What’s changed in RPCO r13.0#

In v13.0, the default value for deploying the Networking service L3 in HA mode has changed from True to False because of bug 1149. Operators who are switching from a system that has L3HA turned on, to one that has it turned off, must be aware of the following items:
- The HA routers that are present after the switch remain HA routers, unless the HA attribute on the router was set to False before making the switch.
  
  Note
  
  HA routers must have their attribute changed to False before any playbooks are re-run. Otherwise the HA router namespaces will be deleted after the switch is made to an environment with l3_ha set to False.
- You can update the HA attribute of a router in Mitaka by first setting the admin-state attribute to False.
```
neutron router-update --admin-state-up False <router-uuid>
neutron router-update --ha=False <router-uuid>
neutron router-update --admin-state-up True <router-uuid>
```
  Note
  
  Changing these settings interrupts connectivity for the subnets attached to the router.
The default value for neutron_l2_population has been overridden.
A new optional argument has been added to the MaaS plugin horizon_check.py that takes in the name of the horizon Dashboard that is used to find the login page. The default value is set to openstack dashboard.
LBaaSv2 can now be configured using the Dashboard.
The Dashboard extensions are now provided in the rpc-openstack repository.
Neutron L3HA as a default has been disabled because of the number of bugs that still exist in that feature. The default now is to use the neutron_ha_tool for backing up L3 routers.
Mitaka introduces the Compute service’s new database, nova API DB. As a result, the nova_api_db_max_overflow, nova_api_db_max_pool_size, and nova_api_db_pool_timeout variables are now available. These variables can be changed by overriding them directly (for a nova API DB change only), or by adapting db_max_overflow, db_max_pool_size, and db_pool_timeout (for a global change).
The nova_cloud_stats MaaS plugin was incorrectly reporting the total CPU and total memory amounts available across all hypervisors, because it was not considering the allocation_ratios that are set at the hypervisor level. Now, the plug-in attempts to correctly scale those values by passing in a multiplier based on the allocation ratios set in the configuration.
Kibana has been upgraded to v4. This update includes an update to the default Dashboard and includes all of the features that Kibana added in v4.
Filebeat is now installed and configured on all hosts to provide lightweight log shipping to logstash.
The galera_check.py plugin now provides the following metrics:
- num_of_open_files
- open_files_limit
- innodb_row_lock_time_avg
- innodb_deadlocks
- access_denied_errors
- aborted_clients
- aborted_connects

New alarms have been created with the following criteria:

open_file_size_limit_reached:
metric["num_of_open_files"] > metric["open_files_limit"]
innodb_row_lock_time_avg:
metric["innodb_row_lock_time_avg"] > {{ innodb_row_lock_time_avg_critical_threshold }}
innodb_deadlocks:
metric["innodb_deadlocks"] != 0
access_denied_errors:
rate(metric["access_denied_errors"]) > {{ mysql_access_denied_errors_rate_warning_threshold }}
aborted_clients:
rate(metric["aborted_clients"]) > 1
aborted_connects:
rate(metric["aborted_connects"]) > 1

Holland now runs inside a Python virtual environment by default. By default, the virtual environment is placed in /openstack/venvs/holland-<release-tag>.
Variables and secrets are now managed so that downstream deployers do not have their settings overwritten. They are provided with overrides files that are managed after being laid down. The user_* files have been renamed to separate out what specifically the variables override.
Beaver is no longer installed, configured, or managed by RPCO for log shipping.
The use of user_variables and user_secrets files has been deprecated, except for the following files:
- user_osa_secrets.yml
- user_osa_variables_defaults.yml
- user_osa_variables_overrides.yml
- user_rpco_secrets.yml
- user_rpco_variables_defaults.yml
- user_rpco_variables_overrides.yml
The number of metrics that MAAS plugins can emit has been increased from 30 to 50, in line with new limits in the MAAS API.
f5-config.py now works with both LEM and PROD to allow for better (unified) usage. Preliminary support for Python3 and SSL endpoints have been added.
Configuring bridges and IP addresses for overlay networks is now optional. If unset, the neutron_local_ip value will default to the ansible_ssh_host value.
A new user variable (list type) named repo_build_pip_extra_indexes has been introduced to fetch pip packages from the RPCO repository.
The Holland configuration for XtraBackup (the tool for performing MariaDB database backups) is now set to perform backups against localhost in each container (instead of the load balanced IP address). This ensures that each of the containers is backing up its own copy of the databases.
The openstack-ansible-security role is now applied to all environments by default. It provides enhanced host security hardening without disrupting an existing OpenStack environment.

To opt-out of host security hardening, set apply_security_hardening: false in /etc/openstack_deploy/user_osa_variables_overrides.yml.

The security role documentation explains which security configurations are applied and how to apply custom configurations.
Live migration of nova is now SSH encrypted, using qemu+ssh instead of qemu+tcp. This behavior can be overridden by setting another URI in the live_migration_uri variable.
The cinder driver LVMISCSIDriver has been removed. Configurations can now be updated to use LVMVolumeDriver instead before deploying Mitaka.
For Ceph, the following metrics are no longer supported by the ceph_monitoring.py plug-in:
- osd.x_in
- osd.x_kb
- osd.x_kb_used
- osd.x_kb_avail
Substitute the numerical ID of the OSD for x.