[release-announce] kolla-ansible 12.4.0 (wallaby)
no-reply at openstack.org
no-reply at openstack.org
Tue Jun 7 11:14:50 UTC 2022
We joyfully announce the release of:
kolla-ansible 12.4.0: Ansible Deployment of Kolla containers
This release is part of the wallaby stable release series.
The source is available from:
https://opendev.org/openstack/kolla-ansible
Download the package from:
https://tarballs.openstack.org/kolla-ansible/
Please report issues through:
https://bugs.launchpad.net/kolla-ansible/+bugs
For more details, please see below.
12.4.0
^^^^^^
New Features
************
* Adds a "tls_connect" module to the Prometheus blackbox exporter.
This can be used to test connectivity of TLS servers.
* New switches added to control deployment of the Masakari monitors.
The deployment of each type of monitors can be controlled
individually via "enable_masakari_instancemonitor" and
"enable_masakari_hostmonitor". By default, both are set to "true"
when the deployment of the Masakari is enabled via
"enable_masakari".
* Implements container healthchecks for ironic-neutron-agent
service. See blueprint
* Adds support for libvirt SASL authentication. It is enabled by
default. LP#1964013
Known Issues
************
* Existing fluentd log rotation failed to delete old haproxy, swift,
glance-tls-proxy and neutron-tls-proxy logs. These will not be
deleted by the new logrotate config and will have to be removed
manually.
Upgrade Notes
*************
* RabbitMQ's Prometheus plugin is no longer enabled by default if
Prometheus is not deployed. If external Prometheus is used, you need
to turn on "rabbitmq_enable_prometheus_plugin" to get old behaviour.
* An HTTP server is now always deployed for Ironic conductor, while
previously it was only deployed when iPXE is enabled.
In the Wallaby release, Ironic changed the default deploy driver
from iSCSI to direct. In the Xena release, Ironic removed the iSCSI
driver. The recommended deploy driver is "direct", which uses HTTP
to transfer the disk image. This requires an HTTP server, and the
simplest option is to use the one previously deployed when
"enable_ironic_ipxe" is set to "true".
* The addition of libvirt SASL authentication requires a new
password in "passwords.yml", "libvirt_sasl_password". This may be
generated using the existing "kolla-genpwd" and "kolla-mergepwd"
tooling.
* The addition of libvirt SASL authentication requires both the
"nova_libvirt" and "nova_compute" containers to be updated
simultaneously, using new images with the necessary Cyrus SASL
dependencies, as well as configuration containing the SASL
credentials.
* update the default value of node_custom_config to {{ node_config
}}/config, when specified using --configdir
Security Issues
***************
* Explicitly removes the "net.ipv4.ip_forward" sysctl from
"/etc/sysctl.conf" on hosts with Neutron L3 Agent. In the absence of
another source for this sysctl, it should revert to the default of 0
after the next reboot. This is a follow up to a previous change
which stopped setting the sysctl, but leaves existing systems with
the original value of 1 set.
A deployer looking to more aggressively change the value may set
"neutron_l3_agent_host_ipv4_ip_forward" to 0 using a Yoga release of
Kolla Ansible. This option will be removed in future. Any
deployments still relying on the previous value may set
"neutron_l3_agent_host_ipv4_ip_forward" to 1. LP#1945453
* Fixes an issue where the default configuration of libvirt did not
use authentication for the API exposed over TCP on the internal API
network. This allowed anyone with access to the internal API network
read-write access to libvirt. While the internal API network is
typically trusted, other services on this network generally at least
require authentication.
