diff options
| -rw-r--r-- | lib/puppet/provider/package/norpm.rb | 2 | ||||
| -rw-r--r-- | manifests/profile/base/gnocchi/metricd.pp | 2 | ||||
| -rw-r--r-- | manifests/profile/base/gnocchi/statsd.pp | 2 | ||||
| -rw-r--r-- | manifests/profile/base/keystone.pp | 18 | ||||
| -rw-r--r-- | manifests/profile/pacemaker/database/mysql.pp | 3 | ||||
| -rw-r--r-- | releasenotes/notes/6.2.0-64eaf596539f3ed1.yaml | 64 | ||||
| -rw-r--r-- | releasenotes/source/index.rst | 1 | ||||
| -rw-r--r-- | releasenotes/source/ocata.rst | 6 |
8 files changed, 82 insertions, 16 deletions
diff --git a/lib/puppet/provider/package/norpm.rb b/lib/puppet/provider/package/norpm.rb index 0764265..080b138 100644 --- a/lib/puppet/provider/package/norpm.rb +++ b/lib/puppet/provider/package/norpm.rb @@ -17,6 +17,8 @@ require 'puppet/provider/package' Puppet::Type.type(:package).provide :norpm, :source => :rpm, :parent => :rpm do desc "RPM packaging provider that does not install anything." + has_feature :virtual_packages + def latest @resource.fail "'latest' is unsupported by this provider." end diff --git a/manifests/profile/base/gnocchi/metricd.pp b/manifests/profile/base/gnocchi/metricd.pp index e69bbd5..f6f80cd 100644 --- a/manifests/profile/base/gnocchi/metricd.pp +++ b/manifests/profile/base/gnocchi/metricd.pp @@ -30,7 +30,5 @@ class tripleo::profile::base::gnocchi::metricd ( if $step >= 5 { include ::gnocchi::metricd - Keystone_endpoint<||> -> Service['gnocchi-metricd'] - Keystone_user_role<||> -> Service['gnocchi-metricd'] } } diff --git a/manifests/profile/base/gnocchi/statsd.pp b/manifests/profile/base/gnocchi/statsd.pp index 1fe4067..7c98a0a 100644 --- a/manifests/profile/base/gnocchi/statsd.pp +++ b/manifests/profile/base/gnocchi/statsd.pp @@ -30,7 +30,5 @@ class tripleo::profile::base::gnocchi::statsd ( if $step >= 5 { include ::gnocchi::statsd - Keystone_endpoint<||> -> Service['gnocchi-statsd'] - Keystone_user_role<||> -> Service['gnocchi-statsd'] } } diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp index 3ff8e63..999bcf6 100644 --- a/manifests/profile/base/keystone.pp +++ b/manifests/profile/base/keystone.pp @@ -157,22 +157,13 @@ class tripleo::profile::base::keystone ( ssl_key_admin => $tls_keyfile_admin, } include ::keystone::cors - - if $manage_roles { - include ::keystone::roles::admin - } - - if $manage_endpoint { - include ::keystone::endpoint - } - } if $step >= 4 and $manage_db_purge { include ::keystone::cron::token_flush } - if $step >= 3 and $manage_domain { + if $step == 3 and $manage_domain { if hiera('heat_engine_enabled', false) { # create these seperate and don't use ::heat::keystone::domain since # that class writes out the configs @@ -193,7 +184,12 @@ class tripleo::profile::base::keystone ( } } - if $step >= 3 and $manage_endpoint{ + if $step == 3 and $manage_roles { + include ::keystone::roles::admin + } + + if $step == 3 and $manage_endpoint { + include ::keystone::endpoint if hiera('aodh_api_enabled', false) { include ::aodh::keystone::auth } diff --git a/manifests/profile/pacemaker/database/mysql.pp b/manifests/profile/pacemaker/database/mysql.pp index ca9a1a8..bc5e644 100644 --- a/manifests/profile/pacemaker/database/mysql.pp +++ b/manifests/profile/pacemaker/database/mysql.pp @@ -180,12 +180,13 @@ class tripleo::profile::pacemaker::database::mysql ( # This step is to create a sysconfig clustercheck file with the root user and empty password # on the first install only (because later on the clustercheck db user will be used) # We are using exec and not file in order to not have duplicate definition errors in puppet - # when we later set the the file to contain the clustercheck data + # when we later set the file to contain the clustercheck data exec { 'create-root-sysconfig-clustercheck': command => "/bin/echo 'MYSQL_USERNAME=root\nMYSQL_PASSWORD=\'\'\nMYSQL_HOST=localhost\n' > /etc/sysconfig/clustercheck", unless => '/bin/test -e /etc/sysconfig/clustercheck && grep -q clustercheck /etc/sysconfig/clustercheck', } xinetd::service { 