openstack-cluster-installer (42.3.7) unstable; urgency=medium * [3258401] oci-live: mkdir -p, not mkdir /p * [ccd5a21] openstack-cluster-installer-agent: use descr field instead of PortID value, so it works with ikvswitch. * [e61dbd6] More ikvswitch compat. * [b830bcf] auto-racking.json: define defaults values that work with ikvswitch. * [823d1e7] Set auto_rack_machines_info=yes by default. * [27566f5] Add "qemu-oci": { "num-u": 1 } in auto-racking.json * [d1a97f7] oci-poc-vms: new templates for servers, so it uses ikvswitch. * [062dc32] Add IPMI login / pass / ip saving to the vault / OpenBao through plugins. * [1d614f3] Add a --filter option to ocicli machine-list. * [39e7e2d] Add missing require_once("inc/plugin_ipmi_pass.php"); in src/install-status.php * [46ffdab] enable auto-racking in the PoC, since we're now using BGP-2-host. * [25aa16d] openstack-cluster-installer-poc now depends on ikvswitch. * [22dea5c] Kill the oci-poc-virtual-network init/service script, in the favor of ikvswitch. * [6939b46] Fix some typos. * [24598e2] poc-bin/oci-poc-install-cluster-bgp: Some fix-ups for network nodes. * [b899739] src/inc/slave_actions.php: correctly pass-in VLAN number if not using bonding. * [08ac350] Add puppet-module-rally as depends. * [36e4371] poc-bin/oci-poc-install-cluster-bgp: provision messaging VIP, use BGP. * [1d81310] Workaround a bug where /etc/oci/system-serial is sometimes empty. * [5af5111] controller.pp: fix username param called twice when calling ::neutron::server::placement * [0951763] oci-poc: Fully provision a culster using BGP-2-host setup using oci-poc-provision in the host. * [01a76f0] tempest: do not use admin_domain_scope * [913442e] tempest: use use_dynamic_credentials=true * [b3a9f25] tempest: compute/volume_device_name=sdb, compute/min_compute_nodes=2 * [a90198f] tempest: Use only ext-floating1, not ext-net1 * [2b2117a] utils/usr/bin/oci-poc-provision-network: uncomment the BGP internal network (aka: ext-net1). * [3b234da] Add oci-poc-ci. * [b300aff] octavia-openrc and swift-openrc: use region-postfixed usernames if needed. * [93a1678] Added octavia support in the PoC. * [21aa619] 6 more compute nodes. * [d114f49] utils/usr/bin/oci-poc-provision-octavia-network: fix syntax error. * [4e32b26] 38 VMs by default. * [a14d0d9] ocicli: do not install tempest servers by default when doing cluster-install, because they need provisionning of OpenStack frist. * [4803cab] PoC: provision flavors and az * [a8bf9eb] oci-poc-provision-network is to be run on CTL1 * [dc7d63b] Fixup for oci-poc-provision-az. * [9622e55] oci-poc-provision: provision the tempest node automatically as well. * [a37b59b] Use 2 different flavors, and enable resize_available. * [27317d4] tempest: remove compute-feature-enabled/xenapi_apis * [0c3d974] Set --swift-public-cloud-middlewares yes. * [e2a5c54] tempest: set cinder_backup_available and neutron_dr_available. * [c24888e] tempest: set volume/backend_names (to: CEPH_1) and volume/storage_protocol (to: rbd). * [664245a] Copy /root/debian.qcow2 in the tempest server to enable scenario testing with it. * [f1bd126] Set compute VMs with 8 vCPUs. * [d6f5e42] Run tempest at end of oci-poc-provision, and use tempest exclude.conf * [58ea482] Correctly set poc's VMs vcpu num. * [edd4618] * ocicli/ocicli: display num of core and sockets * poc: compute with 8 VCPU. * [fd5aa2f] poc-bin/oci-poc-install-cluster-bgp: Add --swift-public-cloud-middlewares yes * [b3f2d6a] Remove set-x in poc-bin/oci-poc-ci * [dec6c92] Run tempest only once. * [20235f4] poc-bin/oci-poc-provision: get tempest node IP *after* it's installed. * [afabcb9] tempest.pp: set Cinder min/max API microversion. * [16082c1] oci-poc-ci: call oci-poc-setup before installing. * [7a5acf1] rework exclude.conf * [dbd1061] More excluded tests. * [b597f4d] controller.pp: fix heat and magnum domain user. * [b2ee18b] Upgrade tempest nodes when upgrading release. * [fb3feb5] More tests in exclude list. * [fbaaf07] Exclude the 10 slowest tests. * [3092df8] neutron-uwsgi: only one thread, to avoid "greenlet.error: cannot switch to a different thread" * [6d596a5] swift container: set replicator_node_timeout => 120. * [f37f660] Merge branch 'bugfix/assign-ceph-ips' into 'debian/bobcat' Fix: Assign ceph IPs to cephmon and compute_is_cephosd nodes See merge request openstack-team/debian/openstack-cluster-installer!43 -- Thomas Goirand Tue, 23 Jan 2024 17:04:57 +0100 openstack-cluster-installer (42.3.6) unstable; urgency=medium * Re-upload source-only. -- Thomas Goirand Thu, 21 Dec 2023 08:28:22 +0100 openstack-cluster-installer (42.3.5) unstable; urgency=medium * Misc fixes: * [02ed695] Do not clean-up /var/spool/cron/crontabs/keystone that is later re-added by Cron[oci-fernet-keys-rotate]. * [3cfe6e6] fix doubled-defined orchestrator/coordination_url in messaging.pp * [a163754] add poc-bin/oci-poc-haproxy to setup haproxy in the virtualized PoC * [6195ab5] Add puppet-module-puppet as depends * bin/oci-cluster-upgrade-openstack-release: * [cc42e1b] Fix ::ceilometer::agent::auth uses auth_user, not username as param. * [f36711a] Fix swift_store_user for region-postfixed users. * [a8d69e6] Fix: always specify username in authtokens in case of region-name postfixed user. * [205b56a] Some more fixes for the same trouble. * [db4701a] oci-cluster-upgrade-openstack-release: include messaging nodes * [94f7eef] controller.pp: class Ceilometer::Agent::Auth is Ceilometer::Agent::Service_Credential starting with wallaby, not xena. * [3fb1b2d] Revert "Change indexer_url to local ip instead of database VIP" This reverts commit dd6f570ebd1b67e4702b24c2921317464f75e9d0. * [1945a7a] Lots of fixes in oci-cluster-upgrade-openstack-release * [a73a209] gnocchi database_connection uses $machine_ip instead of $sql_host. * [a48a968] messaging.pp: fix cloudkitty setup under Xena. * [4d8c945] Add cluster_check_status * [f504d64] Add haproxy-cmd on all hosts using haproxy. * [b46db6b] Huge enhancements on the cluster-upgrade script. :P * [182df40] Add wallaby -> xena dependency list. * [b7f8954] Also upgrade python3-neutron-dynamic-routing if exists. * [32492fb] Do not run puppet before everything is upgraded fully. * [0c86859] depends list for yoga * [97539d0] Fix xena -> yoga upgrade of deps in controllers. * [558063c] messaging.pp: fix, shouldn't manually set cloudkitty_config { orchestrator/max_threads in yoga. * [77682d5] In Yoga and up, ::ceilometer::cache is included from ::ceilometer, so we should call it first. * [3af43ae] depends list for yoga->zed upgrade. * [5c5b46f] never touches CEPH nodes, correctly upgrade horizon plugins when doing yoga -> zed. * [44b0b01] Fix ALL_NODES_BUT_CEPH. * [e717c06] Do initial-cluster-setup during xena -> yoga upgrade. * [4aae596] fix syntax error. * [a5b8d9a] Do not do initial-cluster-setup=yes. * [42e8255] Run nova-manage db online_data_migrations in loops until done. * [acf7339] Escape $RET properly