stackhpc · Alex-Welsh · Apr 13, 2026 · Mar 11, 2026 · Jun 25, 2025 · Apr 2, 2026
@@ -114,6 +114,9 @@ inspector_rule_var_redfish_password:
 # Redfish CA setting.
 inspector_rule_var_redfish_verify_ca: True
 
+# Log Ironic inspector rules marked sensitive.
+ironic_inspector_sensitive_rule_no_log: True
+
 # Ironic inspector rule to set IPMI credentials.
 inspector_rule_ipmi_credentials:
   description: "Set IPMI driver_info if no credentials"

@@ -256,6 +256,8 @@ overcloud_container_image_regex_map:
     enabled: "{{ kolla_enable_cinder | bool or kolla_enable_ironic | bool }}"
   - regex: ^trove
     enabled: "{{ kolla_enable_trove | bool }}"
+  - regex: ^valkey
+    enabled: "{{ kolla_enable_valkey | bool }}"
   - regex: ^watcher
     enabled: "{{ kolla_enable_watcher | bool }}"
   - regex: ^zun
@@ -580,6 +582,7 @@ kolla_enable_swift: "no"
 kolla_enable_tacker: "no"
 kolla_enable_telegraf: "no"
 kolla_enable_trove: "no"
+kolla_enable_valkey: "no"
 kolla_enable_vitrage: "no"
 kolla_enable_watcher: "no"
 kolla_enable_zun: "no"

@@ -4,3 +4,8 @@ customize_etc_hosts: true
 
 # List of hosts to add to /etc/hosts.
 etc_hosts_hosts: "{{ groups['overcloud'] }}"
+
+# Dictionary of custom /etc/hosts entries.
+# Each key is added as a hostname,
+# Each value is added as an IP.
+custom_etc_hosts_entries: {}
@@ -31,6 +31,9 @@
         {{ hostvars[host].internal_net_name | net_ip(inventory_hostname=host) }} {{ hostnames | unique | join(' ') }}
         {% endif %}
         {% endfor %}
+        {% for item in custom_etc_hosts_entries | dict2items %}
+        {{ item.value }} {{ item.key }}
+        {% endfor %}
   become: True
   when:
     # Skip hosts that do not have a valid internal network interface.

@@ -23,3 +23,6 @@ ironic_inspector_interface:
 # List of rules which should exist. See the Inspector rules API for details of
 # parameters available for rules.
 ironic_inspector_rules: []
+
+# Set no_log for inspector rules marked sensitive
+ironic_inspector_sensitive_rule_no_log:
@@ -16,4 +16,9 @@
     state: present
   loop_control:
     label: "{{ ironic_inspector_rules[item].description }}"
+  no_log: >-
+    {{
+      (ironic_inspector_rules[item].sensitive | default(False))
+      and ironic_inspector_sensitive_rule_no_log
+    }}
   with_items: "{{ range(0, ironic_inspector_rules | length) | list }}"
@@ -36,19 +36,9 @@ monitoring
 [etcd:children]
 control
 
-[influxdb:children]
-monitoring
-
 [prometheus:children]
 monitoring
 
-[telegraf:children]
-compute
-control
-monitoring
-network
-storage
-
 [hacluster:children]
 control
 
@@ -151,6 +141,10 @@ control
 [skyline:children]
 control
 
+# TODO(vurmil): Remove after G/2026.1 release as Redis migration is no longer required
+[redis:children]
+control
+
 [valkey:children]
 control
 

@@ -18,12 +18,16 @@ common
 [fluentd:children]
 common
 
-[kolla-logs:children]
-common
-
 [kolla-toolbox:children]
 common
 
+[kolla_logs:children]
+control
+network
+compute
+storage
+monitoring
+
 [opensearch:children]
 control
 
@@ -410,6 +414,9 @@ monitoring
 [prometheus-libvirt-exporter:children]
 compute
 
+[prometheus-valkey-exporter:children]
+valkey
+
 [masakari-api:children]
 control
 

@@ -1553,6 +1553,15 @@ follows:
 
    etc_hosts_gather_facts: false
 
+Custom entries can be added to the ``custom_etc_hosts_entries`` dictionary.
+Each key is treated as a hostname and each value is the IP, for example:
+
+.. code-block:: yaml
+
+   custom_etc_hosts_entries:
+     foo.exaple.com: 1.2.3.4
+     bar.exaple.com: 5.6.7.8
+
 Installing packages required by Kolla Ansible
 =============================================
 *tags:*

@@ -98,6 +98,9 @@
 # Redfish CA setting. Set to 'True' by default
 #inspector_rule_var_redfish_verify_ca:
 
