Release-announce
Threads by month
- ----- 2026 -----
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- 1 participants
- 17552 discussions
We contentedly announce the release of:
ironic-python-agent-builder 2.0.0: Tools and scripts to build Ironic
Python Agent
The source is available from:
https://opendev.org/openstack/ironic-python-agent-builder
Download the package from:
https://tarballs.openstack.org/ironic-python-agent-builder/
For more details, please see below.
2.0.0
^^^^^
New Features
************
* Adds packages required for "ironic-python-agent" to synchronize
the system clock, namely ntpdate. The other dependency of the agent
requires is "hwclock", however that package is provided by util-
linux.
Upgrade Notes
*************
* The efibootmgr package was added to tinyipa and dib images.
* The efivar package was added to tinyipa and dib images.
* Python 2.7 support has been dropped. Last release of ironic-
python- agent-builder to support Python 2.7 is OpenStack Train. The
minimum version of Python now supported by ironic-python-agent-
builder is Python 3.6.
Deprecation Notes
*****************
* Building images for CentOS 7 and other distribution releases that
default to Python 2 is deprecated.
Other Notes
***********
* Since ironic-python-agent has removed support for Python 2, CentOS
8 images are now built and published on
https://tarballs.openstack.org instead of CentOS 7 ones. The CentOS
7 images should not be used for Ussuri and later releases.
Changes in ironic-python-agent-builder 1.1.0..2.0.0
---------------------------------------------------
dd90f32 Upgrade flake8-import-order version to 0.17.1
b7000b9 [Trivial] Doc update on the stable-interface-names
9fddc46 Cleanup py27 support
6349de8 Install e2fsprogs in dib images
075cf46 Add DIB_REPOREF_requirements when building images using a specific branch
919b8f6 Workaround for missing adjtime file
394aec4 Use python3 binary for all operations
c7ec106 Use variables for ssh paths
1638293 Use train branch for centos7 job
044ae3f Force DIB_PYTHON_VERSION to 3 for Debian
ca27668 Make Ubuntu Bionic job green again
dd4110a Upgrade pip if it's too old
789ebe1 Add ntpdate/ntpclient/chrony
531167c Upgrade to tinycore 10.x
ae327bb Add extra filesystem support
718857c Revert "Test artifact publishing via AFS"
f854e34 Test artifact publishing via AFS
46c78a1 Use correct command for Python virtualenv
22a12a3 Fix pip install pkgs with non-ascii characters in filenames
683feac Fix and return the CentOS 7 job
79f597e Start installing DIB from Zuul-cloned sources in the CI
07cdd87 DIB: replace targetcli with target-restore on RHEL/CentOS 8
6087573 CI: add a non-voting partition-iscsi DIB job
15ec23f Add efivar
3c78c29 Replace CentOS 7 images with CentOS 8
e28167a Be a bit more verbose around tinyipa for rescue
a6c0f2c Fix the binary name in document
d6aeb03 Revert "Update tinycore from 9.x to 10.x"
55d0a24 Update tinycore mirrors
e564be1 Add efibootmgr
021fe13 Upgrade syslinux version
0064cae Convert versions for software builds to variables
a44f84a Use variables for syslinux in build-iso script
0916598 Add words on building image for other architecture
55aaf17 Drop python 2.7 support and testing
fc070c6 Fix IPA execution issues due to lack of entropy
e8c8a9f Update tinycore from 9.x to 10.x
86f9d22 Generate checksums for DIB images
Diffstat (except docs and test files)
-------------------------------------
.zuul.yaml | 31 +++++++++++------
.../environment.d/20-ipa-distro-family.bash | 6 ++++
.../60-ironic-python-agent-ramdisk-install | 13 +++++--
.../package-installs.yaml | 4 +++
dib/ironic-python-agent-ramdisk/pkg-map | 12 +++++--
.../notes/add-efibootmgr-d2a456de6b999612.yaml | 4 +++
.../notes/add-efivar-f83fdf2d797396dc.yaml | 4 +++
.../notes/add-ntpdate-3db2f8565fed761e.yaml | 7 ++++
releasenotes/notes/centos8-46a95956fd871c90.yaml | 11 ++++++
.../notes/drop-python2-534124afa50f62dd.yaml | 7 ++++
roles/ipa-build-dib-image/defaults/main.yaml | 4 ++-
roles/ipa-build-dib-image/tasks/install.yaml | 27 +++++++++++++++
roles/ipa-build-dib-image/tasks/main.yaml | 29 +++++++++++++++-
setup.cfg | 9 -----
setup.py | 9 -----
test-requirements.txt | 9 +++--
tinyipa/add-ssh-tinyipa.sh | 25 ++++++++------
tinyipa/build-iso.sh | 6 ++--
tinyipa/build-tinyipa.sh | 37 ++++++++++++++------
tinyipa/build_files/bootlocal.sh | 12 +++++--
tinyipa/build_files/buildreqs.lst | 6 ++--
tinyipa/build_files/fakeuname | 2 +-
tinyipa/build_files/finalreqs.lst | 15 +++++---
tinyipa/build_files/ntpdate | 6 ++++
tinyipa/finalise-tinyipa.sh | 12 +++++++
tinyipa/tc-mirror.sh | 20 ++++++-----
tox.ini | 13 +++----
29 files changed, 284 insertions(+), 97 deletions(-)
Requirements updates
--------------------
diff --git a/test-requirements.txt b/test-requirements.txt
index 02564e2..aa70f77 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -6,2 +6,2 @@
-hacking>=1.0.0,<1.2.0 # Apache-2.0
-flake8-import-order>=0.13 # LGPLv3
+hacking>=3.0,<3.1.0 # Apache-2.0
+flake8-import-order>=0.17.1 # LGPLv3
@@ -10,3 +10,2 @@ doc8>=0.6.0 # Apache-2.0
-sphinx!=1.6.6,!=1.6.7,>=1.6.2,<2.0.0;python_version=='2.7' # BSD
-sphinx!=1.6.6,!=1.6.7,!=2.1.0,>=1.6.2;python_version>='3.4' # BSD
-openstackdocstheme>=1.20.0 # Apache-2.0
+sphinx!=1.6.6,!=1.6.7,!=2.1.0,>=1.6.2 # BSD
+openstackdocstheme>=1.31.2 # Apache-2.0
1
0
Hello everyone,
A new release candidate for nova for the end of the Ussuri
cycle is available! You can find the source code tarball at:
https://tarballs.openstack.org/nova/
Unless release-critical issues are found that warrant a release
candidate respin, this candidate will be formally released as the
final Ussuri release. You are therefore strongly encouraged
to test and validate this tarball!
Alternatively, you can directly test the stable/ussuri release
branch at:
https://opendev.org/openstack/nova/src/branch/stable/ussuri
Release notes for nova can be found at:
https://docs.openstack.org/releasenotes/nova/
If you find an issue that could be considered release-critical, please
file it at:
https://bugs.launchpad.net/nova/+bugs
and tag it *ussuri-rc-potential* to bring it to the nova
release crew's attention.
1
0
We are overjoyed to announce the release of:
kolla-ansible 9.1.0: Ansible Deployment of Kolla containers
This release is part of the train stable release series.
The source is available from:
https://opendev.org/openstack/kolla-ansible
Download the package from:
https://tarballs.openstack.org/kolla-ansible/
Please report issues through:
https://bugs.launchpad.net/kolla-ansible/+bugs
For more details, please see below.
9.1.0
^^^^^
New Features
************
* Adds support for CentOS 8 as a host Operating System and base
container image. This is the only major version of CentOS supported
from the Ussuri release. The Train release supports both CentOS 7
and 8 hosts, and provides a route for migration.
* Add Object Storage service (Swift) support for Ironic.
* Adds a new variable, "openstack_tag", which is used as the default
Docker image tag in place of "openstack_release". The default value
is "openstack_release", with a suffix set via
"openstack_tag_suffix". The suffix is empty except on CentOS 8 where
it is set to "-centos8". This allows for the availability of images
based on CentOS 7 and 8.
Upgrade Notes
*************
* Some images are supported by CentOS 7 but lack suitable packages
in CentOS 8, and are not supported for CentOS 8. See Kolla release
notes for details.
* Adds a "rabbitmq_use_3_7_24_on_centos7" flag which can be set to
"true" to deploy the "rabbitmq-3.7.24" image on CentOS 7. The image
should be deployed via "kolla-ansible upgrade", and can be used to
provide a RabbitMQ cluster that is compatible with the CentOS 8
"rabbitmq" image.
* Support for the SCSI target daemon ("tgtd") has been removed for
CentOS/RHEL 8. The default value of "cinder_target_helper" is now
"lioadm" on CentOS/RHEL 8, but remains as "tgtadm" on other
platforms.
* The octavia user is no longer given the admin role in the admin
project. Octavia does not require this role and instead uses octavia
user with admin role in service project. During an upgrade the
octavia user is removed from the admin project. See bug 1873176 for
details.
Security Issues
***************
* Fixes leak of RabbitMQ password into Ansible logs. LP#1865840
Bug Fixes
*********
* Fix that the cyborg conductor failed to communicate with
placement. See bug 1873717.
* Fix that cyborg agent failed to start privsep daemon. Add
privileged capability for cyborg agent. See bug 1873715.
* Adds necessary "region_name" to "octavia.conf" when
"enable_barbican" is set to "true". LP#1867926
* Adds "/etc/timezone" to "Debian/Ubuntu" containers. LP#1821592
* Fixes an issue with Nova live migration not using
"migration_interface_address" even when TLS was not used. When
migrating an instance to a newly added compute host, if addressing
depended on "/etc/hosts" and it had not been updated on the source
compute host to include the new compute host, live migration would
fail. This did not affect DNS-based name resolution. Analogically,
Nova live migration would fail if the address in DNS/"/etc/hosts"
was not the same as "migration_interface_address" due to user
customization. LP#1729566
* Fix qemu loading of ceph.conf (permission error). LP#1861513
* Remove /run bind mounts in Neutron services causing dbus host-
level errors and add /run/netns for neutron-dhcp-agent and
neutron-l3-agent. LP#1861792
* Fixes an issue where old fluentd configuration files would persist
in the container across restarts despite being removed from the
"node_custom_config" directory. LP#1862211
* Use more permissive regex to remove the offending 127.0.1.1 line
from /etc/hosts. LP#1862739
* Each Prometheus mysqld exporter points now to its local mysqld
instance (MariaDB) instead of VIP address. LP#1863041
* Cinder Backup has now access to kernel modules to load e.g.
iscsi_tcp module. LP#1863094
* Makes RabbitMQ hostname address resolution precheck stronger by
requiring uniqueness of resolution to avoid later issues. LP#1863363
* Fix protocol used by "neutron-metadata-agent" to connect to Nova
metadata service. This possibly affected internal TLS setup. Fixes
LP#1864615
* Fixes haproxy role to avoid restarting haproxy service multiple
times in a single Ansible run. LP#1864810 LP#1875228
* Fixes an issue with deploying Grafana when using IPv6. LP#1866141
* Fixes elasticsearch deployment in IPv6 environments. LP#1866727
* Fixes failure to deploy telegraf with monitoring of zookeeper due
to wrong variable being referenced. LP#1867179
* Fixes "ceph" deployment reconfiguration error, when Gathering OSDs
step would fail due to Kolla-Ansible user not having access to
"/var/lib/ceph/osd/_FSID_/whoami". LP#1867946
* Fix missing glance_ca_certificates_file variable in glance.conf.
LP#1869133
* Add client ca_cert file in heat LP#1869137
* Fixes "designate-worker" not to use "etcd" as its coordination
backend because it is not supported by Designate (no group
membership support available via tooz). LP#1872205
* Fixes source-IP-based load balancing for Horizon when using the
"split" HAProxy service template.
* Fixes issue where HAProxy would have no backend servers in its
config files when using the "split" config template style.
* Manage nova scheduler workers through "openstack_service_workers"
variable. LP#1873753
* Remove the meta field of the Swift rings from the default
rsync_module template. Having it by default, undocumented, can lead
to unexpected behavior when the Swift documentation states that this
field is not processed.
* Fix elasticsearch schema in fluentd when
"kolla_enable_tls_internal" is true.
