Release-announce
Threads by month
- ----- 2026 -----
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- 1 participants
- 17424 discussions
We are pleased to announce the release of:
glance 24.1.0: OpenStack Image Service
This release is part of the yoga stable release series.
The source is available from:
https://opendev.org/openstack/glance
Download the package from:
https://tarballs.openstack.org/glance/
Please report issues through:
https://bugs.launchpad.net/glance/+bugs
For more details, please see below.
24.1.0
^^^^^^
New Features
************
* When the Glance image cache is being used, the CURRENT version of
the Image service API, as indicated in the "GET /versions" response,
is 2.16.
Upgrade Notes
*************
* The Image service API call "PUT /v2/cache/{image_id}" now returns
a 202 (Accepted) response code to indicate success. In glance
24.0.0 (the initial Yoga release), it had mistakenly returned a 200.
Bug Fixes
*********
* Bug #1972666 (https://bugs.launchpad.net/glance/+bug/1972666)
Added cli_opts and cache_opts to support configgen to pick all
groups from wsgi.py
* Bug 1971521 (https://bugs.launchpad.net/glance/+bug/1971521)
Fixed the success response code of the REST API call "PUT
/v2/cache/{image_id}" to be 202 (Accepted), following the original
design of the feature.
Changes in glance 24.0.0..24.1.0
--------------------------------
55c000ee Bump Image API version to 2.16
cc98dbef Fix failing namespace list delete race
e943645f Added cli_opts and cache_opts
9043efc5 [APIImpact] Correct API response code for PUT /v2/cache/{image_id}
49d25474 [CI] Add upper constraints to install command
1beee78e Update TOX_CONSTRAINTS_FILE for stable/yoga
c7e1b3b4 Update .gitreview for stable/yoga
Diffstat (except docs and test files)
-------------------------------------
.gitreview | 1 +
api-ref/source/v2/cache-manage.inc | 2 +-
glance/api/middleware/version_negotiation.py | 3 +-
glance/api/v2/cached_images.py | 4 +-
glance/api/v2/metadef_namespaces.py | 8 +-
glance/api/versions.py | 3 +-
glance/opts.py | 2 +
.../add-cli-and-cache-opts-902f28d65c8fb827.yaml | 5 ++
releasenotes/notes/api-2.16-8417b1e23322fedb.yaml | 19 +++++
tox.ini | 8 +-
13 files changed, 153 insertions(+), 36 deletions(-)
1
0
We are chuffed to announce the release of:
kayobe 11.1.0: Deployment of OpenStack to bare metal using OpenStack
kolla and bifrost
This release is part of the xena stable release series.
The source is available from:
https://opendev.org/openstack/kayobe
Download the package from:
https://tarballs.openstack.org/kayobe/
Please report issues through:
https://storyboard.openstack.org/#!/project/openstack/kayobe
For more details, please see below.
11.1.0
^^^^^^
New Features
************
* Adds support for custom Placement configuration.
* Adds support for global configuration options for Apt in files in
"/etc/apt/apt.conf.d/" on Ubuntu systems. See story 2009655 for
details.
* Adds support for configuring Apt repositories on Ubuntu hosts. See
story 2009655 for details.
* Add the bonding 802.3ad aggregation selection option.
* Enables hardware clock (RTC) synchronisation by default when
applying the chrony role. This setting is configurable with the new
variable "chrony_rtcsync_enabled".
* Adds support for inspection of L3-routed Ironic networks via DHCP-
relay.
* The new filter "net_no_ip" adds the attribute "no_ip" which can be
set to "true" to skip IP address allocation and configuration for
specific networks.
* Adds a new variable "seed_hypervisor_enable_snat" that allows
users to enable SNAT service on the seed hypervisor. The default
value is "false".
* Adds support for Rocky Linux 8 as Host OS.
* Adds support for running package updates on Ubuntu hosts via the
following existing commands:
* "kayobe seed host package update --packages <packages>"
* "kayobe seed hypervisor host package update --packages
<packages>"
* "kayobe infra vm host package update --packages <packages>"
* "kayobe overcloud host package update --packages <packages>"
Security Issues
***************
* Fixes an issue where any passwords in
"kolla_ansible_custom_passwords" were exposed in Ansible logs. When
using verbosity level 3 ("-vvv"), they were also exposed in Ansible
output.
Bug Fixes
*********
* Ironic inspection through Bifrost now work even if DHCP-relay is
used. The dhcp-range in dnsmasq.conf corrctly configured with
network mask.
* In production environments, the provision network may be separated
from the other networks, so in this case, if you want Bifrost's DHCP
service provides the correct gateway for the clients the
"inspection_gateway" should be used instead of the "gateway"
attribute for the provision network. This also avoids configuring
the multiple IP gateways on a single host which leads to
unpredictable results.
* Fixes an issue where the Neutron SR-IOV agent image is not built
when the service is enabled.
* Fixes an issue with idempotence of local Kolla Ansible
configuration generation.
* Fixes an issue with the seed's configdrive when the admin network
is a VLAN. See story 2008089 for details.
* Enables deployment of Grafana when Monasca is enabled, as a
replacement for the retired "monasca-grafana" image. See story
2009717 for details.
* Fixes Ansible inventory generation with some custom group mappings
using the same group names for Kayobe and Kolla Ansible. See story
2009927 for details.
* The set of commands starting with "kayobe overcloud database" now
generate the kolla configuration necessary to login to the nodes
running the database.
* Fixes an issue with config drive generation for infrastructure and
seed VMs when using untagged interfaces. The symptom of this issue
is that kayobe cannot login to the instance. If you check the
libvirt console log, you will see "KeyError: 'vlan_link'". See story
2009910 for details.
* Fixes an issue where hacluster images are not built when the
service is enabled.
* Fixes an issue with IPA image builds which used the "master"
branch of "ironic-python-agent", even on stable releases of Kayobe,
or when explicitly setting "ipa_build_source_version".
* Fixes an issue seen when using Jinja2 3.1.0.
* Fixes an issue where any passwords in
"kolla_ansible_custom_passwords" were exposed in Ansible logs. When
using verbosity level 3 ("-vvv"), they were also exposed in Ansible
output.
* Fixes an issue where patch links could be erroneously created on
hosts not in the overcloud group. See Story 2009911 for details.
* Fixes an issue where the MTU defined in Kayobe was not applied to
Ironic provisioning and cleaning networks in Neutron.
* Deployment image (IPA) build no longer uses master version of
upper- constraints. Instead, it defaults to using the constraints
for the OpenStack release associated with the version of Kayobe
being used. See story 2009810 for details.
* Fixes failures to run "kayobe overcloud bios raid configure" by
upgrading the "stackhpc.drac" role to version 1.1.6.
* Fixes an issue with masking NTP services which are not found. See
story 2009821 for details.
Changes in kayobe 11.0.1..11.1.0
--------------------------------
0467484a ironic: Set MTU on provisioning and cleaning Neutron networks
1b4a34a6 Fix forgotten hacluster regexp for image build
d5fe7852 kolla_passwords: add no_log for password overrides
fe07bd3c Fix Bifrost inspection through DHCP-relay
4e3c0405 Bump stackhpc.drac role
82193e8b Cleanup old and deprecated Swift configuration
f5792171 docs: Fix custom LVM example
b1f9b4b8 Update documentation link for NCLU
65ad855e CI: separate image builds into a non-voting job
75c18cc1 Fix variable name for stackhpc.os-networks upper constraints
63b22c96 Restore forgotten linuxbridge-agent container
5c96d8cf Fix Ansible inventory generation when reusing group names
ef3bb407 Sync Kolla Ansible feature flags and inventory
a7791250 CI: fix TLS job by freeing up memory
a451ff7a Fix custom config idempotence
4efb80a1 Ubuntu: add support for Apt configuration
5b78b375 Use jinja2.pass_context instead of contextfilter
98d7cc13 Ubuntu: add support for Apt repository configuration
c083073c Add support for Rocky Linux 8
1a9dc309 Ubuntu: support host package update
efa8209c CI: pin pytest-metadata<2 for molecule
1ff569ac CI: Don't download Cirros or IPA in seed jobs
0bf197a4 Skip IP address allocation and configuration if needed
512f4c1e Only create patch links on overcloud hosts
c8571765 CI: Disable container image builds on Ubuntu
ffbd3d7e Use naming convention to infer VLAN tagging
15790c98 CI: remove qemu-utils installation
0e0a3038 Add the bonding 802.3ad aggregation selection option
d5006cc6 CI: stop using zuul as kayobe_ansible_user in TLS jobs
c69a808a Sync enable flag defaults with kolla ansible
f4a81e48 Enable rtcsync in chrony by default
451d1c3a Bump up manage-lvm role version to v0.2.6
e0a5bf17 CI: Enable bare metal testing for Ubuntu
deb969e5 Set requirements branch for IPA build
81645697 ntp: Fix service mask when service doesn't exist
bbd22d55 Set correct gateway for the bifrost provision network
717c6321 Use net_mask filter instead of ansible's ipaddr
e0627ac4 Fix Sphinx syntax typo
14b4e204 Fix 'ModuleNotFoundError: No module named 'docker'
2c881818 Adds support for custom Placement configuration.
48e5cdd2 Allow enable SNAT service on the seed hypervisor
7ca933e7 Fix seed VM configdrive when admin network is a VLAN
1db55d09 Generate kolla config when running database commands
b89b7a73 Build neutron-sriov-agent image when enabled
45797aa4 ipa: Use openstack_branch instead of master
e8ca12ef Deploy Grafana when Monasca is enabled
c97b7e21 [CI] Drop unused nodeset
3dd2dd98 Add support for Ironic inspection through DHCP-relay
7d9b86e2 Document that extra kernel parameters are important for inspection
1d791e2c Limit ip-routing and snat to seed hosts only
b7a804ce Uninstall ansible-base package only if exists
Diffstat (except docs and test files)
-------------------------------------
ansible/group_vars/all/apt | 35 +++++
ansible/group_vars/all/bifrost | 3 +
ansible/group_vars/all/dnf | 8 +-
ansible/group_vars/all/globals | 12 +-
ansible/group_vars/all/infra-vms | 5 +
ansible/group_vars/all/ipa | 9 +-
ansible/group_vars/all/kolla | 19 ++-
ansible/group_vars/all/seed-hypervisor | 3 +
ansible/group_vars/all/seed-vm | 7 +-
ansible/group_vars/all/time | 3 +
ansible/group_vars/seed-hypervisor/snat | 3 +
ansible/group_vars/seed/snat | 3 +
ansible/host-package-update.yml | 6 +-
ansible/ip-allocation.yml | 1 +
ansible/ip-routing.yml | 4 +-
ansible/kolla-ansible.yml | 1 +
ansible/kolla-bifrost-hostvars.yml | 2 +-
ansible/kolla-bifrost.yml | 3 +-
ansible/kolla-openstack.yml | 2 +
ansible/provision-net.yml | 4 +-
ansible/roles/apt/defaults/main.yml | 38 +++++
ansible/roles/apt/handlers/main.yml | 5 +
ansible/roles/apt/tasks/config.yml | 14 ++
ansible/roles/apt/tasks/keys.yml | 19 +++
ansible/roles/apt/tasks/main.yml | 21 +--
ansible/roles/apt/tasks/proxy.yml | 17 +++
ansible/roles/apt/tasks/repos.yml | 23 +++
ansible/roles/apt/templates/kayobe.sources.j2 | 15 ++
ansible/roles/dnf/tasks/local-mirror.yml | 9 +-
.../roles/dnf/templates/Rocky-AppStream.repo.j2 | 16 ++
ansible/roles/dnf/templates/Rocky-BaseOS.repo.j2 | 16 ++
ansible/roles/dnf/templates/Rocky-Extras.repo.j2 | 16 ++
ansible/roles/kolla-ansible/defaults/main.yml | 3 +
.../roles/kolla-ansible/library/kolla_passwords.py | 2 +-
ansible/roles/kolla-ansible/tasks/install.yml | 1 +
.../kolla-ansible/templates/kolla/globals.yml | 2 +-
.../kolla-ansible/templates/overcloud-services.j2 | 6 +-
.../kolla-ansible/templates/overcloud-top-level.j2 | 2 +-
ansible/roles/kolla-ansible/vars/main.yml | 1 +
ansible/roles/kolla-bifrost/defaults/main.yml | 1 +
.../templates/kolla/config/bifrost/bifrost.yml | 1 +
ansible/roles/kolla-openstack/defaults/main.yml | 9 ++
.../molecule/enable-everything/molecule.yml | 4 +
ansible/roles/kolla-openstack/tasks/config.yml | 2 +-
.../roles/kolla-openstack/templates/glance.conf.j2 | 29 ----
.../kolla-openstack/templates/placement.conf.j2 | 9 ++
ansible/roles/kolla-openstack/vars/main.yml | 5 +
ansible/roles/network-redhat/tasks/main.yml | 1 +
ansible/roles/ntp/tasks/prepare.yml | 25 ++-
ansible/snat.yml | 4 +-
dev/functions | 15 +-
.../reference/ironic-python-agent.rst | 7 +-
.../configuration/reference/kolla-ansible.rst | 2 +
.../configuration/reference/os-distribution.rst | 14 +-
.../configuration/reference/physical-network.rst | 2 +-
.../configuration/scenarios/all-in-one/index.rst | 6 +-
.../scenarios/all-in-one/overcloud.rst | 9 +-
