We jubilantly announce the release of: tripleo-common 9.5.0: A common library for TripleO workflows. This release is part of the rocky stable release series. The source is available from: http://git.openstack.org/cgit/openstack/tripleo-common Download the package from: https://tarballs.openstack.org/tripleo-common/ Please report issues through launchpad: https://bugs.launchpad.net/tripleo-common For more details, please see below. 9.5.0 ^^^^^ New Features ************ * The "ironic-staging-drivers" are now installed in the ironic- conductor container so that these drivers can be used without rebuilding the container. The Ironic Staging Drivers (https ://ironic-staging-drivers.readthedocs.io/en/latest/) is used to hold out-of-tree Ironic drivers which doesn't have means to provide a 3rd Party CI at this point in time which is required by Ironic. * Increase the size of the security hardened images to 40G. With the move to containers more disk space is needed and the disk layout has been modified. It needs a global size of 40G to work. Upgrade Notes ************* * Package octavia-amphora-image (RHEL) will no longer be installed by role octavia-undercloud, and it now installs image files in directory /usr/share/openstack-octavia-amphora-images/. Please ensure you have the latest package version installed in the undercloud node beforehand deploying or updating the overcloud. Bug Fixes ********* * Fixes bug 1793605 so when nodes are blacklisted, they are not included in the Overcloud config. A warning will show that the server_id that was ignored if the it can't be found in the stack. * Node update now works correctly when capabilities are specified as a dict. * The config_download_deploy workflow now has a config_download_timeout input that will honor the user requested timeout. Previously, no timeout was honored even though the user could request one via tripleoclient. * The tripleo-bootstrap ansible role will no longer fail if yum fails to install the required packages. This fixed behavior aligns with previous requirements where enabled package repositories and a working package manager are not required on the initially deployed images. Errors are ignored on the package install task, and then a subsequent task will cause a failure indicating the required packages are not present. * tripleo.access.v1.enable_ssh_admin now honors the server blacklist if one is set. Servers in the blacklist will not be used by the workflow. * Previously, running ansible-playbook with --check would cause a failure during the individual server deployments when checking the result of a previous attempt. * The tripleo.deployment.v1.get_deployment_status workflow will no longer error when requesting the deployment status for a non- existant plan. A message is sent in the output instead of failing the workflow. * While we have a dedicated nova_metadata healthcheck script, the nova_metadata and nova_api container the same image and the current nova api healtcheck script still checks the non wsgi implementation. This changes the nova_api healthcheck script to check the metadata wsgi vhost config for details instead of the details in nova.conf. * Add missing httpd and mod_ssl packages to octavia container image to support TLS proxy for internal TLS. * The ServerAliveInterval and ServerAliveCountMax SSH options are now set in the mistral ansible action so that when networking configuration is performed on the overcloud nodes SSH will not drop the connection. * Workaround bug 1810932 by scripting an in-place update of ssh_known_hosts * A new workflow, config_download_export, for exporting the config- download files via a Swift tempurl is added so that the openstack overcloud config download tripleoclient command can use the API. Other Notes *********** * Individual server deployments that are of type group:hiera now support check mode, and when running under check mode, also support diff mode. Changes in tripleo-common 9.4.0..9.5.0 -------------------------------------- 70a5be49 Bump the Ceph container image to 3.2.1 5f2705f2 Publish a better failure message for Update Ansible 5d47b74d Publish error for package_update workflow 9b3e9b2c Check for physical_resource_id before getting deployments 5defaf30 Add AllNodesConfig