[release-announce] kolla-ansible 11.1.0 (victoria)
no-reply at openstack.org
no-reply at openstack.org
Thu Jul 29 10:05:44 UTC 2021
We eagerly announce the release of:
kolla-ansible 11.1.0: Ansible Deployment of Kolla containers
This release is part of the victoria stable release series.
The source is available from:
https://opendev.org/openstack/kolla-ansible
Download the package from:
https://tarballs.openstack.org/kolla-ansible/
Please report issues through:
https://bugs.launchpad.net/kolla-ansible/+bugs
For more details, please see below.
11.1.0
^^^^^^
New Features
************
* Add "octavia-driver-agent" to "Octavia" deployments to allow for
additional providers, e.g. "ovn-octavia-provider". It is
automatically deployed when "Octavia" is enabled and
"neutron_plugin_agent" is set to "ovn". It can be also enabled by
setting "enable_octavia_driver_agent" to "yes". Users need to update
their inventory to include "octavia-driver-agent" Ansible group.
* Adds a new flag, "docker_disable_default_network", which defaults
to "no". Docker is using "172.17.0.0/16" by default for bridge
networking on "docker0", and this might cause routing problems for
operator networks. Setting this flag to "yes" will disable Docker's
bridge networking. This feature will be enabled by default from the
Wallaby 12.0.0 release.
* Added a new haproxy configuration variable,
"haproxy_host_ipv4_tcp_retries2", which allows users to modify this
kernel option. This option sets maximum number of times a TCP packet
is retransmitted in established state before giving up. The default
kernel value is 15, which corresponds to a duration of approximately
between 13 to 30 minutes, depending on the retransmission timeout.
This variable can be used to mitigate an issue with stuck
connections in case of VIP failover, see bug 1917068 for details.
* Adds the ability to override the automatic detection of
*fluentd_version* and *fluentd_binary*. These can now be defined as
extra variables. This removes the dependency of having docker
configured for config generation.
* OVN deployment will now configure "external_ids:ovn-chassis-mac-
mappings" to make DVR work on VLAN tenant networks.
* Adds support for collecting Prometheus metrics from RabbitMQ. This
is enabled by default when Prometheus and RabbitMQ are enabled, and
may be disabled by setting "enable_prometheus_rabbitmq_exporter" to
"false".
Bug Fixes
*********
* Fixes an issue with "kolla-ansible bootstrap-servers" if Zun is
enabled where Zun-specific configuration for Docker was applied to
all nodes. LP#1914378
* Fix the issue when Swift deployed with S3 Token Middleware
enabled. Fixes LP#1862765
* Fixes the Northbound and Southbound database socket paths in OVN.
* chronyd crash loop if server is rebooted (Debian) LP#1915528
* Fixes an issue preventing prechecks from succeeding when "non-
native" NTP daemon was used, such as "ntpd` as opposed to ``systemd-
timesyncd" on a Debian/Ubuntu system or to "chronyd" on a
CentOS/RHEL system. LP#1922721
* Fixed an issue when Docker was configured after startup on
Debian/Ubuntu, which resulted in iptables rules being created -
before they were disabled. LP#1923203
* Fixes an issue with Octavia SSH key copying if user disabled
Octavia auto configuration. LP##1927727
* Fixed an issue where docker python SDK 5.0.0 was failing due to
missing six - introduced a constraint to install version lower than
5.x. LP#1928915
* Fixes more-than-2-node RabbitMQ upgrade failing randomly.
LP#1930293.
* Fixes Swift deploy when TLS enabled. Added the missing handler and
corrected the container name. LP#1931097
* Fixes missing region_name in keystone_auth sections. See bug
1933025 for details.
* Fixes "iscsid" failing in current CentOS 8 based images due to pid
file being needlessly set. LP#1933033
* Fixes host bootstrap on Debian not removing the conflicting
packages. It now behaves in accordance with the docs. LP#1933122
* Fixes an issue where "kolla-ansible" exits with a zero exit code
when executed with a bogus command name. LP#1929397
* Fixes potential issue with Alertmanger in non-HA deployments. In
this scenario, peer gossip protocol is now disabled and Alertmanager
won't try to form a cluster with non-existing other instances.
LP#1926463
* Adds a new flag, "docker_disable_ip_forward", which defaults to
"no" and can be used (by setting "yes") to disable docker's "ip-
forward" option which makes docker set "net.ipv4.ip_forward" sysctl
to "1". This is to protect from creating all-forwarding hosts.
LP#1931615
* Fixes an issue when generating "/etc/hosts" during "kolla-ansible
bootstrap-servers" when one or more hosts has an "api_interface"
with dashes ("-") in its name. LP#1927357
* Fixes some configuration issues around Barbican logging.
