[release-announce] [tripleo] puppet-tripleo 6.2.0 (ocata)
no-reply at openstack.org
no-reply at openstack.org
Thu Feb 16 13:03:42 UTC 2017
We are gleeful to announce the release of:
puppet-tripleo 6.2.0: Puppet module for OpenStack TripleO
This release is part of the ocata stable release series.
Download the package from:
https://tarballs.openstack.org/puppet-tripleo/
For more details, please see below.
6.2.0
^^^^^
Release notes are generated by Reno.
New Features
************
* Add networking-fujitsu support to Neutron ML2 profile.
* Split OVN plugin and northd configuration.
* Introduce tripleo::tls_proxy used to set up a TLS proxy using
mod_proxy that redirects towards localhost.
* HPELeftHandISCSIDriver support for Cinder Volume profile.
* Add support for CollectD profile, for performance monitoring.
* Configure Nova Cells v2 database, required in Ocata.
* Configure the basic setup for Nova Cells v2.
* Support for opendalight_v2 mechanism_driver in Neutron ML2
profile.
* Support for Ceph MDS service profile.
* Add IPv6 support to Firewall rules. It will create both IPv4 &
IPv6 rules at the same time. It automatically converts icmp rules to
ipv6-icmp. When a source or destination is specified, it will only
create rules to the right version of IP that is needed.
* Add support for not using admin_token in Ceph/RGW profile.
* Add Docker Registry profile.
* Add Nova Placement API profile.
* Add NTP profile.
* Add etcd profile, used by networking-vpp ML2 plugin.
* Add profiles for Octavia services.
* Enable object-expirer on Swift proxy profile.
* Set memcache_servers in /etc/swift/object-expirer.conf.
* Add support for fence_ironic fencing agent.
* Add a noop_resource function, which allow to disable any resource
type in a catalog, with --tags option to puppet apply.
* Add Ceph RBD mirrog Pacemaker profile.
* Remove Glance Registry profile, not used anymore. Glance API v1 is
not available anymore.
* Add Nova EC2API profile.
* Add support for Pacemaker Remote with a new profile.
* Updates Pacemaker profiles for Composable HA architecture.
* Add Tacker profile.
* Add Congress profile.
* Add a default rule for dhcpv6 traffic.
* Re-organizes Contrail services to the correct roles.
* Set innodb_file_per_table to ON for MySQL / Galera
* Switch Nova / Libvirt VNC server binding to use the IP address
provided in Hiera instead of 0.0.0.0.
* Proxy API endpoints that TripleO UI uses.
* Rebranding of Eqlx to Dell EMC PS Series.
* Add support for ScaleIO backend in Cinder Volume profile.
* Add support to changing the Rabbitmq password on stack-update.
* Add profiles for the Octavia LBaaS service.
* Added hpelefthand_iscsi backend support for cinder
* Enable innodb_file_per_table for MySQL/MariaDB databases
* Configure the basic cells setup for Nova, now required in Ocata.
* Added ability to proxy API service endpoints through Apache
mod_rewrite rules by creating ProxyPass and ProxyPassReverse
directives for each API service
* Adds the ability to manage auditd.service and enter audit.rules
* Add support for configuring Ceph RGW to use keystone V3 service
authentication instead of admin token authentication
* Added manifest and template to enable configuration of sshd_config
* Release notes are no longer maintained by hand, we now use the
reno tool to manage them.
* Configure VNC server to be binded on internal network interface on
compute nodes. This value comes from tripleo-heat-templates and is
configured by default to use an IP address from the internal API
network. We use the ServiceNetMap in tripleo-heat-templates to
compute the IP address, and we won't configure 0.0.0.0 anymore as it
used to open the binding to any network, which is unsecure.
Known Issues
************
* Invoke rabbitmq_user resource explicity to apply password change
during update, if any.
Upgrade Notes
*************
* Newly created MySQL database tables will be stored in their own
datafiles, instead of in a single monolithic ibdata file.
* Existing MySQL database tables that are persisted within the
monolithic ibdata file will remain so unless the database is
migrated as well.
* Migration of all current database tables out of the monolithic
ibdata file is possible by dumping and restoring the whole database
to a new data directory, however when using Galera the entire
cluster must be shut down and upgraded at once.
* Migration of individual tables to datafiles is possible using the
MySQL command "ALTER TABLE <databasename>.<tablename>
ENGINE=InnoDB;", however this will not shrink the ibdata file and
also is not safe to run on a running Galera cluster for large
tables.
