We eagerly announce the release of: openstack-ansible 15.1.0: Ansible playbooks for deploying OpenStack This release is part of the ocata stable release series. The source is available from: http://git.openstack.org/cgit/openstack/openstack-ansible Download the package from: https://tarballs.openstack.org/openstack-ansible/ For more details, please see below. 15.1.0 ^^^^^^ New Features ************ * Capping the default value for the variable "aodh_wsgi_processes" to 16 when the user doesn't configure this variable. Default value is twice the number of vCPUs available on the machine with a capping value of 16. * Capping the default value for the variable "gnocchi_wsgi_processes" to 16 when the user doesn't configure this variable. Default value is twice the number of vCPUs available on the machine with a capping value of 16. * Capping the default value for the variable "ironic_wsgi_processes" to 16 when the user doesn't configure this variable. Default value is one fourth the number of vCPUs available on the machine with a capping value of 16. * Capping the default value for the variable "sahara_api_workers" to 16 when the user doesn't configure this variable. Default value is half the number of vCPUs available on the machine with a capping value of 16. * Tags have been added to all of the common tags with the prefix "common-". This has been done to allow a deployer to rapidly run any of the common on a need basis without having to rerun an entire playbook. * The COPR repository for installing LXC on CentOS 7 is now set to a higher priority than the default to ensure that LXC packages always come from the COPR repository. * The "galera_client" role will default to using the "galera_repo_url" URL if the value for it is set. This simplifies using an alternative mirror for the MariaDB server and client as only one variable needs to be set to cover them both. * The default behaviour of "ensure_endpoint" in the keystone module has changed to update an existing endpoint, if one exists that matches the service name, type, region and interface. This ensures that no duplicate service entries can exist per region. * The repo server file system structure has been updated to allow for multiple Operating systems running multiple architectures to be run at the same time and served from a single server without impacting pools, venvs, wheel archives, and manifests. The new structure follows the following pattern *$RELEASE/$OS_TYPE-$ARCH* and has been applied to *os-releases*, *venvs*, and *pools*. * The deployer can now define an environment variable "GROUP_VARS_PATH" with the folders of its choice (separated by the colon sign) to define an user space group_vars folder. These vars will apply but be (currently) overriden by the OpenStack-Ansible default group vars, by the set facts, and by the user_* variables. If the deployer defines multiple paths, the variables found are merged, and precedence is increasing from left to right (the last defined in GROUP_VARS_PATH wins) * The deployer can now define an environment variable "HOST_VARS_PATH" with the folders of its choice (separated by the colon sign) to define an user space host_vars folder. These vars will apply but be (currently) overriden by the OpenStack-Ansible default host vars, by the set facts, and by the user_* variables. If the deployer defines multiple paths, the variables found are merged, and precedence is increasing from left to right (the last defined in HOST_VARS_PATH wins) Known Issues ************ * There is currently an Ansible bug in regards to "HOSTNAME". If the host ".bashrc" holds a var named "HOSTNAME", the container where the "lxc_container" module attaches will inherit this var and potentially set the wrong "$HOSTNAME". See the Ansible fix (https://github.com/ansible/ansible/pull/22246) which will be released in Ansible version 2.3. Upgrade Notes ************* * The repo server file system structure has been updated to allow for multiple Operating systems running multiple architectures to be run at the same time and served from a single server without impacting pools, venvs, wheel archives, and manifests. The new structure follows the following pattern *$RELEASE/$OS_TYPE-$ARCH* and has been applied to *os-releases*, *venvs*, and *pools*. * The EPEL repository is now removed in favor of the RDO repository. **This is a breaking change for existing CentOS deployments.