We are thrilled to announce the release of: kolla-ansible 8.1.1: Ansible Deployment of Kolla containers This release is part of the stein stable release series. The source is available from: https://opendev.org/openstack/kolla-ansible Download the package from: https://tarballs.openstack.org/kolla-ansible/ Please report issues through: https://bugs.launchpad.net/kolla-ansible/+bugs For more details, please see below. 8.1.1 ^^^^^ Upgrade Notes ************* * The octavia user is no longer given the admin role in the admin project. Octavia does not require this role and instead uses octavia user with admin role in service project. During an upgrade the octavia user is removed from the admin project. See bug 1873176 for details. Bug Fixes ********* * Adds necessary "region_name" to "octavia.conf" when "enable_barbican" is set to "true". LP#1867926 * Adds "/etc/timezone" to "Debian/Ubuntu" containers. LP#1821592 * Fixes an issue with Nova live migration not using "migration_interface_address" even when TLS was not used. When migrating an instance to a newly added compute host, if addressing depended on "/etc/hosts" and it had not been updated on the source compute host to include the new compute host, live migration would fail. This did not affect DNS-based name resolution. Analogically, Nova live migration would fail if the address in DNS/"/etc/hosts" was not the same as "migration_interface_address" due to user customization. LP#1729566 * Fix qemu loading of ceph.conf (permission error). LP#1861513 * Remove /run bind mounts in Neutron services causing dbus host- level errors and add /run/netns for neutron-dhcp-agent and neutron-l3-agent. LP#1861792 * Fixes an issue where old fluentd configuration files would persist in the container across restarts despite being removed from the "node_custom_config" directory. LP#1862211 * Use more permissive regex to remove the offending 127.0.1.1 line from /etc/hosts. LP#1862739 * Each Prometheus mysqld exporter points now to its local mysqld instance (MariaDB) instead of VIP address. LP#1863041 * Cinder Backup has now access to kernel modules to load e.g. iscsi_tcp module. LP#1863094 * Makes RabbitMQ hostname address resolution precheck stronger by requiring uniqueness of resolution to avoid later issues. LP#1863363 * Fixes haproxy role to avoid restarting haproxy service multiple times in a single Ansible run. LP#1864810 LP#1875228 * Fixes failure to deploy telegraf with monitoring of zookeeper due to wrong variable being referenced. LP#1867179 * Fixes "ceph" deployment reconfiguration error, when Gathering OSDs step would fail due to Kolla-Ansible user not having access to "/var/lib/ceph/osd/_FSID_/whoami". LP#1867946 * Fixes "designate-worker" not to use "etcd" as its coordination backend because it is not supported by Designate (no group membership support available via tooz). LP#1872205 * Fixes source-IP-based load balancing for Horizon when using the "split" HAProxy service template. * Fixes issue where HAProxy would have no backend servers in its config files when using the "split" config template style. * Manage nova scheduler workers through "openstack_service_workers" variable. LP#1873753 * Remove the meta field of the Swift rings from the default rsync_module