Prepare 7.0.0c release

Signed-off-by: Christian Berendt <berendt@osism.tech>
osism · Mar 7, 2024 · ff1a526 · ff1a526
1 parent eca8399
commit ff1a526
Show file tree

Hide file tree

Showing 7 changed files with 353 additions and 1 deletion.
diff --git a/7.0.0c/base.yml b/7.0.0c/base.yml
@@ -0,0 +1,80 @@
+---
+ansible_version: '9.2.0'
+ansible_core_version: '2.16.4'
+
+defaults_version: 'v0.20240307.0'
+generics_version: 'v0.20240307.0'
+manager_version: 7.0.0c
+operations_version: 'v0.20240307.0'
+playbooks_version: 'v0.20240307.0'
+
+osism_projects:
+  ara: '1.7.1'
+  docker: '5:24.0.9'
+  osism: '0.20240204.0'
+  k3s: 'v1.29.0+k3s1'
+
+docker_images:
+  adminer: '4.8.1'
+  alerta: '9.0.1'
+  ara_server: '1.7.0'
+  cgit: '1.2.3'
+  dnsdist: '1.8.0'
+  homer: 'v23.10.1'
+  inventory_reconciler: '7.0.0c'
+  fleet: 'v4.43.3'
+  keycloak: '19.0.3-legacy'
+  mariadb: '11.2.2'
+  memcached: '1.6.23-alpine'
+  netbox: 'v3.4.8'
+  nexus: '3.64.0'
+  nginx: '1.25.3-alpine'
+  openstack_health_monitor: 'v7.0.0a'
+  osism: '0.20240307.0'
+  phpmyadmin: '5.2.1'
+  postgres: '15.5-alpine'
+  postgres_upgrade: '14-to-15'
+  redis: '7.2.4-alpine'
+  registry: '2.8'
+  scaphandre: '1.0.0'
+  squid: '5.7-23.04_beta'
+  traefik: '2.11.0'
+  vault: '1.15.6'
+
+ansible_roles:
+  geerlingguy.certbot: 4be771f12a62c9a835491f76ac49cfdc150481ce
+  geerlingguy.dotfiles: d3c06e05442ec75e67c2d2e40591eed13f96587f
+  hardening: e77c311442cb1d1ef8caa7df9d9c00471afa75e7
+  pdns_recursor: 'v1.6.0'
+  stackhpc.libvirt_host: 27144f846d2c088d9de0d633f2ad26060bd8e5e7
+  stackhpc.libvirt_vm: 0c08b28ce3547878e104adc284e09c947809df50
+  stackhpc.luks: 81faff11713675f4e35126587445b52732b02aba
+  stackhpc.systemd_networkd: 091601b0b02d1db59297e1f72533927540e9b9c7
+  ubuntu22_cis: devel
+
+ansible_collections:
+  ansible.netcommon: '6.0.0'
+  ansible.posix: '1.5.4'
+  ansible.utils: '3.0.0'
+  cloud.common: '3.0.0'
+  community.crypto: '2.16.2'
+  community.docker: '3.5.0'
+  community.general: '8.4.0'
+  community.grafana: '1.6.1'
+  community.hashi_vault: '6.1.0'
+  community.mysql: '3.8.0'
+  community.network: '5.0.2'
+  community.rabbitmq: '1.2.3'
+  containers.podman: '1.11.0'
+  debops.debops: '3.1.0'
+  kubernetes.core: '3.0.0'
+  netbox.netbox: '3.17.0'
+  openstack.cloud: '2.2.0'
+  osism.commons: '0.20240307.0'
+  osism.services: '0.20240307.0'
+  osism.validations: '0.20240307.0'
+  stackhpc.cephadm: fa76f330ce161b76e03828807b2eff8893216513
+
+helm_chart_repositories:
+  cnpg: https://cloudnative-pg.github.io/charts
+  codecentric: https://codecentric.github.io/helm-charts
diff --git a/7.0.0c/ceph-quincy.yml b/7.0.0c/ceph-quincy.yml
@@ -0,0 +1,15 @@
+---
+ansible_version: ">=7.0.0,<8.0.0"
+ansible_core_version: '2.14.13'
+
+ceph_ansible_version: stable-7.0
+ceph_container_version: stable-7.0
