From 00f792bc276c7d67db47a826778ce02cb374aa20 Mon Sep 17 00:00:00 2001 From: Christian Berendt Date: Thu, 7 Mar 2024 08:35:03 +0100 Subject: [PATCH] Prepare 7.0.0c release (#1257) Signed-off-by: Christian Berendt --- 7.0.0c/base.yml | 80 +++++++++++++++ 7.0.0c/ceph-quincy.yml | 15 +++ 7.0.0c/ceph.yml | 1 + 7.0.0c/openstack-2023.2.yml | 58 +++++++++++ 7.0.0c/openstack.yml | 1 + doc/source/index.rst | 2 +- doc/source/notes/7.0.0c.rst | 197 ++++++++++++++++++++++++++++++++++++ 7 files changed, 353 insertions(+), 1 deletion(-) create mode 100644 7.0.0c/base.yml create mode 100644 7.0.0c/ceph-quincy.yml create mode 120000 7.0.0c/ceph.yml create mode 100644 7.0.0c/openstack-2023.2.yml create mode 120000 7.0.0c/openstack.yml create mode 100644 doc/source/notes/7.0.0c.rst diff --git a/7.0.0c/base.yml b/7.0.0c/base.yml new file mode 100644 index 00000000..988f8bcf --- /dev/null +++ b/7.0.0c/base.yml @@ -0,0 +1,80 @@ +--- +ansible_version: '9.3.0' +ansible_core_version: '2.16.4' + +defaults_version: 'v0.20240307.0' +generics_version: 'v0.20240307.0' +manager_version: 7.0.0c +operations_version: 'v0.20240307.0' +playbooks_version: 'v0.20240307.0' + +osism_projects: + ara: '1.7.1' + docker: '5:24.0.9' + osism: '0.20240307.0' + k3s: 'v1.29.0+k3s1' + +docker_images: + adminer: '4.8.1' + alerta: '9.0.1' + ara_server: '1.7.0' + cgit: '1.2.3' + dnsdist: '1.8.0' + homer: 'v23.10.1' + inventory_reconciler: '7.0.0c' + fleet: 'v4.43.3' + keycloak: '19.0.3-legacy' + mariadb: '11.2.2' + memcached: '1.6.23-alpine' + netbox: 'v3.4.8' + nexus: '3.64.0' + nginx: '1.25.3-alpine' + openstack_health_monitor: 'v7.0.0a' + osism: '0.20240307.0' + phpmyadmin: '5.2.1' + postgres: '15.5-alpine' + postgres_upgrade: '14-to-15' + redis: '7.2.4-alpine' + registry: '2.8' + scaphandre: '1.0.0' + squid: '5.7-23.04_beta' + traefik: '2.11.0' + vault: '1.15.6' + +ansible_roles: + geerlingguy.certbot: 4be771f12a62c9a835491f76ac49cfdc150481ce + geerlingguy.dotfiles: d3c06e05442ec75e67c2d2e40591eed13f96587f + hardening: e77c311442cb1d1ef8caa7df9d9c00471afa75e7 + pdns_recursor: 'v1.6.0' + stackhpc.libvirt_host: 27144f846d2c088d9de0d633f2ad26060bd8e5e7 + stackhpc.libvirt_vm: 0c08b28ce3547878e104adc284e09c947809df50 + stackhpc.luks: 81faff11713675f4e35126587445b52732b02aba + stackhpc.systemd_networkd: 091601b0b02d1db59297e1f72533927540e9b9c7 + ubuntu22_cis: devel + +ansible_collections: + ansible.netcommon: '6.0.0' + ansible.posix: '1.5.4' + ansible.utils: '3.0.0' + cloud.common: '3.0.0' + community.crypto: '2.16.2' + community.docker: '3.5.0' + community.general: '8.4.0' + community.grafana: '1.6.1' + community.hashi_vault: '6.1.0' + community.mysql: '3.8.0' + community.network: '5.0.2' + community.rabbitmq: '1.2.3' + containers.podman: '1.11.0' + debops.debops: '3.1.0' + kubernetes.core: '3.0.0' + netbox.netbox: '3.17.0' + openstack.cloud: '2.2.0' + osism.commons: '0.20240307.0' + osism.services: '0.20240307.0' + osism.validations: '0.20240307.0' + stackhpc.cephadm: fa76f330ce161b76e03828807b2eff8893216513 + +helm_chart_repositories: + cnpg: https://cloudnative-pg.github.io/charts + codecentric: https://codecentric.github.io/helm-charts diff --git a/7.0.0c/ceph-quincy.yml b/7.0.0c/ceph-quincy.yml new file mode 100644 index 00000000..05fe13ec --- /dev/null +++ b/7.0.0c/ceph-quincy.yml @@ -0,0 +1,15 @@ +--- +ansible_version: ">=7.0.0,<8.0.0" +ansible_core_version: '2.14.13' + +ceph_ansible_version: stable-7.0 +ceph_container_version: stable-7.0 +ceph_version: quincy + +defaults_version: 'v0.20240307.0' +generics_version: 'v0.20240307.0' +playbooks_version: 'v0.20240307.0' + +docker_images: + ceph: '17.2.7' + cephclient: '17.2.6' diff --git a/7.0.0c/ceph.yml b/7.0.0c/ceph.yml new file mode 120000 index 00000000..c204befc --- /dev/null +++ b/7.0.0c/ceph.yml @@ -0,0 +1 @@ +ceph-quincy.yml \ No newline at end of file diff --git a/7.0.0c/openstack-2023.2.yml b/7.0.0c/openstack-2023.2.yml new file mode 100644 index 00000000..7b92b0c3 --- /dev/null +++ b/7.0.0c/openstack-2023.2.yml @@ -0,0 +1,58 @@ +--- +ansible_version: '>=9.0.0,<10.0.0' +ansible_core_version: '2.16.4' + +openstack_version: 2023.2 +openstack_previous_version: 2023.1 + +defaults_version: 'v0.20240307.0' +generics_version: 'v0.20240307.0' +playbooks_version: 'v0.20240307.0' + +docker_images: + openstackclient: '6.5.0' + +infrastructure_projects: + cron: + dnsmasq: + fluentd: + grafana: + haproxy: + iscsid: + keepalived: + kolla-toolbox: + mariadb: + memcached: + multipathd: + opensearch: + openstack-base: + openvswitch: + ovn: + prometheus: + proxysql: + rabbitmq: + redis: + tgtd: + +openstack_projects: + aodh: stable-2023.2 + barbican: stable-2023.2 + ceilometer: stable-2023.2 + cinder: stable-2023.2 + designate: stable-2023.2 + glance: stable-2023.2 + gnocchi: stable/4.6 + heat: stable-2023.2 + horizon: stable-2023.2 + ironic: stable-2023.2 + keystone: stable-2023.2 + magnum: stable-2023.2 + manila: stable-2023.2 + neutron-dynamic-routing: stable-2023.2 + neutron-vpnaas: stable-2023.2 + neutron: stable-2023.2 + nova: stable-2023.2 + octavia: stable-2023.2 + placement: stable-2023.2 + skyline-apiserver: stable-2023.2 + skyline-console: stable-2023.2 diff --git a/7.0.0c/openstack.yml b/7.0.0c/openstack.yml new file mode 120000 index 00000000..569670b7 --- /dev/null +++ b/7.0.0c/openstack.yml @@ -0,0 +1 @@ +openstack-2023.2.yml \ No newline at end of file diff --git a/doc/source/index.rst b/doc/source/index.rst index 4defe2c4..2ca1bd1d 100644 --- a/doc/source/index.rst +++ b/doc/source/index.rst @@ -10,7 +10,7 @@ Release notes .. toctree:: :maxdepth: 1 - notes/7.0.0b + notes/7.0.0c notes/6.0.2 notes/6.0.1 notes/6.0.0 diff --git a/doc/source/notes/7.0.0c.rst b/doc/source/notes/7.0.0c.rst new file mode 100644 index 00000000..b2188bb4 --- /dev/null +++ b/doc/source/notes/7.0.0c.rst @@ -0,0 +1,197 @@ +====== +7.0.0c +====== + +**This is a pre-release. Do not use in production.** + +Report any feedback on this pre-release in the issues +`osism/issues#841 `_. + +This pre-release is set in the configuration repository like a stable release. +Instructions for the upgrade can be found in the `upgrade guide `_. + +First things first +================== + +* The Keycloak deployment via Docker Compose, which was previously included + as a technical preview, has been completely revised and is now deployed on + Kubernetes. No migration from the old deployment via Docker Compose to the + new deployment via Kubernetes has been prepared. If you are currently using + the Keycloak service, do not upgrade the Keycloak service and contact us in + advance. + +* The switch from classic queue mirroring and durable queues to quorum queues + in RabbitMQ has not yet been tested and documented. So far, there is only the + `Kolla-Ansible documentation `_, + which requires all services to be stopped. We are still working on a better + approach. + +General notes +============= + +* Shortly before the first pre-release, `gilt `_ + made a major release which led to breaking changes. It is therefore important + for the moment to install python-gilt in a version < 2 when synchronising the + configuration repository against the generics. In the CI and within the container + images, we currently use ``python-gilt == 1.2.3``. + +Deprecations +============ + +Removals +======== + +Housekeeping +============ + +To be considered +================ + +* The ``hosts_interface`` parameter is now set to ``internal_interface`` by default. + +Upgrade notes +============= + +* The use of ProxySQL for MariaDB is now possible and it is recommended to switch + to it as part of the upgrade. The parameter ``enable_proxysql`` is added to + ``environments/kolla/configuration.yml`` for this purpose. + + .. code-block:: yaml + + enable_proxysql: yes + + The secrets listed below (``proxysql_admin_password``, ``proxysql_stats_password``, + ``mariadb_monitor_password``) must also be added or changed. + + When migrating to ProxySQL, it is important to upgrade MariaDB first. + + When migrating to ProxySQL, it is important to perform the loadbalancer upgrade + before all OpenStack service upgrades. To make sure that the OpenStack services + continue to work after the upgrade when ProxySQL is enabled as part of the upgrade, + the ProxySQL service must have been deployed first. The ProxySQL service is deployed + with the loadbalancer play. + +* The following secrets must be added in ``environments/kolla/secrets.yml``: + + .. code-block:: yaml + + octavia_persistence_database_password: # generate with: pwgen 32 1 + prometheus_bcrypt_salt: # generate with: pwgen 22 1 <-- there's a 22 + prometheus_grafana_password: # generate with: pwgen 32 1 + prometheus_password: # generate with: pwgen 32 1 + proxysql_admin_password: # generate with: pwgen 32 1 + proxysql_stats_password: # generate with: pwgen 32 1 + +* The parameter ``mariadb_monitoring_password`` in ``environments/kolla/secrets.yml`` + has to be renamed to ``mariadb_monitor_password``. If the parameter is not present, + it is added. + + .. code-block:: yaml + + mariadb_monitor_password: # generate with: pwgen 32 1 + +* The following parameters must be removed from the configuration repository from + ``environments/kolla/configuration.yml``: + + .. code-block:: yaml + + ceph_nova_user: nova + ceph_nova_keyring: ceph.client.nova.keyring + +* Parameters for the Netbox service in ``environments/infrastructure/configuration.yml`` or + ``secrets.yml`` must now also be added in ``environments/manager/configuration.yml`` or + ``secrets.yml``. In an upcoming release, the parameters can be removed from the + infrastructure environment. + +* The Ansible callback plugin ``osism.commons.still_alive`` is now available to avoid timeouts + for long-running tasks. This currently has to be explicitly enabled in the Ansible configuration. + This is done in the ``environments/ansible.cfg`` file in the configuration repository. + The callback plugin is enabled by default in the future. + + .. code-block:: ini + + [defaults] + ... + stdout_callback = osism.commons.still_alive + +* In the inventory, the ``nova_backend`` parameter must be added to the host vars of + compute nodes where local storage is used. + + .. code-block:: yaml + + nova_backend: default + +* The persistence feature in