We enthusiastically announce the release of: tripleo-heat-templates 5.3.1: Heat templates for deploying OpenStack with OpenStack. This release is part of the newton stable release series. The source is available from: http://git.openstack.org/cgit/openstack/tripleo-heat-templates Download the package from: https://tarballs.openstack.org/tripleo-heat-templates/ Please report issues through launchpad: http://bugs.launchpad.net/tripleo For more details, please see below. 5.3.1 ^^^^^ New Features ************ * Add support for cold migration over ssh. This enables nova cold migration. This also switches to SSH as the default transport for live- migration. The tripleo-common mistral action that generates passwords supplies the MigrationSshKey parameter that enables this. * SSH host key exchange. The ssh host keys are collected from each host, combined, and written to /etc/ssh/ssh_known_hosts. Deprecation Notes ***************** * The TCP transport is no longer used for live-migration and the firewall port has been closed. Bug Fixes ********* * Remove ceilometer from swift proxy middleware pipeline. This generates a lot of events data and spams swift and gnocchi, inturn heavily impacting performance. This can also flood mongodb if you're using it for events. * Expose metric_processing_delay to tweak gnocchi performance. * Incorrect network used for Glance API service. * Fix support for RPMs to be installed via DeployArtifactURLs. LP#1697102 * Previously the RHEL registration script disabled the satellite repo after installing the necessary packages from it. This makes it awkward to update those packages later, so the repo will no longer be disabled. * The token flush cron job has been modified to run hourly instead of once a day. This is because this was causing issues with larger deployments, as the operation would take too long and sometimes even fail because of the transaction being so large. Note that this only affects people using the UUID token provider. * os-net-config is updated and executed before other packages to avoid premature restart of Open vSwitch. * Workaround systems getting registered as "localhost" during RHEL registration if they don't have a fqdn set by first rm'ing the /etc/rhsm/facts directory. When the directory does not exist, the katello-rshm-consumer which runs when installing the katello-ca- consumer will not set the hostname.override fact to "localhost". See https://bugs.launchpad.net/tripleo/+bug/1711435 Other Notes *********** * All nodes now enable "arp_accept" sysctl setting to help with honoring gratuitous ARP packets in their ARP tables. While sources of gratuitous ARP packets are diverse, this comes especially useful for Neutron floating IP addresses that roam between devices, and for which Neutron L3 agent sends gratuitous ARP packets to update all network nodes about IP address new locations. Changes in tripleo-heat-templates 5.3.0..5.3.1 ---------------------------------------------- a33d7dd Workaround for RHEL registration as "localhost" 8acff7b Don't disable satellite repo after registration 43745b2 Fix rpms being installed via DeployArtifactURLs 4692bb3 Adds SSH Banner text into sshd_config 3f1a336 [NEWTON-ONLY] Ignore Ceph healt warning states by default ce75b84 Adjust for new pcs output. 5b3c4df Ensure yum cache is ready before update 058b855 Modifying Cisco templates to support composable roles 89f90c0 Remove ceilometer from swift middleware pipeline 0edf1cf Revert "Use optimal (instead of default) tunables for Ceph on upgrade" a18621e Use optimal (instead of default) tunables for Ceph on upgrade 6299a16 Run token flush cron job hourly by default 02b69cc Fix conntrack proto sctp module ebd6c01 Adds check for existing yum process during the legacy minor update 36a16de Disable network validation in multinode jobs 3633d16 Change the project to service 7db285f cisco nexus: keep OVS on the Compute 64f789d [newton