We are delighted to announce the release of: kayobe 6.0.0: Deployment of OpenStack to bare metal using OpenStack kolla and bifrost This release is part of the stein stable release series. The source is available from: https://opendev.org/openstack/kayobe Download the package from: https://tarballs.openstack.org/kayobe/ For more details, please see below. 6.0.0 ^^^^^ New Features ************ * Adds support for custom Blazar configuration. * Adds support for custom Ceilometer configuration. * Adds support for custom CloudKitty configuration. * Adds support for custom Gnocchi configuration. * Adds support for overriding configuration globally for all OpenStack services by generating a "global.conf" file for use by Kolla Ansible. See story 2005904 for details. * Adds support for customising the refactored HAProxy configuration introduced in Kolla Ansible in the Stein release, using "$KAYOBE_CONFIG_PATH/kolla/config/haproxy-config/". * Adds support for custom Keepalived configuration. * Adds support for configuration of Arista switches running EOS 4.15 or later. This is integrated with the *kayobe physical network configure* command. * Adds commands to make use of the database backup and recovery features in Kolla Ansible. "kayobe overcloud database backup [--incremental]" can be used to take a full or incremental backup of the database using Xtrabackup. "kayobe overcloud database recover [--force-recovery-host <host>]" can be used to recover a database cluster that has lost Quorum. * Adds support for arbitrary Docker storage drivers, configured via "docker_storage_driver". Previously only "devicemapper" and "overlay" were supported. * Adds support for skipping configuration of a network, by setting its name to "None". This is done in "networks.yml" as follows: admin_oc_net_name: * Adds support for custom configuration of "keystone.conf". * Adds support for configuring software RAID arrays using "mdadm". Software RAID configuration is applied before LVM configuration, which allows creating LVM volumes on top of software RAID arrays. See story 2005017 for details. * Adds two new variables, "openstack_release" and "openstack_branch", in "${KAYOBE_CONFIG_PATH}/openstack.yml" for setting the current OpenStack release and branch in a single place. * Add command to update packages on the seed hypervisor host, as already available for seed and overcloud hosts: "kayobe seed hypervisor host package update --packages <packages>" * Add support for separate storage networks for both Ceph and Swift. This adds four additional networks, which can be used to separate the storage network traffic as follows: * Ceph storage network (ceph_storage_net_name) is used to carry Ceph storage data traffic. Defaults to the storage network (storage_net_name). * Ceph storage management network (ceph_storage_mgmt_net_name) is used to carry storage management traffic. Defaults to the storage management network (storage_mgmt_net_name). * Swift storage network (swift_storage_net_name) is used to carry Swift storage data traffic. Defaults to the storage network (storage_net_name). * Swift storage replication network (swift_storage_replication_net_name) is used to carry storage management traffic. Defaults to the storage management network (storage_mgmt_net_name). * Adds a new configuration variable, "pip_upper_constraints_file", which is used to configure the file or URL containing the python upper version contraints. Its default value is "https://releases.openstack.org/constraints/upper/{{ openstack_branch }}". * Improvements to Swift device management and ring generation. The device management and ring generation are now separate, with device management occurring during 'kayobe overcloud host configure', and ring generation during a new command, 'kayobe overcloud swift rings generate'. For the device management, we now use standard Ansible modules rather than commands for device preparation. File system labels can be configured for each device individually. For ring generation, all commands are run on a single host, by default a host in the Swift storage group. A python script runs in one of the kolla Swift containers, which consumes an autogenerated YAML config file that defines the layout of the rings. Upgrade Notes ************* * Updates the minimum supported version of Ansible from 2.4 to 2.5, and the maximum supported version from 2.6 to 2.7. This is true for both Kayobe and Kolla Ansible. * Removes the "inspector_manage_firewall" variable. This is supported in Kolla Ansible via the "ironic_inspector_pxe_filter" variable, which can be added to "${KAYOBE_CONFIG_PATH}/kolla/globals.yml". The default value for that variable changed in the Stein release from 'iptables' to 'dnsmasq', since the iptables filter does not work with Docker CE. * Controllers are no longer connected to the storage management network by default, since generally only storage nodes need access to this network. If needed, the existing configuration can be retained by adding the storage management network to the "controller_extra_network_interfaces" list. * The default value of "kolla_upper_constraints_file" has been changed to "{{ pip_upper_constraints_file }}". Security Issues *************** * Fixes an issue when generating the "passwords.yml" file for Kolla Ansible where if the contents of the file have not changed, a plain text copy of the file would be left in /tmp on the Ansible control host. The temporary files are typically named /tmp/tmpXXXXXX, and are owned by the user that runs kayobe, with permissions 664 (rw- rw-r--). It is