Skip to content

[openshift_setup] Replace ICSP with IDMS/ITMS for modern mirror confi…#3865

Merged
openshift-merge-bot[bot] merged 1 commit into
mainfrom
rbac-prio-test
Jun 2, 2026
Merged

[openshift_setup] Replace ICSP with IDMS/ITMS for modern mirror confi…#3865
openshift-merge-bot[bot] merged 1 commit into
mainfrom
rbac-prio-test

Conversation

@dsariel
Copy link
Copy Markdown
Contributor

@dsariel dsariel commented Apr 17, 2026
edited by openshift-ci Bot
Loading

[openshift_setup] Replace ICSP with IDMS/ITMS for modern mirror configuration

  • Migrate from deprecated ImageContentSourcePolicy to ImageDigestMirrorSet
  • Add ImageTagMirrorSet for tag-based image pulls
  • Support both digest and tag-based image resolution
  • Enable NeverContactSource in the corresponding downstream patch that contains rbac-proxy registry
  • Improve granular control over mirror selection order

Signed-off-by: David Sariel dsariel@redhat.com

[1]
https://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html/config_apis/imagetagmirrorset-config-openshift-io-v1

[2]
https://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html/config_apis/imagedigestmirrorset-config-openshift-io-v1

ANVIL-58

@softwarefactory-project-zuul
Copy link
Copy Markdown

softwarefactory-project-zuul Bot commented Apr 17, 2026

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/350047a8fe1145fbb99ed778a1cea780

✔️ openstack-k8s-operators-content-provider SUCCESS in 3h 18m 46s
✔️ podified-multinode-edpm-deployment-crc SUCCESS in 1h 33m 45s
✔️ cifmw-crc-podified-edpm-baremetal SUCCESS in 1h 51m 00s
✔️ cifmw-crc-podified-edpm-baremetal-minor-update SUCCESS in 2h 09m 42s
✔️ cifmw-pod-zuul-files SUCCESS in 4m 54s
✔️ adoption-standalone-to-crc-ceph-provider SUCCESS in 3h 05m 42s
✔️ noop SUCCESS in 0s
✔️ cifmw-pod-ansible-test SUCCESS in 8m 16s
cifmw-pod-pre-commit FAILURE in 8m 26s
cifmw-molecule-openshift_setup FAILURE in 11m 37s

@danpawlik
Copy link
Copy Markdown
Contributor

danpawlik commented Apr 22, 2026

Please fix pre-commit errors - especially empty line on the end of the file which was also raised by git

@centosinfra-prod-github-app
Copy link
Copy Markdown

centosinfra-prod-github-app Bot commented May 3, 2026

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://gateway-cloud-softwarefactory.apps.ocp.cloud.ci.centos.org/zuul/t/rdo/buildset/3c2deb47e91741e29fec2da22d698755

✔️ openstack-k8s-operators-content-provider SUCCESS in 17m 09s
podified-multinode-edpm-deployment-crc RETRY_LIMIT Ansible setup timeout in 1m 18s
cifmw-crc-podified-edpm-baremetal RETRY_LIMIT in 27s
cifmw-crc-podified-edpm-baremetal-minor-update RETRY_LIMIT in 27s
✔️ cifmw-pod-zuul-files SUCCESS in 6m 07s
adoption-standalone-to-crc-ceph-provider RETRY_LIMIT Ansible setup timeout in 1m 17s
✔️ noop SUCCESS in 0s
✔️ cifmw-pod-ansible-test SUCCESS in 10m 07s
cifmw-pod-pre-commit FAILURE in 9m 35s
cifmw-molecule-openshift_setup RETRY_LIMIT in 22s

@centosinfra-prod-github-app
Copy link
Copy Markdown

centosinfra-prod-github-app Bot commented May 3, 2026

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://gateway-cloud-softwarefactory.apps.ocp.cloud.ci.centos.org/zuul/t/rdo/buildset/dd6449f9deda4f81b3c84f96decba8c2

✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 37m 23s
✔️ podified-multinode-edpm-deployment-crc SUCCESS in 1h 24m 53s
cifmw-crc-podified-edpm-baremetal RETRY_LIMIT in 27s
cifmw-crc-podified-edpm-baremetal-minor-update RETRY_LIMIT in 28s
✔️ cifmw-pod-zuul-files SUCCESS in 5m 24s
adoption-standalone-to-crc-ceph-provider RETRY_LIMIT in 27s
✔️ noop SUCCESS in 0s
✔️ cifmw-pod-ansible-test SUCCESS in 9m 23s
cifmw-pod-pre-commit FAILURE in 8m 38s
cifmw-molecule-openshift_setup RETRY_LIMIT in 22s

@centosinfra-prod-github-app
Copy link
Copy Markdown

centosinfra-prod-github-app Bot commented May 4, 2026

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://gateway-cloud-softwarefactory.apps.ocp.cloud.ci.centos.org/zuul/t/rdo/buildset/6ac3c969d7e64830b89dc8537771faea

✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 35m 07s
✔️ podified-multinode-edpm-deployment-crc SUCCESS in 1h 22m 40s
cifmw-crc-podified-edpm-baremetal RETRY_LIMIT in 28s
cifmw-crc-podified-edpm-baremetal-minor-update RETRY_LIMIT in 27s
✔️ cifmw-pod-zuul-files SUCCESS in 5m 23s
adoption-standalone-to-crc-ceph-provider RETRY_LIMIT in 28s
✔️ noop SUCCESS in 0s
✔️ cifmw-pod-ansible-test SUCCESS in 9m 36s
✔️ cifmw-pod-pre-commit SUCCESS in 8m 58s
cifmw-molecule-openshift_setup RETRY_LIMIT in 22s

@dsariel
Copy link
Copy Markdown
Contributor Author

dsariel commented May 4, 2026

recheck

@centosinfra-prod-github-app
Copy link
Copy Markdown

centosinfra-prod-github-app Bot commented May 4, 2026

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://gateway-cloud-softwarefactory.apps.ocp.cloud.ci.centos.org/zuul/t/rdo/buildset/8db4ad29f1f241b6a53fad776ff5aecd

✔️ openstack-k8s-operators-content-provider SUCCESS in 31m 20s
podified-multinode-edpm-deployment-crc RETRY_LIMIT in 16s
cifmw-crc-podified-edpm-baremetal RETRY_LIMIT in 11s
cifmw-crc-podified-edpm-baremetal-minor-update RETRY_LIMIT in 29s
✔️ cifmw-pod-zuul-files SUCCESS in 7m 59s
adoption-standalone-to-crc-ceph-provider RETRY_LIMIT in 41s
✔️ noop SUCCESS in 0s
✔️ cifmw-pod-ansible-test SUCCESS in 11m 45s
cifmw-pod-pre-commit FAILURE in 11m 12s
cifmw-molecule-openshift_setup RETRY_LIMIT in 21s

@centosinfra-prod-github-app
Copy link
Copy Markdown

centosinfra-prod-github-app Bot commented May 4, 2026

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://gateway-cloud-softwarefactory.apps.ocp.cloud.ci.centos.org/zuul/t/rdo/buildset/65ab944a60a3483faeb605a56cfd7524

✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 38m 05s
✔️ podified-multinode-edpm-deployment-crc SUCCESS in 1h 26m 19s
cifmw-crc-podified-edpm-baremetal RETRY_LIMIT in 26s
cifmw-crc-podified-edpm-baremetal-minor-update RETRY_LIMIT in 27s
✔️ cifmw-pod-zuul-files SUCCESS in 6m 03s
adoption-standalone-to-crc-ceph-provider RETRY_LIMIT in 28s
✔️ noop SUCCESS in 0s
✔️ cifmw-pod-ansible-test SUCCESS in 10m 19s
✔️ cifmw-pod-pre-commit SUCCESS in 9m 30s
cifmw-molecule-openshift_setup RETRY_LIMIT in 21s

@nemarjan
Copy link
Copy Markdown
Contributor

nemarjan commented May 6, 2026

recheck

@centosinfra-prod-github-app
Copy link
Copy Markdown

centosinfra-prod-github-app Bot commented May 6, 2026

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://gateway-cloud-softwarefactory.apps.ocp.cloud.ci.centos.org/zuul/t/rdoproject.org/buildset/33320ae39c8445e888adcef27e0da2b0

✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 28m 59s
✔️ podified-multinode-edpm-deployment-crc SUCCESS in 1h 29m 45s
✔️ cifmw-crc-podified-edpm-baremetal SUCCESS in 1h 38m 10s
✔️ cifmw-crc-podified-edpm-baremetal-minor-update SUCCESS in 2h 13m 56s
✔️ cifmw-pod-zuul-files SUCCESS in 6m 30s
adoption-standalone-to-crc-ceph-provider RETRY_LIMIT in 27s
✔️ noop SUCCESS in 0s
✔️ cifmw-pod-ansible-test SUCCESS in 10m 51s
✔️ cifmw-pod-pre-commit SUCCESS in 10m 01s
cifmw-molecule-openshift_setup FAILURE in 15m 28s

@dsariel
Copy link
Copy Markdown
Contributor Author

dsariel commented May 8, 2026

recheck

@centosinfra-prod-github-app
Copy link
Copy Markdown

centosinfra-prod-github-app Bot commented May 8, 2026

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://gateway-cloud-softwarefactory.apps.ocp.cloud.ci.centos.org/zuul/t/rdoproject.org/buildset/15b69ca8d2cc4b7a9db4ca26b9f0a2a6

✔️ openstack-k8s-operators-content-provider SUCCESS in 4h 07m 14s
✔️ podified-multinode-edpm-deployment-crc SUCCESS in 1h 24m 33s
✔️ cifmw-crc-podified-edpm-baremetal SUCCESS in 1h 29m 58s
✔️ cifmw-crc-podified-edpm-baremetal-minor-update SUCCESS in 2h 10m 13s
✔️ cifmw-pod-zuul-files SUCCESS in 5m 06s
adoption-standalone-to-crc-ceph-provider POST_FAILURE in 3h 06m 38s
✔️ noop SUCCESS in 0s
✔️ cifmw-pod-ansible-test SUCCESS in 9m 00s
✔️ cifmw-pod-pre-commit SUCCESS in 8m 05s
cifmw-molecule-openshift_setup FAILURE in 13m 35s

@dsariel
Copy link
Copy Markdown
Contributor Author

dsariel commented May 18, 2026

recheck

@centosinfra-prod-github-app
Copy link
Copy Markdown

centosinfra-prod-github-app Bot commented May 19, 2026

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://gateway-cloud-softwarefactory.apps.ocp.cloud.ci.centos.org/zuul/t/rdoproject.org/buildset/365007c3cc324f69afe94626baab1291

✔️ openstack-k8s-operators-content-provider SUCCESS in 42m 49s
podified-multinode-edpm-deployment-crc FAILURE in 22m 03s
cifmw-crc-podified-edpm-baremetal FAILURE in 26m 58s
cifmw-crc-podified-edpm-baremetal-minor-update FAILURE in 27m 37s
✔️ cifmw-pod-zuul-files SUCCESS in 5m 12s
adoption-standalone-to-crc-ceph-provider RETRY_LIMIT in 26m 49s
✔️ noop SUCCESS in 0s
✔️ cifmw-pod-ansible-test SUCCESS in 9m 22s
✔️ cifmw-pod-pre-commit SUCCESS in 8m 37s
✔️ cifmw-molecule-openshift_setup SUCCESS in 15m 36s

@dsariel
Copy link
Copy Markdown
Contributor Author

dsariel commented May 19, 2026

recheck

@centosinfra-prod-github-app
Copy link
Copy Markdown

centosinfra-prod-github-app Bot commented May 19, 2026

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://gateway-cloud-softwarefactory.apps.ocp.cloud.ci.centos.org/zuul/t/rdoproject.org/buildset/c34172bd332d4780a0e882d81820983d

openstack-k8s-operators-content-provider FAILURE in 4m 15s
⚠️ podified-multinode-edpm-deployment-crc SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider
⚠️ cifmw-crc-podified-edpm-baremetal SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider
⚠️ cifmw-crc-podified-edpm-baremetal-minor-update SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider
✔️ cifmw-pod-zuul-files SUCCESS in 4m 55s
⚠️ adoption-standalone-to-crc-ceph-provider SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider
✔️ noop SUCCESS in 0s
✔️ cifmw-pod-ansible-test SUCCESS in 8m 47s
✔️ cifmw-pod-pre-commit SUCCESS in 8m 26s
cifmw-molecule-openshift_setup FAILURE in 4m 29s

@dsariel
Copy link
Copy Markdown
Contributor Author

dsariel commented May 19, 2026

recheck

@dsariel
Copy link
Copy Markdown
Contributor Author

dsariel commented May 20, 2026

The change is verified with ci-framework-testproject/-/merge_requests/2222#note_21504986

With only Depends-On: #3865
other changes were comented out.

