[release-announce] tripleo-heat-templates 13.2.0 (victoria)
no-reply at openstack.org
no-reply at openstack.org
Thu Apr 1 09:48:57 UTC 2021
We are pumped to announce the release of:
tripleo-heat-templates 13.2.0: Heat templates for deploying OpenStack
with OpenStack.
This release is part of the victoria stable release series.
The source is available from:
https://opendev.org/openstack/tripleo-heat-templates
Download the package from:
https://tarballs.openstack.org/tripleo-heat-templates/
Please report issues through:
https://bugs.launchpad.net/tripleo/+bugs
For more details, please see below.
13.2.0
^^^^^^
New Features
************
* The new parameter GlanceCinderMountPointBase has been added which
will be used for mounting NFS volumes on glance nodes. When glance
uses cinder as store and cinder backend is NFS, this parameter must
be set to match cinder's mount point.
* Added "MemcachedMaxConnections" setting with a default of 8192
maximum connections in order to allow an operator to override that
value in environments where memcached is heavily sollicited.
* The logic to configure the connection from barbican to nShield
HSMs has been augmented to parse a nshield_hsms parameter, which
allows the specification of multiple HSMs. The underlying ansible
role (ansible-role-thales-hsm) will configure the HSMs in load
sharing mode to provide HA.
* New "CinderRpcResponseTimeout" and "CinderApiWsgiTimeout"
parameters provide a means for configuring Cinder's RPC response and
WSGI connection timeouts, respectively.
* Add posibilities to configure ovn dbs monitor interval in tht by
OVNDBSPacemakerMonitorInterval (default 30s). Under load, this can
create extra stress and since the timeout has already been bumped,
it makes sense to bump this interval to a higher value as a trade
off between detecting a failure and stressing the service.
* When a node has hugepages enabled, we can help with live
migrations by enabling *NovaLiveMigrationPermitPostCopy* and
*NovaLiveMigrationPermitAutoConverge*. These flags are automatically
enabled if hugepages are detected, but operators can override these
settings.
* Add NovaLibvirtMaxQueues role parameter to set
[libvirt]/max_queues in nova.conf of the compute. Default 0
corresponds to not set meaning the legacy limits based on the
reported kernel major version will be used.
Known Issues
************
* Cell_v2 discovery has been moved from the nova-compute|nova-ironic
containers as this requires nova api database credentials which must
not be configured for the nova-compute service. As a result scale-up
deployments which explicitly omit the Controller nodes will need to
make alternative arrangements to run cell_v2 discovery. Either the
nova-manage command can be run manually after scale-up, or an
additional helper node using the NovaManage role can be deployed
that will be used for this task instead of a Controller node. See
Bug: 1786961 (https://launchpad.net/bugs/1786961) and Bug: 1871482
(https://launchpad.net/bugs/1871482).
Deprecation Notes
*****************
* Some parameters within ThalesVars have been deprecated. These are
- thales_hsm_ip_address and thales_hsm_config_location. See
environments/barbican-backend-pkcs11-thales.yaml for details.
Bug Fixes
*********
* When deploying a spine-and-leaf (L3 routed architecture) with TLS
enabled for internal endpoints the deployment would fail because
some roles are not connected to the network mapped to the service in
ServiceNetMap. To fix this issue a role specific parameter
"{{role.name}}ServiceNetMap" is introduced (defaults to: "{}"). The
role specific ServiceNetMap parameter allow the operator to override
one or more service network mappings per-role. For example:
ComputeLeaf2ServiceNetMap:
NovaLibvirtNetwork: internal_api_leaf2
The role specific "{{role.name}}ServiceNetMap" override is merged
with the global "ServiceNetMap" when it's passed as a value to the
"{{role.name}}ServiceChain" resources, and the "{{role.name}}"
resource groups so that the correct network for this role is mapped
to the service.
Closes bug: 1904482
(https://bugs.launchpad.net/tripleo/+bug/1904482).
* Do not relabel Swift files on every container (re-)start. These
will be relabeled already in step 3 preventing additional delays.
