[release-announce] [tripleo] tripleo-heat-templates 6.1.0 (ocata)

no-reply at openstack.org no-reply at openstack.org
Fri Apr 28 01:10:02 UTC 2017


We are happy to announce the release of:

tripleo-heat-templates 6.1.0: Heat templates for deploying OpenStack
with OpenStack.

This release is part of the ocata stable release series.

The source is available from:

    http://git.openstack.org/cgit/openstack/tripleo-heat-templates

Download the package from:

    https://tarballs.openstack.org/tripleo-heat-templates/

Please report issues through launchpad:

    http://bugs.launchpad.net/tripleo

For more details, please see below.

6.1.0
^^^^^


New Features
************

* Add capabilities to configure LDAP backends as for keystone
  domains. This can be done by using the KeystoneLDAPDomainEnable and
  KeystoneLDAPBackendConfigs parameters.

* Add support for cold migration over ssh.

  This enables nova cold migration.

  This also switches to SSH as the default transport for live-
  migration. The tripleo-common mistral action that generates
  passwords supplies the MigrationSshKey parameter that enables this.

* SSH host key exchange. The ssh host keys are collected from each
  host, combined, and written to /etc/ssh/ssh_known_hosts.

* Added ability to manage MOTD Banner Enabled SSHD composible
  service by default. Puppet-ssh manages the sshd config.


Known Issues
************

* During the ovs upgrade for 2.5 to 2.6 we need to workaround the
  classic yum update command by handling the upgrade of the package
  separately to not loose the IPs and the connectivity on the nodes.
  The workaround is discussed here
  https://bugs.launchpad.net/tripleo/+bug/1669714


Upgrade Notes
*************

* The upgrade from openvswitch 2.5 to 2.6 is handled gracefully and
  there should be no user impact in particular no restart of the
  openvswitch service. For more information please see the related bug
  above which also links the relevant code reviews. The workaround
  (transparent to the user/doesn't require any input) is to download
  the OVS package and install with --nopostun and --notriggerun
  options provided by the rpm binary.

* The default network for the ctlplane changed from 192.0.2.0/24 to
  192.168.24.0/24. All references to the ctlplane network in the
  templates have been updated to reflect this change. When upgrading
  from a previous release, if the default network was used for the
  ctlplane (192.0.2.0/24), then it is necessary to provide as input,
  via environment file, the correct setting for all the parameters
  that previously defaulted to 192.0.2.x and now default to
  192.168.24.x; there is an environment file which could be used on
  upgrade *environments/updates/update-from-192_0_2-subnet.yaml* to
  cover a simple scenario but it won't be enough for scenarios using
  an external load balancer, Contrail or Cisto N1KV. Follows a list of
  params to be provided on upgrade. From contrail-net.yaml:
  EC2MetadataIp, ControlPlaneDefaultRoute From external-loadbalancer-
  vip-v6.yaml: ControlFixedIPs From external-loadbalancer-vip.yaml:
  ControlFixedIPs From network-environment.yaml: EC2MetadataIp,
  ControlPlaneDefaultRoute From neutron-ml2-cisco-n1kv.yaml:
  N1000vVSMIP, N1000vMgmtGatewayIP From contrail-vrouter.yaml:
  ContrailVrouterGateway


Deprecation Notes
*****************

* The TCP transport is no longer used for live-migration and the
  firewall port has been closed.


Security Issues
***************

* Secure EtcdInitialClusterToken by removing the default value and
  make the parameter hidden. Fixes bug 1673266.


Bug Fixes
*********

* NeutronDhcpAgents had a default value of 3 that, even though
  unused in practice was a bad default value. Changing the default
  value to a sentinel value and making the hiera conditional allows
  deploy-time logic in puppet to provide a default value based on the
  number of dhcp agents being deployed.

* Updated bigswitch environment file to include the bigswitch agent
  installation and correct support for the restproxy configuration.

