Open Stack

We are excited to announce the release of:

tripleo-heat-templates 9.3.0: Heat templates for deploying OpenStack
with OpenStack.

This release is part of the rocky stable release series.

The source is available from:

    http://git.openstack.org/cgit/openstack/tripleo-heat-templates

Download the package from:

    https://tarballs.openstack.org/tripleo-heat-templates/

Please report issues through launchpad:

    https://bugs.launchpad.net/tripleo

For more details, please see below.

9.3.0
^^^^^


New Features
************

* Add new parameter 'GlanceInjectMetadataProperties', to add
  metadata properties to be injected in image. Add new parameter
  'GlanceIgnoreUserRoles',  to specify name of user roles to be
  ignored for injecting metadata properties in the image.

* Allow to output HAProxy in a dedicated file

* Adds new HAProxySyslogFacility param

* Add new TunedCustomProfile parameter which may contain a string in
  INI format describing a custom tuned profile. Also provide a new
  environment file for users of hypercoverged Ceph deployments using
  the Ceph filestore storage backened. The tuned profile is based on
  heavy I/O load testing. The provided environment file creates
  /etc/tuned/ceph-filestore-osd-hci/tuned.conf and sets this tuned
  profile to be active. Not intended for use with Ceph bluestore.


Known Issues
************

* Fix misnaming of service in firewall rule for Octavia Health
  Manager service.


Upgrade Notes
*************

* Deployers that used "resource_registry" override in their
  environment to add networks to roles without also using a custom
  roles data file must create a custom roles data file and add the
  additional network(s) and use this when upgrading.

  Previously it was possible to add additional networks to a role
  without using a custom role by overriding the resource registry, for
  example:

     OS::TripleO::Compute::Ports::ExternalPort: ../network/ports/external.yaml

  Warning: Since resources are no longer added to the plan unless
    the network is specified in the role, the "resource_registry"
    override alone is no longer sufficient.

* Non-lifecycle stack actions like stack check and cancel update for
  undercloud are now disabled. Stack check is yet to be migrated to
  heat convergence architecture and cancel update is not recommended
  for overcloud. Both are disabled by adding required heat policy for
  undercloud. 'overcloud update abort' wrapper for stack cancel update
  had been dropped since few releases.


Deprecation Notes
*****************

* The NodeDataLookup parameter type was changed from string to json


Critical Issues
***************

* Networks not specified for roles in roles data ("roles_data.yaml")
  no longer have Heat resources created. It is now mandatory that
  custom roles are used when non-default networks is used for a role.

  Previously it was possible to add additional networks to a role
  without using a custom role by overriding the resource registry, for
  example:

     OS::TripleO::Compute::Ports::ExternalPort: ../network/ports/external.yaml

  Note: The "resource_registry" override was the only requirement
    prior to the introduction of *Composable Networks* in the Pike
    release.Since Pike a custom role would ideally be used when adding
    networks to roles, but documentation and other guides may not have
    been properly updated and only mention the "resource_registry"
    override.


Bug Fixes
*********

* * Bug 1784967 invalid JSON in NodeDataLookup error message should

    be more helpful

* In other sections we already use the internal endpoints for
  authentication urls. With this change the auth_uri in the neutron
  section gets moved from KeystoneV3Admin to KeystoneV3Internal.

* CephOSD/Compute nodes crash under memory pressure unless custom
  tuned profile is used (bug 1800232).

Changes in tripleo-heat-templates 9.2.0..9.3.0
----------------------------------------------