etc/kayobe/apt.yml | 35 +++++
etc/kayobe/bifrost.yml | 3 +
etc/kayobe/dnf.yml | 8 +-
etc/kayobe/globals.yml | 7 +-
etc/kayobe/infra-vms.yml | 3 +
etc/kayobe/ipa.yml | 2 +-
etc/kayobe/kolla.yml | 4 +-
etc/kayobe/seed-hypervisor.yml | 3 +
etc/kayobe/seed-vm.yml | 5 +-
etc/kayobe/time.yml | 3 +
kayobe/cli/commands.py | 11 +-
kayobe/plugins/filter/networkd.py | 8 +-
kayobe/plugins/filter/networks.py | 91 ++++++-----
.../plugins/action/test_kolla_ansible_host_vars.py | 6 +-
molecule-requirements.txt | 1 +
playbooks/kayobe-infra-vm-base/pre.yml | 2 +-
playbooks/kayobe-overcloud-base/globals.yml.j2 | 2 +-
playbooks/kayobe-overcloud-base/overrides.yml.j2 | 8 +-
playbooks/kayobe-overcloud-base/run.yml | 11 --
.../overrides.yml.j2 | 36 ++++-
.../kayobe-overcloud-host-configure-base/pre.yml | 2 +-
playbooks/kayobe-overcloud-upgrade-base/run.yml | 5 -
.../kayobe-seed-base/bifrost-overrides.yml.j2 | 6 +-
playbooks/kayobe-seed-base/overrides.yml.j2 | 4 +-
playbooks/kayobe-seed-base/pre.yml | 3 +-
playbooks/kayobe-seed-base/run.yml | 34 +++--
.../bifrost-overrides.yml.j2 | 6 +-
playbooks/kayobe-seed-vm-base/pre.yml | 2 +-
...d-extended-placement-conf-70a4b9a318c1b555.yaml | 3 +
.../notes/apt-config-bc72fd0bff919888.yaml | 6 +
.../notes/apt-repositories-850efef70ba34946.yaml | 5 +
...ifrost-dhcp-range-netmask-fd40642967042267.yaml | 5 +
...ifrost-inspection-gateway-316ab384430ef8df.yaml | 9 ++
.../notes/bond-ad-select-8fc711dcd54e9cea.yaml | 4 +
.../build-neutron-sriov-836acf378bae0b48.yaml | 5 +
.../notes/config-idemoptence-37846db82ecd9f43.yaml | 4 +
.../notes/configdrive-vlans-4e8b6ed07b229233.yaml | 6 +
...able-grafana-with-monasca-497d686e95d89242.yaml | 7 +
...nable-rtc-synchronisation-1179a52e8e6bd12b.yaml | 6 +
...lla-ansible-group-mapping-8fcd6cbb1e744e18.yaml | 6 +
...ckup-with-no-kolla-config-4f857915adabad41.yaml | 6 +
.../fixes-keyerror-vlan-link-c177cf719e070df6.yaml | 8 +
.../hacluster-build-issue-2a8023e0cd80235a.yaml | 5 +
...pector-dhcp-range-netmask-bb46eb7df77587a4.yaml | 4 +
.../notes/ip-allocation-skip-9e81c13324b7a7e1.yaml | 6 +
.../notes/ipa-branch-b29c377c531013a8.yaml | 6 +
.../jinja2-pass-context-fecf00f23e413393.yaml | 4 +
...asswords-overrides-no-log-57054ce64fae8143.yaml | 11 ++
.../patch-links-on-overcloud-e24dbc858d3399cc.yaml | 6 +
.../notes/provision-net-mtu-befdda04224f49a6.yaml | 5 +
.../seed-hypervisor-snat-3f4844bd1156bce9.yaml | 5 +
...ents-branch-for-ipa-build-c3ca977ec21b58f4.yaml | 8 +
.../stackhpc-drac-check-mode-8097215f8eca9991.yaml | 5 +
.../notes/story-2009821-b309165e25e77aea.yaml | 5 +
.../support-rockylinux-8-1da50e2f97b918d5.yaml | 4 +
.../ubuntu-package-update-0db09fc57249b9fc.yaml | 10 ++
requirements.txt | 1 +
requirements.yml | 12 +-
roles/kayobe-ci-prep/tasks/main.yml | 2 +-
roles/kayobe-diagnostics/files/get_logs.sh | 1 +
zuul.d/jobs.yaml | 53 +++++++
zuul.d/nodesets.yaml | 9 +-
zuul.d/project.yaml | 16 ++
134 files changed, 1171 insertions(+), 275 deletions(-)
Requirements updates
--------------------
diff --git a/molecule-requirements.txt b/molecule-requirements.txt
index e2e59cc2..120b4f74 100644
--- a/molecule-requirements.txt
+++ b/molecule-requirements.txt
@@ -7,0 +8 @@ molecule-docker # MIT
+pytest-metadata<2 # MPL
diff --git a/requirements.txt b/requirements.txt
index 8cfd1a87..7502967a 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,0 +2 @@ pbr>=2.0 # Apache-2.0
+Jinja2>3 # BSD
1
0
We are psyched to announce the release of:
kolla-ansible 13.1.0: Ansible Deployment of Kolla containers
This release is part of the xena stable release series.
The source is available from:
https://opendev.org/openstack/kolla-ansible
Download the package from:
https://tarballs.openstack.org/kolla-ansible/
Please report issues through:
https://bugs.launchpad.net/kolla-ansible/+bugs
For more details, please see below.
13.1.0
^^^^^^
New Features
************
* Deploys and configures a prometheus-libvirt-exporter image as part
of the Prometheus monitoring stack.
* Adds a "tls_connect" module to the Prometheus blackbox exporter.
This can be used to test connectivity of TLS servers.
* New switches added to control deployment of the Masakari monitors.
The deployment of each type of monitors can be controlled
individually via "enable_masakari_instancemonitor" and
"enable_masakari_hostmonitor". By default, both are set to "true"
when the deployment of the Masakari is enabled via
"enable_masakari".
* Implements container healthchecks for ironic-neutron-agent
service. See blueprint
* Adds support for libvirt SASL authentication. It is enabled by
default. LP#1964013
* Adds support for Rocky Linux 8 as Host OS.
Known Issues
************
* Existing fluentd log rotation failed to delete old haproxy, swift,
glance-tls-proxy and neutron-tls-proxy logs. These will not be
deleted by the new logrotate config and will have to be removed
manually.
Upgrade Notes
*************
* RabbitMQ's Prometheus plugin is no longer enabled by default if
Prometheus is not deployed. If external Prometheus is used, you need
to turn on "rabbitmq_enable_prometheus_plugin" to get old behaviour.
* The addition of libvirt SASL authentication requires a new
password in "passwords.yml", "libvirt_sasl_password". This may be
generated using the existing "kolla-genpwd" and "kolla-mergepwd"
tooling.
* The addition of libvirt SASL authentication requires both the
"nova_libvirt" and "nova_compute" containers to be updated
simultaneously, using new images with the necessary Cyrus SASL
dependencies, as well as configuration containing the SASL
credentials.
* It is no longer possible to override the removal of the Monasca
Log Metrics service and it will be removed automatically if it
hasn't already been removed in the Wallaby release. It is up to the
operator to remove any associated docker volumes.
* update the default value of node_custom_config to {{ node_config
}}/config, when specified using --configdir
Security Issues
***************
* Explicitly removes the "net.ipv4.ip_forward" sysctl from
"/etc/sysctl.conf" on hosts with Neutron L3 Agent. In the absence of
another source for this sysctl, it should revert to the default of 0
after the next reboot. This is a follow up to a previous change
which stopped setting the sysctl, but leaves existing systems with
the original value of 1 set.
A deployer looking to more aggressively change the value may set
"neutron_l3_agent_host_ipv4_ip_forward" to 0 using a Yoga release of
Kolla Ansible. This option will be removed in future. Any
deployments still relying on the previous value may set
"neutron_l3_agent_host_ipv4_ip_forward" to 1. LP#1945453
* Fixes an issue where the default configuration of libvirt did not
use authentication for the API exposed over TCP on the internal API
network. This allowed anyone with access to the internal API network
read-write access to libvirt. While the internal API network is
typically trusted, other services on this network generally at least
require authentication.
SASL authentication is now enabled for libvirt by default. Kolla
Ansible supports libvirt TLS since the Train release, and this is
recommended to provide a higher level of security. LP#1964013
Bug Fixes
*********
* Fixes an issue with an OIDC authentication flow requiring
unnecessary action from the user. Redirecting to the target IdP page
now happens automatically. LP#930055
* Removes custom value of "max_allowed_secret_in_bytes" in
"barbican.conf". The default maximum size in Barbican was doubled to
avoid issues with some certificates. LP #1957795
* Fixes deploy Zun with Cinder Ceph support. Adds support for zun to
access cinder volumes when external ceph is configured for cinder.
LP#1848934
* Fixed the deployment failure of outward_rabbitmq by resolving port
conflicts by customizing RabbitMQ's "prometheus.tcp.port". LP
#1885106
* Use Volume V3 API in OpenStack exporter. Volume V2 API has been
removed since OpenStack Wallaby. LP#1938194
* Fixes the copy job for grafana custom home dashboard file. The
copy job for the grafana home dashboard file needs to run
priviliged, otherwise permission denied error occurs. LP#[1947710]
* Fixes Octavia's "Connection refused" errors by adding
"ovn_sb_connection" to "octavia.conf". LP#195011
* Ironic API and Ironic Inspector API use separate policy files.
Ironic role was updated to be able to handle both policies
separately. LP#1952948
* Continue to run all actions if one action failed in Elasticsearch
curator. LP#1954720
* Fixes Placement no logrotate configuration LP#1954723
* Fixes Nova resize failing when "migration_interface" is
customised. LP#1956976
* Fixes unable to connect to zun console when
"kolla_enable_tls_external" is true. Access to console of any zun
container fails when "kolla_enable_tls_external" is true. This fix
sets the protocol for wsproxy "base_url" in "zun.conf" according to
the value of "kolla_enable_tls_external" LP#1957117
* Fixes "Register Identity Providers in OpenStack" task which was
missing an *=* in the openstack command causing the task to fail to
register an IDP with Keystone. LP#1959022
* Fixes Glance with Cinder iSCSI backend failing due to lack of
lock_path setting. LP#1959663
* Fixes logrotate config missing for openvswitch and prometheus
services. LP#1961795
* Fixes an issue with Ironic's PXE components not getting updated on
upgrade. LP#1963752
* Fixes configuration of the Prometheus HTTP API URL when using the
Prometheus collector in CloudKitty. LP#1961615
* Fixes an issue with Prometheus scraping when targets' Ansible
inventory hostnames ("inventory_hostname") do not resolve to
reachable IP addresses. Reverts to the previous behaviour of using
IP addresses to communicate with targets. The side effect of this is
that targets instances will again be labelled using IP addresses
rather than hostnames. LP#1955563
* Fix the apache's wsgi configuration for the aodh service in
Debuntu binary flavours. LP#1953059
* Fixes the baremetal role to avoid an error "Unable to remove
"libvirtd". Now the symlink
/etc/apparmor.d/disable/usr.sbin.libvirtd is created by the role.
LP#1960302
* Existing fluentd log rotation failed to delete old haproxy, swift,
glance-tls-proxy and neutron-tls-proxy logs. Standardise rotation
and deletion of logs using logrotate.
* Fixes an issue with setting up OIDC based Keystone federation
against IDP that has a different response type than id_token. This
can now be set using a new variable
"keystone_federation_oidc_response_type". LP#1959781
* adds back the option to configure the rabbitmq clustering
interface via kolla *LP#1900160 <https://bugs.launchpad.net/kolla-
ansible/+bug/1900160>*
* Fixes an issue seen when using Jinja2 3.1.0.
* Fixes an issue with Masakari instance monitor when libvirt SASL is
enabled. libvirt SASL was enabled by default in a recent change to
Kolla Ansible. LP#1965754
* Fixes the configuration option setting the type of endpoint used
by Neutron to send requests to Placement. LP#1960503
* Fixes a configuration issue with Node Exporter causing all file
system metrics of a host to be identical. LP#1961438
* Fixes an issue where a failure of any Nova compute service to
register itself would cause only the host querying the nova API to
fail. Now, only hosts that fail to register will fail the Kolla
Ansible run. Alternatively, to fail all hosts in a cell when any
compute service fails to register, set
"nova_compute_registration_fatal" to "true". LP#1940119
* The prometheus openstack exporters are now behind haproxy,
providing a unique time series in the prometheus database. Also
ensures that only one exporter queries the openstack APIs at any
given time interval. With the previous behavior each openstack
exporter was scraped at the same time. This caused each exporter to
query the openstack APIs simultaneously introducing unneccesary load
and duplicate time series in the prometheus database due to the
instance label being unique for each exporter. LP#1972818
* Fixes an issue where RabbitMQ was configured to mirror classic
transient queues for all services. According to the RabbitMQ
documentation this is not a supported configuration, and contributed
to numerous bug reports. In order to avoid making unexpected changes
to the RabbitMQ cluster, it is necessary to set
"rabbitmq_remove_ha_all_policy" to "yes" in order to apply this fix.
This variable will be removed in the Yoga release. LP#1954925
* Fixes an issue with Cinder upgrade where Cinder services would
remain pinned to the previous release's RPC & object versions.
