We are overjoyed to announce the release of: openstack-ansible 24.4.0: Ansible playbooks for deploying OpenStack This release is part of the xena stable release series. The source is available from: https://opendev.org/openstack/openstack-ansible Download the package from: https://tarballs.openstack.org/openstack-ansible/ Please report issues through: https://bugs.launchpad.net/openstack-ansible/+bugs For more details, please see below. 24.4.0 ^^^^^^ New Features ************ * Neutron VPN as a Service (VPNaaS) with customized configuration files can now be defined with the variable "neutron_vpnaas_custom_config". deployers should define "neutron_vpnaas_custom_config" in 'user_variables.yml'. Example: neutron_vpnaas_custom_config: - src: "/etc/openstack_deploy/strongswan/strongswan.conf.template" dest: "{{ neutron_conf_dir }}/strongswan.conf.template" - src: "/etc/openstack_deploy/strongswan/strongswan.d" dest: "/etc/strongswan.d" - src: "/etc/openstack_deploy/{{ neutron_vpnaas_distro_packages }}/ipsec.conf.template" dest: "{{ neutron_conf_dir }}/ipsec.conf.template" - src: "/etc/openstack_deploy/{{ neutron_vpnaas_distro_packages }}/ipsec.secret.template" dest: "{{ neutron_conf_dir }}/ipsec.secret.template" We should be also define "neutron_l3_agent_ini_overrides" in 'user_variables.yml' to tell "l3_agent" use the new config file. Example: neutron_l3_agent_ini_overrides: ipsec: enable_detailed_logging: True strongswan: strongswan_config_template : "{{ neutron_conf_dir }}/strongswan.conf.template" openswan: ipsec_config_template: "{{ neutron_conf_dir }}/ipsec.conf.template" * Implemented variables "rally_openstack_git_repo" and "rally_openstack_git_install_branch" that allow to override installation source for rally-openstack package as well as control installed version of the package. Upgrade Notes ************* * Erlang version is changed from "24.1-1" to "24.1.3-1". Depending on when deployment was done, that could be different minor releases. This means that your erlang version might be either minorly upgraded or downgraded. This should not lead to incompatabilities with RabbitMQ in any scenario. * If you have defined "haproxy_tuning_params" in your deployment, make sure that before upgrade all keys are valid haproxy options. For example, instead of "chksize: 16384" you should set "tune.chksize: 16384". Otherwise invalid config will be generated and haproxy will fail on startup. No upgrade scripts are provided for this change as well as no backwards compatability. Security Issues *************** * MariaDB has been updated to version 10.6.8 by default. This covers following CVEs: * https://nvd.nist.gov/vuln/detail/CVE-2022-27376 * https://nvd.nist.gov/vuln/detail/CVE-2022-27377 * https://nvd.nist.gov/vuln/detail/CVE-2022-27380 Bug Fixes ********* * Fixed Erlang installation from Cloudsmith repository for CentOS 8 Stream by adjusting version that will be installed. * Erlang version is now synced between Ubuntu/Debian and CentOS 8 Stream. * By default we increase "tune.maxrewrite" as otherwise while using CSP headers, their size could exceed allowed buffer. Also deployers can override this value if needed. Other Notes *********** * Restriction on parameters that can be passed to "haproxy_tuning_params" has been released. This means, that any tuning parameter can be passed in key/value format. * Default source of rabbitmq and erlang packages has been switched to cloudsmith.io Changes in openstack-ansible 24.3.0..24.4.0 ------------------------------------------- c69a621b5 Bump OpenStack-Ansible Xena b8429d28d Let git choose the branch when cloning a repo e7462f3c4 Set minimum and maximum microversions for manila api e3df7b7f7 Increase manila flavor size 134b29cf1 Switch ARA report type from html to database for openstack-ansible jobs 606881a78 Do not try to run etcd in serial mode 76752fda3 Fix facts gathering for zun d1f672340 Return facts gathering to pre_tasks for masakari 3f55a77c9 Add mistra-extra repo 458d51b72 Set zuul post-timeout to 3 hours 50b733c6b Exclude /var/log/journal from log collection 41547fc5b Define corosync interface for facts gathering f6d7c4033 Reduce neutron WSGI workers for CI 93280fe48 Install rally only when rally_install is set 0885aa4dd [doc] Fix supporeted Debian version for Xena Diffstat (except docs and test files) ------------------------------------- ansible-role-requirements.yml | 78 +++++++++++----------- deploy-guide/source/targethosts-prepare.rst | 1 + playbooks/defaults/repo_packages/gnocchi.yml | 4 +- playbooks/defaults/repo_packages/nova_consoles.yml | 2 +- .../defaults/repo_packages/openstack_services.yml | 42 ++++++------ playbooks/etcd-install.yml | 2 +- playbooks/library/git_requirements.py | 1 - playbooks/os-masakari-install.yml | 33 +++++---- playbooks/os-rally-install.yml | 4 ++ playbooks/os-zun-install.yml | 15 ++++- ...rlang_version_redhat_xena-0699f934689c51be.yaml | 14 ++++ ...xy_tuning_params_released-45eb40104747561a.yaml | 20 ++++++ .../mariadb_security_upgrade-41359dd7b59f7330.yaml | 9 +++ ...tron-vpnaas-custom-config-ad991bb02b9ed655.yaml | 33 +++++++++ .../notes/rabbit_cloudsmith-36ccc2f807688f4f.yaml | 5 ++ .../rally-openstack-git-121821ef54c48419.yaml | 8 +++ scripts/log-collect.sh | 4 +- .../templates/user_variables.aio.yml.j2 | 2 + .../templates/user_variables_manila.yml.j2 | 6 +- zuul.d/jobs.yaml | 5 ++ 20 files changed, 209 insertions(+), 79 deletions(-)