We are psyched to announce the release of: kolla-ansible 13.1.0: Ansible Deployment of Kolla containers This release is part of the xena stable release series. The source is available from: https://opendev.org/openstack/kolla-ansible Download the package from: https://tarballs.openstack.org/kolla-ansible/ Please report issues through: https://bugs.launchpad.net/kolla-ansible/+bugs For more details, please see below. 13.1.0 ^^^^^^ New Features ************ * Deploys and configures a prometheus-libvirt-exporter image as part of the Prometheus monitoring stack. * Adds a "tls_connect" module to the Prometheus blackbox exporter. This can be used to test connectivity of TLS servers. * New switches added to control deployment of the Masakari monitors. The deployment of each type of monitors can be controlled individually via "enable_masakari_instancemonitor" and "enable_masakari_hostmonitor". By default, both are set to "true" when the deployment of the Masakari is enabled via "enable_masakari". * Implements container healthchecks for ironic-neutron-agent service. See blueprint * Adds support for libvirt SASL authentication. It is enabled by default. LP#1964013 * Adds support for Rocky Linux 8 as Host OS. Known Issues ************ * Existing fluentd log rotation failed to delete old haproxy, swift, glance-tls-proxy and neutron-tls-proxy logs. These will not be deleted by the new logrotate config and will have to be removed manually. Upgrade Notes ************* * RabbitMQ's Prometheus plugin is no longer enabled by default if Prometheus is not deployed. If external Prometheus is used, you need to turn on "rabbitmq_enable_prometheus_plugin" to get old behaviour. * The addition of libvirt SASL authentication requires a new password in "passwords.yml", "libvirt_sasl_password". This may be generated using the existing "kolla-genpwd" and "kolla-mergepwd" tooling. * The addition of libvirt SASL authentication requires both the "nova_libvirt" and "nova_compute" containers to be updated simultaneously, using new images with the necessary Cyrus SASL dependencies, as well as configuration containing the SASL credentials. * It is no longer possible to override the removal of the Monasca Log Metrics service and it will be removed automatically if it hasn't already been removed in the Wallaby release. It is up to the operator to remove any associated docker volumes. * update the default value of node_custom_config to {{ node_config }}/config, when specified using --configdir Security Issues *************** * Explicitly removes the "net.ipv4.ip_forward" sysctl from "/etc/sysctl.conf" on hosts with Neutron L3 Agent. In the absence of another source for this sysctl, it should revert to the default of 0 after the next reboot. This is a follow up to a previous change which stopped setting the sysctl, but leaves existing systems with the original value of 1 set. A deployer looking to more aggressively change the value may set "neutron_l3_agent_host_ipv4_ip_forward" to 0 using a Yoga release of Kolla Ansible. This option will be removed in future. Any deployments still relying on the previous value may set "neutron_l3_agent_host_ipv4_ip_forward" to 1. LP#1945453 * Fixes an issue where the default configuration of libvirt did not use authentication for the API exposed over TCP on the internal API network. This allowed anyone with access to the internal API network read-write access