openstack-cluster-installer (43.0.19) unstable; urgency=medium

  [ Thomas Goirand ]
  * [7bb6bfb] Also quote strings for machines string attributes variables.json.
  * [4a0a7c3] Maintain /etc/oci/oci-repository-key.asc with puppet.
  * [687d68e] cinder-volume on compute: add coordination URL.
  * [a8aca76] Define service_type in [keystone_authtoken] for all services.
    This makes application credentials work
  * [957d881] Correctly decode oci repository key when writing it down.
  * [2edc8d7] & [eb1e9f0] Fix tempest.pp for Flamingo.
  * [1351a77] Allow upgrading from epoxy to flamingo & gazpacho.
  * [f83d7ab] Fix creating intial swift ring (avoid multiple rebalances).
  * [ba45ae2] controller.pp: ceilometer-upgrade must happen after haproxy.
  * [37ba589] oci-poc: Add one more VM as tempest node for cl3.
  * [5694243] Switch [libvirt]/swtpm_{user,group} to tss.
  * [27141ba] Tweakable number of cinder-api processes.
  * [d4c70da] Use a single /etc/apt/sources.list.d/osbpo.debian.net.sources.
  * [23340f9] compute.pp: Correctly setup libvirtd_config for yoga and down.
  * [83675a2] Add dependency list for upgrading to Flamingo.
  * [971a735] poc-bin/oci-poc-setup: Use --bullseye-compat-fs when setting-up
    buster or bullseye.
  * [037d7c4] Fix syntax error in bin/oci-cluster-upgrade-openstack-release.
  * [d4f44e5] openstack-cluster-installer-build-live-image: Only install
    ilorest when not buster and bullseye.
  * [50c296b] Update the HPE repository key.
  * [d652d62] More tempest exclude tests.
  * [e845660] Vendor repo keys.
  * [9952cc5] Some fixes for the upgrade script.

  [ Simeon Gourlin ]
  * [bd1c995] fix: haproxy throttling

  [ Axel Jacquet ]
  * [9459109] fix: double logging in syslog and neutron router directory,
    rsyslog rule.

 -- Thomas Goirand <zigo@debian.org>  Thu, 15 Jan 2026 09:42:40 +0100

openstack-cluster-installer (43.0.18) unstable; urgency=medium

  * [dcfdece] Do not mask keepalived.service, as it's creating a puppet
    dependency loop.

 -- Thomas Goirand <zigo@debian.org>  Sat, 29 Nov 2025 22:39:11 +0100

openstack-cluster-installer (43.0.17) unstable; urgency=medium

  * [46ceb8f] enc.php: quote strings comming from variables.json
  * [4905aae] libvirtd tweaks: allow increasing defaults.

 -- Thomas Goirand <zigo@debian.org>  Fri, 28 Nov 2025 15:36:01 +0100

openstack-cluster-installer (43.0.16) unstable; urgency=medium

  * [7901dda] Fix compute-decomission when there's a cluster key.
  * [1822949] Replace HOSTNAME by MYHOSTNAME in compute-decomission to avoid
    issues with bash.
  * [bf5106b] Make it possible to select NUMA per compute node
  * [b77d2b2] Add VMMS migration start/end time tunable.

 -- Thomas Goirand <zigo@debian.org>  Tue, 25 Nov 2025 08:43:50 +0100

openstack-cluster-installer (43.0.15) unstable; urgency=medium

  [ Thomas Goirand ]
  * [39ead33] compute.pp: enable vm.unprivileged_userfaultfd to allow post-copy
    migrations.
  * [c159fa0] Fix get_cluster_password() for multi-az Ceph deployments.
  * [e4dd15e] Print Ceph AZ in ocicli machine-show.
  * [ef5139b] Example config for numad.
  * [881c2b3] Logrotate hourly tunable.
  * [0e94baa] configure_backports.pp: Fix configuring apt-keys.
  * [be57e40] Add a compute-decomission option to ocicli.
  * [52e66a5] Tweak live-migration delay, steps and completion_timeout.
  * [74df0b1] Make number of RPC and API workers for Neutron tweakable.
  * [f41de03] Tweakable max_concurrent_live_migrations.
  * [d55816e] Add tunable to install or not numad.

  [ axel.jacquet ]
  * [8e288e3] feat: add threading for polling on compute side

  [ Jim Scadden ]
  * [c2e77b0] Ensure GPU IDs are quoted in ENC output for compute.

 -- Thomas Goirand <zigo@debian.org>  Thu, 20 Nov 2025 17:17:50 +0100

openstack-cluster-installer (43.0.14) unstable; urgency=medium

  * [4018652] Increase default fact limits.
  * [f845cda] Fix MySQL db charset and collate depending on Debian suite name.
  * [62df324] Better HPe IPMI initial setup.

 -- Thomas Goirand <zigo@debian.org>  Tue, 11 Nov 2025 22:19:39 +0100

openstack-cluster-installer (43.0.13) unstable; urgency=medium

  [ Theo Gindre ]
  * [35deb58] feat: Setup RuntimeMaxSec for gnocchi-metricd.
  * [2d3ffed] fix(oci_db): Use ceph default

  [ Thomas Goirand ]
  * [071f840] Add flamingo to merge-on-all-branches.
  * [aebdf5c] glance: enable memcache_use_advanced_pool
  * [e5ed2d3] keystone: enable enable_proxy_headers_parsing
  * [327722e] keystone::cache: memcache_pool_maxsize => 32
  * [495983a] Customizable number of keystone workers.
  * [1f7fe32] PXE grub: Configure correct serial tty depending on arch and
    vendor.
  * [beee12e] PXE grub: better options for serial console.
  * [300ee52] Add a neutron_force_notifications_on option
  * [d53d710] Depends on isc-dhcp-server first, dnsmasq second.
  * [5fd44a3] Use the -y flag when doing lvcreate in
    utils/usr/bin/oci-build-data-vg.
  * [0b2d135] Add -f flag to wipefs.
  * [e4da513] ocicli machine-wipe: Wipe all potentially existing LV and VG
    before doing wipefs.
  * [5a277a3] Add trixie-flamingo key.
  * [319840b] ocicli cluster-show: correctly display when there's coma in the
    values (escape with quotes).
  * [9d6cdc1] controller.pp: fix keystone_api_workers ->
    keystone_api_workers_real (Cannot reassign variable).
  * [eea01e2] oci-poc-ci: need to do "openstack region create cluster3" with
    Flamingo.
  * [b90b339] compute.pp: Fix setting $live_migration_timeout_action variable
    when >= caracal
  * [c4c066a] Increase network node RAM from 8 to 16 GB of RAM.
  * [8dfc106] oci-poc / tempest: set public_network_name=ext-floating1
  * [3b6b97a] Correctly set Barbican's [simple_crypto_plugin]/kek key.
  * [e008932] Better generation of fernet key for Barbican.
  * [6ab597c] messaging.pp: Fix wrong scheduling for systemd::dropin_file
    runtime_maxsec.conf of gnocchi-metricd.service
  * [5ecbcf2] Add Mistral support.
  * [f4d2c70] oci-build-data-vg: add /var/lib/automysqlbackup as bind mount of
    /srv/data in controllers.
  * [eecd7a0] VMMS support.
  * [8bd46e2] Fix barbican kek generation.
  * [fc2fd39] Missing has_subrole_vmms variable in controller.pp
  * [7a09f92] controller.pp: do not wait for mistral db if we don't install it.
  * [8736e36] Same for VMMS.
  * [4e1b343] Add puppet-module-vmms as depends of puppet-module-oci.
  * [5d06181] messaging.pp: Add missing param: $pass_vmms_messaging.
  * [a9d993c] Add Flamingo compat. Some VMMS fixes.

  [ axel.jacquet ]
  * [2845c2f] feat(horizon): change defaut settings to false for volume
    creation on vm setup UI.

  [ Simeon Gourlin ]
  * [8f49f73] feat(nova): add nova_enable_isolated_aggregate_filtering switch

 -- Thomas Goirand <zigo@debian.org>  Mon, 03 Nov 2025 16:04:58 +0100

openstack-cluster-installer (43.0.12) unstable; urgency=medium

  * [ca3b4a9] bin/oci-disable-puppet: Rename $HOSTNAME var, avoid clash in bash
  * [dc6aa30] Remove masking keepalived.service from controller.pp.
  * [dcf8de7] Make it possible to enable live_migration_permit_post_copy.
  * [e6526dd] iptables: octavia API blocking was defined twice.
  * [2aa21f3] iptables: do not include 127.0.0.0/8 in MySQL and RabbitMQ.
    127.0.0.0/8 is already globally whitelisting everything, so it's
    ok to not include it for SQL and Rabbit.
  * [96a147b] swiftproxy: do not set http-buffer-request.
  * [7ebb47c] Allow dnsmasq to be used instead of isc-dhcp.
    (Closes: #1106122).

 -- Thomas Goirand <zigo@debian.org>  Mon, 25 Aug 2025 12:35:16 +0200

openstack-cluster-installer (43.0.11) unstable; urgency=medium

  [ Simeon Gourlin ]
  * [6163c85] fix Postfix mta config

  [ Thomas Goirand ]
  * [4a44b60] Add a switch for relayhost
  * [1764e33] glance_api_proxy_exceptions
  * [2770a72] Set FRR on only one nick of cl3's controllers.
  * [4978df8] Define LANG and LC_ALL=en_US.utf-8 to avoid errors when running
    puppet.
  * [b2a1330] Also use --use-daily-image if needed for cluster3
  * [9ceaaa4] Also use quorum queues for cl3.
  * [fc0a7da] Support archived backports.
  * [0e14216] Fix installing backports from archive
  * [867fb63] Another archived backports fix.
  * [ea49018] Also support backports for archived repo in the live system.
  * [d2cf1b0] PoC cl3: do not use BGP on controllers, only L2, including for
    VIP.
  * [533da00] oci-auto-join-rabbitmq-cluster: use --disq option when joining
    cluster if rabbit >= 4.
  * [26d4fb3] oci-poc: fix URL of DEBIAN_ARCHIVE_MIRROR
  * [ebdf07d] Fix join_cluster with -disq opt.
  * [80adccb] --disc not --disq
  * [fbd8bc7] utils/usr/bin/oci-auto-join-rabbitmq-cluster: Fix echo.
  * [6091c54] Maintenance mode: fix regsubst regexp for IP list.
  * [412d6bf] Blacklist 3 functional test failing with unreachable network.
  * [bfa529b] oci-auto-join-rabbitmq-cluster: Add || true join_cluster to avoid
    rabbit to stay in stop_app mode.
  * [1992c2a] Add VIP IPs to firewall and bind9
  * [376a185] controller firewall: Use a network whitelist rather than
    individual IPs for allowing RabbitMQ and SQL.
  * [a007099] Better error messaging when not finding VIP IPs.
  * [544c4e8] Fix admin access restriction
  * [4ebdf0d] controller.pp: $haproxy_network_whitelist should be set before
    calculating $haproxy_api_rate_limit
  * [f22066b] Stop installing rpcbind by default.
  * [b1973da] firewall: Correctly drop API traffic without proxy.
  * [56a3e4c] controller_iptables.pp: firewall cinder-api, rsync,
    victoriametrics agent and zookeeper.

  [ nicolas.maillet-contoz ]
  * [8d49edd] fix(puppet-sql-galera): Increasing max_user_connections
  * [6137ffb] fix(neutron): Mask keepalived service after neutron-l3-agent
    installation

  [ Bertrand Lanson ]
  * [661faf6] fix(controller): increase count for neutron rpc wworkers.
    The current value is way too low for larger scale clusters.
  * [185d81a] fix(haproxy): force remove slash redirect when sni is enabled.
  * [50656ff] feat(sni): add sni capabilities for horizon dashboard
  * [4d91cd0] fix(sni): enable keystone_sni_name variable for tempest

 -- Thomas Goirand <zigo@debian.org>  Fri, 22 Aug 2025 10:04:24 +0200

openstack-cluster-installer (43.0.10) unstable; urgency=medium

  * [88be118] set my_ip in nova.conf in compute nodes.
  * [27f984a] Fix sh path in bin/oci-scp-ring shebang.

 -- Thomas Goirand <zigo@debian.org>  Fri, 25 Jul 2025 15:20:19 +0200

openstack-cluster-installer (43.0.9) unstable; urgency=medium

  [ Thomas Goirand ]
  * [f706bfa] oci-cluster-upgrade-openstack-release: add --partial option.
  * [22ddd54] libvirt: Always use disk_cachemodes=['network=writeback', ]
  * [a5e2c50] controller.pp: doubled-defined cloudkitty's
    orchestrator/coordination_url
  * [5a42ca1] PoC: correctly add ext-net1-v4subnet1 to ext-net1-router1.
  * [438397b] Blacklist test_delete_security_group_rule_with_non_existent_id
  * [e4ee6f2] hyperconverged: fix setting-up compute.
  * [d3c8c98] controller.pp: use glance_api_config resource.
    The glance_config thingy seems gone.
  * [0f4abbb] controller.pp: do not set use_queue_manager and
    rabbit_stream_fanout. These options are already set by puppet-module-oslo.
  * [f6b87ef] Do not set use_queue_manager, as this creates conflict.
  * [3dade37] Fix bin/oci-cluster-upgrade-funcs VIP detection.
  * [0f9e070] Fix using wrong variable for cinder_debug.
  * [d214933] network.pp: Fix the l3 agent mode to legacy if not using DVR.
    This has the nice feature that it wont bring all HA router down when
    the l3 agent restarts.
  * [7844e74] Fix rabbitmq scheduling in hyperconverged mode.
    Also fix the missuse of $facts['processorcount'] that shall be replaced by
    $facts['processors']['count'] that always works, even in Trixie.
  * [884db30] Make Neutron's agent_down_time configurable.
    With a lot of routers, the default value of 75 seconds isn't enough.
    This patch makes it configurable, and sets a default value of 150.
  * [ada8c6f] Use new params: stream_fanout and use_queue_manager.
  * [cd01c9e] Fix glance settings
  * [a8723eb] Do not set disk_cachemodes.
    Setting network=writeback is in fact impacting performances negatively
    on a (fast) Ceph cluster backend. Reverting.
  * [cb1e186] Increasing net.core.netdev_max_backlog to 24 000
  * [e2109f8] Add plus char as allowed char for if firmware version
  * [20f8075] controller.pp scheduling: Do not require ::rabbitmq if its not
    installed
  * [5dfd4fc] Add bin/oci-ping-all-nodes.
  * [366a5c7] Use quorum queues if >= trixie.
  * [c06297d] Set a value for rabbit_qos_prefetch_count if using quorum queues.
  * [bf7b231] Trixie: set innodb_snapshot_isolation.

  [ Florian La Roche ]
  * [4a898f2] unify from "example.org" to "example.com" and adjust docu and default configuration

 -- Thomas Goirand <zigo@debian.org>  Fri, 25 Jul 2025 14:01:39 +0200

openstack-cluster-installer (43.0.8) unstable; urgency=medium

  [ Thomas Goirand ]
  * [c733222] oci-disable-puppet: add ConnectTimeout=5.
  * [ea8bfa0] Fix controller_iptables.pp to use jump in the ipv6 section also.
  * [f0aaab8] Make ceilometer-middleware optional.
  * [d396783] Adding memcache_use_advanced_pool for gnocchi & cloudkitty.

  [ Jim Scadden ]
  * [c404368] Updated LLDP neighbour switchport name regex.

  [ Olivier Chaze ]
  * [1033776] Enable S3 Versioning.

  [ Thomas Goirand ]
  * [2211bed] Using multiple threads for ceilometer-polling.
  * [706040c] compute.pp: instance poller not separated.
  * [67ca99c] Number of gnocchi-api and cloudkitty-processor workers config.
  * [6af47fe] api_rate_whitelist understands IPv6.

 -- Thomas Goirand <zigo@debian.org>  Tue, 17 Jun 2025 09:14:09 +0200

openstack-cluster-installer (43.0.7) unstable; urgency=medium

  [ Evan Bebi ]
  * [e10fd9a] update for keystone use json

  [ Thomas Goirand ]
  * [8837b37] Some quick fixes for Trixie
  * [938491a] Set new RabbitMQ defaults.
  * [26260c8] Setup "cluster" variable for Ceph.
    This is needed, so that volumes aren't bound to a single
    cinder-volume service in Ceph mode (ie: a volume can be
    managed by any volume node).
  * [1d0eb71] Set haproxy_timeout_server to 10m by default.
    Experience in production shows this is a nicer value than 1m.
  * [05fc995] Call ::keystone::logging before calling ::keystone.
  * [aa53b0a] network.pp: rpc_response_timeout param sent twice.
  * [f7a1ba1] network.pp: And again, for Rocky.
  * [82f2d09] compute.pp: (bugfix) only use Ceilometer quorum queues for
    Caracal and up.
  * [3d57ee7] compute.pp: fix cluster directive if not using multiple Ceph AZ.

