kolla: gate prometheus image by release#295
Merged
Merged
Conversation
prometheus_server_image gated the modern 'prometheus-server' name behind an exact allowlist (openstack_version in ['2025.1']) and fell back to the legacy 'prometheus-v2-server' otherwise. Kolla renamed the image at 2025.1 (Prometheus 2.x -> 3.x) and only builds 'prometheus-v2-server' for 2024.1 and 2024.2, so any release newer than 2025.1 not explicitly added to the list silently resolved to an image that is never built. 2025.2 deploys and upgrades failed pulling kolla/prometheus-v2-server:2025.2 (404) in the monitoring stage. Invert the gate to a legacy denylist: list the two releases that actually build 'prometheus-v2-server' (2024.1, 2024.2) and default to 'prometheus-server' for everything else. 2025.2, master, and all future releases now resolve correctly with no list maintenance, matching the forward-safe shape already used for redis/valkey/proxysql gating. Assisted-by: Claude:claude-opus-4-8 Signed-off-by: Roger Luethi <luethi@osism.tech>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
prometheus_server_imageresolved to the unbuiltprometheus-v2-serverimage on
openstack_version == 2025.2, breaking theprometheusmonitoringstage of any 2025.2 deploy or upgrade:
registry.osism.tech/kolla/prometheus-server:2025.2exists;kolla/prometheus-v2-server:2025.2does not.Root cause
Kolla renamed the image at 2025.1 (Prometheus 2.x → 3.x,
prometheus-v2-server→
prometheus-server) and only buildsprometheus-v2-serverfor 2024.1 /2024.2. The gate encoded "2025.1 and later" as an exact allowlist:
so every release newer than 2025.1 not explicitly added to the list silently
fell through to the legacy
elsebranch.2025.2did not exist when theallowlist was introduced, so it resolved to the retired image.
Fix
Invert the gate into a legacy denylist — name the two releases that actually
build
prometheus-v2-serverand default toprometheus-serverfor everythingelse:
2025.2,master, and every future release now resolve correctly with nolist maintenance. This matches the forward-safe shape already used by the
redis/valkey/proxysqlgates inall/099-kolla.yml.Rejected alternatives: extending the allowlist to
['2025.1', '2025.2'](stillan "and-later" list — rots again at 2025.3), and a raw
>=string comparison(mis-sorts legacy codenames, e.g.
'victoria' >= '2025.1'is lexically true).Audit
This change came out of a sweep of every
openstack_versionlist gate inthe repo. Of the six gates, this
prometheus_server_imageline was the sole"and-later as an allowlist" offender. The other five are already forward-safe —
they either list old releases with the modern value in the fallback branch
(
enable_redis,enable_valkey,enable_proxysql,mariadb_image) or use anot indenylist (horizon_listen_port).🤖 Generated with Claude Code