Train Series Release Notes


New Features

  • Added overcloud-images-ceph.yaml, overcloud-images-ceph-centos8.yaml, and overcloud-images-ceph-rhel8.yaml to allow an operator to build an image that can be used for dedicated ceph nodes. This overcloud-ceph image would not have the openstack client, ha or openvswitch related packages.

Bug Fixes

  • The RootStackName parameter is now added to the plan in plan-environment.yaml on both stack create and update. Previously it was only added on create.


New Features

  • Adds additional healtchecks for Swift to monitor account, container and object replicators as well as the rsync process.


Bug Fixes

  • openstack cli doesn’t negotiate a microversion. Live migration and multiattach are 2 examples of operations which require arcane incantations to make them work correctly, and therefore usually don’t. This adds OS_COMPUTE_API_VERSION=2.latest to the overcloudrc file to fix it.


Deprecation Notes

  • The SkopeoImageUploader is deprecated. It does not work with the Stein image repository and will be removed in a future release.


Upgrade Notes

  • Support for the cisco-ucs-managed and cisco-ucs-standalone hardware types has been removed since these hardware types have been removed from Ironic due to lack of maintenance.

Bug Fixes

  • Previously, trash_output was not honored if a queue was not being used to post messages. The behavior has changed so that trash_output will be honored even if a queue is not being used, and all stdout/stderr will be discarded.

  • In case of cell stacks we need to pass redis_vip as an input to be able to use redis on the central controllers. This moves the redis_vip setting to all_nodes and only set it if it is not an additional cell.

  • When deploying a large amount of nodes, the create_admin_via_ssh workflow could fail due to the large amount of ansible output generated. This patch updates the tripleo.ansible-playbook action in the workflow with trash_output:true so that the output is not saved in the mistral DB. There is a log file saved already in case the output is needed for debug purposes.


New Features

  • The bindep.txt file located in the project root contains all of the basic required packages needed when running local tests.

  • Developers can now use bindep to list system requirements. The bindep command will load the list of packages for the given platform using the bindep.txt file.

  • Bindep can now be leveraged via tox using the environment bindep. This tox environment will use bindep via the bindep-install script to install any missing packages on the local system which are required for development purposes.

Bug Fixes

  • The verbosity of the config-download ansible tasks now defaults to 0 instead of 1. This makes the tasks not verbose by default. The verbosity specified on the command line with the deployment command is now honored and can be used to disable verbosity or increase the verbosity level as needed.

  • The passphrase for config option ‘server_certs_key_passphrase’, is used as a Fernet key in Octavia and thus must be 32 bytes long. TripleO will now auto-generate 32 bytes long passphrase for OctaviaServerCertsKeyPassphrase.


New Features

  • If the AdditionalArchitectures parameter has entries then the container image prepare will prepare images for all architectures instead of just the default one. A new boolean field multi_arch can also be set in ContainerImagePrepare entries to determine the multi arch behaviour for images in that entry. If any entry sets a multi_arch value then AdditionalArchitectures is ignored.

  • tripleo-container-rm is the new role that replaces tripleo-docker-rm which is in charge of tearing down containers running in Docker or Podman. If the container_cli is Podman, the role takes care of systemd cleanup for both the container and its healthcheck if it does exist.

Security Issues

  • Fixed a vulnerability where an attacker may cause new Octavia amphorae to run based on any arbitrary image (CVE-2019-3895).

Bug Fixes

  • As of Rocky [1], the nova-consoleauth service has been deprecated and cell databases are used for storing token authorizations. All new consoles will be supported by the database backend and existing consoles will be reset. Console proxies must be run per cell because the new console token authorizations are stored in cell databases.

    nova-consoleauth was deprecated in tripleo with: I68485a6c4da4476d07ec0ab5e7b5a4c528820a4f

    This change now removes the NovaConsoleauth Service.


  • Fixed an issue were amphora load balancers would fail to create. The problem was because Octavia certificate files were being created in a wrong path and with invalid content.

