUS[*]} " =~ " $CEPH_RELEASE_NAME ") ]]; then
-         ceph osd pool application enable $1 $3
-+      fi
-     fi
-     size_protection=$(ceph osd pool get $1 nosizechange | cut -f2 -d: | tr -d '[:space:]')
-     ceph osd pool set $1 nosizechange 0
-diff --git a/glance/templates/bin/_storage-init.sh.tpl b/glance/templates/bin/_storage-init.sh.tpl
-index 2ce3b1937..241c62e96 100644
---- a/glance/templates/bin/_storage-init.sh.tpl
-+++ b/glance/templates/bin/_storage-init.sh.tpl
-@@ -45,9 +45,32 @@ elif [ "x$STORAGE_BACKEND" == "xrbd" ]; then
-   ceph -s
-   function ensure_pool () {
-     ceph osd pool stats "$1" || ceph osd pool create "$1" "$2"
--    local test_version
--    if [[ $(ceph mgr versions | awk '/version/{print $3}' | cut -d. -f1) -ge 12 ]]; then
-+
-+    # As of the Luminous release, it is mandatory to enable applications on pools.
-+    # To find out if the release is greater than (or equal to) Luminous, just check
-+    # if Ceph's major version is >= 12.
-+    CEPH_MAJOR_VERSION=$(ceph mgr versions | awk '/version/{print $3}' | cut -d. -f1)
-+    if [[ $CEPH_MAJOR_VERSION -ge 12 ]]; then
-+      ceph osd pool application enable $1 $3
-+    else
-+      # If Ceph's major version shows as "Development", there is chance that it is
-+      # still greater than (or equal to) Luminous. In this case, just check the
-+      # release name against the name of releases prior to Luminous.
-+      CEPH_RELEASE_NAME=$(ceph mgr versions | awk '/version/{print $5}')
-+      CEPH_RELEASES_PRIOR_TO_LUMINOUS=(
-+        kraken
-+        jewel
-+        infernalis
-+        hammer
-+        giant
-+        firefly
-+        emperor
-+        dumpling
-+      )
-+      if [[ $CEPH_MAJOR_VERSION -eq "Development" && \
-+            !(" ${CEPH_RELEASES_PRIOR_TO_LUMINOUS[*]} " =~ " $CEPH_RELEASE_NAME ") ]]; then
-         ceph osd pool application enable $1 $3
-+      fi
-     fi
-     ceph osd pool set "$1" size "${RBD_POOL_REPLICATION}" --yes-i-really-mean-it
-     ceph osd pool set "$1" crush_rule "${RBD_POOL_CRUSH_RULE}"
--- 
-2.43.0
-

upstream/helm-charts/openstack-helm/debian/deb_folder/patches/OSH-0015-Add-service-tokens-for-Cinder-auth.patch

@@ -1,43 +0,0 @@
-From 8bc636951d19d74d33ceaf5ac28cbd7052df6934 Mon Sep 17 00:00:00 2001
-From: Lucas de Ataides <lucas.deataidesbarreto@windriver.com>
-Date: Tue, 26 Sep 2023 16:16:04 -0300
-Subject: [PATCH] Add service tokens for Cinder auth
-
-Since version 22.1.0 of Cinder, it requires Nova to configure service
-tokens in order to manipulate volumes [1], meaning that if that's not
-configured, Nova will not be able to create VMs by volume. The commit
-configured for StarlingX's openstack-helm package does not include this
-configuration, which was done later by [2] and [3].
-
-This patch includes commits [2] and [3] in order to allow Nova to create
-VMs by volumes.
-
-[1] https://docs.openstack.org/releasenotes/cinder/2023.1.html#upgrade-notes
-[2] https://opendev.org/openstack/openstack-helm/commit/91c8a5baf2cf2f0dddded57d88f00ea11dd4ff4a
-[3] https://opendev.org/openstack/openstack-helm/commit/7d39af25fddbf5fc67e15c92a9265f28567a214e
-
-Signed-off-by: Lucas de Ataides <lucas.deataidesbarreto@windriver.com>
-[ Upversioned openstack-helm-infra base commit to Caracal ]
-Signed-off-by: Daniel Caires <DanielMarques.Caires@windriver.com>
-[ upversioned of changes to openstack-helm for epoxy release ]
-Signed-off-by: cfigueir <carlos.figueiredofelipe@windriver.com>
----
- nova/values.yaml | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/nova/values.yaml b/nova/values.yaml
-index 45613eb42..f330471d8 100644
---- a/nova/values.yaml
-+++ b/nova/values.yaml
-@@ -1471,6 +1471,8 @@ conf:
-       auth_version: v3
-     cinder:
-       catalog_info: volumev3::internalURL
-+      auth_url: null
-+      auth_type: password
-     database:
-       max_retries: -1
-     api_database:
--- 
-2.43.0
-

upstream/helm-charts/openstack-helm/debian/deb_folder/patches/OSH-0017-Add-pre-apply-cleanup-Job-to-STX-O-Helm-charts.patch

@@ -1,603 +0,0 @@
-From 6acc77aa4c3fd3fbc42ff4a49b0f568a57ce6181 Mon Sep 17 00:00:00 2001
-From: Daniel Caires <DanielMarques.Caires@windriver.com>
-Date: Mon, 19 Aug 2024 08:15:57 -0300
-Subject: [PATCH] Add pre-apply cleanup Job to STX-O Helm charts
-
-After verification, it was noted that it is not possible
-to reapply STX-Openstack after a helm-override that changes
-a job template since the template section of job is
-immutable or not updatable
-
-Due to the use of kubernetes-entrypoint DEPENDENCY_JOBS it was
-also noted that deleting the jobs after the application is applied
-it is not an option. If this happened, the application would not
-come back after a host reboot.
-
-This patch creates a Job template that runs right before the Helm
-chart is installed ou updated. This Job deletes all jobs that have
-its status as completed.