LP#1954932
Changes in kolla-ansible 13.0.1..13.1.0
---------------------------------------
d988c5991 Control Masakari monitors deploy
6a0b1bd42 Make redis connection string configurable
2e5e1b554 [CI] Nullify attempts
704da0b9c talk TLS to openstack exporter via haproxy
87a217fc9 genpwd: handle lack of password file nicer
8a0acd0a2 Use 'cloudkitty_influxdb_use_ssl' when creatign InfluxDB database
5a613d64c masakari: support libvirt SASL in instance monitor
fff725d18 [CI] Restore token critical error filter
7525f1e08 Grafana: Run priviliged when copying home dashboard file
5d0686731 Put openstack exporter behind HAproxy so only one is queried at a time
ce94b4dde [CI] Raise [keystone_authtoken]http_request_max_retries
91fd18b2b [CI] Always use quay.io via infra's mirror
14ce30530 nova: improve compute service registration failure handling
d1b7814c7 nova: use any_errors_fatal for once-per-cell tasks
6e982e076 [CI] Make kolla-build quiet
18d7859bd added missing become in ovs-dpdk role
6abe02571 re-add rabbitmq config for clustering interface
4c1c44d42 Use jinja2.pass_context instead of contextfilter
50100fb2b designate: fix external backend deployment
9cfb4ebf8 Ironic: rebootstrap ironic-pxe on upgrade
fb3aa1bf0 Fix prometheus fix
425ead579 Allow removal of classic queue mirroring for internal RabbitMQ
60c80ffac cinder: restart services after upgrade
fc13c40f5 Add Rocky Linux support as Host OS
dfdbddffa Fix failure in deployment with missing group
7259672ef Add support for deploying Prometheus libvirt exporter
d7092dca8 CI: pin ansible-lint to <6
daef31a42 libvirt: support SASL authentication
800f08e61 Fix prechecks for "Ironic iPXE" container
f5dcd8d5b Explicitly unset net.ipv4.ip_forward sysctl
4a1a70469 [CI] Use Tenks in Ironic job
6a1f4a782 [CI] Test Ironic when touching Neutron
71af20c15 [CI] Test Ironic on Debian
e1cab1604 Fix hard coded OIDC response type
7ef67c88c Remove grafana [session] configuration
98a462cd5 Add openvswitch and prometheus to logrotate
0c55b6521 CI: Bump Ceph to Pacific
e51c21ed2 Fix location of release note for ironic-neutron-agent healthcheck
c91e85cf2 cloudkitty: fix URL used for Prometheus collector
b4f68a991 Configure node-exporter to report correct file system metrics
b7470787f Fix fluentd v1 buffer syntax issue
d661dab49 Refactor fluentd syslog logging
859efbaf3 CI: Fix new ansible-lint failures
47ac706d2 neutron: fix placement endpoint type configuration
ae8900855 Fix Apparmor libvirt profile removal
79ed0470c [CI] Check fluentd errors
a763f586b Fix log rotation for fluentd created files
905dc7fae Glance: add lock_path setting
f70008b35 [CI] Replace parted with lsblk
920089c9f Deploy Zun with Cinder Ceph support
827656dbb Add OIDCDiscoverURL mod_oidc option
e1423e9b6 prometheus: add tls_connect blackbox module
6562c6d8e Fix usage of Subject Alternative Name for TLS
a9edcd3e8 update the default value of node_custom_config
464877f01 Fix bad openstack command while registering IDP
e15b35e81 Revert "Use friendly target names in Prometheus"
e891bfdf2 Use Docker healthchecks for ironic-neutron-agent services
0354b39b1 Make nova_ssh listen on api_interface as well
51fff9cf9 Continue to run all actions if one action failed in curator
107636766 Revert "[CI] [to-revert] Avoid upgrades on CentOS Stream 8"
c80d2068e Remove custom value of max_allowed_secret_in_bytes
dc8853a9a Fix permission denied errors with ping on c8s
1b6bd8d33 [CI] [to-revert] Avoid upgrades on CentOS Stream 8
72be14b3f Add logrotate to libvirt service
f36a00a97 Access to zun container fails when tls_external enabled.
58775d20a OpenID Connect certifiate file is optional
e2ba1bb39 Add logrotate configuration for placement service
1f5bf1f00 rabbitmq: enable/disable prometheus plugin follow up
cf8dbd6d0 Support enable/disable rabbitmq prometheus plugins
681bcc59e CI: check-logs - add another exception
75fd5c894 Use Volume V3 API in OpenStack exporter
a5e0e986b docs: adjust to current defaults
6c695564b Move project_name and kolla_role_name to role vars
a4376cd74 [CI] Drop unused nodeset
54718a90f horizon: move horizon_enable_tls_backend to group_vars
f00e54be7 Add ovn_sb_connection to octavia.conf
837a2fd4a Add ironic-inspector policy configuration
89353bd31 Remove Monasca Log Metrics service
3ee71d248 Fix aodh wsgi config file in Debuntu binary
Diffstat (except docs and test files)
-------------------------------------
.ansible-lint | 6 +
ansible/group_vars/all.yml | 20 +-
ansible/inventory/all-in-one | 3 +
ansible/inventory/multinode | 3 +
ansible/nova.yml | 4 +
ansible/roles/aodh/defaults/main.yml | 2 -
ansible/roles/aodh/templates/wsgi-aodh.conf.j2 | 4 -
ansible/roles/aodh/vars/main.yml | 2 +
ansible/roles/barbican/defaults/main.yml | 2 -
ansible/roles/barbican/templates/barbican.conf.j2 | 1 -
ansible/roles/barbican/vars/main.yml | 2 +
ansible/roles/baremetal/defaults/main.yml | 21 +-
.../roles/baremetal/tasks/bootstrap-servers.yml | 5 +
.../baremetal/tasks/configure-ceph-for-zun.yml | 55 ++++++
ansible/roles/baremetal/tasks/install.yml | 2 +-
ansible/roles/baremetal/tasks/post-install.yml | 6 +-
ansible/roles/baremetal/tasks/pre-install.yml | 9 +
ansible/roles/bifrost/defaults/main.yml | 2 -
ansible/roles/bifrost/vars/main.yml | 2 +
ansible/roles/blazar/defaults/main.yml | 2 -
ansible/roles/blazar/vars/main.yml | 2 +
ansible/roles/ceilometer/defaults/main.yml | 2 -
ansible/roles/ceilometer/vars/main.yml | 2 +
ansible/roles/ceph-rgw/defaults/main.yml | 2 -
ansible/roles/ceph-rgw/vars/main.yml | 2 +
.../roles/certificates/tasks/generate-backend.yml | 2 +
ansible/roles/certificates/tasks/generate.yml | 4 +
.../templates/openssl-kolla-internal.cnf.j2 | 4 +-
.../certificates/templates/openssl-kolla.cnf.j2 | 4 +-
ansible/roles/cinder/defaults/main.yml | 11 +-
ansible/roles/cinder/handlers/main.yml | 20 ++
ansible/roles/cinder/tasks/reload.yml | 10 +
ansible/roles/cinder/tasks/upgrade.yml | 2 +
ansible/roles/cinder/vars/main.yml | 2 +
ansible/roles/cloudkitty/defaults/main.yml | 6 +-
ansible/roles/cloudkitty/tasks/bootstrap.yml | 1 +
ansible/roles/cloudkitty/vars/main.yml | 2 +
ansible/roles/collectd/defaults/main.yml | 2 -
ansible/roles/collectd/vars/main.yml | 2 +
ansible/roles/common/defaults/main.yml | 26 ++-
ansible/roles/common/tasks/config.yml | 7 +-
.../conf/filter/00-record_transformer.conf.j2 | 27 +--
.../common/templates/conf/output/00-local.conf.j2 | 217 ++-------------------
.../common/templates/conf/output/01-es.conf.j2 | 6 +-
.../templates/conf/output/02-monasca.conf.j2 | 4 +-
.../templates/cron-logrotate-haproxy.conf.j2 | 2 +-
.../templates/cron-logrotate-nova-libvirt.conf.j2 | 3 +
.../templates/cron-logrotate-openvswitch.conf.j2 | 3 +
.../templates/cron-logrotate-placement.conf.j2 | 3 +
.../templates/cron-logrotate-prometheus.conf.j2 | 3 +
ansible/roles/common/templates/fluentd.json.j2 | 27 +--
ansible/roles/common/vars/main.yml | 2 +
ansible/roles/cyborg/defaults/main.yml | 2 -
ansible/roles/cyborg/vars/main.yml | 2 +
ansible/roles/designate/defaults/main.yml | 2 -
ansible/roles/designate/tasks/backend_external.yml | 2 +
ansible/roles/designate/vars/main.yml | 2 +
ansible/roles/elasticsearch/defaults/main.yml | 2 -
.../templates/elasticsearch-curator-actions.yml.j2 | 14 +-
ansible/roles/elasticsearch/vars/main.yml | 2 +
ansible/roles/etcd/defaults/main.yml | 2 -
ansible/roles/etcd/vars/main.yml | 2 +
ansible/roles/freezer/defaults/main.yml | 2 -
ansible/roles/freezer/vars/main.yml | 2 +
ansible/roles/glance/defaults/main.yml | 2 -
ansible/roles/glance/templates/glance-api.conf.j2 | 3 +
ansible/roles/glance/vars/main.yml | 2 +
ansible/roles/gnocchi/defaults/main.yml | 2 -
ansible/roles/gnocchi/vars/main.yml | 2 +
ansible/roles/grafana/defaults/main.yml | 2 -
ansible/roles/grafana/tasks/config.yml | 1 +
ansible/roles/grafana/templates/grafana.ini.j2 | 8 -
ansible/roles/grafana/vars/main.yml | 2 +
ansible/roles/hacluster/defaults/main.yml | 2 -
ansible/roles/hacluster/vars/main.yml | 2 +
ansible/roles/haproxy-config/defaults/main.yml | 2 -
ansible/roles/haproxy-config/vars/main.yml | 2 +
ansible/roles/heat/defaults/main.yml | 2 -
ansible/roles/heat/vars/main.yml | 2 +
ansible/roles/horizon/defaults/main.yml | 7 -
ansible/roles/horizon/vars/main.yml | 2 +
ansible/roles/influxdb/defaults/main.yml | 2 -
ansible/roles/influxdb/vars/main.yml | 2 +
ansible/roles/ironic/defaults/main.yml | 2 -
ansible/roles/ironic/tasks/bootstrap.yml | 19 --
ansible/roles/ironic/tasks/bootstrap_service.yml | 19 ++
ansible/roles/ironic/tasks/config.yml | 42 +++-
ansible/roles/ironic/tasks/precheck.yml | 1 -
.../ironic/templates/ironic-inspector.json.j2 | 8 +-
ansible/roles/ironic/vars/main.yml | 2 +
ansible/roles/iscsi/defaults/main.yml | 2 -
ansible/roles/iscsi/vars/main.yml | 2 +
ansible/roles/kafka/defaults/main.yml | 2 -
ansible/roles/kafka/vars/main.yml | 2 +
ansible/roles/keystone/defaults/main.yml | 3 +-
.../keystone/tasks/config-federation-oidc.yml | 1 +
.../keystone/tasks/register_identity_providers.yml | 2 +-
.../roles/keystone/templates/wsgi-keystone.conf.j2 | 3 +-
ansible/roles/keystone/vars/main.yml | 2 +
ansible/roles/kibana/defaults/main.yml | 2 -
ansible/roles/kibana/vars/main.yml | 2 +
ansible/roles/kuryr/defaults/main.yml | 1 -
ansible/roles/kuryr/vars/main.yml | 2 +
ansible/roles/loadbalancer/defaults/main.yml | 2 -
ansible/roles/loadbalancer/vars/main.yml | 2 +
ansible/roles/magnum/defaults/main.yml | 2 -
ansible/roles/magnum/vars/main.yml | 2 +
ansible/roles/manila/defaults/main.yml | 2 -
ansible/roles/manila/vars/main.yml | 2 +
ansible/roles/mariadb/defaults/main.yml | 2 -
ansible/roles/mariadb/vars/main.yml | 2 +
ansible/roles/masakari/defaults/main.yml | 17 +-
ansible/roles/masakari/tasks/config.yml | 18 ++
ansible/roles/masakari/templates/auth.conf.j2 | 6 +
.../templates/masakari-instancemonitor.json.j2 | 8 +-
ansible/roles/masakari/vars/main.yml | 2 +
ansible/roles/memcached/defaults/main.yml | 2 -
ansible/roles/memcached/vars/main.yml | 2 +
ansible/roles/mistral/defaults/main.yml | 2 -
ansible/roles/mistral/vars/main.yml | 2 +
ansible/roles/monasca/defaults/main.yml | 10 +-
ansible/roles/monasca/handlers/main.yml | 15 --
ansible/roles/monasca/tasks/config.yml | 18 --
.../monasca-log-metrics/log-metrics.conf.j2 | 75 -------
.../monasca-log-metrics.json.j2 | 18 --
ansible/roles/monasca/vars/main.yml | 2 +
ansible/roles/multipathd/defaults/main.yml | 2 -
ansible/roles/multipathd/vars/main.yml | 2 +
ansible/roles/murano/defaults/main.yml | 2 -
ansible/roles/murano/vars/main.yml | 2 +
ansible/roles/neutron/defaults/main.yml | 17 +-
ansible/roles/neutron/tasks/config-host.yml | 2 +
ansible/roles/neutron/templates/neutron.conf.j2 | 2 +-
ansible/roles/neutron/vars/main.yml | 2 +
ansible/roles/nova-cell/defaults/main.yml | 20 +-
ansible/roles/nova-cell/handlers/main.yml | 15 ++
ansible/roles/nova-cell/tasks/config.yml | 20 ++
ansible/roles/nova-cell/tasks/deploy.yml | 3 +-
.../roles/nova-cell/tasks/discover_computes.yml | 88 ++-------
ansible/roles/nova-cell/tasks/precheck.yml | 17 +-
.../nova-cell/tasks/wait_discover_computes.yml | 88 +++++++++
ansible/roles/nova-cell/templates/auth.conf.j2 | 6 +
ansible/roles/nova-cell/templates/libvirtd.conf.j2 | 3 +-
.../roles/nova-cell/templates/nova-compute.json.j2 | 8 +-
.../roles/nova-cell/templates/nova-libvirt.json.j2 | 12 ++
ansible/roles/nova-cell/templates/sasl.conf.j2 | 2 +
ansible/roles/nova-cell/templates/sshd_config.j2 | 3 +
ansible/roles/nova-cell/vars/main.yml | 6 +
ansible/roles/nova/defaults/main.yml | 2 -
ansible/roles/nova/vars/main.yml | 2 +
ansible/roles/octavia/defaults/main.yml | 2 -
ansible/roles/octavia/templates/octavia.conf.j2 | 1 +
ansible/roles/octavia/vars/main.yml | 2 +
ansible/roles/openvswitch/defaults/main.yml | 2 -
ansible/roles/openvswitch/vars/main.yml | 2 +
ansible/roles/ovn/defaults/main.yml | 2 -
ansible/roles/ovn/vars/main.yml | 2 +
ansible/roles/ovs-dpdk/defaults/main.yml | 1 -
ansible/roles/ovs-dpdk/tasks/config.yml | 2 +
ansible/roles/ovs-dpdk/vars/main.yml | 2 +
ansible/roles/placement/defaults/main.yml | 2 -
ansible/roles/placement/vars/main.yml | 2 +
ansible/roles/prechecks/vars/main.yml | 2 +
ansible/roles/prometheus/defaults/main.yml | 29 ++-
