[release-announce] tripleo-heat-templates 12.4.3 (ussuri)
no-reply at openstack.org
no-reply at openstack.org
Wed Apr 14 15:06:19 UTC 2021
We are satisfied to announce the release of:
tripleo-heat-templates 12.4.3: Heat templates for deploying OpenStack
with OpenStack.
This release is part of the ussuri stable release series.
The source is available from:
https://opendev.org/openstack/tripleo-heat-templates
Download the package from:
https://tarballs.openstack.org/tripleo-heat-templates/
Please report issues through:
https://bugs.launchpad.net/tripleo/+bugs
For more details, please see below.
12.4.3
^^^^^^
New Features
************
* The new parameter GlanceCinderMountPointBase has been added which
will be used for mounting NFS volumes on glance nodes. When glance
uses cinder as store and cinder backend is NFS, this parameter must
be set to match cinder's mount point.
* The logic to configure the connection from barbican to nShield
HSMs has been augmented to parse a nshield_hsms parameter, which
allows the specification of multiple HSMs. The underlying ansible
role (ansible-role-thales-hsm) will configure the HSMs in load
sharing mode to provide HA.
* New "CinderRpcResponseTimeout" and "CinderApiWsgiTimeout"
parameters provide a means for configuring Cinder's RPC response and
WSGI connection timeouts, respectively.
* Add posibilities to configure ovn dbs monitor interval in tht by
OVNDBSPacemakerMonitorInterval (default 30s). Under load, this can
create extra stress and since the timeout has already been bumped,
it makes sense to bump this interval to a higher value as a trade
off between detecting a failure and stressing the service.
* When a node has hugepages enabled, we can help with live
migrations by enabling *NovaLiveMigrationPermitPostCopy* and
*NovaLiveMigrationPermitAutoConverge*. These flags are automatically
enabled if hugepages are detected, but operators can override these
settings.
* Add NovaLibvirtMaxQueues role parameter to set
[libvirt]/max_queues in nova.conf of the compute. Default 0
corresponds to not set meaning the legacy limits based on the
reported kernel major version will be used.
* The new "SshServerOptionsOverrides" parameter has been added. This
parameter can be used to override a part of sshd_config, which is
defined by the "SshServerOptions".
Known Issues
************
* Cell_v2 discovery has been moved from the nova-compute|nova-ironic
containers as this requires nova api database credentials which must
not be configured for the nova-compute service. As a result scale-up
deployments which explicitly omit the Controller nodes will need to
make alternative arrangements to run cell_v2 discovery. Either the
nova-manage command can be run manually after scale-up, or an
additional helper node using the NovaManage role can be deployed
that will be used for this task instead of a Controller node. See
Bug: 1786961 (https://launchpad.net/bugs/1786961) and Bug: 1871482
(https://launchpad.net/bugs/1871482).
Deprecation Notes
*****************
* Some parameters within ThalesVars have been deprecated. These are
- thales_hsm_ip_address and thales_hsm_config_location. See
environments/barbican-backend-pkcs11-thales.yaml for details.
Bug Fixes
*********
* When deploying a spine-and-leaf (L3 routed architecture) with TLS
enabled for internal endpoints the deployment would fail because
some roles are not connected to the network mapped to the service in
ServiceNetMap. To fix this issue a role specific parameter
"{{role.name}}ServiceNetMap" is introduced (defaults to: "{}"). The
role specific ServiceNetMap parameter allow the operator to override
one or more service network mappings per-role. For example:
ComputeLeaf2ServiceNetMap:
NovaLibvirtNetwork: internal_api_leaf2
The role specific "{{role.name}}ServiceNetMap" override is merged
with the global "ServiceNetMap" when it's passed as a value to the
"{{role.name}}ServiceChain" resources, and the "{{role.name}}"
resource groups so that the correct network for this role is mapped
to the service.
Closes bug: 1904482
(https://bugs.launchpad.net/tripleo/+bug/1904482).
* Previously, HorizonDebug and Debug parameters change the value of
horizon::django_debug. However, those parameters didn't set DEBUG
log level to horizon logger components. By this change, if those are
true, horizon::log_level is set to 'DEBUG'.
* Do not relabel Swift files on every container (re-)start. These
will be relabeled already in step 3 preventing additional delays.
