We are overjoyed to announce the release of: openstack-ansible 18.0.0: Ansible playbooks for deploying OpenStack This release is part of the rocky release series. The source is available from: https://git.openstack.org/cgit/openstack/openstack-ansible Download the package from: https://tarballs.openstack.org/openstack-ansible/ For more details, please see below. 18.0.0 ^^^^^^ New Features ************ * Support has been added for deploying on Ubuntu 18.04 LTS hosts. The most significant change is a major version increment of LXC from 2.x to 3.x which deprecates some previously used elements of the container configuration file. * It is possible to configure Glance to allow cross origin requests by specifying the allowed origin address using the "glance_cors_allowed_origin" variable. By default, this will be the load balancer address. * The service setup in keystone for aodh will now be executed through delegation to the "aodh_service_setup_host" which, by default, is "localhost" (the deploy host). Deployers can opt to rather change this to the utility container by implementing the following override in "user_variables.yml". aodh_service_setup_host: "{{ groups['utility_all'][0] }}" * The service setup in keystone for barbican will now be executed through delegation to the "barbican_service_setup_host" which, by default, is "localhost" (the deploy host). Deployers can opt to rather change this to the utility container by implementing the following override in "user_variables.yml". barbican_service_setup_host: "{{ groups['utility_all'][0] }}" * The service setup in keystone for ceilometer will now be executed through delegation to the "ceilometer_service_setup_host" which, by default, is "localhost" (the deploy host). Deployers can opt to rather change this to the utility container by implementing the following override in "user_variables.yml". ceilometer_service_setup_host: "{{ groups['utility_all'][0] }}" * The service setup in keystone for cinder will now be executed through delegation to the "cinder_service_setup_host" which, by default, is "localhost" (the deploy host). Deployers can opt to rather change this to the utility container by implementing the following override in "user_variables.yml". cinder_service_setup_host: "{{ groups['utility_all'][0] }}" * The option "repo_venv_default_pip_packages" has been added which will allow deployers to insert any packages into a service venv as needed. The option expects a list of strings which are valid python package names as found on PYPI. * The service setup in keystone for designate will now be executed through delegation to the "designate_service_setup_host" which, by default, is "localhost" (the deploy host). Deployers can opt to rather change this to the utility container by implementing the following override in "user_variables.yml". designate_service_setup_host: "{{ groups['utility_all'][0] }}" * The "os_horizon" role now supports distribution of user custom themes. Deployers can use the new key "theme_src_archive" of "horizon_custom_themes" dictionary to provide absolute path to the archived theme. Only .tar.gz, .tgz, .zip, .tar.bz, .tar.bz2, .tbz, .tbz2 archives are supported. Structure inside archive should be as a standard theme, without any leading folders. * Octavia is creating vms, securitygroups, and other things in its project. In most cases the default quotas are not big enough. This will adjust them to (configurable) reasonable values. * The service setup in keystone for glance will now be executed through delegation to the "glance_service_setup_host" which, by default, is "localhost" (the deploy host). Deployers can opt to rather change this to the utility container by implementing the following override in "user_variables.yml". glance_service_setup_host: "{{ groups['utility_all'][0] }}" * The service setup in keystone for gnocchi will now be executed through delegation to the "gnocchi_service_setup_host" which, by default, is "localhost" (the deploy host). Deployers can opt to rather change this to the utility container by implementing the following override in "user_variables.yml". gnocchi_service_setup_host: "{{ groups['utility_all'][0] }}" * The service setup in keystone for heat will now be executed through delegation to the "heat_service_setup_host" which, by default, is "localhost" (the deploy host). Deployers can opt to rather change this to the utility container by implementing the following override in "user_variables.yml". heat_service_setup_host: "{{ groups['utility_all'][0] }}" * The service setup in keystone for horizon will now be executed through delegation to the "horizon_service_setup_host" which, by default, is "localhost" (the deploy host). Deployers can opt to rather change this to the utility container by implementing the following override in "user_variables.yml". horizon_service_setup_host: "{{ groups['utility_all'][0] }}" * The service setup in keystone for ironic will now be executed through delegation to the "ironic_service_setup_host" which, by default, is "localhost" (the deploy host). Deployers can opt to rather change this to the utility container by implementing the following override in "user_variables.yml". ironic_service_setup_host: "{{ groups['utility_all'][0] }}" * The service updates for keystone will now be executed through delegation to the "keystone_service_setup_host" which, by default, is "localhost" (the deploy host). Deployers can opt to rather change this to the utility container by implementing the following override in "user_variables.yml". keystone_service_setup_host: "{{ groups['utility_all'][0] }}" * The service setup in keystone for magnum will now be executed through delegation to the "magnum_service_setup_host" which, by default, is "localhost" (the deploy host). Deployers can opt to rather change this to the utility container by implementing the following override in "user_variables.yml". magnum_service_setup_host: "{{ groups['utility_all'][0] }}" * Instead of downloading images to the magnum API servers, the images will now download to the "magnum_service_setup_host" to the folder set in "magnum_image_path" owned by "magnum_image_path_owner". * The service setup in keystone for neutron will now be executed through delegation to the "neutron_service_setup_host" which, by default, is "localhost" (the deploy host). Deployers can opt to rather change this to the utility container by implementing the following override in "user_variables.yml". neutron_service_setup_host: "{{ groups['utility_all'][0] }}" * The service setup in keystone for nova will now be executed through delegation to the "nova_service_setup_host" which, by default, is "localhost" (the deploy host). Deployers can opt to rather change this to the utility container by implementing the following override in "user_variables.yml". nova_service_setup_host: "{{ groups['utility_all'][0] }}" * The service setup in keystone for octavia will now be executed through delegation to the "octavia_service_setup_host" which, by default, is "localhost" (the deploy host). Deployers can opt to rather change this to the utility container by implementing the following override in "user_variables.yml". octavia_service_setup_host: "{{ groups['utility_all'][0] }}" * The role now supports using the distribution packages for the OpenStack services instead of the pip ones. This feature is disabled by default and can be enabled by simply setting the "nova_install_method" variable to "distro". * The role now supports using the distribution packages for the OpenStack services instead of the pip ones. This feature is disabled by default and can be enabled by simply setting the "neutron_install_method" variable to "distro". * The role now supports using the distribution packages for the OpenStack services instead of the pip ones. This feature is disabled by default and can be enabled by simply setting the "nova_install_method" variable to "distro". * Support separate oslo.messaging services for RPC and Notifications to enable operation of separate and different messaging backend servers. * Support separate oslo.messaging services for RPC and Notifications to enable operation of separate and different messaging backend servers. * Support separate oslo.messaging services for RPC and Notifications to enable operation of separate and different messaging backend servers. * Support separate oslo.messaging services for RPC and