[release-announce] kolla-ansible 9.1.0 (train)

We are overjoyed to announce the release of:

kolla-ansible 9.1.0: Ansible Deployment of Kolla containers

This release is part of the train stable release series.

The source is available from:

https://opendev.org/openstack/kolla-ansible

Download the package from:

https://tarballs.openstack.org/kolla-ansible/

Please report issues through:

https://bugs.launchpad.net/kolla-ansible/+bugs

For more details, please see below.

9.1.0 ^^^^^

New Features ************

* Adds support for CentOS 8 as a host Operating System and base container image. This is the only major version of CentOS supported from the Ussuri release. The Train release supports both CentOS 7 and 8 hosts, and provides a route for migration.

* Add Object Storage service (Swift) support for Ironic.

* Adds a new variable, "openstack_tag", which is used as the default Docker image tag in place of "openstack_release". The default value is "openstack_release", with a suffix set via "openstack_tag_suffix". The suffix is empty except on CentOS 8 where it is set to "-centos8". This allows for the availability of images based on CentOS 7 and 8.

Upgrade Notes *************

* Some images are supported by CentOS 7 but lack suitable packages in CentOS 8, and are not supported for CentOS 8. See Kolla release notes for details.

* Adds a "rabbitmq_use_3_7_24_on_centos7" flag which can be set to "true" to deploy the "rabbitmq-3.7.24" image on CentOS 7. The image should be deployed via "kolla-ansible upgrade", and can be used to provide a RabbitMQ cluster that is compatible with the CentOS 8 "rabbitmq" image.

* Support for the SCSI target daemon ("tgtd") has been removed for CentOS/RHEL 8. The default value of "cinder_target_helper" is now "lioadm" on CentOS/RHEL 8, but remains as "tgtadm" on other platforms.

* The octavia user is no longer given the admin role in the admin project. Octavia does not require this role and instead uses octavia user with admin role in service project. During an upgrade the octavia user is removed from the admin project. See bug 1873176 for details.

Security Issues ***************

* Fixes leak of RabbitMQ password into Ansible logs. LP#1865840

Bug Fixes *********

* Fix that the cyborg conductor failed to communicate with placement. See bug 1873717.

* Fix that cyborg agent failed to start privsep daemon. Add privileged capability for cyborg agent. See bug 1873715.

* Adds necessary "region_name" to "octavia.conf" when "enable_barbican" is set to "true". LP#1867926

* Adds "/etc/timezone" to "Debian/Ubuntu" containers. LP#1821592

* Fixes an issue with Nova live migration not using "migration_interface_address" even when TLS was not used. When migrating an instance to a newly added compute host, if addressing depended on "/etc/hosts" and it had not been updated on the source compute host to include the new compute host, live migration would fail. This did not affect DNS-based name resolution. Analogically, Nova live migration would fail if the address in DNS/"/etc/hosts" was not the same as "migration_interface_address" due to user customization. LP#1729566

* Fix qemu loading of ceph.conf (permission error). LP#1861513

* Remove /run bind mounts in Neutron services causing dbus host- level errors and add /run/netns for neutron-dhcp-agent and neutron-l3-agent. LP#1861792

* Fixes an issue where old fluentd configuration files would persist in the container across restarts despite being removed from the "node_custom_config" directory. LP#1862211

* Use more permissive regex to remove the offending 127.0.1.1 line from /etc/hosts. LP#1862739

* Each Prometheus mysqld exporter points now to its local mysqld instance (MariaDB) instead of VIP address. LP#1863041

* Cinder Backup has now access to kernel modules to load e.g. iscsi_tcp module. LP#1863094

* Makes RabbitMQ hostname address resolution precheck stronger by requiring uniqueness of resolution to avoid later issues. LP#1863363

* Fix protocol used by "neutron-metadata-agent" to connect to Nova metadata service. This possibly affected internal TLS setup. Fixes LP#1864615

* Fixes haproxy role to avoid restarting haproxy service multiple times in a single Ansible run. LP#1864810 LP#1875228

