This change adds the dnsmasq.log for the ironic-dnsmasq container and
also enables more verbose logging when debug logging enabled.
This can be triggered globbaly via 'openstack_logging_debug' or per
service via 'ironic_logging_debug' or 'neutron_logging_debug'.

Change-Id: I0e6b089beb88827effbcc365625eb2df902f5470
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>

The section [ovs] is needed only for ovs/ovn configurations.

TrivialFix

Change-Id: If9015b8f53c04cf3257331449ebd50163fabcab0
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>

Weight for haproxy backend was merged in [1] with
tiny bug, there is need to convert to int to check
conditional <= 256. Otherwise, it's not working as
expected.

[1] https://review.opendev.org/c/openstack/kolla-ansible/+/775627

Change-Id: Icb6f5147ebd2a0be52ba4ef6ba4a00bbd0242d3d

Change-Id: I86aeafccd2a2bff1d89a40785e1a6715097bb849

"BINLOG MONITOR" and "SLAVE MONITOR" replace
"REPLICATION CLIENT" (which is now an alias for "BINLOG MONITOR").
The validation in Ansible MySQL collection is too simple to
understand aliases and breaks. Hence, let's use the canonical
names and adapt per service according to its needs.

Change-Id: I1175e4846384accd19942620dc155d0c5728e64b

Curl would not work without -L on old openstack.org URLs.

TrivialFix

Change-Id: I7ed7bd336f4b874fc6027cb9ad20669b08e4a7e9

We do not need anymore as APT already knows how to do HTTPS.

Change-Id: I0b89b17ea2443e4578906afe4b518477462f981f

* Fix various typos and formatting.
* Add documentation about custom collector backend.
* Add documentation about custom storage backend.

Change-Id: If937afc5ce2a2747f464fbaf38a5dcf2e57ba04f
Closes-bug: #1940842

Change-Id: I6da412d6d3e7d067c8d903ee884711ac509d24aa

Nor set related sysctls.
More details in the reno.

Change-Id: I898548ecc6df3caa094c3222159b7ba1e16dc211
Closes-Bug: #1945789

Updates the default value of 'monasca_ntp_server' from
'external_ntp_servers[0]' to '0.pool.ntp.org'.  This is due to the
removal of the 'external_ntp_servers' variable as part of the removal of
Chrony deployment.

Change-Id: I2e7538a2e95c7b8e9280eb051ee634b4313db129

Ignore the monasca_thresh container if it is listed as exited.
The container was recently changed to operate as a 'one shot' container,
submitting a job to storm then exiting. This does not fit with the
usual pattern of Kolla Ansible container usage, but is harmless.

Depends-On: https://review.opendev.org/c/openstack/kolla/+/811977

Change-Id: Id40d2260a67ef604255fb1818d41cdcbc73164d7

chrony is not supported in Xena cycle, remove it from kolla

Moved tasks from chrony role to chrony-cleanup.yml playbook to avoid a
vestigial chrony role.

Co-Authored-By: Mark Goddard <mark@stackhpc.com>

Change-Id: I5a730d55afb49d517c85aeb9208188c81e2c84cf

Since Wallaby, we default to disabling Docker's iptables
management, thus making the code being removed here obsolete.

Change-Id: Ieb7774f2380a811070aea27964a39e4c8cb02083

* Register Swift-compatible endpoints in Keystone
* Load balance across RadosGW API servers using HAProxy

The support is exercised in the cephadm CI jobs, but since RGW is
not currently enabled via cephadm, it is not yet tested.

https://docs.ceph.com/en/latest/radosgw/keystone/

Implements: blueprint ceph-rgw

Change-Id: I891c3ed4ed93512607afe65a42dd99596fd4dbf9

Change-Id: I51e2b62f563e66b6bb919621272662f3f8721eb2

Source images get the most test coverage, so it makes sense to deploy
these by default.

Change-Id: I8d0c8750e2c1600e84cc2e677a4eae0e9f502dac

To prevent a security issue.
More details in the reno.

Change-Id: I8bb398e299aa68147004723a18d3a1ec459011e5
Closes-Bug: #1945453

A system-scoped token implies the user has authorization to act on the
deployment system. These tokens are useful for interacting with
resources that affect the deployment as a whole, or exposes resources
that may otherwise violate project or domain isolation.

Since Queens, the keystone-manage bootstrap command assigns the admin
role to the admin user with system scope, as well as in the admin
project. This patch transitions the Keystone admin user from
authenticating using project scoped tokens to system scoped tokens.
This is a necessary step towards being able to enable the updated oslo
policies in services that allow finer grained access to system-level
resources and APIs.

An etherpad with discussion about the transition to the new oslo
service policies is:

https://etherpad.opendev.org/p/enabling-system-scope-in-kolla-ansible



Change-Id: Ib631e2211682862296cce9ea179f2661c90fa585
Signed-off-by: Niklas Hagman <ubuntu@post.blinkiz.com>

Closes-Bug: #1945070
Change-Id: I1b2a82b57cb9884b6c3c3ad07f6449ae29042a3d