Current Series Release Notes

12.0.0-6

Bug Fixes

  • The RootStackName parameter is now added to the plan in plan-environment.yaml on both stack create and update. Previously it was only added on create.

12.0.0

New Features

  • Adds additional healtchecks for Swift to monitor account, container and object replicators as well as the rsync process.

Bug Fixes

  • openstack cli doesn’t negotiate a microversion. Live migration and multiattach are 2 examples of operations which require arcane incantations to make them work correctly, and therefore usually don’t. This adds OS_COMPUTE_API_VERSION=2.latest to the overcloudrc file to fix it.

11.3.0

Deprecation Notes

  • The SkopeoImageUploader is deprecated. It does not work with the Stein image repository and will be removed in a future release.

11.2.0

Upgrade Notes

  • Support for the cisco-ucs-managed and cisco-ucs-standalone hardware types has been removed since these hardware types have been removed from Ironic due to lack of maintenance.

Bug Fixes

  • Previously, trash_output was not honored if a queue was not being used to post messages. The behavior has changed so that trash_output will be honored even if a queue is not being used, and all stdout/stderr will be discarded.

  • In case of cell stacks we need to pass redis_vip as an input to be able to use redis on the central controllers. This moves the redis_vip setting to all_nodes and only set it if it is not an additional cell.

  • When deploying a large amount of nodes, the create_admin_via_ssh workflow could fail due to the large amount of ansible output generated. This patch updates the tripleo.ansible-playbook action in the workflow with trash_output:true so that the output is not saved in the mistral DB. There is a log file saved already in case the output is needed for debug purposes.

11.1.0

New Features

  • The bindep.txt file located in the project root contains all of the basic required packages needed when running local tests.

  • Developers can now use bindep to list system requirements. The bindep command will load the list of packages for the given platform using the bindep.txt file.

  • Bindep can now be leveraged via tox using the environment bindep. This tox environment will use bindep via the bindep-install script to install any missing packages on the local system which are required for development purposes.

Bug Fixes

  • The verbosity of the config-download ansible tasks now defaults to 0 instead of 1. This makes the tasks not verbose by default. The verbosity specified on the command line with the deployment command is now honored and can be used to disable verbosity or increase the verbosity level as needed.

  • The passphrase for config option ‘server_certs_key_passphrase’, is used as a Fernet key in Octavia and thus must be 32 bytes long. TripleO will now auto-generate 32 bytes long passphrase for OctaviaServerCertsKeyPassphrase.

11.0.0

New Features

  • If the AdditionalArchitectures parameter has entries then the container image prepare will prepare images for all architectures instead of just the default one. A new boolean field multi_arch can also be set in ContainerImagePrepare entries to determine the multi arch behaviour for images in that entry. If any entry sets a multi_arch value then AdditionalArchitectures is ignored.

  • tripleo-container-rm is the new role that replaces tripleo-docker-rm which is in charge of tearing down containers running in Docker or Podman. If the container_cli is Podman, the role takes care of systemd cleanup for both the container and its healthcheck if it does exist.

Security Issues

  • Fixed a vulnerability where an attacker may cause new Octavia amphorae to run based on any arbitrary image (CVE-2019-3895).

Bug Fixes

  • As of Rocky [1], the nova-consoleauth service has been deprecated and cell databases are used for storing token authorizations. All new consoles will be supported by the database backend and existing consoles will be reset. Console proxies must be run per cell because the new console token authorizations are stored in cell databases.

    nova-consoleauth was deprecated in tripleo with: I68485a6c4da4476d07ec0ab5e7b5a4c528820a4f

    This change now removes the NovaConsoleauth Service.

    [1] https://docs.openstack.org/releasenotes/nova/rocky.html

  • Fixed an issue were amphora load balancers would fail to create. The problem was because Octavia certificate files were being created in a wrong path and with invalid content.

  • Ensure [controller_worker]/amp_image_owner_id is set. This configuration option restricts Glance image selection to a specific owner ID. This is a recommended security setting.