when doing nova-manage db online_data_migrations * [83bf7d7] do the db-sync before enabling services. * hardware support: * [9565107] Use baseboard-serial-number as serial for GIGABYTE MZ01-CE1-00 motherboards. * [655137e] Use a more generic way to report serial number. * [b7dad20] Report MZ01-CE1-00 GIGABYTE as Dataforge hydra-f * [580a590] oci-block-device-udev-sorting: Add Dataforge Hydra-F support * [9094290] common/usr/bin/oci-block-device-udev-sorting: correctly detect Dataforge drive order. * [5233429] Correctly support hydra-f HDDs scanning. * [7c746e3] oci-block-device-udev-sorting: Remove spaces after port number definition. * [e2cbe92] Do not install ilorest-chif on arm64. * [09e6eed] Avoid installing non-x86_64 stuff on other arch. * [e695021] use osbpo for non amd64 arch. * live-image-builder: * [70ecfbb] make it work under arm64. * [bdaa466] More arm64 support. * [59a943d] More code for arm64 live image handling, move openstack-cluster-installer-build-live-image into a separate binary, so it can be installed on a satelite server in order to build for foreign arch. * [a9ee6ec] Add oci-live to build the live image locally and remotely with multi-arch. -- Thomas Goirand Wed, 20 Dec 2023 09:54:19 +0100 openstack-cluster-installer (42.3.4) unstable; urgency=medium * [67f291a] Display cpu_vendor and cpu_model_name when doing "ocicli machine-list -h" * [7d43101] Add reset-lenovo-ipmi-password-age to avoid IPMI password expiration on Lenovo hosts. * [d16ba43] Add TOTP support in Keystone + Horizon. * [6a68e46] Fix wrong admin password if not using external keystone. Also repair designate-central validation. -- Thomas Goirand Wed, 15 Nov 2023 10:59:13 +0100 openstack-cluster-installer (42.3.3) unstable; urgency=medium [ Olivier Chaze ] * [dd6f570] Change indexer_url to local ip instead of database VIP [ Thomas Goirand ] * [377a8b8] Add multi-region support. -- Thomas Goirand Fri, 10 Nov 2023 10:25:26 +0100 openstack-cluster-installer (42.3.2) unstable; urgency=medium [ Thomas Goirand ] * [4d920f8] openstack-cluster-installer-utils: depends on gnupg, not gnupg2 (Closes: #1055405). [ Olivier Chaze ] * [d245a2d] Haproxy admin socket and reload haproxy instead of restart. * [1e2c431] Reload haproxy command misplaced. [ Philippe Seraphin ] * [77b00f0] Update oci-hdd-maint for calling disk-firmware-installer. [ Jim Scadden ] * [86783ee] Fix /etc/network/interfaces NIC names set to Array (Closes: #1054600). * [9370179] Support for custom repository package signing key (Closes: #1028481). * [eb18316] Fix puppet fails to determine cephnet IP address (Closes: #1054648). * [13c99f3] Factorize non-system block device list, fixing "Block device list can be incorrect when using NVMe drives and/or RAID" (Closes: #1054649). * [d2ea19c] ocicli: machine-guess-racking returns error when no match found (Closes: #1054593). * [afed002] Reduce PHP warnings in apache log (Closes: #1054598). * [5368c5a] Regex updates for Dell OS10 switches & BroadCom NXE NICs (Closes: #1054603). -- Thomas Goirand Tue, 07 Nov 2023 10:25:21 +0100 openstack-cluster-installer (42.3.1) unstable; urgency=medium [ Thomas Goirand ] * [3a5d30c] Set min firmware version for ST20000NM002D (20TB Exos) as E004, since we need that on HPE DL345. * [d9095e0] Add oci-foreman. * [3d5b074] Fix serial detection fallback to system-uuid. [ Olivier Chaze ] * [c6151ad] increasing mon osd down out interval to avoid rebalancing data too soon [ Thomas Goirand ] * [c23ab3c] Add oci-swift-upgrade-hdd-firmware, using the disk-firmware-updater binary. * [0fb890e] filebeat: use systemd::dropin_file instead of just the file resource. [ Theo Gindre ] * [e4acf39] Delete monitoring and dns records when machine-destroy is called [ Thomas Goirand ] * [8b579a9] Do not use ::cloudkitty auth_section param if >= yoga. * [1998fee] Do not call keystone::client in bobcat and up. * [779f69f] Do not call neutron::client in bobcat and up. * [99f0676] Speed-up collecting machine list when doing cluster-install. * [b9394b1] Do not call ::nova::client on bobcat and up. * [6510713] CVE-2023-2088/OSSA-2023-003 and bobcat support: configure ::nova::keystone::service_user and ::cinder::keystone::service_user * [322a616] Fix cpu_model_real for Bobcat's puppet-nova. -- Thomas Goirand Wed, 25 Oct 2023 17:27:28 +0200 openstack-cluster-installer (42.3.0) unstable; urgency=medium [ Thomas Goirand ] * Use a new field for the Designate ptr_zone_email. * Disable amphora logging in Octavia. * Depends on default-mysql-server | mariadb-server, not just default-mysql-server. * openstack-cluster-installer-build-live-image: do not attempt to install megactl, megamgr and dellmgr when installing megacli in the live image. * openstack-cluster-installer-agent: use first RAID controller (head -n 1). * oci-block-device-udev-sorting: Add ProLiant DL365 Gen10 Plus support. * Add support for using storcli instead of megacli. * Set keystone_authtoken/service_type in cinder.conf. * Add support for puppet-openstack Antelope. * network.pp: rotate /var/log/conntrackd-stats.log daily. * Fix: new compute not being discovered automatically (because of a not defined $clusterid in a MySQL query). * New ocicli feature to re-assign the IPMI address of a server. * Add support for HPE ProLiant DL345 Gen11. * Swiftstores: do not attempt to XFS format nvme0n1 if nvme0 is the system disk. * lldpd: list existing NICs instead of just eth*, which doesn't work with BIOS names. * Agent: report version of MegaRAID 12GSAS/PCIe Secure SAS39xx controller. * Fix handling of CPU model extra flags params. * Add oci-poc-virtual-network.service (Closes: #1039302). * Increased the size of the BIOS version field to 64 chars (Closes: #1028457). * Correctly transmit "$self_signed_api_cert" to messaging nodes. * Applied patches sent by Jim Scadden to the Debian BTS. Thanks a lot to him for his bugfix contributions: - fix ocicli machine-guess-racking returns error when no match found (Closes: #1053506). - fix 500 error on oci agent first report (Closes: #1053507). - fix puppetserver sign command needs updating for puppet 7 (Closes: #1053510). - Use "dmidecode -s system-uuid" on QEMU VMs in some cases (Closes: #1053513). - Bugfix for handling NICs which do not report a speed (Closes: #1053514). * Cleans better. [ Axel Jacquet ] * Use a new field for managed_resource_tenant_id. * Add deployment of MySQL server + rally in the Tempest role. -- Thomas Goirand Fri, 06 Oct 2023 10:00:43 +0200 openstack-cluster-installer (42.2.5) unstable; urgency=medium * Fix in Zed: swift-proxy delete_concurrency. -- Thomas Goirand Mon, 20 Feb 2023 15:48:42 +0100 openstack-cluster-installer (42.2.4) unstable; urgency=medium * Add a default designate_policy.json in Horizon enforcing dnsmember requirement to display the DNS panel. * Add Bookworm support: - Add support for the new non-free-firmware in bookworm and up. - Fix idna_convert.class.php to support PHP 