[release-announce] tripleo-heat-templates 12.4.4 (ussuri)

no-reply at openstack.org no-reply at openstack.org
Mon Jun 14 10:03:28 UTC 2021 

We are stoked to announce the release of:

tripleo-heat-templates 12.4.4: Heat templates for deploying OpenStack
with OpenStack.

This release is part of the ussuri stable release series.

The source is available from:

    https://opendev.org/openstack/tripleo-heat-templates

Download the package from:

    https://tarballs.openstack.org/tripleo-heat-templates/

Please report issues through:

    https://bugs.launchpad.net/tripleo/+bugs

For more details, please see below.

12.4.4
^^^^^^


New Features
************

* Added new options for deploying Barbican with PKCS#11 backends:
  *BarbicanPkcs11CryptoTokenLabels* and
  *BarbicanPkcs11CryptoOsLockingOk*

* The "OS::TripleO::{{role.name}}::PreNetworkConfig" resource has
  been restored. This resource can be used to implement any
  configuration steps executed before network configurations are
  applied.

* The MariaDB tuning parameter for Innodb_buffer_pool_size can now
  be set via a new TripleO Heat Template parameter
  'MysqlInnodbBufferPoolSize'. By default this is undefined.

* *QemuDefaultTLSVerify* will allow operators to enable or disable
  TLS client certificate verification. Enabling this option will
  reject any client who does not have a certificate signed by the CA
  in /etc/pki/qemu/ca-cert.pem. The default is true and matches
  libvirt's. We will want to disable this by default in train.

* The nova-ironic setting for 'max_concurrent_builds' can now be set
  via the use of a new TripleO Heat templates parameter
  'IronicMaxConcurrentBuilds'. It is set to the service default of 10
  by default in TripleO Heat templates.

* Adding ptp parameters for timemaster service configuration on
  overcloud compute node.Timemaster will use already present chrony
  parameters. PTPMessageTransport, PTPInterfaces are added new.


Deprecation Notes
*****************

* The *BarbicanPkcs11CryptoTokenLabel* option has been deprecated
  and replaced with the *BarbicanPkcs11CryptoTokenLabels* option.


Bug Fixes
*********

* Now "ExtraConfigPre" resource and "NodeExtraConfig" resource are
  executed after network configurations are applied in nodes. This is
  consitent with the previous version with heat software deployment
  mechanism instead of config-download.

* Previously access to the sshd running by the nova-migration-target
  container is only limited via the sshd_config. While login is not
  possible from other networks, the service is reachable via all
  networks. This change limits the access to the NovaLibvirt and
  NovaApi networks which are used for cold and live-migration.

* Nova vnc configuration right now uses NovaVncProxyNetwork,
  NovaLibvirtNetwork and NovaApiNetwork to configure the different
  components (novnc proxy, nova-compute and libvirt) for vnc. If one
  of the networks get changed from internal_api, the service
  configuration between libvirt, nova-compute and novnc proxy gets
  inconsistent and the console is broken. This changed to just use
  NovaLibvirtNetwork for configuring the vnc endpoints and removes
  NovaVncProxyNetwork completely.

Changes in tripleo-heat-templates 12.4.3..12.4.4
------------------------------------------------

8e31cbf17 Allow customizing podman's [engine]/events_logger
a4e6c8e3c Add dependency on OVNMacAddressNetwork for role ResourceGroup
95835538c Unify cinder's volume and backup kolla_config settings
76059627b Disable tunnelled migration
c06ccdffc Add new options for Barbican PKCS#11 backend
ad5ab191e Correct metrics_qdr logging path and regex parsing
e5d189443 Fix network_cidrs when ManageNetworks: false
3d48d87ed Set tags on all OS::Neutron::Port resources
752498922 Add tags to THT network resources
8014ae223 Add OVNEncapType option to the ovn controller template
976a5e905 Run update tasks with become
0e8be5508 Disable tunneled mode when use_tls_for_live_migration
e5cba2899 Re-add NovaVncProxyNetwork to service_net_map.j2.yaml
ef575f87f Restore PreNetworkConfig resources
c5e24795f Fix RoleParameters in tuned-baremetal-ansible.yaml
9bbd4fe55 Don't assume role has default_route_networks/tags
0a16f3a30 Stop handler flush
eafdee6ae HA: fix race when moving VIP during minor update
dbfc51597 Switch Octavia external tasks to 'post deploy'
4abeffe64 Stop using (and breaking) /var/tmp for horizon temporary things
010febfbd Moving nova-consoleauth to step4
dfb282b50 Missing client certificate for live-migration with TLS
35b9949dd Add RootStackName to group_vars
d81c5544d Add systemd dependency to openvswitch to ovn-controller
10d541806 Disabling LM PostCopy and AutoConverge for RT roles
6342deafc Mount /etc/openldap inside the keystone container
1325566ba Ensure ansible_fqdn is set
124419ca7 Use single NovaLibvirtNetwork to configure instance console components
85e89060b Limit access to sshd used for nova migration
59fcd220f Remove ovn-cms-options from OVS when OVNCMSOptions is set to ""
96d50af58 Expose Innodb_buffer_pool_size
1265a63ed Add OVN chassis macs to hieradata
dd496f06c Refactor OVNMacAddressNetwork
cab6bbd6c Config parameters for timemaster service
c2ba66915 [OVN] Remove check for OVN + Availability Zones
b17267791 Expose mistral::rpc_response_timeout as a Heat parameter
dd24b3133 Expose max_concurrent_builds as a Heat parameter
8bc099057 ovn: Add neutron-cleanup