ded38b744 minor update: move VIP before stopping pacemaker on a node
90c456463 Sanitize the uuid string for ceph-ansible
0b42fb17f Disable stack check and cancel update for undercloud
87b16ddbf run docker_puppet_tasks on any role
b476c1e9a mysql: sync credentials in running container on password change
c8b4fd25f Fix generation of configs that contain password files
9a59f1b0a mysql: do not overwrite password file during docker-puppet
80f48f131 Ensure we get dedicated logging file for HAProxy
5a4431d0a Adding dependency for NetworkDeployment in 'server_resource_name'Deployment
e9c6cf100 Handle case change for dmidecode >= 3.1 in Ceph templates
65111909c Change NodeDataLookup type from string to json
30892a6fc Include the DB password in a Mistral environment for creating backups and restores
11b135e7d Catch directories we can not change ownership
ea6fc8f95 Run nova_statedir_owner on every run
44586cec5 Add ContainerImagePrepare service to ControllerStorageNfs role
5753352ee Move UpgradeInitCommand and UpgradeInitCommonCommand to run by Ansible
85c419f83 Add stop_grace_period for heat_engine container
98d9b8d82 Autocreate CephAnsibleFetchDirectoryBackup
4017891ab Rely on osa defaults for enabled services
2bd91308a Set virt queue size as 1024 for all OVS-DPDK roles
d218493ea Enable ovs-stats by default when using ovs
de03b1ca1 Remove gluster settings from previous deployments on re-deploy
93285264e Ensure logs folder is created in prep hosts tasks.
d95b5b9a7 Revert "Create missing directories before mounting them"
7d24a21b8 Revert "Set proper setype for service directories"
4208b0474 Revert "docker: wire SELinuxMode with Ansible vars"
7f09fc9a3 Add HorizonSecureCookies to environments/ssl/enable-tls.yaml
caf97046f Restart openshift master services after stack update
1c96500c5 Rework the generated openshift-ansible playbook
b49ce79c1 Fix address for glusterfs container images
61ac7d307 Enable image inject metadata properties & user roles to be ignored
606ce4bc5 Set proper setype for service directories
666573d15 Create missing directories before mounting them
9a003d0c8 Configure http/https on OVN Metadata service to talk to Nova
048131984 Enable ceilometer-agent-compute health check
45a118b0f Enable health check for OVN containers
0e3afdce4 Enable fluentd health check
f37b5e062 Bind mount /var/lib/iscsi in containers using iSCSI
3a701cce4 Let the operator manage openshift updates and upgrades
3cb95e163 Update auth parameters
8bdef1e7b Fix typo in octavia upgrade_tasks
836b1b332 Reno only - Check for available networks for a role
9d4dce3ce Do not dereference .stdout if dmidecode is missing
6652aaa47 Enable health check for Ironic inspector services
38e16618b Enable Sahara API health check
220cb3998 docker: wire SELinuxMode with Ansible vars
f750ab67e puppet_config for rabbitmq_bundle needs file_line
4e299d65a Allow customization of more openshift-ansible vars
c2504ed9b Add missing role_specific tag for NUMA aware vswitches params
ff7c6e285 Add TunedCustomProfile parameter and HCI Ceph filestore environment
7e9adc62e Move [neutron] auth_url to KeystoneV3Internal
1132612f7 Fix access to /var/lib/haproxy when SELinux is enabled
b7167b072 Put user data in the main stack
ea52821ca Spliting compact services in multiples lines
a74808faf Fix misnaming of service in firewall rule
6e0ff00b0 Fix Octavia hieradata keys
582182f39 ceilometer: --skip-metering-database is gone
b18740ad4 Set correct project name for designate-neutron integration
3c739c3cd Add /v2 suffix to Designate uris
6c4de510d Split designate envs
4911af207 Add sample designate environment for ha
81f119363 Don't configure BIND to listen on localhost
deec7a6bf Pass in rndc key to Designate deployment
12f4b7192 Open designate-mdns ports in firewall
146398d0b Run designate pool update only on bootstrap node
828821ae7 Configure rndc to listen on internal_api network
6167ffba0 Enable configuration of Designate's pools.yaml
c42247b70 Exposing NeutronDhcpOvsIntegrationBridge
cbf3364a8 Per role Numa aware vswitch configuration
10074982e Add role definition for ComputeOvsDpdkSriov role
e3b4f927c Remove NeutronServicePlugins from octavia environment files


