[release-announce] kolla-ansible 8.1.0 (stein)

We are excited to announce the release of: kolla-ansible 8.1.0: Ansible Deployment of Kolla containers This release is part of the stein stable release series. The source is available from: https://opendev.org/openstack/kolla-ansible Download the package from: https://tarballs.openstack.org/kolla-ansible/ Please report issues through: https://bugs.launchpad.net/kolla-ansible/+bugs For more details, please see below. 8.1.0 ^^^^^ New Features ************ * Add support to Kolla-Ansible for Cloudkitty InfluxDB storage system deployment. * HAProxy - Add the ability to define custom HAProxy services in {{ node_custom_config }}/haproxy/services.d/ * Designate coordination backend can now be configured via the designate_coordination_backend variable. Coordination is mandatory when multiple workers are deployed as in a multinode environment. Possible values are redis or etcd. * Adds support for passing extra options to Prometheus. Upgrade Notes ************* * Modifies the default storage backend for Cloudkitty to InfluxDB, to match the default in Cloudkitty from Stein onwards. This is controlled via "cloudkitty_storage_backend". To use the previous default, set "cloudkitty_storage_backend" to "sqlalchemy". See bug 1838641 for details. * Modifies the path for custom configuration of "swift.conf" from "/etc/kolla/config/swift/<service>.conf" to "/etc/kolla/config/swift/<service>/swift.conf", to avoid a collision with custom configuration for "<service>.conf". Here, "<service>" may be "proxy-server", "account-*", "container-*" or "object-*". * The default connection limit for HAProxy backends is 2000 however, MariaDB defaults to a max of 10000 conections. This has been changed to match the MariaDB limit. 'haproxy_max_connections' has also been increased to 40000 to accommodate this. * Changes the database backup procedure to use "mariabackup" which is compatible with MariaDB 10.3. The "qpress" based compression used previously is now replaced with "gzip". The documented restore procedure has been modified accordingly. See the Mariabackup documentation for further information. * The Heat role has stopped disabling deprecated plugins. To apply this change to existing deployments, the file "`/etc/kolla/heat- engine/_deprecated.yaml" is automatically removed during the upgrade. Deprecation Notes ***************** * The "enable_xtrabackup" variable is deprecated in favour of "enable_mariabackup". Bug Fixes ********* * When "etcd" is used with "cinder_coordination_backend" and/or "designate_coordination_backend", the config has been changed to use the "etcd3gw" (aka "etcd3+http") "tooz" coordination driver instead of "etcd3" due to issues with the latter's availability and stability. "etcd3" does not handle well eventlet-based services, such as cinder's and designate's. See bugs 1852086 and 1854932 for details. See also tooz change introducing etcd3gw. * Adds configuration to set *also_notifies* within the pools.yaml file when using the Infoblox backend for Designate. Pushing a DNS NOTIFY packet to the master does not cause the DNS update to be propagated onto other nodes within the cluster. This means each node needs a DNS NOTIFY packet otherwise users may be given a stale DNS record if they query any worker node. For details please see bug 1855085 * Fixes an issue with Docker client timeouts where Docker reports 'Read timed out'. The client timeout may be configured via "docker_client_timeout". The default timeout has been increased to 120 seconds. See bug for details. * Fixes an issue where a failure in pulling an image could lead to a container being removed and not replaced. See bug 1852572 for details. * Fixes Swift volume mounting failing on kernel 4.19 and later due to removal of *nobarrier* from XFS mount options. See bug 1800132 for details. * Fixes an issue with fluentd parsing of WSGI logs for Aodh, Masakari, Qinling, Vitrage and Zun. See bug 1720371 for details. * Fixes glance_api to run as privileged and adds missing mounts so it