Changes in tripleo-heat-templates 12.4.2..12.4.3
------------------------------------------------
560d98396 [update][upgrade] Use container-tools:3.0
83210e340 Move tmpwatch from cron.daily to actual root crontab
2a97154ef OVNChassisMacPorts for distributed VLAN
a900a8055 Updating settings description
7e4bb3623 live_migration setting should be under libvirt namespace
d690b41ef Create OVNMacAddrNet network on Undercloud
5d62f6642 Set toplevel nova::dhcp_domain for all nova services
d96f77930 Support configuring cinder's RPC and WSGI timeouts
b561d3a9f Add legacy fact setting
82e4cccce Allow configuring cinder mount point for glance cinder store
36e28d2d3 Check Ceph cluster healthy state before starting FS to BS playbook
284629a87 Make UpgradeInitCommand and UpgradeLeapp{ToRemove,ToInstall,CommandOptions} per-role
33b47f479 Fix start order for {swift_proxy,glance_api}_tls_proxy
9db6db69a Stop ironic services in unupgraded controllers
34c96db0e Stop barbican servics in unupgraded controllers
7281bb019 Add posibilities to set ovndbs monitor interval
698cfa661 Upgrade mariadb storage during upgrade tasks
d5899589d Add delegate_fact_hosts: false on ci scenarios
1f8d90c29 Remove tripleo_transfer cleanup.yml reference
e140e22e1 Add TLS capabilities to Memcached service
f54ca2506 Make content provider depend on tox-pep8/tht on check layout
c6e9974ba Change play name
6997676b1 Use include task for host prep tasks
603beaa02 Use ansible_facts instead
0d88e0e20 Enabling 'cinder_use_multipath' if cinder multipath is enabled
cc9a390b5 Drop service facts usage
bc1fd4741 Fix redis_tls_proxy
6de73eca7 Don't try creating default admin and member roles
ac11fc15c Stop non-pcmk services of manila and cinder during upgrade
4e2e984b9 Add parameters to allow multiple nshield HSMs
7f8e32bef Fix logic to honor HorizonDebug
0502fb1aa Set 'DEBUG' to horizon::log_level if HorizonDebug or Debug is true
cde398d9b Add a new role parameter rhsm_enforce.
341fbc46e Always set NetworkDeploymentActions to its default
9740d89f1 Stop octavia servics in unupgraded controllers
c77472ec3 Add ContainerDefaultPidsLimit to set default pid limits in containers.conf
f2602657a per_node is not parsing generated json
633ad7781 Problematic nested quotes in hieradata file list
b188630e8 Use Ceph cluster name when setting minimum client version
2be083bf2 Make DnfStreams support RoleParameters
9a8c007da Move cell_v2 discovery off compute hosts
ace7eb7d6 Refactor nova db config
d38c3df91 Make NovaComputeOptVolumes and NovaComputeOptEnvVars role aware
43c02ebc9 Add post delay to reboot
4b8a18069 Enforces minimum Ceph client version to Mimic
cbc5d0e6e Deprecate environments/dcn-hci.yaml for dcn-storage.yaml
2c298e231 Split network validation to it's own play
cb8e846ea Force json output format for hiera in derive pci whitelist
59b2d7618 Remove External{Internal,Public,Admin}Url parameters
e21b9f8dd Add NovaLibvirtMaxQueues role parameter to set [libvirt]/max_queues
81a184033 Revert "Reset sriov_numvfs to 0 before leapp upgrade"
3bd9c10e8 Use include_role for conditional inclusion
d9414af71 Use Ceph-NFS for Manila in scenario004
83ba65e3a Serialize shutdown of pacemaker nodes
4dac4701f Deleting nova-consoleauth services in post-upgrade
38d6c5932 Live migration optimization with HP
9998bfc5d Making sure virt-guest-shutdown.target exists
114ba5dd4 Remove ffwd lifecycle environment files.
c04572dbb Remove pcs/pacemaker package installation from upgrade tasks
c9ffe726f Fix unreachable handling
3f93e3a15 Update container-config-scripts/ folder content before update_tasks.