* Removed the following URL configuration variables from
tripleo::ui:
* keystone_url
* heat_url
* ironic_url
* mistral_url
* swift_url
* zaqar_websocket_url
Deprecation Notes
*****************
* Remove tripleo::vip_hosts class, no longer used.
Security Issues
***************
* CVE-2016-9599 Enforce Firewall TCP / UDP rules management, by
sanitizing dynamic HAproxy endpoints firewall rules, securing
firewall rules creations (disallow TCP/UDP rules without sport or
dport), but allow to open all traffic for TCP/UDP when actually
desired.
Bug Fixes
*********
* Fixes bug 1648736 so swift-proxy is decoupled from ceilometer
packages.
* Fixes bug 1652107 so we ensure package updates don't happen
unexpectedly.
* Fixes bug 1645898 so we ensure to bind the rabbit inter-cluster to
a specific interface.
Other Notes
***********
* Introduce more Puppet rspec tests that improve testing quality.
Changes in puppet-tripleo 6.1.0..6.2.0
--------------------------------------
aafff78 Add missing release notes for Ocata RC1
d545621 tuning: manage keystone resources only at step3
0a44474 Make quotes consistent to match the sample config
9b12ee0 nova: move placement credentials config at step 3
b541bf5 Uncomment internal TLS options for placement API
8765270 nova/api: more cleanup
bb63f51 Run nova-cell_v2-discover_hosts at step 5
f1065f3 Add module to support ScaleIO backend in Cinder
6e074bf Rebranding of Eqlx to Dell EMC PS Series
3b00ffc start nova-compute when keystone resources are created
f7087b8 nova: disable API in WSGI by default
40f12b4 Disable midonet unit tests
6556123 nova/libvirt: switch vnc server binding
22c5d34 Stop deploying Nova API in WSGI with Apache
27b2598 Add ::ironic::config to Ironic base profile
9a69201 Proxy API endpoints that UI uses
a0983a4 Revert "Revert "set innodb_file_per_table to ON for MySQL / Galera""
76931e5 Add support to changing the Rabbitmq password on update
3f7e74a Revert "set innodb_file_per_table to ON for MySQL / Galera"
da0e9fd Prepare 6.2.0 release
621ea89 set innodb_file_per_table to ON for MySQL / Galera
d3190a1 Fix style nits in contrail manifests
daaa7ce Use transport_url for swift-proxy instead of rabbitmq params
349d05d Fix test failure caused by change to puppet-octavia
5ef4a34 Fix MySQL service name parameter
e089cc6 Clean TLS proxy-related setup for neutron-server profile
8bb1029 nova: deploy basic setup for cells
9c9667e Re-organizes Contrail services to the correct roles
eb14c2a Add AuditD Profile
d5d4cc1 Add a default rule for dhcpv6 traffic
62bb10b horizon: be more flexible in hiera neutron
bd98b12 Support composable HA for the Ceph rbdmirror daemon
033e1f3 Use TLS proxy for neutron server's internal TLS
a63ee9c Adding congress service
8077d84 Use transport_url for rabbitmq connection parameters in heat
2d40150 Rename controller_admin_vip to controller_admin_host
6b8349b Add initial profiles for rest of Octavia services
f9efeb1 Composable HA
c6f0856 Adding tacker service
13fb869 Remove double include of neutron::server class
467c939 Ensure basic Ceph configuration is performed by RBD mirror
51ed535 [keepalived] fix netmask for vip
3849c6a Fix wrong hiera key in ceph_rbdmirror
20b2a54 Clean TLS proxy-related setup for glance api profile
25b327c pacemaker remote profile support
5318a83 Use TLS proxy for Glance API's internal TLS
014375f Remove last bits of Glance Registry
e2a4dee Delete the unnecessary word in numvfs_persistence.pp
a3de7c0 Add a noop_resource function
0b32f60 Implement Nova ec2api profile
2f038b3 Make sure we bind the rabbit inter-cluster to a specific interface
a16642b Fix typo in endpoint.pp
93195f6 cinder: move glance params into common
0ea2d52 Move nova::placement to common nova manifest
193e45b Add base profile for Octavia services
bed1c23 Implement NTP profile
be7886a Add retries to the ::pacemaker::stonith property
ade8845 Adds etcd
53ee464 Use network entries for nova placement
cdd7341 Add Ceph RBD mirror Pacemaker profile
cdeefea Remove legacy flag and use composable interface
e56f9e3 updates to collectd support
bf68fa9 Do not depend on bootstrap_nodeid for any pacemaker profile
da678b7 add cache to object-expirer pipeline
0e7a38a nova: disable ::nova::db::sync_cell_v2
a9cd9e6 Include ::heat at step 3
2dcc387 Set ceph key when using manila ceph backend
e93527b Add support for fence_ironic fencing agent.
