What’s changed in RPCO r13.0#
In v13.0, the default value for deploying the Networking service L3 in HA mode has changed from
True
toFalse
because of bug 1149. Operators who are switching from a system that has L3HA turned on, to one that has it turned off, must be aware of the following items:The HA routers that are present after the switch remain HA routers, unless the HA attribute on the router was set to
False
before making the switch.Note
HA routers must have their attribute changed to
False
before any playbooks are re-run. Otherwise the HA router namespaces will be deleted after the switch is made to an environment withl3_ha
set toFalse
.You can update the HA attribute of a router in Mitaka by first setting the admin-state attribute to
False
.neutron router-update --admin-state-up False <router-uuid> neutron router-update --ha=False <router-uuid> neutron router-update --admin-state-up True <router-uuid>
Note
Changing these settings interrupts connectivity for the subnets attached to the router.
The default value for
neutron_l2_population
has been overridden.A new optional argument has been added to the MaaS plugin
horizon_check.py
that takes in the name of the horizon Dashboard that is used to find the login page. The default value is set toopenstack dashboard
.LBaaSv2 can now be configured using the Dashboard.
The Dashboard extensions are now provided in the rpc-openstack repository.
Neutron L3HA as a default has been disabled because of the number of bugs that still exist in that feature. The default now is to use the neutron_ha_tool for backing up L3 routers.
Mitaka introduces the Compute service’s new database, nova API DB. As a result, the
nova_api_db_max_overflow
,nova_api_db_max_pool_size
, andnova_api_db_pool_timeout
variables are now available. These variables can be changed by overriding them directly (for a nova API DB change only), or by adaptingdb_max_overflow
,db_max_pool_size
, anddb_pool_timeout
(for a global change).The
nova_cloud_stats
MaaS plugin was incorrectly reporting the total CPU and total memory amounts available across all hypervisors, because it was not considering theallocation_ratios
that are set at the hypervisor level. Now, the plug-in attempts to correctly scale those values by passing in a multiplier based on the allocation ratios set in the configuration.Kibana has been upgraded to v4. This update includes an update to the default Dashboard and includes all of the features that Kibana added in v4.
Filebeat is now installed and configured on all hosts to provide lightweight log shipping to logstash.
The
galera_check.py
plugin now provides the following metrics:num_of_open_files
open_files_limit
innodb_row_lock_time_avg
innodb_deadlocks
access_denied_errors
aborted_clients
aborted_connects
New alarms have been created with the following criteria:
open_file_size_limit_reached: metric["num_of_open_files"] > metric["open_files_limit"] innodb_row_lock_time_avg: metric["innodb_row_lock_time_avg"] > {{ innodb_row_lock_time_avg_critical_threshold }} innodb_deadlocks: metric["innodb_deadlocks"] != 0 access_denied_errors: rate(metric["access_denied_errors"]) > {{ mysql_access_denied_errors_rate_warning_threshold }} aborted_clients: rate(metric["aborted_clients"]) > 1 aborted_connects: rate(metric["aborted_connects"]) > 1
Holland now runs inside a Python virtual environment by default. By default, the virtual environment is placed in
/openstack/venvs/holland-<release-tag>
.Variables and secrets are now managed so that downstream deployers do not have their settings overwritten. They are provided with overrides files that are managed after being laid down. The
user_*
files have been renamed to separate out what specifically the variables override.Beaver is no longer installed, configured, or managed by RPCO for log shipping.
The use of
user_variables
anduser_secrets
files has been deprecated, except for the following files:user_osa_secrets.yml
user_osa_variables_defaults.yml
user_osa_variables_overrides.yml
user_rpco_secrets.yml
user_rpco_variables_defaults.yml
user_rpco_variables_overrides.yml
The number of metrics that MAAS plugins can emit has been increased from 30 to 50, in line with new limits in the MAAS API.
f5-config.py
now works with both LEM and PROD to allow for better (unified) usage. Preliminary support for Python3 and SSL endpoints have been added.Configuring bridges and IP addresses for overlay networks is now optional. If unset, the
neutron_local_ip
value will default to theansible_ssh_host
value.A new user variable (list type) named
repo_build_pip_extra_indexes
has been introduced to fetch pip packages from the RPCO repository.The Holland configuration for XtraBackup (the tool for performing MariaDB database backups) is now set to perform backups against localhost in each container (instead of the load balanced IP address). This ensures that each of the containers is backing up its own copy of the databases.
The openstack-ansible-security role is now applied to all environments by default. It provides enhanced host security hardening without disrupting an existing OpenStack environment.
To opt-out of host security hardening, set
apply_security_hardening: false
in/etc/openstack_deploy/user_osa_variables_overrides.yml
.The security role documentation explains which security configurations are applied and how to apply custom configurations.
Live migration of nova is now SSH encrypted, using
qemu+ssh
instead ofqemu+tcp
. This behavior can be overridden by setting another URI in thelive_migration_uri
variable.The cinder driver LVMISCSIDriver has been removed. Configurations can now be updated to use LVMVolumeDriver instead before deploying Mitaka.
For Ceph, the following metrics are no longer supported by the
ceph_monitoring.py
plug-in:osd.x_in
osd.x_kb
osd.x_kb_used
osd.x_kb_avail
Substitute the numerical ID of the OSD for
x
.