openstack/openstack-ansible-os_nova - openstack-ansible-os_nova - OpenDev: Free Software Needs Free Tools

Keystone role was never migrated to usage of haproxy-endpoints role
and included task was used instead the whole time.
With that to reduce complexity and to have unified approach, all mention
of the role and handler are removed from the code.
Change-Id: I3693ee3a9a756161324e3a79464f9650fb7a9f1a

With sphinx release of 5.0.0, they changed default for language variable
to 'en' from None. With that current None valuable is not valid and should
not be used.
Change-Id: I6f3bdb6e63986bb25371f09c6c468dc055fd3050

Centos-9 no longer ships this file so skip adjusting it [1]. The
file should not exist on Centos-9 systems where OSA is used.
If this file is created by a deployer it will potentially
interfere with the operation of libvirt and other configuration
made by openstack-ansible.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=2042529
Change-Id: Ieeba7fb803e151a9e6d0adac3d1512aef3785e9a

Currently we're passing non-existant variable into PKI role
when defining whether to regen certificates or not.
This change fixes behaviour.
Change-Id: Ib1c8f820ccfe00923fcbc7aec2457a94629673fe

This is otherwise undefined in functional tests
Change-Id: I5a387566d5bdb9ee4c34976c55f86f31fc65f87e

This uses ssh signed certificates so there is no longer the need
to distribute the nova public key from each compute host to all
other compute hosts.
The legacy scripts and authorized key files are removed as a
migration step.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/825292
Change-Id: I3456bdf7bed66a2675b8a410d4cf6b2174598a22

Change-Id: I68442162529d7ff7f5f23c0520f087f014d62be1

Change-Id: I4bc528e67c097f649c6e49cf39a3452a853560be

When nova don't use rbd images (ie local storage) it still might be good
idea to use direct connection to rbd to get images rather then
connect through HTTP.
Change-Id: I4f2d7cf54e07376c7a25d45093f5d83be5422234

Change-Id: Ib13d07f4f8c8007be47e5a10a9f63f1e93986876

This configuration option has been observed to result in file
descriptor leaks in certain circumstances. A variable is added
here so that it can be easily overridden.
Change-Id: I7de034307da9352e6f5d1f5f175a330fb8c86463
Related-Bug: #1961603 

libvirtd.socket does monitor libvirtd.service and trigger service restart
when it spot that service is down.
However in order to enable tcp and tls sockets, we need libvirt
to be stopped.
Currently race condition can happen, when we stop libvirt, but it's
started by socket before we enable tls one.
To overcome this we stop socket along with service.
Change-Id: Iacc093311036fb8d6559a0e32252579303a639ba

Since all supported distros have libvirt version >= 5.7 there's
no reason to ensure that it is true.
So we remove corresponsive code and simplify logic.
Change-Id: I281829214df8affec7774a45a3ca0405a866b5c0

According to nova doc, secure_proxy_ssl_header has been deprecated and
has no effect [1]. Since these variables are not used for other purpose
we drop them.
[1] https://docs.openstack.org/nova/latest/configuration/config.html#oslo_middleware.secure_proxy_ssl_header
Change-Id: Ibc3ac4f0f3fb038463748f8c1608fa475374cf67

Since api_servers from [glance] secton is deprecated and can be
silently ignored [1], we drop corresponsive OSA variable
[1] https://docs.openstack.org/nova/latest/configuration/config.html#glance.api_servers
Change-Id: I52de65a4629f23fd2c0c3735033a8e2d57a82024

Change-Id: Ic587e1a55b6f15c66e01176dac7b6acdb0abd240

Buster is no longer supported on recent OSA releases so this task
is not required.
Change-Id: I96332980798cb56f725b8bdc9a0514ab40c1a0f9

This task has been added for upgrade purposes only and
can be safely removed.
Change-Id: I9df6503c0e45b2f6b88e64e61048026df325c865

It appears that this tag stopped working recently when switching
from import to include syntax. This patch adds the necessary
'always' tag to ensure the 'nova-key' tag gets carried through.
Change-Id: Iee1dca9221b6968d11be54fc1df03b2f8a6c3f44

Change-Id: I01fdeb2cca9d5315fd486500cc8d6330cb23ce84

Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.
This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.
Change-Id: I046def5a5cc94f680bc0daa3a2a1734f325d8022

Ansible's combine() filter needs recursive=True parameter in order to recursively merge nested hashes.
https: //docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#combining-hashes-dictionaries
Change-Id: I2e84c0370c04336c124e5b6549b638483f107601

Change-Id: I7d09f6f5f5d66ecbe29fd3969d586eb416c98589

This reverts commit ca352be75b.
Change-Id: I19e1cc491e2441ab8d1bd39d383dd2e09a5b7077

Further testing has revealed that cold migration still requires
SSH communication between hypervisors which requires SSH keys to
be distributed between hosts.
Change-Id: Ida18b057d68d4edf7ce6dd2a46ef990f34ad36e3

Change-Id: If4d036794cf8edb14e6b0ed491cf0de78f425b2c

Change-Id: If2279eba00d9a0da23464491167bb496901c47c0

Change-Id: I59a095d0d7d20063454fded5c8fbd2d40c633ebd

Change-Id: I63ac851ab8195a2eaaa6474d31af999f22584ca5

In order for AIO to pass against ironic role, we need to cover the case
when ironic_compute == nova_compute host. For that we use more
common condition and verifying virt_type which must be set for
Ironic.
Change-Id: I7540e4c6848bad80c368a1227b09437428fe64a2
Closes-Bug: #1952649 

- Implemented new variable ``connection_recycle_time`` responsible for SQLAlchemy's connection recycling
- Set new default values for db pooling variables which are inherited from the global ones.
Change-Id: Ibc876f2744c271e9c4ad797597c15af8d73867c1

This patch excludes ironic_compute hosts, which don't
run libvirtd, from the PKI/SSL certificate business.
Closes-Bug: #1952649
Change-Id: I57455b9f54f0a5ae0f1f8e1a424df930cd6bab48

Change-Id: I5761e63ca609a617abfafe8d870dc4dc0b9c8096

Since we still use ceph-ansible that has their own implementation of
config_template module it's worth to use mentioned module as a collection
explicitly.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819814
Change-Id: If8db876955572d0fc809414bf38370a9aac84a2e