Synchronise master with upstream

README.rst

@@ -64,7 +64,6 @@ Kolla Ansible deploys containers for the following OpenStack projects:
 - Skyline (`APIServer <https://docs.openstack.org/skyline-apiserver/latest/>`__ and `Console <https://docs.openstack.org/skyline-console/latest/>`__)
 - `Tacker <https://docs.openstack.org/tacker/latest/>`__
 - `Trove <https://docs.openstack.org/trove/latest/>`__
-- `Venus <https://docs.openstack.org/venus/latest/>`__
 - `Watcher <https://docs.openstack.org/watcher/latest/>`__
 - `Zun <https://docs.openstack.org/zun/latest/>`__
 

ansible/action_plugins/merge_configs.py

@@ -20,10 +20,21 @@
 
 from ansible import constants
 from ansible.plugins import action
+# TODO(dougszu): From Ansible 12 onwards we must explicitly trust templates.
+# Since this feature is not supported in previous releases, we define a
+# noop method here for backwards compatibility. This can be removed in the
+# G cycle.
+try:
+    from ansible.template import trust_as_template
+except ImportError:
+    def trust_as_template(template):
+        return template
+
 from io import StringIO
 
 from oslo_config import iniparser
 
+
 _ORPHAN_SECTION = 'TEMPORARY_ORPHAN_VARIABLE_SECTION'
 
 DOCUMENTATION = '''
@@ -150,7 +161,7 @@ def read_config(self, source, config):
         # Only use config if present
         if os.access(source, os.R_OK):
             with open(source, 'r') as f:
-                template_data = f.read()
+                template_data = trust_as_template(f.read())
 
             # set search path to mimic 'template' module behavior
             searchpath = [

ansible/action_plugins/merge_yaml.py

@@ -23,6 +23,16 @@
 from ansible import errors as ansible_errors
 from ansible.plugins import action
 
+# TODO(dougszu): From Ansible 12 onwards we must explicitly trust templates.
+# Since this feature is not supported in previous releases, we define a
+# noop method here for backwards compatibility. This can be removed in the
+# G cycle.
+try:
+    from ansible.template import trust_as_template
+except ImportError:
+    def trust_as_template(template):
+        return template
+
 DOCUMENTATION = '''
 ---
 module: merge_yaml
@@ -91,7 +101,7 @@ def read_config(self, source):
         # Only use config if present
         if source and os.access(source, os.R_OK):
             with open(source, 'r') as f:
-                template_data = f.read()
+                template_data = trust_as_template(f.read())
 
             # set search path to mimic 'template' module behavior
             searchpath = [

ansible/group_vars/all/common.yml

@@ -87,20 +87,13 @@ run_default_volumes_podman:
 
 run_default_volumes_docker: []
 
-run_default_subdirectories:
-  - '/run/netns'
-  - '/run/lock/nova'
-  - "/run/libvirt"
-  - "/run/nova"
-  - "/run/openvswitch"
-
 ####################
 # Dimensions options
 ####################
 # Dimension options for Docker Containers
 # NOTE(mnasiadka): Lower 1073741816 nofile limit on EL9 (RHEL9/CentOS Stream 9/Rocky Linux 9)
 #                  fixes at least rabbitmq and mariadb
-default_container_dimensions: "{{ default_container_dimensions_el9 if ansible_facts.os_family == 'RedHat' else '{}' }}"
+default_container_dimensions: "{{ default_container_dimensions_el9 if ansible_facts.os_family == 'RedHat' else {} }}"
 default_container_dimensions_el9: "{{ default_docker_dimensions_el9 if kolla_container_engine == 'docker' else default_podman_dimensions_el9 }}"
 default_docker_dimensions_el9:
   ulimits:

ansible/group_vars/all/horizon.yml

@@ -14,7 +14,6 @@ enable_horizon_neutron_vpnaas: "{{ enable_neutron_vpnaas | bool }}"
 enable_horizon_octavia: "{{ enable_octavia | bool }}"
 enable_horizon_tacker: "{{ enable_tacker | bool }}"
 enable_horizon_trove: "{{ enable_trove | bool }}"
-enable_horizon_venus: "{{ enable_venus | bool }}"
 enable_horizon_watcher: "{{ enable_watcher | bool }}"
 enable_horizon_zun: "{{ enable_zun | bool }}"
 

ansible/group_vars/all/neutron.yml

@@ -22,9 +22,7 @@ neutron_enable_ovn_agent: "no"
 
 neutron_keystone_user: "neutron"
 
-# Valid options are [ openvswitch, ovn, linuxbridge ]
-# Do note linuxbridge is *EXPERIMENTAL* in Neutron since Zed and it requires extra tweaks to config to be usable.
-# For details, see: https://docs.openstack.org/neutron/latest/admin/config-experimental-framework.html
+# Valid options are [ openvswitch, ovn ]
 neutron_plugin_agent: "openvswitch"
 
 # Valid options are [ internal, infoblox ]
@@ -51,9 +49,6 @@ computes_need_external_bridge: "{{ (enable_neutron_dvr | bool and neutron_comput
 # Default DNS resolvers for virtual networks
 neutron_dnsmasq_dns_servers: "1.1.1.1,8.8.8.8,8.8.4.4"
 
