We are gleeful to announce the release of: kolla-ansible 10.3.0: Ansible Deployment of Kolla containers This release is part of the ussuri stable release series. The source is available from: https://opendev.org/openstack/kolla-ansible Download the package from: https://tarballs.openstack.org/kolla-ansible/ Please report issues through: https://bugs.launchpad.net/kolla-ansible/+bugs For more details, please see below. 10.3.0 ^^^^^^ New Features ************ * Adds "kolla_sysctl_conf_path" variable that allows to customise the path to "sysctl.conf" that will be modified by Kolla Ansible plays. The default is "/etc/sysctl.conf" as it was before. * Adds a new flag, "docker_disable_default_network", which defaults to "no". Docker is using "172.17.0.0/16" by default for bridge networking on "docker0", and this might cause routing problems for operator networks. Setting this flag to "yes" will disable Docker's bridge networking. This feature will be enabled by default from the Wallaby 12.0.0 release. * Added a new haproxy configuration variable, "haproxy_host_ipv4_tcp_retries2", which allows users to modify this kernel option. This option sets maximum number of times a TCP packet is retransmitted in established state before giving up. The default kernel value is 15, which corresponds to a duration of approximately between 13 to 30 minutes, depending on the retransmission timeout. This variable can be used to mitigate an issue with stuck connections in case of VIP failover, see bug 1917068 for details. * Adds the ability to override the automatic detection of *fluentd_version* and *fluentd_binary*. These can now be defined as extra variables. This removes the dependency of having docker configured for config generation. * Adds support for collecting Prometheus metrics from RabbitMQ. This is enabled by default when Prometheus and RabbitMQ are enabled, and may be disabled by setting "enable_prometheus_rabbitmq_exporter" to "false". * Allows to skip and unset sysctl variables controlled by Kolla Ansible plays using "KOLLA_SKIP" and "KOLLA_UNSET" values. Bug Fixes ********* * Fixes an issue with "kolla-ansible bootstrap-servers" if Zun is enabled where Zun-specific configuration for Docker was applied to all nodes. LP#1914378 * Fix the issue when Swift deployed with S3 Token Middleware enabled. Fixes LP#1862765 * Fixes the Northbound and Southbound database socket paths in OVN. * chronyd crash loop if server is rebooted (Debian) LP#1915528 * Fixed an issue when Docker was configured after startup on Debian/Ubuntu, which resulted in iptables rules being created - before they were disabled. LP#1923203 * A bug where sriov_agent.ini wasn't copied due to "Permission denied" error was fixed. LP#1923467 * Fixed an issue where docker python SDK 5.0.0 was failing due to missing six - introduced a constraint to install version lower than 5.x. LP#1928915 * Fixes more-than-2-node RabbitMQ upgrade failing randomly. LP#1930293. * Fixes Swift deploy when TLS enabled. Added the missing handler and corrected the container name. LP#1931097 * Fixes missing region_name in keystone_auth sections. See bug 1933025 for details. * Fixes "iscsid" failing in current CentOS 8 based images due to pid file being needlessly set. LP#1933033 * Fixes host bootstrap on