* The initial firewall will now be purged by the deployed-server
  bootstrap scripts. This is needed to prevent possible issues with
  bootstrapping the initial Pacemaker cluster. See
  https://bugs.launchpad.net/tripleo/+bug/1679234

* Fixes an issue when using the CinderNfsServers parameter_defaults
  setting.  It now works using a single share as well as a comma-
  separated list of shares.

* Fixes firewall rules from neutron OVS agent not being inherited
  correctly and applied in neutron OVS DPDK template.

* Fixes OpenDaylightProviderMappings parsing on a comma delimited
  list.

* openstack-selinux is now installed by the deployed-server
  bootstrap scripts. Previously, it was not installed, so if SELinux
  was set to enforcing, all OpenStack policy was missing.

* Since panko is enabled by default, include it the default
  dispatcher for ceilometer events.

* Add knobs to limit memory comsumed by mongodb with systemd

* We need ceilometer user in cases where ceilometer API is disabled.
  This is to ensure other ceilometer services can still authenticate
  with keystone.

* The "pci_passthrough" hiera value should be passed as a string
  (bug 1675036).

* The token flush cron job has been modified to run hourly instead
  of once a day. This is because this was causing issues with larger
  deployments, as the operation would take too long and sometimes even
  fail because of the transaction being so large. Note that this only
  affects people using the UUID token provider.

Changes in tripleo-heat-templates 6.0.0..6.1.0
----------------------------------------------

b67f77e Prepare 6.1.0 (ocata)
2e25d11 Cinder-api upgrade: use httpd instead of apachectl
8b15fc9 Increase documentation about parameters
1b87b2e Deploy ceilometer_auth_enabled to node containing keystone
ff53f7d Remove no longer used environment files - older upgrade workflows
876105e sensu: fix upgrade case when service is added
cbf997e SSHD Service extensions
1eeedbc Add migration SSH tunneling support
68d7196 SSH known_hosts config
225cff3 N->O Manual puppet commands have the right modulepath.
6f75d76 N->O upgrade, fix wrong parameters to nova placement.
c1fc74c Run token flush cron job hourly by default
5eb39b4 Use comma_delimited_list for token flush cron time settings
a2cf2d4 Touch /etc/httpd/conf.d/ssl.conf
f6a83fe Fix bogus parameters in get_param
c25a963 Add params to tweak memory limit on mongodb
485715c Update Dell EMC Cinder back end services
037d09a yum_update.sh - Use the yum parameter: check-update
d10aacc Add composable role support for NetApp Cinder back end
d381054 Replace references to the 192.0.2 network
16de97f Update ceph-rgw acccepted roles to fix OSP upgrade
96d3e64 Decouple Swift ringbuilding logic
4db1c9f Add trigger to setup a LDAP backend as keystone domaine
d3f47eb Add manual ovs upgrade script for workaround ovs upgrade issue
7d86750 Enforce upgrade_batch_tasks before upgrade_tasks order
11389e5 Ensure upgrade step orchestration accross roles.
40b4878 Add environment for deployed-server with pacemaker
77aa9a7 Generate Pre/Post Puppet Tasks for all roles
2047cbb Updated from global requirements
33e63c2 Purge initial firewall for deployed-server's
b885502 Set auth flag so ceilometer auth is enabled
cb567de FQDN validation
043adb9 Fixes port binding controller for OpenDaylight
287a850 Add missing ec2api::api::keystone_ec2_tokens_url config
a1599f5 Setting keystone region for tacker
f8d2292 Include panko in the default dispatcher
2e7c850 Add special case upgrade from openvswitch 2.5.0-14
985c5ec Don't check haproxy if external load-balancer is used.
f9d2ce1 Re-Add bigswitch agent support
d99a067 [N->O] Fix wrong database connection for cell0 during upgrade.
9b95554 Stop openstack-nova-compute during nova-ironic upgrade
129734a Run cluster check on nodes configured in wsrep_cluster_address.
8a4c6cb Modify pci_passthrough hiera value as string
df26adf Remove 'Controller' role references from overcloud.j2.yaml
c71229f Only set EnableConfigPurge on major upgrades
c26c325 [N->O] is creating 2 default cell_v2 cells
c41f483 Nic config mappings for deployed-server
e7e8161 Sort ResourceGroup resource list
9a8d654 Setting keystone region for congress
440901b N->O upgrade, blanks ipv6 rules before activating it.
c077b20 N->O Upgrade, make sure all nova placement parameter properly set.
8b7a995 Fix usage of CinderNfsServers
ac98fcf Install openstack-selinux for deployed-server
e6fbc8e Fixes missing firewall rules for neutron_ovs_dpdk_agent service
6b33a77 Enables increasing mariadb open files for noha deployments
a17f6c6 Fixes OpenDaylightProviderMappings hiera parsing
8f728b3 etcd: secure EtcdInitialClusterToken parameter
803da62 Deploy versionless keystone endpoints (for keystone only)
5d86af8 Add bindep support
5cd57aa Don't try to run os-net-config from yum_update.sh
2d47d9b Explicitly configure credentials used by ironic to access other services
1652f1b Fixes multiple issues with retry function in rhel-registration.
d385fc3 Pick dynamically the first node for stack validation
557b021 Make sure PrePuppet runs before any Deployment_Step
f4c4a0f Cleanup no longer used upgrade files
bc8dcd1 Upgrades: wait for galera to be settled
126e207 Align hyperconverged-ceph.yaml environment and adds some validation
9649095 Adds upgrade tasks for OpenDaylight services
f0e03ba Remove ha-by-default release note in Ocata
3134784 Use the new hiera hook in all remaining templates
9c91720 Make neutron dhcp agents per network conditional
59e5f95 Remove the openvswitch special case upgrade code
476d15b Disable exit on error for pacemaker commands for update flow
d76ef52 Use --disable= in subscription-manager to avoid shell expansion.
4cb1923 Add OpenDaylightConnectionProtocol parameter to opendaylight-api service


