Skip to content

[ARO-22145] Bump to Azure Linux 3.0#4766

Draft
rhamitarora wants to merge 15 commits intomasterfrom
rhamitarora/ARO-22145-azure-linux3
Draft

[ARO-22145] Bump to Azure Linux 3.0#4766
rhamitarora wants to merge 15 commits intomasterfrom
rhamitarora/ARO-22145-azure-linux3

Conversation

@rhamitarora
Copy link
Copy Markdown
Collaborator

@rhamitarora rhamitarora commented Apr 13, 2026
edited by openshift-ci bot
Loading

Which issue this PR addresses:

Fixes ARO-22145 — Migrate Azure Red Hat OpenShift RP/Gateway VMSS from Azure Linux 2.0 (EOL July 31, 2025) to Azure Linux 3.0.

What this PR does / why we need it:

  • Switching VMSS base images from CBL-Mariner 2.0 to Azure Linux 3.0 FIPS
  • Updating Dockerfiles to use azurelinux base images instead of mariner
  • Adding podman 5.x dependencies (crun, netavark) required on Azure Linux 3
  • Removing the iptables firewalld backend switch (Azure Linux 3 uses nftables natively)
  • Updating fluentbit build for Azure Linux 3 compatibility
  • Bumping e2e and CI pipeline resources to Azure Linux 3
  • Adding the Azure Linux extended repo for additional package availability

Test plan for issue:

Verify RP and Gateway VMSS boot and run successfully on Azure Linux 3 FIPS images

Is there any documentation that needs to be updated for this PR?

How do you know this will function as expected in production?

INT and Canary Testing

hawkowl and others added 14 commits April 13, 2026 07:37
@hawkowl @rhamitarora
don't mirror mariner 2.0
a5452f9
@hawkowl @rhamitarora
mariner -> azurelinux, and don't hardcode the 3.0 in the dockerfile
831a520
@hawkowl @rhamitarora
bump dev to azlinux3
f8b2540
@hawkowl @rhamitarora
bump to azure linux 3 FIPS for the VMs
9ab5d80
@hawkowl @rhamitarora
move to fips-by-default on azurelinux3
cf52567
@hawkowl @rhamitarora
add the extended repo as per docs
9485e40
@hawkowl @rhamitarora
whitespace
0a7565f
@hawkowl @rhamitarora
bump e2e resources to azurelinux
4d258fa
@hawkowl @rhamitarora
bump onebranch for validate-roledef
730dc4c
@hawkowl @rhamitarora
bump changes for fluentbit to build on azurelinux3
d3e00fd
@hawkowl @rhamitarora
use 3.12 for ci pipeline too?
3f527b8
@rhamitarora
add missing podman 5.x dependencies (crun, netavark, aardvark-dns)
c880f74 
Podman 5.x on Azure Linux 3 requires crun (OCI runtime), netavark
(network stack), and aardvark-dns explicitly installed. Without these,
az acr login fails with "could not find netavark" on RP and gateway VMSS.

Made-with: Cursor
@rhamitarora
Remove aardvark-dns from install_pkgs (not available on Azure Linux 3)
855c674 
aardvark-dns is not a separate package in Azure Linux 3 repos.
DNS functionality is bundled with netavark on this platform.

Made-with: Cursor
@rhamitarora
Stop switching firewalld backend to iptables on Azure Linux 3
d183584 
On Azure Linux 3, nftables is the default and native firewall backend.
Forcing iptables causes firewalld to crash with a DBus NoReply error
because the iptables backend is not functional on this platform.

Made-with: Cursor
@openshift-ci
Copy link
Copy Markdown

openshift-ci bot commented Apr 13, 2026

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@rhamitarora
make generate changes
d499bc1 
Made-with: Cursor
@rhamitarora rhamitarora force-pushed the rhamitarora/ARO-22145-azure-linux3 branch from 273c839 to d499bc1 Compare April 13, 2026 02:54
@rhamitarora rhamitarora changed the title azure linux3 [ARO-22145] Bump to Azure Linux 3.0 Apr 13, 2026
@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 13, 2026

Please rebase pull request.

1 similar comment
@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 13, 2026

Please rebase pull request.

@github-actions github-actions bot added the needs-rebase branch needs a rebase label Apr 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bennerv bennerv Awaiting requested review from bennerv bennerv will be requested when the pull request is marked ready for review bennerv is a code owner

@hawkowl hawkowl Awaiting requested review from hawkowl hawkowl will be requested when the pull request is marked ready for review hawkowl is a code owner

@rogbas rogbas Awaiting requested review from rogbas rogbas will be requested when the pull request is marked ready for review rogbas is a code owner

@mrWinston mrWinston Awaiting requested review from mrWinston mrWinston will be requested when the pull request is marked ready for review mrWinston is a code owner

@jharrington22 jharrington22 Awaiting requested review from jharrington22 jharrington22 will be requested when the pull request is marked ready for review jharrington22 is a code owner

@cadenmarchese cadenmarchese Awaiting requested review from cadenmarchese cadenmarchese will be requested when the pull request is marked ready for review cadenmarchese is a code owner

@yjst2012 yjst2012 Awaiting requested review from yjst2012 yjst2012 will be requested when the pull request is marked ready for review yjst2012 is a code owner

@hlipsig hlipsig Awaiting requested review from hlipsig hlipsig will be requested when the pull request is marked ready for review hlipsig is a code owner

@tiguelu tiguelu Awaiting requested review from tiguelu tiguelu will be requested when the pull request is marked ready for review tiguelu is a code owner

@mociarain mociarain Awaiting requested review from mociarain mociarain will be requested when the pull request is marked ready for review mociarain is a code owner

@kimorris27 kimorris27 Awaiting requested review from kimorris27 kimorris27 will be requested when the pull request is marked ready for review kimorris27 is a code owner

@tsatam tsatam Awaiting requested review from tsatam tsatam will be requested when the pull request is marked ready for review tsatam is a code owner

@sankur-codes sankur-codes Awaiting requested review from sankur-codes sankur-codes will be requested when the pull request is marked ready for review sankur-codes is a code owner

@wanghaoran1988 wanghaoran1988 Awaiting requested review from wanghaoran1988 wanghaoran1988 will be requested when the pull request is marked ready for review wanghaoran1988 is a code owner

@alcasim alcasim Awaiting requested review from alcasim alcasim will be requested when the pull request is marked ready for review alcasim is a code owner

@tuxerrante tuxerrante Awaiting requested review from tuxerrante tuxerrante will be requested when the pull request is marked ready for review tuxerrante is a code owner

@ventifus ventifus Awaiting requested review from ventifus ventifus will be requested when the pull request is marked ready for review ventifus is a code owner

@kevinobriendotca kevinobriendotca Awaiting requested review from kevinobriendotca kevinobriendotca will be requested when the pull request is marked ready for review kevinobriendotca is a code owner

Copilot code review Copilot Awaiting requested review from Copilot Copilot will automatically review once the pull request is marked ready for review

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

needs-rebase branch needs a rebase

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rhamitarora @hawkowl