Nova has reversed their deprecation of the VMware driver, and the Kolla
community has shown an interest in it.

Change-Id: I82f1074da56ed16c08317d1f92ed7f0a6f4a149a

trivial fix

Change-Id: Id6f06bb746fd211a58692c58540c7fd6eef20002

Config plays do not need to check containers. This avoids skipping
tasks during the genconfig action.

Ironic and Glance rolling upgrades are handled specially.

Swift and Bifrost do not use the handlers at all.

Partially-Implements: blueprint performance-improvements
Change-Id: I140bf71d62e8f0932c96270d1f08940a5ba4542a

Add TLS support for backend Neutron API Server communication using
HAProxy to perform TLS termination. When used in conjunction with
enabling TLS for service API endpoints, network communication will be
encrypted end to end, from client through HAProxy to the Neutron
service.

Change-Id: Ib333a1f1bd12491df72a9e52d961161210e2d330
Partially-Implements: blueprint add-ssl-internal-network

Change-Id: I639145a709f1d3b9882bbdfb20a754646d1f5270

remove redundant space line
replace octavia user with {{ octavia_keystone_user }}

Change-Id: I284acc580a1a530eede3e0227febe8667dea5d47

If iptables is not installed, e.g. in the CentOS 8 cloud image, and
Docker iptables management is enabled, we get the following errors:

Failed to find iptables: exec: \"iptables\": executable file not found
in $PATH failed to start daemon: Error initializing network controller:
error obtaining controller instance: failed to create NAT chain DOCKER:
Iptables not found

This change installs the iptables package Docker iptables management is
enabled.

Change-Id: I3ba5318debccafb28c3cbce8e4e9813c28b086fc
Closes-Bug: #1899060

This fixes the `certificates` command to not include CSRs in
the haproxy bundle.
The regex was wrong.

Change-Id: If25a6d5dd40f507fea4470be01baeeb7c8a790b4

we use octavia user to upload image currently, so it is better to
create a octavia openrc file for user

Implements: blueprint implement-automatic-deploy-of-octavia

Change-Id: Ib53d00fa4a6ee59b8a0b2245f83786a6af0cbf53

implemented as a separate command (kolla-ansible octavia-certificates)

Implements: blueprint implement-automatic-deploy-of-octavia

Co-Authored-By: wu.chunyang <wuchunyang@yovole.com>
Co-Authored-By: Radosław Piliszek <radoslaw.piliszek@gmail.com>

Change-Id: I2c5b26ce9e363f35c523865904a582f7960aa682

Follows designate guide, adding a default zone for fixed and
floating IPs, then boots an instance and verifies that its
name resolves.

Change-Id: Ifbfdab425e2c8a36a8f3ab8539f70dca4cce2abc

Use with_first_found on placement-api-wsgi to allow
overwrite from users and keep consistency with other
roles.

Change-Id: I11c84db6df1bb5be61db5b6b0adf8c160a2bd931
Closes-Bug: #1898766

* ipxe_enabled was removed in Ussuri, now there is a separate ipxe boot
  interface.
* iPXE now has its own set of configuration for the bootfile and config
  template, and the values previously set when iPXE is enabled are now
  the default in ironic. The overrides have been removed, since they
  match the iPXE defaults.

Change-Id: I9d9f030ee4be979d0a849b59e5eb991f2d82f6a4

[1]: https://review.opendev.org/#/c/561802/

Change-Id: Id335502ad464aa417162b2576ffae3818d30cba1

This change enables the use of Docker healthchecks for core OpenStack
services.
Also check-failures.sh has been updated to treat containers with
unhealthy status as failed.

Implements: blueprint container-health-check
Change-Id: I79c6b11511ce8af70f77e2f6a490b59b477fefbb

Keepalived and haproxy cooperate to provide control plane HA in
kolla-ansible deployments.
Certain care should be exerted to avoid prolonged availability
loss during reconfigurations and upgrades.
This patch aims to provide this care.
There is nothing special about keepalived upgrade compared to
reconfig, hence it is simplified to run the same code as for
deploy.
The broken logic of safe upgrade is replaced by common handler
code which's goal is to ensure we down current master only after
we have backups ready.

This change introduces a switch to kolla_docker module that allows
to ignore missing containers (as they are logically stopped).
ignore_missing is the switch's name.
All tests are included.

Change-Id: I22ddec5f7ee4a7d3d502649a158a7e005fe29c48

Adds information about change of default.

Change-Id: I9041345bbffefe6059d5ff151ebff07b6e26321a
Related: blueprint add-ssl-internal-network

this patchset has implemented:
  - network (lb-mgmt-net)
  - security groups and rules (used by amphora and health manager)
  - amphora flavor (used by amphora)
  - nova keypair (used by amphora at the time of debugging)

Add a octavia_amp_listen_port variable which used by amphora
Add amp_image_owner_id in octavia.conf

Implements: blueprint implement-automatic-deploy-of-octavia
Co-Authored-By: zhangchun <zhangchun@yovole.com>

Depends-On: https://review.opendev.org/652030

Change-Id: I67009d046925cfc02c1e0073c80085c1471975f6

Change-Id: Ic3faf90ef7aea1c506e113fe77f62d916d1b118b
Implements: blueprint implement-automatic-deploy-of-octavia

Since [1] and [2] merged, K-A has to control Neutron migrations
to migrate all required projects.

This patch additionally fixes the other observed issue.

[1] https://review.opendev.org/750075
[2] https://review.opendev.org/753543

Change-Id: I09e1b421e9066890b50bd82331a3050de252464f
Closes-Bug: #1894380
Depends-On: https://review.opendev.org/755346