diff --git a/.ansible-lint b/.ansible-lint index 796dfa158e..5e585f5686 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,4 +1,5 @@ --- +strict: true use_default_rules: true skip_list: # [E301] Commands should not change things if nothing needs doing diff --git a/.gitreview b/.gitreview index d8421134d9..4caf9597b5 100644 --- a/.gitreview +++ b/.gitreview @@ -2,3 +2,4 @@ host=review.opendev.org port=29418 project=openstack/kolla-ansible.git +defaultbranch=stable/2023.2 diff --git a/README.rst b/README.rst index 43fd247b62..b7859c8f66 100644 --- a/README.rst +++ b/README.rst @@ -57,7 +57,7 @@ Kolla Ansible deploys containers for the following OpenStack projects: - `Kuryr `__ - `Magnum `__ - `Manila `__ -- `Masakari `__ (deprecated) +- `Masakari `__ - `Mistral `__ - `Murano `__ - `Neutron `__ diff --git a/ansible/gather-facts.yml b/ansible/gather-facts.yml index b50389660a..b69755647f 100644 --- a/ansible/gather-facts.yml +++ b/ansible/gather-facts.yml @@ -4,28 +4,21 @@ # building their configurations. - name: Gather facts for all hosts hosts: all - any_errors_fatal: "{{ kolla_ansible_setup_any_errors_fatal | bool }}" serial: '{{ kolla_serial|default("0") }}' gather_facts: false tasks: + - name: Group hosts to determine when using --limit + group_by: + key: "all_using_limit_{{ (ansible_play_batch | length) != (groups['all'] | length) }}" + changed_when: false + - name: Gather facts setup: filter: "{{ kolla_ansible_setup_filter }}" gather_subset: "{{ kolla_ansible_setup_gather_subset }}" when: + # Don't gather if fact caching is in use - not ansible_facts - - - name: Gather package facts - package_facts: - when: - - "'packages' not in ansible_facts" - - kolla_action is defined - - kolla_action == "precheck" - - - name: Group hosts to determine when using --limit - group_by: - key: "all_using_limit_{{ (ansible_play_batch | length) != (groups['all'] | length) }}" - changed_when: false tags: always # NOTE(pbourke): This case covers deploying subsets of hosts using --limit. The @@ -36,7 +29,6 @@ # the limit. - name: Gather facts for all hosts (if using --limit) hosts: all_using_limit_True - any_errors_fatal: "{{ kolla_ansible_setup_any_errors_fatal | bool }}" serial: '{{ kolla_serial|default("0") }}' gather_facts: false vars: @@ -53,17 +45,10 @@ delegate_facts: True delegate_to: "{{ item }}" with_items: "{{ delegate_hosts }}" - # We gathered facts for all hosts in the batch during the first play. when: + # We gathered facts for all hosts in the batch during the first play. + # Ensure that we don't try again if they failed. + - item not in groups["all_using_limit_True"] + # Don't gather if fact caching is in use - not hostvars[item].ansible_facts - - - name: Gather package facts - package_facts: - delegate_facts: True - delegate_to: "{{ item }}" - with_items: "{{ delegate_hosts }}" - when: - - "'packages' not in hostvars[item].ansible_facts" - - kolla_action is defined - - "kolla_action == 'precheck'" tags: always diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index f512f5c03c..a232be21e8 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -36,14 +36,6 @@ kolla_ansible_setup_filter: "{{ omit }}" # By default, we do not provide a gather subset. kolla_ansible_setup_gather_subset: "{{ omit }}" -# This variable is used as "any_errors_fatal" setting for the setup (gather -# facts) plays. -# This is useful for weeding out failing hosts early to avoid late failures -# due to missing facts (especially cross-host). -# Do note this still supports host fact caching and it will not affect -# scenarios with all facts cached (as there is no task to fail). -kolla_ansible_setup_any_errors_fatal: false - ################### # Kolla options ################### @@ -56,7 +48,7 @@ kolla_base_distro: "rocky" kolla_internal_vip_address: "{{ kolla_internal_address | default('') }}" kolla_internal_fqdn: "{{ kolla_internal_vip_address }}" kolla_external_vip_address: "{{ kolla_internal_vip_address }}" -kolla_same_external_internal_vip: "{{ kolla_external_vip_address == kolla_internal_vip_address }}" +kolla_same_external_internal_vip: "{{ kolla_external_vip_address | ansible.utils.ipaddr('address') == kolla_internal_vip_address | ansible.utils.ipaddr('address') }}" kolla_external_fqdn: "{{ kolla_internal_fqdn if kolla_same_external_internal_vip | bool else kolla_external_vip_address }}" kolla_dev_repos_directory: "/opt/stack/" @@ -443,6 +435,7 @@ ironic_http_port: "8089" ironic_prometheus_exporter_port: "9608" iscsi_port: "3260" +kafka_port: "9092" keystone_public_port: "{{ haproxy_single_external_frontend_public_port if haproxy_single_external_frontend | bool else keystone_public_listen_port }}" keystone_public_listen_port: "5000" @@ -467,6 +460,12 @@ manila_api_port: "8786" manila_api_public_port: "{{ haproxy_single_external_frontend_public_port if haproxy_single_external_frontend | bool else manila_api_port }}" manila_api_listen_port: "{{ manila_api_port }}" +manila_share_internal_fqdn: "{{ kolla_internal_fqdn }}" +manila_share_external_fqdn: "{{ kolla_external_fqdn }}" +manila_share_port: "2049" +manila_share_public_port: "{{ manila_share_port }}" +manila_share_listen_port: "2050" + mariadb_port: "{{ database_port }}" mariadb_wsrep_port: "4567" mariadb_ist_port: "4568" @@ -584,6 +583,8 @@ prometheus_memcached_exporter_port: "9150" prometheus_rabbitmq_exporter_port: "{{ rabbitmq_prometheus_port }}" # Default cadvisor port of 8080 already in use prometheus_cadvisor_port: "18080" +# Default pushgateway port of 9091 already in use +prometheus_pushgateway_port: "19091" prometheus_fluentd_integration_port: "24231" prometheus_libvirt_exporter_port: "9177" prometheus_etcd_integration_port: "{{ etcd_client_port }}" @@ -643,6 +644,11 @@ skyline_console_port: "9999" skyline_console_listen_port: "{{ skyline_console_port }}" skyline_console_public_port: "{{ haproxy_single_external_frontend_public_port if haproxy_single_external_frontend | bool else skyline_console_port }}" + +dingo_command_external_fqdn: "{{ kolla_external_fqdn }}" +dingo_command_internal_fqdn: "{{ kolla_internal_fqdn }}" +dingo_command_port: "8887" + solum_application_deployment_internal_fqdn: "{{ kolla_internal_fqdn }}" solum_application_deployment_external_fqdn: "{{ kolla_external_fqdn }}" solum_application_deployment_port: "9777" @@ -689,6 +695,10 @@ watcher_api_port: "9322" watcher_api_public_port: "{{ haproxy_single_external_frontend_public_port if haproxy_single_external_frontend | bool else watcher_api_port }}" watcher_api_listen_port: "{{ watcher_api_port }}" +zookeeper_client_port: "2181" +zookeeper_peer_port: "2888" +zookeeper_quorum_port: "3888" + zun_api_port: "9517" zun_api_public_port: "{{ haproxy_single_external_frontend_public_port if haproxy_single_external_frontend | bool else zun_api_port }}" zun_api_listen_port: "{{ zun_api_port }}" @@ -718,7 +728,7 @@ external_api_firewalld_zone: "public" #################### # OpenStack options #################### -openstack_release: "master" +openstack_release: "2023.2" # Docker image tag used by default. openstack_tag: "{{ openstack_release }}-{{ kolla_base_distro }}-{{ kolla_base_distro_version }}{{ openstack_tag_suffix }}" openstack_tag_suffix: "" @@ -817,6 +827,7 @@ enable_horizon: "{{ enable_openstack_core | bool }}" enable_horizon_blazar: "{{ enable_blazar | bool }}" enable_horizon_cloudkitty: "{{ enable_cloudkitty | bool }}" enable_horizon_designate: "{{ enable_designate | bool }}" +enable_horizon_fwaas: "{{ enable_neutron_fwaas | bool }}" enable_horizon_freezer: "{{ enable_freezer | bool }}" enable_horizon_heat: "{{ enable_heat | bool }}" enable_horizon_ironic: "{{ enable_ironic | bool }}" @@ -842,6 +853,7 @@ enable_ironic_neutron_agent: "{{ enable_neutron | bool and enable_ironic | bool enable_ironic_pxe_uefi: "no" enable_ironic_prometheus_exporter: "{{ enable_ironic | bool and enable_prometheus | bool }}" enable_iscsid: "{{ enable_cinder | bool and enable_cinder_backend_iscsi | bool }}" +enable_kafka: "no" enable_kuryr: "no" enable_letsencrypt: "no" enable_magnum: "no" @@ -862,6 +874,7 @@ enable_neutron_vpnaas: "no" enable_neutron_sriov: "no" enable_neutron_mlnx: "no" enable_neutron_dvr: "no" +enable_neutron_fwaas: "no" enable_neutron_qos: "no" enable_neutron_agent_ha: "no" enable_neutron_bgp_dragent: "no" @@ -873,12 +886,14 @@ enable_neutron_trunk: "no" enable_neutron_metering: "no" enable_neutron_infoblox_ipam_agent: "no" enable_neutron_port_forwarding: "no" +enable_neutron_bm_gateway: "no" enable_nova_libvirt_container: "{{ nova_compute_virt_type in ['kvm', 'qemu'] }}" enable_nova_serialconsole_proxy: "no" enable_nova_ssh: "yes" enable_octavia: "no" enable_octavia_driver_agent: "{{ enable_octavia | bool and neutron_plugin_agent == 'ovn' }}" enable_octavia_jobboard: "{{ enable_octavia | bool and 'amphora' in octavia_provider_drivers }}" +octavia_nova_enable_anti_affinity: "yes" enable_openvswitch: "{{ enable_neutron | bool and neutron_plugin_agent != 'linuxbridge' }}" enable_ovn: "{{ enable_neutron | bool and neutron_plugin_agent == 'ovn' }}" enable_ovs_dpdk: "no" @@ -901,6 +916,7 @@ enable_trove_singletenant: "no" enable_venus: "no" enable_vitrage: "no" enable_watcher: "no" +enable_zookeeper: "no" enable_zun: "no" ovs_datapath: "{{ 'netdev' if enable_ovs_dpdk | bool else 'system' }}" @@ -992,6 +1008,7 @@ haproxy_single_external_frontend_public_port: "{{ '443' if kolla_enable_tls_exte ################## kolla_httpd_keep_alive: "60" kolla_httpd_timeout: "60" +cloudkitty_httpd_timeout: "600" ###################### # Backend TLS options @@ -1019,6 +1036,10 @@ keystone_public_url: "{{ keystone_external_fqdn | kolla_url(public_protocol, key keystone_admin_user: "admin" keystone_admin_project: "admin" +# Whether or not to apply changes to service user passwords when services are +# reconfigured +update_keystone_service_user_passwords: true + default_project_domain_name: "Default" default_project_domain_id: "default" @@ -1245,6 +1266,12 @@ ceph_gnocchi_keyring: "client.{{ ceph_gnocchi_user }}.keyring" ceph_manila_keyring: "client.{{ ceph_manila_user }}.keyring" ceph_nova_keyring: "{{ ceph_cinder_keyring }}" +# ceph pools configuration +manila_export_store_pool_name: "ganesha-nfs-data" +manila_export_object_name: "ganesha-export-index" + + + ##################### # VMware support ###################### @@ -1281,6 +1308,7 @@ enable_prometheus_ceph_mgr_exporter: "no" enable_prometheus_openstack_exporter: "{{ enable_prometheus | bool }}" enable_prometheus_openstack_exporter_external: "no" enable_prometheus_elasticsearch_exporter: "{{ enable_prometheus | bool and enable_opensearch | bool }}" +enable_prometheus_pushgateway: "{{ enable_prometheus | bool }}" enable_prometheus_blackbox_exporter: "{{ enable_prometheus | bool }}" enable_prometheus_rabbitmq_exporter: "{{ enable_prometheus | bool and enable_rabbitmq | bool }}" enable_prometheus_libvirt_exporter: "{{ enable_prometheus | bool and enable_nova | bool and nova_compute_virt_type in ['kvm', 'qemu'] }}" @@ -1288,15 +1316,17 @@ enable_prometheus_etcd_integration: "{{ enable_prometheus | bool and enable_etcd enable_prometheus_msteams: "no" prometheus_alertmanager_user: "admin" +prometheus_pushgateway_user: "admin" prometheus_grafana_user: "grafana" prometheus_scrape_interval: "60s" -prometheus_openstack_exporter_interval: "{{ prometheus_scrape_interval }}" -prometheus_openstack_exporter_timeout: "45s" +prometheus_openstack_exporter_interval: "600s" +prometheus_openstack_exporter_timeout: "150s" prometheus_elasticsearch_exporter_interval: "{{ prometheus_scrape_interval }}" +prometheus_pushgateway_interval: "60s" prometheus_cmdline_extras: prometheus_ceph_mgr_exporter_endpoints: [] prometheus_openstack_exporter_endpoint_type: "internal" -prometheus_openstack_exporter_compute_api_version: "latest" +prometheus_openstack_exporter_compute_api_version: "2.87" prometheus_libvirt_exporter_interval: "60s" prometheus_msteams_webhook_url: @@ -1317,6 +1347,17 @@ influxdb_datadir_volume: "influxdb" influxdb_internal_endpoint: "{{ kolla_internal_fqdn | kolla_url(internal_protocol, influxdb_http_port) }}" + +################# +# Kafka options +################# +kafka_datadir_volume: "kafka" + +# The number of brokers in a Kafka cluster. This is used for automatically +# setting quantities such as topic replicas and it is not recommended to +# change it unless you know what you are doing. +kafka_broker_count: "{{ groups['kafka'] | length }}" + ######################### # Internal Image options ######################### diff --git a/ansible/inventory/all-in-one b/ansible/inventory/all-in-one index 138022e73b..1b16369eb6 100644 --- a/ansible/inventory/all-in-one +++ b/ansible/inventory/all-in-one @@ -642,6 +642,9 @@ monitoring [prometheus-elasticsearch-exporter:children] opensearch +[prometheus-pushgateway:children] +monitoring + [prometheus-blackbox-exporter:children] monitoring diff --git a/ansible/inventory/multinode b/ansible/inventory/multinode index eaa077c37d..20fdd8d72b 100644 --- a/ansible/inventory/multinode +++ b/ansible/inventory/multinode @@ -661,6 +661,9 @@ monitoring [prometheus-elasticsearch-exporter:children] opensearch +[prometheus-pushgateway:children] +monitoring + [prometheus-blackbox-exporter:children] monitoring diff --git a/ansible/library/kolla_container_facts.py b/ansible/library/kolla_container_facts.py index 3f75a44789..ef3617db26 100644 --- a/ansible/library/kolla_container_facts.py +++ b/ansible/library/kolla_container_facts.py @@ -104,7 +104,7 @@ def use_podman(module, results): for container in containers: container.reload() container_name = container.attrs['Name'] - if container_name not in names: + if names and container_name not in names: continue results['_containers'].append(container.attrs) results[container_name] = container.attrs diff --git a/ansible/library/kolla_toolbox.py b/ansible/library/kolla_toolbox.py index acfc8a15ae..b4341f0d70 100644 --- a/ansible/library/kolla_toolbox.py +++ b/ansible/library/kolla_toolbox.py @@ -181,7 +181,9 @@ def use_docker(module): "ANSIBLE_LOAD_CALLBACK_PLUGINS": "True"} job = client.exec_create(kolla_toolbox, command_line, environment=environment, **kwargs) - json_output = client.exec_start(job) + json_output, error = client.exec_start(job, demux=True) + if error: + module.log(msg='Inner module stderr: %s' % error) try: output = json.loads(json_output) diff --git a/ansible/module_utils/kolla_container_worker.py b/ansible/module_utils/kolla_container_worker.py index 8e85c7fd9a..4b6ac5d40d 100644 --- a/ansible/module_utils/kolla_container_worker.py +++ b/ansible/module_utils/kolla_container_worker.py @@ -12,11 +12,13 @@ from abc import ABC from abc import abstractmethod +import logging import shlex from ansible.module_utils.kolla_systemd_worker import SystemdWorker COMPARE_CONFIG_CMD = ['/usr/local/bin/kolla_set_configs', '--check'] +LOG = logging.getLogger(__name__) class ContainerWorker(ABC): @@ -205,6 +207,73 @@ def compare_volumes_from(self, container_info): def compare_volumes(self, container_info): pass + def dimensions_differ(self, a, b, key): + """Compares two docker dimensions + + As there are two representations of dimensions in docker, we should + normalize them to compare if they are the same. + + If the dimension is no more supported due docker update, + an error is thrown to operator to fix the dimensions' config. + + The available representations can be found at: + + https://docs.docker.com/config/containers/resource_constraints/ + + + :param a: Integer or String that represents a number followed or not + by "b", "k", "m" or "g". + :param b: Integer or String that represents a number followed or not + by "b", "k", "m" or "g". + :return: True if 'a' has the same logical value as 'b' or else + False. + """ + + if a is None or b is None: + msg = ("The dimension [%s] is no more supported by Docker, " + "please remove it from yours configs or change " + "to the new one.") % key + LOG.error(msg) + self.module.fail_json( + failed=True, + msg=msg + ) + return + + unit_sizes = { + 'b': 1, + 'k': 1024 + } + unit_sizes['m'] = unit_sizes['k'] * 1024 + unit_sizes['g'] = unit_sizes['m'] * 1024 + a = str(a) + b = str(b) + a_last_char = a[-1].lower() + b_last_char = b[-1].lower() + error_msg = ("The docker dimension unit [%s] is not supported for " + "the dimension [%s]. The currently supported units " + "are ['b', 'k', 'm', 'g'].") + if not a_last_char.isnumeric(): + if a_last_char in unit_sizes: + a = str(int(a[:-1]) * unit_sizes[a_last_char]) + else: + LOG.error(error_msg, a_last_char, a) + self.module.fail_json( + failed=True, + msg=error_msg % (a_last_char, a) + ) + + if not b_last_char.isnumeric(): + if b_last_char in unit_sizes: + b = str(int(b[:-1]) * unit_sizes[b_last_char]) + else: + LOG.error(error_msg, b_last_char, b) + self.module.fail_json( + failed=True, + msg=error_msg % (b_last_char, b) + ) + return a != b + def compare_dimensions(self, container_info): new_dimensions = self.params.get('dimensions') @@ -223,12 +292,14 @@ def compare_dimensions(self, container_info): # check for a match. Otherwise, ensure it is set to the default. if key1 in new_dimensions: if key1 == 'ulimits': - if self.compare_ulimits(new_dimensions[key1], - current_dimensions[key2]): + if self.compare_ulimits(new_dimensions.get(key1), + current_dimensions.get(key2)): return True - elif new_dimensions[key1] != current_dimensions[key2]: + elif self.dimensions_differ(new_dimensions.get(key1), + current_dimensions.get(key2), + key1): return True - elif current_dimensions[key2]: + elif current_dimensions.get(key2): # The default values of all currently supported resources are # '' or 0 - both falsy. return True diff --git a/ansible/module_utils/kolla_podman_worker.py b/ansible/module_utils/kolla_podman_worker.py index dd215174e9..659e8f0695 100644 --- a/ansible/module_utils/kolla_podman_worker.py +++ b/ansible/module_utils/kolla_podman_worker.py @@ -30,12 +30,12 @@ 'cpu_period', # int 'cpu_quota', # int 'cpuset_cpus', # str - 'cpu_shares' # int + 'cpu_shares', # int 'cpuset_mems', # str 'kernel_memory', # int or string 'mem_limit', # (Union[int, str]) 'mem_reservation', # (Union[int, str]): Memory soft limit. - 'memswap_limit' # (Union[int, str]): Maximum amount of memory + 'memswap_limit', # (Union[int, str]): Maximum amount of memory # + swap a container is allowed to consume. 'ulimits', # List[Ulimit] 'blkio_weight', # int between 10 and 1000 @@ -58,7 +58,7 @@ 'remove', # bool 'restart_tries', # int doesnt matter done by systemd 'stop_timeout', # int - 'tty' # bool + 'tty', # bool # VOLUMES NOT WORKING HAS TO BE DONE WITH MOUNTS 'volumes', # array of dict 'volumes_from', # array of strings @@ -176,7 +176,11 @@ def parse_volumes(self, volumes, mounts, filtered_volumes): mounts.append(mount_item) else: try: - src, dest = item.split(':') + mode = 'rw' + if item.count(':') == 2: + src, dest, mode = item.split(':') + else: + src, dest = item.split(':') except ValueError: self.module.fail_json( msg="Wrong format of volume: {}".format(item), @@ -191,7 +195,7 @@ def parse_volumes(self, volumes, mounts, filtered_volumes): else: filtered_volumes[src] = dict( bind=dest, - mode='rw' + mode=mode ) def parse_dimensions(self, dimensions): @@ -518,7 +522,11 @@ def recreate_or_restart_container(self): self.start_container() elif strategy == 'COPY_ALWAYS': - self.restart_container() + self.ensure_image() + + self.stop_container() + self.remove_container() + self.start_container() def start_container(self): self.ensure_image() diff --git a/ansible/module_utils/kolla_systemd_worker.py b/ansible/module_utils/kolla_systemd_worker.py index 396d15c205..b807d2a929 100644 --- a/ansible/module_utils/kolla_systemd_worker.py +++ b/ansible/module_utils/kolla_systemd_worker.py @@ -23,7 +23,7 @@ [Unit] Description=${engine} ${service_name} After=${deps} -Requires=${deps} +Wants=${deps} StartLimitInterval=${restart_timeout} StartLimitBurst=${restart_retries} @@ -32,6 +32,7 @@ ExecStop=/usr/bin/${engine} stop ${name} -t ${graceful_timeout} Restart=${restart_policy} RestartSec=${restart_duration} +SuccessExitStatus=143 [Install] WantedBy=multi-user.target diff --git a/ansible/rabbitmq-upgrade.yml b/ansible/rabbitmq-upgrade.yml new file mode 100644 index 0000000000..3677676500 --- /dev/null +++ b/ansible/rabbitmq-upgrade.yml @@ -0,0 +1,21 @@ +--- +- import_playbook: gather-facts.yml + +- name: Group hosts based on configuration (RabbitMQ Only) + hosts: all + gather_facts: false + max_fail_percentage: >- + {{ group_hosts_max_fail_percentage | + default(kolla_max_fail_percentage) | + default(100) }} + tasks: + - name: Group hosts based on enabled services (RabbitMQ Only) + group_by: + key: "enable_rabbitmq_{{ enable_rabbitmq | bool }}" + changed_when: false + tags: always + +- import_playbook: rabbitmq.yml + vars: + kolla_action: upgrade + rabbitmq_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/rabbitmq-{{ rabbitmq_version_suffix | regex_replace('\\.', '-') }}" diff --git a/ansible/rabbitmq.yml b/ansible/rabbitmq.yml index 370600c8eb..6d5fa8b977 100644 --- a/ansible/rabbitmq.yml +++ b/ansible/rabbitmq.yml @@ -52,7 +52,7 @@ include_role: name: rabbitmq tasks_from: post-deploy.yml - when: kolla_action in ['deploy', 'reconfigure'] + when: kolla_action in ['deploy', 'reconfigure', 'upgrade'] vars: role_rabbitmq_cluster_cookie: '{{ rabbitmq_cluster_cookie }}' role_rabbitmq_groups: rabbitmq diff --git a/ansible/roles/blazar/templates/blazar.conf.j2 b/ansible/roles/blazar/templates/blazar.conf.j2 index a37b899f4c..2b1f5f5323 100644 --- a/ansible/roles/blazar/templates/blazar.conf.j2 +++ b/ansible/roles/blazar/templates/blazar.conf.j2 @@ -11,6 +11,7 @@ os_admin_username = {{ blazar_keystone_user }} os_admin_password = {{ blazar_keystone_password }} os_admin_project_name = service identity_service = identity +cafile = {{ openstack_cacert }} [api] api_v2_controllers = oshosts,leases diff --git a/ansible/roles/ceilometer/templates/pipeline.yaml.j2 b/ansible/roles/ceilometer/templates/pipeline.yaml.j2 index 376559ce3b..8946df5771 100644 --- a/ansible/roles/ceilometer/templates/pipeline.yaml.j2 +++ b/ansible/roles/ceilometer/templates/pipeline.yaml.j2 @@ -5,6 +5,17 @@ sources: - "*" sinks: - meter_sink + - name: radosgw_source + interval: 60 + meters: + - "rgw.objects" + - "rgw.objects.size" + - "rgw.objects.containers" + - "rgw.api.request" + - "rgw.containers.objects" + - "rgw.containers.objects.size" + sinks: + - meter_sink sinks: - name: meter_sink publishers: diff --git a/ansible/roles/cinder/defaults/main.yml b/ansible/roles/cinder/defaults/main.yml index 361d3961f2..dbeb27389c 100644 --- a/ansible/roles/cinder/defaults/main.yml +++ b/ansible/roles/cinder/defaults/main.yml @@ -346,6 +346,11 @@ cinder_ks_users: password: "{{ cinder_keystone_password }}" role: "admin" +cinder_ks_user_roles: + - project: "service" + user: "{{ cinder_keystone_user }}" + role: "service" + #################### # TLS #################### diff --git a/ansible/roles/cinder/tasks/precheck.yml b/ansible/roles/cinder/tasks/precheck.yml index 6bb50a7084..41c55673ab 100644 --- a/ansible/roles/cinder/tasks/precheck.yml +++ b/ansible/roles/cinder/tasks/precheck.yml @@ -59,7 +59,7 @@ assert: that: - vars[item] is defined - msg: "Cinder backup S3 backend is enabled, either the {{ item }} or {{ item | replace('cinder_backup_','') }} variable must be defined." + msg: "Cinder backup S3 backend is enabled, either the {{ item }} or {{ item | replace('cinder_backup_', '') }} variable must be defined." with_items: - cinder_backup_s3_url - cinder_backup_s3_bucket diff --git a/ansible/roles/cinder/tasks/register.yml b/ansible/roles/cinder/tasks/register.yml index 86511bc411..d090b30d8e 100644 --- a/ansible/roles/cinder/tasks/register.yml +++ b/ansible/roles/cinder/tasks/register.yml @@ -5,3 +5,4 @@ service_ks_register_auth: "{{ openstack_cinder_auth }}" service_ks_register_services: "{{ cinder_ks_services }}" service_ks_register_users: "{{ cinder_ks_users }}" + service_ks_register_user_roles: "{{ cinder_ks_user_roles }}" diff --git a/ansible/roles/cinder/tasks/upgrade.yml b/ansible/roles/cinder/tasks/upgrade.yml index a402d547c1..e12f771598 100644 --- a/ansible/roles/cinder/tasks/upgrade.yml +++ b/ansible/roles/cinder/tasks/upgrade.yml @@ -10,6 +10,13 @@ - import_tasks: check-containers.yml +# TODO(bbezak): Remove this task in the Dalmatian cycle. +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_cinder_auth }}" + service_ks_register_user_roles: "{{ cinder_ks_user_roles }}" + - name: Flush handlers meta: flush_handlers diff --git a/ansible/roles/cinder/templates/cinder.conf.j2 b/ansible/roles/cinder/templates/cinder.conf.j2 index 69cde541a3..7523b50f55 100644 --- a/ansible/roles/cinder/templates/cinder.conf.j2 +++ b/ansible/roles/cinder/templates/cinder.conf.j2 @@ -43,6 +43,7 @@ backup_file_size = 327680000 {% elif enable_swift | bool and cinder_backup_driver == "swift" %} backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver backup_swift_url = {{ swift_internal_base_endpoint }}/v1/AUTH_ +backup_swift_ca_cert_file = {{ openstack_cacert }} backup_swift_auth = per_user backup_swift_auth_version = 1 backup_swift_user = @@ -116,7 +117,6 @@ service_type = volume # see: https://security.openstack.org/ossa/OSSA-2023-003.html # and: https://docs.openstack.org/cinder/zed/configuration/block-storage/service-token.html#troubleshooting service_token_roles_required = true -service_token_roles = admin www_authenticate_uri = {{ keystone_internal_url }} auth_url = {{ keystone_internal_url }} auth_type = password diff --git a/ansible/roles/cloudkitty/defaults/main.yml b/ansible/roles/cloudkitty/defaults/main.yml index f7b87daac4..0735b4a67e 100644 --- a/ansible/roles/cloudkitty/defaults/main.yml +++ b/ansible/roles/cloudkitty/defaults/main.yml @@ -154,10 +154,10 @@ cloudkitty_custom_metrics_yaml_file: "metrics.yml" # cloudkitty_influxdb_retention_policy: "autogen" # Set to true to use SSL for InfluxDB connections. -cloudkitty_influxdb_use_ssl: false +cloudkitty_influxdb_use_ssl: "{{ kolla_enable_tls_internal }}" # Path of the CA certificate to trust for HTTPS connections. -# cloudkitty_influxdb_cafile: "{{ openstack_cacert }}" +cloudkitty_influxdb_cafile: "{{ openstack_cacert }}" # Set to true to authorize insecure HTTPS connections to InfluxDB. # This means, HTTPS connections without validating the certificate used by InfluxDB @@ -172,7 +172,7 @@ cloudkitty_elasticsearch_index_name: "cloudkitty" cloudkitty_elasticsearch_url: "{{ internal_protocol }}://{{ opensearch_address }}:{{ opensearch_port }}" # Path of the CA certificate to trust for HTTPS connections. -# cloudkitty_elasticsearch_cafile: "{{ openstack_cacert }}" +cloudkitty_elasticsearch_cafile: "{{ openstack_cacert }}" # Set to true to authorize insecure HTTPS connections to Elasticsearch. # This means, HTTPS connections without validating the certificate used by elasticsearch @@ -189,7 +189,7 @@ cloudkitty_collector_backend: "gnocchi" cloudkitty_prometheus_url: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ prometheus_port }}/api/v1" # Path of the CA certificate to trust for HTTPS connections. -# cloudkitty_prometheus_cafile: "{{ openstack_cacert }}" +cloudkitty_prometheus_cafile: "{{ openstack_cacert }}" # Set to true to authorize insecure HTTPS connections to Prometheus. # This means, HTTPS connections without validating the certificate used by prometheus. diff --git a/ansible/roles/cloudkitty/tasks/bootstrap.yml b/ansible/roles/cloudkitty/tasks/bootstrap.yml index 679c33ae95..8c432f3ffc 100644 --- a/ansible/roles/cloudkitty/tasks/bootstrap.yml +++ b/ansible/roles/cloudkitty/tasks/bootstrap.yml @@ -45,6 +45,9 @@ port: "{{ influxdb_http_port }}" ssl: "{{ cloudkitty_influxdb_use_ssl | bool }}" database_name: "{{ cloudkitty_influxdb_name }}" + # The influxdb_database module and the InfluxDB 1.x Python client don't + # support specifying a CA certificate file. + validate_certs: False run_once: True delegate_to: "{{ groups['cloudkitty-api'][0] }}" when: cloudkitty_storage_backend == 'influxdb' diff --git a/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2 b/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2 index b2f209c2ba..89b6dee37b 100644 --- a/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2 +++ b/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2 @@ -117,7 +117,11 @@ coordination_url = mysql://{{ cloudkitty_database_user }}:{{ cloudkitty_database max_workers = {{ cloudkitty_processor_workers }} [storage] +{% if cloudkitty_storage_backend == 'elasticsearch' %} +backend = opensearch +{% else %} backend = {{ cloudkitty_storage_backend }} +{% endif %} {% if cloudkitty_storage_backend == 'sqlalchemy' %} version = 1 {% else %} @@ -149,7 +153,7 @@ cafile = {{ cloudkitty_influxdb_cafile }} {% endif %} {% if cloudkitty_storage_backend == 'elasticsearch' %} -[storage_elasticsearch] +[storage_opensearch] host = {{ cloudkitty_elasticsearch_url }} index_name = {{ cloudkitty_elasticsearch_index_name }} insecure = {{ cloudkitty_elasticsearch_insecure_connections }} diff --git a/ansible/roles/cloudkitty/templates/wsgi-cloudkitty.conf.j2 b/ansible/roles/cloudkitty/templates/wsgi-cloudkitty.conf.j2 index 38a3150050..929cc04908 100644 --- a/ansible/roles/cloudkitty/templates/wsgi-cloudkitty.conf.j2 +++ b/ansible/roles/cloudkitty/templates/wsgi-cloudkitty.conf.j2 @@ -5,7 +5,7 @@ Listen {{ api_interface_address | put_address_in_context('url') }}:{{ cloudkitty ServerSignature Off ServerTokens Prod TraceEnable off -TimeOut {{ kolla_httpd_timeout }} +TimeOut {{ cloudkitty_httpd_timeout }} KeepAliveTimeout {{ kolla_httpd_keep_alive }} ErrorLog "{{ cloudkitty_log_dir }}/apache-error.log" diff --git a/ansible/roles/common/defaults/main.yml b/ansible/roles/common/defaults/main.yml index 5a9986456b..7ba1ad98fb 100644 --- a/ansible/roles/common/defaults/main.yml +++ b/ansible/roles/common/defaults/main.yml @@ -17,6 +17,7 @@ common_services: environment: ANSIBLE_NOCOLOR: "1" ANSIBLE_LIBRARY: "/usr/share/ansible" + REQUESTS_CA_BUNDLE: "{{ openstack_cacert }}" privileged: True volumes: "{{ kolla_toolbox_default_volumes + kolla_toolbox_extra_volumes + lookup('vars', 'run_default_volumes_' + kolla_container_engine) }}" dimensions: "{{ kolla_toolbox_dimensions }}" diff --git a/ansible/roles/common/tasks/config.yml b/ansible/roles/common/tasks/config.yml index d90edf7197..0ce0be3833 100644 --- a/ansible/roles/common/tasks/config.yml +++ b/ansible/roles/common/tasks/config.yml @@ -64,8 +64,8 @@ - name: Set fluentd facts set_fact: - fluentd_cmd: "{{ fluentd_labels_docker.images[0].ContainerConfig.Labels.fluentd_binary | default('td-agent') }}" - fluentd_user: "{{ fluentd_labels_docker.images[0].ContainerConfig.Labels.fluentd_user | default('td-agent') }}" + fluentd_cmd: "{{ fluentd_labels_docker.images[0].Config.Labels.fluentd_binary | default(fluentd_labels_docker.images[0].ContainerConfig.Labels.fluentd_binary) | default('td-agent') }}" + fluentd_user: "{{ fluentd_labels_docker.images[0].Config.Labels.fluentd_user | default(fluentd_labels_docker.images[0].ContainerConfig.Labels.fluentd_user) | default('td-agent') }}" when: - kolla_container_engine == "docker" - enable_fluentd | bool @@ -159,6 +159,10 @@ enabled: true - name: "conf/input/05-libvirt.conf.j2" enabled: "{{ enable_nova | bool and enable_nova_libvirt_container | bool }}" + - name: "conf/input/06-zookeeper.conf.j2" + enabled: false + - name: "conf/input/07-kafka.conf.j2" + enabled: false - name: "conf/input/08-prometheus.conf.j2" enabled: "{{ enable_prometheus_fluentd_integration | bool }}" - name: "conf/input/10-openvswitch.conf.j2" @@ -232,6 +236,7 @@ - { name: "influxdb", enabled: "{{ enable_influxdb | bool }}" } - { name: "ironic", enabled: "{{ enable_ironic | bool }}" } - { name: "ironic-inspector", enabled: "{{ enable_ironic | bool }}" } + - { name: "kafka", enabled: "{{ enable_kafka | bool }}" } - { name: "keystone", enabled: "{{ enable_keystone | bool }}" } - { name: "kuryr", enabled: "{{ enable_kuryr | bool }}" } - { name: "magnum", enabled: "{{ enable_magnum | bool }}" } @@ -262,6 +267,7 @@ - { name: "venus", enabled: "{{ enable_venus | bool }}" } - { name: "vitrage", enabled: "{{ enable_vitrage | bool }}" } - { name: "watcher", enabled: "{{ enable_watcher | bool }}" } + - { name: "zookeeper", enabled: "{{ enable_zookeeper | bool }}" } - { name: "zun", enabled: "{{ enable_zun | bool }}" } template: src: "cron-logrotate-global.conf.j2" diff --git a/ansible/roles/common/templates/conf/input/00-global.conf.j2 b/ansible/roles/common/templates/conf/input/00-global.conf.j2 index 1c0a3d25b1..f00f233315 100644 --- a/ansible/roles/common/templates/conf/input/00-global.conf.j2 +++ b/ansible/roles/common/templates/conf/input/00-global.conf.j2 @@ -16,7 +16,7 @@ @type multiline format_firstline /^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}.\d{3} \d+ \S+ \S+ \[.*\]/ - format1 /^(?\S+ \S+) (?\d+) (?\S+) (?\S+) \[(\S+ req-)?((?\S+) (?\S+) (?\S+) (?\S+) (?\S+) (?\S+) (?\S+)|-)\] (?.*)?$/ + format1 /^(?\S+ \S+) (?\d+) (?\S+) (?\S+) ((?:\[)(?:None|req-)(?\S+)? (?:None|req-)(?\S+) (?\S+) (?\S+) (?\S+) (?\S+) (?\S+) (?\S+)(?:\]))?(?.*)?$/ time_key Timestamp keep_time_key true time_format %F %T.%L diff --git a/ansible/roles/common/templates/conf/input/11-letsencrypt.conf.j2 b/ansible/roles/common/templates/conf/input/11-letsencrypt.conf.j2 index ad2f071028..6ebd7b164c 100644 --- a/ansible/roles/common/templates/conf/input/11-letsencrypt.conf.j2 +++ b/ansible/roles/common/templates/conf/input/11-letsencrypt.conf.j2 @@ -2,7 +2,7 @@ @type tail @log_level debug path /var/log/kolla/letsencrypt/letsencrypt-lego.log - pos_file /var/run/td-agent/letsencrypt.pos + pos_file /var/run/{{ fluentd_user }}/letsencrypt.pos tag infra.letsencrypt.lego enable_watch_timer false diff --git a/ansible/roles/cyborg/templates/cyborg.conf.j2 b/ansible/roles/cyborg/templates/cyborg.conf.j2 index 8915a1e2b5..af05d8846d 100644 --- a/ansible/roles/cyborg/templates/cyborg.conf.j2 +++ b/ansible/roles/cyborg/templates/cyborg.conf.j2 @@ -43,6 +43,18 @@ region_name = {{ openstack_region_name }} cafile = {{ openstack_cacert }} valid_interfaces = internal +[nova] +auth_url = {{ keystone_internal_url }} +auth_type = password +project_domain_id = {{ default_project_domain_id }} +user_domain_id = {{ default_user_domain_id }} +region_name = {{ openstack_region_name }} +project_name = service +username = {{ nova_keystone_user }} +password = {{ nova_keystone_password }} +endpoint_type = internal +cafile = {{ openstack_cacert }} + {% if cyborg_policy_file is defined %} [oslo_policy] policy_file = {{ cyborg_policy_file }} diff --git a/ansible/roles/designate/defaults/main.yml b/ansible/roles/designate/defaults/main.yml index 16c8903483..ed66c8bab5 100644 --- a/ansible/roles/designate/defaults/main.yml +++ b/ansible/roles/designate/defaults/main.yml @@ -313,6 +313,7 @@ designate_dnssec_validation: "yes" designate_recursion: "no" ## Example for designate_forwarders_addresses: "10.199.200.1; 10.199.100.1" designate_forwarders_addresses: "" +designate_backend_bind9_cmdline_extras: "-U {{ designate_backend_bind9_workers }} -g" #################### # Infoblox diff --git a/ansible/roles/designate/templates/designate-backend-bind9.json.j2 b/ansible/roles/designate/templates/designate-backend-bind9.json.j2 index 49a786576c..36766addf5 100644 --- a/ansible/roles/designate/templates/designate-backend-bind9.json.j2 +++ b/ansible/roles/designate/templates/designate-backend-bind9.json.j2 @@ -2,7 +2,7 @@ {% set bind_file = 'bind/named.conf' if kolla_base_distro in ['ubuntu', 'debian'] else 'named.conf' %} { - "command": "/usr/sbin/{{ bind_cmd }} -U {{ designate_backend_bind9_workers }} -g", + "command": "/usr/sbin/{{ bind_cmd }} {{ designate_backend_bind9_cmdline_extras }}", "config_files": [ { "source": "{{ container_config_directory }}/named.conf", diff --git a/ansible/roles/destroy/tasks/cleanup_host.yml b/ansible/roles/destroy/tasks/cleanup_host.yml index 3e55c7bb2c..c7a5ea5783 100644 --- a/ansible/roles/destroy/tasks/cleanup_host.yml +++ b/ansible/roles/destroy/tasks/cleanup_host.yml @@ -9,6 +9,7 @@ nova_instance_datadir_volume: "{{ nova_instance_datadir_volume }}" gnocchi_metric_datadir_volume: "{{ gnocchi_metric_datadir_volume }}" influxdb_datadir_volume: "{{ influxdb_datadir_volume }}" + kafka_datadir_volume: "{{ kafka_datadir_volume }}" kolla_internal_vip_address: "{{ kolla_internal_vip_address }}" kolla_external_vip_address: "{{ kolla_external_vip_address }}" kolla_dev_repos_directory: "{{ kolla_dev_repos_directory }}" diff --git a/ansible/roles/dingo-command/defaults/main.yml b/ansible/roles/dingo-command/defaults/main.yml new file mode 100644 index 0000000000..943780ea9f --- /dev/null +++ b/ansible/roles/dingo-command/defaults/main.yml @@ -0,0 +1,254 @@ +--- +dingo_command_services: + dingo-command: + container_name: dingo-command + group: dingo-command + enabled: true + image: "{{ dingo_command_image_full }}" + volumes: "{{ dingo_command_default_volumes + dingo_command_extra_volumes }}" + dimensions: "{{ dingo_command_dimensions }}" + healthcheck: "{{ dingo_command_healthcheck }}" + haproxy: + dingo-command: + enabled: "{{ enable_dingo_command }}" + mode: "http" + external: false + port: "{{ dingo_command_port }}" + listen_port: "{{ dingo_command_listen_port }}" + tls_backend: "{{ dingo_command_enable_tls_backend }}" + backend_http_extra: + - "option httpchk GET /docs" + dingo_command_external: + enabled: "{{ enable_dingo_command }}" + mode: "http" + external: true + external_fqdn: "{{ dingo_command_external_fqdn }}" + port: "{{ dingo_command_port }}" + listen_port: "{{ dingo_command_listen_port }}" + tls_backend: "{{ dingo_command_enable_tls_backend }}" + backend_http_extra: + - "option httpchk GET /docs" + +dingo_bear_services: + dingo-bear: + container_name: dingo-bear + group: dingo-bear + enabled: true + image: "{{ dingo_bear_image_full }}" + volumes: "{{ dingo_bear_default_volumes + dingo_bear_extra_volumes }}" + dimensions: "{{ dingo_bear_dimensions }}" + healthcheck: "{{ dingo_bear_healthcheck }}" + haproxy: + dingo-bear: + enabled: "{{ enable_dingo_bear }}" + mode: "http" + external: false + port: "{{ dingo_bear_port }}" + listen_port: "{{ dingo_bear_listen_port }}" + tls_backend: "{{ dingo_bear_enable_tls_backend }}" + backend_http_extra: + - "option httpchk GET /docs" + dingo_bear_external: + enabled: "{{ enable_dingo_bear }}" + mode: "http" + external: true + external_fqdn: "{{ dingo_bear_external_fqdn }}" + port: "{{ dingo_bear_port }}" + listen_port: "{{ dingo_bear_listen_port }}" + tls_backend: "{{ dingo_bear_enable_tls_backend }}" + backend_http_extra: + - "option httpchk GET /docs" + +dingo_command_database_address: "{{ database_address | put_address_in_context('url') }}:{{ database_port }}" +dingo_command_tag: "{{ openstack_tag }}" +#optional ceph nfs local +dingo_command_workerdir_storage_type: "local" +dingo_command_workerdir_storage_local_path: "/var/lib/dingo-command" + +dingo_command_workerdir_storage_nfs_path: "{{ dingo_command_workerdir_storage_nfs_path }}" + +dingo_command_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/dingo-command" +dingo_command_image_full: "{{ dingo_command_image }}:{{ dingo_command_tag }}" +dingo_command_config_directory: "/etc/dingo-command" +dingo_command_default_volumes: + - "{{ node_config_directory }}/dingo-command/:{{ dingo_command_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}" + - "/var/log/kolla/dingo-command/:/var/log/dingo-command/" + - "/run/netns:/run/netns:shared" + - "{{ dingo_command_workerdir_storage_local_path }}/:/var/lib/dingo-command/" + +dingo_command_extra_volumes: "{{ default_extra_volumes }}" +dingo_command_dimensions: "{{ default_container_dimensions }}" + +dingo_command_enable_healthchecks: "{{ enable_container_healthchecks }}" +dingo_command_healthcheck_interval: "{{ default_container_healthcheck_interval }}" +dingo_command_healthcheck_retries: "{{ default_container_healthcheck_retries }}" +dingo_command_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}" +dingo_command_healthcheck_test: ["CMD-SHELL", "curl --max-time 10 http://{{ api_interface_address | put_address_in_context('url') }}:{{ dingo_command_listen_port }}/docs"] +dingo_command_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}" +dingo_command_healthcheck: + interval: "{{ dingo_command_healthcheck_interval }}" + retries: "{{ dingo_command_healthcheck_retries }}" + start_period: "{{ dingo_command_healthcheck_start_period }}" + test: "{% if dingo_command_enable_healthchecks | bool %}{{ dingo_command_healthcheck_test }}{% else %}NONE{% endif %}" + timeout: "{{ dingo_command_healthcheck_timeout }}" + +openstack_dingo_command_auth: "{{ openstack_auth }}" +dingo_command_port: 8887 +dingo_command_public_port: 8887 +dingo_command_listen_port: "{{ dingo_command_port }}" +#################### +# OpenStack +#################### +dingo_command_internal_base_endpoint: "{{ dingo_command_internal_fqdn | kolla_url(internal_protocol, dingo_command_port) }}" +dingo_command_public_base_endpoint: "{{ dingo_command_external_fqdn | kolla_url(public_protocol, dingo_command_public_port) }}" + +dingo_command_ks_services: + - name: "dingo-command" + type: "panel" + description: "OpenStack assets Service" + endpoints: + - {'interface': 'internal', 'url': '{{ dingo_command_internal_base_endpoint }}'} + - {'interface': 'public', 'url': '{{ dingo_command_public_base_endpoint }}'} + +dingo_command_ks_users: + - project: "service" + user: "{{ dingo_command_keystone_user }}" + password: "{{ dingo_command_keystone_password }}" + role: "admin" + +#################### +# Database +#################### +dingo_command_database_name: "dingoops" +dingo_command_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}dingoops{% endif %}" +dingo_command_database_address: "{{ database_address | put_address_in_context('url') }}:{{ database_port }}" +#################### +# Database sharding +#################### +dingo_command_database_shard_root_user: "{% if enable_proxysql | bool %}root_shard_{{ dingo_command_database_shard_id }}{% else %}{{ database_user }}{% endif %}" +dingo_command_database_shard_id: "{{ mariadb_default_database_shard_id | int }}" +dingo_command_database_shard: + users: + - user: "{{ dingo_command_database_user }}" + password: "{{ dingo_command_database_password }}" + rules: + - schema: "{{ dingo_command_database_name }}" + shard_id: "{{ dingo_command_database_shard_id }}" + + +#################### +# TLS +#################### +dingo_command_enable_tls_backend: "{{ kolla_enable_tls_backend }}" + +ceph_keyring_content: "AQDGGBxo1+6EAxAAPtO87F7AtDfsmQVmVYLVbw==" +#dingo_command_ceph_fsid: "7e4c0eda-02e0-11ef-bedf-e4434b2ce110" +# dingo_command_ceph_mon_hosts: +# - "[v2:10.220.8.46:3300/0,v1:10.220.8.46:6789/0]" +# - "[v2:10.220.8.47:3300/0,v1:10.220.8.47:6789/0]" +# - "[v2:10.220.8.48:3300/0,v1:10.220.8.48:6789/0]" +# - "[v2:10.220.8.45:3300/0,v1:10.220.8.45:6789/0]" +# - "[v2:10.220.8.44:3300/0,v1:10.220.8.44:6789/0]" +# dingo_command_ceph_mon_name: "sd-ceph01" +# dingo_command_ceph_public_network: "10.220.8.0/22" + +dingo_command_ceph_mon_addresses: "10.220.8.46:6789,10.220.8.47:6789,10.220.8.48:6789" +dingo_command_ceph_client_name: "dingoops-hdd-fs" +dingo_command_ceph_mds_namespace: "dingoops-cephfs-hdd" +dingo_command_ceph_mount_path: "{{ dingo_command_workerdir_storage_local_path }}" +dingo_command_ceph_fs_name: "/dingoops-test" + +task_timeout: 7500 +soft_task_timeout: 7200 + +# 默认使用本身的地址 +center_rpc_transport_url: "{{ rpc_transport_url }}" + +aliyun_clickhouse_host: "10.220.244.176" +aliyun_clickhouse_port: 8123 +aliyun_clickhouse_user: "user01" +aliyun_clickhouse_password: "YourStrongPassword123!" +aliyun_clickhouse_database: "bsm_monitor" + +metric_write_dingo: true +metric_write_clickhouse: true +openstack_lb_method: "ROUND_ROBIN" +openstack_lb_provider: "amphora" + +dingo_bear_tag: "{{ openstack_tag }}" +dingo_bear_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/dingo-bear" +dingo_bear_image_full: "{{ dingo_bear_image }}:{{ dingo_bear_tag }}" + + +dingo_bear_database_user: "{{ dingo_command_database_user }}" +dingo_bear_database_password: "{{ dingo_command_database_password }}" +dingo_bear_database_name: "dingo-bear" +dingo_bear_database_shard_root_user: "{% if enable_proxysql | bool %}root_shard_{{ dingo_bear_database_shard_id }}{% else %}{{ database_user }}{% endif %}" +dingo_bear_database_shard_id: "{{ mariadb_default_database_shard_id | int }}" +dingo_bear_database_shard: + users: + - user: "{{ dingo_bear_database_user }}" + password: "{{ dingo_bear_database_password }}" + rules: + - schema: "{{ dingo_bear_database_name }}" + shard_id: "{{ dingo_bear_database_shard_id }}" +dingo_bear_port: 38887 +dingo_bear_frontend_port: 30000 +dingo_bear_listen_port: "{{ dingo_bear_port }}" +dingo_bear_skyline_url: "http://{{ kolla_internal_vip_address }}:9999" +dingo_bear_database_address: "{{ database_address }}:{{ database_port }}" +dingo_bear_enable_tls_backend: "{{ kolla_enable_tls_backend }}" +dingo_bear_external_fqdn: "{{ dingo_command_external_fqdn }}" +dingo_bear_config_directory: "/etc/dingo-bear" +dingo_bear_default_volumes: + - "{{ node_config_directory }}/dingo-bear:{{ dingo_bear_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}" + - "/var/log/kolla/dingo-bear:/var/log/dingo-bear/" +dingo_bear_extra_volumes: "{{ default_extra_volumes }}" +dingo_bear_dimensions: "{{ default_container_dimensions }}" + +dingo_bear_enable_healthchecks: "{{ enable_container_healthchecks }}" +dingo_bear_healthcheck_interval: "{{ default_container_healthcheck_interval }}" +dingo_bear_healthcheck_retries: "{{ default_container_healthcheck_retries }}" +dingo_bear_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}" +dingo_bear_healthcheck_test: ["CMD-SHELL", "curl --max-time 10 http://{{ api_interface_address | put_address_in_context('url') }}:{{ dingo_bear_listen_port }}/docs"] +dingo_bear_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}" +dingo_bear_healthcheck: + interval: "{{ dingo_bear_healthcheck_interval }}" + retries: "{{ dingo_bear_healthcheck_retries }}" + start_period: "{{ dingo_bear_healthcheck_start_period }}" + test: "{% if dingo_bear_enable_healthchecks | bool %}{{ dingo_bear_healthcheck_test }}{% else %}NONE{% endif %}" + timeout: "{{ dingo_bear_healthcheck_timeout }}" + +dingo_bear_services: + dingo-bear: + container_name: dingo-bear + group: dingo-bear + enabled: true + image: "{{ dingo_bear_image_full }}" + volumes: "{{ dingo_bear_default_volumes + dingo_bear_extra_volumes }}" + dimensions: "{{ dingo_bear_dimensions }}" + healthcheck: "{{ dingo_bear_healthcheck }}" + haproxy: + dingo-bear: + enabled: "{{ enable_dingo_bear }}" + mode: "http" + external: false + port: "{{ dingo_bear_port }}" + listen_port: "{{ dingo_bear_listen_port }}" + tls_backend: "{{ dingo_bear_enable_tls_backend }}" + backend_http_extra: + - "option httpchk GET /docs" + dingo_bear_external: + enabled: "{{ enable_dingo_bear }}" + mode: "http" + external: true + external_fqdn: "{{ dingo_bear_external_fqdn }}" + port: "{{ dingo_bear_port }}" + listen_port: "{{ dingo_bear_listen_port }}" + tls_backend: "{{ dingo_bear_enable_tls_backend }}" + backend_http_extra: + - "option httpchk GET /docs" \ No newline at end of file diff --git a/ansible/roles/dingo-command/handlers/main.yml b/ansible/roles/dingo-command/handlers/main.yml new file mode 100644 index 0000000000..05aecee16b --- /dev/null +++ b/ansible/roles/dingo-command/handlers/main.yml @@ -0,0 +1,20 @@ +--- +- name: Restart dingo-command container + vars: + service_name: "dingo-command" + service: "{{ dingo_command_services[service_name] }}" + become: true + kolla_container: + action: "recreate_or_restart_container" + common_options: "{{ docker_common_options }}" + name: "{{ service.container_name }}" + image: "{{ service.image }}" + volumes: "{{ service.volumes | reject('equalto', '') | list }}" + dimensions: "{{ service.dimensions }}" + healthcheck: "{{ service.healthcheck | default(omit) }}" + privileged: True + pid_mode: "host" + when: + - kolla_action != "config" + + diff --git a/ansible/roles/dingo-command/tasks/bootstrap.yml b/ansible/roles/dingo-command/tasks/bootstrap.yml new file mode 100644 index 0000000000..12881b20b0 --- /dev/null +++ b/ansible/roles/dingo-command/tasks/bootstrap.yml @@ -0,0 +1,38 @@ +--- +- name: Creating dingo-command database + become: true + kolla_toolbox: + container_engine: "{{ kolla_container_engine }}" + module_name: mysql_db + module_args: + login_host: "{{ database_address }}" + login_port: "{{ database_port }}" + login_user: "{{ dingo_command_database_shard_root_user }}" + login_password: "{{ database_password }}" + name: "{{ dingo_command_database_name }}" + run_once: True + delegate_to: "{{ groups['dingo-command'][0] }}" + when: + - not use_preconfigured_databases | bool + +- name: Creating dingo-command database user and setting permissions + become: true + kolla_toolbox: + container_engine: "{{ kolla_container_engine }}" + module_name: mysql_user + module_args: + login_host: "{{ database_address }}" + login_port: "{{ database_port }}" + login_user: "{{ dingo_command_database_shard_root_user }}" + login_password: "{{ database_password }}" + name: "{{ dingo_command_database_user }}" + password: "{{ dingo_command_database_password }}" + host: "%" + priv: "{{ dingo_command_database_name }}.*:ALL" + append_privs: "yes" + run_once: True + delegate_to: "{{ groups['dingo-command'][0] }}" + when: + - not use_preconfigured_databases | bool + +- import_tasks: bootstrap_service.yml diff --git a/ansible/roles/dingo-command/tasks/bootstrap_service.yml b/ansible/roles/dingo-command/tasks/bootstrap_service.yml new file mode 100644 index 0000000000..014558b59f --- /dev/null +++ b/ansible/roles/dingo-command/tasks/bootstrap_service.yml @@ -0,0 +1,21 @@ +--- +- name: Running dingo-command bootstrap container + vars: + dingo_command: "{{ dingo_command_services['dingo-command'] }}" + become: true + kolla_container: + action: "start_container" + common_options: "{{ docker_common_options }}" + detach: False + environment: + KOLLA_BOOTSTRAP: + KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}" + image: "{{ dingo_command.image }}" + labels: + BOOTSTRAP: + name: "dingo-command" + restart_policy: oneshot + privileged: True + volumes: "{{ dingo_command.volumes | reject('equalto', '') | list }}" + run_once: True + delegate_to: "{{ groups[dingo_command.group][0] }}" diff --git a/ansible/roles/dingo-command/tasks/ceph.yml b/ansible/roles/dingo-command/tasks/ceph.yml new file mode 100644 index 0000000000..378e696747 --- /dev/null +++ b/ansible/roles/dingo-command/tasks/ceph.yml @@ -0,0 +1,71 @@ +--- + +- name: 创建Ceph仓库配置文件 + copy: + dest: /etc/yum.repos.d/ceph.repo + content: | + [Ceph] + name=Ceph packages for $basearch + baseurl=http://download.ceph.com/rpm-squid/el9/$basearch + enabled=1 + gpgcheck=1 + type=rpm-md + gpgkey=https://download.ceph.com/keys/release.asc + + [Ceph-noarch] + name=Ceph noarch packages + baseurl=http://download.ceph.com/rpm-squid/el9/noarch + enabled=1 + gpgcheck=1 + type=rpm-md + gpgkey=https://download.ceph.com/keys/release.asc + + [ceph-source] + name=Ceph source packages + baseurl=http://download.ceph.com/rpm-squid/el9/SRPMS + enabled=1 + gpgcheck=1 + type=rpm-md + gpgkey=https://download.ceph.com/keys/release.asc + with_dict: "{{ dingo_command_services | select_services_enabled_and_mapped_to_host }}" + +- name: 安装Ceph客户端工具 + package: + name: ceph-common + state: present + with_dict: "{{ dingo_command_services | select_services_enabled_and_mapped_to_host }}" + +- name: 确保Ceph配置目录存在 + file: + path: /etc/ceph + state: directory + mode: '0755' + with_dict: "{{ dingo_command_services | select_services_enabled_and_mapped_to_host }}" + +- name: 写入ceph.client.{{ dingo_command_ceph_client_name }}.keyring内容 + copy: + dest: /etc/ceph/ceph.client.{{ dingo_command_ceph_client_name }}.keyring + content: "{{ ceph_keyring_content }}" + mode: '0600' + with_dict: "{{ dingo_command_services | select_services_enabled_and_mapped_to_host }}" + +# - name: 复制ceph.client.keyring.j2为ceph.client.{{ dingo_command_ceph_client_name }}.keyring +# template: +# src: ceph.client.keyring.j2 +# dest: /etc/ceph/ceph.client.{{ dingo_command_ceph_client_name }}.keyring +# mode: '0600' +# with_dict: "{{ dingo_command_services | select_services_enabled_and_mapped_to_host }}" + +- name: 确保挂载点目录存在 + file: + path: "{{ dingo_command_ceph_mount_path }}" + state: directory + mode: '0755' + with_dict: "{{ dingo_command_services | select_services_enabled_and_mapped_to_host }}" + +- name: 挂载Ceph文件系统 + shell: | + mount.ceph "{{ dingo_command_ceph_mon_addresses }}:/{{ dingo_command_ceph_fs_name }}" "{{ dingo_command_ceph_mount_path }}" \ + -o name={{ dingo_command_ceph_client_name }},secretfile=/etc/ceph/ceph.client.{{ dingo_command_ceph_client_name }}.keyring,acl,noatime,_netdev,mds_namespace={{ dingo_command_ceph_mds_namespace }} + with_dict: "{{ dingo_command_services | select_services_enabled_and_mapped_to_host }}" + when: kolla_action != "upgrade" \ No newline at end of file diff --git a/ansible/roles/dingo-command/tasks/check-containers.yml b/ansible/roles/dingo-command/tasks/check-containers.yml new file mode 100644 index 0000000000..3c569b0801 --- /dev/null +++ b/ansible/roles/dingo-command/tasks/check-containers.yml @@ -0,0 +1,17 @@ +--- +- name: Check dingo-command container + become: true + kolla_container: + action: "compare_container" + common_options: "{{ docker_common_options }}" + name: "{{ item.value.container_name }}" + image: "{{ item.value.image }}" + volumes: "{{ item.value.volumes | reject('equalto', '') | list }}" + dimensions: "{{ item.value.dimensions }}" + healthcheck: "{{ horizon.healthcheck | default(omit) }}" + when: + - inventory_hostname in groups[item.value.group] + - item.value.enabled | bool + with_dict: "{{ dingo_command_services }}" + notify: + - "Restart {{ item.key }} container" diff --git a/ansible/roles/dingo-command/tasks/check.yml b/ansible/roles/dingo-command/tasks/check.yml new file mode 100644 index 0000000000..ed97d539c0 --- /dev/null +++ b/ansible/roles/dingo-command/tasks/check.yml @@ -0,0 +1 @@ +--- diff --git a/ansible/roles/dingo-command/tasks/config.yml b/ansible/roles/dingo-command/tasks/config.yml new file mode 100644 index 0000000000..b76119a00e --- /dev/null +++ b/ansible/roles/dingo-command/tasks/config.yml @@ -0,0 +1,130 @@ +--- +- name: Ensuring /var/log/dingo-command directory exists + file: + path: "/var/log/kolla/dingo-command" + state: "directory" + owner: "{{ config_owner_user }}" + group: "{{ config_owner_group }}" + mode: "0770" + become: true + with_dict: "{{ dingo_command_services | select_services_enabled_and_mapped_to_host }}" +- name: Ensuring /var/lib/dingo-command directory exists + file: + path: "{{ dingo_command_workerdir_storage_local_path }}" + state: "directory" + owner: "{{ config_owner_user }}" + group: "{{ config_owner_group }}" + mode: "0770" + become: true + with_dict: "{{ dingo_command_services | select_services_enabled_and_mapped_to_host }}" + +- name: Ensuring config directories exist + file: + path: "{{ node_config_directory }}/{{ item.key }}" + state: "directory" + owner: "{{ config_owner_user }}" + group: "{{ config_owner_group }}" + mode: "0770" + become: true + with_dict: "{{ dingo_command_services | select_services_enabled_and_mapped_to_host }}" + +- include_tasks: copy-certs.yml + when: + - kolla_copy_ca_into_containers | bool or dingo_command_enable_tls_backend | bool + +- name: Copying over dingo-command.conf + vars: + dingo_command: "{{ dingo_command_services['dingo-command'] }}" + template: + src: "{{ role_path }}/templates/dingo-command.conf.j2" + dest: "{{ node_config_directory }}/dingo-command/dingo-command.conf" + mode: "0660" + become: true + when: + - dingo_command.enabled | bool + notify: + - Restart dingo-command container + +- name: Copying over supervisord.conf + vars: + dingo_command: "{{ dingo_command_services['dingo-command'] }}" + template: + src: "{{ role_path }}/templates/supervisord.conf" + dest: "{{ node_config_directory }}/dingo-command/supervisord.conf" + mode: "0660" + become: true + when: + - dingo_command.enabled | bool + notify: + - Restart dingo-command container + +- name: Write dingo_command_managek8s_config to management.kubeconfig + copy: + content: "{{ dingo_command_managek8s_config }}" + dest: "{{ node_config_directory }}/dingo-command/management.kubeconfig" + mode: "0660" + become: true + when: + - dingo_command_services['dingo-command'].enabled | bool + - dingo_command_managek8s_config is defined + - dingo_command_managek8s_config | length > 0 + +- name: Copying over gunicorn.py + vars: + dingo_command: "{{ dingo_command_services['dingo-command'] }}" + template: + src: "{{ role_path }}/templates/gunicorn.py" + dest: "{{ node_config_directory }}/dingo-command/gunicorn.py" + mode: "0660" + become: true + when: + - dingo_command.enabled | bool + notify: + - Restart dingo-command container + +- include_tasks: "ceph.yml" + when: + - dingo_command_workerdir_storage_type == "ceph" + - dingo_command_workerdir_storage_enabled | bool + +- name: Include NFS mount tasks if storage type is NFS + include_tasks: nfs.yml + when: dingo_command_workerdir_storage_type == 'nfs' + +- name: Ensuring terraform-cache directory exists + file: + path: "{{ dingo_command_workerdir_storage_local_path }}/terraform-cache" + state: "directory" + owner: "{{ config_owner_user }}" + group: "{{ config_owner_group }}" + mode: "0770" + become: true + with_dict: "{{ dingo_command_services | select_services_enabled_and_mapped_to_host }}" + +- name: Copy dingo.com terraform providers + copy: + src: "{{ role_path }}/templates/dingo.com" + dest: "{{ dingo_command_workerdir_storage_local_path }}/terraform-cache/" + owner: "{{ config_owner_user }}" + group: "{{ config_owner_group }}" + mode: "0770" + directory_mode: "0770" + become: true + when: + - dingo_command_services['dingo-command'].enabled | bool + notify: + - Restart dingo-command container + +- name: Copy registry.terraform.io terraform providers + copy: + src: "{{ role_path }}/templates/registry.terraform.io" + dest: "{{ dingo_command_workerdir_storage_local_path }}/terraform-cache/" + owner: "{{ config_owner_user }}" + group: "{{ config_owner_group }}" + mode: "0770" + directory_mode: "0770" + become: true + when: + - dingo_command_services['dingo-command'].enabled | bool + notify: + - Restart dingo-command container \ No newline at end of file diff --git a/ansible/roles/dingo-command/tasks/config_validate.yml b/ansible/roles/dingo-command/tasks/config_validate.yml new file mode 100644 index 0000000000..ed97d539c0 --- /dev/null +++ b/ansible/roles/dingo-command/tasks/config_validate.yml @@ -0,0 +1 @@ +--- diff --git a/ansible/roles/dingo-command/tasks/copy-certs.yml b/ansible/roles/dingo-command/tasks/copy-certs.yml new file mode 100644 index 0000000000..13a7fe354d --- /dev/null +++ b/ansible/roles/dingo-command/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ dingo_command_services }}" diff --git a/ansible/roles/dingo-command/tasks/deploy-bear.yml b/ansible/roles/dingo-command/tasks/deploy-bear.yml new file mode 100644 index 0000000000..e48bed1eb7 --- /dev/null +++ b/ansible/roles/dingo-command/tasks/deploy-bear.yml @@ -0,0 +1,145 @@ +--- + +- name: Set dingo_bear fact + set_fact: + dingo_bear: "{{ dingo_bear_services['dingo-bear'] }}" + +- name: Creating dingo-bear database + become: true + kolla_toolbox: + container_engine: "{{ kolla_container_engine }}" + module_name: mysql_db + module_args: + login_host: "{{ database_address }}" + login_port: "{{ database_port }}" + login_user: "{{ dingo_command_database_shard_root_user }}" + login_password: "{{ database_password }}" + name: "{{ dingo_bear_database_name }}" + run_once: True + delegate_to: "{{ groups['dingo-command'][0] }}" + when: + - not use_preconfigured_databases | bool + - dingo_bear.enabled | bool + +- name: Creating dingo-bear database user and setting permissions + become: true + kolla_toolbox: + container_engine: "{{ kolla_container_engine }}" + module_name: mysql_user + module_args: + login_host: "{{ database_address }}" + login_port: "{{ database_port }}" + login_user: "{{ dingo_command_database_shard_root_user }}" + login_password: "{{ database_password }}" + name: "{{ dingo_bear_database_user }}" + password: "{{ dingo_bear_database_password }}" + host: "%" + priv: "{{ dingo_bear_database_name }}.*:ALL" + append_privs: "yes" + run_once: True + delegate_to: "{{ groups['dingo-command'][0] }}" + when: + - not use_preconfigured_databases | bool + - dingo_bear.enabled | bool + +- name: Pull dingo-bear image + become: true + kolla_container: + action: "pull_image" + common_options: "{{ docker_common_options }}" + image: "{{ dingo_bear_image_full }}" + when: + - dingo_bear.enabled | bool + +- name: Ensuring /var/log/dingo-bear directory exists + file: + path: "/var/log/kolla/dingo-bear" + state: "directory" + owner: "{{ config_owner_user }}" + group: "{{ config_owner_group }}" + mode: "0770" + become: true + when: + - dingo_bear.enabled | bool + +- name: Ensuring /etc/kolla/dingo-bear directory exists + file: + path: "{{ node_config_directory }}/dingo-bear" + state: "directory" + owner: "{{ config_owner_user }}" + group: "{{ config_owner_group }}" + mode: "0770" + become: true + when: + - dingo_bear.enabled | bool + + +- name: Copying over dingo-bear.conf + template: + src: "{{ role_path }}/templates/dingo-bear/dingo-bear.conf.j2" + dest: "{{ node_config_directory }}/dingo-bear/dingo-bear.conf" + mode: "0660" + become: true + when: + - dingo_bear.enabled | bool + +- name: Copying over supervisord.conf + template: + src: "{{ role_path }}/templates/dingo-bear/supervisord.conf" + dest: "{{ node_config_directory }}/dingo-bear/supervisord.conf" + mode: "0660" + become: true + when: + - dingo_bear.enabled | bool + + +- name: Copying over gunicorn.py + template: + src: "{{ role_path }}/templates/dingo-bear/gunicorn.py" + dest: "{{ node_config_directory }}/dingo-bear/gunicorn.py" + mode: "0660" + become: true + when: + - dingo_bear.enabled | bool + +- name: Copying over nginx.conf + template: + src: "{{ role_path }}/templates/dingo-bear/nginx.conf.j2" + dest: "{{ node_config_directory }}/dingo-bear/nginx.conf" + mode: "0660" + become: true + when: + - dingo_bear.enabled | bool + + +- name: Copy deploy.sh to target node + template: + src: "{{ role_path }}/templates/dingo-bear/deploy.sh.j2" + dest: "/tmp/deploy-bear.sh" + mode: "0755" + become: true + when: + - dingo_bear.enabled | bool + +- name: Execute deploy-bear.sh + command: > + bash /tmp/deploy-bear.sh + "{{ dingo_bear_image_full }}" + become: true + register: deploy_bear_result + when: + - dingo_bear.enabled | bool + +- name: Show deploy-bear.sh output + debug: + msg: "{{ deploy_bear_result.stdout_lines }}" + when: + - dingo_bear.enabled | bool + + + + + + + + diff --git a/ansible/roles/dingo-command/tasks/deploy-containers.yml b/ansible/roles/dingo-command/tasks/deploy-containers.yml new file mode 100644 index 0000000000..eb24ab5c7a --- /dev/null +++ b/ansible/roles/dingo-command/tasks/deploy-containers.yml @@ -0,0 +1,2 @@ +--- +- import_tasks: check-containers.yml diff --git a/ansible/roles/dingo-command/tasks/deploy.yml b/ansible/roles/dingo-command/tasks/deploy.yml new file mode 100644 index 0000000000..d793a349da --- /dev/null +++ b/ansible/roles/dingo-command/tasks/deploy.yml @@ -0,0 +1,11 @@ +--- +- import_tasks: register.yml + +- import_tasks: config.yml + +- import_tasks: check-containers.yml + +- import_tasks: bootstrap.yml + +- name: Flush handlers + meta: flush_handlers diff --git a/ansible/roles/dingo-command/tasks/loadbalancer.yml b/ansible/roles/dingo-command/tasks/loadbalancer.yml new file mode 100644 index 0000000000..27ee9aa7ad --- /dev/null +++ b/ansible/roles/dingo-command/tasks/loadbalancer.yml @@ -0,0 +1,14 @@ +--- +- name: "Configure loadbalancer for {{ project_name }}" + import_role: + name: loadbalancer-config + vars: + project_services: "{{ dingo_command_services }}" + tags: always + +- name: "Configure loadbalancer for dingo-bear" + import_role: + name: loadbalancer-config + vars: + project_services: "{{ dingo_bear_services }}" + tags: always \ No newline at end of file diff --git a/ansible/roles/dingo-command/tasks/main.yml b/ansible/roles/dingo-command/tasks/main.yml new file mode 100644 index 0000000000..913a1637f1 --- /dev/null +++ b/ansible/roles/dingo-command/tasks/main.yml @@ -0,0 +1,6 @@ +--- +- include_tasks: "{{ kolla_action }}.yml" + when: "'dingo-bear' not in ansible_run_tags" + +- include_tasks: deploy-bear.yml + when: "'dingo-bear' in ansible_run_tags" diff --git a/ansible/roles/dingo-command/tasks/nfs.yml b/ansible/roles/dingo-command/tasks/nfs.yml new file mode 100644 index 0000000000..dc96038816 --- /dev/null +++ b/ansible/roles/dingo-command/tasks/nfs.yml @@ -0,0 +1,32 @@ +- name: Install NFS client packages + package: + name: "{{ nfs_packages }}" + state: present + vars: + nfs_packages: + - nfs-utils # For RHEL/CentOS + when: ansible_os_family in ['RedHat'] + +- name: Start and enable NFS services + service: + name: "{{ item }}" + state: started + enabled: yes + with_items: + - rpcbind + - nfs-client.target + when: ansible_os_family == 'RedHat' + +- name: Ensure local mount point exists + file: + path: "{{ dingo_command_workerdir_storage_local_path }}" + state: directory + mode: '0755' + +- name: Mount NFS share + mount: + path: "{{ dingo_command_workerdir_storage_local_path }}" + src: "{{ dingo_command_workerdir_storage_nfs_path }}" # NFS server path variable + fstype: nfs + opts: rw,sync + state: mounted \ No newline at end of file diff --git a/ansible/roles/dingo-command/tasks/precheck.yml b/ansible/roles/dingo-command/tasks/precheck.yml new file mode 100644 index 0000000000..abc7a74131 --- /dev/null +++ b/ansible/roles/dingo-command/tasks/precheck.yml @@ -0,0 +1,38 @@ +--- +- import_role: + name: service-precheck + vars: + service_precheck_services: "{{ dingo_command_services }}" + service_name: "{{ project_name }}" + +- name: Get container facts + become: true + kolla_container_facts: + action: get_containers + container_engine: "{{ kolla_container_engine }}" + name: + - dingo-command + - dingo_command_console + register: container_facts + +- name: Checking free port for dingo-command APIServer + wait_for: + host: "{{ api_interface_address }}" + port: "{{ dingo_command_listen_port }}" + connect_timeout: 1 + timeout: 1 + state: stopped + when: + - container_facts['dingo-command'] is not defined + - inventory_hostname in groups['dingo-command'] + +- name: Checking free port for dingo-command Console + wait_for: + host: "{{ api_interface_address }}" + port: "{{ dingo_command_console_listen_port }}" + connect_timeout: 1 + timeout: 1 + state: stopped + when: + - container_facts['dingo_command_console'] is not defined + - inventory_hostname in groups['dingo-command-console'] diff --git a/ansible/roles/dingo-command/tasks/pull.yml b/ansible/roles/dingo-command/tasks/pull.yml new file mode 100644 index 0000000000..53f9c5fda1 --- /dev/null +++ b/ansible/roles/dingo-command/tasks/pull.yml @@ -0,0 +1,3 @@ +--- +- import_role: + role: service-images-pull diff --git a/ansible/roles/dingo-command/tasks/reconfigure.yml b/ansible/roles/dingo-command/tasks/reconfigure.yml new file mode 100644 index 0000000000..f670a5b78d --- /dev/null +++ b/ansible/roles/dingo-command/tasks/reconfigure.yml @@ -0,0 +1,2 @@ +--- +- include_tasks: deploy.yml diff --git a/ansible/roles/dingo-command/tasks/register.yml b/ansible/roles/dingo-command/tasks/register.yml new file mode 100644 index 0000000000..45c5aa27a6 --- /dev/null +++ b/ansible/roles/dingo-command/tasks/register.yml @@ -0,0 +1,8 @@ +--- +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_dingo_command_auth }}" + service_ks_register_services: "{{ dingo_command_ks_services }}" + service_ks_register_users: "{{ dingo_command_ks_users }}" + diff --git a/ansible/roles/dingo-command/tasks/stop.yml b/ansible/roles/dingo-command/tasks/stop.yml new file mode 100644 index 0000000000..206caef1b5 --- /dev/null +++ b/ansible/roles/dingo-command/tasks/stop.yml @@ -0,0 +1,6 @@ +--- +- import_role: + name: service-stop + vars: + project_services: "{{ dingo_command_services }}" + service_name: "{{ project_name }}" diff --git a/ansible/roles/dingo-command/tasks/upgrade.yml b/ansible/roles/dingo-command/tasks/upgrade.yml new file mode 100644 index 0000000000..49edff81e3 --- /dev/null +++ b/ansible/roles/dingo-command/tasks/upgrade.yml @@ -0,0 +1,7 @@ +--- +- import_tasks: config.yml + +- import_tasks: check-containers.yml + +- name: Flush handlers + meta: flush_handlers diff --git a/ansible/roles/dingo-command/templates/.terraformrc.j2 b/ansible/roles/dingo-command/templates/.terraformrc.j2 new file mode 100644 index 0000000000..fed5b4ea87 --- /dev/null +++ b/ansible/roles/dingo-command/templates/.terraformrc.j2 @@ -0,0 +1,13 @@ + +plugin_cache_dir = "$HOME/.terraform.d/plugin-cache" +disable_checkpoint = true +provider_installation { + # ~/.terraform.d/plugins/hashicorp.com/edu/hashicups/0.3.1/linux_amd64/terraform-provider-hashicups_v0.3.1 + filesystem_mirror { + path = "/var/lib/dingo-command/terraform-cache" + include = ["dingo.com/*/*"] + } + direct { + exclude = ["dingo.com/*/*"] + } +} \ No newline at end of file diff --git a/ansible/roles/dingo-command/templates/ceph.client.keyring.j2 b/ansible/roles/dingo-command/templates/ceph.client.keyring.j2 new file mode 100644 index 0000000000..ffe499a587 --- /dev/null +++ b/ansible/roles/dingo-command/templates/ceph.client.keyring.j2 @@ -0,0 +1,5 @@ +[client.{{ dingo_command_ceph_client_name }}] + key = {{ ceph_keyring_content }} + caps mds = "allow rwps fsname={{ dingo_command_ceph_fs_name }}" + caps mon = "allow r" + caps osd = "allow rw tag cephfs data={{ dingo_command_ceph_mds_namespace }}" \ No newline at end of file diff --git a/ansible/roles/dingo-command/templates/dingo-bear/deploy.sh.j2 b/ansible/roles/dingo-command/templates/dingo-bear/deploy.sh.j2 new file mode 100644 index 0000000000..c0650d5f95 --- /dev/null +++ b/ansible/roles/dingo-command/templates/dingo-bear/deploy.sh.j2 @@ -0,0 +1,56 @@ +#!/bin/bash +set -e +set -o pipefail + +image_full_url=${1:-"docker.io/dongshany"} +node_port=38887 +frontend_port=30000 +module_name=dingo-bear +skyline_url="{{ dingo_bear_skyline_url }}" + +echo "开始检查并移除旧的容器" +if podman ps -f "name=${module_name}$" -f "status=running" -q | grep -q .; then + printf "停止容器: " + podman stop "${module_name}" +fi + +if podman ps -a -f "name=${module_name}$" -q | grep -q .; then + printf "删除容器: " + podman rm "${module_name}" +fi + +# 确保必要目录存在 +mkdir -p /etc/kolla/dingo-bear /var/log/kolla/dingo-bear /var/lib/dingo-command + +# 构建运行命令(使用数组避免 eval) +run_args=( + run -d + --privileged + -p "${node_port}:${node_port}" + -p "${frontend_port}:${frontend_port}" + -e "SKYLINE_URL=${skyline_url}" + -v /etc/kolla/dingo-bear/:/etc/dingo-bear/:ro + -v /etc/localtime:/etc/localtime:ro + -v /var/log/kolla/dingo-bear/:/var/log/dingo-bear/ + --mount type=bind,source=/run/netns,target=/run/netns,bind-propagation=shared + -v /var/lib/dingo-command/:/var/lib/dingo-command/ + -e TZ=Asia/Shanghai + --health-cmd 'curl -sf http://localhost:38887/v1 || exit 1' + --health-interval=30s + --health-timeout=10s + --health-retries=3 + --health-start-period=30s + --name "${module_name}" + "${image_full_url}" +) + +printf "要执行的命令为:\npodman %s\n" "${run_args[*]}" +container_id=$(podman "${run_args[@]}") + +inspect_format='{{ '{{' }}.State.Running{{ '}}' }}' +if [[ "$(podman inspect -f "$inspect_format" "${container_id}")" == "true" ]]; then + printf "\033[32m%s 容器启动成功, 容器id: %s\033[0m\n" "${module_name}" "${container_id:0:12}" +else + printf "\033[31m%s 容器启动失败, 容器id: %s\033[0m\n" "${module_name}" "${container_id:0:12}" + exit 1 +fi diff --git a/ansible/roles/dingo-command/templates/dingo-bear/dingo-bear.conf.j2 b/ansible/roles/dingo-command/templates/dingo-bear/dingo-bear.conf.j2 new file mode 100644 index 0000000000..d5db8f958d --- /dev/null +++ b/ansible/roles/dingo-command/templates/dingo-bear/dingo-bear.conf.j2 @@ -0,0 +1,198 @@ +[DEFAULT] +# region名称 黄海是RegionOne 其他环境按照部署长上去 +region_name = {{ dingo_command_region_name }} +aidc_name = {{ dingo_command_aidc_name }} +# 是否是中心region的标志 黄海是True 其他是False +center_region_flag = {{ dingo_command_center_region_flag }} +cluster_work_dir = /var/lib/dingo-command/dingo-bear +my_ip = {{ api_interface_address }} +vip = {{ kolla_internal_fqdn }} +transport_url = {{ rpc_transport_url }} +# 中心region的mq地址,从黄海那边拿transport_url,如果是独立部署的不需要赋值 +center_transport_url = {{ center_rpc_transport_url }} +auth_url = http://{{ kolla_internal_fqdn }}:5000 +harbor_url = {{ harbor_url }} +fileserver_url = {{ fileserver_url }} +k8s_master_image = {{ k8s_master_image }} +k8s_master_flavor = {{ k8s_master_flavor }} +task_timeout = {{ task_timeout }} +soft_task_timeout = {{ soft_task_timeout }} +pushgateway_url = {{ kolla_internal_fqdn }}:19091 +chart_harbor_url = {{ chart_harbor_url }} +chart_harbor_user = {{ chart_harbor_user }} +chart_harbor_passwd = {{ chart_harbor_passwd }} +controller_password = {{ controller_password }} +controller_nodes = {{ controller_nodes }} +nameservers = {{ nameservers }} +kubeconfig_path = /etc/dingo-command/management.kubeconfig +datastore = {{ dingo_command_datastore }} +consul_address = {{ consul_address }} +consul_token = {{ consul_token }} +region_name = {{ dingo_command_region_name }} +prometheus_url = {{ prometheus_url }} +openstack_lb_provider = {{ openstack_lb_provider }} +openstack_lb_method = {{ openstack_lb_method }} +maas_base_url = {{ maas_base_url }} +maas_api_key = {{ maas_api_key }} +maas_llm_url = {{ maas_llm_url }} + +[database] +connection = mysql+pymysql://{{ dingo_bear_database_user }}:{{ dingo_bear_database_password }}@{{ dingo_bear_database_address }}/dingo-bear?charset=utf8mb3 + + +[bigscreen] +prometheus_query_url = {{ bigscreen_prometheus_query_url }} +metrics_fetch_interval = 1800 +metrics_expiration_time = 3600 +memcached_address = {{ api_interface_address }}:11211 +memcached_key_prefix = bigscreen_metrics_ + +[redis] +redis_ip = {{ api_interface_address }} +redis_port = 6379 +redis_password = {{ redis_master_password }} +sentinel_url = "sentinel://{% for host in groups['redis'] %}{% if host == groups['redis'][0] %}:{{ redis_master_password }}@{{ 'api' | kolla_address(host) }}:{{ redis_sentinel_port }}{% else %};sentinel://:{{ redis_master_password }}@{{ 'api' | kolla_address(host) }}:{{ redis_sentinel_port }}{% endif %}{% endfor %}" + + +[ironic] +auth_url = http://{{ kolla_internal_fqdn }}:5000/ +auth_type = password +project_domain = Default +user_domain = Default +project_name = service +user_name = {{ ironic_keystone_user }} +password = {{ ironic_keystone_password }} +region_name = RegionOne + +[nova] +auth_url = http://{{ kolla_internal_fqdn }}:5000/ +auth_type = password +project_domain = Default +user_domain = Default +project_name = service +user_name = {{ nova_keystone_user }} +password = {{ nova_keystone_password }} +region_name = RegionOne + +[neutron] +metadata_proxy_shared_secret = {{ metadata_secret }} +service_metadata_proxy = true +auth_url = {{ keystone_internal_url }} +auth_type = password +project_domain_name = {{ default_project_domain_name }} +user_domain_id = {{ default_user_domain_id }} +project_name = service +username = {{ neutron_keystone_user }} +password = {{ neutron_keystone_password }} +region_name = {{ openstack_region_name }} +valid_interfaces = internal +cafile = {{ openstack_cacert }} + +[cloudkitty] +auth_url = http://{{ kolla_internal_fqdn }}:5000 +auth_type = password +project_domain = {{ default_project_domain_name }} +user_domain = {{ default_project_domain_name }} +project_name = service +username = "cloudkitty" +password = {{ cloudkitty_keystone_password }} +region_name = {{ openstack_region_name }} + +[aliyun_dingodb] +host = {{ aliyun_dingodb_host }} +port = {{ aliyun_dingodb_port }} +user = {{ aliyun_dingodb_user }} +read_user = {{ aliyun_dingodb_read_user }} +password = {{ aliyun_dingodb_password }} +read_password = {{ aliyun_dingodb_read_password }} +report_database = {{ aliyun_dingodb_report_database }} + +[cinder] +auth_url = http://{{ kolla_internal_fqdn }}:5000/ +auth_type = password +project_domain = Default +user_domain = Default +project_name = service +user_name = {{ cinder_keystone_user }} +password = {{ cinder_keystone_password }} +region_name = {{ openstack_region_name }} + +[harbor] +base_url={{ dingo_command_harbor_url }} +robot_username={{ dingo_command_harbor_robot_username }} +robot_token={{ dingo_command_harbor_robot_token }} +verify_ssl={{ dingo_command_harbor_verify_ssl }} +storage_limit={{ dingo_command_harbor_storage_limit }} + +[METRIC] +write_dingo = {{ metric_write_dingo }} +write_clickhouse = {{ metric_write_clickhouse }} + +[CLICKHOUSE] +host = {{ aliyun_clickhouse_host }} +port = {{ aliyun_clickhouse_port }} +username = {{ aliyun_clickhouse_user }} +password = {{ aliyun_clickhouse_password }} +database = {{ aliyun_clickhouse_database }} + +[manila] +auth_url = http://{{ kolla_internal_fqdn }}:5000/ +auth_type = password +project_domain = Default +user_domain = Default +project_name = service +user_name = {{ keystone_admin_user }} +password = {{ keystone_admin_password }} +region_name = RegionOne + +[keystone] +auth_url = http://{{ kolla_internal_fqdn }}:5000/ +auth_type = password +project_domain = Default +user_domain = Default +project_name = service +user_name = {{ keystone_alayanew_admin_user }} +password = {{ keystone_alayanew_admin_password }} +region_name = RegionOne + +[cephfs] +url = {{ dingo_command_cephfs_url }} +vol_name = {{ dingo_command_cephfs_vol_name }} +user_name = {{ dingo_command_cephfs_user_name }} +password = {{ dingo_command_cephfs_password }} +admin_username= {{ dingo_command_cephfs_admin_username }} +admin_password= {{ dingo_command_cephfs_admin_password }} +ssh_host={{ dingo_command_cephfs_ssh_host }} +ssh_user={{ dingo_command_cephfs_ssh_user }} +ssh_password={{ dingo_command_cephfs_ssh_password }} +ssh_port={{ dingo_command_cephfs_ssh_port }} +file_system_name={{ dingo_command_cephfs_file_system_name }} +file_limit = {{ dingo_command_cephfs_file_limit }} +mount_host={{ dingo_command_cephfs_mount_host }} +group_name={{ dingo_command_cephfs_group_name }} + + +[gpfs] +url = {{ dingo_command_gpfs_url }} +user_name = {{ dingo_command_gpfs_user_name }} +password = {{ dingo_command_gpfs_password }} +file_system_name = {{ dingo_command_gpfs_file_system_name }} +baremetal_filesystem_name = {{ dingo_command_gpfs_baremetal_filesystem_name }} +file_limit = {{ dingo_command_gpfs_file_limit }} +mount_host = {{ dingo_command_gpfs_mount_host }} + +[kafka] +kafka_broker_list = {{ kafka_broker_list }} + +[openclaw] +image_id = {{ openclaw_openstack_image_id }} +project_id = {{ openclaw_openstack_project_id }} +user_id = {{ openclaw_openstack_user_id }} +password = {{ openclaw_openstack_password }} +security_group_id = {{ openclaw_openstack_security_group_id }} +netowrk_id = {{ openclaw_openstack_network_id }} +subnet_id = {{ openclaw_openstack_subnet_id }} +ssh_user = {{ openclaw_ssh_user }} + +[alert_platform] +alert_platform_url = {{ alert_platform_url }} diff --git a/ansible/roles/dingo-command/templates/dingo-bear/gunicorn.py b/ansible/roles/dingo-command/templates/dingo-bear/gunicorn.py new file mode 100644 index 0000000000..4ecccd17fd --- /dev/null +++ b/ansible/roles/dingo-command/templates/dingo-bear/gunicorn.py @@ -0,0 +1,55 @@ +# Copyright 2022 99cloud +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import multiprocessing +import os +os.environ['OPENBLAS_NUM_THREADS'] = '1' + +bind = "0.0.0.0:38887" +workers = 4 +worker_class = "uvicorn.workers.UvicornWorker" +timeout = 300 +keepalive = 5 +reuse_port = True +proc_name = "dingo-command" + +# Use gunicorn native log file settings instead of logconfig_dict file handlers, +# which are unreliable with RotatingFileHandler in gunicorn's worker model. +accesslog = "/var/log/dingo-bear/dingo-bear-access.log" +errorlog = "/var/log/dingo-bear/dingo-bear-error.log" +loglevel = "info" + +logconfig_dict = { + "version": 1, + "disable_existing_loggers": False, + "root": {"level": "INFO", "handlers": ["console"]}, + "loggers": { + "gunicorn.error": {"level": "INFO", "handlers": ["console"], "propagate": 0}, + "gunicorn.access": {"level": "INFO", "handlers": ["console"], "propagate": 0}, + }, + "handlers": { + "console": { + "class": "logging.StreamHandler", + "level": "INFO", + "formatter": "generic", + }, + }, + "formatters": { + "generic": { + "format": "%(asctime)s.