[release-announce] tripleo-heat-templates 9.4.1 (rocky)
no-reply at openstack.org
no-reply at openstack.org
Thu Sep 12 09:44:23 UTC 2019
We are overjoyed to announce the release of:
tripleo-heat-templates 9.4.1: Heat templates for deploying OpenStack
with OpenStack.
This release is part of the rocky stable release series.
The source is available from:
https://opendev.org/openstack/tripleo-heat-templates
Download the package from:
https://tarballs.openstack.org/tripleo-heat-templates/
Please report issues through:
https://bugs.launchpad.net/tripleo/+bugs
For more details, please see below.
9.4.1
^^^^^
New Features
************
* *ContainerImageRegistryLogin* has been added to indicate if login
calls should be issued by the container engine on deployment. The
default is set to *false*.
* Values specified in *ContainerImageRegistryCredentials* will now
be used to issue a login call when deploying the container engine on
the hosts if *ContainerImageRegistryLogin* is set to *true*
* Created a *ExtraKernelPackages* parameter to allow users to
install additional kernel related packages prior to loading the
kernel modules defined in *ExtraKernelModules*.
* Add *ContainerNovaLibvirtUlimit* to configure Ulimit for
containerized Libvirt. Defaults to "nofile=131072,nproc=126960".
* Add parameter NovaLibvirtMemStatsPeriodSeconds, which allows to
set *libvirt/mem_stats_period_seconds* parameter value to number of
seconds to memory usage statistics period, zero or negative value
mean to disable memory usage statistics. Default value for
NovaLibvirtMemStatsPeriodSeconds is 10.
* Adds LibvirtLogFilters parameter to define a filter to select a
different logging level for a given category log outputs, as
specified in https://libvirt.org/logging.html . Default: '1:libvirt
1:qemu 1:conf 1:security 3:event 3:json 3:file 3:object 1:util'
* Adds LibvirtTLSPriority parameter to override the compile time
default TLS priority string. Default: 'NORMAL:-VERS-SSL3.0:-VERS-
TLS-ALL:+VERS-TLS1.2'
* Introduced two new numeric parameters OvsRevalidatorCores and
OvsHandlerCores to set values of n-revalidator-threads and n
-handler-threads on openvswitch.
* The RabbitMQ management plugin ("rabbitmq_management") is now
enabled. By default RabbitMQ managment is available on port 15672 on
the localhost ("127.0.0.1") interface.
Upgrade Notes
*************
* The new role variable update_serial is introduced allowing
parallel update execution. On Controller role this variable defaults
to 1 as pacemaker has to be taken down and up in rolling fashion.
The default value is 25 as that is default value for parallel
ansible execution used by tripleo.
Bug Fixes
*********
* Fixed an issue where the update and upgrade tasks for Octavia
would use the removed docker module in Ansible 2.4.
* The passphrase for config option 'server_certs_key_passphrase', is
used as a Fernet key in Octavia and thus must be 32 bytes long. In
the case of an operator-provided passphrase, TripleO will validate
that.
* Certain nova containers require more locked memory that the
default limit of 16KiB. Increase the default memlock to 64MiB via
"DockerNovaComputeUlimit".
As this is only a maximum limit and not a pre-allocatiosn this will
not increase the memory requirements for all nova containers. To
date the only container to require this is
nova_cell_v2_discover_hosts which is short lived.
* https://review.opendev.org/#/c/662109/ removed the bind mount from
/run inside the nova_migration_target container. But the nova-
migration-wrapper inside the container needs access to the libvirt
socket - https://github.com/rdo-packages/nova-distgit/blob/rpm-
master/nova-migration-wrapper#L31 . This adds the bind mount of
/run/libvirt to the nova_migration_target container to fix live
migration issues.
* Recent changes for e.g edge scenarios caused intended move of
discovery from controller to bootstrap compute node. The task is
triggered by deploy-identifier to make sure it gets run on any
deploy,scale, ... run. If deploy run is triggered with --skip-
deploy-identifier flag, discovery will not be triggered at and as
result causing failures in previously supported scenarios. This
change moves the host discovery task to be an ansible
deploy_steps_tasks that it gets triggered even if --skip-deploy-
identifier is used, or the compute bootstrap node is blacklisted.
* Fixes an issue whereby TLS Everywhere brownfield deployments were
timing out because the db entry for cell0 in the database was not
being updated in step 3. This entry is now updated in step 3.
Other Notes
***********
* HostPrepConfig has been removed. The resource isn't used anymore.
It was using the old fashion to run Ansible via Heat, which we don't
need anymore with config-download by default in Rocky.
