Release notes are generated by Reno.
- Add networking-fujitsu support to Neutron ML2 profile.
- Split OVN plugin and northd configuration.
- Introduce tripleo::tls_proxy used to set up a TLS proxy using mod_proxy that redirects towards localhost.
- HPELeftHandISCSIDriver support for Cinder Volume profile.
- Add support for CollectD profile, for performance monitoring.
- Configure Nova Cells v2 database, required in Ocata.
- Configure the basic setup for Nova Cells v2.
- Support for opendalight_v2 mechanism_driver in Neutron ML2 profile.
- Support for Ceph MDS service profile.
- Add IPv6 support to Firewall rules. It will create both IPv4 & IPv6 rules at the same time. It automatically converts icmp rules to ipv6-icmp. When a source or destination is specified, it will only create rules to the right version of IP that is needed.
- Add support for not using admin_token in Ceph/RGW profile.
- Add Docker Registry profile.
- Add Nova Placement API profile.
- Add etcd profile, used by networking-vpp ML2 plugin.
- Add profiles for Octavia services.
- Enable object-expirer on Swift proxy profile.
- Set memcache_servers in /etc/swift/object-expirer.conf.
- Add support for fence_ironic fencing agent.
- Add a noop_resource function, which allow to disable any resource type in a catalog, with –tags option to puppet apply.
- Add Ceph RBD mirrog Pacemaker profile.
- Remove Glance Registry profile, not used anymore. Glance API v1 is not available anymore.
- Add support for Pacemaker Remote with a new profile.
- Updates Pacemaker profiles for Composable HA architecture.
- Add a default rule for dhcpv6 traffic.
- Re-organizes Contrail services to the correct roles.
- Set innodb_file_per_table to ON for MySQL / Galera
- Switch Nova / Libvirt VNC server binding to use the IP address provided in Hiera instead of 0.0.0.0.
- Proxy API endpoints that TripleO UI uses.
- Rebranding of Eqlx to Dell EMC PS Series.
- Add support for ScaleIO backend in Cinder Volume profile.
- Add support to changing the Rabbitmq password on stack-update.
- Add profiles for the Octavia LBaaS service.
- Added hpelefthand_iscsi backend support for cinder
- Enable innodb_file_per_table for MySQL/MariaDB databases
- Configure the basic cells setup for Nova, now required in Ocata.
- Added ability to proxy API service endpoints through Apache mod_rewrite rules by creating ProxyPass and ProxyPassReverse directives for each API service
- Adds the ability to manage auditd.service and enter audit.rules
- Add support for configuring Ceph RGW to use keystone V3 service authentication instead of admin token authentication
- Added /etc/issue & /etc/issue.net parameters
- Added MOTD banner parameters
- Added external module saz-ssh to allow management of sshd_config
- Release notes are no longer maintained by hand, we now use the reno tool to manage them.
- Configure VNC server to be binded on internal network interface on compute nodes. This value comes from tripleo-heat-templates and is configured by default to use an IP address from the internal API network. We use the ServiceNetMap in tripleo-heat-templates to compute the IP address, and we won’t configure 0.0.0.0 anymore as it used to open the binding to any network, which is unsecure.
- Invoke rabbitmq_user resource explicity to apply password change during update, if any.
- Newly created MySQL database tables will be stored in their own datafiles,
instead of in a single monolithic ibdata file.
- Existing MySQL database tables that are persisted within the monolithic
ibdata file will remain so unless the database is migrated as well.
- Migration of all current database tables out of the monolithic ibdata
file is possible by dumping and restoring the whole database to a new data
directory, however when using Galera the entire cluster must be shut
down and upgraded at once.
- Migration of individual tables to datafiles is possible using the
MySQL command “ALTER TABLE <databasename>.<tablename> ENGINE=InnoDB;”,
however this will not shrink the ibdata file and also is not safe to run
on a running Galera cluster for large tables.
- Removed the following URL configuration variables from tripleo::ui:
- Remove tripleo::vip_hosts class, no longer used.
- CVE-2016-9599 Enforce Firewall TCP / UDP rules management, by sanitizing dynamic HAproxy endpoints firewall rules, securing firewall rules creations (disallow TCP/UDP rules without sport or dport), but allow to open all traffic for TCP/UDP when actually desired.
- Fixes bug 1648736 so swift-proxy is decoupled from ceilometer packages.
- Fixes bug 1652107 so we ensure package updates don’t happen unexpectedly.
- Fixes bug 1645898 so we ensure to bind the rabbit inter-cluster to a specific interface.
- Introduce more Puppet rspec tests that improve testing quality.