chef-bcpc

Minor version 5.10.0

This represents a feature release. Notable features include a quota management
utility for nova and cinder, as well as implementation of software RAID on
ephemeral work nodes.

Upgrading

Changes in this release should allow one to upgrade seamlessly to openstack
2015.1.2 with minimal fanfare - See #886. Also, the specified rabbitmq-server
version has been moved from 3.5.6-1 to 3.6.0-1.

Full set of additional features and fixes includes:

#886 - Fixes to allow upgrading OpenStack in place to 2015.1.2
#926 - Add support for software RAID for ephemeral nodes
#945 - remove duplicated host-aggregates recipe from Compute run list
#946 - nova and cinder quota management
#947 - Remove deprecated services from hup_openstack
#948 - Bump rabbit to 3.5.7-1
#951 - Make sure to check for bootstrap-files/<chef_bcpc_version> ...
#952 - Reflect that ubuntu user is no longer deleted from bootstrap node
#954 - Bump version spec for rabbitmq to 3.6.0-1
#956 - Generate sample cluster.yml
#958 - Adds Chef server assets to scheduled backup
#959 - Remove old build_bins.sh script

Minor version 5.9.0

This represents a combined bugfix/feature release. Major features added include cluster build orchestration as outlined below.

Build Improvements

Fully functional capability to build a hardware cluster (or virtualized) using ansible orchestration tools.

Monitoring

Changes to some monitoring checks will require some manual intervention and may result in the loss of some short-term historical data. See #943, #929.

Upgrading

See above section on Monitoring.

Full set of additional features and fixes includes:

#863 - shuffling a huge pile of scripts into legacy_scripts
#876 - Adding an early check to verify local package mirror is available
#889 - Make Glance Registry workers parameterized
#890 - Do not automatically remove Ceph OSDs/mons
#891 - Do not automatically remove RabbitMQ cluster nodes
#892 - Do not auto-reap Nova services when removed from Chef
#898 - Insert PTR records for hypervisors
#906 - Install Linux perf packages
#907 - Increase proc.num trigger in Zabbix template
#909 - Generate strong password for ubuntu user so that it can be used in an emergency
#914 - Ensure validation tasks always run regardless of tags
#915 - Ignore DHCP clients we don't know on bootstrap node
#916 - Indicate destination of do_on_node action in log output
#917 - Fix conffile conflict while upgrading Zabbix
#919 - Some small bugfixes on the scripts that handle cluster.txt/cluster.yaml
#920 - Don't apply flavors recipes on work nodes
#921 - Don't hardcode the PNL mirror in the bootstrap sources.list template
#923 - Update ansible_cluster_convergence.md
#924 - Works as expected.
#929 - Zabbix templates rework and severity changes
#930 - Improve RabbitMQ resilience in the face of failures
#931 - Purge deprecated keystone upstart job, routemon from checks
#932 - cluster inventory arbitrary grouping
#933 - Extract configfile loading to common functions
#935 - Don't assume the local server's in the list of servers passed in
#938 - Fixes #937: disables mod_python
#940 - Parameterize WSGI processes/threads on the public Keystone API
#943 - Tighten RabbitMQ partitioning check

Minor revision 5.8.1

This is a bugfix release. In addition, preliminary support has been added for
instrumenting hardware builds of BCPC with ansible.

Full set of additional features and fixes includes:

#868 - Ansible playbooks for hardware builds
#887 - Toggle to disable Heat
#893 - Additonal bootstrap packages
#899 - Limit loading of CloudCollector to head nodes
#900 - Update nova-network Zabbix trigger
#901 - raising kernel.pid_max to the maximum allowable setting

Minor version 5.8.0

This is a combined bugfix/feature release.