SASL authentication is now enabled for libvirt by default. Kolla
Ansible supports libvirt TLS since the Train release, and this is
recommended to provide a higher level of security. LP#1964013
Bug Fixes
*********
* Fixes an issue with an OIDC authentication flow requiring
unnecessary action from the user. Redirecting to the target IdP page
now happens automatically. LP#930055
* Removes custom value of "max_allowed_secret_in_bytes" in
"barbican.conf". The default maximum size in Barbican was doubled to
avoid issues with some certificates. LP #1957795
* Fixed the deployment failure of outward_rabbitmq by resolving port
conflicts by customizing RabbitMQ's "prometheus.tcp.port". LP
#1885106
* Use Volume V3 API in OpenStack exporter. Volume V2 API has been
removed since OpenStack Wallaby. LP#1938194
* Fixes the copy job for grafana custom home dashboard file. The
copy job for the grafana home dashboard file needs to run
priviliged, otherwise permission denied error occurs. LP#[1947710]
* Fixes Octavia's "Connection refused" errors by adding
"ovn_sb_connection" to "octavia.conf". LP#195011
* Ironic API and Ironic Inspector API use separate policy files.
Ironic role was updated to be able to handle both policies
separately. LP#1952948
* Continue to run all actions if one action failed in Elasticsearch
curator. LP#1954720
* Fixes Placement no logrotate configuration LP#1954723
* Fixes Nova resize failing when "migration_interface" is
customised. LP#1956976
* Fixes unable to connect to zun console when
"kolla_enable_tls_external" is true. Access to console of any zun
container fails when "kolla_enable_tls_external" is true. This fix
sets the protocol for wsproxy "base_url" in "zun.conf" according to
the value of "kolla_enable_tls_external" LP#1957117
* Fixes Glance with Cinder iSCSI backend failing due to lack of
lock_path setting. LP#1959663
* Fixes logrotate config missing for openvswitch and prometheus
services. LP#1961795
* Fixes an issue with Ironic's PXE components not getting updated on
upgrade. LP#1963752
* Fixes configuration of the Prometheus HTTP API URL when using the
Prometheus collector in CloudKitty. LP#1961615
* Fix the apache's wsgi configuration for the aodh service in
Debuntu binary flavours. LP#1953059
* Fixes the baremetal role to avoid an error "Unable to remove
"libvirtd". Now the symlink
/etc/apparmor.d/disable/usr.sbin.libvirtd is created by the role.
LP#1960302
* Existing fluentd log rotation failed to delete old haproxy, swift,
glance-tls-proxy and neutron-tls-proxy logs. Standardise rotation
and deletion of logs using logrotate.
* Fixes an issue with setting up OIDC based Keystone federation
against IDP that has a different response type than id_token. This
can now be set using a new variable
"keystone_federation_oidc_response_type". LP#1959781
* adds back the option to configure the rabbitmq clustering
interface via kolla *LP#1900160 <https://bugs.launchpad.net/kolla-
ansible/+bug/1900160>*
* Fixes an issue seen when using Jinja2 3.1.0.
* Fixes an issue with Masakari instance monitor when libvirt SASL is
enabled. libvirt SASL was enabled by default in a recent change to
Kolla Ansible. LP#1965754
* Fixes the configuration option setting the type of endpoint used
by Neutron to send requests to Placement. LP#1960503
* Fixes a configuration issue with Node Exporter causing all file
system metrics of a host to be identical. LP#1961438
* Fixes an issue where a failure of any Nova compute service to
register itself would cause only the host querying the nova API to
fail. Now, only hosts that fail to register will fail the Kolla
Ansible run. Alternatively, to fail all hosts in a cell when any
compute service fails to register, set
"nova_compute_registration_fatal" to "true". LP#1940119
* The prometheus openstack exporters are now behind haproxy,
providing a unique time series in the prometheus database. Also
ensures that only one exporter queries the openstack APIs at any
given time interval. With the previous behavior each openstack
exporter was scraped at the same time. This caused each exporter to
query the openstack APIs simultaneously introducing unneccesary load
and duplicate time series in the prometheus database due to the
instance label being unique for each exporter. LP#1972818
* Fixes an issue where RabbitMQ was configured to mirror classic
transient queues for all services. According to the RabbitMQ
documentation this is not a supported configuration, and contributed
to numerous bug reports. In order to avoid making unexpected changes
to the RabbitMQ cluster, it is necessary to set
"rabbitmq_remove_ha_all_policy" to "yes" in order to apply this fix.
