We are amped to announce the release of: kolla-ansible 7.1.2: Ansible Deployment of Kolla containers This release is part of the rocky stable release series. The source is available from: https://opendev.org/openstack/kolla-ansible Download the package from: https://tarballs.openstack.org/kolla-ansible/ Please report issues through: https://bugs.launchpad.net/kolla-ansible/+bugs For more details, please see below. 7.1.2 ^^^^^ Upgrade Notes ************* * The Keystone fernet key rotation scheduling algorithm has been modified to avoid issues with over-rotation of keys. The variables "fernet_token_expiry", "fernet_token_allow_expired_window" and "fernet_key_rotation_interval" may be set to configure the token expiry and key rotation schedule. By default, "fernet_token_expiry" is 86400, "fernet_token_allow_expired_window" is 172800, and "fernet_key_rotation_interval" is the sum of these two variables. This allows for the minimum number of active keys - 3. See bug 1809469 for details. Bug Fixes ********* * Adds system hostnames to "/etc/hosts", if different from short hostnames. This can fix live migration of Nova instances in some contexts. See bug 1830023 for details. Other Notes *********** * While Kolla Ansible now avoids duplicating Nova cells when messaging or database connection information are changed, operators of existing deployments should perform a manual cleanup of duplicate cells using the "nova-manage cell_v2" command from a container running the "nova_api" image, leaving only two cells, one named "cell0" and another one with the right connection information. Changes in kolla-ansible 7.1.1..7.1.2 ------------------------------------- d48164e14 Use net_default_mac in ansible/roles/ironic/templates/ironic_pxe_uefi.default.j2 dfaeae010 Use secure websocket for nova serial console proxy when TLS enabled 49bf27042 Set my_ip in ironic.conf 725e189bf Moves monasca-thresh java.io.tmpdir to existing docker volume c13b8e243 Removes monasca_grafana persistent volume 175c59f94 Add missing Octavia policy file to Horizon 9812eaff9 Add missing when condition for swift config files ea457f72a Fix swift log level configuration 5e83ba5bb [gnocchi] Don't recursively modify file perms on start a6f6960b0 Fix checking mongodb replication status 211b0b347 Add ceph-mds/rgw/nfs to gate 07082c508 repair ceph_nfs container start failed 783ae9336 Rocky-only: add rpcbind to CentOS as well de34995bd Add 'allow *' to getting ceph mds keyring 93df0e86d ceph: fixes to deployment and upgrade 4ab7e4c1f ceph-nfs: Add rpcbind to Ubuntu host bootstrap 19a1a3867 Ensure keystone endpoint is updatable 1c877ce3c Fix ironic inspector iPXE boot with UEFI cf2e4d726 Add kolla-ansible to zuul job dependencies 2b039bddf Test minimum supported and latest versions of Ansible 69f77205b Let wsgi-gnocchi set use python3 on Ubuntu binary e006828ad Add Region and Multiples into default globals.yml 441c5a03f During deploy, always sync DB f2fe9077a Language tweaks in multi-region docs for clarity 099417d8a Don't rotate keystone fernet keys during deploy 1899feac9 Wait for all compute services before cell discovery 25bf57fb5 Fixes for MariaDB bootstrap and recovery 8de5bf3db Specify endpoint when creating monasca user cf3d42d46 CI: set the same gate queue for kolla and kolla-ansible 1d22714cf (Rocky and Queens only) CI: Fix ceph jobs for kolla 5ed551c1f Enable deflate when using tls for horizon d8c6e5466 Avoid parallel discover_hosts (nova-related race condition) 924226df1 Remove zuul-cloner usage e4b550e53 Restart all nova services after upgrade 1234ec189 Remove obsolete roles middleware 1874e48fa Update service_provider for FWaaS v2 ff32b0e63 Fix mongo command for supporting other port f89f6f0ad Fix mongo command for checking replication status 0bed6dd4b Fix issue finding custom, host specific plugins 05412a1d1 Add blazar to fluentd aggregation 3da9bf3d3 [heat] Multi-region support for bootstrap 9107fe049 Fix Blazar Nova aggregate in multi-region setup a3a9720d7 Hide logs when looping over passwords 0c5896c99 Support multi-region discovery of Nova cells d54c41335 Fix monasca grafana organisation check 625cf9f9e Fixes VMTP deploys. 