Debian not removing the conflicting packages. It now behaves in accordance with the docs. LP#1933122 * Fixes an issue where "kolla-ansible" exits with a zero exit code when executed with a bogus command name. LP#1929397 * Fixes potential issue with Alertmanger in non-HA deployments. In this scenario, peer gossip protocol is now disabled and Alertmanager won't try to form a cluster with non-existing other instances. LP#1926463 * Adds a new flag, "docker_disable_ip_forward", which defaults to "no" and can be used (by setting "yes") to disable docker's "ip- forward" option which makes docker set "net.ipv4.ip_forward" sysctl to "1". This is to protect from creating all-forwarding hosts. LP#1931615 * Fixes an issue when generating "/etc/hosts" during "kolla-ansible bootstrap-servers" when one or more hosts has an "api_interface" with dashes ("-") in its name. LP#1927357 * Fixes some configuration issues around Barbican logging. LP#1891343 * Fixes some configuration issues around Cinder logging. LP#1916752 * Fix the wrong configuration of the ovs-dpdk service. this breaks the deployment of kolla-ansible. For more details please see bug 1908850. * Fixes an issue with keepalived which was not recreated during an upgrade if configuration is unchanged. LP#1928362 * Fixes an issue with Magnum when TLS is enabled. LP#781062 * Fixes an issue with executing "kolla-ansible" when installed via "pip install --user". LP#1915527 * Fixes an issue where "masakari.conf" was generated for the "masakari-instancemonitor" service but not used. * Fixes an issue where "masakari-monitors.conf" was generated for the "masakari-api" and "masakari-engine" services but not used. * Uses a consistent variable name for container dimensions for "masakari-instancemonitor" - "masakari_instancemonitor_dimensions". The old name of "masakari_monitors_dimensions" is still supported. * Fixes an issue with Octavia deployment when using a custom service auth project. If "octavia_service_auth_project" is set to a project that does not exist, Octavia deployment would fail. The project is now created. LP#1922100 * Fixes LP#1892376 by updating deprecated syntax in the Monasca Elasticsearch template. * Removes whitespace around equal signs in "zookeeper.cfg" which were preventing the "zkCleanup.sh" script from running correctly. Other Notes *********** * Following Cinder upstream, support for using ZFSSA with Cinder has been removed. ZFSSA was unsupported in Train and later removed in Ussuri. Changes in kolla-ansible 10.2.0..10.3.0 --------------------------------------- 588e7e87c Fix exit code with bogus command name 2acd4f711 Allow user to set sysctl_net_ipv4_tcp_retries2 345747a7c Allow to skip and unset sysctl vars 5d7c34523 Add support for changing sysctl.conf path 0055332bd Disable docker's ip-forward when iptables disabled d7fcaca38 [docker] Added a new flag to disable default network 88347646e docs: Add note about internal VIP when HAProxy is disabled e3ef0dc3d magnum: Add CA certificate configuration for internal TLS 473b7e457 Make it possible to override automatic fluentd version detection 0d8f65eac [CI] Do not set ansible_python_interpreter for Zuul 026ddc97d Add missing region_name in keystoneauth sections 2ac8b5749 Drop support for Cinder ZFSSA backend 0c7db5a14 