  • Ensure [controller_worker]/amp_image_owner_id is set. This configuration option restricts Glance image selection to a specific owner ID. This is a recommended security setting.


New Features

  • new health check for “cron” containers, ensuring it exists and has content


Deprecation Notes

  • overcloudrc.v3 is no longer generated from the overcloudrc workflow. This is due to the fact that we’ve been shipping keystone v3 by default for some releases now, and we have the same contents available in overcloudrc.

Bug Fixes

  • Fixes running the baremetal provide workflow with node names.


New Features

  • tripleo-deploy-openshift script now understands the –plan option to run the openshift-ansible playbooks for a deployment named differently than “openshift”.

  • Introduce a –playbook option to the tripleo-deploy-openshift script in order to be able to run openshift-ansible playbook directly on already deployed servers.

Deprecation Notes

  • The –config-download-dir option to the tripleo-deploy-openshift script is deprecated in favor of –plan.


New Features

  • add support for unknown CA


New Features

  • kolla_builder now supports Buildah and not just Docker.

  • Prevent upgrading a stack to a version of tripleo templates or environment that specifies neutron mechanism drivers that are incompatible with the existing stack. Upgrade can be forced by ForceNeutronDriverUpdate parameter which need to be set in deployment parameters.

  • Break out tripleo-admin creation to its own role called tripleo-create-admin. This removes some inline ansible from the mistral workflow, and allows this role to be reused in other contexts (such as undercloud install).

Bug Fixes

  • Preparing docker image containers with just OVN now also generates the corresponding Neutron Server OVN docker image.


Bug Fixes

  • Workaround bug 1810932 by scripting an in-place update of ssh_known_hosts

Other Notes

  • Add an initial task to the config_download_deploy workflow that queries for existing executions of the same workflow on the same plan. If any are found, that means that config-download is already running on the existing plan, so the additional one that is trying to start is failed.


New Features

  • The ironic-staging-drivers are now installed in the ironic-conductor container so that these drivers can be used without rebuilding the container. The Ironic Staging Drivers is used to hold out-of-tree Ironic drivers which doesn’t have means to provide a 3rd Party CI at this point in time which is required by Ironic.

  • Node’s profile can now be specified as a separate profile field in the instackenv.json instead of inside capabilities.

  • A new Ansible role to tag containers managed by Pacemaker. This role will be consummed by services managed by Pacemaker.

  • The new tripleo-docker-rm will be useful to remove the containers that were managed by Docker and that are now managed by Podman.

Upgrade Notes

  • Package octavia-amphora-image (RHEL) will no longer be installed by role octavia-undercloud, and it now installs image files in directory /usr/share/openstack-octavia-amphora-images/. Please ensure you have the latest package version installed in the undercloud node beforehand deploying or updating the overcloud.

Deprecation Notes

  • Specifying profile in capabilities when enrolling nodes is deprecated. Please use the new profile field instead.

Bug Fixes

  • Node update now works correctly when capabilities are specified as a dict.

  • The list of pre and post deployment names generated with config-download are now written per server instead of per role. This change handles the case where a deployment may apply to only an individual or set of servers within a role, and not all servers in that role. host_vars are used to set the variable of deployment names per server instead of group_vars.

  • Remove the tripleo specific inclusion of the openstack-ironic-statging-drivers package into the ironic-conductor container as this has been included in kolla.

Other Notes

  • TripleoInventory class no longer supports the parameters being passed in as as config object. This was added to support transition in in tripleo-validations that was corrected in Queens.


New Features

  • Increase the size of the security hardened images to 40G. With the move to containers more disk space is needed and the disk layout has been modified. It needs a global size of 40G to work.

  • Loads and persist kernel modules from the host directly.

Bug Fixes

  • While we have a dedicated nova_metadata healthcheck script, the nova_metadata and nova_api container the same image and the current nova api healtcheck script still checks the non wsgi implementation. This changes the nova_api healthcheck script to check the metadata wsgi vhost config for details instead of the details in nova.conf.

