fix(neutron): sync paste config

* fix(chart): Import paste.deploy patch and bump chart versions to latest

* Remove paste.deploy config override

* Remove paste.deploy config override for nova and neutron

* Add ovn_metadata image

* Remove orig file and update gitignore

* fix typo in gitignore

---------

Co-authored-by: okozachenko1203 <okozachenko1203@users.noreply.github.com>
diff --git a/.gitignore b/.gitignore
index ece7e97..43686af 100644
--- a/.gitignore
+++ b/.gitignore
@@ -10,3 +10,5 @@
 *.tar.gz
 __pycache__
 tests/output
+*.orig
+*.rej
diff --git a/charts/barbican/Chart.yaml b/charts/barbican/Chart.yaml
index 8828804..854c17d 100644
--- a/charts/barbican/Chart.yaml
+++ b/charts/barbican/Chart.yaml
@@ -9,4 +9,4 @@
 sources:
 - https://opendev.org/openstack/barbican
 - https://opendev.org/openstack/openstack-helm
-version: 0.3.0
+version: 0.3.2
diff --git a/charts/barbican/charts/helm-toolkit/Chart.yaml b/charts/barbican/charts/helm-toolkit/Chart.yaml
index c1296b9..7d3703e 100644
--- a/charts/barbican/charts/helm-toolkit/Chart.yaml
+++ b/charts/barbican/charts/helm-toolkit/Chart.yaml
@@ -9,4 +9,4 @@
 sources:
 - https://opendev.org/openstack/openstack-helm-infra
 - https://opendev.org/openstack/openstack-helm
-version: 0.2.51
+version: 0.2.53
diff --git a/charts/barbican/charts/helm-toolkit/templates/scripts/_db-init.py.tpl b/charts/barbican/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
index 4294d40..6027b95 100644
--- a/charts/barbican/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
+++ b/charts/barbican/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
@@ -133,8 +133,10 @@
 # Create DB User
 try:
     root_engine.execute(
-        "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\' IDENTIFIED BY \'{2}\' {3}".format(
-            database, user, password, mysql_x509))
+        "CREATE USER IF NOT EXISTS \'{0}\'@\'%%\' IDENTIFIED BY \'{1}\' {2}".format(
+            user, password, mysql_x509))
+    root_engine.execute(
+        "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\'".format(database, user))
     logger.info("Created user {0} for {1}".format(user, database))
 except:
     logger.critical("Could not create user {0} for {1}".format(user, database))
diff --git a/charts/barbican/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/barbican/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
index 9597d34..3963bd4 100644
--- a/charts/barbican/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
+++ b/charts/barbican/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
@@ -214,7 +214,7 @@
   fi
 
   # load balance delay
-  DELAY=$((1 + ${RANDOM} % 300))
+  DELAY=$((1 + ${RANDOM} % 30))
   echo "Sleeping for ${DELAY} seconds to spread the load in time..."
   sleep ${DELAY}
 
@@ -231,31 +231,17 @@
     return 2
   fi
 
-  # load balance delay
-  DELAY=$((1 + ${RANDOM} % 300))
-  echo "Sleeping for ${DELAY} seconds to spread the load in time..."
-  sleep ${DELAY}
-
-  # Calculation remote file SHA256 hash
-  REMOTE_FILE=$(mktemp -p /tmp)
-  openstack object save --file ${REMOTE_FILE} $CONTAINER_NAME $FILE
-  if [[ $? -ne 0 ]]; then
-    log WARN "${DB_NAME}_backup" "Unable to save container object $FILE for SHA256 hash verification."
-    rm -rf ${REMOTE_FILE}
-    return 1
-  fi
-
   # Remote backup verification
-  SHA256_REMOTE=$(cat ${REMOTE_FILE} | sha256sum | awk '{print $1}')
-  SHA256_LOCAL=$(cat ${FILEPATH}/${FILE} | sha256sum | awk '{print $1}')
-  log INFO "${DB_NAME}_backup" "Calculated SHA256 hashes for the file $FILE in container $CONTAINER_NAME."
-  log INFO "${DB_NAME}_backup" "Local SHA256 hash is ${SHA256_LOCAL}."
-  log INFO "${DB_NAME}_backup" "Remote SHA256 hash is ${SHA256_REMOTE}."
-  if [[ "${SHA256_LOCAL}" == "${SHA256_REMOTE}" ]]; then
-      log INFO "${DB_NAME}_backup" "The local backup & remote backup SHA256 hash values are matching for file $FILE in container $CONTAINER_NAME."
+  MD5_REMOTE=$(openstack object show $CONTAINER_NAME $FILE -f json | jq -r ".etag")
+  MD5_LOCAL=$(cat ${FILEPATH}/${FILE} | md5sum | awk '{print $1}')
+  log INFO "${DB_NAME}_backup" "Obtained MD5 hash for the file $FILE in container $CONTAINER_NAME."
+  log INFO "${DB_NAME}_backup" "Local MD5 hash is ${MD5_LOCAL}."
+  log INFO "${DB_NAME}_backup" "Remote MD5 hash is ${MD5_REMOTE}."
+  if [[ "${MD5_LOCAL}" == "${MD5_REMOTE}" ]]; then
+      log INFO "${DB_NAME}_backup" "The local backup & remote backup MD5 hash values are matching for file $FILE in container $CONTAINER_NAME."
   else
-      log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup sha256 hash values"
-      return 1
+      log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values"
+      return 2
   fi
   rm -rf ${REMOTE_FILE}
 
diff --git a/charts/barbican/requirements.lock b/charts/barbican/requirements.lock
index 473e717..3445f12 100644
--- a/charts/barbican/requirements.lock
+++ b/charts/barbican/requirements.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: helm-toolkit
   repository: file://../../openstack-helm-infra/helm-toolkit
-  version: 0.2.51
-digest: sha256:9fe05ff9103d825422e13cdd8ce9852c3dacfadc12751b7883affdbe483b1b3b
-generated: "2023-01-30T23:09:57.120939961Z"
+  version: 0.2.53
+digest: sha256:f8f4fbba6f638b79447f7e458933b07deb792ae30a14df5900bde542cf0e64a6
+generated: "2023-05-16T04:42:23.959522481Z"
diff --git a/charts/barbican/templates/configmap-etc.yaml b/charts/barbican/templates/configmap-etc.yaml
index d9323e0..05123b4 100644
--- a/charts/barbican/templates/configmap-etc.yaml
+++ b/charts/barbican/templates/configmap-etc.yaml
@@ -49,6 +49,10 @@
 {{- $_ := set .Values.conf.barbican.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
 {{- end -}}
 
+{{- if not .Values.conf.paste }}
+{{- $_ := set $envAll.Values.conf.barbican.DEFAULT "api_paste_config" "/var/lib/openstack/etc/barbican/barbican-api-paste.ini" -}}
+{{- end }}
+
 {{- if empty .Values.conf.barbican.DEFAULT.sql_connection -}}
 {{- $connection := tuple "oslo_db" "internal" "barbican" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" -}}
 {{- if .Values.manifests.certificates -}}
@@ -96,7 +100,9 @@
 data:
   barbican.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.barbican | b64enc }}
   logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
+  {{- if .Values.conf.paste }}
   barbican-api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
+  {{- end }}
   api_audit_map.conf: {{ include "helm-toolkit.utils.to_ini" .Values.conf.audit_map | b64enc }}
   policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
   barbican-api.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.barbican_api | b64enc }}
diff --git a/charts/barbican/templates/deployment-api.yaml b/charts/barbican/templates/deployment-api.yaml
index 4e281d9..3ecf624 100644
--- a/charts/barbican/templates/deployment-api.yaml
+++ b/charts/barbican/templates/deployment-api.yaml
@@ -106,10 +106,12 @@
               mountPath: /etc/barbican/api_audit_map.conf
               subPath: api_audit_map.conf
               readOnly: true
+            {{- if .Values.conf.paste }}
             - name: barbican-etc
               mountPath: /etc/barbican/barbican-api-paste.ini
               subPath: barbican-api-paste.ini
               readOnly: true
+            {{- end }}
             - name: barbican-etc
               mountPath: /etc/barbican/policy.yaml
               subPath: policy.yaml
diff --git a/charts/barbican/values.yaml b/charts/barbican/values.yaml
index 5c598ed..1f30742 100644
--- a/charts/barbican/values.yaml
+++ b/charts/barbican/values.yaml
@@ -85,6 +85,9 @@
         - key: node-role.kubernetes.io/master
           operator: Exists
           effect: NoSchedule
+        - key: node-role.kubernetes.io/control-plane
+          operator: Exists
+          effect: NoSchedule
   mounts:
     barbican_api:
       init_container: null
@@ -287,49 +290,7 @@
           service: oslo_messaging
 
 conf:
-  paste:
-    composite:main:
-      use: egg:Paste#urlmap
-      /: barbican_version
-      /v1: barbican-api-keystone
-    pipeline:barbican_version:
-      pipeline: cors http_proxy_to_wsgi versionapp
-    pipeline:barbican_api:
-      pipeline: cors http_proxy_to_wsgi unauthenticated-context apiapp
-    pipeline:barbican-profile:
-      pipeline: cors http_proxy_to_wsgi unauthenticated-context egg:Paste#cgitb egg:Paste#httpexceptions profile apiapp
-    pipeline:barbican-api-keystone:
-      pipeline: cors http_proxy_to_wsgi authtoken context apiapp
-    pipeline:barbican-api-keystone-audit:
-      pipeline: http_proxy_to_wsgi authtoken context audit apiapp
-    app:apiapp:
-      paste.app_factory: barbican.api.app:create_main_app
-    app:versionapp:
-      paste.app_factory: barbican.api.app:create_version_app
-    filter:simple:
-      paste.filter_factory: barbican.api.middleware.simple:SimpleFilter.factory
-    filter:unauthenticated-context:
-      paste.filter_factory: barbican.api.middleware.context:UnauthenticatedContextMiddleware.factory
-    filter:context:
-      paste.filter_factory: barbican.api.middleware.context:ContextMiddleware.factory
-    filter:audit:
-      paste.filter_factory: keystonemiddleware.audit:filter_factory
-      audit_map_file: /etc/barbican/api_audit_map.conf
-    filter:authtoken:
-      paste.filter_factory: keystonemiddleware.auth_token:filter_factory
-    filter:profile:
-      use: egg:repoze.profile
-      log_filename: myapp.profile
-      cachegrind_filename: cachegrind.out.myapp
-      discard_first_request: true
-      path: /__profile__
-      flush_at_shutdown: true
-      unwind: false
-    filter:cors:
-      paste.filter_factory: oslo_middleware.cors:filter_factory
-      oslo_config_project: barbican
-    filter:http_proxy_to_wsgi:
-      paste.filter_factory: oslo_middleware:HTTPProxyToWSGI.factory
+  paste: {}
   policy: {}
   audit_map:
     DEFAULT:
@@ -374,6 +335,7 @@
       auth_version: v3
       memcache_security_strategy: ENCRYPT
       memcache_secret_key: null
+      service_type: key-manager
     database:
       max_retries: -1
     barbican_api:
diff --git a/charts/cinder/Chart.yaml b/charts/cinder/Chart.yaml
index af91098..c00ca66 100644
--- a/charts/cinder/Chart.yaml
+++ b/charts/cinder/Chart.yaml
@@ -9,4 +9,4 @@
 sources:
 - https://opendev.org/openstack/cinder
 - https://opendev.org/openstack/openstack-helm
-version: 0.3.4
+version: 0.3.10
diff --git a/charts/cinder/charts/helm-toolkit/Chart.yaml b/charts/cinder/charts/helm-toolkit/Chart.yaml
index c1296b9..7d3703e 100644
--- a/charts/cinder/charts/helm-toolkit/Chart.yaml
+++ b/charts/cinder/charts/helm-toolkit/Chart.yaml
@@ -9,4 +9,4 @@
 sources:
 - https://opendev.org/openstack/openstack-helm-infra
 - https://opendev.org/openstack/openstack-helm
-version: 0.2.51
+version: 0.2.53
diff --git a/charts/cinder/charts/helm-toolkit/templates/scripts/_db-init.py.tpl b/charts/cinder/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
index 4294d40..6027b95 100644
--- a/charts/cinder/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
+++ b/charts/cinder/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
@@ -133,8 +133,10 @@
 # Create DB User
 try:
     root_engine.execute(
-        "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\' IDENTIFIED BY \'{2}\' {3}".format(
-            database, user, password, mysql_x509))
+        "CREATE USER IF NOT EXISTS \'{0}\'@\'%%\' IDENTIFIED BY \'{1}\' {2}".format(
+            user, password, mysql_x509))
+    root_engine.execute(
+        "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\'".format(database, user))
     logger.info("Created user {0} for {1}".format(user, database))
 except:
     logger.critical("Could not create user {0} for {1}".format(user, database))
diff --git a/charts/cinder/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/cinder/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
index 9597d34..3963bd4 100644
--- a/charts/cinder/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
+++ b/charts/cinder/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
@@ -214,7 +214,7 @@
   fi
 
   # load balance delay
-  DELAY=$((1 + ${RANDOM} % 300))
+  DELAY=$((1 + ${RANDOM} % 30))
   echo "Sleeping for ${DELAY} seconds to spread the load in time..."
   sleep ${DELAY}
 
@@ -231,31 +231,17 @@
     return 2
   fi
 
-  # load balance delay
-  DELAY=$((1 + ${RANDOM} % 300))
-  echo "Sleeping for ${DELAY} seconds to spread the load in time..."
-  sleep ${DELAY}
-
-  # Calculation remote file SHA256 hash
-  REMOTE_FILE=$(mktemp -p /tmp)
-  openstack object save --file ${REMOTE_FILE} $CONTAINER_NAME $FILE
-  if [[ $? -ne 0 ]]; then
-    log WARN "${DB_NAME}_backup" "Unable to save container object $FILE for SHA256 hash verification."
-    rm -rf ${REMOTE_FILE}
-    return 1
-  fi
-
   # Remote backup verification
-  SHA256_REMOTE=$(cat ${REMOTE_FILE} | sha256sum | awk '{print $1}')
-  SHA256_LOCAL=$(cat ${FILEPATH}/${FILE} | sha256sum | awk '{print $1}')
-  log INFO "${DB_NAME}_backup" "Calculated SHA256 hashes for the file $FILE in container $CONTAINER_NAME."
-  log INFO "${DB_NAME}_backup" "Local SHA256 hash is ${SHA256_LOCAL}."
-  log INFO "${DB_NAME}_backup" "Remote SHA256 hash is ${SHA256_REMOTE}."
-  if [[ "${SHA256_LOCAL}" == "${SHA256_REMOTE}" ]]; then
-      log INFO "${DB_NAME}_backup" "The local backup & remote backup SHA256 hash values are matching for file $FILE in container $CONTAINER_NAME."
+  MD5_REMOTE=$(openstack object show $CONTAINER_NAME $FILE -f json | jq -r ".etag")
+  MD5_LOCAL=$(cat ${FILEPATH}/${FILE} | md5sum | awk '{print $1}')
+  log INFO "${DB_NAME}_backup" "Obtained MD5 hash for the file $FILE in container $CONTAINER_NAME."
+  log INFO "${DB_NAME}_backup" "Local MD5 hash is ${MD5_LOCAL}."
+  log INFO "${DB_NAME}_backup" "Remote MD5 hash is ${MD5_REMOTE}."
+  if [[ "${MD5_LOCAL}" == "${MD5_REMOTE}" ]]; then
+      log INFO "${DB_NAME}_backup" "The local backup & remote backup MD5 hash values are matching for file $FILE in container $CONTAINER_NAME."
   else
-      log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup sha256 hash values"
-      return 1
+      log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values"
+      return 2
   fi
   rm -rf ${REMOTE_FILE}
 
diff --git a/charts/cinder/requirements.lock b/charts/cinder/requirements.lock
index e75149c..7dbeee4 100644
--- a/charts/cinder/requirements.lock
+++ b/charts/cinder/requirements.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: helm-toolkit
   repository: file://../../openstack-helm-infra/helm-toolkit
-  version: 0.2.51
-digest: sha256:9fe05ff9103d825422e13cdd8ce9852c3dacfadc12751b7883affdbe483b1b3b
-generated: "2023-01-30T23:09:56.648802173Z"
+  version: 0.2.53
+digest: sha256:f8f4fbba6f638b79447f7e458933b07deb792ae30a14df5900bde542cf0e64a6
+generated: "2023-05-16T04:42:12.4446189Z"
diff --git a/charts/cinder/templates/bin/_backup-storage-init.sh.tpl b/charts/cinder/templates/bin/_backup-storage-init.sh.tpl
index cd2389c..a50ecb7 100644
--- a/charts/cinder/templates/bin/_backup-storage-init.sh.tpl
+++ b/charts/cinder/templates/bin/_backup-storage-init.sh.tpl
@@ -37,7 +37,7 @@
     fi
     size_protection=$(ceph osd pool get $1 nosizechange | cut -f2 -d: | tr -d '[:space:]')
     ceph osd pool set $1 nosizechange 0
-    ceph osd pool set $1 size ${RBD_POOL_REPLICATION}
+    ceph osd pool set $1 size ${RBD_POOL_REPLICATION} --yes-i-really-mean-it
     ceph osd pool set $1 nosizechange ${size_protection}
     ceph osd pool set $1 crush_rule "${RBD_POOL_CRUSH_RULE}"
   }
diff --git a/charts/cinder/templates/bin/_storage-init.sh.tpl b/charts/cinder/templates/bin/_storage-init.sh.tpl
index a43115e..4f945e2 100644
--- a/charts/cinder/templates/bin/_storage-init.sh.tpl
+++ b/charts/cinder/templates/bin/_storage-init.sh.tpl
@@ -34,7 +34,7 @@
     fi
     size_protection=$(ceph osd pool get $1 nosizechange | cut -f2 -d: | tr -d '[:space:]')
     ceph osd pool set $1 nosizechange 0
-    ceph osd pool set $1 size ${RBD_POOL_REPLICATION}
+    ceph osd pool set $1 size ${RBD_POOL_REPLICATION} --yes-i-really-mean-it
     ceph osd pool set $1 nosizechange ${size_protection}
     ceph osd pool set $1 crush_rule "${RBD_POOL_CRUSH_RULE}"
   }
diff --git a/charts/cinder/templates/configmap-etc.yaml b/charts/cinder/templates/configmap-etc.yaml
index 5010ab9..452883b 100644
--- a/charts/cinder/templates/configmap-etc.yaml
+++ b/charts/cinder/templates/configmap-etc.yaml
@@ -72,6 +72,10 @@
 {{- $_ := set $envAll.Values.conf.cinder.nova "password" $envAll.Values.endpoints.identity.auth.cinder.password -}}
 {{- end -}}
 
+{{- if not .Values.conf.paste }}
+{{- $_ := set $envAll.Values.conf.cinder.DEFAULT "api_paste_config" "/var/lib/openstack/etc/cinder/api-paste.ini" -}}
+{{- end }}
+
 {{- if empty .Values.conf.cinder.database.connection -}}
 {{- $connection := tuple "oslo_db" "internal" "cinder" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" -}}
 {{- if .Values.manifests.certificates -}}
@@ -167,7 +171,9 @@
   cinder.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.cinder | b64enc }}
   logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
   backends.conf: {{ include "helm-toolkit.utils.to_ini" .Values.conf.backends | b64enc }}
+  {{- if .Values.conf.paste }}
   api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
+  {{- end }}
   policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
 {{- if .Values.manifests.certificates }}
 {{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.mpm_event "key" "mpm_event.conf" "format" "Secret" ) | indent 2 }}
diff --git a/charts/cinder/templates/deployment-api.yaml b/charts/cinder/templates/deployment-api.yaml
index 8ef5754..4416022 100644
--- a/charts/cinder/templates/deployment-api.yaml
+++ b/charts/cinder/templates/deployment-api.yaml
@@ -128,10 +128,12 @@
               subPath: {{ base .Values.conf.cinder.DEFAULT.log_config_append }}
               readOnly: true
             {{- end }}
+            {{- if .Values.conf.paste }}
             - name: cinder-etc
               mountPath: /etc/cinder/api-paste.ini
               subPath: api-paste.ini
               readOnly: true
+            {{- end }}
             - name: cinder-etc
               mountPath: /etc/cinder/policy.yaml
               subPath: policy.yaml
diff --git a/charts/cinder/templates/deployment-scheduler.yaml b/charts/cinder/templates/deployment-scheduler.yaml
index cf69dd1..875f6ca 100644
--- a/charts/cinder/templates/deployment-scheduler.yaml
+++ b/charts/cinder/templates/deployment-scheduler.yaml
@@ -95,10 +95,12 @@
               subPath: {{ base .Values.conf.cinder.DEFAULT.log_config_append }}
               readOnly: true
             {{- end }}
+            {{- if .Values.conf.paste }}
             - name: cinder-etc
               mountPath: /etc/cinder/api-paste.ini
               subPath: api-paste.ini
               readOnly: true
+            {{- end }}
             - name: cinder-etc
               mountPath: /etc/cinder/policy.yaml
               subPath: policy.yaml
diff --git a/charts/cinder/values.yaml b/charts/cinder/values.yaml
index 06412f5..4fa8418 100644
--- a/charts/cinder/values.yaml
+++ b/charts/cinder/values.yaml
@@ -55,9 +55,9 @@
     cinder_scheduler: docker.io/openstackhelm/cinder:wallaby-ubuntu_focal
     cinder_volume: docker.io/openstackhelm/cinder:wallaby-ubuntu_focal
     cinder_volume_usage_audit: docker.io/openstackhelm/cinder:wallaby-ubuntu_focal
-    cinder_storage_init: docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_bionic
+    cinder_storage_init: docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_focal
     cinder_backup: docker.io/openstackhelm/cinder:wallaby-ubuntu_focal
-    cinder_backup_storage_init: docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_bionic
+    cinder_backup_storage_init: docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_focal
     dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
     image_repo_sync: docker.io/docker:17.07.0
   pull_policy: "IfNotPresent"
@@ -183,6 +183,9 @@
       - key: node-role.kubernetes.io/master
         operator: Exists
         effect: NoSchedule
+      - key: node-role.kubernetes.io/control-plane
+        operator: Exists
+        effect: NoSchedule
   useHostNetwork:
     volume: false
     backup: false
@@ -430,60 +433,7 @@
       global: null
       osd: null
 conf:
-  paste:
-    composite:osapi_volume:
-      use: call:cinder.api:root_app_factory
-      /: apiversions
-      /v1: openstack_volume_api_v1
-      /v2: openstack_volume_api_v2
-      /v3: openstack_volume_api_v3
-    composite:openstack_volume_api_v1:
-      use: call:cinder.api.middleware.auth:pipeline_factory
-      noauth: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv1
-      keystone: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken audit keystonecontext apiv1
-      keystone_nolimit: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken audit keystonecontext apiv1
-    composite:openstack_volume_api_v2:
-      use: call:cinder.api.middleware.auth:pipeline_factory
-      noauth: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv2
-      keystone: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken audit keystonecontext apiv2
-      keystone_nolimit: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken audit keystonecontext apiv2
-    composite:openstack_volume_api_v3:
-      use: call:cinder.api.middleware.auth:pipeline_factory
-      noauth: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv3
-      keystone: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken audit keystonecontext apiv3
-      keystone_nolimit: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken audit keystonecontext apiv3
-    filter:request_id:
-      paste.filter_factory: oslo_middleware.request_id:RequestId.factory
-    filter:http_proxy_to_wsgi:
-      paste.filter_factory: oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory
-    filter:cors:
-      paste.filter_factory: oslo_middleware.cors:filter_factory
-      oslo_config_project: cinder
-    filter:faultwrap:
-      paste.filter_factory: cinder.api.middleware.fault:FaultWrapper.factory
-    filter:osprofiler:
-      paste.filter_factory: osprofiler.web:WsgiMiddleware.factory
-    filter:noauth:
-      paste.filter_factory: cinder.api.middleware.auth:NoAuthMiddleware.factory
-    filter:sizelimit:
-      paste.filter_factory: oslo_middleware.sizelimit:RequestBodySizeLimiter.factory
-    app:apiv1:
-      paste.app_factory: cinder.api.v1.router:APIRouter.factory
-    app:apiv2:
-      paste.app_factory: cinder.api.v2.router:APIRouter.factory
-    app:apiv3:
-      paste.app_factory: cinder.api.v3.router:APIRouter.factory
-    pipeline:apiversions:
-      pipeline: cors http_proxy_to_wsgi faultwrap osvolumeversionapp
-    app:osvolumeversionapp:
-      paste.app_factory: cinder.api.versions:Versions.factory
-    filter:keystonecontext:
-      paste.filter_factory: cinder.api.middleware.auth:CinderKeystoneContext.factory
-    filter:authtoken:
-      paste.filter_factory: keystonemiddleware.auth_token:filter_factory
-    filter:audit:
-      paste.filter_factory: keystonemiddleware.audit:filter_factory
-      audit_map_file: /etc/cinder/api_audit_map.conf
+  paste: {}
   policy: {}
   api_audit_map:
     DEFAULT:
@@ -826,6 +776,7 @@
       auth_version: v3
       auth_type: password
       memcache_security_strategy: ENCRYPT
+      service_type: volumev3
     nova:
       auth_type: password
       auth_version: v3
diff --git a/charts/designate/Chart.yaml b/charts/designate/Chart.yaml
index 4fc1a35..0f3543b 100644
--- a/charts/designate/Chart.yaml
+++ b/charts/designate/Chart.yaml
@@ -9,4 +9,4 @@
 sources:
 - https://opendev.org/openstack/designate
 - https://opendev.org/openstack/openstack-helm
-version: 0.2.8
+version: 0.2.9
diff --git a/charts/designate/charts/helm-toolkit/Chart.yaml b/charts/designate/charts/helm-toolkit/Chart.yaml
index c1296b9..7d3703e 100644
--- a/charts/designate/charts/helm-toolkit/Chart.yaml
+++ b/charts/designate/charts/helm-toolkit/Chart.yaml
@@ -9,4 +9,4 @@
 sources:
 - https://opendev.org/openstack/openstack-helm-infra
 - https://opendev.org/openstack/openstack-helm
-version: 0.2.51
+version: 0.2.53
diff --git a/charts/designate/charts/helm-toolkit/templates/scripts/_db-init.py.tpl b/charts/designate/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
index 4294d40..6027b95 100644
--- a/charts/designate/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
+++ b/charts/designate/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
@@ -133,8 +133,10 @@
 # Create DB User
 try:
     root_engine.execute(
-        "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\' IDENTIFIED BY \'{2}\' {3}".format(
-            database, user, password, mysql_x509))
+        "CREATE USER IF NOT EXISTS \'{0}\'@\'%%\' IDENTIFIED BY \'{1}\' {2}".format(
+            user, password, mysql_x509))
+    root_engine.execute(
+        "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\'".format(database, user))
     logger.info("Created user {0} for {1}".format(user, database))
 except:
     logger.critical("Could not create user {0} for {1}".format(user, database))
diff --git a/charts/designate/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/designate/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
index 9597d34..3963bd4 100644
--- a/charts/designate/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
+++ b/charts/designate/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
@@ -214,7 +214,7 @@
   fi
 
