[release-announce] kolla-ansible 12.0.0 (wallaby)

We are psyched to announce the release of: kolla-ansible 12.0.0: Ansible Deployment of Kolla containers This release is part of the wallaby release series. The source is available from: https://opendev.org/openstack/kolla-ansible Download the package from: https://tarballs.openstack.org/kolla-ansible/ Please report issues through: https://bugs.launchpad.net/kolla-ansible/+bugs For more details, please see below. 12.0.0 ^^^^^^ New Features ************ * Adds support for CentOS Stream 8 as a host Operating System and base container image. This is the only distribution of CentOS supported from the Wallaby release. The Victoria release will support both CentOS Linux 8 and CentOS Stream 8 hosts and images, and provides a route for migration. * Supports Debian Bullseye (11) as host distribution. * Adds support in "kolla_docker" module to set "CgroupnsMode" for Docker containers (via "cgroupns_mode" module param). Requires Docker 20.10. Note that pre-20.10 all containers behave as if they were run with mode "host". * OVN deployment will now configure "external_ids:ovn-chassis-mac- mappings" to make DVR work on VLAN tenant networks. * Due to the removal of the Monasca Grafana fork, the Monasca datasource is now configured in vanilla Grafana. Upgrade Notes ************* * Bumps minimum required Docker version to 18.09 and minimum required Docker Python SDK version to 3.4.1. These two are checked in prechecks. * CentOS Linux 8 is no longer supported as a host Operating System or base container image. CentOS users should migrate to CentOS Stream 8. The Victoria release will support both CentOS Linux 8 and CentOS Stream 8 hosts and images, and provides a route for migration. * Adds a new flag, "docker_disable_ip_forward", which defaults to "docker_disable_default_iptables_rules" and is used to disable docker's "ip-forward" option which makes docker set "net.ipv4.ip_forward" sysctl to "1". By default, "docker_disable_default_iptables_rules" is "true", in which case docker's "ip-forward" option is "disabled". For existing hosts, this configuration change is applied when configuring docker via "kolla-ansible bootstrap-servers". Docker changes the sysctl in a non-persistent manner, so it will revert to the default of "0" after a reboot, if not configured elsewhere. This should not cause a problem, since Kolla Ansible applies the sysctl where necessary. Operators may wish to perform a proactive reboot, or apply the default through other means. * Service containers and configuration for the Monasca Grafana service will be removed automatically. It is up to the operator to remove the related HAProxy configuration, the Monasca Grafana database, and associated Docker volumes. Deprecation Notes ***************** * Support for configuration of NTP daemon (via "enable_host_ntp") is deprecated and will be removed in the next Kolla Ansible release (Xena). Please use other means of configuring NTP. * The Monasca Fork of Grafana is deprecated due to lack of maintenance and will be removed in the Xena release. Instead, support will be provided to allow Monasca users to migrate to the vanilla Grafana service with the Monasca datasource. * Support for deploying "tempest" and "rally" is deprecated and will be removed in the Xena cycle. The reason is that these are not services of an OpenStack cloud but its clients. Bug Fixes ********* * chronyd crash loop if server is rebooted (Debian) LP#1915528 * Fixed an issue when Docker was configured after startup on Debian/Ubuntu, which resulted in iptables rules being created - before they were disabled. LP#1923203 * Fixes an issue with Octavia SSH key copying if user disabled Octavia auto configuration. LP##1927727 * Fixed an issue where docker python SDK 5.0.0 was failing due to missing six - introduced a constraint to install version lower than 5.x. LP#1928915 * Fixes more-than-2-node RabbitMQ upgrade failing randomly. LP#1930293. * Fixes Swift deploy when TLS enabled. Added the missing handler and corrected the container name. LP#1931097 * Fixes "iscsid" failing in current CentOS 8 based images due to pid file being needlessly set. LP#1933033 * Fixes host bootstrap on Debian not removing the conflicting packages. It now behaves in accordance with the docs. LP#1933122 * Fixes potential issue with Alertmanger in non-HA deployments. In this scenario, peer gossip protocol is now disabled and