  • Add missing httpd and mod_ssl packages to octavia container image to support TLS proxy for internal TLS.

Other Notes

  • Individual server deployments that are of type group:hiera now support check mode, and when running under check mode, also support diff mode.


Bug Fixes

  • Fixes bug 1793605 so when nodes are blacklisted, they are not included in the Overcloud config. A warning will show that the server_id that was ignored if the it can’t be found in the stack.

  • The config_download_deploy workflow now has a config_download_timeout input that will honor the user requested timeout. Previously, no timeout was honored even though the user could request one via tripleoclient.

  • The tripleo-bootstrap ansible role will no longer fail if yum fails to install the required packages. This fixed behavior aligns with previous requirements where enabled package repositories and a working package manager are not required on the initially deployed images. Errors are ignored on the package install task, and then a subsequent task will cause a failure indicating the required packages are not present.

  • tripleo.access.v1.enable_ssh_admin now honors the server blacklist if one is set. Servers in the blacklist will not be used by the workflow.

  • Previously, running ansible-playbook with –check would cause a failure during the individual server deployments when checking the result of a previous attempt.

  • The tripleo.deployment.v1.get_deployment_status workflow will no longer error when requesting the deployment status for a non-existant plan. A message is sent in the output instead of failing the workflow.

  • The ServerAliveInterval and ServerAliveCountMax SSH options are now set in the mistral ansible action so that when networking configuration is performed on the overcloud nodes SSH will not drop the connection.

  • A new workflow, config_download_export, for exporting the config-download files via a Swift tempurl is added so that the openstack overcloud config download tripleoclient command can use the API.

Other Notes

  • Switched to a versionless Keystone url in the overcloudrc. Previously, /v3 was being appended to the OS_AUTH_URL url but is not required when configuring OS_IDENTITY_API_VERSION


New Features

  • Creates a worflow to get flattened deployment parameters, so the related action does not need to be called directly.

  • Creates a workbook to update and get heat capabilities, so the related actions do not need to be called directly.

  • Add disable-nouveau element to tripleo images This ensures nouveau is not loaded at boot, as this can prevent PCI passthrough or loading the NVIDIA binary drivers that are required for vGPU support.

  • Adds nova_metadata healthcheck script when nova metadata api is run via httpd wsgi to check service status.

  • If nova novnc proxy is configured to ssl only, (see LP 178570) we need to make sure to also use ssl with the healthcheck script. With this change we verify if ssl_only is configured in nova.conf and set https as the proto to use for the novnc healthcheck.


New Features

  • The config_download_deploy workflow now uses a consistent working directory for the config-download directory. Since the directory is now managed by git, it can be reused across executions.

  • Initialize a git repository in the config-download directory and automatically snapshot changes made to the repository.

  • The GetOvercloudConfig action now sets a commit message that indicates the config was downloaded by the Mistral action and what user/project were used to execute the action.

  • Since the config download directory is now managed by git, the GetOvercloudConfig action will now first download the existing config container (default of overcloud-config), so that the git history is preserved and new changes will reuse the same git repo. Each new change to the config-download directory creates a new git commit.

  • New workflows are added for manipulating the deployment status, including tripleo.deployment.v1.set_deployment_status_success, tripleo.deployment.v1.set_deployment_status_failed, and tripleo.deployment.v1.set_deployment_status_deploying.

  • Generating roles_data.yaml file has been enhanced to generate the defined roles’s properties with a differnet name, so that a cluster can have multiple roles with same set of service, without manual edit. Adds the support to provide role name input as Compute:ComputeA so that the role ComputeA can be generated from the defined role Compute, by only chaning the name.

  • We are changing nova metadata api to be served via httpd wsgi. Therefore we’ll have a new config volume for the nova_metadata container.

    Adding DockerNovaMetadataConfigImage for this.

Upgrade Notes

  • The tripleo.plan_management.v1.create_default_deployment_plan workflow has been removed, since it’s been deprecated since the pike release and is no longer used in TripleO. Any other users of this workflow should switch to tripleo.plan_management.v1.create_deployment_plan instead.

