stackhpc-kayobe-config is tightly coupled to private StackHPC infrastructure with no clear documentation for external users

[mohaa7]

I used this repository as a starting point for deploying OpenStack infrastructure, expecting it to serve a similar purpose to the upstream Kayobe config example. However, I quickly discovered that the configuration is deeply coupled to StackHPC’s private internal infrastructure, with no clear documentation warning external users about this dependency.

The repository’s kolla-image-tags.yml references timestamped image tags that are exclusive to StackHPC’s private CI pipeline and internal registry (registry.stackhpc.com):

# src/kayobe-config/etc/kayobe/kolla-image-tags.yml
kolla_image_tags:
  openstack:
    ubuntu-noble: 2025.1-ubuntu-noble-20260205T152450
  grafana:
    ubuntu-noble: 2025.1-ubuntu-noble-20260223T134735
  nova:
    ubuntu-noble: 2025.1-ubuntu-noble-20260220T102812
  octavia:
    ubuntu-noble: 2025.1-ubuntu-noble-20260226T091552

These timestamped tags do not exist on any public registry (including quay.io/openstack.kolla). An external user has no way to pull these images without access to StackHPC’s private registry.stackhpc.com, which requires a customer relationship with StackHPC.

Attempting to work around this by switching to public quay.io images with standard generic tags (e.g., 2025.1-ubuntu-noble) caused a secondary failure in the tools/kolla-images.py script, whose validate() function enforces a hardcoded regex that rejects any tag not matching the proprietary timestamped format:

# Original — rejects public quay.io tags
base_distro: re.compile(rf"^{openstack_release}-{base_distro}-[\d]{{8}}T[\d]{{6}}$")

I was forced to manually patch this regex to make the timestamp suffix optional:

# Patched — accepts both public and private tags
base_distro: re.compile(rf"^{openstack_release}-{base_distro}(-[\d]{{8}}T[\d]{{6}})?$")

And replace all image tags in kolla-image-tags.yml with generic public equivalents:

kolla_image_tags:
  openstack:
    ubuntu-noble: "2025.1-ubuntu-noble"
  grafana:
    ubuntu-noble: "2025.1-ubuntu-noble"
  nova:
    ubuntu-noble: "2025.1-ubuntu-noble"
  octavia:
    ubuntu-noble: "2025.1-ubuntu-noble"

# etc/kayobe/kolla/globals.yml
docker_registry: "quay.io"
docker_namespace: "openstack.kolla"
docker_registry_insecure: false

I raise this as a documentation and usability gap that could save significant time for any external operator who encounters this repository in the future.