We are stoked to announce the release of: kolla-ansible 13.0.0: Ansible Deployment of Kolla containers This release is part of the xena release series. The source is available from: https://opendev.org/openstack/kolla-ansible Download the package from: https://tarballs.openstack.org/kolla-ansible/ Please report issues through: https://bugs.launchpad.net/kolla-ansible/+bugs For more details, please see below. 13.0.0 ^^^^^^ New Features ************ * Adds "manila_cephfs_filesystem_name" variable to support multi-fs Ceph Pacific+ deloyments. Upgrade Notes ************* * "enable_host_ntp" variable is dropped per the deprecation process. * The "wsrep-notify.sh" script has been removed (following deprecation in Wallaby). Bug Fixes ********* * Fixes an issue with multinode MariaDB deployments which could fail the playbook execution on WSREP check due to the new behaviour of Galera 4. LP#1947485. * Fixes an issue with single node MariaDB deployments with HAProxy disabled. See bug 1947534 for details. * Fixes the generation of "wsrep_cluster_address" in "galera.cnf" when "--limit" is used while deploying MariaDB nodes. LP#1947589 * Fixes an error in placement role which prevents to deploy the placement service when custom policy file is used. LP#1948835 * Fixes missing current Ansible version in the error message. LP#1948979 * Fix octavia role doesn't set the amphora network's gateway_ip LP#1949260 * Removes "fix_cephfs_owner.yaml" which related to pre-wallaby Manila's use of subfolders. Post-wallaby Manila now uses cephfs volumes instead, as such this file is no longer required. LP#1938285 LP#1935784 * Removes use of "cephfs_enable_snapshots" in Manila config as this option was removed from Manila in the Wallaby release. Changes in kolla-ansible 12.0.0..13.0.0 --------------------------------------- 44c46fc80 The deprecated iscsi deploy interface has been removed since xena f9b3709ba docs: Get release name dynamically c32eecf34 docs: Parameterize kolla-ansible version and branch 768b62a8f Stop creating unused cron/logrotate directory 543096c93 docs: Fix python-openstackclient package name and init-runonce path 7659f1e32 Fix octavia doesn't set subnet gateway_ip 06218e264 mariadb: use add_host to include inactive hosts in shard grouping 3aa42733a Fix broken deploy of placement service e219faec8 Fix missing Ansible version in the error message 150e2fc98 Revert "Do not load br_netfilter" 152cd21a4 Drop enable_host_ntp 2d69bdc8a docs: Improve info about neutron external interface 0ad69fc5b Use Xena images 70087813c mariadb: Remove wsrep-notify.sh 45b0b87f8 Update Manila deploy steps for Wallaby be6fd7b7d [mariadb] Start new nodes serially 9842b3296 Update TOX_CONSTRAINTS_FILE for stable/xena c0d5c66b0 Update .gitreview for stable/xena f9204267e Tidy up renos before Xena release 37e4dba87 Add support for Ironic inspection through DHCP-relay 78260f98e Correctly create the dhcp_agent.ini and l3_agent.ini 2455a95f3 Trivial but necessary fix - loadbalancer weight f1cbff6b7 Trivial fix shebang in keystone's fernet-node-sync.sh.j2 c7c14e1c4 Fix privileges for MariaDB 10.5 62b90af55 Docs: Update to opendev.org domain 0df36ce1e Debian: apt-transport-https is transitional package d5aa73c4a Add missing CloudKitty documentation. 4f78c696c Do not become root when searching for custom prometheus alert rules files 15259002b Do not load br_netfilter 1d0171fc7 monasca: change default of monasca_ntp_server 3b22d334d CI: monasca: ignore exited monasca_thresh container 1f71df1a8 Remove chrony role from kolla 9ef6bb2d9 [CI] Stop adding the DROP workaround 8c5012e94 Add support for Ceph RadosGW integration 393dfbf65 docs: ceph: add copy-on-write for Glance 66c84843e Deploy source type images by default 1bfed045c Do not set net.ipv4.ip_forward sysctl 2e933dceb Transition Keystone admin user to system scope 2c6bc0bd1 Do not create haproxy and swift log dirs needlessly 7c2b4bead Add way to change weight of haproxy backend per service 1b650534c Bump up Ansible max supported ver to 4.x 4ff65b766 Use friendly target names in Prometheus 0e720b382 Add check and diff options to kolla-ansible 6dc8b5639 Use mariadb_tag as default for all mariadb tags 2cf9ae2cf Do not enable mariadb-clustercheck when not needed 0d9477de3 Switch default images source to quay.io f0241f807 Remove haproxy,keepalived groups ae69994db use ironic user in ironic_neutron_agent.ini file 72e067398 Fix neutron upgrade using host limit without controllers c7bec2f30 [CI] Fix upgrade with kolla-build 02e07a086 CI: Temporarily enable insecure registry 21b4dc541 Zun: Temporarily skip capsule test for ubuntu 24e6a6ced toolbox: Allow different users logging to ansible.log 11d7233cc Bump libvirtd memlock ulimit d9e0ca5b3 reno: follow up 24e48d4da [tox] Add docs-iterative command 4e473a784 [tox] Optimise docs actions daf534b4e [CI] Test instance health after upgrade 34c49b9db Restore libvirtd cgroupfs mount d8641e90c docs: Add placeholder page for CI & testing information d9a375895 Add kolla-ansible gather-facts command ca6fc69ee docs: adding and