   # load balance delay
-  DELAY=$((1 + ${RANDOM} % 300))
+  DELAY=$((1 + ${RANDOM} % 30))
   echo "Sleeping for ${DELAY} seconds to spread the load in time..."
   sleep ${DELAY}
 
@@ -231,31 +231,17 @@
     return 2
   fi
 
-  # load balance delay
-  DELAY=$((1 + ${RANDOM} % 300))
-  echo "Sleeping for ${DELAY} seconds to spread the load in time..."
-  sleep ${DELAY}
-
-  # Calculation remote file SHA256 hash
-  REMOTE_FILE=$(mktemp -p /tmp)
-  openstack object save --file ${REMOTE_FILE} $CONTAINER_NAME $FILE
-  if [[ $? -ne 0 ]]; then
-    log WARN "${DB_NAME}_backup" "Unable to save container object $FILE for SHA256 hash verification."
-    rm -rf ${REMOTE_FILE}
-    return 1
-  fi
-
   # Remote backup verification
-  SHA256_REMOTE=$(cat ${REMOTE_FILE} | sha256sum | awk '{print $1}')
-  SHA256_LOCAL=$(cat ${FILEPATH}/${FILE} | sha256sum | awk '{print $1}')
-  log INFO "${DB_NAME}_backup" "Calculated SHA256 hashes for the file $FILE in container $CONTAINER_NAME."
-  log INFO "${DB_NAME}_backup" "Local SHA256 hash is ${SHA256_LOCAL}."
-  log INFO "${DB_NAME}_backup" "Remote SHA256 hash is ${SHA256_REMOTE}."
-  if [[ "${SHA256_LOCAL}" == "${SHA256_REMOTE}" ]]; then
-      log INFO "${DB_NAME}_backup" "The local backup & remote backup SHA256 hash values are matching for file $FILE in container $CONTAINER_NAME."
+  MD5_REMOTE=$(openstack object show $CONTAINER_NAME $FILE -f json | jq -r ".etag")
+  MD5_LOCAL=$(cat ${FILEPATH}/${FILE} | md5sum | awk '{print $1}')
+  log INFO "${DB_NAME}_backup" "Obtained MD5 hash for the file $FILE in container $CONTAINER_NAME."
+  log INFO "${DB_NAME}_backup" "Local MD5 hash is ${MD5_LOCAL}."
+  log INFO "${DB_NAME}_backup" "Remote MD5 hash is ${MD5_REMOTE}."
+  if [[ "${MD5_LOCAL}" == "${MD5_REMOTE}" ]]; then
+      log INFO "${DB_NAME}_backup" "The local backup & remote backup MD5 hash values are matching for file $FILE in container $CONTAINER_NAME."
   else
-      log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup sha256 hash values"
-      return 1
+      log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values"
+      return 2
   fi
   rm -rf ${REMOTE_FILE}
 
diff --git a/charts/designate/requirements.lock b/charts/designate/requirements.lock
index 9853876..f777df3 100644
--- a/charts/designate/requirements.lock
+++ b/charts/designate/requirements.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: helm-toolkit
   repository: file://../../openstack-helm-infra/helm-toolkit
-  version: 0.2.51
-digest: sha256:9fe05ff9103d825422e13cdd8ce9852c3dacfadc12751b7883affdbe483b1b3b
-generated: "2023-01-30T23:09:51.745359873Z"
+  version: 0.2.53
+digest: sha256:f8f4fbba6f638b79447f7e458933b07deb792ae30a14df5900bde542cf0e64a6
+generated: "2023-05-16T04:42:10.377378167Z"
diff --git a/charts/designate/templates/configmap-etc.yaml b/charts/designate/templates/configmap-etc.yaml
index dd1d4a2..1147959 100644
--- a/charts/designate/templates/configmap-etc.yaml
+++ b/charts/designate/templates/configmap-etc.yaml
@@ -53,6 +53,10 @@
 {{- $_ := set .Values.conf.designate.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
 {{- end -}}
 
+{{- if not .Values.conf.paste }}
+{{- $_ := set $envAll.Values.conf.designate.DEFAULT "api_paste_config" "/var/lib/openstack/etc/designate/api-paste.ini" -}}
+{{- end }}
+
 {{- if empty (index .Values.conf.designate "storage:sqlalchemy").connection -}}
 {{- $_ := tuple "oslo_db" "internal" "designate" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set (index .Values.conf.designate "storage:sqlalchemy") "connection" -}}
 {{- $_ := tuple "oslo_db" "internal" "designate" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.designate.database "connection" -}}
@@ -73,7 +77,9 @@
 type: Opaque
 data:
   designate.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.designate | b64enc }}
+  {{- if .Values.conf.paste }}
   api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
+  {{- end }}
   policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
   logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
 {{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.pools "key" "pools.yaml" "format" "Secret" ) | indent 2 }}
diff --git a/charts/designate/templates/deployment-api.yaml b/charts/designate/templates/deployment-api.yaml
index b6680d8..00aa23a 100644
--- a/charts/designate/templates/deployment-api.yaml
+++ b/charts/designate/templates/deployment-api.yaml
@@ -84,10 +84,12 @@
               mountPath: /etc/designate/designate.conf
               subPath: designate.conf
               readOnly: true
+            {{- if .Values.conf.paste }}
             - name: designate-etc
               mountPath: /etc/designate/api-paste.ini
               subPath: api-paste.ini
               readOnly: true
+            {{- end }}
             - name: designate-etc
               mountPath: /etc/designate/policy.yaml
               subPath: policy.yaml
diff --git a/charts/designate/templates/deployment-central.yaml b/charts/designate/templates/deployment-central.yaml
index 02d9f3c..9790caf 100644
--- a/charts/designate/templates/deployment-central.yaml
+++ b/charts/designate/templates/deployment-central.yaml
@@ -69,10 +69,12 @@
               mountPath: /etc/designate/designate.conf
               subPath: designate.conf
               readOnly: true
+            {{- if .Values.conf.paste }}
             - name: designate-etc
               mountPath: /etc/designate/api-paste.ini
               subPath: api-paste.ini
               readOnly: true
+            {{- end }}
             - name: designate-etc
               mountPath: /etc/designate/policy.yaml
               subPath: policy.yaml
diff --git a/charts/designate/templates/deployment-mdns.yaml b/charts/designate/templates/deployment-mdns.yaml
index d58f630..825fa38 100644
--- a/charts/designate/templates/deployment-mdns.yaml
+++ b/charts/designate/templates/deployment-mdns.yaml
@@ -80,10 +80,12 @@
               mountPath: /etc/designate/designate.conf
               subPath: designate.conf
               readOnly: true
+            {{- if .Values.conf.paste }}
             - name: designate-etc
               mountPath: /etc/designate/api-paste.ini
               subPath: api-paste.ini
               readOnly: true
+            {{- end }}
             - name: designate-etc
               mountPath: /etc/designate/policy.yaml
               subPath: policy.yaml
diff --git a/charts/designate/templates/deployment-producer.yaml b/charts/designate/templates/deployment-producer.yaml
index 491dbad..553a0c4 100644
--- a/charts/designate/templates/deployment-producer.yaml
+++ b/charts/designate/templates/deployment-producer.yaml
@@ -69,10 +69,12 @@
               mountPath: /etc/designate/designate.conf
               subPath: designate.conf
               readOnly: true
+            {{- if .Values.conf.paste }}
             - name: designate-etc
               mountPath: /etc/designate/api-paste.ini
               subPath: api-paste.ini
               readOnly: true
+            {{- end }}
             - name: designate-etc
               mountPath: /etc/designate/policy.yaml
               subPath: policy.yaml
diff --git a/charts/designate/templates/deployment-worker.yaml b/charts/designate/templates/deployment-worker.yaml
index 74f9c99..4b4ae3c 100644
--- a/charts/designate/templates/deployment-worker.yaml
+++ b/charts/designate/templates/deployment-worker.yaml
@@ -94,10 +94,12 @@
               mountPath: /etc/designate/designate.conf
               subPath: designate.conf
               readOnly: true
+            {{- if .Values.conf.paste }}
             - name: designate-etc
               mountPath: /etc/designate/api-paste.ini
               subPath: api-paste.ini
               readOnly: true
+            {{- end }}
             - name: designate-etc
               mountPath: /etc/designate/policy.yaml
               subPath: policy.yaml
diff --git a/charts/designate/values.yaml b/charts/designate/values.yaml
index ea2c2aa..5f85acf 100644
--- a/charts/designate/values.yaml
+++ b/charts/designate/values.yaml
@@ -396,51 +396,7 @@
             port: {{ tuple "powerdns" "internal" "powerdns" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
             api_endpoint: http://${POWERDNS_SERVICE_HOST}:{{ tuple "powerdns" "internal" "powerdns_api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
             api_token: {{ tuple "powerdns" "service" . | include "helm-toolkit.endpoints.endpoint_token_lookup" }}
-  paste:
-    composite:osapi_dns:
-      use: egg:Paste#urlmap
-      /: osapi_dns_versions
-      /v2: osapi_dns_v2
-      /admin: osapi_dns_admin
-    composite:osapi_dns_versions:
-      use: call:designate.api.middleware:auth_pipeline_factory
-      noauth: http_proxy_to_wsgi cors maintenance faultwrapper osapi_dns_app_versions
-      keystone: http_proxy_to_wsgi cors maintenance faultwrapper osapi_dns_app_versions
-    app:osapi_dns_app_versions:
-      paste.app_factory: designate.api.versions:factory
-    composite:osapi_dns_v2:
-      use: call:designate.api.middleware:auth_pipeline_factory
-      noauth: http_proxy_to_wsgi cors request_id faultwrapper validation_API_v2 noauthcontext maintenance normalizeuri osapi_dns_app_v2
-      keystone: http_proxy_to_wsgi cors request_id faultwrapper validation_API_v2 authtoken keystonecontext maintenance normalizeuri osapi_dns_app_v2
-    app:osapi_dns_app_v2:
-      paste.app_factory: designate.api.v2:factory
-    composite:osapi_dns_admin:
-      use: call:designate.api.middleware:auth_pipeline_factory
-      noauth: http_proxy_to_wsgi cors request_id faultwrapper noauthcontext maintenance normalizeuri osapi_dns_app_admin
-      keystone: http_proxy_to_wsgi cors request_id faultwrapper authtoken keystonecontext maintenance normalizeuri osapi_dns_app_admin
-    app:osapi_dns_app_admin:
-      paste.app_factory: designate.api.admin:factory
-    filter:cors:
-      paste.filter_factory: oslo_middleware.cors:filter_factory
-      oslo_config_project: designate
-    filter:request_id:
-      paste.filter_factory: oslo_middleware:RequestId.factory
-    filter:http_proxy_to_wsgi:
-      paste.filter_factory: oslo_middleware:HTTPProxyToWSGI.factory
-    filter:noauthcontext:
-      paste.filter_factory: designate.api.middleware:NoAuthContextMiddleware.factory
-    filter:authtoken:
-      paste.filter_factory: keystonemiddleware.auth_token:filter_factory
-    filter:keystonecontext:
-      paste.filter_factory: designate.api.middleware:KeystoneContextMiddleware.factory
-    filter:maintenance:
-      paste.filter_factory: designate.api.middleware:MaintenanceMiddleware.factory
-    filter:normalizeuri:
-      paste.filter_factory: designate.api.middleware:NormalizeURIMiddleware.factory
-    filter:faultwrapper:
-      paste.filter_factory: designate.api.middleware:FaultWrapperMiddleware.factory
-    filter:validation_API_v2:
-      paste.filter_factory: designate.api.middleware:APIv2ValidationErrorMiddleware.factory
+  paste: {}
   policy: {}
   designate:
     DEFAULT:
@@ -467,6 +423,7 @@
       auth_version: v3
       auth_type: password
       memcache_security_strategy: ENCRYPT
+      service_type: dns
   logging:
     loggers:
       keys:
diff --git a/charts/glance/Chart.yaml b/charts/glance/Chart.yaml
index 0650294..c0837b8 100644
--- a/charts/glance/Chart.yaml
+++ b/charts/glance/Chart.yaml
@@ -9,4 +9,4 @@
 sources:
 - https://opendev.org/openstack/glance
 - https://opendev.org/openstack/openstack-helm
-version: 0.4.1
+version: 0.4.6
diff --git a/charts/glance/charts/helm-toolkit/Chart.yaml b/charts/glance/charts/helm-toolkit/Chart.yaml
index c1296b9..7d3703e 100644
--- a/charts/glance/charts/helm-toolkit/Chart.yaml
+++ b/charts/glance/charts/helm-toolkit/Chart.yaml
@@ -9,4 +9,4 @@
 sources:
 - https://opendev.org/openstack/openstack-helm-infra
 - https://opendev.org/openstack/openstack-helm
-version: 0.2.51
+version: 0.2.53
diff --git a/charts/glance/charts/helm-toolkit/templates/scripts/_db-init.py.tpl b/charts/glance/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
index 4294d40..6027b95 100644
--- a/charts/glance/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
+++ b/charts/glance/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
@@ -133,8 +133,10 @@
 # Create DB User
 try:
     root_engine.execute(
-        "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\' IDENTIFIED BY \'{2}\' {3}".format(
-            database, user, password, mysql_x509))
+        "CREATE USER IF NOT EXISTS \'{0}\'@\'%%\' IDENTIFIED BY \'{1}\' {2}".format(
+            user, password, mysql_x509))
+    root_engine.execute(
+        "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\'".format(database, user))
     logger.info("Created user {0} for {1}".format(user, database))
 except:
     logger.critical("Could not create user {0} for {1}".format(user, database))
diff --git a/charts/glance/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/glance/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
index 9597d34..3963bd4 100644
--- a/charts/glance/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
+++ b/charts/glance/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
@@ -214,7 +214,7 @@
   fi
 
   # load balance delay
-  DELAY=$((1 + ${RANDOM} % 300))
+  DELAY=$((1 + ${RANDOM} % 30))
   echo "Sleeping for ${DELAY} seconds to spread the load in time..."
   sleep ${DELAY}
 
@@ -231,31 +231,17 @@
     return 2
   fi
 
-  # load balance delay
-  DELAY=$((1 + ${RANDOM} % 300))
-  echo "Sleeping for ${DELAY} seconds to spread the load in time..."
-  sleep ${DELAY}
-
-  # Calculation remote file SHA256 hash
-  REMOTE_FILE=$(mktemp -p /tmp)
-  openstack object save --file ${REMOTE_FILE} $CONTAINER_NAME $FILE
-  if [[ $? -ne 0 ]]; then
-    log WARN "${DB_NAME}_backup" "Unable to save container object $FILE for SHA256 hash verification."
-    rm -rf ${REMOTE_FILE}
-    return 1
-  fi
-
   # Remote backup verification
-  SHA256_REMOTE=$(cat ${REMOTE_FILE} | sha256sum | awk '{print $1}')
-  SHA256_LOCAL=$(cat ${FILEPATH}/${FILE} | sha256sum | awk '{print $1}')
-  log INFO "${DB_NAME}_backup" "Calculated SHA256 hashes for the file $FILE in container $CONTAINER_NAME."
-  log INFO "${DB_NAME}_backup" "Local SHA256 hash is ${SHA256_LOCAL}."
-  log INFO "${DB_NAME}_backup" "Remote SHA256 hash is ${SHA256_REMOTE}."
-  if [[ "${SHA256_LOCAL}" == "${SHA256_REMOTE}" ]]; then
-      log INFO "${DB_NAME}_backup" "The local backup & remote backup SHA256 hash values are matching for file $FILE in container $CONTAINER_NAME."
+  MD5_REMOTE=$(openstack object show $CONTAINER_NAME $FILE -f json | jq -r ".etag")
+  MD5_LOCAL=$(cat ${FILEPATH}/${FILE} | md5sum | awk '{print $1}')
+  log INFO "${DB_NAME}_backup" "Obtained MD5 hash for the file $FILE in container $CONTAINER_NAME."
+  log INFO "${DB_NAME}_backup" "Local MD5 hash is ${MD5_LOCAL}."
+  log INFO "${DB_NAME}_backup" "Remote MD5 hash is ${MD5_REMOTE}."
+  if [[ "${MD5_LOCAL}" == "${MD5_REMOTE}" ]]; then
+      log INFO "${DB_NAME}_backup" "The local backup & remote backup MD5 hash values are matching for file $FILE in container $CONTAINER_NAME."
   else
-      log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup sha256 hash values"
-      return 1
+      log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values"
+      return 2
   fi
   rm -rf ${REMOTE_FILE}
 
diff --git a/charts/glance/requirements.lock b/charts/glance/requirements.lock
index 2b3071d..7829be4 100644
--- a/charts/glance/requirements.lock
+++ b/charts/glance/requirements.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: helm-toolkit
   repository: file://../../openstack-helm-infra/helm-toolkit
-  version: 0.2.51
-digest: sha256:9fe05ff9103d825422e13cdd8ce9852c3dacfadc12751b7883affdbe483b1b3b
-generated: "2023-01-30T23:10:00.834718332Z"
+  version: 0.2.53
+digest: sha256:f8f4fbba6f638b79447f7e458933b07deb792ae30a14df5900bde542cf0e64a6
+generated: "2023-05-16T04:42:18.575234198Z"
diff --git a/charts/glance/templates/bin/_storage-init.sh.tpl b/charts/glance/templates/bin/_storage-init.sh.tpl
index cf6fecb..0d291fd 100644
--- a/charts/glance/templates/bin/_storage-init.sh.tpl
+++ b/charts/glance/templates/bin/_storage-init.sh.tpl
@@ -49,7 +49,7 @@
     if [[ $(ceph mgr versions | awk '/version/{print $3}' | cut -d. -f1) -ge 12 ]]; then
         ceph osd pool application enable $1 $3
     fi
-    ceph osd pool set "$1" size "${RBD_POOL_REPLICATION}"
+    ceph osd pool set "$1" size "${RBD_POOL_REPLICATION}" --yes-i-really-mean-it
     ceph osd pool set "$1" crush_rule "${RBD_POOL_CRUSH_RULE}"
   }
   ensure_pool "${RBD_POOL_NAME}" "${RBD_POOL_CHUNK_SIZE}" "${RBD_POOL_APP_NAME}"
diff --git a/charts/glance/templates/configmap-etc.yaml b/charts/glance/templates/configmap-etc.yaml
index 0ee2606..277cea4 100644
--- a/charts/glance/templates/configmap-etc.yaml
+++ b/charts/glance/templates/configmap-etc.yaml
@@ -55,6 +55,10 @@
 {{- $_ := set .Values.conf.glance.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
 {{- end -}}
 
