[release-announce] kolla-ansible 13.0.0 (xena)

23 Nov 2021

We are stoked to announce the release of:
kolla-ansible 13.0.0: Ansible Deployment of Kolla containers
This release is part of the xena release series.
The source is available from:
https://opendev.org/openstack/kolla-ansible
Download the package from:
https://tarballs.openstack.org/kolla-ansible/
Please report issues through:
https://bugs.launchpad.net/kolla-ansible/+bugs
For more details, please see below.
13.0.0
^^^^^^
New Features
************
* Adds "manila_cephfs_filesystem_name" variable to support multi-fs
  Ceph Pacific+ deloyments.
Upgrade Notes
*************
* "enable_host_ntp" variable is dropped per the deprecation process.
* The "wsrep-notify.sh" script has been removed (following
  deprecation in Wallaby).
Bug Fixes
*********
* Fixes an issue with multinode MariaDB deployments which could fail
  the playbook execution on WSREP check due to the new behaviour of
  Galera 4. LP#1947485.
* Fixes an issue with single node MariaDB deployments with HAProxy
  disabled. See bug 1947534 for details.
* Fixes the generation of "wsrep_cluster_address" in "galera.cnf"
  when "--limit" is used while deploying MariaDB nodes. LP#1947589
* Fixes an error in placement role which prevents to deploy the
  placement service when custom policy file is used. LP#1948835
* Fixes missing current Ansible version in the error message.
  LP#1948979
* Fix octavia role doesn't set the amphora network's gateway_ip
  LP#1949260
* Removes "fix_cephfs_owner.yaml" which related to pre-wallaby
  Manila's use of subfolders. Post-wallaby Manila now uses cephfs
  volumes instead, as such this file is no longer required. LP#1938285
  LP#1935784
* Removes use of "cephfs_enable_snapshots" in Manila config as this
  option was removed from Manila in the Wallaby release.
Changes in kolla-ansible 12.0.0..13.0.0
---------------------------------------
44c46fc80 The deprecated iscsi deploy interface has been removed since xena
f9b3709ba docs: Get release name dynamically
c32eecf34 docs: Parameterize kolla-ansible version and branch
768b62a8f Stop creating unused cron/logrotate directory
543096c93 docs: Fix python-openstackclient package name and init-runonce path
7659f1e32 Fix octavia doesn't set subnet gateway_ip
06218e264 mariadb: use add_host to include inactive hosts in shard grouping
3aa42733a Fix broken deploy of placement service
e219faec8 Fix missing Ansible version in the error message
150e2fc98 Revert "Do not load br_netfilter"
152cd21a4 Drop enable_host_ntp
2d69bdc8a docs: Improve info about neutron external interface
0ad69fc5b Use Xena images
70087813c mariadb: Remove wsrep-notify.sh
45b0b87f8 Update Manila deploy steps for Wallaby
be6fd7b7d [mariadb] Start new nodes serially
9842b3296 Update TOX_CONSTRAINTS_FILE for stable/xena
c0d5c66b0 Update .gitreview for stable/xena
f9204267e Tidy up renos before Xena release
37e4dba87 Add support for Ironic inspection through DHCP-relay
78260f98e Correctly create the dhcp_agent.ini and l3_agent.ini
2455a95f3 Trivial but necessary fix - loadbalancer weight
f1cbff6b7 Trivial fix shebang in keystone's fernet-node-sync.sh.j2
c7c14e1c4 Fix privileges for MariaDB 10.5
62b90af55 Docs: Update to opendev.org domain
0df36ce1e Debian: apt-transport-https is transitional package
d5aa73c4a Add missing CloudKitty documentation.
4f78c696c Do not become root when searching for custom prometheus alert rules files
15259002b Do not load br_netfilter
1d0171fc7 monasca: change default of monasca_ntp_server
3b22d334d CI: monasca: ignore exited monasca_thresh container
1f71df1a8 Remove chrony role from kolla
9ef6bb2d9 [CI] Stop adding the DROP workaround
8c5012e94 Add support for Ceph RadosGW integration
393dfbf65 docs: ceph: add copy-on-write for Glance
66c84843e Deploy source type images by default
1bfed045c Do not set net.ipv4.ip_forward sysctl
2e933dceb Transition Keystone admin user to system scope
2c6bc0bd1 Do not create haproxy and swift log dirs needlessly
7c2b4bead Add way to change weight of haproxy backend per service
1b650534c Bump up Ansible max supported ver to 4.x
4ff65b766 Use friendly target names in Prometheus
0e720b382 Add check and diff options to kolla-ansible
6dc8b5639 Use mariadb_tag as default for all mariadb tags
2cf9ae2cf Do not enable mariadb-clustercheck when not needed
0d9477de3 Switch default images source to quay.io
f0241f807 Remove haproxy,keepalived groups
ae69994db use ironic user in ironic_neutron_agent.ini file
72e067398 Fix neutron upgrade using host limit without controllers
c7bec2f30 [CI] Fix upgrade with kolla-build
02e07a086 CI: Temporarily enable insecure registry
21b4dc541 Zun: Temporarily skip capsule test for ubuntu
24e6a6ced toolbox: Allow different users logging to ansible.log
11d7233cc Bump libvirtd memlock ulimit
d9e0ca5b3 reno: follow up
24e48d4da [tox] Add docs-iterative command
4e473a784 [tox] Optimise docs actions
daf534b4e [CI] Test instance health after upgrade
34c49b9db Restore libvirtd cgroupfs mount
d8641e90c docs: Add placeholder page for CI & testing information
d9a375895 Add kolla-ansible gather-facts command
ca6fc69ee docs: adding and removing host: add --all-projects option
3c68e8258 Fix Masakari in multi-region deploys
802f7c621 Never make Docker registry insecure by default
ffd53512a Rename role haproxy to loadbalancer
cbb567cb8 Add ability to retry image pulling
16a4a9e5a Remove an unused file
0858d5487 Fix haproxy precheck when kolla_externally_managed_cert is used
90fd9152a Use Docker healthchecks for keystone-fernet container
839ec629b tools: use /usr/bin/env bash instead of /bin/bash
2b599bdb8 Use Docker healthchecks for nova-spicehtml5proxy service
b7e85d528 [CI] Test Swift upgrades
f8e3e169c Allow override of rabbitmq config in kolla toolbox
13200ace3 Fix kolla-toolbox with IPv6 and disabled RabbitMQ
b6d9cf768 [CI] Fix Debian upgrade
d56dc3403 Validate if running CentOS OS is CentOS Stream
85879afc0 Trivial fix nova's healthchecks
bcfebaf87 Use api-paste.ini from /etc/neutron
9ff2ecb03 Refactor and optimise image pulling
46df30d87 ironic: Follow up for ironic_enable_keystone_integration
b692ce7af Support monitoring Fluentd with Prometheus
bd3ad904d CI: stop setting ceph_nova_user
a08aaf7d8 Fix release note for ansible_facts
2c786a0fa neutron: fix neutron-server config.json with VMware
d15d94300 Remove unused imports in merge_yaml
da4fd2d6a Extra var ironic_enable_keystone_integration added.