ansible/roles/prometheus/handlers/main.yml | 15 ++
.../roles/prometheus/tasks/check-containers.yml | 2 +-
ansible/roles/prometheus/tasks/config.yml | 4 +-
ansible/roles/prometheus/tasks/precheck.yml | 15 ++
ansible/roles/prometheus/templates/clouds.yml.j2 | 1 +
.../templates/prometheus-blackbox-exporter.yml.j2 | 4 +
.../templates/prometheus-libvirt-exporter.json.j2 | 4 +
.../templates/prometheus-node-exporter.json.j2 | 2 +-
.../roles/prometheus/templates/prometheus.yml.j2 | 88 +++------
ansible/roles/prometheus/vars/main.yml | 2 +
ansible/roles/qdrouterd/defaults/main.yml | 2 -
ansible/roles/qdrouterd/vars/main.yml | 2 +
ansible/roles/rabbitmq/defaults/main.yml | 16 +-
ansible/roles/rabbitmq/tasks/config.yml | 36 ++++
ansible/roles/rabbitmq/tasks/deploy.yml | 3 +
.../roles/rabbitmq/tasks/remove-ha-all-policy.yml | 29 +++
ansible/roles/rabbitmq/tasks/upgrade.yml | 3 +
.../roles/rabbitmq/templates/advanced.config.j2 | 7 +
.../roles/rabbitmq/templates/definitions.json.j2 | 4 +
.../roles/rabbitmq/templates/enabled_plugins.j2 | 1 +
ansible/roles/rabbitmq/templates/rabbitmq.conf.j2 | 5 +
ansible/roles/rabbitmq/templates/rabbitmq.json.j2 | 12 ++
ansible/roles/rabbitmq/vars/main.yml | 2 +
ansible/roles/redis/defaults/main.yml | 2 -
ansible/roles/redis/vars/main.yml | 2 +
ansible/roles/sahara/defaults/main.yml | 2 -
ansible/roles/sahara/vars/main.yml | 2 +
ansible/roles/senlin/defaults/main.yml | 2 -
ansible/roles/senlin/vars/main.yml | 2 +
ansible/roles/skydive/defaults/main.yml | 2 -
ansible/roles/skydive/vars/main.yml | 2 +
ansible/roles/solum/defaults/main.yml | 2 -
ansible/roles/solum/vars/main.yml | 2 +
ansible/roles/storm/defaults/main.yml | 2 -
ansible/roles/storm/vars/main.yml | 2 +
ansible/roles/swift/defaults/main.yml | 2 -
ansible/roles/swift/vars/main.yml | 2 +
ansible/roles/tacker/defaults/main.yml | 2 -
ansible/roles/tacker/vars/main.yml | 2 +
ansible/roles/telegraf/defaults/main.yml | 2 -
ansible/roles/telegraf/vars/main.yml | 2 +
ansible/roles/trove/defaults/main.yml | 2 -
ansible/roles/trove/vars/main.yml | 2 +
ansible/roles/vitrage/defaults/main.yml | 2 -
ansible/roles/vitrage/vars/main.yml | 2 +
ansible/roles/vmtp/defaults/main.yml | 2 -
ansible/roles/vmtp/vars/main.yml | 2 +
ansible/roles/watcher/defaults/main.yml | 2 -
ansible/roles/watcher/vars/main.yml | 2 +
ansible/roles/zookeeper/defaults/main.yml | 2 -
ansible/roles/zookeeper/vars/main.yml | 2 +
ansible/roles/zun/defaults/main.yml | 3 +-
ansible/roles/zun/tasks/config.yml | 5 +
ansible/roles/zun/tasks/external_ceph.yml | 27 +++
ansible/roles/zun/templates/zun-compute.json.j2 | 20 +-
ansible/roles/zun/templates/zun.conf.j2 | 2 +-
ansible/roles/zun/vars/main.yml | 2 +
ansible/site.yml | 3 +
.../reference/shared-services/keystone-guide.rst | 4 +-
.../reference/storage/external-ceph-guide.rst | 27 +++
etc/kolla/globals.yml | 3 +-
etc/kolla/passwords.yml | 5 +
kolla_ansible/cmd/genpwd.py | 8 +-
kolla_ansible/filters.py | 8 +-
kolla_ansible/kolla_address.py | 4 +-
kolla_ansible/put_address_in_context.py | 21 +-
.../add-oidc-discover-url-83edb9f43f73a97f.yaml | 7 +
...ometheus-libvirt-exporter-b05a3a9c08db517c.yaml | 5 +
...n-max-allowed-secret-size-1941307ab5d2a9fd.yaml | 7 +
.../blackbox-tls-connect-517cd8ebdf87f16e.yaml | 5 +
.../notes/bug-1848934-878a08b490856a53.yaml | 7 +
.../notes/bug-1885106-2347d7458a8f9cb0.yaml | 13 ++
.../notes/bug-1938194-80dba28f9cdd434c.yaml | 6 +
.../notes/bug-1945453-2-287bfcaf060689d8.yaml | 16 ++
.../notes/bug-1947710-6d0975ae72f43ada.yaml | 7 +
.../notes/bug-1950111-8e477fb6a5b58822.yaml | 6 +
.../notes/bug-1952948-003aabe18144f569.yaml | 6 +
.../notes/bug-1954720-4fc48610a56f3e98.yaml | 6 +
.../notes/bug-1954723-2d49335022492891.yaml | 5 +
.../notes/bug-1956976-8a2623ca1fbfd546.yaml | 5 +
.../notes/bug-1957117-7832104d66a91da7.yaml | 11 ++
.../notes/bug-1959022-e3bb9448414b4ebe.yaml | 7 +
.../notes/bug-1959663-afda889b9aa4c63f.yaml | 6 +
.../notes/bug-1961795-16fb2ac27152fc03.yaml | 6 +
.../notes/bug-1963752-ee12e15c17c24bb0.yaml | 6 +
...cloudkitty-prometheus-url-ee14bc486e810631.yaml | 6 +
...control-masakari-monitors-1107c10c45678b0a.yaml | 8 +
.../notes/fix-1955563-42a14bb080e15df2.yaml | 9 +
.../fix-aodh-wsgi-config-7679adda584e33bb.yaml | 6 +
...r-libvirt-profile-removal-01db6ca6dd66879f.yaml | 7 +
.../fix-haproxy-logrotate-e299a0000728fd8f.yaml | 12 ++
...x-hardcoded-oidc-response-fc0f115f0b56cddf.yaml | 7 +
.../fix-openstack-exporter-tls-bug-1975598.yml | 8 +
...q-interface-configuration-b39c954fb8763d9c.yaml | 6 +
...-for-ironic-neutron-agent-61ec4d0d237da075.yaml | 6 +
.../jinja2-pass-context-2afc328ade8c407b.yaml | 4 +
.../notes/libvirt-sasl-404199143610fb75.yaml | 27 +++
.../masakari-libvirt-sasl-f368c31c0b5567b6.yaml | 6 +
...n-placement-endpoint-type-90073ba5ecc9e663.yaml | 6 +
...porter-filesystem-metrics-d3ae7b0a892d2957.yaml | 6 +
.../nova-discover-hosts-0353e9274f22195c.yaml | 9 +
.../openstack-exporter-hammering-os-apis.yaml | 14 ++
...emove-monasca-log-metrics-02a81671f864d1a9.yaml | 7 +
...ue-mirroring-for-rabbitmq-d54b9e7e25e57a88.yaml | 10 +
.../notes/support-rockylinux-ad6d48db054ead2b.yaml | 4 +
.../notes/unpin-cinder-rpcs-8eb7e0858a91b9b8.yaml | 6 +
...update-node-custom-config-7b378b25ce22779f.yaml | 5 +
requirements.txt | 2 +-
roles/cephadm/defaults/main.yml | 7 +-
roles/cephadm/tasks/main.yml | 9 +
roles/cephadm/templates/cephadm.yml.j2 | 6 +-
roles/multi-node-managed-addressing/tasks/main.yml | 1 +
test-requirements.txt | 2 +-
zuul.d/base.yaml | 12 +-
zuul.d/jobs.yaml | 20 ++
zuul.d/nodesets.yaml | 44 +----
zuul.d/project.yaml | 2 +
297 files changed, 1750 insertions(+), 967 deletions(-)
Requirements updates
--------------------
diff --git a/requirements.txt b/requirements.txt
index e85f7744c..59147c1bd 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -14 +14 @@ oslo.utils>=3.33.0 # Apache-2.0
-Jinja2>=2.10 # BSD License (3 clause)
+Jinja2>=3 # BSD License (3 clause)
diff --git a/test-requirements.txt b/test-requirements.txt
index ef84c6b8a..55a39db11 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -2 +2 @@
-ansible-lint>=4.2.0,!=4.3.0 # MIT
+ansible-lint>=4.2.0,!=4.3.0,<6.0.0 # MIT
1
0
We joyfully announce the release of:
kolla-ansible 12.4.0: Ansible Deployment of Kolla containers
This release is part of the wallaby stable release series.
The source is available from:
https://opendev.org/openstack/kolla-ansible
Download the package from:
https://tarballs.openstack.org/kolla-ansible/
Please report issues through:
https://bugs.launchpad.net/kolla-ansible/+bugs
For more details, please see below.
12.4.0
^^^^^^
New Features
************
* Adds a "tls_connect" module to the Prometheus blackbox exporter.
This can be used to test connectivity of TLS servers.
* New switches added to control deployment of the Masakari monitors.
The deployment of each type of monitors can be controlled
individually via "enable_masakari_instancemonitor" and
"enable_masakari_hostmonitor". By default, both are set to "true"
when the deployment of the Masakari is enabled via
"enable_masakari".
* Implements container healthchecks for ironic-neutron-agent
service. See blueprint
* Adds support for libvirt SASL authentication. It is enabled by
default. LP#1964013
Known Issues
************
* Existing fluentd log rotation failed to delete old haproxy, swift,
glance-tls-proxy and neutron-tls-proxy logs. These will not be
deleted by the new logrotate config and will have to be removed
manually.
Upgrade Notes
*************
* RabbitMQ's Prometheus plugin is no longer enabled by default if
Prometheus is not deployed. If external Prometheus is used, you need
to turn on "rabbitmq_enable_prometheus_plugin" to get old behaviour.
* An HTTP server is now always deployed for Ironic conductor, while
previously it was only deployed when iPXE is enabled.
In the Wallaby release, Ironic changed the default deploy driver
from iSCSI to direct. In the Xena release, Ironic removed the iSCSI
driver. The recommended deploy driver is "direct", which uses HTTP
to transfer the disk image. This requires an HTTP server, and the
simplest option is to use the one previously deployed when
"enable_ironic_ipxe" is set to "true".
* The addition of libvirt SASL authentication requires a new
password in "passwords.yml", "libvirt_sasl_password". This may be
generated using the existing "kolla-genpwd" and "kolla-mergepwd"
tooling.
* The addition of libvirt SASL authentication requires both the
"nova_libvirt" and "nova_compute" containers to be updated
simultaneously, using new images with the necessary Cyrus SASL
dependencies, as well as configuration containing the SASL
credentials.
* update the default value of node_custom_config to {{ node_config
}}/config, when specified using --configdir
Security Issues
***************
* Explicitly removes the "net.ipv4.ip_forward" sysctl from
"/etc/sysctl.conf" on hosts with Neutron L3 Agent. In the absence of
another source for this sysctl, it should revert to the default of 0
after the next reboot. This is a follow up to a previous change
which stopped setting the sysctl, but leaves existing systems with
the original value of 1 set.
A deployer looking to more aggressively change the value may set
"neutron_l3_agent_host_ipv4_ip_forward" to 0 using a Yoga release of
Kolla Ansible. This option will be removed in future. Any
deployments still relying on the previous value may set
"neutron_l3_agent_host_ipv4_ip_forward" to 1. LP#1945453
* Fixes an issue where the default configuration of libvirt did not
use authentication for the API exposed over TCP on the internal API
network. This allowed anyone with access to the internal API network
read-write access to libvirt. While the internal API network is
typically trusted, other services on this network generally at least
require authentication.
SASL authentication is now enabled for libvirt by default. Kolla
Ansible supports libvirt TLS since the Train release, and this is
recommended to provide a higher level of security. LP#1964013
Bug Fixes
*********
* Fixes an issue with an OIDC authentication flow requiring
unnecessary action from the user. Redirecting to the target IdP page
now happens automatically. LP#930055
* Removes custom value of "max_allowed_secret_in_bytes" in
"barbican.conf". The default maximum size in Barbican was doubled to
avoid issues with some certificates. LP #1957795
* Fixed the deployment failure of outward_rabbitmq by resolving port
conflicts by customizing RabbitMQ's "prometheus.tcp.port". LP
#1885106
* Use Volume V3 API in OpenStack exporter. Volume V2 API has been
removed since OpenStack Wallaby. LP#1938194
* Fixes the copy job for grafana custom home dashboard file. The
copy job for the grafana home dashboard file needs to run
priviliged, otherwise permission denied error occurs. LP#[1947710]
* Fixes Octavia's "Connection refused" errors by adding
"ovn_sb_connection" to "octavia.conf". LP#195011
* Ironic API and Ironic Inspector API use separate policy files.
Ironic role was updated to be able to handle both policies
separately. LP#1952948
* Continue to run all actions if one action failed in Elasticsearch
curator. LP#1954720
* Fixes Placement no logrotate configuration LP#1954723
* Fixes Nova resize failing when "migration_interface" is
customised. LP#1956976
* Fixes unable to connect to zun console when
"kolla_enable_tls_external" is true. Access to console of any zun
container fails when "kolla_enable_tls_external" is true. This fix
sets the protocol for wsproxy "base_url" in "zun.conf" according to
the value of "kolla_enable_tls_external" LP#1957117
* Fixes Glance with Cinder iSCSI backend failing due to lack of
lock_path setting. LP#1959663
* Fixes logrotate config missing for openvswitch and prometheus
services. LP#1961795
* Fixes an issue with Ironic's PXE components not getting updated on
upgrade. LP#1963752
* Fixes configuration of the Prometheus HTTP API URL when using the
Prometheus collector in CloudKitty. LP#1961615
* Fix the apache's wsgi configuration for the aodh service in
Debuntu binary flavours. LP#1953059
* Fixes the baremetal role to avoid an error "Unable to remove
"libvirtd". Now the symlink
/etc/apparmor.d/disable/usr.sbin.libvirtd is created by the role.