only] Ensure cinder services are cleanup during upgrade. a1e633c Ensure nova migration package is installed during minor update 864777f Fixes incorrect glance api network c443e22 Install openstack-nova-migration on computes during M->N upgrade 40cdd83 Add ignore_projects to filter gnocchi events 9f8ba2c Reconfigure interfaces before updating openvswitch c2d08c4 Expose events ttl for ceilometer 688d7fe Expose metric delay processing metric 016140b Cleanup cinder paste configuration for ssl. 0eb81a2 Addition of firewall rules for Nuage dc505ce Restrict nova migration ssh tunnel c7e1f28 Add migration SSH tunneling support 307735c Enable arp_accept for all interfaces 885bf88 SSH known_hosts config db34e8e Disable ComputeNeutron* for cisco-nexus-ucsm dd42fe9 [Newton only] - Manually touch ssl.conf before installing mod_ssl 3a9da61 Ensure AllNodesExtraConfig runs before AllNodesDeploySteps c325059 Touch /etc/httpd/conf.d/ssl.conf e903efc [M->N] Ensure mod_ssl is installed during upgrade. 3890eb1 [NEWTON-ONLY] Fix Ceph upgrade from Hammer to Jewel >= 10.2.4 Diffstat (except docs and test files) ------------------------------------- ci/common/all-nodes-validation-disabled.yaml | 43 +++ ci/environments/multinode.yaml | 3 + ci/environments/scenario001-multinode.yaml | 13 + ci/environments/scenario002-multinode.yaml | 3 + ci/environments/scenario003-multinode.yaml | 3 + ci/environments/scenario004-multinode.yaml | 3 + environments/neutron-ml2-cisco-nexus-ucsm.yaml | 1 + environments/neutron-nuage-config.yaml | 1 - environments/sshd-banner.yaml | 13 + .../rhel-registration/scripts/rhel-registration | 15 +- extraconfig/tasks/major_upgrade_block_storage.sh | 2 +- extraconfig/tasks/major_upgrade_ceph_mon.sh | 5 +- extraconfig/tasks/major_upgrade_ceph_storage.sh | 9 +- extraconfig/tasks/major_upgrade_compute.sh | 4 +- .../tasks/major_upgrade_controller_pacemaker_2.sh | 27 +- extraconfig/tasks/major_upgrade_object_storage.sh | 3 +- extraconfig/tasks/major_upgrade_pacemaker.yaml | 2 +- .../tasks/major_upgrade_pacemaker_migrations.sh | 10 +- extraconfig/tasks/pacemaker_common_functions.sh | 37 +++ extraconfig/tasks/ssh/host_public_key.yaml | 42 +++ extraconfig/tasks/ssh/known_hosts_config.yaml | 36 +++ extraconfig/tasks/yum_update.sh | 36 ++- network/service_net_map.j2.yaml | 3 +- overcloud-resource-registry-puppet.j2.yaml | 3 + overcloud.j2.yaml | 18 ++ puppet/blockstorage-role.yaml | 65 ++++ puppet/cephstorage-role.yaml | 65 ++++ puppet/compute-role.yaml | 65 ++++ puppet/controller-role.yaml | 65 ++++ puppet/deploy-artifacts.sh | 8 +- .../all_nodes/neutron-ml2-cisco-nexus-ucsm.j2.yaml | 305 ++++++++++++++++++ .../all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml | 341 --------------------- puppet/objectstorage-role.yaml | 65 ++++ puppet/role.role.j2.yaml | 65 ++++ puppet/services/ceilometer-base.yaml | 5 + puppet/services/gnocchi-base.yaml | 5 + puppet/services/kernel.yaml | 4 +- puppet/services/keystone.yaml | 54 ++++ puppet/services/neutron-compute-plugin-nuage.yaml | 10 + puppet/services/neutron-plugin-nuage.yaml | 7 +- puppet/services/nova-compute.yaml | 13 + puppet/services/nova-libvirt.yaml | 1 - puppet/services/sshd.yaml | 34 ++ puppet/services/swift-proxy.yaml | 10 +- ...meter-from-swift-pipeline-6ee079b9c7b919f8.yaml | 6 + .../notes/enable-arp_accept-6296b0113bc56b10.yaml | 9 + ...e-metric-processing-delay-0c098d7ec0af0728.yaml | 3 + .../fix-glance-api-network-4f9d7c20475a5994.yaml | 3 + ...-rpm-deploy-artifact-urls-03d5694073ad159d.yaml | 4 + ...ve-satellite-repo-enabled-8b60528bd5450c7b.yaml | 6 + .../notes/migration_over_ssh-003e2a92f5f5374d.yaml | 14 + .../notes/ssh_known_hosts-287563590632d1aa.yaml | 4 + .../token-flush-twice-a-day-d4b00a2953a6b383.yaml | 7 + .../update-interfaces-first-f3c214ee9bdc1587.yaml | 4 + ...d-unset-fqdn-for-rhel-reg-be9c4620146096be.yaml | 8 + roles_data.yaml | 5 + 56 files changed, 1214 insertions(+), 381 deletions(-)