[release-announce] tripleo-heat-templates 10.6.1 (stein)
no-reply at openstack.org
no-reply at openstack.org
Wed Sep 11 14:35:44 UTC 2019
We exuberantly announce the release of:
tripleo-heat-templates 10.6.1: Heat templates for deploying OpenStack
with OpenStack.
This release is part of the stein stable release series.
The source is available from:
https://opendev.org/openstack/tripleo-heat-templates
Download the package from:
https://tarballs.openstack.org/tripleo-heat-templates/
Please report issues through:
https://bugs.launchpad.net/tripleo/+bugs
For more details, please see below.
10.6.1
^^^^^^
New Features
************
* *ContainerImageRegistryLogin* has been added to indicate if login
calls should be issued by the container engine on deployment. The
default is set to *false*.
* Values specified in *ContainerImageRegistryCredentials* will now
be used to issue a login call when deploying the container engine on
the hosts if *ContainerImageRegistryLogin* is set to *true*
* Created a *ExtraKernelPackages* parameter to allow users to
install additional kernel related packages prior to loading the
kernel modules defined in *ExtraKernelModules*.
* When running config-download manually, fact gathering at the play
level can now be controlled with the gather_facts Ansible boolean
variable.
* Add *ContainerNovaLibvirtUlimit* to configure Ulimit for
containerized Libvirt. Defaults to "nofile=131072,nproc=126960".
* Add parameter NovaLibvirtMemStatsPeriodSeconds, which allows to
set *libvirt/mem_stats_period_seconds* parameter value to number of
seconds to memory usage statistics period, zero or negative value
mean to disable memory usage statistics. Default value for
NovaLibvirtMemStatsPeriodSeconds is 10.
* Adds LibvirtLogFilters parameter to define a filter to select a
different logging level for a given category log outputs, as
specified in https://libvirt.org/logging.html . Default: '1:libvirt
1:qemu 1:conf 1:security 3:event 3:json 3:file 3:object 1:util'
* Adds LibvirtTLSPriority parameter to override the compile time
default TLS priority string. Default: 'NORMAL:-VERS-SSL3.0:-VERS-
TLS-ALL:+VERS-TLS1.2'
* This parameter sets inactive probe interval of the JSON session
from ovn-controller to the OVN SB database. By default this it is 5s
which not be sufficient in loaded systems or during high control-
plane activity spikes, leading to unnecessary reconnections to OVSDB
server. Now it is extended by default to 1 min and it is
configurable by param OVNRemoteProbeInterval.
* Introduce a PacemakerTLSPriorities parameter (which will set the
PCMK_tls_priorities config option in /etc/sysconfig/pacemaker and
the PCMK_tls_priorities variable inside the bundle. This, when set,
allows an operator to specify what kind of GNUTLS ciphers are
desired for the pacemaker control port.
Bug Fixes
*********
* Enable VFIO module on boot for SR-IOV deployments. Before this
change on SR-IOV capable deployments when rebooting a compute node,
vfio_iommu_type1 will not be loaded which will cause guest instances
with VF/PF fail to start/spawn.
* The passphrase for config option 'server_certs_key_passphrase', is
used as a Fernet key in Octavia and thus must be 32 bytes long. In
the case of an operator-provided passphrase, TripleO will validate
that.
* Certain nova containers require more locked memory that the
default limit of 16KiB. Increase the default memlock to 64MiB via
"DockerNovaComputeUlimit".
As this is only a maximum limit and not a pre-allocatiosn this will
not increase the memory requirements for all nova containers. To
date the only container to require this is
nova_cell_v2_discover_hosts which is short lived.
* Recent changes for e.g edge scenarios caused intended move of
discovery from controller to bootstrap compute node. The task is
triggered by deploy-identifier to make sure it gets run on any
deploy,scale, ... run. If deploy run is triggered with --skip-
deploy-identifier flag, discovery will not be triggered at and as
result causing failures in previously supported scenarios. This
change moves the host discovery task to be an ansible
deploy_steps_tasks that it gets triggered even if --skip-deploy-
identifier is used, or the compute bootstrap node is blacklisted.
