[release-announce] [tripleo] instack-undercloud 7.0.0 (pike)

8 Jun 2017

We eagerly announce the release of:

instack-undercloud 7.0.0: instack-undercloud

This release is part of the pike release series.

The source is available from:

    http://git.openstack.org/cgit/openstack/instack-undercloud

Download the package from:

    https://tarballs.openstack.org/instack-undercloud/

Please report issues through launchpad:

    http://bugs.launchpad.net/tripleo

For more details, please see below.

7.0.0
^^^^^


New Features
************

* The undercloud installation now adds a keystone user and
  configures the authtoken middleware for novajoin.

* Heat APIs (API, CFN and Cloudwatch) now run over httpd in the
  undercloud.

* Add new plugins for lldp processing ("lldp_basic") and switch port
  link information ("local_link_connection") to "processing_hooks" in
  inspector.conf.

* Introspection now detects and properly set boot mode (BIOS or
  UEFI) for ironic nodes.

* Update Keystone endpoints to be versionless, so v3 API can be used
  by services that use service catalog in Keystone..

* Use Swift as a backend of Zaqar. This effectively removes the new
  of MongoDB on the undercloud.

* When sourcing the stackrc on the undercloud, the command prompt
  will show that the credentials have been loaded by being prepended
  with '(undercloud) '. For example, '(undercloud) [stack@undercloud
  ~]$ '

* Zaqar API now run over httpd in the undercloud.


Upgrade Notes
*************

* Changed the configuration of endpoints that UI uses in order to
  connect to the Undercloud in a non-SSL deployment.  The port number
  that the UI now uses to communicate with the Undercloud for non-SSL
  connections is 3000, which supports endpoint proxy configuration.
  Previously, this port number was the default port number for the
  service endpoint that UI connected to.

* The boot mode (BIOS or UEFI) is now detected on introspection and
  stored on nodes as part of "boot_mode" capability. This has two
  consequences:

  * If you change the actual boot mode via hardware management
    interface, you have to either re-run introspection or update it
    manually.

  * If you set **expected** boot mode on Ironic nodes manually (for
    drivers that support it, e.g. "pxe_ilo"), you have to double-check
    it after every introspection run and fix if necessary.

* Out-of-box support for Ironic "*_ssh" drivers was removed. These
  drivers were deprecated in the Newton release.

* The _member_ role (if it exists) on the admin user will now be
  retained automatically during undercloud upgrades.  This
  functionality was originally added to work around an issue with
  upgrading very old versions of TripleO, but was broken by changes to
  the upgrade process.  It will no longer be necessary to manually add
  the _member_ role to the admin user after upgrading an affected
  deployment.


Deprecation Notes
*****************

* Ceilometer API is deprecated since ocata release.


Bug Fixes
*********

* Fixes bug 1668775 Certmonger certificate does not include EKUs

* Add gnocchi to events dispatcher so ceilometer can publish events
  to panko and gnocchi.

* Add OS_AUTH_TYPE to undercloud stackrc file. Not all clients
  default to keystone auth, so lets explicitly set the auth type in
  env.

* Fixes bug 1663199 UI doesn't work without manual update on HTTP
  undercloud

* In /etc/heat/heat.conf, [clients]/endpoint_type was configured to
  use the internal endpoints and this was hardcoded in puppet-stack-
  config.pp so there was no way to change it. It's now configurable
  via the hiera key heat_clients_endpoint_type.

* The Heat CFN endpoint is now created in Keystone during the
  undercloud install. A new configuration option,
  undercloud_heat_cfn_password is added for the heat_cfn service user
  associated with the endpoint.

* Ceilometer API is now disabled by default. This has been
  deprecated since ocata release. Use gnocchi/aodh and panko APIs
  instead.

* The default "IRONIC_API_VERSION" in "stackrc" is now set to the
  same value as "OS_BAREMETAL_API_VERSION" for consistency between two
  clients.

* Previously, when an IP value was provided for the
  undercloud_public_host or undercloud_admin_host config value, it was
  validated to ensure it fell within the network_cidr.  This was to
  avoid problems when the CIDR was changed but the IPs were not.
  However, this validation was broken for a time in the case where
  generate_service_certificate was used.  During this time, the UI
  began to depend on the broken validation as it needs to listen on a
  routable network, which the provisioning network often is not. When
  the validation was fixed, the user was no longer able to configure
  the host values to listen on a different routable network.

  To enable this UI functionality again, the host validation has been
  disabled when enable_ui is true.  This means the user is responsible
  for selecting functional host values, but the UI can once again be
  configured to listen on a separate network.

* Add a dependency to restart collector after other services are up
  and ceilometer upgrade is complete.

* Run ceilometer-upgrade conditionally when gnocchi is running so
  that gnocchi resource types are created.

* undercloud_debug is now wired up for additional OpenStack
  services. See bug 1669895 for more information.


Other Notes
***********

* Swap memory is now included in the minimum memory check.  While
  relying on swap is still not recommended for production deployments,
  it is not uncommon for developers to use SSD-backed swap to fit more
  instances into a system with limited memory.

