Merge "Freeze for milestone release"

This commit is contained in:
Zuul 2019-03-16 18:55:49 +00:00 committed by Gerrit Code Review
commit 2fe8c9f703
69 changed files with 678 additions and 67 deletions

View File

@ -1,236 +1,236 @@
- name: ansible-hardening
scm: git
src: https://git.openstack.org/openstack/ansible-hardening
version: master
version: ef1b4170328391d55c3ca94e8183fdd56a229c34
- name: apt_package_pinning
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-apt_package_pinning
version: master
version: 83347049b8185bbb9eec4b47a75a86e2f7d7d17b
- name: config_template
scm: git
src: https://git.openstack.org/openstack/ansible-config_template
version: master
version: 0e67ef2e0854b0081d5c68ebc000c1bb0a009700
- name: pip_install
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-pip_install
version: master
version: 3e9ce35e3796522e900cb2396bcfdf4e8bb94d71
- name: galera_client
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-galera_client
version: master
version: d53d623eedd33d9015dacd126e93a092d7548637
- name: galera_server
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-galera_server
version: master
version: 632b0a8d827206857b04d86468124721ba991424
- name: ceph_client
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-ceph_client
version: master
version: 2febce8369ae4c51c00636dec00e4ba0558c9bcc
- name: haproxy_server
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-haproxy_server
version: master
version: ca23ec42ed4415d469b51851a96d03a90327f515
- name: keepalived
scm: git
src: https://github.com/evrardjp/ansible-keepalived
version: master
version: 0ddbb93708b8b8c46c765f5aedf33ad38e1cf23d
- name: lxc_container_create
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-lxc_container_create
version: master
version: dac2b714c1cfb4ab9f95067150c1b236d1e1ddd1
- name: lxc_hosts
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-lxc_hosts
version: master
version: ea3ecc817ff01f065dbef78e4c2dd2dcd860ac76
- name: memcached_server
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-memcached_server
version: master
version: 67c61a1dddedee6de1c62eb93e6a2d95ad924d7b
- name: openstack_hosts
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-openstack_hosts
version: master
version: f140a2e565dd85e9439f710de7ede89bc3e8afdd
- name: os_keystone
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-os_keystone
version: master
version: f119f18963bd835be3fb7cee230ae39fd7dd38c1
- name: openstack_openrc
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-openstack_openrc
version: master
version: e7f34fb579acacfc37e6822a0abae4ea38f45b64
- name: os_aodh
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-os_aodh
version: master
version: 2cef94163776e89c9556647cf5c834935aba9613
- name: os_barbican
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-os_barbican
version: master
version: 6d2ef2d12ab6417b5f765884c579236eaa631149
- name: os_blazar
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-os_blazar
version: master
version: cb561cc870af3759cff3f8ecd2c3e1b129eff807
- name: os_ceilometer
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-os_ceilometer
version: master
version: dfff9a818bce73a4c234834b478b40d9b8224716
- name: os_cinder
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-os_cinder
version: master
version: 75019ed6c581c323507220d2425e9061b0905799
- name: os_congress
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-os_congress
version: master
version: aacd9fd317c42f3d143486be7c69b9dc43128acc
- name: os_designate
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-os_designate
version: master
version: c7cfc00ad63aa67d2489665e0e91901c14172810
- name: os_glance
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-os_glance
version: master
version: 9539f40f7c926f582ca49c9e725f721543bbed23
- name: os_gnocchi
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-os_gnocchi
version: master
version: 3038cbd0677bbe365128ee7c78756ed66f15c6b5
- name: os_heat
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-os_heat
version: master
version: f96c2208e0ee0a2c180e15cdd01aaf3af7df9fa9
- name: os_horizon
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-os_horizon
version: master
version: 490ab8f7febb717fd27602bfd43748890f78acef
- name: os_ironic
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-os_ironic
version: master
version: 837fe2ec88d7d7d742369996575afad15af5feb7
- name: os_magnum
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-os_magnum
version: master
version: b020a631b9bd43e0c2341a3e223603295c0eeea0
- name: os_mistral
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-os_mistral
version: master
version: c6dd57141e06b442f07339f9d0617a2ffdb5a275
- name: os_neutron
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-os_neutron
