aboutsummaryrefslogtreecommitdiffstats
path: root/releasenotes
AgeCommit message (Collapse)AuthorFilesLines
2017-11-13Set keystone notification topics if ceilometer is enabledJuan Antonio Osorio Robles1-0/+5
This sets the keystone notification topics only if ceilometer is enabled. This mitigates the issue of keystone sending notifications when nobody is receiving them. Closes-Bug: #1729293 Depends-On: I4dcce73446633c08ea37ba567610eec398094036 Change-Id: I063af5e642388acc180cb8e728481c5a36cc8ddc (cherry picked from commit 4adb82d03ddd72191bb379f277374a0a5720bbc4)
2017-11-11Disable live migration over TLSJuan Antonio Osorio Robles1-0/+6
Due to the fact that it doesn't use a separate CA (or sub CA) for libvirtd, and that proper SASL is not being used. We are disabling this option since it doesn't meet the appropriate security requirements. We'll look into adding this back once these issues get fixed. Change-Id: I6a5e4db1b6dd6bc8b7e73e53b614b070d15b8a23 Closes-Bug: #1730370 (cherry picked from commit 645757cbd6bdb1a1b75cb4aa8acce80a178099ce)
2017-11-10Configure docker0 bridge addressMartin André1-0/+7
This was previously conflicting with the InternalApiNetCidr value in environments/network-environment.yaml. Change-Id: I3f1cb6f056fb19a1ba93d1076191abe7aca4fa21 Depends-On: Ie803b33c93b931f7fefb87b6833eb22fd59cd92d Closes-Bug: #1726773 (cherry picked from commit 509209a29be1ac3e72d6ea97eaf328760693daaf)
2017-11-05Merge "RHSM: when using proxy, test its connectivity first" into stable/pikeZuul1-0/+5
2017-11-03Merge "Upgrade rhel_reg_sat_repo to 6.2" into stable/pikeZuul1-0/+5
2017-11-02RHSM: when using proxy, test its connectivity firstEmilien Macchi1-0/+5
When using RHSM with a proxy, we want to make sure the proxy can be reached. This patch verify that a tcp socket can be open from the client to the proxy. This patch also does a bit of refactoring: - --retry-delay 10 --max-time 30 is now used in a parameter everytime we use curl. - proxy options are now used everytime curl is used, even for detecting which version of Satellite is running, now we use proxy options. Co-Authored-By: Vincent S. Cojot <vincent@cojot.name> Change-Id: I4dcac1528c10f698338383445e27c8a613f9bcd9 Closes-Bug: #1724970 (cherry picked from commit f4e46f4b3ddac3f536a3a1955c91447e8b26ffca)
2017-11-02Upgrade rhel_reg_sat_repo to 6.2Emilien Macchi1-0/+5
When deploying with RHSM, sat-tools 6.2 will be installed instead of 6.1. The new version is supported by RHEL 7.4 and provides katello-agent package. Change-Id: I04a9feab02bf606ad6ca923a17947dcca30258da Closes-Bug: #1728638 (cherry picked from commit b248ae1447940f81513be9904a24197bd4af1126)
2017-10-30Update CephPools format in the docker templates to fit ceph-ansibleGiulio Fidente1-0/+17
The format which ceph-ansible uses to describe the list of pools to be created in the cluster is different from the one which puppet-ceph uses; this commit updates the description and the the docker templates accordingly. Change-Id: I1e5b2c3cbf6ae02c19a2275ca119fed6e173319d Closes-Bug: #1720373 (cherry picked from commit c10aa7a0439fb7d8e8e964e75d73f3cbb54aa9ec)
2017-10-24Merge "Support for Satellite Capsule in rhel-registration" into stable/pikeZuul1-0/+7
2017-10-19Support for Satellite Capsule in rhel-registrationEmilien Macchi1-0/+7
For deployments running on RHEL with Satellite 6 (or beyond) with Capsule (Katello API enabled), the Katello API is available on 8443 port, so the previous API ping didn't work for this case. Capsule is now supported since we just check if katello-ca-consumer-latest rpm is available to tell that Satellite version is 6 or beyond. Closes-Bug: #1716777 Change-Id: If76763b367917fc15f609ad144679750602826eb (cherry picked from commit ad3ea5bb7a2ee2cb1ae6b1d21b2f0b5a177c9fc6)
