ansible/group_vars/all.yml

@@ -372,7 +372,11 @@ cloudkitty_api_listen_port: "{{ cloudkitty_api_port }}"
 
 collectd_udp_port: "25826"
 
+cyborg_internal_fqdn: "{{ kolla_internal_fqdn }}"
+cyborg_external_fqdn: "{{ kolla_external_fqdn }}"
 cyborg_api_port: "6666"
+cyborg_api_public_port: "{{ haproxy_single_external_frontend_public_port if haproxy_single_external_frontend | bool else cyborg_api_port }}"
+cyborg_api_listen_port: "{{ cyborg_api_port }}"
 
 designate_internal_fqdn: "{{ kolla_internal_fqdn }}"
 designate_external_fqdn: "{{ kolla_external_fqdn }}"

ansible/roles/cinder/templates/cinder.conf.j2

@@ -264,5 +264,5 @@ backend_url = {{ redis_connection_string }}
 # and https://review.opendev.org/466098 for details
 # NOTE(jan.gutter): etcd v3.4 removed the default `v3alpha` api_version. Until
 # tooz defaults to a newer version, we should explicitly specify `v3`
-backend_url = etcd3+{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ etcd_client_port }}?api_version=v3{% if openstack_cacert %}?ca_cert={{ openstack_cacert }}{% endif %}
+backend_url = etcd3+{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ etcd_client_port }}?api_version=v3{% if openstack_cacert %}&ca_cert={{ openstack_cacert }}{% endif %}
 {% endif %}

ansible/roles/common/defaults/main.yml

@@ -186,6 +186,8 @@ fluentd_input_openstack_services:
     enabled: "{{ enable_nova | bool }}"
   - name: octavia
     enabled: "{{ enable_octavia | bool }}"
+  - name: placement
+    enabled: "{{ enable_placement | bool }}"
   - name: tacker
     enabled: "{{ enable_tacker | bool }}"
   - name: trove

ansible/roles/cyborg/defaults/main.yml

@@ -8,6 +8,20 @@ cyborg_services:
     volumes: "{{ cyborg_api_default_volumes + cyborg_api_extra_volumes }}"
     dimensions: "{{ cyborg_api_dimensions }}"
     healthcheck: "{{ cyborg_api_healthcheck }}"
+    haproxy:
+      cyborg_api:
+        enabled: "{{ enable_cyborg }}"
+        mode: "http"
+        external: false
+        port: "{{ cyborg_api_port }}"
+        listen_port: "{{ cyborg_api_listen_port }}"
+      cyborg_api_external:
+        enabled: "{{ enable_cyborg }}"
+        mode: "http"
+        external: true
+        external_fqdn: "{{ cyborg_external_fqdn }}"
+        port: "{{ cyborg_api_public_port }}"
+        listen_port: "{{ cyborg_api_listen_port }}"
   cyborg-agent:
     container_name: cyborg_agent
     group: cyborg-agent

ansible/roles/keystone/defaults/main.yml

@@ -17,7 +17,7 @@ keystone_services:
         port: "{{ keystone_internal_port }}"
         listen_port: "{{ keystone_internal_listen_port }}"
         backend_http_extra:
-          - balance "{{ 'source' if enable_keystone_federation | bool else 'roundrobin' }}"
+          - "balance {{ 'source' if enable_keystone_federation | bool else 'roundrobin' }}"
       keystone_external:
         enabled: "{{ enable_keystone }}"
         mode: "http"
@@ -27,7 +27,7 @@ keystone_services:
         port: "{{ keystone_public_port }}"
         listen_port: "{{ keystone_public_listen_port }}"
         backend_http_extra:
-          - balance "{{ 'source' if enable_keystone_federation | bool else 'roundrobin' }}"
+          - "balance {{ 'source' if enable_keystone_federation | bool else 'roundrobin' }}"
   keystone-ssh:
     container_name: "keystone_ssh"
     group: "keystone"

ansible/roles/keystone/tasks/config-federation-oidc.yml

@@ -28,11 +28,11 @@
   when:
     - inventory_hostname in groups[keystone.group]
 
-- name: Copying OpenID Identity Providers metadata
+- name: Templating OpenID Identity Providers metadata
   vars:
     keystone: "{{ keystone_services['keystone'] }}"
   become: true
-  copy:
+  template:
     src: "{{ item.metadata_folder }}/"
     dest: "{{ keystone_host_federation_oidc_metadata_folder }}"
     mode: "0660"
@@ -55,11 +55,11 @@
     - item.certificate_file is defined
     - inventory_hostname in groups[keystone.group]
 
-- name: Copying OpenStack Identity Providers attribute mappings
+- name: Templating OpenStack Identity Providers attribute mappings
   vars:
     keystone: "{{ keystone_services['keystone'] }}"
   become: true
-  copy:
+  template:
     src: "{{ item.file }}"
     dest: "{{ keystone_host_federation_oidc_attribute_mappings_folder }}/{{ item.file | basename }}"
     mode: "0660"

ansible/roles/loadbalancer/defaults/main.yml

@@ -200,3 +200,8 @@ haproxy_external_single_frontend_options:
   - "timeout client {{ haproxy_glance_api_client_timeout }}"
 
 haproxy_glance_api_client_timeout: "6h"
+
+################
+# ProxySQL
+################
+mariadb_monitor_read_only_interval: ""

