Fluentd has a default timeout of 5s for flushing data to ElasticSearch.
If there is a significant backlog of unsent log messages, this timeout
can be exceeded, resulting in Fluentd failing to make further progress.

Raise the default timeout to 60s.

This patch adopts the configuration parameters previously proposed by
Krzysztof Klimonda.

Closes-Bug: #1983031
Closes-Bug: #1896611
Change-Id: I1aaab654a5a0752fccef2cfb8cc0bde4a0ee2562

Closes-Bug: #1987866
Change-Id: Iaf352a15b9e6c9607e0d33c803c132d9267ca727

In a multi-controller node, the presence of "run_once: True"
and "when: inventory_hostname == groups['keystone'][-1]"
will cause the task to be skipped

Closes-Bug: #1987982

Change-Id: I6a8f4ca285cda0675711b631aeed7ae4c992d879

Instead of specifying a custom member list for each service that should
be configured as active/passive, a new `active_passive` parameter can be
set to true. This only works if `custom_member_list` is not used.

Change-Id: I3758bc2377c25a277a29f02ebc20c946c7499093

This avoids root privileges in tftpd's unprivileged container.

Change-Id: I50366205c9cefe2af26c27580c02368f029b7605

This change enables the use of Docker healthchecks for
mariadb-server service.

Depends-On: https://review.opendev.org/c/openstack/kolla/+/805613
Change-Id: I893687a0501ea0f281b879df3141a354bff9eca6

This can be used to forward Prometheus Alertmanager notifications to
Microsoft Teams.

Change-Id: I563f2438b3cb0895606b029b5269ce2e50c413e3
Depends-On: https://review.opendev.org/c/openstack/kolla/+/812678

This patch follows upstream and disables linuxbridge testing.
Users are notified of the situation via the release note.

Change-Id: I524682ceb5287c14ef0ba99baae0c081850f4c5e

By default Bifrost generates passwords for use by services, and stores
them in files in /root/.config/bifrost/ in the container. This directory
is not persistent, so the passwords are lost if the container is
recreated. This is generally not a problem, because recreating the
container is generally done when redeploying Bifrost, and new passwords
will be generated and written to configuration files. However, if you
access the Ironic or Inspector APIs outside of the Bifrost playbooks,
the credentials will have changed.

This change fixes the issue by persisting the credentials directory in a
Docker volume. Note that applying this change will cause existing
credentials to be removed.

Closes-Bug: #1983356

Change-Id: I45a899e228b7634ba86fab5822139252c48a7f07

Closes-Bug: 1982777

Change-Id: Ic752b981041b233ab55d5b9abef667b21b47857d

This change introduces automated configuration of firewalld and adds
a new filter for extracting services from the project_services dict.
the filter selects any enabled services and their haproxy element
and returns them so they can be iterated over.
This commit also enables automated configuration of firewalld from enabled
openstack services and adds them to the defined zone and reloads the
system firewall.

Change-Id: Iea3680142711873984efff2b701347b6a56dd355

Change-Id: I63673761959a560e97c848f092f086ceba25839a

This reverts commit 73fc230f.

Reason for revert: CI jobs failing with "msg": "{{ s3_url }}: 's3_url' is undefined"

Change-Id: Iba7099988cea0c0d8254b9e202309cd9c82a984d

Added options to configure S3 cinder backup driver, so cinder backup
can use S3 storage, for safekeeping backups.

Change-Id: Id6ff6206714581555baacecebfb6d8dd53bed8ac

Closes-bug: 1944699
Change-Id: I6d0bb3b88983846fdd9c8af09456a106a940d191

Closes-bug: 1966536
Change-Id: I66a0189511e4c937299442207459cf72165649dd

To use notifications with ironic, the notification_level
option in the [DEFAULT] section of the configuration file
must be set, we use ``info`` as a reasonable level.

Closes-Bug: #1969826

Change-Id: I38bb1e5404e917c788689a3181741022f875da06

Change-Id: I6d9ee98912120b9ece60ee22c7b0ad71dab8ed30

In a multi-region environment without a local keystone, we should still
use authentication.

Change-Id: I9df0ddf6e0d56f0817256b07ae0a0a7021209663

Change-Id: Iaf6bf36ae0adce3342981c36c859fc138b172f6b

With the ironic_http_interface/ironic_http_interface_address
parameters it is possible to set the addresses for the
ironic_http service.

Change-Id: I72c257ebedf283cdef1b98485a576631e2190657

Starting from v1.5.0 of the exporter, OS_COMPUTE_API_VERSION can be set
to configure the Nova API version to be used [1]. Microversion 2.1 can
be used to keep metrics unmodified from the previous exporter version
deployed by Kolla (v1.3.0).

Support it with prometheus_openstack_exporter_compute_api_version,
defaulting to using the latest version.

