Train Series Release Notes

18.0.0.0b1-132

New Features

  • The blazar dashboard is available in Horizon. Deployers can enable the panel by setting the following Ansible variable:

    horizon_enable_blazar_ui: True
    
  • The cloudkitty dashboard is available in Horizon. Deployers can enable the panel by setting the following Ansible variable:

    horizon_enable_cloudkitty_ui: True
    
  • The os_horizon role now supports distribution of user custom themes. Deployers can use the new key theme_src_archive of horizon_custom_themes dictionary to provide absolute path to the archived theme. Only .tar.gz, .tgz, .zip, .tar.bz, .tar.bz2, .tbz, .tbz2 archives are supported. Structure inside archive should be as a standard theme, without any leading folders.

  • The service setup in keystone for horizon will now be executed through delegation to the horizon_service_setup_host which, by default, is localhost (the deploy host). Deployers can opt to rather change this to the utility container by implementing the following override in user_variables.yml.

    horizon_service_setup_host: "{{ groups['utility_all'][0] }}"
    
  • Added variable horizon_bind_address which defines IP address where Apache will listen on horizon_listen_ports

  • Horizon has, since OSA’s inception, been deployed with HTTPS access enabled, and has had no way to turn it off. Some use-cases may want to access via HTTP instead, so this patch enables the following.

    • Listen via HTTPS on a load balancer, but via HTTP on the horizon host and have the load balancer forward the correct headers. It will do this by default in the integrated build due to the presence of the load balancer, so the current behaviour is retained.

    • Enable HTTPS on the horizon host without a load balancer. This is the role’s default behaviour which matches what it always has been.

    • Disable HTTPS entirely by setting haproxy_ssl: no (which will also disable https on haproxy. This setting is inherited by the new horizon_enable_ssl variable by default. This is a new option.

  • Add the possibility to disable openrc v2 download in the dashboard. new var horizon_show_keystone_v2_rc can be set to False to remove the entry for the openrc v2 download.

  • The masakari dashboard is available in Horizon. Deployers can enable the panel by setting the following Ansible variable:

    horizon_enable_masakari_ui: True
    
  • VPNaaS dashboard is again available in Horizon. Deployers can enable the panel by setting the following Ansible variable:

    horizon_enable_neutron_vpnaas: True
    
  • The role now supports using the distribution packages for the OpenStack services instead of the pip ones. This feature is disabled by default and can be enabled by simply setting the nova_install_method variable to distro.

  • The tacker dashboard is available in Horizon. Deployers can enable the panel by setting the following Ansible variable:

    horizon_enable_tacker_ui: True
    
  • The watcher dashboard is available in Horizon. Deployers can enable the panel by setting the following Ansible variable:

    horizon_enable_watcher_ui: True
    
  • The zun dashboard is available in Horizon. Deployers can enable the panel by setting the following Ansible variable:

    horizon_enable_zun_ui: True
    

Upgrade Notes

  • horizon_listen_ports variable was transformed to the dictionary with required keys http and https to have effect not only for apache ports.conf file, but also for the virtual host.

Deprecation Notes

  • The variable horizon_requires_pip_packages is no longer required and has therefore been removed.

  • Variable horizon_enable_neutron_lbaas has been removed because of global neutron lbaas retirement process. This means that horizon neutron-lbaas-ui plugin won’t be installed.

Security Issues

  • The default TLS version has been set to TLS1.2. This only allows version 1.2 of the protocol to be used when terminating or creating TLS connections. You can change the value with the horizon_ssl_protocol variable.

Bug Fixes