* Deployment with enabled NFS share for nova ephemeral storage
fails. Podman fails to relable with mounted nfs in
/var/lib/nova/instances and container fail to start with "operation
not supported". This change only sets the z flag for the
/var/lib/nova in case nfs is not enabled for the compute.
Changes in tripleo-heat-templates 10.6.0..10.6.1
------------------------------------------------
ac5f18c7e Fix indent in deploy-steps playbook
2d7c68234 HA: fix <service>_restart_bundle with minor update workflow
02e0a4e21 container-puppet: run podman rm with --storage
9858e6eb4 Use separate plays for Host prep steps
f3c9487b6 Revert "Do not forcibly enable Glance multiple locations for RBD backend"
1110b7537 Replace include_tasks with import_tasks
907271797 Respect tags in upgrade tasks
26a0585d4 Split upgrade_steps_playbook into different plays.
fd84e1df3 Add parameters for dateext in logrotate
ffb1d1576 Disable Pacemaker on scenario000
231372441 No cloud_name_$NET_NAME for disabled networks
897a38678 Filter nameservers for undercloud networks
0febc015d Fix NovaEnableRbdBackend to be role specific
338801824 Fix wrong hieradata for glance api authtoken
12ad0d83a Use /var/tmp on host to store temporal files for image upload via Horizon
3f5764691 Set EnablePackageInstall to true by default for in-place OS upgrade
393f43a66 Add LibvirtTLSPriority to set libvirtd tls_priority
2f4dd2c92 Only generate Octavia certs on stack create
c992964f1 Remove pre-upgrade best-effort online data migrations
f5ffc4d4c Fix MariaDB staged upgrade
ffb63dfec Parametrize UpgradeLeappDevelSkip to pass multiple env variables.
78d16ded1 Adds LibvirtLogFilters to define a libvirtd filter
1058955ad Do not forcibly enable Glance multiple locations for RBD backend
90e36a106 Move cephfs and cephfs_*_pool ceph-ansible parameters in -base
2ed88dbcd Explicitly set notification driver for novajoin
af43abe82 Add ExtraKernelPackages
a2cbb5044 Unescape IPv6 addresses for ceph_nfs_bind_addr
b72c5e4bc Configure nova_compute for vendordata
54051f5ec Add tags always into external update tasks.
79b0ff8e9 Use default value for NovaLiveMigrationWaitForVIFPlug
b92aa0e5b Revert "Point InternalTLSVncCAFile to /etc/ipa/ca.crt"
9639dc938 Fix NovaResumeGuestsStateOnHostBoot when using podman
7f7960a53 Allow combining system_upgrade_prepare and system_upgrade_run into system_upgrade
62f6287a8 Support TLS priorities for pacemaker
4b9c3637f Force re-run of pacemaker bundle init containers during upgrade-scaleup
29fdd20bb Fix for enable VFIO module on boot for SR-IOV deployments
d5723703f Fix external resource usage in additional subnets
9af90d740 Fix vlan id assignment with additional subnets
864b2e9e6 Also assign default subnets to network segment
8b8b6dc18 Ensure we get at least one ctlplane subnet
9ee30cdeb Check for rc instead of |succeeded
4b78e7013 Revert "Ensure we get a subnet for ctlplane"
f47bc7b3e Fix retaging of ovn-dbs container during update.
a0b2a75db Fix default network in barbican deployment
375d6a757 Add a daemon-reload to the tripleo-iptables services
2a684c0b8 Ensure we get a subnet for ctlplane
d191423e8 Force "Pre-cache" tasks to run in dry run
abf7c24bd Change datatype of revalidator,handler threads
a8f24be0a Fix typo in barbican deployment
eb09a925f Ensure libnsl dependency is available
837c54259 Redis HA TLS: do not use the pacemaker image tag for redis_tls_proxy
e20d02a8b Fix pcmk remote podman bundle restarts
7b72488d2 Add missing update_serial key to compute roles
ea24fc57d Pacemaker resource upgrade tasks compatible with staged upgrade
1a74f7557 Add internal keystone endpoint in octavia variables
f4a3563bc keystone: drop duplicate -DFOREGROUND
ade09f3a3 Point InternalTLSVncCAFile to /etc/ipa/ca.crt
0cf066490 Generate addition drop-in dependencies for podman containers
e7c3496a9 Transport ManilaCephFSDataPoolName to Manila CephFS template
954abc8e9 ceph-base: Disable ceph-ansible firewall tasks
eb2cfcdb4 Move the Hiera symlink task from post configuration to deployment steps.
