openstack-cluster-installer (40.1) unstable; urgency=medium * Fix swiftproxy.pp haproxy setup for Bullseye (ie: haproxy >= 2.1). -- Thomas Goirand Tue, 20 Apr 2021 01:11:51 +0200 openstack-cluster-installer (40) unstable; urgency=medium * Fix compute.pp, volume.pp, swiftproxy.pp and network.pp not having the $all_rabbits_ips parameter and failing to apply. * Fix calling auto-join-rabbit-cluster in messaging nodes. * openstack-cluster-installer-build-live-image: do not modify config/build if the file doesn't exist. * Correctly schedule keystone bootstraping before doing the roles. * ocicli cluster-install: display VOLUME, SWIFTPROXY and SWIFTSTORE when installing them. * oci-poc: correctly bridge 192.168.105.1/24 to the ocibr1 (ie: the bridge connected to the eth1 of all VMs) instead of eth0, correcting the floating IP connection to the VMs. * oci-poc: allow using .raw images for glance upload. -- Thomas Goirand Wed, 10 Feb 2021 10:27:28 +0100 openstack-cluster-installer (39) unstable; urgency=medium * Add -y flag when installing HPE tools. -- Thomas Goirand Mon, 01 Feb 2021 17:39:43 +0100 openstack-cluster-installer (38) unstable; urgency=medium * Correctly generate passwords for service='bill'. * Switch to netcat-traditional instead of netcat (Closes: #981499). * Allow setting-up gnocchi-api on messaging+bill{mon,osd} separate nodes to enable better scalling. -- Thomas Goirand Mon, 01 Feb 2021 17:24:34 +0100 openstack-cluster-installer (37) unstable; urgency=medium [ Thomas Goirand ] * oci-fixup-compute-node: Do not perform libvirt hack if not in stretch or buster. * Add HPE non-free tools installation support (hponcfg, storcli, ssacli), and automatically activate IPMI over LAN on them. * Fix typo when selecting ceph or swift backend for Glance. * Use roundrobbin (instead of source) for nova-api HAProxy backend. * oci-hdd-maint: reports correctly the serial numbers of HPE SmartArray connected HDD/SSD. [ Cyril de Bourgues ] * Add 3 swift ring management utilities. -- Thomas Goirand Sun, 31 Jan 2021 19:14:44 +0100 openstack-cluster-installer (36) unstable; urgency=medium * Fix galera_package_name when installing the Galera cluster. -- Thomas Goirand Thu, 21 Jan 2021 23:38:57 +0100 openstack-cluster-installer (35) unstable; urgency=medium * oci-poc: restart isc-dhcp-server after starting VMs. * Add billmon and billosd roles, to have an independent Ceph for Telemetry. * Install chrony by default in target machines, not ntp. * Fix corosync setup with the Bullseye 3.1.x version. * Fix haproxy >= 2.1 incompatibility with reqrep / rspirep. -- Thomas Goirand Thu, 21 Jan 2021 18:02:51 +0100 openstack-cluster-installer (34) unstable; urgency=medium * Upgrade IPMI before BIOS (as that's what Dell server needs). Also correctly report r420/r620 lifecycle version. * Fixed reporting phys block device size when MegaCli returns SECTOR_SIZE=0. * Report r420 / r620 Lifecycle version correctly. * Add ceph_osd_initial_setup to stop provisionning Ceph OSD once the cluster is in production. * Add force_no_bgp2host to make it possible to setup a compute cluster using bgp-to-the-host, but forcing Network nodes to use L2 connectivity. * Allow using non-DVR setup, with central network nodes (though using DVR for east-west traffic). * Fix distribution names inside the live image for the new version of live-build. -- Thomas Goirand Tue, 19 Jan 2021 09:20:40 +0100 openstack-cluster-installer (32) unstable; urgency=medium * Removed the oci-poc-vms init script, and make it a normal shell script. * Fixed oci-poc-install-cluster-full to run with the new oci-poc-vms. * It's now possible to set %%COMPUTE_AGGREGATE%% in the "machine-set": of hardware-profile.json, and it will be replaced by whatever is set as compute-aggregate in auto-racking.json. * Add a new machine-renew-ipmi-password command to ocicli. * Setup kvm_intel / kvm_amd nested=0/1 at provision time, so it's not needed to reboot compute nodes after install