aboutsummaryrefslogtreecommitdiffstats
path: root/releasenotes/notes
AgeCommit message (Collapse)AuthorFilesLines
2017-04-05Merge "Add l2gw neutron service plugin support"Jenkins1-0/+3
2017-04-05Merge "Disable core dump for setuid programs"Jenkins1-0/+12
2017-04-05Merge "Add params to tweak memory limit on mongodb"Jenkins1-0/+3
2017-04-04Merge "Purge initial firewall for deployed-server's"Jenkins1-0/+6
2017-04-04Merge "Add ceilometer ipmi agent"Jenkins1-0/+3
2017-04-03Add params to tweak memory limit on mongodbPradeep Kilambi1-0/+3
The puppet-tripleo change was added in Ie9391aa39532507c5de8dd668a70d5b66e17c891. Closes-bug: #1656558 Change-Id: Ibe2e4be5b5dc953d8d4b14f680a460409db95585
2017-04-03Purge initial firewall for deployed-server'sJames Slagle1-0/+6
We need to purge the initial firewall for deployed-server's, otherwise if you have a default REJECT rule, the pacemaker cluster will fail to initialize. This matches the behavior done when using images, see: Iddc21316a1a3d42a1a43cbb4b9c178adba8f8db3 I0dee5ff045fbfe7b55d078583e16b107eec534aa Change-Id: Ia83d17b609e4f737074482a980689cc57c3ad911 Closes-Bug: #1679234
2017-04-03Merge "Qpid dispatch router composable role"Jenkins1-0/+8
2017-03-31Set auth flag so ceilometer auth is enabledPradeep Kilambi1-0/+5
Ceilometer Auth should be enabled even if ceilometer api is not. Lets decouple these, this flag will be used in puppet-tripleo where ceilometer::keystone::auth class is initialized. Change-Id: Iffebd40752eafb1d30b5962da8b5624fb9df7d48 Closes-bug: #1677354
2017-03-30Merge "Re-Add bigswitch agent support"Jenkins1-0/+5
2017-03-30Add l2gw neutron service plugin supportPeng Liu1-0/+3
L2 Gateway (L2GW) is an API framework for OpenStack that offers bridging two or more networks together to make them look at a single broadcast domain. This patch implements the l2gw neutron service plugin support part in t-h-t. Change-Id: I1b52dc2c11a15698e43b6deeac6cadeeba1802d5 Depends-On: I01a8afdc51b2a077be1bbc7855892f68756e1fd3 Partially-Implements: blueprint l2gw-service-integration Signed-off-by: Peng Liu <pliu@redhat.com>
2017-03-30Merge "Include panko in the default dispatcher"Jenkins1-0/+4
2017-03-30Merge "Allow to configure policy.json for OpenStack projects"Jenkins1-0/+13
2017-03-29Add ceilometer ipmi agentPradeep Kilambi1-0/+3
Closes-Bug: #1662679 Change-Id: I3446d59b89d43859caedd2be4583099374944379
2017-03-29Qpid dispatch router composable roleJohn Eckersberg1-0/+8
Note: since it replaces rabbitmq, in order to aim for the smallest amount of changes the service_name is called 'rabbitmq' so all the other services do not need additional logic to use qdr. Depends-On: Idecbbabdd4f06a37ff0cfb34dc23732b1176a608 Change-Id: I27f01d2570fa32de91ffe1991dc873cdf2293dbc
2017-03-29Merge "Modify pci_passthrough hiera value as string"Jenkins1-0/+4
2017-03-28Allow to configure policy.json for OpenStack projectsEmilien Macchi1-0/+13
For both containers and classic deployments, allow to configure policy.json for all OpenStack APIs with new parameters (hash, empty by default). Example of new parameter: NovaApiPolicies. See environments/nova-api-policy.yaml for how the feature can be used. Note: use it with extreme caution. Partial-implement: blueprint modify-policy-json Change-Id: I1144f339da3836c3e8c8ae4e5567afc4d1a83e95
2017-03-28Include panko in the default dispatcherPradeep Kilambi1-0/+4
panko is enabled by default, we might as well make it the default dispatcher along with gnocchi. Closes-bug: #1676900 Change-Id: Icb6c98ed0810724e4445d78f3d34d8b71db826ae
2017-03-28Modify pci_passthrough hiera value as stringSaravanan KR1-0/+4
Hiera value of nova::compute::pci_passthrough should be a string. It has been modified to JSON with the heira hook changes. Modifying it again back to string. Closes-Bug: #1675036 Change-Id: I441907ff313ecc5b7b4da562c6be195687fc6c76
2017-03-28Disable core dump for setuid programszshi1-0/+12
The core dump of a setuid program is more likely to contain sensitive data, as the program itself runs with greater privileges than the user who initiated execution of the program. Disabling the ability for any setuid program to write a core file decreases the risk of unauthorized access of such data. This change sets core dump for setuid programs to '0'. Change-Id: Ib05d993c1bb59b59c784e438f805733f636c743d Signed-off-by: zshi <zshi@redhat.com>