template. Having it by default, undocumented, can lead to unexpected behavior when the Swift documentation states that this field is not processed. * Fixes an issue with HAProxy prechecks when scaling out using "-- limit" or "--serial". LP#1868986. * Fixes an issue with the HAProxy monitor VIP precheck when some instances of HAProxy are running and others are not. See bug 1866617. * Fixes gnocchi-api script name for Ubuntu/Debian binary deployments. LP#1861688 * Fixes an issue with port prechecks for the Placement service. See bug 1861189 for details. * Removes the "[http]/max-row-limit = 10000" setting from the default InfluxDB configuration, which resulted in the CloudKitty v1 API returning only 10000 dataframes when using InfluxDB as a storage backend. See bug 1862358 for details. * Skydive's API and the web UI now rely on Keystone for authentication. Only users in the Keystone project defined by skydive_admin_tenant_name will be able to authenticate. See *LP#1870903 <https://launchpad.net/bugs/1870903>* for more details. * Switch endpoint_type from public to internal for octavia communicating with the barbican service. See bug 1875618 for details. Changes in kolla-ansible 8.1.0..8.1.1 ------------------------------------- a5975ebe2 Make sure octavia uses internal endpoint to barbican 72cd552d7 Remove redundant listen on haproxy handler 4b70bb52e Manage nova scheduler workers count 5f563ed49 Fix haproxy restarting twice per Ansible run 967b3be71 [octavia] Adds region_name if enable_barbican ca39a9c27 Avoid multiple haproxy restarts after reconfiguration 4df065224 Remove octavia user from admin project 66a2f4935 Fix Designate not to use etcd coordination backend 85c178fc1 Be less confusing about custom Docker registry 0f99f5aa0 Fix telegraf with zookeeper (wrong port variable reference) d576249f3 Introduce /etc/timezone to Debian/Ubuntu containers 06db02b4b CI: Fix Ironic and Zun scenarios testing 31f09efd1 [skydive] fix: Use Keystone backend to authenticate API users 6450daba0 [horizon] Move 'balance' HAProxy keyword 9f944d4bd [haproxy-config] Fix missing servers in split cfg 4f4c005fa Fix kolla_source_version value f174ec063 Fix live migration to use migration int. address aa7b6c355 CI: Use upper constraints to install clients 5da311c69 Fix ovs fw driver for the other ovs agent 2e514a8cf Fix HAProxy prechecks during scale-out with limit 2b04e7111 mariadb container name variable d4eedf4f9 ceph: Add become to gathering OSD IDs on reconfigure 89e875fb6 Ironic: fix documentation 47915af85 CI: install tox 06fbffe44 Combined fluentd fixes 3eb908272 Fix native openvswitch firewall driver in neutron-openvswitch-agent 79b4d9ede Swift: remove meta field from rsync command 426b7f4b2 Fix HAProxy monitor VIP precheck 6c91da630 Fix renos ccbba57df Fix Prometheus mysqld exporter pointing to VIP address 3003cb4a1 Fix RabbitMQ hostname address resolution precheck 07c0b83bb CI: Pin pyfakefs to <4 for Python 2 55a346993 Fixes gnocchi-api script name for Ubuntu/Debian 623eb220a Use listen port for Placement precheck b47bd864e Use InfluxDB default [http]/max-row-limit setting 710af675d Add /run/netns bindmount to Neutron containers ac158d19f Use more permissive regex to remove the offending 127.0.1.1 8be74eb8c Change /run bind mount for neutron/openvswitch 52302eb53 Fix Cinder Backup access to kernel modules (iscsi_tcp issue) 41f937b5d Haproxy: fix haproxy_cmd for Debian 6c950d842 Fix qemu loading of ceph.conf (permission error) Diffstat (except docs and test files) ------------------------------------- ansible/group_vars/all.yml | 6 +- ansible/roles/aodh/defaults/main.yml | 4 + ansible/roles/barbican/defaults/main.yml | 3 + ansible/roles/baremetal/tasks/pre-install.yml | 12 +- ansible/roles/blazar/defaults/main.yml | 2 + ansible/roles/ceilometer/defaults/main.yml | 4 + ansible/roles/ceph/tasks/reconfigure.yml | 1 + ansible/roles/chrony/defaults/main.yml | 1 + ansible/roles/cinder/defaults/main.yml | 5 + ansible/roles/cloudkitty/defaults/main.yml | 2 + ansible/roles/collectd/defaults/main.yml | 1 + ansible/roles/common/defaults/main.yml | 3 + ansible/roles/common/templates/fluentd.json.j2 | 32 +++- ansible/roles/congress/defaults/main.yml | 3 + ansible/roles/cyborg/defaults/main.yml | 3 + ansible/roles/designate/defaults/main.yml | 7 + .../roles/designate/templates/designate.conf.j2 | 10 +- ansible/roles/elasticsearch/defaults/main.yml | 1 + ansible/roles/etcd/defaults/main.yml | 1 + ansible/roles/freezer/defaults/main.yml | 2 + ansible/roles/glance/defaults/main.yml | 1 + ansible/roles/gnocchi/defaults/main.yml | 3 + .../roles/gnocchi/templates/wsgi-gnocchi.conf.j2 | 4 - ansible/roles/grafana/defaults/main.yml | 1 + ansible/roles/haproxy-config/handlers/main.yml | 17 -- .../templates/haproxy_single_service_split.cfg.j2 | 2 +- ansible/roles/haproxy/defaults/main.yml | 2 + ansible/roles/haproxy/tasks/deploy.yml | 6 +- ansible/roles/haproxy/tasks/precheck.yml | 196 ++++++++------------- ansible/roles/haproxy/tasks/upgrade.yml | 13 +- ansible/roles/haproxy/templates/haproxy_run.sh.j2 | 2 +- ansible/roles/heat/defaults/main.yml | 3 + ansible/roles/horizon/defaults/main.yml | 5 +- ansible/roles/influxdb/defaults/main.yml | 1 + ansible/roles/influxdb/templates/influxdb.conf.j2 | 1 - ansible/roles/ironic/defaults/main.yml | 6 + ansible/roles/iscsi/defaults/main.yml | 2 + ansible/roles/kafka/defaults/main.yml | 1 + ansible/roles/karbor/defaults/main.yml | 3 + ansible/roles/keystone/defaults/main.yml | 3 + ansible/roles/kibana/defaults/main.yml | 1 + ansible/roles/kuryr/defaults/main.yml | 1 + ansible/roles/magnum/defaults/main.yml | 2 + ansible/roles/manila/defaults/main.yml | 4 + ansible/roles/mariadb/defaults/main.yml | 1 + ansible/roles/mariadb/tasks/check.yml | 2 +- ansible/roles/mariadb/tasks/recover_cluster.yml | 2 +- ansible/roles/memcached/defaults/main.yml | 1 + ansible/roles/mistral/defaults/main.yml | 4 + ansible/roles/monasca/defaults/main.yml | 12 ++ ansible/roles/mongodb/defaults/main.yml | 1 + ansible/roles/multipathd/defaults/main.yml | 1 + ansible/roles/murano/defaults/main.yml | 2 + ansible/roles/neutron/defaults/main.yml | 29 +-- ansible/roles/nova/defaults/main.yml | 11 ++ ansible/roles/nova/templates/nova-libvirt.json.j2 | 2 +- .../nova/templates/nova.conf.d/libvirt.conf.j2 | 1 + ansible/roles/nova/templates/nova.conf.j2 | 1 + ansible/roles/octavia/defaults/main.yml | 4 + ansible/roles/octavia/tasks/register.yml | 12 -- ansible/roles/octavia/tasks/upgrade.yml | 14 ++ ansible/roles/octavia/templates/octavia.conf.j2 | 4 + ansible/roles/opendaylight/defaults/main.yml | 1 + ansible/roles/openvswitch/defaults/main.yml | 6 +- ansible/roles/ovs-dpdk/defaults/main.yml | 6 +- ansible/roles/panko/defaults/main.yml | 1 + ansible/roles/placement/defaults/main.yml | 1 + ansible/roles/placement/tasks/precheck.yml | 2 +- ansible/roles/prechecks/tasks/datetime_checks.yml | 26 +++ ansible/roles/prechecks/tasks/main.yml | 2 + ansible/roles/prometheus/defaults/main.yml | 9 + ansible/roles/prometheus/templates/my.cnf.j2 | 4 +- ansible/roles/qdrouterd/defaults/main.yml | 1 + ansible/roles/rabbitmq/defaults/main.yml | 1 + ansible/roles/rabbitmq/tasks/precheck.yml | 20 ++- ansible/roles/rally/defaults/main.yml | 1 + ansible/roles/redis/defaults/main.yml | 2 + ansible/roles/sahara/defaults/main.yml | 2 + ansible/roles/searchlight/defaults/main.yml | 2 + ansible/roles/senlin/defaults/main.yml | 2 + ansible/roles/skydive/defaults/main.yml | 3 + .../skydive/templates/skydive-analyzer.conf.j2 | 9 +- ansible/roles/solum/defaults/main.yml | 4 + ansible/roles/storm/defaults/main.yml | 2 + ansible/roles/swift/templates/account.conf.j2 | 2 +- ansible/roles/swift/templates/container.conf.j2 | 2 +- ansible/roles/swift/templates/object.conf.j2 | 2 +- ansible/roles/tacker/defaults/main.yml | 2 + ansible/roles/telegraf/defaults/main.yml | 1 + ansible/roles/telegraf/templates/telegraf.conf.j2 | 2 +- ansible/roles/tempest/defaults/main.yml | 1 + ansible/roles/trove/defaults/main.yml | 3 + ansible/roles/vitrage/defaults/main.yml | 4 + ansible/roles/vmtp/defaults/main.yml | 1 + ansible/roles/watcher/defaults/main.yml | 3 + ansible/roles/zookeeper/defaults/main.yml | 1 + ansible/roles/zun/defaults/main.yml | 3 + .../reference/networking/designate-guide.rst | 9 +- etc/kolla/globals.yml | 19 +- ...d-region-name-for-octavia-292594e29ef36bf2.yaml | 6 + .../notes/adds-etc-timezone-9708f538c3c2cb5e.yaml | 5 + .../notes/bug-1729566-8b77402fd8236962.yaml | 13 ++ .../notes/bug-1861513-8e09a6fb42dfc99c.yaml | 5 + .../notes/bug-1861792-a44a31693b0c786f.yaml | 6 + .../notes/bug-1862211-1c44c4a16963baad.yaml | 7 + .../notes/bug-1862739-05246e7599375800.yaml | 7 + .../notes/bug-1863041-30d87a768339251b.yaml | 6 + .../notes/bug-1863094-1564f489a7eecb28.yaml | 6 + .../notes/bug-1863363-eb5d0ddd0d0d1090.yaml | 6 + .../notes/bug-1864810-5a5d0f91c0171b19.yaml | 7 + .../notes/bug-1867179-9e31460ba53757d4.yaml | 6 + .../notes/bug-1867946-53c214be2b2482f1.yaml | 7 + .../notes/bug-1872205-2eb7e57e0a334fb7.yaml | 7 + .../notes/bug-1872540-0e9bed299f657b25.yaml | 5 + .../notes/bug-1872545-52f00bd340a800c2.yaml | 5 + .../notes/bug-1873753-73fe82e70559f928.yaml | 5 + ...aut-rsync-module-template-7c891efbe79a96a9.yaml | 7 + ...ix-haproxy-limit-precheck-c56b3ac2331867ee.yaml | 6 + ...-haproxy-monitor-precheck-487b85f4e93313b1.yaml | 6 + ...fixes-gnocchi-script-name-e4715e3b9fc5b021.yaml | 5 + .../placement-listen-port-ebbd6aa61aa551da.yaml | 5 + ...hen-alertmanager-disabled-0090c1570ff4e632.yaml | 8 +- ...ve-influxdb-max-row-limit-f814a310aa6bf6ab.yaml | 8 + ...r-in-admin-project-action-95c87ca45a1188d6.yaml | 9 + .../skydive-keystone-auth-0fe96463b27dd914.yaml | 6 + ...t-for-barbican-in-octavia-0bcdcf91a8adc95c.yaml | 7 + tools/setup_gate.sh | 13 +- 130 files changed, 612 insertions(+), 259 deletions(-)