Fix host bootstrap pkg removal on Debian f0e39cd32 Do not set pid file for iscsid c6aa022a4 baremetal: fix /etc/hosts generation when api_interface has dashes ccbdf9202 chronyd crash loop if Debian server is rebooted 0cc46ff2a Stop fluentd deprecation warnings of type vs @type 9a1e9b607 Fix parsing of infra.mariadb.xinetd logs 005d4b89f Fix neutron-ovn-metadata-agent with policy.yaml a343753a7 octavia: Ensure service auth project exists bf0e09a6f Merge glance sections for nova.conf.j2 8dc48aca0 Update blazar.conf template 46898f4e3 Support editable installation in all cases 53cab0c3c Add the ansible_managed header for admin-openrc.sh 3ffcf4636 Fix RabbitMQ restart ordering 6110ae4d6 Add forgotten 'Restart container' handler for swift 6f3b611f3 neutron: Add become for copying sriov_agent.ini 622767ead Fix duplicate dashboard section in tempest.conf.j2 b80a7922a [CI] Drop Zuul host groups 90c57266a docs: Update Freenode to OFTC fc7163df4 [CI] Support building source images with in-review changes 894ff94d0 CI: Use PATH to find kolla-ansible script ae6b25fb1 [CI] Remove setup_gate.sh symlink ecd8dfe62 CI: pull images before deploy 55d62db97 cinder: fix condition to copy backend TLS certs f6d2decae Remove [octavia]/base_url option from neutron.conf b97b388bd baremetal: Install Docker SDK less than 5.0.0 f20b54c7b baremetal: Don't start Docker after install on Debian/Ubuntu 2c7286193 Ensure keepalived is upgraded a99debd15 Disable Alertmanager's peer gossip in non-HA deployments 4a5398f29 Use @type instead of type fc66b7115 Fix "Restart mariadb-clustercheck container" during config gen ca92444c6 prometheus: Collect metrics from rabbitmq 37c24be00 masakari: fix minor issues with instance monitor 3dbe8e82a Negative seqno need to be considered when comparing seqno 55ffe1f8f docs: Improve policy documentation 9164cad1c Apply Zun configuration for Docker based on inventory f48846367 [CI] Use images from quay.io 193aa7fde nova-cell: Stop printing ceph keys in output e84ac3919 docs: fix registry mirror example a473d35e0 Correctly configure S3 Token Middleware for Swift 046d94c80 Reduce number of logs and disable ara HTML report 8a46ae952 Introduce nova_libvirt_logging_debug eea77dee5 Synchronise kolla-ansible installation with other branches faef9f592 Remove whitespace around equal signs in zookeeper.cfg b4fff7225 Fix Cinder log parsing 8581dad2f CI: Add ssh retries cd2fae0c2 Replace db-sock with db-nb-sock and db-sb-sock 469b95367 ovn: Fix disabling of gateway chassis 3e92b9351 Update String type for Monasca ES template 9efacffa8 CI: fix ceph-ansible installation after cryptography 3.4 release b03201924 Do not wait for grafana to start when kolla_action=config e95bc1375 Drop lower-constraints ff06adaf4 Fix installation with pip install --user bec35706e Fix monasca-grafana check a89a2378f Fix Barbican API log config 459cbdd84 docs: improve external Ceph docs 150445c5b docs: Improve multinode Docker registry setup b9c03063d Fix dpdk deploy failed 6aa553685 Install gnupg before adding docker apt gpg key during pre-install ae2c9f9da Fixes solum_api Listening on 127.0.0.1 82c5781d8 Fix failure during Monasca Grafana upgrade Diffstat (except docs and test files) ------------------------------------- ansible/action_plugins/merge_configs.py | 