858b220 Implement Nova Placement API profile
079468f Rspec tests for nova profiles
7af9ff3 Move nova cells db sync into nova-api profile
bbf13fe Add support for not using admin_token in Ceph/RGW
77cd102 Use THT to define cell0 creation
a21f1a1 Add Docker Registry profile
8eb99b8 Add haproxy firewall rules for galera and redis
54a067a Ensure panko::db class is initialized
03158e5 Fix puppet warning for empty value
8c99073 firewall: add IPv6 support
a59aa24 glance/api: cleanup on dbsync
f61277e nova-api: switch to new wsgi class
9c187f5 Adds a profile for the Ceph MDS service
0f002c6 Fixes missing haproxy firewall rules for OpenDaylight
b09f7a6 Sync the db as part of the glance-api install
545cfa2 Avoid Yum/RPM prefetch in norpm provider
5f23a71 Don't include api/scheduler manifests on manila share service set up
c412f50 Add the ml2_odl section when using opendalight_v2
fec12df nova: use transport_url for rabbitmq
b6f7956 Add cell_v2 setup for nova
70c9dca [CVE-2016-9599] Enforce Firewall TCP / UDP rules management
3d8dfa1 Ensure package updates don't happen unexpectedly
6f1aa13 Add fossw of networking-fujitsu support to puppet-tripleo
5a1764a Adds ability to populate SSH Banner text
1adc49a Decouples neutron services from OpenDaylight API service
199d9b7 Add missing Swift base class
d4453c9 Add TLS proxy resource
a6b6c05 Include nova::compute::libvirt::qemu from the libvirt profile
959101f add support for collectd
22c7835 Add networking-fujitsu support to puppet-tripleo
93dc107 Decouple swift-proxy from ceilometer packages
bb317aa Disable legacy ceilometer api by default
cf63869 Remove unused variable in certmonger/mysql manifest
3d74ad8 HPELeftHandISCSIDriver support for cinder
5054f12 Do not use hardcoded controller_node_names when setting up the cluster
676e1d4 Add tripleo::ui rspec tests
fb0436e Add basic structure for ReNo
659cdf1 Include swift::storage::loopbacks class
f223d4a Set memcache_servers in /etc/swift/object-expirer.conf
3abbad6 Enable object-expirer on Swift proxy profile
1cd8eaf Drop vip_hosts
4458ce0 Split ovn plugin and northd configuration
9a79bda Call VF configuration from udev rules
d5574f8 Fix puppet version for requirements in metadata
3cb18bb Fix a typo in haproxy.pp
Diffstat (except docs and test files)
-------------------------------------
.gitignore | 3 +
Puppetfile_extras | 7 +-
Rakefile | 6 +
lib/puppet/parser/functions/ip_to_erl_format.rb | 31 ++
lib/puppet/parser/functions/noop_resource.rb | 53 +++
lib/puppet/provider/package/norpm.rb | 8 +
manifests/certmonger/mysql.pp | 16 +-
manifests/fencing.pp | 3 +
manifests/firewall/pre.pp | 6 +
manifests/firewall/rule.pp | 51 ++-
manifests/haproxy.pp | 367 ++++++++++++++++---
manifests/haproxy/endpoint.pp | 33 +-
manifests/host/sriov.pp | 3 +-
manifests/host/sriov/numvfs_persistence.pp | 25 +-
manifests/keepalived.pp | 28 +-
manifests/network/contrail/analytics.pp | 331 ++++++++++++-----
manifests/network/contrail/analyticsdatabase.pp | 202 +++++++++++
manifests/network/contrail/config.pp | 397 ++++++++++++++++-----
manifests/network/contrail/control.pp | 197 ++++++----
manifests/network/contrail/database.pp | 149 +++++++-
manifests/network/contrail/heat.pp | 80 +++++
manifests/network/contrail/neutron_plugin.pp | 203 +++++++++++