to config-download group vars d434b88d Enable Ansible error handling per role 985cb0ff Set heatclient exceptions to verbose 261de49f Run scenario009 on tripleo-deploy-openshift changes 0077402b Workaround ssh_known_hosts changes not being propagated to containers c51cce0c Look for lower-case hostname when adding to ssh_known_hosts 0e1368bf Fail node cleaning on timeout 112cc3b5 Additional images for openshift services 6fc7e1bf Fix tags for openshift images 0af9f994 Fix AnsibleAction.run() when argument is not a dict c42fb903 IPv6 healthcheck fixes for nova-vnc-proxy 15b70b09 Fix DeploymentStatusAction KeyError f863f02b Move Octavia config opts to common config directory 56690bc3 Activate remaining set of healthchecks d284d78b Add a way to update ContainerImagePrepare params 48ab9fa9 Option to upload Octavia amphora img in RAW format b710e530 Fix environments sorting 244736fd Handle missing or bad dmidecode 8b40faa7 Fix skip of octavia-undercloud Ansible role 362ddf79 Add python-notario package to mistral-executor container 98011150 Increase ansible gather_timeout to 30secs for config-download 39ea2afb Switch scenarios to non-voting 5bc57959 Catch heat exceptions in DeployStackAction a1a0bc46 Set DeployIdentifier on update/upgrade/ffwd prepare actions 58ff892e image_uploader: use /v2 suffix to validate SSL 74ee6747 Do not fail deploy for empty ceph ansible fetch directory 040849c6 Stop installing octavia-amphora-image package 027002bb Rename tripleo-ci-centos-7-scenario009-multinode-oooq (rocky) 7d609f11 Generating fencing for capitalized MACs 6341671c Bump the Ceph container image to 3.2.0 935bd8a0 Update swift_backup workflow success status message b45a5cee Exit when container is missing or empty when downloading logs d8f06646 Select message IDs properly when publishing to swift b37abe26 Correct handling of capabilities on node update 8dd9125d Fix rotate_fernet_keys workflow to not use heat deployment 93668935 Don't resolve Heat stack output when unnecessary 0176878f Fix nova-api healthcheck fa7bceb5 Omit grep process in nova_api healthcheck. e71a6a9a Cache swift responses in process_environments_and_files e9ce11d1 Install ironic-staging-drivers in ironic-conductor f4e06c5d Fix config-download timeout 79c687cd Sync state if needed during retrieval 5e221edb Switch stable scenarios to voting 34b0d730 Delete old tarball from config container on download c43e1b0d Don't reset parameter cache in a loop 181fb4a0 Add health checks for Swift services 03c67d9a Add health check script for Sahara API 9a57702d Run Mistral workflow to make temporary Swift URLs on upgrade 52628ffa Add container images for openshift 3.11 b49f0c54 Store prepare defaults in packaged yaml f25a2f35 Add Ironic inspector health checks a32cbdee Increase size for security hardened images 709bc35f write_config: force utf8 d213435a Run NetworkDeployment as async task 9ea9472b Skip deployments with no uuid e8d9d162 Don't add tarball to config-download dir eb2b7dc1 Change ceph-ansible fetch directory format on upgrade from Q to R 6c5f1c11 Set workflow status to success when manipulating deployment status 123616fe Fix nova-api healthcheck in case of nova metadata wsgi e6d6efa3 Add wrapper for openshift-ansible docker command 5d84aeb5 Add openshift-ansible container image 99049c27 Fix temp file locking issues in tests 67bab168 Run prepare during package_update workflow 437ce769 Default the scale status to SUCCESS e2c12d40 Add httpd and mod_ssl packages to octavia api image 30c7bfff Check mode support for hiera deployments 17a10d99 Honor blacklist with enable_ssh_admin 14c23619 Make ODL healthcheck IPv6 compatible 23235106 Do not include ceph-ansible in the container image. d709699b Add on-error task to parse_node_data_lookup 8a0474e6 Revert "Add container runtime packages for cron image" 35112154 Fix check mode for server deployments 1ff57952 Tag openshift images for Infra service 933c620d Add container-registry image to openshift master role 417d5eab Switch to origin-docker-build 9c486dc9 Switch to openshift 3.10 f4f4c920 Add config_download_timeout input 40cd1d39 Increase upload concurrency 5a552022 Update swift_rings_backup workflow to also backup ceph fetch dir 2da9b4ab Don't fail tripleo-bootstrap on package installs 