2017-10-17Remove Heat Cloudwatch API during upgrade and disable by defaultmarios1-0/+15
This adds a heat-api-cloudwatch-disabled.yaml and wires it up in the resource registry. During the Ocata to Pike upgrade this service will thus be stopped and disabled by default. If you wish to keep the Heat Cloudwatch API then you should instead use the provided heat-api-cloudwatch.yaml environment file. Change-Id: I3f90a9799b90ca365f675f593371c1d3701fede6 Related-Bug: 1713531 (cherry picked from commit 4d21451666f2dd7a8935da3a7166a9afc2ccd6bd)
2017-10-16Merge "Fixes dynamic networks falling back to ctlplane" into stable/pikeZuul1-0/+5
2017-10-14Merge "Revert "Fixes heat resource name for Internal API Network"" into ↵Jenkins1-6/+0
stable/pike
2017-10-12Revert "Fixes heat resource name for Internal API Network"Tim Rozet1-6/+0
This reverts commit 520be6bb4056ead8e6fad08ad96e99f7da5b341e. This introduced a bug: https://bugzilla.redhat.com/show_bug.cgi?id=1501515 where during upgrade, the previous heat resource would for the InternalApi network would have the incorrect name "Internal" and the upgrade would try to delete the resource in order to create "InternalApi". This needs to be reverted and a proper fix will be submitted that accounts for this upgrade scenario. Related-Bug: #1718764 Change-Id: Id906fac421db317ce48d5cecfcd43397a0f4ab3d
2017-10-11Fixes dynamic networks falling back to ctlplaneTim Rozet1-0/+5
Currently when a network in network_data is disabled it no port definitions for that network will be created per role. This results in no fallback to the ctlplane IP because overriding a type in network-isolation to noop.yaml does nothing when the port does not exist for the role. This patch changes the IPs when a network is disabled to be the same IPs as ctlplane and fixes the issue, along with removing the need to use noop.yaml override for ports (non-vip). Closes-Bug: 1721542 Change-Id: I301370fbf47a71291614dd60e4c64adc7b5ebb42 Signed-off-by: Tim Rozet <trozet@redhat.com> (cherry picked from commit 9285cb5fc99331ca63ff09df59f26b6018bc781b)
2017-10-09Remove package if service stopped and disabledmarios1-0/+12
Adds a UpgradeRemoveUnusedPackages param to use in the ansible when conditional for the removal Adds package removal to step2 right after a service is stopped and disabled on step2. Package updates happen in step3 so ideally remove before that. The package removal task has ignore_errors true so dependencies or other issue removing packages will not fail the upgrade workflow. Also adds this to the upgrade environment files for visibility and defaulting false Change-Id: Ie4e4a2d41f7752c5a13507a7c15c6f68e203cfca Related-Bug: 1701501 (cherry picked from commit ce0ef2fa207698c1ae61c1620fe3c5e8d1c7bfca)
2017-10-07Merge "Fixes missing type for heat param TenantNetName" into stable/pikeJenkins1-0/+5
2017-10-07Fixes missing type for heat param TenantNetNameTim Rozet1-0/+5
Closes-Bug: 1720823 Change-Id: I239cc9f827fe99a553f9c18b80336bc6ce0b1d14 Signed-off-by: Tim Rozet <trozet@redhat.com> (cherry picked from commit ba5436099d37898e418406f8b4376923e14f4c89)
2017-10-04Fixes heat resource name for Internal API NetworkTim Rozet1-0/+6
With the dynamic Jinja2 rendering for networks, the heat resource for Internal API network was accidentally being renamed to: OS::TripleO::Network::Internal when it should be the same as previous versions: OS::TripleO::Network::InternalApi This patch removes the 'compat_name' which was overriding the network name for rendering the resource. This patch also removes the compat_name functionality from the network/networks.j2.yaml file since it is no longer needed. Closes-Bug: 1718764 Change-Id: If756cddd91933edb303cc056515d98b941a3eb14 Signed-off-by: Tim Rozet <trozet@redhat.com> (cherry picked from commit 97244b942d29d2b5acd7a3eb07acdba0d9b99677)
