[release-announce] kolla-ansible 10.3.0 (ussuri)
no-reply at openstack.org
no-reply at openstack.org
Thu Jul 29 10:23:36 UTC 2021
We are gleeful to announce the release of:
kolla-ansible 10.3.0: Ansible Deployment of Kolla containers
This release is part of the ussuri stable release series.
The source is available from:
https://opendev.org/openstack/kolla-ansible
Download the package from:
https://tarballs.openstack.org/kolla-ansible/
Please report issues through:
https://bugs.launchpad.net/kolla-ansible/+bugs
For more details, please see below.
10.3.0
^^^^^^
New Features
************
* Adds "kolla_sysctl_conf_path" variable that allows to customise
the path to "sysctl.conf" that will be modified by Kolla Ansible
plays. The default is "/etc/sysctl.conf" as it was before.
* Adds a new flag, "docker_disable_default_network", which defaults
to "no". Docker is using "172.17.0.0/16" by default for bridge
networking on "docker0", and this might cause routing problems for
operator networks. Setting this flag to "yes" will disable Docker's
bridge networking. This feature will be enabled by default from the
Wallaby 12.0.0 release.
* Added a new haproxy configuration variable,
"haproxy_host_ipv4_tcp_retries2", which allows users to modify this
kernel option. This option sets maximum number of times a TCP packet
is retransmitted in established state before giving up. The default
kernel value is 15, which corresponds to a duration of approximately
between 13 to 30 minutes, depending on the retransmission timeout.
This variable can be used to mitigate an issue with stuck
connections in case of VIP failover, see bug 1917068 for details.
* Adds the ability to override the automatic detection of
*fluentd_version* and *fluentd_binary*. These can now be defined as
extra variables. This removes the dependency of having docker
configured for config generation.
* Adds support for collecting Prometheus metrics from RabbitMQ. This
is enabled by default when Prometheus and RabbitMQ are enabled, and
may be disabled by setting "enable_prometheus_rabbitmq_exporter" to
"false".
* Allows to skip and unset sysctl variables controlled by Kolla
Ansible plays using "KOLLA_SKIP" and "KOLLA_UNSET" values.
Bug Fixes
*********
* Fixes an issue with "kolla-ansible bootstrap-servers" if Zun is
enabled where Zun-specific configuration for Docker was applied to
all nodes. LP#1914378
* Fix the issue when Swift deployed with S3 Token Middleware
enabled. Fixes LP#1862765
* Fixes the Northbound and Southbound database socket paths in OVN.
* chronyd crash loop if server is rebooted (Debian) LP#1915528
* Fixed an issue when Docker was configured after startup on
Debian/Ubuntu, which resulted in iptables rules being created -
before they were disabled. LP#1923203
* A bug where sriov_agent.ini wasn't copied due to "Permission
denied" error was fixed. LP#1923467
* Fixed an issue where docker python SDK 5.0.0 was failing due to
missing six - introduced a constraint to install version lower than
5.x. LP#1928915
* Fixes more-than-2-node RabbitMQ upgrade failing randomly.
LP#1930293.
* Fixes Swift deploy when TLS enabled. Added the missing handler and
corrected the container name. LP#1931097
* Fixes missing region_name in keystone_auth sections. See bug
1933025 for details.
* Fixes "iscsid" failing in current CentOS 8 based images due to pid
file being needlessly set. LP#1933033
* Fixes host bootstrap on Debian not removing the conflicting
packages. It now behaves in accordance with the docs. LP#1933122
* Fixes an issue where "kolla-ansible" exits with a zero exit code
when executed with a bogus command name. LP#1929397
* Fixes potential issue with Alertmanger in non-HA deployments. In
this scenario, peer gossip protocol is now disabled and Alertmanager
won't try to form a cluster with non-existing other instances.
LP#1926463
* Adds a new flag, "docker_disable_ip_forward", which defaults to
"no" and can be used (by setting "yes") to disable docker's "ip-
forward" option which makes docker set "net.ipv4.ip_forward" sysctl
to "1". This is to protect from creating all-forwarding hosts.
