[release-announce] tripleo-heat-templates 10.3.0 (stein)
no-reply at openstack.org
no-reply at openstack.org
Fri Jan 11 16:30:00 UTC 2019
We are satisfied to announce the release of:
tripleo-heat-templates 10.3.0: Heat templates for deploying OpenStack
with OpenStack.
This release is part of the stein release series.
The source is available from:
https://git.openstack.org/cgit/openstack/tripleo-heat-templates
Download the package from:
https://tarballs.openstack.org/tripleo-heat-templates/
Please report issues through launchpad:
https://bugs.launchpad.net/tripleo
For more details, please see below.
10.3.0
^^^^^^
New Features
************
* Added code in the barbican-api.yaml template to allow barbican to
be configured to run with either an ATOS or Thales HSM back-end.
Also added environment files with all the required variables. The
added code installs and configures the client software on the
barbican nodes, generates the required kets for the PKCS#11 plugin,
and configures barbican correctly. For the Thales case, it also
contacts the RFS server to add the new clients to the HSM.
* Add new CinderNfsSnapshotSupport parameter, which controls whether
cinder's NFS driver supports snapshots. The default value is True.
* Composable Networks now support creating L3 routed networks. L3
networks use multiple L2 network segments and multiple ip subnets.
In addition to the base subnet automatically created for any
composable network, additional subnets can be defined under the
"subnets" key for each network in the data file
("network_data.yaml") used by composable networks. Please refer to
the "network_data_subnets_routed.yaml" file for an example
demonstrating how to define composable L3 routed networks.
* For composable roles it is now possible to control which subnet in
a L3 routed network will host network ports for the role. This is
done by setting the subnet for each network in the role defenition
("roles_data.yaml"). For example:
- name: <role_name>
networks:
InternalApi:
subnet: internal_api_leaf2
Tenant:
subnet: tenant_leaf2
Storage:
subnet: storage_leaf2
* To enable control of which subnet is used for virtual IPs on L3
routed composable networks the new parameter "VipSubnetMap" where
added. This allow the user to override the subnet where the VIP port
should be hosted. For example:
parameter_defaults:
VipSubnetMap:
ctlplane: ctlplane-leaf1
InternalApi: internal_api_leaf1
Storage: storage_leaf1
redis: internal_api_leaf1
* New roles for DistributedCompute and DistributedComputeHCI are
added. These roles match the existing Compute roles, but also
include the CinderVolume service. The CinderVolume service is
included using the BlockStorageCinderVolume service name so that it
can be mapped independently from CinderVolume.
* Add new parameter 'GlanceImageImportPlugins', to enable plugins
used by image import process. Add parameter
'GlanceImageConversionOutputFormat', to provide desired output
format for image conversion plugin.
* Allow to output HAProxy in a dedicated file
* Adds new HAProxySyslogFacility param
* Add parameter *NovaHWMachineType* which allows to explicitly set
machine_type across all compute nodes during deployment, to allow
migration compatibility from compute nodes with higher host OS
version to compute nodes with lower host OS version.
* Adds support to configure disjoint address pools for Ironic
Inspector.
When Inspector is deployed as a HA service disjoint address pools
should be served by the DHCP instances to avoid address conflict
issues. The disjoint address pools are configured by using hostname
(short form) as the key, then pass the list of ranges for each host.
For example:
parameter_defaults:
IronicInspectorSubnets:
overcloud-ironic-0:
- ip_range: 192.168.24.100,192.168.24.119
- ip_range: 192.168.25.100,192.168.25.119
netmask: 255.255.255.0
gateway: 192.168.25.254
tag: subnet1
overcloud-ironic-1:
- ip_range: 192.168.24.120,192.168.24.139
- ip_range: 192.168.25.120,192.168.25.139
netmask: 255.255.255.0
gateway: 192.168.25.254
tag: subnet1
* The network data for composible networks have been extended to
enable configuration of the maximum transmission unit (MTU) that is
guaranteed to pass through the data path of the segments in the
network. The MTU property is set on the neutron networks in the
undercloud. The MTU information is used in the nic-config templates
so that overcloud node networking is configured with the correct MTU
settings.
* Nova now allows use of templated urls in the database and mq
connections which will allow static configuration elements to be
applied to the urls read from the database per-node. This should be
a simpler and less obscure method of configuring things like the
per-node bind_address necessary for director's HA arrangement. This
patch addresses the templated DB urls as part 1. Nova support added
here - https://review.openstack.org/578163
* Nova now allows use of templated urls in the database and mq
connections which will allow static configuration elements to be
applied to the urls read from the database per-node. This should be
a simpler and less obscure method of configuring things like the
per-node bind_address necessary for director's HA arrangement. This
patch addresses the templated transport urls as part 2. Nova support
added here - https://review.openstack.org/578163
* The MTU defined for the "Tenant" network in network_data is now
used to set neutron's "global_physnet_mtu" unless the
"NeutronGlobalPhysnetMtu" parameter is used to override the default.
(Neutron uses the "global_physnet_mtu" value to calculate MTU for
all virtual network components. For flat and VLAN networks, neutron
uses this value without modification. For overlay networks such as
VXLAN, neutron automatically subtracts the overlay protocol overhead
from this value.)
* Add new TunedCustomProfile parameter which may contain a string in
INI format describing a custom tuned profile. Also provide a new
environment file for users of hypercoverged Ceph deployments using
the Ceph filestore storage backened. The tuned profile is based on
heavy I/O load testing. The provided environment file creates
/etc/tuned/ceph-filestore-osd-hci/tuned.conf and sets this tuned
profile to be active. Not intended for use with Ceph bluestore.
Known Issues
************
* Fix misnaming of service in firewall rule for Octavia Health
Manager service.
Upgrade Notes
*************
* Cinder's NFS driver does not support snapshots unless the feature
is explicitly enabled (this policy was chosen to ensure
compatibility with very old versions of libvirt). The
CinderNfsSnapshotSupport default value is True, and so the new
default behavior enables NFS snapshots. This change is safe because
it just enables a capability (i.e. snapshots) that other cinder
drivers generally provide.