to enable nested virt. Also support nested virt for amd processors. * Add a cluster option nova_scheduler_prefers_hosts_with_more_ram, controlling the ram_weight_multiplier (-1 / 1) of the Nova Scheduler. * Add messaging nodes for separate, dedicated, notification bus, which is increase the reliability if using notifications (no risk to overload the central rabbitmq service with the notification messages). * When there's both Ceph and Swift available, make it possible to select which type of backend to use for Ceph. * Made installing magnum optional. * Switch to using ceph-volume from the puppet-ceph class. -- Thomas Goirand Tue, 12 Jan 2021 13:16:58 +0100 openstack-cluster-installer (31) unstable; urgency=medium * Agent: fix MegaRAID detection. * report.php: allow dots in HDD models and size. * Commands machine-megacli-apply and machine-check-megacli-applied can be used without a hardware profile name. * Add machine-guess-racking and machine-auto-rack, for filling-up the racking information automatically looking-up LLDP information against the /etc/openstack-cluster-installer/auto-racking.json configuration file. * Deny public access to SMTP, Keystone, Heat CFN and Aodh API on the VIP. * Add API calls to record hosts in DNS, add hosts to monitoring, and change plus record host root passwords. All of this using plugins in the form of customizable shell scripts. * Cinder-volume: allow one backend per disk. * Run ipmitool lan set 1 cipher_privs Xaaaaaaaaaaaaaa on R410/R610. * Add puppet-module-etcddiscovery as depends of puppet-module-oci. * Set the chassis/system serial as hostname in the live image, so that LLDP and dhclient uses it to advertize and broadcast a more meaningful hostname than just "debian". * Add "ocicli machine-auto-add" which adds a machine automatically to a cluster defined in openstack-cluster-installer.conf, using the role matched by the hardware-profiles.json, and the location defined in the auto-racking.json configuration file. * Add the possibility to completely automate: - megacli profiles. - racking info (ie: data center and rack position auto-fill). - adding machine to clusters. - installing the OS. This effectively makes it possible to automatically auto-provision servers in a "hand-free" mode as soon as they are plugged and booted. * Add --blockdevs / -b option to ocicli machine-list to display block devices. * Add an option to set the initial drive weight for swift. * Fixed VIP hostname in /etc/hosts if it was customized. * Add hdparm as runtime depends of -utils. * Also copy {account,container,object}.builder files when installing swift store and proxy nodes. * Install numactl and numad, and start numad on compute nodes. * Increases buffer for net.ipv6.neigh.default.gc_thresh{1,2,3} (previously done only for IPv4). * Do not include :443 in the keystone endpoint. * Stop generating /root/openrc. * Create all necessary Keystone roles, only in the first master, and only if the service is installed. * swiftproxy: set other proxies as backup in haproxy. * ocicli machine-list: sort machines by a much more natural order, which works in both cases where a machine has been added to a cluster or not: - .role,(.hostname|length),.hostname,.product_name,.serial * Add support for CephOSD on compute machines (ie: hyperconverged). -- Thomas Goirand Fri, 27 Nov 2020 09:25:23 +0100 openstack-cluster-installer (30) unstable; urgency=medium * Better output for drives with MegaCLI in oci-hdd-maint. * Allow for on-the-fly change of machines IPMI network (can be needed if the IPMI network list and DHCP configuration has changed). * Switch all of the VMs of the oci-poc to virtio-scsi by default (instead of virtio-blk) so that we can test trim/discard. * oci-cluster-upgrade-openstack-release: Only perform OVS upgrades if the package openvswitch-common, and apt-cache policy shows it will upgrade. * Add installation of anacron in generic.pp (ie: all nodes). * Added