Depends-On: https://review.opendev.org/c/openstack/cloudkitty/+/880739
Change-Id: Ib8d7182cc4b8a0c7d320ba2c51b2157782030317

neutron-fwaas has become active again

Depends-On: https://review.opendev.org/c/openstack/kolla/+/914855

Change-Id: Ie5a7b2da9a351e8f47a1ae830bb2fee0a8e35e38

It was deprecated in Antelope cycle.

Change-Id: I499e69ec6db63e4067e49376e2a1f3e01e48fe62

It's inactive and hasn't produced a 2024.1 release [1].
In addition to that, there's a CVE that hasn't really been patched [2].

Also drop outward_rabbitmq that was used only with Murano.

[1]: https://governance.openstack.org/tc/reference/emerging-technology-and-inactive-projects.html#current-inactive-projects
[2]: https://lists.openstack.org/archives/list/openstack-announce@lists.openstack.org/thread/4FYM6GSIM5WZSJQIG4TT5Q3UBKQIHLWX/

Change-Id: I691205730b0e10a42ce61f3340cc39ee51bd1010

It's inactive and hasn't produced a 2024.1 release [1].

[1]: https://governance.openstack.org/tc/reference/emerging-technology-and-inactive-projects.html#current-inactive-projects

Change-Id: I217b3633f07e5b2c657e20b19aaa4fbb46535a97

It's inactive and hasn't produced a 2024.1 release [1].

[1]: https://governance.openstack.org/tc/reference/emerging-technology-and-inactive-projects.html#current-inactive-projects

Change-Id: I888963751b6e1ed080588297c2889e700431516c

It's inactive and hasn't produced a 2024.1 release [1].

[1]: https://governance.openstack.org/tc/reference/emerging-technology-and-inactive-projects.html#current-inactive-projects

Change-Id: Ic988295bc5b8acb19df008fe0d52a3bcc6de2135

It's inactive and hasn't produced a 2024.1 release [1].
There are some efforts to restore Freezer, but let's remove it for now.

[1]: https://governance.openstack.org/tc/reference/emerging-technology-and-inactive-projects.html#current-inactive-projects

Change-Id: Ie42012af9e5c64bca23a6e6826bfc4651fd194bd

Fix existing spelling errors

Change-Id: Ie689cf5a344aaa630a4860448b09242333a8e119

The documentation[1] says that ceph_nova_user is the same as ceph_cinder_user,
but this it not true. In globals, the variable which refer to nova user on
ceph its setted as just "nova", instead of {{ ceph_cinder_user }}

[1] https://docs.openstack.org/kolla-ansible/latest/reference/storage/external-ceph-guide.html

Closes-Bug: #1954910
Change-Id: I0037b294fa88f129aaa98da426989a8151e6f9ea

Change-Id: I0f35c2ea1400ea25fdb253580c6c1b2e06ae591e

Change-Id: I0a086c59076120aa53e6a05526dbab88e393c1c7

Service user passwords will now be updated in keystone if services are
reconfigured with new passwords set in config. This behaviour can be
overridden.

Closes-Bug: #2045990
Change-Id: I91671dda2242255e789b521d19348b0cccec266f

HAProxy exposes a Prometheus metrics endpoint, it just needs to be
enabled. Enable this and remove configuration for
prometheus-haproxy-exporter. Remaining prometheus-haproxy-exporter
containers will automatically be removed.

Change-Id: If6e75691d2a996b06a9b95cb0aae772db54389fb
Co-Authored-By: Matt Anson <matta@stackhpc.com>

This allows us to continue execution until a certain proportion of hosts
to fail. This can be useful at scale, where failures are common, and
restarting a deployment is time-consuming.

The default max failure percentage is 100, keeping the default
behaviour. A global max failure percentage may be set via
kolla_max_fail_percentage, and individual services may define a max
failure percentage via <service>_max_fail_percentage.

Note that all hosts in the inventory must be reachable for fact
gathering, even those not included in a --limit.

Closes-Bug: #1833737
Change-Id: I808474a75c0f0e8b539dc0421374b06cea44be4f

This commit addresses a few shortcomings in the etcd service:
  * Adding or removing etcd nodes required manual intervention.

  * The etcd service would have brief outages during upgrades or
    reconfigures because restarts weren't always serialised.

This makes the etcd service follow a similar pattern to mariadb:
  * There is now a distiction between bootstrapping the cluster
    and adding / removing another member.

  * This more closely follows etcd's upstream bootstrapping
    guidelines.