LP#1931615
* Fixes an issue when generating "/etc/hosts" during "kolla-ansible
bootstrap-servers" when one or more hosts has an "api_interface"
with dashes ("-") in its name. LP#1927357
* Fixes some configuration issues around Barbican logging.
LP#1891343
* Fixes some configuration issues around Cinder logging. LP#1916752
* Fix the wrong configuration of the ovs-dpdk service. this breaks
the deployment of kolla-ansible. For more details please see bug
1908850.
* Fixes an issue with keepalived which was not recreated during an
upgrade if configuration is unchanged. LP#1928362
* Fixes an issue with Magnum when TLS is enabled. LP#781062
* Fixes an issue with executing "kolla-ansible" when installed via
"pip install --user". LP#1915527
* Fixes an issue where "masakari.conf" was generated for the
"masakari-instancemonitor" service but not used.
* Fixes an issue where "masakari-monitors.conf" was generated for
the "masakari-api" and "masakari-engine" services but not used.
* Uses a consistent variable name for container dimensions for
"masakari-instancemonitor" - "masakari_instancemonitor_dimensions".
The old name of "masakari_monitors_dimensions" is still supported.
* Fixes an issue with Octavia deployment when using a custom service
auth project. If "octavia_service_auth_project" is set to a project
that does not exist, Octavia deployment would fail. The project is
now created. LP#1922100
* Fixes LP#1892376 by updating deprecated syntax in the Monasca
Elasticsearch template.
* Removes whitespace around equal signs in "zookeeper.cfg" which
were preventing the "zkCleanup.sh" script from running correctly.
Other Notes
***********
* Following Cinder upstream, support for using ZFSSA with Cinder has
been removed. ZFSSA was unsupported in Train and later removed in
Ussuri.
Changes in kolla-ansible 10.2.0..10.3.0
---------------------------------------
588e7e87c Fix exit code with bogus command name
2acd4f711 Allow user to set sysctl_net_ipv4_tcp_retries2
345747a7c Allow to skip and unset sysctl vars
5d7c34523 Add support for changing sysctl.conf path
0055332bd Disable docker's ip-forward when iptables disabled
d7fcaca38 [docker] Added a new flag to disable default network
88347646e docs: Add note about internal VIP when HAProxy is disabled
e3ef0dc3d magnum: Add CA certificate configuration for internal TLS
473b7e457 Make it possible to override automatic fluentd version detection
0d8f65eac [CI] Do not set ansible_python_interpreter for Zuul
026ddc97d Add missing region_name in keystoneauth sections
2ac8b5749 Drop support for Cinder ZFSSA backend
0c7db5a14 Fix host bootstrap pkg removal on Debian
f0e39cd32 Do not set pid file for iscsid
c6aa022a4 baremetal: fix /etc/hosts generation when api_interface has dashes
ccbdf9202 chronyd crash loop if Debian server is rebooted
0cc46ff2a Stop fluentd deprecation warnings of type vs @type
9a1e9b607 Fix parsing of infra.mariadb.xinetd logs
005d4b89f Fix neutron-ovn-metadata-agent with policy.yaml
a343753a7 octavia: Ensure service auth project exists
bf0e09a6f Merge glance sections for nova.conf.j2
8dc48aca0 Update blazar.conf template