  [ Valentin Chassignol ]
  * [c3d5ef1] fix: enc.php: SNI certificate is generated for vip-hostname
    instead of machine name

  [ Thomas Goirand ]
  * [1d33142] Fix a value for parallel_operations in Gnocchi.
  * [d203b38] Add trixie-epoxy key.
  * [997740b] oci-first-boot: Set puppet MAX_RUN=9

  [ Evan Bebi ]
  * [669cffb] Better config for global_request_id.

  [ Thomas Goirand ]
  * [9f4174c] Initial Trixie support.

  [ Theo Gindre ]
  * [2f7e608] Incoming sacks with redis

  [ Thomas Goirand ]
  * [5c5d559] poc: cluster-set cl1 --gnocchi-incoming-sacks-use-redis yes
  * [b122f5e] Fix oci-poc-provision-image after wrong --use-daily-image commit.
  * [d1be6b4] PoC: Add and run oci-poc-provision-cloudkitty
  * [25f9837] messaging.pp: fix wrong section edit.

 -- Thomas Goirand <zigo@debian.org>  Thu, 12 Jun 2025 22:02:57 +0200

openstack-cluster-installer (43.0.6) unstable; urgency=medium

  * [86c767b] Do not install ntp, removed form Trixie.
  * [b59049f] Do not install ilorest-chif.

 -- Thomas Goirand <zigo@debian.org>  Mon, 12 May 2025 14:12:05 +0200

openstack-cluster-installer (43.0.5) unstable; urgency=medium

  * [5785feb] Fix package upgrade list for Epoxy.

 -- Thomas Goirand <zigo@debian.org>  Fri, 18 Apr 2025 01:26:37 +0200

openstack-cluster-installer (43.0.4) unstable; urgency=medium

  * [e2d93f3] Blacklist some more failing tests.
  * [1ed2345] PoC: makes octavia ssh key available for tempest.
  * [b3c67e5] PoC: correctly set public_network_name.
  * [6515928] live image: do not attempt to install policykit-1 which isn't
    available in Trixie.
  * [2217c9c] Install Epoxy on top of Trixie by default.

 -- Thomas Goirand <zigo@debian.org>  Fri, 18 Apr 2025 00:44:40 +0200

openstack-cluster-installer (43.0.3) unstable; urgency=medium

  [ Thomas Goirand ]
  * [3a29887] Fix default volume size in tempest, as 2GB makes tempest fail.
  * [36258c2] haproxy.cfg for the PoC
  * [4e959b5] compute.pp: install and run numad only if cpu_sockets >= 2

  [ Olivier Chaze ]
  * [49185b8] option http-buffer-request mandatory for req.body ACLs
  * [1e91051] option http-buffer-request mandatory for req ACLs

  [ Thomas Goirand ]
  * [5915d8e] Add bookworm-epoxy key.
  * [632144d] Improve README.md thanks to Florian La Roche
  * [1bb1d79] oci-poc-provision-network: Fix BGP_NET_LEAF_2_REMOTE_AS
  * [2824033] controller_iptables.pp: fix LOGDROP table isn't created if rate
    limit isn't disabled.
  * [6530628] Use [signed-by=] and avoid using apt-key add.
  * [1773561] poc: install cl1 network nodes and cl3 controllers on ens5, not
    ens4, as it's leaf2 that has VLAN for it.
  * [06b1ea4] oci-poc-provision-network: Fix dynamic-routing setup to use leaf2
    for ipv4 advertizing.
  * [bf12191] tempest.pp: set volume/catalog_type in tempest.conf, and
    correctly set microversions for Dalmatian and Epoxy.
  * [fd1bef8] tempest.pp: set heat_plugin/username, password and region.
  * [134f44e] tempest.pp: Use zabbix as username for tempest.
  * [26663d4] Setup a tempest2 alt_username + alt_project.
  * [09283fd] Setup min microversions.
  * [86c5e5a] tempest exclude.conf: add
    test_rebuild_server_with_volume_attached that is doing a wrong address test
  * [02bc859] Add domain names in tempest.conf.
  * [8662cfd] poc-bin/oci-poc-haproxy: correctly set local IP in haproxy.cfg on
    the PoC host.
  * [cf14a11] min microversion of compute is 2.1
  * [bd6d8f0] PoC: Fixed the name of external_network_name to ext-net1 to
    repair tempest.
  * [7a4a58b] Merge branch 'debian/dalmatian' into debian/epoxy
  * [4257421] PoC: Fixed public_network_name
  * [80c8122] PoC: Fix neutron_external_network_name in the enc.
  * [207c8a9] PoC: set designate_nameservers with the IP of cl1-dns-1 and
    cl1-dns-2.
  * [3ae593e] Fix: openstacklo_fe should not be there if gnocchi isn't
    installed.
  * [ed6068d] PoC: blacklist 3 functional tests not working in non-DVR mode.
  * [42208bf] ocicli: install Elastic nodes before controllers when installing
    a cluster.
  * [9989115] PoC: Correctly create the cloudkitty index in elasticsearch.
  * [1987dd9] Blacklist 4 more tempest tests.
  * [3b2b043] Fix barbican min and max microversion for Epoxy.
  * [2eff3d7] PoC: Make sure cl1-compute-3 to 8 are not in disabled state.
  * [8e14e5f] PoC: Correctly push the correct octavia network to leaf2
  * [44087f8] PoC: More values for [load_balancer] (grabbed from
    octavia-tempest-plugin).
  * [098151d] PoC: re-enable some tempest tests that are now passing.
  * [e54a626] Re-enable 3 tests.
  * [6412473] Blacklist tempest test: TestStampPattern.test_stamp_pattern. It
    needs mkfs.vfat in the image.
  * [f6cb06f] oci-poc-save: Turn off puppet before mysql, so there's no risk
    that puppet restarts MySQL.
  * [fbfa7bd] machine-install-os: fix deletecting presence of
    /etc/oci/oci-repository-key.asc

 -- Thomas Goirand <zigo@debian.org>  Tue, 15 Apr 2025 15:56:16 +0200

openstack-cluster-installer (43.0.2) unstable; urgency=medium

  [ Thomas Goirand ]
  * [59243d5] compute.pp: correctly set block_device_allocate_retries and
    block_device_allocate_retries_interval in victoria and wallaby.
  * [6ebe619] Always transmit Ceph keys to controller.pp, even when using
    cephadm to deploy.
  * [552210b] When using cephadm to deploy, install cephadm only if not
    bullseye.
  * [feacf04] Add support for barbican_endpoint in swiftproxies starting with
    Victoria, not just Caracal, as I just backported the feature in both Swift
    and puppet-module-swift.
  * [a7e4e22] Make upgrades work without moving the VIPs.
  * [dc53934] Upgrade Neutron last and slow down if rabbitmq messages too high.
  * [56b4c6f] Fix advertizing Octavia network in the PoC.

  [ Olivier Chaze ]
  * [f927ff6] workaround for https://bugs.launchpad.net/swift/+bug/2093413

  [ Thomas Goirand ]
  * [6cefba4] Set uwsgi/disable-logging to false everywhere.
  * [d85d762] Rewrite Octavia functional test exclude list after Octavia
    network setup is correct.
  * [558ef0f] Add 'qos' to extentions in ml2::ovs.
  * [8e0d859] Add 'fip_qos' and 'gateway_ip_qos' to l3 agent extentions.

  [ Simeon Gourlin ]
  * [0f32e8a] Fix number of rpc_workers for Neutron.
    See merge request openstack-team/debian/openstack-cluster-installer!83

  [ Thomas Goirand ]
  * [a7fc851] Add elastic role.
  * [1f75699] Add missing puppet-module-voxpupuli-elasticsearch runtime depends
  * [8479da9] ::cloudkitty has no param rabbit_transient_quorum_queue
  * [23e4cec] Revert "::cloudkitty has no param rabbit_transient_quorum_queue"
    This reverts commit 8479da92f5ebe6c5496900c0de912c0c2e38099d.
    since I fixed the puppet module.
  * [62d079e] ocicli cluster-install: also install elsaticsearch server.
  * [5b58d9f] tempest.pp: fix dashboard_url in case of dalmatian and up.
  * [bf4b109] openstack-cluster-installer-build-live-image: fix installing
    storcli on HPE

  [ Olivier Chaze ]
  * [0ce14df] remove double declaration so iptable rules are actually applied.

  [ Thomas Goirand ]
  * [c10da88] Also fix storcli install under > Buster.
  * [39141ba] Fix previous fix... :P
  * [054a3e2] Cephadm no pool create on controllers
  * [2d96dfd] No neutron-metering-agent if not using telemetry.
  * [ee8ddc6] network node: Fix packet lost with high trafic on network nodes.
  * [04be6d0] Document creating CEPH_1 cinder backend.
  * [c936ad8] Switch depends from bind9utils to bind9-utils (Closes: #1100059).

 -- Thomas Goirand <zigo@debian.org>  Tue, 11 Mar 2025 08:33:12 +0100

openstack-cluster-installer (43.0.1) unstable; urgency=medium

  [ Thomas Goirand ]
  * [34c36ca] heat: do not set trustee/project_name as this breaks RBAC.
  * [03b8a9a] heat: Ensure trustee/project_name isn't defined to avoid rights
    issue.
  * [d4953ea] controller.pp: fix scheduling for designate, manila and magnum.
  * [94cc54a] oci-cluster-upgrade-openstack-release: check for VIP in ctrl1
  * [04cdca8] Automatic removal of /etc/oci/self-signed-api-cert folder of cert
    is not self-signed.
  * [19b2d22] controller.pp: breaks scheduling dependency loop
    Anchor['horizon::service::end'] -> Class['haproxy'] replaced by
    Haproxy::Frontend['openstackfe']
  * [eb45904] horizon: set default_dns_nameservers within neutron_options.

  [ Bertrand Lanson ]
  * [1e01c5b] feat: Make metric_processing_delay a variable
    See merge request openstack-team/debian/openstack-cluster-installer!74

  [ Simeon Gourlin ]
  * [502c347] Configuring nova timeout block_device_allocate_retries

  [ Thomas Goirand ]
  * [ea33c93] Add a new and better oci-scp-ring command.
  * [08845a0] oci-scp-ring: a few fixups.
  * [66165f0] Fix syntax error in controller.pp
  * [32d26f9] Document how to upgrade from Bullseye to Bookworm.
  * [aa3625f] Generate /root/reset-rabbitmq-credentials script, useful for
    bookworm upgrades.
  * [520ae50] Feat/enable sni.
    See merge request openstack-team/debian/openstack-cluster-installer!71
  * [9d8de1e] Fix check_rb_user
  * [c0db4a2] oci-poc-restore: use oci-restart-all-services
  * [94a79aa] New oci-cluster-upgrade-bullseye-to-bookworm script, factorize in
    a oci-cluster-upgrade-funcs lib.
  * [45d2157] Also generate /root/reset-rabbitmq-credentials in messaging nodes
  * [c83867c] Fix description of haproxy_admin_external_access
  * [875b1bd] More Bookworm upgrade fixups.
  * [0706312] Package list for Antelope upgrade.
  * [7aaf974] upgrades: Fix restarting puppetserver in bookworm.
  * [564dcd8] Less packages in ctrl_upgrade_depends
  * [31c0312] Cluster with the correct node when rejoining after Bookworm
    upgrade.
  * [85b9e0f] List of packages for bobcat upgrade.
  * [cc3a882] Increase the number of VCPU for the 3x cl2 keystone nodes.
  * [a103403] bin/oci-cluster-upgrade-openstack-release: caracal package list.
  * [23f7509] oci-agent/openstack-cluster-installer-bodi-hook-script: fix
    puppet.conf setup.
  * [5e8e568] README.md: Bullseye to Bookworm upgrade.
  * [b9604d9] bin/oci-cluster-upgrade-bullseye-to-bookworm: Fix upgrading
    CEPHMON.
  * [e06ab58] Always schedule Anchor['horizon::service::end'] ->
    Haproxy::Frontend['openstackfe'] even if initial_cluster_setup is no.
  * [481c065] poc-bin/oci-poc-provision: Fix getting the IP of controllers of
    cl3 in the PoC
  * [358524b] poc-bin/oci-poc-provision: Correctly select controller 3 IPs.
  * [a3e0fee] oci-restart-all-services: Restart services in order, then in
    parallel.
  * [841824d] Bullseye: final reset of rabbit cluster and restart of all
    services.
  * [f566f9d] bin/oci-cluster-upgrade-openstack-release: only upgrade packages
    that are installed.
  * [57c23b8] bin/oci-cluster-upgrade-openstack-release: upgrade all installed
    horizon plugin at the same time as Horizon.
  * [47a63b9] bullseye-to-bookworm: handle the case when clusters has no rabbit
  * [1000523] Also schedule: Service['httpd'] ->
    Haproxy::Frontend['openstackfe']
  * [6628035] utils/usr/bin/oci-restart-all-services: launch "Restarting in
    parallel" only if there are some services left to start.
  * [db279c3] haproxy: Do not bind port 80 by default, as it conficts with
    Apache on PoC cl2 (keystone only).
  * [9d0b2e3] oci-restart-all-services: fix test.
  * [9321c05] oci-restart-all-services: remove double-defined nova-conductor.
  * [b5d9ced] bin/oci-cluster-upgrade-openstack-release: Fix list of horizon
    plugin packages.
  * [0c101bc] Package depends list for Dalmatian.
  * [1a0b563] oci-cluster-upgrade: only upgrade packages that are installed and
    that are in a higher version.
  * [a6d26e4] upgrade to bookworm: automatically add non-free-firmware to
    standard sources.list.
  * [ac8cc17] bin/oci-cluster-upgrade-openstack-release: add checks from and to
    OS release names.
  * [5fc07df] Increase number of VM from 53 to 54.
  * [2d8ac70] Schedule restart of rabbit just right after RabbitMQ nodes have
    been dist-upgraded and rebooted.
  * [059e344] oci-cluster-upgrade-bullseye-to-bookworm: install zstd if not
    present.
  * [154774b] bin/oci-cluster-upgrade-bullseye-to-bookworm: correctly call
    rejoin_rabbit_cluster with first node hostname.
  * [14fb7e0] Colorize output of oci-poc-{save,restore}
  * [3a366df] Merge branch 'feat/swtpm-options' into 'debian/dalmatian'
    feat: enable swtpm option for compute nodes above Xena
    See merge request openstack-team/debian/openstack-cluster-installer!75
  * [8429fd0] bin/oci-cluster-upgrade-openstack-release: run db
    online_data_migrations for cinder and placement after upgrade, plus run
    cinder db purge 0 before upgrade.

  [ Bertrand Lanson ]
  * [42fff9a] feat: regionalize barbican service for nova-compute.
    This force the setting of the barbican_region_name parameter, in order
    to let nova-compute communicate with the barbican api in case of
    multi-region deployments

  [ Thomas Goirand ]
  * [56c895d] uncollorize some of oci-poc-save
  * [ef75fa1] Add region_name param in neutron::designate call.
    See https://review.opendev.org/c/openstack/puppet-neutron/+/936823
  * [675b8f0] openstack-api-vip
  * [f4ec0ef] vip-6: only setup when initial-cluster-setup is yes.
  * [7537a7a] Always setup the VIP, not only if initial-cluster-setup is set.
  * [4042bd5] Fix auth_url in neutron::designate for multi-region.
  * [efeddcd] controller.pp: correctly user and pass for ::neutron::designate
  * [99baa12] Also display authtoken passwords.
  * [06549d5] tempest.pp: Fix login_url and dashboard_url to include https://
  * [3ce2571] Fix login_url and dashboard_url in all OpenStack release, not
    just last one.
  * [33b0d42] Fix again neutron::designate credential. Hopefully correct this
    time.
  * [1f4b38a] PoC: setup designate project owner managed resources.
  * [611bfe6] Implement possible customization of resize_confirm_window in
    compute.pp.
  * [ca13edb] report.php: fix using the correct regexp for validating network
    card names.
  * [d1c6d13] oci-disable-puppet: now understand multi-cluster.
  * [af443f2] oci-enable-puppet: understand multi-cluster.
  * [989fc18] Fix syntax error in compute.pp near resize_confirm_window
  * [ddea9d7] Add oci_check_all_nodes_alive check before upgrade.
  * [c38e04b] network.pp: fix base_url not including proto.
  * [072ee8e] Increase max_stacks_per_tenant to 50000 (ie: x10).
  * [bb12de6] haproxy: switch nbthread to 32 by default (which is what we have
    in production).
  * [29d7b09] Merge branch 'quorum-queues' into 'debian/dalmatian'
    Add quorum queue feature.
    See merge request openstack-team/debian/openstack-cluster-installer!76
  * [997de70] Remove unnecessary ceph configurations
    See merge request openstack-team/debian/openstack-cluster-installer!77
  * [7b3c3ab] tempest.pp: fix keystone password working without external
    keystone.
  * [bafa508] API: haproxy binds on IPv6 (Code misteriously was gone...).
  * [859afa5] src/inc/validate_param.php: allow ip_list to contain CIDRs.
  * [476748a] Allow to set API into a maintenance mode.
  * [736a5a6] Merge branch 'feature/json-logging' into 'debian/dalmatian'
    Enable use json for exiting logging
    See merge request openstack-team/debian/openstack-cluster-installer!78
  * [a79e7fe] swift_container_replicator_per_region_scheduling
  * [1c3f74c] Create a new class oci::pxe_server that may be called by the ENC
    if hostname is self.
  * [59cf122] Fix management of ssh keys in /usr/bin/oci-live.
  * [068995e] oci-live: do mkdir -p /var/lib/openstack-cluster-installer early
    enough.
  * [eeb5544] oci-live: mkdir -p /var/lib/openstack-cluster-installer/tftp/live
  * [f5c4bd9] Add postfix in oci::pxe_server

 -- Thomas Goirand <zigo@debian.org>  Wed, 22 Jan 2025 14:16:03 +0100

openstack-cluster-installer (43.0.0) unstable; urgency=medium

  [ Thomas Goirand ]
  * [d1a359a] Add --haproxy-custom-url option to ocicli.
  * [e45d4d7] Merge branch 'ceph-az' into debian/caracal
  * [d1fa666] Fix fetching ceph_osbpo_release
  * [e5c3047] report.php: fix typo.
  * [1870467] Fix pinning of Ceph packages.
  * [dbfb144] Add an lldp switchname matcher to select network cards in a
    network definition.
  * [505fb4d] Enable http to https redirection on haproxy level for openstack
    API See merge request openstack-team/debian/openstack-cluster-installer!55
  * [58308cf] Fix d/copyright.