LP#1891343
* Fixes some configuration issues around Cinder logging. LP#1916752
* Fix cyborg api doesn't listen on api interface. change host to
host_ip in cyborg.conf. See the cyborg documentation
* Fix the wrong configuration of the ovs-dpdk service. this breaks
the deployment of kolla-ansible. For more details please see bug
1908850.
* Fixes an issue with Magnum when TLS is enabled. LP#781062
* Fixes an issue with executing "kolla-ansible" when installed via
"pip install --user". LP#1915527
* Fixes an issue where "masakari.conf" was generated for the
"masakari-instancemonitor" service but not used.
* Fixes an issue where "masakari-monitors.conf" was generated for
the "masakari-api" and "masakari-engine" services but not used.
* Uses a consistent variable name for container dimensions for
"masakari-instancemonitor" - "masakari_instancemonitor_dimensions".
The old name of "masakari_monitors_dimensions" is still supported.
* Fixes an issue with Octavia deployment when using a custom service
auth project. If "octavia_service_auth_project" is set to a project
that does not exist, Octavia deployment would fail. The project is
now created. LP#1922100
* Fixes LP#1892376 by updating deprecated syntax in the Monasca
Elasticsearch template.
* Removes whitespace around equal signs in "zookeeper.cfg" which
were preventing the "zkCleanup.sh" script from running correctly.
Other Notes
***********
* Following Cinder upstream, support for using ZFSSA with Cinder has
been removed. ZFSSA was unsupported in Train and later removed in
Ussuri.
* Updates the container image used by mariabackup. It was using the
"mariadb" image, which was deprecated in Victoria and will be
removed in Wallaby. The "mariadb-server" image is used instead.
LP#1928129
Changes in kolla-ansible 11.0.0..11.1.0
---------------------------------------
51eac17b4 Fix exit code with bogus command name
e712915f3 [doc] Fix reno (disable-ip-forward)
bdc1b468a Fix typos in release note
d61340ba3 Allow user to set sysctl_net_ipv4_tcp_retries2
5c70c920c Disable docker's ip-forward when iptables disabled
0846f4afa [docker] Added a new flag to disable default network
0467055b2 docs: Add note about internal VIP when HAProxy is disabled
338d97731 magnum: Add CA certificate configuration for internal TLS
9681041d0 CI: Avoid generating a nova key in ceph-ansible scenario
a2e5cfb85 Make it possible to override automatic fluentd version detection
d41e01406 [CI] Do not set ansible_python_interpreter for Zuul
3b5bcc16a Make rabbitmq cluster_partition_handling configurable
37017d1a0 CI: Fix nfv job with kolla dependency
567fb01a7 [CI] Fix the NFV scenario
f0487e793 Add missing region_name in keystoneauth sections
b83ea3149 Drop support for Cinder ZFSSA backend
fdbe6aebe Fix host bootstrap pkg removal on Debian
7b19b2e31 Add missing octavia-driver-agent
77d70f0d8 Do not set pid file for iscsid
5bc072141 baremetal: fix /etc/hosts generation when api_interface has dashes
12157d68b chronyd crash loop if Debian server is rebooted
5283eb8bf Stop fluentd deprecation warnings of type vs @type
903601a7a Fix parsing of infra.mariadb.xinetd logs
f557229ef Fix neutron-ovn-metadata-agent with policy.yaml
1d6906bbb octavia: Ensure service auth project exists
9d9198294 Merge glance sections for nova.conf.j2
ef270b693 Redis configuration syntax update
a75a489e3 Update blazar.conf template
421d7acfb Support editable installation in all cases
5b6af5094 Add the ansible_managed header for admin-openrc.sh
6387e431f Fix RabbitMQ restart ordering
595eec10b Add forgotten 'Restart container' handler for swift