+ceph_version: quincy
+
+defaults_version: 'v0.20240307.0'
+generics_version: 'v0.20240307.0'
+playbooks_version: 'v0.20240307.0'
+
+docker_images:
+  ceph: '17.2.7'
+  cephclient: '17.2.6'
diff --git a/7.0.0c/ceph.yml b/7.0.0c/ceph.yml
@@ -0,0 +1 @@
+ceph-quincy.yml
diff --git a/7.0.0c/openstack-2023.2.yml b/7.0.0c/openstack-2023.2.yml
@@ -0,0 +1,58 @@
+---
+ansible_version: '>=9.0.0,<10.0.0'
+ansible_core_version: '2.16.4'
+
+openstack_version: 2023.2
+openstack_previous_version: 2023.1
+
+defaults_version: 'v0.20240307.0'
+generics_version: 'v0.20240307.0'
+playbooks_version: 'v0.20240307.0'
+
+docker_images:
+  openstackclient: '6.5.0'
+
+infrastructure_projects:
+  cron:
+  dnsmasq:
+  fluentd:
+  grafana:
+  haproxy:
+  iscsid:
+  keepalived:
+  kolla-toolbox:
+  mariadb:
+  memcached:
+  multipathd:
+  opensearch:
+  openstack-base:
+  openvswitch:
+  ovn:
+  prometheus:
+  proxysql:
+  rabbitmq:
+  redis:
+  tgtd:
+
+openstack_projects:
+  aodh: stable-2023.2
+  barbican: stable-2023.2
+  ceilometer: stable-2023.2
+  cinder: stable-2023.2
+  designate: stable-2023.2
+  glance: stable-2023.2
+  gnocchi: stable/4.6
+  heat: stable-2023.2
+  horizon: stable-2023.2
+  ironic: stable-2023.2
+  keystone: stable-2023.2
+  magnum: stable-2023.2
+  manila: stable-2023.2
+  neutron-dynamic-routing: stable-2023.2
+  neutron-vpnaas: stable-2023.2
+  neutron: stable-2023.2
+  nova: stable-2023.2
+  octavia: stable-2023.2
+  placement: stable-2023.2
+  skyline-apiserver: stable-2023.2
+  skyline-console: stable-2023.2
diff --git a/7.0.0c/openstack.yml b/7.0.0c/openstack.yml
@@ -0,0 +1 @@
+openstack-2023.2.yml
diff --git a/doc/source/index.rst b/doc/source/index.rst
@@ -10,7 +10,7 @@ Release notes
 .. toctree::
    :maxdepth: 1
 
-   notes/7.0.0b
+   notes/7.0.0c
    notes/6.0.2
    notes/6.0.1
    notes/6.0.0

diff --git a/doc/source/notes/7.0.0c.rst b/doc/source/notes/7.0.0c.rst
@@ -0,0 +1,197 @@
+======
+7.0.0c
+======
+
+**This is a pre-release. Do not use in production.**
+
+Report any feedback on this pre-release in the issues
+`osism/issues#841 <https://github.com/osism/issues/issues/841>`_.
+
+This pre-release is set in the configuration repository like a stable release.
+Instructions for the upgrade can be found in the `upgrade guide <https://osism.github.io/docs/guides/upgrade-guide/manager>`_.
+
+First things first
+==================
+
+* The Keycloak deployment via Docker Compose, which was previously included
+  as a technical preview, has been completely revised and is now deployed on
+  Kubernetes. No migration from the old deployment via Docker Compose to the
+  new deployment via Kubernetes has been prepared. If you are currently using
+  the Keycloak service, do not upgrade the Keycloak service and contact us in
+  advance.