LP#1960302
* Existing fluentd log rotation failed to delete old haproxy, swift,
glance-tls-proxy and neutron-tls-proxy logs. Standardise rotation
and deletion of logs using logrotate.
* Fixes an issue with setting up OIDC based Keystone federation
against IDP that has a different response type than id_token. This
can now be set using a new variable
"keystone_federation_oidc_response_type". LP#1959781
* adds back the option to configure the rabbitmq clustering
interface via kolla *LP#1900160 <https://bugs.launchpad.net/kolla-
ansible/+bug/1900160>*
* Fixes an issue seen when using Jinja2 3.1.0.
* Fixes an issue with Masakari instance monitor when libvirt SASL is
enabled. libvirt SASL was enabled by default in a recent change to
Kolla Ansible. LP#1965754
* Fixes the configuration option setting the type of endpoint used
by Neutron to send requests to Placement. LP#1960503
* Fixes a configuration issue with Node Exporter causing all file
system metrics of a host to be identical. LP#1961438
* Fixes an issue where a failure of any Nova compute service to
register itself would cause only the host querying the nova API to
fail. Now, only hosts that fail to register will fail the Kolla
Ansible run. Alternatively, to fail all hosts in a cell when any
compute service fails to register, set
"nova_compute_registration_fatal" to "true". LP#1940119
* The prometheus openstack exporters are now behind haproxy,
providing a unique time series in the prometheus database. Also
ensures that only one exporter queries the openstack APIs at any
given time interval. With the previous behavior each openstack
exporter was scraped at the same time. This caused each exporter to
query the openstack APIs simultaneously introducing unneccesary load
and duplicate time series in the prometheus database due to the
instance label being unique for each exporter. LP#1972818
* Fixes an issue where RabbitMQ was configured to mirror classic
transient queues for all services. According to the RabbitMQ
documentation this is not a supported configuration, and contributed
to numerous bug reports. In order to avoid making unexpected changes
to the RabbitMQ cluster, it is necessary to set
"rabbitmq_remove_ha_all_policy" to "yes" in order to apply this fix.
This variable will be removed in the Yoga release. LP#1954925
* Fixes an issue with Cinder upgrade where Cinder services would
remain pinned to the previous release's RPC & object versions.
LP#1954932
Changes in kolla-ansible 12.3.0..12.4.0
---------------------------------------
bbbebc524 Control Masakari monitors deploy
d34dd8125 Make redis connection string configurable
4e991a98e [CI] Nullify attempts
6a1764885 talk TLS to openstack exporter via haproxy
a53f31bd0 genpwd: handle lack of password file nicer
6281603a5 Use 'cloudkitty_influxdb_use_ssl' when creatign InfluxDB database
59f46c248 masakari: support libvirt SASL in instance monitor
3184bd6ca [CI] Restore token critical error filter
3d25b7169 Grafana: Run priviliged when copying home dashboard file
3c2f416f4 Put openstack exporter behind HAproxy so only one is queried at a time
95d14f52b [CI] Raise [keystone_authtoken]http_request_max_retries
7b07d71c6 [CI] Always use quay.io via infra's mirror
219c39500 nova: improve compute service registration failure handling
fdb52f71a nova: use any_errors_fatal for once-per-cell tasks
1f9c13ad8 [CI] Make kolla-build quiet
b9efda413 added missing become in ovs-dpdk role
8e1c98d98 Allow removal of classic queue mirroring for internal RabbitMQ
51c2edf11 Use jinja2.pass_context instead of contextfilter
29ef33cbe re-add rabbitmq config for clustering interface
d63ebbd8b designate: fix external backend deployment
01fd3b779 Ironic: rebootstrap ironic-pxe on upgrade
4d61344c1 cinder: restart services after upgrade
fd99f70f4 CI: pin ansible-lint to <6
af6b3edfa libvirt: support SASL authentication
35ea7baf6 Fix prechecks for "Ironic iPXE" container
6b33c81aa [CI] Use Tenks in Ironic job
28f1b12e8 [CI] Test Ironic when touching Neutron
6033d070a [CI] Test Ironic on Debian
b59ba5bcf Explicitly unset net.ipv4.ip_forward sysctl
fb4f64c18 Fix hard coded OIDC response type
9cc98b719 Remove grafana [session] configuration
4a2d6b385 Add openvswitch and prometheus to logrotate
5ccc1fdb5 Fix location of release note for ironic-neutron-agent healthcheck
9e9682706 cloudkitty: fix URL used for Prometheus collector
ae46e80f3 Configure node-exporter to report correct file system metrics
5fadf566d Fix fluentd v1 buffer syntax issue
9c532f43b Refactor fluentd syslog logging
f582c52d7 CI: Fix new ansible-lint failures
9b3b2fdab Fix Apparmor libvirt profile removal
d95eb6a26 neutron: fix placement endpoint type configuration
78754d825 [CI] Check fluentd errors
b33c6fa91 Fix log rotation for fluentd created files
c3d8684fe Glance: add lock_path setting
ac6051f54 [CI] Replace parted with lsblk
501c8dec8 Add OIDCDiscoverURL mod_oidc option
25b00b5cf prometheus: add tls_connect blackbox module
0299a3d22 Fix usage of Subject Alternative Name for TLS
bcd8d23a5 update the default value of node_custom_config
170bca95e Make nova_ssh listen on api_interface as well
30d23f380 Use Docker healthchecks for ironic-neutron-agent services
b71004365 Continue to run all actions if one action failed in curator
ff92636dd Revert "[CI] [to-revert] Avoid upgrades on CentOS Stream 8"
e477227ca Remove custom value of max_allowed_secret_in_bytes
735b094f5 Fix permission denied errors with ping on c8s
4bdd9202c [CI] [to-revert] Avoid upgrades on CentOS Stream 8
8616af8f2 Add logrotate to libvirt service
52afd1bdc Access to zun container fails when tls_external enabled.
905df8b6c OpenID Connect certifiate file is optional
a7c13ad8b ironic: always enable conductor HTTP server
5db2066e5 Add logrotate configuration for placement service
8f98c4adb rabbitmq: enable/disable prometheus plugin follow up
1da4abcb7 docs: adjust to current defaults
b23bab245 Support enable/disable rabbitmq prometheus plugins
aca6cbfd0 CI: check-logs - add another exception
4515dc150 Use Volume V3 API in OpenStack exporter
6cb0e1062 Move project_name and kolla_role_name to role vars
d640a3aff [CI] Drop unused nodeset
9c80df349 horizon: move horizon_enable_tls_backend to group_vars
46249ad5e Add ironic-inspector policy configuration
918397c08 Add ovn_sb_connection to octavia.conf
82f248bcc Fix aodh wsgi config file in Debuntu binary
Diffstat (except docs and test files)
-------------------------------------
.ansible-lint | 6 +
ansible/group_vars/all.yml | 14 +-
ansible/nova.yml | 4 +
ansible/roles/aodh/defaults/main.yml | 2 -
ansible/roles/aodh/templates/wsgi-aodh.conf.j2 | 4 -
ansible/roles/aodh/vars/main.yml | 2 +
ansible/roles/barbican/defaults/main.yml | 2 -
ansible/roles/barbican/templates/barbican.conf.j2 | 1 -
ansible/roles/barbican/vars/main.yml | 2 +
ansible/roles/baremetal/tasks/install.yml | 2 +-
ansible/roles/baremetal/tasks/post-install.yml | 6 +-
ansible/roles/baremetal/tasks/pre-install.yml | 9 +
ansible/roles/bifrost/defaults/main.yml | 2 -
ansible/roles/bifrost/vars/main.yml | 2 +
ansible/roles/blazar/defaults/main.yml | 2 -
ansible/roles/blazar/vars/main.yml | 2 +
ansible/roles/ceilometer/defaults/main.yml | 2 -
ansible/roles/ceilometer/vars/main.yml | 2 +
.../roles/certificates/tasks/generate-backend.yml | 2 +
ansible/roles/certificates/tasks/generate.yml | 4 +
.../templates/openssl-kolla-internal.cnf.j2 | 4 +-
.../certificates/templates/openssl-kolla.cnf.j2 | 4 +-
ansible/roles/chrony/defaults/main.yml | 2 -
ansible/roles/chrony/vars/main.yml | 2 +
ansible/roles/cinder/defaults/main.yml | 11 +-
ansible/roles/cinder/handlers/main.yml | 20 ++
ansible/roles/cinder/tasks/reload.yml | 10 +
ansible/roles/cinder/tasks/upgrade.yml | 2 +
ansible/roles/cinder/vars/main.yml | 2 +
ansible/roles/cloudkitty/defaults/main.yml | 6 +-
ansible/roles/cloudkitty/tasks/bootstrap.yml | 1 +
ansible/roles/cloudkitty/vars/main.yml | 2 +
ansible/roles/collectd/defaults/main.yml | 2 -
ansible/roles/collectd/vars/main.yml | 2 +
ansible/roles/common/defaults/main.yml | 26 ++-
ansible/roles/common/tasks/config.yml | 7 +-
.../conf/filter/00-record_transformer.conf.j2 | 27 +--
.../common/templates/conf/output/00-local.conf.j2 | 217 ++-------------------
.../common/templates/conf/output/01-es.conf.j2 | 6 +-
.../templates/conf/output/02-monasca.conf.j2 | 4 +-
.../templates/cron-logrotate-haproxy.conf.j2 | 2 +-
.../templates/cron-logrotate-nova-libvirt.conf.j2 | 3 +
.../templates/cron-logrotate-openvswitch.conf.j2 | 3 +
.../templates/cron-logrotate-placement.conf.j2 | 3 +
.../templates/cron-logrotate-prometheus.conf.j2 | 3 +
ansible/roles/common/templates/fluentd.json.j2 | 27 +--
ansible/roles/common/vars/main.yml | 2 +
ansible/roles/cyborg/defaults/main.yml | 2 -
ansible/roles/cyborg/vars/main.yml | 2 +
ansible/roles/designate/defaults/main.yml | 2 -
ansible/roles/designate/tasks/backend_external.yml | 2 +
ansible/roles/designate/vars/main.yml | 2 +
ansible/roles/elasticsearch/defaults/main.yml | 2 -
.../templates/elasticsearch-curator-actions.yml.j2 | 14 +-
ansible/roles/elasticsearch/vars/main.yml | 2 +
ansible/roles/etcd/defaults/main.yml | 2 -
ansible/roles/etcd/vars/main.yml | 2 +
ansible/roles/freezer/defaults/main.yml | 2 -
ansible/roles/freezer/vars/main.yml | 2 +
ansible/roles/glance/defaults/main.yml | 2 -
ansible/roles/glance/templates/glance-api.conf.j2 | 3 +
ansible/roles/glance/vars/main.yml | 2 +
ansible/roles/gnocchi/defaults/main.yml | 2 -
ansible/roles/gnocchi/vars/main.yml | 2 +
ansible/roles/grafana/defaults/main.yml | 2 -
ansible/roles/grafana/tasks/config.yml | 1 +
ansible/roles/grafana/templates/grafana.ini.j2 | 8 -
ansible/roles/grafana/vars/main.yml | 2 +
ansible/roles/hacluster/defaults/main.yml | 2 -
ansible/roles/hacluster/vars/main.yml | 2 +
ansible/roles/haproxy-config/defaults/main.yml | 2 -
ansible/roles/haproxy-config/vars/main.yml | 2 +
ansible/roles/haproxy/defaults/main.yml | 2 -
ansible/roles/haproxy/vars/main.yml | 2 +
ansible/roles/heat/defaults/main.yml | 2 -
ansible/roles/heat/vars/main.yml | 2 +
ansible/roles/horizon/defaults/main.yml | 7 -
ansible/roles/horizon/vars/main.yml | 2 +
ansible/roles/influxdb/defaults/main.yml | 2 -
ansible/roles/influxdb/vars/main.yml | 2 +
ansible/roles/ironic/defaults/main.yml | 6 +-
ansible/roles/ironic/tasks/bootstrap.yml | 19 --
ansible/roles/ironic/tasks/bootstrap_service.yml | 19 ++
ansible/roles/ironic/tasks/config.yml | 42 +++-
ansible/roles/ironic/tasks/precheck.yml | 1 -
.../ironic/templates/ironic-inspector.json.j2 | 8 +-
ansible/roles/ironic/templates/ironic.conf.j2 | 7 +-
ansible/roles/ironic/vars/main.yml | 2 +
ansible/roles/iscsi/defaults/main.yml | 2 -
ansible/roles/iscsi/vars/main.yml | 2 +
ansible/roles/kafka/defaults/main.yml | 2 -
ansible/roles/kafka/vars/main.yml | 2 +
ansible/roles/keystone/defaults/main.yml | 3 +-
.../keystone/tasks/config-federation-oidc.yml | 1 +
.../roles/keystone/templates/wsgi-keystone.conf.j2 | 3 +-
ansible/roles/keystone/vars/main.yml | 2 +
ansible/roles/kibana/defaults/main.yml | 2 -
ansible/roles/kibana/vars/main.yml | 2 +
ansible/roles/kuryr/defaults/main.yml | 1 -
ansible/roles/kuryr/vars/main.yml | 2 +
ansible/roles/magnum/defaults/main.yml | 2 -
ansible/roles/magnum/vars/main.yml | 2 +