-
-[ upversioned of changes to openstack-helm for epoxy release ]
-Signed-off-by: cfigueir <carlos.figueiredofelipe@windriver.com>
----
- aodh/templates/job-pre-apply-cleanup.yaml      | 18 ++++++++++++++++++
- aodh/values.yaml                               |  2 ++
- barbican/templates/job-pre-apply-cleanup.yaml  | 18 ++++++++++++++++++
- barbican/values.yaml                           |  2 ++
- .../templates/job-pre-apply-cleanup.yaml       | 18 ++++++++++++++++++
- ceilometer/values.yaml                         |  2 ++
- cinder/templates/job-pre-apply-cleanup.yaml    | 18 ++++++++++++++++++
- cinder/values.yaml                             |  2 ++
- glance/templates/job-pre-apply-cleanup.yaml    | 18 ++++++++++++++++++
- glance/values.yaml                             |  2 ++
- heat/templates/job-pre-apply-cleanup.yaml      | 18 ++++++++++++++++++
- heat/values.yaml                               |  2 ++
- horizon/templates/job-pre-apply-cleanup.yaml   | 18 ++++++++++++++++++
- horizon/values.yaml                            |  2 ++
- ironic/templates/job-pre-apply-cleanup.yaml    | 18 ++++++++++++++++++
- ironic/values.yaml                             |  2 ++
- keystone/templates/job-pre-apply-cleanup.yaml  | 18 ++++++++++++++++++
- keystone/values.yaml                           |  2 ++
- neutron/templates/job-pre-apply-cleanup.yaml   | 18 ++++++++++++++++++
- neutron/values.yaml                            |  2 ++
- nova/templates/job-pre-apply-cleanup.yaml      | 18 ++++++++++++++++++
- nova/values.yaml                               |  2 ++
- placement/templates/job-pre-apply-cleanup.yaml | 18 ++++++++++++++++++
- placement/values.yaml                          |  2 ++
- 24 files changed, 240 insertions(+)
- create mode 100644 aodh/templates/job-pre-apply-cleanup.yaml
- create mode 100644 barbican/templates/job-pre-apply-cleanup.yaml
- create mode 100644 ceilometer/templates/job-pre-apply-cleanup.yaml
- create mode 100644 cinder/templates/job-pre-apply-cleanup.yaml
- create mode 100644 glance/templates/job-pre-apply-cleanup.yaml
- create mode 100644 heat/templates/job-pre-apply-cleanup.yaml
- create mode 100644 horizon/templates/job-pre-apply-cleanup.yaml
- create mode 100644 ironic/templates/job-pre-apply-cleanup.yaml
- create mode 100644 keystone/templates/job-pre-apply-cleanup.yaml
- create mode 100644 neutron/templates/job-pre-apply-cleanup.yaml
- create mode 100644 nova/templates/job-pre-apply-cleanup.yaml
- create mode 100644 placement/templates/job-pre-apply-cleanup.yaml
-
-diff --git a/aodh/templates/job-pre-apply-cleanup.yaml b/aodh/templates/job-pre-apply-cleanup.yaml
-new file mode 100644
-index 000000000..ba0f0df36
---- /dev/null
-+++ b/aodh/templates/job-pre-apply-cleanup.yaml
-@@ -0,0 +1,18 @@
-+{{/*
-+Licensed under the Apache License, Version 2.0 (the "License");
-+you may not use this file except in compliance with the License.
-+You may obtain a copy of the License at
-+
-+   http://www.apache.org/licenses/LICENSE-2.0
-+
-+Unless required by applicable law or agreed to in writing, software
-+distributed under the License is distributed on an "AS IS" BASIS,
-+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+See the License for the specific language governing permissions and
-+limitations under the License.
-+*/}}
-+
-+{{- if .Values.manifests.job_pre_apply_cleanup }}
-+{{- $preApplyCleanupJob := dict "envAll" . "serviceName" "aodh" -}}
-+{{ $preApplyCleanupJob | include "helm-toolkit.manifests.job_pre_apply_cleanup" }}
-+{{- end }}
-\ No newline at end of file
-diff --git a/aodh/values.yaml b/aodh/values.yaml
-index 56882dcc9..10608103f 100644
---- a/aodh/values.yaml
-+++ b/aodh/values.yaml
-@@ -59,6 +59,7 @@ images:
-     aodh_alarms_cleaner: docker.io/kolla/ubuntu-source-aodh-base:ocata
-     dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal
-     image_repo_sync: docker.io/docker:17.07.0
-+    pre_apply_cleanup: docker.io/starlingx/stx-vault-manager:master-debian-stable-latest
-   pull_policy: "IfNotPresent"
-   local_registry:
-     active: false
-@@ -727,6 +728,7 @@ manifests:
-   deployment_listener: true
-   deployment_notifier: true
-   ingress_api: true
-+  job_pre_apply_cleanup: true
-   job_bootstrap: true
-   job_db_drop: false
-   job_db_init: true
-diff --git a/barbican/templates/job-pre-apply-cleanup.yaml b/barbican/templates/job-pre-apply-cleanup.yaml
-new file mode 100644
-index 000000000..5755d4ec4
---- /dev/null
-+++ b/barbican/templates/job-pre-apply-cleanup.yaml
-@@ -0,0 +1,18 @@
-+{{/*
-+Licensed under the Apache License, Version 2.0 (the "License");
-+you may not use this file except in compliance with the License.
-+You may obtain a copy of the License at
-+
-+   http://www.apache.org/licenses/LICENSE-2.0
-+
-+Unless required by applicable law or agreed to in writing, software
-+distributed under the License is distributed on an "AS IS" BASIS,
-+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+See the License for the specific language governing permissions and
-+limitations under the License.
-+*/}}
-+
-+{{- if .Values.manifests.job_pre_apply_cleanup }}
-+{{- $preApplyCleanupJob := dict "envAll" . "serviceName" "barbican" -}}
-+{{ $preApplyCleanupJob | include "helm-toolkit.manifests.job_pre_apply_cleanup" }}
-+{{- end }}
-\ No newline at end of file
-diff --git a/barbican/values.yaml b/barbican/values.yaml
-index 4264341bb..0f7a1c96f 100644
---- a/barbican/values.yaml
-+++ b/barbican/values.yaml
-@@ -48,6 +48,7 @@ images:
-     barbican_api: quay.io/airshipit/barbican:2024.1-ubuntu_jammy
-     rabbit_init: docker.io/rabbitmq:3.13-management
-     image_repo_sync: docker.io/docker:17.07.0
-+    pre_apply_cleanup: docker.io/starlingx/stx-vault-manager:master-debian-stable-latest
-   pull_policy: "IfNotPresent"
-   local_registry:
-     active: false
-@@ -730,6 +731,7 @@ manifests:
-   configmap_etc: true
-   deployment_api: true
-   ingress_api: true
-+  job_pre_apply_cleanup: true
-   job_bootstrap: true
-   job_db_init: true
-   job_db_sync: true
-diff --git a/ceilometer/templates/job-pre-apply-cleanup.yaml b/ceilometer/templates/job-pre-apply-cleanup.yaml
-new file mode 100644
-index 000000000..1900b9d8e
---- /dev/null
-+++ b/ceilometer/templates/job-pre-apply-cleanup.yaml
-@@ -0,0 +1,18 @@
-+{{/*
-+Licensed under the Apache License, Version 2.0 (the "License");
-+you may not use this file except in compliance with the License.
-+You may obtain a copy of the License at
-+
-+   http://www.apache.org/licenses/LICENSE-2.0
-+
-+Unless required by applicable law or agreed to in writing, software
-+distributed under the License is distributed on an "AS IS" BASIS,
-+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+See the License for the specific language governing permissions and
-+limitations under the License.
-+*/}}
-+
-+{{- if .Values.manifests.job_pre_apply_cleanup }}
-+{{- $preApplyCleanupJob := dict "envAll" . "serviceName" "ceilometer" -}}
-+{{ $preApplyCleanupJob | include "helm-toolkit.manifests.job_pre_apply_cleanup" }}
-+{{- end }}
-\ No newline at end of file
-diff --git a/ceilometer/values.yaml b/ceilometer/values.yaml
-index 54d449d93..4235ede04 100644
---- a/ceilometer/values.yaml
-+++ b/ceilometer/values.yaml
-@@ -63,6 +63,7 @@ images:
-     ceilometer_notification: docker.io/kolla/ubuntu-source-ceilometer-notification:wallaby
-     dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal
-     image_repo_sync: docker.io/docker:17.07.0
-+    pre_apply_cleanup: docker.io/starlingx/stx-vault-manager:master-debian-stable-latest
-   pull_policy: "IfNotPresent"
-   local_registry:
-     active: false
-@@ -2128,6 +2129,7 @@ manifests:
-   daemonset_ipmi: false
-   deployment_notification: true
-   ingress_api: true
-+  job_pre_apply_cleanup: true
-   job_bootstrap: true
-   job_db_drop: false
-   job_db_init: true
-diff --git a/cinder/templates/job-pre-apply-cleanup.yaml b/cinder/templates/job-pre-apply-cleanup.yaml
-new file mode 100644
-index 000000000..db570af64
---- /dev/null
-+++ b/cinder/templates/job-pre-apply-cleanup.yaml
-@@ -0,0 +1,18 @@
-+{{/*
-+Licensed under the Apache License, Version 2.0 (the "License");
-+you may not use this file except in compliance with the License.