Changes in tripleo-heat-templates 9.4.0..9.4.1
----------------------------------------------
805f4f938 Use separate plays for Host prep steps
7fc7c3a1c Revert "Do not forcibly enable Glance multiple locations for RBD backend"
179a3c40b Filter nameservers for undercloud networks
82bfea421 Only generate Octavia certs on stack create
d33a58e2d Fix NovaEnableRbdBackend to be role specific
b406ff031 Fix wrong hieradata for glance api authtoken
ffebacc48 Use /var/tmp on host to store temporal files for image upload via Horizon
092cc594f Remove HostPrepConfig
9a31aafd3 Add LibvirtTLSPriority to set libvirtd tls_priority
d632cc3c4 Do not forcibly enable Glance multiple locations for RBD backend
3b61e285b Move cephfs and cephfs_*_pool ceph-ansible parameters in -base
beb1e8f67 Adds LibvirtLogFilters to define a libvirtd filter
022baa43f Unescape IPv6 addresses for ceph_nfs_bind_addr
973ae3e83 Explicitly set notification driver for novajoin
6a514fb14 Redis metadata using incorrect network/service
ed4f818dc Add ExtraKernelPackages
f4f2a900e ceph-base: Disable ceph-ansible firewall tasks
b6c73b753 Configure nova_compute for vendordata
ad1a53934 Revert "Point InternalTLSVncCAFile to /etc/ipa/ca.crt"
0a866602a Use docker_container Ansible module
1c7b5ff95 keystone: drop duplicate -DFOREGROUND
091cdd436 Add the ability to configure ovn-remote-probe-interval
d65795e1e Force "Pre-cache" tasks to run in dry run
c6e9707a8 Change datatype of revalidator,handler threads
04b83ec50 Enable rabbitmq_management plugin
4e1c84eeb Ensure /var/www folder is created in prep host tasks
12ef8149d Create /run/netns if does not exist
43bcbf571 Revert "Revert "Create missing directories before mounting them""
2beb6e7d5 Ensure directories managed by libvirt-daemon exist
55c912f86 neutron-api: remove /usr/share/neutron mount
d9dcd8d51 Add missing update_serial key to compute roles
de71fbfca Add internal keystone endpoint in octavia variables
b93c67231 Point InternalTLSVncCAFile to /etc/ipa/ca.crt
4efdeb4e6 Update mysql url for cell0 in step3
3585f3614 Transport ManilaCephFSDataPoolName to Manila CephFS template
b96b049f9 Fix broken metadata_settings for redis templates
0de8eafc0 Remove scen009 (non-voting) from gate
00a76438f Fix bogus reference to conditional in octavia upgrade tasks
31b9d6017 CI should auto-generate server_certs_key_passphrase
f4709b809 Make nova ephemeral storage backend configurable per-role
c93ea353f Make sure libvirt-guests get started
992ad5437 Adds constraint: OctaviaServerCertsKeyPassphrase must be 32 chars long
f55b8c736 Set selinux type for facter.conf
65e48b0c1 [rocky/queens] fix task name nova_api -> nova_compute
28fb474e7 Fix resume_guests_state_on_host_boot_enabled fact
c6a76f926 Re-Add facter cache for container configurations
88ec71469 Add a suffix for tmpwatch
85a3685bb Add new role parameter NovaLibvirtMemStatsPeriodSeconds
0d991c9e1 Allow logrotate to access container_file_t files
59e4b8140 Rocky: enable container auth support
44e018c40 Increase the default memlock to 64MiB via ``DockerNovaComputeUlimit``.
e3bf1cd37 Support TLS deployments with KernelDisableIPv6 enabled
58b65c1da Move nova cell v2 discovery to deploy_steps_tasks
f72d576f6 Per-Role krb-service-principal for CompactServices
27cbefab7 Add ContainerNovaLibvirtUlimit to tweak Ulimits
a247ee027 Add missing tag 'role_specific' for NovaPciPassthrough parameter
fd62ee685 ceilometer_agent_notification: disable-panko.yaml
95347b3aa Add /run/libvirt to nova_migration_target container
5f19ff99a Fix ipaclient script
5d35daee0 Make comparisons case insensitive
b1486301f Don't create symlink for swift container logs
d8ef4512b Rocky only - allow SSH from any source
042a34fa4 MetricsQdr: Build sslProfiles without internal TLS
64b4a3ab3 MetricsQdr: Add InternalTLS support
29b370dce Update to the ceilometer publisher list
5f4cb7d60 Remove unnecessary openldap-clients package from overcloud controllers
dcf0a74f9 Ensure openstack clients are installed
0107dc76b Revert "ceilometer_agent_notification: disable-panko.yaml"
ab67b7374 Force ansible serial to 1 for the Controller
