From no-reply at openstack.org Thu Jun 2 07:54:43 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Thu, 02 Jun 2022 07:54:43 -0000 Subject: [release-announce] tempest 31.0.0 (zed) Message-ID: We are overjoyed to announce the release of: tempest 31.0.0: OpenStack Integration Testing This release is part of the zed release series. The source is available from: https://opendev.org/openstack/tempest Download the package from: https://pypi.org/project/tempest Please report issues through: https://bugs.launchpad.net/tempest/+bugs For more details, please see below. 31.0.0 ^^^^^^ Prelude ******* This is an intermediate release during the Zed development cycle to mark the end of support for EM Ussuri release in Tempest. After this release, Tempest will support below OpenStack Releases: * Yoga * Xena * Wallaby * Victoria Current development of Tempest is for OpenStack Zed development cycle. This is an intermediate release during the Zed development cycle to mark the end of support for EM Victoria release in Tempest. After this release, Tempest will support below OpenStack Releases: * Yoga * Xena * Wallaby Current development of Tempest is for OpenStack Zed development cycle. Upgrade Notes ************* * As the version of cirros used in OpenStack CI does not support SHA-2 signatures for ssh, any connection from a FIPS enabled machine will fail in case validation.ssh_key_type is set to rsa (the default until now). Using ecdsa keys helps us avoid the mentioned issue. From now on, the validation.ssh_key_type option will be set to ecdsa by default for testing simplicity. This change shouldn't have any drastic effect on any tempest consumer, in case rsa ssh type is required in a consumer's scenario, validation.ssh_key_type can be overridden to rsa. * Python 3.6 and 3.7 support has been dropped. Last release of Tempest to support python 3.6 and 3.7 is Temepst 30.0.0. The minimum version of Python now supported by Tempest is Python 3.8. * Remove deprecated config option "api_extensions" from "compute_feature_enabled" groups. Changes in tempest 30.1.0..31.0.0 --------------------------------- d2192f805 Use yoga stable constraint in tox to release 31.0.0 87661fcef Drop py3.6 and py3.7 from Tempest 53cd6880d Wait for guest to boot before attach a volume d9b6d7ca1 Use UPPER_CONSTRAINTS_FILE for stable/victoria testing 7aa3b21e8 Use UPPER_CONSTRAINTS_FILE for stable/ussuri testing 263825a17 End support for stable/victoria 404b55cd2 Add verification when restoring backups e29d5f16c Remove orchestration_client from tempest tree 2c3a6381c Make tempest plugin sanity job voting again b1ea43271 Unblock gate to temporary remove the py3.6|7 job d8bbaba41 Wait for guest after resize 618ff5f12 Remove compute api_extensions config option 4fc47f68c Make recreate_server() wait until SSHABLE e0c0fbe4c Add tempest-slow stable branch jobs on Tempest master gate 9625f0d36 Fix the integrated-gate-compute job template 3ed52100f Drop centos 8 stream testing 4db4e51cc Fix remote_client param description 75ca0b87c Switch to ecdsa ssh key type by default fe0e0a679 Fix: change values to items as keys and values are all used 38fcb5f02 Remove reference of openstack-health 6ffb4fa7f End support for stable/ussuri 7beb2d0ce Allows to skip wait for volume create 739e75338 Fix test_basic_metadata_definition_namespaces Diffstat (except docs and test files) ------------------------------------- ...a-ssh-key-type-by-default-0425b5d5ec72c1c3.yaml | 12 + .../drop-py-3-6-and-3-7-a34f2294f5341539.yaml | 6 + ...end-of-support-for-ussuri-68583f47805eff02.yaml | 13 + ...nd-of-support-of-victoria-9c33f2b089b14cb5.yaml | 12 + ...ute-api-extensions-config-b8564f60f4fa5495.yaml | 5 + roles/run-tempest/README.rst | 2 +- roles/run-tempest/tasks/main.yaml | 30 +- setup.cfg | 4 +- tempest/api/compute/admin/test_flavors.py | 8 - tempest/api/compute/admin/test_flavors_access.py | 8 - .../compute/admin/test_flavors_access_negative.py | 8 - .../api/compute/admin/test_flavors_extra_specs.py | 8 - .../admin/test_flavors_extra_specs_negative.py | 8 - tempest/api/compute/admin/test_volume_swap.py | 29 +- tempest/api/compute/admin/test_volumes_negative.py | 46 ++- tempest/api/compute/base.py | 23 +- tempest/api/compute/servers/test_server_actions.py | 4 +- tempest/api/compute/servers/test_server_group.py | 8 - tempest/api/compute/servers/test_server_tags.py | 8 - tempest/api/compute/test_extensions.py | 13 +- tempest/api/compute/test_quotas.py | 8 - tempest/api/compute/volumes/test_attach_volume.py | 16 +- .../v2/admin/test_images_metadefs_namespaces.py | 1 + tempest/api/volume/base.py | 7 +- tempest/cmd/verify_tempest_config.py | 4 +- tempest/common/utils/__init__.py | 1 - tempest/config.py | 14 +- tempest/lib/common/utils/linux/remote_client.py | 2 +- tempest/lib/services/image/v2/namespaces_client.py | 8 + tempest/scenario/manager.py | 24 +- tempest/services/__init__.py | 0 tempest/services/orchestration/__init__.py | 18 - tempest/services/orchestration/json/__init__.py | 0 .../orchestration/json/orchestration_client.py | 413 --------------------- tools/check_logs.py | 2 +- tox.ini | 12 +- zuul.d/integrated-gate.yaml | 38 +- zuul.d/project.yaml | 31 +- zuul.d/stable-jobs.yaml | 56 ++- zuul.d/tempest-specific.yaml | 20 - 43 files changed, 306 insertions(+), 714 deletions(-) From no-reply at openstack.org Tue Jun 7 11:10:58 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Tue, 07 Jun 2022 11:10:58 -0000 Subject: [release-announce] kayobe 10.2.0 (wallaby) Message-ID: We are pleased to announce the release of: kayobe 10.2.0: Deployment of OpenStack to bare metal using OpenStack kolla and bifrost This release is part of the wallaby stable release series. The source is available from: https://opendev.org/openstack/kayobe Download the package from: https://tarballs.openstack.org/kayobe/ Please report issues through: https://storyboard.openstack.org/#!/project/openstack/kayobe For more details, please see below. 10.2.0 ^^^^^^ New Features ************ * Enables hardware clock (RTC) synchronisation by default when applying the chrony role. This setting is configurable with the new variable "chrony_rtcsync_enabled". * Adds support for inspection of L3-routed Ironic networks via DHCP- relay. * Adds support for running package updates on Ubuntu hosts via the following existing commands: * "kayobe seed host package update --packages " * "kayobe seed hypervisor host package update --packages " * "kayobe infra vm host package update --packages " * "kayobe overcloud host package update --packages " Security Issues *************** * Fixes an issue where any passwords in "kolla_ansible_custom_passwords" were exposed in Ansible logs. When using verbosity level 3 ("-vvv"), they were also exposed in Ansible output. Bug Fixes ********* * In production environments, the provision network may be separated from the other networks, so in this case, if you want Bifrost's DHCP service provides the correct gateway for the clients the "inspection_gateway" should be used instead of the "gateway" attribute for the provision network. This also avoids configuring the multiple IP gateways on a single host which leads to unpredictable results. * Fixes an issue where the Neutron SR-IOV agent image is not built when the service is enabled. * Fixes an issue with idempotence of local Kolla Ansible configuration generation. * Fixes an issue with the seed's configdrive when the admin network is a VLAN. See story 2008089 for details. * Enables deployment of Grafana when Monasca is enabled, as a replacement for the retired "monasca-grafana" image. See story 2009717 for details. * Fixes Ansible inventory generation with some custom group mappings using the same group names for Kayobe and Kolla Ansible. See story 2009927 for details. * The set of commands starting with "kayobe overcloud database" now generate the kolla configuration necessary to login to the nodes running the database. * Fixes an issue with config drive generation for infrastructure and seed VMs when using untagged interfaces. The symptom of this issue is that kayobe cannot login to the instance. If you check the libvirt console log, you will see "KeyError: 'vlan_link'". See story 2009910 for details. * Fixes an issue where hacluster images are not built when the service is enabled. * Fixes an issue with IPA image builds which used the "master" branch of "ironic-python-agent", even on stable releases of Kayobe, or when explicitly setting "ipa_build_source_version". * Fixes an issue where any passwords in "kolla_ansible_custom_passwords" were exposed in Ansible logs. When using verbosity level 3 ("-vvv"), they were also exposed in Ansible output. * Fixes an issue where patch links could be erroneously created on hosts not in the overcloud group. See Story 2009911 for details. * Pins Jinja2 to less than "3.1.0" to avoid breaking changes. * Fixes an issue where the MTU defined in Kayobe was not applied to Ironic provisioning and cleaning networks in Neutron. * Deployment image (IPA) build no longer uses master version of upper- constraints. Instead, it defaults to using the constraints for the OpenStack release associated with the version of Kayobe being used. See story 2009810 for details. * Fixes failures to run "kayobe overcloud bios raid configure" by upgrading the "stackhpc.drac" role to version 1.1.6. * Fixes an issue with masking NTP services which are not found. See story 2009821 for details. Changes in kayobe 10.1.0..10.2.0 -------------------------------- 313a9851 ironic: Set MTU on provisioning and cleaning Neutron networks 4d68a5dd CI: Disable horizon in upgrade jobs to save disk space 8888e406 Fix forgotten hacluster regexp for image build c231848e CI: separate image builds into a non-voting job 3beff4ca kolla_passwords: add no_log for password overrides c0988335 Bump stackhpc.drac role 712c41b4 Cleanup old and deprecated Swift configuration 26cb0bde docs: Fix custom LVM example 9f469c36 Update documentation link for NCLU 09a4c294 Fix variable name for stackhpc.os-networks upper constraints 4d7e7a57 Restore forgotten linuxbridge-agent container e23ce7a4 Fix Ansible inventory generation when reusing group names 56f01b53 CI: Avoid image downloads and builds in seed jobs 7e348126 CI: Fix molecule job failure 6cafdb8a Fix custom config idempotence ea7a9059 Pin Jinja2<3.1.0 to avoid contextfilter removal 035f2f40 Ubuntu: support host package update a7e3b0c2 CI: Pin ansible-lint to <6 6886ce6b Only create patch links on overcloud hosts c129808c CI: Disable container image builds on Ubuntu 1f006150 Use naming convention to infer VLAN tagging 00d6ad65 CI: remove qemu-utils installation ee6d4614 CI: stop using zuul as kayobe_ansible_user in TLS jobs ae617ae7 Enable rtcsync in chrony by default c5f9a5ee Bump up manage-lvm role version to v0.2.6 8a859c23 CI: Enable bare metal testing for Ubuntu 52973754 Set requirements branch for IPA build 4b3bb2c0 Set correct gateway for the bifrost provision network 180fd4ba ntp: Fix service mask when service doesn't exist ed3a0556 Fix Sphinx syntax typo 42c87d2c Fix 'ModuleNotFoundError: No module named 'docker' 1c65af8e Fix seed VM configdrive when admin network is a VLAN e9dd7e0d Generate kolla config when running database commands b08a2197 Build neutron-sriov-agent image when enabled 933cf53c ipa: Use openstack_branch instead of master c68913d8 Deploy Grafana when Monasca is enabled 4d777082 [CI] Drop unused nodeset 43451c49 CI: Use correct TD agent repository version 9ae0401f Document that extra kernel parameters are important for inspection 679fa2a7 Add support for Ironic inspection through DHCP-relay c92a97ce Limit ip-routing and snat to seed hosts only Diffstat (except docs and test files) ------------------------------------- ansible/group_vars/all/bifrost | 3 + ansible/group_vars/all/ipa | 9 ++- ansible/group_vars/all/kolla | 9 ++- ansible/group_vars/all/time | 3 + ansible/host-package-update.yml | 6 +- ansible/ip-routing.yml | 2 +- ansible/kolla-ansible.yml | 1 + ansible/kolla-bifrost.yml | 2 +- ansible/provision-net.yml | 4 +- ansible/roles/kolla-ansible/defaults/main.yml | 3 + .../roles/kolla-ansible/library/kolla_passwords.py | 2 +- .../roles/kolla-ansible/templates/globals.yml.j2 | 2 +- .../kolla-ansible/templates/overcloud-top-level.j2 | 2 +- ansible/roles/kolla-openstack/tasks/config.yml | 1 - .../roles/kolla-openstack/templates/glance.conf.j2 | 29 -------- ansible/roles/network-redhat/tasks/main.yml | 1 + ansible/roles/ntp/tasks/prepare.yml | 25 +++++-- ansible/snat.yml | 2 +- dev/functions | 11 +++ .../reference/ironic-python-agent.rst | 7 +- .../configuration/reference/physical-network.rst | 2 +- etc/kayobe/bifrost.yml | 3 + etc/kayobe/ipa.yml | 2 +- etc/kayobe/time.yml | 3 + kayobe/cli/commands.py | 8 ++ kayobe/plugins/filter/networks.py | 8 ++ molecule-requirements.txt | 12 +++ playbooks/kayobe-overcloud-base/globals.yml.j2 | 2 +- playbooks/kayobe-overcloud-base/overrides.yml.j2 | 3 - playbooks/kayobe-overcloud-base/run.yml | 11 --- .../overrides.yml.j2 | 2 +- .../kayobe-overcloud-upgrade-base/overrides.yml.j2 | 3 +- playbooks/kayobe-overcloud-upgrade-base/pre.yml | 4 + .../kayobe-seed-base/bifrost-overrides.yml.j2 | 8 +- playbooks/kayobe-seed-base/overrides.yml.j2 | 4 +- playbooks/kayobe-seed-base/run.yml | 34 +++++---- .../bifrost-overrides.yml.j2 | 6 +- ...ifrost-inspection-gateway-316ab384430ef8df.yaml | 9 +++ .../build-neutron-sriov-836acf378bae0b48.yaml | 5 ++ .../notes/config-idemoptence-37846db82ecd9f43.yaml | 4 + .../notes/configdrive-vlans-4e8b6ed07b229233.yaml | 6 ++ ...able-grafana-with-monasca-497d686e95d89242.yaml | 7 ++ ...nable-rtc-synchronisation-1179a52e8e6bd12b.yaml | 6 ++ ...lla-ansible-group-mapping-8fcd6cbb1e744e18.yaml | 6 ++ ...ckup-with-no-kolla-config-4f857915adabad41.yaml | 6 ++ .../fixes-keyerror-vlan-link-c177cf719e070df6.yaml | 8 ++ .../hacluster-build-issue-2a8023e0cd80235a.yaml | 5 ++ ...pector-dhcp-range-netmask-bb46eb7df77587a4.yaml | 4 + .../notes/ipa-branch-b29c377c531013a8.yaml | 6 ++ ...asswords-overrides-no-log-57054ce64fae8143.yaml | 11 +++ .../patch-links-on-overcloud-e24dbc858d3399cc.yaml | 6 ++ .../notes/pin-jinja2-988297e06a2cf790.yaml | 4 + .../notes/provision-net-mtu-befdda04224f49a6.yaml | 5 ++ ...ents-branch-for-ipa-build-c3ca977ec21b58f4.yaml | 8 ++ .../stackhpc-drac-check-mode-8097215f8eca9991.yaml | 5 ++ .../notes/story-2009821-b309165e25e77aea.yaml | 5 ++ .../ubuntu-package-update-0db09fc57249b9fc.yaml | 10 +++ requirements.txt | 1 + requirements.yml | 8 +- roles/kayobe-diagnostics/files/get_logs.sh | 1 + test-requirements.txt | 8 +- tox.ini | 2 +- zuul.d/jobs.yaml | 26 +++++++ zuul.d/nodesets.yaml | 6 -- zuul.d/project.yaml | 5 ++ 69 files changed, 395 insertions(+), 129 deletions(-) Requirements updates -------------------- diff --git a/molecule-requirements.txt b/molecule-requirements.txt new file mode 100644 index 00000000..9ae944e6 --- /dev/null +++ b/molecule-requirements.txt @@ -0,0 +1,12 @@ +# The order of packages is significant, because pip processes them in the order +# of appearance. Changing the order has an impact on the overall integration +# process, which may cause wedges in the gate later. + +ansible-lint>=3.0.0,<6.0.0,!=4.3.0 # MIT +docker # Apache-2.0 +molecule # MIT +molecule-docker # MIT +pytest-molecule # MIT +pytest-testinfra +rich<12.1.0 +yamllint # GPLv3 diff --git a/requirements.txt b/requirements.txt index ed81d1d1..43ec9103 100644 --- a/requirements.txt +++ b/requirements.txt @@ -2,0 +3 @@ ansible>=2.9.0,<2.11.0,!=2.9.8,!=2.9.12 # GPLv3 +Jinja2<3.1.0 # BSD diff --git a/test-requirements.txt b/test-requirements.txt index f3184134..b732c830 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -5 +5 @@ -ansible-lint>=3.0.0,!=4.3.0 # MIT +ansible-lint>=3.0.0,<6.0.0,!=4.3.0 # MIT @@ -9 +8,0 @@ doc8 # Apache-2.0 -docker # Apache-2.0 @@ -11,2 +9,0 @@ hacking>=3.0.1,<3.1.0 # Apache-2.0 -molecule # MIT -molecule-docker # MIT @@ -14,3 +10,0 @@ oslotest>=1.10.0 # Apache-2.0 -paramiko -pytest-molecule # MIT -pytest-testinfra From no-reply at openstack.org Tue Jun 7 11:11:59 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Tue, 07 Jun 2022 11:11:59 -0000 Subject: [release-announce] kolla 13.1.0 (xena) Message-ID: We are gleeful to announce the release of: kolla 13.1.0: Kolla OpenStack Deployment This release is part of the xena stable release series. The source is available from: https://opendev.org/openstack/kolla Download the package from: https://tarballs.openstack.org/kolla/ Please report issues through: https://bugs.launchpad.net/kolla/+bugs For more details, please see below. 13.1.0 ^^^^^^ New Features ************ * Added a container image for Prometheus libvirt exporter, to be used for monitoring deployments which provide VMs with libvirt. * Adds Cyrus SASL packages necessary for the DIGEST-MD5 and SCRAM- SHA-256 mechanisms. These can be used for libvirt SASL authentication. LP#1964013 * Quiet mode (enabled with "--quiet" argument) can be combined with " --logs-dir" option now. Console output will be quiet as expected while building output will be stored in separate log files. Upgrade Notes ************* * The Debian and Ubuntu images use rabbitmq and erlang from cloudsmith now. Operators might want to mirror/proxy this new source as it provides the correct set of packages unlike the previous combination. Security Issues *************** * Adds mitigation for Apache Log4j 2 Remote Code Execution (RCE) vulnerabilities CVE-2021-44228 and CVE-2021-45046 to Apache Storm. Bug Fixes ********* * Fixes an issue with Ironic deployments using UEFI and iPXE, where the default UEFI iPXE bootloader in Ironic was not available in the TFTP server. This affects all Kolla releases on CentOS, and Xena on Debian/Ubuntu. LP#1959203 * Installs "glusterfs-client" in Debian and Ubuntu "manila-share" images to support GlusterFS across supported distributions. LP#1964140 * Latest version of the elasticsearch gem no longer works with older (OSS) versions of Elasticsearch. This is fixed by capping the version of the elasticsearch gem installed into the fluentd container. LP#1954759 * Fixes an issue when older version of Python OpenvSwitch bindings package was used, than the running OpenvSwitch code. LP#1961874 * Fix AArch64 ubuntu ironic-python-agent images UEFI PXE booting failure. Also fix x86_64 lacking of GRUB efi files issue. LP#1879265 * Fixes an issue building images that use a source with a "type" of "git", when using a git that includes the fix for CVE-2022-24765 (2.35.2 or later). By default, this includes the "gnocchi-base" image, but may include other images with a non-default configuration. LP#837710 * Fixes disabling the use of the "curlrc" configuration file in "healthcheck_curl". LP#1967272 * Fixes an issue seen when using Jinja2 3.1.0. * Fixes an issue with missing Magnum Keystone auth default policy. LP#1957159 * Fixes the Debian and Ubuntu images to use rabbitmq and erlang from cloudsmith so that the images are still buildable and use proper versions. * Fixes set_configs.py configuring same permission for directories and files, causing directories lacking execute permission if not set for files. Changes in kolla 13.0.1..13.1.0 ------------------------------- 6298c0e07 Fix Ubuntu image builds 6a6fce5bf [bifrost] Force Bifrost to use the correct u-c 0e54080e6 Fix local sources of git repositories 0009ffb7e masakari: add Cyrus SASL packages to monitors image cfd0fb0f2 cloudkitty: disable building for ubuntu/binary 52375aeea prometheus-libvirt-exporter: fix build with newer Go 6e3381b0e enable logging to file for quiet mode 164cda1c4 Revert "CI: add templated Dockerfiles to build logs" 6b88dc0f0 Fix image builds with sources using a type=git cd58db65e Emit log when copying file/directory permissions 531dd4444 elasticsearch: install Java first on CentOS too 58f83d7ea cloudkitty-api: make sure that we install packages 5197793d9 Fix disabling of curlrc in healthcheck_curl 8c29f15ca macros/pip: revert to old setuptools way 3a6a17970 Use jinja2.pass_context instead of contextfilter 292e78312 libvirt: add Cyrus SASL packages for DIGEST-MD5 c80522274 Install glusterfs-client in Debuntu aa6286efe [CI] Test Ironic on Debian 2b605d3b9 Add Prometheus libvirt exporter image bc2544b8e pin out some package from Debian OpenStack Team repos 6760c2a98 Use python3-openvswitch from distro 2b6785dfd [CI] Add K-A Octavia jobs to the experimental pipeline df5115822 Add qemu-img also in nova-libvirt image b77912895 Ensure set_configs sets execute bit on directories b38582b48 erlang: use packages from Erlang Solutions on AArch64 47aac3c69 collectd: pcie-errors is x86-64 only now af092df6a ironic: Fix UEFI & iPXE bootloader filenames 5c6eb1739 Unpin td-agent and cap elasticsearch gem c6a972e5d Remove missing collectd packages 2171f0a7b Use distro provided GRUB efi fdd9506de Mitigate two Log4j vulnerabilities in Apache Storm 9f5755fe4 magnum: fix issue with keystone auth default policy c8d370943 Fix variable name Diffstat (except docs and test files) ------------------------------------- .zuul.d/base.yaml | 1 - .zuul.d/centos.yaml | 2 + .zuul.d/debian.yaml | 2 + .zuul.d/ubuntu.yaml | 2 + .../prometheus-libvirt-exporter/Dockerfile.j2 | 47 ++++++++++++++++++ kolla/common/utils.py | 34 ++++++++----- kolla/image/build.py | 16 +++++- kolla/template/filters.py | 9 +++- kolla/template/methods.py | 8 ++- kolla/template/repos.yaml | 24 +++++---- ...ometheus-libvirt-exporter-8d505dc8b74f8625.yaml | 4 ++ .../notes/bug-1959203-1bb695e052248d78.yaml | 8 +++ .../notes/bug-1964140-57b433329bab067e.yaml | 6 +++ ...cap-fluentd-elasticsearch-18c0ca8e90c1234c.yaml | 7 +++ .../notes/distro-python-ovs-df705d1e59f16cde.yaml | 6 +++ ...n-agent-pxe-booting-issue-95adaf9249207d5b.yaml | 6 +++ .../git-security-fix-fix-ea56c0071585237d.yaml | 9 ++++ ...check-curl-disable-curlrc-0f85aad47379e2a5.yaml | 5 ++ .../jinja2-pass-context-3f3febcd944e3a51.yaml | 4 ++ .../notes/libvirt-sasl-07a8a1a25d2450c6.yaml | 6 +++ ...stone-auth-default-policy-e16f7bb558aa4b14.yaml | 5 ++ .../quiet-mode-with-logs-0abafc07923945ac.yaml | 6 +++ ...abbitmq-erlang-cloudsmith-c837bf4a450dd802.yaml | 10 ++++ ...ectory-execute-permission-8ab919b7b17025d2.yaml | 5 ++ ...-vulnerability-mitigation-6746a8a0bb329485.yaml | 5 ++ 51 files changed, 360 insertions(+), 115 deletions(-) From no-reply at openstack.org Tue Jun 7 11:12:39 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Tue, 07 Jun 2022 11:12:39 -0000 Subject: [release-announce] kolla 12.2.0 (wallaby) Message-ID: We are thrilled to announce the release of: kolla 12.2.0: Kolla OpenStack Deployment This release is part of the wallaby stable release series. The source is available from: https://opendev.org/openstack/kolla Download the package from: https://tarballs.openstack.org/kolla/ Please report issues through: https://bugs.launchpad.net/kolla/+bugs For more details, please see below. 