diff --git a/ansible-role-requirements.yml b/ansible-role-requirements.yml index 4075f328c2..41485cc9c9 100644 --- a/ansible-role-requirements.yml +++ b/ansible-role-requirements.yml @@ -1,306 +1,367 @@ +--- - name: ansible-hardening scm: git src: https://opendev.org/openstack/ansible-hardening - version: master + version: 02edef4106227e868942c8fc32709ca5413c97a6 trackbranch: master + shallow_since: '2022-06-05' - name: apt_package_pinning scm: git src: https://opendev.org/openstack/openstack-ansible-apt_package_pinning - version: master + version: 967cbe4a3e2d181ee139a849dced4227fbc76d95 trackbranch: master + shallow_since: '2022-05-29' - name: galera_server scm: git src: https://opendev.org/openstack/openstack-ansible-galera_server - version: master + version: 8b102ff94b3ea0367a3bf5365295426ee649957b trackbranch: master + shallow_since: '2022-06-02' - name: ceph_client scm: git src: https://opendev.org/openstack/openstack-ansible-ceph_client - version: master + version: d9844a4e9421c5324eeed1a4f811681bebf6f565 trackbranch: master + shallow_since: '2022-05-29' - name: haproxy_server scm: git src: https://opendev.org/openstack/openstack-ansible-haproxy_server - version: master + version: 8a81b355d8bc0a8828288d7c571639500a4e3e7e trackbranch: master + shallow_since: '2022-05-29' - name: keepalived scm: git src: https://github.com/evrardjp/ansible-keepalived - version: master + version: 0c9625bcc90104c72581af07bcb2e654fef14215 trackbranch: master + shallow_since: '2022-05-03' - name: lxc_container_create scm: git src: https://opendev.org/openstack/openstack-ansible-lxc_container_create - version: master + version: 37422a7e3dbfff32a1e18c69ca288e593c620727 trackbranch: master + shallow_since: '2022-05-29' - name: lxc_hosts scm: git src: https://opendev.org/openstack/openstack-ansible-lxc_hosts - version: master + version: 844ebcdab63125f239733c2ef1023fade5543e68 trackbranch: master + shallow_since: '2022-05-29' - name: memcached_server scm: git src: https://opendev.org/openstack/openstack-ansible-memcached_server - version: master + version: 9847bf2f5901fdaaf95da7cca32e750e8e56e366 trackbranch: master + shallow_since: '2022-05-29' - name: openstack_hosts scm: git src: https://opendev.org/openstack/openstack-ansible-openstack_hosts - version: master + version: 010b8377ed99b88136e495cfc6f0518b983b92da trackbranch: master + shallow_since: '2022-06-01' - name: os_keystone scm: git src: https://opendev.org/openstack/openstack-ansible-os_keystone - version: master + version: 235bc0d03721c8efa43e5bc76ec625d80f13b189 trackbranch: master + shallow_since: '2022-05-29' - name: openstack_openrc scm: git src: https://opendev.org/openstack/openstack-ansible-openstack_openrc - version: master + version: 688378603315200dee5b29833e3676b951174698 trackbranch: master + shallow_since: '2022-05-29' - name: os_adjutant scm: git src: https://opendev.org/openstack/openstack-ansible-os_adjutant - version: master + version: a5e9acc16dd212663a41fbc184605066e161d8c3 trackbranch: master + shallow_since: '2022-05-29' - name: os_aodh scm: git src: https://opendev.org/openstack/openstack-ansible-os_aodh - version: master + version: 1f5f88d80eece34a20b189a1c67f8bbe07382a52 trackbranch: master + shallow_since: '2022-05-29' - name: os_barbican scm: git src: https://opendev.org/openstack/openstack-ansible-os_barbican - version: master + version: e5e1a59e05df9f09e21e13d4bec9056b0a93accd trackbranch: master + shallow_since: '2022-05-29' - name: os_blazar scm: git src: https://opendev.org/openstack/openstack-ansible-os_blazar - version: master + version: 1a5758969a402916fda7dd2923074d4f8e7edf92 trackbranch: master + shallow_since: '2022-05-29' - name: os_ceilometer scm: git src: https://opendev.org/openstack/openstack-ansible-os_ceilometer - version: master + version: ff76357c81211a18569a6dacf36b11d601c57ceb trackbranch: master + shallow_since: '2022-05-29' - name: os_cinder scm: git src: https://opendev.org/openstack/openstack-ansible-os_cinder - version: master + version: 091b2dfa7246eb94c35816778ee1ae2bcbed5b34 trackbranch: master + shallow_since: '2022-05-29' - name: os_cloudkitty scm: git src: https://opendev.org/openstack/openstack-ansible-os_cloudkitty - version: master + version: 2d98ac9ec700d286d4ccdf79477e00776d932c44 trackbranch: master + shallow_since: '2022-05-29' - name: os_designate scm: git src: https://opendev.org/openstack/openstack-ansible-os_designate - version: master + version: 79b0b8e1ee401255f4fd3927abaa1561f0a20e44 trackbranch: master + shallow_since: '2022-05-29' - name: os_glance scm: git src: https://opendev.org/openstack/openstack-ansible-os_glance - version: master + version: 93c73e99b114346bd1e9100a800ca791e50a02c1 trackbranch: master + shallow_since: '2022-05-29' - name: os_gnocchi scm: git src: https://opendev.org/openstack/openstack-ansible-os_gnocchi - version: master + version: c845819cae0b9606043682008a389716cf3c537a trackbranch: master + shallow_since: '2022-05-29' - name: os_heat scm: git src: https://opendev.org/openstack/openstack-ansible-os_heat - version: master + version: a69fc500fa3d394ae2d09e22f70429871d582fce trackbranch: master + shallow_since: '2022-05-29' - name: os_horizon scm: git src: https://opendev.org/openstack/openstack-ansible-os_horizon - version: master + version: 99f8b02ba0052fd111b0ad4f12831203a9b594a3 trackbranch: master + shallow_since: '2022-05-29' - name: os_ironic scm: git src: https://opendev.org/openstack/openstack-ansible-os_ironic - version: master + version: 3c71d45c0d88a6c7c3a7089d426ebf57f7667693 trackbranch: master + shallow_since: '2022-05-29' - name: os_magnum scm: git src: https://opendev.org/openstack/openstack-ansible-os_magnum - version: master + version: 1a3615afdfe55fea362ffb4103430a2d9ac483f5 trackbranch: master + shallow_since: '2022-05-29' - name: os_manila scm: git src: https://opendev.org/openstack/openstack-ansible-os_manila - version: master + version: 4bff5b4352370508429675fb0653580ba5e787ba trackbranch: master + shallow_since: '2022-05-29' - name: os_masakari scm: git src: https://opendev.org/openstack/openstack-ansible-os_masakari - version: master + version: abb26f320e56af6a38a676cf1604b4f29762b0ad trackbranch: master + shallow_since: '2022-05-29' - name: os_mistral scm: git src: https://opendev.org/openstack/openstack-ansible-os_mistral - version: master + version: f7fb516d5506837f5e26eb5fa434ffd0d511b466 trackbranch: master + shallow_since: '2022-05-29' - name: os_murano scm: git src: https://opendev.org/openstack/openstack-ansible-os_murano - version: master + version: 6960333d5d5f27eeed4532f795237408696b0563 trackbranch: master + shallow_since: '2022-05-29' - name: os_neutron scm: git src: https://opendev.org/openstack/openstack-ansible-os_neutron - version: master + version: d0af9ee28656e30bd66e364fcb19de422fe6e66e trackbranch: master + shallow_since: '2022-05-29' - name: os_nova scm: git src: https://opendev.org/openstack/openstack-ansible-os_nova - version: master + version: cf66cd365c5c4ab7276b8d9a2c11d149f1884eb3 trackbranch: master + shallow_since: '2022-05-29' - name: os_octavia scm: git src: https://opendev.org/openstack/openstack-ansible-os_octavia - version: master + version: 2490e5a64eac248ba8d4eb557e1d110e179dda8d trackbranch: master + shallow_since: '2022-06-06' - name: os_placement scm: git src: https://opendev.org/openstack/openstack-ansible-os_placement - version: master + version: 025824434be3ee3b551b54f42b3b6b7f2dd9288e trackbranch: master + shallow_since: '2022-05-29' - name: os_rally scm: git src: https://opendev.org/openstack/openstack-ansible-os_rally - version: master + version: 854b8a2b1f35e441cc09fa6b51b8b586351a4a53 trackbranch: master + shallow_since: '2022-05-29' - name: os_sahara scm: git src: https://opendev.org/openstack/openstack-ansible-os_sahara - version: master + version: f8ff70e99c02bd1df1045f0f794ffc2de6fa2648 trackbranch: master + shallow_since: '2022-05-29' - name: os_senlin scm: git src: https://opendev.org/openstack/openstack-ansible-os_senlin - version: master + version: f9cb1f0953c0544988211d551a8913923e707c2d trackbranch: master + shallow_since: '2022-05-29' - name: os_swift scm: git src: https://opendev.org/openstack/openstack-ansible-os_swift - version: master + version: e2e110154939a8a7170e07aec3a24ad64d0b3403 trackbranch: master + shallow_since: '2022-06-03' - name: os_tacker scm: git src: https://opendev.org/openstack/openstack-ansible-os_tacker - version: master + version: d3794939f010941ef4c616155a03ef978e8e5eb7 trackbranch: master + shallow_since: '2022-05-29' - name: os_tempest scm: git src: https://opendev.org/openstack/openstack-ansible-os_tempest - version: master + version: 18f2c885da785dd00380ebfb8407702c942c6731 trackbranch: master + shallow_since: '2022-05-29' - name: os_trove scm: git src: https://opendev.org/openstack/openstack-ansible-os_trove - version: master + version: 6dff6afa76649247cd412558a64a4455b4a1e112 trackbranch: master + shallow_since: '2022-05-29' - name: os_zun scm: git src: https://opendev.org/openstack/openstack-ansible-os_zun - version: master + version: 9825b2cfe94e8a3d6b5c108f2426489c453dcf91 trackbranch: master + shallow_since: '2022-05-29' - name: qdrouterd scm: git src: https://opendev.org/openstack/ansible-role-qdrouterd - version: master + version: 59786da1bb1769ee7176a5f53a2e777f9f1d0747 trackbranch: master + shallow_since: '2022-05-29' - name: rabbitmq_server scm: git src: https://opendev.org/openstack/openstack-ansible-rabbitmq_server - version: master + version: 30f338e4bcd2e693dc4ecb5dc1d1509982440e52 trackbranch: master + shallow_since: '2022-05-29' - name: repo_server scm: git src: https://opendev.org/openstack/openstack-ansible-repo_server - version: master + version: a9ecec103d0f823123baf429a4c9dd1361003096 trackbranch: master + shallow_since: '2022-05-29' - name: rsyslog_client scm: git src: https://opendev.org/openstack/openstack-ansible-rsyslog_client - version: master + version: 8b3426e27d6d2f40811ef6c701ce63325a11a053 trackbranch: master + shallow_since: '2022-05-29' - name: rsyslog_server scm: git src: https://opendev.org/openstack/openstack-ansible-rsyslog_server - version: master + version: e6fea6f8eac588d4d1ef60df888e52f933d3caa7 trackbranch: master + shallow_since: '2022-05-29' - name: bird scm: git src: https://github.com/logan2211/ansible-bird - version: master + version: 904e55d56f82f36e3e9e9fbc5b3bd932a1151f7b trackbranch: master + shallow_since: '2021-09-12' - name: etcd scm: git src: https://github.com/noonedeadpunk/ansible-etcd - version: master + version: e4491f63bbd023d5014b60ec554a5a74ffd34c74 trackbranch: master + shallow_since: '2022-05-27' - name: unbound scm: git src: https://github.com/noonedeadpunk/ansible-role-unbound - version: master + version: 4eab099d707ee8e2c8b4b7fef38806fdddb2a2ea trackbranch: master + shallow_since: '2022-05-27' - name: resolvconf scm: git src: https://github.com/logan2211/ansible-resolvconf - version: master + version: f7f694b3dd4361e364dccb4ce94e6510727fca2f trackbranch: master + shallow_since: '2021-03-31' - name: ceph-ansible scm: git src: https://github.com/ceph/ceph-ansible - version: stable-6.0 + version: 4d3e25c85ee390a126ddc755dc3f672c298ff4fa trackbranch: stable-6.0 - shallow_since: '2021-12-08' + shallow_since: '2022-05-29' - name: opendaylight scm: git src: https://github.com/opendaylight/integration-packaging-ansible-opendaylight - version: master + version: 4a9217ed0fe9078152435daaa2d3f45b81021b3a trackbranch: master + shallow_since: '2019-09-14' - name: haproxy_endpoints scm: git src: https://github.com/logan2211/ansible-haproxy-endpoints - version: master + version: 8e3a24a35beb16d717072dc83895c5a1f92689fb trackbranch: master + shallow_since: '2018-03-22' - name: pacemaker_corosync scm: git src: https://github.com/noonedeadpunk/ansible-pacemaker-corosync - version: master + version: 70d3c59efea4c3080fa66aeef75eadd0a032a83e trackbranch: master + shallow_since: '2021-01-12' - name: systemd_service src: https://opendev.org/openstack/ansible-role-systemd_service scm: git - version: master + version: 4bc059e9d93fc80f225564955db410de6463262e trackbranch: master + shallow_since: '2022-05-29' - name: systemd_mount src: https://opendev.org/openstack/ansible-role-systemd_mount scm: git - version: master + version: 076b8f940e88eec34fb2a4b7a05fd9fea8ee7b3b trackbranch: master + shallow_since: '2022-05-29' - name: systemd_networkd src: https://opendev.org/openstack/ansible-role-systemd_networkd scm: git - version: master + version: 1906bd37ec78d1bb9ab4496467dfc2afe0875973 trackbranch: master + shallow_since: '2022-05-29' - name: python_venv_build src: https://opendev.org/openstack/ansible-role-python_venv_build scm: git - version: master + version: 04f58473495eb3127ffd2486ae993355269c9905 trackbranch: master + shallow_since: '2022-05-29' - name: uwsgi src: https://opendev.org/openstack/ansible-role-uwsgi scm: git - version: master + version: d30b01f30f7cf90748bd664c1f1c150b27fe1fc3 trackbranch: master + shallow_since: '2022-05-29' - name: pki src: https://opendev.org/openstack/ansible-role-pki scm: git - version: master + version: 39a320161a58b3fc852a3e656b803886d7f2f79a trackbranch: master + shallow_since: '2022-05-29' diff --git a/releasenotes/notes/add-uwsgi-tls-5a8c4005106fbcd5.yaml b/releasenotes/notes/add-uwsgi-tls-5a8c4005106fbcd5.yaml new file mode 100644 index 0000000000..77d89a2a0f --- /dev/null +++ b/releasenotes/notes/add-uwsgi-tls-5a8c4005106fbcd5.yaml @@ -0,0 +1,8 @@ +--- +features: + - | + Added variable `uwsgi_tls` which when added to a `uwsgi_services` item + enables TLS for that service. `uwsgi_tls` is a dict and should contain 2 + keys `crt` and `key`, which define the path to the certificate and its + corresponding key respectively. The certificate file should contain any + intermediate certificates required by a client to verify trust. diff --git a/releasenotes/notes/add_flexibility_for_octavia_cinder_variables-107cb1da89834bf3.yaml b/releasenotes/notes/add_flexibility_for_octavia_cinder_variables-107cb1da89834bf3.yaml new file mode 100644 index 0000000000..61d3144cb4 --- /dev/null +++ b/releasenotes/notes/add_flexibility_for_octavia_cinder_variables-107cb1da89834bf3.yaml @@ -0,0 +1,5 @@ +--- +features: + - Introduces 3 new variables cinder_default_availability_zone, + octavia_cinder_volume_size and octavia_cinder_volume_type. using + these variables, enables Octavia to use different Cinder configurations. \ No newline at end of file diff --git a/releasenotes/notes/adds-uefi-boot-support-18ad99dd21f7e8be.yaml b/releasenotes/notes/adds-uefi-boot-support-18ad99dd21f7e8be.yaml new file mode 100644 index 0000000000..b491a7a29c --- /dev/null +++ b/releasenotes/notes/adds-uefi-boot-support-18ad99dd21f7e8be.yaml @@ -0,0 +1,7 @@ +--- +features: + - UEFI boot support has been added. To migrate from Legacy BIOS mode, + define `boot_mode:uefi` as a capability for baremetal nodes that support + UEFI. In addition, corresponding flavor(s) will need to be created or + modified to include `boot_mode:uefi` as a capability for scheduling to + occur against UEFI nodes. \ No newline at end of file diff --git a/releasenotes/notes/centos-mirror-url-7698160e63aedce6.yaml b/releasenotes/notes/centos-mirror-url-7698160e63aedce6.yaml new file mode 100644 index 0000000000..893674422a --- /dev/null +++ b/releasenotes/notes/centos-mirror-url-7698160e63aedce6.yaml @@ -0,0 +1,12 @@ +--- +features: + - | + A new variable ``centos_mirror_url`` is introduced to the openstack_hosts + role to allow a single deployment wide variable to control the location + of the centos package mirror. +upgrade: + - | + Existing use of the variable ``openstack_hosts_centos_mirror_url`` will + continue to work as in previous releases, but the new variable + ``centos_mirror_url`` can be used to define the mirror location for the + whole deployment. diff --git a/releasenotes/notes/credential-provider-mechanisms-959f7479debbe448.yaml b/releasenotes/notes/credential-provider-mechanisms-959f7479debbe448.yaml new file mode 100644 index 0000000000..5a72ee917f --- /dev/null +++ b/releasenotes/notes/credential-provider-mechanisms-959f7479debbe448.yaml @@ -0,0 +1,3 @@ +--- +features: + - Added a support for both Credential Provider Mechanisms(dynamic credentials and pre-provisioned credentials). diff --git a/releasenotes/notes/db-pooling-old-vars-0fca50f8114ab7bb.yaml b/releasenotes/notes/db-pooling-old-vars-0fca50f8114ab7bb.yaml new file mode 100644 index 0000000000..974051d368 --- /dev/null +++ b/releasenotes/notes/db-pooling-old-vars-0fca50f8114ab7bb.yaml @@ -0,0 +1,5 @@ +--- +upgrade: + - | + The ``octaiva_db_pool_size`` variable was previously deprecated and is now + removed. A replacement variable was introduced in the Xena release. diff --git a/releasenotes/notes/db-pooling-old-vars-6ad7284cd8583218.yaml b/releasenotes/notes/db-pooling-old-vars-6ad7284cd8583218.yaml new file mode 100644 index 0000000000..f7dd146afa --- /dev/null +++ b/releasenotes/notes/db-pooling-old-vars-6ad7284cd8583218.yaml @@ -0,0 +1,7 @@ +--- +upgrade: + - | + The following keystone role variables were previously deprecated, and + are now removed. Replacement variables were introduced in the Xena release. + ``keystone_database_pool_timeout`` ``keystone_database_max_pool_size`` + ``keystone_database_idle_timeout`` diff --git a/releasenotes/notes/db-pooling-old-vars-b5dbab9bfb21cc78.yaml b/releasenotes/notes/db-pooling-old-vars-b5dbab9bfb21cc78.yaml new file mode 100644 index 0000000000..1064a1087f --- /dev/null +++ b/releasenotes/notes/db-pooling-old-vars-b5dbab9bfb21cc78.yaml @@ -0,0 +1,5 @@ +--- +upgrade: + - | + The ``neutron_db_pool_size`` variable was previously deprecated and is now + removed. A replacement variable was introduced in the Xena release. diff --git a/releasenotes/notes/deprecate_congress_lxd-9e1c00c6f93f32f6.yaml b/releasenotes/notes/deprecate_congress_lxd-9e1c00c6f93f32f6.yaml new file mode 100644 index 0000000000..fe940b6314 --- /dev/null +++ b/releasenotes/notes/deprecate_congress_lxd-9e1c00c6f93f32f6.yaml @@ -0,0 +1,6 @@ +--- +deprecations: + - | + Vaiables ``tempest_service_available_congress`` and + ``tempest_service_available_nova_lxd`` have been removed and have no effect + since corresponding services are not supported anymore. diff --git a/releasenotes/notes/deprecate_glance_api_servers-6a5fd6a13d324fb4.yaml b/releasenotes/notes/deprecate_glance_api_servers-6a5fd6a13d324fb4.yaml new file mode 100644 index 0000000000..b3fab6a038 --- /dev/null +++ b/releasenotes/notes/deprecate_glance_api_servers-6a5fd6a13d324fb4.yaml @@ -0,0 +1,5 @@ +--- +deprecations: + - | + Variable ``nova_glance_api_servers`` has been removed and has no effect + due to corresponsive upstream api_servers being deprecated. diff --git a/releasenotes/notes/drop-nginx-repo-e0a6ab0107e09e94.yaml b/releasenotes/notes/drop-nginx-repo-e0a6ab0107e09e94.yaml new file mode 100644 index 0000000000..331868ab75 --- /dev/null +++ b/releasenotes/notes/drop-nginx-repo-e0a6ab0107e09e94.yaml @@ -0,0 +1,8 @@ +--- +upgrade: + - | + The use of the nginx package repository on RedHat derived operating + systems is no longer required as there is a new enough version of the + nginx package in the standard distro repos now. The variables + ``repo_centos_nginx_mirror`` and ``repo_centos_nginx_key`` are removed from + the repo_server role and no longer have any effect. diff --git a/releasenotes/notes/extra-port-47d2ba4074ab6a62.yaml b/releasenotes/notes/extra-port-47d2ba4074ab6a62.yaml new file mode 100644 index 0000000000..e6e2457768 --- /dev/null +++ b/releasenotes/notes/extra-port-47d2ba4074ab6a62.yaml @@ -0,0 +1,9 @@ +--- +upgrade: + - | + Galera will now additionally listen on port 3307 by default, with this port + being used by the monitoring user to check cluster status. Ensure that any + firewall rules permit access to this port before upgrading. If an + 'extra_port' was already configured, ensure that any conflicting + configuration is removed and set your preferred values via + 'galera_monitoring_port' and 'galera_monitoring_max_connections'. diff --git a/releasenotes/notes/feature-enabled-deprecation-b4bedf43746e30b4.yaml b/releasenotes/notes/feature-enabled-deprecation-b4bedf43746e30b4.yaml new file mode 100644 index 0000000000..b6ca9fd22e --- /dev/null +++ b/releasenotes/notes/feature-enabled-deprecation-b4bedf43746e30b4.yaml @@ -0,0 +1,19 @@ +--- +deprecations: + - | + Following tempest related variables were deprecated and have no effect: + + * tempest_compute_ssh_user + * tempest_compute_console_output_enabled + * tempest_compute_resize_enabled + * tempest_compute_snapshot_enabled + * tempest_compute_change_password + * tempest_image_api_v1_enabled + * tempest_image_api_v2_enabled + * tempest_swift_container_sync + * tempest_swift_object_versioning + * tempest_swift_discoverable_apis + * tempest_volume_backup_enabled + * tempest_volume_multi_backend_enabled + * tempest_enable_instance_password + * tempest_volume_backend_names diff --git a/releasenotes/notes/galera_data_dir-98c9606407532be0.yaml b/releasenotes/notes/galera_data_dir-98c9606407532be0.yaml new file mode 100644 index 0000000000..42508089e7 --- /dev/null +++ b/releasenotes/notes/galera_data_dir-98c9606407532be0.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + Implemented variable ``galera_data_dir`` that control datadir for MariaDB + databases. Defaults to `/var/lib/mysql`. diff --git a/releasenotes/notes/galera_tmpdir-3271e0bc8e353930.yaml b/releasenotes/notes/galera_tmpdir-3271e0bc8e353930.yaml new file mode 100644 index 0000000000..3145d4d61c --- /dev/null +++ b/releasenotes/notes/galera_tmpdir-3271e0bc8e353930.yaml @@ -0,0 +1,10 @@ +--- +features: + - | + New variables ``galera_tmp_dir`` and ``galera_ignore_db_dirs`` were + implemented to control path to tmp dir and what directories should be + ignored when listing databases. +upgrade: + - | + If you have database named as ``#tmp`` you should change ``galera_tmp_dir`` + path and adjust ``galera_ignore_db_dirs`` or rename database. diff --git a/releasenotes/notes/glance_remote_client-78e5d426cb55717f.yaml b/releasenotes/notes/glance_remote_client-78e5d426cb55717f.yaml new file mode 100644 index 0000000000..2e67441e2e --- /dev/null +++ b/releasenotes/notes/glance_remote_client-78e5d426cb55717f.yaml @@ -0,0 +1,13 @@ +--- +features: +deprecations: + - | + Variable ``glance_nfs_local_directory`` has been renamed to + ``glance_images_local_directory`` to better reflect purpose of + the variable. ``glance_nfs_local_directory`` remains for backwards + compatability but will be removed in Zed release. + - | + Variable ``glance_nfs_client`` has been replaced with + ``glance_remote_client``. New variable has new keys for defining mounts + to cover wider range of supported filesystems. + Compatability for ``glance_nfs_client`` has been kept until Zed release. diff --git a/releasenotes/notes/global-apt-pins-a0d6785a8fd662df.yaml b/releasenotes/notes/global-apt-pins-a0d6785a8fd662df.yaml new file mode 100644 index 0000000000..f79dfce044 --- /dev/null +++ b/releasenotes/notes/global-apt-pins-a0d6785a8fd662df.yaml @@ -0,0 +1,20 @@ +--- +features: + - | + A new variable `openstack_hosts_apt_pinned_packages` is added which allows + deployment wide apt pins to be defined in user_variables. The variable defaults + to pinning the UCA repository to a priority lower than the Ubuntu repositories for + any binary packages generated from the ceph source package. The intention is to + ensure that Ceph packages are always installed from the Ubuntu repositories, or + alternatively the official ceph repositories if the ceph_client role is run later + against a host. The ceph packages for a particular openstack release may not be the + same version as those expected by the rest of openstack-ansible so this change ensures + consistency in the deployed ceph version. +upgrade: + - | + The new variable `openstack_hosts_apt_pinned_packages` is added