0ff24b939 Disable iscsi.service to avoid iscsid on host from getting started
27de28a2c OVS Revalidator and handler threads
Diffstat (except docs and test files)
-------------------------------------
.../scenario010-multinode-containers.yaml | 1 -
ci/environments/scenario010-standalone.yaml | 1 -
common/deploy-steps-tasks.yaml | 49 ++++++++
common/deploy-steps.j2 | 72 +++--------
.../octavia/octavia-deployment-config.yaml | 25 +++-
.../nova_cell_v2_discover_hosts.py | 55 --------
.../ceph-ansible/ceph-ansible-per-role.yaml | 18 +++
environments/metrics/collectd-write-qdr.yaml | 3 +-
.../krb-service-principals/role.role.j2.yaml | 17 ++-
.../post_deploy/undercloud_ctlplane_network.py | 15 ++-
extraconfig/services/ipaclient.yaml | 5 +-
puppet/services/ceilometer-base.yaml | 102 +++++++++------
puppet/services/database/redis-base.yaml | 17 ++-
puppet/services/database/redis.yaml | 12 +-
puppet/services/docker.yaml | 31 +++++
puppet/services/ec2-api.yaml | 4 +-
puppet/services/glance-api.yaml | 40 ++++--
puppet/services/horizon.yaml | 1 +
puppet/services/kernel.yaml | 17 +++
puppet/services/manila-backend-cephfs.yaml | 4 +
puppet/services/neutron-api.yaml | 2 +-
puppet/services/nova-compute.yaml | 30 ++++-
puppet/services/nova-libvirt.yaml | 13 ++
puppet/services/octavia-base.yaml | 4 +-
puppet/services/openvswitch.yaml | 18 +++
puppet/services/ovn-controller.yaml | 6 +-
puppet/services/rabbitmq.yaml | 6 +
puppet/services/swift-proxy.yaml | 2 +-
puppet/services/tripleo-firewall.yaml | 3 +-
...-container-registry-login-08d6a87586c84a99.yaml | 10 ++
...-kernel-package-parameter-f3ad68ed4b72b0f5.yaml | 6 +
...date-upgrade-tasks-docker-067489654b2b7e18.yaml | 5 +
.../host_prep_config_removal-f579718021db5385.yaml | 6 +
...rver_certs_key_passphrase-908471f31d09f088.yaml | 5 +
...arams_to_configure_ulimit-82057bf64d7173a8.yaml | 5 +
.../nova-memlock-increase-066ed22764ed3ce1.yaml | 9 ++
..._mem_stats_period_seconds-b9b606232629cb38.yaml | 8 ++
...nova_libvirtd_log_filters-63e9e6501d779dd9.yaml | 8 ++
...ova_libvirtd_tls_priority-d0129f804d7ca847.yaml | 5 +
...ion_target_libvirt_socket-585fa579e5b2704d.yaml | 9 ++
...xternal_post_deploy_tasks-e978560ee59b8b56.yaml | 12 ++
...ator-handler-threads.yaml-f5a12d1066b042f1.yaml | 3 +
...-enable-management-plugin-94b27747e4f5e685.yaml | 6 +
...e-cell0-db-entry-in-step3-9af22193c34e7edd.yaml | 5 +
.../notes/update_serial-785ff794ff88fb2e.yaml | 9 ++
roles/BlockStorage.yaml | 1 +
roles/CephAll.yaml | 2 +
roles/CephFile.yaml | 2 +
roles/CephObject.yaml | 2 +
roles/CephStorage.yaml | 2 +
roles/Compute.yaml | 1 +
roles/ComputeAlt.yaml | 1 +
roles/ComputeDVR.yaml | 1 +
roles/ComputeHCI.yaml | 2 +
roles/ComputeHCIOvsDpdk.yaml | 2 +
roles/ComputeInstanceHA.yaml | 1 +
roles/ComputeLiquidio.yaml | 1 +
roles/ComputeLocalEphemeral.yaml | 63 ++++++++++
roles/ComputeOvsDpdk.yaml | 1 +
roles/ComputeOvsDpdkRT.yaml | 2 +
roles/ComputeOvsDpdkSriov.yaml | 1 +
roles/ComputeOvsDpdkSriovRT.yaml | 2 +
roles/ComputePPC64LE.yaml | 1 +
roles/ComputeRBDEphemeral.yaml | 63 ++++++++++
roles/ComputeRealTime.yaml | 2 +
roles/ComputeSriov.yaml | 1 +
roles/ComputeSriovRT.yaml | 2 +
roles/Controller.yaml | 2 +
roles/ControllerAllNovaStandalone.yaml | 2 +
roles/ControllerNoCeph.yaml | 2 +
roles/ControllerNovaStandalone.yaml | 2 +
roles/ControllerOpenstack.yaml | 2 +
roles/ControllerStorageNfs.yaml | 2 +
roles/Database.yaml | 1 +
roles/HciCephAll.yaml | 2 +
roles/HciCephFile.yaml | 2 +
roles/HciCephMon.yaml | 2 +
roles/HciCephObject.yaml | 2 +
roles/IronicConductor.yaml | 1 +
roles/Messaging.yaml | 1 +
roles/Networker.yaml | 1 +
roles/Novacontrol.yaml | 1 +
roles/ObjectStorage.yaml | 1 +
roles/OpenShiftAllInOne.yaml | 1 +
roles/OpenShiftInfra.yaml | 1 +
roles/OpenShiftMaster.yaml | 1 +
roles/OpenShiftWorker.yaml | 1 +
roles/Telemetry.yaml | 1 +
roles_data.yaml | 7 ++
tools/yaml-validate.py | 27 +++-
validation-scripts/all-nodes.sh | 10 +-
zuul.d/layout.yaml | 1 -
119 files changed, 1064 insertions(+), 350 deletions(-)
More information about the Release-announce
mailing list