By default those are saved in /var/log/ironic/deploy.
Change of path was introduced by [1] since Victoria.

[1]: https://review.opendev.org/c/openstack/bifrost/+/742854

Change-Id: I0fb69a06d6565d633f9ea0e37e0a780a70bb0ced

Change Ib225d76076782d695c9387e1c2693bae9a4521d7 introduced a new
upgrade task for monasca-thresh. Because the task is not restricted to
the correct group, it fails while trying to stop monasca_thresh on hosts
not running this container.

Change-Id: I33c2c458a98145315b0de0c069f13b83f59622eb
Closes-Bug: #1952408

Remove the role directory and one file left atfer
If3cf073e88c83f670c867a49afe48845f9e81008

Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>
Change-Id: I6c3b46b858ef4f1954a99bccd10b80973a57ba77

Change-Id: Ifee8af246312cad5b68ff1bf2793963bf7028dc8

The check condition is similar to the previous if and it can be merged

Signed-off-by: Seena Fallah <seenafallah@gmail.com>
Change-Id: I62213d91945de42ffc87ecad1e96fa4fc0760f10

This service was disabled in the Wallaby release and all
references to it can now be removed.

Change-Id: I482640dd63959143732d86fcffb320cc94611247

[1] https://docs.openstack.org/releasenotes/ironic/xena.html

Change-Id: Ic0dd9fa7ef76b647682e124b1bae52e931a38225

When only the directory is specified, separate log files
are created for the Nova API / metadata services with a
-wsgi postfix. This affects the 'programname' field in
Fluentd which affects the processing of these logs. This
is a regression.

When the log file name is specified, the directory is
not required.

Closes-Bug: #1950185
Change-Id: I8fec8b787349f83c05d8af7f52fc58da7c3e9cc4

This defines which release we upgrade from in CI.

Also remove some Wallaby upgrade compatibility code in CI playbooks

Change-Id: I18912178392973337ca4115dec3816f1b3944ad5

the gateway_ip should be in subnet dict.

Closes-Bug: #1949260
Change-Id: Iaa3fc69ee7954b5b202b0a6052c30bfb1780e84b

In case of running mariadb role with --limit the group_by module will only include the limited hosts and other hosts that are not limited by ansible will not be included.
Using add_host will add all hosts in mariadb group to their shards group

Signed-off-by: Seena Fallah <seenafallah@gmail.com>
Change-Id: I1331698e313bd714a16fc35f38fb579d75b56370
Closes-Bug: #1947589

Add an empty line between memcache_servers and www_authenticate_uri

Closes-Bug: #1941704
Change-Id: Ied83865eb33aceaf738c21363f02bcccbcd05738

This reverts commit 15259002.

Reason for revert: The iptables_firewall produces warnings without it.

Change-Id: Id046a3048436c4c18dd1fd9700ac9971d8c42c57

Correct typo in role's playbook in order to be able to deploy
the service with customized policy file.

Change-Id: I252ffaf73dd2a649387ddacc73286b49f36dfdf2
Closes-Bug: #1948835

It seems some cases were missed in reviews and not fixed by
the previous iterations:
Ifc252ae793e6974356fcdca810b373f362d24ba5
I838e526b930d5276d3ce24f5188262af7eb33280

Change-Id: Id57da1c5024e1efc5810baca8fbe18967cf95a68

As promised for Xena.

Change-Id: Id634426a1961f0b883068e4ed80e7d1633e5708e

The copy job for the grafana home dashboard file needs to run
priviliged, otherwise permission denied error occurs.

Closes-Bug: #1947710

Change-Id: Ib15e961e5193af55e45a443305a96667295f3cb7

Closes-Bug: #1947534

Change-Id: I08be074c3633cc4fb0a0bc6c9cb8d03eb5226d89

There seems to be a bug in Galera that causes
TASK [mariadb : Check MariaDB service WSREP sync status]
to fail.
One (in case of 3-node cluster) or more (possible with
more-than-3-node clusters) nodes may "lose the race" and get stuck
in the "initialized" state of WSREP.
This is entirely random as is the case with most race issues.
MariaDB service restart on that node will fix the situation but
it's unwieldy.
The above may happen because Kolla Ansible starts and waits for
all new nodes at once.
This did not bother the old galera (galera 3) which figured out
the ordering for itself and let each node join the cluster properly.
The proposed workaround is to start and wait for nodes serially.

Change-Id: I449d4c2073d4e3953e9f09725577d2e1c9d563c9
Closes-Bug: #1947485

The section [ovs] is needed only for ovs/ovn configurations.

TrivialFix

Change-Id: If9015b8f53c04cf3257331449ebd50163fabcab0
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>

Weight for haproxy backend was merged in [1] with
tiny bug, there is need to convert to int to check
conditional <= 256. Otherwise, it's not working as
expected.