-+You may obtain a copy of the License at
-+
-+   http://www.apache.org/licenses/LICENSE-2.0
-+
-+Unless required by applicable law or agreed to in writing, software
-+distributed under the License is distributed on an "AS IS" BASIS,
-+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+See the License for the specific language governing permissions and
-+limitations under the License.
-+*/}}
-+
-+{{- if .Values.manifests.job_pre_apply_cleanup }}
-+{{- $preApplyCleanupJob := dict "envAll" . "serviceName" "cinder" -}}
-+{{ $preApplyCleanupJob | include "helm-toolkit.manifests.job_pre_apply_cleanup" }}
-+{{- end }}
-\ No newline at end of file
-diff --git a/cinder/values.yaml b/cinder/values.yaml
-index 5246c20f8..8179fc8f6 100644
---- a/cinder/values.yaml
-+++ b/cinder/values.yaml
-@@ -61,6 +61,7 @@ images:
-     cinder_backup_storage_init: docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_jammy
-     dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal
-     image_repo_sync: docker.io/docker:17.07.0
-+    pre_apply_cleanup: docker.io/starlingx/stx-vault-manager:master-debian-stable-latest
-   pull_policy: "IfNotPresent"
-   local_registry:
-     active: false
-@@ -1479,6 +1480,7 @@ manifests:
-   deployment_scheduler: true
-   deployment_volume: true
-   ingress_api: true
-+  job_pre_apply_cleanup: true
-   job_backup_storage_init: true
-   job_bootstrap: true
-   job_clean: true
-diff --git a/glance/templates/job-pre-apply-cleanup.yaml b/glance/templates/job-pre-apply-cleanup.yaml
-new file mode 100644
-index 000000000..2e4f2e11f
---- /dev/null
-+++ b/glance/templates/job-pre-apply-cleanup.yaml
-@@ -0,0 +1,18 @@
-+{{/*
-+Licensed under the Apache License, Version 2.0 (the "License");
-+you may not use this file except in compliance with the License.
-+You may obtain a copy of the License at
-+
-+   http://www.apache.org/licenses/LICENSE-2.0
-+
-+Unless required by applicable law or agreed to in writing, software
-+distributed under the License is distributed on an "AS IS" BASIS,
-+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+See the License for the specific language governing permissions and
-+limitations under the License.
-+*/}}
-+
-+{{- if .Values.manifests.job_pre_apply_cleanup }}
-+{{- $preApplyCleanupJob := dict "envAll" . "serviceName" "glance" -}}
-+{{ $preApplyCleanupJob | include "helm-toolkit.manifests.job_pre_apply_cleanup" }}
-+{{- end }}
-\ No newline at end of file
-diff --git a/glance/values.yaml b/glance/values.yaml
-index 31a0cafe7..9318db0eb 100644
---- a/glance/values.yaml
-+++ b/glance/values.yaml
-@@ -50,6 +50,7 @@ images:
-     bootstrap: quay.io/airshipit/heat:2024.1-ubuntu_jammy
-     dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal
-     image_repo_sync: docker.io/docker:17.07.0
-+    pre_apply_cleanup: docker.io/starlingx/stx-vault-manager:master-debian-stable-latest
-   pull_policy: "IfNotPresent"
-   local_registry:
-     active: false
-@@ -1047,6 +1048,7 @@ manifests:
-   configmap_etc: true
-   deployment_api: true
-   ingress_api: true
-+  job_pre_apply_cleanup: true
-   job_bootstrap: true
-   job_clean: true
-   job_db_init: true
-diff --git a/heat/templates/job-pre-apply-cleanup.yaml b/heat/templates/job-pre-apply-cleanup.yaml
-new file mode 100644
-index 000000000..be97d27d5
---- /dev/null
-+++ b/heat/templates/job-pre-apply-cleanup.yaml
-@@ -0,0 +1,18 @@
-+{{/*
-+Licensed under the Apache License, Version 2.0 (the "License");
-+you may not use this file except in compliance with the License.
-+You may obtain a copy of the License at
-+
-+   http://www.apache.org/licenses/LICENSE-2.0
-+
-+Unless required by applicable law or agreed to in writing, software
-+distributed under the License is distributed on an "AS IS" BASIS,
-+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+See the License for the specific language governing permissions and
-+limitations under the License.
-+*/}}
-+
-+{{- if .Values.manifests.job_pre_apply_cleanup }}
-+{{- $preApplyCleanupJob := dict "envAll" . "serviceName" "heat" -}}
-+{{ $preApplyCleanupJob | include "helm-toolkit.manifests.job_pre_apply_cleanup" }}
-+{{- end }}
-\ No newline at end of file
-diff --git a/heat/values.yaml b/heat/values.yaml
-index 814f62aa6..356fa084a 100644
---- a/heat/values.yaml
-+++ b/heat/values.yaml
-@@ -58,6 +58,7 @@ images:
-     heat_purge_deleted: quay.io/airshipit/heat:2024.1-ubuntu_jammy
-     dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal
-     image_repo_sync: docker.io/docker:17.07.0
-+    pre_apply_cleanup: docker.io/starlingx/stx-vault-manager:master-debian-stable-latest
-   pull_policy: "IfNotPresent"
-   local_registry:
-     active: false
-@@ -1293,6 +1294,7 @@ manifests:
-   ingress_api: true
-   ingress_cfn: true
-   ingress_cloudwatch: false
-+  job_pre_apply_cleanup: true
-   job_bootstrap: true
-   job_db_init: true
-   job_db_sync: true
-diff --git a/horizon/templates/job-pre-apply-cleanup.yaml b/horizon/templates/job-pre-apply-cleanup.yaml
-new file mode 100644
-index 000000000..258ad6f39
---- /dev/null
-+++ b/horizon/templates/job-pre-apply-cleanup.yaml
-@@ -0,0 +1,18 @@
-+{{/*
-+Licensed under the Apache License, Version 2.0 (the "License");
-+you may not use this file except in compliance with the License.
-+You may obtain a copy of the License at
-+
-+   http://www.apache.org/licenses/LICENSE-2.0
-+
-+Unless required by applicable law or agreed to in writing, software
-+distributed under the License is distributed on an "AS IS" BASIS,
-+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+See the License for the specific language governing permissions and
-+limitations under the License.
-+*/}}
-+
-+{{- if .Values.manifests.job_pre_apply_cleanup }}
-+{{- $preApplyCleanupJob := dict "envAll" . "serviceName" "horizon" -}}
-+{{ $preApplyCleanupJob | include "helm-toolkit.manifests.job_pre_apply_cleanup" }}
-+{{- end }}
-\ No newline at end of file
-diff --git a/horizon/values.yaml b/horizon/values.yaml
-index 1146acfac..cb55a480c 100644
---- a/horizon/values.yaml
-+++ b/horizon/values.yaml
-@@ -25,6 +25,7 @@ images:
-     test: docker.io/openstackhelm/osh-selenium:latest-ubuntu_jammy
-     dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal
-     image_repo_sync: docker.io/docker:17.07.0
-+    pre_apply_cleanup: docker.io/starlingx/stx-vault-manager:master-debian-stable-latest
-   pull_policy: "IfNotPresent"
-   local_registry:
-     active: false
-@@ -1394,6 +1395,7 @@ manifests:
-   configmap_logo: false
-   deployment: true
-   ingress_api: true
-+  job_pre_apply_cleanup: true
-   job_db_init: true
-   job_db_sync: true
-   job_db_drop: false
-diff --git a/ironic/templates/job-pre-apply-cleanup.yaml b/ironic/templates/job-pre-apply-cleanup.yaml
-new file mode 100644
-index 000000000..34c6af542
---- /dev/null
-+++ b/ironic/templates/job-pre-apply-cleanup.yaml
-@@ -0,0 +1,18 @@
-+{{/*
-+Licensed under the Apache License, Version 2.0 (the "License");
-+you may not use this file except in compliance with the License.
