We are jazzed to announce the release of: openstack-ansible-os_neutron 14.0.0: os_neutron role for OpenStack- Ansible This release is part of the newton release series. Download the package from: https://tarballs.openstack.org/openstack-ansible-os_neutron/ For more details, please see below. 14.0.0 ^^^^^^ New Features ************ * The "os_neutron" role now determines the default configuration for openvswitch-agent "tunnel_types" and the presence or absence of "local_ip" configuration based on the value of "neutron_ml2_drivers_type". Deployers may directly control this configuration by overriding the "neutron_tunnel_types" variable . * The "os_neutron" role now configures neutron ml2 to load the "l2_population" mechanism driver by default based on the value of "neutron_l2_population". Deployers may directly control the neutron ml2 mechanism drivers list by overriding the "mechanisms" variable in the "neutron_plugins" dictionary. * The LBaaSv2 service provider configuration can now be adjusted with the "neutron_lbaasv2_service_provider" variable. This allows a deployer to choose to deploy LBaaSv2 with Octavia in a future version. * Whether the Neutron DHCP Agent, Metadata Agent or LinuxBridge Agent should be enabled is now dynamically determined based on the "neutron_plugin_type" and the "neutron_ml2_mechanism_drivers" that are set. This aims to simplify the configuration of Neutron services and eliminate the need for deployers to override the entire "neutron_services" dict variable to disable these services. * Neutron BGP dynamic routing plugin can now optionally be deployed and configured. Please see OpenStack Networking Guide: BGP dynamic routing (http://docs.openstack.org/networking-guide/config-bgp- dynamic-routing.html) for details about what the service is and what it provides. * The Project Calico Neutron networking plugin is now integrated into the "os_neutron" role. This can be activated using the instructions located in the role documentation. * The "os_neutron" role will now default to the OVS firewall driver when "neutron_plugin_type" is "ml2.ovs" and the host is running Ubuntu 16.04 on PowerVM. To override this default behavior, deployers should define "neutron_ml2_conf_ini_overrides" and 'neutron_openvswitch_agent_ini_overrides' in 'user_variables.yml'. Example below neutron_ml2_conf_ini_overrides: securitygroup: firewall_driver: neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver neutron_openvswitch_agent_ini_overrides: securitygroup: firewall_driver: iptables_hybrid * Neutron VPN as a Service (VPNaaS) can now optionally be deployed and configured. Please see the OpenStack Networking Guide (http://docs.openstack.org/mitaka/networking-guide/) for details about the what the service is and what it provides. See the VPNaaS Install Guide (http://docs.openstack.org/developer/openstack-ansible /install-guide/configure-network-services.html#virtual-private- network-service-optional) for implementation details. * Support for Neutron distributed virtual routing has been added to the "os_neutron" role. This includes the implementation of Networking Guide's suggested agent configuration. This feature may be activated by setting "neutron_plugin_type: ml2.ovs.dvr" in "/etc/openstack_deploy/user_variables.yml". * Open vSwitch driver support has been implemented. This includes the implementation of the appropriate Neutron configuration and package installation. This feature may be activated by setting "neutron_plugin_type: ml2.ovs" in "/etc/openstack_deploy/user_variables.yml". * The os_neutron role now supports the ability to configure whether apt/yum tasks install the latest available package, or just ensure that the package is present. The default action is to ensure that the latest package is present. The action taken may be changed to only ensure that the package is present by setting "neutron_package_state" to "present". * The LBaaSv2 device driver is now set by the Ansible variable "neutron_lbaasv2_device_driver". The default is set to use the "HaproxyNSDriver", which allows for agent-based load balancers. * A new variable is supported in the "neutron_services" dictionary called "service_conf_path". This variable enables services to deploy their config templates to paths outside of /etc/neutron by specifying a directory using the new variable. Upgrade