Changes in tripleo-heat-templates 13.1.0..13.2.0
------------------------------------------------
6eb406ce1 Updating settings description
f3ac958f4 Add TLS support to services using memcached
76c8f9ec5 Add non-tls listener to Memcached
321f10d53 Add legacy fact setting
dbad3a079 Make UpgradeInitCommand and UpgradeLeapp{ToRemove,ToInstall,CommandOptions} per-role
a6c7ba02a Fix start order for {swift_proxy,glance_api}_tls_proxy
1b5768455 Check Ceph cluster healthy state before starting FS to BS playbook
780b05746 Add posibilities to set ovndbs monitor interval
871f26566 Add delegate_fact_hosts: false on ci scenarios
bb7b27b90 Support configuring cinder's RPC and WSGI timeouts
04b9cad83 Remove tripleo_transfer cleanup.yml reference
ad6eb8ae7 Allow configuring cinder mount point for glance cinder store
f022663d4 Make content provider depend on tox-pep8/tht on check layout
67ad3daa2 Use include task for host prep tasks
a57f8af41 Use ansible_facts instead
724d65804 Upgrade mariadb storage during upgrade tasks
e6e7019ad Fix redis_tls_proxy
bd5e2c80f Don't try creating default admin and member roles
9a1b9393b Drop service facts usage
c996c85ca Stop barbican servics in unupgraded controllers
0223e9ab6 Stop non-pcmk services of manila and cinder during upgrade
d98fa55bd Add parameters to allow multiple nshield HSMs
58825e473 Always set NetworkDeploymentActions to its default
853f4a15c Enabling 'cinder_use_multipath' if cinder multipath is enabled
e3b75f1db Stop ironic services in unupgraded controllers
bbf25f937 Stop octavia servics in unupgraded controllers
057f2c849 per_node is not parsing generated json
e30001881 Problematic nested quotes in hieradata file list
3ac51218f Add ContainerDefaultPidsLimit to set default pid limits in containers.conf
5e4d71b21 Use Ceph cluster name when setting minimum client version
0efeb96a3 Make DnfStreams support RoleParameters
1dc7be85b Add post delay to reboot
fd58e99de Enforces minimum Ceph client version to Mimic
d49fe9c60 Add a new role parameter rhsm_enforce.
a6b463069 Force json output format for hiera in derive pci whitelist
8e5f1e9ee Split network validation to it's own play
ace2eb097 Add NovaLibvirtMaxQueues role parameter to set [libvirt]/max_queues
ae7ab696d Revert "Reset sriov_numvfs to 0 before leapp upgrade"
9e271664a Use include_role for conditional inclusion
964a4a4e8 Remove ffwd lifecycle environment files.
8d0638eca Deprecate environments/dcn-hci.yaml for dcn-storage.yaml
95f2c33e3 Remove External{Internal,Public,Admin}Url parameters
7f8b5c4d2 Deleting nova-consoleauth services in post-upgrade
00cd7c170 Live migration optimization with HP
7c2933d3b Use Ceph-NFS for Manila in scenario004
28a26099b Making sure virt-guest-shutdown.target exists
bb8343a96 Remove pcs/pacemaker package installation from upgrade tasks
57520232f Fix unreachable handling
8e9798caf Serialize shutdown of pacemaker nodes
add0f9003 Do not relabel Swift files on every container start
6b4d841d9 Make it possible to override ServiceNetMap per-role
890c149f5 Fix ownership of octavia_rsyslog log directory
7ecc96232 Configure OVNCMSOptions=enable-chassis-as-gw within neutron-ovn-sriov.yaml
6a37431ce nova: Use LIBGUESTFS_BACKEND=direct
efd73e15d Set toplevel nova::dhcp_domain for all nova services
1ec4e5ece Add setting to override max memcached connections
43547f521 Fix swift containers idempotency
76481308b Refresh Swift ring files without restarting containers
cff6378fb Adding key_size option on the certificate creation
864e4fdd7 Revert rolling certificate updates for HA services
f62b05333 HA: reimplement resource locks with cibadmin
6c45e3e8c Update container-config-scripts/ folder content before update_tasks.
a2a6ddab5 Refactor nova db config
f75e6d51c Wire up new tripleo upgrades jobs template
3ce0c63b1 Enable tripleo_free strategy for upgrade
03697234f Move cell_v2 discovery off compute hosts
5c5f008df Don't pass empty values for ipaclient_servers to ipaclient role