00e776de Handle non-existant plan when getting deployment status f8fe46d7 Set prepare neutron_driver from NeutronMechanismDrivers f86b2b4c config: ignore missing server_id from the stack 792bc26f Add workflow for config-download export 0b41bc23 Add override_ansible_cfg b17791ae Set SSH server keep alive options fc31a1c6 Add container runtime packages for cron image ed76b768 Upgrade docker ceph container 15484a00 Fix validation runs in a containerized environment Diffstat (except docs and test files) ------------------------------------- .../container_image_prepare_defaults.yaml | 75 ++++++ container-images/overcloud_containers.yaml | 34 ++- container-images/overcloud_containers.yaml.j2 | 130 ++++++++- .../tripleo_kolla_template_overrides.j2 | 64 ++++- healthcheck/common.sh | 11 + healthcheck/ironic-inspector | 16 ++ healthcheck/nova-api | 8 +- healthcheck/nova-vnc-proxy | 5 + healthcheck/opendaylight-api | 5 + ...a-vnc-proxy-ipv6-handling-5d0625f1ab10d13f.yaml | 5 + healthcheck/sahara-api | 12 + healthcheck/swift-account-server | 38 ++- healthcheck/swift-container-server | 38 ++- healthcheck/swift-object-expirer | 12 + healthcheck/swift-object-server | 47 +++- healthcheck/swift-proxy | 37 ++- healthcheck/swift-rsync | 14 + image-yaml/overcloud-hardened-images-uefi.yaml | 9 +- image-yaml/overcloud-hardened-images.yaml | 9 +- image-yaml/overcloud-odl-rhel7.yaml | 7 +- playbooks/octavia-files.yaml | 3 +- playbooks/roles/common/defaults/main.yml | 1 + .../roles/octavia-controller-config/tasks/main.yml | 2 +- .../octavia-controller-config/tasks/octavia.yml | 20 +- .../templates/worker-post-deploy.conf.j2 | 4 - .../roles/octavia-undercloud/tasks/image_mgmt.yml | 31 ++- playbooks/roles/octavia-undercloud/tasks/main.yml | 7 +- ...ck-mode-support-for-hiera-f15fed971d4397f8.yaml | 4 + ...nd-ironic-staging-drivers-d278905bb1ec0683.yaml | 9 + ...acklisted_serverid_config-e079e64e8a04cdb4.yaml | 7 + releasenotes/notes/caps-fix-f6f8817a48fa5c25.yaml | 4 + .../config-download-timeout-7296683716f78022.yaml | 5 + ...tstrap-on-package-install-a00cd921b0af7168.yaml | 8 + ...ssh-admin-honor-blacklist-f1371554ab1b38f6.yaml | 4 + ...ck-mode-server-deployment-098bcae9e0227c57.yaml | 5 + ...ndle-no-deployment-status-a70a4b950171afbe.yaml | 5 + ...-security-hardened-images-3fc4df73a48d4a91.yaml | 7 + ...heck_metadata_wsgi_change-4a191009d7ef9963.yaml | 8 + ...avia-internal-tls-support-f595ed1c3a1f3353.yaml | 5 + ...server-keep-alive-options-071e1b3b570e78a7.yaml | 5 + ...via-amphora-image-install-5d26e3d37c7b508f.yaml | 8 + ..._known_host_atomic_update-481e0baf3b3d6342.yaml | 5 + ...ow-config-download-export-d22f3eb958b8c97a.yaml | 5 + roles/tripleo-bootstrap/tasks/main.yml | 7 + roles/tripleo-ssh-known-hosts/tasks/main.yml | 30 ++- scripts/tripleo-deploy-openshift | 55 ++++ setup.cfg | 3 + sudoers | 2 +- tripleo_common/actions/__init__.py | 4 + tripleo_common/actions/ansible.py | 28 +- tripleo_common/actions/config.py | 18 +- tripleo_common/actions/container_images.py | 38 +++ tripleo_common/actions/deployment.py | 101 ++++++- tripleo_common/actions/files.py | 5 +- tripleo_common/actions/package_update.py | 14 +- tripleo_common/actions/parameters.py | 2 +- tripleo_common/actions/plan.py | 3 +- tripleo_common/actions/templates.py | 7 +- tripleo_common/actions/validations.py | 11 + tripleo_common/image/image_uploader.py | 6 +- tripleo_common/image/kolla_builder.py | 81 +++--- tripleo_common/templates/deployments.yaml | 152 ++++++++++- tripleo_common/templates/group_var_role.j2 | 4 + tripleo_common/utils/config.py | 79 +++++- tripleo_common/utils/nodes.py | 19 +- tripleo_common/utils/plan.py | 13 +- workbooks/access.yaml | 28 +- workbooks/baremetal.yaml | 10 +- workbooks/ceph-ansible.yaml | 7 + workbooks/container_images.yaml | 51 ++++ workbooks/deployment.yaml | 140 +++++++++- workbooks/fernet-key-rotate.yaml | 13 +- workbooks/octavia_post.yaml | 2 + workbooks/package_update.yaml | 40 ++- workbooks/plan_management.yaml | 87 ++++++- workbooks/rename_ceph_ansible_fetch_directory.yaml | 105 ++++++++ workbooks/scale.yaml | 2 +- .../{swift_rings_backup.yaml => swift_backup.yaml} | 48 ++-- workbooks/swift_ring_rebalance.yaml | 8 +- zuul.d/layout.yaml | 26 +- 94 files changed, 2481 insertions(+), 358 deletions(-)