Train Series Release Notes

11.7.0-46

New Features

• A new tripleo::profile::base::cinder::volume::rbd::extra_options parameter adds the ability to configure additional options for use with cinder RBD backends.

11.7.0

New Features

• Add parameter for setting monitor interval for ovndbs (default is 30s)

Deprecation Notes

• The enable_cache and cache_backend in tripleo::profile::base::nova class were removed because now these parameters are defined in tripleo-heat-templates.

11.6.0

New Features

• Add ability to specify the memcache_security_strategy and memcache_secret_key for keystone authtoken middleware. The keys used by individual services are hashed with a salt (the service name), to isolate them.

• Add ability to specify memcached port for all services. The port defaults to hiera(‘memcached_authtoken_port’, 11211) for authtoken middleware and hiera(‘memcached_port’, 11211) for other uses.

Bug Fixes

• libvirt 6.8.0 introduces virt-ssh-helper which prepends the libvirt ssh command with a “which virt-ssh-helper”. libvirt used to first check for nc (netcat). But these two libvirt commits[1][2] have now changed it to first look for virt-ssh-helper, if it not available, then fall back to nc. This trips up the ‘nova-migration-wrapper’ as it does not support virt-ssh-helper atm. Until this is implemented, this change force to use “netcat” (nc) by appending to the migration URI: “&proxy=netcat” [1] https://libvirt.org/git/?p=libvirt.git;a=commit;h=f8ec7c842d (rpc: use new virt-ssh-helper binary for remote tunnelling, 2020-07-08) [2] https://libvirt.org/git/?p=libvirt.git;a=commit;h=7d959c302d (rpc: Fix virt-ssh-helper detection, 2020-10-27)

11.5.0

New Features

• Added tripleo::profile::base::octavia::provider::ovn for configuring OVN driver properties, including protocol.

• Adds ceph_dashboard endpoint and ceph_dashboard_port to properly expose the ceph-dashboard frontend service

• Add support for configuring the glance-api service with multiple store backends. The primary backend becomes the service’s default backend, and additional backends may be specified using an optional ‘multistore_config’ hash.

• Add new PowerMax backend Cinder driver options. Supports both iSCSI and FC volume drivers and multiple backends as well.

• Add Dell EMC SC backend Cinder driver options. Supports both iSCSI and FC volume drivers and multiple backends as well.

• This change introduces two hiera keys that allow an operator to specify which NIC (or NICs) the VIPs will be bound to. One hiera key has global effect (tripleo::pacemaker::force_nic) and forces all VIPs to listen to that NIC. There is also the possibility to override that for specific VIPs with the force_vip_nic_overrides hiera hash. This change is only useful for deployments where BGP is used to advertise IP addresses from the host across multiple L3 networks.

• Added support for VxFlexOS backend driver

• Add Dell EMC XtremIO backend Cinder driver options. Supports both iSCSI and FC volume drivers and multiple backends as well

Deprecation Notes

• ovn_db_host and ovn_nb_port from tripleo::profile::base::octavia::api are now deprecated and will be removed in the future release. Please use ovn_db_host and ovn_nb_port from tripleo::profile::base::octavia::provider::ovn instead.

Bug Fixes

• It is now possible to override the enabled_share_protocols configuration for the Shared File Systems service (manila) with the hiera parameter manila_enabled_share_protocols.

11.4.0

New Features

• Under pressure, the default monitor timeout value of 20 seconds is not enough to prevent unnecessary failovers of the ovn-dbs pacemaker resource. While spawning a few VMs in the same time this could lead to unnecessary movements of master DB, then re-connections of ovn-controllers (slaves are read-only), further peaks of load on DBs, and at the end it could lead to snowball effect. Now this value can be configurable by dbs_timeout in tripleo::profile::pacemaker::ovn_dbs_bundle and by default is set to 60s.

Bug Fixes

• Allow using upper case names for SRIOV interface names.

11.3.0

New Features

• The ipversion parameter was added to tripleo::firewall:rule. Allowing the user to provide the IP version (ipv4 or ipv6) for firewall rules. With the default (undef) the rule will be created in both iptables and ip6tables. Bug: 1845153.

• This patch introduces parameters which support SSL to connect to OVN_Northbound DB and OVN_Southbound DB. This can be set by: * ‘ovn_nb_private_key’: The PEM file with private key for SSL connection to OVN-NB-DB * ‘ovn_nb_certificate’: The PEM file with certificate that certifies the private key specified in ovn_nb_private_key * ‘ovn_nb_ca_cert’: The PEM file with CA certificate that OVN should use to verify certificates presented to it by SSL peers * ‘ovn_sb_private_key’: The PEM file with private key for SSL connection to OVN-SB-DB, * ‘ovn_sb_certificate’: The PEM file with certificate that certifies the private key specified in ovn_sb_private_key’ * ‘ovn_sb_ca_cert’: The PEM file with CA certificate that OVN should use to verify certificates presented to it by SSL peers * ‘protocol’: Protocol use in communication with dbs

11.2.0

New Features

• Adds ceph_grafana endpoint and ceph_grafana_port to configure the ceph-dashboard service

Deprecation Notes

• The aide puppet manifest for aide was removed. The heat template invoking this manifest has been converted to Ansible.

11.1.0

New Features

• Added new parameter ‘mpm_module’ for the base Apache profile to configure the used MPM module. Defaults to ‘prefork’, which is also the default value for the config files installed with the package.

• Two custom per-service hiera keys are added tripleo::haproxy::<service>::internal_bind_options and tripleo::haproxy::<service>::public_bind_options. They control additional custom options that can be added to the bind line of a specific service configuration in haproxy. One use case is to force older TLS versions for internal APIs that end up pointing to devices that do not support the latest TLS standard. They accept a single string or an array of strings.

• Adds profile for rsyslogd composable service which aims to replace fluentd with the same behaviour. This means that rsyslog will be tailing OpenStack log files and forwarding it to central log collector (ELK)

• Added TLS support for ELasticsearch output plugin in rsyslog service.

Known Issues

• Allow a hiera key to add an additional rabbitmq policy in the resource agend.

Deprecation Notes

• The tuned puppet manifest for tuned was removed. The heat template invoking this manifest has been converted to Ansible.

Bug Fixes

• The old DEFAULT/dhcp_domain setting was moved to api/dhcp_domain. nova::network::neutron::dhcp_domain will be removed later in the cycle. We need include nova::metadata which sets the new [api]/dhcp_domain as this is used by the virt driver to generate the config drive.

Other Notes

• Add dateext and related paramters for containerized logrotate service to find easily when logfiles were rotated.

11.0.0

New Features

• Adds ovn_db_host and ovn_nb_port to configure ovn nb connection string for OVN Provider driver.

Upgrade Notes

• The Neutron LBaaS project was retired. Upgrading to deployment to Train release will not upgrade Neutron LBaaS. Learn more about its retirement and Octavia as its successor at https://wiki.openstack.org/wiki/Neutron/LBaaS/Deprecation

• Remove ntp profile and puppet-ntp usage.

Deprecation Notes

• The Neutron LBaaS project was retired and support for it in TripleO removed.

Bug Fixes

• As of Rocky [1], the nova-consoleauth service has been deprecated and cell databases are used for storing token authorizations. All new consoles will be supported by the database backend and existing consoles will be reset. Console proxies must be run per cell because the new console token authorizations are stored in cell databases.

  nova-consoleauth was deprecated in tripleo with: I68485a6c4da4476d07ec0ab5e7b5a4c528820a4f

  This change now removes the NovaConsoleauth Service.

  [1] https://docs.openstack.org/releasenotes/nova/rocky.html