* Fixes an issue with deploying Grafana when using IPv6. LP#1866141

* Fixes elasticsearch deployment in IPv6 environments. LP#1866727

* Fixes failure to deploy telegraf with monitoring of zookeeper due to wrong variable being referenced. LP#1867179

* Fixes "ceph" deployment reconfiguration error, when Gathering OSDs step would fail due to Kolla-Ansible user not having access to "/var/lib/ceph/osd/_FSID_/whoami". LP#1867946

* Fix missing glance_ca_certificates_file variable in glance.conf. LP#1869133

* Add client ca_cert file in heat LP#1869137

* Fixes "designate-worker" not to use "etcd" as its coordination backend because it is not supported by Designate (no group membership support available via tooz). LP#1872205

* Fixes source-IP-based load balancing for Horizon when using the "split" HAProxy service template.

* Fixes issue where HAProxy would have no backend servers in its config files when using the "split" config template style.

* Manage nova scheduler workers through "openstack_service_workers" variable. LP#1873753

* Remove the meta field of the Swift rings from the default rsync_module template. Having it by default, undocumented, can lead to unexpected behavior when the Swift documentation states that this field is not processed.

* Fix elasticsearch schema in fluentd when "kolla_enable_tls_internal" is true.

* Fixes an issue with HAProxy prechecks when scaling out using "-- limit" or "--serial". LP#1868986.

* Fixes an issue with the HAProxy monitor VIP precheck when some instances of HAProxy are running and others are not. See bug 1866617.

* Fixes MariaDB issues in multinode scenarios which affected deployment, reconfiguration, upgrade and Galera cluster resizing. They were usually manifested by WSREP issues in various places and could lead to need to recover the Galera cluster. Note these issues were due to how MariaDB was handled during Kolla Ansible runs and did not affect Galera cluster during normal operations unless MariaDB was later touched by Kolla Ansible. Users wishing to run actions on their Galera clusters using Kolla Ansible are strongly advised to update. For details please see the following Launchpad bug records: bug 1857908 and bug 1859145.

* Fixes an issue with Nova when deploying new compute hosts using "-- limit". LP#1869371.

* Adapt Octavia to the latest dual CA certificate configuration. The following files should exist in "/etc/kolla/config/octavia/":

* "client.cert-and-key.pem"

* "client_ca.cert.pem"

* "server_ca.cert.pem"

* "server_ca.key.pem"

See the Octavia documentation for details on generating these files.

* Since Openstack services can now be configured to use TLS enabled REST endpoints, urls should be constructed using the {{ internal_protocol }} and {{ external_protocol }} configuration parameters.

* Construct service REST API urls using "kolla_internal_fqdn" instead of "kolla_internal_vip_address". Otherwise SSL validation will fail when certificates are issued using domain names.

* Fixes an issue with the "kolla-ansible stop" command where it may fail trying to stop non-existent containers. LP#1868596.

* Fixes gnocchi-api script name for Ubuntu/Debian binary deployments. LP#1861688

* Fixes an issue where host configuration tasks ("sysctl", loading kernel modules) could be performed during the "kolla-ansible genconfig" command. See bug 1860161 for details.

* Fixes an issue where "openstack_release" was set to "master" by default, resulting in containers tagged "master" being deployed. It has been changed to "train". The same applies to "kolla_source_version", which affects development mode. See bug 1866054 for details.

* Fixes an issue with port prechecks for the Placement service. See bug 1861189 for details.

* Removes the "[http]/max-row-limit = 10000" setting from the default InfluxDB configuration, which resulted in the CloudKitty v1 API returning only 10000 dataframes when using InfluxDB as a storage backend. See bug 1862358 for details.

* Skydive's API and the web UI now rely on Keystone for authentication. Only users in the Keystone project defined by skydive_admin_tenant_name will be able to authenticate. See *LP#1870903 https://launchpad.net/bugs/1870903* for more details.

* "masakari-monitor" will now use the internal API to reach masakari- api. LP#1858431

* Switch endpoint_type from public to internal for octavia communicating with the barbican service. See bug 1875618 for details.