This variable will be removed in the Yoga release. LP#1954925
* Fixes an issue with Cinder upgrade where Cinder services would
remain pinned to the previous release's RPC & object versions.
LP#1954932
Changes in kolla-ansible 12.3.0..12.4.0
---------------------------------------
bbbebc524 Control Masakari monitors deploy
d34dd8125 Make redis connection string configurable
4e991a98e [CI] Nullify attempts
6a1764885 talk TLS to openstack exporter via haproxy
a53f31bd0 genpwd: handle lack of password file nicer
6281603a5 Use 'cloudkitty_influxdb_use_ssl' when creatign InfluxDB database
59f46c248 masakari: support libvirt SASL in instance monitor
3184bd6ca [CI] Restore token critical error filter
3d25b7169 Grafana: Run priviliged when copying home dashboard file
3c2f416f4 Put openstack exporter behind HAproxy so only one is queried at a time
95d14f52b [CI] Raise [keystone_authtoken]http_request_max_retries
7b07d71c6 [CI] Always use quay.io via infra's mirror
219c39500 nova: improve compute service registration failure handling
fdb52f71a nova: use any_errors_fatal for once-per-cell tasks
1f9c13ad8 [CI] Make kolla-build quiet
b9efda413 added missing become in ovs-dpdk role
8e1c98d98 Allow removal of classic queue mirroring for internal RabbitMQ
51c2edf11 Use jinja2.pass_context instead of contextfilter
29ef33cbe re-add rabbitmq config for clustering interface
d63ebbd8b designate: fix external backend deployment
01fd3b779 Ironic: rebootstrap ironic-pxe on upgrade
4d61344c1 cinder: restart services after upgrade
fd99f70f4 CI: pin ansible-lint to <6
af6b3edfa libvirt: support SASL authentication
35ea7baf6 Fix prechecks for "Ironic iPXE" container
6b33c81aa [CI] Use Tenks in Ironic job
28f1b12e8 [CI] Test Ironic when touching Neutron
6033d070a [CI] Test Ironic on Debian
b59ba5bcf Explicitly unset net.ipv4.ip_forward sysctl
fb4f64c18 Fix hard coded OIDC response type
9cc98b719 Remove grafana [session] configuration
4a2d6b385 Add openvswitch and prometheus to logrotate
5ccc1fdb5 Fix location of release note for ironic-neutron-agent healthcheck
9e9682706 cloudkitty: fix URL used for Prometheus collector
ae46e80f3 Configure node-exporter to report correct file system metrics
5fadf566d Fix fluentd v1 buffer syntax issue
9c532f43b Refactor fluentd syslog logging
f582c52d7 CI: Fix new ansible-lint failures
9b3b2fdab Fix Apparmor libvirt profile removal
d95eb6a26 neutron: fix placement endpoint type configuration
78754d825 [CI] Check fluentd errors
b33c6fa91 Fix log rotation for fluentd created files
c3d8684fe Glance: add lock_path setting
ac6051f54 [CI] Replace parted with lsblk
501c8dec8 Add OIDCDiscoverURL mod_oidc option
25b00b5cf prometheus: add tls_connect blackbox module
0299a3d22 Fix usage of Subject Alternative Name for TLS
bcd8d23a5 update the default value of node_custom_config
170bca95e Make nova_ssh listen on api_interface as well
30d23f380 Use Docker healthchecks for ironic-neutron-agent services
b71004365 Continue to run all actions if one action failed in curator
ff92636dd Revert "[CI] [to-revert] Avoid upgrades on CentOS Stream 8"
e477227ca Remove custom value of max_allowed_secret_in_bytes
735b094f5 Fix permission denied errors with ping on c8s
4bdd9202c [CI] [to-revert] Avoid upgrades on CentOS Stream 8
8616af8f2 Add logrotate to libvirt service
52afd1bdc Access to zun container fails when tls_external enabled.
