[release-announce] tripleo-heat-templates 12.4.0 (ussuri)
no-reply at openstack.org
no-reply at openstack.org
Fri Jul 24 18:45:50 UTC 2020
We are gleeful to announce the release of:
tripleo-heat-templates 12.4.0: Heat templates for deploying OpenStack
with OpenStack.
This release is part of the ussuri stable release series.
The source is available from:
https://opendev.org/openstack/tripleo-heat-templates
Download the package from:
https://tarballs.openstack.org/tripleo-heat-templates/
Please report issues through:
https://bugs.launchpad.net/tripleo/+bugs
For more details, please see below.
12.4.0
^^^^^^
New Features
************
* Add new BarbicanClient tripleo service for configuring DCN/Edge
nodes to access a barbican service running in the control plane. The
client service is disabled by default, and can be enabled by
including the environments/services/barbican-edge.yaml environment
file when deploying a DCN/Edge stack.
* Added new PublicTLSCAFile parameter, that is used to set the ca
cert in clouds.yaml for keystone public endpoint. This defaults to
empty string ('') assuming that the certs are already trusted.
* Add GlanceImagePrefetcherInterval parameter to run periodic job
which fetches the queued images for caching in cache directory, when
image cache is enabled.
* Add boolean parameter
*NovaSchedulerQueryPlacementForAvailabilityZone* that sets
*scheduler/query_placement_for_availability_zone* parameter. It
allows the scheduler to look up a host aggregate with metadata key
of availability zone set to the value provided by incoming request,
and request result from placement be limited to that aggregate.
Default value for NovaSchedulerQueryPlacementForAvailabilityZone is
false.
* Adds the "OctaviaLogOffload" setting to enable amphora log
offloading.
* Added support for VxFlexOS cinder block storage backend driver
Deprecation Notes
*****************
* Usage of the option "NeutronFirewallDriver" which was used to set
"firewall_driver" config option in the Neutron server's config is
now deprecated. Firewall driver should be set per agent in the
agent's config. It can be done using "NeutronOVSFirewallDriver"
option. Option in the Neutron server was in there just for backward
compatybility reasons but since Newton release all Neutron agents
are reporting to the server what firewall driver is used so there is
no need to keep this legacy, server side option anymore.
Bug Fixes
*********
* Ensure the barbican Key Manager settings are configured on
DCN/Edge nodes when the barbican service is deployed in the control
plane. See bug 1886070
(https://bugs.launchpad.net/tripleo/+bug/1886070).
Other Notes
***********
* The ValidateNtp has been removed from the all nodes validation
configuration. During the time sync configuration we already do a
check to ensure the ntp servers are available. If they are not we
will fail with an appropriate message. The ValidateNtp option came
from a time before we could fail in a more explicit way.
Changes in tripleo-heat-templates 12.3.0..12.4.0
------------------------------------------------
1ed3cef04 Remove strategy comment
507898442 Ensure redis_tls_proxy starts after all redis instances
afc7e2c28 Use tripleo linear when not using tripleo free
b5b2bb640 Add BarbicanClient service for configuring edge sites
6358fd4a1 Remove /run from some services
0d587d8ce Drop the relabel flag for bind-mount
22544669d Switch deploy steps to tripleo_free
9c861fcfc Revert "Prevent nftables to interfere with tripleo firewall"
0c2bee43b Add become: true to the container json file modules
c6bafbf03 FFU support for ceph_nfs
71a8917a1 deploy-steps-playbooks-common: fix logic for scale_ignore_unreachable
3b6874daa Convert roles section into tasks-include_role in deploy-steps.j2.