ansible/roles/loadbalancer/templates/proxysql/proxysql.yaml.j2

@@ -32,6 +32,9 @@ mysql_variables:
    monitor_ping_interval: "{{ mariadb_monitor_ping_interval }}"
    monitor_ping_timeout: "{{ mariadb_monitor_ping_timeout }}"
    monitor_ping_max_failures: "{{ mariadb_monitor_ping_max_failures }}"
+{% if mariadb_monitor_read_only_interval | length > 0 %}
+   monitor_read_only_interval: {{ mariadb_monitor_read_only_interval }}
+{% endif %}
    monitor_connect_timeout: 6000
    connect_timeout_client: 100000
    connect_timeout_server: 30000

ansible/roles/placement/templates/placement-api-wsgi.conf.j2

@@ -28,7 +28,7 @@ LogLevel info
     <IfVersion >= 2.4>
       ErrorLogFormat "%{cu}t %M"
     </IfVersion>
-    ErrorLog "{{ log_dir }}/placement-api.log"
+    ErrorLog "{{ log_dir }}/placement-api-error.log"
     LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b %D \"%{Referer}i\" \"%{User-Agent}i\"" logformat
     CustomLog "{{ log_dir }}/placement-api-access.log" logformat
     <Directory {{ wsgi_directory }}>

doc/source/admin/mariadb-backup-and-restore.rst

@@ -83,7 +83,7 @@ following options on the first database node:
 
    docker run --rm -it --volumes-from mariadb --name dbrestore \
       --volume mariadb_backup:/backup \
-      quay.io/openstack.kolla/centos-source-mariadb-server:|KOLLA_OPENSTACK_RELEASE| \
+      quay.io/openstack.kolla/mariadb-server:|KOLLA_OPENSTACK_RELEASE|-rocky-9 \
       /bin/bash
    (dbrestore) $ cd /backup
    (dbrestore) $ rm -rf /backup/restore
@@ -105,7 +105,7 @@ place, again on the first node:
 
    docker run --rm -it --volumes-from mariadb --name dbrestore \
       --volume mariadb_backup:/backup \
-      quay.io/openstack.kolla/centos-source-mariadb-server:|KOLLA_OPENSTACK_RELEASE| \
+      quay.io/openstack.kolla/mariadb-server:|KOLLA_OPENSTACK_RELEASE|-rocky-9 \
       /bin/bash
    (dbrestore) $ rm -rf /var/lib/mysql/*
    (dbrestore) $ rm -rf /var/lib/mysql/\.[^\.]*
@@ -148,7 +148,7 @@ incremental backup,
 
    docker run --rm -it --volumes-from mariadb --name dbrestore \
       --volume mariadb_backup:/backup --tmpfs /backup/restore \
-      quay.io/openstack.kolla/centos-source-mariadb-server:|KOLLA_OPENSTACK_RELEASE| \
+      quay.io/openstack.kolla/mariadb-server:|KOLLA_OPENSTACK_RELEASE|-rocky-9 \
       /bin/bash
    (dbrestore) $ cd /backup
    (dbrestore) $ rm -rf /backup/restore

releasenotes/notes/bug-2095607-f4d9d5aebebddfc8.yaml

+---
+fixes:
+  - |
+    Fixes Apache and placement writing to the same log file.
+    Apache placement VirtualHost ErrorLog has been renamed to
+    ``placement-api-error.log`` (similar to other services).
+    `LP#[2095607] <https://launchpad.net/bugs/2095607>`__

releasenotes/notes/fix-cinder-etcd-backend-url-3ca1fa04293c16b5.yaml

+---
+fixes:
+  - |
+    Fixes a bug where the etcd3gw ``backend_url`` in cinder.conf would be
+    invalid when ``openstack_cacert`` was set.
+    `LP#2085908 <https://bugs.launchpad.net/kolla-ansible/+bug/2085908>`__

releasenotes/notes/fix-cyborg-haproxy-missing-variables-2f00c677a7003005.yaml

+---
+fixes:
+  - |
+    Fixes cyborg deployment, which was missing variables in order
+    to configure the haproxy listener.
+    `LP#2020088 <https://bugs.launchpad.net/kolla-ansible/+bug/2020088>`__

releasenotes/notes/template-config-federation-oidc-8e62742de5fcb376.yaml

+---
+features:
+  - |
+    In the Keystone role files for the
+    ``keystone_host_federation_oidc_metadata_folder`` and
+    ``keystone_host_federation_oidc_attribute_mappings_folder`` directories
+    are now handled as templates. This relates to the OpenID Identity Providers
+    metadata and the OpenStack Identity Providers attribute mappings as part of
+    the identity federation with OIDC.

tests/templates/globals-default.j2

@@ -11,6 +11,9 @@ network_address_family: "{{ address_family }}"
 kolla_container_engine: "{{ container_engine }}"
 docker_restart_policy: "no"
 
+docker_apt_url: "http://{{ zuul_site_mirror_fqdn }}:8080/docker/{{ ansible_facts.distribution | lower }}"
+docker_yum_url: "http://{{ zuul_site_mirror_fqdn }}:8080/docker/centos"
+
 {% if container_engine == 'podman' %}
 podman_debug: true
 podman_registry_mirrors:
@@ -147,6 +150,10 @@ cinder_cluster_name: "kolla_ceph"
 glance_backend_ceph: "yes"
 cinder_backend_ceph: "yes"
 nova_backend_ceph: "yes"
+# RabbitMQ tuning
+rabbitmq_cluster_partition_handling: "autoheal"
+rabbitmq_extra_config:
+  cluster_keepalive_interval: 50000
 # Redis for coordination
 enable_redis: "yes"
 
@@ -262,3 +269,7 @@ enable_skyline: "yes"
 enable_skyline: "yes"
 skyline_enable_sso: "yes"
 {% endif %}
+
+{% if groups['all'] | length > 1 %}
+mariadb_monitor_read_only_interval: "30000"
+{% endif %}