Diffstat (except docs and test files)
-------------------------------------

all-nodes-validation.yaml                          |   6 +
bindep.txt                                         |   2 +
ci/environments/multinode-3nodes.yaml              |   2 +
ci/environments/multinode.yaml                     |   1 +
ci/environments/multinode_major_upgrade.yaml       |   1 +
ci/environments/scenario002-multinode.yaml         |   1 +
ci/environments/scenario003-multinode.yaml         |   1 +
ci/environments/scenario004-multinode.yaml         |   1 +
deployed-server/README.rst                         |   4 +-
.../deployed-server-bootstrap-centos.sh            |   6 +-
deployed-server/deployed-server-bootstrap-rhel.sh  |   6 +-
deployed-server/scripts/get-occ-config.sh          |   2 +-
environments/cinder-netapp-config.yaml             |   2 +-
environments/collectd-environment.yaml             |  32 +++-
environments/contrail/contrail-net.yaml            |   4 +-
environments/deployed-server-environment.j2.yaml   |  11 ++
environments/deployed-server-environment.yaml      |   4 -
.../deployed-server-pacemaker-environment.yaml     |   4 +
environments/external-loadbalancer-vip-v6.yaml     |   2 +-
environments/external-loadbalancer-vip.yaml        |   2 +-
environments/logging-environment.yaml              |   2 +-
environments/major-upgrade-aodh-migration.yaml     |   6 -
...ajor-upgrade-ceilometer-wsgi-mitaka-newton.yaml |   7 -
environments/major-upgrade-composable-steps.yaml   |   1 +
environments/major-upgrade-converge.yaml           |   1 +
environments/major-upgrade-pacemaker-converge.yaml |   6 -
environments/major-upgrade-pacemaker-init.yaml     |   6 -
environments/major-upgrade-pacemaker.yaml          |   6 -
environments/major-upgrade-remove-sahara.yaml      |   6 -
environments/network-environment.yaml              |   4 +-
environments/neutron-ml2-bigswitch.yaml            |  13 +-
environments/neutron-ml2-cisco-n1kv.yaml           |   4 +-
environments/neutron-opendaylight.yaml             |   1 +
environments/services/disable-ceilometer-api.yaml  |   3 +
.../keystone_domain_specific_ldap_backend.yaml     |  18 ++
environments/sshd-banner.yaml                      |   6 +-
.../updates/update-from-192_0_2-subnet.yaml        |   3 +
.../rhel-registration/scripts/rhel-registration    |  50 ++++--
extraconfig/tasks/aodh_data_migration.sh           |  19 --
...ajor_upgrade_ceilometer_wsgi_mitaka_newton.yaml |  62 -------
extraconfig/tasks/major_upgrade_check.sh           | 109 -----------
.../tasks/major_upgrade_controller_pacemaker_1.sh  |  36 ----
.../tasks/major_upgrade_controller_pacemaker_2.sh  | 176 ------------------
.../tasks/major_upgrade_controller_pacemaker_3.sh  |  68 -------
.../tasks/major_upgrade_controller_pacemaker_4.sh  |  17 --
.../tasks/major_upgrade_controller_pacemaker_5.sh  |   8 -
.../tasks/major_upgrade_controller_pacemaker_6.sh  |  15 --
