Merge "Drop Fedora support"
diff --git a/doc/source/guides/nova.rst b/doc/source/guides/nova.rst
index d0fb274..705d427 100644
--- a/doc/source/guides/nova.rst
+++ b/doc/source/guides/nova.rst
@@ -122,7 +122,7 @@
 .. code-block:: shell
 
   $ openstack --os-compute-api-version 2.37 server create --flavor cirros256 \
-      --image cirros-0.6.1-x86_64-disk --nic none --wait test-server
+      --image cirros-0.6.2-x86_64-disk --nic none --wait test-server
 
 .. note:: ``--os-compute-api-version`` greater than or equal to 2.37 is
           required to use ``--nic=none``.
diff --git a/doc/source/plugin-registry.rst b/doc/source/plugin-registry.rst
index b244ca5..f54fca9 100644
--- a/doc/source/plugin-registry.rst
+++ b/doc/source/plugin-registry.rst
@@ -70,7 +70,6 @@
 openstack/networking-bgpvpn              `https://opendev.org/openstack/networking-bgpvpn <https://opendev.org/openstack/networking-bgpvpn>`__
 openstack/networking-generic-switch      `https://opendev.org/openstack/networking-generic-switch <https://opendev.org/openstack/networking-generic-switch>`__
 openstack/networking-hyperv              `https://opendev.org/openstack/networking-hyperv <https://opendev.org/openstack/networking-hyperv>`__
-openstack/networking-odl                 `https://opendev.org/openstack/networking-odl <https://opendev.org/openstack/networking-odl>`__
 openstack/networking-powervm             `https://opendev.org/openstack/networking-powervm <https://opendev.org/openstack/networking-powervm>`__
 openstack/networking-sfc                 `https://opendev.org/openstack/networking-sfc <https://opendev.org/openstack/networking-sfc>`__
 openstack/neutron                        `https://opendev.org/openstack/neutron <https://opendev.org/openstack/neutron>`__
diff --git a/files/apache-keystone.template b/files/apache-keystone.template
index 1a353e5..d99e8e6 100644
--- a/files/apache-keystone.template
+++ b/files/apache-keystone.template
@@ -23,6 +23,7 @@
 %SSLLISTEN%    %SSLENGINE%
 %SSLLISTEN%    %SSLCERTFILE%
 %SSLLISTEN%    %SSLKEYFILE%
+%SSLLISTEN%    SSLProtocol -all +TLSv1.3 +TLSv1.2
 %SSLLISTEN%</VirtualHost>
 
 Alias /identity %KEYSTONE_BIN%/keystone-wsgi-public
diff --git a/files/apache-neutron.template b/files/apache-neutron.template
index c7796b9..358e87f 100644
--- a/files/apache-neutron.template
+++ b/files/apache-neutron.template
@@ -24,6 +24,7 @@
 %SSLLISTEN%    %SSLENGINE%
 %SSLLISTEN%    %SSLCERTFILE%
 %SSLLISTEN%    %SSLKEYFILE%
+%SSLLISTEN%    SSLProtocol -all +TLSv1.3 +TLSv1.2
 %SSLLISTEN%</VirtualHost>
 
 Alias /networking %NEUTRON_BIN%/neutron-api
diff --git a/files/dnsmasq-for-baremetal-from-nova-network.conf b/files/dnsmasq-for-baremetal-from-nova-network.conf
deleted file mode 100644
index 66a3751..0000000
--- a/files/dnsmasq-for-baremetal-from-nova-network.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-enable-tftp
-tftp-root=/tftpboot
-dhcp-boot=pxelinux.0
diff --git a/files/rpms/general b/files/rpms/general
index b6866de..8a5755c 100644
--- a/files/rpms/general
+++ b/files/rpms/general
@@ -6,9 +6,11 @@
 gcc-c++
 gettext  # used for compiling message catalogs
 git-core
+glibc-langpack-en # dist:rhel9
 graphviz # needed only for docs
 httpd
 httpd-devel
+iptables-nft # dist:rhel9
 iptables-services
 java-1.8.0-openjdk-headless
 libffi-devel
diff --git a/functions-common b/functions-common
index 63144d6..5e1aa34 100644
--- a/functions-common
+++ b/functions-common
@@ -412,9 +412,9 @@
 #  - os_VENDOR
 #  - os_PACKAGE
 function GetOSVersion {
-    # CentOS Stream 9 does not provide lsb_release
+    # CentOS Stream 9 and RHEL 9 do not provide lsb_release
     source /etc/os-release
-    if [[ "${ID}${VERSION}" == "centos9" ]]; then
+    if [[ "${ID}${VERSION}" == "centos9" ]] || [[ "${ID}${VERSION}" =~ "rhel9" ]]; then
         os_RELEASE=${VERSION_ID}
         os_CODENAME="n/a"
         os_VENDOR=$(echo $NAME | tr -d '[:space:]')
@@ -520,6 +520,7 @@
         [ "$os_VENDOR" = "openEuler" ] || \
         [ "$os_VENDOR" = "RedHatEnterpriseServer" ] || \
         [ "$os_VENDOR" = "RedHatEnterprise" ] || \
+        [ "$os_VENDOR" = "RedHatEnterpriseLinux" ] || \
         [ "$os_VENDOR" = "Rocky" ] || \
         [ "$os_VENDOR" = "CentOS" ] || [ "$os_VENDOR" = "CentOSStream" ] || \
         [ "$os_VENDOR" = "AlmaLinux" ] || \
@@ -609,9 +610,10 @@
                 echo "the project to the \$PROJECTS variable in the job definition."
                 die $LINENO "ERROR_ON_CLONE is set to True so cloning not allowed in this configuration"
             fi
-            git_timed clone $git_clone_flags $git_remote $git_dest
+            git_timed clone --no-checkout $git_clone_flags $git_remote $git_dest
             cd $git_dest
-            git checkout $git_ref
+            git_timed fetch $git_clone_flags origin $git_ref
+            git_timed checkout FETCH_HEAD
         elif [[ "$RECLONE" = "True" ]]; then
             # if it does exist then simulate what clone does if asked to RECLONE
             cd $git_dest
diff --git a/lib/apache b/lib/apache
index 4d68b49..76eae9c 100644
--- a/lib/apache
+++ b/lib/apache
@@ -137,6 +137,8 @@
     elif is_fedora; then
         sudo rm -f /etc/httpd/conf.d/000-*
         install_package httpd python3-mod_wsgi
+        # rpm distros dont enable httpd by default so enable it to support reboots.
+        sudo systemctl enable httpd
         # For consistency with Ubuntu, switch to the worker mpm, as
         # the default is event
         sudo sed -i '/mod_mpm_prefork.so/s/^/#/g' /etc/httpd/conf.modules.d/00-mpm.conf
diff --git a/lib/neutron b/lib/neutron
index 368a1b9..a6de722 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -1112,24 +1112,6 @@
 # Functions for Neutron Exercises
 #--------------------------------
 
-function delete_probe {
-    local from_net="$1"
-    net_id=`_get_net_id $from_net`
-    probe_id=`neutron-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-list -c id -c network_id | grep $net_id | awk '{print $2}'`
-    neutron-debug --os-tenant-name admin --os-username admin probe-delete $probe_id
-}
-
-function _get_net_id {
-    openstack --os-cloud devstack-admin --os-region-name="$REGION_NAME" --os-project-name admin --os-username admin --os-password $ADMIN_PASSWORD network list | grep $1 | awk '{print $2}'
-}
-
-function _get_probe_cmd_prefix {
-    local from_net="$1"
-    net_id=`_get_net_id $from_net`
-    probe_id=`neutron-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-list -c id -c network_id | grep $net_id | awk '{print $2}' | head -n 1`
-    echo "$Q_RR_COMMAND ip netns exec qprobe-$probe_id"
-}
-
 # ssh check
 function _ssh_check_neutron {
     local from_net=$1
diff --git a/lib/nova b/lib/nova
index 21067f3..888a2e2 100644
--- a/lib/nova
+++ b/lib/nova
@@ -115,7 +115,7 @@
 
 # The following NOVA_FILTERS contains SameHostFilter and DifferentHostFilter with
 # the default filters.
-NOVA_FILTERS="AvailabilityZoneFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter,SameHostFilter,DifferentHostFilter"
+NOVA_FILTERS="ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter,SameHostFilter,DifferentHostFilter"
 
 QEMU_CONF=/etc/libvirt/qemu.conf
 
@@ -1036,6 +1036,10 @@
     # by the compute process.
     configure_console_compute
 
+    # Set rebuild timeout longer for BFV instances because we likely have
+    # slower disk than expected. Default is 20s/GB
+    iniset $NOVA_CPU_CONF DEFAULT reimage_timeout_per_gb 60
+
     # Configure the OVSDB connection for os-vif
     if [ -n "$OVSDB_SERVER_LOCAL_HOST" ]; then
         iniset $NOVA_CPU_CONF os_vif_ovs ovsdb_connection "tcp:$OVSDB_SERVER_LOCAL_HOST:6640"
diff --git a/lib/nova_plugins/functions-libvirt b/lib/nova_plugins/functions-libvirt
index 7992306..ba2e98e 100644
--- a/lib/nova_plugins/functions-libvirt
+++ b/lib/nova_plugins/functions-libvirt
@@ -69,7 +69,7 @@
             $REQUIREMENTS_DIR/upper-constraints.txt -- libvirt-python
 
     if is_ubuntu; then
-        install_package qemu-system libvirt-clients libvirt-daemon-system libvirt-dev python3-libvirt
+        install_package qemu-system libvirt-clients libvirt-daemon-system libvirt-dev python3-libvirt systemd-coredump
         if is_arch "aarch64"; then
             install_package qemu-efi
         fi
diff --git a/lib/tempest b/lib/tempest
index 9fa989a..2f62f6e 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -149,11 +149,10 @@
 # ramdisk and kernel images.  Takes 3 arguments, an array and two
 # variables.  The array will contain the list of active image UUIDs;
 # if an image with ``DEFAULT_IMAGE_NAME`` is found, its UUID will be
-# set as the value of *both* other parameters.
+# set as the value img_id ($2) parameters.
 function get_active_images {
     declare -n img_array=$1
     declare -n img_id=$2
-    declare -n img_id_alt=$3
 
     # start with a fresh array in case we are called multiple times
     img_array=()
@@ -161,7 +160,6 @@
     while read -r IMAGE_NAME IMAGE_UUID; do
         if [ "$IMAGE_NAME" = "$DEFAULT_IMAGE_NAME" ]; then
             img_id="$IMAGE_UUID"
-            img_id_alt="$IMAGE_UUID"
         fi
         img_array+=($IMAGE_UUID)
     done < <(openstack --os-cloud devstack-admin image list --property status=active | awk -F'|' '!/^(+--)|ID|aki|ari/ { print $3,$2 }')
@@ -170,13 +168,12 @@
 function poll_glance_images {
     declare -n image_array=$1
     declare -n image_id=$2
-    declare -n image_id_alt=$3
     local -i poll_count
 
     poll_count=$TEMPEST_GLANCE_IMPORT_POLL_LIMIT
     while (( poll_count-- > 0 )) ; do
         sleep $TEMPEST_GLANCE_IMPORT_POLL_INTERVAL
-        get_active_images image_array image_id image_id_alt
+        get_active_images image_array image_id
         if (( ${#image_array[*]} >= $TEMPEST_GLANCE_IMAGE_COUNT )) ; then
             return
         fi
@@ -228,7 +225,7 @@
     declare -a images
 
     if is_service_enabled glance; then
-        get_active_images images image_uuid image_uuid_alt
+        get_active_images images image_uuid
 
         if (( ${#images[*]} < $TEMPEST_GLANCE_IMAGE_COUNT )); then
             # Glance image import is asynchronous and may be configured
@@ -236,7 +233,7 @@
             # it's possible that this code is being executed before the
             # import has completed and there may be no active images yet.
             if [[ "$GLANCE_USE_IMPORT_WORKFLOW" == "True" ]]; then
-                poll_glance_images images image_uuid image_uuid_alt
+                poll_glance_images images image_uuid
                 if (( ${#images[*]} < $TEMPEST_GLANCE_IMAGE_COUNT )); then
                     echo "Only found ${#images[*]} image(s), was looking for $TEMPEST_GLANCE_IMAGE_COUNT"
                     exit 1
@@ -252,13 +249,22 @@
             1)
                 if [ -z "$image_uuid" ]; then
                     image_uuid=${images[0]}
-                    image_uuid_alt=${images[0]}
                 fi
+                image_uuid_alt=$image_uuid
                 ;;
             *)
                 if [ -z "$image_uuid" ]; then
                     image_uuid=${images[0]}
-                    image_uuid_alt=${images[1]}
+                    if [ -z "$image_uuid_alt" ]; then
+                        image_uuid_alt=${images[1]}
+                    fi
+                elif [ -z "$image_uuid_alt" ]; then
+                    for image in ${images[@]}; do
+                        if [[ "$image" != "$image_uuid" ]]; then
+                            image_uuid_alt=$image
+                            break
+                        fi
+                    done
                 fi
                 ;;
         esac
diff --git a/lib/tls b/lib/tls
index e0c7500..a1e162d 100644
--- a/lib/tls
+++ b/lib/tls
@@ -527,6 +527,7 @@
 <VirtualHost $f_host:$f_port>
     SSLEngine On
     SSLCertificateFile $DEVSTACK_CERT
+    SSLProtocol -all +TLSv1.3 +TLSv1.2
 
     # Disable KeepAlive to fix bug #1630664 a.k.a the
     # ('Connection aborted.', BadStatusLine("''",)) error
diff --git a/stack.sh b/stack.sh
index e9617ee..ad88eab 100755
--- a/stack.sh
+++ b/stack.sh
@@ -406,7 +406,10 @@
     # Patch: https://github.com/rpm-software-management/dnf/pull/1448
     echo "[]" | sudo tee /var/cache/dnf/expired_repos.json
 elif [[ $DISTRO == "rhel9" ]]; then
+    # for CentOS Stream 9 repository
     sudo dnf config-manager --set-enabled crb
+    # for RHEL 9 repository
+    sudo dnf config-manager --set-enabled codeready-builder-for-rhel-9-x86_64-rpms
     # rabbitmq and other packages are provided by RDO repositories.
     _install_rdo
 
diff --git a/stackrc b/stackrc
index 8820c62..dcc0ce4 100644
--- a/stackrc
+++ b/stackrc
@@ -674,7 +674,7 @@
 
 #IMAGE_URLS="https://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-disk.img" # cirros full disk image
 
-CIRROS_VERSION=${CIRROS_VERSION:-"0.6.1"}
+CIRROS_VERSION=${CIRROS_VERSION:-"0.6.2"}
 CIRROS_ARCH=${CIRROS_ARCH:-$(uname -m)}
 
 # Set default image based on ``VIRT_DRIVER`` and ``LIBVIRT_TYPE``, either of
@@ -804,7 +804,7 @@
 SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT=${SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT:-5}
 
 # Service graceful shutdown timeout
-WORKER_TIMEOUT=${WORKER_TIMEOUT:-90}
+WORKER_TIMEOUT=${WORKER_TIMEOUT:-80}
 
 # Common Configuration
 # --------------------
diff --git a/tools/dbcounter/dbcounter.py b/tools/dbcounter/dbcounter.py
index 0ed7bb8..86e5529 100644
--- a/tools/dbcounter/dbcounter.py
+++ b/tools/dbcounter/dbcounter.py
@@ -96,20 +96,18 @@
         This reads "hists" from from a queue fed by _log_event() and
         writes (db,op)+=count stats to the database after ten seconds
         of no activity to avoid triggering a write for every SELECT
-        call. Write no less often than every thirty seconds and/or 100
-        pending hits to avoid being starved by constant activity.
+        call. Write no less often than every sixty seconds to avoid being
+        starved by constant activity.
         """
         LOG.debug('[%i] Writer thread running' % os.getpid())
         while True:
             to_write = {}
-            total = 0
             last = time.time()
-            while time.time() - last < 30 and total < 100:
+            while time.time() - last < 60:
                 try:
                     item = self.queue.get(timeout=10)
                     to_write.setdefault(item, 0)
                     to_write[item] += 1
-                    total += 1
                 except queue.Empty:
                     break
 
diff --git a/tools/fixup_stuff.sh b/tools/fixup_stuff.sh
index 0ec426b..faea44f 100755
--- a/tools/fixup_stuff.sh
+++ b/tools/fixup_stuff.sh
@@ -36,6 +36,12 @@
     # Disable selinux to avoid configuring to allow Apache access
     # to Horizon files (LP#1175444)
     if selinuxenabled; then
+        #persit selinux config across reboots
+        cat << EOF | sudo tee /etc/selinux/config
+SELINUX=permissive
+SELINUXTYPE=targeted
+EOF
+        # then disable at runtime
         sudo setenforce 0
     fi
 
diff --git a/tools/ping_neutron.sh b/tools/ping_neutron.sh
index 73fe3f3..ab8e8df 100755
--- a/tools/ping_neutron.sh
+++ b/tools/ping_neutron.sh
@@ -30,7 +30,8 @@
 
 This provides a wrapper to ping neutron guests that are on isolated
 tenant networks that the caller can't normally reach. It does so by
-creating a network namespace probe.
+using either the DHCP or Metadata network namespace to support both
+ML2/OVS and OVN.
 
 It takes arguments like ping, except the first arg must be the network
 name.
@@ -44,6 +45,12 @@
     exit 1
 }
 
+# BUG: with duplicate network names, this fails pretty hard since it
+# will just pick the first match.
+function _get_net_id {
+    openstack --os-cloud devstack-admin --os-region-name="$REGION_NAME" --os-project-name admin --os-username admin --os-password $ADMIN_PASSWORD network list | grep $1 | head -n 1 | awk '{print $2}'
+}
+
 NET_NAME=$1
 
 if [[ -z "$NET_NAME" ]]; then
@@ -53,12 +60,11 @@
 
 REMAINING_ARGS="${@:2}"
 
-# BUG: with duplicate network names, this fails pretty hard.
-NET_ID=$(openstack network show -f value -c id "$NET_NAME")
-PROBE_ID=$(neutron-debug probe-list -c id -c network_id | grep "$NET_ID" | awk '{print $2}' | head -n 1)
+NET_ID=`_get_net_id $NET_NAME`
+NET_NS=$(ip netns list | grep "$NET_ID" | head -n 1)
 
 # This runs a command inside the specific netns
-NET_NS_CMD="ip netns exec qprobe-$PROBE_ID"
+NET_NS_CMD="ip netns exec $NET_NS"
 
 PING_CMD="sudo $NET_NS_CMD ping $REMAINING_ARGS"
 echo "Running $PING_CMD"