8.2. - Fix implode() call wrong param order in ssh.php's send_ssh_cmd(). - Do not install netcat in --postinstall-packages, as it's gone from bookworm, and openstack-cluster-installer-common already depends on netcat-traditional. - oci-hdd-maint: add ThinkSystem SR665 HDD disposition. - Fixups for Puppet >= 7. - Add puppet-module-puppetlabs-sshkeys-core as Depends. - Depends on puppetserver | puppet-master. - oci-poc: add [master] section if missing from puppet.conf. - Mount /var/log, /var/lib/automysqlbackup on a data disk on messaging nodes (if such disk exists). - Add missing depends: puppet-module-puppetlabs-cron-core. - PoC: fix the vip interface name to be ens5, instead of eth1. Also, allow more flexibility (ie: any eth name) for network interface selection in the OCI's IPAM. - Add puppet-module-puppetlabs-mount-core as depends (needed for swift). - src/api.php: Also fix NIC string check for network_add. - Volume nodes: build the lvm.conf filter AFTER building the vg. -- Thomas Goirand Mon, 20 Feb 2023 14:36:19 +0100 openstack-cluster-installer (42.2.3) unstable; urgency=medium * openstack-cluster-installer-poc: do not depends on grub-efi-amd64-signed, not available in arm64, suggests: it instead. -- Thomas Goirand Mon, 16 Jan 2023 10:37:27 +0100 openstack-cluster-installer (42.2.2) unstable; urgency=medium * Add call to ::cinder::nova in compute.pp when having OSDs in the cluster. * Add call to ::cinder::nova in volume.pp. * Only suggests grub-efi-{amd64,arm64}-signed, because OCI is arch:all and can't depends on grub-efi-amd64-signed. Only copy grub / shim to the tftp folder if it's available. -- Thomas Goirand Thu, 05 Jan 2023 10:37:36 +0100 openstack-cluster-installer (42.2.1) unstable; urgency=medium * Fix filter:tempurl/prefix_path -> filter:tempurl/path_prefix in swiftproxy.pp. * Increase net.core.somaxconn to 65536 on all nodes. * Make oci-build-nova-instances-vg do bind mounts for /var/lib/{libvirt,nova,cinder} instead of just /var/lib/nova/instances. This better fits setup with Ceph. * Added DSS 1510 support in oci-block-device-udev-sorting. * Make Designate work. * Make it possible to customize VXLAN VNI ranges per clusters. * Add support for Yoga. * Setup an additional VG in controllers if a data disk exists, and use it for Glance image upload temp dir in Horizon. * swift: add rsync bandwidth limiting for rsync (very useful when doing rebalance). * Install also by default a few firmware: - firmware-linux-free - firmware-misc-nonfree (contains intel NICs) - firmware-qlogic * Add --order/-o option to ocicli machine-list. * horizon: set $password_retrieve = true by default (inconditionally) to enable password retrieval from metadata (encrypted with the user SSH public key). That's mandatory for Windows install. * Use the new rsync_module_per_device puppet-swift feature. * controller+messaging MariaDB: set innodb_buffer_pool_size to total_ram / 8 plus add innodb_flush_log_at_trx_commit = 2. * Implement client/server PKI auth for VNC. * Octavia: disable bad cypher by default. * Barbican: install barbican-worker by default in the controllers. * Add UEFI support. * Add designate-tlds support, and documentation. * Fix live image autologin (Closes: #1027800). * Removed puppet-master dependency as the server is currently removed from Debian until Puppet 6 or 7 is packaged. -- Thomas Goirand Wed, 26 Jan 2022 16:49:39 +0100 openstack-cluster-installer (42.1.0) unstable; urgency=medium * Fix haproxy rate which was 10 times too low. -- Thomas Goirand Tue, 25 Jan 2022 11:01:28 +0100 openstack-cluster-installer (42.0.0) unstable; urgency=medium [ Kevin Allioli ] * Added swift erasure coding support. * Correct the list of allowed methods for ::swift::proxy::tempurl, also set filter:tempurl/prefix_path. * Tweaks for designate integration. [ Thomas Goirand ] * Set nova::api max_limit to 10000. * Add a install_cloudkitty_dashboard flag. * Add oci-ilorest wrapper. * Correctly check for Horizon availability on haproxy. * Lower the privileges of the backup user used for Galera replications. * Fix ceilometer for floating ips polling. * Fix unix rights of /var/log/swift/*.log files using puppet. * Configure heat_api/heat_api_root. * Make it possible to skip installation of Telemetry completely. * Fix the puppet stuff for Xena. * Make Octavia installation optional. * Use ilorest to configure ProLiant DL385 Gen10 Plus boot device (add ilorest as depends). * ::ceilometer::keystone::auth': do not pass the parameter configure_endpoint when >= victoria. * Fix collector_gnocchi/region_name call goes in cloudkitty::processor when >= xena. * Correctly install OCI root CAs in the target systems. * Configure Nova + Libvirt to do live migration over libvirt native TLS. * Add the possibility to add a --fixed-ip parameter when doing machine-add. * Restart MySQL in case of start failures on controller + messaging. * Add OpenStack deployment over OpenStack VMs CI script. * tempest.pp: increase ssh and image build timeout, and handle microversion min and max for both Placement and Nova. * utils/usr/bin/oci-build-cinder-volume-vg: handle /dev/disk/oci-sort. * openstack-cluster-installer-common: add racadm bash-completion script. * oci-hdd-maint: make sure the script is ran as root, exit 1 otherwise. * Implement radius auth using php-dapphp-radius if php-radius is not available (php-radius is removed from bookworm because it doesn't build against PHP 8.x). Set depends to php-dapphp-radius | php-radius. [ Cyril de Bourgues ] * use the new way for external healthcheck & add dontlognull. [ Simeon Gourlin ] * Modify disk install parameter for hardware raid setup. -- Thomas Goirand Thu, 18 Nov 2021 14:54:01 +0100 openstack-cluster-installer (41) unstable; urgency=medium [ Thomas Goirand ] * Fix poc-bin/oci-poc-install-cluster-swift with the new VM layout. * Add udev rule and sort script to restore sanity in drive orders on HP DL385, Qemu and others. * Handle region_name per cluster. * Set net.ipv4.ip_nonlocal_bind on all servers, needed if we set LocalAddress in sshd + bgp-to-the-host. * Cloudkitty: use keystone as fetcher_backend. * Fix rabbit URL for ceilometer notifications in the controller. * Add ceilometermiddleware support for swiftproxy. * Call ::nova::cinder for any OpenStack release >= train, in both the controller and compute classes. * Add support for Ceilometer dynamic pollsters. * Make Nova's reserved_host_memory_mb configurable, and set default to 16GB. * Add optional activation of tempurl, symlink and staticweb swiftproxy middlewares on swiftproxy nodes. * Move cloudkitty & gnocchi dbs to the messaging nodes, on a new Galera cluster for billing. * Automatically write /etc/ceilometer/gnocchi_resources.yaml from /etc/openstack-cluster-installer/gnocchi_resources.yaml. Same with /etc/cloudkitty/metrics.yml for the processor. * Rate limit the API to a customizable value, at the iptables level (default: 100 queries/s