30e0eae8b Remove deprecated Designate option
7f98238b6 Elevated privileges required to set owner/group/mode by ansible
0d79d25fe Remove support for Prometheus v1
6ac4638cf Trivial fix horizon's healthcheck when SSL turned on
281c9935d Do not run timesync checks on deployment host
c281a018c Fix freezed spice console in horizon
948e9ae70 watcher: add missing become for copying configs
6c72fa811 Support multiple inventories
d7cdad532 Use more RMQ flags for less busy wait
fca9be380 Delete haproxy_single_service_listen.cfg.j2 template
c3f9ba835 nova: Use cinder user for Ceph
004cb7540 [manila] Drop tenant_id templating from v2 endpoint
24d08142d Fix nova deployment failure when rabbitmq is disabled
24950b389 Fix incorrect config of linuxbridge multiple external networks
5cb080247 cyborg: add missing become for api-paste.ini
7dfbcc71c [CI] Slim down Masakari job
411668ea5 ironic: always enable conductor HTTP server
5e85fe2a0 Fix variable names in Octavia documentation
200e36da7 Fix deployment failure when kolla_dev_mod is enabled
aa28675ca Fix ironic_ipxe healthcheck on Debian/Ubuntu
2e4f51f67 manila: add glance section in manila-share.conf
cccae8a65 Fix typos in release note
220d4fbbc Fix typo in keystone role
c2ae21fd9 Reduce container metrics cardinality
54737cd13 baremetal: use docker_yum_gpgkey to fetch docker GPG key
f6c0474af Fix config action when OVN is enabled
526199846 Remove tempest role
c454761a4 Blazar: Fix support for external keystone in multiregion deploy
15f2fdcd5 Make setup module arguments configurable
9fffc7bc5 Add disable_firewall variable
f71646da1 Fix Masakari host monitor default config
6131b6856 Remove rally and panko again
6bf74aa20 Support storing passwords in Hashicorp Vault
6e1849589 CI: Avoid generating a nova key in cephadm scenario
a73e89f03 [CI] Do not set ansible_python_interpreter for Zuul
531604757 reno: fix typo
f3520bc1c Replace auth_uri with www_authenticate_uri
09d0409ed Allow user to set sysctl_net_ipv4_tcp_retries2
7eff49a5a CI: Don't generate certificates before upgrade
ade5bfa30 Use ansible_facts to reference facts
48f0957a1 magnum: Add CA certificate configuration for internal TLS
7da770d29 Add missing region_name in keystoneauth sections
3a7440b37 Fix host bootstrap pkg removal on Debian
0158221fd Drop support for Cinder ZFSSA backend
18a0af695 Do not set pid file for iscsid
640dbb03f Revert "Reduce container metrics cardinality"
1fc58e74d Fix up 'Persist nova libvirt secrets in a Docker volume'
38ca1431d Update previous_release to Wallaby
c6259158e Reduce container metrics cardinality
300910961 Remove rally deployment
286a03bad Drop /sys/fs/cgroup mounts
3f9662278 Reno follow up for docker_disable_ip_forward
ccf8cc5dc Remove support for panko
0fa4ee56e Disable docker's ip-forward when iptables disabled
085a30f75 [CI] Test bifrost on Ubuntu as well
682cff7bc Revert "cephadm: Set auth_allow_insecure_global_id_reclaim to true"
0cd5b027c Fix RabbitMQ restart ordering
5c19f9a5e Add forgotten 'Restart container' handler for swift
70f6f8e4c Reduce RabbitMQ busy waiting, lowering CPU load
e7ff199dc Robustify fluentd output tag matching
aea9bf355 monasca-thresh: Fix topology submission to storm
cccf4f777 [TrivialFix] Remove extra slash
46bd05250 baremetal: fix /etc/hosts generation when api_interface has dashes
dee9d22dc Add suppress_type_name to stop warnings with ES7
7f1248fee Fix parsing of infra.mariadb.xinetd logs
0c7ba86e0 Stop fluentd deprecation warnings of type vs @type
84ac7b309 chrony: allow to remove the container
e48d0a7fa [CI] Drop Zuul host groups
887bf6f1f Fix release note markup
278b63a0e docs: Update Freenode to OFTC
d60c5591c [CI] Move to Debian Bullseye
9a77fb1ca Add support for Debian Bullseye (11) as host distro
4d6a79d21 Add the ansible_managed header for admin-openrc.sh
95520df09 [docker] Add support for setting CgroupnsMode
a3caf8c3a Bump min Docker version
bb56861cc Use mariadb-server image for mariabackup
283b0dec6 fluentd: Fix check for external elasticsearch
21efaf3f4 CI: fix backups Ceph pool name
7d1af053b Remove [octavia]/base_url option from neutron.conf
13965f40c tox: Add find command to allowlist_externals list
1ea99147c CI: Use PATH to find kolla-ansible script
86ddc94ec Fix exit code with bogus command name
337771143 CI: Configure IP on a linux bridge instead of OVS br-ex
1da715802 linters: Mock additional variables in validate-all-file.py
bbc27b59f CI: add grafana to monasca image list
fca2c5fe0 [CI] Fix testing in cephadm scenario
c99841272 Make rabbitmq cluster_partition_handling configurable
6b61cbe6f Merge glance sections for nova.conf.j2
b053bd8ec baremetal: Install Docker SDK less than 5.0.0
9e9293c5c Indented two spaces to match the other things in this block
f184f9436 Mariadb shards documentation
bd496808c CI: Disable amphora in OVN jobs
e8c4b2e1b [CI] Log dbus services
e83b5869a CI: Wait for NTP synced status in systemd
bc9617919 baremetal: Don't start Docker after install on Debian/Ubuntu
d43642ac3 Trivial if conditional fix in keystone.json
6230971b9 gnocchi: fix external ceph integration when gnocchi-statsd is disabled
f295b1a05 docs: update supported OS distros
b300f7bc4 Disable Alertmanager's peer gossip in non-HA deployments
edc918313 CI: allow Elasticsearch status to be green or yellow
e92323600 Add ability to use the Neutron packet logging framework
fe6647747 Use @type instead of type
f94c7beab cleanup no longer needed task for cinder
41fe771bc Do not write octavia_amp_ssh_key if auto_config disabled
e5ab32afa octavia: Fix duplicate api_settings
aff99355d ovn: make DVR work on VLAN tenant networks
999b5cfb2 ovn: omit unnecessary bridge mappings
ec36eb016 CI: Fix nfv job with kolla dependency
b056f54c1 Deprecate tempest and rally