2017-09-25Fixes missing keystone authtoken pw for TackerTim Rozet1-0/+4
Closes-Bug: 1718997 Change-Id: I2b347cbc4595e6651b0d4be032cb862fde72e15f Signed-off-by: Tim Rozet <trozet@redhat.com> (cherry picked from commit 253d9b9107aa158af5bcdafe510ecd96658ef137)
2017-09-25Merge "Rename service_workflow_tasks into workflow_tasks" into stable/pikeJenkins1-0/+0
2017-09-20Adds post_upgrade_tasks for any service post-upgrade ansible tasksmarios1-0/+12
This adds a new config/deployment per role that will come after any post deploy steps. It drives the same ansible config as the upgrade_tasks but instead collects the post_upgrade_tasks for any service in the given role. The workflow is upgrade_tasks, then post deploy steps (either puppet/ or docker/ depending on the env) and then the post_upgrade_tasks added here. This is added to the pacemaker/cinder-volume.yaml service for now see the bug below for more info Change-Id: Iced34fecf02ebddc91df9302de54d2f4c2cab680 Closes-Bug: 1706951 (cherry picked from commit 2e182bffeeb099cb5e0b1747086fb0e0f57b7b5d)
2017-09-14Rename service_workflow_tasks into workflow_tasksGiulio Fidente1-0/+0
Using the service_ prefix seems incoherent with its use in service_config_settings (vs config_settings). Change-Id: Ia39f181415bee0071409dabddfa0c5c312915e1f (cherry picked from commit 09137304b98a02ed024c0288da907cfe35ca5fe1)
2017-09-12Merge "Fixes OpenDaylight updating port status" into stable/pikeJenkins1-0/+6
2017-09-12Merge "Persist containerized services httpd logs" into stable/pikeJenkins1-0/+11
2017-09-11Persist containerized services httpd logsBogdan Dobrelya1-0/+11
Store the httpd logs under dedicated /var/log/containers/httpd/ paths. Additionally, add release notes describing upgrade impact for containerized services logs. Closes-bug: #1700045 Change-Id: I8120c56f2315700862bd0f708b8baa8910275b09 Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com> (cherry picked from commit 287e84585ca9170570ce8d06eebd7f9a3ec3345c)
2017-09-08Disables QoS with OpenDaylight deploymentsItzik Brown1-0/+4
QoS is not fully supported and fails to load correctly with networking-odl. Therefore disabling it from Neutron extension drivers until we have it fully working. Change-Id: I89aa3628c1400305f9659f5c0c99942a7fa7d19e Closes-Bug: 1708131 (cherry picked from commit cfd0d185a93ac2922e233e268a32c3574bee37bf)
2017-09-08Fixes OpenDaylight updating port statusTim Rozet1-0/+6
ODL now uses a websocket port to update the port status to Neutron. This port (8185) was blocked so port updates were never received in Neutron and instances would not come up properly. This patch opens the port for ODL deployments. Closes-Bug: 1715484 Change-Id: Ic59b224c67c02b56b0273700e8e2aa85ae6f8c88 Signed-off-by: Tim Rozet <trozet@redhat.com> (cherry picked from commit e2558c4a665345e67fcc784c21188bdf06ff1126)
2017-09-07Merge "Support HA for OVN DBs containers using pacemaker bundle" into ↵Jenkins1-0/+1
stable/pike
2017-09-06Add param to configure snat mechanismJanki Chhatbar1-0/+5
Add a parameter to configure SNAT mechanism in OpenDayLight defaulting to conntrack for OVS and defaulting to controller mechanism for OVS-DPDK Change-Id: I48c6f07de55cb2574cc3a7e9653b812f875df726 Closes-Bug: #1710614 (cherry picked from commit 9a450a8e505b5d7ccef7e5e7675573da2a4cd42c)
2017-09-06Merge "Add support for Dell EMC Isilon Manila backend" into stable/pikeJenkins1-0/+4