* Fixes an issue with HAProxy prechecks when scaling out using "--
limit" or "--serial". LP#1868986.
* Fixes an issue with the HAProxy monitor VIP precheck when some
instances of HAProxy are running and others are not. See bug
1866617.
* Fixes MariaDB issues in multinode scenarios which affected
deployment, reconfiguration, upgrade and Galera cluster resizing.
They were usually manifested by WSREP issues in various places and
could lead to need to recover the Galera cluster. Note these issues
were due to how MariaDB was handled during Kolla Ansible runs and
did not affect Galera cluster during normal operations unless
MariaDB was later touched by Kolla Ansible. Users wishing to run
actions on their Galera clusters using Kolla Ansible are strongly
advised to update. For details please see the following Launchpad
bug records: bug 1857908 and bug 1859145.
* Fixes an issue with Nova when deploying new compute hosts using
"-- limit". LP#1869371.
* Adapt Octavia to the latest dual CA certificate configuration. The
following files should exist in "/etc/kolla/config/octavia/":
* "client.cert-and-key.pem"
* "client_ca.cert.pem"
* "server_ca.cert.pem"
* "server_ca.key.pem"
See the Octavia documentation for details on generating these files.
* Since Openstack services can now be configured to use TLS enabled
REST endpoints, urls should be constructed using the {{
internal_protocol }} and {{ external_protocol }} configuration
parameters.
* Construct service REST API urls using "kolla_internal_fqdn"
instead of "kolla_internal_vip_address". Otherwise SSL validation
will fail when certificates are issued using domain names.
* Fixes an issue with the "kolla-ansible stop" command where it may
fail trying to stop non-existent containers. LP#1868596.
* Fixes gnocchi-api script name for Ubuntu/Debian binary
deployments. LP#1861688
* Fixes an issue where host configuration tasks ("sysctl", loading
kernel modules) could be performed during the "kolla-ansible
genconfig" command. See bug 1860161 for details.
* Fixes an issue where "openstack_release" was set to "master" by
default, resulting in containers tagged "master" being deployed. It
has been changed to "train". The same applies to
"kolla_source_version", which affects development mode. See bug
1866054 for details.
* Fixes an issue with port prechecks for the Placement service. See
bug 1861189 for details.
* Removes the "[http]/max-row-limit = 10000" setting from the
default InfluxDB configuration, which resulted in the CloudKitty v1
API returning only 10000 dataframes when using InfluxDB as a storage
backend. See bug 1862358 for details.
* Skydive's API and the web UI now rely on Keystone for
authentication. Only users in the Keystone project defined by
skydive_admin_tenant_name will be able to authenticate. See
*LP#1870903 <https://launchpad.net/bugs/1870903>* for more details.
* "masakari-monitor" will now use the internal API to reach
masakari- api. LP#1858431
* Switch endpoint_type from public to internal for octavia
communicating with the barbican service. See bug 1875618 for
details.
Changes in kolla-ansible 9.0.1..9.1.0
-------------------------------------
093c1f0a4 Separate per-service host configuration tasks
0604855b7 CentOS 8: CI: Add mixed CentOS 7 and 8 job
7c77b8e1f ironic: handle Swift object storage
92dcaa5d8 Adapt to Octavia Certificate Configuration Guide.
fbf561584 Make sure octavia uses internal endpoint to barbican
b3b315258 Remove redundant listen on haproxy handler
1c93d7b03 Manage nova scheduler workers count
49c8efb6f CentOS 8: add flag to deploy rabbitmq-3.7.24 on CentOS 7
e2fd04843 Fix haproxy restarting twice per Ansible run
bcda40752 [octavia] Adds region_name if enable_barbican
e2a383494 Avoid multiple haproxy restarts after reconfiguration
07c89ac47 Remove octavia user from admin project
7878ba44a Fix nova cell message queue URL with separate notification queue
8c7afb73b Fix Designate not to use etcd coordination backend
3fe1102e0 Be less confusing about custom Docker registry
9af4d1e1b Fix telegraf with zookeeper (wrong port variable reference)
e7e7113a2 nova: Add debug logging to libvirtd.conf
44c0115d2 [skydive] fix: Use Keystone backend to authenticate API users
575e0dc13 Add docs and release note for CentOS 8
8b68afa3d CI: Fix deploy guide jobs
d574cc6c6 CI: Ignore zuul.d
92b81eefe Fix that cyborg agent failed to start privsep daemon.
b618fb312 Fix that cyborg conductor failed to communicate with placement
3057c7d33 Fix service_mapped_to_host filter for common services
5ac8d6224 Fix nova compute addition with limit
b18d3b5bc [horizon] Move 'balance' HAProxy keyword
e3cd5a018 [haproxy-config] Fix missing servers in split cfg
fab7b08b5 Fix kolla_source_version value
037846735 Fix live migration to use migration int. address
5d313cf16 CI: Test ironic on nova-cell change
37ffbe164 Introduce /etc/timezone to Debian/Ubuntu containers
1927ba28e Fix ovs fw driver for the other ovs agent
88c4f98f0 CI: Bump dashboard access timeout to 1000s
05062a0d4 kolla-toolbox container name variable
79747c4d8 Fix HAProxy prechecks during scale-out with limit
ac66987a6 Add glance_ca_certificates_file when using self sign cert in glance
6e8717b01 Add clients ca_file in heat
8e741e447 mariadb container name variable
091fcac5a Fix kolla-ansible stop with heterogeneous hosts
8f5667810 Fix service_mapped_to_host filter
d2efead12 CI: CentOS 8: Enable Masakari job and periodics
bb3261822 ceph: Add become to gathering OSD IDs on reconfigure
5ea84fcfe CI: install tox
f80a10435 Make Fluentd config folders readable
626232fa4 Fix native openvswitch firewall driver in neutron-openvswitch-agent
ec5f1b2a9 CI: Don't fail on expected critical log messages
6c7af208a Use proper es schema in fluentd when use internal tls
9b2d31809 Construct service REST API urls using configured protocol
cba2d318f Construct service configuration urls using kolla_internal_fqdn
ef5488703 Use internal API for masakari-monitor
31e8e2deb Swift: remove meta field from rsync command
57440edf8 CI: Reduce unnecessary gate image builds
fa16b8548 Fix HAProxy monitor VIP precheck
786e5bb56 support ipv6 for grafana.ini.j2
3982d8d54 Delete stale fluent config on restart
95c165635 Fix elasticsearch configuration in ipv6 environments
706fc5f68 Fix renos
a14ee51c8 Fix RabbitMQ hostname address resolution precheck
c61d0af87 Set openstack_release and kolla_source_version to train
250d7667a Use listen port for Placement precheck
071033fd4 service-rabbitmq: do not log password (use no_log)
349febd88 Use InfluxDB default [http]/max-row-limit setting
aea4b7cc0 Fix Prometheus mysqld exporter pointing to VIP address
6cd2077cc CI: build swift images for swift scenario
9f9e1efa8 Add /run/netns bindmount to Neutron containers
4e0106f54 Fix client TLS in neutron-metadata-agent
21fa358ce CentOS 8: Add deploy jobs in CI
ea4bca0c8 Fixes gnocchi-api script name for Ubuntu/Debian
87a5063bd Use more permissive regex to remove the offending 127.0.1.1
6401c3b40 CI: Use upper constraints when installing clients
d8ff468bc Python 3: Use distro_python_version for WSGI python_path
63a37b208 CI: Use python 3 for local kolla-ansible execution
08039b02d CI: Move ansible installation & configuration to Ansible
9f412d878 Use local python interpreter for keystone cron generator
3b38c53d5 Remove unused python path calculation from vmtp
41287fcbf Python 3: Use distro_python_version for monasca agent CA file
a86b46539 Support python 3 in kolla-ansible script
1176804bd Add python3-dev[el] to bindep.txt
ee19e8f06 Allow to override external network params in init-runonce
8c43d0c95 CentOS 8: Deploy CentOS 8 containers
2733a6db1 CentOS 8: Support variable image tag suffix
9770e596d Configure Cinder to use lioadm on CentOS/RHEL 8
c4ad080d9 Change /run bind mount for neutron/openvswitch
26d8fbcb6 Fix Cinder Backup access to kernel modules (iscsi_tcp issue)
e00053fee Ironic: fix documentation
7d70b5263 Docs: fix cells upgrade guide
64051bbbd CI: Replace cinder-lvm scenario with zun scenario
241aaac4b CI: Test Zun with Cinder LVM backend (iSCSI)
210ad95a0 Python 3: Use distro_python_version for dev mode
8acf5c132 Fix multiple issues with MariaDB handling
e2c600d9a Fix qemu loading of ceph.conf (permission error)
85c3e4b36 CI: Add ceph-ansible related files to ignores in check-config.sh
Diffstat (except docs and test files)
-------------------------------------
ansible/group_vars/all.yml | 18 +-
ansible/roles/aodh/defaults/main.yml | 14 +-
ansible/roles/aodh/templates/wsgi-aodh.conf.j2 | 2 +-
ansible/roles/barbican/defaults/main.yml | 11 +-
ansible/roles/baremetal/defaults/main.yml | 23 ++-
ansible/roles/baremetal/tasks/install.yml | 21 +-
ansible/roles/baremetal/tasks/pre-install.yml | 34 ++--
ansible/roles/bifrost/defaults/main.yml | 2 +-
ansible/roles/blazar/defaults/main.yml | 8 +-
ansible/roles/ceilometer/defaults/main.yml | 14 +-
ansible/roles/ceph/defaults/main.yml | 2 +-
ansible/roles/ceph/tasks/reconfigure.yml | 1 +
ansible/roles/chrony/defaults/main.yml | 3 +-
ansible/roles/cinder/defaults/main.yml | 15 +-
ansible/roles/cinder/templates/cinder-wsgi.conf.j2 | 2 +-
ansible/roles/cinder/templates/cinder.conf.j2 | 1 +
ansible/roles/cloudkitty/defaults/main.yml | 8 +-
.../cloudkitty/templates/wsgi-cloudkitty.conf.j2 | 2 +-
ansible/roles/collectd/defaults/main.yml | 3 +-
ansible/roles/common/defaults/main.yml | 10 +-
ansible/roles/common/handlers/main.yml | 2 +-
ansible/roles/common/templates/fluentd.json.j2 | 31 ++-
ansible/roles/congress/defaults/main.yml | 11 +-
ansible/roles/cyborg/defaults/main.yml | 6 +-
ansible/roles/cyborg/handlers/main.yml | 3 +
ansible/roles/cyborg/tasks/check-containers.yml | 1 +
ansible/roles/cyborg/templates/cyborg.conf.j2 | 12 ++
ansible/roles/designate/defaults/main.yml | 21 +-
.../roles/designate/templates/designate.conf.j2 | 10 +-
ansible/roles/elasticsearch/defaults/main.yml | 3 +-
ansible/roles/elasticsearch/tasks/config-host.yml | 12 ++
ansible/roles/elasticsearch/tasks/config.yml | 9 -
ansible/roles/elasticsearch/tasks/deploy.yml | 2 +
ansible/roles/elasticsearch/tasks/upgrade.yml | 6 +-
.../elasticsearch/templates/elasticsearch.yml.j2 | 6 +-
ansible/roles/etcd/defaults/main.yml | 3 +-
ansible/roles/freezer/defaults/main.yml | 8 +-
.../freezer/templates/wsgi-freezer-api.conf.j2 | 2 +-
ansible/roles/glance/defaults/main.yml | 5 +-
ansible/roles/gnocchi/defaults/main.yml | 5 +-
.../roles/gnocchi/templates/wsgi-gnocchi.conf.j2 | 6 +-
ansible/roles/grafana/defaults/main.yml | 7 +-
ansible/roles/grafana/tasks/post_config.yml | 6 +-
ansible/roles/grafana/templates/grafana.ini.j2 | 2 +-
ansible/roles/grafana/templates/prometheus.yaml.j2 | 2 +-
ansible/roles/haproxy-config/handlers/main.yml | 17 --
