--- prelude: > 6.0.0 is the final release for Ocata. It's the first release where release notes are added. features: - Fujitsu Neutron plugin for FOS support. Users can deploy Neutron with this plugin by using environments/neutron-ml2-fujitsu-fossw.yaml environment file. - Expose InstanceDiscoveryMethod parameter to configure Ceilometer method used to discover instances running on compute node. Default value to 'libvirt_metadata'. Allowed values are 'naive', 'libvirt_metadata' and 'workload_partitioning'. - Make ServiceNetMap support custom network names. Note that operators will still be expected to pass any ServiceNetMap overrides with the "new" network name, e.g whatever NetName specifies, otherwise environment files could get very confusing. - Nova Placement API support. As this new service is required, deploy it by default in WSGI with Apache, like other API services. - Cinder pass-through iSER backend support. - etcd composable services, used by networking-vpp ML2 driver as the messaging mechanism. - Allow to configure cron parameters for Cinder, Heat, Keystone and Nova crontabs. - Export NovaDefaultFloatingPool parameter to configure the default pool of floating IP addressed available. Default to 'public' for backward compatibility. - Bump Heat Templates to 'ocata' version, to match Heat requirements. - Configure OVS agent firewall driver only if NeutronOVSFirewallDriver is set. - Expose RbdDefaultFeatures parameter to configure the default features enabled when creating a block device image. Only applies to format '2' images. Set to '1' for Jewel clients using older Ceph servers. - Cinder HPELeftHandISCSIDriver backend support. - Pacemaker stopped to manage Ceilometer, Cinder API, Cinder Scheduler, MongoDB, Glance, Gnocchi, Heat, Apache, Memcached, Neutron, Nova and Sahara. - Ceph MDS service support. Service can be enable with environments/services/ceph-mds.yaml environment file. - Expose HeatConvergenceEngine and HeatMaxResourcesPerStack parameters to configure Heat. - Add pre-network hook and example showing config-then-reboot. - Expose LibvirtEnabledPerfEvents parameter in Nova Compute service. Default to an empty array. This is a performance event list which could be used as monitor. - Increase libvirt/qemu.conf max_files to 32768 and max_processes to 131072. - Split OVN northd and ml2 plugin, so we can deploy OVNDBs and Northd services on different nodes. - Add hook to generate metadata from service profiles. This is useful for nova vendordata plugins that can parse said metadata. - Expose EventPipelinePublishers to Ceilometer and set the default to 'notifier://?topic=alarm.all'. - Add Panko service support. This service is not enabled by default. Use environments/services/enable-panko.yaml to include it in your deployment. - Add EC2-API composable service support. - Allow dnsmasq_dns_servers to be configured for Neutron DHCP Agent with a new parameter (NeutronDhcpAgentDnsmasqDnsServers, default to []). - Add support for Ceph RBD mirroring daemon managed by Pacemaker. - Add deployed server bootstrap for RHEL. - Configure VNC Server listen address on internal_api network by default. - Support for Cinder Dell EMC PS Series. - Support for Cinder Dell EMC EMC Storage Center. - Support for Octavia composable services for LBaaS with Neutron. - Support for Collectd composable services for performance monitoring. - Support for Tacker composable service for VNF management. - Add the plan-environment.yaml file which will facilitate deployment plan import and export. upgrade: - Update OpenDaylight deployment to use networking-odl v2 as a mechanism driver. - Update Contrail composable services. deprecations: - Glance Registry service has been removed and Glance API v2 is now deploy by default. Glance API v1 is not supported anymore in TripleO. - Remove CeilometerStoreEvents parameter, which has been removed in Ceilometer. - Ceilometer API service is deprecated and will be removed in a future release. If you would like to disable it, use environments/services/disable-ceilometer-api.yaml environment file. - Removes deprecated OpenDaylight L2 only deployments. Deploying ODL without L3 DVR is no longer supported. security: - Enable management of 'DISALLOW_IFRAME_EMBED' in Horizon configuration to prevent dashboard being embedded within an iframe and exposed to Cross-Frame Scripting (XFS) vulnerability on legacy browsers. - Enable management of 'ENFORCE_PASSWORD_CHECK' in Horizons configuration to display an Admin Password field on the Change Password form to verify that it is indeed the admin logged-in who wants to change the password. - Enable management of 'DISABLE_PASSWORD_REVEAL' in Horizon, to remove the password reveal option. - Enable 'SECURE_PROXY_SSL_HEADER' option in Horizons configuration to take X-Forwarded-Proto header into account when forming URLs. - Enable management of ENFORCE_PASSWORD_CHECK value. By setting 'ENFORCE_PASSWORD_CHECK' to 'True' within Horizons local_settings.py, it displays an ‘Admin Password’ field on the “Change Password” form to verify that it is the admin logged-in that wants to perform the password change. - Enable management of Horizons Password Validation. Enables injection of an operators own password validation regex via a heat template. - Enable management of '/etc/issue Banner' whereby an operator can populate their own Banner warning text to be displayed upon terminal login. - Enable management of auditd system. '/etc/audit/audit.rules' can now be populated by means of a heat template. fixes: - Fixes `bug 1645898 `__ so epmd is binded on the right address, where RabbitMQ is listening too. - Fixes `bug 1652184 `__ so swap partitions can be handled from an environment file thanks to AllNodesExtraConfig. - Add retry to RHEL registration, useful when having network outages during registration. - Fixes `bug 1651476 `__ so firewall rules are created for Opendaylight API service. - Fixes `bug 1643487 `__ to prevent source address from binding to a VIP for database connection. - Fixes `bug 1649836 `__ to configure DPDK options to isolate PMD cores and ovs process cores. - Fixes `bug 1662344 `__ by stopping to set bind_address on nova db uri. This reverts the changes in https://review.openstack.org/414629 for nova as they are incompatible with cell_v2. This is a temporary fix for HA while a long-term solution is developed.