[release-announce] kayobe 6.0.0 (stein)
no-reply at openstack.org
no-reply at openstack.org
Fri Aug 30 14:07:31 UTC 2019
We are delighted to announce the release of:
kayobe 6.0.0: Deployment of OpenStack to bare metal using OpenStack
kolla and bifrost
This release is part of the stein stable release series.
The source is available from:
https://opendev.org/openstack/kayobe
Download the package from:
https://tarballs.openstack.org/kayobe/
For more details, please see below.
6.0.0
^^^^^
New Features
************
* Adds support for custom Blazar configuration.
* Adds support for custom Ceilometer configuration.
* Adds support for custom CloudKitty configuration.
* Adds support for custom Gnocchi configuration.
* Adds support for overriding configuration globally for all
OpenStack services by generating a "global.conf" file for use by
Kolla Ansible. See story 2005904 for details.
* Adds support for customising the refactored HAProxy configuration
introduced in Kolla Ansible in the Stein release, using
"$KAYOBE_CONFIG_PATH/kolla/config/haproxy-config/".
* Adds support for custom Keepalived configuration.
* Adds support for configuration of Arista switches running EOS 4.15
or later. This is integrated with the *kayobe physical network
configure* command.
* Adds commands to make use of the database backup and recovery
features in Kolla Ansible.
"kayobe overcloud database backup [--incremental]" can be used to
take a full or incremental backup of the database using Xtrabackup.
"kayobe overcloud database recover [--force-recovery-host <host>]"
can be used to recover a database cluster that has lost Quorum.
* Adds support for arbitrary Docker storage drivers, configured via
"docker_storage_driver". Previously only "devicemapper" and
"overlay" were supported.
* Adds support for skipping configuration of a network, by setting
its name to "None". This is done in "networks.yml" as follows:
admin_oc_net_name:
* Adds support for custom configuration of "keystone.conf".
* Adds support for configuring software RAID arrays using "mdadm".
Software RAID configuration is applied before LVM configuration,
which allows creating LVM volumes on top of software RAID arrays.
See story 2005017 for details.
* Adds two new variables, "openstack_release" and
"openstack_branch", in "${KAYOBE_CONFIG_PATH}/openstack.yml" for
setting the current OpenStack release and branch in a single place.
* Add command to update packages on the seed hypervisor host, as
already available for seed and overcloud hosts:
"kayobe seed hypervisor host package update --packages <packages>"
* Add support for separate storage networks for both Ceph and Swift.
This adds four additional networks, which can be used to separate
the storage network traffic as follows:
* Ceph storage network (ceph_storage_net_name) is used to carry
Ceph storage data traffic. Defaults to the storage network
(storage_net_name).
* Ceph storage management network (ceph_storage_mgmt_net_name) is
used to carry storage management traffic. Defaults to the storage
management network (storage_mgmt_net_name).
* Swift storage network (swift_storage_net_name) is used to carry
Swift storage data traffic. Defaults to the storage network
(storage_net_name).
* Swift storage replication network
(swift_storage_replication_net_name) is used to carry storage
management traffic. Defaults to the storage management network
(storage_mgmt_net_name).
* Adds a new configuration variable, "pip_upper_constraints_file",
which is used to configure the file or URL containing the python
upper version contraints. Its default value is
"https://releases.openstack.org/constraints/upper/{{
openstack_branch }}".
* Improvements to Swift device management and ring generation.
The device management and ring generation are now separate, with
device management occurring during 'kayobe overcloud host
configure', and ring generation during a new command, 'kayobe
overcloud swift rings generate'.
For the device management, we now use standard Ansible modules
rather than commands for device preparation. File system labels can
be configured for each device individually.
For ring generation, all commands are run on a single host, by
default a host in the Swift storage group. A python script runs in
one of the kolla Swift containers, which consumes an autogenerated
YAML config file that defines the layout of the rings.
Upgrade Notes
*************
* Updates the minimum supported version of Ansible from 2.4 to 2.5,
and the maximum supported version from 2.6 to 2.7. This is true for
both Kayobe and Kolla Ansible.
* Removes the "inspector_manage_firewall" variable. This is
supported in Kolla Ansible via the "ironic_inspector_pxe_filter"
variable, which can be added to
"${KAYOBE_CONFIG_PATH}/kolla/globals.yml". The default value for
that variable changed in the Stein release from 'iptables' to
'dnsmasq', since the iptables filter does not work with Docker CE.
* Controllers are no longer connected to the storage management
network by default, since generally only storage nodes need access
to this network. If needed, the existing configuration can be
retained by adding the storage management network to the
"controller_extra_network_interfaces" list.
* The default value of "kolla_upper_constraints_file" has been
changed to "{{ pip_upper_constraints_file }}".
Security Issues
***************
* Fixes an issue when generating the "passwords.yml" file for Kolla
Ansible where if the contents of the file have not changed, a plain
text copy of the file would be left in /tmp on the Ansible control
host.
The temporary files are typically named /tmp/tmpXXXXXX, and are
owned by the user that runs kayobe, with permissions 664 (rw-
rw-r--).
It is recommended to check any systems on which Kayobe has been run
for copies of the passwords file in /tmp. A simple check for this is
*grep -rn database_password /tmp*.
Bug Fixes
*********
* Fixes an issue where the "admin-openrc.sh" and "public-openrc.sh"
files would not be generated when preparing a new control host
environment for an existing cloud. These files are now generated
during "kayobe control host bootstrap" if the Kolla Ansible
"passwords.yml" file exists in the Kayobe configuration. See story
2001667 for details.
* Fixes an issue where multiple NTP daemons could be running on the
overcloud hosts, due to Kolla Ansible deploying a chrony container
by default starting with the Rocky release.
