We are happy to announce the release of: tripleo-heat-templates 6.1.0: Heat templates for deploying OpenStack with OpenStack. This release is part of the ocata stable release series. The source is available from: http://git.openstack.org/cgit/openstack/tripleo-heat-templates Download the package from: https://tarballs.openstack.org/tripleo-heat-templates/ Please report issues through launchpad: http://bugs.launchpad.net/tripleo For more details, please see below. 6.1.0 ^^^^^ New Features ************ * Add capabilities to configure LDAP backends as for keystone domains. This can be done by using the KeystoneLDAPDomainEnable and KeystoneLDAPBackendConfigs parameters. * Add support for cold migration over ssh. This enables nova cold migration. This also switches to SSH as the default transport for live- migration. The tripleo-common mistral action that generates passwords supplies the MigrationSshKey parameter that enables this. * SSH host key exchange. The ssh host keys are collected from each host, combined, and written to /etc/ssh/ssh_known_hosts. * Added ability to manage MOTD Banner Enabled SSHD composible service by default. Puppet-ssh manages the sshd config. Known Issues ************ * During the ovs upgrade for 2.5 to 2.6 we need to workaround the classic yum update command by handling the upgrade of the package separately to not loose the IPs and the connectivity on the nodes. The workaround is discussed here https://bugs.launchpad.net/tripleo/+bug/1669714 Upgrade Notes ************* * The upgrade from openvswitch 2.5 to 2.6 is handled gracefully and there should be no user impact in particular no restart of the openvswitch service. For more information please see the related bug above which also links the relevant code reviews. The workaround (transparent to the user/doesn't require any input) is to download the OVS package and install with --nopostun and --notriggerun options provided by the rpm binary. * The default network for the ctlplane changed from 192.0.2.0/24 to 192.168.24.0/24. All references to the ctlplane network in the templates have been updated to reflect this change. When upgrading from a previous release, if the default network was used for the ctlplane (192.0.2.0/24), then it is necessary to provide as input, via environment file, the correct setting for all the parameters that previously defaulted to 192.0.2.x and now default to 192.168.24.x; there is an environment file which could be used on upgrade *environments/updates/update-from-192_0_2-subnet.yaml* to cover a simple scenario but it won't be enough for scenarios using an external load balancer, Contrail or Cisto N1KV. Follows a list of params to be provided on upgrade. From contrail-net.yaml: EC2MetadataIp, ControlPlaneDefaultRoute From external-loadbalancer- vip-v6.yaml: ControlFixedIPs From external-loadbalancer-vip.yaml: ControlFixedIPs From network-environment.yaml: EC2MetadataIp, ControlPlaneDefaultRoute From neutron-ml2-cisco-n1kv.yaml: N1000vVSMIP, N1000vMgmtGatewayIP From contrail-vrouter.yaml: ContrailVrouterGateway Deprecation Notes ***************** * The TCP transport is no longer used for live-migration and the firewall port has been closed. Security Issues *************** * Secure EtcdInitialClusterToken by removing the default value and make the parameter hidden. Fixes bug 1673266. Bug Fixes ********* * NeutronDhcpAgents had a default value of 3 that, even though unused in practice was a bad default value. Changing the default value to a sentinel value and making the hiera conditional allows deploy-time logic in puppet to provide a default value based on the number of dhcp agents being deployed. * Updated bigswitch environment file to include the bigswitch agent installation and correct support for the restproxy configuration. * The initial firewall will now be purged by the deployed-server bootstrap scripts. This is needed to prevent possible issues with bootstrapping the initial Pacemaker cluster. See https://bugs.launchpad.net/tripleo/+bug/1679234 * Fixes an issue when using the CinderNfsServers parameter_defaults setting. It now works using a single share as well