We exuberantly announce the release of: kolla-ansible 16.7.0: Ansible Deployment of Kolla containers This release is part of the antelope release series. The source is available from: https://opendev.org/openstack/kolla-ansible Download the package from: https://tarballs.openstack.org/kolla-ansible/ Please report issues through: https://bugs.launchpad.net/kolla-ansible/+bugs For more details, please see below. 16.7.0 ^^^^^^ New Features ************ * Modifies public API firewalld rules to be applied immediately to a running firewalld service. This requires firewalld to be running, but avoids reloading firewalld, which is disruptive due to the way in which firewalld builds its firewall chains. * Added a command to upgrade to a target version of RabbitMQ. This is required before a SLURP upgrade. See the docs for more details: https://docs.openstack.org/kolla-ansible/latest/reference/message- queues/rabbitmq.html#slurp Bug Fixes ********* * Fixes an deploy opensearch with enable TLS on the internal VIP. * Fixes handling of openvswitch on "manila-share" nodes. LP#1993285 * Fixes behaviour of Change Password screen in Horizon until bug #2073639 is resolved. LP#2073159 * Fixes the Python requests library issue when using custom CA by adding the REQUESTS_CA environment variable to the kolla-toolbox container. See LP#1967132 * Fixes configuration of CloudKitty when internal TLS is enabled. LP#1998831 * Fixes the dimensions comparison when we set values like *1g* in the container dimensions configuration, making the docker container getting restarted even with no changes, as we are comparing *1g* with *1073741824*, which is displayed in the docker inspect while *1g* is in the configuration. * Fixes the detection of the Nova Compute Ironic service when a custom *host* option is set in the service config file. See LP#2056571 * Removes the default */tmp/* mountpoint from the horizon container. This change is made to harden the container and prevent potential security issues. For more information, see the Bug Report: LP#2068126. * Fixes an issue where OVN northbound or southbound database deployment could fail when a new leader is elected. LP#2059124 Changes in kolla-ansible 16.6.0..16.7.0 --------------------------------------- 13918ee58 Apply public firewalld rules immediately 36ca3b0d1 Add REQUESTS_CA_BUNDLE to kolla-toolbox container 4b6508724 hardening horizon: don't mount hosts /tmp dfd4eef81 Add command to upgrade to a target version of RMQ 14a21976a Fix issue with Swift Recon middleware 6d94a5017 Fix post-config of OVS for manila-share servers eced788ab Work around OVN DB leader election race condition 558f6c298 Restart OVS container after hw-offload change e8aa5d212 Add /v3 suffix to OPENSTACK_KEYSTONE_URL 97bcdedda fix flake8 error in database_shards.py c2693987a Support custom Nova Compute Ironic host names b40fabc6e Support CloudKitty deployment with internal TLS 58683d056 Fix the docker container dimensions comparison for short notation 73415f862 Add ca_path for module uri in opensearch role Diffstat (except docs and test files) ------------------------------------- ansible/module_utils/kolla_container_worker.py | 79 ++++++++++++++++++++-- ansible/rabbitmq-upgrade.yml | 21 ++++++ ansible/roles/cloudkitty/defaults/main.yml | 8 +-- ansible/roles/cloudkitty/tasks/bootstrap.yml | 3 + ansible/roles/common/defaults/main.yml | 1 + ansible/roles/haproxy-config/tasks/main.yml | 7 +- ansible/roles/horizon/defaults/main.yml | 1 - ansible/roles/horizon/templates/local_settings.j2 | 3 +- ansible/roles/loadbalancer/handlers/main.yml | 6 -- .../nova-cell/tasks/wait_discover_computes.yml | 2 +- ansible/roles/nova-cell/templates/nova.conf.j2 | 2 +- ansible/roles/opensearch/handlers/main.yml | 2 + ansible/roles/opensearch/tasks/post-config.yml | 4 ++ ansible/roles/openvswitch/tasks/post-config.yml | 4 ++ ansible/roles/ovn-db/defaults/main.yml | 2 + ansible/roles/ovn-db/tasks/bootstrap-db.yml | 10 +++ ansible/roles/rabbitmq/defaults/main.yml | 2 + ansible/roles/swift/tasks/start.yml | 2 + kolla_ansible/database_shards.py | 4 +- .../notes/add-opensearch-uri-68a657c55ce9c9f1.yaml | 4 ++ .../notes/bug-1993285-127fe764e461465a.yaml | 5 ++ .../notes/bug-2073159-c54c773c72c8fb11.yaml | 6 ++ .../notes/bug-923105-d451a78930973a82.yaml | 7 ++ .../cloudkitty-internal-tls-c3e18be2a9f95c5d.yaml | 5 ++ .../firewalld-immediate-c2abf09977c455a9.yaml | 7 ++ ...ges-when-using-dimensions-ad94b657b6c29cfc.yaml | 10 +++ ...ompute-ironic-host-option-a7a3f6ae095f5201.yaml | 6 ++ .../harden_horizon_tmp_usage-0d690e49645b99a8.yaml | 6 ++ ...mq-target-upgrade-command-d5f9d9fc27fa28f8.yaml | 6 ++ ...round-ovn-leader-election-f7f75e93e9300d96.yaml | 6 ++ tools/kolla-ansible | 8 +++ 34 files changed, 372 insertions(+), 25 deletions(-)