We are excited to announce the release of: kayobe 7.1.0: Deployment of OpenStack to bare metal using OpenStack kolla and bifrost This release is part of the train stable release series. The source is available from: https://opendev.org/openstack/kayobe Download the package from: https://tarballs.openstack.org/kayobe/ Please report issues through: https://storyboard.openstack.org/#!/project/openstack/kayobe For more details, please see below. 7.1.0 ^^^^^ New Features ************ * Adds a "kayobe overcloud service stop" command. This can be used to stop containerised services running on overcloud hosts. * Adds support for CentOS 8 as a host Operating System and base container image. This is the only major version of CentOS supported from the Ussuri release. The Train release supports both CentOS 7 and 8 hosts, and provides a route for migration. * Adds support for configuration of DNF repositories on CentOS 8. Variables have been added in a new configuration file, "dnf.yml". Backwards compatibility with the Yum configuration variables is provided. * Adds support for applying regular package updates on CentOS 8 via DNF Automatic. Variables have been added in a new configuration file, "dnf.yml". Backwards compatibility with the Yum-cron configuration variables is provided. * Adds a "seed_vm_interfaces" variable which defines the network interfaces to which the seed VM is attached. * Adds a variable for controlling the tag applied to built container images - "kolla_tag". This separates the configuration of the tag for image building from that used for deployment ("kolla_openstack_release"). The default for "kolla_tag" is "kolla_openstack_release". Known Issues ************ * Fixes an issue where provisioning a seed VM would fail when the Ansible control host and the seed hypervisor are different hosts. See story 2007530 (https://storyboard.openstack.org/#!/story/2007530) for more details. Upgrade Notes ************* * Some images were supported by CentOS 7 but lack suitable packages in CentOS 8, and are no longer supported for CentOS. See Kolla release notes for details. * Support for configuring an NTP daemon on the seed and overcloud hosts is no longer present for CentOS 8, as appropriate packages are not available. Instead, Kolla Ansible is configured to deploy the "chrony" container on CentOS 8 overcloud hosts by default. Note that for CentOS 8 during the Train release, the standard "kolla_enable_chrony" variable in "${KAYOBE_CONFIG_PATH}/kolla.yml" has no effect. Instead, chrony may be disabled by setting "enable_chrony" to "false" in "${KAYOBE_CONFIG_PATH}/kolla/globals.yml". * The default order of network interfaces in the seed VM is now sorted alphabetically based on their Kayobe network name. This may require the seed's network interface names to be changed in configuration if the seed VM is recreated. See story 2007259 for details. Deprecation Notes ***************** * The Yum configuration variables in "yum.yml" are deprecated and will be removed in a future release. Adapt any configuration overrides to use the new DNF variables in "dnf.yml" instead. * The yum-cron configuration variables in "yum-cron.yml" are deprecated and will be removed in a future release. Adapt any configuration overrides to use the new DNF automatic variables in "dnf.yml". Bug Fixes ********* * Fixes an issue where chronyd would be enabled as a systemd service in addition to ntpd. This causes issues in deployments where the NTP servers have been customized, as chronyd would win the race on startup, but its configuration file would not have been configured by Kayobe. See story 2005272 (https://storyboard.openstack.org/#!