27 +++- ansible/group_vars/all.yml | 13 +- ansible/roles/aodh/templates/aodh.conf.j2 | 1 + .../roles/barbican/templates/barbican-api.ini.j2 | 1 + .../roles/barbican/templates/barbican-api.json.j2 | 2 +- ansible/roles/barbican/templates/barbican.conf.j2 | 4 + .../roles/baremetal/tasks/bootstrap-servers.yml | 5 +- ansible/roles/baremetal/tasks/install.yml | 28 ++++- ansible/roles/baremetal/tasks/post-install.yml | 50 ++++++-- ansible/roles/baremetal/tasks/pre-install.yml | 7 +- .../baremetal/templates/docker_systemd_service.j2 | 2 +- ansible/roles/blazar/templates/blazar.conf.j2 | 11 +- ansible/roles/chrony/templates/chrony.json.j2 | 4 +- ansible/roles/cinder/defaults/main.yml | 14 --- ansible/roles/cinder/tasks/config.yml | 2 +- ansible/roles/cinder/tasks/precheck.yml | 1 - ansible/roles/cinder/templates/cinder-wsgi.conf.j2 | 2 +- ansible/roles/cinder/templates/cinder.conf.j2 | 18 +-- ansible/roles/common/tasks/config.yml | 12 +- ansible/roles/common/templates/admin-openrc.sh.j2 | 2 + .../templates/conf/filter/01-rewrite-0.12.conf.j2 | 4 +- .../templates/conf/filter/01-rewrite-0.14.conf.j2 | 4 +- .../common/templates/conf/input/02-mariadb.conf.j2 | 2 +- .../common/templates/conf/output/00-local.conf.j2 | 6 +- ansible/roles/cyborg/templates/cyborg.conf.j2 | 1 + .../roles/designate/templates/designate.conf.j2 | 1 + ansible/roles/elasticsearch/tasks/config-host.yml | 9 +- ansible/roles/freezer/templates/freezer.conf.j2 | 1 + ansible/roles/glance/templates/glance-api.conf.j2 | 1 + ansible/roles/gnocchi/templates/gnocchi.conf.j2 | 1 + ansible/roles/grafana/handlers/main.yml | 1 + ansible/roles/haproxy/defaults/main.yml | 4 + ansible/roles/haproxy/tasks/config-host.yml | 16 ++- ansible/roles/haproxy/tasks/upgrade.yml | 2 + ansible/roles/heat/templates/heat.conf.j2 | 1 + .../ironic/templates/ironic-inspector.conf.j2 | 2 + ansible/roles/iscsi/templates/iscsid.json.j2 | 2 +- ansible/roles/magnum/templates/magnum.conf.j2 | 9 ++ ansible/roles/manila/templates/manila.conf.j2 | 1 + ansible/roles/mariadb/handlers/main.yml | 2 + ansible/roles/mariadb/tasks/recover_cluster.yml | 2 +- ansible/roles/masakari/defaults/main.yml | 10 +- ansible/roles/masakari/tasks/clone.yml | 2 +- ansible/roles/masakari/tasks/config.yml | 33 ++--- ansible/roles/mistral/templates/mistral.conf.j2 | 1 + ansible/roles/monasca/handlers/main.yml | 3 +- ansible/roles/monasca/tasks/upgrade.yml | 1 + .../monasca/templates/monasca-api/api.conf.j2 | 1 + .../elasticsearch-template.json | 12 +- ansible/roles/murano/templates/murano.conf.j2 | 3 + ansible/roles/neutron/defaults/main.yml | 2 + ansible/roles/neutron/tasks/config-host.yml | 8 +- ansible/roles/neutron/tasks/config.yml | 1 + .../templates/neutron-ovn-metadata-agent.json.j2 | 13 +- ansible/roles/neutron/templates/neutron.conf.j2 | 8 +- ansible/roles/nova-cell/defaults/main.yml | 4 + ansible/roles/nova-cell/tasks/config-host.yml | 9 +- ansible/roles/nova-cell/tasks/external_ceph.yml | 1 + ansible/roles/nova-cell/templates/libvirtd.conf.j2 | 2 +- ansible/roles/nova-cell/templates/nova.conf.j2 | 5 +- ansible/roles/nova/templates/nova.conf.j2 | 1 + ansible/roles/octavia/defaults/main.yml | 7 ++ ansible/roles/octavia/tasks/register.yml | 15 --- ansible/roles/octavia/templates/octavia.conf.j2 | 1 + ansible/roles/ovn/tasks/bootstrap.yml | 4 +- ansible/roles/ovn/templates/ovn-nb-db.json.j2 | 2 +- ansible/roles/ovn/templates/ovn-sb-db.json.j2 | 2 +- ansible/roles/ovs-dpdk/defaults/main.yml | 2 - .../roles/ovs-dpdk/templates/ovsdpdk-db.json.j2 | 2 +- .../roles/placement/templates/placement.conf.j2 | 1 + .../templates/prometheus-alertmanager.json.j2 | 2 +- .../roles/prometheus/templates/prometheus.yml.j2 | 9 ++ ansible/roles/rabbitmq/handlers/main.yml | 18 ++- ansible/roles/sahara/templates/sahara.conf.j2 | 1 + ansible/roles/senlin/templates/senlin.conf.j2 | 1 + ansible/roles/solum/templates/solum.conf.j2 | 4 + ansible/roles/swift/defaults/main.yml | 2 +- ansible/roles/swift/handlers/main.yml | 4 + ansible/roles/swift/templates/proxy-server.conf.j2 | 2 +- ansible/roles/tacker/templates/tacker.conf.j2 | 1 + ansible/roles/tempest/templates/tempest.conf.j2 | 4 - ansible/roles/trove/templates/trove.conf.j2 | 1 + ansible/roles/vitrage/templates/vitrage.conf.j2 | 1 + ansible/roles/watcher/templates/watcher.conf.j2 | 1 + ansible/roles/zookeeper/tasks/config.yml | 1 + .../reference/high-availability/haproxy-guide.rst | 47 +++++++ .../reference/storage/external-ceph-guide.rst | 101 +++++++++------ etc/kolla/globals.yml | 6 +- etc/kolla/passwords.yml | 5 - lower-constraints.txt | 93 -------------- .../bootstrap-without-zun-67d6ee5d84fcec22.yaml | 6 + .../notes/bug-1862765-a6cad9fd2d3f0f48.yaml | 5 + .../notes/bug-1913031-e8b14c50e8a27d14.yaml | 4 + ...yd-crash-loop-if-server-is-rebooted-debian.yaml | 5 + .../notes/bug-1923203-f9ff247befc4bd75.yaml | 6 + .../notes/bug-1923467-80973d9fbe1f5287.yaml | 6 + .../notes/bug-1928915-482b2d53bb2a4d92.yaml | 6 + .../notes/bug-1930293-d8a524f2070e6779.yaml | 5 + .../notes/bug-1931097-c94832ed2ed92c3a.yaml | 6 + .../notes/bug-1933025-1cb5d64d20d57be7.yaml | 6 + .../notes/bug-1933033-76746d127285cfe8.yaml | 6 + .../notes/bug-1933122-b34311ba73092080.yaml | 6 + .../notes/cli-exit-code-1e6278f803dbf8e2.yaml | 6 + .../custom-sysctl-conf-path-ce58e897fc067410.yaml | 6 + ...e-alertmanager-clustering-ec70f5f970c4933a.yaml | 7 ++ .../docker-disable-bridge-14df8b7fddbd5000.yaml | 9 ++ ...docker-disable-ip-forward-b0490b71f9f07cd6.yaml | 9 ++ .../notes/drop-zfssa-2708a8c0b0eb5f43.yaml | 5 + .../notes/etc-hosts-dashes-37d0dc07c8fc881f.yaml | 7 ++ ...g-to-die-after-VIP-switch-5f9e811783c36041.yaml | 13 ++ .../fix-barbican-logging-42068f47fe1e4e4d.yaml | 5 + .../notes/fix-cinder-logging-22fea4739begd6s.yaml | 5 + .../fix-dpdk-deploy-failed-6695899422a67359.yaml | 7 ++ .../fix-keepalived-upgrade-a395e39dc946e618.yaml | 6 + .../fix-magnum-tls-cacert-dd5ab5729391beb2.yaml | 5 + .../fix-pip-install-user-5f871f67433e465a.yaml | 6 + ...ari-instancemonitor-fixes-dc13e5234456d4c5.yaml | 12 ++ ...eate-service-auth-project-aa38b12ebb601777.yaml | 7 ++ ...fluentd-version-detection-3cb8b8a8ebc02d0a.yaml | 6 + .../prometheus-rabbitmq-f7d6ebf0d611a819.yaml | 6 + .../sysctl-skip-and-unset-848d5ebd765aabec.yaml | 5 + ...ca-elasticsearch-template-41492c59acaf92b1.yaml | 6 + .../zookeeper-cfg-syntax-02e93c01d6a24f35.yaml | 5 + tools/kolla-ansible | 30 ++++- tools/setup_gate.sh | 136 --------------------- tox.ini | 6 - zuul.d/base.yaml | 6 +- zuul.d/nodesets.yaml | 16 --- zuul.d/project.yaml | 1 - 148 files changed, 981 insertions(+), 603 deletions(-)