mumesan
diff --git a/‎.github/workflows/force-bump-pr-manual.yaml‎
Lines changed: 13 additions & 0 deletions b/‎.github/workflows/force-bump-pr-manual.yaml‎
Lines changed: 13 additions & 0 deletions
diff --git a/‎.github/workflows/force-bump-pr-scheduled.yaml‎
Lines changed: 14 additions & 0 deletions b/‎.github/workflows/force-bump-pr-scheduled.yaml‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎controllers/ironicinspector_controller.go‎
Lines changed: 48 additions & 40 deletions b/‎controllers/ironicinspector_controller.go‎
Lines changed: 48 additions & 40 deletions
diff --git a/‎pkg/ironicinspector/dbsync.go‎
Lines changed: 0 additions & 12 deletions b/‎pkg/ironicinspector/dbsync.go‎
Lines changed: 0 additions & 12 deletions
diff --git a/‎pkg/ironicinspector/statefulset.go‎
Lines changed: 0 additions & 30 deletions b/‎pkg/ironicinspector/statefulset.go‎
Lines changed: 0 additions & 30 deletions
diff --git a/‎pkg/ironicinspector/volumes.go‎
Lines changed: 4 additions & 58 deletions b/‎pkg/ironicinspector/volumes.go‎
Lines changed: 4 additions & 58 deletions
@@ -0,0 +1,13 @@
+name: Manually Trigger a Force Bump PR
+
+on:
+  workflow_dispatch:
+
+jobs:
+  call-build-workflow:
+    uses: openstack-k8s-operators/openstack-k8s-operators-ci/.github/workflows/force-bump-pull-request.yaml@main
+    with:
+      operator_name: ironic
+      branch_name: ${{ github.ref_name }}
+    secrets:
+      FORCE_BUMP_PULL_REQUEST_PAT: ${{ secrets.FORCE_BUMP_PULL_REQUEST_PAT }}
@@ -0,0 +1,14 @@
+name: Scheduled Force Bump PR
+
+on:
+  schedule:
+    - cron: '0 3 * * 6'  # 3AM UTC Saturday
+
+jobs:
+  call-build-workflow:
+    if: github.ref == 'refs/heads/main' && github.repository_owner == 'openstack-k8s-operators'
+    uses: openstack-k8s-operators/openstack-k8s-operators-ci/.github/workflows/force-bump-branches.yaml@main
+    with:
+      operator_name: ironic
+    secrets:
+      FORCE_BUMP_PULL_REQUEST_PAT: ${{ secrets.FORCE_BUMP_PULL_REQUEST_PAT }}
@@ -33,6 +33,7 @@ import (
 	job "github.com/openstack-k8s-operators/lib-common/modules/common/job"
 	nad "github.com/openstack-k8s-operators/lib-common/modules/common/networkattachment"
 	common_rbac "github.com/openstack-k8s-operators/lib-common/modules/common/rbac"
+	"github.com/openstack-k8s-operators/lib-common/modules/common/secret"
 	oko_secret "github.com/openstack-k8s-operators/lib-common/modules/common/secret"
 	"github.com/openstack-k8s-operators/lib-common/modules/common/service"
 	"github.com/openstack-k8s-operators/lib-common/modules/common/statefulset"
@@ -415,6 +416,22 @@ func (r *IronicInspectorReconciler) findObjectsForSrc(ctx context.Context, src c
 	return requests
 }
 
+func (r *IronicInspectorReconciler) getTransportURL(
+	ctx context.Context,
+	h *helper.Helper,
+	instance *ironicv1.IronicInspector,
+) (string, error) {
+	transportURLSecret, _, err := secret.GetSecret(ctx, h, instance.Status.TransportURLSecret, instance.Namespace)
+	if err != nil {
+		return "", err
+	}
+	transportURL, ok := transportURLSecret.Data["transport_url"]
+	if !ok {
+		return "", fmt.Errorf("transport_url %w Transport Secret", util.ErrNotFound)
+	}
+	return string(transportURL), nil
+}
+
 func (r *IronicInspectorReconciler) reconcileTransportURL(
 	ctx context.Context,
 	instance *ironicv1.IronicInspector,
@@ -589,15 +606,9 @@ func (r *IronicInspectorReconciler) reconcileConfigMapsAndSecrets(
 	// calculate an overall hash of hashes
 	//
 
