feat: Add manila role
diff --git a/docs/developer/services.md b/docs/developer/services.md
index 38c051c..c697ea2 100644
--- a/docs/developer/services.md
+++ b/docs/developer/services.md
@@ -28,6 +28,7 @@
 - [Horizon](https://docs.openstack.org/horizon/latest/)
 - [Octavia](https://docs.openstack.org/octavia/latest/)
 - [Designate](https://docs.openstack.org/designate/latest/)
+- [Manila](https://docs.openstack.org/manila/latest/)
 
 ### Planned Supported Services
 
@@ -37,7 +38,6 @@
 
 - [Magnum](https://docs.openstack.org/magnum/latest/)
 - [Swift](https://docs.openstack.org/swift/latest/) via RADOS Gateway
-- [Manila](https://docs.openstack.org/manila/latest/)
 - [Ironic](https://docs.openstack.org/ironic/latest/)
 - [Masakari](https://docs.openstack.org/masakari/latest/)
 - [Trove](https://docs.openstack.org/trove/latest/)
diff --git a/hack/sync-charts.sh b/hack/sync-charts.sh
index 3de4c34..87400e1 100755
--- a/hack/sync-charts.sh
+++ b/hack/sync-charts.sh
@@ -188,3 +188,7 @@
 ROOK_CEPH_CLUSTER_VERSION=1.10.10
 curl -sL https://charts.rook.io/release/rook-ceph-cluster-v${ROOK_CEPH_CLUSTER_VERSION}.tgz \
   | tar -xz -C ${ATMOSPHERE}/charts
+
+MANILA_VERSION=0.1.0
+curl -sL https://tarballs.opendev.org/openstack/openstack-helm/manila-${MANILA_VERSION}.tgz \
+  | tar -xz -C ${ATMOSPHERE}/charts
diff --git a/playbooks/generate_workspace.yml b/playbooks/generate_workspace.yml
index 8b97fd7..29d3d8d 100644
--- a/playbooks/generate_workspace.yml
+++ b/playbooks/generate_workspace.yml
@@ -227,6 +227,7 @@
           openstack_helm_endpoints_magnum_api_host: "container-infra.{{ domain_name }}"
           openstack_helm_endpoints_magnum_registry_host: "container-infra-registry.{{ domain_name }}"
           openstack_helm_endpoints_rgw_host: "object-store.{{ domain_name }}"
+          openstack_helm_endpoints_manila_api_host: "share.{{ domain_name }}"
 
     - name: Write new endpoints file to disk
       ansible.builtin.copy:
diff --git a/playbooks/migrate_from_osa.yml b/playbooks/migrate_from_osa.yml
index 4a718ca..dfef92d 100644
--- a/playbooks/migrate_from_osa.yml
+++ b/playbooks/migrate_from_osa.yml
@@ -103,6 +103,13 @@
       tags:
         - magnum
 
+    - name: Migrate Manila
+      ansible.builtin.import_role:
+        name: manila
+        tasks_from: migrate_from_osa
+      tags:
+        - manila
+
     - name: Migrate Horizon
       ansible.builtin.import_role:
         name: horizon
diff --git a/playbooks/openstack.yml b/playbooks/openstack.yml
index e53f4f6..cfa1ba4 100644
--- a/playbooks/openstack.yml
+++ b/playbooks/openstack.yml
@@ -161,6 +161,10 @@
       tags:
         - magnum
 