to libvirt. While the internal API network is typically trusted, other services on this network generally at least require authentication. SASL authentication is now enabled for libvirt by default. Kolla Ansible supports libvirt TLS since the Train release, and this is recommended to provide a higher level of security. LP#1964013 Bug Fixes ********* * Fixes an issue with an OIDC authentication flow requiring unnecessary action from the user. Redirecting to the target IdP page now happens automatically. LP#930055 * Removes custom value of "max_allowed_secret_in_bytes" in "barbican.conf". The default maximum size in Barbican was doubled to avoid issues with some certificates. LP #1957795 * Fixes deploy Zun with Cinder Ceph support. Adds support for zun to access cinder volumes when external ceph is configured for cinder. LP#1848934 * Fixed the deployment failure of outward_rabbitmq by resolving port conflicts by customizing RabbitMQ's "prometheus.tcp.port". LP #1885106 * Use Volume V3 API in OpenStack exporter. Volume V2 API has been removed since OpenStack Wallaby. LP#1938194 * Fixes the copy job for grafana custom home dashboard file. The copy job for the grafana home dashboard file needs to run priviliged, otherwise permission denied error occurs. LP#[1947710] * Fixes Octavia's "Connection refused" errors by adding "ovn_sb_connection" to "octavia.conf". LP#195011 * Ironic API and Ironic Inspector API use separate policy files. Ironic role was updated to be able to handle both policies separately. LP#1952948 * Continue to run all actions if one action failed in Elasticsearch curator. LP#1954720 * Fixes Placement no logrotate configuration LP#1954723 * Fixes Nova resize failing when "migration_interface" is customised. LP#1956976 * Fixes unable to connect to zun console when "kolla_enable_tls_external" is true. Access to console of any zun container fails when "kolla_enable_tls_external" is true. This fix sets the protocol for wsproxy "base_url" in "zun.conf" according to the value of "kolla_enable_tls_external" LP#1957117 * Fixes "Register Identity Providers in OpenStack" task which was missing an *=* in the openstack command causing the task to fail to register an IDP with Keystone. LP#1959022 * Fixes Glance with Cinder iSCSI backend failing due to lack of lock_path setting. LP#1959663 * Fixes logrotate config missing for openvswitch and prometheus services. LP#1961795 * Fixes an issue with Ironic's PXE components not getting updated on upgrade. LP#1963752 * Fixes configuration of the Prometheus HTTP API URL when using the Prometheus collector in CloudKitty. LP#1961615 * Fixes an issue with Prometheus scraping when targets' Ansible inventory hostnames ("inventory_hostname") do not resolve to reachable IP addresses. Reverts to the previous behaviour of using IP addresses to communicate with targets. The side effect of this is that targets instances will again be labelled using IP addresses rather than hostnames. LP#1955563 * Fix the apache's wsgi configuration for the aodh service in Debuntu binary flavours. LP#1953059 * Fixes the baremetal role to avoid an error "Unable to remove "libvirtd". Now the symlink /etc/apparmor.d/disable/usr.sbin.libvirtd is created by the role. LP#1960302 * Existing fluentd log rotation failed to delete old haproxy, swift, glance-tls-proxy and neutron-tls-proxy logs. Standardise rotation and deletion of logs using logrotate. * Fixes