12.2.0 ^^^^^^ New Features ************ * Adds Cyrus SASL packages necessary for the DIGEST-MD5 and SCRAM- SHA-256 mechanisms. These can be used for libvirt SASL authentication. LP#1964013 * Quiet mode (enabled with "--quiet" argument) can be combined with " --logs-dir" option now. Console output will be quiet as expected while building output will be stored in separate log files. Upgrade Notes ************* * The Debian and Ubuntu images use rabbitmq and erlang from cloudsmith now. Operators might want to mirror/proxy this new source as it provides the correct set of packages unlike the previous combination. Security Issues *************** * Adds mitigation for Apache Log4j 2 Remote Code Execution (RCE) vulnerabilities CVE-2021-44228 and CVE-2021-45046 to Apache Storm. Bug Fixes ********* * Fixes an issue with Ironic deployments using UEFI and iPXE, where the default UEFI iPXE bootloader in Ironic was not available in the TFTP server. This affects all Kolla releases on CentOS, and Xena on Debian/Ubuntu. LP#1959203 * Installs "glusterfs-client" in Debian and Ubuntu "manila-share" images to support GlusterFS across supported distributions. LP#1964140 * Latest version of the elasticsearch gem no longer works with older (OSS) versions of Elasticsearch. This is fixed by capping the version of the elasticsearch gem installed into the fluentd container. LP#1954759 * Fixes an issue when older version of Python OpenvSwitch bindings package was used, than the running OpenvSwitch code. LP#1961874 * Fix AArch64 ubuntu ironic-python-agent images UEFI PXE booting failure. Also fix x86_64 lacking of GRUB efi files issue. LP#1879265 * Fixes an issue building images that use a source with a "type" of "git", when using a git that includes the fix for CVE-2022-24765 (2.35.2 or later). By default, this includes the "gnocchi-base" image, but may include other images with a non-default configuration. LP#837710 * Fixes disabling the use of the "curlrc" configuration file in "healthcheck_curl". LP#1967272 * Fixes an issue seen when using Jinja2 3.1.0. * Fixes an issue with missing Magnum Keystone auth default policy. LP#1957159 * Fixes the Debian and Ubuntu images to use rabbitmq and erlang from cloudsmith so that the images are still buildable and use proper versions. * Fixes set_configs.py configuring same permission for directories and files, causing directories lacking execute permission if not set for files. Changes in kolla 12.1.0..12.2.0 ------------------------------- b0517b356 Fix Ubuntu image builds 8ffdee926 Fix local sources of git repositories 444bdffcc masakari: add Cyrus SASL packages to monitors image cfc365520 cloudkitty: disable building for ubuntu/binary 42c79cdd4 enable logging to file for quiet mode 43dce2cf0 Revert "CI: add templated Dockerfiles to build logs" 7fb3ecb18 Fix image builds with sources using a type=git 5943f32af Emit log when copying file/directory permissions 6a39d8e3d elasticsearch: install Java first on CentOS too 30fbbadd5 Restore use of contextfunction decorator d8708b713 cloudkitty-api: make sure that we install packages f3a066673 Fix disabling of curlrc in healthcheck_curl 4ac3ae718 macros/pip: revert to old setuptools way 41b43807b Use jinja2.pass_context instead of contextfilter cbd2bc7e1 libvirt: add Cyrus SASL packages for DIGEST-MD5 d1cd4e91a Install glusterfs-client in Debuntu a3fab9d6a Add qemu-img also in nova-libvirt image 76d2e589d [CI] Test Ironic on Debian b3e2bcdc2 Use python3-openvswitch from distro 4c893661f CI: Drop Ceph stream override 94cecf86e Ensure set_configs sets execute bit on directories 50b1f117a erlang: use packages from Erlang Solutions on AArch64 a29648baf collectd: pcie-errors is x86-64 only now 7f38bce81 base: Drop usage of Ceph Nautilus from RDO 1ac4662c1 ironic: Fix UEFI & iPXE bootloader filenames 3bbc5b329 Unpin td-agent and cap elasticsearch gem f439afa42 Remove missing collectd packages 67e4f50bf Use distro provided GRUB efi 5ba4fb275 openstack-base: drop anyjson 4835d402f Mitigate two Log4j vulnerabilities in Apache Storm 59adcfd80 magnum: fix issue with keystone auth default policy 320fcbdce Fix variable name Diffstat (except docs and test files) ------------------------------------- .zuul.d/base.yaml | 1 - .zuul.d/debian.yaml | 2 + kolla/common/utils.py | 34 ++++++++----- kolla/image/build.py | 16 +++++- kolla/template/filters.py | 9 +++- kolla/template/methods.py | 8 ++- kolla/template/repos.yaml | 21 ++++---- .../notes/bug-1959203-1bb695e052248d78.yaml | 8 +++ .../notes/bug-1964140-57b433329bab067e.yaml | 6 +++ ...cap-fluentd-elasticsearch-18c0ca8e90c1234c.yaml | 7 +++ .../notes/distro-python-ovs-df705d1e59f16cde.yaml | 6 +++ ...n-agent-pxe-booting-issue-95adaf9249207d5b.yaml | 6 +++ .../git-security-fix-fix-ea56c0071585237d.yaml | 9 ++++ ...check-curl-disable-curlrc-0f85aad47379e2a5.yaml | 5 ++ .../jinja2-pass-context-3f3febcd944e3a51.yaml | 4 ++ .../notes/libvirt-sasl-07a8a1a25d2450c6.yaml | 6 +++ ...stone-auth-default-policy-e16f7bb558aa4b14.yaml | 5 ++ .../quiet-mode-with-logs-0abafc07923945ac.yaml | 6 +++ ...abbitmq-erlang-cloudsmith-c837bf4a450dd802.yaml | 10 ++++ ...ectory-execute-permission-8ab919b7b17025d2.yaml | 5 ++ ...-vulnerability-mitigation-6746a8a0bb329485.yaml | 5 ++ 46 files changed, 308 insertions(+), 122 deletions(-) From no-reply at openstack.org Tue Jun 7 11:13:04 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Tue, 07 Jun 2022 11:13:04 -0000 Subject: [release-announce] kayobe 12.1.0 (yoga) Message-ID: We are gleeful to announce the release of: kayobe 12.1.0: Deployment of OpenStack to bare metal using OpenStack kolla and bifrost This release is part of the yoga stable release series. The source is available from: https://opendev.org/openstack/kayobe Download the package from: https://tarballs.openstack.org/kayobe/ Please report issues through: https://storyboard.openstack.org/#!/project/openstack/kayobe For more details, please see below. Changes in kayobe 12.0.0..12.1.0 -------------------------------- 7e9175b9 ironic: Set MTU on provisioning and cleaning Neutron networks 2f3a8f80 Fix forgotten hacluster regexp for image build Diffstat (except docs and test files) ------------------------------------- ansible/group_vars/all/kolla | 2 ++ ansible/provision-net.yml | 2 ++ releasenotes/notes/hacluster-build-issue-2a8023e0cd80235a.yaml | 5 +++++ releasenotes/notes/provision-net-mtu-befdda04224f49a6.yaml | 5 +++++ 4 files changed, 14 insertions(+) From no-reply at openstack.org Tue Jun 7 11:14:14 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Tue, 07 Jun 2022 11:14:14 -0000 Subject: [release-announce] kolla 14.1.0 (yoga) Message-ID: We are pleased to announce the release of: kolla 14.1.0: Kolla OpenStack Deployment This release is part of the yoga stable release series. The source is available from: https://opendev.org/openstack/kolla Download the package from: https://tarballs.openstack.org/kolla/ Please report issues through: https://bugs.launchpad.net/kolla/+bugs For more details, please see below. 14.1.0 ^^^^^^ New Features ************ * Updates Alertmanager version to 0.24.0. Upgrade Notes ************* * The Debian and Ubuntu images use rabbitmq and erlang from cloudsmith now. Operators might want to mirror/proxy this new source as it provides the correct set of packages unlike the previous combination. Bug Fixes ********* * Fixes the Debian and Ubuntu images to use rabbitmq and erlang from cloudsmith so that the images are still buildable and use proper versions. Changes in kolla 14.0.0..14.1.0 ------------------------------- 240b3cf44 Fix Ubuntu image builds 4ecd200b9 Bump up Alertmanager version 3a65c4842 [bifrost] Force Bifrost to use the correct u-c b80d47566 Fix local sources of git repositories 6cf2912d5 [bifrost] Force Bifrost to use the correct git branch Diffstat (except docs and test files) ------------------------------------- .../prometheus-alertmanager/Dockerfile.j2 | 2 +- kolla/image/build.py | 26 +++++++++++++--------- kolla/template/repos.yaml | 22 +++++++++--------- ...bump-alertmanager-to-0.24-e73778e9d954cf85.yaml | 4 ++++ ...abbitmq-erlang-cloudsmith-c837bf4a450dd802.yaml | 10 +++++++++ 7 files changed, 46 insertions(+), 26 deletions(-) From no-reply at openstack.org Tue Jun 7 11:14:46 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Tue, 07 Jun 2022 11:14:46 -0000 Subject: [release-announce] kolla-ansible 14.1.0 (yoga) Message-ID: We are amped to announce the release of: kolla-ansible 14.1.0: Ansible Deployment of Kolla containers This release is part of the yoga stable release series. The source is available from: https://opendev.org/openstack/kolla-ansible Download the package from: https://tarballs.openstack.org/kolla-ansible/ Please report issues through: https://bugs.launchpad.net/kolla-ansible/+bugs For more details, please see below. 14.1.0 ^^^^^^ New Features ************ * New switches added to control deployment of the Masakari monitors. The deployment of each type of monitors can be controlled individually via "enable_masakari_instancemonitor" and "enable_masakari_hostmonitor". By default, both are set to "true" when the deployment of the Masakari is enabled via "enable_masakari". Bug Fixes ********* * Fixes an issue with Masakari instance monitor when libvirt SASL is enabled. libvirt SASL was enabled by default in a recent change to Kolla Ansible. LP#1965754 * The prometheus openstack exporters are now behind haproxy, providing a unique time series in the prometheus database. Also ensures that only one exporter queries the openstack APIs at any given time interval. With the previous behavior each openstack exporter was scraped at the same time. This caused each exporter to query the openstack APIs simultaneously introducing unneccesary load and duplicate time series in the prometheus database due to the instance label being unique for each exporter. LP#1972818 Changes in kolla-ansible 14.0.0..14.1.0 --------------------------------------- eee165968 Control Masakari monitors deploy 910d033a0 Make redis connection string configurable 3f085dbc0 [CI] Do not test Venus on Yoga c443692be [CI] Nullify attempts c9b9b62e6 talk TLS to openstack exporter via haproxy 785e269e5 genpwd: handle lack of password file nicer 5c801e33e Fix malformed OIDCMemCacheServers cd818de69 Use 'cloudkitty_influxdb_use_ssl' when creatign InfluxDB database 166a4e5fe masakari: support libvirt SASL in instance monitor 6d6ecaefb [CI] Restore token critical error filter 6191db3f8 Put openstack exporter behind HAproxy so only one is queried at a time d29d98275 [CI] Raise [keystone_authtoken]http_request_max_retries e812853c6 Add doc fix for all-in-one in venv Diffstat (except docs and test files) ------------------------------------- ansible/group_vars/all.yml | 5 ++++- ansible/roles/cloudkitty/defaults/main.yml | 2 +- ansible/roles/cloudkitty/tasks/bootstrap.yml | 1 + ansible/roles/keystone/templates/wsgi-keystone.conf.j2 | 2 +- ansible/roles/masakari/defaults/main.yml | 15 +++++++++++++-- ansible/roles/masakari/tasks/config.yml | 18 ++++++++++++++++++ ansible/roles/masakari/templates/auth.conf.j2 | 6 ++++++ .../templates/masakari-instancemonitor.json.j2 | 8 +++++++- ansible/roles/prometheus/defaults/main.yml | 6 ++++++ ansible/roles/prometheus/templates/prometheus.yml.j2 | 7 ++++--- kolla_ansible/cmd/genpwd.py | 8 ++++++-- .../control-masakari-monitors-1107c10c45678b0a.yaml | 8 ++++++++ .../notes/fix-openstack-exporter-tls-bug-1975598.yml | 8 ++++++++ .../notes/masakari-libvirt-sasl-f368c31c0b5567b6.yaml | 6 ++++++ .../notes/openstack-exporter-hammering-os-apis.yaml | 14 ++++++++++++++ zuul.d/base.yaml | 1 - zuul.d/project.yaml | 2 -- 22 files changed, 132 insertions(+), 26 deletions(-) From no-reply at openstack.org Tue Jun 7 11:14:50 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Tue, 07 Jun 2022 11:14:50 -0000 Subject: [release-announce] kolla-ansible 12.4.0 (wallaby) Message-ID: We joyfully announce the release of: kolla-ansible 12.4.0: Ansible Deployment of Kolla containers This release is part of the wallaby stable release series. The source is available from: https://opendev.org/openstack/kolla-ansible Download the package from: https://tarballs.openstack.org/kolla-ansible/ Please report issues through: https://bugs.launchpad.net/kolla-ansible/+bugs For more details, please see below. 12.4.0 ^^^^^^ New Features ************ * Adds a "tls_connect" module to the Prometheus blackbox exporter. This can be used to test connectivity of TLS servers. * New switches added to control deployment of the Masakari monitors. The deployment of each type of monitors can be controlled individually via "enable_masakari_instancemonitor" and "enable_masakari_hostmonitor". By default, both are set to "true" when the deployment of the Masakari is enabled via "enable_masakari". * Implements container healthchecks for ironic-neutron-agent service. See blueprint * Adds support for libvirt SASL authentication. It is enabled by default. LP#1964013 Known Issues ************ * Existing fluentd log rotation failed to delete old haproxy, swift, glance-tls-proxy and neutron-tls-proxy logs. These will not be deleted by the new logrotate config and will have to be removed manually. Upgrade Notes ************* * RabbitMQ's Prometheus plugin is no longer enabled by default if Prometheus is not deployed. If external Prometheus is used, you need to turn on "rabbitmq_enable_prometheus_plugin" to get old behaviour. * An HTTP server is now always deployed for Ironic conductor, while previously it was only deployed when iPXE is enabled. In the Wallaby release, Ironic changed the default deploy driver from iSCSI to direct. In the Xena release, Ironic removed the iSCSI driver. The recommended deploy driver is "direct", which uses HTTP to transfer the disk image. This requires an HTTP server, and the simplest option is to use the one previously deployed when "enable_ironic_ipxe" is set to "true". * The addition of libvirt SASL authentication requires a new password in "passwords.yml", "libvirt_sasl_password". This may be generated using the existing "kolla-genpwd" and "kolla-mergepwd" tooling. * The addition of libvirt SASL authentication requires both the "nova_libvirt" and "nova_compute" containers to be updated simultaneously, using new images with the necessary Cyrus SASL dependencies, as well as configuration containing the SASL credentials. * update the default value of node_custom_config to {{ node_config }}/config, when specified using --configdir Security Issues *************** * Explicitly removes the "net.ipv4.ip_forward" sysctl from "/etc/sysctl.conf" on hosts with Neutron L3 Agent. In the absence of another source for this sysctl, it should revert to the default of 0 after the next reboot. This is a follow up to a previous change which stopped setting the sysctl, but leaves existing systems with the original value of 1 set. A deployer looking to more aggressively change the value may set "neutron_l3_agent_host_ipv4_ip_forward" to 0 using a Yoga release of Kolla Ansible. This option will be removed in future. Any deployments still relying on the previous value may set "neutron_l3_agent_host_ipv4_ip_forward" to 1. LP#1945453 * Fixes an issue where the default configuration of libvirt did not use authentication for the API exposed over TCP on the internal API network. This allowed anyone with access to the internal API network read-write access to libvirt. While the internal API network is typically trusted, other services on this network generally at least require authentication. SASL authentication is now enabled for libvirt by default. Kolla Ansible supports libvirt TLS since the Train release, and this is recommended to provide a higher level of security. LP#1964013 Bug Fixes ********* * Fixes an issue with an OIDC authentication flow requiring unnecessary action from the user. Redirecting to the target IdP page now happens automatically. LP#930055 * Removes custom value of "max_allowed_secret_in_bytes" in "barbican.conf". The default maximum size in Barbican was doubled to avoid issues with some certificates. LP #1957795 * Fixed the deployment failure of outward_rabbitmq by resolving port conflicts by customizing RabbitMQ's "prometheus.tcp.port". LP #1885106 * Use Volume V3 API in OpenStack exporter. Volume V2 API has been removed since OpenStack Wallaby. LP#1938194 * Fixes the copy job for grafana custom home dashboard file. The copy job for the grafana home dashboard file needs to run priviliged, otherwise permission denied error occurs. LP#[1947710] * Fixes Octavia's "Connection refused" errors by adding "ovn_sb_connection" to "octavia.conf". LP#195011 * Ironic API and Ironic Inspector API use separate policy files. Ironic role was updated to be able to handle both policies separately. LP#1952948 * Continue to run all actions if one action failed in Elasticsearch curator. LP#1954720 * Fixes Placement no logrotate configuration LP#1954723 * Fixes Nova resize failing when "migration_interface" is customised. LP#1956976 * Fixes unable to connect to zun console when "kolla_enable_tls_external" is true. Access to console of any zun container fails when "kolla_enable_tls_external" is true. This fix sets the protocol for wsproxy "base_url" in "zun.conf" according to the value of "kolla_enable_tls_external" LP#1957117 * Fixes Glance with Cinder iSCSI backend failing due to lack of lock_path setting. LP#1959663 * Fixes logrotate config missing for openvswitch and prometheus services. LP#1961795 * Fixes an issue with Ironic's PXE components not getting updated on upgrade. LP#1963752 * Fixes configuration of the Prometheus HTTP API URL when using the Prometheus collector in CloudKitty. LP#1961615 * Fix the apache's wsgi configuration for the aodh service in Debuntu binary flavours. LP#1953059 * Fixes the baremetal role to avoid an error "Unable to remove "libvirtd". Now the symlink /etc/apparmor.d/disable/usr.sbin.libvirtd is created by the role. LP#1960302 * Existing fluentd log rotation failed to delete old haproxy, swift, glance-tls-proxy and neutron-tls-proxy logs. Standardise rotation and deletion of logs using logrotate. * Fixes an issue with setting up OIDC based Keystone federation against IDP that has a different response type than id_token. This can now be set using a new variable "keystone_federation_oidc_response_type". LP#1959781 * adds back the option to configure the rabbitmq clustering interface via kolla *LP#1900160 * * Fixes an issue seen when using Jinja2 3.1.0. * Fixes an issue with Masakari instance monitor when libvirt SASL is enabled. libvirt SASL was enabled by default in a recent change to Kolla Ansible. LP#1965754 * Fixes the configuration option setting the type of endpoint used by Neutron to send requests to Placement. LP#1960503 * Fixes a configuration issue with Node Exporter causing all file system metrics of a host to be identical. LP#1961438 * Fixes an issue where a failure of any Nova compute service to register itself would cause only the host querying the nova API to fail. Now, only hosts that fail to register will fail the Kolla Ansible run. Alternatively, to fail all hosts in a cell when any compute service fails to register, set "nova_compute_registration_fatal" to "true". LP#1940119 * The prometheus openstack exporters are now behind haproxy, providing a unique time series in the prometheus database. Also ensures that only one exporter queries the openstack APIs at any given time interval. With the previous behavior each openstack exporter was scraped at the same time. This caused each exporter to query the openstack APIs simultaneously introducing unneccesary load and duplicate time series in the prometheus database due to the instance label being unique for each exporter. LP#1972818 * Fixes an issue where RabbitMQ was configured to mirror classic transient queues for all services. According to the RabbitMQ documentation this is not a supported configuration, and contributed to numerous bug reports. In order to avoid making unexpected changes to the RabbitMQ cluster, it is necessary to set "rabbitmq_remove_ha_all_policy" to "yes" in order to apply this fix. This variable will be removed in the Yoga release. LP#1954925 * Fixes an issue with Cinder upgrade where Cinder services would remain pinned to the previous release's RPC & object versions. LP#1954932 Changes in kolla-ansible 12.3.0..12.4.0 --------------------------------------- bbbebc524 Control Masakari monitors deploy d34dd8125 Make redis connection string configurable 4e991a98e [CI] Nullify attempts 6a1764885 talk TLS to openstack exporter via haproxy a53f31bd0 genpwd: handle lack of password file nicer 6281603a5 Use 'cloudkitty_influxdb_use_ssl' when creatign InfluxDB database 59f46c248 masakari: support libvirt SASL in instance monitor 3184bd6ca [CI] Restore token critical error filter 3d25b7169 Grafana: Run priviliged when copying home dashboard file 3c2f416f4 Put openstack exporter behind HAproxy so only one is queried at a time 95d14f52b [CI] Raise [keystone_authtoken]http_request_max_retries 7b07d71c6 [CI] Always use quay.io via infra's mirror 219c39500 nova: improve compute service registration failure handling fdb52f71a nova: use any_errors_fatal for once-per-cell tasks 1f9c13ad8 [CI] Make kolla-build quiet b9efda413 added missing become in ovs-dpdk role 8e1c98d98 Allow removal of classic queue mirroring for internal RabbitMQ 51c2edf11 Use jinja2.pass_context instead of contextfilter 29ef33cbe re-add rabbitmq config for clustering interface d63ebbd8b designate: fix external backend deployment 01fd3b779 Ironic: rebootstrap ironic-pxe on upgrade 4d61344c1 cinder: restart services after upgrade fd99f70f4 CI: pin ansible-lint to <6 af6b3edfa libvirt: support SASL authentication 35ea7baf6 Fix prechecks for "Ironic iPXE" container 6b33c81aa [CI] Use Tenks in Ironic job 28f1b12e8 [CI] Test Ironic when touching Neutron 6033d070a [CI] Test Ironic on Debian b59ba5bcf Explicitly unset net.ipv4.ip_forward sysctl fb4f64c18 Fix hard coded OIDC response type 9cc98b719 Remove grafana [session] configuration 4a2d6b385 Add openvswitch and prometheus to logrotate 5ccc1fdb5 Fix location of release note for ironic-neutron-agent healthcheck 9e9682706 cloudkitty: fix URL used for Prometheus collector ae46e80f3 Configure node-exporter to report correct file system metrics 5fadf566d Fix fluentd v1 buffer syntax issue 9c532f43b Refactor fluentd syslog logging f582c52d7 CI: Fix new ansible-lint failures 9b3b2fdab Fix Apparmor libvirt profile removal d95eb6a26 neutron: fix placement endpoint type configuration 78754d825 [CI] Check fluentd errors b33c6fa91 Fix log rotation for fluentd created files c3d8684fe Glance: add lock_path setting ac6051f54 [CI] Replace parted with lsblk 501c8dec8 Add OIDCDiscoverURL mod_oidc option 25b00b5cf prometheus: add tls_connect blackbox module 0299a3d22 Fix usage of Subject Alternative Name for TLS bcd8d23a5 update the default value of node_custom_config 170bca95e Make nova_ssh listen on api_interface as well 30d23f380 Use Docker healthchecks for ironic-neutron-agent services b71004365 Continue to run all actions if one action failed in curator ff92636dd Revert "[CI] [to-revert] Avoid upgrades on CentOS Stream 8" e477227ca Remove custom value of max_allowed_secret_in_bytes 735b094f5 Fix permission denied errors with ping on c8s 4bdd9202c [CI] [to-revert] Avoid upgrades on CentOS Stream 8 8616af8f2 Add logrotate to libvirt service 52afd1bdc Access to zun container fails when tls_external enabled. 