[release-announce] tripleo-heat-templates 11.5.0 (train)
no-reply at openstack.org
no-reply at openstack.org
Mon Apr 5 09:17:00 UTC 2021
We are pleased to announce the release of:
tripleo-heat-templates 11.5.0: Heat templates for deploying OpenStack
with OpenStack.
This release is part of the train stable release series.
The source is available from:
https://opendev.org/openstack/tripleo-heat-templates
Download the package from:
https://tarballs.openstack.org/tripleo-heat-templates/
Please report issues through:
https://bugs.launchpad.net/tripleo/+bugs
For more details, please see below.
11.5.0
^^^^^^
New Features
************
* The new parameter GlanceCinderMountPointBase has been added which
will be used for mounting NFS volumes on glance nodes. When glance
uses cinder as store and cinder backend is NFS, this parameter must
be set to match cinder's mount point.
* The logic to configure the connection from barbican to nShield
HSMs has been augmented to parse a nshield_hsms parameter, which
allows the specification of multiple HSMs. The underlying ansible
role (ansible-role-thales-hsm) will configure the HSMs in load
sharing mode to provide HA.
* A new multipathd-container-ansible.yaml heat template replaces the
multipathd-container.yaml template. The new template adds support
for the following new parameters. * MultipathdSkipKpartx *
MultipathdCustomConfigFile
* When a node has hugepages enabled, we can help with live
migrations by enabling *NovaLiveMigrationPermitPostCopy* and
*NovaLiveMigrationPermitAutoConverge*. These flags are automatically
enabled if hugepages are detected, but operators can override these
settings.
* Add NovaLibvirtMaxQueues role parameter to set
[libvirt]/max_queues in nova.conf of the compute. Default 0
corresponds to not set meaning the legacy limits based on the
reported kernel major version will be used.
Known Issues
************
* Cell_v2 discovery has been moved from the nova-compute|nova-ironic
containers as this requires nova api database credentials which must
not be configured for the nova-compute service. As a result scale-up
deployments which explicitly omit the Controller nodes will need to
make alternative arrangements to run cell_v2 discovery. Either the
nova-manage command can be run manually after scale-up, or an
additional helper node using the NovaManage role can be deployed
that will be used for this task instead of a Controller node. See
Bug: 1786961 (https://launchpad.net/bugs/1786961) and Bug: 1871482
(https://launchpad.net/bugs/1871482).
Upgrade Notes
*************
* When upgrading from the multipathd-container.yaml template to the
new multipathd-container-ansible.yaml template, bear in mind the new
MultipathdSkipKpartx parameter will configure the corresponding
skip_kpartx setting in /etc/multipath.conf.
Deprecation Notes
*****************
* Some parameters within ThalesVars have been deprecated. These are
- thales_hsm_ip_address and thales_hsm_config_location. See
environments/barbican-backend-pkcs11-thales.yaml for details.
* The multipathd-container.yaml template is deprecated in favor of a
new multipathd-container-ansible.yaml template. The new template is
backward compatible with the old template, but see the features and
upgrade notes for additional details.
Bug Fixes
*********
* When deploying a spine-and-leaf (L3 routed architecture) with TLS
enabled for internal endpoints the deployment would fail because
some roles are not connected to the network mapped to the service in
ServiceNetMap. To fix this issue a role specific parameter
"{{role.name}}ServiceNetMap" is introduced (defaults to: "{}"). The
role specific ServiceNetMap parameter allow the operator to override
one or more service network mappings per-role. For example:
ComputeLeaf2ServiceNetMap:
NovaLibvirtNetwork: internal_api_leaf2
The role specific "{{role.name}}ServiceNetMap" override is merged
with the global "ServiceNetMap" when it's passed as a value to the
"{{role.name}}ServiceChain" resources, and the "{{role.name}}"
resource groups so that the correct network for this role is mapped
to the service.
Closes bug: 1904482
(https://bugs.launchpad.net/tripleo/+bug/1904482).
* Fixed the Octavia OctaviaTenantLogFacility setting default to 0 to
align it with the project default.
* Previously, HorizonDebug and Debug parameters change the value of
horizon::django_debug. However, those parameters didn't set DEBUG
log level to horizon logger components. By this change, if those are
true, horizon::log_level is set to 'DEBUG'.
* Do not relabel Swift files on every container (re-)start. These
will be relabeled already in step 3 preventing additional delays.
