[release-announce] puppet-tripleo 9.1.0 (rocky)
no-reply at openstack.org
no-reply at openstack.org
Tue Jun 5 20:02:35 UTC 2018
We contentedly announce the release of:
puppet-tripleo 9.1.0: Puppet module for OpenStack TripleO
This release is part of the rocky release series.
The source is available from:
http://git.openstack.org/cgit/openstack/puppet-tripleo
Download the package from:
https://tarballs.openstack.org/puppet-tripleo/
Please report issues through launchpad:
http://bugs.launchpad.net/tripleo (tag: puppet)
For more details, please see below.
9.1.0
^^^^^
New Features
************
* Added parameters to generate wrapper scripts for the neutron dhcp
and l3 agents to run dnsmasq and keepalived, respectively, in
separate containers.
* Added *tripleo::profile::base::docker::additional_sockets* to
allow configuring additional domain sockets bindings on dockerd.
This facilitates creating containers that need to access dockerd
without having to mount /run.
* Support separate oslo.messaging services for RPC and
Notifications. Enable separate messaging backend servers.
Upgrade Notes
*************
* The following hieradata updates for cinder netapp integration
should be done.
cinder::backend::netapp::netapp_pool_name_search_pattern should be
used as cinder::backend::netapp::netapp_storage_pools and
cinder::backend::netapp::netapp_volume_list have been removed.
cinder::backend::netapp::netapp_host_type should be configured
instead of cinder::backend::netapp::netapp_eseries_host_type
* Rotated logs of containerized services in /var/log/containers will
be purged with the next containerized logrotate run triggered via
cron, if the rotated logs have been kept longer than
*purge_after_days* (defaults to a 14 days).
The logrotate maxage parameter is set to *purge_after_days* as well.
The size parameter does not honor time-based constraints and is
disabled as not GDPR compliant. From now on, it configures maxsize
instead. Minsize is set to a 1 byte to put all /var/log/containers
logs under the containerized logrotate control.
New param *rotation* additionally allows to alter logrotate rotation
interval, like 'hourly' or 'weekly'.
Deprecation Notes
*****************
* tripleo::profile::base::docker(_registry) are deprecated (replaced
by ansible-role-container-registry) and will be removed in the next
release.
* Deployment of a managed Ceph cluster using puppet-ceph is not
supported from the Pike release. From the Queens release it is not
supported to use puppet-ceph when configuring OpenStack with an
external Ceph cluster. In Rocky any support file necessary for the
deployment with puppet-ceph is removed completely.
Security Issues
***************
* Retention rules of files in /var/log/containers additionally
defined in the containerized logrotate postrotate script and based
on any of the listed criteria met:
* time of last access of contents (atime) exceeds
*purge_after_days*,
* time of last modification of contents (mtime) exceeds
*purge_after_days*,
* time of last modification of the inode (metadata, ctime) exceeds
*purge_after_days*.
Expired files will be purged forcibly with each containerized
logrotate run triggered via cron. Note that the files creation time
(the Birth attribute) is not taken into account as it cannot be
accessed normally by system operators (depends on FS type).
Retention policies based on the creation time must be managed
elsewhere.
Bug Fixes
*********
* Fixes HA Proxy with OpenDaylight to use the correct HTTP URL for
backend check. See https://bugs.launchpad.net/tripleo/+bug/1768037
* Fixes OpenDaylight Websocket HA Proxy configuration to use
transparent binding type. See
https://bugs.launchpad.net/tripleo/+bug/1764514
Other Notes
***********
* Add the compress option for the containerized logrotate service to
compress rotated logs by default.