version: master
version: b1f4269ecc1f128e086bccf6d40b4adbdac0ab74
- name: os_nova
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-os_nova
version: master
version: 30952d23ec4a136db2fc741534172795c0086fac
- name: os_octavia
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-os_octavia
version: master
version: eee659d342644de4fc87d15522d2e27f6d3a589e
- name: os_rally
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-os_rally
version: master
version: e32171e7547f0501064f41faea35b64f82eaf103
- name: os_sahara
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-os_sahara
version: master
version: d0a23313ea7964c115fdf39a7300b021bfcf15b4
- name: os_swift
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-os_swift
version: master
version: 430932f274b51e58884065bbefc2c572eb77c94d
- name: os_tacker
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-os_tacker
version: master
version: 886ee2a45724cd7d6b722722c2299f070f5f7623
- name: os_tempest
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-os_tempest
version: master
version: f633e4972526a22945bfa50afdf38d04cfe088b7
- name: os_trove
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-os_trove
version: master
version: a2245da5efa8334adaadfda6e3be319014b9de38
- name: plugins
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-plugins
version: master
version: 44a8205f5e6773d166b10e71a73aa8d2cbb6296e
- name: qdrouterd
scm: git
src: https://git.openstack.org/openstack/ansible-role-qdrouterd
version: master
version: 549054335231bbe04590b5ab5ff4bf6b37a8f204
- name: rabbitmq_server
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-rabbitmq_server
version: master
version: 3c40f53f5ee37ce9212272bcde36c832ea1f1031
- name: repo_build
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-repo_build
version: master
version: 6638604edf05e27986bb9641dc4e04f5addcda06
- name: repo_server
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-repo_server
version: master
version: 3523911b7f17a3e48fdfca2b7d13e6da6945e37d
- name: rsyslog_client
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-rsyslog_client
version: master
version: f11d252212873c6eb16cd2a4276a4cee2dff63fc
- name: rsyslog_server
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-rsyslog_server
version: master
version: 05c8cf0210b5e9c01ecc83991096c64847e4fcdd
- name: sshd
scm: git
src: https://github.com/willshersystems/ansible-sshd
version: master
version: a84bc84c22bdf97dd19be4559ead8098902305bb
- name: bird
scm: git
src: https://github.com/logan2211/ansible-bird
version: master
version: 849d60e9f32c41fa13678f63ef815bec59a6822a
- name: etcd
scm: git
src: https://github.com/logan2211/ansible-etcd
version: master
version: fa1c447b6a979a614fc024725b5ecad215261c4a
- name: unbound
scm: git
src: https://github.com/logan2211/ansible-unbound
version: master
version: 40e4f0a65d88050f55bf158ceeb2324164d427d0
- name: resolvconf
scm: git
src: https://github.com/logan2211/ansible-resolvconf
version: master
version: a2ff5ba59b47f96ddddcb7a3a67de93687c317a6
- name: ceph-ansible
scm: git
src: https://github.com/ceph/ceph-ansible
version: stable-3.2
version: 224bab0d7005142d262dc23f7d42cb38b3c1669b
- name: opendaylight
scm: git
src: https://github.com/opendaylight/integration-packaging-ansible-opendaylight
version: master
version: 0aebbc250b34ac5ac14b37bdf9b1a2e1cfaa5a76
- name: haproxy_endpoints
scm: git
src: https://github.com/logan2211/ansible-haproxy-endpoints
version: master
version: 8e3a24a35beb16d717072dc83895c5a1f92689fb
- name: nspawn_container_create
src: https://git.openstack.org/openstack/openstack-ansible-nspawn_container_create
scm: git
version: master
version: 5a7cb98319aeea34d43d915784a675f8881d7d2a
- name: nspawn_hosts
src: https://git.openstack.org/openstack/openstack-ansible-nspawn_hosts
scm: git
version: master
version: 241c9fd5038be3d87a2aa025f57f59306ad5c316
- name: systemd_service
src: https://git.openstack.org/openstack/ansible-role-systemd_service
scm: git
version: master
version: 07f4d977d7a4875be161e3c1b54ad7ef043833c7
- name: systemd_mount
src: https://git.openstack.org/openstack/ansible-role-systemd_mount
scm: git
version: master
version: b916ed60173ec571e27d120b27a20b84680725ef
- name: systemd_networkd
src: https://git.openstack.org/openstack/ansible-role-systemd_networkd
scm: git
version: master
version: dff2decc65d0f34b6fa73c508371914576986151
- name: python_venv_build
src: https://git.openstack.org/openstack/ansible-role-python_venv_build
scm: git
version: master
version: 0e44d4230a4259e88e1d37e8fb2dd12ad6dcc5df

View File

@ -0,0 +1,5 @@
---
features:
- It is possible to configure Glance to allow cross origin requests by
specifying the allowed origin address using the ``glance_cors_allowed_origin``
variable. By default, this will be the load balancer address.