-	//
-	// create Configmap required for ironic input
-	// - %-scripts configmap holding scripts to e.g. bootstrap the service
-	// - %-config configmap holding minimal ironic config required to get the
-	//   service up, user can add additional files to be added to the service
-	// - parameters which has passwords gets added from the OpenStack secret
-	//   via the init container
-	//
-	err = r.generateServiceConfigMaps(
+	// create Secret required for ironicneutronagent input. It contains minimal ironicneutronagent config required
+	// to get the service up, user can add additional files to be added to the service.
+	err = r.generateServiceSecrets(
 		ctx,
 		instance,
 		helper,
@@ -1411,24 +1422,16 @@ func (r *IronicInspectorReconciler) reconcileUpgrade(
 	return ctrl.Result{}, nil
 }
 
-// generateServiceConfigMaps - create create configmaps which hold scripts and service configuration
+// generateServiceSecrets - create secrets which hold service configuration
 // TODO add DefaultConfigOverwrite
-func (r *IronicInspectorReconciler) generateServiceConfigMaps(
+func (r *IronicInspectorReconciler) generateServiceSecrets(
 	ctx context.Context,
 	instance *ironicv1.IronicInspector,
 	h *helper.Helper,
 	envVars *map[string]env.Setter,
 	db *mariadbv1.Database,
 ) error {
-	//
-	// create Configmap/Secret required for ironic-inspector input
-	// - %-scripts configmap holding scripts to e.g. bootstrap the service
-	// - %-config configmap holding minimal ironic-inspector config required
-	//   to get the service up, user can add additional files to be added to
-	//   the service
-	// - parameters which has passwords gets added from the ospSecret via the
-	//   init container
-	//
+	// Create/update secrets from templates
 	cmLabels := labels.GetLabels(
 		instance,
 		labels.GetGroupLabel(ironic.ServiceName),
@@ -1439,13 +1442,11 @@ func (r *IronicInspectorReconciler) generateServiceConfigMaps(
 		tlsCfg = &tls.Service{}
 	}
 	// customData hold any customization for the service.
-	// custom.conf is going to /etc/ironic-inspector/inspector.conf.d
-	// all other files get placed into /etc/ironic-inspector to allow
-	// overwrite of e.g. policy.json.
-	// TODO: make sure custom.conf can not be overwritten
+	// 02-inspector-custom.conf is going to /etc/ironic-inspector/inspector.conf.d
+	// 01-inspector.conf is going to /etc/ironic-inspector/inspector such that it gets loaded before custom one
 	customData := map[string]string{
-		common.CustomServiceConfigFileName: instance.Spec.CustomServiceConfig,
-		"my.cnf":                           db.GetDatabaseClientConfig(tlsCfg), //(mschuppert) for now just get the default my.cnf
+		"02-inspector-custom.conf": instance.Spec.CustomServiceConfig,
+		"my.cnf":                   db.GetDatabaseClientConfig(tlsCfg), //(mschuppert) for now just get the default my.cnf
 	}
 	for key, data := range instance.Spec.DefaultConfigOverwrite {
 		customData[key] = data
@@ -1467,9 +1468,30 @@ func (r *IronicInspectorReconciler) generateServiceConfigMaps(
 			return err
 		}
 
+		transportURL, err := r.getTransportURL(ctx, h, instance)
+		if err != nil {
+			return err
+		}
+
+		ospSecret, _, err := secret.GetSecret(ctx, h, instance.Spec.Secret, instance.Namespace)
+		if err != nil {
+			return err
+		}
+
+		servicePassword := string(ospSecret.Data[instance.Spec.PasswordSelectors.Service])
+
 		templateParameters["ServiceUser"] = instance.Spec.ServiceUser
+		templateParameters["ServicePassword"] = servicePassword
 		templateParameters["KeystoneInternalURL"] = keystoneInternalURL
 		templateParameters["KeystonePublicURL"] = keystonePublicURL
+		templateParameters["TransportURL"] = transportURL
+
+		// Other OpenStack services
+		templateParameters["ServicePassword"] = servicePassword
+		templateParameters["keystone_authtoken"] = servicePassword
+		templateParameters["service_catalog"] = servicePassword
+		templateParameters["ironic"] = servicePassword
+		templateParameters["swift"] = servicePassword
 	} else {
 		ironicAPI, err := ironicv1.GetIronicAPI(
 			ctx, h, instance.Namespace, map[string]string{})
@@ -1516,20 +1538,6 @@ func (r *IronicInspectorReconciler) generateServiceConfigMaps(
 	templateParameters["TimeOut"] = instance.Spec.APITimeout
 