905df8b6c OpenID Connect certifiate file is optional a7c13ad8b ironic: always enable conductor HTTP server 5db2066e5 Add logrotate configuration for placement service 8f98c4adb rabbitmq: enable/disable prometheus plugin follow up 1da4abcb7 docs: adjust to current defaults b23bab245 Support enable/disable rabbitmq prometheus plugins aca6cbfd0 CI: check-logs - add another exception 4515dc150 Use Volume V3 API in OpenStack exporter 6cb0e1062 Move project_name and kolla_role_name to role vars d640a3aff [CI] Drop unused nodeset 9c80df349 horizon: move horizon_enable_tls_backend to group_vars 46249ad5e Add ironic-inspector policy configuration 918397c08 Add ovn_sb_connection to octavia.conf 82f248bcc Fix aodh wsgi config file in Debuntu binary Diffstat (except docs and test files) ------------------------------------- .ansible-lint | 6 + ansible/group_vars/all.yml | 14 +- ansible/nova.yml | 4 + ansible/roles/aodh/defaults/main.yml | 2 - ansible/roles/aodh/templates/wsgi-aodh.conf.j2 | 4 - ansible/roles/aodh/vars/main.yml | 2 + ansible/roles/barbican/defaults/main.yml | 2 - ansible/roles/barbican/templates/barbican.conf.j2 | 1 - ansible/roles/barbican/vars/main.yml | 2 + ansible/roles/baremetal/tasks/install.yml | 2 +- ansible/roles/baremetal/tasks/post-install.yml | 6 +- ansible/roles/baremetal/tasks/pre-install.yml | 9 + ansible/roles/bifrost/defaults/main.yml | 2 - ansible/roles/bifrost/vars/main.yml | 2 + ansible/roles/blazar/defaults/main.yml | 2 - ansible/roles/blazar/vars/main.yml | 2 + ansible/roles/ceilometer/defaults/main.yml | 2 - ansible/roles/ceilometer/vars/main.yml | 2 + .../roles/certificates/tasks/generate-backend.yml | 2 + ansible/roles/certificates/tasks/generate.yml | 4 + .../templates/openssl-kolla-internal.cnf.j2 | 4 +- .../certificates/templates/openssl-kolla.cnf.j2 | 4 +- ansible/roles/chrony/defaults/main.yml | 2 - ansible/roles/chrony/vars/main.yml | 2 + ansible/roles/cinder/defaults/main.yml | 11 +- ansible/roles/cinder/handlers/main.yml | 20 ++ ansible/roles/cinder/tasks/reload.yml | 10 + ansible/roles/cinder/tasks/upgrade.yml | 2 + ansible/roles/cinder/vars/main.yml | 2 + ansible/roles/cloudkitty/defaults/main.yml | 6 +- ansible/roles/cloudkitty/tasks/bootstrap.yml | 1 + ansible/roles/cloudkitty/vars/main.yml | 2 + ansible/roles/collectd/defaults/main.yml | 2 - ansible/roles/collectd/vars/main.yml | 2 + ansible/roles/common/defaults/main.yml | 26 ++- ansible/roles/common/tasks/config.yml | 7 +- .../conf/filter/00-record_transformer.conf.j2 | 27 +-- .../common/templates/conf/output/00-local.conf.j2 | 217 ++------------------- .../common/templates/conf/output/01-es.conf.j2 | 6 +- .../templates/conf/output/02-monasca.conf.j2 | 4 +- .../templates/cron-logrotate-haproxy.conf.j2 | 2 +- .../templates/cron-logrotate-nova-libvirt.conf.j2 | 3 + .../templates/cron-logrotate-openvswitch.conf.j2 | 3 + .../templates/cron-logrotate-placement.conf.j2 | 3 + .../templates/cron-logrotate-prometheus.conf.j2 | 3 + ansible/roles/common/templates/fluentd.json.j2 | 27 +-- ansible/roles/common/vars/main.yml | 2 + ansible/roles/cyborg/defaults/main.yml | 2 - ansible/roles/cyborg/vars/main.yml | 2 + ansible/roles/designate/defaults/main.yml | 2 - ansible/roles/designate/tasks/backend_external.yml | 2 + ansible/roles/designate/vars/main.yml | 2 + ansible/roles/elasticsearch/defaults/main.yml | 2 - .../templates/elasticsearch-curator-actions.yml.j2 | 14 +- ansible/roles/elasticsearch/vars/main.yml | 2 + ansible/roles/etcd/defaults/main.yml | 2 - ansible/roles/etcd/vars/main.yml | 2 + ansible/roles/freezer/defaults/main.yml | 2 - ansible/roles/freezer/vars/main.yml | 2 + ansible/roles/glance/defaults/main.yml | 2 - ansible/roles/glance/templates/glance-api.conf.j2 | 3 + ansible/roles/glance/vars/main.yml | 2 + ansible/roles/gnocchi/defaults/main.yml | 2 - ansible/roles/gnocchi/vars/main.yml | 2 + ansible/roles/grafana/defaults/main.yml | 2 - ansible/roles/grafana/tasks/config.yml | 1 + ansible/roles/grafana/templates/grafana.ini.j2 | 8 - ansible/roles/grafana/vars/main.yml | 2 + ansible/roles/hacluster/defaults/main.yml | 2 - ansible/roles/hacluster/vars/main.yml | 2 + ansible/roles/haproxy-config/defaults/main.yml | 2 - ansible/roles/haproxy-config/vars/main.yml | 2 + ansible/roles/haproxy/defaults/main.yml | 2 - ansible/roles/haproxy/vars/main.yml | 2 + ansible/roles/heat/defaults/main.yml | 2 - ansible/roles/heat/vars/main.yml | 2 + ansible/roles/horizon/defaults/main.yml | 7 - ansible/roles/horizon/vars/main.yml | 2 + ansible/roles/influxdb/defaults/main.yml | 2 - ansible/roles/influxdb/vars/main.yml | 2 + ansible/roles/ironic/defaults/main.yml | 6 +- ansible/roles/ironic/tasks/bootstrap.yml | 19 -- ansible/roles/ironic/tasks/bootstrap_service.yml | 19 ++ ansible/roles/ironic/tasks/config.yml | 42 +++- ansible/roles/ironic/tasks/precheck.yml | 1 - .../ironic/templates/ironic-inspector.json.j2 | 8 +- ansible/roles/ironic/templates/ironic.conf.j2 | 7 +- ansible/roles/ironic/vars/main.yml | 2 + ansible/roles/iscsi/defaults/main.yml | 2 - ansible/roles/iscsi/vars/main.yml | 2 + ansible/roles/kafka/defaults/main.yml | 2 - ansible/roles/kafka/vars/main.yml | 2 + ansible/roles/keystone/defaults/main.yml | 3 +- .../keystone/tasks/config-federation-oidc.yml | 1 + .../roles/keystone/templates/wsgi-keystone.conf.j2 | 3 +- ansible/roles/keystone/vars/main.yml | 2 + ansible/roles/kibana/defaults/main.yml | 2 - ansible/roles/kibana/vars/main.yml | 2 + ansible/roles/kuryr/defaults/main.yml | 1 - ansible/roles/kuryr/vars/main.yml | 2 + ansible/roles/magnum/defaults/main.yml | 2 - ansible/roles/magnum/vars/main.yml | 2 + ansible/roles/manila/defaults/main.yml | 2 - ansible/roles/manila/vars/main.yml | 2 + ansible/roles/mariadb/defaults/main.yml | 2 - ansible/roles/mariadb/vars/main.yml | 2 + ansible/roles/masakari/defaults/main.yml | 17 +- ansible/roles/masakari/tasks/config.yml | 18 ++ ansible/roles/masakari/templates/auth.conf.j2 | 6 + .../templates/masakari-instancemonitor.json.j2 | 8 +- ansible/roles/masakari/vars/main.yml | 2 + ansible/roles/memcached/defaults/main.yml | 2 - ansible/roles/memcached/vars/main.yml | 2 + ansible/roles/mistral/defaults/main.yml | 2 - ansible/roles/mistral/vars/main.yml | 2 + ansible/roles/monasca/defaults/main.yml | 2 - ansible/roles/monasca/vars/main.yml | 2 + ansible/roles/multipathd/defaults/main.yml | 2 - ansible/roles/multipathd/vars/main.yml | 2 + ansible/roles/murano/defaults/main.yml | 2 - ansible/roles/murano/vars/main.yml | 2 + ansible/roles/neutron/defaults/main.yml | 17 +- ansible/roles/neutron/tasks/config-host.yml | 2 + ansible/roles/neutron/templates/neutron.conf.j2 | 2 +- ansible/roles/neutron/vars/main.yml | 2 + ansible/roles/nova-cell/defaults/main.yml | 20 +- ansible/roles/nova-cell/handlers/main.yml | 15 ++ ansible/roles/nova-cell/tasks/config.yml | 20 ++ ansible/roles/nova-cell/tasks/deploy.yml | 3 +- .../roles/nova-cell/tasks/discover_computes.yml | 89 ++------- ansible/roles/nova-cell/tasks/precheck.yml | 17 +- .../nova-cell/tasks/wait_discover_computes.yml | 89 +++++++++ ansible/roles/nova-cell/templates/auth.conf.j2 | 6 + ansible/roles/nova-cell/templates/libvirtd.conf.j2 | 3 +- .../roles/nova-cell/templates/nova-compute.json.j2 | 8 +- .../roles/nova-cell/templates/nova-libvirt.json.j2 | 12 ++ ansible/roles/nova-cell/templates/sasl.conf.j2 | 2 + ansible/roles/nova-cell/templates/sshd_config.j2 | 3 + ansible/roles/nova-cell/vars/main.yml | 6 + ansible/roles/nova/defaults/main.yml | 2 - ansible/roles/nova/vars/main.yml | 2 + ansible/roles/octavia/defaults/main.yml | 2 - ansible/roles/octavia/templates/octavia.conf.j2 | 1 + ansible/roles/octavia/vars/main.yml | 2 + ansible/roles/openvswitch/defaults/main.yml | 2 - ansible/roles/openvswitch/vars/main.yml | 2 + ansible/roles/ovn/defaults/main.yml | 2 - ansible/roles/ovn/vars/main.yml | 2 + ansible/roles/ovs-dpdk/defaults/main.yml | 1 - ansible/roles/ovs-dpdk/tasks/config.yml | 2 + ansible/roles/ovs-dpdk/vars/main.yml | 2 + ansible/roles/panko/defaults/main.yml | 2 - ansible/roles/panko/vars/main.yml | 2 + ansible/roles/placement/defaults/main.yml | 2 - ansible/roles/placement/vars/main.yml | 2 + ansible/roles/prometheus/defaults/main.yml | 11 +- ansible/roles/prometheus/templates/clouds.yml.j2 | 1 + .../templates/prometheus-blackbox-exporter.yml.j2 | 4 + .../templates/prometheus-node-exporter.json.j2 | 2 +- .../roles/prometheus/templates/prometheus.yml.j2 | 7 +- ansible/roles/prometheus/vars/main.yml | 2 + ansible/roles/qdrouterd/defaults/main.yml | 2 - ansible/roles/qdrouterd/vars/main.yml | 2 + ansible/roles/rabbitmq/defaults/main.yml | 16 +- ansible/roles/rabbitmq/tasks/config.yml | 36 ++++ ansible/roles/rabbitmq/tasks/deploy.yml | 3 + .../roles/rabbitmq/tasks/remove-ha-all-policy.yml | 29 +++ ansible/roles/rabbitmq/tasks/upgrade.yml | 3 + .../roles/rabbitmq/templates/advanced.config.j2 | 7 + .../roles/rabbitmq/templates/definitions.json.j2 | 4 + .../roles/rabbitmq/templates/enabled_plugins.j2 | 1 + ansible/roles/rabbitmq/templates/rabbitmq.conf.j2 | 5 + ansible/roles/rabbitmq/templates/rabbitmq.json.j2 | 12 ++ ansible/roles/rabbitmq/vars/main.yml | 2 + ansible/roles/rally/defaults/main.yml | 2 - ansible/roles/rally/vars/main.yml | 2 + ansible/roles/redis/defaults/main.yml | 2 - ansible/roles/redis/vars/main.yml | 2 + ansible/roles/sahara/defaults/main.yml | 2 - ansible/roles/sahara/vars/main.yml | 2 + ansible/roles/senlin/defaults/main.yml | 2 - ansible/roles/senlin/vars/main.yml | 2 + ansible/roles/skydive/defaults/main.yml | 2 - ansible/roles/skydive/vars/main.yml | 2 + ansible/roles/solum/defaults/main.yml | 2 - ansible/roles/solum/vars/main.yml | 2 + ansible/roles/storm/defaults/main.yml | 2 - ansible/roles/storm/vars/main.yml | 2 + ansible/roles/swift/defaults/main.yml | 2 - ansible/roles/swift/vars/main.yml | 2 + ansible/roles/tacker/defaults/main.yml | 2 - ansible/roles/tacker/vars/main.yml | 2 + ansible/roles/telegraf/defaults/main.yml | 2 - ansible/roles/telegraf/vars/main.yml | 2 + ansible/roles/tempest/defaults/main.yml | 2 - ansible/roles/tempest/vars/main.yml | 2 + ansible/roles/trove/defaults/main.yml | 2 - ansible/roles/trove/vars/main.yml | 2 + ansible/roles/vitrage/defaults/main.yml | 2 - ansible/roles/vitrage/vars/main.yml | 2 + ansible/roles/vmtp/defaults/main.yml | 2 - ansible/roles/vmtp/vars/main.yml | 2 + ansible/roles/watcher/defaults/main.yml | 2 - ansible/roles/watcher/vars/main.yml | 2 + ansible/roles/zookeeper/defaults/main.yml | 2 - ansible/roles/zookeeper/vars/main.yml | 2 + ansible/roles/zun/defaults/main.yml | 2 - ansible/roles/zun/templates/zun.conf.j2 | 2 +- ansible/roles/zun/vars/main.yml | 2 + ansible/site.yml | 2 + .../reference/shared-services/keystone-guide.rst | 4 +- etc/kolla/globals.yml | 2 +- etc/kolla/passwords.yml | 5 + kolla_ansible/cmd/genpwd.py | 8 +- kolla_ansible/filters.py | 14 +- kolla_ansible/kolla_address.py | 8 +- kolla_ansible/put_address_in_context.py | 21 +- .../add-oidc-discover-url-83edb9f43f73a97f.yaml | 7 + ...n-max-allowed-secret-size-1941307ab5d2a9fd.yaml | 7 + .../blackbox-tls-connect-517cd8ebdf87f16e.yaml | 5 + .../notes/bug-1885106-2347d7458a8f9cb0.yaml | 13 ++ .../notes/bug-1938194-80dba28f9cdd434c.yaml | 6 + .../notes/bug-1945453-2-287bfcaf060689d8.yaml | 16 ++ .../notes/bug-1947710-6d0975ae72f43ada.yaml | 7 + .../notes/bug-1950111-8e477fb6a5b58822.yaml | 6 + .../notes/bug-1952948-003aabe18144f569.yaml | 6 + .../notes/bug-1954720-4fc48610a56f3e98.yaml | 6 + .../notes/bug-1954723-2d49335022492891.yaml | 5 + .../notes/bug-1956976-8a2623ca1fbfd546.yaml | 5 + .../notes/bug-1957117-7832104d66a91da7.yaml | 11 ++ .../notes/bug-1959663-afda889b9aa4c63f.yaml | 6 + .../notes/bug-1961795-16fb2ac27152fc03.yaml | 6 + .../notes/bug-1963752-ee12e15c17c24bb0.yaml | 6 + ...cloudkitty-prometheus-url-ee14bc486e810631.yaml | 6 + ...control-masakari-monitors-1107c10c45678b0a.yaml | 8 + .../notes/enable-ipxe-cf461344bdb99881.yaml | 12 ++ .../fix-aodh-wsgi-config-7679adda584e33bb.yaml | 6 + ...r-libvirt-profile-removal-01db6ca6dd66879f.yaml | 7 + .../fix-haproxy-logrotate-e299a0000728fd8f.yaml | 12 ++ ...x-hardcoded-oidc-response-fc0f115f0b56cddf.yaml | 7 + .../fix-openstack-exporter-tls-bug-1975598.yml | 8 + ...q-interface-configuration-b39c954fb8763d9c.yaml | 6 + ...-for-ironic-neutron-agent-61ec4d0d237da075.yaml | 6 + .../jinja2-pass-context-2afc328ade8c407b.yaml | 4 + .../notes/libvirt-sasl-404199143610fb75.yaml | 27 +++ .../masakari-libvirt-sasl-f368c31c0b5567b6.yaml | 6 + ...n-placement-endpoint-type-90073ba5ecc9e663.yaml | 6 + ...porter-filesystem-metrics-d3ae7b0a892d2957.yaml | 6 + .../nova-discover-hosts-0353e9274f22195c.yaml | 9 + .../openstack-exporter-hammering-os-apis.yaml | 14 ++ ...ue-mirroring-for-rabbitmq-d54b9e7e25e57a88.yaml | 10 + .../notes/unpin-cinder-rpcs-8eb7e0858a91b9b8.yaml | 6 + ...update-node-custom-config-7b378b25ce22779f.yaml | 5 + roles/multi-node-managed-addressing/tasks/main.yml | 1 + test-requirements.txt | 2 +- zuul.d/base.yaml | 12 +- zuul.d/jobs.yaml | 8 + zuul.d/nodesets.yaml | 38 ---- zuul.d/project.yaml | 1 + 273 files changed, 1460 insertions(+), 777 deletions(-) Requirements updates -------------------- diff --git a/test-requirements.txt b/test-requirements.txt index 8b10965c0..2bff582dc 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -2 +2 @@ -ansible-lint>=4.2.0,!=4.3.0 # MIT +ansible-lint>=4.2.0,!=4.3.0,<6.0.0 # MIT From no-reply at openstack.org Tue Jun 7 11:15:42 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Tue, 07 Jun 2022 11:15:42 -0000 Subject: [release-announce] kolla-ansible 13.1.0 (xena) Message-ID: We are psyched to announce the release of: kolla-ansible 13.1.0: Ansible Deployment of Kolla containers This release is part of the xena stable release series. The source is available from: https://opendev.org/openstack/kolla-ansible Download the package from: https://tarballs.openstack.org/kolla-ansible/ Please report issues through: https://bugs.launchpad.net/kolla-ansible/+bugs For more details, please see below. 13.1.0 ^^^^^^ New Features ************ * Deploys and configures a prometheus-libvirt-exporter image as part of the Prometheus monitoring stack. * Adds a "tls_connect" module to the Prometheus blackbox exporter. This can be used to test connectivity of TLS servers. * New switches added to control deployment of the Masakari monitors. The deployment of each type of monitors can be controlled individually via "enable_masakari_instancemonitor" and "enable_masakari_hostmonitor". By default, both are set to "true" when the deployment of the Masakari is enabled via "enable_masakari". * Implements container healthchecks for ironic-neutron-agent service. See blueprint * Adds support for libvirt SASL authentication. It is enabled by default. LP#1964013 * Adds support for Rocky Linux 8 as Host OS. Known Issues ************ * Existing fluentd log rotation failed to delete old haproxy, swift, glance-tls-proxy and neutron-tls-proxy logs. These will not be deleted by the new logrotate config and will have to be removed manually. Upgrade Notes ************* * RabbitMQ's Prometheus plugin is no longer enabled by default if Prometheus is not deployed. If external Prometheus is used, you need to turn on "rabbitmq_enable_prometheus_plugin" to get old behaviour. * The addition of libvirt SASL authentication requires a new password in "passwords.yml", "libvirt_sasl_password". This may be generated using the existing "kolla-genpwd" and "kolla-mergepwd" tooling. * The addition of libvirt SASL authentication requires both the "nova_libvirt" and "nova_compute" containers to be updated simultaneously, using new images with the necessary Cyrus SASL dependencies, as well as configuration containing the SASL credentials. * It is no longer possible to override the removal of the Monasca Log Metrics service and it will be removed automatically if it hasn't already been removed in the Wallaby release. It is up to the operator to remove any associated docker volumes. * update the default value of node_custom_config to {{ node_config }}/config, when specified using --configdir Security Issues *************** * Explicitly removes the "net.ipv4.ip_forward" sysctl from "/etc/sysctl.conf" on hosts with Neutron L3 Agent. In the absence of another source for this sysctl, it should revert to the default of 0 after the next reboot. This is a follow up to a previous change which stopped setting the sysctl, but leaves existing systems with the original value of 1 set. A deployer looking to more aggressively change the value may set "neutron_l3_agent_host_ipv4_ip_forward" to 0 using a Yoga release of Kolla Ansible. This option will be removed in future. Any deployments still relying on the previous value may set "neutron_l3_agent_host_ipv4_ip_forward" to 1. LP#1945453 * Fixes an issue where the default configuration of libvirt did not use authentication for the API exposed over TCP on the internal API network. This allowed anyone with access to the internal API network read-write access to libvirt. While the internal API network is typically trusted, other services on this network generally at least require authentication. SASL authentication is now enabled for libvirt by default. Kolla Ansible supports libvirt TLS since the Train release, and this is recommended to provide a higher level of security. LP#1964013 Bug Fixes ********* * Fixes an issue with an OIDC authentication flow requiring unnecessary action from the user. Redirecting to the target IdP page now happens automatically. LP#930055 * Removes custom value of "max_allowed_secret_in_bytes" in "barbican.conf". The default maximum size in Barbican was doubled to avoid issues with some certificates. LP #1957795 * Fixes deploy Zun with Cinder Ceph support. Adds support for zun to access cinder volumes when external ceph is configured for cinder. LP#1848934 * Fixed the deployment failure of outward_rabbitmq by resolving port conflicts by customizing RabbitMQ's "prometheus.tcp.port". LP #1885106 * Use Volume V3 API in OpenStack exporter. Volume V2 API has been removed since OpenStack Wallaby. LP#1938194 * Fixes the copy job for grafana custom home dashboard file. The copy job for the grafana home dashboard file needs to run priviliged, otherwise permission denied error occurs. LP#[1947710] * Fixes Octavia's "Connection refused" errors by adding "ovn_sb_connection" to "octavia.conf". LP#195011 * Ironic API and Ironic Inspector API use separate policy files. Ironic role was updated to be able to handle both policies separately. LP#1952948 * Continue to run all actions if one action failed in Elasticsearch curator. LP#1954720 * Fixes Placement no logrotate configuration LP#1954723 * Fixes Nova resize failing when "migration_interface" is customised. LP#1956976 * Fixes unable to connect to zun console when "kolla_enable_tls_external" is true. Access to console of any zun container fails when "kolla_enable_tls_external" is true. This fix sets the protocol for wsproxy "base_url" in "zun.conf" according to the value of "kolla_enable_tls_external" LP#1957117 * Fixes "Register Identity Providers in OpenStack" task which was missing an *=* in the openstack command causing the task to fail to register an IDP with Keystone. LP#1959022 * Fixes Glance with Cinder iSCSI backend failing due to lack of lock_path setting. LP#1959663 * Fixes logrotate config missing for openvswitch and prometheus services. LP#1961795 * Fixes an issue with Ironic's PXE components not getting updated on upgrade. LP#1963752 * Fixes configuration of the Prometheus HTTP API URL when using the Prometheus collector in CloudKitty. LP#1961615 * Fixes an issue with Prometheus scraping when targets' Ansible inventory hostnames ("inventory_hostname") do not resolve to reachable IP addresses. Reverts to the previous behaviour of using IP addresses to communicate with targets. The side effect of this is that targets instances will again be labelled using IP addresses rather than hostnames. LP#1955563 * Fix the apache's wsgi configuration for the aodh service in Debuntu binary flavours. LP#1953059 * Fixes the baremetal role to avoid an error "Unable to remove "libvirtd". Now the symlink /etc/apparmor.d/disable/usr.sbin.libvirtd is created by the role. LP#1960302 * Existing fluentd log rotation failed to delete old haproxy, swift, glance-tls-proxy and neutron-tls-proxy logs. Standardise rotation and deletion of logs using logrotate. * Fixes an issue with setting up OIDC based Keystone federation against IDP that has a different response type than id_token. This can now be set using a new variable "keystone_federation_oidc_response_type". LP#1959781 * adds back the option to configure the rabbitmq clustering interface via kolla *LP#1900160 * * Fixes an issue seen when using Jinja2 3.1.0. * Fixes an issue with Masakari instance monitor when libvirt SASL is enabled. libvirt SASL was enabled by default in a recent change to Kolla Ansible. LP#1965754 * Fixes the configuration option setting the type of endpoint used by Neutron to send requests to Placement. LP#1960503 * Fixes a configuration issue with Node Exporter causing all file system metrics of a host to be identical. LP#1961438 * Fixes an issue where a failure of any Nova compute service to register itself would cause only the host querying the nova API to fail. Now, only hosts that fail to register will fail the Kolla Ansible run. Alternatively, to fail all hosts in a cell when any compute service fails to register, set "nova_compute_registration_fatal" to "true". LP#1940119 * The prometheus openstack exporters are now behind haproxy, providing a unique time series in the prometheus database. Also ensures that only one exporter queries the openstack APIs at any given time interval. With the previous behavior each openstack exporter was scraped at the same time. This caused each exporter to query the openstack APIs simultaneously introducing unneccesary load and duplicate time series in the prometheus database due to the instance label being unique for each exporter. LP#1972818 * Fixes an issue where RabbitMQ was configured to mirror classic transient queues for all services. According to the RabbitMQ documentation this is not a supported configuration, and contributed to numerous bug reports. In order to avoid making unexpected changes to the RabbitMQ cluster, it is necessary to set "rabbitmq_remove_ha_all_policy" to "yes" in order to apply this fix. This variable will be removed in the Yoga release. LP#1954925 * Fixes an issue with Cinder