Closes-Bug: #2095607
Change-Id: Ie1372ce307011c6f2560c7f1fcd520187810fab8
(cherry picked from commit fec66c1334fe798d073954002a668662065be277)
(cherry picked from commit 1845fb8100cc3f3031cfe238c091ecbb2224026f)

Adds support for setting the system scope to user role assignments.
Also updates the domain assignment so it can be customised.

Note that the scope assignments follow the precedence of
project->domain->system [1]. As such, the previous default value of
domain was being ignored as we always set a project, so the removal of
the default domain in this patch has no effect on existing behaviour.

1. https://docs.ansible.com/ansible/latest/collections/openstack/cloud/role_assignment_module.html#parameter-system

Change-Id: Ie7fe78ab67b1bf8a19def25fef321de5c2d80aa9
(cherry picked from commit 2f124f8e)

The ``ironic-inspector`` service user is now assigned the system scope
``all``. This allows it to create baremetal ports during node inspection
again.

Default project and domain vars are removed as you cannot combine these
with system scope.

Closes-Bug: #2064655
Change-Id: I5e3c29faae4c2531b269c37874ade368c1aab39f
(cherry picked from commit e0c095fd)

The ``ironic-inspector`` service user is now assigned the system scope
``all``. This allows it to create baremetal ports during node inspection
again.

Default project and domain vars are removed as you cannot combine these
with system scope.

Closes-Bug: #2064655
Change-Id: I5e3c29faae4c2531b269c37874ade368c1aab39f

Fixed Grafana role tasks failing when running
with Ansible check mode enabled.

Closes-Bug: 2095592
Change-Id: Ibe5a132e109bc46ab7875b70f8357a2f580f931e
(cherry picked from commit b59fe6cc)

Fixed Magnum role failed to create trustee user role when running
with Ansible check mode enabled.

Closes-Bug: 2095519
Change-Id: I6627e12e53e7223340b26cfbe6e6e1f2c6a3d4fe
(cherry picked from commit 72ffcfb6)

Fixed check mode support for Opensearch role.

Closes-Bug: 2095515

Change-Id: I51c10c614f8e5a553d0faaf4920454fd0541646e
(cherry picked from commit 33fa9c18)

Closes-Bug: #2062401
Change-Id: I2f2bdbc9e1c6ad6da4ac7098ddd36143123c3062
(cherry picked from commit 904fae2a)

The ``ironic-inspector`` service user is now assigned the system scope
``all``. This allows it to create baremetal ports during node inspection
again.

Default project and domain vars are removed as you cannot combine these
with system scope.

Closes-Bug: #2064655
Change-Id: I5e3c29faae4c2531b269c37874ade368c1aab39f
(cherry picked from commit e0c095fd)

Adds support for setting the system scope to user role assignments.
Also updates the domain assignment so it can be customised.

Note that the scope assignments follow the precedence of
project->domain->system [1]. As such, the previous default value of
domain was being ignored as we always set a project, so the removal of
the default domain in this patch has no effect on existing behaviour.

1. https://docs.ansible.com/ansible/latest/collections/openstack/cloud/role_assignment_module.html#parameter-system

Change-Id: Ie7fe78ab67b1bf8a19def25fef321de5c2d80aa9
(cherry picked from commit 2f124f8e)

Change-Id: I3c419b4b2a86eb059744b05e4be797ea7ace8816
(cherry picked from commit 31c7317a)

Since we switched to proxysql as default - we've been seeing healthy
mariadb nodes being marked as OFFLINE_HARD by proxysql due to timeouts.

This seems to fix that.

Change-Id: I969db1f2b6c7a7ea821ec51c73e9e9a519febc4c
(cherry picked from commit 31ab71ac)

It's needed to be configured on environments like our CI, because of low
cpu/network resources proxysql marks healthy nodes as OFFLINE_HARD

Change-Id: I6d1e9e77abc48d82ffd6ade33997c83bb601b0eb
(cherry picked from commit 1fbb299d)

Add global_request_id according to oslo.log defaults [1],
also support lines like:

2024-12-23 20:48:29.905 2 ERROR oslo_service.periodic_task ['Traceback (most recent call last):\\n'

[1]: https://docs.openstack.org/oslo.log/latest/configuration/#DEFAULT.logging_context_format_string

Closes-Bug: #2044370

Change-Id: I80c3e20de0b7503de6331b55879e85892323b3d6
(cherry picked from commit 5a3fb2b4)

Change-Id: Ic0e33c4f2939c36ed80caa3ec1015cf53a4d93e2
(cherry picked from commit 638e1e30)

It can be useful to run Ironic commands on the public API if access to
the internal API is not possible.

Related-Bug: #2051837
Change-Id: Ice0eb62f2bb26ca6e3ac8d02c6ea787b60408a86
(cherry picked from commit 1916b3c2)

This avoids generating HAProxy configuration for Keystone that contains
double quotes. Although not invalid, it is unlike the rest of the
configuration.

Change-Id: I49bf9a45b8d926f85a4c2bc3308d0f1fd698309a
(cherry picked from commit 20cc842f)

It has been added in magnum-cluster-api driver in v0.15.0

[1]: https://github.com/vexxhost/magnum-cluster-api/commit/2a53f3e340524deee3ddbf08b41071fba070d7d3#diff-50c86b7ed8ac2cf95bd48334961bf0530cdc77b5a56f852c5c61b89d735fd711R53

Closes-Bug: #2047360

Change-Id: Ib02389c03ab8f61fdd3827cb30fcc18f3dc952a9
(cherry picked from commit 99e61073)

Change-Id: Id5305aae4e92fbb9a12aa0f569fb7600b5f2d069
(cherry picked from commit 7223bb75)

This is a follow up to Ie7ae47e5a624da31cf6cc5cd3c9239450487b8ed, but
for cephadm jobs.

Change-Id: I194529c178efcff0cb2a0ee1e14273389cd8f87f
(cherry picked from commit 4e2af187)

Ansible 2.16.14 includes a fix for CVE-2024-11079 [1], which results
in the following error:

    jinja2.exceptions.UndefinedError:
        'ansible.vars.hostvars.HostVarsVars
         object' has no attribute 'ansible_host'

This issue occurs because Ansible now includes `localhost` in
`hostvars` without the `ansible_host` variable set, which
unexpectedly breaks our test inventory rendering.

This patch adds a filter to exclude `localhost`
during the rendering process, as it is irrelevant for our purposes.

[1] https://github.com/ansible/ansible/pull/84353

Change-Id: Ie7ae47e5a624da31cf6cc5cd3c9239450487b8ed
(cherry picked from commit 0298699a)