We are delighted to announce the release of: kolla-ansible 16.2.0: Ansible Deployment of Kolla containers This release is part of the antelope release series. The source is available from: https://opendev.org/openstack/kolla-ansible Download the package from: https://tarballs.openstack.org/kolla-ansible/ Please report issues through: https://bugs.launchpad.net/kolla-ansible/+bugs For more details, please see below. 16.2.0 ^^^^^^ New Features ************ * Added capability to specify custom kernel modules for Neutron: *neutron_modules_default*: Lists default modules. *neutron_modules_extra*: For custom modules and parameters. * Supports Debian Bookworm (12) as host distribution. * Added a neutron check for ML2/OVS and ML2/OVN presence at the start of deploy phase. It will fail if neutron_plugin_agent is set to "ovn" and use of ML2/OVS container detected. In case where neutron_plugin_agent is set to "openvswitch" the check will fail when it detects ML2/OVN container or any of the OVN specific volumes. * In the configuration template of the Senlin service the "cafile" parameter is now set by default in the "authentication" section. This way the use of self-signed certificates on the internal Keystone endpoint is also usable in the Senlin service. Upgrade Notes ************* * Default keystone user role has been changed from deprecated role "_member_" to "member" role. * Now "ironic_tftp" service does not bind on 0.0.0.0, by default it uses ip address of the "api_interface". To revert to the old behaviour, please set "ironic_tftp_interface_address: 0.0.0.0" in "globals.yml". * Configure Nova libvirt.num_pcie_ports to 16 by default. Nova currently sets 'num_pcie_ports' to "0" (defaults to libvirt's "1"), which is not sufficient for hotplug use with 'q35' machine type. * Changes default value of nova libvirt driver setting "skip_cpu_compare_on_dest" to true. With the libvirt driver, during live migration, skip comparing guest CPU with the destination host. When using QEMU >= 2.9 and libvirt >= 4.4.0, libvirt will do the correct thing with respect to checking CPU compatibility on the destination host during live migration. Security Issues *************** * Restrict the access to the http Openstack services exposed /server- status by default through the HAProxy on the public endpoint. Fixes issue for Ubuntu/Debian installations. RockyLinux/CentOS not affected. LP#1996913 Bug Fixes ********* * Fixes issues with OVN NB/SB DB deployment, where first node needs to be rebootstrapped. LP#1875223 * "enable_keystone_federation" and "keystone_enable_federation_openid" have not been explicitly handled as bool in various templates in the keystone role so far. LP#2036390 * Fixes an issue when Kolla is setting the producer tasks to None, and this disables all designate producer tasks. LP#1879557 * Fixes "ironic_tftp" which binds to all ip addresses on the system. Added "ironic_tftp_interface", "ironic_tftp_address_family" and "ironic_tftp_interface_address" parameters to set the address for the "ironic_tftp" service. LP#2024664 * Fixes an issue where a Docker health check wasn't configured for the OpenSearch Dashboards container. See bug 2028362. * Fixes an issue where 'q35' libvirt machine type VM could not hotplug more than one PCIe device at a time. * Fixes an issue where keepalived track script fails on single controller environment and keepalived VIP goes into BACKUP state. "keepalived_track_script_enabled" variable has been introduced (default: true), which can be used to disable track scripts in keepalived configuration. LP#2025219 * Fixes an issue were an OVS-DPDK task had a different name to how it was being notified. Changes in kolla-ansible 16.1.0..16.2.0 --------------------------------------- 9f32dada6 Rename per role filters files d3bab163d Default keystone user role changed to member c40fc0dbc Add ML2/OVN and ML2/OVS setting checks for neutron 2569a69ff Add option for extra kernel modules in neutron role d40d59f3f README: link to the meetings page directly 82898bff2 keystone: ensure bool for two parameters fc7ed97d5 Configure Nova libvirt.num_pcie_ports to 16 by default 319da0050 ovn: Fix broken deployment/reconfig on Ubuntu aa6202d88 CI: Remove redundant set/unset_cirros_image_q35_machine_type 7f208d9d5 Prevent libvirtd reload when only generating config aaaeb3e90 debian: fix some debian jobs 2e6644719 CI: add q35 hardware machine type to tests f848b81c2 CI: add block support to validate-all-file.py ff1d9dd17 senlin: add missing cafile parameter fdcb72b38 ovn: Improve clustering 12cf8bd17 Fix designate-producers not running properly 9c689f21e Use better default bind address for ironic-tftp c3541ad72 Fix D001 Line too long in mariadb-guide 