  [ Philippe SERAPHIN ]
  * [5c3f671] In oci-hdd-maint, test if drive mounted before change owner

  [ Thomas Goirand ]
  * [25bab47] caracal: fix keystone roles creation.
  * [6ecfbf8] oci-hdd-maint: implement wait_until_mounted correctly.
  * [f84cd5d] oci-poc-ci: cosmetic print fix
  * [d1d8913] oci-agent: allow using storcli64, not only storcli_x64.
  * [b7dbb25] Fix syntax.
  * [98defe8] oci-agent: always report physical disks if MegaRAID is seen.
  * [55fec1e] hardware_profile.php: fix enclosure number when using storcli to
    setup raid0 or raid1.
  * [4789c8c] caracal: use the new cert_file and key_file parameters of
    nova::migration::libvirt instead of setting it up in libvirtd_config
  * [07b4e93] compute.pp: provision /etc/openstack/puppet/admin-clouds.yaml if
    using extrenal keystone.
  * [56444ad] compute.pp: configure the CEPH_X backend depending on the compute
    AZ.
  * [b87cc9f] caracal: volume.pp must use the new parameters
    max_over_subscription_ratio and reserved_percentage of
    cinder::backend::iscsi

  [ Axel Jacquet ]
  * [5fbbc0e] some fixes for galera role

  [ Thomas Goirand ]
  * [6efe0ee] oci-agent: fix reporting firmware version twice.
  * [bc8b6dd] merge-on-all-branches: Retry pull / push as Salsa is being
    annoying.
  * [92b8641] Make the SQL role work
  * [52f265c] The beginning of a sqlmsg role (not tested yet).
  * [4b83e74] ocicli machine-wipe: Wipe 4GB instead of 1000 MB.
  * [f67fb88] oci-block-device-udev-sorting: also support "ProLiant DL385 Gen10
    Plus v2"
  * [8a9a805] controller.pp: fix galera backend members.
  * [2b772dd] oci-poc-setup: nit: fix echo to suggest
    oci-poc-install-cluster-bgp instead of -full.
  * [ed2c9d9] slave_actions.php: Fix setting-up first_sql_machine_id (missing
    break in switch/case).
  * [1f5d202] Start of implementing ceph_use_cephadm_to_deploy
  * [2ce2d40] sqlmsg role: fix ENC and sql.pp.
  * [7baa59b] Set messaging vip with role messaging.
  * [e425b6f] ceph multiple-az: correctly pass params to get_cluster_password()
  * [b3c9a1c] messaging node to use the sqlmsg IP for db connections.
  * [042760e] Fix num of HDD for swiftproxy in PoC

  [ Axel Jacquet ]
  * [b823160] Add possibility to Blacklist Swift account and S3 account
    independently with custom map, return 503 custom message

  [ Thomas Goirand ]
  * [963d3ea] swiftproxy.pp: Do not double-set
    container-replicator/node_timeout
  * [ab1f471] messaging.pp: do not depend on galera class if there's an sqlmsg
    role in the cluster.
  * [456e5b6] controller.pp and messaging.pp: with sql role, wait for db to be
    populated before services.
  * [1224016] oci-wait-for-remote-sql: missing $ when fetching --db-name.
  * [8358398] create designatedb on sql node, and properly schedule the API VIP
    before services.

  [ Simeon Gourlin ]
  * [aad2138] Setting default Neutron firewall driver to _openvswitch_ from
    Caracal
  * [6e53cd5] Setting default Neutron firewall driver to _openvswitch_ from
    Caracal in controller and compute also

  [ Thomas Goirand ]
  * [96845c6] tempest.pp: support setup with Caracal version of
    puppet-module-tempest.
  * [ee2faf9] Always transmit designate pass to sql node.
  * [45aa8b3] untested (yet): Add firewalling to SQL nodes.
  * [60eee4f] Fix sql nodes firewalling.
  * [68dc12f] Handle cephadm keys.

  [ Philippe Seraphin ]
  * [60ec6df] Change detection for all card type on R740xd

  [ Thomas Goirand ]
  * [e8b2748] openstack-cluster-installer-agent: report blkctrl firmware
    version using storcli (instead of megacli) if available.
  * [4ecf3ca] Implement: ocicli password-{list,show,set}
  * [3550155] Implements IPMI management using fixed DHCP per port.
  * [237b74c] ocicli: implement machine-activate-ipmi-over-lan for both HPE and
    Dell server types in a better, nicer, unified way.
  * [504bbf4] hardware_profile.php: reset $raid_megacli_cfg_opt before
    calculating each drive cmd line.
  * [4cccc6a] src/inc/hardware_profile.php: Fixup clearing all JBOD disk before
    apply.
  * [c5791ea] SQL and MSGSQL nodes: mount /var/lib/mysql with the 2nd data disk
  * [65c8268] oci-first-boot: Fix mounting mysql folder in the data disk
    sql/sqlmsg nodes.
  * [1f259f5] Fix save and display of ssh keys.
  * [7a01cfa] oci-block-device-udev-sorting: more for ProLiant DL365 Gen11
  * [a1cb869] ocicli: also display password type "openstackkey"
  * [74b62bd] Also handle ocicli password-set with type openstackkey.
  * [8271fb7] Also transmit ceph_use_cephadm_to_deploy to billmon / billosd.
  * [cdcf952] ocicli machine-show: order block devices by LENGTH(name),name
    (that's nicer, so 2 is before 11).
  * [f9e4847] ocicli password-set: use mysqli_real_escape_string() instead of
    safe_pass().
  * [fd68441] enc.pp: do not fetch Ceph passwords for controllers if we're in
    ceph_use_cephadm_to_deploy mode.
  * [d1d6462] oci-block-device-udev-sorting: handle DL365 Gen11 2x VD disks.
  * [b170d94] messaging.pp: handles ceph_use_cephadm_to_deploy option.
  * [3ab4315] nova-scheduler: set host_subset_size to 3 to avoid all VMs to be
    poped on the same compute when doing "server create" in bulk.
  * [08d3b85] api.php: removed remaining debug echo cause command passwor-set
    to not return 0.
  * [8ff8e09] Fix keystone access as admin from compute to be able to list and
    set volume types.
  * [aaf8417] Fix default value of cpu_allocation_ratio from 16 to 2 and
    ram_allocation_ratio from 1.5 to 1.
  * [ba1c0e5] Manage /etc/oci/self-signed-api-cert with puppet depending on
    cluster flag.
  * [15f4b60] Explicitly set images_type so we use RBD for Nova in Xena and
    up.
  * [02dc758] openstack-cluster-installer-bodi-hook-script: Increase puppet
    main/top_level_facts_soft_limit from default 512 to 2048 when installing
    hosts.
  * [586ecb6] Fix ceph_az, without using variables.json (this has to be done by
    hand on the enc.pp).
  * [71aa6ed] slave_actions.php: fix sql request when not using multi az
    See merge request openstack-team/debian/openstack-cluster-installer!57
  * [873cee5] octavia-certs: use semicolon instead of period for chown
    See merge request openstack-team/debian/openstack-cluster-installer!56
  * [1e17ce2] oci-block-device-udev-sorting: More work on "ProLiant DL365
    Gen11"
  * [61d4349] Fix missing esac.
  * [02e64d4] Fixup again "ProLiant DL365 Gen11" bootorder detection.
  * [b0a51b2] auto_racking.php: better handling of comment errors, like
    non-parseable auto-racking.json and no match with LLDP info.
  * [d2729d5] controller.pp: Remove AvailabilityZoneFilter from filter list, as
    it's been removed from Xena and up.
  * [0eb3a01] Add support for cloudkitty storage V2.
  * [31709e1] re-enable glance-api SSL if >= caracal, fix cloudkitty
    storage_version/backend double params.
  * [b9602bc] messaging.pp: fix storage_backend / storage_version param twice
    when calling ::cloudkitty class.
  * [4307c79] Fix variables.json to not include comas in description.
  * [5a6dfaf] horizon: from Caracal and up, use
    django.core.cache.backends.memcached.PyMemcacheCache as BACKEND driver.
  * [49ba402] messaging.pp: Fix ::cloudkitty::keystone::authtoken username if
    using region-postfixed usernames.
  * [12d25ae] Add CPU flags fact, and activate SEV if a compute supports it.
  * [b56a149] oci-block-device-udev-sorting: fix support for drive orders in
    hydra-f
  * [8bd9a7b] Update apt.infomaniak.ch GPG key.
  * [db9f011] Fix another instance of the apt.infomaniak.ch key.
  * [407942b] Another instance of the key.
  * [c6fa65f] ipmi_cmds.php: fix ocicli machine-ipmi-adopt not fetching the
    ipmi username correctly.

  [ Mathias Heyraud ]
  * [d64646e] oci-sorting update gigabyte sdb

  [ Thomas Goirand ]
  * [d876370] oci-hdd-maint: support dataforge hydra-f
  * [5164cae] nova: support default_schedule_zone

  [ Olivier Chaze ]
  * [5368bd5] Mounting the DB on additional disks

  [ Thomas Goirand ]
  * [c49b836] Add contrib/update-admin-project-id.

  [ Simeon Gourlin ]
  * [1e1cefd] Adding cinder az variables to compute

  [ Thomas Goirand ]
  * [c045677] Revert "Adding cinder az variables to compute"
    This reverts commit 1e1cefd254fda8e144a519431466e26b6b394ccc.
  * [70c6d25] Also handle storage_availability_zone for cinder on a compute
    node.
  * [7a97dcc] controller.pp: set correct region_name for all stuff in
    Octavia, so it can handle multi-region.
  * [8a1f69f] oci-puppet: unset all OpenStack env vars before running puppet.

  [ Simeon Gourlin ]
  * [199fcf3] Moving cinder_default_storage_availability_zone from cluster
    config to machine config

  [ Thomas Goirand ]
  * [7a5e824] swiftproxy.pp: Support setting barbican_endpoint in
    /etc/swift/keymaster.conf, needed for multi-region.
  * [e9b1def] chmod update-admin-project-id
  * [43fb621] Add automation to install and configure dkms with auto-signing of
    kernel modules.
  * [d824a5b] Document secure-boot support.
  * [d854e7c] Merge branch 'feature/wipefs' into 'debian/caracal'
    Use wipefs instead of dd to wipe partition signatures form drives
    See merge request openstack-team/debian/openstack-cluster-installer!58
  * [473e055] Run drive_full_checker as root.
  * [9dd4b23] Also run drive_full_checker as root in proxy nodes.
  * [d2a457a] oci-system-serial: Make "OpenStack Nova" (ie: OpenStack VMs)
    report a shorter serial number.
  * [76a6f94] Fix dhcp_domain description in variables.json
  * [8156b08] Support setting hw_machine_type in Nova.
  * [b18380d] controller.pp: give the service role to all service users.
  * [cec643f] compute: add CPU model check skip options

  [ Simeon Gourlin ]
  * [0d622fc] Revert Ceph different backend name for multiple clusters

  [ Thomas Goirand ]
  * [77b9557] Add set fib_multipath_hash_policy to 1 with sysctl.
  * [e372c6a] controller.pp: allow setting-up Keystone without rabbit.
  * [fe40020] controller.pp: only use the "roles =>" param when available in
    puppet-openstack.
  * [a9e1baf] controller.pp: schedule haproxy before horizon, as apache may
    otherwise temporarily bind on port 80 which clashes with haproxy.
  * [aadbaef] controller.pp: fix setting-up Octavia before Bobcat.
  * [e02262c] compute.pp: before yoga, provision /etc/keystone/puppet.conf
    instead of openstacklib::clouds.
  * [246a9c7] tempest.pp: correctly install /etc/keystone/puppet.conf if xena
    or lower.
  * [030513d] Disable glance_v1 API in tempest.
  * [05103a0] tempest.pp: Fix keystone credentials and URL.
  * [e35d646] tempest.pp: before Bobcat, write /root/openrc so that
    tempest_flavor_id_setter knows how to authenticate.
  * [4f59bb9] tempest.pp: add region_name in /root/openrc and /root/oci-openrc
  * [9f9a547] Do not run test_volume_from_snapshot_cascade_delete
  * [b0eec46] controller.pp: schedule apache after haproxy.
  * [5eb92c3] validate_password(): accept equal sign.

  [ Simeon Gourlin ]
  * [8991e63] Adding memcache_use_advanced_pool to neutron-api

  [ Thomas Goirand ]
  * [5ac77eb] controller.pp: Fixup swift_store_region in glance setup, in the
    swift extrenal case.
  * [10c90f8] messaging.pp: Fixup [ociadmin_authtoken]/password in the case of
    external keystone.
  * [bbce6b5] cloudkitty storage v2: set storage_elasticsearch/use_datastream
    to true.
  * [099dd05] Add comment for calling ::cloudkitty::storage.
  * [f6b3eca] Fix detecting serial number in the case of an OpenStack VM.
  * [38c4ea8] Restart haproxy between controllers puppet run at first boot.
  * [bf0048b] Also attempt restarting mariadb server in oci-first-boot script
    in sql / sqlmsg roles.
  * [7af2c66] oci-poc-provision-image: Insert the password "password" into the
    test image.
  * [4e2c036] OCI PoC: Really run oci-poc-provision-network-cl3 on cluster3
  * [856711d] tempest.pp: also set region name for identity and image.

  [ Axel Jacquet ]
  * [bf27377] add blacklist test in poc-test list: test not maintened:
    neutron_tempest_plugin group
  * [5bf352b] add blacklist test in poc-test list: Tests passed with bigger
    timeout, 10 secod is to small
  * [e4b4521] add blacklist test in poc-test: neutron_plugin: Doesn't work
    without SNI : https://api:443/v2.0/networks\? doesn't start with
    https://api:443/network
  * [53590d6] add blacklist test in poc-test: neutron_plugin: Doesn't work
    without SNI : https://api:443/v2.0/networks\? doesn't start with
    https://api:443/network
  * [e9c7059] add blacklist test in poc-test: neutron_plugin: Doesn't work
    without SNI : https://api:443/v2.0/networks\? doesn't start with
    https://api:443/network again
  * [6ca3d06] add blacklist test in poc-test: neutron_plugin: Doesn't work
    without SNI : https://api:443/v2.0/networks\? doesn't start with
    https://api:443/network again

  [ Thomas Goirand ]
  * [baed889] Also apply neutron dnsmasq_dns_servers parameter on controllers
    with network subrole
    See merge request openstack-team/debian/openstack-cluster-installer!59
  * [da49907] Don't attempt to upgrade python3-pypowervm package, which was
    removed in bookworm
    See merge request openstack-team/debian/openstack-cluster-installer!61
  * [fd0e5b2] Also display monitoring password type.
  * [279c460] oci-poc-save & restore: now understand multiple clusters,
    messaging, sql and sqlmsg nodes, and restart galera clusters accordingly.
  * [2b6c8c9] oci-poc-save: understand multiple clusters when turning off
    Galera.
  * [a5f6992] pupppet-master service is now puppetserver
    See merge request openstack-team/debian/openstack-cluster-installer!60
  * [c31050e] oci-poc: setup the correct debian image name in
    openstack-cluster-installer.conf depending on debian release.
  * [0f20165] oci-poc-provision: correctly provision network on cl3.
  * [43704bc] poc-bin/oci-poc-provision: Provision flavors in cl3.