8e316d7f1 Define a new CinderVolumeEdge service
0f1e78d73 Remove Luna HSM clients on scaledown
dd1cba373 Add 'networks_all' ansible group_var
fe170a316 Move ipa check to external_deploy_tasks
6a43fce4f Remove vfio-pci.conf module load file
b1bda7f47 Ensure cloud-init has finished before puppet run
b269eec7b Identify HSMs using labels instead of Slot ID
88fea40ae Fix the value of ssl_verify_client
c9221d24a Update TOX_CONSTRAINTS_FILE for stable/victoria
Diffstat (except docs and test files)
-------------------------------------
ci/environments/multinode-containers.yaml | 1 +
ci/environments/scenario001-standalone.yaml | 1 +
ci/environments/scenario004-standalone.yaml | 6 +
common/common-container-config-scripts.yaml | 17 +++
common/container-puppet.sh | 6 +-
common/deploy-steps-playbooks-common.yaml | 20 +--
common/deploy-steps-tasks-step-0.j2.yaml | 17 +++
common/deploy-steps-tasks-step-1.yaml | 22 +--
common/deploy-steps-tasks.yaml | 6 +-
common/deploy-steps.j2 | 29 +++-
common/generate-config-tasks.yaml | 2 +-
common/host-container-puppet-tasks.yaml | 4 +-
container_config_scripts/mysql_upgrade_db.sh | 15 +++
.../pacemaker_mutex_shutdown.sh | 120 +++++++++++++++++
.../pacemaker_resource_lock.sh | 134 +++++++++++-------
deployment/apache/apache-baremetal-puppet.j2.yaml | 16 +++
.../barbican/barbican-api-container-puppet.yaml | 112 +++++++++-------
.../barbican-backend-pkcs11-crypto-puppet.yaml | 14 +-
.../ceilometer-base-container-puppet.yaml | 13 ++
deployment/ceph-ansible/ceph-base.yaml | 11 ++
deployment/ceph-ansible/ceph-grafana.yaml | 16 +++
deployment/ceph-ansible/ceph-mgr.yaml | 16 +++
deployment/ceph-ansible/ceph-mon.yaml | 28 ++++
deployment/ceph-ansible/ceph-rgw.yaml | 20 ++-
deployment/cinder/cinder-api-container-puppet.yaml | 11 +-
.../cinder/cinder-backup-container-puppet.yaml | 15 +++
.../cinder/cinder-backup-pacemaker-puppet.yaml | 2 +-
deployment/cinder/cinder-base.yaml | 5 +
.../cinder/cinder-volume-container-puppet.yaml | 15 +++
.../cinder/cinder-volume-pacemaker-puppet.yaml | 2 +-
deployment/containers-common.yaml | 3 +
deployment/database/mysql-base.yaml | 22 +++
deployment/database/mysql-container-puppet.yaml | 51 +++++--
deployment/database/mysql-pacemaker-puppet.yaml | 54 ++++----
deployment/database/redis-container-puppet.yaml | 16 +++
deployment/database/redis-pacemaker-puppet.yaml | 24 +++-
.../novajoin/novajoin-container-puppet.yaml | 6 +-
deployment/etcd/etcd-container-puppet.yaml | 48 ++++---
deployment/glance/glance-api-container-puppet.yaml | 14 +-
.../haproxy-internal-tls-certmonger.j2.yaml | 19 +++
deployment/haproxy/haproxy-pacemaker-puppet.yaml | 4 +-
.../haproxy/haproxy-public-tls-certmonger.yaml | 19 +++
deployment/haproxy/haproxy-public-tls-inject.yaml | 2 +-
deployment/heat/heat-base-puppet.yaml | 24 +++-
deployment/horizon/horizon-container-puppet.yaml | 2 +-
deployment/ipa/ipaservices-baremetal-ansible.yaml | 34 +++--
deployment/ironic/ironic-api-container-puppet.yaml | 14 ++
.../ironic/ironic-conductor-container-puppet.yaml | 15 +++
.../ironic/ironic-inspector-container-puppet.yaml | 16 +++
deployment/ironic/ironic-pxe-container-puppet.yaml | 16 +++
deployment/keystone/keystone-container-puppet.yaml | 28 +++-
deployment/manila/manila-api-container-puppet.yaml | 15 +++
.../manila/manila-scheduler-container-puppet.yaml | 15 +++
.../manila/manila-share-container-puppet.yaml | 15 +++
.../manila/manila-share-pacemaker-puppet.yaml | 2 +-
.../memcached/memcached-container-puppet.yaml | 100 +++++++++++++-
deployment/metrics/collectd-container-puppet.yaml | 2 +-
deployment/metrics/qdr-container-puppet.yaml | 16 +++
.../neutron/derive_pci_passthrough_whitelist.py | 2 +-
.../neutron/neutron-api-container-puppet.yaml | 16 +++
.../neutron/neutron-dhcp-container-puppet.yaml | 16 +++
.../neutron-ovs-dpdk-agent-container-puppet.yaml | 24 +++-
.../neutron-sriov-agent-container-puppet.yaml | 31 +----
deployment/nova/nova-api-container-puppet.yaml | 38 ++++--