Changes in kolla-ansible 9.0.1..9.1.0 -------------------------------------

093c1f0a4 Separate per-service host configuration tasks 0604855b7 CentOS 8: CI: Add mixed CentOS 7 and 8 job 7c77b8e1f ironic: handle Swift object storage 92dcaa5d8 Adapt to Octavia Certificate Configuration Guide. fbf561584 Make sure octavia uses internal endpoint to barbican b3b315258 Remove redundant listen on haproxy handler 1c93d7b03 Manage nova scheduler workers count 49c8efb6f CentOS 8: add flag to deploy rabbitmq-3.7.24 on CentOS 7 e2fd04843 Fix haproxy restarting twice per Ansible run bcda40752 [octavia] Adds region_name if enable_barbican e2a383494 Avoid multiple haproxy restarts after reconfiguration 07c89ac47 Remove octavia user from admin project 7878ba44a Fix nova cell message queue URL with separate notification queue 8c7afb73b Fix Designate not to use etcd coordination backend 3fe1102e0 Be less confusing about custom Docker registry 9af4d1e1b Fix telegraf with zookeeper (wrong port variable reference) e7e7113a2 nova: Add debug logging to libvirtd.conf 44c0115d2 [skydive] fix: Use Keystone backend to authenticate API users 575e0dc13 Add docs and release note for CentOS 8 8b68afa3d CI: Fix deploy guide jobs d574cc6c6 CI: Ignore zuul.d 92b81eefe Fix that cyborg agent failed to start privsep daemon. b618fb312 Fix that cyborg conductor failed to communicate with placement 3057c7d33 Fix service_mapped_to_host filter for common services 5ac8d6224 Fix nova compute addition with limit b18d3b5bc [horizon] Move 'balance' HAProxy keyword e3cd5a018 [haproxy-config] Fix missing servers in split cfg fab7b08b5 Fix kolla_source_version value 037846735 Fix live migration to use migration int. address 5d313cf16 CI: Test ironic on nova-cell change 37ffbe164 Introduce /etc/timezone to Debian/Ubuntu containers 1927ba28e Fix ovs fw driver for the other ovs agent 88c4f98f0 CI: Bump dashboard access timeout to 1000s 05062a0d4 kolla-toolbox container name variable 79747c4d8 Fix HAProxy prechecks during scale-out with limit ac66987a6 Add glance_ca_certificates_file when using self sign cert in glance 6e8717b01 Add clients ca_file in heat 8e741e447 mariadb container name variable 091fcac5a Fix kolla-ansible stop with heterogeneous hosts 8f5667810 Fix service_mapped_to_host filter d2efead12 CI: CentOS 8: Enable Masakari job and periodics bb3261822 ceph: Add become to gathering OSD IDs on reconfigure 5ea84fcfe CI: install tox f80a10435 Make Fluentd config folders readable 626232fa4 Fix native openvswitch firewall driver in neutron-openvswitch-agent ec5f1b2a9 CI: Don't fail on expected critical log messages 6c7af208a Use proper es schema in fluentd when use internal tls 9b2d31809 Construct service REST API urls using configured protocol cba2d318f Construct service configuration urls using kolla_internal_fqdn ef5488703 Use internal API for masakari-monitor 31e8e2deb Swift: remove meta field from rsync command 57440edf8 CI: Reduce unnecessary gate image builds fa16b8548 Fix HAProxy monitor VIP precheck 786e5bb56 support ipv6 for grafana.ini.j2 3982d8d54 Delete stale fluent config on restart 95c165635 Fix elasticsearch configuration in ipv6 environments 706fc5f68 Fix renos a14ee51c8 Fix RabbitMQ hostname address resolution precheck c61d0af87 Set openstack_release and kolla_source_version to train 250d7667a Use listen port for Placement precheck 071033fd4 service-rabbitmq: do not log password (use no_log) 349febd88 Use InfluxDB default [http]/max-row-limit setting aea4b7cc0 Fix Prometheus mysqld exporter pointing to VIP address 6cd2077cc CI: build swift images for swift scenario 9f9e1efa8 Add /run/netns bindmount to Neutron containers 4e0106f54 Fix client TLS in neutron-metadata-agent 21fa358ce CentOS 8: Add deploy jobs in CI ea4bca0c8 Fixes gnocchi-api script name for Ubuntu/Debian 87a5063bd Use more permissive regex to remove the offending 127.0.1.1 6401c3b40 CI: Use upper constraints when installing clients d8ff468bc Python 3: Use distro_python_version for WSGI python_path 63a37b208 CI: Use python 3 for local kolla-ansible execution 08039b02d CI: Move ansible installation & configuration to Ansible 9f412d878 Use local python interpreter for keystone cron generator 3b38c53d5 Remove unused python path calculation from vmtp 41287fcbf Python 3: Use distro_python_version for monasca agent CA file a86b46539 Support python 3 in kolla-ansible script 1176804bd Add python3-dev[el] to bindep.txt ee19e8f06 Allow to override external network params in init-runonce 8c43d0c95 CentOS 8: Deploy CentOS 8 containers 2733a6db1 CentOS 8: Support variable image tag suffix 9770e596d Configure Cinder to use lioadm on CentOS/RHEL 8 c4ad080d9 Change /run bind mount for neutron/openvswitch 26d8fbcb6 Fix Cinder Backup access to kernel modules (iscsi_tcp issue) e00053fee Ironic: fix documentation 7d70b5263 Docs: fix cells upgrade guide 64051bbbd CI: Replace cinder-lvm scenario with zun scenario 241aaac4b CI: Test Zun with Cinder LVM backend (iSCSI) 210ad95a0 Python 3: Use distro_python_version for dev mode 8acf5c132 Fix multiple issues with MariaDB handling e2c600d9a Fix qemu loading of ceph.conf (permission error) 85c3e4b36 CI: Add ceph-ansible related files to ignores in check-config.sh