13b8f90be Fixes WEBSSO_KEYSTONE_URL Value 764bbf6ef Drop useless DUMMY_ENVIRONMENT environment for cron container 6955f956f Fixes task name in notify module to the actual task name 404dc0d4a debian: Add Bookworm Host OS support a5addd825 systemd: handle running container without systemd unit 68f610f8b CI: bump ansible version in linter b5b2951c2 update ansible version 817d92fa3 Deny access to public /server-status in http Openstack services 06016233c Enable nova libvirt driver skip_cpu_compare_on_dest workaround b10e7dbe8 Fix OpenSearch Dashboards health check dfa1f83c2 Fix the fluentd regexp to collect the logs 739fb69cc opensearch: alter path after using rpm/deb packaging 3aaf78659 Trivial: Add deploy-containers for skyline 8d5356268 loadbalancer: Add option to not define track script Diffstat (except docs and test files) ------------------------------------- README.rst | 2 +- ansible/group_vars/all.yml | 5 +- ansible/library/kolla_container_volume_facts.py | 91 ++++++++++++++ ansible/library/kolla_toolbox.py | 2 +- ansible/module_utils/kolla_docker_worker.py | 7 +- ansible/module_utils/kolla_systemd_worker.py | 13 +- ansible/roles/common/defaults/main.yml | 2 - .../{filters.py => kolla_common_filters.py} | 0 .../common/templates/conf/input/00-global.conf.j2 | 4 +- .../roles/designate/templates/designate.conf.j2 | 1 - .../templates/haproxy_single_service_split.cfg.j2 | 3 + ansible/roles/horizon/templates/horizon.conf.j2 | 4 + ansible/roles/horizon/templates/local_settings.j2 | 2 +- ansible/roles/ironic/defaults/main.yml | 1 + ansible/roles/ironic/templates/ironic-tftp.json.j2 | 2 +- ansible/roles/keystone/templates/keystone.conf.j2 | 2 +- ansible/roles/keystone/templates/keystone.json.j2 | 2 +- .../roles/keystone/templates/wsgi-keystone.conf.j2 | 2 +- ansible/roles/loadbalancer/defaults/main.yml | 4 + ansible/roles/loadbalancer/tasks/config.yml | 1 + .../templates/keepalived/keepalived.conf.j2 | 4 + ansible/roles/neutron/defaults/main.yml | 7 ++ ansible/roles/neutron/tasks/config-host.yml | 5 +- ansible/roles/neutron/tasks/deploy.yml | 2 + .../neutron/tasks/neutron_plugin_agent_check.yml | 35 ++++++ ansible/roles/neutron/tasks/precheck.yml | 2 + ansible/roles/neutron/tasks/upgrade.yml | 2 + .../{filters.py => kolla_nova_cell_filters.py} | 0 ansible/roles/nova-cell/handlers/main.yml | 2 + .../templates/nova.conf.d/libvirt.conf.j2 | 3 + ansible/roles/opensearch/handlers/main.yml | 1 + .../templates/opensearch-dashboards.json.j2 | 14 +-- .../roles/opensearch/templates/opensearch.json.j2 | 2 +- .../templates/opensearch_dashboards.yml.j2 | 2 +- ansible/roles/ovn-db/defaults/main.yml | 19 +++ ansible/roles/ovn-db/tasks/bootstrap-initial.yml | 83 +++++++++++++ ansible/roles/ovn-db/tasks/deploy.yml | 10 ++ ansible/roles/ovn-db/tasks/lookup_cluster.yml | 131 +++++++++++++++++++++ ansible/roles/ovn-db/templates/ovn-nb-db.json.j2 | 2 +- ansible/roles/ovn-db/templates/ovn-sb-db.json.j2 | 2 +- ansible/roles/ovs-dpdk/handlers/main.yml | 2 +- ansible/roles/prechecks/vars/main.yml | 1 + ansible/roles/senlin/templates/senlin.conf.j2 | 1 + ansible/roles/skyline/tasks/deploy-containers.yml | 2 + lint-requirements.txt | 2 +- releasenotes/notes/1875223-05552108375d005a.yaml | 5 + ...ron-custom-kernel-modules-d105d3f84665e0a4.yaml | 6 + .../notes/bug-2036390-d087c5bfd504c9f3.yaml | 7 ++ ...cers-not-running-properly-3568f9167a9547f6.yaml | 6 + ...nge-default-keystone-role-386974967adfed65.yaml | 5 + .../debian-bookworm-host-08840d78c88742d3.yaml | 4 + ...default-tftp-bind-address-602acf76136d1732.yaml | 14 +++ ...s-dashboards-health-check-bf56027f8c3369ea.yaml | 6 + ...-q35-pcie-hotplug-libvirt-50b1879d61b1df72.yaml | 10 ++ ...rvices-deny-server-status-39d0259664053e59.yaml | 7 ++ .../keepalived_track_script-edfebb520f006647.yaml | 9 ++ .../notes/ml2ovs_precheck-c859504004f6884b.yaml | 9 ++ ...ovs-dpdk-task-name-bugfix-099b386886a40236.yaml | 5 + ...lin-authentication-cafile-4fe5e2f79769c872.yaml | 7 ++ .../skip-cpu-compare-on-dest-927004854f41bc32.yaml | 9 ++ test-requirements.txt | 2 +- tools/validate-all-file.py | 72 ++++++----- zuul.d/base.yaml | 1 + zuul.d/jobs.yaml | 51 +++++++- zuul.d/nodesets.yaml | 22 ++++ zuul.d/project.yaml | 23 ++-- 74 files changed, 784 insertions(+), 102 deletions(-) Requirements updates -------------------- diff --git a/lint-requirements.txt b/lint-requirements.txt index 0f255aa34..89cb54276 100644 --- a/lint-requirements.txt +++ b/lint-requirements.txt @@ -1 +1 @@ -ansible>=4,<6 # GPLv3 +ansible>=6,<8 # GPLv3 diff --git a/test-requirements.txt b/test-requirements.txt index 76b4eba12..c16a76461 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -8 +8 @@ stestr>=2.0.0 # Apache-2.0 -ansible>=4,<6 # GPLv3 +ansible>=6,<8 # GPLv3