43ca9dad0 setup.cfg: Replace dashes with underscores
f3314eacd Redis configuration syntax update
0b132775e Fix neutron-ovn-metadata-agent with policy.yaml
c3afbd3c5 Check config when checking the containers
83f3422fb Deprecate enable_host_ntp
a967b9dd6 cephadm: Set auth_allow_insecure_global_id_reclaim to true
2b3284b3f Remove redundant Monasca Kafka client option
82cf40edf Remove Monasca Grafana service
8a1e9e984 Add Monasca Grafana deprecation notice
fc406d035 [doc] fix a typo
7e81e20e7 Skip setting rp_filter by default
d9b21cde9 Bump up python version for Debian Bullseye
f3da3d8e1 Avoid an Ansible quirk in hacluster role
51134fb31 Add Python3 xena unit tests
9cfd4f5d0 Update master for stable/wallaby
d01192c16 Extend support for custom Grafana dashboards
030a9a28d docs: Improve policy documentation
1ddef8597 Use Docker healthchecks for rabbitmq services
22a6765f5 Support editable installation in all cases
e548b5969 [CI] Save systemctl info
fbd80bcdc octavia: Ensure service auth project exists
3c1fd4409 Use Docker healthchecks for memcached services
561be6de3 Use Docker healthchecks for mistral services
db1bc8fc7 docs: Add note about internal VIP when HAProxy is disabled
adf492bd9 cinder: fix condition to copy backend TLS certs
aa9ac3320 Add global tag variables for Panko and Skydive
268f0e4c9 Disable usage collection in Kibana
5a6cafa21 Add Alertmanger metric target(s)
25c33f9c9 Make it possible to override automatic fluentd version detection
2d82920d8 Update blazar.conf template
48cd90a8d Use Docker healthchecks for ceilometer services
d3e91045f Use Docker healthchecks for qdrouterd services
2db0a2a62 Use Docker healthchecks for kuryr services
04b970ca0 Use Docker healthchecks for zun services
72df931b5 Use Docker healthchecks for kafka services
106644e49 docs: add code reviews to contributor guide
99db669fb CI: Reduce neutron RPC service workers to 1
21ccae12f chronyd crash loop if Debian server is rebooted
2c833baa5 CI: only run cells job on changes to nova role
90435f6a9 Add a ovsdb_timeout variable for better configuration
1c63eb20d Persist nova libvirt secrets in a Docker volume
ce012bcb0 Fix "Restart mariadb-clustercheck container" during config gen
Diffstat (except docs and test files)
-------------------------------------
.gitreview                                         |   2 +-
README.rst                                         |   3 -
ansible/action_plugins/merge_yaml.py               |   7 -
ansible/chrony-cleanup.yml                         |  31 +++-
ansible/gather-facts.yml                           |  13 +-
ansible/group_vars/all.yml                         |  77 +++++----
ansible/inventory/all-in-one                       |  28 +--
ansible/inventory/multinode                        |  28 +--
ansible/library/kolla_docker.py                    |  44 ++++-
ansible/library/kolla_toolbox.py                   |   8 +-
ansible/post-deploy.yml                            |   4 +-
ansible/roles/aodh/defaults/main.yml               |   8 +-
ansible/roles/aodh/tasks/pull.yml                  |  12 +-
ansible/roles/aodh/templates/aodh.conf.j2          |   1 +
ansible/roles/barbican/defaults/main.yml           |   6 +-
ansible/roles/barbican/tasks/check.yml             |   6 +-
ansible/roles/barbican/tasks/pull.yml              |  12 +-
ansible/roles/barbican/templates/barbican.conf.j2  |   1 +
ansible/roles/baremetal/defaults/main.yml          |  19 +--
ansible/roles/baremetal/tasks/install.yml          |  72 ++++----
ansible/roles/baremetal/tasks/post-install.yml     |  74 +-------
ansible/roles/baremetal/tasks/pre-install.yml      |  17 +-
ansible/roles/blazar/defaults/main.yml             |   4 +-
ansible/roles/blazar/tasks/pull.yml                |  12 +-
ansible/roles/blazar/templates/blazar.conf.j2      |   3 +-
ansible/roles/ceilometer/defaults/main.yml         |  64 ++++++-
ansible/roles/ceilometer/handlers/main.yml         |   4 +
.../roles/ceilometer/tasks/check-containers.yml    |   1 +
ansible/roles/ceilometer/tasks/config.yml          |  23 ---
ansible/roles/ceilometer/tasks/pull.yml            |  12 +-
.../templates/ceilometer-notification.json.j2      |   9 +-
.../ceilometer/templates/event_pipeline.yaml.j2    |   3 -
ansible/roles/ceph-rgw/defaults/main.yml           |  92 ++++++++++
ansible/roles/{chrony => ceph-rgw}/tasks/check.yml |   0
.../tasks/check.yml => ceph-rgw/tasks/config.yml}  |   0
.../tasks/deploy-containers.yml}                   |   0
ansible/roles/ceph-rgw/tasks/deploy.yml            |   2 +
.../{panko => ceph-rgw}/tasks/loadbalancer.yml     |   4 +-
ansible/roles/{panko => ceph-rgw}/tasks/main.yml   |   0
ansible/roles/ceph-rgw/tasks/precheck.yml          |  10 ++
.../tasks/check.yml => ceph-rgw/tasks/pull.yml}    |   0
.../{chrony => ceph-rgw}/tasks/reconfigure.yml     |   0
ansible/roles/ceph-rgw/tasks/register.yml          |   9 +
.../tasks/check.yml => ceph-rgw/tasks/stop.yml}    |   0
ansible/roles/ceph-rgw/tasks/upgrade.yml           |   1 +
ansible/roles/chrony/defaults/main.yml             |  31 ----
ansible/roles/chrony/handlers/main.yml             |  16 --
ansible/roles/chrony/tasks/check-containers.yml    |  17 --
ansible/roles/chrony/tasks/cleanup.yml             |  12 --
ansible/roles/chrony/tasks/config.yml              |  53 ------
ansible/roles/chrony/tasks/deploy.yml              |   7 -
ansible/roles/chrony/tasks/main.yml                |   7 -
ansible/roles/chrony/tasks/precheck.yml            |   9 -
ansible/roles/chrony/tasks/pull.yml                |  11 --
ansible/roles/chrony/templates/chrony.conf.j2      |  47 ------
ansible/roles/chrony/templates/chrony.json.j2      |  23 ---
ansible/roles/cinder/defaults/main.yml             |  22 +--
