openshift · openshift-merge-bot · Apr 9, 2026 · Mar 25, 2026 · Mar 25, 2026 · Mar 25, 2026
diff --git a/...prints-bootc/layer4-release/group1/rhel102-bootc-brew-nightly-with-optional.containerfile b/...prints-bootc/layer4-release/group1/rhel102-bootc-brew-nightly-with-optional.containerfile
@@ -0,0 +1,52 @@
+# {{- if env.Getenv "BREW_NIGHTLY_RELEASE_VERSION" "" -}}
+# Note: This comment makes templating add a new line before the code
+FROM localhost/rhel102-test-agent:latest
+
+# Build arguments
+ARG USHIFT_RPM_REPO_NAME=microshift-brew
+ARG USHIFT_RPM_REPO_PATH=/tmp/$USHIFT_RPM_REPO_NAME
+
+# Copy the MicroShift repository contents
+COPY ./rpm-repos/$USHIFT_RPM_REPO_NAME $USHIFT_RPM_REPO_PATH
+
+# Copy repository configuration
+COPY ./bootc-images/$USHIFT_RPM_REPO_NAME.repo ./bootc-images/microshift-fast-datapath-rhel9.repo ./bootc-images/microshift-rhocp-y.repo \
+    /etc/yum.repos.d/
+
+# Print repository configuration contents.
+# Install MicroShift, test agent and cleanup.
+RUN dnf repoinfo --enabled && \
+    dnf install -y firewalld systemd-resolved \
+        {{ range (env.Getenv "MICROSHIFT_MANDATORY_RPMS" | strings.Split " ") -}}
+        "{{ . }}-{{ env.Getenv "BREW_NIGHTLY_RELEASE_VERSION" }}" \
+        {{ end -}}
+        {{ range (env.Getenv "MICROSHIFT_OPTIONAL_RPMS" | strings.Split " ") -}}
+        "{{ . }}-{{ env.Getenv "BREW_NIGHTLY_RELEASE_VERSION" }}" \
+        {{ end -}}
+        {{ if and (env.Getenv "UNAME_M" "") (eq "x86_64" .Env.UNAME_M) -}}
+        {{ range (env.Getenv "MICROSHIFT_X86_64_RPMS" | strings.Split " ") -}}
+        "{{ . }}-{{ env.Getenv "BREW_NIGHTLY_RELEASE_VERSION" }}" \
+        {{ end -}}
+        {{ end -}}
+        && \
+    systemctl enable microshift microshift-test-agent && \
+    rm -vf /etc/yum.repos.d/microshift-*.repo && \
+    rm -rvf $USHIFT_RPM_REPO_PATH && \
+    dnf clean all
+
+# Configure firewall
+RUN firewall-offline-cmd --zone=public --add-port=22/tcp && \
+    firewall-offline-cmd --zone=trusted --add-source=10.42.0.0/16 && \
+    firewall-offline-cmd --zone=trusted --add-source=169.254.169.1 && \
+    firewall-offline-cmd --zone=trusted --add-source=fd01::/48 && \
+    firewall-offline-cmd --zone=public --add-port=80/tcp && \
+    firewall-offline-cmd --zone=public --add-port=443/tcp && \
+    firewall-offline-cmd --zone=public --add-port=5353/udp && \
+    firewall-offline-cmd --zone=public --add-port=6443/tcp && \
+    firewall-offline-cmd --zone=public --add-port=30000-32767/tcp && \
+    firewall-offline-cmd --zone=public --add-port=30000-32767/udp
+
+# Prepare system for testing Generic Device Plugin
+COPY --chmod=755 ./bootc-images/build-serialsim.sh /tmp/build-serialsim.sh
+RUN /tmp/build-serialsim.sh && rm -f /tmp/build-serialsim.sh
+# {{- end -}}
diff --git a/test/image-blueprints-bootc/layer4-release/group2/rhel102-bootc-brew-lrel-fips.containerfile b/test/image-blueprints-bootc/layer4-release/group2/rhel102-bootc-brew-lrel-fips.containerfile
@@ -0,0 +1,19 @@
+# {{- if env.Getenv "BREW_LREL_RELEASE_VERSION" "" -}}
+# Note: This comment makes templating add a new line before the code
+FROM localhost/rhel102-bootc-brew-lrel-optional:latest
+
+# Add fips=1 kernel argument
+# See https://containers.github.io/bootc/building/kernel-arguments.html
+RUN cat > /usr/lib/bootc/kargs.d/01-fips.toml <<'EOF'
+kargs = ["fips=1"]
+match-architectures = ["x86_64"]
+EOF
+
+# Enable the FIPS crypto policy
+#
+# Note: CNI plugins are required for podman to operate normally on RHEL 9.x.