826221eb4 Do not relabel Swift files on every container start
7c01d809d Make it possible to override ServiceNetMap per-role
94236c757 Fix ownership of octavia_rsyslog log directory
220bf13a2 Configure OVNCMSOptions=enable-chassis-as-gw within neutron-ovn-sriov.yaml
1484c4560 nova: Use LIBGUESTFS_BACKEND=direct
1a085631c [Ussuri and older] Set python_cmd where we need it
ef0675dc0 Ensure cloud-init has finished before puppet run
26298a65c Allow partial override about SshServerOptions
5e9a03d91 Switch host sshd configuration to ansible
Diffstat (except docs and test files)
-------------------------------------
ci/environments/multinode-containers.yaml | 1 +
ci/environments/scenario001-standalone.yaml | 1 +
ci/environments/scenario004-standalone.yaml | 6 +
common/common-container-config-scripts.yaml | 17 +++
common/deploy-steps-playbooks-common.yaml | 20 ++-
common/deploy-steps-tasks-step-0.j2.yaml | 17 +++
common/deploy-steps-tasks-step-1.yaml | 33 +----
common/deploy-steps-tasks.yaml | 6 +-
common/deploy-steps.j2 | 24 ++-
common/generate-config-tasks.yaml | 19 ++-
common/host-container-puppet-tasks.yaml | 21 ++-
container_config_scripts/mysql_upgrade_db.sh | 15 ++
.../pacemaker_mutex_shutdown.sh | 120 +++++++++++++++
.../pacemaker_resource_lock.sh | 34 ++++-
.../barbican/barbican-api-container-puppet.yaml | 28 +++-
deployment/ceph-ansible/ceph-base.yaml | 11 ++
deployment/ceph-ansible/ceph-mon.yaml | 28 ++++
deployment/ceph-ansible/ceph-rgw.yaml | 4 -
deployment/cinder/cinder-api-container-puppet.yaml | 11 +-
.../cinder/cinder-backup-container-puppet.yaml | 15 ++
.../cinder/cinder-backup-pacemaker-puppet.yaml | 2 +-
deployment/cinder/cinder-base.yaml | 5 +
.../cinder/cinder-volume-container-puppet.yaml | 15 ++
.../cinder/cinder-volume-pacemaker-puppet.yaml | 2 +-
deployment/containers-common.yaml | 3 +
deployment/database/mysql-base.yaml | 6 +
deployment/database/mysql-container-puppet.yaml | 51 +++++--
deployment/database/mysql-pacemaker-puppet.yaml | 52 +++----
deployment/database/redis-pacemaker-puppet.yaml | 24 ++-
deployment/glance/glance-api-container-puppet.yaml | 14 +-
deployment/haproxy/haproxy-pacemaker-puppet.yaml | 4 +-
deployment/haproxy/haproxy-public-tls-inject.yaml | 2 +-
deployment/horizon/horizon-container-puppet.yaml | 24 ++-
deployment/ipa/ipaservices-baremetal-ansible.yaml | 4 +-
deployment/ironic/ironic-api-container-puppet.yaml | 14 ++
.../ironic/ironic-conductor-container-puppet.yaml | 15 ++
.../ironic/ironic-inspector-container-puppet.yaml | 16 ++
deployment/ironic/ironic-pxe-container-puppet.yaml | 16 ++
.../logrotate-crond-container-puppet.yaml | 45 ++++--
deployment/manila/manila-api-container-puppet.yaml | 15 ++
.../manila/manila-scheduler-container-puppet.yaml | 15 ++
.../manila/manila-share-container-puppet.yaml | 15 ++
.../manila/manila-share-pacemaker-puppet.yaml | 2 +-
.../memcached/memcached-container-puppet.yaml | 115 +++++++++++----
deployment/metrics/collectd-container-puppet.yaml | 2 +-
.../neutron/derive_pci_passthrough_whitelist.py | 2 +-
.../neutron-sriov-agent-container-puppet.yaml | 31 +---
deployment/nova/nova-api-container-puppet.yaml | 38 +++--
deployment/nova/nova-apidb-client-puppet.yaml | 78 ++++++++++
deployment/nova/nova-base-puppet.yaml | 74 +---------
.../nova/nova-compute-common-container-puppet.yaml | 22 ++-
deployment/nova/nova-compute-container-puppet.yaml | 163 +++++++++++++++++----
.../nova/nova-conductor-container-puppet.yaml | 60 ++++++--
deployment/nova/nova-db-client-puppet.yaml | 80 ++++++++++
deployment/nova/nova-ironic-container-puppet.yaml | 28 ++--
deployment/nova/nova-libvirt-container-puppet.yaml | 11 +-
