[release-announce] tripleo-heat-templates 8.4.1 (queens)
no-reply at openstack.org
no-reply at openstack.org
Fri Sep 13 15:18:57 UTC 2019
We are amped to announce the release of:
tripleo-heat-templates 8.4.1: Heat templates for deploying OpenStack
with OpenStack.
This release is part of the queens stable release series.
The source is available from:
https://opendev.org/openstack/tripleo-heat-templates
Download the package from:
https://tarballs.openstack.org/tripleo-heat-templates/
Please report issues through:
https://bugs.launchpad.net/tripleo/+bugs
For more details, please see below.
8.4.1
^^^^^
New Features
************
* Created a *ExtraKernelPackages* parameter to allow users to
install additional kernel related packages prior to loading the
kernel modules defined in *ExtraKernelModules*.
* Added NovaResumeGuestsStateOnHostBoot (true/false) parameter which
configures whether or not to start again instances which were
running at the time of a compute reboot. This will set the
resume_guests_state_on_host_boot parameter in nova.conf and
configures and enables libvirt-guests with a dependency to the
docker service to shutdown instances before the docker container
gets stopped. NovaResumeGuestsShutdownTimeout specifies the number
in seconds for an instance to allow to shutdown.
* Adds support for Ironic Networking Baremetal. Networking Baremetal
is used to integrate the Bare Metal service with the Networking
service.
* Added new composable service (QDR) for containerized deployments.
Metrics QDR will run on each overcloud node in 'edge' mode. This
basically means that there is a possibility there will be two QDRs
running on controllers in case that oslo messaging is deployed. This
is a reason why we need separate composable service for this use
case.
* Add *ContainerNovaLibvirtUlimit* to configure Ulimit for
containerized Libvirt. Defaults to "nofile=131072,nproc=126960".
* Add parameter NovaLibvirtMemStatsPeriodSeconds, which allows to
set *libvirt/mem_stats_period_seconds* parameter value to number of
seconds to memory usage statistics period, zero or negative value
mean to disable memory usage statistics. Default value for
NovaLibvirtMemStatsPeriodSeconds is 10.
* Adds LibvirtLogFilters parameter to define a filter to select a
different logging level for a given category log outputs, as
specified in https://libvirt.org/logging.html . Default: '1:libvirt
1:qemu 1:conf 1:security 3:event 3:json 3:file 3:object 1:util'
* Adds LibvirtTLSPriority parameter to override the compile time
default TLS priority string. Default: 'NORMAL:-VERS-SSL3.0:-VERS-
TLS-ALL:+VERS-TLS1.2'
* Introduced two new numeric parameters OvsRevalidatorCores and
OvsHandlerCores to set values of n-revalidator-threads and n
-handler-threads on openvswitch.
* The RabbitMQ management plugin ("rabbitmq_management") is now
enabled. By default RabbitMQ managment is available on port 15672 on
the localhost ("127.0.0.1") interface.
Upgrade Notes
*************
* The new role variable update_serial is introduced allowing
parallel update execution. On Controller role this variable defaults
to 1 as pacemaker has to be taken down and up in rolling fashion.
The default value is 25 as that is default value for parallel
ansible execution used by tripleo.
Bug Fixes
*********
* Avoid life cycle issues with Cinder volumes by ensuring Cinder has
a default volume type. The name of the default volume type is
controlled by a new CinderDefaultVolumeType parameter, which
defaults to "tripleo". Fixes bug 1782217.
* Fixed an issue where the update and upgrade tasks for Octavia
would use the removed docker module in Ansible 2.4.
* The passphrase for config option 'server_certs_key_passphrase', is
used as a Fernet key in Octavia and thus must be 32 bytes long. In
the case of an operator-provided passphrase, TripleO will validate
that.
* Certain nova containers require more locked memory that the
default limit of 16KiB. Increase the default memlock to 64MiB via
"DockerNovaComputeUlimit".
As this is only a maximum limit and not a pre-allocatiosn this will
not increase the memory requirements for all nova containers. To
date the only container to require this is
nova_cell_v2_discover_hosts which is short lived.