deployment/nova/nova-apidb-client-puppet.yaml | 78 +++++++++++
deployment/nova/nova-base-puppet.yaml | 102 +++-----------
.../nova/nova-compute-common-container-puppet.yaml | 22 ++-
deployment/nova/nova-compute-container-puppet.yaml | 149 +++++++++++++++++----
.../nova/nova-conductor-container-puppet.yaml | 60 +++++++--
deployment/nova/nova-db-client-puppet.yaml | 80 +++++++++++
deployment/nova/nova-ironic-container-puppet.yaml | 28 ++--
deployment/nova/nova-libvirt-container-puppet.yaml | 61 +++++++--
deployment/nova/nova-manager-container-puppet.yaml | 105 +++++++++++++++
.../nova/nova-metadata-container-puppet.yaml | 45 +++++--
.../nova/nova-scheduler-container-puppet.yaml | 31 ++++-
.../nova/nova-vnc-proxy-container-puppet.yaml | 81 ++++++++++-
.../octavia/octavia-api-container-puppet.yaml | 15 +++
.../octavia/octavia-deployment-config.j2.yaml | 4 +-
.../octavia-health-manager-container-puppet.yaml | 20 ++-
.../octavia-housekeeping-container-puppet.yaml | 15 +++
.../octavia/octavia-worker-container-puppet.yaml | 19 ++-
.../octavia/providers/ovn-provider-config.yaml | 16 +++
.../ovn/ovn-controller-container-puppet.yaml | 16 +++
deployment/ovn/ovn-dbs-pacemaker-puppet.yaml | 34 ++++-
deployment/ovn/ovn-metadata-container-puppet.yaml | 16 +++
.../pacemaker/pacemaker-baremetal-puppet.yaml | 6 +
deployment/podman/podman-baremetal-ansible.yaml | 7 +
deployment/rabbitmq/rabbitmq-container-puppet.yaml | 16 +++
...rabbitmq-messaging-notify-container-puppet.yaml | 16 +++
...rabbitmq-messaging-notify-pacemaker-puppet.yaml | 2 +-
.../rabbitmq-messaging-pacemaker-puppet.yaml | 2 +-
.../rabbitmq-messaging-rpc-container-puppet.yaml | 16 +++
.../rabbitmq-messaging-rpc-pacemaker-puppet.yaml | 2 +-
.../external-swift-proxy-baremetal-puppet.yaml | 49 +------
.../swift-refresh-rings-cc327f998490b0df.yaml | 6 +
deployment/swift/swift-proxy-container-puppet.yaml | 20 +++
.../swift/swift-ringbuilder-container-puppet.yaml | 10 ++
.../swift/swift-storage-container-puppet.yaml | 48 ++++++-
deployment/timesync/chrony-baremetal-ansible.yaml | 11 +-
deployment/tls/undercloud-tls.yaml | 6 +-
.../tripleo-packages-baremetal-puppet.yaml | 61 ++++++---
deployment/undercloud/undercloud-upgrade.yaml | 4 +-
environments/barbican-backend-pkcs11-lunasa.yaml | 24 ++--
environments/barbican-backend-pkcs11-thales.yaml | 22 ++-
environments/dcn-hci.yaml | 5 +-
environments/dcn-storage.yaml | 53 ++++++++
environments/lifecycle/ffwd-upgrade-converge.yaml | 9 --
environments/lifecycle/ffwd-upgrade-prepare.yaml | 10 --
environments/services/neutron-ovn-dvr-ha.yaml | 2 -
environments/services/neutron-ovn-ha.yaml | 4 -
environments/services/neutron-ovn-sriov.yaml | 6 +-
environments/ssl/enable-memcached-tls.yaml | 10 ++
overcloud-resource-registry-puppet.j2.yaml | 4 +
overcloud.j2.yaml | 29 +++-
puppet/extraconfig/pre_deploy/per_node.yaml | 12 +-
...ount-point-base-parameter-852554398b9f3a19.yaml | 7 +
...ddmemcachedmaxconnections-b591c0fa39e821f5.yaml | 6 +
.../notes/barbican-thales-ha-581fbe9b5ef4dc87.yaml | 11 ++
.../notes/bug-1904482-dbc5162c8245a9b3.yaml | 21 +++
...v2_discovery_off_computes-2b977c6b9a01cde2.yaml | 13 ++
...er-add-timeout-parameters-54550a6e1c11c0b9.yaml | 6 +
.../dcn-hci-storage-rename-0b1c17dd50f4cc9a.yaml | 8 ++
.../monitor_interval_ovndbs-b14c886737965300.yaml | 9 ++
...mit-postcopy-autoconverge-ca1719fd2abed45f.yaml | 8 ++
.../nova_libvirt_max_queues-8024fc63105bd25d.yaml | 6 +
.../swift-prevent-relabeling-b9721aa5a1abda6e.yaml | 5 +
roles/CephFile.yaml | 1 +
roles/CephObject.yaml | 1 +
roles/CephStorage.yaml | 1 +
roles/DistributedCompute.yaml | 2 +
roles/DistributedComputeHCI.yaml | 2 +-
roles/NovaManager.yaml | 37 +++++
roles/README.rst | 6 +
roles/Standalone.yaml | 3 +
roles_data.yaml | 1 +
sample-env-generator/dcn.yaml | 13 +-
tools/yaml-validate.py | 7 +-
tox.ini | 2 +-
zuul.d/layout.yaml | 5 +
139 files changed, 2466 insertions(+), 603 deletions(-)
More information about the Release-announce
mailing list