Changes in tripleo-heat-templates 11.4.0..11.5.0
------------------------------------------------
0ebdf0c58 Updating settings description
d5949fe86 Set toplevel nova::dhcp_domain for all nova services
f1d91a9e0 [TRAIN-Only] Update ansible python fact
bc6840c6e Enabling 'cinder_use_multipath' if cinder multipath is enabled
b9dd8ccd6 Allow configuring cinder mount point for glance cinder store
90a04d94e Add legacy fact setting
f9e51cf46 Stop ironic services in unupgraded controllers
25493bcb1 Make UpgradeInitCommand and UpgradeLeapp{ToRemove,ToInstall,CommandOptions} per-role
02743e1ab Check Ceph cluster healthy state before starting FS to BS playbook
eb61c8054 Fix start order for {swift_proxy,glance_api}_tls_proxy
5be4f8f31 Stop barbican servics in unupgraded controllers
8fc59c12c Stop octavia servics in unupgraded controllers
deee084ed Validation are not run via mistral anymore in Train
9bdf4b168 Upgrade mariadb storage during upgrade tasks
aaf9e860e [Ussuri and older] Set python_cmd where we need it
54414a14b Remove scenario007-multinode and scenario010-standalone from layout
ffae4ae76 Add delegate_fact_hosts: false on ci scenarios
526791d6c Remove tripleo_transfer cleanup.yml reference
cc0752392 Use include task for host prep tasks
4e79336d6 Use ansible_facts instead
6902fcea0 Drop service facts usage
badc6bc1e Fix redis_tls_proxy
7d56985fa Don't try creating default admin and member roles
e1aee7c3e Stop non-pcmk services of manila and cinder during upgrade
785706f4a Refactor nova db config
9d7a5a5c6 Adding placement client package to clients
656a6f50d pcs commands on host: ovn dbs
4db546260 pcs commands on host: manila-share
60cd610f9 pcs commands on host: rabbitmq
327f0e503 pcs commands on host: cinder backup/volume
07d8f2082 pcs commands on host: mysql
67e5d621e pcs commands on host: redis bundle
a7cceb0f9 pcs commands on host: haproxy bundle
c8f1976fa Add parameters to allow multiple nshield HSMs
2dc7ceeac Add a new role parameter rhsm_enforce.
d3c837e81 Fix logic to honor HorizonDebug
79aec182b Set 'DEBUG' to horizon::log_level if HorizonDebug or Debug is true
19bb2152f [train-only] Add FFWD workaround for UEFI systems
1a1744316 Add ContainerDefaultPidsLimit to set default pid limits in containers.conf
b894347cb Always set NetworkDeploymentActions to its default
679258281 per_node is not parsing generated json
eaf59f4b2 Problematic nested quotes in hieradata file list
988d5dc89 [train-only] Ensure we stop ovn-controller with cleanup
91b780d3d Use Ceph cluster name when setting minimum client version
bd36a306a Make DnfStreams support RoleParameters
c9541b477 Move cell_v2 discovery off compute hosts
28cb354c3 Make NovaComputeOptVolumes and NovaComputeOptEnvVars role aware
43b7188ef Live migration optimization with HP
678186027 Add post delay to reboot
43b352e9a Enforces minimum Ceph client version to Mimic
6733d14f1 Serialize shutdown of pacemaker nodes
cf605138f Make ExternalSwift*Url parameters optional
230147720 Deprecate environments/dcn-hci.yaml for dcn-storage.yaml
c5a2a9ce5 Use include_role for conditional inclusion
e69b06ae2 [Train-Only] Remove python-2 packages in the overcloud nodes after leapp upgrade.
f55af442d Deploy multipathd using tripleo_multipathd ansible role
861af8d81 Force json output format for hiera in derive pci whitelist
431cfb979 Add NovaLibvirtMaxQueues role parameter to set [libvirt]/max_queues
0c68c4428 Revert "Reset sriov_numvfs to 0 before leapp upgrade"
e038ecd2e Use Ceph-NFS for Manila in scenario004
05c859273 Split network validation to it's own play
916b9385c Rolling certificate update for HA services
76577b3ae Update container-config-scripts/ folder content before update_tasks.
75f3d22fe Remove ffwd lifecycle environment files.
