From a83bc9b14dd19b12946012c3a794a0fdfd8d5851 Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Thu, 14 Jul 2022 11:10:12 +0200 Subject: [PATCH] Bump OpenStack-Ansible for Wallaby Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/849855 Change-Id: I4c10a24c305fd98814d5fc9c10f48d1a711e492e --- ansible-role-requirements.yml | 75 +++++++++---------- playbooks/defaults/repo_packages/gnocchi.yml | 4 +- .../defaults/repo_packages/nova_consoles.yml | 2 +- .../repo_packages/openstack_services.yml | 32 ++++---- ...adb_security_upgrade-24e89cb878cc1389.yaml | 10 +++ ...vpnaas-custom-config-ad991bb02b9ed655.yaml | 33 ++++++++ .../rabbit_cloudsmith-36ccc2f807688f4f.yaml | 5 ++ .../rally-openstack-git-121821ef54c48419.yaml | 8 ++ 8 files changed, 112 insertions(+), 57 deletions(-) create mode 100644 releasenotes/notes/mariadb_security_upgrade-24e89cb878cc1389.yaml create mode 100644 releasenotes/notes/neutron-vpnaas-custom-config-ad991bb02b9ed655.yaml create mode 100644 releasenotes/notes/rabbit_cloudsmith-36ccc2f807688f4f.yaml create mode 100644 releasenotes/notes/rally-openstack-git-121821ef54c48419.yaml diff --git a/ansible-role-requirements.yml b/ansible-role-requirements.yml index 6ec015f2e5..3220e3382b 100644 --- a/ansible-role-requirements.yml +++ b/ansible-role-requirements.yml @@ -1,6 +1,6 @@ --- -### HEAD as of 27.05.2022 ### +### HEAD as of 14.07.2022 ### - name: ansible-hardening scm: git @@ -17,15 +17,15 @@ - name: config_template scm: git src: https://opendev.org/openstack/ansible-config_template - version: 78e7f22caa79a19ecfed9d4e378bd0d261a93a11 + version: dae35c0bc329764bacfb47132f465d3cfbf70c2a trackbranch: master - shallow_since: '2022-04-14' + shallow_since: '2022-07-11' - name: galera_server scm: git src: https://opendev.org/openstack/openstack-ansible-galera_server - version: 661d1379d954791c2af8f78199f8d2b17201ac72 + version: ee971b568134002ce058a3167338f56b1d489193 trackbranch: stable/wallaby - shallow_since: '2022-02-14' + shallow_since: '2022-07-13' - name: ceph_client scm: git src: https://opendev.org/openstack/openstack-ansible-ceph_client @@ -41,9 +41,8 @@ - name: keepalived scm: git src: https://github.com/evrardjp/ansible-keepalived - version: 0c9625bcc90104c72581af07bcb2e654fef14215 - trackbranch: master - shallow_since: '2022-05-03' + version: 6.1.0 + trackbranch: None - name: lxc_container_create scm: git src: https://opendev.org/openstack/openstack-ansible-lxc_container_create @@ -53,9 +52,9 @@ - name: lxc_hosts scm: git src: https://opendev.org/openstack/openstack-ansible-lxc_hosts - version: b57db77442c1a6354b0a43cee667f595e5f4a915 + version: 7d71769b721cca23ced26453d303112515b0a508 trackbranch: stable/wallaby - shallow_since: '2022-02-07' + shallow_since: '2022-05-25' - name: memcached_server scm: git src: https://opendev.org/openstack/openstack-ansible-memcached_server @@ -89,9 +88,9 @@ - name: os_aodh scm: git src: https://opendev.org/openstack/openstack-ansible-os_aodh - version: c8b97900948b9c04f1ffc55cc367c4f0adbb0042 + version: 7036c501ad4792dda22a7357f1539bae58039307 trackbranch: stable/wallaby - shallow_since: '2021-06-28' + shallow_since: '2022-05-26' - name: os_barbican scm: git src: https://opendev.org/openstack/openstack-ansible-os_barbican @@ -149,9 +148,9 @@ - name: os_horizon scm: git src: https://opendev.org/openstack/openstack-ansible-os_horizon - version: cafa4a358fa5363af7abe39366a34543c6aca7df + version: fb868b58cef30a378e8577ed97623bbf6602359f trackbranch: stable/wallaby - shallow_since: '2022-03-09' + shallow_since: '2022-06-27' - name: os_ironic scm: git src: https://opendev.org/openstack/openstack-ansible-os_ironic @@ -161,9 +160,9 @@ - name: os_magnum scm: git src: https://opendev.org/openstack/openstack-ansible-os_magnum - version: 176d814e74a7c132763393b4c52f9e6f75535007 + version: 7f767ae00e06427ae452e8a75d95adfecf3e2494 trackbranch: stable/wallaby - shallow_since: '2021-06-28' + shallow_since: '2022-06-20' - name: os_manila scm: git src: https://opendev.org/openstack/openstack-ansible-os_manila @@ -179,9 +178,9 @@ - name: os_mistral scm: git src: https://opendev.org/openstack/openstack-ansible-os_mistral - version: fce6170874c229e1f03bda4c9435c72aca63333e + version: 34343349d86991feed1bfbbfcf735a9cea1300ef trackbranch: stable/wallaby - shallow_since: '2021-06-28' + shallow_since: '2022-07-11' - name: os_murano scm: git src: https://opendev.org/openstack/openstack-ansible-os_murano @@ -191,9 +190,9 @@ - name: os_neutron scm: git src: https://opendev.org/openstack/openstack-ansible-os_neutron - version: 713ae64c49cb145eac3a445127210c5e8784aed6 + version: 7898c61e286834c0690911cbafbbd4bac9fc3787 trackbranch: stable/wallaby - shallow_since: '2022-03-15' + shallow_since: '2022-06-28' - name: os_nova scm: git src: https://opendev.org/openstack/openstack-ansible-os_nova @@ -203,9 +202,9 @@ - name: os_octavia scm: git src: https://opendev.org/openstack/openstack-ansible-os_octavia - version: 4a6e1fdbfe707e705d4967dcc6bd67449444c694 + version: 53019323c41d933aa085a69ff8259deee383b9f3 trackbranch: stable/wallaby - shallow_since: '2022-05-22' + shallow_since: '2022-05-25' - name: os_panko scm: git src: https://opendev.org/openstack/openstack-ansible-os_panko @@ -221,9 +220,9 @@ - name: os_rally scm: git src: https://opendev.org/openstack/openstack-ansible-os_rally - version: 882079ac4034571c618dfb56037d1400a609050d + version: 75f9d7b7f56a21d57169d4e5f22e34206c34d13e trackbranch: stable/wallaby - shallow_since: '2021-12-22' + shallow_since: '2022-07-11' - name: os_sahara scm: git src: https://opendev.org/openstack/openstack-ansible-os_sahara @@ -239,9 +238,9 @@ - name: os_swift scm: git src: https://opendev.org/openstack/openstack-ansible-os_swift - version: 2e5b9ca11aaece1755ac882fbe475d0471ca0b5f + version: 164ddfdff48e8a87f62290150439f59530acaa60 trackbranch: stable/wallaby - shallow_since: '2021-06-28' + shallow_since: '2022-06-03' - name: os_tacker scm: git src: https://opendev.org/openstack/openstack-ansible-os_tacker @@ -281,9 +280,9 @@ - name: rabbitmq_server scm: git src: https://opendev.org/openstack/openstack-ansible-rabbitmq_server - version: 282f56b573de0c7eead53636545bdbe167c264ee + version: 405efddcb96a647c4648386b3c483a9fdae15da2 trackbranch: stable/wallaby - shallow_since: '2022-04-03' + shallow_since: '2022-06-28' - name: repo_server scm: git src: https://opendev.org/openstack/openstack-ansible-repo_server @@ -305,9 +304,9 @@ - name: sshd scm: git src: https://github.com/willshersystems/ansible-sshd - version: 753073f4d6928526c21e8f24050c30318cd51068 + version: 7349bd448ed1824a02c7c5917f98e85f5ba0d8d0 trackbranch: master - shallow_since: '2022-05-09' + shallow_since: '2022-06-15' - name: bird scm: git src: https://github.com/logan2211/ansible-bird @@ -323,9 +322,9 @@ - name: unbound scm: git src: https://github.com/logan2211/ansible-unbound - version: f8e2d8a89ddb9352d5748332a5f3a33ed33f66ab + version: fdbb66f8055e4a7ec9e248643865a490a0806263 trackbranch: master - shallow_since: '2019-03-21' + shallow_since: '2022-05-28' - name: resolvconf scm: git src: https://github.com/logan2211/ansible-resolvconf @@ -335,9 +334,9 @@ - name: ceph-ansible scm: git src: https://github.com/ceph/ceph-ansible - version: 