* Deployers that used "resource_registry" override in their
environment to add networks to roles without also using a custom
roles data file must create a custom roles data file and add the
additional network(s) and use this when upgrading.
Previously it was possible to add additional networks to a role
without using a custom role by overriding the resource registry, for
example:
OS::TripleO::Compute::Ports::ExternalPort: ../network/ports/external.yaml
Warning: Since resources are no longer added to the plan unless
the network is specified in the role, the "resource_registry"
override alone is no longer sufficient.
* Deployments using custom names for subnets must also set the
subnet to use for the roles used in the deployment. I.e if
"NetworkNameSubnetName" parameter was used to define a non-default
subnet name for any network, the role defenition ("roles_data.yaml")
and "VipSubnetMap" parameter must use the same value.
Warning: The update will fail if "<NetworkName>SubnetName" was
used to set a custom subnet name, and the role defenition and/or
the "VipSubnetMap" is not set to match the custom subnet name.
* Installing Aodh services on baremetal is no longer supported.
* Installing glance on Baremetal is no longer supported
* Installing Ironic on baremetal is no longer supported
* Installing Keepalived service on baremetal is no longer supported.
* Deploying keystone on baremetal is no longer supported.
* Installing memcached services on baremetal is no longer supported.
* Installing zaqar on baremetal is no longer supported
* Tags are now used on the "ctlplane" network to store the list of
cidrs associated with the subnets on the "ctlplane" network. Users
of Deployed Server (pre-provisioned servers) need to update the port
map ("DeployedServerPortMap") to include the required data. For
example:
parameter_defaults:
DeployedServerPortMap:
controller0-ctlplane:
fixed_ips:
- ip_address: 192.168.24.9
subnets:
- cidr: 192.168.24.0/24
network:
tags:
- 192.168.24.0/24
- 192.168.25.0/24
compute0-ctlplane:
fixed_ips:
- ip_address: 192.168.25.8
subnets:
- cidr: 192.168.25.0/24
network:
tags:
- 192.168.24.0/24
- 192.168.25.0/24
* Prior to upgrading any custom nic-config templates must have the
MTU associated parameters introduced in this release added. As an
example the following must be added to all nic-config templates when
network isolation is used:
ControlPlaneMtu:
default: 1500
description: The maximum transmission unit (MTU) size(in bytes) that is
guaranteed to pass through the data path of the segments in the network.
(The parameter is automatically resolved from the ctlplane network's mtu attribute.)
type: number
StorageMtu:
default: 1500
description: The maximum transmission unit (MTU) size(in bytes) that is
guaranteed to pass through the data path of the segments in the
Storage network.
type: number
StorageMgmtMtu:
default: 1500
description: The maximum transmission unit (MTU) size(in bytes) that is
guaranteed to pass through the data path of the segments in the
StorageMgmt network.
type: number
InternalApiMtu:
default: 1500
description: The maximum transmission unit (MTU) size(in bytes) that is
guaranteed to pass through the data path of the segments in the
InternalApi network.
type: number
TenantMtu:
default: 1500
description: The maximum transmission unit (MTU) size(in bytes) that is
guaranteed to pass through the data path of the segments in the
Tenant network.
type: number
ExternalMtu:
default: 1500
description: The maximum transmission unit (MTU) size(in bytes) that is
guaranteed to pass through the data path of the segments in the
External network.
type: numbe
ManagementMtu:
default: 1500
description: The maximum transmission unit (MTU) size(in bytes) that is
guaranteed to pass through the data path of the segments in the
Management network.
type: number
* The hiera bootstrap_nodeid_ip key has been replaced with per-
service SERVICE_bootstrap_node_ip where SERVICE is the service_name
from the composable service templates. If any out-of-tree services
use this key they will need to adjust to the new interface on
upgrade.
* We don't run the upgrade_tasks Ansible tasks that stop systemd
services and since all services are now containerized. However, we
decided to keep the tasks that remove the rpms in case some of
deployments didn't cleanup them in previous releases, they can still
do it now. These tasks were useful in Rocky when we converted the
Undercloud from baremetal to containers but in Stein this is not
useful anymore. It's actually breaking upgrades for Podman, as
containers are now seen by systemd, and these tasks conflicts with
the way containers are managed in Paunch.
Deprecation Notes
*****************
* For deploying with hw offloading, we should use the "environments
/ovs-hw-offload.yaml" file beside neutron, opendaylight or ovn
environments files, no needs to have seperated files as before
Critical Issues
***************
* Networks not specified for roles in roles data ("roles_data.yaml")
no longer have Heat resources created. It is now mandatory that
custom roles are used when non-default networks is used for a role.
Previously it was possible to add additional networks to a role
without using a custom role by overriding the resource registry, for
example:
OS::TripleO::Compute::Ports::ExternalPort: ../network/ports/external.yaml
Note: The "resource_registry" override was the only requirement
prior to the introduction of *Composable Networks* in the Pike
release.Since Pike a custom role would ideally be used when adding
networks to roles, but documentation and other guides may not have
been properly updated and only mention the "resource_registry"
override.
Bug Fixes
*********
* The recommended API for checking when OpenDaylight is up and ready
has changed. Use the new ODL Infrautils diagstatus REST API
endpoint, vs the old netvirt:1 endpoint.
* The NtpServer default set now includes multiple pool.ntp.org hosts
to ensure that the time can be properly synced during the
deployment. Having only a single timesource can lead to deployment
failures if the time source is unavailable during the deployment. It
is recommended that you either set multiple NtpServers or use the
NtpPool configuration to ensure that enough time sources are
available for the hosts. Note that the NtpPool configuration is only
available when using chrony. See LP#1806521
* Novajoin now log's to "/var/log/container" in the same way other
TripleO container services do. See Bug: 1796658
(https://bugs.launchpad.net/tripleo/+bug/1796658).