* Add customized libvirt-guests unit file to properly shutdown
instances
If resume_guests_state_on_host_boot is set in nova.conf instances
need to be shutdown using libvirt-guests after nova_compute
container is shut down. Therefore we need a customized libvirt-
guests unit file 1) removes the dependency to libvirt (non
container) that it don't get started as a dependency and make the
nova_libvirt container to fail. 2) adds a dependency to docker
related services that a shutdown of nova_compute container is
possible on system reboot. 3) stops nova_compute container 4)
shutdown VMs
This is a missing part of Bug 1778216.
* https://review.opendev.org/#/c/662109/ removed the bind mount from
/run inside the nova_migration_target container. But the nova-
migration-wrapper inside the container needs access to the libvirt
socket - https://github.com/rdo-packages/nova-distgit/blob/rpm-
master/nova-migration-wrapper#L31 . This adds the bind mount of
/run/libvirt to the nova_migration_target container to fix live
migration issues.
* Fixes an issue whereby TLS Everywhere brownfield deployments were
timing out because the db entry for cell0 in the database was not
being updated in step 3. This entry is now updated in step 3.
Changes in tripleo-heat-templates 8.4.0..8.4.1
----------------------------------------------
581391ac4 Use separate plays for Host prep steps
5ccf92511 Revert "Do not forcibly enable Glance multiple locations for RBD backend"
38a6d1c38 Parallelize server pre and post steps
f53e6b9ed Move cephfs and cephfs_*_pool ceph-ansible parameters in -base
0c672e496 Do not forcibly enable Glance multiple locations for RBD backend
abebaaa6d Fix NovaEnableRbdBackend to be role specific
1c0549153 Fix wrong hieradata for glance api authtoken
d12b5e75b Remove HostPrepConfig (for config-download)
54bedfd07 Use /var/tmp on host to store temporal files for image upload via Horizon
f16a588ad Add LibvirtTLSPriority to set libvirtd tls_priority
2b22127db Adds LibvirtLogFilters to define a libvirtd filter
6006f1400 Redis metadata using incorrect network/service
c0d16ebec Unescape IPv6 addresses for ceph_nfs_bind_addr
781b1413c ceph-base: Disable ceph-ansible firewall tasks
fc30e6351 Add ExtraKernelPackages
293bbb1a3 Add Ironic Networking Baremetal Templates
1cc4fd62e Revert "Point InternalTLSVncCAFile to /etc/ipa/ca.crt"
44581caf5 keystone: drop duplicate -DFOREGROUND
162541f24 Use docker_container Ansible module
a59a78aea Update heat_template_version in templates, with stricter validation
8ec885d04 Add the ability to configure ovn-remote-probe-interval
ff679e51f [FUP] Backport - krb-service-principal metadata per-Role
6839b658a Point InternalTLSVncCAFile to /etc/ipa/ca.crt
6eb1048e3 Force "Pre-cache" tasks to run in dry run
15f83076d Add a ComputePPC64LE role
8f2ce02e4 Change datatype of revalidator,handler threads
199d0cbba Ensure /var/www folder is created in prep host tasks
5d00c7076 Create /run/netns if does not exist
84beb53b7 Create missing directories before mounting them
82d0b03d2 Ensure directories managed by libvirt-daemon exist
d1b90da07 neutron-api: remove /usr/share/neutron mount
23ad857ae Enable rabbitmq_management plugin
ce0cc752d [Queens] Enable container auth support
3a69cc589 Add missing update_serial key to compute roles
937bae534 Add internal keystone endpoint in octavia variables
e333e4dc0 Transport ManilaCephFSDataPoolName to Manila CephFS template
9a6be5798 Update mysql url for cell0 in step3
e0f50b4b3 Fix broken metadata_settings for redis templates
e5f6ec75c Make nova ephemeral storage backend configurable per-role
c7b15693d [rocky/queens] fix task name nova_api -> nova_compute
f2366ae6e Fix logging for metrics_qdr
b2065e2be Adds constraint: OctaviaServerCertsKeyPassphrase must be 32 chars long
886ef22d7 Fix bogus reference to conditional in octavia upgrade tasks
55f64af26 Make sure libvirt-guests get started
df1d20242 Set selinux type for facter.conf
2fac9b80f Fix resume_guests_state_on_host_boot_enabled fact
ed9797c9a QDR for metrics collection purposes
74660dd93 Add customized libvirt-guests unit file to properly shutdown instances
c611f04e0 Add NovaResumeGuestsStateOnHostBoot and NovaResumeGuestsShutdownTimeout
ef01df9b8 Re-Add facter cache for container configurations
81e81932c Add a suffix for tmpwatch
29ba2b3bf Support TLS deployments with KernelDisableIPv6 enabled
aaeb6b05f Add new role parameter NovaLibvirtMemStatsPeriodSeconds
0f51fab0c Allow logrotate to access container_file_t files
87ba89813 OVS Revalidator and handler threads
43cf4c13a Per-Role krb-service-principal for CompactServices
27e547c07 Increase the default memlock to 64MiB via ``DockerNovaComputeUlimit``.