Notes ************* * Whether the Neutron DHCP Agent, Metadata Agent or LinuxBridge Agent should be enabled is now dynamically determined based on the "neutron_plugin_type" and the "neutron_ml2_mechanism_drivers" that are set. This aims to simplify the configuration of Neutron services and eliminate the need for deployers to override the entire "neutron_services" dict variable to disable these services. * Database migration tasks have been added for the dynamic routing neutron plugin. * As described in the Mitaka release notes (http://docs.openstack.org/releasenotes/neutron/mitaka.html) Neutron now correctly calculates for and advertises the MTU to instances. The default DHCP configuration to advertise an MTU to instances has therefore been removed from the variable "neutron_dhcp_config". * As described in the Mitaka release notes (http://docs.openstack.org/releasenotes/neutron/mitaka.html) Neutron now correctly calculates for and advertises the MTU to instances. As such the "neutron_network_device_mtu" variable has been removed and the hard-coded values in the templates for "advertise_mtu", "path_mtu", and "segment_mtu" have been removed to allow upstream defaults to operate as intended. * The variable "neutron_agent_mode" has been removed from the "os_neutron" role. The appropriate value for "l3_agent.ini" is now determined based on the "neutron_plugin_type" and host group membership. * The variable "neutron_linuxbridge" has been removed as it is no longer used. * The variable "neutron_driver_interface" has been removed. The appropriate value for "neutron.conf" is now determined based on the "neutron_plugin_type". * The variable "neutron_driver_firewall" has been removed. The appropriate value for "neutron.conf" is now determined based on the "neutron_plugin_type". * The variable "neutron_ml2_mechanism_drivers" has been removed. The appropriate value for ml2_conf.ini is now determined based on the "neutron_plugin_type". * The Neutron L3 Agent configuration for the handle_internal_only_routers variable is removed in order to use the Neutron upstream default setting. The current default for handle_internal_only_routers is True, which does allow Neutron L3 router without external networks attached (as discussed per https://bugs.launchpad.net/neutron/+bug/1572390). * Installation of neutron and its dependent pip packages will now only occur within a Python virtual environment. The "neutron_venv_enabled", "neutron_venv_bin", "neutron_non_venv_lib_dir" and "neutron_venv_lib_dir" variables have been removed. * The variable "neutron_apt_packages" has been renamed to "neutron_distro_packages". * The variable "neutron_lbaas_apt_packages" has been renamed to "neutron_lbaas_distro_packages". * The variable "neutron_vpnaas_apt_packages" has been renamed to "neutron_vpnaas_distro_packages". * The variable "neutron_apt_remove_packages" has been renamed to "neutron_remove_distro_packages". * The os_neutron role always checks whether the latest package is installed when executed. If a deployer wishes to change the check to only validate the presence of the package, the option "neutron_package_state" should be set to "present". * LBaaSv1 has been removed from the "neutron-lbaas" project in the Newton release and it has been removed from OpenStack-Ansible as well. * The database create and user creates have been removed from the "os_neutron" role. These tasks have been relocated to the playbooks. * The Neutron HA tool written by AT&T is no longer enabled by default. This tool was providing HA capabilities for networks and routers that were not using the native Neutron L3HA. Because native Neutron L3HA is stable, compatible with the Linux Bridge Agent, and is a better means of enabling HA within a deployment this tool is no longer being setup by default. If legacy L3HA is needed within a deployment the deployer can set *neutron_legacy_ha_tool_enabled* to **true** to enable the legacy tooling. * Neutron now makes use of Ubuntu Cloud Archive by default. This can be disabled by setting "neutron_uca_enable" to "False". Deprecation Notes ***************** * The Neutron HA tool written by AT&T has been deprecated and will be removed in the Ocata release. Bug Fixes ********* * When upgrading it is possible for an old "neutron-ns-metadata- proxy" process to remain running in