This patch adds loadbalancer-config role
which is "wrapper" around haproxy-config
and proxysql-config role which will be added
in follow-up patches.

Change-Id: I64d41507317081e1860a94b9481a85c8d400797d

Depends-On: https://review.opendev.org/c/openstack/kolla/+/769385
Depends-On: https://review.opendev.org/c/openstack/kolla/+/765781

Change-Id: I3c4182a6556dafd2c936eaab109a068674058fca

During deployment I got this error:

RUNNING HANDLER [loadbalancer : Stop master haproxy container]
ok: [192.168.66.143]

RUNNING HANDLER [loadbalancer : Stop master proxysql container]
ok: [192.168.66.143]

RUNNING HANDLER [loadbalancer : Stop master keepalived container]
fatal: [192.168.66.143]: FAILED! => changed=false
  msg: 'No such container: keepalived to stop'

Looks like we forgot to allow keepalived to not be present.

Change-Id: I720c719a6a6b35c5c2d5b5ee59b48349e58bac82

With the handler in the haproxy-config role, it gets triggered once for
every service that changes the firewall config. This happens because the
role is included dynamically. If we move the handler to the haproxy
role, which is only included once, the handler will trigger at most
once.

This is a follow up for Iea3680142711873984efff2b701347b6a56dd355.

Change-Id: Iad9ed241026435085bc9a0f5802818010b47830f

This variable shadows the name of the actual project that calls this
role, so we end up with the following nonsense:

  TASK [haproxy-config : Copying over haproxy-config haproxy config]

Change-Id: Id60046e0ddc7ec843f2e4ce7ddee7683470a88b2

Kolla environment currently uses haproxy
to fullfill HA in mariadb. This patch
is switching haproxy to proxysql if enabled.

This patch is also replacing mariadb's user
'haproxy' with user 'monitor'. This replacement
has two reasons:
  - Use better name to "monitor" galera claster
    as there are two services using this user
    (HAProxy, ProxySQL)
  - Set password for monitor user as it's
    always better to use password then not use.
    Previous haproxy user didn't use password
    as it was historically not possible with
    haproxy and mariadb-clustercheck wasn't
    implemented.

Depends-On: https://review.opendev.org/c/openstack/kolla/+/769385
Depends-On: https://review.opendev.org/c/openstack/kolla/+/765781
Depends-On: https://review.opendev.org/c/openstack/kolla/+/850656

Change-Id: I0edae33d982c2e3f3b5f34b3d5ad07a431162844

Closes-Bug: 1982777

Change-Id: Ic752b981041b233ab55d5b9abef667b21b47857d

It is no longer needed per the removed comment.

Change-Id: I8d88c21c7e115b842a56f0ba5c780c3bde593964

This change introduces automated configuration of firewalld and adds
a new filter for extracting services from the project_services dict.
the filter selects any enabled services and their haproxy element
and returns them so they can be iterated over.
This commit also enables automated configuration of firewalld from enabled
openstack services and adds them to the defined zone and reloads the
system firewall.

Change-Id: Iea3680142711873984efff2b701347b6a56dd355

This reverts commit 73fc230f.

Reason for revert: CI jobs failing with "msg": "{{ s3_url }}: 's3_url' is undefined"

Change-Id: Iba7099988cea0c0d8254b9e202309cd9c82a984d

Needed for CentOS Stream 9 and Rocky Linux 9.

Change-Id: I614e64e227304fdc50c08bd16d67ccf03586b92c

ansible-lint introduced var-spacing - let's fix our code.

Change-Id: I0d8aaf3c522a5a6a5495032f6dbed8a2be0251f0

Added options to configure S3 cinder backup driver, so cinder backup
can use S3 storage, for safekeeping backups.

Change-Id: Id6ff6206714581555baacecebfb6d8dd53bed8ac

Closes-bug: 1944699
Change-Id: I6d0bb3b88983846fdd9c8af09456a106a940d191

Closes-bug: 1966536
Change-Id: I66a0189511e4c937299442207459cf72165649dd

* Add jammy to allowed Ubuntu distros in precheck

Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/847187
Depends-On: https://review.opendev.org/c/openstack/ansible-collection-kolla/+/850336
Change-Id: Ib68adc2e33bf211d9cec007a1edb9590cafaefd1

To use notifications with ironic, the notification_level
option in the [DEFAULT] section of the configuration file
must be set, we use ``info`` as a reasonable level.

Closes-Bug: #1969826

Change-Id: I38bb1e5404e917c788689a3181741022f875da06

Change-Id: I7d79a18599f54583ff4f38a554459fe02ada9ae7

Change-Id: I6d9ee98912120b9ece60ee22c7b0ad71dab8ed30

In a multi-region environment without a local keystone, we should still
use authentication.