extraconfig/tasks/major_upgrade_pacemaker.yaml     | 175 ------------------
.../tasks/major_upgrade_pacemaker_migrations.sh    | 200 ---------------------
.../mitaka_to_newton_aodh_data_migration.yaml      |  25 ---
.../mitaka_to_newton_ceilometer_wsgi_upgrade.pp    | 103 -----------
extraconfig/tasks/pacemaker_common_functions.sh    |   9 +-
extraconfig/tasks/run_puppet.sh                    |   5 +-
extraconfig/tasks/ssh/host_public_key.yaml         |  42 +++++
extraconfig/tasks/ssh/known_hosts_config.yaml      |  36 ++++
extraconfig/tasks/swift-ring-deploy.yaml           |  31 ----
extraconfig/tasks/swift-ring-update.yaml           |  42 -----
extraconfig/tasks/tripleo_upgrade_node.sh          |  14 +-
extraconfig/tasks/yum_update.sh                    |  58 +++---
net-config-linux-bridge.yaml                       |   2 +-
overcloud-resource-registry-puppet.j2.yaml         |  17 +-
overcloud.j2.yaml                                  |  41 ++++-
puppet/blockstorage-role.yaml                      |  37 ++++
puppet/cephstorage-role.yaml                       |  37 ++++
puppet/compute-role.yaml                           |  39 +++-
puppet/controller-role.yaml                        |  38 +++-
.../all_nodes/neutron-midonet-all-nodes.yaml       |  65 ++++---
.../all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml    |  47 +++--
.../pre_deploy/compute/neutron-ml2-bigswitch.yaml  |  22 ++-
.../extraconfig/pre_deploy/compute/nova-nuage.yaml |  29 ++-
.../pre_deploy/controller/cinder-netapp.yaml       | 158 ----------------
.../controller/neutron-ml2-bigswitch.yaml          |  35 ++--
.../controller/neutron-ml2-cisco-n1kv.yaml         |  85 +++++----
puppet/major_upgrade_steps.j2.yaml                 |  57 +++---
puppet/objectstorage-role.yaml                     |  37 ++++
puppet/puppet-steps.j2                             |  40 ++---
puppet/role.role.j2.yaml                           |  37 ++++
puppet/services/ceilometer-base.yaml               |   9 +-
puppet/services/ceph-rgw.yaml                      |   2 +-
puppet/services/cinder-api.yaml                    |   2 +-
puppet/services/cinder-backend-netapp.yaml         | 129 +++++++++++++
puppet/services/cinder-backend-scaleio.yaml        |   2 +-
puppet/services/cinder-volume.yaml                 |   6 +-
puppet/services/congress.yaml                      |   1 +
puppet/services/database/mongodb.yaml              |   5 +
puppet/services/database/mysql.yaml                |   6 +
puppet/services/ec2-api.yaml                       |   5 +
puppet/services/etcd.yaml                          |   2 +-
puppet/services/ironic-conductor.yaml              |  43 ++++-
puppet/services/keystone.yaml                      |  40 ++++-
puppet/services/metrics/collectd.yaml              |   4 +-
puppet/services/monitoring/sensu-client.yaml       |   2 +-
puppet/services/network/contrail-vrouter.yaml      |   2 +-
puppet/services/neutron-base.yaml                  |  45 +++--