eefa55e34 Simplify host entries generation
381f0146f Check for correct column name for execution show
d29386d8b Move sidecar kill scripts to host prep
f917423be Fix privilege escalation
4ed5c76e4 Generate container startup configs with a new module
03ab2f26d Fix bind mount volumes for novajoin containers
155a2b2a5 Always clear cached facts first
3166f641c Collapse host prep tasks
ccb139178 Collapse deploy steps
6cf0b38c4 Don't set RABBITMQ_SERVER_ERL_ARGS
3c48469a7 Task should fail on any failure
4465977d9 Fix default BlockStorageCinderVolume template
d423af38a undercloud/heat: set YAQL memory quota to 200000
cdfaab952 Add filestore to bluestore migration tags
7ab3de589 Exclude /etc/hostname
48d735e72 Add non-string value support for CephAnsibleEnvironmentVariables
b366fd9e1 Sync httpd conf.modules.d configs
de45a1fc6 Cleanup all container startup configs before generating the new ones
51e697362 Fix Error: invalid arguments you must use just one container
48940849b Add new parameter PublicTLSCACert
bd8756ef9 Add project template for IPA multinode
35a3bb146 Adding amphora architecture to heat templates
31832bda9 Disable Sahara in scenario003-standalone
4cb98be4d Increase the default UpgradeLeappRebootTimeout to 60 mins
0ed634442 Allow more tasks to be run in check mode
61b564480 Add composible service for tls enrollment
ccdbbc9ab Disable presettled metrics
fe759c675 Disable Designate service for scenario 03
454a0e652 Allow overriding InterfaceDefaultRoute with ips_from_pool template
c775af9e6 collectd: add support for mcelog service
1ca404cbc Move nova online migrations to nova-conductor
64641facd Fix syntax error
7f96ee799 Adding env file for octavia with kvm
c8d6df463 Update loop_vars
81b479b14 Allow triggering ceph-ansible filestore-to-bluestore with ceph_fstobs tag
faf2ae187 Ironic create_swift_temp_url_key use internal edpoint
71919ffed Support for Dell EMC VXFlexOS Backend
2c9034053 Consider user configuration during the derivation of passthrough whitelist
8a8cf9a5d Only enable leapp tasks when distribution is correct
b26167919 Unify metrics_qdr name to underscore
3ac4735cc Fix dry-run for NetworkConfig tasks
da727d0c4 Fix reserved name variable
89a2b9a3e Remove ValidateNtp
201f4db58 enable dpdk plugin on neutron ovn and ovs
dadc45daa Use empty string for overcloud InternalTLSCAFile param
213bb2680 Remove Ceph{Admin,Mon,Mds}Key parameters
e1670159d Add an option to adjust help URL in horizon
31f2658df Add the ability to offload amphora logs
6a119dcfb Ensure net.ipv6.conf.lo.disable_ipv6=0
9ee2f7418 Check transfer data flag to skip pacemaker normal upgrade.
e25ff3d50 Update minion rabbit credentials
66683ad94 Fix node scaling
db5f2b1d7 Add additional files to ipa standalone test
1d7070e92 Update scn003 to exercise ExtraFirewallrules capabilities
96327c8ef Revert "Only enable leapp tasks when distribution is correct"
b225e6b48 Add reserved ports for some services
392de5157 Change the :Z mount flag to :z
97464f164 Enable glance cache prefetcher interval
1c87fae29 MaxFailPercentage: default to 0
4ab32733a Configure valid_exit_code for startup containers
d6e86c4cf Fix sending SIGTERM to the sidecar containers
8bdf199af Set default InternalTLSCAFile in enable-tls.yaml
9551cfa6a rhsm: add rhsm_release in environment for doc purpose
8eaf18682 Move chcon for /var/lib/config-data
7dbd96c43 Make user value for GlanceImageImportPlugin prevail on logic
e52cfc03c Include tripleo_ceph_workdir role on rgw variables override
05f19f2c5 Force container deletion if namespace does not exist in service_kill
a01c36127 Modify tls-e service to not install packages by default
c56920c79 Correctly match openvswitch package
00c2da440 Enable adding packages into Leapp's to_remove/to_install files.
4dba85d81 Use /32 or /128 netmask for VIPs
c939d913b Remove unnecessary check after removing libvirt rpm dependencies
3a44feeb4 Only enable leapp tasks when distribution is correct
5bbc3ab7d Fix typo in the description of the Neutron related options
5d50ea313 Split ansible_limit with a colon.