connection max per /24), and haproxy (default: 20 concurrent sockets), with no limit for cluster internal use. * Increased memcached max_connections to 16k (instead of 8k). * Only keep 7 days of haproxy logs instead of the default which is 52. * controller: also install python3-pankoclient. * Configure by default the number of keystone uwsgi workers. * Added filebeat support. * Add missing pciutils depends in the openstack-cluster-installer-common package (the agent uses it). * Manage the number of API workers with $::os_workers and the new classes foo::wsgi::uwsgi contributed to puppet-openstack. * Add code to force a debian suite name for the MegaCli repo. * Setup postfix with correct relayhost in all machines of clusters. * Use "ceph-volume lvm batch --osds-per-device 2" instead of calling the ceph::osd class to create the OSDs. * Allow overriding the debian suite name for the HPE repo. * Add support for installing PERCCLI. * Fix swiftproxy.pp haproxy setup for Bullseye (ie: haproxy >= 2.1). * Add missing call to class { '::octavia::housekeeping': } in controllers. * Transmit all of the PKIs through the ENC, so there's no need to use a script to update them. Administartors can simply edit the SSL key materials on the OCI machine under /var/lib/oci/ssl/slave-nodes. The puppet manifests are now taking care of updating the certs, and restarting daemons appropriately. * Fix-up correct rights and location for PKI materials in the cluster. * Addresses OSSN-0088: disable glance metadef for non-admins. * Fix compute node setup in case there's no data disk. * Set enable_new_services => false when calling nova::conductor, to have new compute nodes appear disabled by default, which is better for production. * oci-poc: added support for AMD virtualization, and added modprobe.d options to enable nested virtualization. * Add an option to not provision CephOSD automatically. * Optionnaly, OCI can set an HTTP proxy in the aodh-notifier's service environment, which is very useful if the controller have no internet access (this way, aodh-notifier can notify any URL). * Do not attempt to setup swiftstore disks if they appear commented out in the fstab. * Add an option to install Panko or not (do not install by default). * Set correct collect_statistics_interval and cluster_partition_handling. * If using victoria and up, do not use SSL for Glance, as the package has changed to not use UWSGI, and therefore, lost SSL support. * Added support for Manila (share as a service). * Add VRRP auth password (for Neutron L3 routers in HA). * Make it possible to select available Horizon themes. * Report and display machine block device controller and ethernet driver, with their firmware driver version. * Add a custom oci_facts.yaml in each nodes in /etc/facter/facts.d, maintained by both puppet and at provisionning time. This is helpful for anyone willing to customize his puppet environment depending on node role and this type of info, directly in puppet or hiera. * Depends on qemu-system, not just qemu (Closes: #992951). [ Axel Jacquet ] * Added rate limit for swift proxies. -- Thomas Goirand Tue, 16 Feb 2021 19:08:35 +0100 openstack-cluster-installer (40) unstable; urgency=medium * Fix compute.pp, volume.pp, swiftproxy.pp and network.pp not having the $all_rabbits_ips parameter and failing to apply. * Fix calling auto-join-rabbit-cluster in messaging nodes. * openstack-cluster-installer-build-live-image: do not modify config/build if the file doesn't exist. * Correctly schedule keystone bootstraping before doing the roles. * ocicli cluster-install: display VOLUME, SWIFTPROXY and SWIFTSTORE when installing them. * oci-poc: correctly bridge 192.168.105.1/24 to the ocibr1 (ie: the bridge connected to the eth1 of all VMs) instead of eth0, correcting the floating IP connection to the VMs. * oci-poc: allow using .raw images for glance upload. -- Thomas Goirand Wed, 10 Feb 2021 10:27:28 +0100 openstack-cluster-installer (39) unstable; urgency=medium * Add -y flag when installing HPE tools. -- Thomas Goirand Mon, 01 Feb 2021 17:39:43 +0100 openstack-cluster-installer (38) unstable; urgency=medium * Correctly generate passwords for service='bill'. * Switch to netcat-traditional instead of netcat (Closes: #981499). * Allow setting-up gnocchi-api on messaging+bill{mon,osd} separate nodes to enable better scalling. -- Thomas Goirand Mon, 01 Feb 2021 17:24:34 +0100 openstack-cluster-installer (37) unstable; urgency=medium [ Thomas Goirand ] * oci-fixup-compute-node: Do not perform libvirt hack if not in stretch or buster. * Add HPE non-free tools installation support (hponcfg, storcli, ssacli), and automatically activate IPMI over LAN on them. * Fix typo when selecting ceph or swift backend for Glance. * Use roundrobbin (instead of source) for nova-api HAProxy backend. * oci-hdd-maint: reports correctly the serial numbers of HPE SmartArray connected HDD/SSD. [ Cyril de Bourgues ] * Add 3 swift ring management utilities. -- Thomas Goirand Sun, 31 Jan 2021 19:14:44 +0100 openstack-cluster-installer (36) unstable; urgency=medium * Fix galera_package_name when installing the Galera cluster. -- Thomas Goirand Thu, 21 Jan 2021 23:38:57 +0100 openstack-cluster-installer (35) unstable; urgency=medium * oci-poc: restart isc-dhcp-server after starting VMs. * Add billmon and billosd roles, to have an independent Ceph for Telemetry. * Install chrony by default in target machines, not ntp. * Fix corosync setup with the Bullseye 3.1.x version. * Fix haproxy >= 2.1 incompatibility with reqrep / rspirep. -- Thomas Goirand Thu, 21 Jan 2021 18:02:51 +0100 openstack-cluster-installer (34) unstable; urgency=medium * Upgrade IPMI before BIOS (as that's what Dell server needs). Also correctly report r420/r620 lifecycle version. * Fixed reporting phys block device size when MegaCli returns SECTOR_SIZE=0. * Report r420 / r620 Lifecycle version correctly. * Add ceph_osd_initial_setup to stop provisionning Ceph OSD once the cluster is in production. * Add force_no_bgp2host to make it possible to setup a compute cluster using bgp-to-the-host, but forcing Network nodes to use L2 connectivity. * Allow using non-DVR setup, with central network nodes (though using DVR for east-west traffic). * Fix distribution names inside the live image for the new version of live-build. -- Thomas Goirand Tue, 19 Jan 2021 09:20:40 +0100 openstack-cluster-installer (32) unstable; urgency=medium * Removed the oci-poc-vms init script, and make it a normal shell script. * Fixed oci-poc-install-cluster-full to run with the new oci-poc-vms. * It's now possible to set %%COMPUTE_AGGREGATE%% in the "machine-set": of hardware-profile.json, and it will be replaced by whatever is set as compute-aggregate in auto-racking.json. * Add a new machine-renew-ipmi-password command to ocicli. * Setup kvm_intel / kvm_amd nested=0/1 at provision time, so it's not needed to reboot compute nodes after install to enable nested virt. Also support nested virt for amd processors. * Add a cluster option nova_scheduler_prefers_hosts_with_more_ram, controlling the ram_weight_multiplier (-1 / 1) of the Nova Scheduler. * Add messaging nodes for separate, dedicated, notification bus, which is increase the reliability if using notifications (no risk to overload the central rabbitmq service with the notification messages). * When there's both Ceph and Swift available, make it possible to select which type of backend to use for Ceph. * Made installing magnum optional. * Switch to using ceph-volume from the puppet-ceph class. -- Thomas Goirand Tue, 12 Jan 2021 13:16:58 +0100 openstack-cluster-installer (31) unstable; urgency=medium * Agent: fix MegaRAID detection. * report.php: allow dots in HDD models and size. * Commands machine-megacli-apply and machine-check-megacli-applied can be used without a hardware profile name. * Add machine-guess-racking and machine-auto-rack, for filling-up the racking information automatically looking-up LLDP information against the /etc/openstack-cluster-installer/auto-racking.json configuration file. * Deny public access to SMTP, Keystone, Heat CFN and Aodh API on the VIP. * Add API calls to record hosts in DNS, add hosts to monitoring, and change plus record host root passwords. All of this using plugins in the form of customizable shell scripts. * Cinder-volume: allow one backend per disk. * Run ipmitool lan set 1 cipher_privs Xaaaaaaaaaaaaaa on R410/R610. * Add puppet-module-etcddiscovery as depends of puppet-module-oci. * Set the chassis/system serial as hostname in the live image, so that LLDP and dhclient uses it to advertize and broadcast a more meaningful hostname than just "debian". * Add "ocicli machine-auto-add" which adds a machine automatically to a cluster defined in openstack-cluster-installer.conf, using the role matched by the hardware-profiles.json, and the location defined in the auto-racking.json configuration file. * Add the possibility to completely automate: - megacli profiles. - racking info (ie: data center and rack position auto-fill). - adding machine to clusters. - installing the OS. This effectively makes it possible to automatically auto-provision servers in a "hand-free" mode as soon as they are plugged and booted. * Add --blockdevs / -b option to ocicli machine-list to display block devices. * Add an option to set the initial drive weight for swift. * Fixed VIP hostname in /etc/hosts if it was customized. * Add hdparm as runtime depends of -utils. * Also copy {account,container,object}.builder files when installing swift store and proxy nodes. * Install numactl and numad, and start numad on compute nodes. * Increases buffer for net.ipv6.neigh.default.gc_thresh{1,2,3} (previously done only for IPv4). * Do not include :443 in the keystone endpoint. * Stop generating /root/openrc. * Create all necessary Keystone roles, only in the first master, and only if the service is installed. * swiftproxy: set other proxies as backup in haproxy. * ocicli machine-list: sort machines by a much more natural order, which works in both cases where a machine has been added to a cluster or not: - .role,(.hostname|length),.hostname,.product_name,.serial * Add support for CephOSD on compute machines (ie: hyperconverged). -- Thomas Goirand Fri, 27 Nov 2020 09:25:23 +0100 openstack-cluster-installer (30) unstable; urgency=medium * Better output for drives with MegaCLI in oci-hdd-maint. * Allow for on-the-fly change of machines IPMI network (can be needed if the IPMI network list and DHCP configuration has changed). * Switch all of the VMs of the oci-poc to virtio-scsi by default (instead of virtio-blk) so that we can test trim/discard. * oci-cluster-upgrade-openstack-release: Only perform OVS upgrades if the package openvswitch-common, and apt-cache policy shows it will upgrade. * Add installation of anacron in generic.pp (ie: all nodes). * Added oci-cluster-upgrade-old-swift-oci, to be run on the OCI machine, to upgrade from the older type of Galera setup that OCI was doing in the OCI released in Buster. * Make it possible to use Ceph from official Debian backports. * Live image: use by default a text-mode syslinux, so that it works over serial console. Also set the default timeout to 20 seconds. * Add a machine-wipe command to wipe the HDD when the machine is in live. * Add a cluster-reset, to reset all machines into live. * Fix cluster-install, so it really works now. * Add cluster-rolecounts-list / cluster-rolecounts-set commands. * Add -y and -u options in oci-hdd-maint. * Generate a root ssh key on all machines, and allow ssh as root from one volume note to another, to make backups of LVM over ssh possible. * Agent: do not report what lsblk reports as trans:iscsi. * Add racadm get BIOS.BiosBootSettings.HddFailover Enabled for r740xd. * Default to max_stacks_per_tenant=5000 (upstream default is 100). * Do not manage Octavia Amphora flavor in nova if not in initial cluster setup mode, in order to speed-up the run. * Allow renaming of the external network names, per compute/network node. * Activate enable_proxy_headers_parsing when available. * Small fix for per-machine libvirt extra CPU flags. * Use networks instead of each individual machines to do the swiftstore firewalling. Also firewall swiftproxies, which can also be stores. * Allow to use hostnames instead of chassis serial in many API calls. * Add an option for LVM volume nodes to configure reserved_percentage and max_over_subscription_ratio. * Remove options for LVM volume nodes max_luns_per_storage_group and check_max_pool_luns_threshold as it is specific to VNX driver. * Add a per (compute|network) node option to install Neutron BGP dragent. * Allow Dell Lifecycle automatic upgrades within the Agent. * Report and display all block devices handled by MegaCli (ie: LSI RAID controllers). * Automate building megacli RAID devices. * Use DEFAULT/default_ephemeral_format=ext4 in Nova. -- Thomas Goirand Mon, 31 Aug 2020 11:07:18 +0200 openstack-cluster-installer (29) unstable; urgency=medium * Add the setup of a tempest node. * Write a correct oci-write-lvm-filter to be used in compute and volume nodes at first boot: it lists devices present in /etc/oci/data-disks only. * Fix enc not sending Gnocchi's statsd UUID. * Make cinder-api run on uwsgi, not Apache, if using >= Train. * Add Ussuri support in controller.pp & compute.pp. * Add -f flag in oci-hdd-maint when formating an XFS partition. * Add oci-cluster-upgrade-openstack-release to enable scripted upgrades from one OpenStack release to the next. * Switched cinder-api to uwsgi even in Stein. * Add oci-poc-provision-cloud in -utils, so it's easier to setup the PoC. * Add configuration of Nova's limit_tenants_to_placement_aggregate. * Send racadm command to set boot device for r740xd machines. * Configure /etc/ssh/sshd_config so that servers don't have the ssh