Octavia was enabled by default. This requires an additional + database, which is only created when Octavia play is run in bootstrap mode first. + + .. code-block:: none + + osism apply -a bootstrap octavia + + The secret ``octavia_persistence_database_password`` (see above) must be added to + ``environments/kolla/secrets.yml`` before. + +* The SSL certificate file ``haproxy.pem`` is now available in a different location in the + ``haproxy`` container. Previously it was stored under ``/etc/haproxy/haproxy.pem``. From + now on it is stored under ``/etc/haproxy/certificates/haproxy.pem``. If you have customised + the configuration for the haproxy service or use overlays for this, adjust the locations of + the SSL certificate as required. + +* Due to the upgrade from Fluentd to version 5, some directory names within the container + image for Fluentd have changed. If you have worked with overlay files in the Fluentd service, + check these in advance. Currently we know that ``/var/run/td-agent`` is now available as + ``/var/run/fluentd`` (check `GitHub issue #864 `_ + for details). We assume that other directory names have changed similarly. + +Known issues +============ + + +* If error ``Couldn't fetch the key client.bootstrap-rbd at /var/lib/ceph/bootstrap-rbd/."`` + occurs when updating Ceph in task ``create potentially missing keys (rbd and rbd-mirror)``, + create directory ``/var/lib/ceph/bootstrap-rbd/`` on the 1st control node used for Ceph. + Use the UID ``64045`` and the GID ``64045``. Set ``0755`` as permissions. + +* The manager service is updated via ``osism update manager``. If this command is not yet + available, you can use ``osism-update-manager`` as an alternative. + + .. code-block:: none + + osism: 'update manager' is not an osism command. See 'osism --help'. + +The following issues have been noticed during tests and could not yet be reproduced and fixed: + +* `unhealthy mariadb service on the manager `_ + +Other +===== + +* Refstack 2022.11 results + +Versions +======== + +References +========== + +OpenStack 2023.2 press announcement: https://www.openstack.org/software/openstack-bobcat + +OpenStack 2023.2 release notes: https://releases.openstack.org/bobcat/index.html + +Release notes for each OpenStack service: + +* Barbican: https://docs.openstack.org/releasenotes/barbican/2023.2.html +* Ceilometer: https://docs.openstack.org/releasenotes/ceilometer/2023.2.html +* Cinder: https://docs.openstack.org/releasenotes/cinder/2023.2.html +* Designate: https://docs.openstack.org/releasenotes/designate/2023.2.html +* Glance: https://docs.openstack.org/releasenotes/glance/2023.2.html +* Heat: https://docs.openstack.org/releasenotes/heat/2023.2.html +* Horizon: https://docs.openstack.org/releasenotes/horizon/2023.2.html +* Ironic: https://docs.openstack.org/releasenotes/ironic/2023.2.html +* Keystone: https://docs.openstack.org/releasenotes/keystone/2023.2.html +* Manila: https://docs.openstack.org/releasenotes/manila/2023.2.html +* Neutron: https://docs.openstack.org/releasenotes/neutron/2023.2.html +* Nova: https://docs.openstack.org/releasenotes/nova/2023.2.html +* Octavia: https://docs.openstack.org/releasenotes/octavia/2023.2.html +* Placement: https://docs.openstack.org/releasenotes/placement/2023.2.html +* Skyline: https://docs.openstack.org/releasenotes/skyline-apiserver/2023.2.html, https://docs.openstack.org/releasenotes/skyline-console/2023.2.html