diff options
Diffstat (limited to 'releasenotes/notes')
13 files changed, 96 insertions, 0 deletions
diff --git a/releasenotes/notes/Enable-TLS-for-libvirt-0aab48cd8339da0f.yaml b/releasenotes/notes/Enable-TLS-for-libvirt-0aab48cd8339da0f.yaml new file mode 100644 index 00000000..e8941b7c --- /dev/null +++ b/releasenotes/notes/Enable-TLS-for-libvirt-0aab48cd8339da0f.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + If TLS in the internal network is enabled, libvirt's transport defaults to + using TLS. This can be changed by setting the ``UseTLSTransportForLiveMigration`` + parameter, which is ``true`` by default. diff --git a/releasenotes/notes/add-all-hosts-to-hostsentry-20a8ee8a1a210ce2.yaml b/releasenotes/notes/add-all-hosts-to-hostsentry-20a8ee8a1a210ce2.yaml new file mode 100644 index 00000000..b0ad9d93 --- /dev/null +++ b/releasenotes/notes/add-all-hosts-to-hostsentry-20a8ee8a1a210ce2.yaml @@ -0,0 +1,9 @@ +--- +fixes: + - Previously only the VIPs and their associated hostnames were present + in the HostsEntry output, due to the hosts_entries output on the + hosts-config.yaml nested stack being empty. It was referencing an + invalid attribute. See + https://bugs.launchpad.net/tripleo/+bug/1683517 + + diff --git a/releasenotes/notes/add-ipv6-diable-options-9aaee219bb87ac6a.yaml b/releasenotes/notes/add-ipv6-diable-options-9aaee219bb87ac6a.yaml new file mode 100644 index 00000000..8b57f587 --- /dev/null +++ b/releasenotes/notes/add-ipv6-diable-options-9aaee219bb87ac6a.yaml @@ -0,0 +1,7 @@ +--- +security: + - | + Add IPv6 disable option and make it configurable for user to disable IPv6 + when it's not used, this will descrease the risk of ipv6 attack. + Both net.ipv6.conf.default.disable_ipv6 & net.ipv6.conf.all.disable_ipv6 + will be explicitly set to the default value (0) which is enabled. diff --git a/releasenotes/notes/enable-support-for-external-swift-proxy-941917f8bcc63a5d.yaml b/releasenotes/notes/enable-support-for-external-swift-proxy-941917f8bcc63a5d.yaml new file mode 100644 index 00000000..83b05bbb --- /dev/null +++ b/releasenotes/notes/enable-support-for-external-swift-proxy-941917f8bcc63a5d.yaml @@ -0,0 +1,5 @@ +--- +features: + - Added support for external swift proxy. Users may need to + configure endpoints pointing to swift proxy service + already available. diff --git a/releasenotes/notes/glance-keystonev3-d35182ba9a3778eb.yaml b/releasenotes/notes/glance-keystonev3-d35182ba9a3778eb.yaml new file mode 100644 index 00000000..072e85aa --- /dev/null +++ b/releasenotes/notes/glance-keystonev3-d35182ba9a3778eb.yaml @@ -0,0 +1,4 @@ +--- +features: + - Deploy Glance with Keystone v3 endpoints and make + sure it doesn't rely on Keystone v2 anymore. diff --git a/releasenotes/notes/migration_over_ssh-003e2a92f5f5374d.yaml b/releasenotes/notes/migration_over_ssh-003e2a92f5f5374d.yaml new file mode 100644 index 00000000..45ca9fe5 --- /dev/null +++ b/releasenotes/notes/migration_over_ssh-003e2a92f5f5374d.yaml @@ -0,0 +1,14 @@ +--- +features: + - | + Add support for cold migration over ssh. + + This enables nova cold migration. + + This also switches to SSH as the default transport for live-migration. + The tripleo-common mistral action that generates passwords supplies the + MigrationSshKey parameter that enables this. +deprecations: + - | + The TCP transport is no longer used for live-migration and the firewall + port has been closed. diff --git a/releasenotes/notes/pluggable-server-type-per-role-314f38f8e5d4c84e.yaml b/releasenotes/notes/pluggable-server-type-per-role-314f38f8e5d4c84e.yaml new file mode 100644 index 00000000..5b58d3d4 --- /dev/null +++ b/releasenotes/notes/pluggable-server-type-per-role-314f38f8e5d4c84e.yaml @@ -0,0 +1,8 @@ +--- +features: + - The server resource type, OS::TripleO::Server can now be + mapped per role instead of globally. This allows users to + mix baremetal (OS::Nova::Server) and + deployed-server (OS::Heat::DeployedServer) server resources + in the same deployment. See + https://blueprints.launchpad.net/tripleo/+spec/pluggable-server-type-per-role diff --git a/releasenotes/notes/role-tags-16ac2e9e8fcab218.yaml b/releasenotes/notes/role-tags-16ac2e9e8fcab218.yaml new file mode 100644 index 00000000..dadbfa4b --- /dev/null +++ b/releasenotes/notes/role-tags-16ac2e9e8fcab218.yaml @@ -0,0 +1,18 @@ +--- +features: + - | + Adds tags to roles that allow an operator to specify custom tags to use + when trying to find functionality available from a role. Currently a role + with both the 'primary' and 'controller' tag is consider to be the primary + role. Historically the role named 'Controller' was the 'primary' role and + this primary designation is used to determine items like memcache ip + addresses. If no roles have the both the 'primary' and 'controller' tags, + the first role specified in the roles_data.yaml is used as the primary + role. +upgrade: + - | + If using custom roles data, the logic was changed to leverage the first + role listed in the roles_data.yaml file to be the primary role. This can + be worked around by adding the 'primary' and 'controller' tags to the + custom controller role in your roles_data.yaml to ensure that the defined + custom controller role is still considered the primary role. diff --git a/releasenotes/notes/ssh_known_hosts-287563590632d1aa.yaml b/releasenotes/notes/ssh_known_hosts-287563590632d1aa.yaml new file mode 100644 index 00000000..8b533b1a --- /dev/null +++ b/releasenotes/notes/ssh_known_hosts-287563590632d1aa.yaml @@ -0,0 +1,4 @@ +--- +features: + - SSH host key exchange. The ssh host keys are collected from each host, + combined, and written to /etc/ssh/ssh_known_hosts. diff --git a/releasenotes/notes/sshd-service-extensions-0c4d0879942a2052.yaml b/releasenotes/notes/sshd-service-extensions-0c4d0879942a2052.yaml new file mode 100644 index 00000000..4cc01df8 --- /dev/null +++ b/releasenotes/notes/sshd-service-extensions-0c4d0879942a2052.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + Added ability to manage MOTD Banner + Enabled SSHD composible service by default. Puppet-ssh manages the sshd config. diff --git a/releasenotes/notes/token-flush-twice-a-day-d4b00a2953a6b383.yaml b/releasenotes/notes/token-flush-twice-a-day-d4b00a2953a6b383.yaml new file mode 100644 index 00000000..70051f65 --- /dev/null +++ b/releasenotes/notes/token-flush-twice-a-day-d4b00a2953a6b383.yaml @@ -0,0 +1,7 @@ +--- +fixes: + - The token flush cron job has been modified to run hourly instead of once + a day. This is because this was causing issues with larger deployments, as + the operation would take too long and sometimes even fail because of the + transaction being so large. Note that this only affects people using the + UUID token provider. diff --git a/releasenotes/notes/update-on-rhel-registration-afbef3ead983b08f.yaml b/releasenotes/notes/update-on-rhel-registration-afbef3ead983b08f.yaml new file mode 100644 index 00000000..ad1f39c4 --- /dev/null +++ b/releasenotes/notes/update-on-rhel-registration-afbef3ead983b08f.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + Adds a new boolean parameter for RHEL Registration called + 'UpdateOnRHELRegistration' that when enabled will trigger a yum update + on the node after the registration process completes. diff --git a/releasenotes/notes/update-plan-environment-4e164b57a801e2cb.yaml b/releasenotes/notes/update-plan-environment-4e164b57a801e2cb.yaml new file mode 100644 index 00000000..29d32cb7 --- /dev/null +++ b/releasenotes/notes/update-plan-environment-4e164b57a801e2cb.yaml @@ -0,0 +1,3 @@ +--- +features: + - Add name and description fields to plan-environment.yaml |