[release-announce] kolla-ansible 13.9.0 (xena)
no-reply at openstack.org
no-reply at openstack.org
Wed Apr 19 08:08:33 UTC 2023
We are glad to announce the release of:
kolla-ansible 13.9.0: Ansible Deployment of Kolla containers
This release is part of the xena stable release series.
The source is available from:
https://opendev.org/openstack/kolla-ansible
Download the package from:
https://tarballs.openstack.org/kolla-ansible/
Please report issues through:
https://bugs.launchpad.net/kolla-ansible/+bugs
For more details, please see below.
13.9.0
^^^^^^
New Features
************
* Since CVE-2022-29404 is fixed the default value for the
LimitRequestBody directive in the Apache HTTP Server has been
changed from 0 (unlimited) to 1073741824 (1 GiB). This limits the
size of images (for example) uploaded in Horizon. Now this limit can
be configured via "horizon_httpd_limitrequestbody". LP#2012588
* etcd is now exposed internally via HAProxy on "etcd_client_port".
* The config option *rabbitmq_ha_replica_count* is added, to allow
for changing the replication factor of mirrored queues in RabbitMQ.
While the flag is unset, the queues are mirrored across all nodes
using "ha-mode":"all". Note that this only has an effect if the flag
` om_enable_rabbitmq_high_availability` is set to *True*, as
otherwise queues are not mirrored.
* The config option *rabbitmq_ha_promote_on_shutdown* has been
added, which allows changing the RabbitMQ definition *ha-promote-on-
shutdown*. By default *ha-promote-on-shutdown* is "when-synced". We
recommend changing this to be "always". This basically means we
don't mind losing some messages, instead we give priority to
rabbitmq availability. This is most relevant when restarting
rabbitmq, such as when upgrading. Note that setting the value of
this flag, even to the default value of "when-synced", will cause
RabbitMQ to be restarted on the next deploy. For more details please
see: https://www.rabbitmq.com/ha.html#cluster-shutdown
* Services using etcd3gw via tooz now use etcd via haproxy. This
removes a single point of failure, where we hardcoded the first etcd
host for backend_url.
Upgrade Notes
*************
* "ironic.conf" now sets "[pxe]\kernel_append_params" instead of
"[pxe]\pxe_append_params" which has been deprecated. Please override
the new config option if you are overriding the old one.
* Default tags of "neutron_tls_proxy" and "glance_tls_proxy" have
been changed to "haproxy_tag", as both services are using "haproxy"
container image. Any custom tag overrides for those services should
be altered before upgrade.
Bug Fixes
*********
* Set the etcd internal hostname and cacert for tls internal enabled
deployments. This allows services to work with etcd when
coordination is enabled for TLS interal deployments. Without this
fix, the coordination backend fails to connect to etcd and the
service itself crashes.
* fix missing [taskflow] section in masakari.conf.j2 LP#1966536
* When upgrading RabbitMQ, the policy *ha-all* was cleared only if
*rabbitmq_remove_ha_all_policy* is set to *true*. Now,
*om_enable_rabbitmq_high_availability* must also be set to *false*.
Changes in kolla-ansible 13.8.0..13.9.0
---------------------------------------
4a4240a72 Pin zun jobs to Docker 20
fd73e0ecd Add LimitRequestBody configuration for Horizon
2af2b16db Add flag to change RabbitMQ ha-mode definition
a060f45ba RabbitMQ: Support setting ha-promote-on-shutdown
fd7da3fd0 Ironic: Avoid setting deprecated pxe_append_params
af07bbd12 ironic: fix dev mode for inspector
9543628c2 Use haproxy-config instead of loadbalancer-config
e12964cb2 Set the etcd internal hostname and cacert for tls internal enabled deployments
e6d1c2e1a Remove RabbitMQ ha-all policy when not required
cdfa1dbe3 hacluster: Use nodename to align with nova service names
5c7d8aefe Fix docker version precheck (bad backport)
9eb1835f9 Add [taskflow] section for masakari.conf.j2
fdd888d2b Default neutron_tls_proxy and glance_tls_proxy to haproxy_tag
ceb4e991c Use loadbalancer to connect to etcd
834537d15 Put etcd behind HTTP loadbalancer
94deff997 docs: fix information about libvirt SASL auth
Diffstat (except docs and test files)
-------------------------------------
ansible/roles/baremetal/defaults/main.yml | 4 +++-
ansible/roles/baremetal/tasks/install.yml | 19 +++++++++++++++++++
ansible/roles/cinder/templates/cinder.conf.j2 | 3 +--
ansible/roles/etcd/defaults/main.yml | 8 +++++++-
ansible/roles/etcd/tasks/loadbalancer.yml | 7 +++++++
ansible/roles/glance/defaults/main.yml | 3 ++-
ansible/roles/hacluster/tasks/bootstrap_service.yml | 8 ++++----
.../hacluster/templates/hacluster_corosync.conf.j2 | 2 +-
ansible/roles/horizon/templates/horizon.conf.j2 | 3 +++
ansible/roles/ironic/defaults/main.yml | 4 +++-
ansible/roles/ironic/tasks/clone.yml | 3 ++-
ansible/roles/ironic/templates/ironic.conf.j2 | 2 +-
ansible/roles/masakari/templates/masakari.conf.j2 | 3 +++
ansible/roles/neutron/defaults/main.yml | 3 ++-
ansible/roles/prechecks/tasks/package_checks.yml | 1 +
ansible/roles/rabbitmq/defaults/main.yml | 9 +++++++++
ansible/roles/rabbitmq/tasks/upgrade.yml | 4 +++-
ansible/roles/rabbitmq/templates/definitions.json.j2 | 4 ++--
ansible/site.yml | 5 +++++
...add-horizon-limitrequestbody-4f79433fa2cf1f6d.yaml | 9 +++++++++
.../notes/etcd-tcp-loadbalancer-08d9332ee3be9a8b.yaml | 4 ++++
...fix-etcd-coordination-config-b1c9f900ef13be13.yaml | 8 ++++++++
...onf-missing-taskflow-section-31b6654e29bec35d.yaml | 5 +++++
.../notes/kernel_append_params-a162aaab2d0b8649.yaml | 7 +++++++
...to-change-replication-factor-321c2f9e08e7d179.yaml | 9 +++++++++
...bitmq-ha-promote-on-shutdown-9099c6643f2d0cce.yaml | 13 +++++++++++++
...removal-extra-variable-check-d59177a8c876d34e.yaml | 6 ++++++
.../tls-proxies-use-haproxy-tag-aa030b5e5df6fbf0.yaml | 8 ++++++++
...ncer-for-etcdgw-coordination-6704a8b1389bbabe.yaml | 6 ++++++
tools/validate-all-file.py | 1 +
zuul.d/base.yaml | 1 +
34 files changed, 171 insertions(+), 19 deletions(-)
More information about the Release-announce
mailing list