memory. If this happens the old version of the process can cause unexpected issues in a production environment. To fix this a task has been added to the os_neutron role that will execute a process lookup and kill any "neutron-ns- metadata-proxy" processes that are not running the current release tag. Once the old processes are removed the metadata agent running will respawn everything needed within 60 seconds. Changes in openstack-ansible-os_neutron 13.0.0..14.0.0 ------------------------------------------------------ 9852008 Remove 'ignore_errors: true' in favor of 'failed_when: false' 259423e Set calico wheel name for py_pkgs lookup a9aeb12 Calico is now Felix... who knew?! 8cc4b94 Update tox.ini tests target for stable/newton 81a1613 Revert dynamic include for inventory-based conditionals b16c56a Fix dhcp-agent-list-hosting-net race condition 9588492 Update UPPER_CONSTRAINTS_FILE for stable/newton 4f8d226 Update ansible-role-requirements to stable/newton 2fbe6e7 Fix race condition on starting services e45f77a Use centralised test scripts 3562b0c Update default git branch to stable/newton be35547 Add conditional around the pid clean up process 2848049 Update .gitreview for stable/newton 58bf83c Use openstack-ansible-tests and ansible 2.1.1 370989b Force Ansible to use dynamic includes f6457c3 Update paste, policy and rootwrap configurations 2016-09-20 8bd11ef Update home page link in cfg file f95ff25 Use common log commands for calico tox config 74f2f98 Update paste, policy and rootwrap configurations 2016-09-16 090ab22 Wait for net to be fully instantiated 085713a Add functional testing for Calico 7fdd2a2 Add container logs to the build 4843684 Remove Calico qemu configuration b88e2de Update paste, policy and rootwrap configurations 2016-09-08 3a8b9ff Ensure the nets, subnets and ports are present 52b66dd Compress test execution logs baf636e [DOC] Fix the OVS config file in docs 760dab2 [Docs] Update LBaaSv2 docs for horizon 91a5eff Update paste, policy and rootwrap configurations 2016-08-25 72eea60 Rename package lists (and related vars) appropriately 132402f Enable log collection after functional testing ea0b035 Open vSwitch documentation in Neutron Role 03993a6 Rename remaining references to the neutron_lbaasv2_agent group f9975ac Add the BGP dynamic routing neutron plugin a0b5c6b Project Calico integration b94bd9a Update plumgrid plugin installation from pip to deb ed0836f Make all linting tests use upper-constraints 0c7fad3 Add SNI support via OS packages for os_neutron 8f9b32e [DOCS] Moving networking content to neutron role docs 0db3471 Updated from global requirements 5772632 [DOCS] Add links to README; minor restructure ba878cc Add python packages for SNI support in tests 92bc3ba Move other-requirements.txt to bindep.txt b1674b6 [DOCS] Move over the Neutron Plugins docs 1b8ad7b Update paste, policy and rootwrap configurations 2016-08-15 31a0386 Revert "Add missing packages required for online DB migrations" 4e5dc52 Add missing packages required for online DB migrations 5250cd4 Consolidate Neutron config path in to a single var e604e86 Include ansible commands for ansible linting 67bd7bb Ignore the .vagrant directory f9d40a5 Allow Neutron services to specify config path f02f040 Fix oslo messaging deprecation a597bf0 Disable stderr logging a3a7992 Add project group to role a8f6cf9 Add ability to change apt/yum package state 2b305ed Ensure that mode is a string 5bbf93c Fix ansible performance issue e70cd91 Fix bug in RPC config that broke Rabbit SSL support b86d292 Configure qos extension in openvswitch_agent.ini a70051a Ensure that doc linting is included in the linters test a867d0e Provide default for rabbitmq telemetry password 5b44c5b Make LBaaSv2 service_provider configurable dd64d9e Reduce tox.ini config duplication 1ecde3e Allow configuration of multiple rabbit clusters 13b41a3 Remove LBaaSv1 461788f Enable higher performance I/O through 0bc2e4f Define keystone region name. eb0bb51 Adding func_ovs tox environment for neutron ovs testing ec9d44a Optimise pip install tasks 0bdaa8c Support for Open vSwitch Distributed Virtual Routing 1240dd0 Move UCA repo URL var to role defaults 30899b8 Fix handler case where no old process is found d599df2 Use plugins repo version of the human_log callback plugin 4d26e4a Check host group_names for group membership 