Deprecation Notes

  • Un-deprecated pm_service_profile option support at the UCS ironic driver.

Bug Fixes

  • The tripleo.plan_management.v1.update_roles workflow didn’t pass the plan name (container name) or Zaqar queue name to the sub-workflow it triggered. This caused the behaviour to be incorrect when using a name other than the default. It now correctly passes on these parameters.

  • Previously, ironic nodes that only differ in pm_service_profile or ucs_service_profile would override one another ultimately leaving just one of them in ironic configuration. This fix un-deprecates pm_service_profile option support at the UCS ironic driver.


New Features

  • Adds a workflow to create a container so the underlying action does not need to be called directly.

  • Add a workflow to generate fencing parameters so action tripleo.parameters.generate_fencing does not need to be called directly.

  • Allow uploading files bigger than 5GB to swift. Currently we have support for uploading files to swift using the swift client class, this class does not allow to upload files bigger than 5GB. This change enables the upload of files bigger than 5GB by using the swift service class and adjusting the headers to allow this operations. This new helper will be used for the Undercloud backup, to be able to store files bigger than 5GB.

  • Adds a workflow to generate the overcloudrc files in a given deployment so the tripleo.deployment.overcloudrc action does not need to be called directly.

  • Adds support to specify additional parameters for Bare Metal ports when registering nodes.

    The mac key in nodes_json (instackenv.json) is replaced by the new ports key. Each port-entry supports the following keys: address, physical_network and local_link_connection. (The keys in ports mirror a subset off the Bare Metal service API .)

    Example specifying port mac address only:

    "ports": [
        "address": "52:54:00:87:c8:2e"

    Example specifying additional parameters:

    "ports": [
        "address": "52:54:00:87:c8:2f",
        "physical_network": "network",
        "local_link_connection": {
          "switch_info": "switch",
          "port_id": "gi1/0/11",
          "switch_id": "a6:18:66:33:cb:49"
  • Install Octavia amphora image on the undercloud if Red Hat.

  • Sets rescue_kernel and rescue_ramdisk to the same values as deploy_kernel and deploy_ramdisk on node enrollment or configuration.

  • Adds support for rescue_interface when enrolling nodes.

  • On enrollment, all classic drivers are replaced with their hardware type equivalents (e.g. pxe_ipmitool is replaced with ipmi). The fake_pxe classic driver is replaced with the manual-management hardware type (which must be enabled in the undercloud).

  • Create keypair for SSH access to Octavia amphorae.

  • ContainerImagePrepare entries can now take an includes option, which like excludes will take a list of regex patterns. includes will filter entries which do not match at least one of the include expressions.

  • Enhance lb-mgmt-subnet to be a class B subnet, so the global amount of Octavia loadbalancers won’t be constrained to a very low number.

Deprecation Notes

  • The mac key in nodes_json is replaced by ports. The ports key expect a list of dictionaries specifying address (mac address), and optional keys physical_network and local_link_connection.

  • The os_auth argument to the generate_fencing_parameters workflow is deprecated and should not be provided. It will be removed in a future version.

Bug Fixes

  • Fix bug 1760659 by updating the derived parameters workflow to use scheduler hints associated with a given role. The scheduler hints are used to identify overcloud nodes associated with the role, and take precedence over nodes identified by their profile/flavor.

  • Fixes handling hardware types (new-style Ironic drivers) when generating fencing parameters. Also completely removes support for no longer existing pxe_ssh driver.

  • Fix Octavia amphora image RPM install on undercloud node for Red Hat based deployments (bug 1772880 <>)

  • Check pub key file permissions and default to pub key data for Octavia.

  • Fix syntax error in octavia-undercloud role.


Upgrade Notes

  • openstack overcloud config download now writes directly to the directory specified by --config-dir. The directory contents will be overwritten, preserving any contents not originating from the stack. A --no-preserve-config option is provided which will cause the --config-dir to be deleted and recreated if the``–config-dir`` location exists. Tmpdirs are no longer used.


