We jubilantly announce the release of: kolla-ansible 20.2.0 This release is part of the epoxy release series. The source is available from: https://opendev.org/openstack/kolla-ansible Download the package from: https://tarballs.openstack.org/kolla-ansible/ Please report issues through: https://bugs.launchpad.net/kolla-ansible/+bugs For more details, please see below. 20.2.0 ^^^^^^ Upgrade Notes ************* * Deployments using a file-based external certificate and Let's Encrypt for the internal certificate (separate VIPs) default to managing the external certificate with Let's Encrypt. To retain a file-based external certificate, set "letsencrypt_external_cert_server: """. Security Issues *************** * Deny access to /server-status via the single frontend. LP#2121626 Bug Fixes ********* * Fixes bug LP#2118452 which stopped the RabbitMQ upgrade from version 3.13 to 4.1 even though it is supported. * In the kolla-toolbox configuration with external rabbitmq an unnecessary "comma" is generated, which is why the container does not want to start. LP#2111267 * Fixes configuration of backend TLS when network nodes are separate from controllers. LP#2117084 * Fixes a bug where Cinder endpoint that Nova uses does not get overridden because of the use of invalid option. LP#2115064 * Fixes the bug where Keystone become unable to start when the option "OIDCXForwardedHeaders" is set with empty string in "wsgi- keystone.conf". LP#2119344 * Fixes RabbitMQ version check which would always be skipped. LP#2102662 * Fixes a bug where K-A can fail service deployment because it tries to copy backend TLS certificates of some hosts to containers when both hosts and containers are not part of backend TLS and do not have certificates to copy. LP#2105505 * Prevents accidental "libvirt" downgrades in "nova_libvirt" container image during deploy and upgrade. Adds a "nova_libvirt" version check that resolves the target image digest once on the first compute host and runs only on hypervisors where the running container digest differs from the target. * Restore the default Let's Encrypt ACME server for external certificates so that enabling "enable_letsencrypt" works out of the box again without explicitly setting "letsencrypt_external_cert_server". The default is "https://acme-v02.api.letsencrypt.org/directory". Changes in kolla-ansible 20.1.0..20.2.0 --------------------------------------- a0e3fe617 letsencrypt: add max_fail_percentage to site.yml 33a9750bd Prevent accidental Libvirt downgrades 0cc30a2d1 CI: Rename nodesets to reflect 8GB/16GB split 290b68807 Deny access to `server-status` via `single frontend` faa8be9fe letsencrypt: pass EAB and Key Type flags in cron e8722c408 Replace outdated core team list by Gerrit links 819f011c9 CI: Use 16GB nodes for debian-bookworm nodes 6fff83384 update development docs after cli move to python 0612b0a15 [stable-only] neutron: Followup templating error 2dcf3f065 Set default external Let's Encrypt cert server 0571550a4 mariabackup: Grant ALTER on mysql.mariadb_backup_history 8c8c31ddb CI: Mark debian-upgrade as non-voting f44faa905 neutron: Template vpnaas config only when it is enabled b277a3892 Fix RabbitMQ version check always getting skipped b61d2eb4e Fix etcd config.json template 33e6f15bf CI: Use opendev docker registry mirror 0cbfa8ba8 Only add OIDCXForwardedHeaders when variable is set 5001cabe0 Re-add missing permission attribute d373507ae Update RabbitMQ documentation for Epoxy 4e9831dc9 Tweak RabbitMQ version check to allow 3.13 to 4.1 282fa1a16 Add network group to tls-backend b03cefe69 Fix unrestricted copying of backend TLS certs c69a76168 CI: Exclude hacluster logs in fluentd checks 241ef3c50 neutron: Do not run netns-cleanup when wrappers are enabled 62cedab46 fluentd: Add ovn logs to input db3a6510b ovn: Add sb_relay_group_id to environment c169e45d7 CI: Bump instance creation timeout to 5 minutes b60cca1ab Fix release note grammar 28d61586a CI: add zun to check-log exception list 18e568fc6 CI: Fix check-logs.sh routine for finding missing fluentd logs 6699acc7a Allow to override Cirros image URL for air-gapped environments d7cbd03ac CI: Test for log files missing in fluentd config a068920c1 [CI] Use smaller flavor for CI 589e5cb02 [CI] Create smaller flavor for CI 6b7d80149 Fix invalid Cinder endpoint option in nova.conf f4645115e Unnecessary comma in kolla-tolbox configuration - external rabbitmq da343c765 [CI] Enable virtualenv testing for Debian/Ubuntu 7be170cfd Fix path to heat config-generator.conf Diffstat (except docs and test files) ------------------------------------- ansible/group_vars/all.yml | 2 +- ansible/inventory/all-in-one | 1 + ansible/inventory/multinode | 1 + .../templates/conf/input/10-openvswitch.conf.j2 | 56 ++++++++++ .../roles/common/templates/kolla-toolbox.json.j2 | 2 +- ansible/roles/etcd/templates/etcd.json.j2 | 2 +- ansible/roles/heat/defaults/main.yml | 2 +- .../ironic/templates/ironic-inspector.json.j2 | 1 + .../roles/keystone/templates/wsgi-keystone.conf.j2 | 2 + ansible/roles/letsencrypt/templates/crontab.j2 | 4 +- .../haproxy/haproxy_external_frontend.cfg.j2 | 1 + ansible/roles/mariadb/tasks/register.yml | 2 +- ansible/roles/neutron/tasks/config.yml | 1 + .../templates/neutron-l3-agent-wrapper.sh.j2 | 6 +- .../neutron/templates/neutron-l3-agent.json.j2 | 4 +- .../roles/neutron/templates/neutron-server.json.j2 | 4 +- .../roles/neutron/templates/neutron_vpnaas.conf.j2 | 2 - ansible/roles/nova-cell/tasks/deploy.yml | 2 + ansible/roles/nova-cell/tasks/upgrade.yml | 2 + ansible/roles/nova-cell/tasks/version-check.yml | 88 +++++++++++++++ ansible/roles/nova-cell/templates/nova.conf.j2 | 2 +- ansible/roles/nova/templates/nova.conf.j2 | 2 +- ansible/roles/ovn-db/defaults/main.yml | 2 + ansible/roles/ovn-db/handlers/main.yml | 1 + ansible/roles/rabbitmq/tasks/version-check.yml | 9 +- ansible/roles/service-cert-copy/tasks/main.yml | 2 + ansible/roles/service-image-info/defaults/main.yml | 3 + ansible/roles/service-image-info/tasks/main.yml | 26 +++++ ansible/site.yml | 4 + ...llow-rabbitmq-3-13-to-4-1-8ae08d265c353301.yaml | 7 ++ .../notes/bug-2111267-5bff269cf10a4239.yaml | 7 ++ .../notes/bug-2117084-60fbff1b0616531d.yaml | 6 + ...tatus-via-single-frontend-33bbf3b9688a9ae4.yaml | 5 + ...point-option-in-nova-conf-417aae41d82cbdb2.yaml | 6 + ...-forwarded-headers-option-edb945bfcb98c691.yaml | 7 ++ ...q-version-check-condition-59528341299bab89.yaml | 5 + ...ed-copying-of-backend-tls-2bade63581b84c80.yaml | 8 ++ .../libvirt-catch-downgrade-d297347d745211f0.yaml | 8 ++ .../nova-metadata-split-d1c9ff2010390352.yaml | 2 +- ...rypt-external-cert-server-d34f9d783082d7d7.yaml | 13 +++ tools/init-runonce | 2 +- zuul.d/base.yaml | 1 + zuul.d/jobs.yaml | 82 +++++++------- zuul.d/nodesets.yaml | 74 +++++++++---- zuul.d/project.yaml | 5 +- 60 files changed, 610 insertions(+), 212 deletions(-)