+    - role: manila
+      tags:
+        - manila
+
     - role: horizon
       tags:
         - horizon
diff --git a/roles/defaults/defaults/main.yml b/roles/defaults/defaults/main.yml
index ea7efb3..7cb2ce3 100644
--- a/roles/defaults/defaults/main.yml
+++ b/roles/defaults/defaults/main.yml
@@ -167,3 +167,7 @@
   skopeo: quay.io/skopeo/stable:latest
   tempest_run_tests: us-docker.pkg.dev/vexxhost-infra/openstack/tempest:30.1.0-4
   vector: docker.io/timberio/vector:0.27.0-debian
+  manila_db_sync: quay.io/vexxhost/manila:zed
+  manila_api: quay.io/vexxhost/manila:zed
+  manila_scheduler: quay.io/vexxhost/manila:zed
+  manila_share: quay.io/vexxhost/manila:zed
diff --git a/roles/manila/README.md b/roles/manila/README.md
new file mode 100644
index 0000000..887f77f
--- /dev/null
+++ b/roles/manila/README.md
@@ -0,0 +1 @@
+# `manila`
diff --git a/roles/manila/defaults/main.yml b/roles/manila/defaults/main.yml
new file mode 100644
index 0000000..d1dee4d
--- /dev/null
+++ b/roles/manila/defaults/main.yml
@@ -0,0 +1,23 @@
+# Copyright (c) 2023 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+manila_helm_release_name: manila
+manila_helm_chart_path: "../../charts/manila/"
+manila_helm_chart_ref: /usr/local/src/manila
+
+manila_helm_release_namespace: openstack
+manila_helm_values: {}
+
+# List of annotations to apply to the Ingress
+manila_ingress_annotations: {}
diff --git a/roles/manila/meta/main.yml b/roles/manila/meta/main.yml
new file mode 100644
index 0000000..dfa384e
--- /dev/null
+++ b/roles/manila/meta/main.yml
@@ -0,0 +1,34 @@
+# Copyright (c) 2022 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+galaxy_info:
+  author: VEXXHOST, Inc.
+  description: Ansible role for OpenStack Manila
+  license: Apache-2.0
+  min_ansible_version: 5.5.0
+  standalone: false
+  platforms:
+    - name: Ubuntu
+      versions:
+        - focal
+
+dependencies:
+  - role: defaults
+  - role: openstack_helm_endpoints
+    vars:
+      openstack_helm_endpoints_chart: manila
+  - role: vexxhost.kubernetes.upload_helm_chart
+    vars:
+      upload_helm_chart_src: "{{ manila_helm_chart_path }}"
+      upload_helm_chart_dest: "{{ manila_helm_chart_ref }}"
diff --git a/roles/manila/tasks/main.yml b/roles/manila/tasks/main.yml
new file mode 100644
index 0000000..d6dad1c
--- /dev/null
+++ b/roles/manila/tasks/main.yml
@@ -0,0 +1,32 @@
+# Copyright (c) 2022 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Deploy Helm chart
+  run_once: true
+  kubernetes.core.helm:
+    name: "{{ manila_helm_release_name }}"
+    chart_ref: "{{ manila_helm_chart_ref }}"
+    release_namespace: "{{ manila_helm_release_namespace }}"
+    create_namespace: true
+    kubeconfig: /etc/kubernetes/admin.conf
+    values: "{{ _manila_helm_values | combine(manila_helm_values, recursive=True) }}"
+
+- name: Create Ingress
+  ansible.builtin.include_role:
+    name: openstack_helm_ingress
+  vars:
+    openstack_helm_ingress_endpoint: sharev2
+    openstack_helm_ingress_service_name: manila-api
+    openstack_helm_ingress_service_port: 8786
+    openstack_helm_ingress_annotations: "{{ manila_ingress_annotations }}"
diff --git a/roles/manila/tasks/migrate_from_osa.yml b/roles/manila/tasks/migrate_from_osa.yml
new file mode 100644
index 0000000..1ff0aea
--- /dev/null
+++ b/roles/manila/tasks/migrate_from_osa.yml
@@ -0,0 +1,46 @@
+# Copyright (c) 2023 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Generate configuration difference
+  ansible.builtin.include_role:
+    name: osa_config_diff
+  vars:
+    osa_config_diff_containers_group: manila_all
+    osa_config_diff_chart_ref: "{{ manila_helm_chart_ref }}"
+    osa_config_diff_release_namespace: "{{ manila_helm_release_namespace }}"
+    osa_config_diff_release_values: "{{ _manila_helm_values | combine(manila_helm_values, recursive=True) }}"
+    osa_config_diff_config_files:
+      manila.conf: /etc/manila/manila.conf
+
+- name: Migrate the database
+  ansible.builtin.include_role:
+    name: migrate_db_from_osa
+  vars:
+    migrate_db_from_osa_pxc_namespace: "{{ manila_helm_release_namespace }}"
+    migrate_db_from_osa_containers_group: manila_all
+    migrate_db_from_osa_databases:
+      manila: manila
+
+- name: Run deployment flow
+  ansible.builtin.import_tasks:
+    file: main.yml
+
+- name: Migrate HAproxy
+  ansible.builtin.include_role:
+    name: migrate_haproxy_from_osa
+  vars:
+    migrate_haproxy_from_osa_group: manila_all
+    migrate_haproxy_from_osa_service_namespace: "{{ manila_helm_release_namespace }}"
+    migrate_haproxy_from_osa_service_name: manila-api
+    migrate_haproxy_from_osa_haproxy_backend: manila
diff --git a/roles/manila/vars/main.yml b/roles/manila/vars/main.yml
new file mode 100644
index 0000000..812b366
--- /dev/null
+++ b/roles/manila/vars/main.yml
@@ -0,0 +1,46 @@
+# Copyright (c) 2022 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+_manila_helm_values:
+  endpoints: "{{ openstack_helm_endpoints }}"
+  images:
+    tags: "{{ atmosphere_images | vexxhost.atmosphere.openstack_helm_image_tags('manila') }}"
+  pod:
+    replicas:
+      api: 3
+      scheduler: 3
+      share: 3
+  conf:
+    manila:
+      DEFAULT:
+        log_config_append: null
+      oslo_messaging_notifications:
+        driver: noop
+      simple_crypto_plugin:
+        kek: "{{ manila_kek }}"
+    simple_crypto_kek_rewrap:
+      old_kek: "{{ manila_kek }}"
+
+  dependencies:
+    static:
+      share:
+        pod:
+          - requireSameNode: true
+            labels:
+              application: openvswitch
+              component: server
+
+  manifests:
+    ingress_api: false
+    service_ingress_api: false
diff --git a/roles/openstack_helm_endpoints/defaults/main.yml b/roles/openstack_helm_endpoints/defaults/main.yml
index a0740ab..61399c2 100644
--- a/roles/openstack_helm_endpoints/defaults/main.yml
+++ b/roles/openstack_helm_endpoints/defaults/main.yml
@@ -497,3 +497,27 @@
 openstack_helm_endpoints_rgw_keystone_password: "{{ undef(hint='You must specify an Rados Gateway Keystone password') }}"
 
