We are chuffed to announce the release of: kolla-ansible 18.2.0: Ansible Deployment of Kolla containers This release is part of the caracal release series. The source is available from: https://opendev.org/openstack/kolla-ansible Download the package from: https://tarballs.openstack.org/kolla-ansible/ Please report issues through: https://bugs.launchpad.net/kolla-ansible/+bugs For more details, please see below. 18.2.0 ^^^^^^ New Features ************ * Modifies public API firewalld rules to be applied immediately to a running firewalld service. This requires firewalld to be running, but avoids reloading firewalld, which is disruptive due to the way in which firewalld builds its firewall chains. * Added a command to upgrade to a target version of RabbitMQ. This is required before a SLURP upgrade. See the docs for more details: https://docs.openstack.org/kolla-ansible/latest/reference/message- queues/rabbitmq.html#slurp Bug Fixes ********* * Fixes an deploy opensearch with enable TLS on the internal VIP. * Fixes handling of openvswitch on "manila-share" nodes. LP#1993285 * Adds database configuration necessary for barbican. LP#2072554 * Fixes behaviour of Change Password screen in Horizon until bug #2073639 is resolved. LP#2073159 * Fixes the Python requests library issue when using custom CA by adding the REQUESTS_CA environment variable to the kolla-toolbox container. See LP#1967132 * Fixes the detection of the Nova Compute Ironic service when a custom *host* option is set in the service config file. See LP#2056571 * Removes the default */tmp/* mountpoint from the horizon container. This change is made to harden the container and prevent potential security issues. For more information, see the Bug Report: LP#2068126. * Fixed an issue with the "prometheus.yml" template which would break when deploying alertmanager. * Fixes an issue where OVN northbound or southbound database deployment could fail when a new leader is elected. LP#2059124 Changes in kolla-ansible 18.1.0..18.2.0 --------------------------------------- 014dd4915 Apply public firewalld rules immediately 2e31fbd67 Add REQUESTS_CA_BUNDLE to kolla-toolbox container e32cda95d hardening horizon: don't mount hosts /tmp d98c5b49d [2024.1 only] CI: RMQ version upgrade before SLURP 03c7e8496 Add command to upgrade to a target version of RMQ d79698ae9 CI: Only migrate RMQ queues during SLURP 6876041e2 Fix issue with Swift Recon middleware 3340cfe35 Fix post-config of OVS for manila-share servers 0f97aa222 Fix prometheus.yml templating be86bf81c Work around OVN DB leader election race condition c0eee5e6a CI: drop RMQ reconfigure step in queue migrations 4268379da Restart OVS container after hw-offload change e77135b19 Add /v3 suffix to OPENSTACK_KEYSTONE_URL 9206eb495 fix flake8 error in database_shards.py 88e6a3784 CI: Use u-c in openstack-clients role 0c52bb15b Support custom Nova Compute Ironic host names dad9bc400 Fix barbican's configuration e70468f57 Add ca_path for module uri in opensearch role d090164bb Fix prechecks for interfaces with dashes Diffstat (except docs and test files) ------------------------------------- ansible/rabbitmq-upgrade.yml | 21 ++++++++ ansible/roles/barbican/templates/barbican.conf.j2 | 7 ++- ansible/roles/common/defaults/main.yml | 1 + ansible/roles/haproxy-config/tasks/main.yml | 7 ++- ansible/roles/horizon/defaults/main.yml | 1 - .../horizon/templates/_9998-kolla-settings.py.j2 | 3 +- ansible/roles/loadbalancer/handlers/main.yml | 6 --- ansible/roles/loadbalancer/tasks/precheck.yml | 2 +- .../nova-cell/tasks/wait_discover_computes.yml | 2 +- ansible/roles/nova-cell/templates/nova.conf.j2 | 2 +- ansible/roles/opensearch/handlers/main.yml | 2 + ansible/roles/opensearch/tasks/post-config.yml | 4 ++ ansible/roles/openvswitch/tasks/post-config.yml | 6 ++- ansible/roles/ovn-db/defaults/main.yml | 2 + ansible/roles/ovn-db/tasks/bootstrap-db.yml | 10 ++++ ansible/roles/prechecks/tasks/port_checks.yml | 2 +- .../roles/prometheus/templates/prometheus.yml.j2 | 4 +- ansible/roles/rabbitmq/defaults/main.yml | 2 + ansible/roles/swift/tasks/start.yml | 2 + .../logging-and-monitoring/prometheus-guide.rst | 2 +- kolla_ansible/database_shards.py | 4 +- .../notes/add-opensearch-uri-68a657c55ce9c9f1.yaml | 4 ++ .../notes/bug-1993285-127fe764e461465a.yaml | 5 ++ .../notes/bug-2072554-d113b89975985520.yaml | 5 ++ .../notes/bug-2073159-c54c773c72c8fb11.yaml | 6 +++ .../notes/bug-923105-d451a78930973a82.yaml | 7 +++ .../firewalld-immediate-c2abf09977c455a9.yaml | 7 +++ ...ompute-ironic-host-option-a7a3f6ae095f5201.yaml | 6 +++ .../harden_horizon_tmp_usage-0d690e49645b99a8.yaml | 6 +++ .../prometheus-template-fix-b971aad477a8fdc9.yaml | 5 ++ ...mq-target-upgrade-command-d5f9d9fc27fa28f8.yaml | 6 +++ ...round-ovn-leader-election-f7f75e93e9300d96.yaml | 6 +++ roles/cephadm/tasks/main.yml | 4 +- roles/openstack-clients/defaults/main.yml | 2 + roles/openstack-clients/tasks/main.yml | 1 + tools/kolla-ansible | 8 +++ 42 files changed, 300 insertions(+), 60 deletions(-)