can use an iscsi cinder backend as its store. LP#1855695 * When upgrading from Rocky to Stein HAProxy configuration moves from using a single configuration to assembling a file from snippets for each service. Applying the HAProxy tag to the entire play ensures that HAProxy configuration is generated for all services when the HAProxy tag is specified. For details please see bug 1855094. * Fixes templating of Prometheus configuration when Alertmanager is disabled. In a deployment where Prometheus is enabled and Alertmanager is disabled the configuration for the Prometheus will fail when templating as the variable *prometheus_alert_rules* does not contain the key *files*. For details please see <https://bugs.launchpad.net/kolla-ansible/+bug/1854540>`__. Changes in kolla-ansible 8.0.1..8.1.0 ------------------------------------- be4daa5b4 Enable Glance to use Cinder iSCSI backend a86b4744f Add also_notifies to Infoblox backend for Designate 15c233c52 Fix Prometheus template generation 729234a9c doc: move to stein in quickstart 6ec794ee8 Remove ceilometer transformers config 6997f8f71 Fix restart handlers for polling.yaml changes 2a1e6e1c6 Fix Zun Docker runtime selection 15b397771 Stop gzipping logs in get-logs.sh a955f323a Fix fernet-node-sync error catching 1b89068bb Enable load balancing to Galera nodes in Donor state 741156d22 Generate HAProxy configuration for all enabled servvices 7b3b1def8 Make fluentd-elasticsearch configuration more robust e29501b50 Fix fluentd parsing of WSGI logs 8c674296a Use'openstack_region_name' in cloudkitty collectors and fetchers e6d509c1e Configure region_name in cloudkitty.conf 3563497a4 [neutron] Adjust neighbour table thresholds d30eacff3 CI: Set zuul's ansible_python_interpreter to python2 067b55505 Fix nova and cinder handlers with no ceph c67b39519 Template custom HAProxy service configuration f1fe39bca Support configuration of Docker client timeout a01907474 Default to etcd3gw driver for etcd-based coordination 98a0c14eb [designate] Add coordination backend for designate workers 021f55b2f Fix Swift with kernel 4.19 and later bcea46f13 Fix hard-coded admin project name and username in blazar task a3cfa8094 Delete influxdb admin port 22dc15677 Fixes the compatibility issue at HAProxy role with Ansible 2.9 08725a5fb CI: Add mariadb test 8a291125d Allow region setting for ironic-neutron-agent eef935bb9 Fix conditionals in CI playbook 8fdc2e140 Parse MariaDB log messages in different formats into Fluentd 64e6b9e88 Fix restart policy after MariaDB recovery 8cf2f14bb Patch to fix RPC selection problem after upgrade f96cd1218 Vitrage: typo in precheck task 48b106f40 Attempt to pull image before stopping and removing container 83e0d0040 Start Docker after upgrade 983348cb6 Add support for custom HAProxy service config 72e8aaabf Fix keystone fernet rotation for source images 7d1194643 Collect rabbitmq logs by fluentd 0d03d2e28 Wait for MariaDB to be accessible via HAProxy de730a4cb Use mariabackup for database backups f126ef93b Swift: compute the list of containers dynamically in the reconfigure task 2ee470bbe Fix swift.conf custom configuration path collision bba529fec Remove Heat environment file disabling deprecated plugins 7e3021da8 Fix idempotency of fluentd customisations 9df6ee216 Fix empty match while setting supported_policy_files 5598fa107 Fix haproxy deploy for external mariadb cluster 79c2546d8 Updated ansible uri module HEADERS_ field a7ccc2db2 Allow nova to delete volume with cinder auth be87558ac CI: Pin Ansible to 2.8.x on Ubuntu during upgrades 0f17688ac Openvswitch: some ovs tools require ovs daemons pidfiles 2242fceb7 Fix nova scheduler down after first docker restart 9fcae517a Limit open file descriptors for Neutron agent containers 17e9c399c Perform database migration in monasca upgrade 8b4641642 Fix Python3 compatibility for kolla-genpwd e250a8bb3 Fix placement being enabled always instead of with nova a1d58df74 Do not install ntp package on host when not used dde4c3a71 CI: Increase timeout for upgrade jobs by 30 minutes 713c75f07 CI: Increase job run attempts to 5 e29bdd6a3 Fixes Monasca log transformer UTC offset exception 2e6814eff Fixes missing boolean for Neutron FWaaS fdc41e339 Fixes glance image cache deployment. 