                                                                    # ]]]
+# .. envvar:: openstack_helm_endpoints_manila_api_host [[[
+#
+# API hostname for OpenStack Manila Service
+openstack_helm_endpoints_manila_api_host: "{{ undef(hint='You must specify a Manila API hostname') }}"
+
+                                                                   # ]]]
+# .. envvar:: openstack_helm_endpoints_manila_region_name [[[
+#
+# Region name for service
+openstack_helm_endpoints_manila_region_name: "{{ openstack_helm_endpoints_region_name }}"
+
+                                                                   # ]]]
+# .. envvar:: openstack_helm_endpoints_manila_keystone_password [[[
+#
+# Keystone password for service
+openstack_helm_endpoints_manila_keystone_password: "{{ undef(hint='You must specify a Manila Keystone password') }}"
+
+                                                                   # ]]]
+# .. envvar:: openstack_helm_endpoints_manila_mariadb_password [[[
+#
+# Database password for service
+openstack_helm_endpoints_manila_mariadb_password: "{{ undef(hint='You must specify a Manila MariaDB password') }}"
+
+                                                                   # ]]]
diff --git a/roles/openstack_helm_endpoints/vars/main.yml b/roles/openstack_helm_endpoints/vars/main.yml
index a0fa547..7775b6e 100644
--- a/roles/openstack_helm_endpoints/vars/main.yml
+++ b/roles/openstack_helm_endpoints/vars/main.yml
@@ -30,6 +30,8 @@
   - prometheus_rabbitmq_exporter
   - volume
   - volumev2
+  - sharev1
+  - share
 
 _openstack_helm_endpoints_oslo_db:
   oslo_db:
@@ -509,3 +511,24 @@
     port:
       api:
         public: 443
+
+_openstack_helm_endpoints_sharev2:
+  identity:
+    auth:
+      manila:
+        region_name: "{{ openstack_helm_endpoints_manila_region_name }}"
+        username: "manila-{{ openstack_helm_endpoints_manila_region_name }}"
+        password: "{{ openstack_helm_endpoints_manila_keystone_password }}"
+  oslo_db:
+    auth:
+      manila:
+        password: "{{ openstack_helm_endpoints_manila_mariadb_password }}"
+  sharev2:
+    scheme:
+      public: https
+    host_fqdn_override:
+      public:
+        host: "{{ openstack_helm_endpoints_manila_api_host }}"
+    port:
+      api:
+        public: 443