46898f4e3 Support editable installation in all cases
53cab0c3c Add the ansible_managed header for admin-openrc.sh
3ffcf4636 Fix RabbitMQ restart ordering
6110ae4d6 Add forgotten 'Restart container' handler for swift
6f3b611f3 neutron: Add become for copying sriov_agent.ini
622767ead Fix duplicate dashboard section in tempest.conf.j2
b80a7922a [CI] Drop Zuul host groups
90c57266a docs: Update Freenode to OFTC
fc7163df4 [CI] Support building source images with in-review changes
894ff94d0 CI: Use PATH to find kolla-ansible script
ae6b25fb1 [CI] Remove setup_gate.sh symlink
ecd8dfe62 CI: pull images before deploy
55d62db97 cinder: fix condition to copy backend TLS certs
f6d2decae Remove [octavia]/base_url option from neutron.conf
b97b388bd baremetal: Install Docker SDK less than 5.0.0
f20b54c7b baremetal: Don't start Docker after install on Debian/Ubuntu
2c7286193 Ensure keepalived is upgraded
a99debd15 Disable Alertmanager's peer gossip in non-HA deployments
4a5398f29 Use @type instead of type
fc66b7115 Fix "Restart mariadb-clustercheck container" during config gen
ca92444c6 prometheus: Collect metrics from rabbitmq
37c24be00 masakari: fix minor issues with instance monitor
3dbe8e82a Negative seqno need to be considered when comparing seqno
55ffe1f8f docs: Improve policy documentation
9164cad1c Apply Zun configuration for Docker based on inventory
f48846367 [CI] Use images from quay.io
193aa7fde nova-cell: Stop printing ceph keys in output
e84ac3919 docs: fix registry mirror example
a473d35e0 Correctly configure S3 Token Middleware for Swift
046d94c80 Reduce number of logs and disable ara HTML report
8a46ae952 Introduce nova_libvirt_logging_debug
eea77dee5 Synchronise kolla-ansible installation with other branches
faef9f592 Remove whitespace around equal signs in zookeeper.cfg
b4fff7225 Fix Cinder log parsing
8581dad2f CI: Add ssh retries
cd2fae0c2 Replace db-sock with db-nb-sock and db-sb-sock
469b95367 ovn: Fix disabling of gateway chassis
3e92b9351 Update String type for Monasca ES template
9efacffa8 CI: fix ceph-ansible installation after cryptography 3.4 release
b03201924 Do not wait for grafana to start when kolla_action=config
e95bc1375 Drop lower-constraints
ff06adaf4 Fix installation with pip install --user
bec35706e Fix monasca-grafana check
a89a2378f Fix Barbican API log config
459cbdd84 docs: improve external Ceph docs
150445c5b docs: Improve multinode Docker registry setup
b9c03063d Fix dpdk deploy failed
6aa553685 Install gnupg before adding docker apt gpg key during pre-install
ae2c9f9da Fixes solum_api Listening on 127.0.0.1
82c5781d8 Fix failure during Monasca Grafana upgrade
Diffstat (except docs and test files)
-------------------------------------
ansible/action_plugins/merge_configs.py | 27 +++-
ansible/group_vars/all.yml | 13 +-
ansible/roles/aodh/templates/aodh.conf.j2 | 1 +
.../roles/barbican/templates/barbican-api.ini.j2 | 1 +
.../roles/barbican/templates/barbican-api.json.j2 | 2 +-
ansible/roles/barbican/templates/barbican.conf.j2 | 4 +
.../roles/baremetal/tasks/bootstrap-servers.yml | 5 +-
ansible/roles/baremetal/tasks/install.yml | 28 ++++-