Build improvements

• bootstrap build binary artifact caching; whereas build dependency caching
  was previously implemented in https://github.com/bloomberg/chef-bcpc/releases/tag/5.4.0

Monitoring

• new Diamond collector
• prevent I/O storm when creating whisper files
• integration with pagerduty

Dependency versioning

Explicit dependency versioning by means of the default attribute file is
scheduled to be deprecated in the next major release 6.0.0. See #875.
Otherwise, the following changes are specified:

• rabbitmq 3.5.5-3 -> 3.5.6-1
• haproxy 1.5.14-1ppatrusty -> 1.5.15-1ppa1trusty
• ceph 0.94.3-trusty -> 0.94.5-1trusty

Full set of additional features and fixes includes:

#796 - Cache binary build products outside bootstrap VM for faster bootstraps
#834 - Fixes #630 - performs Nova DB sync before installing Nova services
#836 - Add Diamond openstack collector
#852 - Parameterize limit on whisper files to create per minute
#854 - Create region in keystone.region table if it is not there already.
#856 - Remove hardcoded path in shared_build_bins.sh
#857 - Zabbix integration with Pagerduty
#858 - Parameterize nova default log levels
#861 - updating RabbitMQ to 3.5.6-1
#862 - Fixes #859 - improves VIP change script behavior
#865 - Add reserved tcp ports
#866 - Increase default MySQL connections to ease multi-headnode deployments
#867 - Parameterize sysctl
#869 - upgrading Ceph to 0.94.4
#870 - Add ability to specify SSL certificate for S3 endpoint
#872 - Remove use_bootstrap_v2 toggle that is no longer needed
#874 - Move openstack-dashboard.conf back to /etc/apache2/conf-available
#878 - Gate nova-volume-boot-size patch to only apply to 2015.1.0/2015.1.1
#880 - updating Ceph to 0.94.5
#883 - Fixes #882 - regression caused Cinder patch to not apply to 2015.1.2
#888 - adding Vim to default package installations

Minor version 5.7.0

The focus of this release is primarily of benefit for operators and users. There is now support for regularly scheduled backups and improved monitoring for ceph and elasticsearch. Additionally, RadosGW quotas are now enforced. Some major bug fixes are backported, including a fix to security group handling and the manner in which boot-from-volume is handled when volume and flavor size metadata mismatches.

In-cluster functional tests are improved via minor bug fixes.

Some dependencies are additionally included/upgraded: RabbitMQ server version 3.5.5-3 installs by default and python-tz is added to the set of default package installation candidates.

Upgrading

Some feature improvements will require manual intervention. The default quota limit for cinder volumes is removed, which requires operator intervention to take effect. See comments in #805.

Full set of additional features and fixes includes:

#752 - Apt-mirror cleanup
#771 - Switch catalog backend to SQL
#775 - Deploy (and upgrade) Kibana using apt
#794 - Configure cluster for scheduled MySQL/data bag backups on bootstrap node
#801 - Fix float association race condition in multi-head cluster
#805 - Update Cinder default volumes quota from 10 to -1
#807 - Finish up rally setup
#810 - Add check for floats attached to instances in non-existent tenants. F…
#814 - Parameterize and increase RabbitMQ open files limit
#815 - Toggle for enabling/disabling swap
#817 - Fix quota-class-update command
#819 - Fixes #791 - stops getty log spam on Vagrant builds
#820 - Update Zabbix template for Linux
#822 - Fixes #816 - boot from volume fails if volume does not match flavor size
#823 - Collect Elasticsearch metrics
#824 - python-tz is required for Graphite webapp
#825 - Manage RGW user quotas
#827 - Add haproxy BASIC auth for kibana backend
#828 - Fixes #826 - backports patch to fix refreshing security groups
#829 - Replace potentially compromised upstream Ceph signing key
#830 - Collect Ceph pools and cluster metrics
#839 - Bump rabbitmq-server version to 3.5.5-3
#842 - List buckets with prefix and log on failures in rgw check
#843 - Do not regenerate haproxy monitoring admin password hash every run. F…
#844 - Convert DOS line endings to UNIX when reading in CA certificates
#845 - Replaces HAProxy config template with concat_fragment setup
#848 - Move firewall TCP ports out of template into attribute
#849 - Add some checks for case of re-provision during swap creation

Minor revision 5.6.1

This is mostly a bugfix release. The most notable fix is the addition of support for cinder to recognize existing availability zones that are not configured explicitly as storage availability zones. Additionally, Ceph has been upgraded to 0.94.3 due to changes in the ceph package repositories.

