The ``[oslo_messaging_rabbit] heartbeat_in_pthread`` config option
is set to ``true`` for wsgi applications to allow the RabbitMQ
heartbeats to function. For non-wsgi applications it is set to ``false``
as it may otherwise break the service [1].

[1] https://docs.openstack.org/releasenotes/oslo.messaging/zed.html#upgrade-notes

Change-Id: Id89bd6158aff42d59040674308a8672c358ccb3c

Per comments on [1].

[1] https://review.opendev.org/c/openstack/kolla-ansible/+/843727

Change-Id: I60162b54bc06e158534d29311d4474b34750c64d

This change adds support for encryption of communication between
OpenStack services and RabbitMQ. Server certificates are supported, but
currently client certificates are not.

The kolla-ansible certificates command has been updated to support
generating certificates for RabbitMQ for development and testing.

RabbitMQ TLS is enabled in the all-in-one source CI jobs, or when
The Zuul 'tls_enabled' variable is true.

Change-Id: I4f1d04150fb2b5af085b762890092f87ae6076b5
Implements: blueprint message-queue-ssl-support

Change-Id: Iea3f4f3d2e5c6040c1e0bc7bfae8719cc7d8ac55

The use of default(omit) is for module parameters, not templates. We
define a default value for openstack_cacert, so it should never be
undefined anyway.

Change-Id: Idfa73097ca168c76559dc4f3aa8bb30b7113ab28

Include a reference to the globally configured Certificate Authority to
all services. Services use the CA to verify HTTPs connections.

Change-Id: I38da931cdd7ff46cce1994763b5c713652b096cc
Partially-Implements: blueprint support-trusted-ca-certificate-file

Introduce kolla_address filter.
Introduce put_address_in_context filter.

Add AF config to vars.

Address contexts:
- raw (default): <ADDR>
- memcache: inet6:[<ADDR>]
- url: [<ADDR>]

Other changes:

globals.yml - mention just IP in comment

prechecks/port_checks (api_intf) - kolla_address handles validation

3x interface conditional (swift configs: replication/storage)

2x interface variable definition with hostname
(haproxy listens; api intf)

1x interface variable definition with hostname with bifrost exclusion
(baremetal pre-install /etc/hosts; api intf)

neutron's ml2 'overlay_ip_version' set to 6 for IPv6 on tunnel network

basic multinode source CI job for IPv6

prechecks for rabbitmq and qdrouterd use proper NSS database now

MariaDB Galera Cluster WSREP SST mariabackup workaround
(socat and IPv6)

Ceph naming workaround in CI
TODO: probably needs documenting

RabbitMQ IPv6-only proto_dist

Ceph ms switch to IPv6 mode

Remove neutron-server ml2_type_vxlan/vxlan_group setting
as it is not used (let's avoid any confusion)
and could break setups without proper multicast routing
if it started working (also IPv4-only)

haproxy upgrade checks for slaves based on ipv6 addresses

TODO:

ovs-dpdk grabs ipv4 network address (w/ prefix len / submask)
not supported, invalid by default because neutron_external has no address
No idea whether ovs-dpdk works at all atm.

ml2 for xenapi
Xen is not supported too well.
This would require working with XenAPI facts.

rp_filter setting
This would require meddling with ip6tables (there is no sysctl param).
By default nothing is dropped.
Unlikely we really need it.

ironic dnsmasq is configured IPv4-only
dnsmasq needs DHCPv6 options and testing in vivo.

KNOWN ISSUES (beyond us):

One cannot use IPv6 address to reference the image for docker like we
currently do, see: https://github.com/moby/moby/issues/39033
(docker_registry; docker API 400 - invalid reference format)
workaround: use hostname/FQDN

RabbitMQ may fail to bind to IPv6 if hostname resolves also to IPv4.
This is due to old RabbitMQ versions available in images.
IPv4 is preferred by default and may fail in the IPv6-only scenario.
This should be no problem in real life as IPv6-only is indeed IPv6-only.
Also, when new RabbitMQ (3.7.16/3.8+) makes it into images, this will
no longer be relevant as we supply all the necessary config.
See: https://github.com/rabbitmq/rabbitmq-server/pull/1982

For reliable runs, at least Ansible 2.8 is required (2.8.5 confirmed
to work well). Older Ansible versions are known to miss IPv6 addresses
in interface facts. This may affect redeploys, reconfigures and
upgrades which run after VIP address is assigned.
See: https://github.com/ansible/ansible/issues/63227

Bifrost Train does not support IPv6 deployments.
See: https://storyboard.openstack.org/#!/story/2006689



Change-Id: Ia34e6916ea4f99e9522cd2ddde03a0a4776f7e2c
Implements: blueprint ipv6-control-plane
Signed-off-by: Radosław Piliszek <radoslaw.piliszek@gmail.com>

We're duplicating code to build the keystone URLs in nearly every
config, where we've already done it in group_vars. Replace the
redundancy with a variable that does the same thing.