ansible/roles/manila/defaults/main.yml | 2 -
ansible/roles/manila/vars/main.yml | 2 +
ansible/roles/mariadb/defaults/main.yml | 2 -
ansible/roles/mariadb/vars/main.yml | 2 +
ansible/roles/masakari/defaults/main.yml | 17 +-
ansible/roles/masakari/tasks/config.yml | 18 ++
ansible/roles/masakari/templates/auth.conf.j2 | 6 +
.../templates/masakari-instancemonitor.json.j2 | 8 +-
ansible/roles/masakari/vars/main.yml | 2 +
ansible/roles/memcached/defaults/main.yml | 2 -
ansible/roles/memcached/vars/main.yml | 2 +
ansible/roles/mistral/defaults/main.yml | 2 -
ansible/roles/mistral/vars/main.yml | 2 +
ansible/roles/monasca/defaults/main.yml | 2 -
ansible/roles/monasca/vars/main.yml | 2 +
ansible/roles/multipathd/defaults/main.yml | 2 -
ansible/roles/multipathd/vars/main.yml | 2 +
ansible/roles/murano/defaults/main.yml | 2 -
ansible/roles/murano/vars/main.yml | 2 +
ansible/roles/neutron/defaults/main.yml | 17 +-
ansible/roles/neutron/tasks/config-host.yml | 2 +
ansible/roles/neutron/templates/neutron.conf.j2 | 2 +-
ansible/roles/neutron/vars/main.yml | 2 +
ansible/roles/nova-cell/defaults/main.yml | 20 +-
ansible/roles/nova-cell/handlers/main.yml | 15 ++
ansible/roles/nova-cell/tasks/config.yml | 20 ++
ansible/roles/nova-cell/tasks/deploy.yml | 3 +-
.../roles/nova-cell/tasks/discover_computes.yml | 89 ++-------
ansible/roles/nova-cell/tasks/precheck.yml | 17 +-
.../nova-cell/tasks/wait_discover_computes.yml | 89 +++++++++
ansible/roles/nova-cell/templates/auth.conf.j2 | 6 +
ansible/roles/nova-cell/templates/libvirtd.conf.j2 | 3 +-
.../roles/nova-cell/templates/nova-compute.json.j2 | 8 +-
.../roles/nova-cell/templates/nova-libvirt.json.j2 | 12 ++
ansible/roles/nova-cell/templates/sasl.conf.j2 | 2 +
ansible/roles/nova-cell/templates/sshd_config.j2 | 3 +
ansible/roles/nova-cell/vars/main.yml | 6 +
ansible/roles/nova/defaults/main.yml | 2 -
ansible/roles/nova/vars/main.yml | 2 +
ansible/roles/octavia/defaults/main.yml | 2 -
ansible/roles/octavia/templates/octavia.conf.j2 | 1 +
ansible/roles/octavia/vars/main.yml | 2 +
ansible/roles/openvswitch/defaults/main.yml | 2 -
ansible/roles/openvswitch/vars/main.yml | 2 +
ansible/roles/ovn/defaults/main.yml | 2 -
ansible/roles/ovn/vars/main.yml | 2 +
ansible/roles/ovs-dpdk/defaults/main.yml | 1 -
ansible/roles/ovs-dpdk/tasks/config.yml | 2 +
ansible/roles/ovs-dpdk/vars/main.yml | 2 +
ansible/roles/panko/defaults/main.yml | 2 -
ansible/roles/panko/vars/main.yml | 2 +
ansible/roles/placement/defaults/main.yml | 2 -
ansible/roles/placement/vars/main.yml | 2 +
ansible/roles/prometheus/defaults/main.yml | 11 +-
ansible/roles/prometheus/templates/clouds.yml.j2 | 1 +
.../templates/prometheus-blackbox-exporter.yml.j2 | 4 +
.../templates/prometheus-node-exporter.json.j2 | 2 +-
.../roles/prometheus/templates/prometheus.yml.j2 | 7 +-
ansible/roles/prometheus/vars/main.yml | 2 +
ansible/roles/qdrouterd/defaults/main.yml | 2 -
ansible/roles/qdrouterd/vars/main.yml | 2 +
ansible/roles/rabbitmq/defaults/main.yml | 16 +-
ansible/roles/rabbitmq/tasks/config.yml | 36 ++++
ansible/roles/rabbitmq/tasks/deploy.yml | 3 +
.../roles/rabbitmq/tasks/remove-ha-all-policy.yml | 29 +++
ansible/roles/rabbitmq/tasks/upgrade.yml | 3 +
.../roles/rabbitmq/templates/advanced.config.j2 | 7 +
.../roles/rabbitmq/templates/definitions.json.j2 | 4 +
.../roles/rabbitmq/templates/enabled_plugins.j2 | 1 +
ansible/roles/rabbitmq/templates/rabbitmq.conf.j2 | 5 +
ansible/roles/rabbitmq/templates/rabbitmq.json.j2 | 12 ++
ansible/roles/rabbitmq/vars/main.yml | 2 +
ansible/roles/rally/defaults/main.yml | 2 -
ansible/roles/rally/vars/main.yml | 2 +
ansible/roles/redis/defaults/main.yml | 2 -
ansible/roles/redis/vars/main.yml | 2 +
ansible/roles/sahara/defaults/main.yml | 2 -
ansible/roles/sahara/vars/main.yml | 2 +
ansible/roles/senlin/defaults/main.yml | 2 -
ansible/roles/senlin/vars/main.yml | 2 +
ansible/roles/skydive/defaults/main.yml | 2 -
ansible/roles/skydive/vars/main.yml | 2 +
ansible/roles/solum/defaults/main.yml | 2 -
ansible/roles/solum/vars/main.yml | 2 +
ansible/roles/storm/defaults/main.yml | 2 -
ansible/roles/storm/vars/main.yml | 2 +
ansible/roles/swift/defaults/main.yml | 2 -
ansible/roles/swift/vars/main.yml | 2 +
ansible/roles/tacker/defaults/main.yml | 2 -
ansible/roles/tacker/vars/main.yml | 2 +
ansible/roles/telegraf/defaults/main.yml | 2 -
ansible/roles/telegraf/vars/main.yml | 2 +
ansible/roles/tempest/defaults/main.yml | 2 -
ansible/roles/tempest/vars/main.yml | 2 +
ansible/roles/trove/defaults/main.yml | 2 -
ansible/roles/trove/vars/main.yml | 2 +
ansible/roles/vitrage/defaults/main.yml | 2 -
ansible/roles/vitrage/vars/main.yml | 2 +
ansible/roles/vmtp/defaults/main.yml | 2 -
ansible/roles/vmtp/vars/main.yml | 2 +
ansible/roles/watcher/defaults/main.yml | 2 -
ansible/roles/watcher/vars/main.yml | 2 +
ansible/roles/zookeeper/defaults/main.yml | 2 -
ansible/roles/zookeeper/vars/main.yml | 2 +
ansible/roles/zun/defaults/main.yml | 2 -
ansible/roles/zun/templates/zun.conf.j2 | 2 +-
ansible/roles/zun/vars/main.yml | 2 +
ansible/site.yml | 2 +
.../reference/shared-services/keystone-guide.rst | 4 +-
etc/kolla/globals.yml | 2 +-
etc/kolla/passwords.yml | 5 +
kolla_ansible/cmd/genpwd.py | 8 +-
kolla_ansible/filters.py | 14 +-
kolla_ansible/kolla_address.py | 8 +-
kolla_ansible/put_address_in_context.py | 21 +-
.../add-oidc-discover-url-83edb9f43f73a97f.yaml | 7 +
...n-max-allowed-secret-size-1941307ab5d2a9fd.yaml | 7 +
.../blackbox-tls-connect-517cd8ebdf87f16e.yaml | 5 +
.../notes/bug-1885106-2347d7458a8f9cb0.yaml | 13 ++
.../notes/bug-1938194-80dba28f9cdd434c.yaml | 6 +
.../notes/bug-1945453-2-287bfcaf060689d8.yaml | 16 ++
.../notes/bug-1947710-6d0975ae72f43ada.yaml | 7 +
.../notes/bug-1950111-8e477fb6a5b58822.yaml | 6 +
.../notes/bug-1952948-003aabe18144f569.yaml | 6 +
.../notes/bug-1954720-4fc48610a56f3e98.yaml | 6 +
.../notes/bug-1954723-2d49335022492891.yaml | 5 +
.../notes/bug-1956976-8a2623ca1fbfd546.yaml | 5 +
.../notes/bug-1957117-7832104d66a91da7.yaml | 11 ++
.../notes/bug-1959663-afda889b9aa4c63f.yaml | 6 +
.../notes/bug-1961795-16fb2ac27152fc03.yaml | 6 +
.../notes/bug-1963752-ee12e15c17c24bb0.yaml | 6 +
...cloudkitty-prometheus-url-ee14bc486e810631.yaml | 6 +
...control-masakari-monitors-1107c10c45678b0a.yaml | 8 +
.../notes/enable-ipxe-cf461344bdb99881.yaml | 12 ++
.../fix-aodh-wsgi-config-7679adda584e33bb.yaml | 6 +
...r-libvirt-profile-removal-01db6ca6dd66879f.yaml | 7 +
.../fix-haproxy-logrotate-e299a0000728fd8f.yaml | 12 ++
...x-hardcoded-oidc-response-fc0f115f0b56cddf.yaml | 7 +
.../fix-openstack-exporter-tls-bug-1975598.yml | 8 +
...q-interface-configuration-b39c954fb8763d9c.yaml | 6 +
...-for-ironic-neutron-agent-61ec4d0d237da075.yaml | 6 +
.../jinja2-pass-context-2afc328ade8c407b.yaml | 4 +
.../notes/libvirt-sasl-404199143610fb75.yaml | 27 +++
.../masakari-libvirt-sasl-f368c31c0b5567b6.yaml | 6 +
...n-placement-endpoint-type-90073ba5ecc9e663.yaml | 6 +
...porter-filesystem-metrics-d3ae7b0a892d2957.yaml | 6 +
.../nova-discover-hosts-0353e9274f22195c.yaml | 9 +
.../openstack-exporter-hammering-os-apis.yaml | 14 ++
...ue-mirroring-for-rabbitmq-d54b9e7e25e57a88.yaml | 10 +
.../notes/unpin-cinder-rpcs-8eb7e0858a91b9b8.yaml | 6 +
...update-node-custom-config-7b378b25ce22779f.yaml | 5 +
roles/multi-node-managed-addressing/tasks/main.yml | 1 +
test-requirements.txt | 2 +-
zuul.d/base.yaml | 12 +-
zuul.d/jobs.yaml | 8 +
zuul.d/nodesets.yaml | 38 ----
zuul.d/project.yaml | 1 +
273 files changed, 1460 insertions(+), 777 deletions(-)
Requirements updates
--------------------
diff --git a/test-requirements.txt b/test-requirements.txt
index 8b10965c0..2bff582dc 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -2 +2 @@
-ansible-lint>=4.2.0,!=4.3.0 # MIT
+ansible-lint>=4.2.0,!=4.3.0,<6.0.0 # MIT
1
0
We are amped to announce the release of:
kolla-ansible 14.1.0: Ansible Deployment of Kolla containers
This release is part of the yoga stable release series.
The source is available from:
https://opendev.org/openstack/kolla-ansible
Download the package from:
https://tarballs.openstack.org/kolla-ansible/
Please report issues through:
https://bugs.launchpad.net/kolla-ansible/+bugs
For more details, please see below.
14.1.0
^^^^^^
New Features
************
* New switches added to control deployment of the Masakari monitors.
The deployment of each type of monitors can be controlled
individually via "enable_masakari_instancemonitor" and
"enable_masakari_hostmonitor". By default, both are set to "true"
when the deployment of the Masakari is enabled via
"enable_masakari".
Bug Fixes
*********
* Fixes an issue with Masakari instance monitor when libvirt SASL is
enabled. libvirt SASL was enabled by default in a recent change to
Kolla Ansible. LP#1965754
* The prometheus openstack exporters are now behind haproxy,
providing a unique time series in the prometheus database. Also
ensures that only one exporter queries the openstack APIs at any
given time interval. With the previous behavior each openstack
exporter was scraped at the same time. This caused each exporter to
query the openstack APIs simultaneously introducing unneccesary load
and duplicate time series in the prometheus database due to the
instance label being unique for each exporter. LP#1972818
Changes in kolla-ansible 14.0.0..14.1.0
---------------------------------------
eee165968 Control Masakari monitors deploy
910d033a0 Make redis connection string configurable
3f085dbc0 [CI] Do not test Venus on Yoga
c443692be [CI] Nullify attempts
c9b9b62e6 talk TLS to openstack exporter via haproxy
785e269e5 genpwd: handle lack of password file nicer
5c801e33e Fix malformed OIDCMemCacheServers
cd818de69 Use 'cloudkitty_influxdb_use_ssl' when creatign InfluxDB database
166a4e5fe masakari: support libvirt SASL in instance monitor
6d6ecaefb [CI] Restore token critical error filter
6191db3f8 Put openstack exporter behind HAproxy so only one is queried at a time
d29d98275 [CI] Raise [keystone_authtoken]http_request_max_retries
e812853c6 Add doc fix for all-in-one in venv
Diffstat (except docs and test files)
-------------------------------------
ansible/group_vars/all.yml | 5 ++++-
ansible/roles/cloudkitty/defaults/main.yml | 2 +-
ansible/roles/cloudkitty/tasks/bootstrap.yml | 1 +
ansible/roles/keystone/templates/wsgi-keystone.conf.j2 | 2 +-
ansible/roles/masakari/defaults/main.yml | 15 +++++++++++++--
ansible/roles/masakari/tasks/config.yml | 18 ++++++++++++++++++
ansible/roles/masakari/templates/auth.conf.j2 | 6 ++++++
.../templates/masakari-instancemonitor.json.j2 | 8 +++++++-
ansible/roles/prometheus/defaults/main.yml | 6 ++++++
ansible/roles/prometheus/templates/prometheus.yml.j2 | 7 ++++---
kolla_ansible/cmd/genpwd.py | 8 ++++++--
.../control-masakari-monitors-1107c10c45678b0a.yaml | 8 ++++++++
.../notes/fix-openstack-exporter-tls-bug-1975598.yml | 8 ++++++++
.../notes/masakari-libvirt-sasl-f368c31c0b5567b6.yaml | 6 ++++++
.../notes/openstack-exporter-hammering-os-apis.yaml | 14 ++++++++++++++
zuul.d/base.yaml | 1 -
zuul.d/project.yaml | 2 --
22 files changed, 132 insertions(+), 26 deletions(-)
1
0
We are pleased to announce the release of:
kolla 14.1.0: Kolla OpenStack Deployment
This release is part of the yoga stable release series.