upgrade where Cinder services would remain pinned to the previous release's RPC & object versions. LP#1954932 Changes in kolla-ansible 13.0.1..13.1.0 --------------------------------------- d988c5991 Control Masakari monitors deploy 6a0b1bd42 Make redis connection string configurable 2e5e1b554 [CI] Nullify attempts 704da0b9c talk TLS to openstack exporter via haproxy 87a217fc9 genpwd: handle lack of password file nicer 8a0acd0a2 Use 'cloudkitty_influxdb_use_ssl' when creatign InfluxDB database 5a613d64c masakari: support libvirt SASL in instance monitor fff725d18 [CI] Restore token critical error filter 7525f1e08 Grafana: Run priviliged when copying home dashboard file 5d0686731 Put openstack exporter behind HAproxy so only one is queried at a time ce94b4dde [CI] Raise [keystone_authtoken]http_request_max_retries 91fd18b2b [CI] Always use quay.io via infra's mirror 14ce30530 nova: improve compute service registration failure handling d1b7814c7 nova: use any_errors_fatal for once-per-cell tasks 6e982e076 [CI] Make kolla-build quiet 18d7859bd added missing become in ovs-dpdk role 6abe02571 re-add rabbitmq config for clustering interface 4c1c44d42 Use jinja2.pass_context instead of contextfilter 50100fb2b designate: fix external backend deployment 9cfb4ebf8 Ironic: rebootstrap ironic-pxe on upgrade fb3aa1bf0 Fix prometheus fix 425ead579 Allow removal of classic queue mirroring for internal RabbitMQ 60c80ffac cinder: restart services after upgrade fc13c40f5 Add Rocky Linux support as Host OS dfdbddffa Fix failure in deployment with missing group 7259672ef Add support for deploying Prometheus libvirt exporter d7092dca8 CI: pin ansible-lint to <6 daef31a42 libvirt: support SASL authentication 800f08e61 Fix prechecks for "Ironic iPXE" container f5dcd8d5b Explicitly unset net.ipv4.ip_forward sysctl 4a1a70469 [CI] Use Tenks in Ironic job 6a1f4a782 [CI] Test Ironic when touching Neutron 71af20c15 [CI] Test Ironic on Debian e1cab1604 Fix hard coded OIDC response type 7ef67c88c Remove grafana [session] configuration 98a462cd5 Add openvswitch and prometheus to logrotate 0c55b6521 CI: Bump Ceph to Pacific e51c21ed2 Fix location of release note for ironic-neutron-agent healthcheck c91e85cf2 cloudkitty: fix URL used for Prometheus collector b4f68a991 Configure node-exporter to report correct file system metrics b7470787f Fix fluentd v1 buffer syntax issue d661dab49 Refactor fluentd syslog logging 859efbaf3 CI: Fix new ansible-lint failures 47ac706d2 neutron: fix placement endpoint type configuration ae8900855 Fix Apparmor libvirt profile removal 79ed0470c [CI] Check fluentd errors a763f586b Fix log rotation for fluentd created files 905dc7fae Glance: add lock_path setting f70008b35 [CI] Replace parted with lsblk 920089c9f Deploy Zun with Cinder Ceph support 827656dbb Add OIDCDiscoverURL mod_oidc option e1423e9b6 prometheus: add tls_connect blackbox module 6562c6d8e Fix usage of Subject Alternative Name for TLS a9edcd3e8 update the default value of node_custom_config 464877f01 Fix bad openstack command while registering IDP e15b35e81 Revert "Use friendly target names in Prometheus" e891bfdf2 Use Docker healthchecks for ironic-neutron-agent services 0354b39b1 Make nova_ssh listen on api_interface as well 51fff9cf9 Continue to run all actions if one action failed in curator 107636766 Revert "[CI] [to-revert] Avoid upgrades on CentOS Stream 8" c80d2068e Remove custom value of max_allowed_secret_in_bytes dc8853a9a Fix permission denied errors with ping on c8s 1b6bd8d33 [CI] [to-revert] Avoid upgrades on CentOS Stream 8 72be14b3f Add logrotate to libvirt service f36a00a97 Access to zun container fails when tls_external enabled. 58775d20a OpenID Connect certifiate file is optional e2ba1bb39 Add logrotate configuration for placement service 1f5bf1f00 rabbitmq: enable/disable prometheus plugin follow up cf8dbd6d0 Support enable/disable rabbitmq prometheus plugins 681bcc59e CI: check-logs - add another exception 75fd5c894 Use Volume V3 API in OpenStack exporter a5e0e986b docs: adjust to current defaults 6c695564b Move project_name and kolla_role_name to role vars a4376cd74 [CI] Drop unused nodeset 54718a90f horizon: move horizon_enable_tls_backend to group_vars f00e54be7 Add ovn_sb_connection to octavia.conf 837a2fd4a Add ironic-inspector policy configuration 89353bd31 Remove Monasca Log Metrics service 3ee71d248 Fix aodh wsgi config file in Debuntu binary Diffstat (except docs and test files) ------------------------------------- .ansible-lint | 6 + ansible/group_vars/all.yml | 20 +- ansible/inventory/all-in-one | 3 + ansible/inventory/multinode | 3 + ansible/nova.yml | 4 + ansible/roles/aodh/defaults/main.yml | 2 - ansible/roles/aodh/templates/wsgi-aodh.conf.j2 | 4 - ansible/roles/aodh/vars/main.yml | 2 + ansible/roles/barbican/defaults/main.yml | 2 - ansible/roles/barbican/templates/barbican.conf.j2 | 1 - ansible/roles/barbican/vars/main.yml | 2 + ansible/roles/baremetal/defaults/main.yml | 21 +- .../roles/baremetal/tasks/bootstrap-servers.yml | 5 + .../baremetal/tasks/configure-ceph-for-zun.yml | 55 ++++++ ansible/roles/baremetal/tasks/install.yml | 2 +- ansible/roles/baremetal/tasks/post-install.yml | 6 +- ansible/roles/baremetal/tasks/pre-install.yml | 9 + ansible/roles/bifrost/defaults/main.yml | 2 - ansible/roles/bifrost/vars/main.yml | 2 + ansible/roles/blazar/defaults/main.yml | 2 - ansible/roles/blazar/vars/main.yml | 2 + ansible/roles/ceilometer/defaults/main.yml | 2 - ansible/roles/ceilometer/vars/main.yml | 2 + ansible/roles/ceph-rgw/defaults/main.yml | 2 - ansible/roles/ceph-rgw/vars/main.yml | 2 + .../roles/certificates/tasks/generate-backend.yml | 2 + ansible/roles/certificates/tasks/generate.yml | 4 + .../templates/openssl-kolla-internal.cnf.j2 | 4 +- .../certificates/templates/openssl-kolla.cnf.j2 | 4 +- ansible/roles/cinder/defaults/main.yml | 11 +- ansible/roles/cinder/handlers/main.yml | 20 ++ ansible/roles/cinder/tasks/reload.yml | 10 + ansible/roles/cinder/tasks/upgrade.yml | 2 + ansible/roles/cinder/vars/main.yml | 2 + ansible/roles/cloudkitty/defaults/main.yml | 6 +- ansible/roles/cloudkitty/tasks/bootstrap.yml | 1 + ansible/roles/cloudkitty/vars/main.yml | 2 + ansible/roles/collectd/defaults/main.yml | 2 - ansible/roles/collectd/vars/main.yml | 2 + ansible/roles/common/defaults/main.yml | 26 ++- ansible/roles/common/tasks/config.yml | 7 +- .../conf/filter/00-record_transformer.conf.j2 | 27 +-- .../common/templates/conf/output/00-local.conf.j2 | 217 ++------------------- .../common/templates/conf/output/01-es.conf.j2 | 6 +- .../templates/conf/output/02-monasca.conf.j2 | 4 +- .../templates/cron-logrotate-haproxy.conf.j2 | 2 +- .../templates/cron-logrotate-nova-libvirt.conf.j2 | 3 + .../templates/cron-logrotate-openvswitch.conf.j2 | 3 + .../templates/cron-logrotate-placement.conf.j2 | 3 + .../templates/cron-logrotate-prometheus.conf.j2 | 3 + ansible/roles/common/templates/fluentd.json.j2 | 27 +-- ansible/roles/common/vars/main.yml | 2 + ansible/roles/cyborg/defaults/main.yml | 2 - ansible/roles/cyborg/vars/main.yml | 2 + ansible/roles/designate/defaults/main.yml | 2 - ansible/roles/designate/tasks/backend_external.yml | 2 + ansible/roles/designate/vars/main.yml | 2 + ansible/roles/elasticsearch/defaults/main.yml | 2 - .../templates/elasticsearch-curator-actions.yml.j2 | 14 +- ansible/roles/elasticsearch/vars/main.yml | 2 + ansible/roles/etcd/defaults/main.yml | 2 - ansible/roles/etcd/vars/main.yml | 2 + ansible/roles/freezer/defaults/main.yml | 2 - ansible/roles/freezer/vars/main.yml | 2 + ansible/roles/glance/defaults/main.yml | 2 - ansible/roles/glance/templates/glance-api.conf.j2 | 3 + ansible/roles/glance/vars/main.yml | 2 + ansible/roles/gnocchi/defaults/main.yml | 2 - ansible/roles/gnocchi/vars/main.yml | 2 + ansible/roles/grafana/defaults/main.yml | 2 - ansible/roles/grafana/tasks/config.yml | 1 + ansible/roles/grafana/templates/grafana.ini.j2 | 8 - ansible/roles/grafana/vars/main.yml | 2 + ansible/roles/hacluster/defaults/main.yml | 2 - ansible/roles/hacluster/vars/main.yml | 2 + ansible/roles/haproxy-config/defaults/main.yml | 2 - ansible/roles/haproxy-config/vars/main.yml | 2 + ansible/roles/heat/defaults/main.yml | 2 - ansible/roles/heat/vars/main.yml | 2 + ansible/roles/horizon/defaults/main.yml | 7 - ansible/roles/horizon/vars/main.yml | 2 + ansible/roles/influxdb/defaults/main.yml | 2 - ansible/roles/influxdb/vars/main.yml | 2 + ansible/roles/ironic/defaults/main.yml | 2 - ansible/roles/ironic/tasks/bootstrap.yml | 19 -- ansible/roles/ironic/tasks/bootstrap_service.yml | 19 ++ ansible/roles/ironic/tasks/config.yml | 42 +++- ansible/roles/ironic/tasks/precheck.yml | 1 - .../ironic/templates/ironic-inspector.json.j2 | 8 +- ansible/roles/ironic/vars/main.yml | 2 + ansible/roles/iscsi/defaults/main.yml | 2 - ansible/roles/iscsi/vars/main.yml | 2 + ansible/roles/kafka/defaults/main.yml | 2 - ansible/roles/kafka/vars/main.yml | 2 + ansible/roles/keystone/defaults/main.yml | 3 +- .../keystone/tasks/config-federation-oidc.yml | 1 + .../keystone/tasks/register_identity_providers.yml | 2 +- .../roles/keystone/templates/wsgi-keystone.conf.j2 | 3 +- ansible/roles/keystone/vars/main.yml | 2 + ansible/roles/kibana/defaults/main.yml | 2 - ansible/roles/kibana/vars/main.yml | 2 + ansible/roles/kuryr/defaults/main.yml | 1 - ansible/roles/kuryr/vars/main.yml | 2 + ansible/roles/loadbalancer/defaults/main.yml | 2 - ansible/roles/loadbalancer/vars/main.yml | 2 + ansible/roles/magnum/defaults/main.yml | 2 - ansible/roles/magnum/vars/main.yml | 2 + ansible/roles/manila/defaults/main.yml | 2 - ansible/roles/manila/vars/main.yml | 2 + ansible/roles/mariadb/defaults/main.yml | 2 - ansible/roles/mariadb/vars/main.yml | 2 + ansible/roles/masakari/defaults/main.yml | 17 +- ansible/roles/masakari/tasks/config.yml | 18 ++ ansible/roles/masakari/templates/auth.conf.j2 | 6 + .../templates/masakari-instancemonitor.json.j2 | 8 +- ansible/roles/masakari/vars/main.yml | 2 + ansible/roles/memcached/defaults/main.yml | 2 - ansible/roles/memcached/vars/main.yml | 2 + ansible/roles/mistral/defaults/main.yml | 2 - ansible/roles/mistral/vars/main.yml | 2 + ansible/roles/monasca/defaults/main.yml | 10 +- ansible/roles/monasca/handlers/main.yml | 15 -- ansible/roles/monasca/tasks/config.yml | 18 -- .../monasca-log-metrics/log-metrics.conf.j2 | 75 ------- .../monasca-log-metrics.json.j2 | 18 -- ansible/roles/monasca/vars/main.yml | 2 + ansible/roles/multipathd/defaults/main.yml | 2 - ansible/roles/multipathd/vars/main.yml | 2 + ansible/roles/murano/defaults/main.yml | 2 - ansible/roles/murano/vars/main.yml | 2 + ansible/roles/neutron/defaults/main.yml | 17 +- ansible/roles/neutron/tasks/config-host.yml | 2 + ansible/roles/neutron/templates/neutron.conf.j2 | 2 +- ansible/roles/neutron/vars/main.yml | 2 + ansible/roles/nova-cell/defaults/main.yml | 20 +- ansible/roles/nova-cell/handlers/main.yml | 15 ++ ansible/roles/nova-cell/tasks/config.yml | 20 ++ ansible/roles/nova-cell/tasks/deploy.yml | 3 +- .../roles/nova-cell/tasks/discover_computes.yml | 88 ++------- ansible/roles/nova-cell/tasks/precheck.yml | 17 +- .../nova-cell/tasks/wait_discover_computes.yml | 88 +++++++++ ansible/roles/nova-cell/templates/auth.conf.j2 | 6 + ansible/roles/nova-cell/templates/libvirtd.conf.j2 | 3 +- .../roles/nova-cell/templates/nova-compute.json.j2 | 8 +- .../roles/nova-cell/templates/nova-libvirt.json.j2 | 12 ++ ansible/roles/nova-cell/templates/sasl.conf.j2 | 2 + ansible/roles/nova-cell/templates/sshd_config.j2 | 3 + ansible/roles/nova-cell/vars/main.yml | 6 + ansible/roles/nova/defaults/main.yml | 2 - ansible/roles/nova/vars/main.yml | 2 + ansible/roles/octavia/defaults/main.yml | 2 - ansible/roles/octavia/templates/octavia.conf.j2 | 1 + ansible/roles/octavia/vars/main.yml | 2 + ansible/roles/openvswitch/defaults/main.yml | 2 - ansible/roles/openvswitch/vars/main.yml | 2 + ansible/roles/ovn/defaults/main.yml | 2 - ansible/roles/ovn/vars/main.yml | 2 + ansible/roles/ovs-dpdk/defaults/main.yml | 1 - ansible/roles/ovs-dpdk/tasks/config.yml | 2 + ansible/roles/ovs-dpdk/vars/main.yml | 2 + ansible/roles/placement/defaults/main.yml | 2 - ansible/roles/placement/vars/main.yml | 2 + ansible/roles/prechecks/vars/main.yml | 2 + ansible/roles/prometheus/defaults/main.yml | 29 ++- ansible/roles/prometheus/handlers/main.yml | 15 ++ .../roles/prometheus/tasks/check-containers.yml | 2 +- ansible/roles/prometheus/tasks/config.yml | 4 +- ansible/roles/prometheus/tasks/precheck.yml | 15 ++ ansible/roles/prometheus/templates/clouds.yml.j2 | 1 + .../templates/prometheus-blackbox-exporter.yml.j2 | 4 + .../templates/prometheus-libvirt-exporter.json.j2 | 4 + .../templates/prometheus-node-exporter.json.j2 | 2 +- .../roles/prometheus/templates/prometheus.yml.j2 | 88 +++------ ansible/roles/prometheus/vars/main.yml | 2 + ansible/roles/qdrouterd/defaults/main.yml | 2 - ansible/roles/qdrouterd/vars/main.yml | 2 + ansible/roles/rabbitmq/defaults/main.yml | 16 +- ansible/roles/rabbitmq/tasks/config.yml | 36 ++++ ansible/roles/rabbitmq/tasks/deploy.yml | 3 + .../roles/rabbitmq/tasks/remove-ha-all-policy.yml | 29 +++ ansible/roles/rabbitmq/tasks/upgrade.yml | 3 + .../roles/rabbitmq/templates/advanced.config.j2 | 7 + .../roles/rabbitmq/templates/definitions.json.j2 | 4 + .../roles/rabbitmq/templates/enabled_plugins.j2 | 1 + ansible/roles/rabbitmq/templates/rabbitmq.conf.j2 | 5 + ansible/roles/rabbitmq/templates/rabbitmq.json.j2 | 12 ++ ansible/roles/rabbitmq/vars/main.yml | 2 + ansible/roles/redis/defaults/main.yml | 2 - ansible/roles/redis/vars/main.yml | 2 + ansible/roles/sahara/defaults/main.yml | 2 - ansible/roles/sahara/vars/main.yml | 2 + ansible/roles/senlin/defaults/main.yml | 2 - ansible/roles/senlin/vars/main.yml | 2 + ansible/roles/skydive/defaults/main.yml | 2 - ansible/roles/skydive/vars/main.yml | 2 + ansible/roles/solum/defaults/main.yml | 2 - ansible/roles/solum/vars/main.yml | 2 + ansible/roles/storm/defaults/main.yml | 2 - ansible/roles/storm/vars/main.yml | 2 + ansible/roles/swift/defaults/main.yml | 2 - ansible/roles/swift/vars/main.yml | 2 + ansible/roles/tacker/defaults/main.yml | 2 - ansible/roles/tacker/vars/main.yml | 2 + ansible/roles/telegraf/defaults/main.yml | 2 - ansible/roles/telegraf/vars/main.yml | 2 + ansible/roles/trove/defaults/main.yml | 2 - ansible/roles/trove/vars/main.yml | 2 + ansible/roles/vitrage/defaults/main.yml | 2 - ansible/roles/vitrage/vars/main.yml | 2 + ansible/roles/vmtp/defaults/main.yml | 2 - ansible/roles/vmtp/vars/main.yml | 2 + ansible/roles/watcher/defaults/main.yml | 2 - ansible/roles/watcher/vars/main.yml | 2 + ansible/roles/zookeeper/defaults/main.yml | 2 - ansible/roles/zookeeper/vars/main.yml | 2 + ansible/roles/zun/defaults/main.yml | 3 +- ansible/roles/zun/tasks/config.yml | 5 + ansible/roles/zun/tasks/external_ceph.yml | 27 +++ ansible/roles/zun/templates/zun-compute.json.j2 | 20 +- ansible/roles/zun/templates/zun.conf.j2 | 2 +- ansible/roles/zun/vars/main.yml | 2 + ansible/site.yml | 3 + .../reference/shared-services/keystone-guide.rst | 4 +- .../reference/storage/external-ceph-guide.rst | 27 +++ etc/kolla/globals.yml | 3 +- etc/kolla/passwords.yml | 5 + kolla_ansible/cmd/genpwd.py | 8 +- kolla_ansible/filters.py | 8 +- kolla_ansible/kolla_address.py | 4 +- kolla_ansible/put_address_in_context.py | 21 +- .../add-oidc-discover-url-83edb9f43f73a97f.yaml | 7 + ...ometheus-libvirt-exporter-b05a3a9c08db517c.yaml | 5 + ...n-max-allowed-secret-size-1941307ab5d2a9fd.yaml | 7 + .../blackbox-tls-connect-517cd8ebdf87f16e.yaml | 5 + .../notes/bug-1848934-878a08b490856a53.yaml | 7 + .../notes/bug-1885106-2347d7458a8f9cb0.yaml | 13 ++ .../notes/bug-1938194-80dba28f9cdd434c.yaml | 6 + .../notes/bug-1945453-2-287bfcaf060689d8.yaml | 16 ++ .../notes/bug-1947710-6d0975ae72f43ada.yaml | 7 + .../notes/bug-1950111-8e477fb6a5b58822.yaml | 6 + .../notes/bug-1952948-003aabe18144f569.yaml | 6 + .../notes/bug-1954720-4fc48610a56f3e98.yaml | 6 + .../notes/bug-1954723-2d49335022492891.yaml | 5 + .../notes/bug-1956976-8a2623ca1fbfd546.yaml | 5 + .../notes/bug-1957117-7832104d66a91da7.yaml | 11 ++ .../notes/bug-1959022-e3bb9448414b4ebe.yaml | 7 + .../notes/bug-1959663-afda889b9aa4c63f.yaml | 6 + .../notes/bug-1961795-16fb2ac27152fc03.yaml | 6 + .../notes/bug-1963752-ee12e15c17c24bb0.yaml | 6 + ...cloudkitty-prometheus-url-ee14bc486e810631.yaml | 6 + ...control-masakari-monitors-1107c10c45678b0a.yaml | 8 + .../notes/fix-1955563-42a14bb080e15df2.yaml | 9 + .../fix-aodh-wsgi-config-7679adda584e33bb.yaml | 6 + ...r-libvirt-profile-removal-01db6ca6dd66879f.yaml | 7 + .../fix-haproxy-logrotate-e299a0000728fd8f.yaml | 12 ++ ...x-hardcoded-oidc-response-fc0f115f0b56cddf.yaml | 7 + .../fix-openstack-exporter-tls-bug-1975598.yml | 8 + ...q-interface-configuration-b39c954fb8763d9c.yaml | 6 + ...-for-ironic-neutron-agent-61ec4d0d237da075.yaml | 6 + .../jinja2-pass-context-2afc328ade8c407b.yaml | 4 + .../notes/libvirt-sasl-404199143610fb75.yaml | 27 +++ .../masakari-libvirt-sasl-f368c31c0b5567b6.yaml | 6 + ...n-placement-endpoint-type-90073ba5ecc9e663.yaml | 6 + ...porter-filesystem-metrics-d3ae7b0a892d2957.yaml | 6 + .../nova-discover-hosts-0353e9274f22195c.yaml | 9 + .../openstack-exporter-hammering-os-apis.yaml | 14 ++ ...emove-monasca-log-metrics-02a81671f864d1a9.yaml | 7 + ...ue-mirroring-for-rabbitmq-d54b9e7e25e57a88.yaml | 10 + .../notes/support-rockylinux-ad6d48db054ead2b.yaml | 4 + .../notes/unpin-cinder-rpcs-8eb7e0858a91b9b8.yaml | 6 + ...update-node-custom-config-7b378b25ce22779f.yaml | 5 + requirements.txt | 2 +- roles/cephadm/defaults/main.yml | 7 +- roles/cephadm/tasks/main.yml | 9 + roles/cephadm/templates/cephadm.yml.j2 | 6 +- roles/multi-node-managed-addressing/tasks/main.yml | 1 + test-requirements.txt | 2 +- zuul.d/base.yaml | 12 +- zuul.d/jobs.yaml | 20 ++ zuul.d/nodesets.yaml | 44 +---- zuul.d/project.yaml | 2 + 297 files changed, 1750 insertions(+), 967 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index e85f7744c..59147c1bd 100644 --- a/requirements.txt +++ b/requirements.txt @@ -14 +14 @@ oslo.utils>=3.33.0 # Apache-2.0 -Jinja2>=2.10 # BSD License (3 clause) +Jinja2>=3 # BSD License (3 clause) diff --git a/test-requirements.txt b/test-requirements.txt index ef84c6b8a..55a39db11 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -2 +2 @@ -ansible-lint>=4.2.0,!=4.3.0 # MIT +ansible-lint>=4.2.0,!=4.3.0,<6.0.0 # MIT From no-reply at openstack.org Tue Jun 7 11:16:10 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Tue, 07 Jun 2022 11:16:10 -0000 Subject: [release-announce] kayobe 11.1.0 (xena) Message-ID: We are chuffed to announce the release of: kayobe 11.1.0: Deployment of OpenStack to bare metal using OpenStack kolla and bifrost This release is part of the xena stable release series. The source is available from: https://opendev.org/openstack/kayobe Download the package from: https://tarballs.openstack.org/kayobe/ Please report issues through: https://storyboard.openstack.org/#!/project/openstack/kayobe For more details, please see below. 11.1.0 ^^^^^^ New Features ************ * Adds support for custom Placement configuration. * Adds support for global configuration options for Apt in files in "/etc/apt/apt.conf.d/" on Ubuntu systems. See story 2009655 for details. * Adds support for configuring Apt repositories on Ubuntu hosts. See story 2009655 for details. * Add the bonding 802.3ad aggregation selection option. * Enables hardware clock (RTC) synchronisation by default when applying the chrony role. This setting is configurable with the new variable "chrony_rtcsync_enabled". * Adds support for inspection of L3-routed Ironic networks via DHCP- relay. * The new filter "net_no_ip" adds the attribute "no_ip" which can be set to "true" to skip IP address allocation and configuration for specific networks. * Adds a new variable "seed_hypervisor_enable_snat" that allows users to enable SNAT service on the seed hypervisor. The default value is "false". * Adds support for Rocky Linux 8 as Host OS. * Adds support for running package updates on Ubuntu hosts via the following existing commands: * "kayobe seed host package update --packages " * "kayobe seed hypervisor host package update --packages " * "kayobe infra vm host package update --packages " * "kayobe overcloud host package update --packages " Security Issues *************** * Fixes an issue where any passwords in "kolla_ansible_custom_passwords" were exposed in Ansible logs. When using verbosity level 3 ("-vvv"), they were also exposed in Ansible output. Bug Fixes ********* * Ironic inspection through Bifrost now work even if DHCP-relay is used. The dhcp-range in dnsmasq.conf corrctly configured with network mask. * In production environments, the provision network may be separated from the other networks, so in this case, if you want Bifrost's DHCP service provides the correct gateway for the clients the "inspection_gateway" should be used instead of the "gateway" attribute for the provision network. This also avoids configuring the multiple IP gateways on a single host which leads to unpredictable results. * Fixes an issue where the Neutron SR-IOV agent image is not built when the service is enabled. * Fixes an issue with idempotence of local Kolla Ansible configuration generation. * Fixes an issue with the seed's configdrive when the admin network is a VLAN. See story 2008089 for details. * Enables deployment of Grafana when Monasca is enabled, as a replacement for the retired "monasca-grafana" image. See story 2009717 for details. * Fixes Ansible inventory generation with some custom group mappings using the same group names for Kayobe and Kolla Ansible. See story 2009927 for details. * The set of commands starting with "kayobe overcloud database" now generate the kolla configuration necessary to login to the nodes running the database. * Fixes an issue with config drive generation for infrastructure and seed VMs when using untagged interfaces. The symptom of this issue is that kayobe cannot login to the instance. If you check the libvirt console log, you will see "KeyError: 'vlan_link'". See story 2009910 for details. * Fixes an issue where hacluster images are not built when the service is enabled. * Fixes an issue with IPA image builds which used the "master" branch of "ironic-python-agent", even on stable releases of Kayobe, or when explicitly setting "ipa_build_source_version". * Fixes an issue seen when using Jinja2 3.1.0. * Fixes an issue where any passwords in "kolla_ansible_custom_passwords" were exposed in Ansible logs. When using verbosity level 3 ("-vvv"), they were also exposed in Ansible output. * Fixes an issue where patch links could be erroneously created on hosts not in the overcloud group. See Story 2009911 for details. * Fixes an issue where the MTU defined in Kayobe was not applied to Ironic provisioning and cleaning networks in Neutron. * Deployment image (IPA) build no longer uses master version of upper- constraints. Instead, it defaults to using the constraints for the OpenStack release associated with the version of Kayobe being used. See story 2009810 for details. * Fixes failures to run "kayobe overcloud bios raid configure" by upgrading the "stackhpc.drac" role to version 1.1.6. * Fixes an issue with masking NTP services which are not found. See story 2009821 for details. Changes in kayobe 11.0.1..11.1.0 -------------------------------- 0467484a ironic: Set MTU on provisioning and cleaning Neutron networks 1b4a34a6 Fix forgotten hacluster regexp for image build d5fe7852 kolla_passwords: add no_log for password overrides fe07bd3c Fix Bifrost inspection through DHCP-relay 4e3c0405 Bump stackhpc.drac role 82193e8b Cleanup old and deprecated Swift configuration f5792171 docs: Fix custom LVM example b1f9b4b8 Update documentation link for NCLU 65ad855e CI: separate image builds into a non-voting job 75c18cc1 Fix variable name for stackhpc.os-networks upper constraints 63b22c96 Restore forgotten linuxbridge-agent container 5c96d8cf Fix Ansible inventory generation when reusing group names ef3bb407 Sync Kolla Ansible feature flags and inventory a7791250 CI: fix TLS job by freeing up memory a451ff7a Fix custom config idempotence 4efb80a1 Ubuntu: add support for Apt configuration 5b78b375 Use jinja2.pass_context instead of contextfilter 98d7cc13 Ubuntu: add support for Apt repository configuration c083073c Add support for Rocky Linux 8 1a9dc309 Ubuntu: support host package update efa8209c CI: pin pytest-metadata<2 for molecule 1ff569ac CI: Don't download Cirros or IPA in seed jobs 0bf197a4 Skip IP address allocation and configuration if needed 512f4c1e Only create patch links on overcloud hosts c8571765 CI: Disable container image builds on Ubuntu ffbd3d7e Use naming convention to infer VLAN tagging 15790c98 CI: remove qemu-utils installation 0e0a3038 Add the bonding 802.3ad aggregation selection option d5006cc6 CI: stop using zuul as kayobe_ansible_user in TLS jobs c69a808a Sync enable flag defaults with kolla ansible f4a81e48 Enable rtcsync in chrony by default 451d1c3a Bump up manage-lvm role version to v0.2.6 e0a5bf17 CI: Enable bare metal testing for Ubuntu deb969e5 Set requirements branch for IPA build 81645697 ntp: Fix service mask when service doesn't exist bbd22d55 Set correct gateway for the bifrost provision network 717c6321 Use net_mask filter instead of ansible's ipaddr e0627ac4 Fix Sphinx syntax typo 14b4e204 Fix 'ModuleNotFoundError: No module named 'docker' 2c881818 Adds support for custom Placement configuration. 