@nemarjan nemarjan requested a review from evallesp May 25, 2026 09:35
evallesp
evallesp reviewed May 25, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@evallesp evallesp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We also need to update the molecule test

Comment thread roles/openshift_setup/tasks/configure_registries.yml
@nemarjan
Copy link
Copy Markdown
Contributor

nemarjan commented May 25, 2026

(non-blocking) Please update README for the role, new cifmw_openshift_setup_tag_mirrors variable is not documented in the README. Please add an entry similar to the existing cifmw_openshift_setup_digest_mirrors one.

nemarjan
nemarjan reviewed May 25, 2026
View reviewed changes
Comment thread roles/openshift_setup/tasks/configure_registries.yml Outdated
@dsariel
[openshift_setup] Replace ICSP with IDMS/ITMS for modern mirror confi…
dc8bed3 
…guration

- Migrate from deprecated ImageContentSourcePolicy to ImageDigestMirrorSet
- Add ImageTagMirrorSet for tag-based image pulls
- Support both digest and tag-based image resolution
- Enable NeverContactSource in the corresponding downstream patch that
  contains rbac-proxy registry
- Improve granular control over mirror selection order
- Update molecule test

Signed-off-by: David Sariel <dsariel@redhat.com>

[1]
https://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html/config_apis/imagetagmirrorset-config-openshift-io-v1

[2]
https://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html/config_apis/imagedigestmirrorset-config-openshift-io-v1

ANVIL-58
@centosinfra-prod-github-app
Copy link
Copy Markdown

centosinfra-prod-github-app Bot commented May 27, 2026

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://gateway-cloud-softwarefactory.apps.ocp.cloud.ci.centos.org/zuul/t/rdoproject.org/buildset/53a45e6d7b81462d93e1946849062c3a

✔️ openstack-k8s-operators-content-provider SUCCESS in 3h 29m 42s
✔️ podified-multinode-edpm-deployment-crc SUCCESS in 1h 27m 56s
✔️ cifmw-crc-podified-edpm-baremetal SUCCESS in 1h 34m 24s
✔️ cifmw-crc-podified-edpm-baremetal-minor-update SUCCESS in 2h 01m 28s
✔️ cifmw-pod-zuul-files SUCCESS in 5m 00s
adoption-standalone-to-crc-ceph-provider POST_FAILURE in 3h 14m 43s
✔️ noop SUCCESS in 0s
✔️ cifmw-pod-ansible-test SUCCESS in 8m 55s
✔️ cifmw-pod-pre-commit SUCCESS in 8m 37s
✔️ cifmw-molecule-openshift_setup SUCCESS in 15m 56s

@dsariel
Copy link
Copy Markdown
Contributor Author

dsariel commented May 28, 2026

recheck

evallesp
evallesp approved these changes Jun 2, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@evallesp evallesp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci Bot added the lgtm label Jun 2, 2026
@brjackma
Copy link
Copy Markdown
Contributor

brjackma commented Jun 2, 2026

/approve

@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Jun 2, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: brjackma

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci Bot added the approved label Jun 2, 2026
@openshift-merge-bot openshift-merge-bot Bot merged commit 551f772 into main Jun 2, 2026
10 checks passed
@openshift-merge-bot openshift-merge-bot Bot deleted the rbac-prio-test branch June 2, 2026 09:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nemarjan nemarjan nemarjan left review comments

@evallesp evallesp evallesp approved these changes

@brjackma brjackma brjackma approved these changes

Assignees

@evallesp evallesp

Labels

approved lgtm Ready For Review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@dsariel @danpawlik @nemarjan @brjackma @evallesp