Full set of additional features and fixes includes:

#735 - Getty
#781 - Parameterize Openstack logging verbosity option
#789 - Workaround for #786 - Only reload PowerDNS data into MySQL if it changes
#795 - Fixes #772 - Relocates RADOSgw log for logrotate
#799 - Fixes #798 - patches Cinder to be able to fall back to a configured AZ
#800 - Upgrade Ceph to 0.94.3

Minor version 5.6.0

Major features of this release include improved resource isolation and utilization. A change to the nova scheduler behavior and the addition of support for ServerGroup and Availability Zones have been added to increase system robustness. Further changes include the continued improvements to monitoring as well as support for larger storage: for users and in the Vagrant development environment.

Full set of additional features and fixes includes:

#748 - Randomize host selection from scheduler
#765 - Fixes bug where Ceph keys in data bag could beome desynced
#766 - Monitor RabbitMQ
#767 - Turn on ServerGroups for all users
#768 - Availability zones
#769 - Add fallback firewall rule for out-of-cluster Zabbix-agent communication
#770 - Changes Vagrant behavior so that all nodes but bootstrap get extra disks
#774 - Power DNS stats page
#776 - Adds remaining ephemeral flavors up to e1.2xlarge
#780 - Make mon_pg_warn_max_per_osd configurable (300 is upstream default)
#785 - Checking for SHAs of 2015.1.0 files to decide whether to patch

Minor version 5.5.0

The major change to this release is support for Ephemeral work nodes. Additionally, there are some improvements to the user experience rooted in the handling of SSL certificates. Furthermore, tenants are now able to modify the metadata of their instances.

Full set of additional features and fixes includes:

#736 - Ephemeral storage option
#740 - Add ability to specify custom SSL keypair
#758 - OPENSTACK_HOST to use FQDN, self-signed cert setting changes
#759 - Upgrade Zabbix to 2.4
#760 - Parameterize worker counts for Glance, Cinder and Heat
#761 - Rework the landing page in several ways
#762 - Allow tenants to modify instance metadata

Minor version 5.4.0

The major changes in this release include a heavy focus on monitoring and policy definition, as well as improvements to the user experience:

• Image uploads through Horizon are now supported
• Previous issues with inconsistent default security group definitions have been addressed
• Glance APIv2 is now supported and enabled by default

As for monitoring, aside from minor monitoring application UI improvements:

• Cinder and Glance logs are now collected via fluentd by default
• Graphite short urls are now properly redirected with SSL support

Additionally, there are changes to way hosts are named; Chef node names now correspond to their respective machine hostnames as a result of improved handling of domain name parameters.

Finally, this release continues to improve upon the vagrant bootstrap process, including increased configurability and the inclusion of build timing information. The handling of vendor and third-party software and dependencies continues to move away from direct compilation towards the use of packages, mainly .deb archives and gems.

Full set of additional features and fixes includes:

#657 - Update policy files
#663 - Guarantees update-ca-certificates will fire in the same block
#665 - Replaces compiled Zabbix with official Zabbix packages
#666 - Updates default security group mechanism for Kilo
#667 - Bug fix and metadata config extension.
#668 - Fixes #599 - allows uploading images to Glance via Horizon
#669 - Fixes #659 - backports fix to allow Glance API v2 to deal with nulls
#670 - Make Graphite webapp work properly with SSL termination
#671 - Hacks in a fix on the trousers postinst script so that it installs
#672 - reorders Erlang packages to install in dependency order
#673 - Updates rng-tools to work properly with Trusty
#676 - Add additional test for generated pip deb. Fixes #675
#677 - Update fluentd config to ship Cinder and Glance logs
#681 - Upgrade HAProxy to 1.5.13
#682 - Dropping parts of the repo that are vestigial/unmaintained
#685 - Modify Nova policy to allow only supported actions
#686 - Remove duplicate attribute declarations
#688 - Stuck carbon-relay fix
#689 - Parameterize Java options for Elasticsearch
#691 - Upgrading HAProxy to 1.5.14
#692 - MySQL partitioning for Zabbix
#693 - Making all Keystone backends configurable
#694 - Tighten cinder policy
#696 - Upgrade fluentd to v2
#697 - Extend iptables for monitoring
#700 - New host aggregates LWRP
#701 - Install logtail for Zabbix checks
#702 - New recipe for dumping dev only tools in
#703 - Numerous updates to Vagrant bootstrap process
#705 - Remove duplicate powerdns recipe
#707 - Reinstate nova and rgw functional checks
#708 - Fix Zabbix agent check errors
#710 - Improve routemon behavior when network is funky.
#711 - Parameterize innodb_buffer_pool_size
#712 - Target ceph config changes to particular process Fixes #664
#714 - Use post 0.50 cephx config
#715 - Fixes #713 - no longer requires config overrides file to exist
#716 - Separating cluster and hypervisor domains
#718 - tag all routes with proto static
#719 - Reinstate Diamond 4.x
#720 - Two CephX changes: Cinder/Glance CephX clients and perms on admin sockets
#722 - fluentd only provides amd64 packages, so specify amd64 as only arch
#723 - Remove zabbix group dependency from functional checks
#724 - FQDN endpoints in catalog, configs and .rc files
#725 - Time how long it takes to deploy a cluster
#726 - Script to enable/disable Elasticsearch shard rebalancing
#727 - Update rabbitmq-server to version 3.5.4-1
#728 - Organize Ceph and RGW Zabbix checks
#729 - Parameterize PHP settings for Zabbix
#730 - Allow nova diagnostics $machine
#731 - Restrict image upload
#732 - Disable metrics that are unlikely to be consumed
#733 - default sec group rules for admin tenant
#734 - Keystone notification logging
#741 - Fix the excludes to not drop README.md in the cookbooks
#745 - Enable Zabbix alert scripts path
#746 - Glance API version 2 upgrade
#749 - Quota refresh for nova
#751 - Remove building from Zabbix source
#755 - reconciling fluentd gems between the build_bins scripts
#757 - Release 5.4 fixes

