Train Series Release Notes

12.6.0

Bug Fixes

  • RHEL-8.3 kernel disabled the Intel TSX (Transactional Synchronization Extensions) feature by default as a preemptive security measure, but it breaks live migration from RHEL-7.9 (or even RHEL-8.1 or RHEL-8.2) to RHEL-8.3.

    Operators are expected to explicitly define the TSX flag in their KernelArgs for the compute role to prevent live-migration issues during the upgrade or update process.

    We now introduce this validation in tripleoclient to ensure early failure.

    More information here:

    https://access.redhat.com/solutions/6036141

12.5.0

New Features

  • The container image build command now has the ability to inject labels into various images being constructed. To add labels into a container, the argument –label can be specified multiple times. The value is always a key=value pair and each key must be unique.

  • Adds auth_token_lifetime to undercloud.conf with a default of 14400. This configuration option exposes the keystone token expirataion as a top level configuration since it may need to be increased to handle larger clouds.

Other Notes

  • The container image build label agument has the ability to do simple string replacements following the python standard. Available options for string replacement are registry, namespace, prefix, image, tag, and name. Example usage –label component=”%(prefix)s-%(name)s-container”.

12.4.0

New Features

  • The overcloud delete subcommand now supports cleaning up overcloud hosts, services, and DNS entries in FreeIPA. This is applicable to deployments with TLS support enabled since FreeIPA serves DNS and manages certificates for overcloud infrastructure. This subcommand also includes a new option called --skip-ipa-cleanup that allows the caller to forego cleaning up FreeIPA. This may be useful when deployers want to forcibly cleanup overcloud stacks and leave FreeIPA entries intact (e.g., network partition events where the FreeIPA server isn’t reachable). Note that you will need to manually cleanup FreeIPA if you use --skip-ipa-cleanup.

  • A new –ansible-forks argument has been added to the TripleO and Overcloud commands. The default value for forks has also been adjusted to no longer exceed 100 forks.

  • Add –work-dir to openstack overcloud container image build command and every run will create a unique workspace which where will be stored Kolla configs and build logs. Default directory will be in /tmp/container-builds. UUIDs are used to identify each time we run the command and will be the directory name in the work dir.

  • Added –overcloud-ssh-enable-timeout to allow end users to increase the wait time during the deploy, ffu, upgrade and admin actions. By default this is 600 seconds.

  • Added –overcloud-ssh-port-timeout to allow end users to increase the time we wait for ssh to become ready on the hosts during the deploy, ffu, upgrade and admin actions. On older hardware or slow booting hardware, the 300 seconds we wait by default for the port to come up may not be sufficient.

  • A new command “openstack overcloud export ceph” is added. The command is used to export the Ceph deployment data from one stack for use in another stack with storage services which use that Ceph cluster when using the multi-stack deployment feature.

  • The network interface drivers for the Baremetal service on the undercloud is now configurable. New undercloud.conf options enabled_network_interfaces (Default: flat) and default_network_interface (Default: flat) control the enabled network interface and the default network interface when enrolling nodes.

  • The upgrade/update commands have a prompt by default now that ask for confirmation before proceeding. It’ll prevent an operator to run the command and cause the problems to infrastructure. This prompt can be skipped with –yes/-y argument.

  • The TripleO Validator CLI has now a new logging feature which keep every validation execution log in the Undercloud (/var/log/validations/). The CLI is able to display the history and allow the user to get the full execution details.

Upgrade Notes

  • The undercloud.conf file is now strictly parsed. If there are detected issues within the undercloud.conf configuration file operations will halt, producing an error and highlighting how to resolve the issue.

Deprecation Notes

  • The ffwd-upgrade command isn’t needed anymore since Queens. The ffwd upgrade now relies on the overcloud upgrade commands, therefore there is no need to keep the old ffwd-upgrade commands around as they could just cause confusion to the user.

Bug Fixes

  • Ansible connection timeout used for config download and the deployment timeout now will be given proper values. It fixes bug 1868063.

  • The client (tripleoclient) now raises a new exception, ConfigDownloadInProgress, if there is already an instance of the tripleo.deployment.v1.config_download_deploy workflow in progress for the current stack.

  • With adding UseTLSTransportForNbd feature in stein, UseTLSTransportForNbd is enabled per default. If an environment gets upgraded where UseTLSTransportForNbd was not enabled will make live migration to fail as the required certs are not part of the env of the previously created qemu process containers. This change handles UseTLSTransportForNbd as: * new environments it is enabled, which is the default in THT since stein * if it is an existing environment: - global_config_settings get checked for use_tls_for_nbd key - if the global_config_settings does not exist, e.g. update from previous THT version or previous major release, the hieradata key nova::compute::libvirt::qemu::nbd_tls gets evaluated that there is no unnecessary disable of nbd_tls

    In change I7f583d18e558b95922a66eb539cc91de74409c96 we move the certs to be handled using bind mounts, so the upgrade path to enable nbd-tls would be 1. deploy with this change + the puppet-tripleo and tht change to use bind mounts for certs. 2. migrate all instances once that the containers running the qemu processes have the correct cert bind mounts 3. run an overcloud deploy using UseTLSTransportForNbd=true

  • openstack overcloud export now exports user defined password values instead of just always exporting the generated password values.