38fcff865 Deleting nova-consoleauth services in post-upgrade
75c287232 Remove pcs/pacemaker package installation from upgrade tasks
6c038ca3a [Train only] Retry distro-sync until success
5472332d6 Do not relabel Swift files on every container start
6fb47e4af Make it possible to override ServiceNetMap per-role
4dd0f9dab Fix ownership of octavia_rsyslog log directory
e26e6a1fb nova: Use LIBGUESTFS_BACKEND=direct
953a8ef96 Configure OVNCMSOptions=enable-chassis-as-gw within neutron-ovn-sriov.yaml
8372d5e6d ovn: Add neutron-cleanup
83cce19f6 Fix Octavia OctaviaTenantLogFacility default
Diffstat (except docs and test files)
-------------------------------------
ci/environments/multinode-containers.yaml | 1 +
ci/environments/scenario001-standalone.yaml | 4 +
ci/environments/scenario004-standalone.yaml | 6 +
common/common-container-config-scripts.yaml | 17 ++
common/deploy-steps-playbooks-common.yaml | 17 ++
common/deploy-steps-tasks-step-0.j2.yaml | 13 +-
common/deploy-steps-tasks-step-1.yaml | 33 +--
common/deploy-steps-tasks.yaml | 6 +-
common/deploy-steps.j2 | 24 +-
common/generate-config-tasks.yaml | 19 +-
common/host-container-puppet-tasks.yaml | 21 +-
container_config_scripts/mysql_upgrade_db.sh | 15 ++
.../pacemaker_mutex_restart_bundle.sh | 90 +++++++
.../pacemaker_mutex_shutdown.sh | 120 +++++++++
.../pacemaker_resource_lock.sh | 267 +++++++++++++++++++++
.../barbican/barbican-api-container-puppet.yaml | 28 ++-
deployment/ceph-ansible/ceph-base.yaml | 13 +-
deployment/ceph-ansible/ceph-mon.yaml | 28 +++
deployment/ceph-ansible/ceph-rgw.yaml | 4 -
.../certs/certmonger-user-baremetal-puppet.yaml | 9 +
.../cinder/cinder-backup-container-puppet.yaml | 15 ++
.../cinder/cinder-backup-pacemaker-puppet.yaml | 70 ++----
.../cinder/cinder-volume-container-puppet.yaml | 15 ++
.../cinder/cinder-volume-pacemaker-puppet.yaml | 69 ++----
.../openstack-clients-baremetal-puppet.yaml | 1 +
deployment/containers-common.yaml | 9 +
deployment/database/mysql-base.yaml | 6 +
deployment/database/mysql-container-puppet.yaml | 46 ++--
deployment/database/mysql-pacemaker-puppet.yaml | 97 ++++----
deployment/database/redis-pacemaker-puppet.yaml | 102 +++-----
.../kubernetes-master-baremetal-ansible.yaml | 4 +-
.../multipathd-container.yaml | 0
deployment/glance/glance-api-container-puppet.yaml | 14 +-
deployment/haproxy/haproxy-pacemaker-puppet.yaml | 75 ++----
deployment/haproxy/haproxy-public-tls-inject.yaml | 2 +-
deployment/horizon/horizon-container-puppet.yaml | 24 +-
deployment/ipa/ipaclient-baremetal-ansible.yaml | 2 +-
deployment/ipa/ipaservices-baremetal-ansible.yaml | 4 +-
deployment/ironic/ironic-api-container-puppet.yaml | 14 ++
.../ironic/ironic-conductor-container-puppet.yaml | 15 ++
.../ironic/ironic-inspector-container-puppet.yaml | 16 ++
deployment/ironic/ironic-pxe-container-puppet.yaml | 16 ++
deployment/manila/manila-api-container-puppet.yaml | 15 ++
.../manila/manila-scheduler-container-puppet.yaml | 15 ++
.../manila/manila-share-container-puppet.yaml | 15 ++
.../manila/manila-share-pacemaker-puppet.yaml | 69 ++----
deployment/metrics/collectd-container-puppet.yaml | 2 +-
.../multipathd/multipathd-container-ansible.yaml | 128 ++++++++++
.../neutron/derive_pci_passthrough_whitelist.py | 2 +-
.../neutron-sriov-agent-container-puppet.yaml | 30 ---
deployment/nova/nova-api-container-puppet.yaml | 38 ++-
deployment/nova/nova-apidb-client-puppet.yaml | 78 ++++++
