Add sync versions command for Kolla version synchronization (#1863)

berendt · web-flow · commit c4c0af2f0b09 · 2025-11-28T22:55:21.000+01:00
Introduces a new CLI command `osism sync versions [kolla]` that extracts
version information from SBOM container images and renders them to the
configuration repository. Uses skopeo for container image extraction
(no Docker required).

Features:
- Extracts versions from registry.osism.cloud/kolla/sbom:&lt;version&gt;
- Automatically uses kolla/release namespace for versions starting with 'v'
- Renders Kolla version template to environments/kolla/versions.yml
- Supports --dry-run mode for preview without writing files
- Positional type argument (currently: kolla) for future extensibility

AI-assisted: Claude Code

Signed-off-by: Christian Berendt &lt;berendt@osism.tech&gt;
diff --git a/Containerfile b/Containerfile
@@ -48,6 +48,7 @@ apk add --no-cache \
   libyang \
   openssh-client \
   procps \
+  skopeo \
   tini
 
 # install python packages
diff --git a/osism/commands/sync.py b/osism/commands/sync.py
@@ -1,9 +1,18 @@
 # SPDX-License-Identifier: Apache-2.0
 
+import os
+import subprocess
+import tarfile
+import tempfile
+from pathlib import Path
+
 from cliff.command import Command
+import jinja2
 from loguru import logger
+from yaml import safe_load, YAMLError
 
 from osism import utils
+from osism.data import TEMPLATE_KOLLA_VERSIONS
 from osism.tasks import ansible, conductor, handle_task
 
 
@@ -96,3 +105,201 @@ def take_action(self, parsed_args):
 