%(msecs)03d %(process)d %(levelname)s [-] %(message)s", + "datefmt": "[%Y-%m-%d %H:%M:%S %z]", + "class": "logging.Formatter", + } + }, +} diff --git a/ansible/roles/dingo-command/templates/dingo-bear/nginx.conf.j2 b/ansible/roles/dingo-command/templates/dingo-bear/nginx.conf.j2 new file mode 100644 index 0000000000..4410f1ecf0 --- /dev/null +++ b/ansible/roles/dingo-command/templates/dingo-bear/nginx.conf.j2 @@ -0,0 +1,28 @@ +server { + listen 30000; + root /opt/dingo-aurora/frontend/dist; + index index.html; + + # SPA fallback + location / { + try_files $uri $uri/ /index.html; + } + + # Proxy API requests to FastAPI backend + location /v1 { + proxy_pass http://127.0.0.1:38887; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + } + + # Proxy Skyline for login (strip /skyline prefix) + location /skyline/ { + proxy_pass {{ dingo_bear_skyline_url }}/; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } +} diff --git a/ansible/roles/dingo-command/templates/dingo-bear/supervisord.conf b/ansible/roles/dingo-command/templates/dingo-bear/supervisord.conf new file mode 100644 index 0000000000..0a2f5d6262 --- /dev/null +++ b/ansible/roles/dingo-command/templates/dingo-bear/supervisord.conf @@ -0,0 +1,43 @@ +[supervisord] +nodaemon=true +logfile=/var/log/supervisord.log +pidfile=/var/run/supervisord.pid + +[unix_http_server] +file=/var/run/supervisor.sock + +[program:fastapi] +command=/usr/local/bin/gunicorn -c /etc/dingo-bear/gunicorn.py dingo_command.main:app +directory=/opt/dingo-aurora +autostart=true +autorestart=true +stdout_logfile=/var/log/dingo-bear/dingo-bear.log +stderr_logfile=/var/log/dingo-bear/dingo-bear.err + +[program:celery] +command=celery -A dingo_command.celery_api.workers worker -n dingo-bear@%(host_node_name)s -Q dingo-bear --loglevel=info --pool=threads --concurrency=16 +directory=/opt/dingo-aurora +autostart=true +autorestart=true +stdout_logfile=/var/log/dingo-bear/celery.log +stderr_logfile=/var/log/dingo-bear/celery-err.log + +[program:nginx] +command=nginx -g "daemon off;" +autostart=true +autorestart=true +stdout_logfile=/var/log/dingo-bear/nginx-access.log +stderr_logfile=/var/log/dingo-bear/nginx-error.log + +[program:flower] +command=celery -A dingo_command.celery_api.workers flower --port=5555 +directory=/opt/dingo-aurora +stdout_logfile=/var/log/dingo-bear/flower.log +stderr_logfile=/var/log/dingo-bear/flower-err.log + +[rpcinterface:supervisor] +supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface + +[supervisorctl] +serverurl=unix:///var/run/supervisor.sock +prompt=dingoops-supervisor diff --git a/ansible/roles/dingo-command/templates/dingo-command.conf.j2 b/ansible/roles/dingo-command/templates/dingo-command.conf.j2 new file mode 100644 index 0000000000..e01df9b34c --- /dev/null +++ b/ansible/roles/dingo-command/templates/dingo-command.conf.j2 @@ -0,0 +1,198 @@ +[DEFAULT] +# region名称 黄海是RegionOne 其他环境按照部署长上去 +region_name = {{ dingo_command_region_name }} +aidc_name = {{ dingo_command_aidc_name }} +# 是否是中心region的标志 黄海是True 其他是False +center_region_flag = {{ dingo_command_center_region_flag }} +cluster_work_dir = /var/lib/dingo-command +my_ip = {{ api_interface_address }} +vip = {{ kolla_internal_fqdn }} +transport_url = {{ rpc_transport_url }} +# 中心region的mq地址,从黄海那边拿transport_url,如果是独立部署的不需要赋值 +center_transport_url = {{ center_rpc_transport_url }} +auth_url = http://{{ kolla_internal_fqdn }}:5000 +harbor_url = {{ harbor_url }} +fileserver_url = {{ fileserver_url }} +k8s_master_image = {{ k8s_master_image }} +k8s_master_flavor = {{ k8s_master_flavor }} +task_timeout = {{ task_timeout }} +soft_task_timeout = {{ soft_task_timeout }} +pushgateway_url = {{ kolla_internal_fqdn }}:19091 +chart_harbor_url = {{ chart_harbor_url }} +chart_harbor_user = {{ chart_harbor_user }} +chart_harbor_passwd = {{ chart_harbor_passwd }} +controller_password = {{ controller_password }} +controller_nodes = {{ controller_nodes }} +nameservers = {{ nameservers }} +kubeconfig_path = /etc/dingo-command/management.kubeconfig +datastore = {{ dingo_command_datastore }} +consul_address = {{ consul_address }} +consul_token = {{ consul_token }} +region_name = {{ dingo_command_region_name }} +prometheus_url = {{ prometheus_url }} +openstack_lb_provider = {{ openstack_lb_provider }} +openstack_lb_method = {{ openstack_lb_method }} +maas_base_url = {{ maas_base_url }} +maas_api_key = {{ maas_api_key }} +maas_llm_url = {{ maas_llm_url }} + +[database] +connection = mysql+pymysql://{{ dingo_command_database_user }}:{{ dingo_command_database_password }}@{{ dingo_command_database_address }}/dingoops?charset=utf8mb3 + + +[bigscreen] +prometheus_query_url = {{ bigscreen_prometheus_query_url }} +metrics_fetch_interval = 1800 +metrics_expiration_time = 3600 +memcached_address = {{ api_interface_address }}:11211 +memcached_key_prefix = bigscreen_metrics_ + +[redis] +redis_ip = {{ api_interface_address }} +redis_port = 6379 +redis_password = {{ redis_master_password }} +sentinel_url = "sentinel://{% for host in groups['redis'] %}{% if host == groups['redis'][0] %}:{{ redis_master_password }}@{{ 'api' | kolla_address(host) }}:{{ redis_sentinel_port }}{% else %};sentinel://:{{ redis_master_password }}@{{ 'api' | kolla_address(host) }}:{{ redis_sentinel_port }}{% endif %}{% endfor %}" + + +[ironic] +auth_url = http://{{ kolla_internal_fqdn }}:5000/ +auth_type = password +project_domain = Default +user_domain = Default +project_name = service +user_name = {{ ironic_keystone_user }} +password = {{ ironic_keystone_password }} +region_name = RegionOne + +[nova] +auth_url = http://{{ kolla_internal_fqdn }}:5000/ +auth_type = password +project_domain = Default +user_domain = Default +project_name = service +user_name = {{ nova_keystone_user }} +password = {{ nova_keystone_password }} +region_name = RegionOne + +[neutron] +metadata_proxy_shared_secret = {{ metadata_secret }} +service_metadata_proxy = true +auth_url = {{ keystone_internal_url }} +auth_type = password +project_domain_name = {{ default_project_domain_name }} +user_domain_id = {{ default_user_domain_id }} +project_name = service +username = {{ neutron_keystone_user }} +password = {{ neutron_keystone_password }} +region_name = {{ openstack_region_name }} +valid_interfaces = internal +cafile = {{ openstack_cacert }} + +[cloudkitty] +auth_url = http://{{ kolla_internal_fqdn }}:5000 +auth_type = password +project_domain = {{ default_project_domain_name }} +user_domain = {{ default_project_domain_name }} +project_name = service +username = "cloudkitty" +password = {{ cloudkitty_keystone_password }} +region_name = {{ openstack_region_name }} + +[aliyun_dingodb] +host = {{ aliyun_dingodb_host }} +port = {{ aliyun_dingodb_port }} +user = {{ aliyun_dingodb_user }} +read_user = {{ aliyun_dingodb_read_user }} +password = {{ aliyun_dingodb_password }} +read_password = {{ aliyun_dingodb_read_password }} +report_database = {{ aliyun_dingodb_report_database }} + +[cinder] +auth_url = http://{{ kolla_internal_fqdn }}:5000/ +auth_type = password +project_domain = Default +user_domain = Default +project_name = service +user_name = {{ cinder_keystone_user }} +password = {{ cinder_keystone_password }} +region_name = {{ openstack_region_name }} + +[harbor] +base_url={{ dingo_command_harbor_url }} +robot_username={{ dingo_command_harbor_robot_username }} +robot_token={{ dingo_command_harbor_robot_token }} +verify_ssl={{ dingo_command_harbor_verify_ssl }} +storage_limit={{ dingo_command_harbor_storage_limit }} + +[METRIC] +write_dingo = {{ metric_write_dingo }} +write_clickhouse = {{ metric_write_clickhouse }} + +[CLICKHOUSE] +host = {{ aliyun_clickhouse_host }} +port = {{ aliyun_clickhouse_port }} +username = {{ aliyun_clickhouse_user }} +password = {{ aliyun_clickhouse_password }} +database = {{ aliyun_clickhouse_database }} + +[manila] +auth_url = http://{{ kolla_internal_fqdn }}:5000/ +auth_type = password +project_domain = Default +user_domain = Default +project_name = service +user_name = {{ keystone_admin_user }} +password = {{ keystone_admin_password }} +region_name = RegionOne + +[keystone] +auth_url = http://{{ kolla_internal_fqdn }}:5000/ +auth_type = password +project_domain = Default +user_domain = Default +project_name = service +user_name = {{ keystone_alayanew_admin_user }} +password = {{ keystone_alayanew_admin_password }} +region_name = RegionOne + +[cephfs] +url = {{ dingo_command_cephfs_url }} +vol_name = {{ dingo_command_cephfs_vol_name }} +user_name = {{ dingo_command_cephfs_user_name }} +password = {{ dingo_command_cephfs_password }} +admin_username= {{ dingo_command_cephfs_admin_username }} +admin_password= {{ dingo_command_cephfs_admin_password }} +ssh_host={{ dingo_command_cephfs_ssh_host }} +ssh_user={{ dingo_command_cephfs_ssh_user }} +ssh_password={{ dingo_command_cephfs_ssh_password }} +ssh_port={{ dingo_command_cephfs_ssh_port }} +file_system_name={{ dingo_command_cephfs_file_system_name }} +file_limit = {{ dingo_command_cephfs_file_limit }} +mount_host={{ dingo_command_cephfs_mount_host }} +group_name={{ dingo_command_cephfs_group_name }} + + +[gpfs] +url = {{ dingo_command_gpfs_url }} +user_name = {{ dingo_command_gpfs_user_name }} +password = {{ dingo_command_gpfs_password }} +file_system_name = {{ dingo_command_gpfs_file_system_name }} +baremetal_filesystem_name = {{ dingo_command_gpfs_baremetal_filesystem_name }} +file_limit = {{ dingo_command_gpfs_file_limit }} +mount_host = {{ dingo_command_gpfs_mount_host }} + +[kafka] +kafka_broker_list = {{ kafka_broker_list }} + +[openclaw] +image_id = {{ openclaw_openstack_image_id }} +project_id = {{ openclaw_openstack_project_id }} +user_id = {{ openclaw_openstack_user_id }} +password = {{ openclaw_openstack_password }} +security_group_id = {{ openclaw_openstack_security_group_id }} +netowrk_id = {{ openclaw_openstack_network_id }} +subnet_id = {{ openclaw_openstack_subnet_id }} +ssh_user = {{ openclaw_ssh_user }} + +[alert_platform] +alert_platform_url = {{ alert_platform_url }} diff --git a/ansible/roles/dingo-command/templates/dingo.com/hashicorp/cloudinit/2.3.7/linux_amd64/LICENSE.txt b/ansible/roles/dingo-command/templates/dingo.com/hashicorp/cloudinit/2.3.7/linux_amd64/LICENSE.txt new file mode 100644 index 0000000000..3b97eaf3c3 --- /dev/null +++ b/ansible/roles/dingo-command/templates/dingo.com/hashicorp/cloudinit/2.3.7/linux_amd64/LICENSE.txt @@ -0,0 +1,375 @@ +Copyright (c) 2019 HashiCorp, Inc. + +Mozilla Public License Version 2.0 +================================== + +1. Definitions +-------------- + +1.1. "Contributor" + means each individual or legal entity that creates, contributes to + the creation of, or owns Covered Software. + +1.2. "Contributor Version" + means the combination of the Contributions of others (if any) used + by a Contributor and that particular Contributor's Contribution. + +1.3. "Contribution" + means Covered Software of a particular Contributor. + +1.4. "Covered Software" + means Source Code Form to which the initial Contributor has attached + the notice in Exhibit A, the Executable Form of such Source Code + Form, and Modifications of such Source Code Form, in each case + including portions thereof. + +1.5. "Incompatible With Secondary Licenses" + means + + (a) that the initial Contributor has attached the notice described + in Exhibit B to the Covered Software; or + + (b) that the Covered Software was made available under the terms of + version 1.1 or earlier of the License, but not also under the + terms of a Secondary License. + +1.6. "Executable Form" + means any form of the work other than Source Code Form. + +1.7. "Larger Work" + means a work that combines Covered Software with other material, in + a separate file or files, that is not Covered Software. + +1.8. "License" + means this document. + +1.9. "Licensable" + means having the right to grant, to the maximum extent possible, + whether at the time of the initial grant or subsequently, any and + all of the rights conveyed by this License. + +1.10. "Modifications" + means any of the following: + + (a) any file in Source Code Form that results from an addition to, + deletion from, or modification of the contents of Covered + Software; or + + (b) any new file in Source Code Form that contains any Covered + Software. + +1.11. "Patent Claims" of a Contributor + means any patent claim(s), including without limitation, method, + process, and apparatus claims, in any patent Licensable by such + Contributor that would be infringed, but for the grant of the + License, by the making, using, selling, offering for sale, having + made, import, or transfer of either its Contributions or its + Contributor Version. + +1.12. "Secondary License" + means either the GNU General Public License, Version 2.0, the GNU + Lesser General Public License, Version 2.1, the GNU Affero General + Public License, Version 3.0, or any later versions of those + licenses. + +1.13. "Source Code Form" + means the form of the work preferred for making modifications. + +1.14. "You" (or "Your") + means an individual or a legal entity exercising rights under this + License. For legal entities, "You" includes any entity that + controls, is controlled by, or is under common control with You. For + purposes of this definition, "control" means (a) the power, direct + or indirect, to cause the direction or management of such entity, + whether by contract or otherwise, or (b) ownership of more than + fifty percent (50%) of the outstanding shares or beneficial + ownership of such entity. + +2. License Grants and Conditions +-------------------------------- + +2.1. Grants + +Each Contributor hereby grants You a world-wide, royalty-free, +non-exclusive license: + +(a) under intellectual property rights (other than patent or trademark) + Licensable by such Contributor to use, reproduce, make available, + modify, display, perform, distribute, and otherwise exploit its + Contributions, either on an unmodified basis, with Modifications, or + as part of a Larger Work; and + +(b) under Patent Claims of such Contributor to make, use, sell, offer + for sale, have made, import, and otherwise transfer either its + Contributions or its Contributor Version. + +2.2. Effective Date + +The licenses granted in Section 2.1 with respect to any Contribution +become effective for each Contribution on the date the Contributor first +distributes such Contribution. + +2.3. Limitations on Grant Scope + +The licenses granted in this Section 2 are the only rights granted under +this License. No additional rights or licenses will be implied from the +distribution or licensing of Covered Software under this License. +Notwithstanding Section 2.1(b) above, no patent license is granted by a +Contributor: + +(a) for any code that a Contributor has removed from Covered Software; + or + +(b) for infringements caused by: (i) Your and any other third party's + modifications of Covered Software, or (ii) the combination of its + Contributions with other software (except as part of its Contributor + Version); or + +(c) under Patent Claims infringed by Covered Software in the absence of + its Contributions. + +This License does not grant any rights in the trademarks, service marks, +or logos of any Contributor (except as may be necessary to comply with +the notice requirements in Section 3.4). + +2.4. Subsequent Licenses + +No Contributor makes additional grants as a result of Your choice to +distribute the Covered Software under a subsequent version of this +License (see Section 10.2) or under the terms of a Secondary License (if +permitted under the terms of Section 3.3). + +2.5. Representation + +Each Contributor represents that the Contributor believes its +Contributions are its original creation(s) or it has sufficient rights +to grant the rights to its Contributions conveyed by this License. + +2.6. Fair Use + +This License is not intended to limit any rights You have under +applicable copyright doctrines of fair use, fair dealing, or other +equivalents. + +2.7. Conditions + +Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted +in Section 2.1. + +3. Responsibilities +------------------- + +3.1. Distribution of Source Form + +All distribution of Covered Software in Source Code Form, including any +Modifications that You create or to which You contribute, must be under +the terms of this License. You must inform recipients that the Source +Code Form of the Covered Software is governed by the terms of this +License, and how they can obtain a copy of this License. You may not +attempt to alter or restrict the recipients' rights in the Source Code +Form. + +3.2. Distribution of Executable Form + +If You distribute Covered Software in Executable Form then: + +(a) such Covered Software must also be made available in Source Code + Form, as described in Section 3.1, and You must inform recipients of + the Executable Form how they can obtain a copy of such Source Code + Form by reasonable means in a timely manner, at a charge no more + than the cost of distribution to the recipient; and + +(b) You may distribute such Executable Form under the terms of this + License, or sublicense it under different terms, provided that the + license for the Executable Form does not attempt to limit or alter + the recipients' rights in the Source Code Form under this License. + +3.3. Distribution of a Larger Work + +You may create and distribute a Larger Work under terms of Your choice, +provided that You also comply with the requirements of this License for +the Covered Software. If the Larger Work is a combination of Covered +Software with a work governed by one or more Secondary Licenses, and the +Covered Software is not Incompatible With Secondary Licenses, this +License permits You to additionally distribute such Covered Software +under the terms of such Secondary License(s), so that the recipient of +the Larger Work may, at their option, further distribute the Covered +Software under the terms of either this License or such Secondary +License(s). + +3.4. Notices + +You may not remove or alter the substance of any license notices +(including copyright notices, patent notices, disclaimers of warranty, +or limitations of liability) contained within the Source Code Form of +the Covered Software, except that You may alter any license notices to +the extent required to remedy known factual inaccuracies. + +3.5. Application of Additional Terms + +You may choose to offer, and to charge a fee for, warranty, support, +indemnity or liability obligations to one or more recipients of Covered +Software. However, You may do so only on Your own behalf, and not on +behalf of any Contributor. You must make it absolutely clear that any +such warranty, support, indemnity, or liability obligation is offered by +You alone, and You hereby agree to indemnify every Contributor for any +liability incurred by such Contributor as a result of warranty, support, +indemnity or liability terms You offer. You may include additional +disclaimers of warranty and limitations of liability specific to any +jurisdiction. + +4. Inability to Comply Due to Statute or Regulation +--------------------------------------------------- + +If it is impossible for You to comply with any of the terms of this +License with respect to some or all of the Covered Software due to +statute, judicial order, or regulation then You must: (a) comply with +the terms of this License to the maximum extent possible; and (b) +describe the limitations and the code they affect. Such description must +be placed in a text file included with all distributions of the Covered +Software under this License. Except to the extent prohibited by statute +or regulation, such description must be sufficiently detailed for a +recipient of ordinary skill to be able to understand it. + +5. Termination +-------------- + +5.1. The rights granted under this License will terminate automatically +if You fail to comply with any of its terms. However, if You become +compliant, then the rights granted under this License from a particular +Contributor are reinstated (a) provisionally, unless and until such +Contributor explicitly and finally terminates Your grants, and (b) on an +ongoing basis, if such Contributor fails to notify You of the +non-compliance by some reasonable means prior to 60 days after You have +come back into compliance. Moreover, Your grants from a particular +Contributor are reinstated on an ongoing basis if such Contributor +notifies You of the non-compliance by some reasonable means, this is the +first time You have received notice of non-compliance with this License +from such Contributor, and You become compliant prior to 30 days after +Your receipt of the notice. + +5.2. If You initiate litigation against any entity by asserting a patent +infringement claim (excluding declaratory judgment actions, +counter-claims, and cross-claims) alleging that a Contributor Version +directly or indirectly infringes any patent, then the rights granted to +You by any and all Contributors for the Covered Software under Section +2.1 of this License shall terminate. + +5.3. In the event of termination under Sections 5.1 or 5.2 above, all +end user license agreements (excluding distributors and resellers) which +have been validly granted by You or Your distributors under this License +prior to termination shall survive termination. + +************************************************************************ +* * +* 6. Disclaimer of Warranty * +* ------------------------- * +* * +* Covered Software is provided under this License on an "as is" * +* basis, without warranty of any kind, either expressed, implied, or * +* statutory, including, without limitation, warranties that the * +* Covered Software is free of defects, merchantable, fit for a * +* particular purpose or non-infringing. The entire risk as to the * +* quality and performance of the Covered Software is with You. * +* Should any Covered Software prove defective in any respect, You * +* (not any Contributor) assume the cost of any necessary servicing, * +* repair, or correction. This disclaimer of warranty constitutes an * +* essential part of this License. No use of any Covered Software is * +* authorized under this License except under this disclaimer. * +* * +************************************************************************ + +************************************************************************ +* * +* 7. Limitation of Liability * +* -------------------------- * +* * +* Under no circumstances and under no legal theory, whether tort * +* (including negligence), contract, or otherwise, shall any * +* Contributor, or anyone who distributes Covered Software as * +* permitted above, be liable to You for any direct, indirect, * +* special, incidental, or consequential damages of any character * +* including, without limitation, damages for lost profits, loss of * +* goodwill, work stoppage, computer failure or malfunction, or any * +* and all other commercial damages or losses, even if such party * +* shall have been informed of the possibility of such damages. This * +* limitation of liability shall not apply to liability for death or * +* personal injury resulting from such party's negligence to the * +* extent applicable law prohibits such limitation. Some * +* jurisdictions do not allow the exclusion or limitation of * +* incidental or consequential damages, so this exclusion and * +* limitation may not apply to You. * +* * +************************************************************************ + +8. Litigation +------------- + +Any litigation relating to this License may be brought only in the +courts of a jurisdiction where the defendant maintains its principal +place of business and such litigation shall be governed by laws of that +jurisdiction, without reference to its conflict-of-law provisions. +Nothing in this Section shall prevent a party's ability to bring +cross-claims or counter-claims. + +9. Miscellaneous +---------------- + +This License represents the complete agreement concerning the subject +matter hereof. If any provision of this License is held to be +unenforceable, such provision shall be reformed only to the extent +necessary to make it enforceable. Any law or regulation which provides +that the language of a contract shall be construed against the drafter +shall not be used to construe this License against a Contributor. + +10. Versions of the License +--------------------------- + +10.1. New Versions + +Mozilla Foundation is the license steward. Except as provided in Section +10.3, no one other than the license steward has the right to modify or +publish new versions of this License. Each version will be given a +distinguishing version number. + +10.2. Effect of New Versions + +You may distribute the Covered Software under the terms of the version +of the License under which You originally received the Covered Software, +or under the terms of any subsequent version published by the license +steward. + +10.3. Modified Versions + +If you create software not governed by this License, and you want to +create a new license for such software, you may create and use a +modified version of this License if you rename the license and remove +any references to the name of the license steward (except to note that +such modified license differs from this License). + +10.4. Distributing Source Code Form that is Incompatible With Secondary +Licenses + +If You choose to distribute Source Code Form that is Incompatible With +Secondary Licenses under the terms of this version of the License, the +notice described in Exhibit B of this License must be attached. + +Exhibit A - Source Code Form License Notice +------------------------------------------- + + This Source Code Form is subject to the terms of the Mozilla Public + License, v. 2.0. If a copy of the MPL was not distributed with this + file, You can obtain one at http://mozilla.org/MPL/2.0/. + +If it is not possible or desirable to put the notice in a particular +file, then You may include the notice in a location (such as a LICENSE +file in a relevant directory) where a recipient would be likely to look +for such a notice. + +You may add additional accurate notices of copyright ownership. + +Exhibit B - "Incompatible With Secondary Licenses" Notice +--------------------------------------------------------- + + This Source Code Form is "Incompatible With Secondary Licenses", as + defined by the Mozilla Public License, v. 2.0. diff --git a/ansible/roles/dingo-command/templates/dingo.com/hashicorp/cloudinit/2.3.7/linux_amd64/terraform-provider-cloudinit_v2.3.7_x5 b/ansible/roles/dingo-command/templates/dingo.com/hashicorp/cloudinit/2.3.7/linux_amd64/terraform-provider-cloudinit_v2.3.7_x5 new file mode 100644 index 0000000000..8988c64200 Binary files /dev/null and b/ansible/roles/dingo-command/templates/dingo.com/hashicorp/cloudinit/2.3.7/linux_amd64/terraform-provider-cloudinit_v2.3.7_x5 differ diff --git a/ansible/roles/dingo-command/templates/dingo.com/hashicorp/null/3.2.4/linux_amd64/LICENSE.txt b/ansible/roles/dingo-command/templates/dingo.com/hashicorp/null/3.2.4/linux_amd64/LICENSE.txt new file mode 100644 index 0000000000..b9ac071eb6 --- /dev/null +++ b/ansible/roles/dingo-command/templates/dingo.com/hashicorp/null/3.2.4/linux_amd64/LICENSE.txt @@ -0,0 +1,375 @@ +Copyright (c) 2017 HashiCorp, Inc. + +Mozilla Public License Version 2.0 +================================== + +1. Definitions +-------------- + +1.1. "Contributor" + means each individual or legal entity that creates, contributes to + the creation of, or owns Covered Software. + +1.2. "Contributor Version" + means the combination of the Contributions of others (if any) used + by a Contributor and that particular Contributor's Contribution. + +1.3. "Contribution" + means Covered Software of a particular Contributor. + +1.4. "Covered Software" + means Source Code Form to which the initial Contributor has attached + the notice in Exhibit A, the Executable Form of such Source Code + Form, and Modifications of such Source Code Form, in each case + including portions thereof. + +1.5. "Incompatible With Secondary Licenses" + means + + (a) that the initial Contributor has attached the notice described + in Exhibit B to the Covered Software; or + + (b) that the Covered Software was made available under the terms of + version 1.1 or earlier of the License, but not also under the + terms of a Secondary License. + +1.6. "Executable Form" + means any form of the work other than Source Code Form. + +1.7. "Larger Work" + means a work that combines Covered Software with other material, in + a separate file or files, that is not Covered Software. + +1.8. "License" + means this document. + +1.9. "Licensable" + means having the right to grant, to the maximum extent possible, + whether at the time of the initial grant or subsequently, any and + all of the rights conveyed by this License. + +1.10. "Modifications" + means any of the following: + + (a) any file in Source Code Form that results from an addition to, + deletion from, or modification of the contents of Covered + Software; or + + (b) any new file in Source Code Form that contains any Covered + Software. + +1.11. "Patent Claims" of a Contributor + means any patent claim(s), including without limitation, method, + process, and apparatus claims, in any patent Licensable by such + Contributor that would be infringed, but for the grant of the + License, by the making, using, selling, offering for sale, having + made, import, or transfer of either its Contributions or its + Contributor Version. + +1.12. "Secondary License" + means either the GNU General Public License, Version 2.0, the GNU + Lesser General Public License, Version 2.1, the GNU Affero General + Public License, Version 3.0, or any later versions of those + licenses. + +1.13. "Source Code Form" + means the form of the work preferred for making modifications. + +1.14. "You" (or "Your") + means an individual or a legal entity exercising rights under this + License. For legal entities, "You" includes any entity that + controls, is controlled by, or is under common control with You. For + purposes of this definition, "control" means (a) the power, direct + or indirect, to cause the direction or management of such entity, + whether by contract or otherwise, or (b) ownership of more than + fifty percent (50%) of the outstanding shares or beneficial + ownership of such entity. + +2. License Grants and Conditions +-------------------------------- + +2.1. Grants + +Each Contributor hereby grants You a world-wide, royalty-free, +non-exclusive license: + +(a) under intellectual property rights (other than patent or trademark) + Licensable by such Contributor to use, reproduce, make available, + modify, display, perform, distribute, and otherwise exploit its + Contributions, either on an unmodified basis, with Modifications, or + as part of a Larger Work; and + +(b) under Patent Claims of such Contributor to make, use, sell, offer + for sale, have made, import, and otherwise transfer either its + Contributions or its Contributor Version. + +2.2. Effective Date + +The licenses granted in Section 2.1 with respect to any Contribution +become effective for each Contribution on the date the Contributor first +distributes such Contribution. + +2.3. Limitations on Grant Scope + +The licenses granted in this Section 2 are the only rights granted under +this License. No additional rights or licenses will be implied from the +distribution or licensing of Covered Software under this License. +Notwithstanding Section 2.1(b) above, no patent license is granted by a +Contributor: + +(a) for any code that a Contributor has removed from Covered Software; + or + +(b) for infringements caused by: (i) Your and any other third party's + modifications of Covered Software, or (ii) the combination of its + Contributions with other software (except as part of its Contributor + Version); or + +(c) under Patent Claims infringed by Covered Software in the absence of + its Contributions. + +This License does not grant any rights in the trademarks, service marks, +or logos of any Contributor (except as may be necessary to comply with +the notice requirements in Section 3.4). + +2.4. Subsequent Licenses + +No Contributor makes additional grants as a result of Your choice to +distribute the Covered Software under a subsequent version of this +License (see Section 10.2) or under the terms of a Secondary License (if +permitted under the terms of Section 3.3). + +2.5. Representation + +Each Contributor represents that the Contributor believes its +Contributions are its original creation(s) or it has sufficient rights +to grant the rights to its Contributions conveyed by this License. + +2.6. Fair Use + +This License is not intended to limit any rights You have under +applicable copyright doctrines of fair use, fair dealing, or other +equivalents. + +2.7. Conditions + +Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted +in Section 2.1. + +3. Responsibilities +------------------- + +3.1. Distribution of Source Form + +All distribution of Covered Software in Source Code Form, including any +Modifications that You create or to which You contribute, must be under +the terms of this License. You must inform recipients that the Source +Code Form of the Covered Software is governed by the terms of this +License, and how they can obtain a copy of this License. You may not +attempt to alter or restrict the recipients' rights in the Source Code +Form. + +3.2. Distribution of Executable Form + +If You distribute Covered Software in Executable Form then: + +(a) such Covered Software must also be made available in Source Code + Form, as described in Section 3.1, and You must inform recipients of + the Executable Form how they can obtain a copy of such Source Code + Form by reasonable means in a timely manner, at a charge no more + than the cost of distribution to the recipient; and + +(b) You may distribute such Executable Form under the terms of this + License, or sublicense it under different terms, provided that the + license for the Executable Form does not attempt to limit or alter + the recipients' rights in the Source Code Form under this License. + +3.3. Distribution of a Larger Work + +You may create and distribute a Larger Work under terms of Your choice, +provided that You also comply with the requirements of this License for +the Covered Software. If the Larger Work is a combination of Covered +Software with a work governed by one or more Secondary Licenses, and the +Covered Software is not Incompatible With Secondary Licenses, this +License permits You to additionally distribute such Covered Software +under the terms of such Secondary License(s), so that the recipient of +the Larger Work may, at their option, further distribute the Covered +Software under the terms of either this License or such Secondary +License(s). + +3.4. Notices + +You may not remove or alter the substance of any license notices +(including copyright notices, patent notices, disclaimers of warranty, +or limitations of liability) contained within the Source Code Form of +the Covered Software, except that You may alter any license notices to +the extent required to remedy known factual inaccuracies. + +3.5. Application of Additional Terms + +You may choose to offer, and to charge a fee for, warranty, support, +indemnity or liability obligations to one or more recipients of Covered +Software. However, You may do so only on Your own behalf, and not on +behalf of any Contributor. You must make it absolutely clear that any +such warranty, support, indemnity, or liability obligation is offered by +You alone, and You hereby agree to indemnify every Contributor for any +liability incurred by such Contributor as a result of warranty, support, +indemnity or liability terms You offer. You may include additional +disclaimers of warranty and limitations of liability specific to any +jurisdiction. + +4. Inability to Comply Due to Statute or Regulation +--------------------------------------------------- + +If it is impossible for You to comply with any of the terms of this +License with respect to some or all of the Covered Software due to +statute, judicial order, or regulation then You must: (a) comply with +the terms of this License to the maximum extent possible; and (b) +describe the limitations and the code they affect. Such description must +be placed in a text file included with all distributions of the Covered +Software under this License. Except to the extent prohibited by statute +or regulation, such description must be sufficiently detailed for a +recipient of ordinary skill to be able to understand it. + +5. Termination +-------------- + +5.1. The rights granted under this License will terminate automatically +if You fail to comply with any of its terms. However, if You become +compliant, then the rights granted under this License from a particular +Contributor are reinstated (a) provisionally, unless and until such +Contributor explicitly and finally terminates Your grants, and (b) on an +ongoing basis, if such Contributor fails to notify You of the +non-compliance by some reasonable means prior to 60 days after You have +come back into compliance. Moreover, Your grants from a particular +Contributor are reinstated on an ongoing basis if such Contributor +notifies You of the non-compliance by some reasonable means, this is the +first time You have received notice of non-compliance with this License +from such Contributor, and You become compliant prior to 30 days after +Your receipt of the notice. + +5.2. If You initiate litigation against any entity by asserting a patent +infringement claim (excluding declaratory judgment actions, +counter-claims, and cross-claims) alleging that a Contributor Version +directly or indirectly infringes any patent, then the rights granted to +You by any and all Contributors for the Covered Software under Section +2.1 of this License shall terminate. + +5.3. In the event of termination under Sections 5.1 or 5.2 above, all +end user license agreements (excluding distributors and resellers) which +have been validly granted by You or Your distributors under this License +prior to termination shall survive termination. + +************************************************************************ +* * +* 6. Disclaimer of Warranty * +* ------------------------- * +* * +* Covered Software is provided under this License on an "as is" * +* basis, without warranty of any kind, either expressed, implied, or * +* statutory, including, without limitation, warranties that the * +* Covered Software is free of defects, merchantable, fit for a * +* particular purpose or non-infringing. The entire risk as to the * +* quality and performance of the Covered Software is with You. * +* Should any Covered Software prove defective in any respect, You * +* (not any Contributor) assume the cost of any necessary servicing, * +* repair, or correction. This disclaimer of warranty constitutes an * +* essential part of this License. No use of any Covered Software is * +* authorized under this License except under this disclaimer. * +* * +************************************************************************ + +************************************************************************ +* * +* 7. Limitation of Liability * +* -------------------------- * +* * +* Under no circumstances and under no legal theory, whether tort * +* (including negligence), contract, or otherwise, shall any * +* Contributor, or anyone who distributes Covered Software as * +* permitted above, be liable to You for any direct, indirect, * +* special, incidental, or consequential damages of any character * +* including, without limitation, damages for lost profits, loss of * +* goodwill, work stoppage, computer failure or malfunction, or any * +* and all other commercial damages or losses, even if such party * +* shall have been informed of the possibility of such damages. This * +* limitation of liability shall not apply to liability for death or * +* personal injury resulting from such party's negligence to the * +* extent applicable law prohibits such limitation. Some * +* jurisdictions do not allow the exclusion or limitation of * +* incidental or consequential damages, so this exclusion and * +* limitation may not apply to You. * +* * +************************************************************************ + +8. Litigation +------------- + +Any litigation relating to this License may be brought only in the +courts of a jurisdiction where the defendant maintains its principal +place of business and such litigation shall be governed by laws of that +jurisdiction, without reference to its conflict-of-law provisions. +Nothing in this Section shall prevent a party's ability to bring +cross-claims or counter-claims. + +9. Miscellaneous +---------------- + +This License represents the complete agreement concerning the subject +matter hereof. If any provision of this License is held to be +unenforceable, such provision shall be reformed only to the extent +necessary to make it enforceable. Any law or regulation which provides +that the language of a contract shall be construed against the drafter +shall not be used to construe this License against a Contributor. + +10. Versions of the License +--------------------------- + +10.1. New Versions + +Mozilla Foundation is the license steward. Except as provided in Section +10.3, no one other than the license steward has the right to modify or +publish new versions of this License. Each version will be given a +distinguishing version number. + +10.2. Effect of New Versions + +You may distribute the Covered Software under the terms of the version +of the License under which You originally received the Covered Software, +or under the terms of any subsequent version published by the license +steward. + +10.3. Modified Versions + +If you create software not governed by this License, and you want to +create a new license for such software, you may create and use a +modified version of this License if you rename the license and remove +any references to the name of the license steward (except to note that +such modified license differs from this License). + +10.4. Distributing Source Code Form that is Incompatible With Secondary +Licenses + +If You choose to distribute Source Code Form that is Incompatible With +Secondary Licenses under the terms of this version of the License, the +notice described in Exhibit B of this License must be attached. + +Exhibit A - Source Code Form License Notice +------------------------------------------- + + This Source Code Form is subject to the terms of the Mozilla Public + License, v. 2.0. If a copy of the MPL was not distributed with this + file, You can obtain one at http://mozilla.org/MPL/2.0/. + +If it is not possible or desirable to put the notice in a particular +file, then You may include the notice in a location (such as a LICENSE +file in a relevant directory) where a recipient would be likely to look +for such a notice. + +You may add additional accurate notices of copyright ownership. + +Exhibit B - "Incompatible With Secondary Licenses" Notice +--------------------------------------------------------- + + This Source Code Form is "Incompatible With Secondary Licenses", as + defined by the Mozilla Public License, v. 2.0. diff --git a/ansible/roles/dingo-command/templates/dingo.com/hashicorp/null/3.2.4/linux_amd64/terraform-provider-null_v3.2.4_x5 b/ansible/roles/dingo-command/templates/dingo.com/hashicorp/null/3.2.4/linux_amd64/terraform-provider-null_v3.2.4_x5 new file mode 100644 index 0000000000..9328ecdff8 Binary files /dev/null and b/ansible/roles/dingo-command/templates/dingo.com/hashicorp/null/3.2.4/linux_amd64/terraform-provider-null_v3.2.4_x5 differ diff --git a/ansible/roles/dingo-command/templates/dingo.com/hashicorp/random/3.7.2/linux_amd64/LICENSE.txt b/ansible/roles/dingo-command/templates/dingo.com/hashicorp/random/3.7.2/linux_amd64/LICENSE.txt new file mode 100644 index 0000000000..b9ac071eb6 --- /dev/null +++ b/ansible/roles/dingo-command/templates/dingo.com/hashicorp/random/3.7.2/linux_amd64/LICENSE.txt @@ -0,0 +1,375 @@ +Copyright (c) 2017 HashiCorp, Inc. + +Mozilla Public License Version 2.0 +================================== + +1. Definitions +-------------- + +1.1. "Contributor" + means each individual or legal entity that creates, contributes to + the creation of, or owns Covered Software. + +1.2. "Contributor Version" + means the combination of the Contributions of others (if any) used + by a Contributor and that particular Contributor's Contribution. + +1.3. "Contribution" + means Covered Software of a particular Contributor. + +1.4. "Covered Software" + means Source Code Form to which the initial Contributor has attached + the notice in Exhibit A, the Executable Form of such Source Code + Form, and Modifications of such Source Code Form, in each case + including portions thereof. + +1.5. "Incompatible With Secondary Licenses" + means + + (a) that the initial Contributor has attached the notice described + in Exhibit B to the Covered Software; or + + (b) that the Covered Software was made available under the terms of + version 1.1 or earlier of the License, but not also under the + terms of a Secondary License. + +1.6. "Executable Form" + means any form of the work other than Source Code Form. + +1.7. "Larger Work" + means a work that combines Covered Software with other material, in + a separate file or files, that is not Covered Software. + +1.8. "License" + means this document. + +1.9. "Licensable" + means having the right to grant, to the maximum extent possible, + whether at the time of the initial grant or subsequently, any and + all of the rights conveyed by this License. + +1.10. "Modifications" + means any of the following: + + (a) any file in Source Code Form that results from an addition to, + deletion from, or modification of the contents of Covered + Software; or + + (b) any new file in Source Code Form that contains any Covered + Software. + +1.11. "Patent Claims" of a Contributor + means any patent claim(s), including without limitation, method, + process, and apparatus claims, in any patent Licensable by such + Contributor that would be infringed, but for the grant of the + License, by the making, using, selling, offering for sale, having + made, import, or transfer of either its Contributions or its + Contributor Version. + +1.12. "Secondary License" + means either the GNU General Public License, Version 2.0, the GNU + Lesser General Public License, Version 2.1, the GNU Affero General + Public License, Version 3.0, or any later versions of those + licenses. + +1.13. "Source Code Form" + means the form of the work preferred for making modifications. + +1.14. "You" (or "Your") + means an individual or a legal entity exercising rights under this + License. For legal entities, "You" includes any entity that + controls, is controlled by, or is under common control with You. For + purposes of this definition, "control" means (a) the power, direct + or indirect, to cause the direction or management of such entity, + whether by contract or otherwise, or (b) ownership of more than + fifty percent (50%) of the outstanding shares or beneficial + ownership of such entity. + +2. License Grants and Conditions +-------------------------------- + +2.1. Grants + +Each Contributor hereby grants You a world-wide, royalty-free, +non-exclusive license: + +(a) under intellectual property rights (other than patent or trademark) + Licensable by such Contributor to use, reproduce, make available, + modify, display, perform, distribute, and otherwise exploit its + Contributions, either on an unmodified basis, with Modifications, or + as part of a Larger Work; and + +(b) under Patent Claims of such Contributor to make, use, sell, offer + for sale, have made, import, and otherwise transfer either its + Contributions or its Contributor Version. + +2.2. Effective Date + +The licenses granted in Section 2.1 with respect to any Contribution +become effective for each Contribution on the date the Contributor first +distributes such Contribution. + +2.3. Limitations on Grant Scope + +The licenses granted in this Section 2 are the only rights granted under +this License. No additional rights or licenses will be implied from the +distribution or licensing of Covered Software under this License. +Notwithstanding Section 2.1(b) above, no patent license is granted by a +Contributor: + +(a) for any code that a Contributor has removed from Covered Software; + or + +(b) for infringements caused by: (i) Your and any other third party's + modifications of Covered Software, or (ii) the combination of its + Contributions with other software (except as part of its Contributor + Version); or + +(c) under Patent Claims infringed by Covered Software in the absence of + its Contributions. + +This License does not grant any rights in the trademarks, service marks, +or logos of any Contributor (except as may be necessary to comply with +the notice requirements in Section 3.4). + +2.4. Subsequent Licenses + +No Contributor makes additional grants as a result of Your choice to +distribute the Covered Software under a subsequent version of this +License (see Section 10.2) or under the terms of a Secondary License (if +permitted under the terms of Section 3.3). + +2.5. Representation + +Each Contributor represents that the Contributor believes its +Contributions are its original creation(s) or it has sufficient rights +to grant the rights to its Contributions conveyed by this License. + +2.6. Fair Use + +This License is not intended to limit any rights You have under +applicable copyright doctrines of fair use, fair dealing, or other +equivalents. + +2.7. Conditions + +Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted +in Section 2.1. + +3. Responsibilities +------------------- + +3.1. Distribution of Source Form + +All distribution of Covered Software in Source Code Form, including any +Modifications that You create or to which You contribute, must be under +the terms of this License. You must inform recipients that the Source +Code Form of the Covered Software is governed by the terms of this +License, and how they can obtain a copy of this License. You may not +attempt to alter or restrict the recipients' rights in the Source Code +Form. + +3.2. Distribution of Executable Form + +If You distribute Covered Software in Executable Form then: + +(a) such Covered Software must also be made available in Source Code + Form, as described in Section 3.1, and You must inform recipients of + the Executable Form how they can obtain a copy of such Source Code + Form by reasonable means in a timely manner, at a charge no more + than the cost of distribution to the recipient; and + +(b) You may distribute such Executable Form under the terms of this + License, or sublicense it under different terms, provided that the + license for the Executable Form does not attempt to limit or alter + the recipients' rights in the Source Code Form under this License. + +3.3. Distribution of a Larger Work + +You may create and distribute a Larger Work under terms of Your choice, +provided that You also comply with the requirements of this License for +the Covered Software. If the Larger Work is a combination of Covered +Software with a work governed by one or more Secondary Licenses, and the +Covered Software is not Incompatible With Secondary Licenses, this +License permits You to additionally distribute such Covered Software +under the terms of such Secondary License(s), so that the recipient of +the Larger Work may, at their option, further distribute the Covered +Software under the terms of either this License or such Secondary +License(s). + +3.4. Notices + +You may not remove or alter the substance of any license notices +(including copyright notices, patent notices, disclaimers of warranty, +or limitations of liability) contained within the Source Code Form of +the Covered Software, except that You may alter any license notices to +the extent required to remedy known factual inaccuracies. + +3.5. Application of Additional Terms + +You may choose to offer, and to charge a fee for, warranty, support, +indemnity or liability obligations to one or more recipients of Covered +Software. However, You may do so only on Your own behalf, and not on +behalf of any Contributor. You must make it absolutely clear that any +such warranty, support, indemnity, or liability obligation is offered by +You alone, and You hereby agree to indemnify every Contributor for any +liability incurred by such Contributor as a result of warranty, support, +indemnity or liability terms You offer. You may include additional +disclaimers of warranty and limitations of liability specific to any +jurisdiction. + +4. Inability to Comply Due to Statute or Regulation +--------------------------------------------------- + +If it is impossible for You to comply with any of the terms of this +License with respect to some or all of the Covered Software due to +statute, judicial order, or regulation then You must: (a) comply with +the terms of this License to the maximum extent possible; and (b) +describe the limitations and the code they affect. Such description must +be placed in a text file included with all distributions of the Covered +Software under this License. Except to the extent prohibited by statute +or regulation, such description must be sufficiently detailed for a +recipient of ordinary skill to be able to understand it. + +5. Termination +-------------- + +5.1. The rights granted under this License will terminate automatically +if You fail to comply with any of its terms. However, if You become +compliant, then the rights granted under this License from a particular +Contributor are reinstated (a) provisionally, unless and until such +Contributor explicitly and finally terminates Your grants, and (b) on an +ongoing basis, if such Contributor fails to notify You of the +non-compliance by some reasonable means prior to 60 days after You have +come back into compliance. Moreover, Your grants from a particular +Contributor are reinstated on an ongoing basis if such Contributor +notifies You of the non-compliance by some reasonable means, this is the +first time You have received notice of non-compliance with this License +from such Contributor, and You become compliant prior to 30 days after +Your receipt of the notice. + +5.2. If You initiate litigation against any entity by asserting a patent +infringement claim (excluding declaratory judgment actions, +counter-claims, and cross-claims) alleging that a Contributor Version +directly or indirectly infringes any patent, then the rights granted to +You by any and all Contributors for the Covered Software under Section +2.1 of this License shall terminate. + +5.3. In the event of termination under Sections 5.1 or 5.2 above, all +end user license agreements (excluding distributors and resellers) which +have been validly granted by You or Your distributors under this License +prior to termination shall survive termination. + +************************************************************************ +* * +* 6. Disclaimer of Warranty * +* ------------------------- * +* * +* Covered Software is provided under this License on an "as is" * +* basis, without warranty of any kind, either expressed, implied, or * +* statutory, including, without limitation, warranties that the * +* Covered Software is free of defects, merchantable, fit for a * +* particular purpose or non-infringing. The entire risk as to the * +* quality and performance of the Covered Software is with You. * +* Should any Covered Software prove defective in any respect, You * +* (not any Contributor) assume the cost of any necessary servicing, * +* repair, or correction. This disclaimer of warranty constitutes an * +* essential part of this License. No use of any Covered Software is * +* authorized under this License except under this disclaimer. * +* * +************************************************************************ + +************************************************************************ +* * +* 7. Limitation of Liability * +* -------------------------- * +* * +* Under no circumstances and under no legal theory, whether tort * +* (including negligence), contract, or otherwise, shall any * +* Contributor, or anyone who distributes Covered Software as * +* permitted above, be liable to You for any direct, indirect, * +* special, incidental, or consequential damages of any character * +* including, without limitation, damages for lost profits, loss of * +* goodwill, work stoppage, computer failure or malfunction, or any * +* and all other commercial damages or losses, even if such party * +* shall have been informed of the possibility of such damages. This * +* limitation of liability shall not apply to liability for death or * +* personal injury resulting from such party's negligence to the * +* extent applicable law prohibits such limitation. Some * +* jurisdictions do not allow the exclusion or limitation of * +* incidental or consequential damages, so this exclusion and * +* limitation may not apply to You. * +* * +************************************************************************ + +8. Litigation +------------- + +Any litigation relating to this License may be brought only in the +courts of a jurisdiction where the defendant maintains its principal +place of business and such litigation shall be governed by laws of that +jurisdiction, without reference to its conflict-of-law provisions. +Nothing in this Section shall prevent a party's ability to bring +cross-claims or counter-claims. + +9. Miscellaneous +---------------- + +This License represents the complete agreement concerning the subject +matter hereof. If any provision of this License is held to be +unenforceable, such provision shall be reformed only to the extent +necessary to make it enforceable. Any law or regulation which provides +that the language of a contract shall be construed against the drafter +shall not be used to construe this License against a Contributor. + +10. Versions of the License +--------------------------- + +10.1. New Versions + +Mozilla Foundation is the license steward. Except as provided in Section +10.3, no one other than the license steward has the right to modify or +publish new versions of this License. Each version will be given a +distinguishing version number. + +10.2. Effect of New Versions + +You may distribute the Covered Software under the terms of the version +of the License under which You originally received the Covered Software, +or under the terms of any subsequent version published by the license +steward. + +10.3. Modified Versions + +If you create software not governed by this License, and you want to +create a new license for such software, you may create and use a +modified version of this License if you rename the license and remove +any references to the name of the license steward (except to note that +such modified license differs from this License). + +10.4. Distributing Source Code Form that is Incompatible With Secondary +Licenses + +If You choose to distribute Source Code Form that is Incompatible With +Secondary Licenses under the terms of this version of the License, the +notice described in Exhibit B of this License must be attached. + +Exhibit A - Source Code Form License Notice +------------------------------------------- + + This Source Code Form is subject to the terms of the Mozilla Public + License, v. 2.0. If a copy of the MPL was not distributed with this + file, You can obtain one at http://mozilla.org/MPL/2.0/. + +If it is not possible or desirable to put the notice in a particular +file, then You may include the notice in a location (such as a LICENSE +file in a relevant directory) where a recipient would be likely to look +for such a notice. + +You may add additional accurate notices of copyright ownership. + +Exhibit B - "Incompatible With Secondary Licenses" Notice +--------------------------------------------------------- + + This Source Code Form is "Incompatible With Secondary Licenses", as + defined by the Mozilla Public License, v. 2.0. diff --git a/ansible/roles/dingo-command/templates/dingo.com/hashicorp/random/3.7.2/linux_amd64/terraform-provider-random_v3.7.2_x5 b/ansible/roles/dingo-command/templates/dingo.com/hashicorp/random/3.7.2/linux_amd64/terraform-provider-random_v3.7.2_x5 new file mode 100644 index 0000000000..3fc6b59e43 Binary files /dev/null and b/ansible/roles/dingo-command/templates/dingo.com/hashicorp/random/3.7.2/linux_amd64/terraform-provider-random_v3.7.2_x5 differ diff --git a/ansible/roles/dingo-command/templates/dingo.com/terraform-provider-openstack/openstack/1.54.1/linux_amd64/CHANGELOG.md b/ansible/roles/dingo-command/templates/dingo.com/terraform-provider-openstack/openstack/1.54.1/linux_amd64/CHANGELOG.md new file mode 100644 index 0000000000..60aa6a69e0 --- /dev/null +++ b/ansible/roles/dingo-command/templates/dingo.com/terraform-provider-openstack/openstack/1.54.1/linux_amd64/CHANGELOG.md @@ -0,0 +1,1293 @@ +## 1.54.1 (31 January, 2024) + +NOTES + +* Clarify provider deprecation message for option `use_octavia`. Add info on how various users will be affected ([#1665](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1665)). + +## 1.54.0 ( 29 January, 2024) + +NOTES + +* **Support for neutron-lbaas will be removed on next major release.** Only `octavia` will be supported. Related resources and data-sources marked with a deprecation notice([#1640](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1640)). +* Added deprecation notice for `multiattach` on `openstack_blockstorage_volume_v3` ([#1629](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1629)). Support for it **will be removed on next major release**. +* Added deprecation notice for various nova resources. Support for them will **not** be removed, but users are notified to use the new resources instead ([#1639](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1639)). + + +IMPROVEMENTS + +* Updated Terraform SDK to `v2.30.0` ([#1631](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1631)) +* Updated Gophercloud to `v1.8.0` ([#1631](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1631)) +* Updated docs of `openstack_networking_port_v2` to note ip allocation depedency with subnet ([#1622](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1622)) +* Updated docs of `openstack_networking_secgroup_rule_v2` for port-range exception ([#1632](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1632)) +* Added extra validations on `openstack_lb_pool_v2` ([#1628](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1628)) +* Added attachment information on `data_source_blockstorage_volume_v3` ([#1624](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1624)) +* Added `backup_id` to `openstack_blockstorage_volume_v3` ([#1641](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1641)) + + +BUG FIXES + +## 1.53.0 ( 26 October, 2023) + +NOTES + +* Marked various resources as deprecated and added a deprecation warning for the user ([#1591](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1591)) + +IMPROVEMENTS + +* Added `project_id` argument to the `openstack_fw_rule_v2` data source ([#1594](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1594)) +* Added `project_id` argument to the `openstack_fw_rule_v2` resource ([#1594](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1594)) +* Added `project_id` argument to the `openstack_fw_policy_v2` data source ([#1594](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1594)) +* Added `project_id` argument to the `openstack_fw_policy_v2` resource ([#1594](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1594)) +* Updated `openstack_compute_instance_v2` to use Glance client instead of deprecated Nova client for images ([#1615](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1615)) + + +BUG FIXES + +* Fixed `segmentation_id` on `openstack_networking_network_v2` to allow neutron to dynamically set it ([#1600](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1600)) +* Fixed an issue to allow `cluster_template_id` on `openstack_containerinfra_cluster_v1` to be updated without triggering a new cluster creation ([#1598](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1598)) + +## 1.52.1 (29 June, 2023) + +NOTES + +* Moved the documentation of various ressources to the deprecation subcategory ([#1590](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1590)) +* Updated docs location ([#1590](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1590)) +* Added subcategories for VPNaaS and FWaaS documentation ([#1590](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1590)) + +## 1.52.0 (29 June, 2023) + +NOTES + +* Documentation has been updated with sub-categories for easier browsing ([#1540](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1540)) +* `[]` stripping for IPv6 addresses was removed from `openstack_dns_recordset_v2` resource ([#1581](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1581)) + +IMPROVEMENTS + +* Added a new `openstack_fw_rule_v2` resource and data source ([#1577](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1577)) +* Added a new `openstack_fw_policy_v2` resource and data source ([#1584](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1584)) +* Added a new `openstack_fw_group_v2` resource and data source ([#1588](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1588) [#1589](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1589)) +* Added a new `openstack_identity_inherit_role_assignment_v3` resource ([#1567](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1567)) +* Added validators to the `openstack_vpnaas_ipsec_policy_v2` resource ([#1558](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1558)) +* Added `user_id` argument to the `openstack_compute_keypair_v2` data source ([#1554](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1554)) +* Added `project_id` argument to the `openstack_identity_project_v3` data source ([#1559](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1559)) +* The `private_key` attribute in the `openstack_compute_keypair_v2` resource is now marked as sensitive ([#1548](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1548)) +* The `openstack_dns_recordset_v2` resource now refreshes record values and ignores record order for individual record values within the same resource ([#1581](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1581)) +* The `openstack_sharedfilesystem_share_access_v2` resource now prefers to use the GET method for share access rules retriving ([#1583](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1583)) +* Added `multiattach` argument to the `openstack_compute_instance_v2` resource ([#1542](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1542)) +* Added `xz` decompression support to the `openstack_images_image_v2` resource ([#1579](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1579)) + +BUG FIXES + +* Force new `openstack_containerinfra_nodegroup_v1` resource when `cluster_id` changes ([#1551](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1551)) +* Fixed `openstack_objectstorage_container_v1` resource to not fail when container/objest doesn't exist ([#1535](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1535)) +* Fixed a bug in the `openstack_images_image_v2` resource where simultaneous image downloads could cause a broken resulting image in the cache ([#1579](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1579)) + +## 1.51.1 (21 March, 2023) + +NOTES + +* Added more details about the Swift requirements for a new `openstack_objectstorage_container_v1` `versioning` argument in the documentation ([#1526](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1526)) + +BUG FIXES + +* Fixed incorrect microversion setting and response handling for the Nova server groups API in the `openstack_compute_servergroup_v2` resource ([#1524](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1524)) +* Fixed unexpected resource recreation of `openstack_images_image_v2` for existing resources after upgrading the terraform provider version ([#1525](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1525)) + +## 1.51.0 (15 March, 2023) + +NOTES + +* The `openstack_compute_instance_v2` resource has been updated to use the Cinder V3 API by default instead of the V2 API in resource import logic ([#1514](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1514)) + +IMPROVEMENTS + +* Added support for updating the `segments` argument to the `openstack_networking_network_v2` resource ([#1508](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1508)) +* Added the `segments` attribute to the `openstack_networking_network_v2` data source ([#1508](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1508)) +* Added the `force_destroy` argument to the `openstack_networking_router_interface_v2` resource ([#1512](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1512)) +* Added the `set_token_id` argument and `token_id` attribute to the `openstack_identity_auth_scope_v3` data source ([#1515](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1515)) +* Added the `rules` argument to the `openstack_compute_servergroup_v2` resource ([#1382](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1382)) +* Added the `tags` argument to the `openstack_lb_listener_v2` resource ([#1438](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1438)) + +BUG FIXES + +* Fixed a template type assertion panic in the `openstack_orchestration_stack_v1` resource ([#1509](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1509)) +* Fixed a bug in the `openstack_keymanager_secret_v1` resource and data source that prevented binary data from being retrieved ([#1505](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1505)) +* Fixed the `segments` argument import in the `openstack_networking_network_v2` resource ([#1508](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1508)) + +## 1.50.0 (1 March, 2023) + +NOTES + +* `objectstorage_container_v1` resource has been updated to support the new versioning. The `versioning` argument is now `Boolean` while the legacy versioning can be enabled via `versioning_legacy` which follows the old schema and is deprecated. State will be updated automatically but users need to update their resource definition ([#1498](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1498)) + +FEATURES + +* Updated Go to `1.20` ([#1488](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1488)) +* Updated Golangci-lint to `v1.51.2` ([#1488](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1488)) +* Updated Terraform SDK to `v2.25.0` ([#1490](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1490)) + +IMPROVEMENTS + +* Added `PROMETHEUS` protocol to `openstack_lb_listener_v2` resource ([#1494](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1494)) +* Added `decompress` argument to `images_image_v2` resource ([#1482](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1482)) +* Added `name_regex` argument to `openstack_images_image_v2` data source ([#1469](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1469)) +* Added ability to provide a list of tags into `openstack_images_image_v2`, `openstack_images_image_ids_v2` data sources ([#1462](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1462)), ([#1468](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1468)) +* Added `name_regex` attribute to `openstack_images_image_v2` data source ([#1469](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1469)) +* Added `hidden` attribute to `containerinfra_clustertemplate_v1` data source ([#1472](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1472)) + +BUG FIXES + +* Fixed `containerinfra_clustertemplate_v1` labels update ([#1455](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1455)) + +## 1.49.0 (26 October, 2022) + +FEATURES + +* Updated `Gophercloud` to `1.0.0` ([#1441](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1441)) + +IMPROVEMENTS + +* Added `service_types` argument to `networking_subnet_v2` resource ([#1445](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1445)) +* Added `service_types` argument to `networking_subnet_v2` data source ([#1445](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1445)) +* Added `description` argument to `compute_flavor_v2` resource ([#1441](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1441)) +* Added `created` and `updated` attribute to compute_instance_v2 resource ([#1423](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1423)) +* Added `created` and `updated` attribute to compute_instance_v2 data source ([#1423](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1423)) +* Update docs for `containerinfra_nodegroup_v1` ([#1426](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1426) and [#1436](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1436)) + +BUG FIXES + +* Fixed setting `docker_volume_size` on `containerinfra_nodegroup_v1` ([#1437](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1437)) +* Fixed update for `node_count` on `containerinfra_cluster_v1` ([#1431](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1431)) +* Fixed `min_node_count` and `max_node_count` on `containerinfra_nodegroup_v1` ([#1431](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1431)) +* Fixed `merge_labels` on `containerinfra_cluster_v1` ([#1435](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1435)) +* Fixed `configuration/value` type mismatch on `db_configuration_v1` ([#1440](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1440)) + +## 1.48.0 (31 July, 2022) + +FEATURES + +* __New Resource__: `containerinfra_nodegroup_v1` ([#1364](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1364)) +* __New Data Source__: `containerinfra_nodegroup_v1` ([#1364](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1364)) +* __New Data Source__: `openstack_compute_limits_v2` ([#1418](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1418)) + +IMPROVEMENTS + +* Added `user_id` argument to `compute_keypair_v2` resource ([#1349](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1349)) +* Added rebuild support for `compute_instance_v2` resource so `image_id`, `image_name` and `personality` won't create a new resource anymore ([#1368](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1368)) +* Added `monitor_port` and `monitor_address` to `lb_members_v2` ([#1363](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1363)) +* Added `monitor_port` and `monitor_address` to `lb_member_v2` ([#1390](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1390)) +* Added ability to import `openstack_networking_port_secgroup_associate_v2` ([#1415](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1415)) +* Added `storage_policy` to `objectstorage_container_v1` ([#1416](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1416)) + +BUG FIXES + +* Fixed panic on ignored error from `net.ParseCIDR(cidr)` ([#1377](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1377)) +* Fixed required `region` attribute on `networking_quota_v2` datasource ([#1374](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1374)) +* Fixed not setting `properties` on `images_image_v2` datasource ([#1370](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1370)) +* Fixed handling of missing flavors in `openstack_compute_instance_v2` ([#1362](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1362)) + +## 1.47.0 (7 February, 2022) + +IMPROVEMENTS + +* Added `host` attribute to `blockstorage_volume_v3` datasource ([#1291](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1291)) +* Added possibility to update `protected`, `min_disk_gb`, `min_ram_mb` arguments of `image_v2` resource ([#1341](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1341)) +* Added `enable_logging` flag into provider configuration that sets the same behaviour as `OS_DEBUG` env variable ([#1246](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1246)) +* Added `dpd` examples and tests to `vpnaas_site_connection_v2` resource ([#1344](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1344)) + +BUG FIXES + +* Fixed `lb_members_v2` documentation ([#1340](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1340)) +* Added missing environent variables from documentation ([#1348](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1348)) +* Fixed `PROXYV2` protocol validation in `lb_pool_v2` resource ([#1346](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1346)) +* Fixed provider panics on `containerinfra_cluster_v1` resource ([#1308](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1308)) + +## 1.46.0 (18 December, 2021) + +FEATURES + +* __New Resource__: `blockstorage_qos_v3` ([#1325](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1325)) +* __New Resource__: `blockstorage_qos_association_v3` ([#1331](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1331)) +* __New Data Source__: `blockstorage_quotaset_v3` ([#1319](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1319)) +* __New Data Source__: `networking_quota_v2` ([#1318](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1318)) + +IMPROVEMENTS + +* Added `region` argument to `compute_aggregate_v2` resource ([#1276](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1276)) +* Fixed default `0` value in skipped arguments of `networking_quota_v2` resource ([#1316](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1316)) +* Added `tags` to `lb_loadbalancer_v2` resource ([#1301](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1301)) +* Use Otavia API for `lb_loadbalancer_v2` resource by default ([#1326](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1326)) +* Updated `images_image_v2` resource to not recreate image `on min_disk_gb`, `min_ram_mb`, `protected` attributes changes ([#1299](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1299)) +* Updated `gophercloud` to `v0.23.0` ([#1315](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1315)) +* Updated `terraform-plugin-sdk` to `v2.10.0` ([#1333](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1333)) + +## 1.45.0 (4 November, 2021) + +FEATURES + +* __New Data Source__: `openstack_compute_quotaset_v2` ([#1302](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1302)) + +IMPROVEMENTS + +* Added retries reading `dns_zone_v2` and `compute_instance_v2` state after creation in case of 502, 504 HTTP errors ([#1303](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1303)) + +BUG FIXES + +* Improved removal of `networking_router_interface_v2` resource so it will delete only needed port on a router ([#1297](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1297)) +* Flagged `url` attribute of `objectstorage_tempurl_v1` resource as sensitive ([#1305](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1305)) +* Fixed not specified quota values are being set to 0 in `compute_quotaset_v2` resource ([#1304](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1304)) + +## 1.44.0 (2 October, 2021) + +NOTES + +* This release updates major version of `terraform-plugin-sdk` from `v1` to `v2` and that caused lots of changes in the code. If you experiencing new bugs after updating the provider please create an issue with a description of how to reproduce them. + +FEATURES + +* Updated `terraform-plugin-sdk` to `v2.7.1` ([#1139](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1139)) +* Updated Go to `1.17` ([#1295](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1295)) + +## 1.43.1 (21 September, 2021) + +BUG FIXES + +* Fixed panics when a token doesn't have a project scope ([#1282](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1282)) + +## 1.43.0 (16 July, 2021) + +FEATURES + +* __New Resource__: `dns_transfer_request_v2` ([#1268](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1268)) +* __New Resource__: `dns_transfer_accept_v2` ([#1268](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1268)) + +IMPROVEMENTS + +* Added `SCTP`, `PROXYV2` protocols for `lb_pool_v2` resource ([#1251](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1251)) +* Added `project_id` argument for `dns_recordset_v2` resource ([#1254](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1254)) +* Added support for `shelved_offloaded` power state of `compute_instance_v2` resource ([#1259](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1259)) +* Added `cidr` argument input check for `networking_subnet_v2` resource ([#1267](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1267)) +* Removed Octavia microversions and added explanation about minor version usage ([#1249](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1249)) +* Fixed `endpoints` argument for `vpnaas_endpoint_group_v2` resource in that way so endpoints order is not relevant anymore ([#1247](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1247)) +* Added `addresses` argument for `db_instance_v1` resource ([#1260](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1260)) +* Better formatted documentation for some resources and data sources ([#1252](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1252)), ([#1255](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1255)), ([#1256](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1256)) +* Updated issues links so they point to the right repo ([#1272](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1272)) + +BUG FIXES + +* Fixed `nil` panic in `compute_instance_v2` resource that could be caught while trying to unassign a server group from an instance ([#1248](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1248)) + +## 1.42.0 (12 May, 2021) + +IMPROVEMENTS + +* Added `SCTP` protocol support for `lb_listener_v2` resource, note that will work only in Octavia ([#1236](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1236)) +* Added support for `HEALTHY` status of `db_instance_v1` resource ([#1241](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1241)) +* Added `address_group` as `object_type` for `networking_rbac_policy_v2` resource ([#1243](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1243)) +* * Updated `terraform-plugin-sdk` to `v1.17.2` ([#1244](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1244)) + +## 1.41.0 (23 April, 2021) + +FEATURES + +* __New Resource__: `blockstorage_volume_type_access_v3` ([#1223](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1223)) + +IMPROVEMENTS + +* Added `disable_status_check` argument for `dns_recordset_v2` resource ([#1221](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1221)) +* Added `availability_zone` argument for `lb_loadbalancer_v2` resource ([#1225](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1225)) +* Added `backup` argument for `lb_members_v2` resource ([#1227](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1227)) + +## 1.40.0 (23 March, 2021) + +FEATURES + +* __New Resource__: `networking_portforwarding_v2` ([#940](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/940)) +* __New Resource__: `blockstorage_volume_type_v3` ([#1204](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1204)) + +IMPROVEMENTS + +* Go version is updated to `1.16` and we're providing `darwin/arm64` binaries starting from this release ([#1206](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1206)) + +BUG FIXES + +* Fixed Bad request API error while updating `images_image_v2` resource because old OpenStack released don't have `hidden` argument ([#1209](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1209)) +* Fixed Bad request API error while updating `blockstorage_quotaset_v2`, `blockstorage_quotaset_v3` ([#1200](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1200)) + +## 1.39.0 (6 March, 2021) + +IMPROVEMENTS + +* Added ability to manage `blockstorage_quotaset_v2` for the same project across several regions with a single resource ([#1182](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1182)) +* Added ability to manage `blockstorage_quotaset_v3` for the same project across several regions with a single resource ([#1183](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1183)) +* Added ability to manage `openstack_compute_quotaset_v2` for the same project across several regions with a single resource ([#1181](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1181)) +* Added `volume_type_quota` argument for `blockstorage_quotaset_v2` resource ([#1187](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1187)) +* Added `volume_type_quota` argument for `blockstorage_quotaset_v3` resource ([#1185](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1185)) +* Added `hidden` argument for `openstack_images_image_v2` resource and datasource ([#1186](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1186)) + +BUG FIXES + +* Fixed error updating `networking_quota_v2` when it was created with the version older than `1.38.0` ([#1180](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1180)) + +## 1.38.0 (February 24, 2021) + +FEATURES + +* __New Resource__: `openstack_lb_quota_v2` ([#1169](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1169)) + +IMPROVEMENTS + +* Updated gophercloud/utils, which now recognizes `clouds.yml` in addition to `clouds.yaml` and correctly applies per-region value overrides ([#1172](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1172)) +* Added `vip_port_id` for `lb_loadbalancer_v2` resource. It can be used only with Octavia ([#1164](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1164)) +* Added `service_catalog` attribute for `identity_auth_scope_v3` data source ([#1167](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1167)) +* Set `2.15` microversion for any type of `server_group_v2` policy except `affinity` and `anti-affinity` since they don't need any microversion ([#1141](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1141)) +* Add a note about using names in `security_groups` in `compute_instance_v2` resource in docs ([#1178](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1178)) +* Added ability to manage `networking_quota_v2` for the same project across several regions with a single resource ([#1177](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1177)) + +## 1.37.0 (February 8, 2021) + +IMPROVEMENTS + +* Added `image_source_username`, `image_source_password` arguments to `images_image_v2` resource ([#1157](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1157)) +* Updated `networking_floatingip_v2` resource to retry subnets on floating IP creation, when a subnet is exhausted ([#1163](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1163)) +* Updated security notices for sensitive arguments and attributes in documentation ([#1161](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1161)) + +BUG FIXES + +* Fixed multiple `networking_router_v2` resource creation while using `external_subnet_ids` argument ([#1163](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1163)) + +## 1.36.0 (February 2, 2021) + +NOTES + +* The `dhcp_disabled` argument in `networking_subnet_v2` data source is deprecated. Use the `dhcp_enabled = false` argument value instead. ([#1153](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1153)) +* The `max_retries` provider parameter now honors the `429` code and uses the `Retry-After` header to extend the retry function ([#1159](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1159)) + +FEATURES + +* __New Resource__: `openstack_identity_user_membership_v3` ([#1149](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1149)) +* __New Data Source__: `openstack_networking_subnet_ids_v2` ([#1153](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1153)) + +IMPROVEMENTS + +* Updated `zone` argument to be `Optional` instead of `Required` in `compute_aggregate_v2` resource ([#1133](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1133)) +* Updated local provider block in docs ([#1135](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1135)) +* Updated Go version to `1.15` ([#1137](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1137)) +* Updated `networking_router_v2` resource to retry external subnets on router creation, when a subnet is exhausted ([#1151](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1151)) +* Added `subnets` attribute to `networking_network_v2` data source ([#1152](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1152)) +* Extended `max_retries` provider parameter to use the `Retry-After` header ([#1159](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1159)) + +BUG FIXES + +* Fixed copying `sync.Locker` by updating `gophercloud/utils` with the fix ([#1144](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1144)) +* Fixed recreation of `lb_loadbalancer_v2` resource if `flavor_id` haven't been specified ([#1147](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1147)) +* Fixed `networking_port_v2` resource update if `binding.profile` is not set ([#1154](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1154)) + +## 1.35.0 (January 15, 2021) + +FEATURES + +* __New Resource__: `openstack_compute_aggregate_v2` ([#1121](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1121)) +* __New Data Source__: `openstack_compute_aggregate_v2` ([#1121](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1121)) +* __New Data Source__: `openstack_compute_hypervisor_v2` ([#1126](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1126)) + +IMPROVEMENTS + +* Added valid handling of the read-only `stores` property of the `images_image_v2` resource ([#1124](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1124)) +* Added `image_id` argument for the `images_image_v2` resource ([#1125](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1125)) +* Added `vendor_options.ignore_volume_confirmation` argument for the `compute_volume_attach_v2` resource to control whether to ignore volume status confirmation of the attached volume. ([#1127](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1127)) +* Updated Gophercloud to `1.15.0` with utils package that now uses `imageservice` instead of `compute` to resolve image IDs ([#1128](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1128)) + +## 1.34.1 (December 21, 2020) + +BUG FIXES + +* Fixed an issue when empty a `flavor_id` argument in `compute_flavor_v2` resource could create plan changes ([#1120](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1120)) + +## 1.34.0 (December 20, 2020) + +IMPROVEMENTS + +* Added `flavor_id` to `compute_flavor_v2` resource creation options ([#1107](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1107)) +* Updated `compute_flavor_v2` resource docs with `ephemeral` argument ([#1113](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1113)) +* Updated `compute_instance_v2` resource docs with `guest_format` argument and added example with `swap` ([#1113](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1113)) +* Added volume status check in `compute_volume_attach_v2` resource create function ([#1106](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1106)) +* Added `disable_status_check` argument for `dns_zone_v2` resource ([#1114](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1114)) +* Removed mention of `floating_ip` argument in `compute_instance_v2` from the documentation of `compute_floatingip_associate_v2` resource ([#1117](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1117)) + +BUG FIXES + +* Fixed an issue when updating a `networking_router_v2` resource deleted extra routes on the router by upgrading Gophercloud to `1.14.0` ([#1109](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1109)) +* Fixed an issue when changing `domain_id`, `is_domain` or `parent_id` arguments of `identity_project_v3` resource caused errors ([#1101](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1101)) +* Fixed an issue when `fixed_ip` wasn't updated on read of `compute_interface_attach_v2` resource ([#1118](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1118)) + +## 1.33.0 (November 11, 2020) + +IMPROVEMENTS + +* Add `address_scope`, `security_group` and `subnetpool` RBAC types to `networking_rbac_policy_v2.go` resource ([#1086](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1086)) +* Add `project_id` for `dns_zone_v2` resource, `project_id`, `all_projects` arguments for `dns_zone_v2` datasource, allow importing resource by `:` value ([#1087](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1087)) +* Add `different_cell` scheduler hint for `compute_instance_v2` resource ([#1070](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1070)) +* Update and cleanup `blockstorage_quotaset_v2`, `blockstorage_quotaset_v3`, `compute_quotaset_v2`, `networking_quota_v2` resource docs ([#1095](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1095)), ([#1096](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1096)) +* Updated `terraform-plugin-sdk` to `v1.16.0` ([#1092](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1092)) + +BUG FIXES + +* Fixed an issue when `binding.host_id` was set to `null` in case of using any other `binding` parameters in `networking_port_v2` resource ([#1084](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1084)) +* Fixed an issue with unnecessary server rebuild while using two default networks in `compute_instance_v2` resource ([#1073](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1073)) + +## 1.32.0 (September 15, 2020) + +NOTES + +* This is the first release that is available from [registry.terraform.io](https://registry.terraform.io) + +IMPROVEMENTS + +* Fixed documentation for `identity_ec2_credential_v3` resource ([#1052](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/1052)) +* Added `network_mode` argument for `compute_instance_v2` resource ([#1054](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/1054)) + +## 1.31.0 (August 28, 2020) + +FEATURES + +* __New Resource__: `identity_ec2_credential_v3` ([#1033](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/1033)) + +IMPROVEMENTS + +* Reduced Identity requests across some `identity` resources and data sources by reusing functions to get the current token scope details ([#1044](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/1044)) +* Added `floating_ip_enabled` argument into `containerinfra_cluster_v1` datasource ([#1043](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/1043)) +* Updated Rackspace compatibility notes in documentation ([#1049](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/1049)) +* Updated `terraform-plugin-sdk` to `v1.15.0` ([#1051](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/1051)) +* Updated Go version to `1.14.7` ([#1051](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/1051)) + +BUG FIXES + +* Fixed backward compatibility issue with empty value in `merge_labels` argument of `containerinfra_cluster_v1` ([#1039](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/1039)) +* Fixed errors while creating `keymanager_container_v1` resource with the `certificate` type ([#1046](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/1046)) + +## 1.30.0 (August 05, 2020) + +FEATURES + +* __New Resource__: `openstack_identity_group_v3` ([#1028](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/1028)) +* __New Data Source__: `openstack_images_image_ids_v2` ([#139](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/139)) + +IMPROVEMENTS + +* Added `floating_ip_enabled` argument/attribute and `merge_labels` argument for `containerinfra_cluster_v1` resource ([#1024](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/1024)) +* Added `allowed_cidrs` argument/attribute for `lb_listener_v2` resource ([#1034](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/1034)) + +## 1.29.0 (June 29, 2020) + +FEATURES + +* __New Data Source__: `compute_instance_v2` ([#984](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/984)) + +IMPROVEMENTS + +* Added `vip_network_id` argument to `openstack_lb_loadbalancer_v2` resource. It can be used only with Octavia ([#948](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/948)) +* Allowed to use `is_public` as argument in `compute_flavor_v2` datasource ([#1017](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/1017)) +* Updated `gophercloud` to `v0.12.0` to fix goroutine leaks during reauthentication ([#1020](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/1020)) +* Updated `terraform-plugin-sdk` to `v1.14.0` ([#1021](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/1021)) +* Updated Go version to `1.14.4` ([#1022](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/1022)) + +BUG