We are pumped to announce the release of: kolla-ansible 8.2.0: Ansible Deployment of Kolla containers This release is part of the stein stable release series. The source is available from: https://opendev.org/openstack/kolla-ansible Download the package from: https://tarballs.openstack.org/kolla-ansible/ Please report issues through: https://bugs.launchpad.net/kolla-ansible/+bugs For more details, please see below. 8.2.0 ^^^^^ New Features ************ * Kolla Ansible checks now that the local Ansible Python environment is coherent, i.e. used Ansible can see Kolla Ansible. LP#1856346 Upgrade Notes ************* * Avoids unnecessary fact gathering using the "setup" module. This should improve the performance of environments using fact caching and the Ansible "smart" fact gathering policy. See blueprint for details. * In the previous stable release, the octavia user was no longer given the admin role in the admin project, and a task was added to remove the role during upgrades. However, the octavia configuration was not updated to use the service project, causing load balancer creation to fail. There is also an issue for existing deployments in simply switching to the service project. While existing load balancers appear to continue to work, creating new load balancers fails due to the security group belonging to the admin project. For this reason, Train and Stein have been reverted to use the admin project by default, while from the Ussuri release the service project will be used by default. To provide flexibility, an "octavia_service_auth_project" variable has been added. In the Train and Stein releases this is set to "admin" by default, and from Ussuri it will be set to "service" by default. For users of Train and Stein, "octavia_service_auth_project" may be set to "service" in order to avoid a breaking change during the Ussuri upgrade. To switch an existing deployment from using the "admin" project to the "service" project, it will at least be necessary to create the required security group in the "service" project, and update "octavia_amp_secgroup_list" to this group's ID. Ideally the Amphora flavor and network would also be recreated in the "service" project, although this does not appear to be necessary for operation, and will impact existing Amphorae. See bug 1873176 for details. * Apache ZooKeeper will now be automatically deployed whenever Apache Storm is enabled. Bug Fixes ********* * Fixes Kibana deployment with the new E*K stack (6+). LP#1799689 * Fixes Grafana datasource update. LP#1881890 * Removing chrony package and AppArmor profile from docker host if containerized chrony is enabled. LP#1882513 * Do not require kolla-ansible to be installed (Stein only). LP#1882780 * Add missing "become: true" on some VMWare related tasks. Fixed on "Copying VMware vCenter CA file" and "Copying over nsx.ini". * In line with clients for other services used by Magnum, Cinder and Octavia also use endpoint_type = internalURL. In the same tune, these services also use the globally defined *openstack_region_name*. * Fixes an issue with Cinder upgrades that would cause online schema migration to fail. LP#1880753 * Fixes an issue where "fernet_token_expiry" would fail the pre- checks despite being set to a valid value. Please see bug 1856021 (https://bugs.launchpad.net/kolla-ansible/+bug/1856021) for more details. * In the previous stable release, the octavia user was no longer given the admin role in the admin project, and a task was added to remove the role during upgrades. However, the octavia configuration was not updated to use the service project, causing load balancer creation to fail. See upgrade notes for details. LP#1873176 * Improves error reporting in "kolla-genpwd" and "kolla-mergepwd" when input files are not in the expected format. LP#1880220. * Fixes Magnum trust operations in multi-region deployments. * Fixes an issue where host configuration tasks ("sysctl", loading kernel modules) could be performed during the "kolla-ansible genconfig" command. See bug 1860161 for details. * Deploys Apache ZooKeeper if Apache Storm is enabled explicitly. ZooKeeper would only be deployed if Apache Kafka was also enabled, which is often done implicitly by enabling Monasca. Changes in kolla-ansible 8.1.1..8.2.0 ------------------------------------- a96ca6065 Manage octavia health manager worker through openstack_service worker 146604674 Use the children group for site.yml 9b82c0f55 Use public interface for Magnum client and trustee Keystone interface ed426f6af octavia: Add documentation 953ae8c67 Fix Magnum trust operations in multi-region clouds c19169679 Use internalURL endpoint_type for all clients used by Magnum 2e1ab6e60 CI: Move NFV reqs installation to where it belongs 89e6f9aba Remove chrony package if containerized chrony is enabled f1ce87370 Remove post_config from the Kibana role 38166cd9e Make openstack_release more obvious 041943fa1 Remove max count from Cinder online schema migration 45e138538 Enable ZooKeeper when Storm is enabled a0868027f Make octavia service_auth project configurable fffbc32da Skip storm play when not enabled 90736f0fd Improve error reporting in password utilities f3ba8d5f2 Run tox in venv in case of building images 872a0552f CI: Install python dependencies ff8a0cce3 Fix file extension in MariaDB backup docs 9a0cf7436 Fix Grafana datasource update a14707bbc Add missing become to some VMWare tasks d0f72c604 Do not require kolla-ansible to be installed bfc435490 Avoid unconditional fact gathering 90ec823bb Revert "Remove confusing docs" 57605db6d Check that used Ansible can see Kolla Ansible dd8ff1063 Remove confusing docs 800111dda Add First login steps back into Kibana doc 4b7dc5036 Update Advanced Config guide to clarify paths fcbcd1e36 Document and test maximum supported version of Ansible ca18bee49 fix can not generate ovs-dpdk.conf 242c8a6b7 Improve fernet_token_expiry precheck d943ecba8 multipath requires udev-rules in host 4acd3fd1e CI: Discern between Ironic client and grep failure 7ab59bd01 Ignore .vscode/ in Git a898d5416 dpdk-vswitchd: some ovs tools require ovs daemons pidfiles ae6cef7f0 Separate per-service host configuration tasks Diffstat (except docs and test files) ------------------------------------- .gitignore | 3 + ansible/gather-facts.yml | 12 +- ansible/group_vars/all.yml | 4 +- ansible/roles/baremetal/defaults/main.yml | 3 + ansible/roles/baremetal/tasks/post-install.yml | 16 ++ ansible/roles/ceilometer/tasks/config.yml | 1 + ansible/roles/cinder/defaults/main.yml | 4 - ansible/roles/cinder/tasks/upgrade.yml | 1 - ansible/roles/elasticsearch/tasks/config-host.yml | 12 ++ ansible/roles/elasticsearch/tasks/config.yml | 9 - ansible/roles/elasticsearch/tasks/deploy.yml | 2 + ansible/roles/elasticsearch/tasks/upgrade.yml | 2 + ansible/roles/grafana/tasks/post_config.yml | 2 +- ansible/roles/haproxy/tasks/config-host.yml | 20 +++ ansible/roles/haproxy/tasks/config.yml | 17 -- ansible/roles/haproxy/tasks/deploy.yml | 2 + ansible/roles/haproxy/tasks/upgrade.yml | 2 + ansible/roles/ironic/tasks/config-host.yml | 8 + ansible/roles/ironic/tasks/config.yml | 7 - ansible/roles/ironic/tasks/deploy.yml | 2 + ansible/roles/ironic/tasks/legacy_upgrade.yml | 2 + ansible/roles/ironic/tasks/rolling_upgrade.yml | 2 + ansible/roles/iscsi/tasks/config-host.yml | 10 ++ ansible/roles/iscsi/tasks/config.yml | 10 -- ansible/roles/iscsi/tasks/deploy.yml | 2 + ansible/roles/keystone/tasks/precheck.yml | 24 ++- ansible/roles/kibana/defaults/main.yml | 10 -- ansible/roles/kibana/tasks/deploy.yml | 2 - ansible/roles/kibana/tasks/post_config.yml | 72 -------- ansible/roles/magnum/templates/magnum.conf.j2 | 11 ++ ansible/roles/monasca/tasks/post_config.yml | 3 +- ansible/roles/multipathd/tasks/config-host.yml | 7 + ansible/roles/multipathd/tasks/config.yml | 7 - ansible/roles/multipathd/tasks/deploy.yml | 2 + ansible/roles/multipathd/tasks/upgrade.yml | 2 + ansible/roles/neutron/tasks/config-host.yml | 22 +++ ansible/roles/neutron/tasks/config.yml | 20 +-- ansible/roles/neutron/tasks/deploy.yml | 2 + ansible/roles/neutron/tasks/legacy_upgrade.yml | 2 + ansible/roles/neutron/tasks/rolling_upgrade.yml | 2 + ansible/roles/nova/tasks/config-host.yml | 12 ++ ansible/roles/nova/tasks/config.yml | 12 -- ansible/roles/nova/tasks/deploy.yml | 2 + ansible/roles/nova/tasks/legacy_upgrade.yml | 2 + ansible/roles/nova/tasks/rolling_upgrade.yml | 2 + ansible/roles/octavia/defaults/main.yml | 4 + ansible/roles/octavia/tasks/register.yml | 14 ++ ansible/roles/octavia/templates/octavia.conf.j2 | 5 +- ansible/roles/opendaylight/tasks/config-host.yml | 12 ++ ansible/roles/opendaylight/tasks/config.yml | 12 -- ansible/roles/opendaylight/tasks/deploy.yml | 2 + ansible/roles/opendaylight/tasks/upgrade.yml | 2 + ansible/roles/openvswitch/tasks/config-host.yml | 7 + ansible/roles/openvswitch/tasks/config.yml | 7 - ansible/roles/openvswitch/tasks/deploy.yml | 2 + ansible/roles/openvswitch/tasks/upgrade.yml | 2 + .../ovs-dpdk/templates/ovsdpdk-vswitchd.json.j2 | 2 +- ansible/site.yml | 14 +- .../central-logging-guide.rst | 15 ++ etc/kolla/globals.yml | 6 +- kolla_ansible/cmd/genpwd.py | 4 + kolla_ansible/cmd/mergepwd.py | 9 + ...onditional-fact-gathering-94760984b2de0796.yaml | 8 + .../notes/bug-1799689-c8612c73649ac483.yaml | 5 + .../notes/bug-1856346-59d0f01005d56e81.yaml | 6 + .../notes/bug-1881890-72c76f5fc065588b.yaml | 5 + ...-chrony-permission-denied-917b3bffc5cdb38d.yaml | 6 + .../notes/bug-1882780-4e71976ce57a0d7c.yaml | 5 + ...-become-attributes-vmware-9ae97e49b4d7dc0d.yaml | 5 + ...in-magnum-use-internalURL-af3ad82af71a88c6.yaml | 6 + ...-cinder-upgrade-max-count-ab928f85f224c63d.yaml | 5 + .../fix-fernet-pre-check-5efbdfe43a2776e3.yaml | 6 + ...avia-service-auth-project-849a4e5bd852e9c7.yaml | 40 +++++ .../notes/improve-pwd-errors-7563a3cc941c3091.yaml | 6 + ...stee-keystone-region-name-002162a45f855faf.yaml | 4 + ...-host-config-in-genconfig-7321f0dcfc9d728d.yaml | 7 + .../storm-enable-zookeeper-2108156acced1c57.yaml | 10 ++ tools/kolla-ansible | 61 ++++++- tools/ovs-dpdkctl.sh | 6 +- tools/setup_gate.sh | 7 +- zuul.d/project.yaml | 4 +- 91 files changed, 753 insertions(+), 239 deletions(-)