         rc = handle_task(task, wait=wait)
         return rc
+
+
+class Versions(Command):
+    """Sync Kolla versions from SBOM container image to configuration repository."""
+
+    def get_parser(self, prog_name):
+        parser = super(Versions, self).get_parser(prog_name)
+        parser.add_argument(
+            "type",
+            nargs="?",
+            default="kolla",
+            choices=["kolla"],
+            help="Type of versions to sync (default: kolla)",
+        )
+        parser.add_argument(
+            "--openstack-version",
+            type=str,
+            default=os.environ.get("OPENSTACK_VERSION", "2025.1"),
+            help="OpenStack version (default: 2025.1, env: OPENSTACK_VERSION)",
+        )
+        parser.add_argument(
+            "--configuration-path",
+            type=str,
+            default="/opt/configuration",
+            help="Path to configuration repository (default: /opt/configuration)",
+        )
+        parser.add_argument(
+            "--sbom-image",
+            type=str,
+            default=None,
+            help="SBOM container image (default: registry.osism.cloud/kolla/sbom:<version>)",
+        )
+        parser.add_argument(
+            "--dry-run",
+            default=False,
+            help="Show rendered versions without writing to file",
+            action="store_true",
+        )
+        return parser
+
+    def _extract_sbom_with_skopeo(self, image_ref: str) -> dict:
+        """
+        Extract SBOM from container image using skopeo.
+
+        Args:
+            image_ref: Container image reference
+
+        Returns:
+            Parsed SBOM data dictionary
+        """
+        with tempfile.TemporaryDirectory() as tmpdir:
+            oci_dir = Path(tmpdir) / "oci"
+
+            logger.info(f"Copying image {image_ref} using skopeo...")
+            try:
+                subprocess.run(
+                    [
+                        "skopeo",
+                        "copy",
+                        f"docker://{image_ref}",
+                        f"oci:{oci_dir}:latest",
+                    ],
+                    check=True,
+                    capture_output=True,
+                    text=True,
+                )
+            except subprocess.CalledProcessError as e:
+                logger.error(f"Failed to copy image with skopeo: {e.stderr}")
+                raise RuntimeError(f"skopeo copy failed: {e.stderr}")
+            except FileNotFoundError:
+                logger.error("skopeo not found. Please install skopeo.")
+                raise RuntimeError("skopeo not found")
+
+            logger.info("Extracting images.yml from OCI image...")
+
+            # Read the OCI index to find the manifest
+            index_path = oci_dir / "index.json"
+            with open(index_path) as f:
+                index = safe_load(f)
+
+            # Get the manifest digest
+            manifest_digest = index["manifests"][0]["digest"]
+            manifest_hash = manifest_digest.split(":")[1]
+
+            # Read the manifest
+            manifest_path = oci_dir / "blobs" / "sha256" / manifest_hash
+            with open(manifest_path) as f:
+                manifest = safe_load(f)
+
+            # Extract each layer and look for images.yml
+            sbom = None
+            for layer in manifest["layers"]:
+                layer_digest = layer["digest"]
+                layer_hash = layer_digest.split(":")[1]
+                layer_path = oci_dir / "blobs" / "sha256" / layer_hash
+
+                try:
+                    with tarfile.open(layer_path, "r:*") as tar:
+                        for member in tar.getmembers():
+                            if member.name == "images.yml" or member.name.endswith(
+                                "/images.yml"
+                            ):
+                                extracted = tar.extractfile(member)
+                                if extracted:
+                                    sbom = safe_load(extracted.read())
+                                    logger.success("Found and extracted images.yml")
+                                    break
+                except (tarfile.TarError, EOFError):
+                    # Not a tar file or empty, skip
+                    continue
+
+                if sbom:
+                    break
+
+            if sbom is None:
+                raise RuntimeError("images.yml not found in container image")
+
+            return sbom
+
+    def take_action(self, parsed_args):
+        sync_type = parsed_args.type
+        openstack_version = parsed_args.openstack_version
+        config_path = Path(parsed_args.configuration_path)
+        dry_run = parsed_args.dry_run
+
+        if sync_type == "kolla":
+            return self._sync_kolla_versions(
+                openstack_version, config_path, parsed_args.sbom_image, dry_run
+            )
+
+        logger.error(f"Unknown sync type: {sync_type}")
+        return 1
+
+    def _sync_kolla_versions(
+        self,
+        openstack_version: str,
+        config_path: Path,
+        sbom_image: str | None,
+        dry_run: bool,
+    ) -> int:
+        """Sync Kolla versions from SBOM container image."""
+
+        # Construct SBOM image reference if not provided
+        if sbom_image is None:
+            # Use kolla/release namespace for versions starting with 'v' (e.g. v0.20251128.0)
+            if openstack_version.startswith("v"):
+                sbom_image = f"registry.osism.cloud/kolla/release:{openstack_version}"
+            else:
+                sbom_image = f"registry.osism.cloud/kolla/sbom:{openstack_version}"
+
+        logger.info(f"OpenStack version: {openstack_version}")
+        logger.info(f"Configuration path: {config_path}")
+        logger.info(f"SBOM image: {sbom_image}")
+
+        # Check configuration path exists
+        if not dry_run and not config_path.exists():
+            logger.error(f"Configuration path does not exist: {config_path}")
+            return 1
+
+        # Extract SBOM from container
+        try:
+            sbom = self._extract_sbom_with_skopeo(sbom_image)
+        except RuntimeError as e:
+            logger.error(str(e))
+            return 1
+        except YAMLError as e:
+            logger.error(f"Failed to parse SBOM YAML: {e}")
+            return 1
+
+        versions = sbom.get("versions", {})
+        logger.info(f"Found {len(versions)} version entries in SBOM")
+
+        # Render template
+        environment = jinja2.Environment()
+        template = environment.from_string(TEMPLATE_KOLLA_VERSIONS)
+        result = template.render(
+            {
+                "openstack_version": openstack_version,
+                "versions": versions,
+            }
+        )
+
+        if dry_run:
+            logger.info("Dry run - rendered versions.yml:")
+            print(result)
+            return 0
+
+        # Write to configuration repository
+        output_path = config_path / "environments" / "kolla" / "versions.yml"
+
+        # Ensure directory exists
+        output_path.parent.mkdir(parents=True, exist_ok=True)
+
+        with open(output_path, "w") as f:
+            f.write(result)
+
+        logger.success(f"Versions written to {output_path}")
+        return 0
diff --git a/osism/data/__init__.py b/osism/data/__init__.py
@@ -135,3 +135,64 @@
         build_date: {{ image_builddate }}
 