  [ Axel Jacquet ]
  * [4f1d530] add blacklist test in poc-test: neutron_plugin: work with relaod
    of dhclient oinside vm like upstream recent tests
  * [37b3ec3] add blacklist test in poc-test: image_test:  upload works but
    code try to checko store=swift with store metadate of image = swift,file
  * [77e1eae] add blacklist test in poc-test: neutron: We not use qos extension
    for floating, test skipped is buggy method
    skip_if_no_extension_enabled_in_l3_agents need reason arg
  * [54a6438] add blacklist test in poc-test: neutron: We not use qos extension
    for floating, test skipped is buggy method
    skip_if_no_extension_enabled_in_l3_agents need reason arg
  * [72246b2] add blacklist test in poc-test: compute:work with
    fixed_network_name different of floating_ip network -> cant create port on
    it
  * [97e2a1d] add blacklist test in poc-test: compute:work with
   fixed_network_name different of floating_ip network -> cant create port on
   it
  * [28b7972] add blacklist test in poc-test: compute:work with
    fixed_network_name different of floating_ip network -> cant create port on
    it

  [ Olivier Chaze ]
  * [991c4c2] Enabling port_forwarding
  * [12ffa52] Enabling port_forwarding

  [ Axel Jacquet ]
  * [eb7b882] add blacklist test in poc-test: cinder:Encrypted volume not
    supported yet
  * [c284dbe] add blacklist test in poc-test: neutron:Tests passed with bigger
    timeout, 10 secod is to small , test is really long on Poc
  * [4d76392] add blacklist test in poc-test: neutron:route bgb announce wait
    for 1 route but have more i our setup but route are annonced
  * [44cf8cd] add blacklist test in poc-test: neutron:advertise route cant
    match expected value in our setup
  * [9c98576] add blacklist test in poc-test: neutron: try to test external
    connectivity real test, proxy ssh on public ip to priv ip but we don't use
    real public ip on our setup

  [ Thomas Goirand ]
  * [74dffcd] controller.pp: also enable port_forwarding if network nodes are
    the controllers.
  * [7c2adfd] New command oci-run-command-on-nodes
    See merge request openstack-team/debian/openstack-cluster-installer!64

  [ Axel Jacquet ]
  * [a09dba1] add blacklist test in poc-test: neutron: security group tests
    with to small timeout , 10seconde, works with highter
  * [5d41fb1] add blacklist test in poc-test: neutron: missing package in
    image for test, nc cmd

  [ Simeon Gourlin ]
  * [14300b5] In multi-ceph az setup, add all keys to libvirt on all computes
    to allow cross-az attach in nova

  [ Axel Jacquet ]
  * [ba772e2] add blacklist test in poc-test: volume: Work with check file in
    /etc and not in /tmp witch is rm after vms deletion --> need patch upstream
  * [5e59c0d] add blacklist test in poc-test: cinder old test: non determistic
    tests, random fail or succces
  * [2e53d0b] add blacklist test in poc-test: compute: Tiemout reached when
    snap is at 50%, works with increased value
  * [6adc8a9] add blacklist test in poc-test: compute: Tiemout reached for
    backup, works with increased value
  * [ec6b93d] add blacklist test in poc-test: compute: Timeout during upload
    image of shelving reached, shelve works fine
  * [4932961] Merge branch 'feat/vip6-support' into 'debian/caracal'
    feat: add virtual ipv6 address support and allow customization of nova
    host_subset_size
    See merge request openstack-team/debian/openstack-cluster-installer!65
  * [8ecf9a3] add blacklist test in poc-test: compute: Timeout during shelving
    reachede

  [ Simeon Gourlin ]
  * [eb36a0c] Merge branch 'fix/multi-az-cinder' into 'debian/caracal'
    fix: configure all availability_zones on all storage nodes
    See merge request openstack-team/debian/openstack-cluster-installer!66

  [ Thomas Goirand ]
  * [41252a1] Fix description for new v6 API cluster attributes.

  [ Axel Jacquet ]
  * [8a75bfa] add option to set pci ports for vms: default 16: issue upstream
    https://review.opendev.org/c/openstack/nova/+/545034

  [ Simeon Gourlin ]
  * [07299ba] Don't create a default volume type in Ceph config

  [ Thomas Goirand ]
  * [7c7f5a5] Correctly setup of Heat's trustee for when >= Yoga.
  * [e7cf4c6] oci-agent/oci-agent-report-status: Do not install racadm if
    server isn't from Dell.
  * [424ba18] swiftproxy_haproxy.pp: listen on both v4 and v6.
  * [4c3bb66] swiftproxy_haproxy.pp: listen on both v4 and v6 take 2.
  * [b310641] Add region_name when calling the main '::heat' class, so that
    region_name_for_services is automatically set.
  * [ebbf1ab] Merge branch 'feat/glance-http-proxy' into 'debian/caracal'
    Feat/glance http proxy
    See merge request openstack-team/debian/openstack-cluster-installer!67
  * [382c0bb] Octavia: Set controller_worker/user_data_config_drive to true.
  * [0faae8b] controller.pp: provision
    /etc/oci/monitoring_openstack_api_region with the region_name in it.
  * [791b941] controller.pp: - Syntax error when setting
    controller_worker/user_data_config_drive for Octavia. - missing
    region_name for heat.
  * [582bf31] Swift auto mount block devices toggle
    See merge request openstack-team/debian/openstack-cluster-installer!68

  [ Simeon Gourlin ]
  * [69a42b9] Adding ResellerAdmin role to ceilometer to query Swift

  [ Thomas Goirand ]
  * [30b73fc] Make puppet-module-rally as recommends rather than depends.
  * [f2c91ae] Move  puppet-module-puppetlabs-cron-core,
    puppet-module-puppetlabs-mount-core to recommends.
  * [619d506] controller.pp: add /etc/oci/monitoring_pass_rabbitmq
  * [e73e531] Adding cinder region in nova properly
  * [5b0431d] Adding cookie for Horizon and multi-region
  * [2053ef3] Disable AODH debug logs
  * [2598756] Add the possibility to redirect /horizon to a custom
    redirection URL.
  * [f14f696] Do not set default_nameserver_{1,2} when calling '::horizon'
    before Victoria (the patch isn't there in the puppet module).
  * [9685f99] No limitreqbody in horizon before Victoria.
  * [ae192c1] Tweak glance proxy only if glance is installed.
  * [5483dc5] swiftproxy.pp: ::swift::proxy::symlink only appears in
    Victoria
  * [f2a6687] swiftproxy.pp: compat with train.
  * [2b3eab0] Add bookworm-dalmatian to
    etc/openstack-cluster-installer/pubkey.gpg
  * [b6854ad] Switch to Dalmatian.

  [ Bertrand Lanson ]
  * [f87d764] fix: typo in heat trustee config

  [ Thomas Goirand ]
  * [cbc62fe] src/variables.json: tabs instead of spaces.
  * [1155cdc] controller.pp: trustee/user_domain_name set twice.
  * [e80e805] regression fix: Whitelist compute + volume nodes in the
    controller iptables port 3306.
  * [8949b53] controller.pp: Configure Nova's max_instances_per_host which by
    default is set to a low "50".

  [ Simeon Gourlin ]
  * [9859ee6] Fix messaging monitoring keystone url with extenal_keystone

  [ Thomas Goirand ]
  * [7bf3936] Promote  puppet-module-puppetlabs-cron-core and
    puppet-module-puppetlabs-mount-core as depends (from recommends).
  * [7d48a40] Also set default volume type when using OSDs on compute nodes
    See merge request openstack-team/debian/openstack-cluster-installer!70
  * [2541251] controller_iptables.pp: allow access to rabbitmq.

  [ Jim Scadden ]
  * [88134cb] Added support for ovs-bridge interfaces on nodes without a vm-net
    interface

  [ Thomas Goirand ]
  * [3d595ef] cp .csr optional
  * [354d953] src/variables.json: Use swiftstore, not swiftobject as role.
  * [b58077c] messaging.pp: correctly set region_name for gnocchi authtoken.
  * [584adf2] Merge branch 'fix/haproxy-ipv6-listener' into 'debian/dalmatian'
    fix: enable ipv6 listener on haproxy if ipv6 vip is enabled
    See merge request openstack-team/debian/openstack-cluster-installer!72
  * [8636033] oci-first-boot: check if /lib/systemd/system/mariadb.service
    exists before attempting to restart mysql.
  * [fe56ff2] sysctl.pp: Add net.ipv6.ip_nonlocal_bind, needed for the
    OpenStack API over v6.
  * [288ad6f] Fix syntax error.
  * [a293c1e] Merge branch 'fix/libvirt-restart-issue' into 'debian/dalmatian'
    fix: libvirtd restarting every 30 minutes on compute nodes
    See merge request openstack-team/debian/openstack-cluster-installer!73
  * [5fd59eb] Fixed versioned_writes and symlink pipeline stuff.
  * [6f4d683] Add a unic key in the passwd table.
  * [046e21e] Do not call swift::proxy::versioned_writes twice.
  * [bf5c03c] Promote puppet-module-rally as depens: as it is otherwise
    breaking CI.
  * [e731fc8] Use Glance without UWSGI, and do re-encryption with haproxy.
  * [49385fb] Fix glancecrypt backend path for glance.pem
  * [d3d81e7] Configure apache until end before attempting to configure
    haproxy, so they don't step on each-other's foot, both binding on port 80.
  * [7b4623e] Do not schedule haproxy before apache.
  * [6e756d1] Sleep 1 sec instead of 2 when spawning oci-poc-vms.
  * [e54e044] Better scheduling of controllers.
  * [8174fc1] Unfuck the puppet scheduling for all-in-one controllers.
  * [8f50f93] Dalmatian tempest blacklist.
  * [5050e73] Edit README.md for the PoC.
  * [d41c3ee] More doc for the PoC.
  * [d597bba] Document MY_IP in ikvswitch.conf.
  * [8d3ee1d] Document using an HTTP proxy for the PoC.
  * [3ef3b6b] Document host ssh to VMs in the PoC.
  * [121287a] Fix using chrony puppet module 3.x on bullseye.
  * [dd967fe] Always re-encrypt glance.
  * [1a2a73e] oci-cluster-upgrade-openstack-release: Do not attempt keystone
    upgrade if external.
  * [5dd8094] cluster-upgrade: check if components are present before doing
    upgrades.
  * [3de95a5] controller.pp: Fix heat::trustee for yoga and up, and cloudkitty
    coordination url too.
  * [eb0073f] Check the location of the VIP before upgrade. It *must* be on the
    controller where drains are performed.
  * [840eabc] exclude.conf: blacklist 5 more tests explaining why.
  * [3b7b877] PoC: reduce reserved memory and disk.
  * [6b26075] controller.pp Calling ::cloudkitty::storage before ::cloudkitty
  * [7c317fe] Also displaying passwords of type messaging.
  * [d73c111] Do not use transport_url = '', but undef instead.
  * [7d77219] controller.pp: remove enabled_certificate_plugins when calling
    ::barbican::api. What we do is the default in Victoria, and it's remove
    later on, so removing the param is the easiest way.
  * [2015bb5] Get controller.pp to work with Dalmatian.
  * [0bb066f] Removed amqp_sasl_mechanisms = 'PLAIN' everywhere: we're using
    rabbit/kombu, not amqp.
  * [784ba6b] compute.pp: Fix the cpu_models param of ::nova::compute::libvirt
    for Dalmatian.
  * [79ded48] swiftproxy and swiftstore: do not define config_file_path, as
    we're using the default, and in Dalmatian and up this param is gone.
  * [a65eeb8] PoC: Since it's often breaking, try multiple times to spam VMs
    with oci-poc-vms start
  * [5642f2c] PoC: Switch back to sleep 2s (and not 1) when spawning VMs.
  * [e50da15] Handle failure to spawn VMs.
  * [c405938] oci-fixup-compute-node: do not attempt to read
    /etc/nova/secret.xml, as this is handled in puppet.
  * [ef3d942] puppet.conf: increaste runtimeout to 2h instead of 1.
  * [f573828] Fix secret.xml with puppet and Dalmatian, using epp instead of
    erb.
  * [6ff69a9] Make tempest work with Dalmatian.

 -- Thomas Goirand <zigo@debian.org>  Sun, 13 Oct 2024 00:00:51 +0200

openstack-cluster-installer (42.3.9) unstable; urgency=medium

  * [662335a] oci-build-data-vg: Remove double-implementation of realpath.
  * [a9e0bbf] controller.pp: fix bug: set $allowed_intern_only before using it.
  * [ab4c537] ocicli: cluster-install in hyperconverged mode really waits for
    2nd pass puppet run.
  * [575872a] Add smartmontools as depends for oci-common.
  * [dbc64d0] oci-poc-provision: use machine-show to fetch cl3-ctrl-1,2,3 IPs
    to avoid fetching the VIP IP.
  * [a6300b0] tempest.pp: fixed syntax when setting-up region names.
  * [a9abd9a] Correct image name for Tempest.
  * [53dd0bd] Fix ext-floating1 as external network name for tempest.
  * [56c4da4] oci-poc-install-cluster-bgp: Use CEPH_1 as default volume type.
  * [55d5bb1] tempest.pp: Restrict tests.

 -- Thomas Goirand <zigo@debian.org>  Wed, 17 Apr 2024 08:50:03 +0200

openstack-cluster-installer (42.3.8) unstable; urgency=medium

  [ Thomas Goirand ]
  * [bce1962] exclude.conf: blacklist stacks_stack_list\.test_request
  * [ab0f913] Blacklist failint tests in Wallaby.
  * [e5c5934] Document using ikvswitch with the OCI-PoC
  * [2a3f2fd] controller.pp: also create the key-manager:service-admin role
    (needed for tempest).
  * [2e84088] Add load-balancer_observer role as well.
  * [f640d89] Add a new ocicli machine-ipmi-adopt command, useful when IPMI is
    using dhcp.
  * [215e6a3] Fix ocicli machine-ipmi-adopt.
  * [1f8a426] Another machine-ipmi-adopt fix.
  * [525eb65] oci-hdd-maint -l: Display firmware version of HDD with MegaRAID
    devices.
  * [77b4b3d] hardware_profile.php: also search for storcli64 (as top priority
    before others).
  * [473562a] oci-hdd-maint -l: use /usr/bin/storcli64 or /usr/bin/storcli_x64
    when available.
  * [523499e] oci-hdd-maint: use /usr/bin/storcli64 when evailable, order
    -pdlist and -vdlist by slot num.
  * [c97580d] oci-hdd-maint: report State and Spun with storcli64.
  * [1bb0751] Add a swift_df_report, so we can later on tweak /etc/rsyncd.conf
    depending on remaining space.
  * [0f8d15d] oci-hdd-maint: -vdlist: fix DG if it is == "-"
  * [130159a] oci-block-device-udev-sorting: revert R740xd patch, as something
    broke.
  * [8a667f4] Fix back 20-swift.conf as per the package: separate log file for
    each process.
  * [a8f4853] Fix + update the basic OCI install doc.
  * [4f79158] Added support for multiple time servers
  * [12f3079] Missing mkdir -p config/hooks/live when installing the
    install-kernel-from-backports.hook.chroot
  * [61184fd] For the moment, restrict filebeat to amd64 only (as we don't have
    arm64 packages for it yet).
  * [6ed88c0] openstack-cluster-installer-live-image-builder: add missing
    openstack-pkg-tools depends.
  * [57551b9] openstack-cluster-installer-build-live-image: Install
    firmware-qlogic when arch is not aarch64.
  * [75308dd] oci-agent: use ["port"]["id"]["value"] if ["port"]["descr"]
    doesn't start with en or swp.
  * [785305b] auto-racking: produce an error when product description isn't in
    auto-racking.json.
  * [5082760] auto-racking: report error when no LLDP info.
  * [511b66c] Better error message when product name not found.
  * [357c997] Add bash-completion for the --filter option.
  * [105cfae] openstack-cluster-installer-utils: add missing q-text-as-data
    depends, needed by oci-hdd-maint.
  * [59cbb86] oci-hdd-maint -vdlist: display missing slot num for JBOD drives.
  * [5a8a520] oci-block-device-udev-sorting: better ProLiant DL365 Gen11
    support.
  * [e8bff56] Relax IPMI username that can be set (use safe_password instead of
    safe_fqdn).
  * [ffcb0c5] Include drive-full-checker in swift's rsyslog config.
  * [4acf6ce] report.php: do not apply automations like RAID and so on if the
    server isn't in status=live.
  * [129f0b0] Fix sql syntax of previous commit.

  [ Olivier Chaze ]
  * [332b31b] adding haproxy rate limit

  [ Thomas Goirand ]
  * [c600d38] Fix merge-on-all-branches for the new release.
  * [db1bc3f] Set close-on-exec and close-on-exec2 on all uwsgi API services.
  * [bc064cb] Add disk-full prevention using swift-disk-full-checker and
    fallocate_reserve.
  * [b761ec8] swift: Use log_name_per_daemon=true.
  * [97ec1e8] poc-bin/oci-poc-install-cluster-bgp: set swift reserved space.
  * [73cf774] Fix rsyslog config for swiftproxy.

