In Kayobe hosts which are part of a Nova cell can be managed via the
existing controller and compute groups. However, since Nova Cells are
configured via group vars in Kolla Ansible we need some way of setting
these. We could pass vars through to Kolla Ansible host vars using
`kolla_overcloud_inventory_pass_through_host_vars` but the list of
variables which may be set on a per cell basis is large and undefined.

This change allows the user to directly specify Kolla Ansible group vars
as part of Kayobe config, allowing the deployment of Nova Cells by
Kayobe to be largely unchanged from the procedure documented in Kolla
Ansible.

Change-Id: I2695034d36936fcc77a4828c67f9552155781dd6
Story: 2004291
Task: 37804

Kolla Ansible Train introduces support for TLS encryption of the
internal API. This change introduces support for internal API encryption
in Kayobe.

The following new variables are introduced:

* kolla_enable_tls_internal
* kolla_internal_tls_cert
* kolla_internal_fqdn_cacert

Also only set kolla_*_fqdn_cacert in globals.yml if set.

Change-Id: If432afde374fe247d09c952e110c9567e17daea1
Story: 2006959
Task: 37649

In the Train cycle, Kolla Ansible added support for
docker_custom_config, and writes out configuration to
/etc/docker/daemon.json. This will conflict with Kayobe's configuration
of that file, and changes made by kayobe will be reversed when
kolla-ansible bootstrap-servers is run.

This change uses the new variable to pass daemon.json configuration
through to kolla ansible. Because the ordering has changed, we also need
to separate out the devicemapper setup and run this prior to starting
docker.

Change-Id: Idc3fa9fefd8242ef9db76d4d773885e3594b453a
Depends-On: https://review.opendev.org/691001
Story: 2006764
Task: 37277

Kayobe writes out several host variables to the Kolla ansible inventory
files, etc/kolla/inventory/seed and etc/kolla/inventory/overcloud. These
include ansible_host, and network interfaces such as api_interface,
ironic_dnsmasq_interface, etc.

In Ansible, these should have a higher precedence than the kolla ansible
group variables in ansible/group_vars/all.yml that set the defaults.
However, in Ansible 2.4+, if the host has the same name as a group that
it is in, the group variables now take precedence, meaning that it is
not possible to override them.

This was observed when using the kayobe-config-dev repo for testing,
where the seed host is in the seed group.

Admittedly ansible does tell you not to do this: [WARNING]:
Found both group and host with same name: localhost

The solution used here is to use a separate host_vars file for each
host. Alternatively we could enforce that hostnames and groups do not
overlap.

Change-Id: I349c8279d85a591689ac8108bce14d96889440fe
Story: 2004418
Task: 28065

Change-Id: I4e9030c7786e8c164e83d2d1d56ac3b362597f67

In certain environments, a user's primary group doesn't necessarily
match that of their username.  This change updates various playbooks to
make use of the `ansible_user_gid` fact instead.

This change also makes ownership explicit by using `ansible_user_uid`
instead of `ansible_user` or `ansible_user_id`, where appropriate.

Change-Id: Ifc2ea7d95ec90e91791ccb10772b15d991379479
Story: 2002770
Task: 22636

This commit handles deployment of TLS certificates on control nodes for
use by HAProxy, when kolla_enable_tls_external is True and a new
variable, kolla_tls_cert, is populated with the contents of the
certificate file.

Story: 2001680
Task: 6786

Change-Id: I78df9e2d7acb96a4358ba3819a2dfc65e8c261d5

This is the input file kept in $KAYOBE_CONFIG_PATH, rather than the generated
file in .

The former is a fact, the latter is used to configure the remote connection user
for a host.

Kolla (container images) and kolla-ansible (container deployment) are
separate concerns, and should be treated as such. Configuration
variables have been added for kolla-ansible which were previously shared
between the two projects:

kolla_venv -> kolla_ansible_venv
kolla_ctl_install_type -> kolla_ansible_ctl_install_type

Also, we introduce specific variables for the source code repository
checkout paths, which were previously both based on
source_checkout_path:

kolla_source_path
kolla_ansible_source_path

These changes help us to cleanly separate the configuration of paths on
the local (Ansible control) host, from those on the managed (target)
hosts. This is important because the local paths may be specific to the
environment in which the user is running kayobe, but the remote paths
are relatively fixed and specific to the cluster.

This allows a deployer to customise their inventory at various levels, by
providing a custom inventory template for one or more of the sections of the
inventory.

* Top level groups define the roles of hosts, e.g. controller or compute.
* Components define groups of services, e.g. nova or ironic.
* Services define single containers, e.g. nova-compute or ironic-api.

This also adds support for vault encryption of the passwords, allowing them
to be safely stored with other kayobe configuration.

Make ansible_user own files so we don't need to be root.
Files no longer world readable.

We need to make some downstream changes to Kolla currently, so let's install from source
rather than patching.