as a comma- separated list of shares. * Fixes firewall rules from neutron OVS agent not being inherited correctly and applied in neutron OVS DPDK template. * Fixes OpenDaylightProviderMappings parsing on a comma delimited list. * openstack-selinux is now installed by the deployed-server bootstrap scripts. Previously, it was not installed, so if SELinux was set to enforcing, all OpenStack policy was missing. * Since panko is enabled by default, include it the default dispatcher for ceilometer events. * Add knobs to limit memory comsumed by mongodb with systemd * We need ceilometer user in cases where ceilometer API is disabled. This is to ensure other ceilometer services can still authenticate with keystone. * The "pci_passthrough" hiera value should be passed as a string (bug 1675036). * The token flush cron job has been modified to run hourly instead of once a day. This is because this was causing issues with larger deployments, as the operation would take too long and sometimes even fail because of the transaction being so large. Note that this only affects people using the UUID token provider. Changes in tripleo-heat-templates 6.0.0..6.1.0 ---------------------------------------------- b67f77e Prepare 6.1.0 (ocata) 2e25d11 Cinder-api upgrade: use httpd instead of apachectl 8b15fc9 Increase documentation about parameters 1b87b2e Deploy ceilometer_auth_enabled to node containing keystone ff53f7d Remove no longer used environment files - older upgrade workflows 876105e sensu: fix upgrade case when service is added cbf997e SSHD Service extensions 1eeedbc Add migration SSH tunneling support 68d7196 SSH known_hosts config 225cff3 N->O Manual puppet commands have the right modulepath. 6f75d76 N->O upgrade, fix wrong parameters to nova placement. c1fc74c Run token flush cron job hourly by default 5eb39b4 Use comma_delimited_list for token flush cron time settings a2cf2d4 Touch /etc/httpd/conf.d/ssl.conf f6a83fe Fix bogus parameters in get_param c25a963 Add params to tweak memory limit on mongodb 485715c Update Dell EMC Cinder back end services 037d09a yum_update.sh - Use the yum parameter: check-update d10aacc Add composable role support for NetApp Cinder back end d381054 Replace references to the 192.0.2 network 16de97f Update ceph-rgw acccepted roles to fix OSP upgrade 96d3e64 Decouple Swift ringbuilding logic 4db1c9f Add trigger to setup a LDAP backend as keystone domaine d3f47eb Add manual ovs upgrade script for workaround ovs upgrade issue 7d86750 Enforce upgrade_batch_tasks before upgrade_tasks order 11389e5 Ensure upgrade step orchestration accross roles. 40b4878 Add environment for deployed-server with pacemaker 77aa9a7 Generate Pre/Post Puppet Tasks for all roles 2047cbb Updated from global requirements 33e63c2 Purge initial firewall for deployed-server's b885502 Set auth flag so ceilometer auth is enabled cb567de FQDN validation 043adb9 Fixes port binding controller for OpenDaylight 287a850 Add missing ec2api::api::keystone_ec2_tokens_url config a1599f5 Setting keystone region for tacker f8d2292 Include panko in the default dispatcher 2e7c850 Add special case upgrade from openvswitch 2.5.0-14 985c5ec Don't check haproxy if external load-balancer is used. f9d2ce1 Re-Add bigswitch agent support d99a067 [N->O] Fix wrong database connection for cell0 during upgrade. 9b95554 Stop openstack-nova-compute during nova-ironic upgrade 129734a Run cluster check on nodes configured in wsrep_cluster_address. 8a4c6cb Modify pci_passthrough hiera value as string df26adf Remove 'Controller' role references from overcloud.j2.yaml c71229f Only set EnableConfigPurge on major upgrades c26c325 [N->O] is creating 2 default cell_v2 cells c41f483 Nic config mappings for deployed-server e7e8161 Sort ResourceGroup resource list 9a8d654 Setting keystone region for congress 440901b N->O upgrade, blanks ipv6 rules before activating it. c077b20 N->O Upgrade, make sure all nova placement parameter properly set. 8b7a995 Fix usage of CinderNfsServers ac98fcf Install openstack-selinux for deployed-server e6fbc8e Fixes missing firewall rules for neutron_ovs_dpdk_agent service 6b33a77 Enables increasing