aboutsummaryrefslogtreecommitdiffstats
path: root/releasenotes/notes
diff options
context:
space:
mode:
Diffstat (limited to 'releasenotes/notes')
-rw-r--r--releasenotes/notes/6.0.0-b52a14a71fc62788.yaml44
-rw-r--r--releasenotes/notes/add-default-ntp-server-696b8568e09be497.yaml6
-rw-r--r--releasenotes/notes/composable-ha-37e2d7e1f57f5c10.yaml12
-rw-r--r--releasenotes/notes/composable-upgrades-d9ec7c634365e8e0.yaml14
-rw-r--r--releasenotes/notes/deployed-servers-fd47f18204cea105.yaml8
-rw-r--r--releasenotes/notes/ha-by-default-55326e699ee8602c.yaml5
-rw-r--r--releasenotes/notes/ironic-cleaning-network-1e06881df0402221.yaml10
-rw-r--r--releasenotes/notes/keystone_internal-53cc7b24ebdd9df4.yaml9
-rw-r--r--releasenotes/notes/memcached-max-memory-ef6834d17953fca6.yaml7
-rw-r--r--releasenotes/notes/octavia-service-integration-03bd3eb6cfe1efaf.yaml4
-rw-r--r--releasenotes/notes/puppet-auditd-6504295e8c6c7a3b.yaml9
-rw-r--r--releasenotes/notes/swift-ring-keeper-c04b440d7d5ce13f.yaml9
12 files changed, 130 insertions, 7 deletions
diff --git a/releasenotes/notes/6.0.0-b52a14a71fc62788.yaml b/releasenotes/notes/6.0.0-b52a14a71fc62788.yaml
index 069cbd23..f9afb18d 100644
--- a/releasenotes/notes/6.0.0-b52a14a71fc62788.yaml
+++ b/releasenotes/notes/6.0.0-b52a14a71fc62788.yaml
@@ -54,9 +54,20 @@ features:
- Add Panko service support. This service is not enabled by default. Use
environments/services/enable-panko.yaml to include it in your deployment.
- Add EC2-API composable service support.
+ - Allow dnsmasq_dns_servers to be configured for Neutron DHCP Agent with a
+ new parameter (NeutronDhcpAgentDnsmasqDnsServers, default to []).
+ - Add support for Ceph RBD mirroring daemon managed by Pacemaker.
+ - Add deployed server bootstrap for RHEL.
+ - Configure VNC Server listen address on internal_api network by default.
+ - Support for Cinder Dell EMC PS Series.
+ - Support for Cinder Dell EMC EMC Storage Center.
+ - Support for Octavia composable services for LBaaS with Neutron.
+ - Support for Collectd composable services for performance monitoring.
+ - Support for Tacker composable service for VNF management.
upgrade:
- Update OpenDaylight deployment to use networking-odl v2 as a mechanism
driver.
+ - Update Contrail composable services.
deprecations:
- Glance Registry service has been removed and Glance API v2 is now deploy
by default. Glance API v1 is not supported anymore in TripleO.
@@ -68,16 +79,26 @@ deprecations:
- Removes deprecated OpenDaylight L2 only deployments.
Deploying ODL without L3 DVR is no longer supported.
security:
- - Disallow iframe embed in Horizon configuration to prevent dashboard being
- embedded within an iframe and exposed to Cross-Frame Scripting (XFS)
- vulnerability on legacy browsers.
- - Allow management of enforce_password_check in Horizons configuration to
- display an 'Admin Password' field on the Change Password form to verify that
+ - Enable management of 'DISALLOW_IFRAME_EMBED' in Horizon configuration to
+ prevent dashboard being embedded within an iframe and exposed to Cross-Frame
+ Scripting (XFS) vulnerability on legacy browsers.
+ - Enable management of 'ENFORCE_PASSWORD_CHECK' in Horizons configuration to
+ display an Admin Password field on the Change Password form to verify that
it is indeed the admin logged-in who wants to change the password.
- - Allow management of disable_password_reveal in Horizon, to remove the
+ - Enable management of 'DISABLE_PASSWORD_REVEAL' in Horizon, to remove the
password reveal option.
- - Enable secure_proxy_ssl_header option in Horizons configuration to take
+ - Enable 'SECURE_PROXY_SSL_HEADER' option in Horizons configuration to take
X-Forwarded-Proto header into account when forming URLs.
+ - Enable management of ENFORCE_PASSWORD_CHECK value. By setting
+ 'ENFORCE_PASSWORD_CHECK' to 'True' within Horizons local_settings.py, it
+ displays an ‘Admin Password’ field on the “Change Password” form to verify
+ that it is the admin logged-in that wants to perform the password change.
