aboutsummaryrefslogtreecommitdiffstats
path: root/releasenotes/notes
AgeCommit message (Collapse)AuthorFilesLines
2017-04-21Merge "SSHD Service extensions"Jenkins1-0/+5
2017-04-20Merge "Add all hosts to HostsEntry output"Jenkins1-0/+9
2017-04-20Merge "TLS-everywhere: Enable for TLS libvirt live migration"Jenkins1-0/+6
2017-04-20Run Zaqar with httpd in puppet serviceThomas Herve1-0/+3
This switches Zaqar to run with httpd when configured by puppet. Change-Id: I69b923dd76a60e9ec786cae886c137ba572ec906
2017-04-20Merge "Pluggable server type per Role"Jenkins1-0/+8
2017-04-20glance: deploy services with Keystone v3 endpointsEmilien Macchi1-0/+4
* Switch auth_uri to point to Keystone versionless endpoint. * Switch Swift auth url to use Keystone versionless endpoint and Keystone v3 API. Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Change-Id: I78cdd2286b5a5094f36d4f3c7c58340745664449 Partial-blueprint: keystone-v3
2017-04-19SSHD Service extensionsLuke Hinds1-0/+5
This change implements a MOTD message and provides a hash of sshd config options which are sourced to the puppet-ssh module as a hash. The SSHD puppet service is enabled by default, as it is required for Idb56acd1e1ecb5a5fd4d942969be428cc9cbe293. Also added the service to the CI roles. Change-Id: Ie2e01d93082509b8ede37297067eab03bb1ab06e Depends-On: I1d09530d69e42c0c36311789166554a889e46556 Closes-Bug: #1668543 Co-Authored-By: Oliver Walsh <owalsh@redhat.com>
2017-04-19TLS-everywhere: Enable for TLS libvirt live migrationJuan Antonio Osorio Robles1-0/+6
This relies on using the default paths for certs/keys used by libvirt and is only enabled if TLS-everywhere is enabled. bp tls-via-certmonger Depends-On: If18206d89460f6660a81aabc4ff8b97f1f99bba7 Depends-On: I0a1684397ebefaa8dc00237e0b7952e9296381fa Change-Id: I0538bbdd54fd0b82518585f4f270b4be684f0ec4
2017-04-19Merge "Add migration SSH tunneling support"Jenkins1-0/+14
2017-04-18Merge "SSH known_hosts config"Jenkins1-0/+4
2017-04-18Merge "Run token flush cron job hourly by default"Jenkins1-0/+7
2017-04-18Merge "Support for external swift proxy"Jenkins1-0/+5
2017-04-18Run token flush cron job hourly by defaultJuan Antonio Osorio Robles1-0/+7
Running this job once a day has proven problematic for large deployments as seen in the bug report. Setting it to run hourly would be an improvement to the current situation, as the flushes wouldn't need to process as much data. Note that this only affects people using UUID as the token provider. Change-Id: I462e4da2bfdbcba0403ecde5d613386938e2283a Related-Bug: #1649616
2017-04-18Support for external swift proxyLuca Lorenzetto1-0/+5
Users may have an external swift proxy already available (i.e. radosgw from already existing ceph, or hardware appliance implementing swift proxy). With this change user may specify an environment file that registers the specified urls as endpoint for the object-store service. The internal swift proxy is left as unconfigured. Change-Id: I5e6f0a50f26d4296565f0433f720bfb40c5d2109 Depends-On: Ia568c3a5723d8bd8c2c37dbba094fc8a83b9d67e
2017-04-17Add all hosts to HostsEntry outputJames Slagle1-0/+9
Previously only the VIPs and their associated hostnames were present in the HostsEntry output, due to the hosts_entries output on the hosts-config.yaml nested stack being empty. It was referencing an invalid attribute. Change-Id: Iec41926e27bdbf86eb30f230f904df1b7dbfa9c2 Closes-Bug: #1683517
2017-04-15Add migration SSH tunneling supportOliver Walsh1-0/+14
This enables nova cold migration. This also switches to SSH as the default transport for live-migration. The tripleo-common mistral action that generates passwords supplies the MigrationSshKey parameter that enables this. The TCP transport is no longer used for live-migration and the firewall port has been closed. Change-Id: I4e55a987c93673796525988a2e4cc264a6b5c24f Depends-On: I367757cbe8757d11943af7e41af620f9ce919a06 Depends-On: I9e7a1862911312ad942233ac8fc828f4e1be1dcf Depends-On: Iac1763761c652bed637cb7cf85bc12347b5fe7ec
2017-04-14Merge "Allow for update after RHEL registration"Jenkins1-0/+6
2017-04-13Merge "Add name and description fields to plan-environment.yaml"Jenkins1-0/+3
2017-04-13SSH known_hosts configOliver Walsh1-0/+4
