Train Series Release Notes¶
Add parameter for setting monitor interval for ovndbs (default is 30s)
tripleo::profile::base::novaclass were removed because now these parameters are defined in tripleo-heat-templates.
Add ability to specify the memcache_security_strategy and memcache_secret_key for keystone authtoken middleware. The keys used by individual services are hashed with a salt (the service name), to isolate them.
Add ability to specify memcached port for all services. The port defaults to hiera(‘memcached_authtoken_port’, 11211) for authtoken middleware and hiera(‘memcached_port’, 11211) for other uses.
libvirt 6.8.0 introduces virt-ssh-helper which prepends the libvirt ssh command with a “which virt-ssh-helper”. libvirt used to first check for nc (netcat). But these two libvirt commits have now changed it to first look for virt-ssh-helper, if it not available, then fall back to nc. This trips up the ‘nova-migration-wrapper’ as it does not support virt-ssh-helper atm. Until this is implemented, this change force to use “netcat” (nc) by appending to the migration URI: “&proxy=netcat”  https://libvirt.org/git/?p=libvirt.git;a=commit;h=f8ec7c842d (rpc: use new virt-ssh-helper binary for remote tunnelling, 2020-07-08)  https://libvirt.org/git/?p=libvirt.git;a=commit;h=7d959c302d (rpc: Fix virt-ssh-helper detection, 2020-10-27)
Added tripleo::profile::base::octavia::provider::ovn for configuring OVN driver properties, including protocol.
Adds ceph_dashboard endpoint and ceph_dashboard_port to properly expose the ceph-dashboard frontend service
Add support for configuring the glance-api service with multiple store backends. The primary backend becomes the service’s default backend, and additional backends may be specified using an optional ‘multistore_config’ hash.
Add new PowerMax backend Cinder driver options. Supports both iSCSI and FC volume drivers and multiple backends as well.
Add Dell EMC SC backend Cinder driver options. Supports both iSCSI and FC volume drivers and multiple backends as well.
This change introduces two hiera keys that allow an operator to specify which NIC (or NICs) the VIPs will be bound to. One hiera key has global effect (tripleo::pacemaker::force_nic) and forces all VIPs to listen to that NIC. There is also the possibility to override that for specific VIPs with the force_vip_nic_overrides hiera hash. This change is only useful for deployments where BGP is used to advertise IP addresses from the host across multiple L3 networks.
Added support for VxFlexOS backend driver
Add Dell EMC XtremIO backend Cinder driver options. Supports both iSCSI and FC volume drivers and multiple backends as well
ovn_db_host and ovn_nb_port from tripleo::profile::base::octavia::api are now deprecated and will be removed in the future release. Please use ovn_db_host and ovn_nb_port from tripleo::profile::base::octavia::provider::ovn instead.
It is now possible to override the
enabled_share_protocolsconfiguration for the Shared File Systems service (manila) with the hiera parameter
Under pressure, the default monitor timeout value of 20 seconds is not enough to prevent unnecessary failovers of the ovn-dbs pacemaker resource. While spawning a few VMs in the same time this could lead to unnecessary movements of master DB, then re-connections of ovn-controllers (slaves are read-only), further peaks of load on DBs, and at the end it could lead to snowball effect. Now this value can be configurable by dbs_timeout in tripleo::profile::pacemaker::ovn_dbs_bundle and by default is set to 60s.
Allow using upper case names for SRIOV interface names.
ipversionparameter was added to tripleo::firewall:rule. Allowing the user to provide the IP version (
ipv6) for firewall rules. With the default (
undef) the rule will be created in both iptables and ip6tables. Bug: 1845153.
This patch introduces parameters which support SSL to connect to OVN_Northbound DB and OVN_Southbound DB. This can be set by: * ‘ovn_nb_private_key’: The PEM file with private key for SSL connection to OVN-NB-DB * ‘ovn_nb_certificate’: The PEM file with certificate that certifies the private key specified in ovn_nb_private_key * ‘ovn_nb_ca_cert’: The PEM file with CA certificate that OVN should use to verify certificates presented to it by SSL peers * ‘ovn_sb_private_key’: The PEM file with private key for SSL connection to OVN-SB-DB, * ‘ovn_sb_certificate’: The PEM file with certificate that certifies the private key specified in ovn_sb_private_key’ * ‘ovn_sb_ca_cert’: The PEM file with CA certificate that OVN should use to verify certificates presented to it by SSL peers * ‘protocol’: Protocol use in communication with dbs
Adds ceph_grafana endpoint and ceph_grafana_port to configure the ceph-dashboard service
The aide puppet manifest for aide was removed. The heat template invoking this manifest has been converted to Ansible.
Added new parameter ‘mpm_module’ for the base Apache profile to configure the used MPM module. Defaults to ‘prefork’, which is also the default value for the config files installed with the package.
Two custom per-service hiera keys are added tripleo::haproxy::<service>::internal_bind_options and tripleo::haproxy::<service>::public_bind_options. They control additional custom options that can be added to the bind line of a specific service configuration in haproxy. One use case is to force older TLS versions for internal APIs that end up pointing to devices that do not support the latest TLS standard. They accept a single string or an array of strings.
Adds profile for rsyslogd composable service which aims to replace fluentd with the same behaviour. This means that rsyslog will be tailing OpenStack log files and forwarding it to central log collector (ELK)
Added TLS support for ELasticsearch output plugin in rsyslog service.
Allow a hiera key to add an additional rabbitmq policy in the resource agend.
The tuned puppet manifest for tuned was removed. The heat template invoking this manifest has been converted to Ansible.
The old DEFAULT/dhcp_domain setting was moved to api/dhcp_domain. nova::network::neutron::dhcp_domain will be removed later in the cycle. We need include nova::metadata which sets the new [api]/dhcp_domain as this is used by the virt driver to generate the config drive.
Add dateext and related paramters for containerized logrotate service to find easily when logfiles were rotated.
Adds ovn_db_host and ovn_nb_port to configure ovn nb connection string for OVN Provider driver.
The Neutron LBaaS project was retired. Upgrading to deployment to Train release will not upgrade Neutron LBaaS. Learn more about its retirement and Octavia as its successor at https://wiki.openstack.org/wiki/Neutron/LBaaS/Deprecation
Remove ntp profile and puppet-ntp usage.
The Neutron LBaaS project was retired and support for it in TripleO removed.
As of Rocky , the nova-consoleauth service has been deprecated and cell databases are used for storing token authorizations. All new consoles will be supported by the database backend and existing consoles will be reset. Console proxies must be run per cell because the new console token authorizations are stored in cell databases.
nova-consoleauth was deprecated in tripleo with: I68485a6c4da4476d07ec0ab5e7b5a4c528820a4f
This change now removes the NovaConsoleauth Service.