4d2855414e6bcdf49414b88319fdaab854b8a7f5 + version: 18064032a93e04fe1aebfa2493bd9601df89a01f trackbranch: stable-5.0 - shallow_since: '2022-04-20' + shallow_since: '2022-07-10' - name: opendaylight scm: git src: https://github.com/opendaylight/integration-packaging-ansible-opendaylight @@ -354,8 +353,8 @@ scm: git src: https://github.com/noonedeadpunk/ansible-pacemaker-corosync trackbranch: master - version: 70d3c59efea4c3080fa66aeef75eadd0a032a83e - shallow_since: '2021-01-12' + version: dacff1ed6ede207b8afcbfff5e990d875580893b + shallow_since: '2022-06-14' - name: systemd_service src: https://opendev.org/openstack/ansible-role-systemd_service scm: git @@ -377,9 +376,9 @@ - name: python_venv_build src: https://opendev.org/openstack/ansible-role-python_venv_build scm: git - version: e7307f5d01db07cc504eb619654a0829c9d4e92c + version: 0838b296d7ca69afec474fe69915e071ce09c964 trackbranch: stable/wallaby - shallow_since: '2022-02-28' + shallow_since: '2022-07-12' - name: uwsgi src: https://opendev.org/openstack/ansible-role-uwsgi scm: git diff --git a/playbooks/defaults/repo_packages/gnocchi.yml b/playbooks/defaults/repo_packages/gnocchi.yml index 424aa9e636..a8bb14b61f 100644 --- a/playbooks/defaults/repo_packages/gnocchi.yml +++ b/playbooks/defaults/repo_packages/gnocchi.yml @@ -28,11 +28,11 @@ ### Before this is shipped all of these services should have a tag set as the branch, ### or have a comment / reason attached to them as to why a tag can not work. -### HEAD as of 27.05.2022 ### +### HEAD as of 14.07.2022 ### ## Gnocchi service ## This service has a different stable branch strategy to the rest of OpenStack. ## The SHA is recorded here to make the SHA updating easier. gnocchi_git_repo: https://github.com/gnocchixyz/gnocchi -gnocchi_git_install_branch: 859a2574f93b3bcf5fe5b937397f23cde07a9e52 +gnocchi_git_install_branch: a07d82e30c48edf4909df51e30cbd972509e631f gnocchi_git_track_branch: stable/4.4 diff --git a/playbooks/defaults/repo_packages/nova_consoles.yml b/playbooks/defaults/repo_packages/nova_consoles.yml index 6708adb184..f82d342503 100644 --- a/playbooks/defaults/repo_packages/nova_consoles.yml +++ b/playbooks/defaults/repo_packages/nova_consoles.yml @@ -24,7 +24,7 @@ ## * All items with this file should be separated by `name_` note that the name of the ## package should be one long name with no additional `_` separating it. -### HEAD as of 27.05.2022 ### +### HEAD as of 14.07.2022 ### ## NOVNC from source novncproxy_git_repo: https://github.com/novnc/noVNC diff --git a/playbooks/defaults/repo_packages/openstack_services.yml b/playbooks/defaults/repo_packages/openstack_services.yml index 5283091dd3..1278b38f8e 100644 --- a/playbooks/defaults/repo_packages/openstack_services.yml +++ b/playbooks/defaults/repo_packages/openstack_services.yml @@ -28,11 +28,11 @@ ### Before this is shipped all of these services should have a tag set as the branch, ### or have a comment / reason attached to them as to why a tag can not work. -### HEAD as of 27.05.2022 ### +### HEAD as of 14.07.2022 ### ## Global Requirements requirements_git_repo: https://opendev.org/openstack/requirements -requirements_git_install_branch: 20be78e7b3ef4c3e43ad06745e5ffcb0f1a87576 +requirements_git_install_branch: b2e63902a44f9ff0c5fb1d04f353d3596f9090d2 requirements_git_track_branch: stable/wallaby ## Adjutant service @@ -53,7 +53,7 @@ aodh_git_track_branch: stable/wallaby ## Barbican service barbican_git_repo: https://opendev.org/openstack/barbican -barbican_git_install_branch: 0b4532125a6ab133fd547cb38c76487a492f2127 +barbican_git_install_branch: 486e60723f1f635b8e1843bccaf144d85556a9f6 barbican_git_track_branch: stable/wallaby @@ -71,7 +71,7 @@ ceilometer_git_track_branch: stable/wallaby ## Cinder service cinder_git_repo: https://opendev.org/openstack/cinder -cinder_git_install_branch: 553264535dc34f676ff4db3c77e1869c1fb3c6b7 +cinder_git_install_branch: 1776695a1293397eafbcee39601c68a5195d8fcb cinder_git_track_branch: stable/wallaby @@ -89,7 +89,7 @@ cloudkitty_dashboard_git_track_branch: stable/wallaby ## Designate service designate_git_repo: https://opendev.org/openstack/designate -designate_git_install_branch: 2e55c3e24bfaf1b03241aa1a4a538d03c29d69ad +designate_git_install_branch: f2557474951e96677939dc768c98a02543380b72 designate_git_track_branch: stable/wallaby @@ -101,13 +101,13 @@ designate_dashboard_git_track_branch: stable/wallaby ## Glance service glance_git_repo: https://opendev.org/openstack/glance -glance_git_install_branch: b1d635c287f950b15df207455d64d97228963e5f +glance_git_install_branch: 677c89c23631e9083261a1a18ed438d8966e0de2 glance_git_track_branch: stable/wallaby ## Heat service heat_git_repo: https://opendev.org/openstack/heat -heat_git_install_branch: aa31864de4fe480674a0669c05a024ab28c3c429 +heat_git_install_branch: c2bc23bb5c6c0b4f45c4cc7b3da9e6a5c017c79b heat_git_track_branch: stable/wallaby ## Horizon Heat dashboard plugin @@ -117,7 +117,7 @@ heat_dashboard_git_track_branch: stable/wallaby ## Horizon service horizon_git_repo: https://opendev.org/openstack/horizon -horizon_git_install_branch: da9b7c2fb3a60326473120edd31126b3b923a985 +horizon_git_install_branch: 82698aa8901b0533f2e62868fabbf5ef4c36cea0 horizon_git_track_branch: stable/wallaby ## Horizon Ironic dashboard plugin @@ -150,13 +150,13 @@ keystone_git_track_branch: stable/wallaby ## Manila service manila_git_repo: https://opendev.org/openstack/manila -manila_git_install_branch: 3d844d6bcad5f1a9a6407cae512dc8685bbd12fb +manila_git_install_branch: 732bf38f5d7caf00489901b0a5f09187c72f4e6d manila_git_track_branch: stable/wallaby ## Neutron service neutron_git_repo: https://opendev.org/openstack/neutron -neutron_git_install_branch: 941c822b7ba62217e3f4740b5ca5662895d60ae8 +neutron_git_install_branch: a146f58aefe86a43e01b35eada041f5622ef5bec neutron_git_track_branch: stable/wallaby neutron_vpnaas_git_repo: https://opendev.org/openstack/neutron-vpnaas @@ -194,12 +194,12 @@ networking_nsx_git_install_branch: 0253265f75f63d5619b30f16a6b64459dec79d82 networking_nsx_git_track_branch: master networking_nsxlib_git_repo: https://opendev.org/x/vmware-nsxlib -networking_nsxlib_git_install_branch: d761feadd7b572ed5e0c788f0ffe7e9f245e71c8 +networking_nsxlib_git_install_branch: 69662ffa4ef7723efa3329022a4950451874cf2b networking_nsxlib_git_track_branch: master ## Nova service nova_git_repo: https://opendev.org/openstack/nova -nova_git_install_branch: baf0d93e0fafcd992d37543aa9df3f6dc248a738 +nova_git_install_branch: 7074ac04c1da97e31d0b2aee2aa142b0d0ada697 nova_git_track_branch: stable/wallaby @@ -217,13 +217,13 @@ senlin_git_track_branch: stable/wallaby ## Swift service swift_git_repo: https://opendev.org/openstack/swift -swift_git_install_branch: f56bb37f03e31df3473dce790720c14e451d22e1 +swift_git_install_branch: 6a1a8ce14be8b4625eaf4f2b4d18ddfbdbbb4289 swift_git_track_branch: stable/wallaby ## Ironic service ironic_git_repo: https://opendev.org/openstack/ironic -ironic_git_install_branch: aa8d680bae4ff200a4470cdd2367e8da62a16e04 +ironic_git_install_branch: dd2bfabbae24b468f3a89611e6b0b3b6c679a8e0 ironic_git_track_branch: stable/wallaby @@ -279,7 +279,7 @@ trove_dashboard_git_track_branch: stable/wallaby ## Octavia service