.../templates/haproxy_single_service_split.cfg.j2 | 2 +-
ansible/roles/haproxy/defaults/main.yml | 6 +-
ansible/roles/haproxy/tasks/config-host.yml | 20 ++
ansible/roles/haproxy/tasks/config.yml | 17 --
ansible/roles/haproxy/tasks/deploy.yml | 8 +-
ansible/roles/haproxy/tasks/precheck.yml | 200 ++++++++-----------
ansible/roles/haproxy/tasks/upgrade.yml | 8 +-
ansible/roles/haproxy/templates/haproxy_run.sh.j2 | 3 +-
ansible/roles/heat/defaults/main.yml | 11 +-
ansible/roles/heat/templates/heat.conf.j2 | 1 +
ansible/roles/horizon/defaults/main.yml | 13 +-
ansible/roles/influxdb/defaults/main.yml | 3 +-
ansible/roles/influxdb/templates/influxdb.conf.j2 | 1 -
ansible/roles/ironic/defaults/main.yml | 14 +-
ansible/roles/ironic/tasks/config-host.yml | 8 +
ansible/roles/ironic/tasks/config.yml | 7 -
ansible/roles/ironic/tasks/deploy.yml | 2 +
ansible/roles/ironic/tasks/legacy_upgrade.yml | 2 +
ansible/roles/ironic/tasks/rolling_upgrade.yml | 2 +
ansible/roles/ironic/templates/inspector.ipxe.j2 | 2 +-
ansible/roles/ironic/templates/ironic.conf.j2 | 13 ++
ansible/roles/ironic/templates/pxelinux.default.j2 | 2 +-
ansible/roles/iscsi/defaults/main.yml | 4 +-
ansible/roles/iscsi/tasks/config-host.yml | 10 +
ansible/roles/iscsi/tasks/config.yml | 10 -
ansible/roles/iscsi/tasks/deploy.yml | 2 +
ansible/roles/iscsi/tasks/precheck.yml | 9 +
ansible/roles/kafka/defaults/main.yml | 3 +-
ansible/roles/karbor/defaults/main.yml | 5 +-
ansible/roles/keystone/defaults/main.yml | 7 +-
ansible/roles/keystone/tasks/config.yml | 2 +-
.../roles/keystone/templates/wsgi-keystone.conf.j2 | 2 +-
ansible/roles/kibana/defaults/main.yml | 3 +-
ansible/roles/kibana/tasks/post_config.yml | 10 +-
ansible/roles/kibana/templates/kibana.yml.j2 | 2 +-
ansible/roles/kuryr/defaults/main.yml | 7 +-
ansible/roles/magnum/defaults/main.yml | 8 +-
ansible/roles/manila/defaults/main.yml | 14 +-
ansible/roles/mariadb/defaults/main.yml | 5 +-
ansible/roles/mariadb/handlers/main.yml | 218 ++++-----------------
ansible/roles/mariadb/tasks/bootstrap.yml | 6 +-
ansible/roles/mariadb/tasks/check.yml | 2 +-
ansible/roles/mariadb/tasks/deploy-containers.yml | 7 +-
ansible/roles/mariadb/tasks/lookup_cluster.yml | 89 ++++++---
ansible/roles/mariadb/tasks/recover_cluster.yml | 6 +-
ansible/roles/mariadb/tasks/register.yml | 19 --
ansible/roles/mariadb/tasks/restart_services.yml | 46 +++++
ansible/roles/mariadb/tasks/upgrade.yml | 64 ++++++
ansible/roles/masakari/defaults/main.yml | 11 +-
.../masakari/templates/masakari-monitors.conf.j2 | 1 +
.../roles/masakari/templates/wsgi-masakari.conf.j2 | 2 +-
ansible/roles/memcached/defaults/main.yml | 3 +-
ansible/roles/mistral/defaults/main.yml | 14 +-
ansible/roles/monasca/defaults/main.yml | 16 +-
ansible/roles/monasca/tasks/post_config.yml | 14 +-
.../monasca-agent-forwarder/agent-forwarder.yml.j2 | 2 +-
.../monasca/templates/monasca-api/wsgi-api.conf.j2 | 2 +-
.../templates/monasca-log-api/wsgi-log-api.conf.j2 | 2 +-
ansible/roles/mongodb/defaults/main.yml | 3 +-
ansible/roles/multipathd/defaults/main.yml | 3 +-
ansible/roles/multipathd/tasks/config-host.yml | 7 +
ansible/roles/multipathd/tasks/config.yml | 7 -
ansible/roles/multipathd/tasks/deploy.yml | 2 +
ansible/roles/multipathd/tasks/upgrade.yml | 2 +
ansible/roles/murano/defaults/main.yml | 8 +-
ansible/roles/neutron/defaults/main.yml | 46 +++--
ansible/roles/neutron/tasks/config-host.yml | 30 +++
ansible/roles/neutron/tasks/config.yml | 27 ---
ansible/roles/neutron/tasks/deploy.yml | 2 +
ansible/roles/neutron/tasks/legacy_upgrade.yml | 2 +
ansible/roles/neutron/tasks/rolling_upgrade.yml | 2 +
.../roles/neutron/templates/metadata_agent.ini.j2 | 2 +-
ansible/roles/nova-cell/defaults/main.yml | 29 ++-
ansible/roles/nova-cell/tasks/config-host.yml | 15 ++
ansible/roles/nova-cell/tasks/config.yml | 12 --
ansible/roles/nova-cell/tasks/create_cells.yml | 4 +-
ansible/roles/nova-cell/tasks/deploy.yml | 22 ++-
.../roles/nova-cell/tasks/discover_computes.yml | 25 ++-
.../roles/nova-cell/tasks/get_cell_settings.yml | 2 -
ansible/roles/nova-cell/tasks/rolling_upgrade.yml | 3 +
ansible/roles/nova-cell/templates/libvirtd.conf.j2 | 5 +
.../roles/nova-cell/templates/nova-libvirt.json.j2 | 2 +-
.../templates/nova.conf.d/libvirt.conf.j2 | 6 +-
ansible/roles/nova/defaults/main.yml | 14 +-
ansible/roles/nova/templates/nova.conf.j2 | 1 +
ansible/roles/octavia/defaults/main.yml | 6 +-
ansible/roles/octavia/tasks/config.yml | 21 +-
ansible/roles/octavia/tasks/precheck.yml | 14 +-
ansible/roles/octavia/tasks/register.yml | 13 --
ansible/roles/octavia/tasks/upgrade.yml | 15 ++
.../templates/octavia-health-manager.json.j2 | 18 +-
.../octavia/templates/octavia-housekeeping.json.j2 | 18 +-
.../roles/octavia/templates/octavia-worker.json.j2 | 18 +-
ansible/roles/octavia/templates/octavia.conf.j2 | 13 +-
ansible/roles/opendaylight/tasks/config-host.yml | 12 ++
ansible/roles/opendaylight/tasks/config.yml | 12 --
ansible/roles/opendaylight/tasks/deploy.yml | 2 +
ansible/roles/opendaylight/tasks/upgrade.yml | 2 +
ansible/roles/openvswitch/defaults/main.yml | 8 +-
ansible/roles/openvswitch/tasks/config-host.yml | 7 +
ansible/roles/openvswitch/tasks/config.yml | 7 -
ansible/roles/openvswitch/tasks/deploy.yml | 2 +
ansible/roles/openvswitch/tasks/upgrade.yml | 2 +
ansible/roles/ovs-dpdk/defaults/main.yml | 8 +-
ansible/roles/panko/defaults/main.yml | 3 +-
ansible/roles/panko/templates/wsgi-panko.conf.j2 | 2 +-
ansible/roles/placement/defaults/main.yml | 5 +-
ansible/roles/placement/tasks/precheck.yml | 2 +-
.../placement/templates/placement-api-wsgi.conf.j2 | 2 +-
ansible/roles/prechecks/tasks/datetime_checks.yml | 26 +++
ansible/roles/prechecks/tasks/main.yml | 2 +
ansible/roles/prometheus/defaults/main.yml | 14 +-
ansible/roles/prometheus/templates/my.cnf.j2 | 4 +-
ansible/roles/qdrouterd/defaults/main.yml | 3 +-
ansible/roles/qinling/defaults/main.yml | 8 +-
.../roles/qinling/templates/wsgi-qinling.conf.j2 | 2 +-
ansible/roles/rabbitmq/defaults/main.yml | 9 +-
ansible/roles/rabbitmq/tasks/precheck.yml | 20 +-
ansible/roles/rally/defaults/main.yml | 3 +-
ansible/roles/redis/defaults/main.yml | 6 +-
ansible/roles/sahara/defaults/main.yml | 8 +-
ansible/roles/searchlight/defaults/main.yml | 4 +-
ansible/roles/senlin/defaults/main.yml | 8 +-
ansible/roles/service-rabbitmq/tasks/main.yml | 1 +
ansible/roles/service-stop/tasks/main.yml | 3 +-
ansible/roles/skydive/defaults/main.yml | 7 +-
.../skydive/templates/skydive-analyzer.conf.j2 | 9 +-
ansible/roles/solum/defaults/main.yml | 14 +-
ansible/roles/storm/defaults/main.yml | 4 +-
ansible/roles/swift/defaults/main.yml | 2 +-
ansible/roles/swift/templates/account.conf.j2 | 2 +-
ansible/roles/swift/templates/container.conf.j2 | 2 +-
ansible/roles/swift/templates/object.conf.j2 | 2 +-
ansible/roles/tacker/defaults/main.yml | 8 +-
ansible/roles/telegraf/defaults/main.yml | 3 +-
ansible/roles/telegraf/templates/telegraf.conf.j2 | 2 +-
ansible/roles/tempest/defaults/main.yml | 3 +-
ansible/roles/trove/defaults/main.yml | 11 +-
ansible/roles/vitrage/defaults/main.yml | 14 +-
.../roles/vitrage/templates/wsgi-vitrage.conf.j2 | 2 +-
ansible/roles/vmtp/defaults/main.yml | 3 +-
ansible/roles/vmtp/tasks/config.yml | 10 -
ansible/roles/watcher/defaults/main.yml | 11 +-
ansible/roles/zookeeper/defaults/main.yml | 3 +-
ansible/roles/zun/defaults/main.yml | 11 +-
ansible/roles/zun/templates/wsgi-zun.conf.j2 | 2 +-
bindep.txt | 4 +-
.../reference/networking/designate-guide.rst | 9 +-
etc/kolla/globals.yml | 28 ++-
kolla_ansible/filters.py | 2 +-
...uth-into-cyborg-conductor-54b452e218bfb9ab.yaml | 5 +
...apability-to-cyborg-agent-14db36a5818847d1.yaml | 6 +
...d-region-name-for-octavia-292594e29ef36bf2.yaml | 6 +
.../notes/adds-etc-timezone-9708f538c3c2cb5e.yaml | 5 +
.../notes/bug-1729566-8b77402fd8236962.yaml | 13 ++
.../notes/bug-1861513-8e09a6fb42dfc99c.yaml | 5 +
.../notes/bug-1861792-a44a31693b0c786f.yaml | 6 +
.../notes/bug-1862211-1c44c4a16963baad.yaml | 7 +
.../notes/bug-1862739-05246e7599375800.yaml | 7 +
.../notes/bug-1863041-30d87a768339251b.yaml | 6 +
.../notes/bug-1863094-1564f489a7eecb28.yaml | 6 +
.../notes/bug-1863363-eb5d0ddd0d0d1090.yaml | 6 +
.../notes/bug-1864615-84b4b58ea57ecfe9.yaml | 6 +
.../notes/bug-1864810-5a5d0f91c0171b19.yaml | 7 +
.../notes/bug-1865840-0eaf86121988a0d8.yaml | 5 +
.../notes/bug-1866141-dc4bfaa2f7c31198.yaml | 5 +
.../notes/bug-1866727-731e51e9bdef7f6b.yaml | 5 +
.../notes/bug-1867179-9e31460ba53757d4.yaml | 6 +
.../notes/bug-1867946-53c214be2b2482f1.yaml | 7 +
.../notes/bug-1869133-e8f086c533ebbc41.yaml | 5 +
.../notes/bug-1869137-d3de4debf827e1d2.yaml | 5 +
.../notes/bug-1872205-2eb7e57e0a334fb7.yaml | 7 +
.../notes/bug-1872540-0e9bed299f657b25.yaml | 5 +
.../notes/bug-1872545-52f00bd340a800c2.yaml | 5 +
.../notes/bug-1873753-73fe82e70559f928.yaml | 5 +
releasenotes/notes/centos-8-ee2e13a2ecd64b1d.yaml | 12 ++
.../centos7-rabbitmq-3.7.24-32c2814a1763cda1.yaml | 7 +
.../notes/centos8-cinder-lio-3fb17ce5c88abbf1.yaml | 6 +
...aut-rsync-module-template-7c891efbe79a96a9.yaml | 7 +
...csearch-schema-in-fluentd-32401e37e42c1b4c.yaml | 5 +
...ix-haproxy-limit-precheck-c56b3ac2331867ee.yaml | 6 +
...-haproxy-monitor-precheck-487b85f4e93313b1.yaml | 6 +
...x-multiple-mariadb-issues-d023478df6d76622.yaml | 17 ++
...ix-nova-compute-scale-out-ae5245449cff216d.yaml | 6 +
.../fix-octavia-cert-config-28f0ef2799406957.yaml | 14 ++
.../fix-rest-url-protocol-07db2f6ffe02f9b3.yaml | 6 +
.../notes/fix-rest-urls-fqdn-a555e8299fe34efb.yaml | 6 +
releasenotes/notes/fix-stop-602430003e8b3c42.yaml | 6 +
...fixes-gnocchi-script-name-e4715e3b9fc5b021.yaml | 5 +
.../notes/ironic-swift-f5ee8ee54ebcde08.yaml | 3 +
...-host-config-in-genconfig-7321f0dcfc9d728d.yaml | 7 +
.../openstack-release-train-49464568d8b57812.yaml | 8 +
.../notes/openstack-tag-bfe4e862ade8549b.yaml | 8 +
.../placement-listen-port-ebbd6aa61aa551da.yaml | 5 +
...hen-alertmanager-disabled-0090c1570ff4e632.yaml | 8 +-
...ve-influxdb-max-row-limit-f814a310aa6bf6ab.yaml | 8 +
...r-in-admin-project-action-95c87ca45a1188d6.yaml | 9 +
.../skydive-keystone-auth-0fe96463b27dd914.yaml | 6 +
...-api-for-masakari-monitor-9ba03166ff375601.yaml | 7 +
...t-for-barbican-in-octavia-0bcdcf91a8adc95c.yaml | 7 +
tools/init-runonce | 6 +-
tools/kolla-ansible | 16 +-
tools/setup_gate.sh | 75 +++----
tox.ini | 2 -
zuul.d/base.yaml | 8 +-
zuul.d/deploy-guide.yaml | 17 ++
zuul.d/jobs.yaml | 218 +++++++++++++++++++--
zuul.d/nodesets.yaml | 34 ++++
zuul.d/project.yaml | 49 +++--
270 files changed, 2134 insertions(+), 1042 deletions(-)
1
0
We are thrilled to announce the release of:
kolla-ansible 8.1.1: Ansible Deployment of Kolla containers
This release is part of the stein stable release series.