** The "yum" package manager will have errors when it finds that certain packages that it installed from EPEL are no longer available. Deployers may need to rebuild container or reinstall packages to complete this change. * The "openstack_tempest_gate.sh" script has been removed as it requires the use of the "run_tempest.sh" script which has been deprecated in Tempest. In order to facilitate the switch, the default for the variable "tempest_run" has been set to "yes", forcing the role to execute tempest by default. This default can be changed by overriding the value to "no". The test whitelist may be set through the list variable "tempest_test_whitelist". Deprecation Notes ***************** * The variables "galera_client_apt_repo_url" and "galera_client_yum_repo_url" are deprecated in favour of the common variable "galera_client_repo_url". * The "update" state for the "ensure_endpoint" method of the "keystone" module is now deprecated, and will be removed in the Queens cycle. Setting state to "present" will achieve the same result. Security Issues *************** * The security role will no longer fix file permissions and ownership based on the contents of the RPM database by default. Deployers can opt in for these changes by setting "security_reset_perm_ownership" to "yes". * The tasks that search for ".shosts" and "shosts.equiv" files (STIG ID: RHEL-07-040330) are now skipped by default. The search takes a long time to complete on systems with lots of files and it also causes a significant amount of disk I/O while it runs. Other Notes *********** * The keepalived role was updated, and now includes an optional way to configure vrrp scripts timeouts. See also: VRRP timeout PR on keepalived role (https://github.com/evrardjp/ansible- keepalived/commit/0b2d13a13c1a03e14ac6f67286811ca1bf1928ac). Changes in openstack-ansible 15.0.0..15.1.0 ------------------------------------------- e2b57a5 deploy-guide: fix small rst format issues d0efeaf Updates ansible-role-requirements to not run Tempest by default. df360bb Update role SHA's to get CentOS working f659455 SHA Bump plugins repository to resolve upgrade issues 0e9f6b4 Update Ansible to 2.2.2.0 bb3b466 Fix pip_links for LB terminated SSL environments 4c37b3b Update SHA of galera_server role backported change 6dcf4ee Add vagrantfile for AIO testing 4713cf4 Updated from global requirements 29f5fa9 Bump Keepalived 510ebc5 Add better support for multi-OS deployments dd60bb9 Revert to setuptools 33.1.1 15348ad Update all SHAs for 15.0.1 ee398ac Introduce userspace group_vars and host_vars 7968c28 [DOCS] Fixes broken link d78676d Provide example of using veth pairs for br-vlan 17cc6d8 Use OpenStack-Infra MariaDB mirror in OpenStack-CI 00c0905 Remove epel form bootstrap-host installation. f98ecfa Updated from global requirements 34e1334 Tidy up upgrade scripts 15e2f3f [docs] Update doc references for Ocata e7b6056 AIO: Provide facility to exclude apt distributions b59e9d7 Check if env.d folder exists for upgrades e8de118 [DOC] Fix doc about EPEL fd06f38 [docs] Update developer docs script reference 378b8dd [docs] Add scenario customisation information to AIO quick start guide f4f1fd6 DOC - Add note regarding Ansible hostname bug 3de6602 Answer the upgrade no-going-back prompt 5d90ef2 Ensure that the terminal type is set d4e6652 Fix upgrade script-library check aa281bc Check for rbd as a default & optional glance back-end 39a8356 [docs] Add http public endpoint example 7e0e67c Add rsyslog_client configuration for Calico e865566 Serialize RabbitMQ container prep 2949552 [docs] Fix formatting for Core Reviewers page c5556dc Added