The admin endpoint is kept on upgrade to allow the upgrade to
happen (as it allows to rewrite the previous admin endpoint entry
to the new one).

Change-Id: I1c16892bab67f281d539843f1f0fa658df1c4874
Depends-On: https://review.opendev.org/c/openstack/kolla/+/854837

Change-Id: I0746dc2d8bbdf9edf06d63407da46b7c63212a0c

This change enables the use of Docker healthchecks for
mariadb-server service.

Depends-On: https://review.opendev.org/c/openstack/kolla/+/805613
Change-Id: I893687a0501ea0f281b879df3141a354bff9eca6

A follow up patch to I563f2438b3cb0895606b029b5269ce2e50c413e3

Change-Id: I1e4c5db46413668d4b5df2f2dcedc5d9aaecd63a

This can be used to forward Prometheus Alertmanager notifications to
Microsoft Teams.

Change-Id: I563f2438b3cb0895606b029b5269ce2e50c413e3
Depends-On: https://review.opendev.org/c/openstack/kolla/+/812678

There are two shards:
One 2-node (to test the clustering), one 1-node.

Change-Id: If3a60ad4cc39d6ad0cd72a934f5f7497cd44021b
Co-Authored-By: Radosław Piliszek <radoslaw.piliszek@gmail.com>

This patch ads proxysql-config role
which is used for generating users and
rules configuration.

Change-Id: I1fcb0e8040ea55f8f6b8384a56479eabdaf61c33

This patch adds loadbalancer-config role
which is "wrapper" around haproxy-config
and proxysql-config role which will be added
in follow-up patches.

Change-Id: I64d41507317081e1860a94b9481a85c8d400797d

Depends-On: https://review.opendev.org/c/openstack/kolla/+/769385
Depends-On: https://review.opendev.org/c/openstack/kolla/+/765781

Change-Id: I3c4182a6556dafd2c936eaab109a068674058fca

clouds.yaml[0] is a richer way to express configuration for OpenStack
clouds. It's also fully supported by Ansible's OpenStack modules as
well as python-openstackclient and openstacksdk. It's the future - who
doesn't like the future?

Write a file using both the public (default) and the internal endpoints
for the admin user. Also, change all of the examples to reference it
and to get python-openstackclient to use it too.

[0] https://docs.openstack.org/openstacksdk/latest/user/guides/connect_from_config.html

Implements: blueprint use-clouds-yaml
Change-Id: I557d2e4975c7b3d3c713a556b9ba47af9567ce6e

Ubuntu Jammy will only support Ceph Quincy.
Workaround for now - use Jammy in-distro packages for cephadm.

Change-Id: I30f071865b9b0751f1336414a0ae82571a332530

During deployment I got this error:

RUNNING HANDLER [loadbalancer : Stop master haproxy container]
ok: [192.168.66.143]

RUNNING HANDLER [loadbalancer : Stop master proxysql container]
ok: [192.168.66.143]

RUNNING HANDLER [loadbalancer : Stop master keepalived container]
fatal: [192.168.66.143]: FAILED! => changed=false
  msg: 'No such container: keepalived to stop'

Looks like we forgot to allow keepalived to not be present.

Change-Id: I720c719a6a6b35c5c2d5b5ee59b48349e58bac82

This patch follows upstream and disables linuxbridge testing.
Users are notified of the situation via the release note.

Change-Id: I524682ceb5287c14ef0ba99baae0c081850f4c5e

By default Bifrost generates passwords for use by services, and stores
them in files in /root/.config/bifrost/ in the container. This directory
is not persistent, so the passwords are lost if the container is
recreated. This is generally not a problem, because recreating the
container is generally done when redeploying Bifrost, and new passwords
will be generated and written to configuration files. However, if you
access the Ironic or Inspector APIs outside of the Bifrost playbooks,
the credentials will have changed.

This change fixes the issue by persisting the credentials directory in a
Docker volume. Note that applying this change will cause existing
credentials to be removed.

Closes-Bug: #1983356

Change-Id: I45a899e228b7634ba86fab5822139252c48a7f07

With the handler in the haproxy-config role, it gets triggered once for
every service that changes the firewall config. This happens because the
role is included dynamically. If we move the handler to the haproxy
role, which is only included once, the handler will trigger at most
once.

This is a follow up for Iea3680142711873984efff2b701347b6a56dd355.

Change-Id: Iad9ed241026435085bc9a0f5802818010b47830f

This variable shadows the name of the actual project that calls this
role, so we end up with the following nonsense:

  TASK [haproxy-config : Copying over haproxy-config haproxy config]

Change-Id: Id60046e0ddc7ec843f2e4ce7ddee7683470a88b2

Kolla environment currently uses haproxy
to fullfill HA in mariadb. This patch
is switching haproxy to proxysql if enabled.

This patch is also replacing mariadb's user
'haproxy' with user 'monitor'. This replacement
has two reasons:
  - Use better name to "monitor" galera claster
    as there are two services using this user
    (HAProxy, ProxySQL)
  - Set password for monitor user as it's
    always better to use password then not use.
    Previous haproxy user didn't use password
    as it was historically not possible with
    haproxy and mariadb-clustercheck wasn't
    implemented.

Depends-On: https://review.opendev.org/c/openstack/kolla/+/769385
Depends-On: https://review.opendev.org/c/openstack/kolla/+/765781
Depends-On: https://review.opendev.org/c/openstack/kolla/+/850656

Change-Id: I0edae33d982c2e3f3b5f34b3d5ad07a431162844

Closes-Bug: 1982777

Change-Id: Ic752b981041b233ab55d5b9abef667b21b47857d

We built Jammy images under the existing focal tag.

Change-Id: I22859732bbe241a78e9ea451f104e7810fa4cbcc

Change-Id: I8ad42b20302a67b94b95a234da309279be0fe82d

It is no longer needed per the removed comment.

Change-Id: I8d88c21c7e115b842a56f0ba5c780c3bde593964

This change introduces automated configuration of firewalld and adds
a new filter for extracting services from the project_services dict.
the filter selects any enabled services and their haproxy element
and returns them so they can be iterated over.
This commit also enables automated configuration of firewalld from enabled
openstack services and adds them to the defined zone and reloads the
system firewall.

Change-Id: Iea3680142711873984efff2b701347b6a56dd355