Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Dear release team, Please unblock package openstack-cluster-installer While continuing the development, I've found a number of issues which I corrected and backported. This release 21 of openstack-cluster-installer contains these bugfixes (no new feature). I have attached the debdiff for the changes, though it may be hard to read, so I would recommend reading individual commits from Salsa over here: https://salsa.debian.org/openstack-team/debian/openstack-cluster-installer/commits/debian/buster The 8 commits are from 5th of March up to now. Please unblock openstack-cluster-installer/21. Cheers, Thomas Goirand (zigo)
diff -Nru openstack-cluster-installer-20/debian/changelog openstack-cluster-installer-21/debian/changelog --- openstack-cluster-installer-20/debian/changelog 2019-02-20 14:12:23.000000000 +0100 +++ openstack-cluster-installer-21/debian/changelog 2019-03-05 13:46:39.000000000 +0100 @@ -1,3 +1,18 @@ +openstack-cluster-installer (21) unstable; urgency=medium + + * Bugfix release for Buster which includes: + - Fixed reserve_ip_to_all_slaves_of_network() call in network_add API call. + - Correctly check for $mgmt_net["iface2"] and not $onenet when calculating + --static-iface. + - Fix block device list for swiftstore (statsd hostname was breaking it, + ordering was broken). + - Correctly set the erlang_cookie for rabbitmq as a random value. + - Correctly use a a real random key for heat's encryption key. + - Correct swift pipeline order when using encryption. + - Correctly set unix rights of drives in /srv/node. + + -- Thomas Goirand <z...@debian.org> Tue, 05 Mar 2019 13:46:39 +0100 + openstack-cluster-installer (20) unstable; urgency=medium * Set allow_resize_to_same_host to True on all nova nodes. diff -Nru openstack-cluster-installer-20/puppet/manifests/controller.pp openstack-cluster-installer-21/puppet/manifests/controller.pp --- openstack-cluster-installer-20/puppet/manifests/controller.pp 2019-02-20 14:12:23.000000000 +0100 +++ openstack-cluster-installer-21/puppet/manifests/controller.pp 2019-03-05 13:46:39.000000000 +0100 @@ -73,6 +73,7 @@ $all_swiftproxy = undef, $all_swiftproxy_ip = undef, $pass_mysql_rootuser = undef, + $pass_rabbitmq_cookie = undef, $pass_keystone_db = undef, $pass_keystone_messaging = undef, $pass_keystone_adminuser = undef, @@ -96,6 +97,7 @@ $pass_neutron_db = undef, $pass_neutron_messaging = undef, $pass_neutron_authtoken = undef, + $pass_heat_encryptkey = undef, $pass_heat_db = undef, $pass_heat_messaging = undef, $pass_heat_authtoken = undef, @@ -1281,7 +1283,7 @@ config_cluster => true, cluster_nodes => $all_masters, cluster_node_type => 'ram', - erlang_cookie => 'XAFSRAFNNFJOFSHLEUFT', + erlang_cookie => $pass_rabbitmq_cookie, wipe_db_on_cookie_change => true, }-> rabbitmq_vhost { '/': @@ -1937,7 +1939,7 @@ service_name => 'heat-api', } class { '::heat::engine': - auth_encryption_key => '1234567890AZERTYUIOPMLKJHGFDSQ12', + auth_encryption_key => $pass_heat_encryptkey[0,32], # heat_metadata_server_url => "${base_url}:8000/orchestration-cfn", # heat_waitcondition_server_url => "${base_url}:8000/orchestration-cfn/v1/waitcondition", } diff -Nru openstack-cluster-installer-20/puppet/manifests/swiftproxy.pp openstack-cluster-installer-21/puppet/manifests/swiftproxy.pp --- openstack-cluster-installer-20/puppet/manifests/swiftproxy.pp 2019-02-20 14:12:23.000000000 +0100 +++ openstack-cluster-installer-21/puppet/manifests/swiftproxy.pp 2019-03-05 13:46:39.000000000 +0100 @@ -156,7 +156,7 @@ # Because there's no ca_file option in castellan, we must # allow swiftproxy to run without encryption in case we're # running on a PoC without a real certificate for the API - $pipeline_start = [ 'catch_errors', 'healthcheck' ] + $pipeline_start = [ 'catch_errors', 'healthcheck', 'proxy-logging', 'cache', 'container_sync', 'bulk', 'ratelimit', 's3api', 's3token', 'authtoken', 'keystone', 'copy', 'container-quotas', 'account-quotas', 'slo', 'dlo', 'versioned_writes' ] if $swift_encryption_key_id == "" { $disable_encryption = true $pipeline_kms = $pipeline_start @@ -164,7 +164,7 @@ $disable_encryption = false $pipeline_kms = concat($pipeline_start, [ 'kms_keymaster', 'encryption' ]) } - $pipeline = concat($pipeline_kms, [ 'proxy-logging', 'cache', 'container_sync', 'bulk', 'ratelimit', 's3api', 's3token', 'authtoken', 'keystone', 'copy', 'container-quotas', 'account-quotas', 'slo', 'dlo', 'versioned_writes', 'proxy-server' ]) + $pipeline = concat($pipeline_kms, [ 'proxy-logging', 'proxy-server' ]) package { 'barbicanclient': name => 'python-barbicanclient', diff -Nru openstack-cluster-installer-20/puppet/manifests/swiftstore.pp openstack-cluster-installer-21/puppet/manifests/swiftstore.pp --- openstack-cluster-installer-20/puppet/manifests/swiftstore.pp 2019-02-20 14:12:23.000000000 +0100 +++ openstack-cluster-installer-21/puppet/manifests/swiftstore.pp 2019-03-05 13:46:39.000000000 +0100 @@ -103,7 +103,7 @@ exec { "fix-unix-right-of-${value}": path => "/bin", command => "chown swift:swift /srv/node/${value}", - unless => "cat /proc/mounts | grep -E ^/dev/sdk", + unless => "cat /proc/mounts | grep -E ^/dev/${value}", } } diff -Nru openstack-cluster-installer-20/src/api.php openstack-cluster-installer-21/src/api.php --- openstack-cluster-installer-20/src/api.php 2019-02-20 14:12:23.000000000 +0100 +++ openstack-cluster-installer-21/src/api.php 2019-03-05 13:46:39.000000000 +0100 @@ -581,6 +581,10 @@ if($json["status"] != "success"){ return $json; } $enc_file .= " pass_mysql_rootuser: " . $json["data"] . "\n"; + $json = get_cluster_password($con, $conf, $cluster_id, 'rabbitmq', 'cookie'); + if($json["status"] != "success"){ return $json; } + $enc_file .= " pass_rabbitmq_cookie: " . $json["data"] . "\n"; + $json = get_cluster_password($con, $conf, $cluster_id, 'keystone', 'db'); if($json["status"] != "success"){ return $json; } $enc_file .= " pass_keystone_db: " . $json["data"] . "\n"; @@ -673,6 +677,10 @@ if($json["status"] != "success"){ return $json; } $enc_file .= " pass_cinder_authtoken: " . $json["data"] . "\n"; + $json = get_cluster_password($con, $conf, $cluster_id, 'heat', 'encryptkey'); + if($json["status"] != "success"){ return $json; } + $enc_file .= " pass_heat_encryptkey: " . $json["data"] . "\n"; + $json = get_cluster_password($con, $conf, $cluster_id, 'heat', 'db'); if($json["status"] != "success"){ return $json; } $enc_file .= " pass_heat_db: " . $json["data"] . "\n"; @@ -873,7 +881,6 @@ $enc_file .= " network_cidr: $network_cidr\n"; $enc_file .= " zoneid: $machine_location\n"; $enc_file .= " block_devices:\n"; - $enc_file .= " statsd_hostname: $cluster_statsd_hostname\n"; $q = "SELECT * FROM blockdevices WHERE machine_id='$machine_id' AND name NOT LIKE '%da'"; $r = mysqli_query($con, $q); @@ -889,6 +896,8 @@ $enc_file .= " - $hdd_name\n"; } + $enc_file .= " statsd_hostname: $cluster_statsd_hostname\n"; + $json = get_cluster_password($con, $conf, $cluster_id, 'swift', 'hashpathsuffix'); if($json["status"] != "success"){ return $json; } $enc_file .= " pass_swift_hashpathsuffix: " . $json["data"] . "\n"; @@ -2300,7 +2309,7 @@ } } if($network["is_public"] == "no"){ - $ret = reserve_ip_to_all_slaves_of_network($con, $conf, $cluster_id, $network_id, $safe_role_name); + $ret = reserve_ip_to_all_slaves_of_network($con, $conf, $safe_cluster_id, $network["id"], $safe_role_name); if($ret["status"] != "success"){ $json["status"] = "error"; $json["message"] = $ret["message"]; diff -Nru openstack-cluster-installer-20/src/inc/slave_actions.php openstack-cluster-installer-21/src/inc/slave_actions.php --- openstack-cluster-installer-20/src/inc/slave_actions.php 2019-02-20 14:12:23.000000000 +0100 +++ openstack-cluster-installer-21/src/inc/slave_actions.php 2019-03-05 13:46:39.000000000 +0100 @@ -177,6 +177,7 @@ // Provision passwords for later insert_cluster_pass($con, $conf, $cluster_id, 'mysql', 'rootuser'); + insert_cluster_pass($con, $conf, $cluster_id, 'rabbitmq', 'cookie'); insert_cluster_pass($con, $conf, $cluster_id, 'keystone', 'adminuser'); insert_cluster_pass($con, $conf, $cluster_id, 'keystone', 'db'); insert_cluster_pass($con, $conf, $cluster_id, 'keystone', 'messaging'); @@ -200,6 +201,7 @@ insert_cluster_pass($con, $conf, $cluster_id, 'neutron', 'db'); insert_cluster_pass($con, $conf, $cluster_id, 'neutron', 'messaging'); insert_cluster_pass($con, $conf, $cluster_id, 'neutron', 'authtoken'); + insert_cluster_pass($con, $conf, $cluster_id, 'heat', 'encryptkey'); insert_cluster_pass($con, $conf, $cluster_id, 'heat', 'db'); insert_cluster_pass($con, $conf, $cluster_id, 'heat', 'messaging'); insert_cluster_pass($con, $conf, $cluster_id, 'heat', 'authtoken'); @@ -706,7 +708,7 @@ $iface1 = get_ethname_from_network_config($con, $conf, $machine_id, $mgmt_net["iface1"]); $netvlan = $mgmt_net["vlan"]; - if($onenet["iface2"] != "none"){ + if($mgmt_net["iface2"] != "none"){ $iface2 = get_ethname_from_network_config($con, $conf, $machine_id, $mgmt_net["iface2"]); if(is_null($netvlan)){ $network_params .= " --static-iface type=bond,iface0=$iface1,iface1=$iface2" . $addr_param;