48e5cdd2 Allow enable SNAT service on the seed hypervisor 7ca933e7 Fix seed VM configdrive when admin network is a VLAN 1db55d09 Generate kolla config when running database commands b89b7a73 Build neutron-sriov-agent image when enabled 45797aa4 ipa: Use openstack_branch instead of master e8ca12ef Deploy Grafana when Monasca is enabled c97b7e21 [CI] Drop unused nodeset 3dd2dd98 Add support for Ironic inspection through DHCP-relay 7d9b86e2 Document that extra kernel parameters are important for inspection 1d791e2c Limit ip-routing and snat to seed hosts only b7a804ce Uninstall ansible-base package only if exists Diffstat (except docs and test files) ------------------------------------- ansible/group_vars/all/apt | 35 +++++ ansible/group_vars/all/bifrost | 3 + ansible/group_vars/all/dnf | 8 +- ansible/group_vars/all/globals | 12 +- ansible/group_vars/all/infra-vms | 5 + ansible/group_vars/all/ipa | 9 +- ansible/group_vars/all/kolla | 19 ++- ansible/group_vars/all/seed-hypervisor | 3 + ansible/group_vars/all/seed-vm | 7 +- ansible/group_vars/all/time | 3 + ansible/group_vars/seed-hypervisor/snat | 3 + ansible/group_vars/seed/snat | 3 + ansible/host-package-update.yml | 6 +- ansible/ip-allocation.yml | 1 + ansible/ip-routing.yml | 4 +- ansible/kolla-ansible.yml | 1 + ansible/kolla-bifrost-hostvars.yml | 2 +- ansible/kolla-bifrost.yml | 3 +- ansible/kolla-openstack.yml | 2 + ansible/provision-net.yml | 4 +- ansible/roles/apt/defaults/main.yml | 38 +++++ ansible/roles/apt/handlers/main.yml | 5 + ansible/roles/apt/tasks/config.yml | 14 ++ ansible/roles/apt/tasks/keys.yml | 19 +++ ansible/roles/apt/tasks/main.yml | 21 +-- ansible/roles/apt/tasks/proxy.yml | 17 +++ ansible/roles/apt/tasks/repos.yml | 23 +++ ansible/roles/apt/templates/kayobe.sources.j2 | 15 ++ ansible/roles/dnf/tasks/local-mirror.yml | 9 +- .../roles/dnf/templates/Rocky-AppStream.repo.j2 | 16 ++ ansible/roles/dnf/templates/Rocky-BaseOS.repo.j2 | 16 ++ ansible/roles/dnf/templates/Rocky-Extras.repo.j2 | 16 ++ ansible/roles/kolla-ansible/defaults/main.yml | 3 + .../roles/kolla-ansible/library/kolla_passwords.py | 2 +- ansible/roles/kolla-ansible/tasks/install.yml | 1 + .../kolla-ansible/templates/kolla/globals.yml | 2 +- .../kolla-ansible/templates/overcloud-services.j2 | 6 +- .../kolla-ansible/templates/overcloud-top-level.j2 | 2 +- ansible/roles/kolla-ansible/vars/main.yml | 1 + ansible/roles/kolla-bifrost/defaults/main.yml | 1 + .../templates/kolla/config/bifrost/bifrost.yml | 1 + ansible/roles/kolla-openstack/defaults/main.yml | 9 ++ .../molecule/enable-everything/molecule.yml | 4 + ansible/roles/kolla-openstack/tasks/config.yml | 2 +- .../roles/kolla-openstack/templates/glance.conf.j2 | 29 ---- .../kolla-openstack/templates/placement.conf.j2 | 9 ++ ansible/roles/kolla-openstack/vars/main.yml | 5 + ansible/roles/network-redhat/tasks/main.yml | 1 + ansible/roles/ntp/tasks/prepare.yml | 25 ++- ansible/snat.yml | 4 +- dev/functions | 15 +- .../reference/ironic-python-agent.rst | 7 +- .../configuration/reference/kolla-ansible.rst | 2 + .../configuration/reference/os-distribution.rst | 14 +- .../configuration/reference/physical-network.rst | 2 +- .../configuration/scenarios/all-in-one/index.rst | 6 +- .../scenarios/all-in-one/overcloud.rst | 9 +- etc/kayobe/apt.yml | 35 +++++ etc/kayobe/bifrost.yml | 3 + etc/kayobe/dnf.yml | 8 +- etc/kayobe/globals.yml | 7 +- etc/kayobe/infra-vms.yml | 3 + etc/kayobe/ipa.yml | 2 +- etc/kayobe/kolla.yml | 4 +- etc/kayobe/seed-hypervisor.yml | 3 + etc/kayobe/seed-vm.yml | 5 +- etc/kayobe/time.yml | 3 + kayobe/cli/commands.py | 11 +- kayobe/plugins/filter/networkd.py | 8 +- kayobe/plugins/filter/networks.py | 91 ++++++----- .../plugins/action/test_kolla_ansible_host_vars.py | 6 +- molecule-requirements.txt | 1 + playbooks/kayobe-infra-vm-base/pre.yml | 2 +- playbooks/kayobe-overcloud-base/globals.yml.j2 | 2 +- playbooks/kayobe-overcloud-base/overrides.yml.j2 | 8 +- playbooks/kayobe-overcloud-base/run.yml | 11 -- .../overrides.yml.j2 | 36 ++++- .../kayobe-overcloud-host-configure-base/pre.yml | 2 +- playbooks/kayobe-overcloud-upgrade-base/run.yml | 5 - .../kayobe-seed-base/bifrost-overrides.yml.j2 | 6 +- playbooks/kayobe-seed-base/overrides.yml.j2 | 4 +- playbooks/kayobe-seed-base/pre.yml | 3 +- playbooks/kayobe-seed-base/run.yml | 34 +++-- .../bifrost-overrides.yml.j2 | 6 +- playbooks/kayobe-seed-vm-base/pre.yml | 2 +- ...d-extended-placement-conf-70a4b9a318c1b555.yaml | 3 + .../notes/apt-config-bc72fd0bff919888.yaml | 6 + .../notes/apt-repositories-850efef70ba34946.yaml | 5 + ...ifrost-dhcp-range-netmask-fd40642967042267.yaml | 5 + ...ifrost-inspection-gateway-316ab384430ef8df.yaml | 9 ++ .../notes/bond-ad-select-8fc711dcd54e9cea.yaml | 4 + .../build-neutron-sriov-836acf378bae0b48.yaml | 5 + .../notes/config-idemoptence-37846db82ecd9f43.yaml | 4 + .../notes/configdrive-vlans-4e8b6ed07b229233.yaml | 6 + ...able-grafana-with-monasca-497d686e95d89242.yaml | 7 + ...nable-rtc-synchronisation-1179a52e8e6bd12b.yaml | 6 + ...lla-ansible-group-mapping-8fcd6cbb1e744e18.yaml | 6 + ...ckup-with-no-kolla-config-4f857915adabad41.yaml | 6 + .../fixes-keyerror-vlan-link-c177cf719e070df6.yaml | 8 + .../hacluster-build-issue-2a8023e0cd80235a.yaml | 5 + ...pector-dhcp-range-netmask-bb46eb7df77587a4.yaml | 4 + .../notes/ip-allocation-skip-9e81c13324b7a7e1.yaml | 6 + .../notes/ipa-branch-b29c377c531013a8.yaml | 6 + .../jinja2-pass-context-fecf00f23e413393.yaml | 4 + ...asswords-overrides-no-log-57054ce64fae8143.yaml | 11 ++ .../patch-links-on-overcloud-e24dbc858d3399cc.yaml | 6 + .../notes/provision-net-mtu-befdda04224f49a6.yaml | 5 + .../seed-hypervisor-snat-3f4844bd1156bce9.yaml | 5 + ...ents-branch-for-ipa-build-c3ca977ec21b58f4.yaml | 8 + .../stackhpc-drac-check-mode-8097215f8eca9991.yaml | 5 + .../notes/story-2009821-b309165e25e77aea.yaml | 5 + .../support-rockylinux-8-1da50e2f97b918d5.yaml | 4 + .../ubuntu-package-update-0db09fc57249b9fc.yaml | 10 ++ requirements.txt | 1 + requirements.yml | 12 +- roles/kayobe-ci-prep/tasks/main.yml | 2 +- roles/kayobe-diagnostics/files/get_logs.sh | 1 + zuul.d/jobs.yaml | 53 +++++++ zuul.d/nodesets.yaml | 9 +- zuul.d/project.yaml | 16 ++ 134 files changed, 1171 insertions(+), 275 deletions(-) Requirements updates -------------------- diff --git a/molecule-requirements.txt b/molecule-requirements.txt index e2e59cc2..120b4f74 100644 --- a/molecule-requirements.txt +++ b/molecule-requirements.txt @@ -7,0 +8 @@ molecule-docker # MIT +pytest-metadata<2 # MPL diff --git a/requirements.txt b/requirements.txt index 8cfd1a87..7502967a 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,0 +2 @@ pbr>=2.0 # Apache-2.0 +Jinja2>3 # BSD From no-reply at openstack.org Wed Jun 8 11:28:34 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Wed, 08 Jun 2022 11:28:34 -0000 Subject: [release-announce] glance 24.1.0 (yoga) Message-ID: We are pleased to announce the release of: glance 24.1.0: OpenStack Image Service This release is part of the yoga stable release series. The source is available from: https://opendev.org/openstack/glance Download the package from: https://tarballs.openstack.org/glance/ Please report issues through: https://bugs.launchpad.net/glance/+bugs For more details, please see below. 24.1.0 ^^^^^^ New Features ************ * When the Glance image cache is being used, the CURRENT version of the Image service API, as indicated in the "GET /versions" response, is 2.16. Upgrade Notes ************* * The Image service API call "PUT /v2/cache/{image_id}" now returns a 202 (Accepted) response code to indicate success. In glance 24.0.0 (the initial Yoga release), it had mistakenly returned a 200. Bug Fixes ********* * Bug #1972666 (https://bugs.launchpad.net/glance/+bug/1972666): Added cli_opts and cache_opts to support configgen to pick all groups from wsgi.py * Bug 1971521 (https://bugs.launchpad.net/glance/+bug/1971521): Fixed the success response code of the REST API call "PUT /v2/cache/{image_id}" to be 202 (Accepted), following the original design of the feature. Changes in glance 24.0.0..24.1.0 -------------------------------- 55c000ee Bump Image API version to 2.16 cc98dbef Fix failing namespace list delete race e943645f Added cli_opts and cache_opts 9043efc5 [APIImpact] Correct API response code for PUT /v2/cache/{image_id} 49d25474 [CI] Add upper constraints to install command 1beee78e Update TOX_CONSTRAINTS_FILE for stable/yoga c7e1b3b4 Update .gitreview for stable/yoga Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + api-ref/source/v2/cache-manage.inc | 2 +- glance/api/middleware/version_negotiation.py | 3 +- glance/api/v2/cached_images.py | 4 +- glance/api/v2/metadef_namespaces.py | 8 +- glance/api/versions.py | 3 +- glance/opts.py | 2 + .../add-cli-and-cache-opts-902f28d65c8fb827.yaml | 5 ++ releasenotes/notes/api-2.16-8417b1e23322fedb.yaml | 19 +++++ tox.ini | 8 +- 13 files changed, 153 insertions(+), 36 deletions(-) From no-reply at openstack.org Thu Jun 9 11:55:06 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Thu, 09 Jun 2022 11:55:06 -0000 Subject: [release-announce] designate 14.0.1 (yoga) Message-ID: We enthusiastically announce the release of: designate 14.0.1: DNS as a Service This release is part of the yoga stable release series. The source is available from: https://opendev.org/openstack/designate Download the package from: https://tarballs.openstack.org/designate/ Please report issues through: https://bugs.launchpad.net/designate/+bugs For more details, please see below. 14.0.1 ^^^^^^ Bug Fixes * Fixed an issue where set-quotas will always return the default quotas if it was called with a non-project scoped token and the all- projects flag was not set. * Allows for a minimum TTL value of zero to be used instead of 1. As stated in RFC https://datatracker.ietf.org/doc/html/rfc2181#section-8. (https://bugs.launchpad.net/designate/+bug/1926429) * Fixed a bug where deleting a zone transfer request may fail when using a system scoped token. Changes in designate 14.0.0..14.0.1 ----------------------------------- 38081027 Fix misleading release note for RBAC changes. 1b7b7df1 Validate worker actions before retrying poll 22d3c0c0 Fixed incorrect quota exception message 1ba0f1a1 Minimum TTL value allowed is zero 34976032 Clarifies the zone import error message 5b014685 Update zuul queue configuration 8f5e8db1 Improve quota API validations 5b40d3d9 Fix tox docs env to have the correct dependencies 276a9fbe Fix delete zone transfer request with scoped token a8e74f4f Fix set-quotas for non-project scoped tokens 0f25a811 Update TOX_CONSTRAINTS_FILE for stable/yoga 5f590606 Update .gitreview for stable/yoga Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + .zuul.yaml | 5 +- designate/api/v2/controllers/quotas.py | 10 ++ designate/central/service.py | 1 + designate/common/constants.py | 11 ++ designate/objects/quota.py | 8 +- designate/objects/zone.py | 2 +- designate/quota/base.py | 2 +- designate/quota/impl_storage.py | 2 +- designate/storage/impl_sqlalchemy/__init__.py | 2 + designate/worker/tasks/base.py | 48 +++++++++ designate/worker/tasks/zone.py | 30 ++++-- ...non-project-scoped-tokens-ffe3082db3dbb55b.yaml | 6 ++ .../Support-scoped-tokens-6b7d6052a258cd11.yaml | 4 +- ...429-allow-ttl-min-of-zero-688f7c2cf095d89d.yaml | 8 ++ ...sfer-request-scoped-token-fc9d3be407e1a50a.yaml | 5 + tox.ini | 9 +- 23 files changed, 484 insertions(+), 60 deletions(-) From no-reply at openstack.org Thu Jun 9 12:06:48 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Thu, 09 Jun 2022 12:06:48 -0000 Subject: [release-announce] designate 13.0.1 (xena) Message-ID: We exuberantly announce the release of: designate 13.0.1: DNS as a Service This release is part of the xena stable release series. The source is available from: https://opendev.org/openstack/designate Download the package from: https://tarballs.openstack.org/designate/ Please report issues through: https://bugs.launchpad.net/designate/+bugs For more details, please see below. 13.0.1 ^^^^^^ Bug Fixes * Fixed an issue that caused the recordset_records quota to not be enforced. * Fixes bug 1934252 which ignored invalid denylist patterns. The fix entailed checking the pattern string via regular expression compiler and testing for zero length. Previously you could create blacklist/denylist using string that cannot be used either as a regex or as a zone name, for example: patterns = ['', "'#(*&^%$%$#@$']" In addition, the server will return a 400 BadRequest response to an invalid pattern. (https://bugs.launchpad.net/designate/+bug/1934252) * Fixed an issue where new BIND9 pool instances may fail on zone update. * Fixed an issue where set-quotas will always return the default quotas if it was called with a non-project scoped token and the all- projects flag was not set. * Fixes support for keystone default roles and scoped tokens. * Allows for a minimum TTL value of zero to be used instead of 1. As stated in RFC https://datatracker.ietf.org/doc/html/rfc2181#section-8. (https://bugs.launchpad.net/designate/+bug/1926429) * CAA records now allow the use of *+* prefixed subadresses like *security+caa at example.net* within mail urls. (https://www.rfc- editor.org/rfc/rfc5233.html#section-1) See bug 1958533 for more information. (https://bugs.launchpad.net/designate/+bug/1958533) * Fixed a bug where deleting a zone transfer request may fail when using a system scoped token. Changes in designate 13.0.0..13.0.1 ----------------------------------- 2159c7a5 Fix misleading release note for RBAC changes. 2862a550 Clarifies the zone import error message 8fea6838 Fix duplicate zone when creating ptr records 5237ce97 Fix incorrect 404 error on floating IP create fab62ff8 Fix dns.query.tcp/udp not always handling ipv6 properly 4e6da9b9 Improve wording for validation error messages 9f9480bd Modernize PTR implementation in Central d04a2e17 Fix designate-manage pool update bugs 0b818283 Allow email subadresses to be used within mail url of CAA records e6922d74 Simplify create zone import implementation d1402da7 Fixed incorrect message when zone import failed due to quota 5b1b404e Fix zone update when adding new Bind9 target to pool. 6b595bd4 Add proper quota error messages 63bc0c1d Fix delete zone transfer request with scoped token 264ac571 Minimum TTL value allowed is zero f4396df7 Fix a typo in the tsigkey policy file 721184fc Validate worker actions before retrying poll fc0c6b37 Fixed incorrect quota exception message b5bb17cf Fix support for scoped tokens and default roles c78db47c Update zuul queue configuration 28e969e7 Improve quota API validations 08d56f87 Fix tox docs env to have the correct dependencies 6072ef37 Fix set-quotas for non-project scoped tokens df605a79 Fix recordset_records quota enforcement e2027bfb Add fips jobs b55afb59 Checks for invalid denylist regex patterns e8217d5b Remove lower-constraint job from stable/xena 5e9cca1b Allow TXT record over 255 characters if split 8634d531 Fix race condition in the sink when deleting records 86db7954 Update TOX_CONSTRAINTS_FILE for stable/xena 1bfcf16c Update .gitreview for stable/xena Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + .zuul.yaml | 37 +- designate/api/middleware.py | 6 +- designate/api/v2/controllers/quotas.py | 10 + .../api/v2/controllers/zones/tasks/exports.py | 9 +- designate/backend/agent.py | 40 +- designate/backend/impl_bind9.py | 31 +- designate/central/service.py | 1266 +++++++++++++------- designate/common/constants.py | 28 + designate/common/policies/base.py | 70 +- designate/common/policies/context.py | 50 +- designate/common/policies/diagnostics.py | 51 +- designate/common/policies/quota.py | 2 +- designate/common/policies/recordset.py | 64 +- designate/common/policies/tsigkey.py | 15 +- designate/common/policies/zone.py | 25 +- designate/common/policies/zone_export.py | 24 +- designate/common/policies/zone_import.py | 2 +- designate/common/policies/zone_transfer_accept.py | 6 +- designate/common/policies/zone_transfer_request.py | 25 +- designate/context.py | 5 +- designate/dnsutils.py | 152 ++- designate/exceptions.py | 13 + designate/mdns/notify.py | 24 +- designate/notification_handler/base.py | 50 +- .../adapters/api_v2/zone_transfer_request.py | 12 +- designate/objects/blacklist.py | 4 +- designate/objects/fields.py | 53 +- designate/objects/quota.py | 8 +- designate/objects/rrdata_txt.py | 38 +- designate/objects/zone.py | 2 +- designate/policy.py | 15 +- designate/quota/base.py | 19 +- designate/quota/impl_storage.py | 2 +- designate/storage/impl_sqlalchemy/__init__.py | 11 +- .../nova/compute.instance.create.end-2.json | 180 +++ .../test_notification_handler/test_neutron.py | 40 +- designate/worker/README.md | 2 +- designate/worker/tasks/base.py | 48 + designate/worker/tasks/zone.py | 38 +- designate/worker/utils.py | 82 -- playbooks/enable-fips.yaml | 3 + ...x-recordset-records-quota-76ed3095dd2afbbe.yaml | 4 + ...atterns-not-being-checked-ec1f1316ccc6cb1d.yaml | 16 + ...x-update-zone-create-zone-ada1fd81de479492.yaml | 4 + ...non-project-scoped-tokens-ffe3082db3dbb55b.yaml | 6 + .../Support-scoped-tokens-6b7d6052a258cd11.yaml | 4 + ...429-allow-ttl-min-of-zero-688f7c2cf095d89d.yaml | 8 + ...33-allow-caa-mail-subaddr-d02cdc46bbb118ad.yaml | 10 + ...sfer-request-scoped-token-fc9d3be407e1a50a.yaml | 5 + tox.ini | 9 +- 73 files changed, 2778 insertions(+), 1156 deletions(-) From no-reply at openstack.org Wed Jun 15 12:28:16 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Wed, 15 Jun 2022 12:28:16 -0000 Subject: [release-announce] taskflow 5.0.0 Message-ID: We are tickled pink to announce the release of: taskflow 5.0.0: Taskflow structured state management library. The source is available from: https://opendev.org/openstack/taskflow Download the package from: https://pypi.org/project/taskflow For more details, please see below. Changes in taskflow 4.7.0..5.0.0 -------------------------------- 2521e3ee Quote string representations 44f17d00 Remove six a26e2d88 Drop python3.6/3.7 support in testing runtime Diffstat (except docs and test files) ------------------------------------- requirements.txt | 3 -- setup.cfg | 5 ++- taskflow/atom.py | 27 +++++++-------- taskflow/conductors/backends/impl_executor.py | 4 +-- taskflow/conductors/backends/impl_nonblocking.py | 3 +- taskflow/conductors/base.py | 4 +-- taskflow/deciders.py | 4 +-- taskflow/engines/action_engine/actions/base.py | 5 +-- taskflow/engines/action_engine/compiler.py | 6 ++-- taskflow/engines/action_engine/completer.py | 4 +-- taskflow/engines/action_engine/deciders.py | 9 ++--- taskflow/engines/action_engine/engine.py | 10 +++--- taskflow/engines/action_engine/executor.py | 4 +-- taskflow/engines/action_engine/process_executor.py | 36 +++++--------------- taskflow/engines/base.py | 5 +-- taskflow/engines/helpers.py | 3 +- taskflow/engines/worker_based/executor.py | 3 +- taskflow/engines/worker_based/protocol.py | 12 +++---- taskflow/engines/worker_based/proxy.py | 5 ++- taskflow/engines/worker_based/types.py | 13 ++++---- taskflow/examples/example_utils.py | 2 +- .../examples/jobboard_produce_consume_colors.py | 24 ++++++------- taskflow/examples/parallel_table_multiply.py | 7 ++-- taskflow/examples/run_by_iter.py | 4 +-- taskflow/examples/share_engine_thread.py | 3 +- taskflow/examples/simple_map_reduce.py | 4 +-- taskflow/examples/tox_conductor.py | 5 ++- taskflow/examples/wbe_event_sender.py | 4 +-- taskflow/examples/wbe_mandelbrot.py | 12 +++---- taskflow/exceptions.py | 17 +++++----- taskflow/flow.py | 8 ++--- taskflow/jobs/backends/impl_redis.py | 12 +++---- taskflow/jobs/backends/impl_zookeeper.py | 5 ++- taskflow/jobs/base.py | 16 ++++----- taskflow/listeners/base.py | 4 +-- taskflow/listeners/claims.py | 4 +-- taskflow/listeners/timing.py | 3 +- taskflow/patterns/graph_flow.py | 7 ++-- taskflow/persistence/backends/impl_memory.py | 3 +- taskflow/persistence/backends/impl_sqlalchemy.py | 13 ++++---- taskflow/persistence/base.py | 8 ++--- taskflow/persistence/models.py | 20 +++++------ taskflow/persistence/path_based.py | 7 ++-- taskflow/retry.py | 6 ++-- taskflow/storage.py | 23 ++++++------- taskflow/task.py | 19 +++++------ taskflow/test.py | 3 +- taskflow/types/failure.py | 18 ++++++---- taskflow/types/graph.py | 6 ++-- taskflow/types/notifier.py | 11 +++--- taskflow/types/sets.py | 4 +-- taskflow/types/timing.py | 4 +-- taskflow/types/tree.py | 7 ++-- taskflow/utils/banner.py | 6 ++-- taskflow/utils/iter_utils.py | 8 ++--- taskflow/utils/kazoo_utils.py | 10 +++--- taskflow/utils/misc.py | 27 +++++++-------- taskflow/utils/mixins.py | 35 ------------------- taskflow/utils/redis_utils.py | 4 +-- taskflow/utils/threading_utils.py | 6 ++-- tools/schema_generator.py | 7 ++-- tools/speed_test.py | 5 ++- tox.ini | 1 - 84 files changed, 280 insertions(+), 469 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index f1cdc800..32ded5c7 100644 --- a/requirements.txt +++ b/requirements.txt @@ -10,3 +9,0 @@ pbr!