New Features

  • Adds a workflow to list deployment plans so the tripleo.plan.list action does not need to be called directly.

  • Added role-specific parameter validation workflow.

  • Adds a workflow to update the parameters in a given deployment plan so the tripleo.parameters.update action does not need to be called directly.

Deprecation Notes

  • The tripleo.roles.list action is deprecated. Please use the tripleo.plan_management.v1.list_roles workflow instead. Calling actions directly is no longer supported.

Bug Fixes

  • Fixes OpenDaylight healthcheck for TLS and regular deployments.

Other Notes

  • The inventory code is updated to use hostnames as the host alias. Since the hostname may not always be resolvable, ansible_host is added as a hostvar and set to the host’s IP address. Using hostnames produces a much more user friendly result in the ansible output showing task result and play recap.


New Features

  • Adds a workflow to delete a deployment plan so the tripleo.plan.delete does not need to be called directly.

  • Adds a new workflow to list available roles for a given deployment plan.

  • Install os-net-config as an RPM package directly via DIB rather than rely on the os-net-config element. This change will allow us to deprecated further use of tripleo-image-elements for this feature.

  • Adds a workflow that takes a list of role names as input and populates roles_data.yaml in deployment plan with respective roles from the ‘/roles directory’.

  • Introduce Undercloud Backup workflow as well as set of Mistral actions to perform Undercloud Backup

  • Adds a workflow and associated actions to update roles in a deployment plan.

Upgrade Notes

  • In the Ocata release we started using a tripleo-heat-templates script to drive os-net-config. This approach gave us better signal handling capabilities, reduces our dependencies on os-apply-config, and makes it easier to integrate and fine tune network configuration with for example custom mapping files. Users who have network scripts using the older ‘os-apply-config’ format will need to update to the new t-h-t script format as part of this change. All in tree templates were updated in t-h-t as part of git commit 2c11e9e179178d074af91d8c5c798078ac3e0966.

Deprecation Notes

  • group:os-apply-config deployments are deprecated for use with config-download and they will not be applied.

  • The tripleoupstream container registry is not used anymore and may be retired in the future.

Bug Fixes

  • The group:ansible deployments were not formatted as human readable in the group_vars. It was all just one long line. This made manual review and debugging more difficult. They are now formatted in a human readable format.

  • The generated now has quotes around $@ so that the value can be passed through to ansible-playbook with spaces or other characters requiring quotes.

  • RoleConfig can exist as a stack output, but have a value of None. That case is now handled with a default value of {} where the value was previously None.

  • Support for the SshKnownHostsDeployment resources has been fixed by adding a new role that can be used to configure /etc/ssh/ssh_known_hosts on each host.


New Features

  • Add OctaviaCaKeyPassphrase to the list of passwords to generate, so users don’t have to pick a string or rely on a default value for octavia CA private key passphrase.

  • HeatAuthEncryptionKey, HorizonSecret, MysqlRootPassword, PcsdPassword and RabbitCookie are now generated by tripleo-common among other passwords managed by TripleO. If existing version of these parameters have been generated by the Heat stack we first harvest those before generating new version.

Security Issues

  • The enable_ssh_admin workflow is now always expecting a list of servers to operate on, passed via ssh_servers input which is left empty when unset.

Bug Fixes

  • Recognizes the root_device property when enrolling nodes. We recommend it to be set for multi-disk nodes, but the enrolling procedure does not actually accept it.

  • Node properties are no longer converted to strings on enrolling. This is not required by the Bare Metal service and may yield incorrect results.


New Features

  • Add generation of the key encryption key for the Barbican simple crypto backend.

  • Allows enrolling oVirt nodes using the staging-ovirt hardware type.

  • Introduce a new Ansible role, called tripleo-bootstrap which will take care of prepare an environment so we can deploy TripleO.