+# This package is no longer installed as cri-o dependency.
+RUN dnf install -y crypto-policies-scripts containernetworking-plugins && \
+    update-crypto-policies --no-reload --set FIPS && \
+    dnf clean all
+# {{- end -}}
diff --git a/.../image-blueprints-bootc/layer4-release/group2/rhel102-bootc-brew-lrel-tuned.containerfile b/.../image-blueprints-bootc/layer4-release/group2/rhel102-bootc-brew-lrel-tuned.containerfile
@@ -0,0 +1,51 @@
+# {{- if env.Getenv "BREW_LREL_RELEASE_VERSION" "" -}}
+# Note: This comment makes templating add a new line before the code
+FROM localhost/rhel102-bootc-brew-lrel-optional:latest
+
+# Enable microshift-tuned service
+RUN systemctl enable microshift-tuned
+
+# Configure MicroShift for low-latency workloads
+RUN cat > /etc/microshift/config.yaml <<'EOF'
+kubelet:
+  cpuManagerPolicy: static
+  cpuManagerPolicyOptions:
+    full-pcpus-only: "true"
+  cpuManagerReconcilePeriod: 5s
+  memoryManagerPolicy: Static
+  topologyManagerPolicy: single-numa-node
+  reservedSystemCPUs: 0-1
+  reservedMemory:
+  - limits:
+      memory: 1100Mi
+    numaNode: 0
+  kubeReserved:
+    memory: 500Mi
+  systemReserved:
+    memory: 500Mi
+  evictionHard:
+    imagefs.available: 15%
+    memory.available: 100Mi
+    nodefs.available: 10%
+    nodefs.inodesFree: 5%
+  evictionPressureTransitionPeriod: 0s
+EOF
+
+# Configure tuned baseline variables
+RUN cat > /etc/tuned/microshift-baseline-variables.conf <<'EOF'
+# Isolated cores should be complementary to kubelet's reserved CPUs.
+# Isolated and reserved CPUs should contain all online CPUs.
+# Core #3 is for testing offlining hence skipped.
+isolated_cores=2,4-5
+hugepages_size=2M
+hugepages=10
+additional_args=test1=on test2=true dummy
+offline_cpu_set=3
+EOF
+
+# Configure MicroShift tuned profile
+RUN cat > /etc/microshift/tuned.yaml <<'EOF'
+profile: microshift-baseline
+reboot_after_apply: True
+EOF
+# {{- end -}}
diff --git a/test/scenarios-bootc/el10/releases/el102-lrel@ai-model-serving-online.sh b/test/scenarios-bootc/el10/releases/el102-lrel@ai-model-serving-online.sh
@@ -0,0 +1,41 @@
+#!/bin/bash
+
+# Sourced from scenario.sh and uses functions defined there.
+
+start_image="rhel102-bootc-brew-lrel-optional"
+
+# Currently, RHOAI is only available for x86_64
+check_platform() {
+    local -r record_junit=${1:-false}
+
+    if [[ "${UNAME_M}" =~ aarch64 ]]; then
+        if "${record_junit}"; then
+            record_junit "setup" "scenario_create_vms" "SKIPPED"
+        fi
+        exit 0
+    fi
+}
+
+scenario_create_vms() {
+    check_platform true
+    exit_if_image_not_found "${start_image}"
+
+    # Increased disk size because of the additional embedded images (especially OVMS which is ~3.5GiB)
+    LVM_SYSROOT_SIZE=20480 prepare_kickstart host1 kickstart-bootc.ks.template "${start_image}"
+    launch_vm rhel102-bootc --vm_disksize 30 --vm_vcpus 4
+}
+
+scenario_remove_vms() {
+    check_platform
+    exit_if_image_not_found "${start_image}"
+
+    remove_vm host1
+}
+
+scenario_run_tests() {
+    check_platform
+    exit_if_image_not_found "${start_image}"
+
+    run_tests host1 \
+        suites/ai-model-serving/ai-model-serving-online.robot
+}
diff --git a/test/scenarios-bootc/el10/releases/el102-lrel@configuration.sh b/test/scenarios-bootc/el10/releases/el102-lrel@configuration.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+
+# Sourced from scenario.sh and uses functions defined there.