-+You may obtain a copy of the License at
-+
-+   http://www.apache.org/licenses/LICENSE-2.0
-+
-+Unless required by applicable law or agreed to in writing, software
-+distributed under the License is distributed on an "AS IS" BASIS,
-+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+See the License for the specific language governing permissions and
-+limitations under the License.
-+*/}}
-+
-+{{- if .Values.manifests.job_pre_apply_cleanup }}
-+{{- $preApplyCleanupJob := dict "envAll" . "serviceName" "ironic" -}}
-+{{ $preApplyCleanupJob | include "helm-toolkit.manifests.job_pre_apply_cleanup" }}
-+{{- end }}
-\ No newline at end of file
-diff --git a/ironic/values.yaml b/ironic/values.yaml
-index fb3e01f39..d35b3bed5 100644
---- a/ironic/values.yaml
-+++ b/ironic/values.yaml
-@@ -53,6 +53,7 @@ images:
-     ironic_pxe_http: docker.io/nginx:1.13.3
-     dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal
-     image_repo_sync: docker.io/docker:17.07.0
-+    pre_apply_cleanup: docker.io/starlingx/stx-vault-manager:master-debian-stable-latest
-   pull_policy: "IfNotPresent"
-   local_registry:
-     active: false
-@@ -808,6 +809,7 @@ manifests:
-   configmap_etc: true
-   deployment_api: true
-   ingress_api: true
-+  job_pre_apply_cleanup: true
-   job_bootstrap: true
-   job_db_drop: false
-   job_db_init: true
-diff --git a/keystone/templates/job-pre-apply-cleanup.yaml b/keystone/templates/job-pre-apply-cleanup.yaml
-new file mode 100644
-index 000000000..259ef91f7
---- /dev/null
-+++ b/keystone/templates/job-pre-apply-cleanup.yaml
-@@ -0,0 +1,18 @@
-+{{/*
-+Licensed under the Apache License, Version 2.0 (the "License");
-+you may not use this file except in compliance with the License.
-+You may obtain a copy of the License at
-+
-+   http://www.apache.org/licenses/LICENSE-2.0
-+
-+Unless required by applicable law or agreed to in writing, software
-+distributed under the License is distributed on an "AS IS" BASIS,
-+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+See the License for the specific language governing permissions and
-+limitations under the License.
-+*/}}
-+
-+{{- if .Values.manifests.job_pre_apply_cleanup }}
-+{{- $preApplyCleanupJob := dict "envAll" . "serviceName" "keystone" -}}
-+{{ $preApplyCleanupJob | include "helm-toolkit.manifests.job_pre_apply_cleanup" }}
-+{{- end }}
-\ No newline at end of file
-diff --git a/keystone/values.yaml b/keystone/values.yaml
-index e642d1cb4..7e43fd64c 100644
---- a/keystone/values.yaml
-+++ b/keystone/values.yaml
-@@ -52,6 +52,7 @@ images:
-     keystone_domain_manage: quay.io/airshipit/keystone:2024.1-ubuntu_jammy
-     dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal
-     image_repo_sync: docker.io/docker:17.07.0
-+    pre_apply_cleanup: docker.io/starlingx/stx-vault-manager:master-debian-stable-latest
-   pull_policy: "IfNotPresent"
-   local_registry:
-     active: false
-@@ -1125,6 +1126,7 @@ manifests:
-   cron_fernet_rotate: true
-   deployment_api: true
-   ingress_api: true
-+  job_pre_apply_cleanup: true
-   job_bootstrap: true
-   job_credential_cleanup: true
-   job_credential_setup: true
-diff --git a/neutron/templates/job-pre-apply-cleanup.yaml b/neutron/templates/job-pre-apply-cleanup.yaml
-new file mode 100644
-index 000000000..6fd7c757b
---- /dev/null
-+++ b/neutron/templates/job-pre-apply-cleanup.yaml
-@@ -0,0 +1,18 @@
-+{{/*
-+Licensed under the Apache License, Version 2.0 (the "License");
-+you may not use this file except in compliance with the License.
-+You may obtain a copy of the License at
-+
-+   http://www.apache.org/licenses/LICENSE-2.0
-+
-+Unless required by applicable law or agreed to in writing, software
-+distributed under the License is distributed on an "AS IS" BASIS,
-+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+See the License for the specific language governing permissions and
-+limitations under the License.
-+*/}}
-+
-+{{- if .Values.manifests.job_pre_apply_cleanup }}
-+{{- $preApplyCleanupJob := dict "envAll" . "serviceName" "neutron" -}}
-+{{ $preApplyCleanupJob | include "helm-toolkit.manifests.job_pre_apply_cleanup" }}
-+{{- end }}
-\ No newline at end of file
-diff --git a/neutron/values.yaml b/neutron/values.yaml
-index 688613ce7..6a1a3d243 100644
---- a/neutron/values.yaml
-+++ b/neutron/values.yaml
-@@ -49,6 +49,7 @@ images:
-     neutron_netns_cleanup_cron: quay.io/airshipit/neutron:2024.1-ubuntu_jammy
-     dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal
-     image_repo_sync: docker.io/docker:17.07.0
-+    pre_apply_cleanup: docker.io/starlingx/stx-vault-manager:master-debian-stable-latest
-   pull_policy: "IfNotPresent"
-   local_registry:
-     active: false
-@@ -2656,6 +2657,7 @@ manifests:
-   deployment_server: true
-   deployment_rpc_server: true
-   ingress_server: true
-+  job_pre_apply_cleanup: true
-   job_bootstrap: true
-   job_db_init: true
-   job_db_sync: true
-diff --git a/nova/templates/job-pre-apply-cleanup.yaml b/nova/templates/job-pre-apply-cleanup.yaml
-new file mode 100644
-index 000000000..0eb2fbaa2
---- /dev/null
-+++ b/nova/templates/job-pre-apply-cleanup.yaml
-@@ -0,0 +1,18 @@
-+{{/*
-+Licensed under the Apache License, Version 2.0 (the "License");
-+you may not use this file except in compliance with the License.
-+You may obtain a copy of the License at
-+
-+   http://www.apache.org/licenses/LICENSE-2.0
-+
-+Unless required by applicable law or agreed to in writing, software
-+distributed under the License is distributed on an "AS IS" BASIS,
-+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+See the License for the specific language governing permissions and
-+limitations under the License.
