We are chuffed to announce the release of: kayobe 11.1.0: Deployment of OpenStack to bare metal using OpenStack kolla and bifrost This release is part of the xena stable release series. The source is available from: https://opendev.org/openstack/kayobe Download the package from: https://tarballs.openstack.org/kayobe/ Please report issues through: https://storyboard.openstack.org/#!/project/openstack/kayobe For more details, please see below. 11.1.0 ^^^^^^ New Features ************ * Adds support for custom Placement configuration. * Adds support for global configuration options for Apt in files in "/etc/apt/apt.conf.d/" on Ubuntu systems. See story 2009655 for details. * Adds support for configuring Apt repositories on Ubuntu hosts. See story 2009655 for details. * Add the bonding 802.3ad aggregation selection option. * Enables hardware clock (RTC) synchronisation by default when applying the chrony role. This setting is configurable with the new variable "chrony_rtcsync_enabled". * Adds support for inspection of L3-routed Ironic networks via DHCP- relay. * The new filter "net_no_ip" adds the attribute "no_ip" which can be set to "true" to skip IP address allocation and configuration for specific networks. * Adds a new variable "seed_hypervisor_enable_snat" that allows users to enable SNAT service on the seed hypervisor. The default value is "false". * Adds support for Rocky Linux 8 as Host OS. * Adds support for running package updates on Ubuntu hosts via the following existing commands: * "kayobe seed host package update --packages <packages>" * "kayobe seed hypervisor host package update --packages <packages>" * "kayobe infra vm host package update --packages <packages>" * "kayobe overcloud host package update --packages <packages>" Security Issues *************** * Fixes an issue where any passwords in "kolla_ansible_custom_passwords" were exposed in Ansible logs. When using verbosity level 3 ("-vvv"), they were also exposed in Ansible output. Bug Fixes ********* * Ironic inspection through Bifrost now work even if DHCP-relay is used. The dhcp-range in dnsmasq.conf corrctly configured with network mask. * In production environments, the provision network may be separated from the other networks, so in this case, if you want Bifrost's DHCP service provides the correct gateway for the clients the "inspection_gateway" should be used instead of the "gateway" attribute for the provision network. This also avoids configuring the multiple IP gateways on a single host which leads to unpredictable results. * Fixes an issue where the Neutron SR-IOV agent image is not built when the service is enabled. * Fixes an issue with idempotence of local Kolla Ansible configuration generation. * Fixes an issue with the seed's configdrive when the admin network is a VLAN. See story 2008089 for details. * Enables deployment of Grafana when Monasca is enabled, as a replacement for the retired "monasca-grafana" image. See story 2009717 for details. * Fixes Ansible inventory generation with some custom group mappings using the same group names for Kayobe and Kolla Ansible. See story 2009927 for details. * The set of commands starting with "kayobe overcloud database" now generate the kolla configuration necessary to login to the nodes running the database. * Fixes an issue with config drive generation for infrastructure and seed VMs when using untagged interfaces. The