'galera-monitor' : + bind => hiera('mysql_bind_host'), port => '9200', server => '/usr/bin/clustercheck', per_source => 'UNLIMITED', diff --git a/releasenotes/notes/6.2.0-64eaf596539f3ed1.yaml b/releasenotes/notes/6.2.0-64eaf596539f3ed1.yaml new file mode 100644 index 0000000..c41deab --- /dev/null +++ b/releasenotes/notes/6.2.0-64eaf596539f3ed1.yaml @@ -0,0 +1,64 @@ +--- +features: + - Add networking-fujitsu support to Neutron ML2 profile. + - Split OVN plugin and northd configuration. + - Introduce tripleo::tls_proxy used to set up a TLS proxy using + mod_proxy that redirects towards localhost. + - HPELeftHandISCSIDriver support for Cinder Volume profile. + - Add support for CollectD profile, for performance monitoring. + - Configure Nova Cells v2 database, required in Ocata. + - Configure the basic setup for Nova Cells v2. + - Support for opendalight_v2 mechanism_driver in Neutron ML2 profile. + - Support for Ceph MDS service profile. + - Add IPv6 support to Firewall rules. It will create both IPv4 & IPv6 rules + at the same time. It automatically converts icmp rules to ipv6-icmp. When + a source or destination is specified, it will only create rules to the + right version of IP that is needed. + - Add support for not using admin_token in Ceph/RGW profile. + - Add Docker Registry profile. + - Add Nova Placement API profile. + - Add NTP profile. + - Add etcd profile, used by networking-vpp ML2 plugin. + - Add profiles for Octavia services. + - Enable object-expirer on Swift proxy profile. + - Set memcache_servers in /etc/swift/object-expirer.conf. + - Add support for fence_ironic fencing agent. + - Add a noop_resource function, which allow to disable any resource type + in a catalog, with --tags option to puppet apply. + - Add Ceph RBD mirrog Pacemaker profile. + - Remove Glance Registry profile, not used anymore. Glance API v1 is not + available anymore. + - Add Nova EC2API profile. + - Add support for Pacemaker Remote with a new profile. + - Updates Pacemaker profiles for Composable HA architecture. + - Add Tacker profile. + - Add Congress profile. + - Add a default rule for dhcpv6 traffic. + - Re-organizes Contrail services to the correct roles. + - Set innodb_file_per_table to ON for MySQL / Galera + - Switch Nova / Libvirt VNC server binding to use the IP address + provided in Hiera instead of 0.0.0.0. + - Proxy API endpoints that TripleO UI uses. + - Rebranding of Eqlx to Dell EMC PS Series. + - Add support for ScaleIO backend in Cinder Volume profile. + - Add support to changing the Rabbitmq password on stack-update. +deprecations: + - Remove tripleo::vip_hosts class, no longer used. +security: + - CVE-2016-9599 Enforce Firewall TCP / UDP rules management, by + sanitizing dynamic HAproxy endpoints firewall rules, securing + firewall rules creations (disallow TCP/UDP rules without sport or + dport), but allow to open all traffic for TCP/UDP when actually + desired. +fixes: + - Fixes `bug 1648736 + <https://bugs.launchpad.net/tripleo/+bug/1648736>`__ so swift-proxy + is decoupled from ceilometer packages. + - Fixes `bug 1652107 + <https://bugs.launchpad.net/tripleo/+bug/1652107>`__ so we ensure + package updates don't happen unexpectedly. + - Fixes `bug 1645898 + <https://bugs.launchpad.net/tripleo/+bug/1645898>`__ so we ensure + to bind the rabbit inter-cluster to a specific interface. +other: + - Introduce more Puppet rspec tests that improve testing quality. diff --git a/releasenotes/source/index.rst b/releasenotes/source/index.rst index c462aaa..b6dd81d 100644 --- a/releasenotes/source/index.rst +++ b/releasenotes/source/index.rst @@ -6,3 +6,4 @@ puppet-tripleo Release Notes :maxdepth: 1 unreleased + ocata diff --git a/releasenotes/source/ocata.rst b/releasenotes/source/ocata.rst new file mode 100644 index 0000000..ebe62f4 --- /dev/null +++ b/releasenotes/source/ocata.rst @@ -0,0 +1,6 @@ +=================================== + Ocata Series Release Notes +=================================== + +.. release-notes:: + :branch: origin/stable/ocata |