Kolla-ansible version 4.0.0 contained the steps to follow when logging
in to Kibana for the first time.

These got deleted when the process was seemingly automated, but the
relevant machinery no longer works. See [1] as well.

Backport to Ussuri, Train, Stein (possibly more).

[1] https://review.opendev.org/726289

Change-Id: If65622dc78e7f8fd16e37ee31bc9f34eb9267549

Change-Id: I6974858a0a44d85a065502ed7b3a8e2797be7228
Closes-Bug: #1832979

Updated the docs to refer to the openstack client, rather than the (old)
neutron client.

TrivialFix

Change-Id: I82011175f7206f52570a0f7d1c6863ad8fa08fd0

The "backup_driver" option should be configured to
cinder.backup.drivers.ceph.CephBackupDriver instead of
cinder.backup.drivers.ceph.

Change-Id: I22457023c6ad76b508bcbe05e37517c18f1ffc81
Closes-Bug: #1832878

There are now several good tools for deploying Ceph, including Ceph
Ansible and ceph-deploy. Maintaining our own Ceph deployment is a
significant maintenance burden, and we should focus on our core mission
to deploy OpenStack. Given that this is a significant part of kolla
ansible currently we will need a long deprecation period and a migration
path to another tool.

Change-Id: Ic603c85c04d8794580a19f9efaa7a8589565f4f6
Partially-Implements: blueprint remove-ceph

The Hitachi NAS Platform iSCSI driver was marked as not supported by
Cinder in the Ocata realease[1].

[1] https://review.opendev.org/#/c/444287/

Change-Id: I1a25789374fddaefc57bc59badec06f91ee6a52a
Closes-Bug: #1832821

This commit should help guide people migrating to Kolla Monasca
through the murky depths of the migration process. Since Kolla
did not support Monasca in Queens, some of these steps which
could be automated are not.

Change-Id: I79051cca27178c3cf1671f5c603e38baf929c55c

This ensures we have version-specific references to other projects [1].
Note that this doesn't mean the URLs are actually valid - we need to do
more work (linkcheck?) here, but it's an improvement nonetheless.

[1] https://docs.openstack.org/openstackdocstheme/latest/#external-link-helper

Change-Id: I118e4d211617c5df66ff04dc04e308a1d2fc67ad

The project has been retired and there will be no Train release [1].
This patch removes Neutron LBaaS support in Kolla.

[1] https://review.opendev.org/#/c/658494/

Change-Id: Ic0d3da02b9556a34d8c27ca21a1ebb3af1f5d34c

- Remove trusted_cidrs that has just been removed from
Qinling code.
- Remove use_api_certificate because it's true by default
- Improve list syntax
- Add etcd section

Change-Id: I0426a9d61fbeaa23a1affbc7e981a78283e88263

Qinling is an OpenStack project to provide "Function as a Service".
This project aims to provide a platform to support serverless functions.

Change-Id: I239a0130f8c8b061b531dab530d65172b0914d7c
Implements: blueprint ansible-qinling-support
Story: 2005760
Task: 33468

Change-Id: I75955012a839e52281e9a409eeab4a2c8d778cd2
Signed-off-by: ZijianGuo <guozijn@gmail.com>

Right now every controller rotates fernet keys. This is nice because
should any controller die, we know the remaining ones will rotate the
keys. However, we are currently over-rotating the keys.

When we over rotate keys, we get logs like this:

 This is not a recognized Fernet token <token> TokenNotFound

Most clients can recover and get a new token, but some clients (like
Nova passing tokens to other services) can't do that because it doesn't
have the password to regenerate a new token.

