Make sure to actually test IPv6 connectivity to our test instance in the
IPv6 jobs.

Change-Id: I7845448804e191af356e82f8ad33c563ffd8ebd5

This is to allow us to customize for CI.

Change-Id: Ie45860fa2228c21ce45ac8118267fb8304129802

Change-Id: I80fb1469ae4ff8d38198e495690496fcb5eadc18

CirrOS 0.6.0 was released yesterday. Has newer kernel and userspace,
better network configuration (more IPv6 stuff) and some other
improvements.

Change-Id: Ife7767904efe64602531fa3eb163c78260650909

Kayobe uses it, so let's fix the check.

Change-Id: I99b2a7f8609fd708f4829f21c81029c7b8da5d73

It's a followup to 73a1812c
addressing post-merge comments.

Change-Id: Idd458ad6ef29e4eee2f9e537b4eae39d26eb9f64

clouds.yaml[0] is a richer way to express configuration for OpenStack
clouds. It's also fully supported by Ansible's OpenStack modules as
well as python-openstackclient and openstacksdk. It's the future - who
doesn't like the future?

Write a file using both the public (default) and the internal endpoints
for the admin user. Also, change all of the examples to reference it
and to get python-openstackclient to use it too.

[0] https://docs.openstack.org/openstacksdk/latest/user/guides/connect_from_config.html

Implements: blueprint use-clouds-yaml
Change-Id: I557d2e4975c7b3d3c713a556b9ba47af9567ce6e

OpenSSH 8.8 has dropped support for RSA SHA-1 keys.
ECDSA is FIPS approved, so probably it's a better
direction than just changing to SHA-256.

Change-Id: Id06d9d8912d9677dbe0f5a666f43a209664c94b4

A system-scoped token implies the user has authorization to act on the
deployment system. These tokens are useful for interacting with
resources that affect the deployment as a whole, or exposes resources
that may otherwise violate project or domain isolation.

Since Queens, the keystone-manage bootstrap command assigns the admin
role to the admin user with system scope, as well as in the admin
project. This patch transitions the Keystone admin user from
authenticating using project scoped tokens to system scoped tokens.
This is a necessary step towards being able to enable the updated oslo
policies in services that allow finer grained access to system-level
resources and APIs.

An etherpad with discussion about the transition to the new oslo
service policies is:

https://etherpad.opendev.org/p/enabling-system-scope-in-kolla-ansible



Change-Id: Ib631e2211682862296cce9ea179f2661c90fa585
Signed-off-by: Niklas Hagman <ubuntu@post.blinkiz.com>

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Change-Id: I374f7427a4318d00ca474367818117e11789ec13

Change-Id: Ibd06726ac6edcb63a1d5d4f4148851876316dc5b

If we don't set it, then Zun chooses one randomly (the first one
from Neutron).
This may break if it is a network that is not available on
target hosts, e.g. external via L3 agent router.

Since capsules do not support nets yet [1], this patch ensures
desired network creation order in init-runonce instead.

[1] https://bugs.launchpad.net/zun/+bug/1895263

Change-Id: Iaa113dcfb826164a2772d2c91d34ec0236be0817

This is to avoid waiting for the user to input data to continue
creating sample resources.

Change-Id: I46ff7a4779dae4c9cbe157e1712afa4e53be269e
Signed-off-by: Luke Short <ekultails@gmail.com>

We released CirrOS 0.5.1. Time to move then.

Change-Id: Ibca24836f19b3cbf6166fa39a3702883938feda8

The affected command was meant to create a tenant network, so let
us really test it this way.

Not marking CI, because someone may be using this script.

Change-Id: I5abe46948992121a11a36f941d4f8fac1caa92b1

Also adds gawk for timestamping.

This helps to correlate init events with failures elsewhere.

Change-Id: I22fdb683ecf9870b2d66fedd6b40b7004317130a

I'm not marking it CI-only as ppl seem to be using it.
OTOH, not adding a release note as we are not promoting its usage.

This is to allow us to customize for CI.

Change-Id: I8100a6cb63b1e54078629bd6ca8475dc5896784a

Skip creation by setting ENABLE_EXT_NET to 0.

Since adding errexit we are failing in kayobe CI, since we have a
conflicting flat network on physnet1.