The source is available from:
https://opendev.org/openstack/kolla
Download the package from:
https://tarballs.openstack.org/kolla/
Please report issues through:
https://bugs.launchpad.net/kolla/+bugs
For more details, please see below.
14.1.0
^^^^^^
New Features
************
* Updates Alertmanager version to 0.24.0.
Upgrade Notes
*************
* The Debian and Ubuntu images use rabbitmq and erlang from
cloudsmith now. Operators might want to mirror/proxy this new source
as it provides the correct set of packages unlike the previous
combination.
Bug Fixes
*********
* Fixes the Debian and Ubuntu images to use rabbitmq and erlang from
cloudsmith so that the images are still buildable and use proper
versions.
Changes in kolla 14.0.0..14.1.0
-------------------------------
240b3cf44 Fix Ubuntu image builds
4ecd200b9 Bump up Alertmanager version
3a65c4842 [bifrost] Force Bifrost to use the correct u-c
b80d47566 Fix local sources of git repositories
6cf2912d5 [bifrost] Force Bifrost to use the correct git branch
Diffstat (except docs and test files)
-------------------------------------
.../prometheus-alertmanager/Dockerfile.j2 | 2 +-
kolla/image/build.py | 26 +++++++++++++---------
kolla/template/repos.yaml | 22 +++++++++---------
...bump-alertmanager-to-0.24-e73778e9d954cf85.yaml | 4 ++++
...abbitmq-erlang-cloudsmith-c837bf4a450dd802.yaml | 10 +++++++++
7 files changed, 46 insertions(+), 26 deletions(-)
1
0
We are gleeful to announce the release of:
kayobe 12.1.0: Deployment of OpenStack to bare metal using OpenStack
kolla and bifrost
This release is part of the yoga stable release series.
The source is available from:
https://opendev.org/openstack/kayobe
Download the package from:
https://tarballs.openstack.org/kayobe/
Please report issues through:
https://storyboard.openstack.org/#!/project/openstack/kayobe
For more details, please see below.
Changes in kayobe 12.0.0..12.1.0
--------------------------------
7e9175b9 ironic: Set MTU on provisioning and cleaning Neutron networks
2f3a8f80 Fix forgotten hacluster regexp for image build
Diffstat (except docs and test files)
-------------------------------------
ansible/group_vars/all/kolla | 2 ++
ansible/provision-net.yml | 2 ++
releasenotes/notes/hacluster-build-issue-2a8023e0cd80235a.yaml | 5 +++++
releasenotes/notes/provision-net-mtu-befdda04224f49a6.yaml | 5 +++++
4 files changed, 14 insertions(+)
1
0
We are thrilled to announce the release of:
kolla 12.2.0: Kolla OpenStack Deployment
This release is part of the wallaby stable release series.
The source is available from:
https://opendev.org/openstack/kolla
Download the package from:
https://tarballs.openstack.org/kolla/
Please report issues through:
https://bugs.launchpad.net/kolla/+bugs
For more details, please see below.
12.2.0
^^^^^^
New Features
************
* Adds Cyrus SASL packages necessary for the DIGEST-MD5 and SCRAM-
SHA-256 mechanisms. These can be used for libvirt SASL
authentication. LP#1964013
* Quiet mode (enabled with "--quiet" argument) can be combined with
" --logs-dir" option now. Console output will be quiet as expected
while building output will be stored in separate log files.
Upgrade Notes
*************
* The Debian and Ubuntu images use rabbitmq and erlang from
cloudsmith now. Operators might want to mirror/proxy this new source
as it provides the correct set of packages unlike the previous
combination.
Security Issues
***************
* Adds mitigation for Apache Log4j 2 Remote Code Execution (RCE)
vulnerabilities CVE-2021-44228 and CVE-2021-45046 to Apache Storm.
Bug Fixes
*********
* Fixes an issue with Ironic deployments using UEFI and iPXE, where
the default UEFI iPXE bootloader in Ironic was not available in the
TFTP server. This affects all Kolla releases on CentOS, and Xena on
Debian/Ubuntu. LP#1959203
* Installs "glusterfs-client" in Debian and Ubuntu "manila-share"
images to support GlusterFS across supported distributions.
LP#1964140
* Latest version of the elasticsearch gem no longer works with older
(OSS) versions of Elasticsearch. This is fixed by capping the
version of the elasticsearch gem installed into the fluentd
container. LP#1954759
* Fixes an issue when older version of Python OpenvSwitch bindings
package was used, than the running OpenvSwitch code. LP#1961874
* Fix AArch64 ubuntu ironic-python-agent images UEFI PXE booting
failure. Also fix x86_64 lacking of GRUB efi files issue. LP#1879265
* Fixes an issue building images that use a source with a "type" of
"git", when using a git that includes the fix for CVE-2022-24765
(2.35.2 or later). By default, this includes the "gnocchi-base"
image, but may include other images with a non-default
configuration. LP#837710
* Fixes disabling the use of the "curlrc" configuration file in
"healthcheck_curl". LP#1967272
* Fixes an issue seen when using Jinja2 3.1.0.
* Fixes an issue with missing Magnum Keystone auth default policy.
LP#1957159
* Fixes the Debian and Ubuntu images to use rabbitmq and erlang from
cloudsmith so that the images are still buildable and use proper
versions.
* Fixes set_configs.py configuring same permission for directories
and files, causing directories lacking execute permission if not set
for files.
Changes in kolla 12.1.0..12.2.0
-------------------------------
b0517b356 Fix Ubuntu image builds
8ffdee926 Fix local sources of git repositories
444bdffcc masakari: add Cyrus SASL packages to monitors image
cfc365520 cloudkitty: disable building for ubuntu/binary
42c79cdd4 enable logging to file for quiet mode
43dce2cf0 Revert "CI: add templated Dockerfiles to build logs"
7fb3ecb18 Fix image builds with sources using a type=git
5943f32af Emit log when copying file/directory permissions
6a39d8e3d elasticsearch: install Java first on CentOS too
30fbbadd5 Restore use of contextfunction decorator
d8708b713 cloudkitty-api: make sure that we install packages
f3a066673 Fix disabling of curlrc in healthcheck_curl
4ac3ae718 macros/pip: revert to old setuptools way
41b43807b Use jinja2.pass_context instead of contextfilter
cbd2bc7e1 libvirt: add Cyrus SASL packages for DIGEST-MD5
d1cd4e91a Install glusterfs-client in Debuntu
a3fab9d6a Add qemu-img also in nova-libvirt image
76d2e589d [CI] Test Ironic on Debian
b3e2bcdc2 Use python3-openvswitch from distro
4c893661f CI: Drop Ceph stream override
94cecf86e Ensure set_configs sets execute bit on directories
50b1f117a erlang: use packages from Erlang Solutions on AArch64
a29648baf collectd: pcie-errors is x86-64 only now
7f38bce81 base: Drop usage of Ceph Nautilus from RDO
1ac4662c1 ironic: Fix UEFI & iPXE bootloader filenames
3bbc5b329 Unpin td-agent and cap elasticsearch gem
f439afa42 Remove missing collectd packages
67e4f50bf Use distro provided GRUB efi
5ba4fb275 openstack-base: drop anyjson
4835d402f Mitigate two Log4j vulnerabilities in Apache Storm
59adcfd80 magnum: fix issue with keystone auth default policy
320fcbdce Fix variable name
Diffstat (except docs and test files)
-------------------------------------
.zuul.d/base.yaml | 1 -
.zuul.d/debian.yaml | 2 +
kolla/common/utils.py | 34 ++++++++-----
kolla/image/build.py | 16 +++++-
kolla/template/filters.py | 9 +++-
kolla/template/methods.py | 8 ++-
kolla/template/repos.yaml | 21 ++++----
.../notes/bug-1959203-1bb695e052248d78.yaml | 8 +++
.../notes/bug-1964140-57b433329bab067e.yaml | 6 +++
...cap-fluentd-elasticsearch-18c0ca8e90c1234c.yaml | 7 +++
.../notes/distro-python-ovs-df705d1e59f16cde.yaml | 6 +++
...n-agent-pxe-booting-issue-95adaf9249207d5b.yaml | 6 +++
.../git-security-fix-fix-ea56c0071585237d.yaml | 9 ++++
...check-curl-disable-curlrc-0f85aad47379e2a5.yaml | 5 ++
.../jinja2-pass-context-3f3febcd944e3a51.yaml | 4 ++
.../notes/libvirt-sasl-07a8a1a25d2450c6.yaml | 6 +++
...stone-auth-default-policy-e16f7bb558aa4b14.yaml | 5 ++
.../quiet-mode-with-logs-0abafc07923945ac.yaml | 6 +++
...abbitmq-erlang-cloudsmith-c837bf4a450dd802.yaml | 10 ++++
...ectory-execute-permission-8ab919b7b17025d2.yaml | 5 ++
...-vulnerability-mitigation-6746a8a0bb329485.yaml | 5 ++
46 files changed, 308 insertions(+), 122 deletions(-)
1
0
We are gleeful to announce the release of:
kolla 13.1.0: Kolla OpenStack Deployment
This release is part of the xena stable release series.
The source is available from:
https://opendev.org/openstack/kolla
Download the package from:
https://tarballs.openstack.org/kolla/
Please report issues through:
https://bugs.launchpad.net/kolla/+bugs
For more details, please see below.
13.1.0
^^^^^^
New Features
************
* Added a container image for Prometheus libvirt exporter, to be
used for monitoring deployments which provide VMs with libvirt.
* Adds Cyrus SASL packages necessary for the DIGEST-MD5 and SCRAM-
SHA-256 mechanisms. These can be used for libvirt SASL
authentication. LP#1964013
* Quiet mode (enabled with "--quiet" argument) can be combined with
" --logs-dir" option now. Console output will be quiet as expected
while building output will be stored in separate log files.
Upgrade Notes
*************
* The Debian and Ubuntu images use rabbitmq and erlang from
cloudsmith now. Operators might want to mirror/proxy this new source
as it provides the correct set of packages unlike the previous
combination.
Security Issues
***************
* Adds mitigation for Apache Log4j 2 Remote Code Execution (RCE)
vulnerabilities CVE-2021-44228 and CVE-2021-45046 to Apache Storm.
Bug Fixes
*********
* Fixes an issue with Ironic deployments using UEFI and iPXE, where
the default UEFI iPXE bootloader in Ironic was not available in the
TFTP server. This affects all Kolla releases on CentOS, and Xena on
Debian/Ubuntu. LP#1959203
* Installs "glusterfs-client" in Debian and Ubuntu "manila-share"
images to support GlusterFS across supported distributions.
LP#1964140
* Latest version of the elasticsearch gem no longer works with older
(OSS) versions of Elasticsearch. This is fixed by capping the
version of the elasticsearch gem installed into the fluentd
container. LP#1954759
* Fixes an issue when older version of Python OpenvSwitch bindings
package was used, than the running OpenvSwitch code. LP#1961874
* Fix AArch64 ubuntu ironic-python-agent images UEFI PXE booting
failure. Also fix x86_64 lacking of GRUB efi files issue. LP#1879265
* Fixes an issue building images that use a source with a "type" of
"git", when using a git that includes the fix for CVE-2022-24765
(2.35.2 or later). By default, this includes the "gnocchi-base"
image, but may include other images with a non-default
configuration. LP#837710
* Fixes disabling the use of the "curlrc" configuration file in
"healthcheck_curl". LP#1967272
* Fixes an issue seen when using Jinja2 3.1.0.
* Fixes an issue with missing Magnum Keystone auth default policy.
LP#1957159
* Fixes the Debian and Ubuntu images to use rabbitmq and erlang from
cloudsmith so that the images are still buildable and use proper
versions.
* Fixes set_configs.py configuring same permission for directories
and files, causing directories lacking execute permission if not set
for files.
Changes in kolla 13.0.1..13.1.0
-------------------------------
6298c0e07 Fix Ubuntu image builds
6a6fce5bf [bifrost] Force Bifrost to use the correct u-c
0e54080e6 Fix local sources of git repositories
0009ffb7e masakari: add Cyrus SASL packages to monitors image
cfd0fb0f2 cloudkitty: disable building for ubuntu/binary
52375aeea prometheus-libvirt-exporter: fix build with newer Go
6e3381b0e enable logging to file for quiet mode
164cda1c4 Revert "CI: add templated Dockerfiles to build logs"
6b88dc0f0 Fix image builds with sources using a type=git
cd58db65e Emit log when copying file/directory permissions
531dd4444 elasticsearch: install Java first on CentOS too
58f83d7ea cloudkitty-api: make sure that we install packages
5197793d9 Fix disabling of curlrc in healthcheck_curl
8c29f15ca macros/pip: revert to old setuptools way
3a6a17970 Use jinja2.pass_context instead of contextfilter
292e78312 libvirt: add Cyrus SASL packages for DIGEST-MD5
c80522274 Install glusterfs-client in Debuntu
aa6286efe [CI] Test Ironic on Debian
2b605d3b9 Add Prometheus libvirt exporter image
bc2544b8e pin out some package from Debian OpenStack Team repos
6760c2a98 Use python3-openvswitch from distro
2b6785dfd [CI] Add K-A Octavia jobs to the experimental pipeline
df5115822 Add qemu-img also in nova-libvirt image
b77912895 Ensure set_configs sets execute bit on directories
b38582b48 erlang: use packages from Erlang Solutions on AArch64
47aac3c69 collectd: pcie-errors is x86-64 only now
af092df6a ironic: Fix UEFI & iPXE bootloader filenames
5c6eb1739 Unpin td-agent and cap elasticsearch gem
c6a972e5d Remove missing collectd packages
2171f0a7b Use distro provided GRUB efi
fdd9506de Mitigate two Log4j vulnerabilities in Apache Storm
9f5755fe4 magnum: fix issue with keystone auth default policy
c8d370943 Fix variable name
Diffstat (except docs and test files)
-------------------------------------
.zuul.d/base.yaml | 1 -
.zuul.d/centos.yaml | 2 +
.zuul.d/debian.yaml | 2 +
.zuul.d/ubuntu.yaml | 2 +
.../prometheus-libvirt-exporter/Dockerfile.j2 | 47 ++++++++++++++++++
kolla/common/utils.py | 34 ++++++++-----
kolla/image/build.py | 16 +++++-
kolla/template/filters.py | 9 +++-
kolla/template/methods.py | 8 ++-
kolla/template/repos.yaml | 24 +++++----
...ometheus-libvirt-exporter-8d505dc8b74f8625.yaml | 4 ++
.../notes/bug-1959203-1bb695e052248d78.yaml | 8 +++
.../notes/bug-1964140-57b433329bab067e.yaml | 6 +++
...cap-fluentd-elasticsearch-18c0ca8e90c1234c.yaml | 7 +++
.../notes/distro-python-ovs-df705d1e59f16cde.yaml | 6 +++
...n-agent-pxe-booting-issue-95adaf9249207d5b.yaml | 6 +++
.../git-security-fix-fix-ea56c0071585237d.yaml | 9 ++++
...check-curl-disable-curlrc-0f85aad47379e2a5.yaml | 5 ++
.../jinja2-pass-context-3f3febcd944e3a51.yaml | 4 ++
.../notes/libvirt-sasl-07a8a1a25d2450c6.yaml | 6 +++
...stone-auth-default-policy-e16f7bb558aa4b14.yaml | 5 ++
.../quiet-mode-with-logs-0abafc07923945ac.yaml | 6 +++
...abbitmq-erlang-cloudsmith-c837bf4a450dd802.yaml | 10 ++++
...ectory-execute-permission-8ab919b7b17025d2.yaml | 5 ++
...-vulnerability-mitigation-6746a8a0bb329485.yaml | 5 ++
51 files changed, 360 insertions(+), 115 deletions(-)
1
0
We are pleased to announce the release of:
kayobe 10.2.0: Deployment of OpenStack to bare metal using OpenStack
kolla and bifrost
This release is part of the wallaby stable release series.
The source is available from:
https://opendev.org/openstack/kayobe
Download the package from:
https://tarballs.openstack.org/kayobe/
Please report issues through:
https://storyboard.openstack.org/#!/project/openstack/kayobe
For more details, please see below.
10.2.0
^^^^^^
New Features
************
* Enables hardware clock (RTC) synchronisation by default when
applying the chrony role. This setting is configurable with the new
variable "chrony_rtcsync_enabled".
* Adds support for inspection of L3-routed Ironic networks via DHCP-
relay.
* Adds support for running package updates on Ubuntu hosts via the
following existing commands:
* "kayobe seed host package update --packages <packages>"
* "kayobe seed hypervisor host package update --packages
<packages>"
* "kayobe infra vm host package update --packages <packages>"
* "kayobe overcloud host package update --packages <packages>"
Security Issues
***************
* Fixes an issue where any passwords in
"kolla_ansible_custom_passwords" were exposed in Ansible logs. When
using verbosity level 3 ("-vvv"), they were also exposed in Ansible
output.
Bug Fixes
*********
* In production environments, the provision network may be separated
from the other networks, so in this case, if you want Bifrost's DHCP
service provides the correct gateway for the clients the
"inspection_gateway" should be used instead of the "gateway"
attribute for the provision network. This also avoids configuring
the multiple IP gateways on a single host which leads to
unpredictable results.
* Fixes an issue where the Neutron SR-IOV agent image is not built
when the service is enabled.
* Fixes an issue with idempotence of local Kolla Ansible
configuration generation.
* Fixes an issue with the seed's configdrive when the admin network
is a VLAN. See story 2008089 for details.
* Enables deployment of Grafana when Monasca is enabled, as a
replacement for the retired "monasca-grafana" image. See story
2009717 for details.
* Fixes Ansible inventory generation with some custom group mappings
using the same group names for Kayobe and Kolla Ansible. See story
2009927 for details.
* The set of commands starting with "kayobe overcloud database" now
generate the kolla configuration necessary to login to the nodes
running the database.
* Fixes an issue with config drive generation for infrastructure and
seed VMs when using untagged interfaces. The symptom of this issue
is that kayobe cannot login to the instance. If you check the
libvirt console log, you will see "KeyError: 'vlan_link'". See story
2009910 for details.
* Fixes an issue where hacluster images are not built when the
service is enabled.
* Fixes an issue with IPA image builds which used the "master"
branch of "ironic-python-agent", even on stable releases of Kayobe,
or when explicitly setting "ipa_build_source_version".
* Fixes an issue where any passwords in
"kolla_ansible_custom_passwords" were exposed in Ansible logs. When
using verbosity level 3 ("-vvv"), they were also exposed in Ansible
output.
* Fixes an issue where patch links could be erroneously created on
hosts not in the overcloud group. See Story 2009911 for details.
* Pins Jinja2 to less than "3.1.0" to avoid breaking changes.
* Fixes an issue where the MTU defined in Kayobe was not applied to
Ironic provisioning and cleaning networks in Neutron.
* Deployment image (IPA) build no longer uses master version of
upper- constraints. Instead, it defaults to using the constraints
for the OpenStack release associated with the version of Kayobe
being used. See story 2009810 for details.
* Fixes failures to run "kayobe overcloud bios raid configure" by
upgrading the "stackhpc.drac" role to version 1.1.6.
* Fixes an issue with masking NTP services which are not found. See
story 2009821 for details.
Changes in kayobe 10.1.0..10.2.0
--------------------------------
313a9851 ironic: Set MTU on provisioning and cleaning Neutron networks
4d68a5dd CI: Disable horizon in upgrade jobs to save disk space
8888e406 Fix forgotten hacluster regexp for image build
c231848e CI: separate image builds into a non-voting job
3beff4ca kolla_passwords: add no_log for password overrides
c0988335 Bump stackhpc.drac role
712c41b4 Cleanup old and deprecated Swift configuration
26cb0bde docs: Fix custom LVM example
9f469c36 Update documentation link for NCLU
09a4c294 Fix variable name for stackhpc.os-networks upper constraints
4d7e7a57 Restore forgotten linuxbridge-agent container
e23ce7a4 Fix Ansible inventory generation when reusing group names
56f01b53 CI: Avoid image downloads and builds in seed jobs
7e348126 CI: Fix molecule job failure
6cafdb8a Fix custom config idempotence
ea7a9059 Pin Jinja2<3.1.0 to avoid contextfilter removal
035f2f40 Ubuntu: support host package update
a7e3b0c2 CI: Pin ansible-lint to <6
6886ce6b Only create patch links on overcloud hosts
c129808c CI: Disable container image builds on Ubuntu
1f006150 Use naming convention to infer VLAN tagging
00d6ad65 CI: remove qemu-utils installation
ee6d4614 CI: stop using zuul as kayobe_ansible_user in TLS jobs
ae617ae7 Enable rtcsync in chrony by default
c5f9a5ee Bump up manage-lvm role version to v0.2.6
8a859c23 CI: Enable bare metal testing for Ubuntu
52973754 Set requirements branch for IPA build
4b3bb2c0 Set correct gateway for the bifrost provision network
180fd4ba ntp: Fix service mask when service doesn't exist
ed3a0556 Fix Sphinx syntax typo
42c87d2c Fix 'ModuleNotFoundError: No module named 'docker'
1c65af8e Fix seed VM configdrive when admin network is a VLAN
e9dd7e0d Generate kolla config when running database commands
b08a2197 Build neutron-sriov-agent image when enabled
933cf53c ipa: Use openstack_branch instead of master
c68913d8 Deploy Grafana when Monasca is enabled
4d777082 [CI] Drop unused nodeset
43451c49 CI: Use correct TD agent repository version
9ae0401f Document that extra kernel parameters are important for inspection
679fa2a7 Add support for Ironic inspection through DHCP-relay
c92a97ce Limit ip-routing and snat to seed hosts only
Diffstat (except docs and test files)
-------------------------------------
ansible/group_vars/all/bifrost | 3 +
ansible/group_vars/all/ipa | 9 ++-
ansible/group_vars/all/kolla | 9 ++-
ansible/group_vars/all/time | 3 +
ansible/host-package-update.yml | 6 +-
ansible/ip-routing.yml | 2 +-
ansible/kolla-ansible.yml | 1 +
ansible/kolla-bifrost.yml | 2 +-
ansible/provision-net.yml | 4 +-
ansible/roles/kolla-ansible/defaults/main.yml | 3 +
.../roles/kolla-ansible/library/kolla_passwords.py | 2 +-
.../roles/kolla-ansible/templates/globals.yml.j2 | 2 +-
.../kolla-ansible/templates/overcloud-top-level.j2 | 2 +-
ansible/roles/kolla-openstack/tasks/config.yml | 1 -
.../roles/kolla-openstack/templates/glance.conf.j2 | 29 --------
ansible/roles/network-redhat/tasks/main.yml | 1 +
ansible/roles/ntp/tasks/prepare.yml | 25 +++++--
ansible/snat.yml | 2 +-
dev/functions | 11 +++
.../reference/ironic-python-agent.rst | 7 +-
.../configuration/reference/physical-network.rst | 2 +-
etc/kayobe/bifrost.yml | 3 +
etc/kayobe/ipa.yml | 2 +-
etc/kayobe/time.yml | 3 +
kayobe/cli/commands.py | 8 ++
kayobe/plugins/filter/networks.py | 8 ++
molecule-requirements.txt | 12 +++
playbooks/kayobe-overcloud-base/globals.yml.j2 | 2 +-
playbooks/kayobe-overcloud-base/overrides.yml.j2 | 3 -
playbooks/kayobe-overcloud-base/run.yml | 11 ---
.../overrides.yml.j2 | 2 +-
.../kayobe-overcloud-upgrade-base/overrides.yml.j2 | 3 +-
playbooks/kayobe-overcloud-upgrade-base/pre.yml | 4 +
.../kayobe-seed-base/bifrost-overrides.yml.j2 | 8 +-
playbooks/kayobe-seed-base/overrides.yml.j2 | 4 +-
playbooks/kayobe-seed-base/run.yml | 34 +++++----
.../bifrost-overrides.yml.j2 | 6 +-
...ifrost-inspection-gateway-316ab384430ef8df.yaml | 9 +++
.../build-neutron-sriov-836acf378bae0b48.yaml | 5 ++
.../notes/config-idemoptence-37846db82ecd9f43.yaml | 4 +
.../notes/configdrive-vlans-4e8b6ed07b229233.yaml | 6 ++
...able-grafana-with-monasca-497d686e95d89242.yaml | 7 ++
...nable-rtc-synchronisation-1179a52e8e6bd12b.yaml | 6 ++
...lla-ansible-group-mapping-8fcd6cbb1e744e18.yaml | 6 ++
...ckup-with-no-kolla-config-4f857915adabad41.yaml | 6 ++
.../fixes-keyerror-vlan-link-c177cf719e070df6.yaml | 8 ++
.../hacluster-build-issue-2a8023e0cd80235a.yaml | 5 ++
...pector-dhcp-range-netmask-bb46eb7df77587a4.yaml | 4 +
.../notes/ipa-branch-b29c377c531013a8.yaml | 6 ++
...asswords-overrides-no-log-57054ce64fae8143.yaml | 11 +++
.../patch-links-on-overcloud-e24dbc858d3399cc.yaml | 6 ++
.../notes/pin-jinja2-988297e06a2cf790.yaml | 4 +
.../notes/provision-net-mtu-befdda04224f49a6.yaml | 5 ++
...ents-branch-for-ipa-build-c3ca977ec21b58f4.yaml | 8 ++
.../stackhpc-drac-check-mode-8097215f8eca9991.yaml | 5 ++
.../notes/story-2009821-b309165e25e77aea.yaml | 5 ++
.../ubuntu-package-update-0db09fc57249b9fc.yaml | 10 +++
requirements.txt | 1 +
requirements.yml | 8 +-
roles/kayobe-diagnostics/files/get_logs.sh | 1 +
test-requirements.txt | 8 +-
tox.ini | 2 +-
zuul.d/jobs.yaml | 26 +++++++
zuul.d/nodesets.yaml | 6 --
zuul.d/project.yaml | 5 ++
69 files changed, 395 insertions(+), 129 deletions(-)
Requirements updates
--------------------
diff --git a/molecule-requirements.txt b/molecule-requirements.txt
new file mode 100644
index 00000000..9ae944e6
--- /dev/null
+++ b/molecule-requirements.txt
@@ -0,0 +1,12 @@
+# The order of packages is significant, because pip processes them in the order
+# of appearance. Changing the order has an impact on the overall integration
+# process, which may cause wedges in the gate later.
+
+ansible-lint>=3.0.0,<6.0.0,!=4.3.0 # MIT
+docker # Apache-2.0
+molecule # MIT
+molecule-docker # MIT
+pytest-molecule # MIT
+pytest-testinfra
+rich<12.1.0
+yamllint # GPLv3
diff --git a/requirements.txt b/requirements.txt
index ed81d1d1..43ec9103 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -2,0 +3 @@ ansible>=2.9.0,<2.11.0,!=2.9.8,!=2.9.12 # GPLv3
+Jinja2<3.1.0 # BSD
diff --git a/test-requirements.txt b/test-requirements.txt
index f3184134..b732c830 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -5 +5 @@
-ansible-lint>=3.0.0,!=4.3.0 # MIT
+ansible-lint>=3.0.0,<6.0.0,!=4.3.0 # MIT
@@ -9 +8,0 @@ doc8 # Apache-2.0
-docker # Apache-2.0
@@ -11,2 +9,0 @@ hacking>=3.0.1,<3.1.0 # Apache-2.0
-molecule # MIT
-molecule-docker # MIT
@@ -14,3 +10,0 @@ oslotest>=1.10.0 # Apache-2.0
-paramiko
-pytest-molecule # MIT
-pytest-testinfra
1
0