-# Set legacy iptables to allow kernels not supporting iptables-nft
-neutron_legacy_iptables: "no"
-
 # Enable distributed floating ip for OVN deployments
 neutron_ovn_distributed_fip: "no"
 

ansible/group_vars/all/openvswitch.yml

@@ -1,5 +1,5 @@
 ---
-enable_openvswitch: "{{ enable_neutron | bool and neutron_plugin_agent != 'linuxbridge' }}"
+enable_openvswitch: "{{ enable_neutron | bool }}"
 enable_ovs_dpdk: "no"
 
 ovs_datapath: "{{ 'netdev' if enable_ovs_dpdk | bool else 'system' }}"

ansible/inventory/all-in-one

@@ -165,9 +165,6 @@ control
 [blazar:children]
 control
 
-[venus:children]
-monitoring
-
 [letsencrypt:children]
 loadbalancer
 
@@ -590,12 +587,6 @@ ovn-database
 [ovn-sb-db-relay:children]
 ovn-database
 
-[venus-api:children]
-venus
-
-[venus-manager:children]
-venus
-
 [letsencrypt-webserver:children]
 letsencrypt
 

ansible/inventory/multinode

@@ -183,9 +183,6 @@ control
 [blazar:children]
 control
 
-[venus:children]
-monitoring
-
 [letsencrypt:children]
 loadbalancer
 
@@ -608,12 +605,6 @@ ovn-database
 [ovn-sb-db-relay:children]
 ovn-database
 
-[venus-api:children]
-venus
-
-[venus-manager:children]
-venus
-
 [letsencrypt-webserver:children]
 letsencrypt
 

ansible/module_utils/kolla_container_worker.py

@@ -410,7 +410,7 @@ def generate_volumes(self, binds=None):
         vol_dict = dict()
 
         for vol in volumes:
-            if len(vol) == 0:
+            if not vol:
                 continue
 
             if ':' not in vol:

ansible/module_utils/kolla_docker_worker.py

@@ -469,8 +469,11 @@ def create_volume(self, name=None):
                                   labels={'kolla_managed': 'true'})
 
     def create_container_volumes(self):
-        volumes = self.params.get("volumes", [])
-
+        volumes = self.params.get('volumes')
+        if not volumes:
+            return
+        # Filter out null / empty string volumes
+        volumes = [v for v in volumes if v]
         for volume in volumes:
             volume_name = volume.split(":")[0]
             if "/" in volume_name:

ansible/module_utils/kolla_podman_worker.py

@@ -85,7 +85,7 @@ def prepare_container_args(self):
         #  functionality is broken
         mounts = []
         filtered_volumes = {}
-        volumes = self.params.get('volumes', [])
+        volumes = self.params.get('volumes')
         if volumes:
             self.parse_volumes(volumes, mounts, filtered_volumes)
             # we can delete original volumes so it won't raise error later
@@ -149,10 +149,10 @@ def prepare_container_args(self):
     # Therefore, we must parse them and set the permissions ourselves
     # and send them to API separately.
     def parse_volumes(self, volumes, mounts, filtered_volumes):
-        # we can ignore empty strings
-        volumes = [item for item in volumes if item.strip()]
-
         for item in volumes:
+            if not item or not item.strip():
+                # we can ignore empty strings or null volumes
+                continue
             # if it starts with / it is bind not volume
             if item[0] == '/':
                 mode = None
@@ -642,7 +642,11 @@ def create_volume(self, name=None):
             self.result = vol.attrs
 
     def create_container_volumes(self):
-        volumes = self.params.get("volumes", []) or []
+        volumes = self.params.get('volumes')
+        if not volumes:
+            return
+        # Filter out null / empty string volumes
+        volumes = [v for v in volumes if v]
 
         for volume in volumes:
             volume_name = volume.split(":")[0]

ansible/roles/aodh/tasks/config.yml

@@ -26,7 +26,7 @@
     aodh_policy_file: "{{ aodh_policy.results.0.stat.path | basename }}"
     aodh_policy_file_path: "{{ aodh_policy.results.0.stat.path }}"
   when:
-    - aodh_policy.results
+    - aodh_policy.results | length > 0
 
 - name: Copying over existing policy file
   template:

ansible/roles/barbican/tasks/config.yml

@@ -40,7 +40,7 @@
     barbican_policy_file: "{{ barbican_policy.results.0.stat.path | basename }}"
     barbican_policy_file_path: "{{ barbican_policy.results.0.stat.path }}"
   when:
-    - barbican_policy.results
+    - barbican_policy.results | length > 0
 
 - include_tasks: copy-certs.yml
   when:

ansible/roles/blazar/tasks/config.yml

@@ -26,7 +26,7 @@
     blazar_policy_file: "{{ blazar_policy.results.0.stat.path | basename }}"
     blazar_policy_file_path: "{{ blazar_policy.results.0.stat.path }}"
   when:
-    - blazar_policy.results
+    - blazar_policy.results | length > 0
 