* In other sections we already use the internal endpoints for
authentication urls. With this change the auth_uri in the neutron
section gets moved from KeystoneV3Admin to KeystoneV3Internal.
* With tls-everywhere enabled connecting to keystone endpoint fails
to retrieve the URL for the placement endpoint as the certificate
can not be verified. While verification is disabled to check the
placement endpoint later, it is not to communicate with keystone.
This disables certificate verification for communication with
keystone.
* /opt/opendaylight/data folder is mounted on host. This folder
contains information about installed features in ODL. Mounting this
folder on container makes ODL believe that features are installed
and it doesnot generate required for proper boot. Thus this folder
is no longer mounted to host so that ODL can boot properly on
restart.
* CephOSD/Compute nodes crash under memory pressure unless custom
tuned profile is used (bug 1800232).
Other Notes
***********
* HostPrepConfig has been removed. The resource isn't used anymore.
It was using the old fashion to run Ansible via Heat, which we don't
need anymore with config-download by default in Rocky.
* MongoDB hasn't been supported since Pike, it's time to remove the
deployment files. Starting in Stein, it's not possible to deploy
MongoDB anymore.
Changes in tripleo-heat-templates 10.2.0..10.3.0
------------------------------------------------
bb1a120 Rework the generated openshift-ansible playbook
832a895 Fix scenario003-standalone remove extra cinder/horizon/swift
78ee893 Add horizon WebSSO support for OpenID Connect
a017eca Fall back public_virtual_ip to ctlplane if External net not present
868c768 Only add internal_api_virtual_ip if InternalApi in network_data
a15509f Ensure /var/lib/iscsi actually exists before mounting it
d8ee4b9 docker-puppet.py: only create docker-puppet.sh when it doesn't exist
1bd0bf0 Add standalone scenario jobs into the gate as well as check
884ceb1 Fix scenario002-standalone missing aodh/ceilo/heat/gnocchi services
40ba776 Flatten Keystone service configuration
f9b5401 Do not dereference .stdout if dmidecode is missing
991e0fc Reno only - Check for available networks for a role
f3b7f15 Fix example in releasenotes/notes/composable-network-subnets
3f69b76 Configure undercloud timezone
b1d34c9 docker-puppet.py: move entrypoint mount to latest in order
cf333d3 Add default to network.mtu in j2 in nic configs
f555e4b Add Distributed Compute roles
97cf1c2 Let the operator manage openshift updates and upgrades
20b677d Use templating for nova cell transport-url
8665a0d Make NetCidrMapValue contain list of cidrs in each net
00cecfe Add a tag's containing subnet cidr to ctlplane network
8865d01 ironic: enable the ipxe boot interface by default
be07f99 Remove MongoDB
cf70e57 Fix scenario004-standalone - remove cinder/fluentd/horizon/redis
4c5b528 Fix scenario001-standalone missing aodh/ceilo/heat/gnocchi services
21145a9 Bind mount docker-puppet.py in RO without SElinux labelling
340afe2 Replace tripleo-scenario002-multinode with scenario002-standalone
2f2d818 L3 routed networks - subnet fixed_ips (3/3)
26a8601 Fix bind mount for glance-api's service directory
243cb34 Bind mount /var/lib/iscsi in containers using iSCSI
38f7522 update datatype for "OctaviaFlavorId"
54fb81e Prevent service bootstrap node facts from colliding with each other
44b155e Ensure we get the correct setype for haproxy log dir
ee7fbe5 Ensure we get the right SELinux context for config-data sub-dir
5f27abb Remove deprecated workflow resource registry entries
4d9ad79 Replace tripleo scenario004-multinode with scenario004-standalone
13d0057 Update hacking version
2c44fe0 L3 routed networks - network.j2 (2/3)
91985cf L3 routed networks - data + env (1/3)
105ae9d Add keystone::wsgi::apache::api_port
cd86676 Update auth parameters
bbfce24 Use mtu of Tenant network to control neutron global_physnet_mtu
88ab644 Use calculated undercloud ctlplane DHCP allocation pools
e644e3d Add MTU to neutron networks and nic-config templates
62b4ded The monitoring_subscription was lost in translation
d8b2e9b Replace scenario004 multinode with standalone
17e0087 Add template code to configure hsm backends for barbican
7288062 Use templating for nova cell database_connection
c3bd127 Temporary remove selinux label mount option for neutron
669a7b8 Remove unused nova packages from host during upgrade and update
f770724 Explicitly set KVM machine_type for migration compatibility
67e74a6 flatten sshd service configuration
2913e57 Add python interpreter to ansible postconfig
cd331e4 flatten time service configuration
8b72e4d Fix issue with when statement in docker-registry.yaml.
90717bd Add missing role_specific tag for NUMA aware vswitches params
211a51d Remove redis from standalone env
e7691b7 Rename tripleo-ci-centos-7-scenario00{6,9}-multinode-oooq
3b27572 Replace scenario001-multinode with scenario001-standalone
7fe1730 Move podman into deployment directory
971d97b Correct file modes for rpmlint failures
bcc3335 flatten tripleo-firewall service configuration
7106a29 flatten tuned service configuration
3d9863b flatten snmp service configuration
7a9d6cb flatten memcached service configuration
3114300 Fix horizon's iptables rules for haproxy when split off a separate role
228710f Move [neutron] auth_url to KeystoneV3Internal
974c68e Add tripleo-ci-centos-7-scenario003-standalone job
2f84e6e Remove unused params in jinja rendered network config templates
7fbc4b0 Flatten Glance service configuration
0de7bc0 Flatten Zaqar service configuration
ced9f88 Flatten Ironic services configuration
ce72766 Update tuned profile variable configuration file if it exists
571a764 Allow for service_bootstrap_ips empty list in IpListMap
b390ddd Drop baremetal job template
81e8f08 Fix and consolidate cinder-backup host prep tasks
7345963 Flatten Keepalived service configuration
bcf80d4 Add deployments/README.rst
bf1c16d Fix service naming conventions
29da33f Fix misnaming of service in firewall rule
a0a7c4f Enable support for openidc federation in keystone
12468ac Spliting compact services in multiples lines
32f4db8 Fix access to /var/lib/haproxy when SELinux is enabled
c579480 Add a dual-bond example NIC config template
9333740 Enable image import plugins & image output format
0576e26 Ensure we get dedicated logging file for HAProxy
eb3efe7 Remove deploy steps on empty roles
2024bb0 Ironic Inspector - disjoint ip range(s) for HA
c2aeb45 Replace confusing usage of update_identifier
62b5426 Run local registry and prep cont at standalone
25a4fb7 Force rhsm re-registration during upgrades.