an issue with setting up OIDC based Keystone federation against IDP that has a different response type than id_token. This can now be set using a new variable "keystone_federation_oidc_response_type". LP#1959781 * adds back the option to configure the rabbitmq clustering interface via kolla *LP#1900160 <https://bugs.launchpad.net/kolla- ansible/+bug/1900160>* * Fixes an issue seen when using Jinja2 3.1.0. * Fixes an issue with Masakari instance monitor when libvirt SASL is enabled. libvirt SASL was enabled by default in a recent change to Kolla Ansible. LP#1965754 * Fixes the configuration option setting the type of endpoint used by Neutron to send requests to Placement. LP#1960503 * Fixes a configuration issue with Node Exporter causing all file system metrics of a host to be identical. LP#1961438 * Fixes an issue where a failure of any Nova compute service to register itself would cause only the host querying the nova API to fail. Now, only hosts that fail to register will fail the Kolla Ansible run. Alternatively, to fail all hosts in a cell when any compute service fails to register, set "nova_compute_registration_fatal" to "true". LP#1940119 * The prometheus openstack exporters are now behind haproxy, providing a unique time series in the prometheus database. Also ensures that only one exporter queries the openstack APIs at any given time interval. With the previous behavior each openstack exporter was scraped at the same time. This caused each exporter to query the openstack APIs simultaneously introducing unneccesary load and duplicate time series in the prometheus database due to the instance label being unique for each exporter. LP#1972818 * Fixes an issue where RabbitMQ was configured to mirror classic transient queues for all services. According to the RabbitMQ documentation this is not a supported configuration, and contributed to numerous bug reports. In order to avoid making unexpected changes to the RabbitMQ cluster, it is necessary to set "rabbitmq_remove_ha_all_policy" to "yes" in order to apply this fix. This variable will be removed in the Yoga release. LP#1954925 * Fixes an issue with Cinder upgrade where Cinder services would remain pinned to the previous release's RPC & object versions. LP#1954932 Changes in kolla-ansible 13.0.1..13.1.0 --------------------------------------- d988c5991 Control Masakari monitors deploy 6a0b1bd42 Make redis connection string configurable 2e5e1b554 [CI] Nullify attempts 704da0b9c talk TLS to openstack exporter via haproxy 87a217fc9 genpwd: handle lack of password file nicer 8a0acd0a2 Use 'cloudkitty_influxdb_use_ssl' when creatign InfluxDB database 5a613d64c masakari: support libvirt SASL in instance monitor fff725d18 [CI] Restore token critical error filter 7525f1e08 Grafana: Run priviliged when copying home dashboard file 5d0686731 Put openstack exporter behind HAproxy so only one is queried at a time ce94b4dde [CI] Raise [keystone_authtoken]http_request_max_retries 91fd18b2b [CI] Always use quay.io via infra's mirror 14ce30530 nova: improve compute service registration failure handling d1b7814c7 nova: use any_errors_fatal for once-per-cell tasks 6e982e076 [CI] Make kolla-build quiet 18d7859bd added missing become in ovs-dpdk role 6abe02571 re-add rabbitmq config for clustering interface 4c1c44d42 Use jinja2.pass_context instead of contextfilter 50100fb2b designate: fix external backend