listening on public IPs. We're listing ssh host key certs using a custom puppet fact. * The cluster values in variables.conf are now automatically transmited to the nodes matching the roles: of the matching entry. * Added initial and experimental support for Designate. * Improved oci-hdd-maint to show correctly the RAID slots, size, model and serial of HDDs. * Removed the dependency on approx. -- Thomas Goirand Sat, 25 Apr 2020 21:24:54 +0200 openstack-cluster-installer (28) unstable; urgency=medium * Do not use StrictHostKeyChecking=no when rsyncing fernet tokens, as we have signed ssh host keys. * Add missing authors from d/copyright. * Add an option for LVM volume nodes to configure volume_copy_bps_limit. * ocicli: use csvlook from csvkit instead of column by default. * Fixup volume backup backend in volume.pp * Make it possible choose ceph or swift for cinder-backup. * Add oci-puppet to lauch puppet -t more easily. * Fix ports for Ceph OSDs so that they are each 4, not each 3 ports. * oci-make-osd: Fix calculating DEFROUTE_IP if using BGP 2 host. * Prioritize Swift over Ceph as a backend for cinder-backup and Glance. * Load kernel and ramdisk over http instead of tftp (much faster). * Make Glance swift-backend works if we're using a local swift and a non-rocky setup. * Fix generating the scp-ring script so it doesn't scp to IPMI IPs. * Fix swift ring building so it wont add IPMI IPs. * Add a new oci-cluster-upgrade-stretch-to-buster. * Set arp_responder to True everywhere. * Fix ipxe.php to chain to any IP address that runs on the PXE server, not just hardcoded 192.168.100.2. * Fix Glance over Ceph when >= train. * Add filters to lvm.conf to avoid nested LVM issues. * Add a new oci-cluster-upgrade-stretch-to-buster script to minimize downtime when upgrading from stretch. * Automatically add new cluster's SSH CA key into OCI's /etc/ssh/ssh_known_hosts * Configure ocicli within the PoC's PXE server. * Add a PoC oci-poc-{save,restore} to be able to save a cluster state. * Add sync-oci-code script. * Make neutron's global_physnet_mtu and path_mtu tweakable cluster variables. * octavia::worker: base image now uses 4GB HDD. * Add oci-cluster-upgrade-stretch-to-buster script (currently PoC) * Allow controllers configuration for Cinder storage_availability_zone and default_volume_type * Do not manage policy-rc.d for keystone if not using Rocky. * Redirect output of oci-fernet-keys-rotate to /dev/null to avoid cron job to spam. * Fix ENC regarding non-master-controller IPs. * Do not use StrictHostKeyChecking=no when rsyncing fernet tokens, as we have signed ssh host keys. * Add a --first-master option to ocicli cluster-set, so one can change who's the first master in the cluster. * Fix-up volume.pp to allow using ceph as backend for cinder-backup. -- Thomas Goirand Sun, 29 Mar 2020 22:18:39 +0200 openstack-cluster-installer (27) unstable; urgency=medium * Automatically call "nova-manage cell_v2 discover_hosts" when an hypervisor is finished to install with puppet. * Fixed wrong parameter definition in swift{store,proxy}.pp classes. * Add --notes to ocicli. * Also report and display Dell's Lifecycle controller version. * Apply Dell racadm serial configuration by default when setting-up IPMI. * Add a "machine-apply-ipmi" command to ocicli, so that IPMI config can be re-applied with the current db configuration. * Add IPMI value settings in ocicli machine-set (doesn't commit). * Add configuration of IPMI VLANs. * Use escapeshellarg() for the username and pass when calling ipmitool. * Add an ocicli check-all-ipmi command. * Enhanced a lot machine-list, now has options to display whatever the user needs to be output, so that it may fit on a normal screen. * Also install syscfg on machines using iDRAC6 or 7. * Fix "ocicli cluster-list" when no cluster is defined. * Cannot delete a location if a network is using it. * Cannot delete a region if some locations are using it. * Cannot delete a cluster if some networks or machines are using it. * Add the concept of first and last IP of a subnet, and rework the IP allocation logic. * Correctly schedule the Galera cluster, so that the first Galera node will start first, then other controllers will wait for its SQL Galera to be up before attempting to join the new Galera cluster. * Fixed a bug in enc_get_mon_nodes() which was always using cluster_id='1', so failing if the cluster had a different ID. * Do not attempt db_sync for services if the node is not first_master, or if initial_cluster_setup is set to no. * Add a system to sign SSH host keys, so that the cluster can trust itself, and nova can safely scp disk images when migrating VMs. * Get the LLDPD info for each nic, store that in the db, and display with "ocicli machine-list -h". * Fix serial number fetch by the OCI agent on Supermicro machines. * Review the boot processs, and now correctly wait for networking to be up, plus package every binaries of the installed server in a -utils package. * Also automatically sign the live image host keys, and trust it. * Really disable notifications if disabled (by setting noop driver). -- Thomas Goirand Fri, 10 Jan 2020 11:45:31 +0100 openstack-cluster-installer (25) unstable; urgency=medium * oci-agent: Add missing Breaks+Replaces (<< 24~) (Closes: #947385). -- Thomas Goirand Fri, 27 Dec 2019 21:17:05 +0100 openstack-cluster-installer (24) unstable; urgency=medium * Also delete /var/lib/openstack-cluster-installer-poc on purge (Closes: #905516). * Add chmod after copy function for ssh private key on controllers * Set defaults_options max_conn to 40960 in swiftproxy.pp * Set swift_proxy_config DEFAULT/max_clients to 2048 on all proxy servers. * Add haproxy stats in the haproxy of swiftproxies. * Add the object-expirer daemon in *one* swiftproxy (because it's 1 per cluster). * Define ::nova::pci *before* ::nova::compute. * Set /etc/default/openvswitch-switch. * Now support setting-up CPU model at cluster and individual single compute node level. * Setup and use apparmor on libvirt in compute nodes (mandatory for live-migration to work in Buster). * Add oci-update-cluster-certs to update the cluster's API certs and internal cluster PKI automatically (and restart services). * Manage /etc/systemd/system/puppet.service.d/oci-ca-cert.conf with puppet. * Enable puppet if the 2nd run is a success. * Also setup neutron-metadata + haproxy server on network nodes. * Enable anti-affinity for Octavia's amphoraes. * Remove the use of spare_amphorae_pool_size, as it doesn't work with anti-affinity. * Make it possible to select, for each swift store and proxy, if they are storing accounts, containers, or objects. * Glance haproxy always verify TLS. * Make it possible to use an external swift as a backend for Glance and Cinder-backup. * Add a --hostname option to machine-set. * Package the openstack-cluster-installer-agent separately. * Use /usr/sbin/iptables-legacy and /usr/sbin/ip6tables-legacy