e7a51ea1a Support TLS deployments with KernelDisableIPv6 enabled
77f36d37a Add missing tag 'role_specific' for NovaPciPassthrough parameter
de9453ba2 ceilometer_agent_notification: disable-panko.yaml
7ad2741d5 Add ContainerNovaLibvirtUlimit to tweak Ulimits
cfbf68bda Force ansible serial to 1 for the Controller
ad6effc40 Add /run/libvirt to nova_migration_target container
aec9860ed Queens only: Fixup nova cell0 url fix
c3e215683 Fix ipaclient script
daa050438 Make comparisons case insensitive
1bf53b546 Queens only - allow SSH from any source
c09932d80 Remove unnecessary openldap-clients package from overcloud controllers
8e3ce093d Revert "ceilometer_agent_notification: disable-panko.yaml"
a1fc0f613 Disable iscsi.service to avoid iscsid on host from getting started
9450d1150 Ensure Cinder has a default volume type
7877f8cf5 Fail to live migration if instance has NUMA topology
Diffstat (except docs and test files)
-------------------------------------
.../public-bond/nic-configs/ceph-storage.yaml | 2 +-
.../public-bond/nic-configs/cinder-storage.yaml | 2 +-
.../network/public-bond/nic-configs/compute.yaml | 2 +-
.../public-bond/nic-configs/controller.yaml | 2 +-
.../public-bond/nic-configs/swift-storage.yaml | 2 +-
.../scenario001-multinode-containers.yaml | 4 +-
common/deploy-steps-tasks.yaml | 49 +++++
common/deploy-steps.j2 | 39 ++--
.../octavia/octavia-deployment-config.yaml | 11 +-
.../ceph-ansible/ceph-ansible-per-role.yaml | 14 ++
environments/config-download-environment.yaml | 2 +
...ternal-tls.yaml => enable-internal-tls.j2.yaml} | 4 +-
environments/hyperconverged-ceph.yaml | 2 +
environments/metrics/collectd-standalone.yaml | 2 +-
environments/services-baremetal/ironic.yaml | 2 +
environments/services-docker/ironic.yaml | 2 +
environments/services/collectd.yaml | 2 +-
environments/services/ironic.yaml | 2 +
.../krb-service-principals/role.role.j2.yaml | 17 +-
extraconfig/services/ipaclient.yaml | 5 +-
network/service_net_map.j2.yaml | 1 +
overcloud-resource-registry-puppet.j2.yaml | 4 +
puppet/services/cinder-api.yaml | 5 +
puppet/services/database/redis-base.yaml | 17 +-
puppet/services/database/redis.yaml | 12 +-
puppet/services/docker.yaml | 22 ++
puppet/services/ec2-api.yaml | 4 +-
puppet/services/glance-api.yaml | 34 +++-
puppet/services/horizon.yaml | 1 +
puppet/services/ironic-neutron-agent.yaml | 87 ++++++++
puppet/services/kernel.yaml | 17 ++
puppet/services/manila-backend-cephfs.yaml | 4 +
puppet/services/neutron-api.yaml | 2 +-
puppet/services/nova-compute.yaml | 75 ++++++-
puppet/services/nova-libvirt-guests.yaml | 73 +++++++
puppet/services/nova-libvirt.yaml | 13 ++
puppet/services/nova-metadata.yaml | 2 +-
puppet/services/octavia-base.yaml | 4 +-