deployment/nova/nova-base-puppet.yaml | 45 +---
.../nova/nova-compute-common-container-puppet.yaml | 22 +-
deployment/nova/nova-compute-container-puppet.yaml | 148 +++++++++---
.../nova/nova-conductor-container-puppet.yaml | 52 +++-
deployment/nova/nova-db-client-puppet.yaml | 80 ++++++
deployment/nova/nova-ironic-container-puppet.yaml | 28 ++-
deployment/nova/nova-libvirt-container-puppet.yaml | 11 +-
deployment/nova/nova-manager-container-puppet.yaml | 105 ++++++++
.../nova/nova-metadata-container-puppet.yaml | 45 +++-
.../nova/nova-scheduler-container-puppet.yaml | 31 ++-
.../nova/nova-vnc-proxy-container-puppet.yaml | 52 +++-
deployment/nova/novajoin-container-puppet.yaml | 6 +-
.../octavia/octavia-api-container-puppet.yaml | 15 ++
deployment/octavia/octavia-base.yaml | 2 +-
.../octavia/octavia-deployment-config.j2.yaml | 4 +-
.../octavia-health-manager-container-puppet.yaml | 20 +-
.../octavia-housekeeping-container-puppet.yaml | 15 ++
.../octavia/octavia-worker-container-puppet.yaml | 19 +-
.../ovn/ovn-controller-container-puppet.yaml | 37 +++
deployment/ovn/ovn-dbs-pacemaker-puppet.yaml | 58 +++--
.../pacemaker/pacemaker-baremetal-puppet.yaml | 6 +
deployment/podman/podman-baremetal-ansible.yaml | 7 +
...rabbitmq-messaging-notify-pacemaker-puppet.yaml | 47 ++--
.../rabbitmq-messaging-pacemaker-puppet.yaml | 47 ++--
.../rabbitmq-messaging-rpc-pacemaker-puppet.yaml | 47 ++--
.../external-swift-proxy-baremetal-puppet.yaml | 3 +
deployment/swift/swift-proxy-container-puppet.yaml | 1 +
.../swift/swift-storage-container-puppet.yaml | 7 +-
deployment/time/timezone-baremetal-ansible.yaml | 4 +-
deployment/timesync/chrony-baremetal-ansible.yaml | 11 +-
deployment/tls/undercloud-tls.yaml | 6 +-
.../tripleo-packages-baremetal-puppet.yaml | 133 ++++++++--
deployment/undercloud/undercloud-upgrade.yaml | 4 +-
environments/barbican-backend-pkcs11-thales.yaml | 22 +-
environments/dcn-hci.yaml | 3 +
environments/dcn-storage.yaml | 57 +++++
environments/lifecycle/ffwd-upgrade-converge.yaml | 10 -
environments/lifecycle/ffwd-upgrade-prepare.yaml | 12 -
environments/multipathd.yaml | 2 +-
environments/services/neutron-ovn-dvr-ha.yaml | 2 -
environments/services/neutron-ovn-ha.yaml | 4 -
environments/services/neutron-ovn-sriov.yaml | 6 +-
extraconfig/post_deploy/undercloud_post.py | 8 -
overcloud-resource-registry-puppet.j2.yaml | 3 +
overcloud.j2.yaml | 25 +-
puppet/extraconfig/pre_deploy/per_node.yaml | 12 +-
...ount-point-base-parameter-852554398b9f3a19.yaml | 7 +
.../notes/barbican-thales-ha-581fbe9b5ef4dc87.yaml | 11 +
.../notes/bug-1904482-dbc5162c8245a9b3.yaml | 21 ++
...v2_discovery_off_computes-2b977c6b9a01cde2.yaml | 13 +
...e-multipathd-with-ansible-f32f3ea627815191.yaml | 20 ++
.../dcn-hci-storage-rename-0b1c17dd50f4cc9a.yaml | 8 +
...nant-log-facility-default-7b6d0670a51fe845.yaml | 5 +
.../horizon_logger_debug-cd70c45c1b695e4b.yaml | 8 +
...mit-postcopy-autoconverge-ca1719fd2abed45f.yaml | 8 +
.../nova_libvirt_max_queues-8024fc63105bd25d.yaml | 6 +
.../swift-prevent-relabeling-b9721aa5a1abda6e.yaml | 5 +
roles/CephFile.yaml | 1 +
roles/CephObject.yaml | 1 +
roles/CephStorage.yaml | 1 +
roles/NovaManager.yaml | 37 +++
roles/README.rst | 6 +
roles/Standalone.yaml | 3 +
roles_data.yaml | 1 +
sample-env-generator/dcn.yaml | 11 +-
tools/yaml-validate.py | 7 +-
zuul.d/layout.yaml | 32 ---
119 files changed, 2483 insertions(+), 756 deletions(-)
More information about the Release-announce
mailing list