+
+* The switch from classic queue mirroring and durable queues to quorum queues
+  in RabbitMQ has not yet been tested and documented. So far, there is only the
+  `Kolla-Ansible documentation <https://docs.openstack.org/kolla-ansible/latest/reference/message-queues/rabbitmq.html#high-availability>`_,
+  which requires all services to be stopped. We are still working on a better
+  approach.
+
+General notes
+=============
+
+* Shortly before the first pre-release, `gilt <https://github.com/retr0h/gilt>`_
+  made a major release which led to breaking changes. It is therefore important
+  for the moment to install python-gilt in a version < 2 when synchronising the
+  configuration repository against the generics. In the CI and within the container
+  images, we currently use ``python-gilt == 1.2.3``.
+
+Deprecations
+============
+
+Removals
+========
+
+Housekeeping
+============
+
+To be considered
+================
+
+* The ``hosts_interface`` parameter is now set to ``internal_interface`` by default.
+
+Upgrade notes
+=============
+
+* The use of ProxySQL for MariaDB is now possible and it is recommended to switch
+  to it as part of the upgrade. The parameter ``enable_proxysql`` is added to
+  ``environments/kolla/configuration.yml`` for this purpose.
+
+  .. code-block:: yaml
+
+     enable_proxysql: yes
+
+  The secrets listed below (``proxysql_admin_password``, ``proxysql_stats_password``,
+  ``mariadb_monitor_password``) must also be added or changed.
+
+  When migrating to ProxySQL, it is important to upgrade MariaDB first.
+
+  When migrating to ProxySQL, it is important to perform the loadbalancer upgrade
+  before all OpenStack service upgrades. To make sure that the OpenStack services
+  continue to work after the upgrade when ProxySQL is enabled as part of the upgrade,
+  the ProxySQL service must have been deployed first. The ProxySQL service is deployed
+  with the loadbalancer play.
+
+* The following secrets must be added in ``environments/kolla/secrets.yml``:
+
+  .. code-block:: yaml
+
+     octavia_persistence_database_password:  # generate with: pwgen 32 1
+     prometheus_bcrypt_salt:                 # generate with: pwgen 22 1 <-- there's a 22
+     prometheus_grafana_password:            # generate with: pwgen 32 1
+     prometheus_password:                    # generate with: pwgen 32 1
+     proxysql_admin_password:                # generate with: pwgen 32 1
+     proxysql_stats_password:                # generate with: pwgen 32 1
+
+* The parameter ``mariadb_monitoring_password`` in ``environments/kolla/secrets.yml``
+  has to be renamed to ``mariadb_monitor_password``. If the parameter is not present,
+  it is added.
+
+  .. code-block:: yaml
+
+     mariadb_monitor_password:     # generate with: pwgen 32 1
+
+* The following parameters must be removed from the configuration repository from
+  ``environments/kolla/configuration.yml``:
+
+  .. code-block:: yaml
+
+     ceph_nova_user: nova
+     ceph_nova_keyring: ceph.client.nova.keyring
+
+* Parameters for the Netbox service in ``environments/infrastructure/configuration.yml`` or
+  ``secrets.yml`` must now also be added in ``environments/manager/configuration.yml`` or
+  ``secrets.yml``. In an upcoming  release, the parameters can be removed from the
+  infrastructure environment.
+
+* The Ansible callback plugin ``osism.commons.still_alive`` is now available to avoid timeouts
+  for long-running tasks. This currently has to be explicitly enabled in the Ansible configuration.
+  This is done in the ``environments/ansible.cfg`` file in the configuration repository.
+  The callback plugin is enabled by default in the future.
+
+  .. code-block:: ini
+
+     [defaults]
+     ...
+     stdout_callback = osism.commons.still_alive
+
+* In the inventory, the ``nova_backend`` parameter must be added to the host vars of
+  compute nodes where local storage is used.