+{{- if not .Values.conf.paste }}
+{{- $_ := set $envAll.Values.conf.glance.paste_deploy "config_file" "/var/lib/openstack/etc/glance/glance-api-paste.ini" -}}
+{{- end }}
+
 {{- if empty .Values.conf.glance.database.connection -}}
 {{- $connection := tuple "oslo_db" "internal" "glance" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" -}}
 {{- if .Values.manifests.certificates -}}
@@ -142,7 +146,9 @@
   rally_tests.yaml: {{ toYaml .Values.conf.rally_tests.tests | b64enc }}
   glance-api.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.glance | b64enc }}
   logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
+  {{- if .Values.conf.paste }}
   glance-api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
+  {{- end }}
   policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
   api_audit_map.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.api_audit_map | b64enc }}
   glance_sudoers: {{ $envAll.Values.conf.glance_sudoers | b64enc }}
diff --git a/charts/glance/templates/deployment-api.yaml b/charts/glance/templates/deployment-api.yaml
index 9c26c74..dc641c5 100644
--- a/charts/glance/templates/deployment-api.yaml
+++ b/charts/glance/templates/deployment-api.yaml
@@ -210,10 +210,12 @@
               subPath: {{ base .Values.conf.glance.DEFAULT.log_config_append }}
               readOnly: true
             {{- end }}
+            {{- if .Values.conf.paste }}
             - name: glance-etc
               mountPath: /etc/glance/glance-api-paste.ini
               subPath: glance-api-paste.ini
               readOnly: true
+            {{- end }}
             - name: glance-etc
               mountPath: /etc/glance/policy.yaml
               subPath: policy.yaml
diff --git a/charts/glance/templates/job-bootstrap.yaml b/charts/glance/templates/job-bootstrap.yaml
index 56bebfc..c1af58d 100644
--- a/charts/glance/templates/job-bootstrap.yaml
+++ b/charts/glance/templates/job-bootstrap.yaml
@@ -39,5 +39,11 @@
 {{- if .Values.pod.tolerations.glance.enabled -}}
 {{- $_ := set $bootstrapJob "tolerationsEnabled" true -}}
 {{- end -}}
+# The configFile path shouble be /etc/glance/glance-api.conf
+# not default /etc/glance/glance.conf defined by helm-toolkit,
+# since secrets mounted in '/etc/glance' have glance-api.conf not glance.conf in it.
+# The wrong path '/etc/glance/glance.conf' would be dir in bootstarp container,
+# and lead to all config files in '/etc/glance' dir unreachable.
+{{- $_ := set $bootstrapJob "configFile" "/etc/glance/glance-api.conf" -}}
 {{ $bootstrapJob | include "helm-toolkit.manifests.job_bootstrap" }}
 {{- end }}
diff --git a/charts/glance/values.yaml b/charts/glance/values.yaml
index 69f703e..cea5248 100644
--- a/charts/glance/values.yaml
+++ b/charts/glance/values.yaml
@@ -129,66 +129,7 @@
   ceph_client:
     override:
     append:
-  paste:
-    pipeline:glance-api:
-      pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context rootapp
-    pipeline:glance-api-caching:
-      pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context cache rootapp
-    pipeline:glance-api-cachemanagement:
-      pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context cache cachemanage rootapp
-    pipeline:glance-api-keystone:
-      pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken audit context  rootapp
-    pipeline:glance-api-keystone+caching:
-      pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken audit context cache rootapp
-    pipeline:glance-api-keystone+cachemanagement:
-      pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken audit context cache cachemanage rootapp
-    pipeline:glance-api-trusted-auth:
-      pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler context rootapp
-    pipeline:glance-api-trusted-auth+cachemanagement:
-      pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler context cache cachemanage rootapp
-    composite:rootapp:
-      paste.composite_factory: glance.api:root_app_factory
-      /: apiversions
-      /v1: apiv1app
-      /v2: apiv2app
-    app:apiversions:
-      paste.app_factory: glance.api.versions:create_resource
-    app:apiv1app:
-      paste.app_factory: glance.api.v1.router:API.factory
-    app:apiv2app:
-      paste.app_factory: glance.api.v2.router:API.factory
-    filter:healthcheck:
-      paste.filter_factory: oslo_middleware:Healthcheck.factory
-      backends: disable_by_file
-      disable_by_file_path: /etc/glance/healthcheck_disable
-    filter:versionnegotiation:
-      paste.filter_factory: glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory
-    filter:cache:
-      paste.filter_factory: glance.api.middleware.cache:CacheFilter.factory
-    filter:cachemanage:
-      paste.filter_factory: glance.api.middleware.cache_manage:CacheManageFilter.factory
-    filter:context:
-      paste.filter_factory: glance.api.middleware.context:ContextMiddleware.factory
-    filter:unauthenticated-context:
-      paste.filter_factory: glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
-    filter:authtoken:
-      paste.filter_factory: keystonemiddleware.auth_token:filter_factory
-      delay_auth_decision: true
-    filter:audit:
-      paste.filter_factory: keystonemiddleware.audit:filter_factory
-      audit_map_file: /etc/glance/api_audit_map.conf
-    filter:gzip:
-      paste.filter_factory: glance.api.middleware.gzip:GzipMiddleware.factory
-    filter:osprofiler:
-      paste.filter_factory: osprofiler.web:WsgiMiddleware.factory
-      hmac_keys: SECRET_KEY  # DEPRECATED
-      enabled: yes  # DEPRECATED
-    filter:cors:
-      paste.filter_factory: oslo_middleware.cors:filter_factory
-      oslo_config_project: glance
-      oslo_config_program: glance-api
-    filter:http_proxy_to_wsgi:
-      paste.filter_factory: oslo_middleware:HTTPProxyToWSGI.factory
+  paste: {}
   policy: {}
   glance_sudoers: |
     # This sudoers file supports rootwrap for both Kolla and LOCI Images.
@@ -258,6 +199,7 @@
       auth_type: password
       auth_version: v3
       memcache_security_strategy: ENCRYPT
+      service_type: image
     glance_store:
       cinder_catalog_info: volumev3::internalURL
       rbd_store_chunk_size: 8
@@ -840,6 +782,9 @@
       - key: node-role.kubernetes.io/master
         operator: Exists
         effect: NoSchedule
+      - key: node-role.kubernetes.io/control-plane
+        operator: Exists
+        effect: NoSchedule
   useHostNetwork:
     api: false
   mounts:
diff --git a/charts/heat/Chart.yaml b/charts/heat/Chart.yaml
index bb2b5af..37ef8ff 100644
--- a/charts/heat/Chart.yaml
+++ b/charts/heat/Chart.yaml
@@ -9,4 +9,4 @@
 sources:
 - https://opendev.org/openstack/heat
 - https://opendev.org/openstack/openstack-helm
-version: 0.3.1
+version: 0.3.3
diff --git a/charts/heat/charts/helm-toolkit/Chart.yaml b/charts/heat/charts/helm-toolkit/Chart.yaml
index c1296b9..7d3703e 100644
--- a/charts/heat/charts/helm-toolkit/Chart.yaml
+++ b/charts/heat/charts/helm-toolkit/Chart.yaml
@@ -9,4 +9,4 @@
 sources:
 - https://opendev.org/openstack/openstack-helm-infra
 - https://opendev.org/openstack/openstack-helm
-version: 0.2.51
+version: 0.2.53
diff --git a/charts/heat/charts/helm-toolkit/templates/scripts/_db-init.py.tpl b/charts/heat/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
index 4294d40..6027b95 100644
--- a/charts/heat/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
+++ b/charts/heat/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
@@ -133,8 +133,10 @@
 # Create DB User
 try:
     root_engine.execute(
-        "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\' IDENTIFIED BY \'{2}\' {3}".format(
-            database, user, password, mysql_x509))
+        "CREATE USER IF NOT EXISTS \'{0}\'@\'%%\' IDENTIFIED BY \'{1}\' {2}".format(
+            user, password, mysql_x509))
+    root_engine.execute(
+        "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\'".format(database, user))
     logger.info("Created user {0} for {1}".format(user, database))
 except:
     logger.critical("Could not create user {0} for {1}".format(user, database))
diff --git a/charts/heat/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/heat/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
index 9597d34..3963bd4 100644
--- a/charts/heat/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
+++ b/charts/heat/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
@@ -214,7 +214,7 @@
   fi
 
   # load balance delay
-  DELAY=$((1 + ${RANDOM} % 300))
+  DELAY=$((1 + ${RANDOM} % 30))
   echo "Sleeping for ${DELAY} seconds to spread the load in time..."
   sleep ${DELAY}
 
@@ -231,31 +231,17 @@
     return 2
   fi
 
-  # load balance delay
-  DELAY=$((1 + ${RANDOM} % 300))
-  echo "Sleeping for ${DELAY} seconds to spread the load in time..."
-  sleep ${DELAY}
-
-  # Calculation remote file SHA256 hash
-  REMOTE_FILE=$(mktemp -p /tmp)
-  openstack object save --file ${REMOTE_FILE} $CONTAINER_NAME $FILE
-  if [[ $? -ne 0 ]]; then
-    log WARN "${DB_NAME}_backup" "Unable to save container object $FILE for SHA256 hash verification."
-    rm -rf ${REMOTE_FILE}
-    return 1
-  fi
-
   # Remote backup verification
-  SHA256_REMOTE=$(cat ${REMOTE_FILE} | sha256sum | awk '{print $1}')
-  SHA256_LOCAL=$(cat ${FILEPATH}/${FILE} | sha256sum | awk '{print $1}')
-  log INFO "${DB_NAME}_backup" "Calculated SHA256 hashes for the file $FILE in container $CONTAINER_NAME."
-  log INFO "${DB_NAME}_backup" "Local SHA256 hash is ${SHA256_LOCAL}."
-  log INFO "${DB_NAME}_backup" "Remote SHA256 hash is ${SHA256_REMOTE}."
-  if [[ "${SHA256_LOCAL}" == "${SHA256_REMOTE}" ]]; then
-      log INFO "${DB_NAME}_backup" "The local backup & remote backup SHA256 hash values are matching for file $FILE in container $CONTAINER_NAME."
+  MD5_REMOTE=$(openstack object show $CONTAINER_NAME $FILE -f json | jq -r ".etag")
+  MD5_LOCAL=$(cat ${FILEPATH}/${FILE} | md5sum | awk '{print $1}')
+  log INFO "${DB_NAME}_backup" "Obtained MD5 hash for the file $FILE in container $CONTAINER_NAME."
+  log INFO "${DB_NAME}_backup" "Local MD5 hash is ${MD5_LOCAL}."
+  log INFO "${DB_NAME}_backup" "Remote MD5 hash is ${MD5_REMOTE}."
+  if [[ "${MD5_LOCAL}" == "${MD5_REMOTE}" ]]; then
+      log INFO "${DB_NAME}_backup" "The local backup & remote backup MD5 hash values are matching for file $FILE in container $CONTAINER_NAME."
   else
-      log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup sha256 hash values"
-      return 1
+      log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values"
+      return 2
   fi
   rm -rf ${REMOTE_FILE}
 
diff --git a/charts/heat/requirements.lock b/charts/heat/requirements.lock
index a3625ba..cec557e 100644
--- a/charts/heat/requirements.lock
+++ b/charts/heat/requirements.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: helm-toolkit
   repository: file://../../openstack-helm-infra/helm-toolkit
-  version: 0.2.51
-digest: sha256:9fe05ff9103d825422e13cdd8ce9852c3dacfadc12751b7883affdbe483b1b3b
-generated: "2023-01-30T23:09:59.086381152Z"
+  version: 0.2.53
+digest: sha256:f8f4fbba6f638b79447f7e458933b07deb792ae30a14df5900bde542cf0e64a6
+generated: "2023-05-16T04:42:17.91826239Z"
diff --git a/charts/heat/templates/configmap-etc.yaml b/charts/heat/templates/configmap-etc.yaml
index b49edcd..b6630e4 100644
--- a/charts/heat/templates/configmap-etc.yaml
+++ b/charts/heat/templates/configmap-etc.yaml
@@ -135,6 +135,10 @@
 {{- $formatter_fluent := dict "class" "oslo_log.formatters.FluentFormatter" -}}
 {{- $_ := set .Values.conf.logging "formatter_fluent" $formatter_fluent -}}
 {{- end -}}
+
+{{- if not .Values.conf.paste }}
+{{- $_ := set $envAll.Values.conf.heat.paste_deploy "api_paste_config" "/var/lib/openstack/etc/heat/api-paste.ini" -}}
+{{- end }}
 ---
 apiVersion: v1
 kind: Secret
@@ -145,7 +149,9 @@
   rally_tests.yaml: {{ toYaml .Values.conf.rally_tests.tests | b64enc }}
   heat.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.heat | b64enc }}
   logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
+  {{- if .Values.conf.paste }}
   api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
+  {{- end }}
   policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
 {{- if .Values.manifests.certificates }}
 {{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.mpm_event "key" "mpm_event.conf" "format" "Secret" ) | indent 2 }}
diff --git a/charts/heat/templates/deployment-api.yaml b/charts/heat/templates/deployment-api.yaml
index 0bed310..09407c0 100644
--- a/charts/heat/templates/deployment-api.yaml
+++ b/charts/heat/templates/deployment-api.yaml
@@ -111,10 +111,12 @@
               subPath: {{ base .Values.conf.heat.DEFAULT.log_config_append }}
               readOnly: true
             {{ end }}
+            {{- if .Values.conf.paste }}
             - name: heat-etc
               mountPath: /etc/heat/api-paste.ini
               subPath: api-paste.ini
               readOnly: true
+            {{- end }}
             - name: heat-etc
               mountPath: /etc/heat/policy.yaml
               subPath: policy.yaml
diff --git a/charts/heat/templates/deployment-cfn.yaml b/charts/heat/templates/deployment-cfn.yaml
index 94ddd06..ae9917d 100644
--- a/charts/heat/templates/deployment-cfn.yaml
+++ b/charts/heat/templates/deployment-cfn.yaml
@@ -111,10 +111,12 @@
               subPath: {{ base .Values.conf.heat.DEFAULT.log_config_append }}
               readOnly: true
             {{ end }}
+            {{- if .Values.conf.paste }}
             - name: heat-etc
               mountPath: /etc/heat/api-paste.ini
               subPath: api-paste.ini
               readOnly: true
+            {{- end }}
             - name: heat-etc
               mountPath: /etc/heat/policy.yaml
               subPath: policy.yaml
diff --git a/charts/heat/templates/deployment-cloudwatch.yaml b/charts/heat/templates/deployment-cloudwatch.yaml
index f1f7353..2acff93 100644
--- a/charts/heat/templates/deployment-cloudwatch.yaml
+++ b/charts/heat/templates/deployment-cloudwatch.yaml
@@ -97,10 +97,12 @@
               subPath: {{ base .Values.conf.heat.DEFAULT.log_config_append }}
               readOnly: true
             {{ end }}
+            {{- if .Values.conf.paste }}
             - name: heat-etc
               mountPath: /etc/heat/api-paste.ini
               subPath: api-paste.ini
               readOnly: true
+            {{- end }}
             - name: heat-etc
               mountPath: /etc/heat/policy.yaml
               subPath: policy.yaml
diff --git a/charts/heat/values.yaml b/charts/heat/values.yaml
index 555af53..7cd5197 100644
--- a/charts/heat/values.yaml
+++ b/charts/heat/values.yaml
@@ -280,66 +280,7 @@
               type: OS::Heat::RandomString
               properties:
                 length: 40
-  paste:
-    pipeline:heat-api:
-      pipeline: cors request_id faultwrap http_proxy_to_wsgi versionnegotiation osprofiler authurl authtoken audit context apiv1app
-    pipeline:heat-api-standalone:
-      pipeline: cors request_id faultwrap http_proxy_to_wsgi versionnegotiation authurl authpassword context apiv1app
-    pipeline:heat-api-custombackend:
-      pipeline: cors request_id faultwrap versionnegotiation context custombackendauth apiv1app
-    pipeline:heat-api-cfn:
-      pipeline: cors http_proxy_to_wsgi cfnversionnegotiation osprofiler ec2authtoken authtoken audit context apicfnv1app
-    pipeline:heat-api-cfn-standalone:
-      pipeline: cors http_proxy_to_wsgi cfnversionnegotiation ec2authtoken context apicfnv1app
-    pipeline:heat-api-cloudwatch:
-      pipeline: cors versionnegotiation osprofiler ec2authtoken authtoken audit context apicwapp
-    pipeline:heat-api-cloudwatch-standalone:
-      pipeline: cors versionnegotiation ec2authtoken context apicwapp
-    app:apiv1app:
-      paste.app_factory: heat.common.wsgi:app_factory
-      heat.app_factory: heat.api.openstack.v1:API
-    app:apicfnv1app:
-      paste.app_factory: heat.common.wsgi:app_factory
-      heat.app_factory: heat.api.cfn.v1:API
-    app:apicwapp:
-      paste.app_factory: heat.common.wsgi:app_factory
-      heat.app_factory: heat.api.cloudwatch:API
-    filter:versionnegotiation:
-      paste.filter_factory: heat.common.wsgi:filter_factory
-      heat.filter_factory: heat.api.openstack:version_negotiation_filter
-    filter:cors:
-      paste.filter_factory: oslo_middleware.cors:filter_factory
-      oslo_config_project: heat
-    filter:faultwrap:
-      paste.filter_factory: heat.common.wsgi:filter_factory
-      heat.filter_factory: heat.api.openstack:faultwrap_filter
-    filter:cfnversionnegotiation:
-      paste.filter_factory: heat.common.wsgi:filter_factory
-      heat.filter_factory: heat.api.cfn:version_negotiation_filter
-    filter:cwversionnegotiation:
-      paste.filter_factory: heat.common.wsgi:filter_factory
-      heat.filter_factory: heat.api.cloudwatch:version_negotiation_filter
-    filter:context:
-      paste.filter_factory: heat.common.context:ContextMiddleware_filter_factory
-    filter:ec2authtoken:
-      paste.filter_factory: heat.api.aws.ec2token:EC2Token_filter_factory
-    filter:http_proxy_to_wsgi:
-      paste.filter_factory: oslo_middleware:HTTPProxyToWSGI.factory
-    filter:authurl:
-      paste.filter_factory: heat.common.auth_url:filter_factory
-    filter:authtoken:
-      paste.filter_factory: keystonemiddleware.auth_token:filter_factory
-    filter:authpassword:
-      paste.filter_factory: heat.common.auth_password:filter_factory
-    filter:custombackendauth:
-      paste.filter_factory: heat.common.custom_backend_auth:filter_factory
-    filter:audit:
-      paste.filter_factory: keystonemiddleware.audit:filter_factory
-      audit_map_file: /etc/heat/api_audit_map.conf
-    filter:request_id:
-      paste.filter_factory: oslo_middleware.request_id:RequestId.factory
-    filter:osprofiler:
-      paste.filter_factory: osprofiler.web:WsgiMiddleware.factory
+  paste: {}
   policy: {}
   heat:
     DEFAULT:
@@ -351,6 +292,7 @@
       auth_type: password
       auth_version: v3
       memcache_security_strategy: ENCRYPT
+      service_type: orchestration
     database:
       max_retries: -1
     trustee:
@@ -1025,6 +967,9 @@
       - key: node-role.kubernetes.io/master
         operator: Exists
         effect: NoSchedule
+      - key: node-role.kubernetes.io/control-plane
+        operator: Exists
+        effect: NoSchedule
   mounts:
     heat_api:
       init_container: null
diff --git a/charts/horizon/Chart.yaml b/charts/horizon/Chart.yaml
index b756e55..ff83e5a 100644
--- a/charts/horizon/Chart.yaml
+++ b/charts/horizon/Chart.yaml
@@ -9,4 +9,4 @@
 sources:
 - https://opendev.org/openstack/horizon
 - https://opendev.org/openstack/openstack-helm
-version: 0.3.5
+version: 0.3.8
diff --git a/charts/horizon/charts/helm-toolkit/Chart.yaml b/charts/horizon/charts/helm-toolkit/Chart.yaml
index 404f380..7d3703e 100644
--- a/charts/horizon/charts/helm-toolkit/Chart.yaml
+++ b/charts/horizon/charts/helm-toolkit/Chart.yaml
@@ -9,4 +9,4 @@
 sources:
 - https://opendev.org/openstack/openstack-helm-infra
 - https://opendev.org/openstack/openstack-helm
-version: 0.2.52
+version: 0.2.53
diff --git a/charts/horizon/charts/helm-toolkit/templates/scripts/_db-init.py.tpl b/charts/horizon/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
index 4294d40..6027b95 100644
--- a/charts/horizon/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
+++ b/charts/horizon/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
@@ -133,8 +133,10 @@
 # Create DB User
 try:
     root_engine.execute(
-        "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\' IDENTIFIED BY \'{2}\' {3}".format(
-            database, user, password, mysql_x509))
+        "CREATE USER IF NOT EXISTS \'{0}\'@\'%%\' IDENTIFIED BY \'{1}\' {2}".format(
+            user, password, mysql_x509))
+    root_engine.execute(
+        "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\'".format(database, user))
     logger.info("Created user {0} for {1}".format(user, database))
 except:
     logger.critical("Could not create user {0} for {1}".format(user, database))
diff --git a/charts/horizon/requirements.lock b/charts/horizon/requirements.lock
index 38083eb..8688d12 100644
--- a/charts/horizon/requirements.lock
+++ b/charts/horizon/requirements.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: helm-toolkit
   repository: file://../../openstack-helm-infra/helm-toolkit
-  version: 0.2.52
-digest: sha256:fa4cf6491d7d370591b9751dbc9e761b5ae4bd1fdfda954f0acc240b187e0551
-generated: "2023-03-21T03:57:16.948204255Z"
+  version: 0.2.53
+digest: sha256:f8f4fbba6f638b79447f7e458933b07deb792ae30a14df5900bde542cf0e64a6
+generated: "2023-05-16T04:42:20.129621934Z"
diff --git a/charts/horizon/templates/pod-helm-tests.yaml b/charts/horizon/templates/pod-helm-tests.yaml
index dbcb9a3..7d16303 100644
--- a/charts/horizon/templates/pod-helm-tests.yaml
+++ b/charts/horizon/templates/pod-helm-tests.yaml
@@ -36,7 +36,7 @@
   restartPolicy: Never
   serviceAccountName: {{ $serviceAccountName }}
 {{ if $envAll.Values.pod.tolerations.horizon.enabled }}
-{{ tuple $envAll "horizon" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{ tuple $envAll "horizon" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 2 }}
 {{ end }}
   nodeSelector:
     {{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }}
diff --git a/charts/keystone/charts/helm-toolkit/Chart.yaml b/charts/keystone/charts/helm-toolkit/Chart.yaml
index c1296b9..404f380 100644
--- a/charts/keystone/charts/helm-toolkit/Chart.yaml
+++ b/charts/keystone/charts/helm-toolkit/Chart.yaml
@@ -9,4 +9,4 @@
 sources:
 - https://opendev.org/openstack/openstack-helm-infra
 - https://opendev.org/openstack/openstack-helm
-version: 0.2.51
+version: 0.2.52
diff --git a/charts/keystone/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/keystone/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
index 9597d34..3963bd4 100644
--- a/charts/keystone/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
+++ b/charts/keystone/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
@@ -214,7 +214,7 @@
   fi
 
   # load balance delay
-  DELAY=$((1 + ${RANDOM} % 300))
+  DELAY=$((1 + ${RANDOM} % 30))
   echo "Sleeping for ${DELAY} seconds to spread the load in time..."
   sleep ${DELAY}
 