to the openstack_hosts + ansible role and sets the value of `apt_pinned_packages` for the apt_package_pinning + role run as a dependancy of the openstack_hosts role. Existing use of the + `apt_pinned_packages` variable by deployers in user_variables should be reviewed + to ensure that those pins are applied by the intended ansible roles, and swapped + to this new variable if necessary. diff --git a/releasenotes/notes/gnocchi_incoming_driver-0f96301b88044f55.yaml b/releasenotes/notes/gnocchi_incoming_driver-0f96301b88044f55.yaml new file mode 100644 index 0000000000..a0b46444c6 --- /dev/null +++ b/releasenotes/notes/gnocchi_incoming_driver-0f96301b88044f55.yaml @@ -0,0 +1,18 @@ +--- +features: + - | + Implemented possibility to natively define ``gnocchi_incoming_driver`` + separately from ``gnocchi_storage_driver``. Default behaviour is that + ``[incoming]`` is left unconfigured which means ``[storage]`` is used + when gnocchi_incoming_driver and gnocchi_storage_driver are equal. + Role will install incoming driver dependencies if required. + + To implement that following variables introduced: + + * gnocchi_storage_file_basepath + * gnocchi_storage_swift_container_prefix + * gnocchi_incoming_driver + * gnocchi_incoming_file_basepath + * gnocchi_incoming_swift_container_prefix + * gnocchi_ceph_incoming_pool + * gnocchi_ceph_incoming_username diff --git a/releasenotes/notes/gnocchi_redis_driver-ea6bcb123755094b.yaml b/releasenotes/notes/gnocchi_redis_driver-ea6bcb123755094b.yaml new file mode 100644 index 0000000000..a982456688 --- /dev/null +++ b/releasenotes/notes/gnocchi_redis_driver-ea6bcb123755094b.yaml @@ -0,0 +1,9 @@ +--- +features: + - | + Variables ``gnocchi_storage_redis_url`` and ``gnocchi_incoming_redis_url`` + were added to manage redis connection if it's picked as an storage/incoming + driver. + Default value is redis://localhost:6379/ + Please mention, that OpenStack-Ansible does not provide isntallation of + Redis as of today. diff --git a/releasenotes/notes/heartbeat-in-pthread-6266b4bad0efa00c.yaml b/releasenotes/notes/heartbeat-in-pthread-6266b4bad0efa00c.yaml new file mode 100644 index 0000000000..3782fda0e0 --- /dev/null +++ b/releasenotes/notes/heartbeat-in-pthread-6266b4bad0efa00c.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Fixes a file descriptor leak which may impact services which use the + oslo.messaging RabbitMQ heartbeat mechanism. diff --git a/releasenotes/notes/heartbeat-in-pthread-9f5fde7bfdd7d306.yaml b/releasenotes/notes/heartbeat-in-pthread-9f5fde7bfdd7d306.yaml new file mode 100644 index 0000000000..3782fda0e0 --- /dev/null +++ b/releasenotes/notes/heartbeat-in-pthread-9f5fde7bfdd7d306.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Fixes a file descriptor leak which may impact services which use the + oslo.messaging RabbitMQ heartbeat mechanism. diff --git a/releasenotes/notes/heartbeat-in-pthread-d0c9958361c224f0.yaml b/releasenotes/notes/heartbeat-in-pthread-d0c9958361c224f0.yaml new file mode 100644 index 0000000000..3782fda0e0 --- /dev/null +++ b/releasenotes/notes/heartbeat-in-pthread-d0c9958361c224f0.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Fixes a file descriptor leak which may impact services which use the + oslo.messaging RabbitMQ heartbeat mechanism. diff --git a/releasenotes/notes/keystone-use-pki-role-d0e905887a5f5bd1.yaml b/releasenotes/notes/keystone-use-pki-role-d0e905887a5f5bd1.yaml new file mode 100644 index 0000000000..3253c7e8a1 --- /dev/null +++ b/releasenotes/notes/keystone-use-pki-role-d0e905887a5f5bd1.yaml @@ -0,0 +1,13 @@ +--- +upgrade: + - | + The keystone installation now uses ansible-role-pki to create and install + a server certificate for Apache when keystone_ssl is true. The same role + is also used to create a CA certificate and key for SAML federation when + keystone_idp is populated by the deployer. For an existing keystone SAML + setup the certificate and key will be re-created which may be undesirable, + unless the existing ones are first copied to the relevant directories in + ``/etc/openstack_deploy/pki/roots`` on the deploy host. The variables + ``keystone_ssl_self_signed_regen`` and ``keystone_ssl_self_signed_subject`` + are removed and are replaced with equivalent functionality via the new + ``keystone_pki_*`` variables. diff --git a/releasenotes/notes/keystone_uwsgi_role-b61179e170401e21.yaml b/releasenotes/notes/keystone_uwsgi_role-b61179e170401e21.yaml new file mode 100644 index 0000000000..c1c37f09e4 --- /dev/null +++ b/releasenotes/notes/keystone_uwsgi_role-b61179e170401e21.yaml @@ -0,0 +1,7 @@ +--- +upgrade: + - | + Keystone now uses common uwsgi role for uWSGI deployment. Along with that + variable ``keystone_services`` has been extended with required arguments + for uWSGI. If you override