Upgrade Notes

  • The environment variables IRONIC_API_VERSION and OS_BAREMETAL_API_VERSION are no longer set in overcloudrc. Starting with python-ironicclient 2.0.0 this will result in the latest supported API version to be used. Scripts that rely on a particular API version behavior must set these versions explicitly.

Bug Fixes

  • Messages posted back to a zaqar queue by the ansible-playbook action could easily exceed the max message size for the queue. Instead of posting a single message each time, break it up based on the max message size and post a separate message for each.

  • Use the openstack-heat-agents package to install all of the python-heat-agent packages in the image, instead of having to specify each individually.


New Features

  • The Ansible actions will now log to a log file named ansible.log in the working directory.

  • Adds a new workflow, tripleo.deployment.v1.config_download_deploy, that does an overcloud configuration using the config download mechanism.

  • Adds support for enrolling nodes with all production hardware types, matching previously supported classic drivers, namely ilo, idrac, irmc and cisco-ucs-managed.

  • The overcloudrc and overcloudrc.v3 now have the same contents and are keystone-v3-enabled. This was done because keystone no longer supports the v2.0 API.

Upgrade Notes

  • Removes support for enrolling nodes with pxe_ssh driver (already removed from ironic).

  • Removes support for deprecated instackenv.json parameters:

    • pm_service_profile (use ucs_service_profile)

    • pm_auth_method (use irmc_auth_method)

    • pm_client_timeout (use irmc_client_timeout)

    • pm_sensor_method (use irmc_sensor_method)

    • pm_deploy_iso (use irmc_deploy_iso)

Bug Fixes

  • Accept the glance image ID in addition to the name.

  • Fixes compatibility between older deployments with Heat resource network “InternalNetwork” and corrected “InternalApiNetwork”. Upgrades from previous versions will still use the old naming scheme, while new deployments will use the correct name of “InternalApiNetwork”.


New Features

  • Add support for troubleshooting network issues using Skydive.


New Features

  • The default architecure for image builds now defaults to the cpu of the host instead of x86_64/amd64. This allows for a single package of tripleo-common to be used across multiple architectures to generate images.

  • A new minor update workflow has been added, which implemented all the steps in Mistral. It include the following, setup the Heat outputs of the Overcloud, pushed the configuration files of the deployment into swift, including Ansible playbook and tasks, the Puppet files, and run the ansible update playbook via the Ansible action.

  • The config download code has been moved from python-tripleoclient to a dedicated library in order to be consumed by other APIs or tools. A mistral action has been added to handle this library

Deprecation Notes

  • The old minor update workflow is now deprecated, the code for the action ClearBreakpointsAction has been removed

Bug Fixes

  • Add an error message if there are no bare metal nodes available in an available or active state and with maintenance mode off. Previously, the message was misleading about missing control or compute flavor having no profile associated.

  • The keystone utils in tripleo-common had gotten out of sync with the way Mistral was using authentication. This patch aligns the two so that they are closer to equivalent.


New Features

  • GUI logging - we added actions and workflows to support processing and storage of logging data from tripleo-ui

  • It is now possible to set various interface fields when enrolling nodes via instackenv.json. This only works for new-style drivers like ipmi or redfish. ironicclient 1.15 is required for setting the storage_interface field.

Upgrade Notes

  • The minimum required Bare Metal (Ironic) API version was bumped to 1.33 (late Pike).

  • The default bare metal API version used by the overcloud was bumped to 1.34, which is latest API version supported by Pike ironicclient.

Deprecation Notes

  • In the Queens release ironicclient will start defaulting to the latest supported bare metal API version, instead of the lowest. After that, we will stop pinning the bare metal API version in overcloudrc. All scripts that rely on a specific version should set it explicitly via either OS_BAREMETAL_API_VERSION environment variable or --os-baremetal-api-version command line argument.

Bug Fixes

  • When performing an interactive minor update with deployed-server, the client never prompted to clear breakpoints and just ran to completion and exited. The stack was left IN_PROGRESS. That issue has now been fixed so that the client will prompt to clear breakpoints.