cece51910 [CI] Drop Zuul host groups
7244e4744 Use mariadb-server image for mariabackup
dda891ac6 docs: Update Freenode to OFTC
5d538edd1 CI: Use PATH to find kolla-ansible script
91bfccb8f CI: pull images before deploy
9a0da6463 cinder: fix condition to copy backend TLS certs
f3ea05ace Remove [octavia]/base_url option from neutron.conf
513a3b1fe CI: Configure IP on a linux bridge instead of OVS br-ex
5ef58708c baremetal: Install Docker SDK less than 5.0.0
34fb2c890 baremetal: Don't start Docker after install on Debian/Ubuntu
edd64f3c4 Disable Alertmanager's peer gossip in non-HA deployments
2f062e3b3 ovn: make DVR work on VLAN tenant networks
4a10df452 Use @type instead of type
326e15d58 Do not write octavia_amp_ssh_key if auto_config disabled
570f46d21 Fix "Restart mariadb-clustercheck container" during config gen
2357c9793 Fix cyborg api doesn't listen on api interface
985d78222 Pin ansible to <2.10.0 in test-requirements
9ad4b7ae2 prometheus: Collect metrics from rabbitmq
561853796 masakari: fix minor issues with instance monitor
d5c131bc5 CI: Use 5G loop device for ceph
54195f468 Add IPv6 configuration options to Octavia management network
5bdeef89b Negative seqno need to be considered when comparing seqno
466e4cc7c docs: Improve policy documentation
15eea3ee6 Apply Zun configuration for Docker based on inventory
1b40f0dc9 Drop the NTP service precheck
366be65fd [CI] Use images from quay.io
382add560 nova-cell: Stop printing ceph keys in output
abc41f86d Reduce number of logs and disable ara HTML report
d0839a3cb CI: Fix yamllint comments-indentation in .ansible-lint
5143b8925 docs: fix registry mirror example
ce1dbd9fb don't use the same CIDR in octavia_amp_network_cidr and init-run-once
27f088eac Correctly configure S3 Token Middleware for Swift
b32492e72 ansible-lint: add unnamed-task to the skip list
eb66ef75f Introduce nova_libvirt_logging_debug
81cf413c5 Rename eswitchd.conf -> eswitchd.conf.j2
c5f41a19a Remove whitespace around equal signs in zookeeper.cfg
b9f8543f1 Fix Cinder log parsing
469d28b3a CI: Add ssh retries
4f25a2015 Replace db-sock with db-nb-sock and db-sb-sock
ea89f1cc1 ovn: Fix disabling of gateway chassis
ff3a144d7 Update String type for Monasca ES template
3db84cce0 Do not wait for grafana to start when kolla_action=config
fd10dcb96 Fix monasca-grafana check
77d050957 Fix installation with pip install --user
c4f6ca1cd CI: fix kolla-ansible installation after cryptography 3.4 release
4f6988564 Fix Barbican API log config
b4cede498 docs: improve external Ceph docs
9698fa153 docs: Improve multinode Docker registry setup
05e6d4a4d Fix dpdk deploy failed
25286fbf1 Install gnupg before adding docker apt gpg key during pre-install
ac6039bd6 Fixes solum_api Listening on 127.0.0.1
996eeb2b7 Fix failure during Monasca Grafana upgrade
174cd7b15 octavia: fix typo in defaults
Diffstat (except docs and test files)
-------------------------------------
.ansible-lint | 22 +++--
ansible/action_plugins/merge_configs.py | 27 +++++-
ansible/group_vars/all.yml | 11 ++-
ansible/inventory/all-in-one | 3 +
ansible/inventory/multinode | 3 +
ansible/roles/aodh/templates/aodh.conf.j2 | 1 +
.../roles/barbican/templates/barbican-api.ini.j2 | 1 +
.../roles/barbican/templates/barbican-api.json.j2 | 2 +-
ansible/roles/barbican/templates/barbican.conf.j2 | 4 +
.../roles/baremetal/tasks/bootstrap-servers.yml | 5 +-
ansible/roles/baremetal/tasks/install.yml | 28 +++++-
ansible/roles/baremetal/tasks/post-install.yml | 50 ++++++++--
ansible/roles/baremetal/tasks/pre-install.yml | 7 +-