symptom of this issue is that kayobe cannot login to the instance. If you check the libvirt console log, you will see "KeyError: 'vlan_link'". See story 2009910 for details. * Fixes an issue where hacluster images are not built when the service is enabled. * Fixes an issue with IPA image builds which used the "master" branch of "ironic-python-agent", even on stable releases of Kayobe, or when explicitly setting "ipa_build_source_version". * Fixes an issue seen when using Jinja2 3.1.0. * Fixes an issue where any passwords in "kolla_ansible_custom_passwords" were exposed in Ansible logs. When using verbosity level 3 ("-vvv"), they were also exposed in Ansible output. * Fixes an issue where patch links could be erroneously created on hosts not in the overcloud group. See Story 2009911 for details. * Fixes an issue where the MTU defined in Kayobe was not applied to Ironic provisioning and cleaning networks in Neutron. * Deployment image (IPA) build no longer uses master version of upper- constraints. Instead, it defaults to using the constraints for the OpenStack release associated with the version of Kayobe being used. See story 2009810 for details. * Fixes failures to run "kayobe overcloud bios raid configure" by upgrading the "stackhpc.drac" role to version 1.1.6. * Fixes an issue with masking NTP services which are not found. See story 2009821 for details. Changes in kayobe 11.0.1..11.1.0 -------------------------------- 0467484a ironic: Set MTU on provisioning and cleaning Neutron networks 1b4a34a6 Fix forgotten hacluster regexp for image build d5fe7852 kolla_passwords: add no_log for password overrides fe07bd3c Fix Bifrost inspection through DHCP-relay 4e3c0405 Bump stackhpc.drac role 82193e8b Cleanup old and deprecated Swift configuration f5792171 docs: Fix custom LVM example b1f9b4b8 Update documentation link for NCLU 65ad855e CI: separate image builds into a non-voting job 75c18cc1 Fix variable name for stackhpc.os-networks upper constraints 63b22c96 Restore forgotten linuxbridge-agent container 5c96d8cf Fix Ansible inventory generation when reusing group names ef3bb407 Sync Kolla Ansible feature flags and inventory a7791250 CI: fix TLS job by freeing up memory a451ff7a Fix custom config idempotence 4efb80a1 Ubuntu: add support for Apt configuration 5b78b375 Use jinja2.pass_context instead of contextfilter 98d7cc13 Ubuntu: add support for Apt repository configuration c083073c Add support for Rocky Linux 8 1a9dc309 Ubuntu: support host package update efa8209c CI: pin pytest-metadata<2 for molecule 1ff569ac CI: Don't download Cirros or IPA in seed jobs 0bf197a4 Skip IP address allocation and configuration if needed 512f4c1e Only create patch links on overcloud hosts c8571765 CI: Disable container image builds on Ubuntu ffbd3d7e Use naming convention to infer VLAN tagging 15790c98 CI: remove qemu-utils installation 0e0a3038 Add the bonding 802.3ad aggregation selection option d5006cc6 CI: stop using zuul as kayobe_ansible_user in TLS jobs c69a808a Sync enable flag defaults with kolla ansible f4a81e48 Enable rtcsync in chrony by default 451d1c3a Bump up manage-lvm role version to v0.2.6 e0a5bf17 CI: Enable bare metal testing for Ubuntu deb969e5 Set requirements branch for IPA build 81645697 ntp: Fix service mask when service doesn't exist bbd22d55 Set correct gateway for the bifrost provision network 717c6321 Use net_mask filter instead of ansible's ipaddr e0627ac4 Fix Sphinx syntax typo 14b4e204 Fix 'ModuleNotFoundError: No module named 'docker' 2c881818 Adds support for custom Placement configuration. 