We are psyched to announce the release of: kolla-ansible 15.3.0: Ansible Deployment of Kolla containers This release is part of the zed stable release series. The source is available from: https://opendev.org/openstack/kolla-ansible Download the package from: https://tarballs.openstack.org/kolla-ansible/ Please report issues through: https://bugs.launchpad.net/kolla-ansible/+bugs For more details, please see below. 15.3.0 ^^^^^^ New Features ************ * Added capability to specify custom kernel modules for Neutron: *neutron_modules_default*: Lists default modules. *neutron_modules_extra*: For custom modules and parameters. * Added a neutron check for ML2/OVS and ML2/OVN presence at the start of deploy phase. It will fail if neutron_plugin_agent is set to "ovn" and use of ML2/OVS container detected. In case where neutron_plugin_agent is set to "openvswitch" the check will fail when it detects ML2/OVN container or any of the OVN specific volumes. Upgrade Notes ************* * Default keystone user role has been changed from deprecated role "_member_" to "member" role. * Now "ironic_tftp" service does not bind on 0.0.0.0, by default it uses ip address of the "api_interface". To revert to the old behaviour, please set "ironic_tftp_interface_address: 0.0.0.0" in "globals.yml". * Before upgrading to the Zed release of Kolla-Ansible on Ubuntu, ensure that Elasticsearch indexes created in version 6 or earlier are reindexed. OpenSearch 2.x does not support these older indexes. A precheck for this scenario has now been introduced. * Configure Nova libvirt.num_pcie_ports to 16 by default. Nova currently sets 'num_pcie_ports' to "0" (defaults to libvirt's "1"), which is not sufficient for hotplug use with 'q35' machine type. * Changes default value of nova libvirt driver setting "skip_cpu_compare_on_dest" to true. With the libvirt driver, during live migration, skip comparing guest CPU with the destination host. When using QEMU >= 2.9 and libvirt >= 4.4.0, libvirt will do the correct thing with respect to checking CPU compatibility on the destination host during live migration. Security Issues *************** * Restrict the access to the http Openstack services exposed /server- status by default through the HAProxy on the public endpoint. Fixes issue for Ubuntu/Debian installations. RockyLinux/CentOS not affected. LP#1996913 Bug Fixes ********* * Fixes issues with OVN NB/SB DB deployment, where first node needs to be rebootstrapped. LP#1875223 * "enable_keystone_federation" and "keystone_enable_federation_openid" have not been explicitly handled as bool in various templates in the keystone role so far. LP#2036390 * Fixes an issue when Kolla is setting the producer tasks to None, and this disables all designate producer tasks. LP#1879557 * Fixes "ironic_tftp" which binds to all ip addresses on the system. Added "ironic_tftp_interface", "ironic_tftp_address_family" and "ironic_tftp_interface_address" parameters to set the address for the "ironic_tftp" service. LP#2024664 * Fixes an OpenSearch migration process by adding precheck for Elasticsearch indexes in too low version for OpenSearch 2.x. * Fixes an issue where a Docker health check wasn't configured for the OpenSearch Dashboards container. See bug 2028362. * Fixes an issue where 'q35' libvirt machine type VM could not hotplug more than one PCIe device at a time. * Fixes an issue where keepalived track script fails on single controller environment and keepalived VIP goes into BACKUP state. "keepalived_track_script_enabled" variable has been introduced (default: true), which can be used to disable track scripts in keepalived configuration. LP#2025219 * Fixes an issue were an OVS-DPDK task had a different name to how it was being notified. * When upgrading Nova to a new release, we use the tool "nova-status upgrade check" to make sure that there are no "nova-compute" that are older than N-1 releases. This was performed using the current "nova-api" container, so computes which will be too old after the upgrade were not caught. Now the upgraded "nova-api" container image is used, so older computes are identified correctly. LP#1957080 Changes in kolla-ansible 15.2.0..15.3.0 --------------------------------------- 6ba7fd279 Rename per role filters files a5e1eb965 Default keystone user role changed to member e5b102696 Add ML2/OVN and ML2/OVS setting checks for neutron 741808ca6 