Notifications to enable operation of separate and different messaging backend servers. * Support separate oslo.messaging services for RPC and Notifications to enable operation of separate and different messaging backend servers. * Support separate oslo.messaging services for RPC and Notifications to enable operation of separate and different messaging backend servers. * Support separate oslo.messaging services for RPC and Notifications to enable operation of separate and different messaging backend servers. * Support separate oslo.messaging services for RPC and Notifications to enable operation of separate and different messaging backend servers. * The service setup in keystone for sahara will now be executed through delegation to the "sahara_service_setup_host" which, by default, is "localhost" (the deploy host). Deployers can opt to rather change this to the utility container by implementing the following override in "user_variables.yml". sahara_service_setup_host: "{{ groups['utility_all'][0] }}" * The service setup in keystone for swift will now be executed through delegation to the "swift_service_setup_host" which, by default, is "localhost" (the deploy host). Deployers can opt to rather change this to the utility container by implementing the following override in "user_variables.yml". swift_service_setup_host: "{{ groups['utility_all'][0] }}" * The service setup in keystone for tempest will now be executed through delegation to the "tempest_service_setup_host" which, by default, is "localhost" (the deploy host). Deployers can opt to rather change this to the utility container by implementing the following override in "user_variables.yml". tempest_service_setup_host: "{{ groups['utility_all'][0] }}" * Rather than a hard-coded set of projects and users, tempest can now be configured with a custom list with the variables "tempest_projects" and "tempest_users". * It is now possible to specify a list of tests for tempest to blacklist when executing using the "tempest_test_blacklist" list variable. * The trove service setup in keystone will now be executed through delegation to the "trove_service_setup_host" which, by default, is "localhost" (the deploy host). Deployers can opt to rather change this to the utility container by implementing the following override in "user_variables.yml". trove_service_setup_host: "{{ groups['utility_all'][0] }}" Upgrade Notes ************* * The supported upgrade path from Xenial to Bionic is via re- installation of the host OS across all nodes and redeployment of the required services. The Rocky branch of OSA is intended as the transition point for such upgrades from Xenial to Bionic. At this time there is no support for in-place operating system upgrades (typically via "do-release-upgrade"). * The variable *cinder_iscsi_helper* has been replaced by the new variable which is *cinder_target_helper* due to the fact that iscsi_helper has been deprecated in Cinder. * The glance v1 API is now removed upstream and the deployment code is now removed from this glance ansible role. The variable "glance_enable_v1_api" is removed. Deprecation Notes ***************** * The variable "aodh_requires_pip_packages" is no longer required and has therefore been removed. * The variable "barbican_requires_pip_packages" is no longer required and has therefore been removed. * The following variables are no longer used and have therefore been removed. * "ceilometer_requires_pip_packages" * "ceilometer_service_name" * "ceilometer_service_port" * "ceilometer_service_proto" * "ceilometer_service_type" * "ceilometer_service_description" * The variable "cinder_requires_pip_packages" is no longer required and has therefore been removed. * The variable "designate_requires_pip_packages" is no longer required and has therefore been removed. * The "get_gested" filter has been removed, as it is not used by any roles/plays. * The variable "glance_requires_pip_packages" is no longer required and has therefore been removed. * The variable "gnocchi_requires_pip_packages" is no longer required and has therefore been removed. * The variable "heat_requires_pip_packages" is no longer required and has therefore been removed. * The variable "horizon_requires_pip_packages" is no longer required and has therefore been removed. * The variable "ironic_requires_pip_packages" is no longer required and has therefore been removed. * The log path, "/var/log/barbican" is no longer used to capture service logs. All logging for the barbican service will now be sent directly to the systemd journal. * The log path, "/var/log/keystone" is no longer used to capture service logs. All logging for the Keystone service will now be sent directly to the systmed journal. * The log path, "/var/log/congress" is no longer used to capture service logs. All logging for the congress service will now be sent directly to the systmed journal. * The log path, "/var/log/cinder" is no longer used to capture service logs. All logging for the cinder service will now be sent directly to the systemd journal. * The log path, "/var/log/aodh" is no longer used to capture service logs. All logging for the aodh service will now be sent directly to the systmed journal. * The log path, "/var/log/ceilometer" is no longer used to capture service logs. All logging for the ceilometer service will now be sent directly to the systemd journal. * The log path, "/var/log/designate" is no longer used to capture service logs. All logging for the designate service will now be sent directly to the systmed journal. * The variable "keystone_requires_pip_packages" is no longer required and has therefore been removed. * The variable "magnum_requires_pip_packages" is no longer required and has therefore been removed. * The variable "neutron_requires_pip_packages" is no longer required and has therefore been removed. * The variable "nova_requires_pip_packages" is no longer required and has therefore been removed. * The variable "octavia_requires_pip_packages" is no longer required and has therefore been removed. * The variable "octavia_image_downloader" has been removed. The image download now uses the same host designated by the "octavia_service_setup_host" for the image download. * The variable "octavia_ansible_endpoint_type" has been removed. The endpoint used for ansible tasks has been hard set to the 'admin' endpoint as is commonly used across all OSA roles. * The rabbitmq server parameters have been replaced by corresponding oslo.messaging RPC and Notify parameters in order to abstract the messaging service from the actual backend server deployment. - trove_oslomsg_rpc_servers replaces trove_rabbitmq_servers - trove_oslomsg_rpc_port replaces trove_rabbitmq_port - trove_oslomsg_rpc_use_ssl replaces trove_rabbitmq_use_ssl - trove_oslomsg_rpc_userid replaces trove_rabbitmq_userid - trove_oslomsg_rpc_vhost replaces trove_rabbitmq_vhost - added trove_oslomsg_notify_servers - added trove_oslomsg_notify_port - added trove_oslomsg_notify_use_ssl - added trove_oslomsg_notify_userid - added trove_oslomsg_notify_vhost - added trove_oslomsg_notify_password * The rabbitmq server parameters have been replaced by corresponding oslo.messaging RPC and Notify parameters in order to abstract the messaging service from the actual backend server deployment. - barbican_oslomsg_rpc_servers replaces rabbitmq_servers - barbican_oslomsg_rpc_port replaces rabbitmq_port - barbican_oslomsg_rpc_userid replaces barbican_rabbitmq_userid - barbican_oslomsg_rpc_vhost replaces barbican_rabbitmq_vhost - added barbican_oslomsg_rpc_use_ssl - added barbican_oslomsg_notify_servers - added barbican_oslomsg_notify_port - added barbican_oslomsg_notify_use_ssl - added barbican_oslomsg_notify_userid - added barbican_oslomsg_notify_vhost - added barbican_oslomsg_notify_password * The rabbitmq server parameters have been replaced by corresponding oslo.messaging RPC and Notify parameters in order to abstract the messaging service from the actual backend server deployment. - aodh_oslomsg_rpc_servers replaces aodh_rabbitmq_servers - aodh_oslomsg_rpc_port replaces aodh_rabbitmq_port - aodh_oslomsg_rpc_use_ssl replaces aodh_rabbitmq_use_ssl - aodh_oslomsg_rpc_userid replaces aodh_rabbitmq_userid - aodh_oslomsg_rpc_vhost replaces aodh_rabbitmq_vhost - aodh_oslomsg_rpc_password replaces aodh_rabbitmq_password * The rabbitmq server parameters have been replaced by corresponding oslo.messaging RPC