  • Set the resource_class field of newly created nodes to baremetal to adapt to the recent scheduling changes. See bug 1708653 for details.


New Features

  • Add a Mistral workflow that uses hardware introspection data to derive deployment parameters for features such as DPDK and HCI (hyperconverged Nova compute and Ceph OSD nodes). The derived parameters workflow is automatically invoked during deployment when the workflow is listed in the plan environment file.

    For each role in the deployment, the workflow analyzes the Heat resource tree to determine which features are relevant to that role. The main workflow invokes secondary workflows responsible for deriving parameters associated with each feature.

  • Add two new workflows for discovering IPMI BMC: discover_nodes and discover_and_enroll_nodes.

    The former scans given IP addresses and ports, and tries to log into BMC using given credentials. It returns node information in a format accepted by the TripleO enrollment workflow.

    The latter calls the former, enrolls the resulting nodes and optionally moves them to manageable state.


New Features

  • Added a workflow to list all the deprecated parameters in the plan


New Features

  • In the parameters section of actions, the rotate_fernet_keys action was added. It does a rotation based on the values of the generated passwords or the parameter_defaults given by the user. Note that this merely does the rotation, deletes the excess keys and persists the new value in the plan environment. However, the action doesn’t go to the nodes and adds the keys to the actual repository; that’s part of a separate workflow.

  • Adds actions for calling ansible and ansible playbook executables from a workflow.

  • Set OS_VOLUME_API_VERSION and OS_IMAGE_API_VERSION in overcloudrc in order to establish the default API versions for the Volume and Image services. The values match the default major API versions for Cinder (3) and Glance (2).

Upgrade Notes

  • The environment configuration for deployments is now stored in a file called plan-environment.yaml and stored in Swift with the templates; Mistral is no longer used to store this data. Migration of the existing plans is handled automatically.

Deprecation Notes

  • The actions for calling ansible and ansible playbook executables from a workflow will be removed in the Queens release as they are intended to be migrated to the mistral-extra project.

Bug Fixes

  • Stop relying on deprecated alias drac_host for the drac_address field when enrolling Dell nodes.

  • The tripleo.role.list action now returns the list of roles based directly on the data from roles_data.yaml in the deployment plan. (See blueprint get-roles-actions)


New Features

  • Implemented new Mistral workflows to execute sosreport on overcloud nodes and upload them to a Swift container on the undercloud.

  • Added an action to flatten the nested heat resource tree and parameters.

  • The introspection workflow now accepts an additional parameter concurrency which defines how many nodes should be introspected in parallel. The default is 20, but can be changed to any positive integer.

  • Add support for enrolling nodes with ipmi hardware type.

  • Added a new workflow to fetch all the matching nodes with the given profile. To support it, a new action to fetch the node’s capabilities has been added too.

  • Add support for enrolling nodes using Redfish protocol for management. Requires additional field pm_system_id, see documentation.

Bug Fixes

  • Fixes bug 1691740 by adding container argument to calls to tripleo.git.clone action in the create_deployment_plan and update_deployment_plan workflows.

  • The update abort command was introduced many releases ago. However, it is not a safe operation in the context of TripleO. The TripleO Heat stack could become irrepairably damage should a rollback be attempted. As such, it is best to remove this functionality without a deprecation period. The workaround for this command is to wait until the stack times out or completes the update.


New Features

  • Adds an action and workflow used to check the status of the boot images in Glance.

  • Adds an action and workflow used to check the status of the defined and passed flavors in Nova.

  • Adds an action and workflow used to check the node counts and the hypervisor.

  • The create_deployment_plan workflow has been updated to provide support for creating a deployment plan from a git repository of heat templates. A tag or branch can be specified in the repo url with an ‘@’. Example:

  • Adds an action and workflow used to check the ironic boot configuration.

  • Add MigrationSshKey to generated passwords. This ssh key-pair is used by nova cold-migration and libvirt live-migration unless TLS is enabled.