34aa238 puppet_config for rabbitmq_bundle needs file_line
5bc5ae9 Perform docker reconfiguration on upgrade_tasks.
e3c1b7e docker: wire SELinuxMode with Ansible vars
bc0246f Add TunedCustomProfile parameter and HCI Ceph filestore environment
9efb5f9 Fix - ApacheServiceBase needs ServiceData
63a6d4b Add ansible python interpreter configuration support
ec8cc54 Switch debug to use logging classes
32ae3ff Remove invalid comment in ips-from-pool-ctlplane
e4ee042 upgrade: remove tasks that stop and disable services
dcdf75b Allow to run docker-puppet.py with SELinux enabled
36cfba3 Run collectd socket cleanup on container start
ad0ac42 Removing the deprecated environment files for hw offloading
55a22c5 Lower mistral-executor nofile to 1024
862f52c Put user data in the main stack
efa69b7 Remove HostPrepConfig
bcb079a mistral-executor: bind-mount undercloud.conf when validations are enabled
aaad502 Introduce container_cli hiera key
be61d8a Re-implement keepalived restart without pre_deploy
07c0228 Add support for cinder NFS snapshots
57c4f03 Remove CephAnsibleSkipTags from scenario1/4 standalone ci envs
0a99380 Disable pacemaker on multinode-containers (fs010)
2dfd0ea Flatten Aodh service configuration
6239249 Update yaml-validate for deployment/ folders
670e720 Remove nic for storage_mgt network
e9525d3 Don't mount data folder
21c6edc Add relnotes for ODL migration to diagstatus API
446dcc1 Fix fs035 by defining a default gateway_ipv6
7c4b027 Allow customization of more openshift-ansible vars
90d3723 Specify multiple NtpServers by default
3960b8e Include cpu plugin in default collect plugins
3f52eb5 [Core] Change openstack-dev to openstack-discuss.
d95e990 Change openstack-dev to openstack-discuss
08071d0 Add comments clarifying use of deprecated_params for roles
a9c0fa5 neutron-cleanup skips ports marked skip_cleanup=true
5b94d50 Add env file for standalone scenario002
a99820a nova_compute fails to start in tls-everywhere configuration
0101b46 Allow to skip docker reconfiguration during stack update
7450a79 Use https instead of http for docs links
435e846 Process the templates even if j2_excludes file is not present
4de1794 Set facter variable 'uuid' explicitly in docker-puppet.py
50de026 Set balance to source for openshift_router endpoints
bd51cf5 Use InternalApi network for openshift_master_cluster_hostname
0cbbdac Add DockerPuppetMountHostPuppet parameter
da87906 Use new ODL diagstatus heath check REST URL
1269915 Default NtpPool to an empty list
030442d Invoke redhat-subscription role during upgrade.
3f57d73 Fix pacemaker tagging race condition
0012c42 Mount config-data/puppet-generated/nova for nova_api_ensure_default_cell
948ab3f Use correct permission on Gnocchi tmp dir
3b6f022 Enable ironic-inspector support in ironic when enabling ironic-inspector
8980b57 Fix Swift S3 API configuration
642760e Mount puppet-generated directory for tripleo-validations
8a6be5f Remove ties between ceilometer and panko
5787e17 Exclude redundant letters
7a1cd82 ctlplane pre-alloc IPs - deprecated/non-deprecated role name
21905f7 Remove common bootstrap_nodeid from deploy_steps/tripleo-packages.yaml
3c8e736 Fix Octavia hieradata keys
eaa8f8c Add Storage network to IronicConductor role
47b7539 upgrade: remove Docker containers now managed by Podman
a77d045 Add SERVICE_bootstrap_node_ip values to allNodesConfig
1e5ccb4 Handle python binary look for scripts
cc61ff9 Change step to start nova placement and make compute wait for it
6614290 Fix ServiceData in docker/services/aodh-api.yaml
386adca Adds ci/environments/scenario004-standalone.yaml for new job
244f621 Add a new standalone scenario003 env file
afa16ae Create clouds.yaml for the undercloud
b7ebf58 Disable deprecated parameter ControllerEnableSwiftStorage
d69e3af Fix logging for metrics_qdr
b63f6a3 Initial conversion of scenario001 to standalone
b3eca20 Configure registry to use gluster
ecb0296 Add config files/templates to integrate nsx plugin with container
5d275fb Check for available networks for a role
5bff1c5 Update kolla_config to deal with keystone fernet key rotation
4702ad3 Call etcd scaleup playbook when adding master nodes
cca4eb3 Add hosts to expected ansible groups
a425a6f CiscoNexus: Update and Remove deprecated vars
634365b Remove developer tools from tripleo .gitignore
6b9b765 Fix a typo of "rabbitmq"
29a53d9 Align novajoin container logging to other services
6d1a5b6 Upload amphora image in RAW format if RBD backend
0b58798 YAML NIC Config 2 script - fix comment indentation