2017-09-06Merge "Add support for Dell EMC VMAX Manila Backend" into stable/pikeJenkins1-0/+4
2017-09-05Add support for Dell EMC Isilon Manila backendrajinir1-0/+4
This change adds support for manila::backend::dellemc_isilon Change-Id: I92592e4b717d4b1812ccd810ec1daaedd181c3dd Implements: blueprint dellemc-isilon-manila (cherry picked from commit f6c9906d51fb3268b7a7d61d53181ab5d3c0d2ec)
2017-09-05Add support for Dell EMC VMAX Manila Backendrajinir1-0/+4
This change adds support for manila::backend::dellemc_vmax Change-Id: I92e189c8741c496ef6c27130f73829c327a99f1b Implements: blueprint dellemc-vmax-manila (cherry picked from commit 04daabdc8414e4435dc4cd3ccfea9a62b5631261)
2017-09-05manila: set "neutron_admin_auth_url" correctlyTom Barron1-0/+4
It was being set using NeutronAdmin endpoint but it is an authorization url. Set it using KeystoneInternal endpoint. Change-Id: I23f4a895628ac909a1fe1f93cecefa84f25858b1 Closes-Bug: #1712908 (cherry picked from commit 7380183cf590b74f5ad84bb40a8afa08979c235b)
2017-09-02Add support for Dell EMC VMAX ISCSI Backendrajinir1-0/+4
This change adds a new define for cinder::backend::dellemc_vmax_iscsi Change-Id: I7c685e0a3186da138964f17b487fb0c3533f58c7 Implements: blueprint dellemc-vmax-isci (cherry picked from commit c77189905525c6fe834e001f2231b9eab788cd01)
2017-09-01Remove ipv6 specific network templatesDan Sneddon1-0/+10
This change renders the IPv6 versions of the isolated networks using j2. To allow for backward compatibility, there will be 2 versions of the network definitions, <network>.yaml and <network>_v6.yaml. If the ip_subnet contains an IPv6 address, or if ipv6: true is set on the network definition in network_data.yaml, then the <network>.yaml version will contain an IPv6 definition, otherwise the <network>.yaml will be IPv4, and the <network>_v6.yaml will be IPv6. In a future follow-up patch, we will probably only create the required versions of the networks, either IPv4, IPv6, not both. The ipv6_subnet, ipv6_allocation_pools, and ipv6_gateway settings in the network_data.yaml definition file are used for the <network>_v6.yaml network definition. Note that these subnet/cidr/gateway definitions only set the defaults, which can be overridden with parameters set in an environment file. Since the parameters for IP and subnet range are the same (e.g. InternalApiNetCidr applies to both IPv4/v6), only one version can be used at a time. If an operator wishes to use dual-stack IPv4/IPv6, then two different networks should be created, and both networks can be applied to a single interface. Note that the workflow for the operator is the same as before this change, but a new example template has been added to environments/network-environment-v6.yaml. Change-Id: I0e674e4b1e43786717ae6416571dde3a0e11a5cc Partially-Implements: blueprint composable-networks Closes-bug: 1714115 (cherry picked from commit dd299f08bd6b1df43760148d83ce9b6e09ba6572)
2017-08-31Support HA for OVN DBs containers using pacemaker bundleNuman Siddique1-0/+1
ovn-dbs pacemaker bundle resources are created for supporting Master/Slave HA. puppet-tripleo already supports creating ovn-dbs bundle resources. The heat template added in this patch makes use of this. Closes-bug: #1699085 Change-Id: I23c2d312cfb144f9afc14f0982a92670dc29d74c (cherry picked from commit 444a39f5983e71e3222b6b7f8f523fce60aeece7)
2017-08-31Merge "Add support for Dell EMC VNX Manila Backend" into stable/pikeJenkins1-0/+4
2017-08-31Merge "Add support for Dell EMC Unity Manila Backend" into stable/pikeJenkins1-0/+3
2017-08-31Merge "Change ManageEventPipeline to true" into stable/pikeJenkins1-0/+6