Kayobe now overrides this default, to ensure that chrony does not
conflict with the NTP daemon deployed on the host. To use the
containerised chrony daemon instead, set "kolla_enable_chrony" to
"true" in "${KAYOBE_CONFIG_PATH}/kolla.yml". This will also disable
the host NTP daemon.
To ensure that chrony is not running, Kayobe removes the chrony
container if "kolla_enable_chrony" is "false" in the following
commands:
* "kayobe overcloud service deploy"
* "kayobe overcloud service reconfigure"
* "kayobe overcloud service upgrade"
The play in Kayobe is tagged with "stop-chrony".
See story 2005272 for details.
* Fixes an issue with hardware inspection of bare metal compute
nodes configured to use UEFI. See story 2006214 for details.
* Modifies provisioning and cleaning networks in multi-tenant ironic
environments to be non-shared. Flat networks remain shared. To apply
the change to an existing environment, run *kayobe overcloud post
configure*. See story 2006409 for details.
* Fixes an issue when generating the "passwords.yml" file for Kolla
Ansible where if the contents of the file have not changed, a plain
text copy of the file would be left in /tmp on the Ansible control
host.
The temporary files are typically named /tmp/tmpXXXXXX, and are
owned by the user that runs kayobe, with permissions 664 (rw-
rw-r--).
It is recommended to check any systems on which Kayobe has been run
for copies of the passwords file in /tmp. A simple check for this is
*grep -rn database_password /tmp*.
* Stops allocating network and broadcast addresses to hosts when an
allocation pool is not defined.
* Uses BatchMode to check whether a host is accessible via SSH. This
prevents Kayobe from hanging on a password prompt when password
authentication is enabled on the host and the Kayobe Ansible user is
not yet configured.
* Fixes an issue with virtual environments on remote hosts, which
may over the course of time become stale and incompatible with
Kayobe or other software. This was fixed by installing the latest
version of packages allowed by OpenStack upper constraints. See
story 2005923 for details.
Changes in kayobe 6.0.0.0rc1..6.0.0
-----------------------------------
d3a6c24 Set provisioning and cleaning networks as non-shared
0da672a Add support for Arista switches
75ba445 Update packages in virtualenvs
1d7b72d Fix inspector iPXE boot with UEFI compute nodes
5f0146b Update .gitreview for stable/stein
Diffstat (except docs and test files)
-------------------------------------
.gitreview | 1 +
ansible/baremetal-compute-inspect.yml | 2 +
ansible/baremetal-compute-manage.yml | 2 +
ansible/baremetal-compute-provide.yml | 2 +
ansible/baremetal-compute-rename.yml | 2 +
ansible/baremetal-compute-serial-console.yml | 2 +
ansible/docker.yml | 2 +-
ansible/external-net.yml | 2 +
ansible/group_vars/all/kolla | 2 +-
ansible/group_vars/all/pip | 3 +
ansible/group_vars/all/switches/arista | 22 ++++++
ansible/kolla-ansible.yml | 1 +
ansible/kolla-openstack.yml | 1 -
ansible/overcloud-docker-sdk-upgrade.yml | 2 +-
ansible/overcloud-grafana-configure.yml | 2 +
...ud-introspection-rules-dell-lldp-workaround.yml | 2 +
ansible/overcloud-introspection-rules.yml | 4 ++
ansible/overcloud-ipa-build.yml | 2 +
ansible/overcloud-ipa-images.yml | 2 +
ansible/physical-network.yml | 13 ++++
ansible/provision-net.yml | 73 +++++++++++++++++--
ansible/roles/arista-switch/README.md | 81 ++++++++++++++++++++++
ansible/roles/arista-switch/defaults/main.yml | 11 +++
ansible/roles/arista-switch/tasks/main.yml | 6 ++
.../roles/arista-switch/templates/arista-config.j2 | 17 +++++
ansible/roles/ipa-images/defaults/main.yml | 3 +
ansible/roles/ipa-images/meta/main.yml | 2 +
ansible/roles/ipa-images/tasks/main.yml | 2 +
.../roles/ironic-inspector-rules/defaults/main.yml | 3 +
ansible/roles/ironic-inspector-rules/meta/main.yml | 1 +
.../roles/ironic-inspector-rules/tasks/main.yml | 3 +-
ansible/roles/kolla-ansible/defaults/main.yml | 3 +
.../roles/kolla-ansible/templates/globals.yml.j2 | 4 ++
ansible/roles/kolla-openstack/defaults/main.yml | 3 -
ansible/roles/kolla-openstack/tasks/config.yml | 2 -
.../kolla-openstack/templates/inspector.ipxe.j2 | 10 ---
.../kolla-openstack/templates/pxelinux.default.j2 | 7 --
ansible/roles/kolla-openstack/vars/main.yml | 2 -
ansible/seed-introspection-rules.yml | 2 +
ansible/seed-ipa-build.yml | 2 +
etc/kayobe/kolla.yml | 1 +
etc/kayobe/pip.yml | 5 ++
playbooks/kayobe-overcloud-base/overrides.yml.j2 | 2 +-
.../kayobe-overcloud-upgrade-base/overrides.yml.j2 | 2 +-
playbooks/kayobe-seed-base/overrides.yml.j2 | 2 +-
.../kayobe-seed-upgrade-base/overrides.yml.j2 | 2 +-
.../notes/arista-switch-aedc46148506c56e.yaml | 6 ++
.../fix-inspector-ipxe-uefi-86f435ebaf4eee08.yaml | 6 ++
.../non-shared-ironic-nets-06a43c9b6dea2a77.yaml | 8 +++
.../notes/stale-virtualenvs-125c513af3de9396.yaml | 18 +++++
requirements.yml | 6 +-
52 files changed, 325 insertions(+), 44 deletions(-)
More information about the Release-announce
mailing list