7436ab8db Deprecate old NeutronFirewallDriver option
66e029cc3 Add new parameter NovaSchedulerQueryPlacementForAvailabilityZone
8e45fac85 Update TOX_CONSTRAINTS_FILE for stable/ussuri
829bc7268 Update .gitreview for stable/ussuri
Diffstat (except docs and test files)
-------------------------------------
.gitreview | 1 +
README.rst | 2 +
all-nodes-validation.yaml | 6 -
ci/common/all-nodes-validation-disabled.yaml | 6 -
ci/environments/octavia-kvm.yaml | 7 +
ci/environments/scenario000-standalone.yaml | 1 +
.../scenario001-multinode-containers.yaml | 6 +-
ci/environments/scenario001-standalone.yaml | 8 +-
ci/environments/scenario003-standalone.yaml | 30 ++-
ci/environments/scenario004-standalone.yaml | 7 +-
.../scenario010-multinode-containers.yaml | 2 -
ci/environments/scenario010-standalone.yaml | 6 +-
common/container-puppet.sh | 13 +-
common/container_startup_configs_tasks.yaml | 19 --
common/deploy-steps-playbooks-common.yaml | 36 ++-
common/deploy-steps-tasks-step-0.j2.yaml | 3 +
common/deploy-steps-tasks-step-1.yaml | 48 ++--
common/deploy-steps-tasks.yaml | 8 +
common/deploy-steps.j2 | 165 ++++++--------
common/generate-config-tasks.yaml | 2 +
common/hiera-steps-tasks.yaml | 1 +
container_config_scripts/wait-port-and-run.sh | 18 ++
deployed-server/scripts/enable-ssh-admin.sh | 3 +-
deployment/aodh/aodh-api-container-puppet.yaml | 7 +
.../barbican/barbican-api-container-puppet.yaml | 7 +
deployment/barbican/barbican-client-puppet.yaml | 60 +++++
deployment/ceph-ansible/ceph-base.yaml | 16 +-
deployment/ceph-ansible/ceph-client.yaml | 5 +-
deployment/ceph-ansible/ceph-external.yaml | 5 +-
deployment/ceph-ansible/ceph-grafana.yaml | 5 +-
deployment/ceph-ansible/ceph-mds.yaml | 12 +-
deployment/ceph-ansible/ceph-mgr.yaml | 5 +-
deployment/ceph-ansible/ceph-mon.yaml | 22 +-
deployment/ceph-ansible/ceph-nfs.yaml | 49 +++-
deployment/ceph-ansible/ceph-osd.yaml | 5 +-
deployment/ceph-ansible/ceph-rbdmirror.yaml | 5 +-
deployment/ceph-ansible/ceph-rgw.yaml | 9 +-
deployment/cinder/cinder-api-container-puppet.yaml | 7 +
.../cinder-backend-dellemc-vxflexos-puppet.yaml | 148 +++++++++++++
.../cinder/cinder-backup-pacemaker-puppet.yaml | 4 +-
.../cinder/cinder-common-container-puppet.yaml | 4 +
.../cinder/cinder-volume-pacemaker-puppet.yaml | 4 +-
deployment/containers-common.yaml | 3 +
deployment/database/mysql-pacemaker-puppet.yaml | 4 +-
deployment/database/redis-container-puppet.yaml | 1 -
deployment/database/redis-pacemaker-puppet.yaml | 14 +-
.../docker/docker-baremetal-ansible.yaml | 4 +-
deployment/glance/glance-api-container-puppet.yaml | 23 +-
.../gnocchi/gnocchi-api-container-puppet.yaml | 7 +
deployment/haproxy/haproxy-pacemaker-puppet.yaml | 6 +-
deployment/haproxy/haproxy-public-tls-inject.yaml | 15 +-
deployment/heat/heat-api-cfn-container-puppet.yaml | 7 +
deployment/heat/heat-api-container-puppet.yaml | 7 +
deployment/horizon/horizon-container-puppet.yaml | 13 ++
deployment/ipa/ipaservices-baremetal-ansible.yaml | 2 +-
deployment/ironic/ironic-api-container-puppet.yaml | 7 +
.../ironic/ironic-conductor-container-puppet.yaml | 1 +
deployment/ironic/ironic-pxe-container-puppet.yaml | 7 +
deployment/kernel/kernel-baremetal-ansible.yaml | 4 +
deployment/keystone/keystone-container-puppet.yaml | 15 +-
deployment/logrotate/tmpwatch-install.yaml | 3 +-
deployment/manila/manila-api-container-puppet.yaml | 7 +
.../manila/manila-share-pacemaker-puppet.yaml | 4 +-
deployment/metrics/collectd-container-puppet.yaml | 8 +
deployment/metrics/qdr-container-puppet.yaml | 28 +--
.../neutron/derive_pci_passthrough_whitelist.py | 246 ++++++++++++++++++---
deployment/neutron/kill-script | 27 ++-
.../neutron/neutron-api-container-puppet.yaml | 7 +