945a22166 Handle edge cases in staged upgrade hiera data
6e329424f Upgrade fixes for RabbitMQ and Pacemaker
d89fe28b3 Disable ceph-dashboard by default in Stein
3746b9133 Updates the cephfs_pools format to match that of openstack_pools
3719af166 Prefer CephPoolDefaultPgNum over counterintuitive Manila specific params
9f239f8c8 Fix bogus reference to conditional in octavia upgrade tasks
ac5001004 Enable VFIO module on boot for SR-IOV deployments
4aa557494 Moving NeutronMechanismDrivers value to be list in neutron-ml2-mlnx-sdn.yaml
6d7239812 Add the ability to configure ovn-remote-probe-interval
bb3390b41 Make nova ephemeral storage backend configurable per-role
5b681900c Make sure libvirt-guests get started
680f341f1 CI should auto-generate server_certs_key_passphrase
7bedd167e Correct jinja loop logic for role_networks
bf51f816b Set selinux type for facter.conf
8fe366434 Fix resume_guests_state_on_host_boot_enabled fact
e49b8db26 Only run cellv2 host discovery on default cell
c2397d94d Mount /var/run rw
10e8506e1 Re-Add facter cache for container configurations
76356dc4f Add a suffix for tmpwatch
c3644ab44 Replace hardcoded gather_facts:no with variable
67b7e8d84 Add bind mount for config setup
abf34de6c Add new role parameter NovaLibvirtMemStatsPeriodSeconds
8a9e8ae52 Stop services for unupgraded controllers
2871ce0fa Specify a default for container_registry_logins
463576dc6 Clean docker and podman after executing an update or upgrade
c8ad086ba Allow logrotate to access container_file_t files
d6bd20d5b Stein: Re-enable container auth support
0a3ee4ea7 Support TLS deployments with KernelDisableIPv6 enabled
0fbb061f8 Add stein periodic job not in template
b82417126 Move nova cell v2 discovery to deploy_steps_tasks
2d0e01382 Don't use the z flag in case NovaNfsEnabled is true
1293c460e Increase the default memlock to 64MiB via ``DockerNovaComputeUlimit``.
cfb8e9786 Adds constraint: OctaviaServerCertsKeyPassphrase must be 32 chars long
e022668a0 swift: ensure we get rsyslog state "--check" mode
ac5145c28 Revert "Add container engine authentication support"
169f4ac83 Add container engine authentication support
743b81692 Fix ovn dbs control port
223ddba91 Per-Role krb-service-principal for CompactServices
6c8a064c1 Fix nova compute container depends_on to be list
581d2d544 Add ContainerNovaLibvirtUlimit to tweak Ulimits
29fa95801 Idempotency for system_upgrade_prepare
367f4decd Allow skipping RHSM with Leapp
5f40f0e80 Upgrade playbook fixes for OS upgrade
Diffstat (except docs and test files)
-------------------------------------
.../scenario000-multinode-containers.yaml | 15 +-
.../scenario010-multinode-containers.yaml | 1 -
ci/environments/scenario010-standalone.yaml | 1 -
common/container-puppet.py | 23 +-
common/deploy-steps-tasks.yaml | 49 ++++
common/deploy-steps.j2 | 217 +++++++++-------
.../nova_cell_v2_discover_hosts.py | 62 -----
.../pacemaker_restart_bundle.sh | 40 +++
deployment/aodh/aodh-api-container-puppet.yaml | 15 ++
.../aodh/aodh-evaluator-container-puppet.yaml | 15 ++