and Notify parameters in order to abstract the messaging service from the actual backend server deployment. - ceilometer_oslomsg_rpc_servers replaces rabbitmq_servers - ceilometer_oslomsg_rpc_port replaces rabbitmq_port - ceilometer_oslomsg_rpc_userid replaces ceilometer_rabbitmq_userid - ceilometer_oslomsg_rpc_vhost replaces ceilometer_rabbitmq_vhost - added ceilometer_oslomsg_rpc_use_ssl - added ceilometer_oslomsg_notify_servers - added ceilometer_oslomsg_notify_port - added ceilometer_oslomsg_notify_use_ssl - added ceilometer_oslomsg_notify_userid - added ceilometer_oslomsg_notify_vhost - added ceilometer_oslomsg_notify_password * The rabbitmq server parameters have been replaced by corresponding oslo.messaging RPC and Notify parameters in order to abstract the messaging service from the actual backend server deployment. - designate_oslomsg_rpc_servers replaces designate_rabbitmq_servers - designate_oslomsg_rpc_port replaces designate_rabbitmq_port - designate_oslomsg_rpc_use_ssl replaces designate_rabbitmq_use_ssl - designate_oslomsg_rpc_userid replaces designate_rabbitmq_userid - designate_oslomsg_rpc_vhost replaces designate_rabbitmq_vhost - designate_oslomsg_notify_servers replaces designate_rabbitmq_telemetry_servers - designate_oslomsg_notify_port replaces designate_rabbitmq_telemetry_port - designate_oslomsg_notify_use_ssl replaces designate_rabbitmq_telemetry_use_ssl - designate_oslomsg_notify_userid replaces designate_rabbitmq_telemetry_userid - designate_oslomsg_notify_vhost replaces designate_rabbitmq_telemetry_vhost - designate_oslomsg_notify_password replaces designate_rabbitmq_telemetry_password * The rabbitmq server parameters have been replaced by corresponding oslo.messaging RPC and Notify parameters in order to abstract the messaging service from the actual backend server deployment. - magnum_oslomsg_rpc_servers replaces rabbitmq_servers - magnum_oslomsg_rpc_port replaces rabbitmq_port - magnum_oslomsg_rpc_userid replaces magnum_rabbitmq_userid - magnum_oslomsg_rpc_vhost replaces magnum_rabbitmq_vhost - added magnum_oslomsg_rpc_use_ssl - added magnum_oslomsg_notify_servers - added magnum_oslomsg_notify_port - added magnum_oslomsg_notify_use_ssl - added magnum_oslomsg_notify_userid - added magnum_oslomsg_notify_vhost - added magnum_oslomsg_notify_password * The rabbitmq server parameters have been replaced by corresponding oslo.messaging Notify parameters in order to abstract the messaging service from the actual backend server deployment. - swift_oslomsg_notify_servers replaces swift_rabbitmq_telemetry_servers - swift_oslomsg_notify_port replaces swift_rabbitmq_telemetry_port - swift_oslomsg_notify_use_ssl replaces swift_rabbitmq_telemetry_use_ssl - swift_oslomsg_notify_userid replaces swift_rabbitmq_telemetry_userid - swift_oslomsg_notify_vhost replaces swift_rabbitmq_telemetry_vhost - swift_oslomsg_notify_password replaces swift_rabbitmq_telemetry_password * The rabbitmq server parameters have been replaced by corresponding oslo.messaging RPC and Notify parameters in order to abstract the messaging service from the actual backend server deployment. - octavia_oslomsg_rpc_servers replaces octavia_rabbitmq_servers - octavia_oslomsg_rpc_port replaces octavia_rabbitmq_port - octavia_oslomsg_rpc_use_ssl replaces octavia_rabbitmq_use_ssl - octavia_oslomsg_rpc_userid replaces octavia_rabbitmq_userid - octavia_oslomsg_rpc_vhost replaces octavia_rabbitmq_vhost - octavia_oslomsg_notify_servers replaces octavia_rabbitmq_telemetry_servers - octavia_oslomsg_notify_port replaces octavia_rabbitmq_telemetry_port - octavia_oslomsg_notify_use_ssl replaces octavia_rabbitmq_telemetry_use_ssl - octavia_oslomsg_notify_userid replaces octavia_rabbitmq_telemetry_userid - octavia_oslomsg_notify_vhost replaces octavia_rabbitmq_telemetry_vhost - octavia_oslomsg_notify_password replaces octavia_rabbitmq_telemetry_password * The repo server's reverse proxy for pypi has now been removed, leaving only the pypiserver to serve packages already on the repo server. The attempt to reverse proxy upstream pypi turned out to be very unstable with increased complexity for deployers using proxies or offline installs. With this, the variables "repo_nginx_pypi_upstream" and "repo_nginx_proxy_cache_path" have also been removed. * The variable "repo_requires_pip_packages" is no longer required and has therefore been removed. * The variable "sahara_requires_pip_packages" is no longer required and has therefore been removed. * The variable "swift_requires_pip_packages" is no longer required and has therefore been removed. * The variable "tempest_requires_pip_packages" is no longer required and has therefore been removed. * The variable "tempest_image_downloader" has been removed. The image download now uses the same host designated by the "tempest_service_setup_host" for the image download. * The variable "trove_requires_pip_packages" is no longer required and has therefore been removed. Security Issues *************** * Avoid setting the quotas too high for your cloud since this can impact the performance of other servcies and lead to a potential Denial-of-Service attack if Loadbalancer quotas are not set properly or RBAC is not properly set up. Bug Fixes ********* * Fixes bug https://bugs.launchpad.net/openstack- ansible/+bug/1778098 where playbook failed, if "horizon_custom_themes" is specified, and directory for theme is not provided * The conditional that determines whether the "sso_callback_template.html" file is deployed for federated deployments has been fixed. Other Notes *********** * When running keystone with apache(httpd) all apache logs will be stored in the standard apache log directory which is controlled by the distro specific variable "keystone_apache_default_log_folder". * When running aodh with apache(httpd) all apache logs will be stored in the standard apache log directory which is controlled by the distro specific variable "aodh_apache_default_log_folder". Changes in openstack-ansible 17.0.0.0rc1..18.0.0 ------------------------------------------------ 055fef2 Update all SHAs for final RC 215fd62 Remove glance CORS overrides 738c944 Enable CentOS 7 basekit jobs 62491a9 Fix nspawn bind mount register process 226053e Update variable migration script for Rocky f4e72d6 Ensure ceilometer repo gets installed with neutron 599ef0e Rollback tempest master for Rocky 4552eb4 Fix healthcheck-hosts to work when behind a proxy e94c56e Automate the removal of the molteniron role 207fc63 Disable nested virt aa100d4 Remove apt-cacher-ng cf2b7ba Fix for proper package name depending on base OS distribution 8d8755b Use loop_control for haproxy keystone back-end enablement dc943b9 Remove broken uptime tests during upgrade b48e295 Update all SHAs for 18.0.0 91a4906 Minimal(ist) network config for nspawn gating 32107c7 Ensure package cache is updated for nspawn containers aeea60a Revert "Add lxc3 compatibility" b899d13 Pin ARA to the current version f5c4d4f Use latest tag for ansible-resolvconf role 7e0d675 Move ara to scripts-library 96a4401 Add xinetd config to make an AIO survive a reboot 6745b37 Avoid using loop_var in endpoint manage f83c539 Add LXC COPR cache 6a9ad9b Add nspawn to experimental jobs bec1cc6 playbooks: healthcheck-infrastructure: Ensure netcat is installed 53bbb6d Bump requirement SHA ca14270 Bump plugins SHA to include recent bugfixes ccfd944 Implement haproxy frontend for old keystone admin backend 95ff0dd Remove obsolete instruction ee5d526 zuul: Add ceph jobs for distribution installations 8535a81 ansible-role-requirements: Bump ceph-ansible SHA to include SUSE fixes db730cf Bootstrap ansible virtualenv with --never-download a80b896 Bump os_neutron to remove SELinux support 1cf17ea Add aio host conf for barbican role de6e139 Move bionic jobs to voting, add release note. 2a24d81 scripts: Fix getting external role SHA when working on master 3c3da91 Refactor jobs to use project-templates c5dee01 Update os_octavia SHA for stable/rocky 8524b67 Update docs & upgrade scripts for Rocky ecc4d4e Introduce OpenStack Healthchecks 54c2151 Update Rocky doc index ffbad92 Gather facts for host healthcheck 444ffe3 Fix issues with infrastructure healthcheck 1f78c93 Remove molteniron playbook mistakenly left behind 66a95e5 Update ansible to 2.5.8 f06c4a1 docs: Add links to very useful Galera recovery docs 72b2070 Add missing congress_oslomsg_rpc_password 184c889 Make sure the branch to