 - include_tasks: copy-certs.yml
   when:

ansible/roles/ceilometer/tasks/config.yml

@@ -155,7 +155,7 @@
     ceilometer_policy_file: "{{ ceilometer_policy.results.0.stat.path | basename }}"
     ceilometer_policy_file_path: "{{ ceilometer_policy.results.0.stat.path }}"
   when:
-    - ceilometer_policy.results
+    - ceilometer_policy.results | length > 0
 
 - include_tasks: copy-certs.yml
   when:

ansible/roles/cinder/tasks/config.yml

@@ -38,7 +38,7 @@
     cinder_policy_file: "{{ cinder_policy.results.0.stat.path | basename }}"
     cinder_policy_file_path: "{{ cinder_policy.results.0.stat.path }}"
   when:
-    - cinder_policy.results
+    - cinder_policy.results | length > 0
 
 - include_tasks: copy-certs.yml
   when:

ansible/roles/cloudkitty/tasks/config.yml

@@ -26,7 +26,7 @@
     cloudkitty_policy_file: "{{ cloudkitty_policy.results.0.stat.path | basename }}"
     cloudkitty_policy_file_path: "{{ cloudkitty_policy.results.0.stat.path }}"
   when:
-    - cloudkitty_policy.results
+    - cloudkitty_policy.results | length > 0
 
 - name: Check if custom {{ cloudkitty_custom_metrics_yaml_file }} exists
   stat:

ansible/roles/common/tasks/config.yml

@@ -21,24 +21,6 @@
   when:
     - common_copy_certs | bool
 
-- name: Copying over /run subdirectories conf
-  become: true
-  template:
-    src: kolla-directories.conf.j2
-    dest: /etc/tmpfiles.d/kolla.conf
-  when: kolla_container_engine == 'podman'
-
-- name: Restart systemd-tmpfiles
-  become: true
-  command: systemd-tmpfiles --create
-  when: kolla_container_engine == 'podman'
-
-- name: Copying over kolla.target
-  become: true
-  template:
-    src: kolla.target.j2
-    dest: /etc/systemd/system/kolla.target
-
 - name: Copying over config.json files for services
   template:
     src: "{{ item.key }}.json.j2"

ansible/roles/cron/tasks/config.yml

@@ -75,7 +75,6 @@
       - { name: "skyline", enabled: "{{ enable_skyline | bool }}" }
       - { name: "tacker", enabled: "{{ enable_tacker | bool }}" }
       - { name: "trove", enabled: "{{ enable_trove | bool }}" }
-      - { name: "venus", enabled: "{{ enable_venus | bool }}" }
       - { name: "watcher", enabled: "{{ enable_watcher | bool }}" }
       - { name: "zun", enabled: "{{ enable_zun | bool }}" }
   template:

ansible/roles/cyborg/tasks/config.yml

@@ -26,7 +26,7 @@
     cyborg_policy_file: "{{ cyborg_policy.results.0.stat.path | basename }}"
     cyborg_policy_file_path: "{{ cyborg_policy.results.0.stat.path }}"
   when:
-    - cyborg_policy.results
+    - cyborg_policy.results | length > 0
 
 - name: Copying over existing policy file
   template:

ansible/roles/designate/tasks/config.yml

@@ -26,7 +26,7 @@
     designate_policy_file: "{{ designate_policy.results.0.stat.path | basename }}"
     designate_policy_file_path: "{{ designate_policy.results.0.stat.path }}"
   when:
-    - designate_policy.results
+    - designate_policy.results | length > 0
 
 - include_tasks: copy-certs.yml
   when:

ansible/roles/fluentd/templates/conf/filter/01-rewrite.conf.j2

@@ -136,11 +136,6 @@
     pattern ^(masakari-engine|masakari-api)$
     tag openstack_python
   </rule>
-  <rule>
-    key     programname
-    pattern ^(venus-api|venus-manager)$
-    tag openstack_python
-  </rule>
   <rule>
     key     programname
     pattern ^(skyline)$

ansible/roles/glance/tasks/config.yml

@@ -30,7 +30,7 @@
     glance_policy_file: "{{ glance_policy.results.0.stat.path | basename }}"
     glance_policy_file_path: "{{ glance_policy.results.0.stat.path }}"
   when:
-    - glance_policy.results
+    - glance_policy.results | length > 0
 
 - include_tasks: copy-certs.yml
   when:

ansible/roles/gnocchi/tasks/config.yml

@@ -30,7 +30,7 @@
     gnocchi_policy_file: "{{ gnocchi_policy.results.0.stat.path | basename }}"
     gnocchi_policy_file_path: "{{ gnocchi_policy.results.0.stat.path }}"
   when:
-    - gnocchi_policy.results
+    - gnocchi_policy.results | length > 0
 
 - include_tasks: copy-certs.yml
   when:

ansible/roles/heat/tasks/config.yml

@@ -26,7 +26,7 @@
     heat_policy_file: "{{ heat_policy.results.0.stat.path | basename }}"
     heat_policy_file_path: "{{ heat_policy.results.0.stat.path }}"
   when:
-    - heat_policy.results
+    - heat_policy.results | length > 0
 
 - include_tasks: copy-certs.yml
   when: