From 84cb3ff05253d74df163e36b3c5bec49de178989 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Evrard Date: Sun, 10 Mar 2019 18:08:55 +0100 Subject: [PATCH] Freeze for milestone release This would be the first milestone release of OpenStack-Ansible Stein. Change-Id: Iff5235b6e11a6586f0836fd550331efbe4151de0 --- ansible-role-requirements.yml | 118 +++++++++--------- .../add-cors-config-6326223fe7fa7423.yaml | 5 + .../add-nested-virt-1db2270e73d1b34.yaml | 7 ++ .../add-nfs-support-5aacc81dbf3c2270.yaml | 5 + .../add-random-devices-38671b23cb1319b8.yaml | 2 +- ...d-support-for-distro-89611067ce74fc2c.yaml | 11 ++ ...backup-driver-rename-ca4424a0814ee8af.yaml | 12 ++ .../blacklist-format-26c6097cf4e813c9.yaml | 12 ++ ...blazar-horizon-panel-d5ba19273b21d7aa.yaml | 9 ++ ...-ntp-server-defaults-7cd2e3a80723e0bd.yaml | 6 + ...y-ntp-server-options-f8f87225a5282e1a.yaml | 4 + .../chrony-rtc-sync-f46b9a526aec0889.yaml | 4 + ...dkitty-horizon-panel-c3b616273b21d7aa.yaml | 9 ++ ...config-template-move-a0f08aff8e54f62f.yaml | 7 ++ ...le-scheduler-filters-17ea2ed9d4aa0708.yaml | 25 ++++ .../default-lxd-pool-1aa179bd77868cb0.yaml | 11 ++ .../notes/diffmode-e8f9a041f662a2ef.yaml | 6 + .../dragonflow-removed-6285225b5525cd50.yaml | 6 + .../drop-custom-themes-724c40e5cd69b8e2.yaml | 10 ++ ...-tempestconf-support-0bd13c8393c9450b.yaml | 9 ++ ...-ha-keepalive-helper-5f1f82c437c8a430.yaml | 3 + .../notes/fix_quota-e3d4bf0b896dc393.yaml | 12 ++ ...s_sec_grp_rule_quota-2755da6c2c2ab434.yaml | 8 ++ ...lera-client-gpg-keys-8b674cee476885d0.yaml | 12 ++ .../galera-gpg-keys-96ed45fd1ec4cb14.yaml | 12 ++ .../http-access-horizon-94c27a0aadb9f1b4.yaml | 22 ++++ .../notes/install-local-019edab04ffc8347.yaml | 2 +- .../notes/journal-log-cwbr789hd9b59612.yaml | 5 + ...nit-config-overrides-1857d5e5bc5a905f.yaml | 2 +- ...ing-convert-networkd-5b514e604df7c429.yaml | 2 +- ...pt-ssl-certification-129a80cb88d8e6ff.yaml | 10 ++ ...xc-host-machine-vars-5d11b1f269167fd3.yaml | 15 +++ ...sakari-horizon-panel-c058881e1268b3b7.yaml | 9 ++ .../mysqlcheck-options-60fae226d8d4f3ca.yaml | 8 ++ ...daylight-sfc-support-8b249b8f8efbc087.yaml | 29 +++++ ...opendaylight-support-453dc9324eafaae7.yaml | 2 +- ...s-interface-mappings-789902128b82e721.yaml | 22 ++++ .../notes/neutron-sriov-50c0099554574d01.yaml | 2 +- ...ron-vpnaas-dashboard-19f4ef09faae1f70.yaml | 9 ++ .../nova-cpu-model-006da20048168842.yaml | 18 +++ ...nit-config-overrides-ffce7e419061c4da.yaml | 2 +- ...a-service-setup-host-d57533fdea394394.yaml | 7 ++ ...-remove-service-user-f2100fa3127c7c2e.yaml | 7 ++ ...-private-volume-type-9b2cc92c6c74c277.yaml | 5 + ...iner-user-remote-tmp-0efec059fd04eae2.yaml | 6 + .../rabbitmq-gpg-keys-042a47164265ea40.yaml | 12 ++ ...tmq-server-ha-policy-d4e9b46cb5922032.yaml | 8 ++ ...chinectl-workarounds-d67a4739f6385f54.yaml | 7 ++ .../remove-pkg-cache-afba3577138dc0a0.yaml | 22 ++++ ...emove-proxy-no-cache-9b514030c87e7d1b.yaml | 14 +++ ...pest-image-dir-owner-ec10dfa5bb9f87f1.yaml | 5 + ...emove_oslomsg_server-6b5c19e03a001e85.yaml | 6 + ...o-build-venv-removed-80686a21b693b0cd.yaml | 21 ++++ .../notes/smart-sources-59cd0811dcf1ae49.yaml | 16 +++ ...nit-config-overrides-822ec734e02a0dd1.yaml | 2 +- ...tacker-horizon-panel-c3x916273c21d70a.yaml | 9 ++ ...t-service-setup-host-da08c1d4775ea0d1.yaml | 25 ++++ .../notes/tls12-only-2025a08207fd562e.yaml | 7 ++ .../notes/tls12-only-40fea49efdb9d4dd.yaml | 7 ++ .../notes/tls12-only-75222cbe8c32ad57.yaml | 7 ++ .../notes/tls12-only-9b74e96cfd47a634.yaml | 7 ++ .../notes/tls12-only-a22d5f3f8198617f.yaml | 7 ++ .../notes/tls12-only-d7221a33188dc7a0.yaml | 7 ++ .../top_ini_section-c28d7acadf5fe836.yaml | 5 + ...date-mariadb-to-10.2-a70764ae400aadf6.yaml | 4 + ...date-mariadb-to-10.2-b99a87ed0bb60b37.yaml | 4 + ...se_vendored_gpg_keys-f268bd4f4cb7d105.yaml | 16 +++ ...atcher-horizon-panel-c3b616273c21d70a.yaml | 9 ++ .../zun-horizon-panel-c3b616283b21d9ba.yaml | 9 ++ 69 files changed, 678 insertions(+), 67 deletions(-) create mode 100644 releasenotes/notes/add-cors-config-6326223fe7fa7423.yaml create mode 100644 releasenotes/notes/add-nested-virt-1db2270e73d1b34.yaml create mode 100644 releasenotes/notes/add-nfs-support-5aacc81dbf3c2270.yaml create mode 100644 releasenotes/notes/add-support-for-distro-89611067ce74fc2c.yaml create mode 100644 releasenotes/notes/backup-driver-rename-ca4424a0814ee8af.yaml create mode 100644 releasenotes/notes/blacklist-format-26c6097cf4e813c9.yaml create mode 100644 releasenotes/notes/blazar-horizon-panel-d5ba19273b21d7aa.yaml create mode 100644 releasenotes/notes/chrony-ntp-server-defaults-7cd2e3a80723e0bd.yaml create mode 100644 releasenotes/notes/chrony-ntp-server-options-f8f87225a5282e1a.yaml create mode 100644 releasenotes/notes/chrony-rtc-sync-f46b9a526aec0889.yaml create mode 100644 releasenotes/notes/cloudkitty-horizon-panel-c3b616273b21d7aa.yaml create mode 100644 releasenotes/notes/config-template-move-a0f08aff8e54f62f.yaml create mode 100644 releasenotes/notes/configurable-scheduler-filters-17ea2ed9d4aa0708.yaml create mode 100644 releasenotes/notes/default-lxd-pool-1aa179bd77868cb0.yaml create mode 100644 releasenotes/notes/diffmode-e8f9a041f662a2ef.yaml create mode 100644 releasenotes/notes/dragonflow-removed-6285225b5525cd50.yaml create mode 100644 releasenotes/notes/drop-custom-themes-724c40e5cd69b8e2.yaml create mode 100644 releasenotes/notes/enable-tempestconf-support-0bd13c8393c9450b.yaml create mode 100644 releasenotes/notes/fix-l3-agent-ha-keepalive-helper-5f1f82c437c8a430.yaml create mode 100644 releasenotes/notes/fix_quota-e3d4bf0b896dc393.yaml create mode 100644 releasenotes/notes/fixes_sec_grp_rule_quota-2755da6c2c2ab434.yaml create mode 100644 releasenotes/notes/galera-client-gpg-keys-8b674cee476885d0.yaml create mode 100644 releasenotes/notes/galera-gpg-keys-96ed45fd1ec4cb14.yaml create mode 100644 releasenotes/notes/http-access-horizon-94c27a0aadb9f1b4.yaml create mode 100644 releasenotes/notes/journal-log-cwbr789hd9b59612.yaml create mode 100644 releasenotes/notes/letsencrypt-ssl-certification-129a80cb88d8e6ff.yaml create mode 100644 releasenotes/notes/lxc-host-machine-vars-5d11b1f269167fd3.yaml create mode 100644 releasenotes/notes/masakari-horizon-panel-c058881e1268b3b7.yaml create mode 100644 releasenotes/notes/mysqlcheck-options-60fae226d8d4f3ca.yaml create mode 100644 releasenotes/notes/neutron-opendaylight-sfc-support-8b249b8f8efbc087.yaml create mode 100644 releasenotes/notes/neutron-ovs-interface-mappings-789902128b82e721.yaml create mode 100644 releasenotes/notes/neutron-vpnaas-dashboard-19f4ef09faae1f70.yaml create mode 100644 releasenotes/notes/nova-cpu-model-006da20048168842.yaml create mode 100644 releasenotes/notes/os-keystone-remove-service-user-f2100fa3127c7c2e.yaml create mode 100644 releasenotes/notes/os_cinder-private-volume-type-9b2cc92c6c74c277.yaml create mode 100644 releasenotes/notes/plugins-container-user-remote-tmp-0efec059fd04eae2.yaml create mode 100644 releasenotes/notes/rabbitmq-gpg-keys-042a47164265ea40.yaml create mode 100644 releasenotes/notes/rabbitmq-server-ha-policy-d4e9b46cb5922032.yaml create mode 100644 releasenotes/notes/remove-machinectl-workarounds-d67a4739f6385f54.yaml create mode 100644 releasenotes/notes/remove-pkg-cache-afba3577138dc0a0.yaml create mode 100644 releasenotes/notes/remove-proxy-no-cache-9b514030c87e7d1b.yaml create mode 100644 releasenotes/notes/remove-tempest-image-dir-owner-ec10dfa5bb9f87f1.yaml create mode 100644 releasenotes/notes/remove_oslomsg_server-6b5c19e03a001e85.yaml create mode 100644 releasenotes/notes/repo-build-venv-removed-80686a21b693b0cd.yaml create mode 100644 releasenotes/notes/smart-sources-59cd0811dcf1ae49.yaml create mode 100644 releasenotes/notes/tacker-horizon-panel-c3x916273c21d70a.yaml create mode 100644 releasenotes/notes/tempest-service-setup-host-da08c1d4775ea0d1.yaml create mode 100644 releasenotes/notes/tls12-only-2025a08207fd562e.yaml create mode 100644 releasenotes/notes/tls12-only-40fea49efdb9d4dd.yaml create mode 100644 releasenotes/notes/tls12-only-75222cbe8c32ad57.yaml create mode 100644 releasenotes/notes/tls12-only-9b74e96cfd47a634.yaml create mode 100644 releasenotes/notes/tls12-only-a22d5f3f8198617f.yaml