[release-announce] kolla-ansible 9.2.0 (train)
no-reply at openstack.org
no-reply at openstack.org
Tue Jul 14 22:10:00 UTC 2020
We are stoked to announce the release of:
kolla-ansible 9.2.0: Ansible Deployment of Kolla containers
This release is part of the train stable release series.
The source is available from:
https://opendev.org/openstack/kolla-ansible
Download the package from:
https://tarballs.openstack.org/kolla-ansible/
Please report issues through:
https://bugs.launchpad.net/kolla-ansible/+bugs
For more details, please see below.
9.2.0
^^^^^
New Features
************
* Adds ability to provide a custom elasticsearch config.
* Adds Elasticsearch Curator for managing aggregated log data.
* Kolla Ansible checks now that the local Ansible Python environment
is coherent, i.e. used Ansible can see Kolla Ansible. LP#1856346
Upgrade Notes
*************
* Avoids unnecessary fact gathering using the "setup" module. This
should improve the performance of environments using fact caching
and the Ansible "smart" fact gathering policy. See blueprint for
details.
* Adds "elasticsearch_use_v6" and "kibana_use_v6" flags which can be
set to "true" to deploy the "elasticsearch6" and "kibana6" images on
CentOS 7 or 8. These flags are "true" by default on CentOS 8, and
"false" elsewhere. The services should be upgraded from 5.x to 6.x
via "kolla-ansible upgrade elasticsearch,kibana", and this can be
used to provide an Elasticsearch 6.x cluster that is compatible
between CentOS 7 and 8.
* In the previous stable release, the octavia user was no longer
given the admin role in the admin project, and a task was added to
remove the role during upgrades. However, the octavia configuration
was not updated to use the service project, causing load balancer
creation to fail.
There is also an issue for existing deployments in simply switching
to the service project. While existing load balancers appear to
continue to work, creating new load balancers fails due to the
security group belonging to the admin project. For this reason,
Train and Stein have been reverted to use the admin project by
default, while from the Ussuri release the service project will be
used by default.
To provide flexibility, an "octavia_service_auth_project" variable
has been added. In the Train and Stein releases this is set to
"admin" by default, and from Ussuri it will be set to "service" by
default. For users of Train and Stein,
"octavia_service_auth_project" may be set to "service" in order to
avoid a breaking change during the Ussuri upgrade.
To switch an existing deployment from using the "admin" project to
the "service" project, it will at least be necessary to create the
required security group in the "service" project, and update
"octavia_amp_secgroup_list" to this group's ID. Ideally the Amphora
flavor and network would also be recreated in the "service" project,
although this does not appear to be necessary for operation, and
will impact existing Amphorae.
See bug 1873176 for details.
* Changes the default value of "kibana_elasticsearch_ssl_verify"
from "false" to "true". LP#1885110
* Apache ZooKeeper will now be automatically deployed whenever
Apache Storm is enabled.
* When deploying Monasca with Logstash 6 (the default for Centos 8),
any custom Logstash 2 configuration for Monasca will need to be
updated to work with Logstash 6. Please consult the documentation.
Bug Fixes
*********
* Fixes Kibana deployment with the new E*K stack (6+). LP#1799689
* Fixes Grafana datasource update. LP#1881890
* Removing chrony package and AppArmor profile from docker host if
containerized chrony is enabled. LP#1882513
* Escapes table names in mariadb upgrade procedure. LP#1883141
* Fixes an issue with Manila deployment starting "openvswitch" and
"neutron-openvswitch-agent" containers when
"enable_manila_backend_generic" was set to "False". LP#1884939
* Fixes the Elasticsearch Curator cron schedule run. LP#1885732
* Fixes an incorrect configuration for nova-conductor when a custom
Nova policy was applied, preventing the "nova_conductor" container
from starting successfully. LP#1886170
* Add missing "become: true" on some VMWare related tasks. Fixed on
"Copying VMware vCenter CA file" and "Copying over nsx.ini".
* fix deploy nova failed when use kolla_dev_mod.
* In line with clients for other services used by Magnum, Cinder and
Octavia also use endpoint_type = internalURL. In the same tune,
these services also use the globally defined
*openstack_region_name*.
* Fixes the default CloudKitty configuration, which included the
"gnocchi_collector" and "keystone_fetcher" options that were
deprecated in Stein and removed in Train. See bug 1876985 for
details.
* Fixes an issue with Cinder upgrades that would cause online schema
migration to fail. LP#1880753
* Fix cyborg api container failed to load api paste file. For
details please see bug 1874028.
