We eagerly announce the release of: kolla-ansible 11.1.0: Ansible Deployment of Kolla containers This release is part of the victoria stable release series. The source is available from: https://opendev.org/openstack/kolla-ansible Download the package from: https://tarballs.openstack.org/kolla-ansible/ Please report issues through: https://bugs.launchpad.net/kolla-ansible/+bugs For more details, please see below. 11.1.0 ^^^^^^ New Features ************ * Add "octavia-driver-agent" to "Octavia" deployments to allow for additional providers, e.g. "ovn-octavia-provider". It is automatically deployed when "Octavia" is enabled and "neutron_plugin_agent" is set to "ovn". It can be also enabled by setting "enable_octavia_driver_agent" to "yes". Users need to update their inventory to include "octavia-driver-agent" Ansible group. * Adds a new flag, "docker_disable_default_network", which defaults to "no". Docker is using "172.17.0.0/16" by default for bridge networking on "docker0", and this might cause routing problems for operator networks. Setting this flag to "yes" will disable Docker's bridge networking. This feature will be enabled by default from the Wallaby 12.0.0 release. * Added a new haproxy configuration variable, "haproxy_host_ipv4_tcp_retries2", which allows users to modify this kernel option. This option sets maximum number of times a TCP packet is retransmitted in established state before giving up. The default kernel value is 15, which corresponds to a duration of approximately between 13 to 30 minutes, depending on the retransmission timeout. This variable can be used to mitigate an issue with stuck connections in case of VIP failover, see bug 1917068 for details. * Adds the ability to override the automatic detection of *fluentd_version* and *fluentd_binary*. These can now be defined as extra variables. This removes the dependency of having docker configured for config generation. * OVN deployment will now configure "external_ids:ovn-chassis-mac- mappings" to make DVR work on VLAN tenant networks. * Adds support for collecting Prometheus metrics from RabbitMQ. This is enabled by default when Prometheus and RabbitMQ are enabled, and may be disabled by setting "enable_prometheus_rabbitmq_exporter" to "false". Bug Fixes ********* * Fixes an issue with "kolla-ansible bootstrap-servers" if Zun is enabled where Zun-specific configuration for Docker was applied to all nodes. LP#1914378 * Fix the issue when Swift deployed with S3 Token Middleware enabled. Fixes LP#1862765 * Fixes the Northbound and Southbound database socket paths in OVN. * chronyd crash loop if server is rebooted (Debian) LP#1915528 * Fixes an issue preventing prechecks from succeeding when "non- native" NTP daemon was used, such as "ntpd` as opposed to ``systemd- timesyncd" on a Debian/Ubuntu system or to "chronyd" on a CentOS/RHEL system. LP#1922721 * Fixed an issue when Docker was configured after startup on Debian/Ubuntu, which resulted in iptables rules being created - before they were disabled. LP#1923203 * Fixes an issue with Octavia SSH key copying if user disabled Octavia auto configuration. LP##1927727 * Fixed an issue where docker python SDK 5.0.0 was failing due to missing six - introduced a constraint to install version lower than 5.x. LP#1928915 * Fixes more-than-2-node RabbitMQ upgrade failing randomly. LP#1930293. * Fixes Swift deploy when TLS enabled. Added the missing handler and corrected the container name. LP#1931097 * Fixes missing region_name in keystone_auth sections. See bug 1933025 for details. * Fixes "iscsid" failing in current CentOS 8 based images due to pid file being needlessly set. LP#1933033 * Fixes host bootstrap on Debian not removing the conflicting packages. It now behaves in accordance