# Queens Series Release Notes¶

## 8.4.6¶

### Bug Fixes¶

• Fixes and issue where the PXE filter in ironic-inspectors DHCP server may become out of sync with the ironic-inspector service. Bug 1780421.
• Set the connect_timeout to 60s for mysql connections. This helps fix an issue where undercloud services lose the mysql connection if it takes more than 10s to complete (eg under high load).

## 8.4.4¶

### Bug Fixes¶

• Enforce a restart of rsyslog after installing Swift rpms. Otherwise all Swift logs end up in /var/log/messages instead of /var/log/swift/swift.log

## 8.4.2¶

### New Features¶

• Introduce docker_insecure_registries that is an array of host/port combiniations of docker insecure registries. The default value will be the previous parameter that were hardcoded, but now we can easily override it in undercloud.conf.

## 8.4.1¶

### Bug Fixes¶

• Fixes bug 1757418. The route to the metadata service on the local subnet was incorrectly set to the gateway. It is now set to the local_ip of the undercloud.
• Using the dnsmasq PXE filter for inspection fixes bug

## 8.4.0¶

### New Features¶

• The undercloud now uses the baremetal neutron ML2 mechanism driver, and the l2 agent ironic-neutron-agent. This enables the possibility to use neutron routed networks in the undercloud.

• During an upgrade to this release, a migration of all nodes from classic drivers to hardware types will be attempted. For some nodes it may result in non-supported optional interfaces (like “agent” RAID or shellinabox console) to be reset to their no-op implementations (like “no-raid” RAID or “no-console” console). Nodes that cannot be upgraded will be skipped. Manual upgrade will be required, since the classic drivers may be removed in the Rocky release.

### Security Issues¶

• Restrict memcached service to TCP and localhost network (CVE-2018-1000115).

## 8.3.0¶

### Prelude¶

With support for routed networks, several options are deprecated and the way undercloud networking is defined in the configuration file has several changes. Please refer to the Deprecation Notes and Upgrade notes section for details.

### New Features¶

• Routed networks support adds the ability to configure Ironic Inspector and Neutron provisioning network in the undercloud to enable provisioning of nodes via DHCP-relay to the undercloud from remote routed network segments. Routed networks is by default disabled, to enable set option enable_routed_networks to True in undercloud.conf.

Note

Changing the enable_routed_networks option after the initial undercloud installation is not possible.

• If you had cron triggers for Mistral in the undercloud, they will now only execute at most every 10 minutes. Previously they could run as frequently as every second.
• With support for routed network segments, several options are deprecated and the way undercloud networking is defined in the configuration file has several changes.

New option: subnets A list of subnets. One entry for each routed network segment used for provisioning and introspection. For each network segment a section/group needs to be added to the configuration file specifying the following subnet options:

option Description
cidr Network CIDR for the subnet.
dhcp_start Start of DHCP allocation range for PXE and DHCP.
dhcp_end End of DHCP allocation range for PXE and DHCP.
inspection_iprange Temporary IP range that will be given to nodes during the inspection process.
gateway Network(subnet) gateway/router.
masquerade (Boolean) If True the undercloud will masquerade this network for external access.

New option: local_subnet The name of the local subnet, where the PXE boot and DHCP interfaces for overcloud instances is located. The IP address of the local_ip/local_interface should reside in this subnet.

Note

Upgrade with migration to routed networks support is not possible.

Routed networks use the neutron segments service_plugin, this plugin adds functionality that allows subnet to be associated with a network segment. It is currently not possible to add segment association to an existing subnet, because of this we cannot add segment association to the existing ctlplane subnet on the upgraded undercloud. The existing ctlplane network and subnet will still be in place after an upgrade and the upgraded undercloud can continue to manage the existing overcloud.

The following example shows what changes to make to the configuration to move to the new model.

Replace usage of deprecated options:

[DEFAULT]
network_gateway = 192.168.24.1
network_cidr = 192.168.24.0/24
dhcp_start = 192.168.24.5
dhcp_end = 192.168.24.24
inspection_iprange = 192.168.24.100,192.168.24.120


replace with:

[DEFAULT]
subnets = subnet0
local_subnet = subnet0

[subnet0]
cidr = 192.168.24.0/24
dhcp_start = 192.168.24.5
dhcp_end = 192.168.24.24
inspection_iprange = 192.168.24.100,192.168.24.120
gateway = 192.168.24.1


### Deprecation Notes¶

• With support for routed networks/subnets the network_gateway option in the [DEFAULT] section is deprecated. Moved to per-subnet options group.
• With support for routed networks/subnets the network_cidr option in the [DEFAULT] section is deprecated. Moved to per-subnet options group.
• With support for routed networks/subnets the dhcp_start and dhcp_end options in the [DEFAULT] section are deprecated. Moved to per-subnet options group.
• With support for routed networks/subnets the inspection_iprange option in the [DEFAULT] section is deprecated. Moved to per-subnet options group.
• With support for routed networks/subnets the masquerade_network option in the [DEFAULT] section is deprecated. Use the boolean option in each subnet group.

### Bug Fixes¶

• Fixed an incompatability with mistralclient 3.2.0, where a different exception type was raised and thus not handled during the undercloud install post config. See #1749186

## 8.2.0¶

### New Features¶

• The ansible deploy interface is enabled by default. It can be used by updating a node with the following command:

openstack baremetal node set <NODE> --deploy-interface ansible \
--driver-info ansible_deploy_key_file=<SSH_KEY_FILE>

• Adds support for using oVirt with Ironic via the new staging-ovirt hardware type. The hardware type is not enabled by default and requires installing the ovirt-engine-sdk-python package.

## 8.1.0¶

### New Features¶

• Increasing the heat db-sync from 5 to 15 minutes. During an undercloud upgrade, the database can be very big and the dbsync needs at least 10 minutes to run. So we override the Puppet default value of 5 minutes to have a timeout of 15 minutes for production deployments.
• The hardware types ilo and idrac are now enabled by default.
• Added support for the following hardware types: cisco-ucs-managed, cisco-ucs-standalone, idrac, ilo, irmc, snmp.

• Classic drivers are going to be deprecated soon, it is recommended to switch all overcloud nodes to matching hardware types. See the hardware types migration documentation for the detailed procedure.
• As part of migration to hardware types, the default value of the discovery_default_driver option was changed from pxe_ipmitool to ipmi.

### Deprecation Notes¶

• The enabled_drivers option is deprecated, please use enabled_hardware_types. Make sure to switch your nodes to hardware types before disabling drivers.

### Bug Fixes¶

• Drop ceilometer collector from undercloud. This was moved into legacy mode in Pike and deprecated.
• Remove legacy ceilometer api from undercloud. This was moved to legacy mode in Pike.
• Fix panko ssl port to match puppet-tripleo haproxy resource.

## 8.0.0¶

### New Features¶

• In this release the Heat convergence engine has been enabled on the undercloud, which allows multiple stack updates to be run at the same time.
• Mistral is now deployed with Keystone v3 options (authtoken).

### Known Issues¶

• Keystone v2.0 APIs were removed so we now need to configure project_domain_name and user_domain_name to enable v3 API. We’re using the Default domain since it was already in-use.