  [ Jim Scadden ]
  * [6cb1846] Don't listen for SSH on ceph-cluster IPs
  * [4a841b6] New OCI role type 'radosgw' * When radosgw node(s) are present
    additional PGs and users are created in Ceph * When there is no 'swift
    proxy hostname' defined, a swift frontend+backend is created in haproxy on
    the controller(s) and pointed to radosgw nodes (if there are swiftproxy
    nodes present then the backend will point to those instead). * When 'swift
    proxy hostname' is defined a haproxy frontend+backend is created on the
    radosgw nodes. If there are both swiftproxy and radosgw nodes present then
    it is up to administrator to ensure end user traffic is only sent to one of
    groups of nodes.

  [ Axel Jaquet ]
  * [6a30ca6] Add support for network agent zoning

  [ Thomas Goirand ]
  * PoC: configure 47 VMs, with a Keystone cluster and a hyper-converged
    compute-only cluster.
  * [632a92a] controller.pp: do firewall purge if not used as network node.
  * [b401067] volume.pp: populate /etc/keystone/puppet.conf instead of
    /etc/openstack/puppet/admin-clouds.yaml for xena and down.
  * [2aa3b7c] ocicli: use "--snifflimit 0 -d ," when using csvlook to avoid
    warning message.
  * [9ae005a] swiftproxy_haproxy.pp: fix calling of template for
    /etc/haproxy/custom_delay.lua
  * [ddc6c80] swiftproxy: Implement delay if rate is too high for some Swift
    accounts / containers.
  * [bc9905f] Fix typo in oci-hdd-maint HDD disposition output.
  * [a266bc5] compute.pp: fix using it with external keystone.
  * [95d4375] Add a --force-frr option for servers.
  * [24a3c46] Make ocicli also work with hostnames and encode the password
    when sending it, so we can accept + in the pass.
  * [5f26d33] machine-ipmi-adopt: Redirect stderr to /dev/null to avoid
    ugliness.
  * [c2e915b] PoC & keystone only cluster: make it possible to not install
    Barbican, Heat & Rabbit.

  [ Olivier Chaze ]
  * [4ce2769] Send absolute values rather than rate and interval 60 to match
    default graphite

  [ Thomas Goirand ]
  * [acc0bcf] Fix nova api microversion for Caracal.
  * [bc8251f] Add a 3rd interface to the OCI VM for IPMI.

  [ Simeon Gourlin ]
  * [07687ea] Adding error messages to monitoring plugin code

  [ Thomas Goirand ]
  * [8b704a3] messaging.pp & controller.pp: ::cloudkitty::processor doesn't
    have max_workers param in Yoga and up. fix typoe: brabican -> barbican.
  * [8b544b1] enc.php: Get swiftproxy.pp haproxy.cfg to order other swiftproxy
    hostname in correct numerical order.
  * [1fe3290] controller.pp: fix typo in barbican
    See merge request openstack-team/debian/openstack-cluster-installer!50
  * [3616a64] swiftcommon.pp: requires => Package['swift'] when creating
    /var/log/swift with swift as owner.
  * [7652f89] db_sync.php: Fix ALTER TABLE missing the $con variable.
  * [d8b508a] Fix-up installing OSD on compute nodes.
  * [cbf1f53] swift diskfull scenarios prevention: differentiate rsync and
    fallocate reserve.
  * [a16c446] PoC: implements swiftstore/swiftproxy reserved space

  [ Axel Jacquet ]
  * [2b6a64c] Add option to limit admin access to API based on source IP.

  [ Thomas Goirand ]
  * [64edd72] Add options for forcefrr and fix calling oci-first-boot from
    install-status.php
  * [151c3a0] oci-first-boot: now using /dev/disk/oci-sort when parsing
    /etc/oci/data-disk for formating CephOSD.
  * [38ca3cf] tempest.pp: Fix caracal microversion.
  * [26f9828] tempest.pp: Support external keystone
    See merge request openstack-team/debian/openstack-cluster-installer!53
  * [888e4a3] Add support for onboard ethernet interfaces
    See merge request openstack-team/debian/openstack-cluster-installer!52
  * [c182327] Manage dnsmasq_dns_servers option in /etc/neutron/dhcp_agent.ini
    in OCI.
    See merge request openstack-team/debian/openstack-cluster-installer!48
  * [d6e5658] controller.pp: do not set Keystone notification URL if there's
    no rabbitmq.
  * [c3812d5] oci-block-device-udev-sorting: more target for LinuxKVM +
    qemu-oci.
  * [d533711] oci-build-data-vg: use /dev/disk/oci-sort if available.
  * [2605631] tempest.pp: support up to Caracal.
  * [ed93fa7] tempest.pp: set region= whenever needed, which is mandatory for
    multi-region clusters.
  * [579a220] Increase RAM of network nodes to 8GB (instead of 5).
  * [dc8f17b] Updated regex for identifying switchport name
    See merge request openstack-team/debian/openstack-cluster-installer!54
  * [767577b] tempest.pp: fix img_file to use full path of image.
  * [ebc5d51] reset-lenovo-ipmi-password-age: check if ocicli and q are
    present, exit 0 if not (Closes: #1057083).

 -- Thomas Goirand <zigo@debian.org>  Wed, 10 Apr 2024 16:38:40 +0200

openstack-cluster-installer (42.3.7) unstable; urgency=medium

  * [3258401] oci-live: mkdir -p, not mkdir /p
  * [ccd5a21] openstack-cluster-installer-agent: use descr field instead of
    PortID value, so it works with ikvswitch.
  * [e61dbd6] More ikvswitch compat.
  * [b830bcf] auto-racking.json: define defaults values that work with
    ikvswitch.
  * [823d1e7] Set auto_rack_machines_info=yes by default.
  * [27566f5] Add "qemu-oci": { "num-u": 1 } in auto-racking.json
  * [d1a97f7] oci-poc-vms: new templates for servers, so it uses ikvswitch.
  * [062dc32] Add IPMI login / pass / ip saving to the vault / OpenBao through
    plugins.
  * [1d614f3] Add a --filter option to ocicli machine-list.
  * [39e7e2d] Add missing require_once("inc/plugin_ipmi_pass.php"); in
    src/install-status.php
  * [46ffdab] enable auto-racking in the PoC, since we're now using BGP-2-host.
  * [25aa16d] openstack-cluster-installer-poc now depends on ikvswitch.
  * [22dea5c] Kill the oci-poc-virtual-network init/service script, in the
    favor of ikvswitch.
  * [6939b46] Fix some typos.
  * [24598e2] poc-bin/oci-poc-install-cluster-bgp: Some fix-ups for network
    nodes.
  * [b899739] src/inc/slave_actions.php: correctly pass-in VLAN number if not
    using bonding.
  * [08ac350] Add puppet-module-rally as depends.
  * [36e4371] poc-bin/oci-poc-install-cluster-bgp: provision messaging VIP,
    use BGP.
  * [1d81310] Workaround a bug where /etc/oci/system-serial is sometimes empty.
  * [5af5111] controller.pp: fix username param called twice when calling
    ::neutron::server::placement
  * [0951763] oci-poc: Fully provision a culster using BGP-2-host setup using
    oci-poc-provision in the host.
  * [01a76f0] tempest: do not use admin_domain_scope
  * [913442e] tempest: use use_dynamic_credentials=true
  * [b3a9f25] tempest: compute/volume_device_name=sdb,
    compute/min_compute_nodes=2
  * [a90198f] tempest: Use only ext-floating1, not ext-net1
  * [2b2117a] utils/usr/bin/oci-poc-provision-network: uncomment the BGP
    internal network (aka: ext-net1).
  * [3b234da] Add oci-poc-ci.
  * [b300aff] octavia-openrc and swift-openrc: use region-postfixed usernames
    if needed.
  * [93a1678] Added octavia support in the PoC.
  * [21aa619] 6 more compute nodes.
  * [d114f49] utils/usr/bin/oci-poc-provision-octavia-network: fix syntax
    error.
  * [4e32b26] 38 VMs by default.
  * [a14d0d9] ocicli: do not install tempest servers by default when doing
    cluster-install, because they need provisionning of OpenStack frist.
  * [4803cab] PoC: provision flavors and az
  * [a8bf9eb] oci-poc-provision-network is to be run on CTL1
  * [dc7d63b] Fixup for oci-poc-provision-az.
  * [9622e55] oci-poc-provision: provision the tempest node automatically as
    well.
  * [a37b59b] Use 2 different flavors, and enable resize_available.
  * [27317d4] tempest: remove compute-feature-enabled/xenapi_apis
  * [0c3d974] Set --swift-public-cloud-middlewares yes.
  * [e2a5c54] tempest: set cinder_backup_available and neutron_dr_available.
  * [c24888e] tempest: set volume/backend_names (to: CEPH_1) and
    volume/storage_protocol (to: rbd).
  * [664245a] Copy /root/debian.qcow2 in the tempest server to enable scenario
    testing with it.
  * [f1bd126] Set compute VMs with 8 vCPUs.
  * [d6f5e42] Run tempest at end of oci-poc-provision, and use tempest
    exclude.conf
  * [58ea482] Correctly set poc's VMs vcpu num.
  * [edd4618] * ocicli/ocicli: display num of core and sockets * poc: compute
    with 8 VCPU.
  * [fd5aa2f] poc-bin/oci-poc-install-cluster-bgp: Add
    --swift-public-cloud-middlewares yes
  * [b3f2d6a] Remove set-x in poc-bin/oci-poc-ci
  * [dec6c92] Run tempest only once.
  * [20235f4] poc-bin/oci-poc-provision: get tempest node IP *after* it's
    installed.
  * [afabcb9] tempest.pp: set Cinder min/max API microversion.
  * [16082c1] oci-poc-ci: call oci-poc-setup before installing.
  * [7a5acf1] rework exclude.conf
  * [dbd1061] More excluded tests.
  * [b597f4d] controller.pp: fix heat and magnum domain user.
  * [b2ee18b] Upgrade tempest nodes when upgrading release.
  * [fb3feb5] More tests in exclude list.
  * [fbaaf07] Exclude the 10 slowest tests.
  * [3092df8] neutron-uwsgi: only one thread, to avoid "greenlet.error: cannot
    switch to a different thread"
  * [6d596a5] swift container: set replicator_node_timeout  => 120.
  * [f37f660] Merge branch 'bugfix/assign-ceph-ips' into 'debian/bobcat'
    Fix: Assign ceph IPs to cephmon and compute_is_cephosd nodes
    See merge request openstack-team/debian/openstack-cluster-installer!43

 -- Thomas Goirand <zigo@debian.org>  Tue, 23 Jan 2024 17:04:57 +0100

openstack-cluster-installer (42.3.6) unstable; urgency=medium

  * Re-upload source-only.

 -- Thomas Goirand <zigo@debian.org>  Thu, 21 Dec 2023 08:28:22 +0100

openstack-cluster-installer (42.3.5) unstable; urgency=medium

  * Misc fixes:
  * [02ed695] Do not clean-up /var/spool/cron/crontabs/keystone that is later
    re-added by Cron[oci-fernet-keys-rotate].
  * [3cfe6e6] fix doubled-defined orchestrator/coordination_url in messaging.pp
  * [a163754] add poc-bin/oci-poc-haproxy to setup haproxy in the virtualized
    PoC
  * [6195ab5] Add puppet-module-puppet as depends

  * bin/oci-cluster-upgrade-openstack-release:
  * [cc42e1b] Fix ::ceilometer::agent::auth uses auth_user, not username as
    param.
  * [f36711a] Fix swift_store_user for region-postfixed users.
  * [a8d69e6] Fix: always specify username in authtokens in case of region-name
    postfixed user.
  * [205b56a] Some more fixes for the same trouble.
  * [db4701a] oci-cluster-upgrade-openstack-release: include messaging nodes
  * [94f7eef] controller.pp: class Ceilometer::Agent::Auth is
    Ceilometer::Agent::Service_Credential starting with wallaby, not xena.
  * [3fb1b2d] Revert "Change indexer_url to local ip instead of database VIP"
    This reverts commit dd6f570ebd1b67e4702b24c2921317464f75e9d0.
  * [1945a7a] Lots of fixes in oci-cluster-upgrade-openstack-release
  * [a73a209] gnocchi database_connection uses $machine_ip instead of
    $sql_host.
  * [a48a968] messaging.pp: fix cloudkitty setup under Xena.
  * [4d8c945] Add cluster_check_status
  * [f504d64] Add haproxy-cmd on all hosts using haproxy.
  * [b46db6b] Huge enhancements on the cluster-upgrade script. :P
  * [182df40] Add wallaby -> xena dependency list.
  * [b7f8954] Also upgrade python3-neutron-dynamic-routing if exists.
  * [32492fb] Do not run puppet before everything is upgraded fully.
  * [0c86859] depends list for yoga
  * [97539d0] Fix xena -> yoga upgrade of deps in controllers.
  * [558063c] messaging.pp: fix, shouldn't manually set cloudkitty_config
    { orchestrator/max_threads in yoga.
  * [77682d5] In Yoga and up, ::ceilometer::cache is included from
    ::ceilometer, so we should call it first.
  * [3af43ae] depends list for yoga->zed upgrade.
  * [5c5b46f] never touches CEPH nodes, correctly upgrade horizon plugins
    when doing yoga -> zed.
  * [44b0b01] Fix ALL_NODES_BUT_CEPH.
  * [e717c06] Do initial-cluster-setup during xena -> yoga upgrade.
  * [4aae596] fix syntax error.
  * [a5b8d9a] Do not do initial-cluster-setup=yes.
  * [42e8255] Run nova-manage db online_data_migrations in loops until done.
  * [acf7339] Escape $RET properly when doing nova-manage db
    online_data_migrations
  * [83bf7d7] do the db-sync before enabling services.

  * hardware support:
  * [9565107] Use baseboard-serial-number as serial for GIGABYTE MZ01-CE1-00
    motherboards.
  * [655137e] Use a more generic way to report serial number.
  * [b7dad20] Report MZ01-CE1-00 GIGABYTE as Dataforge hydra-f
  * [580a590] oci-block-device-udev-sorting: Add Dataforge Hydra-F support
  * [9094290] common/usr/bin/oci-block-device-udev-sorting: correctly detect
    Dataforge drive order.
  * [5233429] Correctly support hydra-f HDDs scanning.
  * [7c746e3] oci-block-device-udev-sorting: Remove spaces after port number
    definition.
  * [e2cbe92] Do not install ilorest-chif on arm64.
  * [09e6eed] Avoid installing non-x86_64 stuff on other arch.
  * [e695021] use osbpo for non amd64 arch.

  * live-image-builder:
  * [70ecfbb] make it work under arm64.
  * [bdaa466] More arm64 support.
  * [59a943d] More code for arm64 live image handling, move
    openstack-cluster-installer-build-live-image into a separate binary, so it
    can be installed on a satelite server in order to build for foreign arch.
  * [a9ee6ec] Add oci-live to build the live image locally and remotely with
    multi-arch.

 -- Thomas Goirand <zigo@debian.org>  Wed, 20 Dec 2023 09:54:19 +0100

openstack-cluster-installer (42.3.4) unstable; urgency=medium

  * [67f291a] Display cpu_vendor and cpu_model_name when doing "ocicli
    machine-list -h"
  * [7d43101] Add reset-lenovo-ipmi-password-age to avoid IPMI password
    expiration on Lenovo hosts.
  * [d16ba43] Add TOTP support in Keystone + Horizon.
  * [6a68e46] Fix wrong admin password if not using external keystone. Also
    repair designate-central validation.

 -- Thomas Goirand <zigo@debian.org>  Wed, 15 Nov 2023 10:59:13 +0100

openstack-cluster-installer (42.3.3) unstable; urgency=medium

  [ Olivier Chaze ]
  * [dd6f570] Change indexer_url to local ip instead of database VIP

  [ Thomas Goirand ]
  * [377a8b8] Add multi-region support.

 -- Thomas Goirand <zigo@debian.org>  Fri, 10 Nov 2023 10:25:26 +0100

openstack-cluster-installer (42.3.2) unstable; urgency=medium

  [ Thomas Goirand ]
  * [4d920f8] openstack-cluster-installer-utils: depends on gnupg, not gnupg2
    (Closes: #1055405).

  [ Olivier Chaze ]
  * [d245a2d] Haproxy admin socket and reload haproxy instead of restart.
  * [1e2c431] Reload haproxy command misplaced.

  [ Philippe Seraphin ]
  * [77b00f0] Update oci-hdd-maint for calling disk-firmware-installer.