795c9dde8 Elevate privileges for copying gnocchi policy.json 4e95bd8f3 Add ansible_nodename (system hostname) to /etc/hosts d66e95d1d Fix keystone fernet key rotation scheduling c3e5ab0dc Add unit test for keystone fernet cron generator 868b64b23 Configure coordination in default for cinder when redis is enabled 3458a7b28 Stop duplicating Nova cells f956996b6 Fix action_plugins python3 compatibility Diffstat (except docs and test files) ------------------------------------- ansible/action_plugins/merge_configs.py | 2 +- ansible/action_plugins/merge_yaml.py | 2 +- ansible/group_vars/all.yml | 9 + ansible/library/kolla_ceph_keyring.py | 11 +- ansible/roles/aodh/tasks/bootstrap.yml | 2 - ansible/roles/barbican/tasks/bootstrap.yml | 2 - ansible/roles/baremetal/defaults/main.yml | 11 +- ansible/roles/baremetal/tasks/install.yml | 14 +- ansible/roles/baremetal/tasks/pre-install.yml | 3 +- ansible/roles/blazar/tasks/bootstrap.yml | 3 +- ansible/roles/ceph/defaults/main.yml | 4 +- ansible/roles/ceph/tasks/config.yml | 13 ++ ansible/roles/ceph/tasks/deploy.yml | 33 ++-- ansible/roles/ceph/tasks/distribute_keyrings.yml | 13 ++ ansible/roles/ceph/tasks/start_nfss.yml | 1 - ansible/roles/ceph/tasks/upgrade.yml | 35 +--- ansible/roles/ceph/templates/ceph-nfs.json.j2 | 2 +- ansible/roles/ceph/templates/ganesha.conf.j2 | 12 +- ansible/roles/cinder/tasks/bootstrap.yml | 2 - ansible/roles/cinder/templates/cinder.conf.j2 | 8 + ansible/roles/cloudkitty/tasks/bootstrap.yml | 2 - .../common/templates/conf/input/00-global.conf.j2 | 1 + ansible/roles/congress/tasks/bootstrap.yml | 2 - ansible/roles/designate/tasks/bootstrap.yml | 2 - ansible/roles/glance/tasks/bootstrap.yml | 2 - ansible/roles/gnocchi/tasks/bootstrap.yml | 2 - ansible/roles/gnocchi/tasks/config.yml | 1 + .../roles/gnocchi/templates/gnocchi-api.json.j2 | 3 +- .../gnocchi/templates/gnocchi-metricd.json.j2 | 3 +- .../roles/gnocchi/templates/gnocchi-statsd.json.j2 | 3 +- .../roles/gnocchi/templates/wsgi-gnocchi.conf.j2 | 6 +- ansible/roles/heat/tasks/bootstrap.yml | 2 - ansible/roles/heat/tasks/bootstrap_service.yml | 1 + ansible/roles/horizon/tasks/bootstrap.yml | 2 - ansible/roles/horizon/tasks/config.yml | 1 + ansible/roles/horizon/templates/horizon.conf.j2 | 10 +- ansible/roles/ironic/tasks/bootstrap.yml | 4 +- ansible/roles/ironic/templates/inspector.ipxe.j2 | 2 +- ansible/roles/ironic/templates/ironic.conf.j2 | 2 + .../ironic/templates/ironic_pxe_uefi.default.j2 | 2 +- ansible/roles/karbor/tasks/bootstrap.yml | 2 - .../keystone/files/fernet_rotate_cron_generator.py | 83 +++++---- ansible/roles/keystone/tasks/bootstrap.yml | 2 - ansible/roles/keystone/tasks/config.yml | 8 +- ansible/roles/keystone/tasks/init_fernet.yml | 2 +- ansible/roles/keystone/tasks/register.yml | 21 +++ ansible/roles/keystone/templates/fernet-push.sh.j2 | 7 + .../roles/keystone/templates/fernet-rotate.sh.j2 | 6 +- .../keystone/templates/keystone-fernet.json.j2 | 6 + ansible/roles/keystone/templates/keystone.conf.j2 | 12 +- ansible/roles/magnum/tasks/bootstrap.yml | 2 - ansible/roles/manila/tasks/bootstrap.yml | 2 - ansible/roles/mariadb/handlers/main.yml | 22 +++ ansible/roles/mariadb/tasks/recover_cluster.yml | 35 +++- ansible/roles/mistral/tasks/bootstrap.yml | 2 - ansible/roles/monasca/defaults/main.yml | 1 - ansible/roles/monasca/tasks/bootstrap.yml | 3 - ansible/roles/monasca/tasks/config.yml | 1 - ansible/roles/monasca/tasks/post_config.yml | 2 +- ansible/roles/monasca/tasks/register.yml | 1 + .../templates/monasca-log-api/log-api-paste.ini.j2 | 4 +- .../monasca-thresh/monasca-thresh.json.j2 | 2 +- ansible/roles/mongodb/handlers/main.yml | 6 +- ansible/roles/mongodb/tasks/bootstrap_cluster.yml | 2 +- ansible/roles/murano/tasks/bootstrap.yml | 2 - ansible/roles/neutron/tasks/bootstrap.yml | 2 - .../roles/neutron/templates/fwaas_driver.ini.j2 | 4 + ansible/roles/nova/defaults/main.yml | 9 + ansible/roles/nova/handlers/main.yml | 52 ++++++ ansible/roles/nova/tasks/bootstrap.yml | 5 +- ansible/roles/nova/tasks/create_cells.yml | 77 ++++++++ ansible/roles/nova/tasks/discover_computes.yml | 53 +++++- ansible/roles/nova/tasks/reload.yml | 40 ----- ansible/roles/nova/tasks/upgrade.yml | 2 - ansible/roles/nova/templates/nova.conf.j2 | 7 +- ansible/roles/octavia/tasks/bootstrap.yml | 2 - ansible/roles/panko/tasks/bootstrap.yml | 4 - ansible/roles/rally/tasks/bootstrap.yml | 2 - ansible/roles/sahara/tasks/bootstrap.yml | 2 - ansible/roles/senlin/tasks/bootstrap.yml | 2 - ansible/roles/solum/tasks/bootstrap.yml | 2 - ansible/roles/swift/defaults/main.yml | 2 +- ansible/roles/swift/tasks/config.yml | 7 + ansible/roles/tacker/tasks/bootstrap.yml | 2 - ansible/roles/trove/tasks/bootstrap.yml | 2 - ansible/roles/vitrage/tasks/bootstrap.yml | 2 - ansible/roles/vmtp/tasks/config.yml | 2 +- ansible/roles/watcher/tasks/bootstrap.yml | 2 - ansible/roles/zun/tasks/bootstrap.yml | 2 - etc/kolla/globals.yml | 9 + ...add-nodename-to-etc-hosts-6360acc642ee3d49.yaml | 7 + .../fernet-key-rotation-8d40041d7d783dc7.yaml | 16 ++ ...op-duplicating-nova-cells-670211557fe2cda3.yaml | 9 + tools/setup_gate.sh | 25 +-- zuul.d/base.yaml | 1 + zuul.d/project.yaml | 1 + 104 files changed, 861 insertions(+), 305 deletions(-)