Bug#926230: unblock: openstack-cluster-installer/21
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Dear release team,
Please unblock package openstack-cluster-installer
While continuing the development, I've found a number of issues which I
corrected and backported. This release 21 of openstack-cluster-installer
contains these bugfixes (no new feature).
I have attached the debdiff for the changes, though it may be hard to
read, so I would recommend reading individual commits from Salsa over
here:
https://salsa.debian.org/openstack-team/debian/openstack-cluster-installer/commits/debian/buster
The 8 commits are from 5th of March up to now.
Please unblock openstack-cluster-installer/21.
Cheers,
Thomas Goirand (zigo)
diff -Nru openstack-cluster-installer-20/debian/changelog openstack-cluster-installer-21/debian/changelog
--- openstack-cluster-installer-20/debian/changelog 2019-02-20 14:12:23.000000000 +0100
+++ openstack-cluster-installer-21/debian/changelog 2019-03-05 13:46:39.000000000 +0100
@@ -1,3 +1,18 @@
+openstack-cluster-installer (21) unstable; urgency=medium
+
+ * Bugfix release for Buster which includes:
+ - Fixed reserve_ip_to_all_slaves_of_network() call in network_add API call.
+ - Correctly check for $mgmt_net["iface2"] and not $onenet when calculating
+ --static-iface.
+ - Fix block device list for swiftstore (statsd hostname was breaking it,
+ ordering was broken).
+ - Correctly set the erlang_cookie for rabbitmq as a random value.
+ - Correctly use a a real random key for heat's encryption key.
+ - Correct swift pipeline order when using encryption.
+ - Correctly set unix rights of drives in /srv/node.
+
+ -- Thomas Goirand <zigo@debian.org> Tue, 05 Mar 2019 13:46:39 +0100
+
openstack-cluster-installer (20) unstable; urgency=medium
* Set allow_resize_to_same_host to True on all nova nodes.
diff -Nru openstack-cluster-installer-20/puppet/manifests/controller.pp openstack-cluster-installer-21/puppet/manifests/controller.pp
--- openstack-cluster-installer-20/puppet/manifests/controller.pp 2019-02-20 14:12:23.000000000 +0100
+++ openstack-cluster-installer-21/puppet/manifests/controller.pp 2019-03-05 13:46:39.000000000 +0100
@@ -73,6 +73,7 @@
$all_swiftproxy = undef,
$all_swiftproxy_ip = undef,
$pass_mysql_rootuser = undef,
+ $pass_rabbitmq_cookie = undef,
$pass_keystone_db = undef,
$pass_keystone_messaging = undef,
$pass_keystone_adminuser = undef,
@@ -96,6 +97,7 @@
$pass_neutron_db = undef,
$pass_neutron_messaging = undef,
$pass_neutron_authtoken = undef,
+ $pass_heat_encryptkey = undef,
$pass_heat_db = undef,
$pass_heat_messaging = undef,
$pass_heat_authtoken = undef,
@@ -1281,7 +1283,7 @@
config_cluster => true,
cluster_nodes => $all_masters,
cluster_node_type => 'ram',
- erlang_cookie => 'XAFSRAFNNFJOFSHLEUFT',
+ erlang_cookie => $pass_rabbitmq_cookie,
wipe_db_on_cookie_change => true,
}->
rabbitmq_vhost { '/':
@@ -1937,7 +1939,7 @@
service_name => 'heat-api',
}
class { '::heat::engine':
- auth_encryption_key => '1234567890AZERTYUIOPMLKJHGFDSQ12',
+ auth_encryption_key => $pass_heat_encryptkey[0,32],
# heat_metadata_server_url => "${base_url}:8000/orchestration-cfn",
# heat_waitcondition_server_url => "${base_url}:8000/orchestration-cfn/v1/waitcondition",
}
diff -Nru openstack-cluster-installer-20/puppet/manifests/swiftproxy.pp openstack-cluster-installer-21/puppet/manifests/swiftproxy.pp
--- openstack-cluster-installer-20/puppet/manifests/swiftproxy.pp 2019-02-20 14:12:23.000000000 +0100
+++ openstack-cluster-installer-21/puppet/manifests/swiftproxy.pp 2019-03-05 13:46:39.000000000 +0100
@@ -156,7 +156,7 @@
# Because there's no ca_file option in castellan, we must
# allow swiftproxy to run without encryption in case we're
# running on a PoC without a real certificate for the API
- $pipeline_start = [ 'catch_errors', 'healthcheck' ]
+ $pipeline_start = [ 'catch_errors', 'healthcheck', 'proxy-logging', 'cache', 'container_sync', 'bulk', 'ratelimit', 's3api', 's3token', 'authtoken', 'keystone', 'copy', 'container-quotas', 'account-quotas', 'slo', 'dlo', 'versioned_writes' ]
if $swift_encryption_key_id == "" {
$disable_encryption = true
$pipeline_kms = $pipeline_start
@@ -164,7 +164,7 @@
$disable_encryption = false
$pipeline_kms = concat($pipeline_start, [ 'kms_keymaster', 'encryption' ])
}
- $pipeline = concat($pipeline_kms, [ 'proxy-logging', 'cache', 'container_sync', 'bulk', 'ratelimit', 's3api', 's3token', 'authtoken', 'keystone', 'copy', 'container-quotas', 'account-quotas', 'slo', 'dlo', 'versioned_writes', 'proxy-server' ])
+ $pipeline = concat($pipeline_kms, [ 'proxy-logging', 'proxy-server' ])
