.gitreview

@@ -2,3 +2,4 @@
 host=review.opendev.org
 port=29418
 project=openstack/kolla-ansible.git
+defaultbranch=stable/2024.2

ansible/group_vars/all.yml

@@ -779,7 +779,7 @@ external_api_firewalld_zone: "public"
 ####################
 # OpenStack options
 ####################
-openstack_release: "master"
+openstack_release: "2024.2"
 # Docker image tag used by default.
 openstack_tag: "{{ openstack_release }}-{{ kolla_base_distro }}-{{ kolla_base_distro_version }}{{ openstack_tag_suffix }}"
 openstack_tag_suffix: ""
@@ -788,7 +788,7 @@ openstack_logging_debug: "False"
 openstack_region_name: "RegionOne"
 
 # Variable defined the pin_release_version, apply for rolling upgrade process
-openstack_previous_release_name: "2023.2"
+openstack_previous_release_name: "2024.1"
 
 # A list of policy file formats that are supported by Oslo.policy
 supported_policy_format_list:

ansible/post-deploy.yml

@@ -50,6 +50,15 @@
         group: "{{ ansible_facts.user_gid }}"
         mode: 0600
 
+    - name: Template out public-openrc-system.sh
+      become: true
+      template:
+        src: "roles/common/templates/public-openrc-system.sh.j2"
+        dest: "{{ node_config }}/public-openrc-system.sh"
+        owner: "{{ ansible_facts.user_uid }}"
+        group: "{{ ansible_facts.user_gid }}"
+        mode: 0600
+
     - import_role:
         name: octavia
         tasks_from: openrc.yml

ansible/roles/common/templates/conf/input/00-global.conf.j2

@@ -16,7 +16,7 @@
   <parse>
     @type multiline
     format_firstline /^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}.\d{3} \d+ \S+ \S+ \[.*\]/
-    format1 /^(?<Timestamp>\S+ \S+) (?<Pid>\d+) (?<log_level>\S+) (?<python_module>\S+) \[(\S+ req-)?((?<request_id>\S+) (?<user_id>\S+) (?<tenant_id>\S+) (?<domain_id>\S+) (?<system_scope>\S+) (?<user_domain>\S+) (?<project_domain>\S+)|-)\] (?<Payload>.*)?$/
+    format1 /^(?<Timestamp>\S+ \S+) (?<Pid>\d+) (?<log_level>\S+) (?<python_module>\S+) ((?:\[)(?:None|req-)(?<global_request_id>\S+)? (?:None|req-)(?<request_id>\S+) (?<user_id>\S+) (?<tenant_id>\S+) (?<domain_id>\S+) (?<system_scope>\S+) (?<user_domain>\S+) (?<project_domain>\S+)(?:\]))?(?<Payload>.*)?$/
     time_key Timestamp
     keep_time_key true
     time_format %F %T.%L

ansible/roles/common/templates/public-openrc-system.sh.j2

+# {{ ansible_managed }}
+
+# Clear any old environment that may conflict.
+for key in $( set | awk '{FS="="}  /^OS_/ {print $1}' ); do unset $key ; done
+export OS_USER_DOMAIN_NAME=Default
+export OS_SYSTEM_SCOPE=all
+export OS_USERNAME={{ keystone_admin_user }}
+export OS_PASSWORD={{ keystone_admin_password }}
+export OS_AUTH_URL={{ keystone_public_url }}
+export OS_IDENTITY_API_VERSION=3
+export OS_REGION_NAME={{ openstack_region_name }}
+export OS_AUTH_PLUGIN=password
+{% if kolla_admin_openrc_cacert is not none and kolla_admin_openrc_cacert | length > 0 %}
+export OS_CACERT={{ kolla_admin_openrc_cacert }}
+{% endif %}

ansible/roles/destroy/tasks/cleanup_host.yml

@@ -14,7 +14,7 @@
     kolla_dev_repos_directory: "{{ kolla_dev_repos_directory }}"
     opensearch_datadir_volume: "{{ opensearch_datadir_volume }}"
     destroy_include_dev: "{{ destroy_include_dev }}"
-    kolla_ansible_inventories: "{{ inventories_comma_separated.replace(',',' ') }}"
+    kolla_ansible_inventories: "{{ ansible_inventory_sources | join(' ') }}"
 
 - block:
     - name: Disable octavia-interface service

ansible/roles/grafana/tasks/config.yml

@@ -110,7 +110,9 @@
   file:
     state: absent
     path: "{{ node_config_directory }}/grafana/dashboards/"
-  when: service | service_enabled_and_mapped_to_host
+  when:
+    - not ansible_check_mode
+    - service | service_enabled_and_mapped_to_host
 
 - name: Copying over custom dashboards
   vars:

ansible/roles/grafana/tasks/post_config.yml

@@ -12,6 +12,7 @@
   retries: 30
   delay: 2
   run_once: true
+  when: not ansible_check_mode
 
 - name: Remove old grafana docker volume
   become: true

ansible/roles/heat/defaults/main.yml

@@ -175,7 +175,7 @@ heat_engine_extra_volumes: "{{ heat_extra_volumes }}"
 heat_internal_endpoint: "{{ heat_internal_base_endpoint }}/v1/%(tenant_id)s"
 heat_public_endpoint: "{{ heat_public_base_endpoint }}/v1/%(tenant_id)s"
 
-heat_cfn_internal_endpoint: "{{ heat_cfn_internal_base_endpoint }}/v1}"
+heat_cfn_internal_endpoint: "{{ heat_cfn_internal_base_endpoint }}/v1"
 heat_cfn_public_endpoint: "{{ heat_cfn_public_base_endpoint }}/v1"
 
 heat_logging_debug: "{{ openstack_logging_debug }}"

ansible/roles/ironic/defaults/main.yml

@@ -236,7 +236,7 @@ ironic_conductor_default_volumes:
   - "kolla_logs:/var/log/kolla"
   - "ironic:/var/lib/ironic"
   - "{{ kolla_dev_repos_directory ~ '/ironic:/dev-mode/ironic' if ironic_dev_mode | bool else '' }}"
-  - "{{ 'ironic_prometheus_exporter_data:/var/lib/ironic/metrics' if enable_ironic_prometheus_exporter | bool else '' }}"
+  - "{{ 'ironic_prometheus_exporter_data:/var/lib/ironic-metrics' if enable_ironic_prometheus_exporter | bool else '' }}"
 ironic_tftp_default_volumes:
   - "{{ node_config_directory }}/ironic-tftp/:{{ container_config_directory }}/:ro"
   - "/etc/localtime:/etc/localtime:ro"
@@ -267,7 +267,7 @@ ironic_prometheus_exporter_default_volumes:
   - "/etc/localtime:/etc/localtime:ro"
   - "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
   - "kolla_logs:/var/log/kolla"
-  - "ironic_prometheus_exporter_data:/var/lib/ironic/metrics"
+  - "ironic_prometheus_exporter_data:/var/lib/ironic-metrics"
 
 ironic_extra_volumes: "{{ default_extra_volumes }}"
 ironic_api_extra_volumes: "{{ ironic_extra_volumes }}"

ansible/roles/ironic/tasks/precheck.yml

@@ -14,6 +14,7 @@
       - ironic_api
       - ironic_inspector
       - ironic_http
+      - ironic_prometheus_exporter
   check_mode: false
   register: container_facts
 

ansible/roles/ironic/templates/ironic.conf.j2

@@ -34,7 +34,7 @@ driver = prometheus_exporter
 driver = noop
 {% endif %}
 {% if enable_ironic_prometheus_exporter | bool %}
-location = /var/lib/ironic/metrics
+location = /var/lib/ironic-metrics
 {% endif %}
 
 [oslo_messaging_rabbit]

ansible/roles/magnum/tasks/register.yml

@@ -51,3 +51,4 @@
       cacert: "{{ openstack_cacert }}"
       region_name: "{{ openstack_region_name }}"
   run_once: True
+  when: not ansible_check_mode

ansible/roles/magnum/templates/magnum.conf.j2

@@ -154,5 +154,5 @@ connection_string = {{ osprofiler_backend_connection_string }}
 
 {% if magnum_kubeconfig_file_path is not defined %}
 [drivers]
-disabled_drivers = k8s_cluster_api_flatcar,k8s_cluster_api_ubuntu,k8s_cluster_api_ubuntu_focal
+disabled_drivers = k8s_cluster_api_flatcar,k8s_cluster_api_rockylinux,k8s_cluster_api_ubuntu,k8s_cluster_api_ubuntu_focal
 {% endif %}

ansible/roles/nova-cell/tasks/external_ceph.yml

@@ -41,7 +41,7 @@
 - name: Extract cinder key from file
   set_fact:
     cinder_cephx_raw_key:
-      "{{ lookup('file', cinder_cephx_keyring_file.stat.path) | regex_search('key\\s*=.*$', multiline=True) | regex_replace('key\\s*=\\s*(.*)\\s*', '\\1') }}"
+      "{{ lookup('template', cinder_cephx_keyring_file.stat.path) | regex_search('key\\s*=.*$', multiline=True) | regex_replace('key\\s*=\\s*(.*)\\s*', '\\1') }}"
   changed_when: false
   when:
     - cinder_backend_ceph | bool

ansible/roles/opensearch/tasks/post-config.yml

@@ -13,6 +13,7 @@
   retries: 30
   delay: 2
   run_once: true
+  when: not ansible_check_mode
 
