In CentOS/RHEL 8 there is no scsi-target-utils package, nor is it
available in EPEL. It is removed from kolla in [1]. In RHEL 7 and beyond
the LIO kernel subsystem can be used instead of the tgtd daemon.

This change removes support for the SCSI target daemon on CentOS/RHEL 8.
The 'tgtd' image is no longer available for CentOS/RHEL 8.

[1] https://review.openstack.org/#/c/613815/5

Change-Id: I718fc16cde2dd177b2a1c2f79b932426034897fe
Related: blueprint centos-rhel-8

Currently used cephfs driver have been deprecated in Pike [1], change to use
the proper one.

[1]: https://opendev.org/openstack/manila/src/branch/master/releasenotes/notes/rename-cephfs-native-driver-3d9b4e3c6c78ee98.yaml

Closes-Bug: #1858773
Change-Id: I33bea1d0049accd48c61f85c1165bee1e1cf0c87

This is to fix the duplicated words issue like
"Other services that are are out of scope of this".

Change-Id: Ie4882dbb64d6e8774888b97895af20ba3855f0f8

CentOS 7 uses old galera which has multiple issues handling
IPv6 addressing.
This patch applies two workarounds for CentOS 7.

Co-Authored-By: Jeffrey Zhang <jeffrey.zhang@99cloud.net>
Co-Authored-By: Radosław Piliszek <radoslaw.piliszek@gmail.com>
Change-Id: I7c178aba60c389e65075e0e6cbe4dfa5b8ce06ec
Closes-Bug: #1856532
Signed-off-by: yj.bai <bai.yongjun@99cloud.net>

Change-Id: Ifa8fb271ee2d5642785097755f7347e3be00f8e9
Signed-off-by: yj.bai <bai.yongjun@99cloud.net>

Variable added to evaluate "ENABLE_MONASCA" env for 'kolla/horizon'. In
case 'enable_horizon_monasca' is true, 'policy_item' would be called for
Monasca.

Change-Id: Ie9ecb8ab5d4e74af9b83a5b00ccced5b630ab1ed
Implements: blueprint monasca-ui
Signed-off-by: Hamed Bahadorzadeh <h.bahadorzadeh@gmail.com>

This change applys the HAProxy tag to the entire play, ensuring HAProxy
configuration is generated for all services when the HAProxy tag is
specified.

Change-Id: I67f57c831a713142d38c6e7b70f814a9ee8e5aae
Closes-Bug: #1855094

deploy rabbitmq cluster by train with ipv6 report:
unable to connect to epmd (port 4369) on control-1: address (cannot connect to host/port)

Closes-Bug: #1856725
Change-Id: I36ebb4e196ece8a304269e8c85e39dda72faae50
Signed-off-by: yj.bai <bai.yongjun@99cloud.net>

The 'gnocchi_collector' and 'keystone_fetcher' section names were
deprecated in Stein.

Change-Id: I626dc7afe9eabfbeb6c08137a3e6bbeebde2b332

Currently External Ceph Cinder config requires the user to create cinder
service custom configuration.

This change alters the if/else statements to template out cinder backends
configuration when cinder_backend_ceph is True.

Change-Id: I143c3b44d2839e56d1dbf28484c0eaae0a753dc9

Ironic provides a feature to allow instance images to be served from a
local HTTP server [1]. This is the same server used for PXE images with
iPXE. This does not work currently because the ironic_ipxe container
does not have access to /var/lib/ironic/images (ironic docker volume),
where the images are cached. Note that to make use of this feature, the
following is required in ironic.conf:

[agent]
image_download_source = http

This change fixes the issue by giving ironic_ipxe container access to
the ironic volume.

[1] https://docs.openstack.org/ironic/latest/admin/interfaces/deploy.html#deploy-with-custom-http-servers

Change-Id: I501d02cfd40fbacea32d551c3912640c5661d821
Closes-Bug: #1856194

These are executed on the local host where we run ansible-playbook,
and we have agreed to drop Python 2 support there.

Partially Implements: blueprint drop-py2-support
Change-Id: Id2190c3a22a56f4f048afbf0f7200daa8f41a292

Change Id84e3b6e62e544582d6917047534e846e026798d added support for
custom HAProxy service config using a plain copy of files in services.d.

Use a template action instead of a copy so that we can use variables and
iterate over group of hosts.

Change-Id: I1f07785932de4e4540422bd18af95241f05a67bf

We generate the keystone cron schedule via a python script on localhost.
Currently this always uses 'python', however this may not be available
on some systems.

This change switches to use the same python interpreter as used by
ansible-playbook.

Partially-Implements: blueprint python-3

Change-Id: I6007f8d6880f418a503766cec21a330c44e5b80f

ip6_tables is needed for HybridFwDriver

Change-Id: I66c50b74a89c046dc59e59dd2422a80e0642ab72

This allows users to supply an Elasticsearch Curator actions file
to manage log retention [1]. Curator then runs on a cron job, which
defaults to every day. A default curator actions file is provided,
which can be customised by the end user if required.

[1] https://www.elastic.co/guide/en/elasticsearch/client/curator/current/actionfile.html

Change-Id: Ide9baea9190ae849e61b9d8b6cff3305bdcdd534

WSGI log files use a different input configuration than OpenStack log
files. Currently this depends on log files matching either *-access.log
or *-error.log. Some services use *_access.log or *_error.log, so are
not parsed correctly.

This change modifies the fluentd configuration to accept an underscore
or hyphen for WSGI log file names.

Change-Id: I566d6cac0b6749054fd5422ec8f36f99dacb1db7
Closes-Bug: #1720371

Enable reconnect_on_error option so that ES plugin re-establishes
a new session to the ES cluster on errors. Also, enable buffering
to the file, so that the buffer survives container restarts.

Co-Authored-By: Michal Nasiadka <mnasiadka@gmail.com>
Co-Authored-By: Radosław Piliszek <radoslaw.piliszek@gmail.com>
Co-Authored-By: Doug Szumski <doug@stackhpc.com>
Closes-Bug: #1830724
Change-Id: Ia40685b9d4fc02194e03c8791ddeb3d29d7f07f6

To fix instability and availability issues:

etcd3 is not available in repos for binary kolla images.

etcd3 does not support eventlet-based services [1].

[1] https://review.opendev.org/466098

Change-Id: I430bab735da204fc81696130b17931a89214c876
Closes-bug: #1852086
Closes-bug: #1854932

Currently we don't put global Apache error logs into /var/log/kolla,
this change adds statements that redirect those logs there.

Adapted the logfile names to catch into openstack wsgi logging fluentd
input config and existing logrotate cron entries.

Change-Id: I21216e688a1993239e3e81411a4e8b6f13e138c2

Change-Id: Ia02f83dfaaba53f95e373b2b2be3f74cfb7ae578
Closes-Bug: #1855085

Depends-On: https://review.opendev.org/692948/
Depends-On: https://review.opendev.org/692691/
Change-Id: I07827b896d36c3723697540fcff164224f6729af

In a deployment where Prometheus is enabled and
Alertmanager is disabled the task "Copying over
prometheus config file" in
'ansible/roles/prometheus/tasks/config.yml' will
fail to template the Prometheus configuration file
'ansible/roles/prometheus/templates/prometheus.yml.j2'
as the variable 'prometheus_alert_rules' does not
contain the key 'files'. This commit fixes this bug.

Change-Id: Idbe1e52dd3693a6f168d475f9230a253dae64480
Closes-Bug: #1854540

We mount Swift volumes with xfs.
The 'nobarrier' option we used was made noop [1]
and deprecated [2] (with warning) in kernel 4.10.
In 4.19 it was removed [3] resulting in an error
when using e.g. Debian Buster as host.
The noop patch was backported to CentOS 7 so
it is safe to remove this option with no behavior
change and backport to where needed.
Ubuntu Bionic uses 4.15 which only warns.
CentOS 8 uses 4.18 which only warns as well.
Debian Buster uses 4.19 exactly which breaks.

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2291dab2c9d1880efd19469df2042e2277c8b7a4
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4cf4573d899cd80d8578c050061dc342f99f3a32
[3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1c02d502c20809a2a5f71ec16a930a61ed779b81

Change-Id: I006dea21321146c7fc738d0b41c401b72d271a99
Closes-bug: #1800132

Adds support for configuration of the Docker client timeout via
'docker_client_timeout'.

This change also increases the default timeout to 120 seconds, as we
sometimes see timeouts in CI and heavily loaded or underpowered
environments. Increasing 'docker_client_timeout' further may be helpful
in cases where Docker reports 'Read timed out'.

Change-Id: I73745771078cb2c0ebae2b1d87ba2c4c12958d82
Closes-Bug: #1809844

When clouds have a large number of hosts, the default size of the ARP
cache is too small. The cache can overflow, which means that the system
has no way to reach some IP addresses.