ansible/roles/cinder/tasks/precheck.yml            |   1 -
ansible/roles/cinder/tasks/pull.yml                |  12 +-
ansible/roles/cinder/tasks/upgrade.yml             |  16 --
ansible/roles/cinder/templates/cinder.conf.j2      |  15 +-
ansible/roles/cloudkitty/defaults/main.yml         |   4 +-
ansible/roles/cloudkitty/tasks/pull.yml            |  12 +-
ansible/roles/collectd/defaults/main.yml           |   2 +-
ansible/roles/collectd/tasks/pull.yml              |  12 +-
ansible/roles/common/defaults/main.yml             |  10 +-
ansible/roles/common/tasks/config.yml              |  76 +++++----
ansible/roles/common/tasks/inspect.yml             |   6 -
ansible/roles/common/tasks/pull.yml                |  11 +-
.../templates/conf/filter/01-rewrite-0.12.conf.j2  |   3 +-
.../templates/conf/filter/01-rewrite-0.14.conf.j2  |   7 +-
.../templates/conf/input/03-rabbitmq.conf.j2       |   2 +-
.../templates/conf/input/08-prometheus.conf.j2     |  14 ++
.../common/templates/conf/output/00-local.conf.j2  |   8 +
.../common/templates/conf/output/01-es.conf.j2     |   3 +-
.../templates/conf/output/02-monasca.conf.j2       |   2 +-
.../common/templates/cron-logrotate-chrony.conf.j2 |   3 -
.../common/templates/cron-logrotate-panko.conf.j2  |   3 -
.../common/templates/cron-logrotate-rally.conf.j2  |   3 -
.../templates/cron-logrotate-tempest.conf.j2       |   3 -
ansible/roles/common/templates/erl_inetrc.j2       |   3 +
ansible/roles/common/templates/fluentd.json.j2     |   4 +
.../roles/common/templates/kolla-toolbox.json.j2   |   5 +-
.../roles/common/templates/rabbitmq-env.conf.j2    |   2 +
ansible/roles/cyborg/defaults/main.yml             |   6 +-
ansible/roles/cyborg/tasks/config.yml              |   1 +
ansible/roles/cyborg/tasks/pull.yml                |  12 +-
ansible/roles/cyborg/templates/cyborg.conf.j2      |   3 +-
ansible/roles/designate/defaults/main.yml          |  14 +-
ansible/roles/designate/tasks/pull.yml             |  12 +-
.../roles/designate/templates/designate.conf.j2    |   2 +-
ansible/roles/elasticsearch/defaults/main.yml      |   4 +-
ansible/roles/elasticsearch/tasks/pull.yml         |  12 +-
ansible/roles/etcd/defaults/main.yml               |   6 +-
ansible/roles/etcd/tasks/pull.yml                  |  12 +-
ansible/roles/freezer/defaults/main.yml            |   4 +-
ansible/roles/freezer/tasks/pull.yml               |  12 +-
ansible/roles/freezer/templates/freezer.conf.j2    |   5 +-
ansible/roles/glance/defaults/main.yml             |   8 +-
ansible/roles/glance/tasks/pull.yml                |  12 +-
ansible/roles/glance/templates/glance-api.conf.j2  |   1 +
ansible/roles/gnocchi/defaults/main.yml            |   6 +-
ansible/roles/gnocchi/tasks/external_ceph.yml      |  37 ++--
ansible/roles/gnocchi/tasks/pull.yml               |  12 +-
ansible/roles/gnocchi/templates/gnocchi.conf.j2    |   1 +
ansible/roles/grafana/defaults/main.yml            |   2 +-
ansible/roles/grafana/tasks/config.yml             |  20 +--
ansible/roles/grafana/tasks/pull.yml               |   9 +-
ansible/roles/grafana/tasks/upgrade.yml            |   5 -
.../roles/hacluster/tasks/bootstrap_service.yml    |   8 +-
ansible/roles/hacluster/tasks/pull.yml             |  12 +-
.../hacluster/templates/hacluster_corosync.conf.j2 |   2 +-
ansible/roles/haproxy-config/defaults/main.yml     |   1 -
.../templates/haproxy_single_service_listen.cfg.j2 | 111 ------------
.../templates/haproxy_single_service_split.cfg.j2  |   9 +-
ansible/roles/haproxy/tasks/copy-certs.yml         |   6 -
ansible/roles/haproxy/tasks/deploy-containers.yml  |   2 -
ansible/roles/haproxy/tasks/main.yml               |   3 -
ansible/roles/haproxy/tasks/pull.yml               |  11 --
ansible/roles/haproxy/tasks/stop.yml               |   6 -
ansible/roles/haproxy/tasks/upgrade.yml            |   2 -
ansible/roles/heat/defaults/main.yml               |   8 +-
ansible/roles/heat/tasks/bootstrap_service.yml     |   3 +-
ansible/roles/heat/tasks/pull.yml                  |  12 +-
ansible/roles/heat/templates/heat.conf.j2          |   1 +
ansible/roles/horizon/defaults/main.yml            |   2 +-
ansible/roles/horizon/tasks/pull.yml               |  12 +-
ansible/roles/horizon/templates/horizon.conf.j2    |   7 +-
ansible/roles/influxdb/defaults/main.yml           |   2 +-
ansible/roles/influxdb/tasks/pull.yml              |   9 +-
ansible/roles/ironic/defaults/main.yml             |  19 ++-
ansible/roles/ironic/tasks/deploy.yml              |   2 +-
ansible/roles/ironic/tasks/pull.yml                |  12 +-
.../ironic/templates/ironic-inspector.conf.j2      |   6 +-
ansible/roles/ironic/templates/ironic.conf.j2      |  29 ++--
ansible/roles/iscsi/defaults/main.yml              |   4 +-
ansible/roles/iscsi/tasks/precheck.yml             |   2 +-
ansible/roles/iscsi/tasks/pull.yml                 |  12 +-
ansible/roles/kafka/defaults/main.yml              |  17 +-
ansible/roles/kafka/handlers/main.yml              |   1 +
ansible/roles/kafka/tasks/check-containers.yml     |   1 +
ansible/roles/kafka/tasks/pull.yml                 |  12 +-
ansible/roles/keystone/defaults/main.yml           |  20 ++-
ansible/roles/keystone/tasks/config.yml            |   1 +
ansible/roles/keystone/tasks/pull.yml              |  12 +-
ansible/roles/keystone/tasks/register.yml          |   2 +-
.../keystone/tasks/register_identity_providers.yml | 107 ++++++------
.../keystone/templates/fernet-healthcheck.sh.j2    |   6 +
.../keystone/templates/fernet-node-sync.sh.j2      |  32 ++--
ansible/roles/keystone/templates/fernet-push.sh.j2 |  16 ++
.../keystone/templates/keystone-fernet.json.j2     |   6 +
ansible/roles/kibana/defaults/main.yml             |   2 +-
