Sha password is not always valid for barbican cripto key.
Use a fernet key so it always gets valid.

Not need release note for upgrade, users with a working
barbican not regenerate passwords, only new passwords will
get new type.

Change-Id: Ic8c4ca63219295d697062cff9cbf30fadbe49bf3

This commit is to apply resource-constraints to a few more OpenStack services.
Commit to  apply constraints to the last set of services will be made in
the upcoming commit.

Depends-on: Icafa54baca24d2de64238222a5677b9d8b90e2aa
Change-Id: I39004f54281f97d53dfa4b1dbcf248650ad6f186

Ironic Neutron Agent was added by
I92b9505843f12692aef96764a314e5db49001a9b.

Change-Id: Ib178bafc9907537fdd46dd374684b037db7f19df
TrivialFix

The include_tasks action was added in ansible 2.4.

Change-Id: Ieac4a39a95c6aa55754c9dde5e94fb293c103caa
Related-Bug: #1783456

This commit is to apply resource-constraints only to few OpenStack services.
Commit to apply constraints to other services will be made in coming commits.

Partially-Implements: blueprint resource-constraints

Change-Id: Icafa54baca24d2de64238222a5677b9d8b90e2aa

By default ceph-rgw is not completely comaptible with Swift API,
because of the restriction for Swift INFO API.[0]

The patch improve ceph-rgw compatibility with Swift API. It is
controlled by the option "ceph_rgw_compatibility" in
ansible/group_vars/all.yml.

After changing the option, run the "reconfigure" command to enable.

Closes-Bug: #1783456

[0] https://github.com/ceph/ceph/pull/17967



Change-Id: Ibf3eb52280e197965caef08a44ae226c4f884cb5
Signed-off-by: tone.zhang <tone.zhang@arm.com>

freezer's deploy.yml do not have when condition,here to add it.

Change-Id: Id275a5eb746783694248a6db5b7f3ee7b8b3b8c5

- Change to openstack CLI
- Change the way to run demo from "sh" to "./" for
matching with README.rst in tacker demo folder.

Change-Id: I17b755cd8d52f594785ef13634bfa233e63841a7

Partially-Implements: blueprint networking-baremetal

Change-Id: I92b9505843f12692aef96764a314e5db49001a9b

This commit is the final commit to apply resource-constraints
to all OpenStack services.

Depends-on: I39004f54281f97d53dfa4b1dbcf248650ad6f186
Change-Id: I072d69be9698be54775cb0ae286ea2b6ed78776c
Implements: blueprint resource-constraints

Fixes a typo introduced in I93e53bad9727beb786b00bd7fcd6d78785c619c2.

Change-Id: I9fd6587913cccd5a29b3fc012b4ddeac8859a0ff
Related-Bug: #1782799
TrivialFix

Without these jobs, a compute node that is rebooted or powered off may
violently kill off the VMs running inside of it. This has been kept
separate from the main portion of kolla-ansible since no current role
modifies the systemd jobs of the system.

Change-Id: I0a4424f97b5ad872ff0398258c1dc42d31d0ef07

Enables setting rp_filter mode on Neutron L3 agent and Nova compute
hosts whilst maintaining the default that it is disabled.

Closes-Bug: #1782799
Change-Id: I93e53bad9727beb786b00bd7fcd6d78785c619c2

While it is possible to implement countermeasures against some attacks
on TLS, migrating to a later version of TLS (TLS 1.2 is strongly
encouraged) is the only reliable method to protect against
the current protocol vulnerabilities.[1]

[1] https://blog.pcisecuritystandards.org/are-you-ready-for-30-june-2018-sayin-goodbye-to-ssl-early-tls

Change-Id: I44f67e3a49bb00fea069d29c46b3e86404c7df0b

It is possible to have an accessible swift API that is not managed by
kolla-ansible -- for example, ceph exposes a swift API, and using that
requires setting swift as the glance backend.

So, we should loosen the requirement that using the swift backend for
glance requires swift be enabled in kolla-ansible.

Co-Authored-By: Adam Harwell <flux.adam@gmail.com>

Change-Id: I17076d5412d2b1e1f13bb0badceaca85a5cee108

The word "action" is now an Ansible reserved word, and things have
transitioned to "kolla_action", but looks like this was missed.

Change-Id: Ie07a2a7d8b153a6d39b91129256727157f8dfa34