The source is available from:
https://opendev.org/openstack/kolla-ansible
Download the package from:
https://tarballs.openstack.org/kolla-ansible/
Please report issues through:
https://bugs.launchpad.net/kolla-ansible/+bugs
For more details, please see below.
8.1.1
^^^^^
Upgrade Notes
*************
* The octavia user is no longer given the admin role in the admin
project. Octavia does not require this role and instead uses octavia
user with admin role in service project. During an upgrade the
octavia user is removed from the admin project. See bug 1873176 for
details.
Bug Fixes
*********
* Adds necessary "region_name" to "octavia.conf" when
"enable_barbican" is set to "true". LP#1867926
* Adds "/etc/timezone" to "Debian/Ubuntu" containers. LP#1821592
* Fixes an issue with Nova live migration not using
"migration_interface_address" even when TLS was not used. When
migrating an instance to a newly added compute host, if addressing
depended on "/etc/hosts" and it had not been updated on the source
compute host to include the new compute host, live migration would
fail. This did not affect DNS-based name resolution. Analogically,
Nova live migration would fail if the address in DNS/"/etc/hosts"
was not the same as "migration_interface_address" due to user
customization. LP#1729566
* Fix qemu loading of ceph.conf (permission error). LP#1861513
* Remove /run bind mounts in Neutron services causing dbus host-
level errors and add /run/netns for neutron-dhcp-agent and
neutron-l3-agent. LP#1861792
* Fixes an issue where old fluentd configuration files would persist
in the container across restarts despite being removed from the
"node_custom_config" directory. LP#1862211
* Use more permissive regex to remove the offending 127.0.1.1 line
from /etc/hosts. LP#1862739
* Each Prometheus mysqld exporter points now to its local mysqld
instance (MariaDB) instead of VIP address. LP#1863041
* Cinder Backup has now access to kernel modules to load e.g.
iscsi_tcp module. LP#1863094
* Makes RabbitMQ hostname address resolution precheck stronger by
requiring uniqueness of resolution to avoid later issues. LP#1863363
* Fixes haproxy role to avoid restarting haproxy service multiple
times in a single Ansible run. LP#1864810 LP#1875228
* Fixes failure to deploy telegraf with monitoring of zookeeper due
to wrong variable being referenced. LP#1867179
* Fixes "ceph" deployment reconfiguration error, when Gathering OSDs
step would fail due to Kolla-Ansible user not having access to
"/var/lib/ceph/osd/_FSID_/whoami". LP#1867946
* Fixes "designate-worker" not to use "etcd" as its coordination
backend because it is not supported by Designate (no group
membership support available via tooz). LP#1872205
* Fixes source-IP-based load balancing for Horizon when using the
"split" HAProxy service template.
* Fixes issue where HAProxy would have no backend servers in its
config files when using the "split" config template style.
* Manage nova scheduler workers through "openstack_service_workers"
variable. LP#1873753
* Remove the meta field of the Swift rings from the default
rsync_module template. Having it by default, undocumented, can lead
to unexpected behavior when the Swift documentation states that this
field is not processed.
* Fixes an issue with HAProxy prechecks when scaling out using "--
limit" or "--serial". LP#1868986.
* Fixes an issue with the HAProxy monitor VIP precheck when some
instances of HAProxy are running and others are not. See bug
1866617.
* Fixes gnocchi-api script name for Ubuntu/Debian binary
deployments. LP#1861688
* Fixes an issue with port prechecks for the Placement service. See
bug 1861189 for details.
* Removes the "[http]/max-row-limit = 10000" setting from the
default InfluxDB configuration, which resulted in the CloudKitty v1
API returning only 10000 dataframes when using InfluxDB as a storage
backend. See bug 1862358 for details.
* Skydive's API and the web UI now rely on Keystone for
authentication. Only users in the Keystone project defined by
skydive_admin_tenant_name will be able to authenticate. See
*LP#1870903 <https://launchpad.net/bugs/1870903>* for more details.
* Switch endpoint_type from public to internal for octavia
communicating with the barbican service. See bug 1875618 for
details.
Changes in kolla-ansible 8.1.0..8.1.1
-------------------------------------
a5975ebe2 Make sure octavia uses internal endpoint to barbican
72cd552d7 Remove redundant listen on haproxy handler
4b70bb52e Manage nova scheduler workers count
5f563ed49 Fix haproxy restarting twice per Ansible run
967b3be71 [octavia] Adds region_name if enable_barbican
ca39a9c27 Avoid multiple haproxy restarts after reconfiguration
4df065224 Remove octavia user from admin project
66a2f4935 Fix Designate not to use etcd coordination backend
85c178fc1 Be less confusing about custom Docker registry
0f99f5aa0 Fix telegraf with zookeeper (wrong port variable reference)
d576249f3 Introduce /etc/timezone to Debian/Ubuntu containers
06db02b4b CI: Fix Ironic and Zun scenarios testing
31f09efd1 [skydive] fix: Use Keystone backend to authenticate API users
6450daba0 [horizon] Move 'balance' HAProxy keyword
9f944d4bd [haproxy-config] Fix missing servers in split cfg
4f4c005fa Fix kolla_source_version value
f174ec063 Fix live migration to use migration int. address
aa7b6c355 CI: Use upper constraints to install clients
5da311c69 Fix ovs fw driver for the other ovs agent
2e514a8cf Fix HAProxy prechecks during scale-out with limit
2b04e7111 mariadb container name variable
d4eedf4f9 ceph: Add become to gathering OSD IDs on reconfigure
89e875fb6 Ironic: fix documentation
47915af85 CI: install tox
06fbffe44 Combined fluentd fixes
3eb908272 Fix native openvswitch firewall driver in neutron-openvswitch-agent
79b4d9ede Swift: remove meta field from rsync command
426b7f4b2 Fix HAProxy monitor VIP precheck
6c91da630 Fix renos
ccbba57df Fix Prometheus mysqld exporter pointing to VIP address
3003cb4a1 Fix RabbitMQ hostname address resolution precheck
07c0b83bb CI: Pin pyfakefs to <4 for Python 2
55a346993 Fixes gnocchi-api script name for Ubuntu/Debian
623eb220a Use listen port for Placement precheck
b47bd864e Use InfluxDB default [http]/max-row-limit setting
710af675d Add /run/netns bindmount to Neutron containers
ac158d19f Use more permissive regex to remove the offending 127.0.1.1
8be74eb8c Change /run bind mount for neutron/openvswitch
52302eb53 Fix Cinder Backup access to kernel modules (iscsi_tcp issue)
41f937b5d Haproxy: fix haproxy_cmd for Debian
6c950d842 Fix qemu loading of ceph.conf (permission error)
Diffstat (except docs and test files)
-------------------------------------
ansible/group_vars/all.yml | 6 +-
ansible/roles/aodh/defaults/main.yml | 4 +
ansible/roles/barbican/defaults/main.yml | 3 +
ansible/roles/baremetal/tasks/pre-install.yml | 12 +-
ansible/roles/blazar/defaults/main.yml | 2 +
ansible/roles/ceilometer/defaults/main.yml | 4 +
ansible/roles/ceph/tasks/reconfigure.yml | 1 +
ansible/roles/chrony/defaults/main.yml | 1 +
ansible/roles/cinder/defaults/main.yml | 5 +
ansible/roles/cloudkitty/defaults/main.yml | 2 +
ansible/roles/collectd/defaults/main.yml | 1 +
ansible/roles/common/defaults/main.yml | 3 +
ansible/roles/common/templates/fluentd.json.j2 | 32 +++-
ansible/roles/congress/defaults/main.yml | 3 +
ansible/roles/cyborg/defaults/main.yml | 3 +
ansible/roles/designate/defaults/main.yml | 7 +
.../roles/designate/templates/designate.conf.j2 | 10 +-
ansible/roles/elasticsearch/defaults/main.yml | 1 +
ansible/roles/etcd/defaults/main.yml | 1 +
ansible/roles/freezer/defaults/main.yml | 2 +
ansible/roles/glance/defaults/main.yml | 1 +
ansible/roles/gnocchi/defaults/main.yml | 3 +
.../roles/gnocchi/templates/wsgi-gnocchi.conf.j2 | 4 -
ansible/roles/grafana/defaults/main.yml | 1 +
ansible/roles/haproxy-config/handlers/main.yml | 17 --
.../templates/haproxy_single_service_split.cfg.j2 | 2 +-
ansible/roles/haproxy/defaults/main.yml | 2 +
ansible/roles/haproxy/tasks/deploy.yml | 6 +-
ansible/roles/haproxy/tasks/precheck.yml | 196 ++++++++-------------
ansible/roles/haproxy/tasks/upgrade.yml | 13 +-
ansible/roles/haproxy/templates/haproxy_run.sh.j2 | 2 +-
ansible/roles/heat/defaults/main.yml | 3 +
ansible/roles/horizon/defaults/main.yml | 5 +-
ansible/roles/influxdb/defaults/main.yml | 1 +
ansible/roles/influxdb/templates/influxdb.conf.j2 | 1 -
ansible/roles/ironic/defaults/main.yml | 6 +
ansible/roles/iscsi/defaults/main.yml | 2 +
ansible/roles/kafka/defaults/main.yml | 1 +
ansible/roles/karbor/defaults/main.yml | 3 +
ansible/roles/keystone/defaults/main.yml | 3 +
ansible/roles/kibana/defaults/main.yml | 1 +
ansible/roles/kuryr/defaults/main.yml | 1 +
ansible/roles/magnum/defaults/main.yml | 2 +
ansible/roles/manila/defaults/main.yml | 4 +
ansible/roles/mariadb/defaults/main.yml | 1 +
ansible/roles/mariadb/tasks/check.yml | 2 +-
ansible/roles/mariadb/tasks/recover_cluster.yml | 2 +-
ansible/roles/memcached/defaults/main.yml | 1 +
ansible/roles/mistral/defaults/main.yml | 4 +
ansible/roles/monasca/defaults/main.yml | 12 ++
ansible/roles/mongodb/defaults/main.yml | 1 +
ansible/roles/multipathd/defaults/main.yml | 1 +
ansible/roles/murano/defaults/main.yml | 2 +
ansible/roles/neutron/defaults/main.yml | 29 +--
ansible/roles/nova/defaults/main.yml | 11 ++
ansible/roles/nova/templates/nova-libvirt.json.j2 | 2 +-
.../nova/templates/nova.conf.d/libvirt.conf.j2 | 1 +
ansible/roles/nova/templates/nova.conf.j2 | 1 +
ansible/roles/octavia/defaults/main.yml | 4 +
ansible/roles/octavia/tasks/register.yml | 12 --
ansible/roles/octavia/tasks/upgrade.yml | 14 ++
ansible/roles/octavia/templates/octavia.conf.j2 | 4 +
ansible/roles/opendaylight/defaults/main.yml | 1 +
ansible/roles/openvswitch/defaults/main.yml | 6 +-
ansible/roles/ovs-dpdk/defaults/main.yml | 6 +-
ansible/roles/panko/defaults/main.yml | 1 +
ansible/roles/placement/defaults/main.yml | 1 +
ansible/roles/placement/tasks/precheck.yml | 2 +-
ansible/roles/prechecks/tasks/datetime_checks.yml | 26 +++
ansible/roles/prechecks/tasks/main.yml | 2 +
ansible/roles/prometheus/defaults/main.yml | 9 +
ansible/roles/prometheus/templates/my.cnf.j2 | 4 +-
ansible/roles/qdrouterd/defaults/main.yml | 1 +
ansible/roles/rabbitmq/defaults/main.yml | 1 +
ansible/roles/rabbitmq/tasks/precheck.yml | 20 ++-
ansible/roles/rally/defaults/main.yml | 1 +
ansible/roles/redis/defaults/main.yml | 2 +
ansible/roles/sahara/defaults/main.yml | 2 +
ansible/roles/searchlight/defaults/main.yml | 2 +
ansible/roles/senlin/defaults/main.yml | 2 +
ansible/roles/skydive/defaults/main.yml | 3 +
.../skydive/templates/skydive-analyzer.conf.j2 | 9 +-
ansible/roles/solum/defaults/main.yml | 4 +
ansible/roles/storm/defaults/main.yml | 2 +
ansible/roles/swift/templates/account.conf.j2 | 2 +-
ansible/roles/swift/templates/container.conf.j2 | 2 +-
ansible/roles/swift/templates/object.conf.j2 | 2 +-
ansible/roles/tacker/defaults/main.yml | 2 +
ansible/roles/telegraf/defaults/main.yml | 1 +
ansible/roles/telegraf/templates/telegraf.conf.j2 | 2 +-
ansible/roles/tempest/defaults/main.yml | 1 +
ansible/roles/trove/defaults/main.yml | 3 +
ansible/roles/vitrage/defaults/main.yml | 4 +
ansible/roles/vmtp/defaults/main.yml | 1 +
ansible/roles/watcher/defaults/main.yml | 3 +
ansible/roles/zookeeper/defaults/main.yml | 1 +
ansible/roles/zun/defaults/main.yml | 3 +
.../reference/networking/designate-guide.rst | 9 +-
etc/kolla/globals.yml | 19 +-
...d-region-name-for-octavia-292594e29ef36bf2.yaml | 6 +
.../notes/adds-etc-timezone-9708f538c3c2cb5e.yaml | 5 +
.../notes/bug-1729566-8b77402fd8236962.yaml | 13 ++
.../notes/bug-1861513-8e09a6fb42dfc99c.yaml | 5 +
.../notes/bug-1861792-a44a31693b0c786f.yaml | 6 +
.../notes/bug-1862211-1c44c4a16963baad.yaml | 7 +
.../notes/bug-1862739-05246e7599375800.yaml | 7 +
.../notes/bug-1863041-30d87a768339251b.yaml | 6 +
.../notes/bug-1863094-1564f489a7eecb28.yaml | 6 +
.../notes/bug-1863363-eb5d0ddd0d0d1090.yaml | 6 +
.../notes/bug-1864810-5a5d0f91c0171b19.yaml | 7 +
.../notes/bug-1867179-9e31460ba53757d4.yaml | 6 +
.../notes/bug-1867946-53c214be2b2482f1.yaml | 7 +
.../notes/bug-1872205-2eb7e57e0a334fb7.yaml | 7 +
.../notes/bug-1872540-0e9bed299f657b25.yaml | 5 +
.../notes/bug-1872545-52f00bd340a800c2.yaml | 5 +
.../notes/bug-1873753-73fe82e70559f928.yaml | 5 +
...aut-rsync-module-template-7c891efbe79a96a9.yaml | 7 +
...ix-haproxy-limit-precheck-c56b3ac2331867ee.yaml | 6 +
...-haproxy-monitor-precheck-487b85f4e93313b1.yaml | 6 +
...fixes-gnocchi-script-name-e4715e3b9fc5b021.yaml | 5 +
.../placement-listen-port-ebbd6aa61aa551da.yaml | 5 +
...hen-alertmanager-disabled-0090c1570ff4e632.yaml | 8 +-
...ve-influxdb-max-row-limit-f814a310aa6bf6ab.yaml | 8 +
...r-in-admin-project-action-95c87ca45a1188d6.yaml | 9 +
.../skydive-keystone-auth-0fe96463b27dd914.yaml | 6 +
...t-for-barbican-in-octavia-0bcdcf91a8adc95c.yaml | 7 +
tools/setup_gate.sh | 13 +-
130 files changed, 612 insertions(+), 259 deletions(-)
1
0
We high-spiritedly announce the release of:
kolla 8.0.3: Kolla OpenStack Deployment
This release is part of the stein stable release series.
The source is available from:
https://opendev.org/openstack/kolla
Download the package from:
https://tarballs.openstack.org/kolla/
Please report issues through:
https://bugs.launchpad.net/kolla/+bugs
For more details, please see below.
8.0.3
^^^^^
Bug Fixes
* Adds openssh-clients to ironic conductor container build to enable
ansible deploy interface to function properly.
* Adds python3-systemd package to ironic-conductor source based
container to allow the Ansible deploy interface to function
correctly. Fixes bug #1861427
* Fix inability to run UEFI-based images/instances by installing
UEFI packages also in nova-libvirt image which is not based on nova-
base. LP#1814552
* Fix bug which caused Keystone Fernet key distribution to fail on
Python 3 systems, by adapting fetch-fernet-keys.py script to work on
Python 3. LP#1859047
* Keystone bootstrap could produce invalid json. LP#1866017
* Fixes the MAX_NUMBER variable usage when running the database
online migrations for cinder.
* Fixes Glance inability to use Cinder NFS backend for images by
including NFS client components in the Glance API image. LP#1868574
* Adds missing "vitrage-persistor" image, required by Vitrage
deployments for storing data. LP#1869319
* Fix "kolla_toolbox_pip_virtualenv_packages" customisation.
LP#1865119
* Fixes Rally for Ubuntu binary deployment. LP#1872283
* Upgrades Gnocchi from 4.3.2 to 4.3.4. This version includes
several bug fixes, in particular one for an issue when coordination
is disabled. This minor version upgrade shouldn't require any
intervention from the operator.
Changes in kolla 8.0.2..8.0.3
-----------------------------
0cf37e009 Bump versions for Stein
627beae3b drop tripleo-common-tempest-plugin
ebfc0a7bf [rally] Fixes Ubuntu binary
e22fb9796 Add nfs dependencies to glance container
ab8bcf5a4 Ensure proper JSON in keystone bootstrap
f7cf4df5a Add vitrage-persistor image
80caffa8c Sensu: Remove ceph and process-checks plugins from client
8d0af2871 Bump versions (Stein)
fc0967b88 Make deploy jobs voting again
4696fc0f3 Fix invalid test in cinder data migration script
519eced61 Fix multiple CI issues
58a8e8189 Bump service versions (Stein)
1a0886f84 mariadb: install mariabackup on Debian
6c61b5082 CI: Install tox
84003367b kibana, nova-libvirt: handle it properly for non-x86
a9f759d1d Adds python3-systemd for ansible deploy interface
c139ac591 Add ssh clients to Ironic Conductor container
b12db74f5 Fix renos
a83173da8 Adapt fetch-fernet-tokens script to Python 3
d53ead942 Fix kolla_toolbox_pip_virtualenv_packages override
7c2199665 Bump stein versions
aabd2ac49 Ignore EM releases in version-check.py
85e1ef609 Bump stein versions
cbfded882 Bump Gnocchi to 4.3.4
1b3d1254c [stein] Bump versions
757fe5756 nova-libvirt: add UEFI packages to support UEFI instances
983bee4f9 Change fetch_fernet_tokens.py behaviour to check for minimum number of tokens
Diffstat (except docs and test files)
-------------------------------------
.../keystone-fernet/fetch_fernet_tokens.py | 6 ++--
kolla/common/config.py | 40 ++++++++++-----------
...ients-to-ironic-conductor-7275bd65dfe238a6.yaml | 5 +++
...systemd-for-ironic-source-9a6883496e101da9.yaml | 6 ++++
.../notes/bug-1814552-a037354969dcf7e5.yaml | 6 ++++
.../notes/bug-1859047-d41762357da8ae0b.yaml | 6 ++++
.../notes/bug-1866017-9e31ddbfca9fd0f4.yaml | 5 +++
.../notes/bug-1866827-5351ec43486d7f33.yaml | 5 +++
releasenotes/notes/bug-1868574.yaml | 6 ++++
.../notes/bug-1869319-aa032c1330b540dc.yaml | 6 ++++
...oolbox-venv-customisation-dc66f7bc621908a8.yaml | 5 +++
...fixes-ubuntu-binary-rally-cf5af7f5d3083c44.yaml | 5 +++
.../upgrade-gnocchi-to-4.3.4-297be1fc7e3b3bd5.yaml | 7 ++++
tools/version-check.py | 4 +++
28 files changed, 222 insertions(+), 34 deletions(-)
1
0
Hello everyone,
A new release candidate for tacker for the end of the Ussuri
cycle is available! You can find the source code tarball at:
https://tarballs.openstack.org/tacker/
Unless release-critical issues are found that warrant a release
candidate respin, this candidate will be formally released as the
final Ussuri release. You are therefore strongly encouraged
to test and validate this tarball!
Alternatively, you can directly test the stable/ussuri release
branch at:
https://opendev.org/openstack/tacker/src/branch/stable/ussuri
Release notes for tacker can be found at:
https://docs.openstack.org/releasenotes/tacker/
If you find an issue that could be considered release-critical, please
file it at:
https://bugs.launchpad.net/tacker/+bugs
and tag it *ussuri-rc-potential* to bring it to the tacker
release crew's attention.
1
0
Hello everyone,
A new release candidate for monasca-persister for the end of the Ussuri
cycle is available! You can find the source code tarball at:
https://tarballs.openstack.org/monasca-persister/
Unless release-critical issues are found that warrant a release
candidate respin, this candidate will be formally released as the
final Ussuri release. You are therefore strongly encouraged
to test and validate this tarball!
Alternatively, you can directly test the stable/ussuri release
branch at:
https://opendev.org/openstack/monasca-persister/src/branch/stable/ussuri
Release notes for monasca-persister can be found at:
https://docs.openstack.org/releasenotes/monasca-persister/
If you find an issue that could be considered release-critical, please
file it at:
https://bugs.launchpad.net/monasca/+bugs
and tag it *ussuri-rc-potential* to bring it to the monasca-persister
release crew's attention.