Diffstat (except docs and test files)
-------------------------------------

.../scenario003-multinode-containers.yaml          |  47 ++++++
common/deploy-steps-tasks.yaml                     |  70 ++++-----
common/services.yaml                               |   5 +-
deployed-server/deployed-server.yaml               |  21 ---
.../services/logging/files/opendaylight-api.yaml   |  11 +-
environments/designate-config-ha.yaml              | 127 +++++++++++++++
environments/designate-config.yaml                 |  69 ++++++++
environments/enable-designate.yaml                 |  16 +-
environments/services-baremetal/octavia.yaml       |   1 -
environments/services/octavia.yaml                 |   1 -
environments/ssl/enable-tls.yaml                   |   4 +
environments/tuned-ceph-filestore-hci.yaml         |  13 ++
environments/undercloud.yaml                       |   6 +
.../nova_metadata/krb-service-principals.j2.yaml   |   4 +-
extraconfig/post_deploy/undercloud_post.sh         |   4 +-
extraconfig/post_deploy/undercloud_post.yaml       |   6 +
extraconfig/services/openshift-cns.yaml            |  39 +----
extraconfig/services/openshift-master.yaml         |  58 ++++---
network/endpoints/endpoint_data.yaml               |   6 +
network/endpoints/endpoint_map.yaml                |   3 +
overcloud.j2.yaml                                  |  28 ++++
puppet/extraconfig/pre_deploy/per_node.yaml        |   8 +-
puppet/role.role.j2.yaml                           |  61 +-------
puppet/services/designate-api.yaml                 |   7 +-
puppet/services/designate-central.yaml             |   6 +-
puppet/services/designate-mdns.yaml                |   9 ++
puppet/services/designate-worker.yaml              |  32 +++-
puppet/services/glance-api.yaml                    |  10 ++
puppet/services/haproxy.yaml                       |   5 +
puppet/services/manila-scheduler.yaml              |  11 +-
puppet/services/neutron-dhcp.yaml                  |   9 ++
puppet/services/neutron-ovs-agent.yaml             |   4 +
puppet/services/nova-base.yaml                     |   2 +-
puppet/services/nova-compute.yaml                  |   4 +
puppet/services/octavia-api.yaml                   |  11 ++
puppet/services/octavia-controller.yaml            |  88 +++++++++++
puppet/services/octavia-health-manager.yaml        |  13 +-
puppet/services/octavia-housekeeping.yaml          |  13 +-
puppet/services/octavia-worker.yaml                |  47 ++----
puppet/services/ovn-metadata.yaml                  |  15 ++
puppet/services/pacemaker.yaml                     |  20 +++
puppet/services/pacemaker/haproxy.yaml             |  10 ++
puppet/services/tripleo-packages.yaml              |  44 +++++-
puppet/services/tuned.yaml                         |  15 +-
...-availble-network-in-role-7860d8d5cd1df4b0.yaml |  34 ++++
...eat-non-lifecycle-actions-d551fe4551d71770.yaml |  10 ++
...nject-metadata-properties-72cdc946748e9b1b.yaml |   7 +
...lth-manager-firewall-rule-cdffe31d580ecf4b.yaml |   4 +
.../notes/haproxy-log-2805e3697cbadf49.yaml        |   4 +
...ata_lookup_string_to_json-69362e93d862bd87.yaml |   7 +
..._url_to_internal_endpoint-aaf0e550750335eb.yaml |   7 +
.../tuned_custom_profile-25d1f4a2bc217216.yaml     |  15 ++
roles/ComputeOvsDpdk.yaml                          |   2 +
roles/ComputeOvsDpdkRT.yaml                        |   2 +
roles/ComputeOvsDpdkSriov.yaml                     |  60 +++++++
roles/ComputeOvsDpdkSriovRT.yaml                   |  61 ++++++++
roles/ControllerStorageNfs.yaml                    |   1 +
sample-env-generator/enable-services.yaml          | 174 ++++++++++++++++++++-
sample-env-generator/ssl.yaml                      |   4 +
150 files changed, 1787 insertions(+), 527 deletions(-)