[release-announce] kolla-ansible 13.1.0 (xena)
no-reply at openstack.org
no-reply at openstack.org
Tue Jun 7 11:15:42 UTC 2022
We are psyched to announce the release of:
kolla-ansible 13.1.0: Ansible Deployment of Kolla containers
This release is part of the xena stable release series.
The source is available from:
https://opendev.org/openstack/kolla-ansible
Download the package from:
https://tarballs.openstack.org/kolla-ansible/
Please report issues through:
https://bugs.launchpad.net/kolla-ansible/+bugs
For more details, please see below.
13.1.0
^^^^^^
New Features
************
* Deploys and configures a prometheus-libvirt-exporter image as part
of the Prometheus monitoring stack.
* Adds a "tls_connect" module to the Prometheus blackbox exporter.
This can be used to test connectivity of TLS servers.
* New switches added to control deployment of the Masakari monitors.
The deployment of each type of monitors can be controlled
individually via "enable_masakari_instancemonitor" and
"enable_masakari_hostmonitor". By default, both are set to "true"
when the deployment of the Masakari is enabled via
"enable_masakari".
* Implements container healthchecks for ironic-neutron-agent
service. See blueprint
* Adds support for libvirt SASL authentication. It is enabled by
default. LP#1964013
* Adds support for Rocky Linux 8 as Host OS.
Known Issues
************
* Existing fluentd log rotation failed to delete old haproxy, swift,
glance-tls-proxy and neutron-tls-proxy logs. These will not be
deleted by the new logrotate config and will have to be removed
manually.
Upgrade Notes
*************
* RabbitMQ's Prometheus plugin is no longer enabled by default if
Prometheus is not deployed. If external Prometheus is used, you need
to turn on "rabbitmq_enable_prometheus_plugin" to get old behaviour.
* The addition of libvirt SASL authentication requires a new
password in "passwords.yml", "libvirt_sasl_password". This may be
generated using the existing "kolla-genpwd" and "kolla-mergepwd"
tooling.
* The addition of libvirt SASL authentication requires both the
"nova_libvirt" and "nova_compute" containers to be updated
simultaneously, using new images with the necessary Cyrus SASL
dependencies, as well as configuration containing the SASL
credentials.
* It is no longer possible to override the removal of the Monasca
Log Metrics service and it will be removed automatically if it
hasn't already been removed in the Wallaby release. It is up to the
operator to remove any associated docker volumes.
* update the default value of node_custom_config to {{ node_config
}}/config, when specified using --configdir
Security Issues
***************
* Explicitly removes the "net.ipv4.ip_forward" sysctl from
"/etc/sysctl.conf" on hosts with Neutron L3 Agent. In the absence of
another source for this sysctl, it should revert to the default of 0
after the next reboot. This is a follow up to a previous change
which stopped setting the sysctl, but leaves existing systems with
the original value of 1 set.
A deployer looking to more aggressively change the value may set
"neutron_l3_agent_host_ipv4_ip_forward" to 0 using a Yoga release of
Kolla Ansible. This option will be removed in future. Any
deployments still relying on the previous value may set
"neutron_l3_agent_host_ipv4_ip_forward" to 1. LP#1945453
* Fixes an issue where the default configuration of libvirt did not
use authentication for the API exposed over TCP on the internal API
network. This allowed anyone with access to the internal API network
read-write access to libvirt. While the internal API network is
typically trusted, other services on this network generally at least
require authentication.
SASL authentication is now enabled for libvirt by default. Kolla
Ansible supports libvirt TLS since the Train release, and this is
recommended to provide a higher level of security. LP#1964013
Bug Fixes
*********
* Fixes an issue with an OIDC authentication flow requiring
unnecessary action from the user. Redirecting to the target IdP page
now happens automatically. LP#930055
* Removes custom value of "max_allowed_secret_in_bytes" in
"barbican.conf". The default maximum size in Barbican was doubled to
avoid issues with some certificates. LP #1957795
* Fixes deploy Zun with Cinder Ceph support. Adds support for zun to
access cinder volumes when external ceph is configured for cinder.
LP#1848934
* Fixed the deployment failure of outward_rabbitmq by resolving port
conflicts by customizing RabbitMQ's "prometheus.tcp.port". LP
#1885106
* Use Volume V3 API in OpenStack exporter. Volume V2 API has been
removed since OpenStack Wallaby. LP#1938194
* Fixes the copy job for grafana custom home dashboard file. The
copy job for the grafana home dashboard file needs to run
priviliged, otherwise permission denied error occurs. LP#[1947710]
* Fixes Octavia's "Connection refused" errors by adding
"ovn_sb_connection" to "octavia.conf". LP#195011
* Ironic API and Ironic Inspector API use separate policy files.
Ironic role was updated to be able to handle both policies
separately. LP#1952948
* Continue to run all actions if one action failed in Elasticsearch
curator. LP#1954720
* Fixes Placement no logrotate configuration LP#1954723
* Fixes Nova resize failing when "migration_interface" is
customised. LP#1956976
* Fixes unable to connect to zun console when
"kolla_enable_tls_external" is true. Access to console of any zun
container fails when "kolla_enable_tls_external" is true. This fix
sets the protocol for wsproxy "base_url" in "zun.conf" according to
the value of "kolla_enable_tls_external" LP#1957117
* Fixes "Register Identity Providers in OpenStack" task which was
missing an *=* in the openstack command causing the task to fail to
register an IDP with Keystone. LP#1959022
* Fixes Glance with Cinder iSCSI backend failing due to lack of
lock_path setting. LP#1959663
* Fixes logrotate config missing for openvswitch and prometheus
services. LP#1961795
* Fixes an issue with Ironic's PXE components not getting updated on
upgrade. LP#1963752
* Fixes configuration of the Prometheus HTTP API URL when using the
Prometheus collector in CloudKitty. LP#1961615
* Fixes an issue with Prometheus scraping when targets' Ansible
inventory hostnames ("inventory_hostname") do not resolve to
reachable IP addresses. Reverts to the previous behaviour of using
IP addresses to communicate with targets. The side effect of this is
that targets instances will again be labelled using IP addresses
rather than hostnames. LP#1955563
* Fix the apache's wsgi configuration for the aodh service in
Debuntu binary flavours. LP#1953059
* Fixes the baremetal role to avoid an error "Unable to remove
"libvirtd". Now the symlink
/etc/apparmor.d/disable/usr.sbin.libvirtd is created by the role.
LP#1960302
* Existing fluentd log rotation failed to delete old haproxy, swift,
glance-tls-proxy and neutron-tls-proxy logs. Standardise rotation
and deletion of logs using logrotate.
* Fixes an issue with setting up OIDC based Keystone federation
against IDP that has a different response type than id_token. This
can now be set using a new variable
"keystone_federation_oidc_response_type". LP#1959781
* adds back the option to configure the rabbitmq clustering
interface via kolla *LP#1900160 <https://bugs.launchpad.net/kolla-
ansible/+bug/1900160>*
* Fixes an issue seen when using Jinja2 3.1.0.
* Fixes an issue with Masakari instance monitor when libvirt SASL is
enabled. libvirt SASL was enabled by default in a recent change to
Kolla Ansible. LP#1965754
* Fixes the configuration option setting the type of endpoint used
by Neutron to send requests to Placement. LP#1960503
* Fixes a configuration issue with Node Exporter causing all file
system metrics of a host to be identical. LP#1961438
* Fixes an issue where a failure of any Nova compute service to
register itself would cause only the host querying the nova API to
fail. Now, only hosts that fail to register will fail the Kolla
Ansible run. Alternatively, to fail all hosts in a cell when any
compute service fails to register, set
"nova_compute_registration_fatal" to "true". LP#1940119
* The prometheus openstack exporters are now behind haproxy,
providing a unique time series in the prometheus database. Also
ensures that only one exporter queries the openstack APIs at any
given time interval. With the previous behavior each openstack
exporter was scraped at the same time. This caused each exporter to
query the openstack APIs simultaneously introducing unneccesary load
and duplicate time series in the prometheus database due to the
instance label being unique for each exporter. LP#1972818
* Fixes an issue where RabbitMQ was configured to mirror classic
transient queues for all services. According to the RabbitMQ
documentation this is not a supported configuration, and contributed
to numerous bug reports. In order to avoid making unexpected changes
to the RabbitMQ cluster, it is necessary to set
"rabbitmq_remove_ha_all_policy" to "yes" in order to apply this fix.
This variable will be removed in the Yoga release. LP#1954925
* Fixes an issue with Cinder upgrade where Cinder services would
remain pinned to the previous release's RPC & object versions.
LP#1954932
Changes in kolla-ansible 13.0.1..13.1.0
---------------------------------------
d988c5991 Control Masakari monitors deploy
6a0b1bd42 Make redis connection string configurable
2e5e1b554 [CI] Nullify attempts
704da0b9c talk TLS to openstack exporter via haproxy
87a217fc9 genpwd: handle lack of password file nicer
8a0acd0a2 Use 'cloudkitty_influxdb_use_ssl' when creatign InfluxDB database
5a613d64c masakari: support libvirt SASL in instance monitor
fff725d18 [CI] Restore token critical error filter
7525f1e08 Grafana: Run priviliged when copying home dashboard file
5d0686731 Put openstack exporter behind HAproxy so only one is queried at a time
ce94b4dde [CI] Raise [keystone_authtoken]http_request_max_retries
91fd18b2b [CI] Always use quay.io via infra's mirror
14ce30530 nova: improve compute service registration failure handling
d1b7814c7 nova: use any_errors_fatal for once-per-cell tasks
6e982e076 [CI] Make kolla-build quiet
18d7859bd added missing become in ovs-dpdk role
6abe02571 re-add rabbitmq config for clustering interface
4c1c44d42 Use jinja2.pass_context instead of contextfilter
50100fb2b designate: fix external backend deployment
9cfb4ebf8 Ironic: rebootstrap ironic-pxe on upgrade
fb3aa1bf0 Fix prometheus fix
425ead579 Allow removal of classic queue mirroring for internal RabbitMQ
60c80ffac cinder: restart services after upgrade
fc13c40f5 Add Rocky Linux support as Host OS
dfdbddffa Fix failure in deployment with missing group
7259672ef Add support for deploying Prometheus libvirt exporter
d7092dca8 CI: pin ansible-lint to <6
daef31a42 libvirt: support SASL authentication
800f08e61 Fix prechecks for "Ironic iPXE" container
f5dcd8d5b Explicitly unset net.ipv4.ip_forward sysctl
4a1a70469 [CI] Use Tenks in Ironic job
6a1f4a782 [CI] Test Ironic when touching Neutron
71af20c15 [CI] Test Ironic on Debian
e1cab1604 Fix hard coded OIDC response type
7ef67c88c Remove grafana [session] configuration
98a462cd5 Add openvswitch and prometheus to logrotate
0c55b6521 CI: Bump Ceph to Pacific
e51c21ed2 Fix location of release note for ironic-neutron-agent healthcheck
c91e85cf2 cloudkitty: fix URL used for Prometheus collector
b4f68a991 Configure node-exporter to report correct file system metrics
b7470787f Fix fluentd v1 buffer syntax issue
d661dab49 Refactor fluentd syslog logging
859efbaf3 CI: Fix new ansible-lint failures
47ac706d2 neutron: fix placement endpoint type configuration
ae8900855 Fix Apparmor libvirt profile removal
79ed0470c [CI] Check fluentd errors
a763f586b Fix log rotation for fluentd created files
905dc7fae Glance: add lock_path setting
f70008b35 [CI] Replace parted with lsblk
920089c9f Deploy Zun with Cinder Ceph support
827656dbb Add OIDCDiscoverURL mod_oidc option
e1423e9b6 prometheus: add tls_connect blackbox module
6562c6d8e Fix usage of Subject Alternative Name for TLS
a9edcd3e8 update the default value of node_custom_config
464877f01 Fix bad openstack command while registering IDP
e15b35e81 Revert "Use friendly target names in Prometheus"
e891bfdf2 Use Docker healthchecks for ironic-neutron-agent services
0354b39b1 Make nova_ssh listen on api_interface as well
51fff9cf9 Continue to run all actions if one action failed in curator
107636766 Revert "[CI] [to-revert] Avoid upgrades on CentOS Stream 8"
c80d2068e Remove custom value of max_allowed_secret_in_bytes
dc8853a9a Fix permission denied errors with ping on c8s
1b6bd8d33 [CI] [to-revert] Avoid upgrades on CentOS Stream 8
72be14b3f Add logrotate to libvirt service
f36a00a97 Access to zun container fails when tls_external enabled.
58775d20a OpenID Connect certifiate file is optional
e2ba1bb39 Add logrotate configuration for placement service
1f5bf1f00 rabbitmq: enable/disable prometheus plugin follow up
cf8dbd6d0 Support enable/disable rabbitmq prometheus plugins
681bcc59e CI: check-logs - add another exception
75fd5c894 Use Volume V3 API in OpenStack exporter
a5e0e986b docs: adjust to current defaults
6c695564b Move project_name and kolla_role_name to role vars
a4376cd74 [CI] Drop unused nodeset
54718a90f horizon: move horizon_enable_tls_backend to group_vars
f00e54be7 Add ovn_sb_connection to octavia.conf
837a2fd4a Add ironic-inspector policy configuration
89353bd31 Remove Monasca Log Metrics service
3ee71d248 Fix aodh wsgi config file in Debuntu binary
Diffstat (except docs and test files)
-------------------------------------
.ansible-lint | 6 +
ansible/group_vars/all.yml | 20 +-
ansible/inventory/all-in-one | 3 +
ansible/inventory/multinode | 3 +
ansible/nova.yml | 4 +
ansible/roles/aodh/defaults/main.yml | 2 -
ansible/roles/aodh/templates/wsgi-aodh.conf.j2 | 4 -
ansible/roles/aodh/vars/main.yml | 2 +
ansible/roles/barbican/defaults/main.yml | 2 -
ansible/roles/barbican/templates/barbican.conf.j2 | 1 -
ansible/roles/barbican/vars/main.yml | 2 +
ansible/roles/baremetal/defaults/main.yml | 21 +-
.../roles/baremetal/tasks/bootstrap-servers.yml | 5 +
.../baremetal/tasks/configure-ceph-for-zun.yml | 55 ++++++
ansible/roles/baremetal/tasks/install.yml | 2 +-
ansible/roles/baremetal/tasks/post-install.yml | 6 +-
ansible/roles/baremetal/tasks/pre-install.yml | 9 +
ansible/roles/bifrost/defaults/main.yml | 2 -
ansible/roles/bifrost/vars/main.yml | 2 +
ansible/roles/blazar/defaults/main.yml | 2 -
ansible/roles/blazar/vars/main.yml | 2 +
ansible/roles/ceilometer/defaults/main.yml | 2 -
ansible/roles/ceilometer/vars/main.yml | 2 +
ansible/roles/ceph-rgw/defaults/main.yml | 2 -
ansible/roles/ceph-rgw/vars/main.yml | 2 +
.../roles/certificates/tasks/generate-backend.yml | 2 +
ansible/roles/certificates/tasks/generate.yml | 4 +
.../templates/openssl-kolla-internal.cnf.j2 | 4 +-
.../certificates/templates/openssl-kolla.cnf.j2 | 4 +-
ansible/roles/cinder/defaults/main.yml | 11 +-
ansible/roles/cinder/handlers/main.yml | 20 ++
ansible/roles/cinder/tasks/reload.yml | 10 +
ansible/roles/cinder/tasks/upgrade.yml | 2 +
ansible/roles/cinder/vars/main.yml | 2 +
ansible/roles/cloudkitty/defaults/main.yml | 6 +-
ansible/roles/cloudkitty/tasks/bootstrap.yml | 1 +
ansible/roles/cloudkitty/vars/main.yml | 2 +
ansible/roles/collectd/defaults/main.yml | 2 -
ansible/roles/collectd/vars/main.yml | 2 +
ansible/roles/common/defaults/main.yml | 26 ++-
ansible/roles/common/tasks/config.yml | 7 +-
.../conf/filter/00-record_transformer.conf.j2 | 27 +--
.../common/templates/conf/output/00-local.conf.j2 | 217 ++-------------------
.../common/templates/conf/output/01-es.conf.j2 | 6 +-
.../templates/conf/output/02-monasca.conf.j2 | 4 +-
.../templates/cron-logrotate-haproxy.conf.j2 | 2 +-
.../templates/cron-logrotate-nova-libvirt.conf.j2 | 3 +
.../templates/cron-logrotate-openvswitch.conf.j2 | 3 +
.../templates/cron-logrotate-placement.conf.j2 | 3 +
.../templates/cron-logrotate-prometheus.conf.j2 | 3 +
ansible/roles/common/templates/fluentd.json.j2 | 27 +--
ansible/roles/common/vars/main.yml | 2 +
ansible/roles/cyborg/defaults/main.yml | 2 -
ansible/roles/cyborg/vars/main.yml | 2 +
ansible/roles/designate/defaults/main.yml | 2 -
ansible/roles/designate/tasks/backend_external.yml | 2 +
ansible/roles/designate/vars/main.yml | 2 +
ansible/roles/elasticsearch/defaults/main.yml | 2 -
.../templates/elasticsearch-curator-actions.yml.j2 | 14 +-
ansible/roles/elasticsearch/vars/main.yml | 2 +
ansible/roles/etcd/defaults/main.yml | 2 -
ansible/roles/etcd/vars/main.yml | 2 +
ansible/roles/freezer/defaults/main.yml | 2 -
ansible/roles/freezer/vars/main.yml | 2 +
ansible/roles/glance/defaults/main.yml | 2 -
ansible/roles/glance/templates/glance-api.conf.j2 | 3 +
ansible/roles/glance/vars/main.yml | 2 +
ansible/roles/gnocchi/defaults/main.yml | 2 -
ansible/roles/gnocchi/vars/main.yml | 2 +
ansible/roles/grafana/defaults/main.yml | 2 -
ansible/roles/grafana/tasks/config.yml | 1 +
ansible/roles/grafana/templates/grafana.ini.j2 | 8 -
ansible/roles/grafana/vars/main.yml | 2 +
ansible/roles/hacluster/defaults/main.yml | 2 -
ansible/roles/hacluster/vars/main.yml | 2 +
ansible/roles/haproxy-config/defaults/main.yml | 2 -
ansible/roles/haproxy-config/vars/main.yml | 2 +
ansible/roles/heat/defaults/main.yml | 2 -
ansible/roles/heat/vars/main.yml | 2 +
ansible/roles/horizon/defaults/main.yml | 7 -
ansible/roles/horizon/vars/main.yml | 2 +
ansible/roles/influxdb/defaults/main.yml | 2 -
ansible/roles/influxdb/vars/main.yml | 2 +
ansible/roles/ironic/defaults/main.yml | 2 -
ansible/roles/ironic/tasks/bootstrap.yml | 19 --
ansible/roles/ironic/tasks/bootstrap_service.yml | 19 ++
ansible/roles/ironic/tasks/config.yml | 42 +++-
ansible/roles/ironic/tasks/precheck.yml | 1 -
.../ironic/templates/ironic-inspector.json.j2 | 8 +-
ansible/roles/ironic/vars/main.yml | 2 +
ansible/roles/iscsi/defaults/main.yml | 2 -
ansible/roles/iscsi/vars/main.yml | 2 +
ansible/roles/kafka/defaults/main.yml | 2 -
ansible/roles/kafka/vars/main.yml | 2 +
ansible/roles/keystone/defaults/main.yml | 3 +-
.../keystone/tasks/config-federation-oidc.yml | 1 +
.../keystone/tasks/register_identity_providers.yml | 2 +-
.../roles/keystone/templates/wsgi-keystone.conf.j2 | 3 +-
ansible/roles/keystone/vars/main.yml | 2 +
ansible/roles/kibana/defaults/main.yml | 2 -
ansible/roles/kibana/vars/main.yml | 2 +
ansible/roles/kuryr/defaults/main.yml | 1 -
ansible/roles/kuryr/vars/main.yml | 2 +
ansible/roles/loadbalancer/defaults/main.yml | 2 -
ansible/roles/loadbalancer/vars/main.yml | 2 +
ansible/roles/magnum/defaults/main.yml | 2 -
ansible/roles/magnum/vars/main.yml | 2 +
ansible/roles/manila/defaults/main.yml | 2 -
ansible/roles/manila/vars/main.yml | 2 +
ansible/roles/mariadb/defaults/main.yml | 2 -
ansible/roles/mariadb/vars/main.yml | 2 +
ansible/roles/masakari/defaults/main.yml | 17 +-
ansible/roles/masakari/tasks/config.yml | 18 ++
ansible/roles/masakari/templates/auth.conf.j2 | 6 +
.../templates/masakari-instancemonitor.json.j2 | 8 +-
ansible/roles/masakari/vars/main.yml | 2 +
ansible/roles/memcached/defaults/main.yml | 2 -
ansible/roles/memcached/vars/main.yml | 2 +
ansible/roles/mistral/defaults/main.yml | 2 -
ansible/roles/mistral/vars/main.yml | 2 +
ansible/roles/monasca/defaults/main.yml | 10 +-
ansible/roles/monasca/handlers/main.yml | 15 --
ansible/roles/monasca/tasks/config.yml | 18 --
.../monasca-log-metrics/log-metrics.conf.j2 | 75 -------
.../monasca-log-metrics.json.j2 | 18 --
ansible/roles/monasca/vars/main.yml | 2 +
ansible/roles/multipathd/defaults/main.yml | 2 -
ansible/roles/multipathd/vars/main.yml | 2 +
ansible/roles/murano/defaults/main.yml | 2 -
ansible/roles/murano/vars/main.yml | 2 +
ansible/roles/neutron/defaults/main.yml | 17 +-
ansible/roles/neutron/tasks/config-host.yml | 2 +
ansible/roles/neutron/templates/neutron.conf.j2 | 2 +-
ansible/roles/neutron/vars/main.yml | 2 +
ansible/roles/nova-cell/defaults/main.yml | 20 +-
ansible/roles/nova-cell/handlers/main.yml | 15 ++
ansible/roles/nova-cell/tasks/config.yml | 20 ++
ansible/roles/nova-cell/tasks/deploy.yml | 3 +-
.../roles/nova-cell/tasks/discover_computes.yml | 88 ++-------
ansible/roles/nova-cell/tasks/precheck.yml | 17 +-
.../nova-cell/tasks/wait_discover_computes.yml | 88 +++++++++
ansible/roles/nova-cell/templates/auth.conf.j2 | 6 +
ansible/roles/nova-cell/templates/libvirtd.conf.j2 | 3 +-
.../roles/nova-cell/templates/nova-compute.json.j2 | 8 +-
.../roles/nova-cell/templates/nova-libvirt.json.j2 | 12 ++
ansible/roles/nova-cell/templates/sasl.conf.j2 | 2 +
ansible/roles/nova-cell/templates/sshd_config.j2 | 3 +
ansible/roles/nova-cell/vars/main.yml | 6 +
ansible/roles/nova/defaults/main.yml | 2 -
ansible/roles/nova/vars/main.yml | 2 +
ansible/roles/octavia/defaults/main.yml | 2 -
ansible/roles/octavia/templates/octavia.conf.j2 | 1 +
ansible/roles/octavia/vars/main.yml | 2 +
ansible/roles/openvswitch/defaults/main.yml | 2 -
ansible/roles/openvswitch/vars/main.yml | 2 +
ansible/roles/ovn/defaults/main.yml | 2 -
ansible/roles/ovn/vars/main.yml | 2 +
ansible/roles/ovs-dpdk/defaults/main.yml | 1 -
ansible/roles/ovs-dpdk/tasks/config.yml | 2 +
ansible/roles/ovs-dpdk/vars/main.yml | 2 +
ansible/roles/placement/defaults/main.yml | 2 -
ansible/roles/placement/vars/main.yml | 2 +
ansible/roles/prechecks/vars/main.yml | 2 +
ansible/roles/prometheus/defaults/main.yml | 29 ++-
ansible/roles/prometheus/handlers/main.yml | 15 ++
.../roles/prometheus/tasks/check-containers.yml | 2 +-
ansible/roles/prometheus/tasks/config.yml | 4 +-
ansible/roles/prometheus/tasks/precheck.yml | 15 ++
ansible/roles/prometheus/templates/clouds.yml.j2 | 1 +
.../templates/prometheus-blackbox-exporter.yml.j2 | 4 +
.../templates/prometheus-libvirt-exporter.json.j2 | 4 +
.../templates/prometheus-node-exporter.json.j2 | 2 +-
.../roles/prometheus/templates/prometheus.yml.j2 | 88 +++------
ansible/roles/prometheus/vars/main.yml | 2 +
ansible/roles/qdrouterd/defaults/main.yml | 2 -
ansible/roles/qdrouterd/vars/main.yml | 2 +
ansible/roles/rabbitmq/defaults/main.yml | 16 +-
ansible/roles/rabbitmq/tasks/config.yml | 36 ++++
ansible/roles/rabbitmq/tasks/deploy.yml | 3 +
.../roles/rabbitmq/tasks/remove-ha-all-policy.yml | 29 +++
ansible/roles/rabbitmq/tasks/upgrade.yml | 3 +
.../roles/rabbitmq/templates/advanced.config.j2 | 7 +
.../roles/rabbitmq/templates/definitions.json.j2 | 4 +
.../roles/rabbitmq/templates/enabled_plugins.j2 | 1 +
ansible/roles/rabbitmq/templates/rabbitmq.conf.j2 | 5 +
ansible/roles/rabbitmq/templates/rabbitmq.json.j2 | 12 ++
ansible/roles/rabbitmq/vars/main.yml | 2 +
ansible/roles/redis/defaults/main.yml | 2 -
ansible/roles/redis/vars/main.yml | 2 +
ansible/roles/sahara/defaults/main.yml | 2 -
ansible/roles/sahara/vars/main.yml | 2 +
ansible/roles/senlin/defaults/main.yml | 2 -
ansible/roles/senlin/vars/main.yml | 2 +
ansible/roles/skydive/defaults/main.yml | 2 -
ansible/roles/skydive/vars/main.yml | 2 +
ansible/roles/solum/defaults/main.yml | 2 -
ansible/roles/solum/vars/main.yml | 2 +
ansible/roles/storm/defaults/main.yml | 2 -
ansible/roles/storm/vars/main.yml | 2 +
ansible/roles/swift/defaults/main.yml | 2 -
ansible/roles/swift/vars/main.yml | 2 +
ansible/roles/tacker/defaults/main.yml | 2 -
ansible/roles/tacker/vars/main.yml | 2 +
ansible/roles/telegraf/defaults/main.yml | 2 -
ansible/roles/telegraf/vars/main.yml | 2 +
ansible/roles/trove/defaults/main.yml | 2 -
ansible/roles/trove/vars/main.yml | 2 +
ansible/roles/vitrage/defaults/main.yml | 2 -
ansible/roles/vitrage/vars/main.yml | 2 +
ansible/roles/vmtp/defaults/main.yml | 2 -
ansible/roles/vmtp/vars/main.yml | 2 +
ansible/roles/watcher/defaults/main.yml | 2 -
ansible/roles/watcher/vars/main.yml | 2 +
ansible/roles/zookeeper/defaults/main.yml | 2 -
ansible/roles/zookeeper/vars/main.yml | 2 +
ansible/roles/zun/defaults/main.yml | 3 +-
ansible/roles/zun/tasks/config.yml | 5 +
ansible/roles/zun/tasks/external_ceph.yml | 27 +++
ansible/roles/zun/templates/zun-compute.json.j2 | 20 +-
ansible/roles/zun/templates/zun.conf.j2 | 2 +-
ansible/roles/zun/vars/main.yml | 2 +
ansible/site.yml | 3 +
.../reference/shared-services/keystone-guide.rst | 4 +-
.../reference/storage/external-ceph-guide.rst | 27 +++
etc/kolla/globals.yml | 3 +-
etc/kolla/passwords.yml | 5 +
kolla_ansible/cmd/genpwd.py | 8 +-
kolla_ansible/filters.py | 8 +-
kolla_ansible/kolla_address.py | 4 +-
kolla_ansible/put_address_in_context.py | 21 +-
.../add-oidc-discover-url-83edb9f43f73a97f.yaml | 7 +
...ometheus-libvirt-exporter-b05a3a9c08db517c.yaml | 5 +
...n-max-allowed-secret-size-1941307ab5d2a9fd.yaml | 7 +
.../blackbox-tls-connect-517cd8ebdf87f16e.yaml | 5 +
.../notes/bug-1848934-878a08b490856a53.yaml | 7 +
.../notes/bug-1885106-2347d7458a8f9cb0.yaml | 13 ++
.../notes/bug-1938194-80dba28f9cdd434c.yaml | 6 +
.../notes/bug-1945453-2-287bfcaf060689d8.yaml | 16 ++
.../notes/bug-1947710-6d0975ae72f43ada.yaml | 7 +
.../notes/bug-1950111-8e477fb6a5b58822.yaml | 6 +
.../notes/bug-1952948-003aabe18144f569.yaml | 6 +
.../notes/bug-1954720-4fc48610a56f3e98.yaml | 6 +
.../notes/bug-1954723-2d49335022492891.yaml | 5 +
.../notes/bug-1956976-8a2623ca1fbfd546.yaml | 5 +
.../notes/bug-1957117-7832104d66a91da7.yaml | 11 ++
.../notes/bug-1959022-e3bb9448414b4ebe.yaml | 7 +
.../notes/bug-1959663-afda889b9aa4c63f.yaml | 6 +
.../notes/bug-1961795-16fb2ac27152fc03.yaml | 6 +
.../notes/bug-1963752-ee12e15c17c24bb0.yaml | 6 +
...cloudkitty-prometheus-url-ee14bc486e810631.yaml | 6 +
...control-masakari-monitors-1107c10c45678b0a.yaml | 8 +
.../notes/fix-1955563-42a14bb080e15df2.yaml | 9 +
.../fix-aodh-wsgi-config-7679adda584e33bb.yaml | 6 +
...r-libvirt-profile-removal-01db6ca6dd66879f.yaml | 7 +
.../fix-haproxy-logrotate-e299a0000728fd8f.yaml | 12 ++
...x-hardcoded-oidc-response-fc0f115f0b56cddf.yaml | 7 +
.../fix-openstack-exporter-tls-bug-1975598.yml | 8 +
...q-interface-configuration-b39c954fb8763d9c.yaml | 6 +
...-for-ironic-neutron-agent-61ec4d0d237da075.yaml | 6 +
.../jinja2-pass-context-2afc328ade8c407b.yaml | 4 +
.../notes/libvirt-sasl-404199143610fb75.yaml | 27 +++
.../masakari-libvirt-sasl-f368c31c0b5567b6.yaml | 6 +
...n-placement-endpoint-type-90073ba5ecc9e663.yaml | 6 +
...porter-filesystem-metrics-d3ae7b0a892d2957.yaml | 6 +
.../nova-discover-hosts-0353e9274f22195c.yaml | 9 +
.../openstack-exporter-hammering-os-apis.yaml | 14 ++
...emove-monasca-log-metrics-02a81671f864d1a9.yaml | 7 +
...ue-mirroring-for-rabbitmq-d54b9e7e25e57a88.yaml | 10 +
.../notes/support-rockylinux-ad6d48db054ead2b.yaml | 4 +
.../notes/unpin-cinder-rpcs-8eb7e0858a91b9b8.yaml | 6 +
...update-node-custom-config-7b378b25ce22779f.yaml | 5 +
requirements.txt | 2 +-
roles/cephadm/defaults/main.yml | 7 +-
roles/cephadm/tasks/main.yml | 9 +
roles/cephadm/templates/cephadm.yml.j2 | 6 +-
roles/multi-node-managed-addressing/tasks/main.yml | 1 +
test-requirements.txt | 2 +-
zuul.d/base.yaml | 12 +-
zuul.d/jobs.yaml | 20 ++
zuul.d/nodesets.yaml | 44 +----
zuul.d/project.yaml | 2 +
297 files changed, 1750 insertions(+), 967 deletions(-)
Requirements updates
--------------------
diff --git a/requirements.txt b/requirements.txt
index e85f7744c..59147c1bd 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -14 +14 @@ oslo.utils>=3.33.0 # Apache-2.0
-Jinja2>=2.10 # BSD License (3 clause)
+Jinja2>=3 # BSD License (3 clause)
diff --git a/test-requirements.txt b/test-requirements.txt
index ef84c6b8a..55a39db11 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -2 +2 @@
-ansible-lint>=4.2.0,!=4.3.0 # MIT
+ansible-lint>=4.2.0,!=4.3.0,<6.0.0 # MIT
More information about the Release-announce
mailing list