deployment 9cfb4ebf8 Ironic: rebootstrap ironic-pxe on upgrade fb3aa1bf0 Fix prometheus fix 425ead579 Allow removal of classic queue mirroring for internal RabbitMQ 60c80ffac cinder: restart services after upgrade fc13c40f5 Add Rocky Linux support as Host OS dfdbddffa Fix failure in deployment with missing group 7259672ef Add support for deploying Prometheus libvirt exporter d7092dca8 CI: pin ansible-lint to <6 daef31a42 libvirt: support SASL authentication 800f08e61 Fix prechecks for "Ironic iPXE" container f5dcd8d5b Explicitly unset net.ipv4.ip_forward sysctl 4a1a70469 [CI] Use Tenks in Ironic job 6a1f4a782 [CI] Test Ironic when touching Neutron 71af20c15 [CI] Test Ironic on Debian e1cab1604 Fix hard coded OIDC response type 7ef67c88c Remove grafana [session] configuration 98a462cd5 Add openvswitch and prometheus to logrotate 0c55b6521 CI: Bump Ceph to Pacific e51c21ed2 Fix location of release note for ironic-neutron-agent healthcheck c91e85cf2 cloudkitty: fix URL used for Prometheus collector b4f68a991 Configure node-exporter to report correct file system metrics b7470787f Fix fluentd v1 buffer syntax issue d661dab49 Refactor fluentd syslog logging 859efbaf3 CI: Fix new ansible-lint failures 47ac706d2 neutron: fix placement endpoint type configuration ae8900855 Fix Apparmor libvirt profile removal 79ed0470c [CI] Check fluentd errors a763f586b Fix log rotation for fluentd created files 905dc7fae Glance: add lock_path setting f70008b35 [CI] Replace parted with lsblk 920089c9f Deploy Zun with Cinder Ceph support 827656dbb Add OIDCDiscoverURL mod_oidc option e1423e9b6 prometheus: add tls_connect blackbox module 6562c6d8e Fix usage of Subject Alternative Name for TLS a9edcd3e8 update the default value of node_custom_config 464877f01 Fix bad openstack command while registering IDP e15b35e81 Revert "Use friendly target names in Prometheus" e891bfdf2 Use Docker healthchecks for ironic-neutron-agent services 0354b39b1 Make nova_ssh listen on api_interface as well 51fff9cf9 Continue to run all actions if one action failed in curator 107636766 Revert "[CI] [to-revert] Avoid upgrades on CentOS Stream 8" c80d2068e Remove custom value of max_allowed_secret_in_bytes dc8853a9a Fix permission denied errors with ping on c8s 1b6bd8d33 [CI] [to-revert] Avoid upgrades on CentOS Stream 8 72be14b3f Add logrotate to libvirt service f36a00a97 Access to zun container fails when tls_external enabled. 58775d20a OpenID Connect certifiate file is optional e2ba1bb39 Add logrotate configuration for placement service 1f5bf1f00 rabbitmq: enable/disable prometheus plugin follow up cf8dbd6d0 Support enable/disable rabbitmq prometheus plugins 681bcc59e CI: check-logs - add another exception 75fd5c894 Use Volume V3 API in OpenStack exporter a5e0e986b docs: adjust to current defaults 6c695564b Move project_name and kolla_role_name to role vars a4376cd74 [CI] Drop unused nodeset 54718a90f horizon: move horizon_enable_tls_backend to group_vars f00e54be7 Add ovn_sb_connection to octavia.conf 837a2fd4a Add ironic-inspector policy configuration 89353bd31 Remove Monasca Log Metrics service 3ee71d248 Fix aodh wsgi config file in Debuntu binary Diffstat (except docs and test files) ------------------------------------- .ansible-lint | 6 + ansible/group_vars/all.yml | 20 +- ansible/inventory/all-in-one | 3 + ansible/inventory/multinode | 3 + ansible/nova.yml | 4 + ansible/roles/aodh/defaults/main.yml | 