View File

@ -0,0 +1,7 @@
---
features:
- This role now optionally enables your compute nodes' KVM kernel
module nested virtualization capabilities, by setting nova_nested_virt_enabled
to true. Depending on your distribution and libvirt version, you might need to
set additional variables to fully enabled nested virtualization.
For details, please see https://docs.openstack.org/nova/latest/admin/configuration/hypervisor-kvm.html#nested-guest-support.

View File

@ -0,0 +1,5 @@
---
features:
- It is now possible to use NFS mountpoints with the role by using the
nova_nfs_client variable, which is useful for using NFS for instance
data and saves.

View File

@ -1,7 +1,7 @@
---
fixes:
- |
Newer releases of CentOS ship a version of libnss that depends on the existance
Newer releases of CentOS ship a version of libnss that depends on the existence
of /dev/random and /dev/urandom in the operating system in order to run. This
causes a problem during the cache preparation process which runs inside chroot
that does not contain this, resulting in errors with the following message.

View File

@ -0,0 +1,11 @@
---
features:
- |
The ``os_tempest`` role now has the ability to install from distribution packages by setting
``tempest_install_method`` to ``distro``.
- |
The new variable ``tempest_workspace`` has been introduced to set the location of the tempest
workspace.
- |
The default location of the default tempest configuration is now ``/etc/tempest/tempest.conf``
rather than the previous default of ``$HOME/.tempest/etc``.

View File

@ -0,0 +1,12 @@
---
upgrade:
- |
In Stein, Cinder stopped supporting configuring backup drivers without
the full class path. This means that you must now use the following
values for ``cinder_service_backup_driver``.
* ``cinder.backup.drivers.swift.SwiftBackupDriver``
* ``cinder.backup.drivers.ceph.CephBackupDriver``
If you do not make this change, the Cinder backup service will refuse
to start properly.

View File

@ -0,0 +1,12 @@
---
upgrade: >
Data structure for ``tempest_test_blacklist`` has been updated to
add launchpad and/or bugzilla linked with the test being skipped.
features:
- |
Add the launchpad and bugzilla keys in tempest_test_blacklist ansible
variable.
Developers must have a way to trackdown why a test was inserted in the
skiplist, and one of the ways is through bugs. This feature add the
information regarding it in the list of skipped tests on os_tempest

View File

@ -0,0 +1,9 @@
---
features:
- |
The blazar dashboard is available in Horizon. Deployers can enable
the panel by setting the following Ansible variable:
.. code-block:: yaml
horizon_enable_blazar_ui: True

View File

@ -0,0 +1,6 @@
---
upgrade:
- Changed the default NTP server options in ``chrony.conf``. The ``offline``
option has been removed, ``minpoll``/``maxpoll`` have been removed in favour of
the upstream defaults, while the ``iburst`` option was added to speed up
initial time synchronization.

View File

@ -0,0 +1,4 @@
---
features:
- It is now possible to modify the NTP server options in chrony using
``security_ntp_server_options``.

View File

@ -0,0 +1,4 @@
---
features:
- Chrony got a new configuration option to synchronize the system clock back
to the RTC using the ``security_ntp_sync_rtc`` variable. Disabled by default.

View File

@ -0,0 +1,9 @@
---
features:
- |
The cloudkitty dashboard is available in Horizon. Deployers can enable
the panel by setting the following Ansible variable:
.. code-block:: yaml
horizon_enable_cloudkitty_ui: True

View File

@ -0,0 +1,7 @@
---
other:
- |
The ``config_template`` action module has now been moved into its own git
repository (``openstack/ansible-config_template``). This has been done to
simplify the ability to use the plugin in other non OpenStack-Ansible
projects.

