Queens Series Release Notes¶
Deployers can set
openstack_hosts_centos_mirror_urlto use their preferred mirror for the RDO repositories.
Persistent systemd journals are now enabled. This allows deployers to keep older systemd journals on disk for review. The disk space requirements are extremely low since the journals are stored in binary format. The default location for persistent journals is in
Deployers can opt out of this change by setting
If you have overriden your
openstack_host_specific_kernel_modules, please remove its group matching, and move that override directly to the appropriate group.
Example, for an override like:
- name: "ebtables" pattern: "CONFIG_BRIDGE_NF_EBTABLES" group: "network_hosts"
You can create a file for the network_host group, inside its group vars folder
/etc/openstack_deploy/group_vars/network_hosts, with the content:
- name: "ebtables" pattern: "CONFIG_BRIDGE_NF_EBTABLES"
Any user that is coming from Pike or below on Ubuntu should modify its
user_external_repos_list, switching its ubuntu cloud archive repository from
state: absent. From now on, UCA will be defined with the filename
uca. If the deployer wants to use its mirror, he can still override the variable
uca_repoto point to its mirror. Alternatively, the deployer can completely define which repos to add and remove, ignoring our defaults, by overriding
net.bridge.bridge-nf-call-*kernel parameters were set to
0in previous releases to improve performance and it was left up to neutron to adjust these parameters when security groups are applied. This could cause situations where bridge traffic was not sent through iptables and this rendered security groups ineffective. This could allow unexpected ingress and egress traffic within the cloud.
These kernel parameters are now set to
1on all hosts by the
openstack_hostsrole, which ensures that bridge traffic is always sent through iptables.
sysstatpackage was installed on all distributions, but it was only configured to run on Ubuntu and OpenSUSE. It would not run on CentOS due to bad SELinux contexts and file permissions on
/etc/cron.d/sysstat. This has been fixed and
sysstatnow runs properly on CentOS.