ansible/roles/kibana/tasks/pull.yml                |  12 +-
ansible/roles/kibana/templates/kibana.yml.j2       |   1 +
ansible/roles/kuryr/defaults/main.yml              |  16 +-
ansible/roles/kuryr/handlers/main.yml              |   1 +
ansible/roles/kuryr/tasks/check-containers.yml     |   1 +
ansible/roles/kuryr/tasks/pull.yml                 |   8 +-
.../{haproxy => loadbalancer}/defaults/main.yml    |  16 +-
.../{haproxy => loadbalancer}/handlers/main.yml    |   8 +-
.../tasks/check-containers.yml                     |   4 +-
ansible/roles/loadbalancer/tasks/check.yml         |   1 +
.../tasks/config-host.yml                          |   7 +-
.../{haproxy => loadbalancer}/tasks/config.yml     |  28 +--
.../{panko => loadbalancer}/tasks/copy-certs.yml   |   2 +-
.../tasks/deploy-containers.yml                    |   0
.../{haproxy => loadbalancer}/tasks/deploy.yml     |   0
ansible/roles/loadbalancer/tasks/main.yml          |   3 +
.../{haproxy => loadbalancer}/tasks/precheck.yml   | 157 ++++++++---------
ansible/roles/loadbalancer/tasks/pull.yml          |   3 +
.../tasks/reconfigure.yml                          |   0
.../roles/{chrony => loadbalancer}/tasks/stop.yml  |   2 +-
.../{chrony => loadbalancer}/tasks/upgrade.yml     |   0
.../templates/haproxy}/haproxy.json.j2             |   0
.../templates/haproxy}/haproxy_main.cfg.j2         |   0
.../templates/haproxy}/haproxy_run.sh.j2           |   0
.../templates/keepalived}/keepalived.conf.j2       |   6 +-
.../templates/keepalived}/keepalived.json.j2       |   0
ansible/roles/magnum/defaults/main.yml             |   4 +-
ansible/roles/magnum/tasks/pull.yml                |  12 +-
ansible/roles/magnum/templates/magnum.conf.j2      |  10 ++
ansible/roles/manila/defaults/main.yml             |  21 ++-
ansible/roles/manila/tasks/deploy.yml              |   5 -
ansible/roles/manila/tasks/fix_cephfs_owner.yml    |  85 ----------
ansible/roles/manila/tasks/pull.yml                |  12 +-
.../roles/manila/templates/manila-share.conf.j2    |  22 ++-
ansible/roles/manila/templates/manila.conf.j2      |   1 +
ansible/roles/mariadb/defaults/main.yml            |  19 +--
ansible/roles/mariadb/handlers/main.yml            |   6 +
ansible/roles/mariadb/tasks/config.yml             |  20 ---
ansible/roles/mariadb/tasks/main.yml               |   6 +-
ansible/roles/mariadb/tasks/pull.yml               |  12 +-
ansible/roles/mariadb/tasks/register.yml           |   2 +-
ansible/roles/mariadb/templates/galera.cnf.j2      |   7 +-
ansible/roles/mariadb/templates/mariadb.json.j2    |   8 +-
ansible/roles/mariadb/templates/wsrep-notify.sh.j2 |  79 ---------
ansible/roles/masakari/defaults/main.yml           |   6 +-
ansible/roles/masakari/tasks/clone.yml             |   8 +-
ansible/roles/masakari/tasks/pull.yml              |  12 +-
.../masakari/templates/masakari-monitors.conf.j2   |   6 +
ansible/roles/masakari/templates/masakari.conf.j2  |   1 +
ansible/roles/memcached/defaults/main.yml          |  18 +-
ansible/roles/memcached/handlers/main.yml          |   1 +
ansible/roles/memcached/tasks/check-containers.yml |   1 +
ansible/roles/memcached/tasks/pull.yml             |  13 +-
ansible/roles/mistral/defaults/main.yml            |  64 ++++++-
ansible/roles/mistral/handlers/main.yml            |   4 +
ansible/roles/mistral/tasks/check-containers.yml   |   2 +-
ansible/roles/mistral/tasks/pull.yml               |  12 +-
ansible/roles/mistral/templates/mistral.conf.j2    |   1 +
ansible/roles/monasca/defaults/main.yml            |  25 +--
ansible/roles/monasca/handlers/main.yml            |  33 +++-
ansible/roles/monasca/tasks/check-containers.yml   |   1 +
ansible/roles/monasca/tasks/config.yml             |   4 +-
ansible/roles/monasca/tasks/pull.yml               |  12 +-
ansible/roles/monasca/tasks/upgrade.yml            |  13 ++
.../monasca-agent-collector/agent-collector.yml.j2 |   2 +-
.../monasca-agent-forwarder/agent-forwarder.yml.j2 |   2 +-
.../monasca-agent-statsd/agent-statsd.yml.j2       |   2 +-
.../monasca/templates/monasca-api/api.conf.j2      |   4 +-
.../monasca-notification/notification.conf.j2      |   3 -
.../templates/monasca-persister/persister.conf.j2  |   5 -
.../monasca-thresh/monasca-thresh.json.j2          |   2 +-
.../monasca/templates/monasca-thresh/storm.yml.j2  |   8 -
ansible/roles/multipathd/defaults/main.yml         |   2 +-
ansible/roles/multipathd/tasks/pull.yml            |  12 +-
ansible/roles/murano/defaults/main.yml             |   4 +-
.../roles/murano/tasks/import_library_packages.yml |  16 +-
ansible/roles/murano/tasks/pull.yml                |  12 +-
ansible/roles/murano/templates/murano.conf.j2      |   3 +
ansible/roles/neutron/defaults/main.yml            |  34 ++--
ansible/roles/neutron/tasks/config-host.yml        |   1 -
ansible/roles/neutron/tasks/pull.yml               |  12 +-
ansible/roles/neutron/tasks/rolling_upgrade.yml    |   2 +-
ansible/roles/neutron/templates/dhcp_agent.ini.j2  |   3 +
.../neutron/templates/ironic_neutron_agent.ini.j2  |   6 +-
ansible/roles/neutron/templates/l3_agent.ini.j2    |   3 +
.../neutron/templates/linuxbridge_agent.ini.j2     |   4 +-
ansible/roles/neutron/templates/ml2_conf.ini.j2    |   2 +-
.../roles/neutron/templates/neutron-server.json.j2 |   2 +-
ansible/roles/neutron/templates/neutron.conf.j2    |   7 +-
.../templates/neutron_ovn_metadata_agent.ini.j2    |   3 +-
.../neutron/templates/openvswitch_agent.ini.j2     |   1 +
ansible/roles/nova-cell/defaults/main.yml          |  57 +++++--
ansible/roles/nova-cell/tasks/config-host.yml      |   2 +-
.../roles/nova-cell/tasks/discover_computes.yml    |  19 +--
ansible/roles/nova-cell/tasks/loadbalancer.yml     |   4 +
ansible/roles/nova-cell/tasks/pull.yml             |  12 +-