FIXES + +* Fixed documentation bug for the `binding` argument of the `networking_port_v2` resource ([#1009](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/1009)) + +## 1.28.0 (May 04, 2020) + +NOTES + +* This release sets `delayed_auth` and `allow_reauth` to `true` so Terraform provider won't request a new Identity token for every request against OpenStack API. We're happy to see you feedback about this change in our provider repo. + +IMPROVEMENTS + +* Provider parameters `delayed_auth` and `allow_reauth` are set to `true` by default ([#996](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/996)) +* Added support to import `objectstorage_container_v1` resource. Some attributes can't be imported yet: `force_destroy`, `content_type`, `metadata`, `container_sync_to`, `container_sync_key` ([#998](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/998)) +* Added `availability_zone_hints` parameter to `compute_instance_v2` resource ([#985](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/985)) +* Added `SOURCE_IP_PORT` load balancing method for `lb_pool_v2` resource. It's only available in Octavia LoadBalancer service ([#993](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/993)) +* Added `tags` for `identity_project_v3` resource and data source ([#978](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/978)) +* Added `scheduler_hints` for `blockstorage_volume_v2`, `blockstorage_volume_v3` resources ([#983](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/983)) +* Added `kubeconfig` attribute for `containerinfra_cluster_v1` resource ([#937](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/937)) +* Updated the existing manifests in the `examples` directory and added new manifests with attaching and using a new volume ([#892](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/892)) +* Updated Go version to `1.14.2` ([#1001](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/1001)) +* Updated `terraform-plugin-sdk` to `v1.11.0` ([#1001](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/1001)) + +BUG FIXES + +* Fixed race conditions for `networking_secgroup_rule_v2` resource on some OpenStack environments ([#994](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/994)) +* Fixed error logs for `keymanager_secret_v1` resource ([#997](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/997)) + +## 1.27.0 (April 13, 2020) + +FEATURES + +* __New Resource__: `openstack_keymanager_order_v1` ([#992](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/992)) +* __New Resource__: `openstack_lb_members_v2` ([#898](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/898)) + +IMPROVEMENTS + +* Added `detach_ports_before_destroy` argument for `compute_instance_v2` resource that allows to detach all instance ports prior trying to delete the instance ([#866](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/866)) +* Added `web-download` import method to `openstack_images_image_v2` resource ([#888](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/888)) +* Updated object URL in documentation for `versioning.type` attribute of `objectstorage_container_v1` resource ([#986](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/986)) +* Added ACL examples in documentation of `objectstorage_container_v1` resource ([#987](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/987)) + +BUG FIXES + +* Fixed `master_addresses`, `node_addresses` types to `schema.TypeList` since they are lists of strings instead of just strings ([#981](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/981)) + +## 1.26.0 (February 25, 2020) + +IMPROVEMENTS + +* Added `acl` argument and attribute to `openstack_keymanager_secret_v1`, `openstack_keymanager_container_v1` resources and datasources ([#956](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/956)) +* Added `insert_headers` argument to `openstack_lb_listener_v2` resource ([#959](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/959)) +* Added `block_device.volume_type` argument to `openstack_compute_instance_v2` resource ([#963](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/963)) +* Updated `terraform-plugin-sdk` to `v1.7.0` ([#970](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/970)) + +BUG FIXES + +* Fixed documentation bug for the `id` attribute of the `lb_policy_v2` resource ([#957](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/957)) + +NOTES + +* This release drops Ubuntu Trusty and OpenStack Mitaka from testing CI environment. + +## 1.25.0 (December 25, 2019) + +FEATURES + +* __New Resource__: `openstack_orchestration_stack_v1` ([#944](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/944)) +* __New Data Source__: `openstack_blockstorage_volume_v2` ([#928](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/928)) +* __New Data Source__: `openstack_blockstorage_volume_v3` ([#947](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/947)) + +IMPROVEMENTS + +* Added `allow_reauth` optional boolean flag to the provided configuration block. This flag allows to automatically re-issue a new auth token if the initial token was expired ([#918](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/918)) +* Added `fixed_network` and `fixed_subnet` arguments and attributes to `openstack_containerinfra_cluster_v1` resource and datasource ([#933](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/933)) +* Added `access_rules` argument into `openstack_identity_application_credential_v3` resource ([#920](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/920)) +* Support `SHELVE_OFFLOADED` status for `openstack_compute_instance_v2` resource ([#942](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/942)) +* Added `max_retries_down` to `lb_monitor_v2` resource ([#945](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/945)) +* Updated `terraform-plugin-sdk` to `v1.4.1` ([#936](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/936)) + +BUG FIXES + +* Fixed the bug where empty `external_fixed_ips.ip_address` of `openstack_networking_router_v2` caused errors ([#628](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/628)) +* Fixed documentation example for `openstack_identity_user_v3.extra` ([#923](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/923)) +* Fixed documentation link for `clouds.yaml` ([#943](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/943)) + +## 1.24.0 (October 22, 2019) + +FEATURES + +* __New Resource__: `openstack_networking_quota_v2` ([#915](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/915)) +* __New Resource__: `openstack_compute_quotaset_v2` ([#914](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/914)) + +IMPROVEMENTS + +* Added `tags` argument/attribute and `all_tags` for `openstack_compute_instance_v2` resource ([#899](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/899)) +* Added `UDP` protocol support for `openstack_lb_pool_v2`, `openstack_lb_monitor_v2`, `openstack_lb_listener_v2` resources. It is available only when `use_octavia` is set to `true` ([#896](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/896)) +* Added ability to reuse the existing token when scope parameters are not defined ([#912](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/912)) +* Migrated from Terraform in-tree `helper/*` SDK to the separate `terraform-plugin-sdk v1.1.1` ([#880](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/880)), ([#909](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/909)) +* Migrated to use the common JSON debugging implementation from the upstream `gophercloud/utils` library ([#910](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/910)) + +BUG FIXES + +* Fixed the bug with unchecked errors in initialization of Identity V3 client in `identity_auth_scope_v3` data source [[#878](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/878)] +* Fixed the bug with unchecked errors in initialization of Compute V2 client in `compute_floatingip_associate_v2` resource [[#878](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/878)] +* Fixed the bug with 404 errors handling while getting statuses tree in `openstack_lb_loadbalancer_v2` resource ([#883](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/883)) +* Fixed the bug where is was unable to remove TLS references in `openstack_lb_listener_v2` resource ([#891](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/891)) +* Fixed the bug where empty `scheduler_hints` list caused a panic in `openstack_compute_instance_v2` resource ([#885](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/885)) +* Fixed the bug with usage of the wrong `flavor` argument instead of `flavor_id` for `openstack_lb_loadbalancer_v2` resource. Old argument has never worked. ([#904](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/904)) +* Fixed the documentation bug with usage of `type` and `name` of the `persistence` of the `lb_pool_v2` resource ([#908](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/908)) + +## 1.23.0 (September 20, 2019) + +FEATURES + +* __New Resource__: `openstack_images_image_access_accept_v2` ([#872](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/872)) +* __New Resource__: `openstack_images_image_access_v2` ([#872](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/872)) + +IMPROVEMENTS + +* Added ability to reduce auth requests against the Identity service. This behaviour can be enabled via `delayed_auth` config flag ([#861](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/861)) +* Added `Cache-Control: no-cache` header by default in all requests. This behaviour can be disabled via `disable_no_cache_header` config flag ([#849](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/849)) +* Added `timeout_client_data`, `timeout_member_connect`, `timeout_member_data`, `timeout_tcp_inspect` arguments to the `openstack_lb_listener_v2` resource. Those arguments available if `use_octavia` is set to `true` ([#876](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/876)], [[#877](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/877)) +* Added `domain_id`, `domain_name` attributes to the `openstack_identity_auth_scope_v3` data source ([#871](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/871)) +* Added `description` attributes to the `openstack_identity_group_v3`, `openstack_identity_user_v3` data sources ([#874](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/874)) +* Updated Terraform SDK to `v0.12.8` ([#859](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/859)) +* Refactored headers formatting functions to not use external libraries and nested loops ([#865](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/865)) + +BUG FIXES + +* Fixed the bug where `openstack_identity_auth_scope_v3` caused a panic within the domain-scope ([#851](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/851)) +* Fixed the bug where `openstack_compute_flavor_access_v2` resource wasn't removed from the Terraform state when it has been deleted in the OpenStack ([#856](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/856)) +* Fixed the bug where `openstack_identity_role_assignment_v3` resource wasn't removed from the Terraform state when it has been deleted in the OpenStack ([#856](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/856)) +* Fixed the bug where `ephemeral` argument wasn't set for `openstack_compute_flavor_v2` while reading this resource from the API ([#855](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/855)) + +## 1.22.0 (September 05, 2019) + +FEATURES + +* __New Data Source__: `openstack_keymanager_container_v1` ([#846](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/846)) + +IMPROVEMENTS + +* Added workaround for cases when the Neutron API doesn't provide the status for some load-balancer resources ([#839](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/839)) +* Added workaround for cases when the OpenContrail API doesn't provide the ID for some load-balancer resources ([#840](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/840)) +* Set computed attribute to `dns_name` and `dns_domain` for the `openstack_networking_network_v2` and `openstack_networking_floatingip_v2` resources ([#837](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/837)) +* Fixed code highlighting in website documentation for the `openstack_compute_instance_v2` resource ([#834](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/834)) + +BUG FIXES + +* Fixed the bug where project info wasn't accessible to non-admin users ([#833](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/833)) +* Fixed the bug where role assignments weren't accessible to non-admin users ([#845](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/845)) + +## 1.21.1 (August 08, 2019) + +BUG FIXES + +* Fixed the bug where OpenStack Networking V2 resources and data sources didn't work in old OpenStack environments because of different time format used for `created_at` and `updated_at` fields ([#831](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/831)) + +## 1.21.0 (August 06, 2019) + +FEATURES + +* __New Resource__: `openstack_keymanager_secret_v1` ([#650](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/650)), ([#807](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/807)) +* __New Resource__: `openstack_keymanager_container_v1` ([#808](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/808)) +* __New Resource__: `openstack_identity_service_v3` ([#821](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/821)) +* __New Resource__: `openstack_identity_endpoint_v3` ([#823](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/823)) +* __New Resource__: `openstack_networking_rbac_policy_v2` ([#811](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/811)) +* __New Resource__: `openstack_blockstorage_quotaset_v2` ([#806](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/806)) +* __New Resource__: `openstack_blockstorage_quotaset_v3` ([#828](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/828)) +* __New Data Source__: `openstack_keymanager_secret_v1` ([#815](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/815)) +* __New Data Source__: `openstack_identity_service_v3` ([#819](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/819)) + +IMPROVEMENTS + +* Enabled the `openstack_compute_instance_v2` resource import ([#768](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/768)) +* Added ability to update metadata of the `openstack_sharedfilesystem_share_v2` resource ([#825](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/825)) +* Added ability to filter `openstack_identity_endpoint_v3` datasource by `service_type`, `endpoint_region` and `name` arguments ([#817](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/817)) +* Updated the website documentation to formalize inline HCL code to canonical format according to Terraform v0.12 style conventions ([#797](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/797)) +* Updated the website documentation to use `openstack_compute_volume_attach_v2` instead of `openstack_compute_volume_attach_v3` that doesn't exist ([#800](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/800)) +* Updated the website documentation for the `security_groups` argument of the `openstack_compute_instance_v2` resource ([#826](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/826)) + +BUG FIXES + +* Fixed the bug where `openstack_vpnaas_site_connection` resource set `admin_state_up` argument to `false` istead of `true` by default ([#799](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/799)) +* Fixed the bug where `openstack_networking_subnet_v2` resource could cause a panic if `dns_nameservers` argument set to an empty list ([#726](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/726)) +* Fixed the bug where `openstack_lb_pool_v2` resource could cause a panic because of passing a struct instead of a flattened list into the `persistence` attribute ([#725](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/725)) +* Fixed the bug where `openstack_networking_port_v2` resource built an invalid request against the API with the empty `binding:profile` parameter ([#759](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/759)) + +## 1.20.0 (July 09, 2019) + +FEATURES + +* __New Resource__: `openstack_networking_qos_policy_v2` ([#774](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/774)) +* __New Resource__: `openstack_networking_qos_bandwidth_limit_rule_v2` ([#783](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/783)) +* __New Resource__: `openstack_networking_qos_dscp_marking_rule_v2` ([#784](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/784)) +* __New Resource__: `openstack_networking_qos_minimum_bandwidth_rule_v2` ([#790](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/790)) +* __New Data Source__: `openstack_networking_qos_policy_v2`([#779](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/779)) +* __New Data Source__: `openstack_networking_qos_bandwidth_limit_rule_v2` ([#788](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/788)) +* __New Data Source__: `openstack_networking_qos_dscp_marking_rule_v2` ([#789](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/789)) +* __New Data Source__: `openstack_networking_qos_minimum_bandwidth_rule_v2` ([#793](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/793)) + +IMPROVEMENTS + +* Updated documentation and Travis CI configuration with newer versions of Go and Terraform ([#777](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/777)) +* Added `qos_policy_id` to `openstack_networking_network_v2` ([#780](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/780)) +* Added `qos_policy_id` to `openstack_networking_port_v2` ([#781](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/781)) +* Updated Terraform SDK to `v0.12.2` ([#795](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/795)) + +BUG FIXES + +* Fixed bug preventing a floating IP from being re-associated with an instance when using `create_before_destroy` ([#761](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/761)) +* Fixed bug preventing `openstack_compute_instance_v2` scheduler hint queries from working ([#771](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/771)) + +## 1.19.0 (May 22, 2019) + +IMPROVEMENTS + +* The provider is now compatible with Terraform v0.12, while retaining compatibility with prior versions. +* `openstack_compute_instance_v2.stop_before_destroy` is now configurable by the `delete` timeout ([#750](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/750)) + +BUG FIXES + +* Fixed bug where `openstack_dns_recordset_v2.ttl` was being cleared ([#752](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/752)) +* Fixed an out of memory issue when running in debug mode ([#755](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/755)) +* Fixed printing of clear text password in case of `v2` auth ([#757](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/757)) + +## 1.18.0 (May 08, 2019) + +NOTES + +* The `openstack_networking_subnet_v2` argument `allocation_pools` has been deprecated in favor of `allocation_pool`. + +FEATURES + +* __New Data Source__: `openstack_networking_addressscope_v2` ([#741](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/741)) + +BUG FIXES + +* Fixed bug where `master_flavor` was being ignored in `openstack_containerinfra_cluster_v1` ([#730](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/730)) +* Fixed case-sensitivity for validation on `access_type` and `access_level` in `openstack_sharedfilesystem_share_access_v2` ([#730](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/730)) +* The `openstack_networking_subnet_v2` argument `allocation_pools` has been deprecated in favor of `allocation_pool`. This deprecation helps resolve an issue where multiple allocation pools in a single subnet were being returned out of order ([#739](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/739)) +* Fixed a bug where `dns_nameservers` could not be cleared in `openstack_networking_subnet_v2` ([#728](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/728)) +* Fixed a bug where a port's `dns_name` was being unset by Terraform ([#748](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/748)) + + +## 1.17.0 (April 01, 2019) + +NOTES + +* `extra_dhcp_option` in the `openstack_networking_port_v2` data source has been changed to a List. This is to resolve a bug where multiple DHCP options were not being rendered. + + +FEATURES + +* __New Resource__: `openstack_identity_application_credential_v3` ([#660](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/660)) +* __New Data Source__: `openstack_blockstorage_availability_zones_v3` ([#652](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/652)) +* __New Data Source__: `openstack_sharedfilesystem_availability_zones_v2` ([#652](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/652)) +* __New Data Source__: `openstack_networking_trunk_v2` ([#626](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/626)) + +IMPROVEMENTS + +* Reduced API calls when updating `extra_dhcp_option` in `openstack_networking_port_v2` ([#689](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/689)) +* Added `port_security_enabled` to `openstack_networking_network_v2` ([#681](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/681)) +* Added `port_security_enabled` to `openstack_networking_port_v2` ([#682](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/682)) +* Added `prefix_length` to `openstack_networking_subnet_v2` ([#705](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/705)) +* Added `binding` to `openstack_networking_port_v2` ([#693](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/693)) +* Added `binding` to `openstack_networking_port_v2` data source ([#693](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/693)) +* Added `mtu` to `openstack_networking_network_v2` ([#708](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/708)) +* Added `mtu` to `openstack_networking_network_v2` data source ([#708](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/708)) +* Added `dns_name` and `dns_domain` to `openstack_networking_floatingip_v2` ([#706](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/706)) +* Added `dns_name` and `dns_domain` to `openstack_networking_floatingip_v2` data source ([#706](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/706)) +* Added `dns_domain` to `openstack_networking_network_v2` ([#706](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/706)) +* Added `dns_domain` to `openstack_networking_network_v2` data source ([#706](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/706)) +* Added `dns_name` and `dns_assignment` to `openstack_networking_port_v2` ([#706](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/706)) +* Added `dns_name` and `dns_assignment` to `openstack_networking_port_v2` data source ([#706](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/706)) +* Added `fixed_ip` to `openstack_networking_floatingip_associate_v2` ([#709](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/709)) +* Enable `fixed_ip` to be updated in `openstack_networking_floatingip_v2` ([#709](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/709)) +* Added ability to specify `cephx` as `access_type` and to retrieve the `access_key` in `openstack_sharedfilesystem_share_access_v2` ([#715](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/715)) + +BUG FIXES + +* Fixed bug in `openstack_identity_auth_scope_v3` data source where the `user_id` attribute was being set to the user's Name and not ID ([#660](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/660)) +* Fixed bug in Load Balancer resources for Contrail-based load balancers ([#691](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/691)) +* `extra_dhcp_option` in the `openstack_networking_port_v2` data source has been changed to a List. This is to resolve a bug where multiple DHCP options were not being rendered ([#695](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/695)) + +## 1.16.0 (February 14, 2019) + +NOTES + +* The `openstack_networking_subnet_v2.host_routes` argument has been marked as deprecated. Please use the dedicated `openstack_networking_subnet_route_v2` resource instead. + +FEATURES + +* __New Data Source__: `openstack_compute_availability_zones_v2` ([#655](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/655)) + +BUG FIXES + +* The `openstack_networking_subnet_v2.host_routes` argument has been deprecated due to schema issues and conflicts with `openstack_networking_subnet_route_v2` ([#668](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/668)) +* A previously added validation to `openstack_networking_port_v2.fixed_ip.ip_address` was removed as it was causing problems for prior behavior of using an empty string ([#678](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/678)) + +## 1.15.1 (February 08, 2019) + +BUG FIXES + +* Fixed issue where volume multiattachments would not be retried ([#540](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/540)) +* Reverted an incorrect schema validation for `openstack_networking_port_v2.allowed_address_pairs` ([#661](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/661)) + +## 1.15.0 (February 06, 2019) + +NOTES + +* The `openstack_images_image_v2.update_at` attribute has been deprecated in favor of `updated_at` ([#617](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/617)) + +FEATURES + +* __New Resource__: `openstack_networking_addressscope_v2` ([#634](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/634)) +* __New Resource__: `openstack_networking_port_secgroup_associate_v2` ([#574](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/574)) + +IMPROVEMENTS + +* Added `flavor_id` to the `openstack_compute_flavor_v2` data source so flavors can be queried by ID ([#587](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/587)) +* `openstack_networking_port_ids_v2` data source can now return an empty set of results ([#631](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/631)) +* Added `description` to `openstack_networking_trunk_v2` resource ([#625](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/625)) +* Added `tags` to the networking data source to query by tags and `all_tags` to see a full list of tags ([#624](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/624)) +* `openstack_compute_instance_v2.admin_pass` is now a "sensitive" attribute ([#647](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/647)) +* Added support to authenticate with Application Credentials ([#642](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/642)) +* Added ability to specify region in `openstack_sharedfilesystem_share_access_v2` ([#654](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/654)) +* Added ability to specify region in `openstack_sharedfilesystem_share_v2` ([#654](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/654)) +* Added `all_tags` attribute to Networking resources to set tags provided by the OpenStack backend automatically ([#623](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/623)) + +BUG FIXES + +* Fixed `created_at`, `updated_at`, and `tag` fields in the `openstack_images_image_v2` data source ([#615](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/615)) +* Fixed `created_at` and `updated_at` fields in the `openstack_networking_subnetpool_v2` resource ([#619](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/619)) +* Fixed `created_at` and `updated_at` fields in the `openstack_networking_subnetpool_v2` data source ([#616](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/616)) +* Fixed issue where updating the description of a floating IP would cause the port to disassociate ([#606](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/606)) +* `admin_state_up` and `shared` fields of `openstack_networking_network_v2` are now correct boolean fields ([#593](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/593)) +* `external` field of `openstack_networking_network_v2` field will now show an actual value ([#593](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/593)) +* Fixed issue where `status` was being used as the query value for `network_id` in `openstack_networking_port_v2` data source ([#631](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/631)) +* Fixed issue where `status` was being used as the query value for `network_id` in `openstack_networking_port_ids_v2` data source ([#631](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/631)) +* The `openstack_images_image_v2` fields `update_at`, `updated_at`, and `created_at` all now set correctly ([#617](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/617)) +* Fixed issue with `openstack_dns_recordset_v2` where `records` would be returned out of order ([#636](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/636)) +* Fixed issue where `openstack_compute_volume_attach_v2` and `openstack_blockstorage_volume_v2` were trying to detach volumes at the same time ([#640](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/640)) +* Fixed a regression bug where destroying networks was failing on a 409 code ([#644](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/644)) +* Fixed an issue with `openstack_compute_instance_v2` where a 404 was triggering an error ([#647](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/647)) +* Fixed an issue where `all_fixed_ips` was not being set in `openstack_networking_port_v2` data source ([#649](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/649)) +* Fixed an issue where `openstack_networking_port_v2` would cause an API error ([#649](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/649)) +* Fixed an issue where Blockstorage volume resources couldn't be detached because they had been removed ([#641](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/641)) + +## 1.14.0 (January 15, 2019) + +NOTES + +* The Load Balancer v2 resources have been updated to provide more efficient status checks. If you encounter any problems due to this, please report them and we will make it a priority to resolve. +* `openstack_networking_port_v2` will now set the `admin_state_up` to `true/UP` if it is left omitted from the resource configuration. This now correctly conforms to the OpenStack API. This should be a transparent change, but let us know if this causes you problems. + +FEATURES + +* __New Resource__: `openstack_lb_l7policy_v2` ([#527](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/527)) +* __New Resource__: `openstack_lb_l7rule_v2` ([#522](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/522)) +* __New Resource__: `openstack_sharedfilesystem_share_v2` ([#525](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/525)) +* __New Resource__: `openstack_sharedfilesystem_share_access_v2` ([#526](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/526)) +* __New Data Source__: `openstack_sharedfilesystem_share_v2` ([#564](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/564)) +* __New Data Source__: `openstack_networking_port_v2` ([#567](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/567)) +* __New Data Source__: `openstack_sharedfilesystem_sharenetwork_v2` ([#576](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/576)) +* __New Data Source__: `openstack_networking_port_ids_v2` ([#569](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/569)) +* __New Data Source__: `openstack_sharedfilesystem_snapshot_v2` ([#577](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/577)) + +IMPROVEMENTS + +* Provider options `swauth` and `use_octavia` will correctly use a default value of `false` when they are not specified. This is to help with compatibility for v0.12 ([#494](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/494)) +* Enhanced the pending status checks of the Load Balancer v2 resources ([#550](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/550)) +* Prioritized the status of Load Balancer v2 resources to first use the Load Balancer's master status ([#556](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/556)) +* Fix flavor detection in `openstack_compute_instance_v2` and `openstack_containerinfra_cluster_v1` for Terraform v0.12 ([#551](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/551)) +* Added the ability to import `openstack_lb_loadbalancer_v2` ([#524](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/524)) +* Added the ability to import `openstack_lb_listener_v2` ([#524](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/524)) +* Added the ability to import `openstack_lb_pool_v2` ([#524](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/524)) +* Added the ability to import `openstack_lb_member_v2` ([#524](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/524)) +* Added the ability to import `openstack_lb_monitor_v2` ([#524](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/524)) +* Added `device_type` and `disk_bus` to `openstack_compute_instance_v2` block device ([#558](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/558)) +* Added `transparent_vlan` to `openstack_networking_network_v2` ([#513](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/513)) +* Added `transparent_vlan` to `openstack_networking_network_v2` data source ([#538](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/538)) +* Added `max_retries` to the provider options ([#413](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/413)) +* Added the ability to override catalog endpoints ([#501](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/501)) +* Changed the `segments` attribute of the `openstack_networking_network_v2` to `TypeSet` [[#578](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/578)] + +BUG FIXES + +* `openstack_compute_interface_attach_v2` now correctly sets the `instance_id` [[#557](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/557)] +* `openstack_networking_port_v2` will now correctly set the `admin_state_up` to `true/UP` if left omitted ([#594](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/594)) +* Fixed out of range panic in `openstack_compute_instance_v2` when no IP addresses were detected ([#539](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/539)) + +## 1.13.0 (December 18, 2018) + +FEATURES + +* __New Resource__: `openstack_sharedfilesystem_securityservice_v2` ([#515](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/515)) +* __New Resource__: `openstack_sharedfilesystem_sharenetwork_v2` ([#515](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/515)) +* __New Data Source__: `openstack_containerinfra_cluster_v1` ([#488](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/488)) +* __New Data Source__: `openstack_blockstorage_snapshot_v2` ([#448](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/448)) +* __New Data Source__: `openstack_blockstorage_snapshot_v3` ([#448](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/448)) + +IMPROVEMENTS + +* Added object versioning to `openstack_objectstorage_container_v1` ([#465](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/465)) +* Added support for soft affinities in `openstack_compute_servergroup_v2` ([#490](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/490)) +* Allow `default_pool_id` to be updated in `openstack_lb_listener_v2` ([#516](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/516)) +* Added `description` to `openstack_networking_router_v2` ([#529](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/529)) +* Added `description` to `openstack_networking_port_v2` ([#531](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/531)) +* Added `description` to `openstack_networking_subnet_v2` ([#533](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/533)) +* Added `description` to `openstack_networking_floatingip_v2` ([#534](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/534)) +* Added `description` to `openstack_networking_secgroup_v2` data source ([#535](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/535)) +* Added `description` to `openstack_networking_network_v2` ([#532](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/532)) +* Added `description` to `openstack_networking_subnet_v2` data source ([#528](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/528)) +* Added `description` to `openstack_networking_router_v2` data source ([#530](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/530)) +* Added `description` to `openstack_networking_network_v2` data source ([#536](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/536)) +* Added `description` to `openstack_networking_floatingip_v2` data source ([#523](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/523)) + +BUG FIXES + +* Allow instances to be in a state of `migrating` when performing a plan/refresh ([#496](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/496)) +* Fix issue when `openstack_networking_floatingip_v2`, `openstack_networking_router_v2`, `openstack_networking_subnet_v2`, and `openstack_networking_subnetpool_v2` tag updates send empty updates for the resource. ([#519](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/519)) + +## 1.12.0 (November 13, 2018) + +FEATURES + +* __New Resource__: `openstack_compute_interface_attach_v2` ([#470](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/470)) + +IMPROVEMENTS + +* Added `tags` to `openstack_networking_network_v2` ([#454](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/454)) +* Added `tags` to `openstack_networking_subnet_v2` ([#459](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/459)) +* Added `tags` to `openstack_networking_subnetpool_v2` ([#460](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/460)) +* Added `tags` to `openstack_networking_port_v2` ([#461](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/461)) +* Added `tags` to `openstack_networking_secgroup_v2` ([#463](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/463)) +* Added `tags` to `openstack_networking_floatingip_v2` ([#466](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/466)) +* Added `tags` to `openstack_networking_router_v2` ([#467](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/467)) +* Added `extra_dhcp_options` to `openstack_networking_port_v2` ([#258](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/258)) +* Added `fingerprint` to `openstack_compute_keypair_v2` data source ([#481](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/481)) +* Added `extra_specs` to `openstack_compute_flavor_v2` data source ([#480](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/480)) + +BUG FIXES + +* Fixed issue with nova-network based environments having the `tenantnetworks` API disabled ([#485](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/485)) + + +## 1.11.0 (October 29, 2018) + +FEATURES + +* __New Resource__: `openstack_networking_trunk_v2` ([#446](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/446)) +* __New Resource__: `openstack_compute_flavor_access_v2` ([#447](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/447)) + +IMPROVEMENTS + +* Added `multiattach` argument and attribute for the `openstack_blockstorage_volume_v3` resource ([#431](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/431)) +* `openstack_dns_recordset_v2` can now accept IPv6 addresses with and without brackets ([#443](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/443)) +* Added `multiattach` argument for the `openstack_compute_volume_attach_v2` resource ([#442](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/442)) +* `openstack_lb_member_v2` resources can now use a weight of 0 ([#451](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/451)) + +BUG FIXES + +* Fixed an issue where environment variables were overwriting specified arguments ([#436](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/436)) +* Fixed an issue where security group rule descriptions were not working with older verisons of OpenStack ([#438](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/438)) + +## 1.10.0 (October 01, 2018) + +FEATURES + +* __New Resource__: `openstack_containerinfra_cluster_v1` ([#421](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/421)) +* __New Data Source__: `openstack_containerinfra_clustertemplate_v1` ([#415](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/415)) + +IMPROVEMENTS + +* Added `description` argument for the `openstack_networking_secgroup_rule_v2` resource ([#416](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/416)) +* Added a vendor option of `ignore_resize_confirmation` to `openstack_compute_instance_v2` ([#422](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/422)) +* `openstack_compute_instance_v2` IP addresses are now visible in Rackspace. This provider still does not officially support Rackspace, though. ([#426](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/426)) +* Added `no_fixed_ip` argument to `openstack_networking_port_v2` which allows the port to not have an IP address ([#433](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/433)) + +BUG FIXES + +* Enabled instances to be in an `ERROR` state so they can be cleanly deleted ([#428](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/428)) + +## 1.9.0 (September 05, 2018) + +FEATURES + +* __New Resource__: `openstack_objectstorage_tempurl_v1` ([#379](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/379)) +* __New Resource__: `openstack_containerinfra_clustertemplate_v1` ([#403](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/403)) +* __New Data Source__: `openstack_fw_policy_v1` ([#398](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/398)) +* __New Data Source__: `openstack_networking_router_v2` ([#401](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/401)) + +IMPROVEMENTS + +* The `openstack_images_image_v2` resource can now finally update properties. This update has been in progress over the last two release cycles. Please let us know if you encounter any problems ([#409](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/409)) + +## 1.8.0 (August 08, 2018) + +BACKWARDS INCOMPATIBILITIES / NOTES: + +* Support for `default_domain` has been added. This should not cause any issues, but please report any issues encountered. +* `openstack_images_image_v2.properties` has been set to `ForceNew`. If properties are modified, the image will be recreated. Previously, updates to the properties were only happening in the Terraform state and not actually reflected on the image itself. + +FEATURES + +* __New Data Source__: `openstack_identity_group_v3` ([#385](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/385)) +* __New Data Source__: `openstack_networking_floatingip_v2` ([#387](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/387)) + +IMPROVEMENTS + +* Added support for `default_domain` during authentication ([#329](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/329)) +* The upcoming OpenStack Rocky release will be automatically adding additional properties to the `openstack_images_image_v2` resource. This resource has been patched to account for this and to reconcile these server-provided properties with the user-provided properties. In addition, `openstack_images_image_v2.properties` has been set to `ForceNew` and will recreate the image when properties have been modified. Previously, any updates to the properties were only happening in the state and not actually reflected on the image itself. ([#390](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/390)) + +BUG FIXES + +* The addition of the `openstack_networking_network_v2.external` data source argument caused unintended behavior of results only containing external or non-external networks. This bug has been fixed and we apologize for the inconvenience ([#384](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/384)) +* The addition of the `openstack_compute_floatingip_associate_v2.wait_until_associated` argument caused the floating IP association to be recreated when updating to a later release of this provider. This was unintended and this has been resolved ([#395](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/395)) + +## 1.7.0 (August 01, 2018) + +FEATURES + +* __New Data Source__: `openstack_identity_endpoint_v3` ([#377](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/377)) + +IMPROVEMENTS + +* Allow resize for stopped instances ([#348](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/348)) +* Added `power_state` to `openstack_compute_instance_v2` ([#350](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/350)) +* Added `external` to `openstack_networking_network_v2` resource ([#357](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/357)) +* Added `external` to `openstack_networking_network_v2` data source ([#358](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/358)) +* Return the default network uuid for `openstack_compute_instance_v2` ([#365](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/365)) +* Allow a specific floating IP to be specified in `openstack_networking_floatingip_v2` ([#371](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/371)) +* Allow `PROXY` protocol for `openstack_lb_pool_v2` ([#375](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/375)) + +BUG FIXES + +* Allow explicit values of `0` for `min_disk_gb` and `min_ram_mb` in the `openstack_images_image_v2` resource ([#351](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/351)) +* Make `peer_ep_group_id` optional in `openstack_vpnaas_site_connection` ([#353](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/353)) + +## 1.6.0 (June 20, 2018) + +FEATURES + +* __New Resource__: `openstack_vpnaas_site_connection_v2` ([#330](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/330)) + +IMPROVEMENTS + +* Added `wait_until_associated` to `openstack_compute_floatingip_associate_v2` ([#310](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/310)) +* Added support for SSL settings in a `clouds.yaml` file ([#340](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/340)) + +## 1.5.0 (May 15, 2018) + +FEATURES + +* __New Resource__: `openstack_blockstorage_volume_v3` ([#324](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/324)) +* __New Resource__: `openstack_blockstorage_volume_attach_v3` ([#324](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/324)) +* __New Resource__: `openstack_networking_subnet_route_v2` ([#314](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/314)) +* __New Resource__: `openstack_networking_floatingip_associate_v2` ([#313](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/313)) +* __New Resource__: `openstack_vpnaas_ipsec_policy_v2` ([#270](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/270)) +* __New Resource__: `openstack_vpnaas_service_v2` ([#300](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/300)) +* __New Resource__: `openstack_vpnaas_ike_policy_v2` ([#316](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/316)) +* __New Resource__: `openstack_vpnaas_endpoint_group_v2` ([#321](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/321)) +* __New Data Source__: `openstack_compute_keypair_v2` ([#307](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/307)) +* __New Data Source__: `openstack_identity_auth_scope_v3` ([#204](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/204)) + +IMPROVEMENTS + +* Added `verify_checksum` to `openstack_images_image_v2` resource so that checksum verification can be disabled ([#305](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/305)) +* The LBaaS v2 resources have lower "delay" times when waiting for state changes. This should speed up creation of a Load Balancing stack ([#297](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/297)) + +BUG FIXES + +* Fixed issue where `OS_IDENTITY_API_VERSION=2` was not recognized ([#315](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/315)) +* Fixed issue when using Identity v3 resources when an Identity v2 endpoint is published ([#320](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/320)) +* `openstack_networking_router_v2.distributed` will now pass `false` correctly ([#308](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/308)) +* `openstack_networking_router_v2.enable_snat` will now pass `false` correctly ([#309](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/309)) + +## 1.4.0 (May 01, 2018) + +BACKWARDS INCOMPATIBILITIES / NOTES: + +* The OpenStack provider now has additional authentication options for `project_domain_name`, `project_domain_id`, `user_domain_name`, and `user_domain_id`. This will allow for more fine-grainted authentication scoping. This should not cause any problems with existing deployments, but please report any authentication issues after upgrading. + +FEATURES + +* __New Resource__: `openstack_identity_role_assignment_v3` ([#265](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/265)) +* __New Data Source__: `openstack_identity_project_v3` ([#251](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/251)) +* __New Data Source__: `openstack_identity_user_v3` ([#252](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/252)) + +IMPROVEMENTS + +* Added `member_status` to `openstack_images_image_v2` data source ([#269](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/269)) +* Add support for `OS_TOKEN` environment variable ([#272](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/272)) +* Added `force_destroy` to `openstack_objectstorage_container_v1` which will cause all objects in the container to be deleted when the container is deleted ([#276](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/276)) +* CIDR is now optional in `openstack_networking_subnet_v2` allowing a CIDR to be allocated from a subnet pool ([#294](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/294)) +* Added additional authentication options for domain scoping ([#290](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/290)) +* `openstack_images_image_v2` can now support OVA format ([#302](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/302)) + +BUG FIXES + +* `openstack_compute_instance_v2` resources can handle Availability Zones in the format of `az:host:node` ([#291](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/291)) + +## 1.3.0 (March 14, 2018) + +BACKWARDS INCOMPATIBILITIES / NOTES: + +* `openstack_compute_keypair_v2` can now generate a private key, however the private key will be stored in your Terraform state. Please use caution. +* The MAC addresses in `openstack_networking_port_v2.allowed_address_pairs` is no longer computed. This should not cause an issue for users since if an `allowed_address_pairs` MAC address was not specified, the AAP MAC will match `openstack_networking_port_v2.mac_address`. + +FEATURES + +* __New Resource:__ `openstack_networking_subnetpool_v2` ([#243](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/243)) +* __New Resource:__ `openstack_identity_role_v3` ([#250](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/250)) +* __New Data Source:__ `openstack_networking_subnetpool_v2` ([#243](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/243)) +* __New Data Source:__ `openstack_identity_role_v3` ([#250](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/250)) + +IMPROVEMENTS + +* Added `additional_properties` to `openstack_compute_instance_v2` scheduler hints ([#230](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/230)) +* `openstack_compute_keypair_v2` can now generate a private key ([#217](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/217)) +* `openstack_networking_router_v2` can now optionally set a default gateway after it has been created ([#209](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/209)) +* Added `subnetpool_id` to `openstack_networking_subnet_v2` resource and data source ([#249](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/249)) +* Added `extra_specs` to `openstack_compute_flavor_v2` ([#241](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/241)) +* Added `subnet_id` to `openstack_networking_floatingip_v2` ([#240](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/240)) + +BUG FIXES + +* Fixed bug with `openstack_networking_network_v2` and `openstack_networking_subnet_v2` where the `OS_TENANT_ID` was incorrectly being used as a default value ([#254](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/254)) +* Correctly detect if an object storage container is deleted ([#261](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/261)) +* Fixed a few small bugs with `openstack_fw_rule_v1` updating ([#224](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/224)) +* Fixed an issue with `openstack_networking_port_v2` `allowed_address_pairs` and MAC addresses ([#244](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/244)) + +## 1.2.0 (January 18, 2018) + +BACKWARDS INCOMPATIBILITIES / NOTES: + +* The way IP addresses for `allowed_address_pairs` in the `openstack_networking_port_v2` resource are stored in the Terraform state has changed. +* The `external_gateway` argument in the `openstack_networking_router_v2` has been deprecated in favor of the more appropriately named `external_network_id`. + +FEATURES + +* __New Resource:__ `openstack_db_database_v1` ([#179](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/179)) +* __New Resource:__ `openstack_db_user_v1` ([#180](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/180)) +* __New Resource:__ `openstack_db_configuration_v1` ([#185](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/185)) +* __New Data Source:__ `openstack_compute_flavor_v2` ([#190](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/190)) + + +IMPROVEMENTS + +* Added `external_fixed_ips` to the `openstack_networking_router_v2` resource ([#178](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/178)) +* Added `ipv6_address_mode` and `ipv6_ra_mode` to the `openstack_networking_subnet_v2` resource and data source ([#193](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/193)) +* Several new `openstack_networking_subnet_v2` attributes are now accessible in the data source ([#199](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/199)) +* Added `availability_zone_hints` to the `openstack_networking_network_v2` resource and data source ([#196](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/196)) +* Added `availability_zone_hints` to the `openstack_networking_router_v2` resource ([#203](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/203)) +* User's password field in `openstack_db_instance_v2` resource has been marked sensitive ([#220](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/220)) +* `openstack_db_instance_v1` now supports setting a `configuration_id` ([#221](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/221)) + +BUG FIXES + +* Allow the same `ip_address` with a different `mac_address` to be specified multiple times in the `openstack_networking_port_v2` resource ([#168](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/168)) +* Fixed unhandled error checks which were causing crashes in `openstack_networking_secgroup_v2` and `openstack_networking_network_v2` data sources ([#201](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/201)) +* Fixed unhandled error check when creating `openstack_networking_floatingip_v2` ([#206](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/206)) +* Fixed region detection when using `clouds.yaml` ([#216](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/216)) +* Make `subnet_id` optional for `openstack_lb_member_v2` ([#189](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/189)) +* Fix ordering of DNS servers in `openstack_networking_subnet_v2` ([#226](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/226)) + +## 1.1.0 (December 04, 2017) + +FEATURES + +* __New Resource:__ `openstack_objectstorage_object_v1` ([#146](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/146)) +* __New Resource:__ `openstack_db_instance_v1` ([#155](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/155)) + +IMPROVEMENTS + +* Better handling of mutually exclusive options `no_gateway` and `gateway_ip` in the `openstack_networking_subnet_v2` resource ([#136](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/136)) +* Can now authenticate with a `clouds.yaml` file ([#154](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/154)) + +BUG FIXES + +* Fixed issue with automatic detection of an Octavia client and Networking client ([#172](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/172)) +* Fixed issue with creating public flavors ([#177](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/177)) + +## 1.0.0 (November 08, 2017) + +BACKWARDS INCOMPATIBILITIES / NOTES: + +* If your OpenStack cloud supports the Octavia Load Balancing service, you can now use it by setting the provider-level `use_octavia` argument to `true`. The `openstack_lb_*_v2` resources will then seamlessly use Octavia. + +FEATURES + +* __New Data Source:__ `openstack_networking_subnet_v2` ([#135](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/135)) +* __New Data Source:__ `openstack_dns_zone_v2` ([#145](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/145)) + +IMPROVEMENTS + +* `openstack_networking_router_v2`: Added `enable_snat` argument ([#140](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/140)) +* Added provider-level option of `use_octavia` to use the Octavia load balancing service ([#149](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/149)) + +## 0.3.0 (October 23, 2017) + +BACKWARDS INCOMPATIBILITIES / NOTES: + +* The `openstack_networking_port_v2` resource had a significant update to how it handles security groups. If you have not explicitly defined security groups in the port resource, any security groups which were automatically applied by OpenStack (such as the `default` security group) will be removed upon the next apply. To prevent this from happening, add the ID of the security groups to the `security_group_ids` argument. If you are already explicitly specifying security groups, you should see no change in behavior. + +IMPROVEMENTS + + * `openstack_networking_router_interface_v2` will now set `subnet_id` when importing ([#119](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/119)) + * `openstack_networking_router_route_v2` can now be imported ([#120](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/120)) + * `openstack_images_image_v2` resource and data source now supports reading and setting properties ([#113](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/113)) + +BUG FIXES + + * `openstack_networking_port_v2`: Fixed issues with how security groups and allowed address pairs are applied and updated [[#114](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/114)]. + +## 0.2.2 (September 15, 2017) + +BACKWARDS INCOMPATIBILITIES / NOTES: + +* Unused `id` fields in the LBaaS v2 resources were removed. This should not cause any issues, but please report if you find otherwise. + +FEATURES: + +* __New Data Source:__ `openstack_networking_secgroup_v2` ([#86](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/86)) +* __New Resource:__: `openstack_compute_flavor_v2` ([#83](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/83)) + +IMPROVEMENTS + * Added `status` field to `openstack_networking_network_v2` data source ([#105](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/105)) + * `openstack_networking_router_v2` can now be imported ([#111](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/111)) + * `openstack_networking_router_interface_v2` can now be imported ([#112](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/112)) + +BUG FIXES + +* `openstack_lb_listener_v2`: Don't send `connection_limit` unless it has been set ([#90](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/90)) +* `openstack_lb_pool_v2`: Find Load Balancer via Listener ([#97](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/97)) +* LBaaS v2: Removed unused `id` fields ([#93](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/93)) +* `openstack_lb_monitor_v2`: Check if a monitor was successfully created before proceeding ([#102](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/102)) +* `openstack_networking_router_v2`: Fix region parameter ([#107](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/107)) +* `openstack_compute_instance_v2`: Fix regression bug with NIC detection ([#117](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/117)) + +## 0.2.1 (August 23, 2017) + +IMPROVEMENTS: + +* `openstack_lb_loadbalancer_v2` timeouts have been lowered to 10 and 5 minutes ([#74](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/74)) + +BUG FIXES: + +* `openstack_images_image_v2` data source now sorts images by `CreatedAt` instead of `UpdatedAt` ([#78](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/78)) +* `openstack_networking_secgroup_v2` now re-reads security group before deleteing rules when `delete_default_rules => true` ([#82](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/82)) +* Fixed `openstack_compute_instance_v2` access IP address detection in dual-stack environments ([#85](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/85)) + +## 0.2.0 (August 14, 2017) + +BACKWARDS INCOMPATIBILITIES / NOTES: + +* Network detection in the `openstack_compute_instance_v2` resource was cleaned up and updated. There should be no incompatibilities, but you should do a `plan` before `apply` just to be safe. +* The `openstack_lb_loadbalancer_v2.provider` argument has been removed entirely. This was an erroneous argument from the beginning, so it should not be in use. However, if you do have it set in your configurations, please rename it to `loadbalancer_provider`. + +FEATURES: + +* __New Resource:__ `openstack_identity_project_v3` ([#50](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/50)) +* __New Resource:__ `openstack_identity_user_v3` ([#52](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/52)) + +IMPROVEMENTS: + +* `openstack_compute_instance_v2` now supports Neutron for network detection ([#39](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/39)) +* `openstack_compute_instance_v2` support for multiple NICs on the same network ([#39](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/39)) +* Added support for `TERMINATED_HTTPS` protocol in `openstack_lb_listener_v2` ([#49](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/49)) +* Improvements to LBaaS v2 resource coordination ([#59](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/59)) +* `openstack_lb_loadbalancer_v2.provider` has been removed. See notes above. ([#65](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/65)) + +BUG FIXES: +* `openstack_lb_pool_v2` handling of `persistence` updated, `cookie_name` is now optional. ([#57](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/57)) +* `openstack_fw_firewall_v1.associated_routers` is now computed. ([#53](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/53)) +* All `openstack_fw_rule_v1` attributes are now passed during an update phase. ([#53](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/53)) +* `openstack_networking_secgroup_v2` now correctly updates description. ([#60](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/60)) +* `openstack_fw_firewall_v1` now correctly translates `value_specs` on create. ([#66](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/66)) + +## 0.1.0 (June 21, 2017) + +BACKWARDS INCOMPATIBILITIES / NOTES: + +* You can now specify `region` in the provider block. All resources will inherit this region setting, or you can override it in the resource-level `region`. Make sure to do a `plan` before an `apply` to make sure the resource is not destroyed due to incorrectly determining the region! If you see this happening, either explicitly set the `region` in the resource or use `lifecycle.ignore_changes`. +* `floating_ip` has been removed from `openstack_compute_instance_v2`. You must now use `openstack_compute_floatingip_associate_v2` to associate a Floating IP with an Instance. +* `volume` has been removed from `openstack_compute_instance_v2`. You must now use `openstack_compute_volume_attach_v2` to attach a Volume with an Instance. +* `member` has been removed from `openstack_lb_pool_v1`. You must now use `openstack_lb_member_v1` to add a LBaaS v1 Member to a Pool. + + +IMPROVEMENTS: + +* Can specify `region` in the provider ([#25](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/25)) + +BUG FIXES + +* Wait for LoadBalancer to be active before creating Pools and Monitors ([#29](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/29)) +* Choose first network found with a matching name for compute instances ([#36](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/36)) diff --git a/ansible/roles/dingo-command/templates/dingo.com/terraform-provider-openstack/openstack/1.54.1/linux_amd64/LICENSE b/ansible/roles/dingo-command/templates/dingo.com/terraform-provider-openstack/openstack/1.54.1/linux_amd64/LICENSE new file mode 100644 index 0000000000..a612ad9813 --- /dev/null +++ b/ansible/roles/dingo-command/templates/dingo.com/terraform-provider-openstack/openstack/1.54.1/linux_amd64/LICENSE @@ -0,0 +1,373 @@ +Mozilla Public License Version 2.0 +================================== + +1. Definitions +-------------- + +1.1. "Contributor" + means each individual or legal entity that creates, contributes to + the creation of, or owns Covered Software. + +1.2. "Contributor Version" + means the combination of the Contributions of others (if any) used + by a Contributor and that particular Contributor's Contribution. + +1.3. "Contribution" + means Covered Software of a particular Contributor. + +1.4. "Covered Software" + means Source Code Form to which the initial Contributor has attached + the notice in Exhibit A, the Executable Form of such Source Code + Form, and Modifications of such Source Code Form, in each case + including portions thereof. + +1.5. "Incompatible With Secondary Licenses" + means + + (a) that the initial Contributor has attached the notice described + in Exhibit B to the Covered Software; or + + (b) that the Covered Software was made available under the terms of + version 1.1 or earlier of the License, but not also under the + terms of a Secondary License. + +1.6. "Executable Form" + means any form of the work other than Source Code Form. + +1.7. "Larger Work" + means a work that combines Covered Software with other material, in + a separate file or files, that is not Covered Software. + +1.8. "License" + means this document. + +1.9. "Licensable" + means having the right to grant, to the maximum extent possible, + whether at the time of the initial grant or subsequently, any and + all of the rights conveyed by this License. + +1.10. "Modifications" + means any of the following: + + (a) any file in Source Code Form that results from an addition to, + deletion from, or modification of the contents of Covered + Software; or + + (b) any new file in Source Code Form that contains any Covered + Software. + +1.11. "Patent Claims" of a Contributor + means any patent claim(s), including without limitation, method, + process, and apparatus claims, in any patent Licensable by such + Contributor that would be infringed, but for the grant of the + License, by the making, using, selling, offering for sale, having + made, import, or transfer of either its Contributions or its + Contributor Version. + +1.12. "Secondary License" + means either the GNU General Public License, Version 2.0, the GNU + Lesser General Public License, Version 2.1, the GNU Affero General + Public License, Version 3.0, or any later versions of those + licenses. + +1.13. "Source Code Form" + means the form of the work preferred for making modifications. + +1.14. "You" (or "Your") + means an individual or a legal entity exercising rights under this + License. For legal entities, "You" includes any entity that + controls, is controlled by, or is under common control with You. For + purposes of this definition, "control" means (a) the power, direct + or indirect, to cause the direction or management of such entity, + whether by contract or otherwise, or (b) ownership of more than + fifty percent (50%) of the outstanding shares or beneficial + ownership of such entity. + +2. License Grants and Conditions +-------------------------------- + +2.1. Grants + +Each Contributor hereby grants You a world-wide, royalty-free, +non-exclusive license: + +(a) under intellectual property rights (other than patent or trademark) + Licensable by such Contributor to use, reproduce, make available, + modify, display, perform, distribute, and otherwise exploit its + Contributions, either on an unmodified basis, with Modifications, or + as part of a Larger Work; and + +(b) under Patent Claims of such Contributor to make, use, sell, offer + for sale, have made, import, and otherwise transfer either its + Contributions or its Contributor Version. + +2.2. Effective Date + +The licenses granted in Section 2.1 with respect to any Contribution +become effective for each Contribution on the date the Contributor first +distributes such Contribution. + +2.3. Limitations on Grant Scope + +The licenses granted in this Section 2 are the only rights granted under +this License. No additional rights or licenses will be implied from the +distribution or licensing of Covered Software under this License. +Notwithstanding Section 2.1(b) above, no patent license is granted by a +Contributor: + +(a) for any code that a Contributor has removed from Covered Software; + or + +(b) for infringements caused by: (i) Your and any other third party's + modifications of Covered Software, or (ii) the combination of its + Contributions with other software (except as part of its Contributor + Version); or + +(c) under Patent Claims infringed by Covered Software in the absence of + its Contributions. + +This License does not grant any rights in the trademarks, service marks, +or logos of any Contributor (except as may be necessary to comply with +the notice requirements in Section 3.4). + +2.4. Subsequent Licenses + +No Contributor makes additional grants as a result of Your choice to +distribute the Covered Software under a subsequent version of this +License (see Section 10.2) or under the terms of a Secondary License (if +permitted under the terms of Section 3.3). + +2.5. Representation + +Each Contributor represents that the Contributor believes its +Contributions are its original creation(s) or it has sufficient rights +to grant the rights to its Contributions conveyed by this License. + +2.6. Fair Use + +This License is not intended to limit any rights You have under +applicable copyright doctrines of fair use, fair dealing, or other +equivalents. + +2.7. Conditions + +Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted +in Section 2.1. + +3. Responsibilities +------------------- + +3.1. Distribution of Source Form + +All distribution of Covered Software in Source Code Form, including any +Modifications that You create or to which You contribute, must be under +the terms of this License. You must inform recipients that the Source +Code Form of the Covered Software is governed by the terms of this +License, and how they can obtain a copy of this License. You may not +attempt to alter or restrict the recipients' rights in the Source Code +Form. + +3.2. Distribution of Executable Form + +If You distribute Covered Software in Executable Form then: + +(a) such Covered Software must also be made available in Source Code + Form, as described in Section 3.1, and You must inform recipients of + the Executable Form how they can obtain a copy of such Source Code + Form by reasonable means in a timely manner, at a charge no more + than the cost of distribution to the recipient; and + +(b) You may distribute such Executable Form under the terms of this + License, or sublicense it under different terms, provided that the + license for the Executable Form does not attempt to limit or alter + the recipients' rights in the Source Code Form under this License. + +3.3. Distribution of a Larger Work + +You may create and distribute a Larger Work under terms of Your choice, +provided that You also comply with the requirements of this License for +the Covered Software. If the Larger Work is a combination of Covered +Software with a work governed by one or more Secondary Licenses, and the +Covered Software is not Incompatible With Secondary Licenses, this +License permits You to additionally distribute such Covered Software +under the terms of such Secondary License(s), so that the recipient of +the Larger Work may, at their option, further distribute the Covered +Software under the terms of either this License or such Secondary +License(s). + +3.4. Notices + +You may not remove or alter the substance of any license notices +(including copyright notices, patent notices, disclaimers of warranty, +or limitations of liability) contained within the Source Code Form of +the Covered Software, except that You may alter any license notices to +the extent required to remedy known factual inaccuracies. + +3.5. Application of Additional Terms + +You may choose to offer, and to charge a fee for, warranty, support, +indemnity or liability obligations to one or more recipients of Covered +Software. However, You may do so only on Your own behalf, and not on +behalf of any Contributor. You must make it absolutely clear that any +such warranty, support, indemnity, or liability obligation is offered by +You alone, and You hereby agree to indemnify every Contributor for any +liability incurred by such Contributor as a result of warranty, support, +indemnity or liability terms You offer. You may include additional +disclaimers of warranty and limitations of liability specific to any +jurisdiction. + +4. Inability to Comply Due to Statute or Regulation +--------------------------------------------------- + +If it is impossible for You to comply with any of the terms of this +License with respect to some or all of the Covered Software due to +statute, judicial order, or regulation then You must: (a) comply with +the terms of this License to the maximum extent possible; and (b) +describe the limitations and the code they affect. Such description must +be placed in a text file included with all distributions of the Covered +Software under this License. Except to the extent prohibited by statute +or regulation, such description must be sufficiently detailed for a +recipient of ordinary skill to be able to understand it. + +5. Termination +-------------- + +5.1. The rights granted under this License will terminate automatically +if You fail to comply with any of its terms. However, if You become +compliant, then the rights granted under this License from a particular +Contributor are reinstated (a) provisionally, unless and until such +Contributor explicitly and finally terminates Your grants, and (b) on an +ongoing basis, if such Contributor fails to notify You of the +non-compliance by some reasonable means prior to 60 days after You have +come back into compliance. Moreover, Your grants from a particular +Contributor are reinstated on an ongoing basis if such Contributor +notifies You of the non-compliance by some reasonable means, this is the +first time You have received notice of non-compliance with this License +from such Contributor, and You become compliant prior to 30 days after +Your receipt of the notice. + +5.2. If You initiate litigation against any entity by asserting a patent +infringement claim (excluding declaratory judgment actions, +counter-claims, and cross-claims) alleging that a Contributor Version +directly or indirectly infringes any patent, then the rights granted to +You by any and all Contributors for the Covered Software under Section +2.1 of this License shall terminate. + +5.3. In the event of termination under Sections 5.1 or 5.2 above, all +end user license agreements (excluding distributors and resellers) which +have been validly granted by You or Your distributors under this License +prior to termination shall survive termination. + +************************************************************************ +* * +* 6. Disclaimer of Warranty * +* ------------------------- * +* * +* Covered Software is provided under this License on an "as is" * +* basis, without warranty of any kind, either expressed, implied, or * +* statutory, including, without limitation, warranties that the * +* Covered Software is free of defects, merchantable, fit for a * +* particular purpose or non-infringing. The entire risk as to the * +* quality and performance of the Covered Software is with You. * +* Should any Covered Software prove defective in any respect, You * +* (not any Contributor) assume the cost of any necessary servicing, * +* repair, or correction. This disclaimer of warranty constitutes an * +* essential part of this License. No use of any Covered Software is * +* authorized under this License except under this disclaimer. * +* * +************************************************************************ + +************************************************************************ +* * +* 7. Limitation of Liability * +* -------------------------- * +* * +* Under no circumstances and under no legal theory, whether tort * +* (including negligence), contract, or otherwise, shall any * +* Contributor, or anyone who distributes Covered Software as * +* permitted above, be liable to You for any direct, indirect, * +* special, incidental, or consequential damages of any character * +* including, without limitation, damages for lost profits, loss of * +* goodwill, work stoppage, computer failure or malfunction, or any * +* and all other commercial damages or losses, even if such party * +* shall have been informed of the possibility of such damages. This * +* limitation of liability shall not apply to liability for death or * +* personal injury resulting from such party's negligence to the * +* extent applicable law prohibits such limitation. Some * +* jurisdictions do not allow the exclusion or limitation of * +* incidental or consequential damages, so this exclusion and * +* limitation may not apply to You. * +* * +************************************************************************ + +8. Litigation +------------- + +Any litigation relating to this License may be brought only in the +courts of a jurisdiction where the defendant maintains its principal +place of business and such litigation shall be governed by laws of that +jurisdiction, without reference to its conflict-of-law provisions. +Nothing in this Section shall prevent a party's ability to bring +cross-claims or counter-claims. + +9. Miscellaneous +---------------- + +This License represents the complete agreement concerning the subject +matter hereof. If any provision of this License is held to be +unenforceable, such provision shall be reformed only to the extent +necessary to make it enforceable. Any law or regulation which provides +that the language of a contract shall be construed against the drafter +shall not be used to construe this License against a Contributor. + +10. Versions of the License +--------------------------- + +10.1. New Versions + +Mozilla Foundation is the license steward. Except as provided in Section +10.3, no one other than the license steward has the right to modify or +publish new versions of this License. Each version will be given a +distinguishing version number. + +10.2. Effect of New Versions + +You may distribute the Covered Software under the terms of the version +of the License under which You originally received the Covered Software, +or under the terms of any subsequent version published by the license +steward. + +10.3. Modified Versions + +If you create software not governed by this License, and you want to +create a new license for such software, you may create and use a +modified version of this License if you rename the license and remove +any references to the name of the license steward (except to note that +such modified license differs from this License). + +10.4. Distributing Source Code Form that is Incompatible With Secondary +Licenses + +If You choose to distribute Source Code Form that is Incompatible With +Secondary Licenses under the terms of this version of the License, the +notice described in Exhibit B of this License must be attached. + +Exhibit A - Source Code Form License Notice +------------------------------------------- + + This Source Code Form is subject to the terms of the Mozilla Public + License, v. 2.0. If a copy of the MPL was not distributed with this + file, You can obtain one at http://mozilla.org/MPL/2.0/. + +If it is not possible or desirable to put the notice in a particular +file, then You may include the notice in a location (such as a LICENSE +file in a relevant directory) where a recipient would be likely to look +for such a notice. + +You may add additional accurate notices of copyright ownership. + +Exhibit B - "Incompatible With Secondary Licenses" Notice +--------------------------------------------------------- + + This Source Code Form is "Incompatible With Secondary Licenses", as + defined by the Mozilla Public License, v. 2.0. diff --git a/ansible/roles/dingo-command/templates/dingo.com/terraform-provider-openstack/openstack/1.54.1/linux_amd64/README.md b/ansible/roles/dingo-command/templates/dingo.com/terraform-provider-openstack/openstack/1.54.1/linux_amd64/README.md new file mode 100644 index 0000000000..082bed89d9 --- /dev/null +++ b/ansible/roles/dingo-command/templates/dingo.com/terraform-provider-openstack/openstack/1.54.1/linux_amd64/README.md @@ -0,0 +1,80 @@ +Terraform OpenStack Provider +============================ + +Documentation: [registry.terraform.io](https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs) + +Requirements +------------ + +- [Terraform](https://www.terraform.io/downloads.html) 1.0.x +- [Go](https://golang.org/doc/install) 1.20 (to build the provider plugin) + +Building The Provider +--------------------- + +Clone the repository + +```sh +$ git clone git@github.com:terraform-provider-openstack/terraform-provider-openstack.git +``` + +Enter the provider directory and build the provider + +```sh +$ cd terraform-provider-openstack +$ make build +``` + +Using the provider +---------------------- +Please see the documentation at [registry.terraform.io](https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs). + +Or you can browse the documentation within this repo [here](https://github.com/terraform-provider-openstack/terraform-provider-openstack/tree/main/website/docs). + +Developing the Provider +--------------------------- + +If you wish to work on the provider, you'll first need [Go](https://golang.org) installed on your machine (version 1.20+ is *required*). + +To compile the provider, run `make build`. This will build the provider and put the provider binary in the current directory. + +```sh +$ make build +``` + +For further details on how to work on this provider, please see the [Testing and Development](https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs#testing-and-development) documentation. + +Releasing the Provider +---------------------- + +This repository contains a GitHub Action configured to automatically build and +publish assets for release when a tag is pushed that matches the pattern `v*` +(ie. `v0.1.0`). + +A [Gorelaser](https://goreleaser.com/) configuration is provided that produce +build artifacts matching the [layout required](https://www.terraform.io/docs/registry/providers/publishing.html#manually-preparing-a-release) +to publish the provider in the Terraform Registry. + +Releases will as drafts. Once marked as published on the GitHub Releases page, +they will become available via the Terraform Registry. + +Before releasing, a PR updating the changelog should be made to trigger the CI +for all services and ensure that everything is OK. Moreover, update the example +on `website/docs/index.html.markdown` to point to the new version. + +Thank You +--------- + +We'd like to extend special thanks and appreciation to the following: + +### OpenLab + + + +OpenLab is providing a full CI environment to test each PR and merge for a variety of OpenStack releases. + +### VEXXHOST + + + +VEXXHOST is providing their services to assist with the development and testing of this provider. diff --git a/ansible/roles/dingo-command/templates/dingo.com/terraform-provider-openstack/openstack/1.54.1/linux_amd64/terraform-provider-openstack_v1.54.1 b/ansible/roles/dingo-command/templates/dingo.com/terraform-provider-openstack/openstack/1.54.1/linux_amd64/terraform-provider-openstack_v1.54.1 new file mode 100644 index 0000000000..02ed7e9015 Binary files /dev/null and b/ansible/roles/dingo-command/templates/dingo.com/terraform-provider-openstack/openstack/1.54.1/linux_amd64/terraform-provider-openstack_v1.54.1 differ diff --git a/ansible/roles/dingo-command/templates/gunicorn.py b/ansible/roles/dingo-command/templates/gunicorn.py new file mode 100644 index 0000000000..4862c99de8 --- /dev/null +++ b/ansible/roles/dingo-command/templates/gunicorn.py @@ -0,0 +1,69 @@ +# Copyright 2022 99cloud +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import multiprocessing +import os +os.environ['OPENBLAS_NUM_THREADS'] = '1' +bind = "0.0.0.0:8887" +workers = 4 +worker_class = "uvicorn.workers.UvicornWorker" +timeout = 300 +keepalive = 5 +reuse_port = True +proc_name = "dingo-command" + +logconfig_dict = { + "version": 1, + "disable_existing_loggers": False, + "root": {"level": "INFO", "handlers": ["console"]}, + "loggers": { + "gunicorn.error": { + "level": "INFO", + "handlers": ["error_file"], + "propagate": 0, + "qualname": "gunicorn_error", + }, + "gunicorn.access": { + "level": "INFO", + "handlers": ["access_file"], + "propagate": 0, + "qualname": "access", + }, + }, + "handlers": { + "error_file": { + "class": "logging.handlers.RotatingFileHandler", + "formatter": "generic", + "level": "INFO", + "filename": "/var/log/dingo-command/dingo-command-error.log", + }, + "access_file": { + "class": "logging.handlers.RotatingFileHandler", + "formatter": "generic", + "filename": "/var/log/dingo-command/dingo-command-access.log", + }, + "console": { + "class": "logging.StreamHandler", + "level": "INFO", + "formatter": "generic", + }, + }, + "formatters": { + "generic": { + "format": "%(asctime)s.