this variable locally make sure to update it's + structure accordingly. diff --git a/releasenotes/notes/neutron-dpdk-bonds-4dd98fc0b341ebfb.yaml b/releasenotes/notes/neutron-dpdk-bonds-4dd98fc0b341ebfb.yaml new file mode 100644 index 0000000000..c26301049e --- /dev/null +++ b/releasenotes/notes/neutron-dpdk-bonds-4dd98fc0b341ebfb.yaml @@ -0,0 +1,10 @@ +--- +features: + - | + The ``provider_networks`` library has been updated to support the + definition of bond member interfaces that can automatically be added as + bond ports to OVS provider bridges setup during a deployment. This + feature is currently limited to DPDK-based deployments. To activate this + feature, add the ``network_bond_interfaces`` key to the respective provider + network definition in ``openstack_user_config.yml``. For more information, + refer to the latest Open vSwitch w/ DPDK deployment guide. diff --git a/releasenotes/notes/nova_glance_rbd-ab6e9b0f5dd7b9ec.yaml b/releasenotes/notes/nova_glance_rbd-ab6e9b0f5dd7b9ec.yaml new file mode 100644 index 0000000000..213223a17c --- /dev/null +++ b/releasenotes/notes/nova_glance_rbd-ab6e9b0f5dd7b9ec.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + New variables ``nova_glance_rbd_inuse`` and ``nova_glance_images_rbd_pool`` have + been implemented that allows deployer to easily configure nova to retrieve glance + images from RBD directly, if nova uses local storage for ephemeral drives. diff --git a/releasenotes/notes/nova_ssl_header-c5d95a629a0a1df5.yaml b/releasenotes/notes/nova_ssl_header-c5d95a629a0a1df5.yaml new file mode 100644 index 0000000000..b6456a88a4 --- /dev/null +++ b/releasenotes/notes/nova_ssl_header-c5d95a629a0a1df5.yaml @@ -0,0 +1,6 @@ +--- +deprecations: + - | + Variables ``nova_external_ssl`` and ``nova_secure_proxy_ssl_header`` + have been removed since secure_proxy_ssl_header option from nova.conf + they controlled has been deprecated and has no effect. diff --git a/releasenotes/notes/optional_cinder_audit_send_actions-76bf53ee0df68383.yaml b/releasenotes/notes/optional_cinder_audit_send_actions-76bf53ee0df68383.yaml new file mode 100644 index 0000000000..339786688c --- /dev/null +++ b/releasenotes/notes/optional_cinder_audit_send_actions-76bf53ee0df68383.yaml @@ -0,0 +1,7 @@ +--- +features: + - Introduced new variable ``cinder_volume_usage_audit_send_actions_enabled`` + to allow the deployer to disable the send actions option in + cinder-volume-usage-audit service unit. To have lowest possible + footprint, the default value would be true to not change the behaviour + of the cinder-volume-usage-audit in existing deployments. diff --git a/releasenotes/notes/rabbit_cloudsmith-36ccc2f807688f4f.yaml b/releasenotes/notes/rabbit_cloudsmith-36ccc2f807688f4f.yaml new file mode 100644 index 0000000000..86d161120d --- /dev/null +++ b/releasenotes/notes/rabbit_cloudsmith-36ccc2f807688f4f.yaml @@ -0,0 +1,5 @@ +--- +other: + - | + Default source of rabbitmq and erlang packages has been switched to + cloudsmith.io diff --git a/releasenotes/notes/rabbitmq_ini_config-dcf95fe46a37ff2c.yaml b/releasenotes/notes/rabbitmq_ini_config-dcf95fe46a37ff2c.yaml new file mode 100644 index 0000000000..ef05a2cedb --- /dev/null +++ b/releasenotes/notes/rabbitmq_ini_config-dcf95fe46a37ff2c.yaml @@ -0,0 +1,15 @@ +--- +features: + - | + New variables that provide better control over RabbitMQ management + interface have been implemented: + + * rabbitmq_management_bind_tcp_port + * rabbitmq_management_bind_tls_port + * rabbitmq_management_ssl + +upgrade: + - | + RabbitMQ was migrated to the new-style config, which resides in + ``/etc/rabbitmq/rabbitmq.conf``. Old config ``rabbitmq.config`` will be + removed during upgrade. diff --git a/releasenotes/notes/rabbitmq_init_overrides-74ce479a2dcf304c.yaml b/releasenotes/notes/rabbitmq_init_overrides-74ce479a2dcf304c.yaml new file mode 100644 index 0000000000..9d54339bab --- /dev/null +++ b/releasenotes/notes/rabbitmq_init_overrides-74ce479a2dcf304c.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + Added variable ``rabbitmq_init_overrides`` that allows to control rabbitmq + overrides that will be applied to the systemd service. + Previously values were hardcoded without possibility for override. diff --git a/releasenotes/notes/rabbitmq_manage_hosts-834150c45dfc0771.yaml b/releasenotes/notes/rabbitmq_manage_hosts-834150c45dfc0771.yaml new file mode 100644 index 0000000000..707a0ce80f --- /dev/null +++ b/releasenotes/notes/rabbitmq_manage_hosts-834150c45dfc0771.yaml @@ -0,0 +1,9 @@ +--- +features: + - | + Added variable ``rabbitmq_manage_hosts_entries`` that controls if + rabbitmq_server role will attempt to adjust /etc/hosts file +fixes: + - | + Do not duplicate records in /etc/hosts file by rabbitmq role when hosts + file is already managed by