Change-Id: I207d77870e2535c1cdcbc5eaf704f0448ac85a7a

when using ceilometer+gnocchi, for every notification sample, ceilometer
will update the resource even if is not updated.

We should add [cache] section to make ceilometer cache the resource, and
stop send the useless update request.

Closes-Bug: #1807841
Change-Id: Ic33b4cd5ba8165c20878cab068f38a3948c9d31d

Alarm service has been moved to Aodh for a long time [1].
Therefore, we should define evaluation_interval in
aodh.conf rather than ceilometer.conf. The interval value
should be configurable as well because we can use a
custom polling config now [2]

[1] https://review.openstack.org/#/c/200593/
[2] https://review.openstack.org/#/c/572013/

Change-Id: I7adeff2dff5d6d6ae4c621e84857347995e9203a

Now, the ceilometer use [service_credentials] to get credentials[0][1],
remove the unused [keystone_authtoken]

[0]: https://github.com/openstack/ceilometer/blob/master/devstack/plugin.sh#L294
[1]: https://docs.openstack.org/ceilometer/latest/configuration/index.html

Change-Id: Ic92f9ecb1a43c11311f2a428611e78c0986f02cf

This to support configuration on ceilometer services for XenAPI.
1. set hypervisor_inspector as xenapi
2. Confiugre the section of [xenapi] for XenAPI connection

For details, please refer to the config doc:
https://docs.openstack.org/ceilometer/latest/configuration/index.html

Change-Id: I4fc649d927031886c694507b3e8a686646a61ef7
blueprint: xenserver-support

- Ceilometer
- Gnocchi
- Rally

This will copy only yaml or json policy file if they exist.

Change-Id: I59f3376ab9fb6fb83577465a6c9096764b9f19c0
Implements: blueprint support-custom-policy-yaml
Co-authored-By: Duong Ha-Quang <duonghq@vn.fujitsu.com>

This commit separates the messaging rpc and notify transports in order
to support separate and different oslo.messaging backends

This patch:
* add rpc and notify variables
* update service role conf templates
* add example to globals.yaml
* add release note

Implements: blueprint hybrid-messaging
Change-Id: I34691c2895c8563f1f322f0850ecff98d11b5185

Change-Id: I701a26ade57916c9e2ca6899228d4660230b1e0b
Partially-implements: blueprint kolla-ansible-support-vsphere
Depends-On:I0f37e49e09c4f14a64797506007bb55a6f534f0f

In ceilometer.conf there is a setting evaluation_interval.

The default is set to 60 seconds.

In pipeline.yaml,there is an interval set for those sources as well,
default value 300 seconds.

The evaluation_interval must be set >= the source interval in pipeline.yaml
or else when the evaluator runs it wont find any recent data
and set the state to insufficient data.

see:
https://docs.openstack.org/ocata/config-reference/telemetry/alarming-config-options.html

Change-Id: I82f061d1affc5c3ade75496684fe66e17928e1f3
Closes-Bug: #1704328

* remove ceilometer-api and ceilometer-collector service
* use ceilometer-notification to publish message to proper backend
* remove useless ceilometer_database_type and ceilometer_event_type
  variables
* sync event_definitions.yaml, event_pipeline.yaml and pipeline.yaml
  file with upstream

Change-Id: Ib39053cb5f70bd11ee61d3f26d5b28accecd7190

As described here:
https://github.com/openstack/keystone/blob/master/keystone/resource/core.py#L841
https://github.com/openstack/keystone/blob/master/keystone/conf/identity.py#L21

* default project domain name MUST be named 'Default'
* default project domain id MUST be named 'default'
* default project user name MUST be named 'Default'
* default project user id MUST be named 'default'

Change-Id: I610a0416647fdea31bb04889364da5395d8c8d74

gnocchi have archive policy rule feature, which can control metric's
archive_policy. gnocchi also have a default archive policy rule which
is using low archive policy.