%(msecs)03d %(process)d %(levelname)s [-] %(message)s", + "datefmt": "[%Y-%m-%d %H:%M:%S %z]", + "class": "logging.Formatter", + } + }, +} diff --git a/ansible/roles/dingo-command/templates/registry.terraform.io/hashicorp/cloudinit/2.3.7/linux_amd64/LICENSE.txt b/ansible/roles/dingo-command/templates/registry.terraform.io/hashicorp/cloudinit/2.3.7/linux_amd64/LICENSE.txt new file mode 100644 index 0000000000..3b97eaf3c3 --- /dev/null +++ b/ansible/roles/dingo-command/templates/registry.terraform.io/hashicorp/cloudinit/2.3.7/linux_amd64/LICENSE.txt @@ -0,0 +1,375 @@ +Copyright (c) 2019 HashiCorp, Inc. + +Mozilla Public License Version 2.0 +================================== + +1. Definitions +-------------- + +1.1. "Contributor" + means each individual or legal entity that creates, contributes to + the creation of, or owns Covered Software. + +1.2. "Contributor Version" + means the combination of the Contributions of others (if any) used + by a Contributor and that particular Contributor's Contribution. + +1.3. "Contribution" + means Covered Software of a particular Contributor. + +1.4. "Covered Software" + means Source Code Form to which the initial Contributor has attached + the notice in Exhibit A, the Executable Form of such Source Code + Form, and Modifications of such Source Code Form, in each case + including portions thereof. + +1.5. "Incompatible With Secondary Licenses" + means + + (a) that the initial Contributor has attached the notice described + in Exhibit B to the Covered Software; or + + (b) that the Covered Software was made available under the terms of + version 1.1 or earlier of the License, but not also under the + terms of a Secondary License. + +1.6. "Executable Form" + means any form of the work other than Source Code Form. + +1.7. "Larger Work" + means a work that combines Covered Software with other material, in + a separate file or files, that is not Covered Software. + +1.8. "License" + means this document. + +1.9. "Licensable" + means having the right to grant, to the maximum extent possible, + whether at the time of the initial grant or subsequently, any and + all of the rights conveyed by this License. + +1.10. "Modifications" + means any of the following: + + (a) any file in Source Code Form that results from an addition to, + deletion from, or modification of the contents of Covered + Software; or + + (b) any new file in Source Code Form that contains any Covered + Software. + +1.11. "Patent Claims" of a Contributor + means any patent claim(s), including without limitation, method, + process, and apparatus claims, in any patent Licensable by such + Contributor that would be infringed, but for the grant of the + License, by the making, using, selling, offering for sale, having + made, import, or transfer of either its Contributions or its + Contributor Version. + +1.12. "Secondary License" + means either the GNU General Public License, Version 2.0, the GNU + Lesser General Public License, Version 2.1, the GNU Affero General + Public License, Version 3.0, or any later versions of those + licenses. + +1.13. "Source Code Form" + means the form of the work preferred for making modifications. + +1.14. "You" (or "Your") + means an individual or a legal entity exercising rights under this + License. For legal entities, "You" includes any entity that + controls, is controlled by, or is under common control with You. For + purposes of this definition, "control" means (a) the power, direct + or indirect, to cause the direction or management of such entity, + whether by contract or otherwise, or (b) ownership of more than + fifty percent (50%) of the outstanding shares or beneficial + ownership of such entity. + +2. License Grants and Conditions +-------------------------------- + +2.1. Grants + +Each Contributor hereby grants You a world-wide, royalty-free, +non-exclusive license: + +(a) under intellectual property rights (other than patent or trademark) + Licensable by such Contributor to use, reproduce, make available, + modify, display, perform, distribute, and otherwise exploit its + Contributions, either on an unmodified basis, with Modifications, or + as part of a Larger Work; and + +(b) under Patent Claims of such Contributor to make, use, sell, offer + for sale, have made, import, and otherwise transfer either its + Contributions or its Contributor Version. + +2.2. Effective Date + +The licenses granted in Section 2.1 with respect to any Contribution +become effective for each Contribution on the date the Contributor first +distributes such Contribution. + +2.3. Limitations on Grant Scope + +The licenses granted in this Section 2 are the only rights granted under +this License. No additional rights or licenses will be implied from the +distribution or licensing of Covered Software under this License. +Notwithstanding Section 2.1(b) above, no patent license is granted by a +Contributor: + +(a) for any code that a Contributor has removed from Covered Software; + or + +(b) for infringements caused by: (i) Your and any other third party's + modifications of Covered Software, or (ii) the combination of its + Contributions with other software (except as part of its Contributor + Version); or + +(c) under Patent Claims infringed by Covered Software in the absence of + its Contributions. + +This License does not grant any rights in the trademarks, service marks, +or logos of any Contributor (except as may be necessary to comply with +the notice requirements in Section 3.4). + +2.4. Subsequent Licenses + +No Contributor makes additional grants as a result of Your choice to +distribute the Covered Software under a subsequent version of this +License (see Section 10.2) or under the terms of a Secondary License (if +permitted under the terms of Section 3.3). + +2.5. Representation + +Each Contributor represents that the Contributor believes its +Contributions are its original creation(s) or it has sufficient rights +to grant the rights to its Contributions conveyed by this License. + +2.6. Fair Use + +This License is not intended to limit any rights You have under +applicable copyright doctrines of fair use, fair dealing, or other +equivalents. + +2.7. Conditions + +Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted +in Section 2.1. + +3. Responsibilities +------------------- + +3.1. Distribution of Source Form + +All distribution of Covered Software in Source Code Form, including any +Modifications that You create or to which You contribute, must be under +the terms of this License. You must inform recipients that the Source +Code Form of the Covered Software is governed by the terms of this +License, and how they can obtain a copy of this License. You may not +attempt to alter or restrict the recipients' rights in the Source Code +Form. + +3.2. Distribution of Executable Form + +If You distribute Covered Software in Executable Form then: + +(a) such Covered Software must also be made available in Source Code + Form, as described in Section 3.1, and You must inform recipients of + the Executable Form how they can obtain a copy of such Source Code + Form by reasonable means in a timely manner, at a charge no more + than the cost of distribution to the recipient; and + +(b) You may distribute such Executable Form under the terms of this + License, or sublicense it under different terms, provided that the + license for the Executable Form does not attempt to limit or alter + the recipients' rights in the Source Code Form under this License. + +3.3. Distribution of a Larger Work + +You may create and distribute a Larger Work under terms of Your choice, +provided that You also comply with the requirements of this License for +the Covered Software. If the Larger Work is a combination of Covered +Software with a work governed by one or more Secondary Licenses, and the +Covered Software is not Incompatible With Secondary Licenses, this +License permits You to additionally distribute such Covered Software +under the terms of such Secondary License(s), so that the recipient of +the Larger Work may, at their option, further distribute the Covered +Software under the terms of either this License or such Secondary +License(s). + +3.4. Notices + +You may not remove or alter the substance of any license notices +(including copyright notices, patent notices, disclaimers of warranty, +or limitations of liability) contained within the Source Code Form of +the Covered Software, except that You may alter any license notices to +the extent required to remedy known factual inaccuracies. + +3.5. Application of Additional Terms + +You may choose to offer, and to charge a fee for, warranty, support, +indemnity or liability obligations to one or more recipients of Covered +Software. However, You may do so only on Your own behalf, and not on +behalf of any Contributor. You must make it absolutely clear that any +such warranty, support, indemnity, or liability obligation is offered by +You alone, and You hereby agree to indemnify every Contributor for any +liability incurred by such Contributor as a result of warranty, support, +indemnity or liability terms You offer. You may include additional +disclaimers of warranty and limitations of liability specific to any +jurisdiction. + +4. Inability to Comply Due to Statute or Regulation +--------------------------------------------------- + +If it is impossible for You to comply with any of the terms of this +License with respect to some or all of the Covered Software due to +statute, judicial order, or regulation then You must: (a) comply with +the terms of this License to the maximum extent possible; and (b) +describe the limitations and the code they affect. Such description must +be placed in a text file included with all distributions of the Covered +Software under this License. Except to the extent prohibited by statute +or regulation, such description must be sufficiently detailed for a +recipient of ordinary skill to be able to understand it. + +5. Termination +-------------- + +5.1. The rights granted under this License will terminate automatically +if You fail to comply with any of its terms. However, if You become +compliant, then the rights granted under this License from a particular +Contributor are reinstated (a) provisionally, unless and until such +Contributor explicitly and finally terminates Your grants, and (b) on an +ongoing basis, if such Contributor fails to notify You of the +non-compliance by some reasonable means prior to 60 days after You have +come back into compliance. Moreover, Your grants from a particular +Contributor are reinstated on an ongoing basis if such Contributor +notifies You of the non-compliance by some reasonable means, this is the +first time You have received notice of non-compliance with this License +from such Contributor, and You become compliant prior to 30 days after +Your receipt of the notice. + +5.2. If You initiate litigation against any entity by asserting a patent +infringement claim (excluding declaratory judgment actions, +counter-claims, and cross-claims) alleging that a Contributor Version +directly or indirectly infringes any patent, then the rights granted to +You by any and all Contributors for the Covered Software under Section +2.1 of this License shall terminate. + +5.3. In the event of termination under Sections 5.1 or 5.2 above, all +end user license agreements (excluding distributors and resellers) which +have been validly granted by You or Your distributors under this License +prior to termination shall survive termination. + +************************************************************************ +* * +* 6. Disclaimer of Warranty * +* ------------------------- * +* * +* Covered Software is provided under this License on an "as is" * +* basis, without warranty of any kind, either expressed, implied, or * +* statutory, including, without limitation, warranties that the * +* Covered Software is free of defects, merchantable, fit for a * +* particular purpose or non-infringing. The entire risk as to the * +* quality and performance of the Covered Software is with You. * +* Should any Covered Software prove defective in any respect, You * +* (not any Contributor) assume the cost of any necessary servicing, * +* repair, or correction. This disclaimer of warranty constitutes an * +* essential part of this License. No use of any Covered Software is * +* authorized under this License except under this disclaimer. * +* * +************************************************************************ + +************************************************************************ +* * +* 7. Limitation of Liability * +* -------------------------- * +* * +* Under no circumstances and under no legal theory, whether tort * +* (including negligence), contract, or otherwise, shall any * +* Contributor, or anyone who distributes Covered Software as * +* permitted above, be liable to You for any direct, indirect, * +* special, incidental, or consequential damages of any character * +* including, without limitation, damages for lost profits, loss of * +* goodwill, work stoppage, computer failure or malfunction, or any * +* and all other commercial damages or losses, even if such party * +* shall have been informed of the possibility of such damages. This * +* limitation of liability shall not apply to liability for death or * +* personal injury resulting from such party's negligence to the * +* extent applicable law prohibits such limitation. Some * +* jurisdictions do not allow the exclusion or limitation of * +* incidental or consequential damages, so this exclusion and * +* limitation may not apply to You. * +* * +************************************************************************ + +8. Litigation +------------- + +Any litigation relating to this License may be brought only in the +courts of a jurisdiction where the defendant maintains its principal +place of business and such litigation shall be governed by laws of that +jurisdiction, without reference to its conflict-of-law provisions. +Nothing in this Section shall prevent a party's ability to bring +cross-claims or counter-claims. + +9. Miscellaneous +---------------- + +This License represents the complete agreement concerning the subject +matter hereof. If any provision of this License is held to be +unenforceable, such provision shall be reformed only to the extent +necessary to make it enforceable. Any law or regulation which provides +that the language of a contract shall be construed against the drafter +shall not be used to construe this License against a Contributor. + +10. Versions of the License +--------------------------- + +10.1. New Versions + +Mozilla Foundation is the license steward. Except as provided in Section +10.3, no one other than the license steward has the right to modify or +publish new versions of this License. Each version will be given a +distinguishing version number. + +10.2. Effect of New Versions + +You may distribute the Covered Software under the terms of the version +of the License under which You originally received the Covered Software, +or under the terms of any subsequent version published by the license +steward. + +10.3. Modified Versions + +If you create software not governed by this License, and you want to +create a new license for such software, you may create and use a +modified version of this License if you rename the license and remove +any references to the name of the license steward (except to note that +such modified license differs from this License). + +10.4. Distributing Source Code Form that is Incompatible With Secondary +Licenses + +If You choose to distribute Source Code Form that is Incompatible With +Secondary Licenses under the terms of this version of the License, the +notice described in Exhibit B of this License must be attached. + +Exhibit A - Source Code Form License Notice +------------------------------------------- + + This Source Code Form is subject to the terms of the Mozilla Public + License, v. 2.0. If a copy of the MPL was not distributed with this + file, You can obtain one at http://mozilla.org/MPL/2.0/. + +If it is not possible or desirable to put the notice in a particular +file, then You may include the notice in a location (such as a LICENSE +file in a relevant directory) where a recipient would be likely to look +for such a notice. + +You may add additional accurate notices of copyright ownership. + +Exhibit B - "Incompatible With Secondary Licenses" Notice +--------------------------------------------------------- + + This Source Code Form is "Incompatible With Secondary Licenses", as + defined by the Mozilla Public License, v. 2.0. diff --git a/ansible/roles/dingo-command/templates/registry.terraform.io/hashicorp/cloudinit/2.3.7/linux_amd64/terraform-provider-cloudinit_v2.3.7_x5 b/ansible/roles/dingo-command/templates/registry.terraform.io/hashicorp/cloudinit/2.3.7/linux_amd64/terraform-provider-cloudinit_v2.3.7_x5 new file mode 100644 index 0000000000..8988c64200 Binary files /dev/null and b/ansible/roles/dingo-command/templates/registry.terraform.io/hashicorp/cloudinit/2.3.7/linux_amd64/terraform-provider-cloudinit_v2.3.7_x5 differ diff --git a/ansible/roles/dingo-command/templates/registry.terraform.io/hashicorp/null/3.2.4/linux_amd64/LICENSE.txt b/ansible/roles/dingo-command/templates/registry.terraform.io/hashicorp/null/3.2.4/linux_amd64/LICENSE.txt new file mode 100644 index 0000000000..b9ac071eb6 --- /dev/null +++ b/ansible/roles/dingo-command/templates/registry.terraform.io/hashicorp/null/3.2.4/linux_amd64/LICENSE.txt @@ -0,0 +1,375 @@ +Copyright (c) 2017 HashiCorp, Inc. + +Mozilla Public License Version 2.0 +================================== + +1. Definitions +-------------- + +1.1. "Contributor" + means each individual or legal entity that creates, contributes to + the creation of, or owns Covered Software. + +1.2. "Contributor Version" + means the combination of the Contributions of others (if any) used + by a Contributor and that particular Contributor's Contribution. + +1.3. "Contribution" + means Covered Software of a particular Contributor. + +1.4. "Covered Software" + means Source Code Form to which the initial Contributor has attached + the notice in Exhibit A, the Executable Form of such Source Code + Form, and Modifications of such Source Code Form, in each case + including portions thereof. + +1.5. "Incompatible With Secondary Licenses" + means + + (a) that the initial Contributor has attached the notice described + in Exhibit B to the Covered Software; or + + (b) that the Covered Software was made available under the terms of + version 1.1 or earlier of the License, but not also under the + terms of a Secondary License. + +1.6. "Executable Form" + means any form of the work other than Source Code Form. + +1.7. "Larger Work" + means a work that combines Covered Software with other material, in + a separate file or files, that is not Covered Software. + +1.8. "License" + means this document. + +1.9. "Licensable" + means having the right to grant, to the maximum extent possible, + whether at the time of the initial grant or subsequently, any and + all of the rights conveyed by this License. + +1.10. "Modifications" + means any of the following: + + (a) any file in Source Code Form that results from an addition to, + deletion from, or modification of the contents of Covered + Software; or + + (b) any new file in Source Code Form that contains any Covered + Software. + +1.11. "Patent Claims" of a Contributor + means any patent claim(s), including without limitation, method, + process, and apparatus claims, in any patent Licensable by such + Contributor that would be infringed, but for the grant of the + License, by the making, using, selling, offering for sale, having + made, import, or transfer of either its Contributions or its + Contributor Version. + +1.12. "Secondary License" + means either the GNU General Public License, Version 2.0, the GNU + Lesser General Public License, Version 2.1, the GNU Affero General + Public License, Version 3.0, or any later versions of those + licenses. + +1.13. "Source Code Form" + means the form of the work preferred for making modifications. + +1.14. "You" (or "Your") + means an individual or a legal entity exercising rights under this + License. For legal entities, "You" includes any entity that + controls, is controlled by, or is under common control with You. For + purposes of this definition, "control" means (a) the power, direct + or indirect, to cause the direction or management of such entity, + whether by contract or otherwise, or (b) ownership of more than + fifty percent (50%) of the outstanding shares or beneficial + ownership of such entity. + +2. License Grants and Conditions +-------------------------------- + +2.1. Grants + +Each Contributor hereby grants You a world-wide, royalty-free, +non-exclusive license: + +(a) under intellectual property rights (other than patent or trademark) + Licensable by such Contributor to use, reproduce, make available, + modify, display, perform, distribute, and otherwise exploit its + Contributions, either on an unmodified basis, with Modifications, or + as part of a Larger Work; and + +(b) under Patent Claims of such Contributor to make, use, sell, offer + for sale, have made, import, and otherwise transfer either its + Contributions or its Contributor Version. + +2.2. Effective Date + +The licenses granted in Section 2.1 with respect to any Contribution +become effective for each Contribution on the date the Contributor first +distributes such Contribution. + +2.3. Limitations on Grant Scope + +The licenses granted in this Section 2 are the only rights granted under +this License. No additional rights or licenses will be implied from the +distribution or licensing of Covered Software under this License. +Notwithstanding Section 2.1(b) above, no patent license is granted by a +Contributor: + +(a) for any code that a Contributor has removed from Covered Software; + or + +(b) for infringements caused by: (i) Your and any other third party's + modifications of Covered Software, or (ii) the combination of its + Contributions with other software (except as part of its Contributor + Version); or + +(c) under Patent Claims infringed by Covered Software in the absence of + its Contributions. + +This License does not grant any rights in the trademarks, service marks, +or logos of any Contributor (except as may be necessary to comply with +the notice requirements in Section 3.4). + +2.4. Subsequent Licenses + +No Contributor makes additional grants as a result of Your choice to +distribute the Covered Software under a subsequent version of this +License (see Section 10.2) or under the terms of a Secondary License (if +permitted under the terms of Section 3.3). + +2.5. Representation + +Each Contributor represents that the Contributor believes its +Contributions are its original creation(s) or it has sufficient rights +to grant the rights to its Contributions conveyed by this License. + +2.6. Fair Use + +This License is not intended to limit any rights You have under +applicable copyright doctrines of fair use, fair dealing, or other +equivalents. + +2.7. Conditions + +Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted +in Section 2.1. + +3. Responsibilities +------------------- + +3.1. Distribution of Source Form + +All distribution of Covered Software in Source Code Form, including any +Modifications that You create or to which You contribute, must be under +the terms of this License. You must inform recipients that the Source +Code Form of the Covered Software is governed by the terms of this +License, and how they can obtain a copy of this License. You may not +attempt to alter or restrict the recipients' rights in the Source Code +Form. + +3.2. Distribution of Executable Form + +If You distribute Covered Software in Executable Form then: + +(a) such Covered Software must also be made available in Source Code + Form, as described in Section 3.1, and You must inform recipients of + the Executable Form how they can obtain a copy of such Source Code + Form by reasonable means in a timely manner, at a charge no more + than the cost of distribution to the recipient; and + +(b) You may distribute such Executable Form under the terms of this + License, or sublicense it under different terms, provided that the + license for the Executable Form does not attempt to limit or alter + the recipients' rights in the Source Code Form under this License. + +3.3. Distribution of a Larger Work + +You may create and distribute a Larger Work under terms of Your choice, +provided that You also comply with the requirements of this License for +the Covered Software. If the Larger Work is a combination of Covered +Software with a work governed by one or more Secondary Licenses, and the +Covered Software is not Incompatible With Secondary Licenses, this +License permits You to additionally distribute such Covered Software +under the terms of such Secondary License(s), so that the recipient of +the Larger Work may, at their option, further distribute the Covered +Software under the terms of either this License or such Secondary +License(s). + +3.4. Notices + +You may not remove or alter the substance of any license notices +(including copyright notices, patent notices, disclaimers of warranty, +or limitations of liability) contained within the Source Code Form of +the Covered Software, except that You may alter any license notices to +the extent required to remedy known factual inaccuracies. + +3.5. Application of Additional Terms + +You may choose to offer, and to charge a fee for, warranty, support, +indemnity or liability obligations to one or more recipients of Covered +Software. However, You may do so only on Your own behalf, and not on +behalf of any Contributor. You must make it absolutely clear that any +such warranty, support, indemnity, or liability obligation is offered by +You alone, and You hereby agree to indemnify every Contributor for any +liability incurred by such Contributor as a result of warranty, support, +indemnity or liability terms You offer. You may include additional +disclaimers of warranty and limitations of liability specific to any +jurisdiction. + +4. Inability to Comply Due to Statute or Regulation +--------------------------------------------------- + +If it is impossible for You to comply with any of the terms of this +License with respect to some or all of the Covered Software due to +statute, judicial order, or regulation then You must: (a) comply with +the terms of this License to the maximum extent possible; and (b) +describe the limitations and the code they affect. Such description must +be placed in a text file included with all distributions of the Covered +Software under this License. Except to the extent prohibited by statute +or regulation, such description must be sufficiently detailed for a +recipient of ordinary skill to be able to understand it. + +5. Termination +-------------- + +5.1. The rights granted under this License will terminate automatically +if You fail to comply with any of its terms. However, if You become +compliant, then the rights granted under this License from a particular +Contributor are reinstated (a) provisionally, unless and until such +Contributor explicitly and finally terminates Your grants, and (b) on an +ongoing basis, if such Contributor fails to notify You of the +non-compliance by some reasonable means prior to 60 days after You have +come back into compliance. Moreover, Your grants from a particular +Contributor are reinstated on an ongoing basis if such Contributor +notifies You of the non-compliance by some reasonable means, this is the +first time You have received notice of non-compliance with this License +from such Contributor, and You become compliant prior to 30 days after +Your receipt of the notice. + +5.2. If You initiate litigation against any entity by asserting a patent +infringement claim (excluding declaratory judgment actions, +counter-claims, and cross-claims) alleging that a Contributor Version +directly or indirectly infringes any patent, then the rights granted to +You by any and all Contributors for the Covered Software under Section +2.1 of this License shall terminate. + +5.3. In the event of termination under Sections 5.1 or 5.2 above, all +end user license agreements (excluding distributors and resellers) which +have been validly granted by You or Your distributors under this License +prior to termination shall survive termination. + +************************************************************************ +* * +* 6. Disclaimer of Warranty * +* ------------------------- * +* * +* Covered Software is provided under this License on an "as is" * +* basis, without warranty of any kind, either expressed, implied, or * +* statutory, including, without limitation, warranties that the * +* Covered Software is free of defects, merchantable, fit for a * +* particular purpose or non-infringing. The entire risk as to the * +* quality and performance of the Covered Software is with You. * +* Should any Covered Software prove defective in any respect, You * +* (not any Contributor) assume the cost of any necessary servicing, * +* repair, or correction. This disclaimer of warranty constitutes an * +* essential part of this License. No use of any Covered Software is * +* authorized under this License except under this disclaimer. * +* * +************************************************************************ + +************************************************************************ +* * +* 7. Limitation of Liability * +* -------------------------- * +* * +* Under no circumstances and under no legal theory, whether tort * +* (including negligence), contract, or otherwise, shall any * +* Contributor, or anyone who distributes Covered Software as * +* permitted above, be liable to You for any direct, indirect, * +* special, incidental, or consequential damages of any character * +* including, without limitation, damages for lost profits, loss of * +* goodwill, work stoppage, computer failure or malfunction, or any * +* and all other commercial damages or losses, even if such party * +* shall have been informed of the possibility of such damages. This * +* limitation of liability shall not apply to liability for death or * +* personal injury resulting from such party's negligence to the * +* extent applicable law prohibits such limitation. Some * +* jurisdictions do not allow the exclusion or limitation of * +* incidental or consequential damages, so this exclusion and * +* limitation may not apply to You. * +* * +************************************************************************ + +8. Litigation +------------- + +Any litigation relating to this License may be brought only in the +courts of a jurisdiction where the defendant maintains its principal +place of business and such litigation shall be governed by laws of that +jurisdiction, without reference to its conflict-of-law provisions. +Nothing in this Section shall prevent a party's ability to bring +cross-claims or counter-claims. + +9. Miscellaneous +---------------- + +This License represents the complete agreement concerning the subject +matter hereof. If any provision of this License is held to be +unenforceable, such provision shall be reformed only to the extent +necessary to make it enforceable. Any law or regulation which provides +that the language of a contract shall be construed against the drafter +shall not be used to construe this License against a Contributor. + +10. Versions of the License +--------------------------- + +10.1. New Versions + +Mozilla Foundation is the license steward. Except as provided in Section +10.3, no one other than the license steward has the right to modify or +publish new versions of this License. Each version will be given a +distinguishing version number. + +10.2. Effect of New Versions + +You may distribute the Covered Software under the terms of the version +of the License under which You originally received the Covered Software, +or under the terms of any subsequent version published by the license +steward. + +10.3. Modified Versions + +If you create software not governed by this License, and you want to +create a new license for such software, you may create and use a +modified version of this License if you rename the license and remove +any references to the name of the license steward (except to note that +such modified license differs from this License). + +10.4. Distributing Source Code Form that is Incompatible With Secondary +Licenses + +If You choose to distribute Source Code Form that is Incompatible With +Secondary Licenses under the terms of this version of the License, the +notice described in Exhibit B of this License must be attached. + +Exhibit A - Source Code Form License Notice +------------------------------------------- + + This Source Code Form is subject to the terms of the Mozilla Public + License, v. 2.0. If a copy of the MPL was not distributed with this + file, You can obtain one at http://mozilla.org/MPL/2.0/. + +If it is not possible or desirable to put the notice in a particular +file, then You may include the notice in a location (such as a LICENSE +file in a relevant directory) where a recipient would be likely to look +for such a notice. + +You may add additional accurate notices of copyright ownership. + +Exhibit B - "Incompatible With Secondary Licenses" Notice +--------------------------------------------------------- + + This Source Code Form is "Incompatible With Secondary Licenses", as + defined by the Mozilla Public License, v. 2.0. diff --git a/ansible/roles/dingo-command/templates/registry.terraform.io/hashicorp/null/3.2.4/linux_amd64/terraform-provider-null_v3.2.4_x5 b/ansible/roles/dingo-command/templates/registry.terraform.io/hashicorp/null/3.2.4/linux_amd64/terraform-provider-null_v3.2.4_x5 new file mode 100644 index 0000000000..9328ecdff8 Binary files /dev/null and b/ansible/roles/dingo-command/templates/registry.terraform.io/hashicorp/null/3.2.4/linux_amd64/terraform-provider-null_v3.2.4_x5 differ diff --git a/ansible/roles/dingo-command/templates/registry.terraform.io/hashicorp/random/3.7.2/linux_amd64/LICENSE.txt b/ansible/roles/dingo-command/templates/registry.terraform.io/hashicorp/random/3.7.2/linux_amd64/LICENSE.txt new file mode 100644 index 0000000000..b9ac071eb6 --- /dev/null +++ b/ansible/roles/dingo-command/templates/registry.terraform.io/hashicorp/random/3.7.2/linux_amd64/LICENSE.txt @@ -0,0 +1,375 @@ +Copyright (c) 2017 HashiCorp, Inc. + +Mozilla Public License Version 2.0 +================================== + +1. Definitions +-------------- + +1.1. "Contributor" + means each individual or legal entity that creates, contributes to + the creation of, or owns Covered Software. + +1.2. "Contributor Version" + means the combination of the Contributions of others (if any) used + by a Contributor and that particular Contributor's Contribution. + +1.3. "Contribution" + means Covered Software of a particular Contributor. + +1.4. "Covered Software" + means Source Code Form to which the initial Contributor has attached + the notice in Exhibit A, the Executable Form of such Source Code + Form, and Modifications of such Source Code Form, in each case + including portions thereof. + +1.5. "Incompatible With Secondary Licenses" + means + + (a) that the initial Contributor has attached the notice described + in Exhibit B to the Covered Software; or + + (b) that the Covered Software was made available under the terms of + version 1.1 or earlier of the License, but not also under the + terms of a Secondary License. + +1.6. "Executable Form" + means any form of the work other than Source Code Form. + +1.7. "Larger Work" + means a work that combines Covered Software with other material, in + a separate file or files, that is not Covered Software. + +1.8. "License" + means this document. + +1.9. "Licensable" + means having the right to grant, to the maximum extent possible, + whether at the time of the initial grant or subsequently, any and + all of the rights conveyed by this License. + +1.10. "Modifications" + means any of the following: + + (a) any file in Source Code Form that results from an addition to, + deletion from, or modification of the contents of Covered + Software; or + + (b) any new file in Source Code Form that contains any Covered + Software. + +1.11. "Patent Claims" of a Contributor + means any patent claim(s), including without limitation, method, + process, and apparatus claims, in any patent Licensable by such + Contributor that would be infringed, but for the grant of the + License, by the making, using, selling, offering for sale, having + made, import, or transfer of either its Contributions or its + Contributor Version. + +1.12. "Secondary License" + means either the GNU General Public License, Version 2.0, the GNU + Lesser General Public License, Version 2.1, the GNU Affero General + Public License, Version 3.0, or any later versions of those + licenses. + +1.13. "Source Code Form" + means the form of the work preferred for making modifications. + +1.14. "You" (or "Your") + means an individual or a legal entity exercising rights under this + License. For legal entities, "You" includes any entity that + controls, is controlled by, or is under common control with You. For + purposes of this definition, "control" means (a) the power, direct + or indirect, to cause the direction or management of such entity, + whether by contract or otherwise, or (b) ownership of more than + fifty percent (50%) of the outstanding shares or beneficial + ownership of such entity. + +2. License Grants and Conditions +-------------------------------- + +2.1. Grants + +Each Contributor hereby grants You a world-wide, royalty-free, +non-exclusive license: + +(a) under intellectual property rights (other than patent or trademark) + Licensable by such Contributor to use, reproduce, make available, + modify, display, perform, distribute, and otherwise exploit its + Contributions, either on an unmodified basis, with Modifications, or + as part of a Larger Work; and + +(b) under Patent Claims of such Contributor to make, use, sell, offer + for sale, have made, import, and otherwise transfer either its + Contributions or its Contributor Version. + +2.2. Effective Date + +The licenses granted in Section 2.1 with respect to any Contribution +become effective for each Contribution on the date the Contributor first +distributes such Contribution. + +2.3. Limitations on Grant Scope + +The licenses granted in this Section 2 are the only rights granted under +this License. No additional rights or licenses will be implied from the +distribution or licensing of Covered Software under this License. +Notwithstanding Section 2.1(b) above, no patent license is granted by a +Contributor: + +(a) for any code that a Contributor has removed from Covered Software; + or + +(b) for infringements caused by: (i) Your and any other third party's + modifications of Covered Software, or (ii) the combination of its + Contributions with other software (except as part of its Contributor + Version); or + +(c) under Patent Claims infringed by Covered Software in the absence of + its Contributions. + +This License does not grant any rights in the trademarks, service marks, +or logos of any Contributor (except as may be necessary to comply with +the notice requirements in Section 3.4). + +2.4. Subsequent Licenses + +No Contributor makes additional grants as a result of Your choice to +distribute the Covered Software under a subsequent version of this +License (see Section 10.2) or under the terms of a Secondary License (if +permitted under the terms of Section 3.3). + +2.5. Representation + +Each Contributor represents that the Contributor believes its +Contributions are its original creation(s) or it has sufficient rights +to grant the rights to its Contributions conveyed by this License. + +2.6. Fair Use + +This License is not intended to limit any rights You have under +applicable copyright doctrines of fair use, fair dealing, or other +equivalents. + +2.7. Conditions + +Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted +in Section 2.1. + +3. Responsibilities +------------------- + +3.1. Distribution of Source Form + +All distribution of Covered Software in Source Code Form, including any +Modifications that You create or to which You contribute, must be under +the terms of this License. You must inform recipients that the Source +Code Form of the Covered Software is governed by the terms of this +License, and how they can obtain a copy of this License. You may not +attempt to alter or restrict the recipients' rights in the Source Code +Form. + +3.2. Distribution of Executable Form + +If You distribute Covered Software in Executable Form then: + +(a) such Covered Software must also be made available in Source Code + Form, as described in Section 3.1, and You must inform recipients of + the Executable Form how they can obtain a copy of such Source Code + Form by reasonable means in a timely manner, at a charge no more + than the cost of distribution to the recipient; and + +(b) You may distribute such Executable Form under the terms of this + License, or sublicense it under different terms, provided that the + license for the Executable Form does not attempt to limit or alter + the recipients' rights in the Source Code Form under this License. + +3.3. Distribution of a Larger Work + +You may create and distribute a Larger Work under terms of Your choice, +provided that You also comply with the requirements of this License for +the Covered Software. If the Larger Work is a combination of Covered +Software with a work governed by one or more Secondary Licenses, and the +Covered Software is not Incompatible With Secondary Licenses, this +License permits You to additionally distribute such Covered Software +under the terms of such Secondary License(s), so that the recipient of +the Larger Work may, at their option, further distribute the Covered +Software under the terms of either this License or such Secondary +License(s). + +3.4. Notices + +You may not remove or alter the substance of any license notices +(including copyright notices, patent notices, disclaimers of warranty, +or limitations of liability) contained within the Source Code Form of +the Covered Software, except that You may alter any license notices to +the extent required to remedy known factual inaccuracies. + +3.5. Application of Additional Terms + +You may choose to offer, and to charge a fee for, warranty, support, +indemnity or liability obligations to one or more recipients of Covered +Software. However, You may do so only on Your own behalf, and not on +behalf of any Contributor. You must make it absolutely clear that any +such warranty, support, indemnity, or liability obligation is offered by +You alone, and You hereby agree to indemnify every Contributor for any +liability incurred by such Contributor as a result of warranty, support, +indemnity or liability terms You offer. You may include additional +disclaimers of warranty and limitations of liability specific to any +jurisdiction. + +4. Inability to Comply Due to Statute or Regulation +--------------------------------------------------- + +If it is impossible for You to comply with any of the terms of this +License with respect to some or all of the Covered Software due to +statute, judicial order, or regulation then You must: (a) comply with +the terms of this License to the maximum extent possible; and (b) +describe the limitations and the code they affect. Such description must +be placed in a text file included with all distributions of the Covered +Software under this License. Except to the extent prohibited by statute +or regulation, such description must be sufficiently detailed for a +recipient of ordinary skill to be able to understand it. + +5. Termination +-------------- + +5.1. The rights granted under this License will terminate automatically +if You fail to comply with any of its terms. However, if You become +compliant, then the rights granted under this License from a particular +Contributor are reinstated (a) provisionally, unless and until such +Contributor explicitly and finally terminates Your grants, and (b) on an +ongoing basis, if such Contributor fails to notify You of the +non-compliance by some reasonable means prior to 60 days after You have +come back into compliance. Moreover, Your grants from a particular +Contributor are reinstated on an ongoing basis if such Contributor +notifies You of the non-compliance by some reasonable means, this is the +first time You have received notice of non-compliance with this License +from such Contributor, and You become compliant prior to 30 days after +Your receipt of the notice. + +5.2. If You initiate litigation against any entity by asserting a patent +infringement claim (excluding declaratory judgment actions, +counter-claims, and cross-claims) alleging that a Contributor Version +directly or indirectly infringes any patent, then the rights granted to +You by any and all Contributors for the Covered Software under Section +2.1 of this License shall terminate. + +5.3. In the event of termination under Sections 5.1 or 5.2 above, all +end user license agreements (excluding distributors and resellers) which +have been validly granted by You or Your distributors under this License +prior to termination shall survive termination. + +************************************************************************ +* * +* 6. Disclaimer of Warranty * +* ------------------------- * +* * +* Covered Software is provided under this License on an "as is" * +* basis, without warranty of any kind, either expressed, implied, or * +* statutory, including, without limitation, warranties that the * +* Covered Software is free of defects, merchantable, fit for a * +* particular purpose or non-infringing. The entire risk as to the * +* quality and performance of the Covered Software is with You. * +* Should any Covered Software prove defective in any respect, You * +* (not any Contributor) assume the cost of any necessary servicing, * +* repair, or correction. This disclaimer of warranty constitutes an * +* essential part of this License. No use of any Covered Software is * +* authorized under this License except under this disclaimer. * +* * +************************************************************************ + +************************************************************************ +* * +* 7. Limitation of Liability * +* -------------------------- * +* * +* Under no circumstances and under no legal theory, whether tort * +* (including negligence), contract, or otherwise, shall any * +* Contributor, or anyone who distributes Covered Software as * +* permitted above, be liable to You for any direct, indirect, * +* special, incidental, or consequential damages of any character * +* including, without limitation, damages for lost profits, loss of * +* goodwill, work stoppage, computer failure or malfunction, or any * +* and all other commercial damages or losses, even if such party * +* shall have been informed of the possibility of such damages. This * +* limitation of liability shall not apply to liability for death or * +* personal injury resulting from such party's negligence to the * +* extent applicable law prohibits such limitation. Some * +* jurisdictions do not allow the exclusion or limitation of * +* incidental or consequential damages, so this exclusion and * +* limitation may not apply to You. * +* * +************************************************************************ + +8. Litigation +------------- + +Any litigation relating to this License may be brought only in the +courts of a jurisdiction where the defendant maintains its principal +place of business and such litigation shall be governed by laws of that +jurisdiction, without reference to its conflict-of-law provisions. +Nothing in this Section shall prevent a party's ability to bring +cross-claims or counter-claims. + +9. Miscellaneous +---------------- + +This License represents the complete agreement concerning the subject +matter hereof. If any provision of this License is held to be +unenforceable, such provision shall be reformed only to the extent +necessary to make it enforceable. Any law or regulation which provides +that the language of a contract shall be construed against the drafter +shall not be used to construe this License against a Contributor. + +10. Versions of the License +--------------------------- + +10.1. New Versions + +Mozilla Foundation is the license steward. Except as provided in Section +10.3, no one other than the license steward has the right to modify or +publish new versions of this License. Each version will be given a +distinguishing version number. + +10.2. Effect of New Versions + +You may distribute the Covered Software under the terms of the version +of the License under which You originally received the Covered Software, +or under the terms of any subsequent version published by the license +steward. + +10.3. Modified Versions + +If you create software not governed by this License, and you want to +create a new license for such software, you may create and use a +modified version of this License if you rename the license and remove +any references to the name of the license steward (except to note that +such modified license differs from this License). + +10.4. Distributing Source Code Form that is Incompatible With Secondary +Licenses + +If You choose to distribute Source Code Form that is Incompatible With +Secondary Licenses under the terms of this version of the License, the +notice described in Exhibit B of this License must be attached. + +Exhibit A - Source Code Form License Notice +------------------------------------------- + + This Source Code Form is subject to the terms of the Mozilla Public + License, v. 2.0. If a copy of the MPL was not distributed with this + file, You can obtain one at http://mozilla.org/MPL/2.0/. + +If it is not possible or desirable to put the notice in a particular +file, then You may include the notice in a location (such as a LICENSE +file in a relevant directory) where a recipient would be likely to look +for such a notice. + +You may add additional accurate notices of copyright ownership. + +Exhibit B - "Incompatible With Secondary Licenses" Notice +--------------------------------------------------------- + + This Source Code Form is "Incompatible With Secondary Licenses", as + defined by the Mozilla Public License, v. 2.0. diff --git a/ansible/roles/dingo-command/templates/registry.terraform.io/hashicorp/random/3.7.2/linux_amd64/terraform-provider-random_v3.7.2_x5 b/ansible/roles/dingo-command/templates/registry.terraform.io/hashicorp/random/3.7.2/linux_amd64/terraform-provider-random_v3.7.2_x5 new file mode 100644 index 0000000000..3fc6b59e43 Binary files /dev/null and b/ansible/roles/dingo-command/templates/registry.terraform.io/hashicorp/random/3.7.2/linux_amd64/terraform-provider-random_v3.7.2_x5 differ diff --git a/ansible/roles/dingo-command/templates/registry.terraform.io/terraform-provider-openstack/openstack/1.54.1/linux_amd64/CHANGELOG.md b/ansible/roles/dingo-command/templates/registry.terraform.io/terraform-provider-openstack/openstack/1.54.1/linux_amd64/CHANGELOG.md new file mode 100644 index 0000000000..60aa6a69e0 --- /dev/null +++ b/ansible/roles/dingo-command/templates/registry.terraform.io/terraform-provider-openstack/openstack/1.54.1/linux_amd64/CHANGELOG.md @@ -0,0 +1,1293 @@ +## 1.54.1 (31 January, 2024) + +NOTES + +* Clarify provider deprecation message for option `use_octavia`. Add info on how various users will be affected ([#1665](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1665)). + +## 1.54.0 ( 29 January, 2024) + +NOTES + +* **Support for neutron-lbaas will be removed on next major release.** Only `octavia` will be supported. Related resources and data-sources marked with a deprecation notice([#1640](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1640)). +* Added deprecation notice for `multiattach` on `openstack_blockstorage_volume_v3` ([#1629](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1629)). Support for it **will be removed on next major release**. +* Added deprecation notice for various nova resources. Support for them will **not** be removed, but users are notified to use the new resources instead ([#1639](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1639)). + + +IMPROVEMENTS + +* Updated Terraform SDK to `v2.30.0` ([#1631](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1631)) +* Updated Gophercloud to `v1.8.0` ([#1631](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1631)) +* Updated docs of `openstack_networking_port_v2` to note ip allocation depedency with subnet ([#1622](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1622)) +* Updated docs of `openstack_networking_secgroup_rule_v2` for port-range exception ([#1632](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1632)) +* Added extra validations on `openstack_lb_pool_v2` ([#1628](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1628)) +* Added attachment information on `data_source_blockstorage_volume_v3` ([#1624](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1624)) +* Added `backup_id` to `openstack_blockstorage_volume_v3` ([#1641](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1641)) + + +BUG FIXES + +## 1.53.0 ( 26 October, 2023) + +NOTES + +* Marked various resources as deprecated and added a deprecation warning for the user ([#1591](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1591)) + +IMPROVEMENTS + +* Added `project_id` argument to the `openstack_fw_rule_v2` data source ([#1594](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1594)) +* Added `project_id` argument to the `openstack_fw_rule_v2` resource ([#1594](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1594)) +* Added `project_id` argument to the `openstack_fw_policy_v2` data source ([#1594](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1594)) +* Added `project_id` argument to the `openstack_fw_policy_v2` resource ([#1594](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1594)) +* Updated `openstack_compute_instance_v2` to use Glance client instead of deprecated Nova client for images ([#1615](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1615)) + + +BUG FIXES + +* Fixed `segmentation_id` on `openstack_networking_network_v2` to allow neutron to dynamically set it ([#1600](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1600)) +* Fixed an issue to allow `cluster_template_id` on `openstack_containerinfra_cluster_v1` to be updated without triggering a new cluster creation ([#1598](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1598)) + +## 1.52.1 (29 June, 2023) + +NOTES + +* Moved the documentation of various ressources to the deprecation subcategory ([#1590](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1590)) +* Updated docs location ([#1590](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1590)) +* Added subcategories for VPNaaS and FWaaS documentation ([#1590](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1590)) + +## 1.52.0 (29 June, 2023) + +NOTES + +* Documentation has been updated with sub-categories for easier browsing ([#1540](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1540)) +* `[]` stripping for IPv6 addresses was removed from `openstack_dns_recordset_v2` resource ([#1581](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1581)) + +IMPROVEMENTS + +* Added a new `openstack_fw_rule_v2` resource and data source ([#1577](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1577)) +* Added a new `openstack_fw_policy_v2` resource and data source ([#1584](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1584)) +* Added a new `openstack_fw_group_v2` resource and data source ([#1588](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1588) [#1589](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1589)) +* Added a new `openstack_identity_inherit_role_assignment_v3` resource ([#1567](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1567)) +* Added validators to the `openstack_vpnaas_ipsec_policy_v2` resource ([#1558](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1558)) +* Added `user_id` argument to the `openstack_compute_keypair_v2` data source ([#1554](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1554)) +* Added `project_id` argument to the `openstack_identity_project_v3` data source ([#1559](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1559)) +* The `private_key` attribute in the `openstack_compute_keypair_v2` resource is now marked as sensitive ([#1548](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1548)) +* The `openstack_dns_recordset_v2` resource now refreshes record values and ignores record order for individual record values within the same resource ([#1581](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1581)) +* The `openstack_sharedfilesystem_share_access_v2` resource now prefers to use the GET method for share access rules retriving ([#1583](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1583)) +* Added `multiattach` argument to the `openstack_compute_instance_v2` resource ([#1542](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1542)) +* Added `xz` decompression support to the `openstack_images_image_v2` resource ([#1579](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1579)) + +BUG FIXES + +* Force new `openstack_containerinfra_nodegroup_v1` resource when `cluster_id` changes ([#1551](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1551)) +* Fixed `openstack_objectstorage_container_v1` resource to not fail when container/objest doesn't exist ([#1535](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1535)) +* Fixed a bug in the `openstack_images_image_v2` resource where simultaneous image downloads could cause a broken resulting image in the cache ([#1579](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1579)) + +## 1.51.1 (21 March, 2023) + +NOTES + +* Added more details about the Swift requirements for a new `openstack_objectstorage_container_v1` `versioning` argument in the documentation ([#1526](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1526)) + +BUG FIXES + +* Fixed incorrect microversion setting and response handling for the Nova server groups API in the `openstack_compute_servergroup_v2` resource ([#1524](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1524)) +* Fixed unexpected resource recreation of `openstack_images_image_v2` for existing resources after upgrading the terraform provider version ([#1525](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1525)) + +## 1.51.0 (15 March, 2023) + +NOTES + +* The `openstack_compute_instance_v2` resource has been updated to use the Cinder V3 API by default instead of the V2 API in resource import logic ([#1514](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1514)) + +IMPROVEMENTS + +* Added support for updating the `segments` argument to the `openstack_networking_network_v2` resource ([#1508](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1508)) +* Added the `segments` attribute to the `openstack_networking_network_v2` data source ([#1508](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1508)) +* Added the `force_destroy` argument to the `openstack_networking_router_interface_v2` resource ([#1512](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1512)) +* Added the `set_token_id` argument and `token_id` attribute to the `openstack_identity_auth_scope_v3` data source ([#1515](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1515)) +* Added the `rules` argument to the `openstack_compute_servergroup_v2` resource ([#1382](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1382)) +* Added the `tags` argument to the `openstack_lb_listener_v2` resource ([#1438](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1438)) + +BUG FIXES + +* Fixed a template type assertion panic in the `openstack_orchestration_stack_v1` resource ([#1509](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1509)) +* Fixed a bug in the `openstack_keymanager_secret_v1` resource and data source that prevented binary data from being retrieved ([#1505](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1505)) +* Fixed the `segments` argument import in the `openstack_networking_network_v2` resource ([#1508](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1508)) + +## 1.50.0 (1 March, 2023) + +NOTES + +* `objectstorage_container_v1` resource has been updated to support the new versioning. The `versioning` argument is now `Boolean` while the legacy versioning can be enabled via `versioning_legacy` which follows the old schema and is deprecated. State will be updated automatically but users need to update their resource definition ([#1498](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1498)) + +FEATURES + +* Updated Go to `1.20` ([#1488](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1488)) +* Updated Golangci-lint to `v1.51.2` ([#1488](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1488)) +* Updated Terraform SDK to `v2.25.0` ([#1490](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1490)) + +IMPROVEMENTS + +* Added `PROMETHEUS` protocol to `openstack_lb_listener_v2` resource ([#1494](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1494)) +* Added `decompress` argument to `images_image_v2` resource ([#1482](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1482)) +* Added `name_regex` argument to `openstack_images_image_v2` data source ([#1469](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1469)) +* Added ability to provide a list of tags into `openstack_images_image_v2`, `openstack_images_image_ids_v2` data sources ([#1462](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1462)), ([#1468](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1468)) +* Added `name_regex` attribute to `openstack_images_image_v2` data source ([#1469](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1469)) +* Added `hidden` attribute to `containerinfra_clustertemplate_v1` data source ([#1472](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1472)) + +BUG FIXES + +* Fixed `containerinfra_clustertemplate_v1` labels update ([#1455](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1455)) + +## 1.49.0 (26 October, 2022) + +FEATURES + +* Updated `Gophercloud` to `1.0.0` ([#1441](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1441)) + +IMPROVEMENTS + +* Added `service_types` argument to `networking_subnet_v2` resource ([#1445](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1445)) +* Added `service_types` argument to `networking_subnet_v2` data source ([#1445](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1445)) +* Added `description` argument to `compute_flavor_v2` resource ([#1441](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1441)) +* Added `created` and `updated` attribute to compute_instance_v2 resource ([#1423](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1423)) +* Added `created` and `updated` attribute to compute_instance_v2 data source ([#1423](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1423)) +* Update docs for `containerinfra_nodegroup_v1` ([#1426](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1426) and [#1436](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1436)) + +BUG FIXES + +* Fixed setting `docker_volume_size` on `containerinfra_nodegroup_v1` ([#1437](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1437)) +* Fixed update for `node_count` on `containerinfra_cluster_v1` ([#1431](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1431)) +* Fixed `min_node_count` and `max_node_count` on `containerinfra_nodegroup_v1` ([#1431](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1431)) +* Fixed `merge_labels` on `containerinfra_cluster_v1` ([#1435](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1435)) +* Fixed `configuration/value` type mismatch on `db_configuration_v1` ([#1440](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1440)) + +## 1.48.0 (31 July, 2022) + +FEATURES + +* __New Resource__: `containerinfra_nodegroup_v1` ([#1364](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1364)) +* __New Data Source__: `containerinfra_nodegroup_v1` ([#1364](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1364)) +* __New Data Source__: `openstack_compute_limits_v2` ([#1418](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1418)) + +IMPROVEMENTS + +* Added `user_id` argument to `compute_keypair_v2` resource ([#1349](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1349)) +* Added rebuild support for `compute_instance_v2` resource so `image_id`, `image_name` and `personality` won't create a new resource anymore ([#1368](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1368)) +* Added `monitor_port` and `monitor_address` to `lb_members_v2` ([#1363](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1363)) +* Added `monitor_port` and `monitor_address` to `lb_member_v2` ([#1390](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1390)) +* Added ability to import `openstack_networking_port_secgroup_associate_v2` ([#1415](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1415)) +* Added `storage_policy` to `objectstorage_container_v1` ([#1416](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1416)) + +BUG FIXES + +* Fixed panic on ignored error from `net.ParseCIDR(cidr)` ([#1377](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1377)) +* Fixed required `region` attribute on `networking_quota_v2` datasource ([#1374](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1374)) +* Fixed not setting `properties` on `images_image_v2` datasource ([#1370](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1370)) +* Fixed handling of missing flavors in `openstack_compute_instance_v2` ([#1362](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1362)) + +## 1.47.0 (7 February, 2022) + +IMPROVEMENTS + +* Added `host` attribute to `blockstorage_volume_v3` datasource ([#1291](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1291)) +* Added possibility to update `protected`, `min_disk_gb`, `min_ram_mb` arguments of `image_v2` resource ([#1341](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1341)) +* Added `enable_logging` flag into provider configuration that sets the same behaviour as `OS_DEBUG` env variable ([#1246](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1246)) +* Added `dpd` examples and tests to `vpnaas_site_connection_v2` resource ([#1344](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1344)) + +BUG FIXES + +* Fixed `lb_members_v2` documentation ([#1340](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1340)) +* Added missing environent variables from documentation ([#1348](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1348)) +* Fixed `PROXYV2` protocol validation in `lb_pool_v2` resource ([#1346](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1346)) +* Fixed provider panics on `containerinfra_cluster_v1` resource ([#1308](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1308)) + +## 1.46.0 (18 December, 2021) + +FEATURES + +* __New Resource__: `blockstorage_qos_v3` ([#1325](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1325)) +* __New Resource__: `blockstorage_qos_association_v3` ([#1331](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1331)) +* __New Data Source__: `blockstorage_quotaset_v3` ([#1319](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1319)) +* __New Data Source__: `networking_quota_v2` ([#1318](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1318)) + +IMPROVEMENTS + +* Added `region` argument to `compute_aggregate_v2` resource ([#1276](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1276)) +* Fixed default `0` value in skipped arguments of `networking_quota_v2` resource ([#1316](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1316)) +* Added `tags` to `lb_loadbalancer_v2` resource ([#1301](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1301)) +* Use Otavia API for `lb_loadbalancer_v2` resource by default ([#1326](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1326)) +* Updated `images_image_v2` resource to not recreate image `on min_disk_gb`, `min_ram_mb`, `protected` attributes changes ([#1299](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1299)) +* Updated `gophercloud` to `v0.23.0` ([#1315](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1315)) +* Updated `terraform-plugin-sdk` to `v2.10.0` ([#1333](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1333)) + +## 1.45.0 (4 November, 2021) + +FEATURES + +* __New Data Source__: `openstack_compute_quotaset_v2` ([#1302](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1302)) + +IMPROVEMENTS + +* Added retries reading `dns_zone_v2` and `compute_instance_v2` state after creation in case of 502, 504 HTTP errors ([#1303](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1303)) + +BUG FIXES + +* Improved removal of `networking_router_interface_v2` resource so it will delete only needed port on a router ([#1297](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1297)) +* Flagged `url` attribute of `objectstorage_tempurl_v1` resource as sensitive ([#1305](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1305)) +* Fixed not specified quota values are being set to 0 in `compute_quotaset_v2` resource ([#1304](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1304)) + +## 1.44.0 (2 October, 2021) + +NOTES + +* This release updates major version of `terraform-plugin-sdk` from `v1` to `v2` and that caused lots of changes in the code. If you experiencing new bugs after updating the provider please create an issue with a description of how to reproduce them. + +FEATURES + +* Updated `terraform-plugin-sdk` to `v2.7.1` ([#1139](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1139)) +* Updated Go to `1.17` ([#1295](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1295)) + +## 1.43.1 (21 September, 2021) + +BUG FIXES + +* Fixed panics when a token doesn't have a project scope ([#1282](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1282)) + +## 1.43.0 (16 July, 2021) + +FEATURES + +* __New Resource__: `dns_transfer_request_v2` ([#1268](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1268)) +* __New Resource__: `dns_transfer_accept_v2` ([#1268](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1268)) + +IMPROVEMENTS + +* Added `SCTP`, `PROXYV2` protocols for `lb_pool_v2` resource ([#1251](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1251)) +* Added `project_id` argument for `dns_recordset_v2` resource ([#1254](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1254)) +* Added support for `shelved_offloaded` power state of `compute_instance_v2` resource ([#1259](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1259)) +* Added `cidr` argument input check for `networking_subnet_v2` resource ([#1267](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1267)) +* Removed Octavia microversions and added explanation about minor version usage ([#1249](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1249)) +* Fixed `endpoints` argument for `vpnaas_endpoint_group_v2` resource in that way so endpoints order is not relevant anymore ([#1247](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1247)) +* Added `addresses` argument for `db_instance_v1` resource ([#1260](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1260)) +* Better formatted documentation for some resources and data sources ([#1252](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1252)), ([#1255](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1255)), ([#1256](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1256)) +* Updated issues links so they point to the right repo ([#1272](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1272)) + +BUG FIXES + +* Fixed `nil` panic in `compute_instance_v2` resource that could be caught while trying to unassign a server group from an instance ([#1248](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1248)) + +## 1.42.0 (12 May, 2021) + +IMPROVEMENTS + +* Added `SCTP` protocol support for `lb_listener_v2` resource, note that will work only in Octavia ([#1236](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1236)) +* Added support for `HEALTHY` status of `db_instance_v1` resource ([#1241](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1241)) +* Added `address_group` as `object_type` for `networking_rbac_policy_v2` resource ([#1243](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1243)) +* * Updated `terraform-plugin-sdk` to `v1.17.2` ([#1244](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1244)) + +## 1.41.0 (23 April, 2021) + +FEATURES + +* __New Resource__: `blockstorage_volume_type_access_v3` ([#1223](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1223)) + +IMPROVEMENTS + +* Added `disable_status_check` argument for `dns_recordset_v2` resource ([#1221](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1221)) +* Added `availability_zone` argument for `lb_loadbalancer_v2` resource ([#1225](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1225)) +* Added `backup` argument for `lb_members_v2` resource ([#1227](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1227)) + +## 1.40.0 (23 March, 2021) + +FEATURES + +* __New Resource__: `networking_portforwarding_v2` ([#940](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/940)) +* __New Resource__: `blockstorage_volume_type_v3` ([#1204](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1204)) + +IMPROVEMENTS + +* Go version is updated to `1.16` and we're providing `darwin/arm64` binaries starting from this release ([#1206](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1206)) + +BUG FIXES + +* Fixed Bad request API error while updating `images_image_v2` resource because old OpenStack released don't have `hidden` argument ([#1209](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1209)) +* Fixed Bad request API error while updating `blockstorage_quotaset_v2`, `blockstorage_quotaset_v3` ([#1200](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1200)) + +## 1.39.0 (6 March, 2021) + +IMPROVEMENTS + +* Added ability to manage `blockstorage_quotaset_v2` for the same project across several regions with a single resource ([#1182](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1182)) +* Added ability to manage `blockstorage_quotaset_v3` for the same project across several regions with a single resource ([#1183](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1183)) +* Added ability to manage `openstack_compute_quotaset_v2` for the same project across several regions with a single resource ([#1181](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1181)) +* Added `volume_type_quota` argument for `blockstorage_quotaset_v2` resource ([#1187](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1187)) +* Added `volume_type_quota` argument for `blockstorage_quotaset_v3` resource ([#1185](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1185)) +* Added `hidden` argument for `openstack_images_image_v2` resource and datasource ([#1186](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1186)) + +BUG FIXES + +* Fixed error updating `networking_quota_v2` when it was created with the version older than `1.38.0` ([#1180](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1180)) + +## 1.38.0 (February 24, 2021) + +FEATURES + +* __New Resource__: `openstack_lb_quota_v2` ([#1169](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1169)) + +IMPROVEMENTS + +* Updated gophercloud/utils, which now recognizes `clouds.yml` in addition to `clouds.yaml` and correctly applies per-region value overrides ([#1172](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1172)) +* Added `vip_port_id` for `lb_loadbalancer_v2` resource. It can be used only with Octavia ([#1164](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1164)) +* Added `service_catalog` attribute for `identity_auth_scope_v3` data source ([#1167](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1167)) +* Set `2.15` microversion for any type of `server_group_v2` policy except `affinity` and `anti-affinity` since they don't need any microversion ([#1141](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1141)) +* Add a note about using names in `security_groups` in `compute_instance_v2` resource in docs ([#1178](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1178)) +* Added ability to manage `networking_quota_v2` for the same project across several regions with a single resource ([#1177](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1177)) + +## 1.37.0 (February 8, 2021) + +IMPROVEMENTS + +* Added `image_source_username`, `image_source_password` arguments to `images_image_v2` resource ([#1157](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1157)) +* Updated `networking_floatingip_v2` resource to retry subnets on floating IP creation, when a subnet is exhausted ([#1163](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1163)) +* Updated security notices for sensitive arguments and attributes in documentation ([#1161](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1161)) + +BUG FIXES + +* Fixed multiple `networking_router_v2` resource creation while using `external_subnet_ids` argument ([#1163](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1163)) + +## 1.36.0 (February 2, 2021) + +NOTES + +* The `dhcp_disabled` argument in `networking_subnet_v2` data source is deprecated. Use the `dhcp_enabled = false` argument value instead. ([#1153](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1153)) +* The `max_retries` provider parameter now honors the `429` code and uses the `Retry-After` header to extend the retry function ([#1159](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1159)) + +FEATURES + +* __New Resource__: `openstack_identity_user_membership_v3` ([#1149](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1149)) +* __New Data Source__: `openstack_networking_subnet_ids_v2` ([#1153](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1153)) + +IMPROVEMENTS + +* Updated `zone` argument to be `Optional` instead of `Required` in `compute_aggregate_v2` resource ([#1133](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1133)) +* Updated local provider block in docs ([#1135](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1135)) +* Updated Go version to `1.15` ([#1137](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1137)) +* Updated `networking_router_v2` resource to retry external subnets on router creation, when a subnet is exhausted ([#1151](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1151)) +* Added `subnets` attribute to `networking_network_v2` data source ([#1152](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1152)) +* Extended `max_retries` provider parameter to use the `Retry-After` header ([#1159](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1159)) + +BUG FIXES + +* Fixed copying `sync.Locker` by updating `gophercloud/utils` with the fix ([#1144](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1144)) +* Fixed recreation of `lb_loadbalancer_v2` resource if `flavor_id` haven't been specified ([#1147](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1147)) +* Fixed `networking_port_v2` resource update if `binding.profile` is not set ([#1154](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1154)) + +## 1.35.0 (January 15, 2021) + +FEATURES + +* __New Resource__: `openstack_compute_aggregate_v2` ([#1121](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1121)) +* __New Data Source__: `openstack_compute_aggregate_v2` ([#1121](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1121)) +* __New Data Source__: `openstack_compute_hypervisor_v2` ([#1126](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1126)) + +IMPROVEMENTS + +* Added valid handling of the read-only `stores` property of the `images_image_v2` resource ([#1124](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1124)) +* Added `image_id` argument for the `images_image_v2` resource ([#1125](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1125)) +* Added `vendor_options.ignore_volume_confirmation` argument for the `compute_volume_attach_v2` resource to control whether to ignore volume status confirmation of the attached volume. ([#1127](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1127)) +* Updated Gophercloud to `1.15.0` with utils package that now uses `imageservice` instead of `compute` to resolve image IDs ([#1128](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1128)) + +## 1.34.1 (December 21, 2020) + +BUG FIXES + +* Fixed an issue when empty a `flavor_id` argument in `compute_flavor_v2` resource could create plan changes ([#1120](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1120)) + +## 1.34.0 (December 20, 2020) + +IMPROVEMENTS + +* Added `flavor_id` to `compute_flavor_v2` resource creation options ([#1107](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1107)) +* Updated `compute_flavor_v2` resource docs with `ephemeral` argument ([#1113](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1113)) +* Updated `compute_instance_v2` resource docs with `guest_format` argument and added example with `swap` ([#1113](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1113)) +* Added volume status check in `compute_volume_attach_v2` resource create function ([#1106](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1106)) +* Added `disable_status_check` argument for `dns_zone_v2` resource ([#1114](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1114)) +* Removed mention of `floating_ip` argument in `compute_instance_v2` from the documentation of `compute_floatingip_associate_v2` resource ([#1117](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1117)) + +BUG FIXES + +* Fixed an issue when updating a `networking_router_v2` resource deleted extra routes on the router by upgrading Gophercloud to `1.14.0` ([#1109](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1109)) +* Fixed an issue when changing `domain_id`, `is_domain` or `parent_id` arguments of `identity_project_v3` resource caused errors ([#1101](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1101)) +* Fixed an issue when `fixed_ip` wasn't updated on read of `compute_interface_attach_v2` resource ([#1118](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1118)) + +## 1.33.0 (November 11, 2020) + +IMPROVEMENTS + +* Add `address_scope`, `security_group` and `subnetpool` RBAC types to `networking_rbac_policy_v2.go` resource ([#1086](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1086)) +* Add `project_id` for `dns_zone_v2` resource, `project_id`, `all_projects` arguments for `dns_zone_v2` datasource, allow importing resource by `:` value ([#1087](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1087)) +* Add `different_cell` scheduler hint for `compute_instance_v2` resource ([#1070](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1070)) +* Update and cleanup `blockstorage_quotaset_v2`, `blockstorage_quotaset_v3`, `compute_quotaset_v2`, `networking_quota_v2` resource docs ([#1095](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1095)), ([#1096](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1096)) +* Updated `terraform-plugin-sdk` to `v1.16.0` ([#1092](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1092)) + +BUG FIXES + +* Fixed an issue when `binding.host_id` was set to `null` in case of using any other `binding` parameters in `networking_port_v2` resource ([#1084](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1084)) +* Fixed an issue with unnecessary server rebuild while using two default networks in `compute_instance_v2` resource ([#1073](https://github.com/terraform-provider-openstack/terraform-provider-openstack/pull/1073)) + +## 1.32.0 (September 15, 2020) + +NOTES + +* This is the first release that is available from [registry.terraform.io](https://registry.terraform.io) + +IMPROVEMENTS + +* Fixed documentation for `identity_ec2_credential_v3` resource ([#1052](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/1052)) +* Added `network_mode` argument for `compute_instance_v2` resource ([#1054](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/1054)) + +## 1.31.0 (August 28, 2020) + +FEATURES + +* __New Resource__: `identity_ec2_credential_v3` ([#1033](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/1033)) + +IMPROVEMENTS + +* Reduced Identity requests across some `identity` resources and data sources by reusing functions to get the current token scope details ([#1044](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/1044)) +* Added `floating_ip_enabled` argument into `containerinfra_cluster_v1` datasource ([#1043](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/1043)) +* Updated Rackspace compatibility notes in documentation ([#1049](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/1049)) +* Updated `terraform-plugin-sdk` to `v1.15.0` ([#1051](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/1051)) +* Updated Go version to `1.14.7` ([#1051](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/1051)) + +BUG FIXES + +* Fixed backward compatibility issue with empty value in `merge_labels` argument of `containerinfra_cluster_v1` ([#1039](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/1039)) +* Fixed errors while creating `keymanager_container_v1` resource with the `certificate` type ([#1046](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/1046)) + +## 1.30.0 (August 05, 2020) + +FEATURES + +* __New Resource__: `openstack_identity_group_v3` ([#1028](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/1028)) +* __New Data Source__: `openstack_images_image_ids_v2` ([#139](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/139)) + +IMPROVEMENTS + +* Added `floating_ip_enabled` argument/attribute and `merge_labels` argument for `containerinfra_cluster_v1` resource ([#1024](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/1024)) +* Added `allowed_cidrs` argument/attribute for `lb_listener_v2` resource ([#1034](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/1034)) + +## 1.29.0 (June 29, 2020) + +FEATURES + +* __New Data Source__: `compute_instance_v2` ([#984](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/984)) + +IMPROVEMENTS + +* Added `vip_network_id` argument to `openstack_lb_loadbalancer_v2` resource. It can be used only with Octavia ([#948](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/948)) +* Allowed to use `is_public` as argument in `compute_flavor_v2` datasource ([#1017](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/1017)) +* Updated `gophercloud` to `v0.12.0` to fix goroutine leaks during reauthentication ([#1020](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/1020)) +* Updated `terraform-plugin-sdk` to `v1.14.0` ([#1021](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/1021)) +* Updated Go version to `1.14.4` ([#1022](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/1022)) + +BUG FIXES + +* Fixed documentation bug for the `binding` argument of the `networking_port_v2` resource ([#1009](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/1009)) + +## 1.28.0 (May 04, 2020) + +NOTES + +* This release sets `delayed_auth` and `allow_reauth` to `true` so Terraform provider won't request a new Identity token for every request against OpenStack API. We're happy to see you feedback about this change in our provider repo. + +IMPROVEMENTS + +* Provider parameters `delayed_auth` and `allow_reauth` are set to `true` by default ([#996](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/996)) +* Added support to import `objectstorage_container_v1` resource. Some attributes can't be imported yet: `force_destroy`, `content_type`, `metadata`, `container_sync_to`, `container_sync_key` ([#998](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/998)) +* Added `availability_zone_hints` parameter to `compute_instance_v2` resource ([#985](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/985)) +* Added `SOURCE_IP_PORT` load balancing method for `lb_pool_v2` resource. It's only available in Octavia LoadBalancer service ([#993](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/993)) +* Added `tags` for `identity_project_v3` resource and data source ([#978](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/978)) +* Added `scheduler_hints` for `blockstorage_volume_v2`, `blockstorage_volume_v3` resources ([#983](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/983)) +* Added `kubeconfig` attribute for `containerinfra_cluster_v1` resource ([#937](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/937)) +* Updated the existing manifests in the `examples` directory and added new manifests with attaching and using a new volume ([#892](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/892)) +* Updated Go version to `1.14.2` ([#1001](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/1001)) +* Updated `terraform-plugin-sdk` to `v1.11.0` ([#1001](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/1001)) + +BUG FIXES + +* Fixed race conditions for `networking_secgroup_rule_v2` resource on some OpenStack environments ([#994](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/994)) +* Fixed error logs for `keymanager_secret_v1` resource ([#997](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/997)) + +## 1.27.0 (April 13, 2020) + +FEATURES + +* __New Resource__: `openstack_keymanager_order_v1` ([#992](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/992)) +* __New Resource__: `openstack_lb_members_v2` ([#898](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/898)) + +IMPROVEMENTS + +* Added `detach_ports_before_destroy` argument for `compute_instance_v2` resource that allows to detach all instance ports prior trying to delete the instance ([#866](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/866)) +* Added `web-download` import method to `openstack_images_image_v2` resource ([#888](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/888)) +* Updated object URL in documentation for `versioning.type` attribute of `objectstorage_container_v1` resource ([#986](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/986)) +* Added ACL examples in documentation of `objectstorage_container_v1` resource ([#987](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/987)) + +BUG