1
0
Hello everyone,
A new release candidate for cinder for the end of the Ussuri
cycle is available! You can find the source code tarball at:
https://tarballs.openstack.org/cinder/
Unless release-critical issues are found that warrant a release
candidate respin, this candidate will be formally released as the
final Ussuri release. You are therefore strongly encouraged
to test and validate this tarball!
Alternatively, you can directly test the stable/ussuri release
branch at:
https://opendev.org/openstack/cinder/src/branch/stable/ussuri
Release notes for cinder can be found at:
https://docs.openstack.org/releasenotes/cinder/
If you find an issue that could be considered release-critical, please
file it at:
https://bugs.launchpad.net/cinder/+bugs
and tag it *ussuri-rc-potential* to bring it to the cinder
release crew's attention.
1
0
Hello everyone,
A new release candidate for glance for the end of the Ussuri
cycle is available! You can find the source code tarball at:
https://tarballs.openstack.org/glance/
Unless release-critical issues are found that warrant a release
candidate respin, this candidate will be formally released as the
final Ussuri release. You are therefore strongly encouraged
to test and validate this tarball!
Alternatively, you can directly test the stable/ussuri release
branch at:
https://opendev.org/openstack/glance/src/branch/stable/ussuri
Release notes for glance can be found at:
https://docs.openstack.org/releasenotes/glance/
If you find an issue that could be considered release-critical, please
file it at:
https://bugs.launchpad.net/glance/+bugs
and tag it *ussuri-rc-potential* to bring it to the glance
release crew's attention.
1
0
We are chuffed to announce the release of:
ironic 15.0.0: OpenStack Bare Metal Provisioning
This release is part of the ussuri release series.
The source is available from:
https://opendev.org/openstack/ironic
Download the package from:
https://tarballs.openstack.org/ironic/
Please report issues through:
https://storyboard.openstack.org/#!/project/943
For more details, please see below.
15.0.0
^^^^^^
Prelude
*******
The Ironic Developers are proud to announce the release of Ironic
15.0! This release contains a number of changes that have been sought
by operators and users of Ironic for some time, including support for
UEFI booting a software RAID system, improved Ironic/Ironic Python
Agent security, multi-tenancy constructs, a hardware retirement
mechanism, stateful DHCPv6, and numerous fixes. We sincerely hope you
enjoy!
New Features
************
* Adds REST API endpoints for indicator management. Three new
endpoints, for listing, reading and setting the indicators, reside
under the "/v1/nodes/<node_ident>/management/indicators" location.
* Adds support of "agent token" which serves as a mechanism to
secure the normally unauthenticated API endpoints in ironic which
are used in the mechanics of baremetal provisioning. This feature is
optional, however operators may require this feature by changing the
"[DEFAULT]require_agent_token" setting to "True".
* Adds "is_allocation_owner" policy rule, which can be applied to
allocation get/update/delete rules. Also adds
"baremetal:allocation:list" and "baremetal:allocation:list_all"
rules for listing owned allocations and all allocations. Default
rules are unaffected, so default behavior is unchanged.
* Adds a new configuration option "[console]port_range", which
specifies the range of ports can be consumed for the IPMI serial
console. The default value is "None" for backwards compatibility. If
the "ipmi_terminal_port" is not specified in the driver information
for a node, a free port will be allocated from the configured port
range for further use.
* For baremetal operations on DHCPv6-stateful networks multiple IPv6
addresses can now be allocated for neutron ports created for
provisioning, cleaning, rescue or inspection. The new parameter
"[neutron]/dhcpv6_stateful_address_count" controls the number of
addresses to allocate (Default: 4).
* Adds functionality with neutron integration to support dual-stack
(IPv4 and IPv6 environment configurations). This enables ironic to
look up the attached port(s) and supply DHCP options in alignment
with the protocol version allocated on the port.
* Implemented the "BIOS interface" for the "idrac" hardware type.
Primarily, implemented "factory_reset" and "apply_configuration"
clean and deploy steps, as asynchronous operations. For more
details, see story 2007400
(https://storyboard.openstack.org/#!/story/2007400)
* The "ilo-virtual-media" boot interface now supports managing boot
for in-band inspection. This enables using virtual media instead of
PXE for in-band inspection.
* Adds the capability for the "instance_info\image_checksum" value
to be optional in stand-alone deployments if the
"instance_info\image_os_hash_algo" and
"instance_info\image_os_hash_value" fields are populated.
* Makes management interface of "redfish" hardware type not change
the current boot frequency if the current setting is the same as the
desired one. The goal is to avoid touching a potentially faulty BMC
option whenever possible.
* Adds a new "[ipmi]debug" option that allows users to explicitly
turn IPMI command debugging on, as opposed to relying upon the
system debug setting "[DEFAULT]debug". Users wishing to continue to
log this output should set "[ipmi]debug" to "True" in their
ironic.conf.
* Changes neutron port updates to use auth values from Ironic's
neutron conf, preventing issues that can arise when a non-admin user
manages Ironic nodes. A check is added to the port update function
to verify that the user can actually see the port. This adds an
additional Neutron request call to all port updates.
* Adds a "lessee" field to nodes. This field is exposed to policy,
so if a policy file permits, a lessee will have access to specified
node APIs.
* Adds "baremetal:node:update_extra" and
"baremetal:node:instance_info" policies to allow finer-grained
policy control over node updates. In order to use standalone Ironic
to provision a node, a user must be able to update "instance_info"
(and "extra" if using metalsmith), and a lessee should not be able
to update all node attributes.
* The "redfish_system_id" property of redfish hardware type has been
made optional. If not specified in "driver_info", and the target BMC
manages a single ComputerSystem, ironic will assume that system.
Otherwise, ironic will fail requiring explicit "redfish_system_id"
specification in "driver_info".
* To allow use of the "neutron" network interface in combination
with "flat" provider networks where no actual switch management is
done. The "local_link_connection" field on ports is extended to
support the "network_type" field.
* Target devices for software RAID can now be specified in the form
of device hints (same as for root devices) in the "physical_disks"
parameter of a logical disk configuration. This requires ironic-
python-agent from the Ussuri release series.
* Adds a "root_prefix" parameter to the sushy context based on the
path of "redfish_address". Defaults to sushy "root_prefix" default
("/redfish/v1/"). This is needed if the Redfish API is not located
in the default "/redfish/v1/" endpoint.
* Adds support for bootable software RAID with UEFI boot mode.
* Passwords for "rescue" operation are now hashed for transmission
to the "ironic-python-agent". This functionality requires "ironic-
python-agent" version "6.0.0".
The setting "[conductor]rescue_password_hash_algorithm" now defaults
to "sha256", and may be set to "sha256", or "sha512".
Known Issues
************
* The "ansible" deployment interface does not support use of an
"agent token" at this time.
Upgrade Notes
*************
* The minimum supported version of "Ansible" is now "2.7". All
support for previous Ansible versions is no longer maintained.
* The default value of "[deploy]/default_boot_option" is changed
from "netboot" to "local".
* Due to the default boot option change, partition images without
"grub2" will be unable to be deployed without the "boot_option" for
the node to be explicitly set to "netboot".
* The required minimum version of the "sushy" python Redfish API
client library is now version "3.2.0".
* Removes compatibility with deploy interfaces that do not use
deploy steps.
* The "[pxe]ip_version" setting may no longer be required depending
on neutron integration.
* Operators that used the "[DEFAULT]my_ip" setting with an IPv6
address may wish to explore migrating to the "[DEFAULT]my_ipv6"
setting. Setting both values enables the appropriate IP addresses
based on protocol version for PXE/iPXE.
* If "[DEFAULT]force_raw_images" is set to "true", then MD5 will not
be utilized to recalculate the image checksum. This requires the
"ironic-python-agent" ramdisk to be at least version 3.4.0.
* Debug logging control has been moved to the "[ipmi]debug"
configuration setting as opposed to the "conductor" "[DEFAULT]debug"
setting as the existing "ipmitool" output can be extremely
misleading for users. Operators who wish to continue to log
"ipmitool" verbose output in their logs should explicitly set the
"[ipmi]debug" command to True.
* The dependency on "oslo.i18n" is now optional. If you would like
messages from ironic to be translated, you need to install it
explicitly.
* The guru meditation reporting functionality is now optional and
the "oslo.reports" package is no longer a part of requirements.
Install it manually if you need this feature.
* The configuration option "[pxe]ipxe_enabled" was deprecated and
now has been removed, thus the support for iPXE from the "pxe"
interface was removed. To use iPXE, the boot interface should be
migrated to "ipxe" or other boot interfaces capable of booting from
iPXE.
Deprecation Notes
*****************
* Some deploy interfaces use the "continue_node_deploy" RPC call to
notify the conductor when they're ready to leave the "deploy" core
deploy step. Currently ironic allows a node to be either in "wait
call-back" or "deploying" state when entering this call. This is
deprecated, and in the next release a node will have to be in the
"wait call-back" ("DEPLOYWAIT") state for this call.
Security Issues
***************
* Image checksum recalculation when images are forced to raw images,
are now calculated using "SHA3-256" if MD5 was selected. This is now
unconditional.
* Operators wishing to enforce all rescue passwords to be hashed
should use the "[conductor]require_rescue_password_hashed" setting
and set it to a value of "True".
This setting will be changed to a default of "True" in the Victoria
development cycle.
* The secret token that is used for IPA verification will be
generated using the secrets module to be in compliance with the
"FIPS 140-2" standard.
Bug Fixes
*********
* Fixes an issue with the agent client code where checks of the
agent command status had no logic to prevent an intermittent or
transient connection failure from causing the entire operation to
fail.
* Fixes 'Invalid parameter value for SpanLength' when configuring
RAID using Python 3. This passed incorrect data type to iDRAC, e.g.,
instead of *2* it passed *2.0*. See story 2004265
(https://storyboard.openstack.org/#!/story/2004265)
* Fixes RAID configuration using *idrac-wsman* RAID interface where
node remains in 'clean wait' provisioning state forever. See story
2007567 (https://storyboard.openstack.org/#!/story/2007567)
* Fixes an issue where a node may be locked from changes if a
conductor's hostname case is changed before restarting the conductor
service.
* Fixes an issue in the "ironic-python-agent" client code where a
command exception may not be captured in the interaction with the
agent rest API. The client code would return the resulting error
message and a static error code. We now look with-in the error to
detect if the error may be a compatability error to raise the
appropriate exception for fallback logic to engage.
* Improves interoperability with Redfish BMCs by untying node boot
mode change from other boot parameters change (such as boot device,
boot frequency).
* Fixes vague node "last_error" field reporting upon deploy step
failure by providing the exception error message in addition to the
step that failed.
* The 'no address available' problem seen when network booting on
DHCPv6-stateful networks is fixed with the support for allocating
multiple IPv6 addresses. See bug: 1861032
(https://bugs.launchpad.net/neutron/+bug/1861032)
* Fixes an agent command issue in the bootloader installation
process that can present itself as a connection timeout under heavy
IO load conditions. Now installation commands have an internal
timeout which is double the conductor wide "[agent]command_timeout".
For more information, see bug 2007483
(https://storyboard.openstack.org/#!/story/2007483)
* Use SHA256 for comparing file contents instead of MD5. This
improves FIPS compatibility.
* Fixes a bug in the "idrac" hardware type where when creating one
or more virtual disks on a RAID controller that supports passthru
mode (PERC H730P), the cleaning step would finish before the job to
create the virtual disks actually completed. This could result in
the client attempting to perform another action against the iDRAC
that creates a configuration job, and that action would fail since
the job to create the virtual disk would still be executing. This
patch fixes this issue by only allowing the cleaning step to finish
after the job to create the virtual disk completes. See bug bug
2007285 (https://storyboard.openstack.org/#!/story/2007285) for more
details.
* Certain RAID controllers (PERC H730P) require physical disks to be
switched from non-RAID (JBOD) mode to RAID mode to be included in a
virtual disk. When this conversion happens, the available free
space on the physical disk is reduced due to some space being
allocated to RAID mode housekeeping. If the user requests a virtual
disk (a RAID 1 for example) with a size close to the max size of the
physical disks when they are in JBOD mode, then creation of the
virtual disk following conversion of the physical disks from JBOD to
RAID mode will fail since there is not enough space due to the space
used by RAID mode housekeeping. This patch works around this issue
by recalculating the RAID volume size after physical disk conversion
has completed and the free space on the converted drives is known.