oci-cluster-upgrade-old-swift-oci, to be run on the OCI machine, to upgrade from the older type of Galera setup that OCI was doing in the OCI released in Buster. * Make it possible to use Ceph from official Debian backports. * Live image: use by default a text-mode syslinux, so that it works over serial console. Also set the default timeout to 20 seconds. * Add a machine-wipe command to wipe the HDD when the machine is in live. * Add a cluster-reset, to reset all machines into live. * Fix cluster-install, so it really works now. * Add cluster-rolecounts-list / cluster-rolecounts-set commands. * Add -y and -u options in oci-hdd-maint. * Generate a root ssh key on all machines, and allow ssh as root from one volume note to another, to make backups of LVM over ssh possible. * Agent: do not report what lsblk reports as trans:iscsi. * Add racadm get BIOS.BiosBootSettings.HddFailover Enabled for r740xd. * Default to max_stacks_per_tenant=5000 (upstream default is 100). * Do not manage Octavia Amphora flavor in nova if not in initial cluster setup mode, in order to speed-up the run. * Allow renaming of the external network names, per compute/network node. * Activate enable_proxy_headers_parsing when available. * Small fix for per-machine libvirt extra CPU flags. * Use networks instead of each individual machines to do the swiftstore firewalling. Also firewall swiftproxies, which can also be stores. * Allow to use hostnames instead of chassis serial in many API calls. * Add an option for LVM volume nodes to configure reserved_percentage and max_over_subscription_ratio. * Remove options for LVM volume nodes max_luns_per_storage_group and check_max_pool_luns_threshold as it is specific to VNX driver. * Add a per (compute|network) node option to install Neutron BGP dragent. * Allow Dell Lifecycle automatic upgrades within the Agent. * Report and display all block devices handled by MegaCli (ie: LSI RAID controllers). * Automate building megacli RAID devices. * Use DEFAULT/default_ephemeral_format=ext4 in Nova. -- Thomas Goirand Mon, 31 Aug 2020 11:07:18 +0200 openstack-cluster-installer (29) unstable; urgency=medium * Add the setup of a tempest node. * Write a correct oci-write-lvm-filter to be used in compute and volume nodes at first boot: it lists devices present in /etc/oci/data-disks only. * Fix enc not sending Gnocchi's statsd UUID. * Make cinder-api run on uwsgi, not Apache, if using >= Train. * Add Ussuri support in controller.pp & compute.pp. * Add -f flag in oci-hdd-maint when formating an XFS partition. * Add oci-cluster-upgrade-openstack-release to enable scripted upgrades from one OpenStack release to the next. * Switched cinder-api to uwsgi even in Stein. * Add oci-poc-provision-cloud in -utils, so it's easier to setup the PoC. * Add configuration of Nova's limit_tenants_to_placement_aggregate. * Send racadm command to set boot device for r740xd machines. * Configure /etc/ssh/sshd_config so that servers don't have the ssh listening on public IPs. We're listing ssh host key certs using a custom puppet fact. * The cluster values in variables.conf are now automatically transmited to the nodes matching the roles: of the matching entry. * Added initial and experimental support for Designate. * Improved oci-hdd-maint to show correctly the RAID slots, size, model and serial of HDDs. * Removed the dependency on approx. -- Thomas Goirand Sat, 25 Apr 2020 21:24:54 +0200 openstack-cluster-installer (28) unstable; urgency=medium * Do not use StrictHostKeyChecking=no when rsyncing fernet tokens, as we have signed ssh host keys. * Add missing authors from d/copyright. * Add an option for LVM volume nodes to configure volume_copy_bps_limit. * ocicli: use csvlook from csvkit instead of column by default. * Fixup volume backup backend in volume.pp * Make it possible choose ceph or swift for cinder-backup. * Add oci-puppet to lauch puppet -t more easily. * Fix ports for Ceph OSDs so that they are each 4, not each 3 ports. * oci-make-osd: Fix calculating DEFROUTE_IP if using BGP 2 host. * Prioritize Swift over Ceph as a backend for cinder-backup and Glance. * Load kernel and ramdisk over http instead of tftp (much faster). * Make Glance swift-backend works if we're using a local swift and a non-rocky setup. * Fix generating the scp-ring script so it doesn't scp to IPMI IPs. * Fix swift ring building so it wont add IPMI IPs. * Add a new oci-cluster-upgrade-stretch-to-buster. * Set arp_responder to True everywhere. * Fix ipxe.php to chain to any IP address that runs on the PXE server, not just hardcoded 192.168.100.2. * Fix Glance over Ceph when >= train. * Add filters to lvm.conf to avoid nested LVM issues. * Add a new oci-cluster-upgrade-stretch-to-buster script to minimize downtime when upgrading from stretch. * Automatically add new cluster's SSH CA key into OCI's /etc/ssh/ssh_known_hosts * Configure ocicli within the PoC's PXE server. * Add a PoC oci-poc-{save,restore} to be able to save a cluster state. * Add sync-oci-code script. * Make neutron's global_physnet_mtu and path_mtu tweakable cluster variables. * octavia::worker: base image now uses 4GB HDD. * Add oci-cluster-upgrade-stretch-to-buster script (currently PoC) * Allow controllers configuration for Cinder storage_availability_zone and default_volume_type * Do not manage policy-rc.d for keystone if not using Rocky. * Redirect output of oci-fernet-keys-rotate to /dev/null to avoid cron job to spam. * Fix ENC regarding non-master-controller IPs. * Do not use StrictHostKeyChecking=no when rsyncing fernet tokens, as we have signed ssh host keys. * Add a --first-master option to ocicli cluster-set, so one can change who's the first master in the cluster. * Fix-up volume.pp to allow using ceph as backend for cinder-backup. -- Thomas Goirand Sun, 29 Mar 2020 22:18:39 +0200 openstack-cluster-installer (27) unstable; urgency=medium * Automatically call "nova-manage cell_v2 discover_hosts" when an hypervisor is finished to install with puppet. * Fixed wrong parameter definition in swift{store,proxy}.pp classes. * Add --notes to ocicli. * Also report and display Dell's Lifecycle controller version. * Apply Dell racadm serial configuration by default when setting-up IPMI. * Add a "machine-apply-ipmi" command to ocicli, so that IPMI config can be re-applied with the current db configuration. * Add IPMI value settings in ocicli machine-set (doesn't commit). * Add configuration of IPMI VLANs. * Use escapeshellarg() for the username and pass when calling ipmitool. * Add an ocicli check-all-ipmi command. * Enhanced a lot machine-list, now has options to display whatever the user needs to be output, so that it may fit on a normal screen. * Also install syscfg on machines using iDRAC6 or 7. * Fix "ocicli cluster-list" when no cluster is defined. * Cannot delete a location if a network is using it. * Cannot delete a region if some locations are using it. * Cannot delete a cluster if some networks or machines are using it. * Add the concept of first and last IP of a subnet, and rework the IP allocation logic. * Correctly schedule the Galera cluster, so that the first Galera node will start first, then other controllers will wait for its SQL Galera to be up before attempting to join the new Galera cluster. * Fixed a bug in enc_get_mon_nodes() which was always using cluster_id='1', so failing if the cluster had a different ID. * Do not attempt db_sync for services if the node is not first_master, or if initial_cluster_setup is set to no. * Add a system to sign SSH host keys, so that the cluster can trust itself, and nova can safely scp disk images when migrating VMs. * Get the LLDPD info for each nic, store that in the db, and display with "ocicli machine-list -h". * Fix serial number fetch by the OCI agent on Supermicro machines. * Review the boot processs, and now correctly wait for networking to be up, plus package every binaries of the installed server in a -utils package. * Also automatically sign the live image host keys, and trust it. * Really disable notifications if disabled (by setting noop driver). -- Thomas Goirand Fri, 10 Jan 2020 11:45:31 +0100 openstack-cluster-installer (25) unstable; urgency=medium * oci-agent: Add missing Breaks+Replaces (<< 24~) (Closes: #947385). -- Thomas Goirand Fri, 27 Dec 2019 21:17:05 +0100 openstack-cluster-installer (24) unstable; urgency=medium * Also delete /var/lib/openstack-cluster-installer-poc on purge (Closes: #905516). * Add chmod after copy function for ssh private key on controllers * Set defaults_options max_conn to 40960 in swiftproxy.pp * Set swift_proxy_config DEFAULT/max_clients to 2048 on all proxy servers. * Add haproxy stats in the haproxy of swiftproxies. * Add the object-expirer daemon in *one* swiftproxy (because it's 1 per cluster). * Define ::nova::pci *before* ::nova::compute. * Set /etc/default/openvswitch-switch. * Now support setting-up CPU model at cluster and individual single compute node level. * Setup and use apparmor on libvirt in compute nodes (mandatory for live-migration to work in Buster). * Add oci-update-cluster-certs to update the cluster's API certs and internal cluster PKI automatically (and restart services). * Manage /etc/systemd/system/puppet.service.d/oci-ca-cert.conf with puppet. * Enable puppet if the 2nd run is a success. * Also setup neutron-metadata + haproxy server on network nodes. * Enable anti-affinity for Octavia's amphoraes. * Remove the use of spare_amphorae_pool_size, as it doesn't work with anti-affinity. * Make it possible to select, for each swift store and proxy, if they are storing accounts, containers, or objects. * Glance haproxy always verify TLS. * Make it possible to use an external swift as a backend for Glance and Cinder-backup. * Add a --hostname option to machine-set. * Package the openstack-cluster-installer-agent separately. * Use /usr/sbin/iptables-legacy and /usr/sbin/ip6tables-legacy if != stretch, runtime depends on puppet-module-voxpupuli-alternatives to do so. * Add more doc in README.md, especially a table of content in it. * Fix for iPXE not detecting the correct machine: there's now a db column to record the DHCP IP of machines. * Add missing option httpchk in the galera backend definition. * Make it possible to add custom parameters for machines & clusters simply by editing a variables.json configuration file, auto-generating the OCI REST API, ocicli and ocicli bash completion. * Add new parameters for swiftstore and swiftproxy: --server-per-port, --disk-chunk-size and --network-chunk-size. * Also setup etcd and etcd-discovery if setting-up Magnum. Now OCI runtime depends on puppet-module-cristifalcas-etcd. * Make it possible to automatically assign IPMI IP addresses of slave machines. * Add automatic BIOS upgrade throught the OCI agent when running live. -- Thomas Goirand Fri, 20 Dec 2019 13:55:07 +0100 openstack-cluster-installer (23) unstable; urgency=medium [ Thomas Goirand ] * Install intel-microcode and smartmontools in nodes by default. * Add full installation and support for Magnum. * haproxy: correctly check SSL certificate of each service. * SSL certificate with -addext "subjectAltName = DNS:${SLAVE_NODE_HOSTNAME}" to avoid warnings. * Add a debmirror machine type. * Correctly generate the ec2 credential keys for Keystone. * Switch Octavia to ACTIVE_STANDBY by default. * Automatically format /dev/sdb as XFS over a volume group and mount it in /var/lib/nova/instances. * Automatically install megacli if requested in config file. * Fix CephOSD nodes when using NVME disks. * Allow using a Ceph cluster network and configure CephOSD nodes the correct way for it. * Always transmit an up-to-date /etc/hosts to all nodes throught the ENC. * Differenciate API root CA and OCI root CA. * Add a cluster option to use self signed certs or not. * Manage /etc/systemd/system/puppet.service.d/oci-ca-cert.conf with