feat: nautobot operator

.dockerignore

@@ -1 +1 @@
-.venv
+./python/understack-tests/.venv/

.github/workflows/build-container-images.yaml

@@ -30,7 +30,7 @@ jobs:
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3
+        uses: docker/setup-buildx-action@18ce135bb5112fa8ce4ed6c17ab05699d7f3a5e0 # v3
 
       - name: Login to ghcr.io
         uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3
@@ -43,7 +43,7 @@ jobs:
         uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6
         with:
           context: containers/python311_alpine/
-          file: containers/python311_alpine/Dockerfile
+          file: containers/python311_alpine/Dockerfile.python311_alpine
           # push for all main branch commits
           push: ${{ github.event_name != 'pull_request' }}
           tags: ghcr.io/${{ github.repository }}/argo-python3.11.8-alpine3.19:latest,ghcr.io/${{ github.repository }}/argo-python3.11.8-alpine3.19:${{ env.VERSION_PYTHON311 }}
@@ -54,7 +54,7 @@ jobs:
         uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6
         with:
           context: containers/python312_alpine/
-          file: containers/python312_alpine/Dockerfile
+          file: containers/python312_alpine/Dockerfile.python312_alpine
           # push for all main branch commits
           push: ${{ github.event_name != 'pull_request' }}
           tags: ghcr.io/${{ github.repository }}/argo-python3.12.2-alpine3.19:latest,ghcr.io/${{ github.repository }}/argo-python3.12.2-alpine3.19:${{ env.VERSION_PYTHON312 }}

.github/workflows/build-dexop.yaml

@@ -18,7 +18,7 @@ jobs:
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3
+        uses: docker/setup-buildx-action@18ce135bb5112fa8ce4ed6c17ab05699d7f3a5e0 # v3
 
       - name: Login to ghcr.io
         uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3

.github/workflows/code-test.yaml

@@ -26,14 +26,13 @@ jobs:
       projects: ${{ steps.set-projects.outputs.projects }}
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-      - name: Find all projects with pyproject.toml
+      - name: Find all Python projects with pyproject.toml
         id: set-projects
         run: |
           # grabs all paths with pyproject.toml, snips the 2nd dir, grabs only unique ones, makes a JSON list
           projects=$(find python -mindepth 2 ! -wholename 'python/understack-tests/*' -name pyproject.toml | awk -F/ '{print $2}' | sort -u | jq -R -s -c 'split("\n")[:-1]')
           echo "projects=$projects" >> "$GITHUB_OUTPUT"
-
-  uv:
+  python:
     needs: [discover]
     runs-on: ubuntu-latest
 
@@ -47,22 +46,22 @@ jobs:
 
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-      - uses: astral-sh/setup-uv@bd01e18f51369d5a26f1651c3cb451d3417e3bba # v6
+      - run: pipx install poetry==1.7.1 && poetry self add 'poetry-dynamic-versioning[plugin]'
       - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
         with:
           python-version-file: python/${{ matrix.project }}/pyproject.toml
-      - run: uv sync
-      - run: uv build --wheel
-      - run: "uv run pytest --cov --cov-report xml:coverage.xml"
+          cache: "poetry"
+      - run: poetry install --sync --with test
+      - run: poetry build
+      - run: "poetry run pytest --cov --cov-report xml:coverage.xml"
       - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
         with:
           name: coverage-${{ matrix.project }}
           path: python/${{ matrix.project }}/coverage.xml
           retention-days: 1
 
-
   coverage-upload:
-    needs: [uv]
+    needs: python
     runs-on: ubuntu-latest
     steps:
       - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4