puppet/services/neutron-bigswitch-agent.yaml       |  31 ++++
puppet/services/neutron-ovs-agent.yaml             |  35 ++--
puppet/services/neutron-ovs-dpdk-agent.yaml        |  10 +-
puppet/services/neutron-plugin-ml2-odl.yaml        |  45 +++++
puppet/services/nova-api.yaml                      |  12 +-
puppet/services/nova-base.yaml                     |  16 +-
puppet/services/nova-compute.yaml                  |  16 +-
puppet/services/nova-ironic.yaml                   |   4 +
puppet/services/nova-libvirt.yaml                  |   1 -
puppet/services/octavia-base.yaml                  |   6 +-
puppet/services/opendaylight-api.yaml              |  28 +++
puppet/services/opendaylight-ovs.yaml              |  30 +++-
puppet/services/openvswitch-upgrade.yaml           |  50 ++++++
puppet/services/pacemaker.yaml                     |  18 +-
puppet/services/sshd.yaml                          |  31 +++-
puppet/services/swift-ringbuilder.yaml             |  10 ++
puppet/services/tacker.yaml                        |   1 +
puppet/services/tripleo-firewall.yaml              |   6 +
.../notes/add-ldap-backend-0bda702fb0aa24bf.yaml   |   5 +
...s-per-network-calculation-536c70391497256d.yaml |   8 +
.../notes/big-switch-agent-4c743a2112251234.yaml   |   5 +
...yed-server-firewall-purge-9d9fe73faf925056.yaml |   6 +
releasenotes/notes/etcdtoken-4c46bdfac940acda.yaml |   6 +
...ix-cinder-nfs-share-usage-0968f88eff7ffb99.yaml |   6 +
...fix-neutron-dpdk-firewall-436aee39a0d7ed65.yaml |   5 +
...dl-provider-mapping-hiera-5b3472184be490e2.yaml |   4 +
.../notes/ha-by-default-55326e699ee8602c.yaml      |   5 -
...install-openstack-selinux-d14b2e26feb6d04e.yaml |   6 +
.../notes/make-panko-default-8d0e824fc91cef56.yaml |   4 +
.../notes/migration_over_ssh-003e2a92f5f5374d.yaml |  14 ++
...sable-upgrades-workaround-73f4e56127c910b4.yaml |  12 ++
...eferences-to-old-ctlplane-0df7f2ae8910559c.yaml |  20 +++
.../restrict-mongodb-memory-de7bf6754d7234d9.yaml  |   3 +
.../set-ceilometer-auth-flag-382f68ddb2cbcb6b.yaml |   5 +
.../sriov-pci-passthrough-8f28719b889bdaf7.yaml    |   4 +
.../notes/ssh_known_hosts-287563590632d1aa.yaml    |   4 +
.../sshd-service-extensions-0c4d0879942a2052.yaml  |   5 +
.../token-flush-twice-a-day-d4b00a2953a6b383.yaml  |   7 +
releasenotes/source/conf.py                        |   4 +-
requirements.txt                                   |   2 +-
roles_data.yaml                                    |   4 +
tools/yaml-validate.py                             |  18 ++
validation-scripts/all-nodes.sh                    |  18 ++
137 files changed, 1490 insertions(+), 1655 deletions(-)


Requirements updates
--------------------

diff --git a/requirements.txt b/requirements.txt
index 057aa28..cb3f96e 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -4 +4 @@
-pbr>=1.8 # Apache-2.0
+pbr<2.0.0,>=1.8 # Apache-2.0





More information about the Release-announce mailing list