@@ -231,31 +231,17 @@
     return 2
   fi
 
-  # load balance delay
-  DELAY=$((1 + ${RANDOM} % 300))
-  echo "Sleeping for ${DELAY} seconds to spread the load in time..."
-  sleep ${DELAY}
-
-  # Calculation remote file SHA256 hash
-  REMOTE_FILE=$(mktemp -p /tmp)
-  openstack object save --file ${REMOTE_FILE} $CONTAINER_NAME $FILE
-  if [[ $? -ne 0 ]]; then
-    log WARN "${DB_NAME}_backup" "Unable to save container object $FILE for SHA256 hash verification."
-    rm -rf ${REMOTE_FILE}
-    return 1
-  fi
-
   # Remote backup verification
-  SHA256_REMOTE=$(cat ${REMOTE_FILE} | sha256sum | awk '{print $1}')
-  SHA256_LOCAL=$(cat ${FILEPATH}/${FILE} | sha256sum | awk '{print $1}')
-  log INFO "${DB_NAME}_backup" "Calculated SHA256 hashes for the file $FILE in container $CONTAINER_NAME."
-  log INFO "${DB_NAME}_backup" "Local SHA256 hash is ${SHA256_LOCAL}."
-  log INFO "${DB_NAME}_backup" "Remote SHA256 hash is ${SHA256_REMOTE}."
-  if [[ "${SHA256_LOCAL}" == "${SHA256_REMOTE}" ]]; then
-      log INFO "${DB_NAME}_backup" "The local backup & remote backup SHA256 hash values are matching for file $FILE in container $CONTAINER_NAME."
+  MD5_REMOTE=$(openstack object show $CONTAINER_NAME $FILE -f json | jq -r ".etag")
+  MD5_LOCAL=$(cat ${FILEPATH}/${FILE} | md5sum | awk '{print $1}')
+  log INFO "${DB_NAME}_backup" "Obtained MD5 hash for the file $FILE in container $CONTAINER_NAME."
+  log INFO "${DB_NAME}_backup" "Local MD5 hash is ${MD5_LOCAL}."
+  log INFO "${DB_NAME}_backup" "Remote MD5 hash is ${MD5_REMOTE}."
+  if [[ "${MD5_LOCAL}" == "${MD5_REMOTE}" ]]; then
+      log INFO "${DB_NAME}_backup" "The local backup & remote backup MD5 hash values are matching for file $FILE in container $CONTAINER_NAME."
   else
-      log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup sha256 hash values"
-      return 1
+      log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values"
+      return 2
   fi
   rm -rf ${REMOTE_FILE}
 
diff --git a/charts/keystone/requirements.lock b/charts/keystone/requirements.lock
index d765c01..db72e73 100644
--- a/charts/keystone/requirements.lock
+++ b/charts/keystone/requirements.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: helm-toolkit
   repository: file://../../openstack-helm-infra/helm-toolkit
-  version: 0.2.51
-digest: sha256:9fe05ff9103d825422e13cdd8ce9852c3dacfadc12751b7883affdbe483b1b3b
-generated: "2023-01-30T23:09:50.646508644Z"
+  version: 0.2.52
+digest: sha256:fa4cf6491d7d370591b9751dbc9e761b5ae4bd1fdfda954f0acc240b187e0551
+generated: "2023-03-20T23:05:53.167452331Z"
diff --git a/charts/magnum/Chart.yaml b/charts/magnum/Chart.yaml
index a834c53..7a7aa6a 100644
--- a/charts/magnum/Chart.yaml
+++ b/charts/magnum/Chart.yaml
@@ -9,4 +9,4 @@
 sources:
 - https://opendev.org/openstack/magnum
 - https://opendev.org/openstack/openstack-helm
-version: 0.2.8
+version: 0.2.9
diff --git a/charts/magnum/charts/helm-toolkit/Chart.yaml b/charts/magnum/charts/helm-toolkit/Chart.yaml
index c1296b9..7d3703e 100644
--- a/charts/magnum/charts/helm-toolkit/Chart.yaml
+++ b/charts/magnum/charts/helm-toolkit/Chart.yaml
@@ -9,4 +9,4 @@
 sources:
 - https://opendev.org/openstack/openstack-helm-infra
 - https://opendev.org/openstack/openstack-helm
-version: 0.2.51
+version: 0.2.53
diff --git a/charts/magnum/charts/helm-toolkit/templates/scripts/_db-init.py.tpl b/charts/magnum/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
index 4294d40..6027b95 100644
--- a/charts/magnum/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
+++ b/charts/magnum/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
@@ -133,8 +133,10 @@
 # Create DB User
 try:
     root_engine.execute(
-        "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\' IDENTIFIED BY \'{2}\' {3}".format(
-            database, user, password, mysql_x509))
+        "CREATE USER IF NOT EXISTS \'{0}\'@\'%%\' IDENTIFIED BY \'{1}\' {2}".format(
+            user, password, mysql_x509))
+    root_engine.execute(
+        "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\'".format(database, user))
     logger.info("Created user {0} for {1}".format(user, database))
 except:
     logger.critical("Could not create user {0} for {1}".format(user, database))
diff --git a/charts/magnum/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/magnum/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
index 9597d34..3963bd4 100644
--- a/charts/magnum/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
+++ b/charts/magnum/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
@@ -214,7 +214,7 @@
   fi
 
   # load balance delay
-  DELAY=$((1 + ${RANDOM} % 300))
+  DELAY=$((1 + ${RANDOM} % 30))
   echo "Sleeping for ${DELAY} seconds to spread the load in time..."
   sleep ${DELAY}
 
@@ -231,31 +231,17 @@
     return 2
   fi
 
-  # load balance delay
-  DELAY=$((1 + ${RANDOM} % 300))
-  echo "Sleeping for ${DELAY} seconds to spread the load in time..."
-  sleep ${DELAY}
-
-  # Calculation remote file SHA256 hash
-  REMOTE_FILE=$(mktemp -p /tmp)
-  openstack object save --file ${REMOTE_FILE} $CONTAINER_NAME $FILE
-  if [[ $? -ne 0 ]]; then
-    log WARN "${DB_NAME}_backup" "Unable to save container object $FILE for SHA256 hash verification."
-    rm -rf ${REMOTE_FILE}
-    return 1
-  fi
-
   # Remote backup verification
-  SHA256_REMOTE=$(cat ${REMOTE_FILE} | sha256sum | awk '{print $1}')
-  SHA256_LOCAL=$(cat ${FILEPATH}/${FILE} | sha256sum | awk '{print $1}')
-  log INFO "${DB_NAME}_backup" "Calculated SHA256 hashes for the file $FILE in container $CONTAINER_NAME."
-  log INFO "${DB_NAME}_backup" "Local SHA256 hash is ${SHA256_LOCAL}."
-  log INFO "${DB_NAME}_backup" "Remote SHA256 hash is ${SHA256_REMOTE}."
-  if [[ "${SHA256_LOCAL}" == "${SHA256_REMOTE}" ]]; then
-      log INFO "${DB_NAME}_backup" "The local backup & remote backup SHA256 hash values are matching for file $FILE in container $CONTAINER_NAME."
+  MD5_REMOTE=$(openstack object show $CONTAINER_NAME $FILE -f json | jq -r ".etag")
+  MD5_LOCAL=$(cat ${FILEPATH}/${FILE} | md5sum | awk '{print $1}')
+  log INFO "${DB_NAME}_backup" "Obtained MD5 hash for the file $FILE in container $CONTAINER_NAME."
+  log INFO "${DB_NAME}_backup" "Local MD5 hash is ${MD5_LOCAL}."
+  log INFO "${DB_NAME}_backup" "Remote MD5 hash is ${MD5_REMOTE}."
+  if [[ "${MD5_LOCAL}" == "${MD5_REMOTE}" ]]; then
+      log INFO "${DB_NAME}_backup" "The local backup & remote backup MD5 hash values are matching for file $FILE in container $CONTAINER_NAME."
   else
-      log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup sha256 hash values"
-      return 1
+      log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values"
+      return 2
   fi
   rm -rf ${REMOTE_FILE}
 
diff --git a/charts/magnum/requirements.lock b/charts/magnum/requirements.lock
index 3c9ff49..da7e6ff 100644
--- a/charts/magnum/requirements.lock
+++ b/charts/magnum/requirements.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: helm-toolkit
   repository: file://../../openstack-helm-infra/helm-toolkit
-  version: 0.2.51
-digest: sha256:9fe05ff9103d825422e13cdd8ce9852c3dacfadc12751b7883affdbe483b1b3b
-generated: "2023-01-30T23:10:01.686714935Z"
+  version: 0.2.53
+digest: sha256:f8f4fbba6f638b79447f7e458933b07deb792ae30a14df5900bde542cf0e64a6
+generated: "2023-05-16T04:42:24.881219179Z"
diff --git a/charts/magnum/templates/configmap-etc.yaml b/charts/magnum/templates/configmap-etc.yaml
index 466e2ae..bbd9753 100644
--- a/charts/magnum/templates/configmap-etc.yaml
+++ b/charts/magnum/templates/configmap-etc.yaml
@@ -71,6 +71,10 @@
 {{- $_ := set .Values.conf.magnum.trust "trustee_domain_admin_password" .Values.endpoints.identity.auth.magnum_stack_user.password -}}
 {{- end -}}
 
+{{- if not .Values.conf.paste }}
+{{- $_ := set $envAll.Values.conf.magnum.api "api_paste_config" "/var/lib/openstack/etc/magnum/api-paste.ini" -}}
+{{- end }}
+
 {{- if and (empty .Values.conf.logging.handler_fluent) (has "fluent" .Values.conf.logging.handlers.keys) -}}
 {{- $fluentd_host := tuple "fluentd" "internal" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }}
 {{- $fluentd_port := tuple "fluentd" "internal" "service" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
@@ -92,6 +96,8 @@
 data:
   magnum.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.magnum | b64enc }}
   logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
+  {{- if .Values.conf.paste }}
   api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
+  {{- end }}
   policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
 {{- end }}
diff --git a/charts/magnum/templates/deployment-api.yaml b/charts/magnum/templates/deployment-api.yaml
index fbb43d2..d7873eb 100644
--- a/charts/magnum/templates/deployment-api.yaml
+++ b/charts/magnum/templates/deployment-api.yaml
@@ -98,10 +98,12 @@
               subPath: {{ base .Values.conf.magnum.DEFAULT.log_config_append }}
               readOnly: true
             {{- end }}
+            {{- if .Values.conf.paste }}
             - name: magnum-etc
               mountPath: /etc/magnum/api-paste.ini
               subPath: api-paste.ini
               readOnly: true
+            {{- end }}
             - name: magnum-etc
               mountPath: /etc/magnum/policy.yaml
               subPath: policy.yaml
diff --git a/charts/magnum/values.yaml b/charts/magnum/values.yaml
index 4280f0b..7572095 100644
--- a/charts/magnum/values.yaml
+++ b/charts/magnum/values.yaml
@@ -51,23 +51,7 @@
       - image_repo_sync
 
 conf:
-  paste:
-    pipeline:main:
-      pipeline: cors healthcheck request_id authtoken api_v1
-    app:api_v1:
-      paste.app_factory: magnum.api.app:app_factory
-    filter:authtoken:
-      acl_public_routes: /, /v1
-      paste.filter_factory: magnum.api.middleware.auth_token:AuthTokenMiddleware.factory
-    filter:request_id:
-      paste.filter_factory: oslo_middleware:RequestId.factory
-    filter:cors:
-      paste.filter_factory: oslo_middleware.cors:filter_factory
-      oslo_config_project: magnum
-    filter:healthcheck:
-      paste.filter_factory: oslo_middleware:Healthcheck.factory
-      backends: disable_by_file
-      disable_by_file_path: /etc/magnum/healthcheck_disable
+  paste: {}
   policy: {}
   magnum:
     DEFAULT:
@@ -91,6 +75,7 @@
       auth_type: password
       auth_version: v3
       memcache_security_strategy: ENCRYPT
+      service_type: container-infra
     api:
       # NOTE(portdirect): the bind port should not be defined, and is manipulated
       # via the endpoints section.
diff --git a/charts/manila/Chart.yaml b/charts/manila/Chart.yaml
index 62d26ee..ddbd165 100644
--- a/charts/manila/Chart.yaml
+++ b/charts/manila/Chart.yaml
@@ -1,24 +1,12 @@
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
 apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Manila
-name: manila
-version: 0.1.0
 home: https://docs.openstack.org/manila/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Manila/OpenStack_Project_Manila_vertical.png
-sources:
-  - https://opendev.org/openstack/manila
-  - https://opendev.org/openstack/openstack-helm
 maintainers:
-  - name: OpenStack-Helm Authors
+- name: OpenStack-Helm Authors
+name: manila
+sources:
+- https://opendev.org/openstack/manila
+- https://opendev.org/openstack/openstack-helm
+version: 0.1.1
diff --git a/charts/manila/charts/helm-toolkit/Chart.yaml b/charts/manila/charts/helm-toolkit/Chart.yaml
index a8942ad..7d3703e 100644
--- a/charts/manila/charts/helm-toolkit/Chart.yaml
+++ b/charts/manila/charts/helm-toolkit/Chart.yaml
@@ -1,26 +1,12 @@
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
----
 apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Helm-Toolkit
-name: helm-toolkit
-version: 0.2.52
 home: https://docs.openstack.org/openstack-helm
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/OpenStack-Helm/OpenStack_Project_OpenStackHelm_vertical.png
-sources:
-  - https://opendev.org/openstack/openstack-helm-infra
-  - https://opendev.org/openstack/openstack-helm
 maintainers:
-  - name: OpenStack-Helm Authors
-...
+- name: OpenStack-Helm Authors
+name: helm-toolkit
+sources:
+- https://opendev.org/openstack/openstack-helm-infra
+- https://opendev.org/openstack/openstack-helm
+version: 0.2.53
diff --git a/charts/manila/charts/helm-toolkit/templates/scripts/_db-init.py.tpl b/charts/manila/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
index 4294d40..6027b95 100644
--- a/charts/manila/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
+++ b/charts/manila/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
@@ -133,8 +133,10 @@
 # Create DB User
 try:
     root_engine.execute(
-        "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\' IDENTIFIED BY \'{2}\' {3}".format(
-            database, user, password, mysql_x509))
+        "CREATE USER IF NOT EXISTS \'{0}\'@\'%%\' IDENTIFIED BY \'{1}\' {2}".format(
+            user, password, mysql_x509))
+    root_engine.execute(
+        "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\'".format(database, user))
     logger.info("Created user {0} for {1}".format(user, database))
 except:
     logger.critical("Could not create user {0} for {1}".format(user, database))
diff --git a/charts/manila/requirements.lock b/charts/manila/requirements.lock
new file mode 100644
index 0000000..4b6e389
--- /dev/null
+++ b/charts/manila/requirements.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: helm-toolkit
+  repository: file://../../openstack-helm-infra/helm-toolkit
+  version: 0.2.53
+digest: sha256:f8f4fbba6f638b79447f7e458933b07deb792ae30a14df5900bde542cf0e64a6
+generated: "2023-05-16T04:42:22.159999701Z"
diff --git a/charts/manila/templates/configmap-etc.yaml b/charts/manila/templates/configmap-etc.yaml
index e230aa4..15f7fde 100644
--- a/charts/manila/templates/configmap-etc.yaml
+++ b/charts/manila/templates/configmap-etc.yaml
@@ -59,6 +59,10 @@
 {{- $_ := set .Values.conf.manila.keystone_authtoken "memcache_secret_key" $memcache_secret_key -}}
 {{- end -}}
 
+{{- if not .Values.conf.paste }}
+{{- $_ := set $envAll.Values.conf.manila.DEFAULT "api_paste_config" "/var/lib/openstack/etc/manila/api-paste.ini" -}}
+{{- end }}
+
 {{- if empty .Values.conf.manila.database.connection -}}
 {{- $_ := tuple "oslo_db" "internal" "manila" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.manila.database "connection" -}}
 {{- end -}}
@@ -233,7 +237,9 @@
   {{ printf "%s.filters" $filePrefix }}: {{ $value.content | b64enc }}
 {{- end }}
   logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
+  {{- if .Values.conf.paste }}
   api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
+  {{- end }}
   policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
   manila_sudoers: {{ $envAll.Values.conf.manila_sudoers | b64enc }}
   rootwrap.conf: {{ $envAll.Values.conf.rootwrap | b64enc }}
diff --git a/charts/manila/templates/deployment-api.yaml b/charts/manila/templates/deployment-api.yaml
index 0e4505a..b2169f3 100644
--- a/charts/manila/templates/deployment-api.yaml
+++ b/charts/manila/templates/deployment-api.yaml
@@ -100,10 +100,12 @@
               subPath: {{ base .Values.conf.manila.DEFAULT.log_config_append }}
               readOnly: true
             {{- end }}
+            {{- if .Values.conf.paste }}
             - name: manila-etc
               mountPath: /etc/manila/api-paste.ini
               subPath: api-paste.ini
               readOnly: true
+            {{- end }}
             - name: manila-etc
               mountPath: /etc/manila/policy.yaml
               subPath: policy.yaml
diff --git a/charts/manila/values.yaml b/charts/manila/values.yaml
index c96726a..2132de2 100644
--- a/charts/manila/values.yaml
+++ b/charts/manila/values.yaml
@@ -44,18 +44,18 @@
 
 images:
   tags:
-    bootstrap: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
+    bootstrap: docker.io/openstackhelm/heat:xena-ubuntu_focal
     dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
-    db_init: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
-    manila_db_sync: docker.io/openstackhelm/manila:wallaby-ubuntu_focal
-    db_drop: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
-    ks_user: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
-    ks_service: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
-    ks_endpoints: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
-    manila_api: docker.io/openstackhelm/manila:wallaby-ubuntu_focal
-    manila_data: docker.io/openstackhelm/manila:wallaby-ubuntu_focal
-    manila_scheduler: docker.io/openstackhelm/manila:wallaby-ubuntu_focal
-    manila_share: docker.io/openstackhelm/manila:wallaby-ubuntu_focal
+    db_init: docker.io/openstackhelm/heat:xena-ubuntu_focal
+    manila_db_sync: docker.io/openstackhelm/manila:xena-ubuntu_focal
+    db_drop: docker.io/openstackhelm/heat:xena-ubuntu_focal
+    ks_user: docker.io/openstackhelm/heat:xena-ubuntu_focal
+    ks_service: docker.io/openstackhelm/heat:xena-ubuntu_focal
+    ks_endpoints: docker.io/openstackhelm/heat:xena-ubuntu_focal
+    manila_api: docker.io/openstackhelm/manila:xena-ubuntu_focal
+    manila_data: docker.io/openstackhelm/manila:xena-ubuntu_focal
+    manila_scheduler: docker.io/openstackhelm/manila:xena-ubuntu_focal
+    manila_share: docker.io/openstackhelm/manila:xena-ubuntu_focal
     rabbit_init: docker.io/rabbitmq:3.7-management
     image_repo_sync: docker.io/docker:17.07.0
   pull_policy: "IfNotPresent"
@@ -405,55 +405,7 @@
           service: oslo_messaging
 
 conf:
-  paste:
-    composite:osapi_share:
-      use: call:manila.api:root_app_factory
-      /: apiversions
-      /healthcheck: healthcheck
-      /v1: openstack_share_api
-      /v2: openstack_share_api_v2
-    composite:openstack_share_api:
-      use: call:manila.api.middleware.auth:pipeline_factory
-      noauth: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler noauth api
-      keystone: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler authtoken keystonecontext api
-      keystone_nolimit: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler authtoken keystonecontext api
-    composite:openstack_share_api_v2:
-      use: call:manila.api.middleware.auth:pipeline_factory
-      noauth: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler noauth apiv2
-      noauthv2: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler noauthv2 apiv2
-      keystone: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler authtoken keystonecontext apiv2
-      keystone_nolimit: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler authtoken keystonecontext apiv2
-    filter:faultwrap:
-      paste.filter_factory: manila.api.middleware.fault:FaultWrapper.factory
-    filter:noauth:
-      paste.filter_factory: manila.api.middleware.auth:NoAuthMiddleware.factory
-    filter:noauthv2:
-      paste.filter_factory: manila.api.middleware.auth:NoAuthMiddlewarev2_60.factory
-    filter:sizelimit:
-      paste.filter_factory: oslo_middleware.sizelimit:RequestBodySizeLimiter.factory
-    filter:osprofiler:
-      paste.filter_factory: osprofiler.web:WsgiMiddleware.factory
-    filter:http_proxy_to_wsgi:
-      paste.filter_factory: oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory
-    app:api:
-      paste.app_factory: manila.api.v1.router:APIRouter.factory
-    app:apiv2:
-      paste.app_factory: manila.api.v2.router:APIRouter.factory
-    pipeline:apiversions:
-      pipeline: cors faultwrap http_proxy_to_wsgi osshareversionapp
-    app:osshareversionapp:
-      paste.app_factory: manila.api.versions:VersionsRouter.factory
-    filter:keystonecontext:
-      paste.filter_factory: manila.api.middleware.auth:ManilaKeystoneContext.factory
-    filter:authtoken:
-      paste.filter_factory: keystonemiddleware.auth_token:filter_factory
-    filter:cors:
-      paste.filter_factory: oslo_middleware.cors:filter_factory
-      oslo_config_project: manila
-    app:healthcheck:
-      paste.app_factory: oslo_middleware:Healthcheck.app_factory
-      backends: disable_by_file
-      disable_by_file_path: /etc/manila/healthcheck_disable
+  paste: {}
   policy: {}
   manila_sudoers: |
     # This sudoers file supports rootwrap for both Kolla and LOCI Images.
@@ -702,6 +654,7 @@
       auth_version: v3
       memcache_security_strategy: ENCRYPT
       endpoint_type: internalURL
+      service_type: sharev2
     neutron:
       auth_type: password
       auth_version: v3
diff --git a/charts/manila/values_overrides/apparmor.yaml b/charts/manila/values_overrides/apparmor.yaml
deleted file mode 100644
index c8288fe..0000000
--- a/charts/manila/values_overrides/apparmor.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-pod:
-  mandatory_access_control:
-    type: apparmor
-    manila-api:
-      manila-api: runtime/default
-      init: runtime/default
-    manila-test:
-      init: runtime/default
-      manila-test: runtime/default
-...
diff --git a/charts/manila/values_overrides/tls-offloading.yaml b/charts/manila/values_overrides/tls-offloading.yaml
deleted file mode 100644
index 8ea0f6a..0000000
--- a/charts/manila/values_overrides/tls-offloading.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-endpoints:
-  identity:
-    auth:
-      admin:
-        cacert: /etc/ssl/certs/openstack-helm.crt
-      manila:
-        cacert: /etc/ssl/certs/openstack-helm.crt
-
-tls:
-  identity: true
-...
diff --git a/charts/manila/values_overrides/tls.yaml b/charts/manila/values_overrides/tls.yaml
deleted file mode 100644
index 99667ca..0000000
--- a/charts/manila/values_overrides/tls.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
----
-manifests:
-  certificates: true
-...
diff --git a/charts/memcached/charts/helm-toolkit/Chart.yaml b/charts/memcached/charts/helm-toolkit/Chart.yaml
index c1296b9..404f380 100644
--- a/charts/memcached/charts/helm-toolkit/Chart.yaml
+++ b/charts/memcached/charts/helm-toolkit/Chart.yaml
@@ -9,4 +9,4 @@
 sources:
 - https://opendev.org/openstack/openstack-helm-infra
 - https://opendev.org/openstack/openstack-helm
-version: 0.2.51
+version: 0.2.52
diff --git a/charts/memcached/charts/helm-toolkit/requirements.lock b/charts/memcached/charts/helm-toolkit/requirements.lock
index aa6325b..f58d8e0 100644
--- a/charts/memcached/charts/helm-toolkit/requirements.lock
+++ b/charts/memcached/charts/helm-toolkit/requirements.lock
@@ -1,3 +1,3 @@
 dependencies: []
 digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726
-generated: "2023-01-31T00:32:58.374919745Z"
+generated: "2023-03-17T21:00:03.500496699Z"
diff --git a/charts/memcached/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/memcached/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
index 9597d34..3963bd4 100644
--- a/charts/memcached/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
+++ b/charts/memcached/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
@@ -214,7 +214,7 @@
   fi
 
   # load balance delay
-  DELAY=$((1 + ${RANDOM} % 300))
+  DELAY=$((1 + ${RANDOM} % 30))
   echo "Sleeping for ${DELAY} seconds to spread the load in time..."
   sleep ${DELAY}
 
@@ -231,31 +231,17 @@
     return 2
   fi
 
-  # load balance delay
-  DELAY=$((1 + ${RANDOM} % 300))
-  echo "Sleeping for ${DELAY} seconds to spread the load in time..."
-  sleep ${DELAY}
-
-  # Calculation remote file SHA256 hash
-  REMOTE_FILE=$(mktemp -p /tmp)
-  openstack object save --file ${REMOTE_FILE} $CONTAINER_NAME $FILE
-  if [[ $? -ne 0 ]]; then
-    log WARN "${DB_NAME}_backup" "Unable to save container object $FILE for SHA256 hash verification."
-    rm -rf ${REMOTE_FILE}
-    return 1
-  fi
-
   # Remote backup verification
-  SHA256_REMOTE=$(cat ${REMOTE_FILE} | sha256sum | awk '{print $1}')
-  SHA256_LOCAL=$(cat ${FILEPATH}/${FILE} | sha256sum | awk '{print $1}')
-  log INFO "${DB_NAME}_backup" "Calculated SHA256 hashes for the file $FILE in container $CONTAINER_NAME."
-  log INFO "${DB_NAME}_backup" "Local SHA256 hash is ${SHA256_LOCAL}."
-  log INFO "${DB_NAME}_backup" "Remote SHA256 hash is ${SHA256_REMOTE}."
-  if [[ "${SHA256_LOCAL}" == "${SHA256_REMOTE}" ]]; then
-      log INFO "${DB_NAME}_backup" "The local backup & remote backup SHA256 hash values are matching for file $FILE in container $CONTAINER_NAME."
+  MD5_REMOTE=$(openstack object show $CONTAINER_NAME $FILE -f json | jq -r ".etag")
+  MD5_LOCAL=$(cat ${FILEPATH}/${FILE} | md5sum | awk '{print $1}')
+  log INFO "${DB_NAME}_backup" "Obtained MD5 hash for the file $FILE in container $CONTAINER_NAME."
+  log INFO "${DB_NAME}_backup" "Local MD5 hash is ${MD5_LOCAL}."
+  log INFO "${DB_NAME}_backup" "Remote MD5 hash is ${MD5_REMOTE}."
+  if [[ "${MD5_LOCAL}" == "${MD5_REMOTE}" ]]; then
+      log INFO "${DB_NAME}_backup" "The local backup & remote backup MD5 hash values are matching for file $FILE in container $CONTAINER_NAME."
   else
-      log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup sha256 hash values"
-      return 1
+      log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values"
+      return 2
   fi
   rm -rf ${REMOTE_FILE}
 
diff --git a/charts/memcached/requirements.lock b/charts/memcached/requirements.lock
index 88a77c0..a348b9e 100644
--- a/charts/memcached/requirements.lock
+++ b/charts/memcached/requirements.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: helm-toolkit
   repository: file://../helm-toolkit
-  version: 0.2.51
-digest: sha256:212d8fd57a982831cd076d64cb0e54974bd77971209f3acb266bc0a53fa83731
-generated: "2023-01-31T00:33:11.072316895Z"
+  version: 0.2.52
+digest: sha256:d7c1d04fc7525277f29dac7fc7d2996c60cb3e708f487cd2bf88a0236454f7e3
+generated: "2023-03-17T21:00:20.838477353Z"
diff --git a/charts/neutron/Chart.yaml b/charts/neutron/Chart.yaml
index 4270928..52b6060 100644
--- a/charts/neutron/Chart.yaml
+++ b/charts/neutron/Chart.yaml
@@ -9,4 +9,4 @@
 sources:
 - https://opendev.org/openstack/neutron
 - https://opendev.org/openstack/openstack-helm
-version: 0.3.2
+version: 0.3.8
diff --git a/charts/neutron/charts/helm-toolkit/Chart.yaml b/charts/neutron/charts/helm-toolkit/Chart.yaml
index c1296b9..7d3703e 100644
--- a/charts/neutron/charts/helm-toolkit/Chart.yaml
+++ b/charts/neutron/charts/helm-toolkit/Chart.yaml
@@ -9,4 +9,4 @@
 sources:
 - https://opendev.org/openstack/openstack-helm-infra
 - https://opendev.org/openstack/openstack-helm
-version: 0.2.51
+version: 0.2.53
diff --git a/charts/neutron/charts/helm-toolkit/templates/scripts/_db-init.py.tpl b/charts/neutron/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
index 4294d40..6027b95 100644
--- a/charts/neutron/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
+++ b/charts/neutron/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
@@ -133,8 +133,10 @@
 # Create DB User
 try:
     root_engine.execute(
-        "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\' IDENTIFIED BY \'{2}\' {3}".format(
-            database, user, password, mysql_x509))
+        "CREATE USER IF NOT EXISTS \'{0}\'@\'%%\' IDENTIFIED BY \'{1}\' {2}".format(
+            user, password, mysql_x509))
+    root_engine.execute(
+        "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\'".format(database, user))
     logger.info("Created user {0} for {1}".format(user, database))
 except:
     logger.critical("Could not create user {0} for {1}".format(user, database))
diff --git a/charts/neutron/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/neutron/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
index 9597d34..3963bd4 100644
--- a/charts/neutron/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
+++ b/charts/neutron/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
@@ -214,7 +214,7 @@
   fi
 
   # load balance delay
-  DELAY=$((1 + ${RANDOM} % 300))
+  DELAY=$((1 + ${RANDOM} % 30))
   echo "Sleeping for ${DELAY} seconds to spread the load in time..."
   sleep ${DELAY}
 
@@ -231,31 +231,17 @@
     return 2
   fi
 
-  # load balance delay
-  DELAY=$((1 + ${RANDOM} % 300))
-  echo "Sleeping for ${DELAY} seconds to spread the load in time..."
-  sleep ${DELAY}
-
-  # Calculation remote file SHA256 hash
-  REMOTE_FILE=$(mktemp -p /tmp)
-  openstack object save --file ${REMOTE_FILE} $CONTAINER_NAME $FILE
-  if [[ $? -ne 0 ]]; then
-    log WARN "${DB_NAME}_backup" "Unable to save container object $FILE for SHA256 hash verification."
-    rm -rf ${REMOTE_FILE}
-    return 1
-  fi
-
   # Remote backup verification
-  SHA256_REMOTE=$(cat ${REMOTE_FILE} | sha256sum | awk '{print $1}')
-  SHA256_LOCAL=$(cat ${FILEPATH}/${FILE} | sha256sum | awk '{print $1}')
-  log INFO "${DB_NAME}_backup" "Calculated SHA256 hashes for the file $FILE in container $CONTAINER_NAME."
-  log INFO "${DB_NAME}_backup" "Local SHA256 hash is ${SHA256_LOCAL}."
-  log INFO "${DB_NAME}_backup" "Remote SHA256 hash is ${SHA256_REMOTE}."
-  if [[ "${SHA256_LOCAL}" == "${SHA256_REMOTE}" ]]; then
-      log INFO "${DB_NAME}_backup" "The local backup & remote backup SHA256 hash values are matching for file $FILE in container $CONTAINER_NAME."
+  MD5_REMOTE=$(openstack object show $CONTAINER_NAME $FILE -f json | jq -r ".etag")
+  MD5_LOCAL=$(cat ${FILEPATH}/${FILE} | md5sum | awk '{print $1}')
+  log INFO "${DB_NAME}_backup" "Obtained MD5 hash for the file $FILE in container $CONTAINER_NAME."
+  log INFO "${DB_NAME}_backup" "Local MD5 hash is ${MD5_LOCAL}."
+  log INFO "${DB_NAME}_backup" "Remote MD5 hash is ${MD5_REMOTE}."
+  if [[ "${MD5_LOCAL}" == "${MD5_REMOTE}" ]]; then
+      log INFO "${DB_NAME}_backup" "The local backup & remote backup MD5 hash values are matching for file $FILE in container $CONTAINER_NAME."
   else
-      log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup sha256 hash values"
-      return 1
+      log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values"
+      return 2
   fi
   rm -rf ${REMOTE_FILE}
 
diff --git a/charts/neutron/requirements.lock b/charts/neutron/requirements.lock
index ba587c5..39a58b5 100644
--- a/charts/neutron/requirements.lock
+++ b/charts/neutron/requirements.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: helm-toolkit
   repository: file://../../openstack-helm-infra/helm-toolkit
-  version: 0.2.51
-digest: sha256:9fe05ff9103d825422e13cdd8ce9852c3dacfadc12751b7883affdbe483b1b3b
-generated: "2023-01-30T23:09:52.301841195Z"
+  version: 0.2.53
+digest: sha256:f8f4fbba6f638b79447f7e458933b07deb792ae30a14df5900bde542cf0e64a6
+generated: "2023-05-16T04:42:11.158271588Z"
diff --git a/charts/neutron/templates/bin/_health-probe.py.tpl b/charts/neutron/templates/bin/_health-probe.py.tpl
index 1ba4107..266c3d8 100644
--- a/charts/neutron/templates/bin/_health-probe.py.tpl
+++ b/charts/neutron/templates/bin/_health-probe.py.tpl
@@ -212,8 +212,9 @@
                                           required=False))
     cfg.CONF(sys.argv[1:])
 
-    agentq = "metadata_agent"
-    tcp_socket_state_check(agentq)
+    if "ovn_metadata_agent.ini" not in ','.join(sys.argv):
+        agentq = "metadata_agent"
+        tcp_socket_state_check(agentq)
 
     try:
         metadata_proxy_socket = cfg.CONF.metadata_proxy_socket
diff --git a/charts/neutron/templates/bin/_neutron-ovn-metadata-agent-init.sh.tpl b/charts/neutron/templates/bin/_neutron-ovn-metadata-agent-init.sh.tpl
new file mode 100644
index 0000000..5b6ce43
--- /dev/null
+++ b/charts/neutron/templates/bin/_neutron-ovn-metadata-agent-init.sh.tpl
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -ex
+
+chown ${NEUTRON_USER_UID} /var/lib/neutron/openstack-helm
+
+{{- if and ( empty .Values.conf.neutron.DEFAULT.host ) ( .Values.pod.use_fqdn.neutron_agent ) }}
+mkdir -p /tmp/pod-shared
+tee > /tmp/pod-shared/neutron-agent.ini << EOF
+[DEFAULT]
+host = $(hostname --fqdn)
+EOF
+{{- end }}
diff --git a/charts/neutron/templates/bin/_neutron-ovn-metadata-agent.sh.tpl b/charts/neutron/templates/bin/_neutron-ovn-metadata-agent.sh.tpl
new file mode 100644
index 0000000..b559b07
--- /dev/null
+++ b/charts/neutron/templates/bin/_neutron-ovn-metadata-agent.sh.tpl
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -x
+
+cp /etc/neutron/ovn_metadata_agent.ini /tmp/ovn_metadata_agent.ini
+
+# This is because neutron doesn't support DNS names for ovsdb-nb-connection and ovsdb-sb-connection!
+sed -i -e "s|__OVN_NB_DB_SERVICE_HOST__|$OVN_NB_DB_SERVICE_HOST|g" /tmp/ovn_metadata_agent.ini
+sed -i -e "s|__OVN_NB_DB_SERVICE_PORT__|$OVN_NB_DB_SERVICE_PORT|g" /tmp/ovn_metadata_agent.ini
+sed -i -e "s|__OVN_SB_DB_SERVICE_HOST__|$OVN_SB_DB_SERVICE_HOST|g" /tmp/ovn_metadata_agent.ini
+sed -i -e "s|__OVN_SB_DB_SERVICE_PORT__|$OVN_SB_DB_SERVICE_PORT|g" /tmp/ovn_metadata_agent.ini
+sed -i -e "s|__NOVA_METADATA_SERVICE_HOST__|$NOVA_METADATA_SERVICE_HOST|g" /tmp/ovn_metadata_agent.ini
+
+exec neutron-ovn-metadata-agent \
+      --config-file /etc/neutron/neutron.conf \
+{{- if and ( empty .Values.conf.neutron.DEFAULT.host ) ( .Values.pod.use_fqdn.neutron_agent ) }}
+  --config-file /tmp/pod-shared/neutron-agent.ini \
+{{- end }}
+      --config-file /tmp/ovn_metadata_agent.ini
+
diff --git a/charts/neutron/templates/bin/_neutron-server-ovn-init.sh.tpl b/charts/neutron/templates/bin/_neutron-server-ovn-init.sh.tpl
new file mode 100644
index 0000000..8661754
--- /dev/null
+++ b/charts/neutron/templates/bin/_neutron-server-ovn-init.sh.tpl
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -ex
+
+mkdir -p /tmp/pod-shared
+cp /etc/neutron/plugins/ml2/ml2_conf.ini /tmp/pod-shared/ml2_conf.ini
+
+# This is because neutron doesn't support DNS names for ovsdb-nb-connection and ovsdb-sb-connection!
+sed -i -e "s|__OVN_NB_DB_SERVICE_HOST__|$OVN_NB_DB_SERVICE_HOST|g" /tmp/pod-shared/ml2_conf.ini
+sed -i -e "s|__OVN_NB_DB_SERVICE_PORT__|$OVN_NB_DB_SERVICE_PORT|g" /tmp/pod-shared/ml2_conf.ini
+sed -i -e "s|__OVN_SB_DB_SERVICE_HOST__|$OVN_SB_DB_SERVICE_HOST|g" /tmp/pod-shared/ml2_conf.ini
+sed -i -e "s|__OVN_SB_DB_SERVICE_PORT__|$OVN_SB_DB_SERVICE_PORT|g" /tmp/pod-shared/ml2_conf.ini
diff --git a/charts/neutron/templates/bin/_neutron-server.sh.tpl b/charts/neutron/templates/bin/_neutron-server.sh.tpl
index 83ca918..9cffb7b 100644
--- a/charts/neutron/templates/bin/_neutron-server.sh.tpl
+++ b/charts/neutron/templates/bin/_neutron-server.sh.tpl
@@ -22,6 +22,8 @@
         --config-file /etc/neutron/neutron.conf \
 {{- if ( has "tungstenfabric" .Values.network.backend ) }}
         --config-file /etc/neutron/plugins/tungstenfabric/tf_plugin.ini
+{{- else if ( has "ovn" .Values.network.backend ) }}
+        --config-file /tmp/pod-shared/ml2_conf.ini
 {{- else }}
         --config-file /etc/neutron/plugins/ml2/ml2_conf.ini
 {{- end }}
diff --git a/charts/neutron/templates/configmap-bin.yaml b/charts/neutron/templates/configmap-bin.yaml
index 2a6b9cf..a701c52 100644
--- a/charts/neutron/templates/configmap-bin.yaml
+++ b/charts/neutron/templates/configmap-bin.yaml
@@ -59,10 +59,6 @@
 {{ tuple "bin/_neutron-linuxbridge-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
   neutron-linuxbridge-agent-init-modules.sh: |
 {{ tuple "bin/_neutron-linuxbridge-agent-init-modules.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
-  neutron-metadata-agent.sh: |
-{{ tuple "bin/_neutron-metadata-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
-  neutron-metadata-agent-init.sh: |
-{{ tuple "bin/_neutron-metadata-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
   neutron-openvswitch-agent.sh: |
 {{ tuple "bin/_neutron-openvswitch-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
   neutron-openvswitch-agent-init.sh: |
@@ -95,6 +91,21 @@
 {{- include "helm-toolkit.scripts.rabbit_init" . | indent 4 }}
   neutron-test-force-cleanup.sh: |
 {{ tuple "bin/_neutron-test-force-cleanup.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+
+{{- if ( has "ovn" .Values.network.backend ) }}
+  neutron-ovn-metadata-agent.sh: |
+{{ tuple "bin/_neutron-ovn-metadata-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+  neutron-ovn-metadata-agent-init.sh: |
+{{ tuple "bin/_neutron-ovn-metadata-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+  neutron-server-ovn-init.sh: |
+{{ tuple "bin/_neutron-server-ovn-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+{{- else }}
+  neutron-metadata-agent.sh: |
+{{ tuple "bin/_neutron-metadata-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+  neutron-metadata-agent-init.sh: |
+{{ tuple "bin/_neutron-metadata-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+{{- end }}
+
 {{- if ( has "tungstenfabric" .Values.network.backend ) }}
   tf-plugin.pth: |
     /opt/plugin/site-packages
diff --git a/charts/neutron/templates/configmap-etc.yaml b/charts/neutron/templates/configmap-etc.yaml
index 9266081..45176b9 100644
--- a/charts/neutron/templates/configmap-etc.yaml
+++ b/charts/neutron/templates/configmap-etc.yaml
@@ -66,6 +66,10 @@
 {{- end -}}
 {{- end }}
 