 	cms := []util.Template{
-		// Scripts ConfigMap
-		{
-			Name:         fmt.Sprintf("%s-scripts", instance.Name),
-			Namespace:    instance.Namespace,
-			Type:         util.TemplateTypeScripts,
-			InstanceType: instance.Kind,
-			AdditionalTemplate: map[string]string{
-				"common.sh":      "/common/bin/common.sh",
-				"get_net_ip":     "/common/bin/get_net_ip",
-				"runlogwatch.sh": "/common/bin/runlogwatch.sh",
-				"pxe-init.sh":    "/common/bin/pxe-init.sh",
-			},
-			Labels: cmLabels,
-		},
 		// ConfigMap
 		{
 			Name:          fmt.Sprintf("%s-config-data", instance.Name),
 
@@ -45,13 +45,11 @@ func DbSyncJob(
 
 	volumes := GetVolumes(ironic.ServiceName + "-" + ironic.InspectorComponent)
 	volumeMounts := GetVolumeMounts("db-sync")
-	initVolumeMounts := GetInitVolumeMounts()
 
 	// add CA cert if defined
 	if instance.Spec.TLS.Ca.CaBundleSecretName != "" {
 		volumes = append(volumes, instance.Spec.TLS.CreateVolume())
 		volumeMounts = append(volumeMounts, instance.Spec.TLS.CreateVolumeMounts(nil)...)
-		initVolumeMounts = append(initVolumeMounts, instance.Spec.TLS.CreateVolumeMounts(nil)...)
 	}
 
 	job := &batchv1.Job{
@@ -86,16 +84,6 @@ func DbSyncJob(
 		},
 	}
 
-	initContainerDetails := APIDetails{
-		ContainerImage:       instance.Spec.ContainerImage,
-		DatabaseHost:         instance.Status.DatabaseHostname,
-		DatabaseName:         DatabaseName,
-		OSPSecret:            instance.Spec.Secret,
-		UserPasswordSelector: instance.Spec.PasswordSelectors.Service,
-		VolumeMounts:         initVolumeMounts,
-	}
-	job.Spec.Template.Spec.InitContainers = InitContainer(initContainerDetails)
-
 	if instance.Spec.NodeSelector != nil {
 		job.Spec.Template.Spec.NodeSelector = *instance.Spec.NodeSelector
 	}
 
@@ -148,7 +148,6 @@ func StatefulSet(
 	inspectorVolumeMounts := GetVolumeMounts("ironic-inspector")
 	dnsmasqVolumeMounts := GetVolumeMounts("dnsmasq")
 	ramdiskLogsVolumeMounts := GetVolumeMounts("ramdisk-logs")
-	initVolumeMounts := GetInitVolumeMounts()
 
 	// add CA cert if defined
 	if instance.Spec.TLS.CaBundleSecretName != "" {
@@ -158,7 +157,6 @@ func StatefulSet(
 		httpbootVolumeMounts = append(httpbootVolumeMounts, instance.Spec.TLS.CreateVolumeMounts(nil)...)
 		dnsmasqVolumeMounts = append(dnsmasqVolumeMounts, instance.Spec.TLS.CreateVolumeMounts(nil)...)
 		ramdiskLogsVolumeMounts = append(ramdiskLogsVolumeMounts, instance.Spec.TLS.CreateVolumeMounts(nil)...)
-		initVolumeMounts = append(initVolumeMounts, instance.Spec.TLS.CreateVolumeMounts(nil)...)
 	}
 