48e5cdd2 Allow enable SNAT service on the seed hypervisor 7ca933e7 Fix seed VM configdrive when admin network is a VLAN 1db55d09 Generate kolla config when running database commands b89b7a73 Build neutron-sriov-agent image when enabled 45797aa4 ipa: Use openstack_branch instead of master e8ca12ef Deploy Grafana when Monasca is enabled c97b7e21 [CI] Drop unused nodeset 3dd2dd98 Add support for Ironic inspection through DHCP-relay 7d9b86e2 Document that extra kernel parameters are important for inspection 1d791e2c Limit ip-routing and snat to seed hosts only b7a804ce Uninstall ansible-base package only if exists Diffstat (except docs and test files) ------------------------------------- ansible/group_vars/all/apt | 35 +++++ ansible/group_vars/all/bifrost | 3 + ansible/group_vars/all/dnf | 8 +- ansible/group_vars/all/globals | 12 +- ansible/group_vars/all/infra-vms | 5 + ansible/group_vars/all/ipa | 9 +- ansible/group_vars/all/kolla | 19 ++- ansible/group_vars/all/seed-hypervisor | 3 + ansible/group_vars/all/seed-vm | 7 +- ansible/group_vars/all/time | 3 + ansible/group_vars/seed-hypervisor/snat | 3 + ansible/group_vars/seed/snat | 3 + ansible/host-package-update.yml | 6 +- ansible/ip-allocation.yml | 1 + ansible/ip-routing.yml | 4 +- ansible/kolla-ansible.yml | 1 + ansible/kolla-bifrost-hostvars.yml | 2 +- ansible/kolla-bifrost.yml | 3 +- ansible/kolla-openstack.yml | 2 + ansible/provision-net.yml | 4 +- ansible/roles/apt/defaults/main.yml | 38 +++++ ansible/roles/apt/handlers/main.yml | 5 + ansible/roles/apt/tasks/config.yml | 14 ++ ansible/roles/apt/tasks/keys.yml | 19 +++ ansible/roles/apt/tasks/main.yml | 21 +-- ansible/roles/apt/tasks/proxy.yml | 17 +++ ansible/roles/apt/tasks/repos.yml | 23 +++ ansible/roles/apt/templates/kayobe.sources.j2 | 15 ++ ansible/roles/dnf/tasks/local-mirror.yml | 9 +- .../roles/dnf/templates/Rocky-AppStream.repo.j2 | 16 ++ ansible/roles/dnf/templates/Rocky-BaseOS.repo.j2 | 16 ++ ansible/roles/dnf/templates/Rocky-Extras.repo.j2 | 16 ++ ansible/roles/kolla-ansible/defaults/main.yml | 3 + .../roles/kolla-ansible/library/kolla_passwords.py | 2 +- ansible/roles/kolla-ansible/tasks/install.yml | 1 + .../kolla-ansible/templates/kolla/globals.yml | 2 +- .../kolla-ansible/templates/overcloud-services.j2 | 6 +- .../kolla-ansible/templates/overcloud-top-level.j2 | 2 +- ansible/roles/kolla-ansible/vars/main.yml | 1 + ansible/roles/kolla-bifrost/defaults/main.yml | 1 + .../templates/kolla/config/bifrost/bifrost.yml | 1 + ansible/roles/kolla-openstack/defaults/main.yml | 9 ++ .../molecule/enable-everything/molecule.yml | 4 + ansible/roles/kolla-openstack/tasks/config.yml | 2 +- .../roles/kolla-openstack/templates/glance.conf.j2 | 29 ---- .../kolla-openstack/templates/placement.conf.j2 | 9 ++ ansible/roles/kolla-openstack/vars/main.yml | 5 + ansible/roles/network-redhat/tasks/main.yml | 1 + ansible/roles/ntp/tasks/prepare.yml | 25 ++- ansible/snat.yml | 4 +- dev/functions | 15 +- .../reference/ironic-python-agent.rst | 7 +- .../configuration/reference/kolla-ansible.rst | 2 + .../configuration/reference/os-distribution.rst | 14 +- .../configuration/reference/physical-network.rst | 2 +- .../configuration/scenarios/all-in-one/index.rst | 6 +- .../scenarios/all-in-one/overcloud.rst | 9 +- etc/kayobe/apt.yml | 35 +++++ etc/kayobe/bifrost.yml | 3 + etc/kayobe/dnf.yml | 8 +- etc/kayobe/globals.yml | 7 +- etc/kayobe/infra-vms.yml | 3 + etc/kayobe/ipa.yml | 2 +- etc/kayobe/kolla.yml | 4 +- etc/kayobe/seed-hypervisor.yml | 3 + etc/kayobe/seed-vm.yml | 5 +- etc/kayobe/time.yml | 3 + kayobe/cli/commands.py | 11 +- kayobe/plugins/filter/networkd.py | 8 +- kayobe/plugins/filter/networks.py | 91 ++++++----- .../plugins/action/test_kolla_ansible_host_vars.py | 6 +- molecule-requirements.txt | 1 + playbooks/kayobe-infra-vm-base/pre.yml | 2 +- playbooks/kayobe-overcloud-base/globals.yml.j2 | 2 +- playbooks/kayobe-overcloud-base/overrides.yml.j2 | 8 +- playbooks/kayobe-overcloud-base/run.yml | 11 -- .../overrides.yml.j2 | 36 ++++- .../kayobe-overcloud-host-configure-base/pre.yml | 2 +- playbooks/kayobe-overcloud-upgrade-base/run.yml | 5 - .../kayobe-seed-base/bifrost-overrides.yml.j2 | 6 +- playbooks/kayobe-seed-base/overrides.yml.j2 | 4 +- playbooks/kayobe-seed-base/pre.yml | 3 +- playbooks/kayobe-seed-base/run.yml | 34 +++-- .../bifrost-overrides.yml.j2 | 6 +- playbooks/kayobe-seed-vm-base/pre.yml | 2 +- ...d-extended-placement-conf-70a4b9a318c1b555.yaml | 3 + .../notes/apt-config-bc72fd0bff919888.yaml | 6 + .../notes/apt-repositories-850efef70ba34946.yaml | 5 + ...ifrost-dhcp-range-netmask-fd40642967042267.yaml | 5 + ...ifrost-inspection-gateway-316ab384430ef8df.yaml | 9 ++ .../notes/bond-ad-select-8fc711dcd54e9cea.yaml | 4 + .../build-neutron-sriov-836acf378bae0b48.yaml | 5 + .../notes/config-idemoptence-37846db82ecd9f43.yaml | 4 + .../notes/configdrive-vlans-4e8b6ed07b229233.yaml | 6 + ...able-grafana-with-monasca-497d686e95d89242.yaml | 7 + ...nable-rtc-synchronisation-1179a52e8e6bd12b.yaml | 6 + ...lla-ansible-group-mapping-8fcd6cbb1e744e18.yaml | 6 + ...ckup-with-no-kolla-config-4f857915adabad41.yaml | 6 + .../fixes-keyerror-vlan-link-c177cf719e070df6.yaml | 8 + .../hacluster-build-issue-2a8023e0cd80235a.yaml | 5 + ...pector-dhcp-range-netmask-bb46eb7df77587a4.yaml | 4 + .../notes/ip-allocation-skip-9e81c13324b7a7e1.yaml | 6 + .../notes/ipa-branch-b29c377c531013a8.yaml | 6 + .../jinja2-pass-context-fecf00f23e413393.yaml | 4 + ...asswords-overrides-no-log-57054ce64fae8143.yaml | 11 ++ .../patch-links-on-overcloud-e24dbc858d3399cc.yaml | 6 + .../notes/provision-net-mtu-befdda04224f49a6.yaml | 5 + .../seed-hypervisor-snat-3f4844bd1156bce9.yaml | 5 + ...ents-branch-for-ipa-build-c3ca977ec21b58f4.yaml | 8 + .../stackhpc-drac-check-mode-8097215f8eca9991.yaml | 5 + .../notes/story-2009821-b309165e25e77aea.yaml | 5 + .../support-rockylinux-8-1da50e2f97b918d5.yaml | 4 + .../ubuntu-package-update-0db09fc57249b9fc.yaml | 10 ++ requirements.txt | 1 + requirements.yml | 12 +- roles/kayobe-ci-prep/tasks/main.yml | 2 +- roles/kayobe-diagnostics/files/get_logs.sh | 1 + zuul.d/jobs.yaml | 53 +++++++ zuul.d/nodesets.yaml | 9 +- zuul.d/project.yaml | 16 ++ 134 files changed, 1171 insertions(+), 275 deletions(-) Requirements updates -------------------- diff --git a/molecule-requirements.txt b/molecule-requirements.txt index e2e59cc2..120b4f74 100644 --- a/molecule-requirements.txt +++ b/molecule-requirements.txt @@ -7,0 +8 @@ molecule-docker # MIT +pytest-metadata<2 # MPL diff --git a/requirements.txt b/requirements.txt index 8cfd1a87..7502967a 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,0 +2 @@ pbr>=2.0 # Apache-2.0 +Jinja2>3 # BSD