2017-08-30Add support for Dell EMC VNX Manila Backendrajinir1-0/+4
This change adds support for manila::backend::dellemc_vnx Change-Id: I5fa5c2d6956429d1b9c12a5af6d4a887ed0624d9 Implements: blueprint dellemc-vnx-manila (cherry picked from commit a3debcfa8b2cbb3acaba292e082b0a3b0ee8ef54)
2017-08-30Add support for Dell EMC Unity Manila Backendrajinir1-0/+3
This change adds support for manila::backend::dellemc_unity Change-Id: Idec67d190b12359e8e6f1c157577088fa84ef41d Implements: blueprint dellemc-unity-manila (cherry picked from commit c5ee7b7714c712807f33ca1645186d33103a2264)
2017-08-30Change ManageEventPipeline to truePradeep Kilambi1-0/+6
Since the event pipeline publisher defaults in the heat templates are different from what puppet sets. We need to have the Manage to true so override takes effect. Without this we keep defaulting back to puppet defaults. We can flip this back to false once panko:// is droppped as a supported option from the pipeline. Change-Id: I2248c165783dddfb4cb7cf5644884dd8f6e6ed63 (cherry picked from commit 941b5d6797ea54afbc7b822ee045ce1186627e7c)
2017-08-30Use Python to compute release notes versionEmilien Macchi1-2/+2
Leave the version fields blank, since the release notes document applies to all versions. That will avoid manual changes in the future like we did until now. Change-Id: Ibb33ade808c9866b5314b7dda60a44000089a467 (cherry picked from commit 4782394044a8f66de63db7772b7a5992a781cc57)
2017-08-30Merge "Support deploying OVN as container services" into stable/pikeJenkins1-0/+4
2017-08-29manila: set "host" to "hostgroup"Tom Barron1-0/+9
when running manila-share under control of pacemaker, as is done for cinder-volume service in the same circumstance. Change-Id: Ic97f01913bae2a388c962a38fa175eb1d763cdcb Depends-On: Ie31f2d5ccf458f5fcfe8bec5f2c37f45070cfde2 Closes-Bug: #1712842 (cherry picked from commit 8fa6c6e58c7ac0d32bf2f0dfb586683cf006e3bf)
2017-08-28Support deploying OVN as container servicesNuman Siddique1-0/+4
This patch adds the support to containerize OVN services for the base profile. OVN db servers do not support active-active mode yet. It does support master-slave mode supported through pacemaker, which will be supported in a later patch. Presently the tripleo container framework doesn't allow to start a container in only controller 0 (or bootstrap node). OVN db servers and ovn-northd are started on all the controllers, but only the OVN db servers running in the boot strap controller are configured to listen on the tcp ports 6641 and 6642. OVN neutron mechanism driver and ovn-controller's use the ovn_dbs_vip to connect to the OVN db servers. Haproxy configures all the controllers as back ends, but only OVN db servers running on controller 0 respond since only they are configured properly. The OVN containers running on other controller nodes do not interact any way, but are wasteful resources. This patch also adds the scenario007-multinode-containers CI template. Partial-bug: #1699085 Change-Id: I98b85191cc1fd8c2b166924044d704e79a4c4c8a (cherry picked from commit e7cd03d2f0fcd8e3069246ced94f1a83869b8bea)
2017-08-25Containarise Barbican APIJanki Chhatbar1-0/+4
This containerises Barbican API in TripleO Change-Id: Icc5e9841ea48c806af4db61cd6de5e9a7a40a988 Partial-Bug: 1668924 Depends-On: I6b5ec18ccdd51b90ff27ff7d4341260dfba71e4e (cherry picked from commit 6d338b809accea4d3ba09ca8363b1a97ed79b658)
2017-08-22Zaqar: Match service name with service-net-mapJuan Antonio Osorio Robles1-0/+6
This is required for t-h-t to generate the appropriate hieradata. Change-Id: I9b451eac4427a52ad8eec62ff89acc6c6d3ab799 Closes-Bug: #1712328