Rocky Series Release Notes

updated: 2018-10-29 23:10

Rocky Series Release Notes

9.4.0

Bug Fixes

  • Fixes and issue where the PXE filter in ironic-inspectors DHCP server may become out of sync with the ironic-inspector service. Bug 1780421.

9.3.0

Bug Fixes

  • Set the connect_timeout to 60s for mysql connections. This helps fix an issue where undercloud services lose the mysql connection if it takes more than 10s to complete (eg under high load).
  • Enforce a restart of rsyslog after installing Swift rpms. Otherwise all Swift logs end up in /var/log/messages instead of /var/log/swift/swift.log

9.1.0

New Features

  • Introduce docker_insecure_registries that is an array of host/port combiniations of docker insecure registries. The default value will be the previous parameter that were hardcoded, but now we can easily override it in undercloud.conf.

Deprecation Notes

  • auth_uri is depreacted and will be removed in a future release. Please, use www_authenticate_uri instead.
  • instack-undercloud is deprecated in Rocky cycle and is replaced by the containerized undercloud efforts in python-tripleoclient.

9.0.0

New Features

  • The undercloud now uses the baremetal neutron ML2 mechanism driver, and the l2 agent ironic-neutron-agent. This enables the possibility to use neutron routed networks in the undercloud.

Upgrade Notes

  • During an upgrade to this release, a migration of all nodes from classic drivers to hardware types will be attempted. For some nodes it may result in non-supported optional interfaces (like “agent” RAID or shellinabox console) to be reset to their no-op implementations (like “no-raid” RAID or “no-console” console). Nodes that cannot be upgraded will be skipped. Manual upgrade will be required, since the classic drivers may be removed in the Rocky release.

Security Issues

  • TLS is now used by default for the public endpoints. This is done through the generate_service_certificates option, which now defaults to ‘True’.
  • Restrict memcached service to TCP and localhost network (CVE-2018-1000115).

Bug Fixes

  • The user-provided certificate (via the undercloud_service_certificate option) now takes precedence over the autogenerated certificate (which is created via the generate_service_certificate option)
  • Using the dnsmasq PXE filter for inspection fixes bug
updated: 2018-10-29 23:10
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.

found an error? report a bug questions?