* Fix the configuration of the etcd service so that its protocol is
independant of the value of the "internal_protocol" parameter. The
etcd service is not load balanced by HAProxy, so there is no proxy
layer to do TLS termination when "internal_protocol" is configured
to be "https".
* Fixes an issue where "fernet_token_expiry" would fail the pre-
checks despite being set to a valid value. Please see bug 1856021
(https://bugs.launchpad.net/kolla-ansible/+bug/1856021) for more
details.
* The kolla_logs Docker volume is now mounted into the Elasticsearch
container to expose logs which were previously written erroneously
to the container filesystem (bug 1859162). It is up to the user to
migrate any existing logs if they so desire and this should be done
before applying this fix.
* In the previous stable release, the octavia user was no longer
given the admin role in the admin project, and a task was added to
remove the role during upgrades. However, the octavia configuration
was not updated to use the service project, causing load balancer
creation to fail. See upgrade notes for details. LP#1873176
* Fixes an issue with RabbitMQ where tags would be removed from the
"openstack" user after deploying Nova. This prevents the user from
accessing the RabbitMQ management UI. LP#1875786
* Adds a new variable "fluentd_elasticsearch_cacert", which defaults
to the value of "openstack_cacert". If set, this will be used to set
the path of the CA certificate bundle used by Fluentd when
communicating with Elasticsearch. LP#1885109
* Improves error reporting in "kolla-genpwd" and "kolla-mergepwd"
when input files are not in the expected format. LP#1880220.
* Fixes Magnum trust operations in multi-region deployments.
* Deploys Apache ZooKeeper if Apache Storm is enabled explicitly.
ZooKeeper would only be deployed if Apache Kafka was also enabled,
which is often done implicitly by enabling Monasca.
* When deploying Elasticsearch 6 (the default for Centos 8),
Logstash 2 was deployed by default which is not compatible with
Elasticsearch 6. Logstash 6 is now deployed by default when using
Centos 8 containers.
Changes in kolla-ansible 9.1.0..9.2.0
-------------------------------------
1629f5fe0 Manage octavia health manager worker through openstack_service worker
0c1b326e3 Use kolla_logs volume for Elasticsearch
767f0ad06 Use the children group for site.yml
bd055912d Remove policy file from nova-conductor config.json template
6cbd4c520 Syntax error in Fluentd Monasca output config
8418b5ae8 Use public interface for Magnum client and trustee Keystone interface
5011b6bd1 Make ES Curator schedule multinode-friendly
f1af365da Fix the Elasticsearch Curator cron schedule run
dfd867ad1 Fix Zun configuration for TLS
953702532 Fix etcd protocol configuration
4e1225b04 Support using Logstash 6 image with Centos8
ff9a54d01 Support custom elasticsearch configuration files
358887866 Support deploying Elasticsearch Curator
74be7b86a Escape table names in mariadb upgrade procedure
2918bae99 octavia: Add documentation
aa2d2b534 Verify TLS by default for Kibana to Elasticsearch
20a1de4ee Support CA certificate for fluentd & Elasticsearch
0498b5c45 Fix Magnum trust operations in multi-region clouds
1aa4565ff Use internalURL endpoint_type for all clients used by Magnum
5699f5a32 Skip storm play when not enabled
05a384920 Change neutron-ovs-agent deploy only with manila generic backend
d8b05f4c1 Improve error reporting in password utilities
0715d0d86 Enable ZooKeeper when Storm is enabled
4009a2a17 barbican: Use python3 plugin in uwsgi config
c2de7ac4e nova-cell role clone failed
eba42fa8c Run tox in venv in case of building images
1851d8812 Make octavia service_auth project configurable
6f227c2cd Remove max count from Cinder online schema migration
9528e5944 fix deploy nova failed when use kolla_dev_mod
473775f14 CI: Install python dependencies
57f6475ee Add EL8 packages.