 - name: Check if a log retention policy exists
   become: true
@@ -46,7 +47,9 @@
   delegate_to: "{{ groups['opensearch'][0] }}"
   run_once: true
   changed_when: opensearch_retention_policy_create.status == 201
-  when: opensearch_retention_policy_check.status == 404
+  when:
+    - not ansible_check_mode
+    - opensearch_retention_policy_check.status == 404
 
 - name: Apply retention policy to existing indices
   become: true
@@ -66,4 +69,6 @@
   delegate_to: "{{ groups['opensearch'][0] }}"
   run_once: true
   changed_when: opensearch_retention_policy_create.status == 201
-  when: opensearch_retention_policy_check.status == 404
+  when:
+    - not ansible_check_mode
+    - opensearch_retention_policy_check.status == 404

ansible/roles/rabbitmq/tasks/deploy.yml

 ---
+- import_tasks: version-check.yml
+
 - include_tasks: remove-ha-all-policy.yml
   when:
     - not om_enable_rabbitmq_high_availability | bool

ansible/roles/rabbitmq/tasks/version-check.yml

 ---
 - block:
-    - name: Get current RabbitMQ version
-      vars:
-        service_name: "rabbitmq"
-        service: "{{ rabbitmq_services[service_name] }}"
+    - name: Get container facts
       become: true
-      command: "{{ kolla_container_engine }} exec {{ service.container_name }} rabbitmqctl --version"
-      register: rabbitmq_version_current
-      changed_when: false
+      kolla_container_facts:
+        action: get_containers
+        container_engine: "{{ kolla_container_engine }}"
+        name:
+          - "{{ service.container_name }}"
+      register: container_facts
 
-    - name: Get new RabbitMQ version
-      become: true
-      vars:
-        rabbitmq_container: "{{ rabbitmq_services['rabbitmq'] }}"
-      kolla_container:
-        action: "start_container"
-        command: "rabbitmqctl --version"
-        detach: false
-        environment:
-          KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
-        image: "{{ rabbitmq_container.image }}"
-        name: "rabbitmq_version_check"
-        restart_policy: oneshot
-        volumes: "{{ rabbitmq_default_volumes + rabbitmq_extra_volumes }}"
-      register: rabbitmq_version_new
-      failed_when: false
-      check_mode: false
+    - block:
+        - name: Get current RabbitMQ version
+          become: true
+          command: "{{ kolla_container_engine }} exec {{ service.container_name }} rabbitmqctl --version"
+          register: rabbitmq_version_current
+          changed_when: false
+
+        - name: Get new RabbitMQ version
+          become: true
+          vars:
+            rabbitmq_container: "{{ rabbitmq_services['rabbitmq'] }}"
+          kolla_container:
+            action: "start_container"
+            command: "rabbitmqctl --version"
+            common_options: "{{ docker_common_options }}"
+            container_engine: "{{ kolla_container_engine }}"
+            detach: false
+            environment:
+              KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
+            image: "{{ rabbitmq_container.image }}"
+            name: "rabbitmq_version_check"
+            restart_policy: oneshot
+            volumes: "{{ rabbitmq_default_volumes + rabbitmq_extra_volumes }}"
+          register: rabbitmq_version_new
+          failed_when: false
+          check_mode: false
+
+        # As an example, when the new RabbitMQ version is 3.13.6:
+        # new_major_version = 3
+        # new_minor_version = 13
+        # new_version = 3.13
+        # And if the current RabbitMQ version is 3.11.28:
+        # upgrade_version = 3.12
+        - name: Check if running RabbitMQ is at most one version behind
+          vars:
+            current_version_major: "{{ rabbitmq_version_current.stdout | regex_search('^[0-9]+') }}"
+            current_version_minor: "{{ rabbitmq_version_current.stdout | regex_search('(?<=.)[^.].') }}"
+            current_version: "{{ rabbitmq_version_current.stdout | regex_replace('.[^.]+$', '') }}"
+            new_version_major: "{{ rabbitmq_version_new.stdout | regex_search('^[0-9]+') }}"
+            new_version_minor: "{{ rabbitmq_version_new.stdout | regex_search('(?<=.)[^.].') }}"
+            new_version: "{{ rabbitmq_version_new.stdout | regex_replace('.[^.]+$', '') }}"
+            # Note: this assumes 3.13 will be the last release before 4.0.
+            upgrade_version: "{{ '4.0' if current_version == '3.13' else current_version_major + '.' + (current_version_minor | int + 1) | string }}"
+          assert:
+            that: (current_version_major == new_version_major and
+                  new_version_minor | int - current_version_minor | int <= 1) or
+                  (new_version | float == 4.0 and current_version | float == 3.13)
+            fail_msg: >
+              Looks like you're trying to run a skip-release upgrade!
+              RabbitMQ must be at most one version behind the target release version ({{ rabbitmq_version_new.stdout | trim }}) to run this upgrade.
+              You are running {{ rabbitmq_version_current.stdout }}.
+              Please first upgrade to {{ upgrade_version }} with the command ``kolla-ansible rabbitmq-upgrade {{ upgrade_version }}``.
+              See these docs for more details: https://docs.openstack.org/kolla-ansible/latest/reference/message-queues/rabbitmq.html#slurp
+
+        - name: Catch when RabbitMQ is being downgraded
+          assert:
+            that: rabbitmq_version_current.stdout is version(rabbitmq_version_new.stdout | trim, 'le', version_type='semver')
+            fail_msg: >
+              Looks like you're about to downgrade RabbitMQ from version {{ rabbitmq_version_current.stdout }} to version {{ rabbitmq_version_new.stdout | trim }}.
+              If you're absolutely certain you want to do this, please skip the tag `rabbitmq-version-check`.
+              Otherwise, see these docs for how to pin the version of RabbitMQ:
+              https://docs.openstack.org/kolla-ansible/latest/reference/message-queues/rabbitmq.html#rabbitmq-versions
 
