[release-announce] tripleo-heat-templates 12.4.3 (ussuri)

no-reply at openstack.org no-reply at openstack.org
Wed Apr 14 15:06:19 UTC 2021


We are satisfied to announce the release of:

tripleo-heat-templates 12.4.3: Heat templates for deploying OpenStack
with OpenStack.

This release is part of the ussuri stable release series.

The source is available from:

    https://opendev.org/openstack/tripleo-heat-templates

Download the package from:

    https://tarballs.openstack.org/tripleo-heat-templates/

Please report issues through:

    https://bugs.launchpad.net/tripleo/+bugs

For more details, please see below.

12.4.3
^^^^^^


New Features
************

* The new parameter GlanceCinderMountPointBase has been added which
  will be used for mounting NFS volumes on glance nodes. When glance
  uses cinder as store and cinder backend is NFS, this parameter must
  be set to match cinder's mount point.

* The logic to configure the connection from barbican to nShield
  HSMs has been augmented to parse a nshield_hsms parameter, which
  allows the specification of multiple HSMs.  The underlying ansible
  role (ansible-role-thales-hsm) will configure the HSMs in load
  sharing mode to provide HA.

* New "CinderRpcResponseTimeout" and "CinderApiWsgiTimeout"
  parameters provide a means for configuring Cinder's RPC response and
  WSGI connection timeouts, respectively.

* Add posibilities to configure ovn dbs monitor interval in tht by
  OVNDBSPacemakerMonitorInterval (default 30s). Under load, this can
  create extra stress and since the timeout has already been bumped,
  it makes sense to bump this interval to a higher value as a trade
  off between detecting a failure and stressing the service.

* When a node has hugepages enabled, we can help with live
  migrations by enabling *NovaLiveMigrationPermitPostCopy* and
  *NovaLiveMigrationPermitAutoConverge*. These flags are automatically
  enabled if hugepages are detected, but operators can override these
  settings.

* Add NovaLibvirtMaxQueues role parameter to set
  [libvirt]/max_queues in nova.conf of the compute. Default 0
  corresponds to not set meaning the legacy limits based on the
  reported kernel major version will be used.

* The new "SshServerOptionsOverrides" parameter has been added. This
  parameter can be used to override a part of sshd_config, which is
  defined by the "SshServerOptions".


Known Issues
************

* Cell_v2 discovery has been moved from the nova-compute|nova-ironic
  containers as this requires nova api database credentials which must
  not be configured for the nova-compute service. As a result scale-up
  deployments which explicitly omit the Controller nodes will need to
  make alternative arrangements to run cell_v2 discovery. Either the
  nova-manage command can be run manually after scale-up, or an
  additional helper node using the NovaManage role can be deployed
  that will be used for this task instead of a Controller node. See
  Bug: 1786961 (https://launchpad.net/bugs/1786961) and Bug: 1871482
  (https://launchpad.net/bugs/1871482).


Deprecation Notes
*****************

* Some parameters within ThalesVars have been deprecated.  These are
  - thales_hsm_ip_address and thales_hsm_config_location.  See
  environments/barbican-backend-pkcs11-thales.yaml for details.


Bug Fixes
*********

* When deploying a spine-and-leaf (L3 routed architecture) with TLS
  enabled for internal endpoints the deployment would fail because
  some roles are not connected to the network mapped to the service in
  ServiceNetMap. To fix this issue a role specific parameter
  "{{role.name}}ServiceNetMap" is introduced (defaults to: "{}"). The
  role specific ServiceNetMap parameter allow the operator to override
  one or more service network mappings per-role. For example:

     ComputeLeaf2ServiceNetMap:
       NovaLibvirtNetwork: internal_api_leaf2

  The role specific "{{role.name}}ServiceNetMap" override is merged
  with the global "ServiceNetMap" when it's passed as a value to the
  "{{role.name}}ServiceChain" resources, and the "{{role.name}}"
  resource groups so that the correct network for this role is mapped
  to the service.

  Closes bug: 1904482
  (https://bugs.launchpad.net/tripleo/+bug/1904482).

* Previously, HorizonDebug and Debug parameters change the value of
  horizon::django_debug. However, those parameters didn't set DEBUG
  log level to horizon logger components. By this change, if those are
  true, horizon::log_level is set to 'DEBUG'.

* Do not relabel Swift files on every container (re-)start. These
  will be relabeled already in step 3 preventing additional delays.

Changes in tripleo-heat-templates 12.4.2..12.4.3
------------------------------------------------

560d98396 [update][upgrade] Use container-tools:3.0
83210e340 Move tmpwatch from cron.daily to actual root crontab
2a97154ef OVNChassisMacPorts for distributed VLAN
a900a8055 Updating settings description
7e4bb3623 live_migration setting should be under libvirt namespace
d690b41ef Create OVNMacAddrNet network on Undercloud
5d62f6642 Set toplevel nova::dhcp_domain for all nova services
d96f77930 Support configuring cinder's RPC and WSGI timeouts
b561d3a9f Add legacy fact setting
82e4cccce Allow configuring cinder mount point for glance cinder store
36e28d2d3 Check Ceph cluster healthy state before starting FS to BS playbook
284629a87 Make UpgradeInitCommand and UpgradeLeapp{ToRemove,ToInstall,CommandOptions} per-role
33b47f479 Fix start order for {swift_proxy,glance_api}_tls_proxy
9db6db69a Stop ironic services in unupgraded controllers
34c96db0e Stop barbican servics in unupgraded controllers
7281bb019 Add posibilities to set ovndbs monitor interval
698cfa661 Upgrade mariadb storage during upgrade tasks
d5899589d Add delegate_fact_hosts: false on ci scenarios
1f8d90c29 Remove tripleo_transfer cleanup.yml reference
e140e22e1 Add TLS capabilities to Memcached service
f54ca2506 Make content provider depend on tox-pep8/tht on check layout
c6e9974ba Change play name
6997676b1 Use include task for host prep tasks
603beaa02 Use ansible_facts instead
0d88e0e20 Enabling 'cinder_use_multipath' if cinder multipath is enabled
cc9a390b5 Drop service facts usage
bc1fd4741 Fix redis_tls_proxy
6de73eca7 Don't try creating default admin and member roles
ac11fc15c Stop non-pcmk services of manila and cinder during upgrade
4e2e984b9 Add parameters to allow multiple nshield HSMs
7f8e32bef Fix logic to honor HorizonDebug
0502fb1aa Set 'DEBUG' to horizon::log_level if HorizonDebug or Debug is true
cde398d9b Add a new role parameter rhsm_enforce.
341fbc46e Always set NetworkDeploymentActions to its default
9740d89f1 Stop octavia servics in unupgraded controllers
c77472ec3 Add ContainerDefaultPidsLimit to set default pid limits in containers.conf
f2602657a per_node is not parsing generated json
633ad7781 Problematic nested quotes in hieradata file list
b188630e8 Use Ceph cluster name when setting minimum client version
2be083bf2 Make DnfStreams support RoleParameters
9a8c007da Move cell_v2 discovery off compute hosts
ace7eb7d6 Refactor nova db config
d38c3df91 Make NovaComputeOptVolumes and NovaComputeOptEnvVars role aware
43c02ebc9 Add post delay to reboot
4b8a18069 Enforces minimum Ceph client version to Mimic
cbc5d0e6e Deprecate environments/dcn-hci.yaml for dcn-storage.yaml
2c298e231 Split network validation to it's own play
cb8e846ea Force json output format for hiera in derive pci whitelist
59b2d7618 Remove External{Internal,Public,Admin}Url parameters
e21b9f8dd Add NovaLibvirtMaxQueues role parameter to set [libvirt]/max_queues
81a184033 Revert "Reset sriov_numvfs to 0 before leapp upgrade"
3bd9c10e8 Use include_role for conditional inclusion
d9414af71 Use Ceph-NFS for Manila in scenario004
83ba65e3a Serialize shutdown of pacemaker nodes
4dac4701f Deleting nova-consoleauth services in post-upgrade
38d6c5932 Live migration optimization with HP
9998bfc5d Making sure virt-guest-shutdown.target exists
114ba5dd4 Remove ffwd lifecycle environment files.
c04572dbb Remove pcs/pacemaker package installation from upgrade tasks
c9ffe726f Fix unreachable handling
3f93e3a15 Update container-config-scripts/ folder content before update_tasks.
826221eb4 Do not relabel Swift files on every container start
7c01d809d Make it possible to override ServiceNetMap per-role
94236c757 Fix ownership of octavia_rsyslog log directory
220bf13a2 Configure OVNCMSOptions=enable-chassis-as-gw within neutron-ovn-sriov.yaml
1484c4560 nova: Use LIBGUESTFS_BACKEND=direct
1a085631c [Ussuri and older] Set python_cmd where we need it
ef0675dc0 Ensure cloud-init has finished before puppet run
26298a65c Allow partial override about SshServerOptions
5e9a03d91 Switch host sshd configuration to ansible


Diffstat (except docs and test files)
-------------------------------------

ci/environments/multinode-containers.yaml          |   1 +
ci/environments/scenario001-standalone.yaml        |   1 +
ci/environments/scenario004-standalone.yaml        |   6 +
common/common-container-config-scripts.yaml        |  17 +++
common/deploy-steps-playbooks-common.yaml          |  20 ++-
common/deploy-steps-tasks-step-0.j2.yaml           |  17 +++
common/deploy-steps-tasks-step-1.yaml              |  33 +----
common/deploy-steps-tasks.yaml                     |   6 +-
common/deploy-steps.j2                             |  24 ++-
common/generate-config-tasks.yaml                  |  19 ++-
common/host-container-puppet-tasks.yaml            |  21 ++-
container_config_scripts/mysql_upgrade_db.sh       |  15 ++
.../pacemaker_mutex_shutdown.sh                    | 120 +++++++++++++++
.../pacemaker_resource_lock.sh                     |  34 ++++-
.../barbican/barbican-api-container-puppet.yaml    |  28 +++-
deployment/ceph-ansible/ceph-base.yaml             |  11 ++
deployment/ceph-ansible/ceph-mon.yaml              |  28 ++++
deployment/ceph-ansible/ceph-rgw.yaml              |   4 -
deployment/cinder/cinder-api-container-puppet.yaml |  11 +-
.../cinder/cinder-backup-container-puppet.yaml     |  15 ++
.../cinder/cinder-backup-pacemaker-puppet.yaml     |   2 +-
deployment/cinder/cinder-base.yaml                 |   5 +
.../cinder/cinder-volume-container-puppet.yaml     |  15 ++
.../cinder/cinder-volume-pacemaker-puppet.yaml     |   2 +-
deployment/containers-common.yaml                  |   3 +
deployment/database/mysql-base.yaml                |   6 +
deployment/database/mysql-container-puppet.yaml    |  51 +++++--
deployment/database/mysql-pacemaker-puppet.yaml    |  52 +++----
deployment/database/redis-pacemaker-puppet.yaml    |  24 ++-
deployment/glance/glance-api-container-puppet.yaml |  14 +-
deployment/haproxy/haproxy-pacemaker-puppet.yaml   |   4 +-
deployment/haproxy/haproxy-public-tls-inject.yaml  |   2 +-
deployment/horizon/horizon-container-puppet.yaml   |  24 ++-
deployment/ipa/ipaservices-baremetal-ansible.yaml  |   4 +-
deployment/ironic/ironic-api-container-puppet.yaml |  14 ++
.../ironic/ironic-conductor-container-puppet.yaml  |  15 ++
.../ironic/ironic-inspector-container-puppet.yaml  |  16 ++
deployment/ironic/ironic-pxe-container-puppet.yaml |  16 ++
.../logrotate-crond-container-puppet.yaml          |  45 ++++--
deployment/manila/manila-api-container-puppet.yaml |  15 ++
.../manila/manila-scheduler-container-puppet.yaml  |  15 ++
.../manila/manila-share-container-puppet.yaml      |  15 ++
.../manila/manila-share-pacemaker-puppet.yaml      |   2 +-
.../memcached/memcached-container-puppet.yaml      | 115 +++++++++++----
deployment/metrics/collectd-container-puppet.yaml  |   2 +-
.../neutron/derive_pci_passthrough_whitelist.py    |   2 +-
.../neutron-sriov-agent-container-puppet.yaml      |  31 +---
deployment/nova/nova-api-container-puppet.yaml     |  38 +++--
deployment/nova/nova-apidb-client-puppet.yaml      |  78 ++++++++++
deployment/nova/nova-base-puppet.yaml              |  74 +---------
.../nova/nova-compute-common-container-puppet.yaml |  22 ++-
deployment/nova/nova-compute-container-puppet.yaml | 163 +++++++++++++++++----
.../nova/nova-conductor-container-puppet.yaml      |  60 ++++++--
deployment/nova/nova-db-client-puppet.yaml         |  80 ++++++++++
deployment/nova/nova-ironic-container-puppet.yaml  |  28 ++--
deployment/nova/nova-libvirt-container-puppet.yaml |  11 +-
deployment/nova/nova-manager-container-puppet.yaml | 105 +++++++++++++
.../nova/nova-metadata-container-puppet.yaml       |  45 ++++--
.../nova/nova-scheduler-container-puppet.yaml      |  31 +++-
.../nova/nova-vnc-proxy-container-puppet.yaml      |  53 ++++++-
deployment/nova/novajoin-container-puppet.yaml     |   6 +-
.../octavia/octavia-api-container-puppet.yaml      |  15 ++
.../octavia/octavia-deployment-config.j2.yaml      |   4 +-
.../octavia-health-manager-container-puppet.yaml   |  20 ++-
.../octavia-housekeeping-container-puppet.yaml     |  15 ++
.../octavia/octavia-worker-container-puppet.yaml   |  19 ++-
deployment/ovn/ovn-dbs-pacemaker-puppet.yaml       |  16 +-
.../pacemaker/pacemaker-baremetal-puppet.yaml      |   6 +
deployment/podman/podman-baremetal-ansible.yaml    |   7 +
...rabbitmq-messaging-notify-pacemaker-puppet.yaml |   2 +-
.../rabbitmq-messaging-pacemaker-puppet.yaml       |   2 +-
.../rabbitmq-messaging-rpc-pacemaker-puppet.yaml   |   2 +-
deployment/sshd/sshd-baremetal-ansible.yaml        | 105 +++++++++++++
deployment/sshd/sshd-baremetal-puppet.yaml         |  10 +-
.../external-swift-proxy-baremetal-puppet.yaml     |  49 +------
deployment/swift/swift-proxy-container-puppet.yaml |   1 +
.../swift/swift-storage-container-puppet.yaml      |   7 +-
deployment/timesync/chrony-baremetal-ansible.yaml  |  11 +-
deployment/tls/undercloud-tls.yaml                 |   6 +-
.../tripleo-packages-baremetal-puppet.yaml         |  57 +++++--
deployment/undercloud/undercloud-upgrade.yaml      |   4 +-
environments/barbican-backend-pkcs11-thales.yaml   |  22 ++-
environments/dcn-hci.yaml                          |   3 +
environments/dcn-storage.yaml                      |  57 +++++++
environments/lifecycle/ffwd-upgrade-converge.yaml  |   9 --
environments/lifecycle/ffwd-upgrade-prepare.yaml   |  10 --
.../lifecycle/undercloud-upgrade-prepare.yaml      |   2 +-
environments/lifecycle/update-prepare.yaml         |   2 +-
environments/lifecycle/upgrade-prepare.yaml        |   2 +-
environments/services/neutron-ovn-dvr-ha.yaml      |   2 -
environments/services/neutron-ovn-ha.yaml          |   4 -
environments/services/neutron-ovn-sriov.yaml       |   6 +-
environments/standalone/standalone-overcloud.yaml  |   2 +
environments/standalone/standalone-tripleo.yaml    |   2 +
environments/undercloud.yaml                       |   4 +
environments/undercloud/undercloud-minion.yaml     |   2 +
network/networks.j2.yaml                           |   3 +
network/ovn_mac_addr_net.yaml                      |  37 +++++
network/ports/ovn_mac_addr_port.yaml               |  27 ++++
overcloud-resource-registry-puppet.j2.yaml         |   9 +-
overcloud.j2.yaml                                  |  26 +++-
puppet/extraconfig/pre_deploy/per_node.yaml        |  12 +-
puppet/role.role.j2.yaml                           |  34 +++++
...ount-point-base-parameter-852554398b9f3a19.yaml |   7 +
.../notes/barbican-thales-ha-581fbe9b5ef4dc87.yaml |  11 ++
.../notes/bug-1904482-dbc5162c8245a9b3.yaml        |  21 +++
...v2_discovery_off_computes-2b977c6b9a01cde2.yaml |  13 ++
...er-add-timeout-parameters-54550a6e1c11c0b9.yaml |   6 +
.../dcn-hci-storage-rename-0b1c17dd50f4cc9a.yaml   |   8 +
.../horizon_logger_debug-cd70c45c1b695e4b.yaml     |   8 +
.../monitor_interval_ovndbs-b14c886737965300.yaml  |   9 ++
...mit-postcopy-autoconverge-ca1719fd2abed45f.yaml |   8 +
.../nova_libvirt_max_queues-8024fc63105bd25d.yaml  |   6 +
...-server-options-overrides-f677913bfd65efe1.yaml |   6 +
.../swift-prevent-relabeling-b9721aa5a1abda6e.yaml |   5 +
roles/CephFile.yaml                                |   1 +
roles/CephObject.yaml                              |   1 +
roles/CephStorage.yaml                             |   1 +
roles/NovaManager.yaml                             |  37 +++++
roles/README.rst                                   |   6 +
roles/Standalone.yaml                              |   3 +
roles_data.yaml                                    |   1 +
sample-env-generator/dcn.yaml                      |  11 +-
sample-env-generator/standalone.yaml               |   9 +-
sample-env-generator/undercloud-minion.yaml        |   8 +-
tools/yaml-validate.py                             |   7 +-
zuul.d/layout.yaml                                 |   5 +
127 files changed, 2073 insertions(+), 496 deletions(-)







More information about the Release-announce mailing list