package { 'barbicanclient':
name => 'python-barbicanclient',
diff -Nru openstack-cluster-installer-20/puppet/manifests/swiftstore.pp openstack-cluster-installer-21/puppet/manifests/swiftstore.pp
--- openstack-cluster-installer-20/puppet/manifests/swiftstore.pp 2019-02-20 14:12:23.000000000 +0100
+++ openstack-cluster-installer-21/puppet/manifests/swiftstore.pp 2019-03-05 13:46:39.000000000 +0100
@@ -103,7 +103,7 @@
exec { "fix-unix-right-of-${value}":
path => "/bin",
command => "chown swift:swift /srv/node/${value}",
- unless => "cat /proc/mounts | grep -E ^/dev/sdk",
+ unless => "cat /proc/mounts | grep -E ^/dev/${value}",
}
}
diff -Nru openstack-cluster-installer-20/src/api.php openstack-cluster-installer-21/src/api.php
--- openstack-cluster-installer-20/src/api.php 2019-02-20 14:12:23.000000000 +0100
+++ openstack-cluster-installer-21/src/api.php 2019-03-05 13:46:39.000000000 +0100
@@ -581,6 +581,10 @@
if($json["status"] != "success"){ return $json; }
$enc_file .= " pass_mysql_rootuser: " . $json["data"] . "\n";
+ $json = get_cluster_password($con, $conf, $cluster_id, 'rabbitmq', 'cookie');
+ if($json["status"] != "success"){ return $json; }
+ $enc_file .= " pass_rabbitmq_cookie: " . $json["data"] . "\n";
+
$json = get_cluster_password($con, $conf, $cluster_id, 'keystone', 'db');
if($json["status"] != "success"){ return $json; }
$enc_file .= " pass_keystone_db: " . $json["data"] . "\n";
@@ -673,6 +677,10 @@
if($json["status"] != "success"){ return $json; }
$enc_file .= " pass_cinder_authtoken: " . $json["data"] . "\n";
+ $json = get_cluster_password($con, $conf, $cluster_id, 'heat', 'encryptkey');
+ if($json["status"] != "success"){ return $json; }
+ $enc_file .= " pass_heat_encryptkey: " . $json["data"] . "\n";
+
$json = get_cluster_password($con, $conf, $cluster_id, 'heat', 'db');
if($json["status"] != "success"){ return $json; }
$enc_file .= " pass_heat_db: " . $json["data"] . "\n";
@@ -873,7 +881,6 @@
$enc_file .= " network_cidr: $network_cidr\n";
$enc_file .= " zoneid: $machine_location\n";
$enc_file .= " block_devices:\n";
- $enc_file .= " statsd_hostname: $cluster_statsd_hostname\n";
$q = "SELECT * FROM blockdevices WHERE machine_id='$machine_id' AND name NOT LIKE '%da'";
$r = mysqli_query($con, $q);
@@ -889,6 +896,8 @@
$enc_file .= " - $hdd_name\n";
}
+ $enc_file .= " statsd_hostname: $cluster_statsd_hostname\n";
+
$json = get_cluster_password($con, $conf, $cluster_id, 'swift', 'hashpathsuffix');
if($json["status"] != "success"){ return $json; }
$enc_file .= " pass_swift_hashpathsuffix: " . $json["data"] . "\n";
@@ -2300,7 +2309,7 @@
}
}
if($network["is_public"] == "no"){
- $ret = reserve_ip_to_all_slaves_of_network($con, $conf, $cluster_id, $network_id, $safe_role_name);
+ $ret = reserve_ip_to_all_slaves_of_network($con, $conf, $safe_cluster_id, $network["id"], $safe_role_name);
if($ret["status"] != "success"){
$json["status"] = "error";
$json["message"] = $ret["message"];
diff -Nru openstack-cluster-installer-20/src/inc/slave_actions.php openstack-cluster-installer-21/src/inc/slave_actions.php
--- openstack-cluster-installer-20/src/inc/slave_actions.php 2019-02-20 14:12:23.000000000 +0100
+++ openstack-cluster-installer-21/src/inc/slave_actions.php 2019-03-05 13:46:39.000000000 +0100
@@ -177,6 +177,7 @@
// Provision passwords for later
insert_cluster_pass($con, $conf, $cluster_id, 'mysql', 'rootuser');
+ insert_cluster_pass($con, $conf, $cluster_id, 'rabbitmq', 'cookie');
insert_cluster_pass($con, $conf, $cluster_id, 'keystone', 'adminuser');
insert_cluster_pass($con, $conf, $cluster_id, 'keystone', 'db');
insert_cluster_pass($con, $conf, $cluster_id, 'keystone', 'messaging');
@@ -200,6 +201,7 @@
insert_cluster_pass($con, $conf, $cluster_id, 'neutron', 'db');
insert_cluster_pass($con, $conf, $cluster_id, 'neutron', 'messaging');
insert_cluster_pass($con, $conf, $cluster_id, 'neutron', 'authtoken');
+ insert_cluster_pass($con, $conf, $cluster_id, 'heat', 'encryptkey');
insert_cluster_pass($con, $conf, $cluster_id, 'heat', 'db');
insert_cluster_pass($con, $conf, $cluster_id, 'heat', 'messaging');
insert_cluster_pass($con, $conf, $cluster_id, 'heat', 'authtoken');
@@ -706,7 +708,7 @@
$iface1 = get_ethname_from_network_config($con, $conf, $machine_id, $mgmt_net["iface1"]);
$netvlan = $mgmt_net["vlan"];
- if($onenet["iface2"] != "none"){
+ if($mgmt_net["iface2"] != "none"){
$iface2 = get_ethname_from_network_config($con, $conf, $machine_id, $mgmt_net["iface2"]);
if(is_null($netvlan)){
$network_params .= " --static-iface type=bond,iface0=$iface1,iface1=$iface2" . $addr_param;
Reply to: