Skip to content

kolla: gate prometheus image by release#295

Merged
berendt merged 1 commit into
mainfrom
version-gate-audit
Jul 4, 2026
Merged

kolla: gate prometheus image by release#295
berendt merged 1 commit into
mainfrom
version-gate-audit

Conversation

@ideaship

@ideaship ideaship commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

What

prometheus_server_image resolved to the unbuilt prometheus-v2-server
image on openstack_version == 2025.2, breaking the prometheus monitoring
stage of any 2025.2 deploy or upgrade:

docker.errors.APIError: 500 Server Error ... unknown:
artifact kolla/prometheus-v2-server:2025.2 not found
→ monitoring stage failed

registry.osism.tech/kolla/prometheus-server:2025.2 exists;
kolla/prometheus-v2-server:2025.2 does not.

Root cause

Kolla renamed the image at 2025.1 (Prometheus 2.x → 3.x, prometheus-v2-server
prometheus-server) and only builds prometheus-v2-server for 2024.1 /
2024.2
. The gate encoded "2025.1 and later" as an exact allowlist:

'prometheus-server' if openstack_version in ['2025.1'] else 'prometheus-v2-server'

so every release newer than 2025.1 not explicitly added to the list silently
fell through to the legacy else branch. 2025.2 did not exist when the
allowlist was introduced, so it resolved to the retired image.

Fix

Invert the gate into a legacy denylist — name the two releases that actually
build prometheus-v2-server and default to prometheus-server for everything
else:

'prometheus-v2-server' if openstack_version in ['2024.1', '2024.2'] else 'prometheus-server'

2025.2, master, and every future release now resolve correctly with no
list maintenance
. This matches the forward-safe shape already used by the
redis / valkey / proxysql gates in all/099-kolla.yml.

Rejected alternatives: extending the allowlist to ['2025.1', '2025.2'] (still
an "and-later" list — rots again at 2025.3), and a raw >= string comparison
(mis-sorts legacy codenames, e.g. 'victoria' >= '2025.1' is lexically true).

Audit

This change came out of a sweep of every openstack_version list gate in
the repo. Of the six gates, this prometheus_server_image line was the sole
"and-later as an allowlist" offender. The other five are already forward-safe —
they either list old releases with the modern value in the fallback branch
(enable_redis, enable_valkey, enable_proxysql, mariadb_image) or use a
not in denylist (horizon_listen_port).

🤖 Generated with Claude Code

prometheus_server_image gated the modern 'prometheus-server' name
behind an exact allowlist (openstack_version in ['2025.1']) and fell
back to the legacy 'prometheus-v2-server' otherwise. Kolla renamed the
image at 2025.1 (Prometheus 2.x -> 3.x) and only builds
'prometheus-v2-server' for 2024.1 and 2024.2, so any release newer than
2025.1 not explicitly added to the list silently resolved to an image
that is never built. 2025.2 deploys and upgrades failed pulling
kolla/prometheus-v2-server:2025.2 (404) in the monitoring stage.

Invert the gate to a legacy denylist: list the two releases that
actually build 'prometheus-v2-server' (2024.1, 2024.2) and default to
'prometheus-server' for everything else. 2025.2, master, and all future
releases now resolve correctly with no list maintenance, matching the
forward-safe shape already used for redis/valkey/proxysql gating.

Assisted-by: Claude:claude-opus-4-8
Signed-off-by: Roger Luethi <luethi@osism.tech>
@ideaship ideaship marked this pull request as ready for review July 4, 2026 14:23
@ideaship ideaship requested a review from berendt July 4, 2026 14:23
@ideaship ideaship moved this from New to In review in Human Board Jul 4, 2026
@berendt berendt merged commit 01ef523 into main Jul 4, 2026
3 checks passed
@berendt berendt deleted the version-gate-audit branch July 4, 2026 19:44
@github-project-automation github-project-automation Bot moved this from In review to Done in Human Board Jul 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

Status: Done

Development

Successfully merging this pull request may close these issues.

3 participants