Stein Series Release Notes¶
Under pressure, the default monitor timeout value of 20 seconds is not enough to prevent unnecessary failovers of the ovn-dbs pacemaker resource. While spawning a few VMs in the same time this could lead to unnecessary movements of master DB, then re-connections of ovn-controllers (slaves are read-only), further peaks of load on DBs, and at the end it could lead to snowball effect. Now this value can be configurable by dbs_timeout in tripleo::profile::pacemaker::ovn_dbs_bundle and by default is set to 60s.
Allow using upper case names for SRIOV interface names.
Add dateext and related paramters for containerized logrotate service to find easily when logfiles were rotated.
Adds ovn_db_host and ovn_nb_port to configure ovn nb connection string for OVN Provider driver.
Allow a hiera key to add an additional rabbitmq policy in the resource agend.
In case of a multicell deployment the mysql and nova novncproxy backend servers need to use the SERVICE_cell_node_names. Also the novncproxy did use the nova_api_vip and nova_api_node_[ips|names] information insteand of nova_vnc_proxy_vip and nova_vnc_proxy_node_[ips|names]
Support setting values for
cephfs_volume_modeparameter which controls the rwx mode of the cephfs volumes, snapshots, and groups of these that back manila shares.
Add the ability to configure the cinder-volume service to run in active-active mode using the specified cluster name. Note that active-active mode requires the etcd service be enabled, as it’s used by the cinder-volume service for its Distributed Lock Manager (DLM).
qemu certs are note used by libvirt and therefore does not need a restart. In case certs gets renewed, right now qemu processes (instances) need to be restarted. This removes the postsave_cmd and also restart libvirt on cert file change.
Add the ability to configure the nfs_snapshot_support parameter associated with Cinder’s NFS backend.
Added Dell EMC SC multipath support This change adds support for cinder::backend::dellsc_iscsi::use_multipath_for_image_xfer.
Add new parameter haproxy_log_facility.
Adds support to configure disjoint address pools for Ironic Inspector. When Inspector is deployed as a HA service disjoint address pools should be served by the DHCP instances to avoid address conflict issues.
Add support for native TLS encryption on NBD for disk migration
The NBD protocol previously runs in clear text, offering no security protection for the data transferred, unless it is tunnelled over some external transport like SSH. Such tunnelling is inefficient and inconvenient to manage. Support for TLS to the NBD clients & servers provided by QEMU was added. In tls-everywhere use case we want to take advantage of this feature to create the certificates and configure qemu to use nbd tls.
Neutron L3/DHCP and OVN metadata agent wrapper classes are given the
container_cliparameters. The latter allows ‘docker’ (deprecated) and ‘podman’ for Neutron L3/dhcp and OVN metadata rootwrap containers managed by agents. When
debugenabled, the wrapper containers start writing extended outputs to its stdout, which also may be shown via the
bind_socketsis deprecated. No sockets are expected to bind mount for podman. So it only works for the docker runtime.
Masquerading and forwarding rules are now correctly created when using routed networks. (See bug: 1797455.)
Neutron/OVN rootwrap containers are managed by agents and will no longer be deleted, when the parent container restarts.
MongoDB hasn’t been supported since Pike, it’s time to remove the deployment files. Starting in Stein, it’s not possible to deploy MongoDB anymore. It already changes the default zaqar management_store to sqlalchemy and the zaqar messaging_store to redis, which is already set by TripleO Heat Templates.
Add the ability to override the “backend_availability_zone” parameter in every cinder volume backend.
Add support to enable ODL deployment on IPv6 networks
The tripleo::profile::base::cinder::volume::rbd::cinder_rbd_backend_host default value has changed, and no longer defaults to “hostgroup” when other hiera variables (cinder::backend_host and cinder::host) are undefined. This ensures cinder’s RBD backend_host is only set for pacemaker (HA) deployments, when tripleo-heat-templates sets cinder::backend_host to “hostgroup”.
When upgrading an existing non-HA deployment, the old “hostgroup” default value can be preserved by assigning the hiera variable tripleo::profile::base::cinder::volume::rbd::cinder_rbd_backend_host. New non-HA deployments should leave this variable unset.
The following hieradata updates for cinder dell sc to be done. cinder::backend::dellsc::excluded_domain_ip to be deprecated, use comma separated cinder::backend::netapp::excluded_domain_ips instead.
Logrotate’s copytruncate is used by default for containerized services logs rotation. The default period to keep old logs remains unchanged (14 days).
All manifests no longer use the bootstrap_nodeid hiera key, since this was generated per role and can result in multiple bootstrap nodes when a service on more than one role. The SERVICE_short_bootstrap_node_name key is used instead, which is automatically generated in tripleo-heat-templates based on the service_name key of the service template role_data.
With nova metadata api running via wsgi we do not need the ssl proxy when configure tls-everywhere as we terminate ssl direct in the httpd wsgi. With this change we only create the ssl proxy vhost if we do not run nova metadata via wsgi.