a71049e Add deprecated_server_resource_name for ObjectStorage role
2fb91cd Add a gateway IP to the Management net in network_data.yaml
97c363b Fix the scenario007 CI job failure
1e8577e Don't require files key in env-generator
9ff7006 modify assignment spelling
Diffstat (except docs and test files)
-------------------------------------
.gitignore | 19 +-
README.rst | 4 +-
bindep.txt | 2 +-
capabilities-map.yaml | 11 -
ci/common/net-config-multinode-os-net-config.yaml | 42 +
ci/common/net-config-multinode.yaml | 42 +
ci/common/net-config-simple-bridge.yaml | 42 +
ci/environments/multinode-containers.yaml | 10 -
.../network-isolation-absolute.yaml | 1 -
.../multiple-nics-ipv6/network-isolation.yaml | 1 -
.../nic-configs/ceph-storage.yaml | 42 +
.../nic-configs/cinder-storage.yaml | 42 +
.../multiple-nics-ipv6/nic-configs/compute.yaml | 42 +
.../multiple-nics-ipv6/nic-configs/controller.yaml | 42 +
.../nic-configs/swift-storage.yaml | 42 +
.../multiple-nics/nic-configs/ceph-storage.yaml | 42 +
.../multiple-nics/nic-configs/cinder-storage.yaml | 42 +
.../network/multiple-nics/nic-configs/compute.yaml | 48 +-
.../multiple-nics/nic-configs/controller.yaml | 42 +
.../multiple-nics/nic-configs/swift-storage.yaml | 42 +
.../public-bond/nic-configs/ceph-storage.yaml | 42 +
.../public-bond/nic-configs/cinder-storage.yaml | 42 +
.../network/public-bond/nic-configs/compute.yaml | 42 +
.../public-bond/nic-configs/controller.yaml | 42 +
.../public-bond/nic-configs/swift-storage.yaml | 42 +
ci/environments/scenario001-standalone.yaml | 121 +++
.../scenario002-multinode-containers.yaml | 2 +-
ci/environments/scenario002-standalone.yaml | 58 ++
ci/environments/scenario003-standalone.yaml | 84 ++
ci/environments/scenario004-standalone.yaml | 93 +++
.../scenario006-multinode-containers.yaml | 7 +-
.../scenario007-multinode-containers.yaml | 7 +
.../scenario012-multinode-containers.yaml | 6 +-
ci/scripts/freeipa_setup.sh | 0
common/deploy-steps-tasks.yaml | 19 +
common/deploy-steps.j2 | 120 ++-
deployed-server/deployed-neutron-port.yaml | 8 +-
.../deployed-server-bootstrap-centos.sh | 0
deployed-server/deployed-server-bootstrap-rhel.sh | 0
deployed-server/deployed-server-roles-data.yaml | 1 -
deployed-server/scripts/enable-ssh-admin.sh | 9 +-
deployment/README.rst | 32 +
deployment/aodh/aodh-api-container-puppet.yaml | 294 +++++++
deployment/aodh/aodh-base.yaml | 135 ++++
.../aodh/aodh-evaluator-container-puppet.yaml | 162 ++++
.../aodh/aodh-listener-container-puppet.yaml | 169 ++++
.../aodh/aodh-notifier-container-puppet.yaml | 169 ++++
deployment/glance/glance-api-container-puppet.yaml | 591 ++++++++++++++
.../glance/glance-api-logging-file-container.yaml | 46 ++
.../glance/glance-api-logging-stdout-puppet.yaml | 21 +
.../glance/glance-registry-disabled-puppet.yaml | 57 ++
deployment/ironic/ironic-api-container-puppet.yaml | 343 ++++++++
deployment/ironic/ironic-base-puppet.yaml | 108 +++
.../ironic/ironic-conductor-container-puppet.yaml | 629 +++++++++++++++
.../ironic/ironic-inspector-container-puppet.yaml | 477 ++++++++++++
.../ironic-neutron-agent-container-puppet.yaml | 129 +++
deployment/ironic/ironic-pxe-container-puppet.yaml | 182 +++++
.../keepalived/keepalived-container-puppet.yaml | 178 +++++
deployment/keystone/keystone-container-puppet.yaml | 867 +++++++++++++++++++++
.../memcached/memcached-container-puppet.yaml | 196 +++++
deployment/podman/podman-baremetal-ansible.yaml | 74 ++
deployment/snmp/snmp-baremetal-puppet.yaml | 89 +++
deployment/sshd/sshd-baremetal-puppet.yaml | 80 ++
deployment/time/ntp-baremetal-puppet.yaml | 115 +++
deployment/time/ptp-baremetal-puppet.yaml | 112 +++
deployment/time/timezone-baremetal-puppet.yaml | 46 ++
deployment/timesync/chrony-ansible.yaml | 163 ----
deployment/timesync/chrony-baremetal-ansible.yaml | 159 ++++
.../tripleo-firewall-baremetal-puppet.yaml | 57 ++
deployment/tuned/tuned-baremetal-puppet.yaml | 65 ++
deployment/zaqar/zaqar-container-puppet.yaml | 382 +++++++++
.../octavia/octavia-deployment-config.yaml | 5 +
.../nova_wait_for_placement_service.py | 110 +++
environments/barbican-backend-pkcs11-atos.yaml | 29 +
environments/barbican-backend-pkcs11-thales.yaml | 38 +
environments/barbican-backend-pkcs11.yaml | 1 +
environments/baremetal-services.yaml | 16 +-
environments/composable-roles/monolithic-ha.yaml | 4 +-
.../composable-roles/monolithic-nonha.yaml | 4 +-
environments/composable-roles/standalone.yaml | 4 +-
environments/disable-panko.yaml | 1 +
environments/docker-uc-light.yaml | 4 +-
environments/enable-federation-openidc.yaml | 79 ++
environments/ips-from-pool-ctlplane.yaml | 4 +-
environments/lifecycle/ffwd-upgrade-prepare.yaml | 1 +
environments/lifecycle/upgrade-prepare.yaml | 2 +
environments/mongodb-nojournal.yaml | 5 -
environments/net-2-linux-bonds-with-vlans.j2.yaml | 17 +
environments/network-environment-v6.j2.yaml | 28 +
environments/network-environment.j2.yaml | 30 +-
.../network-isolation-no-tunneling.j2.yaml | 23 +-
environments/network-isolation-v6.j2.yaml | 27 +-
environments/network-isolation.j2.yaml | 21 +-
environments/neutron-ml2-cisco-nexus-ucsm.yaml | 8 -
environments/neutron-ml2-ovn-hw-offload.yaml | 39 -
environments/neutron-nsx.yaml | 2 +
environments/neutron-plumgrid.yaml | 0
environments/neutron-sriov.yaml | 0
environments/nsx-config.yaml | 22 +
environments/openshift.yaml | 2 +-
environments/podman.yaml | 2 +-
.../services-baremetal/ironic-inspector.yaml | 2 -
environments/services-baremetal/ironic.yaml | 7 -
.../neutron-opendaylight-hw-offload.yaml | 33 -
.../services-baremetal/neutron-ovn-hw-offload.yaml | 43 -
.../services-baremetal/neutron-ovs-hw-offload.yaml | 24 -
.../services-baremetal/undercloud-aodh.yaml | 5 -
.../services-baremetal/undercloud-keepalived.yaml | 2 -
environments/services-baremetal/zaqar.yaml | 3 -
environments/services/ironic-inspector.yaml | 6 +-
environments/services/ironic.yaml | 8 +-
environments/services/neutron-nsx-lbaasv2.yaml | 6 +
.../services/neutron-opendaylight-hw-offload.yaml | 34 -
environments/services/neutron-ovn-hw-offload.yaml | 45 --
environments/services/neutron-ovs-hw-offload.yaml | 24 -
environments/services/ptp.yaml | 2 +-
environments/services/undercloud-aodh.yaml | 7 -
environments/services/undercloud-keepalived.yaml | 2 +-
environments/services/zaqar-swift-backend.yaml | 2 +-
environments/services/zaqar.yaml | 2 +-
environments/standalone.yaml | 1 +
environments/standalone/standalone-overcloud.yaml | 4 +-
environments/standalone/standalone-tripleo.yaml | 8 +-
environments/stdout-logging.yaml | 2 +-
environments/tuned-ceph-filestore-hci.yaml | 13 +
environments/undercloud.yaml | 6 +-
.../nova_metadata/krb-service-principals.j2.yaml | 4 +-
extraconfig/post_deploy/clouds_yaml.py | 88 +++
extraconfig/post_deploy/standalone_post.sh | 26 -
extraconfig/post_deploy/standalone_post.yaml | 55 +-
.../post_deploy/undercloud_ctlplane_network.py | 65 +-
extraconfig/post_deploy/undercloud_post.py | 17 +-
extraconfig/post_deploy/undercloud_post.yaml | 77 +-
.../rhel-registration/scripts/rhel-registration | 0
.../rhel-registration/scripts/rhel-unregistration | 0
extraconfig/pre_deploy/undercloud_pre.sh | 8 -
extraconfig/pre_deploy/undercloud_pre.yaml | 23 -
extraconfig/pre_network/boot_param_tasks.yaml | 6 +-
extraconfig/services/openshift-cns.yaml | 1 +
extraconfig/services/openshift-infra.yaml | 4 +-
extraconfig/services/openshift-master.yaml | 188 +++--
extraconfig/services/openshift-node.yaml | 37 +-
extraconfig/services/rhsm.yaml | 12 +-
firstboot/os-net-config-mappings.yaml | 7 +-
net-config-bond.j2.yaml | 12 +
net-config-bridge.j2.yaml | 12 +
net-config-linux-bridge.j2.yaml | 12 +
net-config-noop.j2.yaml | 12 +
net-config-standalone.j2.yaml | 12 +
...config-static-bridge-with-external-dhcp.j2.yaml | 12 +
net-config-static-bridge.j2.yaml | 12 +
net-config-static.j2.yaml | 12 +
net-config-undercloud.j2.yaml | 12 +
network/config/2-linux-bonds-vlans/README.md | 38 +
.../config/2-linux-bonds-vlans/role.role.j2.yaml | 300 +++++++
.../bond-with-vlans/controller-no-external.j2.yaml | 12 +
.../config/bond-with-vlans/controller-v6.j2.yaml | 52 ++
network/config/bond-with-vlans/role.role.j2.yaml | 89 ++-
network/config/multiple-nics/compute-dvr.j2.yaml | 28 +
network/config/multiple-nics/controller-v6.j2.yaml | 30 +
network/config/multiple-nics/role.role.j2.yaml | 69 +-
.../controller-v6.j2.yaml | 46 ++
.../role.role.j2.yaml | 67 +-
.../controller-no-external.j2.yaml | 12 +
.../config/single-nic-vlans/controller-v6.j2.yaml | 46 ++
network/config/single-nic-vlans/role.role.j2.yaml | 61 +-
network/network.j2 | 98 ++-
network/networks.j2.yaml | 15 +-
network/ports/ctlplane_vip.yaml | 4 +-
network/ports/net_ip_list_map.j2.yaml | 23 +
network/ports/noop.yaml | 10 +
network/ports/port.j2 | 8 +-
network/ports/port_from_pool.j2 | 3 +
network/ports/vip.yaml | 4 +-
network/ports/vip_v6.yaml | 4 +-
network/service_net_map.j2.yaml | 38 +-
network_data.yaml | 26 +
network_data_ganesha.yaml | 12 +
network_data_routed.yaml | 28 +