Note that this may result in a virtual disk that is slightly smaller
than the requested size, but still the max size that the drives can
support. See bug bug 2007359
(https://storyboard.openstack.org/#!/story/2007359) for more details
* Fixes state report via Guru Meditation Reports that did not work
previously because of empty "log_dir" and no way to configure this
configuration option.
* Fixed a bug where rebooting a node managed by the "idrac" hardware
type when using the WS-MAN power interface sometimes fails with a
"The command failed to set RequestedState" error. See bug 2007487
(https://storyboard.openstack.org/#!/story/2007487) for details.
* If a node is in mid-deployment or cleaning and its conductor dies,
ironic will move that node into a failed state. However, this wasn't
being done if those nodes were also in maintenance. This has been
fixed. See story 2007098
(https://storyboard.openstack.org/#!/story/2007098) for more
details.
* Now that HUAWEI ironic 3rd party CI is back, the "ibmc" hardware
type driver is supported.
* Fixes an issue where a node may be locked from changes if a
conductor's hostname case is changed before restarting the conductor
service. clean up the reservation once the conductor stopped.
* Renames misleadingly named "images.create_isolinux_image_for_uefi"
function into "images.create_esp_image_for_uefi". The new name
reflects what's actually going on under the hood.
Other Notes
***********
* The "[conductor]power_state_change_timeout" default value has been
extended to "60" seconds from "30" seconds. This is due to some API
interfaces with Redfish, may cache the power state and thus may take
longer than thirty seconds to update after a change has been
requested. Please see here (https://github.com/metal3-io/ironic-
image/issues/143) for more information.
* The rootwrap filter file called "ironic-lib.filters" is no longer
part of Ironic. The same file is available from the ironic-lib
module which is already an install requirement.
Changes in ironic 14.0.0..15.0.0
--------------------------------
1bb5e80ae Add ironic-python-agent-builder to grenade projects and use netboot
753bb1907 Update python-dracclient version
b417d0ffa Don't break UEFI install with older IPAs
2007fa64d Fix supported sushy-oem-idrac version
66a0533d0 Implements: Reactive HUAWEI ibmc driver
bfeef067a Fix agent_client handling of embedded errors
524f8aa79 In-band deploy steps: correctly wipe driver_internal_info
5950b7041 Restore missing node.save() in agent_base.py
5cb4bd613 Add link to other Redfish parms to iDRAC doc
b49319137 Log when IPA fallback occurs on bootloader install
2e276459b Delay validating deploy templates until we get all steps
4795c4a8b Support executing in-band deploy steps
805e004e9 Upgrade flake8-import-order version to 0.17.1
6397777ea Stop configuring install_command in tox.
f8f9740a0 Prepare release notes/docs for 15.0 release
04931a16e Ironic 15.0 prelude
7f814058f DRAC: Added redfish management interface issue
27a0b54b6 Fix SpanLength calculation for DRAC RAID configuration
519edb48f Fix RAID configuration with idrac-wsman interface
03a927cab Revert "Generalize ISO building for virtual media driver"
ced3e7a8e Add ironic 15.0 release mapping
dcc049768 Fixes unusable Guru meditation report
fb7d8ce57 Don't use wsme test webapp for patch tests
dffc71287 Centralise imports of wsme types
3a58d81f6 Update iDRAC doc about soft power off timeout
cb86bd308 Implement the bios-interface for idrac-wsman driver
ff2030ce9 Improve the command status checks in the agent's process_next_step
6a73f7fdd Change [deploy]/default_boot_option to local
b63403606 Update iDRAC doc about vendor passthru timeout
cc29461d2 Use trailing slash in the agent command URL
36944fa39 Fix missing print format in log messages
0587df6e4 Extend timeout on CI job with automated cleaning
95a3e1bdf Fix issue where server fails to reboot
9f75bbd93 Add my new address to .mailmap
cf412bc81 "dual stack" support for PXE/iPXE
c4d9984c5 Generalize ISO building for virtual media driver
4f62e8e87 Remove six minions
1f18a2820 Increase VM RAM value in local.conf example
861f35b03 Release reservation when stoping the ironic-conductor service
45a9fbdfa Update jobs description
927d3c89f Change default ram value
d6361bee0 Added node multitenancy doc
d4dbc6e3a Support burning configdrive into boot ISO
81b93abf2 [doc] Remove the device selection limitation for Software RAID
335895a8e Add sushy-cli to client libraries release list
78f904978 Fix AttributeError in check allowed port fields
c428a51dd Fix gunicorn name on Py3@CentOS7 in devstack
602a467a0 Add node lessee field
65b5ac6a7 Software RAID: Pass the boot mode to the IPA
d150aa287 Refactor AgentBase.heartbeat and process_next_step
dd5adf68a [doc] Images need some metadata for software RAID
855b654cb Drop netaddr - use netutils.is_valid_ipv6()
d9db0b454 Allow INSPECTWAIT state for lookup
aad54c245 Improve `redfish` set-boot-device behaviour
5be4c4f5c Improve `redfish` set-boot-mode implementation
30f2f0c08 Change multinode job to voting
163c8346a Cleanup Python 2.7 support
d15d2f09f Use auth values from neutron conf when managing Neutron ports
566461954 Fetch netmiko session log
69739715c Doc - IPv6 Provisioning
cb3185274 Additional IP addresses to IPv6 stateful ports
c40d221fc Add network_type to port local_link_connection
1d9c8283b Make oslo.i18n an optional dependency
9f93694b9 Make oslo.reports an optional dependency
d5c293a44 Do not autoescape all Jinja2 templates
6a1d453ef Make deploy step failure logging indicate the error
1faa3397a Fix the remaining hacking issues
a3d7d73a6 Bump hacking to 3.0.0
4829df296 Extend install_bootloader command timeout
80cdb9abd Document deploy_boot_mode and boot_option for standalone deployments
80e49538c Remove future usage
6c6dd2c84 Fix enabled_hardware_types from idrac-wsman to idrac
88d489a53 Document our policies for stable branches
242775ae1 Retry agent get_command_status upon failures
b6136e13f Add troubleshooting on IPMI section
bc654814f Default IRONIC_RAMDISK_TYPE to dib
16bce7f18 Generalize clean step functions to support deploy steps
8e472a07b Raise human-friendly messages on attempt to use pre-deploy steps drivers
fcaefdbe7 Hash the rescue_password
84e8b11a6 DRAC: Fix a failure to create virtual disk bug
35b77ddb3 [doc] Add documentation for retirement support
5b07374fd Add info on how to enable ironic-tempest-plugin
f359d1841 Follow-up releasenote use_secrets
263fd021b Add indicators REST API endpoints
1425adbb0 Do not use random to generate token
deca07de3 Signal agent token is required
bee537a4a Support centos 7 rootwrap data directory
8dc2eebef Refactoring: split out wrap_ipv6
fb79ea2c4 Refactoring: move iSCSI deploy code to iscsi_deploy.py
6e9901583 Clean up nits from adding additional node update policies
cc1632a82 Allow specifying target devices for software RAID
9fd0aa859 Documentation clarifications for software RAID
bfb41571b Drop rootwrap.d/ironic-lib.filters file
cc17246d2 Expand user-image doc
1e514b644 Move ipmi logging to a separate option
31439718c Change readfp to read_file
fbf92e612 Make image_checksum optional if other checksum is present
529c3ff06 Remove compatibility with pre-deploy steps drivers
4383303df Extend power sync timeout for Ericsson SDI
2b3bef7d1 Skip clean steps from 'fake' interfaces in the documentation
8377e1a06 Rename ironic-tox-unit-with-driver-libs-python3
3d2d04c84 Send our token back to the agent
6121fbf10 Enable agent_token for virtual media boot
16a2473b8 Add separate policies for updating node instance_info and extra
5cb69916c Follow up to console port allocation
06c599726 Change force_raw_images to use sha256 if md5 is selected
ae3a14e65 Make reservation checks caseless
7a15df60c [doc] Missing --name option
823a01688 Bump minimum supported ansible version to 2.7
2293c7dfa Set abstract for ironic-base
4d3f1b40e Refactoring: move generic agent clean step functions to agent_base
530ec9d0b Docs: split away user image building and highlight whole disk images
3f3fc7dca Redfish: Add root_prefix to Sushy
5cebea361 Cleanup docs building
9be7380e1 Rename `create_isolinux_image_for_uefi` function as misleading
34d34b3a9 Finalize removal of ipxe_enabled option
6ba983b61 Start removing ipxe support from the pxe interface
bb3b2349f Pre-shared agent token
5e4a617b4 DRAC: Fix RAID create_config clean step
8b9349d47 Expose allocation owner to additional policy checks
7cb251716 Project Contributing updates for Goal
5ffef36fd Refactoring: rename agent_base_vendor to agent_base
8982ef574 Use FIPS-compatible SHA256 for comparing files
263c3c607 Revert "Move ironic-standalone to non-voting"
e1e89f883 Move ironic-standalone to non-voting
c99347fae Make `redfish_system_id` property optional
caa73a110 Lower tempest concurrency
dc6f92c97 Refactoring: finish splitting do_node_deploy
b3721ce4f Automatic port allocation for the serial console
4ac3cfbf5 Remove the [pxe]ipxe_enabled configuration option
8be57492f [Trivial] Remove redundant brackets
b44eb6f34 Fix bash comparisons for grenade multinode switch
dd18c7054 Nodes in maintenance didn't fail, when they should have
70709648d Implement managed in-band inspection boot for ilo-virtual-media
Diffstat (except docs and test files)
-------------------------------------
.mailmap | 1 +
CONTRIBUTING.rst | 10 +-
api-ref/source/baremetal-api-v1-nodes.inc | 19 +
api-ref/source/conf.py | 26 +-
api-ref/source/parameters.yaml | 6 +
api-ref/source/samples/node-create-response.json | 1 +
api-ref/source/samples/node-show-response.json | 1 +
.../samples/node-update-driver-info-response.json | 1 +
.../samples/nodes-list-details-response.json | 2 +
devstack/lib/ironic | 49 +-
devstack/upgrade/upgrade.sh | 2 +-
...ode-contribution-guide.rst => contributing.rst} | 125 ++-
driver-requirements.txt | 8 +-
etc/ironic/rootwrap.d/ironic-lib.filters | 28 -
ironic/api/controllers/base.py | 10 +-
ironic/api/controllers/link.py | 5 +-