Diffstat (except docs and test files)
-------------------------------------

common/deploy-steps.j2                             |  37 ++++-
common/hiera-steps-tasks.yaml                      |   1 +
deployed-server/ctlplane-port.yaml                 |   8 +
deployed-server/deployed-neutron-port.yaml         |  11 ++
deployed-server/deployed-server.yaml               |   8 +
.../barbican/barbican-api-container-puppet.yaml    |  20 ++-
.../barbican-backend-pkcs11-crypto-puppet.yaml     |  16 +-
.../cinder/cinder-backup-container-puppet.yaml     |  51 +-----
.../cinder/cinder-backup-pacemaker-puppet.yaml     |  31 +---
.../cinder/cinder-common-container-puppet.yaml     |  52 +++++++
.../cinder/cinder-volume-container-puppet.yaml     |  36 +----
.../cinder/cinder-volume-pacemaker-puppet.yaml     |  23 +--
deployment/database/mysql-base.yaml                |  11 ++
deployment/horizon/horizon-container-puppet.yaml   |  23 ++-
deployment/ipa/ipaservices-baremetal-ansible.yaml  |   9 ++
deployment/keystone/keystone-container-puppet.yaml |   1 +
deployment/metrics/qdr-container-puppet.yaml       |   4 +-
deployment/mistral/mistral-base.yaml               |   6 +-
.../neutron/neutron-api-container-puppet.yaml      |   3 +-
.../neutron/neutron-dhcp-container-puppet.yaml     |   4 +-
deployment/nova/nova-compute-container-puppet.yaml |  49 +++---
deployment/nova/nova-ironic-container-puppet.yaml  |   9 ++
deployment/nova/nova-libvirt-container-puppet.yaml |  14 +-
.../nova-migration-target-container-puppet.yaml    |  38 +++--
.../nova/nova-vnc-proxy-container-puppet.yaml      |  33 ++--
.../octavia/octavia-deployment-config.j2.yaml      |   5 +-
.../ovn/ovn-controller-container-puppet.yaml       |  27 +++-
.../pacemaker/pacemaker-baremetal-puppet.yaml      |   4 +-
deployment/podman/podman-baremetal-ansible.yaml    |   9 ++
.../timemaster/timemaster-baremetal-ansible.yaml   | 171 +++++++++++++++++++++
deployment/timesync/chrony-baremetal-ansible.yaml  |   2 -
deployment/tls/undercloud-tls.yaml                 |   3 +
deployment/tuned/tuned-baremetal-ansible.yaml      |  19 ++-
environments/barbican-backend-pkcs11-atos.yaml     |  13 +-
environments/barbican-backend-pkcs11-lunasa.yaml   |   3 +-
environments/barbican-backend-pkcs11-thales.yaml   |   3 +-
environments/network-isolation-v6-all.j2.yaml      |   2 +-
.../config/2-linux-bonds-vlans/role.role.j2.yaml   |   8 +-
network/config/bond-with-vlans/role.role.j2.yaml   |   6 +-
.../config/multiple-nics-vlans/role.role.j2.yaml   |  14 +-
network/config/multiple-nics/role.role.j2.yaml     |  12 +-
.../role.role.j2.yaml                              |   4 +-
network/config/single-nic-vlans/role.role.j2.yaml  |   4 +-
network/network.j2                                 |  46 +++---
network/networks.j2.yaml                           |   3 -
network/ports/ctlplane_vip.yaml                    |  16 +-
network/ports/from_service.yaml                    |   3 +
network/ports/from_service_v6.yaml                 |   3 +
network/ports/noop.yaml                            |  13 ++
network/ports/ovn_mac_addr_port.yaml               |  16 ++
network/ports/port.j2                              |  39 +++++
network/ports/port_from_pool.j2                    |  13 ++
network/ports/vip.yaml                             |  15 ++
network/ports/vip_v6.yaml                          |  16 +-
overcloud-resource-registry-puppet.j2.yaml         |   4 +-
overcloud.j2.yaml                                  |  21 ++-
puppet/role.role.j2.yaml                           |  15 +-
...r-barbican-pkcs11-options-a2ec14369518b40e.yaml |   9 ++
.../notes/bug-1907214-df2f07cbacbe8a24.yaml        |  13 ++
.../innodb-tuning-param-e71d2fd727c450ec.yaml      |   6 +
...introducing-qemutlsverify-af590e0243fe6b08.yaml |   9 ++
...ova-max_concurrent_builds-f900d84f35704452.yaml |   6 +
...va_migration_limit_access-20be8d69686ca95c.yaml |   8 +
.../notes/nova_novnc_network-83a1479bf227f867.yaml |  10 ++
...dd_support_for_timemaster-a8dc3e4d5db4e8b3.yaml |   7 +
tools/process-templates.py                         |   5 +
66 files changed, 821 insertions(+), 282 deletions(-)

More information about the Release-announce mailing list