These are not used by the relevant daemons and so can be dropped to,
e.g., avoid creating the cinder volume on hosts where there is no
cinder.

Change-Id: Ia8d906a9e0227f361883a7ec1ec8dcd73e4104dc

Change-Id: Ie09bf108250a71d539002dd5ccfa63dd71bcfe90

Currently kolla-ansible sets haproxy balance algorithm to source for
horizon. We can set it to round-robin if the cache backend is memcached
or using the database as the session storage backend. So we can
distribute http requests evenly to all available horizon instances.

Closes-Bug: #1990523
Change-Id: I0721cadcf53d59947bc0db6a193bfafe49c41ad3

These are upstream defaults, no need to carry them around.

TrivialFix

Change-Id: I2907d5f38c6a74776961bd473553edf2d83f7257

This patch also changes python version and default tag for centos.
prometheus-efk and venus jobs commented out, elasticsearch images
are unbuildable
cells is commented out because proxysql is unbuildable

Change-Id: Ic358f8b600317d3c2fc45130a59785225aea1153

JWT failed to validate on auth-oidc endpoint used by openstack cli
with "could not find key with kid: XX" error. To fix this we need
to use jwks provided in "jwks_uri" by OIDC metadata endpoint.

Missing "ServerName" directive from vhost config causes redirection
to fail in some cases when external tls is enabled.

  - added "keystone_federation_oidc_jwks_uri" variable
  - added "OIDCOAuthVerifyJwksUri" to keystone vhost config
  - added "ServerName" to keystone vhost config
  - jinja templating additional whitespace trimmed to
    correct end result indentation and empty newlines

Closes-bug: 1990375
Change-Id: I4f5c1bd8be8e23cf6299ca4bdfd79e9d98c9a9eb

With this option enabled, dnsmasq can offer the same IP address to
multiple hosts when their requests are close to each other. Remove this
option in order to use the built-in hashing mechanism which will
allocate random IP addresses, which should be less likely to conflict.

Closes-Bug: #1991390
Change-Id: I09a9fa2d0c54635b899ad7906cc2e2e4580ef5ad

Fix bifrost stop.yml after I9faecfe6ece6d3c35396e3378c1e3930a487e130

Change-Id: I850cbbb83d10b1518cc73612a591b160c2d49f1c

Change-Id: Ia8acdf69cb3676ec939777c32f0568cb720c471f

Change-Id: Ib068117237a199db380fcdfb757d5d0e5d34326b

It's a followup to 73a1812c
addressing post-merge comments.

Change-Id: Idd458ad6ef29e4eee2f9e537b4eae39d26eb9f64

Change-Id: Ic89097fdc72d4fa11754201ed6e388bf79ca40b6

Bind9 is running without limit for UDP listeners.
This patch is changing this behaviour and sets max 32
of UDP listeners. This is needed because of bug below [1].

[1] https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1827923

Change-Id: Ie4c2ac4d5e990ebdc30c3a94d855703d814f1fee

Kolla Ansible stopped setting them as they turned out to be
unnecessary for its operations, yet may have conflicted with
security policies of the hosts. [1] [2]

[1] https://launchpad.net/bugs/1837551
[2] https://launchpad.net/bugs/1945453

Change-Id: Ie8ccd3ab6f22a6f548b1da8d3acd334068dc48f5

The correct option to use is valid_interfaces [1], not os_endpoint_type.

[1] https://docs.openstack.org/networking-baremetal/latest/configuration/ironic-neutron-agent/config.html#ironic

Closes-Bug: #1990675
Change-Id: I35e7d3072c6340f4ecbe02f8961158bcb663954e

Closes-Bug: #1990819
Change-Id: I12c451077114b77b11810f25eb5b6187cdf08ad9

mainly jinja spacing and jinja[invalid] related

Change-Id: I6f52f2b0c1ef76de626657d79486d31e0f47f384

Change to '{{ kolla_dev_repos_git }}/{{ project_name }}'

Change-Id: I78d133b58386d211464c15369265d1e192a7d7ff

Remove hard-coded internal address; introduce variable to control
external web url.

Closes-bug: #1972817
Change-Id: Ib834a9f8b4a0238960dca65b2ebc1da840cec626

Added c9s jobs are non voting, as agreed on PTG to focus on Rocky Linux 9.
Since both CS9 and RL9 have higher default fd limit (1073741816 vs
1048576 in CS8) - lowering that for:
* RMQ - because Erlang allocates memory based on this (see [1], [2], [3]).
* MariaDB - because Galera cluster bootstrap failed

Changed openvswitch_db healthcheck, because for unknown reason
the usual check (using lsof on /run/openvswitch/db.sock) is hanging
on "Bad file descriptor" (even with privileged: true).

[1]: https://github.com/docker-library/rabbitmq/issues/545
[2]: https://github.com/rabbitmq/cluster-operator/issues/959#issuecomment-1043280324
[3]: https://github.com/systemd/systemd/commit/a8b627aaed409a15260c25988970c795bf963812

Depends-On: https://review.opendev.org/c/openstack/tenks/+/856296
Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/856328
Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/856443
Needed-By: https://review.opendev.org/c/openstack/kolla/+/836664


Co-Authored-By: Michał Nasiadka <mnasiadka@gmail.com>
Change-Id: I3f7b480519aea38c3927bee7fb2c23eea178554d

Sometimes in CI we're seeing Address already in use on clustercheck restarts.
Adding reuseaddr that allows immediate restart of the server process.

