Closes-bug: 1959781
Change-Id: If574d2242aa6a875dcf624d95495e6cec6fefddd

TrivialFix

Change-Id: Id85a5d69e1222b616705e24885252425c92af527

The Prometheus HTTP API is reachable under /api/v1. Without this fix,
CloudKitty receives 404 errors from Prometheus.

Change-Id: Ie872da5ccddbcb8028b8b57022e2427372ed474e

This change adds an Ansible Galaxy requirements file including the
openstack.kolla collection. A new 'kolla-ansible install-deps' command
is provided to install the requirements.

With the new collection in place, this change also switches to using the
baremetal role from the openstack.kolla collection, and removes the
baremetal role from this repository.

Depends-On: https://review.opendev.org/c/openstack/ansible-collection-kolla/+/820168

Change-Id: I9708f57b4bb9d64eb4903c253684fe0d9147bd4a

Without this configuration, all mount points are reporting the same
utilisation metrics [1]. With the rslave option, all root mounts from
the host are visible in the container, so we can remove the bind mounts
for /proc and /sys.

[1] https://github.com/prometheus/node_exporter#docker

Change-Id: I4087dc81f9d1fa5daa24b9df6daf1f9e1ccd702f
Closes-Bug: #1961438

An FCD, also known as an Improved Virtual Disk (IVD) or
Managed Virtual Disk, is a named virtual disk independent of
a virtual machine. Using FCDs for Cinder volumes eliminates
the need for shadow virtual machines.
This patch adds Kolla support.

Change-Id: Ic0b66269e6d32762e786c95cf6da78cb201d2765

The following variables are added:

* prometheus_blackbox_exporter_cmdline_extras
* prometheus_elasticsearch_exporter_cmdline_extras
* prometheus_haproxy_exporter_cmdline_extras
* prometheus_memcached_exporter_cmdline_extras
* prometheus_mysqld_exporter_cmdline_extras
* prometheus_node_exporter_cmdline_extras
* prometheus_openstack_exporter_cmdline_extras

Change-Id: I5da2031b9367115384045775c515628e2acb1aa4

NSXP is the OpenStack support for the NSX Policy platform.
This is supported from neutron in the Stein version. This patch
adds Kolla support

This adds a new neutron_plugin_agent type 'vmware_nsxp'. The plugin
does not run any neutron agents.

Change-Id: I9e9d8f07e586bdc143d293e572031368af7f3fca

Change-Id: I27b0e42fba93a35c6d878d108bf1e7fdebc9e3db

This module was used in the Ceph deployment support, which was removed
long ago.

Change-Id: I599ef47199bc68e8f5cf62709157d3f096ac68a9

Change-Id: I5b3ab3ab8153cda283dec772bf1393af0caf4137
Closes-Bug: 1919179

Co-Authored-By: Mark Goddard <mark@stackhpc.com>

Change-Id: I75ca59d981bcd2dd51faa296ab0b4223a891f5cb

Change-Id: I3362bd283eb7fb80f5da70f2a388f89f220617ea
Closes-Bug: #1960503

The bootloader used to boot Ironic nodes in UEFI boot mode during
inspection when iPXE is enabled has been changed from ipxe.efi to
snponly.efi. This is in line with the default UEFI iPXE bootloader used
in Ironic since the Xena release. The bootloader may be changed via
ironic_dnsmasq_uefi_ipxe_boot_file.

Note that snponly.efi was not available via in the ironic-pxe image
prior to I79e78dca550262fc86b092a036f9ea96b214ab48.

Related-Bug: #1959203

Change-Id: I879db340769cc1b076e77313dff15876e27fcac4

Allow operators to set haproxy socket to admin level.
This is done via the flag haproxy_socket_level_admin which
is set to "no" by default.

Closes-Bug: 1960215

Signed-off-by: Imran Hussain <ih@imranh.co.uk>
Change-Id: Ia0da89288d68f5803ace1934c013053f12343195

The change happened in Train, time to move on.

Change-Id: Ie58265284b2e6b4b30b24fc2f22dd4f5eec05d5b

The apparmor_parser actually doesn't remove the file or doesn't create
the symlink in '/etc/apparmor.d/disable' itself so the next run of the
baremetal role will fail with the error "Unable to remove "libvirtd".
Even more after reboot, the profile is still active. We need to
disable the profile completly ourselves. This change fixes the
idempotents of the baremetal role.

Closes-Bug: #1960302
Change-Id: I162e417387393e806886b1c9ea8053b89778b4d1
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>

The default configuration was changed to use the advanced cache pool in
keystonemiddleware 9.3.0 (Xena release) [1].

This reverts commit 5a52d8e4 (except the
release note).

[1] https://review.opendev.org/c/openstack/keystonemiddleware/+/773939

Change-Id: I290d0a81c57c189b6eb62fc3eee3ed19f441671b

Adds support to the 'kolla-ansible certificates' command for generating
certificates for libvirt TLS, when libvirt_tls is true. The same
certificate and key are used for the libvirt client and server.

The certificates use the same root CA as the other generated
certificates, and are written to
{{ node_custom_config }}/nova/nova-libvirt/, ready to be picked up by
nova-libvirt and nova-compute.

Change-Id: I1bde9fa018f66037aec82dc74c61ad1f477a7c12

Enables zun to access cinder volumes when cinder is configured to use
external ceph.
Copies ceph config file and ceph cinder keyring to /etc/ceph in
zun_compute container.

Closes-Bug: 1848934
Change-Id: Ie56868d5e9ed37a9274b8cbe65895f3634b895c8

This gets rid of one of the steps in the authentication flow.