+
+start_image="rhel102-bootc-brew-lrel-optional"
+
+scenario_create_vms() {
+    exit_if_image_not_found "${start_image}"
+
+    prepare_kickstart host1 kickstart-bootc.ks.template "${start_image}"
+    launch_vm rhel102-bootc --vm_vcpus 4
+}
+
+scenario_remove_vms() {
+    exit_if_image_not_found "${start_image}"
+
+    remove_vm host1
+}
+
+scenario_run_tests() {
+    exit_if_image_not_found "${start_image}"
+
+    run_tests host1 suites/configuration/
+}
diff --git a/test/scenarios-bootc/el10/releases/el102-lrel@dual-stack.sh b/test/scenarios-bootc/el10/releases/el102-lrel@dual-stack.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+# Sourced from scenario.sh and uses functions defined there.
+
+start_image="rhel102-bootc-brew-lrel-optional"
+
+scenario_create_vms() {
+    exit_if_image_not_found "${start_image}"
+
+    prepare_kickstart host1 kickstart-bootc.ks.template "${start_image}"
+    launch_vm rhel102-bootc --network "${VM_DUAL_STACK_NETWORK}" --vm_vcpus 4
+}
+
+scenario_remove_vms() {
+    exit_if_image_not_found "${start_image}"
+
+    remove_vm host1
+}
+
+scenario_run_tests() {
+    exit_if_image_not_found "${start_image}"
+    run_tests host1 suites/ipv6/dualstack.robot
+}
diff --git a/test/scenarios-bootc/el10/releases/el102-lrel@fips.sh b/test/scenarios-bootc/el10/releases/el102-lrel@fips.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+# Sourced from scenario.sh and uses functions defined there.
+
+start_image="rhel102-bootc-brew-lrel-fips"
+
+check_platform() {
+    if [[ "${UNAME_M}" =~ aarch64 ]] ; then
+        record_junit "setup" "scenario_create_vms" "SKIPPED"
+        exit 0
+    fi
+}
+
+scenario_create_vms() {
+    check_platform
+    exit_if_image_not_found "${start_image}"
+
+    prepare_kickstart host1 kickstart-bootc.ks.template "${start_image}"
+    launch_vm rhel102-bootc --fips --vm_vcpus 4
+}
+
+scenario_remove_vms() {
+    check_platform
+    exit_if_image_not_found "${start_image}"
+
+    remove_vm host1
+}
+
+scenario_run_tests() {
+    check_platform
+    exit_if_image_not_found "${start_image}"
+
+    run_tests host1 suites/fips/
+}
diff --git a/test/scenarios-bootc/el10/releases/el102-lrel@ipv6.sh b/test/scenarios-bootc/el10/releases/el102-lrel@ipv6.sh
@@ -0,0 +1,43 @@
+#!/bin/bash
+
+# Sourced from scenario.sh and uses functions defined there.
+
+# Redefine network-related settings to use the dedicated IPv6 network bridge
+# shellcheck disable=SC2034  # used elsewhere
+VM_BRIDGE_IP="$(get_vm_bridge_ip "${VM_IPV6_NETWORK}")"
+# shellcheck disable=SC2034  # used elsewhere
+WEB_SERVER_URL="http://[${VM_BRIDGE_IP}]:${WEB_SERVER_PORT}"
+
+start_image="rhel102-bootc-brew-lrel-optional"
+
+scenario_create_vms() {
+    exit_if_image_not_found "${start_image}"
+
+    # Using `hostname` here instead of a raw ip because skopeo only allows either
+    # ipv4 or fqdn's, but not ipv6. Since the registry is hosted on the ipv6
+    # network gateway in the host, we need to use a combination of the hostname
+    # plus /etc/hosts resolution (which is taken care of by kickstart).