track is in YAML 97dd766 Update VNC path to correct one bdb265f Bump upstream Rocky repos 6c99540 Bump ceph_client 90e059d Bump openstack_hosts 4b6c38e Add pinned SHA for networking-ovn repo 75e34dd Add octavia_service_region to octavia_all vars 2395b9f Disable verbose output of log collection d8428cb Add test for Ubuntu Bionic 61280f4 Remove bonds from AIO network config 1054b0b Ensure that tests fail early if network interfaces are down 762463f Add lxc3 compatibility 741128f Remove the last remnants of get-pip.py b697c55 Use operating system specific IP utilities f1fc26e Remove un-used bootstrap variables c98c41d import zuul job settings from project-config c537df7 Gather facts for openstack_openrc role 333fece Bump SHAs for rocky release 450cd1e Drop non-voting jobs and increase timeout by 20 minutes c3ec490 Remove checksum checks/fill, they are not needed any longer 9a0a07d Revert "Revert "Work around nested virt issues on OVH test nodes"" 455b8dd Freeze all SHAs for RC1 5a46d6b AIO: Tune down the glance uwsgi processes b5d7e07 AIO: Tune the nova scheduler workers down 359d67a Revert "Revert "Update UPPER_CONSTRAINTS_FILE for stable/rocky"" 25a2753 Eliminate installing pip on host/containers 5c12f15 Temporarily use tempest master for all builds 5ede592 Revert "Update UPPER_CONSTRAINTS_FILE for stable/rocky" 70e655b Update UPPER_CONSTRAINTS_FILE for stable/rocky 73eee7b Update .gitreview for stable/rocky 47eddb9 Use ZUUL_SRC_PATH to pass the path to Zuul git sources 8c80ed8 Only test for repo availability once c11ccb3 Bump global requirement pins 2da59ee [docs] Add documentation for 'install_method' variable 4470490 Set kernel logging to 'quiet' in AIOs 7e10e23 Fix log compression aa53755 Revert "Work around nested virt issues on OVH test nodes" 2d88a3c zuul: Add aio_lxc jobs for distribution installations 5d26f75 Use an absolute path for the role requirements file df5f973 Move get-ansible-role-requirements to scripts 5889e13 Cleanup duplicate 'when' 98d7740 Fix Bootstrap AIO Passing Multiple BOOTSTRAP_OPTS cf10787 Use repo_build_pip_default_index for the pypi fallback b46f428 Replace default pip index check with upper constraints check 550b978 Remove unused variables c5e9787 Fix gate log collection b12e120 Change command for shell de8a2e9 Use ansible module instead of command 41191f4 Remove the molteniron service from the integrated build 9b13d41 Remove all MQ vhost/user and DB create tasks 6d3091b Add more systematic healthchecks 570b47a Collect the generated repo_build files a75af3e Add jmespath to requirements.txt 8711b9d Normalise containers-lxc-* playbook structure d2c30df Use a static inventory skeleton 8913620 Do not install linux-image-extra by default 6348813 Allow AIO to automatically use an http proxy 84fc667 Preparing group of host is not a "change" 925273f Use upstream pypi before the repo is built 4603188 Add support for using distribution packages for OpenStack services abe0b22 Update all SHAs for milestone 3 01a5c89 Simplify bootstrap-ansible.sh 7e21b7c Remove useless group var 184dbb8 Update get-pip to version 3.3 2de7b49 Fix haproxy checks f2a3c8e Prevent incorrect credentials 90cd65e Remove the unnecessary space 2b2447e Change the osa wrapper from a heredoc to a file c8d1f02 Add openstack client to Ansible venv 0afba09 Use --version-sort instead of -n for role version bump 9186a60 Fix usage of "|" for tests ea915b3 Fix memcached_servers content ccff525 [doc] Clarify attendance of Core Reviewers at PTG & Summit 4b1aee4 Skip provider_networks module if possible af63bc0 On container destroy remove container journal 6d9f7f2 Fix IP lookup when no container_networks 6c19798 [trivial] Fix some wrong spellings in RabbitMQ maintenance doc ad98515 Do not run tasks for containers when on metal 1e4121f Allow inventories with no "properties" 7d98b2c Correct E408 pep8 lint errors b939b03 Ensure python2 is used in the ansible venv 8aa5234 Fix the reno usage c0906e5 Fix the default-variables line for firewalls 15c876b Be consistent with memcached group name 153831d Disable keepalived ping tests by default 15c1243 Pin get-pip.py to 3.2 1d9ad7d Ensure container name doesn't need to be defined e84ada6 Be consistent with haproxy group name e79314e Pin get-pip.py to 3.2 bd64bf7 Move MQ vhost/user creation into role (glance) 1e9c7b0 Add option to change fs type on bootstrap device 5ad3c76 Allow flexible tag for Rabbit monitoring user 6343df9 Do not build cryptography 1325449 Ensure python-keystoneclient has a lower bound 1ca4c0c Add link to "The OpenStack Way" of reviewing d3a0bfb Remove inline jinja case statements where possible a28b419 Test the main repo with next version of ansible 8c8e4be Unpin ceph-ansible and add ceph-ansible library path 1b58c9d Move database creation into role (trove) d2d2155 Move database creation into role (tacker) 6352555 Move database creation into role (rally) eeef4da Move database creation into role (octavia) f407d7f Move database creation into role (magnum) 300a076 Move database creation into role (designate) a63e4a3 Move database creation into role (congress) fe1519e Remove special extra repo setup from AIO bootstrap 90f1ed7 Set cache_timeout when creating nspawn containers 498b7da Update HAP check for nova console a39e53b Correct data disk format when using nspawn ebd7638 Stop setting a user to the symbolic link e31bb3a remove yum priority cf01f78 Revert "Add LXC and PIP mirrors" af14e9a Set force=true when creating the RPC users a6742a4 Update Ansible to 2.5.5 708b51d Add example host confd file for barbican 94edc07 Trivial: Update pypi url to new url 9a76790 Install gnocchi before ceilometer f55c977 Add LXC and PIP mirrors 332a0be Move database creation into role (nova) 8a18a23 Switch lxc_container_backing_store to default "dir" c9c3c87 Add RDO mirror e72136e Remove IP range 1.2.3.4 from doc examples c300748 Add mirrors for EPEL and Percona 27ac812 Use `member` instead of `Member` c21a2c0 Bump setuptool to 39.2.0 f8406a8 Set the BTRFS mixed flag when creating the BTRFS volumes 5791c51 Allow a bypass of operating system c79b782 Do not install tmux e8c3084 Bind internal services to internal IPs only e158262 Move database creation into role (barbican) 8b8db07 Remove rabbitmq vars from aodh playbook 6b1575c Move database creation into role (aodh) f592ed2 Use production like interfaces in the gate ad2f2e0 Set format options when prepairing filesystems 24c45ee Move database creation into role (ironic) 303608f Move database creation into role (heat) e2e4c45 Move database creation into role (sahara) 0ccc2be Begin testing opensuse and centos with nspawn c755401 Allow integration of externally deployed RadosGW f253b6c Unfreeze master 144b850 Fix loop variable name for nested loop 38b333b Freeze roles for Milestone 2 release 899bc74 Replace rabbitmq references with oslo messaging 52684ba playbooks: default: Remove double backslash in repo URL 2da56fb Disable LBaaS v2 on the aio 19fde37 Move database creation into role (cinder) 6c17930 Update Ansible to 2.5.4 b44b828 Move database creation into role (neutron) af6f38f Move database creation into role (keystone) 41f371d Fixed variable name notify_vhost 46e908d Move database creation into role (horizon) 855c096 Move database creation into role (gnocchi) 6dca33a [docs] Add reference page with release information fde6809 [docs] Replace bug classification with the project team guide reference 5811dc6 Replace 35357 with 5000 for Keystone Admin Port 3ba5809 scripts: bootstrap-ansible.sh: Bump SHA for Ansible 2.4 65b47eb tests: bootstrap-host: Set openSUSE OBS mirror for OpenStack CI fd2d680 Fixed typo in variable oslomsg_notify_transport 13ce4e0 Adds the certificate client key password to user_secrets 26c2c6f Remove rally_git_* overrides c8ac2d8 Use ARA instead of profile_tasks callback 17036d7 releasenotes: Declare openSUSE Leap 42.3 as supported distribution 9c3ed0d Add extra process documentation f4e8e7f Use upper constraints when installing ARA f6a6190 Remove not needed glance variables 999f843 scripts: bootstrap-ansible: Install python-pip on SUSE and Ubuntu abc2379 Add utility playbook to report all listening ports e69b530 Restore namespace per service for oslo.messaging update 986e35a Add mount options whenever formatting disks 0706b7e Remove non used variables 65e322c Remove default pip_links value 40771a0 Replace deprecated library function os.popen() with subprocess 03956a9 Convert rsyslog to an