create mode 100644 releasenotes/notes/tls12-only-d7221a33188dc7a0.yaml create mode 100644 releasenotes/notes/top_ini_section-c28d7acadf5fe836.yaml create mode 100644 releasenotes/notes/update-mariadb-to-10.2-a70764ae400aadf6.yaml create mode 100644 releasenotes/notes/update-mariadb-to-10.2-b99a87ed0bb60b37.yaml create mode 100644 releasenotes/notes/use_vendored_gpg_keys-f268bd4f4cb7d105.yaml create mode 100644 releasenotes/notes/watcher-horizon-panel-c3b616273c21d70a.yaml create mode 100644 releasenotes/notes/zun-horizon-panel-c3b616283b21d9ba.yaml diff --git a/ansible-role-requirements.yml b/ansible-role-requirements.yml index c3af14fba7..801be4ee32 100644 --- a/ansible-role-requirements.yml +++ b/ansible-role-requirements.yml @@ -1,236 +1,236 @@ - name: ansible-hardening scm: git src: https://git.openstack.org/openstack/ansible-hardening - version: master + version: ef1b4170328391d55c3ca94e8183fdd56a229c34 - name: apt_package_pinning scm: git src: https://git.openstack.org/openstack/openstack-ansible-apt_package_pinning - version: master + version: 83347049b8185bbb9eec4b47a75a86e2f7d7d17b - name: config_template scm: git src: https://git.openstack.org/openstack/ansible-config_template - version: master + version: 0e67ef2e0854b0081d5c68ebc000c1bb0a009700 - name: pip_install scm: git src: https://git.openstack.org/openstack/openstack-ansible-pip_install - version: master + version: 3e9ce35e3796522e900cb2396bcfdf4e8bb94d71 - name: galera_client scm: git src: https://git.openstack.org/openstack/openstack-ansible-galera_client - version: master + version: d53d623eedd33d9015dacd126e93a092d7548637 - name: galera_server scm: git src: https://git.openstack.org/openstack/openstack-ansible-galera_server - version: master + version: 632b0a8d827206857b04d86468124721ba991424 - name: ceph_client scm: git src: https://git.openstack.org/openstack/openstack-ansible-ceph_client - version: master + version: 2febce8369ae4c51c00636dec00e4ba0558c9bcc - name: haproxy_server scm: git src: https://git.openstack.org/openstack/openstack-ansible-haproxy_server - version: master + version: ca23ec42ed4415d469b51851a96d03a90327f515 - name: keepalived scm: git src: https://github.com/evrardjp/ansible-keepalived - version: master + version: 0ddbb93708b8b8c46c765f5aedf33ad38e1cf23d - name: lxc_container_create scm: git src: https://git.openstack.org/openstack/openstack-ansible-lxc_container_create - version: master + version: dac2b714c1cfb4ab9f95067150c1b236d1e1ddd1 - name: lxc_hosts scm: git src: https://git.openstack.org/openstack/openstack-ansible-lxc_hosts - version: master + version: ea3ecc817ff01f065dbef78e4c2dd2dcd860ac76 - name: memcached_server scm: git src: https://git.openstack.org/openstack/openstack-ansible-memcached_server - version: master + version: 67c61a1dddedee6de1c62eb93e6a2d95ad924d7b - name: openstack_hosts scm: git src: https://git.openstack.org/openstack/openstack-ansible-openstack_hosts - version: master + version: f140a2e565dd85e9439f710de7ede89bc3e8afdd - name: os_keystone scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_keystone - version: master + version: f119f18963bd835be3fb7cee230ae39fd7dd38c1 - name: openstack_openrc scm: git src: https://git.openstack.org/openstack/openstack-ansible-openstack_openrc - version: master + version: e7f34fb579acacfc37e6822a0abae4ea38f45b64 - name: os_aodh scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_aodh - version: master + version: 2cef94163776e89c9556647cf5c834935aba9613 - name: os_barbican scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_barbican - version: master + version: 6d2ef2d12ab6417b5f765884c579236eaa631149 - name: os_blazar scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_blazar - version: master + version: cb561cc870af3759cff3f8ecd2c3e1b129eff807 - name: os_ceilometer scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_ceilometer - version: master + version: dfff9a818bce73a4c234834b478b40d9b8224716 - name: os_cinder scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_cinder - version: master + version: 75019ed6c581c323507220d2425e9061b0905799 - name: os_congress scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_congress - version: master + version: aacd9fd317c42f3d143486be7c69b9dc43128acc - name: os_designate scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_designate - version: master + version: c7cfc00ad63aa67d2489665e0e91901c14172810 - name: os_glance scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_glance - version: master + version: 9539f40f7c926f582ca49c9e725f721543bbed23 - name: os_gnocchi scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_gnocchi - version: master + version: 3038cbd0677bbe365128ee7c78756ed66f15c6b5 - name: os_heat scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_heat - version: master + version: f96c2208e0ee0a2c180e15cdd01aaf3af7df9fa9 - name: os_horizon scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_horizon - version: master + version: 490ab8f7febb717fd27602bfd43748890f78acef - name: os_ironic scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_ironic - version: master + version: 837fe2ec88d7d7d742369996575afad15af5feb7 - name: os_magnum scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_magnum - version: master + version: b020a631b9bd43e0c2341a3e223603295c0eeea0 - name: os_mistral scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_mistral - version: master + version: c6dd57141e06b442f07339f9d0617a2ffdb5a275 - name: os_neutron scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_neutron - version: master + version: b1f4269ecc1f128e086bccf6d40b4adbdac0ab74 - name: os_nova scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_nova - version: master + version: 30952d23ec4a136db2fc741534172795c0086fac - name: os_octavia scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_octavia - version: master + version: eee659d342644de4fc87d15522d2e27f6d3a589e - name: os_rally scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_rally - version: master + version: e32171e7547f0501064f41faea35b64f82eaf103 - name: os_sahara scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_sahara - version: master + version: d0a23313ea7964c115fdf39a7300b021bfcf15b4 - name: os_swift scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_swift - version: master + version: 430932f274b51e58884065bbefc2c572eb77c94d - name: os_tacker scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_tacker - version: master + version: 886ee2a45724cd7d6b722722c2299f070f5f7623 - name: os_tempest scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_tempest - version: master + version: f633e4972526a22945bfa50afdf38d04cfe088b7 - name: os_trove scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_trove - version: master + version: a2245da5efa8334adaadfda6e3be319014b9de38 - name: plugins scm: git src: https://git.openstack.org/openstack/openstack-ansible-plugins - version: master + version: 44a8205f5e6773d166b10e71a73aa8d2cbb6296e - name: qdrouterd scm: git src: https://git.openstack.org/openstack/ansible-role-qdrouterd - version: master + version: 549054335231bbe04590b5ab5ff4bf6b37a8f204 - name: rabbitmq_server scm: git src: https://git.openstack.org/openstack/openstack-ansible-rabbitmq_server - version: master + version: 3c40f53f5ee37ce9212272bcde36c832ea1f1031 - name: repo_build scm: git src: https://git.openstack.org/openstack/openstack-ansible-repo_build - version: master + version: 6638604edf05e27986bb9641dc4e04f5addcda06 - name: repo_server scm: git src: https://git.openstack.org/openstack/openstack-ansible-repo_server - version: master + version: 3523911b7f17a3e48fdfca2b7d13e6da6945e37d - name: rsyslog_client scm: git src: https://git.openstack.org/openstack/openstack-ansible-rsyslog_client - version: master + version: f11d252212873c6eb16cd2a4276a4cee2dff63fc - name: rsyslog_server scm: git src: https://git.openstack.org/openstack/openstack-ansible-rsyslog_server - version: master + version: 05c8cf0210b5e9c01ecc83991096c64847e4fcdd - name: sshd scm: git src: https://github.com/willshersystems/ansible-sshd - version: master + version: a84bc84c22bdf97dd19be4559ead8098902305bb - name: bird scm: git src: https://github.com/logan2211/ansible-bird - version: master + version: 849d60e9f32c41fa13678f63ef815bec59a6822a - name: etcd scm: git src: https://github.com/logan2211/ansible-etcd - version: master + version: fa1c447b6a979a614fc024725b5ecad215261c4a - name: unbound scm: git src: https://github.com/logan2211/ansible-unbound - version: master + version: 40e4f0a65d88050f55bf158ceeb2324164d427d0 - name: resolvconf scm: git src: https://github.com/logan2211/ansible-resolvconf - version: master + version: a2ff5ba59b47f96ddddcb7a3a67de93687c317a6 - name: ceph-ansible scm: git src: https://github.com/ceph/ceph-ansible - version: stable-3.2 + version: 224bab0d7005142d262dc23f7d42cb38b3c1669b - name: opendaylight scm: git src: https://github.com/opendaylight/integration-packaging-ansible-opendaylight - version: master + version: 0aebbc250b34ac5ac14b37bdf9b1a2e1cfaa5a76 - name: haproxy_endpoints scm: git src: https://github.com/logan2211/ansible-haproxy-endpoints - version: master + version: 8e3a24a35beb16d717072dc83895c5a1f92689fb - name: nspawn_container_create src: https://git.openstack.org/openstack/openstack-ansible-nspawn_container_create scm: git - version: master + version: 5a7cb98319aeea34d43d915784a675f8881d7d2a - name: nspawn_hosts src: https://git.openstack.org/openstack/openstack-ansible-nspawn_hosts scm: git - version: master + version: 241c9fd5038be3d87a2aa025f57f59306ad5c316 - name: systemd_service src: https://git.openstack.org/openstack/ansible-role-systemd_service scm: git - version: master + version: 07f4d977d7a4875be161e3c1b54ad7ef043833c7 - name: systemd_mount src: https://git.openstack.org/openstack/ansible-role-systemd_mount scm: git - version: master + version: b916ed60173ec571e27d120b27a20b84680725ef - name: systemd_networkd src: https://git.openstack.org/openstack/ansible-role-systemd_networkd scm: git - version: master + version: dff2decc65d0f34b6fa73c508371914576986151 - name: python_venv_build src: https://git.openstack.org/openstack/ansible-role-python_venv_build scm: git - version: master + version: 0e44d4230a4259e88e1d37e8fb2dd12ad6dcc5df diff --git a/releasenotes/notes/add-cors-config-6326223fe7fa7423.yaml b/releasenotes/notes/add-cors-config-6326223fe7fa7423.yaml new file mode 100644 index 0000000000..de1d5c8dbf --- /dev/null +++ b/releasenotes/notes/add-cors-config-6326223fe7fa7423.yaml @@ -0,0 +1,5 @@ +--- +features: + - It is possible to configure Glance to allow cross origin requests by + specifying the allowed origin address using the ``glance_cors_allowed_origin`` + variable. By default, this will be the load balancer address. diff --git a/releasenotes/notes/add-nested-virt-1db2270e73d1b34.yaml b/releasenotes/notes/add-nested-virt-1db2270e73d1b34.yaml new file mode 100644 index 0000000000..c0c6234f60 --- /dev/null +++ b/releasenotes/notes/add-nested-virt-1db2270e73d1b34.yaml @@ -0,0 +1,7 @@ +--- +features: + - This role now optionally enables your compute nodes' KVM kernel + module nested virtualization capabilities, by setting nova_nested_virt_enabled + to true. Depending on your distribution and libvirt version, you might need to + set additional variables to fully enabled nested virtualization. + For details, please see https://docs.openstack.org/nova/latest/admin/configuration/hypervisor-kvm.html#nested-guest-support. diff --git a/releasenotes/notes/add-nfs-support-5aacc81dbf3c2270.yaml b/releasenotes/notes/add-nfs-support-5aacc81dbf3c2270.yaml new file mode 100644 index 0000000000..44e38d95db --- /dev/null +++ b/releasenotes/notes/add-nfs-support-5aacc81dbf3c2270.yaml @@ -0,0 +1,5 @@ +--- +features: + - It is now possible to use NFS mountpoints with the role by using the + nova_nfs_client variable, which is useful for using NFS for instance + data and saves. diff --git a/releasenotes/notes/add-random-devices-38671b23cb1319b8.yaml b/releasenotes/notes/add-random-devices-38671b23cb1319b8.yaml index a3d3a98254..9bd16be3c9 100644 --- a/releasenotes/notes/add-random-devices-38671b23cb1319b8.yaml +++ b/releasenotes/notes/add-random-devices-38671b23cb1319b8.yaml @@ -1,7 +1,7 @@ --- fixes: - | - Newer releases of CentOS ship a version of libnss that depends on the existance + Newer releases of CentOS ship a version of libnss that depends on the existence of /dev/random and /dev/urandom in the operating system in order to run. This causes a problem during the cache preparation process which runs inside chroot that does not contain this, resulting in errors with the following message. diff --git a/releasenotes/notes/add-support-for-distro-89611067ce74fc2c.yaml b/releasenotes/notes/add-support-for-distro-89611067ce74fc2c.yaml new file mode 100644 index 0000000000..9936187a4e --- /dev/null +++ b/releasenotes/notes/add-support-for-distro-89611067ce74fc2c.yaml @@ -0,0 +1,11 @@ +--- +features: + - | + The ``os_tempest`` role now has the ability to install from distribution packages by setting + ``tempest_install_method`` to ``distro``. + - | + The new variable ``tempest_workspace`` has been introduced to set the location of the tempest + workspace. + - | + The default location of the default tempest configuration is now ``/etc/tempest/tempest.conf`` + rather than the previous default of ``$HOME/.tempest/etc``. diff --git a/releasenotes/notes/backup-driver-rename-ca4424a0814ee8af.yaml b/releasenotes/notes/backup-driver-rename-ca4424a0814ee8af.yaml new file mode 100644 index 0000000000..efad00f948 --- /dev/null +++ b/releasenotes/notes/backup-driver-rename-ca4424a0814ee8af.yaml @@ -0,0 +1,12 @@ +--- +upgrade: + - | + In Stein, Cinder stopped supporting configuring backup drivers without + the full class path. This means that you must now use the following + values for ``cinder_service_backup_driver``. + + * ``cinder.backup.drivers.swift.SwiftBackupDriver`` + * ``cinder.backup.drivers.ceph.CephBackupDriver`` + + If you do not make this change, the Cinder backup service will refuse + to start properly. diff --git a/releasenotes/notes/blacklist-format-26c6097cf4e813c9.yaml b/releasenotes/notes/blacklist-format-26c6097cf4e813c9.yaml new file mode 100644 index 0000000000..e4c94a8c7b --- /dev/null +++ b/releasenotes/notes/blacklist-format-26c6097cf4e813c9.yaml @@ -0,0 +1,12 @@ +--- +upgrade: > + Data structure for ``tempest_test_blacklist`` has been updated to + add launchpad and/or bugzilla linked with the test being skipped. +features: + - | + Add the launchpad and bugzilla keys in tempest_test_blacklist ansible + variable. + Developers must have a way to trackdown why a test was inserted in the + skiplist, and one of the ways is through bugs. This feature add the + information regarding it in the list of skipped tests on os_tempest + diff --git a/releasenotes/notes/blazar-horizon-panel-d5ba19273b21d7aa.yaml b/releasenotes/notes/blazar-horizon-panel-d5ba19273b21d7aa.yaml new file mode 100644 index 0000000000..73b9e17c8e --- /dev/null +++ b/releasenotes/notes/blazar-horizon-panel-d5ba19273b21d7aa.yaml @@ -0,0 +1,9 @@ +--- +features: + - | + The blazar dashboard is available in Horizon. Deployers can enable + the panel by setting the following Ansible variable: + + .. code-block:: yaml + + horizon_enable_blazar_ui: True diff --git a/releasenotes/notes/chrony-ntp-server-defaults-7cd2e3a80723e0bd.yaml b/releasenotes/notes/chrony-ntp-server-defaults-7cd2e3a80723e0bd.yaml new file mode 100644 index 0000000000..6d1028b96b --- /dev/null +++ b/releasenotes/notes/chrony-ntp-server-defaults-7cd2e3a80723e0bd.yaml @@ -0,0 +1,6 @@ +--- +upgrade: + - Changed the default NTP server options in ``chrony.conf``. The ``offline`` + option has been removed, ``minpoll``/``maxpoll`` have been removed in favour of + the upstream defaults, while the ``iburst`` option was added to speed up + initial time synchronization. diff --git a/releasenotes/notes/chrony-ntp-server-options-f8f87225a5282e1a.yaml b/releasenotes/notes/chrony-ntp-server-options-f8f87225a5282e1a.yaml new file mode 100644 index 0000000000..d52bf606e0 --- /dev/null +++ b/releasenotes/notes/chrony-ntp-server-options-f8f87225a5282e1a.yaml @@ -0,0 +1,4 @@ +--- +features: + - It is now possible to modify the NTP server options in chrony using + ``security_ntp_server_options``. diff --git