Stein Series Release Notes

Stein Series Release Notes

14.3.0

Prelude

In this release Ubuntu has moved all projects that supported it to python3 which means that there will be a lot of changes. The Puppet OpenStack project does not test the upgrade path from python2 to python3 packages so there might be manual steps required when moving to the python3 packages.

New Features

  • Add new parameter, “workers” to health_manager which defaults to $::os_workers
  • Added octavia::api::provider_drivers and octavia::api::default_provider_driver configuration to support configuring different load balancer drivers in octavia.
  • Service_token_roles_required missing in the server config file which allows backwards compatibility to ensure that the service tokens are compared against a list of possible roles for validity.

Upgrade Notes

  • This module now requires a puppetlabs-mysql version >= 6.0.0
  • Ubuntu packages are now using python3, the upgrade path is not tested by Puppet OpenStack. Manual steps may be required when upgrading.

14.2.0

New Features

  • Added octavia::controller::controller_ip_port_list which can be used to configure the [health_manager]/controller_ip_port_list configuration option.
  • Adds the service_description option to config description of the service.

Upgrade Notes

  • octavia::logging is now not included in init class by default.
  • The deprecated parameter auth_uri is now removed, please use www_authenticate_uri.

Deprecation Notes

  • check_revocations_for_cached option is now deprecated for removal, the parameter has no effect.
  • hash_algorithms option is now deprecated for removal, the parameter has no effect.

Security Issues

  • Certificate changes no longer shows diffs in output.

Bug Fixes

  • Fixed a bug where certificate folders that depended on paths provided by packages failed.
  • Fixed a bug where certificate changes would show the diffs. Certificate are now considered secrets and not displayed.

14.1.0

New Features

  • Added new parameter octavia::api::allow_tls_terminated_listeners which can be used to set the allow_tls_terminated_listeners config option.
  • Added new parameters octavia::api::api_v1_enabled and api_v2_enabled that can be used for enable/disable the API versions.
  • Listeners default timeouts can be set by config in section haproxy_amphora:

    • timeout_client_data: Frontend client inactivity timeout
    • timeout_member_connect: Backend member connection timeout
    • timeout_member_data: Backend member inactivity timeout
    • timeout_tcp_inspect: Time to wait for TCP packets for content inspection

    The value for all of these options is expected to be in milliseconds.

  • Added new parameter cert_generator, cert_manager, region_name and endpoint_type to the octavia::certificates class that configures the certificates section in the octavia.conf file.
  • Added new parameter client_ca and client_data_data to octavia::certificates. These can be used to separate the ca_certificate/server_ca and client_ca used which is something you want to do in production environment to avoid a compromised Amphora being able to connect to the other running amphoras.
  • Added new parameter octavia::worker::workers that can be used to set the number of worker processes.
  • Added all databases parameters in octavia::db in octavia::init.
  • Added new class octavia::wsgi::apache, you can now run the API under Apache with mod_wsgi.
  • Added new octavia::glance class that can be used to configure the glance section in octavia.conf
  • Added new octavia::neutron class that can be used to configure the neutron section in octavia.conf
  • Added new octavia::nova class that can be used to configure the nova section in octavia.conf
  • When certificate data or file paths change in octavia::certificates it will not cause a restart of the Octavia services so that for example the octavia-worker service can use the new certificates.

Upgrade Notes

  • The octavia::db class should now be considered a private class. You should set all your database parameters in the init class.
  • Octavia option [haproxy_amphora]/key_path will no longer be set. None of the maintained Octavia releases support it (removed in Mitaka).
  • If you want to use the new octavia::controller class you must define it before the octavia::worker class.

Deprecation Notes

  • The following octavia::worker parameters are deprecated and have been moved to octavia::controller class. When you start using octavia::controller make sure it’s defined before octavia::worker.

    • amp_flavor_id
    • amp_image_tag
    • amp_secgroup_list
    • amp_boot_network_list
    • loadbalancer_topology
    • amphora_driver
    • compute_driver
    • network_driver
    • amp_ssh_key_name
    • enable_ssh_access
    • timeout_member_connect
    • timeout_member_data
    • timeout_tcp_inspect

Bug Fixes

  • There are a couple of configuration options that need to be set not only for the worker but also for other Octavia services. For example, on a composable node deployment where the API runs on a separate node than the rest of the Octavia services, the network driver was not being set (hence defaulting to noop driver) while for the worker the driver was allowed_address_pairs_driver. Another example is the database that was only being set for the API service. Such configuration misalignment and omissions lead to operate Octavia services and its resources.
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.