ansible/roles/baremetal/tasks/post-install.yml | 50 ++++++--
ansible/roles/baremetal/tasks/pre-install.yml | 7 +-
.../baremetal/templates/docker_systemd_service.j2 | 2 +-
ansible/roles/blazar/templates/blazar.conf.j2 | 11 +-
ansible/roles/chrony/templates/chrony.json.j2 | 4 +-
ansible/roles/cinder/defaults/main.yml | 14 ---
ansible/roles/cinder/tasks/config.yml | 2 +-
ansible/roles/cinder/tasks/precheck.yml | 1 -
ansible/roles/cinder/templates/cinder-wsgi.conf.j2 | 2 +-
ansible/roles/cinder/templates/cinder.conf.j2 | 18 +--
ansible/roles/common/tasks/config.yml | 12 +-
ansible/roles/common/templates/admin-openrc.sh.j2 | 2 +
.../templates/conf/filter/01-rewrite-0.12.conf.j2 | 4 +-
.../templates/conf/filter/01-rewrite-0.14.conf.j2 | 4 +-
.../common/templates/conf/input/02-mariadb.conf.j2 | 2 +-
.../common/templates/conf/output/00-local.conf.j2 | 6 +-
ansible/roles/cyborg/templates/cyborg.conf.j2 | 1 +
.../roles/designate/templates/designate.conf.j2 | 1 +
ansible/roles/elasticsearch/tasks/config-host.yml | 9 +-
ansible/roles/freezer/templates/freezer.conf.j2 | 1 +
ansible/roles/glance/templates/glance-api.conf.j2 | 1 +
ansible/roles/gnocchi/templates/gnocchi.conf.j2 | 1 +
ansible/roles/grafana/handlers/main.yml | 1 +
ansible/roles/haproxy/defaults/main.yml | 4 +
ansible/roles/haproxy/tasks/config-host.yml | 16 ++-
ansible/roles/haproxy/tasks/upgrade.yml | 2 +
ansible/roles/heat/templates/heat.conf.j2 | 1 +
.../ironic/templates/ironic-inspector.conf.j2 | 2 +
ansible/roles/iscsi/templates/iscsid.json.j2 | 2 +-
ansible/roles/magnum/templates/magnum.conf.j2 | 9 ++
ansible/roles/manila/templates/manila.conf.j2 | 1 +
ansible/roles/mariadb/handlers/main.yml | 2 +
ansible/roles/mariadb/tasks/recover_cluster.yml | 2 +-
ansible/roles/masakari/defaults/main.yml | 10 +-
ansible/roles/masakari/tasks/clone.yml | 2 +-
ansible/roles/masakari/tasks/config.yml | 33 ++---
ansible/roles/mistral/templates/mistral.conf.j2 | 1 +
ansible/roles/monasca/handlers/main.yml | 3 +-
ansible/roles/monasca/tasks/upgrade.yml | 1 +
.../monasca/templates/monasca-api/api.conf.j2 | 1 +
.../elasticsearch-template.json | 12 +-
ansible/roles/murano/templates/murano.conf.j2 | 3 +
ansible/roles/neutron/defaults/main.yml | 2 +
ansible/roles/neutron/tasks/config-host.yml | 8 +-
ansible/roles/neutron/tasks/config.yml | 1 +
.../templates/neutron-ovn-metadata-agent.json.j2 | 13 +-
ansible/roles/neutron/templates/neutron.conf.j2 | 8 +-
ansible/roles/nova-cell/defaults/main.yml | 4 +
ansible/roles/nova-cell/tasks/config-host.yml | 9 +-
ansible/roles/nova-cell/tasks/external_ceph.yml | 1 +
ansible/roles/nova-cell/templates/libvirtd.conf.j2 | 2 +-
ansible/roles/nova-cell/templates/nova.conf.j2 | 5 +-
ansible/roles/nova/templates/nova.conf.j2 | 1 +
ansible/roles/octavia/defaults/main.yml | 7 ++
ansible/roles/octavia/tasks/register.yml | 15 ---
ansible/roles/octavia/templates/octavia.conf.j2 | 1 +
ansible/roles/ovn/tasks/bootstrap.yml | 4 +-
ansible/roles/ovn/templates/ovn-nb-db.json.j2 | 2 +-
ansible/roles/ovn/templates/ovn-sb-db.json.j2 | 2 +-
ansible/roles/ovs-dpdk/defaults/main.yml | 2 -
.../roles/ovs-dpdk/templates/ovsdpdk-db.json.j2 | 2 +-