.../aodh/aodh-listener-container-puppet.yaml | 15 ++
.../aodh/aodh-notifier-container-puppet.yaml | 15 ++
.../barbican/barbican-api-container-puppet.yaml | 6 +-
.../ceilometer-agent-central-container-puppet.yaml | 15 ++
...ometer-agent-notification-container-puppet.yaml | 15 ++
deployment/ceph-ansible/ceph-base.yaml | 48 ++++
deployment/ceph-ansible/ceph-mds.yaml | 23 +-
deployment/ceph-ansible/ceph-nfs.yaml | 2 +-
deployment/cinder/cinder-api-container-puppet.yaml | 48 ++--
.../cinder/cinder-backup-pacemaker-puppet.yaml | 28 +--
.../cinder/cinder-scheduler-container-puppet.yaml | 15 ++
.../cinder/cinder-volume-pacemaker-puppet.yaml | 118 ++++-----
deployment/containers-common.yaml | 24 ++
deployment/database/mysql-pacemaker-puppet.yaml | 272 +++++++++++----------
deployment/database/redis-container-puppet.yaml | 21 ++
deployment/database/redis-pacemaker-puppet.yaml | 213 ++++++++--------
.../docker/docker-baremetal-ansible.yaml | 71 ++++++
.../nova/nova-placement-container-puppet.yaml | 15 ++
.../panko/panko-api-container-puppet.yaml | 16 ++
deployment/ec2/ec2-api-container-puppet.yaml | 4 +-
.../designate-worker-container-puppet.yaml | 2 +
deployment/glance/glance-api-container-puppet.yaml | 39 ++-
.../gnocchi/gnocchi-api-container-puppet.yaml | 15 ++
.../gnocchi/gnocchi-metricd-container-puppet.yaml | 15 ++
.../gnocchi/gnocchi-statsd-container-puppet.yaml | 15 ++
deployment/haproxy/haproxy-container-puppet.yaml | 15 ++
deployment/haproxy/haproxy-pacemaker-puppet.yaml | 212 ++++++++--------
deployment/heat/heat-api-cfn-container-puppet.yaml | 15 ++
deployment/heat/heat-api-container-puppet.yaml | 16 ++
deployment/heat/heat-engine-container-puppet.yaml | 15 ++
deployment/horizon/horizon-container-puppet.yaml | 17 ++
deployment/ironic/ironic-api-container-puppet.yaml | 17 --
deployment/kernel/kernel-baremetal-puppet.yaml | 17 ++
deployment/keystone/keystone-container-puppet.yaml | 18 +-
.../logrotate-crond-container-puppet.yaml | 60 ++++-
deployment/manila/manila-backend-cephfs.yaml | 4 +
.../manila/manila-share-pacemaker-puppet.yaml | 28 +--
.../memcached/memcached-container-puppet.yaml | 15 ++
deployment/metrics/collectd-container-puppet.yaml | 2 +-
.../neutron/neutron-api-container-puppet.yaml | 17 +-
deployment/nova/nova-api-container-puppet.yaml | 32 ++-
.../nova/nova-compute-common-container-puppet.yaml | 38 ++-
deployment/nova/nova-compute-container-puppet.yaml | 103 ++++----
.../nova/nova-conductor-container-puppet.yaml | 15 ++
deployment/nova/nova-ironic-container-puppet.yaml | 52 ++--
deployment/nova/nova-libvirt-container-puppet.yaml | 71 +++++-
.../nova/nova-metadata-container-puppet.yaml | 15 ++
.../nova-migration-target-container-puppet.yaml | 22 +-
.../nova/nova-scheduler-container-puppet.yaml | 15 ++
.../nova/nova-vnc-proxy-container-puppet.yaml | 15 ++
deployment/nova/novajoin-container-puppet.yaml | 8 +-
.../octavia/octavia-api-container-puppet.yaml | 9 +
deployment/octavia/octavia-base.yaml | 4 +-
.../octavia/octavia-deployment-config.j2.yaml | 25 +-