ansible/roles/nova-cell/tasks/rabbitmq.yml         |   4 +-
ansible/roles/nova-cell/tasks/reload.yml           |   1 +
.../roles/nova-cell/templates/nova-libvirt.json.j2 |   3 +-
ansible/roles/nova-cell/templates/nova.conf.j2     |   4 +-
ansible/roles/nova/defaults/main.yml               |   8 +-
ansible/roles/nova/tasks/pull.yml                  |  12 +-
ansible/roles/nova/tasks/reload_api.yml            |   1 +
.../roles/nova/tasks/reload_super_conductor.yml    |   1 +
ansible/roles/nova/templates/nova.conf.j2          |   1 +
ansible/roles/octavia/defaults/main.yml            |  10 +-
ansible/roles/octavia/tasks/hm-interface.yml       |   6 +-
ansible/roles/octavia/tasks/openrc.yml             |   4 +-
ansible/roles/octavia/tasks/prepare.yml            |   2 +-
ansible/roles/octavia/tasks/pull.yml               |  12 +-
ansible/roles/octavia/templates/octavia.conf.j2    |   1 +
ansible/roles/openvswitch/defaults/main.yml        |   6 +-
ansible/roles/openvswitch/tasks/pull.yml           |  12 +-
ansible/roles/ovn/handlers/main.yml                |   4 +
ansible/roles/ovn/tasks/pull.yml                   |  12 +-
ansible/roles/ovs-dpdk/defaults/main.yml           |   6 +-
ansible/roles/ovs-dpdk/tasks/config.yml            |   1 +
ansible/roles/ovs-dpdk/tasks/pull.yml              |  12 +-
ansible/roles/panko/defaults/main.yml              |  77 ---------
ansible/roles/panko/handlers/main.yml              |  15 --
ansible/roles/panko/tasks/bootstrap.yml            |  36 ----
ansible/roles/panko/tasks/bootstrap_service.yml    |  20 ---
ansible/roles/panko/tasks/check-containers.yml     |  16 --
ansible/roles/panko/tasks/config.yml               |  97 -----------
ansible/roles/panko/tasks/deploy-containers.yml    |   2 -
ansible/roles/panko/tasks/deploy.yml               |  11 --
ansible/roles/panko/tasks/precheck.yml             |  24 ---
ansible/roles/panko/tasks/pull.yml                 |   8 -
ansible/roles/panko/tasks/reconfigure.yml          |   2 -
ansible/roles/panko/tasks/register.yml             |   7 -
ansible/roles/panko/tasks/stop.yml                 |   6 -
ansible/roles/panko/tasks/upgrade.yml              |   9 -
ansible/roles/panko/templates/panko-api.json.j2    |  32 ----
ansible/roles/panko/templates/panko.conf.j2        |  37 ----
ansible/roles/panko/templates/wsgi-panko.conf.j2   |  36 ----
ansible/roles/placement/defaults/main.yml          |   2 +-
ansible/roles/placement/tasks/config.yml           |   2 +-
ansible/roles/placement/tasks/pull.yml             |  12 +-
.../roles/placement/templates/placement.conf.j2    |   1 +
ansible/roles/prechecks/tasks/database_checks.yml  |   2 +-
ansible/roles/prechecks/tasks/datetime_checks.yml  |   2 +-
ansible/roles/prechecks/tasks/host_os_checks.yml   |  31 +++-
ansible/roles/prechecks/tasks/inventory_checks.yml |  11 ++
ansible/roles/prechecks/tasks/main.yml             |   4 +-
ansible/roles/prechecks/tasks/package_checks.yml   |   2 +-
ansible/roles/prechecks/tasks/port_checks.yml      |   4 +-
ansible/roles/prechecks/tasks/timesync_checks.yml  |   9 +-
ansible/roles/prechecks/vars/main.yml              |  11 +-
ansible/roles/prometheus/defaults/main.yml         |  34 ++--
ansible/roles/prometheus/tasks/bootstrap.yml       |   2 +-
ansible/roles/prometheus/tasks/config.yml          |   1 -
ansible/roles/prometheus/tasks/pull.yml            |  12 +-
.../templates/prometheus-cadvisor.json.j2          |   2 +-
.../prometheus/templates/prometheus-server.json.j2 |   4 -
.../roles/prometheus/templates/prometheus.yml.j2   |  84 +++++++--
ansible/roles/qdrouterd/defaults/main.yml          |  17 +-
ansible/roles/qdrouterd/handlers/main.yml          |   1 +
ansible/roles/qdrouterd/tasks/check-containers.yml |   1 +
ansible/roles/qdrouterd/tasks/precheck.yml         |   2 +-
ansible/roles/qdrouterd/tasks/pull.yml             |  12 +-
ansible/roles/rabbitmq/defaults/main.yml           |  22 ++-
ansible/roles/rabbitmq/tasks/check-containers.yml  |   1 +
ansible/roles/rabbitmq/tasks/precheck.yml          |   4 +-
ansible/roles/rabbitmq/tasks/pull.yml              |  12 +-
ansible/roles/rabbitmq/tasks/restart_services.yml  |   1 +
.../roles/rabbitmq/templates/rabbitmq-env.conf.j2  |   2 +-
ansible/roles/rabbitmq/templates/rabbitmq.conf.j2  |   5 +-
ansible/roles/rally/defaults/main.yml              |  36 ----
ansible/roles/rally/handlers/main.yml              |  15 --
ansible/roles/rally/tasks/bootstrap.yml            |  36 ----
ansible/roles/rally/tasks/bootstrap_service.yml    |  20 ---
ansible/roles/rally/tasks/check-containers.yml     |  16 --
ansible/roles/rally/tasks/config.yml               |  80 ---------
ansible/roles/rally/tasks/copy-certs.yml           |   6 -
ansible/roles/rally/tasks/deploy-containers.yml    |   2 -
ansible/roles/rally/tasks/deploy.yml               |   9 -
ansible/roles/rally/tasks/main.yml                 |   7 -
ansible/roles/rally/tasks/precheck.yml             |   6 -
ansible/roles/rally/tasks/pull.yml                 |  11 --
ansible/roles/rally/tasks/reconfigure.yml          |   2 -
ansible/roles/rally/tasks/stop.yml                 |   6 -
ansible/roles/rally/tasks/upgrade.yml              |   9 -
ansible/roles/rally/templates/rally.conf.j2        |  16 --
ansible/roles/rally/templates/rally.json.j2        |  24 ---
ansible/roles/redis/defaults/main.yml              |   4 +-
ansible/roles/redis/tasks/pull.yml                 |  12 +-
ansible/roles/sahara/defaults/main.yml             |   4 +-
ansible/roles/sahara/tasks/pull.yml                |  12 +-
ansible/roles/sahara/templates/sahara.conf.j2      |   1 +
ansible/roles/senlin/defaults/main.yml             |   8 +-
ansible/roles/senlin/tasks/pull.yml                |  12 +-