manifests/network/contrail/provision.pp | 92 +++++
manifests/network/contrail/vrouter.pp | 302 ++++++++++++++++
manifests/network/contrail/webui.pp | 104 ++++--
manifests/pacemaker/haproxy_with_vip.pp | 52 ++-
manifests/packages.pp | 4 +-
manifests/profile/base/auditd.pp | 30 ++
manifests/profile/base/ceph/mds.pp | 35 ++
manifests/profile/base/ceph/rgw.pp | 37 +-
manifests/profile/base/cinder.pp | 1 +
manifests/profile/base/cinder/api.pp | 1 -
manifests/profile/base/cinder/volume.pp | 56 ++-
manifests/profile/base/cinder/volume/dellps.pp | 50 +++
manifests/profile/base/cinder/volume/eqlx.pp | 50 ---
.../profile/base/cinder/volume/hpelefthand.pp | 71 ++++
manifests/profile/base/cinder/volume/scaleio.pp | 56 +++
manifests/profile/base/congress.pp | 86 +++++
manifests/profile/base/database/mysql.pp | 28 +-
manifests/profile/base/docker_registry.pp | 74 ++++
manifests/profile/base/etcd.pp | 66 ++++
manifests/profile/base/glance/api.pp | 105 +++++-
manifests/profile/base/glance/registry.pp | 56 ---
manifests/profile/base/gnocchi/metricd.pp | 2 -
manifests/profile/base/gnocchi/statsd.pp | 2 -
manifests/profile/base/heat.pp | 57 ++-
manifests/profile/base/horizon.pp | 2 +-
manifests/profile/base/ironic.pp | 1 +
manifests/profile/base/keystone.pp | 33 +-
manifests/profile/base/metrics/collectd.pp | 103 ++++++
.../base/metrics/collectd/collectd_plugin.pp | 6 +
.../base/metrics/collectd/collectd_service.pp | 11 +
.../profile/base/metrics/collectd/plugin_helper.pp | 6 +
manifests/profile/base/neutron/agents/ovn.pp | 14 +-
manifests/profile/base/neutron/opendaylight.pp | 19 +-
manifests/profile/base/neutron/ovn_northd.pp | 40 +++
manifests/profile/base/neutron/ovs.pp | 2 +-
manifests/profile/base/neutron/plugins/ml2.pp | 12 +-
manifests/profile/base/neutron/plugins/ml2/ovn.pp | 25 +-
manifests/profile/base/neutron/server.pp | 108 ++++--
manifests/profile/base/nova.pp | 56 ++-
manifests/profile/base/nova/api.pp | 56 ++-
manifests/profile/base/nova/compute.pp | 1 +
manifests/profile/base/nova/compute/libvirt.pp | 15 +-
manifests/profile/base/nova/ec2api.pp | 35 ++
manifests/profile/base/nova/placement.pp | 96 +++++
manifests/profile/base/octavia.pp | 57 +++
manifests/profile/base/octavia/api.pp | 54 +++
manifests/profile/base/octavia/health_manager.pp | 33 ++
manifests/profile/base/octavia/housekeeping.pp | 34 ++
manifests/profile/base/octavia/worker.pp | 34 ++
manifests/profile/base/pacemaker.pp | 69 +++-
manifests/profile/base/pacemaker_remote.pp | 37 ++
manifests/profile/base/panko.pp | 1 +
manifests/profile/base/rabbitmq.pp | 54 ++-
manifests/profile/base/sshd.pp | 61 ++++
manifests/profile/base/swift/proxy.pp | 81 +++--
manifests/profile/base/swift/storage.pp | 2 +
manifests/profile/base/tacker.pp | 86 +++++
manifests/profile/base/time/ntp.pp | 28 ++
manifests/profile/pacemaker/ceph/rbdmirror.pp | 98 +++++
manifests/profile/pacemaker/cinder/backup.pp | 26 +-
manifests/profile/pacemaker/cinder/volume.pp | 26 +-
manifests/profile/pacemaker/database/mysql.pp | 29 +-
manifests/profile/pacemaker/database/redis.pp | 40 ++-
manifests/profile/pacemaker/haproxy.pp | 83 +++--
manifests/profile/pacemaker/manila.pp | 65 +++-
manifests/profile/pacemaker/rabbitmq.pp | 54 ++-
manifests/tls_proxy.pp | 60 ++++