Fetch the host public keys from each node, combine them all and write to the system-wide ssh known hosts. The alternative of disabling host key verification is vulnerable to a MITM attack. Change-Id: Ib572b5910720b1991812256e68c975f7fbe2239c
2017-04-13Pluggable server type per RoleJames Slagle1-0/+8
The server resource type, OS::TripleO::Server can now be mapped per role instead of globally. This allows users to mix baremetal (OS::Nova::Server) and deployed-server (OS::Heat::DeployedServer) server resources in the same deployment. blueprint pluggable-server-type-per-role Change-Id: Ib9e9abe2ba5103db221f0b485c46704b1e260dbf
2017-04-13Merge "Add tags to roles"Jenkins1-0/+18
2017-04-12Merge "Add IPv6 disable option"Jenkins1-0/+7
2017-04-12Add name and description fields to plan-environment.yamlAna Krivokapic1-0/+3
Change-Id: I99b96343742ee5c40d8786e26b2336427e225c82 Implements: blueprint update-plan-environment-yaml
2017-04-12Add tags to rolesAlex Schultz1-0/+18
Prior to Ocata, the Controller role was hardcoded for various lookups. When we switched to having the primary role name being dynamically pulled from the roles_data.yaml using the first role as the primary role as part of I36df7fa86c2ff40026d59f02248af529a4a81861, it introduced a regression for folks who had previously been using a custom roles file without the Controller being listed first. Instead of relying on the position of the role in the roles data, this change adds the concepts of tags to the role data that can be used when looking for specific functionality within the deployment process. If no roles are specified with this the tags indicating a 'primary' 'controller', it will fall back to using the first role listed in the roles data as the primary role. Change-Id: Id3377e7d7dcc88ba9a61ca9ef1fb669949714f65 Closes-Bug: #1677374
2017-04-11Add IPv6 disable optionzshi1-0/+7
This will give user the ability to set these values, if IPv6 is not to be used, it's recommended that it be disabled to reduce the attack surface of the system. Change-Id: Ib3142cce49b93a421ca142a59961ce49a77e66b1 Co-Authored-By: Luke Hinds <lhinds@redhat.com> Signed-off-by: zshi <zshi@redhat.com>
2017-04-10Add networking-vpp ML2 mechanism driver supportFeng Pan1-0/+3
Implements: blueprint fdio-integration-tripleo Change-Id: I412f7a887ca4b95bcf1314e8c54cb1e7d03b1e41 Signed-off-by: Feng Pan <fpan@redhat.com>
2017-04-10Replace references to the 192.0.2 networkGiulio Fidente1-0/+20
Following change I1393d65ffb20b1396ff068def237418958ed3289 the ctlplane network will be 192.168.24 by default and not 192.0.2 anymore. This change removes old references left to 192.0.2 network from the overcloud templates. Change-Id: I1986721d339887741038b6cd050a46171a4d8022
2017-04-10[ironic] expose default boot_option in configuration and change it to localDmitry Tantsur1-0/+12
Ironic is going to change the default boot_option from netboot to local in the near future. Let's be pro-active, and change it in advance. Users cano change it back via new IronicDefaultBootOption configuration. Partial-Bug: #1619339 Change-Id: Idddc2e384c6cd9a1595777090500bf04f230edd4
2017-04-07Merge "Add Docker service to all roles"Jenkins1-0/+5
2017-04-07Merge "Add support for "neutron" Ironic networking plugin"Jenkins1-0/+9
2017-04-07Allow for update after RHEL registrationAlex Schultz1-0/+6
Adds the ability to perform a yum update after performing the RHEL registration. Change-Id: Id84d156cd28413309981d5943242292a3a6fa807 Partial-Bug: #1640894
2017-04-07Add Docker service to all rolesJiri Stransky1-0/+5
This will add the Docker service to all roles. Note that currently by default the Docker service is mapped to OS::Heat::None by default. It will only be deployed if environments/docker.yaml file is included in the deployment. Change-Id: I9d8348b7b6576b94c872781bc89fecb42075cde0 Related-Bug: #1680395
2017-04-07Merge "ovn: Add missing configurations required"Jenkins1-0/+6
2017-04-06Merge "Add trigger to setup a LDAP backend as keystone domaine"Jenkins1-0/+5
2017-04-06Merge "Use the local collector to bootstrap deployed servers"Jenkins1-0/+10
2017-04-06Merge "Disable ceilometer API"Jenkins1-0/+4
2017-04-06Merge "Don't disable satellite repo after registration"Jenkins1-0/+6
2017-04-06Disable Manila CephFS snapshots by defaultJan Provaznik1-0/+5
