aboutsummaryrefslogtreecommitdiffstats
path: root/releasenotes/notes
diff options
context:
space:
mode:
Diffstat (limited to 'releasenotes/notes')
-rw-r--r--releasenotes/notes/Enable-TLS-for-libvirt-0aab48cd8339da0f.yaml6
-rw-r--r--releasenotes/notes/add-all-hosts-to-hostsentry-20a8ee8a1a210ce2.yaml9
-rw-r--r--releasenotes/notes/add-ipv6-diable-options-9aaee219bb87ac6a.yaml7
-rw-r--r--releasenotes/notes/change-rabbitmq-ha-mode-policy-default-6c6cd7f02181f0e0.yaml11
-rw-r--r--releasenotes/notes/disable-manila-cephfs-snapshots-by-default-d5320a05d9b501cf.yaml5
-rw-r--r--releasenotes/notes/disable_default_apache_vhost-f41d11fe07605f7f.yaml6
-rw-r--r--releasenotes/notes/enable-support-for-external-swift-proxy-941917f8bcc63a5d.yaml5
-rw-r--r--releasenotes/notes/glance-keystonev3-d35182ba9a3778eb.yaml4
-rw-r--r--releasenotes/notes/ironic-boot-option-3f3036aa5e82ec7e.yaml12
-rw-r--r--releasenotes/notes/ironic-hardware-types-fe5140549d3bb792.yaml9
-rw-r--r--releasenotes/notes/migration_over_ssh-003e2a92f5f5374d.yaml14
-rw-r--r--releasenotes/notes/nsx-support-1254839718d8df8c.yaml3
-rw-r--r--releasenotes/notes/pluggable-server-type-per-role-314f38f8e5d4c84e.yaml8
-rw-r--r--releasenotes/notes/replace-references-to-old-ctlplane-0df7f2ae8910559c.yaml20
-rw-r--r--releasenotes/notes/role-tags-16ac2e9e8fcab218.yaml18
-rw-r--r--releasenotes/notes/ssh_known_hosts-287563590632d1aa.yaml4
-rw-r--r--releasenotes/notes/sshd-service-extensions-0c4d0879942a2052.yaml5
-rw-r--r--releasenotes/notes/swap-prepuppet-and-postpuppet-to-preconfig-and-postconfig-debd5f28bc578d51.yaml6
-rw-r--r--releasenotes/notes/token-flush-twice-a-day-d4b00a2953a6b383.yaml7
-rw-r--r--releasenotes/notes/update-on-rhel-registration-afbef3ead983b08f.yaml6
-rw-r--r--releasenotes/notes/update-plan-environment-4e164b57a801e2cb.yaml3
-rw-r--r--releasenotes/notes/zaqar-httpd-e7d91bf396da28d0.yaml3
22 files changed, 171 insertions, 0 deletions
diff --git a/releasenotes/notes/Enable-TLS-for-libvirt-0aab48cd8339da0f.yaml b/releasenotes/notes/Enable-TLS-for-libvirt-0aab48cd8339da0f.yaml
new file mode 100644
index 00000000..e8941b7c
--- /dev/null
+++ b/releasenotes/notes/Enable-TLS-for-libvirt-0aab48cd8339da0f.yaml
@@ -0,0 +1,6 @@
+---
+features:
+ - |
+ If TLS in the internal network is enabled, libvirt's transport defaults to
+ using TLS. This can be changed by setting the ``UseTLSTransportForLiveMigration``
+ parameter, which is ``true`` by default.
diff --git a/releasenotes/notes/add-all-hosts-to-hostsentry-20a8ee8a1a210ce2.yaml b/releasenotes/notes/add-all-hosts-to-hostsentry-20a8ee8a1a210ce2.yaml
new file mode 100644
index 00000000..b0ad9d93
--- /dev/null
+++ b/releasenotes/notes/add-all-hosts-to-hostsentry-20a8ee8a1a210ce2.yaml
@@ -0,0 +1,9 @@
+---
+fixes:
+ - Previously only the VIPs and their associated hostnames were present
+ in the HostsEntry output, due to the hosts_entries output on the
+ hosts-config.yaml nested stack being empty. It was referencing an
+ invalid attribute. See
+ https://bugs.launchpad.net/tripleo/+bug/1683517
+
+
diff --git a/releasenotes/notes/add-ipv6-diable-options-9aaee219bb87ac6a.yaml b/releasenotes/notes/add-ipv6-diable-options-9aaee219bb87ac6a.yaml
new file mode 100644
index 00000000..8b57f587
--- /dev/null
+++ b/releasenotes/notes/add-ipv6-diable-options-9aaee219bb87ac6a.yaml
@@ -0,0 +1,7 @@
+---
+security:
+ - |
+ Add IPv6 disable option and make it configurable for user to disable IPv6
+ when it's not used, this will descrease the risk of ipv6 attack.
