diff options
Diffstat (limited to 'releasenotes/notes')
5 files changed, 70 insertions, 7 deletions
diff --git a/releasenotes/notes/6.0.0-b52a14a71fc62788.yaml b/releasenotes/notes/6.0.0-b52a14a71fc62788.yaml index 069cbd23..f9afb18d 100644 --- a/releasenotes/notes/6.0.0-b52a14a71fc62788.yaml +++ b/releasenotes/notes/6.0.0-b52a14a71fc62788.yaml @@ -54,9 +54,20 @@ features: - Add Panko service support. This service is not enabled by default. Use environments/services/enable-panko.yaml to include it in your deployment. - Add EC2-API composable service support. + - Allow dnsmasq_dns_servers to be configured for Neutron DHCP Agent with a + new parameter (NeutronDhcpAgentDnsmasqDnsServers, default to []). + - Add support for Ceph RBD mirroring daemon managed by Pacemaker. + - Add deployed server bootstrap for RHEL. + - Configure VNC Server listen address on internal_api network by default. + - Support for Cinder Dell EMC PS Series. + - Support for Cinder Dell EMC EMC Storage Center. + - Support for Octavia composable services for LBaaS with Neutron. + - Support for Collectd composable services for performance monitoring. + - Support for Tacker composable service for VNF management. upgrade: - Update OpenDaylight deployment to use networking-odl v2 as a mechanism driver. + - Update Contrail composable services. deprecations: - Glance Registry service has been removed and Glance API v2 is now deploy by default. Glance API v1 is not supported anymore in TripleO. @@ -68,16 +79,26 @@ deprecations: - Removes deprecated OpenDaylight L2 only deployments. Deploying ODL without L3 DVR is no longer supported. security: - - Disallow iframe embed in Horizon configuration to prevent dashboard being - embedded within an iframe and exposed to Cross-Frame Scripting (XFS) - vulnerability on legacy browsers. - - Allow management of enforce_password_check in Horizons configuration to - display an 'Admin Password' field on the Change Password form to verify that + - Enable management of 'DISALLOW_IFRAME_EMBED' in Horizon configuration to + prevent dashboard being embedded within an iframe and exposed to Cross-Frame + Scripting (XFS) vulnerability on legacy browsers. + - Enable management of 'ENFORCE_PASSWORD_CHECK' in Horizons configuration to + display an Admin Password field on the Change Password form to verify that it is indeed the admin logged-in who wants to change the password. - - Allow management of disable_password_reveal in Horizon, to remove the + - Enable management of 'DISABLE_PASSWORD_REVEAL' in Horizon, to remove the password reveal option. - - Enable secure_proxy_ssl_header option in Horizons configuration to take + - Enable 'SECURE_PROXY_SSL_HEADER' option in Horizons configuration to take X-Forwarded-Proto header into account when forming URLs. + - Enable management of ENFORCE_PASSWORD_CHECK value. By setting + 'ENFORCE_PASSWORD_CHECK' to 'True' within Horizons local_settings.py, it + displays an ‘Admin Password’ field on the “Change Password” form to verify + that it is the admin logged-in that wants to perform the password change. + - Enable management of Horizons Password Validation. Enables injection of an + operators own password validation regex via a heat template. + - Enable management of '/etc/issue Banner' whereby an operator can populate + their own Banner warning text to be displayed upon terminal login. + - Enable management of auditd system. '/etc/audit/audit.rules' can now be + populated by means of a heat template. fixes: - Fixes `bug 1645898 <https://bugs.launchpad.net/tripleo/+bug/1645898>`__ so epmd is binded on @@ -93,3 +114,12 @@ fixes: - Fixes `bug 1643487 <https://bugs.launchpad.net/tripleo/+bug/1643487>`__ to prevent source address from binding to a VIP for database connection. + - Fixes `bug 1649836 + <https://bugs.launchpad.net/tripleo/+bug/1649836>`__ to configure + DPDK options to isolate PMD cores and ovs process cores. + - Fixes `bug 1662344 + <https://bugs.launchpad.net/tripleo/+bug/1662344>`__ by stopping + to set bind_address on nova db uri. + This reverts the changes in https://review.openstack.org/414629 for nova as + they are incompatible with cell_v2. + This is a temporary fix for HA while a long-term solution is developed. diff --git a/releasenotes/notes/composable-ha-37e2d7e1f57f5c10.yaml b/releasenotes/notes/composable-ha-37e2d7e1f57f5c10.yaml new file mode 100644 index 00000000..e560fe95 --- /dev/null +++ b/releasenotes/notes/composable-ha-37e2d7e1f57f5c10.yaml @@ -0,0 +1,12 @@ +--- +features: + - With the composable HA work landed it is now possible + to split pacemaker-managed services like galera, rabbit, + redis, haproxy and any A/P resource, off to dedicated + nodes. These services can be split off to separate nodes + either via the normal Pacemaker service (which has a limit + of 16 maximum number of nodes) or via the newer PacemakerRemote + service (but not both on the same node). Note that until + https://bugzilla.redhat.com/show_bug.cgi?id=1417936 is fixed, + PacemakerRemote should only be used for Cinder A/P resources + and Manila A/P resources. diff --git a/releasenotes/notes/ha-by-default-55326e699ee8602c.yaml b/releasenotes/notes/ha-by-default-55326e699ee8602c.yaml new file mode 100644 index 00000000..edcc1250 --- /dev/null +++ b/releasenotes/notes/ha-by-default-55326e699ee8602c.yaml @@ -0,0 +1,5 @@ +--- +deprecations: + - The environments/puppet-pacemaker.yaml file is now deprecated and the HA + deployment is now the default. In order to get the non-HA deployment use + environments/nonha-arch.yaml explicitly. diff --git a/releasenotes/notes/keystone_internal-53cc7b24ebdd9df4.yaml b/releasenotes/notes/keystone_internal-53cc7b24ebdd9df4.yaml new file mode 100644 index 00000000..1f41073b --- /dev/null +++ b/releasenotes/notes/keystone_internal-53cc7b24ebdd9df4.yaml @@ -0,0 +1,9 @@ +--- +other: + - | + Use Keystone internal endpoint instead of admin for services. + The admin endpoint is listening on the ctlplane network by default; + services should ideally be using the internal api network for this kind + of traffic, as the ctlplane network is mostly for provisioning. On the + other hand, the admin endpoint shouldn't be as relevant with services + switching to keystone v3. diff --git a/releasenotes/notes/memcached-max-memory-ef6834d17953fca6.yaml b/releasenotes/notes/memcached-max-memory-ef6834d17953fca6.yaml new file mode 100644 index 00000000..c14cefa0 --- /dev/null +++ b/releasenotes/notes/memcached-max-memory-ef6834d17953fca6.yaml @@ -0,0 +1,7 @@ +--- +features: + - | + Memcached max memory configuration is now exposed va MemcachedMaxMemory. +upgrade: + - | + Reduce the default memory configuration for memcached from 95% to 50%. |