Increasing threshold limits addresses the situation, in a reasonably
safe way (the maximum impact is 5MB or so of additional RAM used).

More context on this issue:

* http://man7.org/linux/man-pages/man7/arp.7.html
* https://bugs.launchpad.net/charm-nova-compute/+bug/1780348
* https://bugs.launchpad.net/fuel/+bug/1488938
* https://bugs.launchpad.net/tripleo/+bug/1690087
* https://github.com/crowbar/crowbar-openstack/commit/0583a0c94996df6b784229e8a534f955eaca85bc
* https://github.com/crowbar/crowbar-openstack/commit/3dd21ea62ac152e40bfdfee4b8e25a528c82a79f
* https://opendev.org/openstack/tripleo-heat-templates/commit/1651a1805a16212299fe0a91aebb2a91ed39bc6e

Change-Id: I60c871e8eb9f2c086818ff077987f2390930800c
Closes-Bug: #1844349

Change-Id: I799993728112a525e34cfbc4e786a10f0ed03be9

It turned out the previous fix ([1]) was incomplete.
Additionally, it seems we have to limit Tacker server
to one instance co-located with conductor.

[1] https://review.opendev.org/684275
commit b96ade3c

Change-Id: I9ce27d5f68f32ef59e245960e23336ae5c5db905
Closes-bug: #1853715
Related-bug: #1845142

When using external ceph without nova integration, kolla-ansible fails
because 'nova_cephx_raw_key' is undefined.
This patch fixes the issue by applying the 'default' filter to
prevent failure on undefined.
The change in behavior was introduced by [1].

[1] https://review.opendev.org/689753


commit 44709f41

Change-Id: I2fdca1a6a78e78623733a387a2d8c7e29d449083
Closes-Bug: #1853862
Co-Authored-By: Mark Goddard <mark@stackhpc.com>

This option appears to have been removed in 2015 in Neutron change
I9cf36e1fd3a009c175e0d475af407a30f4e5c408.

Change-Id: Ib2d94743aeeff328c900ab1607900844acb4462b

The [placement].os_interface option was replaced by
[placement].valid_interfaces in Queens and was removed in Rocky.

Change-Id: I306c57305b9088159dd18af4aa373bbc39a8b881
Closes-Bug: #1853621

As part of the effort to implement Ansible code linting in CI
(using ansible-lint) - we need to implement recommendations from
ansible-lint output [1].

One of them is to stop using local_action in favor of delegate_to -
to increase readability and and match the style of typical ansible
tasks.

[1]: https://review.opendev.org/694779/

Partially implements: blueprint ansible-lint

Change-Id: I46c259ddad5a6aaf9c7301e6c44cd8a1d5c457d3

The "os_region" param is missing in the ironic_neutron_agent.ini.j2
file. Without specifying the region, the neutron service will randomly
pick a region for the ironic-neutron-agent. Therefore, a list of
incorrect agents might be created in the neutron database "agents"
table for nodes from other regions. To list all neutron agents, use
'openstack network agent list'.

Change-Id: Idec265230d0ab63b7559d94690c059608dc2617e
Closes-bug: #1853464

In one of the blazar ansible tasks in "bootstrap.yml", the admin
project name and username are hard-coded as "admin". OpenStack
users can define their admin project name and username differently
and the hard-coded names would cause authentication errors.

In addition, keystone identity api version 3 uses "os-project-name"
instead of "os-tenant-name". Although "os-tenant-name" might be
still accepatable, it's better to keep the latest.

Change-Id: Ie5c1016f9ce6f402ef208f3c295e6883a9edd8ab
Closes-bug: #1853462

Remove "environment" variable from check-containers.yml task.

Change-Id: Id1e1abfb10df1eb6c8f4f3c7d2f5a0dd94c0a2cc
Closes-bug: #1853336

Qinling could not be deployed due to use of an undefined variable
(you guessed it, it was a typo).

Change-Id: Iadbf269e66decc0a4c6b24b3d828ac560adeb7a7
Closes-bug: #1853201

- transitional handling of fluentd_binary var is no longer required

Change-Id: Ic2978252fb981fe15e600aa486e8af585d05c402

Change-Id: Ie35ea07b8b6f95cbb56eb722ae2366c00243e562

Change-Id: If45d4877c3fa125a3abc71f0a84883fad0a0cf6e
Closes-Bug: 1853011

Opendaylight support has been deprecated in Train - time to remove it.

Change-Id: I3a61bfbcbf366c327ea3e25d2424bc3fedca29f0