+ Both net.ipv6.conf.default.disable_ipv6 & net.ipv6.conf.all.disable_ipv6
+ will be explicitly set to the default value (0) which is enabled.
diff --git a/releasenotes/notes/change-rabbitmq-ha-mode-policy-default-6c6cd7f02181f0e0.yaml b/releasenotes/notes/change-rabbitmq-ha-mode-policy-default-6c6cd7f02181f0e0.yaml
new file mode 100644
index 00000000..d6f74eff
--- /dev/null
+++ b/releasenotes/notes/change-rabbitmq-ha-mode-policy-default-6c6cd7f02181f0e0.yaml
@@ -0,0 +1,11 @@
+---
+upgrade:
+ - |
+ We are not changing the rabbitmq ha-mode policy during upgrades any longer.
+ The policy chosen at deploy time will remain the same but can be changed
+ manually.
+fixes:
+ - |
+ Due to https://bugs.launchpad.net/tripleo/+bug/1686337 we switch the
+ default of rabbitmq back ha-mode "all". This is to make the installation
+ more robust in the face of network issues.
diff --git a/releasenotes/notes/disable-manila-cephfs-snapshots-by-default-d5320a05d9b501cf.yaml b/releasenotes/notes/disable-manila-cephfs-snapshots-by-default-d5320a05d9b501cf.yaml
new file mode 100644
index 00000000..98d70b63
--- /dev/null
+++ b/releasenotes/notes/disable-manila-cephfs-snapshots-by-default-d5320a05d9b501cf.yaml
@@ -0,0 +1,5 @@
+---
+upgrade:
+ - |
+ Disabled cephfs snapshot support (ManilaCephFSNativeCephFSEnableSnapshots
+ parameter) in manila by default.
diff --git a/releasenotes/notes/disable_default_apache_vhost-f41d11fe07605f7f.yaml b/releasenotes/notes/disable_default_apache_vhost-f41d11fe07605f7f.yaml
new file mode 100644
index 00000000..279e25cc
--- /dev/null
+++ b/releasenotes/notes/disable_default_apache_vhost-f41d11fe07605f7f.yaml
@@ -0,0 +1,6 @@
+---
+upgrade:
+ - |
+ Disable default vhost for apache. It is required for a hybrid deployments
+ when WSGI based services running both at host and in containers, without
+ conflicting default ports.
diff --git a/releasenotes/notes/enable-support-for-external-swift-proxy-941917f8bcc63a5d.yaml b/releasenotes/notes/enable-support-for-external-swift-proxy-941917f8bcc63a5d.yaml
new file mode 100644
index 00000000..83b05bbb
--- /dev/null
+++ b/releasenotes/notes/enable-support-for-external-swift-proxy-941917f8bcc63a5d.yaml
@@ -0,0 +1,5 @@
+---
+features:
+ - Added support for external swift proxy. Users may need to
+ configure endpoints pointing to swift proxy service
+ already available.
diff --git a/releasenotes/notes/glance-keystonev3-d35182ba9a3778eb.yaml b/releasenotes/notes/glance-keystonev3-d35182ba9a3778eb.yaml
new file mode 100644
index 00000000..072e85aa
--- /dev/null
+++ b/releasenotes/notes/glance-keystonev3-d35182ba9a3778eb.yaml
@@ -0,0 +1,4 @@
+---
+features:
+ - Deploy Glance with Keystone v3 endpoints and make
+ sure it doesn't rely on Keystone v2 anymore.
diff --git a/releasenotes/notes/ironic-boot-option-3f3036aa5e82ec7e.yaml b/releasenotes/notes/ironic-boot-option-3f3036aa5e82ec7e.yaml
new file mode 100644
index 00000000..53191bd0
--- /dev/null
+++ b/releasenotes/notes/ironic-boot-option-3f3036aa5e82ec7e.yaml
@@ -0,0 +1,12 @@
+---
+features:
+ - |
+ New configuration ``IronicDefaultBootOption`` allows to change the default
+ boot option to use for bare metal instances in the overcloud.
+upgrade:
+ - |
+ The default boot option for bare metal instances in overcloud was changed
+ to "local". This was already the default for whole-disk images, but for
+ partition images it requires ``grub2`` to be installed on them.
+ Use the new ``IronicDefaultBootOption`` configuration to override, or
+ set ``boot_option`` capability on nodes and flavors.
diff --git a/releasenotes/notes/ironic-hardware-types-fe5140549d3bb792.yaml b/releasenotes/notes/ironic-hardware-types-fe5140549d3bb792.yaml
new file mode 100644
index 00000000..da3da6c7
--- /dev/null
+++ b/releasenotes/notes/ironic-hardware-types-fe5140549d3bb792.yaml
@@ -0,0 +1,9 @@
+---
+features:
+ - |
+ Configuring enabled Ironic hardware types is now possible via new
+ ``IronicEnabledHardwareTypes`` parameter. See this spec for details:
+ http://specs.openstack.org/openstack/ironic-specs/specs/approved/driver-composition-reform.html.
