Also enable these after an upgrade.

Partial-Bug: #2058512
Change-Id: Ib9bdae2e25c2b6cce30e4c8024015ab5875bc1ff

neutron-fwaas has become active again

Depends-On: https://review.opendev.org/c/openstack/kolla/+/914855

Change-Id: Ie5a7b2da9a351e8f47a1ae830bb2fee0a8e35e38

Closes-Bug: 2063896
Change-Id: Ie0d6a8f458562eb32171b5fe23b8cd0cd375dcfb

It was deprecated in Antelope cycle.

Change-Id: I499e69ec6db63e4067e49376e2a1f3e01e48fe62

It's inactive and hasn't produced a 2024.1 release [1].
In addition to that, there's a CVE that hasn't really been patched [2].

Also drop outward_rabbitmq that was used only with Murano.

[1]: https://governance.openstack.org/tc/reference/emerging-technology-and-inactive-projects.html#current-inactive-projects
[2]: https://lists.openstack.org/archives/list/openstack-announce@lists.openstack.org/thread/4FYM6GSIM5WZSJQIG4TT5Q3UBKQIHLWX/

Change-Id: I691205730b0e10a42ce61f3340cc39ee51bd1010

It's inactive and hasn't produced a 2024.1 release [1].

[1]: https://governance.openstack.org/tc/reference/emerging-technology-and-inactive-projects.html#current-inactive-projects

Change-Id: I217b3633f07e5b2c657e20b19aaa4fbb46535a97

It's inactive and hasn't produced a 2024.1 release [1].

[1]: https://governance.openstack.org/tc/reference/emerging-technology-and-inactive-projects.html#current-inactive-projects

Change-Id: I888963751b6e1ed080588297c2889e700431516c

It's inactive and hasn't produced a 2024.1 release [1].

[1]: https://governance.openstack.org/tc/reference/emerging-technology-and-inactive-projects.html#current-inactive-projects

Change-Id: Ic988295bc5b8acb19df008fe0d52a3bcc6de2135

It's inactive and hasn't produced a 2024.1 release [1].
There are some efforts to restore Freezer, but let's remove it for now.

[1]: https://governance.openstack.org/tc/reference/emerging-technology-and-inactive-projects.html#current-inactive-projects

Change-Id: Ie42012af9e5c64bca23a6e6826bfc4651fd194bd

Change-Id: I3975b5266c8700c81439b4d891d446eba2a52e54

Fix existing spelling errors

Change-Id: Ie689cf5a344aaa630a4860448b09242333a8e119

sometimes cluster recovery didn't work
because we only look for the sequence number in the last 200 lines
of the log file.

fix this by ingesting the complete file and only register the last
sequence number we find.

Closes-Bug: 1821173

Change-Id: Iea2661c9d5d262cf99edd5f5b567f252607a0003
Signed-off-by: Sven Kieske <kieske@osism.tech>

When kolla VIP address is changed the cell0 database connection is
now updated to the new address.

Closes-bug: #1915302
Change-Id: I35be54efb5aaa230702d0cebaae04f1e64c3bca3
Signed-off-by: Roman Krček <roman.krcek@tietoevry.com>

This new role will handle setting sysctl values.

It also handles cases when IPv6 setting is changed, but IPv6 is
not enabled on the system by skipping those settings.

This is an augmentation of previous patch:
Icccfc1c509179c3cfd59650b7917a637f9af9646

Related-bug: #1906306
Change-Id: I5d6cda3307b3d2f27c1b2995f28772523b203fe7
Signed-off-by: Roman Krček <roman.krcek@tietoevry.com>

Closes-Bug: #2060121

Bug introduced in https://review.opendev.org/c/openstack/kolla-ansible/+/843748



Signed-off-by: Sven Kieske <kieske@osism.tech>
Change-Id: Ibdf107d27f1523d57787726685f68ff27e9db7bc

inspector is not running as a WSGI

Related-Bug: #2054705
Change-Id: I20dbaef29b2ef2d6ceffc21c156c6fa4b5e8d205

Closes-Bug: #2058615

[1]: https://github.com/docker/cli/blob/v26.0.0/docs/deprecated.md#container-and-containerconfig-fields-in-image-inspect

Change-Id: I96ec812a482f017a48d978586c6f535fedd5fbe8

This patch fixes ovs-dpdk script as options
in DPDK changed and PCI whitelist config changed
from '-w' to '-a' as per [1].

[1] https://github.com/DPDK/dpdk/commit/db27370b57202632ad8830352c1c0ee2dde4542f

Closes-Bug: #2058372
Change-Id: Iae812a4a255c13a42b2d6a691e265922d220f4c8

Change-Id: Ic38469661323fbce438c70bd1b9301e9f7db8030

Change-Id: I77f3c5f219393e604dbd24b2a97a66da1ee3ba7f

Closes-Bug: #1998417

Change-Id: Ib6c725880caaa7f39bb269bd8398f3894eb033c5

Change-Id: I5b4a30e605bb143cf342f83f0c811c25046269ef

Updates the Grafana OpenSearch datasource configuration to use values
for OpenSearch that work out of the box.