.../roles/placement/templates/placement.conf.j2 | 1 +
.../templates/prometheus-alertmanager.json.j2 | 2 +-
.../roles/prometheus/templates/prometheus.yml.j2 | 9 ++
ansible/roles/rabbitmq/handlers/main.yml | 18 ++-
ansible/roles/sahara/templates/sahara.conf.j2 | 1 +
ansible/roles/senlin/templates/senlin.conf.j2 | 1 +
ansible/roles/solum/templates/solum.conf.j2 | 4 +
ansible/roles/swift/defaults/main.yml | 2 +-
ansible/roles/swift/handlers/main.yml | 4 +
ansible/roles/swift/templates/proxy-server.conf.j2 | 2 +-
ansible/roles/tacker/templates/tacker.conf.j2 | 1 +
ansible/roles/tempest/templates/tempest.conf.j2 | 4 -
ansible/roles/trove/templates/trove.conf.j2 | 1 +
ansible/roles/vitrage/templates/vitrage.conf.j2 | 1 +
ansible/roles/watcher/templates/watcher.conf.j2 | 1 +
ansible/roles/zookeeper/tasks/config.yml | 1 +
.../reference/high-availability/haproxy-guide.rst | 47 +++++++
.../reference/storage/external-ceph-guide.rst | 101 +++++++++------
etc/kolla/globals.yml | 6 +-
etc/kolla/passwords.yml | 5 -
lower-constraints.txt | 93 --------------
.../bootstrap-without-zun-67d6ee5d84fcec22.yaml | 6 +
.../notes/bug-1862765-a6cad9fd2d3f0f48.yaml | 5 +
.../notes/bug-1913031-e8b14c50e8a27d14.yaml | 4 +
...yd-crash-loop-if-server-is-rebooted-debian.yaml | 5 +
.../notes/bug-1923203-f9ff247befc4bd75.yaml | 6 +
.../notes/bug-1923467-80973d9fbe1f5287.yaml | 6 +
.../notes/bug-1928915-482b2d53bb2a4d92.yaml | 6 +
.../notes/bug-1930293-d8a524f2070e6779.yaml | 5 +
.../notes/bug-1931097-c94832ed2ed92c3a.yaml | 6 +
.../notes/bug-1933025-1cb5d64d20d57be7.yaml | 6 +
.../notes/bug-1933033-76746d127285cfe8.yaml | 6 +
.../notes/bug-1933122-b34311ba73092080.yaml | 6 +
.../notes/cli-exit-code-1e6278f803dbf8e2.yaml | 6 +
.../custom-sysctl-conf-path-ce58e897fc067410.yaml | 6 +
...e-alertmanager-clustering-ec70f5f970c4933a.yaml | 7 ++
.../docker-disable-bridge-14df8b7fddbd5000.yaml | 9 ++
...docker-disable-ip-forward-b0490b71f9f07cd6.yaml | 9 ++
.../notes/drop-zfssa-2708a8c0b0eb5f43.yaml | 5 +
.../notes/etc-hosts-dashes-37d0dc07c8fc881f.yaml | 7 ++
...g-to-die-after-VIP-switch-5f9e811783c36041.yaml | 13 ++
.../fix-barbican-logging-42068f47fe1e4e4d.yaml | 5 +
.../notes/fix-cinder-logging-22fea4739begd6s.yaml | 5 +
.../fix-dpdk-deploy-failed-6695899422a67359.yaml | 7 ++
.../fix-keepalived-upgrade-a395e39dc946e618.yaml | 6 +
.../fix-magnum-tls-cacert-dd5ab5729391beb2.yaml | 5 +
.../fix-pip-install-user-5f871f67433e465a.yaml | 6 +
...ari-instancemonitor-fixes-dc13e5234456d4c5.yaml | 12 ++
...eate-service-auth-project-aa38b12ebb601777.yaml | 7 ++
...fluentd-version-detection-3cb8b8a8ebc02d0a.yaml | 6 +
.../prometheus-rabbitmq-f7d6ebf0d611a819.yaml | 6 +
.../sysctl-skip-and-unset-848d5ebd765aabec.yaml | 5 +
...ca-elasticsearch-template-41492c59acaf92b1.yaml | 6 +
.../zookeeper-cfg-syntax-02e93c01d6a24f35.yaml | 5 +
tools/kolla-ansible | 30 ++++-
tools/setup_gate.sh | 136 ---------------------
tox.ini | 6 -
zuul.d/base.yaml | 6 +-
zuul.d/nodesets.yaml | 16 ---
zuul.d/project.yaml | 1 -
148 files changed, 981 insertions(+), 603 deletions(-)
More information about the Release-announce
mailing list