  • The undercloud.conf file is now strictly parsed which ensures a clean configuration when deploying the undercloud.

12.3.1

New Features

  • A new command “openstack overcloud export” is added. The command is used to export the data from a control stack for use in a compute stack for the multi-stack feature.

Deprecation Notes

  • The TripleO Validator CLI doesn’t support Mistral anymore for listing and running the Validations. Ansible is now the way to run them.

  • The TripleO Validator was using Mistral to get all the Validations available on the Undercloud. From now, The CLI is parsing the Validations directly from the filesystem and the Mistral support has been removed.

Bug Fixes

  • Fixed an issue where the DHCP server for ironic-inspector was configured to operate in DHCPv6-stateful mode when the undercloud configuration specified DHCPv6-stateless mode. (See bug: 1853334)

12.3.0

New Features

  • The IPv6 addressing mode is now configurable for the undercloud provisioning network. The option ipv6_address_mode (default: dhpcv6-stateless) in undercloud.conf is used to control the addressing mode. Possible values:

    • dhpcv6-stateless: Address configuration using RA and optional information using DHCPv6.

    • dhcpv6-stateful: Address configuration and optional information using DHCPv6.

Deprecation Notes

  • openstack overcloud container image prepare has been deprecated and replaced by openstack tripleo container image prepare

  • openstack overcloud container image tag discover has been deprecated and replaced by openstack tripleo container image prepare

Bug Fixes

  • The MTU setting was not configured for Ironic Inspector DHCP (dnsmasq) service. This caused inspection to fail when operating on a network with < 1500 bytes MTU. See bug: 1845487.

12.2.0

New Features

  • The ‘openstack tripleo validator list’ subcommand can only display all the available parameters for the validations using the new –parameters argument and extract them to a file using the new –create-vars-file argument.

  • The operator is now able to pass extra variables while executing validations through the command line. The command line will accept either a Dict with the new –extra-vars argument or the absolute path of a file (JSON or YAML when using ansible and JSON only when using Mistral) with the new –extra-vars-file argument.

  • Enable new preflight check on the undercloud, using ansible playbooks from openstack-tripleo-validations.

  • Check runs differently if we’re on a brand new deploy or an upgrade, as we don’t need the same amount of free space.

  • Disable the container healthchecks on the Undercloud in the undercloud.conf with the new option container_healthcheck_disabled, false by default.

  • Introduce new “–inflight-validations” option in order to activate those validations. It defaults to “False”, since we don’t want them by default.

  • New command “openstack overcloud node unprovision”

    This is a companion command to “openstack overcloud node provision” which is required for scale-down and should be run after “openstack overcloud deploy”.

    It will undeploy any instance which has provisioned=False in the supplied roles yaml.

  • With the new podman container setup comes an Apache served local image registry.

    openstack tripleo container image push allows you to maintain those images, and add new images as required.

Upgrade Notes

  • Support for the cisco-ucs-managed and cisco-ucs-standalone hardware types has been removed since these hardware types have been removed from Ironic due to lack of maintenance.

12.1.0

New Features

  • The validations can now be performed by calling Mistral or by calling ansible-playbook. By default, the latter is used. The new --use-mistral option allows to execute either groups or a set of specific validations by calling Mistral instead of using the default mechanism, ie. ansible-playbook.

  • Undercloud ctlplane subnets can now have individual nameservers (per-subnet option dns_nameservers). If no subnet specific nameservers are specified for a subnet it will fall back to undercloud_nameservers.

  • With the new podman container setup comes an Apache served local image registry.

    openstack tripleo container image delete allows you to maintain those images, and remove those that are no longer required.

  • With the new podman container setup comes an Apache served local image registry.

    openstack tripleo container image list gives you insight into your images.

  • With the new podman container setup comes an Apache served local image registry.

    openstack tripleo container image show will perform an inspection on a given image, and present the details.

  • Adds openstack undercloud minion install and openstack undercloud minion upgrade to install or upgrade an undercloud minion that can be used to scale heat-engine and ironic-conductor horizontally.

Upgrade Notes

  • The openstack undercloud deploy command has been removed. Use openstack tripleo deploy instead.

Other Notes

  • When running with –config-download-only, the enable ssh admin will now be skipped. Skipping the ssh admin workflow saves time when trying to do the config download workflow only. If the ssh admin workflow needs to be rerun, the “openstack overcloud admin” command can be used.

12.0.0

New Features

  • Added a y/n prompt to the node delete command to prevent a user from accidently executing a node delete action since it’s a destructive action.

Upgrade Notes

  • enable_ui has been removed from the undercloud configuration options.

Deprecation Notes

  • The scale and flavor params have been deprecated since Newton. This is the start of the process to removing these params. The CLI will now throw an error if any of the old scale and/or flavor params are passed. This check should be removed in a future release.

Bug Fixes

  • The verbosity of the config-download ansible tasks for deployment are now controlled by the verbosity level specified on the command line.