include_task c340a6e infra-journal-remote: Skip playbook on empty emtpy log_hosts group 8a1c8e5 Fix broken ceilometer variables ffad8eb zuul: Make openSUSE metal jobs voting bd185e2 Move database creation into role (glance) 8e11e64 Update docs to reflect release of Queens 4e9c15a Correct galera cluster maintainance example wording 79f745c Move radosgw keystone config tasks to their own playbook df70cdb Remove unused radosgw_ssl variable d8fcd1a Only implement openrc/clouds.yaml on a designated host 8530dcc Add python-keystoneclient to the ansible-runtime venv 6f7fce4 Improve the limited connectivity documentation 6677e1e Ensure that the repo servers also use the pypi cache f4e74ea Ensure facts are updated for new containers 52a1183 [docs] Fix lint failures a892f11 Fix spelling error and hypen 8797b7a Add information about restoring inventory from backup e44dc66 [Docs] Fix links to figures 3c50f79 Adjust inside/outside openstack-ci bootstrap-host tasks f711e0f Fix the incorrect cirros default password a57ac42 Provide an example for switch port configurations ba78028 Add more meaningful/user readable failure 9afb93f [Docs] Clarify the testing page 01d3912 Configure cors for glance for additional usability d743dbf Update the output for "openstack floating" command a182c4b Tidy registered variable names in rgw install c0b691e Run inventory-manage.py from the ansible-runtime venv 929aaf1 Support oslo.messaging services for separate RPC and Notification 2539195 Revert role freeze and update openstack_release for Rocky m2 8d2bb4c Add mount options for better machinectl performance a51d18c Add metal to gates 224fb46 Add metal jobs for SUSE/CentOS ec5b3a7 Freeze roles for Milestone 1 da956a0 Fix the credentials file name 0aaeffe Fix the appropriate kernel modules path 58f0017 Add missing static argument value bead62e log_hosts should be optional 9211ea4 Improve Congress scenario testing 816f65b Only run zfs command if command is present 6dfc33a Update Ansible to 2.4.4.0 792c753 Ensure that repo checks use the right values c514090 Enable horizon fwaas panels when firewall_v2 driver is enabled e60cbcd fix typos in documentation f19778e Configure Keystone to get a list of all HAproxy instances aac7e8c bootstrap-host: Set repo build pip default mirror when in openstack-ci d2e1065 Freeze the networking-odl repo from SHA bumps 115e1d6 Remove Octavia from translations scenario 61e8553 Remove tempest_git_* overrides 0b80488 Do not log passwords 82d618d Remove double warning from run-upgrade 0eb50f8 Update all SHAs for master e49bb6d Do not log passwords 2a80a32 Do not log passwords 563a488 Fix osa_toolkit dictutils import 3b325b7 Add nova/ironic/glance cross-service vars to group_vars/all 942eeb6 Remove spurious VxLAN bridge IP from ceph osd hosts 55e8240 Add IP addresses to infra node br-vxlan in the examples 1b39f3b Use a sensible vlan range in the example configs ff6e0ad remove unused tunnel_bridge from all example configs d03d4d5 Make the on metal job voting 06abce7 Fix parameter name for removing compute host 68e3f20 [Docs] Restructure inventory documentation 7868be4 [DOC] Update for Newton EOL e9eca74 Add default value for log_dirs in os-log-dir-setup.yml eda4ad6 Add periodic work for release preparations 7174629 Add playbook to ship journals from hosts 1dba8b6 Converge distro interfaces to systemd-networkd 45cebe8 Added monitoring tag to monitoring user creation task. cc98ed8 Work around nested virt issues on OVH test nodes 95f8c7c Reinstate SUSE testing in periodics a2a37e2 Fix onboarding link 3a4ca09 Developer docs refactor ca49f41 Ensure that RDO/SUSE series repo instructions stay up to date 08dccca bootstrap-host: Correct SuSE repo name e7b21c8 Do not generate the html ARA report any more 8662acf Update run_tests.sh and remove tests-repo-clone.sh a3fafc9 Run the on metal job 5a8e199 [Docs] Simplify docs configuration 90eb562 [Docs] Fix docs for latest openstackdocstheme 3999020 Add shade library to openstack-ansible venv 0e5b6cb Add missing service URLs for AODH 4ff9f15 Fixes typo to enable log rotate for Octavia b19cccc ansible-role-requirements: Add common python_venv_build role ca8e8fc Apply haproxy vars to haproxy group instead of haproxy_all 7402726 Convert role to use a common systemd role(s) e634df7 Ensure doc8 is run 55ce380 Fix Doc8 issue d99c1d3 [Docs] Include OpenStack-Ansible Manifesto 62bbe0f [Docs] Adapt the wording for disk requirements 9be2fe7 [Docs] Uniform image on top c49b5ef [Docs] Change heading in target hosts 9a66df1 Adds variables to ceilometer, because it fails when run playbook with telemetry enabled. 72a244d Disable ceph-ansible NTP installation 65f09e1 Add support for Horizon Octavia Dashboard b6119e6 common-tasks: Container Start/Stop conditions 9604e65 Re-add ceph NFS gateway disable settings b319899 zuul: Make openSUSE a voting job 0bfa253 [DOC] contributor: Add initial documentation for distribution support 8bfc323 [Docs] Simplify overview page eee6c77 Integrate Congress with OSA. dc890ee Add more infos into error message 97267d9 Do not collect physical host facts in playbook 84b669c Normalise the nspawn_hosts role name ff85f54 Increase DIB disk space to 3GB b72b3ad Stop inventory constantly giving containers new IP 0595e23 Correct is_container when deploying containers 8841cf3 repo-use.yml: Scope host groups properly 1d731cd Ensure package cache is updated appropriately 8c94cf5 [Docs] Fix doc building idempotency 6442320 [Docs] Simplify and fix docs configuration a56def6 Add some troubleshooting informations 8355505 Add missing Ubuntu packages 41433a9 Updated from global requirements beb36b8 Remove the "is_ssh_address" option from inventory a8b7f7c inventory: all: Switch package state to 'present' on openSUSE 758cd74 Stop running get-ansible-role-requirements with -vvv 882d98c bootstrap-host: Prepare disk for machinectl storage 20fdfb9 Update all references from the deprecated tenant_id to project_id. 58f49a8 Avoid putting rgw conf on ALL hosts 1c5b1ef scripts: scripts-library.sh: Fix typo 12c31c7 [docs] Remove mistaken static content in scenario table 886deb4 Updated from global requirements 581e6e5 Fix typo and misleading task name for nova-consoleauth c9eb144 Follow the new PTI for document build 270e77c Archive ARA report on successful jobs 337a376 tests: bootstrap-host: Switch to Queens repo for SUSE and Red Hat 6255727 Simplify SELinux check 90c1305 Clean-up gate code to use mirror_info and pin ceph-ansible SHA 07817a4 Fix BOOTSTRAP_OPTS ec2a865 Remove meta job map for aio->aio_lxc dc5c383 Set timeouts on uri tasks d94584b [Docs] Update troubleshooting 8602507 [Docs] Update scale environment c222b0d [Docs] Updating managing networks documentation 2941bd1 Merge haproxy plays af13971 Serialize haproxy plays 4aee350 Remove non used variables 57c9731 Update links in README f6deb4f scripts: scripts-library.sh: Fix dstat background process command c068952 Switch openstack_version back to 'master' 9f36b2d Use aio_basekit scenario for OpenSUSE 828613c tests: roles: bootstrap-host: SUSE: fix dbus package name c700fdb Ceph RadosGW integration 7b4989d Point to Queens as previous branch d080a61 Add a warning in openstack_hostnames_ips.yml 17c1439 Improve healthchecks 6b94b21 Isolate the Ansible bootstrap 41bd983 [Docs] Add explicit warnings on common mistake 99f4f17 [Docs] Guide users more 620ae77 Switch to using the imported nspawn roles cfae99d Replace http with https in app-resources.rst and delete useless url c2743f5 Remove the "max_fail_percentage" option f1a7525 [Docs] Migrate security into user guide f4bc81c CentOS 7 integrated gate optimization 72f46e7 Add base kit scenario b6eb92b [Docs] Move limited connectivity to user guide eb89fa5 [Docs] Centralize Inventory documentation 5d61ed4 Update documentation index to include Queens 99ca16e [Docs] Move network architecture into reference d27e329 [Docs] Move Ceph example to user guides 73c45a8 [Docs] Move more examples to user guide 1d47028 [Docs] Fix references 3d76d5e [Docs] Include test scenario as a new user story 14d4da7 Remove cloudwatch haproxy configuration dc8d625 [Docs] Move AIO to first scenario 134ec81 [Docs] Uniform landing text ba7e064 [Docs] Merge advanced configuration into reference 6435ec7 [Docs] Simplify advanced config 4db3962 [Docs] Migrate CLI reference to reference guide 56194bc [Docs] Move upgrade guides into ops 8e8fa3b [Docs] Flatten out maintenance task 87bb9bc [Docs] Promote