View File

@ -0,0 +1,25 @@
---
features:
- |
The list of enabled filters for the Cinder scheduler,
`scheduler_default_filters` in `cinder.conf`, could previously be
defined only via an entry in ``cinder_cinder_conf_overrides``. You now
have the option to instead define a list variable,
``cinder_scheduler_default_filters``, that defines the enabled
filters. This is helpful if you either want to disable one of the
filters enabled by default (at the time of writing, these are
`AvailabilityZoneFilter`, `CapacityFilter`, and
`CapabilitiesFilter`), or if conversely you want to add a filter
that is normally not enabled, such as `DifferentBackendFilter` or
`InstanceLocalityFilter`.
For example, to enable the `InstanceLocalityFilter` in addition to
the normally enabled scheduler filters, use the following variable.
.. code-block:: yaml
cinder_scheduler_default_filters:
- AvailabilityZoneFilter
- CapacityFilter
- CapabilitiesFilter
- InstanceLocalityFilter

View File

@ -0,0 +1,11 @@
---
features:
- |
The nova configuration is updated to always specify an LXD storage pool
name when 'nova_virt_type' is 'lxd'. The variable 'lxd_storage_pool' is
defaulted to 'default', the LXD default storage pool name. A new variable
'lxd_init_storage_pool' is introduced which specifies the underlying
storage pool name. 'lxd_init_storage_pool' is used by lxd init when setting
up the storage pool. If not provided, lxd init will not use this parameter
at all. Please see the lxd man page for further information about the
storage pool parameter.

View File

@ -0,0 +1,6 @@
---
features:
- Compare dict vars of before and after configuration to determine whether
the config keys or values have changed so a configuration file will not
be incorrectly marked as changed when only the ordering has changed.
- Set diff return variable to a dict of changes applied.

View File

@ -0,0 +1,6 @@
---
deprecations:
- |
Dragonflow is no longer maintained as an OpenStack project and has
therefore been removed from OpenStack-Ansible as a supported ML2
driver for neutron.

View File

@ -0,0 +1,10 @@
---
features:
- The ``os_horizon`` role now supports distribution of user custom themes.
Deployers can use the new key ``theme_src_archive`` of ``horizon_custom_themes``
dictionary to provide absolute path to the archived theme.
Only .tar.gz, .tgz, .zip, .tar.bz, .tar.bz2, .tbz, .tbz2 archives are supported.
Structure inside archive should be as a standard theme, without any leading folders.
fixes:
- Fixes bug https://bugs.launchpad.net/openstack-ansible/+bug/1778098 where playbook failed, if
``horizon_custom_themes`` is specified, and directory for theme is not provided

View File

@ -0,0 +1,9 @@
---
features:
- |
Python-tempestconf is a tool that generates a tempest.conf file, based
only on the credentials from an openstack installation. It uses the
discoverable api from openstack to check for services, features, etc.
Add the possibility to use python-tempestconf tool to generate tempest.conf
file, rather than use the role template.

View File

@ -0,0 +1,3 @@
---
fixes:
- Fixes neutron HA routers, by enabling ``neutron-l3-agent`` to invoke the required helper script.

View File

@ -0,0 +1,12 @@
---
features:
- |
Octavia is creating vms, securitygroups, and other things in its
project. In most cases the default quotas are not big enough. This
will adjust them to (configurable) reasonable values.
security:
- |
Avoid setting the quotas too high for your cloud since this can
impact the performance of other servcies and lead to a potential
Denial-of-Service attack if Loadbalancer quotas are not set
properly or RBAC is not properly set up.

View File

@ -0,0 +1,8 @@
---
fixes:
- |
The quota for security group rules was erroneously set
to 100 with the aim to have 100 security group rules
per security group instead of to 100*#security group rules.
This patch fixes this discrepancy.

View File

@ -0,0 +1,12 @@
---
upgrade:
- |
The data structure for ``galera_client_gpg_keys`` has been changed to be
a dict passed directly to the applicable apt_key/rpm_key module. As such
any overrides would need to be reviewed to ensure that they do not pass
any key/value pairs which would cause the module to fail.
- |
The default values for ``galera_client_gpg_keys`` have been changed for
all supported platforms will use vendored keys. This means that the task
execution will no longer reach out to the internet to add the keys,
making offline or proxy-based installations easier and more reliable.

View File

@ -0,0 +1,12 @@
---
upgrade:
- |
The data structure for ``galera_gpg_keys`` has been changed to be
a dict passed directly to the applicable apt_key/rpm_key module. As such
any overrides would need to be reviewed to ensure that they do not pass
any key/value pairs which would cause the module to fail.
- |
The default values for ``galera_gpg_keys`` have been changed for
all supported platforms will use vendored keys. This means that the task
execution will no longer reach out to the internet to add the keys,
making offline or proxy-based installations easier and more reliable.