puppet. * Lots of fixes for OpenStack rocky. * Enable or disable nested virtualization on cluster or machine level. * Added an oci-update-cluster-certs script, so one can published updated certs in a whole cluster. * Optionnaly, a cluster can use an external swift cluster for Glance and Cinder backups. [ Ondřej Nový ] * Running wrap-and-sort -bast. * Use debhelper-compat instead of debian/compat. -- Thomas Goirand Wed, 15 May 2019 12:25:05 +0200 openstack-cluster-installer (22) experimental; urgency=medium [ Thomas Goirand ] * Add role-add, role-create, role-delete API and ocicli. * Add bash-completion script for ocicli. * Enhance ocicli network-list, add a network-set command. * Allow setting-up multiple external bridges for flat networks. * List all bridge setup with OCI in neutron's config, allowing a virtually unlimited number of bridges. * Fix service_credentials/cafile in ceilometer. * Add option to perform ipmitool settings in the target image when running on the slave image. * Add option to show the calculated IPMI console command. * Add some sysctl customization (low swappiness, higher conntrack, etc.). * Provision ssh public / private keypair between nova nodes in the /var/lib/nova/.ssh folder, to allow (live) migration using ssh / scp. * Switch to a db migration system with the schema saved in PHP format. * Add a cluster-show command. * Add the setup of chrony on all machines, with customization of time server host for the clock source. * Add the nf_conntrack module by default in /etc/modules. * Make sure python-keystonemiddleware is installed on swift-proxy nodes. * Firewall swift's container, account and object servers. * Empty DEFAULT/external_network_bridge by default, as this prevent using more than one external network. * Libvirt configuration on compute nodes (ie: /etc/default/libvirt-guests): - PARALLEL_SHUTDOWN=8 - SHUTDOWN_TIMEOUT=120 - START_DELAY=4 * Add qemu monitor on port 550XX for each VMs in the PoC. * Copy swift_fstab_dev_list.sh when provisionning. * Set Neutron's global_physnet_mtu and ml2's path_mtu if the VM net network has mtu != 0, allowing to set (for example) mtu = 9000. * Use wget to install openstack-backports-archive-keyring_0.1_all.deb instead of using apt-get update / apt-get install --allow-unauthenticated (which method doesn't work anymore in Buster). * Set haproxy's nbproc to 4 by default for swiftproxy, compute and controller nodes. * Copy the backport repository key file inside the targets instead of using the openstack-backports-archive-keyring package, which doesn't work anymore if using Buster. * Also install gnupg2 in the installed machines of the cluster. * Add support for Stein's separated placement. * Adapt puppet manifests so that they also work with Stein's puppet-openstack. * Add the feature to setup any machine with software RAID. * Using system serial number, and not chassis anymore. * Fully working Octavia support. [ Oliver Chaze ] * swift: do not log in syslog general logs * increase default haproxy server timeout -- Thomas Goirand Tue, 14 May 2019 17:18:44 +0200 openstack-cluster-installer (21) unstable; urgency=medium * Bugfix release for Buster which includes: - Fixed reserve_ip_to_all_slaves_of_network() call in network_add API call. - Correctly check for $mgmt_net["iface2"] and not $onenet when calculating --static-iface. - Fix block device list for swiftstore (statsd hostname was breaking it, ordering was broken). - Correctly set the erlang_cookie for rabbitmq as a random value. - Correctly use a a real random key for heat's encryption key. - Correct swift pipeline order when using encryption. - Correctly set unix rights of drives in /srv/node. -- Thomas Goirand Tue, 05 Mar 2019 13:46:39 +0100 openstack-cluster-installer (20) unstable; urgency=medium * Set allow_resize_to_same_host to True on all nova nodes. * Set dhcp_domain to '' in nova.conf, to avoid .novalocal or .openstacklocal postfixed to hostname by DHCP. * Set