29 lines
1.6 KiB
YAML
29 lines
1.6 KiB
YAML
---
|
|
prelude: >
|
|
This change deprecates the novajoin and the composable service that
|
|
enables TLS-Everywhere using novajoin. Instead, TLS Everywhere will be
|
|
implemented using the tripleo-ipa ansible module.
|
|
upgrade:
|
|
- This change deprecates novajoin and the service that depends on novajoin
|
|
to enable TLS-Everywhere. From now on, TLS-Everywhere will be set up
|
|
using the tripleo-ansible ansible module instead.
|
|
- When the undercloud is upgraded, for TLS Everywhere systems, a new
|
|
composable service will run to remove the novajoin containers.
|
|
- A pre-upgrade validation has been written to ensure that some necessary
|
|
permissions and ACIs have been added to the IPA server. As these changes
|
|
require admin privileges, they cannot be automated in THT.
|
|
- The environments/ssl/enable-internal-tls.j2.yaml file has been modified
|
|
to automatically point to the new service that implements TLS-Everywhere
|
|
using tripleo-ansible. Assuming you are adding this environment file to
|
|
your templates (which is typically the case when setting up
|
|
TLS-Everywhere) no other changes are required.
|
|
deprecations:
|
|
- This change deprecates novajoin, the service that deploys it on the
|
|
undercloud, and the corresponding service that implements TLS-Everywhere
|
|
using novajoin. TLS everywhere will be implemented from now on using
|
|
the tripleo-ipa ansible module instead.
|
|
- These services are novajoin-container-puppet.yaml and
|
|
ipaclient-baremetal-ansible.yaml
|
|
- On undercloud upgrade, a new composable service will remove the novajoin
|
|
and novajoin-notifier containers from the undercloud.
|