View File

@ -0,0 +1,22 @@
---
features:
- |
Horizon has, since OSA's inception, been deployed with HTTPS
access enabled, and has had no way to turn it off. Some use-cases
may want to access via HTTP instead, so this patch enables
the following.
* Listen via HTTPS on a load balancer, but via HTTP on the
horizon host and have the load balancer forward the correct
headers. It will do this by default in the integrated build
due to the presence of the load balancer, so the current
behaviour is retained.
* Enable HTTPS on the horizon host without a load balancer.
This is the role's default behaviour which matches what it
always has been.
* Disable HTTPS entirely by setting ``haproxy_ssl: no`` (which
will also disable https on haproxy. This setting is inherited
by the new ``horizon_enable_ssl`` variable by default. This
is a new option.

View File

@ -4,5 +4,5 @@ features:
new variable ``pip_offline_install``. This can be useful
in environments where the containers lack internet
connectivity. Please refer to the `limited connectivity installation guide
<http://docs.openstack.org/developer/openstack-ansible/install-guide/app-no-internet-connectivity.html#install-pip-through-deployment-host>`_
<https://docs.openstack.org/openstack-ansible/latest/#install-pip-through-deployment-host>`_
for more information.

View File

@ -0,0 +1,5 @@
---
deprecations:
- The log path, ``/var/log/blazar`` is no longer used to capture service
logs. All logging for the blazar service will now be sent directly to the
systemd journal.

View File

@ -5,6 +5,6 @@ features:
- The task dropping the keystone systemd unit files now uses the
``config_template`` action plugin allowing deployers access to
customize the unit files as they see fit without having to
load extra options into the defaults and polute the generic
load extra options into the defaults and pollute the generic
systemd unit file with jinja2 variables and conditionals.

View File

@ -5,5 +5,5 @@ features:
single, common, networking functionality to across multiple distros.
- All of the pre/post up, and pre/post down adhoc command options have been
converted to using systemd "oneshot" services. This conversion allows all
supported distros to benifit from the ability to run adhoc commands before
supported distros to benefit from the ability to run adhoc commands before
and after networking is available on both start-up and shut-down.

View File

@ -0,0 +1,10 @@
---
features:
- |
If Horizon dashboard of OSA installation has a public FQDN, is it
now possible to use LetsEncrypt certification service. Certificate
will be generated within HAProxy installation and a cron entry to
renew the certificate daily will be setup.
Note that there is no certificate distribution implementation at
this time, so this will only work for a single haproxy-server
environment.

View File

@ -0,0 +1,15 @@
---
fixes:
- |
When using LXC containers with a copy-on-write back-end, the ``lxc_hosts``
role execution would fail due to undefined variables with the
``nspawn_host_`` prefix. This issue has now been fixed.
deprecations:
- |
The following variable name changes have been implemented in order to
better reflect their purpose.
* ``lxc_host_machine_quota_disabled`` -> ``lxc_host_btrfs_quota_disabled``
* ``lxc_host_machine_qgroup_space_limit`` -> ``lxc_host_btrfs_qgroup_space_limit``
* ``lxc_host_machine_qgroup_compression_limit`` -> ``lxc_host_btrfs_qgroup_compression_limit``

View File

@ -0,0 +1,9 @@
---
features:
- |
The masakari dashboard is available in Horizon. Deployers can enable
the panel by setting the following Ansible variable:
.. code-block:: yaml
horizon_enable_masakari_ui: True

View File

@ -0,0 +1,8 @@
---
features:
- It is now possible for deployers to enable or disable the `mysqlcheck`
capability. The Boolean option `galera_monitoring_check_enabled` has
been added which has a default value of **true**.
- It is now possible to change the port used by `mysqlcheck`. The integer
option `galera_monitoring_check_port` has been added with the default
value of **9200**.

View File

@ -0,0 +1,29 @@
---
features:
- |
The Neutron Service Function Chaining Extension (SFC) can optionally be deployed and
configured by defining the following service plugins:
* ``flow_classifier``
* ``sfc``
.. code-block:: yaml
neutron_plugin_base:
- router
- metering
- flow_classifier
- sfc
For more information about SFC in Neutron, refer to the following:
* `Service Function Chaining Extension for OpenStack Networking
<https://docs.openstack.org/networking-sfc/latest/>`_
upgrade:
- |
The plugin names for the classifier and sfc changed:
* networking_sfc.services.flowclassifier.plugin.FlowClassifierPlugin => flow_classifier
* networking_sfc.services.sfc.plugin.SfcPlugin => sfc

View File

@ -5,4 +5,4 @@ features:
You can set the ``neutron_plugin_type`` to
``ml2.opendaylight`` to utilize this code path.
The usage of ``OpenDaylight`` is currently experimental.
Two versions are currently supported: Nitrogen and Oxygen.
Two versions are currently supported - Nitrogen and Oxygen.