ansible/roles/senlin/templates/senlin.conf.j2      |   1 +
.../roles/service-images-pull/defaults/main.yml    |   7 +
ansible/roles/service-images-pull/tasks/main.yml   |  16 ++
ansible/roles/skydive/defaults/main.yml            |  12 +-
ansible/roles/skydive/tasks/pull.yml               |  12 +-
.../roles/skydive/templates/skydive-agent.conf.j2  |   3 +-
.../skydive/templates/skydive-analyzer.conf.j2     |   3 +-
ansible/roles/solum/defaults/main.yml              |   8 +-
ansible/roles/solum/tasks/pull.yml                 |  12 +-
ansible/roles/solum/templates/solum.conf.j2        |   3 +-
ansible/roles/storm/defaults/main.yml              |   4 +-
ansible/roles/storm/tasks/pull.yml                 |  12 +-
ansible/roles/swift/defaults/main.yml              |   6 +
ansible/roles/swift/tasks/pull.yml                 |  24 +++
ansible/roles/tacker/defaults/main.yml             |   6 +-
ansible/roles/tacker/tasks/pull.yml                |  12 +-
ansible/roles/tacker/templates/tacker.conf.j2      |   1 +
ansible/roles/telegraf/defaults/main.yml           |   2 +-
ansible/roles/telegraf/tasks/pull.yml              |  12 +-
ansible/roles/telegraf/templates/telegraf.conf.j2  |   6 +-
ansible/roles/tempest/defaults/main.yml            |   2 +-
ansible/roles/tempest/handlers/main.yml            |  15 --
ansible/roles/tempest/tasks/check-containers.yml   |  16 --
ansible/roles/tempest/tasks/config.yml             |  47 ------
ansible/roles/tempest/tasks/copy-certs.yml         |   6 -
ansible/roles/tempest/tasks/deploy-containers.yml  |   2 -
ansible/roles/tempest/tasks/deploy.yml             |   7 -
ansible/roles/tempest/tasks/main.yml               |   7 -
ansible/roles/tempest/tasks/precheck.yml           |   6 -
ansible/roles/tempest/tasks/pull.yml               |  11 --
ansible/roles/tempest/tasks/reconfigure.yml        |   2 -
ansible/roles/tempest/tasks/stop.yml               |   6 -
ansible/roles/tempest/tasks/upgrade.yml            |   7 -
ansible/roles/tempest/templates/tempest.conf.j2    |  69 --------
ansible/roles/tempest/templates/tempest.json.j2    |  11 --
ansible/roles/trove/defaults/main.yml              |   6 +-
ansible/roles/trove/tasks/pull.yml                 |  12 +-
ansible/roles/trove/templates/trove.conf.j2        |   1 +
ansible/roles/vitrage/defaults/main.yml            |  10 +-
ansible/roles/vitrage/tasks/pull.yml               |  12 +-
ansible/roles/vitrage/templates/vitrage.conf.j2    |   3 +-
ansible/roles/vmtp/defaults/main.yml               |   2 +-
ansible/roles/vmtp/tasks/pull.yml                  |  12 +-
ansible/roles/watcher/defaults/main.yml            |   6 +-
ansible/roles/watcher/tasks/config.yml             |   3 +
ansible/roles/watcher/tasks/pull.yml               |  12 +-
ansible/roles/watcher/templates/watcher.conf.j2    |   1 +
ansible/roles/zookeeper/defaults/main.yml          |   2 +-
ansible/roles/zookeeper/tasks/pull.yml             |  12 +-
ansible/roles/zookeeper/templates/myid.j2          |   2 +-
ansible/roles/zun/defaults/main.yml                |  64 ++++++-
ansible/roles/zun/handlers/main.yml                |   4 +
ansible/roles/zun/tasks/check-containers.yml       |   1 +
ansible/roles/zun/tasks/pull.yml                   |  12 +-
ansible/site.yml                                   |  89 +++-------
.../reference/databases/external-mariadb-guide.rst |   2 +-
.../bootstrap-servers.rst                          |  28 ++-
.../reference/high-availability/haproxy-guide.rst  |  64 +++++++
.../logging-and-monitoring/grafana-guide.rst       |   8 +-
.../logging-and-monitoring/monasca-guide.rst       |   2 +-
.../logging-and-monitoring/prometheus-guide.rst    |  24 +--
.../message-queues/external-rabbitmq-guide.rst     |  53 ++++++
.../reference/networking/neutron-extensions.rst    |  48 ++++++
.../reference/networking/provider-networks.rst     |  21 ---
.../reference/storage/external-ceph-guide.rst      | 105 +++++++++++-
etc/kolla/globals.yml                              |  75 ++++----
etc/kolla/passwords.yml                            |  15 +-
kolla_ansible/cmd/readpwd.py                       | 118 +++++++++++++
kolla_ansible/cmd/writepwd.py                      | 120 +++++++++++++
kolla_ansible/hashi_vault.py                       |  64 +++++++
kolla_ansible/kolla_address.py                     |   2 +-
.../add-alertmanager-metrics-a8d87b0793f2255a.yaml |   4 +
...port-for-fluentd-exporter-ca02ff9182039e3e.yaml |  10 ++
releasenotes/notes/ansible-4-171c8afddfc325e8.yaml |   5 +
.../notes/ansible-facts-4279741e84c03ce0.yaml      |  10 ++
.../notes/bug-1808805-3ebd9b0edceff170.yaml        |  13 ++
.../notes/bug-1837551-4237e2df8725ffc7.yaml        |  13 ++
.../notes/bug-1848775-b0625b7586adac96.yaml        |   8 +
.../notes/bug-1927880-cc407f18f415bbd2.yaml        |   6 +
.../notes/bug-1933025-1cb5d64d20d57be7.yaml        |   6 +
.../notes/bug-1933209-73e78353cb5c3266.yaml        |  11 ++
.../notes/bug-1933347-4031d94ef7decb3c.yaml        |   5 +
.../notes/bug-1933846-122a62e9724b638c.yaml        |   5 +
.../notes/bug-1934913-a8d436e3d0b950b4.yaml        |   6 +
.../notes/bug-1938549-e73042a61f0a5935.yaml        |  10 ++
.../notes/bug-1939291-bf2e405d286e4b07.yaml        |   6 +
.../notes/bug-1939679-a31bc2093a4c0000.yaml        |   5 +
.../notes/bug-1939883-dbfca874b138cfe9.yaml        |   6 +
.../notes/bug-1940547-771f6affb3547748.yaml        |  18 ++
.../notes/bug-1941706-a8f9e9544f1540e3.yaml        |  13 ++
.../notes/bug-1941940-c63265ea6ea2f594.yaml        |  11 ++
.../notes/bug-1942846-8b9edb99a7e7c24f.yaml        |   5 +
.../notes/bug-1944114-fa2a266c014c64a9.yaml        |   5 +
.../notes/bug-1945070-965635387a8581f9.yaml        |   6 +