recommended to check any systems on which Kayobe has been run for copies of the passwords file in /tmp. A simple check for this is *grep -rn database_password /tmp*. Bug Fixes ********* * Fixes an issue where the "admin-openrc.sh" and "public-openrc.sh" files would not be generated when preparing a new control host environment for an existing cloud. These files are now generated during "kayobe control host bootstrap" if the Kolla Ansible "passwords.yml" file exists in the Kayobe configuration. See story 2001667 for details. * Fixes an issue where multiple NTP daemons could be running on the overcloud hosts, due to Kolla Ansible deploying a chrony container by default starting with the Rocky release. Kayobe now overrides this default, to ensure that chrony does not conflict with the NTP daemon deployed on the host. To use the containerised chrony daemon instead, set "kolla_enable_chrony" to "true" in "${KAYOBE_CONFIG_PATH}/kolla.yml". This will also disable the host NTP daemon. To ensure that chrony is not running, Kayobe removes the chrony container if "kolla_enable_chrony" is "false" in the following commands: * "kayobe overcloud service deploy" * "kayobe overcloud service reconfigure" * "kayobe overcloud service upgrade" The play in Kayobe is tagged with "stop-chrony". See story 2005272 for details. * Fixes an issue with hardware inspection of bare metal compute nodes configured to use UEFI. See story 2006214 for details. * Modifies provisioning and cleaning networks in multi-tenant ironic environments to be non-shared. Flat networks remain shared. To apply the change to an existing environment, run *kayobe overcloud post configure*. See story 2006409 for details. * Fixes an issue when generating the "passwords.yml" file for Kolla Ansible where if the contents of the file have not changed, a plain text copy of the file would be left in /tmp on the Ansible control host. The temporary files are typically named /tmp/tmpXXXXXX, and are owned by the user that runs kayobe, with permissions 664 (rw- rw-r--). It is recommended to check any systems on which Kayobe has been run for copies of the passwords file in /tmp. A simple check for this is *grep -rn database_password /tmp*. * Stops allocating network and broadcast addresses to hosts when an allocation pool is not defined. * Uses BatchMode to check whether a host is accessible via SSH. This prevents Kayobe from hanging on a password prompt when password authentication is enabled on the host and the Kayobe Ansible user is not yet configured. * Fixes an issue with virtual environments on remote hosts, which may over the course of time become stale and incompatible with Kayobe or other software. This was fixed by installing the latest version of packages allowed by OpenStack upper constraints. See story 2005923 for details. Changes in kayobe 6.0.0.0rc1..6.0.0 ----------------------------------- d3a6c24 Set provisioning and cleaning networks as non-shared 0da672a Add support for Arista switches 75ba445 Update packages in virtualenvs 1d7b72d Fix inspector iPXE boot with UEFI compute nodes 5f0146b Update .gitreview for stable/stein Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + ansible/baremetal-compute-inspect.yml | 2 + ansible/baremetal-compute-manage.yml | 2 + ansible/baremetal-compute-provide.yml | 2 + ansible/baremetal-compute-rename.yml | 2 + ansible/baremetal-compute-serial-console.yml | 2 + ansible/docker.yml | 2 +- ansible/external-net.yml | 2 + ansible/group_vars/all/kolla | 2 +- ansible/group_vars/all/pip | 3 + ansible/group_vars/all/switches/arista | 22 ++++++ ansible/kolla-ansible.yml | 1 + ansible/kolla-openstack.yml | 1 - ansible/overcloud-docker-sdk-upgrade.yml | 2 +- ansible/overcloud-grafana-configure.yml | 2 + ...ud-introspection-rules-dell-lldp-workaround.yml | 2 + ansible/overcloud-introspection-rules.yml | 4 ++ ansible/overcloud-ipa-build.yml | 2 + ansible/overcloud-ipa-images.yml | 2 + ansible/physical-network.yml | 13 ++++ ansible/provision-net.yml | 73 +++++++++++++++++-- ansible/roles/arista-switch/README.md | 81 ++++++++++++++++++++++ ansible/roles/arista-switch/defaults/main.yml | 11 +++ ansible/roles/arista-switch/tasks/main.yml | 6 ++ .../roles/arista-switch/templates/arista-config.j2 | 17 +++++ ansible/roles/ipa-images/defaults/main.yml | 3 + ansible/roles/ipa-images/meta/main.yml | 2 + ansible/roles/ipa-images/tasks/main.yml | 2 + .../roles/ironic-inspector-rules/defaults/main.yml | 3 + ansible/roles/ironic-inspector-rules/meta/main.yml | 1 + .../roles/ironic-inspector-rules/tasks/main.yml | 3 +- ansible/roles/kolla-ansible/defaults/main.yml | 3 + .../roles/kolla-ansible/templates/globals.yml.j2 | 4 ++ ansible/roles/kolla-openstack/defaults/main.yml | 3 - ansible/roles/kolla-openstack/tasks/config.yml | 2 - .../kolla-openstack/templates/inspector.ipxe.j2 | 10 --- .../kolla-openstack/templates/pxelinux.default.j2 | 7 -- ansible/roles/kolla-openstack/vars/main.yml | 2 - ansible/seed-introspection-rules.yml | 2 + ansible/seed-ipa-build.yml | 2 + etc/kayobe/kolla.yml | 1 + etc/kayobe/pip.yml | 5 ++ playbooks/kayobe-overcloud-base/overrides.yml.j2 | 2 +- .../kayobe-overcloud-upgrade-base/overrides.yml.j2 | 2 +- playbooks/kayobe-seed-base/overrides.yml.j2 | 2 +- .../kayobe-seed-upgrade-base/overrides.yml.j2 | 2 +- .../notes/arista-switch-aedc46148506c56e.yaml | 6 ++ .../fix-inspector-ipxe-uefi-86f435ebaf4eee08.yaml | 6 ++ .../non-shared-ironic-nets-06a43c9b6dea2a77.yaml | 8 +++ .../notes/stale-virtualenvs-125c513af3de9396.yaml | 18 +++++ requirements.yml | 6 +- 52 files changed, 325 insertions(+), 44 deletions(-)