=2.1.0,>=2.0.0 # Apache-2.0 -# Python 2->3 compatibility library. -six>=1.10.0 # MIT - From no-reply at openstack.org Fri Jun 17 08:54:13 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Fri, 17 Jun 2022 08:54:13 -0000 Subject: [release-announce] sushy-tools 0.19.0 Message-ID: We are ecstatic to announce the release of: sushy-tools 0.19.0: A set of tools to support the development and test of the Sushy library (https://docs.openstack.org/sushy/) The source is available from: https://opendev.org/openstack/sushy-tools Download the package from: https://tarballs.openstack.org/sushy-tools/ For more details, please see below. 0.19.0 ^^^^^^ New Features ************ * Adds basic support for custom TLS certificates with virtual media. * Adds a fake system driver (actived using the "--fake" argument) that does not have an actual backend and works by storing all values in the cache. It is currently functional enough for the Ironic's "ramdisk" deploy (and undeploy) to finish successfully. Bug Fixes ********* * Allow non-string types to be configured for BIOS settings. Changes in sushy-tools 0.18.2..0.19.0 ------------------------------------- 9a42fcd Update jobs names 4a0010d Use python Zed tests 49b890a Drop lower-constraints.txt and its testing c34ffbd vmedia: keep the original URL in Image 8896740 Fix the CI fac4725 Add a fake system driver 9ca0158 Fewer mandatory methods in AbstractSystemsDriver 1553bf3 Accept non-string types for BIOS settings cd1ab51 Test all supported python version 695af04 CertificateService: implement CertificateLocations 35f4279 Update pep8 test requirements 0051bd4 Support uploading certificates for virtual media Diffstat (except docs and test files) ------------------------------------- bindep.txt | 1 + lower-constraints.txt | 14 -- .../notes/bios-integer-types-79928fbd0b49ac57.yaml | 4 + .../certificate-service-ff8061143d454313.yaml | 4 + .../notes/fakedriver-819d46b6f1e18081.yaml | 9 ++ requirements.txt | 4 + setup.cfg | 1 + sushy_tools/emulator/api_utils.py | 7 +- .../emulator/controllers/certificate_service.py | 92 ++++++++++++ sushy_tools/emulator/controllers/virtual_media.py | 63 ++++++++- sushy_tools/emulator/main.py | 29 +++- sushy_tools/emulator/resources/systems/base.py | 23 +-- .../emulator/resources/systems/fakedriver.py | 155 +++++++++++++++++++++ .../emulator/resources/systems/libvirtdriver.py | 2 + .../emulator/resources/systems/novadriver.py | 55 -------- sushy_tools/emulator/resources/vmedia.py | 76 +++++++++- sushy_tools/emulator/templates/certificate.json | 10 ++ .../emulator/templates/certificate_locations.json | 17 +++ .../emulator/templates/certificate_service.json | 17 +++ sushy_tools/emulator/templates/root.json | 7 +- .../controllers/test_certificate_service.py | 124 +++++++++++++++++ .../emulator/controllers/test_virtual_media.py | 92 +++++++++++- .../emulator/resources/systems/test_fakedriver.py | 94 +++++++++++++ .../emulator/resources/systems/test_libvirt.py | 12 ++ test-requirements.txt | 2 - tox.ini | 12 +- zuul.d/project.yaml | 13 +- zuul.d/sushy-tools-jobs.yaml | 8 +- 31 files changed, 976 insertions(+), 129 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index 834ac64..b869ebc 100644 --- a/requirements.txt +++ b/requirements.txt @@ -0,0 +1,4 @@ +# Requirements lower bounds listed here are our best effort to keep them up to +# date but we do not test them so no guarantee of having them all correct. If +# you find any incorrect lower bounds, let us know or propose a fix. + diff --git a/test-requirements.txt b/test-requirements.txt index 8dd5470..9c7d301 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -8 +7,0 @@ libvirt-python>=6.0.0 # LGPLv2+ -python-subunit>=1.0.0 # Apache-2.0/BSD @@ -13 +11,0 @@ stestr>=1.0.0 # Apache-2.0 -testscenarios>=0.4 # Apache-2.0/BSD From no-reply at openstack.org Fri Jun 17 10:13:14 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Fri, 17 Jun 2022 10:13:14 -0000 Subject: [release-announce] python-designateclient 4.2.1 (wallaby) Message-ID: We are tickled pink to announce the release of: python-designateclient 4.2.1: OpenStack DNS-as-a-Service - Client This release is part of the wallaby stable release series. The source is available from: https://opendev.org/openstack/python-designateclient Download the package from: https://pypi.org/project/python-designateclient Please report issues through: https://bugs.launchpad.net/python-designateclient/+bugs For more details, please see below. Changes in python-designateclient 4.2.0..4.2.1 ---------------------------------------------- a21eb07 Fix missing --target-project-id for transfer req dd0ac7e Remove edit-managed from unsupported commands 5626ce0 Clarify that name or ID can be used on TLDs fb20353 Fixed zone transfer accept list command c689be2 Update zuul queue configuration 7503b53 Remove lower-constraint job from stable/wallaby 7dca8c3 Update TOX_CONSTRAINTS_FILE for stable/wallaby 2a6644a Update .gitreview for stable/wallaby Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + .zuul.yaml | 4 +--- designateclient/v2/cli/common.py | 4 ++-- designateclient/v2/cli/recordsets.py | 2 ++ designateclient/v2/cli/tlds.py | 6 +++--- designateclient/v2/cli/zones.py | 9 ++++++++- lower-constraints.txt | 5 +---- tox.ini | 6 +++--- 10 files changed, 30 insertions(+), 16 deletions(-) From no-reply at openstack.org Fri Jun 17 10:16:38 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Fri, 17 Jun 2022 10:16:38 -0000 Subject: [release-announce] oslo.policy 4.0.0 (zed) Message-ID: We are ecstatic to announce the release of: oslo.policy 4.0.0: Oslo Policy library This release is part of the zed release series. The source is available from: https://opendev.org/openstack/oslo.policy Download the package from: https://pypi.org/project/oslo.policy Please report issues through: https://bugs.launchpad.net/oslo.policy/+bugs For more details, please see below. Changes in oslo.policy 3.12.1..4.0.0 ------------------------------------ 5bd767b Fix generation of sample policy files 6471443 Drop python3.6/3.7 support in testing runtime Diffstat (except docs and test files) ------------------------------------- oslo_policy/generator.py | 5 +++-- setup.cfg | 4 +--- 2 files changed, 4 insertions(+), 5 deletions(-) From no-reply at openstack.org Fri Jun 17 10:16:39 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Fri, 17 Jun 2022 10:16:39 -0000 Subject: [release-announce] designate 12.1.0 (wallaby) Message-ID: We contentedly announce the release of: designate 12.1.0: DNS as a Service This release is part of the wallaby stable release series. The source is available from: https://opendev.org/openstack/designate Download the package from: https://tarballs.openstack.org/designate/ Please report issues through: https://bugs.launchpad.net/designate/+bugs For more details, please see below. 12.1.0 ^^^^^^ Bug Fixes * Fixed an issue that caused the recordset_records quota to not be enforced. * Fixes bug 1934252 which ignored invalid denylist patterns. The fix entailed checking the pattern string via regular expression compiler and testing for zero length. Previously you could create blacklist/denylist using string that cannot be used either as a regex or as a zone name, for example: patterns = ['', "'#(*&^%$%$#@$']" In addition, the server will return a 400 BadRequest response to an invalid pattern. (https://bugs.launchpad.net/designate/+bug/1934252) * Fixed an issue where new BIND9 pool instances may fail on zone update. * Fixed an issue where set-quotas will always return the default quotas if it was called with a non-project scoped token and the all- projects flag was not set. * Fixes support for keystone default roles and scoped tokens. * Allows for a minimum TTL value of zero to be used instead of 1. As stated in RFC https://datatracker.ietf.org/doc/html/rfc2181#section-8. (https://bugs.launchpad.net/designate/+bug/1926429) * CAA records now allow the use of *+* prefixed subadresses like *security+caa at example.net* within mail urls. (https://www.rfc- editor.org/rfc/rfc5233.html#section-1) See bug 1958533 for more information. (https://bugs.launchpad.net/designate/+bug/1958533) * Fixed a bug where deleting a zone transfer request may fail when using a system scoped token. Changes in designate 12.0.1..12.1.0 ----------------------------------- f2557474 Fix misleading release note for RBAC changes. abe17707 Update zuul queue configuration eacd478e Clarifies the zone import error message 790f0963 Fix incorrect 404 error on floating IP create 8af89be2 Fix duplicate zone when creating ptr records 1dd3b9de Cleanup scheduler 29a8069e Fixed incorrect message when zone import failed due to quota 60682cce Fix dns.query.tcp/udp not always handling ipv6 properly e6dbc1fb Simplify create zone import implementation 12510551 Stop running grenade on Wallaby a2ff328c Checks for invalid denylist regex patterns 1eb5cb41 Improve wording for validation error messages b51c9724 Modernize PTR implementation in Central 899cd6e7 Fix designate-manage pool update bugs 53cf9b96 Allow email subadresses to be used within mail url of CAA records b6915f00 Fix zone update when adding new Bind9 target to pool. 0f041e37 Add proper quota error messages 8562a683 Fix delete zone transfer request with scoped token 3e753554 Minimum TTL value allowed is zero 7217ce4e Fix a typo in the tsigkey policy file ea85d917 Fix set-quotas for non-project scoped tokens 72267c8f Validate worker actions before retrying poll 643f4cde Fixed incorrect quota exception message 2e55c3e2 Improve quota API validations 5d348de3 Fix tox docs env to have the correct dependencies 0323c424 Allow TXT record over 255 characters if split bbde15f5 Fix support for scoped tokens and default roles 7ed90faa Fix recordset_records quota enforcement 9e2618a2 Add fips jobs e1ee648f Replace md5 for fips 914b55a6 Remove lower-constraint job from stable/wallaby Diffstat (except docs and test files) ------------------------------------- .zuul.yaml | 39 +- designate/api/middleware.py | 6 +- designate/api/v2/controllers/quotas.py | 10 + .../api/v2/controllers/zones/tasks/exports.py | 9 +- designate/backend/agent.py | 40 +- designate/backend/impl_bind9.py | 31 +- designate/central/service.py | 1273 +++++++++++++------- designate/common/constants.py | 28 + designate/common/policies/base.py | 70 +- designate/common/policies/blacklist.py | 56 +- designate/common/policies/context.py | 50 +- designate/common/policies/diagnostics.py | 51 +- designate/common/policies/pool.py | 56 +- designate/common/policies/quota.py | 34 +- designate/common/policies/record.py | 16 +- designate/common/policies/recordset.py | 106 +- designate/common/policies/service_status.py | 24 +- designate/common/policies/tenant.py | 24 +- designate/common/policies/tld.py | 40 +- designate/common/policies/tsigkey.py | 45 +- designate/common/policies/zone.py | 129 +- designate/common/policies/zone_export.py | 64 +- designate/common/policies/zone_import.py | 42 +- designate/common/policies/zone_transfer_accept.py | 48 +- designate/common/policies/zone_transfer_request.py | 52 +- designate/context.py | 5 +- designate/dnsutils.py | 152 ++- designate/exceptions.py | 13 + designate/mdns/notify.py | 24 +- .../adapters/api_v2/zone_transfer_request.py | 12 +- designate/objects/blacklist.py | 4 +- designate/objects/fields.py | 53 +- designate/objects/quota.py | 8 +- designate/objects/rrdata_txt.py | 38 +- designate/objects/zone.py | 2 +- designate/policy.py | 15 +- designate/quota/base.py | 19 +- designate/quota/impl_storage.py | 2 +- designate/scheduler/base.py | 52 +- designate/scheduler/filters/attribute_filter.py | 20 +- designate/scheduler/filters/fallback_filter.py | 9 +- designate/scheduler/filters/random_filter.py | 14 +- designate/storage/impl_sqlalchemy/__init__.py | 21 +- designate/worker/README.md | 2 +- designate/worker/tasks/base.py | 48 + designate/worker/tasks/zone.py | 38 +- designate/worker/utils.py | 82 -- lower-constraints.txt | 2 +- playbooks/enable-fips.yaml | 3 + ...x-recordset-records-quota-76ed3095dd2afbbe.yaml | 4 + ...atterns-not-being-checked-ec1f1316ccc6cb1d.yaml | 16 + ...x-update-zone-create-zone-ada1fd81de479492.yaml | 4 + ...non-project-scoped-tokens-ffe3082db3dbb55b.yaml | 6 + .../Support-scoped-tokens-6b7d6052a258cd11.yaml | 4 + ...429-allow-ttl-min-of-zero-688f7c2cf095d89d.yaml | 8 + ...33-allow-caa-mail-subaddr-d02cdc46bbb118ad.yaml | 10 + ...sfer-request-scoped-token-fc9d3be407e1a50a.yaml | 5 + requirements.txt | 2 +- tox.ini | 1 + 81 files changed, 2773 insertions(+), 1454 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index 26c39be3..6f622631 100644 --- a/requirements.txt +++ b/requirements.txt @@ -23 +23 @@ oslo.upgradecheck>=1.3.0 -oslo.utils>=4.5.0 # Apache-2.0 +oslo.utils>=4.7.0 # Apache-2.0 From no-reply at openstack.org Fri Jun 17 10:17:49 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Fri, 17 Jun 2022 10:17:49 -0000 Subject: [release-announce] oslo.vmware 4.0.0 (zed) Message-ID: We are delighted to announce the release of: oslo.vmware 4.0.0: Oslo VMware library This release is part of the zed release series. The source is available from: https://opendev.org/openstack/oslo.vmware Download the package from: https://pypi.org/project/oslo.vmware Please report issues through: https://bugs.launchpad.net/oslo.vmware/+bugs For more details, please see below. Changes in oslo.vmware 3.10.0..4.0.0 ------------------------------------ 42ca5dd Download ISO in more simple way. 54a96f5 Drop python3.6/3.7 support in testing runtime 6dd22ed Add Python3 zed unit tests 5a949e0 Update master for stable/yoga Diffstat (except docs and test files) ------------------------------------- .zuul.yaml | 2 +- oslo_vmware/rw_handles.py | 137 +++++++++++++++++++++++++++++++++--------- releasenotes/source/index.rst | 1 + releasenotes/source/yoga.rst | 6 ++ setup.cfg | 5 +- 5 files changed, 118 insertions(+), 33 deletions(-) From no-reply at openstack.org Fri Jun 17 10:19:19 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Fri, 17 Jun 2022 10:19:19 -0000 Subject: [release-announce] oslo.utils 5.0.0 (zed) Message-ID: We are thrilled to announce the release of: oslo.utils 5.0.0: Oslo Utility library This release is part of the zed release series. The source is available from: https://opendev.org/openstack/oslo.utils Download the package from: https://pypi.org/project/oslo.utils Please report issues through: https://bugs.launchpad.net/oslo.utils/+bugs For more details, please see below. Changes in oslo.utils 4.13.0..5.0.0 ----------------------------------- efa9dcb bindep: Use Python 3 devel packages 0eaa7de strutils: Defer import of pyparsing 383789c Drop python3.6/3.7 support in testing runtime de2b367 Remove unnecessary unicode prefixes Diffstat (except docs and test files) ------------------------------------- bindep.txt | 4 +--- oslo_utils/strutils.py | 13 ++++++------ releasenotes/source/conf.py | 14 ++++++------ setup.cfg | 4 +--- 9 files changed, 56 insertions(+), 60 deletions(-) From no-reply at openstack.org Fri Jun 17 10:19:19 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Fri, 17 Jun 2022 10:19:19 -0000 Subject: [release-announce] python-designateclient 4.5.1 (yoga) Message-ID: We are pleased to announce the release of: python-designateclient 4.5.1: OpenStack DNS-as-a-Service - Client This release is part of the yoga stable release series. The source is available from: https://opendev.org/openstack/python-designateclient Download the package from: https://pypi.org/project/python-designateclient Please report issues through: https://bugs.launchpad.net/python-designateclient/+bugs For more details, please see below. Changes in python-designateclient 4.5.0..4.5.1 ---------------------------------------------- 06887d6 Fix missing --target-project-id for transfer req f11c636 Update TOX_CONSTRAINTS_FILE for stable/yoga dcd068d Update .gitreview for stable/yoga Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + designateclient/v2/cli/zones.py | 7 +++++++ tox.ini | 6 +++--- 3 files changed, 11 insertions(+), 3 deletions(-) From no-reply at openstack.org Fri Jun 17 10:20:22 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Fri, 17 Jun 2022 10:20:22 -0000 Subject: [release-announce] python-designateclient 4.3.1 (xena) Message-ID: We are jazzed to announce the release of: python-designateclient 4.3.1: OpenStack DNS-as-a-Service - Client This release is part of the xena stable release series. The source is available from: https://opendev.org/openstack/python-designateclient Download the package from: https://pypi.org/project/python-designateclient Please report issues through: https://bugs.launchpad.net/python-designateclient/+bugs For more details, please see below. Changes in python-designateclient 4.3.0..4.3.1 ---------------------------------------------- e5ec080 Fix missing --target-project-id for transfer req be1b1fd Remove edit-managed from unsupported commands 5ef179f Clarify that name or ID can be used on TLDs 6c7f47c Update zuul queue configuration da7f4ca Remove lower-constraint job from stable/xena 2899e96 Bump lower-constraint for decorator to 4.2.1 068bb7d Update TOX_CONSTRAINTS_FILE for stable/xena 0e92a52 Update .gitreview for stable/xena Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + .zuul.yaml | 4 +--- designateclient/v2/cli/common.py | 4 ++-- designateclient/v2/cli/recordsets.py | 2 ++ designateclient/v2/cli/tlds.py | 6 +++--- designateclient/v2/cli/zones.py | 7 +++++++ lower-constraints.txt | 2 +- tox.ini | 6 +++--- 8 files changed, 20 insertions(+), 12 deletions(-) From no-reply at openstack.org Fri Jun 17 10:23:06 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Fri, 17 Jun 2022 10:23:06 -0000 Subject: [release-announce] virtualbmc 2.2.2 Message-ID: We are stoked to announce the release of: virtualbmc 2.2.2: Create virtual BMCs for controlling virtual instances via IPMI The source is available from: https://opendev.org/openstack/virtualbmc Download the package from: https://tarballs.openstack.org/virtualbmc/ For more details, please see below. Changes in virtualbmc 2.2.1..2.2.2 ---------------------------------- 835fd3b Use zed jobs 4a8a0ae Re-add python 3.6/3.7 in classifier 6b077fa Updating python testing as per Yoga testing runtime d35a80f Update pep8 test requirements Diffstat (except docs and test files) ------------------------------------- setup.cfg | 2 ++ tox.ini | 12 +++--------- zuul.d/project.yaml | 4 +++- zuul.d/virtualbmc-jobs.yaml | 1 + 4 files changed, 9 insertions(+), 10 deletions(-) From no-reply at openstack.org Tue Jun 21 09:38:51 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Tue, 21 Jun 2022 09:38:51 -0000 Subject: [release-announce] ovsdbapp 1.9.3 (wallaby) Message-ID: We are psyched to announce the release of: ovsdbapp 1.9.3: A library for creating OVSDB applications This release is part of the wallaby stable release series. The source is available from: https://opendev.org/openstack/ovsdbapp Download the package from: https://tarballs.openstack.org/ovsdbapp/ Please report issues through: https://bugs.launchpad.net/ovsdbapp/+bugs For more details, please see below. Changes in ovsdbapp 1.9.2..1.9.3 -------------------------------- f804411 Update QoS register in "QoSAddCommand" if exists e1a0d7c Add cooperative_yield() to OvsdbIdl c6e2c43 Handle OVS 2.17 change to Idl.tables Diffstat (except docs and test files) ------------------------------------- ovsdbapp/backend/ovs_idl/connection.py | 9 +- ovsdbapp/schema/ovn_northbound/commands.py | 41 +++++++++- ovsdbapp/schema/ovn_northbound/impl_idl.py | 6 +- .../schema/ovn_northbound/test_impl_idl.py | 95 ++++++++++++++++++++-- 4 files changed, 138 insertions(+), 13 deletions(-) From no-reply at openstack.org Tue Jun 21 09:43:53 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Tue, 21 Jun 2022 09:43:53 -0000 Subject: [release-announce] ovsdbapp 1.12.2 (xena) Message-ID: We are satisfied to announce the release of: ovsdbapp 1.12.2: A library for creating OVSDB applications This release is part of the xena stable release series. The source is available from: https://opendev.org/openstack/ovsdbapp Download the package from: https://tarballs.openstack.org/ovsdbapp/ Please report issues through: https://bugs.launchpad.net/ovsdbapp/+bugs For more details, please see below. Changes in ovsdbapp 1.12.1..1.12.2 ---------------------------------- 4d4402c Update QoS register in "QoSAddCommand" if exists 62ee947 Add cooperative_yield() to OvsdbIdl ab571f4 Handle OVS 2.17 change to Idl.tables Diffstat (except docs and test files) ------------------------------------- ovsdbapp/backend/ovs_idl/connection.py | 9 +- ovsdbapp/schema/ovn_northbound/commands.py | 41 +++++++++- ovsdbapp/schema/ovn_northbound/impl_idl.py | 6 +- .../schema/ovn_northbound/test_impl_idl.py | 95 ++++++++++++++++++++-- 4 files changed, 138 insertions(+), 13 deletions(-) From no-reply at openstack.org Thu Jun 23 09:45:42 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Thu, 23 Jun 2022 09:45:42 -0000 Subject: [release-announce] oslo.utils 6.0.0 (zed) Message-ID: We are chuffed to announce the release of: oslo.utils 6.0.0: Oslo Utility library This release is part of the zed release series. The source is available from: https://opendev.org/openstack/oslo.utils Download the package from: https://pypi.org/project/oslo.utils Please report issues through: https://bugs.launchpad.net/oslo.utils/+bugs For more details, please see below. 6.0.0 ^^^^^ Upgrade Notes * The "oslo_utils.fnmatch" module has been removed. The stdlib "fnmatch" module is thread safe in Python 3+. * The "isotime", "strtime" and "iso8601_from_timestamp" helpers have been removed from "oslo_utils.timeutils". These are all available in the stdlib in Python 3. Changes in oslo.utils 5.0.0..6.0.0 ---------------------------------- 76146aa Remove deprecated helpers from oslo_utils.timeutils 5832a74 Remove oslo_utils.fnmatch 17db918 requirements: Remove explicit pbr dependency Diffstat (except docs and test files) ------------------------------------- oslo_utils/fnmatch.py | 30 --------- oslo_utils/timeutils.py | 64 ------------------- .../notes/remove-fnmatch-f227b54f237a02c2.yaml | 5 ++ ...eutils-deprecated-helpers-5de68c21dd281529.yaml | 7 ++ requirements.txt | 5 -- 6 files changed, 15 insertions(+), 170 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index ddc07f0..37374ac 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +0,0 @@ -# The order of packages is significant, because pip processes them in the order -# of appearance. Changing the order has an impact on the overall integration -# process, which may cause wedges in the gate later. - @@ -10 +5,0 @@ -pbr!