.../notes/bug-1945453-c410cc090cb85feb.yaml        |  16 ++
.../notes/bug-1947485-d059864252fb1813.yaml        |   7 +
.../notes/bug-1947534-bf3b5ed19473015f.yaml        |   5 +
.../notes/bug-1947589-52e7a6fa5d82e7fa.yaml        |   6 +
.../notes/bug-1948835-51b15ddbef04d307.yaml        |   6 +
.../notes/bug-1948979-aaf2a93cc016ffb1.yaml        |   5 +
.../notes/bug-1949260-34d82ecd677dd8ff.yaml        |   5 +
releasenotes/notes/ceph-rgw-062e0544a004f7b1.yaml  |   4 +
...fault-migration-interface-3cdf30eed98553fd.yaml |   4 +-
.../notes/cli-exit-code-1e6278f803dbf8e2.yaml      |   6 +
.../notes/cyborg-become-8453d941af536e91.yaml      |   5 +
.../default-type-source-3fefd8baa3ca46ba.yaml      |   8 +
...signate-deprecated-option-66e90605e592c52a.yaml |   5 +
.../notes/disable-firewall-1e1955168c717cb5.yaml   |   6 +
.../disable-kibana-telemetry-46de5aaf2fc7c186.yaml |   5 +
.../drop-enable_host_ntp-ce6e60a46e7544ea.yaml     |   4 +
.../notes/drop-group-haproxy-6119957627811873.yaml |   5 +
.../notes/drop-zfssa-2708a8c0b0eb5f43.yaml         |   5 +
.../notes/enable-ipxe-cf461344bdb99881.yaml        |  10 ++
...g-to-die-after-VIP-switch-5f9e811783c36041.yaml |  13 ++
...eb-ironic-ipxe-heathcheck-2ae5fd0537c056ce.yaml |   6 +
.../notes/fix-gnocchi-statsd-a56c789a3da758a6.yaml |   5 +
...h-externally-managed-cert-1c5faa980aaf8949.yaml |   4 +
.../fix-magnum-tls-cacert-dd5ab5729391beb2.yaml    |   5 +
.../notes/fix-neutron-vmware-4a8804399d47d8d7.yaml |   5 +
.../fix_supress_type_warning-59f87fe62f83bd12.yaml |   5 +
.../gather-facts-command-7b62d2c3eb13ec8e.yaml     |   5 +
...-default-template-upgrade-c9b88d3385a5d257.yaml |   5 +
...xy-service-backend-weight-e4a908f732a37b42.yaml |  10 ++
.../notes/image-pull-retries-75490c3e6e1e4b54.yaml |   9 +
...ealthchecks-for-memcached-807b9036c3c92596.yaml |   6 +
...healthchecks-for-rabbitmq-a596f6b063026491.yaml |   6 +
...er-healthchecks-multiple2-a85e1cea3f8e4c23.yaml |   8 +
.../notes/kolla-ansible-diff-50de16722aa155dc.yaml |   5 +
.../notes/linux-bridge-multi-fe8576616fb7d373.yaml |   6 +
.../notes/manila-glance-4524ed1e9d488a60.yaml      |   5 +
.../notes/mariadb-tag-6f08b8d5874c9106.yaml        |   6 +
.../monasca-collector-ntp-6be55e5526438cfc.yaml    |   7 +
...user-auth-to-system-scope-900db3265861ebde.yaml |   8 +
...eutron-log-service-plugin-049ce93906386435.yaml |   5 +
.../notes/nova-ceph-user-53670f9ccc546225.yaml     |  16 ++
...fluentd-version-detection-3cb8b8a8ebc02d0a.yaml |   6 +
.../override-rmq-in-ktb-86c97926db67d3c9.yaml      |   5 +
.../persist-libvirt-secrets-6e07ab2914f40ad3.yaml  |   6 +
.../prometheus-target-names-94b17f58fa7c957a.yaml  |  13 ++
...duce-cadvisor-cardinality-1213854b9fe0c828.yaml |  19 +++
...educe-rabbit-busy-waiting-085433c822165eab.yaml |  13 ++
...nd-optimise-image-pulling-4346d3c0840ee640.yaml |   4 +
.../notes/remove-chrony-role-90f164df8090f916.yaml |   4 +
...t-dda787fca995b9b096a1446e2d2cf9dede37f358.yaml |   4 +
.../remove-prometheus-v1-8fa9c74c3dda568e.yaml     |   7 +
.../remove-rally-tempest-782ff3770e7e3dbb.yaml     |   6 +
.../remove-wsrep-notify-dbb5ef5f700b06b1.yaml      |   5 +
.../notes/setup-module-args-c29e1815bbbe8aca.yaml  |   8 +
...vault-for-kolla-passwords-76a5b4ece6a4df07.yaml |   7 +
.../support-manila-wallaby-2e29e866af0d6287.yaml   |  15 ++
...port-multiple-inventories-f0b694fa4e78bb8a.yaml |   5 +
.../switch-images-to-quay-d4640afca6862eee.yaml    |  11 ++
...nic-template-for-keystone-1ee5f80fda7a21a0.yaml |   7 +
releasenotes/source/index.rst                      |   1 +
releasenotes/source/wallaby.rst                    |   6 +
requirements.txt                                   |   3 +
roles/cephadm/defaults/main.yml                    |   3 +-
roles/cephadm/tasks/main.yml                       |  11 --
setup.cfg                                          |   2 +
test-requirements.txt                              |   2 +-
tools/cleanup-containers                           |   2 +-
tools/cleanup-host                                 |  16 +-
tools/cleanup-images                               |   2 +-
tools/diag                                         |   2 +-
tools/init-runonce                                 |   3 +-
tools/kolla-ansible                                |  45 +++--
tools/loc                                          |   2 +-
tools/ovs-dpdkctl.sh                               |   2 +-
tools/pre-commit-hook                              |   2 +-
tools/read_passwords.py                            |   1 +
tools/run-bashate.sh                               |   2 +-
tools/validate-all-file.py                         |   5 +-
tools/validate-all-yaml.sh                         |   2 +-
tools/validate-docker-execute.sh                   |   2 +-
tools/write_passwords.py                           |   1 +
tox.ini                                            |  36 ++--
zuul.d/base.yaml                                   |  30 +++-
zuul.d/jobs.yaml                                   |  38 ++++-
zuul.d/nodesets.yaml                               |  12 --
zuul.d/project.yaml                                |   8 +-
564 files changed, 4227 insertions(+), 3706 deletions(-)
Requirements updates
--------------------

diff --git a/requirements.txt b/requirements.txt
index d38c44e6f..e85f7744c 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -17,0 +18,3 @@ jmespath>=0.9.3 # MIT
+
+# Hashicorp Vault
+hvac>=0.10.1
diff --git a/test-requirements.txt b/test-requirements.txt
index 8b10965c0..ef84c6b8a 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -16 +16 @@ stestr>=2.0.0 # Apache-2.0
-ansible>=2.9.0,<3.0 # GPLv3
+ansible>=2.10.0,<5.0 # GPLv3

    

[release-announce] kolla-ansible 13.0.0 (xena)

no-reply＠openstack.org