Change-Id: Ib1c9dcf99381b6b9d1095f450d74c797d39f4cb2

Fluentd has a default timeout of 5s for flushing data to ElasticSearch.
If there is a significant backlog of unsent log messages, this timeout
can be exceeded, resulting in Fluentd failing to make further progress.

Raise the default timeout to 60s.

This patch adopts the configuration parameters previously proposed by
Krzysztof Klimonda.

Closes-Bug: #1983031
Closes-Bug: #1896611
Change-Id: I1aaab654a5a0752fccef2cfb8cc0bde4a0ee2562

Signed-off-by: Franco Mariotti <fmariotti@whitestack.com>
Change-Id: Ie151cd97d3e0ba3bfec9e95a5b8bdfef0b54806c

Prometheus is creating user and granting permissions
to database from which is gathering metrics. This
process is different when haproxy/proxysql is used.

Proxysql:

  - kolla-ansible should use root_shard_ID user to connect
    to ProxySQL endpoint and it is routed to proper shard.

Haproxy:

  - kolla-ansible should use root user to connect to HAProxy
    endpoint and that's all.

If proxysql is not used, mariadb role will not create user
shard_root_ID user in bootstrap (from my perspective of view
it should), and therefore it will fail when HAProxy is used.

This patch is just fixing user to connect.

Change-Id: Icd07807b2c404eb4d3f398879639b17f1e7949c2

HAProxy prechecks could fail if the ansible_user was not allowed
to access Docker API.

Change-Id: I09bfa35392bed77321d2de2424e44e60b60a8451

Closes-Bug: #1987866
Change-Id: Iaf352a15b9e6c9607e0d33c803c132d9267ca727

MariaDB is left unchanged because its custom_member_list uses a
different group (mariadb_default_database_shard_hosts).

Change-Id: Icefd5a3d02ae4dfeb27401696c35ca2c38e203d3

In a multi-controller node, the presence of "run_once: True"
and "when: inventory_hostname == groups['keystone'][-1]"
will cause the task to be skipped

Closes-Bug: #1987982

Change-Id: I6a8f4ca285cda0675711b631aeed7ae4c992d879

Instead of specifying a custom member list for each service that should
be configured as active/passive, a new `active_passive` parameter can be
set to true. This only works if `custom_member_list` is not used.

Change-Id: I3758bc2377c25a277a29f02ebc20c946c7499093

This avoids root privileges in tftpd's unprivileged container.

Change-Id: I50366205c9cefe2af26c27580c02368f029b7605

Change-Id: I6b03d7ec0eb84c9a2544c2ad13102028452c2ec1

This change enables the use of Docker healthchecks for
mariadb-server service.

Depends-On: https://review.opendev.org/c/openstack/kolla/+/805613
Change-Id: I893687a0501ea0f281b879df3141a354bff9eca6

openEuler 20.03 LTS SP2 is out of date. This patch:
1. Upgrade openEuler to 22.03 TLS for host OS.
2. Switch guest OS from centOS 8 to ubuntu

Change-Id: If2ff036e965def141f67240945802611e1f4dc4e

This allows you to use a more descriptive name if you desire.
For example, when using cinder with multiple ceph backends, rbd-1,
doesn't convey much information. You could include location, disk
technology, etc. in the name.

Change-Id: Icfdc2e5726fec8b645d6c2c63391a13c31f2ce9a

A follow up patch to I563f2438b3cb0895606b029b5269ce2e50c413e3

Change-Id: I1e4c5db46413668d4b5df2f2dcedc5d9aaecd63a

This can be used to forward Prometheus Alertmanager notifications to
Microsoft Teams.

Change-Id: I563f2438b3cb0895606b029b5269ce2e50c413e3
Depends-On: https://review.opendev.org/c/openstack/kolla/+/812678

This patch ads proxysql-config role
which is used for generating users and
rules configuration.

Change-Id: I1fcb0e8040ea55f8f6b8384a56479eabdaf61c33

This patch adds loadbalancer-config role
which is "wrapper" around haproxy-config
and proxysql-config role which will be added
in follow-up patches.

Change-Id: I64d41507317081e1860a94b9481a85c8d400797d

Depends-On: https://review.opendev.org/c/openstack/kolla/+/769385
Depends-On: https://review.opendev.org/c/openstack/kolla/+/765781

Change-Id: I3c4182a6556dafd2c936eaab109a068674058fca

clouds.yaml[0] is a richer way to express configuration for OpenStack
clouds. It's also fully supported by Ansible's OpenStack modules as
well as python-openstackclient and openstacksdk. It's the future - who
doesn't like the future?

Write a file using both the public (default) and the internal endpoints
for the admin user. Also, change all of the examples to reference it
and to get python-openstackclient to use it too.

[0] https://docs.openstack.org/openstacksdk/latest/user/guides/connect_from_config.html

Implements: blueprint use-clouds-yaml
Change-Id: I557d2e4975c7b3d3c713a556b9ba47af9567ce6e