a/releasenotes/notes/chrony-rtc-sync-f46b9a526aec0889.yaml b/releasenotes/notes/chrony-rtc-sync-f46b9a526aec0889.yaml new file mode 100644 index 0000000000..87079f9353 --- /dev/null +++ b/releasenotes/notes/chrony-rtc-sync-f46b9a526aec0889.yaml @@ -0,0 +1,4 @@ +--- +features: + - Chrony got a new configuration option to synchronize the system clock back + to the RTC using the ``security_ntp_sync_rtc`` variable. Disabled by default. diff --git a/releasenotes/notes/cloudkitty-horizon-panel-c3b616273b21d7aa.yaml b/releasenotes/notes/cloudkitty-horizon-panel-c3b616273b21d7aa.yaml new file mode 100644 index 0000000000..6d470e4c89 --- /dev/null +++ b/releasenotes/notes/cloudkitty-horizon-panel-c3b616273b21d7aa.yaml @@ -0,0 +1,9 @@ +--- +features: + - | + The cloudkitty dashboard is available in Horizon. Deployers can enable + the panel by setting the following Ansible variable: + + .. code-block:: yaml + + horizon_enable_cloudkitty_ui: True diff --git a/releasenotes/notes/config-template-move-a0f08aff8e54f62f.yaml b/releasenotes/notes/config-template-move-a0f08aff8e54f62f.yaml new file mode 100644 index 0000000000..b5c86799fd --- /dev/null +++ b/releasenotes/notes/config-template-move-a0f08aff8e54f62f.yaml @@ -0,0 +1,7 @@ +--- +other: + - | + The ``config_template`` action module has now been moved into its own git + repository (``openstack/ansible-config_template``). This has been done to + simplify the ability to use the plugin in other non OpenStack-Ansible + projects. diff --git a/releasenotes/notes/configurable-scheduler-filters-17ea2ed9d4aa0708.yaml b/releasenotes/notes/configurable-scheduler-filters-17ea2ed9d4aa0708.yaml new file mode 100644 index 0000000000..e69700a0c3 --- /dev/null +++ b/releasenotes/notes/configurable-scheduler-filters-17ea2ed9d4aa0708.yaml @@ -0,0 +1,25 @@ +--- +features: + - | + The list of enabled filters for the Cinder scheduler, + `scheduler_default_filters` in `cinder.conf`, could previously be + defined only via an entry in ``cinder_cinder_conf_overrides``. You now + have the option to instead define a list variable, + ``cinder_scheduler_default_filters``, that defines the enabled + filters. This is helpful if you either want to disable one of the + filters enabled by default (at the time of writing, these are + `AvailabilityZoneFilter`, `CapacityFilter`, and + `CapabilitiesFilter`), or if conversely you want to add a filter + that is normally not enabled, such as `DifferentBackendFilter` or + `InstanceLocalityFilter`. + + For example, to enable the `InstanceLocalityFilter` in addition to + the normally enabled scheduler filters, use the following variable. + + .. code-block:: yaml + + cinder_scheduler_default_filters: + - AvailabilityZoneFilter + - CapacityFilter + - CapabilitiesFilter + - InstanceLocalityFilter \ No newline at end of file diff --git a/releasenotes/notes/default-lxd-pool-1aa179bd77868cb0.yaml b/releasenotes/notes/default-lxd-pool-1aa179bd77868cb0.yaml new file mode 100644 index 0000000000..3bbac8f308 --- /dev/null +++ b/releasenotes/notes/default-lxd-pool-1aa179bd77868cb0.yaml @@ -0,0 +1,11 @@ +--- +features: + - | + The nova configuration is updated to always specify an LXD storage pool + name when 'nova_virt_type' is 'lxd'. The variable 'lxd_storage_pool' is + defaulted to 'default', the LXD default storage pool name. A new variable + 'lxd_init_storage_pool' is introduced which specifies the underlying + storage pool name. 'lxd_init_storage_pool' is used by lxd init when setting + up the storage pool. If not provided, lxd init will not use this parameter + at all. Please see the lxd man page for further information about the + storage pool parameter. diff --git a/releasenotes/notes/diffmode-e8f9a041f662a2ef.yaml b/releasenotes/notes/diffmode-e8f9a041f662a2ef.yaml new file mode 100644 index 0000000000..7fd196e90f --- /dev/null +++ b/releasenotes/notes/diffmode-e8f9a041f662a2ef.yaml @@ -0,0 +1,6 @@ +--- +features: + - Compare dict vars of before and after configuration to determine whether + the config keys or values have changed so a configuration file will not + be incorrectly marked as changed when only the ordering has changed. + - Set diff return variable to a dict of changes applied. diff --git a/releasenotes/notes/dragonflow-removed-6285225b5525cd50.yaml b/releasenotes/notes/dragonflow-removed-6285225b5525cd50.yaml new file mode 100644 index 0000000000..485bcaad89 --- /dev/null +++ b/releasenotes/notes/dragonflow-removed-6285225b5525cd50.yaml @@ -0,0 +1,6 @@ +--- +deprecations: + - | + Dragonflow is no longer maintained as an OpenStack project and has + therefore been removed from OpenStack-Ansible as a supported ML2 + driver for neutron. diff --git a/releasenotes/notes/drop-custom-themes-724c40e5cd69b8e2.yaml b/releasenotes/notes/drop-custom-themes-724c40e5cd69b8e2.yaml new file mode 100644 index 0000000000..1d0c8e7e43 --- /dev/null +++ b/releasenotes/notes/drop-custom-themes-724c40e5cd69b8e2.yaml @@ -0,0 +1,10 @@ +--- +features: + - The ``os_horizon`` role now supports distribution of user custom themes. + Deployers can use the new key ``theme_src_archive`` of ``horizon_custom_themes`` + dictionary to provide absolute path to the archived theme. + Only .tar.gz, .tgz, .zip, .tar.bz, .tar.bz2, .tbz, .tbz2 archives are supported. + Structure inside archive should be as a standard theme, without any leading folders. +fixes: + - Fixes bug https://bugs.launchpad.net/openstack-ansible/+bug/1778098 where playbook failed, if + ``horizon_custom_themes`` is specified, and directory for theme is not provided diff --git a/releasenotes/notes/enable-tempestconf-support-0bd13c8393c9450b.yaml b/releasenotes/notes/enable-tempestconf-support-0bd13c8393c9450b.yaml new file mode 100644 index 0000000000..d7a9dccd49 --- /dev/null +++ b/releasenotes/notes/enable-tempestconf-support-0bd13c8393c9450b.yaml @@ -0,0 +1,9 @@ +--- +features: + - | + Python-tempestconf is a tool that generates a tempest.conf file, based + only on the credentials from an openstack installation. It uses the + discoverable api from openstack to check for services, features, etc. + + Add the possibility to use python-tempestconf tool to generate tempest.conf + file, rather than use the role template. diff --git a/releasenotes/notes/fix-l3-agent-ha-keepalive-helper-5f1f82c437c8a430.yaml b/releasenotes/notes/fix-l3-agent-ha-keepalive-helper-5f1f82c437c8a430.yaml new file mode 100644 index 0000000000..42add16118 --- /dev/null +++ b/releasenotes/notes/fix-l3-agent-ha-keepalive-helper-5f1f82c437c8a430.yaml @@ -0,0 +1,3 @@ +--- +fixes: + - Fixes neutron HA routers, by enabling ``neutron-l3-agent`` to invoke the required helper script. diff --git a/releasenotes/notes/fix_quota-e3d4bf0b896dc393.yaml b/releasenotes/notes/fix_quota-e3d4bf0b896dc393.yaml new file mode 100644 index 0000000000..80d1e0d03a --- /dev/null +++ b/releasenotes/notes/fix_quota-e3d4bf0b896dc393.yaml @@ -0,0 +1,12 @@ +--- +features: + - | + Octavia is creating vms, securitygroups, and other things in its + project. In most cases the default quotas are not big enough. This + will adjust them to (configurable) reasonable values. +security: + - | + Avoid setting the quotas too high for your cloud since this can + impact the performance of other servcies and lead to a potential + Denial-of-Service attack if Loadbalancer quotas are not set + properly or RBAC is not properly set up. \ No newline at end of file diff --git a/releasenotes/notes/fixes_sec_grp_rule_quota-2755da6c2c2ab434.yaml b/releasenotes/notes/fixes_sec_grp_rule_quota-2755da6c2c2ab434.yaml new file mode 100644 index 0000000000..3493e9bed7 --- /dev/null +++ b/releasenotes/notes/fixes_sec_grp_rule_quota-2755da6c2c2ab434.yaml @@ -0,0 +1,8 @@ +--- +fixes: + - | + The quota for security group rules was erroneously set + to 100 with the aim to have 100 security group rules + per security group instead of to 100*#security group rules. + This patch fixes this discrepancy. + diff --git a/releasenotes/notes/galera-client-gpg-keys-8b674cee476885d0.yaml b/releasenotes/notes/galera-client-gpg-keys-8b674cee476885d0.yaml new file mode 100644 index 0000000000..96b5a9abdc --- /dev/null +++ b/releasenotes/notes/galera-client-gpg-keys-8b674cee476885d0.yaml @@ -0,0 +1,12 @@ +--- +upgrade: + - | + The data structure for ``galera_client_gpg_keys`` has been changed to be + a dict passed directly to the applicable apt_key/rpm_key module. As such + any overrides would need to be reviewed to ensure that they do not pass + any key/value pairs which would cause the module to fail. + - | + The default values for ``galera_client_gpg_keys`` have been changed for + all supported platforms will use vendored keys. This means that the task + execution will no longer reach out to the internet to add the keys, + making offline or proxy-based installations easier and more reliable. diff --git a/releasenotes/notes/galera-gpg-keys-96ed45fd1ec4cb14.yaml b/releasenotes/notes/galera-gpg-keys-96ed45fd1ec4cb14.yaml new file mode 100644 index 0000000000..a690decaab --- /dev/null +++ b/releasenotes/notes/galera-gpg-keys-96ed45fd1ec4cb14.yaml @@ -0,0 +1,12 @@ +--- +upgrade: + - | + The data structure for ``galera_gpg_keys`` has been changed to be + a dict passed directly to the applicable apt_key/rpm_key module. As such + any overrides would need to be reviewed to ensure that they do not pass + any key/value pairs which would cause the module to fail. + - | + The default values for ``galera_gpg_keys`` have been changed for + all supported platforms will use vendored keys. This means that the task + execution will no longer reach out to the internet to add the keys, + making offline or proxy-based installations easier and more reliable. diff --git a/releasenotes/notes/http-access-horizon-94c27a0aadb9f1b4.yaml b/releasenotes/notes/http-access-horizon-94c27a0aadb9f1b4.yaml new file mode 100644 index 0000000000..5e645f426c --- /dev/null +++ b/releasenotes/notes/http-access-horizon-94c27a0aadb9f1b4.yaml @@ -0,0 +1,22 @@ +--- +features: + - | + Horizon has, since OSA's inception, been deployed with HTTPS + access enabled, and has had no way to turn it off. Some use-cases + may want to access via HTTP instead, so this patch enables + the following. + + * Listen via HTTPS on a load balancer, but via HTTP on the + horizon host and have the load balancer forward the correct + headers. It will do this by default in the integrated build + due to the presence of the load balancer, so the current + behaviour is retained. + + * Enable HTTPS on the horizon host without a load balancer. + This is the role's default behaviour which matches what it + always has been. + + * Disable HTTPS entirely by setting ``haproxy_ssl: no`` (which + will also disable https on haproxy. This setting is inherited + by the new ``horizon_enable_ssl`` variable by default. This + is a new option. diff --git a/releasenotes/notes/install-local-019edab04ffc8347.yaml b/releasenotes/notes/install-local-019edab04ffc8347.yaml index 614be990ca..4da146cade 100644 --- a/releasenotes/notes/install-local-019edab04ffc8347.yaml +++ b/releasenotes/notes/install-local-019edab04ffc8347.yaml @@ -4,5 +4,5 @@ features: new variable ``pip_offline_install``. This can be useful in environments where the containers lack internet connectivity. Please refer to the `limited connectivity installation guide - `_ + `_ for more information. diff --git a/releasenotes/notes/journal-log-cwbr789hd9b59612.yaml b/releasenotes/notes/journal-log-cwbr789hd9b59612.yaml new file mode 100644 index 0000000000..7d1dd982a7 --- /dev/null +++ b/releasenotes/notes/journal-log-cwbr789hd9b59612.yaml @@ -0,0 +1,5 @@ +--- +deprecations: + - The log path, ``/var/log/blazar`` is no longer used to capture service + logs. All logging for the blazar service will now be sent directly to the + systemd journal. diff --git a/releasenotes/notes/keystone-init-config-overrides-1857d5e5bc5a905f.yaml b/releasenotes/notes/keystone-init-config-overrides-1857d5e5bc5a905f.yaml index 5638c85da3..7413d6ab5b 100644 --- a/releasenotes/notes/keystone-init-config-overrides-1857d5e5bc5a905f.yaml +++ b/releasenotes/notes/keystone-init-config-overrides-1857d5e5bc5a905f.yaml @@ -5,6 +5,6 @@ features: - The task dropping the keystone systemd unit files now uses the ``config_template`` action plugin allowing deployers access to customize the unit files as they see fit without having to - load extra options into the defaults and polute the generic + load extra options into the defaults and pollute the generic systemd unit file with jinja2 variables and conditionals. diff --git a/releasenotes/notes/legacy-networking-convert-networkd-5b514e604df7c429.yaml b/releasenotes/notes/legacy-networking-convert-networkd-5b514e604df7c429.yaml index d8f720d1e8..5b031a431b 100644 --- a/releasenotes/notes/legacy-networking-convert-networkd-5b514e604df7c429.yaml +++ b/releasenotes/notes/legacy-networking-convert-networkd-5b514e604df7c429.yaml @@ -5,5 +5,5 @@ features: single, common, networking functionality to across multiple distros. - All of the pre/post up, and pre/post down adhoc command options have been converted to using systemd "oneshot" services. This conversion allows all - supported distros to benifit from the ability to run adhoc commands before + supported distros to benefit from the ability to run adhoc commands before and after networking is available on both start-up and shut-down. diff --git a/releasenotes/notes/letsencrypt-ssl-certification-129a80cb88d8e6ff.yaml b/releasenotes/notes/letsencrypt-ssl-certification-129a80cb88d8e6ff.yaml new file mode 100644 index 0000000000..f3996ebdb5 --- /dev/null +++ b/releasenotes/notes/letsencrypt-ssl-certification-129a80cb88d8e6ff.yaml @@ -0,0 +1,10 @@ +--- +features: + - | + If Horizon dashboard of OSA installation has a public FQDN, is it + now possible to use LetsEncrypt certification service. Certificate + will be generated within HAProxy installation and a cron entry to + renew the certificate daily will be setup. + Note that there is no certificate distribution implementation at + this time, so this will only work for a single haproxy-server + environment. diff --git a/releasenotes/notes/lxc-host-machine-vars-5d11b1f269167fd3.yaml b/releasenotes/notes/lxc-host-machine-vars-5d11b1f269167fd3.yaml new file mode 100644 index 0000000000..53286125d9 --- /dev/null +++ b/releasenotes/notes/lxc-host-machine-vars-5d11b1f269167fd3.yaml @@ -0,0 +1,15 @@ +--- +fixes: + - | + When using LXC containers with a copy-on-write back-end, the ``lxc_hosts`` + role execution would fail due to undefined variables with the + ``nspawn_host_`` prefix. This issue has now been fixed. +deprecations: + - | + The following variable name changes have been implemented in order to + better reflect their purpose. + + * ``lxc_host_machine_quota_disabled`` -> ``lxc_host_btrfs_quota_disabled`` + * ``lxc_host_machine_qgroup_space_limit`` -> ``lxc_host_btrfs_qgroup_space_limit`` + * ``lxc_host_machine_qgroup_compression_limit`` -> ``lxc_host_btrfs_qgroup_compression_limit`` + diff --git a/releasenotes/notes/masakari-horizon-panel-c058881e1268b3b7.yaml b/releasenotes/notes/masakari-horizon-panel-c058881e1268b3b7.yaml new file mode 100644 index 0000000000..7c8614cfdf --- /dev/null +++ b/releasenotes/notes/masakari-horizon-panel-c058881e1268b3b7.yaml @@ -0,0 +1,9 @@ +--- +features: + - | + The masakari dashboard is available in Horizon. Deployers can enable + the panel by setting the following Ansible variable: + + .. code-block:: yaml + + horizon_enable_masakari_ui: True \ No newline at end of file diff --git a/releasenotes/notes/mysqlcheck-options-60fae226d8d4f3ca.yaml b/releasenotes/notes/mysqlcheck-options-60fae226d8d4f3ca.yaml new file mode 100644 index 0000000000..3e3dbec6f8 --- /dev/null +++ b/releasenotes/notes/mysqlcheck-options-60fae226d8d4f3ca.yaml @@ -0,0 +1,8 @@ +--- +features: + - It is now possible for deployers to enable or disable the `mysqlcheck` + capability. The Boolean option `galera_monitoring_check_enabled` has + been added which has a default value of **true**. + - It is now possible to change the port used by `mysqlcheck`. The integer + option `galera_monitoring_check_port` has been added with the default + value of **9200**. diff --git a/releasenotes/notes/neutron-opendaylight-sfc-support-8b249b8f8efbc087.yaml b/releasenotes/notes/neutron-opendaylight-sfc-support-8b249b8f8efbc087.yaml new file mode 100644 index 0000000000..c09bec894f --- /dev/null +++ b/releasenotes/notes/neutron-opendaylight-sfc-support-8b249b8f8efbc087.yaml @@ -0,0 +1,29 @@ +--- +features: + - | + The Neutron Service Function Chaining Extension (SFC) can optionally be deployed and + configured by defining the following service plugins: + + * ``flow_classifier`` + * ``sfc`` + + .. code-block:: yaml + + neutron_plugin_base: + - router + - metering + - flow_classifier + - sfc + + For more information about SFC in Neutron, refer to the following: + + * `Service Function Chaining Extension for OpenStack Networking + `_ + +upgrade: + - | + The plugin names for the classifier and sfc changed: + + * networking_sfc.services.flowclassifier.plugin.FlowClassifierPlugin => flow_classifier + + * networking_sfc.services.sfc.plugin.SfcPlugin => sfc diff --git a/releasenotes/notes/neutron-opendaylight-support-453dc9324eafaae7.yaml b/releasenotes/notes/neutron-opendaylight-support-453dc9324eafaae7.yaml index cfa88bae7f..2e50052a4e 100644 --- a/releasenotes/notes/neutron-opendaylight-support-453dc9324eafaae7.yaml +++ b/releasenotes/notes/neutron-opendaylight-support-453dc9324eafaae7.yaml @@ -5,4 +5,4 @@ features: You can set the ``neutron_plugin_type`` to ``ml2.opendaylight`` to utilize this code path. The usage of ``OpenDaylight`` is currently experimental. - Two versions are currently supported: Nitrogen and Oxygen. + Two versions are currently supported - Nitrogen and Oxygen. diff --git a/releasenotes/notes/neutron-ovs-interface-mappings-789902128b82e721.yaml b/releasenotes/notes/neutron-ovs-interface-mappings-789902128b82e721.yaml new file mode 100644 index 0000000000..b0b0820ee3 --- /dev/null +++ b/releasenotes/notes/neutron-ovs-interface-mappings-789902128b82e721.yaml @@ -0,0 +1,22 @@ +--- +features: + - | + The ``provider_networks`` library has been updated to support the + definition of network interfaces that can automatically be added as ports + to OVS provider bridges setup during a deployment. To activate this feature, + add the ``network_interface`` key to the respective flat and/or vlan provider + network definition in ``openstack_user_config.yml``. For more information, + refer to the latest Open vSwitch deployment guide. +upgrade: + - | + The ``provider_networks`` library has been updated to support the + definition of network interfaces that can automatically be added as ports + to OVS provider bridges setup during a deployment. As a result, the + ``network_interface`` value applied to the ``neutron_provider_networks`` + override in ``user_variables.yml``, as described in previous Open vSwitch + deployment guides, is no longer effective. If overrides are + necessary, use ``network_interface_mappings`` within the provider network + override and specify the respective bridge-to-interface mapping + (e.g. "br-provider:bond1"). For more information, refer to the latest Open + vSwitch deployment guide. + diff --git a/releasenotes/notes/neutron-sriov-50c0099554574d01.yaml b/releasenotes/notes/neutron-sriov-50c0099554574d01.yaml index d5945e909e..6048eacc17 100644 --- a/releasenotes/notes/neutron-sriov-50c0099554574d01.yaml +++ b/releasenotes/notes/neutron-sriov-50c0099554574d01.yaml @@ -3,5 +3,5 @@ features: - Neutron SR-IOV can now be optionally deployed and configured. For details about the what the service is and what it provides, see the `SR-IOV Installation Guide - `_ + `_ for more information. diff --git a/releasenotes/notes/neutron-vpnaas-dashboard-19f4ef09faae1f70.yaml b/releasenotes/notes/neutron-vpnaas-dashboard-19f4ef09faae1f70.yaml new file mode 100644 index 0000000000..fc74de491a --- /dev/null +++ b/releasenotes/notes/neutron-vpnaas-dashboard-19f4ef09faae1f70.yaml @@ -0,0 +1,9 @@ +--- +features: + - | + VPNaaS dashboard is again available in Horizon. Deployers can enable + the panel by setting the following Ansible variable: + + .. code-block:: yaml + + horizon_enable_neutron_vpnaas: True diff --git a/releasenotes/notes/nova-cpu-model-006da20048168842.yaml b/releasenotes/notes/nova-cpu-model-006da20048168842.yaml new file mode 100644 index 0000000000..363bc54499 --- /dev/null +++ b/releasenotes/notes/nova-cpu-model-006da20048168842.yaml @@ -0,0 +1,18 @@ +--- +features: + - You can now set the Libvirt CPU model and feature flags from the + appropriate entry under the ``nova_virt_types`` dictionary variable + (normally ``kvm``). + ``nova_cpu_model`` is a string value that sets the CPU model; this + value is ignored if you set any ``nova_cpu_mode`` other than + ``custom``. + ``nova_cpu_model_extra_flags`` is a list that allows you to specify + extra CPU feature flags not normally passed through with + ``host-model``, or the ``custom`` CPU model of your choice. +upgrade: + - If your configuration previously set the ``libvirt/cpu_model`` + and/or ``libvirt/cpu_model_extra_flags`` variables in a + ``nova_nova_conf_overrides`` dictionary, you should consider + moving those to ``nova_cpu_model`` and + ``nova_cpu_model_extra_flags`` in the appropriate entry (normally + ``kvm``) in the ``nova_virt_types`` dictionary. diff --git a/releasenotes/notes/nova-init-config-overrides-ffce7e419061c4da.yaml b/releasenotes/notes/nova-init-config-overrides-ffce7e419061c4da.yaml index 216cbc6cae..fc3dfe6b58 100644 --- a/releasenotes/notes/nova-init-config-overrides-ffce7e419061c4da.yaml +++ b/releasenotes/notes/nova-init-config-overrides-ffce7e419061c4da.yaml @@ -5,6 +5,6 @@ features: - The task dropping the designate systemd unit files now uses the ``config_template`` action plugin allowing deployers access to customize the unit files as they see fit without having to - load extra options into the defaults and polute the generic + load extra options into the defaults and pollute the generic systemd unit file with jinja2 variables and conditionals. diff --git a/releasenotes/notes/octavia-service-setup-host-d57533fdea394394.yaml b/releasenotes/notes/octavia-service-setup-host-d57533fdea394394.yaml index 540882256c..d3dffdcfd3 100644 --- a/releasenotes/notes/octavia-service-setup-host-d57533fdea394394.yaml +++ b/releasenotes/notes/octavia-service-setup-host-d57533fdea394394.yaml @@ -12,7 +12,14 @@ features: octavia_service_setup_host: "{{ groups['utility_all'][0] }}" deprecations: + - | + The variable ``octavia_requires_pip_packages`` is no longer required + and has therefore been removed. - | The variable ``octavia_image_downloader`` has been removed. The image download now uses the same host designated by the ``octavia_service_setup_host`` for the image download. + - | + The variable ``octavia_ansible_endpoint_type`` has been removed. The + endpoint used for ansible tasks has been hard set to the 'admin' + endpoint as is commonly used across all OSA roles. diff --git a/releasenotes/notes/os-keystone-remove-service-user-f2100fa3127c7c2e.yaml b/releasenotes/notes/os-keystone-remove-service-user-f2100fa3127c7c2e.yaml new file mode 100644 index 0000000000..9aa82ac5fd --- /dev/null +++ b/releasenotes/notes/os-keystone-remove-service-user-f2100fa3127c7c2e.yaml @@ -0,0 +1,7 @@ +--- +upgrade: + - | + The tasks creating a keystone service user have been removed, along with + related variables ``keystone_service_user_name`` and + ``keystone_service_password``. This user can be deleted in existing + deployments. diff --git a/releasenotes/notes/os_cinder-private-volume-type-9b2cc92c6c74c277.yaml b/releasenotes/notes/os_cinder-private-volume-type-9b2cc92c6c74c277.yaml new file mode 100644 index 0000000000..f3e10e54ab --- /dev/null +++ b/releasenotes/notes/os_cinder-private-volume-type-9b2cc92c6c74c277.yaml @@ -0,0 +1,5 @@ +--- +features: + - Deployers can now define a cinder-backend volume type + explicitly private or public with option ``public`` + set to true or false. diff --git a/releasenotes/notes/plugins-container-user-remote-tmp-0efec059fd04eae2.yaml b/releasenotes/notes/plugins-container-user-remote-tmp-0efec059fd04eae2.yaml new file mode 100644 index 0000000000..cc38495a8e --- /dev/null +++ b/releasenotes/notes/plugins-container-user-remote-tmp-0efec059fd04eae2.yaml @@ -0,0 +1,6 @@ +--- +issues: + - | + When using the connection plugin's ``container_user`` option, + ``ansible_remote_tmp`` should be set to a system writable path + such as '/var/tmp/'. diff --git a/releasenotes/notes/rabbitmq-gpg-keys-042a47164265ea40.yaml b/releasenotes/notes/rabbitmq-gpg-keys-042a47164265ea40.yaml new file mode 100644 index 0000000000..5ac326ed5a --- /dev/null +++ b/releasenotes/notes/rabbitmq-gpg-keys-042a47164265ea40.yaml @@ -0,0 +1,12 @@ +--- +upgrade: + - | + The data structure for ``rabbitmq_gpg_keys`` has been changed to be + a dict passed directly to the applicable apt_key/rpm_key module. As such + any overrides would need to be reviewed to ensure that they do not pass + any key/value pairs which would cause the module to fail. + - | + The default values for ``rabbitmq_gpg_keys`` have been changed for + all supported platforms will use vendored keys. This means that the task + execution will no longer reach out to the internet to add the keys, + making offline or proxy-based installations easier and more reliable. diff --git a/releasenotes/notes/rabbitmq-server-ha-policy-d4e9b46cb5922032.yaml b/releasenotes/notes/rabbitmq-server-ha-policy-d4e9b46cb5922032.yaml new file mode 100644 index 0000000000..fe4daa7d9a --- /dev/null +++ b/releasenotes/notes/rabbitmq-server-ha-policy-d4e9b46cb5922032.yaml @@ -0,0 +1,8 @@ +--- +upgrade: + - | + The default queue policy has changed to ``^(?!(amq\.)|(.*_fanout_)|(reply_)).*`` + instead of ``^(?!amq\.).*`` for efficiency. + The new HA policy excludes reply queues (these queues have a single consumer and TTL policy), + fanout queues (they have the TTL policy) and + amq queues (they are auto-delete queues, with a single consumer). \ No newline at end of file diff --git a/releasenotes/notes/remove-machinectl-workarounds-d67a4739f6385f54.yaml b/releasenotes/notes/remove-machinectl-workarounds-d67a4739f6385f54.yaml new file mode 100644 index 0000000000..c6c1e3e8f4 --- /dev/null +++ b/releasenotes/notes/remove-machinectl-workarounds-d67a4739f6385f54.yaml @@ -0,0 +1,7 @@ +--- +fixes: + - With the release of CentOS 7.6, deployments were breaking and becoming very + slow when we restart dbus in order to catch some PolicyKit changes. However, + those changes were never actaully used so they were happening for no reason. + We no longer make any modifications to the systemd-machined configuration + and/or PolicyKit to maintain upstream compatibility. diff --git a/releasenotes/notes/remove-pkg-cache-afba3577138dc0a0.yaml b/releasenotes/notes/remove-pkg-cache-afba3577138dc0a0.yaml new file mode 100644 index 0000000000..81ad8ab0c8 --- /dev/null +++ b/releasenotes/notes/remove-pkg-cache-afba3577138dc0a0.yaml @@ -0,0 +1,22 @@ +--- +deprecations: + - | + The package cache on the repo server has been removed. If caching of + packages is desired, it should be setup outside of OpenStack-Ansible + and the variable ``lxc_container_cache_files`` (for LXC containers) + or ``nspawn_container_cache_files_from_host`` (for nspawn containers) + can be used to copy the appropriate host configuration from the host + into the containers on creation. Alternatively, environment variables + can be set to use the cache in the host /etc/environment file prior + to container creation, or the ``deployment_environment_variables`` + can have the right variables set to use it. The following variables + have been removed. + + * ``repo_pkg_cache_enabled`` + * ``repo_pkg_cache_port`` + * ``repo_pkg_cache_bind`` + * ``repo_pkg_cache_dirname`` + * ``repo_pkg_cache_dir`` + * ``repo_pkg_cache_owner`` + * ``repo_pkg_cache_group`` + diff --git a/releasenotes/notes/remove-proxy-no-cache-9b514030c87e7d1b.yaml b/releasenotes/notes/remove-proxy-no-cache-9b514030c87e7d1b.yaml new file mode 100644 index 0000000000..c2ab63720b --- /dev/null +++ b/releasenotes/notes/remove-proxy-no-cache-9b514030c87e7d1b.yaml @@ -0,0 +1,14 @@ +--- +other: + - | + Code which added 'Acquire::http:No-Cache true' to the host and container + apt preferences when http proxy environment variables were set has been + removed. This setting is only required when working around issues + introduced by badly configured http proxies. In some cases proxies can + improperly cache the apt Releases and Packages files leading to package + installation errors. If a deployment is behind a badly configured proxy, + the deployer can add the necessary apt config fragment as part of host + provisioning. OSA will replicate that config into any containers that + are created. This setting can be removed from existing deployments if + required by manually deleting the file + ``/etc/apt/apt.conf.d/00apt-no-cache`` from all host and containers. diff --git a/releasenotes/notes/remove-tempest-image-dir-owner-ec10dfa5bb9f87f1.yaml b/releasenotes/notes/remove-tempest-image-dir-owner-ec10dfa5bb9f87f1.yaml new file mode 100644 index 0000000000..c336138d73 --- /dev/null +++ b/releasenotes/notes/remove-tempest-image-dir-owner-ec10dfa5bb9f87f1.yaml @@ -0,0 +1,5 @@ +--- +upgrade: + - The variable ``tempest_image_dir_owner`` is removed in + favour of using default ansible user to create the + image directory. diff --git a/releasenotes/notes/remove_oslomsg_server-6b5c19e03a001e85.yaml b/releasenotes/notes/remove_oslomsg_server-6b5c19e03a001e85.yaml new file mode 100644 index 0000000000..ba5869b2d2 --- /dev/null +++ b/releasenotes/notes/remove_oslomsg_server-6b5c19e03a001e85.yaml @@ -0,0 +1,6 @@ +--- +upgrade: + - The variables ``ceilometer_oslomsg_rpc_servers`` and + ``ceilometer_oslomsg_notify_servers`` have been + removed in favour of using ``ceilometer_oslomsg_rpc_host_group`` + and ``ceilometer_oslomsg_notify_host_group`` instead. \ No newline at end of file diff --git a/releasenotes/notes/repo-build-venv-removed-80686a21b693b0cd.yaml b/releasenotes/notes/repo-build-venv-removed-80686a21b693b0cd.yaml new file mode 100644 index 0000000000..cdabf9a4b0 --- /dev/null +++ b/releasenotes/notes/repo-build-venv-removed-80686a21b693b0cd.yaml @@ -0,0 +1,21 @@ +--- +deprecations: + - | + The repo build process no longer builds packaged venvs. Instead, the venvs + are created on the target hosts as the install process for each service + needs to. This opens up the opportunity for roles to be capable of creating + multiple venvs, and for any role to create venvs - neither of these options + were possible in previous releases. + + The following variables therefore have been removed. + + * ``repo_build_venv_selective`` + * ``repo_build_venv_rebuild`` + * ``repo_build_venv_timeout`` + * ``repo_build_concurrency`` + * ``repo_build_venv_build_dir`` + * ``repo_build_venv_dir`` + * ``repo_build_venv_pip_install_options`` + * ``repo_build_venv_command_options`` + * ``repo_venv_default_pip_packages`` + diff --git a/releasenotes/notes/smart-sources-59cd0811dcf1ae49.yaml b/releasenotes/notes/smart-sources-59cd0811dcf1ae49.yaml new file mode 100644 index 0000000000..67c6d59c07 --- /dev/null +++ b/releasenotes/notes/smart-sources-59cd0811dcf1ae49.yaml @@ -0,0 +1,16 @@ +--- +upgrade: + - | + Due to the smart-reources implementation, variables, related to custom git path + of exact config files were removed. Now all config files are taken from + upstream git repo, but overrides and client configs are still supported. + The following variables are not supported now: + * ceilometer_git_config_lookup_location + * ceilometer_data_meters_git_file_path + * ceilometer_event_definitions_git_file_path + * ceilometer_gnocchi_resources_git_file_path + * ceilometer_loadbalancer_v2_meter_definitions_git_file_path + * ceilometer_osprofiler_event_definitions_git_file_path + * ceilometer_polling_git_file_path + If you are maintaining custom ceilometer git repository, you still may use + ``ceilometer_git_repo`` variable, to provide url to your git repository. diff --git a/releasenotes/notes/swift-init-config-overrides-822ec734e02a0dd1.yaml b/releasenotes/notes/swift-init-config-overrides-822ec734e02a0dd1.yaml index fd85b24b42..ebf697c3a0 100644 --- a/releasenotes/notes/swift-init-config-overrides-822ec734e02a0dd1.yaml +++ b/releasenotes/notes/swift-init-config-overrides-822ec734e02a0dd1.yaml @@ -5,6 +5,6 @@ features: - The task dropping the swift systemd unit files now uses the ``config_template`` action plugin allowing deployers access to customize the