Changes in puppet-tripleo 9.0.0..9.1.0
--------------------------------------
e1ecbb1 Release 9.1.0 - Rocky m2
17c1c2e ssh: allow to configure PasswordAuthentication
855a5a5 Disallow SSLv2, SSLv3 and TLS1.0 in rabbitmq for FedRAMP compliance
684521f Neutron sidecar wrappers use netns they were invoked with
ea84574 Move unfencing to meta_params
a9c1bc3 Lower the default stunnel log level
58c4519 Automatically configure neutron with designate
f2484a0 Fix up property names in case of mixed case hostnames
c796ed3 Remove support for puppet-ceph
cafb998 Fix duplicate entries in /etc/sysconfig/iptables
5a58ca5 Rework GDPR compliant logrotate config
b7021aa Add missing nfs_mount_options for Cinder Netapp backend
b2d7cab Update netapp cinder configuration
e136545 Force GDPR compliance of containers logs
767cd52 Deprecate tripleo::profile::base::docker(_registry)
2bf893c Fix certificate ownership of rabbitmq
3d04512 Remove share_backend_name from Dell-EMC manila backends
3b6c90a Neutron wrappers: lookup for THT parameter
8077672 Optionally the docker group to the mistral user
fdd0a2b Add s3api support
b0d2061 Conditionally Enable Nuage VRS
f331708 Add logrotate compress option
015c9b7 Adding wrapper scripts for neutron agent subprocesses
ac4f32e Switch from rabbit to using oslo messaging params
c53ea25 Fixes HA Proxy backend check for ODL
1cece4b docker: force insecure registries to be an array
1c46f6e Disallow SSLv2, SSLv3 and TLS1.0 in mysql for FedRAMP compliance
ffc4ca8 Treat IP address as optional in Cisco VTS ML2 configuration
5eee00d Allow configuration of NFS backend for Nova
203083e Only run os-net-config if file has content
7f59247 Add NVMeOF support to configure cinder backend
94ca328 Firewall: NOT persist ephemetal ironic-inspector rules
87f616a Trivial: fix a comment typo
6ced0e2 logging: fluentd add multi log files on sources
a5561f0 Force stunnel to use TLSv1.2
8bb4af7 Changing opendaylight loadbalancing alogirthm
70bedee Fixes binding type for OpenDaylight Websocket
b2495dc Fluentd monitoring interface
c31a624 Removing conditions to enable Nuage VRS and Metadata Agent
c04557f Support separate oslo.messaging services for RPC and Notifications
8187a83 Disable curl globbing
Diffstat (except docs and test files)
-------------------------------------
manifests/certmonger/ca/crl.pp | 2 +-
manifests/certmonger/rabbitmq.pp | 4 -
manifests/firewall.pp | 22 +++
manifests/haproxy.pp | 21 ++-
manifests/network/os_net_config.pp | 1 +
manifests/profile/base/aodh.pp | 69 +++++----
manifests/profile/base/barbican/api.pp | 69 +++++----
manifests/profile/base/ceilometer.pp | 69 +++++----
manifests/profile/base/ceph.pp | 83 -----------
manifests/profile/base/ceph/client.pp | 34 -----
manifests/profile/base/ceph/mds.pp | 40 ------
manifests/profile/base/ceph/mon.pp | 49 -------
manifests/profile/base/ceph/osd.pp | 53 -------
manifests/profile/base/ceph/rgw.pp | 100 -------------
manifests/profile/base/cinder.pp | 69 +++++----
manifests/profile/base/cinder/backup/swift.pp | 2 +-
manifests/profile/base/cinder/volume.pp | 16 ++-
manifests/profile/base/cinder/volume/netapp.pp | 57 +++++---
manifests/profile/base/cinder/volume/nvmeof.pp | 74 ++++++++++
manifests/profile/base/cinder/volume/rbd.pp | 4 +-
manifests/profile/base/congress.pp | 38 +++--
manifests/profile/base/database/mysql.pp | 9 ++
manifests/profile/base/designate.pp | 30 ++--
manifests/profile/base/docker.pp | 37 ++++-
manifests/profile/base/glance/api.pp | 109 ++++++++++----
manifests/profile/base/gnocchi/api.pp | 1 -
manifests/profile/base/heat.pp | 69 +++++----
manifests/profile/base/ironic.pp | 38 +++--
manifests/profile/base/keystone.pp | 69 +++++----
manifests/profile/base/logging/fluentd.pp | 28 ++++
.../base/logging/fluentd/fluentd_service.pp | 34 ++---
manifests/profile/base/logging/logrotate.pp | 35 ++++-
manifests/profile/base/manila.pp | 69 +++++----
manifests/profile/base/manila/share.pp | 5 -
manifests/profile/base/mistral.pp | 69 +++++----
manifests/profile/base/mistral/executor.pp | 15 ++
manifests/profile/base/neutron.pp | 78 +++++-----
manifests/profile/base/neutron/agents/nuage.pp | 26 +---
.../profile/base/neutron/dhcp_agent_wrappers.pp | 88 ++++++++++++
.../profile/base/neutron/l3_agent_wrappers.pp | 157 +++++++++++++++++++++
.../profile/base/neutron/plugins/ml2/nuage.pp | 9 ++