* The default "OS_BAREMETAL_API_VERSION" in "stackrc" was bumped to
  1.29, which corresponds to Ocata final and allows using all recent
  features without specifying and explicit version.

Changes in instack-undercloud 6.0.0.0rc1..7.0.0
-----------------------------------------------

7a4734b Set step == 1 for base docker profile
055e687 Reenable dib-lint
8e0ab4d Disable Ceilometer API by default on undercloud
5a4a1b9 Set a dependency on collector
d6d9140 Allow install user to run docker commands
13e559f Dont include wsgi profile when legacy flag is disabled
1d9aa6c Remove support for the deprecated pxe_ssh driver
13d1869 Remove instack-virt-setup
c311300 Set Zaqar roles
aebeba2 Enable boot mode detection by ironic-inspector
6b5e2b7 Add a pointer to the tripleo-quickstart project as a replacement
77af3b4 Add gnocchi to events dispatchers
aedb63f Get keystone session from keystoneauth and not python-keystoneclient
2b9bddf Remove usage of os-cloud-config
3c8e35f Updated from global requirements
9373ca5 Fix broken command prompt
ea09a2f Remove obsolete flag on gnocchi-upgrade
57b86aa Replace hardcoded regions by hiera call
47b6b3f Add authentication parameters for novajoin vendordata plugin
898727e Add missing project name for novajoin
fb4a1fb Run ceilometer-upgrade for gnocchi conditionally
7f3a230 Set default domain for all keystone users
dc14935 Disable VIP validation when UI is enabled
2f0c6e8 Configurable [clients]/endpoint_type for heat.conf
b8789f1 Remove compute_manager, deprecated in Nova
42d050a Create Heat API CFN endpoint
b48d2be Add auth/authtoken configuration for novajoin
354550f Explicitly configure credentials used by ironic to access inspector and service catalog
fdead46 Don't rely on umask to set permissions on undercloud-passwords.conf
2a4aeac Set OS_AUTH_TYPE on undercloud stackrc
a9e2873 Align stars to fix CI
0ba1f80 Request HAProxy certificate using certmonger_user manifest
47d8c49 Fixing a typo: from "to to" to "to" in paragraph related to 'hieradata_override' option.
3ca27d8 Add undercloud indicator to stackrc
f75a19b Provide correct non-SSL port config in ui config
bb1d29c Remove keystone_auth_uri_v2
30f2d9a Run Zaqar with mod_wsgi
a0f5704 Use purged for firewalld
f3657fa Revert "Revert "Deploy heat APIs over httpd""
2cdd1f6 Wire in missing debug configurations
f122ea1 Revert "Deploy heat APIs over httpd"
57b297d Add release note about heat APIs running over httpd
48b293d Add certificate EKUs to public endpoint cert
f3136f1 Set failures in the nova vendordata plugin as fatal
e7541d3 Respect OS_LOG_CAPTURE env var
b295fde Revert "Turn off propagation for undercloud logger"
882103e Deploy heat APIs over httpd
ac59cdc Add a notifications topic for novajoin
95de498 Use Swift as a Zaqar backend.
6777a24 switch keystone endppoints to be versionless
5e504e6 Increase size of heat json message
a620d4d Return 1 when an error occurs
0b20c8f Include swap in memory check
4c5335e Set instance audit settings so nova sends notifications
2887601 Allow to teardown Telemetry services
c55910d Install Ironic inspector plugins
961667e Set project name explicitly to service for panko
e648c30 Update reno for stable/ocata
9f6465f Change _member_role_exists to work with current upgrade flow
7490384 Purge /var/lib/os-collect-config
03a42f1 Explicitly configure credentials used by ironic to access neutron and swift
a57eef2 Bump OS_BAREMETAL_API_VERSION to 1.29
62291b3 Move Docker registry setup into its own profile