+# Log Ironic inspector rules marked sensitive. Set to 'True' by default
+#ironic_inspector_sensitive_rule_no_log:
+
 # Ironic inspector rule to set IPMI credentials.
 #inspector_rule_ipmi_credentials:
 

@@ -231,3 +231,7 @@ compute_libvirt_sasl_password: "{% raw %}{{ lookup('password', '/tmp/libvirt-sas
 dnf_use_local_mirror: true
 controller_fail2ban_enabled: true
 {% endif %}
+
+# Add a custom entry to /etc/hosts.
+custom_etc_hosts_entries:
+  foo.example.com: 127.0.0.88
@@ -374,3 +374,10 @@ def test_swap(host):
     assert len(swapon) > 1
     swap_devs = [swap.split()[0] for swap in swapon[1:]]
     assert "/swapfile" in swap_devs
+
+
+def test_etc_hosts(host):
+    hosts_entries = host.check_output("cat /etc/hosts")
+    assert "127.0.0.88 foo.example.com" in hosts_entries
+    ping_result = host.check_output("ping -c 1 foo.example.com")
+    assert "1 received" in ping_result
@@ -0,0 +1,5 @@
+---
+fixes:
+  - |
+    ``valkey`` images are now built when ``kolla_enable_valkey`` is set to
+    ``true``.
@@ -0,0 +1,8 @@
+---
+features:
+  - |
+    Added a new variable, ``custom_etc_hosts_entries``, for appending entries
+    to ``/etc/hosts``. This is a generic mechanism which, unlike
+    ``etc_hosts_hosts``, can be used to add hosts outside of the Kayobe
+    inventory. ``custom_etc_hosts_entries`` is a dictionary, where each key is
+    a hostname and each value is an IP.
@@ -0,0 +1,22 @@
+---
+features:
+  - |
+    Added the tag ``bifrost`` to ``kolla-bifrost.yml`` so that we can easily
+    limit to Bifrost in ``kayobe seed service deploy``.
+  - |
+    Deprecated the options ``--kolla-tags`` and ``kolla-limit`` for all
+    commands. Regular ``--tags`` and ``--limit`` will now be passed directly to
+    the Kolla-Ansible invocations. Added the tag ``kayobe-generate-config`` to
+    ``kolla-ansible.yml`` and ``kolla-openstack.yml``. This tag is now always
+    called, to allow for limiting to OpenStack services with just one tag, e.g.
+    ``kayobe overcloud service deploy -t nova``. You can still skip this with
+    ``--skip-tags kayobe-generate-config``.
+upgrade:
+  - |
+    Deprecated the options ``--kolla-tags`` and ``kolla-limit`` for all
+    commands. Regular ``--tags`` and ``--limit`` will now be passed directly to
+    the Kolla-Ansible invocations. Added the tag ``kayobe-generate-config`` to
+    ``kolla-ansible.yml`` and ``kolla-openstack.yml``. This tag is now always
+    called, to allow for limiting to OpenStack services with just one tag, e.g.
+    ``kayobe overcloud service deploy -t nova``. You can still skip this with
+    ``--skip-tags kayobe-generate-config``.
@@ -0,0 +1,4 @@
+---
+security:
+  - |
+    Prevents sensitive inspector rules from appearing in ansible output.
@@ -1,4 +1,10 @@
 ---
+- name: Set Rocky Linux mirror to download.rockylinux.org
+  become: true
+  ansible.builtin.shell:
+    cmd: sed -i 's/mirrorlist/#mirrorlist/g; s/#baseurl/baseurl/g' /etc/yum.repos.d/rocky.repo
+  when: ansible_facts.distribution == "Rocky"
+
 - block:
     - name: Install dbus for debian system
       apt:
@@ -25,7 +31,7 @@
         name: dnf-plugins-core
         state: present
 
-    - name: Enable the EPEL repository
+    - name: Disable the EPEL repository
       command: dnf config-manager --disable epel
 
     - name: Install packages needed for unprivileged mode

@@ -92,7 +92,7 @@ commands =
 setenv = {[testenv:linters]setenv}
 deps = {[testenv:linters]deps}
 commands =
-  ansible-lint -p --exclude etc --exclude kayobe/plugins --exclude playbooks --exclude releasenotes --exclude roles --exclude zuul.d --exclude ansible/idrac-bootstrap.yml --exclude .ansible --exclude ansible/roles/*.* --exclude ansible/collections
+  ansible-lint -f pep8 --exclude etc --exclude kayobe/plugins --exclude playbooks --exclude releasenotes --exclude roles --exclude zuul.d --exclude ansible/idrac-bootstrap.yml --exclude .ansible --exclude ansible/roles/*.* --exclude ansible/collections
 
 [testenv:ansible-syntax]
 commands =