 """
+
+TEMPLATE_KOLLA_VERSIONS = """---
+kolla_aodh_version: "{{ versions['aodh']|default(openstack_version) }}"
+kolla_barbican_version: "{{ versions['barbican']|default(openstack_version) }}"
+kolla_ceilometer_version: "{{ versions['ceilometer']|default(openstack_version) }}"
+kolla_cinder_version: "{{ versions['cinder']|default(openstack_version) }}"
+kolla_cloudkitty_version: "{{ versions['cloudkitty']|default(openstack_version) }}"
+kolla_common_version: "{{ versions['kolla_toolbox']|default(openstack_version) }}"
+kolla_cron_version: "{{ versions['cron']|default(openstack_version) }}"
+kolla_designate_version: "{{ versions['designate']|default(openstack_version) }}"
+kolla_dnsmasq_version: "{{ versions['dnsmasq']|default(openstack_version) }}"
+kolla_fluentd_version: "{{ versions['fluentd']|default(openstack_version) }}"
+kolla_glance_version: "{{ versions['glance']|default(openstack_version) }}"
+kolla_gnocchi_version: "{{ versions['gnocchi']|default(openstack_version) }}"
+kolla_grafana_version: "{{ versions['grafana']|default(openstack_version) }}"
+kolla_haproxy_version: "{{ versions['haproxy']|default(openstack_version) }}"
+kolla_haproxy_ssh_version: "{{ versions['haproxy_ssh']|default(openstack_version) }}"
+kolla_horizon_version: "{{ versions['horizon']|default(openstack_version) }}"
+kolla_ironic_inspector_version: "{{ versions['ironic_inspector']|default(openstack_version) }}"
+kolla_ironic_version: "{{ versions['ironic']|default(openstack_version) }}"
+kolla_iscsid_version: "{{ versions['iscsid']|default(openstack_version) }}"
+kolla_keepalived_version: "{{ versions['keepalived']|default(openstack_version) }}"
+kolla_keystone_version: "{{ versions['keystone']|default(openstack_version) }}"
+kolla_magnum_version: "{{ versions['magnum']|default(openstack_version) }}"
+kolla_manila_version: "{{ versions['manila']|default(openstack_version) }}"
+kolla_mariadb_version: "{{ versions['mariadb']|default(openstack_version) }}"
+kolla_memcached_version: "{{ versions['memcached']|default(openstack_version) }}"
+kolla_multipathd_version: "{{ versions['multipathd']|default(openstack_version) }}"
+kolla_neutron_version: "{{ versions['neutron']|default(openstack_version) }}"
+kolla_nova_version: "{{ versions['nova']|default(openstack_version) }}"
+kolla_octavia_version: "{{ versions['octavia']|default(openstack_version) }}"
+kolla_opensearch_version: "{{ versions['opensearch']|default(openstack_version) }}"
+kolla_openvswitch_version: "{{ versions['openvswitch']|default(openstack_version) }}"
+kolla_ovn_version: "{{ versions['ovn']|default(openstack_version) }}"
+kolla_placement_version: "{{ versions['placement']|default(openstack_version) }}"
+kolla_prometheus_version: "{{ versions['prometheus']|default(openstack_version) }}"
+kolla_proxysql_version: "{{ versions['proxysql']|default(openstack_version) }}"
+kolla_rabbitmq_version: "{{ versions['rabbitmq']|default(openstack_version) }}"
+kolla_redis_version: "{{ versions['redis']|default(openstack_version) }}"
+kolla_skyline_version: "{{ versions['skyline']|default(openstack_version) }}"
+kolla_tgtd_version: "{{ versions['tgtd']|default(openstack_version) }}"
+kolla_watcher_version: "{{ versions['watcher']|default(openstack_version) }}"
+
+kolla_nova_libvirt_version: "{{ versions['nova_libvirt']|default(openstack_version) }}"
+kolla_opensearch_dashboards_version: "{{ versions['opensearch_dashboards']|default(openstack_version) }}"
+kolla_skyline_console_version: "{{ versions['skyline_console']|default(openstack_version) }}"
+
+kolla_prometheus_alertmanager_version: "{{ versions['prometheus_alertmanager']|default(openstack_version) }}"
+kolla_prometheus_blackbox_exporter_version: "{{ versions['prometheus_blackbox_exporter']|default(openstack_version) }}"
+kolla_prometheus_cadvisor_version: "{{ versions['prometheus_cadvisor']|default(openstack_version) }}"
+kolla_prometheus_elasticsearch_exporter_version: "{{ versions['prometheus_elasticsearch_exporter']|default(openstack_version) }}"
+kolla_prometheus_libvirt_exporter_version: "{{ versions['prometheus_libvirt_exporter']|default(openstack_version) }}"
+kolla_prometheus_memcached_exporter_version: "{{ versions['prometheus_memcached_exporter']|default(openstack_version) }}"
+kolla_prometheus_mysqld_exporter_version: "{{ versions['prometheus_mysqld_exporter']|default(openstack_version) }}"
+kolla_prometheus_node_exporter_version: "{{ versions['prometheus_node_exporter']|default(openstack_version) }}"
+kolla_prometheus_openstack_exporter_version: "{{ versions['prometheus_openstack_exporter']|default(openstack_version) }}"
+kolla_ironic_prometheus_exporter_version: "{{ versions['ironic']|default(openstack_version) }}"
+
+kolla_letsencrypt_lego_version: "{{ versions['letsencrypt_lego']|default(openstack_version) }}"
+kolla_letsencrypt_webserver_version: "{{ versions['letsencrypt_webserver']|default(openstack_version) }}"
+"""
diff --git a/setup.cfg b/setup.cfg
@@ -141,6 +141,7 @@ osism.commands:
     sync ironic = osism.commands.netbox:Ironic
     sync netbox = osism.commands.netbox:Sync
     sync sonic = osism.commands.sync:Sonic
+    sync versions = osism.commands.sync:Versions
     task list = osism.commands.get:Tasks
     task revoke = osism.commands.task:Revoke
     lock = osism.commands.lock:Lock