c677690f3 Do not ask for a SSH key password
910b405ce Fix file extension in MariaDB backup docs
fda520f82 Remove chrony package if containerized chrony is enabled
cf70176c0 Fix Grafana datasource update
db8c2dcc5 CI: Fix periodics
31fb5cc67 CI: Move NFV reqs installation to where it belongs
a8d760c4c [elasticsearch] Add migration for Kibana 6.x index
d8880dd32 [elasticsearch] Update config for 6.x
9463a7499 Add missing become to some VMWare tasks
bb9e7d0e7 CI: add missing base jobs
166eb87c3 Fix bug in deploying monasca_agent_forwarder
8cfb1d7a0 Avoid unconditional fact gathering
467e6876a CentOS 8: Support Elasticsearch & Kibana 6.x
cfc1ba2c3 Check that used Ansible can see Kolla Ansible
d76ddcbad Remove confusing docs
71acc3ef9 Make openstack_release more obvious
eccb6806c Remove post_config from the Kibana role
1959e0fcc Add First login steps back into Kibana doc
7b851bdb1 Fix cyborg api failed to load api-paste.ini file
afc5c9974 fix can not generate ovs-dpdk.conf
49b58151b Improve fernet_token_expiry precheck
c31b2505c Configure RabbitMQ user tags in nova-cell role
7f52e04b8 multipath requires udev-rules in host
7b22f394f Document and test maximum supported version of Ansible
16da9a4a9 CI: Discern between Ironic client and grep failure
653c7ba09 Ignore .vscode/ in Git
9e5afdc17 dpdk-vswitchd: some ovs tools require ovs daemons pidfiles
360330adc Add release note for CloudKitty configuration fixes
a673a069c Make nova perms consistent between applications
3efd5d6e1 Update Advanced Config guide to clarify paths
812eeb30c Update section names in cloudkitty config
Diffstat (except docs and test files)
-------------------------------------
.gitignore | 3 +
ansible/gather-facts.yml | 12 +-
ansible/group_vars/all.yml | 10 +-
ansible/inventory/all-in-one | 4 +
ansible/inventory/multinode | 4 +
.../roles/barbican/templates/barbican-api.ini.j2 | 2 +-
ansible/roles/baremetal/defaults/main.yml | 3 +
ansible/roles/baremetal/tasks/post-install.yml | 16 ++
ansible/roles/ceilometer/tasks/config.yml | 1 +
ansible/roles/cinder/defaults/main.yml | 4 -
ansible/roles/cinder/tasks/upgrade.yml | 1 -
ansible/roles/cinder/templates/cinder.conf.j2 | 2 +-
.../roles/cloudkitty/templates/cloudkitty.conf.j2 | 4 +-
ansible/roles/common/defaults/main.yml | 1 +
.../common/templates/conf/output/00-local.conf.j2 | 6 +
.../common/templates/conf/output/01-es.conf.j2 | 3 +
.../templates/conf/output/02-monasca.conf.j2 | 2 +-
ansible/roles/cyborg/tasks/config.yml | 16 +-
ansible/roles/elasticsearch/defaults/main.yml | 61 ++++-
ansible/roles/elasticsearch/handlers/main.yml | 15 ++
.../roles/elasticsearch/tasks/check-containers.yml | 4 +-
ansible/roles/elasticsearch/tasks/config.yml | 47 +++-
ansible/roles/elasticsearch/tasks/pull.yml | 4 +-
ansible/roles/elasticsearch/tasks/upgrade.yml | 10 +-
.../templates/elasticsearch-curator-actions.yml.j2 | 33 +++
.../templates/elasticsearch-curator.crontab.j2 | 3 +
.../templates/elasticsearch-curator.json.j2 | 32 +++
.../templates/elasticsearch-curator.yml.j2 | 8 +
.../elasticsearch/templates/elasticsearch.json.j2 | 2 +-
.../elasticsearch/templates/elasticsearch.yml.j2 | 4 +-
ansible/roles/etcd/defaults/main.yml | 10 +-
ansible/roles/grafana/tasks/post_config.yml | 2 +-
ansible/roles/keystone/tasks/precheck.yml | 24 +-
ansible/roles/kibana/defaults/main.yml | 18 +-
ansible/roles/kibana/files/kibana-6-index.json | 264 +++++++++++++++++++++
ansible/roles/kibana/tasks/deploy.yml | 2 -
.../roles/kibana/tasks/migrate-kibana-index.yml | 99 ++++++++
ansible/roles/kibana/tasks/post_config.yml | 72 ------