puppet/services/openvswitch.yaml | 18 ++
puppet/services/ovn-controller.yaml | 5 +
puppet/services/ovn-metadata.yaml | 2 +-
puppet/services/rabbitmq.yaml | 6 +
puppet/services/swift-proxy.yaml | 2 +-
puppet/services/tripleo-firewall.yaml | 3 +-
...-kernel-package-parameter-f3ad68ed4b72b0f5.yaml | 6 +
...inder-default-volume-type-cc21a256202eb476.yaml | 7 +
...guests-state-on-host-boot-090507db3ffad0d4.yaml | 12 ++
...date-upgrade-tasks-docker-067489654b2b7e18.yaml | 5 +
...rver_certs_key_passphrase-908471f31d09f088.yaml | 5 +
...onic-networking-baremetal-29d9ad465565bb87.yaml | 4 +
.../notes/metrics-qdr-97c00cc8059963fa.yaml | 9 +
...arams_to_configure_ulimit-82057bf64d7173a8.yaml | 5 +
.../nova-memlock-increase-066ed22764ed3ce1.yaml | 9 +
...ustom_libvirt-guests_unit-7ac2c4b5511ca549.yaml | 16 ++
..._mem_stats_period_seconds-b9b606232629cb38.yaml | 8 +
...nova_libvirtd_log_filters-63e9e6501d779dd9.yaml | 8 +
...ova_libvirtd_tls_priority-d0129f804d7ca847.yaml | 5 +
...ion_target_libvirt_socket-585fa579e5b2704d.yaml | 9 +
...ator-handler-threads.yaml-f5a12d1066b042f1.yaml | 3 +
...-enable-management-plugin-94b27747e4f5e685.yaml | 6 +
...e-cell0-db-entry-in-step3-7484135b65c72f7b.yaml | 5 +
.../notes/update_serial-785ff794ff88fb2e.yaml | 9 +
roles/BlockStorage.yaml | 2 +
roles/CephAll.yaml | 3 +
roles/CephFile.yaml | 3 +
roles/CephObject.yaml | 3 +
roles/CephStorage.yaml | 3 +
roles/Compute.yaml | 3 +
roles/ComputeAlt.yaml | 1 +
roles/ComputeDVR.yaml | 3 +
roles/ComputeHCI.yaml | 4 +
roles/ComputeHCIOvsDpdk.yaml | 4 +
roles/ComputeInstanceHA.yaml | 3 +
roles/ComputeLiquidio.yaml | 3 +
roles/ComputeLocalEphemeral.yaml | 63 ++++++
roles/ComputeOvsDpdk.yaml | 3 +
roles/ComputeOvsDpdkRT.yaml | 4 +
roles/ComputeOvsDpdkSriov.yaml | 3 +
roles/ComputeOvsDpdkSriovRT.yaml | 2 +
roles/ComputePPC64LE.yaml | 63 ++++++
roles/ComputeRBDEphemeral.yaml | 63 ++++++
roles/ComputeRealTime.yaml | 4 +
roles/ComputeSriov.yaml | 3 +
roles/ComputeSriovRT.yaml | 4 +
roles/Controller.yaml | 2 +
roles/ControllerAllNovaStandalone.yaml | 2 +
roles/ControllerNoCeph.yaml | 2 +
roles/ControllerNovaStandalone.yaml | 2 +
roles/ControllerOpenstack.yaml | 2 +
roles/ControllerStorageNfs.yaml | 2 +
roles/Database.yaml | 2 +
roles/HciCephAll.yaml | 4 +
roles/HciCephFile.yaml | 4 +
roles/HciCephMon.yaml | 4 +
roles/HciCephObject.yaml | 4 +
roles/IronicConductor.yaml | 2 +
roles/Messaging.yaml | 3 +-
roles/Networker.yaml | 2 +
roles/Novacontrol.yaml | 2 +
roles/ObjectStorage.yaml | 2 +
roles/Telemetry.yaml | 2 +
roles_data.yaml | 12 ++
tools/yaml-validate.py | 63 +++++-
validation-scripts/all-nodes.sh | 10 +-
132 files changed, 1548 insertions(+), 152 deletions(-)
More information about the Release-announce
mailing list