28da85383 Fix CI failures e729a1510 HAProxy backend connection limits 2349364a2 Remove /etc/hosts entries pointing hostname to localhost and prevent cloud-init to manage /etc/hosts d82439a41 Add <project>_install_type for all projects 8db18241c Fix swift-proxy-server memcached configuration 873e3b49f Zun: disable image validation 5e54f7647 [octavia] Add region-specific catalog lookups 17e67c986 Remove deprecated option 'ovsdb_interface' 12950be4a Switch default cloudkitty storage backend to influxdb 28273411a Fix kolla_toolbox error handling 32e8f53ea Ensure keepalived is restarted during upgrade adc2bcd0b [prometheus] Added support for extra options 05ef60833 Fix Octavia to use keystone_admin_project variable f3d40bf7e Fix for haproxy precheck failing on CentOS running non-root e9a7be682 Fix prometheus-alertmanager cluster bug 612083cdc [designate] Fix admin api configuration 220943fad Cloudkitty InfluxDB Storage backend via Kolla-ansible ba332d42d Fix Nova cell search fee1a0807 [nova] Fix service catalog lookup of Neutron endpoint c88e38322 CI: Test accessing dashboard Diffstat (except docs and test files) ------------------------------------- .yamllint | 7 +- ansible/group_vars/all.yml | 27 ++++- ansible/library/kolla_docker.py | 15 ++- ansible/library/kolla_toolbox.py | 8 ++ ansible/mariadb_backup.yml | 2 +- ansible/roles/baremetal/defaults/main.yml | 4 +- ansible/roles/baremetal/tasks/install.yml | 13 +- ansible/roles/baremetal/tasks/pre-install.yml | 32 +++++ ansible/roles/blazar/tasks/bootstrap.yml | 12 +- ansible/roles/ceilometer/handlers/main.yml | 4 +- .../ceilometer/templates/event_pipeline.yaml.j2 | 1 - .../roles/ceilometer/templates/pipeline.yaml.j2 | 77 ------------ ansible/roles/chrony/defaults/main.yml | 3 +- ansible/roles/cinder/defaults/main.yml | 2 - ansible/roles/cinder/handlers/main.yml | 8 +- ansible/roles/cinder/templates/cinder.conf.j2 | 7 +- ansible/roles/cloudkitty/defaults/main.yml | 25 ++++ ansible/roles/cloudkitty/tasks/bootstrap.yml | 10 ++ ansible/roles/cloudkitty/tasks/upgrade.yml | 13 ++ .../roles/cloudkitty/templates/cloudkitty.conf.j2 | 36 ++++++ ansible/roles/collectd/defaults/main.yml | 3 +- ansible/roles/common/defaults/main.yml | 1 + ansible/roles/common/tasks/config.yml | 101 ++++++++------- .../templates/conf/filter/01-rewrite-0.12.conf.j2 | 7 ++ .../templates/conf/filter/01-rewrite-0.14.conf.j2 | 15 +++ .../common/templates/conf/filter/02-parser.conf.j2 | 27 +++++ .../common/templates/conf/input/00-global.conf.j2 | 4 +- .../common/templates/conf/input/02-mariadb.conf.j2 | 7 +- .../templates/conf/input/03-rabbitmq.conf.j2 | 7 +- .../templates/conf/input/04-openstack-wsgi.conf.j2 | 2 +- .../common/templates/conf/output/00-local.conf.j2 | 6 + .../common/templates/conf/output/01-es.conf.j2 | 3 + ansible/roles/common/templates/fluentd.json.j2 | 5 + .../roles/designate/templates/designate.conf.j2 | 14 ++- ansible/roles/designate/templates/pools.yaml.j2 | 5 + ansible/roles/elasticsearch/defaults/main.yml | 3 +- ansible/roles/etcd/defaults/main.yml | 3 +- ansible/roles/glance/defaults/main.yml | 4 + ansible/roles/glance/handlers/main.yml | 1 + ansible/roles/glance/tasks/check-containers.yml | 18 +++ ansible/roles/glance/tasks/rolling_upgrade.yml | 6 +- .../roles/glance/templates/glance-cache.conf.j2 | 3 - ansible/roles/grafana/defaults/main.yml | 3 +- ansible/roles/haproxy/defaults/main.yml | 10 +- ansible/roles/haproxy/tasks/config.yml | 16 +++ ansible/roles/haproxy/tasks/precheck.yml | 1 + ansible/roles/haproxy/tasks/upgrade.yml | 2 + .../roles/haproxy/templates/haproxy_main.cfg.j2 | 3 +- ansible/roles/heat/tasks/config.yml | 9 -- ansible/roles/heat/tasks/upgrade.yml | 7 ++ ansible/roles/heat/templates/_deprecated.yaml | 5 - ansible/roles/heat/templates/heat-engine.json.j2 | 6 - ansible/roles/horizon/tasks/policy_item.yml | 2 +- ansible/roles/influxdb/defaults/main.yml | 8 +- ansible/roles/influxdb/tasks/precheck.yml | 11 -- ansible/roles/influxdb/templates/influxdb.conf.j2 | 4 - ansible/roles/keystone/templates/crontab.j2 | 6 + .../keystone/templates/fernet-node-sync.sh.j2 | 3 + ansible/roles/kibana/defaults/main.yml | 3 +- ansible/roles/kibana/tasks/post_config.yml | 3 +- ansible/roles/kuryr/defaults/main.yml | 3 +- ansible/roles/mariadb/defaults/main.yml | 11 +- ansible/roles/mariadb/tasks/backup.yml | 16 +-- ansible/roles/mariadb/tasks/config.yml | 22 +++- ansible/roles/mariadb/tasks/recover_cluster.yml | 39 ++++-- ansible/roles/mariadb/tasks/register.yml | 12 +- .../roles/mariadb/tasks/wait_for_loadbalancer.yml | 16 +++ .../roles/mariadb/templates/mariabackup.json.j2 | 21 ++++ ansible/roles/mariadb/templates/wsrep-notify.sh.j2 | 6 +- ansible/roles/memcached/defaults/main.yml | 3 +- ansible/roles/monasca/defaults/main.yml | 2 +- ansible/roles/monasca/tasks/upgrade.yml | 2 + .../log-transformer.conf.j2 | 2 +- ansible/roles/mongodb/defaults/main.yml | 3 +- ansible/roles/multipathd/defaults/main.yml | 3 +- ansible/roles/neutron/defaults/main.yml | 36 ++++-- ansible/roles/neutron/tasks/config.yml | 6 + ansible/roles/neutron/templates/dhcp_agent.ini.j2 | 1 - .../neutron/templates/ironic_neutron_agent.ini.j2 | 1 + ansible/roles/neutron/templates/l3_agent.ini.j2 | 1 - ansible/roles/nova/handlers/main.yml | 40 +----- ansible/roles/nova/tasks/create_cells.yml | 4 +- ansible/roles/nova/tasks/discover_computes.yml | 7 +- ansible/roles/nova/tasks/legacy_upgrade.yml | 3 + ansible/roles/nova/tasks/reload.yml | 33 +++++ ansible/roles/nova/tasks/rolling_upgrade.yml | 3 + ansible/roles/nova/templates/nova.conf.j2 | 10 +- ansible/roles/octavia/tasks/register.yml | 2 +- ansible/roles/octavia/templates/octavia.conf.j2 | 12 ++ ansible/roles/openvswitch/templates/start-ovs.j2 | 2 +- .../openvswitch/templates/start-ovsdb-server.j2 | 2 +- .../templates/prometheus-alertmanager.json.j2 | 2 +- .../prometheus/templates/prometheus-server.json.j2 | 2 +- .../roles/prometheus/templates/prometheus.yml.j2 | 2 +- ansible/roles/qdrouterd/defaults/main.yml | 3 +- ansible/roles/rabbitmq/defaults/main.yml | 3 +- ansible/roles/rally/defaults/main.yml | 3 +- ansible/roles/redis/defaults/main.yml | 5 +- ansible/roles/skydive/defaults/main.yml | 5 +- ansible/roles/swift/tasks/config.yml | 4 +- ansible/roles/swift/tasks/reconfigure.yml | 135 ++++++--------------- ansible/roles/swift/tasks/start.yml | 2 +- ansible/roles/swift/templates/proxy-server.conf.j2 | 2 +- ansible/roles/telegraf/defaults/main.yml | 3 +- ansible/roles/tempest/defaults/main.yml | 3 +- ansible/roles/vitrage/tasks/precheck.yml | 2 +- ansible/roles/zun/templates/zun.conf.j2 | 2 +- ansible/site.yml | 5 +- .../reference/networking/designate-guide.rst | 7 ++ etc/kolla/globals.yml | 24 +++- kolla_ansible/cmd/genpwd.py | 2 +- .../cloudKitty-v2-influxdb-07cb8b0051ac9ea0.yaml | 4 + ...oudkitty-default-influxdb-397d7441ad2576c5.yaml | 8 ++ ...rdination-backend-etcd3gw-8a58a2f5eddd1f57.yaml | 15 +++ ...lox-backend-also-notifies-0214cc1e51b838b8.yaml | 11 ++ .../docker-client-timeout-dc221b2d350efad8.yaml | 8 ++ ...fix-recreate-missing-pull-dba93327fd4c94c3.yaml | 6 + .../fix-swift-conf-collision-ee98d09a91c270bd.yaml | 8 ++ ...swift-mount-xfs-nobarrier-44a1601da46d12b9.yaml | 7 ++ .../fix-wsgi-log-collection-c9f347096394df5c.yaml | 6 + .../glance-fix-iscsi-backend-784aca2c2456333c.yaml | 6 + .../haproxy-custom-services-c6bc343d162a8990.yaml | 5 + .../haproxy-tag-entire-play-537aed55ffd947be.yaml | 9 ++ ...e-haproxy-max-connections-df6aff5c82fdef24.yaml | 9 ++ .../notes/mariabackup-bd3b238823e589da.yaml | 13 ++ ...nate-coordination-backend-741ec71946e7567e.yaml | 7 ++ ...prometheus-cmdline-extras-2e680c8697c1a308.yaml | 3 + ...hen-alertmanager-disabled-0090c1570ff4e632.yaml | 8 ++ ...t-engine-environment-file-5f1320011b00099d.yaml | 7 ++ tools/setup_gate.sh | 10 ++ zuul.d/base.yaml | 9 +- zuul.d/jobs.yaml | 22 ++++ zuul.d/project.yaml | 10 ++ 143 files changed, 1161 insertions(+), 491 deletions(-)