deployment/nova/nova-manager-container-puppet.yaml | 105 +++++++++++++
.../nova/nova-metadata-container-puppet.yaml | 45 ++++--
.../nova/nova-scheduler-container-puppet.yaml | 31 +++-
.../nova/nova-vnc-proxy-container-puppet.yaml | 53 ++++++-
deployment/nova/novajoin-container-puppet.yaml | 6 +-
.../octavia/octavia-api-container-puppet.yaml | 15 ++
.../octavia/octavia-deployment-config.j2.yaml | 4 +-
.../octavia-health-manager-container-puppet.yaml | 20 ++-
.../octavia-housekeeping-container-puppet.yaml | 15 ++
.../octavia/octavia-worker-container-puppet.yaml | 19 ++-
deployment/ovn/ovn-dbs-pacemaker-puppet.yaml | 16 +-
.../pacemaker/pacemaker-baremetal-puppet.yaml | 6 +
deployment/podman/podman-baremetal-ansible.yaml | 7 +
...rabbitmq-messaging-notify-pacemaker-puppet.yaml | 2 +-
.../rabbitmq-messaging-pacemaker-puppet.yaml | 2 +-
.../rabbitmq-messaging-rpc-pacemaker-puppet.yaml | 2 +-
deployment/sshd/sshd-baremetal-ansible.yaml | 105 +++++++++++++
deployment/sshd/sshd-baremetal-puppet.yaml | 10 +-
.../external-swift-proxy-baremetal-puppet.yaml | 49 +------
deployment/swift/swift-proxy-container-puppet.yaml | 1 +
.../swift/swift-storage-container-puppet.yaml | 7 +-
deployment/timesync/chrony-baremetal-ansible.yaml | 11 +-
deployment/tls/undercloud-tls.yaml | 6 +-
.../tripleo-packages-baremetal-puppet.yaml | 57 +++++--
deployment/undercloud/undercloud-upgrade.yaml | 4 +-
environments/barbican-backend-pkcs11-thales.yaml | 22 ++-
environments/dcn-hci.yaml | 3 +
environments/dcn-storage.yaml | 57 +++++++
environments/lifecycle/ffwd-upgrade-converge.yaml | 9 --
environments/lifecycle/ffwd-upgrade-prepare.yaml | 10 --
.../lifecycle/undercloud-upgrade-prepare.yaml | 2 +-
environments/lifecycle/update-prepare.yaml | 2 +-
environments/lifecycle/upgrade-prepare.yaml | 2 +-
environments/services/neutron-ovn-dvr-ha.yaml | 2 -
environments/services/neutron-ovn-ha.yaml | 4 -
environments/services/neutron-ovn-sriov.yaml | 6 +-
environments/standalone/standalone-overcloud.yaml | 2 +
environments/standalone/standalone-tripleo.yaml | 2 +
environments/undercloud.yaml | 4 +
environments/undercloud/undercloud-minion.yaml | 2 +
network/networks.j2.yaml | 3 +
network/ovn_mac_addr_net.yaml | 37 +++++
network/ports/ovn_mac_addr_port.yaml | 27 ++++
overcloud-resource-registry-puppet.j2.yaml | 9 +-
overcloud.j2.yaml | 26 +++-
puppet/extraconfig/pre_deploy/per_node.yaml | 12 +-
puppet/role.role.j2.yaml | 34 +++++
...ount-point-base-parameter-852554398b9f3a19.yaml | 7 +
.../notes/barbican-thales-ha-581fbe9b5ef4dc87.yaml | 11 ++
.../notes/bug-1904482-dbc5162c8245a9b3.yaml | 21 +++
...v2_discovery_off_computes-2b977c6b9a01cde2.yaml | 13 ++
...er-add-timeout-parameters-54550a6e1c11c0b9.yaml | 6 +
.../dcn-hci-storage-rename-0b1c17dd50f4cc9a.yaml | 8 +
.../horizon_logger_debug-cd70c45c1b695e4b.yaml | 8 +
.../monitor_interval_ovndbs-b14c886737965300.yaml | 9 ++
...mit-postcopy-autoconverge-ca1719fd2abed45f.yaml | 8 +
.../nova_libvirt_max_queues-8024fc63105bd25d.yaml | 6 +
...-server-options-overrides-f677913bfd65efe1.yaml | 6 +
.../swift-prevent-relabeling-b9721aa5a1abda6e.yaml | 5 +
roles/CephFile.yaml | 1 +
roles/CephObject.yaml | 1 +
roles/CephStorage.yaml | 1 +
roles/NovaManager.yaml | 37 +++++
roles/README.rst | 6 +
roles/Standalone.yaml | 3 +
roles_data.yaml | 1 +
sample-env-generator/dcn.yaml | 11 +-
sample-env-generator/standalone.yaml | 9 +-
sample-env-generator/undercloud-minion.yaml | 8 +-
tools/yaml-validate.py | 7 +-
zuul.d/layout.yaml | 5 +
127 files changed, 2073 insertions(+), 496 deletions(-)
More information about the Release-announce
mailing list