  * The etcd role now serialises restarts internally so the
    kolla_serial pattern is no longer appropriate (or necessary).

This does not remove the need for manual intervention in all
failure modes: the documentation has been updated to address the
most common issues.

Note that there's repetition in the container specifications: this
is somewhat deliberate. In a future cleanup, it's intended to reduce
the duplication.

Change-Id: I39829ba0c5894f8e549f9b83b416e6db4fafd96f

Adds configurations and changes tasks to enable the
systemd plugin. Additionaly, the plugin is set to
read logs from the /var/log/journal directory

Implements: enable-fluent-plugin-systemd
Signed-off-by: Juan Pablo Suazo <jsuazo@whitestack.com>
Change-Id: Ic714a341befa5f906d9c0f78fa86f4c934df87cd

This avoids the need to use a proxy, or some other means, to connect to
Prometheus. This is disabled by default and can be enabled by setting
enable_prometheus_server_external to true.

Change-Id: Ia0af044ff436c2a204b357750a16ff49fcdfec45

Add support for automatic provisioning and renewal of HTTPS
certificates via LetsEncrypt.

Spec is available at:
https://etherpad.opendev.org/p/kolla-ansible-letsencrypt-https

Depends-On: https://review.opendev.org/c/openstack/kolla/+/887347


Co-Authored-By: Michal Arbet <michal.arbet@ultimum.io>
Implements: blueprint letsencrypt-https
Change-Id: I35317ea0343f0db74ddc0e587862e95408e9e106

Enable the jobboard feature for the Octavia amphora provider. This
requires Redis as a dependency, a precheck is added to ensure proper
configuration.

https://docs.openstack.org/octavia/latest/install/install-amphorav2.html

Change-Id: Iec3c8a4b4e257557dc8ec995c41d0ad7e88e13e2

Kolla Ansible should deploy Glance and Cinder Backup with
S3 backend support working out-of-the-box.

The S3 backend had been re-introduced in Ussuri after being
deprecated around the Mitaka timeframe, and having some local
object storage options is nice for testing..

Closes-Bug: #1977515
Change-Id: I4ca58382d1ee568bfca2ad108495422163f81260
Co-authored-by: Juan Pablo Suazo <jsuazo@whitestack.com>
Co-authored-by: Maksim Malchuk <maksim.malchuk@gmail.com>

This change adds basic deployment based on Podman
container manager as an alternative to Docker.

Signed-off-by: Ivan Halomi <i.halomi@partner.samsung.com>
Signed-off-by: Martin Hiner <m.hiner@partner.samsung.com>
Signed-off-by: Petr Tuma <p.tuma@partner.samsung.com>
Change-Id: I2b52964906ba8b19b8b1098717b9423ab954fa3d
Depends-On: Ie4b4c1cf8fe6e7ce41eaa703b423dedcb41e3afc

This commit adds the ironic-prometheus-exporter, following the
conventions used by the previously integrated exporters. '[The] Ironic
Prometheus Exporter is a Tool to expose hardware sensor data in the
Prometheus format through an HTTP endpoint.'[0]

Prometheus has been enabled in CI jobs to ensure test coverage.

[0] https://opendev.org/openstack/ironic-prometheus-exporter

Depends-On: https://review.opendev.org/c/openstack/kolla/+/874415

Change-Id: I6d421effd833d2e0524dd0b81736445c9a730ea9

This patch is adding a feature for an option to copy different
ceph configuration files and corresponding keyrings for cinder,
glance, manila, gnocchi and nova services.

This is especially useful when the deployment uses availability
zones as below example.

  - Individual compute can read/write to individual ceph
    cluster in same AZ.
  - Cinder can write to several ceph clusters in several AZs.
  - Glance can use multistore and upload images to
    several ceph clusters in several AZs at once.

Change-Id: Ie4d8ab5a3df748137835cae1c943b9180cd10eb1

Support to deploy skyline by kolla-ansible.

Implements: blueprint skyline
Depends-On: https://review.opendev.org/c/openstack/kolla/+/826948

Change-Id: Ice5621491a432ba32138abd6f62d1f815cc219e0

Change-Id: I8855bd60c2fd77f33fb55d4123131a94327bd166

Their cleanup has been added to monasca cleanup command.

Change-Id: I19a846e2683ae70b33ca64d2aba7ac71eb724588

This change replaces ElasticSearch with OpenSearch, and Kibana
with OpenSearch Dashboards. It migrates the data from ElasticSearch
to OpenSearch upon upgrade.