ironic/api/controllers/v1/allocation.py | 81 +-
ironic/api/controllers/v1/bios.py | 11 +-
ironic/api/controllers/v1/chassis.py | 12 +-
ironic/api/controllers/v1/collection.py | 5 +-
ironic/api/controllers/v1/conductor.py | 13 +-
ironic/api/controllers/v1/deploy_template.py | 34 +-
ironic/api/controllers/v1/driver.py | 20 +-
ironic/api/controllers/v1/node.py | 435 ++++++++---
ironic/api/controllers/v1/notification_utils.py | 6 +-
ironic/api/controllers/v1/port.py | 63 +-
ironic/api/controllers/v1/portgroup.py | 38 +-
ironic/api/controllers/v1/ramdisk.py | 56 +-
ironic/api/controllers/v1/types.py | 65 +-
ironic/api/controllers/v1/utils.py | 119 ++-
ironic/api/controllers/v1/versions.py | 14 +-
ironic/api/controllers/v1/volume.py | 8 +-
ironic/api/controllers/v1/volume_connector.py | 26 +-
ironic/api/controllers/v1/volume_target.py | 28 +-
ironic/api/types.py | 29 +
ironic/api/wsgi.py | 2 +-
ironic/cmd/__init__.py | 2 +-
ironic/cmd/api.py | 16 +-
ironic/cmd/conductor.py | 30 +-
ironic/cmd/dbsync.py | 2 -
ironic/cmd/status.py | 1 +
ironic/common/driver_factory.py | 16 +-
ironic/common/exception.py | 8 +-
ironic/common/glance_service/service_utils.py | 4 +-
ironic/common/i18n.py | 19 +-
ironic/common/images.py | 160 +++-
ironic/common/neutron.py | 110 ++-
ironic/common/policy.py | 54 +-
ironic/common/pxe_utils.py | 68 +-
ironic/common/release_mappings.py | 24 +-
ironic/common/states.py | 15 +-
ironic/common/utils.py | 18 +-
ironic/conductor/allocations.py | 2 +-
ironic/conductor/base_manager.py | 17 +-
ironic/conductor/cleaning.py | 5 +
ironic/conductor/deployments.py | 215 +++---
ironic/conductor/manager.py | 374 ++++++---
ironic/conductor/rpcapi.py | 109 ++-
ironic/conductor/steps.py | 69 +-
ironic/conductor/task_manager.py | 4 +-
ironic/conductor/utils.py | 185 ++++-
ironic/conf/agent.py | 6 +-
ironic/conf/conductor.py | 14 +-
ironic/conf/console.py | 7 +
ironic/conf/default.py | 26 +-
ironic/conf/deploy.py | 8 +-
ironic/conf/ipmi.py | 6 +
ironic/conf/neutron.py | 10 +
ironic/conf/pxe.py | 16 +-
...7122cc9_add_extra_column_to_deploy_templates.py | 6 +-
.../5674c57409b9_replace_nostate_with_available.py | 8 +-
.../versions/b2ad35726bb0_add_node_lessee.py | 32 +
.../cd2c80feb331_add_node_retired_field.py | 6 +-
ironic/db/sqlalchemy/api.py | 17 +-
ironic/db/sqlalchemy/models.py | 7 +-
ironic/dhcp/base.py | 12 +-
ironic/dhcp/neutron.py | 48 +-
ironic/drivers/base.py | 2 +-
ironic/drivers/drac.py | 6 +
ironic/drivers/ibmc.py | 2 -
ironic/drivers/modules/agent.py | 88 +--
.../{agent_base_vendor.py => agent_base.py} | 820 +++++++++++++-------
ironic/drivers/modules/agent_client.py | 203 ++++-
ironic/drivers/modules/ansible/deploy.py | 14 +-
.../playbooks/callback_plugins/ironic_log.py | 2 +-
ironic/drivers/modules/console_utils.py | 66 +-
ironic/drivers/modules/deploy_utils.py | 403 +---------
ironic/drivers/modules/drac/bios.py | 376 +++++++++
ironic/drivers/modules/drac/power.py | 80 +-
ironic/drivers/modules/drac/raid.py | 143 +++-
ironic/drivers/modules/ilo/boot.py | 25 +-
ironic/drivers/modules/ilo/management.py | 10 +-
ironic/drivers/modules/ilo/power.py | 4 +-
ironic/drivers/modules/inspector.py | 2 +-
ironic/drivers/modules/ipmitool.py | 48 +-
ironic/drivers/modules/ipxe.py | 300 --------
ironic/drivers/modules/irmc/boot.py | 7 +
ironic/drivers/modules/iscsi_deploy.py | 315 +++++++-
ironic/drivers/modules/network/common.py | 2 +-
ironic/drivers/modules/network/flat.py | 8 +-
ironic/drivers/modules/pxe.py | 293 +------
ironic/drivers/modules/pxe_base.py | 294 +++++++
ironic/drivers/modules/redfish/boot.py | 72 +-
ironic/drivers/modules/redfish/inspect.py | 123 +--
ironic/drivers/modules/redfish/management.py | 49 +-
ironic/drivers/modules/redfish/utils.py | 78 +-
ironic/drivers/modules/snmp.py | 21 +-
ironic/drivers/modules/storage/cinder.py | 6 +-
ironic/drivers/modules/storage/external.py | 12 +-
ironic/drivers/raid_config_schema.json | 6 +-
ironic/hacking/checks.py | 15 +-
ironic/objects/node.py | 31 +-
.../unit/api/controllers/v1/test_allocation.py | 76 +-
.../api/controllers/v1/test_deploy_template.py | 2 +-
.../api/controllers/v1/test_notification_utils.py | 4 +-
.../unit/api/controllers/v1/test_portgroup.py | 4 +-
.../api/controllers/v1/test_volume_connector.py | 4 +-
.../unit/api/controllers/v1/test_volume_target.py | 4 +-
.../unit/drivers/modules/ansible/test_deploy.py | 23 -
.../drivers/modules/drac/test_periodic_task.py | 37 +-
.../unit/drivers/modules/ilo/test_management.py | 10 +-
.../drivers/modules/intel_ipmi/test_intel_ipmi.py | 54 +-
.../unit/drivers/modules/network/test_common.py | 12 +-
.../unit/drivers/modules/network/test_flat.py | 26 +-
.../unit/drivers/modules/network/test_neutron.py | 40 +-
.../unit/drivers/modules/redfish/test_boot.py | 49 +-
.../drivers/modules/redfish/test_management.py | 49 +-
.../unit/drivers/modules/redfish/test_utils.py | 20 +
.../unit/drivers/modules/storage/test_cinder.py | 7 +-
.../unit/drivers/modules/storage/test_external.py | 12 +-
...est_agent_base_vendor.py => test_agent_base.py} | 841 +++++++++++++++------
.../unit/drivers/modules/test_agent_client.py | 101 ++-
.../unit/drivers/modules/test_console_utils.py | 41 +
.../unit/drivers/modules/test_deploy_utils.py | 726 +-----------------
.../unit/drivers/modules/test_iscsi_deploy.py | 594 ++++++++++++++-
lower-constraints.txt | 11 +-
.../run.yaml | 3 +
playbooks/legacy/grenade-dsvm-ironic/run.yaml | 5 +
.../notes/add-indicator-api-8c816b3828e6b43b.yaml | 6 +
...gent-command-status-retry-f9b6f53a823c6b01.yaml | 6 +
.../agent-token-support-0a5b5aa1585dfbb5.yaml | 19 +
...cation-added-owner-policy-c650074e68d03289.yaml | 7 +
.../notes/bug-2004265-cd9056868295f374.yaml | 7 +
.../bug-2007567-wsman-raid-48483affdd9f9894.yaml | 6 +
.../bump-min-ansible-ver-a78e7885c0e9d361.yaml | 5 +
...s-conductor-restart-check-f70005fbf65f6bb6.yaml | 5 +
...ault-boot-option-to-local-8c326077770ab672.yaml | 8 +
...er-sync-timeout-extension-fa5e7b5fdd679d84.yaml | 9 +
..._embedded_ipa_error_codes-c8fdfaa9e6a1ed06.yaml | 9 +
.../console-port-allocation-bb07c43e3890c54c.yaml | 9 +
...ontinue-node-deploy-state-63d9dc9cdcf8e37a.yaml | 9 +
.../decouple-boot-params-2b05806435ad21e5.yaml | 10 +
.../notes/deploy-step-error-d343e8cb7d1b2305.yaml | 6 +
.../deploy-steps-required-aa72cdf1c0ec0e84.yaml | 4 +
...v6-stateful-address-count-0f94ac6a55bd9e51.yaml | 14 +
...onic-lib-rootwrap-filters-f9224173289c1e30.yaml | 6 +
.../notes/dual-stack-ironic-493ebc7b71263aaa.yaml | 16 +
...nstall-bootloader-timeout-8fce9590bf405cdf.yaml | 8 +
releasenotes/notes/fifteen-0da3cca48dceab8b.yaml | 11 +
.../notes/fips-hashlib-bca9beacc2b48fe7.yaml | 4 +
.../fix-create-configuration-0e000392d9d7f23b.yaml | 15 +
...sion-before-raid-creation-ea1f7eb425f79f2f.yaml | 22 +
releasenotes/notes/fix-gmr-37332a12065c09dc.yaml | 6 +
.../idrac-fix-reboot-failure-c740e765ff41bcf0.yaml | 7 +
...drac-wsman-bios-interface-b39a51828f61eff6.yaml | 8 +
.../ilo-managed-inspection-8b549c003224e011.yaml | 6 +
...ksum-recalculation-sha256-fd3d5b4b0b757e86.yaml | 11 +
.../image_checksum_optional-381acf9e441d2a58.yaml | 7 +
...e-redfish-set-boot-device-e38e9e9442ab5750.yaml | 7 +
.../notes/ipmi-debug-1c7e090c6cc71903.yaml | 13 +
.../neutron-port-update-598183909d44396c.yaml | 8 +
.../node-in-maintenance-fail-afd0eace24fa28be.yaml | 8 +
.../notes/node-lessee-4fb320a597192742.yaml | 5 +
...tance-info-extra-policies-862b2a70b941cf39.yaml | 8 +
...ptional-redfish-system-id-3f6e8b0ac989cb9b.yaml | 9 +
.../notes/oslo-i18n-optional-76bab4d2697c6f94.yaml | 5 +
.../oslo-reports-optional-59469955eaffdf1d.yaml | 6 +
...k-connection-network-type-71103d919e27fc5d.yaml | 7 +
.../notes/raid-hints-c27097ded0137f7c.yaml | 7 +
.../reactive-ibmc-driver-d2149ca81a198090.yaml | 5 +
.../redfish-add-root-prefix-03b5f31ec6bbd146.yaml | 8 +
...rvation-on-conductor-stop-6ebbcdf92da57ca6.yaml | 6 +
.../remove-ipxe-enabled-opt-61d106f01c46acab.yaml | 7 +
.../rename-iso-builder-func-46694ed6ded84f4a.yaml | 6 +
.../software-raid-with-uefi-5b88e6c5af9ea743.yaml | 4 +
...t_to_hash_rescue_password-0915927e41e6d845.yaml | 23 +
...secrets_to_generate_token-55af0f43e5a80b9e.yaml | 5 +
requirements.txt | 6 +-
setup.cfg | 10 +-
setup.py | 8 -
test-requirements.txt | 5 +-
tools/check-releasenotes.py | 2 -
tools/config/ironic-config-generator.conf | 1 +
tox.ini | 19 +-
zuul.d/ironic-jobs.yaml | 95 ++-
zuul.d/legacy-ironic-jobs.yaml | 1 +
zuul.d/project.yaml | 28 +-
271 files changed, 11089 insertions(+), 5685 deletions(-)
Requirements updates
--------------------
diff --git a/driver-requirements.txt b/driver-requirements.txt
index c9874f12f..b8d91d0bc 100644
--- a/driver-requirements.txt
+++ b/driver-requirements.txt
@@ -10 +10 @@ python-scciclient>=0.8.0
-python-dracclient>=3.1.0,<4.0.0
+python-dracclient>=3.1.0,<5.0.0
@@ -14 +14 @@ python-xclarityclient>=0.1.6
-sushy>=2.0.0
+sushy>=3.2.0
@@ -17 +17 @@ sushy>=2.0.0
-ansible>=2.5
+ansible>=2.7
@@ -23 +23 @@ python-ibmcclient>=0.1.0
-sushy-oem-idrac<=0.1.0
+sushy-oem-idrac<=1.0.0
diff --git a/requirements.txt b/requirements.txt
index fff36d71b..da87b3037 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -6 +6 @@ SQLAlchemy!=1.1.5,!=1.1.6,!=1.1.7,!=1.1.8,>=1.0.10 # MIT
-alembic>=0.8.10 # MIT
+alembic>=0.9.6 # MIT
@@ -13 +13 @@ python-glanceclient>=2.8.0 # Apache-2.0
-keystoneauth1>=3.15.0 # Apache-2.0
+keystoneauth1>=3.18.0 # Apache-2.0
@@ -24 +23,0 @@ oslo.rootwrap>=5.8.0 # Apache-2.0
-oslo.i18n>=3.15.3 # Apache-2.0
@@ -28 +26,0 @@ oslo.policy>=1.30.0 # Apache-2.0
-oslo.reports>=1.18.0 # Apache-2.0
diff --git a/test-requirements.txt b/test-requirements.txt
index ab53cb70f..497bcdc99 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -4 +4 @@
-hacking>=1.0.0,<1.1.0 # Apache-2.0
+hacking>=3.0.0,<3.1.0 # Apache-2.0
@@ -12,0 +13 @@ iso8601>=0.1.11 # MIT
+oslo.reports>=1.18.0 # Apache-2.0
@@ -21 +22 @@ bashate>=0.5.1 # Apache-2.0
-flake8-import-order>=0.13 # LGPLv3
+flake8-import-order>=0.17.1 # LGPLv3
1
0