  [ Jim Scadden ]
  * [86783ee] Fix /etc/network/interfaces NIC names set to Array
    (Closes: #1054600).
  * [9370179] Support for custom repository package signing key
    (Closes: #1028481).
  * [eb18316] Fix puppet fails to determine cephnet IP address
    (Closes: #1054648).
  * [13c99f3] Factorize non-system block device list, fixing "Block device list
    can be incorrect when using NVMe drives and/or RAID" (Closes: #1054649).
  * [d2ea19c] ocicli: machine-guess-racking returns error when no match found
    (Closes: #1054593).
  * [afed002] Reduce PHP warnings in apache log (Closes: #1054598).
  * [5368c5a] Regex updates for Dell OS10 switches & BroadCom NXE NICs
    (Closes: #1054603).

 -- Thomas Goirand <zigo@debian.org>  Tue, 07 Nov 2023 10:25:21 +0100

openstack-cluster-installer (42.3.1) unstable; urgency=medium

  [ Thomas Goirand ]
  * [3a5d30c] Set min firmware version for ST20000NM002D (20TB Exos) as E004,
    since we need that on HPE DL345.
  * [d9095e0] Add oci-foreman.
  * [3d5b074] Fix serial detection fallback to system-uuid.

  [ Olivier Chaze ]
  * [c6151ad] increasing mon osd down out interval to avoid rebalancing data
    too soon

  [ Thomas Goirand ]
  * [c23ab3c] Add oci-swift-upgrade-hdd-firmware, using the
    disk-firmware-updater binary.
  * [0fb890e] filebeat: use systemd::dropin_file instead of just the file
    resource.

  [ Theo Gindre ]
  * [e4acf39] Delete monitoring and dns records when machine-destroy is called

  [ Thomas Goirand ]
  * [8b579a9] Do not use ::cloudkitty auth_section param if >= yoga.
  * [1998fee] Do not call keystone::client in bobcat and up.
  * [779f69f] Do not call neutron::client in bobcat and up.
  * [99f0676] Speed-up collecting machine list when doing cluster-install.
  * [b9394b1] Do not call ::nova::client on bobcat and up.
  * [6510713] CVE-2023-2088/OSSA-2023-003 and bobcat support: configure
    ::nova::keystone::service_user and ::cinder::keystone::service_user
  * [322a616] Fix cpu_model_real for Bobcat's puppet-nova.

 -- Thomas Goirand <zigo@debian.org>  Wed, 25 Oct 2023 17:27:28 +0200

openstack-cluster-installer (42.3.0) unstable; urgency=medium

  [ Thomas Goirand ]
  * Use a new field for the Designate ptr_zone_email.
  * Disable amphora logging in Octavia.
  * Depends on default-mysql-server | mariadb-server, not just
    default-mysql-server.
  * openstack-cluster-installer-build-live-image: do not attempt to install
    megactl, megamgr and dellmgr when installing megacli in the live image.
  * openstack-cluster-installer-agent: use first RAID controller (head -n 1).
  * oci-block-device-udev-sorting: Add ProLiant DL365 Gen10 Plus support.
  * Add support for using storcli instead of megacli.
  * Set keystone_authtoken/service_type in cinder.conf.
  * Add support for puppet-openstack Antelope.
  * network.pp: rotate /var/log/conntrackd-stats.log daily.
  * Fix: new compute not being discovered automatically (because of a not
    defined $clusterid in a MySQL query).
  * New ocicli feature to re-assign the IPMI address of a server.
  * Add support for HPE ProLiant DL345 Gen11.
  * Swiftstores: do not attempt to XFS format nvme0n1 if nvme0 is the system
    disk.
  * lldpd: list existing NICs instead of just eth*, which doesn't work with
    BIOS names.
  * Agent: report version of MegaRAID 12GSAS/PCIe Secure SAS39xx controller.
  * Fix handling of CPU model extra flags params.
  * Add oci-poc-virtual-network.service (Closes: #1039302).
  * Increased the size of the BIOS version field to 64 chars
    (Closes: #1028457).
  * Correctly transmit "$self_signed_api_cert" to messaging nodes.
  * Applied patches sent by Jim Scadden to the Debian BTS. Thanks a lot to him
    for his bugfix contributions:
    - fix ocicli machine-guess-racking returns error when no match found
      (Closes: #1053506).
    - fix 500 error on oci agent first report (Closes: #1053507).
    - fix puppetserver sign command needs updating for puppet 7
      (Closes: #1053510).
    - Use "dmidecode -s system-uuid" on QEMU VMs in some cases
      (Closes: #1053513).
    - Bugfix for handling NICs which do not report a speed (Closes: #1053514).
  * Cleans better.

  [ Axel Jacquet ]
  * Use a new field for managed_resource_tenant_id.
  * Add deployment of MySQL server + rally in the Tempest role.

 -- Thomas Goirand <zigo@debian.org>  Fri, 06 Oct 2023 10:00:43 +0200

openstack-cluster-installer (42.2.5) unstable; urgency=medium

  * Fix in Zed: swift-proxy delete_concurrency.

 -- Thomas Goirand <zigo@debian.org>  Mon, 20 Feb 2023 15:48:42 +0100

openstack-cluster-installer (42.2.4) unstable; urgency=medium

  * Add a default designate_policy.json in Horizon enforcing dnsmember
    requirement to display the DNS panel.
  * Add Bookworm support:
    - Add support for the new non-free-firmware in bookworm and up.
    - Fix idna_convert.class.php to support PHP 8.2.
    - Fix implode() call wrong param order in ssh.php's send_ssh_cmd().
    - Do not install netcat in --postinstall-packages, as it's gone from
      bookworm, and openstack-cluster-installer-common already depends on
      netcat-traditional.
    - oci-hdd-maint: add ThinkSystem SR665 HDD disposition.
    - Fixups for Puppet >= 7.
    - Add puppet-module-puppetlabs-sshkeys-core as Depends.
    - Depends on puppetserver | puppet-master.
    - oci-poc: add [master] section if missing from puppet.conf.
    - Mount /var/log, /var/lib/automysqlbackup on a data disk on messaging
      nodes (if such disk exists).
    - Add missing depends: puppet-module-puppetlabs-cron-core.
    - PoC: fix the vip interface name to be ens5, instead of eth1. Also, allow
      more flexibility (ie: any eth name) for network interface selection in
      the OCI's IPAM.
    - Add puppet-module-puppetlabs-mount-core as depends (needed for swift).
    - src/api.php: Also fix NIC string check for network_add.
    - Volume nodes: build the lvm.conf filter AFTER building the vg.

 -- Thomas Goirand <zigo@debian.org>  Mon, 20 Feb 2023 14:36:19 +0100

openstack-cluster-installer (42.2.3) unstable; urgency=medium

  * openstack-cluster-installer-poc: do not depends on grub-efi-amd64-signed,
    not available in arm64, suggests: it instead.

 -- Thomas Goirand <zigo@debian.org>  Mon, 16 Jan 2023 10:37:27 +0100

openstack-cluster-installer (42.2.2) unstable; urgency=medium

  * Add call to ::cinder::nova in compute.pp when having OSDs in the cluster.
  * Add call to ::cinder::nova in volume.pp.
  * Only suggests grub-efi-{amd64,arm64}-signed, because OCI is arch:all and
    can't depends on grub-efi-amd64-signed. Only copy grub / shim to the tftp
    folder if it's available.

 -- Thomas Goirand <zigo@debian.org>  Thu, 05 Jan 2023 10:37:36 +0100

openstack-cluster-installer (42.2.1) unstable; urgency=medium

  * Fix filter:tempurl/prefix_path -> filter:tempurl/path_prefix in
    swiftproxy.pp.
  * Increase net.core.somaxconn to 65536 on all nodes.
  * Make oci-build-nova-instances-vg do bind mounts for
    /var/lib/{libvirt,nova,cinder} instead of just /var/lib/nova/instances.
    This better fits setup with Ceph.
  * Added DSS 1510 support in oci-block-device-udev-sorting.
  * Make Designate work.
  * Make it possible to customize VXLAN VNI ranges per clusters.
  * Add support for Yoga.
  * Setup an additional VG in controllers if a data disk exists, and use it for
    Glance image upload temp dir in Horizon.
  * swift: add rsync bandwidth limiting for rsync (very useful when doing
    rebalance).
  * Install also by default a few firmware:
    - firmware-linux-free
    - firmware-misc-nonfree (contains intel NICs)
    - firmware-qlogic
  * Add --order/-o <hostname|racking|zoning> option to ocicli machine-list.
  * horizon: set $password_retrieve = true by default (inconditionally) to
    enable password retrieval from metadata (encrypted with the user SSH
    public key). That's mandatory for Windows install.
  * Use the new rsync_module_per_device puppet-swift feature.
  * controller+messaging MariaDB: set innodb_buffer_pool_size to total_ram / 8
    plus add innodb_flush_log_at_trx_commit = 2.
  * Implement client/server PKI auth for VNC.
  * Octavia: disable bad cypher by default.
  * Barbican: install barbican-worker by default in the controllers.
  * Add UEFI support.
  * Add designate-tlds support, and documentation.
  * Fix live image autologin (Closes: #1027800).
  * Removed puppet-master dependency as the server is currently removed from
    Debian until Puppet 6 or 7 is packaged.

 -- Thomas Goirand <zigo@debian.org>  Wed, 26 Jan 2022 16:49:39 +0100

openstack-cluster-installer (42.1.0) unstable; urgency=medium

  * Fix haproxy rate which was 10 times too low.

 -- Thomas Goirand <zigo@debian.org>  Tue, 25 Jan 2022 11:01:28 +0100

openstack-cluster-installer (42.0.0) unstable; urgency=medium

  [ Kevin Allioli ]
  * Added swift erasure coding support.
  * Correct the list of allowed methods for ::swift::proxy::tempurl, also set
    filter:tempurl/prefix_path.
  * Tweaks for designate integration.

  [ Thomas Goirand ]
  * Set nova::api max_limit to 10000.
  * Add a install_cloudkitty_dashboard flag.
  * Add oci-ilorest wrapper.
  * Correctly check for Horizon availability on haproxy.
  * Lower the privileges of the backup user used for Galera replications.
  * Fix ceilometer for floating ips polling.
  * Fix unix rights of /var/log/swift/*.log files using puppet.
  * Configure heat_api/heat_api_root.
  * Make it possible to skip installation of Telemetry completely.
  * Fix the puppet stuff for Xena.
  * Make Octavia installation optional.
  * Use ilorest to configure ProLiant DL385 Gen10 Plus boot device (add
    ilorest as depends).
  * ::ceilometer::keystone::auth': do not pass the parameter configure_endpoint
    when >= victoria.
  * Fix collector_gnocchi/region_name call goes in cloudkitty::processor when
    >= xena.
  * Correctly install OCI root CAs in the target systems.
  * Configure Nova + Libvirt to do live migration over libvirt native TLS.
  * Add the possibility to add a --fixed-ip parameter when doing machine-add.
  * Restart MySQL in case of start failures on controller + messaging.
  * Add OpenStack deployment over OpenStack VMs CI script.
  * tempest.pp: increase ssh and image build timeout, and handle microversion
    min and max for both Placement and Nova.
  * utils/usr/bin/oci-build-cinder-volume-vg: handle /dev/disk/oci-sort.
  * openstack-cluster-installer-common: add racadm bash-completion script.
  * oci-hdd-maint: make sure the script is ran as root, exit 1 otherwise.
  * Implement radius auth using php-dapphp-radius if php-radius is not
    available (php-radius is removed from bookworm because it doesn't build
    against PHP 8.x). Set depends to php-dapphp-radius | php-radius.

  [ Cyril de Bourgues ]
  * use the new way for external healthcheck & add don't lognull.

  [ Simeon Gourlin ]
  * Modify disk install parameter for hardware raid setup.

 -- Thomas Goirand <zigo@debian.org>  Thu, 18 Nov 2021 14:54:01 +0100

openstack-cluster-installer (41) unstable; urgency=medium

  [ Thomas Goirand ]
  * Fix poc-bin/oci-poc-install-cluster-swift with the new VM layout.
  * Add udev rule and sort script to restore sanity in drive orders on
    HP DL385, Qemu and others.
  * Handle region_name per cluster.
  * Set net.ipv4.ip_nonlocal_bind on all servers, needed if we set
    LocalAddress in sshd + bgp-to-the-host.
  * Cloudkitty: use keystone as fetcher_backend.
  * Fix rabbit URL for ceilometer notifications in the controller.
  * Add ceilometermiddleware support for swiftproxy.
  * Call ::nova::cinder for any OpenStack release >= train, in both the
    controller and compute classes.
  * Add support for Ceilometer dynamic pollsters.
  * Make Nova's reserved_host_memory_mb configurable, and set default to 16GB.
  * Add optional activation of tempurl, symlink and staticweb swiftproxy
    middlewares on swiftproxy nodes.
  * Move cloudkitty & gnocchi dbs to the messaging nodes, on a new Galera
    cluster for billing.
  * Automatically write /etc/ceilometer/gnocchi_resources.yaml from
    /etc/openstack-cluster-installer/gnocchi_resources.yaml. Same with
    /etc/cloudkitty/metrics.yml for the processor.
  * Rate limit the API to a customizable value, at the iptables level (default:
    100 queries/s connection max per /24), and haproxy (default: 20 concurrent
    sockets), with no limit for cluster internal use.
  * Increased memcached max_connections to 16k (instead of 8k).
  * Only keep 7 days of haproxy logs instead of the default which is 52.
  * controller: also install python3-pankoclient.
  * Configure by default the number of keystone uwsgi workers.
  * Added filebeat support.
  * Add missing pciutils depends in the openstack-cluster-installer-common
    package (the agent uses it).
  * Manage the number of API workers with $::os_workers and the new classes
    foo::wsgi::uwsgi contributed to puppet-openstack.
  * Add code to force a debian suite name for the MegaCli repo.
  * Setup postfix with correct relayhost in all machines of clusters.
  * Use "ceph-volume lvm batch --osds-per-device 2" instead of calling the
    ceph::osd class to create the OSDs.
  * Allow overriding the debian suite name for the HPE repo.
  * Add support for installing PERCCLI.
  * Fix swiftproxy.pp haproxy setup for Bullseye (ie: haproxy >= 2.1).
  * Add missing call to class { '::octavia::housekeeping': } in controllers.
  * Transmit all of the PKIs through the ENC, so there's no need to use a
    script to update them. Administartors can simply edit the SSL key
    materials on the OCI machine under /var/lib/oci/ssl/slave-nodes. The
    puppet manifests are now taking care of updating the certs, and restarting
    daemons appropriately.
  * Fix-up correct rights and location for PKI materials in the cluster.
  * Addresses OSSN-0088: disable glance metadef for non-admins.
  * Fix compute node setup in case there's no data disk.
  * Set enable_new_services => false when calling nova::conductor, to have new
    compute nodes appear disabled by default, which is better for production.
  * oci-poc: added support for AMD virtualization, and added modprobe.d options
    to enable nested virtualization.
  * Add an option to not provision CephOSD automatically.
  * Optionnaly, OCI can set an HTTP proxy in the aodh-notifier's service
    environment, which is very useful if the controller have no internet
    access (this way, aodh-notifier can notify any URL).
  * Do not attempt to setup swiftstore disks if they appear commented out in
    the fstab.
  * Add an option to install Panko or not (do not install by default).
  * Set correct collect_statistics_interval and cluster_partition_handling.
  * If using victoria and up, do not use SSL for Glance, as the package has
    changed to not use UWSGI, and therefore, lost SSL support.
  * Added support for Manila (share as a service).
  * Add VRRP auth password (for Neutron L3 routers in HA).
  * Make it possible to select available Horizon themes.
  * Report and display machine block device controller and ethernet driver,
    with their firmware driver version.
  * Add a custom oci_facts.yaml in each nodes in /etc/facter/facts.d,
    maintained by both puppet and at provisionning time. This is helpful for
    anyone willing to customize his puppet environment depending on node role
    and this type of info, directly in puppet or hiera.
  * Depends on qemu-system, not just qemu (Closes: #992951).

  [ Axel Jacquet ]
  * Added rate limit for swift proxies.

 -- Thomas Goirand <zigo@debian.org>  Tue, 16 Feb 2021 19:08:35 +0100

openstack-cluster-installer (40) unstable; urgency=medium

  * Fix compute.pp, volume.pp, swiftproxy.pp and network.pp not having the
    $all_rabbits_ips parameter and failing to apply.
  * Fix calling auto-join-rabbit-cluster in messaging nodes.
  * openstack-cluster-installer-build-live-image: do not modify config/build
    if the file doesn't exist.
  * Correctly schedule keystone bootstraping before doing the roles.
  * ocicli cluster-install: display VOLUME, SWIFTPROXY and SWIFTSTORE when
    installing them.
  * oci-poc: correctly bridge 192.168.105.1/24 to the ocibr1 (ie: the bridge
    connected to the eth1 of all VMs) instead of eth0, correcting the floating
    IP connection to the VMs.
  * oci-poc: allow using .raw images for glance upload.