.../neutron/neutron-dhcp-container-puppet.yaml | 65 +++---
.../neutron/neutron-l3-container-puppet.yaml | 93 ++++----
.../neutron-ovn-dpdk-config-container-puppet.yaml | 6 +
.../neutron-ovs-dpdk-agent-container-puppet.yaml | 6 +-
deployment/neutron/neutron-plugin-ml2.yaml | 17 +-
.../neutron-sriov-agent-container-puppet.yaml | 4 +-
deployment/nova/nova-api-container-puppet.yaml | 16 +-
deployment/nova/nova-compute-container-puppet.yaml | 10 +-
.../nova/nova-conductor-container-puppet.yaml | 9 +
deployment/nova/nova-libvirt-container-puppet.yaml | 2 +-
.../nova/nova-metadata-container-puppet.yaml | 7 +
.../nova/nova-scheduler-container-puppet.yaml | 9 +-
deployment/nova/novajoin-container-puppet.yaml | 4 +-
.../octavia/octavia-api-container-puppet.yaml | 7 +
.../octavia/octavia-deployment-config.j2.yaml | 12 +
.../octavia-health-manager-container-puppet.yaml | 84 +++++--
deployment/ovn/ovn-dbs-pacemaker-puppet.yaml | 4 +-
deployment/ovn/ovn-metadata-container-puppet.yaml | 49 ++--
.../pacemaker/pacemaker-baremetal-puppet.yaml | 32 ++-
.../placement/placement-api-container-puppet.yaml | 11 +
deployment/podman/podman-baremetal-ansible.yaml | 4 +-
deployment/rabbitmq/rabbitmq-container-puppet.yaml | 3 +-
...rabbitmq-messaging-notify-pacemaker-puppet.yaml | 4 +-
.../rabbitmq-messaging-pacemaker-puppet.yaml | 4 +-
.../rabbitmq-messaging-rpc-pacemaker-puppet.yaml | 4 +-
deployment/swift/swift-proxy-container-puppet.yaml | 8 +-
deployment/tls/undercloud-tls.yaml | 99 +++++++++
.../tripleo-firewall-baremetal-ansible.yaml | 35 +--
.../tripleo-packages-baremetal-puppet.yaml | 53 ++++-
deployment/undercloud/minion-rabbitmq-puppet.yaml | 25 +--
deployment/undercloud/undercloud-upgrade.yaml | 2 +-
deployment/zaqar/zaqar-container-puppet.yaml | 7 +
environments/cinder-dellemc-vxflexos-config.yaml | 35 +++
environments/enable-stf.yaml | 2 +-
environments/lifecycle/upgrade-prepare.yaml | 2 +
environments/metrics/collectd-write-qdr.yaml | 2 +-
environments/public-tls-undercloud.yaml | 1 +
environments/rhsm.yaml | 2 +
environments/services/barbican-edge.yaml | 4 +
environments/services/undercloud-tls.yaml | 4 +
environments/ssl/enable-tls.yaml | 4 +
environments/storage-environment.yaml | 4 -
environments/undercloud.yaml | 3 +-
environments/undercloud/undercloud-minion.yaml | 1 +
net-config-standalone.j2.yaml | 6 +-
net-config-undercloud.j2.yaml | 6 +-
network/ports/port_from_pool.j2 | 27 ++-
overcloud-resource-registry-puppet.j2.yaml | 6 +-
overcloud.j2.yaml | 82 +++----
puppet/role.role.j2.yaml | 37 ++--
...tronFirewallDriver-option-f4289b404abcc0b3.yaml | 12 +
...d-barbican-client-for-dcn-7182e8bab41fce21.yaml | 13 ++
...publictlscafile-parameter-0fd9c19dcd20be0b.yaml | 6 +
...ce_image_cache_prefetcher-288120ffa6ee2a13.yaml | 6 +
...ent_for_availability_zone-ffd415710a9cb903.yaml | 9 +
.../octavia-log-offload-d1617e767f688da1.yaml | 4 +
.../notes/remove-ValidateNtp-15724eaa8345aa4f.yaml | 8 +
.../notes/vxflexos-driver-bec8e372280c44e6.yaml | 4 +
roles/Controller.yaml | 1 +
roles/ControllerNoCeph.yaml | 1 +
roles/ControllerNovaStandalone.yaml | 1 +
roles/ControllerStorageDashboard.yaml | 1 +
roles/ControllerStorageNfs.yaml | 1 +
roles/DistributedCompute.yaml | 1 +
roles/DistributedComputeHCI.yaml | 1 +
roles/DistributedComputeHCIScaleOut.yaml | 1 +
roles/DistributedComputeScaleOut.yaml | 1 +
roles/Standalone.yaml | 1 +
roles/Undercloud.yaml | 1 +
roles_data.yaml | 1 +
roles_data_undercloud.yaml | 1 +
sample-env-generator/ssl.yaml | 4 +
sample-env-generator/undercloud-minion.yaml | 1 +
tools/yaml-validate.py | 4 +
tox.ini | 2 +-
validation-scripts/all-nodes.sh | 40 ----
zuul.d/layout.yaml | 8 +-
145 files changed, 1637 insertions(+), 667 deletions(-)
More information about the Release-announce
mailing list