A common failure early on when using Kayobe is during discovery of SSH
known hosts. This happens if a host does not have an IP address
configured on the admin (SSH) network. The failure looks like this:

PLAY [Ensure known hosts are configured]
**********************************************************************
TASK [ssh-known-host : Scan for SSH keys]
**********************************************************************
failed: [compute0 -> localhost] (item=) => {"ansible_loop_var": "item",
    "changed": false, "cmd": ["ssh-keyscan"], "delta": "0:00:00.013855",
    "end": "2020-04-17 10:51:01.857855", "item": "", "msg": "non-zero
        return code", "rc": 1, "start": "2020-04-17 10:51:01.844000",
    "stderr": "usage: ssh-keyscan [-46cDHv] [-f file] [-p port] [-T
        timeout] [-t type]\n\t\t   [host | addrlist namelist]",
    "stderr_lines": ["u sage: ssh-keyscan [-46cDHv] [-f file] [-p port]
        [-T timeout] [-t type]", "\t\t   [host | addrlist namelist]"],
        "stdout": "", "stdout_lines": []}

This happens when ansible_host is an empty string, typically because the
host has no IP address defined in for the admin network in
network-allocation.yml. This is very confusing for a new user. We should
provide a more informative message.

It's not exactly clear how a user gets to this point, since the
ip-allocation.yml playbook runs before ssh-known-host.yml, which should
populate network-allocation.yml.

This change detects this failure mode and provides a message with
information about how to resolve it.

Change-Id: I564b6e4509a30dec7c49a23bb2f75d490be775ed
Story: 2007566
Task: 39456

Removes and/or replaces all mentions of py27.

Cleans up obsolete requirements and their lower-constraints.

Update cliff minimum to 3.1.0 in requirements.txt, which has a fix for
story 2005891.

Change-Id: I52cffa2f1aee944f79c4618ea20b779755792f2a

Kayobe has a workaround for CentOS cloud images which contain a bogus
nameserver entry in /etc/resolv.conf. By setting
overcloud_host_image_workaround_resolv_enabled to true, the entry would
be removed. Previously we removed a specific IP address - 10.0.2.3 -
that was present in the CentOS 7 images. However, it seems that CentOS 8
images have a different IP - 192.168.122.1.

This change fixes the issue and becomes resilient to future changes by
matching any IP address. This should be fairly safe, since this
workaround is opt-in.

Change-Id: I9323a38cb2bb627ff56f5713900be00595ea8d4b
Story: 2006574
Task: 39484

Kayobe generates passwords.yml for Kolla Ansible, and can encrypt it
using the vault password. Previously this was failing on Python 3 due to
passing a string to file.write() which expects bytes.

This change fixes the issue by encoding the password string passed to
file.write().

This allows us to run the ansible role tests under Python 3.

Change-Id: I33813f79984a46f1967ef3aee455dcfbe7eb93da
Story: 2006574
Task: 39481

Backport: train, stein, rocky

This fixes issues seen with a-universe-from-nothing using stable/train.

Change-Id: Ib477de5f3af2e4c182d0c2999c274dbb5553531c
Story: 2007572
Task: 39469

Use the modern variable in the documented example.

Change-Id: I24560bf22cea28c1afc488c9abf9ea421a0286ad

We can use the Ansible pip module's support for specifying a list of
packages with version constraints.

Change-Id: If5d3c7117175732c54e38025692eb4c036053ebc

Tests various non-default configuration:

* Custom users
* Network interfaces, VLANs, bridges, bonds
* Software RAID
* LVM & docker devicemapper
* timezone
* Package mirrors
* yum-cron / DNF automatic

This improved test coverage allows us to be more confident about these
features working on CentOS 8.

Change-Id: I36148e4356deb7d5ec00d8d3ebeb2d3932ff4f94
Story: 2006574
Task: 38938

Sync with kolla-ansible multinode inventory.

