We are satisfied to announce the release of: kolla-ansible 14.10.0: Ansible Deployment of Kolla containers This release is part of the yoga stable release series. The source is available from: https://opendev.org/openstack/kolla-ansible Download the package from: https://tarballs.openstack.org/kolla-ansible/ Please report issues through: https://bugs.launchpad.net/kolla-ansible/+bugs For more details, please see below. 14.10.0 ^^^^^^^ New Features ************ * Added capability to specify custom kernel modules for Neutron: *neutron_modules_default*: Lists default modules. *neutron_modules_extra*: For custom modules and parameters. * Added a neutron check for ML2/OVS and ML2/OVN presence at the start of deploy phase. It will fail if neutron_plugin_agent is set to "ovn" and use of ML2/OVS container detected. In case where neutron_plugin_agent is set to "openvswitch" the check will fail when it detects ML2/OVN container or any of the OVN specific volumes. Upgrade Notes ************* * Default keystone user role has been changed from deprecated role "_member_" to "member" role. * Now "ironic_tftp" service does not bind on 0.0.0.0, by default it uses ip address of the "api_interface". To revert to the old behaviour, please set "ironic_tftp_interface_address: 0.0.0.0" in "globals.yml". * Configure Nova libvirt.num_pcie_ports to 16 by default. Nova currently sets 'num_pcie_ports' to "0" (defaults to libvirt's "1"), which is not sufficient for hotplug use with 'q35' machine type. * Influxdb variable "infuxdb_internal_endpoint" has been fixed to "influxdb_internal_endpoint". Operators might need to review the relevant variable. * Changes default value of nova libvirt driver setting "skip_cpu_compare_on_dest" to true. With the libvirt driver, during live migration, skip comparing guest CPU with the destination host. When using QEMU >= 2.9 and libvirt >= 4.4.0, libvirt will do the correct thing with respect to checking CPU compatibility on the destination host during live migration. Security Issues *************** * Restrict the access to the http Openstack services exposed /server- status by default through the HAProxy on the public endpoint. Fixes issue for Ubuntu/Debian installations. RockyLinux/CentOS not affected. LP#1996913 Bug Fixes ********* * Fixes issues with OVN NB/SB DB deployment, where first node needs to be rebootstrapped. LP#1875223 * Set correct permissions for opensearch-dashboard data location *LP#2020152 https://bugs.launchpad.net/kolla-ansible/+bug/2020152* * "enable_keystone_federation" and "keystone_enable_federation_openid" have not been explicitly handled as bool in various templates in the keystone role so far. LP#2036390 * Fixes an issue when Kolla is setting the producer tasks to None, and this disables all designate producer tasks. LP#1879557 * Fixes "ironic_tftp" which binds to all ip addresses on the system. Added "ironic_tftp_interface", "ironic_tftp_address_family" and "ironic_tftp_interface_address" parameters to set the address for the "ironic_tftp" service. LP#2024664 * Fixes an OpenSearch migration process by adding precheck for Elasticsearch indexes in too low version for OpenSearch 2.x. * Fixes an issue where a Docker health check wasn't configured for the OpenSearch Dashboards container. See bug 2028362. * Fixes an issue where 'q35' libvirt machine type VM could not hotplug more than one PCIe device at a time. Changes in kolla-ansible 14.9.0..14.10.0 ---------------------------------------- 87449416c Default keystone user role changed to member ed95bb779 kolla_address: check correct error return value f59edacf4 Add ML2/OVN and ML2/OVS setting checks for neutron 967354e48 CI: Drop upgrade jobs since Xena is EOL b073d2038 Add option for extra kernel modules in neutron role 2ae7698dc CI: add block support to validate-all-file.py a05e5908c README: link to the meetings page directly 2f47802ae keystone: ensure bool for two parameters 401a39f52 Configure Nova libvirt.num_pcie_ports to 16 by default 5bc5fe364 