 -- Thomas Goirand <zigo@debian.org>  Wed, 10 Feb 2021 10:27:28 +0100

openstack-cluster-installer (39) unstable; urgency=medium

  * Add -y flag when installing HPE tools.

 -- Thomas Goirand <zigo@debian.org>  Mon, 01 Feb 2021 17:39:43 +0100

openstack-cluster-installer (38) unstable; urgency=medium

  * Correctly generate passwords for service='bill'.
  * Switch to netcat-traditional instead of netcat (Closes: #981499).
  * Allow setting-up gnocchi-api on messaging+bill{mon,osd} separate nodes to
    enable better scalling.

 -- Thomas Goirand <zigo@debian.org>  Mon, 01 Feb 2021 17:24:34 +0100

openstack-cluster-installer (37) unstable; urgency=medium

  [ Thomas Goirand ]
  * oci-fixup-compute-node: Do not perform libvirt hack if not in stretch or
    buster.
  * Add HPE non-free tools installation support (hponcfg, storcli, ssacli),
    and automatically activate IPMI over LAN on them.
  * Fix typo when selecting ceph or swift backend for Glance.
  * Use roundrobbin (instead of source) for nova-api HAProxy backend.
  * oci-hdd-maint: reports correctly the serial numbers of HPE SmartArray
    connected HDD/SSD.

  [ Cyril de Bourgues ]
  * Add 3 swift ring management utilities.

 -- Thomas Goirand <zigo@debian.org>  Sun, 31 Jan 2021 19:14:44 +0100

openstack-cluster-installer (36) unstable; urgency=medium

  * Fix galera_package_name when installing the Galera cluster.

 -- Thomas Goirand <zigo@debian.org>  Thu, 21 Jan 2021 23:38:57 +0100

openstack-cluster-installer (35) unstable; urgency=medium

  * oci-poc: restart isc-dhcp-server after starting VMs.
  * Add billmon and billosd roles, to have an independent Ceph for Telemetry.
  * Install chrony by default in target machines, not ntp.
  * Fix corosync setup with the Bullseye 3.1.x version.
  * Fix haproxy >= 2.1 incompatibility with reqrep / rspirep.

 -- Thomas Goirand <zigo@debian.org>  Thu, 21 Jan 2021 18:02:51 +0100

openstack-cluster-installer (34) unstable; urgency=medium

  * Upgrade IPMI before BIOS (as that's what Dell server needs). Also
    correctly report r420/r620 lifecycle version.
  * Fixed reporting phys block device size when MegaCli returns SECTOR_SIZE=0.
  * Report r420 / r620 Lifecycle version correctly.
  * Add ceph_osd_initial_setup to stop provisionning Ceph OSD once the cluster
    is in production.
  * Add force_no_bgp2host to make it possible to setup a compute cluster using
    bgp-to-the-host, but forcing Network nodes to use L2 connectivity.
  * Allow using non-DVR setup, with central network nodes (though using DVR for
    east-west traffic).
  * Fix distribution names inside the live image for the new version of
    live-build.

 -- Thomas Goirand <zigo@debian.org>  Tue, 19 Jan 2021 09:20:40 +0100

openstack-cluster-installer (32) unstable; urgency=medium

  * Removed the oci-poc-vms init script, and make it a normal shell script.
  * Fixed oci-poc-install-cluster-full to run with the new oci-poc-vms.
  * It's now possible to set %%COMPUTE_AGGREGATE%% in the "machine-set": of
    hardware-profile.json, and it will be replaced by whatever is set as
    compute-aggregate in auto-racking.json.
  * Add a new machine-renew-ipmi-password command to ocicli.
  * Setup kvm_intel / kvm_amd nested=0/1 at provision time, so it's not needed
    to reboot compute nodes after install to enable nested virt. Also support
    nested virt for amd processors.
  * Add a cluster option nova_scheduler_prefers_hosts_with_more_ram,
    controlling the ram_weight_multiplier (-1 / 1) of the Nova Scheduler.
  * Add messaging nodes for separate, dedicated, notification bus, which is
    increase the reliability if using notifications (no risk to overload the
    central rabbitmq service with the notification messages).
  * When there's both Ceph and Swift available, make it possible to select
    which type of backend to use for Ceph.
  * Made installing magnum optional.
  * Switch to using ceph-volume from the puppet-ceph class.

 -- Thomas Goirand <zigo@debian.org>  Tue, 12 Jan 2021 13:16:58 +0100

openstack-cluster-installer (31) unstable; urgency=medium

  * Agent: fix MegaRAID detection.
  * report.php: allow dots in HDD models and size.
  * Commands machine-megacli-apply and machine-check-megacli-applied can be
    used without a hardware profile name.
  * Add machine-guess-racking and machine-auto-rack, for filling-up the racking
    information automatically looking-up LLDP information against the
    /etc/openstack-cluster-installer/auto-racking.json configuration file.
  * Deny public access to SMTP, Keystone, Heat CFN and Aodh API on the VIP.
  * Add API calls to record hosts in DNS, add hosts to monitoring, and change
    plus record host root passwords. All of this using plugins in the form of
    customizable shell scripts.
  * Cinder-volume: allow one backend per disk.
  * Run ipmitool lan set 1 cipher_privs Xaaaaaaaaaaaaaa on R410/R610.
  * Add puppet-module-etcddiscovery as depends of puppet-module-oci.
  * Set the chassis/system serial as hostname in the live image, so that LLDP
    and dhclient uses it to advertize and broadcast a more meaningful hostname
    than just "debian".
  * Add "ocicli machine-auto-add" which adds a machine automatically to a
    cluster defined in openstack-cluster-installer.conf, using the role matched
    by the hardware-profiles.json, and the location defined in the
    auto-racking.json configuration file.
  * Add the possibility to completely automate:
    - megacli profiles.
    - racking info (ie: data center and rack position auto-fill).
    - adding machine to clusters.
    - installing the OS.
    This effectively makes it possible to automatically auto-provision servers
    in a "hand-free" mode as soon as they are plugged and booted.
  * Add --blockdevs / -b option to ocicli machine-list to display block
    devices.
  * Add an option to set the initial drive weight for swift.
  * Fixed VIP hostname in /etc/hosts if it was customized.
  * Add hdparm as runtime depends of -utils.
  * Also copy {account,container,object}.builder files when installing swift
    store and proxy nodes.
  * Install numactl and numad, and start numad on compute nodes.
  * Increases buffer for net.ipv6.neigh.default.gc_thresh{1,2,3} (previously
    done only for IPv4).
  * Do not include :443 in the keystone endpoint.
  * Stop generating /root/openrc.
  * Create all necessary Keystone roles, only in the first master, and only if
    the service is installed.
  * swiftproxy: set other proxies as backup in haproxy.
  * ocicli machine-list: sort machines by a much more natural order, which
    works in both cases where a machine has been added to a cluster or not:
    - .role,(.hostname|length),.hostname,.product_name,.serial
  * Add support for CephOSD on compute machines (ie: hyperconverged).

 -- Thomas Goirand <zigo@debian.org>  Fri, 27 Nov 2020 09:25:23 +0100

openstack-cluster-installer (30) unstable; urgency=medium

  * Better output for drives with MegaCLI in oci-hdd-maint.
  * Allow for on-the-fly change of machines IPMI network (can be needed if
    the IPMI network list and DHCP configuration has changed).
  * Switch all of the VMs of the oci-poc to virtio-scsi by default (instead of
    virtio-blk) so that we can test trim/discard.
  * oci-cluster-upgrade-openstack-release: Only perform OVS upgrades if the
    package openvswitch-common, and apt-cache policy shows it will upgrade.
  * Add installation of anacron in generic.pp (ie: all nodes).
  * Added oci-cluster-upgrade-old-swift-oci, to be run on the OCI machine, to
    upgrade from the older type of Galera setup that OCI was doing in the OCI
    released in Buster.
  * Make it possible to use Ceph from official Debian backports.
  * Live image: use by default a text-mode syslinux, so that it works over
    serial console. Also set the default timeout to 20 seconds.
  * Add a machine-wipe command to wipe the HDD when the machine is in live.
  * Add a cluster-reset, to reset all machines into live.
  * Fix cluster-install, so it really works now.
  * Add cluster-rolecounts-list / cluster-rolecounts-set commands.
  * Add -y and -u options in oci-hdd-maint.
  * Generate a root ssh key on all machines, and allow ssh as root from one
    volume note to another, to make backups of LVM over ssh possible.
  * Agent: do not report what lsblk reports as trans:iscsi.
  * Add racadm get BIOS.BiosBootSettings.HddFailover Enabled for r740xd.
  * Default to max_stacks_per_tenant=5000 (upstream default is 100).
  * Do not manage Octavia Amphora flavor in nova if not in initial cluster
    setup mode, in order to speed-up the run.
  * Allow renaming of the external network names, per compute/network node.
  * Activate enable_proxy_headers_parsing when available.
  * Small fix for per-machine libvirt extra CPU flags.
  * Use networks instead of each individual machines to do the swiftstore
    firewalling. Also firewall swiftproxies, which can also be stores.
  * Allow to use hostnames instead of chassis serial in many API calls.
  * Add an option for LVM volume nodes to configure reserved_percentage and
    max_over_subscription_ratio.
  * Remove options for LVM volume nodes max_luns_per_storage_group and
    check_max_pool_luns_threshold as it is specific to VNX driver.
  * Add a per (compute|network) node option to install Neutron BGP dragent.
  * Allow Dell Lifecycle automatic upgrades within the Agent.
  * Report and display all block devices handled by MegaCli (ie: LSI RAID
    controllers).
  * Automate building megacli RAID devices.
  * Use DEFAULT/default_ephemeral_format=ext4 in Nova.

 -- Thomas Goirand <zigo@debian.org>  Mon, 31 Aug 2020 11:07:18 +0200

openstack-cluster-installer (29) unstable; urgency=medium

  * Add the setup of a tempest node.
  * Write a correct oci-write-lvm-filter to be used in compute and volume nodes
    at first boot: it lists devices present in /etc/oci/data-disks only.
  * Fix enc not sending Gnocchi's statsd UUID.
  * Make cinder-api run on uwsgi, not Apache, if using >= Train.
  * Add Ussuri support in controller.pp & compute.pp.
  * Add -f flag in oci-hdd-maint when formating an XFS partition.
  * Add oci-cluster-upgrade-openstack-release to enable scripted upgrades from
    one OpenStack release to the next.
  * Switched cinder-api to uwsgi even in Stein.
  * Add oci-poc-provision-cloud in -utils, so it's easier to setup the PoC.
  * Add configuration of Nova's limit_tenants_to_placement_aggregate.
  * Send racadm command to set boot device for r740xd machines.
  * Configure /etc/ssh/sshd_config so that servers don't have the ssh listening
    on public IPs. We're listing ssh host key certs using a custom puppet fact.
  * The cluster values in variables.conf are now automatically transmited to
    the nodes matching the roles: of the matching entry.
  * Added initial and experimental support for Designate.
  * Improved oci-hdd-maint to show correctly the RAID slots, size, model and
    serial of HDDs.
  * Removed the dependency on approx.

 -- Thomas Goirand <zigo@debian.org>  Sat, 25 Apr 2020 21:24:54 +0200

openstack-cluster-installer (28) unstable; urgency=medium

  * Do not use StrictHostKeyChecking=no when rsyncing fernet tokens, as we have
    signed ssh host keys.
  * Add missing authors from d/copyright.
  * Add an option for LVM volume nodes to configure volume_copy_bps_limit.
  * ocicli: use csvlook from csvkit instead of column by default.
  * Fixup volume backup backend in volume.pp
  * Make it possible choose ceph or swift for cinder-backup.
  * Add oci-puppet to lauch puppet -t more easily.
  * Fix ports for Ceph OSDs so that they are each 4, not each 3 ports.
  * oci-make-osd: Fix calculating DEFROUTE_IP if using BGP 2 host.
  * Prioritize Swift over Ceph as a backend for cinder-backup and Glance.
  * Load kernel and ramdisk over http instead of tftp (much faster).
  * Make Glance swift-backend works if we're using a local swift and a
    non-rocky setup.
  * Fix generating the scp-ring script so it doesn't scp to IPMI IPs.
  * Fix swift ring building so it wont add IPMI IPs.
  * Add a new oci-cluster-upgrade-stretch-to-buster.
  * Set arp_responder to True everywhere.
  * Fix ipxe.php to chain to any IP address that runs on the PXE server, not
    just hardcoded 192.168.100.2.
  * Fix Glance over Ceph when >= train.
  * Add filters to lvm.conf to avoid nested LVM issues.
  * Add a new oci-cluster-upgrade-stretch-to-buster script to minimize downtime
    when upgrading from stretch.
  * Automatically add new cluster's SSH CA key into OCI's
    /etc/ssh/ssh_known_hosts
  * Configure ocicli within the PoC's PXE server.
  * Add a PoC oci-poc-{save,restore} to be able to save a cluster state.
  * Add sync-oci-code script.
  * Make neutron's global_physnet_mtu and path_mtu tweakable cluster variables.
  * octavia::worker: base image now uses 4GB HDD.
  * Add oci-cluster-upgrade-stretch-to-buster script (currently PoC)
  * Allow controllers configuration for Cinder storage_availability_zone and
    default_volume_type
  * Do not manage policy-rc.d for keystone if not using Rocky.
  * Redirect output of oci-fernet-keys-rotate to /dev/null to avoid cron job to
    spam.
  * Fix ENC regarding non-master-controller IPs.
  * Do not use StrictHostKeyChecking=no when rsyncing fernet tokens, as we have
    signed ssh host keys.
  * Add a --first-master option to ocicli cluster-set, so one can change who's
    the first master in the cluster.
  * Fix-up volume.pp to allow using ceph as backend for cinder-backup.

 -- Thomas Goirand <zigo@debian.org>  Sun, 29 Mar 2020 22:18:39 +0200

openstack-cluster-installer (27) unstable; urgency=medium

  * Automatically call "nova-manage cell_v2 discover_hosts" when an hypervisor
    is finished to install with puppet.
  * Fixed wrong parameter definition in swift{store,proxy}.pp classes.
  * Add --notes to ocicli.
  * Also report and display Dell's Lifecycle controller version.
  * Apply Dell racadm serial configuration by default when setting-up IPMI.
  * Add a "machine-apply-ipmi" command to ocicli, so that IPMI config can be
    re-applied with the current db configuration.
  * Add IPMI value settings in ocicli machine-set (doesn't commit).
  * Add configuration of IPMI VLANs.
  * Use escapeshellarg() for the username and pass when calling ipmitool.
  * Add an ocicli check-all-ipmi command.
  * Enhanced a lot machine-list, now has options to display whatever the user
    needs to be output, so that it may fit on a normal screen.
  * Also install syscfg on machines using iDRAC6 or 7.
  * Fix "ocicli cluster-list" when no cluster is defined.
  * Cannot delete a location if a network is using it.
  * Cannot delete a region if some locations are using it.
  * Cannot delete a cluster if some networks or machines are using it.
  * Add the concept of first and last IP of a subnet, and rework the IP
    allocation logic.
  * Correctly schedule the Galera cluster, so that the first Galera node will
    start first, then other controllers will wait for its SQL Galera to be up
    before attempting to join the new Galera cluster.
  * Fixed a bug in enc_get_mon_nodes() which was always using cluster_id='1',
    so failing if the cluster had a different ID.
  * Do not attempt db_sync for services if the node is not first_master, or if
    initial_cluster_setup is set to no.
  * Add a system to sign SSH host keys, so that the cluster can trust itself,
    and nova can safely scp disk images when migrating VMs.
  * Get the LLDPD info for each nic, store that in the db, and display with
    "ocicli machine-list -h".
  * Fix serial number fetch by the OCI agent on Supermicro machines.
  * Review the boot processs, and now correctly wait for networking to be up,
    plus package every binaries of the installed server in a -utils package.
  * Also automatically sign the live image host keys, and trust it.
  * Really disable notifications if disabled (by setting noop driver).

 -- Thomas Goirand <zigo@debian.org>  Fri, 10 Jan 2020 11:45:31 +0100

openstack-cluster-installer (25) unstable; urgency=medium

  * oci-agent: Add missing Breaks+Replaces (<< 24~) (Closes: #947385).