FIXES + +* Fixed `master_addresses`, `node_addresses` types to `schema.TypeList` since they are lists of strings instead of just strings ([#981](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/981)) + +## 1.26.0 (February 25, 2020) + +IMPROVEMENTS + +* Added `acl` argument and attribute to `openstack_keymanager_secret_v1`, `openstack_keymanager_container_v1` resources and datasources ([#956](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/956)) +* Added `insert_headers` argument to `openstack_lb_listener_v2` resource ([#959](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/959)) +* Added `block_device.volume_type` argument to `openstack_compute_instance_v2` resource ([#963](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/963)) +* Updated `terraform-plugin-sdk` to `v1.7.0` ([#970](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/970)) + +BUG FIXES + +* Fixed documentation bug for the `id` attribute of the `lb_policy_v2` resource ([#957](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/957)) + +NOTES + +* This release drops Ubuntu Trusty and OpenStack Mitaka from testing CI environment. + +## 1.25.0 (December 25, 2019) + +FEATURES + +* __New Resource__: `openstack_orchestration_stack_v1` ([#944](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/944)) +* __New Data Source__: `openstack_blockstorage_volume_v2` ([#928](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/928)) +* __New Data Source__: `openstack_blockstorage_volume_v3` ([#947](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/947)) + +IMPROVEMENTS + +* Added `allow_reauth` optional boolean flag to the provided configuration block. This flag allows to automatically re-issue a new auth token if the initial token was expired ([#918](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/918)) +* Added `fixed_network` and `fixed_subnet` arguments and attributes to `openstack_containerinfra_cluster_v1` resource and datasource ([#933](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/933)) +* Added `access_rules` argument into `openstack_identity_application_credential_v3` resource ([#920](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/920)) +* Support `SHELVE_OFFLOADED` status for `openstack_compute_instance_v2` resource ([#942](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/942)) +* Added `max_retries_down` to `lb_monitor_v2` resource ([#945](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/945)) +* Updated `terraform-plugin-sdk` to `v1.4.1` ([#936](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/936)) + +BUG FIXES + +* Fixed the bug where empty `external_fixed_ips.ip_address` of `openstack_networking_router_v2` caused errors ([#628](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/628)) +* Fixed documentation example for `openstack_identity_user_v3.extra` ([#923](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/923)) +* Fixed documentation link for `clouds.yaml` ([#943](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/943)) + +## 1.24.0 (October 22, 2019) + +FEATURES + +* __New Resource__: `openstack_networking_quota_v2` ([#915](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/915)) +* __New Resource__: `openstack_compute_quotaset_v2` ([#914](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/914)) + +IMPROVEMENTS + +* Added `tags` argument/attribute and `all_tags` for `openstack_compute_instance_v2` resource ([#899](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/899)) +* Added `UDP` protocol support for `openstack_lb_pool_v2`, `openstack_lb_monitor_v2`, `openstack_lb_listener_v2` resources. It is available only when `use_octavia` is set to `true` ([#896](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/896)) +* Added ability to reuse the existing token when scope parameters are not defined ([#912](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/912)) +* Migrated from Terraform in-tree `helper/*` SDK to the separate `terraform-plugin-sdk v1.1.1` ([#880](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/880)), ([#909](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/909)) +* Migrated to use the common JSON debugging implementation from the upstream `gophercloud/utils` library ([#910](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/910)) + +BUG FIXES + +* Fixed the bug with unchecked errors in initialization of Identity V3 client in `identity_auth_scope_v3` data source [[#878](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/878)] +* Fixed the bug with unchecked errors in initialization of Compute V2 client in `compute_floatingip_associate_v2` resource [[#878](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/878)] +* Fixed the bug with 404 errors handling while getting statuses tree in `openstack_lb_loadbalancer_v2` resource ([#883](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/883)) +* Fixed the bug where is was unable to remove TLS references in `openstack_lb_listener_v2` resource ([#891](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/891)) +* Fixed the bug where empty `scheduler_hints` list caused a panic in `openstack_compute_instance_v2` resource ([#885](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/885)) +* Fixed the bug with usage of the wrong `flavor` argument instead of `flavor_id` for `openstack_lb_loadbalancer_v2` resource. Old argument has never worked. ([#904](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/904)) +* Fixed the documentation bug with usage of `type` and `name` of the `persistence` of the `lb_pool_v2` resource ([#908](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/908)) + +## 1.23.0 (September 20, 2019) + +FEATURES + +* __New Resource__: `openstack_images_image_access_accept_v2` ([#872](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/872)) +* __New Resource__: `openstack_images_image_access_v2` ([#872](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/872)) + +IMPROVEMENTS + +* Added ability to reduce auth requests against the Identity service. This behaviour can be enabled via `delayed_auth` config flag ([#861](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/861)) +* Added `Cache-Control: no-cache` header by default in all requests. This behaviour can be disabled via `disable_no_cache_header` config flag ([#849](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/849)) +* Added `timeout_client_data`, `timeout_member_connect`, `timeout_member_data`, `timeout_tcp_inspect` arguments to the `openstack_lb_listener_v2` resource. Those arguments available if `use_octavia` is set to `true` ([#876](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/876)], [[#877](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/877)) +* Added `domain_id`, `domain_name` attributes to the `openstack_identity_auth_scope_v3` data source ([#871](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/871)) +* Added `description` attributes to the `openstack_identity_group_v3`, `openstack_identity_user_v3` data sources ([#874](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/874)) +* Updated Terraform SDK to `v0.12.8` ([#859](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/859)) +* Refactored headers formatting functions to not use external libraries and nested loops ([#865](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/865)) + +BUG FIXES + +* Fixed the bug where `openstack_identity_auth_scope_v3` caused a panic within the domain-scope ([#851](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/851)) +* Fixed the bug where `openstack_compute_flavor_access_v2` resource wasn't removed from the Terraform state when it has been deleted in the OpenStack ([#856](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/856)) +* Fixed the bug where `openstack_identity_role_assignment_v3` resource wasn't removed from the Terraform state when it has been deleted in the OpenStack ([#856](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/856)) +* Fixed the bug where `ephemeral` argument wasn't set for `openstack_compute_flavor_v2` while reading this resource from the API ([#855](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/855)) + +## 1.22.0 (September 05, 2019) + +FEATURES + +* __New Data Source__: `openstack_keymanager_container_v1` ([#846](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/846)) + +IMPROVEMENTS + +* Added workaround for cases when the Neutron API doesn't provide the status for some load-balancer resources ([#839](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/839)) +* Added workaround for cases when the OpenContrail API doesn't provide the ID for some load-balancer resources ([#840](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/840)) +* Set computed attribute to `dns_name` and `dns_domain` for the `openstack_networking_network_v2` and `openstack_networking_floatingip_v2` resources ([#837](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/837)) +* Fixed code highlighting in website documentation for the `openstack_compute_instance_v2` resource ([#834](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/834)) + +BUG FIXES + +* Fixed the bug where project info wasn't accessible to non-admin users ([#833](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/833)) +* Fixed the bug where role assignments weren't accessible to non-admin users ([#845](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/845)) + +## 1.21.1 (August 08, 2019) + +BUG FIXES + +* Fixed the bug where OpenStack Networking V2 resources and data sources didn't work in old OpenStack environments because of different time format used for `created_at` and `updated_at` fields ([#831](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/831)) + +## 1.21.0 (August 06, 2019) + +FEATURES + +* __New Resource__: `openstack_keymanager_secret_v1` ([#650](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/650)), ([#807](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/807)) +* __New Resource__: `openstack_keymanager_container_v1` ([#808](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/808)) +* __New Resource__: `openstack_identity_service_v3` ([#821](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/821)) +* __New Resource__: `openstack_identity_endpoint_v3` ([#823](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/823)) +* __New Resource__: `openstack_networking_rbac_policy_v2` ([#811](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/811)) +* __New Resource__: `openstack_blockstorage_quotaset_v2` ([#806](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/806)) +* __New Resource__: `openstack_blockstorage_quotaset_v3` ([#828](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/828)) +* __New Data Source__: `openstack_keymanager_secret_v1` ([#815](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/815)) +* __New Data Source__: `openstack_identity_service_v3` ([#819](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/819)) + +IMPROVEMENTS + +* Enabled the `openstack_compute_instance_v2` resource import ([#768](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/768)) +* Added ability to update metadata of the `openstack_sharedfilesystem_share_v2` resource ([#825](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/825)) +* Added ability to filter `openstack_identity_endpoint_v3` datasource by `service_type`, `endpoint_region` and `name` arguments ([#817](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/817)) +* Updated the website documentation to formalize inline HCL code to canonical format according to Terraform v0.12 style conventions ([#797](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/797)) +* Updated the website documentation to use `openstack_compute_volume_attach_v2` instead of `openstack_compute_volume_attach_v3` that doesn't exist ([#800](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/800)) +* Updated the website documentation for the `security_groups` argument of the `openstack_compute_instance_v2` resource ([#826](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/826)) + +BUG FIXES + +* Fixed the bug where `openstack_vpnaas_site_connection` resource set `admin_state_up` argument to `false` istead of `true` by default ([#799](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/799)) +* Fixed the bug where `openstack_networking_subnet_v2` resource could cause a panic if `dns_nameservers` argument set to an empty list ([#726](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/726)) +* Fixed the bug where `openstack_lb_pool_v2` resource could cause a panic because of passing a struct instead of a flattened list into the `persistence` attribute ([#725](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/725)) +* Fixed the bug where `openstack_networking_port_v2` resource built an invalid request against the API with the empty `binding:profile` parameter ([#759](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/759)) + +## 1.20.0 (July 09, 2019) + +FEATURES + +* __New Resource__: `openstack_networking_qos_policy_v2` ([#774](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/774)) +* __New Resource__: `openstack_networking_qos_bandwidth_limit_rule_v2` ([#783](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/783)) +* __New Resource__: `openstack_networking_qos_dscp_marking_rule_v2` ([#784](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/784)) +* __New Resource__: `openstack_networking_qos_minimum_bandwidth_rule_v2` ([#790](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/790)) +* __New Data Source__: `openstack_networking_qos_policy_v2`([#779](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/779)) +* __New Data Source__: `openstack_networking_qos_bandwidth_limit_rule_v2` ([#788](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/788)) +* __New Data Source__: `openstack_networking_qos_dscp_marking_rule_v2` ([#789](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/789)) +* __New Data Source__: `openstack_networking_qos_minimum_bandwidth_rule_v2` ([#793](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/793)) + +IMPROVEMENTS + +* Updated documentation and Travis CI configuration with newer versions of Go and Terraform ([#777](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/777)) +* Added `qos_policy_id` to `openstack_networking_network_v2` ([#780](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/780)) +* Added `qos_policy_id` to `openstack_networking_port_v2` ([#781](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/781)) +* Updated Terraform SDK to `v0.12.2` ([#795](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/795)) + +BUG FIXES + +* Fixed bug preventing a floating IP from being re-associated with an instance when using `create_before_destroy` ([#761](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/761)) +* Fixed bug preventing `openstack_compute_instance_v2` scheduler hint queries from working ([#771](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/771)) + +## 1.19.0 (May 22, 2019) + +IMPROVEMENTS + +* The provider is now compatible with Terraform v0.12, while retaining compatibility with prior versions. +* `openstack_compute_instance_v2.stop_before_destroy` is now configurable by the `delete` timeout ([#750](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/750)) + +BUG FIXES + +* Fixed bug where `openstack_dns_recordset_v2.ttl` was being cleared ([#752](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/752)) +* Fixed an out of memory issue when running in debug mode ([#755](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/755)) +* Fixed printing of clear text password in case of `v2` auth ([#757](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/757)) + +## 1.18.0 (May 08, 2019) + +NOTES + +* The `openstack_networking_subnet_v2` argument `allocation_pools` has been deprecated in favor of `allocation_pool`. + +FEATURES + +* __New Data Source__: `openstack_networking_addressscope_v2` ([#741](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/741)) + +BUG FIXES + +* Fixed bug where `master_flavor` was being ignored in `openstack_containerinfra_cluster_v1` ([#730](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/730)) +* Fixed case-sensitivity for validation on `access_type` and `access_level` in `openstack_sharedfilesystem_share_access_v2` ([#730](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/730)) +* The `openstack_networking_subnet_v2` argument `allocation_pools` has been deprecated in favor of `allocation_pool`. This deprecation helps resolve an issue where multiple allocation pools in a single subnet were being returned out of order ([#739](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/739)) +* Fixed a bug where `dns_nameservers` could not be cleared in `openstack_networking_subnet_v2` ([#728](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/728)) +* Fixed a bug where a port's `dns_name` was being unset by Terraform ([#748](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/748)) + + +## 1.17.0 (April 01, 2019) + +NOTES + +* `extra_dhcp_option` in the `openstack_networking_port_v2` data source has been changed to a List. This is to resolve a bug where multiple DHCP options were not being rendered. + + +FEATURES + +* __New Resource__: `openstack_identity_application_credential_v3` ([#660](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/660)) +* __New Data Source__: `openstack_blockstorage_availability_zones_v3` ([#652](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/652)) +* __New Data Source__: `openstack_sharedfilesystem_availability_zones_v2` ([#652](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/652)) +* __New Data Source__: `openstack_networking_trunk_v2` ([#626](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/626)) + +IMPROVEMENTS + +* Reduced API calls when updating `extra_dhcp_option` in `openstack_networking_port_v2` ([#689](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/689)) +* Added `port_security_enabled` to `openstack_networking_network_v2` ([#681](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/681)) +* Added `port_security_enabled` to `openstack_networking_port_v2` ([#682](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/682)) +* Added `prefix_length` to `openstack_networking_subnet_v2` ([#705](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/705)) +* Added `binding` to `openstack_networking_port_v2` ([#693](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/693)) +* Added `binding` to `openstack_networking_port_v2` data source ([#693](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/693)) +* Added `mtu` to `openstack_networking_network_v2` ([#708](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/708)) +* Added `mtu` to `openstack_networking_network_v2` data source ([#708](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/708)) +* Added `dns_name` and `dns_domain` to `openstack_networking_floatingip_v2` ([#706](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/706)) +* Added `dns_name` and `dns_domain` to `openstack_networking_floatingip_v2` data source ([#706](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/706)) +* Added `dns_domain` to `openstack_networking_network_v2` ([#706](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/706)) +* Added `dns_domain` to `openstack_networking_network_v2` data source ([#706](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/706)) +* Added `dns_name` and `dns_assignment` to `openstack_networking_port_v2` ([#706](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/706)) +* Added `dns_name` and `dns_assignment` to `openstack_networking_port_v2` data source ([#706](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/706)) +* Added `fixed_ip` to `openstack_networking_floatingip_associate_v2` ([#709](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/709)) +* Enable `fixed_ip` to be updated in `openstack_networking_floatingip_v2` ([#709](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/709)) +* Added ability to specify `cephx` as `access_type` and to retrieve the `access_key` in `openstack_sharedfilesystem_share_access_v2` ([#715](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/715)) + +BUG FIXES + +* Fixed bug in `openstack_identity_auth_scope_v3` data source where the `user_id` attribute was being set to the user's Name and not ID ([#660](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/660)) +* Fixed bug in Load Balancer resources for Contrail-based load balancers ([#691](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/691)) +* `extra_dhcp_option` in the `openstack_networking_port_v2` data source has been changed to a List. This is to resolve a bug where multiple DHCP options were not being rendered ([#695](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/695)) + +## 1.16.0 (February 14, 2019) + +NOTES + +* The `openstack_networking_subnet_v2.host_routes` argument has been marked as deprecated. Please use the dedicated `openstack_networking_subnet_route_v2` resource instead. + +FEATURES + +* __New Data Source__: `openstack_compute_availability_zones_v2` ([#655](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/655)) + +BUG FIXES + +* The `openstack_networking_subnet_v2.host_routes` argument has been deprecated due to schema issues and conflicts with `openstack_networking_subnet_route_v2` ([#668](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/668)) +* A previously added validation to `openstack_networking_port_v2.fixed_ip.ip_address` was removed as it was causing problems for prior behavior of using an empty string ([#678](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/678)) + +## 1.15.1 (February 08, 2019) + +BUG FIXES + +* Fixed issue where volume multiattachments would not be retried ([#540](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/540)) +* Reverted an incorrect schema validation for `openstack_networking_port_v2.allowed_address_pairs` ([#661](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/661)) + +## 1.15.0 (February 06, 2019) + +NOTES + +* The `openstack_images_image_v2.update_at` attribute has been deprecated in favor of `updated_at` ([#617](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/617)) + +FEATURES + +* __New Resource__: `openstack_networking_addressscope_v2` ([#634](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/634)) +* __New Resource__: `openstack_networking_port_secgroup_associate_v2` ([#574](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/574)) + +IMPROVEMENTS + +* Added `flavor_id` to the `openstack_compute_flavor_v2` data source so flavors can be queried by ID ([#587](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/587)) +* `openstack_networking_port_ids_v2` data source can now return an empty set of results ([#631](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/631)) +* Added `description` to `openstack_networking_trunk_v2` resource ([#625](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/625)) +* Added `tags` to the networking data source to query by tags and `all_tags` to see a full list of tags ([#624](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/624)) +* `openstack_compute_instance_v2.admin_pass` is now a "sensitive" attribute ([#647](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/647)) +* Added support to authenticate with Application Credentials ([#642](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/642)) +* Added ability to specify region in `openstack_sharedfilesystem_share_access_v2` ([#654](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/654)) +* Added ability to specify region in `openstack_sharedfilesystem_share_v2` ([#654](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/654)) +* Added `all_tags` attribute to Networking resources to set tags provided by the OpenStack backend automatically ([#623](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/623)) + +BUG FIXES + +* Fixed `created_at`, `updated_at`, and `tag` fields in the `openstack_images_image_v2` data source ([#615](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/615)) +* Fixed `created_at` and `updated_at` fields in the `openstack_networking_subnetpool_v2` resource ([#619](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/619)) +* Fixed `created_at` and `updated_at` fields in the `openstack_networking_subnetpool_v2` data source ([#616](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/616)) +* Fixed issue where updating the description of a floating IP would cause the port to disassociate ([#606](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/606)) +* `admin_state_up` and `shared` fields of `openstack_networking_network_v2` are now correct boolean fields ([#593](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/593)) +* `external` field of `openstack_networking_network_v2` field will now show an actual value ([#593](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/593)) +* Fixed issue where `status` was being used as the query value for `network_id` in `openstack_networking_port_v2` data source ([#631](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/631)) +* Fixed issue where `status` was being used as the query value for `network_id` in `openstack_networking_port_ids_v2` data source ([#631](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/631)) +* The `openstack_images_image_v2` fields `update_at`, `updated_at`, and `created_at` all now set correctly ([#617](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/617)) +* Fixed issue with `openstack_dns_recordset_v2` where `records` would be returned out of order ([#636](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/636)) +* Fixed issue where `openstack_compute_volume_attach_v2` and `openstack_blockstorage_volume_v2` were trying to detach volumes at the same time ([#640](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/640)) +* Fixed a regression bug where destroying networks was failing on a 409 code ([#644](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/644)) +* Fixed an issue with `openstack_compute_instance_v2` where a 404 was triggering an error ([#647](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/647)) +* Fixed an issue where `all_fixed_ips` was not being set in `openstack_networking_port_v2` data source ([#649](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/649)) +* Fixed an issue where `openstack_networking_port_v2` would cause an API error ([#649](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/649)) +* Fixed an issue where Blockstorage volume resources couldn't be detached because they had been removed ([#641](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/641)) + +## 1.14.0 (January 15, 2019) + +NOTES + +* The Load Balancer v2 resources have been updated to provide more efficient status checks. If you encounter any problems due to this, please report them and we will make it a priority to resolve. +* `openstack_networking_port_v2` will now set the `admin_state_up` to `true/UP` if it is left omitted from the resource configuration. This now correctly conforms to the OpenStack API. This should be a transparent change, but let us know if this causes you problems. + +FEATURES + +* __New Resource__: `openstack_lb_l7policy_v2` ([#527](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/527)) +* __New Resource__: `openstack_lb_l7rule_v2` ([#522](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/522)) +* __New Resource__: `openstack_sharedfilesystem_share_v2` ([#525](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/525)) +* __New Resource__: `openstack_sharedfilesystem_share_access_v2` ([#526](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/526)) +* __New Data Source__: `openstack_sharedfilesystem_share_v2` ([#564](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/564)) +* __New Data Source__: `openstack_networking_port_v2` ([#567](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/567)) +* __New Data Source__: `openstack_sharedfilesystem_sharenetwork_v2` ([#576](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/576)) +* __New Data Source__: `openstack_networking_port_ids_v2` ([#569](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/569)) +* __New Data Source__: `openstack_sharedfilesystem_snapshot_v2` ([#577](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/577)) + +IMPROVEMENTS + +* Provider options `swauth` and `use_octavia` will correctly use a default value of `false` when they are not specified. This is to help with compatibility for v0.12 ([#494](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/494)) +* Enhanced the pending status checks of the Load Balancer v2 resources ([#550](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/550)) +* Prioritized the status of Load Balancer v2 resources to first use the Load Balancer's master status ([#556](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/556)) +* Fix flavor detection in `openstack_compute_instance_v2` and `openstack_containerinfra_cluster_v1` for Terraform v0.12 ([#551](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/551)) +* Added the ability to import `openstack_lb_loadbalancer_v2` ([#524](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/524)) +* Added the ability to import `openstack_lb_listener_v2` ([#524](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/524)) +* Added the ability to import `openstack_lb_pool_v2` ([#524](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/524)) +* Added the ability to import `openstack_lb_member_v2` ([#524](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/524)) +* Added the ability to import `openstack_lb_monitor_v2` ([#524](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/524)) +* Added `device_type` and `disk_bus` to `openstack_compute_instance_v2` block device ([#558](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/558)) +* Added `transparent_vlan` to `openstack_networking_network_v2` ([#513](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/513)) +* Added `transparent_vlan` to `openstack_networking_network_v2` data source ([#538](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/538)) +* Added `max_retries` to the provider options ([#413](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/413)) +* Added the ability to override catalog endpoints ([#501](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/501)) +* Changed the `segments` attribute of the `openstack_networking_network_v2` to `TypeSet` [[#578](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/578)] + +BUG FIXES + +* `openstack_compute_interface_attach_v2` now correctly sets the `instance_id` [[#557](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/557)] +* `openstack_networking_port_v2` will now correctly set the `admin_state_up` to `true/UP` if left omitted ([#594](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/594)) +* Fixed out of range panic in `openstack_compute_instance_v2` when no IP addresses were detected ([#539](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/539)) + +## 1.13.0 (December 18, 2018) + +FEATURES + +* __New Resource__: `openstack_sharedfilesystem_securityservice_v2` ([#515](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/515)) +* __New Resource__: `openstack_sharedfilesystem_sharenetwork_v2` ([#515](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/515)) +* __New Data Source__: `openstack_containerinfra_cluster_v1` ([#488](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/488)) +* __New Data Source__: `openstack_blockstorage_snapshot_v2` ([#448](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/448)) +* __New Data Source__: `openstack_blockstorage_snapshot_v3` ([#448](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/448)) + +IMPROVEMENTS + +* Added object versioning to `openstack_objectstorage_container_v1` ([#465](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/465)) +* Added support for soft affinities in `openstack_compute_servergroup_v2` ([#490](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/490)) +* Allow `default_pool_id` to be updated in `openstack_lb_listener_v2` ([#516](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/516)) +* Added `description` to `openstack_networking_router_v2` ([#529](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/529)) +* Added `description` to `openstack_networking_port_v2` ([#531](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/531)) +* Added `description` to `openstack_networking_subnet_v2` ([#533](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/533)) +* Added `description` to `openstack_networking_floatingip_v2` ([#534](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/534)) +* Added `description` to `openstack_networking_secgroup_v2` data source ([#535](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/535)) +* Added `description` to `openstack_networking_network_v2` ([#532](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/532)) +* Added `description` to `openstack_networking_subnet_v2` data source ([#528](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/528)) +* Added `description` to `openstack_networking_router_v2` data source ([#530](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/530)) +* Added `description` to `openstack_networking_network_v2` data source ([#536](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/536)) +* Added `description` to `openstack_networking_floatingip_v2` data source ([#523](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/523)) + +BUG FIXES + +* Allow instances to be in a state of `migrating` when performing a plan/refresh ([#496](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/496)) +* Fix issue when `openstack_networking_floatingip_v2`, `openstack_networking_router_v2`, `openstack_networking_subnet_v2`, and `openstack_networking_subnetpool_v2` tag updates send empty updates for the resource. ([#519](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/519)) + +## 1.12.0 (November 13, 2018) + +FEATURES + +* __New Resource__: `openstack_compute_interface_attach_v2` ([#470](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/470)) + +IMPROVEMENTS + +* Added `tags` to `openstack_networking_network_v2` ([#454](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/454)) +* Added `tags` to `openstack_networking_subnet_v2` ([#459](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/459)) +* Added `tags` to `openstack_networking_subnetpool_v2` ([#460](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/460)) +* Added `tags` to `openstack_networking_port_v2` ([#461](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/461)) +* Added `tags` to `openstack_networking_secgroup_v2` ([#463](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/463)) +* Added `tags` to `openstack_networking_floatingip_v2` ([#466](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/466)) +* Added `tags` to `openstack_networking_router_v2` ([#467](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/467)) +* Added `extra_dhcp_options` to `openstack_networking_port_v2` ([#258](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/258)) +* Added `fingerprint` to `openstack_compute_keypair_v2` data source ([#481](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/481)) +* Added `extra_specs` to `openstack_compute_flavor_v2` data source ([#480](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/480)) + +BUG FIXES + +* Fixed issue with nova-network based environments having the `tenantnetworks` API disabled ([#485](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/485)) + + +## 1.11.0 (October 29, 2018) + +FEATURES + +* __New Resource__: `openstack_networking_trunk_v2` ([#446](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/446)) +* __New Resource__: `openstack_compute_flavor_access_v2` ([#447](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/447)) + +IMPROVEMENTS + +* Added `multiattach` argument and attribute for the `openstack_blockstorage_volume_v3` resource ([#431](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/431)) +* `openstack_dns_recordset_v2` can now accept IPv6 addresses with and without brackets ([#443](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/443)) +* Added `multiattach` argument for the `openstack_compute_volume_attach_v2` resource ([#442](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/442)) +* `openstack_lb_member_v2` resources can now use a weight of 0 ([#451](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/451)) + +BUG FIXES + +* Fixed an issue where environment variables were overwriting specified arguments ([#436](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/436)) +* Fixed an issue where security group rule descriptions were not working with older verisons of OpenStack ([#438](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/438)) + +## 1.10.0 (October 01, 2018) + +FEATURES + +* __New Resource__: `openstack_containerinfra_cluster_v1` ([#421](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/421)) +* __New Data Source__: `openstack_containerinfra_clustertemplate_v1` ([#415](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/415)) + +IMPROVEMENTS + +* Added `description` argument for the `openstack_networking_secgroup_rule_v2` resource ([#416](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/416)) +* Added a vendor option of `ignore_resize_confirmation` to `openstack_compute_instance_v2` ([#422](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/422)) +* `openstack_compute_instance_v2` IP addresses are now visible in Rackspace. This provider still does not officially support Rackspace, though. ([#426](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/426)) +* Added `no_fixed_ip` argument to `openstack_networking_port_v2` which allows the port to not have an IP address ([#433](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/433)) + +BUG FIXES + +* Enabled instances to be in an `ERROR` state so they can be cleanly deleted ([#428](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/428)) + +## 1.9.0 (September 05, 2018) + +FEATURES + +* __New Resource__: `openstack_objectstorage_tempurl_v1` ([#379](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/379)) +* __New Resource__: `openstack_containerinfra_clustertemplate_v1` ([#403](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/403)) +* __New Data Source__: `openstack_fw_policy_v1` ([#398](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/398)) +* __New Data Source__: `openstack_networking_router_v2` ([#401](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/401)) + +IMPROVEMENTS + +* The `openstack_images_image_v2` resource can now finally update properties. This update has been in progress over the last two release cycles. Please let us know if you encounter any problems ([#409](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/409)) + +## 1.8.0 (August 08, 2018) + +BACKWARDS INCOMPATIBILITIES / NOTES: + +* Support for `default_domain` has been added. This should not cause any issues, but please report any issues encountered. +* `openstack_images_image_v2.properties` has been set to `ForceNew`. If properties are modified, the image will be recreated. Previously, updates to the properties were only happening in the Terraform state and not actually reflected on the image itself. + +FEATURES + +* __New Data Source__: `openstack_identity_group_v3` ([#385](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/385)) +* __New Data Source__: `openstack_networking_floatingip_v2` ([#387](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/387)) + +IMPROVEMENTS + +* Added support for `default_domain` during authentication ([#329](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/329)) +* The upcoming OpenStack Rocky release will be automatically adding additional properties to the `openstack_images_image_v2` resource. This resource has been patched to account for this and to reconcile these server-provided properties with the user-provided properties. In addition, `openstack_images_image_v2.properties` has been set to `ForceNew` and will recreate the image when properties have been modified. Previously, any updates to the properties were only happening in the state and not actually reflected on the image itself. ([#390](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/390)) + +BUG FIXES + +* The addition of the `openstack_networking_network_v2.external` data source argument caused unintended behavior of results only containing external or non-external networks. This bug has been fixed and we apologize for the inconvenience ([#384](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/384)) +* The addition of the `openstack_compute_floatingip_associate_v2.wait_until_associated` argument caused the floating IP association to be recreated when updating to a later release of this provider. This was unintended and this has been resolved ([#395](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/395)) + +## 1.7.0 (August 01, 2018) + +FEATURES + +* __New Data Source__: `openstack_identity_endpoint_v3` ([#377](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/377)) + +IMPROVEMENTS + +* Allow resize for stopped instances ([#348](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/348)) +* Added `power_state` to `openstack_compute_instance_v2` ([#350](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/350)) +* Added `external` to `openstack_networking_network_v2` resource ([#357](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/357)) +* Added `external` to `openstack_networking_network_v2` data source ([#358](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/358)) +* Return the default network uuid for `openstack_compute_instance_v2` ([#365](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/365)) +* Allow a specific floating IP to be specified in `openstack_networking_floatingip_v2` ([#371](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/371)) +* Allow `PROXY` protocol for `openstack_lb_pool_v2` ([#375](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/375)) + +BUG FIXES + +* Allow explicit values of `0` for `min_disk_gb` and `min_ram_mb` in the `openstack_images_image_v2` resource ([#351](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/351)) +* Make `peer_ep_group_id` optional in `openstack_vpnaas_site_connection` ([#353](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/353)) + +## 1.6.0 (June 20, 2018) + +FEATURES + +* __New Resource__: `openstack_vpnaas_site_connection_v2` ([#330](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/330)) + +IMPROVEMENTS + +* Added `wait_until_associated` to `openstack_compute_floatingip_associate_v2` ([#310](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/310)) +* Added support for SSL settings in a `clouds.yaml` file ([#340](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/340)) + +## 1.5.0 (May 15, 2018) + +FEATURES + +* __New Resource__: `openstack_blockstorage_volume_v3` ([#324](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/324)) +* __New Resource__: `openstack_blockstorage_volume_attach_v3` ([#324](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/324)) +* __New Resource__: `openstack_networking_subnet_route_v2` ([#314](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/314)) +* __New Resource__: `openstack_networking_floatingip_associate_v2` ([#313](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/313)) +* __New Resource__: `openstack_vpnaas_ipsec_policy_v2` ([#270](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/270)) +* __New Resource__: `openstack_vpnaas_service_v2` ([#300](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/300)) +* __New Resource__: `openstack_vpnaas_ike_policy_v2` ([#316](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/316)) +* __New Resource__: `openstack_vpnaas_endpoint_group_v2` ([#321](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/321)) +* __New Data Source__: `openstack_compute_keypair_v2` ([#307](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/307)) +* __New Data Source__: `openstack_identity_auth_scope_v3` ([#204](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/204)) + +IMPROVEMENTS + +* Added `verify_checksum` to `openstack_images_image_v2` resource so that checksum verification can be disabled ([#305](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/305)) +* The LBaaS v2 resources have lower "delay" times when waiting for state changes. This should speed up creation of a Load Balancing stack ([#297](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/297)) + +BUG FIXES + +* Fixed issue where `OS_IDENTITY_API_VERSION=2` was not recognized ([#315](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/315)) +* Fixed issue when using Identity v3 resources when an Identity v2 endpoint is published ([#320](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/320)) +* `openstack_networking_router_v2.distributed` will now pass `false` correctly ([#308](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/308)) +* `openstack_networking_router_v2.enable_snat` will now pass `false` correctly ([#309](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/309)) + +## 1.4.0 (May 01, 2018) + +BACKWARDS INCOMPATIBILITIES / NOTES: + +* The OpenStack provider now has additional authentication options for `project_domain_name`, `project_domain_id`, `user_domain_name`, and `user_domain_id`. This will allow for more fine-grainted authentication scoping. This should not cause any problems with existing deployments, but please report any authentication issues after upgrading. + +FEATURES + +* __New Resource__: `openstack_identity_role_assignment_v3` ([#265](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/265)) +* __New Data Source__: `openstack_identity_project_v3` ([#251](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/251)) +* __New Data Source__: `openstack_identity_user_v3` ([#252](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/252)) + +IMPROVEMENTS + +* Added `member_status` to `openstack_images_image_v2` data source ([#269](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/269)) +* Add support for `OS_TOKEN` environment variable ([#272](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/272)) +* Added `force_destroy` to `openstack_objectstorage_container_v1` which will cause all objects in the container to be deleted when the container is deleted ([#276](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/276)) +* CIDR is now optional in `openstack_networking_subnet_v2` allowing a CIDR to be allocated from a subnet pool ([#294](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/294)) +* Added additional authentication options for domain scoping ([#290](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/290)) +* `openstack_images_image_v2` can now support OVA format ([#302](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/302)) + +BUG FIXES + +* `openstack_compute_instance_v2` resources can handle Availability Zones in the format of `az:host:node` ([#291](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/291)) + +## 1.3.0 (March 14, 2018) + +BACKWARDS INCOMPATIBILITIES / NOTES: + +* `openstack_compute_keypair_v2` can now generate a private key, however the private key will be stored in your Terraform state. Please use caution. +* The MAC addresses in `openstack_networking_port_v2.allowed_address_pairs` is no longer computed. This should not cause an issue for users since if an `allowed_address_pairs` MAC address was not specified, the AAP MAC will match `openstack_networking_port_v2.mac_address`. + +FEATURES + +* __New Resource:__ `openstack_networking_subnetpool_v2` ([#243](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/243)) +* __New Resource:__ `openstack_identity_role_v3` ([#250](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/250)) +* __New Data Source:__ `openstack_networking_subnetpool_v2` ([#243](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/243)) +* __New Data Source:__ `openstack_identity_role_v3` ([#250](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/250)) + +IMPROVEMENTS + +* Added `additional_properties` to `openstack_compute_instance_v2` scheduler hints ([#230](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/230)) +* `openstack_compute_keypair_v2` can now generate a private key ([#217](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/217)) +* `openstack_networking_router_v2` can now optionally set a default gateway after it has been created ([#209](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/209)) +* Added `subnetpool_id` to `openstack_networking_subnet_v2` resource and data source ([#249](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/249)) +* Added `extra_specs` to `openstack_compute_flavor_v2` ([#241](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/241)) +* Added `subnet_id` to `openstack_networking_floatingip_v2` ([#240](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/240)) + +BUG FIXES + +* Fixed bug with `openstack_networking_network_v2` and `openstack_networking_subnet_v2` where the `OS_TENANT_ID` was incorrectly being used as a default value ([#254](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/254)) +* Correctly detect if an object storage container is deleted ([#261](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/261)) +* Fixed a few small bugs with `openstack_fw_rule_v1` updating ([#224](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/224)) +* Fixed an issue with `openstack_networking_port_v2` `allowed_address_pairs` and MAC addresses ([#244](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/244)) + +## 1.2.0 (January 18, 2018) + +BACKWARDS INCOMPATIBILITIES / NOTES: + +* The way IP addresses for `allowed_address_pairs` in the `openstack_networking_port_v2` resource are stored in the Terraform state has changed. +* The `external_gateway` argument in the `openstack_networking_router_v2` has been deprecated in favor of the more appropriately named `external_network_id`. + +FEATURES + +* __New Resource:__ `openstack_db_database_v1` ([#179](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/179)) +* __New Resource:__ `openstack_db_user_v1` ([#180](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/180)) +* __New Resource:__ `openstack_db_configuration_v1` ([#185](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/185)) +* __New Data Source:__ `openstack_compute_flavor_v2` ([#190](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/190)) + + +IMPROVEMENTS + +* Added `external_fixed_ips` to the `openstack_networking_router_v2` resource ([#178](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/178)) +* Added `ipv6_address_mode` and `ipv6_ra_mode` to the `openstack_networking_subnet_v2` resource and data source ([#193](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/193)) +* Several new `openstack_networking_subnet_v2` attributes are now accessible in the data source ([#199](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/199)) +* Added `availability_zone_hints` to the `openstack_networking_network_v2` resource and data source ([#196](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/196)) +* Added `availability_zone_hints` to the `openstack_networking_router_v2` resource ([#203](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/203)) +* User's password field in `openstack_db_instance_v2` resource has been marked sensitive ([#220](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/220)) +* `openstack_db_instance_v1` now supports setting a `configuration_id` ([#221](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/221)) + +BUG FIXES + +* Allow the same `ip_address` with a different `mac_address` to be specified multiple times in the `openstack_networking_port_v2` resource ([#168](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/168)) +* Fixed unhandled error checks which were causing crashes in `openstack_networking_secgroup_v2` and `openstack_networking_network_v2` data sources ([#201](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/201)) +* Fixed unhandled error check when creating `openstack_networking_floatingip_v2` ([#206](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/206)) +* Fixed region detection when using `clouds.yaml` ([#216](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/216)) +* Make `subnet_id` optional for `openstack_lb_member_v2` ([#189](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/189)) +* Fix ordering of DNS servers in `openstack_networking_subnet_v2` ([#226](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/226)) + +## 1.1.0 (December 04, 2017) + +FEATURES + +* __New Resource:__ `openstack_objectstorage_object_v1` ([#146](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/146)) +* __New Resource:__ `openstack_db_instance_v1` ([#155](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/155)) + +IMPROVEMENTS + +* Better handling of mutually exclusive options `no_gateway` and `gateway_ip` in the `openstack_networking_subnet_v2` resource ([#136](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/136)) +* Can now authenticate with a `clouds.yaml` file ([#154](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/154)) + +BUG FIXES + +* Fixed issue with automatic detection of an Octavia client and Networking client ([#172](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/172)) +* Fixed issue with creating public flavors ([#177](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/177)) + +## 1.0.0 (November 08, 2017) + +BACKWARDS INCOMPATIBILITIES / NOTES: + +* If your OpenStack cloud supports the Octavia Load Balancing service, you can now use it by setting the provider-level `use_octavia` argument to `true`. The `openstack_lb_*_v2` resources will then seamlessly use Octavia. + +FEATURES + +* __New Data Source:__ `openstack_networking_subnet_v2` ([#135](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/135)) +* __New Data Source:__ `openstack_dns_zone_v2` ([#145](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/145)) + +IMPROVEMENTS + +* `openstack_networking_router_v2`: Added `enable_snat` argument ([#140](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/140)) +* Added provider-level option of `use_octavia` to use the Octavia load balancing service ([#149](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/149)) + +## 0.3.0 (October 23, 2017) + +BACKWARDS INCOMPATIBILITIES / NOTES: + +* The `openstack_networking_port_v2` resource had a significant update to how it handles security groups. If you have not explicitly defined security groups in the port resource, any security groups which were automatically applied by OpenStack (such as the `default` security group) will be removed upon the next apply. To prevent this from happening, add the ID of the security groups to the `security_group_ids` argument. If you are already explicitly specifying security groups, you should see no change in behavior. + +IMPROVEMENTS + + * `openstack_networking_router_interface_v2` will now set `subnet_id` when importing ([#119](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/119)) + * `openstack_networking_router_route_v2` can now be imported ([#120](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/120)) + * `openstack_images_image_v2` resource and data source now supports reading and setting properties ([#113](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/113)) + +BUG FIXES + + * `openstack_networking_port_v2`: Fixed issues with how security groups and allowed address pairs are applied and updated [[#114](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/114)]. + +## 0.2.2 (September 15, 2017) + +BACKWARDS INCOMPATIBILITIES / NOTES: + +* Unused `id` fields in the LBaaS v2 resources were removed. This should not cause any issues, but please report if you find otherwise. + +FEATURES: + +* __New Data Source:__ `openstack_networking_secgroup_v2` ([#86](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/86)) +* __New Resource:__: `openstack_compute_flavor_v2` ([#83](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/83)) + +IMPROVEMENTS + * Added `status` field to `openstack_networking_network_v2` data source ([#105](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/105)) + * `openstack_networking_router_v2` can now be imported ([#111](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/111)) + * `openstack_networking_router_interface_v2` can now be imported ([#112](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/112)) + +BUG FIXES + +* `openstack_lb_listener_v2`: Don't send `connection_limit` unless it has been set ([#90](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/90)) +* `openstack_lb_pool_v2`: Find Load Balancer via Listener ([#97](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/97)) +* LBaaS v2: Removed unused `id` fields ([#93](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/93)) +* `openstack_lb_monitor_v2`: Check if a monitor was successfully created before proceeding ([#102](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/102)) +* `openstack_networking_router_v2`: Fix region parameter ([#107](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/107)) +* `openstack_compute_instance_v2`: Fix regression bug with NIC detection ([#117](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/117)) + +## 0.2.1 (August 23, 2017) + +IMPROVEMENTS: + +* `openstack_lb_loadbalancer_v2` timeouts have been lowered to 10 and 5 minutes ([#74](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/74)) + +BUG FIXES: + +* `openstack_images_image_v2` data source now sorts images by `CreatedAt` instead of `UpdatedAt` ([#78](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/78)) +* `openstack_networking_secgroup_v2` now re-reads security group before deleteing rules when `delete_default_rules => true` ([#82](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/82)) +* Fixed `openstack_compute_instance_v2` access IP address detection in dual-stack environments ([#85](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/85)) + +## 0.2.0 (August 14, 2017) + +BACKWARDS INCOMPATIBILITIES / NOTES: + +* Network detection in the `openstack_compute_instance_v2` resource was cleaned up and updated. There should be no incompatibilities, but you should do a `plan` before `apply` just to be safe. +* The `openstack_lb_loadbalancer_v2.provider` argument has been removed entirely. This was an erroneous argument from the beginning, so it should not be in use. However, if you do have it set in your configurations, please rename it to `loadbalancer_provider`. + +FEATURES: + +* __New Resource:__ `openstack_identity_project_v3` ([#50](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/50)) +* __New Resource:__ `openstack_identity_user_v3` ([#52](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/52)) + +IMPROVEMENTS: + +* `openstack_compute_instance_v2` now supports Neutron for network detection ([#39](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/39)) +* `openstack_compute_instance_v2` support for multiple NICs on the same network ([#39](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/39)) +* Added support for `TERMINATED_HTTPS` protocol in `openstack_lb_listener_v2` ([#49](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/49)) +* Improvements to LBaaS v2 resource coordination ([#59](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/59)) +* `openstack_lb_loadbalancer_v2.provider` has been removed. See notes above. ([#65](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/65)) + +BUG FIXES: +* `openstack_lb_pool_v2` handling of `persistence` updated, `cookie_name` is now optional. ([#57](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/57)) +* `openstack_fw_firewall_v1.associated_routers` is now computed. ([#53](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/53)) +* All `openstack_fw_rule_v1` attributes are now passed during an update phase. ([#53](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/53)) +* `openstack_networking_secgroup_v2` now correctly updates description. ([#60](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/60)) +* `openstack_fw_firewall_v1` now correctly translates `value_specs` on create. ([#66](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/66)) + +## 0.1.0 (June 21, 2017) + +BACKWARDS INCOMPATIBILITIES / NOTES: + +* You can now specify `region` in the provider block. All resources will inherit this region setting, or you can override it in the resource-level `region`. Make sure to do a `plan` before an `apply` to make sure the resource is not destroyed due to incorrectly determining the region! If you see this happening, either explicitly set the `region` in the resource or use `lifecycle.ignore_changes`. +* `floating_ip` has been removed from `openstack_compute_instance_v2`. You must now use `openstack_compute_floatingip_associate_v2` to associate a Floating IP with an Instance. +* `volume` has been removed from `openstack_compute_instance_v2`. You must now use `openstack_compute_volume_attach_v2` to attach a Volume with an Instance. +* `member` has been removed from `openstack_lb_pool_v1`. You must now use `openstack_lb_member_v1` to add a LBaaS v1 Member to a Pool. + + +IMPROVEMENTS: + +* Can specify `region` in the provider ([#25](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/25)) + +BUG FIXES + +* Wait for LoadBalancer to be active before creating Pools and Monitors ([#29](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/29)) +* Choose first network found with a matching name for compute instances ([#36](https://github.com/terraform-provider-openstack/terraform-provider-openstack/issues/36)) diff --git a/ansible/roles/dingo-command/templates/registry.terraform.io/terraform-provider-openstack/openstack/1.54.1/linux_amd64/LICENSE b/ansible/roles/dingo-command/templates/registry.terraform.io/terraform-provider-openstack/openstack/1.54.1/linux_amd64/LICENSE new file mode 100644 index 0000000000..a612ad9813 --- /dev/null +++ b/ansible/roles/dingo-command/templates/registry.terraform.io/terraform-provider-openstack/openstack/1.54.1/linux_amd64/LICENSE @@ -0,0 +1,373 @@ +Mozilla Public License Version 2.0 +================================== + +1. Definitions +-------------- + +1.1. "Contributor" + means each individual or legal entity that creates, contributes to + the creation of, or owns Covered Software. + +1.2. "Contributor Version" + means the combination of the Contributions of others (if any) used + by a Contributor and that particular Contributor's Contribution. + +1.3. "Contribution" + means Covered Software of a particular Contributor. + +1.4. "Covered Software" + means Source Code Form to which the initial Contributor has attached + the notice in Exhibit A, the Executable Form of such Source Code + Form, and Modifications of such Source Code Form, in each case + including portions thereof. + +1.5. "Incompatible With Secondary Licenses" + means + + (a) that the initial Contributor has attached the notice described + in Exhibit B to the Covered Software; or + + (b) that the Covered Software was made available under the terms of + version 1.1 or earlier of the License, but not also under the + terms of a Secondary License. + +1.6. "Executable Form" + means any form of the work other than Source Code Form. + +1.7. "Larger Work" + means a work that combines Covered Software with other material, in + a separate file or files, that is not Covered Software. + +1.8. "License" + means this document. + +1.9. "Licensable" + means having the right to grant, to the maximum extent possible, + whether at the time of the initial grant or subsequently, any and + all of the rights conveyed by this License. + +1.10. "Modifications" + means any of the following: + + (a) any file in Source Code Form that results from an addition to, + deletion from, or modification of the contents of Covered + Software; or + + (b) any new file in Source Code Form that contains any Covered + Software. + +1.11. "Patent Claims" of a Contributor + means any patent claim(s), including without limitation, method, + process, and apparatus claims, in any patent Licensable by such + Contributor that would be infringed, but for the grant of the + License, by the making, using, selling, offering for sale, having + made, import, or transfer of either its Contributions or its + Contributor Version. + +1.12. "Secondary License" + means either the GNU General Public License, Version 2.0, the GNU + Lesser General Public License, Version 2.1, the GNU Affero General + Public License, Version 3.0, or any later versions of those + licenses. + +1.13. "Source Code Form" + means the form of the work preferred for making modifications. + +1.14. "You" (or "Your") + means an individual or a legal entity exercising rights under this + License. For legal entities, "You" includes any entity that + controls, is controlled by, or is under common control with You. For + purposes of this definition, "control" means (a) the power, direct + or indirect, to cause the direction or management of such entity, + whether by contract or otherwise, or (b) ownership of more than + fifty percent (50%) of the outstanding shares or beneficial + ownership of such entity. + +2. License Grants and Conditions +-------------------------------- + +2.1. Grants + +Each Contributor hereby grants You a world-wide, royalty-free, +non-exclusive license: + +(a) under intellectual property rights (other than patent or trademark) + Licensable by such Contributor to use, reproduce, make available, + modify, display, perform, distribute, and otherwise exploit its + Contributions, either on an unmodified basis, with Modifications, or + as part of a Larger Work; and + +(b) under Patent Claims of such Contributor to make, use, sell, offer + for sale, have made, import, and otherwise transfer either its + Contributions or its Contributor Version. + +2.2. Effective Date + +The licenses granted in Section 2.1 with respect to any Contribution +become effective for each Contribution on the date the Contributor first +distributes such Contribution. + +2.3. Limitations on Grant Scope + +The licenses granted in this Section 2 are the only rights granted under +this License. No additional rights or licenses will be implied from the +distribution or licensing of Covered Software under this License. +Notwithstanding Section 2.1(b) above, no patent license is granted by a +Contributor: + +(a) for any code that a Contributor has removed from Covered Software; + or + +(b) for infringements caused by: (i) Your and any other third party's + modifications of Covered Software, or (ii) the combination of its + Contributions with other software (except as part of its Contributor + Version); or + +(c) under Patent Claims infringed by Covered Software in the absence of + its Contributions. + +This License does not grant any rights in the trademarks, service marks, +or logos of any Contributor (except as may be necessary to comply with +the notice requirements in Section 3.4). + +2.4. Subsequent Licenses + +No Contributor makes additional grants as a result of Your choice to +distribute the Covered Software under a subsequent version of this +License (see Section 10.2) or under the terms of a Secondary License (if +permitted under the terms of Section 3.3). + +2.5. Representation + +Each Contributor represents that the Contributor believes its +Contributions are its original creation(s) or it has sufficient rights +to grant the rights to its Contributions conveyed by this License. + +2.6. Fair Use + +This License is not intended to limit any rights You have under +applicable copyright doctrines of fair use, fair dealing, or other +equivalents. + +2.7. Conditions + +Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted +in Section 2.1. + +3. Responsibilities +------------------- + +3.1. Distribution of Source Form + +All distribution of Covered Software in Source Code Form, including any +Modifications that You create or to which You contribute, must be under +the terms of this License. You must inform recipients that the Source +Code Form of the Covered Software is governed by the terms of this +License, and how they can obtain a copy of this License. You may not +attempt to alter or restrict the recipients' rights in the Source Code +Form. + +3.2. Distribution of Executable Form + +If You distribute Covered Software in Executable Form then: + +(a) such Covered Software must also be made available in Source Code + Form, as described in Section 3.1, and You must inform recipients of + the Executable Form how they can obtain a copy of such Source Code + Form by reasonable means in a timely manner, at a charge no more + than the cost of distribution to the recipient; and + +(b) You may distribute such Executable Form under the terms of this + License, or sublicense it under different terms, provided that the + license for the Executable Form does not attempt to limit or alter + the recipients' rights in the Source Code Form under this License. + +3.3. Distribution of a Larger Work + +You may create and distribute a Larger Work under terms of Your choice, +provided that You also comply with the requirements of this License for +the Covered Software. If the Larger Work is a combination of Covered +Software with a work governed by one or more Secondary Licenses, and the +Covered Software is not Incompatible With Secondary Licenses, this +License permits You to additionally distribute such Covered Software +under the terms of such Secondary License(s), so that the recipient of +the Larger Work may, at their option, further distribute the Covered +Software under the terms of either this License or such Secondary +License(s). + +3.4. Notices + +You may not remove or alter the substance of any license notices +(including copyright notices, patent notices, disclaimers of warranty, +or limitations of liability) contained within the Source Code Form of +the Covered Software, except that You may alter any license notices to +the extent required to remedy known factual inaccuracies. + +3.5. Application of Additional Terms + +You may choose to offer, and to charge a fee for, warranty, support, +indemnity or liability obligations to one or more recipients of Covered +Software. However, You may do so only on Your own behalf, and not on +behalf of any Contributor. You must make it absolutely clear that any +such warranty, support, indemnity, or liability obligation is offered by +You alone, and You hereby agree to indemnify every Contributor for any +liability incurred by such Contributor as a result of warranty, support, +indemnity or liability terms You offer. You may include additional +disclaimers of warranty and limitations of liability specific to any +jurisdiction. + +4. Inability to Comply Due to Statute or Regulation +--------------------------------------------------- + +If it is impossible for You to comply with any of the terms of this +License with respect to some or all of the Covered Software due to +statute, judicial order, or regulation then You must: (a) comply with +the terms of this License to the maximum extent possible; and (b) +describe the limitations and the code they affect. Such description must +be placed in a text file included with all distributions of the Covered +Software under this License. Except to the extent prohibited by statute +or regulation, such description must be sufficiently detailed for a +recipient of ordinary skill to be able to understand it. + +5. Termination +-------------- + +5.1. The rights granted under this License will terminate automatically +if You fail to comply with any of its terms. However, if You become +compliant, then the rights granted under this License from a particular +Contributor are reinstated (a) provisionally, unless and until such +Contributor explicitly and finally terminates Your grants, and (b) on an +ongoing basis, if such Contributor fails to notify You of the +non-compliance by some reasonable means prior to 60 days after You have +come back into compliance. Moreover, Your grants from a particular +Contributor are reinstated on an ongoing basis if such Contributor +notifies You of the non-compliance by some reasonable means, this is the +first time You have received notice of non-compliance with this License +from such Contributor, and You become compliant prior to 30 days after +Your receipt of the notice. + +5.2. If You initiate litigation against any entity by asserting a patent +infringement claim (excluding declaratory judgment actions, +counter-claims, and cross-claims) alleging that a Contributor Version +directly or indirectly infringes any patent, then the rights granted to +You by any and all Contributors for the Covered Software under Section +2.1 of this License shall terminate. + +5.3. In the event of termination under Sections 5.1 or 5.2 above, all +end user license agreements (excluding distributors and resellers) which +have been validly granted by You or Your distributors under this License +prior to termination shall survive termination. + +************************************************************************ +* * +* 6. Disclaimer of Warranty * +* ------------------------- * +* * +* Covered Software is provided under this License on an "as is" * +* basis, without warranty of any kind, either expressed, implied, or * +* statutory, including, without limitation, warranties that the * +* Covered Software is free of defects, merchantable, fit for a * +* particular purpose or non-infringing. The entire risk as to the * +* quality and performance of the Covered Software is with You. * +* Should any Covered Software prove defective in any respect, You * +* (not any Contributor) assume the cost of any necessary servicing, * +* repair, or correction. This disclaimer of warranty constitutes an * +* essential part of this License. No use of any Covered Software is * +* authorized under this License except under this disclaimer. * +* * +************************************************************************ + +************************************************************************ +* * +* 7. Limitation of Liability * +* -------------------------- * +* * +* Under no circumstances and under no legal theory, whether tort * +* (including negligence), contract, or otherwise, shall any * +* Contributor, or anyone who distributes Covered Software as * +* permitted above, be liable to You for any direct, indirect, * +* special, incidental, or consequential damages of any character * +* including, without limitation, damages for lost profits, loss of * +* goodwill, work stoppage, computer failure or malfunction, or any * +* and all other commercial damages or losses, even if such party * +* shall have been informed of the possibility of such damages. This * +* limitation of liability shall not apply to liability for death or * +* personal injury resulting from such party's negligence to the * +* extent applicable law prohibits such limitation. Some * +* jurisdictions do not allow the exclusion or limitation of * +* incidental or consequential damages, so this exclusion and * +* limitation may not apply to You. * +* * +************************************************************************ + +8. Litigation +------------- + +Any litigation relating to this License may be brought only in the +courts of a jurisdiction where the defendant maintains its principal +place of business and such litigation shall be governed by laws of that +jurisdiction, without reference to its conflict-of-law provisions. +Nothing in this Section shall prevent a party's ability to bring +cross-claims or counter-claims. + +9. Miscellaneous +---------------- + +This License represents the complete agreement concerning the subject +matter hereof. If any provision of this License is held to be +unenforceable, such provision shall be reformed only to the extent +necessary to make it enforceable. Any law or regulation which provides +that the language of a contract shall be construed against the drafter +shall not be used to construe this License against a Contributor. + +10. Versions of the License +--------------------------- + +10.1. New Versions + +Mozilla Foundation is the license steward. Except as provided in Section +10.3, no one other than the license steward has the right to modify or +publish new versions of this License. Each version will be given a +distinguishing version number. + +10.2. Effect of New Versions + +You may distribute the Covered Software under the terms of the version +of the License under which You originally received the Covered Software, +or under the terms of any subsequent version published by the license +steward. + +10.3. Modified Versions + +If you create software not governed by this License, and you want to +create a new license for such software, you may create and use a +modified version of this License if you rename the license and remove +any references to the name of the license steward (except to note that +such modified license differs from this License). + +10.4. Distributing Source Code Form that is Incompatible With Secondary +Licenses + +If You choose to distribute Source Code Form that is Incompatible With +Secondary Licenses under the terms of this version of the License, the +notice described in Exhibit B of this License must be attached. + +Exhibit A - Source Code Form License Notice +------------------------------------------- + + This Source Code Form is subject to the terms of the Mozilla Public + License, v. 2.0. If a copy of the MPL was not distributed with this + file, You can obtain one at http://mozilla.org/MPL/2.0/. + +If it is not possible or desirable to put the notice in a particular +file, then You may include the notice in a location (such as a LICENSE +file in a relevant directory) where a recipient would be likely to look +for such a notice. + +You may add additional accurate notices of copyright ownership. + +Exhibit B - "Incompatible With Secondary Licenses" Notice +--------------------------------------------------------- + + This Source Code Form is "Incompatible With Secondary Licenses", as + defined by the Mozilla Public License, v. 2.0. diff --git a/ansible/roles/dingo-command/templates/registry.terraform.io/terraform-provider-openstack/openstack/1.54.1/linux_amd64/README.md b/ansible/roles/dingo-command/templates/registry.terraform.io/terraform-provider-openstack/openstack/1.54.1/linux_amd64/README.md new file mode 100644 index 0000000000..082bed89d9 --- /dev/null +++ b/ansible/roles/dingo-command/templates/registry.terraform.io/terraform-provider-openstack/openstack/1.54.1/linux_amd64/README.md @@ -0,0 +1,80 @@ +Terraform OpenStack Provider +============================ + +Documentation: [registry.terraform.io](https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs) + +Requirements +------------ + +- [Terraform](https://www.terraform.io/downloads.html) 1.0.x +- [Go](https://golang.org/doc/install) 1.20 (to build the provider plugin) + +Building The Provider +--------------------- + +Clone the repository + +```sh +$ git clone git@github.com:terraform-provider-openstack/terraform-provider-openstack.git +``` + +Enter the provider directory and build the provider + +```sh +$ cd terraform-provider-openstack +$ make build +``` + +Using the provider +---------------------- +Please see the documentation at [registry.terraform.io](https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs). + +Or you can browse the documentation within this repo [here](https://github.com/terraform-provider-openstack/terraform-provider-openstack/tree/main/website/docs). + +Developing the Provider +--------------------------- + +If you wish to work on the provider, you'll first need [Go](https://golang.org) installed on your machine (version 1.20+ is *required*). + +To compile the provider, run `make build`. This will build the provider and put the provider binary in the current directory. + +```sh +$ make build +``` + +For further details on how to work on this provider, please see the [Testing and Development](https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs#testing-and-development) documentation. + +Releasing the Provider +---------------------- + +This repository contains a GitHub Action configured to automatically build and +publish assets for release when a tag is pushed that matches the pattern `v*` +(ie. `v0.1.0`). + +A [Gorelaser](https://goreleaser.com/) configuration is provided that produce +build artifacts matching the [layout required](https://www.terraform.io/docs/registry/providers/publishing.html#manually-preparing-a-release) +to publish the provider in the Terraform Registry. + +Releases will as drafts. Once marked as published on the GitHub Releases page, +they will become available via the Terraform Registry. + +Before releasing, a PR updating the changelog should be made to trigger the CI +for all services and ensure that everything is OK. Moreover, update the example +on `website/docs/index.html.markdown` to point to the new version. + +Thank You +--------- + +We'd like to extend special thanks and appreciation to the following: + +### OpenLab + + + +OpenLab is providing a full CI environment to test each PR and merge for a variety of OpenStack releases. + +### VEXXHOST + + + +VEXXHOST is providing their services to assist with the development and testing of this provider. diff --git a/ansible/roles/dingo-command/templates/registry.terraform.io/terraform-provider-openstack/openstack/1.54.1/linux_amd64/terraform-provider-openstack_v1.54.1 b/ansible/roles/dingo-command/templates/registry.terraform.io/terraform-provider-openstack/openstack/1.54.1/linux_amd64/terraform-provider-openstack_v1.54.1 new file mode 100644 index 0000000000..02ed7e9015 Binary files /dev/null and b/ansible/roles/dingo-command/templates/registry.terraform.io/terraform-provider-openstack/openstack/1.54.1/linux_amd64/terraform-provider-openstack_v1.54.1 differ diff --git a/ansible/roles/dingo-command/templates/supervisord.conf b/ansible/roles/dingo-command/templates/supervisord.conf new file mode 100644 index 0000000000..baccd3d9d7 --- /dev/null +++ b/ansible/roles/dingo-command/templates/supervisord.conf @@ -0,0 +1,39 @@ +[supervisord] +nodaemon=true +logfile=/var/log/supervisord.log +pidfile=/var/run/supervisord.pid + +[unix_http_server] +file=/var/run/supervisor.sock + +[program:fastapi] +command=/usr/local/bin/gunicorn -c /etc/dingo-command/gunicorn.py dingo_command.main:app +directory=/opt/dingo-aurora +autostart=true +autorestart=true +#environment=LANG="en US.UTF-8",LC ALL="en US.UTF-8",PYTHONIOENCODING="utf-8" +stdout_logfile=/var/log/dingo-command/dingo-command.log +stderr_logfile=/var/log/dingo-command/dingo-command.err + +[program:celery] +command=celery -A dingo_command.celery_api.workers worker --pool=prefork --loglevel=info --concurrency=20 +directory=/opt/dingo-aurora +numprocs=6 +process_name=%(program_name)s_%(process_num)d +autostart=true +autorestart=true +stdout_logfile=/var/log/dingo-command/celery.log +stderr_logfile=/var/log/dingo-command/celery-err.log + +[program:flower] +command=celery -A dingo_command.celery_api.workers flower --port=5555 +directory=/opt/dingo-aurora +stdout_logfile=/var/log/flower.log +stderr_logfile=/var/log/flower-err.log + +[rpcinterface:supervisor] +supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface + +[supervisorctl] +serverurl=unix:///var/run/supervisor.sock +prompt=dingoops-supervisor diff --git a/ansible/roles/dingo-command/vars/main.yml b/ansible/roles/dingo-command/vars/main.yml new file mode 100644 index 0000000000..94778bdffd --- /dev/null +++ b/ansible/roles/dingo-command/vars/main.yml @@ -0,0 +1,2 @@ +--- +project_name: "dingo_command" diff --git a/ansible/roles/glance/defaults/main.yml b/ansible/roles/glance/defaults/main.yml index 3624772dd6..53ebd8e3c4 100644 --- a/ansible/roles/glance/defaults/main.yml +++ b/ansible/roles/glance/defaults/main.yml @@ -254,6 +254,10 @@ openstack_glance_auth: "{{ openstack_auth }}" glance_api_workers: "{{ openstack_service_workers }}" +# https://docs.openstack.org/glance/2024.2/configuration/sample-configuration.html +# Maximum size of image a user can upload in bytes. +image_size_cap : 3298534883328 + ################### # Kolla ################### diff --git a/ansible/roles/glance/tasks/precheck.yml b/ansible/roles/glance/tasks/precheck.yml index f1fd7d78af..362d62d908 100644 --- a/ansible/roles/glance/tasks/precheck.yml +++ b/ansible/roles/glance/tasks/precheck.yml @@ -29,7 +29,7 @@ assert: that: - vars[item] is defined - msg: "Glance S3 backend is enabled, either the {{ item }} or {{ item | replace('glance_backend_','') }} variable must be defined." + msg: "Glance S3 backend is enabled, either the {{ item }} or {{ item | replace('glance_backend_', '') }} variable must be defined." with_items: - glance_backend_s3_url - glance_backend_s3_bucket diff --git a/ansible/roles/glance/templates/glance-api.conf.j2 b/ansible/roles/glance/templates/glance-api.conf.j2 index 84856cd7d8..246c30b1de 100644 --- a/ansible/roles/glance/templates/glance-api.conf.j2 +++ b/ansible/roles/glance/templates/glance-api.conf.j2 @@ -4,6 +4,8 @@ debug = {{ glance_logging_debug }} # NOTE(elemoine) log_dir alone does not work for Glance log_file = /var/log/kolla/glance/glance-api.log +worker_self_reference_url = {{ 'https' if glance_enable_tls_backend | bool else 'http' }}://{{ api_interface_address | put_address_in_context('url') }}:{{ glance_api_port }} + {% if glance_enable_tls_backend | bool %} bind_host = 127.0.0.1 {% else %} @@ -23,6 +25,7 @@ property_protection_file = /etc/glance/property-protections-rules.conf cinder_catalog_info = volume:cinder:internalURL transport_url = {{ rpc_transport_url }} +image_size_cap = {{ image_size_cap }} {% if enable_glance_image_cache | bool %} image_cache_max_size = {{ glance_cache_max_size }} diff --git a/ansible/roles/gnocchi/templates/gnocchi.conf.j2 b/ansible/roles/gnocchi/templates/gnocchi.conf.j2 index 180fbdcaa5..81dc32693c 100644 --- a/ansible/roles/gnocchi/templates/gnocchi.conf.j2 +++ b/ansible/roles/gnocchi/templates/gnocchi.conf.j2 @@ -70,6 +70,9 @@ policy_file = {{ gnocchi_policy_file }} driver = redis redis_url = {{ redis_connection_string }} {% endif %} +{% if gnocchi_backend_storage == 'swift' %} +swift_cacert = {{ openstack_cacert }} +{% endif %} [storage] {% if gnocchi_backend_storage == 'file' %} @@ -84,6 +87,7 @@ ceph_conffile = /etc/ceph/{{ gnocchi_ceph_cluster }}.conf {% elif gnocchi_backend_storage == 'swift' %} driver = swift swift_authurl = {{ keystone_internal_url }} +swift_cacert = {{ openstack_cacert }} swift_auth_version = 3 swift_user = service:{{ swift_keystone_user }} swift_key = {{ swift_keystone_password }} diff --git a/ansible/roles/grafana/defaults/main.yml b/ansible/roles/grafana/defaults/main.yml index 9e31211a9c..63cd0e5e94 100644 --- a/ansible/roles/grafana/defaults/main.yml +++ b/ansible/roles/grafana/defaults/main.yml @@ -65,9 +65,9 @@ grafana_data_sources: access: "proxy" url: "{{ opensearch_internal_endpoint }}" jsonData: - flavor: "elasticsearch" - database: "[flog-]YYYY.MM.DD" - version: "7.0.0" + flavor: "OpenSearch" + database: "{{ opensearch_log_index_prefix }}-*" + version: "2.11.1" timeField: "@timestamp" ########## diff --git a/ansible/roles/grafana/templates/grafana.ini.j2 b/ansible/roles/grafana/templates/grafana.ini.j2 index d32febb6ff..f0399485ff 100644 --- a/ansible/roles/grafana/templates/grafana.ini.j2 +++ b/ansible/roles/grafana/templates/grafana.ini.j2 @@ -30,3 +30,10 @@ check_for_updates = false [security] admin_user = {{ grafana_admin_username }} admin_password = {{ grafana_admin_password }} + +[auth.anonymous] +enabled = true +org_role = Viewer + +[security] +allow_embedding = true \ No newline at end of file diff --git a/ansible/roles/haproxy-config/tasks/main.yml b/ansible/roles/haproxy-config/tasks/main.yml index 94edd79f5e..1e3f293adb 100644 --- a/ansible/roles/haproxy-config/tasks/main.yml +++ b/ansible/roles/haproxy-config/tasks/main.yml @@ -54,8 +54,9 @@ - name: "Configuring firewall for {{ project_name }}" firewalld: - offline: "yes" - permanent: "yes" + immediate: true + offline: true + permanent: true port: "{{ item.value.port }}/tcp" state: "enabled" zone: "{{ external_api_firewalld_zone }}" @@ -68,5 +69,3 @@ - enable_external_api_firewalld | bool - kolla_action != "config" with_dict: "{{ project_services | extract_haproxy_services }}" - notify: - - "Reload firewalld" diff --git a/ansible/roles/horizon/defaults/main.yml b/ansible/roles/horizon/defaults/main.yml index ca60afac1c..949d380c2a 100644 --- a/ansible/roles/horizon/defaults/main.yml +++ b/ansible/roles/horizon/defaults/main.yml @@ -9,6 +9,7 @@ horizon_services: ENABLE_BLAZAR: "{{ 'yes' if enable_horizon_blazar | bool else 'no' }}" ENABLE_CLOUDKITTY: "{{ 'yes' if enable_horizon_cloudkitty | bool else 'no' }}" ENABLE_DESIGNATE: "{{ 'yes' if enable_horizon_designate | bool else 'no' }}" + ENABLE_FWAAS: "{{ 'yes' if enable_horizon_fwaas | bool else 'no' }}" ENABLE_FREEZER: "{{ 'yes' if enable_horizon_freezer | bool else 'no' }}" ENABLE_HEAT: "{{ 'yes' if enable_horizon_heat | bool else 'no' }}" ENABLE_IRONIC: "{{ 'yes' if enable_horizon_ironic | bool else 'no' }}" @@ -133,7 +134,6 @@ horizon_default_volumes: - "/etc/localtime:/etc/localtime:ro" - "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}" - "kolla_logs:/var/log/kolla/" - - "/tmp:/tmp" horizon_extra_volumes: "{{ default_extra_volumes }}" diff --git a/ansible/roles/horizon/tasks/policy_item.yml b/ansible/roles/horizon/tasks/policy_item.yml index 7350dc7554..708f60e6ef 100644 --- a/ansible/roles/horizon/tasks/policy_item.yml +++ b/ansible/roles/horizon/tasks/policy_item.yml @@ -20,6 +20,6 @@ - name: Update custom policy file name set_fact: - custom_policy: "{{ custom_policy }} + [ '{{ overwritten_files.results.0.stat.path }}' ]" + custom_policy: "{{ custom_policy + [overwritten_files.results.0.stat.path] }}" when: - overwritten_files.results diff --git a/ansible/roles/horizon/templates/local_settings.j2 b/ansible/roles/horizon/templates/local_settings.j2 index 7e47a5cfe9..a9ec00adba 100644 --- a/ansible/roles/horizon/templates/local_settings.j2 +++ b/ansible/roles/horizon/templates/local_settings.j2 @@ -206,7 +206,8 @@ AVAILABLE_REGIONS = [ OPENSTACK_HOST = "{{ kolla_internal_fqdn }}" -OPENSTACK_KEYSTONE_URL = "{{ horizon_keystone_url }}" +# TODO(fprzewozn): URL /v3 suffix is required until Horizon bug #2073639 is resolved +OPENSTACK_KEYSTONE_URL = "{{ horizon_keystone_url }}/v3" OPENSTACK_KEYSTONE_DEFAULT_ROLE = "{{ keystone_default_user_role }}" {% if enable_keystone_federation | bool %} diff --git a/ansible/roles/ironic/defaults/main.yml b/ansible/roles/ironic/defaults/main.yml index 2cbdf834ed..0ecc06efc3 100644 --- a/ansible/roles/ironic/defaults/main.yml +++ b/ansible/roles/ironic/defaults/main.yml @@ -82,6 +82,7 @@ ironic_services: enabled: true cap_add: - NET_ADMIN + - NET_RAW image: "{{ ironic_dnsmasq_image_full }}" volumes: "{{ ironic_dnsmasq_default_volumes + ironic_dnsmasq_extra_volumes }}" dimensions: "{{ ironic_dnsmasq_dimensions }}" @@ -234,7 +235,7 @@ ironic_conductor_default_volumes: - "kolla_logs:/var/log/kolla" - "ironic:/var/lib/ironic" - "{{ kolla_dev_repos_directory ~ '/ironic/ironic:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/ironic' if ironic_dev_mode | bool else '' }}" - - "ironic_prometheus_exporter_data:/var/lib/ironic/metrics" + - "{{ 'ironic_prometheus_exporter_data:/var/lib/ironic/metrics' if enable_ironic_prometheus_exporter | bool else '' }}" ironic_tftp_default_volumes: - "{{ node_config_directory }}/ironic-tftp/:{{ container_config_directory }}/:ro" - "/etc/localtime:/etc/localtime:ro" diff --git a/ansible/roles/ironic/templates/ironic-dnsmasq.conf.j2 b/ansible/roles/ironic/templates/ironic-dnsmasq.conf.j2 index f7eb73eb63..aa55625e93 100644 --- a/ansible/roles/ironic/templates/ironic-dnsmasq.conf.j2 +++ b/ansible/roles/ironic/templates/ironic-dnsmasq.conf.j2 @@ -9,9 +9,8 @@ bind-interfaces {% set tag = item.tag | default('range_' ~ loop.index) %} {% set lease_time = item.lease_time | default(ironic_dnsmasq_dhcp_default_lease_time) %} dhcp-range=set:{{ tag }},{{ item.range }},{{ lease_time }} -{% if item.routers is defined %} -dhcp-option=tag:{{ tag }},option:router,{{ item.routers }} -{% endif %} +{% if item.routers is defined %}dhcp-option=tag:{{ tag }},option:router,{{ item.routers }}{% endif %} +{% if item.ntp_server is defined %}dhcp-option=tag:{{ tag }},option:ntp-server,{{ item.ntp_server }}{% endif %} {% endfor %} {% if api_address_family == 'ipv6' %} diff --git a/ansible/roles/ironic/templates/ironic-inspector.conf.j2 b/ansible/roles/ironic/templates/ironic-inspector.conf.j2 index fd52f1e00b..115381c45b 100644 --- a/ansible/roles/ironic/templates/ironic-inspector.conf.j2 +++ b/ansible/roles/ironic/templates/ironic-inspector.conf.j2 @@ -13,7 +13,7 @@ transport_url = {{ rpc_transport_url }} transport_url = {{ notify_transport_url }} [oslo_messaging_rabbit] -heartbeat_in_pthread = true +heartbeat_in_pthread = false {% if om_enable_rabbitmq_tls | bool %} ssl = true ssl_ca_file = {{ om_rabbitmq_cacert }} diff --git a/ansible/roles/ironic/templates/ironic.conf.j2 b/ansible/roles/ironic/templates/ironic.conf.j2 index 425c936a49..955d61c25f 100644 --- a/ansible/roles/ironic/templates/ironic.conf.j2 +++ b/ansible/roles/ironic/templates/ironic.conf.j2 @@ -17,6 +17,8 @@ my_ip = {{ api_interface_address }} {% if ironic_enabled_notification_topics %} notification_level = info {% endif %} +enabled_network_interfaces = flat,noop,neutron +enabled_console_interfaces = no-console,ipmitool-socat [oslo_messaging_notifications] transport_url = {{ notify_transport_url }} @@ -60,6 +62,7 @@ automated_clean=false send_sensor_data = true send_sensor_data_for_undeployed_nodes = {{ ironic_prometheus_exporter_sensor_data_undeployed_nodes }} send_sensor_data_interval = {{ ironic_prometheus_exporter_sensor_data_interval }} +automatic_lessee = true {% endif %} {% endif %} @@ -204,6 +207,8 @@ kernel_append_params = nofb nomodeset vga=normal console=tty0 console=ttyS0,{{ i tftp_root = /var/lib/ironic/tftpboot tftp_master_path = /var/lib/ironic/master_images tftp_server = {{ api_interface_address }} +image_cache_size = 2048000 +image_cache_ttl = 10080 [deploy] http_root = /var/lib/ironic/httpboot @@ -216,3 +221,6 @@ enable_proxy_headers_parsing = True [dhcp] dhcp_provider = none {% endif %} + +[metrics] +backend = collector diff --git a/ansible/roles/kafka/defaults/main.yml b/ansible/roles/kafka/defaults/main.yml new file mode 100644 index 0000000000..5a2195bbb3 --- /dev/null +++ b/ansible/roles/kafka/defaults/main.yml @@ -0,0 +1,51 @@ +--- +kafka_services: + kafka: + container_name: kafka + group: kafka + enabled: true + image: "{{ kafka_image_full }}" + environment: + LOG_DIR: "{{ kafka_log_dir }}" + KAFKA_HEAP_OPTS: "{{ kafka_heap_opts }}" + volumes: "{{ kafka_default_volumes + kafka_extra_volumes }}" + dimensions: "{{ kafka_dimensions }}" + healthcheck: "{{ kafka_healthcheck }}" + + +#################### +# Kafka +#################### +kafka_cluster_name: "kolla_kafka" +kafka_log_dir: "/var/log/kolla/kafka" +kafka_heap_opts: "-Xmx1G -Xms1G" +kafka_zookeeper: "{% for host in groups['zookeeper'] %}{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ zookeeper_client_port }}{% if not loop.last %},{% endif %}{% endfor %}" + +#################### +# Docker +#################### +kafka_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/kafka" +kafka_tag: "{{ openstack_tag }}" +kafka_image_full: "{{ kafka_image }}:{{ kafka_tag }}" +kafka_dimensions: "{{ default_container_dimensions }}" + +kafka_enable_healthchecks: "{{ enable_container_healthchecks }}" +kafka_healthcheck_interval: "{{ default_container_healthcheck_interval }}" +kafka_healthcheck_retries: "{{ default_container_healthcheck_retries }}" +kafka_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}" +kafka_healthcheck_test: ["CMD-SHELL", "healthcheck_listen java {{ kafka_port }}"] +kafka_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}" +kafka_healthcheck: + interval: "{{ kafka_healthcheck_interval }}" + retries: "{{ kafka_healthcheck_retries }}" + start_period: "{{ kafka_healthcheck_start_period }}" + test: "{% if kafka_enable_healthchecks | bool %}{{ kafka_healthcheck_test }}{% else %}NONE{% endif %}" + timeout: "{{ kafka_healthcheck_timeout }}" + +kafka_default_volumes: + - "{{ node_config_directory }}/kafka/:{{ container_config_directory }}/" + - "/etc/localtime:/etc/localtime:ro" + - "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}" + - "{{ kafka_datadir_volume }}:/var/lib/kafka/data" + - "kolla_logs:/var/log/kolla/" +kafka_extra_volumes: "{{ default_extra_volumes }}" diff --git a/ansible/roles/kafka/handlers/main.yml b/ansible/roles/kafka/handlers/main.yml new file mode 100644 index 0000000000..d335115bb6 --- /dev/null +++ b/ansible/roles/kafka/handlers/main.yml @@ -0,0 +1,17 @@ +--- +- name: Restart kafka container + vars: + service_name: "kafka" + service: "{{ kafka_services[service_name] }}" + become: true + kolla_container: + action: "recreate_or_restart_container" + common_options: "{{ docker_common_options }}" + name: "{{ service.container_name }}" + image: "{{ service.image }}" + environment: "{{ service.environment }}" + volumes: "{{ service.volumes }}" + dimensions: "{{ service.dimensions }}" + healthcheck: "{{ service.healthcheck | default(omit) }}" + when: + - kolla_action != "config" diff --git a/ansible/roles/kafka/tasks/check-containers.yml b/ansible/roles/kafka/tasks/check-containers.yml new file mode 100644 index 0000000000..be8acc0919 --- /dev/null +++ b/ansible/roles/kafka/tasks/check-containers.yml @@ -0,0 +1,18 @@ +--- +- name: Check kafka containers + become: true + kolla_container: + action: "compare_container" + common_options: "{{ docker_common_options }}" + name: "{{ item.value.container_name }}" + image: "{{ item.value.image }}" + volumes: "{{ item.value.volumes }}" + environment: "{{ item.value.environment }}" + dimensions: "{{ item.value.dimensions }}" + healthcheck: "{{ item.value.healthcheck | default(omit) }}" + when: + - inventory_hostname in groups[item.value.group] + - item.value.enabled | bool + with_dict: "{{ kafka_services }}" + notify: + - "Restart {{ item.key }} container" diff --git a/ansible/roles/kafka/tasks/check.yml b/ansible/roles/kafka/tasks/check.yml new file mode 100644 index 0000000000..ed97d539c0 --- /dev/null +++ b/ansible/roles/kafka/tasks/check.yml @@ -0,0 +1 @@ +--- diff --git a/ansible/roles/kafka/tasks/config.yml b/ansible/roles/kafka/tasks/config.yml new file mode 100644 index 0000000000..5338a89e98 --- /dev/null +++ b/ansible/roles/kafka/tasks/config.yml @@ -0,0 +1,42 @@ +--- +- name: Ensuring config directories exist + file: + path: "{{ node_config_directory }}/{{ item.key }}" + state: "directory" + owner: "{{ config_owner_user }}" + group: "{{ config_owner_group }}" + mode: "0770" + become: true + when: + - inventory_hostname in groups[item.value.group] + - item.value.enabled | bool + with_dict: "{{ kafka_services }}" + +- name: Copying over config.json files for services + template: + src: "{{ item.key }}.json.j2" + dest: "{{ node_config_directory }}/{{ item.key }}/config.json" + mode: "0660" + become: true + when: + - inventory_hostname in groups[item.value.group] + - item.value.enabled | bool + with_dict: "{{ kafka_services }}" + notify: + - Restart kafka container + +- name: Copying over kafka config + merge_configs: + sources: + - "{{ role_path }}/templates/kafka.server.properties.j2" + - "{{ node_custom_config }}/kafka.server.properties" + - "{{ node_custom_config }}/{{ item.key }}/{{ inventory_hostname }}/kafka.server.properties" + dest: "{{ node_config_directory }}/{{ item.key }}/kafka.server.properties" + mode: "0660" + become: true + when: + - inventory_hostname in groups[item.value.group] + - item.value.enabled | bool + with_dict: "{{ kafka_services }}" + notify: + - Restart kafka container diff --git a/ansible/roles/kafka/tasks/deploy-containers.yml b/ansible/roles/kafka/tasks/deploy-containers.yml new file mode 100644 index 0000000000..eb24ab5c7a --- /dev/null +++ b/ansible/roles/kafka/tasks/deploy-containers.yml @@ -0,0 +1,2 @@ +--- +- import_tasks: check-containers.yml diff --git a/ansible/roles/kafka/tasks/deploy.yml b/ansible/roles/kafka/tasks/deploy.yml new file mode 100644 index 0000000000..49edff81e3 --- /dev/null +++ b/ansible/roles/kafka/tasks/deploy.yml @@ -0,0 +1,7 @@ +--- +- import_tasks: config.yml + +- import_tasks: check-containers.yml + +- name: Flush handlers + meta: flush_handlers diff --git a/ansible/roles/kafka/tasks/main.yml b/ansible/roles/kafka/tasks/main.yml new file mode 100644 index 0000000000..bc5d1e6257 --- /dev/null +++ b/ansible/roles/kafka/tasks/main.yml @@ -0,0 +1,2 @@ +--- +- include_tasks: "{{ kolla_action }}.yml" diff --git a/ansible/roles/kafka/tasks/precheck.yml b/ansible/roles/kafka/tasks/precheck.yml new file mode 100644 index 0000000000..41597da6b6 --- /dev/null +++ b/ansible/roles/kafka/tasks/precheck.yml @@ -0,0 +1,25 @@ +--- +- import_role: + name: service-precheck + vars: + service_precheck_services: "{{ kafka_services }}" + service_name: "{{ project_name }}" + +- name: Get container facts + become: true + kolla_container_facts: + container_engine: "{{ kolla_container_engine }}" + name: + - kafka + register: container_facts + +- name: Checking free port for Kafka + wait_for: + host: "{{ api_interface_address }}" + port: "{{ kafka_port }}" + connect_timeout: 1 + timeout: 1 + state: stopped + when: + - container_facts['kafka'] is not defined + - inventory_hostname in groups['kafka'] diff --git a/ansible/roles/kafka/tasks/pull.yml b/ansible/roles/kafka/tasks/pull.yml new file mode 100644 index 0000000000..53f9c5fda1 --- /dev/null +++ b/ansible/roles/kafka/tasks/pull.yml @@ -0,0 +1,3 @@ +--- +- import_role: + role: service-images-pull diff --git a/ansible/roles/kafka/tasks/reconfigure.yml b/ansible/roles/kafka/tasks/reconfigure.yml new file mode 100644 index 0000000000..5b10a7e111 --- /dev/null +++ b/ansible/roles/kafka/tasks/reconfigure.yml @@ -0,0 +1,2 @@ +--- +- import_tasks: deploy.yml diff --git a/ansible/roles/kafka/tasks/stop.yml b/ansible/roles/kafka/tasks/stop.yml new file mode 100644 index 0000000000..2ede1b9cb2 --- /dev/null +++ b/ansible/roles/kafka/tasks/stop.yml @@ -0,0 +1,6 @@ +--- +- import_role: + name: service-stop + vars: + project_services: "{{ kafka_services }}" + service_name: "{{ project_name }}" diff --git a/ansible/roles/kafka/tasks/upgrade.yml b/ansible/roles/kafka/tasks/upgrade.yml new file mode 100644 index 0000000000..49edff81e3 --- /dev/null +++ b/ansible/roles/kafka/tasks/upgrade.yml @@ -0,0 +1,7 @@ +--- +- import_tasks: config.yml + +- import_tasks: check-containers.yml + +- name: Flush handlers + meta: flush_handlers diff --git a/ansible/roles/kafka/templates/kafka.json.j2 b/ansible/roles/kafka/templates/kafka.json.j2 new file mode 100644 index 0000000000..7f83d55595 --- /dev/null +++ b/ansible/roles/kafka/templates/kafka.json.j2 @@ -0,0 +1,23 @@ +{ + "command": "/opt/kafka/bin/kafka-server-start.sh /etc/kafka/kafka.server.properties", + "config_files": [ + { + "source": "{{ container_config_directory }}/kafka.server.properties", + "dest": "/etc/kafka/kafka.server.properties", + "owner": "kafka", + "perm": "0600" + } + ], + "permissions": [ + { + "path": "/var/lib/kafka", + "owner": "kafka:kafka", + "recurse": true + }, + { + "path": "/var/log/kolla/kafka", + "owner": "kafka:kafka", + "recurse": true + } + ] +} diff --git a/ansible/roles/kafka/templates/kafka.server.properties.j2 b/ansible/roles/kafka/templates/kafka.server.properties.j2 new file mode 100644 index 0000000000..449d06b51b --- /dev/null +++ b/ansible/roles/kafka/templates/kafka.server.properties.j2 @@ -0,0 +1,21 @@ +listeners=PLAINTEXT://{{ api_interface_address | put_address_in_context('url') }}:{{ kafka_port }} +controlled.shutdown.enable=true +auto.leader.rebalance.enable=true +num.network.threads=3 +num.io.threads=8 +socket.send.buffer.bytes=102400 +socket.receive.buffer.bytes=102400 +socket.request.max.bytes=104857600 +log.dirs=/var/lib/kafka/data +min.insync.replicas={{ kafka_broker_count if kafka_broker_count|int < 3 else 2 }} +default.replication.factor={{ kafka_broker_count if kafka_broker_count|int < 3 else 3 }} +num.partitions=30 +num.recovery.threads.per.data.dir=1 +offsets.topic.replication.factor={{ kafka_broker_count if kafka_broker_count|int < 3 else 3 }} +transaction.state.log.replication.factor={{ kafka_broker_count if kafka_broker_count|int < 3 else 3 }} +transaction.state.log.min.isr={{ kafka_broker_count if kafka_broker_count|int < 3 else 2 }} +log.retention.hours=168 +log.segment.bytes=1073741824 +log.retention.check.interval.ms=300000 +zookeeper.connect={{ kafka_zookeeper }} +zookeeper.connection.timeout.ms=6000 diff --git a/ansible/roles/kafka/vars/main.yml b/ansible/roles/kafka/vars/main.yml new file mode 100644 index 0000000000..be887f0f73 --- /dev/null +++ b/ansible/roles/kafka/vars/main.yml @@ -0,0 +1,2 @@ +--- +project_name: "kafka" diff --git a/ansible/roles/keystone/defaults/main.yml b/ansible/roles/keystone/defaults/main.yml index f3bfb094e2..f0ad04631c 100644 --- a/ansible/roles/keystone/defaults/main.yml +++ b/ansible/roles/keystone/defaults/main.yml @@ -16,7 +16,8 @@ keystone_services: tls_backend: "{{ keystone_enable_tls_backend }}" port: "{{ keystone_internal_port }}" listen_port: "{{ keystone_internal_listen_port }}" - backend_http_extra: "{{ ['balance source'] if enable_keystone_federation | bool else [] }}" + backend_http_extra: + - balance "{{ 'source' if enable_keystone_federation | bool else 'roundrobin' }}" keystone_external: enabled: "{{ enable_keystone }}" mode: "http" @@ -25,7 +26,8 @@ keystone_services: tls_backend: "{{ keystone_enable_tls_backend }}" port: "{{ keystone_public_port }}" listen_port: "{{ keystone_public_listen_port }}" - backend_http_extra: "{{ ['balance source'] if enable_keystone_federation | bool else [] }}" + backend_http_extra: + - balance "{{ 'source' if enable_keystone_federation | bool else 'roundrobin' }}" keystone-ssh: container_name: "keystone_ssh" group: "keystone" @@ -195,18 +197,18 @@ keystone_enabled_notification_topics: "{{ keystone_notification_topics | selecta # Keystone #################### keystone_service_endpoints: + - {'interface': 'admin', 'url': '{{ keystone_internal_url }}', 'state': 'absent'} - {'interface': 'internal', 'url': '{{ keystone_internal_url }}'} - {'interface': 'public', 'url': '{{ keystone_public_url }}'} -# TODO(yoctozepto): Remove admin_endpoint leftovers in Antelope (2023.1). -keystone_service_admin_endpoint: {'interface': 'admin', 'url': '{{ keystone_internal_url }}'} -keystone_create_admin_endpoint: false - keystone_ks_services: - name: "keystone" type: "identity" description: "Openstack Identity Service" - endpoints: "{{ keystone_service_endpoints + ([keystone_service_admin_endpoint] if kolla_action == 'upgrade' or keystone_create_admin_endpoint | bool else []) }}" + endpoints: "{{ keystone_service_endpoints }}" + +keystone_ks_roles: + - service #################### # TLS diff --git a/ansible/roles/keystone/tasks/upgrade.yml b/ansible/roles/keystone/tasks/upgrade.yml index bbe2ca9338..3d2450d939 100644 --- a/ansible/roles/keystone/tasks/upgrade.yml +++ b/ansible/roles/keystone/tasks/upgrade.yml @@ -33,6 +33,14 @@ - name: Flush handlers meta: flush_handlers +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_keystone_auth }}" + service_ks_register_services: "{{ keystone_ks_services }}" + service_ks_register_roles: "{{ keystone_ks_roles }}" + run_once: True + - name: Disable log_bin_trust_function_creators function become: true kolla_toolbox: @@ -48,3 +56,11 @@ run_once: True when: - not use_preconfigured_databases | bool + +# NOTE(mgoddard): Remove the admin endpoint. +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_keystone_auth }}" + service_ks_register_services: "{{ keystone_ks_services }}" + run_once: True diff --git a/ansible/roles/letsencrypt/tasks/pull.yml b/ansible/roles/letsencrypt/tasks/pull.yml index 33880e0b3d..53f9c5fda1 100644 --- a/ansible/roles/letsencrypt/tasks/pull.yml +++ b/ansible/roles/letsencrypt/tasks/pull.yml @@ -1,11 +1,3 @@ --- -- name: Pulling LetsEncrypt images - become: true - kolla_container: - action: "pull_image" - common_options: "{{ docker_common_options }}" - image: "{{ item.value.image }}" - when: - - inventory_hostname in groups[item.value.group] - - item.value.enabled | bool - with_dict: "{{ letsencrypt_services }}" +- import_role: + role: service-images-pull diff --git a/ansible/roles/loadbalancer/handlers/main.yml b/ansible/roles/loadbalancer/handlers/main.yml index a94a740cab..4c8688c1b8 100644 --- a/ansible/roles/loadbalancer/handlers/main.yml +++ b/ansible/roles/loadbalancer/handlers/main.yml @@ -1,10 +1,4 @@ --- -- name: Reload firewalld - become: True - service: - name: "firewalld" - state: reloaded - # NOTE(yoctozepto): this handler dance is to ensure we delay restarting master # keepalived and haproxy which control VIP address until we have working backups. # This could be improved by checking if backup keepalived do not report FAULT state. diff --git a/ansible/roles/loadbalancer/tasks/config-host.yml b/ansible/roles/loadbalancer/tasks/config-host.yml index 46b262c7a4..c05a8bc3cd 100644 --- a/ansible/roles/loadbalancer/tasks/config-host.yml +++ b/ansible/roles/loadbalancer/tasks/config-host.yml @@ -1,4 +1,10 @@ --- + +- name: Check IPv6 support + command: /usr/sbin/sysctl -n net.ipv6.conf.all.disable_ipv6 + register: ipv6_disabled + changed_when: false + - name: Setting sysctl values vars: should_set: "{{ item.value != 'KOLLA_UNSET' }}" @@ -17,6 +23,7 @@ when: - set_sysctl | bool - item.value != 'KOLLA_SKIP' + - not ('ipv6' in item.name and ipv6_disabled.stdout | bool) - name: Load and persist keepalived module import_role: diff --git a/ansible/roles/loadbalancer/tasks/precheck.yml b/ansible/roles/loadbalancer/tasks/precheck.yml index 18b822cc11..faafac1f95 100644 --- a/ansible/roles/loadbalancer/tasks/precheck.yml +++ b/ansible/roles/loadbalancer/tasks/precheck.yml @@ -107,7 +107,7 @@ - name: Checking the kolla_external_vip_interface is active assert: - that: hostvars[inventory_hostname].ansible_facts[kolla_external_vip_interface]['active'] + that: hostvars[inventory_hostname].ansible_facts[kolla_external_vip_interface | replace('-', '_')]['active'] fail_msg: "Please check the kolla_external_vip_interface settings - interface {{ kolla_external_vip_interface }} is not active" when: - haproxy_enable_external_vip | bool @@ -190,20 +190,20 @@ - api_interface_address != kolla_internal_vip_address # FIXME(yoctozepto): this req seems arbitrary, they need not be, just routable is fine -- name: Checking if kolla_internal_vip_address is in the same network as api_interface on all nodes - become: true - command: ip -o addr show dev {{ api_interface }} - register: ip_addr_output - changed_when: false - failed_when: >- - ( ip_addr_output is failed or - kolla_internal_vip_address | ipaddr(ip_addr_output.stdout.split()[3]) is none) - check_mode: false - when: - - enable_haproxy | bool - - enable_keepalived | bool - - container_facts['keepalived'] is not defined - - inventory_hostname in groups['loadbalancer'] +#- name: Checking if kolla_internal_vip_address is in the same network as api_interface on all nodes +# become: true +# command: ip -o addr show dev {{ api_interface }} +# register: ip_addr_output +# changed_when: false +# failed_when: >- +# ( ip_addr_output is failed or +# kolla_internal_vip_address | ipaddr(ip_addr_output.stdout.split()[3]) is none) +# check_mode: false +# when: +# - enable_haproxy | bool +# - enable_keepalived | bool +# - container_facts['keepalived'] is not defined +# - inventory_hostname in groups['loadbalancer'] - name: Getting haproxy stat become: true diff --git a/ansible/roles/loadbalancer/templates/haproxy/haproxy_external_frontend.cfg.j2 b/ansible/roles/loadbalancer/templates/haproxy/haproxy_external_frontend.cfg.j2 index fe19aaeeea..87922259e2 100644 --- a/ansible/roles/loadbalancer/templates/haproxy/haproxy_external_frontend.cfg.j2 +++ b/ansible/roles/loadbalancer/templates/haproxy/haproxy_external_frontend.cfg.j2 @@ -1,4 +1,4 @@ -{%- set external_tls_bind_info = 'ssl crt /etc/haproxy/haproxy.pem' if kolla_enable_tls_external|bool else '' %} +{%- set external_tls_bind_info = 'ssl crt /etc/haproxy/certificates/haproxy.pem' if kolla_enable_tls_external|bool else '' %} frontend external_frontend mode http diff --git a/ansible/roles/loadbalancer/templates/proxysql/proxysql.yaml.j2 b/ansible/roles/loadbalancer/templates/proxysql/proxysql.yaml.j2 index f5c6f38a31..d589610f5c 100644 --- a/ansible/roles/loadbalancer/templates/proxysql/proxysql.yaml.j2 +++ b/ansible/roles/loadbalancer/templates/proxysql/proxysql.yaml.j2 @@ -10,13 +10,13 @@ errorlog: "/var/log/kolla/proxysql/proxysql.log" admin_variables: admin_credentials: "{{ proxysql_admin_user }}:{{ proxysql_admin_password }}" - mysql_ifaces: "{{ api_interface_address }}:{{ proxysql_admin_port }};{{ kolla_internal_vip_address }}:{{ proxysql_admin_port }};/var/lib/kolla/proxysql/admin.sock" + mysql_ifaces: "{{ api_interface_address | put_address_in_context('url') }}:{{ proxysql_admin_port }};{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ proxysql_admin_port }};/var/lib/kolla/proxysql/admin.sock" stats_credentials: "{{ proxysql_stats_user }}:{{ proxysql_stats_password }}" mysql_variables: threads: {{ proxysql_workers }} max_connections: {{ proxysql_max_connections }} - interfaces: "{{ kolla_internal_vip_address }}:{{ database_port }}" + interfaces: "{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ database_port }}" monitor_username: "{{ mariadb_monitor_user }}" monitor_password: "{{ mariadb_monitor_password }}" diff --git a/ansible/roles/magnum/tasks/register.yml b/ansible/roles/magnum/tasks/register.yml index 9c64cb58b3..1d024041a4 100644 --- a/ansible/roles/magnum/tasks/register.yml +++ b/ansible/roles/magnum/tasks/register.yml @@ -30,6 +30,7 @@ name: "{{ magnum_trustee_domain_admin }}" domain: "{{ magnum_trustee_domain }}" password: "{{ magnum_keystone_password }}" + update_password: "{{ 'always' if update_keystone_service_user_passwords | bool else 'on_create' }}" auth: "{{ openstack_magnum_auth }}" endpoint_type: "{{ openstack_interface }}" cacert: "{{ openstack_cacert }}" diff --git a/ansible/roles/magnum/templates/magnum.conf.j2 b/ansible/roles/magnum/templates/magnum.conf.j2 index 8422a8ce39..01faf09fd7 100644 --- a/ansible/roles/magnum/templates/magnum.conf.j2 +++ b/ansible/roles/magnum/templates/magnum.conf.j2 @@ -151,3 +151,8 @@ trace_sqlalchemy = true hmac_keys = {{ osprofiler_secret }} connection_string = {{ osprofiler_backend_connection_string }} {% endif %} + +{% if magnum_kubeconfig_file_path is not defined %} +[drivers] +disabled_drivers = k8s_cluster_api_flatcar,k8s_cluster_api_rockylinux,k8s_cluster_api_ubuntu,k8s_cluster_api_ubuntu_focal +{% endif %} diff --git a/ansible/roles/manila/defaults/main.yml b/ansible/roles/manila/defaults/main.yml index 6244997ed1..130d5beeab 100644 --- a/ansible/roles/manila/defaults/main.yml +++ b/ansible/roles/manila/defaults/main.yml @@ -39,6 +39,20 @@ manila_services: volumes: "{{ manila_share_default_volumes + manila_share_extra_volumes + lookup('vars', 'run_default_volumes_' + kolla_container_engine) }}" dimensions: "{{ manila_share_dimensions }}" healthcheck: "{{ manila_share_healthcheck }}" + haproxy: + manila_share: + enabled: "{{ enable_manila and enable_manila_backend_nfs }}" + mode: "tcp" + external: false + port: "{{ manila_share_port }}" + listen_port: "{{ manila_share_listen_port }}" + manila_share_external: + enabled: "{{ enable_manila and enable_manila_backend_nfs }}" + mode: "tcp" + external: true + external_fqdn: "{{ manila_share_external_fqdn }}" + port: "{{ manila_share_public_port }}" + listen_port: "{{ manila_share_listen_port }}" manila-data: container_name: "manila_data" group: "manila-data" @@ -48,7 +62,7 @@ manila_services: volumes: "{{ manila_data_default_volumes + manila_data_extra_volumes + lookup('vars', 'run_default_volumes_' + kolla_container_engine) }}" dimensions: "{{ manila_data_dimensions }}" healthcheck: "{{ manila_data_healthcheck }}" - +enable_manila_backend_nfs: True #################### # Config Validate #################### @@ -163,6 +177,7 @@ manila_share_default_volumes: - "kolla_logs:/var/log/kolla/" - "/lib/modules:/lib/modules:ro" - "{{ kolla_dev_repos_directory ~ '/manila/manila:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/manila' if manila_dev_mode | bool else '' }}" + - "/etc/ganesha:/etc/ganesha" manila_scheduler_default_volumes: - "{{ node_config_directory }}/manila-scheduler/:{{ container_config_directory }}/:ro" - "/etc/localtime:/etc/localtime:ro" @@ -296,6 +311,11 @@ manila_ks_users: password: "{{ manila_keystone_password }}" role: "admin" +manila_ks_user_roles: + - project: "service" + user: "admin" + role: "admin" + #################### # CephFS diff --git a/ansible/roles/manila/tasks/config.yml b/ansible/roles/manila/tasks/config.yml index bf2929c804..2c401514f7 100644 --- a/ansible/roles/manila/tasks/config.yml +++ b/ansible/roles/manila/tasks/config.yml @@ -73,6 +73,72 @@ with_dict: "{{ manila_services }}" notify: - Restart {{ item.key }} container +- name: check /etc/ganesha is exists + vars: + service: "{{ manila_services['manila-share'] }}" + service_name: "{{ item }}" + file: + path: /etc/ganesha + state: directory + owner: root + group: root + mode: '0755' + become: true + when: + - inventory_hostname in groups[service.group] + - service.enabled | bool + - enable_manila_backend_nfs | bool + +- name: generate ganesha.conf for manila-share + vars: + service: "{{ manila_services['manila-share'] }}" + service_name: "{{ item }}" + template: + src: "{{ role_path }}/templates/ganesha.conf.j2" + dest: "/etc/ganesha/ganesha.conf" + mode: "0644" + become: true + when: + - inventory_hostname in groups[service.group] + - service.enabled | bool + - enable_manila_backend_nfs | bool + with_items: + - "manila-share" + +- name: generate dbus conf for ganesha + vars: + service: "{{ manila_services['manila-share'] }}" + service_name: "{{ item }}" + template: + src: "{{ role_path }}/templates/org.ganesha.nfsd.conf.j2" + dest: "/etc/dbus-1/system.d/org.ganesha.nfsd.conf" + mode: "0644" + become: true + when: + - inventory_hostname in groups[service.group] + - service.enabled | bool + - enable_manila_backend_nfs | bool + with_items: + - "manila-share" + +- name: mkdir /run/ganesha + vars: + service: "{{ manila_services['manila-share'] }}" + service_name: "{{ item }}" + file: + path: /run/ganesha + state: directory + owner: "{{ config_owner_user }}" + group: "{{ config_owner_group }}" + mode: '0777' + become: true + when: + - inventory_hostname in groups[service.group] + - service.enabled | bool + - enable_manila_backend_nfs | bool + with_items: + - "manila-share" + - name: Copying over manila-share.conf vars: diff --git a/ansible/roles/manila/tasks/register.yml b/ansible/roles/manila/tasks/register.yml index d8af77c0f5..bd311fad8f 100644 --- a/ansible/roles/manila/tasks/register.yml +++ b/ansible/roles/manila/tasks/register.yml @@ -5,3 +5,4 @@ service_ks_register_auth: "{{ openstack_manila_auth }}" service_ks_register_services: "{{ manila_ks_services }}" service_ks_register_users: "{{ manila_ks_users }}" + service_ks_register_user_roles: "{{ manila_ks_user_roles }}" diff --git a/ansible/roles/manila/templates/ganesha.conf.j2 b/ansible/roles/manila/templates/ganesha.conf.j2 new file mode 100644 index 0000000000..f5b7d5b785 --- /dev/null +++ b/ansible/roles/manila/templates/ganesha.conf.j2 @@ -0,0 +1,28 @@ +NFS_Core_Param +{ + Enable_NLM = false; + Bind_addr = 0.0.0.0; + NFS_Port = {{ manila_share_listen_port }}; +} +{% if enable_manila_backend_cephfs_nfs | bool %} +{% for backend in manila_ceph_backends %} +{% if backend.driver == 'cephfsnfs' %} +RADOS_URLS { + ceph_conf = "/etc/ceph/{{ backend.cluster }}.conf"; + userid = "{{ ceph_manila_user }}"; + watch_url = "rados://{{ manila_export_store_pool_name }}/{{ manila_export_object_name }}"; +} + +%url rados://{{ manila_export_store_pool_name }}/{{ manila_export_object_name }} + +NFSv4 { + RecoveryBackend = "rados_kv"; +} +RADOS_KV { + ceph_conf = "/etc/ceph/{{ backend.cluster }}.conf"; + userid = "{{ ceph_manila_user }}"; + pool = "{{ manila_export_store_pool_name }}"; +} +{% endif %} +{% endfor %} +{% endif %} \ No newline at end of file diff --git a/ansible/roles/manila/templates/manila-share.conf.j2 b/ansible/roles/manila/templates/manila-share.conf.j2 index ebff073c1f..d52a61000e 100644 --- a/ansible/roles/manila/templates/manila-share.conf.j2 +++ b/ansible/roles/manila/templates/manila-share.conf.j2 @@ -136,6 +136,8 @@ cephfs_cluster_name = {{ backend.cluster }} {% if manila_cephfs_filesystem_name | length %} cephfs_filesystem_name = {{ manila_cephfs_filesystem_name }} {% endif %} +ganesha_rados_store_enable = True +ganesha_rados_store_pool_name = {{ manila_export_store_pool_name }} cephfs_ganesha_server_is_remote= False cephfs_ganesha_server_ip = {{ api_interface_address }} {% endif %} diff --git a/ansible/roles/manila/templates/org.ganesha.nfsd.conf.j2 b/ansible/roles/manila/templates/org.ganesha.nfsd.conf.j2 new file mode 100644 index 0000000000..19bcecbcbc --- /dev/null +++ b/ansible/roles/manila/templates/org.ganesha.nfsd.conf.j2 @@ -0,0 +1,21 @@ + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/ansible/roles/mariadb/defaults/main.yml b/ansible/roles/mariadb/defaults/main.yml index eaa318963b..eda1b5fcc9 100644 --- a/ansible/roles/mariadb/defaults/main.yml +++ b/ansible/roles/mariadb/defaults/main.yml @@ -120,12 +120,8 @@ mariadb_wsrep_extra_provider_options: [] #################### # Backups #################### -mariabackup_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/mariadb-server" -mariabackup_tag: "{{ mariadb_tag }}" -mariabackup_image_full: "{{ mariabackup_image }}:{{ mariabackup_tag }}" - mariadb_backup_host: "{{ groups[mariadb_shard_group][0] }}" -mariadb_backup_database_schema: "PERCONA_SCHEMA" +mariadb_backup_database_schema: "mysql" mariadb_backup_database_user: "{% if mariadb_loadbalancer == 'haproxy' %}backup{% else %}{{ mariadb_shard_backup_user_prefix }}{{ mariadb_shard_id | string }}{% endif %}" mariadb_backup_type: "full" mariadb_backup_possible: "{{ mariadb_loadbalancer != 'haproxy' or inventory_hostname in mariadb_default_database_shard_hosts }}" diff --git a/ansible/roles/mariadb/tasks/backup.yml b/ansible/roles/mariadb/tasks/backup.yml index ef78107eb6..300581bc60 100644 --- a/ansible/roles/mariadb/tasks/backup.yml +++ b/ansible/roles/mariadb/tasks/backup.yml @@ -1,4 +1,13 @@ --- +- name: Get MariaDB container facts + become: true + kolla_container_facts: + container_engine: "{{ kolla_container_engine }}" + name: + - "{{ mariadb_services.mariadb.container_name }}" + check_mode: false + register: container_facts + - name: Taking {{ mariadb_backup_type }} database backup via Mariabackup become: true kolla_container: @@ -6,7 +15,10 @@ command: "bash -c 'sudo -E kolla_set_configs && /usr/local/bin/kolla_mariadb_backup.sh'" common_options: "{{ docker_common_options }}" detach: False - image: "{{ mariabackup_image_full }}" + # NOTE(mgoddard): Try to use the same image as the MariaDB server container + # to avoid compatibility issues. See + # https://bugs.launchpad.net/kolla-ansible/+bug/2058644. + image: "{{ container_facts.mariadb.Image | default(mariadb_services.mariadb.image) }}" name: "mariabackup" restart_policy: oneshot remove_on_exit: True diff --git a/ansible/roles/mariadb/tasks/recover_cluster.yml b/ansible/roles/mariadb/tasks/recover_cluster.yml index 0c36e42fa8..e62a82fc17 100644 --- a/ansible/roles/mariadb/tasks/recover_cluster.yml +++ b/ansible/roles/mariadb/tasks/recover_cluster.yml @@ -9,6 +9,7 @@ path: "{{ item }}" state: absent delegate_to: localhost + connection: local changed_when: false check_mode: no run_once: true @@ -49,7 +50,7 @@ # WSREP: Recovered position: :. - name: Get MariaDB wsrep recovery seqno become: true - shell: tail -n 200 /tmp/mariadb_tmp.log | awk -F" " '$0~/Recovered position/{print $NF;exit;}' | awk -F":" '{print $2}' + shell: awk -F" " '/Recovered position/{seqno=$NF} END{split(seqno, a, ":"); print a[2]}' /tmp/mariadb_tmp.log register: wsrep_recovery_seqno - name: Removing MariaDB log file from /tmp @@ -83,10 +84,12 @@ dest: "{{ mariadb_recover_tmp_file_path }}" mode: 0644 delegate_to: localhost + connection: local changed_when: false when: seqno_compare.results | map(attribute='stdout') | join('') == "" - name: Registering mariadb_recover_inventory_name from temp file + connection: local set_fact: mariadb_recover_inventory_name: "{{ lookup('file', mariadb_recover_tmp_file_path) }}" when: diff --git a/ansible/roles/mariadb/tasks/register.yml b/ansible/roles/mariadb/tasks/register.yml index a4a1eb6b1c..08edfd074e 100644 --- a/ansible/roles/mariadb/tasks/register.yml +++ b/ansible/roles/mariadb/tasks/register.yml @@ -33,21 +33,6 @@ when: - inventory_hostname == groups[mariadb_shard_group][0] -- name: Creating the Mariabackup database - become: true - kolla_toolbox: - container_engine: "{{ kolla_container_engine }}" - module_name: mysql_db - module_args: - login_host: "{{ api_interface_address }}" - login_port: "{{ mariadb_port }}" - login_user: "{{ mariadb_shard_database_user }}" - login_password: "{{ database_password }}" - name: "{{ mariadb_backup_database_schema }}" - when: - - enable_mariabackup | bool - - inventory_hostname == mariadb_backup_host - - name: Creating database backup user and setting permissions become: true kolla_toolbox: @@ -61,7 +46,7 @@ name: "{{ mariadb_backup_database_user }}" password: "{{ mariadb_backup_database_password }}" host: "%" - priv: "*.*:CREATE TABLESPACE,RELOAD,PROCESS,SUPER,LOCK TABLES,BINLOG MONITOR" + priv: "*.*:CREATE TABLESPACE,RELOAD,PROCESS,SUPER,LOCK TABLES,BINLOG MONITOR/{{ mariadb_backup_database_schema }}.mariadb_backup_history:CREATE" append_privs: True when: - enable_mariabackup | bool diff --git a/ansible/roles/mariadb/tasks/restart_services.yml b/ansible/roles/mariadb/tasks/restart_services.yml index 498376f43d..ca48e359ad 100644 --- a/ansible/roles/mariadb/tasks/restart_services.yml +++ b/ansible/roles/mariadb/tasks/restart_services.yml @@ -23,6 +23,7 @@ timeout: 60 search_regex: "MariaDB" register: check_mariadb_port + check_mode: false until: check_mariadb_port is success retries: 10 delay: 6 @@ -31,7 +32,8 @@ become: true command: >- {{ kolla_container_engine }} exec {{ mariadb_service.container_name }} - mysql -uroot -p{{ database_password }} -P {{ mariadb_port }} + mysql -uroot -p{{ database_password }} + -h {{ api_interface_address }} -P {{ mariadb_port }} --silent --skip-column-names -e 'SHOW STATUS LIKE "wsrep_local_state_comment"' changed_when: false @@ -40,6 +42,7 @@ retries: 10 delay: 6 no_log: true + check_mode: false when: # NOTE(yoctozepto): we don't want to wait for new nodes to fully sync # with an existing cluster as this could take time diff --git a/ansible/roles/masakari/defaults/main.yml b/ansible/roles/masakari/defaults/main.yml index 6b2f072dfd..3cd8cc26a3 100644 --- a/ansible/roles/masakari/defaults/main.yml +++ b/ansible/roles/masakari/defaults/main.yml @@ -43,6 +43,7 @@ masakari_services: ipc_mode: host image: "{{ masakari_monitors_image_full }}" volumes: "{{ masakari_hostmonitor_default_volumes + masakari_hostmonitor_extra_volumes }}" + privileged: True dimensions: "{{ masakari_hostmonitor_dimensions }}" #################### diff --git a/ansible/roles/masakari/handlers/main.yml b/ansible/roles/masakari/handlers/main.yml index 13d3e14460..afa8ef1eb8 100644 --- a/ansible/roles/masakari/handlers/main.yml +++ b/ansible/roles/masakari/handlers/main.yml @@ -57,6 +57,7 @@ common_options: "{{ docker_common_options }}" name: "{{ service.container_name }}" image: "{{ service.image }}" + privileged: "{{ service.privileged | default(True) }}" ipc_mode: "{{ service.ipc_mode }}" volumes: "{{ service.volumes | reject('equalto', '') | list }}" dimensions: "{{ service.dimensions }}" diff --git a/ansible/roles/masakari/templates/masakari.conf.j2 b/ansible/roles/masakari/templates/masakari.conf.j2 index 7f4b8f3fba..f02660d28c 100644 --- a/ansible/roles/masakari/templates/masakari.conf.j2 +++ b/ansible/roles/masakari/templates/masakari.conf.j2 @@ -59,6 +59,9 @@ ssl_ca_file = {{ om_rabbitmq_cacert }} {% if om_enable_rabbitmq_high_availability | bool %} amqp_durable_queues = true {% endif %} +{% if om_enable_rabbitmq_quorum_queues | bool %} +rabbit_quorum_queue = true +{% endif %} [oslo_middleware] enable_proxy_headers_parsing = True diff --git a/ansible/roles/multipathd/templates/multipath.conf.j2 b/ansible/roles/multipathd/templates/multipath.conf.j2 index 5aa10573e7..478eef0230 100644 --- a/ansible/roles/multipathd/templates/multipath.conf.j2 +++ b/ansible/roles/multipathd/templates/multipath.conf.j2 @@ -1,6 +1,7 @@ defaults { user_friendly_names no find_multipaths yes + skip_kpartx yes } blacklist { diff --git a/ansible/roles/neutron/defaults/main.yml b/ansible/roles/neutron/defaults/main.yml index d0e96646bc..03afa06b4a 100644 --- a/ansible/roles/neutron/defaults/main.yml +++ b/ansible/roles/neutron/defaults/main.yml @@ -428,7 +428,7 @@ neutron_ovn_metadata_agent_enable_healthchecks: "{{ enable_container_healthcheck neutron_ovn_metadata_agent_healthcheck_interval: "{{ default_container_healthcheck_interval }}" neutron_ovn_metadata_agent_healthcheck_retries: "{{ default_container_healthcheck_retries }}" neutron_ovn_metadata_agent_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}" -neutron_ovn_metadata_agent_healthcheck_test: ["CMD-SHELL", "healthcheck_port python {{ ovn_sb_db_port }}"] +neutron_ovn_metadata_agent_healthcheck_test: ["CMD-SHELL", "healthcheck_port neutron-ovn-metadata-agent {{ ovsdb_port }}"] neutron_ovn_metadata_agent_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}" neutron_ovn_metadata_agent_healthcheck: interval: "{{ neutron_ovn_metadata_agent_healthcheck_interval }}" @@ -480,7 +480,7 @@ neutron_ovn_agent_enable_healthchecks: "{{ enable_container_healthchecks }}" neutron_ovn_agent_healthcheck_interval: "{{ default_container_healthcheck_interval }}" neutron_ovn_agent_healthcheck_retries: "{{ default_container_healthcheck_retries }}" neutron_ovn_agent_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}" -neutron_ovn_agent_healthcheck_test: ["CMD-SHELL", "healthcheck_port python {{ ovn_sb_db_port }}"] +neutron_ovn_agent_healthcheck_test: ["CMD-SHELL", "healthcheck_port neutron-ovn-agent {{ ovsdb_port }}"] neutron_ovn_agent_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}" neutron_ovn_agent_healthcheck: interval: "{{ neutron_ovn_agent_healthcheck_interval }}" @@ -629,6 +629,9 @@ neutron_ovn_agent_extra_volumes: "{{ neutron_extra_volumes }}" #################### dhcp_agents_per_network: 2 max_l3_agents_per_router: 3 +# https://docs.openstack.org/neutron/2024.2/configuration/config-samples.html +# Maximum number of allowed address pairs (integer value) +max_allowed_address_pair: 30 # Adds a delay (in seconds) to the serial neutron_l3_agent container restart # process, allowing routers to fail over without loss of connectivity. @@ -656,6 +659,8 @@ neutron_metadata_workers: "{{ openstack_service_workers }}" # Subprojects #################### neutron_subprojects: + - name: "neutron-fwaas" + enabled: "{{ enable_neutron_fwaas | bool }}" - name: "networking-sfc" enabled: "{{ enable_neutron_sfc | bool }}" - name: "neutron-dynamic-routing" @@ -723,6 +728,8 @@ neutron_modules_extra: [] # Service Plugins #################### service_plugins: + - name: "firewall_v2" + enabled: "{{ enable_neutron_fwaas | bool }}" - name: "flow_classifier" enabled: "{{ enable_neutron_sfc | bool }}" - name: "metering" @@ -747,6 +754,8 @@ service_plugins: enabled: "{{ neutron_plugin_agent == 'ovn' }}" - name: "log" enabled: "{{ enable_neutron_packet_logging | bool }}" + - name: "bm_gw" + enabled: "{{ enable_neutron_bm_gateway | bool }}" neutron_service_plugins: "{{ service_plugins | selectattr('enabled', 'equalto', true) | list }}" @@ -779,6 +788,8 @@ agent_extensions: neutron_agent_extensions: "{{ agent_extensions | selectattr('enabled', 'equalto', true) | list }}" l3_agent_extensions: + - name: "fwaas_v2" + enabled: "{{ enable_neutron_fwaas | bool }}" - name: "vpnaas" enabled: "{{ enable_neutron_vpnaas | bool }}" - name: "port_forwarding" diff --git a/ansible/roles/neutron/tasks/config-host.yml b/ansible/roles/neutron/tasks/config-host.yml index 9839955de6..112f231f97 100644 --- a/ansible/roles/neutron/tasks/config-host.yml +++ b/ansible/roles/neutron/tasks/config-host.yml @@ -12,6 +12,11 @@ list | length > 0 +- name: Check IPv6 support + command: /usr/sbin/sysctl -n net.ipv6.conf.all.disable_ipv6 + register: ipv6_disabled + changed_when: false + - name: Setting sysctl values become: true vars: @@ -34,3 +39,4 @@ - set_sysctl | bool - item.value != 'KOLLA_SKIP' - (neutron_l3_agent.enabled | bool and neutron_l3_agent.host_in_groups | bool) + - not ('ipv6' in item.name and ipv6_disabled.stdout | bool) diff --git a/ansible/roles/neutron/tasks/config.yml b/ansible/roles/neutron/tasks/config.yml index dfbf70384c..ef9ad34cea 100644 --- a/ansible/roles/neutron/tasks/config.yml +++ b/ansible/roles/neutron/tasks/config.yml @@ -323,6 +323,28 @@ notify: - "Restart {{ item.key }} container" +- name: Copying over fwaas_driver.ini + become: true + vars: + service_name: "{{ item.key }}" + services_need_fwaas_driver_ini: + - "neutron-server" + - "neutron-l3-agent" + merge_configs: + sources: + - "{{ role_path }}/templates/fwaas_driver.ini.j2" + - "{{ node_custom_config }}/neutron/fwaas_driver.ini" + dest: "{{ node_config_directory }}/{{ service_name }}/fwaas_driver.ini" + mode: "0660" + when: + - enable_neutron_fwaas | bool + - item.key in services_need_fwaas_driver_ini + - item.value.enabled | bool + - item.value.host_in_groups | bool + with_dict: "{{ neutron_services }}" + notify: + - "Restart {{ item.key }} container" + - name: Copying over metadata_agent.ini become: true vars: diff --git a/ansible/roles/neutron/templates/fwaas_driver.ini.j2 b/ansible/roles/neutron/templates/fwaas_driver.ini.j2 new file mode 100644 index 0000000000..7e5db0411f --- /dev/null +++ b/ansible/roles/neutron/templates/fwaas_driver.ini.j2 @@ -0,0 +1,10 @@ +[fwaas] +enabled = True +{% if neutron_plugin_agent == 'vmware_nsxv' %} +driver = vmware_nsxv_edge +{% else %} +agent_version = v2 +driver = iptables_v2 +[service_providers] +service_provider = FIREWALL_V2:fwaas_db:neutron_fwaas.services.firewall.service_drivers.agents.agents.FirewallAgentDriver:default +{% endif %} \ No newline at end of file diff --git a/ansible/roles/neutron/templates/neutron-l3-agent-wrapper.sh.j2 b/ansible/roles/neutron/templates/neutron-l3-agent-wrapper.sh.j2 index 6960ae4bb4..d8d6047dd2 100644 --- a/ansible/roles/neutron/templates/neutron-l3-agent-wrapper.sh.j2 +++ b/ansible/roles/neutron/templates/neutron-l3-agent-wrapper.sh.j2 @@ -7,10 +7,14 @@ set -o errexit neutron-netns-cleanup \ --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/l3_agent.ini \ +{% if enable_neutron_fwaas | bool %} + --config-file /etc/neutron/fwaas_driver.ini \ +{% endif %} --force --agent-type l3 {% endif %} neutron-l3-agent \ --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/neutron_vpnaas.conf \ - --config-file /etc/neutron/l3_agent.ini \ + --config-file /etc/neutron/l3_agent.ini{% if enable_neutron_fwaas | bool %} \ + --config-file /etc/neutron/fwaas_driver.ini{% endif %} \ No newline at end of file diff --git a/ansible/roles/neutron/templates/neutron-l3-agent.json.j2 b/ansible/roles/neutron/templates/neutron-l3-agent.json.j2 index 5c1d79c330..cd36548419 100644 --- a/ansible/roles/neutron/templates/neutron-l3-agent.json.j2 +++ b/ansible/roles/neutron/templates/neutron-l3-agent.json.j2 @@ -18,7 +18,13 @@ "dest": "/etc/neutron/neutron_vpnaas.conf", "owner": "neutron", "perm": "0600" - }, + }{% if enable_neutron_fwaas | bool %}, + { + "source": "{{ container_config_directory }}/fwaas_driver.ini", + "dest": "/etc/neutron/fwaas_driver.ini", + "owner": "neutron", + "perm": "0600" + }{% endif %}, { "source": "{{ container_config_directory }}/l3_agent.ini", "dest": "/etc/neutron/l3_agent.ini", diff --git a/ansible/roles/neutron/templates/neutron-server.json.j2 b/ansible/roles/neutron/templates/neutron-server.json.j2 index f1e93a72c3..424b1665c1 100644 --- a/ansible/roles/neutron/templates/neutron-server.json.j2 +++ b/ansible/roles/neutron/templates/neutron-server.json.j2 @@ -1,5 +1,5 @@ { - "command": "neutron-server --config-file /etc/neutron/neutron.conf {% if neutron_plugin_agent in ['openvswitch', 'linuxbridge', 'ovn'] %} --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/neutron/neutron_vpnaas.conf {% elif neutron_plugin_agent in ['vmware_nsxv', 'vmware_nsxv3', 'vmware_nsxp', 'vmware_dvs'] %} --config-file /etc/neutron/plugins/vmware/nsx.ini {% endif %}", + "command": "neutron-server --config-file /etc/neutron/neutron.conf {% if neutron_plugin_agent in ['openvswitch', 'linuxbridge', 'ovn'] %} --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/neutron/neutron_vpnaas.conf {% elif neutron_plugin_agent in ['vmware_nsxv', 'vmware_nsxv3', 'vmware_nsxp', 'vmware_dvs'] %} --config-file /etc/neutron/plugins/vmware/nsx.ini {% endif %}{% if enable_neutron_fwaas | bool %}--config-file /etc/neutron/fwaas_driver.ini{% endif %}", "config_files": [ { "source": "{{ container_config_directory }}/neutron.conf", @@ -7,6 +7,14 @@ "owner": "neutron", "perm": "0600" }, +{% if enable_neutron_fwaas | bool %} + { + "source": "{{ container_config_directory }}/fwaas_driver.ini", + "dest": "/etc/neutron/fwaas_driver.ini", + "owner": "neutron", + "perm": "0600" + }, +{% endif %} { "source": "{{ container_config_directory }}/neutron_vpnaas.conf", "dest": "/etc/neutron/neutron_vpnaas.conf", diff --git a/ansible/roles/neutron/templates/neutron.conf.j2 b/ansible/roles/neutron/templates/neutron.conf.j2 index a95106143c..223d158b34 100644 --- a/ansible/roles/neutron/templates/neutron.conf.j2 +++ b/ansible/roles/neutron/templates/neutron.conf.j2 @@ -21,10 +21,7 @@ api_workers = {{ neutron_api_workers }} rpc_workers = {{ openstack_service_rpc_workers }} rpc_state_report_workers = {{ openstack_service_rpc_workers }} -# NOTE(SamYaple): We must specify this value here rather than the metadata conf -# because it is used by the l3 and dhcp agents. The reason the path has 'kolla' -# in it is because we are sharing this socket in a volume which is it's own dir -metadata_proxy_socket = /var/lib/neutron/kolla/metadata_proxy +state_path = /var/lib/neutron/kolla {% if neutron_plugin_agent == "openvswitch" or (neutron_plugin_agent == "ovn" and neutron_ovn_dhcp_agent | bool) %} interface_driver = openvswitch @@ -59,7 +56,7 @@ max_l3_agents_per_router = {{ max_l3_agents_per_router }} {% endif %} transport_url = {{ rpc_transport_url }} - +max_allowed_address_pair = {{ max_allowed_address_pair }} {% if enable_neutron_dvr | bool %} router_distributed = True {% endif %} diff --git a/ansible/roles/neutron/templates/openvswitch_agent.ini.j2 b/ansible/roles/neutron/templates/openvswitch_agent.ini.j2 index 88834e2dea..72e91a42f2 100644 --- a/ansible/roles/neutron/templates/openvswitch_agent.ini.j2 +++ b/ansible/roles/neutron/templates/openvswitch_agent.ini.j2 @@ -11,7 +11,11 @@ extensions = {{ neutron_agent_extensions|map(attribute='name')|join(',') }} {% endif %} [securitygroup] +{% if enable_ovs_dpdk | bool %} +firewall_driver = openvswitch +{% else %} firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver +{% endif %} [ovs] {% if inventory_hostname in groups["network"] or (inventory_hostname in groups["compute"] and computes_need_external_bridge | bool ) %} diff --git a/ansible/roles/nova-cell/defaults/main.yml b/ansible/roles/nova-cell/defaults/main.yml index 4e07db6e89..59a7fbc3af 100644 --- a/ansible/roles/nova-cell/defaults/main.yml +++ b/ansible/roles/nova-cell/defaults/main.yml @@ -380,7 +380,6 @@ nova_libvirt_default_volumes: - "{{ nova_instance_datadir_volume }}:/var/lib/nova/" - "{% if enable_shared_var_lib_nova_mnt | bool %}/var/lib/nova/mnt:/var/lib/nova/mnt:shared{% endif %}" - "nova_libvirt_qemu:/etc/libvirt/qemu" - - "nova_libvirt_secrets:/etc/libvirt/secrets" - "{{ kolla_dev_repos_directory ~ '/nova/nova:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/nova' if nova_dev_mode | bool else '' }}" nova_ssh_default_volumes: - "{{ node_config_directory }}/nova-ssh/:{{ container_config_directory }}/:ro" @@ -453,6 +452,7 @@ nova_compute_extra_volumes: "{{ nova_extra_volumes }}" nova_compute_ironic_extra_volumes: "{{ nova_extra_volumes }}" # Used by bootstrapping containers. nova_cell_bootstrap_extra_volumes: "{{ nova_extra_volumes }}" +nova_cell_get_settings_volumes: "{{ nova_cell_bootstrap_default_volumes + nova_cell_bootstrap_extra_volumes }}" nova_libvirt_volume: "{{ 'libvirtd' if enable_nova_libvirt_container | bool else '/var/lib/libvirt' }}" @@ -474,6 +474,11 @@ openstack_nova_auth: "{{ openstack_auth }}" nova_libvirt_port: "{{ '16514' if libvirt_tls | bool else '16509' }}" nova_ssh_port: "8022" +# https://docs.openstack.org/nova/2024.2/configuration/sample-config.html +resume_guests_state_on_host_boot: true +block_device_allocate_retries: 600 +block_device_allocate_retries_interval: 6 + # NOTE(mgoddard): The order of this list defines the order in which services # are restarted during an upgrade in reload.yml. Restarting the conductor # first is recommended. diff --git a/ansible/roles/nova-cell/tasks/config.yml b/ansible/roles/nova-cell/tasks/config.yml index 191634b863..d4410b51e9 100644 --- a/ansible/roles/nova-cell/tasks/config.yml +++ b/ansible/roles/nova-cell/tasks/config.yml @@ -40,6 +40,19 @@ when: - nova_policy.results +- name: Check for vendordata file + stat: + path: "{{ node_custom_config }}/nova/vendordata.json" + delegate_to: localhost + run_once: True + register: vendordata_file + +- name: Set vendordata file path + set_fact: + vendordata_file_path: "{{ vendordata_file.stat.path }}" + when: + - vendordata_file.stat.exists + - name: Copying over config.json files for services become: true template: @@ -201,3 +214,21 @@ with_dict: "{{ nova_cell_services }}" notify: - "Restart {{ item.key }} container" + +- name: Copying over vendordata file to containers + vars: + service: "{{ nova_cell_services[item] }}" + copy: + src: "{{ vendordata_file_path }}" + dest: "{{ node_config_directory }}/{{ item }}/vendordata.json" + mode: "0660" + become: True + when: + - vendordata_file_path is defined + - inventory_hostname in groups[service.group] + - service.enabled | bool + notify: + - "Restart {{ item }} container" + with_items: + - nova-compute + - nova-compute-ironic diff --git a/ansible/roles/nova-cell/tasks/deploy.yml b/ansible/roles/nova-cell/tasks/deploy.yml index beecc7d448..adb73caab2 100644 --- a/ansible/roles/nova-cell/tasks/deploy.yml +++ b/ansible/roles/nova-cell/tasks/deploy.yml @@ -35,3 +35,5 @@ # and there is a cell conductor in the inventory to delegate to. - all_computes_in_batch | length > 0 - groups[nova_cell_conductor_group] | length > 0 + +- import_tasks: post-config.yml diff --git a/ansible/roles/nova-cell/tasks/get_cell_settings.yml b/ansible/roles/nova-cell/tasks/get_cell_settings.yml index b5b8083999..d98f30cdbb 100644 --- a/ansible/roles/nova-cell/tasks/get_cell_settings.yml +++ b/ansible/roles/nova-cell/tasks/get_cell_settings.yml @@ -13,7 +13,7 @@ BOOTSTRAP: name: "nova_list_cells" restart_policy: oneshot - volumes: "{{ nova_cell_bootstrap_default_volumes + nova_cell_bootstrap_extra_volumes }}" + volumes: "{{ nova_cell_get_settings_volumes }}" register: existing_cells_list changed_when: false failed_when: diff --git a/ansible/roles/nova-cell/tasks/post-config.yml b/ansible/roles/nova-cell/tasks/post-config.yml new file mode 100644 index 0000000000..804b5da142 --- /dev/null +++ b/ansible/roles/nova-cell/tasks/post-config.yml @@ -0,0 +1,8 @@ +--- +# TODO(kevko) Remove in E cycle +- name: Remove old nova_libvirt_secrets container volume + become: true + kolla_container: + container_engine: "{{ kolla_container_engine }}" + action: "remove_volume" + name: nova_libvirt_secrets diff --git a/ansible/roles/nova-cell/tasks/rolling_upgrade.yml b/ansible/roles/nova-cell/tasks/rolling_upgrade.yml index b1637ad8a2..928e8763ab 100644 --- a/ansible/roles/nova-cell/tasks/rolling_upgrade.yml +++ b/ansible/roles/nova-cell/tasks/rolling_upgrade.yml @@ -14,3 +14,5 @@ - name: Flush handlers meta: flush_handlers + +- import_tasks: post-config.yml diff --git a/ansible/roles/nova-cell/tasks/wait_discover_computes.yml b/ansible/roles/nova-cell/tasks/wait_discover_computes.yml index 1a7a99a527..1603af5dea 100644 --- a/ansible/roles/nova-cell/tasks/wait_discover_computes.yml +++ b/ansible/roles/nova-cell/tasks/wait_discover_computes.yml @@ -79,7 +79,7 @@ # configure for [DEFAULT] host in nova.conf. ironic_compute_service_hosts: >- {{ ironic_computes_in_batch | - map('extract', hostvars, ['ansible_facts', 'hostname']) | + map('extract', hostvars) | json_query('[].nova_compute_ironic_custom_host || [].ansible_facts.hostname') | map('regex_replace', '^(.*)$', '\1-ironic') | list }} expected_compute_service_hosts: "{{ virt_compute_service_hosts + ironic_compute_service_hosts }}" diff --git a/ansible/roles/nova-cell/templates/nova-compute-ironic.json.j2 b/ansible/roles/nova-cell/templates/nova-compute-ironic.json.j2 index d41811fc70..1c2fb31d98 100644 --- a/ansible/roles/nova-cell/templates/nova-compute-ironic.json.j2 +++ b/ansible/roles/nova-cell/templates/nova-compute-ironic.json.j2 @@ -12,6 +12,12 @@ "dest": "/etc/nova/{{ nova_policy_file }}", "owner": "nova", "perm": "0600" + }{% endif %}{% if vendordata_file_path is defined %}, + { + "source": "{{ container_config_directory }}/vendordata.json", + "dest": "/etc/nova/vendordata.json", + "owner": "nova", + "perm": "0600" }{% endif %} ], "permissions": [ diff --git a/ansible/roles/nova-cell/templates/nova-compute.json.j2 b/ansible/roles/nova-cell/templates/nova-compute.json.j2 index cf27fba3bd..a6b5bc554c 100644 --- a/ansible/roles/nova-cell/templates/nova-compute.json.j2 +++ b/ansible/roles/nova-cell/templates/nova-compute.json.j2 @@ -67,6 +67,12 @@ "dest": "/etc/nova/provider_config/provider_config.yaml", "owner": "nova", "perm": "0600" + }{% endif %}{% if vendordata_file_path is defined %}, + { + "source": "{{ container_config_directory }}/vendordata.json", + "dest": "/etc/nova/vendordata.json", + "owner": "nova", + "perm": "0600" }{% endif %} ], "permissions": [ diff --git a/ansible/roles/nova-cell/templates/nova.conf.j2 b/ansible/roles/nova-cell/templates/nova.conf.j2 index 41cd9a1046..fb9ec93a32 100644 --- a/ansible/roles/nova-cell/templates/nova.conf.j2 +++ b/ansible/roles/nova-cell/templates/nova.conf.j2 @@ -1,7 +1,9 @@ # nova.conf [DEFAULT] debug = {{ nova_logging_debug }} - +resume_guests_state_on_host_boot = {{ resume_guests_state_on_host_boot }} +block_device_allocate_retries = {{ block_device_allocate_retries }} +block_device_allocate_retries_interval = {{ block_device_allocate_retries_interval }} log_dir = /var/log/kolla/nova state_path = /var/lib/nova @@ -9,7 +11,8 @@ state_path = /var/lib/nova allow_resize_to_same_host = true {% if service_name == "nova-compute-ironic" %} -host={{ ansible_facts.hostname }}-ironic +host={{ nova_compute_ironic_custom_host | default(ansible_facts.hostname) }}-ironic +force_config_drive = true log_file = /var/log/kolla/nova/nova-compute-ironic.log compute_driver = ironic.IronicDriver ram_allocation_ratio = 1.0 @@ -26,7 +29,7 @@ compute_driver = libvirt.LibvirtDriver # Though my_ip is not used directly, lots of other variables use $my_ip my_ip = {{ api_interface_address }} -{% if enable_ceilometer | bool or enable_designate | bool %} +{% if enable_ceilometer | bool %} instance_usage_audit = True instance_usage_audit_period = hour {% if enable_watcher | bool %} @@ -36,6 +39,11 @@ compute_monitors=nova.compute.monitors.cpu.virt_driver transport_url = {{ nova_cell_rpc_transport_url }} +{% if vendordata_file_path is defined and (service_name == 'nova-compute' or service_name == 'nova-compute-ironic') %} +[api] +vendordata_jsonfile_path = /etc/nova/vendordata.json +{% endif %} + [conductor] workers = {{ nova_cell_conductor_workers }} diff --git a/ansible/roles/nova-cell/templates/sshd_config.j2 b/ansible/roles/nova-cell/templates/sshd_config.j2 index eb4aff220f..0f607bc0e6 100644 --- a/ansible/roles/nova-cell/templates/sshd_config.j2 +++ b/ansible/roles/nova-cell/templates/sshd_config.j2 @@ -8,4 +8,6 @@ SyslogFacility AUTHPRIV UsePAM yes {% if kolla_base_distro in ["centos", "rocky"] %} Subsystem sftp /usr/libexec/openssh/sftp-server +{% elif kolla_base_distro in ["debian", "ubuntu"] %} +Subsystem sftp /usr/lib/openssh/sftp-server {% endif %} diff --git a/ansible/roles/nova/defaults/main.yml b/ansible/roles/nova/defaults/main.yml index e8cfcb5b07..6e1863df11 100644 --- a/ansible/roles/nova/defaults/main.yml +++ b/ansible/roles/nova/defaults/main.yml @@ -223,6 +223,11 @@ nova_scheduler_workers: "{{ openstack_service_workers }}" nova_enable_nova_legacy_service: false +# https://docs.openstack.org/nova/2024.2/configuration/sample-config.html +resume_guests_state_on_host_boot: true +block_device_allocate_retries: 600 +block_device_allocate_retries_interval: 6 + #################### # Keystone #################### @@ -247,6 +252,11 @@ nova_ks_users: password: "{{ nova_keystone_password }}" role: "admin" +nova_ks_user_roles: + - project: "service" + user: "{{ nova_keystone_user }}" + role: "service" + #################### # Notification #################### diff --git a/ansible/roles/nova/tasks/bootstrap_service.yml b/ansible/roles/nova/tasks/bootstrap_service.yml index bf34743b03..0719ee96ef 100644 --- a/ansible/roles/nova/tasks/bootstrap_service.yml +++ b/ansible/roles/nova/tasks/bootstrap_service.yml @@ -1,6 +1,4 @@ --- -# TODO(mgoddard): We could use nova-manage db sync --local_cell, otherwise we -# sync cell0 twice. Should not be harmful without though. - name: Running Nova API bootstrap container become: true vars: diff --git a/ansible/roles/nova/tasks/map_cell0.yml b/ansible/roles/nova/tasks/map_cell0.yml index 3fcee26a0e..d77553f18e 100644 --- a/ansible/roles/nova/tasks/map_cell0.yml +++ b/ansible/roles/nova/tasks/map_cell0.yml @@ -1,24 +1,65 @@ --- -- name: Create cell0 mappings - vars: - nova_api: "{{ nova_services['nova-api'] }}" - nova_cell0_connection: "mysql+pymysql://{{ nova_cell0_database_user }}:{{ nova_cell0_database_password }}@{{ nova_cell0_database_address }}/{{ nova_cell0_database_name }}" # noqa 204 - become: true - kolla_container: - action: "start_container" - command: bash -c 'sudo -E kolla_set_configs && nova-manage cell_v2 map_cell0 --database_connection {{ nova_cell0_connection }}' - common_options: "{{ docker_common_options }}" - detach: False - image: "{{ nova_api.image }}" - labels: - BOOTSTRAP: - name: "nova_api_map_cell0" - restart_policy: oneshot - volumes: "{{ nova_api_bootstrap_default_volumes + nova_api_bootstrap_extra_volumes }}" - register: map_cell0 - changed_when: - - map_cell0 is success - - '"Cell0 is already setup" not in map_cell0.stdout' +- block: + - name: Create cell0 mappings + vars: + nova_api: "{{ nova_services['nova-api'] }}" + nova_cell0_connection: "mysql+pymysql://{{ nova_cell0_database_user }}:{{ nova_cell0_database_password }}@{{ nova_cell0_database_address }}/{{ nova_cell0_database_name }}" # noqa 204 + become: true + kolla_container: + action: "start_container" + command: bash -c 'sudo -E kolla_set_configs && nova-manage cell_v2 map_cell0 --database_connection {{ nova_cell0_connection }}' + common_options: "{{ docker_common_options }}" + detach: False + image: "{{ nova_api.image }}" + labels: + BOOTSTRAP: + name: "nova_api_map_cell0" + restart_policy: oneshot + volumes: "{{ nova_api_bootstrap_default_volumes + nova_api_bootstrap_extra_volumes }}" + register: map_cell0 + changed_when: + - map_cell0 is success + - '"Cell0 is already setup" not in map_cell0.stdout' + + - import_role: + name: nova-cell + tasks_from: get_cell_settings.yml + vars: + nova_cell_name: "cell0" + nova_api: "{{ nova_services['nova-api'] }}" + nova_cell_get_settings_volumes: "{{ nova_api_bootstrap_default_volumes + nova_api_bootstrap_extra_volumes }}" + + - name: Update cell0 mappings + vars: + nova_cell0_uuid: "00000000-0000-0000-0000-000000000000" + nova_cell0_transport_url: "none:/" + nova_cell0_connection: "mysql+pymysql://{{ nova_cell0_database_user }}:{{ nova_cell0_database_password }}@{{ nova_cell0_database_address }}/{{ nova_cell0_database_name }}" # noqa 204 + nova_api: "{{ nova_services['nova-api'] }}" + become: true + kolla_container: + action: "start_container" + command: > + bash -c 'sudo -E kolla_set_configs && + nova-manage cell_v2 update_cell + --cell_uuid {{ nova_cell0_uuid }} + --database_connection {{ nova_cell0_connection }} + --transport-url {{ nova_cell0_transport_url }}' + common_options: "{{ docker_common_options }}" + detach: False + image: "{{ nova_api.image }}" + labels: + BOOTSTRAP: + name: "nova_api_map_cell0" + restart_policy: oneshot + volumes: "{{ nova_api_bootstrap_default_volumes + nova_api_bootstrap_extra_volumes }}" + register: nova_cell0_updated + changed_when: + - nova_cell0_updated is success + failed_when: + - nova_cell0_updated.rc != 0 + when: + - nova_cell_settings | length > 0 + - nova_cell_settings.cell_database != nova_cell0_connection run_once: True delegate_to: "{{ groups[nova_api.group][0] }}" diff --git a/ansible/roles/nova/tasks/register.yml b/ansible/roles/nova/tasks/register.yml index a9c7cfaf61..c902fec305 100644 --- a/ansible/roles/nova/tasks/register.yml +++ b/ansible/roles/nova/tasks/register.yml @@ -5,3 +5,4 @@ service_ks_register_auth: "{{ openstack_nova_auth }}" service_ks_register_services: "{{ nova_ks_services }}" service_ks_register_users: "{{ nova_ks_users }}" + service_ks_register_user_roles: "{{ nova_ks_user_roles }}" diff --git a/ansible/roles/nova/tasks/upgrade.yml b/ansible/roles/nova/tasks/upgrade.yml index 88fdb63c5e..f60489f4a0 100644 --- a/ansible/roles/nova/tasks/upgrade.yml +++ b/ansible/roles/nova/tasks/upgrade.yml @@ -1,4 +1,11 @@ --- +# TODO(bbezak): Remove this task in the Dalmatian cycle. +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_nova_auth }}" + service_ks_register_user_roles: "{{ nova_ks_user_roles }}" + - name: Run Nova upgrade checks become: true vars: diff --git a/ansible/roles/nova/templates/nova.conf.j2 b/ansible/roles/nova/templates/nova.conf.j2 index 30288da69a..4702463a64 100644 --- a/ansible/roles/nova/templates/nova.conf.j2 +++ b/ansible/roles/nova/templates/nova.conf.j2 @@ -1,6 +1,9 @@ # nova.conf [DEFAULT] debug = {{ nova_logging_debug }} +resume_guests_state_on_host_boot = {{ resume_guests_state_on_host_boot }} +block_device_allocate_retries = {{ block_device_allocate_retries }} +block_device_allocate_retries_interval = {{ block_device_allocate_retries_interval }} {% if service_name == "nova-super-conductor" %} log_file = /var/log/kolla/nova/nova-super-conductor.log @@ -12,11 +15,10 @@ log_dir = /var/log/kolla/nova state_path = /var/lib/nova allow_resize_to_same_host = true - # Though my_ip is not used directly, lots of other variables use $my_ip my_ip = {{ api_interface_address }} -{% if enable_ceilometer | bool or enable_designate | bool %} +{% if enable_ceilometer | bool %} instance_usage_audit = True instance_usage_audit_period = hour {% endif %} diff --git a/ansible/roles/octavia-certificates/defaults/main.yml b/ansible/roles/octavia-certificates/defaults/main.yml index 2061dbe438..283f69bf9f 100644 --- a/ansible/roles/octavia-certificates/defaults/main.yml +++ b/ansible/roles/octavia-certificates/defaults/main.yml @@ -35,7 +35,7 @@ octavia_certs_client_ca_organizational_unit: "{{ octavia_certs_organizational_un octavia_certs_client_ca_common_name: client-ca.example.org # Client certificate. -octavia_certs_client_expiry: 365 +octavia_certs_client_expiry: 3650 octavia_certs_client_req_country: "{{ octavia_certs_country }}" octavia_certs_client_req_state: "{{ octavia_certs_state }}" octavia_certs_client_req_organization: "{{ octavia_certs_organization }}" diff --git a/ansible/roles/octavia/defaults/main.yml b/ansible/roles/octavia/defaults/main.yml index f7f9e61709..de2002dd7d 100644 --- a/ansible/roles/octavia/defaults/main.yml +++ b/ansible/roles/octavia/defaults/main.yml @@ -308,6 +308,7 @@ octavia_amp_flavor: vcpus: 1 ram: 1024 disk: 5 + extra_specs: "{{ {'hw:mem_page_size': '1GB'} if enable_ovs_dpdk | bool else omit }}" # Octavia security groups. lb-mgmt-sec-grp is for amphorae. # lb-health-mgr-sec-grp is used for health manager ports. @@ -327,6 +328,7 @@ octavia_amp_security_groups: name: "lb-health-mgr-sec-grp" enabled: "{{ true if octavia_network_type == 'tenant' else false }}" rules: + - protocol: "{{ 'ipv6-icmp' if octavia_network_address_family == 'ipv6' else 'icmp' }}" - protocol: udp src_port: "{{ octavia_health_manager_port }}" dst_port: "{{ octavia_health_manager_port }}" @@ -362,7 +364,7 @@ octavia_amp_network: enable_dhcp: yes # Octavia management network subnet CIDR. -octavia_amp_network_cidr: 10.1.0.0/24 +octavia_amp_network_cidr: 10.1.0.0/18 octavia_amp_router: name: lb-mgmt-router diff --git a/ansible/roles/octavia/tasks/hm-interface.yml b/ansible/roles/octavia/tasks/hm-interface.yml index 3af55b15ec..10749ffbde 100644 --- a/ansible/roles/octavia/tasks/hm-interface.yml +++ b/ansible/roles/octavia/tasks/hm-interface.yml @@ -44,7 +44,7 @@ port_id: "{{ port_info.port.id }}" become: True command: > - {{ kolla_container_engine }} exec openvswitch_vswitchd ovs-vsctl --may-exist \ + {{ kolla_container_engine }} exec {{ 'ovsdpdk_vswitchd' if enable_ovs_dpdk | bool else 'openvswitch_vswitchd' }} ovs-vsctl --may-exist \ add-port br-int {{ octavia_network_interface }} \ -- set Interface {{ octavia_network_interface }} type=internal \ -- set Interface {{ octavia_network_interface }} external-ids:iface-status=active \ diff --git a/ansible/roles/octavia/tasks/upgrade.yml b/ansible/roles/octavia/tasks/upgrade.yml index 6ba9f99799..a6c6bb6b41 100644 --- a/ansible/roles/octavia/tasks/upgrade.yml +++ b/ansible/roles/octavia/tasks/upgrade.yml @@ -3,6 +3,43 @@ - import_tasks: check-containers.yml +# NOTE(mnasiadka): Run octavia persistence db tasks for upgrade +- name: Creating Octavia persistence database + become: true + kolla_toolbox: + container_engine: "{{ kolla_container_engine }}" + module_name: mysql_db + module_args: + login_host: "{{ database_address }}" + login_port: "{{ database_port }}" + login_user: "{{ octavia_persistence_database_shard_root_user }}" + login_password: "{{ database_password }}" + name: "{{ octavia_persistence_database_name }}" + run_once: True + delegate_to: "{{ groups['octavia-api'][0] }}" + when: + - not use_preconfigured_databases | bool + +- name: Creating Octavia persistence database user and setting permissions + become: true + kolla_toolbox: + container_engine: "{{ kolla_container_engine }}" + module_name: mysql_user + module_args: + login_host: "{{ database_address }}" + login_port: "{{ database_port }}" + login_user: "{{ octavia_persistence_database_shard_root_user }}" + login_password: "{{ database_password }}" + name: "{{ octavia_persistence_database_user }}" + password: "{{ octavia_persistence_database_password }}" + host: "%" + priv: "{{ octavia_persistence_database_name }}.*:ALL" + append_privs: "yes" + run_once: True + delegate_to: "{{ groups['octavia-api'][0] }}" + when: + - not use_preconfigured_databases | bool + - import_tasks: bootstrap_service.yml - name: Flush handlers diff --git a/ansible/roles/octavia/templates/octavia-interface.service.j2 b/ansible/roles/octavia/templates/octavia-interface.service.j2 index 7f04d9fb42..080fe06788 100644 --- a/ansible/roles/octavia/templates/octavia-interface.service.j2 +++ b/ansible/roles/octavia/templates/octavia-interface.service.j2 @@ -1,13 +1,16 @@ [Unit] Description=Octavia Interface Creator +{% if kolla_container_engine == 'docker' %} Requires=docker.service After=docker.service +{% endif %} [Service] Type=oneshot User=root Group=root RemainAfterExit=true +ExecStartPre=/bin/sleep 20 ExecStartPre=/sbin/ip link set dev {{ octavia_network_interface }} address {{ port_info.port.mac_address }} ExecStart=/sbin/dhclient -v {{ octavia_network_interface }} -cf /etc/dhcp/octavia-dhclient.conf ExecStop=/sbin/dhclient -r {{ octavia_network_interface }} diff --git a/ansible/roles/octavia/templates/octavia.conf.j2 b/ansible/roles/octavia/templates/octavia.conf.j2 index 243c274eaa..7abad6debf 100644 --- a/ansible/roles/octavia/templates/octavia.conf.j2 +++ b/ansible/roles/octavia/templates/octavia.conf.j2 @@ -131,6 +131,9 @@ ssl_ca_file = {{ om_rabbitmq_cacert }} {% if om_enable_rabbitmq_high_availability | bool %} amqp_durable_queues = true {% endif %} +{% if om_enable_rabbitmq_quorum_queues | bool %} +rabbit_quorum_queue = true +{% endif %} {% if octavia_policy_file is defined %} [oslo_policy] @@ -151,11 +154,14 @@ ca_certificates_file = {{ openstack_cacert }} region_name = {{ openstack_region_name }} endpoint_type = internal ca_certificates_file = {{ openstack_cacert }} -{% if enable_octavia_jobboard %} +{% if octavia_nova_enable_anti_affinity | bool %} +enable_anti_affinity = true +{% endif %} +{% if enable_octavia_jobboard | bool %} [task_flow] persistence_connection = mysql+pymysql://{{ octavia_persistence_database_user }}:{{ octavia_persistence_database_password }}@{{ octavia_persistence_database_address }}/{{ octavia_persistence_database_name }} -jobboard_enabled = true +jobboard_enabled = false jobboard_backend_password = "{{ redis_master_password }}" jobboard_backend_port = "{{ redis_port }}" jobboard_backend_hosts = {% for host in groups['redis'] %}{{ 'api' | kolla_address(host) | put_address_in_context('url') }}{% if not loop.last %},{% endif %}{% endfor %} diff --git a/ansible/roles/opensearch/defaults/main.yml b/ansible/roles/opensearch/defaults/main.yml index 13bc4248d5..da66a9d312 100644 --- a/ansible/roles/opensearch/defaults/main.yml +++ b/ansible/roles/opensearch/defaults/main.yml @@ -58,6 +58,54 @@ opensearch_cluster_name: "kolla_logging" opensearch_heap_size: "1g" opensearch_java_opts: "{% if opensearch_heap_size %}-Xms{{ opensearch_heap_size }} -Xmx{{ opensearch_heap_size }}{% endif %} -Dlog4j2.formatMsgNoLookups=true" +opensearch_apply_log_retention_policy: true + +# Duration after which an index is staged for deletion. This is implemented +# by closing the index. Whilst in this state the index contributes negligible +# load on the cluster and may be manually re-opened if required. +# NOTE: We carry over legacy settings from ElasticSearch Curator if they +# are set. This may be removed in a later release. +opensearch_soft_retention_period_days: "{{ elasticsearch_curator_soft_retention_period_days | default(30) }}" + +# Duration after which an index is permanently erased from the cluster. +opensearch_hard_retention_period_days: "{{ elasticsearch_curator_hard_retention_period_days | default(60) }}" + +opensearch_retention_policy: | + policy: + description: Retention policy for OpenStack logs + error_notification: + default_state: open + states: + - name: open + actions: [] + transitions: + - state_name: close + conditions: + min_index_age: "{{ opensearch_soft_retention_period_days }}d" + - name: close + actions: + - retry: + count: 3 + backoff: exponential + delay: 1m + close: {} + transitions: + - state_name: delete + conditions: + min_index_age: "{{ opensearch_hard_retention_period_days }}d" + - name: delete + actions: + - retry: + count: 3 + backoff: exponential + delay: 1m + delete: {} + transitions: [] + ism_template: + - index_patterns: + - "{{ opensearch_log_index_prefix }}-*" + priority: 1 + #################### # Keystone #################### diff --git a/ansible/roles/opensearch/handlers/main.yml b/ansible/roles/opensearch/handlers/main.yml index a32287297d..c088ab9edb 100644 --- a/ansible/roles/opensearch/handlers/main.yml +++ b/ansible/roles/opensearch/handlers/main.yml @@ -1,4 +1,47 @@ --- +- name: Disable shard allocation + become: true + vars: + opensearch_shard_body: {"transient": {"cluster.routing.allocation.enable": "none"}} + kolla_toolbox: + container_engine: "{{ kolla_container_engine }}" + module_name: uri + module_args: + url: "{{ opensearch_internal_endpoint }}/_cluster/settings" + method: PUT + status_code: 200 + return_content: yes + body: "{{ opensearch_shard_body | to_json }}" # noqa jinja[invalid] + body_format: json + ca_path: "{{ openstack_cacert }}" + delegate_to: "{{ groups['opensearch'][0] }}" + run_once: true + listen: "Restart opensearch container" + when: + - kolla_action == "upgrade" + +- name: Perform a flush + become: true + kolla_toolbox: + container_engine: "{{ kolla_container_engine }}" + module_name: uri + module_args: + url: "{{ opensearch_internal_endpoint }}/_flush" + method: POST + status_code: 200 + return_content: yes + body_format: json + ca_path: "{{ openstack_cacert }}" + delegate_to: "{{ groups['opensearch'][0] }}" + run_once: true + retries: 10 + delay: 5 + register: result + until: ('status' in result) and result.status == 200 + listen: "Restart opensearch container" + when: + - kolla_action == "upgrade" + - name: Restart opensearch container vars: service_name: "opensearch" diff --git a/ansible/roles/opensearch/tasks/deploy.yml b/ansible/roles/opensearch/tasks/deploy.yml index ee17effc62..a0ebfaf7d7 100644 --- a/ansible/roles/opensearch/tasks/deploy.yml +++ b/ansible/roles/opensearch/tasks/deploy.yml @@ -10,3 +10,6 @@ - name: Flush handlers meta: flush_handlers + +- include_tasks: post-config.yml + when: opensearch_apply_log_retention_policy | bool diff --git a/ansible/roles/opensearch/tasks/post-config.yml b/ansible/roles/opensearch/tasks/post-config.yml new file mode 100644 index 0000000000..c61866d507 --- /dev/null +++ b/ansible/roles/opensearch/tasks/post-config.yml @@ -0,0 +1,69 @@ +--- +- name: Wait for OpenSearch to become ready + become: true + kolla_toolbox: + container_engine: "{{ kolla_container_engine }}" + module_name: uri + module_args: + url: "{{ opensearch_internal_endpoint }}/_cluster/stats" + status_code: 200 + ca_path: "{{ openstack_cacert }}" + register: result + until: result.get('status') == 200 + retries: 30 + delay: 2 + run_once: true + +- name: Check if a log retention policy exists + become: true + kolla_toolbox: + container_engine: "{{ kolla_container_engine }}" + module_name: uri + module_args: + url: "{{ opensearch_internal_endpoint }}/_plugins/_ism/policies/retention" + method: GET + status_code: 200, 404 + return_content: yes + ca_path: "{{ openstack_cacert }}" + register: opensearch_retention_policy_check + delegate_to: "{{ groups['opensearch'][0] }}" + run_once: true + +- name: Create new log retention policy + become: true + kolla_toolbox: + container_engine: "{{ kolla_container_engine }}" + module_name: uri + module_args: + url: "{{ opensearch_internal_endpoint }}/_plugins/_ism/policies/retention" + method: PUT + status_code: 201 + return_content: yes + body: "{{ opensearch_retention_policy | from_yaml | to_json }}" + body_format: json + ca_path: "{{ openstack_cacert }}" + register: opensearch_retention_policy_create + delegate_to: "{{ groups['opensearch'][0] }}" + run_once: true + changed_when: opensearch_retention_policy_create.status == 201 + when: opensearch_retention_policy_check.status == 404 + +- name: Apply retention policy to existing indicies + become: true + vars: + opensearch_set_policy_body: {"policy_id": "retention"} + kolla_toolbox: + container_engine: "{{ kolla_container_engine }}" + module_name: uri + module_args: + url: "{{ opensearch_internal_endpoint }}/_plugins/_ism/add/{{ opensearch_log_index_prefix }}-*" + method: POST + status_code: 200 + return_content: yes + body: "{{ opensearch_set_policy_body | to_json }}" + body_format: json + ca_path: "{{ openstack_cacert }}" + delegate_to: "{{ groups['opensearch'][0] }}" + run_once: true + changed_when: opensearch_retention_policy_create.status == 201 + when: opensearch_retention_policy_check.status == 404 diff --git a/ansible/roles/opensearch/tasks/upgrade.yml b/ansible/roles/opensearch/tasks/upgrade.yml index 2891b64e08..cb376892a9 100644 --- a/ansible/roles/opensearch/tasks/upgrade.yml +++ b/ansible/roles/opensearch/tasks/upgrade.yml @@ -1,39 +1,4 @@ --- -- name: Disable shard allocation - become: true - vars: - opensearch_shard_body: {"transient": {"cluster.routing.allocation.enable": "none"}} - kolla_toolbox: - container_engine: "{{ kolla_container_engine }}" - module_name: uri - module_args: - url: "{{ opensearch_internal_endpoint }}/_cluster/settings" - method: PUT - status_code: 200 - return_content: yes - body: "{{ opensearch_shard_body | to_json }}" # noqa jinja[invalid] - body_format: json - delegate_to: "{{ groups['opensearch'][0] }}" - run_once: true - -- name: Perform a flush - become: true - kolla_toolbox: - container_engine: "{{ kolla_container_engine }}" - module_name: uri - module_args: - url: "{{ opensearch_internal_endpoint }}/_flush" - method: POST - status_code: 200 - return_content: yes - body_format: json - delegate_to: "{{ groups['opensearch'][0] }}" - run_once: true - retries: 10 - delay: 5 - register: result - until: ('status' in result) and result.status == 200 - - import_tasks: config-host.yml - import_tasks: config.yml @@ -46,3 +11,6 @@ - name: Flush handlers meta: flush_handlers + +- include_tasks: post-config.yml + when: opensearch_apply_log_retention_policy | bool diff --git a/ansible/roles/openvswitch/tasks/post-config.yml b/ansible/roles/openvswitch/tasks/post-config.yml index 5b6146f4df..48db9149f9 100644 --- a/ansible/roles/openvswitch/tasks/post-config.yml +++ b/ansible/roles/openvswitch/tasks/post-config.yml @@ -16,6 +16,10 @@ loop: - { col: "external_ids", name: "system-id", value: "{{ openvswitch_system_id }}" } - { col: "other_config", name: "hw-offload", value: true, state: "{{ 'present' if openvswitch_hw_offload | bool else 'absent' }}" } + when: + - openvswitch_services['openvswitch-vswitchd'].host_in_groups | bool + notify: + - "Restart openvswitch-vswitchd container" - name: Ensuring OVS bridge is properly setup become: true diff --git a/ansible/roles/ovn-db/defaults/main.yml b/ansible/roles/ovn-db/defaults/main.yml index a5d301ad5e..c6b314c6b0 100644 --- a/ansible/roles/ovn-db/defaults/main.yml +++ b/ansible/roles/ovn-db/defaults/main.yml @@ -94,3 +94,5 @@ ovn_sb_command: >- --db-sb-pidfile=/run/ovn/ovnsb_db.pid --db-sb-file=/var/lib/openvswitch/ovn-sb/ovnsb.db --ovn-sb-logfile=/var/log/kolla/openvswitch/ovn-sb-db.log +# Workaround: pause after restarting containers to allow for leader election. +ovn_leader_election_pause: 5 diff --git a/ansible/roles/ovn-db/tasks/bootstrap-db.yml b/ansible/roles/ovn-db/tasks/bootstrap-db.yml index 2763005a9b..deb4e0d5bb 100644 --- a/ansible/roles/ovn-db/tasks/bootstrap-db.yml +++ b/ansible/roles/ovn-db/tasks/bootstrap-db.yml @@ -1,4 +1,14 @@ --- +# NOTE(mgoddard): After OVN DB leader restarts there is a period before a new +# leader has been elected where the old leader is returned in the cluster +# status. This can result in a failure to apply the connection settings if a +# different leader is elected. Wait for a few seconds for the leader election +# to complete. +- name: Wait for leader election + pause: + seconds: "{{ ovn_leader_election_pause }}" + when: ovn_nb_db_cluster_exists | default(false) or ovn_sb_db_cluster_exists | default(false) + - name: Get OVN_Northbound cluster leader become: true command: "{{ kolla_container_engine }} exec ovn_nb_db ovs-appctl -t /var/run/ovn/ovnnb_db.ctl cluster/status OVN_Northbound" diff --git a/ansible/roles/ovs-dpdk/defaults/main.yml b/ansible/roles/ovs-dpdk/defaults/main.yml index 2b052f27dd..c3c4699b1d 100644 --- a/ansible/roles/ovs-dpdk/defaults/main.yml +++ b/ansible/roles/ovs-dpdk/defaults/main.yml @@ -7,7 +7,7 @@ ovsdpdk_services: ovsdpdk-db: container_name: "ovsdpdk_db" image: "{{ ovsdpdk_db_image_full }}" - enabled: "{{ neutron_plugin_agent in ['openvswitch'] }}" + enabled: "{{ neutron_plugin_agent in ['openvswitch','ovn'] }}" host_in_groups: >- {{ inventory_hostname in groups['compute'] @@ -21,7 +21,7 @@ ovsdpdk_services: ovsdpdk-vswitchd: container_name: "ovsdpdk_vswitchd" image: "{{ ovsdpdk_vswitchd_image_full }}" - enabled: "{{ neutron_plugin_agent in ['openvswitch'] }}" + enabled: "{{ neutron_plugin_agent in ['openvswitch','ovn'] }}" privileged: True host_in_groups: >- {{ @@ -42,9 +42,28 @@ ovs_port_mappings: "{% for bridge in neutron_bridge_name.split(',') %} {{ neutro tunnel_interface_network: "{{ hostvars[inventory_hostname].ansible_facts[dpdk_tunnel_interface]['ipv4']['network'] }}/{{ hostvars[inventory_hostname].ansible_facts[dpdk_tunnel_interface]['ipv4']['netmask'] }}" tunnel_interface_cidr: "{{ dpdk_tunnel_interface_address }}/{{ tunnel_interface_network | ipaddr('prefix') }}" ovs_cidr_mappings: "{% if neutron_bridge_name.split(',') | length != 1 %} {neutron_bridge_name.split(',')[0]}:{{ tunnel_interface_cidr }} {% else %} {{ neutron_bridge_name }}:{{ tunnel_interface_cidr }} {% endif %}" -ovs_mem_channels: 4 -ovs_socket_mem: 1024 + +dpdk_mem_channels: 4 +dpdk_socket_mem: 2048 +dpdk_coremask: "0x550" +dpdk_pmd_coremask: "0x550" +dpdk_interface_driver: "uio_pci_generic" +dpdk_bond_list: "" +dpdk_multiqueue_num: "8" +dpdk_queue_desc: "4096" +ovs_mem_channels: "{{ dpdk_mem_channels }}" +ovs_socket_mem: "{{ dpdk_socket_mem }}" +ovs_coremask: "{{ dpdk_coremask }}" +ovs_pmd_coremask: "{{ dpdk_pmd_coremask }}" +ovs_dpdk_interface_driver: "{{ dpdk_interface_driver }}" ovs_hugepage_mountpoint: /dev/hugepages +ovs_dpdk_bond_list: "{{ dpdk_bond_list }}" + +ovs_dpdk_multiqueue_num: "{{ dpdk_multiqueue_num }}" +ovs_dpdk_queue_desc: "{{ dpdk_queue_desc }}" + +ovs_dpdk_ovn_enable: "{{ dpdk_ovn_enable }}" +ovs_dpdk_system_id: "{{ ansible_facts.hostname }}" # ovs <2.7 required dpdk phyical port names to be index # in pci address order as dpdkX where X is the index @@ -57,6 +76,7 @@ ovs_physical_port_policy: named # Docker #################### ovsdpdk_tag: "{{ openstack_tag }}" +#ovsdpdk_tag: "2023.2-debian-bookworm" ovsdpdk_db_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/ovsdpdk-db" ovsdpdk_db_tag: "{{ ovsdpdk_tag }}" diff --git a/ansible/roles/ovs-dpdk/files/ovs-dpdkctl.sh b/ansible/roles/ovs-dpdk/files/ovs-dpdkctl.sh index ea8cd6e897..e6832aaf2b 100755 --- a/ansible/roles/ovs-dpdk/files/ovs-dpdkctl.sh +++ b/ansible/roles/ovs-dpdk/files/ovs-dpdkctl.sh @@ -47,9 +47,9 @@ function generate_pciwhitelist { for nic in $(list_dpdk_nics); do address="$(get_value $nic address)" if [ "$_Whitelist" == '' ]; then - _Whitelist="-w $address" + _Whitelist="-a $address" else - _Whitelist="$_Whitelist -w $address" + _Whitelist="$_Whitelist -a $address" fi done echo $_Whitelist @@ -78,13 +78,20 @@ function gen_config { set_value ovs bridge_mappings ${bridge_mappings:-""} set_value ovs port_mappings ${port_mappings:-$(gen_port_mappings)} set_value ovs cidr_mappings ${cidr_mappings:-""} - set_value ovs ovs_coremask ${ovs_coremask:-"0x1"} - set_value ovs pmd_coremask ${pmd_coremask:-"0x2"} + set_value ovs ovs_coremask ${ovs_coremask:-"0x550"} + set_value ovs pmd_coremask ${pmd_coremask:-"0x500"} set_value ovs ovs_mem_channels ${ovs_mem_channels:-4} set_value ovs ovs_socket_mem ${ovs_socket_mem:-"512"} set_value ovs dpdk_interface_driver ${dpdk_interface_driver:-"uio_pci_generic"} set_value ovs hugepage_mountpoint ${hugepage_mountpoint:-"/dev/hugepages"} set_value ovs physical_port_policy ${ovs_physical_port_policy:-"named"} + set_value ovs ovs_dpdk_bond_list ${ovs_dpdk_bond_list:-""} + + set_value ovs ovs_dpdk_multiqueue_num ${ovs_dpdk_multiqueue_num:-"8"} + set_value ovs ovs_dpdk_queue_desc ${ovs_dpdk_queue_desc:-"4096"} + set_value ovn ovs_dpdk_ovn_enable ${ovs_dpdk_ovn_enable:-"no"} + set_value ovn ovs_dpdk_system_id ${ovs_dpdk_system_id:-""} + ls -al /sys/class/net/* | awk '$0 ~ /pci/ {n=split($NF,a,"/"); print "\n[" a[n] "]\naddress = " a[n-2] "\ndriver ="}' >> $CONFIG_FILE @@ -92,8 +99,26 @@ function gen_config { set_value $nic driver $(get_driver_by_address $(get_value $nic address)) done for nic in $(list_dpdk_nics); do - set_value $nic driver ${dpdk_interface_driver:-"uio_pci_generic"} + driver="$(get_value $nic driver)" + if [ "$driver" == "mlx5_core" ]; then + set_value ovs mlx_flag 1 + else + set_value $nic driver ${dpdk_interface_driver:-"uio_pci_generic"} + fi done + ovs_dpdk_bond_list=$(get_value ovs ovs_dpdk_bond_list) + if [ -n "$ovs_dpdk_bond_list" ]; then + IFS=',' read -ra devices <<< "$ovs_dpdk_bond_list" + for nic in "${devices[@]}"; do + driver="$(get_value $nic driver)" + if [ "$driver" == "mlx5_core" ]; then + set_value ovs mlx_flag 1 + else + set_value $nic driver ${dpdk_interface_driver:-"uio_pci_generic"} + fi + done + fi + set_value ovs pci_whitelist "${pci_whitelist:-$(generate_pciwhitelist)}" } @@ -114,7 +139,15 @@ function list_dpdk_nics { } function bind_nics { - for nic in $(list_dpdk_nics); do + if [ "$(is_set ovs mlx_flag)" == 0 ]; then + mlx_flag=$(get_value ovs mlx_flag) + if [ $mlx_flag == 1 ]; then + return 0 + fi + fi + ovs_dpdk_bond_list=$(get_value ovs ovs_dpdk_bond_list) + if [ -z "$ovs_dpdk_bond_list" ]; then + for nic in $(list_dpdk_nics); do device_address="$(get_value $nic address)" current_driver="$(get_driver_by_address $device_address)" target_driver="$(get_value $nic driver)" @@ -123,11 +156,33 @@ function bind_nics { unbind_nic $device_address $current_driver bind_nic $device_address $target_driver fi - done + done + else + IFS=',' read -ra devices <<< "$ovs_dpdk_bond_list" + for nic in "${devices[@]}"; do + device_address="$(get_value $nic address)" + current_driver="$(get_driver_by_address $device_address)" + target_driver="$(get_value $nic driver)" + if [ "$current_driver" != "$target_driver" ]; then + set_value $nic old_driver $current_driver + unbind_nic $device_address $current_driver + bind_nic $device_address $target_driver + fi + done + fi + } function unbind_nics { - for nic in $(list_dpdk_nics); do + if [ "$(is_set ovs mlx_flag)" == 0 ]; then + mlx_flag=$(get_value ovs mlx_flag) + if [ $mlx_flag == 1 ]; then + return 0 + fi + fi + ovs_dpdk_bond_list=$(get_value ovs ovs_dpdk_bond_list) + if [ -z "$ovs_dpdk_bond_list" ]; then + for nic in $(list_dpdk_nics); do if [ "$(is_set $nic old_driver)" == 0 ]; then device_address="$(get_value $nic address)" current_driver="$(get_driver_by_address $device_address)" @@ -138,7 +193,23 @@ function unbind_nics { del_value $nic old_driver fi fi - done + done + else + IFS=',' read -ra devices <<< "$ovs_dpdk_bond_list" + for nic in "${devices[@]}"; do + if [ "$(is_set $nic old_driver)" == 0 ]; then + device_address="$(get_value $nic address)" + current_driver="$(get_driver_by_address $device_address)" + target_driver="$(get_value $nic old_driver)" + if [ "$current_driver" != "$target_driver" ]; then + unbind_nic $device_address $current_driver + bind_nic $device_address $target_driver + del_value $nic old_driver + fi + fi + done + fi + } function get_address_by_name { @@ -169,6 +240,12 @@ function init_ovs_db { other_config:dpdk-socket-mem="$(get_value ovs ovs_socket_mem)" \ other_config:dpdk-hugepage-dir="$(get_value ovs hugepage_mountpoint)" \ other_config:dpdk-extra=" --proc-type primary $(get_value ovs pci_whitelist) " + + if [ "$(get_value ovn ovs_dpdk_ovn_enable)" == "yes" ]; then + ovs-vsctl --no-wait set Open_vSwitch . external_ids:ovn-bridge-datapath-type=netdev \ + external_ids:system-id=$(get_value ovn ovs_dpdk_system_id) + fi + } function init_ovs_bridges { @@ -209,10 +286,114 @@ function init_ovs_interfaces { done } +function init_ovs_bond_interface { + ovs_dpdk_bond_list=$(get_value ovs ovs_dpdk_bond_list) + # ovs_dpdk_bond_list="eno2,eno3" + bridge_mapping=$(get_value ovs bridge_mappings) + bridge_name=`echo $bridge_mapping | cut -f 2 -d ":"` + IFS=',' read -ra devices <<< "$ovs_dpdk_bond_list" + declare -a pcis + declare -a interfaces + declare -a ovs_args + index=1 + + + for dev in "${devices[@]}"; do + + pci="$(get_value $dev address)" + pcis+=("$pci") + interfaces+=("dpdk-p$index") + ((index++)) + done + + + #for dev in ${ovs_dpdk_bond_list//,/ }; do + # pci="$(get_value $dev address)" + # pcis+=("$pci") + # done + ovs_args=(add-bond "$bridge_name" dpdkbond "${interfaces[@]}") + + + for i in "${!interfaces[@]}"; do + ovs_args+=( + "--" + "set" + "interface" + "${interfaces[$i]}" + "type=dpdk" + "options:dpdk-devargs=${pcis[$i]}" + ) + done + #echo "exec comman:ovs-vsctl ${ovs_args[*]}" + ovs-vsctl "${ovs_args[@]}" + + ovs-vsctl set port dpdkbond bond_mode=balance-tcp + ovs-vsctl set port dpdkbond lacp=active + #if [[ $? -eq 0 ]]; then + # echo "OVS Bond config ok!" + #else + # echo "error:OVS config faild!" + # exit 1 + #fi +} + + +function get_dpdk_interfaces() { + ovs-vsctl list interface | \ + awk -F: ' + /name/ {gsub(/[[:space:]]|\"/, "", $2); name=$2} + /type/ && $2 ~ /dpdk/ {print name} + ' +} + +function set_queues() { + local iface=$1 + local rtxq=$2 + local queue_desc=$3 + + ovs-vsctl set interface "$iface" \ + options:n_rxq="$rtxq" \ + options:n_txq="$rtxq" + ovs-vsctl set interface "$iface" \ + options:n_rxq_desc="$queue_desc" \ + options:n_txq_desc="$queue_desc" +} + + +function init_dpdk_multiqueue_num { + dpdk_ifaces=$(get_dpdk_interfaces) + + if [[ -z "$dpdk_ifaces" ]]; then + echo "no fond dpdk interface." + exit 0 + fi + +echo "find DPDK:" +echo "$dpdk_ifaces" +echo "" +ovs_dpdk_multiqueue_num=$(get_value ovs ovs_dpdk_multiqueue_num) +ovs_dpdk_queue_desc=$(get_value ovs ovs_dpdk_queue_desc) +while read -r iface; do + set_queues "$iface" "$ovs_dpdk_multiqueue_num" "$ovs_dpdk_queue_desc" +done <<< "$dpdk_ifaces" + +} + function init { init_ovs_db init_ovs_bridges - init_ovs_interfaces + ovs_dpdk_bond_list=$(get_value ovs ovs_dpdk_bond_list) + if [ -z "$ovs_dpdk_bond_list" ]; then + #echo "ovs_dpdk_bond_list is null." + init_ovs_interfaces + + else + init_ovs_bond_interface + fi + + init_dpdk_multiqueue_num + + #init_ovs_interfaces } function install_network_manager_conf { @@ -235,36 +416,54 @@ function install_network_manager_conf { fi [[ "$octet" < 3 ]] && mask+=. done - if [[ $(is_redhat_family) == 0 ]]; then - cat << EOF | tee "/etc/sysconfig/network-scripts/ifcfg-$bridge" -DEVICE=$bridge -BOOTPROTO=static -IPADDR=$ip -NETMASK=$mask -HOTPLUG=yes -ONBOOT=yes -NM_CONTROLLED=no -EOF -install_redhat_bridge_service $bridge - else - cat << EOF | tee "/etc/network/interfaces.d/$bridge.cfg" - auto $bridge - iface $bridge inet static - address $ip - netmask $mask -EOF - - fi +# if [[ $(is_redhat_family) == 0 ]]; then +# cat << EOF | tee "/etc/sysconfig/network-scripts/ifcfg-$bridge" +#DEVICE=$bridge +#BOOTPROTO=static +#IPADDR=$ip +#NETMASK=$mask +#HOTPLUG=yes +#ONBOOT=yes +#NM_CONTROLLED=no +#EOF +#install_redhat_bridge_service $bridge +# else +# cat << EOF | tee "/etc/network/interfaces.d/$bridge.cfg" +# auto $bridge +# iface $bridge inet static +# address $ip +# netmask $mask +#EOF +#nmcli connection modify $bridge ipv4.method manual +#nmcli connection modify $bridge ipv4.addresses $ip/$prefix +#nmcli connection up $bridge +#nmcli connection modify $bridge connection.autoconnect yes + +nmcli connection add type tun con-name $bridge ifname $bridge +nmcli connection modify $bridge tun.mode 2 tun.vnet-hdr yes +nmcli connection modify $bridge ipv4.addresses $ip/$prefix ipv4.method manual +nmcli connection up $bridge +nmcli connection modify $bridge connection.autoconnect yes + +port_mapping=$(get_value ovs port_mappings) +nic=`echo $port_mapping | cut -f 1 -d ":"` +nmcli connection modify $nic ipv4.method auto +nmcli connection modify $nic ipv4.addresses "" +ip addr del $ip/$prefix dev $nic + + + #fi } function uninstall_network_manager_conf { pair=$(get_value ovs cidr_mappings) bridge=`echo $pair | cut -f 1 -d ":"` - if [[ $(is_redhat_family) == 0 ]]; then - rm -f /etc/sysconfig/network-scripts/ifcfg-$bridge - else - rm -f /etc/network/interfaces.d/$bridge.cfg - fi + #if [[ $(is_redhat_family) == 0 ]]; then + # rm -f /etc/sysconfig/network-scripts/ifcfg-$bridge + # else + # # rm -f /etc/network/interfaces.d/$bridge.cfg + # fi + rm -f /etc/NetworkManager/system-connections/$bridge.nmconnection } function install_service { @@ -348,22 +547,24 @@ function unconfigure_kernel_modules { } function install { - if [ ! -e "$CONFIG_FILE" ]; then - gen_config - fi + #if [ ! -e "$CONFIG_FILE" ]; then + # gen_config + #fi + gen_config configure_kernel_modules if [ ! -e "$SERVICE_FILE" ]; then install_service fi - if [ ! -e /bin/ovs-dpdkctl ]; then + #if [ ! -e /bin/ovs-dpdkctl ]; then cp "$FULL_PATH" /bin/ovs-dpdkctl chmod +x /bin/ovs-dpdkctl - fi + #fi systemctl start ovs-dpdkctl + #echo '12121212222222222222222222222222222222' install_network_manager_conf - if [[ $(is_redhat_family) == 0 ]]; then - systemctl start ovs-dpdk-bridge - fi + #if [[ $(is_redhat_family) == 0 ]]; then + # systemctl start ovs-dpdk-bridge + #fi } function uninstall { @@ -482,7 +683,7 @@ options: - The pci_whitelist allows multiple dpdk primary process to utilise different pci devices without resulting in a conflict of ownership. - - Example: pci_whitelist="-w -w " + - Example: pci_whitelist="-a -a " - Default: auto generated form port_mappings. EOF diff --git a/ansible/roles/ovs-dpdk/handlers/main.yml b/ansible/roles/ovs-dpdk/handlers/main.yml index 6533aa4a09..e110ec4fc2 100644 --- a/ansible/roles/ovs-dpdk/handlers/main.yml +++ b/ansible/roles/ovs-dpdk/handlers/main.yml @@ -18,7 +18,7 @@ - Ensuring ovsdpdk bridges are properly setup indexed - Restart ovsdpdk-vswitchd container - Ensuring ovsdpdk bridges are properly setup named - - wait for dpdk tunnel ip + - Wait for dpdk tunnel ip - OVS-DPDK gather facts - name: Waiting the ovs db service to be ready @@ -88,7 +88,7 @@ - name: Wait for dpdk tunnel ip wait_for: host: "{{ dpdk_tunnel_interface_address }}" - timeout: 300 + timeout: 30 sleep: 5 - name: OVS-DPDK gather facts diff --git a/ansible/roles/ovs-dpdk/tasks/config.yml b/ansible/roles/ovs-dpdk/tasks/config.yml index f318b3abc4..b26e82c449 100644 --- a/ansible/roles/ovs-dpdk/tasks/config.yml +++ b/ansible/roles/ovs-dpdk/tasks/config.yml @@ -44,6 +44,14 @@ ovs_socket_mem: "{{ ovs_socket_mem }}" hugepage_mountpoint: "{{ ovs_hugepage_mountpoint }}" ovs_physical_port_policy: "{{ ovs_physical_port_policy }}" + ovs_dpdk_bond_list: "{{ ovs_dpdk_bond_list }}" + ovs_coremask: "{{ ovs_coremask }}" + pmd_coremask: "{{ ovs_pmd_coremask }}" + dpdk_interface_driver: "{{ ovs_dpdk_interface_driver }}" + ovs_dpdk_multiqueue_num: "{{ ovs_dpdk_multiqueue_num }}" + ovs_dpdk_queue_desc: "{{ ovs_dpdk_queue_desc }}" + ovs_dpdk_ovn_enable: "{{ ovs_dpdk_ovn_enable }}" + ovs_dpdk_system_id: "{{ ovs_dpdk_system_id }}" - name: Binds the interface to the target driver specifed in the config become: True @@ -57,3 +65,11 @@ ovs_socket_mem: "{{ ovs_socket_mem }}" hugepage_mountpoint: "{{ ovs_hugepage_mountpoint }}" ovs_physical_port_policy: "{{ ovs_physical_port_policy }}" + ovs_dpdk_bond_list: "{{ ovs_dpdk_bond_list }}" + ovs_coremask: "{{ ovs_coremask }}" + pmd_coremask: "{{ ovs_pmd_coremask }}" + dpdk_interface_driver: "{{ ovs_dpdk_interface_driver }}" + ovs_dpdk_multiqueue_num: "{{ ovs_dpdk_multiqueue_num }}" + ovs_dpdk_queue_desc: "{{ ovs_dpdk_queue_desc }}" + ovs_dpdk_ovn_enable: "{{ ovs_dpdk_ovn_enable }}" + ovs_dpdk_system_id: "{{ ovs_dpdk_system_id }}" diff --git a/ansible/roles/ovs-dpdk/vars/main.yml b/ansible/roles/ovs-dpdk/vars/main.yml index fe77ecdd14..3fffe60c46 100644 --- a/ansible/roles/ovs-dpdk/vars/main.yml +++ b/ansible/roles/ovs-dpdk/vars/main.yml @@ -1,2 +1,4 @@ --- project_name: "ovs" + +kolla_role_name: "ovsdpdk" diff --git a/ansible/roles/prechecks/tasks/port_checks.yml b/ansible/roles/prechecks/tasks/port_checks.yml index ea3e7d72f7..576baa6d2d 100644 --- a/ansible/roles/prechecks/tasks/port_checks.yml +++ b/ansible/roles/prechecks/tasks/port_checks.yml @@ -5,7 +5,7 @@ - name: Checking the api_interface is active fail: "msg='Please check the api_interface settings - interface {{ api_interface }} is not active'" - when: not hostvars[inventory_hostname].ansible_facts[api_interface]['active'] + when: not hostvars[inventory_hostname].ansible_facts[api_interface | replace('-', '_')]['active'] # kolla_address handles relevant address check - name: Checking the api_interface ip address configuration diff --git a/ansible/roles/prometheus/defaults/main.yml b/ansible/roles/prometheus/defaults/main.yml index 8818f19a2f..ad669f8e8d 100644 --- a/ansible/roles/prometheus/defaults/main.yml +++ b/ansible/roles/prometheus/defaults/main.yml @@ -115,6 +115,35 @@ prometheus_services: image: "{{ prometheus_elasticsearch_exporter_image_full }}" volumes: "{{ prometheus_elasticsearch_exporter_default_volumes + prometheus_elasticsearch_exporter_extra_volumes }}" dimensions: "{{ prometheus_elasticsearch_exporter_dimensions }}" + prometheus-pushgateway: + container_name: prometheus_pushgateway + group: prometheus-pushgateway + enabled: "{{ enable_prometheus_pushgateway | bool }}" + image: "{{ prometheus_pushgateway_image_full }}" + volumes: + - "{{ node_config_directory }}/prometheus-pushgateway/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "kolla_logs:/var/log/kolla/" + - "prometheus_pushgateway:/var/lib/prometheus-pushgateway/" + dimensions: "{{ prometheus_pushgateway_dimensions }}" + # FIXME(wszumski): The pushgateway doesn't support clustering, see: + # https://github.com/prometheus/pushgateway/issues/241, but it should work + # OK as long as you don't use DELETE operations. + haproxy: + prometheus_pushgateway: + enabled: "{{ enable_prometheus_pushgateway }}" + mode: "http" + external: false + port: "{{ prometheus_pushgateway_port }}" + auth_user: "{{ prometheus_pushgateway_user }}" + auth_pass: "{{ prometheus_pushgateway_password }}" + prometheus_pushgateway_external: + enabled: "{{ enable_prometheus_pushgateway }}" + mode: "http" + external: true + port: "{{ prometheus_pushgateway_port }}" + auth_user: "{{ prometheus_pushgateway_user }}" + auth_pass: "{{ prometheus_pushgateway_password }}" prometheus-blackbox-exporter: container_name: "prometheus_blackbox_exporter" group: "prometheus-blackbox-exporter" @@ -122,6 +151,7 @@ prometheus_services: image: "{{ prometheus_blackbox_exporter_image_full }}" volumes: "{{ prometheus_blackbox_exporter_default_volumes + prometheus_blackbox_exporter_extra_volumes }}" dimensions: "{{ prometheus_blackbox_exporter_dimensions }}" + privileged: True prometheus-libvirt-exporter: container_name: "prometheus_libvirt_exporter" group: "prometheus-libvirt-exporter" @@ -230,6 +260,10 @@ prometheus_elasticsearch_exporter_image: "{{ docker_registry ~ '/' if docker_reg prometheus_elasticsearch_exporter_tag: "{{ prometheus_tag }}" prometheus_elasticsearch_exporter_image_full: "{{ prometheus_elasticsearch_exporter_image }}:{{ prometheus_elasticsearch_exporter_tag }}" +prometheus_pushgateway_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/prometheus-pushgateway" +prometheus_pushgateway_tag: "{{ prometheus_tag }}" +prometheus_pushgateway_image_full: "{{ prometheus_pushgateway_image }}:{{ prometheus_pushgateway_tag }}" + prometheus_blackbox_exporter_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/prometheus-blackbox-exporter" prometheus_blackbox_exporter_tag: "{{ prometheus_tag }}" prometheus_blackbox_exporter_image_full: "{{ prometheus_blackbox_exporter_image }}:{{ prometheus_blackbox_exporter_tag }}" @@ -251,6 +285,7 @@ prometheus_cadvisor_dimensions: "{{ default_container_dimensions }}" prometheus_alertmanager_dimensions: "{{ default_container_dimensions }}" prometheus_openstack_exporter_dimensions: "{{ default_container_dimensions }}" prometheus_elasticsearch_exporter_dimensions: "{{ default_container_dimensions }}" +prometheus_pushgateway_dimensions: "{{ default_container_dimensions }}" prometheus_blackbox_exporter_dimensions: "{{ default_container_dimensions }}" prometheus_libvirt_exporter_dimensions: "{{ default_container_dimensions }}" prometheus_msteams_dimensions: "{{ default_container_dimensions }}" @@ -291,7 +326,7 @@ prometheus_cadvisor_default_volumes: - "/:/rootfs:ro" - "/var/run:/var/run:rw" - "/sys:/sys:ro" - - "/var/lib/docker/:/var/lib/docker:ro" + - "/var/lib/containers/:/var/lib/containers:ro" - "/dev/disk/:/dev/disk:ro" prometheus_alertmanager_default_volumes: - "{{ node_config_directory }}/prometheus-alertmanager/:{{ container_config_directory }}/:ro" @@ -345,7 +380,8 @@ prometheus_openstack_exporter_disabled_volume: "{{ '--disable-service.volume' if prometheus_openstack_exporter_disabled_dns: "{{ '--disable-service.dns' if not enable_designate | bool else '' }}" prometheus_openstack_exporter_disabled_object: "{{ '--disable-service.object-store' if not enable_swift | bool else '' }}" prometheus_openstack_exporter_disabled_lb: "{{ '--disable-service.load-balancer --disable-metric=neutron-loadbalancers --disable-metric=neutron-loadbalancers_not_active' if not enable_octavia | bool else '' }}" -prometheus_openstack_exporter_disabled_items: "{{ [prometheus_openstack_exporter_disabled_volume, prometheus_openstack_exporter_disabled_dns, prometheus_openstack_exporter_disabled_object, prometheus_openstack_exporter_disabled_lb | trim] | join(' ') | trim }}" +prometheus_openstack_exporter_disabled_security_groups: "--disable-metric=nova-security_groups" +prometheus_openstack_exporter_disabled_items: "{{ [prometheus_openstack_exporter_disabled_volume, prometheus_openstack_exporter_disabled_dns, prometheus_openstack_exporter_disabled_object, prometheus_openstack_exporter_disabled_lb, prometheus_openstack_exporter_disabled_security_groups | trim] | join(' ') | trim }}" prometheus_server_command: >- /opt/prometheus/prometheus --web.config.file=/etc/prometheus/web.yml --config.file /etc/prometheus/prometheus.yml @@ -354,7 +390,7 @@ prometheus_server_command: >- --storage.tsdb.path /var/lib/prometheus{% if prometheus_cmdline_extras %} {{ prometheus_cmdline_extras }}{% endif %} prometheus_blackbox_exporter_cmdline_extras: "" -prometheus_cadvisor_cmdline_extras: "--docker_only --store_container_labels=false --disable_metrics=percpu,referenced_memory,cpu_topology,resctrl,udp,advtcp,sched,hugetlb,memory_numa,tcp,process" +prometheus_cadvisor_cmdline_extras: "--docker_only --store_container_labels=false --disable_metrics=percpu,referenced_memory,cpu_topology,resctrl,udp,advtcp,sched,hugetlb,memory_numa,tcp,process --housekeeping_interval={{ prometheus_scrape_interval }}" prometheus_elasticsearch_exporter_cmdline_extras: "" prometheus_haproxy_exporter_cmdline_extras: "" prometheus_memcached_exporter_cmdline_extras: "" diff --git a/ansible/roles/prometheus/handlers/main.yml b/ansible/roles/prometheus/handlers/main.yml index e9bccb5b43..515a107885 100644 --- a/ansible/roles/prometheus/handlers/main.yml +++ b/ansible/roles/prometheus/handlers/main.yml @@ -136,6 +136,21 @@ when: - kolla_action != "config" +- name: Restart prometheus-pushgateway container + vars: + service_name: "prometheus-pushgateway" + service: "{{ prometheus_services[service_name] }}" + become: true + kolla_container: + action: "recreate_or_restart_container" + common_options: "{{ docker_common_options }}" + name: "{{ service.container_name }}" + image: "{{ service.image }}" + volumes: "{{ service.volumes }}" + dimensions: "{{ service.dimensions }}" + when: + - kolla_action != "config" + - name: Restart prometheus-blackbox-exporter container vars: service_name: "prometheus-blackbox-exporter" @@ -148,6 +163,7 @@ image: "{{ service.image }}" volumes: "{{ service.volumes }}" dimensions: "{{ service.dimensions }}" + privileged: "{{ service.privileged | default(False) }}" when: - kolla_action != "config" diff --git a/ansible/roles/prometheus/tasks/precheck.yml b/ansible/roles/prometheus/tasks/precheck.yml index 744bc4ad7c..1c493bdc3f 100644 --- a/ansible/roles/prometheus/tasks/precheck.yml +++ b/ansible/roles/prometheus/tasks/precheck.yml @@ -19,6 +19,7 @@ - prometheus_alertmanager - prometheus_openstack_exporter - prometheus_elasticsearch_exporter + - prometheus_pushgateway - prometheus_blackbox_exporter - prometheus_libvirt_exporter - prometheus_msteams @@ -162,6 +163,20 @@ with_items: - "{{ prometheus_elasticsearch_exporter_port }}" +- name: Checking free ports for Prometheus pushgateway + wait_for: + host: "{{ 'api' | kolla_address }}" + port: "{{ item }}" + connect_timeout: 1 + timeout: 1 + state: stopped + when: + - container_facts['prometheus_pushgateway'] is not defined + - inventory_hostname in groups['prometheus-pushgateway'] + - enable_prometheus_pushgateway | bool + with_items: + - "{{ prometheus_pushgateway_port }}" + - name: Checking free ports for Prometheus blackbox-exporter wait_for: host: "{{ 'api' | kolla_address }}" diff --git a/ansible/roles/prometheus/templates/prometheus-pushgateway.json.j2 b/ansible/roles/prometheus/templates/prometheus-pushgateway.json.j2 new file mode 100644 index 0000000000..37233de35d --- /dev/null +++ b/ansible/roles/prometheus/templates/prometheus-pushgateway.json.j2 @@ -0,0 +1,16 @@ +{ + "command": "/opt/pushgateway/pushgateway --web.listen-address {{ api_interface_address }}:{{ prometheus_pushgateway_port }} --persistence.file /var/lib/prometheus_pushgateway/persistence.file", + "config_files": [], + "permissions": [ + { + "path": "/var/log/kolla/prometheus", + "owner": "prometheus:kolla", + "recurse": true + }, + { + "path": "/var/lib/prometheus_pushgateway", + "owner": "prometheus:prometheus", + "recurse": true + } + ] +} \ No newline at end of file diff --git a/ansible/roles/prometheus/templates/prometheus.yml.j2 b/ansible/roles/prometheus/templates/prometheus.yml.j2 index be4febed04..61f952b092 100644 --- a/ansible/roles/prometheus/templates/prometheus.yml.j2 +++ b/ansible/roles/prometheus/templates/prometheus.yml.j2 @@ -228,6 +228,17 @@ scrape_configs: {% endfor %} {% endif %} +{% if enable_prometheus_pushgateway | bool %} + - job_name: pushgateway + scrape_interval: {{ prometheus_pushgateway_interval }} + honor_labels: true + static_configs: + - targets: +{% for host in groups["prometheus-pushgateway"] %} + - '{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ hostvars[host]['prometheus_pushgateway_port'] }}' +{% endfor %} +{% endif %} + {% if enable_prometheus_alertmanager | bool %} - job_name: alertmanager static_configs: diff --git a/ansible/roles/rabbitmq/defaults/main.yml b/ansible/roles/rabbitmq/defaults/main.yml index bf2573fef7..7ae0cbde52 100644 --- a/ansible/roles/rabbitmq/defaults/main.yml +++ b/ansible/roles/rabbitmq/defaults/main.yml @@ -117,22 +117,13 @@ rabbitmq_plugins: enabled: True - name: "rabbitmq_prometheus" enabled: "{{ rabbitmq_enable_prometheus_plugin | bool }}" + - name: "rabbitmq_shovel" + enabled: True + - name: "rabbitmq_shovel_management" + enabled: True rabbitmq_enabled_plugins: "{{ rabbitmq_plugins | selectattr('enabled', 'equalto', true) | list }}" -rabbitmq_feature_flags: - - "quorum_queue" - - "implicit_default_bindings" - - "virtual_host_metadata" - - "maintenance_mode_status" - - "user_limits" - - "stream_queue" - - "classic_queue_type_delivery_support" - - "tracking_records_in_ets" - - "stream_single_active_consumer" - - "listener_records_in_ets" - - "feature_flags_v2" - - "direct_exchange_routing_v2" - - "classic_mirrored_queue_version" - kolla_externally_managed_cert: False + +rabbitmq_version_suffix: "" diff --git a/ansible/roles/rabbitmq/tasks/deploy.yml b/ansible/roles/rabbitmq/tasks/deploy.yml index 7be978c440..5686a515c2 100644 --- a/ansible/roles/rabbitmq/tasks/deploy.yml +++ b/ansible/roles/rabbitmq/tasks/deploy.yml @@ -1,4 +1,6 @@ --- +- import_tasks: version-check.yml + - include_tasks: remove-ha-all-policy.yml when: - not om_enable_rabbitmq_high_availability | bool diff --git a/ansible/roles/rabbitmq/tasks/feature-flags.yml b/ansible/roles/rabbitmq/tasks/feature-flags.yml index f889086a73..01a27ed920 100644 --- a/ansible/roles/rabbitmq/tasks/feature-flags.yml +++ b/ansible/roles/rabbitmq/tasks/feature-flags.yml @@ -1,10 +1,5 @@ --- -- name: Enable feature flags - kolla_toolbox: - container_engine: "{{ kolla_container_engine }}" - module_name: "community.rabbitmq.rabbitmq_feature_flag" - module_args: - name: "{{ item }}" - user: root +- name: Enable all stable feature flags + command: "{{ kolla_container_engine }} exec rabbitmq rabbitmqctl enable_feature_flag all" become: true - loop: "{{ rabbitmq_feature_flags }}" + changed_when: false diff --git a/ansible/roles/rabbitmq/tasks/precheck.yml b/ansible/roles/rabbitmq/tasks/precheck.yml index ad663ce729..b1e8c5fdb5 100644 --- a/ansible/roles/rabbitmq/tasks/precheck.yml +++ b/ansible/roles/rabbitmq/tasks/precheck.yml @@ -223,3 +223,32 @@ - container_facts['rabbitmq'] is defined - om_enable_rabbitmq_high_availability | bool tags: rabbitmq-ha-precheck + +- block: + - name: List RabbitMQ queues + become: true + command: "{{ kolla_container_engine }} exec rabbitmq rabbitmqctl list_queues --silent name type --formatter json" + register: rabbitmq_queues + changed_when: false + check_mode: false + + - name: Check if RabbitMQ quorum queues need to be configured + assert: + that: "{{ item.type == 'quorum' }}" + fail_msg: > + om_enable_rabbitmq_quorum_queues is True but {{ item.name }} is a non-quorum queue. + Currently the procedure to migrate to quorum queues is manual. + Please follow the process described here: https://docs.openstack.org/kolla-ansible/latest/reference/message-queues/rabbitmq.html#high-availability. + Note that this process may take several hours on larger systems, and may cause a degredation in performance at large scale. + If you do not wish to enable this feature, set om_enable_rabbitmq_quorum_queues to False. + loop: "{{ (rabbitmq_queues.stdout | from_json) if rabbitmq_queues is not skipped else [] }}" + loop_control: + label: "{{ item.name }}" + # TODO(mattcress): remove skipping reply and fanout once https://review.opendev.org/c/openstack/oslo.messaging/+/888479 is merged. + when: not (item.name is search('reply_') or item.name is search('_fanout_')) + + run_once: true + when: + - container_facts['rabbitmq'] is defined + - om_enable_rabbitmq_quorum_queues | bool + tags: rabbitmq-ha-precheck diff --git a/ansible/roles/rabbitmq/tasks/restart_services.yml b/ansible/roles/rabbitmq/tasks/restart_services.yml index c94e1f5482..33a08dcd38 100644 --- a/ansible/roles/rabbitmq/tasks/restart_services.yml +++ b/ansible/roles/rabbitmq/tasks/restart_services.yml @@ -36,4 +36,4 @@ service_name: "rabbitmq" service: "{{ rabbitmq_services[service_name] }}" become: true - command: "{{ kolla_container_engine }} exec {{ service.container_name }} rabbitmqctl wait {{ rabbitmq_pid_file }}" + command: "{{ kolla_container_engine }} exec {{ service.container_name }} rabbitmqctl wait --timeout 60 {{ rabbitmq_pid_file }}" diff --git a/ansible/roles/rabbitmq/tasks/version-check.yml b/ansible/roles/rabbitmq/tasks/version-check.yml new file mode 100644 index 0000000000..59e24baf6a --- /dev/null +++ b/ansible/roles/rabbitmq/tasks/version-check.yml @@ -0,0 +1,54 @@ +--- +- block: + - name: Get container facts + become: true + kolla_container_facts: + container_engine: "{{ kolla_container_engine }}" + name: + - "{{ service.container_name }}" + register: container_facts + + - block: + - name: Get current RabbitMQ version + become: true + command: "{{ kolla_container_engine }} exec {{ service.container_name }} rabbitmqctl --version" + register: rabbitmq_version_current + changed_when: false + + - name: Get new RabbitMQ version + become: true + vars: + rabbitmq_container: "{{ rabbitmq_services['rabbitmq'] }}" + kolla_container: + action: "start_container" + command: "rabbitmqctl --version" + common_options: "{{ docker_common_options }}" + container_engine: "{{ kolla_container_engine }}" + detach: false + environment: + KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}" + image: "{{ rabbitmq_container.image }}" + name: "rabbitmq_version_check" + restart_policy: oneshot + volumes: "{{ rabbitmq_default_volumes + rabbitmq_extra_volumes }}" + register: rabbitmq_version_new + failed_when: false + check_mode: false + + - name: Catch when RabbitMQ is being downgraded + assert: + that: rabbitmq_version_current.stdout is version(rabbitmq_version_new.stdout | trim, 'le', version_type='semver') + fail_msg: > + Looks like you're about to downgrade RabbitMQ from version {{ rabbitmq_version_current.stdout }} to version {{ rabbitmq_version_new.stdout | trim }}. + If you're absolutely certain you want to do this, please skip the tag `rabbitmq-version-check`. + Otherwise, see these docs for how to pin the version of RabbitMQ: + https://docs.openstack.org/kolla-ansible/latest/reference/message-queues/rabbitmq.html#rabbitmq-versions + + when: container_facts[service.container_name] is defined + + delegate_to: "{{ groups[role_rabbitmq_groups] | first }}" + run_once: true + tags: rabbitmq-version-check + vars: + service_name: "rabbitmq" + service: "{{ rabbitmq_services[service_name] }}" diff --git a/ansible/roles/sahara/defaults/main.yml b/ansible/roles/sahara/defaults/main.yml index c22a6a16b6..5c74b42295 100644 --- a/ansible/roles/sahara/defaults/main.yml +++ b/ansible/roles/sahara/defaults/main.yml @@ -93,7 +93,7 @@ sahara_engine_enable_healthchecks: "{{ enable_container_healthchecks }}" sahara_engine_healthcheck_interval: "{{ default_container_healthcheck_interval }}" sahara_engine_healthcheck_retries: "{{ default_container_healthcheck_retries }}" sahara_engine_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}" -sahara_engine_healthcheck_test: ["CMD-SHELL", "healthcheck_port sahara_engine {{ om_rpc_port }}"] +sahara_engine_healthcheck_test: ["CMD-SHELL", "healthcheck_port sahara-engine {{ om_rpc_port }}"] sahara_engine_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}" sahara_engine_healthcheck: interval: "{{ sahara_engine_healthcheck_interval }}" diff --git a/ansible/roles/service-ks-register/defaults/main.yml b/ansible/roles/service-ks-register/defaults/main.yml index df5684332b..542cfb04e4 100644 --- a/ansible/roles/service-ks-register/defaults/main.yml +++ b/ansible/roles/service-ks-register/defaults/main.yml @@ -15,6 +15,7 @@ service_ks_register_domain: "default" # fields: # 'url' # 'interface' +# 'state' (optional) service_ks_register_services: [] # A list of users and associated roles for this service to register with # Keystone. Each item should provide the following fields: diff --git a/ansible/roles/service-ks-register/tasks/main.yml b/ansible/roles/service-ks-register/tasks/main.yml index 056a9fc707..3cab55ff33 100644 --- a/ansible/roles/service-ks-register/tasks/main.yml +++ b/ansible/roles/service-ks-register/tasks/main.yml @@ -34,6 +34,7 @@ auth: "{{ service_ks_register_auth }}" interface: "{{ service_ks_register_interface }}" cacert: "{{ service_ks_cacert }}" + state: "{{ item.1.state | default(omit) }}" with_subelements: - "{{ service_ks_register_services }}" - endpoints @@ -70,6 +71,7 @@ default_project: "{{ item.project }}" name: "{{ item.user }}" password: "{{ item.password }}" + update_password: "{{ 'always' if update_keystone_service_user_passwords | bool else 'on_create' }}" domain: "{{ service_ks_register_domain }}" region_name: "{{ service_ks_register_region_name }}" auth: "{{ service_ks_register_auth }}" diff --git a/ansible/roles/service-rabbitmq/tasks/main.yml b/ansible/roles/service-rabbitmq/tasks/main.yml index 74f610a1eb..bc1cb2c7d0 100644 --- a/ansible/roles/service-rabbitmq/tasks/main.yml +++ b/ansible/roles/service-rabbitmq/tasks/main.yml @@ -20,7 +20,7 @@ module_args: user: "{{ item.user }}" password: "{{ item.password }}" - node: "rabbit@{{ ansible_facts.hostname }}" + node: "rabbit@{{ hostvars[service_rabbitmq_delegate_host]['ansible_facts']['hostname'] }}" update_password: always vhost: "{{ item.vhost }}" configure_priv: ".*" diff --git a/ansible/roles/skyline/tasks/stop.yml b/ansible/roles/skyline/tasks/stop.yml index a8e927807d..965ab35b97 100644 --- a/ansible/roles/skyline/tasks/stop.yml +++ b/ansible/roles/skyline/tasks/stop.yml @@ -1,11 +1,6 @@ --- -- name: "Stopping skyline containers" +- import_role: + name: service-stop vars: - service: "{{ item.value }}" - docker_container: - name: "{{ service.container_name }}" - state: stopped - when: - - service.enabled | bool - - service.container_name not in skip_stop_containers - with_dict: "{{ skyline_services }}" + project_services: "{{ skyline_services }}" + service_name: "{{ project_name }}" diff --git a/ansible/roles/skyline/templates/gunicorn.py.j2 b/ansible/roles/skyline/templates/gunicorn.py.j2 index ba8289ee2b..790989932e 100644 --- a/ansible/roles/skyline/templates/gunicorn.py.j2 +++ b/ansible/roles/skyline/templates/gunicorn.py.j2 @@ -20,6 +20,10 @@ timeout = {{ skyline_gunicorn_timeout }} keepalive = {{ skyline_gunicorn_keepalive }} reuse_port = True proc_name = "{{ project_name }}" +{% if skyline_ssl_certfile and skyline_ssl_keyfile %} +keyfile = "{{ skyline_ssl_keyfile }}" +certfile = "{{ skyline_ssl_certfile }}" +{% endif %} logconfig_dict = { "version": 1, diff --git a/ansible/roles/skyline/templates/nginx.conf.j2 b/ansible/roles/skyline/templates/nginx.conf.j2 index 7219d6a1fe..2e891e952b 100644 --- a/ansible/roles/skyline/templates/nginx.conf.j2 +++ b/ansible/roles/skyline/templates/nginx.conf.j2 @@ -9,6 +9,11 @@ events { } http { + # 动态识别 WebSocket 请求(根据 Upgrade 头) + map $http_upgrade $connection_upgrade { + default "keep-alive"; # 默认保持 HTTP 长连接 + websocket "upgrade"; # 检测到 WebSocket 时升级协议 + } ## # Basic Settings @@ -98,8 +103,8 @@ http { {% if enable_keystone | bool %}# Region: {{ openstack_region_name }}, Service: keystone location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/keystone { - proxy_pass {{ internal_protocol }}://{{ keystone_internal_fqdn | put_address_in_context('url') }}:{{ keystone_public_port }}/; - proxy_redirect {{ internal_protocol }}://{{ keystone_internal_fqdn | put_address_in_context('url') }}:{{ keystone_public_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/keystone/; + proxy_pass {{ internal_protocol }}://{{ keystone_internal_fqdn | put_address_in_context('url') }}:{{ keystone_internal_port }}/; + proxy_redirect {{ internal_protocol }}://{{ keystone_internal_fqdn | put_address_in_context('url') }}:{{ keystone_internal_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/keystone/; proxy_buffering off; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -251,6 +256,28 @@ http { proxy_set_header Host $http_host; } {% endif %} + {% if enable_dingo_command | bool %}# Region: {{ openstack_region_name }}, Service: dingo-command + location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/dingo-command/v1 { + proxy_pass {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ dingo_command_port }}/v1; + proxy_redirect {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ dingo_command_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/dingo-command/v1; + proxy_buffering off; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header Host $http_host; + } + # 处理 WebSocket 请求 + location /ws_dingo-command/regionone/v1 { + proxy_pass {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ dingo_command_port }}/v1; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; # 传递协议升级头 + proxy_set_header Connection $connection_upgrade; # 动态升级连接 + + # 维持长连接关键参数 + proxy_read_timeout 86400s; # 超时时间设为 24 小时 + proxy_send_timeout 86400s; + } + {% endif %} } diff --git a/ansible/roles/skyline/templates/skyline.yaml.j2 b/ansible/roles/skyline/templates/skyline.yaml.j2 index f998109546..1c99746fd5 100644 --- a/ansible/roles/skyline/templates/skyline.yaml.j2 +++ b/ansible/roles/skyline/templates/skyline.yaml.j2 @@ -1,4 +1,8 @@ default: + prometheus_basic_auth_user: admin + prometheus_basic_auth_password: "{{ prometheus_password }}" + prometheus_enable_basic_auth: true + prometheus_endpoint: "{{ prometheus_internal_fqdn | kolla_url(internal_protocol, prometheus_port) }}" access_token_expire: {{ skyline_access_token_expire_seconds }} access_token_renew: {{ skyline_access_token_renew_seconds }} cors_allow_origins: {{ skyline_backend_cors_origins }} @@ -25,6 +29,9 @@ openstack: {% if enable_neutron_qos | bool %} qos: neutron_qos {% endif %} +{% if enable_neutron_fwaas | bool %} + fwaas_v2: neutron_firewall +{% endif %} {% if enable_neutron_vpnaas | bool %} vpnaas: neutron_vpn {% endif %} @@ -62,7 +69,7 @@ openstack: {% if enable_neutron | bool %} network: neutron {% endif %} -{% if enable_swift | bool %} +{% if enable_swift | bool or enable_ceph_rgw | bool %} object-store: swift {% endif %} {% if enable_heat | bool %} diff --git a/ansible/roles/skyline_console/defaults/main.yml b/ansible/roles/skyline_console/defaults/main.yml new file mode 100644 index 0000000000..a5a6debd82 --- /dev/null +++ b/ansible/roles/skyline_console/defaults/main.yml @@ -0,0 +1,139 @@ +--- +skyline_services: + skyline-console: + container_name: skyline_console + group: skyline-console + enabled: true + image: "{{ skyline_console_image_full }}" + volumes: "{{ skyline_console_default_volumes + skyline_console_extra_volumes }}" + dimensions: "{{ skyline_console_dimensions }}" + healthcheck: "{{ skyline_console_healthcheck }}" + haproxy: + skyline_console: + enabled: "{{ enable_skyline }}" + mode: "http" + external: false + port: "{{ skyline_console_port }}" + listen_port: "{{ skyline_console_listen_port }}" + tls_backend: "{{ skyline_enable_tls_backend }}" + skyline_console_external: + enabled: "{{ enable_skyline }}" + mode: "http" + external: true + external_fqdn: "{{ skyline_console_external_fqdn }}" + port: "{{ skyline_console_port }}" + listen_port: "{{ skyline_console_listen_port }}" + tls_backend: "{{ skyline_enable_tls_backend }}" + +#################### +# Database +#################### +skyline_database_name: "skyline" +skyline_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}skyline{% endif %}" +skyline_database_address: "{{ database_address | put_address_in_context('url') }}:{{ database_port }}" + +#################### +# Database sharding +#################### +skyline_database_shard_root_user: "{% if enable_proxysql | bool %}root_shard_{{ skyline_database_shard_id }}{% else %}{{ database_user }}{% endif %}" +skyline_database_shard_id: "{{ mariadb_default_database_shard_id | int }}" +skyline_database_shard: + users: + - user: "{{ skyline_database_user }}" + password: "{{ skyline_database_password }}" + rules: + - schema: "{{ skyline_database_name }}" + shard_id: "{{ skyline_database_shard_id }}" + +#################### +# Docker +#################### +skyline_tag: "{{ openstack_tag }}" + + +skyline_console_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/skyline-console" +skyline_console_tag: "{{ skyline_tag }}" +skyline_console_image_full: "{{ skyline_console_image }}:{{ skyline_console_tag }}" + +skyline_console_dimensions: "{{ default_container_dimensions }}" + +skyline_console_enable_healthchecks: "{{ enable_container_healthchecks }}" +skyline_console_healthcheck_interval: "{{ default_container_healthcheck_interval }}" +skyline_console_healthcheck_retries: "{{ default_container_healthcheck_retries }}" +skyline_console_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}" +skyline_console_healthcheck_test: ["CMD-SHELL", "healthcheck_curl {{ 'https' if skyline_enable_tls_backend | bool else 'http' }}://{{ api_interface_address | put_address_in_context('url') }}:{{ skyline_console_listen_port }}/docs"] +skyline_console_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}" +skyline_console_healthcheck: + interval: "{{ skyline_console_healthcheck_interval }}" + retries: "{{ skyline_console_healthcheck_retries }}" + start_period: "{{ skyline_console_healthcheck_start_period }}" + test: "{% if skyline_console_enable_healthchecks | bool %}{{ skyline_console_healthcheck_test }}{% else %}NONE{% endif %}" + timeout: "{{ skyline_console_healthcheck_timeout }}" + + +skyline_console_default_volumes: + - "{{ node_config_directory }}/skyline-console/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}" + - "kolla_logs:/var/log/kolla/" + +skyline_extra_volumes: "{{ default_extra_volumes }}" +skyline_console_extra_volumes: "{{ skyline_extra_volumes }}" + +#################### +# OpenStack +#################### +skyline_logging_debug: "{{ openstack_logging_debug }}" +skyline_apiserver_internal_base_endpoint: "{{ skyline_apiserver_internal_fqdn | kolla_url(internal_protocol, skyline_apiserver_port) }}" +skyline_apiserver_public_base_endpoint: "{{ skyline_apiserver_external_fqdn | kolla_url(public_protocol, skyline_apiserver_public_port) }}" +openstack_skyline_auth: "{{ openstack_auth }}" + +#################### +# Skyline +#################### +log_dir: /var/log/kolla/skyline +skyline_access_token_expire_seconds: 3600 +skyline_access_token_renew_seconds: 1800 +skyline_backend_cors_origins: [] +skyline_nginx_prefix: /api/openstack +# if set skyline_base_domains_ignore as true, we will not display +# the domains like heat_user_domain when we login from skyline. +skyline_base_domains_ignore: true +skyline_system_admin_roles: + - admin +skyline_system_reader_roles: + - system_reader +skyline_keystone_url: "{{ keystone_internal_url }}/v3/" +skyline_session_name: session +skyline_reclaim_instance_interval: 604800 + +skyline_gunicorn_debug_level: "{% if openstack_logging_debug | bool %}DEBUG{% else %}INFO{% endif %}" +skyline_gunicorn_timeout: 300 +skyline_gunicorn_keepalive: 5 +skyline_gunicorn_workers: "{{ openstack_service_workers }}" + +skyline_ssl_certfile: "{{ '/etc/skyline/certs/skyline-cert.pem' if skyline_enable_tls_backend | bool else '' }}" +skyline_ssl_keyfile: "{{ '/etc/skyline/certs/skyline-key.pem' if skyline_enable_tls_backend | bool else '' }}" + +#################### +# Keystone +#################### +skyline_keystone_user: skyline +skyline_ks_services: + - name: "skyline" + type: "panel" + description: "OpenStack Dashboard Service" + endpoints: + - {'interface': 'internal', 'url': '{{ skyline_apiserver_internal_base_endpoint }}'} + - {'interface': 'public', 'url': '{{ skyline_apiserver_public_base_endpoint }}'} + +skyline_ks_users: + - project: "service" + user: "{{ skyline_keystone_user }}" + password: "{{ skyline_keystone_password }}" + role: "admin" + +#################### +# TLS +#################### +skyline_enable_tls_backend: "{{ kolla_enable_tls_backend }}" diff --git a/ansible/roles/skyline_console/handlers/main.yml b/ansible/roles/skyline_console/handlers/main.yml new file mode 100644 index 0000000000..94975464ba --- /dev/null +++ b/ansible/roles/skyline_console/handlers/main.yml @@ -0,0 +1,16 @@ +--- +- name: Restart skyline-console container + vars: + service_name: "skyline-console" + service: "{{ skyline_services[service_name] }}" + become: true + kolla_container: + action: "recreate_or_restart_container" + common_options: "{{ docker_common_options }}" + name: "{{ service.container_name }}" + image: "{{ service.image }}" + volumes: "{{ service.volumes | reject('equalto', '') | list }}" + dimensions: "{{ service.dimensions }}" + healthcheck: "{{ service.healthcheck | default(omit) }}" + when: + - kolla_action != "config" diff --git a/ansible/roles/skyline_console/tasks/bootstrap.yml b/ansible/roles/skyline_console/tasks/bootstrap.yml new file mode 100644 index 0000000000..38b7d84448 --- /dev/null +++ b/ansible/roles/skyline_console/tasks/bootstrap.yml @@ -0,0 +1,38 @@ +--- +- name: Creating Skyline database + become: true + kolla_toolbox: + container_engine: "{{ kolla_container_engine }}" + module_name: mysql_db + module_args: + login_host: "{{ database_address }}" + login_port: "{{ database_port }}" + login_user: "{{ skyline_database_shard_root_user }}" + login_password: "{{ database_password }}" + name: "{{ skyline_database_name }}" + run_once: True + delegate_to: "{{ groups['skyline-apiserver'][0] }}" + when: + - not use_preconfigured_databases | bool + +- name: Creating Skyline database user and setting permissions + become: true + kolla_toolbox: + container_engine: "{{ kolla_container_engine }}" + module_name: mysql_user + module_args: + login_host: "{{ database_address }}" + login_port: "{{ database_port }}" + login_user: "{{ skyline_database_shard_root_user }}" + login_password: "{{ database_password }}" + name: "{{ skyline_database_user }}" + password: "{{ skyline_database_password }}" + host: "%" + priv: "{{ skyline_database_name }}.*:ALL" + append_privs: "yes" + run_once: True + delegate_to: "{{ groups['skyline-apiserver'][0] }}" + when: + - not use_preconfigured_databases | bool + +- import_tasks: bootstrap_service.yml diff --git a/ansible/roles/skyline_console/tasks/bootstrap_service.yml b/ansible/roles/skyline_console/tasks/bootstrap_service.yml new file mode 100644 index 0000000000..a81887c236 --- /dev/null +++ b/ansible/roles/skyline_console/tasks/bootstrap_service.yml @@ -0,0 +1,20 @@ +--- +- name: Running Skyline bootstrap container + vars: + skyline_apiserver: "{{ skyline_services['skyline-console'] }}" + become: true + kolla_container: + action: "start_container" + common_options: "{{ docker_common_options }}" + detach: False + environment: + KOLLA_BOOTSTRAP: + KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}" + image: "{{ skyline_apiserver.image }}" + labels: + BOOTSTRAP: + name: "bootstrap_skyline" + restart_policy: oneshot + volumes: "{{ skyline_apiserver.volumes | reject('equalto', '') | list }}" + run_once: True + delegate_to: "{{ groups[skyline_apiserver.group][0] }}" diff --git a/ansible/roles/skyline_console/tasks/check-containers.yml b/ansible/roles/skyline_console/tasks/check-containers.yml new file mode 100644 index 0000000000..1ece87d607 --- /dev/null +++ b/ansible/roles/skyline_console/tasks/check-containers.yml @@ -0,0 +1,17 @@ +--- +- name: Check skyline container + become: true + kolla_container: + action: "compare_container" + common_options: "{{ docker_common_options }}" + name: "{{ item.value.container_name }}" + image: "{{ item.value.image }}" + volumes: "{{ item.value.volumes | reject('equalto', '') | list }}" + dimensions: "{{ item.value.dimensions }}" + healthcheck: "{{ horizon.healthcheck | default(omit) }}" + when: + - inventory_hostname in groups[item.value.group] + - item.value.enabled | bool + with_dict: "{{ skyline_services }}" + notify: + - "Restart {{ item.key }} container" diff --git a/ansible/roles/skyline_console/tasks/check.yml b/ansible/roles/skyline_console/tasks/check.yml new file mode 100644 index 0000000000..ed97d539c0 --- /dev/null +++ b/ansible/roles/skyline_console/tasks/check.yml @@ -0,0 +1 @@ +--- diff --git a/ansible/roles/skyline_console/tasks/config.yml b/ansible/roles/skyline_console/tasks/config.yml new file mode 100644 index 0000000000..13d620d2a8 --- /dev/null +++ b/ansible/roles/skyline_console/tasks/config.yml @@ -0,0 +1,69 @@ +--- +- name: Ensuring config directories exist + file: + path: "{{ node_config_directory }}/{{ item.key }}" + state: "directory" + owner: "{{ config_owner_user }}" + group: "{{ config_owner_group }}" + mode: "0770" + become: true + when: + - inventory_hostname in groups[item.value.group] + - item.value.enabled | bool + with_dict: "{{ skyline_services }}" + +- include_tasks: copy-certs.yml + when: + - kolla_copy_ca_into_containers | bool or skyline_enable_tls_backend | bool + +- name: Copying over skyline.yaml files for services + template: + src: "skyline.yaml.j2" + dest: "{{ node_config_directory }}/{{ item.key }}/skyline.yaml" + mode: "0660" + become: true + when: + - inventory_hostname in groups[item.value.group] + - item.value.enabled | bool + with_dict: "{{ skyline_services }}" + notify: + - "Restart {{ item.key }} container" + +- name: Copying over gunicorn.py files for services + template: + src: "gunicorn.py.j2" + dest: "{{ node_config_directory }}/{{ item.key }}/gunicorn.py" + mode: "0660" + become: true + when: + - inventory_hostname in groups['skyline-apiserver'] + - item.value.enabled | bool + with_dict: "{{ skyline_services }}" + notify: + - "Restart {{ item.key }} container" + +- name: Copying over nginx.conf files for services + template: + src: "nginx.conf.j2" + dest: "{{ node_config_directory }}/{{ item.key }}/nginx.conf" + mode: "0660" + become: true + when: + - inventory_hostname in groups['skyline-console'] + - item.value.enabled | bool + with_dict: "{{ skyline_services }}" + notify: + - "Restart {{ item.key }} container" + +- name: Copying over config.json files for services + template: + src: "{{ item.key }}.json.j2" + dest: "{{ node_config_directory }}/{{ item.key }}/config.json" + mode: "0660" + become: true + when: + - inventory_hostname in groups[item.value.group] + - item.value.enabled | bool + with_dict: "{{ skyline_services }}" + notify: + - "Restart {{ item.key }} container" diff --git a/ansible/roles/skyline_console/tasks/config_validate.yml b/ansible/roles/skyline_console/tasks/config_validate.yml new file mode 100644 index 0000000000..ed97d539c0 --- /dev/null +++ b/ansible/roles/skyline_console/tasks/config_validate.yml @@ -0,0 +1 @@ +--- diff --git a/ansible/roles/skyline_console/tasks/copy-certs.yml b/ansible/roles/skyline_console/tasks/copy-certs.yml new file mode 100644 index 0000000000..3f39794746 --- /dev/null +++ b/ansible/roles/skyline_console/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ skyline_services }}" diff --git a/ansible/roles/skyline_console/tasks/deploy-containers.yml b/ansible/roles/skyline_console/tasks/deploy-containers.yml new file mode 100644 index 0000000000..eb24ab5c7a --- /dev/null +++ b/ansible/roles/skyline_console/tasks/deploy-containers.yml @@ -0,0 +1,2 @@ +--- +- import_tasks: check-containers.yml diff --git a/ansible/roles/skyline_console/tasks/deploy.yml b/ansible/roles/skyline_console/tasks/deploy.yml new file mode 100644 index 0000000000..d793a349da --- /dev/null +++ b/ansible/roles/skyline_console/tasks/deploy.yml @@ -0,0 +1,11 @@ +--- +- import_tasks: register.yml + +- import_tasks: config.yml + +- import_tasks: check-containers.yml + +- import_tasks: bootstrap.yml + +- name: Flush handlers + meta: flush_handlers diff --git a/ansible/roles/skyline_console/tasks/loadbalancer.yml b/ansible/roles/skyline_console/tasks/loadbalancer.yml new file mode 100644 index 0000000000..82cf637f3b --- /dev/null +++ b/ansible/roles/skyline_console/tasks/loadbalancer.yml @@ -0,0 +1,7 @@ +--- +- name: "Configure loadbalancer for {{ project_name }}" + import_role: + name: loadbalancer-config + vars: + project_services: "{{ skyline_services }}" + tags: always diff --git a/ansible/roles/skyline_console/tasks/main.yml b/ansible/roles/skyline_console/tasks/main.yml new file mode 100644 index 0000000000..bc5d1e6257 --- /dev/null +++ b/ansible/roles/skyline_console/tasks/main.yml @@ -0,0 +1,2 @@ +--- +- include_tasks: "{{ kolla_action }}.yml" diff --git a/ansible/roles/skyline_console/tasks/precheck.yml b/ansible/roles/skyline_console/tasks/precheck.yml new file mode 100644 index 0000000000..104797dc89 --- /dev/null +++ b/ansible/roles/skyline_console/tasks/precheck.yml @@ -0,0 +1,37 @@ +--- +- import_role: + name: service-precheck + vars: + service_precheck_services: "{{ skyline_services }}" + service_name: "{{ project_name }}" + +- name: Get container facts + become: true + kolla_container_facts: + container_engine: "{{ kolla_container_engine }}" + name: + - skyline_apiserver + - skyline_console + register: container_facts + +- name: Checking free port for Skyline APIServer + wait_for: + host: "{{ api_interface_address }}" + port: "{{ skyline_apiserver_listen_port }}" + connect_timeout: 1 + timeout: 1 + state: stopped + when: + - container_facts['skyline_apiserver'] is not defined + - inventory_hostname in groups['skyline-apiserver'] + +- name: Checking free port for Skyline Console + wait_for: + host: "{{ api_interface_address }}" + port: "{{ skyline_console_listen_port }}" + connect_timeout: 1 + timeout: 1 + state: stopped + when: + - container_facts['skyline_console'] is not defined + - inventory_hostname in groups['skyline-console'] diff --git a/ansible/roles/skyline_console/tasks/pull.yml b/ansible/roles/skyline_console/tasks/pull.yml new file mode 100644 index 0000000000..53f9c5fda1 --- /dev/null +++ b/ansible/roles/skyline_console/tasks/pull.yml @@ -0,0 +1,3 @@ +--- +- import_role: + role: service-images-pull diff --git a/ansible/roles/skyline_console/tasks/reconfigure.yml b/ansible/roles/skyline_console/tasks/reconfigure.yml new file mode 100644 index 0000000000..f670a5b78d --- /dev/null +++ b/ansible/roles/skyline_console/tasks/reconfigure.yml @@ -0,0 +1,2 @@ +--- +- include_tasks: deploy.yml diff --git a/ansible/roles/skyline_console/tasks/register.yml b/ansible/roles/skyline_console/tasks/register.yml new file mode 100644 index 0000000000..8cd7530f9d --- /dev/null +++ b/ansible/roles/skyline_console/tasks/register.yml @@ -0,0 +1,7 @@ +--- +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_skyline_auth }}" + service_ks_register_services: "{{ skyline_ks_services }}" + service_ks_register_users: "{{ skyline_ks_users }}" diff --git a/ansible/roles/skyline_console/tasks/stop.yml b/ansible/roles/skyline_console/tasks/stop.yml new file mode 100644 index 0000000000..965ab35b97 --- /dev/null +++ b/ansible/roles/skyline_console/tasks/stop.yml @@ -0,0 +1,6 @@ +--- +- import_role: + name: service-stop + vars: + project_services: "{{ skyline_services }}" + service_name: "{{ project_name }}" diff --git a/ansible/roles/skyline_console/tasks/upgrade.yml b/ansible/roles/skyline_console/tasks/upgrade.yml new file mode 100644 index 0000000000..49edff81e3 --- /dev/null +++ b/ansible/roles/skyline_console/tasks/upgrade.yml @@ -0,0 +1,7 @@ +--- +- import_tasks: config.yml + +- import_tasks: check-containers.yml + +- name: Flush handlers + meta: flush_handlers diff --git a/ansible/roles/skyline_console/templates/gunicorn.py.j2 b/ansible/roles/skyline_console/templates/gunicorn.py.j2 new file mode 100644 index 0000000000..790989932e --- /dev/null +++ b/ansible/roles/skyline_console/templates/gunicorn.py.j2 @@ -0,0 +1,70 @@ +# Copyright 2022 99cloud +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +bind = "{{ api_interface_address }}:{{ skyline_apiserver_port }}" +workers = {{ skyline_gunicorn_workers }} +worker_class = "uvicorn.workers.UvicornWorker" +timeout = {{ skyline_gunicorn_timeout }} +keepalive = {{ skyline_gunicorn_keepalive }} +reuse_port = True +proc_name = "{{ project_name }}" +{% if skyline_ssl_certfile and skyline_ssl_keyfile %} +keyfile = "{{ skyline_ssl_keyfile }}" +certfile = "{{ skyline_ssl_certfile }}" +{% endif %} + +logconfig_dict = { + "version": 1, + "disable_existing_loggers": False, + "root": {"level": "{{ skyline_gunicorn_debug_level }}", "handlers": ["console"]}, + "loggers": { + "gunicorn.error": { + "level": "{{ skyline_gunicorn_debug_level }}", + "handlers": ["error_file"], + "propagate": 0, + "qualname": "gunicorn_error", + }, + "gunicorn.access": { + "level": "{{ skyline_gunicorn_debug_level }}", + "handlers": ["access_file"], + "propagate": 0, + "qualname": "access", + }, + }, + "handlers": { + "error_file": { + "class": "logging.handlers.RotatingFileHandler", + "formatter": "generic", + "filename": "{{ log_dir }}/skyline-error.log", + }, + "access_file": { + "class": "logging.handlers.RotatingFileHandler", + "formatter": "generic", + "filename": "{{ log_dir }}/skyline-access.log", + }, + "console": { + "class": "logging.StreamHandler", + "level": "{{ skyline_gunicorn_debug_level }}", + "formatter": "generic", + }, + }, + "formatters": { + "generic": { + "format": "%(asctime)s.%(msecs)03d %(process)d %(levelname)s [-] %(message)s", + "datefmt": "[%Y-%m-%d %H:%M:%S %z]", + "class": "logging.Formatter", + } + }, +} diff --git a/ansible/roles/skyline_console/templates/nginx.conf.j2 b/ansible/roles/skyline_console/templates/nginx.conf.j2 new file mode 100644 index 0000000000..944bfd4e34 --- /dev/null +++ b/ansible/roles/skyline_console/templates/nginx.conf.j2 @@ -0,0 +1,313 @@ +daemon off; +worker_processes auto; +pid /run/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; + +events { + worker_connections 1024; + multi_accept on; +} + +http { + # 动态识别 WebSocket 请求(根据 Upgrade 头) + map $http_upgrade $connection_upgrade { + default "keep-alive"; # 默认保持 HTTP 长连接 + websocket "upgrade"; # 检测到 WebSocket 时升级协议 + } + + ## + # Basic Settings + ## + sendfile on; + tcp_nopush on; + tcp_nodelay on; + client_max_body_size 0; + types_hash_max_size 2048; + proxy_request_buffering off; + server_tokens off; + + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + {% if skyline_ssl_certfile and skyline_ssl_keyfile %} + ## + # SSL Settings + ## + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + + # Self signed certs generated by the ssl-cert package + # Don't use them in a production server! + ssl_certificate {{ skyline_ssl_certfile }}; + ssl_certificate_key {{ skyline_ssl_keyfile }}; + {% endif %} + ## + # Logging Settings + ## + log_format main '$remote_addr - $remote_user [$time_local] "$request_time" ' + '"$upstream_response_time" "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + access_log {{ log_dir | default('/var/log/skyline') }}/skyline-nginx-access.log main; + error_log {{ log_dir | default('/var/log/skyline') }}/skyline-nginx-error.log; + + ## + # Gzip Settings + ## + gzip on; + gzip_static on; + gzip_disable "msie6"; + + gzip_vary on; + gzip_proxied any; + gzip_comp_level 6; + gzip_buffers 16 8k; + # gzip_http_version 1.1; + gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + ## + # Virtual Host Configs + ## + server { + listen {{ api_interface_address | put_address_in_context('url') }}:{{ skyline_console_listen_port }}{% if skyline_ssl_certfile and skyline_ssl_keyfile %} ssl http2{% endif %} default_server; + + root /var/lib/kolla/venv/lib/python{{ distro_python_version }}/site-packages/skyline_console/static; + + # Add index.php to the list if you are using PHP + index index.html; + + server_name _; + + error_page 497 https://$http_host$request_uri; + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + try_files $uri $uri/ /index.html; + expires 1d; + add_header Cache-Control "public"; + } + + # Service: skyline + location {{ skyline_nginx_prefix }}/skyline/ { + proxy_pass {{ internal_protocol }}://{{ skyline_apiserver_internal_fqdn | put_address_in_context('url') }}:{{ skyline_apiserver_port }}/; + proxy_redirect {{ internal_protocol }}://{{ skyline_apiserver_internal_fqdn | put_address_in_context('url') }}:{{ skyline_apiserver_port }}/ {{ skyline_nginx_prefix }}/skyline/; + proxy_buffering off; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header Host $http_host; + } + + {% if enable_keystone | bool %}# Region: {{ openstack_region_name }}, Service: keystone + location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/keystone { + proxy_pass {{ internal_protocol }}://{{ keystone_internal_fqdn | put_address_in_context('url') }}:{{ keystone_internal_port }}/; + proxy_redirect {{ internal_protocol }}://{{ keystone_internal_fqdn | put_address_in_context('url') }}:{{ keystone_internal_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/keystone/; + proxy_buffering off; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header Host $http_host; + } + {% endif %} + + {% if enable_glance | bool %}# Region: {{ openstack_region_name }}, Service: glance + location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/glance { + proxy_pass {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ glance_api_port }}/; + proxy_redirect {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ glance_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/glance/; + proxy_buffering off; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header Host $http_host; + } + {% endif %} + + {% if enable_neutron | bool %}# Region: {{ openstack_region_name }}, Service: neutron + location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/neutron { + proxy_pass {{ internal_protocol }}://{{ neutron_internal_fqdn | put_address_in_context('url') }}:{{ neutron_server_port }}/; + proxy_redirect {{ internal_protocol }}://{{ neutron_internal_fqdn | put_address_in_context('url') }}:{{ neutron_server_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/neutron/; + proxy_buffering off; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header Host $http_host; + } + {% endif %} + + {% if enable_nova | bool %}# Region: {{ openstack_region_name }}, Service: nova + location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/nova { + proxy_pass {{ internal_protocol }}://{{ nova_internal_fqdn | put_address_in_context('url') }}:{{ nova_api_port }}/; + proxy_redirect {{ internal_protocol }}://{{ nova_internal_fqdn | put_address_in_context('url') }}:{{ nova_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/nova/; + proxy_buffering off; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header Host $http_host; + } + {% endif %} + + {% if enable_placement | bool %}# Region: {{ openstack_region_name }}, Service: placement + location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/placement { + proxy_pass {{ internal_protocol }}://{{ placement_internal_fqdn | put_address_in_context('url') }}:{{ placement_api_port }}/; + proxy_redirect {{ internal_protocol }}://{{ placement_internal_fqdn | put_address_in_context('url') }}:{{ placement_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/placement/; + proxy_buffering off; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header Host $http_host; + } + {% endif %} + + {% if enable_cinder | bool %}# Region: {{ openstack_region_name }}, Service: cinder + location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/cinder { + proxy_pass {{ internal_protocol }}://{{ cinder_internal_fqdn | put_address_in_context('url') }}:{{ cinder_api_port }}/; + proxy_redirect {{ internal_protocol }}://{{ cinder_internal_fqdn | put_address_in_context('url') }}:{{ cinder_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/cinder/; + proxy_buffering off; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header Host $http_host; + } + {% endif %} + + {% if enable_heat | bool %}# Region: {{ openstack_region_name }}, Service: heat + location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/heat { + proxy_pass {{ internal_protocol }}://{{ heat_internal_fqdn | put_address_in_context('url') }}:{{ heat_api_port }}/; + proxy_redirect {{ internal_protocol }}://{{ heat_internal_fqdn | put_address_in_context('url') }}:{{ heat_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/heat/; + proxy_buffering off; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header Host $http_host; + } + {% endif %} + + {% if enable_octavia | bool %}# Region: {{ openstack_region_name }}, Service: octavia + location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/octavia { + proxy_pass {{ internal_protocol }}://{{ octavia_internal_fqdn | put_address_in_context('url') }}:{{ octavia_api_port }}/; + proxy_redirect {{ internal_protocol }}://{{ octavia_internal_fqdn | put_address_in_context('url') }}:{{ octavia_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/octavia/; + proxy_buffering off; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header Host $http_host; + } + {% endif %} + + {% if enable_manila | bool %}# Region: {{ openstack_region_name }}, Service: manilav2 + location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/manilav2 { + proxy_pass {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ manila_api_port }}/; + proxy_redirect {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ manila_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/manilav2/; + proxy_buffering off; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header Host $http_host; + } + {% endif %} + + {% if enable_ironic | bool %}# Region: {{ openstack_region_name }}, Service: ironic + location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/ironic { + proxy_pass {{ internal_protocol }}://{{ ironic_internal_fqdn | put_address_in_context('url') }}:{{ ironic_api_port }}/; + proxy_redirect {{ internal_protocol }}://{{ ironic_internal_fqdn | put_address_in_context('url') }}:{{ ironic_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/ironic/; + proxy_buffering off; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header Host $http_host; + } + {% endif %} + + {% if enable_zun | bool %}# Region: {{ openstack_region_name }}, Service: zun + location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/zun { + proxy_pass {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ zun_api_port }}/; + proxy_redirect {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ zun_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/zun/; + proxy_buffering off; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header Host $http_host; + } + {% endif %} + + {% if enable_magnum | bool %}# Region: {{ openstack_region_name }}, Service: magnum + location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/magnum { + proxy_pass {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ magnum_api_port }}/; + proxy_redirect {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ magnum_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/magnum/; + proxy_buffering off; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header Host $http_host; + } + {% endif %} + + {% if enable_trove | bool %}# Region: {{ openstack_region_name }}, Service: trove + location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/trove { + proxy_pass {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ trove_api_port }}/; + proxy_redirect {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ trove_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/trove/; + proxy_buffering off; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header Host $http_host; + } + {% endif %} + {% if enable_dingo_command | bool %}# Region: {{ openstack_region_name }}, Service: dingo-command + location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/dingo-command/v1 { + proxy_pass {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ dingo_command_port }}/v1; + proxy_redirect {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ dingo_command_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/dingo-command/v1; + proxy_buffering off; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header Host $http_host; + + proxy_connect_timeout 600s; # 后端连接超时时间 + proxy_send_timeout 600s; # 向后端发送请求超时时间 + proxy_read_timeout 600s; # 从后端读取响应超时时间 + } + # 处理 WebSocket 请求 + location /ws_dingo-command/regionone/v1 { + proxy_pass {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ dingo_command_port }}/v1; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; # 传递协议升级头 + proxy_set_header Connection $connection_upgrade; # 动态升级连接 + + # 维持长连接关键参数 + proxy_read_timeout 86400s; # 超时时间设为 24 小时 + proxy_send_timeout 86400s; + } + {% endif %} + + {% if enable_cloudkitty | bool %}# Region: {{ openstack_region_name }}, Service: cloudkitty + location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/cloudkitty { + proxy_pass {{ internal_protocol }}://{{ cloudkitty_internal_fqdn | put_address_in_context('url') }}:{{ cloudkitty_api_port }}/; + proxy_redirect {{ internal_protocol }}://{{ cloudkitty_internal_fqdn | put_address_in_context('url') }}:{{ cloudkitty_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/cloudkitty/; + proxy_buffering off; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header Host $http_host; + proxy_set_header Accept application/json; + } + {% endif %} + + {% if enable_ceph_rgw | bool %}# Region: {{ openstack_region_name }}, Service: ceph_rgw + location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/swift { + proxy_pass {{ internal_protocol }}://{{ ceph_rgw_internal_fqdn }}:{{ ceph_rgw_port }}/{{ 'swift' if not ceph_rgw_swift_compatibility | bool }}; + proxy_redirect {{ internal_protocol }}://{{ ceph_rgw_internal_fqdn }}:{{ ceph_rgw_port }}/{{ 'swift' if not ceph_rgw_swift_compatibility | bool }} {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/swift/; + proxy_buffering off; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header Host $http_host; + } + {% endif %} + } + +} + diff --git a/ansible/roles/skyline_console/templates/skyline-apiserver.json.j2 b/ansible/roles/skyline_console/templates/skyline-apiserver.json.j2 new file mode 100644 index 0000000000..ee4559d4f8 --- /dev/null +++ b/ansible/roles/skyline_console/templates/skyline-apiserver.json.j2 @@ -0,0 +1,36 @@ +{ + "command": "gunicorn -c /etc/skyline/gunicorn.py skyline_apiserver.main:app", + "config_files": [ + { + "source": "{{ container_config_directory }}/skyline.yaml", + "dest": "/etc/skyline/skyline.yaml", + "owner": "skyline", + "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/gunicorn.py", + "dest": "/etc/skyline/gunicorn.py", + "owner": "skyline", + "perm": "0600" + }{% if skyline_enable_tls_backend | bool %}, + { + "source": "{{ container_config_directory }}/skyline-cert.pem", + "dest": "/etc/skyline/certs/skyline-cert.pem", + "owner": "skyline", + "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/skyline-key.pem", + "dest": "/etc/skyline/certs/skyline-key.pem", + "owner": "skyline", + "perm": "0600" + }{% endif %} + ], + "permissions": [ + { + "path": "/var/log/kolla/skyline", + "owner": "skyline:skyline", + "recurse": true + } + ] +} diff --git a/ansible/roles/skyline_console/templates/skyline-console.json.j2 b/ansible/roles/skyline_console/templates/skyline-console.json.j2 new file mode 100644 index 0000000000..905202f229 --- /dev/null +++ b/ansible/roles/skyline_console/templates/skyline-console.json.j2 @@ -0,0 +1,36 @@ +{ + "command": "nginx", + "config_files": [ + { + "source": "{{ container_config_directory }}/skyline.yaml", + "dest": "/etc/skyline/skyline.yaml", + "owner": "skyline", + "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/nginx.conf", + "dest": "/etc/nginx/nginx.conf", + "owner": "skyline", + "perm": "0600" + }{% if skyline_enable_tls_backend | bool %}, + { + "source": "{{ container_config_directory }}/skyline-cert.pem", + "dest": "/etc/skyline/certs/skyline-cert.pem", + "owner": "skyline", + "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/skyline-key.pem", + "dest": "/etc/skyline/certs/skyline-key.pem", + "owner": "skyline", + "perm": "0600" + }{% endif %} + ], + "permissions": [ + { + "path": "/var/log/kolla/skyline", + "owner": "skyline:skyline", + "recurse": true + } + ] +} diff --git a/ansible/roles/skyline_console/templates/skyline.yaml.j2 b/ansible/roles/skyline_console/templates/skyline.yaml.j2 new file mode 100644 index 0000000000..a1ac945a27 --- /dev/null +++ b/ansible/roles/skyline_console/templates/skyline.yaml.j2 @@ -0,0 +1,96 @@ +default: + prometheus_basic_auth_user: admin + prometheus_basic_auth_password: "{{ prometheus_password }}" + prometheus_enable_basic_auth: true + prometheus_endpoint: "{{ prometheus_internal_fqdn | kolla_url(internal_protocol, prometheus_port) }}" + access_token_expire: {{ skyline_access_token_expire_seconds }} + access_token_renew: {{ skyline_access_token_renew_seconds }} + cors_allow_origins: {{ skyline_backend_cors_origins }} + database_url: mysql://{{ skyline_database_user }}:{{ skyline_database_password }}@{{ skyline_database_address }}/{{ skyline_database_name }} + debug: {{ skyline_logging_debug }} + log_dir: {{ log_dir }} + secret_key: {{ skyline_secret_key }} + session_name: {{ skyline_session_name }} +openstack: +{% if skyline_base_domains_ignore | bool %} + base_domains: +{% if enable_heat | bool %} + - heat_user_domain +{% endif %} +{% if enable_magnum | bool %} + - magnum +{% endif %} +{% endif %} + default_region: {{ openstack_region_name }} + extension_mapping: +{% if enable_neutron_port_forwarding | bool %} + floating-ip-port-forwarding: neutron_port_forwarding +{% endif %} +{% if enable_neutron_qos | bool %} + qos: neutron_qos +{% endif %} +{% if enable_neutron_vpnaas | bool %} + vpnaas: neutron_vpn +{% endif %} + keystone_url: {{ skyline_keystone_url }} + nginx_prefix: {{ skyline_nginx_prefix }} + reclaim_instance_interval: {{ skyline_reclaim_instance_interval }} + service_mapping: +{% if enable_ironic | bool %} + baremetal: ironic +{% endif %} +{% if enable_nova | bool %} + compute: nova +{% endif %} +{% if enable_zun | bool %} + container: zun +{% endif %} +{% if enable_magnum | bool %} + container-infra: magnum +{% endif %} +{% if enable_trove | bool %} + database: trove +{% endif %} +{% if enable_keystone | bool %} + identity: keystone +{% endif %} +{% if enable_glance | bool %} + image: glance +{% endif %} +{% if enable_barbican | bool %} + key-manager: barbican +{% endif %} +{% if enable_octavia | bool %} + load-balancer: octavia +{% endif %} +{% if enable_neutron | bool %} + network: neutron +{% endif %} +{% if enable_swift | bool %} + object-store: swift +{% endif %} +{% if enable_heat | bool %} + orchestration: heat +{% endif %} +{% if enable_placement | bool %} + placement: placement +{% endif %} +{% if enable_manila | bool %} + sharev2: manilav2 +{% endif %} +{% if enable_cinder | bool %} + volumev3: cinder +{% endif %} + system_admin_roles: +{% for skyline_system_admin_role in skyline_system_admin_roles %} + - {{ skyline_system_admin_role }} +{% endfor %} + system_project: service + system_project_domain: {{ default_project_domain_name }} + system_reader_roles: +{% for skyline_system_reader_role in skyline_system_reader_roles %} + - {{ skyline_system_reader_role }} +{% endfor %} + system_user_domain: {{ default_user_domain_name }} + system_user_name: skyline + system_user_password: {{ skyline_keystone_password }} diff --git a/ansible/roles/skyline_console/vars/main.yml b/ansible/roles/skyline_console/vars/main.yml new file mode 100644 index 0000000000..1969b04758 --- /dev/null +++ b/ansible/roles/skyline_console/vars/main.yml @@ -0,0 +1,2 @@ +--- +project_name: "skyline" diff --git a/ansible/roles/swift/tasks/start.yml b/ansible/roles/swift/tasks/start.yml index 82771d0f1a..c97d0affaa 100644 --- a/ansible/roles/swift/tasks/start.yml +++ b/ansible/roles/swift/tasks/start.yml @@ -60,6 +60,7 @@ - "{{ node_config_directory }}/swift-account-server/:{{ container_config_directory }}/:ro" - "{{ swift_devices_mount_point }}:{{ swift_devices_mount_point }}:shared" - "/etc/localtime:/etc/localtime:ro" + - "swift_recon_cache:/var/cache/swift" when: inventory_hostname in groups['swift-account-server'] - name: Starting swift-account-auditor container @@ -138,6 +139,7 @@ - "{{ node_config_directory }}/swift-container-server/:{{ container_config_directory }}/:ro" - "{{ swift_devices_mount_point }}:{{ swift_devices_mount_point }}:shared" - "/etc/localtime:/etc/localtime:ro" + - "swift_recon_cache:/var/cache/swift" when: inventory_hostname in groups['swift-container-server'] - name: Starting swift-container-auditor container diff --git a/ansible/roles/swift/templates/proxy-server.conf.j2 b/ansible/roles/swift/templates/proxy-server.conf.j2 index c2544cd0fa..6a3ded7c01 100644 --- a/ansible/roles/swift/templates/proxy-server.conf.j2 +++ b/ansible/roles/swift/templates/proxy-server.conf.j2 @@ -99,5 +99,5 @@ use = egg:swift#s3api [filter:s3token] use = egg:swift#s3token -auth_uri = {{ keystone_internal_url }} +auth_uri = {{ keystone_internal_url }}/v3 {% endif %} diff --git a/ansible/roles/trove/templates/trove.conf.j2 b/ansible/roles/trove/templates/trove.conf.j2 index 22d559ca28..238575dcdb 100644 --- a/ansible/roles/trove/templates/trove.conf.j2 +++ b/ansible/roles/trove/templates/trove.conf.j2 @@ -19,9 +19,9 @@ transport_url = {{ rpc_transport_url }} nova_proxy_admin_pass = {{ trove_keystone_password }} nova_proxy_admin_tenant_name = service nova_proxy_admin_user = trove -remote_nova_client = trove.common.single_tenant_remote.nova_client_trove_admin -remote_cinder_client = trove.common.single_tenant_remote.cinder_client_trove_admin -remote_neutron_client = trove.common.single_tenant_remote.neutron_client_trove_admin +remote_nova_client = trove.common.clients_admin.nova_client_trove_admin +remote_cinder_client = trove.common.clients_admin.cinder_client_trove_admin +remote_neutron_client = trove.common.clients_admin.neutron_client_trove_admin {% endif %} nova_compute_endpoint_type = internalURL diff --git a/ansible/roles/venus/tasks/pull.yml b/ansible/roles/venus/tasks/pull.yml index 5c2d03b7d3..53f9c5fda1 100644 --- a/ansible/roles/venus/tasks/pull.yml +++ b/ansible/roles/venus/tasks/pull.yml @@ -1,11 +1,3 @@ --- -- name: Pulling venus images - become: true - kolla_container: - action: "pull_image" - common_options: "{{ docker_common_options }}" - image: "{{ item.value.image }}" - when: - - inventory_hostname in groups[item.value.group] - - item.value.enabled | bool - with_dict: "{{ venus_services }}" +- import_role: + role: service-images-pull diff --git a/ansible/roles/zookeeper/defaults/main.yml b/ansible/roles/zookeeper/defaults/main.yml new file mode 100644 index 0000000000..24e6ec0f0a --- /dev/null +++ b/ansible/roles/zookeeper/defaults/main.yml @@ -0,0 +1,49 @@ +--- +zookeeper_services: + zookeeper: + container_name: zookeeper + group: zookeeper + enabled: true + image: "{{ zookeeper_image_full }}" + environment: + ZOO_LOG_DIR: /var/log/kolla/zookeeper + ZOO_LOG4J_PROP: "{{ zookeeper_log_settings }}" + volumes: "{{ zookeeper_default_volumes + zookeeper_extra_volumes }}" + dimensions: "{{ zookeeper_dimensions }}" + healthcheck: "{{ zookeeper_healthcheck }}" + + +#################### +# Zookeeper +#################### +zookeeper_log_settings: 'INFO,ROLLINGFILE' + +#################### +# Docker +#################### +zookeeper_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/zookeeper" +zookeeper_tag: "{{ openstack_tag }}" +zookeeper_image_full: "{{ zookeeper_image }}:{{ zookeeper_tag }}" +zookeeper_dimensions: "{{ default_container_dimensions }}" + +zookeeper_enable_healthchecks: "{{ enable_container_healthchecks }}" +zookeeper_healthcheck_interval: "{{ default_container_healthcheck_interval }}" +zookeeper_healthcheck_retries: "{{ default_container_healthcheck_retries }}" +zookeeper_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}" +zookeeper_healthcheck_test: ["CMD-SHELL", "healthcheck_listen java {{ zookeeper_client_port }}"] +zookeeper_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}" +zookeeper_healthcheck: + interval: "{{ zookeeper_healthcheck_interval }}" + retries: "{{ zookeeper_healthcheck_retries }}" + start_period: "{{ zookeeper_healthcheck_start_period }}" + test: "{% if zookeeper_enable_healthchecks | bool %}{{ zookeeper_healthcheck_test }}{% else %}NONE{% endif %}" + timeout: "{{ zookeeper_healthcheck_timeout }}" + +zookeeper_default_volumes: + - "{{ node_config_directory }}/zookeeper/:{{ container_config_directory }}/" + - "/etc/localtime:/etc/localtime:ro" + - "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}" + - "zookeeper:/var/lib/zookeeper/data" + - "kolla_logs:/var/log/kolla/" + +zookeeper_extra_volumes: "{{ default_extra_volumes }}" diff --git a/ansible/roles/zookeeper/handlers/main.yml b/ansible/roles/zookeeper/handlers/main.yml new file mode 100644 index 0000000000..0f86c47ea9 --- /dev/null +++ b/ansible/roles/zookeeper/handlers/main.yml @@ -0,0 +1,17 @@ +--- +- name: Restart zookeeper container + vars: + service_name: "zookeeper" + service: "{{ zookeeper_services[service_name] }}" + become: true + kolla_container: + action: "recreate_or_restart_container" + common_options: "{{ docker_common_options }}" + name: "{{ service.container_name }}" + image: "{{ service.image }}" + environment: "{{ service.environment }}" + volumes: "{{ service.volumes }}" + dimensions: "{{ service.dimensions }}" + healthcheck: "{{ service.healthcheck | default(omit) }}" + when: + - kolla_action != "config" diff --git a/ansible/roles/zookeeper/tasks/check-containers.yml b/ansible/roles/zookeeper/tasks/check-containers.yml new file mode 100644 index 0000000000..2a69ebdd03 --- /dev/null +++ b/ansible/roles/zookeeper/tasks/check-containers.yml @@ -0,0 +1,18 @@ +--- +- name: Check zookeeper containers + become: true + kolla_container: + action: "compare_container" + common_options: "{{ docker_common_options }}" + name: "{{ item.value.container_name }}" + image: "{{ item.value.image }}" + volumes: "{{ item.value.volumes }}" + environment: "{{ item.value.environment }}" + dimensions: "{{ item.value.dimensions }}" + healthcheck: "{{ item.value.healthcheck | default(omit) }}" + when: + - inventory_hostname in groups[item.value.group] + - item.value.enabled | bool + with_dict: "{{ zookeeper_services }}" + notify: + - "Restart {{ item.key }} container" diff --git a/ansible/roles/zookeeper/tasks/check.yml b/ansible/roles/zookeeper/tasks/check.yml new file mode 100644 index 0000000000..ed97d539c0 --- /dev/null +++ b/ansible/roles/zookeeper/tasks/check.yml @@ -0,0 +1 @@ +--- diff --git a/ansible/roles/zookeeper/tasks/config.yml b/ansible/roles/zookeeper/tasks/config.yml new file mode 100644 index 0000000000..f289882432 --- /dev/null +++ b/ansible/roles/zookeeper/tasks/config.yml @@ -0,0 +1,56 @@ +--- +- name: Ensuring config directories exist + file: + path: "{{ node_config_directory }}/{{ item.key }}" + state: "directory" + owner: "{{ config_owner_user }}" + group: "{{ config_owner_group }}" + mode: "0770" + become: true + when: + - inventory_hostname in groups[item.value.group] + - item.value.enabled | bool + with_dict: "{{ zookeeper_services }}" + +- name: Copying over config.json files for services + template: + src: "{{ item.key }}.json.j2" + dest: "{{ node_config_directory }}/{{ item.key }}/config.json" + mode: "0660" + become: true + when: + - inventory_hostname in groups[item.value.group] + - item.value.enabled | bool + with_dict: "{{ zookeeper_services }}" + notify: + - Restart zookeeper container + +- name: Copying over zookeeper configuration + merge_configs: + sources: + - "{{ role_path }}/templates/{{ item.key }}.cfg.j2" + - "{{ node_custom_config }}/{{ item.key }}.cfg" + - "{{ node_custom_config }}/{{ item.key }}/{{ inventory_hostname }}/{{ item.key }}.cfg" + whitespace: False + dest: "{{ node_config_directory }}/{{ item.key }}/{{ item.key }}.cfg" + mode: "0660" + become: true + when: + - inventory_hostname in groups[item.value.group] + - item.value.enabled | bool + with_dict: "{{ zookeeper_services }}" + notify: + - Restart zookeeper container + +- name: Copying over zookeeper instance id + template: + src: "myid.j2" + dest: "{{ node_config_directory }}/{{ item.key }}/myid" + mode: "0660" + become: true + when: + - inventory_hostname in groups[item.value.group] + - item.value.enabled | bool + with_dict: "{{ zookeeper_services }}" + notify: + - Restart zookeeper container diff --git a/ansible/roles/zookeeper/tasks/deploy-containers.yml b/ansible/roles/zookeeper/tasks/deploy-containers.yml new file mode 100644 index 0000000000..eb24ab5c7a --- /dev/null +++ b/ansible/roles/zookeeper/tasks/deploy-containers.yml @@ -0,0 +1,2 @@ +--- +- import_tasks: check-containers.yml diff --git a/ansible/roles/zookeeper/tasks/deploy.yml b/ansible/roles/zookeeper/tasks/deploy.yml new file mode 100644 index 0000000000..49edff81e3 --- /dev/null +++ b/ansible/roles/zookeeper/tasks/deploy.yml @@ -0,0 +1,7 @@ +--- +- import_tasks: config.yml + +- import_tasks: check-containers.yml + +- name: Flush handlers + meta: flush_handlers diff --git a/ansible/roles/zookeeper/tasks/main.yml b/ansible/roles/zookeeper/tasks/main.yml new file mode 100644 index 0000000000..bc5d1e6257 --- /dev/null +++ b/ansible/roles/zookeeper/tasks/main.yml @@ -0,0 +1,2 @@ +--- +- include_tasks: "{{ kolla_action }}.yml" diff --git a/ansible/roles/zookeeper/tasks/precheck.yml b/ansible/roles/zookeeper/tasks/precheck.yml new file mode 100644 index 0000000000..9d28aad265 --- /dev/null +++ b/ansible/roles/zookeeper/tasks/precheck.yml @@ -0,0 +1,29 @@ +--- +- import_role: + name: service-precheck + vars: + service_precheck_services: "{{ zookeeper_services }}" + service_name: "{{ project_name }}" + +- name: Get container facts + become: true + kolla_container_facts: + container_engine: "{{ kolla_container_engine }}" + name: + - zookeeper + register: container_facts + +- name: Checking zookeeper ports are available + wait_for: + host: "{{ api_interface_address }}" + port: "{{ item }}" + connect_timeout: 1 + timeout: 1 + state: stopped + with_items: + - "{{ zookeeper_client_port }}" + - "{{ zookeeper_peer_port }}" + - "{{ zookeeper_quorum_port }}" + when: + - container_facts['zookeeper'] is not defined + - inventory_hostname in groups['zookeeper'] diff --git a/ansible/roles/zookeeper/tasks/pull.yml b/ansible/roles/zookeeper/tasks/pull.yml new file mode 100644 index 0000000000..53f9c5fda1 --- /dev/null +++ b/ansible/roles/zookeeper/tasks/pull.yml @@ -0,0 +1,3 @@ +--- +- import_role: + role: service-images-pull diff --git a/ansible/roles/zookeeper/tasks/reconfigure.yml b/ansible/roles/zookeeper/tasks/reconfigure.yml new file mode 100644 index 0000000000..5b10a7e111 --- /dev/null +++ b/ansible/roles/zookeeper/tasks/reconfigure.yml @@ -0,0 +1,2 @@ +--- +- import_tasks: deploy.yml diff --git a/ansible/roles/zookeeper/tasks/stop.yml b/ansible/roles/zookeeper/tasks/stop.yml new file mode 100644 index 0000000000..1f2a10437e --- /dev/null +++ b/ansible/roles/zookeeper/tasks/stop.yml @@ -0,0 +1,6 @@ +--- +- import_role: + name: service-stop + vars: + project_services: "{{ zookeeper_services }}" + service_name: "{{ project_name }}" diff --git a/ansible/roles/zookeeper/tasks/upgrade.yml b/ansible/roles/zookeeper/tasks/upgrade.yml new file mode 100644 index 0000000000..49edff81e3 --- /dev/null +++ b/ansible/roles/zookeeper/tasks/upgrade.yml @@ -0,0 +1,7 @@ +--- +- import_tasks: config.yml + +- import_tasks: check-containers.yml + +- name: Flush handlers + meta: flush_handlers diff --git a/ansible/roles/zookeeper/templates/myid.j2 b/ansible/roles/zookeeper/templates/myid.j2 new file mode 100644 index 0000000000..7013873cce --- /dev/null +++ b/ansible/roles/zookeeper/templates/myid.j2 @@ -0,0 +1,5 @@ +{% for host in groups['zookeeper'] -%} +{% if hostvars[host].ansible_facts.hostname == ansible_facts.hostname -%} +{{ loop.index }} +{%- endif %} +{%- endfor %} diff --git a/ansible/roles/zookeeper/templates/zookeeper.cfg.j2 b/ansible/roles/zookeeper/templates/zookeeper.cfg.j2 new file mode 100644 index 0000000000..c0a8a52e50 --- /dev/null +++ b/ansible/roles/zookeeper/templates/zookeeper.cfg.j2 @@ -0,0 +1,8 @@ +tickTime=2000 +initLimit=10 +syncLimit=5 +dataDir=/var/lib/zookeeper/data +clientPort={{ zookeeper_client_port }} +{% for host in groups['zookeeper'] %} +server.