manifests/profile/base/neutron/plugins/ml2/vts.pp | 16 ++-
.../base/neutron/wrappers/dibbler_client.pp | 43 ++++++
manifests/profile/base/neutron/wrappers/dnsmasq.pp | 43 ++++++
manifests/profile/base/neutron/wrappers/haproxy.pp | 43 ++++++
.../profile/base/neutron/wrappers/keepalived.pp | 43 ++++++
.../neutron/wrappers/keepalived_state_change.pp | 38 +++++
manifests/profile/base/neutron/wrappers/radvd.pp | 43 ++++++
manifests/profile/base/nova.pp | 69 +++++----
manifests/profile/base/nova/compute.pp | 9 +-
.../profile/base/nova/compute_libvirt_shared.pp | 1 -
manifests/profile/base/novajoin.pp | 44 +++---
manifests/profile/base/octavia.pp | 38 +++--
manifests/profile/base/pacemaker/instance_ha.pp | 2 +-
manifests/profile/base/qdr.pp | 9 +-
manifests/profile/base/rabbitmq.pp | 92 +++++++++---
manifests/profile/base/sahara.pp | 69 +++++----
manifests/profile/base/sshd.pp | 12 +-
manifests/profile/base/swift/proxy.pp | 95 ++++++-------
manifests/profile/base/swift/ringbuilder.pp | 4 +-
manifests/profile/base/tacker.pp | 38 +++--
manifests/profile/pacemaker/ceph/rbdmirror.pp | 98 -------------
.../profile/pacemaker/cinder/backup_bundle.pp | 2 +-
.../profile/pacemaker/cinder/volume_bundle.pp | 2 +-
manifests/profile/pacemaker/database/mysql.pp | 30 +++-
.../profile/pacemaker/database/mysql_bundle.pp | 32 ++++-
.../profile/pacemaker/database/redis_bundle.pp | 2 +-
manifests/profile/pacemaker/haproxy_bundle.pp | 2 +-
manifests/profile/pacemaker/manila/share_bundle.pp | 2 +-
manifests/profile/pacemaker/ovn_dbs_bundle.pp | 2 +-
manifests/profile/pacemaker/rabbitmq.pp | 79 +++++++----
manifests/profile/pacemaker/rabbitmq_bundle.pp | 91 +++++++-----
manifests/stunnel.pp | 5 +
manifests/stunnel/service_proxy.pp | 5 +
metadata.json | 5 +-
...dd-neutron-agent-wrappers-bf84104f3607264b.yaml | 8 ++
...-netapp-hieradata-changes-3004544d96796e76.yaml | 9 ++
.../notes/docker_registry-163bf23bc95761a8.yaml | 5 +
.../fix-odl-haproxy-check-ce000de26141fa7e.yaml | 5 +
...aylight-websocket-haproxy-7220b0c25ff13faa.yaml | 5 +
...otate-containers-compress-96934a4e76b9689d.yaml | 5 +
...ogrotate-containers-purge-56143a979ba80b51.yaml | 38 +++++
...ssaging-separate-backends-69aabd30ba470e61.yaml | 4 +
...e-support-for-puppet-ceph-bbe044bd575d1239.yaml | 9 ++
spec/classes/tripleo_certmonger_ca_crl_spec.rb | 4 +-
.../tripleo_profile_base_ceph_client_spec.rb | 59 --------
spec/classes/tripleo_profile_base_ceph_mds_spec.rb | 59 --------
spec/classes/tripleo_profile_base_ceph_mon_spec.rb | 77 ----------
spec/classes/tripleo_profile_base_ceph_osd_spec.rb | 75 ----------
spec/classes/tripleo_profile_base_ceph_rgw_spec.rb | 112 ---------------
spec/classes/tripleo_profile_base_ceph_spec.rb | 99 -------------
...ipleo_profile_base_cinder_volume_nvmeof_spec.rb | 52 +++++++
spec/classes/tripleo_profile_base_docker_spec.rb | 12 ++
.../tripleo_profile_base_logging_fluentd_spec.rb | 63 ++++++++-
.../tripleo_profile_base_neutron_dhcp_spec.rb | 46 ++++++
.../tripleo_profile_base_neutron_l3_spec.rb | 46 ++++++
.../tripleo_profile_base_neutron_ml2_vts_spec.rb | 6 +
.../tripleo_profile_base_nova_compute_spec.rb | 13 ++
.../classes/tripleo_profile_base_pacemaker_spec.rb | 2 +-
spec/classes/tripleo_profile_base_sshd_spec.rb | 14 +-
...ripleo_profile_pacemaker_ceph_rbdmirror_spec.rp | 64 ---------
...le_base_neutron_wrappers_dibbler_client_spec.rb | 58 ++++++++
...o_profile_base_neutron_wrappers_dnsmasq_spec.rb | 59 ++++++++
...o_profile_base_neutron_wrappers_haproxy_spec.rb | 62 ++++++++
...rofile_base_neutron_wrappers_keepalived_spec.rb | 59 ++++++++
...eutron_wrappers_keepalived_state_change_spec.rb | 58 ++++++++
...leo_profile_base_neutron_wrappers_radvd_spec.rb | 62 ++++++++
spec/fixtures/hieradata/default.yaml | 6 +-
spec/fixtures/hieradata/step4.yaml | 10 +-
templates/logrotate/containers_logrotate.conf.erb | 17 ++-
templates/neutron/dibbler-client.epp | 33 +++++
templates/neutron/dnsmasq.epp | 30 ++++
templates/neutron/haproxy.epp | 30 ++++
templates/neutron/keepalived.epp | 32 +++++
.../neutron/neutron-keepalived-state-change.epp | 32 +++++
templates/neutron/radvd.epp | 30 ++++
templates/redis/redis-notifications.sh.erb | 2 +-
templates/stunnel/foreground.erb | 1 +
templates/stunnel/service.erb | 1 +
zuul.d/layout.yaml | 4 -
120 files changed, 2603 insertions(+), 1833 deletions(-)
More information about the Release-announce
mailing list