We are glad to announce the release of: openstack-ansible 15.1.7: Ansible playbooks for deploying OpenStack This release is part of the ocata stable release series. The source is available from: http://git.openstack.org/cgit/openstack/openstack-ansible Download the package from: https://tarballs.openstack.org/openstack-ansible/ For more details, please see below. 15.1.7 ^^^^^^ New Features ************ * The os_swift role now supports the swift3 middleware, allowing access to swift via the Amazon S3 API. This feature can enabled by setting "swift_swift3_enabled" to "true". * The "os_cinder" role now provides for doing online data migrations once the db sync has been completed. The data migrations will not be executed until the boolean variable "cinder_all_software_updated" is true. This variable will need to be set by the playbook consuming the role. * A new repository for installing modern erlang from ESL (erlang solutions) has been added giving us the ability to install and support modern stable erlang over numerous operating systems. * The ability to set the RabbitMQ repo URL for both erlang and RabbitMQ itself has been added. This has been done to allow deployers to define the location of a given repo without having to fully redefine the entire set of definitions for a specific repository. The default variables *rabbitmq_gpg_keys*, *rabbitmq_repo_url*, and *rabbitmq_erlang_repo_url* have been created to facilitate this capability. * It's now possible to disable heat stack password field in horizon. "horizon_enable_heatstack_user_pass" variable has been added and default to True. * The "os-nova-install.yml" playbook will now execute a rolling upgrade of nova including database migrations as per the procedure described in the nova documentation (https://docs.openstack.org/developer/nova/upgrade.html). Known Issues ************ * MemcacheD sets *PrivateDevices=true* in its systemd unit file to add extra security around mount namespaces. While this is useful when running MemcacheD on a bare metal host with other services, it is less useful when MemcacheD is already in a container with its own namespaces. In addition, LXC 2.0.8 presents */dev/ptmx* as a bind mount within the container and systemd 219 (on CentOS 7) cannot make an additional bind mount of */dev/ptmx* when *PrivateDevices* is enabled. Deployers can *memcached_disable_privatedevices* to *yes* to set *PrivateDevices=false* in the systemd unit file for MariaDB on CentOS 7. The default is *no*, which keeps the default systemd unit file settings from the MemcacheD package. For additional information, refer to the following bugs: * https://bugs.launchpad.net/openstack-ansible/+bug/1697531 * https://github.com/lxc/lxc/issues/1623 * https://github.com/systemd/systemd/issues/6121 * MariaDB 10.1+ includes *PrivateDevices=true* in its systemd unit files to add extra security around mount namespaces for MariaDB. While this is useful when running MariaDB on a bare metal host with other services, it is less useful when MariaDB is already in a container with its own namespaces. In addition, LXC 2.0.8 presents */dev/ptmx* as a bind mount within the container and systemd 219 (on CentOS 7) cannot make an additional bind mount of */dev/ptmx* when *PrivateDevices* is enabled. Deployers can *galera_disable_privatedevices* to *yes* to set *PrivateDevices=false* in the systemd unit file for MariaDB on CentOS 7. The default is *no*, which keeps the default systemd unit file settings from the MariaDB package. For additional information, refer to the following bugs: * https://bugs.launchpad.net/openstack-ansible/+bug/1697531 * https://github.com/lxc/lxc/issues/1623 * https://github.com/systemd/systemd/issues/6121 Upgrade Notes ************* * Changing to the ESL repos has no upgrade impact. The version of erlang provided by ESL is newer than that what is found in the distro repos. Furthermore, a pin has been added to ensure that APT always uses the ESL repos as it's preferred source which has been done to simply ensure APT is always pointed at ESL. * The entire repo build process is now idempotent. From now on when the repo build is re-run, it will only fetch updated git repositories and rebuild the wheels/venvs if the requirements have changed, or a new release is being deployed. * The git clone part of the repo build process now only happens when the requirements change. A git reclone can be forced by using the boolean variable "repo_build_git_reclone". * The python wheel build process now only happens when requirements change. A wheel rebuild may be forced by using the boolean variable "repo_build_wheel_rebuild". * The