Diffstat (except docs and test files)
-------------------------------------

bindep.txt                                         |   0
elements/puppet-stack-config/package-installs.yaml |   1 -
.../puppet-stack-config/puppet-stack-config.pp     | 141 ++++++++-------
.../puppet-stack-config.yaml.template              | 128 +++++++++----
.../os-apply-config/root/stackrc                   |  14 +-
instack_undercloud/undercloud.py                   | 141 ++++++++-------
instack_undercloud/validator.py                    |   9 +-
...nd-authtoken-for-novajoin-0cadd15e79b54c47.yaml |   4 +
.../add-certificate-ekus-13e92513c562f0dc.yaml     |   5 +
...-gnocchi-event-dispatcher-d70df046292e333e.yaml |   4 +
.../notes/add-os-auth-type-5ed9338e73e0e172.yaml   |   4 +
...t-nonssl-undercloud-ports-34e60f87f3eb7ad6.yaml |  12 ++
...ble-clients-endpoint_type-fc658f7ae935133f.yaml |   7 +
.../create-heat-cfn-endpoint-c7c00e3b61a98b5e.yaml |   6 +
.../disable-ceilometer-api-14b270afc22d75c1.yaml   |   6 +
.../notes/heat-over-httpd-ae66469c8390b626.yaml    |   3 +
...lude-swap-in-memory-check-fe378284f06aae1a.yaml |   7 +
...nspector-additional-hooks-9a5c8f5aad2bac31.yaml |   6 +
.../inspector-boot-mode-3c651f40d95abb46.yaml      |  16 ++
.../notes/ironic-api-version-d2b4ec1474918f12.yaml |  10 ++
.../notes/ironic-ssh-removal-72982955d848dfb3.yaml |   5 +
.../notes/keystonev3-4442d170d02d8dad.yaml         |   4 +
.../maintain-member-role-ecc556d81ce583a1.yaml     |   9 +
.../relax-validation-for-ui-f27a5e9b64d1d6c1.yaml  |  17 ++
.../notes/restart-collector-b043489fcdf1e9c7.yaml  |   4 +
...eilometer-gnocchi-upgrade-215cb426d25d11e9.yaml |   4 +
.../notes/swift_zaqar-d476d1a8eb946776.yaml        |   5 +
.../update-ps1-in-rc-files-ee0edbebcd75c6fc.yaml   |   6 +
.../wire_up_undercloud_debug-f6fd5d21dfbab696.yaml |   6 +
.../notes/zaqar-httpd-a58c28f84541d482.yaml        |   3 +
releasenotes/source/index.rst                      |   1 +
releasenotes/source/ocata.rst                      |   6 +
requirements.txt                                   |  21 ++-
scripts/instack-haproxy-cert-update                |  11 ++
scripts/instack-virt-setup                         | 198 ---------------------
setup.cfg                                          |   1 -
setup.py                                           |  11 +-
test-requirements.txt                              |  30 ++--
tox.ini                                            |   1 +
undercloud.conf.sample                             |  12 +-
43 files changed, 578 insertions(+), 431 deletions(-)


Requirements updates
--------------------

diff --git a/requirements.txt b/requirements.txt
index 8d041dc..a6da40d 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,3 +1,6 @@
-six>=1.9.0
-python-keystoneclient>=2.0.0,!=2.1.0  # Apache-2.0
-python-novaclient
+# The order of packages is significant, because pip processes them in the order
+# of appearance. Changing the order has an impact on the overall integration
+# process, which may cause wedges in the gate later.
+six>=1.9.0 # MIT
+python-keystoneclient>=3.8.0 # Apache-2.0
+python-novaclient>=7.1.0 # Apache-2.0
@@ -5,6 +8,6 @@ python-mistralclient>=2.0.0 # Apache-2.0
-oslo.config
-psutil>=1.1.1,<2.0.0
-netaddr>=0.7.12,!=0.7.16
-pystache
-os-refresh-config
-os-apply-config
+oslo.config>=3.22.0 # Apache-2.0
+psutil>=3.2.2 # BSD
+netaddr!=0.7.16,>=0.7.13 # BSD
+pystache # MIT
+os-refresh-config # Apache-2.0
+os-apply-config # Apache-2.0
diff --git a/test-requirements.txt b/test-requirements.txt
index 345eeb8..e03092b 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -0,0 +1,3 @@
+# The order of packages is significant, because pip processes them in the order
+# of appearance. Changing the order has an impact on the overall integration
+# process, which may cause wedges in the gate later.
@@ -2,3 +5,2 @@
-sphinx>=1.1.2,!=1.2.0,!=1.3b1,<1.3
-oslosphinx>=2.2.0  # Apache-2.0
-sphinx_rtd_theme==0.1.7
+sphinx>=1.5.1 # BSD
+oslosphinx>=4.7.0 # Apache-2.0
@@ -6 +8 @@ sphinx_rtd_theme==0.1.7
-hacking>=0.10.0,<0.11
+hacking<0.11,>=0.10.0
@@ -8,10 +10,10 @@ hacking>=0.10.0,<0.11
-coverage>=3.6
-fixtures>=0.3.14
-python-subunit>=0.0.18
-testrepository>=0.0.18
-testscenarios>=0.4
-testtools>=0.9.36,!=1.2.0
-mock>=1.0
-oslotest>=1.5.1  # Apache-2.0
-bashate
-reno>=1.8.0  # Apache-2.0
+coverage>=4.0 # Apache-2.0
+fixtures>=3.0.0 # Apache-2.0/BSD
+python-subunit>=0.0.18 # Apache-2.0/BSD
+testrepository>=0.0.18 # Apache-2.0/BSD
+testscenarios>=0.4 # Apache-2.0/BSD
+testtools>=1.4.0 # MIT
+mock>=2.0 # BSD
+oslotest>=1.10.0 # Apache-2.0
+bashate>=0.2 # Apache-2.0
+reno>=1.8.0 # Apache-2.0

    

[release-announce] [tripleo] instack-undercloud 7.0.0 (pike)

no-reply＠openstack.org