From 09d0520ae7e6cc5372e9db5fdb6f0f17288fbad0 Mon Sep 17 00:00:00 2001
From: Michal Arbet <michal.arbet@ultimum.io>
Date: Thu, 23 May 2024 18:24:10 +0200
Subject: [PATCH 1/2] Fix mariadb recovery

This patch modifies tasks that are delegated to
localhost to use local connection.
Firstly, this is correct since SSH connection is not used,
and secondly, it fixes the issue when kolla-ansible is
packaged in a docker container. If the local connection
is not used, the tasks will fail because temporary data are
stored outside the container, whereas we need it to be
stored inside the container so we can read them and set_facts.

Closes-Bug: #2073370
Change-Id: I9547d5da78da30bfeea8e97056cfa9308c977098
(cherry picked from commit 84e95d25a0d8a0c5e0fb68e877744ac26549c0b4)
---
 ansible/roles/mariadb/tasks/recover_cluster.yml      | 3 +++
 releasenotes/notes/bug-2073370-268e9a76be9f2ae9.yaml | 5 +++++
 2 files changed, 8 insertions(+)
 create mode 100644 releasenotes/notes/bug-2073370-268e9a76be9f2ae9.yaml

diff --git a/ansible/roles/mariadb/tasks/recover_cluster.yml b/ansible/roles/mariadb/tasks/recover_cluster.yml
index 83248c9fdd..9bdc2bb573 100644
--- a/ansible/roles/mariadb/tasks/recover_cluster.yml
+++ b/ansible/roles/mariadb/tasks/recover_cluster.yml
@@ -9,6 +9,7 @@
     path: "{{ item }}"
     state: absent
   delegate_to: localhost
+  connection: local
   changed_when: false
   check_mode: no
   run_once: true
@@ -82,10 +83,12 @@
         dest: "{{ mariadb_recover_tmp_file_path }}"
         mode: 0644
       delegate_to: localhost
+      connection: local
       changed_when: false
       when: seqno_compare.results | map(attribute='stdout') | join('') == ""
 
     - name: Registering mariadb_recover_inventory_name from temp file
+      connection: local
       set_fact:
         mariadb_recover_inventory_name: "{{ lookup('file', mariadb_recover_tmp_file_path) }}"
   when:
diff --git a/releasenotes/notes/bug-2073370-268e9a76be9f2ae9.yaml b/releasenotes/notes/bug-2073370-268e9a76be9f2ae9.yaml
new file mode 100644
index 0000000000..d15c65fd1a
--- /dev/null
+++ b/releasenotes/notes/bug-2073370-268e9a76be9f2ae9.yaml
@@ -0,0 +1,5 @@
+---
+fixes:
+  - |
+    Fixes the MariaDB recovery issue when kolla-ansible is running from
+    a docker container. `LP#2073370 <https://launchpad.net/bugs/2073370>`__

From 73496e1454eb7e9032b46a9336a8041a3ec7f661 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ga=C3=ABl=20THEROND=20=28Fl1nt=29?=
 <gael.therond@bitswalk.com>
Date: Thu, 21 Mar 2024 15:32:39 +0100
Subject: [PATCH 2/2] Fix keystone configuration for haproxy.

* Use proper balancing mode when federation is enabled.

Closes-Bug: #2058656
Change-Id: Ia81a6efc38ec2bdc1355d058c03568cf740fdac5
(cherry picked from commit 33d03a4267c9c64d774e1cf90c402326ac2de6d1)
---
 ansible/roles/keystone/defaults/main.yml             | 8 ++++++--
 releasenotes/notes/bug-2058656-ad68bb260327a267.yaml | 5 +++++
 2 files changed, 11 insertions(+), 2 deletions(-)
 create mode 100644 releasenotes/notes/bug-2058656-ad68bb260327a267.yaml

diff --git a/ansible/roles/keystone/defaults/main.yml b/ansible/roles/keystone/defaults/main.yml
index a6bc099f1c..59275d658f 100644
--- a/ansible/roles/keystone/defaults/main.yml
+++ b/ansible/roles/keystone/defaults/main.yml
@@ -16,7 +16,8 @@ keystone_services:
         tls_backend: "{{ keystone_enable_tls_backend }}"
         port: "{{ keystone_public_port }}"
         listen_port: "{{ keystone_public_listen_port }}"
-        backend_http_extra: "{{ ['balance source'] if enable_keystone_federation | bool else [] }}"
+        backend_http_extra:
+          - balance "{{ 'source' if enable_keystone_federation | bool else 'roundrobin' }}"
       keystone_external:
         enabled: "{{ enable_keystone }}"
         mode: "http"
@@ -24,7 +25,8 @@ keystone_services:
         tls_backend: "{{ keystone_enable_tls_backend }}"
         port: "{{ keystone_public_port }}"
         listen_port: "{{ keystone_public_listen_port }}"
-        backend_http_extra: "{{ ['balance source'] if enable_keystone_federation | bool else [] }}"
+        backend_http_extra:
+          - balance "{{ 'source' if enable_keystone_federation | bool else 'roundrobin' }}"
       # NOTE(yoctozepto): Admin port settings are kept only for upgrade compatibility.
       # TODO(yoctozepto): Remove after Zed.
       keystone_admin:
@@ -34,6 +36,8 @@ keystone_services:
         tls_backend: "{{ keystone_enable_tls_backend }}"
         port: "{{ keystone_admin_port }}"
         listen_port: "{{ keystone_admin_listen_port }}"
+        backend_http_extra:
+          - balance "{{ 'source' if enable_keystone_federation | bool else 'roundrobin' }}"
   keystone-ssh:
     container_name: "keystone_ssh"
     group: "keystone"
diff --git a/releasenotes/notes/bug-2058656-ad68bb260327a267.yaml b/releasenotes/notes/bug-2058656-ad68bb260327a267.yaml
new file mode 100644
index 0000000000..33b4e2c73f
--- /dev/null
+++ b/releasenotes/notes/bug-2058656-ad68bb260327a267.yaml
@@ -0,0 +1,5 @@
+---
+fixes:
+  - |
+    Fixes keystone service configuration for haproxy when using federation.
+    `LP#2058656 <https://bugs.launchpad.net/kolla-ansible/+bug/2058656>`__