-    # As an example, when the new RabbitMQ version is 3.13.6:
-    # new_major_version = 3
-    # new_minor_version = 13
-    # new_version = 3.13
-    # And if the current RabbitMQ version is 3.11.28:
-    # upgrade_version = 3.12
-    - name: Check if running RabbitMQ is at most one version behind
-      vars:
-        current_version_major: "{{ rabbitmq_version_current.stdout | regex_search('^[0-9]+') }}"
-        current_version_minor: "{{ rabbitmq_version_current.stdout | regex_search('(?<=.)[^.].') }}"
-        current_version: "{{ rabbitmq_version_current.stdout | regex_replace('.[^.]+$', '') }}"
-        new_version_major: "{{ rabbitmq_version_new.stdout | regex_search('^[0-9]+') }}"
-        new_version_minor: "{{ rabbitmq_version_new.stdout | regex_search('(?<=.)[^.].') }}"
-        new_version: "{{ rabbitmq_version_new.stdout | regex_replace('.[^.]+$', '') }}"
-        # Note: this assumes 3.13 will be the last release before 4.0.
-        upgrade_version: "{{ '4.0' if current_version == '3.13' else current_version_major + '.' + (current_version_minor | int + 1) | string }}"
-      assert:
-        that: (current_version_major == new_version_major and
-              new_version_minor | int - current_version_minor | int <= 1) or
-              (new_version | float == 4.0 and current_version | float == 3.13)
-        fail_msg: >
-          Looks like you're trying to run a skip-release upgrade!
-          RabbitMQ must be at most one version behind the target release version ({{ rabbitmq_version_new.stdout | trim }}) to run this upgrade.
-          You are running {{ rabbitmq_version_current.stdout }}.
-          Please first upgrade to {{ upgrade_version }} with the command ``kolla-ansible rabbitmq-upgrade {{ upgrade_version }}``.
-          See these docs for more details: https://docs.openstack.org/kolla-ansible/latest/reference/message-queues/rabbitmq.html#slurp
+      when: container_facts[service.container_name] is defined
 
   delegate_to: "{{ groups[role_rabbitmq_groups] | first }}"
   run_once: true
   tags: rabbitmq-version-check
+  vars:
+    service_name: "rabbitmq"
+    service: "{{ rabbitmq_services[service_name] }}"

etc/kolla/globals.yml

@@ -40,7 +40,7 @@ workaround_ansible_issue_8743: yes
 #kolla_base_distro: "rocky"
 
 # Do not override this unless you know what you are doing.
-#openstack_release: "master"
+#openstack_release: "2024.2"
 
 # Docker image tag used by default.
 #openstack_tag: "{{ openstack_release ~ openstack_tag_suffix }}"

kolla_ansible/cli/commands.py

@@ -201,7 +201,8 @@ class OctaviaCertificates(KollaAnsibleMixin, Command):
     def take_action(self, parsed_args):
         extra_vars = {}
 
-        if hasattr(parsed_args, "check_expiry"):
+        if hasattr(parsed_args, "check_expiry") \
+                and parsed_args.check_expiry is not None:
             self.app.LOG.info("Checking if certificates expire "
                               "within given number of days.")
             extra_vars["octavia_certs_check_expiry"] = "yes"