Because CephFS Snapshots are still an experimental feature and also Manila Ceph driver has this feature disabled by default, it makes sense to not override this value by default. Change-Id: I3dacbd7a3c673d2f34998ee9f433889727c6a0f7
2017-04-06Add initial support for NSX pluginGary Kotton1-0/+3
Add the support for the VMware NSX plugin Co-Authored-By: Tong Liu <tongl@vmware.com> Change-Id: I3567cbb4ed8d6e5b2a3ea6b8cff6c7b8ed13b692
2017-04-06Merge "Add manual ovs upgrade script for workaround ovs upgrade issue"Jenkins1-0/+12
2017-04-06Merge "add configurable timeouts for DB sync"Jenkins1-0/+3
2017-04-06Merge "Add network sysctl tweaks for security"Jenkins2-0/+28
2017-04-06ovn: Add missing configurations requiredNuman Siddique1-0/+6
This patch adds - setting nova config param 'force_config_meta' to True as metadata service is not supported by OVN yet. - Add the necessary iptables rules to allow ovsdb-server traffic for Northbound and Southboud databases. - Update the release notes for OVN. Change-Id: If1a2d07d66e493781b74aab2fc9b76a6d58f3842 Closes-bug: #1670562
2017-04-06Add trigger to setup a LDAP backend as keystone domaineCyril Lopez1-0/+5
It is using a trigger tripleo::profile::base::keystone::ldap_backend_enable in puppet-tripleo who will call a define in puppet-keysone ldap_backend.pp. Given the following environment: parameter_defaults: KeystoneLDAPDomainEnable: true KeystoneLDAPBackendConfigs: tripleoldap: url: ldap://192.0.2.250 user: cn=openstack,ou=Users,dc=redhat,dc=example,dc=com password: Secrete suffix: dc=redhat,dc=example,dc=com user_tree_dn: ou=Users,dc=redhat,dc=example,dc=com user_filter: "(memberOf=cn=OSuser,ou=Groups,dc=redhat,dc=example,dc=com)" user_objectclass: person user_id_attribute: cn user_allow_create: false user_allow_update: false user_allow_delete: false ControllerExtraConfig: nova::keystone::authtoken::auth_version: v3 cinder::keystone::authtoken::auth_version: v3 It would then create a domain called tripleoldap with an LDAP configuration as defined by the hash. The parameters from the hash are defined by the keystone::ldap_backend resource in puppet-keystone. More backends can be added as more entries to that hash. This also enables multi-domain support for horizon. Closes-Bug: 1677603 Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Depends-On: I1593c6a33ed1a0ea51feda9dfb6e1690eaeac5db Change-Id: I6c815e4596d595bfa2a018127beaf21249a10643 Signed-off-by: Cyril Lopez <cylopez@redhat.com>
2017-04-05add configurable timeouts for DB syncMike Bayer1-0/+3
This patch integrates with the db_sync_timeout parameter recently added to puppet-nova and puppet-neutron in I6b30a4d9e3ca25d9a473e4eb614a8769fa4567e7, which allow for the full db_sync install to have more time than just Pupppet's default of 300 seconds. Ultimately, similar timeouts can be added for all other projects that feature db sync phases, however Nova and Neutron are currently the ones that are known to time out in some environments. Closes-bug: #1661100 Change-Id: Ic47439a0a774e3d74e844d43b58956da8d1887da
2017-04-05Merge "Add l2gw neutron service plugin support"Jenkins1-0/+3
2017-04-05Merge "Disable core dump for setuid programs"Jenkins1-0/+12
2017-04-05Allow configuring enabled hardware types for IronicDmitry Tantsur1-0/+9
This enabled ``ipmi`` hardware type with all defaults + support for socat-based nova-compatible serial console. Part of blueprint ironic-driver-composition Depends-On: Ie434609c62cf052ee169a0fac0db3200647a1af0 Change-Id: Iecead2d6581dff7a9cead58de6505567d7cd2402
2017-04-04Use the local collector to bootstrap deployed serversSteve Baker1-0/+10
os-collect-config is already configured to use json files in /var/lib/os-collect-config/local-data/ as a data source, so this can be used in the deployed-server get-occ-config.sh to copy in the required json to generate the required os-collect-config.conf. Co-Authored-By: James Slagle <jslagle@redhat.com> Closes-Bug: #1679705 Change-Id: Ibde9e6bf360277d4ff64f66d637a5c7f0360e754
2017-04-04Enables support for configuring Cinder with Pure StorageSimon Dodsley1-0/+3
FlashArray storage backend This adds the necessary parameters for: - Pure Storage FlashArray Block Storage driver configuration Change-Id: I5b5617dd57015c0944a2d0c60187b01ede09b480