Closes-Bug: 1930055
Change-Id: I4ed4651b55a912f1d9aec7277bae6bb4776f1e0a

This is required to use, e.g., Cinder iSCSI backend with Glance.

Closes-Bug: #1959663
Change-Id: I6d5e0e4ab70922a772f3c82e914f9e7d37cf0318

Custom themes support for horizon deployment.
 - horizon role task added for copying theme files
 - added theme copying into the container in templates
 - docs and reno updated

Change-Id: If9982c8e18be31772cb031ef72b7eebd4d768be5
Co-Authored-By: Jakub Darmach <jakub@stackhpc.com>
Depends-On: https://review.opendev.org/c/openstack/kayobe/+/824565
Depends-On: https://review.opendev.org/c/openstack/kolla/+/826672

This fixes a bug in registering identity providers

The bug was caused by a missing `=` in the openstack command

Add the missing `=` after `--os-user-domain-name`

Closes-Bug: #1959022
Change-Id: I73f80cd2c81a3944de0933e60f5768956a1a3b70

Overrides default fluentd buffer config to stop log files from using
datestamped filenames, allowing logrotate to manage them.

Closes-Bug: #1940118
Change-Id: I40c4e209470d21e0a02fd447fb628acfdae9fa9d

The value of node_custom_config should is {{ node_config }}/config,
when specified using --configdir

Change-Id: I076b7d2c8980ddd3baa28f998f84a6b7005dc352

There are multiple Neutron extensions that can be used for DNS
integration. The "dns" extension has only minimum functionality, for
most deployments either "dns_domain_ports" or
"subnet_dns_publish_fixed_ip" would be used, with the latter being a
superset of the two others [0].

[0] https://docs.openstack.org/neutron/xena/admin/config-dns-int-ext-serv.html#use-case-3-ports-are-published-directly-in-the-external-dns-service



Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I1056bddfd49265ffe21b4d000898d72bba3ebfad

Change-Id: I8bf5453c6943fd2ad8912e5d80af179296ada894

This change enables the use of Docker healthchecks for ironic-neutron-agent services.

Change-Id: I80f8319b2cf2e4ae09904a08532cde5ec0385fa3
Implements: blueprint container-health-check

There is no explanation for why this option was bumped to 1 MB instead
of the upstream default. This has been the case since the original
barbican role commit in 2016.

Restore upstream default in Yoga.

Change-Id: Ib0245f44d2b049f7e2254d8d2ea4b2080a8d62dd

In the Yoga cycle we no longer need kolla chrony container removal
procedures.

Change-Id: I4dc246cf0fd68838470bf9e9bf749fa9be4d6670

Barbican has recently bumped max_allowed_secret_in_bytes from 10 KB to
20 KB since the original value was too small for some certificates [1].
Remove custom value from the barbican.conf template, which anyway was
the same as the default configuration before the recent upstream change.

The upstream change was backported to Wallaby and has been proposed to
Victoria, Ussuri and Train [2], so this change should be backported too.

[1] https://review.opendev.org/c/openstack/barbican/+/783381
[2] https://review.opendev.org/q/I59d11c5c9c32128ab9d71eaecdf46dd2d789a8d1

Change-Id: I83e4cb48192c8024650a8d347363f6babb75ad90
Closes-Bug: #1957795

They seem to think ping is too dangerous for normal users.

Co-Authored-By: Pierre Riteau <pierre@stackhpc.com>
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/824903
Change-Id: I30c2a7b6850350901b15fe196175508634c8e9a5

Access to console of any zun container fails when
kolla_enable_tls_external is true.
This is due to the protocol of the base_url of the websocket_proxy
section in zun.conf is hardcoded to 'ws'.
[base_url = ws://<external_fqdn>:<port>]

This fix adds a new variable zun_wsproxy_protocol
and sets it's value to 'wss' when kolla_enable_tls_external is true
or to 'ws' otherwise

Then the base url's protocol of the websocket_proxy section
in zun.conf is set by zun_wsproxy_protocol
[base_url = "{{ zun_wsproxy_protocol }}://<external_fqdn>:<port>"]

Closes-Bug: 1957117
Change-Id: Ibd9ca6e40ee8c265775b0657d318aa3f82e4cccb

Change-Id: I547ab4b05aa14ed3bbee8be2dc77a6840d4816f6

Move new variables added in I4d694d6224c813285d228d6bc7eece5731db1078 to
role defaults.

Change-Id: Ie09a2dbae2701cb18fd1eb5bfab76e82f9920fb3

This is required as nova_compute tries to reach my_ip of the other
node when resizing an instance and my_ip is set to
api_interface_address.

This potential issue was introduced with [1].

[1] https://review.opendev.org/c/openstack/kolla-ansible/+/569131

Closes-Bug: #1956976
Change-Id: Id57a672c69a2d5aa74e55f252d05bb756bbc945a

Closes-Bug: #1954723
Change-Id: I6ffc8caae1aef757d37c629fbc05bb129f80147b

Some ID provider configurations do not require a certificate file.
Change the logic to allow this, and update documentation accordingly.

Change-Id: I2c34a6b5894402bbebeb3fb96768789bc3c7fe84

rabbitmq starting from 3.8.0, built-in Prometheus support,
prometheus plugins are enabled by default, when the environment is
"enable_prometheus is no", rabbitmq role will disable prometheus plugins

Closes-Bug: #1885106

Change-Id: I4d694d6224c813285d228d6bc7eece5731db1078