network_data_subnets_routed.yaml | 187 +++++
overcloud-resource-registry-puppet.j2.yaml | 42 +-
overcloud.j2.yaml | 113 ++-
puppet/all-nodes-config.j2.yaml | 29 +-
puppet/deploy-artifacts.sh | 0
.../all_nodes/neutron-ml2-cisco-nexus-ucsm.j2.yaml | 68 --
puppet/extraconfig/pre_deploy/per_node.yaml | 10 +-
puppet/role.role.j2.yaml | 92 ++-
puppet/services/aodh-api.yaml | 129 ---
puppet/services/aodh-base.yaml | 135 ----
puppet/services/aodh-evaluator.yaml | 74 --
puppet/services/aodh-listener.yaml | 74 --
puppet/services/aodh-notifier.yaml | 74 --
puppet/services/apache.j2.yaml | 23 +-
puppet/services/auditd.yaml | 20 +-
puppet/services/barbican-api.yaml | 21 +-
.../services/barbican-backend-pkcs11-crypto.yaml | 34 +-
puppet/services/ceilometer-agent-central.yaml | 18 +-
puppet/services/ceilometer-agent-compute.yaml | 18 +-
puppet/services/ceilometer-agent-ipmi.yaml | 25 +-
puppet/services/ceilometer-agent-notification.yaml | 18 +-
puppet/services/ceilometer-base.yaml | 2 +-
puppet/services/cinder-api.yaml | 31 +-
puppet/services/cinder-base.yaml | 2 +-
puppet/services/cinder-scheduler.yaml | 18 +-
puppet/services/cinder-volume.yaml | 25 +-
puppet/services/congress.yaml | 25 +-
puppet/services/database/mongodb-base.yaml | 58 --
puppet/services/database/mongodb.yaml | 150 ----
puppet/services/database/redis-base.yaml | 2 +-
puppet/services/database/redis.yaml | 28 +-
puppet/services/designate-base.yaml | 2 +-
puppet/services/designate-worker.yaml | 1 +
.../disabled/glance-registry-disabled.yaml | 76 --
.../disabled/heat-api-cloudwatch-disabled.yaml | 12 +-
puppet/services/disabled/mongodb-disabled.yaml | 48 --
puppet/services/docker-registry.yaml | 12 +-
puppet/services/docker.yaml | 44 +-
puppet/services/ec2-api.yaml | 25 +-
puppet/services/etcd.yaml | 19 +-
puppet/services/glance-api.yaml | 417 ----------
puppet/services/gnocchi-api.yaml | 6 +-
puppet/services/gnocchi-base.yaml | 2 +-
puppet/services/gnocchi-metricd.yaml | 18 +-
puppet/services/gnocchi-statsd.yaml | 18 +-
puppet/services/haproxy-public-tls-inject.yaml | 6 +-
puppet/services/haproxy.yaml | 28 +-
puppet/services/heat-api-cfn.yaml | 28 +-
puppet/services/heat-api.yaml | 28 +-
puppet/services/heat-base.yaml | 2 +-
puppet/services/heat-engine.yaml | 18 +-
puppet/services/horizon.yaml | 59 +-
puppet/services/ironic-api.yaml | 172 ----
puppet/services/ironic-base.yaml | 108 ---
puppet/services/ironic-conductor.yaml | 402 ----------
puppet/services/ironic-inspector.yaml | 280 -------
puppet/services/ironic-neutron-agent.yaml | 87 ---
puppet/services/keepalived.yaml | 86 --
puppet/services/keystone.yaml | 597 --------------
puppet/services/logging/fluentd.yaml | 25 +-
puppet/services/manila-base.yaml | 2 +-
puppet/services/manila-scheduler.yaml | 11 +-
puppet/services/memcached.yaml | 127 ---
puppet/services/metrics/collectd.yaml | 27 +-
puppet/services/mistral-api.yaml | 30 +-
puppet/services/mistral-base.yaml | 2 +-
puppet/services/mistral-engine.yaml | 23 +-
puppet/services/mistral-event-engine.yaml | 23 +-
puppet/services/mistral-executor.yaml | 23 +-
puppet/services/monitoring/sensu-client.yaml | 25 +-
puppet/services/neutron-api.yaml | 18 +-
puppet/services/neutron-base.yaml | 21 +-
puppet/services/neutron-dhcp.yaml | 18 +-
puppet/services/neutron-l2gw-agent.yaml | 18 +-
puppet/services/neutron-l3.yaml | 18 +-
puppet/services/neutron-metadata.yaml | 18 +-
puppet/services/neutron-ovs-agent.yaml | 18 +-
puppet/services/neutron-sriov-agent.yaml | 18 +-
puppet/services/nova-api.yaml | 27 +-
puppet/services/nova-base.yaml | 4 +-
puppet/services/nova-compute.yaml | 13 +
puppet/services/nova-metadata.yaml | 1 +
puppet/services/octavia-api.yaml | 11 +
puppet/services/octavia-base.yaml | 2 +-
puppet/services/octavia-controller.yaml | 108 +++
puppet/services/octavia-health-manager.yaml | 13 +-
puppet/services/octavia-housekeeping.yaml | 13 +-
puppet/services/octavia-worker.yaml | 67 +-
puppet/services/opendaylight-api.yaml | 27 +-
puppet/services/opendaylight-ovs.yaml | 2 +-
puppet/services/ovn-controller.yaml | 18 +-
puppet/services/ovn-dbs.yaml | 18 +-
puppet/services/ovn-metadata.yaml | 20 +-
puppet/services/pacemaker/haproxy.yaml | 10 +
puppet/services/panko-api.yaml | 26 +-
puppet/services/panko-base.yaml | 2 +-
puppet/services/podman.yaml | 74 --
puppet/services/sahara-base.yaml | 2 +-
puppet/services/snmp.yaml | 88 ---
puppet/services/sshd.yaml | 80 --
puppet/services/swift-proxy.yaml | 2 +-
puppet/services/swift-storage.yaml | 1 -
puppet/services/tacker.yaml | 25 +-