mariadb open files for noha deployments a17f6c6 Fixes OpenDaylightProviderMappings hiera parsing 8f728b3 etcd: secure EtcdInitialClusterToken parameter 803da62 Deploy versionless keystone endpoints (for keystone only) 5d86af8 Add bindep support 5cd57aa Don't try to run os-net-config from yum_update.sh 2d47d9b Explicitly configure credentials used by ironic to access other services 1652f1b Fixes multiple issues with retry function in rhel-registration. d385fc3 Pick dynamically the first node for stack validation 557b021 Make sure PrePuppet runs before any Deployment_Step f4c4a0f Cleanup no longer used upgrade files bc8dcd1 Upgrades: wait for galera to be settled 126e207 Align hyperconverged-ceph.yaml environment and adds some validation 9649095 Adds upgrade tasks for OpenDaylight services f0e03ba Remove ha-by-default release note in Ocata 3134784 Use the new hiera hook in all remaining templates 9c91720 Make neutron dhcp agents per network conditional 59e5f95 Remove the openvswitch special case upgrade code 476d15b Disable exit on error for pacemaker commands for update flow d76ef52 Use --disable= in subscription-manager to avoid shell expansion. 4cb1923 Add OpenDaylightConnectionProtocol parameter to opendaylight-api service Diffstat (except docs and test files) ------------------------------------- all-nodes-validation.yaml | 6 + bindep.txt | 2 + ci/environments/multinode-3nodes.yaml | 2 + ci/environments/multinode.yaml | 1 + ci/environments/multinode_major_upgrade.yaml | 1 + ci/environments/scenario002-multinode.yaml | 1 + ci/environments/scenario003-multinode.yaml | 1 + ci/environments/scenario004-multinode.yaml | 1 + deployed-server/README.rst | 4 +- .../deployed-server-bootstrap-centos.sh | 6 +- deployed-server/deployed-server-bootstrap-rhel.sh | 6 +- deployed-server/scripts/get-occ-config.sh | 2 +- environments/cinder-netapp-config.yaml | 2 +- environments/collectd-environment.yaml | 32 +++- environments/contrail/contrail-net.yaml | 4 +- environments/deployed-server-environment.j2.yaml | 11 ++ environments/deployed-server-environment.yaml | 4 - .../deployed-server-pacemaker-environment.yaml | 4 + environments/external-loadbalancer-vip-v6.yaml | 2 +- environments/external-loadbalancer-vip.yaml | 2 +- environments/logging-environment.yaml | 2 +- environments/major-upgrade-aodh-migration.yaml | 6 - ...ajor-upgrade-ceilometer-wsgi-mitaka-newton.yaml | 7 - environments/major-upgrade-composable-steps.yaml | 1 + environments/major-upgrade-converge.yaml | 1 + environments/major-upgrade-pacemaker-converge.yaml | 6 - environments/major-upgrade-pacemaker-init.yaml | 6 - environments/major-upgrade-pacemaker.yaml | 6 - environments/major-upgrade-remove-sahara.yaml | 6 - environments/network-environment.yaml | 4 +- environments/neutron-ml2-bigswitch.yaml | 13 +- environments/neutron-ml2-cisco-n1kv.yaml | 4 +- environments/neutron-opendaylight.yaml | 1 + environments/services/disable-ceilometer-api.yaml | 3 + .../keystone_domain_specific_ldap_backend.yaml | 18 ++ environments/sshd-banner.yaml | 6 +- .../updates/update-from-192_0_2-subnet.yaml | 3 + .../rhel-registration/scripts/rhel-registration | 50 ++++-- extraconfig/tasks/aodh_data_migration.sh | 19 -- ...ajor_upgrade_ceilometer_wsgi_mitaka_newton.yaml | 62 ------- extraconfig/tasks/major_upgrade_check.sh | 109 ----------- .../tasks/major_upgrade_controller_pacemaker_1.sh | 36 ---- .../tasks/major_upgrade_controller_pacemaker_2.sh | 176 ------------------ .../tasks/major_upgrade_controller_pacemaker_3.sh | 68 ------- .../tasks/major_upgrade_controller_pacemaker_4.sh | 17 -- .../tasks/major_upgrade_controller_pacemaker_5.sh | 8 - .../tasks/major_upgrade_controller_pacemaker_6.sh | 15 -- extraconfig/tasks/major_upgrade_pacemaker.yaml | 175 ------------------ .../tasks/major_upgrade_pacemaker_migrations.sh | 200 --------------------- .../mitaka_to_newton_aodh_data_migration.yaml | 25 --- .../mitaka_to_newton_ceilometer_wsgi_upgrade.pp | 103 ----------- extraconfig/tasks/pacemaker_common_functions.sh | 9 +- extraconfig/tasks/run_puppet.sh | 5 +- extraconfig/tasks/ssh/host_public_key.yaml | 42 +++++ extraconfig/tasks/ssh/known_hosts_config.yaml | 36 ++++ extraconfig/tasks/swift-ring-deploy.yaml | 31 ---- extraconfig/tasks/swift-ring-update.yaml | 42 ----- extraconfig/tasks/tripleo_upgrade_node.sh | 14 +- extraconfig/tasks/yum_update.sh | 58 +++--- net-config-linux-bridge.yaml | 2 +- overcloud-resource-registry-puppet.j2.yaml | 17 +- overcloud.j2.yaml | 41 ++++- puppet/blockstorage-role.yaml | 37 ++++ puppet/cephstorage-role.yaml | 37 ++++ puppet/compute-role.yaml | 39 +++- puppet/controller-role.yaml | 38 +++- .../all_nodes/neutron-midonet-all-nodes.yaml | 65 ++++--- .../all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml | 47 +++-- .../pre_deploy/compute/neutron-ml2-bigswitch.yaml | 22 ++- .../extraconfig/pre_deploy/compute/nova-nuage.yaml | 29 ++- .../pre_deploy/controller/cinder-netapp.yaml | 158 ---------------- .../controller/neutron-ml2-bigswitch.yaml | 35 ++-- .../controller/neutron-ml2-cisco-n1kv.yaml | 85 +++++---- puppet/major_upgrade_steps.j2.yaml | 57 +++--- puppet/objectstorage-role.yaml | 37 ++++ puppet/puppet-steps.j2 | 40 ++--- puppet/role.role.j2.yaml | 37 ++++ puppet/services/ceilometer-base.yaml | 9 +- puppet/services/ceph-rgw.yaml | 2 +- puppet/services/cinder-api.yaml | 2 +- puppet/services/cinder-backend-netapp.yaml | 129 +++++++++++++ puppet/services/cinder-backend-scaleio.yaml | 2 +- puppet/services/cinder-volume.yaml | 6 +- puppet/services/congress.yaml | 1 + puppet/services/database/mongodb.yaml | 5 + puppet/services/database/mysql.yaml | 6 + puppet/services/ec2-api.yaml | 5 + puppet/services/etcd.yaml | 2 +- puppet/services/ironic-conductor.yaml | 43 ++++- puppet/services/keystone.yaml | 40 ++++- puppet/services/metrics/collectd.yaml | 4 +- puppet/services/monitoring/sensu-client.yaml | 2 +- puppet/services/network/contrail-vrouter.yaml | 2 +- puppet/services/neutron-base.yaml | 45 +++-- puppet/services/neutron-bigswitch-agent.yaml | 31 ++++ puppet/services/neutron-ovs-agent.yaml | 35 ++-- puppet/services/neutron-ovs-dpdk-agent.yaml | 10 +- puppet/services/neutron-plugin-ml2-odl.yaml | 45 +++++ puppet/services/nova-api.yaml | 12 +- puppet/services/nova-base.yaml | 16 +- puppet/services/nova-compute.yaml | 16 +- puppet/services/nova-ironic.yaml | 4 + puppet/services/nova-libvirt.yaml | 1 - puppet/services/octavia-base.yaml | 6 +- puppet/services/opendaylight-api.yaml | 28 +++ puppet/services/opendaylight-ovs.yaml | 30 +++- puppet/services/openvswitch-upgrade.yaml | 50 ++++++ puppet/services/pacemaker.yaml | 18 +- puppet/services/sshd.yaml | 31 +++- puppet/services/swift-ringbuilder.yaml | 10 ++ puppet/services/tacker.yaml | 1 + puppet/services/tripleo-firewall.yaml | 6 + .../notes/add-ldap-backend-0bda702fb0aa24bf.yaml | 5 + ...s-per-network-calculation-536c70391497256d.yaml | 8 + .../notes/big-switch-agent-4c743a2112251234.yaml | 5 + ...yed-server-firewall-purge-9d9fe73faf925056.yaml | 6 + releasenotes/notes/etcdtoken-4c46bdfac940acda.yaml | 6 + ...ix-cinder-nfs-share-usage-0968f88eff7ffb99.yaml | 6 + ...fix-neutron-dpdk-firewall-436aee39a0d7ed65.yaml | 5 + ...dl-provider-mapping-hiera-5b3472184be490e2.yaml | 4 + .../notes/ha-by-default-55326e699ee8602c.yaml | 5 - ...install-openstack-selinux-d14b2e26feb6d04e.yaml | 6 + .../notes/make-panko-default-8d0e824fc91cef56.yaml | 4 + .../notes/migration_over_ssh-003e2a92f5f5374d.yaml | 14 ++ ...sable-upgrades-workaround-73f4e56127c910b4.yaml | 12 ++ ...eferences-to-old-ctlplane-0df7f2ae8910559c.yaml | 20 +++ .../restrict-mongodb-memory-de7bf6754d7234d9.yaml | 3 + .../set-ceilometer-auth-flag-382f68ddb2cbcb6b.yaml | 5 + .../sriov-pci-passthrough-8f28719b889bdaf7.yaml | 4 + .../notes/ssh_known_hosts-287563590632d1aa.yaml | 4 + .../sshd-service-extensions-0c4d0879942a2052.yaml | 5 + .../token-flush-twice-a-day-d4b00a2953a6b383.yaml | 7 + releasenotes/source/conf.py | 4 +- requirements.txt | 2 +- roles_data.yaml | 4 + tools/yaml-validate.py | 18 ++ validation-scripts/all-nodes.sh | 18 ++ 137 files changed, 1490 insertions(+), 1655 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index 057aa28..cb3f96e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -4 +4 @@ -pbr>=1.8 # Apache-2.0 +pbr<2.0.0,>=1.8 # Apache-2.0