=2.1.0,>=2.0.0 # Apache-2.0 From no-reply at openstack.org Thu Jun 23 10:30:28 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Thu, 23 Jun 2022 10:30:28 -0000 Subject: [release-announce] glance_store 2.7.1 (xena) Message-ID: We enthusiastically announce the release of: glance_store 2.7.1: OpenStack Image Service Store Library This release is part of the xena stable release series. The source is available from: https://opendev.org/openstack/glance_store Download the package from: https://pypi.org/project/glance_store For more details, please see below. 2.7.1 ^^^^^ Bug Fixes * Bug #1969373 (https://bugs.launchpad.net/glance- store/+bug/1969373): Cinder Driver: Correct the retry interval from fixed 1 second to exponential backoff for attaching a volume during image create/save operation. * Bug #1955668 (https://bugs.launchpad.net/glance- store/+bug/1955668): Fixed issue with glance cinder store passing hostname instead of IP address to os-brick while getting connector information. * Bug #1959913 (https://bugs.launchpad.net/glance- store/+bug/1959913): Added wait between the volume being extended and the new size being detected while opening the volume device. Changes in glance_store 2.7.0..2.7.1 ------------------------------------ a4ba0c4 Correct retry interval during attach volume ea5139b Cinder store: Wait for device resize 83d9c5d Pass valid IP address to os-brick ca8b704 Update TOX_CONSTRAINTS_FILE for stable/xena 58f0ed7 Update .gitreview for stable/xena Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + glance_store/_drivers/cinder.py | 44 ++++++++++++- glance_store/common/cinder_utils.py | 4 +- .../fix-interval-in-retries-471155ff34d9f0e9.yaml | 7 +++ .../fix-ip-in-connector-info-36b95d9959f10f63.yaml | 6 ++ .../fix-wait-device-resize-c282940b71a3748e.yaml | 7 +++ tox.ini | 6 +- 9 files changed, 200 insertions(+), 19 deletions(-) From no-reply at openstack.org Thu Jun 23 10:30:41 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Thu, 23 Jun 2022 10:30:41 -0000 Subject: [release-announce] nova 25.0.1 (yoga) Message-ID: We are thrilled to announce the release of: nova 25.0.1: Cloud computing fabric controller This release is part of the yoga stable release series. The source is available from: https://opendev.org/openstack/nova Download the package from: https://tarballs.openstack.org/nova/ Please report issues through: https://bugs.launchpad.net/nova/+bugs For more details, please see below. 25.0.1 ^^^^^^ Bug Fixes * Instances with hardware offloaded ovs ports no longer lose connectivity after failed live migrations. The driver.rollback_live_migration_at_source function is no longer called during during pre_live_migration rollback which previously resulted in connectivity loss following a failed live migration. See Bug 1944619 for more details. (https://bugs.launchpad.net/nova/+bug/1944619) * Bug #1970383 (https://bugs.launchpad.net/nova/+bug/1970383): Fixes a permissions error when using the 'query_placement_for_routed_network_aggregates' scheduler variable, which caused a traceback on instance creation for non-admin users. Changes in nova 25.0.0..25.0.1 ------------------------------ dfa05d62da Add missing condition 8756688278 Retry in CellDatabases fixture when global DB state changes 4ca4b2e6bc Allow claiming PCI PF if child VF is unavailable 23c48b6706 Simulate bug 1969496 d7bca631fe Remove unavailable but not reported PCI devices at startup f04cfd4235 Isolate PCI tracker unit tests 60548e8042 Fix segment-aware scheduling permissions error 1ac0d6984a [CI] Install dependencies for docs target 29b94aa34a Fix pre_live_migration rollback 3402aa7a53 Adds regression test for bug LP#1944619 15b72717f2 [stable-only] Drop lower-constraints job a9f444a997 Fix eventlet.tpool import 1bb0697f1c [stable-only] Update TOX_CONSTRAINTS_FILE for stable/yoga a473b5e1f4 [stable-only] Update .gitreview for stable/yoga Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + .zuul.yaml | 1 - lower-constraints.txt | 166 ----------- nova/compute/manager.py | 16 +- nova/network/neutron.py | 4 +- nova/objects/migrate_data.py | 3 + nova/objects/pci_device.py | 61 ++++- nova/pci/manager.py | 16 +- nova/pci/stats.py | 6 +- .../functional/regressions/test_bug_1944619.py | 76 ++++++ nova/utils.py | 3 +- .../bug-1944619-fix-live-migration-rollback.yaml | 10 + ...nt-scheduling-permissions-92ba907b10a9eb1c.yaml | 7 + tox.ini | 12 +- 20 files changed, 534 insertions(+), 254 deletions(-) From no-reply at openstack.org Thu Jun 23 10:56:53 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Thu, 23 Jun 2022 10:56:53 -0000 Subject: [release-announce] oslo.messaging 12.9.4 (xena) Message-ID: We joyfully announce the release of: oslo.messaging 12.9.4: Oslo Messaging API This release is part of the xena stable release series. The source is available from: https://opendev.org/openstack/oslo.messaging Download the package from: https://pypi.org/project/oslo.messaging Please report issues through: https://bugs.launchpad.net/oslo.messaging/+bugs For more details, please see below. Changes in oslo.messaging 12.9.3..12.9.4 ---------------------------------------- d57eccd8 amqp1: fix race when reconnecting Diffstat (except docs and test files) ------------------------------------- oslo_messaging/_drivers/amqp1_driver/controller.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) From no-reply at openstack.org Thu Jun 23 10:57:17 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Thu, 23 Jun 2022 10:57:17 -0000 Subject: [release-announce] horizon 22.2.0 (zed) Message-ID: We are psyched to announce the release of: horizon 22.2.0: OpenStack Dashboard This release is part of the zed release series. The source is available from: https://opendev.org/openstack/horizon Download the package from: https://tarballs.openstack.org/horizon/ Please report issues through: https://bugs.launchpad.net/horizon/+bugs For more details, please see below. 22.2.0 ^^^^^^ New Features ************ * Horizon can now use a system scope token when performing admin operations. To enable that, a new setting, SYSTEM_SCOPE_SERVICES, has to list the OpenStack services for which this feature is to be enabled. When that setting is not empty, a new option, "system scope" will appear in the context switching menu, and the panels for the listed services will be moved into that context in the main menu. Upgrade Notes ************* * Horizon no longer requires the keystone admin endpoint. keystone does not distinguish public and admin endpoints and there is no functional difference between public and admin endpoints. There is no need for a separate endpoint for keystone admin operations, but horizon required the keystone admin endpoint is configured previously. This requirement no longer exists. An endpoint specified by "OPENSTACK_ENDPOINT_TYPE" setting is used for the keystone admin operations. You can drop the admin endpoint for keystone (unless other services require it). [:bug:`1950659`] Deprecation Notes ***************** * The Django version of the Images, Keypairs, and Roles panels is deprecated now. Switch to the AngularJS version by setting "images_panel", "key_pairs_panel" and "roles_panel" keys in "ANGULAR_FEATURES" setting to "True" (or dropping these keys from "ANGULAR_FEATURES" setting). The horizon team believes that feature gaps between Django and AngularJS implementations have been closed for all these panels and we can drop the Django version. If you see any feature gap, please file a bug to horizon or contact the horizon team. Changes in horizon 22.0.0..22.2.0 --------------------------------- 2ebbb384a Imported Translations from Zanata f044c4b0a Migrate to AngularJS v1.8.2 2e6eca294 Speed up integration tests 6a3fa87cd Pass client IP to keystoneauth1 session f7e049233 Bump tox minversion to 3.18.0 65d748fb2 Deprecate Django based Panel for Images, Keypair, and roles 60692f56d Setup project template for nodejs v16 jobs a5dd9e21c Some tweaks to improve work with Material Theme e4ac4550c Pass real client IP to keystoneauth original_ip 33efe3179 Address RemovedInDjango40Warning 89249f76e [doc] Add documentation about the release process in horizon f4bbc99b1 Remove ability to filter instances by VCPUs 35a490f4e Do not assume keystone admin endpoint 51a15d479 Imported Translations from Zanata 6922e862f Add Python3 zed unit tests aaa7a4932 Update master for stable/yoga 961fab691 Replace remaining usage of ugettext_lazy b31bfe3b9 Add pagination to Flavors table in Launch Instance wizard 6c814b241 Add SYSTEM_SCOPE_SERVICES setting that hides panels 85e20a62e local_settings.py: Disable django.template DEBUG messages e6d46b218 Update pyScss to 1.4.0 4e0f5a5a8 Make existing empty metadata properties optional Diffstat (except docs and test files) ------------------------------------- .zuul.d/django-jobs.yaml | 2 +- .zuul.d/nodejs-jobs.yaml | 46 ++++ .zuul.d/project.yaml | 8 +- .zuul.d/tempest-and-integrated.yaml | 5 - .zuul.d/xstatic-master.yaml | 4 +- .../locale/en_GB/LC_MESSAGES/doc-configuration.po | 136 ++++++++++- .../locale/en_GB/LC_MESSAGES/doc-contributor.po | 191 ++++++++++++++- .../locale/id/LC_MESSAGES/doc-contributor.po | 11 +- horizon/conf/dash_template/dashboard.py.tmpl | 2 +- horizon/conf/panel_template/panel.py.tmpl | 2 +- horizon/static/framework/framework.module.spec.js | 4 +- horizon/static/framework/util/http/http.spec.js | 10 +- .../util/navigations/navigations.service.js | 2 + .../display/metadata-display.controller.js | 6 +- .../metadata/tree/metadata-tree-item.controller.js | 20 +- .../widgets/metadata/tree/metadata-tree-item.html | 2 +- .../metadata/tree/metadata-tree.controller.js | 17 +- .../widgets/metadata/tree/tree.service.js | 6 + .../property/hz-resource-property.controller.js | 18 +- .../static/framework/widgets/wizard/wizard.spec.js | 24 +- lower-constraints.txt | 2 +- openstack_auth/backend.py | 12 +- openstack_auth/locale/en_GB/LC_MESSAGES/django.po | 12 +- openstack_auth/plugin/base.py | 27 ++- openstack_auth/views.py | 11 +- openstack_dashboard/api/keystone.py | 11 +- .../dashboards/admin/aggregates/panel.py | 7 + .../dashboards/admin/defaults/panel.py | 7 + .../dashboards/admin/flavors/panel.py | 7 + .../dashboards/admin/floating_ips/panel.py | 7 + .../dashboards/admin/hypervisors/panel.py | 7 + .../dashboards/admin/images/panel.py | 7 + openstack_dashboard/dashboards/admin/info/panel.py | 7 + .../dashboards/admin/instances/panel.py | 7 + .../dashboards/admin/metadata_defs/panel.py | 7 + .../dashboards/admin/networks/panel.py | 7 + .../dashboards/admin/overview/panel.py | 7 + .../dashboards/admin/rbac_policies/panel.py | 4 + .../dashboards/admin/routers/panel.py | 7 + .../dashboards/admin/trunks/panel.py | 4 + .../dashboards/identity/dashboard.py | 7 + .../dashboards/identity/roles/views.py | 11 + .../identity/domains/actions/delete.service.js | 4 +- .../domains/actions/delete.service.spec.js | 6 +- .../dashboards/project/images/views.py | 11 + .../dashboards/project/instances/tables.py | 1 - .../dashboards/project/key_pairs/views.py | 10 + .../containers/containers.controller.spec.js | 2 +- .../containers/objects-row-actions.service.spec.js | 6 +- .../launch-instance/flavor/flavor-details.html | 39 ++++ .../launch-instance/flavor/flavor.controller.js | 99 ++++++-- .../workflow/launch-instance/flavor/flavor.html | 259 ++------------------- .../workflow/launch-instance/flavor/flavor.spec.js | 18 +- .../launch-instance-model.service.spec.js | 26 ++- openstack_dashboard/defaults.py | 5 + openstack_dashboard/karma.conf.js | 2 +- .../local/local_settings.py.example | 8 + .../locale/en_GB/LC_MESSAGES/django.po | 14 +- .../locale/en_GB/LC_MESSAGES/djangojs.po | 207 +++++++++++++++- openstack_dashboard/static/app/app.module.js | 8 +- .../core/images/actions/delete-image.service.js | 4 +- .../static/app/core/images/images.service.spec.js | 6 +- .../steps/create-image/create-image.controller.js | 6 +- .../create-image/create-image.controller.spec.js | 6 +- .../create-volume/create-volume.controller.js | 22 +- .../create-volume/create-volume.controller.spec.js | 76 +++--- .../actions/delete.action.service.spec.js | 1 + .../core/openstack-service-api/cinder.service.js | 42 ++-- .../core/openstack-service-api/common-test.mock.js | 6 +- .../core/openstack-service-api/glance.service.js | 22 +- .../core/openstack-service-api/keystone.service.js | 74 +++--- .../core/openstack-service-api/network.service.js | 10 +- .../core/openstack-service-api/neutron.service.js | 76 +++--- .../openstack-service-api/neutron.service.spec.js | 62 ++--- .../app/core/openstack-service-api/nova.service.js | 83 +++---- .../openstack-service-api/nova.service.spec.js | 36 +-- .../core/openstack-service-api/policy.service.js | 8 +- .../openstack-service-api/policy.service.spec.js | 6 +- .../security-group.service.js | 2 +- .../core/openstack-service-api/settings.service.js | 2 +- .../openstack-service-api/settings.service.spec.js | 21 +- .../core/openstack-service-api/swift.service.js | 78 +++---- .../openstack-service-api/swift.service.spec.js | 42 ++-- .../actions/delete.action.service.spec.js | 6 +- .../trunks/actions/delete.action.service.spec.js | 1 + .../templates/header/_context_selection.html | 4 +- .../templatetags/context_selection.py | 4 +- .../themes/material/static/_styles.scss | 6 + .../material/templates/horizon/_sidebar.html | 4 +- ...or-images-keyspairs-roles-36b9c234eef71b51.yaml | 12 + .../feature-system-scope-a88a07b7f414b3d6.yaml | 9 + ...dpoint-no-longer-required-06a8d29dfdb3b1cd.yaml | 12 + releasenotes/source/index.rst | 1 + .../locale/en_GB/LC_MESSAGES/releasenotes.po | 230 +++++++++++++++++- releasenotes/source/yoga.rst | 6 + requirements.txt | 2 +- tox.ini | 8 +- 104 files changed, 1762 insertions(+), 786 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index f1f245993..9eabe2f25 100644 --- a/requirements.txt +++ b/requirements.txt @@ -32 +32 @@ pymongo!=3.1,>=3.0.2 # Apache-2.0 -pyScss>=1.3.7 # MIT License +pyScss>=1.4.0 # MIT License From no-reply at openstack.org Thu Jun 23 11:01:54 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Thu, 23 Jun 2022 11:01:54 -0000 Subject: [release-announce] nova 23.2.1 (wallaby) Message-ID: We are overjoyed to announce the release of: nova 23.2.1: Cloud computing fabric controller This release is part of the wallaby stable release series. The source is available from: https://opendev.org/openstack/nova Download the package from: https://tarballs.openstack.org/nova/ Please report issues through: https://bugs.launchpad.net/nova/+bugs For more details, please see below. 23.2.1 ^^^^^^ New Features ************ * Added a new configuration option "[workarounds]/enable_qemu_monitor_announce_self" that when enabled causes the Libvirt driver to send a announce_self QEMU monitor command post live-migration. Please see bug 1815989 (https://bugs.launchpad.net/nova/+bug/1815989) for more details. Please note that this causes the domain to be considered tainted by libvirt. Bug Fixes ********* * Fixes an issue with multiple "nova-compute" services used with Ironic, where a rebalance operation could result in a compute node being deleted from the database and not recreated. See bug 1853009 for details. Changes in nova 23.2.0..23.2.1 ------------------------------ e8b079a91e Add service version check workaround for FFU 4cf632338d func: Increase rpc_response_timeout in TestMultiCellMigrate tests baf0d93e0f Define new functional test tox env for placement gate to run f66a570e94 [CI] Install dependencies for docs target 327693af40 [stable-only] Drop lower-constraints job 76ea8ee377 libvirt: Abort live-migration job when monitoring fails 9609ae0bab libvirt: Add announce-self post live-migration workaround 665c053315 Fix inactive session error in compute node creation cbbca58504 Prevent deletion of a compute node belonging to another host 0fc104eeea Invalidate provider tree when compute node disappears Diffstat (except docs and test files) ------------------------------------- .zuul.yaml | 1 - lower-constraints.txt | 165 --------------------- nova/api/openstack/wsgi_app.py | 8 +- nova/compute/manager.py | 33 +++-- nova/compute/resource_tracker.py | 1 + nova/conf/workarounds.py | 23 +++ nova/db/sqlalchemy/api.py | 37 ++++- nova/objects/compute_node.py | 15 +- nova/scheduler/client/report.py | 17 ++- nova/service.py | 8 +- .../functional/regressions/test_bug_1853009.py | 71 +++------ nova/virt/libvirt/driver.py | 33 +++++ nova/virt/libvirt/guest.py | 10 ++ ...-self-post-live-migration-936721b1ab887514.yaml | 8 + .../notes/bug-1853009-99414e14d1491b5f.yaml | 7 + tox.ini | 18 ++- 25 files changed, 341 insertions(+), 261 deletions(-) From no-reply at openstack.org Thu Jun 23 11:12:53 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Thu, 23 Jun 2022 11:12:53 -0000 Subject: [release-announce] nova 24.1.1 (xena) Message-ID: We are glad to announce the release of: nova 24.1.1: Cloud computing fabric controller This release is part of the xena stable release series. The source is available from: https://opendev.org/openstack/nova Download the package from: https://tarballs.openstack.org/nova/ Please report issues through: https://bugs.launchpad.net/nova/+bugs For more details, please see below. 24.1.1 ^^^^^^ Bug Fixes * Instances with hardware offloaded ovs ports no longer lose connectivity after failed live migrations. The driver.rollback_live_migration_at_source function is no longer called during during pre_live_migration rollback which previously resulted in connectivity loss following a failed live migration. See Bug 1944619 for more details. (https://bugs.launchpad.net/nova/+bug/1944619) * Amended the guest resume operation to support mediated devices, as libvirt's minimum required version (v6.0.0) supports the hot- plug/unplug of mediated devices, which was addressed in v4.3.0. * Fixed bug 1960230 (https://bugs.launchpad.net/nova/+bug/1960230) that prevented resize of instances that had previously failed and not been cleaned up. * The bug 1960401 is fixed which can cause invalid *BlockDeviceMappings* to accumulate in the database. This prevented the respective volumes from being attached again to the instance. (https://bugs.launchpad.net/nova/+bug/1960401) * Fixes slow compute restart when using the "nova.virt.ironic" compute driver where the driver was previously attempting to attach VIFS on start-up via the "plug_vifs" driver method. This method has grown otherwise unused since the introduction of the "attach_interface" method of attaching VIFs. As Ironic manages the attachment of VIFs to baremetal nodes in order to align with the security requirements of a physical baremetal node's lifecycle. The ironic driver now ignores calls to the "plug_vifs" method. Changes in nova 24.1.0..24.1.1 ------------------------------ 7c4059669c Add missing condition 3a5f8924ff Add service version check workaround for FFU 90c51902e9 Fix pre_live_migration rollback 1059921383 Adds regression test for bug LP#1944619 b57fce8d14 Fix eventlet.tpool import 64cc0848be [CI] Install dependencies for docs target ba3c5b81ab [stable-only] Drop lower-constraints job 8670ca8bb2 Clean up when queued live migration aborted 479b8db3ab Add functional tests to reproduce bug #1960412 19c4f8e973 Test aborting queued live migration 31179f62f1 Cleanup old resize instances dir before resize a108221fb7 [stable-only] Set nova-tox-functional-centos8-py36 non-voting a46fc40aa4 Gracefull recovery when attaching volume fails c3ebe0f39e Revert "Revert resize: wait for events according to hybrid plug" b414fe18f1 Add nova-ovs-hybrid-plug job 15c32e89e4 Reattach mdevs to guest on resume eb6d70f02d Ignore plug_vifs on the ironic driver Diffstat (except docs and test files) ------------------------------------- .zuul.yaml | 65 ++++++- lower-constraints.txt | 166 ---------------- nova/api/openstack/wsgi_app.py | 8 +- nova/compute/api.py | 22 ++- nova/compute/manager.py | 141 +++++++------- nova/conf/workarounds.py | 10 + nova/network/model.py | 25 --- nova/objects/migrate_data.py | 3 + nova/objects/migration.py | 3 - nova/service.py | 8 +- .../functional/libvirt/test_live_migration.py | 212 +++++++++++++++++++++ .../functional/regressions/test_bug_1944619.py | 76 ++++++++ nova/utils.py | 3 +- nova/virt/ironic/driver.py | 21 +- nova/virt/libvirt/driver.py | 65 +++++-- .../bug-1944619-fix-live-migration-rollback.yaml | 10 + .../notes/bug-1948705-ff80ae392c525475.yaml | 6 + ...anup-instances-dir-resize-56282e1b436a4908.yaml | 6 + .../notes/bug-1960401-504eb255253d966a.yaml | 8 + ...-restart-port-attachments-3282e9ea051561d4.yaml | 11 ++ tox.ini | 9 +- 34 files changed, 792 insertions(+), 519 deletions(-) From no-reply at openstack.org Mon Jun 27 09:01:23 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 27 Jun 2022 09:01:23 -0000 Subject: [release-announce] cinderlib 4.2.0 (yoga) Message-ID: We are satisfied to announce the release of: cinderlib 4.2.0: Direct usage of Cinder Block Storage drivers without the services This release is part of the yoga release series. The source is available from: https://opendev.org/openstack/cinderlib Download the package from: https://tarballs.openstack.org/cinderlib/ Please report issues through: https://bugs.launchpad.net/cinderlib/+bugs For more details, please see below. Changes in cinderlib 4.1.0..4.2.0 --------------------------------- 7be24a5 [docs] add tox, zuul maintenance tasks e4dd75a Add local upper constraints support 4d784d2 Fix privsep issues inside virtual env eec3b54 Use stable/yoga override for CI jobs (conclusion) 30c9c0f Update Ceph version on CI job 84c6b10 Use stable/yoga override for CI jobs 82b8c25 Continue yoga development 2b661a7 setup.cfg: Replace dashes by underscores 40b290f Migrate jobs from CentOS 8 to CentOS 8 Stream e4a3489 Updating python testing as per Yoga testing runtime 57f90f9 Update master for stable/xena 0191f5e Open cinderlib for yoga development Diffstat (except docs and test files) ------------------------------------- .gitignore | 1 + .zuul.yaml | 53 +++-- cinderlib/bin/venv-privsep-helper | 10 + cinderlib/cinderlib.py | 21 ++ playbooks/setup-ceph.yaml | 6 +- .../notes/fix-privsep-venv-2ae8ce791136ae73.yaml | 7 + releasenotes/source/index.rst | 1 + releasenotes/source/xena.rst | 6 + requirements.txt | 9 +- setup.cfg | 12 +- tools/generate_uc.sh | 97 +++++++++ tools/special_install.sh | 23 +++ tools/virtualenv-sudo.sh | 12 +- tox.ini | 57 ++++-- 21 files changed, 476 insertions(+), 98 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index f9c6f76..816b5f4 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ -# restrict cinder to the xena release only -cinder>=19.0.0,<20.0.0 # Apache-2.0 -# brick upper bound is controlled by xena/upper-constraints -os-brick>=5.0.1 +# restrict cinder to the yoga release only +cinder>=20.0.0.0,<21.0.0 # Apache-2.0 +# brick upper bound is controlled by yoga/upper-constraints +os-brick>=5.2.0 # Apache-2.0 @@ -6,0 +7 @@ importlib_metadata>=1.7.0;python_version<'3.8' # Apache-2.0 +importlib_resources>=3.2.1;python_version<'3.10' # Apache-2.0 From no-reply at openstack.org Mon Jun 27 14:38:13 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 27 Jun 2022 14:38:13 -0000 Subject: [release-announce] glance_store 2.5.1 (wallaby) Message-ID: We are tickled pink to announce the release of: glance_store 2.5.1: OpenStack Image Service Store Library This release is part of the wallaby stable release series. The source is available from: https://opendev.org/openstack/glance_store Download the package from: https://pypi.org/project/glance_store For more details, please see below. 