.github/workflows/containers.yaml

@@ -33,11 +33,11 @@ jobs:
     strategy:
       matrix:
         # if you add a container here, add it to the 'clean_containers' job below
-        project: [ironic, neutron, keystone, nova, openstack-client, cinder]
+        project: [ironic, neutron, keystone, nova, openstack-client]
 
     steps:
       - name: setup docker buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3
+        uses: docker/setup-buildx-action@18ce135bb5112fa8ce4ed6c17ab05699d7f3a5e0 # v3
       - name: login to ghcr.io
         uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3
         with:
@@ -66,7 +66,7 @@ jobs:
       - name: build and deploy openstack container image to registry
         uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6
         with:
-          file: containers/${{ matrix.project }}/Dockerfile
+          file: containers/${{ matrix.project }}/Dockerfile.${{ matrix.project }}
           build-args: OPENSTACK_VERSION=${{ env.OPENSTACK_VERSION }}
           pull: true  # ensure we always have an up to date source
           push: true
@@ -80,7 +80,7 @@ jobs:
 
     steps:
       - name: setup docker buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3
+        uses: docker/setup-buildx-action@18ce135bb5112fa8ce4ed6c17ab05699d7f3a5e0 # v3
       - name: login to ghcr.io
         uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3
         with:
@@ -110,7 +110,7 @@ jobs:
         uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6
         with:
           context: "{{defaultContext}}:containers/dnsmasq"
-          file: Dockerfile
+          file: Dockerfile.dnsmasq
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
@@ -130,7 +130,7 @@ jobs:
 
     steps:
       - name: setup docker buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3
+        uses: docker/setup-buildx-action@18ce135bb5112fa8ce4ed6c17ab05699d7f3a5e0 # v3
       - name: login to ghcr.io
         uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3
         with:
@@ -159,7 +159,7 @@ jobs:
       - name: build and deploy container image to registry
         uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6
         with:
-          file: containers/${{ matrix.container.name }}/Dockerfile
+          file: containers/${{ matrix.container.name }}/Dockerfile.${{ matrix.container.name }}
           pull: true  # ensure we always have an up to date source
           push: true
           tags: ${{ steps.meta.outputs.tags }}

.github/workflows/typos.yaml

@@ -15,6 +15,6 @@ jobs:
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
       - name: Typos Spell Checker
-        uses: crate-ci/typos@392b78fe18a52790c53f42456e46124f77346842 # v1.34.0
+        uses: crate-ci/typos@b1ae8d918b6e85bd611117d3d9a3be4f903ee5e4 # v1.33.1
         with:
           config: ./.typos.toml

.github/workflows/yamllint.yaml

@@ -19,7 +19,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-      - uses: azure/setup-kubectl@776406bce94f63e41d621b960d78ee25c8b76ede # v4
+      - uses: azure/setup-kubectl@3e0aec4d80787158d308d7b364cb1b702e7feb7f # v4
       - uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0
       - uses: bmuschko/setup-kubeconform@5ccaecbbf012bcb1eeeab66e649db64a477ade8f # v1
       - name: validate kustomize with kubeconform

.gitignore

@@ -30,3 +30,10 @@ docs/workflows/
 
 # mkdocs site output
 site/
+
+# Editor Specific
+.DS_Store
+.zed
+.idea
+.vscode
+.kiro

.pre-commit-config.yaml

@@ -59,28 +59,19 @@ repos:
           - ansible
           - jmespath
         files: '^ansible/.*'
-  - repo: https://github.com/astral-sh/uv-pre-commit
-    # uv version.
-    rev: 0.7.13
+  - repo: https://github.com/python-poetry/poetry
+    rev: '2.1.3'
     hooks:
-      - id: uv-lock
-        name: cinder-understack
-        args: ["-D", "python/cinder-understack"]
-      - id: uv-lock
-        name: diff-nautobot-understack
-        args: ["-D", "python/diff-nautobot-understack"]
-      - id: uv-lock
-        name: ironic-understack
-        args: ["-D", "python/ironic-understack"]
-      - id: uv-lock
-        name: neutron-understack
-        args: ["-D", "python/neutron-understack"]
-      - id: uv-lock
-        name: understack-flavor-matcher
-        args: ["-D", "python/understack-flavor-matcher"]
-      - id: uv-lock
-        name: understack-workflows
-        args: ["-D", "python/understack-workflows"]
+      - id: poetry-check
+        language_version: "3.11"
+        name: "poetry-check (understack-workflows)"
+        files: '^python/understack-workflows/'
+        args: ["-C", "python/understack-workflows"]
+      - id: poetry-lock
+        language_version: "3.11"
+        name: "poetry-lock (understack-workflows)"
+        files: '^python/understack-workflows/'
+        args: ["-C", "python/understack-workflows"]
   - repo: https://github.com/renovatebot/pre-commit-hooks
     rev: 40.8.1
     hooks:

ansible/requirements.yml

@@ -1,6 +1,6 @@
 collections:
   - name: community.general
-    version: "==10.7.1"
+    version: "==10.7.0"
   - name: openstack.cloud
     version: "==2.4.1"
   - name: networktocode.nautobot

bootstrap/argocd/kustomization.yaml

@@ -14,5 +14,5 @@ helmCharts:
   namespace: argocd
   valuesFile: values.yaml
   releaseName: argo-cd
-  version: 8.1.2
+  version: 8.1.0
   repo: https://argoproj.github.io/argo-helm

components/images-openstack.yaml

@@ -5,12 +5,12 @@ images:
 
   tags:
     # these are common across all these OpenStack Helm installations
-    bootstrap: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
-    db_init: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
-    db_drop: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
-    ks_user: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
-    ks_service: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
-    ks_endpoints: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
+    bootstrap: "docker.io/openstackhelm/heat:2024.2-ubuntu_jammy"
+    db_init: "docker.io/openstackhelm/heat:2024.2-ubuntu_jammy"
+    db_drop: "docker.io/openstackhelm/heat:2024.2-ubuntu_jammy"
+    ks_user: "docker.io/openstackhelm/heat:2024.2-ubuntu_jammy"
+    ks_service: "docker.io/openstackhelm/heat:2024.2-ubuntu_jammy"
+    ks_endpoints: "docker.io/openstackhelm/heat:2024.2-ubuntu_jammy"
 
     # keystone
     keystone_api: "ghcr.io/rackerlabs/understack/keystone:2024.2-ubuntu_jammy"
@@ -29,9 +29,9 @@ images:
     ironic_pxe_http: "docker.io/nginx:1.13.3"
     ironic_db_sync: "ghcr.io/rackerlabs/understack/ironic:2024.2-ubuntu_jammy"
     # these want curl which apparently is in the heat image
-    ironic_manage_cleaning_network: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
-    ironic_retrive_cleaning_network: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
-    ironic_retrive_swift_config: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
+    ironic_manage_cleaning_network: "docker.io/openstackhelm/heat:2024.2-ubuntu_jammy"
+    ironic_retrive_cleaning_network: "docker.io/openstackhelm/heat:2024.2-ubuntu_jammy"
+    ironic_retrive_swift_config: "docker.io/openstackhelm/heat:2024.2-ubuntu_jammy"
 
     # neutron
     neutron_db_sync: "ghcr.io/rackerlabs/understack/neutron:2024.2-ubuntu_jammy"
@@ -50,7 +50,7 @@ images:
     # nova
     nova_api: "ghcr.io/rackerlabs/understack/nova:2024.2-ubuntu_jammy"
     nova_cell_setup: "ghcr.io/rackerlabs/understack/nova:2024.2-ubuntu_jammy"
-    nova_cell_setup_init: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
+    nova_cell_setup_init: "docker.io/openstackhelm/heat:2024.2-ubuntu_jammy"
     nova_compute: "ghcr.io/rackerlabs/understack/nova:2024.2-ubuntu_jammy"
     nova_compute_ironic: "ghcr.io/rackerlabs/understack/nova:2024.2-ubuntu_jammy"
     nova_compute_ssh: "ghcr.io/rackerlabs/understack/nova:2024.2-ubuntu_jammy"
@@ -64,8 +64,8 @@ images:
     nova_service_cleaner: "docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_jammy"
 