Backup and Restore 14ae5a8 [Docs] Promote scale the environment c056d18 Normalize package installs and networking for AIO d5937a5 [Docs] Move the upgrade reference into reference 83a8f00 Go back to assuming volume size in GB 852a43f Increase Ansible SSH connection retries 415bdd2 [Docs] Add haproxy verification 2b88712 Remove pip_lock_to_internal_repo variable bc4f6ea Replace host_need_pip with standard override mechanism eb7661d Ensure that constraints are used for AIO bootstrap ebdd575 [Docs] Flatten out monitoring 8ce75ac [Docs] Update manage networks location c4d221e [Docs] Simplify structure of operations guide 148cc97 Have zuul check out ansible for devel AIO job bd72c2e Sort the RPM package list 73dfdab Unfreeze Rocky 152da42 [Docs] Unhide the ssl user story 7ec02ac Fix LXC volume size 9b86311 Fix ARA/log data collection and reporting c834eb9 Remove pycrypto from requirements.txt 074dd25 Update reno for stable/queens 29cefd5 [Docs] Remove duplicate hardening content b83ffe3 [Docs] Introduce next steps cc9bb3e [Docs] Less scary landing page 25407b3 [Docs] Link to the AIO 342f48c Whitelist Octavia API fd9cda8 Add nspawn container driver 1fd26bc Run openstack_openrc before Magnum installation 01de317 [DOC] rectify galera recovery for systemd 6a4c1bd Install mon servers in parallel. Diffstat (except docs and test files) ------------------------------------- .gitignore | 4 + .gitreview | 2 +- README.rst | 10 +- ansible-role-requirements.yml | 126 +++-- deploy-guide/source/app-aboutosa.rst | 52 ++ .../source/app-advanced-config-affinity.rst | 50 -- .../source/app-advanced-config-options.rst | 14 - .../source/app-advanced-config-override.rst | 270 ---------- .../source/app-advanced-config-security.rst | 38 -- .../source/app-advanced-config-sslcertificates.rst | 139 ------ deploy-guide/source/app-ceph.rst | 13 - deploy-guide/source/app-config-pod.rst | 159 ------ deploy-guide/source/app-config-prod-ceph.rst | 133 ----- deploy-guide/source/app-config-prod.rst | 126 ----- deploy-guide/source/app-config-test.rst | 112 ----- deploy-guide/source/app-custom-layouts.rst | 190 ------- deploy-guide/source/app-limited-connectivity.rst | 152 ------ deploy-guide/source/app-networking.rst | 118 ----- deploy-guide/source/app-resources.rst | 15 +- deploy-guide/source/app-security.rst | 161 ------ deploy-guide/source/app.rst | 11 +- deploy-guide/source/conf.py | 128 +++-- deploy-guide/source/configure.rst | 50 +- deploy-guide/source/deploymenthost.rst | 67 +-- .../source/figures/arch-layout-production-ceph.png | Bin 167033 -> 0 bytes .../source/figures/arch-layout-production-ceph.svg | 3 - .../source/figures/arch-layout-production.png | Bin 217767 -> 0 bytes .../source/figures/arch-layout-production.svg | 3 - deploy-guide/source/figures/arch-layout-test.png | Bin 220515 -> 0 bytes deploy-guide/source/figures/arch-layout-test.svg | 3 - deploy-guide/source/figures/arch-layout.graffle | Bin 8655 -> 0 bytes .../figures/networkarch-bare-external-example.png | Bin 107053 -> 0 bytes .../source/figures/networkarch-bare-external.png | Bin 109645 -> 0 bytes .../networkarch-container-external-example.png | Bin 178387 -> 0 bytes .../figures/networkarch-container-external.png | Bin 183958 -> 0 bytes deploy-guide/source/figures/networkcomponents.png | Bin 38304 -> 0 bytes deploy-guide/source/figures/networking-compute.png | Bin 116754 -> 0 bytes .../source/figures/networking-neutronagents.png | Bin 136895 -> 0 bytes .../source/figures/production-storage-cinder.png | Bin 102217 -> 0 bytes .../production-storage-cinder.svg/image3.wmf | Bin 19378 -> 0 bytes .../production-storage-cinder.svg | 3 - .../source/figures/production-storage-glance.png | Bin 87006 -> 0 bytes .../production-storage-glance.svg/image3.wmf | Bin 19378 -> 0 bytes .../production-storage-glance.svg | 3 - .../source/figures/production-storage-nova.png | Bin 84263 -> 0 bytes .../figures/production-storage-nova.svg/image3.wmf | Bin 19378 -> 0 bytes .../production-storage-nova.svg | 3 - .../source/figures/production-storage-swift.png | Bin 108150 -> 0 bytes .../source/figures/production-storage-swift.svg | 3 - .../figures/production-storage.graffle/data.plist | Bin 8497 -> 0 bytes .../figures/production-storage.graffle/image3.wmf | Bin 19378 -> 0 bytes deploy-guide/source/figures/production-storage.svg | 3 - deploy-guide/source/index.rst | 14 +- deploy-guide/source/next-steps.rst | 18 + deploy-guide/source/overview-network-arch.rst | 85 ---- deploy-guide/source/overview-osa.rst | 98 ---- deploy-guide/source/overview-requirements.rst | 92 ++-- .../source/overview-service-architecture.rst | 122 ----- deploy-guide/source/overview-storage-arch.rst | 167 ------- deploy-guide/source/overview.rst | 34 +- deploy-guide/source/run-playbooks.rst | 10 +- deploy-guide/source/targethosts-networkconfig.rst | 84 +++- deploy-guide/source/targethosts-prepare.rst | 54 +- deploy-guide/source/targethosts.rst | 9 +- deploy-guide/source/verify-operation.rst | 12 +- .../admin/maintenance-tasks/ansible-modules.rst | 42 +- .../admin/maintenance-tasks/inventory-backups.rst | 41 ++ .../admin/maintenance-tasks/managing-swift.rst | 80 --- .../admin/maintenance-tasks/network-maintain.rst | 196 -------- .../admin/maintenance-tasks/rabbitmq-maintain.rst | 21 +- .../admin/maintenance-tasks/scale-environment.rst | 402 --------------- .../monitor-environment/monitoring-systems.rst | 11 - .../admin/openstack-operations/cli-operations.rst | 74 +-- .../admin/openstack-operations/managing-images.rst | 1 - .../openstack-operations/managing-instances.rst | 1 - .../openstack-operations/managing-networks.rst | 192 +++++++ .../admin/openstack-operations/network-service.rst | 44 +- .../admin/openstack-operations/verify-deploy.rst | 170 +++++-- .../upgrades/major-upgrades-manual-upgrade.rst | 276 +++++++++++ .../admin/upgrades/major-upgrades-with-script.rst | 29 ++ .../architecture/container-networking.rst | 106 ++++ .../reference/configuration/advanced-config.rst | 18 + .../reference/configuration/extending-osa.rst | 83 ++++ .../configuration/extra-python-software.rst | 37 ++ .../reference/configuration/using-overrides.rst | 459 +++++++++++++++++ .../figures/networkarch-bare-external-example.png | Bin 0 -> 107053 bytes .../figures/networkarch-bare-external.png | Bin 0 -> 109645 bytes .../networkarch-container-external-example.png | Bin 0 -> 178387 bytes .../figures/networkarch-container-external.png | Bin 0 -> 183958 bytes .../reference/figures/networking-compute.png | Bin 0 -> 116754 bytes .../reference/figures/networking-neutronagents.png | Bin 0 -> 136895 bytes .../figures/production-storage-cinder.png | Bin 0 -> 102217 bytes .../production-storage-cinder.svg/image3.wmf | Bin 0 -> 19378 bytes .../production-storage-cinder.svg | 3 + .../figures/production-storage-glance.png | Bin 0 -> 87006 bytes .../production-storage-glance.svg/image3.wmf | Bin 0 -> 19378 bytes .../production-storage-glance.svg | 3 + .../reference/figures/production-storage-nova.png | Bin 0 -> 84263 bytes .../figures/production-storage-nova.svg/image3.wmf | Bin 0 -> 19378 bytes .../production-storage-nova.svg | 3 + .../reference/figures/production-storage-swift.png | Bin 0 -> 108150 bytes .../reference/figures/production-storage-swift.svg | 3 + .../figures/production-storage.graffle/data.plist | Bin 0 -> 8497 bytes .../figures/production-storage.graffle/image3.wmf | Bin 0 -> 19378 bytes .../reference/figures/production-storage.svg | 3 + .../reference/inventory/configure-inventory.rst | 237 +++++++++ .../reference/inventory/generate-inventory.rst | 127 +++++ .../reference/inventory/manage-inventory.rst | 70 +++ .../inventory/openstack-user-config-reference.rst | 12 + .../inventory/understanding-inventory.rst | 99 ++++ .../reference/upgrades/reference-scripts.rst | 45 ++ .../upgrades/reference-upgrade-playbooks.rst | 113 +++++ .../user/figures/arch-layout-production-ceph.png | Bin 0 -> 167033 bytes .../user/figures/arch-layout-production-ceph.svg | 3 + .../example-switchport-config-and-cabling.png | Bin 0 -> 245571 bytes etc/network/interfaces.d/aio_interfaces.cfg | 7 +- .../openstack_interface.cfg.pod.example | 20 +- .../openstack_interface.cfg.prod.example | 21 +- .../openstack_interface.cfg.test.example | 22 +- etc/openstack_deploy/conf.d/barbican.yml.aio | 4 + etc/openstack_deploy/conf.d/barbican.yml.example | 8 + etc/openstack_deploy/conf.d/ceph.yml.aio | 5 + etc/openstack_deploy/conf.d/congress.yml.aio | 4 + etc/openstack_deploy/conf.d/molteniron.yml.aio | 4 - etc/openstack_deploy/conf.d/swift.yml.aio | 4 +- etc/openstack_deploy/env.d/aio_metal.yml.example | 3 - etc/openstack_deploy/openstack_user_config.yml.aio | 4 +- .../openstack_user_config.yml.aio-nspawn.j2 | 137 +++++ .../openstack_user_config.yml.aio.j2 | 15 +- .../openstack_user_config.yml.example | 47 +- .../openstack_user_config.yml.pod.example | 7 +- .../openstack_user_config.yml.prod-ceph.example | 4 +- .../openstack_user_config.yml.prod.example | 10 +- .../openstack_user_config.yml.test.example | 4 +- etc/openstack_deploy/user_secrets.yml | 132 ++++- etc/openstack_deploy/user_variables.yml | 6 + .../user_variables.yml.prod-ceph.example | 2 +- .../user_variables.yml.prod.example | 2 +- global-requirement-pins.txt | 8 +- inventory/env.d/ceph.yml | 14 + inventory/env.d/congress.yml | 36 ++ inventory/env.d/molteniron.yml | 35 -- inventory/group_vars/all/all.yml | 46 +- inventory/group_vars/all/ceph-rgw.yml | 20 + inventory/group_vars/all/ceph.yml | 8 + inventory/group_vars/all/designate.yml | 6 +- inventory/group_vars/all/glance.yml | 23 +- inventory/group_vars/all/horizon.yml | 16 + inventory/group_vars/all/infra.yml | 15 +- inventory/group_vars/all/ironic.yml | 24 + inventory/group_vars/all/keystone.yml | 38 +- inventory/group_vars/all/neutron.yml | 8 - inventory/group_vars/all/octavia.yml | 9 +- inventory/group_vars/all/oslo-messaging.yml | 28 ++ inventory/group_vars/all/pip.yml | 12 - inventory/group_vars/all_containers.yml | 1 - inventory/group_vars/aodh_all.yml | 7 +- inventory/group_vars/barbican_all.yml | 11 - inventory/group_vars/ceilometer_all.yml | 19 +- inventory/group_vars/ceph-rgw.yml | 13 + inventory/group_vars/ceph_all.yml | 9 + inventory/group_vars/cinder_all.yml | 25 - inventory/group_vars/congress_all.yml | 24 + inventory/group_vars/designate_all.yml | 22 - inventory/group_vars/galera_all.yml | 10 +- inventory/group_vars/glance_all.yml | 28 -- inventory/group_vars/gnocchi_all.yml | 3 - inventory/group_vars/haproxy/haproxy.yml | 360 ++++++++++++++ inventory/group_vars/haproxy/keepalived.yml | 71 +++ inventory/group_vars/haproxy_all/haproxy.yml | 357 ------------- inventory/group_vars/haproxy_all/keepalived.yml | 71 --- inventory/group_vars/heat_all.yml | 17 - inventory/group_vars/horizon_all.yml | 5 +- inventory/group_vars/ironic_all.yml | 17 - inventory/group_vars/keystone_all.yml | 32 +- inventory/group_vars/magnum_all.yml | 11 - inventory/group_vars/memcached.yml | 2 +- inventory/group_vars/neutron_all.yml | 16 - inventory/group_vars/nova_all.yml | 42 +- inventory/group_vars/octavia_all.yml | 12 +- inventory/group_vars/physical_hosts.yml | 2 + inventory/group_vars/repo_all.yml | 14 +- inventory/group_vars/sahara_all.yml | 19 - inventory/group_vars/swift_all.yml | 10 - inventory/group_vars/tacker_all.yml | 14 - inventory/group_vars/trove_all.yml | 20 - inventory/group_vars/utility_all.yml | 20 +- inventory/inventory.ini | 197 ++++++++ osa_toolkit/filesystem.py | 5 +- osa_toolkit/generate.py | 78 +-- osa_toolkit/manage.py | 4 +- playbooks/ceph-install.yml | 53 +- playbooks/ceph-rgw-install.yml | 72 +++ playbooks/ceph-rgw-keystone-setup.yml | 108 ++++ playbooks/common-playbooks/cinder.yml | 21 +- playbooks/common-playbooks/glance.yml | 30 +- playbooks/common-playbooks/neutron.yml | 50 +- playbooks/common-playbooks/nova.yml | 65 ++- playbooks/common-tasks/dynamic-address-fact.yml | 40 +- playbooks/common-tasks/mysql-db-user.yml | 41 -- playbooks/common-tasks/os-log-dir-setup.yml | 6 +- playbooks/common-tasks/os-lxc-container-setup.yml | 20 +- .../common-tasks/os-nspawn-container-setup.yml | 129 +++++ playbooks/common-tasks/package-cache-proxy.yml | 54 +- playbooks/common-tasks/rabbitmq-vhost-user.yml | 41 -- .../common-tasks/remove_container_journal.yml | 23 + playbooks/common-tasks/rsyslog-client.yml | 23 + playbooks/common-tasks/set-pip-upstream-url.yml | 40 -- playbooks/common-tasks/set-pip-vars.yml | 83 ++++ playbooks/common-tasks/set-upper-constraints.yml | 78 --- playbooks/containers-deploy.yml | 6 +- playbooks/containers-lxc-create.yml | 68 ++- playbooks/containers-lxc-destroy.yml | 31 +- playbooks/containers-lxc-host.yml | 31 +- playbooks/containers-nspawn-create.yml | 119 +++++ playbooks/containers-nspawn-destroy.yml | 112 +++++ playbooks/containers-nspawn-host.yml | 26 + playbooks/defaults/distro_install.yml | 72 +++ playbooks/defaults/healthchecks-vars.yml | 107 ++++ playbooks/defaults/repo_packages/gnocchi.yml | 3 +- playbooks/defaults/repo_packages/nova_consoles.yml | 9 +- .../defaults/repo_packages/openstack_services.yml | 150 ++++-- .../defaults/repo_packages/openstack_testing.yml | 39 -- playbooks/defaults/source_install.yml | 43 ++ playbooks/etcd-install.yml | 4 +- playbooks/galera-install.yml | 27 +- playbooks/haproxy-install.yml | 48 +- playbooks/healthcheck-hosts.yml | 94 ++++ playbooks/healthcheck-infrastructure.yml | 220 ++++---- playbooks/healthcheck-openstack.yml | 552 +++++++++++++++++++++ playbooks/infra-journal-remote.yml | 109 ++++ playbooks/listening-port-report.yml | 36 ++ playbooks/memcached-install.yml | 18 +- playbooks/openstack-hosts-setup.yml | 12 +- playbooks/os-aodh-install.yml | 53 +- playbooks/os-barbican-install.yml | 46 +- playbooks/os-ceilometer-install.yml | 32 +- playbooks/os-cinder-install.yml | 56 +-- playbooks/os-congress-install.yml | 58 +++ playbooks/os-designate-install.yml | 58 +-- playbooks/os-glance-install.yml | 49 +- playbooks/os-gnocchi-install.yml | 49 +- playbooks/os-heat-install.yml | 63 +-- playbooks/os-horizon-install.yml | 38 +- playbooks/os-ironic-install.yml | 48 +- playbooks/os-keystone-install.yml | 88 ++-- playbooks/os-magnum-install.yml | 48 +- playbooks/os-molteniron-install.yml | 54 -- playbooks/os-neutron-install.yml | 45 -- playbooks/os-nova-install.yml | 82 +-- playbooks/os-octavia-install.yml | 51 +- playbooks/os-rally-install.yml | 14 +- playbooks/os-sahara-install.yml | 58 +-- playbooks/os-swift-install.yml | 43 +- playbooks/os-swift-sync.yml | 3 +- playbooks/os-tacker-install.yml | 47 +- playbooks/os-tempest-install.yml | 19 +- playbooks/os-trove-install.yml | 58 +-- playbooks/rabbitmq-install.yml | 24 +- playbooks/repo-build.yml | 5 +- playbooks/repo-server.yml | 49 +- playbooks/repo-use.yml | 23 +- playbooks/rsyslog-install.yml | 11 +- playbooks/setup-infrastructure.yml | 3 + playbooks/setup-openstack.yml | 10 +- playbooks/unbound-install.yml | 3 +- playbooks/utility-install.yml | 98 ++-- .../notes/add-bionic-support-999217a9f7f213cc.yaml | 13 + .../notes/add-cors-config-6326223fe7fa7423.yaml | 5 + ...octavia-dashboard-support-faed0fd8e11e8f50.yaml | 7 + .../notes/add-nspawn-driver-ac2aa38f04a7505a.yaml | 16 + .../add-opensuse-support-a8ec3f54188e5f01.yaml | 14 +- .../notes/add-random-devices-38671b23cb1319b8.yaml | 14 + .../notes/added-vendor-data-c35cb7735b1ee9c7.yaml | 4 + .../aodh-service-setup-host-d28f6974160fd939.yaml | 17 + ...rbican-service-setup-host-a5da4ed51d164fb5.yaml | 17 + ...ld-rally-with-constraints-60e12254103018c4.yaml | 11 + ...-tempest-with-constraints-409eab81862db701.yaml | 11 + ...ometer-service-setup-host-18179a1f9b71fb14.yaml | 25 + .../notes/ceph-ansible-ntp-8d5078e3e1340ef4.yaml | 11 + .../certificate_generation-a9cdcc8e3b1e186f.yaml | 14 + ...cinder-service-setup-host-712ca5e7b7b9d578.yaml | 17 + .../notes/cmd2-0.9.0-838765e91d9be69e.yaml | 7 + .../container-extra-networks-c74119ba6a559a59.yaml | 8 + ...atic-mac-addresses-always-8d3843e436ad046c.yaml | 5 + .../container_namespaces-8a0b9af1ec09060f.yaml | 6 + .../custom-pip-package-add-4c17638c6e5b3373.yaml | 6 + .../deprecated-iscsi_helper-98fd2aebfd72fdf6.yaml | 5 + .../designate-1604-support-d397681dd302eda9.yaml | 1 + ...ignate-service-setup-host-78466665a752dadd.yaml | 17 + .../notes/drop-custom-themes-724c40e5cd69b8e2.yaml | 10 + .../notes/elang-version-2c1135466ef94032.yaml | 9 + ...astestmirror-configurable-08e075f8602164e5.yaml | 7 + .../notes/fedora-27-support-a1e0c670e4fc5626.yaml | 5 + releasenotes/notes/fix_quota-e3d4bf0b896dc393.yaml | 12 + .../notes/get-nested-removed-779b8d2648d2e8b4.yaml | 5 + ...git-sourced-config-change-5b445d3ce26d29c1.yaml | 17 + ...glance-service-setup-host-b0e71be408de074b.yaml | 17 + ...nocchi-service-setup-host-ef418b0e709ae796.yaml | 17 + .../heat-service-setup-host-e15eb9aa40414697.yaml | 17 + ...orizon-service-setup-host-9728b772d2514dd9.yaml | 17 + .../notes/image_download-754d13e7df9b7891.yaml | 