2.5.1 ^^^^^ Bug Fixes * Bug #1955668 (https://bugs.launchpad.net/glance- store/+bug/1955668): Fixed issue with glance cinder store passing hostname instead of IP address to os-brick while getting connector information. * Bug #1959913 (https://bugs.launchpad.net/glance- store/+bug/1959913): Added wait between the volume being extended and the new size being detected while opening the volume device. Changes in glance_store 2.5.0..2.5.1 ------------------------------------ 5f1cee6 Cinder store: Wait for device resize 2bc17c0 Pass valid IP address to os-brick b93facf Drop lower-constraints job 9bb8570 Pass multipath config while creating connector object ae9022c Update TOX_CONSTRAINTS_FILE for stable/wallaby 48dc2bd Update .gitreview for stable/wallaby Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + .zuul.yaml | 2 - glance_store/_drivers/cinder.py | 46 +++++++++++- lower-constraints.txt | 87 ---------------------- .../fix-ip-in-connector-info-36b95d9959f10f63.yaml | 6 ++ .../fix-wait-device-resize-c282940b71a3748e.yaml | 7 ++ tox.ini | 13 +--- 9 files changed, 193 insertions(+), 110 deletions(-) From no-reply at openstack.org Wed Jun 29 15:14:28 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Wed, 29 Jun 2022 15:14:28 -0000 Subject: [release-announce] masakari-monitors 11.1.0 (wallaby) Message-ID: We are pleased to announce the release of: masakari-monitors 11.1.0: Monitors for Masakari This release is part of the wallaby stable release series. The source is available from: https://opendev.org/openstack/masakari-monitors Download the package from: https://tarballs.openstack.org/masakari-monitors/ Please report issues through: https://bugs.launchpad.net/masakari-monitors/+bugs For more details, please see below. 11.1.0 ^^^^^^ New Features * Add support for libvirt auth in instancemonitor. Use the standard methods to provide the actual authentication credentials. The SASL library and pluggable authentication modules should be installed on the instancemonitor host, use the packages provided in the distro alongside libvirt-python. Changes in masakari-monitors 11.0.2..11.1.0 ------------------------------------------- 7135d36 Libvirt auth support 5d67238 Fix a typo Diffstat (except docs and test files) ------------------------------------- masakarimonitors/conf/host.py | 2 +- masakarimonitors/instancemonitor/instance.py | 20 +++++++++++++++++++- .../notes/libvirt-sasl-support-edf1388c556a594b.yaml | 8 ++++++++ 4 files changed, 38 insertions(+), 8 deletions(-) From no-reply at openstack.org Wed Jun 29 15:46:32 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Wed, 29 Jun 2022 15:46:32 -0000 Subject: [release-announce] ec2-api 12.1.0 (wallaby) Message-ID: We contentedly announce the release of: ec2-api 12.1.0: OpenStack Ec2api Service This release is part of the wallaby stable release series. The source is available from: https://opendev.org/openstack/ec2-api Download the package from: https://pypi.org/project/ec2-api Please report issues through: https://bugs.launchpad.net/ec2-api/+bugs For more details, please see below. Changes in ec2-api 12.0.0..12.1.0 --------------------------------- 0466881 Remove TripleO job 88f5a2b try to use neutron-vpnaas from plugin definition 76da371 remove lower-constraints job. it's buggy 7746b15 Run TripleO jobs on CentOS8 instead of CentOS7 5cfddf2 various fixes 67953e2 Update TOX_CONSTRAINTS_FILE for stable/wallaby 49ce2b3 Update .gitreview for stable/wallaby Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + .zuul.yaml | 11 ----------- devstack/override-defaults | 2 -- ec2api/api/cloud.py | 14 ++++++++++---- ec2api/api/image.py | 4 ++-- ec2api/api/network_interface.py | 18 +++++++++++++++++- ec2api/api/volume.py | 17 ++++++++++++++++- ec2api/context.py | 2 +- requirements.txt | 2 +- tox.ini | 2 +- 12 files changed, 53 insertions(+), 28 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index 166c8f5..a5695f2 100644 --- a/requirements.txt +++ b/requirements.txt @@ -32 +32 @@ six>=1.11.0 # MIT -SQLAlchemy>=1.2.5 # MIT +SQLAlchemy>=1.2.5,<1.4.0 # MIT From no-reply at openstack.org Wed Jun 29 15:46:52 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Wed, 29 Jun 2022 15:46:52 -0000 Subject: [release-announce] cloudkitty 14.0.2 (wallaby) Message-ID: We are satisfied to announce the release of: cloudkitty 14.0.2: Rating as a Service component for OpenStack This release is part of the wallaby stable release series. The source is available from: https://opendev.org/openstack/cloudkitty Download the package from: https://pypi.org/project/cloudkitty Please report issues through: https://storyboard.openstack.org/#!/project/openstack/cloudkitty For more details, please see below. 14.0.2 ^^^^^^ Bug Fixes * Fixes policy check when getting dataframes using the v2 API, causing the operation to fail when run by a non-admin user. See story 2009879 `_ for more details. * Fixes the quote API method. See story 2009022 `_ for more details. Changes in cloudkitty 14.0.1..14.0.2 ------------------------------------ efcd526 Fix v2 API dataframes get policy check 824e14f Fix quote API Diffstat (except docs and test files) ------------------------------------- cloudkitty/api/v1/controllers/rating.py | 6 ++- cloudkitty/api/v2/dataframes/dataframes.py | 2 +- cloudkitty/orchestrator.py | 46 ++++++++++++++++++---- ...rames-get-v2-policy-check-6070fc047b2e1496.yaml | 6 +++ .../notes/fix-quote-v1-api-7282f01b596f0f3b.yaml | 5 +++ 5 files changed, 55 insertions(+), 10 deletions(-) From no-reply at openstack.org Wed Jun 29 16:15:17 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Wed, 29 Jun 2022 16:15:17 -0000 Subject: [release-announce] openstack-cyborg 6.0.1 (wallaby) Message-ID: We are overjoyed to announce the release of: openstack-cyborg 6.0.1: Distributed Acceleration Management as a Service This release is part of the wallaby stable release series. The source is available from: https://opendev.org/openstack/openstack-cyborg Download the package from: https://tarballs.openstack.org/cyborg/ For more details, please see below. Changes in openstack-cyborg 6.0.0..6.0.1 ---------------------------------------- ae38e4e Resolve mysql conflict message c6ebee1 Using pop method to avoid incompatible data type Diffstat (except docs and test files) ------------------------------------- cyborg/common/nova_client.py | 2 +- cyborg/db/sqlalchemy/api.py | 7 ++++++- 2 files changed, 7 insertions(+), 2 deletions(-) From no-reply at openstack.org Thu Jun 30 08:52:22 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Thu, 30 Jun 2022 08:52:22 -0000 Subject: [release-announce] magnum 12.1.1 (wallaby) Message-ID: We are glad to announce the release of: magnum 12.1.1: Container Management project for OpenStack This release is part of the wallaby stable release series. The source is available from: https://opendev.org/openstack/magnum Download the package from: https://tarballs.openstack.org/magnum/ Please report issues through: https://bugs.launchpad.net/magnum/+bugs For more details, please see below. Changes in magnum 12.1.0..12.1.1 -------------------------------- 5870994f Fix errors caused by cryptography>=35.0.0 c0f8fa49 Fix cluster template default policy 1ded273c Fix health status polling interval Diffstat (except docs and test files) ------------------------------------- magnum/common/policies/cluster_template.py | 4 ++-- magnum/common/x509/operations.py | 18 +++++++----------- magnum/common/x509/validator.py | 8 +++++++- magnum/service/periodic.py | 8 ++++---- 6 files changed, 26 insertions(+), 33 deletions(-) From no-reply at openstack.org Thu Jun 30 08:55:44 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Thu, 30 Jun 2022 08:55:44 -0000 Subject: [release-announce] horizon 19.3.0 (wallaby) Message-ID: We joyfully announce the release of: horizon 19.3.0: OpenStack Dashboard This release is part of the wallaby stable release series. The source is available from: https://opendev.org/openstack/horizon Download the package from: https://tarballs.openstack.org/horizon/ Please report issues through: https://bugs.launchpad.net/horizon/+bugs For more details, please see below. 19.3.0 ^^^^^^ New Features ************ * When multiple availability zones are available, the default behavior is to allow the scheduler to spawn a VM in any of them. The new setting "LAUNCH_INSTANCE_DEFAULTS.default_availability_zone" allows an administrator to specify a default static availability zone for new VM creation. Bug Fixes ********* * Previously, ToggleSuspend class checked os-rescue policy for resume operation. By this fix, the class checks 'os_compute_api:os- suspend- server:resume' policy to align to resume operation. Changes in horizon 19.2.0..19.3.0 --------------------------------- 82698aa89 Imported Translations from Zanata 1ef454971 Make existing empty metadata properties optional d3bb9cd86 Change to a proper policy for Resume operation 89e3e51e5 Fix for "Resize instance" button 8ddc7363c Fix Project Limits for resize instance dialog 23aa36a94 Imported Translations from Zanata d93f2b3ac Imported Translations from Zanata 07325eb90 Escape unicode characters when setting logout_reason cookie 38ccf26b1 Dropping lower constraints testing from stable branches a15cd2e67 Add horizontal scrollbar to role dropdown 217dcc4b9 Fix Unable to use multiattach volume as boot for new server 8232ac038 Change with_data=False for swift_get_container f8d3abd1f Imported Translations from Zanata 15fe88b5a Add default_availability_zone for VM creation f3487d6e6 doc: Update our IRC server to OFTC d7de9725d Imported Translations from Zanata 6745c8c62 Imported Translations from Zanata 7216fc2a1 Imported Translations from Zanata Diffstat (except docs and test files) ------------------------------------- .zuul.d/project.yaml | 1 - .../locale/en_GB/LC_MESSAGES/doc-configuration.po | 76 +- .../locale/en_GB/LC_MESSAGES/doc-contributor.po | 211 +- .../locale/id/LC_MESSAGES/doc-contributor.po | 7 +- horizon/locale/es/LC_MESSAGES/django.po | 14 +- horizon/locale/es/LC_MESSAGES/djangojs.po | 15 +- .../widgets/metadata/tree/metadata-tree-item.html | 2 +- .../widgets/metadata/tree/tree.service.js | 6 + horizon/templates/auth/_login_form.html | 6 +- horizon/templates/auth/_password_form.html | 6 +- horizon/utils/functions.py | 2 +- lower-constraints.txt | 157 - openstack_auth/locale/de/LC_MESSAGES/django.po | 10 +- openstack_auth/locale/es/LC_MESSAGES/django.po | 10 +- openstack_auth/locale/ja/LC_MESSAGES/django.po | 15 +- openstack_auth/locale/ru/LC_MESSAGES/django.po | 12 +- openstack_auth/views.py | 18 +- openstack_dashboard/api/microversions.py | 4 +- openstack_dashboard/api/nova.py | 3 +- openstack_dashboard/api/swift.py | 2 +- .../dashboards/project/instances/tables.py | 10 +- .../templates/instances/_flavors_and_quotas.html | 40 +- .../dashboards/project/instances/utils.py | 43 + .../dashboards/project/instances/views.py | 17 +- .../project/instances/workflows/resize_instance.py | 5 +- .../launch-instance-model.service.js | 32 +- .../launch-instance-model.service.spec.js | 50 +- openstack_dashboard/defaults.py | 1 + .../locale/de/LC_MESSAGES/djangojs.po | 21 +- .../locale/en_GB/LC_MESSAGES/django.po | 68 +- .../locale/en_GB/LC_MESSAGES/djangojs.po | 8 +- .../locale/es/LC_MESSAGES/django.po | 242 +- .../locale/es/LC_MESSAGES/djangojs.po | 447 +- .../locale/ja/LC_MESSAGES/django.po | 79 +- .../locale/ja/LC_MESSAGES/djangojs.po | 27 +- .../locale/ru/LC_MESSAGES/djangojs.po | 22 +- .../dashboard/scss/components/_membership.scss | 2 + openstack_dashboard/test/unit/api/test_nova.py | 2 +- openstack_dashboard/test/unit/api/test_swift.py | 3 +- ...default_availability_zone-9c070832b2992958.yaml | 8 + ...652_fix_policy_for_resume-a719efb23054c708.yaml | 6 + .../source/locale/de/LC_MESSAGES/releasenotes.po | 4555 -------------- .../locale/en_GB/LC_MESSAGES/releasenotes.po | 6241 ------------------- .../source/locale/id/LC_MESSAGES/releasenotes.po | 6395 -------------------- .../source/locale/ja/LC_MESSAGES/releasenotes.po | 5612 ----------------- .../locale/ko_KR/LC_MESSAGES/releasenotes.po | 1708 ------ .../locale/pt_BR/LC_MESSAGES/releasenotes.po | 3937 ------------ .../locale/zh_CN/LC_MESSAGES/releasenotes.po | 508 -- tox.ini | 6 - 53 files changed, 1557 insertions(+), 29313 deletions(-) From no-reply at openstack.org Thu Jun 30 08:57:13 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Thu, 30 Jun 2022 08:57:13 -0000 Subject: [release-announce] tempest 31.1.0 (zed) Message-ID: We are gleeful to announce the release of: tempest 31.1.0: OpenStack Integration Testing This release is part of the zed release series. The source is available from: https://opendev.org/openstack/tempest Download the package from: https://pypi.org/project/tempest Please report issues through: https://bugs.launchpad.net/tempest/+bugs For more details, please see below. 31.1.0 ^^^^^^ New Features * Added new module net_downtime including the fixture NetDowntimeMeter that can be used to measure how long the connectivity with an IP is lost during certain operations like a server live migration. The configuration option allowed_network_downtime has been added with a default value of 5.0 seconds, which would be the maximum time that the connectivity downtime is expected to last. Changes in tempest 31.0.0..31.1.0 --------------------------------- c0a15ba7a Verify top key in _parse_body 9bda35d94 Use yoga stable contraint in tox to release 31.1.0 5bab06a03 Make nova-live-migration voting c85263918 compute: Move volume attached live migration tests to use SSHABLE de258f995 Create default net in ImagesNegativeTestJSON 78f5439b7 Add py310 job in gate 00bdb22cc compute: Move volume attached live migration tests to use SSHABLE 9e5595f8b Add release notes page for version 31.0.0 2202f7bbe Stop running openstacksdk-functional-devstack job on ussuri 991866fd7 Fix supported releases and py versions in the doc 1791e5d87 Switch back the tox constraint to master db2f561cd Create router and dhcp when create_default_network set 7f4779089 tempurl: Deprecate sha1 signatures 9b4c960f3 Fix compare volume stats for storage_protocols 34ea7e9e0 Make test_server_actions.resource_setup() wait for SSHABLE 72575889c Validate network downtime during live migration 8aa5f89c2 Pass the global request ID as logging context b687980fd Update volume schema for microversion d4d49b0a4 Add another scenario testcase test_minimum_basic Diffstat (except docs and test files) ------------------------------------- bindep.txt | 1 - ...ime-during-live-migration-5e8305be270de680.yaml | 9 ++ releasenotes/source/index.rst | 1 + releasenotes/source/v31.0.0.rst | 5 + tempest/api/compute/admin/test_live_migration.py | 17 ++- tempest/api/compute/base.py | 4 +- tempest/api/compute/images/test_images_negative.py | 1 + tempest/api/compute/servers/test_server_actions.py | 3 +- tempest/api/object_storage/test_object_temp_url.py | 2 +- .../test_object_temp_url_negative.py | 2 +- .../api/volume/admin/test_backends_capabilities.py | 24 +++ tempest/common/utils/net_downtime.py | 63 ++++++++ tempest/config.py | 6 + .../api_schema/response/volume/v3_61/__init__.py | 0 .../api_schema/response/volume/v3_61/volumes.py | 69 +++++++++ .../api_schema/response/volume/v3_63/__init__.py | 0 .../api_schema/response/volume/v3_63/volumes.py | 69 +++++++++ .../api_schema/response/volume/v3_64/__init__.py | 0 .../api_schema/response/volume/v3_64/backups.py | 48 ++++++ .../api_schema/response/volume/v3_64/volumes.py | 69 +++++++++ tempest/lib/common/rest_client.py | 23 ++- tempest/lib/services/volume/v3/backups_client.py | 8 + tempest/lib/services/volume/v3/volumes_client.py | 13 ++ tempest/scenario/manager.py | 3 +- tempest/scenario/test_minimum_basic.py | 165 ++++++++++++++++++--- .../scenario/test_network_advanced_server_ops.py | 19 +++ zuul.d/integrated-gate.yaml | 50 +++++-- zuul.d/project.yaml | 5 +- 30 files changed, 660 insertions(+), 47 deletions(-) From no-reply at openstack.org Thu Jun 30 09:47:12 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Thu, 30 Jun 2022 09:47:12 -0000 Subject: [release-announce] neutron-vpnaas 18.0.1 (wallaby) Message-ID: We jubilantly announce the release of: neutron-vpnaas 18.0.1: OpenStack Networking VPN as a Service This release is part of the wallaby stable release series. The source is available from: https://opendev.org/openstack/neutron-vpnaas Download the package from: https://tarballs.openstack.org/neutron-vpnaas/ Please report issues through: https://bugs.launchpad.net/neutron/+bugs For more details, please see below. Changes in neutron-vpnaas 18.0.0..18.0.1 ---------------------------------------- 21c38f07c Add ipsec.secrets reload function to strongSwan driver 265ee7e49 l3ha: fix status updates b3c7e23e2 Fix failover with L3 HA c5ff00aaa tests: fix functional tests 2cf345151 Switch to use neutron-tempest-plugin jobs for Wallaby branch 86dfbee13 Update TOX_CONSTRAINTS_FILE for stable/wallaby 04d37c30a Update .gitreview for stable/wallaby Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + .zuul.yaml | 7 +- lower-constraints.txt | 135 --------------------- neutron_vpnaas/services/vpn/agent.py | 6 +- .../vpn/device_drivers/strongswan_ipsec.py | 12 ++ tox.ini | 10 +- 7 files changed, 28 insertions(+), 156 deletions(-) From no-reply at openstack.org Thu Jun 30 16:06:44 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Thu, 30 Jun 2022 16:06:44 -0000 Subject: [release-announce] blazar 7.0.1 (wallaby) Message-ID: We are satisfied to announce the release of: blazar 7.0.1: Reservation Service for OpenStack clouds This release is part of the wallaby stable release series. The source is available from: https://opendev.org/openstack/blazar Download the package from: https://tarballs.openstack.org/blazar/ Please report issues through: https://bugs.launchpad.net/blazar/+bugs For more details, please see below. 7.0.1 ^^^^^ Bug Fixes * Allows users of multiple Keystone domains to create leases; previously only users and projects in the default domain could use Blazar. * Fixes failure to update reservations when the "resource_type" parameter is not provided in the API request. For more details, see bug 1957761 (https://bugs.launchpad.net/blazar/+bug/1957761). * Fixes result of the List Allocations API for reservations with multiple physical hosts. For more details, see bug 1958307 (https://bugs.launchpad.net/blazar/+bug/1958307). Changes in blazar 7.0.0..7.0.1 ------------------------------ cba58e0 Fix references to start and end dates 61daf2d Fix list_allocations for multi-host reservations 6549ab0 Handle AggregateNotFound when deleting aggregate dd844f0 Fix lease update when resource_type parameter is missing 80a7539 Use built-in oslo context de/serialization 7a0fef2 Update Nova scheduler filter configuration 23c7ed9 Skip blazar install in docs and pep8 jobs 5b6c51d Switch to stestr da70772 Remove six again 43587aa docs: Update Freenode to OFTC d3737b5 Update TOX_CONSTRAINTS_FILE for stable/wallaby dbdb059 Update .gitreview for stable/wallaby Diffstat (except docs and test files) ------------------------------------- .gitignore | 4 +- .gitreview | 1 + .stestr.conf | 3 + .testr.conf | 7 --- .zuul.yaml | 2 + blazar/api/context.py | 17 +----- blazar/context.py | 47 +++++++------- blazar/db/sqlalchemy/utils.py | 3 +- blazar/enforcement/filters/base_filter.py | 4 +- blazar/manager/service.py | 15 +++++ blazar/policy.py | 2 +- blazar/utils/openstack/keystone.py | 8 ++- blazar/utils/openstack/nova.py | 6 +- blazar/utils/service.py | 2 +- blazar/utils/trusts.py | 16 ++--- devstack/plugin.sh | 15 +---- lower-constraints.txt | 2 +- .../notes/bug-1881162-ebe012fcc7176594.yaml | 5 ++ .../notes/bug-1957761-8b126a392c0c79ee.yaml | 6 ++ .../notes/bug-1958307-63bf308ca6a97068.yaml | 6 ++ test-requirements.txt | 2 +- tox.ini | 21 ++++--- 37 files changed, 220 insertions(+), 184 deletions(-) Requirements updates -------------------- diff --git a/test-requirements.txt b/test-requirements.txt index 08c9083..f0696ad 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -8 +8 @@ fixtures>=3.0.0 # Apache-2.0/BSD -testrepository>=0.0.18 # Apache-2.0/BSD +stestr>=2.0.0 # Apache-2.0 From no-reply at openstack.org Thu Jun 30 16:58:53 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Thu, 30 Jun 2022 16:58:53 -0000 Subject: [release-announce] kuryr-kubernetes 4.0.1 (wallaby) Message-ID: We are pleased to announce the release of: kuryr-kubernetes 4.0.1: Kubernetes integration with OpenStack networking This release is part of the wallaby stable release series. The source is available from: https://opendev.org/openstack/kuryr-kubernetes Download the package from: https://tarballs.openstack.org/kuryr-kubernetes/ Please report issues through: https://bugs.launchpad.net/kuryr-kubernetes/+bugs For more details, please see below. Changes in kuryr-kubernetes 4.0.0..4.0.1 ---------------------------------------- 8ec71e7 Fix stable gate 0dbb151 Remove ep_slices from klb on endpoint delete event 0162d41 Add Octavia Tempest Plugin 643effc Fix NPs for OVN LBs with hairpin traffic bd63ba2 Update TOX_CONSTRAINTS_FILE for stable/wallaby b09144a Update .gitreview for stable/wallaby Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + .zuul.d/base.yaml | 3 +- .zuul.d/octavia.yaml | 5 + cni.Dockerfile | 25 +++-- controller.Dockerfile | 17 ++-- kuryr_kubernetes/cni/binding/base.py | 5 +- kuryr_kubernetes/cni/binding/nested.py | 3 +- kuryr_kubernetes/cni/binding/sriov.py | 4 +- kuryr_kubernetes/constants.py | 1 + .../controller/drivers/network_policy.py | 65 +++++++++++-- .../drivers/network_policy_security_groups.py | 24 +---- kuryr_kubernetes/controller/drivers/utils.py | 40 +++++++- .../controller/handlers/kuryrnetwork.py | 11 +-- .../controller/handlers/kuryrnetworkpolicy.py | 4 +- kuryr_kubernetes/controller/handlers/kuryrport.py | 11 +-- kuryr_kubernetes/controller/handlers/lbaas.py | 30 ++++++ .../unit/controller/drivers/test_network_policy.py | 43 ++++++++- .../drivers/test_network_policy_security_groups.py | 9 +- .../unit/controller/handlers/test_kuryrnetwork.py | 2 + .../unit/controller/handlers/test_kuryrport.py | 40 +------- kuryr_kubernetes/utils.py | 11 +++ tox.ini | 4 +- 25 files changed, 385 insertions(+), 117 deletions(-)