2 - ansible/roles/aodh/templates/wsgi-aodh.conf.j2 | 4 - ansible/roles/aodh/vars/main.yml | 2 + ansible/roles/barbican/defaults/main.yml | 2 - ansible/roles/barbican/templates/barbican.conf.j2 | 1 - ansible/roles/barbican/vars/main.yml | 2 + ansible/roles/baremetal/defaults/main.yml | 21 +- .../roles/baremetal/tasks/bootstrap-servers.yml | 5 + .../baremetal/tasks/configure-ceph-for-zun.yml | 55 ++++++ ansible/roles/baremetal/tasks/install.yml | 2 +- ansible/roles/baremetal/tasks/post-install.yml | 6 +- ansible/roles/baremetal/tasks/pre-install.yml | 9 + ansible/roles/bifrost/defaults/main.yml | 2 - ansible/roles/bifrost/vars/main.yml | 2 + ansible/roles/blazar/defaults/main.yml | 2 - ansible/roles/blazar/vars/main.yml | 2 + ansible/roles/ceilometer/defaults/main.yml | 2 - ansible/roles/ceilometer/vars/main.yml | 2 + ansible/roles/ceph-rgw/defaults/main.yml | 2 - ansible/roles/ceph-rgw/vars/main.yml | 2 + .../roles/certificates/tasks/generate-backend.yml | 2 + ansible/roles/certificates/tasks/generate.yml | 4 + .../templates/openssl-kolla-internal.cnf.j2 | 4 +- .../certificates/templates/openssl-kolla.cnf.j2 | 4 +- ansible/roles/cinder/defaults/main.yml | 11 +- ansible/roles/cinder/handlers/main.yml | 20 ++ ansible/roles/cinder/tasks/reload.yml | 10 + ansible/roles/cinder/tasks/upgrade.yml | 2 + ansible/roles/cinder/vars/main.yml | 2 + ansible/roles/cloudkitty/defaults/main.yml | 6 +- ansible/roles/cloudkitty/tasks/bootstrap.yml | 1 + ansible/roles/cloudkitty/vars/main.yml | 2 + ansible/roles/collectd/defaults/main.yml | 2 - ansible/roles/collectd/vars/main.yml | 2 + ansible/roles/common/defaults/main.yml | 26 ++- ansible/roles/common/tasks/config.yml | 7 +- .../conf/filter/00-record_transformer.conf.j2 | 27 +-- .../common/templates/conf/output/00-local.conf.j2 | 217 ++------------------- .../common/templates/conf/output/01-es.conf.j2 | 6 +- .../templates/conf/output/02-monasca.conf.j2 | 4 +- .../templates/cron-logrotate-haproxy.conf.j2 | 2 +- .../templates/cron-logrotate-nova-libvirt.conf.j2 | 3 + .../templates/cron-logrotate-openvswitch.conf.j2 | 3 + .../templates/cron-logrotate-placement.conf.j2 | 3 + .../templates/cron-logrotate-prometheus.conf.j2 | 3 + ansible/roles/common/templates/fluentd.json.j2 | 27 +-- ansible/roles/common/vars/main.yml | 2 + ansible/roles/cyborg/defaults/main.yml | 2 - ansible/roles/cyborg/vars/main.yml | 2 + ansible/roles/designate/defaults/main.yml | 2 - ansible/roles/designate/tasks/backend_external.yml | 2 + ansible/roles/designate/vars/main.yml | 2 + ansible/roles/elasticsearch/defaults/main.yml | 2 - .../templates/elasticsearch-curator-actions.yml.j2 | 14 +- ansible/roles/elasticsearch/vars/main.yml | 2 + ansible/roles/etcd/defaults/main.yml | 2 - ansible/roles/etcd/vars/main.yml | 2 + ansible/roles/freezer/defaults/main.yml | 2 - ansible/roles/freezer/vars/main.yml | 2 + ansible/roles/glance/defaults/main.yml | 2 - ansible/roles/glance/templates/glance-api.conf.j2 | 3 + ansible/roles/glance/vars/main.yml | 2 + ansible/roles/gnocchi/defaults/main.yml | 2 - ansible/roles/gnocchi/vars/main.yml | 2 + ansible/roles/grafana/defaults/main.yml | 2 - ansible/roles/grafana/tasks/config.yml | 1 + ansible/roles/grafana/templates/grafana.ini.j2 | 8 - ansible/roles/grafana/vars/main.yml | 2 + ansible/roles/hacluster/defaults/main.yml | 2 - ansible/roles/hacluster/vars/main.yml | 2 + ansible/roles/haproxy-config/defaults/main.yml | 2 - ansible/roles/haproxy-config/vars/main.yml | 2 + ansible/roles/heat/defaults/main.yml | 2 - ansible/roles/heat/vars/main.yml | 2 + ansible/roles/horizon/defaults/main.yml | 7 - ansible/roles/horizon/vars/main.yml | 2 + ansible/roles/influxdb/defaults/main.yml | 2 - ansible/roles/influxdb/vars/main.yml | 2 + ansible/roles/ironic/defaults/main.yml | 2 - ansible/roles/ironic/tasks/bootstrap.yml | 19 -- ansible/roles/ironic/tasks/bootstrap_service.yml | 19 ++ ansible/roles/ironic/tasks/config.yml | 42 +++- ansible/roles/ironic/tasks/precheck.yml | 1 - .../ironic/templates/ironic-inspector.json.j2 | 8 +- ansible/roles/ironic/vars/main.yml | 2 + ansible/roles/iscsi/defaults/main.yml | 2 - ansible/roles/iscsi/vars/main.yml | 2 + ansible/roles/kafka/defaults/main.yml | 2 - ansible/roles/kafka/vars/main.yml | 2 + ansible/roles/keystone/defaults/main.yml | 3 +- .../keystone/tasks/config-federation-oidc.yml | 1 + .../keystone/tasks/register_identity_providers.yml | 2 +- .../roles/keystone/templates/wsgi-keystone.conf.j2 | 3 +- ansible/roles/keystone/vars/main.yml | 2 + ansible/roles/kibana/defaults/main.yml | 2 - ansible/roles/kibana/vars/main.yml | 2 + ansible/roles/kuryr/defaults/main.yml | 1 - ansible/roles/kuryr/vars/main.yml | 2 + ansible/roles/loadbalancer/defaults/main.yml | 2 - ansible/roles/loadbalancer/vars/main.yml | 2 + ansible/roles/magnum/defaults/main.yml | 2 - ansible/roles/magnum/vars/main.yml | 2 + ansible/roles/manila/defaults/main.yml | 2 - ansible/roles/manila/vars/main.yml | 2 + ansible/roles/mariadb/defaults/main.yml | 2 - ansible/roles/mariadb/vars/main.yml | 2 + ansible/roles/masakari/defaults/main.yml | 17 +- ansible/roles/masakari/tasks/config.yml | 18 ++ ansible/roles/masakari/templates/auth.conf.j2 | 6 + .../templates/masakari-instancemonitor.json.j2 | 8 +- ansible/roles/masakari/vars/main.yml | 2 + ansible/roles/memcached/defaults/main.yml | 2 - ansible/roles/memcached/vars/main.yml | 2 + ansible/roles/mistral/defaults/main.yml | 2 - ansible/roles/mistral/vars/main.yml | 2 + ansible/roles/monasca/defaults/main.yml | 10 +- ansible/roles/monasca/handlers/main.yml | 15 -- ansible/roles/monasca/tasks/config.yml | 18 -- .../monasca-log-metrics/log-metrics.conf.j2 | 75 ------- .../monasca-log-metrics.json.j2 | 18 -- ansible/roles/monasca/vars/main.yml | 2 + ansible/roles/multipathd/defaults/main.yml | 2 - ansible/roles/multipathd/vars/main.yml | 2 + ansible/roles/murano/defaults/main.yml | 2 - ansible/roles/murano/vars/main.yml | 2 + ansible/roles/neutron/defaults/main.yml | 17 +- ansible/roles/neutron/tasks/config-host.yml | 2 + ansible/roles/neutron/templates/neutron.conf.j2 | 2 +- ansible/roles/neutron/vars/main.yml | 2 + ansible/roles/nova-cell/defaults/main.yml | 20 +- ansible/roles/nova-cell/handlers/main.yml | 15 ++ ansible/roles/nova-cell/tasks/config.yml | 20 ++ ansible/roles/nova-cell/tasks/deploy.yml | 3 +- .../roles/nova-cell/tasks/discover_computes.yml | 88 ++------- ansible/roles/nova-cell/tasks/precheck.yml | 17 +- .../nova-cell/tasks/wait_discover_computes.yml | 88 +++++++++ ansible/roles/nova-cell/templates/auth.conf.j2 | 6 + ansible/roles/nova-cell/templates/libvirtd.conf.j2 | 3 +- .../roles/nova-cell/templates/nova-compute.json.j2 | 8 +- .../roles/nova-cell/templates/nova-libvirt.json.j2 | 12 ++ ansible/roles/nova-cell/templates/sasl.conf.j2 | 2 + ansible/roles/nova-cell/templates/sshd_config.j2 | 3 + ansible/roles/nova-cell/vars/main.yml | 6 + ansible/roles/nova/defaults/main.yml | 2 - ansible/roles/nova/vars/main.yml | 2 + ansible/roles/octavia/defaults/main.yml | 2 - ansible/roles/octavia/templates/octavia.conf.j2 | 1 + ansible/roles/octavia/vars/main.yml | 2 + ansible/roles/openvswitch/defaults/main.yml | 2 - ansible/roles/openvswitch/vars/main.yml | 2 + ansible/roles/ovn/defaults/main.yml | 2 - ansible/roles/ovn/vars/main.yml | 2 + ansible/roles/ovs-dpdk/defaults/main.yml | 1 - ansible/roles/ovs-dpdk/tasks/config.yml | 2 + ansible/roles/ovs-dpdk/vars/main.yml | 2 + ansible/roles/placement/defaults/main.yml | 2 - ansible/roles/placement/vars/main.yml | 2 + ansible/roles/prechecks/vars/main.yml | 2 + ansible/roles/prometheus/defaults/main.yml | 29 ++- ansible/roles/prometheus/handlers/main.yml | 15 ++ .../roles/prometheus/tasks/check-containers.yml | 2 +- ansible/roles/prometheus/tasks/config.yml | 4 +- ansible/roles/prometheus/tasks/precheck.yml | 15 ++ ansible/roles/prometheus/templates/clouds.yml.j2 | 1 + .../templates/prometheus-blackbox-exporter.yml.j2 | 4 + .../templates/prometheus-libvirt-exporter.json.j2 | 4 + .../templates/prometheus-node-exporter.json.j2 | 2 +- .../roles/prometheus/templates/prometheus.yml.j2 | 88 +++------ ansible/roles/prometheus/vars/main.yml | 2 + ansible/roles/qdrouterd/defaults/main.yml | 2 - ansible/roles/qdrouterd/vars/main.yml | 2 + ansible/roles/rabbitmq/defaults/main.yml | 16 +- ansible/roles/rabbitmq/tasks/config.yml | 36 ++++ ansible/roles/rabbitmq/tasks/deploy.yml | 3 + .../roles/rabbitmq/tasks/remove-ha-all-policy.yml | 29 +++ ansible/roles/rabbitmq/tasks/upgrade.yml | 3 + .../roles/rabbitmq/templates/advanced.config.j2 | 7 + .../roles/rabbitmq/templates/definitions.json.j2 | 4 + .../roles/rabbitmq/templates/enabled_plugins.j2 | 1 + ansible/roles/rabbitmq/templates/rabbitmq.conf.j2 | 5 + ansible/roles/rabbitmq/templates/rabbitmq.json.j2 | 12 ++ ansible/roles/rabbitmq/vars/main.yml | 2 + ansible/roles/redis/defaults/main.yml | 2 - ansible/roles/redis/vars/main.yml | 2 + ansible/roles/sahara/defaults/main.yml | 2 - ansible/roles/sahara/vars/main.yml | 2 + ansible/roles/senlin/defaults/main.yml | 2 - ansible/roles/senlin/vars/main.yml | 2 + ansible/roles/skydive/defaults/main.yml | 2 - ansible/roles/skydive/vars/main.yml | 2 + ansible/roles/solum/defaults/main.yml | 2 - ansible/roles/solum/vars/main.yml | 2 + ansible/roles/storm/defaults/main.yml | 2 - ansible/roles/storm/vars/main.yml | 2 + ansible/roles/swift/defaults/main.yml | 2 - ansible/roles/swift/vars/main.yml | 2 + ansible/roles/tacker/defaults/main.yml | 2 - ansible/roles/tacker/vars/main.yml | 2 + ansible/roles/telegraf/defaults/main.yml | 2 - ansible/roles/telegraf/vars/main.yml | 2 + ansible/roles/trove/defaults/main.yml | 2 - ansible/roles/trove/vars/main.yml | 2 + ansible/roles/vitrage/defaults/main.yml | 2 - ansible/roles/vitrage/vars/main.yml | 2 + ansible/roles/vmtp/defaults/main.yml | 2 - ansible/roles/vmtp/vars/main.yml | 2 + ansible/roles/watcher/defaults/main.yml | 2 - ansible/roles/watcher/vars/main.yml | 2 + ansible/roles/zookeeper/defaults/main.yml | 2 - ansible/roles/zookeeper/vars/main.yml | 2 + ansible/roles/zun/defaults/main.yml | 3 +- ansible/roles/zun/tasks/config.yml | 5 + ansible/roles/zun/tasks/external_ceph.yml | 27 +++ ansible/roles/zun/templates/zun-compute.json.j2 | 20 +- ansible/roles/zun/templates/zun.conf.j2 | 2 +- ansible/roles/zun/vars/main.yml | 2 + ansible/site.yml | 3 + .../reference/shared-services/keystone-guide.rst | 4 +- .../reference/storage/external-ceph-guide.rst | 27 +++ etc/kolla/globals.yml | 3 +- etc/kolla/passwords.yml | 5 + kolla_ansible/cmd/genpwd.py | 8 +- kolla_ansible/filters.py | 8 +- kolla_ansible/kolla_address.py | 4 +- kolla_ansible/put_address_in_context.py | 21 +- .../add-oidc-discover-url-83edb9f43f73a97f.yaml | 7 + ...ometheus-libvirt-exporter-b05a3a9c08db517c.yaml | 5 + ...n-max-allowed-secret-size-1941307ab5d2a9fd.yaml | 7 + .../blackbox-tls-connect-517cd8ebdf87f16e.yaml | 5 + .../notes/bug-1848934-878a08b490856a53.yaml | 7 + .../notes/bug-1885106-2347d7458a8f9cb0.yaml | 13 ++ .../notes/bug-1938194-80dba28f9cdd434c.yaml | 6 + .../notes/bug-1945453-2-287bfcaf060689d8.yaml | 16 ++ .../notes/bug-1947710-6d0975ae72f43ada.yaml | 7 + .../notes/bug-1950111-8e477fb6a5b58822.yaml | 6 + .../notes/bug-1952948-003aabe18144f569.yaml | 6 + .../notes/bug-1954720-4fc48610a56f3e98.yaml | 6 + .../notes/bug-1954723-2d49335022492891.yaml | 5 + .../notes/bug-1956976-8a2623ca1fbfd546.yaml | 5 + .../notes/bug-1957117-7832104d66a91da7.yaml | 11 ++ .../notes/bug-1959022-e3bb9448414b4ebe.yaml | 7 + .../notes/bug-1959663-afda889b9aa4c63f.yaml | 6 + .../notes/bug-1961795-16fb2ac27152fc03.yaml | 6 + .../notes/bug-1963752-ee12e15c17c24bb0.yaml | 6 + ...cloudkitty-prometheus-url-ee14bc486e810631.yaml | 6 + ...control-masakari-monitors-1107c10c45678b0a.yaml | 8 + .../notes/fix-1955563-42a14bb080e15df2.yaml | 9 + .../fix-aodh-wsgi-config-7679adda584e33bb.yaml | 6 + ...r-libvirt-profile-removal-01db6ca6dd66879f.yaml | 7 + .../fix-haproxy-logrotate-e299a0000728fd8f.yaml | 12 ++ ...x-hardcoded-oidc-response-fc0f115f0b56cddf.yaml | 7 + .../fix-openstack-exporter-tls-bug-1975598.yml | 8 + ...q-interface-configuration-b39c954fb8763d9c.yaml | 6 + ...-for-ironic-neutron-agent-61ec4d0d237da075.yaml | 6 + .../jinja2-pass-context-2afc328ade8c407b.yaml | 4 + .../notes/libvirt-sasl-404199143610fb75.yaml | 27 +++ .../masakari-libvirt-sasl-f368c31c0b5567b6.yaml | 6 + ...n-placement-endpoint-type-90073ba5ecc9e663.yaml | 6 + ...porter-filesystem-metrics-d3ae7b0a892d2957.yaml | 6 + .../nova-discover-hosts-0353e9274f22195c.yaml | 9 + .../openstack-exporter-hammering-os-apis.yaml | 14 ++ ...emove-monasca-log-metrics-02a81671f864d1a9.yaml | 7 + ...ue-mirroring-for-rabbitmq-d54b9e7e25e57a88.yaml | 10 + .../notes/support-rockylinux-ad6d48db054ead2b.yaml | 4 + .../notes/unpin-cinder-rpcs-8eb7e0858a91b9b8.yaml | 6 + ...update-node-custom-config-7b378b25ce22779f.yaml | 5 + requirements.txt | 2 +- roles/cephadm/defaults/main.yml | 7 +- roles/cephadm/tasks/main.yml | 9 + roles/cephadm/templates/cephadm.yml.j2 | 6 +- roles/multi-node-managed-addressing/tasks/main.yml | 1 + test-requirements.txt | 2 +- zuul.d/base.yaml | 12 +- zuul.d/jobs.yaml | 20 ++ zuul.d/nodesets.yaml | 44 +---- zuul.d/project.yaml | 2 + 297 files changed, 1750 insertions(+), 967 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index e85f7744c..59147c1bd 100644 --- a/requirements.txt +++ b/requirements.txt @@ -14 +14 @@ oslo.utils>=3.33.0 # Apache-2.0 -Jinja2>=2.10 # BSD License (3 clause) +Jinja2>=3 # BSD License (3 clause) diff --git a/test-requirements.txt b/test-requirements.txt index ef84c6b8a..55a39db11 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -2 +2 @@ -ansible-lint>=4.2.0,!=4.3.0 # MIT +ansible-lint>=4.2.0,!=4.3.0,<6.0.0 # MIT