View File

@ -0,0 +1,22 @@
---
features:
- |
The ``provider_networks`` library has been updated to support the
definition of network interfaces that can automatically be added as ports
to OVS provider bridges setup during a deployment. To activate this feature,
add the ``network_interface`` key to the respective flat and/or vlan provider
network definition in ``openstack_user_config.yml``. For more information,
refer to the latest Open vSwitch deployment guide.
upgrade:
- |
The ``provider_networks`` library has been updated to support the
definition of network interfaces that can automatically be added as ports
to OVS provider bridges setup during a deployment. As a result, the
``network_interface`` value applied to the ``neutron_provider_networks``
override in ``user_variables.yml``, as described in previous Open vSwitch
deployment guides, is no longer effective. If overrides are
necessary, use ``network_interface_mappings`` within the provider network
override and specify the respective bridge-to-interface mapping
(e.g. "br-provider:bond1"). For more information, refer to the latest Open
vSwitch deployment guide.

View File

@ -3,5 +3,5 @@ features:
- Neutron SR-IOV can now be optionally deployed and configured.
For details about the what the service is and what it provides, see the
`SR-IOV Installation Guide
<http://docs.openstack.org/developer/openstack-ansible-os_neutron/configure-network-services.html#sr--iov-support-optional>`_
<https://docs.openstack.org/openstack-ansible-os_neutron/latest/configure-network-services.html#sr--iov-support-optional>`_
for more information.

View File

@ -0,0 +1,9 @@
---
features:
- |
VPNaaS dashboard is again available in Horizon. Deployers can enable
the panel by setting the following Ansible variable:
.. code-block:: yaml
horizon_enable_neutron_vpnaas: True

View File

@ -0,0 +1,18 @@
---
features:
- You can now set the Libvirt CPU model and feature flags from the
appropriate entry under the ``nova_virt_types`` dictionary variable
(normally ``kvm``).
``nova_cpu_model`` is a string value that sets the CPU model; this
value is ignored if you set any ``nova_cpu_mode`` other than
``custom``.
``nova_cpu_model_extra_flags`` is a list that allows you to specify
extra CPU feature flags not normally passed through with
``host-model``, or the ``custom`` CPU model of your choice.
upgrade:
- If your configuration previously set the ``libvirt/cpu_model``
and/or ``libvirt/cpu_model_extra_flags`` variables in a
``nova_nova_conf_overrides`` dictionary, you should consider
moving those to ``nova_cpu_model`` and
``nova_cpu_model_extra_flags`` in the appropriate entry (normally
``kvm``) in the ``nova_virt_types`` dictionary.

View File

@ -5,6 +5,6 @@ features:
- The task dropping the designate systemd unit files now uses the
``config_template`` action plugin allowing deployers access to
customize the unit files as they see fit without having to
load extra options into the defaults and polute the generic
load extra options into the defaults and pollute the generic
systemd unit file with jinja2 variables and conditionals.

View File

@ -12,7 +12,14 @@ features:
octavia_service_setup_host: "{{ groups['utility_all'][0] }}"
deprecations:
- |
The variable ``octavia_requires_pip_packages`` is no longer required
and has therefore been removed.
- |
The variable ``octavia_image_downloader`` has been removed. The image
download now uses the same host designated by the
``octavia_service_setup_host`` for the image download.
- |
The variable ``octavia_ansible_endpoint_type`` has been removed. The
endpoint used for ansible tasks has been hard set to the 'admin'
endpoint as is commonly used across all OSA roles.

View File

@ -0,0 +1,7 @@
---
upgrade:
- |
The tasks creating a keystone service user have been removed, along with
related variables ``keystone_service_user_name`` and
``keystone_service_password``. This user can be deleted in existing
deployments.

View File

@ -0,0 +1,5 @@
---
features:
- Deployers can now define a cinder-backend volume type
explicitly private or public with option ``public``
set to true or false.

View File

@ -0,0 +1,6 @@
---
issues:
- |
When using the connection plugin's ``container_user`` option,
``ansible_remote_tmp`` should be set to a system writable path
such as '/var/tmp/'.

View File

@ -0,0 +1,12 @@
---
upgrade:
- |
The data structure for ``rabbitmq_gpg_keys`` has been changed to be
a dict passed directly to the applicable apt_key/rpm_key module. As such
any overrides would need to be reviewed to ensure that they do not pass
any key/value pairs which would cause the module to fail.
- |
The default values for ``rabbitmq_gpg_keys`` have been changed for
all supported platforms will use vendored keys. This means that the task
execution will no longer reach out to the internet to add the keys,
making offline or proxy-based installations easier and more reliable.

View File

@ -0,0 +1,8 @@
---
upgrade:
- |
The default queue policy has changed to ``^(?!(amq\.)|(.*_fanout_)|(reply_)).*``
instead of ``^(?!amq\.).*`` for efficiency.
The new HA policy excludes reply queues (these queues have a single consumer and TTL policy),
fanout queues (they have the TTL policy) and
amq queues (they are auto-delete queues, with a single consumer).

View File

@ -0,0 +1,7 @@
---
fixes:
- With the release of CentOS 7.6, deployments were breaking and becoming very
slow when we restart dbus in order to catch some PolicyKit changes. However,
those changes were never actaully used so they were happening for no reason.
We no longer make any modifications to the systemd-machined configuration
and/or PolicyKit to maintain upstream compatibility.

View File

@ -0,0 +1,22 @@
---
deprecations:
- |
The package cache on the repo server has been removed. If caching of
packages is desired, it should be setup outside of OpenStack-Ansible
and the variable ``lxc_container_cache_files`` (for LXC containers)
or ``nspawn_container_cache_files_from_host`` (for nspawn containers)
can be used to copy the appropriate host configuration from the host
into the containers on creation. Alternatively, environment variables
can be set to use the cache in the host /etc/environment file prior
to container creation, or the ``deployment_environment_variables``
can have the right variables set to use it. The following variables
have been removed.
* ``repo_pkg_cache_enabled``
* ``repo_pkg_cache_port``
* ``repo_pkg_cache_bind``
* ``repo_pkg_cache_dirname``
* ``repo_pkg_cache_dir``
* ``repo_pkg_cache_owner``
* ``repo_pkg_cache_group``

View File

@ -0,0 +1,14 @@
---
other:
- |
Code which added 'Acquire::http:No-Cache true' to the host and container
apt preferences when http proxy environment variables were set has been
removed. This setting is only required when working around issues
introduced by badly configured http proxies. In some cases proxies can
improperly cache the apt Releases and Packages files leading to package
installation errors. If a deployment is behind a badly configured proxy,
the deployer can add the necessary apt config fragment as part of host
provisioning. OSA will replicate that config into any containers that
are created. This setting can be removed from existing deployments if
required by manually deleting the file
``/etc/apt/apt.conf.d/00apt-no-cache`` from all host and containers.

View File

@ -0,0 +1,5 @@
---
upgrade:
- The variable ``tempest_image_dir_owner`` is removed in
favour of using default ansible user to create the
image directory.

View File

@ -0,0 +1,6 @@
---
upgrade:
- The variables ``ceilometer_oslomsg_rpc_servers`` and
``ceilometer_oslomsg_notify_servers`` have been
removed in favour of using ``ceilometer_oslomsg_rpc_host_group``
and ``ceilometer_oslomsg_notify_host_group`` instead.

View File

@ -0,0 +1,21 @@
---
deprecations:
- |
The repo build process no longer builds packaged venvs. Instead, the venvs
are created on the target hosts as the install process for each service
needs to. This opens up the opportunity for roles to be capable of creating
multiple venvs, and for any role to create venvs - neither of these options
were possible in previous releases.
The following variables therefore have been removed.
* ``repo_build_venv_selective``
* ``repo_build_venv_rebuild``
* ``repo_build_venv_timeout``
* ``repo_build_concurrency``
* ``repo_build_venv_build_dir``
* ``repo_build_venv_dir``
* ``repo_build_venv_pip_install_options``
* ``repo_build_venv_command_options``
* ``repo_venv_default_pip_packages``

View File

@ -0,0 +1,16 @@
---
upgrade:
- |
Due to the smart-reources implementation, variables, related to custom git path
of exact config files were removed. Now all config files are taken from
upstream git repo, but overrides and client configs are still supported.
The following variables are not supported now:
* ceilometer_git_config_lookup_location
* ceilometer_data_meters_git_file_path
* ceilometer_event_definitions_git_file_path
* ceilometer_gnocchi_resources_git_file_path
* ceilometer_loadbalancer_v2_meter_definitions_git_file_path
* ceilometer_osprofiler_event_definitions_git_file_path
* ceilometer_polling_git_file_path
If you are maintaining custom ceilometer git repository, you still may use
``ceilometer_git_repo`` variable, to provide url to your git repository.