16 + ...ironic-service-setup-host-658842e1875ea7bf.yaml | 17 + .../notes/journal-link-3c23aab5b5ed3441.yaml | 14 + .../notes/journal-log-ccba504642b49612.yaml | 5 + .../notes/journal-log-ccbb504642b49611.yaml | 9 + .../notes/journal-log-ccbb504642b49614.yaml | 5 + .../notes/journal-log-cwbr504hd9b59612.yaml | 5 + .../notes/journal-log-cxcb512642b49617.yaml | 9 + .../notes/journal-log-xcba504642b49619.yaml | 6 + .../notes/journal-log-ycba504642b47619.yaml | 5 + ...ystone-service-setup-host-cd3ee3346af823e6.yaml | 17 + ...tworking-convert-networkd-5b514e604df7c429.yaml | 9 + .../libvirt-python-symlink-e892dd3536c02179.yaml | 19 + .../notes/lxc_image_cache-f14701a7qw90al21.yaml | 27 + ...magnum-service-setup-host-ea285f161e625980.yaml | 22 + .../molteniron-deprecation-87ee6f12a3dcb1e8.yaml | 7 + ...endaylight-bgpvpn-support-3e44e278a53deeac.yaml | 8 + ...tron-opendaylight-support-453dc9324eafaae7.yaml | 1 + ...eutron-service-setup-host-895ececec99d7a51.yaml | 17 + .../notes/no-is_ssh_address-ee424e66b8895a07.yaml | 10 + .../nova-service-setup-host-f62d2eaede77d23c.yaml | 17 + ...ctavia-service-setup-host-d57533fdea394394.yaml | 25 + ...ack-distribution-packages-176e5d8a5ef3ad4b.yaml | 8 + ...ack-distribution-packages-1f8b8dd56b58180f.yaml | 7 + ...ack-distribution-packages-292a6cb46e3adc32.yaml | 7 + ...ack-distribution-packages-2f041fb59bfbb7ef.yaml | 7 + ...ack-distribution-packages-416a67fc03d79dc9.yaml | 7 + ...ack-distribution-packages-9fa11225b7f06125.yaml | 7 + ...ack-distribution-packages-b1c9e1f488e53872.yaml | 7 + ...ack-distribution-packages-bbec587237b8bc80.yaml | 7 + ...ack-distribution-packages-c6dc58c949068713.yaml | 7 + ...ack-distribution-packages-ca14e38bbea872b2.yaml | 7 + ...ack-distribution-packages-d42a426bb57f76b1.yaml | 7 + ...ack-distribution-packages-f5d3174b96fc2372.yaml | 7 + ...ack-distribution-packages-fcb6220fdeb3668c.yaml | 7 + ...nstack-service-setup-host-f38d655eed285f57.yaml | 13 + .../optional-schedule-zone-12479db3ba0e9267.yaml | 8 + .../os_cinder-remove-v1-api-71b2f265936e89b2.yaml | 8 + .../oslo-messaging-backends-65287400dba86fce.yaml | 20 + ...ssaging-separate-backends-06a1b30ffb228f22.yaml | 19 + ...ssaging-separate-backends-1fbdb77e93e29542.yaml | 20 + ...ssaging-separate-backends-3b2dac9462595b31.yaml | 14 + ...ssaging-separate-backends-401c97b4c48a9b31.yaml | 20 + ...ssaging-separate-backends-4491e7c099bee4f5.yaml | 21 + ...ssaging-separate-backends-60f81dae397b1c96.yaml | 15 + ...ssaging-separate-backends-61d279ded1bc999e.yaml | 20 + ...ssaging-separate-backends-652f63d5c21b1884.yaml | 20 + ...ssaging-separate-backends-702d7b33fda7a9f5.yaml | 19 + ...ssaging-separate-backends-87f2d1a15c202f73.yaml | 20 + ...ssaging-separate-backends-9b3fcaaa21a0d9f4.yaml | 19 + ...ssaging-separate-backends-a3af6957a984ac51.yaml | 20 + ...ssaging-separate-backends-e68c98d4f9d9a79c.yaml | 19 + ...ssaging-separate-backends-e82ea3162d2d383f.yaml | 15 + ...ssaging-separate-backends-e8a0b6857f2a9749.yaml | 20 + ...-control-upgrade-strategy-2807e228d529c389.yaml | 15 + .../ppc64le-var-changes-84aa4f3f9bb0ef52.yaml | 31 ++ .../notes/pypi-cache-removed-c03a9a0658c9d89f.yaml | 10 + .../python2-lxc-git-removal-5d20c07d80aaa75b.yaml | 2 +- ...ove-distro-package-lookup-340b0fedb25a7c4b.yaml | 8 + .../notes/remove-fax-fail-5038b4b6eb4951b3.yaml | 21 + ...ve-ping-checks-by-default-f86fc237e779b80e.yaml | 6 + ...ove-required-pip-packages-49a4215bdddea189.yaml | 5 + .../notes/remove-v1-api-4c66f43c4f8404b6.yaml | 6 + .../notes/remove-v1-api-4fda1ee243203fe5.yaml | 5 + ...iable_python_ceph_package-9575466eb146e500.yaml | 8 + ...-server-required-packages-9a5b1a5c1236030f.yaml | 5 + .../notes/rsyslog-disable-ffc4ebf27cc77330.yaml | 6 + ...sahara-service-setup-host-18f57fbc1671adfc.yaml | 17 + .../notes/separate-host-vars-0f4d4bd76124ae68.yaml | 8 + .../notes/set-limit-disabled-25998f1f12987c12.yaml | 20 + .../notes/set-limit-enabled-25998f1f12987c12.yaml | 13 + ...l_modules_with_group_vars-8d169f564ffd450c.yaml | 2 +- .../sso-callback-template-cf720ab7f6fc2461.yaml | 5 + .../swift-service-setup-host-b3d0aca53522a887.yaml | 17 + .../systemd-journal-remote-25248628390b46d9.yaml | 9 + ...empest-service-setup-host-da08c1d4775ea0d1.yaml | 25 + .../tempest-test-blacklist-4ec6cc32798874ce.yaml | 6 + .../notes/template-setup-70a3daadc2a9d93b.yaml | 10 + .../trove-service-setup-host-5bb64b2356ca81e2.yaml | 17 + .../use-pip-distro-packages-2505f6e630a94850.yaml | 6 + .../notes/user-containers-1daed001ee6b88ae.yaml | 9 + ...space_group_and_host_vars-14f77b5eb518e32d.yaml | 4 +- releasenotes/source/index.rst | 1 + releasenotes/source/queens.rst | 6 + requirements.txt | 23 +- scripts/bootstrap-aio.sh | 32 +- scripts/bootstrap-ansible.sh | 186 ++----- scripts/gate-check-commit.sh | 88 +--- scripts/get-ansible-role-requirements.yml | 91 ++++ scripts/inventory-manage.py | 2 +- scripts/openstack-ansible.rc | 16 +- scripts/openstack-ansible.sh | 79 +++ scripts/rabbitmq-test.py | 2 +- scripts/run-upgrade.sh | 32 +- scripts/scripts-library.sh | 203 +++++--- scripts/sources-branch-updater-lib.sh | 8 +- scripts/test-log-collect.sh | 26 - .../playbooks/deploy-config-changes.yml | 2 +- .../playbooks/memcached-flush.yml | 2 +- .../playbooks/molteniron-role-removal.yml | 29 ++ .../playbooks/user-secrets-adjustment.yml | 39 +- .../scripts/migrate_openstack_vars.py | 2 +- test-requirements.txt | 7 - .../bootstrap-host/files/user_variables_proxy.yml | 11 + .../bootstrap-host/tasks/check-requirements.yml | 66 ++- .../bootstrap-host/tasks/install_packages.yml | 99 +--- .../bootstrap-host/tasks/prepare_aio_config.yml | 185 ++++--- .../bootstrap-host/tasks/prepare_data_disk.yml | 131 ++++- .../tasks/prepare_loopback_btrfs.yml | 40 ++ .../tasks/prepare_loopback_cinder.yml | 73 +-- .../tasks/prepare_loopback_machines.yml | 44 ++ .../bootstrap-host/tasks/prepare_loopback_nova.yml | 25 +- .../bootstrap-host/tasks/prepare_loopback_swap.yml | 54 +- .../tasks/prepare_loopback_swift.yml | 43 +- .../bootstrap-host/tasks/prepare_loopback_zfs.yml | 37 ++ .../bootstrap-host/tasks/prepare_networking.yml | 347 ++++++------- .../roles/bootstrap-host/tasks/prepare_octavia.yml | 6 +- .../bootstrap-host/templates/apt-sources.list.j2 | 16 - .../bootstrap-host/templates/osa_interfaces.cfg.j2 | 107 ---- .../templates/osa_interfaces_multinode.cfg.j2 | 28 -- .../templates/redhat_interface_alias.cfg.j2 | 5 - .../templates/redhat_interface_default.cfg.j2 | 12 - .../templates/rpm_interface_ifdown-post.cfg.j2 | 29 -- .../templates/rpm_interface_ifup-post.cfg.j2 | 35 -- .../templates/suse_interface_default.cfg.j2 | 9 - .../templates/user_variables.aio.yml.j2 | 56 +-- .../templates/user_variables_barbican.yml.j2 | 22 + .../templates/user_variables_ceph.yml.j2 | 2 +- .../templates/user_variables_congress.yml.j2 | 21 + .../templates/user_variables_octavia.yml.j2 | 2 +- .../templates/user_variables_translations.yml.j2 | 7 + tox.ini | 12 +- zuul.d/jobs.yaml | 187 +++++-- zuul.d/playbooks/post.yml | 28 +- zuul.d/playbooks/run.yml | 12 +- zuul.d/project-templates.yaml | 162 ++++++ zuul.d/project.yaml | 49 +- 537 files changed, 14583 insertions(+), 10940 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index d76e954..0787567 100644 --- a/requirements.txt +++ b/requirements.txt @@ -5 +5 @@ pyasn1!=0.2.3,>=0.1.8 # BSD -pyOpenSSL>=16.2.0 # Apache-2.0 +pyOpenSSL>=17.1.0 # Apache-2.0 @@ -9 +8,0 @@ PrettyTable<0.8,>=0.7.1 # BSD -pycrypto>=2.6 # Public Domain @@ -11 +10 @@ python-memcached>=1.56 # PSF -PyYAML>=3.10 # MIT +PyYAML>=3.12 # MIT @@ -12,0 +12,18 @@ virtualenv>=14.0.6 # MIT + +# We use this for our own keystone module. +# TODO(odyssey4me): Remove this once we no +# longer use our own keystone module. +python-keystoneclient>=3.8.0 # Apache-2.0 + +# We use this for the octavia role to be able +# to upload a tagged image. +# Remove this once Ansible can do this with +# modules instead. +python-openstackclient>=3.14.2 + +# We use this for the Ansible openstack +# modules. +shade>=1.17.0 # Apache-2.0 + +# We use this for the json_query filter +jmespath>=0.9.3 # MIT diff --git a/test-requirements.txt b/test-requirements.txt index 3b4da26..20122f7 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -11,7 +10,0 @@ virtualenv>=14.0.6 # MIT - -# this is required for the docs build jobs -sphinx!=1.6.6,>=1.6.2 # BSD -openstackdocstheme>=1.18.1 # Apache-2.0 -doc8>=0.6.0 # Apache-2.0 -reno>=2.5.0 # Apache-2.0 -sphinxmark>=0.1.14 # Apache-2.0