octavia_git_repo: https://opendev.org/openstack/octavia -octavia_git_install_branch: ac3743c0379b533b66389006acf30f2c0c6e4f2e +octavia_git_install_branch: 94e5a6f99d752848a0bbd16ddb10e76fc53e0179 octavia_git_track_branch: stable/wallaby @@ -291,7 +291,7 @@ panko_git_track_branch: stable/wallaby ## Placement service placement_git_repo: https://opendev.org/openstack/placement -placement_git_install_branch: 69dcdcb2b7df0a81addec55804ce91c724ca0f54 +placement_git_install_branch: 716b947c479e36ce2e9ec6d9e0bbab882f391892 placement_git_track_branch: stable/wallaby diff --git a/releasenotes/notes/mariadb_security_upgrade-24e89cb878cc1389.yaml b/releasenotes/notes/mariadb_security_upgrade-24e89cb878cc1389.yaml new file mode 100644 index 0000000000..07f31d67cb --- /dev/null +++ b/releasenotes/notes/mariadb_security_upgrade-24e89cb878cc1389.yaml @@ -0,0 +1,10 @@ +--- +security: + - | + MariaDB has been updated to version 10.5.16 by default. This covers + following CVEs: + + * https://nvd.nist.gov/vuln/detail/CVE-2022-27376 + * https://nvd.nist.gov/vuln/detail/CVE-2022-27377 + * https://nvd.nist.gov/vuln/detail/CVE-2022-27380 + diff --git a/releasenotes/notes/neutron-vpnaas-custom-config-ad991bb02b9ed655.yaml b/releasenotes/notes/neutron-vpnaas-custom-config-ad991bb02b9ed655.yaml new file mode 100644 index 0000000000..c8ea98c4a2 --- /dev/null +++ b/releasenotes/notes/neutron-vpnaas-custom-config-ad991bb02b9ed655.yaml @@ -0,0 +1,33 @@ +--- +features: + - | + Neutron VPN as a Service (VPNaaS) with customized configuration files + can now be defined with the variable ``neutron_vpnaas_custom_config``. + deployers should define ``neutron_vpnaas_custom_config`` in 'user_variables.yml'. + Example: + + .. code-block:: yaml + + neutron_vpnaas_custom_config: + - src: "/etc/openstack_deploy/strongswan/strongswan.conf.template" + dest: "{{ neutron_conf_dir }}/strongswan.conf.template" + - src: "/etc/openstack_deploy/strongswan/strongswan.d" + dest: "/etc/strongswan.d" + - src: "/etc/openstack_deploy/{{ neutron_vpnaas_distro_packages }}/ipsec.conf.template" + dest: "{{ neutron_conf_dir }}/ipsec.conf.template" + - src: "/etc/openstack_deploy/{{ neutron_vpnaas_distro_packages }}/ipsec.secret.template" + dest: "{{ neutron_conf_dir }}/ipsec.secret.template" + + We should be also define ``neutron_l3_agent_ini_overrides`` in 'user_variables.yml' + to tell ``l3_agent`` use the new config file. + Example: + + .. code-block:: yaml + + neutron_l3_agent_ini_overrides: + ipsec: + enable_detailed_logging: True + strongswan: + strongswan_config_template : "{{ neutron_conf_dir }}/strongswan.conf.template" + openswan: + ipsec_config_template: "{{ neutron_conf_dir }}/ipsec.conf.template" diff --git a/releasenotes/notes/rabbit_cloudsmith-36ccc2f807688f4f.yaml b/releasenotes/notes/rabbit_cloudsmith-36ccc2f807688f4f.yaml new file mode 100644 index 0000000000..86d161120d --- /dev/null +++ b/releasenotes/notes/rabbit_cloudsmith-36ccc2f807688f4f.yaml @@ -0,0 +1,5 @@ +--- +other: + - | + Default source of rabbitmq and erlang packages has been switched to + cloudsmith.io diff --git a/releasenotes/notes/rally-openstack-git-121821ef54c48419.yaml b/releasenotes/notes/rally-openstack-git-121821ef54c48419.yaml new file mode 100644 index 0000000000..1faf00032e --- /dev/null +++ b/releasenotes/notes/rally-openstack-git-121821ef54c48419.yaml @@ -0,0 +1,8 @@ +--- + +features: + - | + Implemented variables ``rally_openstack_git_repo`` and + ``rally_openstack_git_install_branch`` that allow to override installation + source for rally-openstack package as well as controll installed version + of the package.