Synchronise master with upstream#866
Merged
Alex-Welsh merged 25 commits intostackhpc/masterfrom Apr 20, 2026
Merged
Conversation
Change-Id: I5dc53f74afd9a5b565201dc9d3039d82cb65dabc Signed-off-by: Piotr Milewski <vurmil@gmail.com>
Change-Id: I611a61dc90aa6e1aa16971e2dd17a959f7587947 Signed-off-by: Michal Nasiadka <mnasiadka@gmail.com>
When there are a moderate number of l3 routers, we have been unable to find a safe value for ha_vrrp_health_check_interval. As such, lets keep the default value of zero for all cases. Note this does not affect the VRRP based checks that keepalived is already doing. But it also means no one is checking the gateway is up. Although its unclear what extra benefit this would bring. Change-Id: If5d0054ecb3e4d73d9d6e533e71ce44e6b55220d Signed-off-by: John Garbutt <john.garbutt@stackhpc.com>
It currently only holds kolla-toolbox and due to introducing clouds.yaml for kolla-toolbox usage we should separate these two for readability. Change-Id: I0b4d3b8ab199260cd5087c10cf916f9d43f346cc Signed-off-by: Michal Nasiadka <mnasiadka@gmail.com>
We sometimes get mariadb healthcheck issues in CI (check-failure phase) where MariaDB has IST transfer failure in the logs that would require a restart of MariaDB node - let's try bumping wsrep_slave_threads to have the IST finish faster and be less prone on network/cpu issues. Change-Id: I0fdc8a42f282dfa8b7b0e7d5e1a297000f294c7d Signed-off-by: Michal Nasiadka <mnasiadka@gmail.com>
These are from other CI jobs that AIO and cephadm Change-Id: I127d1717eaa662919431c69520378f17f6804133 Signed-off-by: Michal Nasiadka <mnasiadka@gmail.com>
Renaming it to kolla_toolbox to comply with Ansible Galaxy role naming standard Change-Id: I5e3cbcd5e8028574eeab148f1e2222378f121a22 Signed-off-by: Michal Nasiadka <mnasiadka@gmail.com>
Change-Id: I0d9a62e3ade10fc8735500a8ecb068e8108b90c1 Signed-off-by: Michal Nasiadka <mnasiadka@gmail.com>
Basically Ansible heuristic obfuscation methods mark auth:
that we pass to openstack.* modules as no_log_values and then
obfuscates it's values in other runs (which then end up as ****
e.g. auth_url, domain_id, domain name, etc)
Example return:
"domains": [
{
"description": "The ******** domain",
"id": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"is_enabled": true,
"links": {
"self": "********/v3/domains/********"
},
"name": "Default",
"options": {},
"tags": []
}
This patch adds clouds.yaml to files templated for kolla-toolbox
(but without the password) and only uses password from Kolla-Ansible
secrets instead of storing that on disk on all of the nodes.
Change-Id: I479445563d5b5dc2e45601e936d89def647da841
Signed-off-by: Michal Nasiadka <mnasiadka@gmail.com>
1. Add CI coverage for keystone_identity_providers under federation scenario. 2. Add fix for federation config in keystone role if keystone_identity_providers is defined. 3. Update Horizon tests with federation example. 4. Use openstack.cloud ansible modules instead of python-openstackclient in register_identity_providers.yml Closes-Bug: #2134455 Change-Id: Id03bc5770c3856c7c09a34e327b33786d7b7d859 Signed-off-by: Taavi Ansper <taaviansperr@gmail.com>
This is for gathering OVS/OVN related metrics. See: https://github.com/openstack-k8s-operators/openstack-network-exporter Depends-On: https://review.opendev.org/c/openstack/kolla/+/951971 Change-Id: I5752b3fe6457dcf2f191326a85c548584b5675b1 Signed-off-by: Doug Szumski <doug@stackhpc.com>
Horizon may display "Something went wrong!" when a memcached node becomes unavailable. Add support for Valkey as a Horizon session cache backend using django-redis with Sentinel. Valkey is now preferred when enabled. If Valkey is not enabled, Memcached is used instead. This improves Horizon availability when cache nodes fail. Depends-On: https://review.opendev.org/c/openstack/kolla/+/980779 Closes-Bug: #2093414 Change-Id: I771754acc0febb466f4f921fdf29946d9e54f0c3 Signed-off-by: Piotr Milewski <vurmil@gmail.com>
Manually rework the operator to === so we pin to exact version of the linter - pip-check-updates will do it's work in updating Change-Id: I6d8dfce221ecf56a09be91b53fed54b553d595d0 Signed-off-by: OpenStack Proposal Bot <openstack-infra@lists.openstack.org> Generated-By: openstack/project-config:playbooks/proposal/propose_update.sh
Change-Id: I21ef474724674441e2b74c9e81eb234a31f1e2b2 Signed-off-by: Bartosz Bezak <bartosz@stackhpc.com>
This patch implements vpnaas for OVN environments. It deploys a standalone neutron-ovn-vpn-agent on neutron nodes. The container no longer requires 'privileged: true'. Running as the 'neutron' user with specific kernel capabilities ensures the agent can manage network namespaces and interfaces without full privileges. Added capabilities: - NET_ADMIN # manage interfaces, IPs, routing, firewall - SYS_ADMIN # create/manage network namespaces - SYS_PTRACE # allow 'ip netns exec' attach to processes - DAC_OVERRIDE # bypass file read/write restrictions - DAC_READ_SEARCH # allow directory traversal and file read - SETPCAP # retain capabilities for privileged ops Added security options: - apparmor=unconfined # disable AppArmor confinement - seccomp=unconfined # disable seccomp filtering - label=disable # disable SELinux/labeling Depends-On: https://review.opendev.org/c/openstack/kolla/+/924302 Closes-Bug: #2048392 Change-Id: I961b1407ae1402d146f0c09924df8e007e331af5 Signed-off-by: Joachim de Groot <joachim.de.groot@menzel-it.net> Signed-off-by: Piotr Milewski <vurmil@gmail.com>
github-actions
Bot
added
automated
Alex-Welsh
approved these changes
Apr 20, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
8 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains a snapshot of master from upstream master.