-+*/}}
-+
-+{{- if .Values.manifests.job_pre_apply_cleanup }}
-+{{- $preApplyCleanupJob := dict "envAll" . "serviceName" "nova" -}}
-+{{ $preApplyCleanupJob | include "helm-toolkit.manifests.job_pre_apply_cleanup" }}
-+{{- end }}
-\ No newline at end of file
-diff --git a/nova/values.yaml b/nova/values.yaml
-index ba5f5bb74..0551266ea 100644
---- a/nova/values.yaml
-+++ b/nova/values.yaml
-@@ -88,6 +88,7 @@ images:
-     test: docker.io/xrally/xrally-openstack:2.0.0
-     image_repo_sync: docker.io/docker:17.07.0
-     nova_wait_for_computes_init: gcr.io/google_containers/hyperkube-amd64:v1.11.6
-+    pre_apply_cleanup: docker.io/starlingx/stx-vault-manager:master-debian-stable-latest
-   local_registry:
-     active: false
-     exclude:
-@@ -2665,6 +2666,7 @@ manifests:
-   ingress_serialproxy: true
-   ingress_spiceproxy: true
-   ingress_osapi: true
-+  job_pre_apply_cleanup: true
-   job_bootstrap: true
-   job_storage_init: true
-   job_db_init: true
-diff --git a/placement/templates/job-pre-apply-cleanup.yaml b/placement/templates/job-pre-apply-cleanup.yaml
-new file mode 100644
-index 000000000..6cbf5c847
---- /dev/null
-+++ b/placement/templates/job-pre-apply-cleanup.yaml
-@@ -0,0 +1,18 @@
-+{{/*
-+Licensed under the Apache License, Version 2.0 (the "License");
-+you may not use this file except in compliance with the License.
-+You may obtain a copy of the License at
-+
-+   http://www.apache.org/licenses/LICENSE-2.0
-+
-+Unless required by applicable law or agreed to in writing, software
-+distributed under the License is distributed on an "AS IS" BASIS,
-+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+See the License for the specific language governing permissions and
-+limitations under the License.
-+*/}}
-+
-+{{- if .Values.manifests.job_pre_apply_cleanup }}
-+{{- $preApplyCleanupJob := dict "envAll" . "serviceName" "placement" -}}
-+{{ $preApplyCleanupJob | include "helm-toolkit.manifests.job_pre_apply_cleanup" }}
-+{{- end }}
-\ No newline at end of file
-diff --git a/placement/values.yaml b/placement/values.yaml
-index 66df39ed3..dd0ee4e07 100644
---- a/placement/values.yaml
-+++ b/placement/values.yaml
-@@ -40,6 +40,7 @@ images:
-     placement_db_sync: quay.io/airshipit/placement:2024.1-ubuntu_jammy
-     dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal
-     image_repo_sync: docker.io/docker:17.07.0
-+    pre_apply_cleanup: docker.io/starlingx/stx-vault-manager:master-debian-stable-latest
-   local_registry:
-     active: false
-     exclude:
-@@ -451,6 +452,7 @@ manifests:
-   configmap_bin: true
-   configmap_etc: true
-   deployment: true
-+  job_pre_apply_cleanup: true
-   job_image_repo_sync: true
-   job_db_init: true
-   job_db_sync: true
--- 
-2.43.0
-

upstream/helm-charts/openstack-helm/debian/deb_folder/patches/OSH-0018-Define-values-for-NetApp-volume-backend.patch

@@ -1,99 +0,0 @@
-From 2dc3ce7aed026f93c6f058991bea8174e43efa37 Mon Sep 17 00:00:00 2001
-From: Lucas de Ataides <lucas.deataidesbarreto@windriver.com>
-Date: Tue, 12 Nov 2024 10:17:18 -0300
-Subject: [PATCH] Define values for NetApp volume backend
-
-This patch creates the required values, updates the configmap and the
-volume deployment to allow the usage of the NetApp as a volume backend
-using either NFS or iSCSI
-
-This patch defines some values by default, but it does not add the
-netapp backend to the conf.cinder.DEFAULT.enabled_backends, so, by
-default, it won't be used. If an user wants to enable it, he can set
-some overrides to the conf.cinder.backends.netapp-nfs and
-conf.nfs_shares or the conf.cinder.backends.netapp-iscsi values, and
-add the netapp drivers to the enabled_backends list.
-
-Signed-off-by: Lucas de Ataides <lucas.deataidesbarreto@windriver.com>
-[ upversioned of changes to openstack-helm for epoxy release ]
-Signed-off-by: cfigueir <carlos.figueiredofelipe@windriver.com>
----
- cinder/templates/configmap-etc.yaml     |  1 +
- cinder/templates/deployment-volume.yaml |  4 ++++
- cinder/values.yaml                      | 26 +++++++++++++++++++++++++
- 3 files changed, 31 insertions(+)
-
-diff --git a/cinder/templates/configmap-etc.yaml b/cinder/templates/configmap-etc.yaml
-index 2e83f3740..685966fe1 100644
---- a/cinder/templates/configmap-etc.yaml
-+++ b/cinder/templates/configmap-etc.yaml
-@@ -179,6 +179,7 @@ data:
-   cinder_sudoers: {{ $envAll.Values.conf.cinder_sudoers | b64enc }}
-   rootwrap.conf: {{ $envAll.Values.conf.rootwrap | b64enc }}
-   resource_filters.json: {{ toJson .Values.conf.resource_filters | b64enc }}
-+  nfs.shares: {{ $envAll.Values.conf.nfs_shares | b64enc }}
- {{- range $key, $value := $envAll.Values.conf.rootwrap_filters }}
- {{- $filePrefix := replace "_" "-"  $key }}
-   {{ printf "%s.filters" $filePrefix }}: {{ $value.content | b64enc }}
-diff --git a/cinder/templates/deployment-volume.yaml b/cinder/templates/deployment-volume.yaml
-index 20dcb4f41..98d3121e1 100644
---- a/cinder/templates/deployment-volume.yaml
-+++ b/cinder/templates/deployment-volume.yaml
-@@ -188,6 +188,10 @@ spec:
-               mountPath: /etc/cinder/conf/backends.conf
-               subPath: backends.conf
-               readOnly: true
-+            - name: cinder-etc
-+              mountPath: /etc/cinder/nfs.shares
-+              subPath: nfs.shares
-+              readOnly: true
-             {{- if eq "true" (include "cinder.utils.has_ceph_backend" $envAll) }}
-             - name: etcceph
-               mountPath: /etc/ceph
-diff --git a/cinder/values.yaml b/cinder/values.yaml
-index 8179fc8f6..166ea2713 100644
---- a/cinder/values.yaml
-+++ b/cinder/values.yaml
-@@ -773,6 +773,10 @@ conf:
- 
-         # initiator/connector.py:
-         drv_cfg: CommandFilter, /opt/emc/scaleio/sdc/bin/drv_cfg, root, /opt/emc/scaleio/sdc/bin/drv_cfg, --query_guid
-+
-+  nfs_shares: |
-+    # This file is used to host the NFS Shares for the NetApp volume backend
-+    127.0.0.1:/nfs_volume
-   ceph:
-     override:
-     append:
-@@ -945,6 +949,28 @@ conf:
-       image_volume_cache_enabled: true
-       image_volume_cache_max_size_gb: 200
-       image_volume_cache_max_count: 50
-+    netapp-nfs:
-+      volume_driver: cinder.volume.drivers.netapp.common.NetAppDriver
-+      volume_backend_name: netapp-nfs
-+      netapp_storage_protocol: nfs
-+      netapp_server_hostname: 127.0.0.1
-+      netapp_server_port: 80
-+      netapp_login: netapp-login
-+      netapp_password: netapp-password
-+      netapp_vserver: netapp-vserver
-+      netapp_storage_family: ontap_cluster
-+      nfs_shares_config: /etc/cinder/nfs.shares
-+      nfs_mount_options: nolock
-+    netapp-iscsi:
-+      volume_driver: cinder.volume.drivers.netapp.common.NetAppDriver
-+      volume_backend_name: netapp-iscsi
-+      netapp_storage_protocol: iscsi
-+      netapp_server_hostname: 127.0.0.1
-+      netapp_server_port: 80
-+      netapp_login: netapp-login
-+      netapp_password: netapp-password
-+      netapp_vserver: netapp-vserver
-+      netapp_storage_family: ontap_cluster
-   rally_tests:
-     run_tempest: false
-     clean_up: |
--- 
-2.43.0
-

upstream/helm-charts/openstack-helm/debian/deb_folder/patches/OSH-0019-Add-cluster-host-ip-env-var-to-nova.patch

@@ -1,129 +0,0 @@
-From b2f6c53c2d6378be816a6d966faca9f054cd3e98 Mon Sep 17 00:00:00 2001
-From: marantes <murillo.arantes@windriver.com>
-Date: Fri, 3 Jan 2025 16:04:17 -0300
-Subject: [PATCH] Add cluster host ip env var to nova
-
-This patch reads the Nova configurations from /etc/nova/nova.conf and
-writes them to a new Nova configuration file located at
-/tmp/pod-shared/nova.conf, with the only difference being that the
-fields DEFAULT.my_ip, vnc.server_listen, vnc.server_proxyclient_address
-and libvirt.live_migration_inbound_addr will be updated to contain the
-cluster host IP configured in a environment variable. This new
-configuration file will be used by the Nova compute container.