[1] https://github.com/openstack-exporter/openstack-exporter/pull/201

Change-Id: I7605a3f9f74effb29ecec3b28e4709fd5f7f8cd4

As kolla-toolbox is mounting /run:/run
there is no need to mount also /run/openvswitch.
This is causing /run/openvswitch is mounted
again and again up to 32767 times after kolla-toolbox
restart.

Closes-Bug: #1979295
Change-Id: I49b3bde8b2bd61b6c931a81542a0d89f8a303ffc

Fixes an issue where access rules failed to validate:

    Cannot validate request with restricted access rules. Set
    service_type in [keystone_authtoken] to allow access rule validation

I've used the values from the endpoint. This was mostly a straight
forward copy and paste, except:

- versioned endpoints e.g cinderv3 where I stripped the version
- monasca has multiple endpoints associated with a single service. For
  this, I concatenated logging and monitoring to be logging-monitoring.

Closes-Bug: #1965111
Change-Id: Ic4b3ab60abad8c3dd96cd4923a67f2a8f9d195d7

This patch simply fix a typo in 'influxdb_internal_endpoint' variable.

Change-Id: I1b1068e84be7f7eaff1a4eab1ba9ddcd6f4241c7

Masakari-hostmonitor needs to have
corosync/pacemaker deployed.

This patch is just changing default enable_hacluter: "no"
to "yes" if masakari-hostmonitor is enabled.

Closes-Bug: #1934149
Change-Id: I979d1d6d08ca0cc0a748f175da77f68bcecc2d1a

Even on moderately sized clouds, openstack-exporter can easily take more
than 10 seconds to return, causing Prometheus to fail to scrape data.

Since the default scrape internal is 60 seconds, we can increase the
default timeout to 45 seconds.

Change-Id: Id8dffc425ff057b1e45103eb53734543bca8be80
Closes-Bug: #1976629

Following up on [1].
The 3 variables are only introducing noise after we removed
the reliance on Keystone's admin port.

[1] I5099b08953789b280c915a6b7a22bdd4e3404076

Change-Id: I3f9dab93042799eda9174257e604fd1844684c1c

Docs and reno included.

Change-Id: I5099b08953789b280c915a6b7a22bdd4e3404076

Add a switches to enable/disable deploy of the Masakari monitors.

Change-Id: I3ab603f7cab7946ea8f2e063fe91190d6592066a
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>

Closes-Bug: #1975598
Change-Id: If4c85f8e960141d08a89accdc11a3271f31974c1

Since enabling libvirt SASL authentication, the masakari instance
monitor fails to connect to libvirt. We see the following error in logs:

    libvirt.libvirtError: authentication failed: Failed to start SASL
    negotiation: -4 (SASL(-4): no mechanism available: No worthy mechs
    found)

This change adds support for SASL authentication in Masakari instance
monitor.

Depends-On: https://review.opendev.org/c/openstack/kolla/+/834456
Closes-Bug: #1965754
Change-Id: I974046662b383a12ac6281b725523760a96657bd

Change-Id: I9e4e1287ea69960ae3b13734acc3eb0b087a8d86

In the last PTG it was decided to drop the keystone_token_provider variable, because there is no other option anymore.

Signed-off-by: Ramona Rautenberg <rautenberg@osism.tech>
Change-Id: I1ee2c3f9b7dbbbf4633c5874cdbb3c4f8c09e277

"Smoke tests" for barbican, cinder, glance and keystone have been removed as discussed in PTG April 2022.

Signed-off-by: Tim Beermann <beermann@osism.tech>
Change-Id: I613287a31e0ea6aede070e7e9c519ab2f5f182bd

Add an enable_cinder_backend_pure_iscsi and
enable_cinder_backend_pure_fc options to etc/kolla/globals.yml
to enable use of the FlashArray backend.
Update the documentation to include a section on configuring
Cinder with the FlashArray.

Implements: blueprint pure-cinder-driver
Change-Id: I464733f1322237321ed1ffff8636cf30bd1cbb38

The inactivity probe interval of the OpenFlow  connection
to the OpenvSwitch integration bridge, in seconds. If the
value is zero, it disables the connection keepalive  fea‐
ture.

If  the  value  is  nonzero,  then it will be forced to a
value of at least 5s.

The value is set to 60 seconds by default as described in
"OVN issues in the field".

https://www.openvswitch.org/support/ovscon2019/day1/1436-OVSCON-Nouman.pdf
https://www.ovn.org/support/dist-docs/ovn-controller.8.html

Change-Id: I7066c3a8b33b482774f310c45142ac2936a5c405

Closes-Bug: #1972818

Change-Id: I9e36b9169b6725bf6db953e464fc099087747778

With the parameter bifrost_deploy_verbosity it is possible
to set the verbosity of the bootstrap of Bifrost.

This makes it possible to reduce verbosity when running
/bifrost/playbooks/install.yaml if needed.

Change-Id: I5815220f2193a492ae7e1f63443075790ae7aaef

Change-Id: Ide82b7a7fa6752b60f2c9c31cdc4c79183fc62f6