+ - |
+ Bare metal serial console support via ``socat`` utility is enabled for
+ Ironic hardware types supporting it (currently only ``ipmi``).
diff --git a/releasenotes/notes/migration_over_ssh-003e2a92f5f5374d.yaml b/releasenotes/notes/migration_over_ssh-003e2a92f5f5374d.yaml
new file mode 100644
index 00000000..45ca9fe5
--- /dev/null
+++ b/releasenotes/notes/migration_over_ssh-003e2a92f5f5374d.yaml
@@ -0,0 +1,14 @@
+---
+features:
+ - |
+ Add support for cold migration over ssh.
+
+ This enables nova cold migration.
+
+ This also switches to SSH as the default transport for live-migration.
+ The tripleo-common mistral action that generates passwords supplies the
+ MigrationSshKey parameter that enables this.
+deprecations:
+ - |
+ The TCP transport is no longer used for live-migration and the firewall
+ port has been closed.
diff --git a/releasenotes/notes/nsx-support-1254839718d8df8c.yaml b/releasenotes/notes/nsx-support-1254839718d8df8c.yaml
new file mode 100644
index 00000000..1d9f5f8a
--- /dev/null
+++ b/releasenotes/notes/nsx-support-1254839718d8df8c.yaml
@@ -0,0 +1,3 @@
+---
+features:
+ - Add support for NSX Neutron plugin
diff --git a/releasenotes/notes/pluggable-server-type-per-role-314f38f8e5d4c84e.yaml b/releasenotes/notes/pluggable-server-type-per-role-314f38f8e5d4c84e.yaml
new file mode 100644
index 00000000..5b58d3d4
--- /dev/null
+++ b/releasenotes/notes/pluggable-server-type-per-role-314f38f8e5d4c84e.yaml
@@ -0,0 +1,8 @@
+---
+features:
+ - The server resource type, OS::TripleO::Server can now be
+ mapped per role instead of globally. This allows users to
+ mix baremetal (OS::Nova::Server) and
+ deployed-server (OS::Heat::DeployedServer) server resources
+ in the same deployment. See
+ https://blueprints.launchpad.net/tripleo/+spec/pluggable-server-type-per-role
diff --git a/releasenotes/notes/replace-references-to-old-ctlplane-0df7f2ae8910559c.yaml b/releasenotes/notes/replace-references-to-old-ctlplane-0df7f2ae8910559c.yaml
new file mode 100644
index 00000000..09d3be03
--- /dev/null
+++ b/releasenotes/notes/replace-references-to-old-ctlplane-0df7f2ae8910559c.yaml
@@ -0,0 +1,20 @@
+---
+upgrade:
+ - |
+ The default network for the ctlplane changed from 192.0.2.0/24 to
+ 192.168.24.0/24. All references to the ctlplane network in the templates
+ have been updated to reflect this change. When upgrading from a previous
+ release, if the default network was used for the ctlplane (192.0.2.0/24),
+ then it is necessary to provide as input, via environment file, the correct
+ setting for all the parameters that previously defaulted to 192.0.2.x and
+ now default to 192.168.24.x; there is an environment file which could be
+ used on upgrade `environments/updates/update-from-192_0_2-subnet.yaml` to
+ cover a simple scenario but it won't be enough for scenarios using an
+ external load balancer, Contrail or Cisto N1KV. Follows a list of params to
+ be provided on upgrade.
+ From contrail-net.yaml: EC2MetadataIp, ControlPlaneDefaultRoute
+ From external-loadbalancer-vip-v6.yaml: ControlFixedIPs
+ From external-loadbalancer-vip.yaml: ControlFixedIPs
+ From network-environment.yaml: EC2MetadataIp, ControlPlaneDefaultRoute
+ From neutron-ml2-cisco-n1kv.yaml: N1000vVSMIP, N1000vMgmtGatewayIP
+ From contrail-vrouter.yaml: ContrailVrouterGateway
diff --git a/releasenotes/notes/role-tags-16ac2e9e8fcab218.yaml b/releasenotes/notes/role-tags-16ac2e9e8fcab218.yaml
new file mode 100644
index 00000000..dadbfa4b
--- /dev/null
+++ b/releasenotes/notes/role-tags-16ac2e9e8fcab218.yaml
@@ -0,0 +1,18 @@
+---
+features:
+ - |
+ Adds tags to roles that allow an operator to specify custom tags to use
+ when trying to find functionality available from a role. Currently a role
+ with both the 'primary' and 'controller' tag is consider to be the primary
+ role. Historically the role named 'Controller' was the 'primary' role and
+ this primary designation is used to determine items like memcache ip
+ addresses. If no roles have the both the 'primary' and 'controller' tags,
+ the first role specified in the roles_data.yaml is used as the primary
+ role.
+upgrade:
+ - |
+ If using custom roles data, the logic was changed to leverage the first
+ role listed in the roles_data.yaml file to be the primary role. This can
+ be worked around by adding the 'primary' and 'controller' tags to the
+ custom controller role in your roles_data.yaml to ensure that the defined
+ custom controller role is still considered the primary role.
diff --git a/releasenotes/notes/ssh_known_hosts-287563590632d1aa.yaml b/releasenotes/notes/ssh_known_hosts-287563590632d1aa.yaml
new file mode 100644
index 00000000..8b533b1a
--- /dev/null
+++ b/releasenotes/notes/ssh_known_hosts-287563590632d1aa.yaml
@@ -0,0 +1,4 @@
+---
+features:
+ - SSH host key exchange. The ssh host keys are collected from each host,
+ combined, and written to /etc/ssh/ssh_known_hosts.
diff --git a/releasenotes/notes/sshd-service-extensions-0c4d0879942a2052.yaml b/releasenotes/notes/sshd-service-extensions-0c4d0879942a2052.yaml
new file mode 100644
index 00000000..4cc01df8
--- /dev/null
+++ b/releasenotes/notes/sshd-service-extensions-0c4d0879942a2052.yaml
@@ -0,0 +1,5 @@
+---
+features:
+ - |
+ Added ability to manage MOTD Banner
+ Enabled SSHD composible service by default. Puppet-ssh manages the sshd config.
diff --git a/releasenotes/notes/swap-prepuppet-and-postpuppet-to-preconfig-and-postconfig-debd5f28bc578d51.yaml b/releasenotes/notes/swap-prepuppet-and-postpuppet-to-preconfig-and-postconfig-debd5f28bc578d51.yaml
new file mode 100644
index 00000000..875b704a
--- /dev/null
+++ b/releasenotes/notes/swap-prepuppet-and-postpuppet-to-preconfig-and-postconfig-debd5f28bc578d51.yaml
@@ -0,0 +1,6 @@
+---
+fixes:
+ - This commit merges both [Pre|Post]Puppet and [Pre|Post]Config
+ resources, giving an agnostic name for the configuration
+ steps. The [Pre|Post]Puppet resource is removed and should not
+ be used anymore.
diff --git a/releasenotes/notes/token-flush-twice-a-day-d4b00a2953a6b383.yaml b/releasenotes/notes/token-flush-twice-a-day-d4b00a2953a6b383.yaml
new file mode 100644
index 00000000..70051f65
--- /dev/null
+++ b/releasenotes/notes/token-flush-twice-a-day-d4b00a2953a6b383.yaml
@@ -0,0 +1,7 @@
+---
+fixes:
+ - The token flush cron job has been modified to run hourly instead of once
+ a day. This is because this was causing issues with larger deployments, as
+ the operation would take too long and sometimes even fail because of the
+ transaction being so large. Note that this only affects people using the
+ UUID token provider.
diff --git a/releasenotes/notes/update-on-rhel-registration-afbef3ead983b08f.yaml b/releasenotes/notes/update-on-rhel-registration-afbef3ead983b08f.yaml
new file mode 100644
index 00000000..ad1f39c4
--- /dev/null
+++ b/releasenotes/notes/update-on-rhel-registration-afbef3ead983b08f.yaml
@@ -0,0 +1,6 @@
+---
+features:
+ - |
+ Adds a new boolean parameter for RHEL Registration called
+ 'UpdateOnRHELRegistration' that when enabled will trigger a yum update
+ on the node after the registration process completes.
diff --git a/releasenotes/notes/update-plan-environment-4e164b57a801e2cb.yaml b/releasenotes/notes/update-plan-environment-4e164b57a801e2cb.yaml
new file mode 100644
index 00000000..29d32cb7
--- /dev/null
+++ b/releasenotes/notes/update-plan-environment-4e164b57a801e2cb.yaml
@@ -0,0 +1,3 @@
+---
+features:
+ - Add name and description fields to plan-environment.yaml
diff --git a/releasenotes/notes/zaqar-httpd-e7d91bf396da28d0.yaml b/releasenotes/notes/zaqar-httpd-e7d91bf396da28d0.yaml
new file mode 100644
index 00000000..a2172aac
--- /dev/null
+++ b/releasenotes/notes/zaqar-httpd-e7d91bf396da28d0.yaml
@@ -0,0 +1,3 @@
+---
+features:
+ - Run the Zaqar WSGI service over httpd in Puppet.