Add option for extra kernel modules in neutron role 2f8cffee2 CI: add block support to validate-all-file.py 0fe42b26a README: link to the meetings page directly 9c5a47d5c keystone: ensure bool for two parameters 944f93a5e Configure Nova libvirt.num_pcie_ports to 16 by default 5c4c3aefc ovn: Fix broken deployment/reconfig on Ubuntu 4fb7ebdc5 CI: Remove redundant set/unset_cirros_image_q35_machine_type 1b44dde7b Prevent libvirtd reload when only generating config 3dc9fe1a8 CI: add q35 hardware machine type to tests 03db998f6 ovn: Improve clustering 48b570cb8 Fix designate-producers not running properly 139c872af Added precheck for OpenSearch migration bc9f36893 Use better default bind address for ironic-tftp 916587d6b Fix D001 Line too long in mariadb-guide 309aebc97 Fixes WEBSSO_KEYSTONE_URL Value d0c53de28 Drop useless DUMMY_ENVIRONMENT environment for cron container 4e2bebbc0 Fixes task name in notify module to the actual task name 35cabb263 Use the upgraded image to run Nova upgrade checks a73d8110e CI: Add missing Rocky9 upgrade jobs f381fb548 Deny access to public /server-status in http Openstack services 077455734 Enable nova libvirt driver skip_cpu_compare_on_dest workaround 511007f71 Fix OpenSearch Dashboards health check 993b854bb loadbalancer: Add option to not define track script Diffstat (except docs and test files) ------------------------------------- README.rst | 2 +- ansible/group_vars/all.yml | 5 +- ansible/library/kolla_container_volume_facts.py | 91 ++++++++++++++ ansible/library/kolla_toolbox.py | 2 +- ansible/roles/common/defaults/main.yml | 2 - .../{filters.py => kolla_common_filters.py} | 0 .../roles/designate/templates/designate.conf.j2 | 1 - .../templates/haproxy_single_service_split.cfg.j2 | 3 + ansible/roles/horizon/templates/horizon.conf.j2 | 4 + ansible/roles/horizon/templates/local_settings.j2 | 2 +- ansible/roles/ironic/defaults/main.yml | 1 + ansible/roles/ironic/templates/ironic-tftp.json.j2 | 2 +- ansible/roles/keystone/templates/keystone.conf.j2 | 2 +- ansible/roles/keystone/templates/keystone.json.j2 | 2 +- .../roles/keystone/templates/wsgi-keystone.conf.j2 | 2 +- ansible/roles/loadbalancer/defaults/main.yml | 4 + ansible/roles/loadbalancer/tasks/config.yml | 1 + .../templates/keepalived/keepalived.conf.j2 | 4 + ansible/roles/neutron/defaults/main.yml | 7 ++ ansible/roles/neutron/tasks/config-host.yml | 5 +- ansible/roles/neutron/tasks/deploy.yml | 2 + .../neutron/tasks/neutron_plugin_agent_check.yml | 35 ++++++ ansible/roles/neutron/tasks/precheck.yml | 2 + ansible/roles/neutron/tasks/upgrade.yml | 2 + .../{filters.py => kolla_nova_cell_filters.py} | 0 ansible/roles/nova-cell/handlers/main.yml | 2 + .../templates/nova.conf.d/libvirt.conf.j2 | 3 + ansible/roles/nova/tasks/upgrade.yml | 55 +++++++-- ansible/roles/opensearch/handlers/main.yml | 1 + ansible/roles/opensearch/tasks/upgrade.yml | 27 +++++ ansible/roles/ovn-db/defaults/main.yml | 19 +++ ansible/roles/ovn-db/tasks/bootstrap-initial.yml | 83 +++++++++++++ ansible/roles/ovn-db/tasks/deploy.yml | 10 ++ ansible/roles/ovn-db/tasks/lookup_cluster.yml | 131 +++++++++++++++++++++ ansible/roles/ovn-db/templates/ovn-nb-db.json.j2 | 2 +- ansible/roles/ovn-db/templates/ovn-sb-db.json.j2 | 2 +- ansible/roles/ovs-dpdk/handlers/main.yml | 2 +- .../central-logging-guide.rst | 6 + releasenotes/notes/1875223-05552108375d005a.yaml | 5 + ...ron-custom-kernel-modules-d105d3f84665e0a4.yaml | 6 + .../notes/bug-2036390-d087c5bfd504c9f3.yaml | 7 ++ ...cers-not-running-properly-3568f9167a9547f6.yaml | 6 + ...nge-default-keystone-role-386974967adfed65.yaml | 5 + ...default-tftp-bind-address-602acf76136d1732.yaml | 14 +++ ...rch-migration-old-indexes-e329d741f02be437.yaml | 11 ++ ...s-dashboards-health-check-bf56027f8c3369ea.yaml | 6 + ...-q35-pcie-hotplug-libvirt-50b1879d61b1df72.yaml | 10 ++ ...rvices-deny-server-status-39d0259664053e59.yaml | 7 ++ .../keepalived_track_script-edfebb520f006647.yaml | 9 ++ .../notes/ml2ovs_precheck-c859504004f6884b.yaml | 9 ++ ...ovs-dpdk-task-name-bugfix-099b386886a40236.yaml | 5 + ...hecks-with-upgraded-image-dca9c515bcd89ec8.yaml | 10 ++ .../skip-cpu-compare-on-dest-927004854f41bc32.yaml | 9 ++ tools/validate-all-file.py | 67 +++++++---- zuul.d/base.yaml | 1 + zuul.d/jobs.yaml | 31 +++++ zuul.d/project.yaml | 4 + 62 files changed, 782 insertions(+), 75 deletions(-)
participants (1)
-
no-reply@openstack.org