Alertmanager won't try to form a cluster with non-existing other instances. LP#1926463 * Adds a new flag, "docker_disable_ip_forward", which defaults to "docker_disable_default_iptables_rules" and is used to disable docker's "ip-forward" option which makes docker set "net.ipv4.ip_forward" sysctl to "1". This is to protect from creating all-forwarding hosts. LP#1931615 * Fixes an issue when generating "/etc/hosts" during "kolla-ansible bootstrap-servers" when one or more hosts has an "api_interface" with dashes ("-") in its name. LP#1927357 * Fixes the container image used by mariabackup. It was using the "mariadb" image, which was deprecated in Victoria and removed in Wallaby. LP#1928129 * Fixes an issue with Octavia deployment when using a custom service auth project. If "octavia_service_auth_project" is set to a project that does not exist, Octavia deployment would fail. The project is now created. LP#1922100 Changes in kolla-ansible 12.0.0.0rc1..12.0.0 -------------------------------------------- bcce291aa Fix host bootstrap pkg removal on Debian ecddf74d7 Do not set pid file for iscsid 2e76e0565 Support editable installation in all cases cf58c0460 tox: Add find command to allowlist_externals list 315d8eec2 baremetal: fix /etc/hosts generation when api_interface has dashes a6a2e5ec1 chronyd crash loop if Debian server is rebooted 252671f8b Stop fluentd deprecation warnings of type vs @type 381e3a40d Fix parsing of infra.mariadb.xinetd logs 189c1c245 Fix neutron-ovn-metadata-agent with policy.yaml cbd474cc4 octavia: Ensure service auth project exists c24a56b7d Merge glance sections for nova.conf.j2 b79d2a4f0 Redis configuration syntax update 13deb4304 Update blazar.conf template 5ba041019 Add the ansible_managed header for admin-openrc.sh e3f43eee5 Reno follow up for docker_disable_ip_forward c272af91c Drop /sys/fs/cgroup mounts eb4815345 Disable docker's ip-forward when iptables disabled f11af96cc Fix RabbitMQ restart ordering 98c29107a Add forgotten 'Restart container' handler for swift 12dc47483 grafana: add bootstrap during upgrade a8982e571 Bump min Docker version 94e115e15 chrony: allow to remove the container 12382be7a [CI] Drop Zuul host groups 0c58f83d6 [CI] Move to Debian Bullseye 7b3190871 Add support for Debian Bullseye (11) as host distro efd51bccb [docker] Add support for setting CgroupnsMode 58f3f3042 Trivial if conditional fix in keystone.json e7c68252f docs: Update Freenode to OFTC 0b971b61d Fix release note markup ee92b33b3 Use mariadb-server image for mariabackup d8b4e81c0 CI: Use PATH to find kolla-ansible script d31ec6609 cinder: fix condition to copy backend TLS certs af7c7cc6b Remove [octavia]/base_url option from neutron.conf b887b1c4c docs: update supported OS distros 924affb65 Mariadb shards documentation af7778e3a CI: Configure IP on a linux bridge instead of OVS br-ex 4e8c1493c CI: add grafana to monasca image list 2bff29328 Remove Monasca Grafana service 7e31c959e [CI] Fix testing in cephadm scenario ee8bd456b baremetal: Install Docker SDK less than 5.0.0 bf351eb97 CI: Fix nfv job with kolla dependency 34349f6ad CI: Wait for NTP synced status in systemd 3a661b7ad baremetal: Don't start Docker after install on Debian/Ubuntu e0fc09cde Disable Alertmanager's peer gossip in non-HA deployments bfdd36ff3 CI: allow Elasticsearch status to be green or yellow a92ce428a Use @type instead of type deafe00dd Do not write octavia_amp_ssh_key if auto_config disabled cb38206dc Fix "Restart mariadb-clustercheck container" during config gen 465a38545 ovn: make DVR work on VLAN tenant networks 71811d947 octavia: Fix duplicate api_settings 1e5709150 ovn: omit unnecessary bridge mappings 381fe0d27 setup.cfg: Replace dashes with underscores d83aad7ee Deprecate tempest and rally 5894894ff Deprecate enable_host_ntp f73c00c83 Bump up python version for Debian Bullseye aaa2bb977 cephadm: Set auth_allow_insecure_global_id_reclaim to true 8ccbdf3c2 Add Monasca Grafana deprecation notice 4f87d9f36 Use wallaby images in wallaby deployments adef109a1 Avoid an Ansible quirk in hacluster role 3f7e02765 docs: Improve policy documentation 6bcbaf235 Update TOX_CONSTRAINTS_FILE for stable/wallaby e80783f1d Update .gitreview for stable/wallaby Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + ansible/chrony-cleanup.yml | 14 +++ ansible/group_vars/all.yml | 7 +- ansible/library/kolla_docker.py | 44 +++++++- ansible/roles/baremetal/defaults/main.yml | 2 + ansible/roles/baremetal/tasks/install.yml | 28 ++++- ansible/roles/baremetal/tasks/post-install.yml | 30 +++++- ansible/roles/baremetal/tasks/pre-install.yml | 4 +- ansible/roles/blazar/templates/blazar.conf.j2 | 10 +- ansible/roles/chrony/tasks/cleanup.yml | 12 +++ ansible/roles/chrony/templates/chrony.json.j2 | 4 +- ansible/roles/cinder/tasks/config.yml | 2 +- ansible/roles/common/templates/admin-openrc.sh.j2 | 2 + .../common/templates/conf/input/02-mariadb.conf.j2 | 2 +- .../common/templates/conf/output/00-local.conf.j2 | 8 +- ansible/roles/grafana/defaults/main.yml | 9 ++ ansible/roles/grafana/tasks/upgrade.yml | 5 + .../roles/hacluster/tasks/bootstrap_service.yml | 4 +- ansible/roles/haproxy/tasks/precheck.yml | 27 ----- ansible/roles/iscsi/defaults/main.yml | 2 - ansible/roles/iscsi/templates/iscsid.json.j2 | 2 +- ansible/roles/keystone/templates/keystone.json.j2 | 2 +- ansible/roles/mariadb/defaults/main.yml | 2 +- ansible/roles/mariadb/handlers/main.yml | 2 + ansible/roles/monasca/defaults/main.yml | 24 +---- ansible/roles/monasca/handlers/main.yml | 53 --------- ansible/roles/monasca/tasks/bootstrap.yml | 3 +- ansible/roles/monasca/tasks/config.yml | 19 ---- ansible/roles/monasca/tasks/deploy.yml | 2 - ansible/roles/monasca/tasks/post_config.yml | 120 --------------------- ansible/roles/monasca/tasks/precheck.yml | 11 -- ansible/roles/monasca/tasks/upgrade.yml | 30 ------ .../templates/monasca-grafana/grafana.ini.j2 | 55 ---------- .../monasca-grafana/monasca-grafana.json.j2 | 23 ---- ansible/roles/multipathd/defaults/main.yml | 1 - .../templates/neutron-ovn-metadata-agent.json.j2 | 13 ++- ansible/roles/neutron/templates/neutron.conf.j2 | 5 - ansible/roles/nova-cell/defaults/main.yml | 2 +- ansible/roles/nova-cell/handlers/main.yml | 1 + ansible/roles/nova-cell/tasks/check-containers.yml | 1 + ansible/roles/nova-cell/templates/nova.conf.j2 | 5 +- ansible/roles/octavia/defaults/main.yml | 7 ++ ansible/roles/octavia/tasks/config.yml | 4 +- ansible/roles/octavia/tasks/register.yml | 15 --- ansible/roles/octavia/templates/octavia.conf.j2 | 4 +- ansible/roles/ovn/defaults/main.yml | 2 + ansible/roles/ovn/tasks/bootstrap.yml | 6 +- ansible/roles/prechecks/defaults/main.yml | 3 + ansible/roles/prechecks/tasks/timesync_checks.yml | 73 +++++++++++-- ansible/roles/prechecks/vars/main.yml | 5 +- .../templates/prometheus-alertmanager.json.j2 | 2 +- ansible/roles/rabbitmq/handlers/main.yml | 18 +++- ansible/roles/rally/tasks/main.yml | 5 + ansible/roles/redis/templates/redis.conf.j2 | 10 +- ansible/roles/swift/defaults/main.yml | 2 +- ansible/roles/swift/handlers/main.yml | 4 + ansible/roles/tempest/tasks/main.yml | 5 + .../bootstrap-servers.rst | 5 + .../logging-and-monitoring/monasca-guide.rst | 54 +++++----- etc/kolla/globals.yml | 4 +- etc/kolla/passwords.yml | 1 - ...yd-crash-loop-if-server-is-rebooted-debian.yaml | 5 + .../notes/bug-1922721-19163cfb491d0035.yaml | 4 +- .../notes/bug-1923203-f9ff247befc4bd75.yaml | 6 ++ .../notes/bug-1927727-4437103de59e85e5.yaml | 6 ++ .../notes/bug-1928915-482b2d53bb2a4d92.yaml | 6 ++ .../notes/bug-1930293-d8a524f2070e6779.yaml | 5 + .../notes/bug-1931097-c94832ed2ed92c3a.yaml | 6 ++ .../notes/bug-1933033-76746d127285cfe8.yaml | 6 ++ .../notes/bug-1933122-b34311ba73092080.yaml | 6 ++ ...imum-docker-version-18-09-37af3b4c134da67e.yaml | 6 ++ .../notes/centos-stream-686441cc4c0e47d7.yaml | 13 +++ .../debian-bullseye-host-adc7778d7103b84f.yaml | 4 + .../notes/deprecate-chrony-077a8686e79a919e.yaml | 16 ++- ...deprecate-enable-host-ntp-3ad934c097f18b1b.yaml | 7 ++ ...deprecate-monasca-grafana-f5bfc61a5d453a8e.yaml | 7 ++ ...precate-tempest-and-rally-2418cbe2a9f315a4.yaml | 7 ++ ...e-alertmanager-clustering-ec70f5f970c4933a.yaml | 7 ++ .../docker-cgroupns-mode-9e1b32c357a14095.yaml | 7 ++ ...docker-disable-ip-forward-b0490b71f9f07cd6.yaml | 24 +++++ .../notes/etc-hosts-dashes-37d0dc07c8fc881f.yaml | 7 ++ .../notes/mariabackup-image-8b31622f59890e28.yaml | 6 ++ ...eate-service-auth-project-aa38b12ebb601777.yaml | 7 ++ .../notes/ovn_dvr_vlan-f36a6868cfd4776e.yaml | 5 + .../remove-monasca-grafana-43cf1f74b09a6e54.yaml | 11 ++ roles/bridge/tasks/main.yml | 12 +++ roles/cephadm/tasks/main.yml | 11 ++ roles/veth/tasks/main.yml | 12 +++ setup.cfg | 8 +- tools/kolla-ansible | 33 +++++- tox.ini | 17 +-- zuul.d/base.yaml | 6 +- zuul.d/jobs.yaml | 8 +- zuul.d/nodesets.yaml | 62 +++-------- 114 files changed, 878 insertions(+), 635 deletions(-)