+    # Save the original value and temporarily override for prepare_kickstart
+    local original_mirror_registry_url="${MIRROR_REGISTRY_URL}"
+    MIRROR_REGISTRY_URL="$(hostname):${MIRROR_REGISTRY_PORT}/microshift"
+
+    # Enable IPv6 single stack in kickstart
+    prepare_kickstart host1 kickstart-bootc.ks.template "${start_image}" false true
+
+    # Restore original MIRROR_REGISTRY_URL for runtime use
+    MIRROR_REGISTRY_URL="${original_mirror_registry_url}"
+
+    launch_vm rhel102-bootc --network "${VM_IPV6_NETWORK}" --vm_vcpus 4
+}
+
+scenario_remove_vms() {
+    exit_if_image_not_found "${start_image}"
+
+    remove_vm host1
+}
+
+scenario_run_tests() {
+    exit_if_image_not_found "${start_image}"
+
+    run_tests host1 suites/ipv6/singlestack.robot
+}
diff --git a/test/scenarios-bootc/el10/releases/el102-lrel@iso-standard1.sh b/test/scenarios-bootc/el10/releases/el102-lrel@iso-standard1.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+# Sourced from scenario.sh and uses functions defined there.
+
+start_image="rhel102-bootc-brew-lrel-optional"
+
+scenario_create_vms() {
+    exit_if_image_not_found "${start_image}"
+
+    prepare_kickstart host1 kickstart-bootc.ks.template "${start_image}"
+    launch_vm "${start_image}" --vm_vcpus 4
+}
+
+scenario_remove_vms() {
+    exit_if_image_not_found "${start_image}"
+
+    remove_vm host1
+}
+
+scenario_run_tests() {
+    exit_if_image_not_found "${start_image}"
+
+    run_tests host1 \
+        --variable "EXPECTED_OS_VERSION:10.2" \
+        suites/standard1/
+}
diff --git a/test/scenarios-bootc/el10/releases/el102-lrel@iso-standard2.sh b/test/scenarios-bootc/el10/releases/el102-lrel@iso-standard2.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+
+# Sourced from scenario.sh and uses functions defined there.
+
+start_image="rhel102-bootc-brew-lrel-optional"
+
+scenario_create_vms() {
+    exit_if_image_not_found "${start_image}"
+
+    prepare_kickstart host1 kickstart-bootc.ks.template "${start_image}"
+    launch_vm "${start_image}" --vm_vcpus 4
+}
+
+scenario_remove_vms() {
+    exit_if_image_not_found "${start_image}"
+
+    remove_vm host1
+}
+
+scenario_run_tests() {
+    exit_if_image_not_found "${start_image}"
+
+    run_tests host1 suites/standard2/
+}
diff --git a/test/scenarios-bootc/el10/releases/el102-lrel@low-latency.sh b/test/scenarios-bootc/el10/releases/el102-lrel@low-latency.sh
@@ -0,0 +1,50 @@
+#!/bin/bash
+
+export SKIP_GREENBOOT=true
+export TEST_RANDOMIZATION=none
+
+# Sourced from scenario.sh and uses functions defined there.
+
+start_image="rhel102-bootc-brew-lrel-tuned"
+
+scenario_create_vms() {
+    exit_if_image_not_found "${start_image}"
+
+    prepare_kickstart host1 kickstart-bootc.ks.template "${start_image}" true
+    launch_vm rhel102-bootc --vm_vcpus 6
+}
+
+scenario_remove_vms() {
+    exit_if_image_not_found "${start_image}"
+
+    remove_vm host1
+}
+
+scenario_run_tests() {
+    exit_if_image_not_found "${start_image}"
+
+    # Should not be run immediately after creating VM because of
+    # microshift-tuned rebooting the node to activate the profile.
+    local -r start_time=$(date +%s)
+    while true; do
+        boot_num=$(run_command_on_vm host1 "sudo journalctl --list-boots --quiet | wc -l" || true)
+        boot_num="${boot_num%$'\r'*}"
+        if [[ "${boot_num}" -ge 2 ]]; then
+            break
+        fi
+        if [ $(( $(date +%s) - start_time )) -gt 60 ]; then
+            echo "Timed out waiting for VM having 2 boots"
+            exit 1
+        fi
+        sleep 5
+    done
+
+    # --exitonfailure because tests within suites are meant to be ordered,
+    # so don't advance to next test if current failed.
+
+    run_tests host1 \
+        --exitonfailure \
+        suites/tuned/microshift-tuned.robot \
+        suites/tuned/workload-partitioning.robot \
+        suites/tuned/uncore-cache.robot
+}