No TLS support is in this patch (will be a followup).

A replacement for ElasticSearch Curator will be added as a followup.

Depends-On: https://review.opendev.org/c/openstack/kolla/+/830373



Co-authored-by: Doug Szumski <doug@stackhpc.com>
Co-authored-by: Kyle Dean <kyle@stackhpc.com>
Change-Id: Iab10ce7ea5d5f21a40b1f99b28e3290b7e9ce895

Kolla Ansible is switching to OpenSearch and is dropping support for
deploying ElasticSearch. This is because the final OSS release of
ElasticSearch has exceeded its end of life.

Monasca is affected because it uses both Logstash and ElasticSearch.
Whilst it may continue to work with OpenSearch, Logstash remains an
issue.

In the absence of any renewed interest in the project, we remove
support for deploying it. This helps to reduce the complexity
of log processing configuration in Kolla Ansible, freeing up
development time.

Change-Id: I6fc7842bcda18e417a3fd21c11e28979a470f1cf

From OpenStack Zed the Pure Storage Cinder driver supports
NVMe-RoCE as a dataplane protocol. This patch adds support
for this new driver type.

Also amend a couple of documentation formatting typos.

Change-Id: Ic1eed7d19e9b583e22419625c92ac3507ea4614d

First part of patchset:
 https://review.opendev.org/c/openstack/kolla-ansible/+/799229/


in which was suggested to split patch into smaller ones.

This implements kolla_container_engine variable
in command calls of docker,so later on it can be
also used for podman without further change.

Signed-off-by: Ivan Halomi <i.halomi@partner.samsung.com>
Change-Id: Ic30b67daa2e215524096ad1f4385c569e3d41b95

We agreed that CentOS Stream 9 images are not published as we keep it
for CI use only (to check potential failures before it hits RHEL).

We recommend Rocky Linux 9 instead.

Change-Id: I06e6746e5c2abbdcd97912ea2f99d82fc662531d

Some time ago we dropped RHEL as one of possible options. During 'Zed'
cycle we added Rocky Linux 9 as alternative to CentOS Stream 9.

This change updates some mentions of both.

Change-Id: I9ed93efcb7d1ff97b1c7d8342db8252aba2a9887

Kolla Ansible now supports failing execution early if fact collection
fails on any of the hosts. This is to avoid late failures due to missing
facts (especially cross-host).

Change-Id: I7a74b937ded0b9da0621cf413f3a5d0d13a2cd68
Partial-Bug: #1833737

This can be used to forward Prometheus Alertmanager notifications to
Microsoft Teams.

Change-Id: I563f2438b3cb0895606b029b5269ce2e50c413e3
Depends-On: https://review.opendev.org/c/openstack/kolla/+/812678

This patch follows upstream and disables linuxbridge testing.
Users are notified of the situation via the release note.

Change-Id: I524682ceb5287c14ef0ba99baae0c081850f4c5e

Kolla environment currently uses haproxy
to fullfill HA in mariadb. This patch
is switching haproxy to proxysql if enabled.

This patch is also replacing mariadb's user
'haproxy' with user 'monitor'. This replacement
has two reasons:
  - Use better name to "monitor" galera claster
    as there are two services using this user
    (HAProxy, ProxySQL)
  - Set password for monitor user as it's
    always better to use password then not use.
    Previous haproxy user didn't use password
    as it was historically not possible with
    haproxy and mariadb-clustercheck wasn't
    implemented.

Depends-On: https://review.opendev.org/c/openstack/kolla/+/769385
Depends-On: https://review.opendev.org/c/openstack/kolla/+/765781
Depends-On: https://review.opendev.org/c/openstack/kolla/+/850656

Change-Id: I0edae33d982c2e3f3b5f34b3d5ad07a431162844

This change introduces automated configuration of firewalld and adds
a new filter for extracting services from the project_services dict.
the filter selects any enabled services and their haproxy element
and returns them so they can be iterated over.
This commit also enables automated configuration of firewalld from enabled
openstack services and adds them to the defined zone and reloads the
system firewall.

Change-Id: Iea3680142711873984efff2b701347b6a56dd355

Change-Id: I63673761959a560e97c848f092f086ceba25839a

This reverts commit 73fc230f.

Reason for revert: CI jobs failing with "msg": "{{ s3_url }}: 's3_url' is undefined"

Change-Id: Iba7099988cea0c0d8254b9e202309cd9c82a984d