/story/2005272) for more details. * Fixes an issue where it was not possible to load dashboards into the Monasca Grafana fork when the default Monasca control plane OpenStack project name is used from Kolla Ansible. * Fix an issue where the StackHPC iDRAC role would break when configuring RAID when used with a recent release of the python- dracclient module. * Fixes concurrency issues while adding SSH keys to the known hosts file by performing the action serially. See story 2007628 for details. * Fixes issues running the following commands: * "kayobe baremetal compute inspect" * "kayobe baremetal compute manage" * "kayobe baremetal compute provide" See story 2007797 for details. * Fixes a package conflict while provisioning a seed VM on a CentOS 8 seed hypervisor with "coreutils-single" already installed. See story 2007612 for details. * Fixes failure to configure Docker devicemapper storage when the default value of "docker_storage_driver" is used. * Fixes an issue where the default value of "public_net_name" included a trailing newline. See story 2007654. * Fixes an issue with idempotency of Ironic Inspector rule creation. See story 2007399 for details. * Fixes a bug where introspection data save would fail. See Story 2007326 (https://storyboard.openstack.org/#!/story/2007326) for more details. * Fixes an issue with seed VMs with multiple network interfaces where interfaces could come up in a different order if the VM is recreated. The interfaces are now created in alphabetical order of their Kayobe network name by default. See story 2007259 for details. * Fixes an issue seen when "libselinux-python" is not installed on the Ansible control host. See story 2007703 for details. * Improves error message seen when discovering SSH known hosts for a host without an IP address defined in "${KAYOBE_CONFIG_PATH }/network-allocation.yml". * Fixes an issue where "OS_CACERT" variable in "openrc" files would be set to the path of a non-existent file. New "openrc" files can be generated with the "kayobe control host bootstrap" command. See story 2007516 (https://storyboard.openstack.org/#!/story/2007516) for more details. * Fixes an issue where host configuration would fail if "ntp_service_enabled" is set to "false" or "kolla_enable_chrony" is set to "true". See story 2007384 for details. Changes in kayobe 7.0.0..7.1.0 ------------------------------ 3c32015b Use latest release of StackHPC iDRAC role 49cef61f Remove newline from default public_net_name fe6cbcfa Fix kayobe baremetal compute commands 1774d9e9 CI: Update IPA images during upgrade 31b90d51 Fix ironic inspector store endpoint configuration 35bf59f8 CI: don't run virtualenv on an existing virtualenv 62c4de41 Add missing colon 47ca2fe7 CentOS 8: add docs and release note 847bd9e9 Fix seed VM interface ordering 33724452 CentOS 8: separate kolla build tag from deploy tag 981658d5 Fix concurrency issues while adding SSH keys to known_hosts 5eb0ed6e Make the root disk image build command more visible 7bb215ea CI: mark pytest results as a Zuul artifact 7baa657f docs: fix route configuration example syntax fdaa6375 Add note about hardware package dropping python 2 support d932d435 Fix docker-devicemapper playbook c731e8e9 Bump version of os-images role 0fd6fa7d Install libselinux-python on Ansible control host f6ce46dc CI: Encrypt passwords.yml in overcloud host configure job 0c5415e9 Python 3: fix Ansible Vault password helper 6ef18d6a Install coreutils package before using configdrive role c631b6f4 CentOS 8: Fix network configuration persistence 0d699b53 Use ensure-docker role instead of install-docker eba57aff Constraint python-openstackclient install with requirements.txt 64de1b42 Fix ironic inspector rule creation idempotency 9f6e4395 Remove nameservers with any IP in overcloud resolv.conf workaround 5f836518 CI: fix kayobe-tox-molecule job c7b43e00 Improve SSH known host error messages 3a8b0585 Fix loading of Monasca Grafana dashboards dec617c3 Docs: Configure firewall to allow testing of baremetal 275bdd80 Docs: fix libvirt connection URI for tenks 0119ff58 CI: Add overcloud host configure jobs f6a24dd3 Fix passwords.yml generation with vault encryption on Python 3 41c52849 Fix seed VM provisioning on a remote seed hypervisor 773ac2e4 Add support for stopping overcloud services fb1316a5 Use upper constraints when installing Tenks fe1df0f7 Fix ntp and chrony in mixed CentOS 7 and 8 environments b5aa3938 Prevent openrc files from using wrong OS_CACERT value 359d2b0d CentOS 8: seed VM & bifrost de8f5592 CentOS 8: Enable seed job 9e5e7955 CentOS 8: Support DNF 1fa84a6f Switch to stackhpc fork of resmo.ntp 6255b382 Fix multiple CI failures 0a0d37c7 Fix Kayobe overcloud introspection data save 13f5fa48 CentOS 8: Add seed and overcloud CI jobs 047f84ad CentOS 8: Use same local python version for kolla-ansible 612575a4 CentOS 8: Disable ntpd, enable chrony container 034e7791 CentOS 8: Bump MichaelRigart.interfaces to 1.4.0 20f45f2b Make Kayobe code compatible with Python 3 2a23b89e CentOS 8: Use ansible_playbook_python for localhost dependencies d3d9dbdb Remove activate-virtualenv and deactivate-virtualenv roles a14be331 Switch from shade to openstacksdk 2f6e5344 Make local kolla-ansible Python executable configurable 1be05c17 Stop gzipping logs in get-logs.sh 369fc3a8 Skip resmo.ntp role if ntp_service_enabled is false 61690b7e Blacklist Ansible 2.8.9 0208801f [docs] Change CoreOS URLs to Centos URLs fir IPA 6f34cf12 CI: Make provision-net external Diffstat (except docs and test files) ------------------------------------- ansible/baremetal-compute-inspect.yml | 27 ++-- ansible/baremetal-compute-manage.yml | 27 ++-- ansible/baremetal-compute-provide.yml | 25 ++- ansible/baremetal-compute-serial-console.yml | 8 + ansible/disable-selinux.yml | 1 + ansible/dnf.yml | 16 ++ ansible/docker-registry.yml | 2 +- ansible/external-net.yml | 8 +- ansible/group_vars/all/dnf | 52 +++++++ ansible/group_vars/all/docker | 3 + ansible/group_vars/all/grafana | 4 +- ansible/group_vars/all/kolla | 11 +- ansible/group_vars/all/network | 2 +- ansible/group_vars/all/ntp | 6 +- ansible/group_vars/all/overcloud | 15 +- ansible/group_vars/all/seed-vm | 3 + ansible/group_vars/all/yum | 28 ++++ ansible/group_vars/all/yum-cron | 6 + ansible/inspection-store.yml | 2 +- ansible/ip-allocation.yml | 17 ++ ansible/kayobe-ansible-user.yml | 4 +- ansible/kayobe-target-venv.yml | 43 +++-- ansible/kolla-openstack.yml | 5 +- ansible/kolla-target-venv.yml | 21 ++- ansible/network.yml | 3 +- ansible/ntp.yml | 4 +- ansible/opensm.yml | 2 +- ansible/overcloud-extras.yml | 2 +- ansible/overcloud-grafana-configure.yml | 24 ++- ansible/overcloud-host-image-workaround-resolv.yml | 15 +- ansible/overcloud-introspection-data-save.yml | 3 +- ...ud-introspection-rules-dell-lldp-workaround.yml | 6 +- ansible/overcloud-introspection-rules.yml | 6 +- ansible/overcloud-ipa-images.yml | 6 +- ansible/pip.yml | 2 + ansible/provision-net.yml | 20 +-- .../roles/activate-virtualenv/defaults/main.yml | 3 - ansible/roles/activate-virtualenv/tasks/main.yml | 10 -- .../library/console_allocation.py | 2 +- ansible/roles/console-allocation/tasks/main.yml | 53 ++++--- ansible/roles/console-allocation/vars/Debian.yml | 7 - .../roles/deactivate-virtualenv/defaults/main.yml | 5 - ansible/roles/deactivate-virtualenv/tasks/main.yml | 6 - ansible/roles/disable-selinux/tasks/main.yml | 3 +- ansible/roles/dnf-automatic/defaults/main.yml | 6 + ansible/roles/dnf-automatic/tasks/main.yml | 27 ++++ ansible/roles/dnf/defaults/main.yml | 35 +++++ ansible/roles/dnf/tasks/custom-repo.yml | 27 ++++ ansible/roles/dnf/tasks/local-mirror.yml | 46 ++++++ ansible/roles/dnf/tasks/main.yml | 14 ++ .../roles/dnf/templates/CentOS-AppStream.repo.j2 | 19 +++ ansible/roles/dnf/templates/CentOS-Base.repo.j2 | 19 +++ ansible/roles/dnf/templates/CentOS-Extras.repo.j2 | 20 +++ ansible/roles/dnf/templates/epel-modular.repo.j2 | 23 +++ ansible/roles/dnf/templates/epel.repo.j2 | 23 +++ ansible/roles/docker-registry/defaults/main.yml | 2 +- ansible/roles/docker-registry/tasks/stop.yml | 9 ++ ansible/roles/inspection-store/defaults/main.yml | 2 +- ansible/roles/inspection-store/tasks/stop.yml | 9 ++ .../roles/ip-allocation/library/ip_allocation.py | 2 +- ansible/roles/ip-allocation/tasks/main.yml | 53 ++++--- ansible/roles/ip-allocation/vars/Debian.yml | 8 - ansible/roles/ipa-images/defaults/main.yml | 2 +- ansible/roles/ipa-images/meta/main.yml | 6 +- ansible/roles/ipa-images/tasks/main.yml | 131 ++++++++-------- ansible/roles/ironic-inspector-rules/README.md | 2 +- .../library/os_ironic_inspector_rule.py | 26 +++- ansible/roles/ironic-inspector-rules/meta/main.yml | 6 +- .../roles/ironic-inspector-rules/tasks/main.yml | 12 +- ansible/roles/kolla-ansible/defaults/main.yml | 6 + .../roles/kolla-ansible/library/kolla_passwords.py | 8 +- ansible/roles/kolla-ansible/tasks/config.yml | 8 + ansible/roles/kolla-ansible/tasks/install.yml | 28 +++- .../roles/kolla-ansible/templates/globals.yml.j2 | 14 +- .../kolla-ansible/templates/overcloud-top-level.j2 | 9 ++ .../kolla-ansible/templates/requirements.txt.j2 | 5 +- ansible/roles/kolla-ansible/vars/Debian.yml | 7 +- ansible/roles/kolla-ansible/vars/RedHat.yml | 8 +- ansible/roles/kolla-ansible/vars/main.yml | 1 - ansible/roles/kolla-build/defaults/main.yml | 2 +- .../kolla-build/templates/kolla-build.conf.j2 | 2 +- ansible/roles/kolla/tasks/install.yml | 7 +- ansible/roles/opensm/defaults/main.yml | 2 +- ansible/roles/opensm/tasks/stop.yml | 9 ++ ansible/roles/pip/tasks/pip_local_mirror.yml | 20 --- ansible/roles/snat/tasks/main.yml | 5 + ansible/roles/ssh-known-host/tasks/main.yml | 24 ++- .../roles/swift-rings/files/swift-ring-builder.py | 2 +- ansible/seed-introspection-rules.yml | 6 +- ansible/seed-vm-provision.yml | 33 ++-- ansible/yum.yml | 17 +- dev/config.sh | 3 + dev/functions | 103 ++++++++++-- etc/kayobe/bifrost.yml | 24 +-- etc/kayobe/dnf.yml | 67 ++++++++ etc/kayobe/kolla.yml | 10 +- etc/kayobe/ntp.yml | 6 +- etc/kayobe/overcloud.yml | 13 +- etc/kayobe/seed-vm.yml | 19 ++- etc/kayobe/yum-cron.yml | 2 + etc/kayobe/yum.yml | 3 + kayobe/ansible.py | 5 +- kayobe/cli/commands.py | 54 ++++++- kayobe/vault.py | 5 +- playbooks/kayobe-overcloud-base/overrides.yml.j2 | 7 + playbooks/kayobe-overcloud-base/pre.yml | 8 + .../overrides.yml.j2 | 128 +++++++++++++++ .../kayobe-overcloud-host-configure-base/pre.yml | 42 +++++ .../kayobe-overcloud-host-configure-base/run.yml | 41 +++++ playbooks/kayobe-seed-base/overrides.yml.j2 | 7 + playbooks/kayobe-seed-base/pre.yml | 8 + playbooks/kayobe-tox-molecule/pre.yml | 2 +- .../notes/add-stop-command-8f66235870720f31.yaml | 5 + .../notes/blacklist-chrony-019d39fad263905c.yaml | 9 ++ ...-grafana-dashboard-config-b81781cf10c2a236.yaml | 6 + .../bugfix-update-idrac-role-71ede6900dc000a7.yaml | 5 + releasenotes/notes/centos-8-12073e91a157d0a2.yaml | 12 ++ .../notes/centos-8-chrony-bec9d7bc8b346363.yaml | 11 ++ ...urrent-known-hosts-update-8dc94557e9a48021.yaml | 6 + releasenotes/notes/dnf-2071fc40b0d783b6.yaml | 20 +++ ...aremetal-compute-commands-b72862a53f88c5ef.yaml | 11 ++ ...coreutils-single-conflict-208036c66b9f7e59.yaml | 6 + ...ult-docker-storage-driver-e05832be7a4c2ab8.yaml | 5 + ...x-default-public-net-name-067338275460b50d.yaml | 7 + ...nspector-rule-idempotency-f6e5a61f7dca580f.yaml | 6 + ...x-introspection-data-save-cfc83714f66fd63c.yaml | 6 + ...mote-seed-vm-provisioning-faa8de569ca6bc89.yaml | 7 + ...ix-seed-multiple-networks-458915b085a9478c.yaml | 19 +++ ...ix-selinux-python-missing-8bae7ffce4ba460d.yaml | 6 + ...rove-ssh-known-host-error-15fbc6ae4fa3dbd6.yaml | 6 + .../kolla-tag-and-suffix-a223b0c7173a245e.yaml | 7 + ...t-wrong-oscacert-variable-9ede7f60c1562a77.yaml | 8 + .../skip-ntp-if-disabled-585c756f01b34bfa.yaml | 7 + requirements.txt | 3 +- requirements.yml | 26 ++-- roles/kayobe-diagnostics/files/get_logs.sh | 2 - setup.cfg | 1 + test-requirements.txt | 2 + tox.ini | 3 +- zuul.d/jobs.yaml | 59 ++++++- zuul.d/nodesets.yaml | 8 +- zuul.d/project.yaml | 24 ++- 158 files changed, 2260 insertions(+), 511 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index a368d266..3989ce9e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -6 +6 @@ pbr>=2.0 # Apache-2.0 -ansible>=2.6.0,<2.9.0 # GPLv3 +ansible>=2.6.0,<2.9.0,!=2.8.9 # GPLv3 @@ -10,0 +11 @@ setuptools!=24.0.0,!=34.0.0,!=34.0.1,!=34.0.2,!=34.0.3,!=34.1.0,!=34.1.1,!=34.2. +selinux;python_version>='3' # MIT diff --git a/test-requirements.txt b/test-requirements.txt index 9b9f3d3c..26dece02 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -10,0 +11,2 @@ hacking>=0.12.0,<0.13 # Apache-2.0 +# sh 1.13.1 causes molecule yamllint to fail. +sh<1.13 # MIT