important rabbitmq production parameters (the most important one is the autoheal, to avoid split-brain breakage). * Randomize the rabbitmq host list in transport_url, to avoid having all services connecting always to the same host. * Add support for Cinder volume over Ceph. * Provision Ceph OSD using bluestore. * Fix poc-bin/oci-poc-setup-bodi-hook motd. * Make Ceph optional on compute nodes: - Add a machine-show to show machine properties. - Add a machine-set, to select /var/lib/nova/instances on Ceph or not. - Modify the ENC to transmit the use_ceph_if_available variable. - Modify compute manifest to use the use_ceph_if_available and possibly use Ceph or not for /var/lib/nova/instances. * Better Octavia defaults. * Fix dns_domain of neutron.conf to the domain name of the deployed cloud. * Enable optional statsd logging for swiftstores. * Using uwsgi instead of Apache for heat-api, heat-api-cfn, nova-api, barbican-api and aodh-api. -- Thomas Goirand Wed, 20 Feb 2019 14:12:23 +0100 openstack-cluster-installer (19) unstable; urgency=medium * Set all services to use RabbitMQ HA queues. * Explicitely choose the firewall type for Neutron agents. * Setup ceilometer::agent::central on controller nodes. * Setup cloudkitty-processor on multiple controllers using coordination URL. * Fix Ceilometer redis connection URLs. * Set resume_guests_state_on_host_boot in compute's nova.conf. * Rewrite the Location: headers coming from nova & heat, so that microversion redirections (ie: 302 redirect) can work. This repair listing instances in Horizon. * Correctly binds instance VNC servers to 0.0.0.0 on compute hosts. * Make the NoVNC console work. * Add rsync of glance images from first controller to the others. * Add script to add machines in the ring. * Fix Glance-api public_endpoint URL to correct HAProxy URL. -- Thomas Goirand Sat, 09 Feb 2019 19:12:00 +0100 openstack-cluster-installer (18) unstable; urgency=medium * Fix cloudkitty's keystone_fetcher and gnocchi_fetcher cafile=. * Fix cloudkitty's rabbitmq amqp_sasl_mechanisms and login. * Setup correct database/connection for Gnocchi. * Setup redis for Gnocchi. * Live image: iomem=relaxed console=tty0, install plymouth (so that systemd prints on all consoles). * Add Panko and Ceilometer services. * New style of networking options for openstack-debian-images. * Add e2fsprogs to the slaves. * fernet_replace_keys => false by default, and also do not attempt to isntall fernet key "1" on each puppet run. * Nova default config on compute: - DEFAULT/use_cow_images = False. - preallocate_images = 'space'. - remove_unused_original_minimum_age_seconds = 604800 (one week). * Neutron default config: - service_plugins: add segments. - network_vlan_ranges = external (so, we use br-ex for the VLANs). * Do not chown swift:swift /srv/node/X if X isn't mounted (which may be the case if there's a borken drive in a swift cluster). * Add firewalling of Octavia API on the VIP. * Install default openstack-cluster-installer.conf for Buster. -- Thomas Goirand Thu, 24 Jan 2019 15:09:46 +0100 openstack-cluster-installer (17) unstable; urgency=medium * Use host CPU model for VMs in the -poc. * Fix starting-up VMs with 3 drives in the PoC. * Run gnocchi-api using uwsgi rather than Apache to avoid port bind conflict. * Fix neutron.conf [database]/connection to be empty on compute nodes. * Fix puppet scheduling of swiftproxy install. * Fixed machines table with default SQL values. * Do not use INSERT with '' as value for IDs, just omit it, so it works with mariadb 10.3. * Remove the nobarrier option from Ceph OSD fstab, as it doesn't work anymore in Sid/Buster. * Do not use roundrobin for glancebe in haproxy, but source, else it wouldn't work properly. * Add ccze to all installed computers. -- Thomas Goirand Tue, 22 Jan 2019 10:14:26 +0100 openstack-cluster-installer (16) unstable; urgency=medium * Add Gnocchi, Aodh, Cloudkitty and Octavia deployment. -- Thomas Goirand Fri, 14 