ansible/roles/kibana/tasks/upgrade.yml | 3 +
ansible/roles/magnum/templates/magnum.conf.j2 | 11 +
ansible/roles/mariadb/tasks/upgrade.yml | 2 +-
ansible/roles/monasca/defaults/main.yml | 6 +-
ansible/roles/monasca/tasks/post_config.yml | 3 +-
.../monasca-agent-forwarder/agent-forwarder.yml.j2 | 2 +-
.../monasca-log-metrics/log-metrics.conf.j2 | 29 +++
.../monasca-log-metrics.json.j2 | 3 +-
.../monasca-log-persister/log-persister.conf.j2 | 13 +
.../monasca-log-persister.json.j2 | 3 +-
.../log-transformer.conf.j2 | 24 ++
.../monasca-log-transformer.json.j2 | 3 +-
ansible/roles/neutron/defaults/main.yml | 2 +-
ansible/roles/neutron/tasks/config.yml | 1 +
ansible/roles/nova-cell/defaults/main.yml | 7 +-
.../templates/nova-cell-bootstrap.json.j2 | 3 +-
.../nova-cell/templates/nova-conductor.json.j2 | 8 +-
ansible/roles/nova/tasks/bootstrap.yml | 3 +
ansible/roles/nova/tasks/deploy.yml | 3 -
.../nova/templates/nova-api-bootstrap.json.j2 | 3 +-
ansible/roles/octavia/defaults/main.yml | 4 +
ansible/roles/octavia/tasks/register.yml | 14 ++
ansible/roles/octavia/templates/octavia.conf.j2 | 5 +-
ansible/roles/openvswitch/defaults/main.yml | 4 +-
.../ovs-dpdk/templates/ovsdpdk-vswitchd.json.j2 | 2 +-
ansible/roles/qinling/templates/qinling.conf.j2 | 2 +-
ansible/roles/service-rabbitmq/defaults/main.yml | 1 +
ansible/roles/service-rabbitmq/tasks/main.yml | 1 +
.../roles/skydive/templates/skydive-agent.conf.j2 | 4 +-
.../skydive/templates/skydive-analyzer.conf.j2 | 4 +-
ansible/roles/zun/templates/zun.conf.j2 | 5 +
ansible/site.yml | 14 +-
.../central-logging-guide.rst | 49 ++++
etc/kolla/globals.yml | 7 +-
kolla_ansible/cmd/genpwd.py | 4 +
kolla_ansible/cmd/mergepwd.py | 9 +
...custom-elasticsearch-conf-6fc34fbc3b471997.yaml | 3 +
...add-elasticsearch-curator-88089d04f7ccd549.yaml | 4 +
...onditional-fact-gathering-94760984b2de0796.yaml | 8 +
.../notes/bug-1799689-c8612c73649ac483.yaml | 5 +
.../notes/bug-1856346-59d0f01005d56e81.yaml | 6 +
.../notes/bug-1881890-72c76f5fc065588b.yaml | 5 +
...-chrony-permission-denied-917b3bffc5cdb38d.yaml | 6 +
.../notes/bug-1883141-336fd12b89a3a5cc.yaml | 5 +
.../notes/bug-1884939-7c77b8002d3ff52d.yaml | 7 +
.../notes/bug-1885732-10803d46f9c73444.yaml | 5 +
.../notes/bug-1886170-f76d9d3520ab86ec.yaml | 7 +
...-become-attributes-vmware-9ae97e49b4d7dc0d.yaml | 5 +
.../bug-nova-dev-mod-failed-ad4e64f5a5bc2a6a.yaml | 4 +
...in-magnum-use-internalURL-af3ad82af71a88c6.yaml | 6 +
...ty-removed-config-options-6b656fb8bfa5431d.yaml | 7 +
.../elasticsearch-kibana-6-6621548e948d9d23.yaml | 10 +
...-cinder-upgrade-max-count-ab928f85f224c63d.yaml | 5 +
...ed-to-find-api-paste-file-225cec3ec16b2265.yaml | 6 +
.../notes/fix-etcd-protocol-3c9482f90070ee6e.yaml | 8 +
.../fix-fernet-pre-check-5efbdfe43a2776e3.yaml | 6 +
...-elasticsearch-kolla-logs-a0ba85d91d1a2c31.yaml | 8 +
...avia-service-auth-project-849a4e5bd852e9c7.yaml | 40 ++++
.../fix-rabbitmq-user-tags-8c9d626b28ff5d51.yaml | 7 +
...entd-elasticsearch-cacert-0e8824dd57052913.yaml | 8 +
.../notes/improve-pwd-errors-7563a3cc941c3091.yaml | 6 +
.../notes/kibana-tls-verify-8bfcb822268ad0d8.yaml | 6 +
...stee-keystone-region-name-002162a45f855faf.yaml | 4 +
.../storm-enable-zookeeper-2108156acced1c57.yaml | 10 +
.../notes/support-logstash-6-d64bb51217b79a77.yaml | 12 +
tools/init-runonce | 2 +-
tools/kolla-ansible | 83 +++++--
tools/ovs-dpdkctl.sh | 6 +-
tools/setup_gate.sh | 5 +-
zuul.d/base.yaml | 22 ++
zuul.d/project.yaml | 3 +-
120 files changed, 1500 insertions(+), 243 deletions(-)
More information about the Release-announce
mailing list