Co-Authored-By: Bartosz Bezak <bartosz@stackhpc.com>

Change-Id: I06a3e9922cf95979f3bca120cd82633046270fa3

Adds support for SASL authentication of libvirt TCP and TLS connections
when using a compute host libvirt daemon.

In line with the dependent Kolla Ansible patch, we enable SASL by
default, and use DIGEST-MD5 with TCP and SCRAM-SHA-256 with TLS.

Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/833022
Depends-On: https://github.com/stackhpc/ansible-role-libvirt-host/pull/52

Story: 2009858
Task: 44735

Change-Id: Id3972c24022aeb6421494c3cccdc8e7cbce802e6

This change adds support for configuration of Apt package manager in
/etc/apt/apt.conf.d/. This allows adding arbitrary global configuration
options for Apt. Options can be added in different files, allowing for
different filename-based priorities.

CI tests and documentation are provided.

Story: 2009655
Task: 43987

Change-Id: I9d7d18851359e97cd01b4c2287bf79110796b25a

This change adds support for configuring Apt repositories on Ubuntu
hosts during host configuration.

Repositories are configured in a single file
(/etc/apt/sources.list.d/kayobe.sources), using the modern deb822
format [1]. This format is more flexible and readable than the original
single-line format, particularly if multiple options are used.

Using a single file allows us to more easily keep the set of
repositories in sync, since Ansible doesn't make it easy to clean things
up.

Support is added for marking repositories as signed by a particular GPG
key. This approach is now preferred over the deprecated [2] apt-key
tool, which resulted in a set of globally trusted keys.

It is also possible to disable the repositories in
/etc/apt/sources.list via apt_disable_sources_list. This allows for
replacing the standard repositories with a local mirror.

CI tests and documentation are provided.

[1] https://manpages.ubuntu.com/manpages/focal/en/man5/sources.list.5.html
[2] https://manpages.ubuntu.com/manpages/groovy/man8/apt-key.8.html

Story: 2009655
Task: 43818

Change-Id: I3f821937b0930a0ac9341178de7ae5123d82b957

Change-Id: If7d6e58b19f98ccb7cc4c209e458cb6f4f4765ad

Sometimes some hosts should be configured with an interface without any
IP address set (e.g. bridged interface) and to achieve that this change
adds the new attribute 'no_ip' for the network configuration. Also the
change contain a test for this.

Change-Id: I2c9dfeca7f0d37a96f9cbd9df51d94098cf07258
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>

EPEL is no longer required for a default installation. Let's disable it.

Also clean up the install_epel variable from Kolla Ansible globals.yml
template, since it never existed.

Story: 2009757
Task: 44227

Change-Id: I96eb4685f997e85ad2ee5318640d58d0287a016d

Change-Id: Ic8c212111301d6b144e3aa0fe124b022b0296ec6

Follow up adding tests for Id60e25e129e323f3c07e702bb81a11efc530fb3e.

Change-Id: Ieb6d6e4d491b4ceb44d5fe364f0da215ac303fe1

Some hosts in the kayobe inventory might not be in the kolla-ansible
inventory so it makes sense for kayobe to manage NTP.

Change-Id: Iacb579a46b0e9769a4c404a858d17968f74dd7e0
Depends-On: https://review.opendev.org/c/openstack/kayobe-config-dev/+/786040
Story: 2007872
Task: 40240

This change adds support for policy-based routing via systemd-networkd.
Due to differences in the configuration mechanism, routing policy
rules are configured via dicts for Ubuntu, while remaining as strings
on CentOS. Ideally we would support both formats.

Story: 2004960
Task: 42217

Change-Id: I77aec0160eb7e4dd763326bfe6e3d9a44b248108

This change adds support for network configuration via systemd-networkd
on Ubuntu systems.

This is implemented via an Ansible Galaxy role,
stackhpc.systemd_networkd which was forked from
aruhier.systemd_networkd. Several improvements were made in
https://github.com/stackhpc/ansible-role-systemd-networkd/pull/1,
including:

* Add support for removing unexpected config files
* Use become where necessary
* Refactor config generation into a single task to improve performance

The systemd_networkd role does not add much abstraction on top of the
systemd-networkd configuration file format, which provides a lot of
flexibility at the expense of additional code in Kayobe. This code is
implemented as filter plugins, similarly to the existing
MichaelRigart.interfaces role.

This patch includes support for:

* Ethernet interfaces
* bridges
* bonds
* VLANs
* virtual Ethernet pairs (to connect Linux bridges and OVS bridges)
* static IP addresses
* static routes
* MTU

Some network attributes are currently not supported for
systemd-networkd:

* rules
* route options
* ethtool_opts
* zone
* allowed addresses

Story: 2004960
Task: 41881

Change-Id: I248b5bb9ce5a80a07a2a311cb3aca6daca920720

Issues:

* bond configuration not working on Ubuntu - disabled in CI test

Story: 2004960
Task: 41560

Change-Id: Ib124dc6f313a2a13fa509b10702c6141f102f2f9

The flag dnf_install_epel was being used to predicate installation
of the EPEL RPM repo package, but not preventing the installation
of configuration for access to EPEL.  This small patch completes
the job.

Updates the overcloud host configure CI job to install EPEL mirrors,
since it was previously relying on this buggy behaviour.

Change-Id: Ib417837d0772338b16ea9f7f2540549f277d5de8

* Always use Python 3
* Drop code paths for CentOS 7
* Drop support for Yum
* Remove support for host NTP daemon, always use chrony
* Switch references from 'yum_install_epel' to 'dnf_install_epel'
* Remove overcloud host image workaround for tagged VLAN admin network
* Remove the kayobe.utils.yum_install function, which is unused

Change-Id: I368f6edafed9779658798fc342116b4c1b3ffd48
Story: 2006574
Task: 39481

This can be advantageous in deployments with a data security
requirement.

Change-Id: I555ee575ccec0cfbcc4c4bcb53677796c83227e3
Story: 2007555
Task: 39410

Tests various non-default configuration:

* Custom users
* Network interfaces, VLANs, bridges, bonds
* Software RAID
* LVM & docker devicemapper
* timezone
* Package mirrors
* yum-cron / DNF automatic

This improved test coverage allows us to be more confident about these
features working on CentOS 8.

Change-Id: I36148e4356deb7d5ec00d8d3ebeb2d3932ff4f94
Story: 2006574
Task: 38938