ovn: Fix broken deployment/reconfig on Ubuntu 6186a0a6d CI: Remove redundant set/unset_cirros_image_q35_machine_type a71eced1d Prevent libvirtd reload when only generating config d74917e69 CI: add q35 hardware machine type to tests c3d64ce56 [yoga only] followup ovn clustering fix 2d89909d9 Fix typo in endpoint influxdb_internal_endpoint variable d626c02fb ovn: Improve clustering bc13da0f7 Fix designate-producers not running properly aa6388b36 Use better default bind address for ironic-tftp 3bcfba581 Added precheck for OpenSearch migration 3b17c915a opensearch-dashboard: fix permissions 13b4487f2 Fix D001 Line too long in mariadb-guide d75e96f92 Drop useless DUMMY_ENVIRONMENT environment for cron container 634e0304c Remove incorrect variable from OpenSearch role 893b80627 Deny access to public /server-status in http Openstack services ffdea86ee Enable nova libvirt driver skip_cpu_compare_on_dest workaround fc398d5fe Add documentation for migrating from CS8 to RL9 328f62ddd Fix OpenSearch Dashboards health check 3dc458d1f Correct [pci] syntax in Nova SRIOV documentation 3e6d412a1 opensearch: alter path after using rpm/deb packaging Diffstat (except docs and test files) ------------------------------------- README.rst | 2 +- ansible/group_vars/all.yml | 7 +- ansible/library/kolla_container_volume_facts.py | 84 +++++++++ ansible/library/kolla_toolbox.py | 2 +- ansible/opensearch-migration.yml | 27 +++ ansible/roles/common/defaults/main.yml | 2 - .../roles/designate/templates/designate.conf.j2 | 1 - ansible/roles/grafana/defaults/main.yml | 2 +- .../templates/haproxy_single_service_split.cfg.j2 | 3 + ansible/roles/horizon/templates/horizon.conf.j2 | 4 + ansible/roles/ironic/defaults/main.yml | 1 + ansible/roles/ironic/templates/ironic-tftp.json.j2 | 2 +- ansible/roles/keystone/templates/keystone.conf.j2 | 2 +- ansible/roles/keystone/templates/keystone.json.j2 | 2 +- .../roles/keystone/templates/wsgi-keystone.conf.j2 | 2 +- ansible/roles/neutron/defaults/main.yml | 7 + ansible/roles/neutron/tasks/config-host.yml | 5 +- ansible/roles/neutron/tasks/deploy.yml | 2 + .../neutron/tasks/neutron_plugin_agent_check.yml | 33 ++++ ansible/roles/neutron/tasks/precheck.yml | 2 + ansible/roles/neutron/tasks/upgrade.yml | 2 + ansible/roles/nova-cell/handlers/main.yml | 2 + .../templates/nova.conf.d/libvirt.conf.j2 | 3 + ansible/roles/opensearch/handlers/main.yml | 1 + ansible/roles/opensearch/tasks/upgrade.yml | 2 - .../templates/opensearch-dashboards.json.j2 | 19 +- .../roles/opensearch/templates/opensearch.json.j2 | 2 +- .../templates/opensearch_dashboards.yml.j2 | 2 +- ansible/roles/ovn-db/defaults/main.yml | 19 ++ ansible/roles/ovn-db/tasks/bootstrap-initial.yml | 83 +++++++++ ansible/roles/ovn-db/tasks/deploy.yml | 10 ++ ansible/roles/ovn-db/tasks/lookup_cluster.yml | 130 ++++++++++++++ ansible/roles/ovn-db/templates/ovn-nb-db.json.j2 | 2 +- ansible/roles/ovn-db/templates/ovn-sb-db.json.j2 | 2 +- .../central-logging-guide-opensearch.rst | 6 + kolla_ansible/kolla_address.py | 2 +- releasenotes/notes/1875223-05552108375d005a.yaml | 5 + ...ron-custom-kernel-modules-d105d3f84665e0a4.yaml | 6 + .../notes/bug-2020152-165c87048d92dedb.yaml | 5 + .../notes/bug-2036390-d087c5bfd504c9f3.yaml | 7 + ...cers-not-running-properly-3568f9167a9547f6.yaml | 6 + ...nge-default-keystone-role-386974967adfed65.yaml | 5 + ...default-tftp-bind-address-602acf76136d1732.yaml | 14 ++ ...rch-migration-old-indexes-e329d741f02be437.yaml | 5 + ...s-dashboards-health-check-bf56027f8c3369ea.yaml | 6 + ...-q35-pcie-hotplug-libvirt-50b1879d61b1df72.yaml | 10 ++ ...rvices-deny-server-status-39d0259664053e59.yaml | 7 + .../notes/ml2ovs_precheck-c859504004f6884b.yaml | 9 + ...e-wrong-influxdb-variable-8a93d8fda8dce926.yaml | 6 + .../skip-cpu-compare-on-dest-927004854f41bc32.yaml | 9 + tools/validate-all-file.py | 67 ++++--- zuul.d/base.yaml | 1 + zuul.d/jobs.yaml | 8 +- zuul.d/nodesets.yaml | 34 ++++ zuul.d/project.yaml | 13 -- 64 files changed, 921 insertions(+), 92 deletions(-)