Change-Id: I30bd5286c4783fce544c41e726efc5f800d6f56a

* Change default seed VM image to CentOS 8
* Change default bifrost deploy image to CentOS 8
* Workaround DIB bug
  https://bugs.launchpad.net/diskimage-builder/+bug/1866847 by setting
  DIB_DISABLE_KERNEL_CLEANUP to 1
* Install iptables on seed for SNAT - missing on CentOS 8
* Fix provider network MTU lookup for empty string
* Bump stackhpc.libvirt-host to 1.7.0 for CentOS 8 support
* Bump stackhpc.libvirt-vm to 1.13.0 for CentOS 8 support
* Bump jriguera.configdrive for Python 3 support

Change-Id: Ie0edf6a924a914395c6502e2d5cf1139bce14a48
Story: 2006574
Task: 39000

Some Ruckus switches, e.g. the Ruckus ICX 7150, advertise switch
interface names as switch port descriptions. Unlike Dell switches, there
is no space character between port type and port number. For example:
GigabitEthernet1/1/9.

Update regular expression to match both styles.

Change-Id: I359b07abadc8665ff0a8c3407ca0fc5effc504cf
Story: 2007532
Task: 39343

The seed VM will fail to provision if the Ansible control host and the
seed hypervisor are not the same hosts.

This is because Kayobe creates the seed-vm-user-data file on the
seed-hypervisor host. It then invokes the jriguera.configdrive role
which uses a copy task without remote_src, which fails to find the
source file locally on the Ansible control host.

Instead we create a local temporary file for seed VM user data.

Change-Id: Iabbe4c624b9ad02bb82c323070f99c16e5822966
Story: 2007530
Task: 39338

One way to improve the performance of Ansible is through fact caching.
Rather than gather facts in every play, we can configure Ansible to
cache them in a persistent store. An example Ansible configuration for
doing this is as follows:

[defaults]
gathering = smart
fact_caching = jsonfile
fact_caching_connection = ./facts
fact_caching_timeout = 86400

While this mostly just works, there are a few places where we
unconditionally gather facts using the setup module. This change
modifies these to only gather facts when necessary.

We no longer execute the MichaelRigart.interfaces role using become:
true, since it may gather facts and we do not want it to do so as root.
The role uses become where necessary.

Change-Id: I9984a187fc6c0496ada489bb8eef36e44d695aac
Story: 2007492
Task: 39216

Adds a new variable, 'kolla_enable_openstack_core', which can be set a
default value for whether the default OpenStack services are enabled.
This includes Glance, Heat, Horizon, Ironic, Keystone, Neutron and Nova.
It is 'true' by default.

Change-Id: I7768d3a92272d4353522dbf1a96f124225f4d73d
Story: 2007524
Task: 39315

Kolla Ansible sets kolla_{external,internal}_fqdn_cacert variables with
default values compatible with the use of `kolla-ansible certificates`.

However, when these variables are left unset in Kayobe, which is
generally the case when using trusted certificates, we end up with
openrc files setting OS_CACERT to a file that does not exist:

    ${KOLLA_CONFIG_PATH}/certificates/haproxy-ca.crt

Instead we allow null cacert variables to be passed to kolla-ansible,
which results in openrc files without the bogus OS_CACERT entry.

Change-Id: Ifa615888b6d8d54c9e6314fd90f3fc4872fc6e5a
Story: 2007516
Task: 39299

Now that py2 is gone, oslotest dropped dependency on mock and will
soon affect Ussuri CI [1], let's use unittest.mock built in py3.

This also fixes py38 jobs and proactively prevents py36 and py37
failing due to [1]. This is because we never included mock in
test-requirements and instead relied on oslotest to bring it in.

[1] https://review.opendev.org/716322

Change-Id: I0c18b13c4e1fbaa9db41da4e2039ad908c28caa6

Since Kayobe is now an official OpenStack deliverable, our releases
documentation page is now outdated. It needs to be updated to document
the process using official release tools.

This change makes the releases page more similar to the Kolla release
management page:
https://docs.openstack.org/kolla/latest/contributor/release-management.html.

Change-Id: Ic49a63d66dfdb8e4235a60c1f01ad70bef6bea43
Story: 2007079
Task: 37990

Detect current branch from .gitreview and use upper constraints to
install python-openstackclient, to guarantee compatibility with the
Python version in use.

Change-Id: Ie44508fe3d3b08190afa5a43748e43548a63ff82

There is no activity on the resmo fork of the role and it seems
impossible to get any patches merged.

Change-Id: I1f09f7c11767226e89b34687dab1553e87be76ba
Story: 2005272
Task: 39197