 -- Thomas Goirand <zigo@debian.org>  Fri, 27 Dec 2019 21:17:05 +0100

openstack-cluster-installer (24) unstable; urgency=medium

  * Also delete /var/lib/openstack-cluster-installer-poc on purge
    (Closes: #905516).
  * Add chmod after copy function for ssh private key on controllers
  * Set defaults_options max_conn to 40960 in swiftproxy.pp
  * Set swift_proxy_config DEFAULT/max_clients to 2048 on all proxy servers.
  * Add haproxy stats in the haproxy of swiftproxies.
  * Add the object-expirer daemon in *one* swiftproxy (because it's 1 per
    cluster).
  * Define ::nova::pci *before* ::nova::compute.
  * Set /etc/default/openvswitch-switch.
  * Now support setting-up CPU model at cluster and individual single compute
    node level.
  * Setup and use apparmor on libvirt in compute nodes (mandatory for
    live-migration to work in Buster).
  * Add oci-update-cluster-certs to update the cluster's API certs and internal
    cluster PKI automatically (and restart services).
  * Manage /etc/systemd/system/puppet.service.d/oci-ca-cert.conf with puppet.
  * Enable puppet if the 2nd run is a success.
  * Also setup neutron-metadata + haproxy server on network nodes.
  * Enable anti-affinity for Octavia's amphoraes.
  * Remove the use of spare_amphorae_pool_size, as it doesn't work with
    anti-affinity.
  * Make it possible to select, for each swift store and proxy, if they are
    storing accounts, containers, or objects.
  * Glance haproxy always verify TLS.
  * Make it possible to use an external swift as a backend for Glance and
    Cinder-backup.
  * Add a --hostname option to machine-set.
  * Package the openstack-cluster-installer-agent separately.
  * Use /usr/sbin/iptables-legacy and /usr/sbin/ip6tables-legacy if != stretch,
    runtime depends on puppet-module-voxpupuli-alternatives to do so.
  * Add more doc in README.md, especially a table of content in it.
  * Fix for iPXE not detecting the correct machine: there's now a db column to
    record the DHCP IP of machines.
  * Add missing option httpchk in the galera backend definition.
  * Make it possible to add custom parameters for machines & clusters simply by
    editing a variables.json configuration file, auto-generating the OCI REST
    API, ocicli and ocicli bash completion.
  * Add new parameters for swiftstore and swiftproxy: --server-per-port,
    --disk-chunk-size and --network-chunk-size.
  * Also setup etcd and etcd-discovery if setting-up Magnum. Now OCI runtime
    depends on puppet-module-cristifalcas-etcd.
  * Make it possible to automatically assign IPMI IP addresses of slave
    machines.
  * Add automatic BIOS upgrade throught the OCI agent when running live.

 -- Thomas Goirand <zigo@debian.org>  Fri, 20 Dec 2019 13:55:07 +0100

openstack-cluster-installer (23) unstable; urgency=medium

  [ Thomas Goirand ]
  * Install intel-microcode and smartmontools in nodes by default.
  * Add full installation and support for Magnum.
  * haproxy: correctly check SSL certificate of each service.
  * SSL certificate with -addext "subjectAltName = DNS:${SLAVE_NODE_HOSTNAME}"
    to avoid warnings.
  * Add a debmirror machine type.
  * Correctly generate the ec2 credential keys for Keystone.
  * Switch Octavia to ACTIVE_STANDBY by default.
  * Automatically format /dev/sdb as XFS over a volume group and mount it in
    /var/lib/nova/instances.
  * Automatically install megacli if requested in config file.
  * Fix CephOSD nodes when using NVME disks.
  * Allow using a Ceph cluster network and configure CephOSD nodes the correct
    way for it.
  * Always transmit an up-to-date /etc/hosts to all nodes throught the ENC.
  * Differenciate API root CA and OCI root CA.
  * Add a cluster option to use self signed certs or not.
  * Manage /etc/systemd/system/puppet.service.d/oci-ca-cert.conf with puppet.
  * Lots of fixes for OpenStack rocky.
  * Enable or disable nested virtualization on cluster or machine level.
  * Added an oci-update-cluster-certs script, so one can published updated
    certs in a whole cluster.
  * Optionnaly, a cluster can use an external swift cluster for Glance and
    Cinder backups.

  [ Ondřej Nový ]
  * Running wrap-and-sort -bast.
  * Use debhelper-compat instead of debian/compat.

 -- Thomas Goirand <zigo@debian.org>  Wed, 15 May 2019 12:25:05 +0200

openstack-cluster-installer (22) experimental; urgency=medium

  [ Thomas Goirand ]
  * Add role-add, role-create, role-delete API and ocicli.
  * Add bash-completion script for ocicli.
  * Enhance ocicli network-list, add a network-set command.
  * Allow setting-up multiple external bridges for flat networks.
  * List all bridge setup with OCI in neutron's config, allowing a virtually
    unlimited number of bridges.
  * Fix service_credentials/cafile in ceilometer.
  * Add option to perform ipmitool settings in the target image when running on
    the slave image.
  * Add option to show the calculated IPMI console command.
  * Add some sysctl customization (low swappiness, higher conntrack, etc.).
  * Provision ssh public / private keypair between nova nodes in the
    /var/lib/nova/.ssh folder, to allow (live) migration using ssh / scp.
  * Switch to a db migration system with the schema saved in PHP format.
  * Add a cluster-show command.
  * Add the setup of chrony on all machines, with customization of time server
    host for the clock source.
  * Add the nf_conntrack module by default in /etc/modules.
  * Make sure python-keystonemiddleware is installed on swift-proxy nodes.
  * Firewall swift's container, account and object servers.
  * Empty DEFAULT/external_network_bridge by default, as this prevent using
    more than one external network.
  * Libvirt configuration on compute nodes (ie: /etc/default/libvirt-guests):
    - PARALLEL_SHUTDOWN=8
    - SHUTDOWN_TIMEOUT=120
    - START_DELAY=4
  * Add qemu monitor on port 550XX for each VMs in the PoC.
  * Copy swift_fstab_dev_list.sh when provisionning.
  * Set Neutron's global_physnet_mtu and ml2's path_mtu if the VM net network
    has mtu != 0, allowing to set (for example) mtu = 9000.
  * Use wget to install openstack-backports-archive-keyring_0.1_all.deb instead
    of using apt-get update / apt-get install --allow-unauthenticated (which
    method doesn't work anymore in Buster).
  * Set haproxy's nbproc to 4 by default for swiftproxy, compute and
    controller nodes.
  * Copy the backport repository key file inside the targets instead of using
    the openstack-backports-archive-keyring package, which doesn't work anymore
    if using Buster.
  * Also install gnupg2 in the installed machines of the cluster.
  * Add support for Stein's separated placement.
  * Adapt puppet manifests so that they also work with Stein's puppet-openstack.
  * Add the feature to setup any machine with software RAID.
  * Using system serial number, and not chassis anymore.
  * Fully working Octavia support.

  [ Oliver Chaze ]
  * swift: do not log in syslog general logs
  * increase default haproxy server timeout

 -- Thomas Goirand <zigo@debian.org>  Tue, 14 May 2019 17:18:44 +0200

openstack-cluster-installer (21) unstable; urgency=medium

  * Bugfix release for Buster which includes:
    - Fixed reserve_ip_to_all_slaves_of_network() call in network_add API call.
    - Correctly check for $mgmt_net["iface2"] and not $onenet when calculating
      --static-iface.
    - Fix block device list for swiftstore (statsd hostname was breaking it,
    ordering was broken).
    - Correctly set the erlang_cookie for rabbitmq as a random value.
    - Correctly use a a real random key for heat's encryption key.
    - Correct swift pipeline order when using encryption.
    - Correctly set unix rights of drives in /srv/node.

 -- Thomas Goirand <zigo@debian.org>  Tue, 05 Mar 2019 13:46:39 +0100

openstack-cluster-installer (20) unstable; urgency=medium

  * Set allow_resize_to_same_host to True on all nova nodes.
  * Set dhcp_domain to '' in nova.conf, to avoid .novalocal or .openstacklocal
    postfixed to hostname by DHCP.
  * Set important rabbitmq production parameters (the most important one is the
    autoheal, to avoid split-brain breakage).
  * Randomize the rabbitmq host list in transport_url, to avoid having all
    services connecting always to the same host.
  * Add support for Cinder volume over Ceph.
  * Provision Ceph OSD using bluestore.
  * Fix poc-bin/oci-poc-setup-bodi-hook motd.
  * Make Ceph optional on compute nodes:
    - Add a machine-show to show machine properties.
    - Add a machine-set, to select /var/lib/nova/instances on Ceph or not.
    - Modify the ENC to transmit the use_ceph_if_available variable.
    - Modify compute manifest to use the use_ceph_if_available and possibly use
      Ceph or not for /var/lib/nova/instances.
  * Better Octavia defaults.
  * Fix dns_domain of neutron.conf to the domain name of the deployed cloud.
  * Enable optional statsd logging for swiftstores.
  * Using uwsgi instead of Apache for heat-api, heat-api-cfn, nova-api,
    barbican-api and aodh-api.

 -- Thomas Goirand <zigo@debian.org>  Wed, 20 Feb 2019 14:12:23 +0100

openstack-cluster-installer (19) unstable; urgency=medium

  * Set all services to use RabbitMQ HA queues.
  * Explicitely choose the firewall type for Neutron agents.
  * Setup ceilometer::agent::central on controller nodes.
  * Setup cloudkitty-processor on multiple controllers using coordination URL.
  * Fix Ceilometer redis connection URLs.
  * Set resume_guests_state_on_host_boot in compute's nova.conf.
  * Rewrite the Location: headers coming from nova & heat, so that microversion
    redirections (ie: 302 redirect) can work. This repair listing instances in
    Horizon.
  * Correctly binds instance VNC servers to 0.0.0.0 on compute hosts.
  * Make the NoVNC console work.
  * Add rsync of glance images from first controller to the others.
  * Add script to add machines in the ring.
  * Fix Glance-api public_endpoint URL to correct HAProxy URL.

 -- Thomas Goirand <zigo@debian.org>  Sat, 09 Feb 2019 19:12:00 +0100

openstack-cluster-installer (18) unstable; urgency=medium

  * Fix cloudkitty's keystone_fetcher and gnocchi_fetcher cafile=.
  * Fix cloudkitty's rabbitmq amqp_sasl_mechanisms and login.
  * Setup correct database/connection for Gnocchi.
  * Setup redis for Gnocchi.
  * Live image: iomem=relaxed console=tty0, install plymouth (so that systemd
    prints on all consoles).
  * Add Panko and Ceilometer services.
  * New style of networking options for openstack-debian-images.
  * Add e2fsprogs to the slaves.
  * fernet_replace_keys => false by default, and also do not attempt to isntall
    fernet key "1" on each puppet run.
  * Nova default config on compute:
    - DEFAULT/use_cow_images = False.
    - preallocate_images = 'space'.
    - remove_unused_original_minimum_age_seconds = 604800 (one week).
  * Neutron default config:
    - service_plugins: add segments.
    - network_vlan_ranges = external (so, we use br-ex for the VLANs).
  * Do not chown swift:swift /srv/node/X if X isn't mounted (which may be the
    case if there's a borken drive in a swift cluster).
  * Add firewalling of Octavia API on the VIP.
  * Install default openstack-cluster-installer.conf for Buster.

 -- Thomas Goirand <zigo@debian.org>  Thu, 24 Jan 2019 15:09:46 +0100

openstack-cluster-installer (17) unstable; urgency=medium

  * Use host CPU model for VMs in the -poc.
  * Fix starting-up VMs with 3 drives in the PoC.
  * Run gnocchi-api using uwsgi rather than Apache to avoid port bind conflict.
  * Fix neutron.conf [database]/connection to be empty on compute nodes.
  * Fix puppet scheduling of swiftproxy install.
  * Fixed machines table with default SQL values.
  * Do not use INSERT with '' as value for IDs, just omit it, so it works with
    mariadb 10.3.
  * Remove the nobarrier option from Ceph OSD fstab, as it doesn't work anymore
    in Sid/Buster.
  * Do not use roundrobin for glancebe in haproxy, but source, else it wouldn't
    work properly.
  * Add ccze to all installed computers.

 -- Thomas Goirand <zigo@debian.org>  Tue, 22 Jan 2019 10:14:26 +0100

openstack-cluster-installer (16) unstable; urgency=medium

  * Add Gnocchi, Aodh, Cloudkitty and Octavia deployment.

 -- Thomas Goirand <zigo@debian.org>  Fri, 14 Dec 2018 10:41:32 +0100

openstack-cluster-installer (15) unstable; urgency=medium

  * Add Compute, Volume and Ceph support.
  * Correctly purges /etc/openstack-cluster-installer and /var/lib/oci.
    (Closes: #915781).

 -- Thomas Goirand <zigo@debian.org>  Tue, 20 Nov 2018 15:43:03 +0100

openstack-cluster-installer (14) unstable; urgency=medium

  * Add the possibility to customize the motd of installed machines.
  * Switch Heat API URL from /orchestration to /orchestration-api to avoid any
    clash with /orchestration-cfn.
  * Fixed rabbitmq SSL setup, and made heat work.
  * Add the setup of openstack-dashboard (aka: Horizon).
  * Add the setup of Barbican.
  * Add Swift encryption using a secret key stored in Barbican.
  * Add puppet-module-puppetlabs-firewall, and firewall the public IP.

 -- Thomas Goirand <zigo@debian.org>  Tue, 30 Oct 2018 14:12:02 +0100

openstack-cluster-installer (13) unstable; urgency=medium

  * Fix path of chown in swiftstore.pp.

 -- Thomas Goirand <zigo@debian.org>  Tue, 30 Oct 2018 11:48:43 +0100

openstack-cluster-installer (12) unstable; urgency=medium

  * Use Exec in puppet to change unix right of /srv/node/* folders in all swift
    store nodes, do not do that in rc.local anymore.

 -- Thomas Goirand <zigo@debian.org>  Mon, 29 Oct 2018 16:26:22 +0100

openstack-cluster-installer (11) unstable; urgency=medium

  * Fixed $machine_ip for the listen of memcache in swiftproxy nodes, so that
    it works with puppet 5.

 -- Thomas Goirand <zigo@debian.org>  Mon, 29 Oct 2018 12:41:51 +0100

openstack-cluster-installer (10) unstable; urgency=medium

  * Do not install openstack-backports-archive-keyring when setting-up buildd
    Debian repository.
  * Overrides epmd.socket to make sure epmd binds on all interfaces.

 -- Thomas Goirand <zigo@debian.org>  Thu, 25 Oct 2018 13:40:45 +0200

openstack-cluster-installer (9) unstable; urgency=medium

  * Automatically remove space in "connection = " in config file.
  * Add option to include incoming buildd, so it's easier to test in Sid.

 -- Thomas Goirand <zigo@debian.org>  Thu, 25 Oct 2018 12:14:23 +0200

openstack-cluster-installer (8) unstable; urgency=medium

  * Fixed Source URL in debian/copyright.
  * Some more fixups for OCI to work with Sid/Buster without additional repo.

 -- Thomas Goirand <zigo@debian.org>  Thu, 25 Oct 2018 10:51:50 +0200

openstack-cluster-installer (7) unstable; urgency=medium

  * Remove qemu-kvm from depends of openstack-cluster-installer, made the -poc
    package to use only qemu, suggesting qemu-kvm. This should ease transition
    to Testing.

 -- Thomas Goirand <zigo@debian.org>  Tue, 23 Oct 2018 13:24:01 +0200

openstack-cluster-installer (6) unstable; urgency=high

  * Add authentication system.
  * Switch to rocky when using backports.
  * Add lots of middleware in the default Swift pipeline.
  * Make it possible to expose the swift proxy-server directly without using
    the controller's haproxy.
  * Add read/write affinity.
  * Lots of minor tweaks and debugs.

 -- Thomas Goirand <zigo@debian.org>  Tue, 23 Oct 2018 11:06:35 +0200

openstack-cluster-installer (5) unstable; urgency=medium

  [ Ondřej Nový ]
  * Running wrap-and-sort -bast
  * Delete /var/lib/openstack-cluster-installer-poc on purge (Closes: #905516).

  [ Thomas Goirand ]
  * Add swift deployment capability.
  * Add a CLI API client.

 -- Thomas Goirand <zigo@debian.org>  Thu, 20 Sep 2018 11:09:09 +0200

openstack-cluster-installer (4) unstable; urgency=medium

  * Add a glance cluster.

 -- Thomas Goirand <zigo@debian.org>  Fri, 17 Aug 2018 11:50:52 +0200

openstack-cluster-installer (3) unstable; urgency=medium

  [ Thomas Goirand ]
  * Setup a Keystone cluster with Haproxy and a VIP.

  [ Ondřej Nový ]
  * Running wrap-and-sort -bast
  * d/control: Use team+openstack@tracker.debian.org as maintainer

 -- Thomas Goirand <zigo@debian.org>  Wed, 15 Aug 2018 16:24:41 +0200

openstack-cluster-installer (2) unstable; urgency=medium

  * Add openstack-cluster-installer-poc and puppet packages.
  * Add full network/ip manager.
  * Add automatic slave node cert management.
  * Automatically setup a galera cluster on slave controller nodes.

 -- Thomas Goirand <zigo@debian.org>  Thu, 21 Jun 2018 11:47:31 +0200

openstack-cluster-installer (1) unstable; urgency=medium

  * Initial release.

 -- Thomas Goirand <zigo@debian.org>  Wed, 21 Mar 2018 14:17:07 +0100