-
-This patch aims to assist in the task of changing the IP acquisition
-method for Nova compute pods from the Nova plugin to an environment
-variable-based approach that will provide the cluster host IP address
-to the Nova compute container. Since the Nova configuration file
-located at /etc/nova is read-only, the solution of creating a new
-configuration file was used, following a similar approach that is
-already followed by other Nova configuration files using this path
-(nova-console.conf, nova-hypervisor.conf and nova-libvirt.conf).
-
-Signed-off-by: Murillo Arantes <murillo.arantes@windriver.com>
-[ upversioned of changes to openstack-helm for epoxy release ]
-Signed-off-by: cfigueir <carlos.figueiredofelipe@windriver.com>
----
- nova/templates/bin/_nova-compute.sh.tpl | 51 ++++++++++++++++++++++++-
- nova/templates/daemonset-compute.yaml   |  8 +++-
- 2 files changed, 56 insertions(+), 3 deletions(-)
-
-diff --git a/nova/templates/bin/_nova-compute.sh.tpl b/nova/templates/bin/_nova-compute.sh.tpl
-index 702e3b921..116f41a61 100644
---- a/nova/templates/bin/_nova-compute.sh.tpl
-+++ b/nova/templates/bin/_nova-compute.sh.tpl
-@@ -16,8 +16,57 @@ limitations under the License.
- 
- set -ex
- 
-+# Check if environment variable exists
-+if [ -z "$CLUSTER_HOST_IP" ]; then
-+    echo "Error: CLUSTER_HOST_IP environment variable is not set."
-+    exit 1
-+fi
-+
-+# Set input and output files
-+INPUT_FILE="/etc/nova/nova.conf"
-+OUTPUT_FILE="/tmp/pod-shared/nova.conf"
-+
-+# Check if the output directory exists
-+if [ ! -d "$(dirname "$OUTPUT_FILE")" ]; then
-+    echo "Error: Output directory does not exist."
-+    exit 1
-+fi
-+
-+# Set fields to replace with cluster host ip
-+declare -A CONFIG_CHANGES
-+CONFIG_CHANGES["DEFAULT.my_ip"]="$CLUSTER_HOST_IP"
-+CONFIG_CHANGES["vnc.server_listen"]="$CLUSTER_HOST_IP"
-+CONFIG_CHANGES["vnc.server_proxyclient_address"]="$CLUSTER_HOST_IP"
-+CONFIG_CHANGES["libvirt.live_migration_inbound_addr"]="$CLUSTER_HOST_IP"
-+
-+# Loop through the lines of the input file
-+while IFS="=" read -r line; do
-+    # Check if the line is a section
-+    if [[ "$line" =~ ^\[.*\]$ ]]; then
-+        section="${line//[\[\]]/}"  # Get section name by stripping brackets
-+    fi
-+
-+    # Loop through the dictionary of field.section and update the values
-+    for field_section in "${!CONFIG_CHANGES[@]}"; do
-+        section_name="${field_section%%.*}"   # Extract section (before the dot)
-+        field_name="${field_section#*.}"     # Extract field (after the dot)
-+        new_value="${CONFIG_CHANGES[$field_section]}"
-+
-+        # If we are in the correct section, update the field value
-+        if [[ "$section" == "$section_name" && "$line" =~ ^$field_name\ = ]]; then
-+            line="$field_name = $new_value"
-+        fi
-+    done
-+
-+    # Write the line (modified or unmodified) to the output file
-+    if ! echo "$line" >> "$OUTPUT_FILE"; then
-+        echo "Error: Failed to write to output file."
-+        exit 1
-+    fi
-+done < "$INPUT_FILE"
-+
- exec nova-compute \
--      --config-file /etc/nova/nova.conf \
-+      --config-file /tmp/pod-shared/nova.conf \
- {{- if .Values.console.address_search_enabled }}
-       --config-file /tmp/pod-shared/nova-console.conf \
- {{- end }}
-diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml
-index 0e73eed71..9daf936c8 100644
---- a/nova/templates/daemonset-compute.yaml
-+++ b/nova/templates/daemonset-compute.yaml
-@@ -18,7 +18,7 @@ exec:
-     - python
-     - /tmp/health-probe.py
-     - --config-file
--    - /etc/nova/nova.conf
-+    - /tmp/pod-shared/nova.conf
-     - --service-queue-name
-     - compute
-     - --liveness-probe
-@@ -33,7 +33,7 @@ exec:
-     - python
-     - /tmp/health-probe.py
-     - --config-file
--    - /etc/nova/nova.conf
-+    - /tmp/pod-shared/nova.conf
-     - --service-queue-name
-     - compute
-     {{- if .Values.pod.use_fqdn.compute }}
-@@ -313,6 +313,10 @@ spec:
-               value: "{{ .Values.pod.probes.rpc_timeout }}"
-             - name: RPC_PROBE_RETRIES
-               value: "{{ .Values.pod.probes.rpc_retries }}"
-+            - name: CLUSTER_HOST_IP
-+              valueFrom:
-+                fieldRef:
-+                  fieldPath: status.hostIP
- {{- if or .Values.manifests.certificates .Values.tls.identity }}
-             - name: REQUESTS_CA_BUNDLE
-               value: "/etc/ssl/certs/openstack-helm.crt"
--- 
-2.43.0
-

upstream/helm-charts/openstack-helm/debian/deb_folder/patches/OSH-0023-Change-uWSGI-socket-to-allow-IPv6-binding.patch

@@ -1,127 +0,0 @@
-From 3310ceaae3ae5b87bce79417fbe3f28d8c00a8c4 Mon Sep 17 00:00:00 2001
-From: Daniel Caires <DanielMarques.Caires@windriver.com>
-Date: Fri, 11 Apr 2025 15:17:27 -0300
-Subject: [PATCH] Change uWSGI socket to allow IPv6 binding
-
-Some OSH services which uses uWSGI are currently not
-capable of deploying in an IPv6 system. The template
-for these Helm charts set an IPv4 default IP address
-which makes the service unable to bind with IPv6
-addresses.
-
-This patch changes the default value for the IP, from
-0.0.0.0 to [::], in the http-socket config for uWSGI.