with the docs. LP#1933122 * Fixes an issue where "kolla-ansible" exits with a zero exit code when executed with a bogus command name. LP#1929397 * Fixes potential issue with Alertmanger in non-HA deployments. In this scenario, peer gossip protocol is now disabled and Alertmanager won't try to form a cluster with non-existing other instances. LP#1926463 * Adds a new flag, "docker_disable_ip_forward", which defaults to "no" and can be used (by setting "yes") to disable docker's "ip- forward" option which makes docker set "net.ipv4.ip_forward" sysctl to "1". This is to protect from creating all-forwarding hosts. LP#1931615 * Fixes an issue when generating "/etc/hosts" during "kolla-ansible bootstrap-servers" when one or more hosts has an "api_interface" with dashes ("-") in its name. LP#1927357 * Fixes some configuration issues around Barbican logging. LP#1891343 * Fixes some configuration issues around Cinder logging. LP#1916752 * Fix cyborg api doesn't listen on api interface. change host to host_ip in cyborg.conf. See the cyborg documentation * Fix the wrong configuration of the ovs-dpdk service. this breaks the deployment of kolla-ansible. For more details please see bug 1908850. * Fixes an issue with Magnum when TLS is enabled. LP#781062 * Fixes an issue with executing "kolla-ansible" when installed via "pip install --user". LP#1915527 * Fixes an issue where "masakari.conf" was generated for the "masakari-instancemonitor" service but not used. * Fixes an issue where "masakari-monitors.conf" was generated for the "masakari-api" and "masakari-engine" services but not used. * Uses a consistent variable name for container dimensions for "masakari-instancemonitor" - "masakari_instancemonitor_dimensions". The old name of "masakari_monitors_dimensions" is still supported. * Fixes an issue with Octavia deployment when using a custom service auth project. If "octavia_service_auth_project" is set to a project that does not exist, Octavia deployment would fail. The project is now created. LP#1922100 * Fixes LP#1892376 by updating deprecated syntax in the Monasca Elasticsearch template. * Removes whitespace around equal signs in "zookeeper.cfg" which were preventing the "zkCleanup.sh" script from running correctly. Other Notes *********** * Following Cinder upstream, support for using ZFSSA with Cinder has been removed. ZFSSA was unsupported in Train and later removed in Ussuri. * Updates the container image used by mariabackup. It was using the "mariadb" image, which was deprecated in Victoria and will be removed in Wallaby. The "mariadb-server" image is used instead. LP#1928129 Changes in kolla-ansible 11.0.0..11.1.0 --------------------------------------- 51eac17b4 Fix exit code with bogus command name e712915f3 [doc] Fix reno (disable-ip-forward) bdc1b468a Fix typos in release note d61340ba3 Allow user to set sysctl_net_ipv4_tcp_retries2 5c70c920c Disable docker's ip-forward when iptables disabled 0846f4afa [docker] Added a new flag to disable default network 0467055b2 docs: Add note about internal VIP when HAProxy is disabled 338d97731 magnum: Add CA certificate configuration for internal TLS 9681041d0 CI: Avoid generating a nova key in ceph-ansible scenario a2e5cfb85 Make it possible to override automatic fluentd version detection d41e01406 [CI] Do not set ansible_python_interpreter for Zuul 3b5bcc16a Make rabbitmq cluster_partition_handling configurable 37017d1a0 CI: Fix nfv job with kolla dependency 567fb01a7 [CI] Fix the NFV scenario f0487e793 Add missing region_name in keystoneauth sections b83ea3149 Drop support for Cinder ZFSSA backend fdbe6aebe Fix host bootstrap pkg removal on Debian 7b19b2e31 Add missing octavia-driver-agent 77d70f0d8 Do not set pid file for iscsid 5bc072141 baremetal: fix /etc/hosts generation when api_interface has dashes 12157d68b chronyd crash loop if Debian server is rebooted 5283eb8bf Stop fluentd deprecation warnings of type vs @type 903601a7a Fix parsing of infra.mariadb.xinetd logs f557229ef Fix neutron-ovn-metadata-agent with policy.yaml 1d6906bbb octavia: Ensure service auth project exists 9d9198294 Merge glance sections for nova.conf.j2 ef270b693 Redis configuration syntax update a75a489e3 Update blazar.conf template 421d7acfb Support editable installation in all cases 5b6af5094 Add the ansible_managed header for admin-openrc.sh 6387e431f Fix RabbitMQ restart ordering 595eec10b Add forgotten 'Restart container' handler for swift cece51910 [CI] Drop Zuul host groups 7244e4744 Use mariadb-server image for mariabackup dda891ac6 docs: Update Freenode to OFTC 5d538edd1 CI: Use PATH to find kolla-ansible script 91bfccb8f CI: pull images before deploy 9a0da6463 cinder: fix condition to copy backend TLS certs f3ea05ace Remove [octavia]/base_url option from neutron.conf 513a3b1fe CI: Configure IP on a linux bridge instead of OVS br-ex 5ef58708c baremetal: Install Docker SDK less than 5.0.0 34fb2c890 baremetal: Don't start Docker after install on Debian/Ubuntu edd64f3c4 Disable Alertmanager's peer gossip in non-HA deployments 2f062e3b3 ovn: make DVR work on VLAN tenant networks 4a10df452 Use @type instead of type 326e15d58 Do not write octavia_amp_ssh_key if auto_config disabled 570f46d21 Fix "Restart mariadb-clustercheck container" during config gen 2357c9793 Fix cyborg api doesn't listen on api interface 985d78222 Pin ansible to <2.10.0 in test-requirements 9ad4b7ae2 prometheus: Collect metrics from rabbitmq 561853796 masakari: fix minor issues with instance monitor d5c131bc5 CI: Use 5G loop device for ceph 54195f468 Add IPv6 configuration options to Octavia management network 5bdeef89b Negative seqno need to be considered when comparing seqno 466e4cc7c docs: Improve policy documentation 15eea3ee6 Apply Zun configuration for Docker based on inventory 1b40f0dc9 Drop the NTP service precheck 366be65fd [CI] Use images from quay.io 382add560 nova-cell: Stop printing ceph keys in output abc41f86d Reduce number of logs and disable ara HTML report d0839a3cb CI: Fix yamllint comments-indentation in .ansible-lint 5143b8925 docs: fix registry mirror example ce1dbd9fb don't use the same CIDR in octavia_amp_network_cidr and init-run-once 27f088eac Correctly configure S3 Token Middleware for Swift b32492e72 ansible-lint: add unnamed-task to the skip list eb66ef75f Introduce nova_libvirt_logging_debug 81cf413c5 Rename eswitchd.conf -> eswitchd.conf.j2 c5f41a19a Remove whitespace around equal signs in zookeeper.cfg b9f8543f1 Fix Cinder log parsing 469d28b3a CI: Add ssh retries 4f25a2015 Replace db-sock with db-nb-sock and db-sb-sock ea89f1cc1 ovn: Fix disabling of gateway chassis ff3a144d7 Update String type for Monasca ES template 3db84cce0 Do not wait for grafana to start when kolla_action=config fd10dcb96 Fix monasca-grafana check 77d050957 Fix installation with pip install --user c4f6ca1cd CI: fix kolla-ansible installation after cryptography 3.4 release 4f6988564 Fix Barbican API log config b4cede498 docs: improve external Ceph docs 9698fa153 docs: Improve multinode Docker registry setup 05e6d4a4d Fix dpdk deploy failed 25286fbf1 Install gnupg before adding docker apt gpg key during pre-install ac6039bd6 Fixes solum_api Listening on 127.0.0.1 996eeb2b7 Fix failure during Monasca Grafana upgrade 174cd7b15 octavia: fix typo in defaults Diffstat (except docs and test files) ------------------------------------- .ansible-lint | 22 +++-- ansible/action_plugins/merge_configs.py | 27 +++++- ansible/group_vars/all.yml | 11 ++- ansible/inventory/all-in-one | 3 + ansible/inventory/multinode | 3 + ansible/roles/aodh/templates/aodh.conf.j2 | 1 + .../roles/barbican/templates/barbican-api.ini.j2 | 1 + .../roles/barbican/templates/barbican-api.json.j2 | 2 +- ansible/roles/barbican/templates/barbican.conf.j2 | 4 + .../roles/baremetal/tasks/bootstrap-servers.yml | 5 +- ansible/roles/baremetal/tasks/install.yml | 28 +++++- ansible/roles/baremetal/tasks/post-install.yml | 50 ++++++++-- ansible/roles/baremetal/tasks/pre-install.yml | 7 +- .../baremetal/templates/docker_systemd_service.j2 | 2 +- ansible/roles/blazar/templates/blazar.conf.j2 | 11 +-- ansible/roles/chrony/templates/chrony.json.j2 | 4 +- ansible/roles/cinder/defaults/main.yml | 14 --- ansible/roles/cinder/tasks/config.yml | 2 +- ansible/roles/cinder/tasks/precheck.yml | 1 - ansible/roles/cinder/templates/cinder-wsgi.conf.j2 | 2 +- ansible/roles/cinder/templates/cinder.conf.j2 | 18 +--- ansible/roles/common/tasks/config.yml | 12 ++- ansible/roles/common/templates/admin-openrc.sh.j2 | 2 + .../templates/conf/filter/01-rewrite-0.12.conf.j2 | 4 +- .../templates/conf/filter/01-rewrite-0.14.conf.j2 | 4 +- .../common/templates/conf/input/02-mariadb.conf.j2 | 2 +- .../common/templates/conf/output/00-local.conf.j2 | 8 +- ansible/roles/cyborg/templates/cyborg.conf.j2 | 4 +- .../roles/designate/templates/designate.conf.j2 | 1 + ansible/roles/freezer/templates/freezer.conf.j2 | 1 + ansible/roles/glance/templates/glance-api.conf.j2 | 1 + ansible/roles/gnocchi/templates/gnocchi.conf.j2 | 1 + ansible/roles/grafana/handlers/main.yml | 1 + ansible/roles/haproxy/defaults/main.yml | 4 + ansible/roles/haproxy/tasks/config-host.yml | 7 +- ansible/roles/heat/templates/heat.conf.j2 | 1 + .../ironic/templates/ironic-inspector.conf.j2 | 2 + ansible/roles/iscsi/templates/iscsid.json.j2 | 2 +- ansible/roles/magnum/templates/magnum.conf.j2 | 10 ++ ansible/roles/manila/templates/manila.conf.j2 | 1 + ansible/roles/mariadb/defaults/main.yml | 2 +- ansible/roles/mariadb/handlers/main.yml | 2 + ansible/roles/mariadb/tasks/recover_cluster.yml | 2 +- ansible/roles/masakari/defaults/main.yml | 10 +- ansible/roles/masakari/tasks/clone.yml | 2 +- ansible/roles/masakari/tasks/config.yml | 33 ++++--- ansible/roles/mistral/templates/mistral.conf.j2 | 1 + ansible/roles/monasca/handlers/main.yml | 3 +- ansible/roles/monasca/tasks/upgrade.yml | 1 + .../monasca/templates/monasca-api/api.conf.j2 | 1 + .../elasticsearch-template.json | 12 +-- ansible/roles/murano/templates/murano.conf.j2 | 3 + .../templates/{eswitchd.conf => eswitchd.conf.j2} | 0 .../templates/neutron-ovn-metadata-agent.json.j2 | 13 ++- ansible/roles/neutron/templates/neutron.conf.j2 | 8 +- ansible/roles/nova-cell/defaults/main.yml | 1 + ansible/roles/nova-cell/tasks/external_ceph.yml | 1 + ansible/roles/nova-cell/templates/libvirtd.conf.j2 | 2 +- ansible/roles/nova-cell/templates/nova.conf.j2 | 5 +- ansible/roles/nova/templates/nova.conf.j2 | 1 + ansible/roles/octavia/defaults/main.yml | 39 +++++++- ansible/roles/octavia/handlers/main.yml | 15 +++ ansible/roles/octavia/tasks/check-containers.yml | 2 +- ansible/roles/octavia/tasks/config.yml | 12 ++- ansible/roles/octavia/tasks/prepare.yml | 3 + ansible/roles/octavia/tasks/pull.yml | 2 +- ansible/roles/octavia/tasks/register.yml | 15 --- .../roles/octavia/templates/octavia-api.json.j2 | 6 ++ .../octavia/templates/octavia-driver-agent.json.j2 | 23 +++++ ansible/roles/octavia/templates/octavia.conf.j2 | 12 +++ ansible/roles/ovn/defaults/main.yml | 2 + ansible/roles/ovn/tasks/bootstrap.yml | 12 ++- ansible/roles/ovn/templates/ovn-nb-db.json.j2 | 2 +- ansible/roles/ovn/templates/ovn-sb-db.json.j2 | 2 +- ansible/roles/ovs-dpdk/defaults/main.yml | 2 - .../roles/ovs-dpdk/templates/ovsdpdk-db.json.j2 | 2 +- .../roles/placement/templates/placement.conf.j2 | 1 + ansible/roles/prechecks/tasks/timesync_checks.yml | 10 -- .../templates/prometheus-alertmanager.json.j2 | 2 +- .../roles/prometheus/templates/prometheus.yml.j2 | 9 ++ ansible/roles/rabbitmq/defaults/main.yml | 2 + ansible/roles/rabbitmq/handlers/main.yml | 18 +++- ansible/roles/rabbitmq/templates/rabbitmq.conf.j2 | 3 +- ansible/roles/redis/templates/redis.conf.j2 | 10 +- ansible/roles/sahara/templates/sahara.conf.j2 | 1 + ansible/roles/senlin/templates/senlin.conf.j2 | 1 + ansible/roles/service-precheck/tasks/main.yml | 1 + ansible/roles/solum/templates/solum.conf.j2 | 4 + ansible/roles/swift/defaults/main.yml | 2 +- ansible/roles/swift/handlers/main.yml | 4 + ansible/roles/swift/templates/proxy-server.conf.j2 | 2 +- ansible/roles/tacker/templates/tacker.conf.j2 | 1 + ansible/roles/trove/templates/trove.conf.j2 | 1 + ansible/roles/vitrage/templates/vitrage.conf.j2 | 1 + ansible/roles/watcher/templates/watcher.conf.j2 | 1 + ansible/roles/zookeeper/tasks/config.yml | 1 + .../reference/high-availability/haproxy-guide.rst | 47 ++++++++++ .../reference/storage/external-ceph-guide.rst | 101 ++++++++++++++------- etc/kolla/globals.yml | 9 +- etc/kolla/passwords.yml | 5 - lower-constraints.txt | 87 ------------------ .../bootstrap-without-zun-67d6ee5d84fcec22.yaml | 6 ++ .../notes/bug-1862765-a6cad9fd2d3f0f48.yaml | 5 + .../notes/bug-1903506-12ae72c114bede72.yaml | 9 ++ .../notes/bug-1913031-e8b14c50e8a27d14.yaml | 4 + ...yd-crash-loop-if-server-is-rebooted-debian.yaml | 5 + .../notes/bug-1922721-19163cfb491d0035.yaml | 7 ++ .../notes/bug-1923203-f9ff247befc4bd75.yaml | 6 ++ .../notes/bug-1927727-4437103de59e85e5.yaml | 6 ++ .../notes/bug-1928915-482b2d53bb2a4d92.yaml | 6 ++ .../notes/bug-1930293-d8a524f2070e6779.yaml | 5 + .../notes/bug-1931097-c94832ed2ed92c3a.yaml | 6 ++ .../notes/bug-1933025-1cb5d64d20d57be7.yaml | 6 ++ .../notes/bug-1933033-76746d127285cfe8.yaml | 6 ++ .../notes/bug-1933122-b34311ba73092080.yaml | 6 ++ ...fault-migration-interface-3cdf30eed98553fd.yaml | 4 +- .../notes/cli-exit-code-1e6278f803dbf8e2.yaml | 6 ++ ...e-alertmanager-clustering-ec70f5f970c4933a.yaml | 7 ++ .../docker-disable-bridge-14df8b7fddbd5000.yaml | 9 ++ ...docker-disable-ip-forward-b0490b71f9f07cd6.yaml | 9 ++ .../notes/drop-zfssa-2708a8c0b0eb5f43.yaml | 5 + .../notes/etc-hosts-dashes-37d0dc07c8fc881f.yaml | 7 ++ ...g-to-die-after-VIP-switch-5f9e811783c36041.yaml | 13 +++ .../fix-barbican-logging-42068f47fe1e4e4d.yaml | 5 + .../notes/fix-cinder-logging-22fea4739begd6s.yaml | 5 + .../fix-cyborg-host-config-dee1d79476b94981.yaml | 6 ++ .../fix-dpdk-deploy-failed-6695899422a67359.yaml | 7 ++ .../fix-magnum-tls-cacert-dd5ab5729391beb2.yaml | 5 + .../fix-pip-install-user-5f871f67433e465a.yaml | 6 ++ .../notes/mariabackup-image-8b31622f59890e28.yaml | 7 ++ ...ari-instancemonitor-fixes-dc13e5234456d4c5.yaml | 12 +++ ...eate-service-auth-project-aa38b12ebb601777.yaml | 7 ++ ...fluentd-version-detection-3cb8b8a8ebc02d0a.yaml | 6 ++ .../notes/ovn_dvr_vlan-f36a6868cfd4776e.yaml | 5 + .../prometheus-rabbitmq-f7d6ebf0d611a819.yaml | 6 ++ ...ca-elasticsearch-template-41492c59acaf92b1.yaml | 6 ++ .../zookeeper-cfg-syntax-02e93c01d6a24f35.yaml | 5 + roles/bridge/tasks/main.yml | 12 +++ roles/veth/tasks/main.yml | 12 +++ test-requirements.txt | 2 +- tools/kolla-ansible | 30 +++++- tox.ini | 8 +- zuul.d/base.yaml | 12 +-- zuul.d/nodesets.yaml | 16 ---- zuul.d/project.yaml | 1 - 171 files changed, 1119 insertions(+), 501 deletions(-) Requirements updates -------------------- diff --git a/test-requirements.txt b/test-requirements.txt index f960fd505..cab4df184 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -16 +16 @@ stestr>=2.0.0 # Apache-2.0 -ansible>=2.9.0 # GPLv3 +ansible>=2.9.0,<2.10.0 # GPLv3