 	for _, endpt := range []service.Endpoint{service.EndpointInternal, service.EndpointPublic} {
@@ -335,33 +333,5 @@ func StatefulSet(
 			corev1.LabelHostname,
 		)
 	}
-
-	// init.sh needs to detect and set InspectionNetworkIP
-	inspectorHTTPURL := "http://%(InspectorNetworkIP)s:8088/"
-	if instance.Spec.InspectionNetwork == "" {
-		// Build what the fully qualified Route hostname will be when the Route exists
-		inspectorHTTPURL = "http://%(PodName)s-%(PodNamespace)s.%(IngressDomain)s/"
-	}
-
-	initContainerDetails := APIDetails{
-		ContainerImage:         instance.Spec.ContainerImage,
-		PxeContainerImage:      instance.Spec.PxeContainerImage,
-		IronicPythonAgentImage: instance.Spec.IronicPythonAgentImage,
-		ImageDirectory:         ironic.ImageDirectory,
-		DatabaseHost:           instance.Status.DatabaseHostname,
-		DatabaseName:           DatabaseName,
-		OSPSecret:              instance.Spec.Secret,
-		TransportURLSecret:     instance.Status.TransportURLSecret,
-		UserPasswordSelector:   instance.Spec.PasswordSelectors.Service,
-		VolumeMounts:           initVolumeMounts,
-		PxeInit:                true,
-		IpaInit:                true,
-		Privileged:             true,
-		InspectorHTTPURL:       inspectorHTTPURL,
-		IngressDomain:          ingressDomain,
-		InspectionNetwork:      instance.Spec.InspectionNetwork,
-	}
-	statefulset.Spec.Template.Spec.InitContainers = InitContainer(initContainerDetails)
-
 	return statefulset, nil
 }
@@ -6,34 +6,18 @@ import (
 
 // GetVolumes -
 func GetVolumes(name string) []corev1.Volume {
-	var scriptsVolumeDefaultMode int32 = 0755
 	var config0640AccessMode int32 = 0640
 
 	return []corev1.Volume{
 		{
-			Name: "scripts",
-			VolumeSource: corev1.VolumeSource{
-				Secret: &corev1.SecretVolumeSource{
-					DefaultMode: &scriptsVolumeDefaultMode,
-					SecretName:  name + "-scripts",
-				},
-			},
-		},
-		{
-			Name: "config-data",
+			Name: "config",
 			VolumeSource: corev1.VolumeSource{
 				Secret: &corev1.SecretVolumeSource{
 					DefaultMode: &config0640AccessMode,
 					SecretName:  name + "-config-data",
 				},
 			},
 		},
-		{
-			Name: "config-data-merged",
-			VolumeSource: corev1.VolumeSource{
-				EmptyDir: &corev1.EmptyDirVolumeSource{Medium: ""},
-			},
-		},
 		{
 			Name: "var-lib-ironic",
 			VolumeSource: corev1.VolumeSource{
@@ -65,54 +49,16 @@ func GetVolumes(name string) []corev1.Volume {
 
 }
 
-// GetInitVolumeMounts - Ironic Inspector init task VolumeMounts
-func GetInitVolumeMounts() []corev1.VolumeMount {
-
-	return []corev1.VolumeMount{
-		{
-			Name:      "scripts",
-			MountPath: "/usr/local/bin/container-scripts",
-			ReadOnly:  true,
-		},
-		{
-			Name:      "config-data",
-			MountPath: "/var/lib/config-data/default",
-			ReadOnly:  true,
-		},
-		{
-			Name:      "config-data-merged",
-			MountPath: "/var/lib/config-data/merged",
-			ReadOnly:  false,
-		},
-		{
-			Name:      "var-lib-ironic",
-			MountPath: "/var/lib/ironic",
-			ReadOnly:  false,
-		},
-		{
-			Name:      "etc-podinfo",
-			MountPath: "/etc/podinfo",
-			ReadOnly:  false,
-		},
-	}
-
-}
-
 // GetVolumeMounts - Common VolumeMounts
 func GetVolumeMounts(serviceName string) []corev1.VolumeMount {
 	return []corev1.VolumeMount{
 		{
-			Name:      "scripts",
-			MountPath: "/usr/local/bin/container-scripts",
-			ReadOnly:  true,
-		},
-		{
-			Name:      "config-data-merged",
-			MountPath: "/var/lib/config-data/merged",
+			Name:      "config",
+			MountPath: "/var/lib/config-data/default",
 			ReadOnly:  false,
 		},
 		{
-			Name:      "config-data-merged",
+			Name:      "config",
 			MountPath: "/var/lib/kolla/config_files/config.json",
 			SubPath:   serviceName + "-config.json",
 			ReadOnly:  true,