+{{- if not .Values.conf.paste }}
+{{- $_ := set $envAll.Values.conf.neutron.DEFAULT "api_paste_config" "/var/lib/openstack/etc/neutron/api-paste.ini" -}}
+{{- end }}
+
 {{- if empty $envAll.Values.conf.neutron.DEFAULT.transport_url -}}
 {{- $_ := tuple "oslo_messaging" "internal" "neutron" "amqp" . | include "helm-toolkit.endpoints.authenticated_transport_endpoint_uri_lookup" | set $envAll.Values.conf.neutron.DEFAULT "transport_url" -}}
 {{- end }}
@@ -279,14 +283,15 @@
 type: Opaque
 data:
   rally_tests.yaml: {{ toYaml $envAll.Values.conf.rally_tests.tests | b64enc }}
+  {{- if .Values.conf.paste }}
   api-paste.ini: {{ include "helm-toolkit.utils.to_ini" $envAll.Values.conf.paste | b64enc }}
+  {{- end }}
   policy.yaml: {{ toYaml $envAll.Values.conf.policy | b64enc }}
   neutron.conf: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.neutron | b64enc }}
   logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
   api_audit_map.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.api_audit_map | b64enc }}
   dhcp_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.dhcp_agent | b64enc }}
   l3_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.l3_agent | b64enc }}
-  metadata_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.metadata_agent | b64enc }}
   metering_agent.ini: {{ default "\"\"" (include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.metering_agent | b64enc) }}
   taas_plugin.ini: {{ default "\"\"" (include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.taas_plugin | b64enc) }}
   ml2_conf.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.ml2_conf | b64enc }}
@@ -307,6 +312,12 @@
   auto_bridge_add: {{ toJson $envAll.Values.conf.auto_bridge_add | b64enc }}
   dpdk.conf: {{ toJson $envAll.Values.conf.ovs_dpdk | b64enc }}
   update_dpdk_bond_config: {{ $envAll.Values.conf.ovs_dpdk.update_dpdk_bond_config | toString | b64enc }}
+{{- if ( has "ovn" .Values.network.backend ) }}
+  ovn_metadata_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.ovn_metadata_agent | b64enc }}
+{{- else }}
+  metadata_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.metadata_agent | b64enc }}
+{{- end }}
+
 {{-  if .Values.manifests.certificates }}
 {{- include "helm-toolkit.snippets.values_template_renderer" ( dict "envAll" $envAll "template" .Values.conf.nginx "key" "nginx.conf" "format" "Secret" ) | indent 2 }}
 {{- end }}
diff --git a/charts/neutron/templates/daemonset-ovn-metadata-agent.yaml b/charts/neutron/templates/daemonset-ovn-metadata-agent.yaml
new file mode 100644
index 0000000..511eb26
--- /dev/null
+++ b/charts/neutron/templates/daemonset-ovn-metadata-agent.yaml
@@ -0,0 +1,243 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- define "ovnMetadataAgentReadinessProbeTemplate" }}
+exec:
+  command:
+    - python
+    - /tmp/health-probe.py
+    - --config-file
+    - /etc/neutron/neutron.conf
+    - --config-file
+    - /etc/neutron/ovn_metadata_agent.ini
+{{- if .Values.pod.use_fqdn.neutron_agent }}
+    - --use-fqdn
+{{- end }}
+{{- end }}
+{{- define "ovnMetadataAgentLivenessProbeTemplate" }}
+exec:
+  command:
+    - python
+    - /tmp/health-probe.py
+    - --config-file
+    - /etc/neutron/neutron.conf
+    - --config-file
+    - /etc/neutron/ovn_metadata_agent.ini
+    - --liveness-probe
+{{- if .Values.pod.use_fqdn.neutron_agent }}
+    - --use-fqdn
+{{- end }}
+{{- end }}
+
+{{- define "neutron.ovn_metadata_agent.daemonset" }}
+{{- $daemonset := index . 0 }}
+{{- $configMapName := index . 1 }}
+{{- $serviceAccountName := index . 2 }}
+{{- $envAll := index . 3 }}
+{{- with $envAll }}
+
+{{- $mounts_neutron_ovn_metadata_agent := .Values.pod.mounts.neutron_ovn_metadata_agent.neutron_ovn_metadata_agent }}
+{{- $mounts_neutron_ovn_metadata_agent_init := .Values.pod.mounts.neutron_ovn_metadata_agent.init_container }}
+
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: neutron-ovn-metadata-agent
+  annotations:
+    {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
+  labels:
+{{ tuple $envAll "neutron" "ovn-metadata-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
+spec:
+  selector:
+    matchLabels:
+{{ tuple $envAll "neutron" "ovn-metadata-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
+{{ tuple $envAll "ovn_metadata_agent" | include "helm-toolkit.snippets.kubernetes_upgrades_daemonset" | indent 2 }}
+  template:
+    metadata:
+      labels:
+{{ tuple $envAll "neutron" "ovn-metadata-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+      annotations:
+{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
+        configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
+        configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+{{ dict "envAll" $envAll "podName" "neutron-ovn-metadata-agent-default" "containerNames" (list "neutron-ovn-metadata-agent" "neutron-ovn-metadata-agent-init" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+    spec:
+{{ dict "envAll" $envAll "application" "neutron_ovn_metadata_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+      serviceAccountName: {{ $serviceAccountName }}
+{{ if $envAll.Values.pod.tolerations.neutron.enabled }}
+{{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{ end }}
+      nodeSelector:
+        {{ .Values.labels.agent.ovn_metadata.node_selector_key }}: {{ .Values.labels.agent.ovn_metadata.node_selector_value }}
+      dnsPolicy: ClusterFirstWithHostNet
+      hostNetwork: true
+      {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
+      shareProcessNamespace: true
+      {{- else }}
+      hostPID: true
+      {{- end }}
+      initContainers:
+{{ tuple $envAll "pod_dependency" $mounts_neutron_ovn_metadata_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+        - name: neutron-ovn-metadata-agent-init
+{{ tuple $envAll "neutron_ovn_metadata" | include "helm-toolkit.snippets.image" | indent 10 }}
+{{ tuple $envAll $envAll.Values.pod.resources.agent.ovn_metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ dict "envAll" $envAll "application" "neutron_ovn_metadata_agent" "container" "neutron_ovn_metadata_agent_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+          env:
+            - name: NEUTRON_USER_UID
+              value: "{{ .Values.pod.security_context.neutron_ovn_metadata_agent.pod.runAsUser }}"
+          command:
+            - /tmp/neutron-ovn-metadata-agent-init.sh
+          volumeMounts:
+            - name: run
+              mountPath: /run
+            - name: pod-tmp
+              mountPath: /tmp
+            - name: neutron-bin
+              mountPath: /tmp/neutron-ovn-metadata-agent-init.sh
+              subPath: neutron-ovn-metadata-agent-init.sh
+              readOnly: true
+            - name: neutron-etc
+              mountPath: /etc/neutron/neutron.conf
+              subPath: neutron.conf
+              readOnly: true
+            - name: socket
+              mountPath: /var/lib/neutron/openstack-helm
+      containers:
+        - name: neutron-ovn-metadata-agent
+{{ tuple $envAll "neutron_metadata" | include "helm-toolkit.snippets.image" | indent 10 }}
+{{ tuple $envAll $envAll.Values.pod.resources.agent.ovn_metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+          env:
+            - name: RPC_PROBE_TIMEOUT
+              value: "{{ .Values.pod.probes.rpc_timeout }}"
+            - name: RPC_PROBE_RETRIES
+              value: "{{ .Values.pod.probes.rpc_retries }}"
+{{ dict "envAll" $envAll "component" "ovn_metadata_agent" "container" "ovn_metadata_agent" "type" "readiness" "probeTemplate" (include "ovnMetadataAgentReadinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
+{{ dict "envAll" $envAll "component" "ovn_metadata_agent" "container" "ovn_metadata_agent" "type" "liveness" "probeTemplate" (include "ovnMetadataAgentLivenessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
+          securityContext:
+            privileged: true
+          command:
+            - /tmp/neutron-ovn-metadata-agent.sh
+          volumeMounts:
+            - name: run
+              mountPath: /run
+            - name: pod-tmp
+              mountPath: /tmp
+            - name: pod-var-neutron
+              mountPath: {{ .Values.conf.neutron.DEFAULT.state_path }}
+            - name: neutron-bin
+              mountPath: /tmp/neutron-ovn-metadata-agent.sh
+              subPath: neutron-ovn-metadata-agent.sh
+              readOnly: true
+            - name: neutron-bin
+              mountPath: /tmp/health-probe.py
+              subPath: health-probe.py
+              readOnly: true
+            - name: neutron-etc
+              mountPath: /etc/neutron/neutron.conf
+              subPath: neutron.conf
+              readOnly: true
+            {{- if .Values.conf.neutron.DEFAULT.log_config_append }}
+            - name: neutron-etc
+              mountPath: {{ .Values.conf.neutron.DEFAULT.log_config_append }}
+              subPath: {{ base .Values.conf.neutron.DEFAULT.log_config_append }}
+              readOnly: true
+            {{- end }}
+            - name: neutron-etc
+              mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini
+              subPath: ml2_conf.ini
+              readOnly: true
+            {{- if ( has "openvswitch" .Values.network.backend ) }}
+            - name: neutron-etc
+              mountPath: /etc/neutron/plugins/ml2/openvswitch_agent.ini
+              subPath: openvswitch_agent.ini
+              readOnly: true
+            {{- end }}
+            - name: neutron-etc
+              mountPath: /etc/neutron/ovn_metadata_agent.ini
+              subPath: ovn_metadata_agent.ini
+              readOnly: true
+            - name: neutron-etc
+              # NOTE (Portdirect): We mount here to override Kollas
+              # custom sudoers file when using Kolla images, this
+              # location will also work fine for other images.
+              mountPath: /etc/sudoers.d/kolla_neutron_sudoers
+              subPath: neutron_sudoers
+              readOnly: true
+            - name: neutron-etc
+              mountPath: /etc/neutron/rootwrap.conf
+              subPath: rootwrap.conf
+              readOnly: true
+            {{- range $key, $value := $envAll.Values.conf.rootwrap_filters }}
+            {{- if ( has "ovn_metadata_agent" $value.pods ) }}
+            {{- $filePrefix := replace "_" "-"  $key }}
+            {{- $rootwrapFile := printf "/etc/neutron/rootwrap.d/%s.filters" $filePrefix }}
+            - name: neutron-etc
+              mountPath: {{ $rootwrapFile }}
+              subPath: {{ base $rootwrapFile }}
+              readOnly: true
+            {{- end }}
+            {{- end }}
+            - name: socket
+              mountPath: /var/lib/neutron/openstack-helm
+            {{- if .Values.network.share_namespaces }}
+            - name: host-run-netns
+              mountPath: /run/netns
+              mountPropagation: Bidirectional
+            {{- end }}
+{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute_metadata.metadata.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+{{ if $mounts_neutron_ovn_metadata_agent.volumeMounts }}{{ toYaml $mounts_neutron_ovn_metadata_agent.volumeMounts | indent 12 }}{{ end }}
+      volumes:
+        - name: pod-tmp
+          emptyDir: {}
+        - name: pod-var-neutron
+          emptyDir: {}
+        - name: run
+          hostPath:
+            path: /run
+        - name: neutron-bin
+          configMap:
+            name: neutron-bin
+            defaultMode: 0555
+        - name: neutron-etc
+          secret:
+            secretName: {{ $configMapName }}
+            defaultMode: 0444
+        - name: socket
+          hostPath:
+            path: /var/lib/neutron/openstack-helm
+        {{- if .Values.network.share_namespaces }}
+        - name: host-run-netns
+          hostPath:
+            path: /run/netns
+        {{- end }}
+{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute_metadata.metadata.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
+{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
+{{ if $mounts_neutron_ovn_metadata_agent.volumes }}{{ toYaml $mounts_neutron_ovn_metadata_agent.volumes | indent 8 }}{{ end }}
+{{- end }}
+{{- end }}
+
+{{- if .Values.manifests.daemonset_ovn_metadata_agent }}
+{{- $envAll := . }}
+{{- $daemonset := "ovn-metadata-agent" }}
+{{- $configMapName := "neutron-etc" }}
+{{- $serviceAccountName := "neutron-ovn-metadata-agent" }}
+{{- $dependencyOpts := dict "envAll" $envAll "dependencyMixinParam" $envAll.Values.network.backend "dependencyKey" "ovn-metadata" -}}
+{{- $_ := include "helm-toolkit.utils.dependency_resolver" $dependencyOpts | toString | fromYaml }}
+{{ tuple $envAll "pod_dependency" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+{{- $daemonset_yaml := list $daemonset $configMapName $serviceAccountName . | include "neutron.ovn_metadata_agent.daemonset" | toString | fromYaml }}
+{{- $configmap_yaml := "neutron.configmap.etc" }}
+{{- list $daemonset $daemonset_yaml $configmap_yaml $configMapName . | include "helm-toolkit.utils.daemonset_overrides" }}
+{{- end }}
diff --git a/charts/neutron/templates/deployment-server.yaml b/charts/neutron/templates/deployment-server.yaml
index 2e39a40..12ca245 100644
--- a/charts/neutron/templates/deployment-server.yaml
+++ b/charts/neutron/templates/deployment-server.yaml
@@ -91,6 +91,29 @@
       terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.server.timeout | default "30" }}
       initContainers:
 {{ tuple $envAll "pod_dependency" $mounts_neutron_server_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+        {{- if ( has "ovn" .Values.network.backend ) }}
+        - name: ovn-neutron-init
+{{ tuple $envAll "neutron_server" | include "helm-toolkit.snippets.image" | indent 10 }}
+          command:
+            - /tmp/neutron-server-ovn-init.sh
+          volumeMounts:
+            - name: pod-tmp
+              mountPath: /tmp
+            - name: pod-shared
+              mountPath: /tmp/pod-shared
+            - name: neutron-bin
+              mountPath: /tmp/neutron-server-ovn-init.sh
+              subPath: neutron-server-ovn-init.sh
+              readOnly: true
+            - name: neutron-etc
+              mountPath: /etc/nginx/nginx.conf
+              subPath: nginx.conf
+              readOnly: true
+            - name: neutron-etc
+              mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini
+              subPath: ml2_conf.ini
+              readOnly: true
+        {{- end }}
         {{- if ( has "tungstenfabric" .Values.network.backend ) }}
         - name: tungstenfabric-neutron-init
           image: {{ .Values.images.tags.tf_neutron_init }}
@@ -176,6 +199,8 @@
           volumeMounts:
             - name: pod-tmp
               mountPath: /tmp
+            - name: pod-shared
+              mountPath: /tmp/pod-shared
             - name: pod-var-neutron
               mountPath: {{ .Values.conf.neutron.DEFAULT.state_path }}
             - name: neutron-bin
@@ -243,10 +268,12 @@
               subPath: l2gw_plugin.ini
               readOnly: true
             {{ end }}
+            {{- if .Values.conf.paste }}
             - name: neutron-etc
               mountPath: /etc/neutron/api-paste.ini
               subPath: api-paste.ini
               readOnly: true
+            {{ end }}
             - name: neutron-etc
               mountPath: /etc/neutron/policy.yaml
               subPath: policy.yaml
@@ -258,6 +285,8 @@
       volumes:
         - name: pod-tmp
           emptyDir: {}
+        - name: pod-shared
+          emptyDir: {}
         {{- if .Values.manifests.certificates }}
         - name: wsgi-neutron
           emptyDir: {}
diff --git a/charts/neutron/values.yaml b/charts/neutron/values.yaml
index 57a93a8..fa311b4 100644
--- a/charts/neutron/values.yaml
+++ b/charts/neutron/values.yaml
@@ -33,6 +33,7 @@
     neutron_server: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
     neutron_dhcp: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
     neutron_metadata: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
+    neutron_ovn_metadata: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
     neutron_l3: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
     neutron_l2gw: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
     neutron_openvswitch_agent: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
@@ -62,6 +63,9 @@
     metadata:
       node_selector_key: openstack-control-plane
       node_selector_value: enabled
+    ovn_metadata:
+      node_selector_key: openstack-compute-node
+      node_selector_value: enabled
     l2gw:
       node_selector_key: openstack-control-plane
       node_selector_value: enabled
@@ -156,6 +160,7 @@
       sriov: {}
       l2gateway: {}
       bagpipe_bgp: {}
+      ovn: {}
       openvswitch:
         dhcp:
           pod:
@@ -279,6 +284,19 @@
           service: compute
         - endpoint: public
           service: compute_metadata
+    ovn_metadata:
+      pod: null
+      jobs:
+        - neutron-rabbit-init
+      services:
+        - endpoint: internal
+          service: oslo_messaging
+        - endpoint: internal
+          service: network
+        - endpoint: internal
+          service: compute
+        - endpoint: public
+          service: compute_metadata
     ovs_agent:
       jobs:
         - neutron-rabbit-init
@@ -385,6 +403,20 @@
             initialDelaySeconds: 120
             periodSeconds: 600
             timeoutSeconds: 580
+    ovn_metadata_agent:
+      ovn_metadata_agent:
+        readiness:
+          enabled: true
+          params:
+            initialDelaySeconds: 30
+            periodSeconds: 190
+            timeoutSeconds: 185
+        liveness:
+          enabled: true
+          params:
+            initialDelaySeconds: 120
+            periodSeconds: 600
+            timeoutSeconds: 580
     ovs_agent:
       ovs_agent:
         readiness:
@@ -490,6 +522,13 @@
         neutron_metadata_agent_init:
           runAsUser: 0
           readOnlyRootFilesystem: true
+    neutron_ovn_metadata_agent:
+      pod:
+        runAsUser: 42424
+      container:
+        neutron_ovn_metadata_agent_init:
+          runAsUser: 0
+          readOnlyRootFilesystem: true
     neutron_ovs_agent:
       pod:
         runAsUser: 42424
@@ -558,6 +597,9 @@
       - key: node-role.kubernetes.io/master
         operator: Exists
         effect: NoSchedule
+      - key: node-role.kubernetes.io/control-plane
+        operator: Exists
+        effect: NoSchedule
   mounts:
     neutron_server:
       init_container: null
@@ -584,6 +626,11 @@
       neutron_metadata_agent:
         volumeMounts:
         volumes:
+    neutron_ovn_metadata_agent:
+      init_container: null
+      neutron_ovn_metadata_agent:
+        volumeMounts:
+        volumes:
     neutron_ovs_agent:
       init_container: null
       neutron_ovs_agent:
@@ -661,6 +708,10 @@
           enabled: true
           min_ready_seconds: 0
           max_unavailable: 1
+        ovn_metadata_agent:
+          enabled: true
+          min_ready_seconds: 0
+          max_unavailable: 1
         ovs_agent:
           enabled: true
           min_ready_seconds: 0
@@ -712,6 +763,13 @@
         limits:
           memory: "1024Mi"
           cpu: "2000m"
+      ovn_metadata:
+        requests:
+          memory: "128Mi"
+          cpu: "100m"
+        limits:
+          memory: "1024Mi"
+          cpu: "2000m"
       ovs:
         requests:
           memory: "128Mi"
@@ -1122,43 +1180,7 @@
           sla:
             failure_rate:
               max: 0
-  paste:
-    composite:neutron:
-      use: egg:Paste#urlmap
-      /: neutronversions_composite
-      /v2.0: neutronapi_v2_0
-    composite:neutronapi_v2_0:
-      use: call:neutron.auth:pipeline_factory
-      noauth: cors http_proxy_to_wsgi request_id catch_errors extensions neutronapiapp_v2_0
-      keystone: cors http_proxy_to_wsgi request_id catch_errors authtoken audit keystonecontext extensions neutronapiapp_v2_0
-    composite:neutronversions_composite:
-      use: call:neutron.auth:pipeline_factory
-      noauth: cors http_proxy_to_wsgi neutronversions
-      keystone: cors http_proxy_to_wsgi neutronversions
-    filter:request_id:
-      paste.filter_factory: oslo_middleware:RequestId.factory
-    filter:catch_errors:
-      paste.filter_factory: oslo_middleware:CatchErrors.factory
-    filter:cors:
-      paste.filter_factory: oslo_middleware.cors:filter_factory
-      oslo_config_project: neutron
-    filter:http_proxy_to_wsgi:
-      paste.filter_factory: oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory
-    filter:keystonecontext:
-      paste.filter_factory: neutron.auth:NeutronKeystoneContext.factory
-    filter:authtoken:
-      paste.filter_factory: keystonemiddleware.auth_token:filter_factory
-    filter:audit:
-      paste.filter_factory: keystonemiddleware.audit:filter_factory
-      audit_map_file: /etc/neutron/api_audit_map.conf
-    filter:extensions:
-      paste.filter_factory: neutron.api.extensions:plugin_aware_extension_middleware_factory
-    app:neutronversions:
-      paste.app_factory: neutron.pecan_wsgi.app:versions_factory
-    app:neutronapiapp_v2_0:
-      paste.app_factory: neutron.api.v2.router:APIRouter.factory
-    filter:osprofiler:
-      paste.filter_factory: osprofiler.web:WsgiMiddleware.factory
+  paste: {}
   policy: {}
   api_audit_map:
     DEFAULT:
@@ -1233,6 +1255,7 @@
         - l3_agent
         - lb_agent
         - metadata_agent
+        - ovn_metadata_agent
         - ovs_agent
         - sriov_agent
       content: |
@@ -1260,6 +1283,7 @@
         - l3_agent
         - lb_agent
         - metadata_agent
+        - ovn_metadata_agent
         - ovs_agent
         - sriov_agent
       content: |
@@ -1285,6 +1309,7 @@
         - l3_agent
         - lb_agent
         - metadata_agent
+        - ovn_metadata_agent
         - ovs_agent
         - sriov_agent
       content: |
@@ -1306,6 +1331,7 @@
         - l3_agent
         - lb_agent
         - metadata_agent
+        - ovn_metadata_agent
         - ovs_agent
         - sriov_agent
       content: |
@@ -1396,6 +1422,7 @@
         - l3_agent
         - lb_agent
         - metadata_agent
+        - ovn_metadata_agent
         - ovs_agent
         - sriov_agent
         - netns_cleanup_cron
@@ -1418,6 +1445,7 @@
         - l3_agent
         - lb_agent
         - metadata_agent
+        - ovn_metadata_agent
         - ovs_agent
         - sriov_agent
         - netns_cleanup_cron
@@ -1467,6 +1495,7 @@
         - l3_agent
         - lb_agent
         - metadata_agent
+        - ovn_metadata_agent
         - ovs_agent
         - sriov_agent
       content: |
@@ -1487,6 +1516,7 @@
         - l3_agent
         - lb_agent
         - metadata_agent
+        - ovn_metadata_agent
         - ovs_agent
         - sriov_agent
       content: |
@@ -1523,6 +1553,7 @@
         - l3_agent
         - lb_agent
         - metadata_agent
+        - ovn_metadata_agent
         - ovs_agent
         - sriov_agent
       content: |
@@ -1560,6 +1591,7 @@
         - l3_agent
         - lb_agent
         - metadata_agent
+        - ovn_metadata_agent
         - ovs_agent
         - sriov_agent
       content: |
@@ -1597,6 +1629,7 @@
         - l3_agent
         - lb_agent
         - metadata_agent
+        - ovn_metadata_agent
         - ovs_agent
         - sriov_agent
         - netns_cleanup_cron
@@ -1743,6 +1776,7 @@
       memcache_security_strategy: ENCRYPT
       auth_type: password
       auth_version: v3
+      service_type: network
     octavia:
       request_poll_timeout: 3000
   logging:
@@ -1818,7 +1852,7 @@
         # (NOTE)portdirect: if unset this is populated dyanmicly from the value
         # in 'network.backend' to sane defaults.
         mechanism_drivers: null
-        type_drivers: flat,vlan,vxlan
+        type_drivers: flat,vlan,vxlan,local
         tenant_network_types: vxlan
       ml2_type_vxlan:
         vni_ranges: 1:1000
@@ -1907,6 +1941,7 @@
       enabled: true
       backend: dogpile.cache.memcached
   bagpipe_bgp: {}
+  ovn_metadata_agent: {}
 
   rabbitmq:
     # NOTE(rk760n): adding rmq policy to mirror messages from notification queues and set expiration time for the ones
diff --git a/charts/nova/Chart.yaml b/charts/nova/Chart.yaml
index 818a9b9..641e158 100644
--- a/charts/nova/Chart.yaml
+++ b/charts/nova/Chart.yaml
@@ -9,4 +9,4 @@
 sources:
 - https://opendev.org/openstack/nova
 - https://opendev.org/openstack/openstack-helm
-version: 0.3.1
+version: 0.3.10
diff --git a/charts/nova/charts/helm-toolkit/Chart.yaml b/charts/nova/charts/helm-toolkit/Chart.yaml
index c1296b9..7d3703e 100644
--- a/charts/nova/charts/helm-toolkit/Chart.yaml
+++ b/charts/nova/charts/helm-toolkit/Chart.yaml
@@ -9,4 +9,4 @@
 sources:
 - https://opendev.org/openstack/openstack-helm-infra
 - https://opendev.org/openstack/openstack-helm
-version: 0.2.51
+version: 0.2.53
diff --git a/charts/nova/charts/helm-toolkit/templates/scripts/_db-init.py.tpl b/charts/nova/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
index 4294d40..6027b95 100644
--- a/charts/nova/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
+++ b/charts/nova/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
@@ -133,8 +133,10 @@
 # Create DB User
 try:
     root_engine.execute(
-        "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\' IDENTIFIED BY \'{2}\' {3}".format(
-            database, user, password, mysql_x509))
+        "CREATE USER IF NOT EXISTS \'{0}\'@\'%%\' IDENTIFIED BY \'{1}\' {2}".format(
+            user, password, mysql_x509))
+    root_engine.execute(
+        "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\'".format(database, user))
     logger.info("Created user {0} for {1}".format(user, database))
 except:
     logger.critical("Could not create user {0} for {1}".format(user, database))
diff --git a/charts/nova/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/nova/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
index 9597d34..3963bd4 100644
--- a/charts/nova/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
+++ b/charts/nova/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
@@ -214,7 +214,7 @@
   fi
 
   # load balance delay
-  DELAY=$((1 + ${RANDOM} % 300))
+  DELAY=$((1 + ${RANDOM} % 30))
   echo "Sleeping for ${DELAY} seconds to spread the load in time..."
   sleep ${DELAY}
 
@@ -231,31 +231,17 @@
     return 2
   fi
 
-  # load balance delay
-  DELAY=$((1 + ${RANDOM} % 300))
-  echo "Sleeping for ${DELAY} seconds to spread the load in time..."
-  sleep ${DELAY}
-
-  # Calculation remote file SHA256 hash
-  REMOTE_FILE=$(mktemp -p /tmp)
-  openstack object save --file ${REMOTE_FILE} $CONTAINER_NAME $FILE
-  if [[ $? -ne 0 ]]; then
-    log WARN "${DB_NAME}_backup" "Unable to save container object $FILE for SHA256 hash verification."
-    rm -rf ${REMOTE_FILE}
-    return 1
-  fi
-
   # Remote backup verification
-  SHA256_REMOTE=$(cat ${REMOTE_FILE} | sha256sum | awk '{print $1}')
-  SHA256_LOCAL=$(cat ${FILEPATH}/${FILE} | sha256sum | awk '{print $1}')
-  log INFO "${DB_NAME}_backup" "Calculated SHA256 hashes for the file $FILE in container $CONTAINER_NAME."
-  log INFO "${DB_NAME}_backup" "Local SHA256 hash is ${SHA256_LOCAL}."
-  log INFO "${DB_NAME}_backup" "Remote SHA256 hash is ${SHA256_REMOTE}."
-  if [[ "${SHA256_LOCAL}" == "${SHA256_REMOTE}" ]]; then
-      log INFO "${DB_NAME}_backup" "The local backup & remote backup SHA256 hash values are matching for file $FILE in container $CONTAINER_NAME."
+  MD5_REMOTE=$(openstack object show $CONTAINER_NAME $FILE -f json | jq -r ".etag")
+  MD5_LOCAL=$(cat ${FILEPATH}/${FILE} | md5sum | awk '{print $1}')
+  log INFO "${DB_NAME}_backup" "Obtained MD5 hash for the file $FILE in container $CONTAINER_NAME."
+  log INFO "${DB_NAME}_backup" "Local MD5 hash is ${MD5_LOCAL}."
+  log INFO "${DB_NAME}_backup" "Remote MD5 hash is ${MD5_REMOTE}."
+  if [[ "${MD5_LOCAL}" == "${MD5_REMOTE}" ]]; then
+      log INFO "${DB_NAME}_backup" "The local backup & remote backup MD5 hash values are matching for file $FILE in container $CONTAINER_NAME."
   else
-      log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup sha256 hash values"
-      return 1
+      log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values"
+      return 2
   fi
   rm -rf ${REMOTE_FILE}
 
diff --git a/charts/nova/requirements.lock b/charts/nova/requirements.lock
index 75ab5ad..45f58d3 100644
--- a/charts/nova/requirements.lock
+++ b/charts/nova/requirements.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: helm-toolkit
   repository: file://../../openstack-helm-infra/helm-toolkit
-  version: 0.2.51
-digest: sha256:9fe05ff9103d825422e13cdd8ce9852c3dacfadc12751b7883affdbe483b1b3b
-generated: "2023-01-30T23:09:59.565900423Z"
+  version: 0.2.53
+digest: sha256:f8f4fbba6f638b79447f7e458933b07deb792ae30a14df5900bde542cf0e64a6
+generated: "2023-05-16T04:42:22.712454279Z"
diff --git a/charts/nova/templates/bin/_ssh-start.sh.tpl b/charts/nova/templates/bin/_ssh-start.sh.tpl
index abbf9f0..562da44 100644
--- a/charts/nova/templates/bin/_ssh-start.sh.tpl
+++ b/charts/nova/templates/bin/_ssh-start.sh.tpl
@@ -35,4 +35,6 @@
 
 rm /tmp/sshd_config_extend
 
+mkdir -p /run/sshd
+
 exec /usr/sbin/sshd -D -e -o Port=$SSH_PORT
diff --git a/charts/nova/templates/configmap-etc.yaml b/charts/nova/templates/configmap-etc.yaml
index 12ad86c..b7638e5 100644
--- a/charts/nova/templates/configmap-etc.yaml
+++ b/charts/nova/templates/configmap-etc.yaml
@@ -81,6 +81,10 @@
 
 {{- end -}}
 
+{{- if not .Values.conf.paste }}
+{{- $_ := set $envAll.Values.conf.nova.wsgi "api_paste_config" "/var/lib/openstack/etc/nova/api-paste.ini" -}}
+{{- end }}
+
 {{- if empty .Values.conf.nova.database.connection -}}
 {{- $connection := tuple "oslo_db" "internal" "nova" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" -}}
 {{- if .Values.manifests.certificates -}}
@@ -270,7 +274,9 @@
 type: Opaque
 data:
   rally_tests.yaml: {{ toYaml .Values.conf.rally_tests.tests | b64enc }}
+  {{- if .Values.conf.paste }}
   api-paste.ini: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.paste | b64enc }}
+  {{- end }}
   policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
   nova_sudoers: {{ $envAll.Values.conf.nova_sudoers | b64enc }}
   rootwrap.conf: {{ .Values.conf.rootwrap | b64enc }}
diff --git a/charts/nova/templates/deployment-api-metadata.yaml b/charts/nova/templates/deployment-api-metadata.yaml
index e7039f5..1d74685 100644
--- a/charts/nova/templates/deployment-api-metadata.yaml
+++ b/charts/nova/templates/deployment-api-metadata.yaml
@@ -142,10 +142,12 @@
               subPath: {{ base .Values.conf.nova.DEFAULT.log_config_append }}
               readOnly: true
             {{- end }}
+            {{- if .Values.conf.paste }}
             - name: nova-etc
               mountPath: /etc/nova/api-paste.ini
               subPath: api-paste.ini
               readOnly: true
+            {{- end }}
             - name: nova-etc
               mountPath: /etc/nova/policy.yaml
               subPath: policy.yaml
diff --git a/charts/nova/templates/deployment-api-osapi.yaml b/charts/nova/templates/deployment-api-osapi.yaml
index 4cb6744..df57940 100644
--- a/charts/nova/templates/deployment-api-osapi.yaml
+++ b/charts/nova/templates/deployment-api-osapi.yaml
@@ -114,10 +114,12 @@
               subPath: {{ base .Values.conf.nova.DEFAULT.log_config_append }}
               readOnly: true
             {{- end }}
+            {{- if .Values.conf.paste }}
             - name: nova-etc
               mountPath: /etc/nova/api-paste.ini
               subPath: api-paste.ini
               readOnly: true
+            {{- end }}
             - name: nova-etc
               mountPath: /etc/nova/policy.yaml
               subPath: policy.yaml
diff --git a/charts/nova/templates/deployment-spiceproxy.yaml b/charts/nova/templates/deployment-spiceproxy.yaml
index e430d25..2c65401 100644
--- a/charts/nova/templates/deployment-spiceproxy.yaml
+++ b/charts/nova/templates/deployment-spiceproxy.yaml
@@ -17,7 +17,7 @@
   port: {{ tuple "compute_spice_proxy" "internal" "spice_proxy" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
 {{- end }}
 