Closes-Bug: #2039500
Change-Id: Id9c7e59e6ae1dd98176c68b14a2aff1985306751

Closes-Bug: #2058046
Change-Id: I9304f3546b20c0406e195163dccb1433fe802204

Change-Id: Iab40eb92c7e4a9092471bef9d4477a4fa34f1c85

This way the playbooks won't try to set ipv6 systemctl options
unless ipv6 is available on the system.

Closes-bug: #1906306
Change-Id: Icccfc1c509179c3cfd59650b7917a637f9af9646

Closes-Bug: #2057676

Change-Id: I9e0287a4e80b1ebcecf9e3b66c11d4233970a30b

This patch fixes ovs-dpdk images pull by adding
the variable kolla_role_name to the ovs-dpdk vars, so
services-image-pull can work correctly.

Closes-Bug: #2041864
Change-Id: I2e799290a57ebfacbc0ff9a0b1ca3dc956c513df
Signed-off-by: German Espinoza <gespinoza@whitestack.com>

Change-Id: I0a086c59076120aa53e6a05526dbab88e393c1c7

This patch fixes the creation of the openvswitch
bridge by fixing an ansible task that was rewritten
to use an ansible module, but unfortunately, its loop
was implemented incorrectly.

Closes-Bug: #2056332
Change-Id: Ia55a36c0f9b122b72d757ca973e7d8f76ae84344

As per [1].

[1]: https://rabbitmq-website.pages.dev/docs/feature-flags

Depends-On: https://review.opendev.org/c/openstack/kolla/+/911093

Change-Id: Ib5bfc99a5023e4b949c1ea38eca9bfd1ea9cd633

Change-Id: I84cc5ce25da2fcfe4f284d8b3197f40d3a6d7ce1

This is useful for backwards compatability.

Depends-On: https://review.opendev.org/c/openstack/kolla/+/909865
Change-Id: Ib2936580db5e7ab3479722bc353c39063010b5f2

These were omitted from I387c9d8f5c01baf6054381834ecf4e554d0fff35 and
I387c9d8f5c01baf6054381834ecf4e554d0fff35.

Closes-Bug: #2041855
Change-Id: I25e5450d1caeebd9c900c190fc0079988f1ca574

Closes-Bug: #2051986
Depends-On: https://review.opendev.org/c/openstack/cinder/+/907494


Change-Id: I6a17e689d62ab467b7dcc2650e7f63813ce84a12
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>

This reverts commit d77372e8.

Reason for revert: service role support has been fixed in Ironic [1]
and added to Kolla-Ansible.

[1] https://review.opendev.org/c/openstack/ironic/+/907148

Closes-Bug: #2051837

Change-Id: I49664e3a353f54e0d51f454c552a78846ba64101

Ironic enabled secure RBAC with system scoped enforcement [1].

Some API calls, for instance 'baremetal:driver:get' needs system
scope role by design [2], even with elevated access project scope
service role [3].

[1] https://review.opendev.org/c/openstack/ironic/+/902009
[2] https://opendev.org/openstack/ironic/src/commit/8ec56066223301230ac0ed0f0c471a10d366b474/ironic/common/policy.py#L1349-L1357
[3] https://review.opendev.org/c/openstack/kolla-ansible/+/908007

Related-Bug: #2051837

Change-Id: Id6313d7dd343b82d4c9ccf7bf429d340ea0e93d1

Add the service role to ironic service users. Ironic recently enforced
new policy validation as part of the RBAC efforts. [1][2]
Service user support was also added to Ironic. [3]
Admin role needs to stay as not all services added service role support. [4][5]

[1] https://review.opendev.org/c/openstack/ironic/+/902009
[2] https://opendev.org/openstack/governance/src/commit/e2a47de10a689a78c31765fd1b020f17c0d3109c/goals/selected/consistent-and-secure-rbac.rst#phase-2
[3] https://review.opendev.org/c/openstack/ironic/+/907148
[4] https://review.opendev.org/q/topic:bp%252Fpolicy-service-role-default
[5] https://review.opendev.org/q/topic:%22New-Location-Apis%22

Related-Bug: #2051837
Change-Id: I048402c2247188cf57f35437f557f84ac25d4ff2

Ironic recently started to enforce new policies and scope [1].
And Ironic is one of the sole openstack project which need
system scope for some admin related api calls [2].
However Ironic also started to allow project-scope behaviour
for service role with setting
``rbac_service_role_elevated_access``[3] [4]. This change enables
this setting to get similar behaviour of service role as other
openstack projects.

[1] https://review.opendev.org/c/openstack/ironic/+/902009
[2] https://opendev.org/openstack/governance/src/commit/e2a47de10a689a78c31765fd1b020f17c0d3109c/goals/selected/consistent-and-secure-rbac.rst?display=source#L261
[3] https://review.opendev.org/c/openstack/ironic/+/907148
[4] https://opendev.org/openstack/ironic/src/commit/8ec56066223301230ac0ed0f0c471a10d366b474/releasenotes/notes/service-project-service-role-fix-e4d1a8c23856926a.yaml

Related-Bug: #2051837

Change-Id: If8d7cf1663145d0398a2e936486e2b316d4df5e0

In order to do this - we need to add service role to Nova and Cinder.

Closes-Bug: #2049762

Change-Id: Ic121bf9f90c9865cd4d08890c80247570ef310ae