Change-Id: I9df0ddf6e0d56f0817256b07ae0a0a7021209663

The neutron-bgp-dragent container is also needed when using OVN as
backend plugin.

Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: Idec79a53fad048f45139af3b8c72e85385ac80b6

Change-Id: Ia735f0f8c12acf6b89fcb8e31a3e290a4def96ab

Change-Id: Iaf6bf36ae0adce3342981c36c859fc138b172f6b

With the ironic_http_interface/ironic_http_interface_address
parameters it is possible to set the addresses for the
ironic_http service.

Change-Id: I72c257ebedf283cdef1b98485a576631e2190657

Starting from v1.5.0 of the exporter, OS_COMPUTE_API_VERSION can be set
to configure the Nova API version to be used [1]. Microversion 2.1 can
be used to keep metrics unmodified from the previous exporter version
deployed by Kolla (v1.3.0).

Support it with prometheus_openstack_exporter_compute_api_version,
defaulting to using the latest version.

[1] https://github.com/openstack-exporter/openstack-exporter/pull/201

Change-Id: I7605a3f9f74effb29ecec3b28e4709fd5f7f8cd4

Change-Id: Ib05569a08e2fe21dae31cdacad3b622d17cb5db3

As kolla-toolbox is mounting /run:/run
there is no need to mount also /run/openvswitch.
This is causing /run/openvswitch is mounted
again and again up to 32767 times after kolla-toolbox
restart.

Closes-Bug: #1979295
Change-Id: I49b3bde8b2bd61b6c931a81542a0d89f8a303ffc

Per comments on [1].

[1] https://review.opendev.org/c/openstack/kolla-ansible/+/843727

Change-Id: I60162b54bc06e158534d29311d4474b34750c64d

Fixes an issue where access rules failed to validate:

    Cannot validate request with restricted access rules. Set
    service_type in [keystone_authtoken] to allow access rule validation

I've used the values from the endpoint. This was mostly a straight
forward copy and paste, except:

- versioned endpoints e.g cinderv3 where I stripped the version
- monasca has multiple endpoints associated with a single service. For
  this, I concatenated logging and monitoring to be logging-monitoring.

Closes-Bug: #1965111
Change-Id: Ic4b3ab60abad8c3dd96cd4923a67f2a8f9d195d7

This patch simply fix a typo in 'influxdb_internal_endpoint' variable.

Change-Id: I1b1068e84be7f7eaff1a4eab1ba9ddcd6f4241c7

This patch is removing nova configuration
options, this was probably caused by migration
from nova-placement to placement.

Change-Id: Ib54b26428b79d5c4f554928b8634a0bb4e884a90

This patch is removing api related configuration
from service's config files as we are using
apache mod_wsgi and this configuration is not
used.

Change-Id: I69a1542a6f24214fbf6e703782aefb566de4fb26

We need this to be stop-start as haproxy and proxysql need to be
reconfigured simultaneously when switching between them.

This change also introduces checks for service enablement.

Co-Authored-By: Radosław Piliszek <radoslaw.piliszek@gmail.com>
Change-Id: I2e10f490305f3d8b1b7abbc66ddb40df65c37fe7

Following up on [1].
The 3 variables are only introducing noise after we removed
the reliance on Keystone's admin port.

[1] I5099b08953789b280c915a6b7a22bdd4e3404076

Change-Id: I3f9dab93042799eda9174257e604fd1844684c1c

Docs and reno included.

Change-Id: I5099b08953789b280c915a6b7a22bdd4e3404076

Add a switches to enable/disable deploy of the Masakari monitors.

Change-Id: I3ab603f7cab7946ea8f2e063fe91190d6592066a
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>

Closes-Bug: #1975598
Change-Id: If4c85f8e960141d08a89accdc11a3271f31974c1

Change-Id: Ib4b15ed4feac82d8492b1c0f0238a752eac668e6

Since enabling libvirt SASL authentication, the masakari instance
monitor fails to connect to libvirt. We see the following error in logs:

    libvirt.libvirtError: authentication failed: Failed to start SASL
    negotiation: -4 (SASL(-4): no mechanism available: No worthy mechs
    found)

This change adds support for SASL authentication in Masakari instance
monitor.

Depends-On: https://review.opendev.org/c/openstack/kolla/+/834456
Closes-Bug: #1965754
Change-Id: I974046662b383a12ac6281b725523760a96657bd

Change-Id: I9e4e1287ea69960ae3b13734acc3eb0b087a8d86