python venv build process now only happens when requirements change. A venv rebuild may be forced by using the boolean variable "repo_build_venv_rebuild". * The repo build process now only has the following tags, providing a clear path for each deliverable. The tag "repo-build-install" completes the installation of required packages. The tag "repo- build-wheels" completes the wheel build process. The tag "repo- build-venvs" completes the venv build process. Finally, the tag "repo-build-index" completes the manifest preparation and indexing of the os-releases and links folders. Bug Fixes ********* * Based on documentation from RabbitMQ [ https://www.rabbitmq.com /which-erlang.html ] this change ensures the version of erlang we're using across distros is consistent and supported by RabbitMQ. Changes in openstack-ansible 15.1.6..15.1.7 ------------------------------------------- aab48ca Fix variable names in sripts-library.sh ada6672 Make master repos contain all distros 23c6942 SHA Bump for Nova role to include include_role fixes 0fb164d Restart nova-placement service only when necessary fd4b58e Updated from global requirements 08b32b2 Fix a typo 7f28511 Revert "Update setuptools to 36.2.0" d9f8e54 SHA Bump repo_server to fix CentOS caching cfc62b0 Reduce ansible bootstrap packages 11f94c5 Bump Ansible version to include include_role fix 6c6be4a Correctly map nova git sources 4b24177 update package locations path in repo-build play 63c4c22 Only gather facts when necessary fecdfb1 Idempotent nova db privilege grants 93fd760 Add missing group_vars for glance 534d0b1 Restart glance services only when necessary fb3c74d Update keystone role SHA for db sync fix 504da78 Remove ceph_client role execution from playbooks 9689aaf Tidy up keystone need_db_sync fact 31a9cee Implement rolling upgrades for nova 311daab Set PrivateDevices=false for CentOS7 Ceph deploys 4079911 Update role requirements for rolling upgrades e9e6462 Change the variable name play_hosts to ansible_play_hosts b55635b SHA Bump nova role to fix CentOS7 issues 70cae9b Implement rolling upgrades for glance 1594bca Add Swift3 middleware to openstack_services fa20f6b Update all SHAs for 15.1.7 bf0c57c Update Calico repo build information 0891e2a Consolidate final two keystone plays Diffstat (except docs and test files) ------------------------------------- ansible-role-requirements.yml | 34 +-- deploy-guide/source/overview-requirements.rst | 2 +- playbooks/ceph-install.yml | 19 ++ playbooks/common-playbooks/cinder.yml | 9 - playbooks/common-playbooks/glance.yml | 89 ++++++ playbooks/common-playbooks/nova.yml | 157 ++++++++++ playbooks/common-tasks/restart-service.yml | 2 +- playbooks/defaults/repo_packages/gnocchi.yml | 4 +- playbooks/defaults/repo_packages/nova_consoles.yml | 2 +- .../defaults/repo_packages/openstack_services.yml | 73 ++--- playbooks/defaults/repo_packages/projectcalico.yml | 22 -- playbooks/inventory/group_vars/all.yml | 16 +- playbooks/inventory/group_vars/cinder_all.yml | 4 +- playbooks/inventory/group_vars/cinder_volume.yml | 5 + playbooks/inventory/group_vars/glance_all.yml | 10 + playbooks/inventory/group_vars/nova_all.yml | 15 + playbooks/inventory/host_vars/localhost.yml | 4 + playbooks/os-cinder-install.yml | 3 +- playbooks/os-glance-install.yml | 175 ++++++++---- playbooks/os-keystone-install.yml | 21 +- playbooks/os-neutron-install.yml | 2 +- playbooks/os-nova-install.yml | 318 +++++++++++++-------- playbooks/repo-build.yml | 9 +- .../templates/crontab.j2 | 10 +- playbooks/vars/configs/keepalived_haproxy.yml | 12 +- .../notes/add-swift3-support-a3f1a5d866fd8883.yaml | 5 + ...tos-private-devices-issue-0088e6f8c70a601f.yaml | 21 ++ ...tos-private-devices-issue-99aab9a30b1f8014.yaml | 21 ++ .../cinder-data-migrations-ce31707c078b335c.yaml | 9 + releasenotes/notes/esl-repo-6ff0c7f24ad2a043.yaml | 25 ++ .../notes/heatstack_password-25956b6143577735.yaml | 5 + .../idempotent-wheel-build-4c527045bec09fd5.yaml | 22 ++ .../nova-rolling-upgrades-5a3927330c6be5fd.yaml | 7 + requirements.txt | 2 +- scripts/bootstrap-ansible.sh | 44 +-- scripts/scripts-library.sh | 22 +- .../templates/user_variables.aio.yml.j2 | 6 + tox.ini | 2 +- 38 files changed, 851 insertions(+), 357 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index ef3c3d9..c6fb0f1 100644 --- a/requirements.txt +++ b/requirements.txt @@ -5 +5 @@ pip>=7.1.0 # MIT -setuptools!=24.0.0,!=34.0.0,!=34.0.1,!=34.0.2,!=34.0.3,!=34.1.0,!=34.1.1,!=34.2.0,!=34.3.0,!=34.3.1,!=34.3.2,>=16.0 # PSF/ZPL +setuptools!=24.0.0,!=34.0.0,!=34.0.1,!=34.0.2,!=34.0.3,!=34.1.0,!=34.1.1,!=34.2.0,!=34.3.0,!=34.3.1,!=34.3.2,!=36.2.0,>=16.0 # PSF/ZPL