CHANGES
=======

11.0.1
------

* Fix linters

11.0.0
------

* Replace deprecated UPPER\_CONSTRAINTS\_FILE variable
* Skip ansible-lint 106

9.3.0
-----

* Replace "failed" and "succeeded" filters for assertions

9.2.0
-----

* Update linting jobs
* Replace git.openstack.org URLs with opendev.org URLs
* OpenDev Migration Patch

9.1.0
-----

* Migrate README to rst
* Fix ansible-lint issues
* fix tox python3 overrides
* import zuul job settings from project-config

9.0.0
-----

* Implement skipping of networks
* Update to openstack-tox-linters job
* Add pacemaker agent removal to uninstall process

8.1.0
-----

* Add order constraint for stop operation in resource agent
* Add fallback tunnel option to resource agent
* Force ipsec resource agent overwrite

8.0.2
-----

* Change DPD action policy to restart for VIP tunnels
* Force restart of ipsec in legacy setup
* Fix pacemaker\_running boolean
* Fix Zuul v3 file name

8.0.1
-----

* Add missing [testenv:venv] in tox.ini

8.0.0
-----

* Enable IPSEC tunnels for Redis VIP
* Add flag to configure VIPs
* Dont insist on IKEv2
* Ignore errors in whack listen
* Force restart IPSEC after config tasks
* Remove keyintries=1 from node-to-node template
* Force IPSEC connection initiation between hosts
* Force flush handlers after persisting ipsec configuration
* Persist role in a path discoverable by ansible
* Update website from setup.cfg
* Only do force listen on pacemaker nodes
* Add zuul.d directory with openstack-ansible-linter jobs
* Remove unused task file
* Add gitreview file
* WORKAROUND: Use include\_tasks instead of calling role
* Listen for IPSEC connections in handler
* Remove usage of "include" in favor of include\_tasks and import\_tasks
* Make VIP tunnels use IKEv2
* Move firewall setup to main.yml
* Update PSK setup in README
* Remove trailing whitespace from README
* Small additions tot he README file
* Add ansible galaxy metadata
* Switch default title for README.md
* ansible-lint: ansible lint command should not change things if nothing needs doing
* Move uninstall tasks to its own file
* Implement PSK authentication for node-to-node tunnels
* Create flag to enable/disable creation of resource agents
* Enable resource agents for the dynamic inventory-dependent setup
* Add VIP configuration to computes as well
* Only include resource-agent tasks when pacemaker is running
* Only install resource agent if pacemaker is running
* Remove reference to loop in resource-agent.yml doc
* Move host check outside of resource-agent.yml
* Replace legacy install flag with force flag
* Add note in README about legacy setup
* Rename variable used as input in resource-agent.yml
* Clarify block that skips IPSEC configuration for certain networks
* legacy: Make installing resource agent optional
* Install IPSEC resource agent for new configurations
* Specify options used in legacy
* Check for PSK in IPSEC setup
* Add VIP tunnels to node-to-node that uses dynamic inventory
* Parse pacemaker\_running variable as bool
* Make opportunistic IPSEC optional and introduce node-to-node tunnels
* Make uninstall option to also remove policies
* Enable right side of tunnel to receive IPSEC configuration
* Generalize opportunistic-ipsec conf file
* Rename opportunistic-ipsec.yml tasks to a more general name
* Add "upgrade" option
* Document uninstall flag
* Move uninstall to the top of the main tasks
* Fix duplicate values in private-or-clear ipsec configuration
* Clean up configurations to use Opportunistic IPSEC only
* Add option to optionally install legacy tunnels
* Add no-op zuul job
* Add index to node-to-node tunnels
* Add ctlplane support
* Skip ctlplane network and fallback IPs
* Add Opportunistic IPSEC tunnels to use with dynamic inventory
* Create uninstall function
* Remove psk include variables call from the test playbook
* Add become: yes to handlers
* Optionally skip firewall rules
* update .gitignore with python-related files
* ansible-lint: use command instead of shell
* ansible-lint: Explicitly skip ANSIBLE0016
* ansible-lint: Use shell only when shell functionality is required
* ansible-lint: All tasks should be named
* Use systemd ansible module instead of shell
* ansible-lint: Use shell only when shell functionality is required
* ansible-lint: Package installs should not use latest
* ansible-lint: All tasks should be named
* ansible-lint: Commands should not change things if nothing needs doing
* ansible-lint: Remove trailing whitespaces
* Add basic tox.ini
* Add python packaging files (setup.py and setup.cfg)
* Fix formatting for command to generate the ipsec\_psk
* Remove ipsec\_conf\_file docs
* Add docs about ipsec\_psk
* Remove outdated "Dependencies" section from README
* Change resource agent to match upstream
* Separate network gathering bits to another file
* Verify that PSK has been provided
* Remove travis CI configuration file
* Move role to repo's root directory
* Move README to main role's README
* Move sample playbook to tests directory
* Remove documentation instances of overcloud\_internal\_api\_fqdn
* Add failureshunt=drop to the configurations
* Enable tunnels for ctlplane VIP
* Add note about adding the undercloud to the inventory
* Add storagemgmt network
* Add network name to the ipsec conf tasks output
* Make resource agent creation generic
* Change format of networks dict to a list
* Fix hardcoded references to internalapi in node-to-node configurations
* Add tunnels for storage network
* Specify network for current IP and controller facts
* Make ipsec configuration for VIPs generic
* Move ipsec configuration to it's own template
* Remove unused fact for other\_ips
* Remove unnused configuration and secrets files
* Start roadwarrior tunnels automatically
* Separate VIP and node-to-node configuration and secrets
* Improve resource agent names output
* Add resource agent for Redis
* Make resource agent creation generic
* Add tunnels for redis VIP
* Explicitly use hiera configuration file in hiera call
* Add controller identifier parameter
* Add "internalapi" to the ipsec connection names
* Correctly detect errors in resource agent and enable symmetrical creation/deletion
* Add documentation about ansible inventory for TripleO
* Wrap lines in role's README file
* Document ipsec algorithm and shorten name
* Don't rely on /etc/hosts to get the internal API VIP
* Make algorithm and key size configurable
* Remove service restart bits
* Reduce dpdtimeout to 15
* Add dead peer detection timer settings
* Add resource agent to tell the VIP tunnel to listen
* Fix ESP/AH iptables settings
* Update reference to the iptables restore
* Restore iptables rules, don't restart it
* Restart heat as part of the playbook
* Move cinder to be the last service restarted
* Uncomment service restarts
* Add uniqueids=no to the ipsec configuration
* Remove debug task
* Add roadwarrior-like configuration for VIP tunnel
* Fix controllers' host-to-host configuration
* Uncomment restarting of services
* Add iptables rules to the top of the chain
* Persist iptables rules
* Use index for controller-to-compute tunnels on compute side
* Remove unnecessary whitespaces from command outputs and configurations
* Add controller-to-controller tunnels
* Add firewall rules before flushing handlers
* Move setup to its own file
* Clean whitespaces and clarify outputs with comments
* Controllers should use auto=add in the configuration
* Add road-warrior-like configuration
* configure always tunnels to VIP
* Restart services after ipsec configuration has been set
* Allow Authentication Header traffic in iptable rules
* Add tunnels for overcloud internal API VIP
* Make overcloud internal API VIP configurable
* Move all setup to one role
* Initial commit
* Initial commit for roles and playbook