Diffstat (except docs and test files) -------------------------------------

ansible/group_vars/all.yml | 18 +- ansible/roles/aodh/defaults/main.yml | 14 +- ansible/roles/aodh/templates/wsgi-aodh.conf.j2 | 2 +- ansible/roles/barbican/defaults/main.yml | 11 +- ansible/roles/baremetal/defaults/main.yml | 23 ++- ansible/roles/baremetal/tasks/install.yml | 21 +- ansible/roles/baremetal/tasks/pre-install.yml | 34 ++-- ansible/roles/bifrost/defaults/main.yml | 2 +- ansible/roles/blazar/defaults/main.yml | 8 +- ansible/roles/ceilometer/defaults/main.yml | 14 +- ansible/roles/ceph/defaults/main.yml | 2 +- ansible/roles/ceph/tasks/reconfigure.yml | 1 + ansible/roles/chrony/defaults/main.yml | 3 +- ansible/roles/cinder/defaults/main.yml | 15 +- ansible/roles/cinder/templates/cinder-wsgi.conf.j2 | 2 +- ansible/roles/cinder/templates/cinder.conf.j2 | 1 + ansible/roles/cloudkitty/defaults/main.yml | 8 +- .../cloudkitty/templates/wsgi-cloudkitty.conf.j2 | 2 +- ansible/roles/collectd/defaults/main.yml | 3 +- ansible/roles/common/defaults/main.yml | 10 +- ansible/roles/common/handlers/main.yml | 2 +- ansible/roles/common/templates/fluentd.json.j2 | 31 ++- ansible/roles/congress/defaults/main.yml | 11 +- ansible/roles/cyborg/defaults/main.yml | 6 +- ansible/roles/cyborg/handlers/main.yml | 3 + ansible/roles/cyborg/tasks/check-containers.yml | 1 + ansible/roles/cyborg/templates/cyborg.conf.j2 | 12 ++ ansible/roles/designate/defaults/main.yml | 21 +- .../roles/designate/templates/designate.conf.j2 | 10 +- ansible/roles/elasticsearch/defaults/main.yml | 3 +- ansible/roles/elasticsearch/tasks/config-host.yml | 12 ++ ansible/roles/elasticsearch/tasks/config.yml | 9 - ansible/roles/elasticsearch/tasks/deploy.yml | 2 + ansible/roles/elasticsearch/tasks/upgrade.yml | 6 +- .../elasticsearch/templates/elasticsearch.yml.j2 | 6 +- ansible/roles/etcd/defaults/main.yml | 3 +- ansible/roles/freezer/defaults/main.yml | 8 +- .../freezer/templates/wsgi-freezer-api.conf.j2 | 2 +- ansible/roles/glance/defaults/main.yml | 5 +- ansible/roles/gnocchi/defaults/main.yml | 5 +- .../roles/gnocchi/templates/wsgi-gnocchi.conf.j2 | 6 +- ansible/roles/grafana/defaults/main.yml | 7 +- ansible/roles/grafana/tasks/post_config.yml | 6 +- ansible/roles/grafana/templates/grafana.ini.j2 | 2 +- ansible/roles/grafana/templates/prometheus.yaml.j2 | 2 +- ansible/roles/haproxy-config/handlers/main.yml | 17 -- .../templates/haproxy_single_service_split.cfg.j2 | 2 +- ansible/roles/haproxy/defaults/main.yml | 6 +- ansible/roles/haproxy/tasks/config-host.yml | 20 ++ ansible/roles/haproxy/tasks/config.yml | 17 -- ansible/roles/haproxy/tasks/deploy.yml | 8 +- ansible/roles/haproxy/tasks/precheck.yml | 200 ++++++++----------- ansible/roles/haproxy/tasks/upgrade.yml | 8 +- ansible/roles/haproxy/templates/haproxy_run.sh.j2 | 3 +- ansible/roles/heat/defaults/main.yml | 11 +- ansible/roles/heat/templates/heat.conf.j2 | 1 + ansible/roles/horizon/defaults/main.yml | 13 +- ansible/roles/influxdb/defaults/main.yml | 3 +- ansible/roles/influxdb/templates/influxdb.conf.j2 | 1 - ansible/roles/ironic/defaults/main.yml | 14 +- ansible/roles/ironic/tasks/config-host.yml | 8 + ansible/roles/ironic/tasks/config.yml | 7 - ansible/roles/ironic/tasks/deploy.yml | 2 + ansible/roles/ironic/tasks/legacy_upgrade.yml | 2 + ansible/roles/ironic/tasks/rolling_upgrade.yml | 2 + ansible/roles/ironic/templates/inspector.ipxe.j2 | 2 +- ansible/roles/ironic/templates/ironic.conf.j2 | 13 ++ ansible/roles/ironic/templates/pxelinux.default.j2 | 2 +- ansible/roles/iscsi/defaults/main.yml | 4 +- ansible/roles/iscsi/tasks/config-host.yml | 10 + ansible/roles/iscsi/tasks/config.yml | 10 - ansible/roles/iscsi/tasks/deploy.yml | 2 + ansible/roles/iscsi/tasks/precheck.yml | 9 + ansible/roles/kafka/defaults/main.yml | 3 +- ansible/roles/karbor/defaults/main.yml | 5 +- ansible/roles/keystone/defaults/main.yml | 7 +- ansible/roles/keystone/tasks/config.yml | 2 +- .../roles/keystone/templates/wsgi-keystone.conf.j2 | 2 +- ansible/roles/kibana/defaults/main.yml | 3 +- ansible/roles/kibana/tasks/post_config.yml | 10 +- ansible/roles/kibana/templates/kibana.yml.j2 | 2 +- ansible/roles/kuryr/defaults/main.yml | 7 +- ansible/roles/magnum/defaults/main.yml | 8 +- ansible/roles/manila/defaults/main.yml | 14 +- ansible/roles/mariadb/defaults/main.yml | 5 +- ansible/roles/mariadb/handlers/main.yml | 218 ++++----------------- ansible/roles/mariadb/tasks/bootstrap.yml | 6 +- ansible/roles/mariadb/tasks/check.yml | 2 +- ansible/roles/mariadb/tasks/deploy-containers.yml | 7 +- ansible/roles/mariadb/tasks/lookup_cluster.yml | 89 ++++++--- ansible/roles/mariadb/tasks/recover_cluster.yml | 6 +- ansible/roles/mariadb/tasks/register.yml | 19 -- ansible/roles/mariadb/tasks/restart_services.yml | 46 +++++ ansible/roles/mariadb/tasks/upgrade.yml | 64 ++++++ ansible/roles/masakari/defaults/main.yml | 11 +- .../masakari/templates/masakari-monitors.conf.j2 | 1 + .../roles/masakari/templates/wsgi-masakari.conf.j2 | 2 +- ansible/roles/memcached/defaults/main.yml | 3 +- ansible/roles/mistral/defaults/main.yml | 14 +- ansible/roles/monasca/defaults/main.yml | 16 +- ansible/roles/monasca/tasks/post_config.yml | 14 +- .../monasca-agent-forwarder/agent-forwarder.yml.j2 | 2 +- .../monasca/templates/monasca-api/wsgi-api.conf.j2 | 2 +- .../templates/monasca-log-api/wsgi-log-api.conf.j2 | 2 +- ansible/roles/mongodb/defaults/main.yml | 3 +- ansible/roles/multipathd/defaults/main.yml | 3 +- ansible/roles/multipathd/tasks/config-host.yml | 7 + ansible/roles/multipathd/tasks/config.yml | 7 - ansible/roles/multipathd/tasks/deploy.yml | 2 + ansible/roles/multipathd/tasks/upgrade.yml | 2 + ansible/roles/murano/defaults/main.yml | 8 +- ansible/roles/neutron/defaults/main.yml | 46 +++-- ansible/roles/neutron/tasks/config-host.yml | 30 +++ ansible/roles/neutron/tasks/config.yml | 27 --- ansible/roles/neutron/tasks/deploy.yml | 2 + ansible/roles/neutron/tasks/legacy_upgrade.yml | 2 + ansible/roles/neutron/tasks/rolling_upgrade.yml | 2 + .../roles/neutron/templates/metadata_agent.ini.j2 | 2 +- ansible/roles/nova-cell/defaults/main.yml | 29 ++- ansible/roles/nova-cell/tasks/config-host.yml | 15 ++ ansible/roles/nova-cell/tasks/config.yml | 12 -- ansible/roles/nova-cell/tasks/create_cells.yml | 4 +- ansible/roles/nova-cell/tasks/deploy.yml | 22 ++- .../roles/nova-cell/tasks/discover_computes.yml | 25 ++- .../roles/nova-cell/tasks/get_cell_settings.yml | 2 - ansible/roles/nova-cell/tasks/rolling_upgrade.yml | 3 + ansible/roles/nova-cell/templates/libvirtd.conf.j2 | 5 + .../roles/nova-cell/templates/nova-libvirt.json.j2 | 2 +- .../templates/nova.conf.d/libvirt.conf.j2 | 6 +- ansible/roles/nova/defaults/main.yml | 14 +- ansible/roles/nova/templates/nova.conf.j2 | 1 + ansible/roles/octavia/defaults/main.yml | 6 +- ansible/roles/octavia/tasks/config.yml | 21 +- ansible/roles/octavia/tasks/precheck.yml | 14 +- ansible/roles/octavia/tasks/register.yml | 13 -- ansible/roles/octavia/tasks/upgrade.yml | 15 ++ .../templates/octavia-health-manager.json.j2 | 18 +- .../octavia/templates/octavia-housekeeping.json.j2 | 18 +- .../roles/octavia/templates/octavia-worker.json.j2 | 18 +- ansible/roles/octavia/templates/octavia.conf.j2 | 13 +- ansible/roles/opendaylight/tasks/config-host.yml | 12 ++ ansible/roles/opendaylight/tasks/config.yml | 12 -- ansible/roles/opendaylight/tasks/deploy.yml | 2 + ansible/roles/opendaylight/tasks/upgrade.yml | 2 + ansible/roles/openvswitch/defaults/main.yml | 8 +- ansible/roles/openvswitch/tasks/config-host.yml | 7 + ansible/roles/openvswitch/tasks/config.yml | 7 - ansible/roles/openvswitch/tasks/deploy.yml | 2 + ansible/roles/openvswitch/tasks/upgrade.yml | 2 + ansible/roles/ovs-dpdk/defaults/main.yml | 8 +- ansible/roles/panko/defaults/main.yml | 3 +- ansible/roles/panko/templates/wsgi-panko.conf.j2 | 2 +- ansible/roles/placement/defaults/main.yml | 5 +- ansible/roles/placement/tasks/precheck.yml | 2 +- .../placement/templates/placement-api-wsgi.conf.j2 | 2 +- ansible/roles/prechecks/tasks/datetime_checks.yml | 26 +++ ansible/roles/prechecks/tasks/main.yml | 2 + ansible/roles/prometheus/defaults/main.yml | 14 +- ansible/roles/prometheus/templates/my.cnf.j2 | 4 +- ansible/roles/qdrouterd/defaults/main.yml | 3 +- ansible/roles/qinling/defaults/main.yml | 8 +- .../roles/qinling/templates/wsgi-qinling.conf.j2 | 2 +- ansible/roles/rabbitmq/defaults/main.yml | 9 +- ansible/roles/rabbitmq/tasks/precheck.yml | 20 +- ansible/roles/rally/defaults/main.yml | 3 +- ansible/roles/redis/defaults/main.yml | 6 +- ansible/roles/sahara/defaults/main.yml | 8 +- ansible/roles/searchlight/defaults/main.yml | 4 +- ansible/roles/senlin/defaults/main.yml | 8 +- ansible/roles/service-rabbitmq/tasks/main.yml | 1 + ansible/roles/service-stop/tasks/main.yml | 3 +- ansible/roles/skydive/defaults/main.yml | 7 +- .../skydive/templates/skydive-analyzer.conf.j2 | 9 +- ansible/roles/solum/defaults/main.yml | 14 +- ansible/roles/storm/defaults/main.yml | 4 +- ansible/roles/swift/defaults/main.yml | 2 +- ansible/roles/swift/templates/account.conf.j2 | 2 +- ansible/roles/swift/templates/container.conf.j2 | 2 +- ansible/roles/swift/templates/object.conf.j2 | 2 +- ansible/roles/tacker/defaults/main.yml | 8 +- ansible/roles/telegraf/defaults/main.yml | 3 +- ansible/roles/telegraf/templates/telegraf.conf.j2 | 2 +- ansible/roles/tempest/defaults/main.yml | 3 +- ansible/roles/trove/defaults/main.yml | 11 +- ansible/roles/vitrage/defaults/main.yml | 14 +- .../roles/vitrage/templates/wsgi-vitrage.conf.j2 | 2 +- ansible/roles/vmtp/defaults/main.yml | 3 +- ansible/roles/vmtp/tasks/config.yml | 10 - ansible/roles/watcher/defaults/main.yml | 11 +- ansible/roles/zookeeper/defaults/main.yml | 3 +- ansible/roles/zun/defaults/main.yml | 11 +- ansible/roles/zun/templates/wsgi-zun.conf.j2 | 2 +- bindep.txt | 4 +- .../reference/networking/designate-guide.rst | 9 +- etc/kolla/globals.yml | 28 ++- kolla_ansible/filters.py | 2 +- ...uth-into-cyborg-conductor-54b452e218bfb9ab.yaml | 5 + ...apability-to-cyborg-agent-14db36a5818847d1.yaml | 6 + ...d-region-name-for-octavia-292594e29ef36bf2.yaml | 6 + .../notes/adds-etc-timezone-9708f538c3c2cb5e.yaml | 5 + .../notes/bug-1729566-8b77402fd8236962.yaml | 13 ++ .../notes/bug-1861513-8e09a6fb42dfc99c.yaml | 5 + .../notes/bug-1861792-a44a31693b0c786f.yaml | 6 + .../notes/bug-1862211-1c44c4a16963baad.yaml | 7 + .../notes/bug-1862739-05246e7599375800.yaml | 7 + .../notes/bug-1863041-30d87a768339251b.yaml | 6 + .../notes/bug-1863094-1564f489a7eecb28.yaml | 6 + .../notes/bug-1863363-eb5d0ddd0d0d1090.yaml | 6 + .../notes/bug-1864615-84b4b58ea57ecfe9.yaml | 6 + .../notes/bug-1864810-5a5d0f91c0171b19.yaml | 7 + .../notes/bug-1865840-0eaf86121988a0d8.yaml | 5 + .../notes/bug-1866141-dc4bfaa2f7c31198.yaml | 5 + .../notes/bug-1866727-731e51e9bdef7f6b.yaml | 5 + .../notes/bug-1867179-9e31460ba53757d4.yaml | 6 + .../notes/bug-1867946-53c214be2b2482f1.yaml | 7 + .../notes/bug-1869133-e8f086c533ebbc41.yaml | 5 + .../notes/bug-1869137-d3de4debf827e1d2.yaml | 5 + .../notes/bug-1872205-2eb7e57e0a334fb7.yaml | 7 + .../notes/bug-1872540-0e9bed299f657b25.yaml | 5 + .../notes/bug-1872545-52f00bd340a800c2.yaml | 5 + .../notes/bug-1873753-73fe82e70559f928.yaml | 5 + releasenotes/notes/centos-8-ee2e13a2ecd64b1d.yaml | 12 ++ .../centos7-rabbitmq-3.7.24-32c2814a1763cda1.yaml | 7 + .../notes/centos8-cinder-lio-3fb17ce5c88abbf1.yaml | 6 + ...aut-rsync-module-template-7c891efbe79a96a9.yaml | 7 + ...csearch-schema-in-fluentd-32401e37e42c1b4c.yaml | 5 + ...ix-haproxy-limit-precheck-c56b3ac2331867ee.yaml | 6 + ...-haproxy-monitor-precheck-487b85f4e93313b1.yaml | 6 + ...x-multiple-mariadb-issues-d023478df6d76622.yaml | 17 ++ ...ix-nova-compute-scale-out-ae5245449cff216d.yaml | 6 + .../fix-octavia-cert-config-28f0ef2799406957.yaml | 14 ++ .../fix-rest-url-protocol-07db2f6ffe02f9b3.yaml | 6 + .../notes/fix-rest-urls-fqdn-a555e8299fe34efb.yaml | 6 + releasenotes/notes/fix-stop-602430003e8b3c42.yaml | 6 + ...fixes-gnocchi-script-name-e4715e3b9fc5b021.yaml | 5 + .../notes/ironic-swift-f5ee8ee54ebcde08.yaml | 3 + ...-host-config-in-genconfig-7321f0dcfc9d728d.yaml | 7 + .../openstack-release-train-49464568d8b57812.yaml | 8 + .../notes/openstack-tag-bfe4e862ade8549b.yaml | 8 + .../placement-listen-port-ebbd6aa61aa551da.yaml | 5 + ...hen-alertmanager-disabled-0090c1570ff4e632.yaml | 8 +- ...ve-influxdb-max-row-limit-f814a310aa6bf6ab.yaml | 8 + ...r-in-admin-project-action-95c87ca45a1188d6.yaml | 9 + .../skydive-keystone-auth-0fe96463b27dd914.yaml | 6 + ...-api-for-masakari-monitor-9ba03166ff375601.yaml | 7 + ...t-for-barbican-in-octavia-0bcdcf91a8adc95c.yaml | 7 + tools/init-runonce | 6 +- tools/kolla-ansible | 16 +- tools/setup_gate.sh | 75 +++---- tox.ini | 2 - zuul.d/base.yaml | 8 +- zuul.d/deploy-guide.yaml | 17 ++ zuul.d/jobs.yaml | 218 +++++++++++++++++++-- zuul.d/nodesets.yaml | 34 ++++ zuul.d/project.yaml | 49 +++-- 270 files changed, 2134 insertions(+), 1042 deletions(-)