     # placement
-    placement: "quay.io/airshipit/placement:2024.2-ubuntu_jammy"
-    placement_db_sync: "quay.io/airshipit/placement:2024.2-ubuntu_jammy"
+    placement: "docker.io/openstackhelm/placement:2024.2-ubuntu_jammy"
+    placement_db_sync: "docker.io/openstackhelm/placement:2024.2-ubuntu_jammy"
 
     # openvswitch
     openvswitch_db_server: "docker.io/openstackhelm/openvswitch:ubuntu_jammy-dpdk-20250127"
@@ -90,15 +90,4 @@ images:
     # skyline
     skyline: "quay.io/airshipit/skyline:latest"
     skyline_db_sync: "quay.io/airshipit/skyline:latest"
-
-    # cinder
-    cinder_api: "ghcr.io/rackerlabs/understack/cinder:2024.2-ubuntu_jammy"
-    cinder_db_sync: "ghcr.io/rackerlabs/understack/cinder:2024.2-ubuntu_jammy"
-    cinder_scheduler: "ghcr.io/rackerlabs/understack/cinder:2024.2-ubuntu_jammy"
-    cinder_volume: "ghcr.io/rackerlabs/understack/cinder:2024.2-ubuntu_jammy"
-    cinder_volume_usage_audit: "ghcr.io/rackerlabs/understack/cinder:2024.2-ubuntu_jammy"
-    cinder_db_purge: "ghcr.io/rackerlabs/understack/cinder:2024.2-ubuntu_jammy"
-    cinder_backup: "ghcr.io/rackerlabs/understack/cinder:2024.2-ubuntu_jammy"
-    cinder_storage_init: "docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_jammy"
-    cinder_backup_storage_init: "docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_jammy"
 ...

components/ironic/values.yaml

@@ -22,12 +22,12 @@ conductor:
     # it is only necessary because the above pxe is disabled, its init
     # creates this path
     - name: create-tftpboot
-      image: quay.io/airshipit/heat:2024.2-ubuntu_jammy
+      image: docker.io/openstackhelm/heat:2024.2-ubuntu_jammy
       imagePullPolicy: IfNotPresent
       command: [bash]
       args:
         - "-c"
-        - "mkdir -p /var/lib/openstack-helm/tftpboot /var/lib/openstack-helm/tmp"
+        - "mkdir -p /var/lib/openstack-helm/tftpboot"
       volumeMounts:
         - name: pod-data
           mountPath: /var/lib/openstack-helm
@@ -117,14 +117,6 @@ endpoints:
             name: understack-cluster-issuer
             kind: ClusterIssuer
 
-secrets:
-  tls:
-    baremetal:
-      api:
-        # needs to be kept in sync with secretName in the host_fqdn_override
-        # because helm-toolkit checks one field but then uses the other
-        public: ironic-tls-public
-
 network:
   api:
     ingress:

components/openstack-admin-client/openstack-admin-client.yaml

@@ -7,7 +7,7 @@ spec:
   restartPolicy: Always
   containers:
     - name: "image-ks-service-registration"
-      image: quay.io/airshipit/heat:2024.1-ubuntu_jammy
+      image: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
       imagePullPolicy: IfNotPresent
       command:
         - sleep

components/openstack-secrets.tpl.yaml

@@ -137,4 +137,29 @@ endpoints:
     host_fqdn_override:
       public:
         host: horizon.${DNS_ZONE}
+
+# necessary cause the ingress definition in openstack-helm-infra helm-toolkit hardcodes this
+secrets:
+  tls:
+    baremetal:
+      api:
+        public: ironic-tls-public
+    image:
+      api:
+        public: glance-tls-public
+    identity:
+      api:
+        public: keystone-tls-public
+    network:
+      server:
+        public: neutron-tls-public
+    compute:
+      osapi:
+        public: nova-tls-public
+    placement:
+      api:
+        public: placement-tls-public
+    dashboard:
+      dashboard:
+        public: horizon-tls-public
 ...