-This change aims to allow binding not only with IPv4
-IPs but IPv6 IPs as well.
-
-Change-Id: I0e3bca24a121bb94149f2fc13320a0d16f06936b
-[ upversioned of changes to openstack-helm for epoxy release ]
-Signed-off-by: cfigueir <carlos.figueiredofelipe@windriver.com>
----
- barbican/templates/configmap-etc.yaml | 2 +-
- cinder/templates/configmap-etc.yaml   | 2 +-
- glance/templates/configmap-etc.yaml   | 2 +-
- heat/templates/configmap-etc.yaml     | 4 ++--
- neutron/templates/configmap-etc.yaml  | 2 +-
- nova/templates/configmap-etc.yaml     | 4 ++--
- 6 files changed, 8 insertions(+), 8 deletions(-)
-
-diff --git a/barbican/templates/configmap-etc.yaml b/barbican/templates/configmap-etc.yaml
-index 2b9762e82..a86a71b64 100644
---- a/barbican/templates/configmap-etc.yaml
-+++ b/barbican/templates/configmap-etc.yaml
-@@ -69,7 +69,7 @@ limitations under the License.
- 
- {{- if empty (index .Values.conf.barbican_api_uwsgi.uwsgi "http-socket") -}}
- {{- $http_socket_port := tuple "key_manager" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | toString }}
--{{- $http_socket := printf "0.0.0.0:%s" $http_socket_port }}
-+{{- $http_socket := printf "[::]:%s" $http_socket_port }}
- {{- $_ := set .Values.conf.barbican_api_uwsgi.uwsgi "http-socket" $http_socket -}}
- {{- end -}}
- 
-diff --git a/cinder/templates/configmap-etc.yaml b/cinder/templates/configmap-etc.yaml
-index 685966fe1..b567f4b18 100644
---- a/cinder/templates/configmap-etc.yaml
-+++ b/cinder/templates/configmap-etc.yaml
-@@ -145,7 +145,7 @@ limitations under the License.
- {{- end -}}
- {{- if empty (index .Values.conf.cinder_api_uwsgi.uwsgi "http-socket") -}}
- {{- $http_socket_port := tuple "volume" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | toString }}
--{{- $http_socket := printf "0.0.0.0:%s" $http_socket_port }}
-+{{- $http_socket := printf "[::]:%s" $http_socket_port }}
- {{- $_ := set .Values.conf.cinder_api_uwsgi.uwsgi "http-socket" $http_socket -}}
- {{- end -}}
- 
-diff --git a/glance/templates/configmap-etc.yaml b/glance/templates/configmap-etc.yaml
-index 8ce851563..70dfd0402 100644
---- a/glance/templates/configmap-etc.yaml
-+++ b/glance/templates/configmap-etc.yaml
-@@ -99,7 +99,7 @@ limitations under the License.
- {{- end -}}
- {{- if empty (index .Values.conf.glance_api_uwsgi.uwsgi "http-socket") -}}
- {{- $http_socket_port := tuple "image" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | toString }}
--{{- $http_socket := printf "0.0.0.0:%s" $http_socket_port }}
-+{{- $http_socket := printf "[::]:%s" $http_socket_port }}
- {{- $_ := set .Values.conf.glance_api_uwsgi.uwsgi "http-socket" $http_socket -}}
- {{- end -}}
- 
-diff --git a/heat/templates/configmap-etc.yaml b/heat/templates/configmap-etc.yaml
-index b90bba6e5..e86bf60ee 100644
---- a/heat/templates/configmap-etc.yaml
-+++ b/heat/templates/configmap-etc.yaml
-@@ -124,7 +124,7 @@ limitations under the License.
- {{- end -}}
- {{- if empty (index .Values.conf.heat_api_uwsgi.uwsgi "http-socket") -}}
- {{- $http_socket_port := tuple "orchestration" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | toString }}
--{{- $http_socket := printf "0.0.0.0:%s" $http_socket_port }}
-+{{- $http_socket := printf "[::]:%s" $http_socket_port }}
- {{- $_ := set .Values.conf.heat_api_uwsgi.uwsgi "http-socket" $http_socket -}}
- {{- end -}}
- 
-@@ -133,7 +133,7 @@ limitations under the License.
- {{- end -}}
- {{- if empty (index .Values.conf.heat_api_cfn_uwsgi.uwsgi "http-socket") -}}
- {{- $http_socket_port := tuple "cloudformation" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | toString }}
--{{- $http_socket := printf "0.0.0.0:%s" $http_socket_port }}
-+{{- $http_socket := printf "[::]:%s" $http_socket_port }}
- {{- $_ := set .Values.conf.heat_api_cfn_uwsgi.uwsgi "http-socket" $http_socket -}}
- {{- end -}}
- 
-diff --git a/neutron/templates/configmap-etc.yaml b/neutron/templates/configmap-etc.yaml
-index df1fe525d..7066405df 100644
---- a/neutron/templates/configmap-etc.yaml
-+++ b/neutron/templates/configmap-etc.yaml
-@@ -190,7 +190,7 @@ limitations under the License.
- {{- end -}}
- {{- if empty (index .Values.conf.neutron_api_uwsgi.uwsgi "http-socket") -}}
- {{- $http_socket_port := tuple "network" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | toString }}
--{{- $http_socket := printf "0.0.0.0:%s" $http_socket_port }}
-+{{- $http_socket := printf "[::]:%s" $http_socket_port }}
- {{- $_ := set .Values.conf.neutron_api_uwsgi.uwsgi "http-socket" $http_socket -}}
- {{- end -}}
- 
-diff --git a/nova/templates/configmap-etc.yaml b/nova/templates/configmap-etc.yaml
-index 220db538a..6de893719 100644
---- a/nova/templates/configmap-etc.yaml
-+++ b/nova/templates/configmap-etc.yaml
-@@ -290,7 +290,7 @@ limitations under the License.
- {{- end -}}
- {{- if empty (index .Values.conf.nova_api_uwsgi.uwsgi "http-socket") -}}
- {{- $http_socket_port := tuple "compute" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | toString }}
--{{- $http_socket := printf "0.0.0.0:%s" $http_socket_port }}
-+{{- $http_socket := printf "[::]:%s" $http_socket_port }}
- {{- $_ := set .Values.conf.nova_api_uwsgi.uwsgi "http-socket" $http_socket -}}
- {{- end -}}
- 
-@@ -299,7 +299,7 @@ limitations under the License.
- {{- end -}}
- {{- if empty (index .Values.conf.nova_metadata_uwsgi.uwsgi "http-socket") -}}
- {{- $http_socket_port := .Values.network.metadata.port | toString }}
--{{- $http_socket := printf "0.0.0.0:%s" $http_socket_port }}
-+{{- $http_socket := printf "[::]:%s" $http_socket_port }}
- {{- $_ := set .Values.conf.nova_metadata_uwsgi.uwsgi "http-socket" $http_socket -}}
- {{- end -}}
- 
--- 
-2.43.0
-

upstream/helm-charts/openstack-helm/debian/deb_folder/patches/OSH-0024-Enable-ceph-pool-creation-for-AIO-systems.patch

@@ -1,31 +0,0 @@
-From 90e34925e8c5ccf8347951c0c3c13c88f243f57f Mon Sep 17 00:00:00 2001
-From: Alex Figueiredo <alex.fernandesfigueiredo@windriver.com>
-Date: Wed, 2 Apr 2025 11:20:52 -0300
-Subject: [PATCH] Enable ceph pool creation for AIO systems
-
-The ceph admin tool/CLI requires the option "--yes-i-really-mean-it" to enable
-the storage init job to set the pool size to 1 for AIO-SX deployments.