With three controllers, in crontab in keystone-fernet we see the once a day
correctly staggered across the three controllers:

ssh ctrl1 sudo cat /etc/kolla/keystone-fernet/crontab
0 0 * * * /usr/bin/fernet-rotate.sh
ssh ctrl2 sudo cat /etc/kolla/keystone-fernet/crontab
0 8 * * * /usr/bin/fernet-rotate.sh
ssh ctrl3 sudo cat /etc/kolla/keystone-fernet/crontab
0 16 * * * /usr/bin/fernet-rotate.sh

Currently with three controllers we have this keystone config:

[token]
expiration = 86400 (although, keystone default is one hour)
allow_expired_window = 172800 (this is the keystone default)

[fernet_tokens]
max_active_keys = 4

Currently, kolla-ansible configures key rotation according to the following:

   rotation_interval = token_expiration / num_hosts

This means we rotate keys more quickly the more hosts we have, which doesn't
make much sense.

Keystone docs state:

   max_active_keys =
     ((token_expiration + allow_expired_window) / rotation_interval) + 2

For details see:
https://docs.openstack.org/keystone/stein/admin/fernet-token-faq.html

Rotation is based on pushing out a staging key, so should any server
start using that key, other servers will consider that valid. Then each
server in turn starts using the staging key, each in term demoting the
existing primary key to a secondary key. Eventually you prune the
secondary keys when there is no token in the wild that would need to be
decrypted using that key. So this all makes sense.

This change adds new variables for fernet_token_allow_expired_window and
fernet_key_rotation_interval, so that we can correctly calculate the
correct number of active keys. We now set the default rotation interval
so as to minimise the number of active keys to 3 - one primary, one
secondary, one buffer.

This change also fixes the fernet cron job generator, which was broken
in the following cases:

* requesting an interval of more than 1 day resulted in no jobs
* requesting an interval of more than 60 minutes, unless an exact
  multiple of 60 minutes, resulted in no jobs

It should now be possible to request any interval up to a week divided
by the number of hosts.

Change-Id: I10c82dc5f83653beb60ddb86d558c5602153341a
Closes-Bug: #1809469

The recent addition of this flag make the configuration
of stand-alone Monasca slightly simpler.

Change-Id: Ib4c03926daa3f0f3de0fa4412cd785d87ed5500c

Adds support to seperate Swift access and replication traffic from other storage traffic.

In a deployment where both Ceph and Swift have been deployed,
this changes adds functionalality to support optional seperation
of storage network traffic. This adds two new network interfaces
'swift_storage_interface' and 'swift_replication_interface' which maintain
backwards compatibility.

The Swift access network interface is configured via 'swift_storage_interface',
which defaults to 'storage_interface'. The Swift replication network
interface is configured via 'swift_replication_interface', which
defaults to 'swift_storage_interface'.

If a separate replication network is used, Kolla Ansible now deploys separate
replication servers for the accounts, containers and objects, that listen on
this network. In this case, these services handle only replication traffic, and
the original account-, container- and object- servers only handle storage
user requests.

Change-Id: Ib39e081574e030126f2d08f51de89641ddb0d42e

In some scenarios it may be useful to perform custom formatting of logs
before forwarding them. For example, the JSON formatter plugin can be
used to convert an event to JSON.

Change-Id: I3dd9240c5910a9477456283b392edc9566882dcd

When using custom storage backends with cinder.conf overrides file,
precheck stage in kolla-ansible is fail. This commit adds option
'skip_cinder_backend_check' (default: False) to cinder role.

Change-Id: Ifee138ad8b281903ea2365441aada044c80c46f0

To avoid links to OpenStack docs getting out of date in our docs, use
the latest version.

Ideally after cutting each stable branch we should change these links to
use the current release.

Co-Authored-By: Isaiah Inuwa
Change-Id: Ia1e3c720f4e688861b8f76874a3943b0f4e50b17

Change-Id: Id8276448c6e779b2b4a0aafee45d953c4f009fc1

Until the Monasca Kafka client fork is removed it is currently required
to run Kafka in compatibility mode. It is also necessary to disable
an optimisation in the Kafka brokers to clean up idle connections. This
is because the optimisation was added after the Monasca Kafka client was
forked, and the client hasn't been updated since. These settings are now
applied automatically when Monasca is enabled.

Change-Id: I6935f1fb29f4f731cf3c9a70a0adf4d5812ca55e

Change-Id: I3defe0c38f41d7335e1cbafb75523c3cd44323ee

Use option "enabled_filters" from group "filter_scheduler".