+
+  .. code-block:: yaml
+
+     nova_backend: default
+
+* The persistence feature in Octavia was enabled by default. This requires an additional
+  database, which is only created when Octavia play is run in bootstrap mode first.
+
+  .. code-block:: none
+
+     osism apply -a bootstrap octavia
+
+  The secret ``octavia_persistence_database_password`` (see above) must be added to
+  ``environments/kolla/secrets.yml`` before.
+
+* The SSL certificate file ``haproxy.pem`` is now available in a different location in the
+  ``haproxy`` container. Previously it was stored under ``/etc/haproxy/haproxy.pem``. From
+  now on it is stored under ``/etc/haproxy/certificates/haproxy.pem``. If you have customised
+  the configuration for the haproxy service or use overlays for this, adjust the locations of
+  the SSL certificate as required.
+
+* Due to the upgrade from Fluentd to version 5, some directory names within the container
+  image for Fluentd have changed. If you have worked with overlay files in the Fluentd service,
+  check these in advance. Currently we know that ``/var/run/td-agent`` is now available as
+  ``/var/run/fluentd`` (check `GitHub issue #864 <https://github.com/osism/issues/issues/864>`_
+  for details).  We assume that other directory names have changed similarly.
+
+Known issues
+============
+
+
+* If error ``Couldn't fetch the key client.bootstrap-rbd at /var/lib/ceph/bootstrap-rbd/."``
+  occurs when updating Ceph in task ``create potentially missing keys (rbd and rbd-mirror)``,
+  create directory ``/var/lib/ceph/bootstrap-rbd/`` on the 1st control node used for Ceph.
+  Use the UID ``64045`` and the GID ``64045``. Set ``0755`` as permissions.
+
+* The manager service is updated via ``osism update manager``. If this command is not yet
+  available, you can use ``osism-update-manager`` as an alternative.
+
+  .. code-block:: none
+
+     osism: 'update manager' is not an osism command. See 'osism --help'.
+
+The following issues have been noticed during tests and could not yet be reproduced and fixed:
+
+* `unhealthy mariadb service on the manager <https://github.com/osism/issues/issues/863>`_
+
+Other
+=====
+
+* Refstack 2022.11 results
+
+Versions
+========
+
+References
+==========
+
+OpenStack 2023.2 press announcement: https://www.openstack.org/software/openstack-bobcat
+
+OpenStack 2023.2 release notes: https://releases.openstack.org/bobcat/index.html
+
+Release notes for each OpenStack service:
+
+* Barbican: https://docs.openstack.org/releasenotes/barbican/2023.2.html
+* Ceilometer: https://docs.openstack.org/releasenotes/ceilometer/2023.2.html
+* Cinder: https://docs.openstack.org/releasenotes/cinder/2023.2.html
+* Designate: https://docs.openstack.org/releasenotes/designate/2023.2.html
+* Glance: https://docs.openstack.org/releasenotes/glance/2023.2.html
+* Heat: https://docs.openstack.org/releasenotes/heat/2023.2.html
+* Horizon: https://docs.openstack.org/releasenotes/horizon/2023.2.html
+* Ironic: https://docs.openstack.org/releasenotes/ironic/2023.2.html
+* Keystone: https://docs.openstack.org/releasenotes/keystone/2023.2.html
+* Manila: https://docs.openstack.org/releasenotes/manila/2023.2.html
+* Neutron: https://docs.openstack.org/releasenotes/neutron/2023.2.html
+* Nova: https://docs.openstack.org/releasenotes/nova/2023.2.html
+* Octavia: https://docs.openstack.org/releasenotes/octavia/2023.2.html
+* Placement: https://docs.openstack.org/releasenotes/placement/2023.2.html
+* Skyline: https://docs.openstack.org/releasenotes/skyline-apiserver/2023.2.html, https://docs.openstack.org/releasenotes/skyline-console/2023.2.html