.../baremetal/templates/docker_systemd_service.j2 | 2 +-
ansible/roles/blazar/templates/blazar.conf.j2 | 11 +--
ansible/roles/chrony/templates/chrony.json.j2 | 4 +-
ansible/roles/cinder/defaults/main.yml | 14 ---
ansible/roles/cinder/tasks/config.yml | 2 +-
ansible/roles/cinder/tasks/precheck.yml | 1 -
ansible/roles/cinder/templates/cinder-wsgi.conf.j2 | 2 +-
ansible/roles/cinder/templates/cinder.conf.j2 | 18 +---
ansible/roles/common/tasks/config.yml | 12 ++-
ansible/roles/common/templates/admin-openrc.sh.j2 | 2 +
.../templates/conf/filter/01-rewrite-0.12.conf.j2 | 4 +-
.../templates/conf/filter/01-rewrite-0.14.conf.j2 | 4 +-
.../common/templates/conf/input/02-mariadb.conf.j2 | 2 +-
.../common/templates/conf/output/00-local.conf.j2 | 8 +-
ansible/roles/cyborg/templates/cyborg.conf.j2 | 4 +-
.../roles/designate/templates/designate.conf.j2 | 1 +
ansible/roles/freezer/templates/freezer.conf.j2 | 1 +
ansible/roles/glance/templates/glance-api.conf.j2 | 1 +
ansible/roles/gnocchi/templates/gnocchi.conf.j2 | 1 +
ansible/roles/grafana/handlers/main.yml | 1 +
ansible/roles/haproxy/defaults/main.yml | 4 +
ansible/roles/haproxy/tasks/config-host.yml | 7 +-
ansible/roles/heat/templates/heat.conf.j2 | 1 +
.../ironic/templates/ironic-inspector.conf.j2 | 2 +
ansible/roles/iscsi/templates/iscsid.json.j2 | 2 +-
ansible/roles/magnum/templates/magnum.conf.j2 | 10 ++
ansible/roles/manila/templates/manila.conf.j2 | 1 +
ansible/roles/mariadb/defaults/main.yml | 2 +-
ansible/roles/mariadb/handlers/main.yml | 2 +
ansible/roles/mariadb/tasks/recover_cluster.yml | 2 +-
ansible/roles/masakari/defaults/main.yml | 10 +-
ansible/roles/masakari/tasks/clone.yml | 2 +-
ansible/roles/masakari/tasks/config.yml | 33 ++++---
ansible/roles/mistral/templates/mistral.conf.j2 | 1 +
ansible/roles/monasca/handlers/main.yml | 3 +-
ansible/roles/monasca/tasks/upgrade.yml | 1 +
.../monasca/templates/monasca-api/api.conf.j2 | 1 +
.../elasticsearch-template.json | 12 +--
ansible/roles/murano/templates/murano.conf.j2 | 3 +
.../templates/{eswitchd.conf => eswitchd.conf.j2} | 0
.../templates/neutron-ovn-metadata-agent.json.j2 | 13 ++-
ansible/roles/neutron/templates/neutron.conf.j2 | 8 +-
ansible/roles/nova-cell/defaults/main.yml | 1 +
ansible/roles/nova-cell/tasks/external_ceph.yml | 1 +
ansible/roles/nova-cell/templates/libvirtd.conf.j2 | 2 +-
ansible/roles/nova-cell/templates/nova.conf.j2 | 5 +-
ansible/roles/nova/templates/nova.conf.j2 | 1 +
ansible/roles/octavia/defaults/main.yml | 39 +++++++-
ansible/roles/octavia/handlers/main.yml | 15 +++
ansible/roles/octavia/tasks/check-containers.yml | 2 +-
ansible/roles/octavia/tasks/config.yml | 12 ++-
ansible/roles/octavia/tasks/prepare.yml | 3 +
ansible/roles/octavia/tasks/pull.yml | 2 +-
ansible/roles/octavia/tasks/register.yml | 15 ---
.../roles/octavia/templates/octavia-api.json.j2 | 6 ++
.../octavia/templates/octavia-driver-agent.json.j2 | 23 +++++
ansible/roles/octavia/templates/octavia.conf.j2 | 12 +++
ansible/roles/ovn/defaults/main.yml | 2 +
ansible/roles/ovn/tasks/bootstrap.yml | 12 ++-
ansible/roles/ovn/templates/ovn-nb-db.json.j2 | 2 +-
ansible/roles/ovn/templates/ovn-sb-db.json.j2 | 2 +-
ansible/roles/ovs-dpdk/defaults/main.yml | 2 -
.../roles/ovs-dpdk/templates/ovsdpdk-db.json.j2 | 2 +-
.../roles/placement/templates/placement.conf.j2 | 1 +
ansible/roles/prechecks/tasks/timesync_checks.yml | 10 --
.../templates/prometheus-alertmanager.json.j2 | 2 +-
.../roles/prometheus/templates/prometheus.yml.j2 | 9 ++
ansible/roles/rabbitmq/defaults/main.yml | 2 +