  • Add a workflow to run all predeployment validations and report back all errors and warnings.

  • Add a new action argument, skip_deploy_identifier to DeployStackAction. The argument will disable setting a unique value for the DeployIdentifier parameter, which means the SoftwareDeployment resources in the templates will only be triggered if there is an actual change to their configuration. This argument can be used to avoid always applying configuration, such as during node scale out. This option should be used with Caution, and only if there is confidence that the software configuration does not need to be run, such as when scaling out certain roles.

  • When sourcing the overcloudrc on the undercloud, the command prompt will show that the credentials have been loaded by being preprended with the overcloud stack name. For example, ‘(overcloud) [stack@undercloud ~]$’

  • Adds an action and workflow used to verify the profiles assigned to nodes and their count.

Deprecation Notes

  • The tripleo.plan_management.v1.create_default_deployment_plan is deprecated and will be removed in the Queens release. The udpates to the tripleo.plan_management.v1.create_deployment_plan ensures that it provides the same functionality.

Security Issues

  • Add EtcdInitialClusterToken to the list of passwords to generate, so users don’t have to pick a string or rely on a default value. Fixes bug 1673266.

Bug Fixes

  • The default OS_BAREMETAL_API_VERSION and IRONIC_API_VERSION in overcloudrc were bumped to 1.29, which corresponds to Ocata final and allows using all recent features without specifying an explicit version.



5.8.0 is the final release for Ocata. It’s the first release where release notes are added.

New Features

  • Introduces a new workflow for creating baremetal RAID configuration.

  • Add FreeIPA enrollment environment generator.

  • Add a new Workflow which can be used to wait for Heat stacks finish with COMPLETE or FAILED.

  • CephMdsKey is now a generated Heat parameter.

  • Add an new Action which generates environment parameters for configuring fencing.

  • Add utility functions for deleting/emptying swift containers.

  • Enhance the plan create and plan update workflows to support plan import. A new plan environment file (located in t-h-t) is now used to store the Mistral environment, so it can easily be imported and exported. Root template and root environment settings (previously stored in the capabilities map file) are now being stored in this file.

  • Add a new plan export action which exports contents of a deployment plan to a tarball and uploads the tarball to Swift.

  • Run nova-manage cell_v2 discover_hosts when any baremetal nodes are registered with the undercloud.

  • Adds support for the Jinja2 include statement in tripleo-heat-templates.

  • Add a workflow to move a list of baremetal nodes to ‘manage’ state.

  • A new Mistral action has been added to create signed temporary URLs. It also sets the required metadata with a random key if not yet existing. This can be used on overcloud nodes to pull and push objects, for example to distribute Swift rings across all nodes.

  • Adds support for calling the external TripleO validations from the deployment and introspection workflows. They default to off, and can be enabled by passing ‘True’ to the run_validations parameters of these workflows.

Bug Fixes

  • Fixes bug 1644756 so that flavour matching works as expected with the object-storage role.

  • Fixes bug 1649284 by removing extra default Neutron vendor plugins.

  • Fixes bug 1640770 by updating the scale down workflow to wait until the stack has reached COMPLETE or FAILED.

  • Fixes bug 1651508 by adding the missing MySQL and Memcache packages to the container.

  • Fixes bug 1644587 with a new validation step of the plan name to prevent disallowed characters in hostnames.

  • Fixes bug 1648781 by passing the Zaqar queue to any sub-workflow executions to allow them to add messages to the queue.

  • Fixes bug 1637474 by adding support for initial state to the register_or_update workflow.

  • Fixes bug 1614939 by providing feedback to the user if a plan delete fails.

  • Fixes bug 1651704 by marking workflows as failed when they send an error messsage.

  • Fixes bug 1657461 by adding a workflow to delete a Heat stack.

  • Fixes bug 1614928 by adding workflows to support the package update command.

Other Notes

  • Add a script that pulls the latest puppet source

  • Force qemu to log to a file when containerized

  • Add passwords for Congress and Tacker