diff options
Diffstat (limited to 'releasenotes')
11 files changed, 60 insertions, 0 deletions
diff --git a/releasenotes/notes/add-bagpipe-driver-9163f5b22096fde0.yaml b/releasenotes/notes/add-bagpipe-driver-9163f5b22096fde0.yaml index df6b232..3b9f189 100644 --- a/releasenotes/notes/add-bagpipe-driver-9163f5b22096fde0.yaml +++ b/releasenotes/notes/add-bagpipe-driver-9163f5b22096fde0.yaml @@ -1,3 +1,4 @@ --- features: - Add support for Bagpipe Neutron driver as backend in BGPVPN scenarios + - Add ML2 plugin configuration for Bagpipe BGPVPN extension diff --git a/releasenotes/notes/cold_migration_security-1543136408c76459.yaml b/releasenotes/notes/cold_migration_security-1543136408c76459.yaml new file mode 100644 index 0000000..aaea57e --- /dev/null +++ b/releasenotes/notes/cold_migration_security-1543136408c76459.yaml @@ -0,0 +1,10 @@ +--- +features: + - | + Restrict nova migration ssh tunnel + * The ssh authorized_keys file is only writeable by root. + * Creates a new user for migration instead of using root/nova. + * Disables SSH forwarding for this user. + * Restricts the networks that this user can connect from. + * Uses an ssh wrapper command to whitelist the commands that this user can run over ssh. + Adds new parameter "tripleo::profile::base::nova::migration_ssh_localaddrs" to specify which incoming IPs are allow for SSH tunnel connections. diff --git a/releasenotes/notes/deprecate-redis-file-limit-4a60fa0fde4667ef.yaml b/releasenotes/notes/deprecate-redis-file-limit-4a60fa0fde4667ef.yaml new file mode 100644 index 0000000..a362abc --- /dev/null +++ b/releasenotes/notes/deprecate-redis-file-limit-4a60fa0fde4667ef.yaml @@ -0,0 +1,5 @@ +--- +deprecations: + - | + The redis_file_limit hiera parameter is now deprecated. Use the + redis::ulimit parameter instead. diff --git a/releasenotes/notes/enable-support-for-external-swift-proxy-f12c99b34516a023.yaml b/releasenotes/notes/enable-support-for-external-swift-proxy-f12c99b34516a023.yaml new file mode 100644 index 0000000..83b05bb --- /dev/null +++ b/releasenotes/notes/enable-support-for-external-swift-proxy-f12c99b34516a023.yaml @@ -0,0 +1,5 @@ +--- +features: + - Added support for external swift proxy. Users may need to + configure endpoints pointing to swift proxy service + already available. diff --git a/releasenotes/notes/ensure-ssl-conf-2f32c6ead6f3bb0e.yaml b/releasenotes/notes/ensure-ssl-conf-2f32c6ead6f3bb0e.yaml new file mode 100644 index 0000000..92f2360 --- /dev/null +++ b/releasenotes/notes/ensure-ssl-conf-2f32c6ead6f3bb0e.yaml @@ -0,0 +1,10 @@ +--- +fixes: + - | + With having package mod_ssl by default installed in images we introduced + issue with mod_ssl package update. In case of SSL not being used or + provided by HAproxy the puppet-apache module by default purges the + ssl.conf file. The package update then recreates the file with default + Listen 443 option. This causes conflict on 443 port during httpd restart. + If we include ::apache::mod::ssl the ssl.conf file will be configured and + the Listen option will be used only if there is vhost set to use SSL. diff --git a/releasenotes/notes/etcd-tls-bb8605c91ff8a94c.yaml b/releasenotes/notes/etcd-tls-bb8605c91ff8a94c.yaml new file mode 100644 index 0000000..d041267 --- /dev/null +++ b/releasenotes/notes/etcd-tls-bb8605c91ff8a94c.yaml @@ -0,0 +1,3 @@ +--- +features: + - Enable internal network TLS for etcd diff --git a/releasenotes/notes/mistral-mod-wsgi-1a1d3eb279daa7fd.yaml b/releasenotes/notes/mistral-mod-wsgi-1a1d3eb279daa7fd.yaml new file mode 100644 index 0000000..ae6401f --- /dev/null +++ b/releasenotes/notes/mistral-mod-wsgi-1a1d3eb279daa7fd.yaml @@ -0,0 +1,7 @@ +--- +features: + - Move Mistral API to use mod_wsgi under Apache. +upgrade: + - Mistral API systemd service will be stopped and + disabled. + diff --git a/releasenotes/notes/move-ceilo-upgrade-out-3318df875de5cd00.yaml b/releasenotes/notes/move-ceilo-upgrade-out-3318df875de5cd00.yaml new file mode 100644 index 0000000..1899db9 --- /dev/null +++ b/releasenotes/notes/move-ceilo-upgrade-out-3318df875de5cd00.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - Since collector is deprecated, move the ceilo upgrade in step5 + out of collector profile and into cielometer base. This way + ceilo upgrade can run even when collector is disabled which is + the default in pike. diff --git a/releasenotes/notes/neutron-bigswitch-agent-profile-1250bb1518199a67.yaml b/releasenotes/notes/neutron-bigswitch-agent-profile-1250bb1518199a67.yaml new file mode 100644 index 0000000..daaf6f4 --- /dev/null +++ b/releasenotes/notes/neutron-bigswitch-agent-profile-1250bb1518199a67.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Moves bigswitch neutron agent configuration to a new tripleo profile + tripleo::profile::base::neutron::agents::bigswitch diff --git a/releasenotes/notes/redfish-9203af1f7bf02bc5.yaml b/releasenotes/notes/redfish-9203af1f7bf02bc5.yaml new file mode 100644 index 0000000..d34c3d9 --- /dev/null +++ b/releasenotes/notes/redfish-9203af1f7bf02bc5.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + Support for Redfish hardware is enabled by default for overcloud Ironic + via the ``redfish`` hardware type. diff --git a/releasenotes/notes/zaqar-httpd-93db7feb60622687.yaml b/releasenotes/notes/zaqar-httpd-93db7feb60622687.yaml new file mode 100644 index 0000000..cff9d65 --- /dev/null +++ b/releasenotes/notes/zaqar-httpd-93db7feb60622687.yaml @@ -0,0 +1,3 @@ +--- +features: + - Run the Zaqar WSGI service over httpd. |