Minor version 5.3.0

The highlight of this release is introduction of Ceph Hammer (https://ceph.com/releases/v0-94-hammer-released/). As part of the change, we have also added a new Chef role for RadosGW. We recommend re-bootstrapping your cluster as the changes may not chef in cleanly.

Full list of changes:

#661 Make disconnected builds work
#656 Improve memcached resiliency
#655 Fix DNS for guests
#653 Nova RBD updates
#647 Provide monitoring hostname overrides
#631 Bring Openstack policy management under Chef
#626 Ceph Hammer release

Minor version 5.2.0

This release improves the cluster bootstrapping process by not making use of Cobbler for Vagrant-based builds and provides a common configuration file for bootstrapping options. It is also now possible to bootstrap VMs dedicated to the monitoring role.

Full set of additional features and fixes includes:

#622 New Vagrant bootstrap process
#644 Optionally bootstrap 1-3 monitoring nodes
#639 Moving the dhcp-server patch to fix multi-tenant nova-network bug (#634)
#628 Avoid MySQL deadlocks with Zabbix
#633 Auto host registration in Zabbix
#632 Prioritize Ceph OSD and Mons processes higher
#638 Revert nova-single CPU patch as fix is now in upstream libvirt package
#645 Extend Keystone wait to work around failed Chef run (#619)
#643 Add a way to hide Openstack Horizon panels
#625 Packer build for bootstrap node. This large PR also comes with various fixes, not limited to, nova security groups pre-creation guard and bootstrap node performance improvements.

Minor version 5.1.0

This release is not upgrade-compatible with any previous minor versions, i.e., it is not possible to simply update your sources and re-run Chef cleanly. This is discussed in #581 and #606.

Multiple improvements include CPU governor tuning, a pluggable custom metadata service, support for an external LDAP server as a keystone backend, support for defining custom machine flavors, and the addition of the Rally benchmarking suite by default. Some minor changes include a cleaner chef run output, as well as a new Release Notes format.

Full set of additional features and fixes includes:

#557 Reconfigure Kibana to use local Elasticsearch node instead of VIP
#559 Toggle for nova debug
#569 Stable/release 5.x cpufreq add ondemand value tuning
#570 Add support for bootstrap-specific apt mirror when using Vagrant
#571 Rally Automatic Setup on Bootstrap Node
#575 Bugfix for #572 - increases default conductor workers to 5
#576 In Kilo, glance settings must now be in a separate config section.
#577 Fixes #574 - allows amqp_durable_queues control via attribute
#580 Fixes #573 - patches Nova networking to not use the same DHCP server
#581 Bump specified erlang version in attributes
#585 Fixes #582 - upgrades pip to be compatible with newer python-requests
#586 we don't actually use CephFS, so removing these resources
#587 Clean up Chef run output
#588 Destroys nova-service-restart-wrapper and salts the earth
#589 Upgrading Cirros to 0.3.4 to stay current
#591 Fixes monitoring role requiring two runs to set up
#592 Fixes #590 - adds function for deterministically shuffling a list
#593 Don't regenerate SOA timestamps on each Chef run
#594 Moving a few envvars from bootstrap into an ignored file
#595 Redefine and parameterize nova scheduler filters
#603 Make Graphite web configuration compatible with Apache 2.4
#604 Fixes #596 - pre-creates .rgw.buckets.extra for RADOSgw
#605 Upgrading RabbitMQ to 3.5.3
#606 Optional LDAP integration.
#607 Require minimum Vagrant version of 1.7.0
#611 Add support for custom flavors
#612 Default quotas under control of chef
#613 Relocate zabbix server to monitoring role
#615 Don't collect RabbitMQ queue metrics by default
#616 Custom metadata
#617 Fixes a failure that would occur on the initial Chef of a node
#618 Release 5 non vagrant
#623 5.1.0 documentation update

Major version 5.0.0

The beginning of release series 5.x. This series is characterized by a version upgrade of the Openstack software suite. Openstack has been upgraded from Icehouse to Kilo.

Additional features include:

• Improved support for apt mirrors during the bootstrap process #563
• Deprecated support for centos in cobbler configuration

Architectural Changes:

• RabbitMQ and Memcached are no longer proxied through HAProxy
• Keystone migrated from Eventlet to using WSGI

Major version 4.0.0

The beginning of new release series 4.x. This series is characterized by a change to the supported operating system and a version upgrade for Openstack. The Openstack suite will, by default, run on Ubunty Trusty (14.04) and the Openstack release has been upgraded from Havana to Icehouse.

Additional features include:

• Chef 12
• Overhaul of the DNS mechanism
  • Support for EC2-style hostnames #533
  • Other changes to powerdns

Minor revision 3.2.4

• Graphite metrics retention parameterization #552
• CPU scaling governor control #550
• Upgrade Elasticsearch and Kibana to latest stable version #548 #551
• Elasticsearch split-brain protection #547
• cluster.txt machine lookup utility #544
• IP rules toggle for VM and API interaction #509
• Recipes cleanup #545 #546

Minor release 3.2.3

• Tester user role fix #542
• Live migration patch disabled by default #536
• Reduction of Nova workers #537
• Increase MySQL max_connections default limit #538
• cluster-check fix #535
• Firewall update for monitoring #534
• Fix for failed builds due to large cookbooks #522
• Deprecate keystone-token-cleaner cron job #526

Minor revision 3.2.2

• Live migration and patch cleanup #493
• More useful CPU and RAM allocation numbers for laptop environments #508
• Dynamic configuration of path to private key when using vagrant #511
• Changes to rabbitmq recipe to address release of 3.5.0 #519
• Fixes, including
  • #516
  • #506

Minor revision 3.2.1

This release adds memcached to the stack. Additional features include:

• Keystone token caching with memcached #491
• Unification of keystone-admin backends in haproxy #492
• Elasticsearch/Kibana services relocation to BCPC-Monitoring role #498
• SSL by default for VNC console connections #500
• Fixes, including
  • #495

Minor release 3.2.0

Noteworthy changes include some reorganization of chef roles, impacting the services designated to each class of node. Also serving as a departure from previous behavior, is the migration to keystone as the authentication backend for RadosGW. Additional features include:

• Cookbook versions match release version #499
• Chef role refactoring
  • New BCPC-Monitoring role with base monitoring database setup #474
  • haproxy-head recipe for Headnode role #478
  • Permanently relocate graphite from head to monitoring role #483
  • Implement search_nodes method that searches by role/recipe #470
• Hooks to restart radosgw daemon #494
• Keystone-backed S3 authentication #484
• Sub-domain-style S3 bucket naming #487
• MySQL node quorum-checking #479
• Unique VRID generation #477
• SSH daemon listens on additional, storage network ip. #382
• TPM recipe implements template-based configuration #472

Various fixes, including

• #497
• #475

Minor revision 3.1.4

• Fix for issue #485