unit files as they see fit without having to - load extra options into the defaults and polute the generic + load extra options into the defaults and pollute the generic systemd unit file with jinja2 variables and conditionals. diff --git a/releasenotes/notes/tacker-horizon-panel-c3x916273c21d70a.yaml b/releasenotes/notes/tacker-horizon-panel-c3x916273c21d70a.yaml new file mode 100644 index 0000000000..28ad5356d0 --- /dev/null +++ b/releasenotes/notes/tacker-horizon-panel-c3x916273c21d70a.yaml @@ -0,0 +1,9 @@ +--- +features: + - | + The tacker dashboard is available in Horizon. Deployers can enable + the panel by setting the following Ansible variable: + + .. code-block:: yaml + + horizon_enable_tacker_ui: True diff --git a/releasenotes/notes/tempest-service-setup-host-da08c1d4775ea0d1.yaml b/releasenotes/notes/tempest-service-setup-host-da08c1d4775ea0d1.yaml new file mode 100644 index 0000000000..d39143e24c --- /dev/null +++ b/releasenotes/notes/tempest-service-setup-host-da08c1d4775ea0d1.yaml @@ -0,0 +1,25 @@ +--- +features: + - | + The service setup in keystone for tempest will now be executed + through delegation to the ``tempest_service_setup_host`` which, + by default, is ``localhost`` (the deploy host). Deployers can + opt to rather change this to the utility container by implementing + the following override in ``user_variables.yml``. + + .. code-block:: yaml + + tempest_service_setup_host: "{{ groups['utility_all'][0] }}" + - | + Rather than a hard-coded set of projects and users, tempest can + now be configured with a custom list with the variables + ``tempest_projects`` and ``tempest_users``. + +deprecations: + - | + The variable ``tempest_requires_pip_packages`` is no longer required + and has therefore been removed. + - | + The variable ``tempest_image_downloader`` has been removed. The image + download now uses the same host designated by the + ``tempest_service_setup_host`` for the image download. diff --git a/releasenotes/notes/tls12-only-2025a08207fd562e.yaml b/releasenotes/notes/tls12-only-2025a08207fd562e.yaml new file mode 100644 index 0000000000..cee535838a --- /dev/null +++ b/releasenotes/notes/tls12-only-2025a08207fd562e.yaml @@ -0,0 +1,7 @@ +--- +security: + - | + The default TLS version has been set to TLS1.2. This only allows + version 1.2 of the protocol to be used when terminating or creating TLS + connections. You can change the value with the barbican_ssl_protocol + variable. diff --git a/releasenotes/notes/tls12-only-40fea49efdb9d4dd.yaml b/releasenotes/notes/tls12-only-40fea49efdb9d4dd.yaml new file mode 100644 index 0000000000..510881e10a --- /dev/null +++ b/releasenotes/notes/tls12-only-40fea49efdb9d4dd.yaml @@ -0,0 +1,7 @@ +--- +security: + - | + The default TLS version has been set to TLS1.2. This only allows + version 1.2 of the protocol to be used when terminating or creating TLS + connections. You can change the value with the horizon_ssl_protocol + variable. diff --git a/releasenotes/notes/tls12-only-75222cbe8c32ad57.yaml b/releasenotes/notes/tls12-only-75222cbe8c32ad57.yaml new file mode 100644 index 0000000000..f6b5298281 --- /dev/null +++ b/releasenotes/notes/tls12-only-75222cbe8c32ad57.yaml @@ -0,0 +1,7 @@ +--- +security: + - | + The default TLS verion has been set to TLS1.2. This only allows + version 1.2 of the protocol to be used when terminating or creating TLS + connections. You can change the value with the keystone_ssl_protocol + variable. diff --git a/releasenotes/notes/tls12-only-9b74e96cfd47a634.yaml b/releasenotes/notes/tls12-only-9b74e96cfd47a634.yaml new file mode 100644 index 0000000000..02f40db2ee --- /dev/null +++ b/releasenotes/notes/tls12-only-9b74e96cfd47a634.yaml @@ -0,0 +1,7 @@ +--- +security: + - | + The default TLS version has been set to TLS1.2. This only allows + version 1.2 of the protocol to be used when terminating or creating TLS + connections. You can change the value with the gnocchi_ssl_protocol + variable. diff --git a/releasenotes/notes/tls12-only-a22d5f3f8198617f.yaml b/releasenotes/notes/tls12-only-a22d5f3f8198617f.yaml new file mode 100644 index 0000000000..674f07542c --- /dev/null +++ b/releasenotes/notes/tls12-only-a22d5f3f8198617f.yaml @@ -0,0 +1,7 @@ +--- +security: + - | + The default TLS version has been set to force-tlsv12. This only allows + version 1.2 of the protocol to be used when terminating or creating TLS + connections. You can change the value with the haproxy_ssl_bind_options + variable. diff --git a/releasenotes/notes/tls12-only-d7221a33188dc7a0.yaml b/releasenotes/notes/tls12-only-d7221a33188dc7a0.yaml new file mode 100644 index 0000000000..211b4b480d --- /dev/null +++ b/releasenotes/notes/tls12-only-d7221a33188dc7a0.yaml @@ -0,0 +1,7 @@ +--- +security: + - | + The default TLS version has been set to TLS1.2. This only allows + version 1.2 of the protocol to be used when terminating or creating TLS + connections. You can change the value with the trove_ssl_protocol + variable. diff --git a/releasenotes/notes/top_ini_section-c28d7acadf5fe836.yaml b/releasenotes/notes/top_ini_section-c28d7acadf5fe836.yaml new file mode 100644 index 0000000000..1c9186a423 --- /dev/null +++ b/releasenotes/notes/top_ini_section-c28d7acadf5fe836.yaml @@ -0,0 +1,5 @@ +--- +features: + - Allow the default section in an ini file to be specified + using the ``default_section`` variable when calling a + ``config_template`` task. This defaults to ``DEFAULT``. diff --git a/releasenotes/notes/update-mariadb-to-10.2-a70764ae400aadf6.yaml b/releasenotes/notes/update-mariadb-to-10.2-a70764ae400aadf6.yaml new file mode 100644 index 0000000000..7991c44769 --- /dev/null +++ b/releasenotes/notes/update-mariadb-to-10.2-a70764ae400aadf6.yaml @@ -0,0 +1,4 @@ +--- +features: + - | + The MariaDB version has been bumped to 10.2 diff --git a/releasenotes/notes/update-mariadb-to-10.2-b99a87ed0bb60b37.yaml b/releasenotes/notes/update-mariadb-to-10.2-b99a87ed0bb60b37.yaml new file mode 100644 index 0000000000..7991c44769 --- /dev/null +++ b/releasenotes/notes/update-mariadb-to-10.2-b99a87ed0bb60b37.yaml @@ -0,0 +1,4 @@ +--- +features: + - | + The MariaDB version has been bumped to 10.2 diff --git a/releasenotes/notes/use_vendored_gpg_keys-f268bd4f4cb7d105.yaml b/releasenotes/notes/use_vendored_gpg_keys-f268bd4f4cb7d105.yaml new file mode 100644 index 0000000000..622ddc12a5 --- /dev/null +++ b/releasenotes/notes/use_vendored_gpg_keys-f268bd4f4cb7d105.yaml @@ -0,0 +1,16 @@ +--- +upgrade: + - | + The data structure for ``ceph_gpg_keys`` has been changed to be a list of + dicts, each of which is passed directly to the applicable apt_key/rpm_key + module. As such any overrides would need to be reviewed to ensure that they + do not pass any key/value pairs which would cause the module to fail. + - | + The default values for ``ceph_gpg_keys`` have been changed for all + supported platforms and now use vendored keys. This means that the task + execution will no longer reach out to the internet to add the keys, + making offline or proxy-based installations easier and more reliable. + - | + A new value ``epel_gpg_keys`` can be overridden to use a different GPG key + for the EPEL-7 RPM package repo instead of the vendored key used by default. + diff --git a/releasenotes/notes/watcher-horizon-panel-c3b616273c21d70a.yaml b/releasenotes/notes/watcher-horizon-panel-c3b616273c21d70a.yaml new file mode 100644 index 0000000000..427262077b --- /dev/null +++ b/releasenotes/notes/watcher-horizon-panel-c3b616273c21d70a.yaml @@ -0,0 +1,9 @@ +--- +features: + - | + The watcher dashboard is available in Horizon. Deployers can enable + the panel by setting the following Ansible variable: + + .. code-block:: yaml + + horizon_enable_watcher_ui: True diff --git a/releasenotes/notes/zun-horizon-panel-c3b616283b21d9ba.yaml b/releasenotes/notes/zun-horizon-panel-c3b616283b21d9ba.yaml new file mode 100644 index 0000000000..edc1e1bdf3 --- /dev/null +++ b/releasenotes/notes/zun-horizon-panel-c3b616283b21d9ba.yaml @@ -0,0 +1,9 @@ +--- +features: + - | + The zun dashboard is available in Horizon. Deployers can enable + the panel by setting the following Ansible variable: + + .. code-block:: yaml + + horizon_enable_zun_ui: True