puppet/services/time/ntp.yaml | 115 ---
puppet/services/time/ptp.yaml | 112 ---
puppet/services/time/timezone.yaml | 46 --
puppet/services/tripleo-firewall.yaml | 57 --
puppet/services/tripleo-packages.yaml | 10 +-
puppet/services/tuned.yaml | 52 --
puppet/services/zaqar-api.yaml | 261 -------
.../ODL-healthcheck-new-API-dae1a7ffce51e359.yaml | 6 +
.../add-barbican-hsm-code-2ceffb2e1c3f6b67.yaml | 10 +
...nder-nfs-snapshot-support-16664aa46a67a5ad.yaml | 13 +
...hange-ntp-default-servers-5c4cb51c10ffe60e.yaml | 10 +
...-availble-network-in-role-7860d8d5cd1df4b0.yaml | 34 +
...omposable-network-subnets-fbfcb6283a54ace7.yaml | 48 ++
...ontainer-logging-novajoin-90398bce0bc1a7b9.yaml | 7 +
.../notes/deprecation-573102-e63aeba5930adf28.yaml | 7 +
.../notes/distributed-roles-a3a5a5d9eb25e6b0.yaml | 8 +
.../drop-baremetal-aodh-22cb1dfc59204427.yaml | 4 +
.../drop-baremetal-glance-5836be7624e63133.yaml | 3 +
.../drop-baremetal-ironic-ab7af5d2b75c9cbf.yaml | 3 +
...drop-baremetal-keepalived-c48cde2007b372a4.yaml | 4 +
.../drop-baremetal-keystone-000a4babb7f8ef60.yaml | 4 +
.../drop-baremetal-memcached-6cbdfd80bef14a41.yaml | 4 +
.../drop-baremetal-zaqar-abe0f9cae9c87879.yaml | 3 +
...age_conversion_parameters-740e5282385444c7.yaml | 7 +
...lth-manager-firewall-rule-cdffe31d580ecf4b.yaml | 4 +
.../notes/haproxy-log-2805e3697cbadf49.yaml | 4 +
.../host_prep_config_removal-f579718021db5385.yaml | 6 +
.../notes/hw-machine-type-6a0bd7bc3973c15a.yaml | 7 +
...joint-inspection-ip-range-f399a938d50daadd.yaml | 25 +
...ue-contain-lists-of-cidrs-19bc98dc9bc6b819.yaml | 29 +
.../notes/mongodb_drop-02daffbfe4975cb9.yaml | 6 +
...ork-templates-mtu-setting-a76fe47cfc97b36f.yaml | 58 ++
..._url_to_internal_endpoint-aaf0e550750335eb.yaml | 7 +
...a_templated_cells_db_urls-2eb151090c49c51d.yaml | 10 +
...lated_cells_transport_url-275f0b707d9227ab.yaml | 10 +
...rvice_disable_cert_verify-45f532d7a924df86.yaml | 9 +
...dl-dont-mount-data-folder-c993df185af375a8.yaml | 9 +
...emove_bootstrap_nodeid_ip-d97ec1da4f73599c.yaml | 7 +
...eutron-global-physnet-mtu-5e3515a97e8e0367.yaml | 10 +
.../tuned_custom_profile-25d1f4a2bc217216.yaml | 15 +
.../upgrade_tasks_cleanup-c913f3f30f4a1db6.yaml | 13 +
roles/BlockStorage.yaml | 9 +-
roles/CephAll.yaml | 6 +-
roles/CephFile.yaml | 6 +-
roles/CephObject.yaml | 6 +-
roles/CephStorage.yaml | 6 +-
roles/Compute.yaml | 11 +-
roles/ComputeAlt.yaml | 9 +-
roles/ComputeDVR.yaml | 9 +-
roles/ComputeHCI.yaml | 12 +-
roles/ComputeInstanceHA.yaml | 9 +-
roles/ComputeLiquidio.yaml | 9 +-
roles/ComputeOvsDpdk.yaml | 9 +-
roles/ComputeOvsDpdkRT.yaml | 9 +-
roles/ComputePPC64LE.yaml | 9 +-
roles/ComputeRealTime.yaml | 9 +-
roles/ComputeSriov.yaml | 9 +-
roles/ComputeSriovRT.yaml | 9 +-
roles/Controller.yaml | 16 +-
roles/ControllerAllNovaStandalone.yaml | 16 +-
roles/ControllerNoCeph.yaml | 16 +-
roles/ControllerNovaStandalone.yaml | 16 +-
roles/ControllerOpenstack.yaml | 16 +-
roles/ControllerStorageNfs.yaml | 19 +-
roles/Database.yaml | 3 +-
roles/DistributedCompute.yaml | 64 ++
roles/DistributedComputeHCI.yaml | 69 ++
roles/HciCephAll.yaml | 12 +-
roles/HciCephFile.yaml | 12 +-
roles/HciCephMon.yaml | 12 +-
roles/HciCephObject.yaml | 12 +-
roles/IronicConductor.yaml | 5 +-
roles/Messaging.yaml | 3 +-
roles/Networker.yaml | 6 +-
roles/Novacontrol.yaml | 6 +-
roles/ObjectStorage.yaml | 10 +-
roles/OpenShiftAllInOne.yaml | 10 +-
roles/OpenShiftInfra.yaml | 7 +-
roles/OpenShiftMaster.yaml | 10 +-
roles/OpenShiftWorker.yaml | 7 +-
roles/README.rst | 2 +-
roles/Standalone.yaml | 14 +-
roles/Telemetry.yaml | 6 +-
roles/Undercloud.yaml | 13 +
roles_data.yaml | 52 +-
roles_data_undercloud.yaml | 13 +
sample-env-generator/composable-roles.yaml | 6 +-
sample-env-generator/openidc.yaml | 42 +
sample-env-generator/standalone.yaml | 11 +-
sample-env-generator/storage.yaml | 2 +-
setup.cfg | 2 +-
test-requirements.txt | 2 +-
tools/process-templates.py | 8 +-
tools/yaml-nic-config-2-script.py | 1 +
tools/yaml-validate.py | 23 +-
tripleo_heat_templates/environment_generator.py | 2 +-
validation-scripts/all-nodes.sh | 7 +-
zuul.d/layout.yaml | 58 +-
500 files changed, 12850 insertions(+), 11734 deletions(-)
Requirements updates
--------------------
diff --git a/test-requirements.txt b/test-requirements.txt
index 7235018..68a8676 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -4 +4 @@
-hacking>=0.11.0,<0.12 # Apache-2.0
+hacking>=1.1.0,<1.2.0 # Apache-2.0
More information about the Release-announce
mailing list