.../ovn/ovn-controller-container-puppet.yaml | 5 +
deployment/ovn/ovn-dbs-pacemaker-puppet.yaml | 38 ++-
.../pacemaker/clustercheck-container-puppet.yaml | 15 ++
deployment/podman/podman-baremetal-ansible.yaml | 107 +++++++-
...rabbitmq-messaging-notify-pacemaker-puppet.yaml | 225 ++++++++++-------
.../rabbitmq-messaging-pacemaker-puppet.yaml | 222 +++++++++--------
.../rabbitmq-messaging-rpc-pacemaker-puppet.yaml | 243 ++++++++++--------
deployment/swift/swift-proxy-container-puppet.yaml | 6 +-
.../swift/swift-storage-container-puppet.yaml | 4 +-
.../tripleo-firewall-baremetal-puppet.yaml | 30 ++-
.../tripleo-packages-baremetal-puppet.yaml | 41 +++-
.../ceph-ansible/ceph-ansible-per-role.yaml | 18 ++
environments/lifecycle/upgrade-converge.yaml | 1 +
environments/lifecycle/upgrade-prepare.yaml | 1 +
.../network-isolation-no-tunneling.j2.yaml | 6 +-
environments/network-isolation-v6.j2.yaml | 6 +-
environments/network-isolation.j2.yaml | 6 +-
environments/neutron-ml2-mlnx-sdn.yaml | 2 +-
.../krb-service-principals/role.role.j2.yaml | 17 +-
extraconfig/post_deploy/standalone_post.yaml | 28 ---
.../post_deploy/undercloud_ctlplane_network.py | 15 +-
extraconfig/post_deploy/undercloud_post.sh | 2 -
extraconfig/pre_network/boot_param_tasks.yaml | 9 +
.../config/2-linux-bonds-vlans/role.role.j2.yaml | 6 +-
network/config/bond-with-vlans/role.role.j2.yaml | 6 +-
network/config/multiple-nics/role.role.j2.yaml | 6 +-
.../role.role.j2.yaml | 6 +-
network/config/single-nic-vlans/role.role.j2.yaml | 6 +-
network/network.j2 | 10 +-
puppet/all-nodes-config.j2.yaml | 2 +-
puppet/role.role.j2.yaml | 2 +-
puppet/services/README.rst | 18 ++
puppet/services/openvswitch.yaml | 8 +-
puppet/services/pacemaker.yaml | 113 +++++----
...-container-registry-login-08d6a87586c84a99.yaml | 10 +
...-kernel-package-parameter-f3ad68ed4b72b0f5.yaml | 6 +
.../enable-vfio-for-sriov-62b7bd67df250840.yaml | 8 +
.../gather-facts-variable-d7f1d74d1dc68ee9.yaml | 4 +
...rver_certs_key_passphrase-908471f31d09f088.yaml | 5 +
...gration_wait_for_vif_plug-6d16da261a138fb8.yaml | 3 +-
...arams_to_configure_ulimit-82057bf64d7173a8.yaml | 5 +
.../nova-memlock-increase-066ed22764ed3ce1.yaml | 9 +
..._mem_stats_period_seconds-b9b606232629cb38.yaml | 8 +
...nova_libvirtd_log_filters-63e9e6501d779dd9.yaml | 8 +
...ova_libvirtd_tls_priority-d0129f804d7ca847.yaml | 5 +
...xternal_post_deploy_tasks-e978560ee59b8b56.yaml | 12 +
.../nova_nfs_enabled_podman-a92ea12cd4cd92c8.yaml | 8 +
...ovn_remote_probe_interval-023b3fa671f88101.yaml | 9 +
.../notes/pcmktlspriorities-4315010185adf45a.yaml | 7 +
roles/ComputeHCIOvsDpdk.yaml | 2 +
roles/ComputeLocalEphemeral.yaml | 70 ++++++
roles/ComputeOvsDpdkRT.yaml | 1 +
roles/ComputeOvsDpdkSriovRT.yaml | 1 +
roles/ComputeRBDEphemeral.yaml | 70 ++++++
roles/ComputeRealTime.yaml | 1 +
roles/ComputeSriovRT.yaml | 1 +
tools/yaml-validate.py | 27 +-
zuul.d/layout.yaml | 4 +
122 files changed, 2674 insertions(+), 1240 deletions(-)
More information about the Release-announce
mailing list