Dec 2018 10:41:32 +0100 openstack-cluster-installer (15) unstable; urgency=medium * Add Compute, Volume and Ceph support. * Correctly purges /etc/openstack-cluster-installer and /var/lib/oci. (Closes: #915781). -- Thomas Goirand Tue, 20 Nov 2018 15:43:03 +0100 openstack-cluster-installer (14) unstable; urgency=medium * Add the possibility to customize the motd of installed machines. * Switch Heat API URL from /orchestration to /orchestration-api to avoid any clash with /orchestration-cfn. * Fixed rabbitmq SSL setup, and made heat work. * Add the setup of openstack-dashboard (aka: Horizon). * Add the setup of Barbican. * Add Swift encryption using a secret key stored in Barbican. * Add puppet-module-puppetlabs-firewall, and firewall the public IP. -- Thomas Goirand Tue, 30 Oct 2018 14:12:02 +0100 openstack-cluster-installer (13) unstable; urgency=medium * Fix path of chown in swiftstore.pp. -- Thomas Goirand Tue, 30 Oct 2018 11:48:43 +0100 openstack-cluster-installer (12) unstable; urgency=medium * Use Exec in puppet to change unix right of /srv/node/* folders in all swift store nodes, do not do that in rc.local anymore. -- Thomas Goirand Mon, 29 Oct 2018 16:26:22 +0100 openstack-cluster-installer (11) unstable; urgency=medium * Fixed $machine_ip for the listen of memcache in swiftproxy nodes, so that it works with puppet 5. -- Thomas Goirand Mon, 29 Oct 2018 12:41:51 +0100 openstack-cluster-installer (10) unstable; urgency=medium * Do not install openstack-backports-archive-keyring when setting-up buildd Debian repository. * Overrides epmd.socket to make sure epmd binds on all interfaces. -- Thomas Goirand Thu, 25 Oct 2018 13:40:45 +0200 openstack-cluster-installer (9) unstable; urgency=medium * Automatically remove space in "connection = " in config file. * Add option to include incoming buildd, so it's easier to test in Sid. -- Thomas Goirand Thu, 25 Oct 2018 12:14:23 +0200 openstack-cluster-installer (8) unstable; urgency=medium * Fixed Source URL in debian/copyright. * Some more fixups for OCI to work with Sid/Buster without additional repo. -- Thomas Goirand Thu, 25 Oct 2018 10:51:50 +0200 openstack-cluster-installer (7) unstable; urgency=medium * Remove qemu-kvm from depends of openstack-cluster-installer, made the -poc package to use only qemu, suggesting qemu-kvm. This should ease transition to Testing. -- Thomas Goirand Tue, 23 Oct 2018 13:24:01 +0200 openstack-cluster-installer (6) unstable; urgency=high * Add authentication system. * Switch to rocky when using backports. * Add lots of middleware in the default Swift pipeline. * Make it possible to expose the swift proxy-server directly without using the controller's haproxy. * Add read/write affinity. * Lots of minor tweaks and debugs. -- Thomas Goirand Tue, 23 Oct 2018 11:06:35 +0200 openstack-cluster-installer (5) unstable; urgency=medium [ Ondřej Nový ] * Running wrap-and-sort -bast * Delete /var/lib/openstack-cluster-installer-poc on purge (Closes: #905516). [ Thomas Goirand ] * Add swift deployment capability. * Add a CLI API client. -- Thomas Goirand Thu, 20 Sep 2018 11:09:09 +0200 openstack-cluster-installer (4) unstable; urgency=medium * Add a glance cluster. -- Thomas Goirand Fri, 17 Aug 2018 11:50:52 +0200 openstack-cluster-installer (3) unstable; urgency=medium [ Thomas Goirand ] * Setup a Keystone cluster with Haproxy and a VIP. [ Ondřej Nový ] * Running wrap-and-sort -bast * d/control: Use team+openstack@tracker.debian.org as maintainer -- Thomas Goirand Wed, 15 Aug 2018 16:24:41 +0200 openstack-cluster-installer (2) unstable; urgency=medium * Add openstack-cluster-installer-poc and puppet packages. * Add full network/ip manager. * Add automatic slave node cert management. * Automatically setup a galera cluster on slave controller nodes. -- Thomas Goirand Thu, 21 Jun 2018 11:47:31 +0200 openstack-cluster-installer (1) unstable; urgency=medium * Initial release. -- Thomas Goirand Wed, 21 Mar 2018 14:17:07 +0100