905df8b6c OpenID Connect certifiate file is optional
a7c13ad8b ironic: always enable conductor HTTP server
5db2066e5 Add logrotate configuration for placement service
8f98c4adb rabbitmq: enable/disable prometheus plugin follow up
1da4abcb7 docs: adjust to current defaults
b23bab245 Support enable/disable rabbitmq prometheus plugins
aca6cbfd0 CI: check-logs - add another exception
4515dc150 Use Volume V3 API in OpenStack exporter
6cb0e1062 Move project_name and kolla_role_name to role vars
d640a3aff [CI] Drop unused nodeset
9c80df349 horizon: move horizon_enable_tls_backend to group_vars
46249ad5e Add ironic-inspector policy configuration
918397c08 Add ovn_sb_connection to octavia.conf
82f248bcc Fix aodh wsgi config file in Debuntu binary
Diffstat (except docs and test files)
-------------------------------------
.ansible-lint | 6 +
ansible/group_vars/all.yml | 14 +-
ansible/nova.yml | 4 +
ansible/roles/aodh/defaults/main.yml | 2 -
ansible/roles/aodh/templates/wsgi-aodh.conf.j2 | 4 -
ansible/roles/aodh/vars/main.yml | 2 +
ansible/roles/barbican/defaults/main.yml | 2 -
ansible/roles/barbican/templates/barbican.conf.j2 | 1 -
ansible/roles/barbican/vars/main.yml | 2 +
ansible/roles/baremetal/tasks/install.yml | 2 +-
ansible/roles/baremetal/tasks/post-install.yml | 6 +-
ansible/roles/baremetal/tasks/pre-install.yml | 9 +
ansible/roles/bifrost/defaults/main.yml | 2 -
ansible/roles/bifrost/vars/main.yml | 2 +
ansible/roles/blazar/defaults/main.yml | 2 -
ansible/roles/blazar/vars/main.yml | 2 +
ansible/roles/ceilometer/defaults/main.yml | 2 -
ansible/roles/ceilometer/vars/main.yml | 2 +
.../roles/certificates/tasks/generate-backend.yml | 2 +
ansible/roles/certificates/tasks/generate.yml | 4 +
.../templates/openssl-kolla-internal.cnf.j2 | 4 +-
.../certificates/templates/openssl-kolla.cnf.j2 | 4 +-
ansible/roles/chrony/defaults/main.yml | 2 -
ansible/roles/chrony/vars/main.yml | 2 +
ansible/roles/cinder/defaults/main.yml | 11 +-
ansible/roles/cinder/handlers/main.yml | 20 ++
ansible/roles/cinder/tasks/reload.yml | 10 +
ansible/roles/cinder/tasks/upgrade.yml | 2 +
ansible/roles/cinder/vars/main.yml | 2 +
ansible/roles/cloudkitty/defaults/main.yml | 6 +-
ansible/roles/cloudkitty/tasks/bootstrap.yml | 1 +
ansible/roles/cloudkitty/vars/main.yml | 2 +
ansible/roles/collectd/defaults/main.yml | 2 -
ansible/roles/collectd/vars/main.yml | 2 +
ansible/roles/common/defaults/main.yml | 26 ++-
ansible/roles/common/tasks/config.yml | 7 +-
.../conf/filter/00-record_transformer.conf.j2 | 27 +--
.../common/templates/conf/output/00-local.conf.j2 | 217 ++-------------------
.../common/templates/conf/output/01-es.conf.j2 | 6 +-
.../templates/conf/output/02-monasca.conf.j2 | 4 +-
.../templates/cron-logrotate-haproxy.conf.j2 | 2 +-
.../templates/cron-logrotate-nova-libvirt.conf.j2 | 3 +
.../templates/cron-logrotate-openvswitch.conf.j2 | 3 +
.../templates/cron-logrotate-placement.conf.j2 | 3 +
.../templates/cron-logrotate-prometheus.conf.j2 | 3 +
ansible/roles/common/templates/fluentd.json.j2 | 27 +--
ansible/roles/common/vars/main.yml | 2 +
ansible/roles/cyborg/defaults/main.yml | 2 -
ansible/roles/cyborg/vars/main.yml | 2 +
ansible/roles/designate/defaults/main.yml | 2 -
ansible/roles/designate/tasks/backend_external.yml | 2 +
ansible/roles/designate/vars/main.yml | 2 +
ansible/roles/elasticsearch/defaults/main.yml | 2 -
.../templates/elasticsearch-curator-actions.yml.j2 | 14 +-
ansible/roles/elasticsearch/vars/main.yml | 2 +
ansible/roles/etcd/defaults/main.yml | 2 -
ansible/roles/etcd/vars/main.yml | 2 +
ansible/roles/freezer/defaults/main.yml | 2 -
ansible/roles/freezer/vars/main.yml | 2 +
ansible/roles/glance/defaults/main.yml | 2 -
ansible/roles/glance/templates/glance-api.conf.j2 | 3 +
ansible/roles/glance/vars/main.yml | 2 +
ansible/roles/gnocchi/defaults/main.yml | 2 -
ansible/roles/gnocchi/vars/main.yml | 2 +
ansible/roles/grafana/defaults/main.yml | 2 -
ansible/roles/grafana/tasks/config.yml | 1 +
ansible/roles/grafana/templates/grafana.ini.j2 | 8 -
ansible/roles/grafana/vars/main.yml | 2 +
ansible/roles/hacluster/defaults/main.yml | 2 -
ansible/roles/hacluster/vars/main.yml | 2 +
ansible/roles/haproxy-config/defaults/main.yml | 2 -
ansible/roles/haproxy-config/vars/main.yml | 2 +
ansible/roles/haproxy/defaults/main.yml | 2 -
ansible/roles/haproxy/vars/main.yml | 2 +
ansible/roles/heat/defaults/main.yml | 2 -
ansible/roles/heat/vars/main.yml | 2 +
ansible/roles/horizon/defaults/main.yml | 7 -
ansible/roles/horizon/vars/main.yml | 2 +
ansible/roles/influxdb/defaults/main.yml | 2 -
ansible/roles/influxdb/vars/main.yml | 2 +
ansible/roles/ironic/defaults/main.yml | 6 +-
ansible/roles/ironic/tasks/bootstrap.yml | 19 --
ansible/roles/ironic/tasks/bootstrap_service.yml | 19 ++
ansible/roles/ironic/tasks/config.yml | 42 +++-
ansible/roles/ironic/tasks/precheck.yml | 1 -
.../ironic/templates/ironic-inspector.json.j2 | 8 +-
ansible/roles/ironic/templates/ironic.conf.j2 | 7 +-
ansible/roles/ironic/vars/main.yml | 2 +
ansible/roles/iscsi/defaults/main.yml | 2 -
ansible/roles/iscsi/vars/main.yml | 2 +
ansible/roles/kafka/defaults/main.yml | 2 -
ansible/roles/kafka/vars/main.yml | 2 +
ansible/roles/keystone/defaults/main.yml | 3 +-
.../keystone/tasks/config-federation-oidc.yml | 1 +
.../roles/keystone/templates/wsgi-keystone.conf.j2 | 3 +-
ansible/roles/keystone/vars/main.yml | 2 +
ansible/roles/kibana/defaults/main.yml | 2 -
ansible/roles/kibana/vars/main.yml | 2 +
ansible/roles/kuryr/defaults/main.yml | 1 -
ansible/roles/kuryr/vars/main.yml | 2 +
ansible/roles/magnum/defaults/main.yml | 2 -
ansible/roles/magnum/vars/main.yml | 2 +
ansible/roles/manila/defaults/main.yml | 2 -
ansible/roles/manila/vars/main.yml | 2 +
ansible/roles/mariadb/defaults/main.yml | 2 -
ansible/roles/mariadb/vars/main.yml | 2 +
ansible/roles/masakari/defaults/main.yml | 17 +-
ansible/roles/masakari/tasks/config.yml | 18 ++
ansible/roles/masakari/templates/auth.conf.j2 | 6 +
.../templates/masakari-instancemonitor.json.j2 | 8 +-
ansible/roles/masakari/vars/main.yml | 2 +
ansible/roles/memcached/defaults/main.yml | 2 -
ansible/roles/memcached/vars/main.yml | 2 +
ansible/roles/mistral/defaults/main.yml | 2 -
ansible/roles/mistral/vars/main.yml | 2 +
ansible/roles/monasca/defaults/main.yml | 2 -
ansible/roles/monasca/vars/main.yml | 2 +
ansible/roles/multipathd/defaults/main.yml | 2 -
ansible/roles/multipathd/vars/main.yml | 2 +
ansible/roles/murano/defaults/main.yml | 2 -
ansible/roles/murano/vars/main.yml | 2 +
ansible/roles/neutron/defaults/main.yml | 17 +-
ansible/roles/neutron/tasks/config-host.yml | 2 +
ansible/roles/neutron/templates/neutron.conf.j2 | 2 +-
ansible/roles/neutron/vars/main.yml | 2 +
ansible/roles/nova-cell/defaults/main.yml | 20 +-
ansible/roles/nova-cell/handlers/main.yml | 15 ++
ansible/roles/nova-cell/tasks/config.yml | 20 ++
ansible/roles/nova-cell/tasks/deploy.yml | 3 +-
.../roles/nova-cell/tasks/discover_computes.yml | 89 ++-------
ansible/roles/nova-cell/tasks/precheck.yml | 17 +-
.../nova-cell/tasks/wait_discover_computes.yml | 89 +++++++++
ansible/roles/nova-cell/templates/auth.conf.j2 | 6 +
ansible/roles/nova-cell/templates/libvirtd.conf.j2 | 3 +-
.../roles/nova-cell/templates/nova-compute.json.j2 | 8 +-
.../roles/nova-cell/templates/nova-libvirt.json.j2 | 12 ++
ansible/roles/nova-cell/templates/sasl.conf.j2 | 2 +
ansible/roles/nova-cell/templates/sshd_config.j2 | 3 +
ansible/roles/nova-cell/vars/main.yml | 6 +
ansible/roles/nova/defaults/main.yml | 2 -
ansible/roles/nova/vars/main.yml | 2 +
ansible/roles/octavia/defaults/main.yml | 2 -
ansible/roles/octavia/templates/octavia.conf.j2 | 1 +
ansible/roles/octavia/vars/main.yml | 2 +
ansible/roles/openvswitch/defaults/main.yml | 2 -
ansible/roles/openvswitch/vars/main.yml | 2 +
ansible/roles/ovn/defaults/main.yml | 2 -
ansible/roles/ovn/vars/main.yml | 2 +
ansible/roles/ovs-dpdk/defaults/main.yml | 1 -
ansible/roles/ovs-dpdk/tasks/config.yml | 2 +
ansible/roles/ovs-dpdk/vars/main.yml | 2 +
ansible/roles/panko/defaults/main.yml | 2 -
ansible/roles/panko/vars/main.yml | 2 +
ansible/roles/placement/defaults/main.yml | 2 -
ansible/roles/placement/vars/main.yml | 2 +
ansible/roles/prometheus/defaults/main.yml | 11 +-
ansible/roles/prometheus/templates/clouds.yml.j2 | 1 +
.../templates/prometheus-blackbox-exporter.yml.j2 | 4 +
.../templates/prometheus-node-exporter.json.j2 | 2 +-
.../roles/prometheus/templates/prometheus.yml.j2 | 7 +-
ansible/roles/prometheus/vars/main.yml | 2 +
ansible/roles/qdrouterd/defaults/main.yml | 2 -
ansible/roles/qdrouterd/vars/main.yml | 2 +
ansible/roles/rabbitmq/defaults/main.yml | 16 +-
ansible/roles/rabbitmq/tasks/config.yml | 36 ++++
ansible/roles/rabbitmq/tasks/deploy.yml | 3 +
.../roles/rabbitmq/tasks/remove-ha-all-policy.yml | 29 +++
ansible/roles/rabbitmq/tasks/upgrade.yml | 3 +
.../roles/rabbitmq/templates/advanced.config.j2 | 7 +
.../roles/rabbitmq/templates/definitions.json.j2 | 4 +
.../roles/rabbitmq/templates/enabled_plugins.j2 | 1 +
ansible/roles/rabbitmq/templates/rabbitmq.conf.j2 | 5 +
ansible/roles/rabbitmq/templates/rabbitmq.json.j2 | 12 ++
ansible/roles/rabbitmq/vars/main.yml | 2 +
ansible/roles/rally/defaults/main.yml | 2 -
ansible/roles/rally/vars/main.yml | 2 +
ansible/roles/redis/defaults/main.yml | 2 -
ansible/roles/redis/vars/main.yml | 2 +
ansible/roles/sahara/defaults/main.yml | 2 -
ansible/roles/sahara/vars/main.yml | 2 +
ansible/roles/senlin/defaults/main.yml | 2 -
ansible/roles/senlin/vars/main.yml | 2 +
ansible/roles/skydive/defaults/main.yml | 2 -
ansible/roles/skydive/vars/main.yml | 2 +
ansible/roles/solum/defaults/main.yml | 2 -
ansible/roles/solum/vars/main.yml | 2 +
ansible/roles/storm/defaults/main.yml | 2 -
ansible/roles/storm/vars/main.yml | 2 +
ansible/roles/swift/defaults/main.yml | 2 -
ansible/roles/swift/vars/main.yml | 2 +
ansible/roles/tacker/defaults/main.yml | 2 -
ansible/roles/tacker/vars/main.yml | 2 +
ansible/roles/telegraf/defaults/main.yml | 2 -
ansible/roles/telegraf/vars/main.yml | 2 +
ansible/roles/tempest/defaults/main.yml | 2 -
ansible/roles/tempest/vars/main.yml | 2 +
ansible/roles/trove/defaults/main.yml | 2 -
ansible/roles/trove/vars/main.yml | 2 +
ansible/roles/vitrage/defaults/main.yml | 2 -
ansible/roles/vitrage/vars/main.yml | 2 +
ansible/roles/vmtp/defaults/main.yml | 2 -
ansible/roles/vmtp/vars/main.yml | 2 +
ansible/roles/watcher/defaults/main.yml | 2 -
ansible/roles/watcher/vars/main.yml | 2 +
ansible/roles/zookeeper/defaults/main.yml | 2 -
ansible/roles/zookeeper/vars/main.yml | 2 +
ansible/roles/zun/defaults/main.yml | 2 -
ansible/roles/zun/templates/zun.conf.j2 | 2 +-
ansible/roles/zun/vars/main.yml | 2 +
ansible/site.yml | 2 +
.../reference/shared-services/keystone-guide.rst | 4 +-
etc/kolla/globals.yml | 2 +-
etc/kolla/passwords.yml | 5 +
kolla_ansible/cmd/genpwd.py | 8 +-
kolla_ansible/filters.py | 14 +-
kolla_ansible/kolla_address.py | 8 +-
kolla_ansible/put_address_in_context.py | 21 +-
.../add-oidc-discover-url-83edb9f43f73a97f.yaml | 7 +
...n-max-allowed-secret-size-1941307ab5d2a9fd.yaml | 7 +
.../blackbox-tls-connect-517cd8ebdf87f16e.yaml | 5 +
.../notes/bug-1885106-2347d7458a8f9cb0.yaml | 13 ++
.../notes/bug-1938194-80dba28f9cdd434c.yaml | 6 +
.../notes/bug-1945453-2-287bfcaf060689d8.yaml | 16 ++
.../notes/bug-1947710-6d0975ae72f43ada.yaml | 7 +
.../notes/bug-1950111-8e477fb6a5b58822.yaml | 6 +
.../notes/bug-1952948-003aabe18144f569.yaml | 6 +
.../notes/bug-1954720-4fc48610a56f3e98.yaml | 6 +
.../notes/bug-1954723-2d49335022492891.yaml | 5 +
.../notes/bug-1956976-8a2623ca1fbfd546.yaml | 5 +
.../notes/bug-1957117-7832104d66a91da7.yaml | 11 ++
.../notes/bug-1959663-afda889b9aa4c63f.yaml | 6 +
.../notes/bug-1961795-16fb2ac27152fc03.yaml | 6 +
.../notes/bug-1963752-ee12e15c17c24bb0.yaml | 6 +
...cloudkitty-prometheus-url-ee14bc486e810631.yaml | 6 +
...control-masakari-monitors-1107c10c45678b0a.yaml | 8 +
.../notes/enable-ipxe-cf461344bdb99881.yaml | 12 ++
.../fix-aodh-wsgi-config-7679adda584e33bb.yaml | 6 +
...r-libvirt-profile-removal-01db6ca6dd66879f.yaml | 7 +
.../fix-haproxy-logrotate-e299a0000728fd8f.yaml | 12 ++
...x-hardcoded-oidc-response-fc0f115f0b56cddf.yaml | 7 +
.../fix-openstack-exporter-tls-bug-1975598.yml | 8 +
...q-interface-configuration-b39c954fb8763d9c.yaml | 6 +
...-for-ironic-neutron-agent-61ec4d0d237da075.yaml | 6 +
.../jinja2-pass-context-2afc328ade8c407b.yaml | 4 +
.../notes/libvirt-sasl-404199143610fb75.yaml | 27 +++
.../masakari-libvirt-sasl-f368c31c0b5567b6.yaml | 6 +
...n-placement-endpoint-type-90073ba5ecc9e663.yaml | 6 +
...porter-filesystem-metrics-d3ae7b0a892d2957.yaml | 6 +
.../nova-discover-hosts-0353e9274f22195c.yaml | 9 +
.../openstack-exporter-hammering-os-apis.yaml | 14 ++
...ue-mirroring-for-rabbitmq-d54b9e7e25e57a88.yaml | 10 +
.../notes/unpin-cinder-rpcs-8eb7e0858a91b9b8.yaml | 6 +
...update-node-custom-config-7b378b25ce22779f.yaml | 5 +
roles/multi-node-managed-addressing/tasks/main.yml | 1 +
test-requirements.txt | 2 +-
zuul.d/base.yaml | 12 +-
zuul.d/jobs.yaml | 8 +
zuul.d/nodesets.yaml | 38 ----
zuul.d/project.yaml | 1 +
273 files changed, 1460 insertions(+), 777 deletions(-)
Requirements updates
--------------------
diff --git a/test-requirements.txt b/test-requirements.txt
index 8b10965c0..2bff582dc 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -2 +2 @@
-ansible-lint>=4.2.0,!=4.3.0 # MIT
+ansible-lint>=4.2.0,!=4.3.0,<6.0.0 # MIT
More information about the Release-announce
mailing list