-
-Signed-off-by: Alex Figueiredo <alex.fernandesfigueiredo@windriver.com>
-[ upversioned of changes to openstack-helm for epoxy release ]
-Signed-off-by: cfigueir <carlos.figueiredofelipe@windriver.com>
----
- nova/templates/bin/_storage-init.sh.tpl | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/nova/templates/bin/_storage-init.sh.tpl b/nova/templates/bin/_storage-init.sh.tpl
-index cb3505d48..70c71a9f4 100644
---- a/nova/templates/bin/_storage-init.sh.tpl
-+++ b/nova/templates/bin/_storage-init.sh.tpl
-@@ -34,7 +34,7 @@ if [ "x$STORAGE_BACKEND" == "xrbd" ]; then
-     fi
-     size_protection=$(ceph osd pool get $1 nosizechange | cut -f2 -d: | tr -d '[:space:]')
-     ceph osd pool set $1 nosizechange 0
--    ceph osd pool set $1 size ${RBD_POOL_REPLICATION}
-+    ceph osd pool set $1 size ${RBD_POOL_REPLICATION} --yes-i-really-mean-it
-     ceph osd pool set $1 nosizechange ${size_protection}
-     ceph osd pool set $1 crush_rule "${RBD_POOL_CRUSH_RULE}"
-   }
--- 
-2.43.0
-

upstream/helm-charts/openstack-helm/debian/deb_folder/patches/OSH-0025-Add-IPv6-compatibility-to-neutron-openvswitch-agent.patch

@@ -1,124 +0,0 @@
-From 47d7c6a9de2e82a2bb00cf67d3a94870a9c441b9 Mon Sep 17 00:00:00 2001
-From: Ingo Almendros Girao <ingo.almendrosgirao@windriver.com>
-Date: Thu, 24 Jul 2025 23:08:32 -0300
-Subject: [PATCH] Add IPv6 compatibility to neutron openvswitch agent
-
-This change adds automatic IP version detection to the neutron OVS
-agent initialization script.
-The fix introduces IP version auto-detection functions that
-dynamically choose between IPv4 and IPv6 commands based on the
-tunnel network CIDR format.
-
-Signed-off-by: Ingo Almendros Girao <ingo.almendrosgirao@windriver.com>
-
-[ fix IPv6 detection ]
-
-Added a verification of cidr before get the tunnel interface
-
-Signed-off-by: Ingo Almendros Girao <ingo.almendrosgirao@windriver.com>
-
-[ Removes IPv4 interfaces check from IPv6 detection]
-
-The platform's network interfaces are visible from ovs-agent container.
-Therefore, when OVS is deployed on IPv6 networks but the underlying platform
-uses IPv4 interfaces for any other purpose (e.g., PXE boot), the previous
-script would erroneously consider it an IPv4 deployment.
-
-This fix removes IPv4 interfaces check (ip -4 addr show) from the IPv6 detection
-procedure, keeping it based only on IPv6 interface check (ip -6 addr show ).
-
-Signed-off-by: Alex Figueiredo <alex.fernandesfigueiredo@windriver.com>
-[ upversioned of changes to openstack-helm for epoxy release ]
-Signed-off-by: cfigueir <carlos.figueiredofelipe@windriver.com>
----
- .../_neutron-openvswitch-agent-init.sh.tpl    | 60 ++++++++++++++++++-
- 1 file changed, 57 insertions(+), 3 deletions(-)
-
-diff --git a/neutron/templates/bin/_neutron-openvswitch-agent-init.sh.tpl b/neutron/templates/bin/_neutron-openvswitch-agent-init.sh.tpl
-index bd0a64ac8..8e2c25e7c 100644
---- a/neutron/templates/bin/_neutron-openvswitch-agent-init.sh.tpl
-+++ b/neutron/templates/bin/_neutron-openvswitch-agent-init.sh.tpl
-@@ -24,6 +24,49 @@ OVS_PID=$(cat /run/openvswitch/ovs-vswitchd.pid)
- OVS_CTL=/run/openvswitch/ovs-vswitchd.${OVS_PID}.ctl
- chown neutron: ${OVS_CTL}
- 
-+# IPv6/IPv4 compatibility functions
-+function detect_ip_version {
-+  local cidr="$1"
-+  if [[ "$cidr" == *":"* ]]; then
-+    echo "6"
-+  else
-+    echo "4"
-+  fi
-+}
-+
-+function get_tunnel_interface_fixed {
-+  local cidr="$1"
-+
-+  if [[ "$cidr" == "0/0" ]]; then
-+    if ip -6 addr show | grep -q "inet6.*scope global"; then
-+        cidr="::/0"
-+    fi
-+  fi
-+
-+  local ip_version=$(detect_ip_version "$cidr")
-+
-+  if [[ "$ip_version" == "6" ]]; then
-+    if [[ "$cidr" == "::/0" ]]; then
-+      ip -6 route show default | awk '/dev/ { print $5; exit }'
-+    else
-+      ip -6 route show "$cidr" | awk '/dev/ { print $3; exit }'
-+    fi
-+  else
-+    ip -4 route list "$cidr" | awk -F dev '{ print $2; exit }' | awk '{ print $1 }'
-+  fi
-+}
-+
-+function get_ip_address_from_interface_fixed {
-+  local interface=$1
-+  local ip_version="$2"
-+
-+  if [[ "$ip_version" == "6" ]]; then
-+    ip -6 -o addr show "$interface" | awk '/scope global/ { print $4; exit }' | awk -F/ '{ print $1 }'
-+  else
-+    ip -4 -o addr s "${interface}" | awk '{ print $4; exit }' | awk -F '/' 'NR==1 {print $1}'
-+  fi
-+}
-+
- function get_dpdk_config_value {
-   values=${@:1:$#-1}
-   filter=${!#}
-@@ -452,8 +495,11 @@ if [[ -n "${tunnel_types}" ]] ; then
-             tunnel_network_cidr="0/0"
-         fi
-         # If there is not tunnel network gateway, exit
--        tunnel_interface=$(ip -4 route list ${tunnel_network_cidr} | awk -F 'dev' '{ print $2; exit }' \
--            | awk '{ print $1 }') || exit 1
-+        tunnel_interface=$(get_tunnel_interface_fixed "${tunnel_network_cidr}")
-+        if [ -z "${tunnel_interface}" ] ; then
-+            echo "Could not find tunnel interface for CIDR: ${tunnel_network_cidr}"
-+            exit 1
-+        fi
-     fi
- fi
- 
-@@ -466,7 +512,15 @@ fi
- 
- # determine local-ip dynamically based on interface provided but only if tunnel_types is not null
- if [[ -n "${tunnel_types}" ]] ; then
--  LOCAL_IP=$(get_ip_address_from_interface ${tunnel_interface})
-+  tunnel_network_cidr_corrected="${tunnel_network_cidr}"
-+  if [[ "${tunnel_network_cidr}" == "0/0" ]]; then
-+    if ip -6 addr show | grep -q "inet6.*scope global"; then
-+      tunnel_network_cidr_corrected="::/0"
-+    fi
-+  fi
-+
-+  ip_version=$(detect_ip_version "${tunnel_network_cidr_corrected}")
-+  LOCAL_IP=$(get_ip_address_from_interface_fixed ${tunnel_interface} ${ip_version})
-   if [ -z "${LOCAL_IP}" ] ; then
-     echo "Var LOCAL_IP is empty"
-     exit 1
--- 
-2.43.0
-