Due to CVE-2023-5764 conditional statements should not include
jinja2 templating anymore and result in warnings/failures
This patch replaces Jinja tags with slightly different format that leads to the
same result/logic.
Change-Id: I049ac770b32152866194190e54f5947fe7589b39
The same physical network label cannot be used more than once with
Linuxbridge.
This patch standardises the label physnet1 for the flat public network
and instead uses physnet2 for the vlan project networks for
Linuxbridge.
Change-Id: Ie42b995c93e081d484fc177fb665802950335c50
The nova_force_config_drive variable was removed several releases ago.
Update the docs to only mention using nova_nova_conf_overrides to
disable the config drive.
Change-Id: I1565e1e6e7b8fe12a6b70f09947c48cc893d3ef5
To allow encrypting connections of db healthcheck tasks, include the
check_hostname option to verify a server host name when an SSL
connection is required.
Also enable galera_require_secure_transport during TLS test jobs.
Change-Id: I23d839e75b202d0400aeefe6e98c429e16ecd37e
It is not possible to install Gnocchi 4.5 with 2024.1 due to conflicting
dependency of pyparsing. It is fixed in 4.6 with [1]
[1] a565df6923
Change-Id: I056a4a382abffc2d2b70a0cead787f22dd737fdc
Branch renaming to unmaintanted/ breaks the gate-check-commit
script when it sets the source branch for an upgrade job.
This patch determines the source branch prefix dynamically in
an attempt to make upgrade jobs still work from branches marked
as unmaintained under wider OpenStack policy.
Change-Id: I9662156fe0e9463e54ccc5c6ede0624a85887ebe
In case, when there's more then 1 image with name `fedora-coreos-latest`
Magnum fails to resolve it's uuid and fails to create a template from such
image.
In order to prevent this happening, we do enable image rotation in CI
to fix upgrade jobs.
Changing visability to `community` does hide the image from non-owner
unless explicitly asked for listing community images.
Change-Id: I1d5f02824e0c0fed820ee0808127efccad1017cf
At the moment our dynamic_inventory does have assumption that group names
defined in env.d will not contain underscores, except when it's ending
with `_hosts` or `_containers` since inventory script uses split on `_` and taking
the last argument. So in cases when underscore was used elsewhere in the
group name it will result in unexpected behaviour.
Instead of this approach we now use regexp which replaces the last octet separated with underscore with intended suffix to preserve
rest behaviour.
Change-Id: Id9ba56292972b8b52b4786c78684f2d6f289d88a
According to RFC1034 [1], underscores are not legitimate symbols for
hostnames. We have a naming convention that historically uses underscores
in names of containers which leads to a complications in some cases/logic
Moreover, container actual hostnames are always different from their
inventory_hostnames, which might break some logic of external dependencies.
To change this historical issue, all new containers will have different
naming convention, where only dash will be used as a separator.
This will not touch already existing in inventory containers and they will
preserve their names for the time being.
[1] http://www.faqs.org/rfcs/rfc1034.html
Change-Id: Iedebf9935059ecfe8370f2a84ad52516cc93320e
Update the yoga release notes configuration to build from
unmaintained/yoga.
This also workaround the issue with Zed not being able to
find out where it's changes started by defining
proper regexp for `closed_branch_tag_re`
Presumably, default for reno should be adjusted to avoid this
config override, ie with [1]
[1] https://review.opendev.org/c/openstack/reno/+/910547
Change-Id: I9ff589583e7e53941c81c52e7ca5dae77c5de1d9
Previously this was either 'vlan' or 'flat' depending on the external
network type, and there were also cases when the name and type were
mismatched - particularly when the flat network was untagged traffic
on a vlan bridge.
This patch removes that confusion and always names the external
network 'physnet1' to align with the upstream neutron examples.
Change-Id: I3cd8b93b42777b787552051bcdc9a90347f1e03d
oslo_messaging isn't set up to handle this situation and appears
to expect the node to come back (as would happen during a version
upgrade). As a result, client processes don't attempt to re-create
queues which lived on the node being upgraded. This situation
doesn't auto-recover which can be very disruptive.
Change-Id: I608202d665417682ce7309bb9bf4b52a2cf4373e
Due to the issue in formatting healthcheck address was merged with meth
which resulted in invalid haproxy configuration, when SPICE is being used
as a console.
Closes-Bug: #2052891
Change-Id: I38b2ff6887382164e4b28852274ec6dfee4d7d78
This is needed if a child job in an openstack-ansible role repo
needs to do some configuration before bootstrap-ansible is run.
An example might be configuring extra roles, collections or
pythin modules to be installed during bootstrap.
Change-Id: I463cf5df7c2aa4e2cdf399efaeb17df980d29edc
We never had a template for distro_ceph jobs, so it's resulting in zuul
configuration errors for all our stable branches.
Change-Id: Ied048e041abc5563d01cd58f57c1a4b685de0586
This patch adds variables which when can be used to extend
openstack ansible by calling additional user defined playbooks
at the start and end of the main setup-* playbooks.
Change-Id: Ic55dd6447f603d91beaeea28beb04e4c1393d6af