View File

@ -5,6 +5,6 @@ features:
- The task dropping the swift systemd unit files now uses the
``config_template`` action plugin allowing deployers access to
customize the unit files as they see fit without having to
load extra options into the defaults and polute the generic
load extra options into the defaults and pollute the generic
systemd unit file with jinja2 variables and conditionals.

View File

@ -0,0 +1,9 @@
---
features:
- |
The tacker dashboard is available in Horizon. Deployers can enable
the panel by setting the following Ansible variable:
.. code-block:: yaml
horizon_enable_tacker_ui: True

View File

@ -0,0 +1,25 @@
---
features:
- |
The service setup in keystone for tempest will now be executed
through delegation to the ``tempest_service_setup_host`` which,
by default, is ``localhost`` (the deploy host). Deployers can
opt to rather change this to the utility container by implementing
the following override in ``user_variables.yml``.
.. code-block:: yaml
tempest_service_setup_host: "{{ groups['utility_all'][0] }}"
- |
Rather than a hard-coded set of projects and users, tempest can
now be configured with a custom list with the variables
``tempest_projects`` and ``tempest_users``.
deprecations:
- |
The variable ``tempest_requires_pip_packages`` is no longer required
and has therefore been removed.
- |
The variable ``tempest_image_downloader`` has been removed. The image
download now uses the same host designated by the
``tempest_service_setup_host`` for the image download.

View File

@ -0,0 +1,7 @@
---
security:
- |
The default TLS version has been set to TLS1.2. This only allows
version 1.2 of the protocol to be used when terminating or creating TLS
connections. You can change the value with the barbican_ssl_protocol
variable.

View File

@ -0,0 +1,7 @@
---
security:
- |
The default TLS version has been set to TLS1.2. This only allows
version 1.2 of the protocol to be used when terminating or creating TLS
connections. You can change the value with the horizon_ssl_protocol
variable.

View File

@ -0,0 +1,7 @@
---
security:
- |
The default TLS verion has been set to TLS1.2. This only allows
version 1.2 of the protocol to be used when terminating or creating TLS
connections. You can change the value with the keystone_ssl_protocol
variable.

View File

@ -0,0 +1,7 @@
---
security:
- |
The default TLS version has been set to TLS1.2. This only allows
version 1.2 of the protocol to be used when terminating or creating TLS
connections. You can change the value with the gnocchi_ssl_protocol
variable.

View File

@ -0,0 +1,7 @@
---
security:
- |
The default TLS version has been set to force-tlsv12. This only allows
version 1.2 of the protocol to be used when terminating or creating TLS
connections. You can change the value with the haproxy_ssl_bind_options
variable.

View File

@ -0,0 +1,7 @@
---
security:
- |
The default TLS version has been set to TLS1.2. This only allows
version 1.2 of the protocol to be used when terminating or creating TLS
connections. You can change the value with the trove_ssl_protocol
variable.

View File

@ -0,0 +1,5 @@
---
features:
- Allow the default section in an ini file to be specified
using the ``default_section`` variable when calling a
``config_template`` task. This defaults to ``DEFAULT``.

View File

@ -0,0 +1,4 @@
---
features:
- |
The MariaDB version has been bumped to 10.2

View File

@ -0,0 +1,4 @@
---
features:
- |
The MariaDB version has been bumped to 10.2

View File

@ -0,0 +1,16 @@
---
upgrade:
- |
The data structure for ``ceph_gpg_keys`` has been changed to be a list of
dicts, each of which is passed directly to the applicable apt_key/rpm_key
module. As such any overrides would need to be reviewed to ensure that they
do not pass any key/value pairs which would cause the module to fail.
- |
The default values for ``ceph_gpg_keys`` have been changed for all
supported platforms and now use vendored keys. This means that the task
execution will no longer reach out to the internet to add the keys,
making offline or proxy-based installations easier and more reliable.
- |
A new value ``epel_gpg_keys`` can be overridden to use a different GPG key
for the EPEL-7 RPM package repo instead of the vendored key used by default.

View File

@ -0,0 +1,9 @@
---
features:
- |
The watcher dashboard is available in Horizon. Deployers can enable
the panel by setting the following Ansible variable:
.. code-block:: yaml
horizon_enable_watcher_ui: True

View File

@ -0,0 +1,9 @@
---
features:
- |
The zun dashboard is available in Horizon. Deployers can enable
the panel by setting the following Ansible variable:
.. code-block:: yaml
horizon_enable_zun_ui: True