From no-reply at openstack.org Wed Dec 1 17:01:20 2021 From: no-reply at openstack.org (no-reply at openstack.org) Date: Wed, 01 Dec 2021 17:01:20 -0000 Subject: [release-announce] metalsmith 1.6.1 (yoga) Message-ID: We are tickled pink to announce the release of: metalsmith 1.6.1: Deployment and Scheduling tool for Bare Metal This release is part of the yoga release series. The source is available from: https://opendev.org/openstack/metalsmith Download the package from: https://tarballs.openstack.org/metalsmith/ Please report issues through: https://storyboard.openstack.org/#!/project/openstack/metalsmith For more details, please see below. 1.6.1 ^^^^^ Bug Fixes * Fixed an issue where instance metadata for network configuration was not correctly written to the config-drive when using a neutron routed provider network. The invalid metadata would in most cases cause the instance network initialization to completely fail, leaving the instance with no network connectivity. See bug: 2009715 (https://storyboard.openstack.org/#!/story/2009715). Changes in metalsmith 1.6.0..1.6.1 ---------------------------------- 81d820f Set binding:host_id on VIFs 9a890bf Updating yoga tested python versions in classifier Diffstat (except docs and test files) ------------------------------------- metalsmith/_nics.py | 11 +++++++- metalsmith/test/test_provisioner.py | 32 ++++++++++++++++++++++ ...g-broken-network-metadata-9c3ccfab2c563466.yaml | 10 +++++++ setup.cfg | 4 +-- 4 files changed, 54 insertions(+), 3 deletions(-) From no-reply at openstack.org Fri Dec 3 09:47:09 2021 From: no-reply at openstack.org (no-reply at openstack.org) Date: Fri, 03 Dec 2021 09:47:09 -0000 Subject: [release-announce] designate 10.0.2 (ussuri) Message-ID: We are pumped to announce the release of: designate 10.0.2: DNS as a Service This release is part of the ussuri stable release series. The source is available from: https://opendev.org/openstack/designate Download the package from: https://tarballs.openstack.org/designate/ Please report issues through: https://bugs.launchpad.net/designate/+bugs For more details, please see below. Changes in designate 10.0.1..10.0.2 ----------------------------------- a9ab61bc Fix pool update with duplicate masters 92c0d3f2 Support filtering on zone import/export list Diffstat (except docs and test files) ------------------------------------- .zuul.yaml | 2 +- designate/central/service.py | 20 ++++++++---- designate/manage/pool.py | 9 ++++-- 4 files changed, 60 insertions(+), 12 deletions(-) From no-reply at openstack.org Fri Dec 3 10:54:41 2021 From: no-reply at openstack.org (no-reply at openstack.org) Date: Fri, 03 Dec 2021 10:54:41 -0000 Subject: [release-announce] designate 12.0.1 (wallaby) Message-ID: We joyfully announce the release of: designate 12.0.1: DNS as a Service This release is part of the wallaby stable release series. The source is available from: https://opendev.org/openstack/designate Download the package from: https://tarballs.openstack.org/designate/ Please report issues through: https://bugs.launchpad.net/designate/+bugs For more details, please see below. Changes in designate 12.0.0..12.0.1 ----------------------------------- 04a6d315 Fix race condition in the sink when deleting records 7b270558 Support filtering on zone import/export list d7cd9584 Update TOX_CONSTRAINTS_FILE for stable/wallaby 0aa6f83c Update .gitreview for stable/wallaby Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + .zuul.yaml | 2 +- designate/central/service.py | 20 ++- designate/notification_handler/base.py | 50 +++++- .../nova/compute.instance.create.end-2.json | 180 +++++++++++++++++++++ .../test_notification_handler/test_neutron.py | 40 ++--- tox.ini | 8 +- 8 files changed, 356 insertions(+), 62 deletions(-) From no-reply at openstack.org Fri Dec 3 10:57:47 2021 From: no-reply at openstack.org (no-reply at openstack.org) Date: Fri, 03 Dec 2021 10:57:47 -0000 Subject: [release-announce] openstacksdk 0.61.0 (yoga) Message-ID: We are thrilled to announce the release of: openstacksdk 0.61.0: An SDK for building applications to work with OpenStack This release is part of the yoga release series. The source is available from: https://opendev.org/openstack/openstacksdk Download the package from: https://pypi.org/project/openstacksdk Please report issues through: https://storyboard.openstack.org/#!/project/openstack/openstacksdk For more details, please see below. 0.61.0 ^^^^^^ New Features * Add support for Compute API microversion 2.73, which allows admins to specify a reason when locking a server. * The 2.89 API microversion is now supported for the compute service. This adds additional fields to the "os-volume_attachments" API, represented by the "openstack.compute.v2.volume_attachment.VolumeAttachment" resource. Changes in openstacksdk 0.60.0..0.61.0 -------------------------------------- 4f8fae5c Add Neutron Local IP CRUD 8b09b8f1 Splits class `TestNetworkProxy` cc00aafd Vpn ike policy resource 6fdc97b7 compute: Add support for server lock reason 6487cad2 Add "check_limit" to network Quota class 3692438f compute: Add support for microversion 2.89 ee75531e Adds "test_update_zone" test case ebc3419b Fix some docstrings, and a small bug b81275b1 Remove misspelled speccing arguments dc906fbf Changed minversion in tox to 3.18.0 Diffstat (except docs and test files) ------------------------------------- .../resources/network/v2/local_ip_association.rst | 13 + openstack/baremetal/v1/node.py | 11 +- openstack/compute/v2/_proxy.py | 8 +- openstack/compute/v2/server.py | 8 +- openstack/compute/v2/volume_attachment.py | 17 +- openstack/network/v2/_proxy.py | 287 +++++++++++++++++++++ openstack/network/v2/ikepolicy.py | 63 +++++ openstack/network/v2/local_ip.py | 61 +++++ openstack/network/v2/local_ip_association.py | 47 ++++ openstack/network/v2/quota.py | 2 + .../network/v2/test_local_ip_association.py | 68 +++++ .../unit/compute/v2/test_volume_attachment.py | 27 +- .../unit/network/v2/test_local_ip_association.py | 56 ++++ ...compute-microversion-2-73-abae1d0c3740f76e.yaml | 5 + ...compute-microversion-2-89-8c5187cc3bf6bd02.yaml | 7 + tox.ini | 6 +- 29 files changed, 1148 insertions(+), 42 deletions(-) From no-reply at openstack.org Fri Dec 3 11:05:46 2021 From: no-reply at openstack.org (no-reply at openstack.org) Date: Fri, 03 Dec 2021 11:05:46 -0000 Subject: [release-announce] designate 11.0.1 (victoria) Message-ID: We are satisfied to announce the release of: designate 11.0.1: DNS as a Service This release is part of the victoria stable release series. The source is available from: https://opendev.org/openstack/designate Download the package from: https://tarballs.openstack.org/designate/ Please report issues through: https://bugs.launchpad.net/designate/+bugs For more details, please see below. Changes in designate 11.0.0..11.0.1 ----------------------------------- 1a2c3ca7 Fix race condition in the sink when deleting records 3069fb6b Support filtering on zone import/export list d08dd621 Drop lower-constraints test 16fd046c Fix lower-constraints test not constraining properly 4f42a815 Increase lower-constraint for kombu 9e159d93 Fix pool update with duplicate masters b1d588cd Fix pdns4 devstack plugin 47b9909a Update TOX_CONSTRAINTS_FILE for stable/victoria cac2210c Update .gitreview for stable/victoria Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + .zuul.yaml | 3 +- designate/central/service.py | 20 ++- designate/manage/pool.py | 9 +- designate/notification_handler/base.py | 50 +++++- .../nova/compute.instance.create.end-2.json | 180 +++++++++++++++++++++ .../test_notification_handler/test_neutron.py | 40 ++--- devstack/designate_plugins/backend-pdns4 | 22 +-- lower-constraints.txt | 161 ------------------ tox.ini | 14 +- 12 files changed, 402 insertions(+), 256 deletions(-) From no-reply at openstack.org Tue Dec 7 17:55:54 2021 From: no-reply at openstack.org (no-reply at openstack.org) Date: Tue, 07 Dec 2021 17:55:54 -0000 Subject: [release-announce] metalsmith 1.4.3 (wallaby) Message-ID: We are happy to announce the release of: metalsmith 1.4.3: Deployment and Scheduling tool for Bare Metal This release is part of the wallaby stable release series. The source is available from: https://opendev.org/openstack/metalsmith Download the package from: https://tarballs.openstack.org/metalsmith/ Please report issues through: https://storyboard.openstack.org/#!/project/openstack/metalsmith For more details, please see below. 1.4.3 ^^^^^ Bug Fixes * Fixed an issue where instance metadata for network configuration was not correctly written to the config-drive when using a neutron routed provider network. The invalid metadata would in most cases cause the instance network initialization to completely fail, leaving the instance with no network connectivity. See bug: 2009715 (https://storyboard.openstack.org/#!/story/2009715). * Fixed and issue where deployed nodes did not become available over the network. This happened when the first network interface was not connected to a network with a DHCP service, i.e a secondary network interface was used. Network metadata is now created and written to the instance config in the config-drive for deployed nodes. The addition of network metadata in the instance config solves this problem. See bug: 2009238 (https://storyboard.openstack.org/#!/story/2009238). Changes in metalsmith 1.4.2..1.4.3 ---------------------------------- 324b758 Set binding:host_id on VIFs 7b4a13d Write network_data.json metadata to config-dirve 85934a3 Replace deprecated import of ABCs from collections 445cc83 Update TOX_CONSTRAINTS_FILE for stable/wallaby a8747be Update .gitreview for stable/wallaby Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + metalsmith/_network_metadata.py | 93 +++++++++++++++ metalsmith/_nics.py | 17 ++- metalsmith/_provisioner.py | 7 +- metalsmith/exceptions.py | 4 + metalsmith/instance_config.py | 13 ++- metalsmith/test/test_instance_config.py | 15 ++- metalsmith/test/test_network_metadata.py | 130 +++++++++++++++++++++ metalsmith/test/test_provisioner.py | 56 +++++++-- ...g-broken-network-metadata-9c3ccfab2c563466.yaml | 10 ++ .../notes/network-metadata-ff0c3e80e5e0f53c.yaml | 10 ++ tox.ini | 8 +- 12 files changed, 342 insertions(+), 22 deletions(-) From no-reply at openstack.org Tue Dec 7 18:22:44 2021 From: no-reply at openstack.org (no-reply at openstack.org) Date: Tue, 07 Dec 2021 18:22:44 -0000 Subject: [release-announce] metalsmith 1.5.2 (xena) Message-ID: We are psyched to announce the release of: metalsmith 1.5.2: Deployment and Scheduling tool for Bare Metal This release is part of the xena stable release series. The source is available from: https://opendev.org/openstack/metalsmith Download the package from: https://tarballs.openstack.org/metalsmith/ Please report issues through: https://storyboard.openstack.org/#!/project/openstack/metalsmith For more details, please see below. 1.5.2 ^^^^^ Bug Fixes * Fixed an issue where instance metadata for network configuration was not correctly written to the config-drive when using a neutron routed provider network. The invalid metadata would in most cases cause the instance network initialization to completely fail, leaving the instance with no network connectivity. See bug: 2009715 (https://storyboard.openstack.org/#!/story/2009715). * Fixed and issue where deployed nodes did not become available over the network. This happened when the first network interface was not connected to a network with a DHCP service, i.e a secondary network interface was used. Network metadata is now created and written to the instance config in the config-drive for deployed nodes. The addition of network metadata in the instance config solves this problem. See bug: 2009238 (https://storyboard.openstack.org/#!/story/2009238). Changes in metalsmith 1.5.1..1.5.2 ---------------------------------- a291bd0 Set binding:host_id on VIFs 82a83a2 Write network_data.json metadata to config-dirve dad1b00 Update TOX_CONSTRAINTS_FILE for stable/xena c4e77a4 Update .gitreview for stable/xena Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + metalsmith/_network_metadata.py | 93 +++++++++++++++ metalsmith/_nics.py | 11 +- metalsmith/_provisioner.py | 7 +- metalsmith/exceptions.py | 4 + metalsmith/instance_config.py | 13 ++- metalsmith/test/test_instance_config.py | 15 ++- metalsmith/test/test_network_metadata.py | 130 +++++++++++++++++++++ metalsmith/test/test_provisioner.py | 56 +++++++-- ...g-broken-network-metadata-9c3ccfab2c563466.yaml | 10 ++ .../notes/network-metadata-ff0c3e80e5e0f53c.yaml | 10 ++ tox.ini | 8 +- 12 files changed, 339 insertions(+), 19 deletions(-) From no-reply at openstack.org Thu Dec 9 13:18:48 2021 From: no-reply at openstack.org (no-reply at openstack.org) Date: Thu, 09 Dec 2021 13:18:48 -0000 Subject: [release-announce] openstack-ansible 21.2.12 (ussuri) Message-ID: We are overjoyed to announce the release of: openstack-ansible 21.2.12: Ansible playbooks for deploying OpenStack This release is part of the ussuri stable release series. The source is available from: https://opendev.org/openstack/openstack-ansible Download the package from: https://tarballs.openstack.org/openstack-ansible/ Please report issues through: https://bugs.launchpad.net/openstack-ansible/+bugs For more details, please see below. Changes in openstack-ansible 21.2.11..21.2.12 --------------------------------------------- 9f1ac5f57 Bump OpenStack-Ansible Ussuri 7724e486e Pin uWSGI version 84af4f7e6 Backported fixes for healthcheck playbooks Diffstat (except docs and test files) ------------------------------------- ansible-collection-requirements.yml | 2 +- ansible-role-requirements.yml | 12 +-- global-requirement-pins.txt | 1 + playbooks/defaults/repo_packages/gnocchi.yml | 2 +- playbooks/defaults/repo_packages/nova_consoles.yml | 4 +- .../defaults/repo_packages/openstack_services.yml | 96 +++++++++++----------- playbooks/healthcheck-infrastructure.yml | 6 +- playbooks/healthcheck-openstack.yml | 9 +- 8 files changed, 67 insertions(+), 65 deletions(-) From no-reply at openstack.org Thu Dec 9 13:19:20 2021 From: no-reply at openstack.org (no-reply at openstack.org) Date: Thu, 09 Dec 2021 13:19:20 -0000 Subject: [release-announce] ironic-inspector 10.9.0 (yoga) Message-ID: We are chuffed to announce the release of: ironic-inspector 10.9.0: Hardware introspection for OpenStack Bare Metal This release is part of the yoga release series. The source is available from: https://opendev.org/openstack/ironic-inspector Download the package from: https://tarballs.openstack.org/ironic-inspector/ Please report issues through: https://storyboard.openstack.org/#!/project/944 For more details, please see below. 10.9.0 ^^^^^^ New Features * Adds support for filter by state in the list introspection API. See story 1625183 (https://storyboard.openstack.org/#!/story/1625183). * "GET /v1/introspection?state=starting,..." Changes in ironic-inspector 10.8.0..10.9.0 ------------------------------------------ 643d1e0 [trivial] Fix Xena release notes versions e20c7aa Updating yoga tested python versions in classifier c70e971 CI: Make inspector configuration UEFI aware ff93c77 Add support for state selector in the list introspection b14be6a Add Python3 yoga unit tests 80a7abe Update master for stable/xena Diffstat (except docs and test files) ------------------------------------- .../source/introspection-api-v1-introspection.inc | 1 + api-ref/source/introspection-api-versions.inc | 1 + devstack/plugin.sh | 15 +++++++-- ironic_inspector/api_tools.py | 16 ++++++++++ ironic_inspector/main.py | 5 +-- ironic_inspector/node_cache.py | 5 ++- ironic_inspector/test/unit/test_api_tools.py | 19 +++++++++++ ironic_inspector/test/unit/test_main.py | 37 ++++++++++++++++++++-- ironic_inspector/test/unit/test_node_cache.py | 16 ++++++++-- ...rospection-state-selector-3bbb37dd08e35d09.yaml | 8 +++++ releasenotes/source/index.rst | 1 + releasenotes/source/xena.rst | 6 ++++ setup.cfg | 3 +- zuul.d/project.yaml | 2 +- 14 files changed, 121 insertions(+), 14 deletions(-) From no-reply at openstack.org Thu Dec 9 17:36:39 2021 From: no-reply at openstack.org (no-reply at openstack.org) Date: Thu, 09 Dec 2021 17:36:39 -0000 Subject: [release-announce] ironic-python-agent 8.3.0 (yoga) Message-ID: We are pumped to announce the release of: ironic-python-agent 8.3.0: Ironic Python Agent Ramdisk This release is part of the yoga release series. The source is available from: https://opendev.org/openstack/ironic-python-agent Download the package from: https://tarballs.openstack.org/ironic-python-agent/ Please report issues through: https://storyboard.openstack.org/#!/project/openstack/ironic- python-agent For more details, please see below. 8.3.0 ^^^^^ New Features ************ * Add options to have named output files for the burn-in logging: {'agent_burnin_cpu', 'agent_burnin_vm', 'agent_burnin_fio_network', 'agent_burnin_fio_disk'}_outputfile. This should ease collecting the output of the burn-in steps for analysis. * Add 'agent_burnin_fio_disk_smart_test' option in driver-info for disk burn-in. If set to True, this option will launch a parallel SMART self test on all devices after the disk burn-in and fail the disk burn-in clean step if any of the tests fail. Bug Fixes ********* * No longer ignores global TLS configuration options ("ipa- insecure", etc) when downloading a configdrive via a URL. * No longer ignores error status codes from the server when downloading a configdrive via a URL. * The configdrive downloading code now respects the "ipa-image- download-connection-timeout" option and will no longer hang for a long time if the server does not respond. * Fixes a minor issue with the regular expression used for UEFI duplicate entry cleanup which was introduced in a prior change to refactor the cleanup operation to avoid UEFI firmware which treats deletion of entries after addition as an invalid operation. * Fixes cases where duplicates may not be found in the UEFI firmware NVRAM boot entry table by explicitly looking for, and deleting for matching labels in advance of creating the EFI boot loader entry. * Fixes a race on software RAID creation: since the creation of partitions is asynchronous, we need to wait for all udev events to be processed before we can use the partitions to create an md device. * Fixes an issue where partitions are not visible due to an incorrect call when re-reading the partition table during a device rescan. * Fixes an issue where partitions are not visible due to an incorrect call to have the partition table re-read during raid configuration creation. * Fixes an issue when the EFI partition UUID is not set and an attempt to edit /etc/fstab is made. * The configured log file and/or log directory is now always explicitly included in the ramdisk logs. * IPA instructs qemu-img to write image zeros to disk. Doing this will cause it not to zero out the entire block device which can be very costly on a slow HDD. Changes in ironic-python-agent 8.2.0..8.3.0 ------------------------------------------- e751218 Burn-in: Add options for named log files 12f5f30 Instruct qemu-img to write image zeros to disk. 9b82794 Prepare for bugfix release a35c77e [trivial] Fix Xena release notes versions c6b1cb1 Burn-in: Add SMART self test to disk burn-in c31835e Use only Yoga tests 87a42cc Test python 3.6 for distributions compatibility 4042e7b Get rid of lambda in RealFilePartitioningTestCase dda53b4 Updating yoga tested python versions in classifier 5cf61e7 Trivial: split away efibootmgr helpers abe38a6 Fix compatibility with disk_utils.find_efi_partition 89bc73a Use two more functions from disk_utils 7b03fbb Call execute from ironic-lib in hardware.py 36d4a18 Move manage_uefi from the image extension to a public location ce296a4 Remove metalsmith centos7 job a799dcc Move rescan device function to general utils c5fb191 Simplify error messages when running clean/deploy step 23e67b5 Re-read the partition table with partx -a, part 2 dc8c1f1 Re-read the partition table with partx -a c5268bb Fix UEFI record regex 67eddfa Delete EFI boot entry duplicate labels first 2cedaa5 Always include the oslo_log log file in ramdisk logs b360214 Stop requiring mocking of utils.execute if ironic-lib execute is mocked 9a8c6a8 Fix error messages in burnin code 8a66978 Respect global parameters when downloading a configdrive 333ed70 Assert EFI part UUID is not None before editing fstab 9d707e9 Software RAID: Call udev_settle before creation 8d901ff Add Python3 yoga unit tests 1665abc Update master for stable/xena Diffstat (except docs and test files) ------------------------------------- ironic_python_agent/burnin.py | 138 ++++- ironic_python_agent/efi_utils.py | 277 ++++++++++ ironic_python_agent/extensions/clean.py | 10 +- ironic_python_agent/extensions/deploy.py | 10 +- ironic_python_agent/extensions/image.py | 342 +----------- ironic_python_agent/extensions/standby.py | 5 +- ironic_python_agent/hardware.py | 129 +++-- ironic_python_agent/partition_utils.py | 113 +++- ironic_python_agent/utils.py | 67 +-- lower-constraints.txt | 4 +- ...-named-logfiles-to-burnin-4388309bf7442d53.yaml | 7 + ...smart-test-to-disk-burnin-d02d31e23e5efa9a.yaml | 7 + .../notes/configdrive-ssl-02b069948dfef814.yaml | 12 + .../notes/correct-uefi-regex-112211c2427cd4d9.yaml | 7 + .../de-duplicate-by-label-baa090c5b1bff992.yaml | 6 + ...x-nvme-software-raid-race-2e0e104de9611228.yaml | 7 + .../notes/fix-rescan-device-7b00c6836b687ce8.yaml | 5 + .../fix-rescan-device-raid-29aa1558b036b496.yaml | 7 + .../notes/fix_efi_uuid_fstab-f2edbee9bfbac64a.yaml | 6 + releasenotes/notes/log-file-7aaaf31693ddc617.yaml | 5 + .../notes/qemu-write-zeros-2edbf3152c57e2b6.yaml | 6 + releasenotes/source/index.rst | 1 + releasenotes/source/xena.rst | 6 + requirements.txt | 4 +- setup.cfg | 3 +- zuul.d/ironic-python-agent-jobs.yaml | 13 - zuul.d/project.yaml | 8 +- 39 files changed, 1923 insertions(+), 1326 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index 69d886c..cadb5c3 100644 --- a/requirements.txt +++ b/requirements.txt @@ -13 +13 @@ oslo.service!=1.28.1,>=1.24.0 # Apache-2.0 -oslo.utils>=3.33.0 # Apache-2.0 +oslo.utils>=3.34.0 # Apache-2.0 @@ -20 +20 @@ tenacity>=6.2.0 # Apache-2.0 -ironic-lib>=4.7.1 # Apache-2.0 +ironic-lib>=5.1.0 # Apache-2.0 From no-reply at openstack.org Fri Dec 10 10:25:49 2021 From: no-reply at openstack.org (no-reply at openstack.org) Date: Fri, 10 Dec 2021 10:25:49 -0000 Subject: [release-announce] bifrost 12.0.0 (yoga) Message-ID: We are jazzed to announce the release of: bifrost 12.0.0: Deployment of physical machines using OpenStack Ironic and Ansible This release is part of the yoga release series. The source is available from: https://opendev.org/openstack/bifrost Download the package from: https://tarballs.openstack.org/bifrost/ Please report issues through: https://storyboard.openstack.org/#!/project/openstack/bifrost For more details, please see below. 12.0.0 ^^^^^^ New Features ************ * Ansible 4 is now supported and used by default. * Debian Bullseye (11.0) is now supported as a base operating system. Upgrade Notes ************* * A separate Keystone admin service is no longer installed and will be disabled on upgrade. The main Keystone service can be used instead. * Bifrost now uses UEFI by default. Set "default_boot_mode" to "bios" or use the "--legacy-boot" CLI flag to override. Deprecation Notes ***************** * Using legacy boot is deprecated, although we don't have immediate plans to remove its support. Please consider using UEFI. * Support for distributions using Python 3.6, namely Ubuntu Bionic, Debian 10 "Buster" and openSUSE 15.2/15.3, has been deprecated and may be removed at any moment. * Support for Fedora has been deprecated, please use CentOS Stream 8. Bug Fixes ********* * Fixes an outdated grub and shim efi binaries path for Red Hat to be under "EFI/redhat". * Fixes the iptables rule for PXE on systems not using firewalld (use port UDP/67 and UDP/69 instead of TCP/68 and TCP/69). Other Notes *********** * No longer installs "/etc/ironic/boot.ipxe", relying on the boot script generated by Ironic instead. * The redfish emulator now has authentication enabled by default. Changes in bifrost 11.2.0..12.0.0 --------------------------------- ed400a6b Prepare for bugfix release 74b24441 [trivial] Fix Xena and Wallaby release notes versions 42d281e7 Enable HTTP2 for Keystone when TLS is enabled 5cd0819c Fix RedHat required defaults f8251dba Update tarballs base url 8346fbea Catch all exceptions from pbr when importing the root package ec042fa3 Remove unused integration job 694809bc Upgrade from Xena in the upgrade job 6502af58 Refresh supported operating systems list ff87a594 Use boot.ipxe generated by Ironic 3dbc7347 Revert "Explicitly trap on ERR" and fix exit code hanlding 69cbcf43 Use UEFI by default and deprecate legacy boot 6c463463 Fix the DHCP port in iptables (68 vs 67 and TCP vs UDP) 20813535 Bump ansible lint to latest version 72ad77f9 Bump up Ansible to 4.x da084360 Remove the keystone admin endpoint fe984d0d Enable authentication in sushy-tools a2a9b726 Support debian 11 "bullseye" e2928841 Add redfish vmedia jobs to gate 5707aff7 Add Python3 yoga unit tests 82cedf58 Update master for stable/xena 2d865430 On Fedora, RedHat family replace genisoimage with xorrisofs Diffstat (except docs and test files) ------------------------------------- bifrost/__init__.py | 4 +-- bifrost/cli.py | 22 ++++++++---- playbooks/ci/run.yaml | 5 ++- playbooks/roles/bifrost-create-dib-image/README.md | 4 +-- .../roles/bifrost-create-dib-image/tasks/main.yml | 4 +-- .../tasks/prepare_libvirt.yml | 14 ++++++-- .../templates/redfish-emulator.conf.j2 | 1 + .../roles/bifrost-ironic-install/defaults/main.yml | 15 ++++---- .../defaults/required_defaults_Debian_family.yml | 7 ++-- .../defaults/required_defaults_Fedora.yml | 2 +- .../defaults/required_defaults_RedHat.yml | 4 +-- .../defaults/required_defaults_RedHat_family.yml | 2 +- .../roles/bifrost-ironic-install/files/boot.ipxe | 17 --------- .../bifrost-ironic-install/tasks/bootstrap.yml | 15 ++++++-- .../tasks/create_tftpboot.yml | 7 ++-- .../templates/ironic.conf.j2 | 4 +-- .../defaults/required_defaults_Debian_family.yml | 5 ++- .../bifrost-keystone-install/tasks/bootstrap.yml | 42 ++++++---------------- .../roles/bifrost-keystone-install/tasks/start.yml | 15 +++++--- .../nginx_conf.d_bifrost-keystone.conf.j2 | 19 +--------- .../templates/uwsgi-keystone.ini.j2 | 8 ++--- .../roles/bifrost-pip-install/defaults/main.yml | 1 - releasenotes/notes/ansible-4-1e08eb3acd1768fe.yaml | 4 +++ releasenotes/notes/bullseye-9112536e10e18417.yaml | 4 +++ .../notes/ipxe-fallback-245535c4fb9ddc0b.yaml | 5 +++ .../notes/keystone-admin-fc85936b4ac41aa3.yaml | 5 +++ ...el_grub_efi_binaries_path-9b243b00bacef7a6.yaml | 5 +++ .../notes/sushy-tools-auth-38411a6bfd3ead2e.yaml | 4 +++ .../notes/ubuntu-ports-6e6c2fef3dc7bccb.yaml | 5 +++ .../notes/uefi-default-730aeff37716fe08.yaml | 9 +++++ .../notes/yoga-versions-4a460f5f9691b37f.yaml | 8 +++++ releasenotes/source/index.rst | 1 + releasenotes/source/wallaby.rst | 6 ++-- releasenotes/source/xena.rst | 6 ++++ scripts/collect-test-info.sh | 4 +-- scripts/env-setup.sh | 3 +- scripts/test-bifrost.sh | 1 - tox.ini | 4 +-- zuul.d/bifrost-jobs.yaml | 28 ++++----------- zuul.d/project.yaml | 7 +++- 43 files changed, 192 insertions(+), 167 deletions(-) From no-reply at openstack.org Fri Dec 10 10:25:53 2021 From: no-reply at openstack.org (no-reply at openstack.org) Date: Fri, 10 Dec 2021 10:25:53 -0000 Subject: [release-announce] ironic 19.0.0 (yoga) Message-ID: We are excited to announce the release of: ironic 19.0.0: OpenStack Bare Metal Provisioning This release is part of the yoga release series. The source is available from: https://opendev.org/openstack/ironic Download the package from: https://tarballs.openstack.org/ironic/ Please report issues through: https://storyboard.openstack.org/#!/project/943 For more details, please see below. 19.0.0 ^^^^^^ New Features ************ * Adds support for running "management.clear_job_queue", "management.reset_idrac" and "management.known_good_state" methods as verify steps on iDRAC hardware type, for both "idrac-wsman" and "idrac-redfish" interfaces. In order to use this feature, "[conductor]verify_step_priority_override" needs to be used to set non-zero step priorities for the desired verify steps. * Adds support for verify steps - a mechanism for running optional, actions pre-defined in the driver while the node is in transition from enroll to managable state, prior to inspection. * Adds a new executable "ironic" that starts both API and conductor in the same process. Calls between the API and conductor instances in the same process are not routed through the RPC. * The "ipxe" boot interface is now enabled by default. * Adds a new configuration option "[pxe]ipxe_fallback_script" which allows iPXE boot to fall back to e.g. ironic-inspector iPXE script. * ISO images provided via "instance_info/boot_iso" or "instance_info/deploy_iso" are now cached in a similar way to normal instance images. Set "[deploy]iso_master_path" to an empty string to disable. * All image caches are now cleaned up periodically, not only when used. Set "[conductor]cache_clean_up_interval" to tune the interval or disable. * The "redfish" hardware type is now enabled by default along with all its supported hardware interfaces. * Adds a new "none" RPC transport that can be used together with the combined "ironic" executable to completely disable the RPC bus. * Adds new configuration option: "[snmp]power_action_delay" This option will add a delay in seconds before a snmp power on and after power off. Which may be needed with some PDUs as they may not honor toggling a specific power port in rapid succession without a delay. This option may be useful if the attached physical machine has a substantial power supply to hold it over in the event of a brownout. * The default deployment boot mode is *now* UEFI. Legacy BIOS is still supported, however operators who require BIOS nodes will need to set their nodes, or deployment, appropriately. Upgrade Notes ************* * The "ipxe" boot interface is now enabled and will have priority over "pxe" by default. If you rely on the default value of the "enabled_boot_interfaces" option to not contain "ipxe", you need to set it explicitly. * The default boot mode has been changed and is *now* UEFI. Operators who were explicitly relying upon BIOS based deployments in the past, may wish to consider setting an explicit node level override for the node to only utilize BIOS mode. This can be configured at a conductor level with the "[deploy]default_boot_mode". Options to set this at a node level can be found in the Ironic Installation guide - Advanced features (https://docs.openstack.org/ironic/latest/install/advanced.html #boot-mode-support) documentation. Bug Fixes ********* * Fixes a bug in the anaconda deploy interface where the "ks_options" key was not found when rendering the default kickstart template. * Fixes an issue where PXEAnacondaDeploy interface's deploy() method did not return states.DEPLOYWAIT so the instance went straight to "active" instead of "wait call-back". * Fixes an issue where the anaconda deploy interface mistakenly expected "squashfs_id" instead of "stage2_id" property on the image. * Fixes the heartbeat mechanism in the default kickstart template ks.cfg.template as the heartbeat API only accepts "POST" and expects a mandatory "callback_url" parameter. * Fixes handling of tarball images in anaconda deploy interface. Allows user specified file extensions to be appended to the disk image symlink. Users can now set the file extensions by setting the "disk_file_extension" property on the OS image. This enables users to deploy tarballs with anaconda deploy interface. * Fixes an issue where automated cleaning was not supported when anaconda deploy interface is used. * Fixes "idrac-wsman" management interface "set_boot_device" method that would fail deployment when there are existing jobs present with the error: "Failed to change power state to ''power on'' by ''rebooting''. Error: DRAC operation failed. Reason: Unfinished config jobs found: . Make sure they are completed before retrying." Now there can be non-BIOS jobs present during deployment. This will still fail for cases when there are BIOS jobs present. In such cases it's advised to use the "idrac-redfish" interface that does not have this limitation when setting boot device. * Fixes "File name too long" in the image caching code when a URL contains a long query string. * Fixes an issue with a node's instance_info interface override caused when Ironic uses the interface attribute directly. Does so by adding a "get_interface" method to a node, and updating the Ironic code to use it where needed. * Fixes an issue where the port value is not converted to int type when nodes are managed by the "irmc" hardware type. * Fixes an issue where cleaning continuously repeats due to the value of "fgi_status" not being updated correctly when obtaining the RAID configuration status of nodes managed by the "irmc" hardware type. * When configuring RAID on iRMC machines through ironic, polling is not set when RAID is created. After creating the RAID, set up polling will notify ironic to wait for the RAID configuration to complete before proceeding to the next step instead of check IPA. * Fixes connection caching issues with Redfish BMCs where AccessErrors were previously not disqualifying the cached connection from being re-used. Ironic will now explicitly open a new connection instead of using the previous connection in the cache. Under normal circumstances, the "sushy" redfish library would detect and refresh sessions, however a prior case exists where it may not detect a failure and contain cached session credential data which is ultimately invalid, blocking future access to the BMC via Redfish until the cache entry expired or the "ironic-conductor" service was restarted. For more information please see story 2009719 (https://storyboard.openstack.org/#!/story/2009719). * Removing *?filename=file.iso* suffix from the virtual media image URL when the image is a regular file due to incompatibility with SuperMicro X12 machines which do not accept special characters such as *=* or *?* in the URL. Historically, this suffix was being added to improve compatibility with those BMCs which require *.iso* suffix in the URL while using swift as the image store. Old behaviour will remain for swift backed images. * Fixes restricted allocation creation for old policy defaults. This involves a check that ensures that the user is not trying to create an allocation with an owner other than themselves. This check is updated to also see if the user is actually trying to set an allocation owner. Other Notes *********** * The agent deploy and cleaning code no longer uses an RPC call to the same conductor when proceeding to the next deploy or clean step. Changes in ironic 18.2.0..19.0.0 -------------------------------- cdc3b9538 CI: Lower test VM memory by 200MB b37ee7c91 devstack: provide a default for OS_CLOUD 019ed2d7b Add "none" RPC transport that disables the RPC bus 9a6f2d101 All-in-one Ironic service with a local RPC bus 80fccd80c Trivial: minor follow-up to redfish fix 5f35896bf Prepare for bugfix release 18d016f79 Avoid RPC notify_conductor_resume_{deploy,clean} in agent_base 3e225d2cd Trivial: log current state when continuing cleaning f97e9340e Add missing mode setting on pxe created directories f85f64913 Install isolinux on devstack e51c6b930 Fix markup syntax d5eb6ee56 Refactor driver_internal_info updates to methods 1439af27b Remove redfish cache entry upon errors 3f990beb9 Refactor common configuration bits from service commands 44ac50779 Remove isfile check from place_loaders_for_boot 7ca27601d Remove default option from create iso image 028448afe Add a unit test job with Sushy from source 2ddd8ef2c Do not assume sushy constants are strings - part 2 ccb46fefd Updating yoga tested python versions in classifier fdc6424de Clarify driver load error message 9b4631ae0 Use test_with_retry to get the tap device name 350c2f7a5 CI: Fix devstack plugin with RBAC changes 47b98d44c Use default test dir a249c025d Fix some of the SRBAC tests dbc24610d Add an option to create inspector-compatible boot.ipxe 545a222a0 Reduce the number of small functions in pxe_utils 93fd147b6 Stop relying on explicit values of Redfish constants fc24275ba [iRMC] Convert the type of irmc_port to int 815705bc7 Fix RedfishManagement.get_mac_addresses and related functions 16aad76a6 Create node get_interface method 5ab94f37f Enable iPXE boot interface by default 76e99a30f Enable Redfish by default 323344e07 [Trivial] Clarify conditions under which power recovery is attempted 4f0893804 Avoid handling a deploy failure twice b1d08ae80 Fix idrac-wsman deploy with existing non-BIOS jobs 4bb7e5373 Document commands to leave WAIT states 287425e15 Add description to the mod_wsgi part b2ef1051d Add platform:rpm shim, grub packages to bindep df99dea00 Fix various issues in the anaconda deploy interface 0ca0383ba Trivial: do not stop None rpcserver 42b03703a Fix restricted allocation creation for old policy defaults 2ff7f553c changed code for memory burin vm-bytes, 75 to 75% dc3fefe6a Add a description of stopping ironic-api.service c1a067c14 Add Xena versions to release notes 8e8c1b087 There is no aim, we do deploy/manage baremetal. 7d85694fd Do not use any parts of image URL in temporary file names beb96870f Remove redundant node_periodic tests 567aa056a node_periodics: encapsulate the interface class check cf1b42ea3 Add a helper for node-based periodics 7f9badb54 Add and document high-level helpers for async steps f205e7d2b Remove debian packages file for devstack 371313214 SRBAC - Prepare for additional services 044091c14 Retool devstack plugin to use pxe loaders configuration e05f74c62 Do not append filename parameter to image URL when using local file e8382db6b Update the list of supported database filters c7a6c69f1 Follow up to Add support for verify steps 330693306 add snmp power action delay dec673784 Demote three warning messages 807b93456 Make iDRAC management steps verify steps 2b55c8d38 CI: Change CI ipxe file to snponly 493b4f0ca Yoga: Change default boot mode to uefi b385d9ae5 Add support for verify steps 3c96af2d2 Fix iDRAC configuration mold docs 535c28b67 Document recovery from power faults c1e355011 Remove legacy rpm install list and use bindep c52e685e5 Update release doc 61fb3eee5 PXE: avoid trailing dots in exception messages a547cbcb0 require_exclusive_lock: log traceback that lead to an error db4b4c08d Clean up caches periodically eb8657f0d Update iDRAC doc for idrac-redfish RAID 4775fb3d9 Devstack: don't scan /opt, /etc looking for isolinux b617e4346 [iRMC] Set polling after RAID is built 8a5c672fa [iRMC] Avoid repeatedly resuming clean after creating raid configuration 816dbfdad Add Python3 yoga unit tests 016c1f860 Update master for stable/xena 93e57fd72 Use an ImageCache for provided boot/deploy ISO images c80d2f295 Refactor: move base_iso handling from create_boot_iso Diffstat (except docs and test files) ------------------------------------- api-ref/source/samples/api-root-response.json | 2 +- bindep.txt | 2 + devstack/common_settings | 4 +- devstack/files/bindep.txt | 98 +++++ devstack/files/debs/ironic | 41 --- devstack/files/rpms/ironic | 25 -- devstack/lib/ironic | 195 ++++++---- .../include/configure-ironic-api-mod_wsgi.inc | 19 + driver-requirements.txt | 3 - ironic/api/controllers/root.py | 4 +- ironic/api/controllers/v1/allocation.py | 6 +- ironic/api/wsgi.py | 3 +- ironic/cmd/api.py | 19 +- ironic/cmd/conductor.py | 19 +- ironic/cmd/dbsync.py | 2 +- ironic/cmd/singleprocess.py | 52 +++ ironic/common/driver_factory.py | 4 +- ironic/common/exception.py | 7 +- ironic/common/images.py | 25 +- ironic/common/neutron.py | 2 +- ironic/common/pxe_utils.py | 135 +++---- ironic/common/rpc.py | 10 + ironic/common/rpc_service.py | 22 +- ironic/common/service.py | 42 ++- ironic/conductor/cleaning.py | 22 +- ironic/conductor/deployments.py | 63 ++-- ironic/conductor/manager.py | 204 +++++------ ironic/conductor/periodics.py | 164 +++++++++ ironic/conductor/rpcapi.py | 210 +++++++---- ironic/conductor/steps.py | 90 ++++- ironic/conductor/task_manager.py | 13 + ironic/conductor/utils.py | 145 ++++---- ironic/conductor/verify.py | 25 ++ ironic/conf/conductor.py | 14 + ironic/conf/default.py | 19 +- ironic/conf/deploy.py | 26 +- ironic/conf/pxe.py | 11 +- ironic/conf/snmp.py | 10 + ironic/db/api.py | 24 +- ironic/db/sqlalchemy/api.py | 2 + ironic/drivers/base.py | 89 ++++- ironic/drivers/modules/agent.py | 10 +- ironic/drivers/modules/agent_base.py | 68 ++-- ironic/drivers/modules/ansible/deploy.py | 6 +- ironic/drivers/modules/boot.ipxe | 10 + ironic/drivers/modules/boot_mode_utils.py | 18 +- ironic/drivers/modules/deploy_utils.py | 52 ++- ironic/drivers/modules/drac/bios.py | 62 +--- ironic/drivers/modules/drac/inspect.py | 4 +- ironic/drivers/modules/drac/management.py | 67 ++-- ironic/drivers/modules/drac/raid.py | 96 ++--- ironic/drivers/modules/ilo/bios.py | 8 +- ironic/drivers/modules/ilo/inspect.py | 3 +- ironic/drivers/modules/ilo/management.py | 16 +- ironic/drivers/modules/ilo/raid.py | 4 +- ironic/drivers/modules/image_cache.py | 9 +- ironic/drivers/modules/image_utils.py | 113 +++--- ironic/drivers/modules/inspect_utils.py | 16 +- ironic/drivers/modules/inspector.py | 30 +- ironic/drivers/modules/irmc/common.py | 3 + ironic/drivers/modules/irmc/raid.py | 137 ++++--- ironic/drivers/modules/ks.cfg.template | 12 +- ironic/drivers/modules/pxe.py | 8 +- ironic/drivers/modules/pxe_base.py | 46 +-- ironic/drivers/modules/ramdisk.py | 3 +- ironic/drivers/modules/redfish/bios.py | 6 +- ironic/drivers/modules/redfish/boot.py | 4 +- ironic/drivers/modules/redfish/inspect.py | 3 +- ironic/drivers/modules/redfish/management.py | 150 +++----- ironic/drivers/modules/redfish/raid.py | 125 ++----- ironic/drivers/modules/redfish/utils.py | 37 +- ironic/drivers/modules/snmp.py | 2 + ironic/objects/node.py | 44 +++ .../unit/api/controllers/v1/test_allocation.py | 37 +- .../unit/drivers/modules/ansible/test_deploy.py | 1 + .../unit/drivers/modules/drac/test_inspect.py | 2 +- .../unit/drivers/modules/drac/test_management.py | 14 +- .../drivers/modules/irmc/test_periodic_task.py | 59 ++- .../unit/drivers/modules/redfish/test_inspect.py | 15 +- .../drivers/modules/redfish/test_management.py | 178 ++------- .../unit/drivers/modules/redfish/test_raid.py | 4 +- .../unit/drivers/modules/redfish/test_utils.py | 72 +++- .../unit/drivers/modules/test_boot_mode_utils.py | 15 +- .../unit/drivers/modules/test_deploy_utils.py | 53 ++- .../unit/drivers/modules/test_inspect_utils.py | 13 +- .../unit/drivers/third_party_driver_mock_specs.py | 67 ---- lower-constraints.txt | 3 +- .../add-idrac-verify-steps-50c1a0f0fe299922.yaml | 9 + .../add-verify-steps-support-2b34a74e86f89cb4.yaml | 6 + releasenotes/notes/allinone-190ae91884d81154.yaml | 6 + ...anaconda-deploy-interface-bfa2cfca22b04680.yaml | 25 ++ ...th-existing-non-bios-jobs-78aa2195d0c3016f.yaml | 16 + .../notes/image-cache-size-28a9072901b98edf.yaml | 5 + ...fo-interface-override-fix-043df41199529892.yaml | 7 + .../notes/ipxe-default-628380290fbdbab6.yaml | 10 + .../notes/ipxe-fallback-a10c8ce422caa429.yaml | 5 + ...rt-the-value-of-irmc-port-63c90450b5a77203.yaml | 5 + ...repeatedly-resuming-clean-020f0dfc2e30d7bc.yaml | 6 + ...-polling-after-raid-build-5f78ee3e93a92553.yaml | 8 + releasenotes/notes/iso-cache-5330b63c9e3a02db.yaml | 7 + .../notes/no-deploy-rpc-dec8ee1d0326d1ad.yaml | 5 + .../notes/periodic-clean-up-29c33d2516bf16ec.yaml | 5 + ...on-cache-pool-accesserror-743e39a2f017b990.yaml | 13 + .../notes/redfish-default-c7b2268606172bba.yaml | 5 + ...ame-param-from-vmedia-url-bf4773ede44f2206.yaml | 10 + ...d-allocation-creation-fix-a70dfcbcb9996602.yaml | 7 + releasenotes/notes/rpc-none-f05dac657eef4b66.yaml | 5 + ...mp_add_power_action_delay-eba6c3a9cbd6ada3.yaml | 8 + .../uefi-is-now-the-default-562b0d68adc59008.yaml | 16 + releasenotes/source/index.rst | 1 + releasenotes/source/xena.rst | 6 + requirements.txt | 3 +- setup.cfg | 4 +- .../benchmark/do_not_run_create_benchmark_data.py | 2 +- tools/benchmark/generate-statistics.py | 2 +- tox.ini | 1 - zuul.d/ironic-jobs.yaml | 64 +++- zuul.d/project.yaml | 6 +- 156 files changed, 4169 insertions(+), 2231 deletions(-) Requirements updates -------------------- diff --git a/driver-requirements.txt b/driver-requirements.txt index d5285a3df..ffcb3e2ab 100644 --- a/driver-requirements.txt +++ b/driver-requirements.txt @@ -13,3 +12,0 @@ python-xclarityclient>=0.1.6 -# The Redfish hardware type uses the Sushy library -sushy>=3.10.0 - diff --git a/requirements.txt b/requirements.txt index 9c4e1dc47..ea11b920d 100644 --- a/requirements.txt +++ b/requirements.txt @@ -16 +16 @@ pytz>=2013.6 # MIT -stevedore>=1.20.0 # Apache-2.0 +stevedore>=1.29.0 # Apache-2.0 @@ -45,0 +46 @@ openstacksdk>=0.48.0 # Apache-2.0 +sushy>=3.10.0 From no-reply at openstack.org Mon Dec 13 12:56:20 2021 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 13 Dec 2021 12:56:20 -0000 Subject: [release-announce] openstack-ansible 22.4.0 (victoria) Message-ID: We are gleeful to announce the release of: openstack-ansible 22.4.0: Ansible playbooks for deploying OpenStack This release is part of the victoria stable release series. The source is available from: https://opendev.org/openstack/openstack-ansible Download the package from: https://tarballs.openstack.org/openstack-ansible/ Please report issues through: https://bugs.launchpad.net/openstack-ansible/+bugs For more details, please see below. 22.4.0 ^^^^^^ Upgrade Notes ************* * For Ubuntu Focal (20.04) with minor upgrade UCA repo will be added. Deployments using "distro" install method will result in major OpenStack version upgrade. Bug Fixes ********* * Fixed inconsistency in "haproxy_frontend_raw" key naming between documentation and service template. Previously, template generation was expecting "haproxy_raw" instead of the "haproxy_frontend_raw". * Ubuntu Cloud Archive (UCA) repo has not been added properly for Ubuntu 20.04 setups. Changes in openstack-ansible 22.3.3..22.4.0 ------------------------------------------- 967e43b85 Update openstack-hosts version 3273e2217 Bump OpenStack-Ansible Victoria 513295261 Pin uWSGI version 915c12e76 Configure HAProxy to check Horizon's login page 0403fce20 Set default for octavia_barbican_enabled fba56853f Update functional test requirements url Diffstat (except docs and test files) ------------------------------------- ansible-role-requirements.yml | 16 +-- global-requirement-pins.txt | 1 + inventory/group_vars/haproxy/haproxy.yml | 2 +- inventory/group_vars/octavia_all.yml | 1 + playbooks/defaults/repo_packages/gnocchi.yml | 2 +- playbooks/defaults/repo_packages/nova_consoles.yml | 4 +- .../defaults/repo_packages/openstack_services.yml | 112 ++++++++++----------- .../haproxy_frontend_raw-0811d5d445a66b41.yaml | 6 ++ ...untu_focal_distro_release-3b3ea63c0f81a495.yaml | 10 ++ tox.ini | 2 +- 10 files changed, 87 insertions(+), 69 deletions(-) From no-reply at openstack.org Mon Dec 13 12:58:43 2021 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 13 Dec 2021 12:58:43 -0000 Subject: [release-announce] openstack-ansible 23.2.0 (wallaby) Message-ID: We are stoked to announce the release of: openstack-ansible 23.2.0: Ansible playbooks for deploying OpenStack This release is part of the wallaby stable release series. The source is available from: https://opendev.org/openstack/openstack-ansible Download the package from: https://tarballs.openstack.org/openstack-ansible/ Please report issues through: https://bugs.launchpad.net/openstack-ansible/+bugs For more details, please see below. 23.2.0 ^^^^^^ Upgrade Notes ************* * For Ubuntu Focal (20.04) with minor upgrade UCA repo will be added. Deployments using "distro" install method will result in major OpenStack version upgrade. Bug Fixes ********* * Fixed inconsistency in "haproxy_frontend_raw" key naming between documentation and service template. Previously, template generation was expecting "haproxy_raw" instead of the "haproxy_frontend_raw". * Ubuntu Cloud Archive (UCA) repo has not been added properly for Ubuntu 20.04 setups. Changes in openstack-ansible 23.1.2..23.2.0 ------------------------------------------- 2459dacf4 Update openstack-hosts version be50cd5d6 Bump OpenStack-Ansible Wallaby b77633d1c Pin uWSGI version 994c193df Ensure hardware facts are gathered for galera hosts. 4b4e88719 Configure HAProxy to check Horizon's login page 9401df827 Fix error in dynamic-address-fact task d6cea9115 Increase Apache thread limit for keystone 378e593b7 Include openstack_services for murano role Diffstat (except docs and test files) ------------------------------------- ansible-role-requirements.yml | 22 ++-- global-requirement-pins.txt | 1 + inventory/group_vars/haproxy/haproxy.yml | 2 +- playbooks/common-tasks/dynamic-address-fact.yml | 6 +- playbooks/defaults/repo_packages/gnocchi.yml | 2 +- playbooks/defaults/repo_packages/nova_consoles.yml | 4 +- .../defaults/repo_packages/openstack_services.yml | 112 ++++++++++----------- playbooks/galera-install.yml | 5 + playbooks/os-murano-install.yml | 1 + .../haproxy_frontend_raw-0811d5d445a66b41.yaml | 6 ++ ...untu_focal_distro_release-f921f59a0d7ff998.yaml | 10 ++ .../templates/user_variables.aio.yml.j2 | 4 +- .../templates/user_variables_murano.yml.j2 | 2 +- zuul.d/jobs.yaml | 2 + 14 files changed, 103 insertions(+), 76 deletions(-) From no-reply at openstack.org Mon Dec 13 13:11:48 2021 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 13 Dec 2021 13:11:48 -0000 Subject: [release-announce] cloudkitty 13.0.1 (victoria) Message-ID: We are stoked to announce the release of: cloudkitty 13.0.1: Rating as a Service component for OpenStack This release is part of the victoria stable release series. The source is available from: https://opendev.org/openstack/cloudkitty Download the package from: https://pypi.org/project/cloudkitty Please report issues through: https://storyboard.openstack.org/#!/project/openstack/cloudkitty For more details, please see below. Changes in cloudkitty 13.0.0..13.0.1 ------------------------------------ 48c8a86 Fix typo in policy rule description 2db1435 Fix default admin_or_owner policy expression 04f4c78 Drop lower-constraints job Diffstat (except docs and test files) ------------------------------------- .zuul.yaml | 1 - cloudkitty/common/policies/base.py | 4 +++- cloudkitty/common/policies/v1/rating.py | 2 +- 4 files changed, 6 insertions(+), 5 deletions(-) From no-reply at openstack.org Mon Dec 13 13:17:36 2021 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 13 Dec 2021 13:17:36 -0000 Subject: [release-announce] cloudkitty 14.0.1 (wallaby) Message-ID: We eagerly announce the release of: cloudkitty 14.0.1: Rating as a Service component for OpenStack This release is part of the wallaby stable release series. The source is available from: https://opendev.org/openstack/cloudkitty Download the package from: https://pypi.org/project/cloudkitty Please report issues through: https://storyboard.openstack.org/#!/project/openstack/cloudkitty For more details, please see below. 14.0.1 ^^^^^^ Bug Fixes * Fix the definition of the "admin_or_owner" policy expression, which was preventing even admins from using the "get_summary" endpoint with "all_tenants=True" or "tenant_id" parameters. Changes in cloudkitty 14.0.0..14.0.1 ------------------------------------ 875cacd Fix cloudkitty exception handling from gnocchiclient 1e964bd Fix broken lower-constraints job c8f095c Fix typo in policy rule description 712e799 Add release note for admin_or_owner policy fix e8a04b6 Fix default admin_or_owner policy expression 93b9cd8 Update TOX_CONSTRAINTS_FILE for stable/wallaby 9c3cf74 Update .gitreview for stable/wallaby Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + cloudkitty/api/app.py | 7 ++----- cloudkitty/collector/gnocchi.py | 2 +- cloudkitty/common/policies/base.py | 4 +++- cloudkitty/common/policies/v1/rating.py | 2 +- .../notes/admin-or-owner-policy-c666346da4405d13.yaml | 6 ++++++ tox.ini | 4 ++-- 11 files changed, 41 insertions(+), 22 deletions(-) From no-reply at openstack.org Mon Dec 13 16:31:53 2021 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 13 Dec 2021 16:31:53 -0000 Subject: [release-announce] cinderlib 4.1.0 (xena) Message-ID: We are happy to announce the release of: cinderlib 4.1.0: Direct usage of Cinder Block Storage drivers without the services This release is part of the xena release series. The source is available from: https://opendev.org/openstack/cinderlib Download the package from: https://tarballs.openstack.org/cinderlib/ Please report issues through: https://bugs.launchpad.net/cinderlib/+bugs For more details, please see below. Changes in cinderlib 4.0.0..4.1.0 --------------------------------- e13887e Continue xena development e5518c5 Drop lower-constraints file 7b6cbda Update TOX setenv 68519a8 Update master for stable/wallaby c47820d Update contributor docs 0423c18 Open cinderlib for xena development Diffstat (except docs and test files) ------------------------------------- lower-constraints.txt | 10 ---- releasenotes/source/index.rst | 1 + releasenotes/source/wallaby.rst | 6 +++ requirements.txt | 8 +-- tox.ini | 15 +++--- 6 files changed, 114 insertions(+), 22 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index 4b007a5..f9c6f76 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ -# restrict cinder to the wallaby series only -cinder>=18.0.0,<19.0.0 # Apache-2.0 -# specify brick wallaby (upper bound controlled by openstack upper-constraints) -os-brick>=4.3.1 +# restrict cinder to the xena release only +cinder>=19.0.0,<20.0.0 # Apache-2.0 +# brick upper bound is controlled by xena/upper-constraints +os-brick>=5.0.1 From no-reply at openstack.org Wed Dec 15 15:51:07 2021 From: no-reply at openstack.org (no-reply at openstack.org) Date: Wed, 15 Dec 2021 15:51:07 -0000 Subject: [release-announce] neutron-lib 2.18.0 (yoga) Message-ID: We jubilantly announce the release of: neutron-lib 2.18.0: Neutron shared routines and utilities This release is part of the yoga release series. The source is available from: https://opendev.org/openstack/neutron-lib Download the package from: https://pypi.org/project/neutron-lib Please report issues through: https://bugs.launchpad.net/neutron/+bugs For more details, please see below. 2.18.0 ^^^^^^ New Features * New API validators "validate_oneline_not_empty_string" and "validate_oneline_not_empty_string_or_none" are added. Those validators are now used to validate "opt_name" and "opt_value" fields of the extra_dhcp_opt so strings with newline character are not valid for dhcp extra option's name nor value. * A new method "update_network" has been added to "L3AgentExtension" to handle the network update events in the L3 agent extensions. * Added field "qos_network_policy_id" to the "floatingip" definition. This read only parameter contains the QoS policy of the network where the floating IP is plugged. * The "qos-fip" extension's API definition is now available in "neutron_lib.api.definitions.qos_fip". Changes in neutron-lib 2.17.0..2.18.0 ------------------------------------- 6a922e4 Allow to pass custom reason in NetworkInUse exception 4807bac Add new method "update_network" to "L3AgentExtension". 4d44f54 Replace "target_tenant" with "target_project" in RBAC OVOs and models a3b564d Exception for BFD: BfdMonitorInUse 8736420 Rehome QoS floating IP extension f9497ac Add floating IP network QoS field to floating IP definition d2bd776 Make update_qos_minbw_allocation() more generic 1f4c403 Add oneline_string validators Diffstat (except docs and test files) ------------------------------------- api-ref/source/v2/floatingips.inc | 24 +++++ api-ref/source/v2/parameters.yaml | 18 ++++ .../floatingips/floating-ips-list-response.json | 13 ++- .../floatingips/floatingip-create-request.json | 3 +- .../floatingips/floatingip-create-response.json | 3 +- .../floatingips/floatingip-show-response.json | 4 +- .../floatingips/floatingip-update-response.json | 4 +- neutron_lib/agent/l3_extension.py | 10 ++ neutron_lib/api/definitions/__init__.py | 4 + neutron_lib/api/definitions/base.py | 2 + neutron_lib/api/definitions/extra_dhcp_opt.py | 4 +- neutron_lib/api/definitions/qos_fip.py | 41 ++++++++ .../api/definitions/qos_fip_network_policy.py | 41 ++++++++ neutron_lib/api/validators/__init__.py | 34 ++++++ neutron_lib/db/model_query.py | 8 +- neutron_lib/exceptions/__init__.py | 11 +- neutron_lib/exceptions/l3.py | 5 + neutron_lib/placement/client.py | 47 ++++----- .../api/definitions/test_qos_fip_network_policy.py | 25 +++++ ...-oneline-string-validator-aa4e1ccad9d8d5c8.yaml | 8 ++ ...extensions-update-network-e4887f7f258e40f0.yaml | 5 + .../qos-fip-network-policy-ded58703313ae248.yaml | 6 ++ .../rehome-qos-fip-apidef-a2e4d49af177be85.yaml | 5 + 27 files changed, 440 insertions(+), 78 deletions(-) From no-reply at openstack.org Thu Dec 16 14:32:09 2021 From: no-reply at openstack.org (no-reply at openstack.org) Date: Thu, 16 Dec 2021 14:32:09 -0000 Subject: [release-announce] oslo.messaging 12.11.1 (yoga) Message-ID: We are pumped to announce the release of: oslo.messaging 12.11.1: Oslo Messaging API This release is part of the yoga release series. The source is available from: https://opendev.org/openstack/oslo.messaging Download the package from: https://pypi.org/project/oslo.messaging Please report issues through: https://bugs.launchpad.net/oslo.messaging/+bugs For more details, please see below. Changes in oslo.messaging 12.11.0..12.11.1 ------------------------------------------ 02a38f50 amqp1: fix race when reconnecting Diffstat (except docs and test files) ------------------------------------- oslo_messaging/_drivers/amqp1_driver/controller.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) From no-reply at openstack.org Thu Dec 16 14:32:16 2021 From: no-reply at openstack.org (no-reply at openstack.org) Date: Thu, 16 Dec 2021 14:32:16 -0000 Subject: [release-announce] oslo.policy 3.10.1 (yoga) Message-ID: We are ecstatic to announce the release of: oslo.policy 3.10.1: Oslo Policy library This release is part of the yoga release series. The source is available from: https://opendev.org/openstack/oslo.policy Download the package from: https://pypi.org/project/oslo.policy Please report issues through: https://bugs.launchpad.net/oslo.policy/+bugs For more details, please see below. 3.10.1 ^^^^^^ Other Notes * Scope check is enforced for all rules, registered ones as well as the ones which are subclasses of the "BaseCheck" class if rule has "scope_types" set. Changes in oslo.policy 3.10.0..3.10.1 ------------------------------------- 919c328 Enforce scope check always when rule has scope_types set 1e89f03 Increase timeout of the cross-neutron-tox-py38 job Diffstat (except docs and test files) ------------------------------------- .zuul.yaml | 1 + oslo_policy/policy.py | 2 ++ ...lways-when-rule-has-scope_types-8f983cdf70766e4f.yaml | 6 ++++++ 4 files changed, 25 insertions(+) From no-reply at openstack.org Wed Dec 22 08:49:01 2021 From: no-reply at openstack.org (no-reply at openstack.org) Date: Wed, 22 Dec 2021 08:49:01 -0000 Subject: [release-announce] openstack-ansible 24.0.0 (xena) Message-ID: We jubilantly announce the release of: openstack-ansible 24.0.0: Ansible playbooks for deploying OpenStack This release is part of the xena release series. The source is available from: https://opendev.org/openstack/openstack-ansible Download the package from: https://tarballs.openstack.org/openstack-ansible/ Please report issues through: https://bugs.launchpad.net/openstack-ansible/+bugs For more details, please see below. 24.0.0 ^^^^^^ New Features ************ * Enable VeNCrypt authentication scheme from noVNC proxy to compute nodes. When using HTTPS, the TLS encryption only applies to data between the tenant user and proxy server. To provide protection from the noVNC proxy to the Compute Nodes, it is necessary to enable the VeNCrypt authentication scheme for VNC. A pre-existing PKI (Public Key Infrastructure) setup is required. Initially to help with the transition from unencrypted VNC to VeNCrypt, compute nodes auth scheme allows for both encrypted and unencrypted sessions using the variable *nova_vencrypt_auth_scheme*, this will be removed in future releases. * UEFI boot support has been added. To migrate from Legacy BIOS mode, define *boot_mode:uefi* as a capability for baremetal nodes that support UEFI. In addition, corresponding flavor(s) will need to be created or modified to include *boot_mode:uefi* as a capability for scheduling to occur against UEFI nodes. * Implemented new variable "connection_recycle_time" responsible for SQLAlchemy's connection recycling * Galera role now leverages PKI role for creation and distribution of the certificates and certificate authorities. This introduces bunch of new variables which controls CA and certificates generation details. If user SSL certificates are provided - they would be used instead of the generated ones. The following new variables were introduced: * galera_ssl_verify * galera_pki_dir * galera_pki_create_ca * galera_pki_regen_ca * galera_pki_certificates * galera_pki_regen_cert * galera_pki_authorities * galera_pki_install_ca * galera_pki_keys_path * galera_pki_certs_path * galera_pki_intermediate_cert_name * galera_pki_intermediate_cert_path * galera_pki_install_certificates * MariaDB now uses TLS encryption by default. Certificate will be issued and signed with internal CA using PKI role. Deployers can disable encrypting MariaDB connections by setting "galera_use_ssl: false" in their user_variables.yml Client certificates could be still provided and they will be distributed with PKI role as well. * Added variable *horizon_policy_overrides* which allows to customize horizon specific policies. As we don't want to carry and maintain horizon policies with OSA, they're retrieved from horizon hosts and adjusted in-place, which means that they won't rollback in case you just remove override. *horizon_policy_overrides* has also non- standart format, as it's nested dictionary, where 1st level key represents service which policy needs to be overriden, and it's value is normal policy override format. * Support for the networking-baremetal mechanism driver and agent has been implemented. The ironic-neutron-agent is a neutron agent that populates the host to physical network mapping for baremetal nodes in neutron. Neutron uses this to calculate the segment to host mapping information. This feature may be enabled by adding "ml2.baremetal" to the "neutron_plugin_types" list in "/etc/openstack_deploy/user_variables.yml". * The "provider_networks" library has been updated to support the definition of bond member interfaces that can automatically be added as bond ports to OVS provider bridges setup during a deployment. This feature is currently limited to DPDK-based deployments. To activate this feature, add the "network_bond_interfaces" key to the respective provider network definition in "openstack_user_config.yml". For more information, refer to the latest Open vSwitch w/ DPDK deployment guide. * Added variables "systemd_run_dir" and "systemd_lock_dir" that allows to control run and lock path for directories that will be used by systemd services. Variables should not include service name since it will be added by default at the end of the provided path. These variables could be also defined as keys inside "systemd_services" and this will have prescedence over default behaviour. * Default run path for systemd services has been changed to "/run" and lock path to "/run/lock". * Nova now defaults to to using the "QEMU-native TLS" feature for live migrations, rather than the deprecated SSH method. A pre- existing PKI (Public Key Infrastructure) setup is required. QEMU-native TLS requires all compute hosts to accept TCP connections on port 16514 and port range 49152 to 49261. More information can be found here: https://docs.openstack.org/nova/latest/admin/secure-live-migration- with-qemu-native-tls.html Deprecation Notes ***************** * For consistency reasons, "octavia_db_pool_size" was deprecated in favor of "octavia_db_max_pool_size" which is in a standardized format used in other repositories. "octavia_db_pool_size" support it will be removed in Yoga release. * For consistency reasons, "neutron_db_pool_size" was deprecated in favor of "neutron_db_max_pool_size" which is in a standardized format used in other repositories. However, it will be supported until Yoga release. * For consistency reasons, the following variables were deprecated in favor of the new ones in a standardized format used in other repositories. "keystone_database_pool_timeout" -> "keystone_db_pool_timeout" "keystone_database_max_pool_size" -> "keystone_db_max_pool_size" "keystone_database_idle_timeout" -> "keystone_db_connection_recycle_time" However, they will be supported until next Yoga release. * "keystone_database_min_pool_size" was deprecated as it's deprecated in oslo.db * Variable "systemd_lock_path" has been dropped and has no effect now. In order to customize lock dir path please use "systemd_lock_dir". Please keep in mind, that for "systemd_lock_dir" you don't need to provide full path like it was with "systemd_lock_path" since service name is added to the end of the path. * Following variables were removed in favor of PKI ones and have no effect anymore: * galera_ssl_self_signed_regen * galera_ssl_self_signed_subject * galera_ssl_ca_self_signed_subject * We removed multiple web server support for keystone and left only Apache since nginx is missing features required for federation setup. With this change following variables are deprecated and have no effect: * keystone_web_server * keystone_centos_nginx_mirror * keystone_centos_nginx_key * keystone_nginx_access_log_format_combined * keystone_nginx_access_log_format_extras * keystone_nginx_ports * keystone_nginx_extra_conf Nginx web server will be removed and replaced with Apache during upgrade. * Variable "nova_enabled_vgpu_types" has been deprecated and is replaced with "nova_enabled_mdev_types". Bug Fixes ********* * Fixed inconsistency in "haproxy_frontend_raw" key naming between documentation and service template. Previously, template generation was expecting "haproxy_raw" instead of the "haproxy_frontend_raw". * For deployers using Keystone as an OIDC-based Service Provider there has been a spelling fix for the OIDCScope setting. Please use "keystone_sp.trusted_idp_list.0.oidc_scope" instead of "keystone_sp.trusted_idp_list.0.idc_scope". * This release addresses an issue which could cause wheels to fail to be built when upgrading from one operating system to another. Upgrading to this release is recommended before attempting an operating system upgrade. Other Notes *********** * Set a new default value for "galera_wait_timeout" which is inherited from global "openstack_db_connection_recycle_time". * Set new default values for db pooling variables which are inherited from the global ones. Changes in openstack-ansible 23.0.0.0rc1..24.0.0 ------------------------------------------------ b88a4783f Bump OpenStack-Ansible for Xena RC2 and release eda30de65 Set galera to use TLS for connections by default d33e0bcd2 Change haproxy variable used to set security headers to haproxy_frontend_raw 9c17fd726 [doc] Add Xena compatible OS 97060d391 Fix ceph-ansible shallow_since 50c8a2283 Add documentation of security improvements made to Openstack Ansible c2f3bfe6a [doc] Clean out project index page for stable branches 9fd96ddc9 Update TOX_CONSTRAINTS_FILE for stable/xena d3e2e3f99 Update .gitreview for stable/xena a0cfc507e Freeze roles for Xena RC1 97b837826 Add nfs deployment scenario b58dbee2a Remove retrievement of config_tempalte as a module 3c76df5f7 Reduce manila CI check memory consumption 76cd97b1e Reduce ceph memory overhead for AIO by setting is_hci to true 1fd3e0c44 Do not fail when nova console is disabled a433db53a Update ceph-ansible release to pacific be16cc841 From now on, we will change default values for database connection pooling in each role 2ea412bae Ensure hardware facts are gathered for galera hosts. b6fe07ecf Add security headers to HAProxy Horizon service b859d5897 Add config_tempalte to collections 92f8639ec Configure HAProxy to check Horizon's login page fbbf1e275 Globally define systemd_lock_dir db79a0f27 Pin uWSGI version 678b14c21 Do not upgrade packages without upgrades 68d8bd272 Remove provider_networks from neutron playbook d7b5f6cda Increase Apache thread limit for keystone 8b7a5e4d0 Deprecate OVN-related haproxy configuration c564ad9a0 Minor update of openstack collection 3504694b4 Fix error in dynamic-address-fact task 3e4fffec9 Bump ansible and collection versions 067df8fb7 Remove note about metal/horizon compatability d27d4daed Add playbook to generate any user defined certificates e62392648 Switch services to track stable/xena 002fb0910 Remove reference to deprecated python-ceilometerclient 834cd874c [doc] Fix netplan sample 78d9a8596 Fix manila haproxy manage 5505d4a14 Use cinder defaults for cinder_management_address 7a2be19d6 Implements framework for ironic_neutron_agent and Neutron 'baremetal' plugin 1c75669df Remove unnecessary pki step in haproxy install a74caa919 Bump OpenStack-Ansible master 6e9da4753 Add serial execution to all playbooks f05092277 Change pki_create_ca condition aeb20518f Bump ansible version to 2.11.5 464d7e5d3 Bump collection versions ffd5f8859 Revert "Add integrated build job to use in sahara repo" 172779f54 Replace deprecated include statement 5e8b57ad0 Bump OpenStack-Ansible master 430a0bc1f Include openstack_services for murano role d1e727ed3 Replace deprecated collection names 6e50398f0 Update pip version e1937b3f1 Switch ceph-ansible to Pacific c9f403099 Enable tempest tests for sahara 2dc1611f1 Add heat service when scenario includes sahara 3d59c738f Add integrated build job to use in sahara repo 6e45de76f Switch CentOS upgrade jobs to Stream ones 5451778f4 Move galera tasks to pre_tasks afebcb984 Set bullseye jobs to voting e48485b83 Add guide for distribution upgrades to docs 3cb74de15 Set doc jobs to voting 9e535931a skip -W on sphinx-build for translation. ed035fb27 Add shallow_since to parallel git clone e1adb7d9f Bump master branch a332bda37 Fix permissions for files created on repo server 9b9d6b883 Revert "set non-voting for broken tox-doc test" 17f92b0f5 haproxy: decrease check interval for letsencrypt back ends de64a324e set non-voting for broken tox-doc test cea883dfc Do not use https for metadata service with calico networking 3088fe204 Deprecate os-panko role 0965d2a22 Moving IRC network reference to OFTC 6e22c20cd Imported Translations from Zanata aab4de765 Start Xena cycle 1ee9b1bbe Update master for stable/wallaby Diffstat (except docs and test files) ------------------------------------- .gitreview | 2 +- ansible-collection-requirements.yml | 15 +- ansible-role-requirements.yml | 235 +++++++++-------- deploy-guide/source/conf.py | 4 +- deploy-guide/source/configure.rst | 2 - .../admin/upgrades/distribution-upgrades.rst | 281 +++++++++++++++++++++ .../admin/upgrades/os-compatibility-matrix.html | 25 ++ etc/netplan/01-static.yml | 2 +- etc/openstack_deploy/conf.d/ceph.yml.aio | 4 + etc/openstack_deploy/conf.d/panko.yml.aio | 3 - etc/openstack_deploy/conf.d/panko.yml.example | 8 - etc/openstack_deploy/env.d/aio_metal.yml.example | 3 - etc/openstack_deploy/user_secrets.yml | 4 - global-requirement-pins.txt | 5 +- inventory/env.d/neutron.yml | 4 + inventory/group_vars/all/all.yml | 14 +- inventory/group_vars/all/ceph.yml | 2 +- inventory/group_vars/all/infra.yml | 1 + inventory/group_vars/all/nova.yml | 4 + inventory/group_vars/cinder_all.yml | 3 - inventory/group_vars/haproxy/haproxy.yml | 74 ++---- inventory/inventory.ini | 6 +- playbooks/ceph-rgw-keystone-setup.yml | 10 +- playbooks/certificate-authority.yml | 2 +- playbooks/certificate-generate.yml | 32 +++ playbooks/common-playbooks/neutron.yml | 20 -- playbooks/common-tasks/dynamic-address-fact.yml | 6 +- playbooks/defaults/distro_install.yml | 1 - playbooks/defaults/repo_packages/gnocchi.yml | 2 +- playbooks/defaults/repo_packages/nova_consoles.yml | 4 +- .../defaults/repo_packages/openstack_services.yml | 220 ++++++++-------- playbooks/etcd-install.yml | 1 + playbooks/galera-install.yml | 19 +- playbooks/haproxy-install.yml | 8 +- playbooks/library/git_requirements.py | 64 +++-- playbooks/memcached-install.yml | 1 + playbooks/os-aodh-install.yml | 1 + playbooks/os-barbican-install.yml | 1 + playbooks/os-blazar-install.yml | 1 + playbooks/os-ceilometer-install.yml | 1 + playbooks/os-cinder-install.yml | 16 +- playbooks/os-designate-install.yml | 1 + playbooks/os-glance-install.yml | 6 +- playbooks/os-gnocchi-install.yml | 1 + playbooks/os-heat-install.yml | 1 + playbooks/os-horizon-install.yml | 1 + playbooks/os-ironic-install.yml | 1 + playbooks/os-magnum-install.yml | 1 + playbooks/os-manila-install.yml | 5 +- playbooks/os-masakari-install.yml | 2 + playbooks/os-mistral-install.yml | 1 + playbooks/os-murano-install.yml | 2 + playbooks/os-neutron-install.yml | 8 +- playbooks/os-octavia-install.yml | 1 + playbooks/os-panko-install.yml | 40 --- playbooks/os-placement-install.yml | 1 + playbooks/os-sahara-install.yml | 1 + playbooks/os-senlin-install.yml | 1 + playbooks/os-tacker-install.yml | 1 + playbooks/os-trove-install.yml | 1 + playbooks/os-zun-install.yml | 1 + playbooks/qdrouterd-install.yml | 2 +- playbooks/rabbitmq-install.yml | 4 +- playbooks/repo-install.yml | 1 + playbooks/setup-hosts.yml | 1 + playbooks/setup-openstack.yml | 1 - playbooks/unbound-install.yml | 1 + playbooks/utility-install.yml | 1 + .../notes/VNC-proxy-security-520e6dac6bad0018.yaml | 16 ++ .../adds-uefi-boot-support-18ad99dd21f7e8be.yaml | 7 + .../notes/ceph_pacific-9952da2810a737c1.yaml | 12 + .../notes/db-pooling-14f33d291a246203.yaml | 2 + .../notes/db-pooling-15b6222fedc2cb8c.yaml | 7 + .../notes/db-pooling-7c42f3aed39d5fc9.yaml | 2 + .../notes/db-pooling-91ac966776313feb.yaml | 7 + .../notes/db-pooling-cec321004b4a8a79.yaml | 4 + .../notes/db-pooling-f078d5d7668377b2.yaml | 11 + ...eprecate-ovn-haproxy-vips-061652cd82342819.yaml | 6 + ...precate_systemd_lock_path-fba3aff8b1b4468d.yaml | 9 + .../notes/dperecate_os_panko-0d2f6822ffc8fd43.yaml | 7 + .../notes/galera_pki-2d6d77a86e8475cd.yaml | 34 +++ .../notes/galera_use_ssl-e906b5ba8b2e62ef.yaml | 9 + .../haproxy_frontend_raw-0811d5d445a66b41.yaml | 6 + .../horizon_policy_overrides-ca84702ef993ea92.yaml | 10 + .../keystone_drop_nginx-5e7791d22f0be48a.yaml | 16 ++ ...etal-plugin-agent-support-cfb06fa4faf85bdc.yaml | 8 + .../notes/neutron-dpdk-bonds-4dd98fc0b341ebfb.yaml | 10 + .../notes/nova_mdev_types-df92fb3d1ce339ec.yaml | 5 + ...e-oidc-scope-spelling-fix-3051b95adeb37901.yaml | 7 + ...-upgrade-requirements-fix-bcc81b049339e9b5.yaml | 7 + .../notes/security-headers-87de60203899fdbb.yaml | 19 ++ .../systemd_run_lock_dir-5b4b0cad9c860ce0.yaml | 12 + .../notes/tls-migration-3ed93cc04dab5eee.yaml | 13 + releasenotes/source/index.rst | 1 + releasenotes/source/wallaby.rst | 6 + scripts/bootstrap-ansible.sh | 2 +- scripts/gate-check-commit.sh | 2 +- scripts/get-ansible-role-requirements.yml | 5 +- scripts/openstack-ansible.rc | 5 +- scripts/run-upgrade.sh | 12 +- .../bootstrap-host/tasks/prepare_aio_config.yml | 16 +- .../templates/user_variables.aio.yml.j2 | 5 +- .../templates/user_variables_ceph.yml.j2 | 1 + .../templates/user_variables_manila.yml.j2 | 6 +- .../templates/user_variables_murano.yml.j2 | 2 +- .../templates/user_variables_nfs.yml.j2 | 9 + .../templates/user_variables_sahara.yml.j2 | 26 +- tox.ini | 5 +- zuul.d/jobs.yaml | 26 +- zuul.d/project-templates.yaml | 22 +- 134 files changed, 1585 insertions(+), 720 deletions(-) From no-reply at openstack.org Thu Dec 23 09:04:43 2021 From: no-reply at openstack.org (no-reply at openstack.org) Date: Thu, 23 Dec 2021 09:04:43 -0000 Subject: [release-announce] octavia 8.0.1 (wallaby) Message-ID: We contentedly announce the release of: octavia 8.0.1: OpenStack Octavia Scalable Load Balancer as a Service This release is part of the wallaby stable release series. The source is available from: https://opendev.org/openstack/octavia Download the package from: https://pypi.org/project/octavia Please report issues through: https://storyboard.openstack.org/#!/project/908 For more details, please see below. 8.0.1 ^^^^^ Deprecation Notes ***************** * The "[amphora_agent].agent_server_network_file" configuration option is now deprecated, the new Amphora network configuration tool introduced in Xena does not support a single configuration file. Bug Fixes ********* * Amphora network configuration for the VIP interface and the pool member interfaces are now applied with the amphora-interface tool. amphora-interface uses pyroute2 low-level functions to configure the interfaces instead of distribution-specific tools such as "network- scripts" or "/etc/network/interfaces" files. * Disable conntrack for TCP flows in the Amphora, it reduces memory usage for HAProxy-based listeners and prevents some kernel warnings about dropped packets. * Fix an issue with amphorav2 driver, a failover of an amphora created an amphora with an ERROR status. * Fixes loadbalancer creation failure when one of the listener port matches with the octavia generated peer ports and the allowed_cidr is explicitly set to 0.0.0.0/0 on the listener. This is due to creation of two security group rules with remote_ip_prefix as None and remote_ip_prefix as 0.0.0.0/0 which neutron rejects the second request with security group rule already exists. * Fix a serialization error when using host_routes in VIP subnets when persistence in the amphorav2 driver is enabled. * Fixed MAX_TIMEOUT for timeout_client_data, timeout_member_connect, timeout_member_data, timeout_tcp_inspect API listener. The value was reduced from 365 days to 24 days, which now does not exceed the value of the data type in DB. * Fixed an issue with the "lo" interface in the "amphora-haproxy" network namespace. The "lo" interface was down and prevented haproxy to communicate with other haproxy processes (for persistent stick tables) on configuration change. It delayed old haproxy worker cleanup and increased the memory consumption usage after reloading the configuration. * Increase the limit value for nr_open and file-max in the amphora, the new value is based on what HAProxy 2.x is expecting from the system with the greatest maxconn value that Octavia can set. * Fix an issue with the provisioning status of a load balancer that was set to ERROR too early when an error occurred, making the load balancer mutable while the execution of the tasks for this resources haven't finished yet. * Fix an issue that could set the provisioning status of a load balancer to a PENDING_UPDATE state when an error occurred in the amphora failover flow. * Fix weighted round-robin for UDP and SCTP listeners with keepalived and lvs. The algorithm must be specified as 'wrr' in order for weighted round-robin to work correctly, but was being set to 'rr'. Changes in octavia 8.0.0..8.0.1 ------------------------------- 9b7791db Fix LB set in ERROR too early in MapLoadbalancerToAmphora f700bdbb Fix LB set in ERROR too early in the revert flow 77a87a7f Fix failover of az-specific loadbalancers 60b14c69 Fix management network selection when calculating deltas 19058596 Disable conntrack for TCP flows in the amphora e692201f Fix duplicate SG creation for listener peer port 4dbca788 Fix MAX_TIMEOUT value for listener c524eaf1 Fix PlugVIPAmphora revert function in amphorav2 de2f752e Add generic network interface management in the amphora f55376bf Update nr_open limit value in the amphora 6367a849 Fix using host_routes in VIP subnet with amphorav2 f16f72cc Add caps for pip-extra-reqs/pip-missing-reqs 9ba11825 Enable lo interface in the amphora-haproxy netns bd01b2b0 Fix race conditions between API and worker DB calls 20db85fd Fix comment for the ca_certificates_file opt adb454b2 Optimize CountPoolChildrenForQuota task in amphorav2 19504cef Fix amphora failover flow in amphorav2 driver a53e2eab Fix task_flow.max_workers with persistence in amphorav2 e06530e6 Fix jobboard_enabled setting in devstack 168f1a12 Fix devstack cleanup when using amphorav2 46979a0d Cap hacking and pylint d9603b3d Fix weighted round-robin about UDP and SCTP listener Diffstat (except docs and test files) ------------------------------------- devstack/plugin.sh | 12 +- .../75-amphora-agent-install | 3 + .../static/usr/local/bin/lvs-masquerade.sh | 27 + .../post-install.d/20-haproxy-tune-kernel | 4 +- etc/octavia.conf | 17 +- octavia/amphorae/backends/agent/agent_jinja_cfg.py | 2 - .../backends/agent/api_server/loadbalancer.py | 5 - .../amphorae/backends/agent/api_server/osutils.py | 512 +----------- octavia/amphorae/backends/agent/api_server/plug.py | 56 +- .../amphorae/backends/agent/api_server/server.py | 2 + .../api_server/templates/amphora-netns.systemd.j2 | 6 +- .../api_server/templates/plug_port_ethX.conf.j2 | 43 - .../api_server/templates/plug_vip_ethX.conf.j2 | 82 -- .../api_server/templates/rh_plug_port_ethX.conf.j2 | 47 -- .../rh_plug_port_eth_ifdown_local.conf.j2 | 19 - .../templates/rh_plug_port_eth_ifup_local.conf.j2 | 19 - .../api_server/templates/rh_plug_vip_ethX.conf.j2 | 60 -- .../templates/rh_plug_vip_ethX_alias.conf.j2 | 29 - .../api_server/templates/rh_route_ethX.conf.j2 | 29 - .../api_server/templates/rh_rule_ethX.conf.j2 | 17 - .../agent/api_server/templates/systemd.conf.j2 | 2 +- .../agent/api_server/templates/sysvinit.conf.j2 | 6 +- .../agent/api_server/templates/upstart.conf.j2 | 6 +- octavia/amphorae/backends/agent/api_server/util.py | 6 +- .../agent/templates/amphora_agent_conf.template | 3 - octavia/amphorae/backends/utils/interface.py | 237 ++++++ octavia/amphorae/backends/utils/interface_file.py | 218 +++++ octavia/cmd/interface.py | 90 ++ octavia/common/base_taskflow.py | 5 +- octavia/common/config.py | 9 +- octavia/common/constants.py | 41 +- octavia/common/exceptions.py | 5 + octavia/common/jinja/lvs/jinja_cfg.py | 2 +- .../worker/v1/tasks/amphora_driver_tasks.py | 8 - .../controller/worker/v1/tasks/database_tasks.py | 51 +- .../controller/worker/v1/tasks/network_tasks.py | 8 +- octavia/controller/worker/v2/controller_worker.py | 36 +- .../controller/worker/v2/flows/amphora_flows.py | 4 + .../worker/v2/tasks/amphora_driver_tasks.py | 16 +- .../controller/worker/v2/tasks/database_tasks.py | 96 +-- .../controller/worker/v2/tasks/network_tasks.py | 11 +- octavia/db/repositories.py | 10 + .../drivers/neutron/allowed_address_pairs.py | 17 +- .../backend/agent/api_server/test_server.py | 894 ++++++++++---------- .../backends/agent/api_server/test_osutils.py | 432 ++-------- .../backends/agent/api_server/test_plug.py | 139 ---- .../backends/agent/api_server/test_util.py | 2 +- .../backends/agent/test_agent_jinja_cfg.py | 8 - .../unit/amphorae/backends/utils/test_interface.py | 902 +++++++++++++++++++++ .../amphorae/backends/utils/test_interface_file.py | 583 +++++++++++++ .../sample_configs/sample_configs_combined.py | 8 +- .../worker/v1/tasks/test_amphora_driver_tasks.py | 37 +- .../worker/v1/tasks/test_database_tasks.py | 110 +-- .../worker/v2/flows/test_amphora_flows.py | 6 +- .../worker/v2/tasks/test_amphora_driver_tasks.py | 42 +- .../worker/v2/tasks/test_database_tasks.py | 125 +-- .../worker/v2/tasks/test_database_tasks_quota.py | 36 +- .../worker/v2/tasks/test_network_tasks.py | 18 +- .../controller/worker/v2/test_controller_worker.py | 24 +- .../drivers/neutron/test_allowed_address_pairs.py | 30 + ...work-interface-management-d77bc9905ed997f6.yaml | 13 + ...disable-conntrack-for-tcp-01ef6948d99353c2.yaml | 6 + ...mphora-failover-amphorav2-b19a76ccfdc75245.yaml | 5 + ...fix-duplicate-sg-creation-0c502a5d2d8c276d.yaml | 9 + ...amphorav2-and-persistence-54b99d651a4ee9c4.yaml | 5 + .../fix-listener-MAX_TIMEOUT-4c4fdf804a96c34b.yaml | 7 + ...o-interface-amphora-netns-90fb9934026e1485.yaml | 8 + .../fix-nr_open-limit-value-7f475c3e301a608d.yaml | 6 + ...isioning-status-on-errors-7f3736ef6e94d453.yaml | 9 + ...udp-and-sctp-listener-wrr-50de9dc0774a8ea1.yaml | 6 + setup.cfg | 1 + test-requirements.txt | 4 +- tox.ini | 18 +- 79 files changed, 3248 insertions(+), 2429 deletions(-) Requirements updates -------------------- diff --git a/test-requirements.txt b/test-requirements.txt index a4e7a9ba..d1dd6b6d 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -4 +4 @@ -hacking>=3.0 # Apache-2.0 +hacking>=3.0,<4.1.0 # Apache-2.0 @@ -11 +11 @@ oslotest>=3.2.0 # Apache-2.0 -pylint>=2.5.3 # GPLv2 +pylint>=2.5.3,<2.8 # GPLv2 From no-reply at openstack.org Thu Dec 23 09:08:08 2021 From: no-reply at openstack.org (no-reply at openstack.org) Date: Thu, 23 Dec 2021 09:08:08 -0000 Subject: [release-announce] octavia 9.0.1 (xena) Message-ID: We are glad to announce the release of: octavia 9.0.1: OpenStack Octavia Scalable Load Balancer as a Service This release is part of the xena stable release series. The source is available from: https://opendev.org/openstack/octavia Download the package from: https://pypi.org/project/octavia Please report issues through: https://storyboard.openstack.org/#!/project/908 For more details, please see below. 9.0.1 ^^^^^ Bug Fixes * Fix an issue with the provisioning status of a load balancer that was set to ERROR too early when an error occurred, making the load balancer mutable while the execution of the tasks for this resources haven't finished yet. * Fix an issue that could set the provisioning status of a load balancer to a PENDING_UPDATE state when an error occurred in the amphora failover flow. Changes in octavia 9.0.0..9.0.1 ------------------------------- 4039d35c Fix LB set in ERROR too early in the revert flow 45c992c1 Fix failover of az-specific loadbalancers 8681637d Fix management network selection when calculating deltas 26c75ccd Pin pylint on stable/xena a741bcea Update TOX_CONSTRAINTS_FILE for stable/xena 50db4b50 Update .gitreview for stable/xena Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + .../amphora-agent/source-repository-amphora-agent | 4 +- elements/octavia-lib/source-repository-octavia-lib | 2 +- .../worker/v1/tasks/amphora_driver_tasks.py | 8 -- .../controller/worker/v1/tasks/database_tasks.py | 46 +---------- .../controller/worker/v1/tasks/network_tasks.py | 8 +- .../controller/worker/v2/flows/amphora_flows.py | 4 + .../worker/v2/tasks/amphora_driver_tasks.py | 10 --- .../controller/worker/v2/tasks/database_tasks.py | 81 ++----------------- .../controller/worker/v2/tasks/network_tasks.py | 8 +- .../worker/v1/tasks/test_amphora_driver_tasks.py | 37 +-------- .../worker/v1/tasks/test_database_tasks.py | 78 ++---------------- .../worker/v2/flows/test_amphora_flows.py | 3 +- .../worker/v2/tasks/test_amphora_driver_tasks.py | 37 +-------- .../worker/v2/tasks/test_database_tasks.py | 93 +++------------------- .../worker/v2/tasks/test_network_tasks.py | 6 +- ...isioning-status-on-errors-7f3736ef6e94d453.yaml | 9 +++ test-requirements.txt | 2 +- tox.ini | 8 +- 19 files changed, 68 insertions(+), 377 deletions(-) Requirements updates -------------------- diff --git a/test-requirements.txt b/test-requirements.txt index a4e7a9ba..9c58f385 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -11 +11 @@ oslotest>=3.2.0 # Apache-2.0 -pylint>=2.5.3 # GPLv2 +pylint>=2.5.3,<=2.10.2 # GPLv2