2017-03-28Merge "Restrict Access to Kernel Message Buffer"Jenkins1-0/+11
2017-03-25Merge "Fixes missing firewall rules for neutron_ovs_dpdk_agent service"Jenkins1-0/+5
2017-03-25Merge "Install openstack-selinux for deployed-server"Jenkins1-0/+6
2017-03-25Merge "Fix usage of CinderNfsServers"Jenkins1-0/+6
2017-03-23Fixes OpenDaylightProviderMappings hiera parsingTim Rozet1-0/+4
The str_replace conversion used previously is no longer needed and breaks the hieradata value. Closes-Bug: 1675426 Change-Id: I7a052d1757efe36daf6ed47e55598ca3c2ee9055 Signed-off-by: Tim Rozet <trozet@redhat.com>
2017-03-23Fix usage of CinderNfsServersChristian Schwede1-0/+6
This feature stopped working somewhere along the lines. In the past it was working with parameter_defaults like this: CinderNfsServers: '10.0.0.254:/srv/nfs/cinder' or CinderNfsServers: "[fd00:fd00:fd00:3000::1]:/srv/nfs/cinder" The problem was that the templating escaped these strings, and puppet-tripleo didn't receive a proper array, but a string. This patch fixes this. It accepts strings as above as well as comma-delimited lists of Nfs Servers. Closes-Bug: 1671153 Change-Id: I89439c1d969e92cb8e0503de561e22409deafdfc
2017-03-22Install openstack-selinux for deployed-serverJames Slagle1-0/+6
No other packages actually require openstack-selinux, so it must be explicity installed. Change-Id: Ic7b39ddfc4cfb28b8a08e9b02043211e4ca4a39a Closes-Bug: #1675170
2017-03-22Fixes missing firewall rules for neutron_ovs_dpdk_agent serviceTim Rozet1-0/+5
Firewall config was being inherited by the dpdk service, however since the firewall service name was the parent (neutron_ovs_agent) and technically that service was not enabled - the rules were never applied. This modifies the service name as it is inherited using map_replace. Closes-Bug: 1674689 Change-Id: I6676205b8fc1fd578cb2435ad97fe577a9e81d95 Signed-off-by: Tim Rozet <trozet@redhat.com>
2017-03-22Merge "Enables OpenDaylight clustering in HA deployments"Jenkins1-0/+5
2017-03-22Restrict Access to Kernel Message Bufferzshi1-0/+11
Unprivileged access to the kernel syslog can expose sensitive kernel address information. Change-Id: If40f1b883dfde6c7870bf9c463753d037867c9e2 Signed-off-by: zshi <zshi@redhat.com>
2017-03-20Enables OpenDaylight clustering in HA deploymentsTim Rozet1-0/+5
Port 2550 is required for inter-ODL communication when clustering. odl-jolokia feature is required to expose REST APIs from ODL for monitoring the cluster. Implements: blueprint opendaylight-ha Depends-On: Ic9a955a1c2afc040b2f9c6fb86573c04a60f9f31 Change-Id: Ie108ab75cce0cb7d89e72637c600e30fc241d186 Signed-off-by: Tim Rozet <trozet@redhat.com>
2017-03-17Re-Add bigswitch agent supportAlex Schultz1-0/+5
The agent configuration was lost in newton during the puppet-tripleo and THT role conversion. This change adds support for including the bigswitch agent service for composable roles. Change-Id: I46896389e48cdbe2864bf5b609a786f1c84ef908 Closes-Bug: #1673126
2017-03-16Merge "Added release note for NeutronExternalNetworkBridge deprecation"Jenkins1-0/+10
2017-03-15etcd: secure EtcdInitialClusterToken parameterEmilien Macchi1-0/+6
Secure EtcdInitialClusterToken parameter by: * removing the default value. * make it hidden. Change-Id: I938af697f9faaadb9c9aeb950e9410db24b1b961 Depends-On: I6e30cce469736e84a3c483fafa29d542b8347ba9 Closes-Bug: #1673266
2017-03-14Switch keystone default provider to fernetJuan Antonio Osorio Robles1-0/+6
UUID is to be deprecated, and we should be using fernet. Change-Id: I61b999e65ba5eb771776344d38eb90fc52d49d56
2017-03-13Merge "gnocchi: deploy services with Keystone v3 endpoints"Jenkins1-0/+4
2017-03-13gnocchi: deploy services with Keystone v3 endpointsEmilien Macchi1-0/+4
* Move swift_authurl to gnocchi-base hieradata, where other swift auth credentials live and switch it to versionless keystone endpoint. * Force swift_auth_version to 3 for Keystone v3. * Switch auth_uri to use versionless Keystone endpoint. * Switch auth_url to use Keystone admin endpoint (instead of internal). * Remove old parameters from gnocchi::api, not used anymore. Partial-blueprint: keystone-v3 Change-Id: I2feed8b1219069128faa1a1e8dcd2ddfbae7e40a