+ - Enable management of Horizons Password Validation. Enables injection of an
+ operators own password validation regex via a heat template.
+ - Enable management of '/etc/issue Banner' whereby an operator can populate
+ their own Banner warning text to be displayed upon terminal login.
+ - Enable management of auditd system. '/etc/audit/audit.rules' can now be
+ populated by means of a heat template.
fixes:
- Fixes `bug 1645898
<https://bugs.launchpad.net/tripleo/+bug/1645898>`__ so epmd is binded on
@@ -93,3 +114,12 @@ fixes:
- Fixes `bug 1643487
<https://bugs.launchpad.net/tripleo/+bug/1643487>`__ to prevent source
address from binding to a VIP for database connection.
+ - Fixes `bug 1649836
+ <https://bugs.launchpad.net/tripleo/+bug/1649836>`__ to configure
+ DPDK options to isolate PMD cores and ovs process cores.
+ - Fixes `bug 1662344
+ <https://bugs.launchpad.net/tripleo/+bug/1662344>`__ by stopping
+ to set bind_address on nova db uri.
+ This reverts the changes in https://review.openstack.org/414629 for nova as
+ they are incompatible with cell_v2.
+ This is a temporary fix for HA while a long-term solution is developed.
diff --git a/releasenotes/notes/add-default-ntp-server-696b8568e09be497.yaml b/releasenotes/notes/add-default-ntp-server-696b8568e09be497.yaml
new file mode 100644
index 00000000..78fdbb59
--- /dev/null
+++ b/releasenotes/notes/add-default-ntp-server-696b8568e09be497.yaml
@@ -0,0 +1,6 @@
+---
+issues:
+ - We add a default NTP server to the Overcloud
+ for all Pacemaker and non-Pacemaker deployments,
+ also useful for keeping time diff controlled for
+ Keystone and Ceph.
diff --git a/releasenotes/notes/composable-ha-37e2d7e1f57f5c10.yaml b/releasenotes/notes/composable-ha-37e2d7e1f57f5c10.yaml
new file mode 100644
index 00000000..e560fe95
--- /dev/null
+++ b/releasenotes/notes/composable-ha-37e2d7e1f57f5c10.yaml
@@ -0,0 +1,12 @@
+---
+features:
+ - With the composable HA work landed it is now possible
+ to split pacemaker-managed services like galera, rabbit,
+ redis, haproxy and any A/P resource, off to dedicated
+ nodes. These services can be split off to separate nodes
+ either via the normal Pacemaker service (which has a limit
+ of 16 maximum number of nodes) or via the newer PacemakerRemote
+ service (but not both on the same node). Note that until
+ https://bugzilla.redhat.com/show_bug.cgi?id=1417936 is fixed,
+ PacemakerRemote should only be used for Cinder A/P resources
+ and Manila A/P resources.
diff --git a/releasenotes/notes/composable-upgrades-d9ec7c634365e8e0.yaml b/releasenotes/notes/composable-upgrades-d9ec7c634365e8e0.yaml
new file mode 100644
index 00000000..55062b04
--- /dev/null
+++ b/releasenotes/notes/composable-upgrades-d9ec7c634365e8e0.yaml
@@ -0,0 +1,14 @@
+---
+features:
+ - |
+ Composable service plugins now support two additional sections,
+ upgrade_tasks and upgrade_batch_tasks. These can be used by service
+ template authors to define the required behavior on upgrade as ansible
+ tasks, for both upgrades that require downtime, and rolling upgrades.
+ See puppet/services/README.rst for more details.
+upgrade:
+ - |
+ Please refer to tripleo-docs for full details on the upgrade workflow
+ required for Newton to Ocata upgrades, as it's possible some steps are
+ different to previous releases:
+ http://docs.openstack.org/developer/tripleo-docs/post_deployment/upgrade.html
diff --git a/releasenotes/notes/deployed-servers-fd47f18204cea105.yaml b/releasenotes/notes/deployed-servers-fd47f18204cea105.yaml
new file mode 100644
index 00000000..d05b268c
--- /dev/null
+++ b/releasenotes/notes/deployed-servers-fd47f18204cea105.yaml
@@ -0,0 +1,8 @@
+---
+features:
+ - It is now possible to deploy with tripleo-heat-templates using servers that
+ are already provisioned with an operating system, and not necessarily
+ provisioned with Nova and Ironic. This feature is enabled by making use of
+ the environments/deployed-server-environment.yaml environment file. For
+ more information, see
+ http://docs.openstack.org/developer/tripleo-docs/advanced_deployment/deployed_server.html
diff --git a/releasenotes/notes/ha-by-default-55326e699ee8602c.yaml b/releasenotes/notes/ha-by-default-55326e699ee8602c.yaml
new file mode 100644
index 00000000..edcc1250
--- /dev/null
+++ b/releasenotes/notes/ha-by-default-55326e699ee8602c.yaml
@@ -0,0 +1,5 @@
+---
+deprecations:
+ - The environments/puppet-pacemaker.yaml file is now deprecated and the HA
+ deployment is now the default. In order to get the non-HA deployment use
+ environments/nonha-arch.yaml explicitly.