OSA. diff --git a/releasenotes/notes/remove-unnecessary-vars-2b29b9fd5c7ac06a.yaml b/releasenotes/notes/remove-unnecessary-vars-2b29b9fd5c7ac06a.yaml new file mode 100644 index 0000000000..d29f090865 --- /dev/null +++ b/releasenotes/notes/remove-unnecessary-vars-2b29b9fd5c7ac06a.yaml @@ -0,0 +1,6 @@ +--- +deprecations: + - variable ``tempest_network_tenant_network_cidr`` has been deprecated + - variable ``tempest_network_tenant_network_mask_bits`` has been deprecated + - variable ``tempest_fatal_deprecations`` has been deprecated + diff --git a/releasenotes/notes/remove_xinetd-1970838891f570cc.yaml b/releasenotes/notes/remove_xinetd-1970838891f570cc.yaml new file mode 100644 index 0000000000..35b4a21296 --- /dev/null +++ b/releasenotes/notes/remove_xinetd-1970838891f570cc.yaml @@ -0,0 +1,5 @@ +--- +upgrade: + - | + The xinetd script and configuration to run the 'clustercheck' script is + replaced with a systemd socket activated service. diff --git a/releasenotes/notes/tempest-endpoint-type-bf2252d66bc1e4f5.yaml b/releasenotes/notes/tempest-endpoint-type-bf2252d66bc1e4f5.yaml new file mode 100644 index 0000000000..4146f0735f --- /dev/null +++ b/releasenotes/notes/tempest-endpoint-type-bf2252d66bc1e4f5.yaml @@ -0,0 +1,3 @@ +--- +other: + - Added new variable ``tempest_endpoint_type`` to avoid having endpoint type hardcoded in tempest.conf diff --git a/releasenotes/notes/tempest-resource-creation-improvements-4a5bc4dab1944934.yaml b/releasenotes/notes/tempest-resource-creation-improvements-4a5bc4dab1944934.yaml new file mode 100644 index 0000000000..b47d1f4c4a --- /dev/null +++ b/releasenotes/notes/tempest-resource-creation-improvements-4a5bc4dab1944934.yaml @@ -0,0 +1,5 @@ +--- +features: + - Implemented variables ``tempest_public_net_create``, ``tempest_private_net_create``, ``tempest_router_create``, ``tempest_images_create``, ``tempest_flavors_create``, ``tempest_projects_create`` which allow to skip creating specific resources. +upgrade: + - Changed default value for ``tempest_projects`` variable. Now this list contains only one element 'tempest'. Previously it was 'demo' and 'alt_demo' which was quite confusing. diff --git a/releasenotes/notes/templated_service-f31e4515c2fd75ab.yaml b/releasenotes/notes/templated_service-f31e4515c2fd75ab.yaml new file mode 100644 index 0000000000..f021bb46dc --- /dev/null +++ b/releasenotes/notes/templated_service-f31e4515c2fd75ab.yaml @@ -0,0 +1,7 @@ +--- +features: + - | + Allow to create `templated services `_ + Now for systemd_services you are allowed to provide template_arguments, + which can contain a list of arguments with which templated services + would be created. diff --git a/releasenotes/notes/tls_variables-5d7db8f80f158f0d.yaml b/releasenotes/notes/tls_variables-5d7db8f80f158f0d.yaml new file mode 100644 index 0000000000..a81982f3df --- /dev/null +++ b/releasenotes/notes/tls_variables-5d7db8f80f158f0d.yaml @@ -0,0 +1,6 @@ +--- +deprecations: + - | + The variable 'keystone_ssl_cipher_suite' is deprecated in favour of + 'keystone_ssl_cipher_suite_tls12' which will continue to manage + configuration of ciphers for TLS v1.2 and earlier. diff --git a/releasenotes/notes/tls_variables-91160d4e38085de4.yaml b/releasenotes/notes/tls_variables-91160d4e38085de4.yaml new file mode 100644 index 0000000000..7894a950ea --- /dev/null +++ b/releasenotes/notes/tls_variables-91160d4e38085de4.yaml @@ -0,0 +1,9 @@ +--- +features: + - | + The HAProxy role now supports TLS v1.3 by default, alongside TLS v1.2. +deprecations: + - | + The variable 'haproxy_ssl_cipher_suite' is deprecated in favour of + 'haproxy_ssl_cipher_suite_tls12' which will continue to manage + configuration of ciphers for TLS v1.2 and earlier. diff --git a/releasenotes/notes/tls_variables-ab6684a5a5505068.yaml b/releasenotes/notes/tls_variables-ab6684a5a5505068.yaml new file mode 100644 index 0000000000..1a42d71ef5 --- /dev/null +++ b/releasenotes/notes/tls_variables-ab6684a5a5505068.yaml @@ -0,0 +1,6 @@ +--- +deprecations: + - | + The variable 'horizon_ssl_cipher_suite' is deprecated in favour of + 'horizon_ssl_cipher_suite_tls12' which will continue to manage + configuration of ciphers for TLS v1.2 and earlier. diff --git a/releasenotes/notes/venv_wheels_build-23298a7019e629bd.yaml b/releasenotes/notes/venv_wheels_build-23298a7019e629bd.yaml new file mode 100644 index 0000000000..867eae9882 --- /dev/null +++ b/releasenotes/notes/venv_wheels_build-23298a7019e629bd.yaml @@ -0,0 +1,9 @@ +--- + +features: + - | + Functionality of ``venv_rebuild`` has been adjusted to the correct scope. + Now setting this variable to true will not trigger wheels rebuild - + it will just remove and re-create your virtualenv. + If you want to rebuild wheels, a new variable ``venv_wheels_rebuild`` has + been implemented.