a common tag to the common tasks 34571eb Move upper constraint logic to after python is installed cd8f931 Adjust gate-check-commit for deploy/upgrade testing Diffstat (except docs and test files) ------------------------------------- README.rst | 4 +- Vagrantfile | 116 +++++++++++++++++++++ ansible-role-requirements.yml | 38 +++---- .../source/app-advanced-config-options.rst | 4 +- .../source/app-advanced-config-override.rst | 2 +- deploy-guide/source/app-config-prod.rst | 2 +- deploy-guide/source/app-config-test.rst | 14 ++- deploy-guide/source/app-custom-layouts.rst | 4 +- deploy-guide/source/app-resources.rst | 4 +- deploy-guide/source/app-security.rst | 6 +- deploy-guide/source/configure.rst | 8 +- deploy-guide/source/deploymenthost.rst | 6 +- deploy-guide/source/overview-requirements.rst | 8 +- deploy-guide/source/targethosts-prepare.rst | 5 +- .../draft-operations-guide/advanced-config.rst | 7 +- .../maintenance-tasks/rabbitmq-maintain.rst | 10 ++ .../openstack_interface.cfg.prod.example | 26 ++++- .../openstack_interface.cfg.test.example | 26 ++++- .../openstack_user_config.yml.prod.example | 6 ++ .../openstack_user_config.yml.test.example | 2 +- .../user_variables.yml.test.example | 6 ++ playbooks/common-tasks/dynamic-address-fact.yml | 2 + playbooks/common-tasks/dynamic-grouping.yml | 2 + playbooks/common-tasks/mysql-db-user.yml | 4 + playbooks/common-tasks/os-log-dir-setup.yml | 4 + playbooks/common-tasks/os-lxc-container-setup.yml | 16 +++ playbooks/common-tasks/package-cache-proxy.yml | 11 +- playbooks/common-tasks/rabbitmq-vhost-user.yml | 5 + playbooks/common-tasks/set-pip-upstream-url.yml | 4 + playbooks/common-tasks/set-upper-constraints.yml | 10 ++ playbooks/defaults/repo_packages/gnocchi.yml | 2 +- .../defaults/repo_packages/openstack_services.yml | 60 +++++------ playbooks/inventory/group_vars/all.yml | 33 +++--- playbooks/inventory/group_vars/repo_all.yml | 4 + playbooks/os-glance-install.yml | 2 +- playbooks/os-neutron-install.yml | 7 ++ playbooks/rabbitmq-install.yml | 1 + playbooks/repo-build.yml | 8 +- playbooks/utility-install.yml | 2 +- ...ble-hostname-bug-rabbitmq-7919f9311d61dcd6.yaml | 9 ++ ...pping_aodh_wsgi_processes-6db6da9ba36c8851.yaml | 6 ++ ...ng_gnocchi_wsgi_processes-eb67a87e86097a7f.yaml | 6 ++ ...ing_ironic_wsgi_processes-6fa7306fc3c29de7.yaml | 6 ++ ...apping_sahara_api_workers-d95bdf63093ce893.yaml | 6 ++ .../notes/common-tags-9763f578ea5fe5b6.yaml | 5 + .../notes/copr-repo-priority-60b3603b0c1ff2f7.yaml | 6 ++ ...-rpm-perms-fix-by-default-b164e39717f0ada7.yaml | 6 ++ ...-client-url-var-deprecate-9ced45ea374c3c7d.yaml | 9 ++ .../notes/keepalived-bump-a8f47f5dc7a7491d.yaml | 6 ++ ...one_plugin_default_update-c025bd5508069df3.yaml | 12 +++ .../multi-os-wheel-repos-7910b13547ea59ad.yaml | 17 +++ .../notes/replace-epel-df390980c03bbaa8.yaml | 9 ++ ...shosts-file-search-opt-in-887f600a79eef07e.yaml | 7 ++ ...est-remove-old-run-script-4365fa3b091169d8.yaml | 10 ++ ...space_group_and_host_vars-14f77b5eb518e32d.yaml | 22 ++++ requirements.txt | 4 +- scripts/bootstrap-ansible.sh | 20 ++-- scripts/gate-check-commit.sh | 65 ++++++++---- scripts/openstack-ansible.rc | 7 ++ scripts/run-upgrade.sh | 38 +++++-- .../playbooks/deploy-config-changes.yml | 52 +++++---- .../scripts/migrate_openstack_vars.py | 2 +- .../bootstrap-host/tasks/install_packages.yml | 38 +++---- .../bootstrap-host/tasks/prepare_aio_config.yml | 7 ++ .../bootstrap-host/templates/apt-sources.list.j2 | 18 ++-- .../templates/user_variables.aio.yml.j2 | 6 ++ 77 files changed, 742 insertions(+), 289 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index 0f5622d..6d0ae1e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -5 +5 @@ pip>=7.1.0 # MIT -setuptools!=24.0.0,!=34.0.0,!=34.0.1,!=34.0.2,!=34.0.3,!=34.1.0,!=34.1.1,!=34.2.0,!=34.3.0,>=16.0 # PSF/ZPL +setuptools!=24.0.0,!=34.0.0,!=34.0.1,!=34.0.2,!=34.0.3,!=34.1.0,!=34.1.1,!=34.2.0,!=34.3.0,!=34.3.1,>=16.0 # PSF/ZPL @@ -16 +16 @@ PyYAML>=3.10.0 # MIT -urllib3>=1.15.1 # MIT +urllib3>=1.15.1 # MIT