7a3bb12 Updated from global requirements 813fe65 Remove duplicates from .gitignore 46474f2 Update paste, policy and rootwrap configurations 2016-07-14 667f746 Remove duplicate task for sudoers template c24f01f Implement doc8 checks for docs 7c275ee Update sphinx configuration 744270e Cleanup/standardize usage of tags 4918c7f Deprecate the deployment of the AT&T neutron HA tool 9a34f27 Remove static log-file parameter from init c2f9590 Rely on namespaced vars for rabbitmq 163a8ea Update the virtualenv paths only when we have a new venv c447d00 Switch to backticks in release note 0b87211 Use UCA for non-OVS neutron c357ce1 Update tox configuration e5a67a7 Only install to virtual environment 86fc72b Cleanup metadata-proxy when old versions are present 0035646 Fix ansible-lint complaint about directory permissions 1708097 Remove service_group entry from all neutron_services dicts f9267ff Remove neutron_overlay_network var from os_neutron role 9dc2f14 Remove is_metal var from os_neutron role 4575b8e Removed unused variable 1f29cdc Implement standardised Ubuntu Cloud Archive repo vars 18a9491 Clarify the default for neutron_vxlan_group 3344d75 Add missing xenial to meta.yml 30439c2 Dynamic Neutron OVS agent tunnel_types and local_ip config a34729a Adding Vagrantfile for local development/testing a246b5c Configure ml2 firewall driver "iptables_hybrid" for OVS 38f5ea9 Fix executor_thread_pool_size typo e349ad0 Remove enable_tunneling config from openvswitch_agent.ini 147c7f0 Correct Openvswitch bridge_mappings configuration 387c46e Clean up container cache prep in tests f35213b Pin test-requirements to match OpenStack requirements b3fa6b4 Address Ansible bare variable usage 357e543 Use default metadata_backlog value from Neutron 063824e Remove pip_lock_down dependency e572680 Add metadata checksum fix for AIO-type networks configs 3794674 Updated multi-distro setup for isolation 9654663 Update paste, policy and rootwrap configurations 2016-06-02 dcb0fff Consistency for multi-os in the includes 8e461be Neutron 16.04 support 0795d6d Update plumlib template to support python-keystoneclient v1.7.0 and above cf5a0f2 Remove unnecessary overrides of service variables 68ea882 Update classpath for FWaaS driver 7bb0a5a Update paste, policy and rootwrap configurations 2016-05-19 c44b0b1 More MTU cleanups for Neutron 2629d0b Updated role using the Multi-Distro framework e3e2f63 Verbose option has been deprecated from oslo.log 273cef6 Stop configuring neutron to enforce DHCP MTU option 656a976 Implementing neutron_openvswitch_agent 34ed097 Removed the db create tasks 1e397c3 Remove task to cleanup checksum rules script 018d336 Add .swp files to .gitignore 5ce4d64 Change pip install task state to 'latest' 7ffbc5a Remove py_from_git role c15dcba Use upstream neutron default for handle_internal_only_routers d13c448 Add dependencies for paramiko 2.0 9a3022d Missing init script of VPNaaS d9477c5 Update paste, policy and rootwrap configurations 2016-04-22 61e6192 Ansible 2.x - Address deprecation warning of bare variables f7a7e14 removed duplicate key 218563e Remove Liberty releasenote index a277ebd Update os_neutron to handle newton migrations e4ba265 Correct Neutron VPNaaS service_provider config entry 56cff84 Dynamically determine whether Neutron Agents should be enabled 94994ef Add options to auto enable VPNaaS 8416a65 blacklist Ansible 1.9.6 239f58d Fix missing 'qos' in extension drivers 0203066 Fix neutron lbaasv2 upstart init scrtipt placement b28687f Update min_ansible_version to 1.9 8a9719d Add reno scaffolding for release notes management 759d043 Nuage neutron plugin ansible changes 7b7820f Update paste, policy and rootwrap configurations 2016-04-03 3bc4de9 Switch defaults/tests to use master branch 30bc02a Neutron test cleanup 4eee5af Remove iptables checksum rule script Diffstat (except docs and test files) ------------------------------------- .gitignore | 7 + .gitreview | 1 + README.rst | 25 +- Vagrantfile | 31 ++ bindep.txt | 41 +++ defaults/main.yml | 333 ++++++++++++++------- examples/playbook.yml | 7 + files/post-up-checksum-rules | 42 --- files/post-up-metadata-checksum | 37 +++ files/rootwrap.d/dhcp.filters | 1 + files/rootwrap.d/functional-testing.filters | 35 --- files/rootwrap.d/linuxbridge-plugin.filters | 7 +- files/rootwrap.d/vpnaas.filters | 2 + handlers/main.yml | 22 +- library/neutron_migrations_facts | 19 +- manual-test.rc | 33 ++ meta/main.yml | 17 +- other-requirements.txt | 16 - releasenotes/notes/.placeholder | 0 .../dynamic_tunnel_types-3eb1aa46a0ca9a19.yaml | 12 + ...2-service-provider-config-57d394bdc64f632e.yaml | 5 + .../metadata-proxy-cleanup-eed6ff482035dc83.yaml | 10 + ...tron-agent-dynamic-enable-47f0c709ef0dfe55.yaml | 15 + .../notes/neutron-bgp-552e6e1f6d37f38d.yaml | 9 + .../notes/neutron-dhcp-mtu-8767de6f541b04c1.yaml | 8 + .../neutron-mtu-cleanup-ce73693b4f7aef0d.yaml | 9 + ...neutron-networking-calico-b05b08f989f768ee.yaml | 5 + .../neutron-ovs-powervm-116662f169e17175.yaml | 18 ++ .../notes/neutron-vpnaas-5c7c6508f2cc05c5.yaml | 8 + .../notes/neutron_ovs_dvr-7fca77cac0545441.yaml | 11 + .../openvswitch-support-1b71ae52dde81403.yaml | 14 + ...dle_internal_only_routers-e46092d6f1f7c4b0.yaml | 7 + ...neutron-only-install-venv-ca3bf63ed0507e4b.yaml | 6 + ...package-list-name-changes-a86f7e7c805c2d81.yaml | 10 + .../notes/package-state-fb7d26a4b7c41a77.yaml | 13 + .../notes/remove-lbaasv1-26044c48b5d3b508.yaml | 8 + .../removed-db-create-tasks-eed527e915f23ee0.yaml | 5 + .../removed-neutron-ha-tool-dd7a4717e03163f9.yaml | 13 + .../notes/service-conf-path-b27cab31dbc72ad4.yaml | 6 + .../notes/use-uca-by-default-070751b0b388fcbe.yaml | 4 + releasenotes/source/_static/.placeholder | 0 releasenotes/source/_templates/.placeholder | 0 releasenotes/source/conf.py | 281 +++++++++++++++++ releasenotes/source/index.rst | 9 + releasenotes/source/mitaka.rst | 6 + releasenotes/source/unreleased.rst | 5 + setup.cfg | 2 +- setup.py | 11 +- tasks/calico_config.yml | 47 +++ tasks/calico_init.yml | 42 +++ tasks/main.yml | 92 +++++- tasks/neutron_check.yml | 23 -- tasks/neutron_db_setup.yml | 69 +---- tasks/neutron_init.yml | 134 +++++++++ tasks/neutron_init_common.yml | 27 ++ tasks/neutron_init_systemd.yml | 53 ++++ tasks/neutron_init_upstart.yml | 28 ++ tasks/neutron_install-apt.yml | 114 +++++++ tasks/neutron_install.yml | 163 ++-------- tasks/neutron_l3_ha.yml | 20 -- tasks/neutron_lbaas.yml | 49 --- tasks/neutron_ml2_ovs_powervm.yml | 26 ++ tasks/neutron_post_install.yml | 121 +++----- tasks/neutron_pre_install.yml | 34 +-- tasks/neutron_service_add.yml | 107 ------- tasks/neutron_service_setup.yml | 86 +++++- tasks/neutron_upstart_common_init.yml | 46 --- tasks/neutron_upstart_init.yml | 126 -------- tasks/nuage_neutron_config.yml | 24 ++ tasks/plumgrid_config.yml | 91 ++---- templates/api-paste.ini.j2 | 10 +- templates/bgp_dragent.ini.j2 | 9 + templates/dhcp_agent.ini.j2 | 5 +- templates/felix.cfg.j2 | 4 + templates/l3_agent.ini.j2 | 7 +- templates/lbaas_agent.ini.j2 | 15 +- templates/metadata_agent.ini.j2 | 1 - templates/metering_agent.ini.j2 | 3 +- templates/neutron-ha-tool.py.j2 | 2 +- templates/neutron-systemd-init.j2 | 25 ++ templates/neutron-systemd-tempfiles.j2 | 4 + templates/neutron-upstart-init.j2 | 8 +- templates/neutron.conf.j2 | 61 ++-- templates/plugins/ml2/linuxbridge_agent.ini.j2 | 4 +- templates/plugins/ml2/ml2_conf.ini.j2 | 13 +- templates/plugins/ml2/openvswitch_agent.ini.j2 | 23 ++ templates/plugins/nuage/nuage.ini.j2 | 19 ++ templates/plugins/plumgrid/plumlib.ini | 5 +- templates/policy.json.j2 | 66 ++-- templates/rootwrap.conf.j2 | 2 +- templates/vpnaas_agent.ini.j2 | 9 + test-requirements.txt | 19 +- tox.ini | 197 +++++++----- vars/ubuntu-14.04.yml | 54 ++++ vars/ubuntu-16.04.yml | 52 ++++ 123 files changed, 3606 insertions(+), 1746 deletions(-) Requirements updates -------------------- diff --git a/test-requirements.txt b/test-requirements.txt index 3422d65..8fdd8d8 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -1,4 +1,9 @@ -ansible-lint<=2.3.9 -ansible>=1.9.1,<2.0.0 -bashate -flake8 +# The order of packages is significant, because pip processes them in the order +# of appearance. Changing the order has an impact on the overall integration +# process, which may cause wedges in the gate later. +bashate>=0.2 # Apache-2.0 +flake8<2.6.0,>=2.5.4 # MIT +pyasn1 # BSD +pyOpenSSL>=0.14 # Apache-2.0 +requests>=2.10.0 # Apache-2.0 +ndg-httpsclient>=0.4.2;python_version<'3.0' # BSD @@ -7,2 +12,4 @@ flake8 -sphinx!=1.2.0,!=1.3b1,<1.3,>=1.1.2 -oslosphinx>=2.5.0 # Apache-2.0 +sphinx!=1.3b1,<1.3,>=1.2.1 # BSD +oslosphinx!=3.4.0,>=2.5.0 # Apache-2.0 +doc8 # Apache-2.0 +reno>=1.8.0 # Apache2