{{ loop.index }}={{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ zookeeper_peer_port }}:{{ zookeeper_quorum_port }} +{% endfor %} diff --git a/ansible/roles/zookeeper/templates/zookeeper.json.j2 b/ansible/roles/zookeeper/templates/zookeeper.json.j2 new file mode 100644 index 0000000000..9d9d609901 --- /dev/null +++ b/ansible/roles/zookeeper/templates/zookeeper.json.j2 @@ -0,0 +1,29 @@ +{ + "command": "/opt/zookeeper/bin/zkServer.sh start-foreground /etc/zookeeper/conf/zoo.cfg", + "config_files": [ + { + "source": "{{ container_config_directory }}/myid", + "dest": "/var/lib/zookeeper/data/myid", + "owner": "zookeeper", + "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/zookeeper.cfg", + "dest": "/etc/zookeeper/conf/zoo.cfg", + "owner": "zookeeper", + "perm": "0600" + } + ], + "permissions": [ + { + "path": "/var/lib/zookeeper", + "owner": "zookeeper:zookeeper", + "recurse": true + }, + { + "path": "/var/log/kolla/zookeeper", + "owner": "zookeeper:zookeeper", + "recurse": true + } + ] +} diff --git a/ansible/roles/zookeeper/vars/main.yml b/ansible/roles/zookeeper/vars/main.yml new file mode 100644 index 0000000000..e0da94acf3 --- /dev/null +++ b/ansible/roles/zookeeper/vars/main.yml @@ -0,0 +1,2 @@ +--- +project_name: "zookeeper" diff --git a/ansible/site.yml b/ansible/site.yml index 04167fc9ef..8ac52c1026 100644 --- a/ansible/site.yml +++ b/ansible/site.yml @@ -39,6 +39,7 @@ - enable_influxdb_{{ enable_influxdb | bool }} - enable_ironic_{{ enable_ironic | bool }} - enable_iscsid_{{ enable_iscsid | bool }} + - enable_kafka_{{ enable_kafka | bool }} - enable_keystone_{{ enable_keystone | bool }} - enable_kuryr_{{ enable_kuryr | bool }} - enable_letsencrypt_{{ enable_letsencrypt | bool }} @@ -75,6 +76,8 @@ - enable_vitrage_{{ enable_vitrage | bool }} - enable_watcher_{{ enable_watcher | bool }} - enable_zun_{{ enable_zun | bool }} + - enable_zookeeper_{{ enable_zookeeper | bool }} + - enable_dingo_command_{{ enable_dingo_command | bool }} tags: always - name: Apply role prechecks @@ -297,11 +300,6 @@ tasks_from: loadbalancer tags: senlin when: enable_senlin | bool - - include_role: - name: skyline - tasks_from: loadbalancer - tags: skyline - when: enable_skyline | bool - include_role: name: solum tasks_from: loadbalancer @@ -346,6 +344,39 @@ - enable_haproxy | bool - kolla_action in ['deploy', 'reconfigure', 'upgrade', 'config'] +- name: Apply dingo-command loadbalancer + gather_facts: false + hosts: + - loadbalancer + - '&enable_loadbalancer_True' + serial: '{{ kolla_serial|default("0") }}' + tags: + - haproxy + - keepalived + - loadbalancer + roles: + - { role: loadbalancer } + tasks: + - block: + - include_role: + name: dingo-command + tasks_from: loadbalancer + tags: dingo-command + when: enable_dingo_command | bool + - include_role: + name: dingo-bear + tasks_from: loadbalancer + tags: dingo-bear + when: enable_dingo_command | bool + - include_role: + name: skyline + tasks_from: loadbalancer + tags: skyline + when: enable_skyline | bool + when: + - enable_haproxy | bool + - kolla_action in ['deploy', 'reconfigure', 'config'] + - name: Apply role letsencrypt gather_facts: false hosts: @@ -366,6 +397,16 @@ - { role: collectd, tags: collectd } +- name: Apply role zookeeper + gather_facts: false + hosts: + - zookeeper + - '&enable_zookeeper_True' + serial: '{{ kolla_serial|default("0") }}' + roles: + - { role: zookeeper, + tags: zookeeper } + - name: Apply role influxdb gather_facts: false hosts: @@ -422,6 +463,7 @@ - prometheus-alertmanager - prometheus-openstack-exporter - prometheus-elasticsearch-exporter + - prometheus-pushgateway - prometheus-blackbox-exporter - prometheus-libvirt-exporter - '&enable_prometheus_True' @@ -482,6 +524,16 @@ - { role: opensearch, tags: opensearch } +- name: Apply role kafka + gather_facts: false + hosts: + - kafka + - '&enable_kafka_True' + serial: '{{ kolla_serial|default("0") }}' + roles: + - { role: kafka, + tags: kafka } + - name: Apply role swift gather_facts: false hosts: @@ -981,3 +1033,32 @@ roles: - { role: skyline, tags: skyline } + +- name: Apply role skyline + gather_facts: false + hosts: + - skyline + - '&enable_skyline_True' + serial: '{{ kolla_serial|default("0") }}' + roles: + - { role: skyline_console, + tags: skyline_console } + +- name: Apply role dingo-command + gather_facts: false + hosts: + - dingo-command + - '&enable_skyline_True' + serial: '{{ kolla_serial|default("0") }}' + roles: + - { role: dingo-command, + tags: dingo-command } + +- name: Apply role dingo-command + gather_facts: false + hosts: + - dingo-command + serial: '{{ kolla_serial|default("0") }}' + roles: + - { role: dingo-command, + tags: dingo-bear } diff --git a/doc/source/admin/index.rst b/doc/source/admin/index.rst index f668312514..eb259951c1 100644 --- a/doc/source/admin/index.rst +++ b/doc/source/admin/index.rst @@ -12,3 +12,4 @@ Admin Guides etcd production-architecture-guide deployment-philosophy + password-rotation diff --git a/doc/source/admin/password-rotation.rst b/doc/source/admin/password-rotation.rst new file mode 100644 index 0000000000..0e43c6f88f --- /dev/null +++ b/doc/source/admin/password-rotation.rst @@ -0,0 +1,295 @@ +================= +Password Rotation +================= + +This guide describes how to change the internal secrets from ``passwords.yml`` +used by Kolla-Ansible. It does not cover every possible ``passwords.yml`` +variable, only the most common ones. + +.. warning:: + + Always back up your ``passwords.yml`` file before making any changes. + Otherwise, it is easy to make unrecoverable mistakes. + +.. warning:: + + This guide relies on recent changes to Kolla and Kolla-Ansible. You may + encounter errors if applying this guide to older deployments. It is + recommended that you update your containers and kolla-ansible to the latest + available versions before proceeding. + +Regenerating secrets +-------------------- + +Passwords can be quickly re-generated using ``kolla-genpwd``. + +Assuming an existing ``/etc/kolla/passwords.yml`` file, make a backup: + +.. code-block:: bash + + cp /etc/kolla/passwords.yml ./passwords.yml.bak + +Edit the ``passwords.yml`` file to remove the password strings for any secrets +that need to be regenerated i.e. change ``foo: "bar"`` to ``foo:``. + +Regenerate the removed passwords: + +.. code-block:: bash + + kolla-genpwd -p /etc/kolla/passwords.yml + +Applying regenerated secrets +---------------------------- + +The majority of the secrets can be applied by simply reconfiguring services +with ``kolla-ansible reconfigure``. Below is a list of secrets that can be +applied this way. + + +* ``*_keystone_password`` +* ``*_database_password`` (excluding ``nova_database_password``) +* ``*_ssh_key`` (excluding ``kolla_ssh_key``) +* ``keystone_admin_password`` +* ``designate_rndc_key`` +* ``keepalived_password`` +* ``libvirt_sasl_password`` +* ``metadata_secret`` +* ``opensearch_dashboards_password`` +* ``osprofiler_secret`` +* ``prometheus_alertmanager_password`` +* ``qdrouterd_password`` +* ``redis_master_password`` + +It is possible to change more secrets however some require manual steps. The +manual steps vary depending on the secret. They are listed below in the order +they should be applied if they are to be changed at the same time. Once all +manual steps are complete, reconfigure services (``kolla-ansible +reconfigure``). + +For simplicity, this guide assumes Docker is being used. The same commands +should also work for Podman deployments by replacing instances of ``docker`` +with ``podman`` in all relevant commands. + +Kolla SSH key +^^^^^^^^^^^^^ +There is currently no mechanism within Kolla-Ansible to rotate +``kolla_ssh_key``. It is however a relatively simple task to perform using a +standard Ansible playbook, or can be performed by hand on smaller deployments. + +Horizon Secret Key +^^^^^^^^^^^^^^^^^^ +The Horizon secret key (``horizon_secret_key``) is unique because it explicitly +supports rotation. In reality, it is a Django secret key, and is used for +cryptographic signing e.g. generating password recovery links. To minimise user +impact, it is possible to set two secret keys at once. The new one will be used +for generating new artifacts, while the old one will still be accepted for +existing artifacts. + +Take note of the old password, generate a new one, and take note of it as well. + +Add it to the ``passwords.yml`` file, along with the old secret, in this +exact format (including quotes in the middle): + +.. code:: bash + + horizon_secret_key: newsecret' 'oldsecret + +It is important to remember to remove the old key and reconfigure services +again, after all old artifacts have expired e.g. after approximately one to two +weeks. + +Grafana Admin Password +^^^^^^^^^^^^^^^^^^^^^^ +The Grafana admin password (``grafana_admin_password``) must be rotated +manually. + +#. Generate a new Grafana Admin password. + +#. Replace the old password in ``passwords.yml``. + +#. Exec into any Grafana container: + + .. code:: bash + + docker exec -it grafana bash + +#. Run the password reset command, then enter the new password: + + .. code:: bash + + grafana-cli admin reset-admin-password --password-from-stdin + +Database Password +^^^^^^^^^^^^^^^^^ +The database administrator password (``database_password``) must be rotated +manually. + +#. Generate a new database password. + +#. Replace the old password in ``passwords.yml``, take note of both the old and + new passwords. + +#. SSH to a host running a MariaDB container. + +#. Exec into the MariaDB container: + + .. code-block:: bash + + docker exec -it mariadb bash + +#. Log in to the database. You will be prompted for the password. Use the + old value of ``database_password``: + + .. code:: bash + + mysql --batch -uroot -p + +#. Check the current state of the ``root`` user: + + .. code:: bash + + SELECT Host,User,Password FROM mysql.user WHERE User='root'; + +#. Update the password for the ``root`` user: + + .. code:: bash + + SET PASSWORD FOR 'root'@'%' = PASSWORD('newpassword'); + +#. Check that the password hash has changed in the user list: + + .. code:: bash + + SELECT Host,User,Password FROM mysql.user WHERE User='root'; + +#. If there are any remaining root users with the old password e.g. + ``root@localhost``, change the password for them too. + +Nova Database Password +^^^^^^^^^^^^^^^^^^^^^^ +The nova database admin user password (``nova_database_password``) must be +rotated manually. + +.. warning:: + + From this point onward, API service may be disrupted. + +#. Generate a new Nova database password. + +#. Replace the old password in ``passwords.yml``. + +#. Exec into the ``nova_conductor`` container: + + .. code:: bash + + docker exec -it nova_conductor bash + +#. List the cells: + + .. code:: bash + + nova-manage cell_v2 list_cells --verbose + +#. Find the entry for ``cell0``, copy the Database Connection value, + replace the password in the string with the new value, and update it + with the following command: + + .. code:: bash + + nova-manage cell_v2 update_cell --cell_uuid 00000000-0000-0000-0000-000000000000 --database_connection "CONNECTION WITH NEW PASSWORD HERE" --transport-url "none:///" + + (If the ``cell_uuid`` for ``cell0`` is not + ``00000000-0000-0000-0000-000000000000``, change the above command + accordingly) + +Heat Domain Admin Password +^^^^^^^^^^^^^^^^^^^^^^^^^^ +The keystone password for the heat domain admin service user +(``heat_domain_admin_password``) must be rotated manually. + +It can be changed by an administrator just like any other standard OpenStack +user password. Generate a new password, replace the old password in +``passwords.yml``, then apply the change manually: + +.. code-block:: bash + + openstack user set --password heat_domain_admin --domain heat_user_domain + +RabbitMQ Secrets +^^^^^^^^^^^^^^^^ +RabbitMQ uses two main secrets. An Erlang cookie for cluster membership +(``rabbitmq_cluster_cookie``), and a RabbitMQ management user password +(``rabbitmq_password``). There is currently no documented process for +seamlessly rotating these secrets. Many OpenStack services use RabbitMQ for +communication and reconfiguring them with the new credentials can take some +time, resulting in a relatively long API outage. + +It is recommended that you stop all services, then stop and destroy the +RabbitMQ containers and volumes. Because the RabbitMQ containers are destroyed, +``kolla-ansible deploy`` should be used to restart services rather than +``kolla-ansible reconfigure``. Detailed steps are listed below: + +#. Generate a new ``rabbitmq_cluster_cookie`` and ``rabbitmq_password``. + +#. Replace the old values in ``passwords.yml``. + +#. Stop OpenStack services: + + .. code-block:: bash + + kolla-ansible -i inventory stop + +#. On each node running RabbitMQ, destroy its containers and volumes: + + .. code-block:: bash + + docker stop rabbitmq + docker rm rabbitmq + docker volume rm rabbitmq + +#. Redeploy services: + + .. code-block:: bash + + kolla-ansible -i inventory deploy + +Post-redeploy changes +^^^^^^^^^^^^^^^^^^^^^ +Once services have been redeployed, the existing Memcached data should be +flushed. The old Memcached password will no longer be used so any data stored +using it will be inaccessible. + +The instructions below must be run from a host that has access to the network +the Memcached containers are using. If you are not sure, run them from a host +that is running Memcached. + +#. Install a telnet client: + + .. code-block:: bash + + apt/dnf install telnet + +#. Check the config for the IP and port used by Memcached (on every host + running Memcached): + + .. code:: bash + + sudo grep command /etc/kolla/memcached/config.json + + The IP and port will be printed after ``-l`` and ``-p`` respectively + +#. For each container start a Telnet session, clear all data, then + exit: + + .. code:: bash + + telnet + flush_all + quit + +Known out-of-scope secrets +-------------------------- +Below is a list of passwords that are known to be outside the scope of this +guide. + +* ``docker_registry_password`` - kolla-ansible cannot manage docker registries. diff --git a/doc/source/admin/production-architecture-guide.rst b/doc/source/admin/production-architecture-guide.rst index e5cd896f9c..7aa2d7e074 100644 --- a/doc/source/admin/production-architecture-guide.rst +++ b/doc/source/admin/production-architecture-guide.rst @@ -78,12 +78,6 @@ In Kolla operators should configure following network interfaces: with the bare metal cloud hosts in order to provide DHCP leases with PXE boot options. Defaults to ``network_interface``. -.. warning:: - - Ansible facts does not recognize interface names containing dashes, - in example ``br-ex`` or ``bond-0`` cannot be used because ansible will read - them as ``br_ex`` and ``bond_0`` respectively. - .. _address-family-configuration: Address family configuration (IPv4/IPv6) diff --git a/doc/source/conf.py b/doc/source/conf.py index 8458c96278..b9e9700946 100644 --- a/doc/source/conf.py +++ b/doc/source/conf.py @@ -117,14 +117,26 @@ # Global variables # For replacement, use in docs as |VAR_NAME| (note there's no space around variable name) -# When adding new variables, make sure you add them to GLOBAL_VARIABLE_MAP dictionary as well +# When adding new variables, that you want to use in documentation, make sure you add +# them to GLOBAL_VARIABLE_MAP dictionary as well. KOLLA_OPENSTACK_RELEASE_UNMAINTAINED is +# used only to denote unmaintained branches, and it is not intended to be used for +# replacing anything in documentation. KOLLA_OPENSTACK_RELEASE = openstackdocstheme.ext._get_series_name() +KOLLA_OPENSTACK_RELEASE_UNMAINTAINED = [ + 'yoga', + 'zed', +] + if KOLLA_OPENSTACK_RELEASE == 'latest': KOLLA_OPENSTACK_RELEASE = 'master' KOLLA_BRANCH_NAME = 'master' TESTED_RUNTIMES_GOVERNANCE_URL = 'https://governance.openstack.org/tc/reference/runtimes/' +elif KOLLA_OPENSTACK_RELEASE in KOLLA_OPENSTACK_RELEASE_UNMAINTAINED: + KOLLA_BRANCH_NAME = 'unmaintained/{}'.format(KOLLA_OPENSTACK_RELEASE) + TESTED_RUNTIMES_GOVERNANCE_URL =\ + 'https://governance.openstack.org/tc/reference/runtimes/{}.html'.format(KOLLA_OPENSTACK_RELEASE) else: KOLLA_BRANCH_NAME = 'stable/{}'.format(KOLLA_OPENSTACK_RELEASE) TESTED_RUNTIMES_GOVERNANCE_URL =\ diff --git a/doc/source/reference/bare-metal/ironic-guide.rst b/doc/source/reference/bare-metal/ironic-guide.rst index 3ae418e2f2..228065c90c 100644 --- a/doc/source/reference/bare-metal/ironic-guide.rst +++ b/doc/source/reference/bare-metal/ironic-guide.rst @@ -42,6 +42,16 @@ are possible by separating addresses with commas): - range: "192.168.5.100,192.168.5.110" routers: "192.168.5.1" +Together with an router there can be provided the NTP (time source) server. +For example it can be the same address as default router for the range: + +.. code-block:: yaml + + ironic_dnsmasq_dhcp_ranges: + - range: "192.168.5.100,192.168.5.110" + routers: "192.168.5.1" + ntp_server: "192.168.5.1" + To support DHCP relay, it is also possible to define a netmask in the range. It is advisable to also provide a router to allow the traffic to reach the Ironic server. @@ -148,6 +158,49 @@ variable ``ironic_enable_keystone_integration`` to ``"yes"`` ironic_enable_keystone_integration: "yes" +Avoiding problems with high availability +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. note:: + + This section assumes that you have not yet deployed the Nova Compute + Ironic service. If you have already deployed multiple instances of the + service and have one or more baremetal nodes registered, the following + operations are non-trivial. You will likely have to use the `nova-manage` + command (or pre-Caracal edit the DB) to ensure that all Ironic nodes + are registered with a single Nova Compute Ironic instance. This is + an advanced subject and is not covered here. Stop now if you don't + know what you are doing. + +Nova Compute Ironic HA is known to be unstable. Pending a better solution, +a workaround is to avoid the feature by running a single Nova Compute Ironic +instance. For example: + +.. code-block:: diff + + - [nova-compute-ironic:children] + - nova + + [nova-compute-ironic] + + controller1 + +If you choose to do this, it is helpful to pin the service host name +to a 'synthetic' constant. This means that if you need to re-deploy the +service to another host, the Ironic nodes will automatically use the new +service instance. Otherwise you will need to manually move active Ironic nodes +to the new service, with either the `nova-manage` CLI, or pre-Caracal, by +editing the Nova database. + +The config option to pin the host name is `nova_compute_ironic_custom_host` +and must be set as a group or host var. Note that, unless you know what you +are doing, you must not change or set this option if you have already deployed +Ironic nodes. + +This config option is also useful for Ironic Shards. Whilst these are not +explicitly supported by Kolla Ansible, some further information can be found +`here `__. + +Note that Ironic HA is not affected, and continues to work as normal. + Deployment ~~~~~~~~~~ Run the deploy as usual: diff --git a/doc/source/reference/compute/masakari-guide.rst b/doc/source/reference/compute/masakari-guide.rst index 429e1a9c86..51dd4fd64b 100644 --- a/doc/source/reference/compute/masakari-guide.rst +++ b/doc/source/reference/compute/masakari-guide.rst @@ -19,8 +19,3 @@ which are the main Masakari components only if ``enable_masakari`` is set in Masakari Instance Monitor containers are enabled. The deployment of each type of monitors can be controlled individually via ``enable_masakari_instancemonitor`` and ``enable_masakari_hostmonitor``. - -.. note:: - Support for deploying Masakari has been deprecated in the 2023.2 (Bobcat) - release due to failures in the CI and lack of contributors working on - fixing this. diff --git a/doc/source/reference/logging-and-monitoring/central-logging-guide.rst b/doc/source/reference/logging-and-monitoring/central-logging-guide.rst index 34b265a40d..0ccb5f7545 100644 --- a/doc/source/reference/logging-and-monitoring/central-logging-guide.rst +++ b/doc/source/reference/logging-and-monitoring/central-logging-guide.rst @@ -34,6 +34,50 @@ By default OpenSearch is deployed on port ``9200``. ``opensearch`` to store the data of OpenSearch. The path can be set via the variable ``opensearch_datadir_volume``. +Applying log retention policies +------------------------------- + +To stop your disks filling up, the Index State Management plugin for +OpenSearch can be used to define log retention policies. A default +retention policy is applied to all indicies which match the +``opensearch_log_index_prefix``. This policy first closes old indicies, +and then eventually deletes them. It can be customised via the following +variables: + +- ``opensearch_apply_log_retention_policy`` +- ``opensearch_soft_retention_period_days`` +- ``opensearch_hard_retention_period_days`` + +By default the soft and hard retention periods are 30 and 60 days +respectively. If you are upgrading from ElasticSearch, and have previously +configured ``elasticsearch_curator_soft_retention_period_days`` or +``elasticsearch_curator_hard_retention_period_days``, those variables will +be used instead of the defaults. You should migrate your configuration to +use the new variable names before the Caracal release. + +Advanced users may wish to customise the retention policy, which +is possible by overriding ``opensearch_retention_policy`` with +a valid policy. See the `Index Management plugin documentation `__ +for further details. + +Updating log retention policies +------------------------------- + +By design, Kolla Ansible will NOT update an existing retention +policy in OpenSearch. This is to prevent policy changes that may have +been made via the OpenSearch Dashboards UI, or external tooling, +from being wiped out. + +There are three options for modifying an existing policy: + +1. Via the OpenSearch Dashboards UI. See the `Index Management plugin documentation `__ +for further details. + +2. Via the OpenSearch API using external tooling. + +3. By manually removing the existing policy via the OpenSearch Dashboards + UI (or API), before re-applying the updated policy with Kolla Ansible. + OpenSearch Dashboards ~~~~~~~~~~~~~~~~~~~~~ diff --git a/doc/source/reference/logging-and-monitoring/prometheus-guide.rst b/doc/source/reference/logging-and-monitoring/prometheus-guide.rst index cc2f632988..b8e040847d 100644 --- a/doc/source/reference/logging-and-monitoring/prometheus-guide.rst +++ b/doc/source/reference/logging-and-monitoring/prometheus-guide.rst @@ -102,7 +102,7 @@ following: static_configs: - targets: {% for host in groups['prometheus'] %} - - '{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ 3456 }}' + - '{{ hostvars[host][('ansible_' + hostvars[host]['api_interface'] | replace('-','_'))]['ipv4']['address'] }}:{{ 3456 }}' {% endfor %} The jobs, ``custom``, and ``custom_template`` would be appended to the default diff --git a/doc/source/reference/message-queues/rabbitmq.rst b/doc/source/reference/message-queues/rabbitmq.rst index 5652d958f7..af839a3f7b 100644 --- a/doc/source/reference/message-queues/rabbitmq.rst +++ b/doc/source/reference/message-queues/rabbitmq.rst @@ -122,8 +122,8 @@ RabbitMQ offers two options to configure HA: There are some queue types which are intentionally not mirrored using the exclusionary pattern ``^(?!(amq\\.)|(.*_fanout_)|(reply_)).*``. -After enabling this value on a running system, there are some additional steps -needed to migrate from transient to durable queues. +After enabling one of these values on a running system, there are some +additional steps needed to migrate from transient to durable queues. .. warning:: @@ -143,7 +143,8 @@ needed to migrate from transient to durable queues. kolla-ansible genconfig -3. Reconfigure RabbitMQ. +3. Reconfigure RabbitMQ if you are using + ``om_enable_rabbitmq_high_availability``. .. code-block:: console @@ -162,3 +163,50 @@ needed to migrate from transient to durable queues. .. code-block:: console kolla-ansible deploy --tags + +SLURP +~~~~~ + +RabbitMQ has two major version releases per year but does not support jumping +two versions in one upgrade. So if you want to perform a skip-level upgrade, +you must first upgrade RabbitMQ to an intermediary version. To do this, Kolla +provides multiple RabbitMQ versions in the odd OpenStack releases. To use the +upgrade from Antelope to Caracal as an example, we start on RabbitMQ version +3.11. In Antelope, you should upgrade to RabbitMQ version 3.12 with the command +below. You can then proceed with the usual SLURP upgrade to Caracal (and +therefore RabbitMQ version 3.13). + +.. warning:: + + This command should be run from the Antelope release. + + Note that this command is NOT idempotent. See "RabbitMQ versions" below for + an alternative approach. + +.. code-block:: console + + kolla-ansible rabbitmq-upgrade 3.12 + +RabbitMQ versions +~~~~~~~~~~~~~~~~~ + +Alternatively, you can set ``rabbitmq_image`` in your configuration +``globals.yml`` for idempotence in deployments. As an example, Kolla ships +versions 3.11, 3.12 and 3.13 of RabbitMQ in Antelope. By default, Antelope +Kolla-Ansible will deploy version 3.11. If you wish to deploy a later version, +you must override the image. if you want to use version 3.12 change +``rabbitmq_image`` in ``globals.yml`` as follows: + +.. code-block:: yaml + + rabbitmq_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/rabbitmq-3-12" + +You can then upgrade RabbitMQ with the usual command: + +.. code-block:: console + + kolla-ansible upgrade --tags rabbitmq + +Note again that RabbitMQ does not support upgrades between more than one major +version, so if you wish to upgrade to version 3.13 you must first upgrade to +3.12. diff --git a/doc/source/reference/networking/neutron-extensions.rst b/doc/source/reference/networking/neutron-extensions.rst index 8a8dbab05a..4c436d0fb8 100644 --- a/doc/source/reference/networking/neutron-extensions.rst +++ b/doc/source/reference/networking/neutron-extensions.rst @@ -23,6 +23,26 @@ For setting up a testbed environment and creating a port chain, please refer to :networking-sfc-doc:`networking-sfc documentation `. +Neutron FWaaS (Firewall-as-a-Service) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Preparation and deployment +-------------------------- + +.. warning:: + + FWaaS has currently no support for OVN. + +Modify the ``/etc/kolla/globals.yml`` file as the following example shows: + +.. code-block:: yamlAdd commentMore actions + + enable_neutron_fwaas: "yes" + +For more information on FWaaS in Neutron refer to the +:neutron-doc:`Neutron FWaaS docs `. + + Neutron VPNaaS (VPN-as-a-Service) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/doc/source/reference/networking/octavia.rst b/doc/source/reference/networking/octavia.rst index 72d2a04432..53f266065f 100644 --- a/doc/source/reference/networking/octavia.rst +++ b/doc/source/reference/networking/octavia.rst @@ -437,6 +437,24 @@ Add ``octavia_network_type`` to ``globals.yml`` and set the value to ``tenant`` Next,follow the deployment instructions as normal. +Failure handling +---------------- + +On large deployments, where neutron-openvswitch-agent sync could takes +more then 5 minutes, you can get an error on octavia-interface.service +systemd unit, because it can't wait either o-hm0 interface is already +attached to br-int, or octavia management VxLAN is already configured +on that host. In this case you have to add ``octavia_interface_wait_timeout`` +to ``globals.yml`` and set the value to new timeout in seconds + +.. code-block:: yaml + + octavia_interface_wait_timeout: 1800 + +On deployments with up to 2500 network ports per network node sync process +could take up to 30mins. But you have to consider this value according +to your deployment size. + OVN provider ============ diff --git a/doc/source/reference/orchestration-and-nfv/tacker-guide.rst b/doc/source/reference/orchestration-and-nfv/tacker-guide.rst index 177d0a9731..78fdf4821b 100644 --- a/doc/source/reference/orchestration-and-nfv/tacker-guide.rst +++ b/doc/source/reference/orchestration-and-nfv/tacker-guide.rst @@ -17,7 +17,6 @@ to be enabled to operate correctly. * Core compute stack (nova, neutron, glance, etc) * Heat -* Mistral + Redis * Barbican (Required only for multinode) Optionally tacker supports the following services and features. @@ -43,8 +42,6 @@ In order to enable them, you need to edit the file enable_tacker: "yes" enable_barbican: "yes" - enable_mistral: "yes" - enable_redis: "yes" .. warning:: @@ -87,11 +84,6 @@ create a very basic VNF from a cirros image in ``demo-net`` network. Install python-tackerclient. -.. note:: - - Barbican, heat and mistral python clients are in tacker's - requirements and will be installed as dependency. - .. code-block:: console $ pip install python-tackerclient diff --git a/doc/source/user/operating-kolla.rst b/doc/source/user/operating-kolla.rst index 5e1846e5f9..ad96fe7b1d 100644 --- a/doc/source/user/operating-kolla.rst +++ b/doc/source/user/operating-kolla.rst @@ -56,6 +56,16 @@ deployment. Limitations and Recommendations ------------------------------- +.. warning:: + + Please notice that using the ansible ``--limit`` option is not recommended. + The reason is, that there are known bugs with it, e.g. when `upgrading parts of nova. + `__ + We accept bug reports for this and try to fix issues when they are known. + The core problem is how the ``register:`` keyword works and how it + interacts with the ``--limit`` option. You can find more information in the above + bug report. + .. note:: Please note that when the ``use_preconfigured_databases`` flag is set to @@ -68,24 +78,6 @@ Limitations and Recommendations ``ceph_nova_keyring: ceph.client.nova.keyring`` and ``ceph_nova_user: nova`` in ``/etc/kolla/globals.yml`` -Ubuntu Jammy 22.04 ------------------- - -The Zed release adds support for Ubuntu Jammy 22.04 as a host operating -system. Ubuntu Jammy 22.04 support will also be addeed to a Yoga stable -release. Ubuntu Focal 20.04 users upgrading from Yoga should first upgrade -OpenStack containers to Zed, which uses the Ubuntu Jammy 22.04 base container -image. Hosts should then be upgraded to Ubuntu Jammy 22.04. - -CentOS Stream 8 ---------------- - -The Wallaby release adds support for CentOS Stream 8 as a host operating -system. CentOS Stream 8 support will also be added to a Victoria stable -release. CentOS Linux users upgrading from Victoria should first migrate hosts -and container images from CentOS Linux to CentOS Stream before upgrading to -Wallaby. - Preparation (the foreword) -------------------------- @@ -177,6 +169,16 @@ issues: At a convenient time, the upgrade can now be run. +SLURP extra preparations +++++++++++++++++++++++++ + +RabbitMQ has two major version releases per year but does not support jumping +two versions in one upgrade. So if you want to perform a skip-level upgrade, +you must first upgrade RabbitMQ to an intermediary version. Please see the +`RabbitMQ SLURP section +`__ +for details. + Perform the Upgrade ------------------- diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml index 92d1d7147a..1401f09290 100644 --- a/etc/kolla/globals.yml +++ b/etc/kolla/globals.yml @@ -24,13 +24,44 @@ # Dummy variable to allow Ansible to accept this file. workaround_ansible_issue_8743: yes -# This variable is used as "any_errors_fatal" setting for the setup (gather -# facts) plays. -# This is useful for weeding out failing hosts early to avoid late failures -# due to missing facts (especially cross-host). -# Do note this still supports host fact caching and it will not affect -# scenarios with all facts cached (as there is no task to fail). -#kolla_ansible_setup_any_errors_fatal: false +################## +#dingo-command options +################## +bigscreen_prometheus_query_url: "http://prometheus.zetyun.cn:80/api/v1/" +#aliyun_dingodb_host: "" +#aliyun_dingodb_port: 3307 +#aliyun_dingodb_user: "" +#aliyun_dingodb_read_user: "" +#aliyun_dingodb_password: "" +#aliyun_dingodb_read_password: "" +#aliyun_dingodb_report_database: "" + +ceph_keyring_content: "AQDGGBxo1+6EAxAAPtO87F7AtDfsmQVmVYLVbw==" +dingo_command_ceph_fsid: "7e4c0eda-02e0-11ef-bedf-e4434b2ce110" +dingo_command_ceph_mon_hosts: + - "[v2:10.220.8.46:3300/0,v1:10.220.8.46:6789/0]" + - "[v2:10.220.8.47:3300/0,v1:10.220.8.47:6789/0]" + - "[v2:10.220.8.48:3300/0,v1:10.220.8.48:6789/0]" + - "[v2:10.220.8.45:3300/0,v1:10.220.8.45:6789/0]" + - "[v2:10.220.8.44:3300/0,v1:10.220.8.44:6789/0]" +dingo_command_ceph_mon_name: "sd-ceph01" +dingo_command_ceph_public_network: "10.220.8.0/22" + +dingo_command_ceph_mon_addresses: "10.220.8.46:6789,10.220.8.47:6789,10.220.8.48:6789" +dingo_command_ceph_client_name: "dingoops-hdd-fs" +dingo_command_ceph_mds_namespace: "dingoops-cephfs-hdd" +dingo_command_ceph_mount_path: "/var/lib/dingo-command" +dingo_command_ceph_fs_name: "/dingoops-test" + + + + +#dingo_command_keystone_user: "" +#dingo_command_keystone_password: "" + +#dingo_command_database_password: "" +################## + ############### # Kolla options @@ -42,7 +73,7 @@ workaround_ansible_issue_8743: yes #kolla_base_distro: "rocky" # Do not override this unless you know what you are doing. -#openstack_release: "master" +#openstack_release: "2023.2" # Docker image tag used by default. #openstack_tag: "{{ openstack_release ~ openstack_tag_suffix }}" @@ -354,7 +385,8 @@ workaround_ansible_issue_8743: yes #enable_horizon: "{{ enable_openstack_core | bool }}" #enable_horizon_blazar: "{{ enable_blazar | bool }}" #enable_horizon_cloudkitty: "{{ enable_cloudkitty | bool }}" -#enable_horizon_designate: "{{ enable_designate | bool }}" +#enable_horizon_fwaas: "{{ enable_neutron_fwaas | bool }}" +#enable_horizon_fwaas: "{{ enable_neutron_fwaas | bool }}" #enable_horizon_freezer: "{{ enable_freezer | bool }}" #enable_horizon_heat: "{{ enable_heat | bool }}" #enable_horizon_ironic: "{{ enable_ironic | bool }}" @@ -378,6 +410,7 @@ workaround_ansible_issue_8743: yes #enable_ironic_neutron_agent: "{{ enable_neutron | bool and enable_ironic | bool }}" #enable_ironic_prometheus_exporter: "{{ enable_ironic | bool and enable_prometheus | bool }}" #enable_iscsid: "{{ enable_cinder | bool and enable_cinder_backend_iscsi | bool }}" +#enable_kafka: "no" #enable_kuryr: "no" #enable_magnum: "no" #enable_manila: "no" @@ -433,6 +466,7 @@ workaround_ansible_issue_8743: yes #enable_venus: "no" #enable_vitrage: "no" #enable_watcher: "no" +#enable_zookeeper: "no" #enable_zun: "no" ############# @@ -488,7 +522,7 @@ workaround_ansible_issue_8743: yes #ceph_cinder_backup_pool_name: "backups" # Nova #ceph_nova_keyring: "{{ ceph_cinder_keyring }}" -#ceph_nova_user: "nova" +#ceph_nova_user: "{{ ceph_cinder_user }}" #ceph_nova_pool_name: "vms" # Gnocchi #ceph_gnocchi_user: "gnocchi" @@ -513,6 +547,9 @@ workaround_ansible_issue_8743: yes # 28800(8 hour), 43200(12 hour), 86400(1 day), 604800(1 week). #fernet_token_expiry: 86400 +# Whether or not to apply changes to service user passwords when services are +# reconfigured +#update_keystone_service_user_passwords: "true" ######################## # Glance - Image Options @@ -671,6 +708,12 @@ workaround_ansible_issue_8743: yes ###################################### # Manila - Shared File Systems Options ###################################### +#example +#enable_manila: "yes" +#enable_manila_backend_cephfs_nfs: "yes" +#manila_cephfs_filesystem_name: "manila-cephfs-hdd" + + # HNAS backend configuration #hnas_ip: #hnas_user: @@ -758,13 +801,14 @@ workaround_ansible_issue_8743: yes #enable_prometheus_mysqld_exporter: "{{ enable_mariadb | bool }}" #enable_prometheus_node_exporter: "{{ enable_prometheus | bool }}" #enable_prometheus_cadvisor: "{{ enable_prometheus | bool }}" -#enable_prometheus_fluentd_integration: "{{ enable_prometheus | bool and enable fluentd | bool }}" +#enable_prometheus_fluentd_integration: "{{ enable_prometheus | bool and enable_fluentd | bool }}" #enable_prometheus_memcached: "{{ enable_prometheus | bool }}" #enable_prometheus_alertmanager: "{{ enable_prometheus | bool }}" #enable_prometheus_alertmanager_external: "{{ enable_prometheus_alertmanager | bool }}" #enable_prometheus_ceph_mgr_exporter: "no" #enable_prometheus_openstack_exporter: "{{ enable_prometheus | bool }}" #enable_prometheus_elasticsearch_exporter: "{{ enable_prometheus | bool and enable_elasticsearch | bool }}" +#enable_prometheus_pushgateway: "{{ enable_prometheus | bool }}" #enable_prometheus_blackbox_exporter: "{{ enable_prometheus | bool }}" #enable_prometheus_libvirt_exporter: "{{ enable_prometheus | bool and enable_nova | bool and nova_compute_virt_type in ['kvm', 'qemu'] }}" #enable_prometheus_etcd_integration: "{{ enable_prometheus | bool and enable_etcd | bool }}" diff --git a/etc/kolla/passwords.yml b/etc/kolla/passwords.yml index f59ab1cea3..a18e9fd125 100644 --- a/etc/kolla/passwords.yml +++ b/etc/kolla/passwords.yml @@ -247,6 +247,7 @@ redis_master_password: #################### prometheus_mysql_exporter_database_password: prometheus_alertmanager_password: +prometheus_pushgateway_password: prometheus_password: prometheus_grafana_password: prometheus_bcrypt_salt: diff --git a/kolla_ansible/database_shards.py b/kolla_ansible/database_shards.py index 8ffcb7b91f..5afdac8a2c 100644 --- a/kolla_ansible/database_shards.py +++ b/kolla_ansible/database_shards.py @@ -87,8 +87,8 @@ def database_shards_info(context, hostnames): host_shard_id = host.get('mariadb_shard_id') if host_shard_id is None: - raise FilterError(f"'mariadb_shard_id' is undefined " - "for host '{hostname}'") + raise FilterError("'mariadb_shard_id' is undefined " + f"for host '{hostname}'") else: host_shard_id = str(host_shard_id) diff --git a/kolla_ansible/kolla_url.py b/kolla_ansible/kolla_url.py index 36e516051b..a217491e6f 100644 --- a/kolla_ansible/kolla_url.py +++ b/kolla_ansible/kolla_url.py @@ -28,6 +28,7 @@ def kolla_url(fqdn, protocol, port, path='', context='url'): """ fqdn = put_address_in_context(fqdn, context) + port = int(port) if ((protocol == 'http' and port == 80) or (protocol == 'https' and port == 443) or diff --git a/kolla_ansible/nova_filters.py b/kolla_ansible/nova_filters.py index 3a613cf3ea..4bb5cbdf66 100644 --- a/kolla_ansible/nova_filters.py +++ b/kolla_ansible/nova_filters.py @@ -36,8 +36,7 @@ def extract_cell(list_cells_cli_output, cell_name): # NOTE(priteau): regexp doesn't support passwords containing spaces p = re.compile( r'\| +(?P[^ ]+)? +' - r'\| +(?!00000000-0000-0000-0000-000000000000)' - r'(?P[0-9a-f\-]+) +' + r'\| +(?P[0-9a-f\-]+) +' r'\| +(?P[^ ]+) +' r'\| +(?P[^ ]+) +' r'\| +(?P[^ ]+) +' diff --git a/lint-requirements.txt b/lint-requirements.txt index 89cb54276f..8458d70f67 100644 --- a/lint-requirements.txt +++ b/lint-requirements.txt @@ -2,6 +2,7 @@ ansible>=6,<8 # GPLv3 ansible-lint>=6.0.0,<6.13.0 # MIT bandit>=1.1.0 # Apache-2.0 bashate>=0.5.1 # Apache-2.0 +codespell<2.3.0 # GPLv2 doc8>=0.6.0 # Apache-2.0 hacking>=3.0.1,<3.1.0 # Apache-2.0 reno>=3.1.0 # Apache-2.0 diff --git a/releasenotes/notes/add-opensearch-uri-68a657c55ce9c9f1.yaml b/releasenotes/notes/add-opensearch-uri-68a657c55ce9c9f1.yaml new file mode 100644 index 0000000000..720b1866df --- /dev/null +++ b/releasenotes/notes/add-opensearch-uri-68a657c55ce9c9f1.yaml @@ -0,0 +1,4 @@ +--- +fixes: + - | + Fixes an deploy opensearch with enable TLS on the internal VIP. diff --git a/releasenotes/notes/adds-net-raw-capability-to-ironic-dnsmasq-40f5894c5180b12d.yaml b/releasenotes/notes/adds-net-raw-capability-to-ironic-dnsmasq-40f5894c5180b12d.yaml new file mode 100644 index 0000000000..bd9022b7f0 --- /dev/null +++ b/releasenotes/notes/adds-net-raw-capability-to-ironic-dnsmasq-40f5894c5180b12d.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Fixes an issue with ironic dnsmasq failing to start in deployments + using podman because it requires the NET_RAW capability. See `LP#2055282 + `__. diff --git a/releasenotes/notes/bug-1906306-640d5085576656f9.yaml b/releasenotes/notes/bug-1906306-640d5085576656f9.yaml new file mode 100644 index 0000000000..dafb761401 --- /dev/null +++ b/releasenotes/notes/bug-1906306-640d5085576656f9.yaml @@ -0,0 +1,8 @@ +--- +fixes: + - | + Add conditionals for IPv6 sysctl settings + that have IPV6 disabled in kernel. + Changing sysctl settings related to IPv6 on those + systems lead to errors. + `LP#1906306 `__ diff --git a/releasenotes/notes/bug-1915302-a668b00dddaff476.yaml b/releasenotes/notes/bug-1915302-a668b00dddaff476.yaml new file mode 100644 index 0000000000..14cade7d1e --- /dev/null +++ b/releasenotes/notes/bug-1915302-a668b00dddaff476.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Fixes nova-cell not updating the cell0 database address when VIP changes. + `LP#1915302 `__ diff --git a/releasenotes/notes/bug-1937120-cd1ad24a9a4be739.yaml b/releasenotes/notes/bug-1937120-cd1ad24a9a4be739.yaml new file mode 100644 index 0000000000..2eb07029bb --- /dev/null +++ b/releasenotes/notes/bug-1937120-cd1ad24a9a4be739.yaml @@ -0,0 +1,7 @@ +--- +fixes: + - | + Fixes trove module imports. + Path to the modules needed by trove-api changed in source trove + package so the configuration was updated. + `LP#1937120 `__ diff --git a/releasenotes/notes/bug-1993285-127fe764e461465a.yaml b/releasenotes/notes/bug-1993285-127fe764e461465a.yaml new file mode 100644 index 0000000000..068c6e73f1 --- /dev/null +++ b/releasenotes/notes/bug-1993285-127fe764e461465a.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Fixes handling of openvswitch on ``manila-share`` nodes. + `LP#1993285 `__ diff --git a/releasenotes/notes/bug-2009884-a13cd185a29faf9a.yaml b/releasenotes/notes/bug-2009884-a13cd185a29faf9a.yaml new file mode 100644 index 0000000000..944f58849a --- /dev/null +++ b/releasenotes/notes/bug-2009884-a13cd185a29faf9a.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Fixes non-persistent Neutron agent state data. + `LP2009884 `__ diff --git a/releasenotes/notes/bug-2024554-6eb811364536f1e8.yaml b/releasenotes/notes/bug-2024554-6eb811364536f1e8.yaml index 1db1d5a16f..19de8634b4 100644 --- a/releasenotes/notes/bug-2024554-6eb811364536f1e8.yaml +++ b/releasenotes/notes/bug-2024554-6eb811364536f1e8.yaml @@ -2,6 +2,6 @@ fixes: - | Fixes 2024554. - Adds mariadb_port to the wsrep sync status check. + Adds host and ``mariadb_port`` to the wsrep sync status check. This is so none standard ports can be used for mariadb deployments. `LP#2024554 `__ diff --git a/releasenotes/notes/bug-2041864-f19f9a6afd0955e8.yaml b/releasenotes/notes/bug-2041864-f19f9a6afd0955e8.yaml new file mode 100644 index 0000000000..f5e8ee8e00 --- /dev/null +++ b/releasenotes/notes/bug-2041864-f19f9a6afd0955e8.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Fixes ``ovs-dpdk`` images pull. + `LP#[2041864] `__ diff --git a/releasenotes/notes/bug-2044370-2285fc3952981cae.yaml b/releasenotes/notes/bug-2044370-2285fc3952981cae.yaml new file mode 100644 index 0000000000..c2ab823fec --- /dev/null +++ b/releasenotes/notes/bug-2044370-2285fc3952981cae.yaml @@ -0,0 +1,7 @@ +--- +fixes: + - | + Fixes cases when fluentd parser fails on Python traceback. + OpenStack services regex has been reworked to include both + global_request_id and handling cases with Python traceback. + `LP#2044370 `_ diff --git a/releasenotes/notes/bug-2045660-inability-to-override-horizon-policy-files-c405906a9faf8f3b.yaml b/releasenotes/notes/bug-2045660-inability-to-override-horizon-policy-files-c405906a9faf8f3b.yaml new file mode 100644 index 0000000000..7e3c382a11 --- /dev/null +++ b/releasenotes/notes/bug-2045660-inability-to-override-horizon-policy-files-c405906a9faf8f3b.yaml @@ -0,0 +1,7 @@ +--- +fixes: + - | + Starting with ansible-core 2.13, list concatenation format is changed + which resulted in inability to override horizon policy files. + See `LP#2045660 `__ + for more details. diff --git a/releasenotes/notes/bug-2048130-23b8174396bd3c69.yaml b/releasenotes/notes/bug-2048130-23b8174396bd3c69.yaml new file mode 100644 index 0000000000..a1cd5b878a --- /dev/null +++ b/releasenotes/notes/bug-2048130-23b8174396bd3c69.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Fixes long service restarts while using systemd + `LP#2048130 `__. diff --git a/releasenotes/notes/bug-2048223-bb66fa11c6b36c5e.yaml b/releasenotes/notes/bug-2048223-bb66fa11c6b36c5e.yaml new file mode 100644 index 0000000000..eb06cd79c7 --- /dev/null +++ b/releasenotes/notes/bug-2048223-bb66fa11c6b36c5e.yaml @@ -0,0 +1,7 @@ +--- +fixes: + - | + Fixes an issue with high CPU usage of the cAdvisor container by setting the + per-container housekeeping interval to the same value as the Prometheus + scrape interval. `LP#2048223 + `__ diff --git a/releasenotes/notes/bug-2048525-53ac0711f2c8ae4b.yaml b/releasenotes/notes/bug-2048525-53ac0711f2c8ae4b.yaml new file mode 100644 index 0000000000..10d3635bce --- /dev/null +++ b/releasenotes/notes/bug-2048525-53ac0711f2c8ae4b.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Fixes glance image import + `LP#2048525 `__. diff --git a/releasenotes/notes/bug-2048700-98eb939b72079173.yaml b/releasenotes/notes/bug-2048700-98eb939b72079173.yaml new file mode 100644 index 0000000000..a4aec372bf --- /dev/null +++ b/releasenotes/notes/bug-2048700-98eb939b72079173.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Fixes Nova operations using the ``scp`` command, such as cold migration or + resize, on Debian Bookworm. `LP#2048700 + `__ diff --git a/releasenotes/notes/bug-2049607-fb79ea2960b91bde.yaml b/releasenotes/notes/bug-2049607-fb79ea2960b91bde.yaml new file mode 100644 index 0000000000..13a353d55a --- /dev/null +++ b/releasenotes/notes/bug-2049607-fb79ea2960b91bde.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Fixes configuration of nova-compute and nova-compute-ironic, + that will enable exposing vendordata over configdrive. + `LP#2049607 `__ diff --git a/releasenotes/notes/bug-2052501-6dfd9e5443fdc6d1.yaml b/releasenotes/notes/bug-2052501-6dfd9e5443fdc6d1.yaml new file mode 100644 index 0000000000..7e6116cbe3 --- /dev/null +++ b/releasenotes/notes/bug-2052501-6dfd9e5443fdc6d1.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Fixes mariadb role deployment when using Ansible check mode. + `LP#2052501 `__ diff --git a/releasenotes/notes/bug-2058492-b86e8eceb04eec67.yaml b/releasenotes/notes/bug-2058492-b86e8eceb04eec67.yaml new file mode 100644 index 0000000000..f1c1e735c3 --- /dev/null +++ b/releasenotes/notes/bug-2058492-b86e8eceb04eec67.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Incorrect condition in Podman part prevented the retrieval + of facts of all the containers when no names were provided. + `LP#2058492 `__ diff --git a/releasenotes/notes/bug-2058644-1db8786303234787.yaml b/releasenotes/notes/bug-2058644-1db8786303234787.yaml new file mode 100644 index 0000000000..ec1286d322 --- /dev/null +++ b/releasenotes/notes/bug-2058644-1db8786303234787.yaml @@ -0,0 +1,15 @@ +--- +upgrade: + - | + MariaDB backup now uses the same image as the running MariaDB server. The + following variables relating to MariaDB backups are no longer used and have + been removed: + + * ``mariabackup_image`` + * ``mariabackup_tag`` + * ``mariabackup_image_full`` +fixes: + - | + Modifies the MariaDB procedure to use the same container image as the + running MariaDB server container. This should prevent compatibility issues + that may cause the backup to fail. diff --git a/releasenotes/notes/bug-2058656-ad68bb260327a267.yaml b/releasenotes/notes/bug-2058656-ad68bb260327a267.yaml new file mode 100644 index 0000000000..33b4e2c73f --- /dev/null +++ b/releasenotes/notes/bug-2058656-ad68bb260327a267.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Fixes keystone service configuration for haproxy when using federation. + `LP#2058656 `__ diff --git a/releasenotes/notes/bug-2061889-f54e356f43c0fae3.yaml b/releasenotes/notes/bug-2061889-f54e356f43c0fae3.yaml new file mode 100644 index 0000000000..b148344d5c --- /dev/null +++ b/releasenotes/notes/bug-2061889-f54e356f43c0fae3.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Fixes mariadb's backup failure due to missing `CREATE` privileges + on the `mariadb_backup_history` table. `LP#2061889 + `__ diff --git a/releasenotes/notes/bug-2067278-82287115c972a04e.yaml b/releasenotes/notes/bug-2067278-82287115c972a04e.yaml new file mode 100644 index 0000000000..a79400c9fd --- /dev/null +++ b/releasenotes/notes/bug-2067278-82287115c972a04e.yaml @@ -0,0 +1,7 @@ +--- +fixes: + - | + Fixes a bug in kolla_podman_worker, where missing commas + in list of strings create implicit concatenation of items + that should be separate. + `LP#2067278 `__ diff --git a/releasenotes/notes/bug-2073159-c54c773c72c8fb11.yaml b/releasenotes/notes/bug-2073159-c54c773c72c8fb11.yaml new file mode 100644 index 0000000000..15d7087780 --- /dev/null +++ b/releasenotes/notes/bug-2073159-c54c773c72c8fb11.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Fixes behaviour of Change Password screen in Horizon until + `bug #2073639 `__ is resolved. + `LP#2073159 `__ diff --git a/releasenotes/notes/bug-2073370-268e9a76be9f2ae9.yaml b/releasenotes/notes/bug-2073370-268e9a76be9f2ae9.yaml new file mode 100644 index 0000000000..d15c65fd1a --- /dev/null +++ b/releasenotes/notes/bug-2073370-268e9a76be9f2ae9.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Fixes the MariaDB recovery issue when kolla-ansible is running from + a docker container. `LP#2073370 `__ diff --git a/releasenotes/notes/bug-2073678-45f31547395ef3c7.yaml b/releasenotes/notes/bug-2073678-45f31547395ef3c7.yaml new file mode 100644 index 0000000000..70206e4fe9 --- /dev/null +++ b/releasenotes/notes/bug-2073678-45f31547395ef3c7.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Fixes busy libvirt's secret volume while secrets are changing. + `LP#2073678 `__ diff --git a/releasenotes/notes/bug-2081106-ef0df790780c612d.yaml b/releasenotes/notes/bug-2081106-ef0df790780c612d.yaml new file mode 100644 index 0000000000..2d618f0b76 --- /dev/null +++ b/releasenotes/notes/bug-2081106-ef0df790780c612d.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Fix ProxySQL unable to bind due to incorrect format + of IPv6 addresses in the `mysql_ifaces` configuration. + `LP#2081106 `__ diff --git a/releasenotes/notes/bug-923105-d451a78930973a82.yaml b/releasenotes/notes/bug-923105-d451a78930973a82.yaml new file mode 100644 index 0000000000..49171cbac8 --- /dev/null +++ b/releasenotes/notes/bug-923105-d451a78930973a82.yaml @@ -0,0 +1,7 @@ +--- +fixes: + - | + Fixes the Python requests library issue when using custom + CA by adding the REQUESTS_CA environment variable to the + kolla-toolbox container. + See `LP#1967132 `__ diff --git a/releasenotes/notes/cloudkitty-internal-tls-c3e18be2a9f95c5d.yaml b/releasenotes/notes/cloudkitty-internal-tls-c3e18be2a9f95c5d.yaml new file mode 100644 index 0000000000..8cd08af65c --- /dev/null +++ b/releasenotes/notes/cloudkitty-internal-tls-c3e18be2a9f95c5d.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Fixes configuration of CloudKitty when internal TLS is enabled. + `LP#1998831 `__ diff --git a/releasenotes/notes/cve-2023-2088-followup-5081ecd9817bb14f.yaml b/releasenotes/notes/cve-2023-2088-followup-5081ecd9817bb14f.yaml new file mode 100644 index 0000000000..930ee1976e --- /dev/null +++ b/releasenotes/notes/cve-2023-2088-followup-5081ecd9817bb14f.yaml @@ -0,0 +1,10 @@ +--- +fixes: + - | + Updated configuration of service user tokens for all Nova and Cinder + services to stop using admin role for service_token and use service + role. + + See `LP#[2004555] `__ and + `LP#[2049762] `__ + for more details. diff --git a/releasenotes/notes/dedeprecate-masakari-52e3979f563db779.yaml b/releasenotes/notes/dedeprecate-masakari-52e3979f563db779.yaml new file mode 100644 index 0000000000..b87a3c1d75 --- /dev/null +++ b/releasenotes/notes/dedeprecate-masakari-52e3979f563db779.yaml @@ -0,0 +1,6 @@ +--- +deprecations: + - | + Support for deploying Masakari is no longer deprecated. The Masakari CI + scenarios are now working again, and commitment has been made to improve + the health of the project. diff --git a/releasenotes/notes/disable-usage-audit-notifications-6e63588bdcc48603.yaml b/releasenotes/notes/disable-usage-audit-notifications-6e63588bdcc48603.yaml new file mode 100644 index 0000000000..7c9c00580e --- /dev/null +++ b/releasenotes/notes/disable-usage-audit-notifications-6e63588bdcc48603.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Fixes enabled usage audit notifications when they + are not needed. See `LP##2049503 + `__. diff --git a/releasenotes/notes/fact-gathering-double-failure-4662ef2f54d58291.yaml b/releasenotes/notes/fact-gathering-double-failure-4662ef2f54d58291.yaml new file mode 100644 index 0000000000..fe0595cf4e --- /dev/null +++ b/releasenotes/notes/fact-gathering-double-failure-4662ef2f54d58291.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Fixes an issue during fact gathering when using the ``--limit`` argument + where a host that fails to gather facts could cause another host to fail + during delegated fact gathering. diff --git a/releasenotes/notes/firewalld-immediate-c2abf09977c455a9.yaml b/releasenotes/notes/firewalld-immediate-c2abf09977c455a9.yaml new file mode 100644 index 0000000000..cd858cf488 --- /dev/null +++ b/releasenotes/notes/firewalld-immediate-c2abf09977c455a9.yaml @@ -0,0 +1,7 @@ +--- +features: + - | + Modifies public API firewalld rules to be applied immediately to a running + firewalld service. This requires firewalld to be running, but avoids + reloading firewalld, which is disruptive due to the way in which firewalld + builds its firewall chains. diff --git a/releasenotes/notes/fix-cinder-backup-tls-swift-cb694ed1df8caa26.yaml b/releasenotes/notes/fix-cinder-backup-tls-swift-cb694ed1df8caa26.yaml new file mode 100644 index 0000000000..9d165e18c6 --- /dev/null +++ b/releasenotes/notes/fix-cinder-backup-tls-swift-cb694ed1df8caa26.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Fixed 'cinder-backup' service when Swift with TLS enabled. + `LP#2051986 `__ diff --git a/releasenotes/notes/fix-multipathd-kpartx-disable-44732c1378ae2291.yaml b/releasenotes/notes/fix-multipathd-kpartx-disable-44732c1378ae2291.yaml new file mode 100644 index 0000000000..3bcf8a84da --- /dev/null +++ b/releasenotes/notes/fix-multipathd-kpartx-disable-44732c1378ae2291.yaml @@ -0,0 +1,7 @@ +--- +fixes: + - | + Add ``skip_kpartx yes`` to multipath.conf ``defaults`` section to prevent + kpartx scanning multipath devices and unlock ``multipathd del map`` + operation of os-brick for volume detaching oprtaions. + `LP#2078973 `__` diff --git a/releasenotes/notes/fix-octavia-interface-timeout-5e87ea2501d5ab3c.yaml b/releasenotes/notes/fix-octavia-interface-timeout-5e87ea2501d5ab3c.yaml new file mode 100644 index 0000000000..1046e1ede5 --- /dev/null +++ b/releasenotes/notes/fix-octavia-interface-timeout-5e87ea2501d5ab3c.yaml @@ -0,0 +1,10 @@ +--- +fixes: + - | + Fixes 2067036. + Added ``octavia_interface_wait_timeout`` to control + octavia-interface.service timeout to be able wait + openvswitch agent sync has been finished and + octavia-lb-net is reachable from the host. + Also set restart policy for this unit to on-failure + `LP#2067036 `__ diff --git a/releasenotes/notes/fix-octavia-service-upgrade-9610e35cfdd512f6.yaml b/releasenotes/notes/fix-octavia-service-upgrade-9610e35cfdd512f6.yaml new file mode 100644 index 0000000000..bbc6e306e6 --- /dev/null +++ b/releasenotes/notes/fix-octavia-service-upgrade-9610e35cfdd512f6.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Fixes Octavia service upgrade issue where it can fail when Octavia + persistence database user is missing. + `LP#2065591 `__ diff --git a/releasenotes/notes/fix-opensearch-upgrade-idempotency-4d20a8102717cc56.yaml b/releasenotes/notes/fix-opensearch-upgrade-idempotency-4d20a8102717cc56.yaml new file mode 100644 index 0000000000..3d63703347 --- /dev/null +++ b/releasenotes/notes/fix-opensearch-upgrade-idempotency-4d20a8102717cc56.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Fixes an idempotency issue in the OpenSearch upgrade tasks where subsequent + runs of kolla-ansible upgrade would leave shard allocation disabled. + `LP#2049512 `__ diff --git a/releasenotes/notes/fix-restarting-container-even-with-no-changes-when-using-dimensions-ad94b657b6c29cfc.yaml b/releasenotes/notes/fix-restarting-container-even-with-no-changes-when-using-dimensions-ad94b657b6c29cfc.yaml new file mode 100644 index 0000000000..704de43732 --- /dev/null +++ b/releasenotes/notes/fix-restarting-container-even-with-no-changes-when-using-dimensions-ad94b657b6c29cfc.yaml @@ -0,0 +1,10 @@ +--- +fixes: + - | + Fixes the dimensions comparison when we set + values like `1g` in the container dimensions + configuration, making the docker container + getting restarted even with no changes, as + we are comparing `1g` with `1073741824`, + which is displayed in the docker inspect + while `1g` is in the configuration. diff --git a/releasenotes/notes/fix-sahara-engine-healthcheck-cfc635de9e4f56bc.yaml b/releasenotes/notes/fix-sahara-engine-healthcheck-cfc635de9e4f56bc.yaml new file mode 100644 index 0000000000..5e130ad24e --- /dev/null +++ b/releasenotes/notes/fix-sahara-engine-healthcheck-cfc635de9e4f56bc.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Fixes Docker health check for the ``sahara_engine`` container. + `LP#2046268 `__ diff --git a/releasenotes/notes/fix-setting-nova-compute-ironic-host-option-a7a3f6ae095f5201.yaml b/releasenotes/notes/fix-setting-nova-compute-ironic-host-option-a7a3f6ae095f5201.yaml new file mode 100644 index 0000000000..1a444f6356 --- /dev/null +++ b/releasenotes/notes/fix-setting-nova-compute-ironic-host-option-a7a3f6ae095f5201.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Fixes the detection of the Nova Compute Ironic service when a custom `host` + option is set in the service config file. + See `LP#2056571 `__ diff --git a/releasenotes/notes/fix-skyline-keystone-port-0a25395608f572d9.yaml b/releasenotes/notes/fix-skyline-keystone-port-0a25395608f572d9.yaml new file mode 100644 index 0000000000..b040d3699d --- /dev/null +++ b/releasenotes/notes/fix-skyline-keystone-port-0a25395608f572d9.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Fixes keystone port in skyline-console pointing to wrong endpoint port. + `LP#2069855 `__ diff --git a/releasenotes/notes/fix-systemd-restart-5fc282419cf13589.yaml b/releasenotes/notes/fix-systemd-restart-5fc282419cf13589.yaml new file mode 100644 index 0000000000..2f40d2550a --- /dev/null +++ b/releasenotes/notes/fix-systemd-restart-5fc282419cf13589.yaml @@ -0,0 +1,7 @@ +--- +fixes: + - | + Fixes 2065168. + Fix kolla systemd unit template to prevent restart + all kolla services with docker.service restart. + `LP#[2065168] `__ diff --git a/releasenotes/notes/fix_creation_of_keystone_service_role-b6827b797aee2df6.yaml b/releasenotes/notes/fix_creation_of_keystone_service_role-b6827b797aee2df6.yaml new file mode 100644 index 0000000000..aebd88e492 --- /dev/null +++ b/releasenotes/notes/fix_creation_of_keystone_service_role-b6827b797aee2df6.yaml @@ -0,0 +1,8 @@ +--- +fixes: + - | + Fixes a bug in kolla-ansible where the keystone service role was not being + created during an upgrade. This was due to the service-ks-register role not + being imported in the upgrade.yml file. The service-ks-register role is now + imported in the upgrade.yml file. + See bug: https://bugs.launchpad.net/kolla-ansible/+bug/2056761 diff --git a/releasenotes/notes/fix_mariadb_cluster_recovery-1a48db23cb99d4c0.yaml b/releasenotes/notes/fix_mariadb_cluster_recovery-1a48db23cb99d4c0.yaml new file mode 100644 index 0000000000..1775a99afc --- /dev/null +++ b/releasenotes/notes/fix_mariadb_cluster_recovery-1a48db23cb99d4c0.yaml @@ -0,0 +1,8 @@ +--- +fixes: + - | + Fixed an issue where the MariaDB Cluster recovery process would fail if the + sequence number was not found in the logs. The recovery process now checks + the complete log file for the sequence number and recovers the cluster. + See `LP#1821173 `__ + for details. diff --git a/releasenotes/notes/fix_octavia_jobboard_bool-bee05138f8209a8e.yaml b/releasenotes/notes/fix_octavia_jobboard_bool-bee05138f8209a8e.yaml new file mode 100644 index 0000000000..fb95465638 --- /dev/null +++ b/releasenotes/notes/fix_octavia_jobboard_bool-bee05138f8209a8e.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Fix the Octavia jobboard boolean value. + See https://bugs.launchpad.net/kolla-ansible/+bug/2058046 for details. diff --git a/releasenotes/notes/fix_ovn_agents_hc-f6e4a39b9d64e9f1.yaml b/releasenotes/notes/fix_ovn_agents_hc-f6e4a39b9d64e9f1.yaml new file mode 100644 index 0000000000..de13505ed1 --- /dev/null +++ b/releasenotes/notes/fix_ovn_agents_hc-f6e4a39b9d64e9f1.yaml @@ -0,0 +1,8 @@ +--- +fixes: + - | + Fixes unreliable health checks for neutron_ovn_agent + and neutron_ovn_metadata_agent bug. + Changed to check OVS DB connection instead of OVN + southbound DB connection. + `LP#2084128 `__ diff --git a/releasenotes/notes/fixes-podman-named-volume-issues-when-using-mode-36b9862321eb9e68.yaml b/releasenotes/notes/fixes-podman-named-volume-issues-when-using-mode-36b9862321eb9e68.yaml new file mode 100644 index 0000000000..06821859ee --- /dev/null +++ b/releasenotes/notes/fixes-podman-named-volume-issues-when-using-mode-36b9862321eb9e68.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Fixes an issue, when using podman, with named volumes that use a mode + specifier. See `LP#2054834 + `_ for more details. diff --git a/releasenotes/notes/grafana-opensearch-datasource-configuration-04202c059f1abd05.yaml b/releasenotes/notes/grafana-opensearch-datasource-configuration-04202c059f1abd05.yaml new file mode 100644 index 0000000000..4b966b144a --- /dev/null +++ b/releasenotes/notes/grafana-opensearch-datasource-configuration-04202c059f1abd05.yaml @@ -0,0 +1,11 @@ +--- +fixes: + - | + Updates the default Grafana OpenSearch datasource configuration to use + values for OpenSearch that work out of the box. Replaces the Elasticsearch + values that were previously being used. The new configuration can be + applied by deleting your datasource and reconfiguring Grafana through kolla + ansible. In order to prevent dashboards from breaking when the datasource + is deleted, one should use `datasource variables + `__ + in Grafana. See bug `2039500 `__. diff --git a/releasenotes/notes/harden_horizon_tmp_usage-0d690e49645b99a8.yaml b/releasenotes/notes/harden_horizon_tmp_usage-0d690e49645b99a8.yaml new file mode 100644 index 0000000000..323ccd53be --- /dev/null +++ b/releasenotes/notes/harden_horizon_tmp_usage-0d690e49645b99a8.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Removes the default `/tmp/` mountpoint from the horizon container. This + change is made to harden the container and prevent potential security + issues. For more information, see the Bug Report: `LP#2068126 `__. diff --git a/releasenotes/notes/ironic-inspector-multiple-ranges-ntp-32568dcf640a7fc1.yaml b/releasenotes/notes/ironic-inspector-multiple-ranges-ntp-32568dcf640a7fc1.yaml new file mode 100644 index 0000000000..adb060a469 --- /dev/null +++ b/releasenotes/notes/ironic-inspector-multiple-ranges-ntp-32568dcf640a7fc1.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + Adds the ability to provide the NTP (time source) server for multiple DHCP + ranges in the Ironic Inspector DHCP server. diff --git a/releasenotes/notes/kolla-toolbox-demux-c5e8d27bc7214069.yaml b/releasenotes/notes/kolla-toolbox-demux-c5e8d27bc7214069.yaml new file mode 100644 index 0000000000..5142566597 --- /dev/null +++ b/releasenotes/notes/kolla-toolbox-demux-c5e8d27bc7214069.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Fixes parsing of JSON output of inner modules called by ``kolla-toolbox`` + when data was returned on standard error. + `LP#2080544 `__ diff --git a/releasenotes/notes/opensearch-log-retention-598c3389456a67e6.yaml b/releasenotes/notes/opensearch-log-retention-598c3389456a67e6.yaml new file mode 100644 index 0000000000..1df34b0b32 --- /dev/null +++ b/releasenotes/notes/opensearch-log-retention-598c3389456a67e6.yaml @@ -0,0 +1,20 @@ +--- +features: + - | + Set a log retention policy for OpenSearch via Index State Management (ISM). + `Documentation + `__. +fixes: + - | + Added log retention in OpenSearch, previously handled by Elasticsearch + Curator, now using Index State Management (ISM) OpenSearch bundled plugin. + `LP#2047037 `__. +upgrade: + - | + Added log retention in OpenSearch, previously handled by Elasticsearch + Curator. By default the soft and hard retention periods are 30 and 60 days + respectively. If you are upgrading from Elasticsearch, and have previously + configured ``elasticsearch_curator_soft_retention_period_days`` or + ``elasticsearch_curator_hard_retention_period_days``, those variables will + be used instead of the defaults. You should migrate your configuration + to use the new variable names before the Caracal release. diff --git a/releasenotes/notes/rabbitmq-add-precheck-for-quorum-queues-ba10f58538959112.yaml b/releasenotes/notes/rabbitmq-add-precheck-for-quorum-queues-ba10f58538959112.yaml new file mode 100644 index 0000000000..cb2781fb9f --- /dev/null +++ b/releasenotes/notes/rabbitmq-add-precheck-for-quorum-queues-ba10f58538959112.yaml @@ -0,0 +1,9 @@ +--- +fixes: + - | + A precheck has been added to catch when + ``om_enable_rabbitmq_quorum_queues`` is set to ``True``, but quorum queues + have not been configured on all appropriate queues. A manual migration is + required, see here for details: + https://docs.openstack.org/kolla-ansible/latest/reference/message-queues/rabbitmq.html#high-availability + `LP#2045887 `__ diff --git a/releasenotes/notes/rabbitmq-catch-downgrade-1005c7475a97bf19.yaml b/releasenotes/notes/rabbitmq-catch-downgrade-1005c7475a97bf19.yaml new file mode 100644 index 0000000000..b5c82ef7ad --- /dev/null +++ b/releasenotes/notes/rabbitmq-catch-downgrade-1005c7475a97bf19.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Adds a check to stop deploying/upgrading the RabbitMQ containers if it + will result in downgrading the version of RabbitMQ running. diff --git a/releasenotes/notes/rabbitmq-enable-all-feature-flags-at-once-28b76958abf54083.yaml b/releasenotes/notes/rabbitmq-enable-all-feature-flags-at-once-28b76958abf54083.yaml new file mode 100644 index 0000000000..fd2854de3c --- /dev/null +++ b/releasenotes/notes/rabbitmq-enable-all-feature-flags-at-once-28b76958abf54083.yaml @@ -0,0 +1,8 @@ +--- +fixes: + - | + All stable RabbitMQ feature flags are now enabled during deployments, + reconfigures, and upgrades. As such, the variable + ``rabbitmq_feature_flags`` is no longer required. This is a partial fix to + RabbitMQ SLURP support. + `LP#2049512 `__ diff --git a/releasenotes/notes/rabbitmq-target-upgrade-command-d5f9d9fc27fa28f8.yaml b/releasenotes/notes/rabbitmq-target-upgrade-command-d5f9d9fc27fa28f8.yaml new file mode 100644 index 0000000000..4ba4ab951f --- /dev/null +++ b/releasenotes/notes/rabbitmq-target-upgrade-command-d5f9d9fc27fa28f8.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + Added a command to upgrade to a target version of RabbitMQ. This is + required before a SLURP upgrade. See the docs for more details: + https://docs.openstack.org/kolla-ansible/latest/reference/message-queues/rabbitmq.html#slurp diff --git a/releasenotes/notes/rabbitmq-version-check-add-common-options-05edc24b779a3630.yaml b/releasenotes/notes/rabbitmq-version-check-add-common-options-05edc24b779a3630.yaml new file mode 100644 index 0000000000..eab24e78dd --- /dev/null +++ b/releasenotes/notes/rabbitmq-version-check-add-common-options-05edc24b779a3630.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Fixes a bug where the RabbitMQ version check would fail to pull the new + image due to lack of auth. + `LP#2086171 `__ diff --git a/releasenotes/notes/re-add-neutron-fwaas-fb2211cf78ba2eb7.yaml b/releasenotes/notes/re-add-neutron-fwaas-fb2211cf78ba2eb7.yaml new file mode 100644 index 0000000000..aebdd748e3 --- /dev/null +++ b/releasenotes/notes/re-add-neutron-fwaas-fb2211cf78ba2eb7.yaml @@ -0,0 +1,6 @@ + +--- +features: + - | + Re-added support for neutron-fwaas v2. Set ``enable_neutron_fwaas: yes`` + to enable. \ No newline at end of file diff --git a/releasenotes/notes/remove-any-errors-fatal-664fc2207074f0ef.yaml b/releasenotes/notes/remove-any-errors-fatal-664fc2207074f0ef.yaml new file mode 100644 index 0000000000..7060d884ba --- /dev/null +++ b/releasenotes/notes/remove-any-errors-fatal-664fc2207074f0ef.yaml @@ -0,0 +1,14 @@ +--- +upgrade: + - | + Support for failing execution early if fact collection fails on any of the + hosts by setting ``kolla_ansible_setup_any_errors_fatal`` to ``true`` has + been removed. This is due to Ansible's ``any_errors_fatal`` parameter not + being templated, resulting in the value always being interpreted as + ``true``, even though the default value of + ``kolla_ansible_setup_any_errors_fatal`` is ``false``. + + Equivalent behaviour is possible by setting the maximum failure percentage + to 0. This may be done specifically for fact gathering using + ``gather_facts_max_fail_percentage`` or globally using + ``kolla_max_fail_percentage``. diff --git a/releasenotes/notes/remove-keystone-admin-endpoint-cb3b224e9e7a892f.yaml b/releasenotes/notes/remove-keystone-admin-endpoint-cb3b224e9e7a892f.yaml new file mode 100644 index 0000000000..5bc9625b78 --- /dev/null +++ b/releasenotes/notes/remove-keystone-admin-endpoint-cb3b224e9e7a892f.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Fixes an issue where the Keystone admin endpoint would be recreated when + upgrading Keystone. The endpoint is now explicitly removed during the + upgrade process. diff --git a/releasenotes/notes/skyline-stop-7eb0d8770335a9ca.yaml b/releasenotes/notes/skyline-stop-7eb0d8770335a9ca.yaml new file mode 100644 index 0000000000..16524fc902 --- /dev/null +++ b/releasenotes/notes/skyline-stop-7eb0d8770335a9ca.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Fixes skyline's old format of stop task. + It used docker_container which would cause + problems with podman deployments. diff --git a/releasenotes/notes/update-keystone-passwords-7507119213391652.yaml b/releasenotes/notes/update-keystone-passwords-7507119213391652.yaml new file mode 100644 index 0000000000..8a4546e5d7 --- /dev/null +++ b/releasenotes/notes/update-keystone-passwords-7507119213391652.yaml @@ -0,0 +1,29 @@ +--- +fixes: + - | + Changes to service user passwords in ``passwords.yml`` will now be applied + when reconfiguring services. + + This behaviour can reverted by setting + ``update_keystone_service_user_passwords: false``. + + Fixes `LP#2045990 + `__ +upgrade: + - | + If credentials are updated in ``passwords.yml`` kolla-ansible is now able + to update these credentials in the keystone database and in the on disk + config files. + + The changes to ``passwords.yml`` are applied once ``kolla-ansible -i + INVENTORY`` reconfigure has been run. + + If you want to revert to the old behavior - credentials not automatically + updating during reconfigure if they changed in ``passwords.yml`` - you can + specify this by setting ``update_keystone_service_user_passwords: false`` + in your globals.yml. + + Notice that passwords are only changed if you change them in + ``passwords.yml``. This mechanism is not a complete solution for automatic + credential rollover. No passwords are changed if you do not change them + inside ``passwords.yml``. diff --git a/releasenotes/notes/use_proper_ip_comparison-1ed77a21eb560079.yaml b/releasenotes/notes/use_proper_ip_comparison-1ed77a21eb560079.yaml new file mode 100644 index 0000000000..66e8581c5d --- /dev/null +++ b/releasenotes/notes/use_proper_ip_comparison-1ed77a21eb560079.yaml @@ -0,0 +1,7 @@ +--- +fixes: + - | + Fixes a bug where the IP address comparison was not done properly + for the variable ``kolla_same_external_internal_vip``. + Fix the comparison to use the ``ipaddr`` filter instead. + For details see `LP#2076889 `__. diff --git a/releasenotes/notes/workaround-ovn-leader-election-f7f75e93e9300d96.yaml b/releasenotes/notes/workaround-ovn-leader-election-f7f75e93e9300d96.yaml new file mode 100644 index 0000000000..90a1fd5da7 --- /dev/null +++ b/releasenotes/notes/workaround-ovn-leader-election-f7f75e93e9300d96.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Fixes an issue where OVN northbound or southbound database deployment could + fail when a new leader is elected. `LP#2059124 + `__ diff --git a/requirements.yml b/requirements.yml index 82f922e6ba..967799c6d4 100644 --- a/requirements.yml +++ b/requirements.yml @@ -2,4 +2,4 @@ collections: - name: https://opendev.org/openstack/ansible-collection-kolla type: git - version: master + version: 2023.2-eol diff --git a/roles/cephadm/tasks/main.yml b/roles/cephadm/tasks/main.yml index 9aaa52965d..b9b3ae193b 100644 --- a/roles/cephadm/tasks/main.yml +++ b/roles/cephadm/tasks/main.yml @@ -33,7 +33,7 @@ - name: Bootstrap cephadm vars: - mon_ip: "{{ hostvars[inventory_hostname]['ansible_'+api_interface_name].ipv4.address }}" + mon_ip: "{{ hostvars[inventory_hostname]['ansible_' + api_interface_name | replace('-','_')].ipv4.address }}" command: cmd: > cephadm @@ -80,7 +80,7 @@ ceph_conf_fixed: | [global] fsid = {{ ceph_fsid }} - mon_host = {% for host in groups['all'] %} {{ hostvars[host]['ansible_'+api_interface_name].ipv4.address }} {% if not loop.last %},{% endif %} {% endfor %} + mon_host = {% for host in groups['all'] %} {{ hostvars[host]['ansible_' + api_interface_name | replace('-','_')].ipv4.address }} {% if not loop.last %},{% endif %} {% endfor %} copy: content: "{{ ceph_conf_fixed }}" dest: "/etc/ceph/ceph.conf.fixed" diff --git a/tests/check-failure.sh b/tests/check-failure.sh index 973873a15a..d291fdbe0d 100755 --- a/tests/check-failure.sh +++ b/tests/check-failure.sh @@ -15,8 +15,8 @@ check_podman_failures() { --filter status=unknown) for container in $failed_containers; do - podman inspect $container - podman logs $container + sudo podman inspect $container + sudo podman logs $container done } @@ -41,8 +41,8 @@ check_docker_failures() { --filter status=dead) for container in $failed_containers; do - docker inspect $container - docker logs $container + sudo docker inspect $container + sudo docker logs $container done } diff --git a/tests/get_logs.sh b/tests/get_logs.sh index 13253d8d7a..ceebc169a8 100644 --- a/tests/get_logs.sh +++ b/tests/get_logs.sh @@ -16,10 +16,10 @@ copy_logs() { exit 1 fi - cp -rnL ${VOLUMES_DIR}/kolla_logs/_data/* ${LOG_DIR}/kolla/ - cp -rnL /etc/kolla/* ${LOG_DIR}/kolla_configs/ + [ -d ${VOLUMES_DIR}/kolla_logs/_data ] && cp -rnL ${VOLUMES_DIR}/kolla_logs/_data/* ${LOG_DIR}/kolla/ + [ -d /etc/kolla ] && cp -rnL /etc/kolla/* ${LOG_DIR}/kolla_configs/ # Don't save the IPA images. - rm ${LOG_DIR}/kolla_configs/config/ironic/ironic-agent.{kernel,initramfs} + rm -f ${LOG_DIR}/kolla_configs/config/ironic/ironic-agent.{kernel,initramfs} mkdir ${LOG_DIR}/system_configs/ cp -rL /etc/{hostname,hosts,host.conf,resolv.conf,nsswitch.conf,systemd} ${LOG_DIR}/system_configs/ # copy docker configs if used @@ -37,10 +37,6 @@ copy_logs() { if [ "$CONTAINER_ENGINE" = "docker" ]; then journalctl --no-pager -u containerd.service > ${LOG_DIR}/system_logs/containerd.log fi - else - if [ "$CONTAINER_ENGINE" = "docker" ]; then - cp /var/log/upstart/docker.log ${LOG_DIR}/system_logs/docker.log - fi fi cp -r /etc/sudoers.d ${LOG_DIR}/system_logs/ @@ -101,21 +97,22 @@ copy_logs() { ps -eo user,pid,ppid,lwp,%cpu,%mem,size,rss,cmd > ${LOG_DIR}/system_logs/ps.txt # container engine related information - (${CONTAINER_ENGINE} info && - ${CONTAINER_ENGINE} images && - ${CONTAINER_ENGINE} ps -a && - ${CONTAINER_ENGINE} network ls && - ${CONTAINER_ENGINE} inspect $(${CONTAINER_ENGINE} ps -aq)) > ${LOG_DIR}/system_logs/${CONTAINER_ENGINE}-info.txt + [ `command -v ${CONTAINER_ENGINE}` ] && + ( ${CONTAINER_ENGINE} info && + ${CONTAINER_ENGINE} images && + ${CONTAINER_ENGINE} ps -a && + ${CONTAINER_ENGINE} network ls && + ${CONTAINER_ENGINE} inspect $(${CONTAINER_ENGINE} ps -aq)) > ${LOG_DIR}/system_logs/${CONTAINER_ENGINE}-info.txt # save dbus services - dbus-send --system --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.ListNames > ${LOG_DIR}/system_logs/dbus-services.txt + [ `command -v dbus-send` ] && dbus-send --system --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.ListNames > ${LOG_DIR}/system_logs/dbus-services.txt # cephadm related logs if [ `command -v cephadm` ]; then mkdir -p ${LOG_DIR}/ceph - sudo cp /etc/ceph/ceph.conf ${LOG_DIR}/ceph - sudo cp /var/run/ceph/*/cluster.yml ${LOG_DIR}/ceph/cluster.yml - sudo cp /var/log/ceph/cephadm.log* ${LOG_DIR}/ceph/ + [ -d /etc/ceph ] && sudo cp /etc/ceph/ceph.conf ${LOG_DIR}/ceph + [ -d /var/run/ceph ] && sudo cp /var/run/ceph/*/cluster.yml ${LOG_DIR}/ceph/cluster.yml + [ -d /var/log/ceph ] && sudo cp /var/log/ceph/cephadm.log* ${LOG_DIR}/ceph/ sudo cephadm shell -- ceph --connect-timeout 5 -s > ${LOG_DIR}/ceph/ceph_s.txt sudo cephadm shell -- ceph --connect-timeout 5 osd tree > ${LOG_DIR}/ceph/ceph_osd_tree.txt fi diff --git a/tests/kolla_container_tests/test_docker_worker.py b/tests/kolla_container_tests/test_docker_worker.py index 7c7909e6aa..594b5b9391 100644 --- a/tests/kolla_container_tests/test_docker_worker.py +++ b/tests/kolla_container_tests/test_docker_worker.py @@ -1382,7 +1382,76 @@ def test_compare_dimensions_pos(self): 'CpusetMems': '', 'MemorySwap': 0, 'MemoryReservation': 0, 'Ulimits': []} self.dw = get_DockerWorker(self.fake_data['params']) - self.assertTrue(self.dw.compare_dimensions(container_info)) + resp = self.dw.compare_dimensions(container_info) + self.dw.module.fail_json.assert_not_called() + self.assertTrue(resp) + + def test_compare_dimensions_using_short_notation_not_changed(self): + self.fake_data['params']['dimensions'] = { + 'mem_limit': '1024', 'mem_reservation': '3M', + 'memswap_limit': '2g'} + container_info = dict() + container_info['HostConfig'] = { + 'CpuPeriod': 0, 'KernelMemory': 0, 'Memory': 1024, 'CpuQuota': 0, + 'CpusetCpus': '', 'CpuShares': 0, 'BlkioWeight': 0, + 'CpusetMems': '', 'MemorySwap': 2 * 1024 * 1024 * 1024, + 'MemoryReservation': 3 * 1024 * 1024, 'Ulimits': []} + self.dw = get_DockerWorker(self.fake_data['params']) + resp = self.dw.compare_dimensions(container_info) + self.dw.module.fail_json.assert_not_called() + self.assertFalse(resp) + + def test_compare_dimensions_key_no_more_supported(self): + self.fake_data['params']['dimensions'] = { + 'mem_limit': '1024', 'mem_reservation': '3M', + 'memswap_limit': '2g', 'kernel_memory': '4M'} + container_info = dict() + container_info['HostConfig'] = { + 'CpuPeriod': 0, 'Memory': 1024, 'CpuQuota': 0, + 'CpusetCpus': '', 'CpuShares': 0, 'BlkioWeight': 0, + 'CpusetMems': '', 'MemorySwap': 2 * 1024 * 1024 * 1024, + 'MemoryReservation': 3 * 1024 * 1024, 'Ulimits': []} + self.dw = get_DockerWorker(self.fake_data['params']) + self.dw.compare_dimensions(container_info) + expected_msg = ("The dimension [kernel_memory] is no more " + "supported by Docker, please remove it from " + "yours configs or change to the new one.") + self.dw.module.fail_json.assert_called_once_with( + failed=True, msg=expected_msg) + + def test_compare_dimensions_invalid_unit(self): + self.fake_data['params']['dimensions'] = { + 'mem_limit': '1024', 'mem_reservation': '3M', + 'memswap_limit': '2g', 'kernel_memory': '4E'} + container_info = dict() + container_info['HostConfig'] = { + 'CpuPeriod': 0, 'KernelMemory': 0, 'Memory': 1024, 'CpuQuota': 0, + 'CpusetCpus': '', 'CpuShares': 0, 'BlkioWeight': 0, + 'CpusetMems': '', 'MemorySwap': 2 * 1024 * 1024 * 1024, + 'MemoryReservation': 3 * 1024 * 1024, 'Ulimits': []} + self.dw = get_DockerWorker(self.fake_data['params']) + self.dw.compare_dimensions(container_info) + expected_msg = ("The docker dimension unit [e] is " + "not supported for the dimension [4E]." + " The currently supported units are " + "['b', 'k', 'm', 'g'].") + self.dw.module.fail_json.assert_called_once_with( + failed=True, msg=expected_msg) + + def test_compare_dimensions_using_short_notation_changed(self): + self.fake_data['params']['dimensions'] = { + 'mem_limit': '10m', 'mem_reservation': '3M', + 'memswap_limit': '1g'} + container_info = dict() + container_info['HostConfig'] = { + 'CpuPeriod': 0, 'KernelMemory': 0, 'Memory': 1024, 'CpuQuota': 0, + 'CpusetCpus': '', 'CpuShares': 0, 'BlkioWeight': 0, + 'CpusetMems': '', 'MemorySwap': 2 * 1024 * 1024 * 1024, + 'MemoryReservation': 3 * 1024 * 1024, 'Ulimits': []} + self.dw = get_DockerWorker(self.fake_data['params']) + resp = self.dw.compare_dimensions(container_info) + self.dw.module.fail_json.assert_not_called() + self.assertTrue(resp) def test_compare_dimensions_neg(self): self.fake_data['params']['dimensions'] = { diff --git a/tests/pre.yml b/tests/pre.yml index 7df42d8465..984440b3dc 100644 --- a/tests/pre.yml +++ b/tests/pre.yml @@ -26,6 +26,18 @@ vars: bridge_name: "{{ neutron_external_bridge_name }}" bridge_member_name: "{{ neutron_external_vxlan_interface_name }}" + - role: multi-node-vxlan-overlay + vars: + vxlan_interface_name: "{{ external_api_interface_name }}" + vxlan_vni: 10002 + when: external_api_interface_name is defined + - role: multi-node-managed-addressing + vars: + managed_interface_name: "{{ external_api_interface_name }}" + managed_network_prefix: "{{ external_api_network_prefix }}" + managed_network_prefix_length: "{{ external_api_network_prefix_length }}" + managed_network_address_family: "{{ address_family }}" + when: external_api_interface_name is defined # TODO(mnasiadka): Update ipv6 jobs to test ipv6 in Neutron - role: multi-node-managed-addressing vars: diff --git a/tests/run.yml b/tests/run.yml index 4675657433..a987a3902a 100644 --- a/tests/run.yml +++ b/tests/run.yml @@ -361,7 +361,7 @@ KOLLA_SWIFT_BASE_IMAGE: "{{ docker_image_prefix }}swift-base:{{ docker_image_tag }}" # NOTE(yoctozepto): no IPv6 for now STORAGE_NODES: "{{ groups['all'] | map('extract', hostvars, - ['ansible_'+api_interface_name, 'ipv4', 'address']) + ['ansible_'+api_interface_name | replace('-','_') , 'ipv4', 'address']) | join(' ') }}" CONTAINER_ENGINE: "{{ container_engine }}" when: scenario == 'swift' @@ -725,6 +725,7 @@ chdir: "{{ kolla_ansible_src_dir }}" environment: KOLLA_ANSIBLE_VENV_PATH: "{{ kolla_ansible_venv_path }}" + SCENARIO: "{{ scenario }}" # NOTE(yoctozepto): this is nice as the first step after the upgrade # because it waits for the services to stabilize well enough so that diff --git a/tests/setup_gate.sh b/tests/setup_gate.sh index e921992cf0..16a204e275 100755 --- a/tests/setup_gate.sh +++ b/tests/setup_gate.sh @@ -113,7 +113,15 @@ function prepare_images { sudo tee -a /etc/kolla/kolla-build.conf < /tmp/logs/ansible/upgrade-prechecks + kolla-ansible -i ${RAW_INVENTORY} -vvv prechecks --skip-tags rabbitmq-ha-precheck &> /tmp/logs/ansible/upgrade-prechecks # NOTE(mattcrees): As om_enable_rabbitmq_quorum_queues now defaults to # true in Bobcat, we need to perform a migration to durable queues. - # TODO(mattcrees): Remove these steps in Caracal. SERVICE_TAGS="heat,keystone,neutron,nova" if [[ $SCENARIO == "zun" ]] || [[ $SCENARIO == "cephadm" ]]; then SERVICE_TAGS+=",cinder" @@ -44,6 +43,9 @@ function upgrade { kolla-ansible -i ${RAW_INVENTORY} -vvv pull &> /tmp/logs/ansible/pull-upgrade kolla-ansible -i ${RAW_INVENTORY} -vvv upgrade &> /tmp/logs/ansible/upgrade + # Check that all appropriate RabbitMQ queues are now quorum queues. + kolla-ansible -i ${RAW_INVENTORY} -vvv prechecks --tags rabbitmq-ha-precheck &> /tmp/logs/ansible/rabbitmq-ha-precheck + kolla-ansible -i ${RAW_INVENTORY} -vvv post-deploy &> /tmp/logs/ansible/upgrade-post-deploy kolla-ansible -i ${RAW_INVENTORY} -vvv validate-config &> /tmp/logs/ansible/validate-config diff --git a/tools/cleanup-host b/tools/cleanup-host index f6361d8559..51137ea506 100755 --- a/tools/cleanup-host +++ b/tools/cleanup-host @@ -63,6 +63,11 @@ if [[ "$influxdb_datadir_volume" != "influxdb" && -d "$influxdb_datadir_volume" rm -rfv $influxdb_datadir_volume fi +if [[ "$kafka_datadir_volume" != "kafka" && -d "$kafka_datadir_volume" ]]; then + echo "Removing kafka volume if it is customzied" + rm -rfv $kafka_datadir_volume +fi + if [[ "$opensearch_datadir_volume" != "opensearch" && -d "$opensearch_datadir_volume" ]]; then echo "Removing opensearch volume if it is customzied" rm -rfv $opensearch_datadir_volume diff --git a/tools/init-runonce b/tools/init-runonce index f0d0b0b5cf..0f2c73c3ab 100755 --- a/tools/init-runonce +++ b/tools/init-runonce @@ -176,6 +176,7 @@ if ! $KOLLA_OPENSTACK_COMMAND flavor list | grep -q m1.tiny; then $KOLLA_OPENSTACK_COMMAND flavor create --id 3 --ram 4096 --disk 40 --vcpus 2 m1.medium $KOLLA_OPENSTACK_COMMAND flavor create --id 4 --ram 8192 --disk 80 --vcpus 4 m1.large $KOLLA_OPENSTACK_COMMAND flavor create --id 5 --ram 16384 --disk 160 --vcpus 8 m1.xlarge + $KOLLA_OPENSTACK_COMMAND flavor create --id 6 --ram 512 --disk 1 --vcpus 2 m2.tiny fi cat << EOF diff --git a/tools/kolla-ansible b/tools/kolla-ansible index 07b43cf6c1..cc7f32f4f5 100755 --- a/tools/kolla-ansible +++ b/tools/kolla-ansible @@ -199,6 +199,7 @@ Commands: post-deploy Do post deploy on deploy node pull Pull all images for containers (only pulls, no running container changes) rabbitmq-reset-state Force reset the state of RabbitMQ + rabbitmq-upgrade Upgrade to a specific version of RabbitMQ reconfigure Reconfigure OpenStack service stop Stop Kolla containers certificates Generate self-signed certificate for TLS *For Development Only* @@ -247,6 +248,7 @@ gather-facts post-deploy pull rabbitmq-reset-state +rabbitmq-upgrade reconfigure stop certificates @@ -572,6 +574,12 @@ EOF ACTION="Force reset the state of RabbitMQ" PLAYBOOK="${BASEDIR}/ansible/rabbitmq-reset-state.yml" ;; +(rabbitmq-upgrade) + RMQ_VERSION="$2" + ACTION="Upgrade to a specific version of RabbitMQ" + PLAYBOOK="${BASEDIR}/ansible/rabbitmq-upgrade.yml" + EXTRA_OPTS="$EXTRA_OPTS -e rabbitmq_version_suffix=${RMQ_VERSION}" + ;; (bash-completion) bash_completion exit 0 diff --git a/tox.ini b/tox.ini index 92c0b33fda..e77bc1ca0a 100644 --- a/tox.ini +++ b/tox.ini @@ -9,7 +9,7 @@ usedevelop = True allowlist_externals = bash find rm -deps = -c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master} +deps = -c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/2023.2} -r{toxinidir}/requirements.txt -r{toxinidir}/test-requirements.txt podman>=4.3.0,<5 @@ -43,7 +43,7 @@ commands = [testenv:venv] deps = - -c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master} + -c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/2023.2} -r{toxinidir}/requirements.txt -r{toxinidir}/doc/requirements.txt commands = {posargs} @@ -51,7 +51,7 @@ commands = {posargs} [testenv:docs] skip_install = true deps = - -c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master} + -c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/2023.2} -r{toxinidir}/doc/requirements.txt commands = rm -rf doc/build/html @@ -97,7 +97,7 @@ setenv = ANSIBLE_FILTER_PLUGINS = {toxinidir}/ansible/filter_plugins deps = - -c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master} + -c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/2023.2} -r{toxinidir}/requirements.txt -r{toxinidir}/lint-requirements.txt allowlist_externals = bash diff --git a/zuul.d/base.yaml b/zuul.d/base.yaml index 4c5b590ac9..042340f5e5 100644 --- a/zuul.d/base.yaml +++ b/zuul.d/base.yaml @@ -2,36 +2,37 @@ - job: name: kolla-ansible-variables vars: - previous_release: "2023.1" - container_engine: "docker" - scenario: core - virt_type: qemu - is_upgrade: no + address_family: 'ipv4' + # Test latest ansible version on Ubuntu, minimum supported on others. + ansible_core_version_constraint: >- + {{ ansible_core_version_min if is_upgrade or base_distro != 'ubuntu' else ansible_core_version_max }} + ansible_core_version_max: "==2.15.*" + ansible_core_version_min: "==2.14.*" + # Test latest ansible version on Ubuntu, minimum supported on others. + ansible_version_constraint: >- + {{ ansible_version_min if is_upgrade or base_distro != 'ubuntu' else ansible_version_max }} + ansible_version_max: "==8.*" + ansible_version_min: "==7.*" + api_interface_name: vxlan0 api_network_prefix: "192.0.2." api_network_prefix_length: "24" - api_interface_name: vxlan0 + configure_swap_size: 0 + container_engine: "docker" + is_upgrade: false kolla_internal_vip_address: "192.0.2.10" - address_family: 'ipv4' - neutron_external_network_prefix: "198.51.100." - neutron_external_network_prefix_length: "24" + le_enabled: false neutron_external_bridge_name: br0 neutron_external_interface_name: "veth-{{ neutron_external_bridge_name }}-ext" + neutron_external_network_prefix: "198.51.100." + neutron_external_network_prefix_length: "24" neutron_external_vxlan_interface_name: vxlan1 + neutron_tenant_network_dns_server: "8.8.8.8" neutron_tenant_network_prefix: "203.0.113." neutron_tenant_network_prefix_length: "24" - neutron_tenant_network_dns_server: "8.8.8.8" + previous_release: "2023.1" + scenario: core tls_enabled: false - configure_swap_size: 0 - ansible_core_version_min: "==2.14.*" - ansible_core_version_max: "==2.15.*" - # Test latest ansible version on Ubuntu, minimum supported on others. - ansible_core_version_constraint: >- - {{ ansible_core_version_min if is_upgrade or base_distro != 'ubuntu' else ansible_core_version_max }} - ansible_version_min: "==7.*" - ansible_version_max: "==8.*" - # Test latest ansible version on Ubuntu, minimum supported on others. - ansible_version_constraint: >- - {{ ansible_version_min if is_upgrade or base_distro != 'ubuntu' else ansible_version_max }} + virt_type: qemu - job: parent: kolla-ansible-variables @@ -61,29 +62,6 @@ - ^specs/ - ^kolla_ansible/tests/ - ^tools/validate-.*$ - - ^zuul\.d/ - vars: - previous_release: "2023.1" - container_engine: "docker" - scenario: core - virt_type: qemu - is_upgrade: no - api_network_prefix: "192.0.2." - api_network_prefix_length: "24" - api_interface_name: vxlan0 - kolla_internal_vip_address: "192.0.2.10" - address_family: 'ipv4' - neutron_external_network_prefix: "198.51.100." - neutron_external_network_prefix_length: "24" - neutron_external_bridge_name: br0 - neutron_external_interface_name: "veth-{{ neutron_external_bridge_name }}-ext" - neutron_external_vxlan_interface_name: vxlan1 - neutron_tenant_network_prefix: "203.0.113." - neutron_tenant_network_prefix_length: "24" - neutron_tenant_network_dns_server: "8.8.8.8" - tls_enabled: false - le_enabled: false - configure_swap_size: 0 roles: - zuul: zuul/zuul-jobs - zuul: openstack/kolla @@ -298,12 +276,27 @@ - ^tests/run-hashi-vault.yml - ^tests/test-hashicorp-vault-passwords.sh +- job: + name: kolla-ansible-haproxy-base + parent: kolla-ansible-base + voting: false + files: + - ^ansible/roles/haproxy/ + - ^kolla_ansible/kolla_url.py + vars: + external_api_interface_name: vxlan2 + external_api_network_prefix: "192.0.3." + external_api_network_prefix_length: "24" + kolla_external_vip_address: "192.0.3.10" + scenario: haproxy + - job: name: kolla-ansible-lets-encrypt-base parent: kolla-ansible-base voting: false files: - ^requirements-core.yml + - ^ansible/roles/common/templates/conf/input/11-letsencrypt.conf.j2 - ^ansible/roles/letsencrypt/ - ^ansible/roles/loadbalancer/ - ^tests/test-core-openstack.sh diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml index ea5061f589..e655b904bd 100644 --- a/zuul.d/jobs.yaml +++ b/zuul.d/jobs.yaml @@ -472,6 +472,22 @@ vars: base_distro: rocky +- job: + name: kolla-ansible-rocky9-haproxy-fqdn + parent: kolla-ansible-haproxy-base + nodeset: kolla-ansible-rocky9 + vars: + base_distro: rocky + tls_enabled: true + +- job: + name: kolla-ansible-ubuntu-haproxy-fqdn + parent: kolla-ansible-haproxy-base + nodeset: kolla-ansible-jammy + vars: + base_distro: ubuntu + tls_enabled: true + - job: name: kolla-ansible-ubuntu-skyline parent: kolla-ansible-skyline-base diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml index 6ff073b416..c98d0a50ca 100644 --- a/zuul.d/project.yaml +++ b/zuul.d/project.yaml @@ -62,6 +62,8 @@ - kolla-ansible-rocky9-upgrade-cephadm - kolla-ansible-ubuntu-upgrade-cephadm - kolla-ansible-rocky9-hashi-vault + - kolla-ansible-rocky9-haproxy-fqdn + - kolla-ansible-ubuntu-haproxy-fqdn - kolla-ansible-ubuntu-lets-encrypt - kolla-ansible-rocky9-lets-encrypt - kolla-ansible-ubuntu-skyline