removing host: add --all-projects option 3c68e8258 Fix Masakari in multi-region deploys 802f7c621 Never make Docker registry insecure by default ffd53512a Rename role haproxy to loadbalancer cbb567cb8 Add ability to retry image pulling 16a4a9e5a Remove an unused file 0858d5487 Fix haproxy precheck when kolla_externally_managed_cert is used 90fd9152a Use Docker healthchecks for keystone-fernet container 839ec629b tools: use /usr/bin/env bash instead of /bin/bash 2b599bdb8 Use Docker healthchecks for nova-spicehtml5proxy service b7e85d528 [CI] Test Swift upgrades f8e3e169c Allow override of rabbitmq config in kolla toolbox 13200ace3 Fix kolla-toolbox with IPv6 and disabled RabbitMQ b6d9cf768 [CI] Fix Debian upgrade d56dc3403 Validate if running CentOS OS is CentOS Stream 85879afc0 Trivial fix nova's healthchecks bcfebaf87 Use api-paste.ini from /etc/neutron 9ff2ecb03 Refactor and optimise image pulling 46df30d87 ironic: Follow up for ironic_enable_keystone_integration b692ce7af Support monitoring Fluentd with Prometheus bd3ad904d CI: stop setting ceph_nova_user a08aaf7d8 Fix release note for ansible_facts 2c786a0fa neutron: fix neutron-server config.json with VMware d15d94300 Remove unused imports in merge_yaml da4fd2d6a Extra var ironic_enable_keystone_integration added. 30e0eae8b Remove deprecated Designate option 7f98238b6 Elevated privileges required to set owner/group/mode by ansible 0d79d25fe Remove support for Prometheus v1 6ac4638cf Trivial fix horizon's healthcheck when SSL turned on 281c9935d Do not run timesync checks on deployment host c281a018c Fix freezed spice console in horizon 948e9ae70 watcher: add missing become for copying configs 6c72fa811 Support multiple inventories d7cdad532 Use more RMQ flags for less busy wait fca9be380 Delete haproxy_single_service_listen.cfg.j2 template c3f9ba835 nova: Use cinder user for Ceph 004cb7540 [manila] Drop tenant_id templating from v2 endpoint 24d08142d Fix nova deployment failure when rabbitmq is disabled 24950b389 Fix incorrect config of linuxbridge multiple external networks 5cb080247 cyborg: add missing become for api-paste.ini 7dfbcc71c [CI] Slim down Masakari job 411668ea5 ironic: always enable conductor HTTP server 5e85fe2a0 Fix variable names in Octavia documentation 200e36da7 Fix deployment failure when kolla_dev_mod is enabled aa28675ca Fix ironic_ipxe healthcheck on Debian/Ubuntu 2e4f51f67 manila: add glance section in manila-share.conf cccae8a65 Fix typos in release note 220d4fbbc Fix typo in keystone role c2ae21fd9 Reduce container metrics cardinality 54737cd13 baremetal: use docker_yum_gpgkey to fetch docker GPG key f6c0474af Fix config action when OVN is enabled 526199846 Remove tempest role c454761a4 Blazar: Fix support for external keystone in multiregion deploy 15f2fdcd5 Make setup module arguments configurable 9fffc7bc5 Add disable_firewall variable f71646da1 Fix Masakari host monitor default config 6131b6856 Remove rally and panko again 6bf74aa20 Support storing passwords in Hashicorp Vault 6e1849589 CI: Avoid generating a nova key in cephadm scenario a73e89f03 [CI] Do not set ansible_python_interpreter for Zuul 531604757 reno: fix typo f3520bc1c Replace auth_uri with www_authenticate_uri 09d0409ed Allow user to set sysctl_net_ipv4_tcp_retries2 7eff49a5a CI: Don't generate certificates before upgrade ade5bfa30 Use ansible_facts to reference facts 48f0957a1 magnum: Add CA certificate configuration for internal TLS 7da770d29 Add missing region_name in keystoneauth sections 3a7440b37 Fix host bootstrap pkg removal on Debian 0158221fd Drop support for Cinder ZFSSA backend 18a0af695 Do not set pid file for iscsid 640dbb03f Revert "Reduce container metrics cardinality" 1fc58e74d Fix up 'Persist nova libvirt secrets in a Docker volume' 38ca1431d Update previous_release to Wallaby c6259158e Reduce container metrics cardinality 300910961 Remove rally deployment 286a03bad Drop /sys/fs/cgroup mounts 3f9662278 Reno follow up for docker_disable_ip_forward ccf8cc5dc Remove support for panko 0fa4ee56e Disable docker's ip-forward when iptables disabled 085a30f75 [CI] Test bifrost on Ubuntu as well 682cff7bc Revert "cephadm: Set auth_allow_insecure_global_id_reclaim to true" 0cd5b027c Fix RabbitMQ restart ordering 5c19f9a5e Add forgotten 'Restart container' handler for swift 70f6f8e4c Reduce RabbitMQ busy waiting, lowering CPU load e7ff199dc Robustify fluentd output tag matching aea9bf355 monasca-thresh: Fix topology submission to storm cccf4f777 [TrivialFix] Remove extra slash 46bd05250 baremetal: fix /etc/hosts generation when api_interface has dashes dee9d22dc Add suppress_type_name to stop warnings with ES7 7f1248fee Fix parsing of infra.mariadb.xinetd logs 0c7ba86e0 Stop fluentd deprecation warnings of type vs @type 84ac7b309 chrony: allow to remove the container e48d0a7fa [CI] Drop Zuul host groups 887bf6f1f Fix release note markup 278b63a0e docs: Update Freenode to OFTC d60c5591c [CI] Move to Debian Bullseye 9a77fb1ca Add support for Debian Bullseye (11) as host distro 4d6a79d21 Add the ansible_managed header for admin-openrc.sh 95520df09 [docker] Add support for setting CgroupnsMode a3caf8c3a Bump min Docker version bb56861cc Use mariadb-server image for mariabackup 283b0dec6 fluentd: Fix check for external elasticsearch 21efaf3f4 CI: fix backups Ceph pool name 7d1af053b Remove [octavia]/base_url option from neutron.conf 13965f40c tox: Add find command to allowlist_externals list 1ea99147c CI: Use PATH to find kolla-ansible script 86ddc94ec Fix exit code with bogus command name 337771143 CI: Configure IP on a linux bridge instead of OVS br-ex 1da715802 linters: Mock additional variables in validate-all-file.py bbc27b59f CI: add grafana to monasca image list fca2c5fe0 [CI] Fix testing in cephadm scenario c99841272 Make rabbitmq cluster_partition_handling configurable 6b61cbe6f Merge glance sections for nova.conf.j2 b053bd8ec baremetal: Install Docker SDK less than 5.0.0 9e9293c5c Indented two spaces to match the other things in this block f184f9436 Mariadb shards documentation bd496808c CI: Disable amphora in OVN jobs e8c4b2e1b [CI] Log dbus services e83b5869a CI: Wait for NTP synced status in systemd bc9617919 baremetal: Don't start Docker after install on Debian/Ubuntu d43642ac3 Trivial if conditional fix in keystone.json 6230971b9 gnocchi: fix external ceph integration when gnocchi-statsd is disabled f295b1a05 docs: update supported OS distros b300f7bc4 Disable Alertmanager's peer gossip in non-HA deployments edc918313 CI: allow Elasticsearch status to be green or yellow e92323600 Add ability to use the Neutron packet logging framework fe6647747 Use @type instead of type f94c7beab cleanup no longer needed task for cinder 41fe771bc Do not write octavia_amp_ssh_key if auto_config disabled e5ab32afa octavia: Fix duplicate api_settings aff99355d ovn: make DVR work on VLAN tenant networks 999b5cfb2 ovn: omit unnecessary bridge mappings ec36eb016 CI: Fix nfv job with kolla dependency b056f54c1 Deprecate tempest and rally 43ca9dad0 setup.cfg: Replace dashes with underscores f3314eacd Redis configuration syntax update 0b132775e Fix neutron-ovn-metadata-agent with policy.yaml c3afbd3c5 Check config when checking the containers 83f3422fb Deprecate enable_host_ntp a967b9dd6 cephadm: Set auth_allow_insecure_global_id_reclaim to true 2b3284b3f Remove redundant Monasca Kafka client option 82cf40edf Remove Monasca Grafana service 8a1e9e984 Add Monasca Grafana deprecation notice fc406d035 [doc] fix a typo 7e81e20e7 Skip setting rp_filter by default d9b21cde9 Bump up python version for Debian Bullseye f3da3d8e1 Avoid an Ansible quirk in hacluster role 51134fb31 Add Python3 xena unit tests 9cfd4f5d0 Update master for stable/wallaby d01192c16 Extend support for custom Grafana dashboards 030a9a28d docs: Improve policy documentation 1ddef8597 Use Docker healthchecks for rabbitmq services 22a6765f5 Support editable installation in all cases e548b5969 [CI] Save systemctl info fbd80bcdc octavia: Ensure service auth project exists 3c1fd4409 Use Docker healthchecks for memcached services 561be6de3 Use Docker healthchecks for mistral services db1bc8fc7 docs: Add note about internal VIP when HAProxy is disabled adf492bd9 cinder: fix condition to copy backend TLS certs aa9ac3320 Add global tag variables for Panko and Skydive 268f0e4c9 Disable usage collection in Kibana 5a6cafa21 Add Alertmanger metric target(s) 25c33f9c9 Make it possible to override automatic fluentd version detection 2d82920d8 Update blazar.conf template 48cd90a8d Use Docker healthchecks for ceilometer services d3e91045f Use Docker healthchecks for qdrouterd services 2db0a2a62 Use Docker healthchecks for kuryr services 04b970ca0 Use Docker healthchecks for zun services 72df931b5 Use Docker healthchecks for kafka services 106644e49 docs: add code reviews to contributor guide 99db669fb CI: Reduce neutron RPC service workers to 1 21ccae12f chronyd crash loop if Debian server is rebooted 2c833baa5 CI: only run cells job on changes to nova role 90435f6a9 Add a ovsdb_timeout variable for better configuration 1c63eb20d Persist nova libvirt secrets in a Docker volume ce012bcb0 Fix "Restart mariadb-clustercheck container" during config gen Diffstat (except docs and test files) ------------------------------------- .gitreview | 2 +- README.rst | 3 - ansible/action_plugins/merge_yaml.py | 7 - ansible/chrony-cleanup.yml | 31 +++- ansible/gather-facts.yml | 13 +- ansible/group_vars/all.yml | 77 +++++---- ansible/inventory/all-in-one | 28 +-- ansible/inventory/multinode | 28 +-- ansible/library/kolla_docker.py | 44 ++++- ansible/library/kolla_toolbox.py | 8 +- ansible/post-deploy.yml | 4 +- ansible/roles/aodh/defaults/main.yml | 8 +- ansible/roles/aodh/tasks/pull.yml | 12 +- ansible/roles/aodh/templates/aodh.conf.j2 | 1 + ansible/roles/barbican/defaults/main.yml | 6 +- ansible/roles/barbican/tasks/check.yml | 6 +- ansible/roles/barbican/tasks/pull.yml | 12 +- ansible/roles/barbican/templates/barbican.conf.j2 | 1 + ansible/roles/baremetal/defaults/main.yml | 19 +-- ansible/roles/baremetal/tasks/install.yml | 72 ++++---- ansible/roles/baremetal/tasks/post-install.yml | 74 +------- ansible/roles/baremetal/tasks/pre-install.yml | 17 +- ansible/roles/blazar/defaults/main.yml | 4 +- ansible/roles/blazar/tasks/pull.yml | 12 +- ansible/roles/blazar/templates/blazar.conf.j2 | 3 +- ansible/roles/ceilometer/defaults/main.yml | 64 ++++++- ansible/roles/ceilometer/handlers/main.yml | 4 + .../roles/ceilometer/tasks/check-containers.yml | 1 + ansible/roles/ceilometer/tasks/config.yml | 23 --- ansible/roles/ceilometer/tasks/pull.yml | 12 +- .../templates/ceilometer-notification.json.j2 | 9 +- .../ceilometer/templates/event_pipeline.yaml.j2 | 3 - ansible/roles/ceph-rgw/defaults/main.yml | 92 ++++++++++ ansible/roles/{chrony => ceph-rgw}/tasks/check.yml | 0 .../tasks/check.yml => ceph-rgw/tasks/config.yml} | 0 .../tasks/deploy-containers.yml} | 0 ansible/roles/ceph-rgw/tasks/deploy.yml | 2 + .../{panko => ceph-rgw}/tasks/loadbalancer.yml | 4 +- ansible/roles/{panko => ceph-rgw}/tasks/main.yml | 0 ansible/roles/ceph-rgw/tasks/precheck.yml | 10 ++ .../tasks/check.yml => ceph-rgw/tasks/pull.yml} | 0 .../{chrony => ceph-rgw}/tasks/reconfigure.yml | 0 ansible/roles/ceph-rgw/tasks/register.yml | 9 + .../tasks/check.yml => ceph-rgw/tasks/stop.yml} | 0 ansible/roles/ceph-rgw/tasks/upgrade.yml | 1 + ansible/roles/chrony/defaults/main.yml | 31 ---- ansible/roles/chrony/handlers/main.yml | 16 -- ansible/roles/chrony/tasks/check-containers.yml | 17 -- ansible/roles/chrony/tasks/cleanup.yml | 12 -- ansible/roles/chrony/tasks/config.yml | 53 ------ ansible/roles/chrony/tasks/deploy.yml | 7 - ansible/roles/chrony/tasks/main.yml | 7 - ansible/roles/chrony/tasks/precheck.yml | 9 - ansible/roles/chrony/tasks/pull.yml | 11 -- ansible/roles/chrony/templates/chrony.conf.j2 | 47 ------ ansible/roles/chrony/templates/chrony.json.j2 | 23 --- ansible/roles/cinder/defaults/main.yml | 22 +-- ansible/roles/cinder/tasks/precheck.yml | 1 - ansible/roles/cinder/tasks/pull.yml | 12 +- ansible/roles/cinder/tasks/upgrade.yml | 16 -- ansible/roles/cinder/templates/cinder.conf.j2 | 15 +- ansible/roles/cloudkitty/defaults/main.yml | 4 +- ansible/roles/cloudkitty/tasks/pull.yml | 12 +- ansible/roles/collectd/defaults/main.yml | 2 +- ansible/roles/collectd/tasks/pull.yml | 12 +- ansible/roles/common/defaults/main.yml | 10 +- ansible/roles/common/tasks/config.yml | 76 +++++---- ansible/roles/common/tasks/inspect.yml | 6 - ansible/roles/common/tasks/pull.yml | 11 +- .../templates/conf/filter/01-rewrite-0.12.conf.j2 | 3 +- .../templates/conf/filter/01-rewrite-0.14.conf.j2 | 7 +- .../templates/conf/input/03-rabbitmq.conf.j2 | 2 +- .../templates/conf/input/08-prometheus.conf.j2 | 14 ++ .../common/templates/conf/output/00-local.conf.j2 | 8 + .../common/templates/conf/output/01-es.conf.j2 | 3 +- .../templates/conf/output/02-monasca.conf.j2 | 2 +- .../common/templates/cron-logrotate-chrony.conf.j2 | 3 - .../common/templates/cron-logrotate-panko.conf.j2 | 3 - .../common/templates/cron-logrotate-rally.conf.j2 | 3 - .../templates/cron-logrotate-tempest.conf.j2 | 3 - ansible/roles/common/templates/erl_inetrc.j2 | 3 + ansible/roles/common/templates/fluentd.json.j2 | 4 + .../roles/common/templates/kolla-toolbox.json.j2 | 5 +- .../roles/common/templates/rabbitmq-env.conf.j2 | 2 + ansible/roles/cyborg/defaults/main.yml | 6 +- ansible/roles/cyborg/tasks/config.yml | 1 + ansible/roles/cyborg/tasks/pull.yml | 12 +- ansible/roles/cyborg/templates/cyborg.conf.j2 | 3 +- ansible/roles/designate/defaults/main.yml | 14 +- ansible/roles/designate/tasks/pull.yml | 12 +- .../roles/designate/templates/designate.conf.j2 | 2 +- ansible/roles/elasticsearch/defaults/main.yml | 4 +- ansible/roles/elasticsearch/tasks/pull.yml | 12 +- ansible/roles/etcd/defaults/main.yml | 6 +- ansible/roles/etcd/tasks/pull.yml | 12 +- ansible/roles/freezer/defaults/main.yml | 4 +- ansible/roles/freezer/tasks/pull.yml | 12 +- ansible/roles/freezer/templates/freezer.conf.j2 | 5 +- ansible/roles/glance/defaults/main.yml | 8 +- ansible/roles/glance/tasks/pull.yml | 12 +- ansible/roles/glance/templates/glance-api.conf.j2 | 1 + ansible/roles/gnocchi/defaults/main.yml | 6 +- ansible/roles/gnocchi/tasks/external_ceph.yml | 37 ++-- ansible/roles/gnocchi/tasks/pull.yml | 12 +- ansible/roles/gnocchi/templates/gnocchi.conf.j2 | 1 + ansible/roles/grafana/defaults/main.yml | 2 +- ansible/roles/grafana/tasks/config.yml | 20 +-- ansible/roles/grafana/tasks/pull.yml | 9 +- ansible/roles/grafana/tasks/upgrade.yml | 5 - .../roles/hacluster/tasks/bootstrap_service.yml | 8 +- ansible/roles/hacluster/tasks/pull.yml | 12 +- .../hacluster/templates/hacluster_corosync.conf.j2 | 2 +- ansible/roles/haproxy-config/defaults/main.yml | 1 - .../templates/haproxy_single_service_listen.cfg.j2 | 111 ------------ .../templates/haproxy_single_service_split.cfg.j2 | 9 +- ansible/roles/haproxy/tasks/copy-certs.yml | 6 - ansible/roles/haproxy/tasks/deploy-containers.yml | 2 - ansible/roles/haproxy/tasks/main.yml | 3 - ansible/roles/haproxy/tasks/pull.yml | 11 -- ansible/roles/haproxy/tasks/stop.yml | 6 - ansible/roles/haproxy/tasks/upgrade.yml | 2 - ansible/roles/heat/defaults/main.yml | 8 +- ansible/roles/heat/tasks/bootstrap_service.yml | 3 +- ansible/roles/heat/tasks/pull.yml | 12 +- ansible/roles/heat/templates/heat.conf.j2 | 1 + ansible/roles/horizon/defaults/main.yml | 2 +- ansible/roles/horizon/tasks/pull.yml | 12 +- ansible/roles/horizon/templates/horizon.conf.j2 | 7 +- ansible/roles/influxdb/defaults/main.yml | 2 +- ansible/roles/influxdb/tasks/pull.yml | 9 +- ansible/roles/ironic/defaults/main.yml | 19 ++- ansible/roles/ironic/tasks/deploy.yml | 2 +- ansible/roles/ironic/tasks/pull.yml | 12 +- .../ironic/templates/ironic-inspector.conf.j2 | 6 +- ansible/roles/ironic/templates/ironic.conf.j2 | 29 ++-- ansible/roles/iscsi/defaults/main.yml | 4 +- ansible/roles/iscsi/tasks/precheck.yml | 2 +- ansible/roles/iscsi/tasks/pull.yml | 12 +- ansible/roles/kafka/defaults/main.yml | 17 +- ansible/roles/kafka/handlers/main.yml | 1 + ansible/roles/kafka/tasks/check-containers.yml | 1 + ansible/roles/kafka/tasks/pull.yml | 12 +- ansible/roles/keystone/defaults/main.yml | 20 ++- ansible/roles/keystone/tasks/config.yml | 1 + ansible/roles/keystone/tasks/pull.yml | 12 +- ansible/roles/keystone/tasks/register.yml | 2 +- .../keystone/tasks/register_identity_providers.yml | 107 ++++++------ .../keystone/templates/fernet-healthcheck.sh.j2 | 6 + .../keystone/templates/fernet-node-sync.sh.j2 | 32 ++-- ansible/roles/keystone/templates/fernet-push.sh.j2 | 16 ++ .../keystone/templates/keystone-fernet.json.j2 | 6 + ansible/roles/kibana/defaults/main.yml | 2 +- ansible/roles/kibana/tasks/pull.yml | 12 +- ansible/roles/kibana/templates/kibana.yml.j2 | 1 + ansible/roles/kuryr/defaults/main.yml | 16 +- ansible/roles/kuryr/handlers/main.yml | 1 + ansible/roles/kuryr/tasks/check-containers.yml | 1 + ansible/roles/kuryr/tasks/pull.yml | 8 +- .../{haproxy => loadbalancer}/defaults/main.yml | 16 +- .../{haproxy => loadbalancer}/handlers/main.yml | 8 +- .../tasks/check-containers.yml | 4 +- ansible/roles/loadbalancer/tasks/check.yml | 1 + .../tasks/config-host.yml | 7 +- .../{haproxy => loadbalancer}/tasks/config.yml | 28 +-- .../{panko => loadbalancer}/tasks/copy-certs.yml | 2 +- .../tasks/deploy-containers.yml | 0 .../{haproxy => loadbalancer}/tasks/deploy.yml | 0 ansible/roles/loadbalancer/tasks/main.yml | 3 + .../{haproxy => loadbalancer}/tasks/precheck.yml | 157 ++++++++--------- ansible/roles/loadbalancer/tasks/pull.yml | 3 + .../tasks/reconfigure.yml | 0 .../roles/{chrony => loadbalancer}/tasks/stop.yml | 2 +- .../{chrony => loadbalancer}/tasks/upgrade.yml | 0 .../templates/haproxy}/haproxy.json.j2 | 0 .../templates/haproxy}/haproxy_main.cfg.j2 | 0 .../templates/haproxy}/haproxy_run.sh.j2 | 0 .../templates/keepalived}/keepalived.conf.j2 | 6 +- .../templates/keepalived}/keepalived.json.j2 | 0 ansible/roles/magnum/defaults/main.yml | 4 +- ansible/roles/magnum/tasks/pull.yml | 12 +- ansible/roles/magnum/templates/magnum.conf.j2 | 10 ++ ansible/roles/manila/defaults/main.yml | 21 ++- ansible/roles/manila/tasks/deploy.yml | 5 - ansible/roles/manila/tasks/fix_cephfs_owner.yml | 85 ---------- ansible/roles/manila/tasks/pull.yml | 12 +- .../roles/manila/templates/manila-share.conf.j2 | 22 ++- ansible/roles/manila/templates/manila.conf.j2 | 1 + ansible/roles/mariadb/defaults/main.yml | 19 +-- ansible/roles/mariadb/handlers/main.yml | 6 + ansible/roles/mariadb/tasks/config.yml | 20 --- ansible/roles/mariadb/tasks/main.yml | 6 +- ansible/roles/mariadb/tasks/pull.yml | 12 +- ansible/roles/mariadb/tasks/register.yml | 2 +- ansible/roles/mariadb/templates/galera.cnf.j2 | 7 +- ansible/roles/mariadb/templates/mariadb.json.j2 | 8 +- ansible/roles/mariadb/templates/wsrep-notify.sh.j2 | 79 --------- ansible/roles/masakari/defaults/main.yml | 6 +- ansible/roles/masakari/tasks/clone.yml | 8 +- ansible/roles/masakari/tasks/pull.yml | 12 +- .../masakari/templates/masakari-monitors.conf.j2 | 6 + ansible/roles/masakari/templates/masakari.conf.j2 | 1 + ansible/roles/memcached/defaults/main.yml | 18 +- ansible/roles/memcached/handlers/main.yml | 1 + ansible/roles/memcached/tasks/check-containers.yml | 1 + ansible/roles/memcached/tasks/pull.yml | 13 +- ansible/roles/mistral/defaults/main.yml | 64 ++++++- ansible/roles/mistral/handlers/main.yml | 4 + ansible/roles/mistral/tasks/check-containers.yml | 2 +- ansible/roles/mistral/tasks/pull.yml | 12 +- ansible/roles/mistral/templates/mistral.conf.j2 | 1 + ansible/roles/monasca/defaults/main.yml | 25 +-- ansible/roles/monasca/handlers/main.yml | 33 +++- ansible/roles/monasca/tasks/check-containers.yml | 1 + ansible/roles/monasca/tasks/config.yml | 4 +- ansible/roles/monasca/tasks/pull.yml | 12 +- ansible/roles/monasca/tasks/upgrade.yml | 13 ++ .../monasca-agent-collector/agent-collector.yml.j2 | 2 +- .../monasca-agent-forwarder/agent-forwarder.yml.j2 | 2 +- .../monasca-agent-statsd/agent-statsd.yml.j2 | 2 +- .../monasca/templates/monasca-api/api.conf.j2 | 4 +- .../monasca-notification/notification.conf.j2 | 3 - .../templates/monasca-persister/persister.conf.j2 | 5 - .../monasca-thresh/monasca-thresh.json.j2 | 2 +- .../monasca/templates/monasca-thresh/storm.yml.j2 | 8 - ansible/roles/multipathd/defaults/main.yml | 2 +- ansible/roles/multipathd/tasks/pull.yml | 12 +- ansible/roles/murano/defaults/main.yml | 4 +- .../roles/murano/tasks/import_library_packages.yml | 16 +- ansible/roles/murano/tasks/pull.yml | 12 +- ansible/roles/murano/templates/murano.conf.j2 | 3 + ansible/roles/neutron/defaults/main.yml | 34 ++-- ansible/roles/neutron/tasks/config-host.yml | 1 - ansible/roles/neutron/tasks/pull.yml | 12 +- ansible/roles/neutron/tasks/rolling_upgrade.yml | 2 +- ansible/roles/neutron/templates/dhcp_agent.ini.j2 | 3 + .../neutron/templates/ironic_neutron_agent.ini.j2 | 6 +- ansible/roles/neutron/templates/l3_agent.ini.j2 | 3 + .../neutron/templates/linuxbridge_agent.ini.j2 | 4 +- ansible/roles/neutron/templates/ml2_conf.ini.j2 | 2 +- .../roles/neutron/templates/neutron-server.json.j2 | 2 +- ansible/roles/neutron/templates/neutron.conf.j2 | 7 +- .../templates/neutron_ovn_metadata_agent.ini.j2 | 3 +- .../neutron/templates/openvswitch_agent.ini.j2 | 1 + ansible/roles/nova-cell/defaults/main.yml | 57 +++++-- ansible/roles/nova-cell/tasks/config-host.yml | 2 +- .../roles/nova-cell/tasks/discover_computes.yml | 19 +-- ansible/roles/nova-cell/tasks/loadbalancer.yml | 4 + ansible/roles/nova-cell/tasks/pull.yml | 12 +- ansible/roles/nova-cell/tasks/rabbitmq.yml | 4 +- ansible/roles/nova-cell/tasks/reload.yml | 1 + .../roles/nova-cell/templates/nova-libvirt.json.j2 | 3 +- ansible/roles/nova-cell/templates/nova.conf.j2 | 4 +- ansible/roles/nova/defaults/main.yml | 8 +- ansible/roles/nova/tasks/pull.yml | 12 +- ansible/roles/nova/tasks/reload_api.yml | 1 + .../roles/nova/tasks/reload_super_conductor.yml | 1 + ansible/roles/nova/templates/nova.conf.j2 | 1 + ansible/roles/octavia/defaults/main.yml | 10 +- ansible/roles/octavia/tasks/hm-interface.yml | 6 +- ansible/roles/octavia/tasks/openrc.yml | 4 +- ansible/roles/octavia/tasks/prepare.yml | 2 +- ansible/roles/octavia/tasks/pull.yml | 12 +- ansible/roles/octavia/templates/octavia.conf.j2 | 1 + ansible/roles/openvswitch/defaults/main.yml | 6 +- ansible/roles/openvswitch/tasks/pull.yml | 12 +- ansible/roles/ovn/handlers/main.yml | 4 + ansible/roles/ovn/tasks/pull.yml | 12 +- ansible/roles/ovs-dpdk/defaults/main.yml | 6 +- ansible/roles/ovs-dpdk/tasks/config.yml | 1 + ansible/roles/ovs-dpdk/tasks/pull.yml | 12 +- ansible/roles/panko/defaults/main.yml | 77 --------- ansible/roles/panko/handlers/main.yml | 15 -- ansible/roles/panko/tasks/bootstrap.yml | 36 ---- ansible/roles/panko/tasks/bootstrap_service.yml | 20 --- ansible/roles/panko/tasks/check-containers.yml | 16 -- ansible/roles/panko/tasks/config.yml | 97 ----------- ansible/roles/panko/tasks/deploy-containers.yml | 2 - ansible/roles/panko/tasks/deploy.yml | 11 -- ansible/roles/panko/tasks/precheck.yml | 24 --- ansible/roles/panko/tasks/pull.yml | 8 - ansible/roles/panko/tasks/reconfigure.yml | 2 - ansible/roles/panko/tasks/register.yml | 7 - ansible/roles/panko/tasks/stop.yml | 6 - ansible/roles/panko/tasks/upgrade.yml | 9 - ansible/roles/panko/templates/panko-api.json.j2 | 32 ---- ansible/roles/panko/templates/panko.conf.j2 | 37 ---- ansible/roles/panko/templates/wsgi-panko.conf.j2 | 36 ---- ansible/roles/placement/defaults/main.yml | 2 +- ansible/roles/placement/tasks/config.yml | 2 +- ansible/roles/placement/tasks/pull.yml | 12 +- .../roles/placement/templates/placement.conf.j2 | 1 + ansible/roles/prechecks/tasks/database_checks.yml | 2 +- ansible/roles/prechecks/tasks/datetime_checks.yml | 2 +- ansible/roles/prechecks/tasks/host_os_checks.yml | 31 +++- ansible/roles/prechecks/tasks/inventory_checks.yml | 11 ++ ansible/roles/prechecks/tasks/main.yml | 4 +- ansible/roles/prechecks/tasks/package_checks.yml | 2 +- ansible/roles/prechecks/tasks/port_checks.yml | 4 +- ansible/roles/prechecks/tasks/timesync_checks.yml | 9 +- ansible/roles/prechecks/vars/main.yml | 11 +- ansible/roles/prometheus/defaults/main.yml | 34 ++-- ansible/roles/prometheus/tasks/bootstrap.yml | 2 +- ansible/roles/prometheus/tasks/config.yml | 1 - ansible/roles/prometheus/tasks/pull.yml | 12 +- .../templates/prometheus-cadvisor.json.j2 | 2 +- .../prometheus/templates/prometheus-server.json.j2 | 4 - .../roles/prometheus/templates/prometheus.yml.j2 | 84 +++++++-- ansible/roles/qdrouterd/defaults/main.yml | 17 +- ansible/roles/qdrouterd/handlers/main.yml | 1 + ansible/roles/qdrouterd/tasks/check-containers.yml | 1 + ansible/roles/qdrouterd/tasks/precheck.yml | 2 +- ansible/roles/qdrouterd/tasks/pull.yml | 12 +- ansible/roles/rabbitmq/defaults/main.yml | 22 ++- ansible/roles/rabbitmq/tasks/check-containers.yml | 1 + ansible/roles/rabbitmq/tasks/precheck.yml | 4 +- ansible/roles/rabbitmq/tasks/pull.yml | 12 +- ansible/roles/rabbitmq/tasks/restart_services.yml | 1 + .../roles/rabbitmq/templates/rabbitmq-env.conf.j2 | 2 +- ansible/roles/rabbitmq/templates/rabbitmq.conf.j2 | 5 +- ansible/roles/rally/defaults/main.yml | 36 ---- ansible/roles/rally/handlers/main.yml | 15 -- ansible/roles/rally/tasks/bootstrap.yml | 36 ---- ansible/roles/rally/tasks/bootstrap_service.yml | 20 --- ansible/roles/rally/tasks/check-containers.yml | 16 -- ansible/roles/rally/tasks/config.yml | 80 --------- ansible/roles/rally/tasks/copy-certs.yml | 6 - ansible/roles/rally/tasks/deploy-containers.yml | 2 - ansible/roles/rally/tasks/deploy.yml | 9 - ansible/roles/rally/tasks/main.yml | 7 - ansible/roles/rally/tasks/precheck.yml | 6 - ansible/roles/rally/tasks/pull.yml | 11 -- ansible/roles/rally/tasks/reconfigure.yml | 2 - ansible/roles/rally/tasks/stop.yml | 6 - ansible/roles/rally/tasks/upgrade.yml | 9 - ansible/roles/rally/templates/rally.conf.j2 | 16 -- ansible/roles/rally/templates/rally.json.j2 | 24 --- ansible/roles/redis/defaults/main.yml | 4 +- ansible/roles/redis/tasks/pull.yml | 12 +- ansible/roles/sahara/defaults/main.yml | 4 +- ansible/roles/sahara/tasks/pull.yml | 12 +- ansible/roles/sahara/templates/sahara.conf.j2 | 1 + ansible/roles/senlin/defaults/main.yml | 8 +- ansible/roles/senlin/tasks/pull.yml | 12 +- ansible/roles/senlin/templates/senlin.conf.j2 | 1 + .../roles/service-images-pull/defaults/main.yml | 7 + ansible/roles/service-images-pull/tasks/main.yml | 16 ++ ansible/roles/skydive/defaults/main.yml | 12 +- ansible/roles/skydive/tasks/pull.yml | 12 +- .../roles/skydive/templates/skydive-agent.conf.j2 | 3 +- .../skydive/templates/skydive-analyzer.conf.j2 | 3 +- ansible/roles/solum/defaults/main.yml | 8 +- ansible/roles/solum/tasks/pull.yml | 12 +- ansible/roles/solum/templates/solum.conf.j2 | 3 +- ansible/roles/storm/defaults/main.yml | 4 +- ansible/roles/storm/tasks/pull.yml | 12 +- ansible/roles/swift/defaults/main.yml | 6 + ansible/roles/swift/tasks/pull.yml | 24 +++ ansible/roles/tacker/defaults/main.yml | 6 +- ansible/roles/tacker/tasks/pull.yml | 12 +- ansible/roles/tacker/templates/tacker.conf.j2 | 1 + ansible/roles/telegraf/defaults/main.yml | 2 +- ansible/roles/telegraf/tasks/pull.yml | 12 +- ansible/roles/telegraf/templates/telegraf.conf.j2 | 6 +- ansible/roles/tempest/defaults/main.yml | 2 +- ansible/roles/tempest/handlers/main.yml | 15 -- ansible/roles/tempest/tasks/check-containers.yml | 16 -- ansible/roles/tempest/tasks/config.yml | 47 ------ ansible/roles/tempest/tasks/copy-certs.yml | 6 - ansible/roles/tempest/tasks/deploy-containers.yml | 2 - ansible/roles/tempest/tasks/deploy.yml | 7 - ansible/roles/tempest/tasks/main.yml | 7 - ansible/roles/tempest/tasks/precheck.yml | 6 - ansible/roles/tempest/tasks/pull.yml | 11 -- ansible/roles/tempest/tasks/reconfigure.yml | 2 - ansible/roles/tempest/tasks/stop.yml | 6 - ansible/roles/tempest/tasks/upgrade.yml | 7 - ansible/roles/tempest/templates/tempest.conf.j2 | 69 -------- ansible/roles/tempest/templates/tempest.json.j2 | 11 -- ansible/roles/trove/defaults/main.yml | 6 +- ansible/roles/trove/tasks/pull.yml | 12 +- ansible/roles/trove/templates/trove.conf.j2 | 1 + ansible/roles/vitrage/defaults/main.yml | 10 +- ansible/roles/vitrage/tasks/pull.yml | 12 +- ansible/roles/vitrage/templates/vitrage.conf.j2 | 3 +- ansible/roles/vmtp/defaults/main.yml | 2 +- ansible/roles/vmtp/tasks/pull.yml | 12 +- ansible/roles/watcher/defaults/main.yml | 6 +- ansible/roles/watcher/tasks/config.yml | 3 + ansible/roles/watcher/tasks/pull.yml | 12 +- ansible/roles/watcher/templates/watcher.conf.j2 | 1 + ansible/roles/zookeeper/defaults/main.yml | 2 +- ansible/roles/zookeeper/tasks/pull.yml | 12 +- ansible/roles/zookeeper/templates/myid.j2 | 2 +- ansible/roles/zun/defaults/main.yml | 64 ++++++- ansible/roles/zun/handlers/main.yml | 4 + ansible/roles/zun/tasks/check-containers.yml | 1 + ansible/roles/zun/tasks/pull.yml | 12 +- ansible/site.yml | 89 +++------- .../reference/databases/external-mariadb-guide.rst | 2 +- .../bootstrap-servers.rst | 28 ++- .../reference/high-availability/haproxy-guide.rst | 64 +++++++ .../logging-and-monitoring/grafana-guide.rst | 8 +- .../logging-and-monitoring/monasca-guide.rst | 2 +- .../logging-and-monitoring/prometheus-guide.rst | 24 +-- .../message-queues/external-rabbitmq-guide.rst | 53 ++++++ .../reference/networking/neutron-extensions.rst | 48 ++++++ .../reference/networking/provider-networks.rst | 21 --- .../reference/storage/external-ceph-guide.rst | 105 +++++++++++- etc/kolla/globals.yml | 75 ++++---- etc/kolla/passwords.yml | 15 +- kolla_ansible/cmd/readpwd.py | 118 +++++++++++++ kolla_ansible/cmd/writepwd.py | 120 +++++++++++++ kolla_ansible/hashi_vault.py | 64 +++++++ kolla_ansible/kolla_address.py | 2 +- .../add-alertmanager-metrics-a8d87b0793f2255a.yaml | 4 + ...port-for-fluentd-exporter-ca02ff9182039e3e.yaml | 10 ++ releasenotes/notes/ansible-4-171c8afddfc325e8.yaml | 5 + .../notes/ansible-facts-4279741e84c03ce0.yaml | 10 ++ .../notes/bug-1808805-3ebd9b0edceff170.yaml | 13 ++ .../notes/bug-1837551-4237e2df8725ffc7.yaml | 13 ++ .../notes/bug-1848775-b0625b7586adac96.yaml | 8 + .../notes/bug-1927880-cc407f18f415bbd2.yaml | 6 + .../notes/bug-1933025-1cb5d64d20d57be7.yaml | 6 + .../notes/bug-1933209-73e78353cb5c3266.yaml | 11 ++ .../notes/bug-1933347-4031d94ef7decb3c.yaml | 5 + .../notes/bug-1933846-122a62e9724b638c.yaml | 5 + .../notes/bug-1934913-a8d436e3d0b950b4.yaml | 6 + .../notes/bug-1938549-e73042a61f0a5935.yaml | 10 ++ .../notes/bug-1939291-bf2e405d286e4b07.yaml | 6 + .../notes/bug-1939679-a31bc2093a4c0000.yaml | 5 + .../notes/bug-1939883-dbfca874b138cfe9.yaml | 6 + .../notes/bug-1940547-771f6affb3547748.yaml | 18 ++ .../notes/bug-1941706-a8f9e9544f1540e3.yaml | 13 ++ .../notes/bug-1941940-c63265ea6ea2f594.yaml | 11 ++ .../notes/bug-1942846-8b9edb99a7e7c24f.yaml | 5 + .../notes/bug-1944114-fa2a266c014c64a9.yaml | 5 + .../notes/bug-1945070-965635387a8581f9.yaml | 6 + .../notes/bug-1945453-c410cc090cb85feb.yaml | 16 ++ .../notes/bug-1947485-d059864252fb1813.yaml | 7 + .../notes/bug-1947534-bf3b5ed19473015f.yaml | 5 + .../notes/bug-1947589-52e7a6fa5d82e7fa.yaml | 6 + .../notes/bug-1948835-51b15ddbef04d307.yaml | 6 + .../notes/bug-1948979-aaf2a93cc016ffb1.yaml | 5 + .../notes/bug-1949260-34d82ecd677dd8ff.yaml | 5 + releasenotes/notes/ceph-rgw-062e0544a004f7b1.yaml | 4 + ...fault-migration-interface-3cdf30eed98553fd.yaml | 4 +- .../notes/cli-exit-code-1e6278f803dbf8e2.yaml | 6 + .../notes/cyborg-become-8453d941af536e91.yaml | 5 + .../default-type-source-3fefd8baa3ca46ba.yaml | 8 + ...signate-deprecated-option-66e90605e592c52a.yaml | 5 + .../notes/disable-firewall-1e1955168c717cb5.yaml | 6 + .../disable-kibana-telemetry-46de5aaf2fc7c186.yaml | 5 + .../drop-enable_host_ntp-ce6e60a46e7544ea.yaml | 4 + .../notes/drop-group-haproxy-6119957627811873.yaml | 5 + .../notes/drop-zfssa-2708a8c0b0eb5f43.yaml | 5 + .../notes/enable-ipxe-cf461344bdb99881.yaml | 10 ++ ...g-to-die-after-VIP-switch-5f9e811783c36041.yaml | 13 ++ ...eb-ironic-ipxe-heathcheck-2ae5fd0537c056ce.yaml | 6 + .../notes/fix-gnocchi-statsd-a56c789a3da758a6.yaml | 5 + ...h-externally-managed-cert-1c5faa980aaf8949.yaml | 4 + .../fix-magnum-tls-cacert-dd5ab5729391beb2.yaml | 5 + .../notes/fix-neutron-vmware-4a8804399d47d8d7.yaml | 5 + .../fix_supress_type_warning-59f87fe62f83bd12.yaml | 5 + .../gather-facts-command-7b62d2c3eb13ec8e.yaml | 5 + ...-default-template-upgrade-c9b88d3385a5d257.yaml | 5 + ...xy-service-backend-weight-e4a908f732a37b42.yaml | 10 ++ .../notes/image-pull-retries-75490c3e6e1e4b54.yaml | 9 + ...ealthchecks-for-memcached-807b9036c3c92596.yaml | 6 + ...healthchecks-for-rabbitmq-a596f6b063026491.yaml | 6 + ...er-healthchecks-multiple2-a85e1cea3f8e4c23.yaml | 8 + .../notes/kolla-ansible-diff-50de16722aa155dc.yaml | 5 + .../notes/linux-bridge-multi-fe8576616fb7d373.yaml | 6 + .../notes/manila-glance-4524ed1e9d488a60.yaml | 5 + .../notes/mariadb-tag-6f08b8d5874c9106.yaml | 6 + .../monasca-collector-ntp-6be55e5526438cfc.yaml | 7 + ...user-auth-to-system-scope-900db3265861ebde.yaml | 8 + ...eutron-log-service-plugin-049ce93906386435.yaml | 5 + .../notes/nova-ceph-user-53670f9ccc546225.yaml | 16 ++ ...fluentd-version-detection-3cb8b8a8ebc02d0a.yaml | 6 + .../override-rmq-in-ktb-86c97926db67d3c9.yaml | 5 + .../persist-libvirt-secrets-6e07ab2914f40ad3.yaml | 6 + .../prometheus-target-names-94b17f58fa7c957a.yaml | 13 ++ ...duce-cadvisor-cardinality-1213854b9fe0c828.yaml | 19 +++ ...educe-rabbit-busy-waiting-085433c822165eab.yaml | 13 ++ ...nd-optimise-image-pulling-4346d3c0840ee640.yaml | 4 + .../notes/remove-chrony-role-90f164df8090f916.yaml | 4 + ...t-dda787fca995b9b096a1446e2d2cf9dede37f358.yaml | 4 + .../remove-prometheus-v1-8fa9c74c3dda568e.yaml | 7 + .../remove-rally-tempest-782ff3770e7e3dbb.yaml | 6 + .../remove-wsrep-notify-dbb5ef5f700b06b1.yaml | 5 + .../notes/setup-module-args-c29e1815bbbe8aca.yaml | 8 + ...vault-for-kolla-passwords-76a5b4ece6a4df07.yaml | 7 + .../support-manila-wallaby-2e29e866af0d6287.yaml | 15 ++ ...port-multiple-inventories-f0b694fa4e78bb8a.yaml | 5 + .../switch-images-to-quay-d4640afca6862eee.yaml | 11 ++ ...nic-template-for-keystone-1ee5f80fda7a21a0.yaml | 7 + releasenotes/source/index.rst | 1 + releasenotes/source/wallaby.rst | 6 + requirements.txt | 3 + roles/cephadm/defaults/main.yml | 3 +- roles/cephadm/tasks/main.yml | 11 -- setup.cfg | 2 + test-requirements.txt | 2 +- tools/cleanup-containers | 2 +- tools/cleanup-host | 16 +- tools/cleanup-images | 2 +- tools/diag | 2 +- tools/init-runonce | 3 +- tools/kolla-ansible | 45 +++-- tools/loc | 2 +- tools/ovs-dpdkctl.sh | 2 +- tools/pre-commit-hook | 2 +- tools/read_passwords.py | 1 + tools/run-bashate.sh | 2 +- tools/validate-all-file.py | 5 +- tools/validate-all-yaml.sh | 2 +- tools/validate-docker-execute.sh | 2 +- tools/write_passwords.py | 1 + tox.ini | 36 ++-- zuul.d/base.yaml | 30 +++- zuul.d/jobs.yaml | 38 ++++- zuul.d/nodesets.yaml | 12 -- zuul.d/project.yaml | 8 +- 564 files changed, 4227 insertions(+), 3706 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index d38c44e6f..e85f7744c 100644 --- a/requirements.txt +++ b/requirements.txt @@ -17,0 +18,3 @@ jmespath>=0.9.3 # MIT + +# Hashicorp Vault +hvac>=0.10.1 diff --git a/test-requirements.txt b/test-requirements.txt index 8b10965c0..ef84c6b8a 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -16 +16 @@ stestr>=2.0.0 # Apache-2.0 -ansible>=2.9.0,<3.0 # GPLv3 +ansible>=2.10.0,<5.0 # GPLv3