[1] https://review.opendev.org/c/openstack/kolla-ansible/+/775627

Change-Id: Icb6f5147ebd2a0be52ba4ef6ba4a00bbd0242d3d

This is unused since we switched to a single config file for logrotate.

Change-Id: I79a5fd84b071b2a127c09ac41c3de9074289fca0

Change-Id: I86aeafccd2a2bff1d89a40785e1a6715097bb849

"BINLOG MONITOR" and "SLAVE MONITOR" replace
"REPLICATION CLIENT" (which is now an alias for "BINLOG MONITOR").
The validation in Ansible MySQL collection is too simple to
understand aliases and breaks. Hence, let's use the canonical
names and adapt per service according to its needs.

Change-Id: I1175e4846384accd19942620dc155d0c5728e64b

We do not need anymore as APT already knows how to do HTTPS.

Change-Id: I0b89b17ea2443e4578906afe4b518477462f981f

Change-Id: I6da412d6d3e7d067c8d903ee884711ac509d24aa

Nor set related sysctls.
More details in the reno.

Change-Id: I898548ecc6df3caa094c3222159b7ba1e16dc211
Closes-Bug: #1945789

Updates the default value of 'monasca_ntp_server' from
'external_ntp_servers[0]' to '0.pool.ntp.org'.  This is due to the
removal of the 'external_ntp_servers' variable as part of the removal of
Chrony deployment.

Change-Id: I2e7538a2e95c7b8e9280eb051ee634b4313db129

chrony is not supported in Xena cycle, remove it from kolla

Moved tasks from chrony role to chrony-cleanup.yml playbook to avoid a
vestigial chrony role.

Co-Authored-By: Mark Goddard <mark@stackhpc.com>

Change-Id: I5a730d55afb49d517c85aeb9208188c81e2c84cf

* Register Swift-compatible endpoints in Keystone
* Load balance across RadosGW API servers using HAProxy

The support is exercised in the cephadm CI jobs, but since RGW is
not currently enabled via cephadm, it is not yet tested.

https://docs.ceph.com/en/latest/radosgw/keystone/

Implements: blueprint ceph-rgw

Change-Id: I891c3ed4ed93512607afe65a42dd99596fd4dbf9

Source images get the most test coverage, so it makes sense to deploy
these by default.

Change-Id: I8d0c8750e2c1600e84cc2e677a4eae0e9f502dac

To prevent a security issue.
More details in the reno.

Change-Id: I8bb398e299aa68147004723a18d3a1ec459011e5
Closes-Bug: #1945453

A system-scoped token implies the user has authorization to act on the
deployment system. These tokens are useful for interacting with
resources that affect the deployment as a whole, or exposes resources
that may otherwise violate project or domain isolation.

Since Queens, the keystone-manage bootstrap command assigns the admin
role to the admin user with system scope, as well as in the admin
project. This patch transitions the Keystone admin user from
authenticating using project scoped tokens to system scoped tokens.
This is a necessary step towards being able to enable the updated oslo
policies in services that allow finer grained access to system-level
resources and APIs.

An etherpad with discussion about the transition to the new oslo
service policies is:

https://etherpad.opendev.org/p/enabling-system-scope-in-kolla-ansible



Change-Id: Ib631e2211682862296cce9ea179f2661c90fa585
Signed-off-by: Niklas Hagman <ubuntu@post.blinkiz.com>

innodb_lock_schedule_algorithm setting is removed in MariaDB 10.6.

Change-Id: I1ff06162569c46c51847b4c31933861549787c65
Depends-On: https://review.opendev.org/c/openstack/kolla/+/811014

Closes-Bug: #1945070
Change-Id: I1b2a82b57cb9884b6c3c3ad07f6449ae29042a3d

This patch adding option to control weight of haproxy
backends per service via host variable.

Example:

[control]
server1 haproxy_nova_api_weight=10
server2 haproxy_nova_api_weight=2 haproxy_keystone_internal_weight=10
server3 haproxy_keystone_admin_weight=50

If weight is not defined, everything is working as before.

Change-Id: Ie8cc228198651c57f8ffe3eb060875e45d1f0700

This change bumps up max supported Ansible version
to 4.x (ansible-core 2.11.x) and minimum to 2.10.

Change-Id: I8b9212934dfab3831986e8db55671baee32f4bbd

Change-Id: I16fdb2f93ddb656eeacd3f2b84190f9bdcfaa21c

This allows one variable to specify the tag for all MariaDB images.

Change-Id: I164cdd41787f8bd52d8e08cb380d42625a8bbd84
TrivialFix

Closes-Bug: #1944114
Change-Id: Idd525fda7ff94f70794f4c582cd74470c7f40fae