On the other hand, archive_policy is marked as deprecated and will be
removed in the feature in ceilometer[0].

So should better remove archive_policy ceilometer.conf.

[0] https://review.openstack.org/#/c/448586/

Change-Id: I0aa726f6420d628bda3fb4c4eba86b55fe1e2699
Closes-Bug: #1696038

Useful api_interface_address variable has been define here:
https://github.com/openstack/kolla-ansible/blob/master/ansible/group_vars/all.yml#L57
In order to simplify codebase we must use it as much as possible.

Change-Id: I18fec19bf69e05a22a4142a9cd1165eccd022455

Ceilometer dispatcher configurations are there to have gnocchi as
backend but when we use mongodb or mysql dispatcher configurations
are missing.

Closes-Bug: #1640166
(cherry picked from commit d99659050763c71e63ed8b57cbf16d4ce85980fa)

Change-Id: I9cdfc6e2208978e72b76bff7f6a1cba80386ffa8

Change-Id: I515fdcdf6093e9e59dbbdc97221d23ed7f4e0a3d
Partially-Implements: blueprint add-panko-ansible-role

The store_events parameter was removed from ceilometer collector
service with https://review.openstack.org/#/c/367982

Change-Id: If08c280949a2ef5274cc8b029750f98d6f6af79b
Closes-bug: #1647585

When configuring kolla with

 - kolla_enable_tls_external: "yes"

ceilometer service credential defaults to publicURL.

Ceilometer should work with the internal interface (v3 API Identity syntax):

.....
[service_credentials]
interface = internal
.....

Change-Id: I898ffb2b901f08b810756d80dbb988d8c9298219
Closes-Bug: #1643860

Users can specify database address and port for mysql backend
of Ceilometer. Currently ceilometer_database_mysql_address
incorrectly includes port. This is unnecessary, also Ceilometer
bootstrapping (mysql_user, mysql_db Ansible modules) wants to use
these variables separately.

Change-Id: I88f5359517fcf4f119ec6abfdf16a15a4e33b6fd
Closes-Bug: #1639786

Closes-bug: #1635667

Change-Id: I256a39b6241d5b506f099fb98847af9417748702

At the moment we use "memcached_servers =
{{ kolla_internal_fqdn }}:{{ memcached_port }}" in
keystone_authtoken for Ceilometer.
This cannot work because we our haproxy service does
not offer memcache, so fix it.

Change-Id: I7d9630b8b232f0e5e2a0a33304817a1b255d4855
Closes-Bug: #1634146

Closes-Bug: #1626364
Change-Id: I9d586b950b7099a9b160f7b32c9ff00b189a0287

* ceilometer-api script is removed and run ceilometer-api by using apache
* fix connection url in ceilometer.conf

Closes-Bug: #1624905
Change-Id: Iffb00ca418bab6521d61b16de4f5760aa1ae1ac7

mongodb_port is already part of ceilometer_database_address

TrivialFix

Change-Id: I1eabd5e6d59215eea624d1b242b4e3820cf206ce

MongoDB is still default.

Refer to
http://docs.openstack.org/developer/ceilometer/install/dbreco.html for
more info on Ceilometer database backends.

Closes-Bug: #1622532

Change-Id: Iaf84f9efe0537f42797f4bb7ba2a3611835cc84e

rabbit_hosts, rabbit_userid and rabbit_password are deprecated for
removal.[0]

rpc_backend is deprecated for removal.[1]

rabbit_ha_queues is deprecated. it is useless when using RabbitMQ >= 3.0
[2]

[0] https://github.com/openstack/oslo.messaging/blob/master/oslo_messaging/_drivers/impl_rabbit.py#L112,#L134
[1] https://github.com/openstack/oslo.messaging/blob/master/oslo_messaging/transport.py#L46
[2] https://github.com/openstack/oslo.messaging/blob/master/oslo_messaging/_drivers/impl_rabbit.py#L163,L174

Closes-Bug: #1614082
Change-Id: I05d318ba6c11c5dbfa9fbf67d088a43ab465be30

TrivialFix

Change-Id: If8590b0f053844b8f68e4e2b0a73c1b3c34f23ed

Change-Id: I13c50a78b2dc7c98b720a4b2e7161104213bd295
Implements: bp ansible-ceilometer