Wallaby Series Release Notes

14.2.2-73

New Features

  • Add the ability to override the “backend_availability_zone” parameter in every Manila share backend.

  • A new tripleo::profile::base::cinder::volume::rbd::extra_options parameter adds the ability to configure additional options for use with cinder RBD backends.

  • Haproxy configuration file can now use the frontend and backend keywords to describe a service, rather than using the listen keyword. The new format can be enabled via hiera parameter haproxy_backend_syntax. When enabled, any frontend or backend configuration can be overriden on a per service-basis via new hiera keys tripleo::haproxy::<service>::frontend_options and tripleo::haproxy::<service>::frontend_options. The original hiera key tripleo::haproxy::<service>::options has no effect on the frontend and backend sections.

  • This change adds functionality to enable modular libvirt daemons support. Also all the daemons runs in separate containers, so the configuration is done for all the daemon containers. Here is the list of daemons added in this change. - virtnodedevd - virtproxyd - virtqemud - virtsecretd - virtstoraged

    More information regarding modular libvirt daemons is available here. Libvirt Daemons <https://libvirt.org/daemons.html> _.

  • Added support for host personality, iSCSI CIDR and eradicate on delete parameters for Pure Storage FlashArray Cinder backend.

  • Adds a new option “audit_enabled” to add the pycadf audit middleware to the Swift proxy server pipeline.

Upgrade Notes

  • When support for CentOS stream 9 and rhel 9 was being developed the nova migration wrapper script in the RDO distgit repo did not support the virt-ssh-helper command for live migration. To work around that the netcat proxy was hardcoded in 04a97f92e4d944ce51492011584e2ec1126042a1. Since then the nova-distgit repo has been updated with support for virt-ssh-helper and netcat has been removed from the nova live migration target container. As a result its not currently possible to live migrate with rhel9 images As reported in bugzilla 2089520. To support upgrades this has now been reverted and we no longer hardcode the proxy to netcat.

  • Services managed by Pacemaker will be restarted when this change is applied as an Update or Upgrade process.

  • The unused stack_action hiera parameter has now been removed.

14.2.0

New Features

  • When nova_virtlogd container gets restarted the instance console auth files will not be reopened again by virtlogd. As a result either instances need to be restarted or live migrated to a different compute node to get new console logs messages logged again. Usually on receipt of SIGUSR1, virtlogd will re-exec() its binary, while maintaining all current logs and clients. This allows for live upgrades of the virtlogd service on non containerized environments where updates just by doing an RPM update. To reduce the likelihood in a containerized environment virtlogd should only be restarted on manual request, or on compute node reboot. It should not be restarted on a minor update without migration off instances. This introduces a nova_virtlogd_wrapper container and virtlogd wrapper script, to only restart virtlogd on either manual or compute node restart.

  • New hiera setting rbd_disk_cachemodes allows to override the disk cache modes for RBD. Defaults to [‘network=writeback’].

  • Added “scripts” parameters for class tripleo::profile::base::metrics::collectd::sensubility enabling download of various scripts for usage within sensubility check definitions. Supported transfer method is HTTP only currently.

14.1.0

New Features

  • Add ability to specify the memcache_security_strategy and memcache_secret_key for keystone authtoken middleware. The keys used by individual services are hashed with a salt (the service name), to isolate them.

  • New tripleo::profile::base::cinder::backup::gcs and tripleo::profile::base::cinder::backup::s3 classes add support for configuring the cinder backup service’s GCS (Google Cloud service) and Amazon S3 backends.

  • Add support for configuring multiple cinder RBD backends, each associated with a different ceph cluster.

  • Add parameter for setting monitor interval for ovndbs (default is 30s)

  • Add posibilities to configure replication_probe_interval for ovsdb-server. It configure probe interval for connection for ovsdb-server when it is in backup mode and connects to the active ovsdb-server for replication

Upgrade Notes

  • The following deprecated parameters in the tripleo::profile::base::nova::api class have been removed.

    • nova_metadata_network

    • metadata_tls_proxy_bind_ip

    • metadata_tls_proxy_fqdn

    • metadata_tls_proxy_port

  • Remove deprecated tripleo::profile::base::cinder::volume::dellemc_xtremio_iscsi. Use tripleo::profile::base::cinder::volume::dellemc_xtremio instead.

Deprecation Notes

  • Remove support for puppet_certmonger. All certificates are now managed by the linux-system-roles.certificate ansible role configured from each service’s heat template. ::tripleo::certmonger puppet files are removed.

Bug Fixes

  • libvirt 6.8.0 introduces virt-ssh-helper which prepends the libvirt ssh command with a “which virt-ssh-helper”. libvirt used to first check for nc (netcat). But these two libvirt commits[1][2] have now changed it to first look for virt-ssh-helper, if it not available, then fall back to nc. This trips up the ‘nova-migration-wrapper’ as it does not support virt-ssh-helper atm. Until this is implemented, this change force to use “netcat” (nc) by appending to the migration URI: “&proxy=netcat” [1] https://libvirt.org/git/?p=libvirt.git;a=commit;h=f8ec7c842d (rpc: use new virt-ssh-helper binary for remote tunnelling, 2020-07-08) [2] https://libvirt.org/git/?p=libvirt.git;a=commit;h=7d959c302d (rpc: Fix virt-ssh-helper detection, 2020-10-27)

  • Bug #1915800: Add support for ports filtering in XtremIO driver.

14.0.0

New Features

  • Add ability to specify memcached port for all services. The port defaults to hiera(‘memcached_authtoken_port’, 11211) for authtoken middleware and hiera(‘memcached_port’, 11211) for other uses.

  • This change introduces two hiera keys that allow an operator to specify which NIC (or NICs) the VIPs will be bound to. One hiera key has global effect (tripleo::pacemaker::force_nic) and forces all VIPs to listen to that NIC. There is also the possibility to override that for specific VIPs with the force_vip_nic_overrides hiera hash. This change is only useful for deployments where BGP is used to advertise IP addresses from the host across multiple L3 networks.

Upgrade Notes

  • Management of login.defs file has been removed because now the file is managed by ansible.