Change-Id: I88429f30eb81a286f4b8104d5e7a176eefaad667

Previously we sourced this script in tests/deploy.sh, but this was
recently changed. Following that change we lost the errexit setting,
meaning we ignore errors in init-runonce.

Adding errexit in the script itself means that all callers get error
handling.

Also log init-runonce output.

TrivialFix

Change-Id: I9b35bd5f0f76eec26ddd968d093a3a5fd55a7ce2

We made it default in Queens.

Change-Id: I52de6e041bbc4c316d332cbedeca924a7f3c7346

openrc should be admin-openrc.sh

Change-Id: I9b3d874fe39488206ce880247b51d0a26826eeb6

openstack cli now supports --network foo rather than having to find the
network uuid. Thanks to mgoddard for the tip.

Change-Id: I9ce94a86c6950b81ef3ec70fe10ee565cc1f1171

Nodepool nodes saves the cirros image in /opt/cache/files/, we can make
use of it to save some time and remove an external dependency on the
cirros website.

Change-Id: I81b431d8659b1da8b36d660f2a8f1cfa42461a14

Nova does not yet defaults to UEFI ;(

Change-Id: I9f26d373f73d15fa571545b3c867beb07da88f48

Change-Id: Ia4fbe1f2895593d1f6099f174736e8267b87e8d6

Change-Id: I551bd6787dea8dcdfadd09161d295b1290480e8e

Currently init-runonce script changes directory to the
script's base directory (/usr/...) before doing anything else.
This unnecessarily _forces_ a non-root user to use sudo for
running this script thereby raising privileges for code which
doesn't want it. Also downloading temporary stuff in places like
/usr... seems not a good choice.

Hence deleting the said code part and letting the deployer work
comfortably from any directory.

Made documentation changes accordingly.

Change-Id: Ib3c7ed97aa5f53c115b6337aaf572b5fdc7a71f3
Closes-Bug: #1732963

Change-Id: Ia691eb7ea315f60259473bd624ee72c4c2bbe89f

Refer to
https://docs.openstack.org/ocata/install-guide-rdo/glance-verify.html

Change-Id: Ic2a32a3f17a11f1f6e8ecf0f7271d7d1f12ca5bc

Currently we omit the os_distro property when uploading the
cirros image to glance.  Nova assumes it to need vfat disk
incase the image is Windows.

This change sets the property to "linux" causing ext4 to be
used instead.

TrivialFix

Change-Id: I3fdb71f5be7702a2dc223946fae82131c6c46154
Signed-off-by: Dave Walker (Daviey) <email@daviey.com>

Change-Id: Ibff560ffa7023e9629e8ea1762121c595c3fb3f4

When using init-runonce script multiple default
security groups are present and raise error:
More than one security_group exists with the name 'default'.

Add a check to create rules to admin's default sec group.

Change-Id: Iaf93467d70ae41fdbcd2b37d6c5639a32d939394

TrivialFix

Change-Id: I363d09a2565af5b7d4c67afec8fc0c5ae70c8540

Change-Id: I522feee353a7afcdca6862ce4e262e14e36df3a2

TrivialFix

Change-Id: I22970a9885eda670ec17d6b8c1b368ed2e10a732

TrivialFix
Change-Id: I66857a92b0ae61cd8300955e2bf9605f93937b1d

When run tools/init-runonce without some client installed,it's
retrun not friendly and confuse people,such as user does not
install python-openstackclient, it will return "openstack not
installed".This patch update it.

Use "type" command to avoid "which"

TrivialFix

Change-Id: I53789a767b3a2727bf2cb848c2881272e313e14c

Give the user an easy to run way to test their deploy after running
init-runonce.

TrivialFix

Change-Id: I7d984433c8f1b56d0b74be06b3e411044e897790

During osic scale testing it is found that the cirros
image added during kolla deployed infra init has private
visibility. This need to be public.

TrivialFix

Change-Id: I39712f0a054f393a8450356e23d41170bc22166e

The nova team is removing the default flavors from a standard
deployment.  This is great for operators, who have to delete
the defaults anyways.  This patch adds the original default
flavors back during init-runonce so kolla users can be ready
to launch instances.

Closes-Bug: #1567964
Change-Id: I17daec98997a6e412a99f34d3f8a4324460d8c60