diff --git a/releasenotes/notes/ironic-cleaning-network-1e06881df0402221.yaml b/releasenotes/notes/ironic-cleaning-network-1e06881df0402221.yaml
new file mode 100644
index 00000000..72601f9e
--- /dev/null
+++ b/releasenotes/notes/ironic-cleaning-network-1e06881df0402221.yaml
@@ -0,0 +1,10 @@
+---
+features:
+ - |
+ New parameter "IronicCleaningNetwork" can be used to override the name
+ or UUID of the **overcloud** network Ironic uses for cleaning.
+fixes:
+ - |
+ A default value is now provided for Ironic ``cleaning_network``
+ configuration option. Not providing it on start up was deprecated since
+ Newton, and will result in a failure in the near future.
diff --git a/releasenotes/notes/keystone_internal-53cc7b24ebdd9df4.yaml b/releasenotes/notes/keystone_internal-53cc7b24ebdd9df4.yaml
new file mode 100644
index 00000000..1f41073b
--- /dev/null
+++ b/releasenotes/notes/keystone_internal-53cc7b24ebdd9df4.yaml
@@ -0,0 +1,9 @@
+---
+other:
+ - |
+ Use Keystone internal endpoint instead of admin for services.
+ The admin endpoint is listening on the ctlplane network by default;
+ services should ideally be using the internal api network for this kind
+ of traffic, as the ctlplane network is mostly for provisioning. On the
+ other hand, the admin endpoint shouldn't be as relevant with services
+ switching to keystone v3.
diff --git a/releasenotes/notes/memcached-max-memory-ef6834d17953fca6.yaml b/releasenotes/notes/memcached-max-memory-ef6834d17953fca6.yaml
new file mode 100644
index 00000000..c14cefa0
--- /dev/null
+++ b/releasenotes/notes/memcached-max-memory-ef6834d17953fca6.yaml
@@ -0,0 +1,7 @@
+---
+features:
+ - |
+ Memcached max memory configuration is now exposed va MemcachedMaxMemory.
+upgrade:
+ - |
+ Reduce the default memory configuration for memcached from 95% to 50%.
diff --git a/releasenotes/notes/octavia-service-integration-03bd3eb6cfe1efaf.yaml b/releasenotes/notes/octavia-service-integration-03bd3eb6cfe1efaf.yaml
new file mode 100644
index 00000000..bd8d3562
--- /dev/null
+++ b/releasenotes/notes/octavia-service-integration-03bd3eb6cfe1efaf.yaml
@@ -0,0 +1,4 @@
+---
+features:
+ - |
+ Added initial support for deploying the Octavia services in the overcloud.
diff --git a/releasenotes/notes/puppet-auditd-6504295e8c6c7a3b.yaml b/releasenotes/notes/puppet-auditd-6504295e8c6c7a3b.yaml
new file mode 100644
index 00000000..1949e4fe
--- /dev/null
+++ b/releasenotes/notes/puppet-auditd-6504295e8c6c7a3b.yaml
@@ -0,0 +1,9 @@
+---
+features:
+ - |
+ Adds the ability to manage auditd.service and enter audit.rules via tripleo
+ heat templates. This in turn enforces an audit log of system events, such
+ as system time changes, modifications to Discretionary Access Controls,
+ Failed login attempts.
+
+
diff --git a/releasenotes/notes/swift-ring-keeper-c04b440d7d5ce13f.yaml b/releasenotes/notes/swift-ring-keeper-c04b440d7d5ce13f.yaml
new file mode 100644
index 00000000..e9974a20
--- /dev/null
+++ b/releasenotes/notes/swift-ring-keeper-c04b440d7d5ce13f.yaml
@@ -0,0 +1,9 @@
+---
+fixes:
+ - |
+ Swift rings created or updated on the overcloud nodes will now be
+ stored on the undercloud at the end of each deployment. They will be
+ retrieved before any deployment update, and by doing this the Swift
+ rings will be in a consistent state across the cluster all the time.
+ This makes it possible to add, remove or replace nodes without
+ manual operator interaction.