-{{- define "novaSpiceproxyReadynessProbeTemplate" }}
+{{- define "novaSpiceproxyReadinessProbeTemplate" }}
 tcpSocket:
   port: {{ tuple "compute_spice_proxy" "internal" "spice_proxy" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
 {{- end }}
diff --git a/charts/nova/values.yaml b/charts/nova/values.yaml
index 26841a4..b725160 100644
--- a/charts/nova/values.yaml
+++ b/charts/nova/values.yaml
@@ -796,57 +796,7 @@
           sla:
             failure_rate:
               max: 0
-  paste:
-    composite:metadata:
-      use: egg:Paste#urlmap
-      /: meta
-    pipeline:meta:
-      pipeline: cors metaapp
-    app:metaapp:
-      paste.app_factory: nova.api.metadata.handler:MetadataRequestHandler.factory
-    composite:osapi_compute:
-      use: call:nova.api.openstack.urlmap:urlmap_factory
-      /: oscomputeversions
-      /v2: openstack_compute_api_v21_legacy_v2_compatible
-      /v2.1: openstack_compute_api_v21
-    composite:openstack_compute_api_v21:
-      use: call:nova.api.auth:pipeline_factory_v21
-      noauth2: cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit noauth2 osapi_compute_app_v21
-      keystone: cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit authtoken audit keystonecontext osapi_compute_app_v21
-    composite:openstack_compute_api_v21_legacy_v2_compatible:
-      use: call:nova.api.auth:pipeline_factory_v21
-      noauth2: cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit noauth2 legacy_v2_compatible osapi_compute_app_v21
-      keystone: cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit authtoken audit keystonecontext legacy_v2_compatible osapi_compute_app_v21
-    filter:request_id:
-      paste.filter_factory: oslo_middleware:RequestId.factory
-    filter:compute_req_id:
-      paste.filter_factory: nova.api.compute_req_id:ComputeReqIdMiddleware.factory
-    filter:faultwrap:
-      paste.filter_factory: nova.api.openstack:FaultWrapper.factory
-    filter:noauth2:
-      paste.filter_factory: nova.api.openstack.auth:NoAuthMiddleware.factory
-    filter:sizelimit:
-      paste.filter_factory: oslo_middleware:RequestBodySizeLimiter.factory
-    filter:http_proxy_to_wsgi:
-      paste.filter_factory: oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory
-    filter:legacy_v2_compatible:
-      paste.filter_factory: nova.api.openstack:LegacyV2CompatibleWrapper.factory
-    app:osapi_compute_app_v21:
-      paste.app_factory: nova.api.openstack.compute:APIRouterV21.factory
-    pipeline:oscomputeversions:
-      pipeline: faultwrap http_proxy_to_wsgi oscomputeversionapp
-    app:oscomputeversionapp:
-      paste.app_factory: nova.api.openstack.compute.versions:Versions.factory
-    filter:cors:
-      paste.filter_factory: oslo_middleware.cors:filter_factory
-      oslo_config_project: nova
-    filter:keystonecontext:
-      paste.filter_factory: nova.api.auth:NovaKeystoneContext.factory
-    filter:authtoken:
-      paste.filter_factory: keystonemiddleware.auth_token:filter_factory
-    filter:audit:
-      paste.filter_factory: keystonemiddleware.audit:filter_factory
-      audit_map_file: /etc/nova/api_audit_map.conf
+  paste: {}
   policy: {}
   nova_sudoers: |
     # This sudoers file supports rootwrap for both Kolla and LOCI Images.
@@ -1399,6 +1349,7 @@
       auth_type: password
       auth_version: v3
       memcache_security_strategy: ENCRYPT
+      service_type: compute
     notifications:
       notify_on_state_change: vm_and_task_state
     service_user:
@@ -2164,6 +2115,9 @@
       - key: node-role.kubernetes.io/master
         operator: Exists
         effect: NoSchedule
+      - key: node-role.kubernetes.io/control-plane
+        operator: Exists
+        effect: NoSchedule
   mounts:
     nova_compute:
       init_container: null
diff --git a/charts/octavia/charts/helm-toolkit/Chart.yaml b/charts/octavia/charts/helm-toolkit/Chart.yaml
index c1296b9..7d3703e 100644
--- a/charts/octavia/charts/helm-toolkit/Chart.yaml
+++ b/charts/octavia/charts/helm-toolkit/Chart.yaml
@@ -9,4 +9,4 @@
 sources:
 - https://opendev.org/openstack/openstack-helm-infra
 - https://opendev.org/openstack/openstack-helm
-version: 0.2.51
+version: 0.2.53
diff --git a/charts/octavia/charts/helm-toolkit/templates/scripts/_db-init.py.tpl b/charts/octavia/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
index 4294d40..6027b95 100644
--- a/charts/octavia/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
+++ b/charts/octavia/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
@@ -133,8 +133,10 @@
 # Create DB User
 try:
     root_engine.execute(
-        "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\' IDENTIFIED BY \'{2}\' {3}".format(
-            database, user, password, mysql_x509))
+        "CREATE USER IF NOT EXISTS \'{0}\'@\'%%\' IDENTIFIED BY \'{1}\' {2}".format(
+            user, password, mysql_x509))
+    root_engine.execute(
+        "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\'".format(database, user))
     logger.info("Created user {0} for {1}".format(user, database))
 except:
     logger.critical("Could not create user {0} for {1}".format(user, database))
diff --git a/charts/octavia/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/octavia/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
index 9597d34..3963bd4 100644
--- a/charts/octavia/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
+++ b/charts/octavia/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
@@ -214,7 +214,7 @@
   fi
 
   # load balance delay
-  DELAY=$((1 + ${RANDOM} % 300))
+  DELAY=$((1 + ${RANDOM} % 30))
   echo "Sleeping for ${DELAY} seconds to spread the load in time..."
   sleep ${DELAY}
 
@@ -231,31 +231,17 @@
     return 2
   fi
 
-  # load balance delay
-  DELAY=$((1 + ${RANDOM} % 300))
-  echo "Sleeping for ${DELAY} seconds to spread the load in time..."
-  sleep ${DELAY}
-
-  # Calculation remote file SHA256 hash
-  REMOTE_FILE=$(mktemp -p /tmp)
-  openstack object save --file ${REMOTE_FILE} $CONTAINER_NAME $FILE
-  if [[ $? -ne 0 ]]; then
-    log WARN "${DB_NAME}_backup" "Unable to save container object $FILE for SHA256 hash verification."
-    rm -rf ${REMOTE_FILE}
-    return 1
-  fi
-
   # Remote backup verification
-  SHA256_REMOTE=$(cat ${REMOTE_FILE} | sha256sum | awk '{print $1}')
-  SHA256_LOCAL=$(cat ${FILEPATH}/${FILE} | sha256sum | awk '{print $1}')
-  log INFO "${DB_NAME}_backup" "Calculated SHA256 hashes for the file $FILE in container $CONTAINER_NAME."
-  log INFO "${DB_NAME}_backup" "Local SHA256 hash is ${SHA256_LOCAL}."
-  log INFO "${DB_NAME}_backup" "Remote SHA256 hash is ${SHA256_REMOTE}."
-  if [[ "${SHA256_LOCAL}" == "${SHA256_REMOTE}" ]]; then
-      log INFO "${DB_NAME}_backup" "The local backup & remote backup SHA256 hash values are matching for file $FILE in container $CONTAINER_NAME."
+  MD5_REMOTE=$(openstack object show $CONTAINER_NAME $FILE -f json | jq -r ".etag")
+  MD5_LOCAL=$(cat ${FILEPATH}/${FILE} | md5sum | awk '{print $1}')
+  log INFO "${DB_NAME}_backup" "Obtained MD5 hash for the file $FILE in container $CONTAINER_NAME."
+  log INFO "${DB_NAME}_backup" "Local MD5 hash is ${MD5_LOCAL}."
+  log INFO "${DB_NAME}_backup" "Remote MD5 hash is ${MD5_REMOTE}."
+  if [[ "${MD5_LOCAL}" == "${MD5_REMOTE}" ]]; then
+      log INFO "${DB_NAME}_backup" "The local backup & remote backup MD5 hash values are matching for file $FILE in container $CONTAINER_NAME."
   else
-      log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup sha256 hash values"
-      return 1
+      log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values"
+      return 2
   fi
   rm -rf ${REMOTE_FILE}
 
diff --git a/charts/octavia/requirements.lock b/charts/octavia/requirements.lock
index 00f9746..e4f2815 100644
--- a/charts/octavia/requirements.lock
+++ b/charts/octavia/requirements.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: helm-toolkit
   repository: file://../../openstack-helm-infra/helm-toolkit
-  version: 0.2.51
-digest: sha256:9fe05ff9103d825422e13cdd8ce9852c3dacfadc12751b7883affdbe483b1b3b
-generated: "2023-01-30T23:10:02.04681901Z"
+  version: 0.2.53
+digest: sha256:f8f4fbba6f638b79447f7e458933b07deb792ae30a14df5900bde542cf0e64a6
+generated: "2023-05-11T04:21:24.12208598Z"
diff --git a/charts/openvswitch/charts/helm-toolkit/Chart.yaml b/charts/openvswitch/charts/helm-toolkit/Chart.yaml
index c1296b9..404f380 100644
--- a/charts/openvswitch/charts/helm-toolkit/Chart.yaml
+++ b/charts/openvswitch/charts/helm-toolkit/Chart.yaml
@@ -9,4 +9,4 @@
 sources:
 - https://opendev.org/openstack/openstack-helm-infra
 - https://opendev.org/openstack/openstack-helm
-version: 0.2.51
+version: 0.2.52
diff --git a/charts/openvswitch/charts/helm-toolkit/requirements.lock b/charts/openvswitch/charts/helm-toolkit/requirements.lock
index aa6325b..39023e8 100644
--- a/charts/openvswitch/charts/helm-toolkit/requirements.lock
+++ b/charts/openvswitch/charts/helm-toolkit/requirements.lock
@@ -1,3 +1,3 @@
 dependencies: []
 digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726
-generated: "2023-01-31T00:32:58.374919745Z"
+generated: "2023-03-17T16:48:36.562591008Z"
diff --git a/charts/openvswitch/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/openvswitch/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
index 9597d34..3963bd4 100644
--- a/charts/openvswitch/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
+++ b/charts/openvswitch/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
@@ -214,7 +214,7 @@
   fi
 
   # load balance delay
-  DELAY=$((1 + ${RANDOM} % 300))
+  DELAY=$((1 + ${RANDOM} % 30))
   echo "Sleeping for ${DELAY} seconds to spread the load in time..."
   sleep ${DELAY}
 
@@ -231,31 +231,17 @@
     return 2
   fi
 
-  # load balance delay
-  DELAY=$((1 + ${RANDOM} % 300))
-  echo "Sleeping for ${DELAY} seconds to spread the load in time..."
-  sleep ${DELAY}
-
-  # Calculation remote file SHA256 hash
-  REMOTE_FILE=$(mktemp -p /tmp)
-  openstack object save --file ${REMOTE_FILE} $CONTAINER_NAME $FILE
-  if [[ $? -ne 0 ]]; then
-    log WARN "${DB_NAME}_backup" "Unable to save container object $FILE for SHA256 hash verification."
-    rm -rf ${REMOTE_FILE}
-    return 1
-  fi
-
   # Remote backup verification
-  SHA256_REMOTE=$(cat ${REMOTE_FILE} | sha256sum | awk '{print $1}')
-  SHA256_LOCAL=$(cat ${FILEPATH}/${FILE} | sha256sum | awk '{print $1}')
-  log INFO "${DB_NAME}_backup" "Calculated SHA256 hashes for the file $FILE in container $CONTAINER_NAME."
-  log INFO "${DB_NAME}_backup" "Local SHA256 hash is ${SHA256_LOCAL}."
-  log INFO "${DB_NAME}_backup" "Remote SHA256 hash is ${SHA256_REMOTE}."
-  if [[ "${SHA256_LOCAL}" == "${SHA256_REMOTE}" ]]; then
-      log INFO "${DB_NAME}_backup" "The local backup & remote backup SHA256 hash values are matching for file $FILE in container $CONTAINER_NAME."
+  MD5_REMOTE=$(openstack object show $CONTAINER_NAME $FILE -f json | jq -r ".etag")
+  MD5_LOCAL=$(cat ${FILEPATH}/${FILE} | md5sum | awk '{print $1}')
+  log INFO "${DB_NAME}_backup" "Obtained MD5 hash for the file $FILE in container $CONTAINER_NAME."
+  log INFO "${DB_NAME}_backup" "Local MD5 hash is ${MD5_LOCAL}."
+  log INFO "${DB_NAME}_backup" "Remote MD5 hash is ${MD5_REMOTE}."
+  if [[ "${MD5_LOCAL}" == "${MD5_REMOTE}" ]]; then
+      log INFO "${DB_NAME}_backup" "The local backup & remote backup MD5 hash values are matching for file $FILE in container $CONTAINER_NAME."
   else
-      log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup sha256 hash values"
-      return 1
+      log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values"
+      return 2
   fi
   rm -rf ${REMOTE_FILE}
 
diff --git a/charts/openvswitch/requirements.lock b/charts/openvswitch/requirements.lock
index ede108c..d3495d7 100644
--- a/charts/openvswitch/requirements.lock
+++ b/charts/openvswitch/requirements.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: helm-toolkit
   repository: file://../helm-toolkit
-  version: 0.2.51
-digest: sha256:212d8fd57a982831cd076d64cb0e54974bd77971209f3acb266bc0a53fa83731
-generated: "2023-01-31T00:33:12.094612309Z"
+  version: 0.2.52
+digest: sha256:d7c1d04fc7525277f29dac7fc7d2996c60cb3e708f487cd2bf88a0236454f7e3
+generated: "2023-03-17T16:48:45.363831485Z"
diff --git a/charts/placement/charts/helm-toolkit/Chart.yaml b/charts/placement/charts/helm-toolkit/Chart.yaml
index c1296b9..404f380 100644
--- a/charts/placement/charts/helm-toolkit/Chart.yaml
+++ b/charts/placement/charts/helm-toolkit/Chart.yaml
@@ -9,4 +9,4 @@
 sources:
 - https://opendev.org/openstack/openstack-helm-infra
 - https://opendev.org/openstack/openstack-helm
-version: 0.2.51
+version: 0.2.52
diff --git a/charts/placement/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/placement/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
index 9597d34..3963bd4 100644
--- a/charts/placement/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
+++ b/charts/placement/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
@@ -214,7 +214,7 @@
   fi
 
   # load balance delay
-  DELAY=$((1 + ${RANDOM} % 300))
+  DELAY=$((1 + ${RANDOM} % 30))
   echo "Sleeping for ${DELAY} seconds to spread the load in time..."
   sleep ${DELAY}
 
@@ -231,31 +231,17 @@
     return 2
   fi
 
-  # load balance delay
-  DELAY=$((1 + ${RANDOM} % 300))
-  echo "Sleeping for ${DELAY} seconds to spread the load in time..."
-  sleep ${DELAY}
-
-  # Calculation remote file SHA256 hash
-  REMOTE_FILE=$(mktemp -p /tmp)
-  openstack object save --file ${REMOTE_FILE} $CONTAINER_NAME $FILE
-  if [[ $? -ne 0 ]]; then
-    log WARN "${DB_NAME}_backup" "Unable to save container object $FILE for SHA256 hash verification."
-    rm -rf ${REMOTE_FILE}
-    return 1
-  fi
-
   # Remote backup verification
-  SHA256_REMOTE=$(cat ${REMOTE_FILE} | sha256sum | awk '{print $1}')
-  SHA256_LOCAL=$(cat ${FILEPATH}/${FILE} | sha256sum | awk '{print $1}')
-  log INFO "${DB_NAME}_backup" "Calculated SHA256 hashes for the file $FILE in container $CONTAINER_NAME."
-  log INFO "${DB_NAME}_backup" "Local SHA256 hash is ${SHA256_LOCAL}."
-  log INFO "${DB_NAME}_backup" "Remote SHA256 hash is ${SHA256_REMOTE}."
-  if [[ "${SHA256_LOCAL}" == "${SHA256_REMOTE}" ]]; then
-      log INFO "${DB_NAME}_backup" "The local backup & remote backup SHA256 hash values are matching for file $FILE in container $CONTAINER_NAME."
+  MD5_REMOTE=$(openstack object show $CONTAINER_NAME $FILE -f json | jq -r ".etag")
+  MD5_LOCAL=$(cat ${FILEPATH}/${FILE} | md5sum | awk '{print $1}')
+  log INFO "${DB_NAME}_backup" "Obtained MD5 hash for the file $FILE in container $CONTAINER_NAME."
+  log INFO "${DB_NAME}_backup" "Local MD5 hash is ${MD5_LOCAL}."
+  log INFO "${DB_NAME}_backup" "Remote MD5 hash is ${MD5_REMOTE}."
+  if [[ "${MD5_LOCAL}" == "${MD5_REMOTE}" ]]; then
+      log INFO "${DB_NAME}_backup" "The local backup & remote backup MD5 hash values are matching for file $FILE in container $CONTAINER_NAME."
   else
-      log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup sha256 hash values"
-      return 1
+      log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values"
+      return 2
   fi
   rm -rf ${REMOTE_FILE}
 
diff --git a/charts/placement/requirements.lock b/charts/placement/requirements.lock
index 5ab47c6..cbe09c9 100644
--- a/charts/placement/requirements.lock
+++ b/charts/placement/requirements.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: helm-toolkit
   repository: file://../../openstack-helm-infra/helm-toolkit
-  version: 0.2.51
-digest: sha256:9fe05ff9103d825422e13cdd8ce9852c3dacfadc12751b7883affdbe483b1b3b
-generated: "2023-01-30T23:09:57.698852948Z"
+  version: 0.2.52
+digest: sha256:fa4cf6491d7d370591b9751dbc9e761b5ae4bd1fdfda954f0acc240b187e0551
+generated: "2023-03-20T23:06:01.180245043Z"
diff --git a/charts/senlin/Chart.yaml b/charts/senlin/Chart.yaml
index 2331440..4085ec4 100644
--- a/charts/senlin/Chart.yaml
+++ b/charts/senlin/Chart.yaml
@@ -9,4 +9,4 @@
 sources:
 - https://opendev.org/openstack/senlin
 - https://opendev.org/openstack/openstack-helm
-version: 0.2.8
+version: 0.2.9
diff --git a/charts/senlin/charts/helm-toolkit/Chart.yaml b/charts/senlin/charts/helm-toolkit/Chart.yaml
index c1296b9..7d3703e 100644
--- a/charts/senlin/charts/helm-toolkit/Chart.yaml
+++ b/charts/senlin/charts/helm-toolkit/Chart.yaml
@@ -9,4 +9,4 @@
 sources:
 - https://opendev.org/openstack/openstack-helm-infra
 - https://opendev.org/openstack/openstack-helm
-version: 0.2.51
+version: 0.2.53
diff --git a/charts/senlin/charts/helm-toolkit/templates/scripts/_db-init.py.tpl b/charts/senlin/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
index 4294d40..6027b95 100644
--- a/charts/senlin/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
+++ b/charts/senlin/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
@@ -133,8 +133,10 @@
 # Create DB User
 try:
     root_engine.execute(
-        "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\' IDENTIFIED BY \'{2}\' {3}".format(
-            database, user, password, mysql_x509))
+        "CREATE USER IF NOT EXISTS \'{0}\'@\'%%\' IDENTIFIED BY \'{1}\' {2}".format(
+            user, password, mysql_x509))
+    root_engine.execute(
+        "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\'".format(database, user))
     logger.info("Created user {0} for {1}".format(user, database))
 except:
     logger.critical("Could not create user {0} for {1}".format(user, database))
diff --git a/charts/senlin/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/senlin/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
index 9597d34..3963bd4 100644
--- a/charts/senlin/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
+++ b/charts/senlin/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
@@ -214,7 +214,7 @@
   fi
 
   # load balance delay
-  DELAY=$((1 + ${RANDOM} % 300))
+  DELAY=$((1 + ${RANDOM} % 30))
   echo "Sleeping for ${DELAY} seconds to spread the load in time..."
   sleep ${DELAY}
 