Change-Id: I042f0b011c060f9dbc645dbdbb60068cb41c0cc8

Change-Id: I12af64725c0beec2ece0367c3773230c57908254

By default, docker containers inherit ulimit from limits of docker
deamon. On CentOS 7, docker daemon default NOFILE is 1048576.
It can found in /usr/lib/systemd/system/docker.service.
The big limit will cause many problem. we should control it in
production environment.

Change-Id: Iab962446a94ef092977728259d9818b86cfa7f68

Change-Id: I89d9f7a90d72e6c5df7dde078ed7407eedd6f92f

Change-Id: If87cdb132875c4e2c5dff2cc427e00f7a95927de

Since Rocky release Kolla Ceph supports both bluestore and
filestore Ceph OSD. In multinode mode, users can overwrite
“ceph_osd_store_type” in the inventory file and deploy the mixed
Ceph OSD.

Change-Id: I4582861c81fdea5fb67114cf3ac1e48f7812f0d7
Signed-off-by: tone.zhang <tone.zhang@arm.com>

Change-Id: I3bd50cb1e7db85acbf8ab20fc7bdd945b5232aaa

Add an enable_cinder_backend_quobyte option to etc/kolla/globals.yml to
enable use the Quobyte Cinder backend.
Change the bind mounts for /var/lib/nova/mnt to include the shared
propogation if Quobyte is enabled.
Update the documentation to include a section on configuring the Cinder.

Implements: blueprint cinder-quobyte-backend

Change-Id: I364939407ad244fe81cea40f880effdbcaa8a20d

Added the missing option neutron_plugin_agent: "opendaylight" added to
the opendaylight documentation page. Without it the deployment would
not use the neutron_plugin_agent but the default one: openvswitch .

Change-Id: I56a377e1faab9a50f36383ea59b45bf5a9155bcf

When using external Ceph the operator must create pools for each service
and configure keyrings with appropriate permissions. The official Ceph
docs describe this in detail so let operators know this.

Change-Id: Ic3e52e1fbbf09ec09ac21b5b3067092b195812f1

Closes-Bug: #1804850
Change-Id: Icb7edbac5df316af68972cafa448a261c26747b0

Specifying a nic for dnsmasq when using ironic inspector,
by default is network_interface

Change-Id: I579c667c40b14030f340c1f3d7f57fe37613ee1a

Change index to ease identify what service want to look.
Split docs into more specific folder such as networking
and storage.

Change-Id: Ic7ac12b3dd555fa5c018eeb897ccd4a5a2dfe8f3

Add documentation about glance backends,
upgrades and futher configuration.

Change-Id: Ibb15804fa3f38abab855084dd7d7b83fd4a54b8f

Change-Id: Ib0ef21f23a8b54d43278454bbd6ed6bde419c5f0

This comment is to remind those who use Kolla to deploy Cinder
of bug #1631072 (https://bugs.launchpad.net/kolla/+bug/1631072),
in which the folder /sys/kernel/config is either empty
or not created in several operating systems.

Related-Bug: #1631072
Change-Id: Ieef9a8292dbac32e8c11aa2916fce3a133732160

Since the monasca-grafana image was added, it is no longer
necessary to build the grafana image. The monasca-grafana
images will be built with the other monasca images.

Change-Id: I0f6bdb58e6d0abadf59155f01c9340110e9be9ce

Add a quickstart guide to get users going with Monasca and fix a couple
of nits in the documentation.

Partially-Implements: blueprint monasca-roles
Change-Id: Ic4f95f04ce966fc38ecccfba59439b73ef22bcda

The Monasca Grafana fork allows users to log into Grafana with their
OpenStack user credentials and see metrics associated with their
OpenStack project. The long term goal is to enable Keystone support
in upstream Grafana, but this work seems to have stalled.

Partially-Implements: blueprint monasca-grafana
Change-Id: Icc04613b2571c094ae23b66d0bcc38b58c0ee4e1