2017-03-13Merge "Remove ha-by-default release note"Jenkins1-5/+0
2017-03-11Merge "Add BGPVPN composable service"Jenkins1-0/+3
2017-03-10Remove ha-by-default release noteBen Nemec1-5/+0
This has not landed yet but was accidentally release noted for Ocata. The release note should land with the patch that actually makes the change: I0f61016df6a9f07971c5eab51cc9674a1458c66f Change-Id: I7d68899a5892e219b73007b18ab42e06196ae07a
2017-03-10Add BGPVPN composable serviceRicardo Noriega1-0/+3
This project aims at supporting inter-connection between L3VPNs and Neutron resources, i.e. Networks, Routers and Ports. Partially-Implements: blueprint bgpvpn-service-integration Depends-On:I7c1686693a29cc1985f009bd7a3c268c0e211876 Change-Id: I576c9ac2b443dbb6886824b3da457dcc4f87b442 Signed-off-by: Ricardo Noriega <rnoriega@redhat.com>
2017-03-09Pass hieradata relevant for httpd in the Heat APIsJuan Antonio Osorio Robles1-0/+6
The patch this depends on passes through the classes some parameters that are meant to be passed via t-h-t. This patch addresses these and other things required for deploying these services over httpd: * Set the number of workers taking care not to set this value to 0. * Add the apache base hieradata to the service profiles. * Set the servernames and other httpd-specific values. bp tls-via-certmonger Change-Id: I88e5ea7b9bbf35ae03f84fdc3ec76ae09f11a1b6 Depends-On: I23971b0164468e67c9b3577772af84bd947e16f1
2017-03-08sahara: configure keystone_authtoken parametersEmilien Macchi1-0/+4
Configure keystone_authtoken for Sahara service. Change-Id: I045b7d1d52851ab0d532a8524fcea95705e3db78 Partial-implement: blueprint keystone-v3
2017-03-06Merge "Make neutron dhcp agents per network conditional"Jenkins1-0/+8
2017-03-01Add plan-environment.yamlAna Krivokapic1-0/+2
This file is needed for plan import and export features. We want to enable the user to store the selection of environment options, so that it can be re-imported, and it does not have to be perfmed manually multiple times. The plan create workflow will look into the Swift container for this file, and import its contents into the Mistral environment. Conversely, plan export will create this file from the Mistral environment contents, so that it can later be re-imported. For more information, see the related blueprint, and the spec at https://specs.openstack.org/openstack/tripleo-specs/specs/ocata/gui-plan-import-export.html Partially implements: blueprint enhance-plan-creation-with-plan-environment Change-Id: I95e3e3a25104623d6fcf38e99403cebbd591b92d
2017-02-28Make neutron dhcp agents per network conditionalBrent Eagles1-0/+8
While the heat templates specify a default value of 3, it rarely seems to have an effect as the tripleoclient is setting this according to the controller scale. This was fine before composable roles, but it is now invalid. While the client needs to be modified to no longer set this according to controller scale, the template should default to a sentinel value that will allow the puppet code to determine the proper value by the number of hosts that have the neutron dhcp agent deployed on them. Depends-On: I5533e42c5ba9f72cc70d80489a07e30ee2341198 Partial-bug: #1632721 Change-Id: I06628764c4769d91bbc42efe1c722702d6574d02
2017-02-26Add VPP composable serviceFeng Pan1-0/+6
Vector Packet Processing (VPP) is a high performance packet processing stack that runs in user space in Linux. VPP is used as an alternative to kernel networking stack for accelerated network data path. This patch adds VPP as a composable service. Note that NIC binding related configs for VPP are handled in os-net-config. Depends-on: I70a68a204a8b9d533fc2fa4fc33c39c3b1c366bf Change-Id: I5e4b1903dc87cb16259eeb05db585678acadbc6b Implements: blueprint fdio-integration-tripleo
2017-02-24Added release note for NeutronExternalNetworkBridge deprecationIhar Hrachyshka1-0/+10
The previous patch [1] that changed the default value for the parameter and that also deprecated the parameter missed a release note. This change fixes the mistake. [1] Iade7fbaf92c8c601227f4456a15ea3f13a907ee2 Change-Id: I72f6f7e50d729734ae6d61191f788ae2aed15145
2017-02-23Merge "Add release notes for Manila/CephFS with managed Ceph"Jenkins1-0/+11
2017-02-23Merge "Add missing releasenotes for Swift ring management"Jenkins1-0/+9