if != stretch, runtime depends on puppet-module-voxpupuli-alternatives to do so. * Add more doc in README.md, especially a table of content in it. * Fix for iPXE not detecting the correct machine: there's now a db column to record the DHCP IP of machines. * Add missing option httpchk in the galera backend definition. * Make it possible to add custom parameters for machines & clusters simply by editing a variables.json configuration file, auto-generating the OCI REST API, ocicli and ocicli bash completion. * Add new parameters for swiftstore and swiftproxy: --server-per-port, --disk-chunk-size and --network-chunk-size. * Also setup etcd and etcd-discovery if setting-up Magnum. Now OCI runtime depends on puppet-module-cristifalcas-etcd. * Make it possible to automatically assign IPMI IP addresses of slave machines. * Add automatic BIOS upgrade throught the OCI agent when running live. -- Thomas Goirand Fri, 20 Dec 2019 13:55:07 +0100 openstack-cluster-installer (23) unstable; urgency=medium [ Thomas Goirand ] * Install intel-microcode and smartmontools in nodes by default. * Add full installation and support for Magnum. * haproxy: correctly check SSL certificate of each service. * SSL certificate with -addext "subjectAltName = DNS:${SLAVE_NODE_HOSTNAME}" to avoid warnings. * Add a debmirror machine type. * Correctly generate the ec2 credential keys for Keystone. * Switch Octavia to ACTIVE_STANDBY by default. * Automatically format /dev/sdb as XFS over a volume group and mount it in /var/lib/nova/instances. * Automatically install megacli if requested in config file. * Fix CephOSD nodes when using NVME disks. * Allow using a Ceph cluster network and configure CephOSD nodes the correct way for it. * Always transmit an up-to-date /etc/hosts to all nodes throught the ENC. * Differenciate API root CA and OCI root CA. * Add a cluster option to use self signed certs or not. * Manage /etc/systemd/system/puppet.service.d/oci-ca-cert.conf with puppet. * Lots of fixes for OpenStack rocky. * Enable or disable nested virtualization on cluster or machine level. * Added an oci-update-cluster-certs script, so one can published updated certs in a whole cluster. * Optionnaly, a cluster can use an external swift cluster for Glance and Cinder backups. [ Ondřej Nový ] * Running wrap-and-sort -bast. * Use debhelper-compat instead of debian/compat. -- Thomas Goirand Wed, 15 May 2019 12:25:05 +0200 openstack-cluster-installer (22) experimental; urgency=medium [ Thomas Goirand ] * Add role-add, role-create, role-delete API and ocicli. * Add bash-completion script for ocicli. * Enhance ocicli network-list, add a network-set command. * Allow setting-up multiple external bridges for flat networks. * List all bridge setup with OCI in neutron's config, allowing a virtually unlimited number of bridges. * Fix service_credentials/cafile in ceilometer. * Add option to perform ipmitool settings in the target image when running on the slave image. * Add option to show the calculated IPMI console command. * Add some sysctl customization (low swappiness, higher conntrack, etc.). * Provision ssh public / private keypair between nova nodes in the /var/lib/nova/.ssh folder, to allow (live) migration using ssh / scp. * Switch to a db migration system with the schema saved in PHP format. * Add a cluster-show command. * Add the setup of chrony on all machines, with customization of time server host for the clock source. * Add the nf_conntrack module by default in /etc/modules. * Make sure python-keystonemiddleware is installed on swift-proxy nodes. * Firewall swift's container, account and object servers. * Empty DEFAULT/external_network_bridge by default, as this prevent using more than one external network. * Libvirt configuration on compute nodes (ie: /etc/default/libvirt-guests): - PARALLEL_SHUTDOWN=8 - SHUTDOWN_TIMEOUT=120 - START_DELAY=4 * Add qemu monitor on port 550XX for each VMs in the PoC. * Copy swift_fstab_dev_list.sh when provisionning. * Set Neutron's global_physnet_mtu and ml2's path_mtu if the VM net network has mtu != 0, allowing to set (for example) mtu = 9000. * Use wget to install openstack-backports-archive-keyring_0.1_all.deb instead of using apt-get update / apt-get install --allow-unauthenticated (which method doesn't work anymore in Buster). * Set haproxy's nbproc to 4 by default for swiftproxy, compute and controller nodes. * Copy the backport repository key file inside the targets instead of using the openstack-backports-archive-keyring package, which doesn't work anymore if using Buster. * Also install gnupg2 in the installed machines of the cluster. * Add support for Stein's separated placement. * Adapt puppet manifests so that they also work with Stein's puppet-openstack. * Add the feature to setup any machine with software RAID. * Using system serial number, and not chassis anymore. * Fully working Octavia support. [ Oliver Chaze ] * swift: do not log in syslog general logs * increase default haproxy server timeout -- Thomas Goirand Tue, 14 May 2019 17:18:44 +0200 openstack-cluster-installer (21) unstable; urgency=medium * Bugfix release for Buster which includes: - Fixed reserve_ip_to_all_slaves_of_network() call in network_add API call. - Correctly check for $mgmt_net["iface2"] and not $onenet when calculating --static-iface. - Fix block device list for swiftstore (statsd hostname was breaking it, ordering was broken). - Correctly set the erlang_cookie for rabbitmq as a random value. - Correctly use a a real random key for heat's encryption key. - Correct swift pipeline order when using encryption. - Correctly set unix rights of drives in /srv/node. -- Thomas Goirand Tue, 05 Mar 2019 13:46:39 +0100 openstack-cluster-installer (20) unstable; urgency=medium * Set allow_resize_to_same_host to True on all nova nodes. * Set dhcp_domain to '' in nova.conf, to avoid .novalocal or .openstacklocal postfixed to hostname by DHCP. * Set important rabbitmq production parameters (the most important one is the autoheal, to avoid split-brain breakage). * Randomize the rabbitmq host list in transport_url, to avoid having all services connecting always to the same host. * Add support for Cinder volume over Ceph. * Provision Ceph OSD using bluestore. * Fix poc-bin/oci-poc-setup-bodi-hook motd. * Make Ceph optional on compute nodes: - Add a machine-show to show machine properties. - Add a machine-set, to select /var/lib/nova/instances on Ceph or not. - Modify the ENC to transmit the use_ceph_if_available variable. - Modify compute manifest to use the use_ceph_if_available and possibly use Ceph or not for /var/lib/nova/instances. * Better Octavia defaults. * Fix dns_domain of neutron.conf to the domain name of the deployed cloud. * Enable optional statsd logging for swiftstores. * Using uwsgi instead of Apache for heat-api, heat-api-cfn, nova-api, barbican-api and aodh-api. -- Thomas Goirand Wed, 20 Feb 2019 14:12:23 +0100 openstack-cluster-installer (19) unstable; urgency=medium * Set all services to use RabbitMQ HA queues. * Explicitely choose the firewall type for Neutron agents. * Setup ceilometer::agent::central on controller nodes. * Setup cloudkitty-processor on multiple controllers using coordination URL. * Fix Ceilometer redis connection URLs. * Set resume_guests_state_on_host_boot in compute's nova.conf. * Rewrite the Location: headers coming from nova & heat, so that microversion redirections (ie: 302 redirect) can work. This repair listing instances in Horizon. * Correctly binds instance VNC servers to 0.0.0.0 on compute hosts. * Make the NoVNC console work. * Add rsync of glance images from first controller to the others. * Add script to add machines in the ring. * Fix Glance-api public_endpoint URL to correct HAProxy URL. -- Thomas Goirand Sat, 09 Feb 2019 19:12:00 +0100 openstack-cluster-installer (18) unstable; urgency=medium * Fix cloudkitty's keystone_fetcher and gnocchi_fetcher cafile=. * Fix cloudkitty's rabbitmq amqp_sasl_mechanisms and login. * Setup correct database/connection for Gnocchi. * Setup redis for Gnocchi. * Live image: iomem=relaxed console=tty0, install plymouth (so that systemd prints on all consoles). * Add Panko and Ceilometer services. * New style of networking options for openstack-debian-images. * Add e2fsprogs to the slaves. * fernet_replace_keys => false by default, and also do not attempt to isntall fernet key "1" on each puppet run. * Nova default config on compute: - DEFAULT/use_cow_images = False. - preallocate_images = 'space'. - remove_unused_original_minimum_age_seconds = 604800 (one week). * Neutron default config: - service_plugins: add segments. - network_vlan_ranges = external (so, we use br-ex for the VLANs). * Do not chown swift:swift /srv/node/X if X isn't mounted (which may be the case if there's a borken drive in a swift cluster). * Add firewalling of Octavia API on the VIP. * Install default openstack-cluster-installer.conf for Buster. -- Thomas Goirand Thu, 24 Jan 2019 15:09:46 +0100 openstack-cluster-installer (17) unstable; urgency=medium * Use host CPU model for VMs in the -poc. * Fix starting-up VMs with 3 drives in the PoC. * Run gnocchi-api using uwsgi rather than Apache to avoid port bind conflict. * Fix neutron.conf [database]/connection to be empty on compute nodes. * Fix puppet scheduling of swiftproxy install. * Fixed machines table with default SQL values. * Do not use INSERT with '' as value for IDs, just omit it, so it works with mariadb 10.3. * Remove the nobarrier option from Ceph OSD fstab, as it doesn't work anymore in Sid/Buster. * Do not use roundrobin for glancebe in haproxy, but source, else it wouldn't work properly. * Add ccze to all installed computers. -- Thomas Goirand Tue, 22 Jan 2019 10:14:26 +0100 openstack-cluster-installer (16) unstable; urgency=medium * Add Gnocchi, Aodh, Cloudkitty and Octavia deployment. -- Thomas Goirand Fri, 14 Dec 2018 10:41:32 +0100 openstack-cluster-installer (15) unstable; urgency=medium * Add Compute, Volume and Ceph support. * Correctly purges /etc/openstack-cluster-installer and /var/lib/oci. (Closes: #915781). -- Thomas Goirand Tue, 20 Nov 2018 15:43:03 +0100 openstack-cluster-installer (14) unstable; urgency=medium * Add the possibility to customize the motd of installed machines. * Switch Heat API URL from /orchestration to /orchestration-api to avoid any clash with /orchestration-cfn. * Fixed rabbitmq SSL setup, and made heat work. * Add the setup of openstack-dashboard (aka: Horizon). * Add the setup of Barbican. * Add Swift encryption using a secret key stored in Barbican. * Add puppet-module-puppetlabs-firewall, and firewall the public IP. -- Thomas Goirand Tue, 30 Oct 2018 14:12:02 +0100 openstack-cluster-installer (13) unstable; urgency=medium * Fix path of chown in swiftstore.pp. -- Thomas Goirand Tue, 30 Oct 2018 11:48:43 +0100 openstack-cluster-installer (12) unstable; urgency=medium * Use Exec in puppet to change unix right of /srv/node/* folders in all swift store nodes, do not do that in rc.local anymore. -- Thomas Goirand Mon, 29 Oct 2018 16:26:22 +0100 openstack-cluster-installer (11) unstable; urgency=medium * Fixed $machine_ip for the listen of memcache in swiftproxy nodes, so that it works with puppet 5. -- Thomas Goirand Mon, 29 Oct 2018 12:41:51 +0100 openstack-cluster-installer (10) unstable; urgency=medium * Do not install openstack-backports-archive-keyring when setting-up buildd Debian repository. * Overrides epmd.socket to make sure epmd binds on all interfaces. -- Thomas Goirand Thu, 25 Oct 2018 13:40:45 +0200 openstack-cluster-installer (9) unstable; urgency=medium * Automatically remove space in "connection = " in config file. * Add option to include incoming buildd, so it's easier to test in Sid. -- Thomas Goirand Thu, 25 Oct 2018 12:14:23 +0200 openstack-cluster-installer (8) unstable; urgency=medium * Fixed Source URL in debian/copyright. * Some more fixups for OCI to work with Sid/Buster without additional repo. -- Thomas Goirand Thu, 25 Oct 2018 10:51:50 +0200 openstack-cluster-installer (7) unstable; urgency=medium * Remove qemu-kvm from depends of openstack-cluster-installer, made the -poc package to use only qemu, suggesting qemu-kvm. This should ease transition to Testing. -- Thomas Goirand Tue, 23 Oct 2018 13:24:01 +0200 openstack-cluster-installer (6) unstable; urgency=high * Add authentication system. * Switch to rocky when using backports. * Add lots of middleware in the default Swift pipeline. * Make it possible to expose the swift proxy-server directly without using the controller's haproxy. * Add read/write affinity. * Lots of minor tweaks and debugs. -- Thomas Goirand Tue, 23 Oct 2018 11:06:35 +0200 openstack-cluster-installer (5) unstable; urgency=medium [ Ondřej Nový ] * Running wrap-and-sort -bast * Delete /var/lib/openstack-cluster-installer-poc on purge (Closes: #905516). [ Thomas Goirand ] * Add swift deployment capability. * Add a CLI API client. -- Thomas Goirand Thu, 20 Sep 2018 11:09:09 +0200 openstack-cluster-installer (4) unstable; urgency=medium * Add a glance cluster. -- Thomas Goirand Fri, 17 Aug 2018 11:50:52 +0200 openstack-cluster-installer (3) unstable; urgency=medium [ Thomas Goirand ] * Setup a Keystone cluster with Haproxy and a VIP. [ Ondřej Nový ] * Running wrap-and-sort -bast * d/control: Use team+openstack@tracker.debian.org as maintainer -- Thomas Goirand Wed, 15 Aug 2018 16:24:41 +0200 openstack-cluster-installer (2) unstable; urgency=medium * Add openstack-cluster-installer-poc and puppet packages. * Add full network/ip manager. * Add automatic slave node cert management. * Automatically setup a galera cluster on slave controller nodes. -- Thomas Goirand Thu, 21 Jun 2018 11:47:31 +0200 openstack-cluster-installer (1) unstable; urgency=medium * Initial release. -- Thomas Goirand Wed, 21 Mar 2018 14:17:07 +0100