[release-announce] tripleo-heat-templates 8.0.3 (queens)

We are excited to announce the release of: tripleo-heat-templates 8.0.3: Heat templates for deploying OpenStack with OpenStack. This release is part of the queens stable release series. The source is available from: http://git.openstack.org/cgit/openstack/tripleo-heat-templates Download the package from: https://tarballs.openstack.org/tripleo-heat-templates/ Please report issues through launchpad: https://bugs.launchpad.net/tripleo For more details, please see below. 8.0.3 ^^^^^ New Features ************ * Makes collectd deployment default output metrics data to Gnocchi instance running on overcloud nodes. * Adds possibility to override default polling interval for collectd and set default value to 120 seconds, because current default (10s) was too aggressive. * Add support for Neutron LBaaSV2 service plugin in a containerized deployment. * Allow users to specify SSH name and public key to add to Octavia amphorae. * Adds network_plugin_ipv6_enabled, emc_ssl_cert_verify and emc_ssl_cert_path options for Manila Unity driver. Upgrade Notes ************* * The 'LogrotatePurgeAfterDays' enforces cleaning up of information exceeded its life-time (defaults to a 14 days) in the /var/log/containers directory of bare metal overcloud hosts, including upgrade (from containers) cases, when leftovers may be remaining on the host systems. Security Issues *************** * New heat parameters for containerized services 'LogrotateMaxsize', 'LogrotateRotationInterval', 'LogrotateRotate' and 'LogrotatePurgeAfterDays' allow customizing size/time-based rules for the containerized services logs rotation. The time based rules prevail over all. Bug Fixes ********* * Previously, get-occ-config.sh could configure nodes out of order when deploying with more than 10 nodes. The script has been updated to properly sort the node resource names by first converting the names to a number. * Default Octavia SSH public key to 'default' keypair from undercloud. * The nova/neutron/ceilometer host parameter is now explicitly set to the same value that is written to /etc/hosts. On a correctly configured deployment they should be already be identical. However if the hostname or domainname is altered (e.g via DHCP) then the hostname is unlikely to resolve to the correct IP address for live- migraiton. Related bug: https://bugs.launchpad.net/tripleo/+bug/1758034 * Set live_migration_inbound_addr for ssh transport Previously this was only set when TLS is enabled, which means that with the ssh transport we could not control the network used, and were relying on DNS or hosts file to be correct, which is not guaranteed (especially with DNS). * By default, libvirtd uses ports from 49152 to 49215 for live- migration as specified in qemu.conf, that becomes a subset of ephemeral ports (from 32768 to 61000) used by many linux kernels. The issue here is that these ephemeral ports are used for outgoing TCP sockets. And live-migration might fail, if there are no port available from the specified range. Moving the port range out of ephemeral port range to be used only for live-migration. Other Notes *********** * Add "segments" service plugin to the default list of neutron service plugins. Changes in tripleo-heat-templates 8.0.2..8.0.3 ---------------------------------------------- a0f7a11 fix typo in scenario graph 6a1638d fix the scenario chart 27265f9 Mount /var/run/redis for the redis socket 17b15a8 Add stack name to env() for OS::TripleO::WorkflowSteps db35bd2 gnocchi: add missing /var/lib/gnocchi e491cbd Set default application for Ceph Luminous openstack_pools 3c2bdec NeutronSriovHostConfig missing in SRIOV's env files 41f3cad Add support of shared staging location for glance-direct 30c41f0 Disable StrictHostKeyChecking when removing keys too 80e1866 Remove CephAnsiblePlaybook parameter reset from ceph-ansible env files 7e572a6 Enable default polling interval override 946b591 Containers defaults for plan environment 816a434 Add acl to paths that are shared among related neutron processes e4d68c8 collectd: give access to the libvirt socket in ro e508323 Convert resource_name to number 482f2eb Use str_replace for known_hosts ef2f18b Don't use crudini to get rhn server 8c4a9a8 Set normal CephAnsiblePlaybook on update/upgrade/ffwd converge f24523a Remove ceph-osd from the list of packages updated by CephExternal c77ab57 Allow custom time constraints to rotate logs 815f99a Fix cinder-backup image wrangling on update fe7e55e FFU Add cinder-backup missing fast_forward_upgrade_tasks 7a673f6 Add ability to control Glance's enabled_import_methods aee07b4 Clean up Cinder backends in capabilities map b94d3b4 Default Octavia SSH pub key to UC default keypair dbfaa6e FFU Set NetworkDeploymentActions CREATE,UPDATE for ffwd-upgrade prepare 22b39f5 Always run mysql init bundle 1bde252 Set live_migration_inbound_addr for ssh transport 4e9fbb8 Mount ODL log file on host node 58d717f Delay collectd start ae90e24 Generate and mount wrappers for neutron agent processes 130e65f Do not overescape the Manila keyring caps 69e0c75 [DellEMC]Update Manila Unity driver 21384bf ceph-nfs: disable ganesha caching f5a52b6 Remove redundant config bond-with-vlans/compute-dpdk.j2.yaml ec18d8a Fix typo in multiple-nics/role.role.j2.yaml 743c238 Fix case-sensitive OctaviaUserName parameter 24469e3 Ensure config-download mappings are unset on ceph-upgrade 543059b Instance HA: prevent compute to start on a host being evacuated 2b9f05b Expose Horizon "DocumentRoot" on host a3546ca Add /var/log/opendaylight directory to ODL ebd797c Add missing check for gnocchi api enabled 081a111 Ensure tasks aren't empty dicts b420984 Revert Ceph bridge names to previous values 492b667 Remove step_config from CinderVolume backend services 13179fe Remove UndercloudLight 1f26a9d Parameterizing Puppet Tags 7c23046 Define Octavia SSH key name and file path 7154d84 Add DeployIdentifier to Swift set_swift_secret container 885b0cf Fix few issues with deploying with baremetal-services.yaml a861d54 Restrict tenant network to geneve ebc2a67 Fixes chowning neutron cert/key perms 064c23d Add defaults into name property for config-download. 052b333 Add OVNCMSOptions in dvr environment files 5b52e61 Removing the deprecated environment files for hw offloading in queens 12a1061 Make pcs resource bundle image name update tolerant of rerun db6f0d3 Add volumes list of docker-puppet container when merging config volumes 9d746aa Add neutron "segments" plugin to the default list f868924 Modify libvirt port range for live-migration a4db817 Added missing pki volume for custom CA. 5f60a0e Do not pass ceph_release to ceph-ansible 39ddcf8 No-op Mistral workflow resources for update/upgrade/ffwd 781a055 Introduce Ceph upgrade environments 5676171 Default collectd to overcloud gnocchi af30f23 Telemetry services need to access to Storage f90134d Fix Cinder's default db purge cron settings 3101ee1 Fix openstack-nova-consoleauth service upgrade check 3381d59 Explicitly set nova/neutron/ceilometer host to expected fqdn 2c0029a Enable management network in network_data beb9fa8 Add the service_config_settings from {{service-name}} base b42cd09 Add the service_config_settings from nova-compute base b6adea0 Enable nova-metadata health check aa336c2 Enable nova placement health check 26196d4 Enable Tacker health check 3f42bf5 Enable gnocchi-metricd health check 4d94531 Enable gnocchi-api health check 51a4683 Enable nova-migration-target health check 152a506 Enable gnocchi-statsd health check b4192f5 Enable cinder-api health check 289e8f4 Enable collectd health check b48618f Enable aodh-api health check cadfdc5 Enable etcd health check a3294a7 Enable ceilometer-agent-central health check 7135bf1 Enable memcached health check daf0b1c Enable iscsid health check 98a5f3a Containerize Neutron LBaaS service plugin 18cf981 Improve nova-ironic cellv2 discovery 33fe5c7 Use sensu-client healthcheck parameter d021981 ovn: Mount /run instead of /run/openvswitch when starting ovn-controller container 49136f9 Adding missing OVN Metadata service to DVR environments 5b82516 Allowing Non-IP Traffic in L2 and L3 domains Diffstat (except docs and test files) ------------------------------------- README.rst | 4 +- capabilities-map.yaml | 18 +- common/deploy-steps.j2 | 4 +- config-download-software.yaml | 1 + config-download-structured.yaml | 1 + deployed-server/deployed-server-roles-data.yaml | 1 + deployed-server/scripts/enable-ssh-admin.sh | 5 +- deployed-server/scripts/get-occ-config.sh | 2 +- .../octavia/octavia-deployment-config.yaml | 35 ++++ environments/baremetal-services.yaml | 6 +- .../ceph-ansible/ceph-ansible-external.yaml | 1 - environments/ceph-ansible/ceph-ansible.yaml | 1 - environments/disable-telemetry.yaml | 1 + environments/lifecycle/ceph-upgrade-prepare.yaml | 10 ++ environments/lifecycle/ffwd-upgrade-converge.yaml | 3 + environments/lifecycle/ffwd-upgrade-prepare.yaml | 10 +- environments/lifecycle/update-converge.yaml | 3 + environments/lifecycle/update-prepare.yaml | 1 + environments/lifecycle/upgrade-converge.yaml | 2 + environments/lifecycle/upgrade-prepare.yaml | 1 + environments/manila-unity-config.yaml | 2 + environments/neutron-ml2-ovn-hw-offload.yaml | 40 ----- environments/neutron-nuage-config.yaml | 3 +- environments/neutron-opendaylight-hw-offload.yaml | 31 ---- environments/neutron-ovs-hw-offload.yaml | 24 --- environments/ovs-hw-offload.yaml | 24 +++ environments/services-docker/ironic.yaml | 2 - environments/services-docker/neutron-lbaasv2.yaml | 7 + .../neutron-opendaylight-hw-offload.yaml | 31 ---- .../neutron-opendaylight-sriov.yaml | 3 +- .../services-docker/neutron-ovn-dvr-ha.yaml | 3 + environments/services-docker/neutron-ovn-dvr.yaml | 3 + .../services-docker/neutron-ovn-hw-offload.yaml | 44 ----- .../services-docker/neutron-ovs-hw-offload.yaml | 24 --- environments/services/neutron-lbaasv2.yaml | 3 +- environments/storage-environment.yaml | 2 - environments/storage/glance-nfs.yaml | 16 ++ .../rhel-registration/scripts/rhel-registration | 3 +- .../tasks/instanceha/check-run-nova-compute | 182 +++++++++++++++++++++ extraconfig/tasks/ssh/known_hosts_config.yaml | 40 +++-- network/config/bond-with-vlans/README.md | 11 +- .../config/bond-with-vlans/compute-dpdk.j2.yaml | 162 ------------------ network/config/bond-with-vlans/role.role.j2.yaml | 6 +- network/config/multiple-nics/README.md | 11 +- network/config/multiple-nics/role.role.j2.yaml | 2 +- .../role.role.j2.yaml | 8 + network/config/single-nic-vlans/README.md | 11 +- network/config/single-nic-vlans/role.role.j2.yaml | 4 + network_data.yaml | 8 +- network_data_ganesha.yaml | 8 +- overcloud-resource-registry-puppet.j2.yaml | 2 + overcloud.j2.yaml | 1 + plan-environment.yaml | 1 + puppet/services/ceilometer-base.yaml | 2 +- puppet/services/ceph-external.yaml | 1 - puppet/services/cinder-backend-dellemc-unity.yaml | 2 - .../cinder-backend-dellemc-vmax-iscsi.yaml | 2 - puppet/services/cinder-backend-dellemc-vnx.yaml | 2 - .../cinder-backend-dellemc-xtremio-iscsi.yaml | 2 - puppet/services/cinder-backend-dellps.yaml | 2 - puppet/services/cinder-backend-dellsc.yaml | 2 - puppet/services/cinder-backend-netapp.yaml | 2 - puppet/services/cinder-backend-pure.yaml | 2 - puppet/services/cinder-backend-scaleio.yaml | 2 - .../cinder-backend-veritas-hyperscale.yaml | 2 - puppet/services/cinder-base.yaml | 2 +- puppet/services/cinder-hpelefthand-iscsi.yaml | 2 - puppet/services/docker.yaml | 11 ++ puppet/services/glance-api.yaml | 33 +++- puppet/services/manila-backend-unity.yaml | 13 ++ puppet/services/metrics/collectd.yaml | 118 ++++++++----- puppet/services/neutron-base.yaml | 4 +- puppet/services/neutron-lbaas-agent.yaml | 70 ++++++++ puppet/services/neutron-lbaas-api.yaml | 56 +++++++ puppet/services/neutron-lbaas.yaml | 85 ---------- puppet/services/neutron-plugin-ml2-nuage.yaml | 6 + puppet/services/neutron-plugin-ml2-ovn.yaml | 12 ++ puppet/services/nova-base.yaml | 2 +- puppet/services/nova-libvirt.yaml | 12 +- puppet/services/octavia-api.yaml | 18 +- puppet/services/octavia-base.yaml | 14 +- puppet/services/octavia-health-manager.yaml | 3 - puppet/services/octavia-housekeeping.yaml | 2 - puppet/services/octavia-worker.yaml | 15 +- ...egments_plugin_to_default-8acb69b112d4b31c.yaml | 5 + ...ollectd-overcloud-gnocchi-049a63bbd196a9bb.yaml | 5 + .../notes/collectd-polling-4aac123faaebd1bc.yaml | 6 + ...tron-lbaas-service-plugin-20562487d6631c88.yaml | 5 + ...t-resource-name-to-number-80ada6c825554f56.yaml | 5 + ...ia-ssh-pub-key-to-keypair-70377d43bf76a407.yaml | 3 + .../notes/fix_nova_host-0b82c88597703353.yaml | 9 + ...bound_addr_all_transports-2fc9cd74d435a367.yaml | 9 + ...live_migration_port_range-54c28faf0a67a3fc.yaml | 11 ++ ...ogrotate-containers-purge-a5587253fe6cbb28.yaml | 15 ++ .../octavia-amphora-ssh-245a21a35598440a.yaml | 3 + ...pdate_manila_unity_driver-43aeb041029c4e7f.yaml | 5 + roles/Controller.yaml | 1 + roles/ControllerAllNovaStandalone.yaml | 1 + roles/ControllerNoCeph.yaml | 1 + roles/ControllerNovaStandalone.yaml | 1 + roles/ControllerOpenstack.yaml | 1 + roles/ControllerStorageNfs.yaml | 1 + roles/Telemetry.yaml | 1 + roles/UndercloudLight.yaml | 37 ----- roles_data.yaml | 1 + sample-env-generator/storage.yaml | 4 + tools/yaml-validate.py | 26 +++ 150 files changed, 1550 insertions(+), 919 deletions(-)