manifests/ui.pp | 127 +++++--
manifests/vip_hosts.pp | 39 --
metadata.json | 6 +-
releasenotes/notes/6.2.0-64eaf596539f3ed1.yaml | 64 ++++
.../add-support-for-octavia-f1e472af89e9a05c.yaml | 4 +
.../notes/hpelefthand_8474c416b0d411e6.yaml | 3 +
.../innodb_file_per_table-f925b3bbf29d44ea.yaml | 20 ++
.../notes/nova_cells_setup-2c3e3344d8adcc26.yaml | 3 +
.../proxy-api-endpoints-359e5fb64d80d400.yaml | 6 +
.../notes/puppet-auditd-0f6cbd6a2d193aac.yaml | 4 +
.../rabbitmq_password_change-4fce15c9ebb0e20c.yaml | 4 +
.../notes/remove-old-urls-dea2b7fdcb50dd48.yaml | 12 +
.../notes/rgw-keystone-v3-43ef17dd10f825be.yaml | 5 +
releasenotes/notes/sshd-437c531301f458bb.yaml | 3 +
releasenotes/notes/use-reno-80402e5526a598aa.yaml | 6 +
.../notes/vncserver_listen-4417377cac38464c.yaml | 7 +
releasenotes/source/_static/.placeholder | 0
releasenotes/source/conf.py | 262 ++++++++++++++
releasenotes/source/index.rst | 8 +
releasenotes/source/unreleased.rst | 5 +
setup.cfg | 13 +
setup.py | 22 ++
spec/classes/tripleo_firewall_spec.rb | 87 ++++-
spec/classes/tripleo_midonet_agent_spec.rb | 58 ---
.../tripleo_profile_base_ceilometer_api_spec.rb | 2 +-
spec/classes/tripleo_profile_base_ceph_mds_spec.rb | 59 +++
spec/classes/tripleo_profile_base_ceph_rgw_spec.rb | 11 +
.../tripleo_profile_base_cinder_api_spec.rb | 4 -
.../tripleo_profile_base_cinder_scaleio_spec.rb | 58 +++
spec/classes/tripleo_profile_base_cinder_spec.rb | 6 +
...ipleo_profile_base_cinder_volume_dellps_spec.rb | 58 +++
...tripleo_profile_base_cinder_volume_eqlx_spec.rb | 58 ---
.../tripleo_profile_base_cinder_volume_spec.rb | 18 +-
spec/classes/tripleo_profile_base_nova_api_spec.rb | 137 +++++++
...ripleo_profile_base_nova_compute_ironic_spec.rb | 67 ++++
...ipleo_profile_base_nova_compute_libvirt_spec.rb | 69 ++++
.../tripleo_profile_base_nova_compute_spec.rb | 87 +++++
.../tripleo_profile_base_nova_conductor_spec.rb | 61 ++++
.../tripleo_profile_base_nova_consoleauth_spec.rb | 62 ++++
.../tripleo_profile_base_nova_libvirt_spec.rb | 68 ++++
.../tripleo_profile_base_nova_scheduler_spec.rb | 64 ++++
spec/classes/tripleo_profile_base_nova_spec.rb | 135 +++++++
.../tripleo_profile_base_nova_vncproxy_spec.rb | 62 ++++
.../tripleo_profile_base_octavia_api_spec.rb | 138 +++++++
spec/classes/tripleo_profile_base_octavia_spec.rb | 119 ++++++
spec/classes/tripleo_profile_base_sshd_spec.rb | 30 ++
...ripleo_profile_pacemaker_ceph_rbdmirror_spec.rp | 64 ++++
spec/classes/tripleo_ui_spec.rb | 121 +++++++
.../tripleo_host_sriov_numvfs_persistence_spec.rb | 11 +-
spec/fixtures/hieradata/default.yaml | 16 +
spec/functions/ip_to_erl_format_spec.rb | 11 +
.../docker_distribution/registry_config.yml.erb | 11 +
templates/ui/tripleo_ui_config.js.erb | 31 +-
test-requirements.txt | 4 +
tox.ini | 8 +
144 files changed, 6779 insertions(+), 1008 deletions(-)
Requirements updates
--------------------
diff --git a/test-requirements.txt b/test-requirements.txt
new file mode 100644
index 0000000..bedd666
--- /dev/null
+++ b/test-requirements.txt
@@ -0,0 +1,4 @@
+# this is required for the docs build jobs
+sphinx!=1.2.0,!=1.3b1,<1.3,>=1.1.2
+oslosphinx>=2.5.0 # Apache-2.0
+reno>=0.1.1 # Apache-2.0
More information about the Release-announce
mailing list