@@ -231,31 +231,17 @@
     return 2
   fi
 
-  # load balance delay
-  DELAY=$((1 + ${RANDOM} % 300))
-  echo "Sleeping for ${DELAY} seconds to spread the load in time..."
-  sleep ${DELAY}
-
-  # Calculation remote file SHA256 hash
-  REMOTE_FILE=$(mktemp -p /tmp)
-  openstack object save --file ${REMOTE_FILE} $CONTAINER_NAME $FILE
-  if [[ $? -ne 0 ]]; then
-    log WARN "${DB_NAME}_backup" "Unable to save container object $FILE for SHA256 hash verification."
-    rm -rf ${REMOTE_FILE}
-    return 1
-  fi
-
   # Remote backup verification
-  SHA256_REMOTE=$(cat ${REMOTE_FILE} | sha256sum | awk '{print $1}')
-  SHA256_LOCAL=$(cat ${FILEPATH}/${FILE} | sha256sum | awk '{print $1}')
-  log INFO "${DB_NAME}_backup" "Calculated SHA256 hashes for the file $FILE in container $CONTAINER_NAME."
-  log INFO "${DB_NAME}_backup" "Local SHA256 hash is ${SHA256_LOCAL}."
-  log INFO "${DB_NAME}_backup" "Remote SHA256 hash is ${SHA256_REMOTE}."
-  if [[ "${SHA256_LOCAL}" == "${SHA256_REMOTE}" ]]; then
-      log INFO "${DB_NAME}_backup" "The local backup & remote backup SHA256 hash values are matching for file $FILE in container $CONTAINER_NAME."
+  MD5_REMOTE=$(openstack object show $CONTAINER_NAME $FILE -f json | jq -r ".etag")
+  MD5_LOCAL=$(cat ${FILEPATH}/${FILE} | md5sum | awk '{print $1}')
+  log INFO "${DB_NAME}_backup" "Obtained MD5 hash for the file $FILE in container $CONTAINER_NAME."
+  log INFO "${DB_NAME}_backup" "Local MD5 hash is ${MD5_LOCAL}."
+  log INFO "${DB_NAME}_backup" "Remote MD5 hash is ${MD5_REMOTE}."
+  if [[ "${MD5_LOCAL}" == "${MD5_REMOTE}" ]]; then
+      log INFO "${DB_NAME}_backup" "The local backup & remote backup MD5 hash values are matching for file $FILE in container $CONTAINER_NAME."
   else
-      log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup sha256 hash values"
-      return 1
+      log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values"
+      return 2
   fi
   rm -rf ${REMOTE_FILE}
 
diff --git a/charts/senlin/requirements.lock b/charts/senlin/requirements.lock
index 223e708..ba7a859 100644
--- a/charts/senlin/requirements.lock
+++ b/charts/senlin/requirements.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: helm-toolkit
   repository: file://../../openstack-helm-infra/helm-toolkit
-  version: 0.2.51
-digest: sha256:9fe05ff9103d825422e13cdd8ce9852c3dacfadc12751b7883affdbe483b1b3b
-generated: "2023-01-30T23:09:56.274500208Z"
+  version: 0.2.53
+digest: sha256:f8f4fbba6f638b79447f7e458933b07deb792ae30a14df5900bde542cf0e64a6
+generated: "2023-05-16T04:42:16.171873003Z"
diff --git a/charts/senlin/templates/configmap-etc.yaml b/charts/senlin/templates/configmap-etc.yaml
index a47a3a4..2f2a4a8 100644
--- a/charts/senlin/templates/configmap-etc.yaml
+++ b/charts/senlin/templates/configmap-etc.yaml
@@ -93,6 +93,11 @@
 {{- $formatter_fluent := dict "class" "oslo_log.formatters.FluentFormatter" -}}
 {{- $_ := set .Values.conf.logging "formatter_fluent" $formatter_fluent -}}
 {{- end -}}
+
+{{- if not .Values.conf.paste }}
+{{- $_ := set $envAll.Values.conf.senlin.senlin_api "api_paste_config" "/var/lib/openstack/etc/senlin/api-paste.ini" -}}
+{{- end }}
+
 ---
 apiVersion: v1
 kind: Secret
@@ -103,6 +108,8 @@
   rally_tests.yaml: {{ toYaml .Values.conf.rally_tests.tests | b64enc }}
   senlin.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.senlin | b64enc }}
   logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
+  {{- if .Values.conf.paste }}
   api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
+  {{- end }}
   policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
 {{- end }}
diff --git a/charts/senlin/templates/deployment-api.yaml b/charts/senlin/templates/deployment-api.yaml
index d6577ff..689c045 100644
--- a/charts/senlin/templates/deployment-api.yaml
+++ b/charts/senlin/templates/deployment-api.yaml
@@ -98,10 +98,12 @@
               subPath: {{ base .Values.conf.senlin.DEFAULT.log_config_append }}
               readOnly: true
             {{- end }}
+            {{- if .Values.conf.paste }}
             - name: senlin-etc
               mountPath: /etc/senlin/api-paste.ini
               subPath: api-paste.ini
               readOnly: true
+            {{- end }}
             - name: senlin-etc
               mountPath: /etc/senlin/policy.yaml
               subPath: policy.yaml
diff --git a/charts/senlin/values.yaml b/charts/senlin/values.yaml
index 5bd7f45..ba4ecad 100644
--- a/charts/senlin/values.yaml
+++ b/charts/senlin/values.yaml
@@ -96,33 +96,7 @@
                 image: df0c1a14-0940-4ae5-be5c-bb06aa407da2
                 networks:
                   - network: public
-  paste:
-    pipeline:senlin-api:
-      pipeline: request_id faultwrap ssl versionnegotiation webhook authtoken context trust apiv1app
-    app:apiv1app:
-      paste.app_factory: senlin.api.common.wsgi:app_factory
-      senlin.app_factory: senlin.api.openstack.v1.router:API
-    filter:request_id:
-      paste.filter_factory: oslo_middleware.request_id:RequestId.factory
-    filter:faultwrap:
-      paste.filter_factory: senlin.api.common.wsgi:filter_factory
-      senlin.filter_factory: senlin.api.middleware:fault_filter
-    filter:context:
-      paste.filter_factory: senlin.api.common.wsgi:filter_factory
-      senlin.filter_factory: senlin.api.middleware:context_filter
-    filter:ssl:
-      paste.filter_factory: oslo_middleware.ssl:SSLMiddleware.factory
-    filter:versionnegotiation:
-      paste.filter_factory: senlin.api.common.wsgi:filter_factory
-      senlin.filter_factory: senlin.api.middleware:version_filter
-    filter:trust:
-      paste.filter_factory: senlin.api.common.wsgi:filter_factory
-      senlin.filter_factory: senlin.api.middleware:trust_filter
-    filter:webhook:
-      paste.filter_factory: senlin.api.common.wsgi:filter_factory
-      senlin.filter_factory: senlin.api.middleware:webhook_filter
-    filter:authtoken:
-      paste.filter_factory: keystonemiddleware.auth_token:filter_factory
+  paste: {}
   policy: {}
   senlin:
     DEFAULT:
@@ -137,6 +111,7 @@
       auth_type: password
       auth_version: v3
       memcache_security_strategy: ENCRYPT
+      service_type: clustering
     senlin_api:
       # NOTE(portdirect): the bind port should not be defined, and is manipulated
       # via the endpoints section.
diff --git a/charts/tempest/charts/helm-toolkit/Chart.yaml b/charts/tempest/charts/helm-toolkit/Chart.yaml
index c1296b9..7d3703e 100644
--- a/charts/tempest/charts/helm-toolkit/Chart.yaml
+++ b/charts/tempest/charts/helm-toolkit/Chart.yaml
@@ -9,4 +9,4 @@
 sources:
 - https://opendev.org/openstack/openstack-helm-infra
 - https://opendev.org/openstack/openstack-helm
-version: 0.2.51
+version: 0.2.53
diff --git a/charts/tempest/charts/helm-toolkit/templates/scripts/_db-init.py.tpl b/charts/tempest/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
index 4294d40..6027b95 100644
--- a/charts/tempest/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
+++ b/charts/tempest/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
@@ -133,8 +133,10 @@
 # Create DB User
 try:
     root_engine.execute(
-        "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\' IDENTIFIED BY \'{2}\' {3}".format(
-            database, user, password, mysql_x509))
+        "CREATE USER IF NOT EXISTS \'{0}\'@\'%%\' IDENTIFIED BY \'{1}\' {2}".format(
+            user, password, mysql_x509))
+    root_engine.execute(
+        "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\'".format(database, user))
     logger.info("Created user {0} for {1}".format(user, database))
 except:
     logger.critical("Could not create user {0} for {1}".format(user, database))
diff --git a/charts/tempest/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/tempest/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
index 9597d34..3963bd4 100644
--- a/charts/tempest/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
+++ b/charts/tempest/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
@@ -214,7 +214,7 @@
   fi
 
   # load balance delay
-  DELAY=$((1 + ${RANDOM} % 300))
+  DELAY=$((1 + ${RANDOM} % 30))
   echo "Sleeping for ${DELAY} seconds to spread the load in time..."
   sleep ${DELAY}
 
@@ -231,31 +231,17 @@
     return 2
   fi
 
-  # load balance delay
-  DELAY=$((1 + ${RANDOM} % 300))
-  echo "Sleeping for ${DELAY} seconds to spread the load in time..."
-  sleep ${DELAY}
-
-  # Calculation remote file SHA256 hash
-  REMOTE_FILE=$(mktemp -p /tmp)
-  openstack object save --file ${REMOTE_FILE} $CONTAINER_NAME $FILE
-  if [[ $? -ne 0 ]]; then
-    log WARN "${DB_NAME}_backup" "Unable to save container object $FILE for SHA256 hash verification."
-    rm -rf ${REMOTE_FILE}
-    return 1
-  fi
-
   # Remote backup verification
-  SHA256_REMOTE=$(cat ${REMOTE_FILE} | sha256sum | awk '{print $1}')
-  SHA256_LOCAL=$(cat ${FILEPATH}/${FILE} | sha256sum | awk '{print $1}')
-  log INFO "${DB_NAME}_backup" "Calculated SHA256 hashes for the file $FILE in container $CONTAINER_NAME."
-  log INFO "${DB_NAME}_backup" "Local SHA256 hash is ${SHA256_LOCAL}."
-  log INFO "${DB_NAME}_backup" "Remote SHA256 hash is ${SHA256_REMOTE}."
-  if [[ "${SHA256_LOCAL}" == "${SHA256_REMOTE}" ]]; then
-      log INFO "${DB_NAME}_backup" "The local backup & remote backup SHA256 hash values are matching for file $FILE in container $CONTAINER_NAME."
+  MD5_REMOTE=$(openstack object show $CONTAINER_NAME $FILE -f json | jq -r ".etag")
+  MD5_LOCAL=$(cat ${FILEPATH}/${FILE} | md5sum | awk '{print $1}')
+  log INFO "${DB_NAME}_backup" "Obtained MD5 hash for the file $FILE in container $CONTAINER_NAME."
+  log INFO "${DB_NAME}_backup" "Local MD5 hash is ${MD5_LOCAL}."
+  log INFO "${DB_NAME}_backup" "Remote MD5 hash is ${MD5_REMOTE}."
+  if [[ "${MD5_LOCAL}" == "${MD5_REMOTE}" ]]; then
+      log INFO "${DB_NAME}_backup" "The local backup & remote backup MD5 hash values are matching for file $FILE in container $CONTAINER_NAME."
   else
-      log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup sha256 hash values"
-      return 1
+      log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values"
+      return 2
   fi
   rm -rf ${REMOTE_FILE}
 
diff --git a/charts/tempest/requirements.lock b/charts/tempest/requirements.lock
index 08e3e72..25681a8 100644
--- a/charts/tempest/requirements.lock
+++ b/charts/tempest/requirements.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: helm-toolkit
   repository: file://../../openstack-helm-infra/helm-toolkit
-  version: 0.2.51
-digest: sha256:9fe05ff9103d825422e13cdd8ce9852c3dacfadc12751b7883affdbe483b1b3b
-generated: "2023-01-30T23:09:57.436181816Z"
+  version: 0.2.53
+digest: sha256:f8f4fbba6f638b79447f7e458933b07deb792ae30a14df5900bde542cf0e64a6
+generated: "2023-05-16T04:42:19.780482669Z"
diff --git a/hack/sync-charts.sh b/hack/sync-charts.sh
index 527486c..66cb58d 100755
--- a/hack/sync-charts.sh
+++ b/hack/sync-charts.sh
@@ -82,30 +82,38 @@
 curl -sL https://tarballs.opendev.org/openstack/openstack-helm/keystone-${KEYSTONE_VERSION}.tgz \
   | tar -xz -C ${ATMOSPHERE}/charts
 
-BARBICAN_VERSION=0.3.0
+BARBICAN_VERSION=0.3.2
 curl -sL https://tarballs.opendev.org/openstack/openstack-helm/barbican-${BARBICAN_VERSION}.tgz \
   | tar -xz -C ${ATMOSPHERE}/charts
+curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~883168/revisions/8/patch?download' \
+  | base64 --decode \
+  | filterdiff -p1 -x 'releasenotes/*' \
+  | filterdiff -p2 -x 'Chart.yaml' \
+  | filterdiff -p1 -i 'barbican/*' \
+  | patch -p2 -d ${ATMOSPHERE}/charts/barbican
 
 CEPH_PROVISIONERS_VERSION=0.1.8
 curl -sL https://tarballs.opendev.org/openstack/openstack-helm-infra/ceph-provisioners-${CEPH_PROVISIONERS_VERSION}.tgz \
   | tar -xz -C ${ATMOSPHERE}/charts
 
-GLANCE_VERSION=0.4.1
+GLANCE_VERSION=0.4.6
 curl -sL https://tarballs.opendev.org/openstack/openstack-helm/glance-${GLANCE_VERSION}.tgz \
   | tar -xz -C ${ATMOSPHERE}/charts
+curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~883168/revisions/8/patch?download' \
+  | base64 --decode \
+  | filterdiff -p1 -x 'releasenotes/*' \
+  | filterdiff -p2 -x 'Chart.yaml' \
+  | filterdiff -p1 -i 'glance/*' \
+  | patch -p2 -d ${ATMOSPHERE}/charts/glance
 
-CINDER_VERSION=0.3.4
+CINDER_VERSION=0.3.10
 curl -sL https://tarballs.opendev.org/openstack/openstack-helm/cinder-${CINDER_VERSION}.tgz \
   | tar -xz -C ${ATMOSPHERE}/charts
-curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~874933/revisions/4/patch?download' \
+curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~883168/revisions/8/patch?download' \
   | base64 --decode \
   | filterdiff -p1 -x 'releasenotes/*' \
   | filterdiff -p2 -x 'Chart.yaml' \
-  | patch -p2 -d ${ATMOSPHERE}/charts/cinder
-curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~874952/revisions/3/patch?download' \
-  | base64 --decode \
-  | filterdiff -p1 -x 'releasenotes/*' \
-  | filterdiff -p2 -x 'Chart.yaml' \
+  | filterdiff -p1 -i 'cinder/*' \
   | patch -p2 -d ${ATMOSPHERE}/charts/cinder
 
 PLACEMENT_VERSION=0.3.2
@@ -122,69 +130,80 @@
 
 LOCAL_PATH_PROVISIONER_VERSION=0.0.24
 curl -sL https://github.com/rancher/local-path-provisioner/archive/refs/tags/v${LOCAL_PATH_PROVISIONER_VERSION}.tar.gz \
-  | tar -xz -C charts --strip-components=3 ${ATMOSPHERE}/local-path-provisioner-${LOCAL_PATH_PROVISIONER_VERSION}/deploy/chart/
+  | tar -xz -C ${ATMOSPHERE}/charts --strip-components=3 local-path-provisioner-${LOCAL_PATH_PROVISIONER_VERSION}/deploy/chart/
 
-NEUTRON_VERSION=0.3.2
+NEUTRON_VERSION=0.3.8
 curl -sL https://tarballs.opendev.org/openstack/openstack-helm/neutron-${NEUTRON_VERSION}.tgz \
   | tar -xz -C ${ATMOSPHERE}/charts
-curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~872436/revisions/1/patch?download' \
+curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~872436/revisions/2/patch?download' \
   | base64 --decode \
   | filterdiff -p1 -x 'releasenotes/*' \
   | filterdiff -p2 -x 'Chart.yaml' \
   | patch -p2 -d ${ATMOSPHERE}/charts/neutron
+curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~883168/revisions/8/patch?download' \
+  | base64 --decode \
+  | filterdiff -p1 -x 'releasenotes/*' \
+  | filterdiff -p2 -x 'Chart.yaml' \
+  | filterdiff -p1 -i 'neutron/*' \
+  | patch -p2 -d ${ATMOSPHERE}/charts/neutron
 
-NOVA_VERISON=0.3.1
+NOVA_VERISON=0.3.10
 curl -sL https://tarballs.opendev.org/openstack/openstack-helm/nova-${NOVA_VERISON}.tgz \
   | tar -xz -C ${ATMOSPHERE}/charts
-curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~873446/revisions/1/patch?download' \
+curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~883168/revisions/8/patch?download' \
   | base64 --decode \
   | filterdiff -p1 -x 'releasenotes/*' \
   | filterdiff -p2 -x 'Chart.yaml' \
-  | patch -p2 -d ${ATMOSPHERE}/charts/nova
-curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~878555/revisions/1/patch?download' \
-  | base64 --decode \
-  | filterdiff -p1 -x 'releasenotes/*' \
-  | filterdiff -p2 -x 'Chart.yaml' \
-  | patch -p2 -d ${ATMOSPHERE}/charts/nova
-curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~879066/revisions/2/patch?download' \
-  | base64 --decode \
-  | filterdiff -p1 -x 'releasenotes/*' \
-  | filterdiff -p2 -x 'Chart.yaml' \
+  | filterdiff -p1 -i 'nova/*' \
   | patch -p2 -d ${ATMOSPHERE}/charts/nova
 
-SENLIN_VERSION=0.2.8
+SENLIN_VERSION=0.2.9
 curl -sL https://tarballs.opendev.org/openstack/openstack-helm/senlin-${SENLIN_VERSION}.tgz \
   | tar -xz -C ${ATMOSPHERE}/charts
+curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~883168/revisions/8/patch?download' \
+  | base64 --decode \
+  | filterdiff -p1 -x 'releasenotes/*' \
+  | filterdiff -p2 -x 'Chart.yaml' \
+  | filterdiff -p1 -i 'senlin/*' \
+  | patch -p2 -d ${ATMOSPHERE}/charts/senlin
 
-DESIGNATE_VERSION=0.2.8
+DESIGNATE_VERSION=0.2.9
 curl -sL https://tarballs.opendev.org/openstack/openstack-helm/designate-${DESIGNATE_VERSION}.tgz \
   | tar -xz -C ${ATMOSPHERE}/charts
+curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~883168/revisions/8/patch?download' \
+  | base64 --decode \
+  | filterdiff -p1 -x 'releasenotes/*' \
+  | filterdiff -p2 -x 'Chart.yaml' \
+  | filterdiff -p1 -i 'designate/*' \
+  | patch -p2 -d ${ATMOSPHERE}/charts/designate
 
-HEAT_VERSION=0.3.1
+HEAT_VERSION=0.3.3
 curl -sL https://tarballs.opendev.org/openstack/openstack-helm/heat-${HEAT_VERSION}.tgz \
   | tar -xz -C ${ATMOSPHERE}/charts
+curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~883168/revisions/8/patch?download' \
+  | base64 --decode \
+  | filterdiff -p1 -x 'releasenotes/*' \
+  | filterdiff -p2 -x 'Chart.yaml' \
+  | filterdiff -p1 -i 'heat/*' \
+  | patch -p2 -d ${ATMOSPHERE}/charts/heat
 
 OCTAVIA_VERSION=0.2.7
 curl -sL https://tarballs.opendev.org/openstack/openstack-helm/octavia-${OCTAVIA_VERSION}.tgz \
   | tar -xz -C ${ATMOSPHERE}/charts
 
-MAGNUM_VERSION=0.2.8
+MAGNUM_VERSION=0.2.9
 curl -sL https://tarballs.opendev.org/openstack/openstack-helm/magnum-${MAGNUM_VERSION}.tgz \
   | tar -xz -C ${ATMOSPHERE}/charts
+curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~883168/revisions/8/patch?download' \
+  | base64 --decode \
+  | filterdiff -p1 -x 'releasenotes/*' \
+  | filterdiff -p2 -x 'Chart.yaml' \
+  | filterdiff -p1 -i 'magnum/*' \
+  | patch -p2 -d ${ATMOSPHERE}/charts/magnum
 
-HORIZON_VERSION=0.3.5
+HORIZON_VERSION=0.3.8
 curl -sL https://tarballs.opendev.org/openstack/openstack-helm/horizon-${HORIZON_VERSION}.tgz \
   | tar -xz -C ${ATMOSPHERE}/charts
-curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~874354/revisions/4/patch?download' \
-  | base64 --decode \
-  | filterdiff -p1 -x 'releasenotes/*' \
-  | filterdiff -p2 -x 'Chart.yaml' \
-  | patch -p2 -d ${ATMOSPHERE}/charts/horizon
-curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~878529/revisions/1/patch?download' \
-  | base64 --decode \
-  | filterdiff -p1 -x 'releasenotes/*' \
-  | filterdiff -p2 -x 'Chart.yaml' \
-  | patch -p2 -d ${ATMOSPHERE}/charts/horizon
 
 TEMPEST_VERSION=0.2.7
 curl -sL https://tarballs.opendev.org/openstack/openstack-helm/tempest-${TEMPEST_VERSION}.tgz \
@@ -198,6 +217,12 @@
 curl -sL https://charts.rook.io/release/rook-ceph-cluster-v${ROOK_CEPH_CLUSTER_VERSION}.tgz \
   | tar -xz -C ${ATMOSPHERE}/charts
 
-MANILA_VERSION=0.1.0
+MANILA_VERSION=0.1.1
 curl -sL https://tarballs.opendev.org/openstack/openstack-helm/manila-${MANILA_VERSION}.tgz \
   | tar -xz -C ${ATMOSPHERE}/charts
+curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~883168/revisions/8/patch?download' \
+  | base64 --decode \
+  | filterdiff -p1 -x 'releasenotes/*' \
+  | filterdiff -p2 -x 'Chart.yaml' \
+  | filterdiff -p1 -i 'manila/*' \
+  | patch -p2 -d ${ATMOSPHERE}/charts/manila
diff --git a/roles/cinder/vars/main.yml b/roles/cinder/vars/main.yml
index 28bf6e2..707728f 100644
--- a/roles/cinder/vars/main.yml
+++ b/roles/cinder/vars/main.yml
@@ -21,12 +21,6 @@
       api: 3
       scheduler: 3
   conf:
-    paste:
-      composite:openstack_volume_api_v3:
-        use: call:cinder.api.middleware.auth:pipeline_factory
-        noauth: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv3
-        keystone: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv3
-        keystone_nolimit: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv3
     cinder:
       DEFAULT:
         allowed_direct_url_schemes: cinder
diff --git a/roles/defaults/defaults/main.yml b/roles/defaults/defaults/main.yml
index 4dcf75f..cdd6cc0 100644
--- a/roles/defaults/defaults/main.yml
+++ b/roles/defaults/defaults/main.yml
@@ -125,6 +125,7 @@
   neutron_metadata: quay.io/vexxhost/neutron@sha256:1f7e7d9d3db9100b55243b33bd215aebec89939b8249411153fc4035db62ba93 # image-source: quay.io/vexxhost/neutron:zed
   neutron_netns_cleanup_cron: quay.io/vexxhost/neutron@sha256:1f7e7d9d3db9100b55243b33bd215aebec89939b8249411153fc4035db62ba93 # image-source: quay.io/vexxhost/neutron:zed
   neutron_openvswitch_agent: quay.io/vexxhost/neutron@sha256:1f7e7d9d3db9100b55243b33bd215aebec89939b8249411153fc4035db62ba93 # image-source: quay.io/vexxhost/neutron:zed
+  neutron_ovn_metadata: quay.io/vexxhost/neutron@sha256:1f7e7d9d3db9100b55243b33bd215aebec89939b8249411153fc4035db62ba93 # image-source: quay.io/vexxhost/neutron:zed
   neutron_server: quay.io/vexxhost/neutron@sha256:1f7e7d9d3db9100b55243b33bd215aebec89939b8249411153fc4035db62ba93 # image-source: quay.io/vexxhost/neutron:zed
   neutron_sriov_agent_init: quay.io/vexxhost/neutron@sha256:1f7e7d9d3db9100b55243b33bd215aebec89939b8249411153fc4035db62ba93 # image-source: quay.io/vexxhost/neutron:zed
   neutron_sriov_agent: quay.io/vexxhost/neutron@sha256:1f7e7d9d3db9100b55243b33bd215aebec89939b8249411153fc4035db62ba93 # image-source: quay.io/vexxhost/neutron:zed
diff --git a/roles/neutron/vars/main.yml b/roles/neutron/vars/main.yml
index 5dfaca0..a4cd93f 100644
--- a/roles/neutron/vars/main.yml
+++ b/roles/neutron/vars/main.yml
@@ -20,9 +20,6 @@
     replicas:
       server: 3
   conf:
-    paste:
-      composite:neutronapi_v2_0:
-        keystone: cors http_proxy_to_wsgi request_id catch_errors authtoken keystonecontext extensions neutronapiapp_v2_0
     neutron:
       DEFAULT:
         api_workers: 8
diff --git a/roles/nova/vars/main.yml b/roles/nova/vars/main.yml
index 02ea38d..5df4e0a 100644
--- a/roles/nova/vars/main.yml
+++ b/roles/nova/vars/main.yml
@@ -41,11 +41,6 @@
   conf:
     ceph:
       enabled: "{{ atmosphere_ceph_enabled | default(true) | bool }}"
-    paste:
-      composite:openstack_compute_api_v21:
-        keystone: cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v21
-      composite:openstack_compute_api_v21_legacy_v2_compatible:
-        keystone: cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit authtoken keystonecontext legacy_v2_compatible osapi_compute_app_v21
     nova:
       DEFAULT:
         allow_resize_to_same_host: true