ansible/roles/rabbitmq/handlers/main.yml | 18 +++-
ansible/roles/rabbitmq/templates/rabbitmq.conf.j2 | 3 +-
ansible/roles/redis/templates/redis.conf.j2 | 10 +-
ansible/roles/sahara/templates/sahara.conf.j2 | 1 +
ansible/roles/senlin/templates/senlin.conf.j2 | 1 +
ansible/roles/service-precheck/tasks/main.yml | 1 +
ansible/roles/solum/templates/solum.conf.j2 | 4 +
ansible/roles/swift/defaults/main.yml | 2 +-
ansible/roles/swift/handlers/main.yml | 4 +
ansible/roles/swift/templates/proxy-server.conf.j2 | 2 +-
ansible/roles/tacker/templates/tacker.conf.j2 | 1 +
ansible/roles/trove/templates/trove.conf.j2 | 1 +
ansible/roles/vitrage/templates/vitrage.conf.j2 | 1 +
ansible/roles/watcher/templates/watcher.conf.j2 | 1 +
ansible/roles/zookeeper/tasks/config.yml | 1 +
.../reference/high-availability/haproxy-guide.rst | 47 ++++++++++
.../reference/storage/external-ceph-guide.rst | 101 ++++++++++++++-------
etc/kolla/globals.yml | 9 +-
etc/kolla/passwords.yml | 5 -
lower-constraints.txt | 87 ------------------
.../bootstrap-without-zun-67d6ee5d84fcec22.yaml | 6 ++
.../notes/bug-1862765-a6cad9fd2d3f0f48.yaml | 5 +
.../notes/bug-1903506-12ae72c114bede72.yaml | 9 ++
.../notes/bug-1913031-e8b14c50e8a27d14.yaml | 4 +
...yd-crash-loop-if-server-is-rebooted-debian.yaml | 5 +
.../notes/bug-1922721-19163cfb491d0035.yaml | 7 ++
.../notes/bug-1923203-f9ff247befc4bd75.yaml | 6 ++
.../notes/bug-1927727-4437103de59e85e5.yaml | 6 ++
.../notes/bug-1928915-482b2d53bb2a4d92.yaml | 6 ++
.../notes/bug-1930293-d8a524f2070e6779.yaml | 5 +
.../notes/bug-1931097-c94832ed2ed92c3a.yaml | 6 ++
.../notes/bug-1933025-1cb5d64d20d57be7.yaml | 6 ++
.../notes/bug-1933033-76746d127285cfe8.yaml | 6 ++
.../notes/bug-1933122-b34311ba73092080.yaml | 6 ++
...fault-migration-interface-3cdf30eed98553fd.yaml | 4 +-
.../notes/cli-exit-code-1e6278f803dbf8e2.yaml | 6 ++
...e-alertmanager-clustering-ec70f5f970c4933a.yaml | 7 ++
.../docker-disable-bridge-14df8b7fddbd5000.yaml | 9 ++
...docker-disable-ip-forward-b0490b71f9f07cd6.yaml | 9 ++
.../notes/drop-zfssa-2708a8c0b0eb5f43.yaml | 5 +
.../notes/etc-hosts-dashes-37d0dc07c8fc881f.yaml | 7 ++
...g-to-die-after-VIP-switch-5f9e811783c36041.yaml | 13 +++
.../fix-barbican-logging-42068f47fe1e4e4d.yaml | 5 +
.../notes/fix-cinder-logging-22fea4739begd6s.yaml | 5 +
.../fix-cyborg-host-config-dee1d79476b94981.yaml | 6 ++
.../fix-dpdk-deploy-failed-6695899422a67359.yaml | 7 ++
.../fix-magnum-tls-cacert-dd5ab5729391beb2.yaml | 5 +
.../fix-pip-install-user-5f871f67433e465a.yaml | 6 ++
.../notes/mariabackup-image-8b31622f59890e28.yaml | 7 ++
...ari-instancemonitor-fixes-dc13e5234456d4c5.yaml | 12 +++
...eate-service-auth-project-aa38b12ebb601777.yaml | 7 ++
...fluentd-version-detection-3cb8b8a8ebc02d0a.yaml | 6 ++
.../notes/ovn_dvr_vlan-f36a6868cfd4776e.yaml | 5 +
.../prometheus-rabbitmq-f7d6ebf0d611a819.yaml | 6 ++
...ca-elasticsearch-template-41492c59acaf92b1.yaml | 6 ++
.../zookeeper-cfg-syntax-02e93c01d6a24f35.yaml | 5 +
roles/bridge/tasks/main.yml | 12 +++
roles/veth/tasks/main.yml | 12 +++
test-requirements.txt | 2 +-
tools/kolla-ansible | 30 +++++-
tox.ini | 8 +-
zuul.d/base.yaml | 12 +--
zuul.d/nodesets.yaml | 16 ----
zuul.d/project.yaml | 1 -
171 files changed, 1119 insertions(+), 501 deletions(-)
Requirements updates
--------------------
diff --git a/test-requirements.txt b/test-requirements.txt
index f960fd505..cab4df184 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -16 +16 @@ stestr>=2.0.0 # Apache-2.0
-ansible>=2.9.0 # GPLv3
+ansible>=2.9.0,<2.10.0 # GPLv3
More information about the Release-announce
mailing list